StartTime Dur Proto SrcAddr Sport Dir DstAddr Dport State sTos dTos TotPkts TotBytes Label 1970/01/01 01:00:00.000000 0.000000 llc 00:00:00:00:00:00 0 -> 00:00:00:00:00:00 0 INT 1 60 flow=Background 1970/01/01 01:00:08.063794 1.992815 arp 0.0.0.0 who 10.0.2.109 INT 3 126 flow=Background-ARP 1970/01/01 01:00:08.063901 0.000000 ipv6-icmp :: 135 -> ff02::1:fff7:4a14 0 NNS 0 1 78 flow=Background 1970/01/01 01:00:08.063931 3.995951 ipv6-icmp fe80::34ca:ec9b:2bf7:4a14 133 -> ff02::2 0 NRS 0 2 140 flow=Background 1970/01/01 01:00:08.063974 0.490851 ipv6-icmp fe80::34ca:ec9b:2bf7:4a14 143 -> ff02::16 0 UNK 0 2 180 flow=Background 1970/01/01 01:00:08.073955 3.003942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 01:00:08.249949 2.819861 arp 10.0.2.109 who 10.0.2.2 CON 6 252 flow=Background-ARP 1970/01/01 01:00:09.327898 0.000000 udp 10.0.2.109 62009 -> 8.8.8.8 53 INT 0 1 76 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 01:00:09.337527 0.000122 arp 10.0.2.2 who 10.0.2.109 CON 2 84 flow=Background-ARP 1970/01/01 01:00:10.327504 0.009213 udp 10.0.2.109 62009 <-> 8.8.4.4 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/01 01:00:10.337144 0.009269 udp 10.0.2.109 61565 <-> 8.8.4.4 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/01 01:00:15.083739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:00:16.055223 0.000000 ipv6-icmp fe80::34ca:ec9b:2bf7:4a14 133 -> ff02::2 0 NRS 0 1 70 flow=Background 1970/01/01 01:00:23.085659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:00:39.158946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:01:11.164804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:01:45.895570 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 01:01:45.895766 0.097619 udp 10.0.2.109 3683 <-> 213.219.135.125 5172 CON 0 0 8 3086 flow=From-Botnet-V1-UDP-Established 1970/01/01 01:01:45.996282 1.585467 tcp 10.0.2.109 49158 -> 213.219.135.125 3906 SPA_* 0 0 576 429414 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:01:46.010263 0.000000 udp 10.0.2.109 3683 -> 108.74.172.39 3059 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 01:01:52.225079 0.029669 tcp 10.0.2.109 49158 -> 213.219.135.125 3906 FPA_* 0 0 6 328 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:01:54.798003 0.307485 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 8 2998 flow=From-Botnet-V1-UDP-Established 1970/01/01 01:01:55.083421 4.871511 tcp 10.0.2.109 49159 -> 84.59.151.27 3285 SPA_* 0 0 184 102364 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:01:55.117852 0.000000 udp 10.0.2.109 3683 -> 66.63.204.26 3895 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 01:02:00.212310 4.823808 tcp 10.0.2.109 49159 -> 84.59.151.27 3285 A_PA 0 0 54 35064 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:02:03.519915 0.000000 udp 10.0.2.109 3683 -> 70.48.228.139 3263 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 01:02:05.322505 4.931930 tcp 10.0.2.109 49159 -> 84.59.151.27 3285 A_PA 0 0 102 59376 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:02:10.342031 4.996074 tcp 10.0.2.109 49159 -> 84.59.151.27 3285 A_PA 0 0 60 36008 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:02:11.912040 0.455768 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 8 3098 flow=From-Botnet-V1-UDP-Established 1970/01/01 01:02:12.382836 0.000000 udp 10.0.2.109 3683 -> 24.153.166.130 2593 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 01:02:15.532425 4.220716 tcp 10.0.2.109 49159 -> 84.59.151.27 3285 A_PA 0 0 121 70022 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:02:20.244025 0.000000 udp 10.0.2.109 3683 -> 68.162.252.216 5281 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 01:02:22.446571 2.817044 tcp 10.0.2.109 49159 -> 84.59.151.27 3285 FPA_* 0 0 63 34047 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:02:25.346756 0.000000 udp 10.0.2.109 3683 -> 93.58.184.92 5981 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 01:02:44.025565 0.037945 udp 10.0.2.109 3683 <-> 213.219.135.125 5172 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/01 01:02:44.152464 0.296448 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 4 1371 flow=From-Botnet-V1-UDP-Established 1970/01/01 01:02:44.438191 0.230301 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/01 01:03:29.013489 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 01:03:29.013713 3.003129 tcp 10.0.2.109 49160 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 01:03:38.015567 0.000000 tcp 10.0.2.109 49160 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 01:03:44.397189 0.009484 udp 10.0.2.109 57632 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/01 01:03:44.407046 0.009374 udp 10.0.2.109 52779 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/01 01:03:45.169802 0.011856 udp 10.0.2.109 49154 <-> 8.8.8.8 53 CON 0 0 2 388 flow=From-Botnet-V1-DNS 1970/01/01 01:03:45.271386 0.244211 tcp 10.0.2.109 49161 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:03:45.516957 0.021803 udp 10.0.2.109 63363 <-> 8.8.8.8 53 CON 0 0 2 386 flow=From-Botnet-V1-DNS 1970/01/01 01:03:45.539287 0.430522 tcp 10.0.2.109 49162 -> 195.113.214.222 80 SRPA* 0 0 71 77425 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:03:45.901057 0.095924 udp fe80::34ca:ec9b:2bf7:4a14 49162 -> ff02::1:3 5355 INT 0 2 168 flow=Background 1970/01/01 01:03:45.901223 0.095936 udp 10.0.2.109 50149 -> 224.0.0.252 5355 INT 0 2 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 01:03:45.901265 0.095894 icmp 10.0.2.2 0x000b -> 10.0.2.109 0x0000 TXD 192 2 184 flow=Background 1970/01/01 01:03:46.021909 2.999838 tcp 10.0.2.109 49163 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 01:03:46.197897 1.502056 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 01:03:55.019931 0.000000 tcp 10.0.2.109 49163 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 01:04:01.020400 0.068467 tcp 10.0.2.109 49164 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:04:01.089184 0.070174 tcp 10.0.2.109 49165 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:04:01.160876 0.520447 tcp 10.0.2.109 49166 -> 195.113.214.222 443 SRPA* 0 0 36 27176 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:04:01.727262 0.613501 tcp 10.0.2.109 49167 -> 77.242.51.250 4311 FSPA* 0 0 15 1656 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:07:15.290376 3.002489 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 01:07:22.298435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:07:30.300139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:07:46.302986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:08:18.309196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:14:22.314356 3.002435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 01:14:29.322253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:14:37.323920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:14:53.327044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:15:25.332534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:21:29.378338 3.002495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 01:21:36.385915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:21:44.387522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:22:00.390857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:22:32.396598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:28:36.402232 3.002405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 01:28:43.410637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:28:51.411551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:29:07.414842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:29:39.430721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:33:10.755120 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 01:33:10.755269 0.031520 udp 10.0.2.109 3683 <-> 213.219.135.125 5172 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/01/01 01:33:10.841223 0.058168 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/01 01:33:10.880539 0.232666 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/01/01 01:34:02.379242 0.737230 tcp 10.0.2.109 49168 -> 77.242.51.250 4311 FSPA* 0 0 15 1761 flow=From-Botnet-V1-TCP-Established 1970/01/01 01:35:43.436641 3.002059 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 01:35:50.444211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:35:58.445800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:36:14.448937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:36:46.454403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:42:50.460049 3.002273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 01:42:57.468173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:43:05.469449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:43:21.472666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:43:53.479201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:49:57.484758 3.001448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 01:50:04.492034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:50:12.493796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:50:28.496983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:51:00.502752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:57:04.508419 3.001562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 01:57:11.516458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:57:19.517921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:57:35.520958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 01:58:07.526589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:03:36.209884 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:03:36.209974 1.634131 udp 10.0.2.109 3683 <-> 213.219.135.125 5172 CON 0 0 14 5475 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:03:36.324321 1.073167 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 10 3181 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:03:36.534034 1.273358 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 14 5250 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:03:37.855234 0.000000 udp 10.0.2.109 3683 -> 182.3.56.214 6135 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:03:44.792059 0.000000 udp 10.0.2.109 3683 -> 75.149.117.1 5929 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:03:51.821911 0.000000 udp 10.0.2.109 3683 -> 68.236.156.55 9624 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:04:00.634111 0.000000 udp 10.0.2.109 3683 -> 97.66.167.193 8017 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:04:03.118551 0.495253 tcp 10.0.2.109 49169 -> 77.242.51.250 4311 FSPA* 0 0 14 1743 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:04:06.032697 0.000000 udp 10.0.2.109 3683 -> 60.49.24.45 7009 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:04:11.532155 3.001805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 02:04:12.411084 0.296507 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 8 2781 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:04:12.713575 0.000000 udp 10.0.2.109 3683 -> 122.170.3.165 7672 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:04:18.539785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:04:21.033689 0.000000 udp 10.0.2.109 3683 -> 2.228.154.198 7812 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:04:26.541384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:04:27.793777 0.000000 udp 10.0.2.109 3683 -> 41.200.152.71 7511 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:04:34.853751 0.000000 udp 10.0.2.109 3683 -> 39.32.176.74 5764 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:04:40.171787 0.000000 udp 10.0.2.109 3683 -> 71.175.183.70 4695 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:04:42.544735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:04:46.370392 0.000000 udp 10.0.2.109 3683 -> 98.189.178.31 7385 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:04:51.276730 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:04:54.592019 0.000000 udp 10.0.2.109 3683 -> 174.88.84.175 7799 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:05:02.423366 0.000000 udp 10.0.2.109 3683 -> 94.127.208.81 5921 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:05:09.423274 0.000000 udp 10.0.2.109 3683 -> 71.64.108.246 9654 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:05:14.551079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:05:18.125787 0.349913 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 8 2997 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:05:18.500343 0.000000 udp 10.0.2.109 3683 -> 221.186.76.232 3578 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:05:27.389106 0.000000 udp 10.0.2.109 3683 -> 58.137.98.201 2728 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:05:35.040302 0.152605 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:05:35.242014 0.000000 udp 10.0.2.109 3683 -> 124.81.97.156 8272 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:05:39.777038 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:05:42.711126 0.000000 udp 10.0.2.109 3683 -> 24.151.45.12 8841 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:05:51.143921 0.164817 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:05:51.318237 0.269003 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 741 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:05:51.813241 0.000000 udp 10.0.2.109 3683 -> 115.69.247.216 1526 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:05:57.893025 0.000000 udp 10.0.2.109 3683 -> 213.123.216.190 8980 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:06:06.886272 0.283443 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 796 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:06:07.179049 0.212897 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 743 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:06:07.411675 0.000000 udp 10.0.2.109 3683 -> 87.25.87.150 1738 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:06:15.958798 0.135817 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 807 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:06:16.107648 0.772087 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 683 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:06:16.893916 0.111806 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 678 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:06:17.018602 0.139560 udp 10.0.2.109 3683 <-> 68.115.137.250 4522 CON 0 0 2 850 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:06:17.166835 0.000000 udp 10.0.2.109 3683 -> 79.135.34.53 7196 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:06:23.389377 0.000000 udp 10.0.2.109 3683 -> 109.226.45.179 1710 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:06:28.276436 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:06:28.627687 0.000000 udp 10.0.2.109 3683 -> 89.207.68.62 4951 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:06:35.747581 0.000000 udp 10.0.2.109 3683 -> 24.103.133.186 7771 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:06:43.017856 0.168790 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 690 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:06:43.200251 0.000000 udp 10.0.2.109 3683 -> 216.215.82.154 9487 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:06:49.977843 0.000000 udp 10.0.2.109 3683 -> 116.15.112.75 5678 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:06:55.666374 0.000000 udp 10.0.2.109 3683 -> 121.203.32.10 7085 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:07:00.903505 0.000000 udp 10.0.2.109 3683 -> 151.58.11.110 4431 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:07:09.746073 0.000000 udp 10.0.2.109 3683 -> 203.59.99.140 3672 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:07:14.282351 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:07:16.996791 0.000000 udp 10.0.2.109 3683 -> 207.255.181.14 1614 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:07:22.915256 0.000000 udp 10.0.2.109 3683 -> 68.110.67.191 1521 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:07:28.773645 0.044923 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 854 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:07:28.842355 0.000000 udp 10.0.2.109 3683 -> 158.108.152.147 8639 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:07:36.715062 0.000000 udp 10.0.2.109 3683 -> 5.55.102.190 1001 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:07:43.875767 0.223875 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 691 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:07:44.108317 0.000000 udp 10.0.2.109 3683 -> 74.7.151.25 6328 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:07:50.375068 0.000000 udp 10.0.2.109 3683 -> 125.26.173.211 1913 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:07:59.157710 0.405454 udp 10.0.2.109 3683 <-> 176.200.219.107 1324 CON 0 0 2 776 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:07:59.618714 0.000000 udp 10.0.2.109 3683 -> 87.23.64.219 8847 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:08:03.783884 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:08:08.620654 0.055449 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 856 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:08:08.704763 0.113297 udp 10.0.2.109 3683 <-> 217.203.92.217 9226 CON 0 0 2 698 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:08:08.843523 0.148949 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 805 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:08:09.021976 0.000000 udp 10.0.2.109 3683 -> 79.233.216.245 4109 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:08:15.530858 0.203424 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 857 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:08:15.746242 0.000000 udp 10.0.2.109 3683 -> 95.247.21.72 5989 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:08:22.480585 0.035019 udp 10.0.2.109 3683 <-> 213.164.231.181 1850 CON 0 0 2 707 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:08:22.524534 0.000000 udp 10.0.2.109 3683 -> 175.139.225.106 8394 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:08:28.589560 0.000000 udp 10.0.2.109 3683 -> 109.115.63.193 7988 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:08:33.947957 0.302281 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 720 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:08:34.261339 0.242641 udp 10.0.2.109 3683 <-> 158.108.194.156 8617 CON 0 0 2 759 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:08:34.520152 0.150624 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:08:34.686910 0.000000 udp 10.0.2.109 3683 -> 49.205.77.74 6011 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:08:42.429778 0.000000 udp 10.0.2.109 3683 -> 193.46.60.101 7592 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:08:49.950754 0.000000 udp 10.0.2.109 3683 -> 197.245.32.162 2670 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:08:54.777124 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:08:57.191053 0.276844 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 671 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:08:57.556298 0.000000 udp 10.0.2.109 3683 -> 122.169.51.171 9056 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:09:04.120799 0.000000 udp 10.0.2.109 3683 -> 76.225.33.77 6252 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:09:10.179165 0.000000 udp 10.0.2.109 3683 -> 122.219.33.162 2578 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:09:18.461559 0.000000 udp 10.0.2.109 3683 -> 67.216.255.2 4132 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:09:26.733304 0.000000 udp 10.0.2.109 3683 -> 87.170.159.173 9415 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:09:34.434413 0.000000 udp 10.0.2.109 3683 -> 195.174.239.184 4175 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:09:39.281243 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:09:41.144480 0.000000 udp 10.0.2.109 3683 -> 188.107.85.248 7294 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:09:46.742309 0.000000 udp 10.0.2.109 3683 -> 223.30.47.82 8844 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:09:53.321883 0.000000 udp 10.0.2.109 3683 -> 182.52.154.244 2223 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:09:59.139721 0.000000 udp 10.0.2.109 3683 -> 24.178.96.218 1918 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:10:07.081548 0.000000 udp 10.0.2.109 3683 -> 89.133.148.129 1456 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:10:13.911002 0.000000 udp 10.0.2.109 3683 -> 2.33.3.32 4793 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:10:20.420226 0.000000 udp 10.0.2.109 3683 -> 76.254.6.64 9544 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:10:25.277399 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:10:28.131829 0.000000 udp 10.0.2.109 3683 -> 95.130.110.144 5687 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:10:34.971411 0.000000 udp 10.0.2.109 3683 -> 62.252.102.247 5291 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:10:42.482581 0.000000 udp 10.0.2.109 3683 -> 86.51.189.174 3439 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:10:51.334927 0.159273 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 774 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:10:51.512865 0.000000 udp 10.0.2.109 3683 -> 95.240.38.20 5536 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:10:59.156436 0.000000 udp 10.0.2.109 3683 -> 99.254.148.181 6677 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:11:06.746778 0.000000 udp 10.0.2.109 3683 -> 168.187.119.58 7851 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:11:11.283624 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:11:15.169213 0.000000 udp 10.0.2.109 3683 -> 117.223.170.38 7930 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:11:18.557163 3.001118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 02:11:22.770682 0.000000 udp 10.0.2.109 3683 -> 189.69.21.93 1872 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:11:25.634479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:11:28.868836 0.000000 udp 10.0.2.109 3683 -> 195.174.2.58 7184 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:11:33.635435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:11:36.399984 0.000000 udp 10.0.2.109 3683 -> 72.54.247.65 1675 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:11:41.467261 0.000000 udp 10.0.2.109 3683 -> 99.255.163.88 8863 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:11:48.657667 0.000000 udp 10.0.2.109 3683 -> 200.84.7.244 8376 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:11:49.638873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:11:54.776100 0.000000 udp 10.0.2.109 3683 -> 183.178.13.142 7766 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:11:59.352522 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:12:02.537264 0.093545 udp 10.0.2.109 3683 <-> 213.26.148.18 1176 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:12:02.639953 0.000000 udp 10.0.2.109 3683 -> 46.49.60.118 1916 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:12:09.547270 0.226196 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 788 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:12:09.793463 0.000000 udp 10.0.2.109 3683 -> 155.245.46.43 9974 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:12:15.646171 0.086020 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:12:15.741294 0.000000 udp 10.0.2.109 3683 -> 58.32.191.30 2567 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:12:21.644425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:12:24.468975 0.000000 udp 10.0.2.109 3683 -> 178.6.197.65 9264 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:12:29.666224 0.000000 udp 10.0.2.109 3683 -> 95.231.59.185 9027 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:12:35.354842 0.000000 udp 10.0.2.109 3683 -> 201.223.243.119 8461 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:12:41.363224 0.000000 udp 10.0.2.109 3683 -> 182.52.130.251 2012 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:12:46.349884 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:12:46.871302 0.000000 udp 10.0.2.109 3683 -> 79.107.208.47 1395 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:12:54.291807 0.000000 udp 10.0.2.109 3683 -> 165.228.231.212 1931 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:13:00.911431 0.000000 udp 10.0.2.109 3683 -> 58.250.24.97 4954 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:13:09.644106 0.000000 udp 10.0.2.109 3683 -> 213.26.35.98 3918 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:13:14.841167 0.378317 udp 10.0.2.109 3683 <-> 59.127.226.200 8766 CON 0 0 2 745 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:13:15.254893 0.000000 udp 10.0.2.109 3683 -> 220.246.51.40 2507 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:13:23.463514 0.000000 udp 10.0.2.109 3683 -> 64.60.243.98 7495 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:13:30.344041 0.000000 udp 10.0.2.109 3683 -> 88.56.49.97 4705 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:13:34.850108 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:13:39.276330 0.060908 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 678 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:13:39.345631 0.151326 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 734 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:13:39.506446 0.000000 udp 10.0.2.109 3683 -> 2.50.161.65 4391 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:13:45.956064 0.191197 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 665 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:13:46.156486 0.000000 udp 10.0.2.109 3683 -> 89.71.61.38 8582 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:13:52.275212 0.396214 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 660 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:13:52.680682 0.385656 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 713 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:13:53.076653 0.000000 udp 10.0.2.109 3683 -> 72.240.124.118 1705 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:13:59.225221 0.000000 udp 10.0.2.109 3683 -> 75.115.140.167 4839 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:14:08.067859 0.000000 udp 10.0.2.109 3683 -> 88.238.165.39 2947 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:14:13.626201 0.000000 udp 10.0.2.109 3683 -> 190.56.16.96 1507 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:14:19.384198 0.503620 udp 10.0.2.109 3683 <-> 124.125.119.53 7028 CON 0 0 2 752 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:14:19.927884 0.000000 udp 10.0.2.109 3683 -> 90.205.75.137 6252 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:14:24.351030 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:14:25.252451 0.000000 udp 10.0.2.109 3683 -> 41.134.208.1 9090 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:14:33.885350 0.000000 udp 10.0.2.109 3683 -> 212.211.141.168 3088 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:14:39.282601 0.000000 udp 10.0.2.109 3683 -> 93.44.75.181 4168 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:14:48.045465 0.000000 udp 10.0.2.109 3683 -> 95.240.53.192 6785 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:14:56.847977 0.000000 udp 10.0.2.109 3683 -> 117.217.208.194 8161 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:03.217523 0.070834 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 712 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:15:03.297283 0.000000 udp 10.0.2.109 3683 -> 88.215.35.70 7586 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:11.819797 0.083360 udp 10.0.2.109 3683 -> 85.36.219.242 1584 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:11.903157 0.000000 icmp 88.34.12.138 0x0303 -> 10.0.2.109 0x3006 URP 192 1 169 flow=Background 1970/01/01 02:15:16.345519 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:15:18.569568 0.000000 udp 10.0.2.109 3683 -> 68.4.243.145 8509 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:24.127405 0.000000 udp 10.0.2.109 3683 -> 151.55.144.119 9213 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:30.306542 0.060851 udp 10.0.2.109 3683 <-> 89.240.204.72 6060 CON 0 0 2 781 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:15:30.399637 0.000000 udp 10.0.2.109 3683 -> 78.187.121.100 3638 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:39.078849 0.000000 udp 10.0.2.109 3683 -> 92.252.126.224 2450 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:47.200040 0.000000 udp 10.0.2.109 3683 -> 213.249.18.238 8073 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:52.828576 0.000000 udp 10.0.2.109 3683 -> 24.161.35.53 4282 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:58.836736 0.150213 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 712 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:15:58.996860 0.640128 udp 10.0.2.109 3683 -> 1.4.183.84 7670 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:15:59.636988 0.000000 icmp 1.4.183.84 0x0303 -> 10.0.2.109 0xf61d URP 192 1 262 flow=Background 1970/01/01 02:16:03.353619 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:16:05.076166 0.000000 udp 10.0.2.109 3683 -> 122.160.4.149 8677 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:16:11.685463 0.000000 udp 10.0.2.109 3683 -> 93.70.132.27 2993 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:16:17.233410 0.000000 udp 10.0.2.109 3683 -> 101.51.197.68 6900 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:18:25.649967 3.002150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 02:18:32.658321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:18:40.659601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:18:56.662305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:19:28.668593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:25:32.675249 3.000991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 02:25:39.682196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:25:47.683919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:26:03.686886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:26:35.692249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:32:39.697974 3.001941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 02:32:46.706361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:32:54.707464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:33:10.711003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:33:42.716355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:34:03.687507 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:34:03.687618 0.506154 tcp 10.0.2.109 49170 -> 77.242.51.250 4311 FSPA* 0 0 15 1630 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:39:46.721720 3.002514 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 02:39:53.730486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:40:01.731731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:40:17.734749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:40:49.740840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:46:47.876180 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 02:46:47.876330 0.310205 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:48.186974 0.180708 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:48.368103 0.035635 udp 10.0.2.109 3683 <-> 213.219.135.125 5172 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:48.404138 0.142275 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:48.546839 0.166529 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:48.713739 0.151666 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:48.865806 0.207279 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:49.073489 0.454031 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:49.527912 0.282865 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:49.811116 0.213379 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:50.024887 0.157476 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:50.182743 0.134999 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:50.318102 0.103256 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:50.421734 0.137727 udp 10.0.2.109 3683 <-> 68.115.137.250 4522 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:50.559820 0.165712 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:50.725936 0.044325 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:50.770623 0.210953 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:50.981937 2.401817 udp 10.0.2.109 3683 <-> 176.200.219.107 1324 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:53.384151 0.055447 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:53.440015 0.148025 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:53.588423 0.098150 udp 10.0.2.109 3683 <-> 217.203.92.217 9226 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:53.686965 0.164687 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:53.745940 3.002192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 02:46:53.852035 0.037787 udp 10.0.2.109 3683 <-> 213.164.231.181 1850 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:53.890231 0.153453 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:54.044109 0.253686 udp 10.0.2.109 3683 <-> 158.108.194.156 8617 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:54.298199 0.308024 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:54.606604 0.082319 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:46:54.689301 0.000000 udp 10.0.2.109 3683 -> 66.76.163.140 2800 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:47:00.754156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:47:08.755480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:47:12.052192 0.045971 tcp 10.0.2.109 49171 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:47:12.098431 0.045925 tcp 10.0.2.109 49172 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:47:12.144593 0.182297 tcp 10.0.2.109 49173 -> 195.113.214.222 443 SRPA* 0 0 93 90653 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:47:12.327501 0.000000 udp 10.0.2.109 3683 -> 213.26.148.18 1176 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:47:24.758195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:47:28.454661 0.045664 tcp 10.0.2.109 49174 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:47:28.500667 0.086468 tcp 10.0.2.109 49175 -> 195.113.214.222 80 SRPA* 0 0 20 13446 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:47:28.587661 0.213767 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:47:28.801855 0.101748 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:47:28.903964 0.000000 udp 10.0.2.109 3683 -> 59.127.226.200 8766 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:47:45.839955 0.047436 tcp 10.0.2.109 49176 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:47:45.887645 0.089318 tcp 10.0.2.109 49177 -> 195.113.214.222 80 SRPA* 0 0 20 14702 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:47:45.977450 0.159983 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:47:46.137782 0.056772 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:47:46.194933 0.180811 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:47:46.376142 0.380937 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:47:46.757471 0.214829 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:47:46.972661 0.000000 udp 10.0.2.109 3683 -> 124.125.119.53 7028 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:47:56.764164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:48:05.959426 0.046321 tcp 10.0.2.109 49178 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:48:06.006007 0.046334 tcp 10.0.2.109 49179 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:48:06.052613 0.128792 tcp 10.0.2.109 49180 -> 195.113.214.222 443 SRPA* 0 0 35 24871 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:48:06.181957 0.071019 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:48:06.253369 0.000000 udp 10.0.2.109 3683 -> 89.240.204.72 6060 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 02:48:22.332177 0.045717 tcp 10.0.2.109 49181 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:48:22.378140 0.049350 tcp 10.0.2.109 49182 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:48:22.427743 0.132858 tcp 10.0.2.109 49183 -> 195.113.214.222 443 SRPA* 0 0 34 24117 flow=From-Botnet-V1-TCP-Established 1970/01/01 02:48:22.561441 0.144842 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/01 02:54:00.770658 3.001663 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 02:54:07.777625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:54:15.779286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:54:31.782364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 02:55:03.788632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:01:07.794450 3.001665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 03:01:14.801799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:01:22.803469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:01:38.806610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:02:10.812212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:04:04.196317 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 03:04:04.196481 0.567796 tcp 10.0.2.109 49184 -> 77.242.51.250 4311 FSPA* 0 0 15 1633 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:08:14.818003 3.002438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 03:08:21.826012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:08:29.827806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:08:45.830405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:09:17.836191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:15:21.842298 3.001606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 03:15:28.849503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:15:36.851079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:15:52.854285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:16:24.860093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:18:33.831939 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 03:18:33.832088 0.166394 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:18:33.998850 0.000000 udp 10.0.2.109 3683 -> 213.26.148.18 1176 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 03:18:50.395157 0.050225 tcp 10.0.2.109 49185 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:18:50.445702 0.047768 tcp 10.0.2.109 49186 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:18:50.494067 0.135578 tcp 10.0.2.109 49187 -> 195.113.214.222 443 SRPA* 0 0 33 24741 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:18:50.630426 0.000000 udp 10.0.2.109 3683 -> 59.127.226.200 8766 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 03:19:08.687374 0.046410 tcp 10.0.2.109 49188 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:19:08.734048 0.046612 tcp 10.0.2.109 49189 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:19:08.780926 0.130683 tcp 10.0.2.109 49190 -> 195.113.214.222 443 SRPA* 0 0 32 24709 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:19:08.912206 1.372523 udp 10.0.2.109 3683 <-> 124.125.119.53 7028 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:10.285142 0.000000 udp 10.0.2.109 3683 -> 89.240.204.72 6060 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 03:19:26.722787 0.045649 tcp 10.0.2.109 49191 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:19:26.768826 0.046539 tcp 10.0.2.109 49192 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:19:26.815630 0.130186 tcp 10.0.2.109 49193 -> 195.113.214.222 443 SRPA* 0 0 32 24687 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:19:26.946694 0.209675 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:27.156774 0.141970 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:27.299156 0.032155 udp 10.0.2.109 3683 <-> 213.219.135.125 5172 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:27.331720 0.191806 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:27.523944 0.150176 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:27.674536 0.163597 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:27.838597 0.072552 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:27.911577 0.168526 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:28.080510 0.211669 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:28.292598 0.284338 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:28.577340 0.000000 udp 10.0.2.109 3683 -> 108.83.11.64 5529 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 03:19:46.782013 0.046003 tcp 10.0.2.109 49194 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:19:46.828326 0.105043 tcp 10.0.2.109 49195 -> 195.113.214.222 80 SRPA* 0 0 31 20979 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:19:46.933803 0.049106 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:46.983330 0.134086 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:47.117832 0.138241 udp 10.0.2.109 3683 <-> 68.115.137.250 4522 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:47.256487 0.098517 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:47.355432 0.167580 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:47.523411 0.156699 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:47.680527 0.210191 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:47.891085 0.146681 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:48.038164 0.057372 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:48.095901 1.464575 udp 10.0.2.109 3683 <-> 176.200.219.107 1324 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:49.560887 0.103731 udp 10.0.2.109 3683 <-> 217.203.92.217 9226 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:49.664977 0.034578 udp 10.0.2.109 3683 <-> 213.164.231.181 1850 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:49.699882 0.149237 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:49.849538 0.340914 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:50.190831 0.082344 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:50.273567 0.238610 udp 10.0.2.109 3683 <-> 158.108.194.156 8617 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:50.512584 0.221867 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:50.734860 0.085342 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:50.820589 0.488309 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:51.309294 0.159688 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:51.469325 0.148532 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:51.618357 0.179360 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:51.798261 0.056654 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:51.855293 0.067312 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:19:51.923015 0.142263 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:22:28.866346 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 03:22:35.873552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:22:43.875093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:22:59.878082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:23:31.884500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:29:35.889865 3.002229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 03:29:42.898133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:29:50.899531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:30:06.902295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:30:38.908369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:34:04.764307 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 03:34:04.764465 0.520754 tcp 10.0.2.109 49196 -> 77.242.51.250 4311 FSPA* 0 0 15 1737 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:36:42.913702 3.002409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 03:36:49.921636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:36:57.923230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:37:13.926768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:37:45.932709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:43:49.938773 3.001575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 03:43:56.945471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:44:04.947275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:44:20.950541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:44:52.956290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:49:56.392811 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 03:49:56.392974 0.224925 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:49:56.618295 0.000000 udp 10.0.2.109 3683 -> 66.76.163.140 2800 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 03:50:15.152151 0.046211 tcp 10.0.2.109 49197 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:50:15.198607 0.048442 tcp 10.0.2.109 49198 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:50:15.247304 0.135144 tcp 10.0.2.109 49199 -> 195.113.214.222 443 SRPA* 0 0 35 27769 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:50:15.383173 0.306749 udp 10.0.2.109 3683 <-> 124.125.119.53 7028 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:15.690443 1.758259 udp 10.0.2.109 3683 <-> 213.219.135.125 5172 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:17.449194 0.143145 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:17.592720 0.424354 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:18.017456 0.537376 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:18.555232 0.163943 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:18.719548 0.221720 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:18.941686 0.165184 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:19.107239 0.545659 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:19.653334 0.282556 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:19.936318 0.210599 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:20.147278 0.049871 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:20.197537 0.000000 udp 10.0.2.109 3683 -> 74.103.10.180 6864 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 03:50:35.489933 0.046120 tcp 10.0.2.109 49200 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:50:35.536285 0.049190 tcp 10.0.2.109 49201 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:50:35.585770 0.135031 tcp 10.0.2.109 49202 -> 195.113.214.222 443 SRPA* 0 0 40 27005 flow=From-Botnet-V1-TCP-Established 1970/01/01 03:50:35.721342 0.139693 udp 10.0.2.109 3683 <-> 68.115.137.250 4522 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:35.861447 0.100057 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:35.961920 0.171119 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:36.133430 0.156481 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:36.290314 0.204360 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:36.495052 0.147336 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:36.642877 0.057016 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:36.700258 0.034935 udp 10.0.2.109 3683 <-> 213.164.231.181 1850 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:36.735587 0.149900 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:36.885892 0.603345 udp 10.0.2.109 3683 <-> 176.200.219.107 1324 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:37.489632 0.105893 udp 10.0.2.109 3683 <-> 217.203.92.217 9226 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:37.595929 0.302893 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:37.899199 0.123140 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:38.022724 0.237598 udp 10.0.2.109 3683 <-> 158.108.194.156 8617 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:38.260694 0.225684 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:38.486802 0.082014 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:38.569174 0.149965 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:38.719564 0.179518 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:38.899470 0.059802 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:38.959696 0.071879 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:39.031981 0.145086 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:39.177471 0.394489 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:39.572308 0.168370 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/01 03:50:56.961890 3.001974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 03:51:03.969482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:51:11.971443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:51:27.973787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:51:59.979878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:58:03.986302 3.001367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 03:58:10.993274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:58:18.994813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:58:34.998354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 03:59:07.003988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:04:05.293540 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 04:04:05.293715 0.571376 tcp 10.0.2.109 49203 -> 77.242.51.250 4311 FSPA* 0 0 15 1796 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:05:11.010349 3.002116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 04:05:18.017896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:05:26.019428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:05:42.022122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:06:14.027791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:12:18.034852 3.000577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 04:12:25.041344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:12:33.043109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:12:49.045736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:13:21.052179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:19:25.058512 3.001572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 04:19:32.065165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:19:40.067190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:19:56.069874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:20:28.075980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:21:02.115001 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 04:21:02.115162 0.157693 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:02.273282 0.134410 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:02.408030 0.221851 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:02.630331 0.261939 udp 10.0.2.109 3683 <-> 124.125.119.53 7028 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:02.892627 0.205323 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:03.098399 0.000000 udp 10.0.2.109 3683 -> 213.219.135.125 5172 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 04:21:19.642085 0.046643 tcp 10.0.2.109 49204 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:21:19.689003 0.086139 tcp 10.0.2.109 49205 -> 195.113.214.222 80 SRPA* 0 0 20 14716 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:21:19.775665 0.141898 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:19.917976 0.186698 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:20.105054 0.167462 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:20.272923 0.151047 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:20.424315 0.162251 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:20.586959 0.177403 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:20.764776 0.285536 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:21.050706 0.209968 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:21.261023 0.043825 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:21.305170 0.139174 udp 10.0.2.109 3683 <-> 68.115.137.250 4522 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:21.444712 0.102573 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:21.547690 0.156309 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:21.704400 0.157055 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:21.861858 0.234120 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:22.096371 0.145971 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:22.242734 0.055461 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:22.298613 0.035092 udp 10.0.2.109 3683 <-> 213.164.231.181 1850 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:22.334069 0.149952 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:22.484381 0.374306 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:22.859087 0.080616 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:22.940123 0.000000 udp 10.0.2.109 3683 -> 176.200.219.107 1324 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 04:21:39.460133 0.049167 tcp 10.0.2.109 49206 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:21:39.509517 0.047669 tcp 10.0.2.109 49207 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:21:39.557439 0.111286 tcp 10.0.2.109 49208 -> 195.113.214.222 443 SRPA* 0 0 35 24871 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:21:39.669394 0.122888 udp 10.0.2.109 3683 <-> 217.203.92.217 9226 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:39.792698 0.237996 udp 10.0.2.109 3683 <-> 158.108.194.156 8617 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:40.031065 0.214361 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:40.245830 0.085748 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:40.331945 0.148488 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:40.480791 0.181661 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:40.662816 0.060951 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:40.724130 0.065887 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:40.790499 0.160230 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:40.951076 0.144331 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:21:41.095809 0.391724 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:26:32.081742 3.002333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 04:26:39.089876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:26:47.091073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:27:03.093686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:27:35.099985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:33:39.106041 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 04:33:46.113410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:33:54.115398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:34:05.872167 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 04:34:05.872349 0.510595 tcp 10.0.2.109 49209 -> 77.242.51.250 4311 FSPA* 0 0 15 1795 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:34:10.118333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:34:42.123641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:40:46.130643 3.001027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 04:40:53.137598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:41:01.139177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:41:17.141919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:41:49.148063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:47:53.153781 3.002029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 04:48:00.161292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:48:08.162533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:48:24.165601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:48:56.171864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:51:47.689157 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 04:51:47.689341 0.037233 udp 10.0.2.109 3683 -> 213.219.135.125 5172 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 04:51:47.726574 0.000000 icmp 213.219.135.125 0x0303 -> 10.0.2.109 0x3414 URP 192 1 128 flow=Background 1970/01/01 04:52:05.856710 0.047483 tcp 10.0.2.109 49210 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:52:05.904425 0.085729 tcp 10.0.2.109 49211 -> 195.113.214.222 80 SRPA* 0 0 20 14763 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:52:05.990650 0.000000 udp 10.0.2.109 3683 -> 176.200.219.107 1324 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 04:52:22.269428 0.050830 tcp 10.0.2.109 49212 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:52:22.320532 0.079895 tcp 10.0.2.109 49213 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:52:22.400698 0.142679 tcp 10.0.2.109 49214 -> 195.113.214.222 443 SRPA* 0 0 39 25297 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:52:22.544003 0.160493 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:22.704860 0.223358 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:22.928660 0.134444 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:23.063515 0.204540 udp 10.0.2.109 3683 <-> 124.125.119.53 7028 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:23.268458 0.207139 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:23.476003 0.143064 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:23.619418 0.166802 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:23.786630 0.180263 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:23.967289 0.284274 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:24.251970 0.166960 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:24.419306 0.046305 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:24.466009 0.151247 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:24.617694 0.044851 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:24.662874 0.138597 udp 10.0.2.109 3683 <-> 68.115.137.250 4522 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:24.801868 0.102106 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:24.904383 0.161537 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:25.066341 0.156770 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:25.223485 0.216233 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:25.440076 0.055000 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:25.495496 0.034515 udp 10.0.2.109 3683 <-> 213.164.231.181 1850 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:25.530500 0.160673 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:25.691588 0.359984 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:26.051981 0.105442 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:26.157806 0.146734 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:26.304947 0.157372 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:26.462721 0.000000 udp 10.0.2.109 3683 -> 217.203.92.217 9226 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 04:52:45.002362 0.045848 tcp 10.0.2.109 49215 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:52:45.048484 0.046830 tcp 10.0.2.109 49216 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:52:45.095554 0.203094 tcp 10.0.2.109 49217 -> 195.113.214.222 443 SRPA* 0 0 41 23302 flow=From-Botnet-V1-TCP-Established 1970/01/01 04:52:45.299143 0.237744 udp 10.0.2.109 3683 <-> 158.108.194.156 8617 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:45.537318 0.214221 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:45.751901 0.091788 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:45.844069 0.148621 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:45.993117 0.185901 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:46.179438 0.058618 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:46.238431 0.071983 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:46.310773 0.163400 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:46.474571 0.143204 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:52:46.618197 0.391218 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/01 04:55:00.178704 3.001230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 04:55:07.185485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:55:15.186634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:55:31.189843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 04:56:03.195780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:02:07.201886 3.001304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 05:02:14.208941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:02:22.211420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:02:38.214779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:03:10.219738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:04:06.391419 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 05:04:06.391568 0.506488 tcp 10.0.2.109 49218 -> 77.242.51.250 4311 FSPA* 0 0 14 1660 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:09:14.225706 3.001999 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 05:09:21.232969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:09:29.234706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:09:45.237647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:10:17.243581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:16:21.249955 3.001666 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 05:16:28.257164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:16:36.258640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:16:52.262121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:17:24.267995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:23:08.763574 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 05:23:08.763746 0.099556 udp 10.0.2.109 3683 <-> 217.203.92.217 9226 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:08.863732 0.133610 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:08.997749 0.162998 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:09.161151 0.216607 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:09.378296 0.174185 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:09.552881 0.168324 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:09.721583 0.181758 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:09.903707 0.389430 udp 10.0.2.109 3683 <-> 124.125.119.53 7028 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:10.293511 0.200366 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:10.494392 0.168814 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:10.663596 0.286006 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:10.950226 0.044810 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:10.995450 0.142113 udp 10.0.2.109 3683 <-> 68.115.137.250 4522 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:11.137983 0.102635 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:11.241039 0.167249 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:11.408653 0.293490 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:11.702650 0.367397 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:12.070418 0.055167 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:12.126004 0.000000 udp 10.0.2.109 3683 -> 213.164.231.181 1850 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 05:23:28.273395 3.002367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 05:23:30.056410 0.046553 tcp 10.0.2.109 49219 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:23:30.103228 0.050878 tcp 10.0.2.109 49220 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:23:30.154372 0.146842 tcp 10.0.2.109 49221 -> 195.113.214.222 443 SRPA* 0 0 23 14004 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:23:30.301795 0.152914 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:30.455069 0.371734 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:30.827214 0.212567 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:31.040137 0.156161 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:31.196730 0.087452 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:31.284596 0.146541 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:31.431548 0.153456 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:31.585390 0.000000 udp 10.0.2.109 3683 -> 158.108.194.156 8617 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 05:23:35.281267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:23:43.283061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:23:47.119584 0.049964 tcp 10.0.2.109 49222 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:23:47.169783 0.047205 tcp 10.0.2.109 49223 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:23:47.217240 0.155283 tcp 10.0.2.109 49224 -> 195.113.214.222 443 SRPA* 0 0 23 14004 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:23:47.373081 0.212780 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:47.586426 0.085566 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:47.672353 0.148135 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:47.820857 0.070276 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:47.891507 0.156479 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:48.048341 0.143851 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:48.192591 0.384782 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:48.577811 0.183400 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:48.761605 0.059334 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:23:59.285722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:24:31.291892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:30:35.297443 3.001713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 05:30:42.304926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:30:50.306783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:31:06.309338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:31:38.315875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:34:06.899780 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 05:34:06.899950 0.595928 tcp 10.0.2.109 49225 -> 77.242.51.250 4311 FSPA* 0 0 15 1607 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:37:42.321561 3.002067 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 05:37:49.328973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:37:57.330614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:38:13.333309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:38:45.339354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:44:49.344916 3.002262 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 05:44:56.352756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:45:04.354247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:45:20.357749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:45:52.363568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:51:56.368911 3.002564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 05:52:03.377000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:52:11.378213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:52:27.381262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:52:59.387708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:54:05.973955 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 05:54:05.974059 0.000000 udp 10.0.2.109 3683 -> 213.164.231.181 1850 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 05:54:23.070541 0.050467 tcp 10.0.2.109 49226 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:54:23.121267 0.047704 tcp 10.0.2.109 49227 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:54:23.169283 0.152634 tcp 10.0.2.109 49228 -> 195.113.214.222 443 SRPA* 0 0 41 22870 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:54:23.323185 0.000000 udp 10.0.2.109 3683 -> 158.108.194.156 8617 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 05:54:40.083541 0.045458 tcp 10.0.2.109 49229 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:54:40.129313 0.086662 tcp 10.0.2.109 49230 -> 195.113.214.222 80 SRPA* 0 0 20 14707 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:54:40.216491 0.095927 udp 10.0.2.109 3683 <-> 217.203.92.217 9226 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:40.312829 0.134114 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:40.447301 0.144287 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:40.591969 0.169529 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:40.761882 0.188076 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:40.950492 0.232944 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:41.183827 0.162081 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:41.346427 0.284469 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:41.631266 0.050617 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:41.682357 0.199980 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:41.882704 0.000000 udp 10.0.2.109 3683 -> 124.125.119.53 7028 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 05:54:57.828725 0.045802 tcp 10.0.2.109 49231 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:54:57.874878 0.083625 tcp 10.0.2.109 49232 -> 195.113.214.222 80 SRPA* 0 0 19 14685 flow=From-Botnet-V1-TCP-Established 1970/01/01 05:54:57.959018 0.166873 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:58.126250 0.150571 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:58.277230 0.366576 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:58.644228 0.158935 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:58.803580 0.138449 udp 10.0.2.109 3683 <-> 68.115.137.250 4522 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:58.942423 0.105138 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:59.047959 0.055857 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:59.104191 0.303250 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:59.407833 0.151508 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:59.559747 0.210034 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:59.770183 0.153328 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:59.923938 0.155674 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:54:59.924263 3.001094 tcp 10.0.2.109 49233 -> 216.197.212.119 4894 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 05:55:00.080011 0.168815 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:00.249197 0.147920 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:00.397491 0.214558 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:00.612413 0.096328 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:00.709167 0.147590 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:00.857113 0.072450 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:00.929934 0.191869 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:01.122375 0.185399 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:01.308175 0.049419 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:01.357994 0.254675 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:01.613113 0.385806 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 587 flow=From-Botnet-V1-UDP-Established 1970/01/01 05:55:08.923634 0.000000 tcp 10.0.2.109 49233 -> 216.197.212.119 4894 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 05:55:14.494254 0.009707 udp 10.0.2.109 55559 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/01 05:55:14.504303 0.009336 udp 10.0.2.109 56812 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/01 05:59:03.393380 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 05:59:10.401222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:59:18.402692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 05:59:34.405771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:00:06.411855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:04:07.498401 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 06:04:07.498583 0.602593 tcp 10.0.2.109 49234 -> 77.242.51.250 4311 FSPA* 0 0 15 1626 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:06:10.417424 3.001455 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 06:06:17.425342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:06:25.426200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:06:41.429390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:07:13.435474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:13:17.442032 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 06:13:24.449073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:13:32.450722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:13:48.453523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:14:20.459603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:20:24.466226 3.000976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 06:20:31.472764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:20:39.474403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:20:55.477315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:21:27.483647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:25:31.013793 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 06:25:31.013937 0.000000 udp 10.0.2.109 3683 -> 124.125.119.53 7028 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 06:25:46.978861 0.049239 tcp 10.0.2.109 49235 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:25:47.028322 0.093566 tcp 10.0.2.109 49236 -> 195.113.214.222 80 SRPA* 0 0 20 14763 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:25:47.122418 1.873687 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:25:48.996609 0.169990 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:25:48.997026 3.459431 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 SPA_* 0 0 10 2116 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:25:49.167021 1.252123 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:25:50.419513 0.146729 udp 10.0.2.109 3683 <-> 217.203.92.217 9226 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:25:50.566633 0.133815 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:25:50.700860 0.287740 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:25:50.988933 0.049859 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:25:51.039140 0.000000 udp 10.0.2.109 3683 -> 97.78.253.186 7622 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 06:25:58.128797 4.179742 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 17 11762 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:03.897852 4.229140 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 29 22046 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:07.918011 0.045317 tcp 10.0.2.109 49238 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:07.963600 0.046354 tcp 10.0.2.109 49239 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:08.010474 0.144507 tcp 10.0.2.109 49240 -> 195.113.214.222 443 SRPA* 0 0 24 13432 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:08.155537 0.215059 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:08.370976 0.160326 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:08.531651 0.298630 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:08.830856 0.163433 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:08.994619 0.138575 udp 10.0.2.109 3683 <-> 68.115.137.250 4522 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:09.133580 0.111467 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:09.245688 1.721615 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:09.763754 4.142185 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 18 13260 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:10.967688 0.161958 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:11.130009 0.056233 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:11.186617 0.355086 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:11.542050 0.404866 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:11.947296 0.213086 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:12.160736 0.155195 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:12.316366 0.157187 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:12.473908 0.075719 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:12.550030 0.146846 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:12.697297 0.214513 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:12.912196 0.082002 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:12.994597 0.148441 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:13.143442 0.071564 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:13.215499 0.052796 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:13.268702 0.145023 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:13.414119 0.383843 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:13.798335 0.177239 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:13.975951 0.185754 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:26:15.729264 4.645414 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 8 3928 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:28.495026 4.177317 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 13 7942 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:34.376421 4.294504 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 15 12002 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:40.531006 4.699502 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:46.783235 2.372456 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 11 8538 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:53.061654 4.366095 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 19 13314 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:26:59.058687 4.397505 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 21 17518 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:27:07.367257 4.111280 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 21 16918 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:27:15.285262 2.201549 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 16 13152 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:27:21.312704 2.163252 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 16 13752 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:27:27.243610 4.173302 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 27 26034 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:27:31.489207 3.002177 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 06:27:33.151092 2.053896 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 19 14762 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:27:38.496762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:27:39.094141 4.059757 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 26 22484 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:27:44.981959 4.180352 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 17 14654 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:27:46.498717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:27:52.730439 2.230292 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 10 7284 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:27:59.074640 4.277781 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:28:02.501215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:28:04.897239 4.683928 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 8 4280 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:28:11.175009 4.314823 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 27 22538 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:28:17.134708 4.734592 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 8 3928 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:28:25.754631 4.717249 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 8 4528 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:28:33.976226 4.436932 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 19 13914 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:28:34.507505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:28:42.302275 4.372806 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 19 13314 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:28:48.180910 4.041926 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 13 10342 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:28:53.912530 3.918395 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 26 24532 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:28:59.576736 4.253498 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 17 15254 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:29:05.686152 4.132177 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 13 10942 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:29:13.942900 4.427569 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:29:19.891846 4.116824 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 18 13012 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:29:25.743416 4.534268 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 11 6738 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:29:31.791872 0.000702 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 6 3220 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:29:40.177420 4.060640 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:29:46.027161 4.699561 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:29:52.152203 4.290336 tcp 10.0.2.109 49237 -> 184.57.37.198 4909 FPA_* 0 0 23 13000 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:34:08.107650 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 06:34:08.107860 0.531853 tcp 10.0.2.109 49241 -> 77.242.51.250 4311 FSPA* 0 0 15 1645 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:34:38.513244 3.002072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 06:34:45.521375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:34:53.522166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:35:09.525591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:35:41.531112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:41:45.537027 3.001928 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 06:41:52.544791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:42:00.546446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:42:16.549330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:42:48.555562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:48:52.560936 3.002250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 06:48:59.568941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:49:07.570189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:49:23.573667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:49:55.578984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:55:59.584925 3.001780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 06:56:06.592675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:56:14.593959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:56:23.276869 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 06:56:23.277012 0.000000 udp 10.0.2.109 3683 -> 97.78.253.186 7622 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 06:56:30.597618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:56:39.873991 0.507987 tcp 10.0.2.109 49242 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:56:40.382231 0.542102 tcp 10.0.2.109 49243 -> 195.113.214.222 80 SRPA* 0 0 18 13342 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:56:40.924960 0.470795 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:56:41.396144 0.393058 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:56:41.789543 0.366688 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:56:42.156642 0.510899 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:56:42.667956 0.278148 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:56:42.946541 0.330445 udp 10.0.2.109 3683 <-> 217.203.92.217 9226 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:56:43.277403 0.424090 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:56:43.701880 0.459215 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:56:44.161438 0.564134 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:56:44.725923 0.000000 udp 10.0.2.109 3683 -> 71.48.23.198 4217 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 06:56:59.900731 0.506867 tcp 10.0.2.109 49244 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:57:00.407873 0.511384 tcp 10.0.2.109 49245 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:57:00.919489 0.425978 tcp 10.0.2.109 49246 -> 195.113.214.222 443 SRPA* 0 0 22 13128 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:57:01.346015 0.457266 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:01.803655 0.000000 udp 10.0.2.109 3683 -> 68.115.137.250 4522 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 06:57:02.603588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 06:57:20.550440 0.503926 tcp 10.0.2.109 49247 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:57:21.054663 0.512855 tcp 10.0.2.109 49248 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:57:21.567826 1.054635 tcp 10.0.2.109 49249 -> 195.113.214.222 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:57:22.623187 0.334617 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:22.958242 0.408037 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:23.366666 0.381106 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:23.748207 0.294492 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:24.043074 0.000000 udp 10.0.2.109 3683 -> 14.53.189.151 5470 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 06:57:39.336935 0.045726 tcp 10.0.2.109 49250 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:57:39.382906 0.048090 tcp 10.0.2.109 49251 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:57:39.431267 0.149612 tcp 10.0.2.109 49252 -> 195.113.214.222 443 SRPA* 0 0 22 11632 flow=From-Botnet-V1-TCP-Established 1970/01/01 06:57:39.581450 0.150258 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:39.732097 0.156752 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:39.889197 0.141478 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:40.031027 0.147184 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:40.178587 0.224344 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:40.403345 0.089994 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:40.493748 0.232302 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:40.726420 0.214135 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:40.940932 0.157026 udp 10.0.2.109 3683 <-> 210.89.45.32 5007 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:41.098370 0.065924 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:41.164712 0.056568 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:41.221631 0.146077 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:41.368115 0.394451 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:41.762914 0.169115 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/01 06:57:41.932384 0.189237 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:03:06.608622 3.002083 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 07:03:13.616879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:03:21.618351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:03:37.621405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:04:08.646504 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 07:04:08.646656 1.373762 tcp 10.0.2.109 49253 -> 77.242.51.250 4311 FSPA* 0 0 15 1661 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:04:09.626897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:10:13.632806 3.002091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 07:10:20.640605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:10:28.642093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:10:44.645322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:11:16.651475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:17:20.656737 3.002040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 07:17:27.664734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:17:35.666072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:17:51.669158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:18:23.675350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:24:27.681442 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 07:24:34.688728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:24:42.689876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:24:58.693134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:25:30.699174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:27:58.912830 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 07:27:58.913105 0.000000 udp 10.0.2.109 3683 -> 71.48.23.198 4217 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 07:28:16.419894 0.052228 tcp 10.0.2.109 49254 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:28:16.472394 0.047264 tcp 10.0.2.109 49255 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:28:16.519956 0.152375 tcp 10.0.2.109 49256 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:28:16.672922 0.000000 udp 10.0.2.109 3683 -> 68.115.137.250 4522 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 07:28:32.642227 0.046326 tcp 10.0.2.109 49257 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:28:32.688868 0.087002 tcp 10.0.2.109 49258 -> 195.113.214.222 80 SRPA* 0 0 18 13324 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:28:32.776533 0.000000 udp 10.0.2.109 3683 -> 14.53.189.151 5470 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 07:28:49.826700 0.051142 tcp 10.0.2.109 49259 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:28:49.878281 0.046375 tcp 10.0.2.109 49260 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:28:49.924964 0.154433 tcp 10.0.2.109 49261 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:28:50.079998 0.163159 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:28:50.243613 0.159105 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:28:50.403132 0.287089 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:28:50.690641 0.000000 udp 10.0.2.109 3683 -> 74.103.10.180 6864 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 07:29:07.011163 0.045120 tcp 10.0.2.109 49262 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:29:07.056544 0.047065 tcp 10.0.2.109 49263 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:29:07.103910 0.157636 tcp 10.0.2.109 49264 -> 195.113.214.222 443 SRPA* 0 0 24 13356 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:29:07.262135 0.049387 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:07.311929 0.000000 udp 10.0.2.109 3683 -> 217.203.92.217 9226 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 07:29:25.748505 0.045183 tcp 10.0.2.109 49265 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:29:25.794004 0.046703 tcp 10.0.2.109 49266 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:29:25.840997 0.147854 tcp 10.0.2.109 49267 -> 195.113.214.222 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:29:25.989469 0.178873 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:26.168741 0.168045 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:26.337177 0.210643 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:26.548246 0.211779 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:26.760404 0.265663 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:27.026413 0.055285 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:27.082078 0.278904 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:27.361358 0.166149 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:27.527875 0.156637 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:27.684906 0.126964 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:27.812246 0.150096 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:27.962771 0.212915 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:28.176108 0.083395 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:28.259908 0.213609 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:28.473913 0.210007 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:28.684314 0.000000 udp 10.0.2.109 3683 -> 210.89.45.32 5007 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 07:29:47.419596 0.044637 tcp 10.0.2.109 49268 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:29:47.464527 0.087154 tcp 10.0.2.109 49269 -> 195.113.214.222 80 SRPA* 0 0 38 24234 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:29:47.552197 0.146508 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:47.699068 0.064403 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:47.763878 0.145155 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:47.909434 0.388316 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:48.298165 0.164585 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:48.463134 0.068796 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:29:48.532286 0.187805 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/01 07:31:34.705230 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 07:31:41.712879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:31:49.713926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:32:05.716861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:32:37.722847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:34:10.026606 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 07:34:10.026791 0.591099 tcp 10.0.2.109 49270 -> 77.242.51.250 4311 FSPA* 0 0 15 1762 flow=From-Botnet-V1-TCP-Established 1970/01/01 07:38:41.728617 3.002344 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 07:38:48.736754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:38:56.737962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:39:12.740797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:39:44.746767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:45:48.752845 3.001532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 07:45:55.760567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:46:03.762039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:46:19.764926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:46:51.771263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:52:55.776721 3.002119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 07:53:02.784375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:53:10.786086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:53:26.789138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 07:53:58.795027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:00:02.801087 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 08:00:06.143679 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 08:00:06.143784 0.139338 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:06.283509 0.000000 udp 10.0.2.109 3683 -> 217.203.92.217 9226 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 08:00:09.808293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:00:17.809779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:00:24.612291 0.047060 tcp 10.0.2.109 49271 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 08:00:24.659637 0.048672 tcp 10.0.2.109 49272 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 08:00:24.708588 0.145233 tcp 10.0.2.109 49273 -> 195.113.214.222 443 SRPA* 0 0 20 10884 flow=From-Botnet-V1-TCP-Established 1970/01/01 08:00:24.854500 0.000000 udp 10.0.2.109 3683 -> 210.89.45.32 5007 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 08:00:33.813137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:00:43.828085 0.045719 tcp 10.0.2.109 49274 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 08:00:43.874120 0.086971 tcp 10.0.2.109 49275 -> 195.113.214.222 80 SRPA* 0 0 40 39342 flow=From-Botnet-V1-TCP-Established 1970/01/01 08:00:43.961802 0.284830 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:44.247027 0.152525 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:44.399935 0.170353 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:44.570666 0.044272 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:44.615306 0.160583 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:44.776272 0.180387 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:44.957030 0.104345 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:45.061804 0.055456 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:45.117621 0.224647 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:45.342635 0.260505 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:45.603562 0.158373 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:45.762440 0.120697 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:45.883522 0.149637 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:46.033586 0.150784 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:46.184758 0.163993 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:46.349216 0.212993 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:46.562624 0.212870 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:46.775907 0.090912 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:46.867228 0.210675 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:47.078345 0.145261 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:47.223967 0.057952 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:47.282317 0.147019 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:47.429745 0.071433 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:47.501577 0.176841 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:47.678851 0.381606 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:00:48.061019 0.174250 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:01:05.819315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:04:10.624954 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 08:04:10.625126 0.725537 tcp 10.0.2.109 49276 -> 77.242.51.250 4311 FSPA* 0 0 15 1786 flow=From-Botnet-V1-TCP-Established 1970/01/01 08:07:09.825467 3.000987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 08:07:16.832417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:07:24.833843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:07:40.836560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:08:12.842820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:14:16.849872 3.000374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 08:14:23.856683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:14:31.858236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:14:47.861265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:15:19.867174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:21:23.873334 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 08:21:30.880715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:21:38.881523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:21:54.884588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:22:26.890585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:28:30.896937 3.001515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 08:28:37.908405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:28:45.906305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:29:01.908458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:29:33.915038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:31:10.173260 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 08:31:10.173455 0.134229 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:10.308047 0.166508 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:10.474978 0.044454 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:10.519881 0.163555 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:10.683854 0.189667 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:10.873982 0.100975 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:10.975371 0.285959 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:11.261783 0.143011 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:11.405214 0.058415 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:11.464049 0.232352 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:11.696838 0.328749 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:12.025982 0.156644 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:12.183025 0.113018 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:12.296463 0.150079 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:12.446979 0.153022 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:12.600420 0.222368 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:12.823216 0.085206 udp 10.0.2.109 3683 <-> 85.104.159.86 9757 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:12.908814 0.214895 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:13.124051 0.305867 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:13.430279 0.167701 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:13.598325 0.146712 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:13.745446 0.057323 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:13.803113 0.144284 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:13.947821 0.070780 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:14.019031 0.179223 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:14.198653 0.396220 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:31:14.595218 0.173790 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/01 08:34:11.354491 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 08:34:11.354672 0.709063 tcp 10.0.2.109 49277 -> 77.242.51.250 4311 FSPA* 0 0 16 1848 flow=From-Botnet-V1-TCP-Established 1970/01/01 08:35:37.920548 3.001591 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 08:35:44.928032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:35:52.930060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:36:08.933031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:36:40.938796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:42:44.944133 3.002824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 08:42:51.951917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:42:59.953725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:43:15.956902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:43:47.962985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:49:51.968445 3.002022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 08:49:58.976161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:50:06.977999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:50:22.980540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:50:54.986831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:56:58.992441 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 08:57:06.000084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:57:14.001698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:57:30.004583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 08:58:02.010872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:01:38.862813 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 09:01:38.862965 0.134980 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:38.998353 0.231645 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:39.230349 0.041950 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:39.272744 0.157521 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:39.430615 0.180758 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:39.611864 0.105711 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:39.717972 0.054291 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:39.772663 0.222773 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:39.995837 0.451011 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:40.447262 0.288750 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:40.736410 0.143026 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:40.879837 0.169343 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:41.049591 0.085659 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:41.135675 0.150170 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:41.286418 0.213088 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:41.499899 0.221416 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:41.721711 0.000000 udp 10.0.2.109 3683 -> 85.104.159.86 9757 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 09:01:59.205070 0.048854 tcp 10.0.2.109 49278 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:01:59.254243 0.047698 tcp 10.0.2.109 49279 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:01:59.302233 0.158393 tcp 10.0.2.109 49280 -> 195.113.214.222 443 SRPA* 0 0 23 13340 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:01:59.461209 0.214087 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:59.675665 0.152588 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:59.828609 0.167519 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:01:59.996501 0.147312 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:02:00.144181 0.055094 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:02:00.199626 0.145437 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:02:00.345446 0.069182 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:02:00.415031 0.165060 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:02:00.580487 0.185895 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:02:00.766791 0.384521 udp 10.0.2.109 3683 <-> 220.255.36.86 6830 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:04:06.016155 3.001883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 09:04:12.062898 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 09:04:12.063033 0.663797 tcp 10.0.2.109 49281 -> 77.242.51.250 4311 FSPA* 0 0 14 1630 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:04:13.024378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:04:21.025759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:04:37.028374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:05:09.034836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:11:13.040973 3.001438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 09:11:20.047753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:11:28.049774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:11:44.052783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:12:16.058803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:18:20.064273 3.002358 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 09:18:27.071890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:18:35.073641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:18:51.076911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:19:23.082893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:25:27.087921 3.002464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 09:25:34.095674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:25:42.097590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:25:58.100374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:26:30.106594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:32:25.827986 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 09:32:25.828143 0.000000 udp 10.0.2.109 3683 -> 85.104.159.86 9757 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 09:32:34.112174 3.002218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 09:32:41.120306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:32:43.966047 0.046522 tcp 10.0.2.109 49282 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:32:44.012819 0.046814 tcp 10.0.2.109 49283 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:32:44.059938 0.156517 tcp 10.0.2.109 49284 -> 195.113.214.222 443 SRPA* 0 0 44 37138 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:32:44.217252 0.134282 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:44.351914 0.164729 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:44.517011 0.182026 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:44.699389 0.102556 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:44.802463 0.054173 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:44.908206 0.221560 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:45.130193 0.170012 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:45.300622 0.049755 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:45.350743 0.144195 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:45.495315 0.161344 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:45.657001 0.285950 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:45.943346 0.284148 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:46.227873 0.160952 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:46.389219 0.214212 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:46.603797 0.151125 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:46.755358 0.134637 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:46.890523 0.166627 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:47.057566 0.216157 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:47.274282 0.393387 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:47.668061 0.148038 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:47.816526 0.057115 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:47.874046 0.143283 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:48.017735 0.068602 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:48.086700 0.173475 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:48.260577 0.178710 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/01 09:32:48.439665 0.000000 udp 10.0.2.109 3683 -> 220.255.36.86 6830 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 09:32:49.121535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:33:05.124212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:33:06.147199 0.046355 tcp 10.0.2.109 49285 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:33:06.193790 0.046844 tcp 10.0.2.109 49286 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:33:06.240911 0.147039 tcp 10.0.2.109 49287 -> 195.113.214.222 443 SRPA* 0 0 42 24346 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:33:37.130760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:34:12.732141 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 09:34:12.732307 0.582508 tcp 10.0.2.109 49288 -> 77.242.51.250 4311 FSPA* 0 0 15 1715 flow=From-Botnet-V1-TCP-Established 1970/01/01 09:39:41.136051 3.002458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 09:39:48.144124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:39:56.145470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:40:12.148547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:40:44.154395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:46:48.159998 3.002384 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 09:46:55.167630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:47:03.169048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:47:19.172354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:47:51.178324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:53:55.184685 3.001109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 09:54:02.191846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:54:10.193461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:54:26.196430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 09:54:58.202558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:01:02.208326 3.002181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 10:01:09.216229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:01:17.217322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:01:33.220596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:02:05.226430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:03:33.814032 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 10:03:33.814146 0.000000 udp 10.0.2.109 3683 -> 220.255.36.86 6830 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 10:03:49.959190 0.046672 tcp 10.0.2.109 49289 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 10:03:50.006056 0.049311 tcp 10.0.2.109 49290 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 10:03:50.055654 0.200779 tcp 10.0.2.109 49291 -> 195.113.214.222 443 SRPA* 0 0 41 22618 flow=From-Botnet-V1-TCP-Established 1970/01/01 10:03:50.257207 0.180130 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:50.437718 0.104072 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:50.542179 0.076153 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:50.618715 0.135485 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:50.754612 0.160553 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:50.915555 0.045073 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:50.960980 0.144316 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:51.105720 0.179462 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:51.285595 0.312746 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:51.598697 0.225491 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:51.824579 0.167451 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:51.992372 0.169082 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:52.161861 0.287805 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:52.450084 0.150834 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:52.601334 0.127232 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:52.728973 0.165132 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:52.894501 0.213737 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:53.108609 0.147359 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:53.256405 0.058040 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:53.314815 0.142558 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:53.457799 0.071982 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:53.530254 0.211332 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:53.742010 0.473771 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:54.216176 0.162057 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:03:54.378679 0.183377 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:04:13.320579 0.540493 tcp 10.0.2.109 49292 -> 77.242.51.250 4311 FSPA* 0 0 15 1716 flow=From-Botnet-V1-TCP-Established 1970/01/01 10:08:09.232021 3.001926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 10:08:16.239431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:08:24.241564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:08:40.244430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:09:12.250049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:15:16.255953 3.002245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 10:15:23.264066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:15:31.265316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:15:47.268166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:16:19.274443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:22:23.280218 3.001966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 10:22:30.288045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:22:38.289480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:22:54.291914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:23:26.298015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:29:30.304789 3.003622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 10:29:37.311627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:29:45.313145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:30:01.316172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:30:33.322024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:34:11.566495 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 10:34:11.566680 0.189875 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:11.756913 0.107669 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:11.864947 0.055535 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:11.920878 0.134513 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:12.055765 0.159943 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:12.216096 0.000000 udp 10.0.2.109 3683 -> 79.247.163.86 1110 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 10:34:13.859388 0.608732 tcp 10.0.2.109 49293 -> 77.242.51.250 4311 FSPA* 0 0 15 1645 flow=From-Botnet-V1-TCP-Established 1970/01/01 10:34:30.305093 0.049290 tcp 10.0.2.109 49294 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 10:34:30.354635 0.090988 tcp 10.0.2.109 49295 -> 195.113.214.222 80 SRPA* 0 0 31 18317 flow=From-Botnet-V1-TCP-Established 1970/01/01 10:34:30.445830 0.399990 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:30.846357 0.230792 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:31.077534 0.162531 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:31.240450 0.142869 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:31.383744 0.156637 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:31.540746 0.159635 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:31.700789 0.285567 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:31.986831 0.149839 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:32.137057 0.076683 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:32.214249 0.175959 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:32.390689 0.213459 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:32.604550 0.147473 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:32.752401 0.054697 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:32.807472 0.143676 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:32.951505 0.070267 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:33.022122 0.210920 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:33.233394 0.189546 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:33.423340 0.152498 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:34:33.576188 0.179853 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/01 10:36:37.328050 3.002040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 10:36:44.335603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:36:52.337178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:37:08.340009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:37:40.346031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:43:44.351671 3.001846 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 10:43:51.359427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:43:59.361489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:44:15.364457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:44:47.370373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:50:51.375717 3.002176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 10:50:58.383825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:51:06.385301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:51:22.388203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:51:54.394192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:57:58.399844 3.001813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 10:58:05.407499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:58:13.409124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:58:29.412087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 10:59:01.418189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:04:14.468324 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 11:04:14.468469 3.004067 tcp 10.0.2.109 49296 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 11:04:23.470749 0.000000 tcp 10.0.2.109 49296 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 11:04:29.471795 0.046939 tcp 10.0.2.109 49297 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 11:04:29.518965 0.047618 tcp 10.0.2.109 49298 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 11:04:29.566878 0.147343 tcp 10.0.2.109 49299 -> 195.113.214.222 443 SRPA* 0 0 20 10690 flow=From-Botnet-V1-TCP-Established 1970/01/01 11:04:29.768416 2.996071 tcp 10.0.2.109 49300 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 11:04:38.673640 0.049804 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:38.723838 0.135286 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:38.773066 0.000000 tcp 10.0.2.109 49300 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 11:04:38.859495 0.105343 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:38.965251 0.180944 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:39.146581 0.056506 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:39.203569 0.163188 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:39.367163 0.344300 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:39.711846 0.235273 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:39.947488 0.165556 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:40.113462 0.143113 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:40.256968 0.159693 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:40.417036 0.155188 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:40.572646 0.283301 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:40.856370 0.152499 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:41.009260 0.113254 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:41.122946 0.165354 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:41.288689 0.214771 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:41.503795 0.175004 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:41.679172 0.060869 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:41.740410 0.141142 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:41.881903 0.068475 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:41.950805 0.456645 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:42.407872 0.696393 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:43.104606 0.211788 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:43.316778 0.177112 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:04:44.762777 0.046440 tcp 10.0.2.109 49301 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 11:04:44.809526 0.086403 tcp 10.0.2.109 49302 -> 195.113.214.222 80 SRPA* 0 0 38 24176 flow=From-Botnet-V1-TCP-Established 1970/01/01 11:04:44.904922 0.372574 tcp 10.0.2.109 49303 -> 176.73.166.24 5576 FSPA* 0 0 14 1595 flow=From-Botnet-V1-TCP-Established 1970/01/01 11:05:05.424261 3.001588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 11:05:12.431389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:05:20.433160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:05:36.435699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:06:08.441779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:12:12.448537 3.001727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 11:12:19.455153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:12:27.457061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:12:43.460356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:13:15.465918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:19:19.471620 3.002401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 11:19:26.479718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:19:34.480614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:19:50.483638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:20:22.489853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:26:26.495765 3.002044 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 11:26:33.503740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:26:41.505027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:26:57.507839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:27:29.513783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:33:33.520305 3.001667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 11:33:40.527298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:33:48.528840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:34:04.532089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:34:36.538308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:34:45.280554 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 11:34:45.280734 0.492666 tcp 10.0.2.109 49304 -> 176.73.166.24 5576 FSPA* 0 0 14 1624 flow=From-Botnet-V1-TCP-Established 1970/01/01 11:35:01.634586 0.102105 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:01.737113 0.044598 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:01.782233 0.134219 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:01.916831 0.161972 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:02.079198 0.246486 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:02.326055 0.226496 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:02.552898 0.181896 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:02.735165 0.057233 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:02.792783 0.165685 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:02.958909 0.142526 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:03.101828 0.157328 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:03.259516 0.154526 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:03.414542 0.284484 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:03.699415 0.150866 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:03.850685 0.197544 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:04.048631 0.166071 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:04.215060 0.213415 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:04.428832 0.146352 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:04.575541 0.057547 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:04.633435 0.137680 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:04.771512 0.070740 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:04.842580 0.451753 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:05.294756 0.189364 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:05.484528 0.821265 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:35:06.306399 0.214255 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/01 11:40:40.544620 3.000955 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 11:40:47.551391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:40:55.552938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:41:11.555523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:41:43.562230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:47:47.567341 3.002521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 11:47:54.575397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:48:02.576982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:48:18.579955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:48:50.585563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:54:54.591483 3.002298 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 11:55:01.599269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:55:09.600981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:55:25.604067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 11:55:57.609851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:02:01.615722 3.001599 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 12:02:08.623346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:02:16.624423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:02:32.627698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:03:04.633832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:04:45.779505 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 12:04:45.779736 0.889394 tcp 10.0.2.109 49305 -> 176.73.166.24 5576 FSPA* 0 0 14 1656 flow=From-Botnet-V1-TCP-Established 1970/01/01 12:05:26.598228 0.133384 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:26.732046 0.157568 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:26.890015 0.103749 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:26.994363 0.000000 udp 10.0.2.109 3683 -> 79.247.163.86 1110 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 12:05:31.344777 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 12:05:45.457108 0.079758 tcp 10.0.2.109 49306 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 12:05:45.537157 0.085131 tcp 10.0.2.109 49307 -> 195.113.214.222 80 SRPA* 0 0 38 23015 flow=From-Botnet-V1-TCP-Established 1970/01/01 12:05:45.622454 0.146550 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:45.769357 0.232500 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:46.002405 0.183236 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:46.186069 0.057146 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:46.243633 0.165774 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:46.409772 0.143526 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:46.553734 0.155582 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:46.709660 0.159399 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:46.869404 0.280555 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:47.150392 0.150886 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:47.301630 0.079112 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:47.381169 0.163826 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:47.545398 0.214416 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:47.760224 0.145947 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:47.906551 0.059532 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:47.966470 0.143398 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:48.110294 0.068935 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:48.179596 0.356393 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:48.536375 0.180573 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:48.717366 0.173754 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:05:48.891495 0.215873 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:09:08.639417 3.001937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 12:09:15.647059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:09:23.648668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:09:39.651624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:10:11.657790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:16:15.663886 3.001830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 12:16:22.670860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:16:30.672641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:16:46.675999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:17:18.681888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:23:22.687433 3.001600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 12:23:29.695619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:23:37.696738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:23:53.699627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:24:25.705392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:30:29.711202 3.002027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 12:30:36.719407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:30:44.720503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:31:00.723283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:31:32.729869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:34:46.669107 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 12:34:46.669341 0.359827 tcp 10.0.2.109 49308 -> 176.73.166.24 5576 FSPA* 0 0 14 1577 flow=From-Botnet-V1-TCP-Established 1970/01/01 12:36:00.274380 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 12:36:00.274587 0.050006 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:00.324991 0.157449 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:00.482825 0.135096 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:00.618503 0.103216 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:00.722141 0.265858 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:00.988342 0.233556 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:01.222328 0.180992 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:01.403726 0.056099 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:01.460225 0.163263 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:01.623878 0.143226 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:01.767551 0.156614 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:01.924560 0.158128 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:02.083069 0.280770 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:02.364236 0.153194 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:02.517844 0.124064 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:02.642315 0.166557 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:02.809230 0.213171 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:03.022760 0.153853 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:03.177000 0.057640 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:03.235059 0.230006 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:03.465436 0.186878 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:03.652678 0.174390 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:03.827441 0.143587 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:03.971437 0.069135 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:36:04.040969 0.210378 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 12:37:36.735738 3.001505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 12:37:43.742778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:37:51.744985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:38:07.747409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:38:39.753789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:44:43.759386 3.001797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 12:44:50.767449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:44:58.768355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:45:14.771715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:45:46.777240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:51:50.793399 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 12:51:57.801480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:52:05.802914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:52:21.805236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:52:53.811216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:58:57.816963 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 12:59:04.824869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:59:12.826293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 12:59:28.829468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:00:00.835445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:04:47.047179 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 13:04:47.047275 0.359403 tcp 10.0.2.109 49309 -> 176.73.166.24 5576 FSPA* 0 0 14 1507 flow=From-Botnet-V1-TCP-Established 1970/01/01 13:06:04.841398 3.002143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 13:06:11.848835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:06:19.850520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:06:21.773198 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 13:06:21.773287 0.134877 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:21.908568 0.100231 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:22.009144 0.287849 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:22.297340 0.049846 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:22.347593 0.165823 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:22.513839 0.215280 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:22.729503 0.179337 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:22.909226 0.055875 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:22.965450 0.164860 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:23.130706 0.143087 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:23.274311 0.363785 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:23.638503 0.156236 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:23.795100 0.284756 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:24.080212 0.437028 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:24.517641 0.075490 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:24.593529 0.165557 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:24.759492 0.216975 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:24.976876 0.000000 udp 10.0.2.109 3683 -> 97.65.8.22 1039 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 13:06:35.853701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:06:41.144146 0.047285 tcp 10.0.2.109 49310 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 13:06:41.191674 0.045577 tcp 10.0.2.109 49311 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 13:06:41.237573 0.150450 tcp 10.0.2.109 49312 -> 195.113.214.222 443 SRPA* 0 0 57 37419 flow=From-Botnet-V1-TCP-Established 1970/01/01 13:06:41.388399 0.191715 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:41.580514 0.174560 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:41.755429 0.145418 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:41.901248 0.066403 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:06:41.968042 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 13:07:00.800498 0.047190 tcp 10.0.2.109 49313 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 13:07:00.847946 0.047284 tcp 10.0.2.109 49314 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 13:07:00.895487 0.189752 tcp 10.0.2.109 49315 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/01 13:07:01.085797 0.053978 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:07:01.140124 0.217525 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:07:07.859158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:13:11.865087 3.002349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 13:13:18.872593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:13:26.874697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:13:42.877450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:14:14.883718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:20:18.889089 3.002354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 13:20:25.897324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:20:33.898622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:20:49.901671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:21:21.907539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:27:25.913324 3.002212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 13:27:32.920935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:27:40.922748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:27:56.925759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:28:28.931682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:34:32.937923 3.000940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 13:34:39.945198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:34:47.406421 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 13:34:47.406600 0.385499 tcp 10.0.2.109 49316 -> 176.73.166.24 5576 FSPA* 0 0 15 1806 flow=From-Botnet-V1-TCP-Established 1970/01/01 13:34:47.946864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:35:03.949338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:35:35.955466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:37:21.627578 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 13:37:21.627670 0.147277 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:21.775363 0.363683 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:22.139451 0.134953 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:22.274825 0.049828 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:22.324999 0.173798 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:22.499201 0.227837 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:22.727451 0.185774 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:22.913630 0.055485 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:22.969551 0.102985 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:23.072921 0.018526 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:23.091828 0.149920 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:23.242198 0.165982 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:23.408524 0.156550 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:23.565506 0.142851 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:23.708742 0.223561 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:23.932695 0.297920 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:24.231005 0.153761 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:24.385149 0.149253 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:24.534796 0.166649 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:24.701864 0.142799 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:24.845067 0.067105 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:24.912549 0.190515 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:25.103460 0.160545 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:25.264439 0.059341 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:37:25.324189 0.213390 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/01 13:41:39.961025 3.001690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 13:41:46.968673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:41:54.970617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:42:10.973322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:42:42.979419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:48:46.984971 3.001931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 13:48:53.993012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:49:01.994109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:49:17.997359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:49:50.003201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:55:54.009093 3.001714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 13:56:01.017194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:56:09.018498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:56:25.021845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 13:56:57.026889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:03:01.032880 3.001980 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 14:03:08.040638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:03:16.042041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:03:32.045027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:04:04.051642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:04:47.794648 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 14:04:47.794848 0.383767 tcp 10.0.2.109 49317 -> 176.73.166.24 5576 FSPA* 0 0 14 1569 flow=From-Botnet-V1-TCP-Established 1970/01/01 14:07:44.267975 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 14:07:44.268072 0.146135 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:44.414712 0.044781 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:44.459875 0.161632 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:44.621906 0.226650 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:44.849024 0.179038 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:45.028535 0.054305 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:45.083245 0.561556 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:45.645165 0.134520 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:45.780044 0.109645 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:45.890150 0.017992 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 587 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:45.908494 0.163583 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:46.072482 0.168009 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:46.240815 0.157628 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:46.398934 0.142199 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:46.541556 0.215907 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:46.757849 0.301631 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:47.059850 0.088893 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:47.149162 0.155971 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:47.305516 0.164179 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:47.470101 0.146673 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:47.617168 0.068982 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:47.686571 0.058773 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:47.745728 0.210284 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:47.956367 0.187344 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:07:48.144080 0.164672 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:10:08.057957 3.000947 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 14:10:15.064950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:10:23.066506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:10:39.068796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:11:11.075300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:17:15.081663 3.001477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 14:17:22.088427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:17:30.090397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:17:46.093152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:18:18.099463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:24:22.104945 3.001529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 14:24:29.112783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:24:37.114000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:24:53.117171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:25:25.123245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:31:29.128945 3.002163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 14:31:36.136741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:31:44.137955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:32:00.140784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:32:32.146760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:34:48.182758 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 14:34:48.182909 0.364560 tcp 10.0.2.109 49318 -> 176.73.166.24 5576 FSPA* 0 0 14 1518 flow=From-Botnet-V1-TCP-Established 1970/01/01 14:38:08.010753 0.000159 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 14:38:08.011012 0.158308 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:08.169714 0.226366 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:08.396457 0.147112 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:08.543956 0.049556 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:08.593872 0.179062 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:08.773294 0.074538 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:08.848198 0.400240 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:09.248859 0.134711 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:09.383968 0.095166 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:09.479518 0.091496 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:09.571387 0.158900 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:09.730697 0.164984 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:09.896067 0.155891 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:10.052371 0.142154 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:10.194924 0.223513 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:10.418858 0.292439 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:10.711650 0.087796 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:10.799856 0.151408 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:10.951652 0.163923 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:11.115966 0.145239 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:11.261562 0.070277 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:11.332195 0.056013 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:11.388605 0.214362 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:11.603355 0.189516 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:11.793250 0.173512 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/01 14:38:36.153163 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 14:38:43.160521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:38:51.162401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:39:07.165264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:39:39.171044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:45:43.176972 3.001367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 14:45:50.184344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:45:58.186135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:46:14.189280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:46:46.194843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:52:50.200552 3.002349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 14:52:57.208073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:53:05.209944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:53:21.212781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:53:53.219452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 14:59:57.225143 3.001644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 15:00:04.232347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:00:12.234337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:00:28.236845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:01:00.242619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:04:48.551908 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 15:04:48.552047 0.424626 tcp 10.0.2.109 49319 -> 176.73.166.24 5576 FSPA* 0 0 14 1708 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:07:04.248360 3.002236 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 15:07:11.256625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:07:19.257751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:07:35.260530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:08:07.267315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:08:17.902420 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 15:08:17.902650 0.147031 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:18.050027 0.044400 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:18.094850 0.179990 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:18.275191 0.072610 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:18.348181 0.000000 udp 10.0.2.109 3683 -> 66.76.163.140 2800 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 15:08:36.230791 0.069440 tcp 10.0.2.109 49320 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:08:36.300499 0.068316 tcp 10.0.2.109 49321 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:08:36.369094 0.137640 tcp 10.0.2.109 49322 -> 195.113.214.222 443 SRPA* 0 0 33 23891 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:08:36.507335 0.224969 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:36.732660 0.151353 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:36.884396 0.134566 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:37.019385 0.108273 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:37.128076 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 15:08:53.063737 0.045162 tcp 10.0.2.109 49323 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:08:53.109203 0.047863 tcp 10.0.2.109 49324 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:08:53.157386 0.150229 tcp 10.0.2.109 49325 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:08:53.308175 0.159449 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:53.468024 0.164111 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:53.632550 0.155746 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:53.788707 0.143204 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:53.932324 0.214570 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:54.147309 0.287896 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:54.435551 0.076479 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:54.512406 0.151860 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:54.664700 0.068333 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:54.733450 0.056322 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:54.790223 0.211760 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:55.002555 0.194066 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:55.197014 0.159964 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:55.357329 0.168235 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:08:55.525911 0.148431 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:14:11.272715 3.001619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 15:14:18.280364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:14:26.282072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:14:42.284821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:15:14.290563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:21:18.296334 3.002537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 15:21:25.304151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:21:33.306018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:21:49.308456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:22:21.315003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:28:25.320771 3.001612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 15:28:32.328580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:28:40.329420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:28:56.332795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:29:28.338963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:34:48.980498 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 15:34:48.980694 0.381687 tcp 10.0.2.109 49326 -> 176.73.166.24 5576 FSPA* 0 0 14 1643 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:35:32.344798 3.001600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 15:35:39.351874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:35:47.353463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:36:03.357039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:36:35.362659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:39:04.627874 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 15:39:04.627979 0.205803 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:04.834155 0.017545 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:04.852029 0.056218 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:04.908603 0.323695 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:05.232703 0.050207 udp 10.0.2.109 3683 <-> 79.247.163.86 1110 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:05.283319 0.146294 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:05.429998 0.150080 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:05.580463 0.233052 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:05.813944 0.143289 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:05.957594 0.101589 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:06.059608 0.000000 udp 10.0.2.109 3683 -> 216.197.212.119 7692 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 15:39:21.604175 0.045698 tcp 10.0.2.109 49327 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:39:21.650151 0.084625 tcp 10.0.2.109 49328 -> 195.113.214.222 80 SRPA* 0 0 38 24232 flow=From-Botnet-V1-TCP-Established 1970/01/01 15:39:21.735217 0.168701 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:21.904300 0.156648 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:22.061362 0.144271 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:22.206026 0.214443 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:22.420853 0.296625 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:22.717841 0.074680 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:22.792922 0.151046 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:22.944359 0.068083 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:23.012836 0.055832 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:23.069138 0.211240 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:23.280791 0.169192 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:23.450386 0.143152 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:23.593948 0.181137 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:39:23.775489 0.156726 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/01 15:42:39.368300 3.001913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 15:42:46.376310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:42:54.378231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:43:10.380985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:43:42.386814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:49:46.392455 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 15:49:53.400440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:50:01.401978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:50:17.404352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:50:49.410585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:56:53.416528 3.001782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 15:57:00.424078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:57:08.425907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:57:24.428636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 15:57:56.434432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:04:00.441406 3.001079 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 16:04:07.447996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:04:15.449913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:04:31.452284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:04:49.368606 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:04:49.368901 0.356671 tcp 10.0.2.109 49329 -> 176.73.166.24 5576 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:05:03.458633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:09:43.131346 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:09:43.131557 0.157201 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:09:43.289177 0.056959 udp 10.0.2.109 3683 <-> 176.73.148.62 1150 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:09:43.346534 0.485026 udp 10.0.2.109 3683 <-> 66.76.163.140 2800 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:09:43.831944 0.021742 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:09:43.853986 0.178363 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:09:44.032760 0.151805 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:09:44.184905 0.542128 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:09:44.727447 0.135999 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:09:44.863852 0.145373 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:09:45.009648 0.000000 udp 10.0.2.109 3683 -> 79.247.163.86 1110 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:10:03.662629 0.046036 tcp 10.0.2.109 49330 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:10:03.709009 0.081550 tcp 10.0.2.109 49331 -> 195.113.214.222 80 SRPA* 0 0 38 24213 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:10:03.791224 0.100354 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:03.891929 0.168794 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:04.061108 0.157161 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:04.218678 0.142457 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:04.361523 0.655890 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:05.017798 0.312293 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:05.330451 0.075363 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:05.406385 0.150724 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:05.557465 0.220228 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:05.778283 0.165157 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:05.943879 0.139638 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:06.083879 0.179643 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:06.263967 0.172594 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:06.436925 0.068185 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:10:06.505524 0.056986 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:11:07.464379 3.001688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 16:11:14.471720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:11:22.473393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:11:38.476319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:12:10.482346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:18:14.487865 3.002068 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 16:18:21.496390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:18:29.497493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:18:45.500653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:19:17.506518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:25:21.512234 3.002187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 16:25:28.519931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:25:36.521670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:25:52.524667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:26:24.530895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:32:28.537019 3.001132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 16:32:35.543611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:32:43.545688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:32:59.548134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:33:31.554444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:34:49.727144 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:34:49.727309 0.356276 tcp 10.0.2.109 49332 -> 176.73.166.24 5576 FSPA* 0 0 14 1675 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:39:35.560673 3.001605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 16:39:42.567999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:39:50.569072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:40:06.572212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:40:14.253735 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:40:14.253911 0.000000 udp 10.0.2.109 3683 -> 79.247.163.86 1110 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:40:29.378275 0.045474 tcp 10.0.2.109 49333 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:40:29.423986 0.045927 tcp 10.0.2.109 49334 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:40:29.470262 0.150313 tcp 10.0.2.109 49335 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:40:29.621179 0.000000 udp 10.0.2.109 3683 -> 66.76.163.140 2800 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:40:38.578618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:40:47.071432 0.045440 tcp 10.0.2.109 49336 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:40:47.117130 0.046554 tcp 10.0.2.109 49337 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:40:47.163973 0.137877 tcp 10.0.2.109 49338 -> 195.113.214.222 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:40:47.302577 0.317315 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:40:47.620279 0.158974 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:40:47.779659 0.000000 udp 10.0.2.109 3683 -> 176.73.148.62 1150 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:41:03.675376 0.044659 tcp 10.0.2.109 49339 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:41:03.720294 0.046247 tcp 10.0.2.109 49340 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:41:03.766808 0.148418 tcp 10.0.2.109 49341 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 16:41:03.915776 0.222846 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:04.138964 0.134698 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:04.274048 0.182933 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:04.457397 0.150695 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:04.608527 0.146924 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:04.755799 0.103918 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:04.860159 0.166617 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:05.027156 0.155094 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:05.182615 0.142861 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:05.325867 0.215080 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:05.541290 0.317155 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:05.858818 0.105059 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:05.964275 0.154060 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:06.118677 0.221524 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:06.340582 0.163345 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:06.504294 0.166032 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:06.670722 0.069408 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:06.740542 0.055751 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:06.796688 0.349660 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:07.146703 0.187529 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:07.486767 0.000000 udp 10.0.2.109 3683 -> 176.73.148.62 1150 REQ 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:41:13.198292 0.000000 udp 10.0.2.109 3683 -> 66.76.163.140 2800 REQ 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:41:21.891061 0.162414 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 855 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:22.053927 0.054246 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 812 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:22.108672 0.234277 udp 10.0.2.109 3683 <-> 108.83.11.64 5529 CON 0 0 2 676 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:22.343350 0.135982 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:22.479762 0.186323 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 856 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:22.666442 0.155082 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:22.822042 0.148839 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 856 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:22.971311 0.106388 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 675 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:23.078180 0.168727 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:23.247394 0.165657 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:23.413443 0.143205 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 670 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:23.557094 0.216643 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 734 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:23.774275 0.314770 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:24.089481 0.079684 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 838 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:24.169575 0.212733 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 707 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:24.382698 0.166821 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 823 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:24.550016 0.174532 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 857 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:24.724944 0.068591 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 745 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:24.794015 0.064369 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 789 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:24.858854 0.149807 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:25.009151 0.179322 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 684 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:25.188895 0.358542 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 721 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:25.547989 0.000000 udp 10.0.2.109 3683 -> 174.96.167.242 8543 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:41:33.768200 0.000000 udp 10.0.2.109 3683 -> 217.6.53.66 9370 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:41:42.189967 0.000000 udp 10.0.2.109 3683 -> 216.215.82.154 9487 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:41:47.207173 0.000000 udp 10.0.2.109 3683 -> 31.53.110.151 7249 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:41:51.853762 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:41:53.556691 0.300643 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 669 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:41:53.868202 0.000000 udp 10.0.2.109 3683 -> 182.64.249.46 4710 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:42:01.227805 0.000000 udp 10.0.2.109 3683 -> 190.131.79.31 2220 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:42:10.089896 0.000000 udp 10.0.2.109 3683 -> 80.13.20.92 4538 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:42:16.168868 0.000000 udp 10.0.2.109 3683 -> 76.21.133.27 7848 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:42:22.888534 0.000000 udp 10.0.2.109 3683 -> 79.135.34.53 7196 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:42:28.856939 0.000000 udp 10.0.2.109 3683 -> 109.226.45.179 1710 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:42:35.256656 0.000000 udp 10.0.2.109 3683 -> 206.174.15.11 9600 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:42:39.852593 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:42:40.474074 0.303339 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:42:40.794917 0.000000 udp 10.0.2.109 3683 -> 72.240.124.118 1705 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:42:47.223630 0.000000 udp 10.0.2.109 3683 -> 188.107.85.248 7294 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:42:53.422388 0.000000 udp 10.0.2.109 3683 -> 93.129.63.98 3443 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:43:01.413641 0.000000 udp 10.0.2.109 3683 -> 108.50.132.36 8236 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:43:08.684208 0.000000 udp 10.0.2.109 3683 -> 75.149.117.1 5929 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:43:15.083959 0.000000 udp 10.0.2.109 3683 -> 58.32.191.30 2567 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:43:23.425815 0.000000 udp 10.0.2.109 3683 -> 151.64.247.249 8646 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:43:28.352384 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:43:29.243924 0.000000 udp 10.0.2.109 3683 -> 50.76.126.114 2886 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:43:37.716326 0.000000 udp 10.0.2.109 3683 -> 68.236.156.55 9624 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:43:44.065483 0.000000 udp 10.0.2.109 3683 -> 82.153.178.253 6511 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:43:52.167208 0.000000 udp 10.0.2.109 3683 -> 74.7.151.25 6328 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:43:58.235565 0.000000 udp 10.0.2.109 3683 -> 75.115.140.167 4839 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:44:04.194378 0.174818 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 692 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:44:04.379390 0.000000 udp 10.0.2.109 3683 -> 151.33.58.0 7566 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:44:12.385825 0.000000 udp 10.0.2.109 3683 -> 59.90.162.75 4755 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:44:17.353305 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:44:20.758415 0.000000 udp 10.0.2.109 3683 -> 84.3.25.35 5280 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:44:26.716851 0.000000 udp 10.0.2.109 3683 -> 24.220.144.189 1397 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:44:31.773704 0.000000 udp 10.0.2.109 3683 -> 190.56.16.96 1507 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:44:39.374517 0.000000 udp 10.0.2.109 3683 -> 210.177.188.59 5499 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:44:46.334975 0.000000 udp 10.0.2.109 3683 -> 24.60.228.143 5943 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:44:54.386645 0.000000 udp 10.0.2.109 3683 -> 112.199.101.74 2885 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:45:02.748164 0.000000 udp 10.0.2.109 3683 -> 87.25.87.150 1738 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:45:07.354668 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:45:09.828254 0.000000 udp 10.0.2.109 3683 -> 2.33.3.32 4793 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:45:17.850234 0.000000 udp 10.0.2.109 3683 -> 108.41.47.180 1423 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:45:25.471048 0.000000 udp 10.0.2.109 3683 -> 76.254.6.64 9544 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:45:32.791570 0.000000 udp 10.0.2.109 3683 -> 97.66.167.193 8029 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:45:37.819042 0.000000 udp 10.0.2.109 3683 -> 68.32.55.41 2421 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:45:46.431115 0.000000 udp 10.0.2.109 3683 -> 208.179.43.29 9986 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:45:53.321411 0.280796 udp 10.0.2.109 3683 -> 201.223.243.119 8461 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:45:53.602207 0.000000 icmp 201.223.243.119 0x0303 -> 10.0.2.109 0x0d21 URP 192 1 169 flow=Background 1970/01/01 16:45:57.847584 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:46:01.413029 0.000000 udp 10.0.2.109 3683 -> 118.32.205.13 2303 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:46:09.904863 0.000000 udp 10.0.2.109 3683 -> 99.240.102.190 3025 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:46:16.754851 0.000000 udp 10.0.2.109 3683 -> 180.214.104.163 8538 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:46:23.735201 0.000000 udp 10.0.2.109 3683 -> 108.183.235.58 6440 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:46:31.045005 0.000000 udp 10.0.2.109 3683 -> 79.107.208.47 1395 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:46:39.287533 0.000000 udp 10.0.2.109 3683 -> 69.145.255.178 7236 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:46:42.584835 3.001124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 16:46:43.853686 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:46:44.785116 0.000000 udp 10.0.2.109 3683 -> 165.228.231.212 1931 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:46:49.592166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:46:52.666191 0.000000 udp 10.0.2.109 3683 -> 90.205.75.137 6252 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:46:57.593056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:47:01.098911 0.187473 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 830 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:47:01.304685 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:47:07.237723 0.000000 udp 10.0.2.109 3683 -> 61.93.246.209 7950 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:47:13.596314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:47:15.209120 0.153291 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 713 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:47:15.381865 0.000000 udp 10.0.2.109 3683 -> 121.128.190.211 4317 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:47:23.420849 0.293213 udp 10.0.2.109 3683 <-> 200.83.219.149 3229 CON 0 0 2 688 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:47:23.723792 0.000000 udp 10.0.2.109 3683 -> 202.29.181.25 4531 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:47:28.347647 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:47:28.757967 0.000000 udp 10.0.2.109 3683 -> 182.93.208.197 6220 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:47:34.326002 0.304047 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:47:34.639535 0.369571 udp 10.0.2.109 3683 <-> 103.9.190.80 3130 CON 0 0 2 835 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:47:35.029832 1.740873 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 833 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:47:36.779054 0.000000 udp 10.0.2.109 3683 -> 150.101.182.69 9582 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:47:44.270899 0.000000 udp 10.0.2.109 3683 -> 66.90.222.14 2882 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:47:45.602632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:47:49.377606 0.000000 udp 10.0.2.109 3683 -> 87.170.165.157 9415 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:47:57.369144 0.217012 udp 10.0.2.109 3683 <-> 108.225.48.124 5971 CON 0 0 2 684 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:47:57.595715 0.000000 udp 10.0.2.109 3683 -> 80.153.24.91 3528 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:48:03.428063 0.257979 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:48:03.694942 0.032161 udp 10.0.2.109 3683 <-> 79.227.150.47 2430 CON 0 0 2 811 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:48:03.737105 0.000000 udp 10.0.2.109 3683 -> 84.149.1.23 1317 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:48:12.391382 0.000000 udp 10.0.2.109 3683 -> 81.130.193.143 4442 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:48:17.348146 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:48:19.791819 0.000000 udp 10.0.2.109 3683 -> 67.98.167.35 1115 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:48:27.362738 0.000000 udp 10.0.2.109 3683 -> 186.162.50.240 2198 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:48:34.993895 0.205027 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:48:35.214411 0.000000 udp 10.0.2.109 3683 -> 195.151.244.93 9484 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:48:43.845954 0.000000 udp 10.0.2.109 3683 -> 95.33.62.121 8932 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:48:50.856337 0.000000 udp 10.0.2.109 3683 -> 184.62.16.95 7280 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:48:57.926540 0.000000 udp 10.0.2.109 3683 -> 108.18.197.40 7737 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:49:02.853487 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:49:05.447625 0.235952 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 679 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:49:05.692417 0.131024 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 737 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:49:05.832844 0.000000 udp 10.0.2.109 3683 -> 87.4.16.92 6545 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:49:14.590345 0.145050 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 748 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:49:14.754846 0.000000 udp 10.0.2.109 3683 -> 24.161.35.53 4282 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:49:20.298750 0.000000 udp 10.0.2.109 3683 -> 219.92.81.110 1614 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:49:28.290466 0.000000 udp 10.0.2.109 3683 -> 61.45.36.149 7569 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:49:35.500904 0.201859 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 788 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:49:35.712926 0.000000 udp 10.0.2.109 3683 -> 75.150.112.38 9351 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:49:41.920170 0.340149 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 684 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:49:42.268774 0.000000 udp 10.0.2.109 3683 -> 218.185.225.84 1427 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:49:48.589730 0.000000 udp 10.0.2.109 3683 -> 173.225.48.186 9056 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:49:53.346015 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:49:57.222652 0.202157 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 737 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:49:57.564502 0.000000 udp 10.0.2.109 3683 -> 79.59.196.134 1990 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:50:04.352296 0.000000 udp 10.0.2.109 3683 -> 69.234.20.39 7606 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:50:09.649764 0.040177 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 734 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:50:09.705205 0.000000 udp 10.0.2.109 3683 -> 180.62.94.215 9370 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:50:15.397861 0.000000 udp 10.0.2.109 3683 -> 130.25.46.185 6523 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:50:23.189287 0.000000 udp 10.0.2.109 3683 -> 37.106.72.241 5218 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:50:29.638294 0.038888 udp 10.0.2.109 3683 <-> 81.133.39.250 2793 CON 0 0 2 800 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:50:29.690763 0.298730 udp 10.0.2.109 3683 <-> 99.187.238.142 9919 CON 0 0 2 674 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:50:30.007523 0.000000 udp 10.0.2.109 3683 -> 151.29.158.246 1023 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:50:38.401258 0.000000 udp 10.0.2.109 3683 -> 66.196.207.90 9944 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:50:43.347949 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:50:43.728412 0.000000 udp 10.0.2.109 3683 -> 216.20.151.84 2298 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:50:50.638352 0.000000 udp 10.0.2.109 3683 -> 125.236.202.235 1427 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:50:58.369851 0.000000 udp 10.0.2.109 3683 -> 71.218.25.55 9315 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:51:07.172560 0.000000 udp 10.0.2.109 3683 -> 84.45.78.38 1317 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:51:13.981946 0.000000 udp 10.0.2.109 3683 -> 69.15.41.105 7910 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:51:19.991195 0.000000 udp 10.0.2.109 3683 -> 66.18.160.252 9223 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:51:26.690072 0.299498 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 851 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:51:27.010195 0.085089 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 790 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:51:27.106605 0.155061 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:51:27.270813 0.190158 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 729 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:51:27.480531 0.000000 udp 10.0.2.109 3683 -> 210.215.149.200 8061 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:51:31.347183 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:51:34.912594 0.000000 udp 10.0.2.109 3683 -> 108.211.113.229 3414 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:51:42.482786 0.000000 udp 10.0.2.109 3683 -> 201.164.38.37 2103 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:51:51.245754 0.000000 udp 10.0.2.109 3683 -> 60.225.165.147 6710 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:51:56.673637 0.000000 udp 10.0.2.109 3683 -> 222.128.199.6 3952 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:04.133962 0.000000 udp 10.0.2.109 3683 -> 74.210.196.231 5705 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:10.654039 0.000000 udp 10.0.2.109 3683 -> 118.137.51.58 2243 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:16.682592 0.000000 udp 10.0.2.109 3683 -> 168.93.173.106 5526 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:21.348850 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 16:52:23.041329 0.000000 udp 10.0.2.109 3683 -> 193.252.35.153 1992 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:28.940454 0.000000 udp 10.0.2.109 3683 -> 110.33.110.159 1337 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:34.257564 0.000000 udp 10.0.2.109 3683 -> 108.18.182.232 2561 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:39.635674 0.235224 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 669 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:52:39.880437 0.000000 udp 10.0.2.109 3683 -> 88.76.249.251 2679 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:45.022907 0.000000 udp 10.0.2.109 3683 -> 217.91.253.138 3165 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:52.373269 0.000000 udp 10.0.2.109 3683 -> 88.87.114.148 4253 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 16:52:58.181815 0.194136 udp 10.0.2.109 3683 <-> 98.81.114.227 2218 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/01/01 16:53:49.608409 3.001748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 16:53:56.615787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:54:04.617330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:54:20.620432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 16:54:52.626393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:00:56.631735 3.002091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 17:01:03.639613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:01:11.641035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:01:27.644692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:01:59.650191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:04:50.085790 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 17:04:50.085889 0.367824 tcp 10.0.2.109 49342 -> 176.73.166.24 5576 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:08:03.656206 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 17:08:10.663797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:08:18.665407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:08:34.668410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:09:06.674574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:15:10.680407 3.001232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 17:15:17.687708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:15:25.689346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:15:41.691904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:16:13.697979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:22:17.704135 3.001713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 17:22:24.711385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:22:32.712877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:22:48.716566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:23:07.513525 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 17:23:07.513665 0.180812 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:07.694837 0.152183 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:07.847388 0.147210 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:07.994946 0.161572 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:08.156897 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 17:23:20.721898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:23:24.009360 0.045449 tcp 10.0.2.109 49343 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:23:24.055093 0.083358 tcp 10.0.2.109 49344 -> 195.113.214.222 80 SRPA* 0 0 19 14665 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:23:24.138998 0.000000 udp 10.0.2.109 3683 -> 108.83.11.64 5529 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 17:23:40.772886 0.044395 tcp 10.0.2.109 49345 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:23:40.817515 0.045879 tcp 10.0.2.109 49346 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:23:40.863623 0.137877 tcp 10.0.2.109 49347 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:23:41.002086 0.134232 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:41.136695 0.147111 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:41.284176 0.223296 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:41.507885 0.102372 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:41.610673 0.165321 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:41.776418 0.157589 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:41.934557 0.066862 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:42.001781 0.334031 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:42.336125 0.077189 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:42.413733 0.260871 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:42.675009 0.166019 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:42.841409 0.157549 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:42.999337 0.067903 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:43.067646 0.143421 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:43.211484 0.149095 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:43.360947 0.189543 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:43.550898 0.217953 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:43.769192 0.302599 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:44.072204 0.157062 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:44.229636 0.191480 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:44.421537 0.152533 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:44.574510 0.297876 udp 10.0.2.109 3683 <-> 200.83.219.149 3229 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:44.872794 0.307949 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:23:45.181123 0.000000 udp 10.0.2.109 3683 -> 103.9.190.80 3130 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 17:24:01.552208 0.045014 tcp 10.0.2.109 49348 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:24:01.597433 0.081406 tcp 10.0.2.109 49349 -> 195.113.214.222 80 SRPA* 0 0 30 19635 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:24:01.679365 0.376402 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:02.056148 0.206562 udp 10.0.2.109 3683 <-> 108.225.48.124 5971 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:02.263112 0.028786 udp 10.0.2.109 3683 <-> 79.227.150.47 2430 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:02.292211 0.259071 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:02.551660 0.196787 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:02.748810 0.130741 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:02.879951 0.180455 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:03.060822 0.135448 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:03.196671 0.185089 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:03.382121 0.335389 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:03.717858 0.229052 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:03.947298 0.039651 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:03.987306 0.204304 udp 10.0.2.109 3683 <-> 99.187.238.142 9919 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:04.191980 0.038388 udp 10.0.2.109 3683 <-> 81.133.39.250 2793 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:04.230734 0.292562 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:04.523710 0.083889 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:04.607944 0.187228 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:04.795693 0.149564 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:04.945651 0.231548 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:24:05.177631 0.182319 udp 10.0.2.109 3683 <-> 98.81.114.227 2218 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:29:24.727855 3.002470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 17:29:31.735784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:29:39.737287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:29:55.740028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:30:27.746176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:34:50.454405 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 17:34:50.454605 0.351363 tcp 10.0.2.109 49350 -> 176.73.166.24 5576 FSPA* 0 0 14 1519 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:36:31.752539 3.001046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 17:36:38.759284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:36:46.761193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:37:02.763935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:37:34.770259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:43:38.775594 3.001983 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 17:43:45.783861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:43:53.785405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:44:09.788328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:44:41.794169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:50:46.270261 3.002236 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 17:50:53.278233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:51:01.279935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:51:17.282950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:51:49.288941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:54:10.311974 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 17:54:10.312173 0.023944 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:10.336520 0.000000 udp 10.0.2.109 3683 -> 108.83.11.64 5529 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 17:54:26.717371 0.046895 tcp 10.0.2.109 49351 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:54:26.764501 0.046073 tcp 10.0.2.109 49352 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:54:26.810835 0.160538 tcp 10.0.2.109 49353 -> 195.113.214.222 443 SRPA* 0 0 35 19224 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:54:26.972069 0.000000 udp 10.0.2.109 3683 -> 103.9.190.80 3130 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 17:54:45.603154 0.044720 tcp 10.0.2.109 49354 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:54:45.648134 0.046051 tcp 10.0.2.109 49355 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:54:45.694424 0.130954 tcp 10.0.2.109 49356 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:54:45.825926 0.147219 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:45.973551 0.152177 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:46.126083 0.184575 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:46.311019 0.160346 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:46.471749 0.144551 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:46.616697 0.222733 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:46.839782 0.102188 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:46.942378 0.165187 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:47.107914 0.156256 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:47.264576 0.059417 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:47.324374 0.134976 udp 10.0.2.109 3683 <-> 74.103.10.180 6864 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:47.459752 0.231397 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:47.691555 0.166530 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:47.858468 0.172600 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:48.031424 0.074022 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:48.105864 0.334639 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:48.440857 0.143941 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:48.585211 0.153016 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:48.738601 0.181280 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:48.920288 0.202783 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:49.123517 0.071277 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:49.195193 0.192598 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:49.388165 0.154503 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:54:49.543102 0.000000 udp 10.0.2.109 3683 -> 200.83.219.149 3229 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 17:55:06.262787 0.045141 tcp 10.0.2.109 49357 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:55:06.308209 0.045757 tcp 10.0.2.109 49358 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:55:06.354444 0.132499 tcp 10.0.2.109 49359 -> 195.113.214.222 443 SRPA* 0 0 32 17642 flow=From-Botnet-V1-TCP-Established 1970/01/01 17:55:06.487645 0.301455 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:06.789495 0.165538 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:06.955430 0.321555 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:07.277366 0.029383 udp 10.0.2.109 3683 <-> 79.227.150.47 2430 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:07.307138 0.252843 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:07.560364 0.195988 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:07.756745 0.151998 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:07.909115 0.216702 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:08.126242 0.205442 udp 10.0.2.109 3683 <-> 108.225.48.124 5971 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:08.332106 0.180969 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:08.513480 0.136774 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 592 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:08.650682 0.288453 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:08.939531 0.336429 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:09.276303 0.196845 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:09.473554 0.039922 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:09.513859 0.289108 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:09.803377 0.083587 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:09.887410 0.187319 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:10.075154 0.147312 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:10.222841 0.200841 udp 10.0.2.109 3683 <-> 99.187.238.142 9919 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:10.424018 0.038319 udp 10.0.2.109 3683 <-> 81.133.39.250 2793 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:10.462688 0.231488 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:55:10.694534 0.184243 udp 10.0.2.109 3683 <-> 98.81.114.227 2218 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/01 17:57:53.294287 3.002542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 17:58:00.302530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:58:08.303625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:58:24.306927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 17:58:56.312635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:04:51.043094 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 18:04:51.043284 2.993937 tcp 10.0.2.109 49360 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:05:00.035319 0.000000 tcp 10.0.2.109 49360 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:05:00.319678 3.000886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 18:05:06.046801 0.046040 tcp 10.0.2.109 49361 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:06.093045 0.046811 tcp 10.0.2.109 49362 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:06.140240 0.135848 tcp 10.0.2.109 49363 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:06.295563 3.003464 tcp 10.0.2.109 49364 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:05:07.325967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:05:15.297702 0.000000 tcp 10.0.2.109 49364 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:05:15.327885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:05:21.297479 0.069874 tcp 10.0.2.109 49365 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:21.367674 0.142178 tcp 10.0.2.109 49366 -> 195.113.214.222 80 SRPA* 0 0 33 21258 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:21.548209 3.002847 tcp 10.0.2.109 49367 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:05:30.549315 0.000000 tcp 10.0.2.109 49367 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:05:31.330695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:05:36.548944 0.074937 tcp 10.0.2.109 49368 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:36.624133 0.069521 tcp 10.0.2.109 49369 -> 195.113.214.222 80 FSPA* 0 0 10 1917 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:36.693955 0.132402 tcp 10.0.2.109 49370 -> 195.113.214.222 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:36.837869 3.005377 tcp 10.0.2.109 49371 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:05:45.841249 0.000000 tcp 10.0.2.109 49371 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:05:51.831128 0.070769 tcp 10.0.2.109 49372 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:51.902150 0.099423 tcp 10.0.2.109 49373 -> 195.113.214.222 80 SRPA* 0 0 20 13417 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:05:52.028328 2.996617 tcp 10.0.2.109 49374 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:06:01.033575 0.000000 tcp 10.0.2.109 49374 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:06:03.336554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:06:07.022052 2.994081 tcp 10.0.2.109 49375 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:06:16.015311 0.000000 tcp 10.0.2.109 49375 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:06:22.023861 2.993945 tcp 10.0.2.109 49376 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:06:31.016171 0.000000 tcp 10.0.2.109 49376 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:06:37.025494 3.003688 tcp 10.0.2.109 49377 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:06:41.581782 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 18:06:46.027752 0.000000 tcp 10.0.2.109 49377 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:11:52.028635 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 18:11:52.028841 3.003162 tcp 10.0.2.109 49378 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:12:01.030995 0.000000 tcp 10.0.2.109 49378 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:12:07.032083 0.041829 tcp 10.0.2.109 49379 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:07.074383 0.042205 tcp 10.0.2.109 49380 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:07.116926 0.137741 tcp 10.0.2.109 49381 -> 195.113.214.222 443 SRPA* 0 0 39 28398 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:07.274292 2.999612 tcp 10.0.2.109 49382 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:12:07.342311 3.001765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 18:12:14.349969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:12:16.282566 0.000000 tcp 10.0.2.109 49382 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:12:22.272601 0.064159 tcp 10.0.2.109 49383 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:22.337073 0.083486 tcp 10.0.2.109 49384 -> 195.113.214.222 80 SRPA* 0 0 20 14767 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:22.351703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:12:22.430395 2.995632 tcp 10.0.2.109 49385 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:12:31.424457 0.000000 tcp 10.0.2.109 49385 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:12:37.424422 0.041372 tcp 10.0.2.109 49386 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:37.466007 0.041750 tcp 10.0.2.109 49387 -> 195.113.214.222 80 FSPA* 0 0 10 1917 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:37.508039 0.135791 tcp 10.0.2.109 49388 -> 195.113.214.222 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:37.686772 3.000959 tcp 10.0.2.109 49389 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:12:38.354792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:12:46.686831 0.000000 tcp 10.0.2.109 49389 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:12:52.686340 0.042790 tcp 10.0.2.109 49390 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:52.729361 0.040986 tcp 10.0.2.109 49391 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:52.770605 0.135915 tcp 10.0.2.109 49392 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:12:52.916041 3.004099 tcp 10.0.2.109 49393 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:13:01.918150 0.000000 tcp 10.0.2.109 49393 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:13:07.917150 3.003944 tcp 10.0.2.109 49394 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:13:10.360981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:13:16.919718 0.000000 tcp 10.0.2.109 49394 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:13:22.918961 3.004174 tcp 10.0.2.109 49395 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:13:31.921662 0.000000 tcp 10.0.2.109 49395 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:13:37.920416 2.994141 tcp 10.0.2.109 49396 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:13:42.576581 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 18:13:46.923056 0.000000 tcp 10.0.2.109 49396 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:18:52.923834 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 18:18:52.923924 3.003756 tcp 10.0.2.109 49397 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:19:01.926309 0.000000 tcp 10.0.2.109 49397 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:19:07.926897 0.041311 tcp 10.0.2.109 49398 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:19:07.968440 0.077114 tcp 10.0.2.109 49399 -> 195.113.214.222 80 SRPA* 0 0 20 14732 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:19:08.059271 2.999654 tcp 10.0.2.109 49400 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:19:14.366448 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 18:19:17.058247 0.000000 tcp 10.0.2.109 49400 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:19:21.373976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:19:23.058291 0.043721 tcp 10.0.2.109 49401 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:19:23.102307 0.083270 tcp 10.0.2.109 49402 -> 195.113.214.222 80 SRPA* 0 0 19 14720 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:19:23.216524 3.004234 tcp 10.0.2.109 49403 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:19:29.375376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:19:32.219696 0.000000 tcp 10.0.2.109 49403 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:19:38.219552 0.041651 tcp 10.0.2.109 49404 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:19:38.261493 0.046419 tcp 10.0.2.109 49405 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:19:38.308164 0.136540 tcp 10.0.2.109 49406 -> 195.113.214.222 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:19:38.456966 3.005920 tcp 10.0.2.109 49407 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:19:45.378984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:19:47.461722 0.000000 tcp 10.0.2.109 49407 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:19:53.451765 0.043002 tcp 10.0.2.109 49408 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:19:53.495023 0.078455 tcp 10.0.2.109 49409 -> 195.113.214.222 80 SRPA* 0 0 20 14735 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:19:53.594863 2.999716 tcp 10.0.2.109 49410 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:20:02.603151 0.000000 tcp 10.0.2.109 49410 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:20:08.592217 2.994075 tcp 10.0.2.109 49411 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:20:17.384932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:20:17.584541 0.000000 tcp 10.0.2.109 49411 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:20:23.594034 2.993683 tcp 10.0.2.109 49412 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:20:32.586285 0.000000 tcp 10.0.2.109 49412 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:20:37.583450 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 18:20:38.595007 3.004453 tcp 10.0.2.109 49413 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:20:47.597797 0.000000 tcp 10.0.2.109 49413 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:25:26.048524 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 18:25:26.048670 0.000000 udp 10.0.2.109 3683 -> 200.83.219.149 3229 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 18:25:44.117312 0.045461 tcp 10.0.2.109 49414 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:25:44.163100 0.044141 tcp 10.0.2.109 49415 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:25:44.207499 0.152251 tcp 10.0.2.109 49416 -> 195.113.214.222 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:25:44.359986 0.044264 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:25:44.383590 0.225531 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:25:44.558059 0.182994 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:25:44.712760 0.149958 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:25:44.859879 0.235420 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:25:45.084558 0.155735 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:25:45.232991 0.164818 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:25:45.433005 0.175367 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:25:45.591832 0.074407 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:25:45.650208 0.000000 udp 10.0.2.109 3683 -> 74.103.10.180 6864 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 18:25:53.598849 3.003812 tcp 10.0.2.109 49417 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:26:01.510813 0.045403 tcp 10.0.2.109 49418 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:26:01.556421 0.045394 tcp 10.0.2.109 49419 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:26:01.602228 0.136116 tcp 10.0.2.109 49420 -> 195.113.214.222 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:26:01.738659 0.222961 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:01.966995 0.136666 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:02.068189 0.170769 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:02.240380 0.085144 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:02.316498 0.338303 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:02.601350 0.000000 tcp 10.0.2.109 49417 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/01 18:26:02.664488 0.165858 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:02.808379 0.154001 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 6 1946 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:02.963841 0.174764 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:03.131561 0.180557 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:03.305254 0.081964 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:03.372879 0.197664 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:03.571661 0.167271 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:03.731173 0.214811 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:03.939242 0.184617 rtp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:04.120212 0.304168 rtp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:04.425834 0.317342 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:04.744847 0.045119 udp 10.0.2.109 3683 <-> 79.227.150.47 2430 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:04.778805 0.298796 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:05.037695 0.229503 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:05.237901 0.181632 rtp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:05.397835 3.100171 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 5 1715 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:08.139472 0.222008 udp 10.0.2.109 3683 <-> 108.225.48.124 5971 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:08.357310 0.181383 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:08.535384 0.140077 rtp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:08.600760 0.044088 tcp 10.0.2.109 49421 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:26:08.645086 0.048193 tcp 10.0.2.109 49422 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:26:08.673579 0.131869 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:08.693591 0.136238 tcp 10.0.2.109 49423 -> 195.113.214.222 443 SRPA* 0 0 21 11368 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:26:08.852765 0.251947 rtp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:08.862276 2.371174 tcp 10.0.2.109 49424 -> 211.38.175.27 4598 FSPA* 0 0 14 1685 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:26:09.045022 0.379282 rtp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:09.672342 0.224031 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 6 2047 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:11.281732 0.049401 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:11.355234 0.326364 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:11.646465 0.210692 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:11.944707 0.234319 udp 10.0.2.109 3683 <-> 99.187.238.142 9919 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:12.155079 0.000000 udp 10.0.2.109 3683 -> 81.133.39.250 2793 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 18:26:21.390468 3.001646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 18:26:28.397762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:26:30.652655 0.046685 tcp 10.0.2.109 49425 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:26:30.699586 0.083703 tcp 10.0.2.109 49426 -> 195.113.214.222 80 SRPA* 0 0 20 14753 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:26:30.783854 0.263824 rtp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:31.026592 0.102658 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:31.111188 0.192202 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:31.300736 0.253119 rtp 10.0.2.109 3683 <-> 98.81.114.227 2218 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:26:36.399411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:26:52.402612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:27:24.408569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:33:28.414168 3.002022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 18:33:35.421782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:33:43.423676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:33:59.426827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:34:31.432563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:40:35.437741 3.002275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 18:40:42.446880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:40:50.447995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:41:06.451028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:41:38.456559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:47:42.461854 3.002134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 18:47:49.469669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:47:57.471341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:48:13.474360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:48:45.480416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:54:49.487051 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 18:54:56.493797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:55:04.495470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:55:20.498106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:55:52.504628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 18:56:11.241609 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 18:56:11.241783 2.019914 tcp 10.0.2.109 49427 -> 211.38.175.27 4598 FSPA* 0 0 14 1532 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:56:57.788617 0.000000 udp 10.0.2.109 3683 -> 74.103.10.180 6864 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 18:57:02.575558 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 18:57:14.675064 0.044770 tcp 10.0.2.109 49428 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:57:14.720092 0.046334 tcp 10.0.2.109 49429 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:57:14.766658 0.136858 tcp 10.0.2.109 49430 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:57:14.904203 0.000000 udp 10.0.2.109 3683 -> 81.133.39.250 2793 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 18:57:31.248631 0.040047 tcp 10.0.2.109 49431 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:57:31.288985 0.048141 tcp 10.0.2.109 49432 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:57:31.337361 0.134953 tcp 10.0.2.109 49433 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:57:31.473012 0.000000 udp 10.0.2.109 3683 -> 216.197.212.119 7692 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 18:57:49.403464 0.044990 tcp 10.0.2.109 49434 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:57:49.448781 0.042775 tcp 10.0.2.109 49435 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:57:49.491808 0.138621 tcp 10.0.2.109 49436 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:57:49.631052 0.179354 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:49.810829 0.024004 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:49.835201 0.147195 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:49.982851 0.152981 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:50.136226 0.157152 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:50.293720 0.054021 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:50.348120 0.213663 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:50.562304 0.143277 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:50.705928 0.167377 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:50.873659 0.074959 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:50.949006 0.217050 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:51.166456 0.103234 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:51.270241 0.142206 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:51.412835 0.336607 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:51.749822 0.169949 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:51.920111 0.068402 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:51.988903 0.186366 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:52.175911 0.160388 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:52.336693 0.151418 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:52.488491 0.183333 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:52.672407 0.302989 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:52.975750 0.308810 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:53.285150 0.028413 udp 10.0.2.109 3683 <-> 79.227.150.47 2430 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:53.313929 0.201541 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:53.515856 0.184828 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:53.701283 0.171331 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:53.873008 0.257266 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:54.130692 0.200099 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:54.331256 0.183210 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:54.514860 0.149394 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:54.664615 1.109222 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:55.774231 0.137588 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:57:55.912172 0.000000 udp 10.0.2.109 3683 -> 108.225.48.124 5971 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 18:58:14.039014 0.044903 tcp 10.0.2.109 49437 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:58:14.084158 0.077325 tcp 10.0.2.109 49438 -> 195.113.214.222 80 SRPA* 0 0 20 14767 flow=From-Botnet-V1-TCP-Established 1970/01/01 18:58:14.161971 0.336369 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:14.498798 0.187592 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:14.686790 0.039813 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:14.726941 0.195026 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:14.922463 0.290591 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:15.213410 0.146544 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:15.360323 0.206623 udp 10.0.2.109 3683 <-> 99.187.238.142 9919 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:15.567297 0.186869 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:15.754570 0.176338 udp 10.0.2.109 3683 <-> 98.81.114.227 2218 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:15.931253 0.231281 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/01 18:58:16.162921 0.083870 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:01:56.510379 3.001589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 19:02:03.518061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:02:11.519688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:02:27.522834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:02:59.528865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:09:03.534424 3.001815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 19:09:10.541796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:09:18.543342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:09:34.546655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:10:06.552431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:16:10.559028 3.001056 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 19:16:17.566102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:16:25.567756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:16:41.570106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:17:13.576032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:23:17.582019 3.001894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 19:23:24.589604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:23:32.591650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:23:48.594459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:24:20.599969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:26:13.262807 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 19:26:13.262984 2.065777 tcp 10.0.2.109 49439 -> 211.38.175.27 4598 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/01/01 19:28:21.917661 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 19:28:21.917891 0.163049 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:22.081359 0.000000 udp 10.0.2.109 3683 -> 108.225.48.124 5971 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 19:28:38.092869 0.045505 tcp 10.0.2.109 49440 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 19:28:38.138646 0.085868 tcp 10.0.2.109 49441 -> 195.113.214.222 80 SRPA* 0 0 38 22981 flow=From-Botnet-V1-TCP-Established 1970/01/01 19:28:38.224745 0.177254 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:38.402422 0.055893 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:38.458698 0.151599 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:38.610688 0.156710 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:38.767781 0.057378 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:38.825580 0.223124 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:39.049080 0.147460 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:39.196927 0.142902 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:39.340359 0.215401 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:39.556173 0.107270 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:39.663831 0.163434 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:39.827619 0.075545 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:39.903580 0.332769 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:40.236710 0.142258 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:40.379405 0.194366 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:40.574381 0.152103 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:40.726850 0.149859 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:40.877071 0.165616 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:41.043104 0.172899 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:41.216404 0.070345 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:41.287207 0.029082 udp 10.0.2.109 3683 <-> 79.227.150.47 2430 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:41.316673 0.201526 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:41.518595 0.196167 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:41.715188 0.303941 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:42.019486 0.314223 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:42.334056 0.182317 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:42.516733 0.136235 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:42.653329 0.170111 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:42.823870 0.255960 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:43.080220 0.196906 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:43.277501 0.378280 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:43.656146 0.152060 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:43.808598 0.334477 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:44.143460 0.188099 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:44.332007 0.040010 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:44.372420 0.148492 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:28:44.521315 0.000000 udp 10.0.2.109 3683 -> 99.187.238.142 9919 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 19:29:02.587332 0.044194 tcp 10.0.2.109 49442 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 19:29:02.631832 0.047100 tcp 10.0.2.109 49443 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 19:29:02.679259 0.138326 tcp 10.0.2.109 49444 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 19:29:02.818296 0.186477 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:29:03.005181 0.200260 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:29:03.205841 0.292448 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:29:03.498690 0.084382 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:29:03.583419 0.000000 udp 10.0.2.109 3683 -> 98.81.114.227 2218 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 19:29:21.954802 0.046658 tcp 10.0.2.109 49445 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 19:29:22.001784 0.087565 tcp 10.0.2.109 49446 -> 195.113.214.222 80 SRPA* 0 0 20 14744 flow=From-Botnet-V1-TCP-Established 1970/01/01 19:29:22.089829 0.231409 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/01 19:30:24.607188 3.001084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 19:30:31.613958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:30:39.615259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:30:55.618100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:31:27.624186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:37:31.630691 3.000933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 19:37:38.637920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:37:46.639033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:38:02.642080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:38:34.648044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:44:38.653475 3.002305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 19:44:45.661676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:44:53.663378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:45:09.666507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:45:41.672105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:51:45.678407 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 19:51:52.685702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:52:00.687311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:52:16.690563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:52:48.696065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:56:15.333526 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 19:56:15.333668 1.927486 tcp 10.0.2.109 49447 -> 211.38.175.27 4598 FSPA* 0 0 15 1670 flow=From-Botnet-V1-TCP-Established 1970/01/01 19:58:52.701902 3.001600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 19:58:59.709629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:59:07.710983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:59:23.714424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 19:59:52.205542 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 19:59:52.205688 0.244870 udp 10.0.2.109 3683 -> 99.187.238.142 9919 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 19:59:52.450558 0.000000 icmp 99.187.238.142 0x0303 -> 10.0.2.109 0xbf26 URP 192 1 216 flow=Background 1970/01/01 19:59:55.720020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:00:10.433560 0.045298 tcp 10.0.2.109 49448 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 20:00:10.479081 0.045765 tcp 10.0.2.109 49449 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 20:00:10.525136 0.137451 tcp 10.0.2.109 49450 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/01 20:00:10.663323 0.000000 udp 10.0.2.109 3683 -> 98.81.114.227 2218 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 20:00:26.875961 0.045894 tcp 10.0.2.109 49451 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 20:00:26.922306 0.045492 tcp 10.0.2.109 49452 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 20:00:26.968059 0.136082 tcp 10.0.2.109 49453 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 20:00:27.104704 0.150632 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:27.321082 0.157176 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:27.478680 0.058661 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:27.537702 0.245289 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:27.783367 0.177153 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:27.960929 0.150711 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:28.112004 0.142934 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:28.255327 0.234803 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:28.490480 0.148341 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:28.639241 0.166227 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:28.805816 0.213445 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:29.019615 0.103493 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:29.123476 0.153464 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:29.277280 0.142312 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:29.420010 0.074909 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:29.495300 0.336412 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:29.832081 0.185930 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:30.018616 0.066990 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:30.086010 0.028780 udp 10.0.2.109 3683 <-> 79.227.150.47 2430 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:30.115121 0.212243 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:30.327722 0.190750 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:30.518949 0.150721 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:30.670081 0.169568 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:30.840073 0.168209 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:31.008656 0.179284 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:31.188311 0.142086 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:31.330804 0.239542 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:31.570765 0.311045 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:31.882200 0.300264 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:32.182854 0.138018 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:32.321327 0.260425 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:32.582110 1.436495 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:34.018993 0.198652 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:34.218196 0.147732 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:34.366323 0.039705 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:34.406392 0.190960 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:34.597728 0.337261 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:34.935342 0.085009 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:35.020766 0.186494 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:35.207612 0.201176 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:35.409197 0.285449 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:00:35.695049 0.241178 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:05:59.726443 3.001611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 20:06:06.733517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:06:14.735313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:06:30.738331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:07:02.743777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:13:06.749842 3.002065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 20:13:13.757450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:13:21.759046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:13:37.762305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:14:09.767800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:20:13.773548 3.002300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 20:20:20.781384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:20:28.782911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:20:44.785682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:21:16.792363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:26:17.264442 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 20:26:17.264523 2.041360 tcp 10.0.2.109 49454 -> 211.38.175.27 4598 FSPA* 0 0 14 1508 flow=From-Botnet-V1-TCP-Established 1970/01/01 20:27:20.797554 3.001933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 20:27:27.805370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:27:35.806851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:27:51.809665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:28:23.815865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:30:43.897632 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 20:30:43.897739 0.048922 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:43.947055 0.046079 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:43.993589 0.154143 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:44.148070 0.666266 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:44.814761 0.177620 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:44.992797 0.152543 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:45.145692 0.143315 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:45.289396 0.273957 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:45.563697 0.147156 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:45.711227 0.164499 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:45.876113 0.152688 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:46.029150 0.144322 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:46.173844 0.091858 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:46.266253 0.332253 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:46.598925 0.214541 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:46.813873 0.104045 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:46.918363 0.185465 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:47.104203 0.066950 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:47.171547 0.028594 udp 10.0.2.109 3683 <-> 79.227.150.47 2430 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:47.200488 0.210120 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:47.411021 0.177510 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:47.588945 0.150688 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:47.740033 0.172776 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:47.913217 0.143415 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:48.057041 0.158704 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:48.216152 0.174260 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:48.390846 0.190333 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:48.581592 0.145255 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:48.727240 0.267798 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:48.995448 0.328633 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:49.324483 0.303531 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:49.628391 0.957051 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:50.585806 0.198921 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:50.785120 0.143629 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:50.929131 0.040199 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:50.969716 0.192587 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:51.162667 0.186988 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:51.350053 0.195712 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:51.546367 0.283382 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:51.830206 0.335923 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:52.166549 0.081962 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:30:52.248884 0.231573 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/01 20:34:27.821913 3.002072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 20:34:34.829151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:34:42.830614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:34:58.834219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:35:30.839975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:41:34.846558 3.001100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 20:41:41.853359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:41:49.855341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:42:05.858336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:42:37.863934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:48:41.869266 3.002539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 20:48:48.877647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:48:56.878862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:49:12.881527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:49:44.888213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:55:48.893725 3.001816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 20:55:55.901365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:56:03.902934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:56:19.305350 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 20:56:19.305536 1.931215 tcp 10.0.2.109 49455 -> 211.38.175.27 4598 FSPA* 0 0 14 1512 flow=From-Botnet-V1-TCP-Established 1970/01/01 20:56:19.905479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 20:56:51.911780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:01:22.270947 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 21:01:22.271086 0.149382 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:22.420887 0.156425 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:22.577722 0.061122 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:22.639242 0.258456 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:22.898088 0.180098 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:23.078614 0.152179 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:23.231192 0.142729 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:23.374324 0.212511 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:23.587247 0.146696 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:23.734329 0.143042 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:23.877765 0.073612 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:23.951710 0.334904 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:24.287026 0.221020 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:24.508460 0.162613 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:24.671474 0.152440 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:24.824364 0.104639 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:24.929423 0.184314 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:25.114178 0.069797 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:25.184380 0.000000 udp 10.0.2.109 3683 -> 79.227.150.47 2430 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 21:01:42.852152 0.045581 tcp 10.0.2.109 49456 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 21:01:42.898009 0.045825 tcp 10.0.2.109 49457 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 21:01:42.944143 0.134566 tcp 10.0.2.109 49458 -> 195.113.214.222 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/01 21:01:43.079518 0.288380 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:43.368321 0.186693 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:43.555414 0.152878 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:43.708657 0.172890 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:43.881933 0.144649 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:44.026981 0.156287 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:44.183677 0.169042 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:44.353102 0.238985 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:44.592454 0.137859 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:44.730659 0.302033 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:45.033192 0.251259 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:45.284822 0.302780 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:45.588012 1.156487 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:46.744918 0.197375 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:46.942697 0.396256 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:47.339328 0.039619 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:47.379352 0.192184 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:47.571873 0.187403 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:47.759642 0.197843 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:47.957834 0.281883 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:48.240088 0.232058 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:48.472531 0.335196 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:01:48.808141 0.086626 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:02:55.917742 3.001778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 21:03:02.925463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:03:10.927003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:03:26.929766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:03:58.935737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:10:02.941829 3.001695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 21:10:09.949497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:10:17.950715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:10:33.953712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:11:05.959928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:17:09.965596 3.001761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 21:17:16.973447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:17:24.974889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:17:40.977717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:18:12.983441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:24:16.989749 3.001609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 21:24:23.996953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:24:31.999007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:24:48.001987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:25:20.007825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:26:21.236250 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 21:26:21.236418 1.978038 tcp 10.0.2.109 49459 -> 211.38.175.27 4598 FSPA* 0 0 14 1732 flow=From-Botnet-V1-TCP-Established 1970/01/01 21:31:24.013128 3.002287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 21:31:31.020968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:31:39.022781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:31:55.025910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:32:16.246810 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 21:32:16.246913 0.000000 udp 10.0.2.109 3683 -> 79.227.150.47 2430 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 21:32:27.031909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:32:32.932480 0.046102 tcp 10.0.2.109 49460 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 21:32:32.978854 0.046501 tcp 10.0.2.109 49461 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 21:32:33.025605 0.143338 tcp 10.0.2.109 49462 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/01 21:32:33.169563 0.058714 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:33.228642 0.151616 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:33.380741 0.165874 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:33.547014 0.152993 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:33.700408 0.142533 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:33.843284 0.209453 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:34.053136 0.146093 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:34.199615 0.076300 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:34.276320 0.180243 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:34.456988 0.075829 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:34.533209 0.277181 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:34.810779 0.224202 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:35.035361 0.163308 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:35.199056 0.153679 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:35.353144 0.146048 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:35.499564 0.196393 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:35.696373 0.104287 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:35.801074 0.074494 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:35.875957 0.201979 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:36.078484 0.183010 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:36.261921 0.152153 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:36.414562 0.159526 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:36.574449 0.142660 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:36.717498 0.165543 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:36.883376 0.173992 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:37.057799 0.180730 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:37.238973 0.137790 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:37.377094 0.310519 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:37.687973 0.301750 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:37.990101 0.283810 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:38.274490 1.502566 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:39.777678 0.198509 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:39.976599 0.322326 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:40.299370 0.040184 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:40.339931 0.190343 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:40.530652 0.187663 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:40.718684 0.232898 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:40.951991 0.333383 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:41.285740 0.194248 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:41.480402 0.281815 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:32:41.762582 0.086437 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/01 21:38:31.037356 3.002223 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 21:38:38.045125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:38:46.046281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:39:02.049675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:39:34.055343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:45:38.061501 3.002110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 21:45:45.069671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:45:53.071057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:46:09.073534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:46:41.079880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:52:45.085017 3.001940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 21:52:52.093167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:53:00.094482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:53:16.097810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:53:48.103509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 21:56:23.217371 0.000124 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 21:56:23.217588 1.952652 tcp 10.0.2.109 49463 -> 211.38.175.27 4598 FSPA* 0 0 14 1586 flow=From-Botnet-V1-TCP-Established 1970/01/01 21:59:52.110270 3.001004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 21:59:59.117251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:00:07.118176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:00:23.121461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:00:55.127753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:03:09.100280 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 22:03:09.100396 0.157475 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:09.258452 0.151818 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:09.410651 0.057495 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:09.468567 0.153504 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:09.622458 0.141746 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:09.764603 0.211786 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:09.976727 0.146844 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:10.124009 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 22:03:27.308516 0.045944 tcp 10.0.2.109 49464 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 22:03:27.354734 0.083106 tcp 10.0.2.109 49465 -> 195.113.214.222 80 SRPA* 0 0 18 13326 flow=From-Botnet-V1-TCP-Established 1970/01/01 22:03:27.438494 0.179924 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:27.618751 0.115425 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:27.734595 0.280711 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:28.015698 0.153236 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:28.169353 0.148079 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:28.317833 0.211882 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:28.530236 0.104321 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:28.634906 0.223724 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:28.859082 0.162835 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:29.022456 0.071894 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:29.094716 0.222751 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:29.317863 0.185430 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:29.503690 0.149031 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:29.653105 0.172836 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:29.826473 0.137467 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:29.964343 0.180671 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:30.145411 0.131088 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:30.276907 0.310616 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:30.587914 0.164328 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:30.752597 0.177035 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:30.929972 0.303122 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:31.233443 0.244273 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:31.478119 0.300267 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:31.778935 0.200778 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:31.980084 0.154495 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:32.135008 0.042776 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:32.178334 0.192073 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:32.370776 0.188182 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:32.559341 0.194593 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:32.754505 0.283014 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:33.037917 0.240948 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:33.279246 0.361002 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:03:33.640659 0.080016 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:06:59.132853 3.002165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 22:07:06.140827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:07:14.142648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:07:30.145166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:08:02.151644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:14:06.157189 3.002148 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 22:14:13.165220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:14:21.166731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:14:37.169373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:15:09.175555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:21:13.181605 3.001917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 22:21:20.188935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:21:28.190442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:21:44.193609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:22:16.199697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:26:25.178066 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 22:26:25.178272 2.307375 tcp 10.0.2.109 49466 -> 211.38.175.27 4598 FSPA* 0 0 12 1528 flow=From-Botnet-V1-TCP-Established 1970/01/01 22:28:20.204839 3.002543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 22:28:27.212669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:28:35.214358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:28:51.217243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:29:23.223533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:34:02.234803 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 22:34:02.234943 0.276146 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:02.511452 0.071278 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:02.583128 0.156014 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:02.739559 0.142129 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:02.882053 0.157632 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:03.040083 0.151094 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:03.191591 0.211231 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:03.403235 0.147495 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:03.551075 0.180536 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:03.732028 0.129647 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:03.862086 0.153611 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:04.016090 0.144602 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:04.161112 0.209040 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:04.370555 0.103258 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:04.474305 0.280425 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:04.755136 0.214695 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:04.970259 0.165799 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:05.136442 0.072358 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:05.209180 0.214089 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:05.423620 0.182649 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:05.606640 0.150017 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:05.757027 0.162499 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:05.919905 0.135974 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:06.056297 0.181389 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:06.238073 0.137980 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:06.376390 0.315646 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:06.692439 0.165799 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:06.858566 0.252046 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:07.110974 0.966416 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:08.077776 0.184747 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:08.262913 0.302411 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:08.565717 0.199354 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:08.765418 0.148542 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:08.914383 0.039974 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:08.954765 0.191646 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:09.146811 0.188750 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:09.335929 0.196566 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:09.532845 0.345219 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:09.878434 0.084070 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:09.962873 0.285477 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:34:10.248764 0.231327 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/01 22:35:27.229669 3.001383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 22:35:34.236627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:35:42.238630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:35:58.241379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:36:30.247682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:42:34.253281 3.001695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 22:42:41.261096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:42:49.262216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:43:05.265329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:43:37.271665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:49:41.277448 3.001951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 22:49:48.285125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:49:56.286358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:50:12.289512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:50:44.295229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:56:27.488972 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 22:56:27.489145 1.955396 tcp 10.0.2.109 49467 -> 211.38.175.27 4598 FSPA* 0 0 14 1711 flow=From-Botnet-V1-TCP-Established 1970/01/01 22:56:48.301209 3.001532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 22:56:55.309003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:57:03.310007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:57:19.313487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 22:57:51.319701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:03:55.324849 3.002383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 23:04:02.332757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:04:10.334068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:04:19.608086 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 23:04:19.608175 0.160085 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:19.768646 0.410145 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:20.179148 0.055219 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:20.234742 0.142246 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:20.377391 0.156941 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:20.534755 0.152299 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:20.687429 0.211437 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:20.899291 0.146682 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:21.046390 0.177373 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:21.224195 0.142595 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:21.367169 0.211439 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:21.579026 0.104864 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:21.684260 0.283309 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:21.967926 0.075743 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:22.044122 0.154220 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:22.198749 0.213989 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:22.413113 0.169129 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:22.582593 0.072746 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:22.655754 0.202340 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:22.858511 0.198217 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:23.057128 0.152349 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:23.209883 0.180062 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:23.390322 0.138117 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:23.528824 0.312400 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:23.841652 0.174340 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:24.016364 0.138016 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:24.154793 0.159856 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:24.315058 0.243799 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:24.559238 0.000000 udp 10.0.2.109 3683 -> 99.112.200.52 6104 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 23:04:26.337465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:04:41.321080 0.046627 tcp 10.0.2.109 49468 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:04:41.368029 0.083875 tcp 10.0.2.109 49469 -> 195.113.214.222 80 SRPA* 0 0 31 21009 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:04:41.452483 0.176483 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:41.629387 0.301755 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:41.931581 0.472141 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:42.404090 0.148994 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:42.553433 0.039660 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:42.593459 0.192135 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:42.785966 0.190508 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:42.976884 0.195467 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:43.172740 0.281025 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:43.454112 0.240456 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:43.694911 0.353780 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:44.049105 0.088698 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:04:58.343131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:11:02.349863 3.001386 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 23:11:09.356866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:11:17.357846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:11:33.361013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:12:05.366890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:18:09.373504 3.001346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 23:18:16.380573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:18:24.382152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:18:40.384814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:19:12.391509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:25:16.427150 3.001927 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 23:25:23.434409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:25:31.436295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:25:47.439205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:26:19.445143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:26:29.480732 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 23:26:29.480890 1.952829 tcp 10.0.2.109 49470 -> 211.38.175.27 4598 FSPA* 0 0 14 1721 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:32:23.451480 3.001213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 23:32:30.458879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:32:38.459851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:32:54.463387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:33:26.469429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:35:00.464581 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 23:35:00.464732 2.227663 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:02.692785 0.158144 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:02.851277 0.148053 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:02.999742 0.157785 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:03.157878 0.152232 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:03.310489 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 23:35:19.154016 0.046824 tcp 10.0.2.109 49471 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:35:19.201137 0.047042 tcp 10.0.2.109 49472 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:35:19.248493 0.131967 tcp 10.0.2.109 49473 -> 195.113.214.222 443 SRPA* 0 0 38 26665 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:35:19.381020 0.061216 udp 10.0.2.109 3683 <-> 86.146.183.124 9734 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:19.442631 0.177768 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:19.620772 0.144186 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:19.765358 0.213971 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:19.979673 0.105471 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:20.085503 0.147921 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:20.233799 0.210517 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:20.444707 0.000000 udp 10.0.2.109 3683 -> 24.172.237.254 3076 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 23:35:37.939115 0.045210 tcp 10.0.2.109 49474 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:35:37.984551 0.046145 tcp 10.0.2.109 49475 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:35:38.030952 0.131062 tcp 10.0.2.109 49476 -> 195.113.214.222 443 SRPA* 0 0 34 25107 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:35:38.162628 0.213194 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:38.376187 0.164297 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:38.540908 0.069114 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:38.610503 0.280153 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:38.891020 0.285109 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:39.176532 0.153042 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:39.329946 0.178884 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:39.509209 0.000000 udp 10.0.2.109 3683 -> 128.255.183.224 7850 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/01 23:35:54.733197 0.046452 tcp 10.0.2.109 49477 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:35:54.779941 0.045704 tcp 10.0.2.109 49478 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:35:54.825902 0.137020 tcp 10.0.2.109 49479 -> 195.113.214.222 443 SRPA* 0 0 34 25383 flow=From-Botnet-V1-TCP-Established 1970/01/01 23:35:54.963504 0.314585 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:55.278610 0.181667 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:55.460633 0.200097 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:55.661106 0.242064 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:55.903538 0.156627 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:56.060563 0.135409 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:56.196367 0.163672 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:56.360397 0.187076 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:56.547859 0.303452 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:56.851696 0.426961 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:57.279046 0.143692 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:57.423100 0.041027 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:57.464493 0.192237 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:57.657149 0.283504 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:57.941001 0.241712 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:58.183108 0.188928 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:58.372448 0.194525 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:58.567397 0.339419 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:35:58.907230 0.081292 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/01 23:39:30.475650 3.002295 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/01 23:39:37.482897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:39:45.483896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:40:01.487369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:40:33.492790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:46:37.498563 3.002472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 23:46:44.506692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:46:52.507794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:47:08.511154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:47:40.516881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:53:44.522392 3.002610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/01 23:53:51.530916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:53:59.531865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:54:15.535088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:54:47.541040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/01 23:56:31.441024 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/01 23:56:31.441183 1.919937 tcp 10.0.2.109 49480 -> 211.38.175.27 4598 FSPA* 0 0 15 1683 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:00:51.547656 3.001167 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 00:00:58.554280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:01:06.556302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:01:22.558963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:01:54.564768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:06:01.781066 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 00:06:01.781239 0.253630 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:02.035245 0.000000 udp 10.0.2.109 3683 -> 24.172.237.254 3076 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 00:06:17.476311 0.046434 tcp 10.0.2.109 49481 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:06:17.523044 0.046077 tcp 10.0.2.109 49482 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:06:17.569474 0.137550 tcp 10.0.2.109 49483 -> 195.113.214.222 443 SRPA* 0 0 35 24849 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:06:17.707623 0.144934 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:17.852983 0.151785 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:18.005138 0.321957 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:18.327516 0.143786 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:18.471750 0.157477 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:18.629591 0.150567 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:18.780574 0.000000 udp 10.0.2.109 3683 -> 86.146.183.124 9734 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 00:06:36.021134 0.046322 tcp 10.0.2.109 49484 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:06:36.067784 0.085147 tcp 10.0.2.109 49485 -> 195.113.214.222 80 SRPA* 0 0 18 13358 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:06:36.153543 0.183160 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:36.337080 0.144773 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:36.482222 0.101934 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:36.584558 0.192163 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:36.777136 0.147580 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:36.925138 0.214848 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:37.140390 0.163540 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:37.304346 0.211982 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:37.516757 0.068933 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:37.586104 0.150716 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:37.737198 0.178119 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:37.915696 0.360574 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:38.276649 0.285581 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:38.562629 0.205683 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:38.768720 0.322050 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:39.091158 0.181430 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:39.272966 0.256300 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:39.529613 0.171156 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:39.701151 0.135717 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:39.837227 0.162186 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:39.999795 0.187102 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:40.187262 0.302771 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:40.490406 0.654313 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:41.145137 0.143599 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:41.289153 0.039811 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:41.329321 0.189514 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:41.519257 0.188904 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:41.708564 0.198084 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:41.907004 0.280152 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:42.187506 0.239156 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:42.427074 0.335173 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:06:42.762678 0.085403 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:07:58.570429 3.002340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 00:08:05.578255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:08:13.579695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:08:29.583042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:09:01.589352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:15:05.594707 3.001592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 00:15:12.602483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:15:20.603578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:15:36.607146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:16:08.612720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:22:12.618850 3.001740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 00:22:19.626667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:22:27.627734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:22:43.630657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:23:15.636582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:26:33.361395 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 00:26:33.361586 1.926865 tcp 10.0.2.109 49486 -> 211.38.175.27 4598 FSPA* 0 0 14 1711 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:29:19.643590 3.001051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 00:29:26.650015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:29:34.651819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:29:50.654522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:30:22.660539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:36:26.666661 3.002149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 00:36:33.674519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:36:41.675715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:36:50.749476 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 00:36:50.749650 0.000000 udp 10.0.2.109 3683 -> 86.146.183.124 9734 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 00:36:57.678941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:37:07.564800 0.047335 tcp 10.0.2.109 49487 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:37:07.612370 0.088846 tcp 10.0.2.109 49488 -> 195.113.214.222 80 SRPA* 0 0 18 13349 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:37:07.701847 0.300643 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:08.002929 0.137993 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:08.141309 0.157225 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:08.298990 0.150855 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:08.450240 0.580053 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:09.030636 0.156216 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:09.187215 0.142733 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:09.330486 0.175942 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:09.506827 0.141145 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:09.648354 0.103684 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:09.752440 0.194244 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:09.947056 0.165952 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:10.113391 0.221687 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:10.335473 0.067405 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:10.403236 0.149627 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:10.553248 0.146918 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:10.700584 0.214236 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:10.915175 0.181662 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:11.097234 0.101978 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:11.199636 0.280965 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:11.480956 0.202479 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:11.683783 0.250922 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:11.935054 0.172672 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:12.108113 0.135118 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:12.243604 0.319418 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:12.563386 0.197586 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:12.761357 0.301471 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:13.063236 0.167203 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:13.230826 0.183328 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:13.414578 0.201648 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:13.616646 0.200490 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:13.817547 0.040345 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:13.858332 0.190228 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:14.048979 0.189260 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:14.238607 0.242256 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:14.481215 0.335025 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:14.816610 0.082408 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:14.899391 0.196671 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:15.096462 0.283527 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/02 00:37:29.684768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:43:33.691854 3.000475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 00:43:40.698337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:43:48.700058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:44:04.702723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:44:36.708759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:50:40.714563 3.002016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 00:50:47.722041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:50:55.723874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:51:11.726579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:51:43.732836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:56:35.292722 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 00:56:35.292860 1.940668 tcp 10.0.2.109 49489 -> 211.38.175.27 4598 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/01/02 00:57:47.738704 3.001391 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 00:57:54.746149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:58:02.747989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:58:18.751115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 00:58:50.756585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:04:54.872441 3.002084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 01:05:01.880199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:05:09.881611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:05:25.884682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:05:57.890719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:07:21.972263 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 01:07:21.972464 0.167697 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:22.140580 0.321317 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:22.462317 0.281894 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:22.744631 0.138494 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:22.883551 0.223774 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:23.107725 0.152966 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:23.261110 0.143702 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:23.405224 0.179200 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:23.585348 0.143827 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:23.729572 0.101769 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:23.831728 0.224627 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:24.056721 0.071450 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:24.128571 0.150252 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:24.279223 0.174034 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:24.453638 0.195218 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:24.649253 0.171187 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:24.820850 0.217079 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:25.038443 0.220423 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:25.259294 0.140977 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:25.400685 0.281087 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:25.682176 0.290040 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:25.972600 0.143646 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:26.116654 0.305021 udp 10.0.2.109 3683 <-> 180.15.122.143 9806 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:26.422103 0.177619 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:26.600063 0.255986 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:26.856476 0.174664 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:27.031525 0.302715 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:27.334635 0.167282 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:27.502330 0.213265 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:27.716033 0.540018 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:28.256422 0.388329 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:28.645153 0.045192 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:28.690760 0.232164 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:28.923308 0.334553 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:29.258316 0.188344 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:29.447082 0.188195 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:29.635681 0.282799 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:29.918917 0.094502 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:07:30.013843 0.194263 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:12:01.897501 3.001074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 01:12:08.904032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:12:16.905935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:12:32.909103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:13:04.915267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:19:08.921165 3.001279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 01:19:15.928325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:19:23.929859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:19:39.933084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:20:11.938791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:26:15.944604 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 01:26:22.952008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:26:30.953501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:26:37.343539 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 01:26:37.343734 1.924328 tcp 10.0.2.109 49490 -> 211.38.175.27 4598 FSPA* 0 0 14 1667 flow=From-Botnet-V1-TCP-Established 1970/01/02 01:26:46.956635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:27:18.962768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:33:22.968579 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 01:33:29.976073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:33:37.977754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:33:53.980714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:34:25.987218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:37:57.390911 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 01:37:57.391017 0.202954 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:57.594514 0.124210 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:57.719125 0.884286 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:58.603795 0.152876 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:58.757049 0.349178 udp 10.0.2.109 3683 <-> 99.112.200.52 6104 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:59.106621 0.150265 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:59.257245 0.143394 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:59.401003 0.181642 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:59.583013 0.145129 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:59.728529 0.097450 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:59.826475 0.153756 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:37:59.980644 0.147918 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:00.128981 0.182738 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:00.312129 0.164289 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:00.476826 0.216508 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:00.693724 0.070670 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:00.764795 0.210724 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:00.975888 0.182546 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:01.158894 0.075450 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:01.234730 0.285219 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:01.520333 0.202482 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:01.723233 0.177796 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:01.901416 0.256725 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:02.158537 0.135107 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:02.294091 0.000000 udp 10.0.2.109 3683 -> 180.15.122.143 9806 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 01:38:18.303025 0.047578 tcp 10.0.2.109 49491 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 01:38:18.350813 0.046708 tcp 10.0.2.109 49492 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 01:38:18.397776 0.134864 tcp 10.0.2.109 49493 -> 195.113.214.222 443 SRPA* 0 0 35 25863 flow=From-Botnet-V1-TCP-Established 1970/01/02 01:38:18.533240 0.167847 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:18.701491 0.181598 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:18.883449 0.172999 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:19.056825 0.303947 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:19.361128 0.198952 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:19.560498 0.343214 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:19.904089 0.040950 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:19.945419 0.242526 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:20.188322 0.188621 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:20.377311 0.285609 rtcp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:20.663334 0.334401 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:20.998080 0.190490 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:21.188963 0.096393 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:38:21.285736 0.194189 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/02 01:40:29.992450 3.002127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 01:40:37.000420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:40:45.001770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:41:01.004989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:41:33.010978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:47:37.017213 3.001154 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 01:47:44.024509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:47:52.025266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:48:08.028559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:48:40.034352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:54:44.041016 3.000941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 01:54:51.047745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:54:59.049408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:55:15.052706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:55:47.058648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 01:56:39.274473 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 01:56:39.274673 1.985085 tcp 10.0.2.109 49494 -> 211.38.175.27 4598 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:01:51.065138 3.001241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 02:01:58.071800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:02:06.073421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:02:22.076429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:02:54.082601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:08:36.184961 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 02:08:36.185141 0.000000 udp 10.0.2.109 3683 -> 180.15.122.143 9806 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 02:08:54.052249 0.047463 tcp 10.0.2.109 49495 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:08:54.100038 0.047792 tcp 10.0.2.109 49496 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:08:54.148143 0.190675 tcp 10.0.2.109 49497 -> 195.113.214.222 443 SRPA* 0 0 22 11826 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:08:54.339456 0.336608 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:08:54.676487 0.138285 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:08:54.815199 0.190357 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:08:55.005988 0.151843 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:08:55.158366 0.141701 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:08:55.300423 0.000000 udp 10.0.2.109 3683 -> 99.112.200.52 6104 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 02:08:58.089662 3.000461 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 02:09:05.095685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:09:12.037025 0.105201 tcp 10.0.2.109 49498 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:09:12.142061 0.048888 tcp 10.0.2.109 49499 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:09:12.191189 0.152026 tcp 10.0.2.109 49500 -> 195.113.214.222 443 SRPA* 0 0 23 13964 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:09:12.343934 0.145320 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:12.489643 0.619376 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:13.097753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:09:13.109423 0.178391 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:13.288219 0.213400 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:13.502042 0.185535 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:13.688022 0.168931 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:13.857373 0.214463 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:14.072223 0.070201 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:14.142819 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 02:09:17.182408 0.000000 udp 10.0.2.109 3683 <- 99.112.200.52 6104 RSP 0 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 02:09:29.100801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:09:31.504818 0.046792 tcp 10.0.2.109 49501 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:09:31.551867 0.096782 tcp 10.0.2.109 49502 -> 195.113.214.222 80 SRPA* 0 0 18 13346 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:09:31.649204 0.151102 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:31.800669 0.262980 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:32.064032 0.286242 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:32.350637 0.209979 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:32.560979 0.184552 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:32.746001 0.181289 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:32.927735 0.213196 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:33.141296 0.142900 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:33.284572 0.251268 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:33.536217 0.161029 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:33.697636 0.163849 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:33.861828 0.173338 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:34.035583 0.350214 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:34.386379 0.259908 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:34.646684 0.146619 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:34.793694 0.044141 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:34.838273 0.286637 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:35.125306 0.232154 udp 10.0.2.109 3683 <-> 71.39.236.226 5778 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:35.357877 0.190018 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:35.548254 0.081714 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:35.630355 0.198688 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:35.829419 0.336495 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:09:36.166382 0.324592 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:10:01.106712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:16:05.112735 3.001886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 02:16:12.119767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:16:20.121856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:16:36.124423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:17:08.130340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:23:12.135862 3.002137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 02:23:19.143746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:23:27.145653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:23:43.149015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:24:15.154189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:26:41.264791 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 02:26:41.264967 2.963055 tcp 10.0.2.109 49503 -> 211.38.175.27 4598 FSPA* 0 0 14 1510 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:30:19.160537 3.001354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 02:30:26.167774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:30:34.169462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:30:50.172143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:31:22.178730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:37:26.185161 3.000708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 02:37:33.191847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:37:41.193285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:37:57.196680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:38:29.202708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:39:42.397679 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 02:39:42.397877 0.000000 udp 10.0.2.109 3683 -> 99.112.200.52 6104 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 02:39:59.574462 0.047424 tcp 10.0.2.109 49504 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:39:59.622335 0.046724 tcp 10.0.2.109 49505 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:39:59.669400 0.146290 tcp 10.0.2.109 49506 -> 195.113.214.222 443 SRPA* 0 0 22 13092 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:39:59.816266 0.147088 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:39:59.963758 0.131639 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:00.095774 0.024509 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:00.120660 0.429651 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:00.550744 0.142560 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:00.693683 0.149651 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:00.843712 0.144655 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:00.988756 0.157113 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:01.146423 0.186057 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:01.332916 0.162668 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:01.495974 0.177976 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:01.674474 0.103362 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:01.778239 0.074783 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:01.853452 0.223989 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:02.077797 0.150442 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:02.228638 0.199775 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:02.428792 0.281429 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:02.710582 0.215347 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:02.926319 0.191630 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:03.118364 0.180917 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:03.299711 0.283013 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:03.583140 0.157847 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:03.741394 0.164970 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:03.906758 0.216380 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:04.123572 0.149771 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:04.273717 0.172582 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:04.446726 0.344397 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:04.791521 0.208233 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:05.000182 0.145425 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:05.146044 0.040971 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:05.187417 0.190090 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:05.377862 0.078399 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:05.456634 0.195475 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:05.652520 0.287100 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:05.939997 0.000000 udp 10.0.2.109 3683 -> 71.39.236.226 5778 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 02:40:23.878709 0.045089 tcp 10.0.2.109 49507 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:40:23.924071 0.046738 tcp 10.0.2.109 49508 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:40:23.971077 0.146687 tcp 10.0.2.109 49509 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:40:24.118455 0.365988 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:40:24.484797 0.187940 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/02 02:44:33.208105 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 02:44:40.216109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:44:48.217541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:45:04.220182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:45:36.226287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:51:40.232146 3.001843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 02:51:47.239525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:51:55.241669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:52:11.244508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:52:43.250208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:56:44.227254 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 02:56:44.227411 2.162411 tcp 10.0.2.109 49510 -> 211.38.175.27 4598 FSPA* 0 0 14 1662 flow=From-Botnet-V1-TCP-Established 1970/01/02 02:58:47.256942 3.000728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 02:58:54.263483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:59:02.265592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:59:18.268189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 02:59:50.274380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:05:54.280266 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 03:06:01.287671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:06:09.289131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:06:25.292064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:06:57.298129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:10:29.653949 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 03:10:29.654094 0.000000 udp 10.0.2.109 3683 -> 71.39.236.226 5778 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 03:10:46.910969 0.046851 tcp 10.0.2.109 49511 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 03:10:46.958041 0.181059 tcp 10.0.2.109 49512 -> 195.113.214.222 80 SRPA* 0 0 25 13023 flow=From-Botnet-V1-TCP-Established 1970/01/02 03:10:47.138209 0.146229 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:47.284898 0.155864 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:47.441174 0.142349 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:47.583870 0.151549 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:47.735838 0.131385 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:47.867679 0.134693 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:48.002754 0.183635 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:48.186759 0.167214 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:48.354585 0.177803 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:48.532797 0.596274 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:49.129492 0.225971 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:49.355897 0.142339 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:49.498644 0.078115 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:49.577193 0.150756 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:49.728316 0.075909 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:49.804656 0.285197 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:50.090316 0.202276 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:50.293046 0.224153 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:50.517623 1.733988 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:52.252027 0.169957 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:52.422576 0.163400 udp 10.0.2.109 3683 <-> 76.187.182.188 5099 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:52.586324 0.177632 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:52.764367 0.183214 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:52.948008 0.173020 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:53.121465 0.373759 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:53.495664 0.213588 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:53.709617 0.138057 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:53.848022 0.198557 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:54.046987 0.188801 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:54.236134 0.078756 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:54.315321 0.197114 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:54.512791 0.286982 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:54.800177 0.044262 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:54.844868 0.338695 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:55.183986 0.347098 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:10:55.531495 0.186904 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:13:01.304476 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 03:13:08.311682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:13:16.313540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:13:32.315980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:14:04.321919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:20:08.327772 3.001882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 03:20:15.335976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:20:23.336976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:20:39.340364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:21:11.346388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:26:46.398535 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 03:26:46.398781 2.043705 tcp 10.0.2.109 49513 -> 211.38.175.27 4598 FSPA* 0 0 15 1556 flow=From-Botnet-V1-TCP-Established 1970/01/02 03:27:15.352671 3.001628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 03:27:22.359532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:27:30.361026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:27:46.364404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:28:18.370099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:34:22.376773 3.001237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 03:34:29.383574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:34:37.384971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:34:53.387772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:35:25.393962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:41:02.419146 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 03:41:02.419250 0.146760 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:02.566411 0.156617 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:02.723425 0.141866 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:02.865676 0.149789 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:03.015881 0.151881 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:03.168131 0.167807 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:03.336292 0.179425 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:03.516141 0.358896 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:03.875412 0.210608 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:04.086607 0.102385 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:04.189376 0.209383 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:04.399144 0.143717 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:04.543252 0.068094 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:04.611711 0.149664 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:04.761833 0.098787 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:04.861028 0.222143 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:05.083551 0.282865 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:05.366815 0.208532 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:05.575756 0.303226 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:05.879418 0.170859 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:06.050652 0.000000 udp 10.0.2.109 3683 -> 76.187.182.188 5099 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 03:41:24.143016 0.045669 tcp 10.0.2.109 49514 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 03:41:24.188994 0.046170 tcp 10.0.2.109 49515 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 03:41:24.235511 0.155370 tcp 10.0.2.109 49516 -> 195.113.214.222 443 SRPA* 0 0 47 40366 flow=From-Botnet-V1-TCP-Established 1970/01/02 03:41:24.391656 0.180730 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:24.572796 0.187921 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:24.761108 0.213821 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:24.975384 0.137765 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:25.113504 0.174364 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 592 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:25.288225 0.351047 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:25.639643 0.196326 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:25.836357 0.190013 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:26.026760 0.087468 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:26.114589 0.193008 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:26.307959 0.282963 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:26.591310 0.045807 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:26.637549 0.186603 rtcp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:26.824542 0.144637 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:26.969592 0.383172 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/02 03:41:29.399952 3.001587 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 03:41:36.407471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:41:44.409109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:42:00.411943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:42:32.418209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:48:36.424153 3.001678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 03:48:43.431573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:48:51.432675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:49:07.436499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:49:39.442043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:55:43.448878 3.000696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 03:55:50.455892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:55:58.456893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:56:14.460046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:56:46.465701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 03:56:48.449286 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 03:56:48.449394 2.163196 tcp 10.0.2.109 49517 -> 211.38.175.27 4598 FSPA* 0 0 14 1560 flow=From-Botnet-V1-TCP-Established 1970/01/02 04:02:50.472256 3.001640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 04:02:57.479156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:03:05.480789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:03:21.483699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:03:53.489671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:09:57.496221 3.001299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 04:10:04.503600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:10:12.504609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:10:28.508128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:11:00.513655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:11:43.225724 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 04:11:43.225860 0.171447 udp 10.0.2.109 3683 -> 76.187.182.188 5099 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 04:11:43.397307 0.000000 icmp 70.125.216.54 0x0103 -> 10.0.2.109 0x4cbb URH 192 1 163 flow=Background 1970/01/02 04:12:01.754574 0.050502 tcp 10.0.2.109 49518 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 04:12:01.805361 0.046722 tcp 10.0.2.109 49519 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 04:12:01.852458 0.151638 tcp 10.0.2.109 49520 -> 195.113.214.222 443 SRPA* 0 0 27 11860 flow=From-Botnet-V1-TCP-Established 1970/01/02 04:12:02.004501 0.143490 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:02.148344 0.148391 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:02.297108 0.158647 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:02.456128 0.166405 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:02.622956 0.180703 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:02.804099 0.482946 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:03.287458 0.413549 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:03.701361 0.144931 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:03.846652 0.188763 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:04.035780 0.142881 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:04.179013 0.072824 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:04.252203 0.150141 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:04.402747 0.075297 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:04.478461 0.204832 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:04.683730 0.101692 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:04.785838 0.211478 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:04.997706 0.254933 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:05.253052 0.283771 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:05.537174 0.214403 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:05.751934 0.169631 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:05.921949 0.209762 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:06.132111 0.178730 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:06.311259 0.190600 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:06.502369 0.304832 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:06.807645 0.210071 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:07.018091 0.135957 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:07.154399 0.255335 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:07.410335 0.189672 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:07.600407 0.564061 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:08.164882 0.197209 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:08.362506 0.286311 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:08.649225 0.043116 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:08.692743 0.198927 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:08.892138 0.149768 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:12:09.042449 0.378111 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:17:04.519597 3.001724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 04:17:11.527468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:17:19.528937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:17:35.532008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:18:07.537815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:24:11.543949 3.001793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 04:24:18.551009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:24:26.553262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:24:42.555707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:25:14.562236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:26:50.620803 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 04:26:50.621020 2.169465 tcp 10.0.2.109 49521 -> 211.38.175.27 4598 FSPA* 0 0 15 1554 flow=From-Botnet-V1-TCP-Established 1970/01/02 04:31:18.567983 3.001490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 04:31:25.575141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:31:33.576859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:31:49.580557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:32:21.586526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:38:25.591797 3.001932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 04:38:32.598947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:38:40.600827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:38:56.603820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:39:28.609928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:42:20.637322 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 04:42:20.637424 0.156825 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:20.794617 0.165301 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:20.960326 0.181058 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:21.141760 1.862235 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:23.004391 0.145241 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:23.150000 0.293793 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:23.444170 0.149011 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:23.593543 0.144714 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:23.738634 0.079883 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:23.818955 0.151019 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:23.970505 0.226377 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:24.197283 0.162153 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:24.359843 0.099120 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:24.459378 0.183823 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:24.643620 0.143769 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:24.787762 0.211238 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:24.999400 0.254128 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:25.253956 0.289915 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:25.544228 0.214504 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:25.759208 0.159392 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:25.919066 0.187731 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:26.107218 0.366756 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:26.474346 0.210216 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:26.684997 0.181657 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:26.867030 0.195943 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:27.063336 0.137906 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:27.201592 0.170131 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:27.372081 0.000000 udp 10.0.2.109 3683 -> 99.118.244.90 1117 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 04:42:44.023598 0.048704 tcp 10.0.2.109 49522 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 04:42:44.072630 0.046456 tcp 10.0.2.109 49523 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 04:42:44.119385 0.154063 tcp 10.0.2.109 49524 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/02 04:42:44.274230 1.050655 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:45.325252 0.041494 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:45.367108 0.191557 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:45.559149 0.130604 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:45.690338 0.194955 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:45.885638 0.147153 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:42:46.033229 0.416588 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/02 04:45:32.616498 3.000647 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 04:45:39.622899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:45:47.624535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:46:03.627631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:46:35.633990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:52:39.639718 3.001719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 04:52:46.646866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:52:54.648371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:53:10.652053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:53:42.657593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 04:56:52.791456 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 04:56:52.791651 2.322486 tcp 10.0.2.109 49525 -> 211.38.175.27 4598 FSPA* 0 0 14 1605 flow=From-Botnet-V1-TCP-Established 1970/01/02 04:59:46.663335 3.002020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 04:59:53.670922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:00:01.672670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:00:17.675400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:00:49.681811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:06:53.687395 3.002270 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 05:07:00.695483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:07:08.696665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:07:24.699341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:07:56.706030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:13:02.395773 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:13:02.395887 0.189990 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:02.586573 0.158402 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:02.745422 0.165228 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:02.911068 0.178967 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:03.090533 0.230260 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:03.321221 0.283421 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:03.605031 0.124129 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:03.729502 0.069013 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:03.798935 0.150382 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:03.949736 0.145261 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:04.095405 0.141631 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:04.237475 0.104651 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:04.342489 0.184112 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:04.526996 0.141785 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:04.669150 0.271772 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:04.941315 0.218018 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:05.159706 0.285154 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:05.445301 0.223449 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:05.669169 0.169946 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:05.839540 0.247464 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:06.087419 0.282517 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:06.370319 0.236697 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:06.607423 0.193106 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:06.800926 0.302283 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:07.103567 0.209164 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:07.313122 0.143883 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:07.457427 0.580743 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:08.038521 0.156262 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:08.195171 0.789557 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:08.985211 0.040296 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:09.025924 0.191182 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:09.217559 0.084724 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:09.302703 0.193575 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:09.496687 0.191015 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:13:09.688136 0.382829 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:14:00.711754 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 05:14:07.719435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:14:15.720360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:14:31.723636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:15:03.729523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:21:07.735165 3.002421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 05:21:14.743541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:21:22.744716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:21:38.747678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:22:10.753786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:26:55.112909 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:26:55.113016 2.200038 tcp 10.0.2.109 49526 -> 211.38.175.27 4598 FSPA* 0 0 15 1701 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:28:14.759722 3.001874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 05:28:21.766691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:28:29.768820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:28:45.771682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:29:17.777331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:35:21.782947 3.002086 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 05:35:28.791201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:35:36.792488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:35:52.795613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:36:24.801290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:42:28.807784 3.001208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 05:42:35.814808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:42:43.816133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:42:59.819382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:43:26.398054 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:43:26.398188 0.165114 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:26.563706 0.187434 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:26.751538 0.156942 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:26.908884 0.178183 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:27.087476 0.554031 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:27.641975 0.158008 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:27.642494 3.061573 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 SPA_* 0 0 30 12108 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:43:27.800416 0.152483 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:27.953298 0.072024 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:28.025744 0.150179 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:28.176326 0.099905 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:28.276620 0.185059 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:28.462015 0.144942 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:28.607389 0.087307 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:28.695066 0.147795 rtcp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:28.843219 1.758070 udp 10.0.2.109 3683 <-> 184.57.37.198 8581 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:30.601659 0.154245 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:30.756274 0.282007 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:31.038645 0.214134 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:31.253150 0.160628 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:31.414147 0.178291 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:31.592815 0.189725 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:31.782966 0.258261 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:31.825567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:43:32.041591 0.201057 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:32.242996 0.143075 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:32.386510 0.303828 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:32.690715 0.215405 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:32.906479 0.195305 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:33.102295 0.171800 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:33.274522 0.189376 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:33.464327 0.084281 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:33.548983 0.194259 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:33.743623 0.148052 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:33.892042 0.287850 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:34.180288 0.042277 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:34.222938 0.377409 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/02 05:43:36.510549 4.506880 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 21 11562 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:43:41.660413 1.250638 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 5 2130 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:43:56.467318 4.590320 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 15 7282 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:44:02.363377 2.639593 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 18 6788 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:44:08.057590 0.400272 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 4 2260 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:44:13.214617 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:44:22.013617 2.367422 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 22 8536 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:44:27.756746 0.542035 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 6 2944 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:44:42.230811 4.972400 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 29 13094 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:44:47.393951 2.445594 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 6 2944 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:45:05.186215 0.714192 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 6 2420 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:45:10.217203 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:45:14.631722 4.768287 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 14 5996 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:45:19.848463 4.478816 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 6 2420 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:45:27.825547 4.563397 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 15 6050 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:45:33.072246 4.816045 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 16 6628 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:45:38.087103 4.366285 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 27 11414 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:45:49.138250 4.197965 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 21 8070 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:45:54.812076 4.586411 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 34 15860 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:45:59.717946 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:46:06.839822 0.759356 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 4 1788 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:46:15.596474 4.320338 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 16 5748 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:46:21.149270 4.816031 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 24 11608 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:46:26.977484 4.583666 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 17 8254 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:46:32.032129 2.846683 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 22 8116 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:46:41.481050 4.252913 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 20 8812 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:46:46.592532 3.628479 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 16 7468 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:46:52.905513 4.465281 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 24 9900 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:00.220403 1.860230 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 10 6304 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:05.657398 4.982663 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 25 10782 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:10.710379 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:47:10.852482 4.728183 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 22 9048 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:17.912361 4.614842 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 22 9572 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:23.646308 4.709032 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 26 12408 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:31.585831 4.814138 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 31 12678 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:36.597505 4.982526 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 35 14990 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:42.534204 4.858937 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 20 9464 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:47.827734 4.693724 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 19 10458 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:52.974354 2.150098 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 18 6308 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:47:58.261487 4.787529 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 40 17784 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:48:21.481151 4.864583 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 14 7568 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:48:26.549057 4.798488 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 23 9102 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:48:31.837423 2.118523 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 11 4250 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:48:38.716344 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:48:47.958522 4.177692 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 18 8844 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:48:55.127516 2.045779 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 6 1896 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:49:00.199711 1.795964 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 8 3576 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:49:17.465197 0.207581 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 2 644 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:49:32.980896 1.531155 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 A_PA 0 0 11 4274 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:49:35.831876 3.001197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 05:49:37.711611 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:49:42.838729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:49:50.840195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:50:04.510155 0.570882 tcp 10.0.2.109 49527 -> 84.59.151.27 3285 FRA_* 0 0 4 660 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:50:06.843424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:50:38.849549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:56:42.855624 3.001797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 05:56:49.863332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:56:57.314364 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 05:56:57.314537 2.197457 tcp 10.0.2.109 49528 -> 211.38.175.27 4598 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/01/02 05:56:57.864066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:57:13.867789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 05:57:45.873408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:03:49.879308 3.001785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 06:03:56.887122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:04:04.888339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:04:20.891232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:04:52.897594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:10:56.904489 3.000258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 06:11:03.910893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:11:11.912217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:11:27.915650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:11:59.921774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:13:56.268927 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 06:13:56.269129 0.156079 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:56.425641 0.163564 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:56.589612 0.187874 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:56.777920 0.233973 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:57.012411 0.131052 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:57.012915 2.990743 tcp 10.0.2.109 49529 -> 97.65.8.22 6521 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 06:13:57.143875 0.177513 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:57.321814 0.548864 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:57.871116 0.078068 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:57.949619 0.150188 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:58.100236 0.098571 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:58.199246 0.183706 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:58.383353 0.395082 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:13:58.778854 0.000000 udp 10.0.2.109 3683 -> 31.197.209.67 1519 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 06:14:06.012798 0.000000 tcp 10.0.2.109 49529 -> 97.65.8.22 6521 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 06:14:15.799997 0.068563 tcp 10.0.2.109 49530 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:14:15.868830 0.068616 tcp 10.0.2.109 49531 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:14:15.937750 0.149750 tcp 10.0.2.109 49532 -> 195.113.214.222 443 SRPA* 0 0 34 25403 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:14:16.088089 0.146878 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:16.235325 0.000000 udp 10.0.2.109 3683 -> 184.57.37.198 8581 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 06:14:33.312723 0.069632 tcp 10.0.2.109 49533 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:14:33.382666 0.112394 tcp 10.0.2.109 49534 -> 195.113.214.222 80 SRPA* 0 0 30 19647 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:14:33.495568 0.154479 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:33.650460 0.286655 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:33.937636 0.215101 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:33.938052 1.143819 tcp 10.0.2.109 49535 -> 58.177.94.240 5939 SPA_* 0 0 19 8965 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:14:34.153114 0.158365 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:34.311944 0.178529 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:34.490879 0.182850 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:34.674319 0.136897 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:34.811598 0.375584 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:35.187594 0.211142 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:35.399146 0.258759 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:35.658486 0.201897 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:35.860773 0.265704 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:36.126910 0.158308 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:36.285563 0.189931 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:36.475958 0.081940 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:36.558432 0.192760 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:36.751562 0.147035 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:36.899079 0.382556 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:37.281999 0.627539 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:14:37.909965 0.039883 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:15:05.077766 0.293091 tcp 10.0.2.109 49535 -> 58.177.94.240 5939 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:18:03.926903 3.002389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 06:18:10.934538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:18:18.936083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:18:34.939409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:19:07.225681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:25:11.232414 3.000644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 06:25:18.239286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:25:26.240467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:25:42.243896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:26:14.249527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:26:59.645724 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 06:26:59.645837 2.223498 tcp 10.0.2.109 49536 -> 211.38.175.27 4598 FSPA* 0 0 14 1575 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:32:18.256163 3.001615 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 06:32:25.263440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:32:33.264827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:32:49.267900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:33:21.273731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:39:25.280777 3.000943 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 06:39:32.287422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:39:40.288933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:39:56.291958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:40:28.297794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:45:03.383150 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 06:45:03.383351 0.323362 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:03.707137 0.000000 udp 10.0.2.109 3683 -> 184.57.37.198 8581 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 06:45:22.433001 0.518913 tcp 10.0.2.109 49537 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:22.952142 0.587825 tcp 10.0.2.109 49538 -> 195.113.214.222 80 SRPA* 0 0 20 14707 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:23.540467 0.421657 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:23.962531 0.413188 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:24.376070 0.405798 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:24.782263 0.430425 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:25.213047 0.764865 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:25.978884 0.390764 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:25.979474 3.762055 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 SPA_* 0 0 6 539 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:26.370206 0.772455 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:27.143036 0.319628 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:27.463013 0.402994 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:27.866395 0.312785 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:28.179601 0.421382 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:28.601327 0.403244 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:29.004973 0.406809 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:29.412182 0.456687 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:29.869284 0.535793 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:30.405429 0.462331 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:30.868124 0.413651 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:31.282150 0.423104 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:31.705726 0.407259 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:32.113391 0.393874 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:32.507659 0.497488 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:33.005539 0.460421 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:33.466330 0.606925 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:34.073691 0.435173 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:34.509269 0.426332 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:34.935987 0.417131 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:35.353484 0.449448 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:35.803269 0.322222 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:36.125836 0.000000 udp 10.0.2.109 3683 -> 142.59.253.98 3441 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 06:45:37.027735 4.311939 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 21 11154 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:42.069515 4.744107 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 22 11184 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:49.017304 3.317511 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 14 9324 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:54.247924 0.555182 tcp 10.0.2.109 49540 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:54.559983 3.010636 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 13 7842 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:54.803423 0.549981 tcp 10.0.2.109 49541 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:55.353687 1.102435 tcp 10.0.2.109 49542 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:45:56.456845 0.431722 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:56.888963 0.297059 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:57.186536 0.601346 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:57.788317 0.718212 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/02 06:45:59.922300 4.739195 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 7 4662 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:46:05.309903 4.709129 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 20 13704 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:46:10.602512 4.952224 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 33 20834 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:46:15.757200 4.878526 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 37 22478 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:46:20.834612 3.144434 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 31 16010 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:46:28.424990 4.735456 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 35 21130 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:46:32.304769 3.000719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 06:46:33.906744 1.068340 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 20 10512 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:46:39.310723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:46:47.312222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:47:00.231052 4.867171 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 7 4674 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:47:03.315378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:47:05.721646 0.015371 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 A_PA 0 0 6 3180 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:47:14.755833 0.000354 tcp 10.0.2.109 49539 -> 84.59.151.27 3285 FA_F* 0 0 5 1310 flow=From-Botnet-V1-TCP-Established 1970/01/02 06:47:35.321842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:53:39.327861 3.001380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 06:53:46.334985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:53:54.336372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:54:10.339816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:54:42.345401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 06:57:01.876366 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 06:57:01.876463 2.960689 tcp 10.0.2.109 49543 -> 211.38.175.27 4598 FSPA* 0 0 14 1729 flow=From-Botnet-V1-TCP-Established 1970/01/02 07:00:46.352378 3.000966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 07:00:53.359258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:01:01.360134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:01:17.363580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:01:49.369511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:07:53.375862 3.001107 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 07:08:00.382764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:08:08.384263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:08:24.387125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:08:56.393713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:15:00.399567 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 07:15:07.406575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:15:15.408187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:15:31.411910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:16:03.417324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:16:07.703795 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 07:16:07.703891 0.679910 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:08.384302 0.670019 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:08.384807 3.004372 tcp 10.0.2.109 49544 -> 142.59.253.98 3787 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 07:16:09.054754 0.640989 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:09.696158 0.670425 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:10.367002 0.636777 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:11.004213 0.966757 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:11.971385 0.676264 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:12.648036 0.654765 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:13.303242 0.607848 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:13.911539 0.595517 udp 10.0.2.109 3683 <-> 86.143.11.135 5422 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:14.507407 0.864225 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:15.371998 0.609162 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:15.981593 0.585958 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:16.567933 0.671497 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:17.239870 0.599548 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:17.387437 0.000000 tcp 10.0.2.109 49544 -> 142.59.253.98 3787 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 07:16:17.839856 0.642603 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:18.482926 0.695579 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:19.178954 0.762320 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:19.941639 0.661172 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:20.603250 0.669416 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:21.273219 0.731270 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:22.004851 0.668719 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:22.674040 0.632941 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:23.307386 0.670483 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:23.978262 1.254159 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:25.067821 0.470360 udp 10.0.2.109 54891 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/02 07:16:25.232765 0.709802 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:25.538712 0.473185 udp 10.0.2.109 50218 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/02 07:16:25.942969 0.803049 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:26.746425 0.655268 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:27.402255 0.664150 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:28.066811 0.557221 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:28.624404 0.617513 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:29.242405 0.534838 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:29.777587 0.845849 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:16:30.623847 0.781525 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:22:07.424356 3.000874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 07:22:14.430928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:22:22.432603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:22:38.435075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:23:10.441448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:27:04.838815 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 07:27:04.838897 3.456346 tcp 10.0.2.109 49545 -> 211.38.175.27 4598 FSPA* 0 0 14 1734 flow=From-Botnet-V1-TCP-Established 1970/01/02 07:29:14.447332 3.021499 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 07:29:21.474719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:29:29.476577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:29:45.479726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:30:17.485720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:36:21.491620 3.001246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 07:36:28.499129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:36:36.500037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:36:52.503012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:37:24.509760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:43:28.515770 3.001410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 07:43:35.522730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:43:43.524153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:43:59.527221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:44:31.533528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:46:36.533039 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 07:46:36.533188 0.614886 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:46:37.148566 0.680422 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:46:37.149039 2.999368 tcp 10.0.2.109 49546 -> 142.59.253.98 3787 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 07:46:37.829435 0.648507 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:46:38.478530 0.612671 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:46:39.091615 0.667828 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:46:39.759865 1.028991 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:46:40.789206 0.657795 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:46:41.447425 0.634842 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:46:42.082673 0.620703 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:46:42.703783 0.000000 udp 10.0.2.109 3683 -> 86.143.11.135 5422 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 07:46:46.146848 0.000000 tcp 10.0.2.109 49546 -> 142.59.253.98 3787 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 07:47:00.860866 0.983361 tcp 10.0.2.109 49547 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 07:47:01.844519 1.011285 tcp 10.0.2.109 49548 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 07:47:02.856110 2.445192 tcp 10.0.2.109 49549 -> 195.113.214.222 443 SRPA* 0 0 41 25195 flow=From-Botnet-V1-TCP-Established 1970/01/02 07:47:05.301380 0.860326 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:06.162394 0.641595 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:06.162782 2.997132 tcp 10.0.2.109 49550 -> 97.65.8.22 6521 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 07:47:06.804429 0.579463 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:07.384325 0.671860 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:08.056616 0.650743 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:08.707796 0.585351 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:09.293581 0.694146 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:09.988146 0.779285 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:10.767811 0.630101 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:11.399759 0.658291 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:12.058502 0.690373 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:12.749311 0.611767 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:13.361513 0.614292 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:13.976202 0.744414 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:14.721036 0.697224 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:15.158366 0.000000 tcp 10.0.2.109 49550 -> 97.65.8.22 6521 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 07:47:15.418694 0.677372 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:16.096419 0.000000 udp 10.0.2.109 3683 -> 14.53.189.151 5470 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 07:47:33.266331 0.994987 tcp 10.0.2.109 49551 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 07:47:34.261627 1.011686 tcp 10.0.2.109 49552 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 07:47:35.273235 2.025385 tcp 10.0.2.109 49553 -> 195.113.214.222 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/02 07:47:37.299215 0.628603 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:37.928235 0.657630 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:38.586399 0.558496 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:39.145300 0.620757 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:39.766555 0.519144 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:39.766881 3.001247 tcp 10.0.2.109 49554 -> 76.68.90.33 7677 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 07:47:40.286053 0.776815 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:41.063257 1.107725 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/02 07:47:48.766803 0.000000 tcp 10.0.2.109 49554 -> 76.68.90.33 7677 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 07:47:59.986379 0.490018 udp 10.0.2.109 63859 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/02 07:48:00.476866 0.491801 udp 10.0.2.109 49630 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/02 07:50:35.540135 3.000914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 07:50:42.546550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:50:50.548494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:51:06.551449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:51:38.557403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:57:08.301820 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 07:57:08.301989 3.593146 tcp 10.0.2.109 49555 -> 211.38.175.27 4598 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/01/02 07:57:42.562704 3.001967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 07:57:49.570821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:57:57.572603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:58:13.575153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 07:58:45.581393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:04:49.588019 3.000582 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 08:04:56.594378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:05:04.596155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:05:20.599605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:05:52.605069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:11:56.612283 3.000526 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 08:12:03.619083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:12:11.619943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:12:27.623013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:12:59.629576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:17:46.862752 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 08:17:46.862928 0.000000 udp 10.0.2.109 3683 -> 86.143.11.135 5422 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 08:18:03.979581 1.011814 tcp 10.0.2.109 49556 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:18:04.991707 1.032615 tcp 10.0.2.109 49557 -> 195.113.214.222 80 SRPA* 0 0 18 13344 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:18:06.024883 0.000000 udp 10.0.2.109 3683 -> 14.53.189.151 5470 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 08:18:21.883693 0.989333 tcp 10.0.2.109 49558 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:18:22.873401 1.055619 tcp 10.0.2.109 49559 -> 195.113.214.222 80 SRPA* 0 0 18 13339 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:18:23.929571 0.663245 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:24.593218 0.556323 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:24.593596 2.996891 tcp 10.0.2.109 49560 -> 142.59.253.98 3787 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 08:18:25.149909 0.635671 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:25.785959 0.694169 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:26.480564 0.675123 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:27.156066 1.110484 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:28.266976 0.654462 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:28.921868 0.642614 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:29.564878 1.739294 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:31.304588 0.621111 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:31.926319 0.615638 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:32.542397 0.594688 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:33.137511 0.653518 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:33.588988 0.000000 tcp 10.0.2.109 49560 -> 142.59.253.98 3787 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 08:18:33.791397 0.631649 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:34.423406 0.668631 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:35.092482 0.624414 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:35.717264 0.784814 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:36.502458 0.651229 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:37.154138 0.658734 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:37.813299 0.728817 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:38.542539 0.609079 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:39.152050 0.665612 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:39.818043 0.684815 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:40.503223 0.850378 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:41.354034 0.692860 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:42.047328 0.649362 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:42.697062 0.664543 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:43.361983 0.550573 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:43.913006 0.615729 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:44.529106 0.527446 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:45.056911 0.798954 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:18:45.856318 0.763852 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:19:03.634741 3.001987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 08:19:10.642942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:19:18.643966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:19:34.647508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:20:06.653531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:26:10.659670 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 08:26:17.666378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:26:25.667998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:26:41.670928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:27:11.895192 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 08:27:11.895316 3.471411 tcp 10.0.2.109 49561 -> 211.38.175.27 4598 FSPA* 0 0 15 1668 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:27:13.677125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:33:17.683155 3.001873 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 08:33:24.690358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:33:32.692186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:33:48.694740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:34:20.701462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:40:24.706799 3.002480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 08:40:31.714874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:40:39.716123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:40:55.718800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:41:27.725002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:47:31.731676 3.001258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 08:47:38.738322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:47:46.740165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:48:02.743128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:48:34.748852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:49:03.320574 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 08:49:03.320740 0.678170 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:03.999358 0.000000 udp 10.0.2.109 3683 -> 31.197.209.67 1519 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 08:49:03.999722 2.995368 tcp 10.0.2.109 49562 -> 142.59.253.98 3787 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 08:49:12.994307 0.000000 tcp 10.0.2.109 49562 -> 142.59.253.98 3787 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 08:49:20.526917 1.004311 tcp 10.0.2.109 49563 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:49:21.531560 1.031942 tcp 10.0.2.109 49564 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:49:22.563778 2.636178 tcp 10.0.2.109 49565 -> 195.113.214.222 443 SRPA* 0 0 37 27877 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:49:25.200691 0.661648 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:25.862678 0.616992 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:26.480052 0.693866 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:27.174450 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 08:49:44.050526 1.046974 tcp 10.0.2.109 49566 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:49:45.097758 1.046619 tcp 10.0.2.109 49567 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:49:46.144681 2.132268 tcp 10.0.2.109 49568 -> 195.113.214.222 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/02 08:49:48.277698 0.671342 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:48.949488 0.616881 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:49.566780 0.642908 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:50.210151 0.649040 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:50.859640 0.639632 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:50.859964 3.002547 tcp 10.0.2.109 49569 -> 97.65.8.22 6521 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 08:49:51.499712 0.596987 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:52.097125 0.677291 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:52.774741 0.649561 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:53.424708 0.715075 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:54.140192 0.716436 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:54.857332 0.778707 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:55.636398 0.667048 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:56.303852 0.665483 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:56.969747 0.743344 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:57.713428 0.631015 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:58.344850 0.676074 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:59.021322 0.691147 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:59.712809 0.701897 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:49:59.861520 0.000000 tcp 10.0.2.109 49569 -> 97.65.8.22 6521 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 08:50:00.415149 0.715808 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:50:01.131361 0.648177 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:50:01.779934 0.653046 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:50:02.433346 0.556116 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:50:02.989853 0.631171 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:50:03.621418 0.538160 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:50:04.159965 0.833403 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:50:04.993695 0.789880 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/02 08:54:38.755071 3.001302 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 08:54:45.762576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:54:53.763825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:55:09.766645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:55:41.773109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 08:57:15.368385 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 08:57:15.368485 3.413418 tcp 10.0.2.109 49570 -> 211.38.175.27 4598 FSPA* 0 0 14 1516 flow=From-Botnet-V1-TCP-Established 1970/01/02 09:01:45.779991 3.000336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 09:01:52.786109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:02:00.787757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:02:16.791261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:02:48.797036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:08:52.803182 3.001190 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 09:08:59.810122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:09:07.811546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:09:23.814644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:09:55.820950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:15:59.827478 3.001345 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 09:16:06.834759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:16:14.835747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:16:30.839215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:17:02.845036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:20:26.047244 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 09:20:26.047419 0.653287 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:26.701233 1.025380 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:26.701750 3.000879 tcp 10.0.2.109 49571 -> 31.197.209.67 4165 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 09:20:27.727024 0.769238 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:28.496680 0.629162 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:29.126233 1.070269 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:30.196916 0.664845 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:30.862180 0.689454 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:31.552039 0.613763 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:32.166391 0.642349 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:32.809128 0.660666 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:33.470215 0.646066 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:34.116713 0.604626 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:34.721744 0.651420 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:35.373555 0.647923 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:35.701091 0.000000 tcp 10.0.2.109 49571 -> 31.197.209.67 4165 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 09:20:36.022209 0.717518 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:36.740133 0.665614 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:37.406203 0.733382 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:38.139986 0.659144 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:38.799546 0.751184 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:39.551138 0.745046 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:39.989258 0.528361 udp 10.0.2.109 52537 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/02 09:20:40.296550 0.637984 udp 10.0.2.109 3683 <-> 74.90.25.128 9253 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:40.518277 0.505783 udp 10.0.2.109 51596 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/02 09:20:40.934933 0.685016 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:41.620317 0.761235 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:42.381952 0.661285 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:43.043653 0.711722 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:43.755790 0.656950 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:44.413143 0.647231 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:45.060785 0.560577 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:45.621747 0.639057 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:46.261194 0.527425 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:46.789064 0.837731 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:47.627226 0.802233 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:20:48.430465 3.003422 tcp 10.0.2.109 49572 -> 200.93.56.18 8729 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 09:20:57.431988 0.000000 tcp 10.0.2.109 49572 -> 200.93.56.18 8729 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 09:21:09.993152 0.506022 udp 10.0.2.109 63114 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/02 09:21:10.499690 0.507376 udp 10.0.2.109 57379 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/02 09:21:14.847429 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 09:23:06.851809 3.000632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 09:23:13.858016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:23:21.860042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:23:37.863115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:24:09.868815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:27:18.781166 0.000194 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 09:27:18.781461 3.417719 tcp 10.0.2.109 49573 -> 211.38.175.27 4598 FSPA* 0 0 14 1577 flow=From-Botnet-V1-TCP-Established 1970/01/02 09:30:13.874667 3.001873 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 09:30:20.881951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:30:28.883740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:30:44.886650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:31:16.893107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:37:20.899458 3.001124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 09:37:27.906292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:37:35.907657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:37:51.911072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:38:23.916992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:44:27.923243 3.001185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 09:44:34.929963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:44:42.932191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:44:58.934779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:45:30.940432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:51:09.657873 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 09:51:09.658033 0.668642 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:10.327180 0.685818 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:10.327651 3.005559 tcp 10.0.2.109 49574 -> 31.197.209.67 4165 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 09:51:11.013368 0.693101 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:11.706864 0.719183 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:12.426594 0.703782 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:13.130792 0.680590 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:13.811807 0.678484 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:14.490710 0.636051 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:15.127149 0.611633 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:15.739193 0.632692 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:16.372305 0.635831 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:17.008631 0.585303 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:17.594361 0.682192 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:18.276968 0.637591 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:18.914983 0.728497 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:19.331741 0.000000 tcp 10.0.2.109 49574 -> 31.197.209.67 4165 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/02 09:51:19.643876 0.729678 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:20.373996 0.780650 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:21.155044 0.659832 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:21.815367 0.669628 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:22.485408 0.820259 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:23.306117 0.000000 udp 10.0.2.109 3683 -> 74.90.25.128 9253 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 09:51:34.947241 3.001487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 09:51:38.732350 1.033087 tcp 10.0.2.109 49575 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 09:51:39.765673 1.053754 tcp 10.0.2.109 49576 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 09:51:40.819748 2.663078 tcp 10.0.2.109 49577 -> 195.113.214.222 443 SRPA* 0 0 35 25081 flow=From-Botnet-V1-TCP-Established 1970/01/02 09:51:41.954172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:51:43.483538 0.641663 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:44.125613 0.688431 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:44.814603 0.693104 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:44.814940 4.525670 tcp 10.0.2.109 49578 -> 97.78.253.186 4379 SPA_* 0 0 131 78757 flow=From-Botnet-V1-TCP-Established 1970/01/02 09:51:45.508079 0.699665 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:46.208186 0.658089 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:46.866672 0.692954 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:47.560046 0.582375 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:48.142873 0.643091 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:48.786504 0.544161 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:49.331024 0.838981 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:51:49.857062 4.591168 tcp 10.0.2.109 49578 -> 97.78.253.186 4379 FPA_* 0 0 526 355569 flow=From-Botnet-V1-TCP-Established 1970/01/02 09:51:49.955372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:51:50.170384 0.804971 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/02 09:52:05.959099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:52:37.964673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:57:22.203912 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 09:57:22.204021 3.609901 tcp 10.0.2.109 49579 -> 211.38.175.27 4598 FSPA* 0 0 15 1711 flow=From-Botnet-V1-TCP-Established 1970/01/02 09:58:41.971027 3.001181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 09:58:48.977937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:58:56.980006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:59:12.982672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 09:59:44.988861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:05:48.994607 3.001945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 10:05:56.001863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:06:04.003569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:06:20.006520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:06:52.012898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:12:56.018309 3.002272 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 10:13:03.025939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:13:11.027312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:13:27.030993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:13:59.036456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:20:03.042862 3.001286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 10:20:10.049936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:20:18.051342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:20:34.054366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:21:06.060672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:21:57.615061 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 10:21:57.615225 0.000000 udp 10.0.2.109 3683 -> 74.90.25.128 9253 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 10:22:16.415563 1.095303 tcp 10.0.2.109 49580 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 10:22:17.511122 1.040663 tcp 10.0.2.109 49581 -> 195.113.214.222 80 SRPA* 0 0 19 14703 flow=From-Botnet-V1-TCP-Established 1970/01/02 10:22:18.552392 0.667986 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:19.220717 0.686167 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:19.907314 0.547851 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:20.455594 0.636470 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:21.092424 0.651689 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:21.744527 0.692892 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:22.437809 0.667478 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:23.105675 0.640199 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:23.746265 0.641462 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:24.388141 0.628815 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:25.017372 0.601804 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:25.619540 0.628556 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:26.248505 0.673450 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:26.922541 0.601728 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:27.524688 0.733610 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:28.258860 0.648062 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:28.907326 0.783633 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:29.691362 0.664204 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:30.355972 0.667608 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:31.023987 0.737066 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:31.761467 0.676733 udp 10.0.2.109 3683 <-> 24.234.43.35 8100 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:32.438591 0.697605 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:33.136591 0.705358 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:33.842436 0.705734 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:34.548567 0.649443 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:35.198458 0.664367 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:35.863244 0.567683 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:36.431308 0.848300 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:37.280004 0.534803 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:37.815202 0.831343 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:22:38.646947 0.766556 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:27:10.067177 3.000897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 10:27:17.073992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:27:25.075705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:27:25.816968 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 10:27:25.817201 3.401707 tcp 10.0.2.109 49582 -> 211.38.175.27 4598 FSPA* 0 0 14 1675 flow=From-Botnet-V1-TCP-Established 1970/01/02 10:27:41.078796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:28:13.084580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:34:17.091458 3.000588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 10:34:24.097775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:34:32.099471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:34:48.272851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:35:20.279107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:41:24.285078 3.001665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 10:41:31.292012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:41:39.293890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:41:55.296662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:42:27.302982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:48:31.308919 3.001738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 10:48:38.315923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:48:46.317723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:49:02.320620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:49:34.326860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:53:05.230153 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 10:53:05.230278 0.573576 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:05.804274 0.693459 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:06.498236 0.911973 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:07.410563 0.656194 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:08.067138 0.647363 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:08.714905 0.659828 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:09.375194 0.681282 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:10.056887 0.624818 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:10.682122 0.607060 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:11.289619 0.630423 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:11.920429 0.596046 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:12.516864 0.644025 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:13.161299 0.683493 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:13.845183 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 10:53:32.451857 1.051853 tcp 10.0.2.109 49583 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 10:53:33.503967 1.115741 tcp 10.0.2.109 49584 -> 195.113.214.222 80 SRPA* 0 0 20 14723 flow=From-Botnet-V1-TCP-Established 1970/01/02 10:53:34.620229 0.693110 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:35.313745 0.650655 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:35.964803 0.752929 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:36.718134 0.686011 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:37.404532 0.678247 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:38.083220 0.709741 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:53:38.793344 0.000000 udp 10.0.2.109 3683 -> 24.234.43.35 8100 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 10:53:54.972590 1.037915 tcp 10.0.2.109 49585 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 10:53:56.010781 1.056598 tcp 10.0.2.109 49586 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 10:53:57.067667 2.586182 tcp 10.0.2.109 49587 -> 195.113.214.222 443 SRPA* 0 0 38 27081 flow=From-Botnet-V1-TCP-Established 1970/01/02 10:53:59.654447 0.704201 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:54:00.359041 0.683941 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:54:01.043379 0.711637 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:54:01.755409 0.664032 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:54:02.419877 0.693877 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:54:03.114328 0.573865 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:54:03.688563 0.699770 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:54:04.388705 0.534035 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:54:04.923151 0.804067 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:54:05.727635 0.817395 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/02 10:55:38.332410 3.001899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 10:55:45.340423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:55:53.341324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:56:09.344667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:56:41.350759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 10:57:29.300280 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 10:57:29.300471 3.463533 tcp 10.0.2.109 49588 -> 211.38.175.27 4598 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/01/02 11:02:45.356934 3.001234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 11:02:52.364193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:03:00.365494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:03:16.368509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:03:48.374801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:09:52.380805 3.001501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 11:09:59.387727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:10:07.389404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:10:23.392359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:10:55.398628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:16:59.404981 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 11:17:06.412357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:17:14.413757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:17:30.416737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:18:02.422407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:24:06.428955 3.001617 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 11:24:09.630873 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 11:24:09.631023 0.655982 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:10.287420 0.000000 udp 10.0.2.109 3683 -> 24.234.43.35 8100 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 11:24:13.436383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:24:21.437416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:24:26.588066 1.019439 tcp 10.0.2.109 49589 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 11:24:27.607840 1.030900 tcp 10.0.2.109 49590 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 11:24:28.638593 2.355915 tcp 10.0.2.109 49591 -> 195.113.214.222 443 SRPA* 0 0 34 23685 flow=From-Botnet-V1-TCP-Established 1970/01/02 11:24:30.995225 0.566772 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:31.562370 0.706494 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:32.269274 0.653991 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:32.923646 0.506758 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:33.430796 0.658743 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:34.089950 0.674447 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:34.764767 0.665741 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:35.430933 0.659843 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:36.091152 0.781793 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:36.873323 0.630401 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:37.440186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:24:37.504130 0.616443 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:38.121010 0.670394 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:38.791821 0.605695 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:39.397904 0.643372 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:40.041678 0.698386 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:40.740488 0.744210 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:41.485049 0.678801 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:42.164261 0.660248 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:42.824912 0.747303 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:43.572640 0.710086 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:44.283132 0.678499 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:44.961984 1.058495 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:46.020897 0.999584 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:47.020848 0.678108 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:47.699357 0.586743 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:48.286464 0.647738 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:48.934627 0.528053 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:49.463090 0.835924 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:24:50.299454 0.787125 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:25:09.446228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:27:32.763367 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 11:27:32.763533 3.459547 tcp 10.0.2.109 49592 -> 211.38.175.27 4598 FSPA* 0 0 14 1534 flow=From-Botnet-V1-TCP-Established 1970/01/02 11:31:13.452357 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 11:31:20.459630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:31:28.461141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:31:44.464582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:32:16.470424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:38:20.476326 3.001892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 11:38:27.483707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:38:35.485431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:38:51.488609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:39:23.494126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:45:27.501130 3.000817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 11:45:34.507892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:45:42.509228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:45:58.512131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:46:30.518440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:52:34.525159 3.000795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 11:52:41.532072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:52:49.533412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:53:05.536643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:53:37.542732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:55:05.839634 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 11:55:05.839880 0.640925 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:06.481151 0.561991 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:07.043578 0.678133 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:07.722344 0.661823 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:08.384514 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 11:55:24.078773 1.024261 tcp 10.0.2.109 49593 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 11:55:25.103312 1.067356 tcp 10.0.2.109 49594 -> 195.113.214.222 80 SRPA* 0 0 19 14665 flow=From-Botnet-V1-TCP-Established 1970/01/02 11:55:26.171301 0.630298 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:26.801943 0.668002 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:27.470315 0.681013 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:28.151717 0.631627 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:28.783784 0.789581 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:29.573733 0.617032 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:30.191174 0.607833 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:30.799458 0.666721 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:31.466667 0.636953 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:32.104045 0.628516 udp 10.0.2.109 3683 <-> 216.197.212.119 7692 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:32.732965 0.717233 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:33.450616 0.776324 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:34.227347 0.656267 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:34.884017 0.671925 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:35.556292 0.705086 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:36.261787 0.706059 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:36.968186 0.697677 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:37.666289 0.706835 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:38.373498 0.671920 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:39.045822 0.679258 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:39.725519 0.588397 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:40.314452 0.608409 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:40.923275 0.528857 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:41.452527 0.798067 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:55:42.251016 0.801863 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 11:57:36.226262 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 11:57:36.226492 3.406812 tcp 10.0.2.109 49595 -> 211.38.175.27 4598 FSPA* 0 0 14 1717 flow=From-Botnet-V1-TCP-Established 1970/01/02 11:59:41.547953 3.001919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 11:59:48.555791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 11:59:56.557207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:00:12.560316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:00:44.566630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:06:48.573047 3.000659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 12:06:55.579818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:07:03.581549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:07:19.583986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:07:51.590447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:13:55.597258 3.000402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 12:14:02.603985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:14:10.605154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:14:26.608564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:14:58.614285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:21:02.619803 3.001828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 12:21:09.627535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:21:17.629495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:21:33.632603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:22:05.638158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:26:07.616594 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 12:26:07.616850 0.568060 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:08.185281 0.661706 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:08.847407 0.706023 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:09.553803 0.707039 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:10.261190 0.647033 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:10.908659 0.654257 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:11.563319 0.696647 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:12.260372 0.645100 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:12.905862 0.636969 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:13.543279 0.656774 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:14.392122 0.627782 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:15.020258 0.578621 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:15.599239 0.670665 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:16.270281 0.634361 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:16.904992 0.000000 udp 10.0.2.109 3683 -> 216.197.212.119 7692 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 12:26:35.478381 1.034376 tcp 10.0.2.109 49596 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 12:26:36.513071 1.035639 tcp 10.0.2.109 49597 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 12:26:37.548650 3.118603 tcp 10.0.2.109 49598 -> 195.113.214.222 443 SRPA* 0 0 34 24193 flow=From-Botnet-V1-TCP-Established 1970/01/02 12:26:40.667970 0.749080 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:41.417445 0.791745 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:42.209566 0.666164 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:42.876101 0.695199 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:43.571643 0.744574 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:44.316553 0.714054 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:45.031004 0.698026 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:45.729406 0.719695 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:46.449458 0.679810 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:47.129650 0.709258 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:47.839316 0.575033 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:48.414751 0.875894 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:49.291011 0.547438 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:49.838878 0.833144 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:26:50.672382 0.849062 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:27:39.638912 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 12:27:39.639021 3.873341 tcp 10.0.2.109 49599 -> 211.38.175.27 4598 FSPA* 0 0 15 1631 flow=From-Botnet-V1-TCP-Established 1970/01/02 12:28:09.643621 3.002212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 12:28:16.651937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:28:24.653370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:28:40.656234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:29:12.662521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:35:16.668073 3.001896 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 12:35:23.675426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:35:31.677252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:35:47.680133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:36:19.686263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:42:23.692697 3.001195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 12:42:30.699261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:42:38.701414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:42:54.704283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:43:26.710394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:49:30.716625 3.001200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 12:49:37.723872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:49:45.725327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:50:01.727987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:50:33.734149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:56:37.740979 3.000947 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 12:56:44.747300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:56:52.749052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:57:08.751815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:57:13.769841 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 12:57:13.770241 0.000000 udp 10.0.2.109 3683 -> 216.197.212.119 7692 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 12:57:31.887970 1.039569 tcp 10.0.2.109 49600 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 12:57:32.927835 1.033906 tcp 10.0.2.109 49601 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 12:57:33.961987 2.439480 tcp 10.0.2.109 49602 -> 195.113.214.222 443 SRPA* 0 0 37 26417 flow=From-Botnet-V1-TCP-Established 1970/01/02 12:57:36.402402 0.677197 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:37.080011 0.642596 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:37.723085 0.691512 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:38.414980 0.685891 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:39.101281 0.651955 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:39.753663 0.653229 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:40.407326 0.664252 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:40.757768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 12:57:41.071986 0.657304 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:41.729761 0.643868 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:42.373945 0.646769 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:43.021219 0.649287 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:43.512092 3.483597 tcp 10.0.2.109 49603 -> 211.38.175.27 4598 FSPA* 0 0 15 1557 flow=From-Botnet-V1-TCP-Established 1970/01/02 12:57:43.670912 0.605450 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:44.276771 0.661479 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:44.938681 0.634511 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:45.573601 0.711089 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:46.285119 0.773784 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:47.059309 0.653003 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:47.712684 0.651812 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:48.364913 0.726835 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:49.092169 0.660964 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:49.753588 0.698067 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:50.452060 0.707502 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:51.159994 0.679938 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:51.840344 0.676951 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:52.517649 0.560376 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:53.078452 0.677430 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:53.756235 0.524224 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:54.280814 0.843418 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/02 12:57:55.124647 0.796166 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:03:44.764893 3.000884 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 13:03:51.771801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:03:59.773046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:04:15.775879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:04:47.781761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:10:51.788618 3.001782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 13:10:58.795533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:11:06.797236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:11:22.799672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:11:54.805858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:17:58.812458 3.000858 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 13:18:05.819319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:18:13.820901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:18:29.823710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:19:01.829843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:25:05.836840 3.000979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 13:25:12.843656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:25:20.844803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:25:36.847702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:26:08.853939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:27:46.995410 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 13:27:46.995594 3.389487 tcp 10.0.2.109 49604 -> 211.38.175.27 4598 FSPA* 0 0 14 1604 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:28:06.313220 0.648437 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:06.962095 0.631129 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:07.593615 0.804075 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:08.398086 0.686412 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:09.084850 0.647912 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:09.733167 0.621689 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:10.355248 0.000000 udp 10.0.2.109 3683 -> 99.118.244.90 1117 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 13:28:28.347200 1.041835 tcp 10.0.2.109 49605 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:28:29.389373 1.055849 tcp 10.0.2.109 49606 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:28:30.445529 2.094630 tcp 10.0.2.109 49607 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:28:32.540857 0.678750 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:33.219961 0.645393 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:33.865772 0.659290 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:34.525485 0.653149 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:35.179101 0.610796 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:35.790406 0.656325 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:36.447121 0.638612 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:37.086331 0.712383 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:37.799124 0.773930 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:38.573468 0.669424 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:39.243303 0.727326 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:39.971115 0.748007 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:40.719551 0.778616 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:41.498578 0.707160 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:42.206178 0.676742 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:42.883336 0.651024 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:43.534721 0.696478 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:44.231581 0.595492 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:44.827495 0.693071 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:45.520926 0.528624 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:46.049888 0.814381 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:28:46.864625 0.812185 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:32:12.859625 3.002032 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 13:32:19.867144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:32:27.868920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:32:43.871762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:33:15.877684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:39:19.884405 3.001114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 13:39:26.890989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:39:34.893091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:39:50.896000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:40:22.901848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:46:26.907312 3.002266 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 13:46:33.915216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:46:41.917102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:46:57.920139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:47:29.926017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:53:33.932738 3.001129 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 13:53:40.939760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:53:48.940399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:54:04.943662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:54:36.949526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 13:57:50.388369 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 13:57:50.388604 3.406214 tcp 10.0.2.109 49608 -> 211.38.175.27 4598 FSPA* 0 0 14 1752 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:58:55.161271 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 13:58:55.161371 0.664512 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:58:55.826301 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 13:59:12.488954 1.042292 tcp 10.0.2.109 49609 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:59:13.531518 1.057286 tcp 10.0.2.109 49610 -> 195.113.214.222 80 SRPA* 0 0 19 13395 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:59:14.589350 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 13:59:33.487287 1.035841 tcp 10.0.2.109 49611 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:59:34.522985 1.041649 tcp 10.0.2.109 49612 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:59:35.564910 2.161956 tcp 10.0.2.109 49613 -> 195.113.214.222 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/02 13:59:37.727441 0.629196 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:38.357053 0.701496 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:39.058954 0.663022 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:39.722356 0.650040 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:40.372838 0.661132 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:41.034522 0.642251 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:41.677187 0.608547 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:42.286175 0.634940 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:42.921483 0.561881 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:43.483767 0.667103 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:44.151208 0.637382 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:44.788988 0.694103 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:45.483491 0.790334 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:46.274288 0.657323 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:46.931961 0.667321 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:47.599628 0.752046 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:48.352043 0.707763 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:49.060230 0.688794 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:49.749451 0.698759 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:50.448582 0.663727 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:51.112715 0.656145 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:51.769236 0.569118 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:52.338791 0.687090 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:53.026316 0.536033 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:53.562778 0.848561 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 13:59:54.411771 0.836866 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:00:40.956655 3.000689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 14:00:47.963285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:00:55.964550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:01:11.967933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:01:43.973468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:07:47.980193 3.000995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 14:07:54.987536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:08:02.988800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:08:18.992031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:08:50.997571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:14:55.004405 3.000862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 14:15:02.011026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:15:10.012887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:15:26.015377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:15:58.021911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:22:02.026915 3.002628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 14:22:09.035359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:22:17.036834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:22:33.039401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:23:05.045308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:27:53.801067 0.000232 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 14:27:53.801384 3.399440 tcp 10.0.2.109 49614 -> 211.38.175.27 4598 FSPA* 0 0 14 1647 flow=From-Botnet-V1-TCP-Established 1970/01/02 14:29:09.052244 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 14:29:16.059473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:29:24.060690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:29:40.063612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:30:12.069782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:30:22.114325 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 14:30:22.114419 0.538440 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:22.653269 0.601953 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:23.255632 0.678609 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:23.934619 0.640919 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:24.575899 0.717459 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:25.293759 0.658719 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:25.952835 0.655273 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:26.608571 0.671780 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:27.280767 0.648272 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:27.929491 0.628607 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:28.558536 0.615275 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:29.174245 0.598593 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:29.773253 0.681586 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:30.455236 0.634885 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:31.090486 0.715962 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:31.806845 0.763023 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:32.570304 0.631229 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:33.201888 0.665247 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:33.867533 0.735060 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:34.603007 0.701360 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:35.304805 0.699390 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:36.004544 0.686027 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:36.690915 0.677169 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:37.368501 0.665804 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:38.034679 0.572239 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:38.607328 0.641085 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:39.248809 0.536245 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:39.785419 0.842587 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:30:40.628411 0.816347 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/02 14:36:16.075415 3.002240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 14:36:23.083320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:36:31.084442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:36:47.087875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:37:19.093876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:43:23.099560 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 14:43:30.107109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:43:38.108169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:43:54.111826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:44:26.117956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:50:30.123891 3.001461 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 14:50:37.131291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:50:45.132686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:51:01.135410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:51:33.141289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:57:37.148027 3.000939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 14:57:44.154935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:57:52.156295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:57:57.204574 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 14:57:57.204676 3.485522 tcp 10.0.2.109 49615 -> 211.38.175.27 4598 FSPA* 0 0 13 1536 flow=From-Botnet-V1-TCP-Established 1970/01/02 14:58:08.159191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 14:58:40.165192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:01:06.756391 0.000148 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 15:01:06.756637 0.540846 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:07.297840 0.601931 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:07.900135 0.661532 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:08.562214 0.657375 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:09.220073 0.689588 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:09.910086 0.659083 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:10.569590 0.655458 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:11.225424 0.648964 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:11.874794 0.641197 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:12.516412 0.638737 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:13.155540 0.654821 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:13.810745 0.574005 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:14.385095 0.686043 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:15.071528 0.630138 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:15.702037 0.710299 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:16.412727 0.782165 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:17.195246 0.665512 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:17.861185 0.666825 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:18.528409 0.751182 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:19.280030 0.705655 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:19.986235 0.691472 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:20.678129 0.702632 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:21.381146 0.652977 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:22.034542 0.660667 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:22.695589 0.568270 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:23.264265 0.617341 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:23.882036 0.532320 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:24.414753 0.812662 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:01:25.227837 0.810992 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:04:44.171830 3.000978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 15:04:51.178971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:04:59.180840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:05:15.183832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:05:47.189605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:11:51.195338 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 15:11:58.202686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:12:06.204085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:12:22.207717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:12:54.213541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:18:58.220525 3.000886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 15:19:05.226766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:19:13.228061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:19:29.231624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:20:01.237568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:26:05.243453 3.001795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 15:26:12.250988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:26:20.252199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:26:36.255106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:27:08.261700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:28:00.697505 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 15:28:00.697653 3.435525 tcp 10.0.2.109 49616 -> 211.38.175.27 4598 FSPA* 0 0 14 1687 flow=From-Botnet-V1-TCP-Established 1970/01/02 15:31:26.223374 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 15:31:26.223592 0.533088 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:26.757099 0.642515 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:27.400001 0.678971 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:28.079379 0.571303 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:28.651052 0.662961 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:29.314431 0.665550 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:29.980353 0.658834 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:30.639542 0.666473 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:31.306432 0.653609 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:31.960437 0.635795 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:32.596599 0.873784 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:33.470812 0.594755 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:34.065940 0.667412 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:34.733773 0.658117 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:35.392249 0.719914 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:36.112602 0.789830 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:36.902847 0.657183 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:37.560399 0.667187 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:38.227972 0.745870 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:38.974261 0.715564 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:39.690420 0.706445 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:40.397252 0.704987 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:41.102658 0.640186 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:41.743195 0.689260 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:42.432881 0.562343 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:42.995662 0.654784 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:43.650848 0.540942 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:44.192153 0.814068 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:31:45.006728 1.014164 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/02 15:33:12.267826 3.001008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 15:33:19.274848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:33:27.276355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:33:43.279559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:34:15.285173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:40:19.291545 3.001405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 15:40:26.298798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:40:34.299899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:40:50.303465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:41:22.309087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:47:26.315507 3.001491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 15:47:33.322487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:47:41.324174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:47:57.326964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:48:29.333128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:54:33.340055 3.000498 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 15:54:40.346730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:54:48.348010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:55:04.351427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:55:36.356987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 15:58:04.139882 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 15:58:04.140082 3.404989 tcp 10.0.2.109 49617 -> 211.38.175.27 4598 FSPA* 0 0 15 1637 flow=From-Botnet-V1-TCP-Established 1970/01/02 16:01:40.364106 3.000958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 16:01:47.370762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:01:55.371940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:02:05.166718 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 16:02:05.166978 0.504176 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:05.671577 0.631197 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:06.303190 0.665238 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:06.968808 0.578988 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:07.548222 0.682940 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:08.231531 0.667012 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:08.898971 0.627030 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:09.526412 0.665364 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:10.192179 0.642012 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:10.834615 0.645113 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:11.375270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:02:11.480085 0.652492 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:12.132971 0.549238 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:12.682617 0.701879 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:13.384862 0.635651 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:14.020961 0.718042 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:14.739437 0.797758 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:15.537611 0.653420 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:16.191459 0.671766 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:16.863646 0.737058 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:17.601117 0.730392 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:18.331919 0.687265 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:19.019605 0.681612 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:19.701568 0.653265 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:20.355256 0.677910 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:21.033555 0.575090 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:21.609078 0.650050 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:22.259591 0.527278 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:22.787288 0.834759 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:23.622629 0.775880 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:02:43.381548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:08:47.387100 3.001746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 16:08:54.394449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:09:02.395761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:09:18.399378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:09:50.405140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:15:54.412153 3.000522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 16:16:01.418556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:16:09.420450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:16:25.423338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:16:57.428857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:23:01.435720 3.000969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 16:23:08.442813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:23:16.444349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:23:32.446728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:24:04.452982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:28:07.553236 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 16:28:07.553325 3.558945 tcp 10.0.2.109 49618 -> 211.38.175.27 4598 FSPA* 0 0 15 1692 flow=From-Botnet-V1-TCP-Established 1970/01/02 16:30:08.459477 3.001241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 16:30:15.466772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:30:23.467801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:30:39.471268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:31:11.476835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:32:31.862770 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 16:32:31.862877 0.913497 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:32.776737 0.642947 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:33.420043 0.689123 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:34.109530 0.556378 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:34.666320 0.679357 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:35.346237 0.646055 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:35.992696 0.653404 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:36.646468 0.665227 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:37.312126 0.629090 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:37.941639 0.630761 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:38.572821 0.643157 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:39.216367 0.562094 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:39.778859 0.705194 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:40.484472 0.605594 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:41.090417 0.711927 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:41.802748 0.764901 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:42.568057 0.651564 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:43.220002 0.665766 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:43.886151 0.741281 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:44.627854 0.681953 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:45.310232 0.685307 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:45.995930 0.716196 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:46.712545 0.667667 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:47.380625 0.682048 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:48.063111 0.578092 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:48.641623 0.643568 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:49.285592 0.527198 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:49.813187 0.827823 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:32:50.641420 0.802372 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/02 16:37:15.483080 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 16:37:22.490491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:37:30.491925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:37:46.495340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:38:18.501065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:44:22.507417 3.001227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 16:44:29.514482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:44:37.515589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:44:53.519227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:45:25.524986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:51:29.531762 3.001025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 16:51:36.538196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:51:44.540078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:52:00.543153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:52:32.548786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:58:11.116162 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 16:58:11.116265 3.396231 tcp 10.0.2.109 49619 -> 211.38.175.27 4598 FSPA* 0 0 14 1544 flow=From-Botnet-V1-TCP-Established 1970/01/02 16:58:36.555202 3.001785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 16:58:43.562473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:58:51.564005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:59:07.567254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 16:59:39.572702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:02:54.413568 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 17:02:54.413673 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 17:03:11.420741 1.036247 tcp 10.0.2.109 49620 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 17:03:12.457257 1.053350 tcp 10.0.2.109 49621 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 17:03:13.510403 2.637086 tcp 10.0.2.109 49622 -> 195.113.214.222 443 SRPA* 0 0 36 26973 flow=From-Botnet-V1-TCP-Established 1970/01/02 17:03:16.148141 0.629466 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:16.778038 0.686476 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:17.464953 0.556950 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:18.022352 0.719482 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:18.742272 0.708161 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:19.450779 0.668987 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:20.120210 0.672390 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:20.792948 0.652501 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:21.445845 0.623541 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:22.069816 0.633462 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:22.703691 0.609379 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:23.313475 0.640016 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:23.953918 0.637551 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:24.591821 0.712415 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:25.304650 0.770812 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:26.075878 0.650040 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:26.726347 0.667873 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:27.394682 0.738342 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:28.133468 0.802066 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:28.935868 0.693452 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:29.629722 0.717752 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:30.347859 0.665070 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:31.013306 0.782953 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:31.796697 0.568872 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:32.365986 0.840977 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:33.207325 0.550058 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:33.757781 0.822399 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:03:34.580525 0.813815 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:05:43.579089 3.001444 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 17:05:50.586437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:05:58.587897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:06:14.591073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:06:46.596626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:12:50.602527 3.001997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 17:12:57.610105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:13:05.611704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:13:21.614777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:13:53.621088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:19:57.627301 3.001223 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 17:20:04.633965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:20:12.635615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:20:28.638681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:21:00.644714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:27:04.651259 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 17:27:11.657981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:27:19.659706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:27:35.662999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:28:07.669003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:28:14.518857 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 17:28:14.519061 3.388386 tcp 10.0.2.109 49623 -> 211.38.175.27 4598 FSPA* 0 0 14 1632 flow=From-Botnet-V1-TCP-Established 1970/01/02 17:33:38.855299 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 17:33:38.855448 0.883853 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:39.739761 0.642239 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:40.382435 0.689442 udp 10.0.2.109 3683 <-> 99.118.244.90 1117 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:41.072299 0.560086 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:41.632792 0.683282 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:42.316434 0.663781 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:42.980688 0.617356 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:43.598492 1.199933 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:44.798834 0.642224 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:45.441463 0.654242 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:46.096083 0.635997 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:46.732447 0.591775 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:47.324585 0.681079 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:48.006362 0.636402 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:48.643177 0.697992 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:49.341566 0.755973 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:50.097926 0.651841 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:50.750266 0.704857 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:51.455547 0.835531 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:33:52.291478 0.000000 udp 10.0.2.109 3683 -> 97.78.253.186 7622 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 17:34:07.548921 1.058653 tcp 10.0.2.109 49624 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/02 17:34:08.607435 1.035618 tcp 10.0.2.109 49625 -> 195.113.214.222 80 SRPA* 0 0 20 14729 flow=From-Botnet-V1-TCP-Established 1970/01/02 17:34:09.643685 0.708809 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:34:10.352944 0.713083 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:34:11.066440 0.635223 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:34:11.675261 3.000906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 17:34:11.702190 0.839500 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:34:12.542085 0.577760 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:34:13.120242 0.610022 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:34:13.730668 0.532423 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:34:14.263502 0.830072 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:34:15.093942 0.807138 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/02 17:34:18.682146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:34:26.684023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:34:42.686807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:35:14.692848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:41:18.698402 3.002135 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 17:41:25.706068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:41:33.707578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:41:49.710785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:42:21.716702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:48:25.723150 3.001050 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 17:48:32.729959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:48:40.731472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:48:56.734342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:49:28.740475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:55:32.747099 3.000965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 17:55:39.753905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:55:47.755468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:56:03.758706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:56:35.764285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 17:58:17.912419 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 17:58:17.912683 3.383612 tcp 10.0.2.109 49626 -> 211.38.175.27 4598 FSPA* 0 0 14 1550 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:02:39.770792 3.001224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 18:02:46.777922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:02:54.779490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:03:10.783546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:03:42.789223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:04:39.801306 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 18:04:39.801403 2.412840 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:04:42.214687 0.856435 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:04:43.071529 0.000000 udp 10.0.2.109 3683 -> 99.118.244.90 1117 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 18:05:01.555039 1.021839 tcp 10.0.2.109 49627 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:05:02.577169 1.062232 tcp 10.0.2.109 49628 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:05:03.639747 2.129078 tcp 10.0.2.109 49629 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:05:05.769602 0.661356 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:06.431357 0.573636 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:07.005353 0.655510 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:07.661272 0.656339 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:08.317972 0.637116 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:08.955517 0.704480 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:09.660369 0.658306 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:10.319103 0.642371 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:10.961872 0.630038 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:11.592265 0.599993 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:12.192666 0.679231 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:12.872330 0.648806 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:13.521552 0.697231 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:14.219247 0.626511 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:14.846219 0.768059 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:15.614672 0.669155 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:16.284229 1.058651 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:17.343268 0.688638 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:18.032311 0.724367 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:18.757083 0.654715 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:19.412203 0.687016 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:20.099640 0.576922 udp 10.0.2.109 3683 <-> 81.149.71.72 3887 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:20.676973 0.689656 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:21.367018 0.548611 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:21.916059 0.841565 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:05:22.758022 0.797062 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:09:46.795174 3.000959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 18:09:53.802038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:10:01.803594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:10:17.806828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:10:49.812237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:16:53.819273 3.000653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 18:17:00.825992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:17:08.827184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:17:24.830195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:17:56.836608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:24:00.842804 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 18:24:07.849701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:24:15.851222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:24:31.854728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:25:03.860218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:28:21.294670 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 18:28:21.294862 3.349240 tcp 10.0.2.109 49630 -> 211.38.175.27 4598 FSPA* 0 0 14 1648 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:31:07.865951 3.001845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 18:31:14.874264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:31:22.875264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:31:38.878165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:32:10.884345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:35:45.603260 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 18:35:45.603359 0.000000 udp 10.0.2.109 3683 -> 99.118.244.90 1117 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 18:36:03.171185 1.028489 tcp 10.0.2.109 49631 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:36:04.199982 1.071078 tcp 10.0.2.109 49632 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:36:05.271287 2.122845 tcp 10.0.2.109 49633 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:36:07.394929 0.703651 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:08.098946 0.887819 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:08.987192 0.637694 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:09.625273 0.629742 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:10.255433 0.693665 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:10.949526 0.656963 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:11.606856 0.639627 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:12.246979 0.654350 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:12.901763 0.639408 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:13.541514 0.631691 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:14.173642 0.622440 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:14.796475 0.588487 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:15.385327 0.677305 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:16.063012 0.642871 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:16.706352 0.703363 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:17.410064 0.647848 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:18.058441 0.771884 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:18.830740 0.650287 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:19.481439 0.745489 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:20.227267 0.693652 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:20.921262 0.676452 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:21.598113 0.647847 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:22.246460 0.658571 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:22.905422 0.000000 udp 10.0.2.109 3683 -> 81.149.71.72 3887 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 18:36:39.632549 1.041248 tcp 10.0.2.109 49634 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:36:40.674307 1.053777 tcp 10.0.2.109 49635 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:36:41.728341 2.053949 tcp 10.0.2.109 49636 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:36:43.783013 0.628133 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:44.411509 0.547245 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:44.959103 0.808354 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:36:45.767847 0.793807 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/02 18:38:14.890888 3.000897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 18:38:21.897681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:38:29.899709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:38:45.902077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:39:17.908815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:45:21.914688 3.001062 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 18:45:28.921885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:45:36.923403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:45:52.926657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:46:24.932726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:52:28.937709 3.002002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 18:52:35.945833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:52:43.947425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:52:59.949977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:53:31.956029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:58:24.647710 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 18:58:24.647795 3.862118 tcp 10.0.2.109 49637 -> 211.38.175.27 4598 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/01/02 18:59:35.962079 3.001611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 18:59:42.969583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 18:59:50.971149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:00:06.974595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:00:38.979972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:06:42.987022 3.001012 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 19:06:49.994078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:06:57.994889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:07:11.925269 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 19:07:11.925368 0.000000 udp 10.0.2.109 3683 -> 81.149.71.72 3887 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 19:07:13.998002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:07:29.313039 1.042146 tcp 10.0.2.109 49638 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/02 19:07:30.355462 1.059194 tcp 10.0.2.109 49639 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/02 19:07:31.414529 2.110281 tcp 10.0.2.109 49640 -> 195.113.214.222 443 SRPA* 0 0 27 12042 flow=From-Botnet-V1-TCP-Established 1970/01/02 19:07:33.525352 0.667497 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:34.193272 0.675031 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:34.868730 0.626527 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:35.495677 0.583896 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:36.079962 0.698512 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:36.778860 0.666889 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:37.446321 1.263875 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:38.710649 0.634726 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:39.345796 0.604074 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:39.950253 0.641055 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:40.591751 0.632932 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:41.225132 0.600162 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:41.825685 0.680614 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:42.506805 0.617580 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:43.124822 0.695477 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:43.820747 0.655596 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:44.476748 0.752382 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:45.229559 0.646123 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:45.876150 0.795455 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:46.004061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:07:46.671958 0.690664 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:47.363075 0.697363 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:48.060845 0.662506 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:48.723769 1.183173 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:49.907378 0.637791 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:50.545615 0.539695 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:51.085756 0.948626 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:07:52.034750 0.796712 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:13:50.011001 3.001168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 19:13:57.017572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:14:05.019251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:14:21.022048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:14:53.028382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:20:57.034332 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 19:21:04.041579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:21:12.043516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:21:28.046150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:22:00.051922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:28:04.058806 3.000885 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 19:28:11.065946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:28:19.066886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:28:28.511517 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 19:28:28.511755 3.378239 tcp 10.0.2.109 49641 -> 211.38.175.27 4598 FSPA* 0 0 14 1524 flow=From-Botnet-V1-TCP-Established 1970/01/02 19:28:35.069893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:29:07.075934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:35:11.081415 3.002470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 19:35:18.089752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:35:26.090958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:35:42.093871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:36:14.099820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:38:18.418916 0.000155 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 19:38:18.419175 0.695301 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:19.114854 0.876604 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:19.991891 0.638280 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:20.630584 0.620113 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:21.251082 0.681118 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:21.932621 0.647040 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:22.580065 0.668093 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:23.248621 0.643455 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:23.892428 0.615727 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:24.508567 0.652286 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:25.161210 0.650597 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:25.812231 0.591743 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:26.404375 0.681469 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:27.086236 0.605454 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:27.692137 0.703522 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:28.396084 0.619247 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:29.015751 0.754209 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:29.770350 0.669416 udp 10.0.2.109 3683 <-> 108.76.85.176 4197 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:30.440197 0.744585 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:31.185182 0.685332 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:31.870913 0.702289 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:32.573630 0.647568 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:33.221601 0.686645 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:33.908610 1.089761 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:34.998769 0.524938 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:35.524082 0.833291 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:38:36.357823 0.773225 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/02 19:42:18.105805 3.002219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 19:42:25.113760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:42:33.114835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:42:49.117944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:43:21.123995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:49:25.130580 3.001150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 19:49:32.137809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:49:40.139255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:49:56.141801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:50:28.148081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:56:32.153579 3.002579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 19:56:39.161631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:56:47.163366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:57:03.166201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:57:35.172137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 19:58:31.894417 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 19:58:31.894658 3.422309 tcp 10.0.2.109 49642 -> 211.38.175.27 4598 FSPA* 0 0 14 1731 flow=From-Botnet-V1-TCP-Established 1970/01/02 20:03:39.178757 3.001081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 20:03:46.185615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:03:54.187105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:04:10.189642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:04:42.196169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:08:59.236186 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 20:08:59.236286 0.692545 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:08:59.929199 0.836611 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:00.766153 0.640921 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:01.407498 0.559376 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:01.967302 0.652129 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:02.619839 0.659757 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:03.280030 0.671479 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:03.951944 0.653098 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:04.605446 0.648211 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:05.254133 0.715379 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:05.969916 0.634345 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:06.604673 0.598227 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:07.203257 0.684000 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:07.887699 0.599305 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:08.487443 0.706263 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:09.194148 0.661651 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:09.856171 0.740912 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:10.597497 0.000000 udp 10.0.2.109 3683 -> 108.76.85.176 4197 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 20:09:27.598803 1.035633 tcp 10.0.2.109 49643 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 20:09:28.634796 1.087268 tcp 10.0.2.109 49644 -> 195.113.214.222 80 SRPA* 0 0 19 13420 flow=From-Botnet-V1-TCP-Established 1970/01/02 20:09:29.722656 1.049955 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:30.777654 0.675895 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:31.453958 0.692010 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:32.146349 0.647870 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:32.794580 0.000000 udp 10.0.2.109 3683 -> 67.232.56.212 4590 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 20:09:51.732574 1.035154 tcp 10.0.2.109 49645 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 20:09:52.767969 1.077131 tcp 10.0.2.109 49646 -> 195.113.214.222 80 SRPA* 0 0 20 14760 flow=From-Botnet-V1-TCP-Established 1970/01/02 20:09:53.845730 0.634896 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:54.481063 0.529900 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:55.011359 0.856773 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:09:55.868521 0.773960 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:10:46.201630 3.002251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 20:10:53.209227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:11:01.210717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:11:17.214031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:11:49.220264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:17:53.226276 3.001430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 20:18:00.233747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:18:08.234994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:18:24.237900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:18:56.244103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:25:00.250668 3.000610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 20:25:07.257308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:25:15.259009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:25:31.262140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:26:03.267954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:28:35.317164 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 20:28:35.317402 3.394038 tcp 10.0.2.109 49647 -> 211.38.175.27 4598 FSPA* 0 0 14 1670 flow=From-Botnet-V1-TCP-Established 1970/01/02 20:32:07.274023 3.001773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 20:32:14.281082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:32:22.282549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:32:38.285680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:33:10.291987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:39:14.298603 3.001060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 20:39:21.305505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:39:29.306674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:39:45.310215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:40:15.853974 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 20:40:15.854133 0.000000 udp 10.0.2.109 3683 -> 108.76.85.176 4197 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 20:40:17.316181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:40:33.591547 1.022861 tcp 10.0.2.109 49648 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 20:40:34.614663 1.029234 tcp 10.0.2.109 49649 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 20:40:35.644194 2.152411 tcp 10.0.2.109 49650 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/02 20:40:37.797330 0.685359 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:38.483143 0.689113 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:39.172599 0.811972 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:39.984964 0.560705 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:40.546017 0.638319 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:41.184675 0.678732 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:41.863859 0.649725 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:42.513985 0.675116 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:43.189492 1.367108 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:44.556977 0.608476 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:45.165849 0.662127 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:45.828389 0.623826 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:46.452649 0.680706 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:47.133805 0.586146 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:47.720312 0.634198 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:48.354916 0.703262 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:49.058591 0.655897 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:49.714886 0.772861 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:50.488177 0.742147 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:51.230738 0.767243 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:51.998403 1.300572 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:53.299384 0.712731 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:54.012545 0.640370 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:54.653314 0.537939 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:55.191672 0.810039 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:40:56.002044 0.777562 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/02 20:46:21.322576 3.000797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 20:46:28.329444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:46:36.330631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:46:52.333815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:47:24.339693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:53:28.346395 3.001901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 20:53:35.353540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:53:43.354798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:53:59.357674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:54:31.363508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 20:58:38.719731 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 20:58:38.719918 3.379930 tcp 10.0.2.109 49651 -> 211.38.175.27 4598 FSPA* 0 0 14 1572 flow=From-Botnet-V1-TCP-Established 1970/01/02 21:00:35.370678 3.000516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 21:00:42.377509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:00:50.378383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:01:06.381977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:01:38.387855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:07:42.394334 3.001148 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 21:07:49.400931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:07:57.403090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:08:13.405590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:08:45.411991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:11:14.365840 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 21:11:14.365932 0.687239 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:15.053613 0.701566 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:15.755543 0.647926 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:16.403815 0.579072 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:16.983296 0.630350 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:17.614082 0.682836 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:18.297364 0.636244 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:18.934032 0.665360 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:19.599832 0.628259 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:20.228510 0.632809 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:20.861771 0.644303 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:21.506501 0.627170 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:22.134035 0.666141 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:22.800592 0.601598 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:23.402567 0.629533 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:24.032544 0.745640 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:24.778559 0.639675 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:25.418586 0.756264 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:26.175315 0.729879 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:26.905593 0.768223 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:27.674282 0.660875 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:28.335566 0.712547 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:29.048492 0.804299 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:29.853179 0.535388 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:30.388935 0.848411 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:11:31.237788 0.861606 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:14:49.417965 3.001723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 21:14:56.425006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:15:04.426365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:15:20.429873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:15:52.435785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:21:56.441815 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 21:22:03.448828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:22:11.450728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:22:27.453780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:22:59.459570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:28:42.103140 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 21:28:42.103328 3.367945 tcp 10.0.2.109 49652 -> 211.38.175.27 4598 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/01/02 21:29:03.465799 3.001339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 21:29:10.473278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:29:18.474869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:29:34.477684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:30:06.483720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:36:10.489811 3.001073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 21:36:17.497235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:36:25.498398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:36:41.501448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:37:13.507326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:42:01.051460 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 21:42:01.051648 0.662720 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:01.714785 0.659466 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:02.374633 0.781816 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:03.156823 0.580275 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:03.737489 0.623632 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:04.361521 0.689477 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:05.051433 0.654284 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:05.706323 0.644945 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:06.351705 0.643609 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:06.995743 0.634879 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:07.631002 0.637588 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:08.269011 0.613438 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:08.882806 0.676821 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:09.560049 0.564700 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:10.125163 0.705337 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:10.830858 0.780264 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:11.611508 0.645011 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:12.256899 0.790407 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:13.047658 0.729582 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:13.777686 0.675335 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:14.453392 0.659872 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:15.113606 0.690212 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:15.804176 0.614204 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:16.418754 0.530628 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:16.949808 0.814223 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:42:17.764440 0.898101 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/02 21:43:17.513920 3.001222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 21:43:24.520621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:43:32.522333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:43:48.525259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:44:20.531180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:50:24.538124 3.001182 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 21:50:31.544762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:50:39.546281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:50:55.549552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:51:27.555587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:57:31.562206 3.001071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 21:57:38.568559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:57:46.570710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:58:02.573076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:58:34.579456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 21:58:45.475544 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 21:58:45.475640 3.354345 tcp 10.0.2.109 49653 -> 211.38.175.27 4598 FSPA* 0 0 15 1695 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:04:38.585844 3.001442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 22:04:45.592507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:04:53.594367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:05:09.597344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:05:41.603578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:11:45.610554 3.000303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 22:11:52.616989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:12:00.618604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:12:16.621002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:12:43.530466 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 22:12:43.530566 0.677460 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:44.208391 0.771138 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:44.979972 0.785214 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:45.765597 0.576798 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:46.342775 0.623864 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:46.967034 0.672781 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:47.640230 0.642528 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:48.283147 0.659982 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:48.627397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:12:48.943562 0.671272 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:49.615237 0.641441 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:50.257071 0.615164 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:50.872581 0.610261 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:51.483172 0.676371 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:52.159934 0.589102 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:12:52.749423 0.000000 udp 10.0.2.109 3683 -> 69.159.203.121 9541 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 22:13:08.298537 0.996626 tcp 10.0.2.109 49654 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:13:09.295395 1.037485 tcp 10.0.2.109 49655 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:13:10.333202 2.341126 tcp 10.0.2.109 49656 -> 195.113.214.222 443 SRPA* 0 0 38 27931 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:13:12.674987 0.703493 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:13:13.378893 0.639464 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:13:14.018763 0.770770 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:13:14.789937 0.743705 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:13:15.534199 0.741609 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:13:16.276205 0.627146 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:13:16.903738 0.000000 udp 10.0.2.109 3683 -> 24.8.201.73 5506 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 22:13:35.696378 1.016790 tcp 10.0.2.109 49657 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:13:36.713454 1.030369 tcp 10.0.2.109 49658 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:13:37.744116 2.068672 tcp 10.0.2.109 49659 -> 195.113.214.222 443 SRPA* 0 0 25 13918 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:13:39.813497 0.000000 udp 10.0.2.109 3683 -> 76.68.90.33 3572 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 22:13:56.556409 1.012803 tcp 10.0.2.109 49660 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:13:57.569125 1.054760 tcp 10.0.2.109 49661 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:13:58.623772 2.096802 tcp 10.0.2.109 49662 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:14:00.721361 0.530459 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:14:01.252251 0.857845 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:14:02.110515 0.762152 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:18:52.634297 3.000728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 22:18:59.640597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:19:07.642466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:19:23.645447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:19:55.651491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:25:59.657152 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 22:26:06.664904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:26:14.666065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:26:30.668949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:27:02.675267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:28:48.838278 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 22:28:48.838384 3.467138 tcp 10.0.2.109 49663 -> 211.38.175.27 4598 FSPA* 0 0 14 1651 flow=From-Botnet-V1-TCP-Established 1970/01/02 22:33:06.681663 3.001481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 22:33:13.688830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:33:21.690252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:33:37.693522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:34:09.699143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:40:13.705952 3.000817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 22:40:20.712346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:40:28.714038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:40:44.717157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:41:16.723761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:44:06.748054 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 22:44:06.748142 0.630944 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:07.379498 0.716056 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:08.095978 0.645384 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:08.741739 0.667570 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:09.409726 0.702322 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:10.112426 0.764949 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:10.877801 0.580062 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:11.458219 0.628505 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:12.087131 0.650783 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:12.738467 0.645955 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:13.384845 0.671918 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:14.057129 0.661631 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:14.719139 0.630853 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:15.350416 0.642834 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:15.993652 0.611945 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:16.606014 0.680342 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:17.286789 0.596213 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:17.883421 0.646923 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:18.530755 0.701618 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:19.232816 0.770166 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:20.003341 0.745199 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:20.748918 0.665032 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:21.414524 0.868192 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:22.283172 0.540090 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:22.823622 0.824000 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:44:23.648030 0.780408 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/02 22:47:20.729913 3.001361 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 22:47:27.736879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:47:35.738462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:47:51.741304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:48:23.746938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:54:27.753218 3.001427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 22:54:34.760614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:54:42.762399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:54:58.764896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:55:30.771028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 22:58:52.311064 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 22:58:52.311227 3.322437 tcp 10.0.2.109 49664 -> 211.38.175.27 4598 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/01/02 23:01:34.777603 3.002324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 23:01:41.785104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:01:49.786588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:02:05.788918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:02:37.795205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:08:41.801722 3.001428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 23:08:48.808820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:08:56.809944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:09:12.813382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:09:44.818764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:14:51.380313 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 23:14:51.380471 0.635007 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:52.015834 0.697916 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:52.714147 0.623829 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:53.338375 0.787106 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:54.125888 0.680612 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:54.806885 0.825566 udp 10.0.2.109 3683 <-> 84.59.151.27 7605 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:55.632867 0.567158 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:56.200375 0.626125 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:56.826908 0.836964 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:57.664311 0.657525 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:58.322291 0.916771 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:59.239498 0.646371 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:14:59.886402 0.634331 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:00.521167 0.640569 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:01.162203 0.632141 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:01.794723 0.676900 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:02.472018 0.589432 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:03.061840 0.638822 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:03.701070 0.720086 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:04.421564 0.776345 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:05.198335 0.827499 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:06.026299 0.656364 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:06.683029 0.686066 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:07.369531 0.553451 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:07.923372 0.825261 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:08.749045 0.776283 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:15:48.826211 3.000537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 23:15:55.832569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:16:03.833684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:16:19.836815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:16:51.842989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:22:55.849499 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 23:23:02.856523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:23:10.857767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:23:26.861273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:23:58.867193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:28:55.634381 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 23:28:55.634478 3.384599 tcp 10.0.2.109 49665 -> 211.38.175.27 4598 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/01/02 23:30:02.872434 3.002066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 23:30:09.880366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:30:17.881904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:30:33.884751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:31:05.891281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:37:09.897616 3.000983 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 23:37:16.904281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:37:24.905889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:37:40.909201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:38:12.914975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:44:16.920853 3.001646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 23:44:23.928563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:44:31.929970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:44:47.932771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:45:19.938943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:45:32.126823 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 23:45:32.126957 0.642326 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:45:32.769684 0.706327 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:45:33.476442 0.612670 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:45:34.089505 0.663674 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:45:34.753589 0.723314 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:45:35.477304 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 23:45:52.287964 0.995313 tcp 10.0.2.109 49666 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 23:45:53.283656 1.005256 tcp 10.0.2.109 49667 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 23:45:54.289193 2.518548 tcp 10.0.2.109 49668 -> 195.113.214.222 443 SRPA* 0 0 35 25459 flow=From-Botnet-V1-TCP-Established 1970/01/02 23:45:56.808316 0.633182 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:45:57.441890 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/01/02 23:46:12.565847 1.021187 tcp 10.0.2.109 49669 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/02 23:46:13.587303 1.042121 tcp 10.0.2.109 49670 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/02 23:46:14.629793 2.092841 tcp 10.0.2.109 49671 -> 195.113.214.222 443 SRPA* 0 0 24 14058 flow=From-Botnet-V1-TCP-Established 1970/01/02 23:46:16.723352 0.681477 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:17.405259 0.650255 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:18.055923 0.640821 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:18.697131 0.622471 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:19.320018 0.655112 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:19.975573 0.640283 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:20.616376 0.623929 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:21.240754 0.678679 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:21.919834 0.598124 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:22.518464 0.653665 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:23.172497 0.677400 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:23.850545 0.777551 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:24.628510 0.707722 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:25.336658 0.650433 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:25.987475 0.720540 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:26.708395 0.539695 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:27.248430 0.865457 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:46:28.114320 0.876027 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/02 23:51:23.945415 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/02 23:51:30.951995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:51:38.953751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:51:54.956862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:52:26.963020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:58:30.969166 3.001063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/02 23:58:37.976487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:58:45.978248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:58:59.027216 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/02 23:58:59.027408 3.395261 tcp 10.0.2.109 49672 -> 211.38.175.27 4598 FSPA* 0 0 14 1573 flow=From-Botnet-V1-TCP-Established 1970/01/02 23:59:01.981131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/02 23:59:33.987159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:05:37.992297 3.002247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 00:05:45.000081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:05:53.001836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:06:09.004692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:06:41.010836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:12:45.017006 3.001383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 00:12:52.024039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:13:00.025489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:13:16.028774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:13:48.035056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:16:31.490083 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 00:16:31.490206 0.000000 udp 10.0.2.109 3683 -> 84.59.151.27 7605 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 00:16:47.825919 1.017002 tcp 10.0.2.109 49673 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:16:48.843189 1.018404 tcp 10.0.2.109 49674 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:16:49.861955 2.092581 tcp 10.0.2.109 49675 -> 195.113.214.222 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:16:51.955129 0.641667 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:16:52.597195 0.631760 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:16:53.229406 0.717186 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:16:53.947038 0.708057 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:16:54.655525 0.693158 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:16:55.349055 0.691097 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:16:56.040545 0.672441 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:16:56.713436 0.682395 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:16:57.396258 0.631261 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:16:58.027927 0.000000 udp 10.0.2.109 3683 -> 98.95.183.150 5323 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 00:17:14.863317 1.032707 tcp 10.0.2.109 49676 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:17:15.896317 1.051502 tcp 10.0.2.109 49677 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:17:16.948154 2.125267 tcp 10.0.2.109 49678 -> 195.113.214.222 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:17:19.074285 0.642707 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:19.717388 0.638875 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:20.356643 0.652310 udp 10.0.2.109 3683 <-> 97.65.8.22 1039 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:21.009345 0.622728 udp 10.0.2.109 3683 <-> 128.255.183.224 7850 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:21.632518 0.665214 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:22.298136 0.604540 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:22.903085 0.657318 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:23.560848 0.692337 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:24.253533 0.786960 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:25.040896 0.722346 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:25.763697 0.655721 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:26.419786 1.051914 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:27.472122 0.515908 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:27.988430 0.794530 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:17:28.783461 0.895250 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:19:52.042292 3.000186 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 00:19:59.047885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:20:07.049768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:20:23.052374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:20:55.059089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:26:59.064742 3.001367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 00:27:06.072290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:27:14.073827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:27:30.076557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:28:02.083066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:29:02.429544 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 00:29:02.429639 3.361888 tcp 10.0.2.109 49679 -> 211.38.175.27 4598 FSPA* 0 0 14 1670 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:34:06.088233 3.002073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 00:34:13.095907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:34:21.097721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:34:37.100832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:35:09.106883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:41:13.113131 3.001520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 00:41:20.119921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:41:28.121778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:41:44.124284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:42:16.130715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:47:48.649198 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 00:47:48.649373 0.644179 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:49.293931 0.616179 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:49.910555 0.632853 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:50.543769 0.699160 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:51.243340 0.922417 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:52.166209 0.697399 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:52.864011 0.680024 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:53.544434 0.552403 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:54.097204 0.711432 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:54.809040 0.610474 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:47:55.419883 0.000000 udp 10.0.2.109 3683 -> 99.26.224.9 5585 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 00:48:12.795566 1.027385 tcp 10.0.2.109 49680 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:48:13.823371 1.004560 tcp 10.0.2.109 49681 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:48:14.828251 2.131388 tcp 10.0.2.109 49682 -> 195.113.214.222 443 SRPA* 0 0 23 13772 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:48:16.960453 0.629198 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:48:17.590061 0.000000 udp 10.0.2.109 3683 -> 97.65.8.22 1039 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 00:48:20.136714 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 00:48:27.143876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:48:34.315771 1.105923 tcp 10.0.2.109 49683 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:48:35.145327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:48:35.421928 1.006170 tcp 10.0.2.109 49684 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:48:36.428392 2.131061 tcp 10.0.2.109 49685 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:48:38.560403 0.000000 udp 10.0.2.109 3683 -> 128.255.183.224 7850 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 00:48:51.148851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:48:53.623855 1.033482 tcp 10.0.2.109 49686 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:48:54.657643 1.070520 tcp 10.0.2.109 49687 -> 195.113.214.222 80 SRPA* 0 0 20 14737 flow=From-Botnet-V1-TCP-Established 1970/01/03 00:48:55.728705 0.645662 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:48:56.374776 0.605539 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:48:56.980677 0.659217 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:48:57.640285 0.722400 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:48:58.363087 0.781370 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:48:59.144904 0.714249 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:48:59.859570 0.661114 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:49:00.521098 0.923961 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:49:01.445456 0.512445 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:49:01.958320 0.828449 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:49:02.787115 0.923567 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/03 00:49:23.154938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:55:27.160205 3.002297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 00:55:34.168031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:55:42.169420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:55:58.172533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:56:30.178525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 00:59:05.792749 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 00:59:05.792976 3.377511 tcp 10.0.2.109 49688 -> 211.38.175.27 4598 FSPA* 0 0 14 1681 flow=From-Botnet-V1-TCP-Established 1970/01/03 01:02:34.184902 3.001458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 01:02:41.191874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:02:49.193741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:03:05.196166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:03:37.202787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:09:41.208563 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 01:09:48.215834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:09:56.217685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:10:12.220504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:10:44.226710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:16:48.232184 3.001734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 01:16:55.239866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:17:03.241211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:17:19.244409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:17:51.250123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:19:13.629416 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:19:13.629521 1.281584 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:19:14.911452 0.000000 udp 10.0.2.109 3683 -> 97.65.8.22 1039 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:19:30.115343 1.473110 tcp 10.0.2.109 49689 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 01:19:31.588744 1.478159 tcp 10.0.2.109 49690 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 01:19:33.067240 3.019499 tcp 10.0.2.109 49691 -> 195.113.214.222 443 SRPA* 0 0 44 27405 flow=From-Botnet-V1-TCP-Established 1970/01/03 01:19:36.085414 0.000000 udp 10.0.2.109 3683 -> 128.255.183.224 7850 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:19:53.487283 1.413694 tcp 10.0.2.109 49692 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 01:19:54.901261 1.030733 tcp 10.0.2.109 49693 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 01:19:55.932336 2.141451 tcp 10.0.2.109 49694 -> 195.113.214.222 443 SRPA* 0 0 32 13736 flow=From-Botnet-V1-TCP-Established 1970/01/03 01:19:58.073668 0.783040 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:19:58.857198 0.902985 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:19:59.760558 0.877219 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:00.638261 0.909656 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:01.548336 0.927077 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:02.475830 0.867916 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:03.344182 0.876260 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:04.220869 0.876059 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:05.097339 0.817039 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:05.914803 0.861314 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:06.776541 0.851568 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:07.628547 0.816324 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:08.445256 0.893584 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:09.339304 0.880323 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:10.220077 0.905320 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:11.125764 0.982913 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:12.109097 1.001211 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:13.110719 0.876784 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:13.987872 1.242523 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:15.230826 0.757085 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:15.988334 1.062383 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:17.051078 1.273912 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:18.357748 1.008676 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:19.369358 0.868592 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:20.238601 0.885650 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 720 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:21.124741 0.883823 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:22.009078 0.911419 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 842 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:22.920970 0.929412 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:23.850888 0.868736 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:24.720140 0.884226 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:25.604872 0.851979 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 737 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:26.457260 0.872467 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 712 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:27.330374 0.889693 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:28.220507 0.865598 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 847 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:29.086647 0.803977 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:29.891030 0.900895 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 748 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:30.792341 0.873220 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:31.666105 0.918954 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:32.585496 0.966244 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 689 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:33.552288 0.990651 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 741 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:34.543476 0.887813 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 823 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:35.431808 0.753919 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:36.186383 1.231614 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 678 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:37.418546 1.040090 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 841 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:38.459140 1.240949 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 730 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:20:39.700840 0.000000 udp 10.0.2.109 3683 -> 212.239.111.154 3186 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:20:42.416909 0.000147 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:20:48.115001 0.000000 udp 10.0.2.109 3683 -> 216.215.82.154 9487 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:20:56.847298 0.000000 udp 10.0.2.109 3683 -> 116.15.113.76 5678 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:21:03.016207 0.000000 udp 10.0.2.109 3683 -> 151.58.11.110 4431 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:21:09.005195 0.000000 udp 10.0.2.109 3683 -> 182.64.217.255 4710 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:21:14.763143 0.640735 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:21:15.421958 0.000000 udp 10.0.2.109 3683 -> 81.133.106.150 8010 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:21:24.337241 0.000000 udp 10.0.2.109 3683 -> 99.29.125.46 3597 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:21:28.913476 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:21:31.857608 0.000000 udp 10.0.2.109 3683 -> 59.97.25.104 5422 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:21:40.410436 0.000000 udp 10.0.2.109 3683 -> 79.29.50.72 5079 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:21:45.757855 0.000000 udp 10.0.2.109 3683 -> 195.174.239.184 4175 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:21:53.038352 0.000000 udp 10.0.2.109 3683 -> 122.170.68.166 8222 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:22:01.039601 0.000000 udp 10.0.2.109 3683 -> 61.91.74.214 2046 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:22:07.328641 0.000000 udp 10.0.2.109 3683 -> 72.240.124.118 1705 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:22:13.447563 0.714900 udp 10.0.2.109 3683 -> 118.99.79.78 7077 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:22:14.162463 0.000000 icmp 118.99.79.78 0x0303 -> 10.0.2.109 0xa51b URP 192 1 220 flow=Background 1970/01/03 01:22:18.415136 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:22:20.077169 0.000000 udp 10.0.2.109 3683 -> 213.123.194.221 7296 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:22:27.578275 0.000000 udp 10.0.2.109 3683 -> 80.20.95.25 1468 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:22:35.829889 0.000000 udp 10.0.2.109 3683 -> 75.149.117.1 5929 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:22:44.221987 0.000000 udp 10.0.2.109 3683 -> 58.32.191.30 2567 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:22:52.723730 0.000000 udp 10.0.2.109 3683 -> 85.108.234.117 5223 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:23:01.617096 0.000000 udp 10.0.2.109 3683 -> 105.229.170.62 9852 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:23:06.413474 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:23:09.588107 0.000000 udp 10.0.2.109 3683 -> 68.236.156.55 9624 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:23:15.857550 0.000000 udp 10.0.2.109 3683 -> 74.7.151.25 6328 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:23:24.349612 0.000000 udp 10.0.2.109 3683 -> 75.115.140.167 4839 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:23:31.169589 0.000000 udp 10.0.2.109 3683 -> 151.58.52.63 6083 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:23:36.437107 0.000000 udp 10.0.2.109 3683 -> 69.24.200.227 1716 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:23:44.719200 0.000000 udp 10.0.2.109 3683 -> 213.203.168.154 4365 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:23:52.970686 0.000000 udp 10.0.2.109 3683 -> 151.33.58.0 7566 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:23:55.257003 3.000827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 01:23:57.917567 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:24:00.261526 0.000000 udp 10.0.2.109 3683 -> 59.94.88.195 6720 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:24:02.263722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:24:05.959700 0.000000 udp 10.0.2.109 3683 -> 190.56.16.96 1507 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:24:10.265624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:24:13.290360 0.000000 udp 10.0.2.109 3683 -> 2.222.225.77 6497 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:24:20.510008 0.000000 udp 10.0.2.109 3683 -> 197.180.244.89 5229 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:24:26.268225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:24:26.739371 0.000000 udp 10.0.2.109 3683 -> 87.25.87.150 1738 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:24:32.998012 0.000000 udp 10.0.2.109 3683 -> 115.252.72.248 1502 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:24:39.818035 0.000000 udp 10.0.2.109 3683 -> 97.66.167.193 8028 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:24:44.414350 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:24:47.919710 0.000000 udp 10.0.2.109 3683 -> 68.140.79.230 4102 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:24:55.811155 0.000000 udp 10.0.2.109 3683 -> 31.195.115.170 8674 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:24:58.274173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:25:02.179986 0.000000 udp 10.0.2.109 3683 -> 122.166.101.181 3214 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:25:08.218820 1.046513 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:25:09.280680 0.000000 udp 10.0.2.109 3683 -> 201.223.198.59 8461 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:25:16.430514 0.000000 udp 10.0.2.109 3683 -> 99.240.102.190 3025 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:25:23.250572 0.000000 udp 10.0.2.109 3683 -> 151.54.126.178 9906 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:25:31.221922 0.625980 udp 10.0.2.109 3683 -> 68.32.54.151 4592 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:25:31.847902 0.000000 icmp 68.32.54.151 0x0303 -> 10.0.2.109 0xf011 URP 192 1 289 flow=Background 1970/01/03 01:25:35.918359 0.148155 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:25:37.270611 0.000000 udp 10.0.2.109 3683 -> 84.146.4.159 5307 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:25:42.828622 0.000000 udp 10.0.2.109 3683 -> 79.107.208.47 1395 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:25:51.080382 0.000000 udp 10.0.2.109 3683 -> 165.228.231.212 1931 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:25:59.452207 0.000000 udp 10.0.2.109 3683 -> 90.205.75.137 6252 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:26:06.332427 0.000000 udp 10.0.2.109 3683 -> 87.8.92.192 6380 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:26:13.863221 0.000000 udp 10.0.2.109 3683 -> 2.228.154.198 7812 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:26:20.923521 0.000000 udp 10.0.2.109 3683 -> 110.164.211.120 9364 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:26:25.470010 0.000206 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:26:29.445923 0.000000 udp 10.0.2.109 3683 -> 79.51.60.244 2448 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:26:34.973558 0.866827 udp 10.0.2.109 3683 <-> 101.0.46.147 5007 CON 0 0 2 803 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:26:35.851235 0.000000 udp 10.0.2.109 3683 -> 108.84.250.214 5331 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:26:43.385396 0.000000 udp 10.0.2.109 3683 -> 182.55.245.33 7185 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:26:50.705872 0.000000 udp 10.0.2.109 3683 -> 72.34.94.210 5057 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:26:55.873939 0.000000 udp 10.0.2.109 3683 -> 108.58.71.106 5595 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:27:01.812451 0.000000 udp 10.0.2.109 3683 -> 79.129.44.65 2343 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:27:08.101162 0.000000 udp 10.0.2.109 3683 -> 177.102.42.164 1872 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:27:12.978246 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:27:14.339975 0.000000 udp 10.0.2.109 3683 -> 68.4.243.145 8509 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:27:22.351719 0.000000 udp 10.0.2.109 3683 -> 190.222.193.244 7789 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:27:29.752014 0.000000 udp 10.0.2.109 3683 -> 50.121.126.160 6400 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:27:35.390178 0.000000 udp 10.0.2.109 3683 -> 195.174.2.58 7184 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:27:42.631271 0.620377 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:27:43.312891 0.000000 udp 10.0.2.109 3683 -> 193.171.131.228 9848 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:27:50.532106 0.000000 udp 10.0.2.109 3683 -> 87.30.250.69 3194 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:27:57.903115 0.000000 udp 10.0.2.109 3683 -> 67.1.80.47 3592 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:28:02.469511 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:28:05.163074 0.000000 udp 10.0.2.109 3683 -> 87.28.144.30 7993 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:28:10.771409 0.731853 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:28:11.514765 0.000000 udp 10.0.2.109 3683 -> 68.170.118.185 1899 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:28:20.174949 0.000000 udp 10.0.2.109 3683 -> 83.27.102.62 5061 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:28:25.472334 0.000000 udp 10.0.2.109 3683 -> 76.26.205.85 2520 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:28:34.224900 0.000000 udp 10.0.2.109 3683 -> 41.224.254.156 2607 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:28:42.977958 0.941252 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 753 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:28:43.936504 3.806996 udp 10.0.2.109 3683 -> 203.179.87.12 7997 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:28:47.743500 0.000000 icmp 203.179.87.9 0x0103 -> 10.0.2.109 0xcbb3 URH 192 1 291 flow=Background 1970/01/03 01:28:47.974852 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:28:50.939522 0.000000 udp 10.0.2.109 3683 -> 79.14.177.150 5941 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:28:59.641901 0.859799 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:29:00.511461 0.000000 udp 10.0.2.109 3683 -> 124.179.242.31 3131 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:29:07.883319 0.000000 udp 10.0.2.109 3683 -> 95.240.20.231 7715 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:29:09.235642 3.441169 tcp 10.0.2.109 49695 -> 211.38.175.27 4598 FSPA* 0 0 14 1520 flow=From-Botnet-V1-TCP-Established 1970/01/03 01:29:13.281523 1.062882 udp 10.0.2.109 3683 <-> 112.120.70.179 5421 CON 0 0 2 740 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:29:14.373687 0.000000 udp 10.0.2.109 3683 -> 118.210.105.140 3876 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:29:21.142836 0.000000 udp 10.0.2.109 3683 -> 66.166.109.131 2534 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:29:28.112541 0.907442 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 814 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:29:29.032996 0.000000 udp 10.0.2.109 3683 -> 59.98.249.69 9863 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:29:37.806971 0.000000 udp 10.0.2.109 3683 -> 180.62.94.215 9370 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:29:46.058176 0.000000 udp 10.0.2.109 3683 -> 81.14.228.48 5466 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:29:53.278697 0.000000 udp 10.0.2.109 3683 -> 2.100.242.65 8164 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:29:57.975288 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:29:59.407768 0.819835 udp 10.0.2.109 3683 <-> 122.199.164.5 4997 CON 0 0 2 743 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:30:00.241040 0.000000 udp 10.0.2.109 3683 -> 75.148.205.137 3996 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:30:08.410276 0.000000 udp 10.0.2.109 3683 -> 87.20.234.219 1101 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:30:15.842346 0.000000 udp 10.0.2.109 3683 -> 109.113.95.170 5297 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:30:21.910001 0.528809 udp 10.0.2.109 3683 <-> 78.134.92.89 3467 CON 0 0 2 716 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:30:22.455697 0.950841 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 842 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:30:23.423733 0.000000 udp 10.0.2.109 3683 -> 203.116.129.235 2313 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:30:31.373762 0.786818 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:30:32.172627 0.000000 udp 10.0.2.109 3683 -> 49.207.111.86 2438 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:30:39.805316 0.000000 udp 10.0.2.109 3683 -> 24.103.133.186 7771 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:30:44.471986 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:30:47.747222 0.571928 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 835 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:30:48.358733 0.839351 udp 10.0.2.109 3683 <-> 118.165.13.79 5552 CON 0 0 2 814 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:30:49.211983 0.000000 udp 10.0.2.109 3683 -> 88.250.125.220 9027 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:30:55.708870 0.000000 udp 10.0.2.109 3683 -> 82.57.10.222 7013 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:31:02.340097 3.001745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 01:31:03.139263 0.000000 udp 10.0.2.109 3683 -> 67.79.246.2 9402 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:31:09.347925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:31:09.538114 0.000000 udp 10.0.2.109 3683 -> 113.140.7.42 1201 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:31:15.827757 0.000000 udp 10.0.2.109 3683 -> 80.135.162.195 9614 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:31:17.349670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:31:20.944955 0.000000 udp 10.0.2.109 3683 -> 81.104.162.42 2044 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:31:26.272510 0.000000 udp 10.0.2.109 3683 -> 24.190.224.216 9420 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:31:30.969043 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:31:33.352579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:31:34.013599 0.546532 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 774 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:31:35.425248 0.000000 udp 10.0.2.109 3683 -> 189.114.69.39 7026 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:31:41.684395 0.000000 udp 10.0.2.109 3683 -> 108.64.24.222 6633 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:31:47.232496 0.664090 udp 10.0.2.109 3683 <-> 117.207.44.111 6427 CON 0 0 2 744 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:31:47.914346 0.000000 udp 10.0.2.109 3683 -> 209.89.60.187 6626 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:31:55.644667 0.000000 udp 10.0.2.109 3683 -> 189.120.51.232 9692 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:01.092653 0.000000 udp 10.0.2.109 3683 -> 59.99.136.182 9698 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:05.358821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:32:08.302503 0.000000 udp 10.0.2.109 3683 -> 82.153.178.253 6511 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:14.411641 0.576290 udp 10.0.2.109 3683 -> 212.103.156.78 7141 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:14.987931 0.000000 icmp 212.103.156.78 0x0303 -> 10.0.2.109 0xe51b URP 192 1 225 flow=Background 1970/01/03 01:32:18.977697 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:32:21.151561 0.000000 udp 10.0.2.109 3683 -> 180.15.122.143 9806 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:28.321896 1.428998 udp 10.0.2.109 3683 <-> 101.63.186.106 1487 CON 0 0 2 841 flow=From-Botnet-V1-UDP-Established 1970/01/03 01:32:29.783343 0.000000 udp 10.0.2.109 3683 -> 194.27.58.162 9119 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:35.702369 0.000000 udp 10.0.2.109 3683 -> 176.221.210.144 1451 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:41.500655 0.000000 udp 10.0.2.109 3683 -> 172.14.153.10 7427 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:47.038317 0.000000 udp 10.0.2.109 3683 -> 210.23.136.36 4521 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:53.357882 0.000000 udp 10.0.2.109 3683 -> 180.199.36.241 1859 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:32:58.885870 0.000000 udp 10.0.2.109 3683 -> 79.246.136.124 7463 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:33:03.471870 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:33:05.374798 0.000000 udp 10.0.2.109 3683 -> 91.42.170.115 4803 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:33:11.513687 0.000000 udp 10.0.2.109 3683 -> 210.211.149.168 4212 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:33:18.683751 0.000000 udp 10.0.2.109 3683 -> 188.192.69.5 5388 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:33:25.493757 0.000000 udp 10.0.2.109 3683 -> 89.132.144.154 3676 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:33:34.416978 0.000000 udp 10.0.2.109 3683 -> 121.13.249.75 2025 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 01:38:09.364731 3.001517 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 01:38:16.372172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:38:24.373514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:38:40.376508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:39:12.382317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:45:16.388431 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 01:45:23.396133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:45:31.397636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:45:47.400400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:46:19.406180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:52:23.412084 3.001809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 01:52:30.419516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:52:38.421731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:52:54.424497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:53:26.430343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:59:12.678927 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 01:59:12.679031 3.416387 tcp 10.0.2.109 49696 -> 211.38.175.27 4598 FSPA* 0 0 14 1602 flow=From-Botnet-V1-TCP-Established 1970/01/03 01:59:30.436779 3.000917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 01:59:37.443826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 01:59:45.445025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:00:01.448445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:00:33.454481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:03:46.031870 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 02:03:46.031966 1.156057 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:47.188407 0.622093 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:47.810891 0.631129 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:48.442404 0.669574 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:49.112409 0.702702 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:49.815540 0.684770 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:50.500717 0.645998 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:51.147177 0.678771 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:51.826324 0.637613 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:52.464319 0.686922 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:53.151707 0.640698 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:53.792852 0.594149 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:54.387385 0.619984 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:55.007799 1.760019 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:56.768218 0.668837 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:57.437573 0.694089 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:58.132004 0.741896 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:58.874326 0.773259 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:03:59.647944 0.663062 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:00.311414 0.526800 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:00.838581 0.991152 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:01.830334 0.836246 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:02.666915 0.770106 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:03.437443 0.631750 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:04.069563 0.715109 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:04.785073 0.000000 udp 10.0.2.109 3683 -> 101.0.46.147 5007 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 02:04:21.415460 1.016583 tcp 10.0.2.109 49697 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:04:22.432329 1.024643 tcp 10.0.2.109 49698 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:04:23.457290 2.118969 tcp 10.0.2.109 49699 -> 195.113.214.222 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:04:25.577085 0.606971 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:26.184452 0.723979 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:26.908811 0.731949 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:27.641183 0.644225 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:28.285805 0.804331 udp 10.0.2.109 3683 <-> 112.120.70.179 5421 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:29.090548 0.670059 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:29.760968 0.000000 udp 10.0.2.109 3683 -> 122.199.164.5 4997 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 02:04:45.367941 1.046915 tcp 10.0.2.109 49700 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:04:46.415201 1.033780 tcp 10.0.2.109 49701 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:04:47.449223 2.067159 tcp 10.0.2.109 49702 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:04:49.517015 0.536847 udp 10.0.2.109 3683 <-> 78.134.92.89 3467 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:50.054300 0.657437 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:50.712120 0.779167 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:51.491705 0.574097 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:52.066245 0.825996 udp 10.0.2.109 3683 <-> 118.165.13.79 5552 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:04:52.892583 0.000000 udp 10.0.2.109 3683 -> 31.53.117.66 5422 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 02:05:11.835335 1.033101 tcp 10.0.2.109 49703 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:05:12.868727 1.027980 tcp 10.0.2.109 49704 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:05:13.896996 2.074107 tcp 10.0.2.109 49705 -> 195.113.214.222 443 SRPA* 0 0 24 13238 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:05:15.971841 0.681112 udp 10.0.2.109 3683 <-> 117.207.44.111 6427 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:05:16.653359 1.991883 udp 10.0.2.109 3683 <-> 101.63.186.106 1487 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:06:37.460124 3.001575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 02:06:44.467893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:06:52.469248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:07:08.472295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:07:40.478231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:13:44.484101 3.001805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 02:13:51.492035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:13:59.493463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:14:15.496104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:14:47.502370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:20:51.508834 3.000749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 02:20:58.516091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:21:06.517170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:21:22.520126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:21:54.526410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:27:58.532274 3.001678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 02:28:05.539440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:28:13.541283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:28:29.544043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:29:01.550057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:29:16.101792 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 02:29:16.102040 3.454755 tcp 10.0.2.109 49706 -> 211.38.175.27 4598 FSPA* 0 0 14 1646 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:35:05.556640 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 02:35:12.563472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:35:20.564929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:35:34.114608 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 02:35:34.114770 0.000000 udp 10.0.2.109 3683 -> 101.0.46.147 5007 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 02:35:36.567927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:35:49.599156 1.013847 tcp 10.0.2.109 49707 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:35:50.613297 1.090789 tcp 10.0.2.109 49708 -> 195.113.214.222 80 SRPA* 0 0 18 13370 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:35:51.704708 0.000000 udp 10.0.2.109 3683 -> 122.199.164.5 4997 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 02:36:08.573968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:36:10.317955 1.039389 tcp 10.0.2.109 49709 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:36:11.357690 1.018325 tcp 10.0.2.109 49710 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:36:12.376376 2.107262 tcp 10.0.2.109 49711 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:36:14.484209 0.569437 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:15.053982 0.617617 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:15.672002 1.082206 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:16.754608 0.627750 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:17.382751 0.660063 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:18.043230 0.706143 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:18.749730 0.000000 udp 10.0.2.109 3683 -> 97.78.253.186 7622 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 02:36:36.515691 1.046356 tcp 10.0.2.109 49712 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:36:37.562496 0.994432 tcp 10.0.2.109 49713 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:36:38.557177 2.173229 tcp 10.0.2.109 49714 -> 195.113.214.222 443 SRPA* 0 0 23 13146 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:36:40.731160 0.674856 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:41.406584 0.635200 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:42.042344 0.698633 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:42.741390 0.723457 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:43.465243 0.650425 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:44.116078 0.643740 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:44.760228 0.628925 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:45.389559 0.652789 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:46.042717 0.652770 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:46.695903 0.741133 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:47.437437 0.695589 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:48.133377 0.771144 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:48.904948 1.220617 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:50.125894 0.530818 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:50.657103 0.931935 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:51.589448 0.839937 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:52.429821 0.770681 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:53.200878 0.627345 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:53.828598 0.721670 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:54.550669 0.601939 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:55.153003 0.760100 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:55.913505 0.744523 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:56.658532 0.602111 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:36:57.261069 0.000000 udp 10.0.2.109 3683 -> 112.120.70.179 5421 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 02:37:15.982675 1.029463 tcp 10.0.2.109 49715 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:37:17.012415 1.018979 tcp 10.0.2.109 49716 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:37:18.031664 2.075948 tcp 10.0.2.109 49717 -> 195.113.214.222 443 SRPA* 0 0 25 14908 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:37:20.108316 0.671346 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:37:20.780071 0.510797 udp 10.0.2.109 3683 <-> 78.134.92.89 3467 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:37:21.291266 0.664909 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:37:21.956636 0.729782 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:37:22.686847 0.559766 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:37:23.246963 0.851004 udp 10.0.2.109 3683 <-> 118.165.13.79 5552 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:37:24.098333 0.650525 udp 10.0.2.109 3683 <-> 117.207.44.111 6427 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/03 02:37:24.749246 0.000000 udp 10.0.2.109 3683 -> 101.63.186.106 1487 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 02:37:42.249872 1.025380 tcp 10.0.2.109 49718 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:37:43.275541 1.082781 tcp 10.0.2.109 49719 -> 195.113.214.222 80 SRPA* 0 0 18 8384 flow=From-Botnet-V1-TCP-Established 1970/01/03 02:42:12.580992 3.000689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 02:42:19.587872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:42:27.589537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:42:43.591953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:43:17.300725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:49:21.307139 3.000862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 02:49:28.313805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:49:36.315275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:49:52.318907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:50:24.324366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:56:28.330860 3.001487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 02:56:35.337716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:56:43.339729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:56:59.342362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:57:31.348395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 02:59:20.405604 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 02:59:20.405883 3.403425 tcp 10.0.2.109 49720 -> 211.38.175.27 4598 FSPA* 0 0 13 1680 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:03:35.355423 3.000551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 03:03:42.361892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:03:50.363444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:04:06.366331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:04:38.372214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:08:05.370406 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 03:08:05.370562 0.678853 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:06.049842 0.000000 udp 10.0.2.109 3683 -> 112.120.70.179 5421 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 03:08:23.179239 1.018793 tcp 10.0.2.109 49721 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:08:24.198486 1.026996 tcp 10.0.2.109 49722 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:08:25.225795 2.095893 tcp 10.0.2.109 49723 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:08:27.322546 0.000000 udp 10.0.2.109 3683 -> 101.63.186.106 1487 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 03:08:45.379195 1.021126 tcp 10.0.2.109 49724 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:08:46.400660 1.073934 tcp 10.0.2.109 49725 -> 195.113.214.222 80 SRPA* 0 0 20 14772 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:08:47.475215 0.556337 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:48.031964 0.621655 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:48.653992 0.655896 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:49.310329 0.660380 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:49.971132 0.625824 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:50.597351 0.707302 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:51.305024 0.630364 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:51.935745 0.655604 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:52.591725 0.631980 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:53.224110 0.706586 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:53.931121 0.644947 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:54.576495 0.639794 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:55.216661 0.676300 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:55.893375 0.571025 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:56.464816 0.648853 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:57.114238 0.728203 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:57.842851 0.757701 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:58.600942 0.692259 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:59.293602 0.647186 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:08:59.941186 0.530375 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:00.471929 0.943226 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:01.415538 0.835641 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:02.251575 0.757180 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:03.009136 0.649413 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:03.658965 0.707544 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:04.366985 0.745027 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:05.112413 0.590329 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:05.703093 0.807908 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:06.511405 0.630247 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:07.142061 0.637535 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:07.786926 0.523680 udp 10.0.2.109 3683 <-> 78.134.92.89 3467 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:08.310966 0.631003 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:08.942425 0.813982 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:09.756751 0.688723 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:10.445824 0.830083 udp 10.0.2.109 3683 <-> 118.165.13.79 5552 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:09:11.276291 0.690148 udp 10.0.2.109 3683 <-> 117.207.44.111 6427 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:10:42.378587 3.001644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 03:10:49.386248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:10:57.387613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:11:13.390580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:11:45.396420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:17:49.403443 3.000629 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 03:17:56.409564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:18:04.411682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:18:20.414588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:18:52.420359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:24:56.425688 3.002219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 03:25:03.433626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:25:11.434998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:25:27.438724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:25:59.444071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:29:23.808354 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 03:29:23.808576 2.266528 tcp 10.0.2.109 49726 -> 211.38.175.27 4598 FSPA* 0 0 15 1767 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:32:03.451217 3.000838 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 03:32:10.457604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:32:18.459469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:32:34.462253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:33:06.468019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:39:10.474777 3.000987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 03:39:17.481734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:39:23.210214 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 03:39:23.210404 0.460265 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:23.671126 0.310615 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:23.982248 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 03:39:25.483750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:39:41.485927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:39:42.930983 0.513880 tcp 10.0.2.109 49727 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:39:43.445144 0.545077 tcp 10.0.2.109 49728 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:39:43.990590 1.034631 tcp 10.0.2.109 49729 -> 195.113.214.222 443 SRPA* 0 0 26 13972 flow=From-Botnet-V1-TCP-Established 1970/01/03 03:39:45.025948 0.408006 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:45.434376 0.418331 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:45.853101 0.382398 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:46.235901 0.451165 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:46.687462 0.386924 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:47.074779 0.432311 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:47.507489 0.313010 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:47.820909 0.436023 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:48.257294 0.399259 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:48.656918 0.395375 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:49.052636 0.447452 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:49.500485 0.344581 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:49.845493 0.400649 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:50.246505 0.493177 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:50.740044 0.525604 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:51.266071 0.474438 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:51.740963 0.392614 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:52.133947 0.296988 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:52.431356 0.485388 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:52.917149 0.580136 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:53.497639 0.527215 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:54.025245 0.390123 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:54.415722 0.481548 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:54.897645 0.534781 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:55.432871 0.359985 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:55.793297 0.496323 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:56.289952 0.381833 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:56.672182 0.436817 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:57.109344 0.288172 udp 10.0.2.109 3683 <-> 78.134.92.89 3467 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:57.397937 0.407002 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:57.805277 0.616145 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:58.421851 0.343107 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:58.765350 0.586246 udp 10.0.2.109 3683 <-> 118.165.13.79 5552 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:39:59.352035 0.437126 udp 10.0.2.109 3683 <-> 117.207.44.111 6427 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/03 03:40:13.492619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:46:17.498122 3.001690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 03:46:24.505737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:46:32.507120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:46:48.510662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:47:20.516521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:53:24.523173 3.000620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 03:53:31.529825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:53:39.530854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:53:55.534135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:54:27.540083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 03:59:26.079956 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 03:59:26.080152 2.109210 tcp 10.0.2.109 49730 -> 211.38.175.27 4598 FSPA* 0 0 15 1654 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:00:31.546529 3.001165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 04:00:38.553380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:00:46.555349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:01:02.558353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:01:34.564078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:07:38.570870 3.001100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 04:07:45.577647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:07:53.579077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:08:09.582235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:08:41.588062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:10:19.940276 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 04:10:19.940502 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 04:10:38.138251 0.046057 tcp 10.0.2.109 49731 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:10:38.184558 0.047250 tcp 10.0.2.109 49732 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:10:38.232100 0.148119 tcp 10.0.2.109 49733 -> 195.113.214.222 443 SRPA* 0 0 33 19404 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:10:38.380990 0.212139 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:38.593469 0.066199 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:38.660045 0.155715 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:38.816199 0.279164 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:39.095727 0.146023 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:39.242137 0.212038 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:39.454545 0.146506 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:39.601505 0.193643 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:39.795528 0.145853 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:39.941745 0.191804 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:40.134000 0.162959 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:40.297389 0.114923 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:40.412695 0.152101 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:40.565209 0.202842 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:40.768469 0.168098 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:40.936984 0.257869 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:41.195258 0.281596 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:41.477245 0.223743 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:41.701422 0.162536 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:41.864392 0.042717 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:10:41.907546 0.000000 udp 10.0.2.109 3683 -> 122.176.57.240 8482 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 04:11:00.118247 0.045606 tcp 10.0.2.109 49734 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:11:00.164130 0.047697 tcp 10.0.2.109 49735 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:11:00.212174 0.200447 tcp 10.0.2.109 49736 -> 195.113.214.222 443 SRPA* 0 0 41 22870 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:11:00.411726 0.336247 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:00.748408 0.285283 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:01.034148 0.151020 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:01.185520 0.119023 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:01.304908 0.230049 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:01.535372 0.296907 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:01.832701 0.251424 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:02.084537 0.142401 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:02.227364 0.165832 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:02.393594 0.182950 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:02.576947 0.040691 udp 10.0.2.109 3683 <-> 78.134.92.89 3467 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:02.617999 0.321049 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:02.939477 0.080480 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:03.020348 0.371234 udp 10.0.2.109 3683 <-> 118.165.13.79 5552 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:11:03.391947 0.000000 udp 10.0.2.109 3683 -> 117.207.44.111 6427 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 04:11:20.758475 0.045047 tcp 10.0.2.109 49737 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:11:20.803845 0.048043 tcp 10.0.2.109 49738 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:11:20.852177 0.147193 tcp 10.0.2.109 49739 -> 195.113.214.222 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:14:45.634770 3.000981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 04:14:52.641498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:15:00.643203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:15:16.646363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:15:48.652451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:21:52.658037 3.001883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 04:21:59.665368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:22:07.666930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:22:23.670209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:22:55.676486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:28:59.681597 3.002208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 04:29:06.689778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:29:14.691476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:29:28.230947 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 04:29:28.231173 2.166408 tcp 10.0.2.109 49740 -> 211.38.175.27 4598 FSPA* 0 0 14 1500 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:29:30.694044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:30:02.699819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:36:06.706395 3.001736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 04:36:13.713793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:36:21.715016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:36:37.718300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:37:09.724267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:41:28.356169 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 04:41:28.356315 0.428318 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:28.785062 0.000000 udp 10.0.2.109 3683 -> 117.207.44.111 6427 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 04:41:46.995882 0.046058 tcp 10.0.2.109 49741 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:41:47.042247 0.076491 tcp 10.0.2.109 49742 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:41:47.119098 0.149581 tcp 10.0.2.109 49743 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:41:47.269246 0.068120 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:47.337737 0.530176 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:47.868270 0.157729 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:48.026480 0.212894 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:48.239742 0.146071 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:48.386258 0.193787 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:48.580445 0.178225 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:48.759075 0.145107 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:48.904605 0.100602 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:49.005577 0.151592 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:49.157630 0.184987 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:49.343058 0.233465 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:49.576947 0.138643 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:49.715990 0.163448 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:49.879880 0.216553 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:50.096908 0.167312 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:50.264611 0.040264 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:50.305273 0.246489 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:50.552124 0.286474 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:50.838935 0.175501 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:51.014816 0.338721 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:51.353997 0.118113 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:51.472468 0.207594 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:51.680431 0.249880 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:51.930748 0.149196 udp 10.0.2.109 3683 <-> 24.172.237.254 3076 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:52.080373 1.410643 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:53.491389 0.252940 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:53.744749 0.185180 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:53.930353 0.049497 udp 10.0.2.109 3683 <-> 78.134.92.89 3467 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:53.980274 0.166116 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:54.146790 0.141626 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:54.288815 0.259300 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:54.548534 0.301145 udp 10.0.2.109 3683 <-> 14.53.189.151 5470 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/03 04:41:54.850034 0.000000 udp 10.0.2.109 3683 -> 118.165.13.79 5552 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 04:42:12.260127 0.045778 tcp 10.0.2.109 49744 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:42:12.306440 0.047969 tcp 10.0.2.109 49745 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:42:12.354686 0.145529 tcp 10.0.2.109 49746 -> 195.113.214.222 443 SRPA* 0 0 23 13378 flow=From-Botnet-V1-TCP-Established 1970/01/03 04:43:13.730882 3.001331 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 04:43:20.737870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:43:28.738714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:43:44.741861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:44:16.747904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:50:20.754752 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 04:50:27.761377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:50:35.763366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:50:51.765795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:51:23.772091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:57:27.778929 3.000700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 04:57:34.785099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:57:42.787071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:57:58.789717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:58:30.795994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 04:59:30.402727 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 04:59:30.402960 2.471833 tcp 10.0.2.109 49747 -> 211.38.175.27 4598 FSPA* 0 0 14 1545 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:04:34.801679 3.002259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 05:04:41.809545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:04:49.810675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:05:05.813937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:05:37.820026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:11:41.826587 3.001115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 05:11:48.833458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:11:56.834838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:12:12.837618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:12:40.828271 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 05:12:40.828444 0.000000 udp 10.0.2.109 3683 -> 118.165.13.79 5552 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 05:12:44.843742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:12:57.505028 0.048832 tcp 10.0.2.109 49748 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:12:57.554141 0.046079 tcp 10.0.2.109 49749 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:12:57.600490 0.147778 tcp 10.0.2.109 49750 -> 195.113.214.222 443 SRPA* 0 0 36 18342 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:12:57.747441 0.419000 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:58.166845 0.066585 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:58.233846 0.215482 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:58.449752 0.149167 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:58.599314 0.189286 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:58.788956 0.179028 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:58.968374 0.144761 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:59.113498 0.157837 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:59.271757 0.214229 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:59.486478 0.193405 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:59.680286 0.226093 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:12:59.906726 0.217853 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:00.125007 0.162293 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:00.287711 0.151058 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:00.439121 0.100393 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:00.539906 0.167030 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:00.707353 0.211743 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:00.919540 0.260997 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:01.180884 0.283815 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:01.465080 0.043358 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:01.508872 0.113680 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:01.622963 0.255878 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:01.879220 0.155315 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:02.034959 0.333818 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:02.369207 0.000000 udp 10.0.2.109 3683 -> 24.172.237.254 3076 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 05:13:20.496463 0.046324 tcp 10.0.2.109 49751 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:13:20.543082 0.045903 tcp 10.0.2.109 49752 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:13:20.589311 0.147618 tcp 10.0.2.109 49753 -> 195.113.214.222 443 SRPA* 0 0 41 23302 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:13:20.737672 0.224015 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:20.962081 0.289465 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:21.251915 0.252292 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:21.504655 0.144854 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:21.649870 0.082707 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:21.733011 0.000000 udp 10.0.2.109 3683 -> 14.53.189.151 5470 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 05:13:39.383648 0.046180 tcp 10.0.2.109 49754 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:13:39.429760 0.047805 tcp 10.0.2.109 49755 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:13:39.477824 0.153215 tcp 10.0.2.109 49756 -> 195.113.214.222 443 SRPA* 0 0 41 22618 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:13:39.631612 0.165905 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:39.797904 0.061317 udp 10.0.2.109 3683 <-> 78.134.92.89 3467 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:13:39.859583 0.185331 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:18:48.850025 3.001668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 05:18:55.857082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:19:03.859238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:19:19.861511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:19:51.867674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:25:55.874259 3.001029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 05:26:02.881250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:26:10.882464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:26:26.886020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:26:58.891574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:29:32.884057 0.000195 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 05:29:32.884351 2.119228 tcp 10.0.2.109 49757 -> 211.38.175.27 4598 FSPA* 0 0 14 1705 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:33:02.898507 3.000804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 05:33:09.904912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:33:17.906447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:33:33.909436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:34:05.915896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:40:09.922446 3.000947 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 05:40:16.929098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:40:24.930795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:40:40.933423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:41:12.940048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:43:55.063580 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 05:43:55.063753 0.000000 udp 10.0.2.109 3683 -> 24.172.237.254 3076 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 05:44:12.580368 0.046776 tcp 10.0.2.109 49758 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:44:12.627528 0.084738 tcp 10.0.2.109 49759 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:44:12.712618 0.148910 tcp 10.0.2.109 49760 -> 195.113.214.222 443 SRPA* 0 0 33 19404 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:44:12.862309 0.000000 udp 10.0.2.109 3683 -> 14.53.189.151 5470 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 05:44:31.065801 0.045116 tcp 10.0.2.109 49761 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:44:31.111199 0.046603 tcp 10.0.2.109 49762 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:44:31.158303 0.163696 tcp 10.0.2.109 49763 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/03 05:44:31.322763 0.146621 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:31.469805 0.188188 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:31.658382 0.216499 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:31.875285 0.068581 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:31.944286 0.215062 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:32.159759 0.233833 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:32.393988 0.184510 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:32.578845 0.192474 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:32.771699 0.142828 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:32.914955 0.175060 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:33.090557 0.156486 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:33.247493 0.103309 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:33.351231 0.164199 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:33.515756 0.221908 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:33.738013 0.150813 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:33.889241 0.131426 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:34.021039 0.166199 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:34.187654 0.211400 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:34.399514 0.614831 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:35.014786 0.039780 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:35.054959 0.284427 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:35.339795 0.115018 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:35.455159 0.423705 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:35.879277 0.161772 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:36.041531 0.250741 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:36.292683 0.141402 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:36.434491 0.076997 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:36.511901 0.794100 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:37.306455 0.244691 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:37.551559 0.165283 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:37.717201 0.040802 udp 10.0.2.109 3683 <-> 78.134.92.89 3467 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:44:37.758595 0.183112 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 05:47:16.946314 3.001289 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 05:47:23.952929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:47:31.954391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:47:47.957472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:48:19.963760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:54:23.970655 3.001001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 05:54:30.977463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:54:38.978785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:54:54.981945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:55:26.987726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 05:59:35.004777 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 05:59:35.005013 2.549796 tcp 10.0.2.109 49764 -> 211.38.175.27 4598 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/01/03 06:01:30.993465 3.001574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 06:01:38.001517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:01:46.002663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:02:02.005812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:02:34.011859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:08:38.017196 3.002161 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 06:08:45.024898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:08:53.026892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:09:09.029763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:09:41.035608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:14:52.934255 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 06:14:52.934407 0.201881 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:53.136661 0.147303 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:53.284323 0.190945 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:53.475674 0.068587 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:53.544672 0.433609 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:53.978676 0.214720 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:54.193801 0.184602 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:54.378769 0.199304 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:54.578465 0.139446 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:54.718275 0.112027 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:54.830667 0.155072 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:54.986133 0.223203 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:55.209724 0.148743 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:55.358843 0.179533 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:55.538769 0.156725 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:55.695815 0.094063 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:55.790299 0.163833 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:55.954556 0.250326 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:56.205227 0.286948 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:56.492598 0.113596 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:56.606588 0.335091 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:56.942060 0.250316 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:57.192731 0.039711 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:57.232788 0.169992 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:57.403130 0.406354 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:57.843498 0.140062 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:57.983973 0.080200 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:58.064533 0.166038 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:14:58.230977 0.000000 udp 10.0.2.109 3683 -> 78.134.92.89 3467 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 06:15:16.680964 0.046577 tcp 10.0.2.109 49765 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 06:15:16.727753 0.049175 tcp 10.0.2.109 49766 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 06:15:16.777190 0.148617 tcp 10.0.2.109 49767 -> 195.113.214.222 443 SRPA* 0 0 28 12102 flow=From-Botnet-V1-TCP-Established 1970/01/03 06:15:16.926620 1.053548 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:15:17.980570 0.235237 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:15:18.216232 0.185769 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:15:45.041845 3.001715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 06:15:52.048800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:16:00.050483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:16:16.053510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:16:48.059850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:22:52.065905 3.001206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 06:22:59.072968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:23:07.074506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:23:23.077243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:23:55.083715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:29:37.556281 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 06:29:37.556434 2.164935 tcp 10.0.2.109 49768 -> 211.38.175.27 4598 FSPA* 0 0 14 1673 flow=From-Botnet-V1-TCP-Established 1970/01/03 06:29:59.089317 3.001585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 06:30:06.097172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:30:14.098635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:30:30.101348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:31:02.107677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:37:06.114404 3.000735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 06:37:13.120800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:37:21.122673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:37:37.125800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:38:09.131225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:44:13.137217 3.002258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 06:44:20.144787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:44:28.146397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:44:44.149480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:45:16.155214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:45:43.094128 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 06:45:43.094215 0.054440 udp 10.0.2.109 3683 -> 78.134.92.89 3467 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 06:45:43.148655 0.000000 icmp 78.134.92.89 0x0303 -> 10.0.2.109 0x8b0d URP 192 1 115 flow=Background 1970/01/03 06:45:59.731372 0.047893 tcp 10.0.2.109 49769 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 06:45:59.779615 0.048704 tcp 10.0.2.109 49770 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 06:45:59.828649 0.152841 tcp 10.0.2.109 49771 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/03 06:45:59.982421 0.193920 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:00.176710 0.069080 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:00.246441 0.257147 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:00.503998 0.146725 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:00.651074 0.183338 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:00.834825 0.251939 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:01.087162 0.143567 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:01.231167 0.105713 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:01.337203 0.198296 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:01.535917 0.214550 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:01.750840 0.214107 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:01.965342 0.150074 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:02.115828 0.188006 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:02.304258 0.157756 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:02.462353 0.195081 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:02.657846 0.163437 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:02.821728 0.118526 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:02.940666 0.253490 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:03.194541 0.166433 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:03.361321 0.283992 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:03.645739 0.039780 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:03.685931 0.154900 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:03.841199 0.252972 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:04.094556 0.335390 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:04.430341 0.242522 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:04.673270 0.081454 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:04.755081 0.145369 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:04.900838 0.165779 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:05.067005 0.182893 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:05.250422 0.314787 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:46:05.565652 0.216611 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/03 06:51:20.162424 3.000763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 06:51:27.168980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:51:35.170615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:51:51.173739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:52:23.179365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:58:27.186364 3.000915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 06:58:34.193066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:58:42.194101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:58:58.197644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:59:30.203655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 06:59:39.727179 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 06:59:39.727270 1.915239 tcp 10.0.2.109 49772 -> 211.38.175.27 4598 FSPA* 0 0 15 1571 flow=From-Botnet-V1-TCP-Established 1970/01/03 07:05:34.210403 3.000986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 07:05:41.217036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:05:49.218424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:06:05.221446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:06:37.227634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:12:41.233868 3.000813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 07:12:48.240440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:12:56.242055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:13:12.244940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:13:44.251185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:16:27.426438 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 07:16:27.426661 0.201213 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:27.628287 0.146762 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:27.775430 0.187158 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:27.962985 0.186533 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:28.149934 0.067347 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:28.217634 0.198749 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:28.416822 0.141414 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:28.558634 0.101016 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:28.660004 0.296464 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:28.956856 0.212052 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:29.169315 0.214710 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:29.384441 0.150047 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:29.534933 0.180834 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:29.716171 0.155888 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:29.872468 0.075456 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:29.948250 0.155357 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:30.103950 0.163342 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:30.267712 0.288150 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:30.556281 0.039788 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:30.596436 0.160575 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:30.757475 0.118151 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:30.876028 0.228400 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:31.104823 0.251315 udp 10.0.2.109 3683 <-> 189.26.141.97 4451 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:31.356465 0.336843 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:31.693701 0.288567 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:31.982617 0.079143 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:32.062225 0.144079 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:32.206682 0.288532 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:32.495605 0.272137 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:32.768102 0.164411 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:16:32.932956 0.186008 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:19:48.257105 3.002131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 07:19:55.264915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:20:03.266640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:20:19.269414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:20:51.275074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:26:55.281852 3.000899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 07:27:02.289047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:27:10.290248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:27:26.293471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:27:58.299620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:29:41.648700 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 07:29:41.648803 1.941722 tcp 10.0.2.109 49773 -> 211.38.175.27 4598 FSPA* 0 0 15 1797 flow=From-Botnet-V1-TCP-Established 1970/01/03 07:34:02.305584 3.001162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 07:34:09.312585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:34:17.314117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:34:33.316974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:35:05.323235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:41:09.329723 3.001455 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 07:41:16.336859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:41:24.338170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:41:40.341106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:42:12.347085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:46:35.185091 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 07:46:35.185200 0.212605 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:35.398260 0.150245 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:35.548837 0.184465 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:35.733651 0.192789 rtcp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:35.926830 0.068521 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:35.995698 0.192899 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:36.188949 0.142615 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:36.331970 0.105309 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:36.437639 0.223575 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:36.661611 0.149908 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:36.811883 0.179804 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:36.992057 0.156636 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:37.149097 0.452137 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:37.601650 0.215505 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:37.817568 0.254853 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:38.072788 0.167284 udp 10.0.2.109 3683 <-> 71.48.23.198 4217 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:38.240436 0.164405 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:38.405291 0.285276 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:38.690922 0.039873 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:38.731128 0.157407 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:38.888962 0.119829 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:39.009202 0.337085 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:39.346645 0.215940 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:39.562949 0.000000 udp 10.0.2.109 3683 -> 189.26.141.97 4451 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 07:46:56.878424 0.054184 tcp 10.0.2.109 49774 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/03 07:46:56.932947 0.048533 tcp 10.0.2.109 49775 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/03 07:46:56.981849 0.143081 tcp 10.0.2.109 49776 -> 195.113.214.222 443 SRPA* 0 0 23 13376 flow=From-Botnet-V1-TCP-Established 1970/01/03 07:46:57.125516 0.249035 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:57.374984 0.075060 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:57.450579 0.141105 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:57.592041 0.792376 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:58.384820 0.218626 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:58.603902 0.163782 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:46:58.768048 0.183016 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/03 07:48:16.353097 3.001667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 07:48:23.360363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:48:31.362384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:48:47.364798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:49:19.371556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:55:23.377858 3.001343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 07:55:30.384827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:55:38.385955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:55:54.389699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:56:26.395263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 07:59:43.599357 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 07:59:43.599454 2.699618 tcp 10.0.2.109 49777 -> 211.38.175.27 4598 FSPA* 0 0 14 1738 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:02:30.401669 3.001287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 08:02:37.408721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:02:45.410380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:03:01.413224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:03:33.418735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:09:37.425424 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 08:09:44.432379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:09:52.433855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:10:08.437074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:10:40.443135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:16:44.449981 3.000379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 08:16:51.456241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:16:59.457766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:17:15.461013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:17:16.622925 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 08:17:16.623010 0.000000 udp 10.0.2.109 3683 -> 189.26.141.97 4451 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 08:17:34.440733 0.528567 tcp 10.0.2.109 49778 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:17:34.969587 0.556096 tcp 10.0.2.109 49779 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:17:35.525533 1.097421 tcp 10.0.2.109 49780 -> 195.113.214.222 443 SRPA* 0 0 33 25351 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:17:36.623676 0.449334 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:37.073401 0.462629 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:37.536374 0.397402 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:37.934138 0.439235 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:38.373755 0.393251 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:38.767400 0.341907 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:39.109663 0.462309 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:39.572309 0.393423 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:39.966756 0.437041 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:40.404221 0.320541 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:40.725173 0.418581 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:41.144125 0.457237 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:41.601804 0.417947 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:42.020131 0.408525 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:42.429090 0.420483 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:42.850007 0.525590 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:43.376022 0.295762 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:43.672136 0.397856 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:17:44.070562 0.000000 udp 10.0.2.109 3683 -> 71.48.23.198 4217 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 08:17:47.467005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:18:01.137998 0.484069 tcp 10.0.2.109 49781 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:18:01.622412 0.591261 tcp 10.0.2.109 49782 -> 195.113.214.222 80 SRPA* 0 0 23 13631 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:18:02.213448 0.328007 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:02.541898 0.358079 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:02.900368 0.566229 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:03.467007 0.578022 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:04.045455 0.499770 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:04.545644 0.330123 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:04.876179 0.381205 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:05.257791 0.412685 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:05.670869 0.533852 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:06.205086 0.482410 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:18:06.687897 0.419078 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:23:51.472387 3.002772 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 08:23:58.480343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:24:06.481840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:24:22.484911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:24:54.490804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:29:46.301228 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 08:29:46.301315 2.648958 tcp 10.0.2.109 49783 -> 211.38.175.27 4598 FSPA* 0 0 15 1614 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:30:58.497264 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 08:31:05.504247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:31:13.505751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:31:29.508551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:32:01.515233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:38:05.521872 3.000783 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 08:38:12.528064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:38:20.529931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:38:36.532857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:39:08.539189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:45:12.545144 3.001690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 08:45:19.552317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:45:27.553908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:45:43.557076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:46:15.563050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:48:30.066732 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 08:48:30.066921 0.000000 udp 10.0.2.109 3683 -> 71.48.23.198 4217 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 08:48:46.772429 0.511979 tcp 10.0.2.109 49784 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:48:47.284729 0.581904 tcp 10.0.2.109 49785 -> 195.113.214.222 80 SRPA* 0 0 19 14614 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:48:47.867399 0.431466 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:48.299267 0.455922 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:48.755539 0.500141 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:49.256108 0.468483 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:49.724992 0.399329 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:50.124729 0.435311 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:50.560418 0.334664 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:50.895520 0.395581 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:51.291463 0.309621 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:51.601442 0.436074 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:52.037918 0.462005 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:52.500271 0.446830 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:52.947450 0.415423 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:53.363253 0.406501 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:53.770146 0.430627 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:54.201166 0.528850 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:54.730416 0.288937 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:55.019775 0.398546 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:55.418664 0.518825 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:55.937865 0.362628 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:56.300888 0.576343 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:56.877645 0.463113 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:57.341153 0.480434 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:57.821951 0.344337 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:58.166664 0.386943 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:58.554042 0.409274 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:58.963669 0.556151 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:59.520220 0.462366 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:48:59.982935 0.439900 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/03 08:52:19.568619 3.001905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 08:52:26.576494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:52:34.577623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:52:50.580731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:53:22.587033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:59:26.592440 3.002204 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 08:59:33.600419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:59:41.602088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 08:59:48.952510 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 08:59:48.952610 2.751406 tcp 10.0.2.109 49786 -> 211.38.175.27 4598 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/01/03 08:59:57.604561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:00:29.611143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:06:33.617456 3.000946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 09:06:40.624015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:06:48.625819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:07:04.628948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:07:37.185404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:13:41.192663 3.000503 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 09:13:48.199163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:13:56.200389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:14:12.203604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:14:44.209292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:19:15.770319 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 09:19:15.770532 0.430850 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:16.201834 0.435812 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:16.638019 0.399370 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:17.037789 0.441254 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:17.479466 0.339434 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:17.819292 0.362955 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:18.182696 0.458846 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:18.641991 0.401195 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:19.043606 0.312218 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:19.356260 0.439216 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:19.795918 0.447485 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:20.243790 0.511470 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:20.755623 0.598714 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:21.354737 0.419762 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:21.774885 0.428156 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:22.203436 0.526147 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:22.729918 0.293973 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:23.024279 0.419827 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:23.444480 0.556222 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:24.001140 0.382556 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:24.384137 0.359290 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:24.743841 0.466801 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:25.211023 0.495390 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:25.706759 0.321624 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:26.028781 0.384019 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:26.413244 0.399228 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:26.812978 0.551196 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:27.364549 0.482282 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:19:27.847243 0.430055 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:20:48.215421 3.001853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 09:20:55.223017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:21:03.224191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:21:19.227674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:21:51.233698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:27:55.240190 3.000999 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 09:28:02.246955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:28:10.248610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:28:26.251430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:28:58.257612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:29:51.974752 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 09:29:51.974938 2.673177 tcp 10.0.2.109 49787 -> 211.38.175.27 4598 FSPA* 0 0 14 1555 flow=From-Botnet-V1-TCP-Established 1970/01/03 09:35:02.263606 3.001700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 09:35:09.270816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:35:17.272032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:35:33.275208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:36:05.281711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:42:09.287312 3.001747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 09:42:16.295169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:42:24.296267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:42:40.299603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:43:12.305752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:49:16.310781 3.002406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 09:49:23.319139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:49:31.320164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:49:42.356956 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 09:49:42.357061 0.410513 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:49:42.767991 0.470021 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:49:43.238400 0.626058 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:49:43.864880 0.424641 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:49:44.289934 0.468936 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:49:44.759232 0.349497 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:49:45.109149 0.631137 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:49:45.740745 0.404264 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:49:46.145372 0.000000 udp 10.0.2.109 3683 -> 31.53.117.66 5422 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 09:49:47.323660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:50:01.345871 0.544812 tcp 10.0.2.109 49788 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 09:50:01.891047 0.553136 tcp 10.0.2.109 49789 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 09:50:02.444510 1.332160 tcp 10.0.2.109 49790 -> 195.113.214.222 443 SRPA* 0 0 38 27931 flow=From-Botnet-V1-TCP-Established 1970/01/03 09:50:03.777469 0.406943 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:04.184823 0.444009 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:04.629160 0.485330 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:05.114917 0.432226 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:05.547510 0.412880 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:05.960789 0.440124 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:06.401293 0.533423 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:06.935081 0.280689 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:07.216144 0.411821 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:07.628382 0.354054 udp 10.0.2.109 3683 <-> 176.222.173.192 1191 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:07.982774 0.591626 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:08.574776 0.339144 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:08.914406 0.424470 udp 10.0.2.109 3683 <-> 76.224.175.85 1447 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:09.339224 0.490586 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:09.830246 0.323881 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:10.154507 0.375989 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:10.530943 0.399941 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:10.931310 0.578606 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:11.510300 0.535712 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:12.046388 0.418832 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 09:50:19.329389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:56:23.335133 3.001939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 09:56:30.343039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:56:38.344013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:56:54.347548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:57:26.353236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 09:59:54.647218 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 09:59:54.647324 2.703347 tcp 10.0.2.109 49791 -> 211.38.175.27 4598 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:03:30.359890 3.001290 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 10:03:37.366464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:03:45.368143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:04:01.371495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:04:33.376965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:10:37.383807 3.001047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 10:10:44.390789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:10:52.392245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:11:08.395030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:11:40.401607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:17:44.407510 3.001543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 10:17:51.414748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:17:59.416048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:18:15.419002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:18:47.424917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:20:27.920312 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 10:20:27.920419 0.308636 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:28.229521 0.436850 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:28.666785 0.437994 udp 10.0.2.109 3683 <-> 97.78.253.186 7622 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:29.105205 0.457138 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:29.562791 0.360582 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:29.923776 0.462165 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:30.386381 0.388482 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:30.775293 0.357309 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:31.133009 0.399767 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:31.533182 0.497482 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:32.031065 0.443218 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:32.474644 0.457671 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:32.932677 0.416404 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:33.349494 0.408219 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:33.758079 0.437068 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:34.195570 0.390549 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:34.586527 0.524522 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:35.111440 0.292139 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:35.403908 0.000000 udp 10.0.2.109 3683 -> 176.222.173.192 1191 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 10:20:53.179043 0.544552 tcp 10.0.2.109 49792 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:20:53.723884 0.540346 tcp 10.0.2.109 49793 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:20:54.264482 1.353064 tcp 10.0.2.109 49794 -> 195.113.214.222 443 SRPA* 0 0 36 24903 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:20:55.618186 0.586876 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:56.205460 0.362240 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:20:56.568114 0.000000 udp 10.0.2.109 3683 -> 76.224.175.85 1447 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 10:21:14.758152 0.513855 tcp 10.0.2.109 49795 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:21:15.272256 0.542805 tcp 10.0.2.109 49796 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:21:15.814922 1.366354 tcp 10.0.2.109 49797 -> 195.113.214.222 443 SRPA* 0 0 39 27985 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:21:17.181980 0.481861 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:21:17.664305 0.328823 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:21:17.993541 0.369086 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:21:18.363058 0.397844 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:21:18.761297 0.000000 udp 10.0.2.109 3683 -> 200.93.56.18 6467 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 10:21:37.130586 0.534400 tcp 10.0.2.109 49798 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:21:37.665267 0.515144 tcp 10.0.2.109 49799 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:21:38.180699 1.142423 tcp 10.0.2.109 49800 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:21:39.323706 0.506841 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:21:39.831070 0.429784 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:24:51.432100 3.000954 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 10:24:58.438433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:25:06.439930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:25:22.443312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:25:54.449259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:29:57.358675 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 10:29:57.358867 2.786630 tcp 10.0.2.109 49801 -> 211.38.175.27 4598 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:31:58.455584 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 10:32:05.462494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:32:13.463809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:32:29.466928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:33:01.473075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:39:05.478553 3.002049 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 10:39:12.486322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:39:20.487795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:39:36.490824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:40:08.497318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:46:12.504230 3.000567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 10:46:19.510740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:46:27.512220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:46:43.514918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:47:15.521158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:51:54.922787 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 10:51:54.923022 0.000000 udp 10.0.2.109 3683 -> 176.222.173.192 1191 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 10:52:11.079019 0.550966 tcp 10.0.2.109 49802 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:52:11.630279 0.533147 tcp 10.0.2.109 49803 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:52:12.163757 1.341347 tcp 10.0.2.109 49804 -> 195.113.214.222 443 SRPA* 0 0 39 27383 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:52:13.505744 0.000000 udp 10.0.2.109 3683 -> 76.224.175.85 1447 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 10:52:28.522709 0.530930 tcp 10.0.2.109 49805 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:52:29.053509 0.532903 tcp 10.0.2.109 49806 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:52:29.586740 1.358248 tcp 10.0.2.109 49807 -> 195.113.214.222 443 SRPA* 0 0 39 27383 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:52:30.945542 0.554382 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:31.500335 0.316874 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:31.817585 0.428247 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:32.246216 0.444843 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:32.691439 0.000000 udp 10.0.2.109 3683 -> 97.78.253.186 7622 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 10:52:49.141870 0.525625 tcp 10.0.2.109 49808 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:52:49.667809 0.545282 tcp 10.0.2.109 49809 -> 195.113.214.222 80 SRPA* 0 0 20 14755 flow=From-Botnet-V1-TCP-Established 1970/01/03 10:52:50.213588 0.391685 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:50.605614 0.507804 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:51.113811 0.467932 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:51.582331 0.391699 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:51.974407 0.357574 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:52.332363 0.435722 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:52.768430 0.384116 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:53.152974 0.425674 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:53.578999 0.407298 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:53.986672 0.451599 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:54.438711 0.438823 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:54.877935 0.403974 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:55.282405 0.524933 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:55.807749 0.281160 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:56.089322 0.581332 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:56.671085 0.416184 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:57.087655 0.499487 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:57.587540 0.372272 udp 10.0.2.109 3683 <-> 50.97.71.116 7095 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:57.960202 0.323683 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:58.284290 0.422222 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:58.706891 0.478541 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:52:59.185818 0.431840 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 10:53:19.947216 3.002343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 10:53:26.955341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:53:34.956964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:53:50.959449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 10:54:22.965346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:00:00.341737 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 11:00:00.341851 2.978612 tcp 10.0.2.109 49810 -> 211.38.175.27 4598 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:00:26.972515 3.001277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 11:00:33.979482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:00:41.980798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:00:57.983561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:01:29.989369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:07:33.996177 3.001237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 11:07:41.002901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:07:49.004370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:08:05.007551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:08:37.013594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:14:41.018980 3.002144 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 11:14:48.027081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:14:56.028649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:15:12.031972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:15:44.037567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:21:48.043677 3.001868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 11:21:55.051012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:22:03.052291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:22:19.055755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:22:51.061842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:23:11.982537 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 11:23:11.982650 0.000000 udp 10.0.2.109 3683 -> 97.78.253.186 7622 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 11:23:29.329238 0.555331 tcp 10.0.2.109 49811 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:23:29.884826 0.549593 tcp 10.0.2.109 49812 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:23:30.434748 1.354971 tcp 10.0.2.109 49813 -> 195.113.214.222 443 SRPA* 0 0 33 24741 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:23:31.790518 0.562424 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:32.353385 0.279807 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:32.633647 0.427906 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:33.061944 0.450585 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:33.512885 0.395532 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:33.908804 0.406125 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:34.315352 0.393729 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:34.709554 0.449562 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:35.159531 0.353320 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:35.513304 0.426194 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:35.939922 0.419979 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:36.360259 0.434678 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:36.795381 0.419059 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:37.214892 0.479310 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:37.694534 0.431085 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:38.125982 0.399892 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:38.526418 0.529867 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:39.056666 0.288074 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:39.345097 0.599869 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:39.945386 0.436896 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:40.382632 0.486700 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:23:40.869797 0.000000 udp 10.0.2.109 3683 -> 50.97.71.116 7095 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 11:23:58.600144 0.562269 tcp 10.0.2.109 49814 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:23:59.162717 0.548804 tcp 10.0.2.109 49815 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:23:59.711491 1.327801 tcp 10.0.2.109 49816 -> 195.113.214.222 443 SRPA* 0 0 35 25459 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:24:01.040020 0.325107 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:24:01.365551 0.416376 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:24:01.782527 0.543649 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:24:02.326542 0.436316 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:28:55.068221 3.001326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 11:29:02.074811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:29:10.076448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:29:26.079127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:29:58.085607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:30:03.323716 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 11:30:03.323826 2.679540 tcp 10.0.2.109 49817 -> 211.38.175.27 4598 FSPA* 0 0 12 1548 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:36:02.092150 3.000925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 11:36:09.098847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:36:17.100539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:36:33.103524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:37:05.109726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:43:09.115528 3.001761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 11:43:16.123116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:43:24.124025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:43:40.127704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:44:12.133279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:50:16.139489 3.001853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 11:50:23.146880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:50:31.148020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:50:47.151569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:51:19.157590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:54:12.887309 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 11:54:12.887404 0.000000 udp 10.0.2.109 3683 -> 50.97.71.116 7095 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 11:54:31.687192 0.541519 tcp 10.0.2.109 49818 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:54:32.229025 0.560257 tcp 10.0.2.109 49819 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:54:32.789606 1.314242 tcp 10.0.2.109 49820 -> 195.113.214.222 443 SRPA* 0 0 33 24741 flow=From-Botnet-V1-TCP-Established 1970/01/03 11:54:34.105155 0.561223 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:34.666743 0.289309 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:34.956433 0.441486 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:35.398290 0.441991 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:35.840630 0.389984 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:36.231094 0.473799 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:36.705257 0.387164 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:37.092812 0.439047 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:37.532284 0.448233 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:37.980925 0.358602 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:38.339947 0.410515 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:38.750889 0.456943 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:39.208285 0.499461 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:39.708176 0.411171 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:40.119777 0.419371 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:40.539546 0.422422 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:40.962461 0.254767 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:41.217650 0.488061 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:41.706335 0.556232 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:42.262931 0.604229 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:42.867620 0.404224 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:43.272189 0.323687 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:43.596225 0.403085 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:43.999666 0.567770 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:54:44.567872 0.429677 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/03 11:57:23.163159 3.002305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 11:57:30.170652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:57:38.172015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:57:54.176179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 11:58:26.181742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:00:06.005050 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 12:00:06.005158 2.671229 tcp 10.0.2.109 49821 -> 211.38.175.27 4598 FSPA* 0 0 14 1545 flow=From-Botnet-V1-TCP-Established 1970/01/03 12:04:30.187314 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 12:04:37.194617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:04:45.196505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:05:01.199484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:05:33.205634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:11:37.211922 3.000964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 12:11:44.218775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:11:52.219895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:12:08.223125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:12:40.228986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:18:44.235766 3.000990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 12:18:51.242609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:18:59.243858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:19:15.247370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:19:47.253096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:24:47.104956 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 12:24:47.105060 0.556938 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:47.662479 0.290305 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:47.953202 0.435881 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:48.389504 0.441338 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:48.831277 0.387942 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:49.219683 0.412827 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:49.632950 0.460374 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:50.093727 0.404641 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:50.498802 0.444115 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:50.943328 0.333430 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:51.277175 0.402628 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:51.680241 0.442831 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:52.123467 0.463342 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:52.587233 0.434792 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:53.022549 0.402665 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:53.425576 0.394626 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:53.820608 0.252573 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:54.073608 0.905986 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:54.979943 0.578000 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:55.558331 0.499573 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:24:56.058480 0.000000 udp 10.0.2.109 3683 -> 31.197.209.67 1519 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 12:25:13.484799 0.498713 tcp 10.0.2.109 49822 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 12:25:13.983375 0.504965 tcp 10.0.2.109 49823 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 12:25:14.488591 1.092209 tcp 10.0.2.109 49824 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/03 12:25:15.581550 0.351950 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:25:15.933943 0.418502 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:25:16.352847 0.000000 udp 10.0.2.109 3683 -> 190.155.11.222 7822 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 12:25:32.210575 0.521260 tcp 10.0.2.109 49825 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 12:25:32.732160 0.500777 tcp 10.0.2.109 49826 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 12:25:33.233253 1.152166 tcp 10.0.2.109 49827 -> 195.113.214.222 443 SRPA* 0 0 21 13038 flow=From-Botnet-V1-TCP-Established 1970/01/03 12:25:34.385985 0.437279 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:25:51.260039 3.000680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 12:25:58.266650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:26:06.267951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:26:22.271187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:26:54.277226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:30:08.676672 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 12:30:08.676853 2.665559 tcp 10.0.2.109 49828 -> 211.38.175.27 4598 FSPA* 0 0 14 1614 flow=From-Botnet-V1-TCP-Established 1970/01/03 12:32:58.283277 3.001707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 12:33:05.290535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:33:13.291905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:33:29.295160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:34:01.301059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:40:05.307540 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 12:40:12.314754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:40:20.315910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:40:36.319337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:41:08.325435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:47:12.331836 3.000967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 12:47:19.338591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:47:27.339770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:47:43.342899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:48:15.348995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:54:19.355770 3.000755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 12:54:26.362622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:54:34.364252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:54:50.367249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:55:22.373283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 12:55:48.540723 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 12:55:48.540978 0.405639 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:48.947055 0.462674 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:48.947440 2.998469 tcp 10.0.2.109 49829 -> 31.197.209.67 4165 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 12:55:49.410334 0.931017 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:50.341748 0.313287 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:50.655417 0.402303 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:51.058088 0.439107 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:51.497541 0.407438 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:51.905350 0.388336 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:52.294117 0.428905 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:52.723427 0.457831 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:53.181632 0.398371 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:53.580351 0.415797 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:53.996554 0.366622 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:54.363541 0.430341 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:54.794369 0.446454 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:55.241229 0.431336 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:55.673023 0.408137 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:56.081584 0.433910 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:56.515923 0.287782 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:56.804057 0.522290 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:57.326751 0.581767 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:57.908951 0.486318 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:57.944273 0.000000 tcp 10.0.2.109 49829 -> 31.197.209.67 4165 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 12:55:58.395671 0.334064 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:58.730170 0.395922 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/03 12:55:59.126529 0.428156 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:00:11.349096 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 13:00:11.349266 2.738896 tcp 10.0.2.109 49830 -> 211.38.175.27 4598 FSPA* 0 0 12 1466 flow=From-Botnet-V1-TCP-Established 1970/01/03 13:01:26.379224 3.001878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 13:01:33.386169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:01:41.387896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:01:57.391188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:02:29.396691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:08:33.403014 3.001473 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 13:08:40.410268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:08:48.412105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:09:04.415273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:09:36.421069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:15:40.427138 3.001695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 13:15:47.434547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:15:55.435786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:16:11.439238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:16:43.444990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:22:47.450507 3.002168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 13:22:54.458408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:23:02.459543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:23:18.463025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:23:50.469223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:26:11.392047 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 13:26:11.392276 0.596786 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:11.989602 0.501625 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:11.990073 2.996241 tcp 10.0.2.109 49831 -> 31.197.209.67 4165 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 13:26:12.491650 0.562907 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:13.054912 0.321828 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:13.377100 0.428159 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:13.805614 0.442913 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:14.248911 0.389184 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:14.638567 0.387744 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:15.026802 0.435786 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:15.463002 0.469820 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:15.933225 0.393352 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:16.326978 0.412456 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:16.739790 0.356825 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:17.096970 0.473230 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:17.570643 0.453254 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:18.024270 0.426123 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:18.450819 0.283543 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:18.734807 0.416517 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:19.151754 0.420899 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:19.573035 0.540554 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:20.114044 0.626834 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:20.741259 0.504622 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:20.985042 0.000000 tcp 10.0.2.109 49831 -> 31.197.209.67 4165 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 13:26:21.246431 0.327178 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:21.573966 0.410960 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:26:21.985297 0.435576 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:29:54.475286 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 13:30:01.482374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:30:09.483887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:30:14.090610 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 13:30:14.090706 2.785228 tcp 10.0.2.109 49832 -> 211.38.175.27 4598 FSPA* 0 0 14 1704 flow=From-Botnet-V1-TCP-Established 1970/01/03 13:30:25.486637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:30:57.492743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:37:01.499466 3.000979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 13:37:08.506323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:37:16.507750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:37:32.511129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:38:04.516789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:44:08.522869 3.001842 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 13:44:15.530559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:44:23.531501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:44:39.534883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:45:11.540604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:51:15.546776 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 13:51:22.554246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:51:30.555559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:51:46.558963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:52:18.564742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:56:49.214337 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 13:56:49.214441 0.333684 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:49.548601 0.499144 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:49.548990 2.999583 tcp 10.0.2.109 49833 -> 31.197.209.67 4165 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 13:56:50.048128 0.423977 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:50.472522 0.562901 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:51.035870 0.310208 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:51.346558 0.442709 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:51.789616 0.388725 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:52.178733 0.473773 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:52.652915 0.389738 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:53.043046 0.458515 udp 10.0.2.109 3683 <-> 67.232.56.212 4590 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:53.501979 0.392337 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:53.894773 0.413626 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:54.308800 0.348946 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:54.658155 0.472379 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:55.130874 0.283077 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:55.414413 0.452513 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:55.867351 0.426842 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:56.294624 0.421915 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:56.716933 0.416537 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:57.133832 0.530771 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:57.665012 0.578593 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:58.244038 0.416089 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:58.547547 0.000000 tcp 10.0.2.109 49833 -> 31.197.209.67 4165 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 13:56:58.660536 0.491093 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:59.151999 0.332776 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:56:59.485198 0.427010 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/03 13:58:22.570747 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 13:58:29.578104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:58:37.580021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:58:53.583006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 13:59:25.588817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:00:16.882627 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 14:00:16.882743 2.748382 tcp 10.0.2.109 49834 -> 211.38.175.27 4598 FSPA* 0 0 15 1641 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:05:29.595127 3.001602 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 14:05:36.601884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:05:44.603967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:06:00.606975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:06:32.612798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:12:36.619371 3.001317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 14:12:43.626194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:12:51.627925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:13:07.630687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:13:39.636619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:19:43.642373 3.001712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 14:19:50.649910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:19:58.651574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:20:14.654614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:20:46.660885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:26:50.666948 3.001184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 14:26:57.674310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:27:05.675871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:27:06.667513 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 14:27:06.667730 0.337190 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:07.005427 0.460021 udp 10.0.2.109 3683 <-> 190.155.11.222 7822 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:07.005910 3.005572 tcp 10.0.2.109 49835 -> 31.197.209.67 4165 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 14:27:07.465817 0.438422 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:07.904676 0.701331 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:08.606447 0.317167 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:08.924050 0.468759 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:09.393185 0.396781 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:09.790403 0.462463 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:10.253239 0.404759 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:10.658413 0.392398 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:11.051231 0.000000 udp 10.0.2.109 3683 -> 67.232.56.212 4590 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:27:16.010069 0.000000 tcp 10.0.2.109 49835 -> 31.197.209.67 4165 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 14:27:21.678822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:27:29.832112 0.538060 tcp 10.0.2.109 49836 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:27:30.370468 0.554966 tcp 10.0.2.109 49837 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:27:30.925308 1.369452 tcp 10.0.2.109 49838 -> 195.113.214.222 443 SRPA* 0 0 39 27985 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:27:32.295481 0.404719 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:32.700610 0.342830 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:32.700960 2.997705 tcp 10.0.2.109 49839 -> 99.26.224.9 1538 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 14:27:33.043812 0.453226 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:33.497452 0.461744 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:33.959542 0.300836 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:34.260799 0.433775 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:34.694937 0.415895 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:35.111234 0.410470 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:35.522067 0.531675 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:36.054360 0.574373 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:36.629174 0.411149 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:37.040753 0.430733 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:37.471920 0.491501 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:37.963827 0.325724 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:27:41.697215 0.000000 tcp 10.0.2.109 49839 -> 99.26.224.9 1538 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 14:27:46.457376 0.254626 udp 10.0.2.109 62651 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/03 14:27:46.712517 0.255670 udp 10.0.2.109 62336 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/03 14:27:53.684445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:30:19.634562 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 14:30:19.634678 2.737154 tcp 10.0.2.109 49840 -> 211.38.175.27 4598 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:33:57.690296 3.002119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 14:34:04.697940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:34:12.699852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:34:28.702664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:35:00.708724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:41:04.715235 3.000665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 14:41:11.722015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:41:19.723802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:41:35.726197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:42:07.732893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:48:11.738707 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 14:48:18.746021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:48:26.747432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:48:42.750746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:49:14.756402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:55:18.762261 3.002430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 14:55:25.769679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:55:33.771663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:55:49.774243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:56:21.780510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 14:57:51.139550 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 14:57:51.139703 0.000000 udp 10.0.2.109 3683 -> 67.232.56.212 4590 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:58:06.613689 0.555148 tcp 10.0.2.109 49841 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:58:07.169099 0.571687 tcp 10.0.2.109 49842 -> 195.113.214.222 80 SRPA* 0 0 19 14667 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:58:07.741361 0.000000 udp 10.0.2.109 3683 -> 190.155.11.222 7822 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:58:23.085808 0.536202 tcp 10.0.2.109 49843 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:58:23.622423 0.552047 tcp 10.0.2.109 49844 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:58:24.174722 1.370040 tcp 10.0.2.109 49845 -> 195.113.214.222 443 SRPA* 0 0 36 26973 flow=From-Botnet-V1-TCP-Established 1970/01/03 14:58:25.545339 0.338837 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:25.884677 0.432083 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:25.885083 3.008113 tcp 10.0.2.109 49846 -> 31.197.209.67 4165 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 14:58:26.317163 0.553496 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:26.871081 0.313119 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:27.184615 0.520454 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:27.705512 0.441728 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:28.147652 0.407439 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:28.555520 0.467016 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:29.022906 0.392439 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:29.415805 0.404595 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:29.820779 0.351787 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:30.173011 0.449302 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:30.622743 0.468106 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:31.091265 0.290427 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:31.382110 0.429281 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:31.811833 0.412282 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:32.224523 0.422442 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:32.647382 0.530172 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:33.177967 0.599257 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:33.777632 0.496256 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:34.274308 0.415358 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:34.690030 0.434448 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:34.891800 0.000000 tcp 10.0.2.109 49846 -> 31.197.209.67 4165 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 14:58:35.124873 0.322104 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:35.491728 0.000000 udp 10.0.2.109 3683 -> 190.155.11.222 7822 REQ 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:58:41.982506 0.340657 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 724 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:42.323601 0.561656 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 693 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:42.885693 0.431603 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 692 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:43.317768 0.297248 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:43.615515 0.407385 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:44.023445 0.401894 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 768 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:44.425916 0.445758 udp 10.0.2.109 3683 <-> 142.59.253.98 3441 CON 0 0 2 661 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:44.872104 0.401795 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:45.274450 0.398725 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 835 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:45.673610 0.460897 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 811 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:46.135040 0.342671 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 815 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:46.478279 0.453063 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 714 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:46.931742 0.287632 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 661 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:47.219798 0.423476 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 769 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:47.643807 0.490152 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:48.134510 0.416841 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 810 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:48.551882 0.405741 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 716 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:48.958182 0.529800 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:49.488428 0.627279 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:50.116186 0.412747 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 815 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:50.529448 0.530492 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 777 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:51.060437 0.331192 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 746 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:51.392174 0.428962 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 745 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:51.821739 0.000000 udp 10.0.2.109 3683 -> 188.14.172.56 4807 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:58:59.267268 0.436339 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 718 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:58:59.767862 0.000000 udp 10.0.2.109 3683 -> 173.68.100.123 4143 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:59:05.576264 0.000000 udp 10.0.2.109 3683 -> 189.114.69.39 7026 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:59:10.312403 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 14:59:11.494555 0.000000 udp 10.0.2.109 3683 -> 216.215.82.154 9487 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:59:19.295719 0.000000 udp 10.0.2.109 3683 -> 202.81.243.7 8984 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:59:24.653449 0.000000 udp 10.0.2.109 3683 -> 108.64.24.222 6633 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:59:30.151461 0.394394 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/01/03 14:59:30.557268 0.000000 udp 10.0.2.109 3683 -> 91.14.76.101 4109 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:59:36.340305 0.000000 udp 10.0.2.109 3683 -> 38.113.179.52 7623 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:59:44.772624 0.000000 udp 10.0.2.109 3683 -> 66.166.109.131 2534 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:59:52.564030 0.000000 udp 10.0.2.109 3683 -> 209.89.60.187 9950 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 14:59:57.310104 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 14:59:58.041291 0.000000 udp 10.0.2.109 3683 -> 79.135.34.53 7196 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:00:03.079111 0.000000 udp 10.0.2.109 3683 -> 78.168.218.197 1169 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:00:08.577011 0.000000 udp 10.0.2.109 3683 -> 99.252.8.19 8460 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:00:14.234483 0.000000 udp 10.0.2.109 3683 -> 183.178.3.98 8290 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:00:22.376680 2.846710 tcp 10.0.2.109 49847 -> 211.38.175.27 4598 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/01/03 15:00:22.386523 0.000000 udp 10.0.2.109 3683 -> 72.240.124.118 1705 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:00:29.557050 0.000000 udp 10.0.2.109 3683 -> 208.64.147.1 7375 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:00:36.045917 0.000000 udp 10.0.2.109 3683 -> 203.219.115.2 8502 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:00:44.468087 0.000000 udp 10.0.2.109 3683 -> 58.32.191.30 2567 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:00:52.229495 0.000000 udp 10.0.2.109 3683 -> 68.236.156.55 9624 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:00:57.377200 0.000000 udp 10.0.2.109 3683 -> 82.153.178.253 6511 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:01:05.999391 0.000000 udp 10.0.2.109 3683 -> 74.7.151.25 6328 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:01:10.805787 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:01:12.127929 0.000000 udp 10.0.2.109 3683 -> 75.115.140.167 4839 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:01:18.457184 0.000000 udp 10.0.2.109 3683 -> 69.24.205.188 1716 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:01:26.609191 0.000000 udp 10.0.2.109 3683 -> 79.38.120.117 1708 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:01:32.607327 0.000000 udp 10.0.2.109 3683 -> 190.234.108.244 9401 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:01:39.036501 0.000000 udp 10.0.2.109 3683 -> 71.184.162.239 8892 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:01:45.246026 0.000000 udp 10.0.2.109 3683 -> 85.102.134.18 1543 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:01:53.177936 0.450077 udp 10.0.2.109 3683 -> 190.56.16.96 1507 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:01:53.628013 0.000000 icmp 190.56.16.96 0x0303 -> 10.0.2.109 0xe305 URP 192 1 259 flow=Background 1970/01/03 15:01:57.803718 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:02:01.449069 0.000000 udp 10.0.2.109 3683 -> 92.18.190.47 2279 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:02:09.310466 0.000000 udp 10.0.2.109 3683 -> 12.70.92.162 3327 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:02:17.652337 0.000000 udp 10.0.2.109 3683 -> 87.25.87.150 1738 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:02:25.142713 0.000000 udp 10.0.2.109 3683 -> 90.217.70.46 3148 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:02:25.787415 3.000906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 15:02:31.172604 0.000000 udp 10.0.2.109 3683 -> 194.27.58.162 9119 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:02:32.793986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:02:37.420501 0.000000 udp 10.0.2.109 3683 -> 174.29.233.93 9493 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:02:40.795644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:02:42.307707 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:02:43.199273 0.000000 udp 10.0.2.109 3683 -> 206.217.17.214 2735 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:02:49.858342 0.000000 udp 10.0.2.109 3683 -> 97.66.167.193 8040 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:02:58.521224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:03:00.854115 0.000000 udp 10.0.2.109 3683 -> 80.111.138.51 9112 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:03:09.637227 0.000000 udp 10.0.2.109 3683 -> 94.64.120.149 4543 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:03:16.977434 0.000000 udp 10.0.2.109 3683 -> 76.8.212.218 7831 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:03:24.087691 0.000000 udp 10.0.2.109 3683 -> 78.172.97.92 1524 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:03:31.488030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:03:31.978875 0.428992 udp 10.0.2.109 3683 -> 208.179.43.29 9986 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:03:32.407867 0.000000 icmp 208.179.33.46 0x0303 -> 10.0.2.109 0x0227 URP 192 1 202 flow=Background 1970/01/03 15:03:36.495186 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:03:38.338623 0.000000 udp 10.0.2.109 3683 -> 41.205.74.22 1029 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:03:46.960558 0.000000 udp 10.0.2.109 3683 -> 31.195.115.170 8674 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:03:54.642234 0.000000 udp 10.0.2.109 3683 -> 97.69.202.89 2626 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:04:01.041110 0.000000 udp 10.0.2.109 3683 -> 222.170.146.82 1626 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:04:06.758841 0.000000 udp 10.0.2.109 3683 -> 172.14.153.10 7427 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:04:12.517527 0.000000 udp 10.0.2.109 3683 -> 201.223.243.119 8461 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:04:20.048046 0.000000 udp 10.0.2.109 3683 -> 99.240.102.190 3025 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:04:25.796148 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:04:30.523565 0.000000 udp 10.0.2.109 3683 -> 88.25.122.244 8897 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:04:38.614709 0.000000 udp 10.0.2.109 3683 -> 86.51.189.174 3439 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:04:45.083940 0.000000 udp 10.0.2.109 3683 -> 151.74.132.64 9906 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:04:53.496223 0.000000 udp 10.0.2.109 3683 -> 210.23.136.36 4521 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:05:00.536346 0.000000 udp 10.0.2.109 3683 -> 79.107.208.47 1395 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:05:08.568230 0.000000 udp 10.0.2.109 3683 -> 165.228.231.212 1931 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:05:13.294281 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:05:14.026093 0.000000 udp 10.0.2.109 3683 -> 71.100.147.68 5859 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:05:22.207718 0.000000 udp 10.0.2.109 3683 -> 90.205.75.137 6252 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:05:30.089217 0.000000 udp 10.0.2.109 3683 -> 2.228.154.198 7812 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:05:36.368299 0.000000 udp 10.0.2.109 3683 -> 95.130.140.106 3622 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:05:43.798377 0.000000 udp 10.0.2.109 3683 -> 79.51.60.244 2448 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:05:51.870807 0.000000 udp 10.0.2.109 3683 -> 86.6.105.107 5163 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:05:59.891982 0.000000 udp 10.0.2.109 3683 -> 50.97.71.116 7095 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:06:04.448255 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:06:05.319560 0.000000 udp 10.0.2.109 3683 -> 87.66.127.187 4934 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:06:13.070814 0.000000 udp 10.0.2.109 3683 -> 202.72.136.233 3870 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:06:18.157911 0.000000 udp 10.0.2.109 3683 -> 91.56.140.242 7054 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:06:26.760257 0.000000 udp 10.0.2.109 3683 -> 79.129.44.65 2343 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:06:34.601592 0.000000 udp 10.0.2.109 3683 -> 92.28.173.245 6513 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:06:41.181269 0.000000 udp 10.0.2.109 3683 -> 78.134.92.89 3467 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:06:46.308456 0.000000 udp 10.0.2.109 3683 -> 83.104.57.70 8399 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:06:50.944880 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:06:52.267196 0.000000 udp 10.0.2.109 3683 -> 173.24.187.206 5847 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:06:57.484638 0.395610 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:06:57.891532 0.000000 udp 10.0.2.109 3683 -> 68.4.243.145 8509 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:07:03.212657 0.000000 udp 10.0.2.109 3683 -> 181.1.43.123 8229 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:07:10.212593 0.000000 udp 10.0.2.109 3683 -> 213.106.225.173 4467 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:07:18.835250 0.366261 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 712 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:07:19.358024 0.000000 udp 10.0.2.109 3683 -> 49.207.245.134 7617 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:07:27.327183 0.000000 udp 10.0.2.109 3683 -> 208.107.79.132 7760 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:07:34.257336 0.480744 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:07:34.796557 0.395177 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:07:35.232237 0.000000 udp 10.0.2.109 3683 -> 91.2.72.211 8131 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:07:38.943817 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:07:43.410668 0.000000 udp 10.0.2.109 3683 -> 95.225.87.57 2928 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:07:50.120178 0.000000 udp 10.0.2.109 3683 -> 121.6.113.181 3291 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:07:55.137311 0.000000 udp 10.0.2.109 3683 -> 112.209.138.58 8518 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:08:02.868463 0.000000 udp 10.0.2.109 3683 -> 118.236.189.77 1269 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:08:08.727269 0.000000 udp 10.0.2.109 3683 -> 78.186.242.137 2015 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:08:13.764014 0.000000 udp 10.0.2.109 3683 -> 130.49.70.22 1663 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:08:18.931896 0.341102 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:08:19.285014 0.000000 udp 10.0.2.109 3683 -> 68.11.102.50 2952 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:08:23.447690 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:08:26.842871 0.000000 udp 10.0.2.109 3683 -> 115.109.15.44 3024 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:08:34.433891 0.000000 udp 10.0.2.109 3683 -> 172.2.5.29 9055 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:08:42.416311 0.000000 udp 10.0.2.109 3683 -> 190.134.154.1 7802 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:08:48.193555 0.000000 udp 10.0.2.109 3683 -> 108.255.59.40 5109 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:08:56.435917 0.798954 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 733 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:08:57.518527 0.000000 udp 10.0.2.109 3683 -> 79.14.3.63 2070 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:09:05.839035 0.289787 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 678 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:09:07.245432 0.000000 udp 10.0.2.109 3683 -> 70.30.59.123 6820 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:09:10.675679 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:09:14.221145 0.403123 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 766 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:09:16.478984 0.000000 udp 10.0.2.109 3683 -> 24.102.176.191 2218 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:09:24.175886 0.000000 udp 10.0.2.109 3683 -> 87.66.186.91 1882 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:09:32.687683 0.000000 udp 10.0.2.109 3683 -> 217.36.208.81 6632 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:09:36.675653 4.043676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 15:09:39.207218 0.000000 udp 10.0.2.109 3683 -> 24.234.115.27 6169 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:09:44.685143 0.498377 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 700 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:09:44.725190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:09:46.265215 0.000000 udp 10.0.2.109 3683 -> 170.223.71.89 7063 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:09:53.437714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:09:55.450224 0.000000 udp 10.0.2.109 3683 -> 50.197.110.226 1024 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:10:00.387350 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:10:03.472319 0.000000 udp 10.0.2.109 3683 -> 117.200.171.106 1065 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:10:09.440217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:10:12.154278 0.000000 udp 10.0.2.109 3683 -> 188.54.6.142 6262 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:10:19.575189 0.000000 udp 10.0.2.109 3683 -> 190.5.101.2 7937 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:10:27.526430 0.000000 udp 10.0.2.109 3683 -> 108.170.84.90 2120 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:10:33.595375 0.618499 udp 10.0.2.109 3683 <-> 210.111.198.151 5365 CON 0 0 2 716 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:10:34.351809 0.411735 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 845 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:10:34.893512 0.000000 udp 10.0.2.109 3683 -> 216.179.97.75 8604 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:10:41.446368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:10:43.169343 0.000000 udp 10.0.2.109 3683 -> 76.231.92.202 6092 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:10:48.035550 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:10:50.639792 0.000000 udp 10.0.2.109 3683 -> 87.138.133.142 5320 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:10:57.440069 1.555254 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:10:59.372499 0.000000 udp 10.0.2.109 3683 -> 209.184.126.38 6018 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:11:05.861858 0.000000 udp 10.0.2.109 3683 -> 217.33.180.50 8539 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:11:14.314115 0.384189 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 657 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:11:14.973238 0.000000 udp 10.0.2.109 3683 -> 75.137.74.18 9310 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:11:20.503137 0.000000 udp 10.0.2.109 3683 -> 111.118.248.106 7436 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:11:29.395427 0.420432 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 718 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:11:29.842756 0.389872 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 663 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:11:30.326682 0.443039 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 696 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:11:30.779484 1.197185 udp 10.0.2.109 3683 <-> 75.61.134.120 4792 CON 0 0 2 666 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:11:32.047954 0.276717 udp 10.0.2.109 3683 -> 188.99.24.127 8943 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:11:32.324671 0.000000 icmp 188.99.24.127 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 152 flow=Background 1970/01/03 15:11:34.252675 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:11:40.140864 0.000000 udp 10.0.2.109 3683 -> 95.248.175.15 2625 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:16:48.576505 3.002005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 15:16:55.584163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:17:03.585785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:17:19.588571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:17:51.594867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:23:55.601049 3.001399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 15:24:02.608014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:24:10.610416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:24:26.613111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:24:58.619380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:30:31.668265 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:30:31.668435 2.859495 tcp 10.0.2.109 49848 -> 211.38.175.27 4598 FSPA* 0 0 14 1725 flow=From-Botnet-V1-TCP-Established 1970/01/03 15:31:02.625728 3.000877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 15:31:09.632184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:31:17.633780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:31:33.636590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:32:05.642759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:38:09.649561 3.001060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 15:38:16.656100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:38:24.657585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:38:40.660673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:39:12.666574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:42:08.049185 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 15:42:08.049409 0.327504 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:08.377346 0.547262 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:08.377748 3.005826 tcp 10.0.2.109 49849 -> 31.197.209.67 4165 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 15:42:08.924955 0.432515 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:09.357855 0.311696 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:09.669976 0.000000 udp 10.0.2.109 3683 -> 142.59.253.98 3441 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 15:42:17.392284 0.000000 tcp 10.0.2.109 49849 -> 31.197.209.67 4165 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 15:42:27.320000 0.563688 tcp 10.0.2.109 49850 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 15:42:27.883959 0.547505 tcp 10.0.2.109 49851 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 15:42:28.431736 1.135059 tcp 10.0.2.109 49852 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/03 15:42:29.567530 0.393280 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:29.961252 0.396680 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:29.961584 2.993488 tcp 10.0.2.109 49853 -> 69.159.203.121 4488 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 15:42:30.358314 0.388347 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:30.747031 0.404958 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:31.152408 0.461892 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:31.614664 0.350393 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:31.965451 0.455332 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:32.421134 0.285146 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:32.706669 0.432932 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:33.139994 0.416496 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:33.556869 0.467227 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:34.024486 0.416519 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:34.441356 0.527506 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:34.969229 0.611102 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:35.580726 0.420738 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:36.001855 0.333778 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:36.336005 0.432803 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:36.769203 0.482311 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:37.251942 0.431920 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:37.684278 0.393282 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:38.077942 0.388021 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:38.466464 0.361150 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:38.827979 0.463074 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:38.963328 0.000000 tcp 10.0.2.109 49853 -> 69.159.203.121 4488 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 15:42:39.291462 0.395822 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:39.687717 0.368891 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:40.057011 0.319214 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:40.376633 0.276986 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:40.654043 0.403757 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:41.058371 0.438579 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:41.497347 0.406864 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:41.904622 0.599736 udp 10.0.2.109 3683 <-> 210.111.198.151 5365 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:42.504767 0.404943 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:42.910138 0.389158 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:43.299681 0.403210 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:43.703320 0.442879 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:44.146627 0.375861 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:44.522803 0.487977 udp 10.0.2.109 3683 <-> 75.61.134.120 4792 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/03 15:42:52.896757 0.251870 udp 10.0.2.109 56222 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/03 15:42:53.149179 0.258226 udp 10.0.2.109 59338 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/03 15:45:16.672883 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 15:45:23.679914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:45:31.681477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:45:47.685058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:46:19.690518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:52:23.697144 3.001201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 15:52:30.704113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:52:38.705527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:52:54.708974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:53:26.714751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:59:30.720932 3.001777 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 15:59:37.728137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 15:59:45.830134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:00:01.833139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:00:33.839049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:00:34.570626 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 16:00:34.570732 2.912579 tcp 10.0.2.109 49854 -> 211.38.175.27 4598 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:06:37.845875 3.000694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 16:06:44.852587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:06:52.854004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:07:08.857319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:07:40.862684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:12:56.408169 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 16:12:56.408300 0.000000 udp 10.0.2.109 3683 -> 142.59.253.98 3441 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 16:13:14.966058 0.564676 tcp 10.0.2.109 49855 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:13:15.531003 0.570460 tcp 10.0.2.109 49856 -> 195.113.214.222 80 SRPA* 0 0 19 14673 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:13:16.102052 0.325102 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:16.427674 0.547356 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:16.428064 3.001390 tcp 10.0.2.109 49857 -> 31.197.209.67 4165 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 16:13:16.975454 0.426348 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:17.402251 0.307806 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:17.710480 0.384776 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:18.095667 0.399010 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:18.495064 0.000000 udp 10.0.2.109 3683 -> 76.68.90.33 3572 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 16:13:25.427871 0.000000 tcp 10.0.2.109 49857 -> 31.197.209.67 4165 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/03 16:13:34.672606 0.535269 tcp 10.0.2.109 49858 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:13:35.208149 0.583498 tcp 10.0.2.109 49859 -> 195.113.214.222 80 SRPA* 0 0 19 14683 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:13:35.792291 0.413034 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:36.205792 0.456856 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:36.663079 0.357889 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:37.021387 0.435789 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:37.457568 0.296376 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:37.754474 0.429678 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:37.754865 4.335020 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 SPA_* 0 0 45 28046 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:13:38.184525 0.417232 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:38.602134 0.461799 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:39.064364 0.417222 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:39.482013 0.528727 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:40.011106 0.665678 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:40.677197 0.417859 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:41.095461 0.538384 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:41.634360 0.433092 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:42.067824 0.492179 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:42.560416 0.442823 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:43.003656 0.362330 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:43.039296 4.297093 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 A_PA 0 0 80 62264 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:13:43.366472 0.388864 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:43.755741 0.393633 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:44.149823 0.469702 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:44.619953 0.396962 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:44.869077 3.001324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 16:13:45.017311 0.276542 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:45.294408 0.337955 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:45.632769 0.309435 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:45.942569 0.411475 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:46.354426 0.442974 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:46.797811 0.398759 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:13:47.196985 0.000000 udp 10.0.2.109 3683 -> 210.111.198.151 5365 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 16:13:48.398657 4.899568 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 A_PA 0 0 44 28648 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:13:51.876097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:13:53.581653 4.516239 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 A_PA 0 0 75 57898 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:13:58.969404 4.184263 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 A_PA 0 0 46 30908 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:13:59.877894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:14:04.626353 0.563326 tcp 10.0.2.109 49861 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:05.189990 0.574815 tcp 10.0.2.109 49862 -> 195.113.214.222 80 SRPA* 0 0 21 14793 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:05.765424 0.401022 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:14:06.166794 0.386018 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:14:06.553186 0.418904 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:14:06.972449 0.000000 udp 10.0.2.109 3683 -> 75.61.134.120 4792 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 16:14:09.070829 4.772586 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 A_PA 0 0 39 27282 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:14.431805 4.998003 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 A_PA 0 0 80 57568 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:15.881095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:14:19.711404 4.819625 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 A_PA 0 0 74 56292 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:22.732183 0.543019 tcp 10.0.2.109 49863 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:23.275509 0.546719 tcp 10.0.2.109 49864 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:23.822519 1.134940 tcp 10.0.2.109 49865 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:24.958254 0.431057 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:14:25.389672 0.401270 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:14:25.411376 4.742320 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 A_PA 0 0 56 40840 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:30.439552 4.981220 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 A_PA 0 0 57 41990 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:35.720856 4.938824 tcp 10.0.2.109 49860 -> 91.207.7.129 3494 FPA_* 0 0 47 34351 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:14:47.937058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:20:51.943392 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 16:20:58.950046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:21:06.952438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:21:22.954512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:21:55.031079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:27:59.037801 3.000758 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 16:28:06.044144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:28:14.046336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:28:30.048524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:29:02.055130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:30:37.552806 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 16:30:37.552917 2.691720 tcp 10.0.2.109 49866 -> 211.38.175.27 4598 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:35:06.060443 3.002098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 16:35:13.068146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:35:21.069828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:35:37.073183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:36:09.079204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:42:13.085083 3.001499 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 16:42:20.092312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:42:28.093590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:42:44.096698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:43:16.102508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:44:32.773399 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 16:44:32.773591 0.384626 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:44:33.158601 0.000000 udp 10.0.2.109 3683 -> 210.111.198.151 5365 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 16:44:49.731049 0.540931 tcp 10.0.2.109 49867 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:44:50.272211 0.551792 tcp 10.0.2.109 49868 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:44:50.824287 1.151117 tcp 10.0.2.109 49869 -> 195.113.214.222 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:44:51.975788 0.000000 udp 10.0.2.109 3683 -> 75.61.134.120 4792 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 16:45:07.624592 0.544441 tcp 10.0.2.109 49870 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:45:08.169380 0.572046 tcp 10.0.2.109 49871 -> 195.113.214.222 80 SRPA* 0 0 19 14666 flow=From-Botnet-V1-TCP-Established 1970/01/03 16:45:08.741958 0.328288 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:09.070605 0.554309 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:09.625308 0.438597 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:10.064237 0.316780 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:10.381404 0.401553 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:10.783368 0.379218 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:11.162973 0.339538 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:11.502919 0.469202 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:11.972515 0.406005 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:12.378965 0.293787 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:12.673117 0.449674 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:13.123155 0.426036 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:13.549598 0.458917 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:14.008914 0.409498 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:14.418806 0.408127 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:14.827305 0.533024 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:15.360767 0.598635 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:15.959737 0.432460 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:16.392598 0.408887 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:16.801870 0.321428 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:17.123703 0.449483 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:17.573606 0.491547 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:18.065621 0.359827 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:18.425844 0.395110 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:18.821340 0.464340 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:19.286067 0.406514 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:19.692999 0.384105 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:20.077444 0.362646 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:20.440494 0.308328 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:20.749312 0.272778 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:21.022509 0.404884 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:21.427759 0.453588 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:21.881761 0.394342 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:22.276499 0.379464 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:22.656301 0.402664 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:23.059345 0.416940 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:23.476626 0.437296 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:45:23.914392 0.397997 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/03 16:49:20.108503 3.001933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 16:49:27.116609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:49:35.117729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:49:51.120614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:50:23.126759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:56:27.133386 3.000808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 16:56:34.140591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:56:42.141902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:56:58.144975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 16:57:30.150999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:00:40.244455 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 17:00:40.244661 3.055979 tcp 10.0.2.109 49872 -> 211.38.175.27 4598 FSPA* 0 0 14 1670 flow=From-Botnet-V1-TCP-Established 1970/01/03 17:03:34.156150 3.002423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 17:03:41.163944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:03:49.165750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:04:05.169063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:04:37.174528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:10:41.180891 3.001485 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 17:10:48.187822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:10:56.189500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:11:12.192576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:11:44.199074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:15:40.138086 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 17:15:40.138191 0.394411 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:40.532974 0.336871 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:40.870268 0.561756 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:41.432434 0.452263 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:41.885099 0.319830 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:42.205339 0.413951 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:42.619698 0.492789 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:43.112825 0.387631 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:43.500864 0.375969 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:43.877166 0.918026 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:44.795650 0.272678 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:45.068691 0.472271 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:45.541341 0.444347 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:45.986089 0.429237 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:46.415773 0.479404 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:46.895522 0.416321 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:47.312214 0.523695 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:47.836323 0.578695 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:48.415401 0.441360 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:48.857110 0.409345 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:49.266839 0.343872 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:49.611126 0.437792 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:50.049339 0.397036 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:50.446805 0.498808 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:50.945986 0.381406 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:51.327796 0.468707 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:51.796842 0.394311 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:52.191516 0.380673 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:52.572540 0.364499 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:52.937439 0.317742 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:53.255546 0.282258 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:53.538320 0.428515 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:53.967223 0.429347 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:54.396939 0.412318 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:54.809610 0.389863 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:55.199832 0.432485 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:55.632666 0.401974 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:56.034996 0.397893 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:15:56.433250 0.389349 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:17:48.204154 3.002026 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 17:17:55.211870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:18:03.213861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:18:19.216737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:18:51.222494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:24:55.228271 3.002085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 17:25:02.236062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:25:10.237583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:25:26.240616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:25:58.246968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:30:43.307147 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 17:30:43.307248 0.574764 tcp 10.0.2.109 49873 -> 211.38.175.27 4598 SPA_* 0 0 9 1059 flow=From-Botnet-V1-TCP-Established 1970/01/03 17:30:48.975223 0.009674 tcp 10.0.2.109 49873 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/03 17:32:02.252231 3.001859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 17:32:09.260433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:32:17.261410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:32:33.264848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:33:05.270734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:39:09.276019 3.002358 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 17:39:16.284088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:39:24.285460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:39:40.288581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:40:12.294548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:46:03.680342 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 17:46:03.680597 1.096618 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:04.777614 0.336161 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:05.114166 0.703201 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:05.817770 0.435167 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:06.253405 0.315192 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:06.568950 0.399609 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:06.968974 0.345644 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:07.315076 0.475296 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:07.790731 0.387979 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:08.179110 0.410661 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:08.590195 0.457277 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:09.047802 0.288653 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:09.336859 0.452458 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:09.789717 0.429259 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:10.219437 0.412201 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:10.631989 0.401240 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:11.033586 0.532011 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:11.566047 0.595771 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:12.162352 0.447255 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:12.609990 0.409360 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:13.019686 0.000000 udp 10.0.2.109 3683 -> 81.133.186.146 7761 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 17:46:16.300972 3.001620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 17:46:23.307713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:46:30.531691 0.570898 tcp 10.0.2.109 49874 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 17:46:31.102920 0.563285 tcp 10.0.2.109 49875 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 17:46:31.309637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:46:31.666627 1.154520 tcp 10.0.2.109 49876 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/03 17:46:32.821760 0.426256 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:33.248409 0.398015 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:33.646788 0.491670 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:34.138897 0.363746 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:34.503034 0.463419 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:34.966843 0.343930 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:35.311084 0.393516 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:35.705009 0.385811 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:36.091231 0.307547 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:36.399140 0.278159 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:36.677698 0.408242 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:37.086514 0.428094 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:37.515017 0.411775 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:37.927130 0.398302 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:38.325796 0.394257 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:38.720818 0.431098 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:39.152325 0.410052 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:39.562732 0.383682 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/03 17:46:47.312315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:47:19.318896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:53:23.324551 3.001465 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 17:53:30.331766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:53:38.333420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:53:54.336339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 17:54:26.342397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:00:30.349401 3.000445 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 18:00:37.355584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:00:45.357807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:00:48.993325 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 18:00:48.993421 2.693658 tcp 10.0.2.109 49877 -> 211.38.175.27 4598 FSPA* 0 0 14 1727 flow=From-Botnet-V1-TCP-Established 1970/01/03 18:01:01.360639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:01:33.366982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:07:37.372990 3.000790 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 18:07:44.380122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:07:52.381374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:08:08.384137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:08:40.390784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:14:44.397286 3.000503 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 18:14:51.404023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:14:59.405668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:15:15.408182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:15:47.414311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:16:47.360566 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 18:16:47.360744 0.321871 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:16:47.683041 0.000000 udp 10.0.2.109 3683 -> 76.68.90.33 3572 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 18:17:04.578260 0.559329 tcp 10.0.2.109 49878 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 18:17:05.137863 0.551524 tcp 10.0.2.109 49879 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 18:17:05.689742 1.142521 tcp 10.0.2.109 49880 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/03 18:17:06.833003 0.322248 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:07.155704 0.569537 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:07.725608 0.401169 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:08.127148 0.436172 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:08.563714 0.312786 udp 10.0.2.109 3683 <-> 31.53.117.66 5422 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:08.876911 0.473582 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:09.350880 0.347678 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:09.698979 0.396460 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:10.095807 0.385623 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:10.481790 0.434209 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:10.916424 0.291040 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:11.207851 0.451465 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:11.659727 0.422911 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:12.083057 0.416375 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:12.499851 0.443826 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:12.944068 0.523440 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:13.467959 0.406778 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:13.875116 0.436390 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:14.311948 0.588518 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:14.900856 0.448016 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:15.349238 0.394296 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:15.743919 0.463758 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:16.208090 0.498710 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:16.707205 0.360946 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:17.068551 0.342336 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:17.411319 0.396198 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:17.807927 0.384376 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:18.192707 0.309301 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:18.502452 0.280931 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:18.783801 0.400423 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:19.184660 0.407825 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:19.592903 0.434027 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:20.027338 0.416414 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:20.444159 0.385672 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:20.830224 0.387925 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:21.218545 0.445827 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:17:21.664706 0.415828 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:21:51.420337 3.001544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 18:21:58.427918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:22:06.429077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:22:22.432367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:22:54.438315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:28:58.443720 3.002112 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 18:29:05.451934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:29:13.453170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:29:29.456038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:30:01.462487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:30:51.695151 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 18:30:51.695307 2.740240 tcp 10.0.2.109 49881 -> 211.38.175.27 4598 FSPA* 0 0 14 1736 flow=From-Botnet-V1-TCP-Established 1970/01/03 18:36:05.467835 3.002300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 18:36:12.475861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:36:20.477558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:36:36.480019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:37:08.486013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:43:12.492486 3.001589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 18:43:19.499364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:43:27.501503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:43:43.504077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:44:15.509908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:47:46.864459 0.000156 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 18:47:46.864713 0.391056 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:47:47.256161 0.461412 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:47:47.717979 0.316648 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:47:48.035040 0.552403 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:47:48.587867 0.400946 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:47:48.989228 0.437475 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:47:49.427125 0.000000 udp 10.0.2.109 3683 -> 31.53.117.66 5422 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 18:48:07.096184 0.564606 tcp 10.0.2.109 49882 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 18:48:07.661097 0.570334 tcp 10.0.2.109 49883 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 18:48:08.231752 1.124158 tcp 10.0.2.109 49884 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/03 18:48:09.356604 0.461590 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:09.818575 0.347799 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:10.166825 0.709855 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:10.877035 0.395671 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:11.273142 0.454717 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:11.728247 0.286860 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:12.015506 0.455974 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:12.471879 0.416847 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:12.889149 0.419219 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:13.308756 0.411819 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:13.720989 0.529488 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:14.250895 0.428097 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:14.679361 0.442402 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:15.122219 0.580241 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:15.702794 0.424764 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:16.127939 0.400074 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:16.528373 0.459942 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:16.988745 0.486802 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:17.475979 0.385009 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:17.861437 0.355086 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:18.216895 0.359775 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:18.577283 0.390686 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:18.968335 0.309718 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:19.278676 0.282023 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:19.561084 0.439494 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:20.001011 0.389865 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:20.391285 0.408479 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:20.800137 0.405921 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:21.206437 0.394629 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:21.601460 0.393179 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:21.994992 0.430261 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:48:22.425684 0.417564 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/03 18:50:19.516130 3.001623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 18:50:26.523753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:50:34.525429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:50:50.527957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:51:22.534120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:57:26.540704 3.001476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 18:57:33.547757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:57:41.549295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:57:57.551879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 18:58:29.557862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:00:54.437197 0.000210 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 19:00:54.437515 2.646712 tcp 10.0.2.109 49885 -> 211.38.175.27 4598 FSPA* 0 0 14 1553 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:04:33.565018 3.000633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 19:04:40.571322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:04:48.573446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:05:04.575837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:05:36.582442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:11:40.588094 3.002241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 19:11:47.595865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:11:55.597320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:12:11.599954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:12:43.605892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:18:30.525362 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 19:18:30.525460 0.000000 udp 10.0.2.109 3683 -> 31.53.117.66 5422 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 19:18:46.641033 0.545707 tcp 10.0.2.109 49886 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:18:47.187012 0.569278 tcp 10.0.2.109 49887 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:18:47.613286 3.000495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 19:18:47.756594 1.147254 tcp 10.0.2.109 49888 -> 195.113.214.222 443 SRPA* 0 0 21 12826 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:18:48.904520 0.324826 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:49.229770 0.391031 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:49.621248 0.323116 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:49.944758 1.683881 udp 10.0.2.109 3683 <-> 200.93.56.18 6467 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:51.629053 0.390781 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:52.020179 0.422490 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:52.443025 0.470800 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:52.914397 0.349082 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:53.263851 0.439285 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:53.703530 0.306763 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:54.010680 0.382289 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:54.393512 0.461451 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:54.619951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:18:54.855394 0.462028 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:55.317923 0.448370 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:55.766669 0.415667 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:56.182803 0.419391 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:56.602603 0.539145 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:57.142129 0.409971 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:57.552516 0.472980 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:58.025855 0.591749 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:58.618501 0.453092 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:59.071934 0.421772 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:59.494049 0.430019 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:18:59.924493 0.493758 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:00.418672 0.392243 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:00.811280 0.389457 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:01.201114 0.362746 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:01.564293 0.362318 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:01.927055 0.308375 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:02.235804 0.276821 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:02.513025 0.533588 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:02.621187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:19:03.046995 0.447872 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:03.495231 0.403739 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:03.899429 0.392957 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:04.292778 0.000000 udp 10.0.2.109 3683 -> 174.91.133.76 1885 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 19:19:18.623832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:19:19.547067 0.543205 tcp 10.0.2.109 49889 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:19:20.090561 0.603224 tcp 10.0.2.109 49890 -> 195.113.214.222 80 SRPA* 0 0 18 8384 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:19:20.692757 0.394556 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:21.087747 0.457630 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:21.545756 0.409872 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:19:50.629850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:25:54.635632 3.001982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 19:26:01.643346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:26:09.645268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:26:25.648095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:26:57.654366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:30:57.088587 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 19:30:57.088839 2.663053 tcp 10.0.2.109 49891 -> 211.38.175.27 4598 FSPA* 0 0 14 1747 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:33:01.661252 3.000511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 19:33:08.667394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:33:16.669312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:33:32.671776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:34:04.677862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:40:08.684687 3.000763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 19:40:15.691576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:40:23.692773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:40:39.695619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:41:11.701970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:47:15.708711 3.000877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 19:47:22.715640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:47:30.716714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:47:46.720029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:48:18.726697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:49:42.937680 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 19:49:42.937862 0.000000 udp 10.0.2.109 3683 -> 174.91.133.76 1885 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 19:49:58.451969 0.532447 tcp 10.0.2.109 49892 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:49:58.984672 0.570399 tcp 10.0.2.109 49893 -> 195.113.214.222 80 SRPA* 0 0 20 14732 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:49:59.555569 0.325355 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:49:59.881366 0.327659 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:00.209431 0.386211 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:00.596113 0.410263 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:01.006761 0.000000 udp 10.0.2.109 3683 -> 200.93.56.18 6467 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 19:50:17.868623 0.541667 tcp 10.0.2.109 49894 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:50:18.410602 0.529431 tcp 10.0.2.109 49895 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:50:18.940321 1.138813 tcp 10.0.2.109 49896 -> 195.113.214.222 443 SRPA* 0 0 22 12880 flow=From-Botnet-V1-TCP-Established 1970/01/03 19:50:20.079698 0.424018 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:20.504119 0.465594 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:20.970199 0.288010 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:21.258603 0.399703 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:21.658725 0.347069 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:22.006158 0.390162 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:22.396666 0.445567 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:22.842593 0.423190 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:23.266208 0.456563 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:23.723137 0.419984 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:24.143490 0.404058 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:24.547909 0.428273 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:24.976602 0.419192 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:25.396216 0.526163 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:25.922736 0.582218 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:26.505387 0.396290 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:26.902049 0.466751 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:27.369219 0.425554 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:27.795134 0.487075 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:28.282543 0.386151 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:28.669040 0.353640 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:29.023046 0.396965 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:29.420429 0.350499 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:29.771350 0.439505 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:30.211274 0.275785 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:30.487416 0.323444 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:30.811261 0.398785 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:31.210446 0.398744 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:31.609571 0.394216 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:32.004148 0.407564 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:32.412098 0.392415 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:50:32.804944 0.421801 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/03 19:54:22.731733 3.001508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 19:54:29.739421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:54:37.741026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:54:53.743976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 19:55:25.750098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:00:59.760308 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 20:00:59.760507 2.832280 tcp 10.0.2.109 49897 -> 211.38.175.27 4598 FSPA* 0 0 15 1614 flow=From-Botnet-V1-TCP-Established 1970/01/03 20:01:29.755827 3.001514 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 20:01:36.763647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:01:44.764811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:02:00.767677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:02:32.773720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:08:36.780157 3.001508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 20:08:43.787421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:08:51.788794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:09:07.791578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:09:39.797790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:15:43.813987 3.001420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 20:15:50.820935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:15:58.822797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:16:14.825917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:16:46.831968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:20:52.525541 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 20:20:52.525662 0.000000 udp 10.0.2.109 3683 -> 200.93.56.18 6467 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 20:21:09.612142 0.544876 tcp 10.0.2.109 49898 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 20:21:10.157297 0.553522 tcp 10.0.2.109 49899 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 20:21:10.710742 1.160065 tcp 10.0.2.109 49900 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/03 20:21:11.871537 0.317260 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:12.189185 0.392636 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:12.582335 0.345432 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:12.928269 0.387623 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:13.316247 0.434439 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:13.751083 0.463507 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:14.214965 0.293312 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:14.508682 0.399906 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:14.908949 0.347343 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:15.256728 0.387416 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:15.644541 0.453451 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:16.098608 0.410404 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:16.509494 0.466156 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:16.976129 0.432126 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:17.408709 0.422362 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:17.831518 0.407190 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:18.239104 0.415277 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:18.654786 0.539885 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:19.195076 0.577464 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:19.772947 0.386393 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:20.159740 0.477030 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:20.637205 0.425241 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:21.062867 0.504052 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:21.567284 0.393997 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:21.961708 0.000000 udp 10.0.2.109 3683 -> 176.222.173.240 1190 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 20:21:38.161669 0.546138 tcp 10.0.2.109 49901 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 20:21:38.708188 0.574921 tcp 10.0.2.109 49902 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 20:21:39.282877 1.156696 tcp 10.0.2.109 49903 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/03 20:21:40.440333 0.398660 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:40.839340 0.346375 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:41.186136 0.440069 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:41.626632 0.278705 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:41.905729 0.309221 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:42.215307 0.395782 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:42.611528 0.406554 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:43.018504 0.397960 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:43.416817 0.413706 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:43.830990 0.384267 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:21:44.215663 0.431407 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:22:50.838421 3.000832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 20:22:57.844888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:23:05.846816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:23:21.849420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:23:53.856012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:29:57.862091 3.001278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 20:30:04.869098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:30:12.871142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:30:28.873363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:31:00.879567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:31:02.602982 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 20:31:02.603108 2.664025 tcp 10.0.2.109 49904 -> 211.38.175.27 4598 FSPA* 0 0 15 1691 flow=From-Botnet-V1-TCP-Established 1970/01/03 20:37:04.885464 3.002199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 20:37:11.893226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:37:19.894321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:37:35.897978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:38:07.903906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:44:11.910414 3.001228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 20:44:18.917004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:44:26.918886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:44:42.921600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:45:14.928262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:51:18.934520 3.000967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 20:51:25.941396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:51:33.942399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:51:49.945813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:51:55.103162 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 20:51:55.103374 0.361635 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:55.465383 0.403774 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:55.869526 0.311797 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:56.181780 0.407668 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:56.589816 0.400012 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:56.990269 0.435677 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:57.426495 0.291416 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:57.718283 0.455072 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:58.173752 0.577964 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:58.752113 0.391801 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:59.144272 0.347743 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:59.492371 0.466164 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:51:59.958996 0.456648 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:00.416060 0.414253 rtcp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:00.830679 0.432869 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:01.263995 0.415730 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:01.680074 0.416620 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:02.097098 0.409666 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:02.507156 0.585357 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:03.092877 0.541208 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:03.634477 0.396695 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:04.031565 0.473959 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:04.505925 0.435087 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:04.941418 1.080156 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:06.021957 0.384603 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:06.406913 0.390972 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:06.798425 0.340918 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:07.139687 0.450949 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:07.591025 0.284239 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:07.875608 0.398716 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:08.274729 0.306108 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:08.581165 0.387268 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:08.968846 0.408323 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:09.377599 0.412229 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:09.790266 0.388216 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:10.178923 0.750620 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/03 20:52:21.951897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:58:25.956877 3.002197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 20:58:32.965344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:58:40.966612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:58:56.969782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 20:59:28.975384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:01:05.274693 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 21:01:05.274794 2.862421 tcp 10.0.2.109 49905 -> 211.38.175.27 4598 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:05:32.981570 3.002110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 21:05:39.988808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:05:47.990386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:06:03.993904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:06:35.999549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:12:40.006221 3.001318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 21:12:47.013179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:12:55.014641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:13:11.017700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:13:43.023460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:19:47.029263 3.001967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 21:19:54.036813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:20:02.038562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:20:18.041398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:20:50.047718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:22:36.580987 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 21:22:36.581158 0.358050 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:36.939609 0.325007 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:37.265022 0.478818 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:37.744176 0.387660 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:38.132259 0.391026 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:38.523752 0.440624 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:38.964749 0.283366 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:39.248522 0.465674 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:39.714636 0.400942 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:40.116005 0.388913 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:40.505289 0.348626 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:40.854512 0.465668 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:41.320579 0.445464 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:22:41.766604 0.000000 udp 10.0.2.109 3683 -> 108.217.233.48 8312 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 21:23:00.027437 0.530823 tcp 10.0.2.109 49906 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:23:00.558537 0.543082 tcp 10.0.2.109 49907 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:23:01.101961 1.157717 tcp 10.0.2.109 49908 -> 195.113.214.222 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:23:02.258456 0.433806 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:02.692633 0.435357 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:03.128389 0.417229 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:03.545989 0.411927 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:03.958316 0.584427 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:04.543088 0.530400 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:05.073874 0.390797 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:05.465014 0.454794 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:05.920167 0.428787 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:06.349394 0.504994 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:06.854753 0.386468 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:07.241658 0.395945 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:07.638012 0.346018 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:07.984417 0.439277 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:08.424131 0.278988 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:08.703762 0.395459 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:09.099631 0.415757 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:09.515718 0.310548 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:09.826636 0.400190 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:10.227204 0.401142 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:10.628764 0.376956 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:23:11.006193 0.438079 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:26:54.053377 3.002084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 21:27:01.061122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:27:09.062658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:27:25.065227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:27:57.071547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:31:08.136297 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 21:31:08.136442 2.726153 tcp 10.0.2.109 49909 -> 211.38.175.27 4598 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:34:01.077654 3.001187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 21:34:08.084927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:34:16.086658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:34:32.089138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:35:04.095893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:41:08.102300 3.000973 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 21:41:15.108873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:41:23.130776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:41:39.133262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:42:11.139372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:48:15.145291 3.001600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 21:48:22.153072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:48:30.154545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:48:46.157555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:49:18.163332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:53:21.012590 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 21:53:21.012736 0.415121 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:21.428317 0.376994 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:21.805670 0.313373 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:22.119414 0.507960 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:22.627784 0.424920 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:23.053114 0.394730 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:23.448254 0.000000 udp 10.0.2.109 3683 -> 76.68.90.33 3572 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 21:53:38.760882 0.533398 tcp 10.0.2.109 49910 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:53:39.294535 0.537654 tcp 10.0.2.109 49911 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:53:39.832468 1.167291 tcp 10.0.2.109 49912 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:53:41.000552 0.286969 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:41.287937 0.465686 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:41.753994 0.355336 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:42.109743 0.388719 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:42.498861 0.402164 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:42.901420 0.446755 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:43.348590 0.474258 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:43.823268 0.428928 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:44.252613 0.424025 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:44.677050 0.418203 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:45.095654 0.405695 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:45.501752 0.593881 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:46.096054 0.462201 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:46.558686 0.530998 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:47.090115 0.389127 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:53:47.479676 0.000000 udp 10.0.2.109 3683 -> 71.158.169.153 4580 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 21:54:05.707743 0.544977 tcp 10.0.2.109 49913 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:54:06.253053 0.544578 tcp 10.0.2.109 49914 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:54:06.797894 1.149841 tcp 10.0.2.109 49915 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/03 21:54:07.948468 0.489809 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:08.438679 0.342791 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:08.781967 0.389618 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:09.172031 0.385285 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:09.557719 0.425880 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:09.983977 0.273133 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:10.257469 0.327408 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:10.585222 0.384167 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:10.969777 0.406881 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:11.377102 0.376462 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:11.754011 0.398564 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:12.152999 0.400269 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:54:12.553663 0.433954 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/03 21:55:22.169746 3.001786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 21:55:29.177188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:55:37.178186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:55:53.181233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 21:56:25.187529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:01:10.868500 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 22:01:10.868672 2.718519 tcp 10.0.2.109 49916 -> 211.38.175.27 4598 FSPA* 0 0 15 1609 flow=From-Botnet-V1-TCP-Established 1970/01/03 22:02:29.194168 3.000540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 22:02:36.201087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:02:44.202326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:03:00.205242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:03:32.211472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:09:36.217318 3.001874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 22:09:43.224431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:09:51.226310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:10:07.229433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:10:39.235144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:16:43.242240 3.001132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 22:16:50.248693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:16:58.250433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:17:14.253068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:17:46.259546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:23:50.265421 3.001777 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 22:23:57.272604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:24:05.274271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:24:21.277080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:24:42.087127 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 22:24:42.087231 0.393351 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:42.480995 0.425552 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:42.906960 0.363895 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:43.271245 0.423686 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:43.695373 0.329093 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:44.024897 0.432165 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:44.457493 0.328546 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:44.786497 0.404568 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:45.191446 0.473143 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:45.664990 0.281436 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:45.946800 0.409480 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:46.356707 0.400316 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:46.757412 0.352377 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:47.110242 0.454578 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:47.565280 0.472017 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:48.037728 0.423796 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:48.461866 0.418474 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:48.880780 0.420326 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:49.301530 0.437647 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:49.739576 0.577401 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:50.317328 0.477191 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:50.794928 0.392406 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:51.187779 0.545780 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:51.733981 0.737975 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:52.472398 0.345465 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:52.818415 0.384209 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:53.203047 0.442673 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:53.283394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:24:53.646234 0.388003 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:54.034603 0.314266 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:54.349216 0.386005 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:54.735645 0.281466 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:55.017531 0.407602 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:55.425494 0.393708 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:24:55.819577 0.000000 udp 10.0.2.109 3683 -> 99.70.228.155 4205 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 22:25:14.666772 0.535000 tcp 10.0.2.109 49917 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 22:25:15.201641 0.534404 tcp 10.0.2.109 49918 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 22:25:15.736329 1.124955 tcp 10.0.2.109 49919 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/03 22:25:16.862022 0.387989 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:25:17.250567 0.420033 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:30:57.289991 3.000858 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 22:31:04.296936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:31:12.298021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:31:13.590917 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 22:31:13.591102 2.664757 tcp 10.0.2.109 49920 -> 211.38.175.27 4598 FSPA* 0 0 15 1610 flow=From-Botnet-V1-TCP-Established 1970/01/03 22:31:28.301269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:32:00.307630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:38:04.312629 3.002457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 22:38:11.320917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:38:19.321897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:38:35.324786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:39:07.330914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:45:11.337545 3.000990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 22:45:18.344608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:45:26.345763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:45:42.348738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:46:14.354969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:52:18.360363 3.002529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 22:52:25.368439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:52:33.369806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:52:49.372716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:53:21.379037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:55:46.117240 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 22:55:46.117430 0.435033 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:46.552849 0.389095 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:46.942369 0.435036 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:47.377758 0.366181 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:47.744311 0.404167 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:48.148912 0.352977 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:48.502334 0.433079 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:48.935792 0.334844 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:49.271063 0.295529 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:49.567006 0.461002 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:50.028364 1.030350 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:51.059135 0.399847 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:51.459327 0.389972 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:51.849732 0.458771 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:52.308911 0.341619 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:52.650929 0.450567 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:53.101873 0.445574 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:53.547857 0.410354 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:53.958535 0.417534 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:54.376416 0.593429 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:54.970293 0.588493 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:55.559192 0.467456 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:56.027064 0.524457 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:56.551938 0.391205 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:56.943563 0.522623 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:57.466540 0.341303 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:57.808320 0.383583 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:58.192319 0.389293 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:58.582044 0.442723 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:59.025200 0.390723 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:59.416308 0.313717 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:55:59.730597 0.274031 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:56:00.005039 0.382793 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:56:00.388237 0.415479 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:56:00.804142 0.435622 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:56:01.240161 0.409691 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/03 22:59:25.385281 3.001664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 22:59:32.392392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:59:40.394373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 22:59:56.397123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:00:28.403335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:01:16.262452 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 23:01:16.262687 2.675936 tcp 10.0.2.109 49921 -> 211.38.175.27 4598 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:06:32.408792 3.002002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 23:06:39.416241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:06:47.417776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:07:03.421324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:07:35.427114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:13:39.433129 3.001819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 23:13:46.440092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:13:54.441685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:14:10.444658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:14:42.451044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:20:46.457769 3.000708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 23:20:53.464102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:21:01.466185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:21:17.469285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:21:49.474789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:26:05.963751 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 23:26:05.963851 0.430728 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:06.394987 0.387583 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:06.782998 0.437817 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:07.221273 0.358267 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:07.579947 0.429899 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:08.010428 0.415856 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:08.426702 0.414138 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:08.841271 0.360085 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:09.201724 0.286572 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:09.488638 0.464183 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:09.953234 0.496706 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:10.450352 0.398377 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:10.849158 0.397000 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:11.246553 0.459917 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:11.706884 0.351477 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:12.058773 0.408235 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:12.467383 0.548065 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:13.015845 0.438483 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:13.454729 0.425663 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:13.880793 0.418257 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:14.299399 0.613756 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:14.913543 0.464100 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:15.378202 0.530704 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:15.909329 0.401760 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:16.311514 0.529463 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:16.841320 0.343370 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:17.185066 0.391569 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:17.576982 0.000000 udp 10.0.2.109 3683 -> 74.208.73.146 4587 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 23:26:32.755059 0.541554 tcp 10.0.2.109 49922 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:26:33.296859 0.574796 tcp 10.0.2.109 49923 -> 195.113.214.222 80 SRPA* 0 0 18 13400 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:26:33.872272 0.504765 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:34.377427 0.275519 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:34.653355 0.390920 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:35.044722 0.303686 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:35.348787 0.523640 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:35.872762 0.413475 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:36.286642 0.405524 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:26:36.692566 0.406066 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:27:53.480883 3.001623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/03 23:28:00.488081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:28:08.489657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:28:24.492565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:28:56.498632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:31:18.944511 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 23:31:18.944721 2.915730 tcp 10.0.2.109 49924 -> 211.38.175.27 4598 FSPA* 0 0 15 1802 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:35:00.504356 3.002188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 23:35:07.512370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:35:15.513733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:35:31.517197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:36:03.523118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:42:07.528527 3.002387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 23:42:14.536386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:42:22.537566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:42:38.541230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:43:10.546862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:49:14.552745 3.001441 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 23:49:21.560194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:49:29.561458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:49:45.564924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:50:17.570809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:56:21.577369 3.000986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/03 23:56:28.583886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:56:36.585837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:56:38.138203 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/03 23:56:38.138357 0.000000 udp 10.0.2.109 3683 -> 74.208.73.146 4587 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 23:56:52.588836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:56:56.797776 0.537431 tcp 10.0.2.109 49925 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:56:57.335498 0.539311 tcp 10.0.2.109 49926 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:56:57.875117 1.385957 tcp 10.0.2.109 49927 -> 195.113.214.222 443 SRPA* 0 0 36 26363 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:56:59.261691 0.425592 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:56:59.687733 0.393482 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:00.081572 0.440986 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:00.522989 0.000000 udp 10.0.2.109 3683 -> 176.222.173.240 1190 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/03 23:57:19.028071 0.542921 tcp 10.0.2.109 49928 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:57:19.571288 0.536300 tcp 10.0.2.109 49929 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:57:20.107924 1.146108 tcp 10.0.2.109 49930 -> 195.113.214.222 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/03 23:57:21.254632 0.436557 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:21.691605 0.421411 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:22.113356 0.359697 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:22.473467 0.478297 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:22.952149 0.284525 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:23.237034 0.382918 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:23.620359 0.415279 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:24.036027 0.407544 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:24.443934 0.455607 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:24.594849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/03 23:57:24.899947 0.384840 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:25.285217 0.346616 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:25.632242 0.429724 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:26.062428 0.446719 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:26.509505 0.418035 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:26.927972 0.427643 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:27.355996 0.582061 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:27.938465 0.423386 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:28.362446 0.445236 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:28.808187 0.524086 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:29.332633 0.386325 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:29.719376 0.515333 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:30.235124 0.356652 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:30.592189 0.385328 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:30.977866 0.433855 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:31.412115 0.300914 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:31.713453 0.387795 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:32.101594 0.312495 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:32.414467 0.385476 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:32.800390 0.404801 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:33.205578 0.401309 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/03 23:57:33.607312 0.415523 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:01:21.866495 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 00:01:21.866717 2.735603 tcp 10.0.2.109 49931 -> 211.38.175.27 4598 FSPA* 0 0 12 1467 flow=From-Botnet-V1-TCP-Established 1970/01/04 00:03:28.600828 3.001851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 00:03:35.607948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:03:43.609373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:03:59.612738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:04:31.618999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:10:35.625457 3.000621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 00:10:42.632492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:10:50.633696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:11:06.636587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:11:39.013631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:17:43.019913 3.000929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 00:17:50.026350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:17:58.027996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:18:14.031584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:18:46.037468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:24:50.043161 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 00:24:57.050962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:25:05.051770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:25:21.055470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:25:53.061422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:27:45.242488 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 00:27:45.242746 0.365539 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:45.608641 0.434757 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:46.043854 0.394906 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:46.439188 0.436360 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:46.876005 0.428191 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:47.304643 0.472463 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:47.777679 0.437638 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:48.215769 0.328534 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:48.544714 0.311022 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:48.856165 0.426112 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:49.282684 0.396641 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:49.679727 0.419047 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:50.099180 0.454932 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:50.554540 0.413016 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:50.967986 0.388779 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:51.357269 0.348241 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:51.705859 0.445301 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:52.151604 0.422113 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:52.574182 0.438706 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:53.013353 0.693880 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:53.707664 0.417477 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:54.125574 0.478323 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:54.604342 0.535173 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:55.140008 0.394710 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:55.535086 0.502951 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:56.038498 0.353151 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:56.392050 0.389678 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:56.782209 0.436794 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:57.219442 0.291988 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:57.511838 0.390401 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:57.902680 0.383065 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:58.286190 0.304325 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:58.590864 0.406321 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:58.997670 0.405243 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:27:59.403372 0.398654 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:31:24.788420 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 00:31:24.788525 2.783502 tcp 10.0.2.109 49932 -> 211.38.175.27 4598 FSPA* 0 0 14 1678 flow=From-Botnet-V1-TCP-Established 1970/01/04 00:31:57.067596 3.001385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 00:32:04.074589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:32:12.075797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:32:28.079430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:33:00.085486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:39:04.091645 3.001297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 00:39:11.098748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:39:19.099873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:39:35.102715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:40:07.109545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:46:11.115574 3.001319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 00:46:18.122333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:46:26.123815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:46:42.127137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:47:14.463629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:53:18.480240 3.000644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 00:53:25.486827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:53:33.488578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:53:49.491477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:54:21.497302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 00:58:11.238291 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 00:58:11.238436 0.371152 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:11.609973 0.000000 udp 10.0.2.109 3683 -> 99.70.228.155 4205 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 00:58:29.255980 0.663950 tcp 10.0.2.109 49933 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 00:58:29.920218 0.877647 tcp 10.0.2.109 49934 -> 195.113.214.222 80 SRPA* 0 0 19 13422 flow=From-Botnet-V1-TCP-Established 1970/01/04 00:58:30.798603 0.404826 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:31.203778 1.276331 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:32.480494 0.468430 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:32.949358 0.440465 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:33.390415 0.560384 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:33.951130 0.331258 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:34.282735 0.311560 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:34.594769 0.327137 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:34.922367 0.408057 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:35.330849 0.427219 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:35.758524 0.478418 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:36.237324 0.576373 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:36.814127 0.643047 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:37.457538 0.604771 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:38.062678 0.461548 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:38.524673 0.421022 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:38.946208 0.436791 udp 10.0.2.109 3683 <-> 99.149.179.234 8453 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:39.383398 0.878048 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:40.261965 0.418824 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:40.681216 0.462145 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:41.143745 0.534425 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:58:41.678582 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 00:58:58.116048 0.557877 tcp 10.0.2.109 49935 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 00:58:58.673949 0.550699 tcp 10.0.2.109 49936 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 00:58:59.224966 1.150831 tcp 10.0.2.109 49937 -> 195.113.214.222 443 SRPA* 0 0 29 13260 flow=From-Botnet-V1-TCP-Established 1970/01/04 00:59:00.376646 0.489968 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:00.867057 0.338549 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:01.205978 0.383044 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:01.589432 0.443862 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:02.033677 0.279507 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:02.313619 0.310504 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:02.624553 0.385678 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:03.010638 0.385230 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:03.396278 0.411384 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:03.808092 0.435662 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/04 00:59:04.244171 0.404904 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:00:25.503696 3.001442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 01:00:32.510774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:00:40.512532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:00:56.515469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:01:27.750996 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 01:01:27.751112 2.824226 tcp 10.0.2.109 49938 -> 211.38.175.27 4598 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/01/04 01:01:28.521320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:07:32.527017 3.002037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 01:07:39.534862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:07:47.536057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:08:03.539279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:08:35.545761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:14:39.552171 3.000711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 01:14:46.559063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:14:54.560032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:15:10.563091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:15:42.569382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:21:46.575463 3.001936 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 01:21:53.582643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:22:01.584118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:22:17.586983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:22:49.593428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:28:53.600448 3.000417 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 01:29:00.607091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:29:08.608396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:29:22.338396 0.000178 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 01:29:22.338681 0.187701 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:22.526804 0.145296 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:22.672516 0.118517 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:22.791466 0.142195 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:22.934087 0.212515 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:23.146968 0.184053 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:23.331364 0.188166 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:23.519916 0.166308 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:23.686644 0.060210 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:23.747266 0.095701 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:23.843321 0.072204 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:23.915870 0.168164 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:24.084490 0.157479 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:24.242362 0.214134 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:24.456895 0.099880 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:24.557163 0.165321 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:24.611556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:29:24.722895 0.181571 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:24.904835 0.192991 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:25.098340 0.143678 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:25.242602 0.000000 udp 10.0.2.109 3683 -> 99.149.179.234 8453 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 01:29:43.240557 0.047537 tcp 10.0.2.109 49939 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 01:29:43.288426 0.046533 tcp 10.0.2.109 49940 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 01:29:43.335338 0.160315 tcp 10.0.2.109 49941 -> 195.113.214.222 443 SRPA* 0 0 40 26944 flow=From-Botnet-V1-TCP-Established 1970/01/04 01:29:43.496545 0.337936 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:43.967163 0.168263 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:44.135853 0.219047 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:44.355250 0.280667 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:44.636360 0.250588 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:44.887366 0.106409 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:44.994305 0.144794 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:45.139542 0.189233 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:45.329190 0.032837 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:45.362377 0.556882 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:45.919679 0.138900 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:46.059003 0.141755 udp 10.0.2.109 3683 <-> 75.143.247.73 6480 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:46.201129 0.153473 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:46.355015 0.160676 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:46.516165 0.159879 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/04 01:29:56.617476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:31:30.582586 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 01:31:30.582747 1.942062 tcp 10.0.2.109 49942 -> 211.38.175.27 4598 FSPA* 0 0 15 1738 flow=From-Botnet-V1-TCP-Established 1970/01/04 01:36:00.623171 3.001975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 01:36:07.630737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:36:15.632049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:36:31.635490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:37:03.641273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:43:07.647798 3.001164 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 01:43:14.654600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:43:22.656091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:43:38.659668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:44:10.665377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:50:14.672228 3.001011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 01:50:21.678515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:50:29.679956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:50:45.683103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:51:17.688891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:57:21.695735 3.001382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 01:57:28.702609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:57:36.703979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:57:52.707488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 01:58:24.713056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:00:00.381322 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 02:00:00.381451 0.000000 udp 10.0.2.109 3683 -> 99.149.179.234 8453 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 02:00:15.455398 0.046637 tcp 10.0.2.109 49943 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:00:15.502432 0.088996 tcp 10.0.2.109 49944 -> 195.113.214.222 80 SRPA* 0 0 75 58186 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:00:15.592030 0.118363 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:15.710797 0.145716 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:15.856920 0.188157 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:16.045489 0.147579 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:16.193517 0.186114 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:16.380049 0.183575 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:16.564092 0.172540 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:16.737095 0.039909 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:16.777377 1.692588 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:18.470365 0.222764 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:18.693556 0.125192 udp 10.0.2.109 3683 <-> 31.197.209.67 1519 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:18.819183 0.214572 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:19.034260 0.098622 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:19.133327 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 02:00:37.124752 0.045615 tcp 10.0.2.109 49945 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:00:37.170652 0.049178 tcp 10.0.2.109 49946 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:00:37.220124 0.158197 tcp 10.0.2.109 49947 -> 195.113.214.222 443 SRPA* 0 0 42 34982 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:00:37.379703 0.179512 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:37.559645 0.708934 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:38.269006 0.150245 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:38.419638 0.202846 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:38.622940 0.142208 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:38.765650 0.337325 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:39.103392 0.283168 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:39.386964 0.254683 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:39.642208 0.094639 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:39.737277 0.163226 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:39.900859 0.219539 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:40.120757 0.143100 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:40.264286 0.189766 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:40.454435 0.036810 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:40.491619 0.061109 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:40.553140 0.149716 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:40.703261 0.185482 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:40.889083 0.161767 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:41.051219 0.140801 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:00:41.192455 0.000000 udp 10.0.2.109 3683 -> 75.143.247.73 6480 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 02:00:58.405392 0.047938 tcp 10.0.2.109 49948 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:00:58.453632 0.045656 tcp 10.0.2.109 49949 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:00:58.499550 0.162041 tcp 10.0.2.109 49950 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:01:32.533682 2.262126 tcp 10.0.2.109 49951 -> 211.38.175.27 4598 FSPA* 0 0 15 1671 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:04:28.719103 3.001684 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 02:04:35.727030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:04:43.727953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:04:59.731710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:05:31.736914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:11:35.743197 3.001930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 02:11:42.750876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:11:50.752098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:12:06.754752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:12:38.760948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:18:42.767726 3.000910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 02:18:49.774795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:18:57.776127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:19:13.779229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:19:45.784812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:25:49.791439 3.001471 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 02:25:56.798174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:26:04.800092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:26:20.803267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:26:52.808777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:31:10.510020 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 02:31:10.510263 0.165380 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:31:10.676061 0.000000 udp 10.0.2.109 3683 -> 75.143.247.73 6480 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 02:31:28.869217 0.046641 tcp 10.0.2.109 49952 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:31:28.916172 0.046643 tcp 10.0.2.109 49953 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:31:28.963108 0.156654 tcp 10.0.2.109 49954 -> 195.113.214.222 443 SRPA* 0 0 32 17212 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:31:29.120517 0.149099 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:31:29.270029 0.118117 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:31:29.388551 1.064512 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:31:30.453574 0.185100 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:31:30.639052 0.160331 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:31:30.799748 0.040790 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:31:30.840951 0.147941 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:31:30.989357 0.000000 udp 10.0.2.109 3683 -> 99.70.228.155 4205 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 02:31:34.794706 2.045590 tcp 10.0.2.109 49955 -> 211.38.175.27 4598 FSPA* 0 0 14 1589 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:31:46.582817 0.045698 tcp 10.0.2.109 49956 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:31:46.628843 0.085929 tcp 10.0.2.109 49957 -> 195.113.214.222 80 SRPA* 0 0 38 24238 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:31:46.714953 0.094266 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:31:46.809648 0.000000 udp 10.0.2.109 3683 -> 31.197.209.67 1519 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 02:32:03.196595 0.045535 tcp 10.0.2.109 49958 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:32:03.242359 0.047327 tcp 10.0.2.109 49959 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:32:03.290006 0.163088 tcp 10.0.2.109 49960 -> 195.113.214.222 443 SRPA* 0 0 38 31804 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:32:03.453951 0.213135 rtcp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:03.667560 0.102744 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:03.770780 0.217744 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:03.988910 0.178512 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:04.167839 0.434150 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:04.602482 0.577073 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:05.179913 0.146864 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:05.327134 0.198805 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:05.526499 0.321136 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:05.848100 0.094763 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:05.943265 0.165636 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:06.109399 0.338021 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:06.447835 0.282597 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:06.730880 0.143804 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:06.875076 0.186558 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:07.062039 0.209400 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:07.271873 0.063259 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:07.335551 0.154953 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:07.490950 0.158825 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:07.650287 0.000000 udp 10.0.2.109 3683 -> 160.80.52.122 5029 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 02:32:26.380349 0.046954 tcp 10.0.2.109 49961 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:32:26.427669 0.045719 tcp 10.0.2.109 49962 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:32:26.473751 0.162700 tcp 10.0.2.109 49963 -> 195.113.214.222 443 SRPA* 0 0 24 10258 flow=From-Botnet-V1-TCP-Established 1970/01/04 02:32:26.636650 0.160551 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 198 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:26.797593 0.138410 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/04 02:32:56.815494 3.001164 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 02:33:03.822963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:33:11.823986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:33:27.827212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:33:59.833336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:40:03.838421 3.002251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 02:40:10.846656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:40:18.848306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:40:34.850970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:41:06.857024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:47:10.863234 3.001527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 02:47:17.870704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:47:25.871637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:47:41.875165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:48:13.881340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:54:17.886751 3.001684 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 02:54:24.894408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:54:32.896089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:54:48.898886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 02:55:20.904677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:01:24.911404 3.000937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 03:01:31.918222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:01:36.845919 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 03:01:36.846264 2.011184 tcp 10.0.2.109 49964 -> 211.38.175.27 4598 FSPA* 0 0 15 1745 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:01:39.919912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:01:55.922677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:02:27.928862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:02:36.892249 0.187542 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:02:37.080171 0.000000 udp 10.0.2.109 3683 -> 31.197.209.67 1519 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 03:02:41.708901 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 03:02:53.038045 0.046367 tcp 10.0.2.109 49965 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:02:53.084770 0.050117 tcp 10.0.2.109 49966 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:02:53.135160 0.159738 tcp 10.0.2.109 49967 -> 195.113.214.222 443 SRPA* 0 0 40 21154 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:02:53.295269 0.000000 udp 10.0.2.109 3683 -> 160.80.52.122 5029 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 03:03:08.779495 0.044534 tcp 10.0.2.109 49968 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:03:08.824321 0.046832 tcp 10.0.2.109 49969 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:03:08.871459 0.193343 tcp 10.0.2.109 49970 -> 195.113.214.222 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:03:09.065331 0.167758 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:09.233506 0.118458 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:09.352326 0.147438 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:09.500166 0.145131 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:09.645680 0.193574 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:09.839690 0.043967 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:09.884104 0.158530 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:10.043082 0.185743 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:10.229219 0.074923 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:10.304570 0.213826 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:10.518886 0.215074 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:10.734462 0.098293 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:10.833125 0.150764 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:10.984257 0.177798 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:11.162437 0.251079 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:11.413957 0.107248 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:11.521677 0.143199 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:11.665300 0.156689 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:11.822423 0.196800 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:12.019598 0.371373 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:12.391365 0.283257 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:12.675018 0.143997 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:12.819431 0.165804 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:12.985645 0.155449 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:13.141463 0.174183 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:13.316067 0.228835 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:13.545327 0.189489 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:13.735226 0.098857 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:13.834525 0.160161 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:03:13.995124 0.137430 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:08:31.934986 3.001407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 03:08:38.942057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:08:46.943975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:09:02.946861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:09:34.953148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:15:38.959276 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 03:15:45.966611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:15:53.968087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:16:09.970774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:16:41.976521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:22:45.982816 3.001563 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 03:22:52.989925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:23:00.992162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:23:16.994697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:23:49.000857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:29:53.006479 3.001611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 03:30:00.014306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:30:08.016039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:30:24.019157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:30:56.024607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:31:38.856518 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 03:31:38.856697 0.347874 tcp 10.0.2.109 49971 -> 211.38.175.27 4598 SPA_* 0 0 9 1072 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:31:44.028997 0.001867 tcp 10.0.2.109 49971 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:33:40.070896 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 03:33:40.071130 0.189618 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:33:40.261161 0.147952 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:33:40.409534 0.146802 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:33:40.556749 0.188810 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:33:40.745929 0.042921 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:33:40.789281 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 03:33:59.411451 0.045957 tcp 10.0.2.109 49972 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:33:59.457755 0.045931 tcp 10.0.2.109 49973 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:33:59.503981 0.157809 tcp 10.0.2.109 49974 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:33:59.662537 0.121098 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:33:59.784067 0.154690 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:33:59.939171 0.191277 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:00.130821 0.092443 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:00.223647 0.209793 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:00.433857 0.000000 udp 10.0.2.109 3683 -> 162.202.134.145 3979 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 03:34:18.687445 0.045943 tcp 10.0.2.109 49975 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:34:18.733621 0.047347 tcp 10.0.2.109 49976 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:34:18.781259 0.167582 tcp 10.0.2.109 49977 -> 195.113.214.222 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/04 03:34:18.949583 0.101332 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:19.051366 0.151470 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:19.203270 0.197224 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:19.400910 0.350243 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:19.751564 0.107185 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:19.859123 0.143042 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:20.002569 0.156393 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:20.159412 0.297969 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:20.457803 0.147568 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:20.605797 0.165024 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:20.771171 0.335067 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:21.106670 0.280243 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:21.387262 0.150466 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:21.538170 0.194578 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:21.733186 0.227413 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:21.961008 0.245558 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:22.206958 0.060348 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:22.267687 0.160442 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:34:22.428547 0.139908 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/04 03:37:00.031183 3.000894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 03:37:07.038415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:37:15.040009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:37:31.042699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:38:03.048544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:44:07.055457 3.000620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 03:44:14.062046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:44:22.063796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:44:38.066515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:45:10.072899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:51:14.079946 3.000872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 03:51:21.085933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:51:29.087537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:51:45.090800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:52:17.096440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:58:21.102955 3.001504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 03:58:28.110282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:58:36.111360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:58:52.114642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 03:59:24.120307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:01:44.032317 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 04:01:44.032443 3.118664 tcp 10.0.2.109 49978 -> 211.38.175.27 4598 FSPA* 0 0 15 1768 flow=From-Botnet-V1-TCP-Established 1970/01/04 04:04:27.898051 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 04:04:27.898177 0.167392 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:28.065954 0.214078 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:28.280434 0.183120 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:28.463942 0.044989 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:28.509383 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 04:04:47.418586 0.046545 tcp 10.0.2.109 49979 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 04:04:47.465477 0.086318 tcp 10.0.2.109 49980 -> 195.113.214.222 80 SRPA* 0 0 36 34596 flow=From-Botnet-V1-TCP-Established 1970/01/04 04:04:47.552418 0.144600 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:47.697376 0.184445 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:47.882229 0.156838 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:48.039516 0.118246 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:48.158120 0.086455 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:48.244991 0.182741 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:48.428139 0.210571 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:48.639062 0.107113 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:48.746550 0.151194 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:48.898212 0.187716 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:49.086474 0.247681 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:49.334529 0.094777 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:49.429731 0.141484 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:49.571644 0.143702 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:49.715740 0.167168 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:49.883337 0.157299 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:50.040990 0.195761 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:50.237149 0.335724 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:50.573262 0.283086 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:50.856753 0.155408 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:51.012693 0.162422 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:51.175524 0.218363 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:51.394282 0.161185 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:51.555847 0.138172 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:51.694456 0.224158 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:04:51.918977 0.061093 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:05:28.126999 3.001118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 04:05:35.134293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:05:43.135753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:05:59.138375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:06:31.144608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:12:35.149891 3.002163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 04:12:42.157667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:12:50.159626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:13:06.162805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:13:38.168949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:19:42.175303 3.000825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 04:19:49.181812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:19:57.183839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:20:13.186417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:20:45.192276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:26:49.198386 3.001989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 04:26:56.206012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:27:04.207675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:27:20.210148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:27:52.216852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:31:47.154750 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 04:31:47.154868 2.158376 tcp 10.0.2.109 49981 -> 211.38.175.27 4598 FSPA* 0 0 14 1724 flow=From-Botnet-V1-TCP-Established 1970/01/04 04:33:56.222796 3.001155 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 04:34:03.230188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:34:11.231643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:34:27.234858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:34:53.482597 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 04:34:53.482723 0.147564 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:34:53.630808 0.042607 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:34:53.673847 0.225006 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:34:53.899271 0.164658 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:34:54.064361 0.182895 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:34:54.247659 0.145449 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:34:54.393532 0.186412 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:34:54.580354 0.169329 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:34:54.750237 0.000000 udp 10.0.2.109 3683 -> 176.222.173.240 1190 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 04:34:59.240530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:35:10.309133 0.045755 tcp 10.0.2.109 49982 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 04:35:10.355165 0.047695 tcp 10.0.2.109 49983 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 04:35:10.403160 0.158345 tcp 10.0.2.109 49984 -> 195.113.214.222 443 SRPA* 0 0 41 22428 flow=From-Botnet-V1-TCP-Established 1970/01/04 04:35:10.562229 0.088254 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:10.650866 0.182878 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:10.834134 0.214480 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:11.049009 0.324398 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:11.373802 0.150669 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:11.524878 0.181065 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:11.706491 0.368422 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:12.075313 0.094807 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:12.170521 0.144250 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:12.315188 0.146329 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:12.461933 0.166663 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:12.628940 0.334506 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:12.963838 0.284982 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:13.249226 0.152209 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:13.401784 0.156746 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:13.558970 0.339704 udp 10.0.2.109 3683 <-> 122.176.57.240 8482 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:13.899083 0.160738 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:14.060183 0.228435 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:14.289043 0.160184 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:14.449665 0.136702 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:14.586736 0.185804 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:35:14.773069 0.065623 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 04:41:03.246721 3.001137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 04:41:10.254360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:41:18.255662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:41:34.258234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:42:06.264240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:48:10.270861 3.000963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 04:48:17.278273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:48:25.279826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:48:41.282592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:49:13.288008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:55:17.293872 3.001810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 04:55:24.301752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:55:32.303259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:55:48.306236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 04:56:20.312313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:01:49.315988 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 05:01:49.316110 2.160081 tcp 10.0.2.109 49985 -> 211.38.175.27 4598 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:02:24.318874 3.001066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 05:02:31.325618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:02:39.327268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:02:55.329954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:03:27.335958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:05:30.233066 0.000183 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 05:05:30.233357 0.119510 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:30.353353 0.212941 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:30.566717 0.146685 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:30.713857 0.042133 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:30.756400 0.389466 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:31.146434 0.184068 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:31.330850 0.169759 udp 10.0.2.109 3683 <-> 108.217.233.48 8312 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:31.501027 0.187367 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:31.688799 0.165592 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:31.854820 0.074563 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:31.929754 0.183620 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:32.113803 0.150398 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:32.264586 0.178767 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:32.443759 0.210659 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:32.654839 0.102774 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:32.757969 0.261298 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:33.019635 0.094652 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:33.114700 0.141331 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:33.256389 0.147535 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:33.404335 0.164598 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:33.569364 0.376910 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:33.946646 0.157131 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:34.104184 0.000000 udp 10.0.2.109 3683 -> 122.176.57.240 8482 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 05:05:49.493458 0.046181 tcp 10.0.2.109 49986 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:05:49.539942 0.046251 tcp 10.0.2.109 49987 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:05:49.586476 0.153732 tcp 10.0.2.109 49988 -> 195.113.214.222 443 SRPA* 0 0 32 17620 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:05:49.740723 0.283546 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:50.024742 0.152322 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:50.177492 0.159203 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:50.337089 0.219513 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:50.557051 0.159286 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:50.716753 0.134647 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:50.851757 0.185121 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:05:51.037239 0.062358 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:09:31.341852 3.001819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 05:09:38.349906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:09:46.351568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:10:02.354065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:10:34.360095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:16:38.366564 3.001315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 05:16:45.373625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:16:53.375242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:17:09.378335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:17:41.384323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:23:45.389611 3.002478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 05:23:52.397837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:24:00.398813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:24:16.402058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:24:48.408435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:30:52.413848 3.002232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 05:30:59.421866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:31:07.423611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:31:23.426006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:31:51.476955 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 05:31:51.477065 2.149775 tcp 10.0.2.109 49989 -> 211.38.175.27 4598 FSPA* 0 0 15 1701 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:31:55.432266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:35:52.713508 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 05:35:52.713656 0.195610 udp 10.0.2.109 3683 -> 122.176.57.240 8482 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 05:35:52.909266 0.000000 icmp 122.176.57.240 0x0303 -> 10.0.2.109 0x2221 URP 192 1 298 flow=Background 1970/01/04 05:36:10.160665 0.045964 tcp 10.0.2.109 49990 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:36:10.206882 0.045804 tcp 10.0.2.109 49991 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:36:10.252998 0.156880 tcp 10.0.2.109 49992 -> 195.113.214.222 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:36:10.410571 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 05:36:28.175125 0.044651 tcp 10.0.2.109 49993 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:36:28.220058 0.088770 tcp 10.0.2.109 49994 -> 195.113.214.222 80 SRPA* 0 0 30 19754 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:36:28.309475 0.041932 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:28.351842 0.114932 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:28.467173 0.215035 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:28.682624 0.000000 udp 10.0.2.109 3683 -> 108.217.233.48 8312 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 05:36:47.172881 0.045498 tcp 10.0.2.109 49995 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:36:47.218657 0.088607 tcp 10.0.2.109 49996 -> 195.113.214.222 80 SRPA* 0 0 38 24219 flow=From-Botnet-V1-TCP-Established 1970/01/04 05:36:47.307474 0.181125 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:47.489023 0.165997 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:47.655454 0.074279 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:47.730320 0.146606 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:47.877344 0.184497 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:48.062299 0.183111 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:48.245829 0.178462 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:48.424695 0.211693 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:48.636774 0.104028 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:48.741207 0.150555 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:48.892132 0.148100 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:49.040641 0.164550 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:49.205541 0.337059 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:49.542951 0.107344 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:49.650725 0.248291 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:49.899414 0.142686 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:50.042480 0.158334 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:50.201257 0.284433 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:50.486039 0.294166 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:50.780695 0.180762 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:50.961871 0.219917 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:51.182248 0.160901 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:51.343570 0.137280 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:51.481258 0.193312 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:36:51.674998 0.060299 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/04 05:37:59.438347 3.001129 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 05:38:06.445325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:38:14.447455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:38:30.450282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:39:02.456005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:45:06.462697 3.000912 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 05:45:13.469732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:45:21.471241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:45:37.474064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:46:09.479914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:52:13.486401 3.001245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 05:52:20.493167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:52:28.495488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:52:44.497760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:53:16.504127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:59:20.510754 3.000736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 05:59:27.517343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:59:35.518662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 05:59:51.521850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:00:23.527750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:01:53.628172 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 06:01:53.628285 2.194821 tcp 10.0.2.109 49997 -> 211.38.175.27 4598 FSPA* 0 0 14 1625 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:06:27.534201 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 06:06:34.541680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:06:42.543006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:06:58.545739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:07:00.980203 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 06:07:00.980304 0.147088 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:01.127801 0.000000 udp 10.0.2.109 3683 -> 108.217.233.48 8312 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 06:07:17.155927 0.046297 tcp 10.0.2.109 49998 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:07:17.202548 0.046444 tcp 10.0.2.109 49999 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:07:17.248879 0.152800 tcp 10.0.2.109 50000 -> 195.113.214.222 443 SRPA* 0 0 21 11346 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:07:17.402745 0.118340 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:17.521465 0.041656 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:17.563531 0.213959 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:17.777910 0.180501 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:17.958780 0.167243 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:18.126594 0.080109 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:18.207067 0.148950 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:18.356381 0.189284 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:18.546241 0.231846 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:18.778456 0.107913 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:18.886801 0.251351 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:19.138551 0.184163 udp 10.0.2.109 3683 <-> 99.70.228.155 4205 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:19.323054 0.185501 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:19.508918 0.144618 udp 10.0.2.109 3683 <-> 70.27.95.199 7808 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:19.653993 0.164721 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:19.819119 0.337255 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:20.156862 0.107350 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:20.265011 0.556013 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:20.821445 0.280077 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:21.101884 0.152901 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:21.255186 0.164298 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:21.419862 0.142396 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:21.562693 0.158439 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:21.721511 0.209690 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:21.931605 0.161067 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:22.093099 0.138264 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:22.231792 0.185428 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:22.417631 0.056232 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:07:30.551708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:13:34.558408 3.001098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 06:13:41.565717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:13:49.567094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:14:05.569732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:14:37.575914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:20:41.582514 3.001229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 06:20:48.589339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:20:56.590903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:21:12.593911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:21:44.599771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:27:48.605845 3.001804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 06:27:55.613675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:28:03.614891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:28:19.618157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:28:51.623885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:31:55.829607 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 06:31:55.829741 2.221882 tcp 10.0.2.109 50001 -> 211.38.175.27 4598 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:34:55.630355 3.001255 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 06:35:02.637328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:35:10.638742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:35:26.641676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:35:58.647553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:37:47.414336 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 06:37:47.414452 0.147507 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:47.562483 0.217354 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:47.780253 0.184622 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:47.965269 0.121016 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:48.086644 0.042480 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:48.129522 0.166715 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:48.296630 0.080399 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:48.377431 0.147036 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:48.524872 0.178621 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:48.703915 0.210985 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:48.915324 0.104063 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:49.019820 0.149799 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:37:49.170014 0.000000 udp 10.0.2.109 3683 -> 99.70.228.155 4205 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 06:38:08.136566 0.046160 tcp 10.0.2.109 50002 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:38:08.183021 0.088674 tcp 10.0.2.109 50003 -> 195.113.214.222 80 SRPA* 0 0 75 55557 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:38:08.272435 0.183876 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:08.456674 0.000000 udp 10.0.2.109 3683 -> 70.27.95.199 7808 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 06:38:23.657534 0.046141 tcp 10.0.2.109 50004 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:38:23.704033 0.048157 tcp 10.0.2.109 50005 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:38:23.752512 0.161234 tcp 10.0.2.109 50006 -> 195.113.214.222 443 SRPA* 0 0 33 18764 flow=From-Botnet-V1-TCP-Established 1970/01/04 06:38:23.914508 0.164656 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:24.079567 0.288406 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:24.368387 0.336377 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:24.705169 0.107186 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:24.812704 0.286326 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:25.099534 0.157639 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:25.257579 0.157729 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:25.415735 0.141887 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:25.558069 0.156784 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:25.715212 0.209334 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:25.924994 0.185674 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:26.111080 0.062674 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:26.174214 0.161581 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:38:26.336254 0.136671 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/04 06:42:02.654858 3.000441 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 06:42:09.660923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:42:17.662694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:42:33.666265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:43:05.672181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:49:09.678302 3.001648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 06:49:16.685109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:49:24.687072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:49:40.689699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:50:12.695993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:56:16.701940 3.001832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 06:56:23.708991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:56:31.710736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:56:47.713377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 06:57:19.719894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:01:58.060224 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 07:01:58.060330 2.122281 tcp 10.0.2.109 50007 -> 211.38.175.27 4598 FSPA* 0 0 15 1574 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:03:23.725299 3.002001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 07:03:30.732960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:03:38.734869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:03:54.737748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:04:26.743715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:08:50.553627 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 07:08:50.553734 0.000000 udp 10.0.2.109 3683 -> 70.27.95.199 7808 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 07:09:07.379544 0.046264 tcp 10.0.2.109 50008 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:09:07.426164 0.047452 tcp 10.0.2.109 50009 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:09:07.473588 0.159141 tcp 10.0.2.109 50010 -> 195.113.214.222 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:09:07.631661 0.000000 udp 10.0.2.109 3683 -> 99.70.228.155 4205 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 07:09:24.092717 0.045945 tcp 10.0.2.109 50011 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:09:24.138469 0.046248 tcp 10.0.2.109 50012 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:09:24.185046 0.161702 tcp 10.0.2.109 50013 -> 195.113.214.222 443 SRPA* 0 0 32 17994 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:09:24.345666 0.184414 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:24.530506 0.214122 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:24.745028 0.146327 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:24.891799 0.166308 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:25.058535 0.088873 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:25.147842 0.148273 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:25.296483 0.178582 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:25.475420 0.243154 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:25.718982 0.121182 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:25.840603 0.040439 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:25.881442 0.154556 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:26.036356 0.104522 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:26.141229 0.183520 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:26.325175 0.265310 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:26.590851 0.337894 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:26.929176 0.094735 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:27.024321 0.169841 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:27.194583 0.287496 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:27.482481 0.153181 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:27.636074 0.159080 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:27.795608 0.140587 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:09:27.936579 0.000000 udp 10.0.2.109 3683 -> 99.26.224.9 5585 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 07:09:43.340111 0.045774 tcp 10.0.2.109 50014 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:09:43.386411 0.047339 tcp 10.0.2.109 50015 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:09:43.433681 0.154711 tcp 10.0.2.109 50016 -> 195.113.214.222 443 SRPA* 0 0 35 18856 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:09:43.587470 0.000000 udp 10.0.2.109 3683 -> 76.219.229.27 4508 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 07:10:01.887221 0.045947 tcp 10.0.2.109 50017 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:10:01.933521 0.088788 tcp 10.0.2.109 50018 -> 195.113.214.222 80 SRPA* 0 0 20 14735 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:10:02.022802 0.159550 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:10:02.182768 0.131658 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:10:02.314804 0.188855 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:10:02.504093 0.063894 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:10:30.749461 3.002111 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 07:10:37.756790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:10:45.758803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:11:01.761586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:11:33.767820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:17:37.774388 3.000602 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 07:17:44.781261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:17:52.782607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:18:18.027760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:18:54.554825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:24:53.537910 2.961482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 07:25:00.444755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:25:08.334412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:25:24.121223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:25:55.694345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:31:53.954554 3.002113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 07:32:00.962044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:32:02.294515 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 07:32:02.294740 2.760196 tcp 10.0.2.109 50019 -> 211.38.175.27 4598 FSPA* 0 0 14 1610 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:32:08.963588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:32:24.967105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:32:56.972443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:39:00.979222 3.001045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 07:39:07.986307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:39:15.987543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:39:31.990532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:40:03.996277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:40:32.417582 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 07:40:32.417684 0.395694 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:32.813749 0.452888 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:33.267026 0.477915 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:33.745368 0.415789 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:34.161553 0.388865 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:34.550845 0.399366 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:34.950553 0.419863 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:35.370809 0.427795 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:35.799026 0.373709 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:36.173185 0.281312 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:36.454895 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 07:40:52.849872 0.560679 tcp 10.0.2.109 50020 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:40:53.410831 0.558039 tcp 10.0.2.109 50021 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:40:53.969176 1.140124 tcp 10.0.2.109 50022 -> 195.113.214.222 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/04 07:40:55.110244 0.367228 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:55.477888 0.741185 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:56.219518 0.592878 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:56.812744 0.397627 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:57.210770 0.349072 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:57.560197 0.407603 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:57.968234 0.535878 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:58.504441 0.401227 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:58.906060 0.408649 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:59.315120 0.368137 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:40:59.683653 0.413517 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:41:00.097599 0.306491 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 594 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:41:00.404488 0.519676 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:41:00.924588 0.308120 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:41:01.233053 0.404565 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:41:01.638041 0.393055 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/04 07:46:22.003646 3.000813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 07:46:29.010025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:46:37.011695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:46:53.014808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:47:25.020376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:53:29.027262 3.000786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 07:53:36.034136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:53:44.035879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:54:00.038440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 07:54:32.044924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:00:36.049948 3.002421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 08:00:43.058109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:00:51.059890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:01:07.062530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:01:39.068784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:02:05.056257 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 08:02:05.056487 2.636605 tcp 10.0.2.109 50023 -> 211.38.175.27 4598 FSPA* 0 0 12 1538 flow=From-Botnet-V1-TCP-Established 1970/01/04 08:07:43.074787 3.001808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 08:07:50.081894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:07:58.083527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:08:14.086324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:08:46.092870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:11:24.380431 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 08:11:24.380540 0.432951 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:24.813931 0.407997 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:25.222325 0.456881 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:25.679575 0.461356 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:26.141275 0.365674 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:26.507324 0.369322 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:26.877021 0.410337 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:27.287746 0.424565 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:27.712712 0.461143 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:28.174260 0.296534 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:28.471146 0.328299 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:28.799802 0.362729 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:29.162954 0.499573 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:29.662885 0.575590 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:30.238855 0.378552 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:30.617757 0.316025 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:30.934200 0.434658 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:31.369243 0.509753 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:31.879353 0.397596 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:32.277347 0.405034 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:32.682741 0.385378 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:33.068533 0.414240 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:33.483198 0.311001 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:33.794585 0.442390 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:34.237328 0.284735 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:34.522561 0.398687 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:11:34.921685 0.385508 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:14:50.098645 3.001953 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 08:14:57.105747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:15:05.107754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:15:21.110396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:15:53.116922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:21:57.123140 3.000911 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 08:22:04.129904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:22:12.131178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:22:28.134394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:23:00.140774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:29:04.147225 3.000770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 08:29:11.154292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:29:19.155786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:29:35.158584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:30:07.164628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:32:07.698408 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 08:32:07.698646 2.603839 tcp 10.0.2.109 50024 -> 211.38.175.27 4598 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/01/04 08:36:11.170754 3.001617 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 08:36:18.177742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:36:26.179243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:36:42.182350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:37:14.189057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:41:36.706264 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 08:41:36.706399 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 08:41:55.235350 0.550306 tcp 10.0.2.109 50025 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 08:41:55.785914 0.538290 tcp 10.0.2.109 50026 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 08:41:56.324488 1.103785 tcp 10.0.2.109 50027 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/04 08:41:57.429011 0.402100 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:41:57.831504 0.459560 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:41:58.291522 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 08:42:16.704761 0.531440 tcp 10.0.2.109 50028 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 08:42:17.236531 0.554088 tcp 10.0.2.109 50029 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 08:42:17.790948 1.127393 tcp 10.0.2.109 50030 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/04 08:42:18.918942 0.472569 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:19.391912 0.456225 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:19.848541 0.407972 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:20.257694 0.432322 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:20.690436 0.000000 udp 10.0.2.109 3683 -> 81.133.186.146 7761 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 08:42:34.798170 0.000000 udp 10.0.2.109 3683 <- 81.133.186.146 7761 RSP 0 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 08:42:34.798549 0.466436 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:35.265350 0.287937 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:35.553703 0.337108 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:35.891177 1.160526 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:37.052072 0.552430 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:37.604912 0.397258 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:38.002635 0.349398 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:38.352450 0.431363 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:38.784219 0.506224 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:39.290866 0.393997 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:39.685226 0.414374 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:40.100027 0.401060 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:40.501425 0.411031 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:40.912818 0.328741 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:41.241968 0.409835 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:41.652203 0.418707 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:42.071330 0.307828 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:42:42.379556 0.386797 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/04 08:43:18.196184 2.999808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 08:43:25.201999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:43:33.203649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:43:49.206564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:44:21.212199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:50:25.218336 3.001799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 08:50:32.225978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:50:40.227604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:50:56.230697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:51:28.236058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:57:32.242442 3.001253 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 08:57:39.249894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:57:47.251346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:58:03.254163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 08:58:35.260142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:02:10.310222 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 09:02:10.310321 2.635405 tcp 10.0.2.109 50031 -> 211.38.175.27 4598 FSPA* 0 0 15 1661 flow=From-Botnet-V1-TCP-Established 1970/01/04 09:04:39.266619 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 09:04:46.273663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:04:54.275214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:05:10.278588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:05:42.284596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:11:46.291027 3.001116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 09:11:53.297571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:12:01.299438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:12:17.301943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:12:49.308124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:12:59.262733 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 09:12:59.262831 0.414035 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:12:59.677277 0.400300 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:00.077945 0.398754 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:00.477122 0.454503 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:00.932066 0.457344 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:01.389748 0.396133 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:01.786360 0.439034 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:02.225742 0.398551 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:02.624693 0.346722 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:02.971811 0.335564 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:03.307860 0.456348 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:03.764588 0.283235 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:04.048227 0.693542 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:04.742183 0.581568 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:05.324133 0.393610 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:05.718257 0.331961 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:06.050639 0.429369 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:06.480419 0.491946 rtcp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:06.972722 0.403251 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:07.376388 0.409206 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:07.785984 0.407113 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:08.193566 0.463052 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:08.656977 0.341008 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:08.998400 0.413760 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:09.412526 0.545116 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:09.958116 0.431127 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:13:10.389662 0.314514 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:18:53.315131 3.000944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 09:19:00.321352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:19:08.323439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:19:24.326146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:19:56.332008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:26:00.338648 3.001030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 09:26:07.345593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:26:15.346814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:26:31.349961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:27:03.356086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:32:12.952330 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 09:32:12.952435 2.704626 tcp 10.0.2.109 50032 -> 211.38.175.27 4598 FSPA* 0 0 14 1569 flow=From-Botnet-V1-TCP-Established 1970/01/04 09:33:07.361973 3.002143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 09:33:14.369636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:33:22.371218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:33:38.374318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:34:10.380022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:40:14.386907 3.000830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 09:40:21.393361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:40:29.395433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:40:45.397795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:41:17.403826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:43:21.032380 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 09:43:21.032516 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 09:43:36.556749 0.534368 tcp 10.0.2.109 50033 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 09:43:37.091383 0.511470 tcp 10.0.2.109 50034 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 09:43:37.603098 1.166621 tcp 10.0.2.109 50035 -> 195.113.214.222 443 SRPA* 0 0 23 13794 flow=From-Botnet-V1-TCP-Established 1970/01/04 09:43:38.770517 0.477328 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:39.248207 0.364856 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:39.613558 0.391176 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:40.005161 0.464780 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:40.470483 0.394273 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:40.865150 0.413244 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:41.278794 0.431300 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:41.710528 0.378501 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:42.089438 0.305761 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:42.395551 0.336237 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:42.732215 0.458562 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:43.191194 0.499643 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:43.691207 0.587210 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:44.278791 0.396972 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:44.676181 0.359703 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:45.036312 0.397440 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:45.434122 0.538704 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:45.973172 0.400295 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:46.373885 0.429642 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:46.803941 0.395096 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:47.199455 0.421917 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:47.621768 0.355438 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:47.977586 0.405165 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:48.383177 0.383368 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:48.766934 0.433400 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:43:49.200754 0.316465 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/04 09:47:21.410823 3.001269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 09:47:28.417649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:47:36.419308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:47:52.422575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:48:24.428379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:54:28.434735 3.001100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 09:54:35.441835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:54:43.442683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:54:59.445798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 09:55:31.451736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:01:35.458392 3.001765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 10:01:42.465472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:01:50.467268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:02:06.469734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:02:15.663346 0.000180 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 10:02:15.663626 2.662562 tcp 10.0.2.109 50036 -> 211.38.175.27 4598 FSPA* 0 0 14 1530 flow=From-Botnet-V1-TCP-Established 1970/01/04 10:02:38.476401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:08:42.481965 3.001392 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 10:08:49.489777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:08:57.490881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:09:13.493959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:09:45.499996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:13:56.301184 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 10:13:56.301295 0.412216 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:13:56.713966 0.419420 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:13:57.133820 0.452391 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:13:57.586622 0.392370 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:13:57.979374 0.460577 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:13:58.440346 0.401501 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:13:58.842443 0.417986 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:13:59.260827 0.383968 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:13:59.645223 0.367309 udp 10.0.2.109 3683 <-> 176.222.173.240 1190 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:00.012880 0.338160 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:00.351384 0.289881 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:00.641607 0.479900 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:01.121957 0.497727 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:01.620110 0.562736 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:02.183214 0.391079 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:02.574705 0.347970 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:02.923043 0.426034 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:03.349514 0.518600 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:03.868591 0.398752 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:04.267761 0.384855 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:04.653055 0.377011 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:05.030484 0.405366 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:05.436270 0.334561 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:05.771169 0.413657 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:06.185318 0.370396 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:06.556109 0.575650 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:14:07.132178 0.319591 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:15:49.506565 3.001506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 10:15:56.513648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:16:04.515141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:16:20.517768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:16:52.523920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:22:56.530017 3.001712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 10:23:03.537344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:23:11.538793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:23:27.541953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:23:59.547875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:30:03.554311 3.001402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 10:30:10.561134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:30:18.562803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:30:34.565677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:31:06.571655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:32:18.325127 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 10:32:18.325228 2.659576 tcp 10.0.2.109 50037 -> 211.38.175.27 4598 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/01/04 10:37:10.578510 3.001238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 10:37:17.585580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:37:25.587466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:37:41.589898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:38:13.595852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:44:10.860185 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 10:44:10.860307 0.425551 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:11.286396 0.392575 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:11.679383 0.403741 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:12.083530 0.460123 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:12.544048 0.452481 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:12.997009 0.357677 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:13.355065 0.422598 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:13.778056 0.424317 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:14.202775 0.000000 udp 10.0.2.109 3683 -> 176.222.173.240 1190 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 10:44:17.601642 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 10:44:24.609604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:44:31.231171 0.550365 tcp 10.0.2.109 50038 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 10:44:31.781890 0.522303 tcp 10.0.2.109 50039 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 10:44:32.304501 1.401785 tcp 10.0.2.109 50040 -> 195.113.214.222 443 SRPA* 0 0 32 24042 flow=From-Botnet-V1-TCP-Established 1970/01/04 10:44:32.611015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:44:33.706863 0.325226 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:34.032491 0.293747 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:34.326604 0.421584 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:34.748529 0.499895 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:35.248858 0.580023 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:35.829297 0.390529 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:36.220163 0.465563 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:36.686077 0.400609 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:37.087033 0.537602 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:37.624988 0.383686 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:38.009037 0.406745 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:38.416176 0.410338 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:38.826915 0.392445 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:39.219795 0.352083 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:39.572248 0.413543 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:39.986178 0.384038 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:40.370646 0.431908 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:40.802938 0.311908 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/04 10:44:48.613701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:45:20.619534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:51:24.626079 3.001523 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 10:51:31.633342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:51:39.635153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:51:55.637435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:52:27.644027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:58:31.649659 3.001745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 10:58:38.656869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:58:46.658559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:59:02.661894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 10:59:34.667693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:02:20.986954 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 11:02:20.987165 2.727927 tcp 10.0.2.109 50041 -> 211.38.175.27 4598 FSPA* 0 0 14 1642 flow=From-Botnet-V1-TCP-Established 1970/01/04 11:05:38.674305 3.001313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 11:05:45.681393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:05:53.682817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:06:09.685358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:06:41.691776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:12:45.698176 3.001125 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 11:12:52.704829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:13:00.706955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:13:16.709669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:13:48.715349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:14:54.280198 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 11:14:54.280361 0.000000 udp 10.0.2.109 3683 -> 176.222.173.240 1190 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 11:15:12.948856 0.535945 tcp 10.0.2.109 50042 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 11:15:13.485050 0.524421 tcp 10.0.2.109 50043 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 11:15:14.009828 1.155112 tcp 10.0.2.109 50044 -> 195.113.214.222 443 FSRP* 0 0 28 9300 flow=From-Botnet-V1-TCP-Established 1970/01/04 11:15:15.165124 0.418910 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:15.584402 0.389310 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:15.974136 0.467820 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:16.442385 0.408544 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:16.851313 0.454379 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:17.306032 0.435117 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:17.741544 0.391862 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:18.133752 0.438694 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:18.572878 0.332424 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:18.905667 0.278914 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:19.185020 0.429873 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:19.615318 0.494544 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:20.110314 0.588960 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:20.699677 0.365786 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:21.065828 0.333345 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:21.399565 0.387838 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:21.787799 0.443285 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:22.231479 0.519907 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:22.751808 0.406086 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:23.158273 0.433568 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:23.592247 0.393655 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:23.986356 0.407025 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:24.393789 0.358319 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:24.752559 0.379782 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:25.132743 0.435447 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:15:25.568559 0.305871 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:19:52.722727 3.000738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 11:19:59.729270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:20:07.730347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:20:23.733551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:20:55.739808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:26:59.745939 3.001760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 11:27:06.753239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:27:14.754726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:27:30.757810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:28:02.763857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:32:23.719490 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 11:32:23.719589 2.604294 tcp 10.0.2.109 50045 -> 211.38.175.27 4598 FSPA* 0 0 14 1676 flow=From-Botnet-V1-TCP-Established 1970/01/04 11:34:06.770374 3.000798 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 11:34:13.777402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:34:21.778654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:34:37.781709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:35:09.787612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:41:13.794364 3.000869 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 11:41:20.801246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:41:28.802817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:41:44.805711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:42:16.811802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:45:42.247180 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 11:45:42.247317 0.385485 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:42.633160 0.364474 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:42.998056 0.433487 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:43.431939 0.408528 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:43.840894 0.499720 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:44.341023 0.435275 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:44.776719 0.407934 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:45.185076 0.435843 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:45.621317 0.323554 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:45.945244 0.282809 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:46.228445 0.455630 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:46.684488 0.501266 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:47.186162 0.583596 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:47.770193 0.444976 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:48.215550 0.345146 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:48.561079 0.403875 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:48.965357 0.429261 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:49.395019 0.506881 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:49.902434 0.377154 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:50.279994 0.401609 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:50.682019 0.403400 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:51.085841 0.417226 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:51.503478 0.313945 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:51.817860 0.319536 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:52.137823 0.439939 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:45:52.578335 0.491005 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 11:48:20.817926 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 11:48:27.824991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:48:35.826277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:48:51.829187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:49:23.835882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:55:27.842009 3.001030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 11:55:34.848951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:55:42.850449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:55:58.853419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 11:56:30.859902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:02:26.330861 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 12:02:26.331036 2.672064 tcp 10.0.2.109 50046 -> 211.38.175.27 4598 FSPA* 0 0 14 1611 flow=From-Botnet-V1-TCP-Established 1970/01/04 12:02:34.865916 3.001245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 12:02:41.872668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:02:49.874062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:03:05.877710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:03:37.883259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:09:41.889704 3.001740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 12:09:48.897059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:09:56.898570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:10:12.901162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:10:44.907637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:16:05.939282 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 12:16:05.939393 0.410664 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:06.350474 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 12:16:22.746365 0.534896 tcp 10.0.2.109 50047 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 12:16:23.281545 0.545348 tcp 10.0.2.109 50048 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 12:16:23.827209 1.127791 tcp 10.0.2.109 50049 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/04 12:16:24.955573 0.465818 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:25.421820 0.401142 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:25.823296 0.473594 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:26.297267 0.428472 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:26.726186 0.388292 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:27.114875 0.439138 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:27.554372 0.325782 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:27.880525 0.286108 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:28.166994 0.422721 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:28.590248 0.517130 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:29.107779 0.603689 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:29.711839 0.391561 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:30.103898 0.350498 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:30.454916 0.401556 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:30.856871 0.431191 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:31.288408 0.527438 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:31.816287 0.399336 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:32.216017 0.691050 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:32.907479 0.424306 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:33.332211 0.413147 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:33.745788 0.307906 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:34.054057 0.310027 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:34.364457 0.353340 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:34.718245 0.430039 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:16:48.913409 3.001698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 12:16:55.920847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:17:03.922083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:17:19.925899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:17:51.931401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:23:55.937875 3.001197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 12:24:02.944457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:24:10.946178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:24:26.949270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:24:58.955602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:31:02.961442 3.001507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 12:31:09.968925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:31:17.970373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:31:33.973230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:32:05.979023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:32:29.002706 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 12:32:29.002813 2.668402 tcp 10.0.2.109 50050 -> 211.38.175.27 4598 FSPA* 0 0 15 1649 flow=From-Botnet-V1-TCP-Established 1970/01/04 12:38:09.986092 3.000960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 12:38:16.993048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:38:24.993875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:38:40.997162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:39:13.003437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:45:17.008637 3.002606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 12:45:24.016568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:45:32.018149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:45:48.020919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:46:20.027579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:46:35.229389 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 12:46:35.229607 0.387899 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:35.617893 0.414790 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:36.033050 0.509024 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:36.542464 0.398838 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:36.941749 0.440643 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:37.382754 0.532288 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:37.915390 0.386170 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:38.301949 0.419574 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:38.721876 0.376352 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:39.098666 0.285778 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:39.385142 0.462996 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:39.848490 0.499745 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:40.348605 0.590917 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:40.939887 0.396285 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:41.336576 0.342947 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:41.679981 0.356120 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:42.036533 0.413206 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:42.450261 0.527079 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:42.977745 0.417339 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:43.395435 0.381319 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:43.777185 0.400724 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:44.178429 0.416177 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:44.595010 0.346642 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:44.942008 0.310480 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:45.252886 0.377957 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:46:45.631229 0.440228 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/04 12:52:24.032983 3.001655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 12:52:31.041077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:52:39.041939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:52:55.045162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:53:27.051102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:59:31.057083 3.001865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 12:59:38.064638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 12:59:46.066011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:00:02.069290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:00:34.075044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:02:31.674756 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 13:02:31.674844 4.746837 tcp 10.0.2.109 50051 -> 211.38.175.27 4598 FSPA* 0 0 15 1691 flow=From-Botnet-V1-TCP-Established 1970/01/04 13:06:38.081213 3.001941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 13:06:45.098746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:06:53.099938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:07:09.103191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:07:41.109537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:13:45.116058 3.000940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 13:13:52.122728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:14:00.123826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:14:16.127113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:14:48.134289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:17:02.085707 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 13:17:02.085804 0.393545 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:02.479743 0.405418 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:02.885569 0.467435 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:03.353507 0.419809 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:03.773740 0.454771 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:04.228934 0.435419 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:04.664712 0.399434 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:05.064535 0.417029 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:05.481943 0.461655 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:05.944038 0.353622 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:06.298070 0.271954 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:06.570597 0.463598 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:07.034597 0.606255 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:07.641255 0.389540 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:08.031243 0.353567 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:08.385218 0.385583 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:08.771148 0.431507 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:09.203098 0.526837 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:09.730384 0.436355 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:10.167178 0.400465 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:10.568033 0.394489 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:10.962962 0.376139 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:11.339509 0.339967 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:11.679906 0.310627 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:11.990885 0.383152 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:17:12.374430 0.755415 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:20:52.139029 3.002316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 13:20:59.147075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:21:07.147848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:21:23.150962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:21:55.156876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:27:59.163315 3.001276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 13:28:06.170580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:28:14.172010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:28:30.175079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:29:02.181113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:32:36.429938 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 13:32:36.430192 2.648574 tcp 10.0.2.109 50052 -> 211.38.175.27 4598 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/01/04 13:35:06.188065 3.000916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 13:35:13.194786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:35:21.195753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:35:37.199097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:36:09.205208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:42:13.211433 3.001561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 13:42:20.218112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:42:28.219971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:42:44.223089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:43:16.229279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:47:34.891536 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 13:47:34.891683 0.389788 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:35.281898 0.410409 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:35.692703 0.465718 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:36.158792 0.396351 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:36.555507 0.476010 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:37.031940 0.431313 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:37.463642 0.385149 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:37.849193 0.431943 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:38.281532 0.462971 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:38.744839 0.477557 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:39.222837 0.315344 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:39.538610 0.285646 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:39.824710 0.573501 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:40.398543 0.395415 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:40.794484 0.355563 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:41.150488 0.354625 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:41.505519 0.415712 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:41.921636 0.524738 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:42.446743 0.415763 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:42.862882 0.393657 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:43.256879 0.382663 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:43.639954 0.299417 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:43.939787 0.420550 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:44.360734 0.368208 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:44.729357 0.384654 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:47:45.114524 0.432616 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/04 13:49:20.235594 3.001289 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 13:49:27.242291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:49:35.243691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:49:51.247193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:50:23.253167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:56:27.258958 3.001619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 13:56:34.266346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:56:42.267683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:56:58.271044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 13:57:30.276577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:02:39.081535 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 14:02:39.081635 2.670269 tcp 10.0.2.109 50053 -> 211.38.175.27 4598 FSPA* 0 0 14 1572 flow=From-Botnet-V1-TCP-Established 1970/01/04 14:03:34.282903 3.001649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 14:03:41.290038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:03:49.292054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:04:05.294495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:04:37.300835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:10:41.307687 3.000494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 14:10:48.314180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:10:56.316134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:11:12.318849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:11:44.324932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:17:48.331003 3.001479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 14:17:55.338356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:18:03.339613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:18:04.261376 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 14:18:04.261499 0.385574 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:04.647442 0.391986 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:05.039879 0.424841 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:05.465059 0.464875 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:05.930356 0.395563 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:06.326335 0.433567 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:06.760313 0.391288 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:07.152034 0.405702 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:07.558185 0.461692 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:08.020264 0.280036 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:08.300704 0.504683 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:08.805751 0.314757 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:09.120910 0.588710 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:09.710030 0.406353 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:10.116801 0.441723 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:10.558958 0.555334 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:11.114655 0.383468 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:11.498525 0.533639 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:12.032580 0.401762 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:12.434707 0.381413 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:12.816479 0.397372 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:13.214309 0.312350 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:13.527105 0.416929 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:13.944463 0.342668 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:14.287520 0.392549 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:18:14.680466 0.000000 udp 10.0.2.109 3683 -> 99.22.147.130 2629 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 14:18:19.342480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:18:33.395034 0.564713 tcp 10.0.2.109 50054 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 14:18:33.959993 0.574115 tcp 10.0.2.109 50055 -> 195.113.214.222 80 SRPA* 0 0 18 13329 flow=From-Botnet-V1-TCP-Established 1970/01/04 14:18:51.348991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:24:55.355638 3.000494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 14:25:02.362315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:25:10.364009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:25:26.366800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:25:58.372855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:32:02.379362 3.000714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 14:32:09.386084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:32:17.387642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:32:33.391204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:32:41.753344 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 14:32:41.753588 2.736725 tcp 10.0.2.109 50056 -> 211.38.175.27 4598 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/01/04 14:33:05.397065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:39:09.402715 3.001458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 14:39:16.410418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:39:24.411760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:39:40.414879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:40:12.420900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:46:16.427102 3.001567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 14:46:23.434124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:46:31.435860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:46:47.438630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:47:19.444896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:48:44.427156 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 14:48:44.427359 0.433928 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:44.861713 0.394638 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:45.256769 0.426023 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:45.683183 0.452357 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:46.135951 0.466768 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:46.603076 0.416536 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:47.019989 1.204687 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:48.225080 0.382700 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:48.608198 0.474264 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:49.082831 0.420243 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:49.503425 0.501332 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:50.005107 0.277724 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:50.283238 0.582299 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:50.865960 0.318407 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:51.184766 0.359305 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:51.544489 0.405513 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:51.950429 0.527245 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:52.478032 0.359110 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:52.837527 0.392144 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:53.230073 0.413168 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:53.643661 0.410676 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:54.054703 0.434380 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:54.489432 0.301529 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:54.791368 0.411888 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:55.203605 0.325051 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:48:55.529035 0.383794 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/04 14:53:23.451283 3.001403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 14:53:30.457869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:53:38.459384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:53:54.463053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 14:54:26.468899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:00:30.474430 3.001993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 15:00:37.481901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:00:45.483395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:01:01.486763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:01:33.492396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:02:44.495293 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 15:02:44.495519 2.647266 tcp 10.0.2.109 50057 -> 211.38.175.27 4598 FSPA* 0 0 14 1580 flow=From-Botnet-V1-TCP-Established 1970/01/04 15:07:37.499498 3.001074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 15:07:44.506283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:07:52.507522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:08:08.510544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:08:40.516530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:14:44.523000 3.000879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 15:14:51.530083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:14:59.531464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:15:15.534751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:15:47.540533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:19:07.157665 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 15:19:07.157810 0.433723 udp 10.0.2.109 3683 <-> 99.22.147.130 2629 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:07.591971 0.395730 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:07.988133 0.408811 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:08.397310 0.406160 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:08.803842 0.457313 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:09.261564 0.480487 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:09.742451 1.478074 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:11.220929 0.376541 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:11.597876 0.471574 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:12.069851 0.477479 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:12.547796 0.452592 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:13.000747 0.279714 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:13.280786 0.586290 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:13.867526 0.325461 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:14.193489 0.395755 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:14.589674 0.432989 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:15.023077 0.524768 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:15.548264 0.357982 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:15.906659 0.399186 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:16.306253 0.366667 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:16.673280 0.407516 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:17.081166 0.430558 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:17.512127 0.300833 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:17.813452 0.382170 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:18.196018 0.415137 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:19:18.611525 0.341723 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:21:51.546868 3.001590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 15:21:58.553726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:22:06.555293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:22:22.558777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:22:54.564184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:28:58.570850 3.001334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 15:29:05.577974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:29:13.579675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:29:29.582376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:30:01.588756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:32:47.146927 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 15:32:47.147155 2.755122 tcp 10.0.2.109 50058 -> 211.38.175.27 4598 FSPA* 0 0 14 1622 flow=From-Botnet-V1-TCP-Established 1970/01/04 15:36:05.594527 3.001243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 15:36:12.602204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:36:20.603142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:36:36.606442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:37:08.612802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:43:12.618786 3.001130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 15:43:19.625980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:43:27.627451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:43:43.630569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:44:15.636707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:49:40.713996 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 15:49:40.714105 0.000000 udp 10.0.2.109 3683 -> 99.22.147.130 2629 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 15:49:59.042815 0.582893 tcp 10.0.2.109 50059 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 15:49:59.625976 0.565797 tcp 10.0.2.109 50060 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 15:50:00.192053 1.374844 tcp 10.0.2.109 50061 -> 195.113.214.222 443 SRPA* 0 0 37 27027 flow=From-Botnet-V1-TCP-Established 1970/01/04 15:50:01.567605 0.395712 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:01.963739 0.451755 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:02.415918 0.452795 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:02.869119 0.464341 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:03.333861 0.469929 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:03.804151 0.432014 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:04.236586 0.399910 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:04.636891 0.430953 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:05.068228 0.507497 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:05.576119 0.459554 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:06.036053 0.288771 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:06.325229 0.591132 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:06.916717 0.315162 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:07.232264 0.391382 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:07.623989 0.443023 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:08.067403 0.515793 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:08.583545 0.340822 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:08.924767 0.397292 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:09.322508 0.385342 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:09.708254 0.409053 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:10.117709 0.390051 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:10.508119 0.304005 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:10.812471 0.343373 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:11.156245 0.385350 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:11.541952 0.409766 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/04 15:50:19.642670 3.001778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 15:50:26.649529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:50:34.651203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:50:50.654340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:51:22.660146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:57:26.665651 3.002354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 15:57:33.673546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:57:41.675579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:57:57.678546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 15:58:29.684267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:02:49.909059 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 16:02:49.909157 2.720413 tcp 10.0.2.109 50062 -> 211.38.175.27 4598 FSPA* 0 0 14 1715 flow=From-Botnet-V1-TCP-Established 1970/01/04 16:04:33.691234 3.000902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 16:04:40.698285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:04:48.699372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:05:04.702035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:05:36.708010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:11:40.715030 3.000981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 16:11:47.721551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:11:55.723315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:12:11.726355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:12:43.732368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:18:47.738242 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 16:18:54.745318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:19:02.746850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:19:18.750196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:19:50.756141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:20:29.962751 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 16:20:29.962950 0.000000 udp 10.0.2.109 3683 -> 99.22.147.130 2629 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 16:20:48.862056 0.547618 tcp 10.0.2.109 50063 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 16:20:49.409949 0.566940 tcp 10.0.2.109 50064 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 16:20:49.977164 1.130727 tcp 10.0.2.109 50065 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/04 16:20:51.108526 0.388291 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:51.497221 0.412829 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:51.910446 0.394996 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:52.305802 0.458756 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:52.764932 0.473324 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:53.238704 0.420738 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:53.659814 0.389756 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:54.049980 0.483629 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:54.534004 0.422821 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:54.957246 0.665859 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:55.623460 0.264475 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:55.888330 0.596164 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:56.484891 0.340956 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:56.826397 0.411946 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:57.238737 0.343646 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:57.582785 0.428861 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:58.012084 0.523764 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:58.536270 0.396199 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:58.932910 0.383955 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:59.317256 0.401945 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:20:59.719641 0.417649 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:21:00.137671 0.310971 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:21:00.449010 0.421849 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:21:00.871304 0.351905 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:21:01.223624 0.382132 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:25:54.762843 3.000986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 16:26:01.769996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:26:09.770791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:26:25.773827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:26:57.779952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:32:52.630656 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 16:32:52.630765 2.629518 tcp 10.0.2.109 50066 -> 211.38.175.27 4598 FSPA* 0 0 14 1502 flow=From-Botnet-V1-TCP-Established 1970/01/04 16:33:01.786249 3.001316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 16:33:08.793437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:33:16.795276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:33:32.798146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:34:04.804341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:40:08.810819 3.000984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 16:40:15.817543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:40:23.819087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:40:39.822207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:41:11.827953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:47:15.834538 3.001319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 16:47:22.841477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:47:30.843263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:47:46.846378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:48:18.852297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:51:22.276175 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 16:51:22.276275 0.380426 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:22.657110 0.387198 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:23.044718 0.437650 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:23.482793 0.454043 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:23.937207 0.458805 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:24.396375 0.441295 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:24.838124 0.394379 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:25.232879 0.453156 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:25.686604 0.406833 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:26.093858 0.516771 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:26.611030 0.282827 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:26.894296 0.591059 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:27.485790 0.318311 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:27.804510 0.438110 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:28.243045 0.404603 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:28.648077 0.344640 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:28.993121 0.522285 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:29.515817 0.404906 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:29.921083 0.392563 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:30.314037 0.403419 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:30.717951 0.411933 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:31.130336 0.388019 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:31.518761 0.305601 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:31.824699 0.354529 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:51:32.179611 0.375439 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/04 16:54:22.858967 3.000420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 16:54:29.865259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:54:37.866875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:54:53.869773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 16:55:25.875975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:01:29.881519 3.002232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 17:01:36.889750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:01:44.890634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:02:00.893889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:02:32.899942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:02:55.262581 0.000197 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 17:02:55.262875 2.726021 tcp 10.0.2.109 50067 -> 211.38.175.27 4598 FSPA* 0 0 14 1556 flow=From-Botnet-V1-TCP-Established 1970/01/04 17:08:36.905825 3.001879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 17:08:43.913619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:08:51.914605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:09:07.917687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:09:39.923644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:15:43.930556 3.000977 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 17:15:50.937638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:15:58.939248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:16:14.941694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:16:46.947603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:21:32.568926 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 17:21:32.569032 0.398805 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:32.968253 0.414262 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:33.382908 0.401067 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:33.784419 0.459828 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:34.244600 0.466454 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:34.711474 0.433233 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:35.145117 0.390873 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:35.536421 0.490417 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:36.027246 0.287900 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:36.315484 0.434252 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:36.750301 0.601220 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:37.351957 0.590059 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:37.942435 0.335592 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:38.278419 0.373119 rtcp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:38.651944 0.437142 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:39.089470 0.392788 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:39.482605 0.529854 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:40.012825 0.413669 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:40.426858 0.386032 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:40.813389 0.393856 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:21:41.207688 0.000000 udp 10.0.2.109 3683 -> 81.130.200.117 1649 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 17:21:58.979060 0.572703 tcp 10.0.2.109 50068 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 17:21:59.552047 0.582085 tcp 10.0.2.109 50069 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 17:22:00.134496 1.112592 tcp 10.0.2.109 50070 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/04 17:22:01.247846 0.403233 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:22:01.651426 0.427175 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:22:02.079022 0.362549 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:22:02.441980 0.378276 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:22:50.954581 3.001117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 17:22:57.961053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:23:05.962862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:23:21.965723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:23:53.972025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:29:57.977820 3.002049 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 17:30:04.986200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:30:12.987085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:30:28.990060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:31:00.996107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:32:57.994531 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 17:32:57.994639 2.664934 tcp 10.0.2.109 50071 -> 211.38.175.27 4598 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/01/04 17:37:05.003449 3.000318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 17:37:12.009608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:37:20.011176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:37:36.014192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:38:08.019708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:44:12.025882 3.001440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 17:44:19.033187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:44:27.034434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:44:43.037798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:45:15.043630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:51:19.050524 3.001358 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 17:51:26.057521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:51:34.058683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:51:50.061534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:52:22.067971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:52:22.989474 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 17:52:22.989625 0.311766 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:23.301814 0.404041 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:23.706386 0.402474 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:24.109248 0.412174 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:24.521857 0.464465 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:24.986717 0.453736 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:25.440852 0.436908 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:25.878208 0.466845 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:26.345468 0.391700 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:26.737560 0.431975 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:27.169965 0.279412 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:27.449788 0.561087 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:28.011291 0.501020 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:28.512723 0.313557 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:28.826682 0.336928 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:29.164035 0.530612 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:29.695096 0.428074 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:30.123583 0.393141 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:30.517068 0.410088 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:30.927568 0.389410 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:31.317406 0.403447 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:31.721266 0.405120 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:32.126779 0.385671 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:32.512832 0.413695 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:52:32.926905 0.356524 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/04 17:58:26.074340 3.000889 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 17:58:33.081043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:58:41.083060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:58:57.085758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 17:59:29.091663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:03:00.666829 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 18:03:00.667179 2.672722 tcp 10.0.2.109 50072 -> 211.38.175.27 4598 FSPA* 0 0 14 1539 flow=From-Botnet-V1-TCP-Established 1970/01/04 18:05:33.098191 3.001449 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 18:05:40.104802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:05:48.106312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:06:04.110009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:06:36.115964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:12:40.121323 3.002095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 18:12:47.129018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:12:55.130661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:13:11.133368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:13:43.139907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:19:47.145383 3.001800 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 18:19:54.153073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:20:02.154863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:20:18.157395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:20:50.163751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:22:50.436534 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 18:22:50.436722 0.309278 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:50.746419 0.394206 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:51.141073 0.461373 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:51.602849 0.416458 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:52.019755 0.414869 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:52.435085 0.461935 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:52.897430 0.426283 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:53.324104 0.464149 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:53.788683 1.001464 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:54.790556 0.585144 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:55.376125 0.436232 udp 10.0.2.109 3683 <-> 98.95.183.150 5323 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:55.812783 0.288780 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:56.101951 0.488943 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:56.591258 0.332391 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:56.924032 0.346519 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:57.270942 0.522359 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:57.793716 0.406716 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:58.200859 0.427693 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:58.628974 0.405491 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:59.034896 0.384320 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:59.419658 0.413982 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:22:59.834197 0.405120 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:23:00.239727 0.416960 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:23:00.657078 0.407510 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:23:01.064988 0.355318 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:26:54.169433 3.001511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 18:27:01.177036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:27:09.178469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:27:25.182542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:27:57.188359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:33:03.348417 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 18:33:03.348658 2.669839 tcp 10.0.2.109 50073 -> 211.38.175.27 4598 FSPA* 0 0 16 1648 flow=From-Botnet-V1-TCP-Established 1970/01/04 18:34:01.193241 3.002088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 18:34:08.201351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:34:16.202402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:34:32.205643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:35:04.211775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:41:08.217783 3.001683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 18:41:15.224927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:41:23.226822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:41:39.229151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:42:11.235636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:48:15.241336 3.001881 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 18:48:22.249180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:48:30.250528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:48:46.253424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:49:18.259372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:53:13.318131 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 18:53:13.318336 0.302229 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:13.620972 0.403515 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:14.024925 0.409295 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:14.434606 0.466273 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:14.901231 0.408738 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:15.310361 0.460646 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:15.771383 0.438060 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:16.209856 0.460803 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:16.671028 0.385902 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:17.057292 0.582124 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:17.639840 0.000000 udp 10.0.2.109 3683 -> 98.95.183.150 5323 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 18:53:34.991831 0.557879 tcp 10.0.2.109 50074 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 18:53:35.549871 0.557325 tcp 10.0.2.109 50075 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 18:53:36.107499 1.142801 tcp 10.0.2.109 50076 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/04 18:53:37.251013 0.284896 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:37.536281 0.496960 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:38.033682 0.329054 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:38.363134 0.347409 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:38.710953 0.537460 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:39.248831 0.000000 udp 10.0.2.109 3683 -> 71.10.54.162 3559 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 18:53:56.461005 0.575978 tcp 10.0.2.109 50077 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 18:53:57.037220 0.588817 tcp 10.0.2.109 50078 -> 195.113.214.222 80 SRPA* 0 0 19 14698 flow=From-Botnet-V1-TCP-Established 1970/01/04 18:53:57.626566 0.397787 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:58.024715 0.427609 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:58.452743 0.390435 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:58.843576 0.404221 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:59.248192 0.407985 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:53:59.656571 0.410196 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:54:00.067179 0.373014 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:54:00.440614 0.372298 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/04 18:55:22.266037 3.001326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 18:55:29.273040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:55:37.274586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:55:53.277303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 18:56:25.283723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:02:29.290273 3.000587 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 19:02:36.296641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:02:44.298744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:03:00.301463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:03:06.020276 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:03:06.020376 2.846516 tcp 10.0.2.109 50079 -> 211.38.175.27 4598 FSPA* 0 0 14 1587 flow=From-Botnet-V1-TCP-Established 1970/01/04 19:03:32.307480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:09:36.314118 3.000732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 19:09:43.320777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:09:51.322188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:10:07.325365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:10:39.331706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:16:43.337888 3.001449 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 19:16:50.344613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:16:58.346605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:17:14.349280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:17:46.355649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:23:50.362563 3.000571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 19:23:57.368459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:24:04.960206 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:24:04.960354 0.408408 udp 10.0.2.109 3683 -> 98.95.183.150 5323 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:24:05.368762 0.000000 icmp 98.95.183.150 0x0303 -> 10.0.2.109 0xcb14 URP 192 1 273 flow=Background 1970/01/04 19:24:05.370250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:24:20.394568 0.567019 tcp 10.0.2.109 50080 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 19:24:20.961846 0.561490 tcp 10.0.2.109 50081 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 19:24:21.373521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:24:21.523633 1.131994 tcp 10.0.2.109 50082 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/04 19:24:22.656390 0.408210 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:23.065065 0.317411 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:23.382908 0.402626 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:23.785927 0.449161 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:24.235518 0.395333 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:24.631236 0.455813 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:25.087460 0.410556 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:25.498463 0.452304 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:25.951167 0.531872 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:26.483506 0.398759 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:26.882626 0.578881 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:27.461976 0.524247 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:27.986610 0.278144 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:28.265119 0.348408 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:28.613948 0.431689 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:29.046226 0.533911 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:29.594175 0.411405 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:30.005981 0.420585 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:30.427025 0.391429 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:30.818871 0.402792 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:31.222092 0.415104 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:31.637637 0.350950 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:31.989078 0.411601 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:32.401286 0.390204 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:32.801208 0.297799 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 778 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:33.099500 0.401419 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 765 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:33.501478 0.397155 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:33.899152 0.384248 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 702 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:34.283978 0.467655 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:34.752074 0.452928 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:35.205505 0.418456 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 803 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:35.624491 0.476156 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 683 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:36.101214 0.401506 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:36.503149 0.425388 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:36.929068 0.506731 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:37.436389 0.586775 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 857 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:38.023736 0.295195 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:38.319527 0.343248 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:38.663193 0.524512 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 668 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:39.188116 0.407225 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 733 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:39.595904 0.531938 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 827 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:40.128379 0.389289 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 685 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:40.518386 0.440290 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 786 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:40.959230 0.411025 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:41.370685 0.405825 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 855 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:41.777045 0.355190 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 817 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:42.132729 0.386482 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 701 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:42.519783 0.413226 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 813 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:24:42.933857 0.000000 udp 10.0.2.109 3683 -> 87.29.121.158 3507 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:24:51.866988 0.000000 udp 10.0.2.109 3683 -> 190.129.24.18 6161 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:24:53.379924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:25:00.459406 0.000000 udp 10.0.2.109 3683 -> 2.28.32.229 3796 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:25:06.998888 0.390091 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:25:07.407396 0.000000 udp 10.0.2.109 3683 -> 95.239.203.195 7757 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:25:11.816197 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:25:13.698947 0.356627 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 669 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:25:14.079766 0.000000 udp 10.0.2.109 3683 -> 2.193.140.114 8099 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:25:19.777624 0.000000 udp 10.0.2.109 3683 -> 2.245.14.152 7364 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:25:26.256683 0.381542 udp 10.0.2.109 3683 <-> 70.50.36.75 7183 CON 0 0 2 675 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:25:26.652377 0.000000 udp 10.0.2.109 3683 -> 144.132.220.246 9163 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:25:34.528646 0.000000 udp 10.0.2.109 3683 -> 82.9.88.26 5146 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:25:43.141301 0.454787 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 832 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:25:43.818926 0.000000 udp 10.0.2.109 3683 -> 60.52.166.141 5168 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:25:52.574577 0.000000 udp 10.0.2.109 3683 -> 50.199.181.210 8400 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:25:57.311158 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:25:59.915181 0.000000 udp 10.0.2.109 3683 -> 24.120.204.180 7405 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:26:05.282487 0.000000 udp 10.0.2.109 3683 -> 200.6.197.101 5346 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:26:10.730809 0.000000 udp 10.0.2.109 3683 -> 88.238.157.138 1037 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:26:18.852431 0.000000 udp 10.0.2.109 3683 -> 24.33.151.168 2815 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:26:25.462060 0.000000 udp 10.0.2.109 3683 -> 216.161.190.20 3759 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:26:32.862822 0.432358 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 812 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:26:33.503337 0.000000 udp 10.0.2.109 3683 -> 107.202.60.87 5478 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:26:41.344820 0.539522 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 670 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:26:42.167771 0.412918 udp 10.0.2.109 3683 <-> 50.101.99.139 9400 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:26:42.817023 0.000000 udp 10.0.2.109 3683 -> 95.241.192.178 1944 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:26:46.311908 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:26:47.984094 0.000000 udp 10.0.2.109 3683 -> 189.47.138.46 2453 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:26:55.184818 0.275821 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:26:55.839340 0.472413 udp 10.0.2.109 3683 <-> 190.222.181.248 8632 CON 0 0 2 700 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:26:56.453672 0.000000 udp 10.0.2.109 3683 -> 178.248.150.48 7207 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:27:01.904348 0.000000 udp 10.0.2.109 3683 -> 86.186.166.224 1067 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:27:08.303802 0.000000 udp 10.0.2.109 3683 -> 186.95.97.7 1749 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:27:14.712810 0.000000 udp 10.0.2.109 3683 -> 200.69.219.61 7401 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:27:19.729796 0.000000 udp 10.0.2.109 3683 -> 151.84.225.80 5264 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:27:25.968732 0.295730 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 715 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:27:26.304094 0.000000 udp 10.0.2.109 3683 -> 190.155.39.68 4082 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:27:30.815482 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:27:32.377850 0.000000 udp 10.0.2.109 3683 -> 70.78.76.87 3988 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:27:40.199544 0.000000 udp 10.0.2.109 3683 -> 180.242.177.118 1567 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:27:48.350758 0.000000 udp 10.0.2.109 3683 -> 69.195.46.1 9401 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:27:57.143707 0.000000 udp 10.0.2.109 3683 -> 213.123.237.210 4919 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:28:02.321172 0.000000 udp 10.0.2.109 3683 -> 190.42.74.131 6195 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:28:09.131189 0.444185 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 750 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:28:09.667832 0.000000 udp 10.0.2.109 3683 -> 74.88.120.221 9146 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:28:17.192711 0.000000 udp 10.0.2.109 3683 -> 68.188.35.130 5814 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:28:21.819001 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:28:22.540140 0.000000 udp 10.0.2.109 3683 -> 190.232.191.142 4259 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:28:28.248184 0.000000 udp 10.0.2.109 3683 -> 59.98.248.23 1496 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:28:34.106493 0.000000 udp 10.0.2.109 3683 -> 68.114.82.101 6488 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:28:42.618940 0.000000 udp 10.0.2.109 3683 -> 209.184.126.38 6018 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:28:47.926646 0.000000 udp 10.0.2.109 3683 -> 66.226.195.97 1580 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:28:53.665183 0.000000 udp 10.0.2.109 3683 -> 71.203.94.163 6738 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:29:00.565165 0.000000 udp 10.0.2.109 3683 -> 109.145.155.161 9160 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:29:06.633794 0.000000 udp 10.0.2.109 3683 -> 151.54.133.201 7698 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:29:11.330050 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:29:15.546253 0.000000 udp 10.0.2.109 3683 -> 109.193.149.63 4772 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:29:22.726529 0.000000 udp 10.0.2.109 3683 -> 88.243.12.199 5856 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:29:28.845804 0.000000 udp 10.0.2.109 3683 -> 80.47.21.200 1747 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:29:36.416356 0.000000 udp 10.0.2.109 3683 -> 174.22.239.67 6026 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:29:45.139229 0.000000 udp 10.0.2.109 3683 -> 174.20.228.10 9468 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:29:52.509869 0.000000 udp 10.0.2.109 3683 -> 32.178.10.70 2844 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:29:57.326288 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:30:00.531146 0.000000 udp 10.0.2.109 3683 -> 95.228.186.242 4280 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:30:07.000556 0.000000 udp 10.0.2.109 3683 -> 66.14.140.120 6993 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:30:15.682492 0.000000 udp 10.0.2.109 3683 -> 83.193.237.62 3885 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:30:21.881603 0.000000 udp 10.0.2.109 3683 -> 216.188.225.44 2129 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:30:30.143618 0.000000 udp 10.0.2.109 3683 -> 87.25.212.135 3199 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:30:38.966410 0.000000 udp 10.0.2.109 3683 -> 24.43.151.186 1485 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:30:43.822779 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:30:46.857417 0.000000 udp 10.0.2.109 3683 -> 202.164.55.185 3574 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:30:54.538745 0.000000 udp 10.0.2.109 3683 -> 58.250.24.97 9561 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:30:57.395478 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 19:30:59.705894 0.409410 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 724 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:31:00.131830 0.000000 udp 10.0.2.109 3683 -> 112.163.227.177 4685 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:31:04.402927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:31:06.706194 0.000000 udp 10.0.2.109 3683 -> 159.83.164.239 5849 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:31:12.404274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:31:14.096851 0.513779 udp 10.0.2.109 3683 <-> 116.238.58.165 4121 CON 0 0 2 856 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:31:14.619220 0.000000 udp 10.0.2.109 3683 -> 99.123.168.179 8926 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:31:21.847791 0.000000 udp 10.0.2.109 3683 -> 68.104.223.112 7900 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:31:28.407481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:31:30.220319 0.000000 udp 10.0.2.109 3683 -> 183.82.51.78 8870 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:31:34.826115 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:31:35.797810 0.000000 udp 10.0.2.109 3683 -> 95.226.138.116 7311 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:31:41.896475 0.461664 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 840 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:31:42.382667 0.000000 udp 10.0.2.109 3683 -> 93.193.16.119 6734 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:31:50.408735 0.000000 udp 10.0.2.109 3683 -> 95.240.53.29 4167 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:31:58.731249 0.309768 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 815 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:31:59.272926 0.000000 udp 10.0.2.109 3683 -> 221.224.28.199 2119 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:32:00.413334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:32:04.840000 0.300275 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 680 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:32:05.178305 0.517470 udp 10.0.2.109 3683 <-> 200.109.203.166 9254 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:32:05.706872 0.000000 udp 10.0.2.109 3683 -> 68.38.97.135 5587 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:32:12.460632 0.433147 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:32:12.913918 0.000000 udp 10.0.2.109 3683 -> 50.73.214.81 5451 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:32:21.684101 0.292744 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 672 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:32:22.021661 0.000000 udp 10.0.2.109 3683 -> 75.172.173.236 4660 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:32:26.330479 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:32:28.444195 0.000000 udp 10.0.2.109 3683 -> 208.126.59.76 6847 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:32:35.493876 0.567448 udp 10.0.2.109 3683 <-> 186.95.15.34 2814 CON 0 0 2 674 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:32:36.079679 0.000000 udp 10.0.2.109 3683 -> 87.138.133.142 5320 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:32:45.057915 0.000000 udp 10.0.2.109 3683 -> 187.186.173.25 9930 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:32:52.848760 0.000000 udp 10.0.2.109 3683 -> 112.120.17.112 7382 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:32:59.228208 0.000000 udp 10.0.2.109 3683 -> 188.118.80.3 5293 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:33:06.648615 0.867496 udp 10.0.2.109 3683 -> 37.206.148.113 9558 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:33:07.516111 0.000000 icmp 88.35.83.137 0x000b -> 10.0.2.109 0x0000 TXD 192 1 186 flow=Background 1970/01/04 19:33:08.881970 2.703372 tcp 10.0.2.109 50083 -> 211.38.175.27 4598 FSPA* 0 0 15 1710 flow=From-Botnet-V1-TCP-Established 1970/01/04 19:33:12.717444 0.000000 udp 10.0.2.109 3683 -> 59.99.232.248 2595 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:33:20.548546 0.000000 udp 10.0.2.109 3683 -> 50.130.43.107 9895 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:33:29.411068 0.000000 udp 10.0.2.109 3683 -> 88.75.183.136 4548 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:33:34.879053 0.000000 udp 10.0.2.109 3683 -> 179.214.86.142 3813 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:33:42.660798 0.000000 udp 10.0.2.109 3683 -> 94.240.221.239 2917 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:33:49.019668 0.507771 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 681 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:33:49.537382 0.283326 udp 10.0.2.109 3683 <-> 87.185.140.99 3612 CON 0 0 2 674 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:33:49.830719 0.000000 udp 10.0.2.109 3683 -> 79.52.65.20 2568 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:33:57.551835 0.613343 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 714 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:33:58.184115 0.000000 udp 10.0.2.109 3683 -> 96.56.118.106 4157 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:34:02.328297 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:34:06.965366 0.000000 udp 10.0.2.109 3683 -> 113.97.240.6 8778 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:34:12.763712 0.000000 udp 10.0.2.109 3683 -> 86.31.42.77 8336 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:34:21.486553 0.554486 udp 10.0.2.109 3683 <-> 175.136.252.33 5986 CON 0 0 2 740 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:34:22.373179 0.000000 udp 10.0.2.109 3683 -> 92.148.248.53 2845 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:34:27.715521 0.000000 udp 10.0.2.109 3683 -> 67.84.233.220 3156 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:34:33.062701 0.000000 udp 10.0.2.109 3683 -> 213.47.104.201 2077 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:34:41.845574 0.000000 udp 10.0.2.109 3683 -> 72.197.243.218 5666 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:34:46.822457 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:34:49.977457 0.000000 udp 10.0.2.109 3683 -> 174.44.191.145 2554 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:34:56.346685 0.000000 udp 10.0.2.109 3683 -> 78.167.82.62 5820 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:35:04.337727 0.000000 udp 10.0.2.109 3683 -> 76.160.222.129 2830 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:35:10.927179 0.000000 udp 10.0.2.109 3683 -> 101.51.54.71 7567 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:35:16.455546 0.000000 udp 10.0.2.109 3683 -> 98.95.85.159 6206 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:35:23.215080 0.000000 udp 10.0.2.109 3683 -> 76.174.166.204 3607 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:35:28.332041 0.000000 udp 10.0.2.109 3683 -> 94.14.45.74 3465 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:35:33.329187 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:35:34.781550 0.000000 udp 10.0.2.109 3683 -> 109.64.10.28 5505 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:35:40.700421 0.000000 udp 10.0.2.109 3683 -> 213.55.83.154 4132 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:35:47.660403 0.000000 udp 10.0.2.109 3683 -> 98.113.168.243 7564 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:35:56.142421 0.000000 udp 10.0.2.109 3683 -> 58.152.8.119 8153 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:36:04.564247 0.000000 udp 10.0.2.109 3683 -> 90.183.128.146 2721 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:36:09.952517 0.000000 udp 10.0.2.109 3683 -> 122.166.44.57 7844 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:36:17.833859 0.000000 udp 10.0.2.109 3683 -> 95.241.51.188 2760 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:36:22.831045 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 19:36:24.943858 0.000000 udp 10.0.2.109 3683 -> 69.49.151.140 2030 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:36:31.152683 0.000000 udp 10.0.2.109 3683 -> 151.56.128.30 2202 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 19:36:40.075925 0.445575 udp 10.0.2.109 3683 <-> 99.179.53.156 8355 CON 0 0 2 690 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:36:40.597074 0.358385 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 668 flow=From-Botnet-V1-UDP-Established 1970/01/04 19:38:04.419441 3.001722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 19:38:11.426665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:38:19.427961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:38:35.431153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:39:07.437455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:45:11.443946 3.000899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 19:45:18.450672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:45:26.451932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:45:42.455191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:46:14.461113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:52:18.467508 3.001250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 19:52:25.474763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:52:33.475955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:52:49.478983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:53:21.485335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:59:25.491148 3.001918 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 19:59:32.498803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:59:40.500486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 19:59:56.503287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:00:28.509301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:03:11.584074 0.000197 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 20:03:11.584368 2.672487 tcp 10.0.2.109 50084 -> 211.38.175.27 4598 FSPA* 0 0 14 1585 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:06:32.515548 3.001302 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 20:06:39.522583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:06:47.524387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:06:54.244144 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 20:06:54.244324 0.315580 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:54.560341 0.394839 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:54.955605 0.399482 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:55.355545 0.463575 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:55.819464 0.387164 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:56.206985 0.463766 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:56.671170 0.396688 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:57.068325 0.394435 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:57.463132 0.441480 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:57.905027 0.458313 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:58.363781 0.591622 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:58.955781 0.487774 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:59.444029 0.303172 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:06:59.747634 0.324098 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:00.072196 0.398671 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:00.471303 0.333031 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:00.804757 0.528203 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:01.333376 0.399051 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:01.732841 0.432676 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:02.165913 0.401061 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:02.567400 0.415606 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:02.983378 0.393033 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:03.376876 0.407398 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:03.526896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:07:03.784704 0.334830 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:04.119954 0.395039 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:04.515405 0.351985 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:04.867807 0.384053 udp 10.0.2.109 3683 <-> 70.50.36.75 7183 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:05.252225 0.465016 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:05.717643 0.403886 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:06.121898 0.512849 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:06.635121 0.404750 udp 10.0.2.109 3683 <-> 50.101.99.139 9400 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:07.040236 0.275782 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:07.316435 0.000000 udp 10.0.2.109 3683 -> 190.222.181.248 8632 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:07:23.388487 0.583177 tcp 10.0.2.109 50085 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:07:23.971907 0.554847 tcp 10.0.2.109 50086 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:07:24.527033 1.134473 tcp 10.0.2.109 50087 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:07:25.662334 0.306764 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:25.969571 0.433849 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:26.403813 0.000000 udp 10.0.2.109 3683 -> 108.239.148.207 9611 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:07:35.532792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:07:44.016269 0.563141 tcp 10.0.2.109 50088 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:07:44.579702 0.593636 tcp 10.0.2.109 50089 -> 195.113.214.222 80 SRPA* 0 0 19 14706 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:07:45.173967 0.560368 udp 10.0.2.109 3683 <-> 116.238.58.165 4121 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:45.734790 0.466410 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:46.201535 0.299102 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:07:46.501081 0.000000 udp 10.0.2.109 3683 -> 200.109.203.166 9254 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:08:04.615953 0.563153 tcp 10.0.2.109 50090 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:08:05.179424 0.571983 tcp 10.0.2.109 50091 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:08:05.751726 1.153508 tcp 10.0.2.109 50092 -> 195.113.214.222 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:08:06.906460 0.307624 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:08:07.214553 0.433639 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:08:07.648632 0.292592 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:08:07.941620 0.000000 udp 10.0.2.109 3683 -> 186.95.15.34 2814 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:08:23.112935 0.565299 tcp 10.0.2.109 50093 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:08:23.678523 0.564480 tcp 10.0.2.109 50094 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:08:24.243300 1.094014 tcp 10.0.2.109 50095 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:08:25.337898 0.418296 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:08:25.756605 0.261541 udp 10.0.2.109 3683 <-> 87.185.140.99 3612 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:08:26.018549 0.604403 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:08:26.623365 0.553620 udp 10.0.2.109 3683 <-> 175.136.252.33 5986 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:08:27.177389 0.000000 udp 10.0.2.109 3683 -> 99.179.53.156 8355 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:08:45.965772 0.547201 tcp 10.0.2.109 50096 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:08:46.513311 0.595634 tcp 10.0.2.109 50097 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:08:47.109215 1.163238 tcp 10.0.2.109 50098 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:08:48.273012 0.377830 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:13:39.539220 3.001769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 20:13:46.546332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:13:54.548782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:14:10.551418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:14:42.556756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:20:46.563032 3.001971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 20:20:53.570811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:21:01.572058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:21:17.574766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:21:49.581212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:27:53.587137 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 20:28:00.594513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:28:08.595833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:28:24.598648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:28:56.605225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:33:14.255869 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 20:33:14.256002 2.702741 tcp 10.0.2.109 50099 -> 211.38.175.27 4598 FSPA* 0 0 14 1502 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:35:00.612029 3.000353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 20:35:07.618150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:35:15.620405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:35:31.622609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:36:03.629355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:38:55.766919 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 20:38:55.767085 0.000000 udp 10.0.2.109 3683 -> 190.222.181.248 8632 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:39:11.712186 0.559586 tcp 10.0.2.109 50100 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:39:12.272061 0.560751 tcp 10.0.2.109 50101 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:39:12.833168 1.108375 tcp 10.0.2.109 50102 -> 195.113.214.222 443 SRPA* 0 0 21 12826 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:39:13.942282 0.000000 udp 10.0.2.109 3683 -> 108.239.148.207 9611 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:39:29.235561 0.537559 tcp 10.0.2.109 50103 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:39:29.773392 0.596918 tcp 10.0.2.109 50104 -> 195.113.214.222 80 SRPA* 0 0 18 13163 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:39:30.371524 0.000000 udp 10.0.2.109 3683 -> 200.109.203.166 9254 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:39:48.043112 0.580906 tcp 10.0.2.109 50105 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:39:48.624328 0.595138 tcp 10.0.2.109 50106 -> 195.113.214.222 80 SRPA* 0 0 18 13185 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:39:49.220105 0.000000 udp 10.0.2.109 3683 -> 186.95.15.34 2814 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:40:06.639397 0.556696 tcp 10.0.2.109 50107 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:40:07.196391 0.584317 tcp 10.0.2.109 50108 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:40:07.780994 1.134979 tcp 10.0.2.109 50109 -> 195.113.214.222 443 SRPA* 0 0 20 10688 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:40:08.916549 0.000000 udp 10.0.2.109 3683 -> 99.179.53.156 8355 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:40:27.469908 0.572236 tcp 10.0.2.109 50110 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:40:28.042407 0.580920 tcp 10.0.2.109 50111 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:40:28.623670 1.117426 tcp 10.0.2.109 50112 -> 195.113.214.222 443 SRPA* 0 0 23 13808 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:40:29.741714 0.962178 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:30.704266 0.297174 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:31.001857 0.475551 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:31.477814 0.389887 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:31.868127 0.463713 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:32.332214 0.397270 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:32.729827 0.429388 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:33.159585 0.412951 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:33.572983 0.385810 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:33.959205 0.458188 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:34.417754 0.573395 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:34.991550 0.288104 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:35.280059 0.499987 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:35.780440 0.462164 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:36.243010 0.398585 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:36.641955 0.353576 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:36.995955 0.405957 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:37.402289 0.535256 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:37.937978 0.402730 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:38.341146 0.431040 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:38.772588 0.416269 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:39.189309 0.399518 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:39.589167 0.414625 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:40.004209 0.766875 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:40.771463 0.357105 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:41.128928 0.351202 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:41.480533 0.455395 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:41.936353 0.367904 udp 10.0.2.109 3683 <-> 70.50.36.75 7183 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:42.304675 0.625543 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:42.930673 0.384309 udp 10.0.2.109 3683 <-> 50.101.99.139 9400 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:43.315330 0.422750 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:43.738483 0.281191 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:44.020045 0.313292 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:44.333673 0.433160 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:40:44.767208 0.000000 udp 10.0.2.109 3683 -> 116.238.58.165 4121 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:41:00.396616 0.593206 tcp 10.0.2.109 50113 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:41:00.990260 0.579322 tcp 10.0.2.109 50114 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:41:01.569842 1.128007 tcp 10.0.2.109 50115 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:41:02.698499 0.436791 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:41:03.135689 0.300508 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:41:03.436608 0.288708 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:41:03.725698 0.410440 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:41:04.136590 0.304670 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:41:04.441700 0.000000 udp 10.0.2.109 3683 -> 87.185.140.99 3612 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 20:41:19.775154 0.571427 tcp 10.0.2.109 50116 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:41:20.346917 0.557105 tcp 10.0.2.109 50117 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:41:20.904332 1.121392 tcp 10.0.2.109 50118 -> 195.113.214.222 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/04 20:41:22.026603 0.418451 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:41:22.445467 0.601877 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:41:23.047756 0.560042 udp 10.0.2.109 3683 <-> 175.136.252.33 5986 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:41:23.608154 0.379092 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/04 20:42:07.634482 3.002469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 20:42:14.642454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:42:22.643823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:42:38.647091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:43:10.652625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:49:14.659513 3.001074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 20:49:21.666335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:49:29.667522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:49:45.670812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:50:17.677048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:56:21.682904 3.001623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 20:56:28.690002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:56:36.692339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:56:52.695224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 20:57:24.701189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:03:16.958142 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 21:03:16.958239 2.658746 tcp 10.0.2.109 50119 -> 211.38.175.27 4598 FSPA* 0 0 14 1745 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:03:28.707168 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 21:03:35.714275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:03:43.715649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:03:59.719144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:04:31.725068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:10:35.731879 3.000714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 21:10:42.738677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:10:50.739954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:11:06.742796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:11:38.748852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:11:41.072371 0.000037 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 21:11:41.072457 0.572940 udp 10.0.2.109 3683 <-> 116.238.58.165 4121 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:11:41.645820 0.000000 udp 10.0.2.109 3683 -> 87.185.140.99 3612 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 21:11:58.089681 0.574704 tcp 10.0.2.109 50120 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:11:58.664623 0.549324 tcp 10.0.2.109 50121 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:11:59.214480 1.122271 tcp 10.0.2.109 50122 -> 195.113.214.222 443 SRPA* 0 0 22 13092 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:12:00.337367 0.395895 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:00.733668 0.322263 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:01.056331 0.394489 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:01.451225 0.461526 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:01.913132 0.467275 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:02.380774 0.392611 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:02.773813 0.424490 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:03.198697 0.392174 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:03.591302 0.417582 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:04.009226 0.467444 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:04.477081 0.582320 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:05.059731 0.502633 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:05.562748 0.288943 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:05.852075 0.346795 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:06.199256 0.346611 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:06.546445 0.402012 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:06.948848 0.378678 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:07.327933 0.521357 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:07.858834 0.434902 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:08.294182 0.445458 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:08.740031 0.401237 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:09.141632 0.411488 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:09.553507 0.381841 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:09.935764 1.135629 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:11.071820 0.342057 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:11.414370 0.341819 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:11.756564 0.480585 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:12.237594 0.588801 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:12.826758 0.388486 udp 10.0.2.109 3683 <-> 70.50.36.75 7183 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:13.215648 0.423681 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:13.639654 0.404676 udp 10.0.2.109 3683 <-> 50.101.99.139 9400 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:14.044695 0.282702 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:14.327838 0.313967 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:14.642265 0.441342 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:15.084006 0.302521 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:15.386945 0.439857 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:15.827219 0.301251 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:16.128879 0.425375 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:16.554781 0.314411 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:16.869584 0.412333 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:17.282296 0.630404 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:12:17.913047 0.000000 udp 10.0.2.109 3683 -> 175.136.252.33 5986 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 21:12:36.863617 0.572485 tcp 10.0.2.109 50123 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:12:37.436380 0.578851 tcp 10.0.2.109 50124 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:12:38.015161 1.144601 tcp 10.0.2.109 50125 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:12:39.160653 0.372633 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:17:42.755731 3.000452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 21:17:49.762424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:17:57.763951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:18:13.766688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:18:45.772664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:24:49.779037 3.001322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 21:24:56.786298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:25:04.787916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:25:20.791100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:25:52.796617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:31:56.802910 3.001249 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 21:32:03.810342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:32:11.811552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:32:27.814983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:32:59.820732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:33:19.619537 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 21:33:19.619730 2.670801 tcp 10.0.2.109 50126 -> 211.38.175.27 4598 FSPA* 0 0 14 1678 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:39:03.827537 3.001110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 21:39:10.834286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:39:18.835409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:39:34.838555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:40:06.844746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:42:59.753901 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 21:42:59.754202 3.550415 udp 10.0.2.109 3683 -> 175.136.252.33 5986 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 21:43:03.304617 0.000000 icmp 175.136.252.33 0x0103 -> 10.0.2.109 0xaf88 URH 192 1 166 flow=Background 1970/01/04 21:43:16.920972 0.569025 tcp 10.0.2.109 50127 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:43:17.490461 0.543753 tcp 10.0.2.109 50128 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:43:18.034479 1.126523 tcp 10.0.2.109 50129 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/04 21:43:19.161609 0.602383 udp 10.0.2.109 3683 <-> 116.238.58.165 4121 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:19.764401 0.490192 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:20.255011 0.323747 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:20.579107 0.396391 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:20.975896 0.463492 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:21.439764 0.457847 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:21.897953 0.392071 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:22.290541 0.414022 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:22.704959 0.414664 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:23.120031 0.408933 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:23.529413 0.574141 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:24.103933 0.443906 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:24.548276 0.499819 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:25.048499 0.294981 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:25.343847 0.325157 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:25.669434 0.397441 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:26.067275 0.355668 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:26.423320 0.540907 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:26.964577 0.386791 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:27.351778 0.430433 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:27.782605 0.393544 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:28.176562 0.390371 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:28.567317 0.402143 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:28.969827 0.416082 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:29.386333 0.334563 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:29.721301 0.385251 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:30.106964 0.368202 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:30.475767 0.852571 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:31.328717 0.467064 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:31.796193 0.388465 udp 10.0.2.109 3683 <-> 70.50.36.75 7183 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:32.185006 0.404226 udp 10.0.2.109 3683 <-> 50.101.99.139 9400 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:32.589623 0.408081 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:32.998069 0.303138 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:33.301597 0.277068 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:33.579081 0.295924 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:33.875432 0.479033 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:34.354799 0.456745 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:34.811965 0.311030 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:35.123346 0.286988 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:35.410766 0.417629 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:35.828822 0.414215 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:36.243383 0.640393 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:43:36.884160 0.387146 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/04 21:46:10.850954 3.001077 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 21:46:17.857776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:46:25.859771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:46:41.862618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:47:13.868466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:53:17.874877 3.001273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 21:53:24.881965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:53:32.883720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:53:48.886380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 21:54:20.892436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:00:24.899274 3.000854 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 22:00:31.905945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:00:39.907798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:00:55.910706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:01:27.916954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:03:22.291723 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 22:03:22.291822 2.736709 tcp 10.0.2.109 50130 -> 211.38.175.27 4598 FSPA* 0 0 14 1500 flow=From-Botnet-V1-TCP-Established 1970/01/04 22:07:31.922898 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 22:07:38.929655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:07:46.931279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:08:02.934460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:08:34.940467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:13:40.450429 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 22:13:40.450540 0.550313 udp 10.0.2.109 3683 <-> 116.238.58.165 4121 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:41.001254 0.409076 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:41.410759 0.392230 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:41.803432 0.310762 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:42.114682 0.467617 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:42.582737 0.461191 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:43.044310 0.400497 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:43.445168 0.412164 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:43.857740 0.419297 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:44.277401 0.393983 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:44.671798 0.594666 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:45.266843 0.453223 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:45.720456 0.489697 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:46.210572 0.284073 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:46.495019 0.510344 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:47.005726 0.538686 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:47.544826 0.393382 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:47.938644 0.351041 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:48.290056 0.387143 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:48.677648 0.434272 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:49.112327 0.408423 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:49.521149 0.380751 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:49.902444 0.407165 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:50.310006 0.410893 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:50.721318 0.334161 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:51.055837 0.400673 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:51.456913 0.358560 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:51.815899 0.571026 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:52.387585 0.449302 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:52.837243 0.434135 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:53.271769 0.396560 udp 10.0.2.109 3683 <-> 70.50.36.75 7183 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:53.668736 0.395406 udp 10.0.2.109 3683 <-> 50.101.99.139 9400 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:54.064508 0.297610 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:54.362517 0.283357 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:54.646262 0.306496 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:54.953122 0.431844 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:55.385379 0.449508 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:55.835300 0.411791 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:56.247515 0.313108 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:13:56.561050 0.000000 udp 10.0.2.109 3683 -> 62.92.158.188 3282 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 22:14:15.112271 0.579707 tcp 10.0.2.109 50131 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 22:14:15.692235 0.561047 tcp 10.0.2.109 50132 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 22:14:16.253600 1.130991 tcp 10.0.2.109 50133 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/04 22:14:17.385333 0.498636 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:14:17.884372 0.599869 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:14:18.484671 0.361553 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:14:38.945946 3.002119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 22:14:45.953694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:14:53.955721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:15:09.958407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:15:41.964460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:21:45.970906 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 22:21:52.978110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:22:00.979200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:22:16.982123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:22:48.988796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:28:52.995148 3.000915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 22:29:00.001975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:29:08.003053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:29:24.006199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:29:56.012880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:33:25.033373 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 22:33:25.033549 2.667594 tcp 10.0.2.109 50134 -> 211.38.175.27 4598 FSPA* 0 0 15 1748 flow=From-Botnet-V1-TCP-Established 1970/01/04 22:36:00.018002 3.001796 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 22:36:07.025588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:36:15.027547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:36:31.030094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:37:03.036318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:43:07.042424 3.001917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 22:43:14.049833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:43:22.051517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:43:38.054122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:44:10.060530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:44:41.866463 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 22:44:41.866595 0.275041 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:44:42.142071 0.544502 udp 10.0.2.109 3683 <-> 116.238.58.165 4121 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:44:42.686965 0.395015 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:44:43.082370 0.415827 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:44:43.498595 0.472199 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:44:43.971209 0.310534 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:44:44.282120 0.461564 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:44:44.744071 0.393547 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:44:45.137959 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 22:45:03.820066 0.580914 tcp 10.0.2.109 50135 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 22:45:04.401227 0.565505 tcp 10.0.2.109 50136 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 22:45:04.967081 1.356265 tcp 10.0.2.109 50137 -> 195.113.214.222 443 SRPA* 0 0 36 26973 flow=From-Botnet-V1-TCP-Established 1970/01/04 22:45:06.324051 0.399591 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:06.724045 0.435505 udp 10.0.2.109 3683 <-> 71.158.169.153 4580 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:07.159903 0.455793 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:07.616087 0.587408 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:08.203862 0.286577 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:08.490872 0.360239 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:08.851476 0.524518 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:09.376400 0.397203 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:09.774005 0.541055 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:10.315468 0.353929 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:10.669737 0.395294 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:11.065431 0.389310 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:11.455109 0.408597 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:11.864049 0.443326 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:12.307767 0.355355 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:12.663536 0.400763 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:13.064740 0.417499 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:13.482625 0.381248 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:13.864243 0.352631 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:14.217281 0.775551 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:14.993191 0.475810 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:15.469353 0.426659 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:15.896408 0.385015 udp 10.0.2.109 3683 <-> 70.50.36.75 7183 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:16.281847 0.283370 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:16.565634 0.304593 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:16.870563 0.399187 udp 10.0.2.109 3683 <-> 50.101.99.139 9400 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:17.270116 0.323297 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:17.593815 0.454565 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:18.048788 0.459530 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:18.508761 0.411780 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:18.920961 0.308974 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:19.230406 0.436378 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:19.667219 0.590750 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:45:20.258331 0.374252 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/04 22:50:14.066675 3.001228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 22:50:21.073870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:50:29.075516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:50:45.078371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:51:17.084365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:57:21.090831 3.000802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 22:57:28.097764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:57:36.099008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:57:52.102050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 22:58:24.108386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:03:27.705626 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 23:03:27.705735 2.685555 tcp 10.0.2.109 50138 -> 211.38.175.27 4598 FSPA* 0 0 14 1528 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:04:28.114494 3.001469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 23:04:35.121357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:04:43.123302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:04:59.125992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:05:31.132553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:11:35.137770 3.002323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 23:11:42.145430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:11:50.147300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:12:06.150788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:12:38.156203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:15:47.107938 0.000155 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 23:15:47.108220 0.399359 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:15:47.507980 0.302625 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:15:47.810976 0.000000 udp 10.0.2.109 3683 -> 116.238.58.165 4121 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 23:16:03.944815 0.563282 tcp 10.0.2.109 50139 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:16:04.508376 0.557170 tcp 10.0.2.109 50140 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:16:05.065806 1.150122 tcp 10.0.2.109 50141 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:16:06.216656 0.393027 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:06.610099 0.477190 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:07.087671 0.409897 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:07.497924 0.320680 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:07.818954 0.481380 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:08.300715 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 23:16:24.573484 0.576765 tcp 10.0.2.109 50142 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:16:25.150549 0.566836 tcp 10.0.2.109 50143 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:16:25.717666 1.107887 tcp 10.0.2.109 50144 -> 195.113.214.222 443 SRPA* 0 0 29 14134 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:16:26.824345 0.392098 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:27.216858 0.000000 udp 10.0.2.109 3683 -> 71.158.169.153 4580 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 23:16:45.212786 0.558712 tcp 10.0.2.109 50145 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:16:45.771744 0.575831 tcp 10.0.2.109 50146 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:16:46.347871 1.146537 tcp 10.0.2.109 50147 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:16:47.495165 0.476544 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:47.972062 0.595603 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:48.567997 0.285867 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:48.854300 0.329969 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:49.184623 0.872337 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:50.057319 0.394277 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:50.451919 0.525287 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:50.977571 0.340227 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:51.318384 0.394625 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:51.713406 0.380733 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:52.094503 0.417023 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:52.511962 0.409101 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:52.921435 0.359897 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:53.281695 0.405435 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:53.687483 0.467307 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:54.155179 0.370514 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:54.526117 0.346897 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:54.873383 1.284113 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:56.157887 0.459148 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:56.617415 0.425411 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:57.043200 0.381055 udp 10.0.2.109 3683 <-> 70.50.36.75 7183 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:57.424666 0.288702 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:57.713715 0.278261 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:57.992396 0.451187 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:58.444007 0.392354 udp 10.0.2.109 3683 <-> 50.101.99.139 9400 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:58.906956 0.317280 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:59.224639 0.411512 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:16:59.636558 0.422865 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:17:00.059833 0.307387 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:17:00.367591 0.416835 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:17:00.784763 0.599315 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:17:01.384455 0.381175 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:18:42.163226 3.000508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/04 23:18:49.169548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:18:57.170807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:19:13.174452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:19:45.179955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:25:49.187145 3.001097 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 23:25:56.194165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:26:04.195396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:26:20.197792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:26:52.204325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:32:56.210597 3.001207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 23:33:03.217342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:33:11.219619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:33:27.222343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:33:30.397176 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 23:33:30.397288 2.641604 tcp 10.0.2.109 50148 -> 211.38.175.27 4598 FSPA* 0 0 14 1634 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:33:59.227835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:40:03.234994 3.000544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 23:40:10.241286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:40:18.243061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:40:34.245895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:41:06.252044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:47:04.507829 0.000158 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/04 23:47:04.508088 0.000000 udp 10.0.2.109 3683 -> 116.238.58.165 4121 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 23:47:10.258973 3.000891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 23:47:17.265603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:47:20.573077 0.580824 tcp 10.0.2.109 50149 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:47:21.154289 0.558288 tcp 10.0.2.109 50150 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:47:21.712834 1.386294 tcp 10.0.2.109 50151 -> 195.113.214.222 443 SRPA* 0 0 33 24763 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:47:23.099885 0.394511 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:47:23.494849 0.000000 udp 10.0.2.109 3683 -> 71.158.169.153 4580 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 23:47:25.267345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:47:40.320070 0.565328 tcp 10.0.2.109 50152 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:47:40.885736 0.572884 tcp 10.0.2.109 50153 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:47:41.269928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:47:41.458895 1.174720 tcp 10.0.2.109 50154 -> 195.113.214.222 443 SRPA* 0 0 21 13074 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:47:42.634462 0.304697 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:47:42.939554 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 23:47:58.075437 0.573831 tcp 10.0.2.109 50155 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:47:58.649550 0.584602 tcp 10.0.2.109 50156 -> 195.113.214.222 80 SRPA* 0 0 18 13318 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:47:59.234886 0.397597 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:47:59.632962 0.476344 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:00.109736 0.395966 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:00.506104 0.320744 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:00.827251 0.474748 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:01.302555 0.385413 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:01.688380 0.461088 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:02.149865 0.293627 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:02.443843 0.585805 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:03.030001 0.501385 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:03.531771 0.330099 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:03.862241 0.410329 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:04.273007 0.519928 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:04.793339 0.348442 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:05.142290 0.390247 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:05.532934 0.382407 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:05.915702 0.425261 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:06.341367 0.423201 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:06.764971 0.353741 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:07.119138 0.401351 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:07.520909 0.367424 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:07.888731 0.410307 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:08.299445 0.386108 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:08.685984 0.418823 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:09.105196 0.557906 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:09.663511 0.470805 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:10.134673 0.000000 udp 10.0.2.109 3683 -> 70.50.36.75 7183 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 23:48:13.276103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:48:25.565181 0.555162 tcp 10.0.2.109 50157 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:48:26.120638 0.569974 tcp 10.0.2.109 50158 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:48:26.690863 1.168516 tcp 10.0.2.109 50159 -> 195.113.214.222 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:48:27.860016 0.275468 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:28.135916 0.280599 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:28.416915 0.441194 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:28.858587 0.000000 udp 10.0.2.109 3683 -> 50.101.99.139 9400 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/04 23:48:44.442340 0.553795 tcp 10.0.2.109 50160 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:48:44.996430 0.565480 tcp 10.0.2.109 50161 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:48:45.562230 1.259834 tcp 10.0.2.109 50162 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/04 23:48:46.822797 0.308400 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:47.131610 0.437748 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:47.569763 0.417167 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:47.987350 0.303685 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:48.291445 0.527774 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:48.819586 0.640755 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:48:49.460747 0.386432 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/04 23:54:17.282694 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/04 23:54:24.289765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:54:32.291110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:54:48.294299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/04 23:55:20.299849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:01:24.306620 3.001264 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 00:01:31.313663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:01:39.314650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:01:55.317914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:02:27.323835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:03:33.038867 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 00:03:33.038992 2.919561 tcp 10.0.2.109 50163 -> 211.38.175.27 4598 FSPA* 0 0 15 1793 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:08:31.330045 3.001569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 00:08:38.337299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:08:46.339102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:09:02.341752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:09:34.347801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:15:38.355080 3.000713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 00:15:45.361697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:15:53.362917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:16:09.366026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:16:41.371959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:18:57.137134 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 00:18:57.137230 0.399071 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:18:57.536708 0.000000 udp 10.0.2.109 3683 -> 70.50.36.75 7183 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 00:19:15.626257 0.562757 tcp 10.0.2.109 50164 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:19:16.189312 0.554132 tcp 10.0.2.109 50165 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:19:16.743705 1.174944 tcp 10.0.2.109 50166 -> 195.113.214.222 443 SRPA* 0 0 25 13918 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:19:17.919402 0.000000 udp 10.0.2.109 3683 -> 50.101.99.139 9400 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 00:19:34.582338 0.562066 tcp 10.0.2.109 50167 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:19:35.144693 0.584334 tcp 10.0.2.109 50168 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:19:35.728887 1.156468 tcp 10.0.2.109 50169 -> 195.113.214.222 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:19:36.885563 0.390120 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:37.276115 0.284867 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:37.561444 0.392737 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:37.954545 0.395726 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:38.350682 0.440515 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:38.791629 0.318430 udp 10.0.2.109 3683 <-> 81.130.200.117 1649 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:39.110487 0.448469 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:39.559323 0.412826 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:39.972615 0.456002 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:40.429026 0.584781 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:41.014259 0.294391 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:41.309068 0.327254 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:41.636736 0.505853 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:42.143073 0.403317 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:42.546793 0.518571 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:43.065749 0.363888 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:43.430036 0.353351 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:43.783848 0.406558 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:44.190828 0.412864 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:44.604131 0.422313 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:45.026856 0.407457 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:45.434711 0.338592 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:45.773693 0.359256 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:46.133360 0.384992 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:46.518775 0.407928 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:46.927132 0.428840 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:47.356394 0.698032 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:48.054844 0.464929 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:48.520173 0.449891 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:48.970443 0.297879 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:49.268730 0.286502 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:49.555603 0.410475 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:49.966449 0.314916 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:50.281797 0.522917 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:50.805132 0.310632 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:51.116199 0.394630 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:51.511179 0.601739 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:19:52.113354 0.379079 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:22:45.377723 3.001608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 00:22:52.385450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:23:00.387317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:23:16.389871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:23:48.395694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:29:52.402613 3.000997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 00:29:59.408974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:30:07.410691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:30:23.414151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:30:55.419843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:33:35.961681 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 00:33:35.961784 2.684510 tcp 10.0.2.109 50170 -> 211.38.175.27 4598 FSPA* 0 0 14 1627 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:36:59.425794 3.001415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 00:37:06.433352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:37:14.435051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:37:30.437783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:38:02.443969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:44:06.449022 3.002766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 00:44:13.457507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:44:21.459079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:44:37.462118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:45:09.467846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:50:15.437957 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 00:50:15.438287 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 00:50:31.172844 0.571899 tcp 10.0.2.109 50171 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:50:31.745084 0.563194 tcp 10.0.2.109 50172 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:50:32.308580 1.180235 tcp 10.0.2.109 50173 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:50:33.489522 0.397322 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:33.887182 0.419298 udp 10.0.2.109 3683 <-> 99.45.44.111 8183 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:34.306830 0.300695 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:34.607914 0.388685 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:34.996996 0.459088 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:35.456491 0.391594 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:35.848448 0.000000 udp 10.0.2.109 3683 -> 81.130.200.117 1649 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 00:50:52.632148 0.547733 tcp 10.0.2.109 50174 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:50:53.180192 0.576353 tcp 10.0.2.109 50175 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:50:53.756854 1.143060 tcp 10.0.2.109 50176 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:50:54.900681 0.447620 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:55.348707 0.456808 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:55.805901 0.583419 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:56.389673 0.284683 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:50:56.674727 0.000000 udp 10.0.2.109 3683 -> 81.133.186.146 7761 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 00:51:12.080614 0.587754 tcp 10.0.2.109 50177 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:51:12.668617 0.561985 tcp 10.0.2.109 50178 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:51:13.230916 1.157836 tcp 10.0.2.109 50179 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/05 00:51:13.473958 3.001304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 00:51:14.389332 0.502325 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:14.892077 0.397451 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:15.289942 0.344932 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:15.635249 0.538392 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:16.173973 0.376239 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:16.550618 0.389851 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:16.940847 0.398721 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:17.339948 0.411986 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:17.752348 0.400729 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:18.153433 0.341969 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:18.495805 0.369656 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:18.865887 0.382119 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:19.248463 0.423861 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:19.672724 0.430954 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:20.104105 0.588330 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:20.481135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:51:20.692872 0.469091 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:21.162492 0.431368 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:21.594509 0.298115 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:21.893035 0.282218 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:22.175639 0.422831 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:22.598875 0.313459 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:22.912742 0.436666 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:23.349804 0.310300 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:23.660503 0.426134 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:24.087042 0.595434 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:24.682855 0.364845 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 00:51:28.482531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:51:44.485694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:52:16.491605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:58:21.579158 3.002136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 00:58:28.586837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:58:36.588262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:58:52.591497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 00:59:24.597334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:03:38.733199 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 01:03:38.733301 2.743235 tcp 10.0.2.109 50180 -> 211.38.175.27 4598 FSPA* 0 0 14 1643 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:05:28.617334 2.997494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 01:05:35.620857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:05:43.622088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:05:59.625361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:06:31.631206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:12:35.637312 3.001381 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 01:12:42.644761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:12:50.646234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:13:06.649150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:13:38.654878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:19:42.660610 3.002365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 01:19:49.668640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:19:57.670077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:20:13.673416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:20:45.679508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:21:40.027611 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 01:21:40.027811 0.395559 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:21:40.423771 0.000000 udp 10.0.2.109 3683 -> 81.130.200.117 1649 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 01:21:59.217894 0.558782 tcp 10.0.2.109 50181 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:21:59.776912 0.576289 tcp 10.0.2.109 50182 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:22:00.353448 1.170100 tcp 10.0.2.109 50183 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:22:01.524270 0.355520 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:01.880130 0.392926 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:02.273449 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 01:22:17.812892 0.582312 tcp 10.0.2.109 50184 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:22:18.395523 0.565035 tcp 10.0.2.109 50185 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:22:18.960872 1.171686 tcp 10.0.2.109 50186 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:22:20.133153 1.129853 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:21.263436 0.294804 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:21.558593 0.401942 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:21.960903 0.472173 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:22.433490 0.462389 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:22.896296 0.447741 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:23.344380 0.295265 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:23.640064 0.579475 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:24.219923 0.513471 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:24.733752 0.397249 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:25.131391 0.345777 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:25.477530 0.402112 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:25.880057 0.523982 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:26.404422 0.388822 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:26.793690 0.412114 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:27.206249 0.430884 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:27.637534 0.367395 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:28.005340 0.419578 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:28.425257 0.361683 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:28.787346 0.384430 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:29.172166 0.411678 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:29.584175 0.419796 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:30.004345 0.743925 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:30.748700 0.479170 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:31.228248 0.448423 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:31.677088 0.295803 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:31.973322 0.309136 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:32.282846 0.284418 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:32.567680 0.424716 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:32.992868 0.435545 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:33.430159 0.300324 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:33.730893 0.377215 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:34.108508 0.433939 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:22:34.542888 0.616734 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:26:49.689899 2.996978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 01:26:56.692331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:27:04.694181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:27:20.697219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:27:52.702980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:33:41.485155 0.000194 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 01:33:41.485461 2.733384 tcp 10.0.2.109 50187 -> 211.38.175.27 4598 FSPA* 0 0 15 1644 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:33:56.709437 3.001586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 01:34:03.716198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:34:11.718559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:34:27.721310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:34:59.726804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:41:03.733806 3.000860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 01:41:10.740497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:41:18.742304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:41:34.744883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:42:06.751140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:48:10.756505 3.002542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 01:48:17.764757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:48:25.765932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:48:41.768976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:49:13.775119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:52:44.658378 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 01:52:44.658478 0.000000 udp 10.0.2.109 3683 -> 99.45.44.111 8183 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 01:53:02.066269 0.570638 tcp 10.0.2.109 50188 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:53:02.637163 0.609529 tcp 10.0.2.109 50189 -> 195.113.214.222 80 SRPA* 0 0 20 14736 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:53:03.247217 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 01:53:18.708425 0.560638 tcp 10.0.2.109 50190 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:53:19.268947 0.620851 tcp 10.0.2.109 50191 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:53:19.890260 1.158905 tcp 10.0.2.109 50192 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/05 01:53:21.049883 0.335107 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:21.385420 0.393316 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:21.779142 0.563352 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:22.342907 0.289064 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:22.632387 0.383442 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:23.016244 0.472847 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:23.489509 0.477805 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:23.967727 0.471778 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:24.439936 0.279073 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:24.719473 0.581387 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:25.301257 0.507423 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:25.809073 0.383633 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:26.193061 0.395628 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:26.589104 0.343118 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:26.932561 0.539274 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:27.472204 0.378447 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:27.851009 0.403922 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:28.255325 0.421995 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:28.677700 0.361849 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:29.040010 0.407048 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 587 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:29.447471 0.342093 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:29.789978 0.408595 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:30.198997 0.386769 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:30.586194 0.411871 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:30.998445 0.526965 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:31.525901 0.480198 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:32.006497 0.448298 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:32.455161 0.283168 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:32.738737 0.445912 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:33.184992 0.315986 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:33.501390 0.276167 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:33.777966 0.421032 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:34.199341 0.309073 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:34.508819 0.364253 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:34.873482 0.424086 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:53:35.297991 0.581642 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/05 01:55:17.781607 3.001063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 01:55:24.788741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:55:32.790317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:55:48.793087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 01:56:20.798862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:02:24.805074 3.001430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 02:02:31.812491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:02:39.813948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:02:55.817066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:03:27.822924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:03:44.226946 0.000197 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 02:03:44.227248 2.635494 tcp 10.0.2.109 50193 -> 211.38.175.27 4598 FSPA* 0 0 14 1509 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:09:31.828773 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 02:09:38.836048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:09:46.837677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:10:02.841012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:10:34.846996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:16:38.852455 3.002446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 02:16:45.860016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:16:53.861602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:17:09.864533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:17:41.870835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:23:45.877687 3.000830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 02:23:52.884480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:23:55.157750 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 02:23:55.157933 0.409411 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:23:55.567757 0.339320 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:23:55.907494 0.390516 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:23:56.298609 0.387203 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:23:56.686199 0.000000 udp 10.0.2.109 3683 -> 99.26.224.9 5585 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 02:24:00.885670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:24:14.998861 0.563251 tcp 10.0.2.109 50194 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:24:15.562364 0.562178 tcp 10.0.2.109 50195 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:24:16.124795 1.193352 tcp 10.0.2.109 50196 -> 195.113.214.222 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:24:16.888954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:24:17.318447 0.286687 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:17.605494 0.478801 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:18.084723 0.449175 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:18.534468 0.461651 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:18.996467 0.289811 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:19.286689 0.590090 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:19.877115 0.491453 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:20.368956 0.000000 udp 10.0.2.109 3683 -> 86.142.201.20 3951 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 02:24:38.431055 0.564970 tcp 10.0.2.109 50197 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:24:38.995868 0.539330 tcp 10.0.2.109 50198 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:24:39.535463 1.169457 tcp 10.0.2.109 50199 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:24:40.705617 0.387559 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:41.093547 0.396999 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:41.490951 0.526635 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:42.017973 0.376251 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:42.394695 0.406150 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:42.801241 0.439033 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:43.240626 0.354544 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:43.595543 0.408076 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:44.004014 0.355270 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:44.359684 0.408230 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:44.768320 0.435599 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:45.204270 0.371412 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:45.576121 0.668399 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:46.244936 0.453332 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:46.698675 0.445185 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:47.144253 0.303960 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:47.448645 0.281622 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:47.730664 0.430947 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:48.162019 0.309662 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:48.472086 0.381167 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:48.853601 0.470824 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:48.895119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:24:49.324851 0.303594 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:49.628880 0.429971 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:24:50.059224 0.602462 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:30:52.900380 3.002244 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 02:30:59.908094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:31:07.910113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:31:23.912816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:31:55.919022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:33:46.869119 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 02:33:46.869305 2.913370 tcp 10.0.2.109 50200 -> 211.38.175.27 4598 FSPA* 0 0 14 1631 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:37:59.925242 3.001192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 02:38:06.932097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:38:14.934274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:38:30.936873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:39:02.942449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:45:06.949140 3.001521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 02:45:13.955995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:45:21.957436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:45:37.960616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:46:09.966970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:52:13.972068 3.002419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 02:52:20.979941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:52:28.981893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:52:44.984952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:53:16.990820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:55:15.130698 0.000161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 02:55:15.130959 0.000000 udp 10.0.2.109 3683 -> 99.26.224.9 5585 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 02:55:30.755088 0.561286 tcp 10.0.2.109 50201 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:55:31.316687 0.569740 tcp 10.0.2.109 50202 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:55:31.886683 1.159415 tcp 10.0.2.109 50203 -> 195.113.214.222 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/05 02:55:33.046887 0.329279 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:33.376572 0.329192 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:33.706189 0.429218 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:34.135796 0.387116 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:34.523335 0.407564 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:34.931314 0.296180 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:35.227855 0.460624 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:35.688864 0.464674 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:36.153953 0.456855 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:36.611200 0.308206 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:36.919816 0.587706 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:37.507902 0.514144 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:38.022577 0.542997 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:38.565945 0.391642 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:38.958010 0.399450 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:39.357866 0.374448 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:39.732721 0.430944 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:40.164094 0.429128 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:40.593661 0.371420 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:40.965453 0.403902 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:41.369766 0.350877 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:41.721043 0.411075 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:42.132525 0.418846 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:42.551796 0.390144 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:42.942489 0.517576 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:43.460472 0.469454 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:43.930319 0.441828 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:44.372608 0.281705 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:44.654725 0.288882 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:44.944038 0.380878 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:45.325293 0.419973 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:45.745676 0.305716 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:46.051793 0.427584 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:46.479714 0.307730 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:46.787814 0.495843 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:55:47.284055 0.594849 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/05 02:59:20.997547 3.000976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 02:59:28.003932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:59:36.005578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 02:59:52.008555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:00:24.014919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:03:49.790886 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 03:03:49.791126 2.899491 tcp 10.0.2.109 50204 -> 211.38.175.27 4598 FSPA* 0 0 14 1589 flow=From-Botnet-V1-TCP-Established 1970/01/05 03:06:28.021293 3.000703 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 03:06:35.027964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:06:43.029424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:06:59.032980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:07:31.039108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:13:35.044315 3.001651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 03:13:42.051979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:13:50.053520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:14:06.056246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:14:38.062572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:20:42.068681 3.001246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 03:20:49.076004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:20:57.077296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:21:13.080822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:21:45.086345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:26:05.351040 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 03:26:05.351141 0.350267 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:05.701792 0.329083 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:06.031304 0.399071 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:06.430724 0.424245 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:06.855364 0.386910 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:07.242672 0.269481 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:07.512576 0.456272 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:07.969284 0.464958 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:08.434597 0.454310 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:08.889347 0.290420 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:09.180153 0.583229 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:09.763792 0.496699 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:10.260872 0.534949 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:10.796195 0.394767 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:11.191381 0.389943 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:11.581669 0.375563 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:11.957667 0.428657 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:12.386674 0.432798 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:12.819867 0.352506 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:13.172775 0.410786 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:13.583920 0.341653 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:13.925943 0.385099 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:14.311417 0.407990 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:14.719773 0.415780 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:15.135953 0.872722 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:16.009108 0.472102 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:16.481555 0.424545 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:16.906479 0.312020 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:17.218862 0.276460 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:17.495724 0.356766 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:17.852891 0.426623 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:18.279943 0.312506 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:18.592793 0.304215 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:18.897355 0.438094 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:19.335866 0.416191 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:26:19.752466 0.603299 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:27:49.093171 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 03:27:56.100078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:28:04.101171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:28:20.104792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:28:52.110851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:33:52.692798 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 03:33:52.692896 2.852837 tcp 10.0.2.109 50205 -> 211.38.175.27 4598 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/01/05 03:34:56.116959 3.000909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 03:35:03.123897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:35:11.125553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:35:27.128657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:35:59.134314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:42:03.140284 3.001937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 03:42:10.147768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:42:18.149492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:42:34.152316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:43:06.158175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:49:10.165163 3.001112 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 03:49:17.171954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:49:25.173733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:49:41.176880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:50:13.182301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:56:17.188830 3.001582 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 03:56:24.195503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:56:26.439648 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 03:56:26.439861 0.339709 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:26.779948 0.329469 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:27.109786 0.406653 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:27.516860 0.410804 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:27.928004 0.392115 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:28.320528 0.287993 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:28.608904 0.472137 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:29.081475 0.477169 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:29.559050 0.464263 udp 10.0.2.109 3683 <-> 24.8.201.73 5506 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:30.023675 0.289568 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:30.313605 0.582562 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:30.896584 0.513410 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:31.410501 0.524190 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:31.935087 0.378784 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:32.197080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:56:32.314447 0.381125 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:32.695985 0.404485 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:33.100867 0.410846 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:33.512130 0.420189 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:33.932665 0.348577 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:34.281579 0.400691 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:34.682722 0.372337 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:35.055477 0.396946 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:35.452827 0.419983 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:35.873206 0.422499 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:36.296114 1.137756 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:37.434398 0.459032 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:37.893813 0.445127 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:38.339329 0.291378 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:38.631071 0.280648 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:38.912114 0.372363 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:39.284824 0.313645 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:39.598830 0.415030 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:40.014470 0.299876 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:40.314753 0.433875 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:40.749061 0.417725 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:41.167200 0.592206 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/05 03:56:48.200431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 03:57:20.206369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:03:24.213158 3.000753 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 04:03:31.220333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:03:39.221376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:03:55.224421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:03:55.545322 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 04:03:55.545646 2.880600 tcp 10.0.2.109 50206 -> 211.38.175.27 4598 FSPA* 0 0 15 1698 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:04:27.230424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:10:31.237140 3.000548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 04:10:38.244110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:10:46.245637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:11:02.248206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:11:34.254767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:17:38.259636 3.002329 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 04:17:45.268411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:17:53.269914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:18:09.272759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:18:41.277991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:24:45.865199 3.001638 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 04:24:52.872211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:25:00.873755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:25:16.876936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:25:48.883423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:26:53.696611 0.000161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 04:26:53.696873 0.351637 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:26:54.048936 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 04:27:10.743352 0.566867 tcp 10.0.2.109 50207 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:27:11.310554 0.585510 tcp 10.0.2.109 50208 -> 195.113.214.222 80 SRPA* 0 0 18 8384 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:27:11.896224 0.332682 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:12.229348 0.394308 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:12.624026 0.388097 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:13.012519 0.288897 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:13.301848 0.000000 udp 10.0.2.109 3683 -> 24.8.201.73 5506 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 04:27:31.352122 0.578015 tcp 10.0.2.109 50209 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:27:31.930495 0.584293 tcp 10.0.2.109 50210 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:27:32.515063 1.395469 tcp 10.0.2.109 50211 -> 195.113.214.222 443 SRPA* 0 0 37 27877 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:27:33.911221 0.471752 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:34.383384 0.472374 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:34.856159 0.297047 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:35.153604 0.578369 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:35.732373 0.499314 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:36.232070 0.521746 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:36.754270 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 04:27:54.445028 0.574155 tcp 10.0.2.109 50212 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:27:55.019429 0.592928 tcp 10.0.2.109 50213 -> 195.113.214.222 80 SRPA* 0 0 18 13374 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:27:55.612904 0.390786 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:56.004117 0.434631 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:56.439167 0.407365 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:56.846902 0.404791 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:57.252105 0.347775 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:57.600274 0.408563 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:58.009284 0.413593 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:58.423300 0.353679 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:58.777411 0.379617 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:59.157444 0.426884 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:27:59.584662 1.553655 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:01.138664 0.454395 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:01.593465 0.432293 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:02.026231 0.296244 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:02.322874 0.294136 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:02.617404 0.428888 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:03.046683 0.361608 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:03.408680 0.318248 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:03.727328 0.295912 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:04.023580 0.421240 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:04.445205 0.466767 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:28:04.912343 0.614853 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:31:52.888815 3.002232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 04:31:59.896565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:32:07.897763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:32:23.901132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:32:55.907092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:33:58.707955 0.000201 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 04:33:58.708266 2.882415 tcp 10.0.2.109 50214 -> 211.38.175.27 4598 FSPA* 0 0 15 1740 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:38:59.913420 3.001037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 04:39:06.920163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:39:14.922032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:39:30.924831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:40:02.930939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:46:06.937438 3.001396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 04:46:13.944327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:46:21.945838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:46:37.949041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:47:09.955234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:53:13.961217 3.001420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 04:53:20.968405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:53:28.969825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:53:44.972569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:54:16.978853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 04:58:20.880299 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 04:58:20.880501 0.418130 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:21.299061 0.000000 udp 10.0.2.109 3683 -> 24.8.201.73 5506 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 04:58:39.919827 0.563713 tcp 10.0.2.109 50215 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:58:40.483819 0.551856 tcp 10.0.2.109 50216 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:58:41.035964 1.170832 tcp 10.0.2.109 50217 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/05 04:58:42.207464 0.385634 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:42.593492 0.349072 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:42.942967 0.417844 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:43.361210 0.391706 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:43.753358 0.386875 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:44.140625 0.303643 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:44.444716 0.452534 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:44.897658 0.455656 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:45.353687 0.583220 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:45.937317 0.273335 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:46.211070 0.591579 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:46.803034 0.536199 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:47.339665 0.404452 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:47.744525 0.369440 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:48.114510 0.438813 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:48.553650 0.408427 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:48.962483 0.351338 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:49.314406 0.359054 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:49.673858 0.415697 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:50.089999 0.414561 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:50.504968 0.395248 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:50.900622 0.423570 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:51.324571 0.539024 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:51.864010 0.472011 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:52.336446 0.449586 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:52.786483 0.305158 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:53.092057 0.280863 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:53.373291 0.302716 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:53.676398 0.432910 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:54.109636 0.373603 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:54.483652 0.446606 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:54.930578 0.311904 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:55.242883 0.436972 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 04:58:55.680255 0.612725 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:00:20.985616 3.000829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 05:00:27.992704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:00:35.994271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:00:51.997125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:01:24.002583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:04:01.590366 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 05:04:01.590454 4.360820 tcp 10.0.2.109 50218 -> 211.38.175.27 4598 FSPA* 0 0 15 1700 flow=From-Botnet-V1-TCP-Established 1970/01/05 05:07:28.009264 3.001158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 05:07:35.016013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:07:43.017693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:07:59.020728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:08:31.027206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:14:35.033061 3.001807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 05:14:42.040090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:14:50.041908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:15:06.045141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:15:38.050893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:21:42.057305 3.001081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 05:21:49.064469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:21:57.065994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:22:13.068945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:22:45.074854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:28:49.080490 3.002242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 05:28:56.088304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:29:04.089810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:29:12.121696 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 05:29:12.121857 0.417444 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:12.539655 0.384157 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:12.924253 0.394844 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:13.319554 0.331019 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:13.651002 0.334331 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:13.985761 0.543294 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:14.529472 0.388454 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:14.918377 0.289222 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:15.207985 0.440625 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:15.649050 0.506604 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:16.156111 0.592409 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:16.748975 0.283373 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:17.032764 0.529781 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:17.562949 0.406457 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:17.969757 0.518946 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:18.489051 0.424484 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:18.913918 0.419103 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:19.333433 0.348746 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:19.682542 0.365308 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:20.048289 0.381103 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:20.092957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:29:20.429772 0.407145 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:20.837309 0.413326 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:21.251075 0.425622 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:21.677104 0.509130 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:22.186667 0.488629 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:22.675655 0.438449 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:23.114528 0.298104 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:23.413037 0.275716 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:23.689113 0.288520 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:23.978054 0.425923 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:24.404355 0.381274 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:24.786011 0.436446 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:25.222832 0.418374 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:25.641571 0.313002 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:25.954965 0.609345 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:29:52.099267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:34:04.441777 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 05:34:04.441885 2.886648 tcp 10.0.2.109 50219 -> 211.38.175.27 4598 FSPA* 0 0 14 1657 flow=From-Botnet-V1-TCP-Established 1970/01/05 05:35:56.105076 3.001746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 05:36:03.112582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:36:11.113971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:36:27.117065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:36:59.122762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:43:03.128284 3.002217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 05:43:10.136011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:43:18.137806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:43:34.140851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:44:06.146842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:50:10.153209 3.001129 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 05:50:17.159805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:50:25.161746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:50:41.164425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:51:13.171068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:57:17.176638 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 05:57:24.184077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:57:32.185344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:57:48.188427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:58:20.194816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 05:59:42.132510 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 05:59:42.132696 0.414224 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 05:59:42.547325 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 05:59:57.997482 1.239081 tcp 10.0.2.109 50220 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 05:59:59.236876 0.571940 tcp 10.0.2.109 50221 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 05:59:59.809141 1.387706 tcp 10.0.2.109 50222 -> 195.113.214.222 443 SRPA* 0 0 36 25761 flow=From-Botnet-V1-TCP-Established 1970/01/05 06:00:01.197537 0.403815 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:01.601760 0.353490 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:01.955573 0.399623 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:02.355549 0.329910 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:02.685849 0.462562 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:03.148820 0.290774 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:03.439964 0.466723 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:03.917369 0.482030 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:04.399844 0.577185 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:04.977460 0.290370 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:05.268173 0.531641 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:05.800243 0.435632 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:06.236291 0.397356 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:06.767003 0.382462 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:07.149878 0.415845 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:07.566305 0.350047 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:07.916718 0.411478 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:08.328632 0.345669 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:08.674711 0.386653 udp 10.0.2.109 3683 <-> 70.24.146.242 5152 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:09.061709 0.415334 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:09.477389 0.419639 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:09.897446 1.111286 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:11.009153 0.438526 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:11.448110 0.450495 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:11.898951 0.303390 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:12.202741 0.282471 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:12.485649 0.384570 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:12.870555 0.321505 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:13.192465 0.396898 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:13.589773 0.435941 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:14.026120 0.419096 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:14.445582 0.296000 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:00:14.742007 0.611706 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:04:07.654798 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 06:04:07.654895 2.887980 tcp 10.0.2.109 50223 -> 211.38.175.27 4598 FSPA* 0 0 14 1508 flow=From-Botnet-V1-TCP-Established 1970/01/05 06:04:24.521515 3.000947 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 06:04:31.528721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:04:39.529807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:04:55.532917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:05:27.539360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:11:31.544949 3.002070 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 06:11:38.552781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:11:46.553844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:12:02.557063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:12:34.562722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:18:38.568850 3.002105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 06:18:45.576131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:18:53.577759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:19:09.581299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:19:41.586966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:25:45.593298 3.001802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 06:25:52.600676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:26:00.602146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:26:16.605122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:26:48.611190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:30:30.099842 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 06:30:30.100000 0.387921 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:30.488364 0.423683 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:30.912437 0.415207 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:31.328046 0.349780 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:31.678261 0.470603 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:32.149212 0.386642 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:32.536290 0.326605 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:32.863306 0.289135 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:33.152821 0.454750 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:33.607955 0.471443 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:34.079840 0.588874 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:34.669187 0.288154 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:34.957751 0.532894 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:35.491069 0.432542 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:35.923974 0.400464 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:36.324827 0.402751 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:36.727965 0.409130 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:37.137539 0.352043 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:37.490008 0.408844 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:37.899264 0.345229 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:38.244846 0.000000 udp 10.0.2.109 3683 -> 70.24.146.242 5152 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 06:30:56.229412 0.576673 tcp 10.0.2.109 50224 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 06:30:56.806382 0.550318 tcp 10.0.2.109 50225 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 06:30:57.356969 1.155682 tcp 10.0.2.109 50226 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/05 06:30:58.513372 0.411823 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:58.925656 0.427348 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:30:59.353435 0.648382 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:00.002275 0.310442 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:00.313185 0.460128 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:00.773739 0.439505 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:01.213640 0.271462 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:01.485517 0.371385 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:01.857305 0.311262 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:02.168968 0.431962 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:02.601342 0.429618 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:03.031325 0.410231 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:03.441977 0.307788 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:31:03.750328 0.651116 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/05 06:32:52.617153 3.231839 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 06:32:59.854743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:33:07.856452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:33:23.859191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:33:55.865429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:34:10.657142 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 06:34:10.657239 2.834205 tcp 10.0.2.109 50227 -> 211.38.175.27 4598 FSPA* 0 0 14 1660 flow=From-Botnet-V1-TCP-Established 1970/01/05 06:39:59.871226 3.001829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 06:40:06.878646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:40:14.879920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:40:30.883387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:41:02.888961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:47:08.407542 3.001532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 06:47:15.414893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:47:23.416163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:47:39.419436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:48:11.425143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:54:15.431978 3.000762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 06:54:22.438654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:54:30.440424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:54:46.443064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 06:55:18.449322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:01:12.939377 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 07:01:12.939575 0.000000 udp 10.0.2.109 3683 -> 70.24.146.242 5152 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 07:01:22.455740 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 07:01:29.462527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:01:31.888607 0.541277 tcp 10.0.2.109 50228 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 07:01:32.430398 0.564509 tcp 10.0.2.109 50229 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 07:01:32.995246 1.167199 tcp 10.0.2.109 50230 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/05 07:01:34.163023 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 07:01:37.463940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:01:51.375229 0.566105 tcp 10.0.2.109 50231 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/05 07:01:51.941596 0.574880 tcp 10.0.2.109 50232 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/05 07:01:52.516800 1.172064 tcp 10.0.2.109 50233 -> 195.113.214.222 443 SRPA* 0 0 23 13144 flow=From-Botnet-V1-TCP-Established 1970/01/05 07:01:53.467382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:01:53.689619 0.405413 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:54.095399 0.405913 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:54.501673 0.348440 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:54.850458 0.390808 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:55.241692 0.446669 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:55.688798 0.456231 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:56.145438 0.463631 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:56.609505 0.295183 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:56.905067 0.511248 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:57.416718 0.582179 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:57.999301 0.291267 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:58.290923 0.529024 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:58.820356 0.393363 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:59.214294 0.431908 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:01:59.646611 0.389933 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:00.036947 0.340654 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:00.377971 0.416241 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:00.794632 0.344484 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:01.139562 0.406098 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:01.546080 0.423124 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:01.969693 0.418694 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:02.388774 0.480267 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:02.869406 0.799586 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:03.669345 0.300214 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:03.969995 0.434011 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:04.404399 0.274052 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:04.678868 0.422066 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:05.106982 0.376624 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:05.484001 0.313133 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:05.797581 0.307650 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:06.105647 0.554643 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:06.660700 0.464318 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:07.125393 0.581075 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:02:25.473081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:04:14.239807 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 07:04:14.239916 2.703620 tcp 10.0.2.109 50234 -> 211.38.175.27 4598 FSPA* 0 0 12 1568 flow=From-Botnet-V1-TCP-Established 1970/01/05 07:08:29.479916 3.001116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 07:08:36.486867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:08:44.488076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:09:00.491528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:09:32.497508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:15:36.503681 3.001332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 07:15:43.510747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:15:51.512396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:16:07.515119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:16:39.521273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:22:43.527982 3.000922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 07:22:50.534793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:22:58.535974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:23:14.539576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:23:46.545011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:29:50.551640 3.000997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 07:29:57.558981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:30:05.560014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:30:21.563176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:30:53.569371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:32:33.723936 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 07:32:33.724201 0.389516 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:34.114168 0.408095 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:34.522675 0.409765 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:34.932863 0.464929 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:35.398256 0.349590 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:35.748206 0.415495 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:36.164151 0.432058 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:36.596575 0.459458 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:37.056447 0.309278 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:37.366136 0.497225 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:37.863729 0.582191 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:38.446348 0.297569 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:38.744348 0.427719 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:39.172434 0.529255 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:39.702265 0.413665 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:40.116265 0.384870 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:40.501492 0.350414 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:40.852307 0.412173 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:41.264813 0.354125 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:41.619293 0.413599 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:42.033310 0.404193 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:42.437851 0.437136 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:42.875351 0.503673 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:43.379382 0.600395 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:43.980136 0.302190 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:44.282738 0.431309 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:44.714409 0.279911 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:44.994672 0.310242 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:45.305321 0.431112 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:45.736832 0.375430 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:46.112663 0.304721 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:46.417783 0.425070 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:46.843226 0.425523 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:32:47.269128 0.597927 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/05 07:34:16.951921 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 07:34:16.952133 2.693585 tcp 10.0.2.109 50235 -> 211.38.175.27 4598 FSPA* 0 0 14 1509 flow=From-Botnet-V1-TCP-Established 1970/01/05 07:36:57.576008 3.001166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 07:37:04.582533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:37:12.584269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:37:28.587128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:38:00.593500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:44:04.599596 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 07:44:11.606691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:44:19.607707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:44:35.611108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:45:07.617203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:51:11.623456 3.001263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 07:51:18.630316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:51:26.631681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:51:42.634925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:52:14.641233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:58:18.647353 3.001040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 07:58:25.654498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:58:33.656288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:58:49.659175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 07:59:21.665279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:02:50.405601 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 08:02:50.405832 0.380945 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:50.787204 0.405607 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:51.193187 0.371247 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:51.564799 0.400565 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:51.965732 0.449639 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:52.415793 0.391125 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:52.807383 0.323336 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:53.131177 0.459351 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:53.590918 0.291749 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:53.883079 0.283511 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:54.167029 0.497512 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:54.665002 0.583895 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:55.249292 0.429959 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:55.679600 0.542262 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:56.222284 0.399529 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:56.622413 0.391960 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:57.014779 0.365705 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:57.380902 0.414497 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:57.795735 0.331014 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:58.127106 0.408640 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:58.536091 0.418022 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:58.954507 0.415537 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:59.370625 0.453517 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:02:59.824564 0.441011 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:00.265999 0.852389 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:01.118794 0.304097 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:01.423287 0.273450 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:01.697077 0.293815 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:01.991249 0.427179 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:02.418821 0.366483 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:02.785691 0.302595 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:03.088675 0.409607 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:03.498642 0.421494 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:03:03.920530 0.677854 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:04:19.654093 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 08:04:19.654309 2.652462 tcp 10.0.2.109 50236 -> 211.38.175.27 4598 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/01/05 08:05:25.671313 3.001642 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 08:05:32.678145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:05:40.679975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:05:56.683142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:06:28.689068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:12:32.695404 3.001343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 08:12:39.702347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:12:47.704042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:13:03.707153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:13:35.712855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:19:39.719791 3.001216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 08:19:46.726149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:19:54.727710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:20:10.730923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:20:42.736961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:26:46.742494 3.002376 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 08:26:53.750220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:27:01.751502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:27:17.755293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:27:49.761245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:33:18.974397 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 08:33:18.974507 0.376735 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:19.351632 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 08:33:37.243688 0.579903 tcp 10.0.2.109 50237 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 08:33:37.823819 0.577711 tcp 10.0.2.109 50238 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 08:33:38.401839 1.387926 tcp 10.0.2.109 50239 -> 195.113.214.222 443 SRPA* 0 0 36 26973 flow=From-Botnet-V1-TCP-Established 1970/01/05 08:33:39.790594 0.348043 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:40.138969 0.391653 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:40.530966 0.396498 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:40.927836 0.462256 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:41.390480 0.322511 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:41.713455 0.463086 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:42.176946 0.499963 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:42.677302 0.301059 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:42.978758 0.289520 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:43.268718 0.582764 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:43.851909 0.435505 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:44.287829 0.534017 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:44.822228 0.404206 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:45.226809 0.384858 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:45.612092 0.346995 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:45.959464 0.417081 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:46.376958 0.358708 udp 10.0.2.109 3683 <-> 128.197.51.218 6504 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:33:46.736073 0.000000 udp 10.0.2.109 3683 -> 71.16.73.123 1463 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 08:33:53.766882 3.001875 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 08:34:00.773958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:34:04.801100 0.573924 tcp 10.0.2.109 50240 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 08:34:05.375270 0.603515 tcp 10.0.2.109 50241 -> 195.113.214.222 80 SRPA* 0 0 20 14727 flow=From-Botnet-V1-TCP-Established 1970/01/05 08:34:05.979405 0.410838 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:06.390662 0.429982 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:06.821047 0.478231 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:07.299684 0.448372 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:07.748476 1.896408 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:08.775681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:34:09.645260 0.304435 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:09.950058 0.262478 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:10.212923 0.378179 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:10.591531 0.285536 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:10.877472 0.424065 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:11.301903 0.314875 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:11.617146 0.429765 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:12.047329 0.420846 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:12.468586 0.595115 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/05 08:34:22.305885 2.661551 tcp 10.0.2.109 50242 -> 211.38.175.27 4598 FSPA* 0 0 14 1518 flow=From-Botnet-V1-TCP-Established 1970/01/05 08:34:24.778489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:34:56.784884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:41:00.791316 3.000845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 08:41:07.798383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:41:15.799661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:41:31.802788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:42:03.809207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:48:07.814932 3.001804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 08:48:14.822038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:48:22.823980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:48:38.826706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:49:10.833042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:55:14.838613 3.001941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 08:55:21.845926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:55:29.847454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:55:45.850767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 08:56:17.856596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:02:21.862347 3.002102 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 09:02:28.869902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:02:36.871881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:02:52.874884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:03:24.881071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:04:16.104973 0.000161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 09:04:16.105232 0.399583 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:16.505187 0.416626 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:16.922251 0.404300 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:17.326978 0.400743 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:17.728081 0.341079 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:18.069632 0.477032 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:18.547039 0.400643 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:18.948029 0.320645 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:19.269105 0.496960 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:19.766462 0.470261 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:20.237138 0.266774 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:20.504332 0.290355 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:20.795030 0.428725 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:21.224129 0.572009 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:21.796525 0.405995 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:22.202972 0.546033 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:22.749376 0.376913 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:23.126664 0.000000 udp 10.0.2.109 3683 -> 128.197.51.218 6504 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 09:04:24.968090 2.641502 tcp 10.0.2.109 50243 -> 211.38.175.27 4598 FSPA* 0 0 14 1510 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:04:38.429387 0.580051 tcp 10.0.2.109 50244 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:04:39.009705 0.582024 tcp 10.0.2.109 50245 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:04:39.592020 1.168003 tcp 10.0.2.109 50246 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:04:40.760794 0.410457 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:41.171698 0.362906 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:41.535035 0.412025 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:41.947441 0.447673 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:42.395483 0.426399 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:42.822390 0.462312 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:43.285146 1.021995 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:44.307596 0.294681 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:44.602657 0.282865 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:44.885906 0.391792 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:45.278090 0.311201 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:45.589643 0.323674 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:45.913743 0.423396 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:46.337556 0.443062 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:46.781088 0.451051 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:04:47.232515 0.601597 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:09:28.887357 3.001089 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 09:09:35.893793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:09:43.895484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:09:59.898903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:10:31.904623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:16:35.911854 3.000879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 09:16:42.917924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:16:50.919878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:17:06.922343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:17:38.928501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:23:42.935243 3.000905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 09:23:49.941995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:23:57.943511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:24:13.946554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:24:45.952542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:30:49.958783 3.001325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 09:30:56.965971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:31:04.967660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:31:20.970346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:31:52.976728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:34:27.609672 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 09:34:27.609888 2.648819 tcp 10.0.2.109 50247 -> 211.38.175.27 4598 FSPA* 0 0 14 1667 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:34:55.869753 0.000000 udp 10.0.2.109 3683 -> 128.197.51.218 6504 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 09:35:14.629351 0.559143 tcp 10.0.2.109 50248 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:35:15.188782 0.580449 tcp 10.0.2.109 50249 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:35:15.769477 1.152094 tcp 10.0.2.109 50250 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:35:16.922284 0.410237 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:17.332914 0.385105 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:17.718582 0.412054 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:18.131031 0.392841 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:18.524285 0.464139 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:18.988770 0.349274 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:19.338567 0.491937 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:19.830899 0.345297 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:20.176598 0.402116 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:20.579130 0.296865 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:20.876424 0.258238 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:21.134991 0.470312 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:21.605650 0.432145 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:22.038375 0.593390 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:22.632125 0.393572 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:23.026106 0.517176 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:23.543655 0.379384 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:23.923403 0.366805 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:24.290639 0.434062 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:24.725110 0.404152 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:25.129622 0.445334 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:25.575348 0.430763 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:26.006456 0.466842 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:26.473708 2.536691 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:29.010743 0.294321 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:29.305532 0.268333 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:29.574445 0.373905 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:29.948751 0.307320 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:30.256481 0.436764 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:30.693646 0.292719 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:30.986789 0.429465 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:35:31.416651 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 09:35:50.369086 0.564372 tcp 10.0.2.109 50251 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:35:50.933757 0.587742 tcp 10.0.2.109 50252 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:35:51.521788 1.147359 tcp 10.0.2.109 50253 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/05 09:35:52.669893 0.593585 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/05 09:37:56.983021 3.000931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 09:38:03.990212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:38:11.991624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:38:27.994741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:39:00.000868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:45:04.007396 3.000703 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 09:45:11.014079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:45:19.015709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:45:35.018636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:46:07.024618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:52:11.030192 3.001624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 09:52:18.038213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:52:26.039620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:52:42.042240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:53:14.048467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:59:18.054815 3.001744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 09:59:25.062006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:59:33.063666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 09:59:49.066076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:00:21.072472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:04:30.261212 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 10:04:30.261414 2.645897 tcp 10.0.2.109 50254 -> 211.38.175.27 4598 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/01/05 10:06:12.438214 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 10:06:12.438418 0.429653 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:12.868491 0.410044 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:13.278990 0.400382 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:13.679852 0.376399 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:14.056674 0.403064 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:14.460150 0.473746 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:14.934414 0.359787 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:15.294631 0.411765 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:15.706824 0.343542 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:16.050743 0.499822 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:16.550993 0.470241 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:17.021586 0.288353 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:17.310497 0.305958 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:17.616824 0.434829 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:18.052067 0.583413 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:18.635875 0.533934 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:19.170454 0.384022 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:19.554905 0.352678 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:19.907996 0.379206 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:20.287588 0.410951 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:20.698910 0.471349 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:21.170673 0.457384 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:21.628427 0.466623 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:22.095483 0.425393 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:22.521292 0.304077 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:22.825848 0.274920 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:23.101133 2.383035 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:25.079056 3.000978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 10:06:25.484591 0.303247 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:25.788221 0.375576 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:26.164244 0.479995 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:26.644675 0.426390 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:27.071466 0.313301 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:27.385147 0.609870 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:06:32.086052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:06:40.087121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:06:56.090423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:07:28.096132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:13:32.102820 3.001490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 10:13:39.109655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:13:47.111192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:14:03.114593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:14:35.120167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:20:39.127225 3.000551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 10:20:46.133494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:20:54.135106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:21:10.138116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:21:42.144098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:27:46.150789 3.001187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 10:27:53.157795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:28:01.159661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:28:17.162070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:28:49.167966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:34:32.912620 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 10:34:32.912762 2.653842 tcp 10.0.2.109 50255 -> 211.38.175.27 4598 FSPA* 0 0 14 1506 flow=From-Botnet-V1-TCP-Established 1970/01/05 10:34:53.174892 3.001416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 10:35:00.181380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:35:08.183184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:35:24.186276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:35:56.192307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:36:40.596264 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 10:36:40.596459 0.386801 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:36:40.983615 0.399831 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:36:41.383853 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 10:36:56.691351 0.563021 tcp 10.0.2.109 50256 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 10:36:57.254682 0.564351 tcp 10.0.2.109 50257 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 10:36:57.819392 1.382182 tcp 10.0.2.109 50258 -> 195.113.214.222 443 SRPA* 0 0 36 26973 flow=From-Botnet-V1-TCP-Established 1970/01/05 10:36:59.202496 0.393532 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:36:59.596430 0.400628 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:36:59.997434 0.457958 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:00.455765 0.355502 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:00.811645 0.402061 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:01.214165 0.317311 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:01.531836 0.505048 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:02.037225 0.297244 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:02.334913 0.464060 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:02.799354 0.300291 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:03.099992 0.433146 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:03.533494 0.599190 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:04.133029 0.526857 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:04.660299 0.401327 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:05.061983 0.428560 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:05.490951 0.354163 udp 10.0.2.109 3683 <-> 85.250.20.171 7820 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:05.845587 0.392107 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:06.238060 0.411071 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:06.649481 0.432653 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:07.082474 0.475142 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:07.557943 0.428712 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:07.987059 0.312778 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:08.300216 0.284077 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:08.584694 0.685194 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:09.270448 0.309314 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:09.580119 0.363940 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:09.944439 0.434473 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:10.379303 0.423313 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:10.803044 0.306426 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:37:11.109878 0.595365 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/05 10:42:00.198044 3.002434 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 10:42:07.205505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:42:15.207161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:42:31.210118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:43:03.216597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:49:07.222550 3.001413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 10:49:14.229714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:49:22.231041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:49:38.233973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:50:10.240092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:56:14.246143 3.001649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 10:56:21.253324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:56:29.255475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:56:45.257817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 10:57:17.264071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:03:21.270952 3.000651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 11:03:28.277612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:03:36.279120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:03:52.282127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:04:24.288103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:04:35.575088 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 11:04:35.575196 2.793480 tcp 10.0.2.109 50259 -> 211.38.175.27 4598 FSPA* 0 0 14 1642 flow=From-Botnet-V1-TCP-Established 1970/01/05 11:07:23.566001 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 11:07:23.566286 0.410071 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:23.976790 0.423863 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:24.401013 0.404585 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:24.806023 0.384813 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:25.191326 0.417999 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:25.609747 0.468418 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:26.078621 0.359091 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:26.438135 0.398784 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:26.837361 0.318712 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:27.156493 0.473815 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:27.630707 0.493428 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:28.124548 0.304090 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:28.428991 0.286235 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:28.715646 0.437269 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:29.153328 0.582408 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:29.736112 0.524730 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:30.261295 0.401885 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:30.663569 0.414957 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:31.078937 0.417384 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:31.496700 0.000000 udp 10.0.2.109 3683 -> 85.250.20.171 7820 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 11:07:50.086712 0.579097 tcp 10.0.2.109 50260 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 11:07:50.666082 0.603160 tcp 10.0.2.109 50261 -> 195.113.214.222 80 SRPA* 0 0 19 14677 flow=From-Botnet-V1-TCP-Established 1970/01/05 11:07:51.269869 0.379539 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:51.649782 0.444268 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:52.094498 0.470113 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:52.565015 0.421471 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:52.986877 0.302465 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:53.289740 0.278069 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:53.568219 0.636612 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:54.205237 0.306090 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:54.511743 0.426815 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:54.938919 0.364125 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:55.303460 0.427403 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:55.731289 0.304300 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:07:56.036002 0.611813 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:10:28.295048 3.000769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 11:10:35.301494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:10:43.303432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:10:59.305729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:11:31.311982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:17:35.319079 3.001003 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 11:17:42.325830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:17:50.327264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:18:06.330279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:18:38.336323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:24:42.342699 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 11:24:49.349740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:24:57.351131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:25:13.354203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:25:45.359738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:31:49.366958 3.000500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 11:31:56.373739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:32:04.374898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:32:20.378128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:32:52.384334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:34:38.376956 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 11:34:38.377198 2.664764 tcp 10.0.2.109 50262 -> 211.38.175.27 4598 FSPA* 0 0 15 1718 flow=From-Botnet-V1-TCP-Established 1970/01/05 11:38:04.553034 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 11:38:04.553274 0.000000 udp 10.0.2.109 3683 -> 85.250.20.171 7820 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 11:38:20.779099 0.551899 tcp 10.0.2.109 50263 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 11:38:21.331338 0.613827 tcp 10.0.2.109 50264 -> 195.113.214.222 80 SRPA* 0 0 18 13351 flow=From-Botnet-V1-TCP-Established 1970/01/05 11:38:21.945688 0.469893 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:22.415988 0.406640 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:22.823050 0.381245 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:23.204715 0.393974 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:23.599074 0.375709 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:23.975173 0.465505 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:24.441080 0.347263 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:24.788702 0.331295 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:25.120401 0.402441 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:25.523266 0.464479 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:25.988141 0.271307 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:26.259877 0.497322 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:26.757642 0.282986 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:27.041024 0.432762 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:27.474365 0.576233 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:28.050968 0.408756 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:28.460094 0.520372 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:28.980850 0.414426 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:29.395692 0.391446 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:29.787502 0.393865 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:30.181762 0.435857 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:30.617972 0.453949 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:31.072257 0.426636 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:31.499334 0.306223 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:31.805912 0.264710 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:32.071027 0.629629 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:32.701081 0.309678 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:33.011174 0.434503 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:33.446041 0.413658 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:33.860047 0.389964 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:34.250437 0.308627 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/05 11:38:34.559496 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 11:38:53.324468 0.574518 tcp 10.0.2.109 50265 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 11:38:53.899234 0.576232 tcp 10.0.2.109 50266 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 11:38:54.475743 1.425264 tcp 10.0.2.109 50267 -> 195.113.214.222 443 SRPA* 0 0 34 24817 flow=From-Botnet-V1-TCP-Established 1970/01/05 11:38:56.390122 3.001323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 11:39:03.397710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:39:11.398796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:39:27.402236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:39:59.407782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:46:03.414004 3.001716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 11:46:10.421573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:46:18.422933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:46:34.426056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:47:06.431976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:53:10.438570 3.001229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 11:53:17.445503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:53:25.447186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:53:41.449509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 11:54:13.455758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:00:17.461513 3.002115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 12:00:24.469297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:00:32.470857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:00:48.474038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:01:20.479764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:04:41.048805 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 12:04:41.049049 2.634953 tcp 10.0.2.109 50268 -> 211.38.175.27 4598 FSPA* 0 0 14 1585 flow=From-Botnet-V1-TCP-Established 1970/01/05 12:07:24.486526 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 12:07:31.493350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:07:39.494446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:07:55.497807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:08:27.504034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:08:56.195323 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 12:08:56.195430 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 12:09:11.309739 0.569467 tcp 10.0.2.109 50269 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 12:09:11.879061 0.580543 tcp 10.0.2.109 50270 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 12:09:12.459968 1.160845 tcp 10.0.2.109 50271 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/05 12:09:13.621533 0.419619 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:14.041556 0.416180 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:14.458115 0.411251 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:14.869811 0.391143 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:15.261315 0.353029 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:15.614755 0.380200 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:15.995346 0.454376 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:16.450205 0.410320 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:16.860908 0.395443 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:17.256752 0.486703 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:17.743820 0.553625 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:18.297820 0.283876 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:18.582248 0.288781 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:18.871384 0.433452 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:19.305236 0.385582 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:19.691209 0.575271 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:20.266896 0.403622 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:20.670932 0.532478 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:21.203813 0.406009 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:21.610267 0.399096 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:22.009764 0.446177 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:22.456357 0.295957 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:22.752734 0.453079 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:23.206212 0.426148 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:23.632785 1.102811 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:24.736210 0.287155 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:25.023765 0.285955 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:25.310212 0.437565 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:25.748195 0.371880 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:26.120432 0.420109 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:09:26.540888 0.297837 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:14:31.510153 3.001392 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 12:14:38.516983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:14:46.518723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:15:02.521401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:15:34.527693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:21:38.534507 3.000792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 12:21:45.540841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:21:53.542408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:22:09.545865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:22:41.551860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:28:45.557039 3.002782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 12:28:52.565087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:29:00.566691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:29:16.569898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:29:48.575788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:34:43.690369 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 12:34:43.690469 2.650147 tcp 10.0.2.109 50272 -> 211.38.175.27 4598 FSPA* 0 0 14 1669 flow=From-Botnet-V1-TCP-Established 1970/01/05 12:35:52.582025 3.001254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 12:35:59.589143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:36:07.590821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:36:23.593580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:36:55.600101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:39:42.640271 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 12:39:42.640465 0.402450 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:43.043335 0.416545 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:43.460251 0.345981 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:43.806610 0.411293 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 196 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:44.218387 0.390571 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:44.609344 0.370649 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:44.980403 0.481150 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:45.461957 0.330613 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:45.792925 0.395125 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:46.188451 0.481954 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:46.670768 0.479315 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:47.150496 0.293122 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:47.443968 0.404322 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:47.848630 0.277167 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:48.126405 0.436239 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:48.563078 0.587509 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:49.150995 0.423478 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:49.574867 0.535305 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:50.110598 0.417843 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:50.528844 0.301401 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:50.830650 0.394550 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:51.225611 0.445362 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:51.671379 0.452114 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:52.123859 0.428282 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:52.552563 1.459702 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:54.012647 0.453635 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:54.466709 0.281704 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:54.748800 0.299038 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:55.048181 0.376164 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:55.424756 0.430115 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:39:55.855313 0.313325 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/05 12:42:59.606281 3.001132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 12:43:06.612769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:43:14.614570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:43:30.617301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:44:02.623807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:50:06.629601 3.002020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 12:50:13.637388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:50:21.638914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:50:37.641944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:51:09.647666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:57:13.653971 3.001388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 12:57:20.660778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:57:28.662365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:57:44.665196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 12:58:16.671337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:04:20.678542 3.000327 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 13:04:27.684876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:04:35.886737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:04:46.442322 0.000211 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 13:04:46.442767 2.657730 tcp 10.0.2.109 50273 -> 211.38.175.27 4598 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/01/05 13:04:51.889954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:05:23.896150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:10:09.025975 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 13:10:09.026075 0.417103 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:09.443634 0.404586 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:09.848645 0.391353 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:10.240406 0.372369 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:10.613140 0.394921 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:11.008496 0.381355 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:11.390211 0.431501 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:11.822127 0.467658 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:12.290230 0.395205 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:12.685806 1.055690 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:13.741930 0.467995 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:14.210376 0.306747 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:14.517515 0.438139 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:14.956051 0.393738 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:15.350231 0.268987 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:15.619606 0.579200 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:16.199235 0.424514 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:16.624099 0.533798 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:17.158291 0.412097 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:17.570815 0.442350 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:18.013606 0.294719 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:18.308733 0.388805 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:18.697893 0.462276 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:19.160536 0.425063 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:19.585965 0.585507 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:20.171907 0.431705 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:20.603986 0.287338 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:20.891749 0.304692 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:21.196883 0.378457 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:21.575695 0.430950 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:10:22.007061 0.314133 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:11:27.901830 3.001724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 13:11:34.909554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:11:42.910697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:11:58.913999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:12:30.919812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:18:34.925092 3.002376 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 13:18:41.933545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:18:49.934423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:19:05.937752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:19:37.943620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:25:41.949994 3.001728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 13:25:48.956929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:25:56.958606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:26:12.961634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:26:44.967526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:32:48.973900 3.001203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 13:32:55.980954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:33:03.982999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:33:19.985953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:33:51.991990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:34:49.104067 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 13:34:49.104174 2.662121 tcp 10.0.2.109 50274 -> 211.38.175.27 4598 FSPA* 0 0 12 1565 flow=From-Botnet-V1-TCP-Established 1970/01/05 13:39:55.997581 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 13:40:03.005372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:40:11.006268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:40:27.009743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:40:29.403750 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 13:40:29.403940 0.419836 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:29.824180 0.406219 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:30.230815 0.499077 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:30.730328 0.643359 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:31.374226 0.444328 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:31.818936 0.412068 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:32.231403 0.385593 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:32.617378 0.000000 udp 10.0.2.109 3683 -> 81.133.186.146 7761 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 13:40:48.302979 0.566584 tcp 10.0.2.109 50275 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 13:40:48.869852 0.575193 tcp 10.0.2.109 50276 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 13:40:49.445337 1.333737 tcp 10.0.2.109 50277 -> 195.113.214.222 443 SRPA* 0 0 32 24687 flow=From-Botnet-V1-TCP-Established 1970/01/05 13:40:50.779742 0.401204 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:51.181334 0.495695 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:51.677422 0.467684 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:52.145493 0.295503 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:52.441395 0.291567 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:52.733307 0.433279 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:53.167006 0.394646 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:53.561997 0.578259 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:54.140603 0.402424 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:54.543390 0.543599 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:55.087353 0.409310 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:55.497067 0.392038 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:55.889537 0.446741 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:56.336683 0.299753 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:56.636843 0.456228 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:57.093445 0.420755 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:57.514606 1.552815 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:59.015874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:40:59.067749 0.442086 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:59.510243 0.284064 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:40:59.794655 0.313587 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:41:00.108649 0.376393 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:41:00.485457 0.427618 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:41:00.913430 0.312323 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/05 13:47:03.022190 3.000769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 13:47:10.028739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:47:18.030779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:47:34.033539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:48:06.039907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:54:10.046421 3.001082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 13:54:17.052856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:54:25.054828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:54:41.057710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 13:55:13.063948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:01:17.069220 3.002493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 14:01:24.076660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:01:32.079194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:01:48.081400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:02:20.087448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:04:51.765842 0.000183 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 14:04:51.766129 2.655453 tcp 10.0.2.109 50278 -> 211.38.175.27 4598 FSPA* 0 0 14 1709 flow=From-Botnet-V1-TCP-Established 1970/01/05 14:08:24.095003 3.000219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 14:08:31.101420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:08:39.102501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:08:55.105511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:09:27.111707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:11:27.785677 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 14:11:27.785782 0.323174 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:28.109358 0.420199 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:28.529914 0.402939 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:28.933232 0.402130 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:29.335806 0.335790 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:29.671968 0.466512 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:30.138968 0.380787 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:30.520126 0.417761 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:30.938312 0.498124 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:31.436803 0.397173 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:31.834398 0.282542 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:32.117308 0.461642 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:32.579350 0.291986 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:32.871717 0.440023 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:33.312150 0.396756 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:33.709297 0.576688 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:34.286355 0.400069 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:34.686765 0.392453 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:35.079561 0.530088 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:35.609990 0.414422 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:36.024771 0.438936 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:36.464133 0.301252 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:36.765824 0.481000 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:37.247226 0.421452 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:37.669082 0.573620 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:38.243132 0.436769 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:38.680297 0.298671 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:38.979338 0.305751 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:39.285491 0.371329 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:39.657164 0.431578 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:11:40.089209 0.311209 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:15:31.118224 3.000752 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 14:15:38.125030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:15:46.126567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:16:02.129176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:16:34.135156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:22:38.141071 3.002372 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 14:22:45.149054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:22:53.150421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:23:09.153167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:23:41.159560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:29:45.165630 3.001262 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 14:29:52.173015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:30:00.174243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:30:16.177027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:30:48.183081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:34:54.428198 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 14:34:54.428310 2.650770 tcp 10.0.2.109 50279 -> 211.38.175.27 4598 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/01/05 14:36:52.189155 3.001795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 14:36:59.196616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:37:07.198476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:37:23.201648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:37:55.207316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:41:47.321668 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 14:41:47.321853 0.333863 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:47.656116 0.416720 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:48.073212 0.360930 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:48.434498 0.395760 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:48.830672 0.413646 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:49.244701 0.461504 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:49.706591 0.385271 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:50.092296 0.410780 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:50.503487 0.500934 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 591 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:51.004815 0.387676 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:51.392919 0.278165 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:51.671427 0.283007 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:51.954841 0.464214 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:52.419456 0.425031 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:52.844918 0.401389 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:53.246727 0.589455 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:53.836563 0.418773 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:54.255735 0.392625 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:54.648780 0.539130 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:55.188299 0.305606 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:55.494489 0.408544 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:55.903409 0.445586 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:56.349414 0.485477 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:56.835292 0.434381 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:57.270232 0.778125 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:58.048718 0.519052 udp 10.0.2.109 3683 <-> 74.178.6.245 1957 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:58.568167 0.374879 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:58.943454 0.275256 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:59.219123 0.296096 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:59.515563 0.423427 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:41:59.939434 0.312466 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/05 14:43:59.213821 3.001203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 14:44:06.221141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:44:14.222493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:44:30.225058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:45:02.231700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:51:06.237432 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 14:51:13.245029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:51:21.246265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:51:37.249580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:52:09.255350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:58:13.261413 3.001669 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 14:58:20.268598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:58:28.270100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:58:44.272882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 14:59:16.279583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:04:57.079972 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 15:04:57.080172 2.700027 tcp 10.0.2.109 50280 -> 211.38.175.27 4598 FSPA* 0 0 15 1724 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:05:20.285589 3.001247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 15:05:27.292783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:05:35.293950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:05:51.327571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:06:23.332941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:12:25.965244 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 15:12:25.965450 0.347596 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:26.313447 0.401184 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:26.715038 0.491717 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:27.207218 0.349474 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:27.339085 3.001688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 15:12:27.557096 0.407603 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:27.965071 0.446437 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:28.411917 0.377920 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:28.790287 0.418527 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:29.209254 0.284717 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:29.494333 0.492056 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:29.986830 0.397526 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:30.384773 0.438388 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:30.823506 0.286360 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:31.110416 0.464816 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:31.575671 0.393335 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:31.969428 0.581667 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:32.551532 0.409778 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:32.961733 0.383621 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:33.414548 0.412469 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:33.827405 0.524965 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:34.346944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:12:34.352731 0.323934 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:34.677128 0.438540 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:35.116071 0.469929 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:35.586586 0.413233 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:36.000199 0.574634 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:36.575278 0.000000 udp 10.0.2.109 3683 -> 74.178.6.245 1957 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 15:12:42.348170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:12:54.208518 0.564434 tcp 10.0.2.109 50281 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:12:54.773236 0.573211 tcp 10.0.2.109 50282 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:12:55.346731 1.395484 tcp 10.0.2.109 50283 -> 195.113.214.222 443 SRPA* 0 0 40 27189 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:12:56.742850 0.299437 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:57.042682 0.375468 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:57.418607 0.280165 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:57.699196 0.434393 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:58.133984 0.322193 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:12:58.351344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:13:30.356900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:19:34.363752 3.001195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 15:19:41.370536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:19:49.371945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:20:05.375280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:20:37.380992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:26:41.387437 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 15:26:48.394447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:26:56.395798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:27:12.399051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:27:44.405422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:33:48.410927 3.002049 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 15:33:55.418691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:34:03.420062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:34:19.423189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:34:51.429275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:34:59.782052 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 15:34:59.782291 2.660837 tcp 10.0.2.109 50284 -> 211.38.175.27 4598 FSPA* 0 0 13 1501 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:40:55.435668 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 15:41:02.442649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:41:10.443718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:41:26.446759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:41:58.453007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:43:04.327841 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 15:43:04.328025 0.425315 udp 10.0.2.109 3683 -> 74.178.6.245 1957 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 15:43:04.753340 0.000000 icmp 74.178.6.245 0x0303 -> 10.0.2.109 0xa507 URP 192 1 205 flow=Background 1970/01/05 15:43:20.512913 0.572046 tcp 10.0.2.109 50285 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:43:21.085298 0.592572 tcp 10.0.2.109 50286 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:43:21.678360 1.126179 tcp 10.0.2.109 50287 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:43:22.805308 0.357872 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:23.163573 0.487488 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:23.651423 0.353740 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:24.005559 0.418598 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:24.424561 0.394180 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:24.819144 0.464133 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:25.283673 0.399580 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:25.683597 0.289018 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:25.973034 0.412091 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:26.385522 0.390223 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:26.776103 0.541848 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:27.318465 0.432634 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:27.751496 0.278013 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:28.029893 0.468193 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:28.498525 0.580274 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:29.079189 0.405278 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:29.484829 0.641683 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:30.126917 0.430625 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:30.557931 0.000000 udp 10.0.2.109 3683 -> 69.159.203.121 9541 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/05 15:43:46.659885 0.557363 tcp 10.0.2.109 50288 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:43:47.217534 0.569685 tcp 10.0.2.109 50289 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:43:47.787551 1.168644 tcp 10.0.2.109 50290 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/05 15:43:48.956817 0.309395 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:49.266626 0.537780 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:49.804816 0.475089 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:50.280276 0.438166 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:50.718794 0.996536 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:51.715717 0.417364 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:52.133465 0.287994 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:52.421873 0.324948 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:52.747281 0.390850 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:53.138607 0.436846 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:43:53.575818 0.320096 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/05 15:48:02.458392 3.002020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/05 15:48:09.466242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:48:17.468173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:48:33.471005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:49:05.477265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:55:09.483987 3.000989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 15:55:16.490617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:55:24.492327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:55:40.495328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 15:56:12.501139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:02:16.507276 3.001198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 16:02:23.514447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:02:31.516138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:02:47.519293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:03:19.525215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:05:02.443364 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 16:05:02.443464 2.655995 tcp 10.0.2.109 50291 -> 211.38.175.27 4598 FSPA* 0 0 14 1656 flow=From-Botnet-V1-TCP-Established 1970/01/05 16:09:23.531597 3.001228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 16:09:30.538134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:09:38.539743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:09:54.542601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:10:26.548613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:14:03.170353 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 16:14:03.170477 0.387454 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:03.558454 0.334329 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:03.893214 0.443686 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:04.337268 0.345869 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:04.683552 0.422832 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:05.106756 0.371268 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:05.478525 0.418719 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:05.897705 0.449980 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:06.348071 0.407019 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:06.755482 0.394752 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:07.150633 0.289994 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:07.441000 0.440647 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:07.882052 0.500249 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:08.382695 0.291219 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:08.674324 0.462077 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:09.136813 0.401652 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:09.538880 0.580336 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:10.119561 0.417964 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:10.537918 0.417102 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:10.955434 0.291104 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:11.246898 0.530645 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:11.777884 0.456485 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:12.234758 0.467584 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:12.702747 0.567337 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:13.270464 0.312170 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:13.583078 0.416821 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:14.000309 0.288063 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:14.288783 0.309907 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:14.599099 0.378753 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:14:14.978222 0.435007 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:16:30.555616 3.000800 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 16:16:37.562670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:16:45.563719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:17:01.566695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:17:33.573174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:23:37.579419 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 16:23:44.586239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:23:52.587868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:24:08.590822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:24:40.596681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:30:44.603342 3.001469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 16:30:51.610167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:30:59.612171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:31:15.615082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:31:47.621184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:35:05.105550 0.000124 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 16:35:05.105772 2.677563 tcp 10.0.2.109 50292 -> 211.38.175.27 4598 FSPA* 0 0 14 1683 flow=From-Botnet-V1-TCP-Established 1970/01/05 16:37:51.627273 3.000908 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 16:37:58.633945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:38:06.635448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:38:22.638691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:38:54.645153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:44:17.639718 0.000159 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 16:44:17.639988 0.394901 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:18.035259 0.348248 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:18.383876 0.513543 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:18.897812 0.356597 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:19.254832 0.398014 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:19.653263 0.435919 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:20.089604 0.372089 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:20.462070 0.469659 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:20.932154 0.396947 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:21.329554 0.427642 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:21.757607 0.399856 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:22.157899 0.294833 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:22.453168 0.494840 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:22.948392 0.290713 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:23.239461 0.466881 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:23.706686 0.400435 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:24.107532 0.579447 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:24.687336 0.420023 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:25.107764 0.522798 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:25.630976 0.414489 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:26.045869 0.283001 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:26.329279 0.469805 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:26.799438 0.448301 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:27.248124 0.560790 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:27.809274 0.291104 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:28.100765 0.305468 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:28.406649 0.417427 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:28.824453 0.279160 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:29.104008 0.372261 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:29.476684 0.425655 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/05 16:44:58.651171 3.001355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 16:45:05.658312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:45:13.659937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:45:29.662491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:46:01.668746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:52:05.676060 3.000656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 16:52:12.682058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:52:20.683946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:52:36.686502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:53:08.693046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:59:12.698978 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 16:59:19.706286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:59:27.707732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 16:59:43.711171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:00:15.716387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:05:07.787025 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 17:05:07.787123 2.653375 tcp 10.0.2.109 50293 -> 211.38.175.27 4598 FSPA* 0 0 14 1587 flow=From-Botnet-V1-TCP-Established 1970/01/05 17:06:19.723270 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 17:06:26.730046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:06:34.731816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:06:50.734337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:07:22.740331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:13:26.747415 3.000706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 17:13:33.753791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:13:41.755854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:13:57.758289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:14:29.764358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:14:55.091084 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 17:14:55.091251 0.390324 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:55.481926 0.370532 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:55.852857 0.322288 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:56.175555 0.348025 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:56.523960 0.407618 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:56.931948 0.418525 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:57.350905 0.388990 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:57.740313 0.463593 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:58.204297 0.410028 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:58.614673 0.428933 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:59.044021 0.398357 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:59.442708 0.270545 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:14:59.713706 0.475084 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:00.366751 0.490101 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:00.857246 0.280724 rtcp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:01.138349 0.408585 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:01.547341 0.579150 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:02.126891 0.409458 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:02.536753 0.537210 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:03.074322 0.469912 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:03.544621 0.411635 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:03.956637 0.306110 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:04.263129 0.442583 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:04.706084 0.776396 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:05.482848 0.415853 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:05.899114 0.293239 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:06.192784 0.312066 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:06.505276 0.427059 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:06.932691 0.279784 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:15:07.212841 0.369401 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:20:33.771395 3.001002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 17:20:40.778067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:20:48.779764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:21:04.782954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:21:36.788630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:27:40.794973 3.001442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 17:27:47.801877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:27:55.803918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:28:11.806630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:28:43.813243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:34:47.819082 3.000831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 17:34:54.826233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:35:02.827780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:35:10.449196 0.000196 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 17:35:10.449506 2.674726 tcp 10.0.2.109 50294 -> 211.38.175.27 4598 FSPA* 0 0 14 1524 flow=From-Botnet-V1-TCP-Established 1970/01/05 17:35:18.830194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:35:50.836362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:41:54.843118 3.000887 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 17:42:01.849725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:42:09.851214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:42:25.854435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:42:57.860201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:45:24.271552 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 17:45:24.271703 0.404567 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:24.676693 0.387444 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:25.064552 0.338009 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:25.402949 0.342542 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:25.745840 0.374113 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:26.120296 0.398547 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:26.519258 0.402992 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:26.922691 0.485079 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:27.408225 0.383899 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:27.792526 0.305774 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:28.098704 0.451371 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:28.550485 0.408791 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:28.959674 0.447940 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:29.408021 0.502839 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:29.911277 0.292456 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:30.204136 0.410302 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:30.614845 0.580071 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:31.195302 0.410425 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:31.606159 0.532285 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:32.138826 0.471838 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:32.611059 0.462268 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:33.073766 0.494205 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:33.568438 0.309406 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:33.878216 0.551352 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:34.429964 0.423295 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:34.853634 0.305959 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:35.159976 0.314632 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:35.475087 0.363224 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:35.838719 0.421699 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:45:36.260821 0.278135 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/05 17:49:01.867233 3.000721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 17:49:08.874364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:49:16.875600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:49:32.878743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:50:04.884326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:56:08.891272 3.001094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 17:56:15.897711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:56:23.899681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:56:39.902742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 17:57:11.908716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:03:15.914793 3.001279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 18:03:22.922032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:03:30.923605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:03:46.926581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:04:18.932614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:05:13.130538 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 18:05:13.130767 3.365495 tcp 10.0.2.109 50295 -> 211.38.175.27 4598 FSPA* 0 0 14 1690 flow=From-Botnet-V1-TCP-Established 1970/01/05 18:10:22.938464 3.001322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 18:10:29.945587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:10:37.947366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:10:53.950487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:11:25.956165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:16:02.794575 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 18:16:02.794687 0.406193 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:03.201313 0.340795 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:03.542525 0.383976 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:03.926883 0.321470 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:04.248768 0.391848 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:04.641024 0.400085 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:05.041474 0.483768 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:05.525681 0.462850 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:05.988938 0.408587 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:06.397886 0.297716 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:06.695971 0.432347 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:07.128724 0.401661 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:07.530799 0.471515 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:08.002750 0.486699 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:08.489827 0.281766 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:08.772005 0.387925 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:09.160358 0.571859 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:09.732651 0.445662 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:10.178707 0.516674 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:10.695864 0.459352 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:11.155590 0.309301 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:11.465309 0.450731 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:11.916377 0.409241 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:12.326011 0.557491 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:12.883856 0.423949 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:13.308161 0.407268 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:13.715847 0.297317 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:14.013511 0.292709 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:14.306647 0.432775 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:16:14.739796 0.277417 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:17:29.962661 3.001042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 18:17:36.970122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:17:44.971263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:18:00.974128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:18:32.980361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:24:36.986300 3.001448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 18:24:43.993688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:24:51.995014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:25:07.998307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:25:40.004250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:31:44.010411 3.001609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 18:31:51.017928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:31:59.019609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:32:15.022431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:32:47.028349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:35:16.503851 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 18:35:16.503957 2.655862 tcp 10.0.2.109 50296 -> 211.38.175.27 4598 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/01/05 18:38:51.034790 3.001034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 18:38:58.041539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:39:06.043461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:39:22.046328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:39:54.051918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:45:58.058372 3.001690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 18:46:05.065724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:46:13.067194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:46:18.315326 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 18:46:18.315432 0.608320 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:18.924195 0.342455 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:19.267063 0.373681 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:19.641149 0.385214 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:20.026806 0.387675 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:20.414911 0.402604 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:20.817936 0.400514 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:21.218867 0.466950 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:21.686243 0.389490 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:22.076083 0.295826 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:22.372258 0.444557 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:22.817217 0.407374 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:23.224995 0.280948 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:23.506326 0.463314 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:23.970031 0.481689 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:24.452094 0.406414 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:24.858939 0.580999 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:25.440339 0.417748 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:25.858503 0.522371 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:26.381284 0.455813 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:26.837536 0.304228 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:27.142196 0.453218 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:27.595788 0.416235 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:28.012430 0.702304 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:28.715181 0.433027 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:29.070222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:46:29.148555 0.375552 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:29.524509 0.424180 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:29.949101 0.305716 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:30.255164 0.316697 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:46:30.572288 0.275000 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/05 18:47:01.076177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:53:05.081943 3.001823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 18:53:12.089546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:53:20.091279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:53:36.094474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 18:54:08.100062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:00:12.106136 3.001514 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 19:00:19.113382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:00:27.115155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:00:43.117815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:01:15.124090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:05:19.165749 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 19:05:19.165845 2.656661 tcp 10.0.2.109 50297 -> 211.38.175.27 4598 FSPA* 0 0 15 1781 flow=From-Botnet-V1-TCP-Established 1970/01/05 19:07:19.130522 3.001450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 19:07:26.137268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:07:34.139305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:07:50.142201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:08:22.148047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:14:26.154908 3.000802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 19:14:33.161542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:14:41.162911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:14:57.165895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:15:29.171994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:16:34.035458 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 19:16:34.035700 0.375949 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:34.412032 0.399471 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:34.811891 0.353576 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:35.165898 0.409633 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:35.575960 0.379535 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:35.955915 0.321142 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:36.277503 0.568903 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:36.846791 0.467816 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:37.315115 0.450902 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:37.766455 0.392522 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:38.159425 0.285099 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:38.444933 0.427991 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:38.873314 0.276685 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:39.150564 0.470481 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:39.621396 0.502616 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:40.124504 0.400812 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:40.525788 0.637977 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:41.164145 0.404799 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:41.569312 0.514472 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:42.084194 0.467900 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:42.552517 0.309278 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:42.862231 0.461314 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:43.323938 0.399900 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:43.724193 0.515383 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:44.240068 0.421400 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:44.661877 0.363561 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:45.025858 0.305972 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:45.332254 0.268614 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:45.601296 0.433636 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:16:46.035434 0.307261 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:21:33.178943 3.000916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 19:21:40.185722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:21:48.187091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:22:04.189901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:22:36.195910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:28:40.202478 3.001127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 19:28:47.209581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:28:55.211198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:29:11.214360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:29:43.220388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:35:21.827326 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 19:35:21.827434 2.657187 tcp 10.0.2.109 50298 -> 211.38.175.27 4598 FSPA* 0 0 15 1605 flow=From-Botnet-V1-TCP-Established 1970/01/05 19:35:47.226538 3.001181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 19:35:54.233392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:36:02.234824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:36:18.237663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:36:50.244089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:42:54.250595 3.000948 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 19:43:01.257260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:43:09.258640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:43:25.261719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:43:57.267699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:46:51.208426 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 19:46:51.208601 0.384332 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:51.593293 0.386410 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:51.980074 0.350225 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:52.330704 0.410282 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:52.741439 0.422274 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:53.164096 0.381177 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:53.545687 0.334738 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:53.880877 0.459191 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:54.340433 0.431454 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:54.772246 0.409725 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:55.182511 0.394227 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:55.577147 0.296727 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:55.874339 0.289787 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:56.164538 0.472795 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:56.637676 0.504177 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:57.142250 0.401874 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:57.544527 0.587509 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:58.132454 0.401646 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:58.534499 0.303677 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:58.838608 0.536050 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:59.375141 0.463605 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:46:59.839072 0.457481 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:47:00.296934 0.411707 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:47:00.709195 0.828036 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:47:01.537584 0.408178 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:47:01.946191 0.283361 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:47:02.229956 0.376964 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:47:02.607277 0.315490 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:47:02.923197 0.436983 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:47:03.360596 0.300377 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/05 19:50:01.274641 3.000631 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 19:50:08.281043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:50:16.282690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:50:32.285704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:51:04.292071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:57:08.297492 3.002057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 19:57:15.305456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:57:23.306772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:57:39.310004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 19:58:11.315641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:04:15.321732 3.001660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 20:04:22.329580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:04:30.331157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:04:46.333906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:05:18.339827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:05:24.489164 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 20:05:24.489390 2.785372 tcp 10.0.2.109 50299 -> 211.38.175.27 4598 FSPA* 0 0 13 1637 flow=From-Botnet-V1-TCP-Established 1970/01/05 20:11:22.346054 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 20:11:29.352900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:11:37.354837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:11:53.357583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:12:25.363985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:17:18.335563 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 20:17:18.335802 0.376827 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:18.713034 0.418363 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:19.131806 0.389418 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:19.521629 0.345676 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:19.867689 0.438485 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:20.306578 0.416140 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:20.723089 0.377471 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:21.100961 0.469301 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:21.570675 0.434288 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:22.005378 0.284184 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:22.289962 0.413905 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:22.704284 0.408306 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:23.112918 0.282466 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:23.395735 0.457812 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:23.853903 0.500669 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:24.354987 0.397302 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:24.752705 0.310151 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:25.063278 0.561139 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:25.624837 0.401844 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:26.027091 0.531160 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:26.558660 0.474485 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:27.033493 0.455864 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:27.489764 0.396468 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:27.886606 0.896233 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:28.783273 0.404897 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:29.188589 0.424453 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:29.613460 0.275543 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:29.889414 0.320581 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:30.210500 0.303633 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:17:30.514544 0.419963 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:18:29.369756 3.001871 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 20:18:36.376934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:18:44.378675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:19:00.381633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:19:32.387678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:25:36.393631 3.001545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 20:25:43.400896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:25:51.402918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:26:07.405517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:26:39.411935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:32:43.418480 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 20:32:50.425299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:32:58.426568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:33:14.429612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:33:46.435595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:35:27.281043 0.000188 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 20:35:27.281331 2.641440 tcp 10.0.2.109 50300 -> 211.38.175.27 4598 FSPA* 0 0 12 1477 flow=From-Botnet-V1-TCP-Established 1970/01/05 20:39:50.442606 3.000720 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 20:39:57.449159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:40:05.450372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:40:21.453598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:40:53.459631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:46:57.465966 3.001065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 20:47:04.473169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:47:12.474987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:47:28.477632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:47:32.443873 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 20:47:32.444069 0.383183 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:32.827681 0.338903 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:33.166985 0.406007 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:33.573418 0.385353 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:33.959195 0.320076 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:34.279640 0.486859 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:34.766886 0.395726 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:35.163045 0.453283 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:35.616728 0.401881 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:36.019018 0.421524 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:36.440916 0.293401 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:36.734709 0.463969 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:37.199050 0.397132 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:37.596604 0.282076 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:37.879136 0.523560 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:38.403116 0.399508 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:38.803067 0.285170 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:39.088657 0.593162 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:39.682218 0.423524 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:40.106203 0.532963 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:40.639542 0.406316 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:41.046358 0.468212 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:41.515009 0.444529 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:41.959897 0.544868 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:42.505135 0.295782 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:42.801299 0.375073 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:43.176757 0.429242 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:43.606421 0.314731 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:43.921556 0.313321 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:47:44.235265 0.430782 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 20:48:00.483301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:54:04.489148 3.001823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 20:54:11.496670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:54:19.498311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:54:35.501735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 20:55:07.507749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:01:11.514332 3.000718 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 21:01:18.520882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:01:26.522892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:01:42.525874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:02:14.531668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:05:29.923370 0.000192 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 21:05:29.923672 2.670950 tcp 10.0.2.109 50301 -> 211.38.175.27 4598 FSPA* 0 0 14 1509 flow=From-Botnet-V1-TCP-Established 1970/01/05 21:08:18.538300 3.000987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 21:08:25.544863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:08:33.546883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:08:49.549707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:09:21.555733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:15:25.562413 3.000409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 21:15:32.569050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:15:40.570698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:15:56.573765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:16:28.579537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:18:01.303645 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 21:18:01.303751 0.398098 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:01.702290 0.352029 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:02.054964 0.412241 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:02.467578 0.460618 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:02.928566 0.395626 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:03.324607 0.331989 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:03.656996 0.396670 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:04.054074 0.472009 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:04.526456 0.294157 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:04.820999 0.407262 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:05.228688 0.432173 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:05.661214 0.286206 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:05.947829 0.484167 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:06.432410 0.399463 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:06.832306 0.507993 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:07.340702 0.417627 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:07.758696 0.299084 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:08.058342 0.577595 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:08.636392 0.400568 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:09.037367 0.529751 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:09.567555 0.409390 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:09.977360 0.459299 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:10.437042 0.439855 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:10.877317 0.499991 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:11.377664 0.276204 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:11.654343 0.380333 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:12.035096 0.429348 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:12.464809 0.424897 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:12.890165 0.305236 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:18:13.195810 0.311374 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:22:32.585261 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 21:22:39.592600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:22:47.594122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:23:03.597380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:23:35.603166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:29:39.610126 3.001205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 21:29:46.617135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:29:54.618603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:30:10.621593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:30:42.627384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:35:32.595186 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 21:35:32.595286 2.686946 tcp 10.0.2.109 50302 -> 211.38.175.27 4598 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/05 21:36:46.633829 3.001014 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 21:36:53.640738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:37:01.642232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:37:17.645644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:37:49.651347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:43:53.657348 3.002064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 21:44:00.665064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:44:08.666391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:44:24.669311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:44:56.675064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:48:22.721588 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 21:48:22.721840 0.386013 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:23.108262 0.351136 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:23.459908 0.407354 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:23.867668 0.470564 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:24.338637 0.472471 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:24.811516 0.789012 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:25.600952 0.383113 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:25.984470 0.462004 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:26.446862 0.294909 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:26.742306 0.410977 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:27.153691 0.432744 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:27.586800 0.399049 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:27.986235 0.281638 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:28.268220 0.465038 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:28.733669 0.511606 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:29.245688 0.409892 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:29.655922 0.302431 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:29.958772 0.579695 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:30.538864 0.407585 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:30.946851 0.529250 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:31.476497 0.446809 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:31.923742 0.411412 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:32.335594 0.461706 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:32.797693 0.870622 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:33.668736 0.283187 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:33.952320 0.421267 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:34.374207 0.375130 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:34.749709 0.419257 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:35.169394 0.306561 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:48:35.476359 0.310610 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/05 21:51:00.681540 3.001613 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 21:51:07.688777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:51:15.690286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:51:31.693167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:52:03.699603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:58:07.706545 3.000542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 21:58:14.712390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:58:22.714057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:58:38.717466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 21:59:10.723219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:05:14.728760 3.002040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 22:05:21.736794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:05:29.738116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:05:35.286890 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 22:05:35.286989 2.993581 tcp 10.0.2.109 50303 -> 211.38.175.27 4598 FSPA* 0 0 12 1619 flow=From-Botnet-V1-TCP-Established 1970/01/05 22:05:45.741402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:06:17.747313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:12:21.753544 3.001303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 22:12:28.760949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:12:36.761970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:12:52.764834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:13:24.771378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:18:37.431062 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 22:18:37.431217 0.404585 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:37.836220 0.378056 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:38.242944 0.357393 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:38.600714 0.327797 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:38.928940 0.424216 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:39.353573 0.391772 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:39.745741 0.386995 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:40.133137 0.454327 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:40.587884 0.363066 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:40.951351 0.413665 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:41.365394 0.437050 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:41.802871 0.473340 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:42.276583 0.390815 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:42.667804 0.263704 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:42.931898 0.507909 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:43.440218 0.414365 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:43.855065 0.303258 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:44.158750 0.584283 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:44.743450 0.412144 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:45.155942 0.524055 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:45.680392 0.463290 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:46.144078 0.434447 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:46.578959 0.420396 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:46.999715 0.590123 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:47.590275 0.381635 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:47.972305 0.271578 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:48.244262 0.425828 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:48.670445 0.292880 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:48.963706 0.428377 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:18:49.392455 0.311490 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:19:28.777740 3.000950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 22:19:35.784764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:19:43.786051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:19:59.789125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:20:31.795276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:26:35.801558 3.001140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 22:26:42.809478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:26:50.811084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:27:06.813907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:27:38.819206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:33:42.825987 3.001049 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 22:33:49.832784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:33:57.834420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:34:13.837365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:34:45.842947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:35:38.288974 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 22:35:38.289263 2.945225 tcp 10.0.2.109 50304 -> 211.38.175.27 4598 FSPA* 0 0 14 1647 flow=From-Botnet-V1-TCP-Established 1970/01/05 22:40:49.848663 3.002136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 22:40:56.856161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:41:04.857702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:41:20.861096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:41:52.866865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:47:56.872871 3.001981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 22:48:03.880666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:48:11.882067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:48:27.885225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:48:59.891401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:49:16.855976 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 22:49:16.856180 0.408350 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:17.264932 0.394017 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:17.659363 0.363339 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:18.023053 0.395259 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:18.418727 0.528372 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:18.947500 0.417988 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:19.365852 0.393075 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:19.759393 0.471060 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:20.230898 0.422458 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:20.653782 0.288695 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:20.942880 0.418008 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:21.361280 0.479437 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:21.841076 0.401204 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:22.242655 0.288776 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:22.531781 0.490625 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:23.022765 0.400712 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:23.423889 0.297924 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:23.722201 0.586596 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:24.309198 0.417130 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:24.726741 0.523719 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:25.250874 0.480966 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:25.732250 0.437334 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:26.169933 0.413248 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:26.583600 0.535739 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:27.119735 0.422569 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:27.542700 0.389706 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:27.932839 0.291836 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:28.225115 0.307408 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:28.532923 0.307569 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:49:28.840900 0.427148 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/05 22:55:03.896581 3.002363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 22:55:10.904653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:55:18.906432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:55:34.909238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 22:56:06.915181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:02:10.921500 3.001125 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 23:02:17.928471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:02:25.929893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:02:41.933217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:03:13.939384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:05:41.241293 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 23:05:41.241416 2.673617 tcp 10.0.2.109 50305 -> 211.38.175.27 4598 FSPA* 0 0 14 1519 flow=From-Botnet-V1-TCP-Established 1970/01/05 23:09:17.945492 3.000945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 23:09:24.952532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:09:32.954008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:09:48.956633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:10:20.963223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:16:24.969193 3.001303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 23:16:31.976649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:16:39.977746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:16:55.980703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:17:27.986786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:19:54.137484 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 23:19:54.137690 0.410789 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:54.548896 0.379854 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:54.929097 0.362760 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:55.292299 0.392039 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:55.684697 0.384267 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:56.069420 0.324542 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:56.394508 0.417482 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:56.812311 0.473204 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:57.285900 0.429147 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:57.715406 0.466794 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:58.182593 0.288944 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:58.471880 0.413638 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:58.885923 0.412063 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:59.298533 0.275204 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:19:59.574316 0.513181 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:00.087918 0.400429 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:00.488970 0.295921 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:00.785284 0.583937 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:01.369917 0.393985 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:01.764361 0.530045 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:02.294908 0.469425 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:02.764734 0.447036 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:03.212138 0.412200 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:03.624775 0.551864 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:04.177047 0.430512 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:04.607941 0.299664 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:04.907955 0.310704 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:05.219063 0.359534 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:05.578961 0.285440 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:20:05.864803 0.452928 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:23:31.993502 3.001421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 23:23:39.000372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:23:47.001763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:24:03.004549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:24:35.010660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:30:39.016490 3.002403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 23:30:46.023904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:30:54.025795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:31:10.029047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:31:42.035101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:35:43.913128 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 23:35:43.913283 2.659245 tcp 10.0.2.109 50306 -> 211.38.175.27 4598 FSPA* 0 0 14 1517 flow=From-Botnet-V1-TCP-Established 1970/01/05 23:37:46.041312 3.001087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 23:37:53.047902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:38:01.049405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:38:17.052976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:38:49.058556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:44:53.065359 3.000722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 23:45:00.072040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:45:08.073762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:45:24.076932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:45:56.083082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:50:13.052342 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/05 23:50:13.052507 0.412232 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:13.465135 0.393020 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:13.858562 0.384259 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:14.243179 0.347514 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:14.591049 0.426041 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:15.017495 0.386551 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:15.404449 0.370474 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:15.775282 0.472287 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:16.247968 0.436227 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:16.684600 0.407563 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:17.092537 0.446136 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:17.539090 0.281960 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:17.821372 0.396260 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:18.217968 0.273085 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:18.491513 0.519094 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:19.010954 0.407539 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:19.418902 0.294691 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:19.714009 0.576696 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:20.291120 0.403862 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:20.695370 0.527693 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:21.223485 0.470106 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:21.694009 0.442852 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:22.137218 0.412076 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:22.549685 0.552163 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:23.102266 0.442326 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:23.544936 0.370892 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:23.916270 0.279473 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:24.196128 0.299088 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:24.495577 0.314066 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:50:24.810047 0.420682 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/05 23:52:00.088102 3.002161 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 23:52:07.096052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:52:15.097753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:52:31.100862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:53:03.106450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:59:07.112676 3.001457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/05 23:59:14.120002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:59:22.122390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/05 23:59:38.124646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:00:10.150592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:05:46.604990 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 00:05:46.605180 2.637520 tcp 10.0.2.109 50307 -> 211.38.175.27 4598 FSPA* 0 0 14 1669 flow=From-Botnet-V1-TCP-Established 1970/01/06 00:06:14.183203 2.995052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 00:06:21.184326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:06:29.185805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:06:45.188774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:07:17.194699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:13:21.201201 3.001382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 00:13:28.208029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:13:36.209860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:13:52.212458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:14:24.218680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:20:28.224844 3.001126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 00:20:35.232044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:20:41.421352 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 00:20:41.421599 0.417822 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:41.839953 0.391215 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:42.231565 0.400918 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:42.632887 0.351645 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:42.984937 0.309607 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:43.233881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:20:43.295046 0.448099 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:43.743489 0.386234 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:44.130212 0.457223 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:44.587871 0.431892 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:45.020194 0.287423 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:45.307989 0.428384 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:45.736780 0.464638 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:46.201819 0.412070 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:46.614512 0.282489 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:46.897396 0.501050 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:47.398864 0.391864 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:47.791131 0.285081 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:48.076627 0.578345 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:48.655302 0.402755 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:49.058499 0.527521 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:49.586425 0.446826 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:50.033658 0.438759 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:50.472770 0.401440 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:50.874616 0.525963 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:51.400925 0.425476 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:51.826782 0.297430 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:52.124555 0.313441 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:52.438451 0.390198 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:52.829055 0.281501 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:53.110972 0.421692 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:20:59.236254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:21:31.242584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:27:35.249164 3.001085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 00:27:42.255948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:27:50.257429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:28:06.260687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:28:38.266515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:34:42.272669 3.001966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 00:34:49.280182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:34:57.281853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:35:13.284624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:35:45.290846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:35:49.246740 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 00:35:49.246837 2.645824 tcp 10.0.2.109 50308 -> 211.38.175.27 4598 FSPA* 0 0 14 1754 flow=From-Botnet-V1-TCP-Established 1970/01/06 00:41:49.296609 3.001323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 00:41:56.303947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:42:04.305173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:42:20.308190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:42:52.314759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:48:56.320893 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 00:49:03.327993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:49:11.329732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:49:27.332439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:49:59.338622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:51:21.086447 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 00:51:21.086713 0.414612 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:21.501741 0.408295 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:21.910448 0.388452 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:22.299383 0.430987 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:22.730788 0.351975 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:23.083222 0.306405 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:23.390065 0.395459 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:23.785929 0.472006 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:24.258471 0.413110 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:24.671964 0.433286 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:25.105670 0.293853 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:25.399909 0.296030 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:25.696329 0.493175 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:26.189937 0.396853 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:26.587185 0.497075 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:27.084665 0.391055 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:27.476124 0.307168 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:27.783751 0.589924 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:28.374264 0.412151 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:28.786821 0.520819 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:29.307992 0.393986 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:29.702403 0.485412 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:30.188216 0.436181 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:30.624751 0.670337 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:31.295493 0.417386 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:31.713289 0.376919 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:32.090606 0.293990 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:32.384986 0.307946 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:32.693279 0.293660 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:51:32.987342 0.410914 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/06 00:56:03.345135 3.000941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 00:56:10.352203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:56:18.353325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:56:34.356374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 00:57:06.362681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:03:10.368504 3.001396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 01:03:17.376071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:03:25.377210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:03:41.380545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:04:13.386266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:05:51.898157 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 01:05:51.898257 2.657690 tcp 10.0.2.109 50309 -> 211.38.175.27 4598 FSPA* 0 0 14 1606 flow=From-Botnet-V1-TCP-Established 1970/01/06 01:10:17.392526 3.001288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 01:10:24.399679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:10:32.401047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:10:48.404222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:11:21.521748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:17:25.529564 2.999732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 01:17:32.535286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:17:40.536582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:17:56.539968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:18:28.545608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:21:43.856930 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 01:21:43.857032 0.411467 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:44.268934 0.389394 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:44.658725 0.398236 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:45.057309 0.414302 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:45.472011 0.385201 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:45.857625 0.339598 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:46.197632 0.339123 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:46.537172 0.485353 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:47.022937 0.418192 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:47.441548 0.285819 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:47.727719 0.429638 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:48.157726 0.300459 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:48.458563 0.454132 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:48.913075 0.395969 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:49.309509 0.751021 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:50.060956 0.384298 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:50.445662 0.303735 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:50.749802 0.590882 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:51.341063 0.416490 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:51.757967 0.522691 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:52.281063 0.409817 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:52.691294 0.453812 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:53.145520 0.442344 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:53.588260 0.481037 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:54.069721 0.430382 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:54.500548 0.294985 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:54.795933 0.382986 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 199 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:55.179301 0.306775 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:55.486444 0.281723 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:21:55.768517 0.411813 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:24:32.552083 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 01:24:39.559139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:24:47.560806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:25:03.563788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:25:35.569819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:31:39.576067 3.001558 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 01:31:46.583610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:31:54.584498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:32:10.588194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:32:42.594413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:35:55.100899 0.000202 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 01:35:55.101203 2.665577 tcp 10.0.2.109 50310 -> 211.38.175.27 4598 FSPA* 0 0 14 1594 flow=From-Botnet-V1-TCP-Established 1970/01/06 01:38:46.599870 3.001952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 01:38:53.607008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:39:01.608755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:39:17.612175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:39:49.617770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:45:53.624575 3.001170 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 01:46:00.631620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:46:08.632589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:46:24.635687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:46:56.642138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:52:03.483672 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 01:52:03.483892 0.403217 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:03.887523 0.415256 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:04.303188 0.392527 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:04.696097 0.442730 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:05.139256 0.391861 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:05.531466 0.369709 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:05.901542 0.504066 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:06.405998 0.456923 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:06.863332 0.421951 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:07.285694 0.289345 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:07.575439 0.442654 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:08.018537 0.428047 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:08.446930 0.280848 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:08.728143 0.902728 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:09.631236 0.548809 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:10.180468 0.395432 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:10.576290 0.312065 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:10.888775 0.593238 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:11.482447 0.409425 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:11.892279 0.541032 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:12.433700 0.404235 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:12.838347 0.462647 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:13.301375 0.442160 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:13.743904 0.822672 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:14.567012 0.426880 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:14.994449 0.305471 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:15.300334 0.279594 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:15.580414 0.342345 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:15.923165 0.302007 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:52:16.225548 0.416928 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/06 01:53:00.648489 3.001176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 01:53:07.655321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:53:15.657016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:53:31.659495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 01:54:03.665882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:00:07.671361 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 02:00:14.678936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:00:22.680995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:00:38.683554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:01:10.689948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:05:57.772968 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 02:05:57.773132 2.656477 tcp 10.0.2.109 50311 -> 211.38.175.27 4598 FSPA* 0 0 14 1515 flow=From-Botnet-V1-TCP-Established 1970/01/06 02:07:14.696036 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 02:07:21.702801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:07:29.704760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:07:45.707370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:08:17.713557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:14:21.719619 3.001678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 02:14:28.726792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:14:36.728655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:14:52.731634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:15:24.737811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:21:28.744529 3.000878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 02:21:35.751393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:21:43.752907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:21:59.755515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:22:31.761681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:22:35.076361 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 02:22:35.076449 0.394877 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:35.471746 0.406774 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:35.878892 0.389338 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:36.268680 0.349144 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:36.618402 0.435382 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:37.054221 0.400070 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:37.454678 0.334067 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:37.789164 0.464546 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:38.254150 0.467919 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:38.722475 0.418480 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:39.141305 0.292123 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:39.433829 0.430431 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:39.864664 0.284690 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:40.149743 0.404727 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:40.554881 0.489010 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:41.044308 0.413430 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:41.458094 0.322219 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:41.780719 0.583658 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:42.364775 0.403184 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:42.768316 0.529347 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:43.298032 0.405864 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:43.704271 0.479648 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:44.184356 0.450863 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:44.635586 0.553450 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:45.189454 0.425645 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:45.615421 0.352968 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:45.968813 0.311254 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:46.280456 0.273764 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:46.554644 0.300727 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:22:46.855777 0.426178 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:28:35.768051 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 02:28:42.775683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:28:50.777067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:29:06.779441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:29:38.785823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:35:42.792412 3.000667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 02:35:49.799338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:35:57.800662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:36:00.434599 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 02:36:00.434835 2.657480 tcp 10.0.2.109 50312 -> 211.38.175.27 4598 FSPA* 0 0 15 1557 flow=From-Botnet-V1-TCP-Established 1970/01/06 02:36:13.803773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:36:45.809906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:42:49.815797 3.001768 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 02:42:56.822947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:43:04.824583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:43:20.827581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:43:52.833308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:49:56.840273 3.000940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 02:50:03.846951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:50:11.848193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:50:27.851141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:50:59.857647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:53:12.988819 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 02:53:12.988904 0.386048 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:13.375383 0.405587 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:13.781398 0.402009 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:14.183748 0.406967 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:14.591130 0.351408 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:14.942890 0.389140 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:15.332489 0.302486 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:15.635424 0.465491 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:16.101369 0.427612 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:16.529406 0.436970 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:16.966808 0.394110 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:17.361302 0.297703 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:17.659346 0.499971 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:18.159702 0.292064 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:18.452118 0.401804 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:18.854351 0.410699 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:19.265431 0.286908 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:19.552797 0.580651 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:20.133821 0.434561 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:20.568812 0.537546 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:21.106759 0.421426 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:21.528619 0.459741 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:21.988754 0.438647 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:22.427825 0.549145 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:22.977349 0.424893 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:23.402600 0.374668 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:23.777686 0.309870 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:24.087924 0.313951 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:24.402393 0.279398 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:53:24.682225 0.422155 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/06 02:57:03.862962 3.002474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 02:57:10.870957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:57:18.872165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:57:34.875558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 02:58:06.881776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:04:10.887272 3.001958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 03:04:17.895176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:04:25.896504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:04:41.899873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:05:13.905094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:06:03.217137 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 03:06:03.217247 3.111658 tcp 10.0.2.109 50313 -> 211.38.175.27 4598 FSPA* 0 0 14 1576 flow=From-Botnet-V1-TCP-Established 1970/01/06 03:11:18.162204 3.001666 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 03:11:25.169460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:11:33.170377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:11:49.173832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:12:21.180140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:18:25.185231 3.002108 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 03:18:32.193031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:18:40.194634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:18:56.197793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:19:28.203672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:23:27.798569 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 03:23:27.798739 0.375375 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:28.174516 0.412451 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:28.587377 0.343246 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:28.931061 0.455461 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:29.386935 0.407554 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:29.794880 0.390660 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:30.185956 0.323116 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:30.509447 0.455481 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:30.965285 0.459888 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:31.425576 0.444151 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:31.870110 0.411081 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:32.281834 0.284253 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:32.566488 0.402353 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:32.969234 0.506774 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:33.476399 0.289915 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:33.766762 0.394808 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:34.161940 0.297333 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:34.459710 0.583176 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:35.043256 0.427745 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:35.471354 0.461196 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:35.932963 0.527237 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:36.460607 0.407001 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:36.868003 0.429154 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:37.297532 0.510990 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:37.808943 0.423730 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:38.233101 0.369259 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:38.602785 0.279083 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:38.882264 0.295689 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:39.178385 0.314370 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:23:39.493244 0.434984 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:25:32.209629 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 03:25:39.217128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:25:47.218767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:26:03.221681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:26:35.228055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:32:39.234216 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 03:32:46.241028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:32:54.242523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:33:10.245425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:33:42.251675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:36:06.329136 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 03:36:06.329245 2.840621 tcp 10.0.2.109 50314 -> 211.38.175.27 4598 FSPA* 0 0 14 1626 flow=From-Botnet-V1-TCP-Established 1970/01/06 03:39:46.258027 3.001362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 03:39:53.264812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:40:01.266468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:40:17.269882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:40:49.275989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:46:53.281575 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 03:47:00.289055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:47:08.290389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:47:24.293413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:47:56.299544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:53:57.539469 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 03:53:57.539627 0.387905 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:53:57.927876 0.401093 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:53:58.329332 0.384084 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:53:58.713883 0.347369 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:53:59.061604 0.427659 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:53:59.489649 0.389848 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:53:59.879863 0.346566 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:00.226829 0.482787 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:00.305973 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 03:54:00.709980 0.454775 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:01.165181 0.290560 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:01.456153 0.433278 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:01.889824 0.405278 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:02.295508 0.297700 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:02.593617 0.400658 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:02.994638 0.489290 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:03.484317 0.391545 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:03.876280 0.297129 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:04.173856 0.651134 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:04.825395 0.416123 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:05.241884 0.466275 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:05.708622 0.544225 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:06.253236 0.412606 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:06.666417 0.439281 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:07.106159 0.510247 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:07.313077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:54:07.616818 0.449816 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:08.066950 0.351874 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:08.419238 0.319565 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:08.739228 0.277881 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:09.017539 0.309228 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:09.327236 0.413156 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/06 03:54:15.314389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:54:31.317449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 03:55:03.323892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:01:07.330118 3.000978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 04:01:14.337282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:01:22.338422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:01:38.341683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:02:10.347847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:06:09.171543 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 04:06:09.171650 2.879333 tcp 10.0.2.109 50315 -> 211.38.175.27 4598 FSPA* 0 0 14 1754 flow=From-Botnet-V1-TCP-Established 1970/01/06 04:08:14.352903 3.002310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 04:08:21.360776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:08:29.362542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:08:45.365106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:09:17.371641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:15:21.376945 3.002521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 04:15:28.384760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:15:36.386090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:15:52.389085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:16:24.395766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:22:28.402265 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 04:22:35.409167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:22:43.410404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:22:59.413405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:23:31.419445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:24:22.493030 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 04:24:22.493294 0.386250 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:22.879902 0.376175 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:23.256417 0.409715 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:23.666517 0.342323 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:24.009198 0.419629 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:24.429263 0.384754 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:24.814404 0.544416 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:25.359207 0.452597 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:25.812143 0.469715 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:26.282249 0.285949 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:26.568625 0.292376 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:26.861442 0.441566 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:27.303424 0.407749 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:27.711602 0.413690 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:28.125728 0.510465 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:28.636659 0.397334 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:29.034502 0.296886 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:29.331802 0.489242 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:29.821428 0.571258 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:30.393094 0.462241 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:30.855759 0.525188 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:31.381354 0.411849 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:31.793578 0.454531 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:32.248526 0.708612 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:32.957548 0.325435 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:33.283388 0.427576 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:33.711313 0.393049 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:34.104763 0.421827 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:34.526974 0.283984 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:24:34.811409 0.297406 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:29:35.425617 3.001710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 04:29:42.433115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:29:50.434104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:30:06.437648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:30:38.443564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:36:12.053475 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 04:36:12.053582 2.915562 tcp 10.0.2.109 50316 -> 211.38.175.27 4598 FSPA* 0 0 14 1606 flow=From-Botnet-V1-TCP-Established 1970/01/06 04:36:42.448789 3.002461 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 04:36:49.456724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:36:57.458268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:37:13.460958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:37:45.467465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:43:49.473859 3.001372 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 04:43:56.480488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:44:04.482571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:44:20.485516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:44:52.491166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:50:56.497944 3.001626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 04:51:03.504529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:51:11.506201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:51:27.509359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:51:59.515064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:54:46.726030 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 04:54:46.726221 0.397064 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:47.123737 0.389213 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:47.513338 0.378380 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:47.892108 0.362813 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:48.255332 0.420444 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:48.676138 0.383019 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:49.059622 0.330917 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:49.390950 0.449643 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:49.841013 0.456124 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:50.297585 0.277972 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:54:50.575965 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 04:55:09.050229 0.573261 tcp 10.0.2.109 50317 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 04:55:09.623791 0.567512 tcp 10.0.2.109 50318 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 04:55:10.191187 1.404491 tcp 10.0.2.109 50319 -> 195.113.214.222 443 SRPA* 0 0 39 27302 flow=From-Botnet-V1-TCP-Established 1970/01/06 04:55:11.596382 0.287498 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:11.884272 0.435672 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:12.320309 0.388689 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:12.709398 0.550709 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:13.260493 0.401467 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:13.662477 0.316423 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:13.979247 0.470669 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:14.450340 0.594314 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:15.045077 0.409439 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:15.454872 0.411937 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:15.867242 0.539594 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:16.407214 0.435660 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:16.843238 0.662026 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:17.505614 0.308354 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:17.814488 0.424579 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:18.239469 0.395092 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:18.634973 0.418536 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:19.053855 0.264055 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:55:19.318353 0.302762 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/06 04:58:03.521893 3.001297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 04:58:10.528336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:58:18.529979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:58:34.533091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 04:59:06.539441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:05:10.545878 3.000862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 05:05:17.552837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:05:25.554363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:05:41.557044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:06:13.563402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:06:14.975655 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 05:06:14.975755 2.854324 tcp 10.0.2.109 50320 -> 211.38.175.27 4598 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:12:17.569377 3.001364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 05:12:24.576281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:12:32.577854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:12:48.580906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:13:20.587331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:19:24.593397 3.001864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 05:19:31.600238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:19:39.601879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:19:55.605107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:20:27.610967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:25:46.119386 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 05:25:46.119503 0.423534 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:25:46.543440 0.415262 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:25:46.959111 0.414998 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:25:47.374528 0.387194 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:25:47.762145 0.339821 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:25:48.102496 0.420723 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:25:48.523660 0.395926 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:25:48.919963 0.413773 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:25:49.334182 0.000000 udp 10.0.2.109 3683 -> 162.202.134.145 3979 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 05:26:07.642250 0.567114 tcp 10.0.2.109 50321 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:26:08.209646 0.578646 tcp 10.0.2.109 50322 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:26:08.788577 1.184857 tcp 10.0.2.109 50323 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:26:09.974303 0.465612 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:10.440323 0.280610 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:10.721288 0.402574 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:11.124264 0.302869 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:11.427492 0.420764 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:11.848664 0.499575 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:12.348640 0.393998 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:12.743005 0.306102 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:13.049509 0.482791 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:13.532653 0.594448 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:14.127513 0.407955 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:14.535880 0.410449 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:14.946676 0.511860 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:15.458976 0.445028 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:15.904355 0.636635 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:16.541416 0.368416 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:16.910197 0.315018 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:17.225591 0.428777 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:17.654725 0.305507 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:17.960622 0.416385 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:18.377394 0.279777 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:26:31.616856 3.002198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 05:26:38.624682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:26:47.357297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:27:03.359973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:27:35.365823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:33:39.372835 3.000803 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 05:33:46.379883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:33:54.381222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:34:10.383811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:34:42.389912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:36:18.208582 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 05:36:18.208730 2.949924 tcp 10.0.2.109 50324 -> 211.38.175.27 4598 FSPA* 0 0 13 1697 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:40:46.396659 3.001255 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 05:40:53.403257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:41:01.404741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:41:17.407858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:41:49.413963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:47:53.419975 3.002140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 05:48:00.427725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:48:08.428683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:48:24.432178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:48:56.438113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:55:00.444192 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 05:55:07.451653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:55:15.453338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:55:31.455645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:56:03.462367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 05:56:34.226282 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 05:56:34.226534 0.000000 udp 10.0.2.109 3683 -> 162.202.134.145 3979 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 05:56:50.412158 0.588409 tcp 10.0.2.109 50325 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:56:51.000835 0.566489 tcp 10.0.2.109 50326 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:56:51.567613 1.215928 tcp 10.0.2.109 50327 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:56:52.784150 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 05:57:10.960307 0.567215 tcp 10.0.2.109 50328 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:57:11.527846 0.571174 tcp 10.0.2.109 50329 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:57:12.099318 1.165200 tcp 10.0.2.109 50330 -> 195.113.214.222 443 SRPA* 0 0 24 12990 flow=From-Botnet-V1-TCP-Established 1970/01/06 05:57:13.265304 0.415210 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:13.680973 0.395446 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:14.076761 0.375441 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:14.452629 0.350834 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:14.803906 0.437629 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:15.241897 0.383473 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:15.625783 0.318912 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:15.945164 0.470730 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:16.416319 0.289346 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:16.706050 0.392051 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:17.098446 0.294557 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:17.393395 0.435426 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:17.829219 0.508138 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:18.337788 0.395551 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:18.733703 0.315824 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:19.049928 0.466883 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:19.517209 0.606794 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:20.124373 0.408497 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:20.533200 0.411461 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:20.945087 0.532582 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:21.478078 0.438217 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:21.916695 2.188296 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:24.105409 0.415223 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:24.521039 0.358357 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:24.879778 0.307006 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:25.187213 0.272877 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:25.460524 0.327187 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/06 05:57:25.788144 0.431803 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:02:07.468815 3.001137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 06:02:14.475452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:02:22.477139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:02:38.480371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:03:10.486062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:06:21.160261 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 06:06:21.160353 2.863434 tcp 10.0.2.109 50331 -> 211.38.175.27 4598 FSPA* 0 0 14 1649 flow=From-Botnet-V1-TCP-Established 1970/01/06 06:09:14.492914 3.000931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 06:09:21.499211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:09:29.501180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:09:45.503993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:10:17.510088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:16:21.517100 3.000790 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 06:16:28.523062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:16:36.524543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:16:52.527784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:17:24.533872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:23:28.589899 3.002204 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 06:23:35.597496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:23:43.599037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:23:59.602231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:24:31.608048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:27:42.743141 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 06:27:42.743325 0.422677 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:43.166438 0.420435 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:43.587269 0.408081 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:43.995732 0.389454 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:44.385644 0.348323 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:44.734412 0.423000 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:45.157833 0.411278 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:45.569529 0.339482 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:45.909446 0.473939 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:46.383803 0.273221 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:46.657475 0.460341 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:47.118409 0.412139 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:47.530919 0.307500 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:47.838830 0.470695 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:48.309930 0.414581 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:48.724914 0.302837 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:49.028182 0.469488 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:49.498025 0.413455 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:49.911841 0.582885 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:50.495142 0.428085 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:50.923640 0.543610 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:51.467628 0.463286 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:51.931328 0.726637 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:52.658391 0.434030 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:53.092775 0.368450 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:53.461626 0.306361 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:53.768563 0.310981 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:53.769080 3.003622 tcp 10.0.2.109 50332 -> 81.132.132.90 3731 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 06:27:54.079981 0.288498 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:27:54.368816 0.439150 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:28:02.771434 0.000000 tcp 10.0.2.109 50332 -> 81.132.132.90 3731 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 06:28:13.168692 0.254890 udp 10.0.2.109 52996 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/06 06:28:13.424049 0.268695 udp 10.0.2.109 60740 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/06 06:30:35.614644 3.000982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 06:30:42.621315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:30:50.622805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:31:06.626195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:31:38.631894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:36:24.042757 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 06:36:24.042861 2.720195 tcp 10.0.2.109 50333 -> 211.38.175.27 4598 FSPA* 0 0 15 1792 flow=From-Botnet-V1-TCP-Established 1970/01/06 06:37:42.638588 3.001217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 06:37:49.645390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:37:57.647162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:38:13.649704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:38:45.656264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:44:49.662760 3.000821 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 06:44:56.669309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:45:04.670844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:45:20.673627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:45:52.679528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:51:56.686463 3.000985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 06:52:03.693128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:52:11.694819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:52:27.698201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:52:59.703931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:58:00.396448 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 06:58:00.396560 0.387646 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:00.784617 0.442262 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:01.227244 0.894497 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:02.122125 0.380227 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:02.502767 0.346699 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:02.849863 0.439141 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:03.289389 0.359666 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:03.649447 0.432224 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:04.082070 0.462304 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:04.544812 0.268469 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:04.813709 0.323058 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:05.137205 0.430806 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:05.568365 0.391387 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:05.960181 0.471147 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:06.431676 0.400335 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:06.832385 0.311001 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:07.143740 0.452380 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:07.596459 0.412309 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:08.009141 0.598918 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:08.608469 0.418952 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:09.027827 0.520212 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:09.548443 0.449771 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:09.998649 0.488069 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:10.487099 0.307403 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:10.794986 0.307704 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:10.795474 3.000023 tcp 10.0.2.109 50334 -> 81.132.132.90 3731 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 06:58:11.103096 0.421705 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:11.525221 0.363545 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:11.889160 0.277229 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:12.166749 0.417229 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/06 06:58:19.794239 0.000000 tcp 10.0.2.109 50334 -> 81.132.132.90 3731 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 06:59:03.710312 3.001473 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 06:59:10.717120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:59:18.718379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 06:59:34.721711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:00:06.727425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:06:10.733980 3.001277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 07:06:17.741162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:06:25.742853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:06:26.764661 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 07:06:26.764868 2.847693 tcp 10.0.2.109 50335 -> 211.38.175.27 4598 FSPA* 0 0 14 1539 flow=From-Botnet-V1-TCP-Established 1970/01/06 07:06:41.745982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:07:13.751982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:13:17.757697 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 07:13:24.765364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:13:32.766772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:13:48.769578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:14:20.775877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:20:24.781559 3.001708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 07:20:31.789137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:20:39.790942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:20:55.793883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:21:27.799704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:27:31.805714 3.001998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 07:27:38.812731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:27:46.814475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:28:02.817706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:28:17.549105 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 07:28:17.549212 0.377664 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:17.927252 0.403154 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:18.330763 0.350620 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:18.681801 0.391715 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:19.073893 0.385652 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:19.459911 0.409599 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:19.869866 0.400326 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:20.270598 0.334445 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:20.605451 0.465304 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:21.071161 0.276055 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:21.347562 0.405087 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:21.753048 0.288362 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:22.041833 0.427878 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:22.042230 2.997197 tcp 10.0.2.109 50336 -> 62.92.158.188 6222 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 07:28:22.470281 0.500790 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:22.971431 0.384582 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:23.356384 0.376194 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:23.732980 0.293828 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:24.027169 0.460212 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:24.487767 0.584014 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:25.072120 0.413191 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:25.485670 0.523788 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:26.009862 0.443462 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:26.453684 0.605914 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:27.059991 0.306665 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:27.367068 0.371317 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:27.738737 0.313533 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:28.052706 0.406836 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:28.459903 0.295746 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:28.756073 0.425892 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:28:31.038025 0.000000 tcp 10.0.2.109 50336 -> 62.92.158.188 6222 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 07:28:34.823680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:28:38.160410 0.244757 udp 10.0.2.109 61180 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/06 07:28:38.405701 0.248135 udp 10.0.2.109 64905 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/06 07:34:38.830096 3.001152 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 07:34:45.836710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:34:53.838497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:35:09.841783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:35:41.847589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:36:29.616544 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 07:36:29.616651 3.021039 tcp 10.0.2.109 50337 -> 211.38.175.27 4598 FSPA* 0 0 14 1556 flow=From-Botnet-V1-TCP-Established 1970/01/06 07:41:45.854143 3.000962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 07:41:52.861112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:42:00.862449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:42:16.865748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:42:48.871811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:48:52.879049 3.000893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 07:48:59.884735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:49:07.886193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:49:23.889333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:49:55.895453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:55:59.902549 3.000850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 07:56:06.909333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:56:14.910925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:56:30.913516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:57:02.919673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 07:58:53.108105 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 07:58:53.108242 0.415687 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:53.524338 0.396574 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:53.921283 0.417906 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:54.339604 0.351339 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:54.691317 0.384799 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:55.076535 0.432379 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:55.509289 0.382346 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:55.892021 0.333864 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:56.226424 0.457054 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:56.683901 0.300298 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:56.984755 0.287336 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:56.985220 3.002341 tcp 10.0.2.109 50338 -> 62.92.158.188 6222 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 07:58:57.272480 0.399602 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:57.672491 0.440071 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:58.112943 0.486904 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:58.600260 0.396588 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:58.997258 0.418582 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:59.416220 0.305120 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:58:59.721741 0.491336 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:00.213426 0.580721 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:00.794579 0.651880 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:01.446878 0.532231 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:01.979552 0.437180 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:02.417168 0.699555 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:03.117088 0.308484 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:03.425956 0.356657 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:03.783023 0.322706 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:04.106175 0.419055 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:04.525624 0.279024 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:04.805000 0.420886 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/06 07:59:05.986108 0.000000 tcp 10.0.2.109 50338 -> 62.92.158.188 6222 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 08:03:06.925448 3.001568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 08:03:13.932998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:03:21.934105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:03:37.937652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:04:09.943443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:06:32.639277 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 08:06:32.639474 2.688051 tcp 10.0.2.109 50339 -> 211.38.175.27 4598 FSPA* 0 0 15 1670 flow=From-Botnet-V1-TCP-Established 1970/01/06 08:10:13.948774 3.002126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 08:10:20.957122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:10:28.958065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:10:44.961093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:11:16.967273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:17:20.974256 3.001051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 08:17:27.981066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:17:35.981995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:17:51.985177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:18:23.991200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:24:27.998193 3.000730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 08:24:35.015056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:24:43.016088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:24:59.018997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:25:31.025439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:29:12.404161 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 08:29:12.404262 0.385475 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:12.790162 0.933302 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:13.723901 0.380724 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:14.105034 0.407729 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:14.513245 0.349408 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:14.863028 0.424786 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:15.288239 0.397717 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:15.686376 0.288757 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:15.975650 0.324137 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:15.976191 3.006806 tcp 10.0.2.109 50340 -> 62.92.158.188 6222 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 08:29:16.300200 0.483217 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:16.783820 0.285869 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:17.070244 0.408699 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:17.479342 0.425017 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:17.904782 0.503163 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:18.408349 0.401117 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:18.809884 0.411676 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:19.221987 0.293964 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:19.516370 0.474464 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:19.991251 0.572540 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:20.564170 0.404388 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:20.968967 0.534986 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:21.504379 0.443390 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:21.948174 0.598350 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:22.546882 0.312948 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:22.860207 0.374424 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:23.235038 0.278861 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:23.514459 0.314178 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:23.828979 0.429931 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:24.259276 0.421229 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:29:24.981919 0.000000 tcp 10.0.2.109 50340 -> 62.92.158.188 6222 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 08:31:35.030996 3.001804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 08:31:42.039059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:31:50.040039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:32:06.043265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:32:38.139777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:36:35.371343 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 08:36:35.371469 2.658545 tcp 10.0.2.109 50341 -> 211.38.175.27 4598 FSPA* 0 0 12 1445 flow=From-Botnet-V1-TCP-Established 1970/01/06 08:38:42.145817 3.001142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 08:38:49.152922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:38:57.154276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:39:13.157480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:39:45.163556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:45:49.169324 3.001659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 08:45:56.176741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:46:04.178119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:46:20.181537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:46:52.187438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:52:57.235345 3.001442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 08:53:04.242311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:53:12.244093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:53:28.246735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:54:00.253010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 08:59:50.316584 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 08:59:50.316766 0.388884 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:50.706199 1.438037 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:52.144588 0.333325 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:52.478354 0.701238 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:53.179956 0.423790 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:53.604179 0.418560 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:54.023164 0.386423 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:54.409953 0.286168 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:54.696576 0.280635 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:54.697035 2.999459 tcp 10.0.2.109 50342 -> 62.92.158.188 6222 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 08:59:54.977628 0.622812 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:55.600870 0.476471 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:56.077717 0.406616 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:56.484790 0.433745 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:56.918886 1.094490 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:58.013786 0.389580 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:58.403765 0.478182 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:58.882309 0.399846 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:59.282559 0.300727 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/06 08:59:59.583718 0.575334 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:00.159479 0.417734 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:00.577566 0.527058 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:01.105040 0.441965 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:01.547379 0.549841 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:02.097635 0.327643 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:02.425707 0.309165 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:02.735293 0.368234 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:03.103928 0.283917 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:03.388244 0.443229 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:03.695303 0.000000 tcp 10.0.2.109 50342 -> 62.92.158.188 6222 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 09:00:03.831904 0.429548 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:00:04.259151 3.001343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 09:00:11.266464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:00:19.267685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:00:35.271004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:01:07.276723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:06:38.533648 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 09:06:38.533885 2.977769 tcp 10.0.2.109 50343 -> 211.38.175.27 4598 FSPA* 0 0 15 1583 flow=From-Botnet-V1-TCP-Established 1970/01/06 09:07:19.295112 3.000622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 09:07:26.301446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:07:34.303701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:07:50.306385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:08:22.312048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:14:43.322608 3.001726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 09:14:50.330492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:14:58.331610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:15:14.334592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:15:46.340492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:21:50.347361 3.000746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 09:21:57.354245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:22:05.355831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:22:21.358854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:22:53.364800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:28:57.370298 3.001857 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 09:29:04.377991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:29:12.379526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:29:28.382629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:30:00.388586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:30:29.691254 0.000162 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 09:30:29.691533 0.379033 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:30.070989 0.397911 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:30.469318 0.361954 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:30.831691 0.376816 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:31.209027 0.409707 rtcp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:31.619641 0.417209 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:32.037298 0.388037 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:32.425744 0.284692 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:32.710930 0.294851 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:32.711304 2.997831 tcp 10.0.2.109 50344 -> 62.92.158.188 6222 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 09:30:33.006345 0.300931 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:33.307684 0.459956 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:33.768048 0.409332 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:34.177786 0.424425 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:34.602587 0.496926 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:35.099935 0.405966 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:35.506293 0.469630 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:35.976343 0.577224 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:36.553940 0.404153 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:36.958457 0.304694 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:37.263543 0.441413 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:37.705356 0.405787 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:38.111482 0.535216 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:38.647083 0.480853 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:39.128339 0.304817 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:39.433504 0.308182 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:39.742043 0.388114 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:40.130506 0.424915 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:40.555828 0.281347 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:40.837597 0.438240 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/06 09:30:41.708209 0.000000 tcp 10.0.2.109 50344 -> 62.92.158.188 6222 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 09:36:04.394832 3.001488 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 09:36:11.402202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:36:19.403802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:36:35.406334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:36:41.515825 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 09:36:41.515922 2.687070 tcp 10.0.2.109 50345 -> 211.38.175.27 4598 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/01/06 09:37:07.413495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:43:11.420011 3.000644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 09:43:18.426410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:43:26.427604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:43:42.430834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:44:14.436450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:50:18.442818 3.001493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 09:50:25.449930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:50:33.451539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:50:49.454569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:51:21.570780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:57:25.577087 3.001446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 09:57:32.584477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:57:40.585312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:57:56.588355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 09:58:28.594615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:00:57.789827 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 10:00:57.789996 0.348251 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:00:58.138725 0.397732 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:00:58.536847 0.390347 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:00:58.927575 0.385450 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:00:59.313368 0.408279 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:00:59.722004 0.422664 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:00.145069 0.392815 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:00.538274 0.303165 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:00.841860 0.452409 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:00.842255 2.995774 tcp 10.0.2.109 50346 -> 62.92.158.188 6222 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 10:01:01.294623 0.283290 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:01.578412 0.480316 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:02.059153 0.407972 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:02.467505 0.441005 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:02.908878 0.486979 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:03.396267 0.396109 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:03.792827 0.473944 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:04.267117 0.564184 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:04.831701 0.443565 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:05.275691 0.384452 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:05.660542 0.300547 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:05.961500 0.406095 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:06.368008 0.529604 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:06.897964 0.687567 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:07.585936 0.305627 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:07.891993 0.314551 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:08.206949 0.281739 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:08.489112 0.381084 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:08.870569 0.433514 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:09.304410 0.417302 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:01:09.836129 0.000000 tcp 10.0.2.109 50346 -> 62.92.158.188 6222 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 10:04:32.601116 3.000864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 10:04:39.608149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:04:47.609266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:05:03.612858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:05:35.618767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:06:44.257643 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 10:06:44.257867 2.709708 tcp 10.0.2.109 50347 -> 211.38.175.27 4598 FSPA* 0 0 15 1721 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:11:39.624851 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 10:11:46.632038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:11:54.633409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:12:10.636829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:12:42.642674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:18:46.649279 3.000630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 10:18:53.655904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:19:01.657713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:19:17.660343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:19:49.666369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:25:53.672343 3.001769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 10:26:00.679994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:26:08.681739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:26:24.684504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:26:56.690660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:31:25.116681 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 10:31:25.116788 0.917021 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:26.034380 0.359595 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:26.394546 0.391120 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:26.786113 0.373800 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:26.786533 3.006349 tcp 10.0.2.109 50348 -> 76.68.90.33 7677 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 10:31:27.160329 0.412778 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:27.573533 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 10:31:35.791787 0.000000 tcp 10.0.2.109 50348 -> 76.68.90.33 7677 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/06 10:31:42.604059 0.579474 tcp 10.0.2.109 50349 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:31:43.183811 0.593019 tcp 10.0.2.109 50350 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:31:43.777097 1.494811 tcp 10.0.2.109 50351 -> 195.113.214.222 443 SRPA* 0 0 33 24139 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:31:45.272471 0.392768 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:45.665656 0.286079 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:45.952179 0.460054 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:46.412605 0.283519 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:46.696480 0.444322 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:47.141144 0.353528 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:47.495080 0.417854 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:47.913331 0.533228 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:48.446999 0.386007 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:48.447321 4.997483 tcp 10.0.2.109 50352 -> 200.84.7.244 8038 SPA_* 0 0 115 59719 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:31:48.833388 0.466593 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:49.300359 0.602898 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:49.903660 0.300876 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:31:50.204948 0.000000 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 10:31:53.574580 4.963430 tcp 10.0.2.109 50352 -> 200.84.7.244 8038 A_PA 0 0 148 83768 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:31:58.713532 4.998030 tcp 10.0.2.109 50352 -> 200.84.7.244 8038 A_PA 0 0 148 81720 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:32:03.806825 4.911920 tcp 10.0.2.109 50352 -> 200.84.7.244 8038 A_PA 0 0 104 52720 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:32:07.058389 0.584001 tcp 10.0.2.109 50353 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:32:07.642812 0.579639 tcp 10.0.2.109 50354 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:32:08.222782 1.139684 tcp 10.0.2.109 50355 -> 195.113.214.222 443 SRPA* 0 0 24 11934 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:32:08.919747 4.820251 tcp 10.0.2.109 50352 -> 200.84.7.244 8038 A_PA 0 0 105 54822 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:32:09.363175 0.404296 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:09.767855 0.421179 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:10.189427 0.539400 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:10.729245 0.571772 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:11.301426 0.308567 udp 10.0.2.109 3683 <-> 81.132.132.90 6739 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:11.610493 0.374614 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:11.985530 0.316817 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:12.302752 0.277162 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:12.580244 0.425347 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:13.005985 0.421356 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/06 10:32:13.936892 4.848727 tcp 10.0.2.109 50352 -> 200.84.7.244 8038 A_PA 0 0 97 50294 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:32:18.984050 4.506483 tcp 10.0.2.109 50352 -> 200.84.7.244 8038 A_PA 0 0 74 42908 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:32:24.338002 4.690320 tcp 10.0.2.109 50352 -> 200.84.7.244 8038 A_PA 0 0 70 40644 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:32:29.384553 2.500678 tcp 10.0.2.109 50352 -> 200.84.7.244 8038 FPA_* 0 0 34 14578 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:33:00.696477 3.001373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 10:33:07.703734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:33:15.705120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:33:31.708508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:34:03.714902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:36:46.969311 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 10:36:46.969436 2.757801 tcp 10.0.2.109 50356 -> 211.38.175.27 4598 FSPA* 0 0 14 1617 flow=From-Botnet-V1-TCP-Established 1970/01/06 10:40:07.720660 3.001318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 10:40:14.727836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:40:22.729243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:40:38.732546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:41:10.738154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:47:14.744581 3.001245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 10:47:21.751655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:47:29.753237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:47:45.756067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:48:17.762390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:54:21.768579 3.001274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 10:54:28.775922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:54:36.777290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:54:52.780337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 10:55:24.786816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:01:28.792088 3.001731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 11:01:35.799840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:01:43.801579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:01:59.804682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:02:31.810090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:02:39.421354 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 11:02:39.421461 0.418638 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:39.840467 0.439811 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:40.280709 0.397718 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:40.678867 0.352792 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:41.032031 0.410930 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:41.443393 0.408248 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:41.851996 0.392993 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:42.245434 0.302885 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:42.548683 0.371354 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:42.920458 0.454961 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:43.375785 0.288791 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:43.664979 0.440013 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:44.105343 0.327169 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:44.432899 0.383377 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:44.816638 0.391280 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:45.208270 0.490506 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:45.699105 0.573336 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:46.272861 0.468912 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:46.742141 0.271635 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:47.014217 0.412366 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:47.426987 0.417741 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:47.845142 0.527176 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:48.372699 1.172418 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:02:49.545538 0.000000 udp 10.0.2.109 3683 -> 81.132.132.90 6739 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 11:03:08.446034 0.581553 tcp 10.0.2.109 50357 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 11:03:09.027831 0.558674 tcp 10.0.2.109 50358 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 11:03:09.586794 1.169198 tcp 10.0.2.109 50359 -> 195.113.214.222 443 SRPA* 0 0 23 13264 flow=From-Botnet-V1-TCP-Established 1970/01/06 11:03:10.756735 0.281006 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:03:11.038244 0.372736 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:03:11.411365 0.327359 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:03:11.739120 0.414069 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:03:12.153617 0.418811 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:06:49.731839 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 11:06:49.732008 2.734540 tcp 10.0.2.109 50360 -> 211.38.175.27 4598 FSPA* 0 0 14 1513 flow=From-Botnet-V1-TCP-Established 1970/01/06 11:08:35.816502 3.001812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 11:08:42.824087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:08:50.825598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:09:06.828192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:09:38.833992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:15:42.839826 3.001811 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 11:15:49.847863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:15:57.849418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:16:13.852084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:16:45.857988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:22:49.864527 3.001114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 11:22:56.871806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:23:04.873365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:23:20.876250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:23:52.882213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:29:56.889034 3.001060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 11:30:03.895775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:30:11.897093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:30:27.900070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:30:59.906142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:33:31.604605 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 11:33:31.604809 0.000000 udp 10.0.2.109 3683 -> 81.132.132.90 6739 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 11:33:49.262625 0.573122 tcp 10.0.2.109 50361 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 11:33:49.835980 0.564535 tcp 10.0.2.109 50362 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 11:33:50.400756 1.149843 tcp 10.0.2.109 50363 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/06 11:33:51.551163 0.420745 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:51.972299 0.398865 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:52.371527 0.449778 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:52.821715 0.388678 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:53.210781 1.074130 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:54.285338 0.353925 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:54.639667 0.378999 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:55.019026 0.406082 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:55.425543 0.281840 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:55.707794 0.273872 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:55.982047 0.691775 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:56.674224 0.403296 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:57.077883 0.340590 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:57.418833 0.452643 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:57.871964 0.408499 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:58.280867 0.475021 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:58.756341 0.603628 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:59.360396 0.454669 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:33:59.815489 0.273162 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:34:00.089053 0.394021 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:34:00.483481 0.408814 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:34:00.892657 0.537346 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:34:01.430419 0.593741 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:34:02.024607 0.366051 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:34:02.391059 0.305609 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:34:02.697143 0.259965 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:34:02.957514 0.430036 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:34:03.387961 0.427369 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/06 11:36:52.473573 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 11:36:52.473678 2.640259 tcp 10.0.2.109 50364 -> 211.38.175.27 4598 FSPA* 0 0 15 1744 flow=From-Botnet-V1-TCP-Established 1970/01/06 11:37:03.912688 3.000937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 11:37:10.919691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:37:18.921518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:37:34.924422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:38:06.930606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:44:10.936416 3.001865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 11:44:17.943865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:44:25.945240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:44:41.948031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:45:13.954408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:51:17.960727 3.001225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 11:51:24.967531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:51:32.969381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:51:48.972025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:52:20.977838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:58:24.983591 3.001987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 11:58:31.991518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:58:39.993275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:58:55.995914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 11:59:28.002027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:04:12.100882 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 12:04:12.101086 0.408820 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:12.510521 0.399178 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:12.910127 0.444541 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:13.355061 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 12:04:30.499165 0.594439 tcp 10.0.2.109 50365 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 12:04:31.093885 0.571942 tcp 10.0.2.109 50366 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 12:04:31.666121 1.201294 tcp 10.0.2.109 50367 -> 195.113.214.222 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/06 12:04:32.868033 1.155593 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:34.024028 0.370526 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:34.394977 0.384745 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:34.780109 0.397321 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:35.177785 0.287329 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:35.465528 0.259213 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:35.725170 0.466444 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:36.192043 0.431285 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:36.623725 0.397271 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:37.021387 0.321721 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:37.343510 0.400826 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:37.744703 0.493642 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:38.238762 0.582371 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:38.821471 0.483286 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:39.305150 0.391320 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:39.696986 0.299236 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:39.996626 0.431875 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:40.428903 0.524685 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:40.953977 4.738737 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:45.693031 0.357889 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:46.051294 0.310263 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:46.361938 0.279081 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:46.641363 0.433166 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:04:47.074956 0.422113 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:05:32.008635 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 12:05:39.015378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:05:47.016934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:06:03.019725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:06:35.025849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:06:55.115019 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 12:06:55.115242 2.653763 tcp 10.0.2.109 50368 -> 211.38.175.27 4598 FSPA* 0 0 14 1560 flow=From-Botnet-V1-TCP-Established 1970/01/06 12:12:39.033208 3.000824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 12:12:46.039354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:12:54.040823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:13:10.043630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:13:42.050406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:19:46.056652 3.001174 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 12:19:53.063384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:20:01.064988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:20:17.067748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:20:49.074334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:26:53.080203 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 12:27:00.087212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:27:08.088758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:27:24.092161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:27:56.098060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:34:00.104975 3.000874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 12:34:07.111623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:34:15.112624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:34:31.115536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:34:51.846005 0.000265 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 12:34:51.846378 0.412424 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:52.259229 0.415013 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:52.674665 0.386269 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:53.061349 0.452553 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:53.514434 0.411533 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:53.926371 0.348535 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:54.275322 0.386072 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:54.661748 0.293656 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:54.955831 0.373066 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:55.329335 0.289732 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:55.619517 0.454027 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:56.073902 0.437446 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:34:56.511744 0.000000 udp 10.0.2.109 3683 -> 71.10.54.162 3559 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 12:35:03.121585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:35:12.789142 0.576526 tcp 10.0.2.109 50369 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 12:35:13.365959 0.573791 tcp 10.0.2.109 50370 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 12:35:13.940075 1.140123 tcp 10.0.2.109 50371 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/06 12:35:15.080813 0.346824 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:15.428045 0.397553 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:15.825974 0.492334 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:16.318689 0.586280 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:16.905376 0.438816 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:17.344563 0.420032 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:17.764980 0.303502 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:18.068908 0.391732 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:18.461057 0.538590 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:19.000013 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 12:35:31.070871 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 12:35:31.071298 0.276052 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:31.347783 0.365526 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:31.713756 0.308998 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:32.023098 0.427339 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:35:32.450839 0.417710 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/06 12:36:57.777245 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 12:36:57.777349 2.668996 tcp 10.0.2.109 50372 -> 211.38.175.27 4598 FSPA* 0 0 14 1551 flow=From-Botnet-V1-TCP-Established 1970/01/06 12:41:07.128313 3.001336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 12:41:14.135556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:41:22.137204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:41:38.139572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:42:10.145865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:48:14.152087 3.001077 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 12:48:21.158951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:48:29.160853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:48:45.163978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:49:17.170153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:55:21.176521 3.001210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 12:55:28.183221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:55:36.184550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:55:52.187983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 12:56:24.193754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:02:28.200071 3.001336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 13:02:35.207330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:02:43.208418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:02:59.212103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:03:31.217800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:05:36.217850 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 13:05:36.218016 0.398147 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:36.616598 0.410707 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:37.027741 0.416537 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:37.444689 0.395817 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:37.840848 0.460972 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:38.302186 0.405525 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:38.708065 0.350323 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:39.058743 0.294099 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:39.353273 0.387927 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:39.741599 0.307509 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:40.049516 0.391473 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:40.441427 0.462332 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:40.904107 0.432273 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:41.336889 0.328595 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:41.665895 0.401752 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:42.068019 0.763866 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:42.832320 0.604524 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:43.437243 0.468711 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:43.906326 0.884211 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:44.790974 0.303982 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:45.095368 0.408683 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:45.504389 0.523016 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:46.027796 0.371734 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:46.399969 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 13:05:52.991240 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 13:05:52.991663 0.284434 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:53.276428 0.408039 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:53.684873 0.308948 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:05:53.994351 0.425829 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:07:00.449348 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 13:07:00.449543 2.653122 tcp 10.0.2.109 50373 -> 211.38.175.27 4598 FSPA* 0 0 14 1587 flow=From-Botnet-V1-TCP-Established 1970/01/06 13:09:35.224356 3.001017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 13:09:42.231452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:09:50.232495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:10:06.235898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:10:38.242012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:16:42.248100 3.001051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 13:16:49.254810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:16:57.256311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:17:13.260009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:17:45.265573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:23:49.271786 3.001906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 13:23:56.279285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:24:04.280570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:24:20.283291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:24:52.290202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:30:56.295985 3.001679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 13:31:03.303403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:31:11.304837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:31:27.307745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:31:59.313294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:36:18.246594 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 13:36:18.246768 0.386598 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:18.633761 0.381465 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:19.015643 0.417160 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:19.433256 0.420532 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:19.854338 0.452206 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:20.306971 0.390024 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:20.697421 0.322504 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:21.020334 0.282973 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:21.303661 0.385868 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:21.689917 0.448918 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:22.139264 0.306574 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:22.446375 0.380475 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:22.827198 0.437618 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:23.265199 0.333421 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:23.599007 0.383382 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:23.982733 0.546739 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:24.529892 0.589190 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:25.119515 0.438232 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:25.558167 0.410919 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:25.969488 0.297948 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:26.267818 0.391791 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:26.660008 0.513104 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:27.173537 0.378680 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:27.552614 0.430493 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:27.983483 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 13:36:44.536434 0.569751 tcp 10.0.2.109 50374 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/06 13:36:45.017433 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 13:36:45.106520 0.664530 tcp 10.0.2.109 50375 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/06 13:36:45.771310 1.379568 tcp 10.0.2.109 50376 -> 195.113.214.222 443 SRPA* 0 0 38 26023 flow=From-Botnet-V1-TCP-Established 1970/01/06 13:36:47.151589 0.283340 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:47.435314 0.319420 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:36:47.755148 0.423805 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/06 13:37:03.110690 2.669926 tcp 10.0.2.109 50377 -> 211.38.175.27 4598 FSPA* 0 0 14 1658 flow=From-Botnet-V1-TCP-Established 1970/01/06 13:38:03.319158 3.002385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 13:38:10.327291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:38:18.328202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:38:34.331501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:39:06.337751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:45:10.343789 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 13:45:17.351025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:45:25.352283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:45:41.355582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:46:13.361659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:52:17.367279 3.002212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 13:52:24.374663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:52:32.376826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:52:48.379481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:53:20.385830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:59:24.392379 3.000720 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 13:59:31.399176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:59:39.400451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 13:59:55.403730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:00:27.409302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:06:31.416001 3.000941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 14:06:38.422779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:06:46.424206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:07:02.427584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:07:05.782763 0.000198 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 14:07:05.783055 2.667885 tcp 10.0.2.109 50378 -> 211.38.175.27 4598 FSPA* 0 0 14 1617 flow=From-Botnet-V1-TCP-Established 1970/01/06 14:07:09.237515 0.745273 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:09.983256 0.393811 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:10.377474 0.378888 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:10.756822 0.396670 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:11.153931 0.415787 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:11.570183 0.409473 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:11.980022 0.462034 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:12.442525 0.342354 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:12.785293 0.377418 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:13.163120 0.285215 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:13.448753 0.463712 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:13.912824 0.275809 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:14.189048 0.406267 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:14.595761 0.497814 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:15.093970 0.428853 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:15.523215 0.406490 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:15.930255 1.099322 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:17.030027 0.460286 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:17.490937 0.586815 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:18.078347 0.402358 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:18.481067 0.297717 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:18.779166 0.413867 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:19.193422 0.509688 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:19.703535 0.372099 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:20.075971 0.407912 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:20.484293 0.276271 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:20.761000 0.308430 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:21.069888 0.422112 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:07:34.433180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:13:38.439919 3.001552 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 14:13:45.446530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:13:53.448193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:14:09.451405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:14:41.457296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:20:45.464874 3.000727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 14:20:52.471175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:21:00.472503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:21:16.475351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:21:48.481433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:27:52.487246 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 14:27:59.494858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:28:07.496168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:28:23.499515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:28:55.505606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:34:59.511554 3.001596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 14:35:06.518676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:35:14.520154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:35:30.523310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:36:02.529168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:37:08.454562 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 14:37:08.454812 2.774664 tcp 10.0.2.109 50379 -> 211.38.175.27 4598 FSPA* 0 0 14 1671 flow=From-Botnet-V1-TCP-Established 1970/01/06 14:37:23.696392 0.388725 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:24.085553 0.546277 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:24.632226 0.388713 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:25.021278 0.414654 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:25.436326 0.470507 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:25.907242 0.000000 udp 10.0.2.109 3683 -> 71.16.73.123 1463 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 14:37:43.336824 0.573100 tcp 10.0.2.109 50380 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 14:37:43.910183 0.550390 tcp 10.0.2.109 50381 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 14:37:44.460889 1.381425 tcp 10.0.2.109 50382 -> 195.113.214.222 443 SRPA* 0 0 36 27221 flow=From-Botnet-V1-TCP-Established 1970/01/06 14:37:45.843024 0.467112 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:46.310566 0.350931 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:46.661905 0.470414 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:47.132723 0.393139 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:47.526464 0.286901 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:47.813780 0.320264 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:48.134466 0.406474 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:48.541360 0.328034 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:48.869767 0.421389 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:49.291580 0.392196 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:49.684132 0.504606 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:50.189156 0.448578 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:50.638156 0.292401 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:50.930979 0.578296 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:51.509700 0.451255 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:51.961357 0.428808 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:52.390572 0.526736 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:52.917739 0.297525 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:53.215644 0.357681 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:53.573705 0.423817 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:53.997904 0.309073 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:37:54.307343 0.429852 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/06 14:42:06.536197 3.001184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 14:42:13.543089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:42:21.544113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:42:37.547578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:43:09.553135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:49:13.558852 3.002075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 14:49:20.566348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:49:28.568259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:49:44.571512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:50:16.577644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:56:20.583936 3.001106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 14:56:27.590927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:56:35.591998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:56:51.595086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 14:57:23.601271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:03:27.608063 3.000565 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 15:03:34.614547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:03:42.616021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:03:58.619448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:04:30.625388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:07:11.236259 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 15:07:11.236418 2.656291 tcp 10.0.2.109 50383 -> 211.38.175.27 4598 FSPA* 0 0 14 1516 flow=From-Botnet-V1-TCP-Established 1970/01/06 15:08:02.460350 0.400744 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:02.861518 0.401981 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:03.263862 0.556031 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:03.820349 0.415503 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:04.236264 0.396282 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:04.633047 0.426772 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:05.060249 0.454966 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:05.515584 0.349976 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:05.865976 0.292640 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:06.158972 0.486555 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:06.645934 0.383282 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:07.029675 0.329927 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:07.096075 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 15:08:07.360009 0.272821 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:07.633244 0.382749 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:08.016429 0.424596 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:08.441433 0.401668 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:08.843507 0.300639 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:09.144576 0.493519 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:09.638452 0.468746 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:10.107620 0.583847 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:10.691877 0.407229 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:11.099553 0.411999 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:11.511910 0.524490 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:12.036906 0.275568 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:12.312839 0.362653 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:12.675886 0.431585 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:13.107901 0.428969 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:08:13.537258 0.308818 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:10:34.642907 3.000087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 15:10:41.648640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:10:49.650338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:11:05.653339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:11:37.659195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:17:41.665360 3.001740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 15:17:48.672559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:17:56.673989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:18:12.677158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:18:44.683026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:24:48.689541 3.001749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 15:24:55.696827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:25:03.697962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:25:19.701366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:25:51.707144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:31:55.713887 3.000862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 15:32:02.720475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:32:10.721673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:32:26.724994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:32:58.730914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:37:13.898101 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 15:37:13.898199 3.092464 tcp 10.0.2.109 50384 -> 211.38.175.27 4598 FSPA* 0 0 14 1510 flow=From-Botnet-V1-TCP-Established 1970/01/06 15:38:28.274998 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 15:38:28.275103 0.410620 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:28.686317 0.382160 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:29.068897 0.785216 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:29.854543 0.422879 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:30.277861 0.391637 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:30.669873 0.417024 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:31.087299 0.453005 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:31.540727 0.339958 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:31.881070 0.291167 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:32.172593 0.458300 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:32.631302 0.284179 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:32.915883 0.379562 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:33.295848 0.473584 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:33.769820 0.387193 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:34.157432 0.435177 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:34.593007 0.396368 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:34.989732 0.298365 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:35.288490 0.531816 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:35.820654 0.455057 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:36.276116 0.575949 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:36.852495 0.413231 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:37.266303 0.418424 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:37.685128 0.533794 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:38.219341 0.288690 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:38.508433 0.367325 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:38.876116 0.321702 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:39.198355 0.423963 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:38:39.622721 0.427985 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/06 15:39:02.737374 3.001173 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 15:39:09.744329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:39:17.745988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:39:33.748884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:40:05.754912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:46:09.760437 3.002293 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 15:46:16.768390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:46:24.770068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:46:40.773250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:47:12.779087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:53:16.785456 3.001383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 15:53:23.792528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:53:31.794016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:53:47.797244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 15:54:19.802609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:00:23.808892 3.001765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 16:00:30.816017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:00:38.817751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:00:54.820767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:01:26.826923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:07:16.990527 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 16:07:16.990734 2.825093 tcp 10.0.2.109 50385 -> 211.38.175.27 4598 FSPA* 0 0 15 1767 flow=From-Botnet-V1-TCP-Established 1970/01/06 16:07:30.833034 3.001697 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 16:07:37.840158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:07:45.842168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:08:01.845053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:08:33.851070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:08:57.795244 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 16:08:57.795389 0.413708 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:08:58.209520 0.399794 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:08:58.609705 0.606579 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:08:59.216653 0.422068 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:08:59.639104 0.391772 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:00.031238 0.424971 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:00.456588 0.478728 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:00.935732 0.348849 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:01.284992 0.291359 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:01.576707 0.269407 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:01.846478 0.454380 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:02.301298 0.404591 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:02.706405 0.347512 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:03.054505 0.384808 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:03.439689 0.458069 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:03.898107 0.513375 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:04.411885 0.407952 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:04.820197 0.301094 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:05.121705 0.468775 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:05.590901 0.592272 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:06.183615 0.420067 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:06.604129 0.607076 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:07.211615 0.372001 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:07.583995 0.548189 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:08.132610 0.259966 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:08.393002 0.289798 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:08.683228 0.428634 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:09:09.112220 0.430922 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:14:37.856608 3.001850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 16:14:44.864251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:14:52.865571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:15:08.868475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:15:40.875058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:21:44.880530 3.002224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 16:21:51.888084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:21:59.890030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:22:15.893151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:22:47.899018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:28:51.904306 3.002535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 16:28:58.912429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:29:06.913507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:29:22.916529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:29:54.922719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:35:58.929033 3.001093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 16:36:05.936008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:36:13.938008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:36:29.940675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:37:01.946939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:37:19.823153 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 16:37:19.823253 2.821090 tcp 10.0.2.109 50386 -> 211.38.175.27 4598 FSPA* 0 0 12 1642 flow=From-Botnet-V1-TCP-Established 1970/01/06 16:39:25.994536 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 16:39:25.994648 0.856636 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:26.851675 0.510126 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:27.362239 0.879122 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:28.241785 0.410818 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:28.652981 0.396005 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:29.049395 0.418024 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:29.467806 0.470242 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:29.938420 0.000000 udp 10.0.2.109 3683 -> 91.207.7.129 3326 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 16:39:48.889439 0.569230 tcp 10.0.2.109 50387 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/06 16:39:49.459006 0.552623 tcp 10.0.2.109 50388 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/06 16:39:50.011924 1.383144 tcp 10.0.2.109 50389 -> 195.113.214.222 443 SRPA* 0 0 41 25403 flow=From-Botnet-V1-TCP-Established 1970/01/06 16:39:51.396134 0.348547 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:51.745080 0.296767 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:52.042286 0.469213 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:52.511914 0.394349 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:52.906702 0.342522 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:53.249632 0.385431 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:53.635476 0.443180 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:54.079031 0.519224 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:54.598640 0.389039 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:54.988025 0.294912 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:55.283355 0.461240 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:55.744970 0.593078 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:56.338502 0.404485 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:56.743347 0.416151 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:57.159914 0.368774 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:57.529138 0.320830 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:57.850358 0.535589 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:58.386560 0.282538 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:58.669566 0.419751 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:39:59.089759 0.426247 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/06 16:43:05.952946 3.001127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 16:43:12.960438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:43:20.961915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:43:36.964635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:44:08.971036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:50:12.977198 3.001806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 16:50:19.984737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:50:27.985748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:50:43.988863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:51:15.994470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:57:20.001348 3.001035 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 16:57:27.008272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:57:35.009860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:57:51.012733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 16:58:23.018643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:04:27.024936 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 17:04:34.032332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:04:42.033820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:04:58.036355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:05:30.043064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:07:22.645171 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 17:07:22.645413 2.690019 tcp 10.0.2.109 50390 -> 211.38.175.27 4598 FSPA* 0 0 14 1559 flow=From-Botnet-V1-TCP-Established 1970/01/06 17:10:14.131811 0.000153 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 17:10:14.132090 0.285394 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:14.417883 0.000000 udp 10.0.2.109 3683 -> 71.16.73.123 1463 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 17:10:32.109229 0.566268 tcp 10.0.2.109 50391 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/06 17:10:32.675805 0.569546 tcp 10.0.2.109 50392 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/06 17:10:33.245645 1.157794 tcp 10.0.2.109 50393 -> 195.113.214.222 443 SRPA* 0 0 23 13376 flow=From-Botnet-V1-TCP-Established 1970/01/06 17:10:34.404023 0.396290 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:34.800692 0.517712 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:35.318794 0.420489 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:35.739660 0.454738 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:36.194815 0.415468 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:36.610634 0.405441 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:37.016490 0.360219 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:37.377112 0.387845 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:37.765409 0.332257 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:38.098112 0.459100 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:38.557620 0.406599 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:38.964578 0.387097 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:39.352074 0.422123 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:39.774582 0.523665 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:40.298705 0.467531 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:40.766637 0.384887 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:41.151968 0.306846 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:41.459231 0.595911 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:42.055557 0.414925 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:42.470859 0.414886 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:42.886193 0.375361 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:43.261889 0.311365 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:43.573744 0.524383 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:44.098546 0.271413 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:44.370528 0.423903 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:10:44.794845 0.424374 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:11:34.048440 3.001605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 17:11:41.055683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:11:49.057562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:12:05.060205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:12:37.066766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:18:41.222997 3.001565 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 17:18:48.230030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:18:56.231570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:19:12.234863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:19:44.240439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:25:48.247456 3.000730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 17:25:55.254303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:26:03.255555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:26:19.258939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:26:51.264871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:32:55.270988 3.001673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 17:33:02.278276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:33:10.279990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:33:26.283009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:33:58.288959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:37:25.407267 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 17:37:25.407447 2.676577 tcp 10.0.2.109 50394 -> 211.38.175.27 4598 FSPA* 0 0 14 1668 flow=From-Botnet-V1-TCP-Established 1970/01/06 17:40:02.295167 3.000930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 17:40:09.301753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:40:17.303551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:40:33.306522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:41:05.313018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:41:09.268214 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 17:41:09.268361 1.270154 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:10.538868 0.284309 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:10.823587 0.394400 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:11.218410 0.840821 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:12.059595 0.414398 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:12.474637 0.464245 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:12.939298 0.413629 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:13.353357 0.393256 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:13.747234 0.395394 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:14.143021 0.355172 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:14.498588 0.322935 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:14.821883 0.296221 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:15.118545 0.461597 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:15.580550 0.386417 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:15.967345 0.426061 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:16.393768 0.504001 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:16.898208 0.470583 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:17.369261 0.411367 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:17.780988 0.298516 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:18.079870 0.572168 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:18.652375 0.400179 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:19.052907 1.388367 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:20.441698 0.375170 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:20.817249 0.328016 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:21.145703 0.419410 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:21.565536 0.534565 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:22.100512 0.272214 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:41:22.373162 0.404591 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/06 17:47:09.317953 3.002440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 17:47:16.326256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:47:24.327687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:47:40.330410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:48:12.336828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:54:16.343211 3.000705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 17:54:23.349866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:54:31.352018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:54:47.354481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 17:55:19.360909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:01:23.367275 3.000641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 18:01:30.374186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:01:38.375551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:01:54.378931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:02:26.384531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:07:28.088723 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 18:07:28.088912 3.158701 tcp 10.0.2.109 50395 -> 211.38.175.27 4598 FSPA* 0 0 14 1721 flow=From-Botnet-V1-TCP-Established 1970/01/06 18:08:30.390767 3.001394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 18:08:37.397921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:08:45.399120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:09:01.402338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:09:33.408219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:11:40.862108 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 18:11:40.862266 1.256189 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:42.118876 0.281352 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:42.400598 0.458938 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:42.859992 0.448456 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:43.308864 0.588939 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:43.898207 0.417881 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:44.316507 0.462230 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:44.779101 0.392664 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:45.172114 0.335479 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:45.508004 0.394952 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:45.903304 0.349811 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:46.253464 0.391045 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:46.644945 0.294949 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:46.940339 0.451589 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:47.392284 0.436311 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:47.829009 0.492915 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:48.322358 0.468938 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:48.791720 0.392921 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:49.185069 0.314363 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:49.499845 0.569063 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:50.069257 0.415667 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:50.485354 0.404361 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:50.890119 0.372471 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:51.262999 0.306959 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:51.570519 0.424526 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:51.995428 0.440170 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:52.435986 0.509426 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:11:52.945857 0.276760 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:15:37.415353 3.001353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 18:15:44.421849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:15:52.423637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:16:08.426809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:16:40.432175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:22:44.439007 3.001398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 18:22:51.445757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:22:59.447335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:23:15.450230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:23:47.456679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:29:51.463336 3.000451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 18:29:58.470262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:30:06.471199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:30:22.474058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:30:54.480650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:36:58.486701 3.001178 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 18:37:05.493807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:37:13.495557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:37:29.498024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:37:31.251490 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 18:37:31.251596 2.651963 tcp 10.0.2.109 50396 -> 211.38.175.27 4598 FSPA* 0 0 14 1512 flow=From-Botnet-V1-TCP-Established 1970/01/06 18:38:01.504376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:42:19.285141 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 18:42:19.285251 0.398931 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:19.684534 0.381403 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:20.079759 0.279788 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:20.359921 0.470946 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:20.831281 0.742984 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:21.574735 0.405184 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:21.980309 0.422951 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:22.403633 0.395035 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:22.799012 0.388372 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:23.187794 0.337223 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:23.525425 0.292101 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:23.817890 0.348340 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:24.166605 0.384829 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:24.551844 0.463617 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:25.015824 0.427253 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:25.443482 0.503454 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:25.947311 0.459068 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:26.406773 0.398897 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:26.806083 0.299674 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:27.106235 0.574699 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:27.681377 0.413003 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:28.094811 0.430040 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:28.525267 0.416273 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:28.941954 0.389959 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:29.332275 0.319054 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:29.651730 0.435673 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:30.087780 0.511650 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:42:30.599869 0.277832 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 18:44:05.510774 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 18:44:12.517825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:44:20.518978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:44:36.522041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:45:08.528916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:51:12.535893 3.000810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 18:51:19.541828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:51:27.543248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:51:43.545964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:52:15.552579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:58:19.558765 3.000853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 18:58:26.566076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:58:34.567127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:58:50.569890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 18:59:22.576156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:05:26.583336 3.000413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 19:05:33.589771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:05:41.590914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:05:57.594015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:06:29.600570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:07:33.903334 0.000193 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 19:07:33.903630 2.667475 tcp 10.0.2.109 50397 -> 211.38.175.27 4598 FSPA* 0 0 14 1652 flow=From-Botnet-V1-TCP-Established 1970/01/06 19:12:33.606965 3.000755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 19:12:40.613841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:12:48.615460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:12:56.426714 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 19:12:56.426899 0.000000 udp 10.0.2.109 3683 -> 76.68.90.33 3572 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 19:13:04.618031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:13:12.131555 0.568312 tcp 10.0.2.109 50398 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 19:13:12.700212 0.612171 tcp 10.0.2.109 50399 -> 195.113.214.222 80 SRPA* 0 0 25 14442 flow=From-Botnet-V1-TCP-Established 1970/01/06 19:13:13.312464 0.459876 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:13.772773 0.407815 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:14.181099 0.286555 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:14.468056 0.578102 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:15.046616 0.423512 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:15.470542 0.484142 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:15.955052 0.396008 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:16.351419 0.300951 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:16.652796 0.387647 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:17.040846 0.470042 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:17.511304 0.473726 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:17.985453 0.345735 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:18.331610 0.391764 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:18.723801 0.436756 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:19.160971 0.500668 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:19.662205 0.475039 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:20.137599 0.396816 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:20.534829 0.305103 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:20.840361 0.577180 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:21.417990 0.413253 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:21.831721 0.434201 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:22.266466 0.429092 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:22.696021 0.357735 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:23.054227 0.297137 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:23.351833 0.287950 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:23.640200 0.433817 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:24.074502 0.538555 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:13:36.624584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:19:40.631107 3.000401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 19:19:47.637352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:19:55.639370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:20:11.641872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:20:43.648147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:26:47.654484 3.001479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 19:26:54.661522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:27:02.662825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:27:18.666359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:27:50.672016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:33:54.678645 3.001591 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 19:34:01.685416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:34:09.687156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:34:25.689778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:34:57.766040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:37:36.605207 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 19:37:36.605440 2.656187 tcp 10.0.2.109 50400 -> 211.38.175.27 4598 FSPA* 0 0 15 1766 flow=From-Botnet-V1-TCP-Established 1970/01/06 19:41:01.772339 3.001368 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 19:41:08.779839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:41:16.780781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:41:32.783887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:42:04.789826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:43:29.051504 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 19:43:29.051603 0.667758 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:29.719735 0.461016 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:30.181169 1.173853 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:31.355433 0.298431 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:31.654306 0.463783 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:32.118569 0.510611 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:32.629599 0.409955 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:33.039929 0.399528 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:33.439856 0.294421 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:33.734646 0.453260 rtcp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:34.188394 0.377893 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:34.566654 0.328571 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:34.895567 0.369918 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:35.265865 0.399251 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:35.665518 0.438620 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:36.104504 0.504696 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:36.609610 0.304379 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:36.914441 0.470560 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:37.385430 0.397901 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:37.783717 0.587314 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:38.371424 0.404406 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:38.776253 0.434130 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:39.210792 0.422050 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:39.633224 0.281845 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:39.915455 0.362149 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:40.278382 0.306125 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:40.585022 0.425013 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:43:41.010527 0.517248 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/06 19:48:08.796676 3.001279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 19:48:15.803627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:48:23.805042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:48:39.807770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:49:11.814429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:55:15.820294 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 19:55:22.827516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:55:30.828867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:55:46.831751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 19:56:18.837855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:02:22.844059 3.001705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 20:02:29.851411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:02:37.853149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:02:53.856069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:03:25.861790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:07:39.266622 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:07:39.266730 2.802174 tcp 10.0.2.109 50401 -> 211.38.175.27 4598 FSPA* 0 0 14 1663 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:09:29.867923 3.002111 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 20:09:36.875797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:09:44.876967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:10:00.879855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:10:32.886195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:13:54.306348 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:13:54.306460 0.392233 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:13:54.699098 0.454707 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:13:55.154250 1.136380 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:13:56.291040 0.286818 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:13:56.578234 0.415219 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:13:56.993817 0.484448 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:13:57.478690 3.055709 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:00.534867 0.420074 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:00.955391 0.292566 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:01.248323 0.466142 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:01.714895 0.459853 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:02.175149 0.376595 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:02.552152 0.342066 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:02.894563 0.389574 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:03.284530 0.441298 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:03.726390 0.497256 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:04.224051 0.296322 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:04.520778 0.455445 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:04.976599 0.410709 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:05.387737 0.572297 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:05.960388 0.396476 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:06.357229 0.419452 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:06.777089 0.418186 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:07.195709 0.287155 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:07.483277 0.440915 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:07.924619 0.362660 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:08.287646 0.309668 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:08.597692 0.518752 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:14:09.117478 3.483989 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 SPA_* 0 0 22 10721 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:14:15.456097 4.446267 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 11 4938 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:14:20.884865 2.993180 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:14:26.048440 0.403593 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:14:35.798385 0.397578 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:14:45.517221 4.945264 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 3138 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:14:50.656963 0.199578 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 3 190 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:14:55.193338 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:15:00.056518 4.913936 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 3138 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:15:05.167473 0.200240 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 3 190 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:15:14.689262 4.820631 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 15 11622 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:15:19.707999 4.232565 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 15 7438 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:15:26.358358 4.956842 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 11 4938 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:15:31.515480 4.887326 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 9 3382 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:15:40.663377 4.471248 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 53 38382 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:15:41.189314 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:15:46.529170 0.532206 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 5922 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:15:51.910985 4.239923 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 11 6138 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:15:58.197985 2.910096 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:05.483212 0.391808 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:10.974292 3.452876 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 4528 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:16.543709 4.983520 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 4722 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:21.727774 4.924452 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 3138 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:26.844546 3.175262 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 1854 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:31.691861 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:16:34.327735 1.279101 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 4776 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:36.891918 3.002578 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 20:16:40.317916 4.913861 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:43.899638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:16:45.431531 2.046968 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:51.901004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:16:52.220785 4.960851 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 14 6548 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:16:57.707676 2.853324 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 27 24298 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:17:05.324895 0.406222 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:17:07.904097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:17:10.347880 2.914057 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:17:17.633181 4.951759 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:17:22.785543 2.472987 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 1718 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:17:29.567311 2.832112 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:17:36.649756 4.972567 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:17:39.910233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:17:41.692548 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:17:45.869321 2.901533 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:17:53.357474 4.848760 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:17:58.406783 4.780380 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 32 25912 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:18:12.171074 0.396151 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:18:21.608947 4.898361 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 9 4802 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:18:26.707626 4.846701 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 2206 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:18:36.351038 4.929649 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 11 6958 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:18:41.478339 4.232768 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 13 6522 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:18:46.195142 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:18:46.990285 2.873038 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 17 11054 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:18:54.681292 0.542635 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:18:59.938407 4.913721 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:19:05.052505 1.999664 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:19:11.700840 4.847840 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:19:16.749388 4.866976 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:19:23.650465 3.837701 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 13 7054 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:19:28.767150 4.856333 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 6 3220 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:19:31.189782 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:19:33.833833 4.647060 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 1718 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:19:40.529817 4.850348 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 6 3220 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:19:45.580264 4.707443 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 1718 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:19:54.538459 0.395626 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:20:03.508539 0.398317 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:20:12.806121 4.911249 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:20:17.697060 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:20:17.917100 0.000000 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_ 0 0 1 54 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:20:27.127968 0.403135 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:20:36.550321 2.641559 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 38 26340 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:20:44.163285 2.925440 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:20:51.557437 2.942135 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:20:58.967486 4.851649 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 3138 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:21:03.693082 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:21:04.023227 2.704070 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 1854 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:21:11.197906 4.851719 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 3138 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:21:16.250631 2.714272 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 1854 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:21:23.429378 2.986453 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:21:30.589777 4.836299 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 3138 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:21:35.628823 2.684225 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 1854 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:21:42.695422 4.804883 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 3138 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:21:47.696597 2.653464 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 1854 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:21:59.216016 4.893507 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:22:04.309737 0.000000 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_ 0 0 1 54 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:22:13.146912 0.406623 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:22:22.288315 4.854626 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:22:27.343538 0.000000 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_ 0 0 1 54 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:22:36.078888 2.101614 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 25 17133 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:22:41.192882 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:22:47.170560 0.401764 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:22:56.436877 4.855441 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:23:01.492015 0.000000 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_ 0 0 1 54 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:23:10.539127 4.243485 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 11 4938 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:23:24.080040 0.395178 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 2681 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:23:29.192079 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:23:33.221612 0.397134 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:23:42.519357 4.869152 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:23:43.917143 3.000665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 20:23:47.588600 0.000000 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_ 0 0 1 54 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:23:50.923381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:23:56.309670 4.659812 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 29 20245 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:23:58.924748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:24:02.268942 1.252398 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 13 10199 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:24:07.963047 2.839018 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:24:14.927780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:24:15.154595 0.404476 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:24:20.177836 2.495994 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:24:27.463016 4.930284 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:24:32.593461 2.413479 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 1718 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:24:39.350195 2.877123 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:24:46.635439 4.805056 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 3138 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:24:46.933843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:24:51.640321 2.614148 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 1854 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:24:51.690613 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:24:58.569642 4.907998 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:03.677641 2.403667 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 1718 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:10.316465 4.858041 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:15.374998 2.024161 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:22.047587 4.944141 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:27.192039 2.393270 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 1718 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:33.919542 4.976303 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 14 6548 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:38.698023 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:25:40.190497 4.227826 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 10 5236 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:46.820428 4.896610 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 8 4776 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:51.917599 4.666134 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 A_PA 0 0 5 1718 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:25:58.582853 0.644763 tcp 10.0.2.109 50402 -> 58.177.94.240 5939 FPA_* 0 0 9 1956 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:30:50.940162 3.001706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 20:30:57.947723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:31:05.949018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:31:21.952015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:31:53.957952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:37:42.069037 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:37:42.069273 2.642735 tcp 10.0.2.109 50403 -> 211.38.175.27 4598 FSPA* 0 0 15 1770 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:37:57.963910 3.001994 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 20:38:04.971283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:38:12.973084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:38:28.976015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:39:00.981675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:44:37.716206 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 20:44:37.716310 0.385945 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:44:38.102613 0.440867 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:44:38.543898 0.403529 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:44:38.947884 1.187917 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:44:40.136249 0.000000 udp 10.0.2.109 3683 -> 91.207.7.129 3326 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 20:44:56.676578 0.585612 tcp 10.0.2.109 50404 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:44:57.262574 0.569295 tcp 10.0.2.109 50405 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:44:57.832115 1.125916 tcp 10.0.2.109 50406 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/06 20:44:58.958611 0.489510 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:44:59.448501 0.751696 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:00.200551 0.395660 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:00.596691 0.298717 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:00.895759 0.322937 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:01.219095 0.344435 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:01.563887 0.476049 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:02.040281 0.383275 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:02.423942 0.385249 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:02.809525 0.422640 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:03.232551 0.469075 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:03.702001 0.509039 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:04.211431 0.301732 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:04.513596 0.403826 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:04.917793 0.586047 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:04.988531 3.001052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 20:45:05.504255 0.408197 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:05.912857 0.409087 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:06.322382 0.419479 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:06.742291 0.425435 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:07.168130 0.273839 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:07.442397 0.381614 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:07.824361 0.321093 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:08.145869 0.529142 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 20:45:11.995533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:45:19.997090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:45:36.000167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:46:08.005906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:52:12.011582 3.001744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 20:52:19.018955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:52:27.021128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:52:43.023615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:53:15.029732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:59:19.035345 3.002201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 20:59:26.042893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:59:34.044775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 20:59:50.047796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:00:22.053708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:06:26.060885 3.000566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 21:06:33.067039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:06:41.068361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:06:57.071811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:07:29.077440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:07:44.720690 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 21:07:44.720866 2.671427 tcp 10.0.2.109 50407 -> 211.38.175.27 4598 FSPA* 0 0 14 1688 flow=From-Botnet-V1-TCP-Established 1970/01/06 21:13:33.084110 3.001228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 21:13:40.090951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:13:48.093048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:14:04.095838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:14:36.602376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:15:38.762118 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 21:15:38.762312 0.273927 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:39.036646 0.441502 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:39.478589 0.390292 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:39.869283 0.419840 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:40.289498 1.102166 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:41.392028 0.413216 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:41.805612 4.644794 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:46.450757 0.475158 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:46.926481 0.288239 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:47.215113 0.467177 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:47.682677 0.331301 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:48.014444 0.333892 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:48.348741 0.394746 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:48.743816 0.382533 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:49.126710 0.434496 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:49.561608 0.461387 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:50.023414 0.401783 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:50.425612 0.494149 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:50.920123 0.301769 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:51.222590 0.587843 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:51.810769 0.398498 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:52.209668 0.392618 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:52.602670 0.424471 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:53.027557 0.362448 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:53.390424 0.418832 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:53.809604 0.273986 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:54.083969 0.282481 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:15:54.366803 0.534091 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:20:40.608845 3.001154 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 21:20:47.615741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:20:55.617556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:21:11.620468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:21:43.626859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:27:47.632622 3.001425 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 21:27:54.639982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:28:02.641238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:28:18.644507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:28:50.650091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:34:54.657280 3.000714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 21:35:01.663510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:35:09.665641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:35:25.668437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:35:57.674347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:37:47.623293 0.000179 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 21:37:47.623567 2.666395 tcp 10.0.2.109 50408 -> 211.38.175.27 4598 FSPA* 0 0 14 1567 flow=From-Botnet-V1-TCP-Established 1970/01/06 21:42:01.680028 3.002069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 21:42:08.687778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:42:16.689064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:42:32.692159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:43:04.698410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:46:10.836727 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 21:46:10.836860 0.391436 udp 10.0.2.109 3683 <-> 76.68.90.33 3572 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:11.228717 0.306162 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:11.535288 0.435792 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:11.971490 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 21:46:30.056365 0.542691 tcp 10.0.2.109 50409 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 21:46:30.599368 0.584460 tcp 10.0.2.109 50410 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 21:46:31.184156 1.136952 tcp 10.0.2.109 50411 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/06 21:46:32.321691 0.578912 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:32.901019 0.423201 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:33.324627 0.505262 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:33.830261 0.462776 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:34.293490 0.390509 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:34.684441 0.284028 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:34.968824 0.377160 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:35.346538 0.412195 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:35.759155 0.350490 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:36.110147 0.390617 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:36.501097 0.416034 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:36.917509 0.454740 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:37.372658 0.399586 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:37.772660 0.584281 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:38.357364 0.511513 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:38.869265 0.316521 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:39.186374 0.414686 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:39.601437 0.415045 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:40.016898 0.426492 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:40.443748 0.423230 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:40.867399 0.368901 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:41.236654 0.525438 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:41.762513 0.270611 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:46:42.033535 0.319063 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/06 21:49:08.705037 3.000775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 21:49:15.712060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:49:23.713105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:49:39.716113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:50:11.722310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:56:15.728378 3.001191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 21:56:22.735728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:56:30.737351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:56:46.739866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 21:57:18.746359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:03:22.752637 3.001096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 22:03:29.759932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:03:37.761210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:03:53.764206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:04:25.769893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:07:50.294453 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 22:07:50.294601 2.652538 tcp 10.0.2.109 50412 -> 211.38.175.27 4598 FSPA* 0 0 15 1619 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:10:29.776349 3.001972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 22:10:36.783665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:10:44.785200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:11:00.788396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:11:32.794347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:16:53.095463 0.000162 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 22:16:53.095747 0.410391 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:16:53.506530 0.000000 udp 10.0.2.109 3683 -> 76.68.90.33 3572 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 22:17:08.710075 0.594225 tcp 10.0.2.109 50413 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:17:09.304597 0.566310 tcp 10.0.2.109 50414 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:17:09.871216 1.363275 tcp 10.0.2.109 50415 -> 195.113.214.222 443 SRPA* 0 0 37 24957 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:17:11.235067 0.312512 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:11.547994 0.444330 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:11.992723 0.000000 udp 10.0.2.109 3683 -> 71.16.73.123 1463 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 22:17:29.478813 0.575166 tcp 10.0.2.109 50416 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:17:30.054415 0.577757 tcp 10.0.2.109 50417 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:17:30.632444 1.131237 tcp 10.0.2.109 50418 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:17:31.764389 0.454264 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:32.219087 0.757338 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:32.976798 0.474213 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:33.451430 0.415412 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:33.867232 0.353002 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:34.220689 0.297514 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:34.518628 0.376179 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:34.895801 0.348498 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:35.244656 0.390177 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:35.635260 0.429863 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:36.065520 0.461667 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:36.527580 0.410668 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:36.800391 3.001511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 22:17:36.938646 0.590615 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:37.529641 0.000000 udp 10.0.2.109 3683 -> 200.84.7.244 8376 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 22:17:43.807757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:17:51.809175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:17:53.693461 0.567943 tcp 10.0.2.109 50419 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:17:54.261684 0.585076 tcp 10.0.2.109 50420 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:17:54.847058 1.118123 tcp 10.0.2.109 50421 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:17:55.965786 0.300142 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:56.266321 0.409665 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:56.676397 0.410808 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:57.087591 0.429461 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:57.517388 0.402948 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:57.920692 0.395026 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:58.316146 0.525274 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:58.841807 0.273281 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:17:59.115489 0.315750 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:18:07.812403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:18:39.817942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:24:43.824237 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 22:24:50.831260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:24:58.833193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:25:14.835885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:25:46.841874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:31:50.848576 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 22:31:57.855195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:32:05.857257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:32:21.859765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:32:53.866395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:37:52.946697 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 22:37:52.946932 2.673136 tcp 10.0.2.109 50422 -> 211.38.175.27 4598 FSPA* 0 0 15 1554 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:38:57.871458 3.002506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 22:39:04.879635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:39:12.880857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:39:28.883750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:40:00.889764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:46:04.896289 3.001413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 22:46:11.903412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:46:19.905189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:46:35.908102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:47:07.914025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:48:12.727795 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 22:48:12.727961 0.000000 udp 10.0.2.109 3683 -> 76.68.90.33 3572 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 22:48:31.477048 0.568989 tcp 10.0.2.109 50423 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:48:32.046375 0.549356 tcp 10.0.2.109 50424 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:48:32.596049 1.427937 tcp 10.0.2.109 50425 -> 195.113.214.222 443 SRPA* 0 0 39 27383 flow=From-Botnet-V1-TCP-Established 1970/01/06 22:48:34.024664 0.451353 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:34.476421 0.547585 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:35.024404 0.404781 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:35.429583 0.302506 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:35.732532 0.447169 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:36.180148 0.420059 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:36.600541 0.866115 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:37.467053 0.425210 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:37.892699 0.433101 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:38.326201 0.292665 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:38.619214 0.335869 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:38.955478 0.385975 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:39.341855 0.387630 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:39.729881 0.359474 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:40.089738 0.420994 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:40.511127 0.468211 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:40.979765 0.618740 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:41.598886 0.396767 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:41.996061 0.300907 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:42.297380 0.426464 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:42.724290 0.411268 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:43.135988 0.419885 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:43.556261 0.531329 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:44.087991 0.422800 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:44.511174 0.356273 rtcp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:44.867862 0.268155 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:48:45.136423 0.294070 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/06 22:53:11.920671 3.001213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/06 22:53:18.927604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:53:26.928823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:53:42.932071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 22:54:14.938078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:00:18.943806 3.001443 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 23:00:25.951453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:00:33.952758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:00:49.955694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:01:21.962061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:07:25.968158 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 23:07:32.975431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:07:40.976889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:07:55.628302 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 23:07:55.628542 2.732953 tcp 10.0.2.109 50426 -> 211.38.175.27 4598 FSPA* 0 0 14 1640 flow=From-Botnet-V1-TCP-Established 1970/01/06 23:07:56.979615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:08:28.986275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:14:32.992656 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 23:14:39.999514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:14:48.000739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:15:04.004046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:15:36.009620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:19:01.575504 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 23:19:01.575607 0.415527 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:01.991532 0.303206 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:02.295150 0.971403 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:03.266989 0.413740 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:03.681128 0.447792 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:04.129447 0.443496 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:04.573328 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 23:19:09.646136 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/01/06 23:19:09.646559 4.159040 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:13.805987 0.460149 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:14.266565 0.290859 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:14.557834 0.386983 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:14.945238 0.334084 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:15.279680 0.381241 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:15.661293 0.328242 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:15.989908 0.427403 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:16.417668 0.469069 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:16.887157 0.581816 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:17.469327 0.404662 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:17.874560 0.404317 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:18.279229 0.304408 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:18.583997 0.418291 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:19.002712 0.419624 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:19.422722 0.377002 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:19.800068 0.528720 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:20.329139 0.406909 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:20.736410 0.295913 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:19:21.032707 0.319353 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:21:40.016459 3.001171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 23:21:47.023559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:21:55.024807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:22:11.027904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:22:43.033470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:28:47.040168 3.001262 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 23:28:54.047477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:29:02.049069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:29:18.051910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:29:50.057554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:35:54.063587 3.001992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 23:36:01.070895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:36:09.072514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:36:25.075724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:36:57.081994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:37:58.360127 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 23:37:58.360234 2.836613 tcp 10.0.2.109 50427 -> 211.38.175.27 4598 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/01/06 23:43:01.087188 3.002336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 23:43:08.095204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:43:16.096842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:43:32.099834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:44:04.105348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:49:35.642804 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/06 23:49:35.643026 0.409699 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:36.053194 0.307758 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:36.361344 0.584548 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:36.946354 0.608807 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:37.555589 0.473502 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:38.029505 0.413437 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:38.443351 1.164472 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:39.608240 3.706678 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:43.315364 0.457265 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:43.773041 0.329338 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:44.102779 0.385909 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:44.489080 0.386428 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:44.875883 0.342662 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:45.218915 0.347308 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:45.566616 0.428222 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:45.995174 0.472475 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:46.468064 0.578347 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:47.046831 0.411138 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:47.458429 0.413247 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:47.872085 0.297028 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:48.169532 0.412388 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:48.582485 0.435683 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:49.018600 0.369342 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:49.388321 0.529548 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:49.918303 0.426363 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:50.345088 0.297637 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:49:50.643145 0.318094 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/06 23:50:08.111412 3.002319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 23:50:15.119485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:50:23.120400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:50:39.123806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:51:11.129769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:57:15.136300 3.000939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/06 23:57:22.142731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:57:30.144324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:57:46.147678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/06 23:58:18.153358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:04:22.160214 3.001027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 00:04:29.167137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:04:37.168231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:04:53.171710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:05:25.177729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:08:01.202706 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 00:08:01.202814 2.789653 tcp 10.0.2.109 50428 -> 211.38.175.27 4598 FSPA* 0 0 14 1588 flow=From-Botnet-V1-TCP-Established 1970/01/07 00:11:29.184363 3.000562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 00:11:36.190680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:11:44.192386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:12:00.195804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:12:32.201749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:18:36.208456 3.000952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 00:18:43.214856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:18:51.216136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:19:07.219950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:19:39.225813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:20:15.468046 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 00:20:15.468158 0.423507 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:15.892137 0.299694 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:16.192255 0.487427 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:16.680043 0.409146 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:17.089605 0.442936 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:17.532950 0.422810 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:17.956158 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 00:20:31.001352 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 00:20:31.001748 3.838804 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:34.840966 0.469870 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:35.311229 0.389495 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:35.701083 0.293472 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:35.994902 0.379245 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:36.374511 0.321954 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:36.696816 0.348289 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:37.045517 0.428524 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:37.474497 0.467166 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:37.942041 0.405229 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:38.347618 0.603125 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:38.951154 0.416385 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:39.367911 0.298376 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:39.666639 0.415894 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:40.082877 0.402608 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:40.485906 0.362174 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:40.848520 0.264510 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:41.113390 0.530213 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:41.643956 0.433140 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:20:42.077499 0.307123 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:25:43.231663 3.001784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 00:25:50.239244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:25:58.240387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:26:14.243309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:26:46.249378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:32:50.255536 3.001920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 00:32:57.262706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:33:05.264165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:33:21.267559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:33:53.273263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:38:03.994704 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 00:38:03.994922 2.665409 tcp 10.0.2.109 50429 -> 211.38.175.27 4598 FSPA* 0 0 14 1547 flow=From-Botnet-V1-TCP-Established 1970/01/07 00:39:57.279605 3.001450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 00:40:04.287212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:40:12.288319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:40:28.291770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:41:00.297242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:47:04.303966 3.001143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 00:47:11.311044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:47:19.312012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:47:35.315432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:48:07.321773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:50:59.378977 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 00:50:59.379239 0.429817 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:50:59.809409 0.286316 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:00.096129 0.519002 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:00.615542 0.410342 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:01.026397 0.446065 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:01.472887 0.418925 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:01.892201 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 00:51:20.812698 0.569112 tcp 10.0.2.109 50430 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 00:51:21.382067 0.584131 tcp 10.0.2.109 50431 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 00:51:21.966496 1.393589 tcp 10.0.2.109 50432 -> 195.113.214.222 443 SRPA* 0 0 36 25291 flow=From-Botnet-V1-TCP-Established 1970/01/07 00:51:23.360672 0.488665 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:23.849763 0.479146 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:24.329340 0.380335 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:24.710036 0.329195 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:25.039619 0.294446 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:25.334449 0.380060 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:25.714994 1.622094 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:27.337491 0.439247 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:27.777086 0.462131 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:28.239633 0.401732 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:28.641791 0.279971 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:28.922102 0.590292 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:29.512799 0.402010 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:29.915155 0.395285 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:30.310873 0.419365 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:30.730632 0.370223 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:31.101259 0.276675 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:31.378572 0.525345 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:31.904310 0.419366 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:51:32.324096 0.316916 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/07 00:54:11.337720 3.001623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 00:54:18.344969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:54:26.346298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:54:42.349707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 00:55:14.355586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:01:18.360980 3.002321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 01:01:25.369144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:01:33.370145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:01:49.373065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:02:21.379141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:08:06.676293 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 01:08:06.676409 2.722338 tcp 10.0.2.109 50433 -> 211.38.175.27 4598 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:08:25.385806 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 01:08:32.393116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:08:40.394343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:08:56.397481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:09:28.403098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:15:32.409935 3.001096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 01:15:39.416628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:15:47.418254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:16:03.420889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:16:35.427221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:21:56.358999 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 01:21:56.359186 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 01:22:11.663464 0.577009 tcp 10.0.2.109 50434 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:22:12.240767 0.571376 tcp 10.0.2.109 50435 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:22:12.811948 1.161962 tcp 10.0.2.109 50436 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:22:13.974703 0.402768 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:14.377899 0.502986 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:14.881328 0.290175 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:15.171971 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 01:22:25.675765 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 01:22:31.009682 0.570218 tcp 10.0.2.109 50437 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:22:31.580201 0.567381 tcp 10.0.2.109 50438 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:22:32.147903 1.140085 tcp 10.0.2.109 50439 -> 195.113.214.222 443 SRPA* 0 0 23 13966 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:22:33.288721 0.445729 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:33.734860 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 01:22:39.433754 3.001172 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 01:22:46.441034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:22:50.758116 0.568649 tcp 10.0.2.109 50440 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:22:51.327033 0.586150 tcp 10.0.2.109 50441 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:22:51.913544 1.164540 tcp 10.0.2.109 50442 -> 195.113.214.222 443 SRPA* 0 0 24 9672 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:22:53.078848 0.398614 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:53.477844 0.476945 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:53.955152 0.403836 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:54.359368 0.380008 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:54.442373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:22:54.739786 0.330812 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:55.071018 0.293725 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:55.365099 0.354476 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:55.719992 0.429091 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:56.149606 0.486768 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:56.636780 0.395506 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:57.032717 0.317280 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:57.350392 0.588852 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:57.939667 0.431157 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:58.371248 0.408190 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:58.779845 0.424351 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:59.204613 0.528052 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:22:59.733022 0.367237 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:23:00.100723 0.286649 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:23:00.387835 0.420755 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:23:00.808944 0.315533 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:23:10.445198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:23:42.451503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:29:46.457308 3.002009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 01:29:53.464704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:30:01.466190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:30:17.468960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:30:49.474848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:36:53.481497 3.001134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 01:37:00.488712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:37:08.490586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:37:24.493139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:37:56.498960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:38:09.398270 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 01:38:09.398479 2.706964 tcp 10.0.2.109 50443 -> 211.38.175.27 4598 FSPA* 0 0 15 1767 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:44:00.505558 3.001219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 01:44:07.512541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:44:15.514073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:44:31.517151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:45:03.523535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:51:07.529382 3.001849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 01:51:14.536330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:51:22.537730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:51:38.541350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:52:10.546844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:53:26.676679 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 01:53:26.676886 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 01:53:42.170903 0.566865 tcp 10.0.2.109 50444 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:53:42.738046 0.577576 tcp 10.0.2.109 50445 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:53:43.315928 1.171184 tcp 10.0.2.109 50446 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 01:53:44.487839 0.424894 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:44.913193 0.412696 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:45.326310 0.501278 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:45.827996 0.270909 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:46.099256 0.446087 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:46.545748 0.397680 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:46.943841 0.386941 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:47.331141 0.472380 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:47.803912 0.395852 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:48.200184 0.346219 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:48.546772 0.382842 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:48.929995 0.300587 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:49.230928 0.438568 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:49.669946 0.469863 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:50.140179 0.396368 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:50.536990 0.311642 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:50.849122 0.412584 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:51.262164 0.579943 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:51.842471 0.411866 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:52.254750 0.425069 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:52.680199 0.516357 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:53.196944 0.417924 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:53.615311 0.386931 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:54.002658 0.279000 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:53:54.282208 0.305680 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/07 01:58:14.553081 3.001410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 01:58:21.560725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:58:29.561696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:58:45.565278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 01:59:17.571137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:05:21.577383 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 02:05:28.584567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:05:36.585777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:05:52.588660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:06:24.595425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:08:12.109971 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 02:08:12.110086 2.745758 tcp 10.0.2.109 50447 -> 211.38.175.27 4598 FSPA* 0 0 14 1674 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:12:28.600594 3.002381 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 02:12:35.608625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:12:43.610065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:12:59.612896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:13:31.618819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:19:35.625401 3.001072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 02:19:42.632343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:19:50.633747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:20:06.706688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:20:38.713255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:24:20.221633 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 02:24:20.221739 0.508976 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:20.740887 0.406386 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:21.152749 0.428348 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:21.581512 0.291350 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:21.873287 0.441330 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:22.315050 0.636797 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:22.952245 0.373478 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:23.326117 0.456321 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:23.782883 0.382186 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:24.165498 0.352664 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:24.518587 0.335146 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:24.854106 0.279418 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:25.133949 0.444313 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:25.578681 0.000000 udp 10.0.2.109 3683 -> 81.137.213.212 6826 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 02:24:41.945286 0.565745 tcp 10.0.2.109 50448 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:24:42.511368 0.627757 tcp 10.0.2.109 50449 -> 195.113.214.222 80 SRPA* 0 0 20 14753 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:24:43.139642 0.469199 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:43.609280 0.404491 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:44.014224 0.411175 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:44.425862 0.587564 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:45.013822 0.407214 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:45.421477 0.420195 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:45.842013 0.528981 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:46.371407 0.421806 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:46.793556 0.315747 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:47.109663 0.377383 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:24:47.487414 0.278541 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:26:42.718736 3.002136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 02:26:49.726321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:26:57.727633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:27:13.730650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:27:45.737408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:33:49.743179 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 02:33:56.750079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:34:04.752134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:34:20.755330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:34:52.761026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:38:14.892469 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 02:38:14.892580 2.668979 tcp 10.0.2.109 50450 -> 211.38.175.27 4598 FSPA* 0 0 14 1567 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:40:56.766659 3.002200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 02:41:03.774588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:41:11.775783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:41:27.778935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:41:59.784666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:48:03.791449 3.000802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 02:48:10.798488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:48:18.799764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:48:34.802978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:49:06.809042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:55:10.814860 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 02:55:11.053302 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 02:55:11.053428 0.302348 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:11.356155 0.498886 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:11.855437 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 02:55:17.822462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:55:25.824168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:55:29.412042 0.556181 tcp 10.0.2.109 50451 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:55:29.968509 0.586251 tcp 10.0.2.109 50452 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:55:30.555080 1.391198 tcp 10.0.2.109 50453 -> 195.113.214.222 443 SRPA* 0 0 34 25027 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:55:31.946872 0.409428 rtcp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:32.356716 0.305005 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:32.662135 0.462609 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:33.125162 0.382332 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:33.507917 0.397460 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:33.905809 0.459160 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:34.365358 0.384311 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:34.750111 0.343506 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:35.094023 0.325520 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:35.420001 0.426090 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:35.846506 0.275136 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:36.122031 0.465381 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:36.587846 0.403854 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:36.992181 0.415625 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:37.408268 0.580829 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:37.989517 0.408493 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:38.398412 0.424570 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:38.823473 0.534754 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:55:39.358664 0.000000 udp 10.0.2.109 3683 -> 75.163.77.21 2186 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 02:55:41.827350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 02:55:58.302450 0.572652 tcp 10.0.2.109 50454 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:55:58.874919 0.573911 tcp 10.0.2.109 50455 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:55:59.449115 1.169346 tcp 10.0.2.109 50456 -> 195.113.214.222 443 SRPA* 0 0 22 12490 flow=From-Botnet-V1-TCP-Established 1970/01/07 02:56:00.619261 0.282017 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:56:00.901717 0.315095 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:56:01.217147 0.366378 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/07 02:56:13.833709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:02:17.839609 3.001161 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 03:02:24.846344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:02:32.847804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:02:48.850767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:03:20.857076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:08:17.563901 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 03:08:17.564072 2.779663 tcp 10.0.2.109 50457 -> 211.38.175.27 4598 FSPA* 0 0 14 1562 flow=From-Botnet-V1-TCP-Established 1970/01/07 03:09:24.862989 3.001654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 03:09:31.870407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:09:39.871828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:09:55.874888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:10:27.881053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:16:31.886656 3.001917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 03:16:38.893928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:16:46.895379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:17:02.899202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:17:34.904908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:23:38.911363 3.000827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 03:23:45.918342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:23:53.919827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:24:09.922809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:24:41.928635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:26:14.081197 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 03:26:14.081366 0.414317 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:14.496113 0.435115 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:14.931642 0.311541 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:15.243574 0.534858 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:15.778815 0.415762 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:16.195013 0.285676 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:16.481113 0.431181 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:16.912720 0.481562 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:17.394743 0.381371 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:17.776553 0.466669 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:18.287220 0.383812 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:18.671455 0.423991 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:19.095868 0.336465 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:19.432748 0.372623 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:19.805804 0.472230 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:20.278438 0.273198 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:20.552070 0.425546 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:20.977984 0.425047 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:21.403472 0.427559 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:21.831453 0.403497 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:22.235372 0.579246 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:22.815039 0.536017 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:23.351464 0.248749 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:23.600657 0.288439 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:26:23.889506 0.393744 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:30:45.934240 3.002109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 03:30:52.942112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:31:00.943587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:31:16.946965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:31:48.952844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:37:52.958051 3.002346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 03:37:59.965794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:38:07.967895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:38:20.345704 0.000549 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 03:38:20.346366 2.658659 tcp 10.0.2.109 50458 -> 211.38.175.27 4598 FSPA* 0 0 14 1500 flow=From-Botnet-V1-TCP-Established 1970/01/07 03:38:23.970416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:38:55.976504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:44:59.982771 3.001426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 03:45:06.989891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:45:14.991416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:45:30.994552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:46:03.000900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:52:07.007133 3.000918 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 03:52:14.014078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:52:22.015768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:52:38.018791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:53:10.024966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:56:42.150526 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 03:56:42.150713 0.419839 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:42.570930 0.420605 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:42.991969 0.298995 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:43.291383 0.729910 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:44.021698 0.420042 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:44.442271 0.267550 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:44.710220 0.450980 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:45.161577 0.476651 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:45.638632 0.386179 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:46.025240 0.457950 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:46.483542 0.384239 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:46.868178 0.425678 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:47.294296 0.333258 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:47.627953 0.343785 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:47.972170 0.464084 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:48.436664 0.292867 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:48.729949 0.431506 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:49.161882 0.396851 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:49.559095 0.412188 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:49.971743 0.411034 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:50.383120 0.582468 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:51.110996 0.305902 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:51.417293 0.527315 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:51.945071 0.275936 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:56:52.221411 0.341920 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/07 03:59:14.031190 3.001055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 03:59:21.037975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:59:29.039844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 03:59:45.042610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:00:17.048487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:06:21.053837 3.002083 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 04:06:28.062361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:06:36.063368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:06:52.066183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:07:24.072511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:08:23.007681 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 04:08:23.007891 2.733836 tcp 10.0.2.109 50459 -> 211.38.175.27 4598 FSPA* 0 0 14 1611 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:13:28.078946 3.000892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 04:13:35.085830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:13:43.087858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:13:59.090132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:14:31.096650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:20:35.102425 3.001385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 04:20:42.109566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:20:50.111099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:21:06.114520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:21:38.120773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:26:54.195428 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 04:26:54.195628 0.411922 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:26:54.608005 0.427401 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:26:55.035895 0.308994 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:26:55.345347 0.490944 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:26:55.836659 0.000000 udp 10.0.2.109 3683 -> 71.16.73.123 1463 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:27:12.303505 0.569361 tcp 10.0.2.109 50460 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:27:12.873208 0.568797 tcp 10.0.2.109 50461 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:27:13.442323 1.416006 tcp 10.0.2.109 50462 -> 195.113.214.222 443 SRPA* 0 0 37 27027 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:27:14.858984 0.293648 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:15.153039 0.000000 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:27:33.973541 0.568691 tcp 10.0.2.109 50463 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:27:34.542024 0.534831 tcp 10.0.2.109 50464 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:27:35.077136 1.193956 tcp 10.0.2.109 50465 -> 195.113.214.222 443 SRPA* 0 0 22 12490 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:27:36.271653 0.395267 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:36.667326 0.380076 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:37.047856 0.384101 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:37.432309 0.452656 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:37.885395 0.440688 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:38.326496 0.329765 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:38.656721 0.291247 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:38.948400 0.340535 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:39.289298 0.475272 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:39.764938 0.424115 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:40.189404 0.406537 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:40.596349 0.417234 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:41.013961 0.413431 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:41.427803 0.586250 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:42.014520 0.306041 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:42.126733 3.001160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 04:27:42.320921 0.371268 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:42.692624 0.531239 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:43.224235 0.270730 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:27:49.134259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:27:57.135700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:28:13.138442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:28:45.144453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:34:49.151225 3.000699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 04:34:56.157677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:35:04.159277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:35:20.162371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:35:52.168054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:38:25.749873 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 04:38:25.750012 3.000657 tcp 10.0.2.109 50466 -> 211.38.175.27 4598 FSPA* 0 0 14 1693 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:41:56.174538 3.001352 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 04:42:03.181679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:42:11.183004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:42:27.186344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:42:59.192279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:49:03.199192 3.000847 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 04:49:10.205715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:49:18.207488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:49:34.210124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:50:06.216192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:56:10.223368 3.000390 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 04:56:17.229620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:56:25.231035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:56:41.234391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:57:13.240164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 04:58:12.215530 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 04:58:12.215720 0.408139 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:12.624266 0.000000 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:58:28.120450 0.567762 tcp 10.0.2.109 50467 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:58:28.688485 0.542700 tcp 10.0.2.109 50468 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:58:29.231544 1.187459 tcp 10.0.2.109 50469 -> 195.113.214.222 443 SRPA* 0 0 23 13770 flow=From-Botnet-V1-TCP-Established 1970/01/07 04:58:30.420241 0.424205 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:30.844871 0.499317 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:31.344627 0.308542 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:31.653531 0.427453 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:32.081382 0.286018 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:32.367807 0.391395 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:32.759622 0.433814 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:33.193870 0.384640 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:33.578926 0.385974 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:33.965265 0.427750 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:35.063344 0.339625 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:35.403328 0.458190 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:35.861927 0.296812 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:36.159164 0.372479 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:36.532009 0.440210 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:36.972620 0.401703 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:37.374765 0.413971 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:37.789202 0.409889 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:38.199433 0.376870 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:38.576670 0.583493 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:39.160569 0.307545 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:39.479144 0.527415 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:40.006908 0.281229 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:40.309110 0.402062 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:40.818213 0.411611 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:41.230318 0.288322 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:41.519168 0.519463 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 669 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:42.189170 0.429837 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 701 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:42.640957 0.305719 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 683 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:42.947118 0.442436 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:43.390099 0.390918 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 735 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:43.781501 0.467850 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 813 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:44.249922 0.380164 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:44.630614 0.435642 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:45.066805 0.387289 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:45.454556 0.479761 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:45.934817 0.339588 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 836 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:46.274937 0.296579 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 679 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:46.572035 0.401699 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 697 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:46.974323 0.409139 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 713 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:47.383922 0.421150 udp 10.0.2.109 3683 <-> 99.88.164.41 8045 CON 0 0 2 666 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:47.805573 0.393875 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 797 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:48.199872 0.384249 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 765 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:48.599623 0.306831 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 665 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:48.907068 0.584638 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 787 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:49.492149 0.280715 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:49.773273 0.544672 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 798 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:50.318692 0.000000 udp 10.0.2.109 3683 -> 86.34.194.251 5706 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:58:55.887701 0.312135 udp 10.0.2.109 3683 <-> 217.91.196.121 6962 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:58:56.255633 0.000000 udp 10.0.2.109 3683 -> 24.120.204.180 7405 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:59:03.358499 0.000000 udp 10.0.2.109 3683 -> 119.75.180.21 6581 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:59:10.258547 0.000000 udp 10.0.2.109 3683 -> 96.46.115.18 8592 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:59:14.955040 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 04:59:15.916921 0.413641 udp 10.0.2.109 3683 <-> 198.179.107.162 2237 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/07 04:59:16.346254 0.000000 udp 10.0.2.109 3683 -> 87.29.121.158 9059 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:59:24.609686 0.000000 udp 10.0.2.109 3683 -> 67.191.163.248 9307 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:59:29.707000 0.000000 udp 10.0.2.109 3683 -> 65.181.60.122 3778 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:59:37.848556 0.000000 udp 10.0.2.109 3683 -> 84.177.142.171 1866 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:59:45.699506 0.000000 udp 10.0.2.109 3683 -> 81.217.76.131 6343 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:59:54.642593 0.000000 udp 10.0.2.109 3683 -> 217.226.149.179 8410 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 04:59:59.459427 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:00:00.060006 0.353928 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 813 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:00:00.532261 0.000000 udp 10.0.2.109 3683 -> 86.132.6.21 1133 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:00:07.030839 0.000000 udp 10.0.2.109 3683 -> 151.84.225.80 5264 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:00:13.589527 0.000000 udp 10.0.2.109 3683 -> 24.33.151.168 2815 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:00:20.780067 0.000000 udp 10.0.2.109 3683 -> 37.206.215.58 9216 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:00:28.351457 0.000000 udp 10.0.2.109 3683 -> 190.145.50.82 8730 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:00:35.311023 0.000000 udp 10.0.2.109 3683 -> 82.9.88.26 8387 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:00:40.558303 0.000000 udp 10.0.2.109 3683 -> 69.198.175.202 1053 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:00:45.455306 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:00:46.116467 0.000000 udp 10.0.2.109 3683 -> 184.96.94.126 9856 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:00:53.917870 0.491667 udp 10.0.2.109 3683 <-> 85.72.253.55 3180 CON 0 0 2 765 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:00:54.424759 0.000000 udp 10.0.2.109 3683 -> 212.93.100.44 6532 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:01:03.301354 0.000000 udp 10.0.2.109 3683 -> 96.237.162.236 1776 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:01:08.818973 0.000000 udp 10.0.2.109 3683 -> 85.92.221.100 6428 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:01:16.620164 0.000000 udp 10.0.2.109 3683 -> 2.28.32.229 3796 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:01:24.561863 0.447784 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 832 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:01:25.023762 0.000000 udp 10.0.2.109 3683 -> 31.51.219.37 6739 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:01:29.959774 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:01:30.700304 0.000000 udp 10.0.2.109 3683 -> 144.132.220.246 9163 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:01:36.719556 0.000000 udp 10.0.2.109 3683 -> 178.46.166.12 2614 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:01:43.378743 0.309448 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 809 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:01:43.725511 0.699432 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 765 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:01:44.441031 0.000000 udp 10.0.2.109 3683 -> 67.71.153.70 9400 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:01:52.571763 0.398694 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 750 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:01:52.983251 0.000000 udp 10.0.2.109 3683 -> 200.6.197.101 5346 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:01:58.961305 0.535215 udp 10.0.2.109 3683 <-> 101.63.190.254 3244 CON 0 0 2 751 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:01:59.545930 0.000000 udp 10.0.2.109 3683 -> 213.55.89.249 9816 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:02:08.420079 0.000000 udp 10.0.2.109 3683 -> 122.161.185.186 9820 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:02:13.772603 0.630152 udp 10.0.2.109 3683 -> 125.71.232.45 3193 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:02:14.402755 0.000000 icmp 125.71.232.45 0x0303 -> 10.0.2.109 0x790c URP 192 1 185 flow=Background 1970/01/07 05:02:18.459305 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:02:19.600974 0.000000 udp 10.0.2.109 3683 -> 79.29.108.77 4007 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:02:26.180210 0.000000 udp 10.0.2.109 3683 -> 99.123.168.179 8926 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:02:33.861607 0.000000 udp 10.0.2.109 3683 -> 87.138.133.142 5320 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:02:40.561088 0.307385 udp 10.0.2.109 3683 <-> 95.104.29.18 7727 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:02:40.880557 0.000000 udp 10.0.2.109 3683 -> 95.241.192.178 1944 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:02:48.302327 0.000000 udp 10.0.2.109 3683 -> 213.123.237.210 4919 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:02:54.971648 0.000000 udp 10.0.2.109 3683 -> 96.8.193.166 2626 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:03:01.120281 0.000000 udp 10.0.2.109 3683 -> 187.162.37.151 9144 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:03:05.957053 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:03:06.748762 0.000000 udp 10.0.2.109 3683 -> 79.48.240.201 5238 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:03:15.070809 0.299566 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:03:15.383919 0.000000 udp 10.0.2.109 3683 -> 66.226.195.97 1580 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:03:17.246796 3.000982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 05:03:23.582827 0.000000 udp 10.0.2.109 3683 -> 78.170.197.28 2213 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:03:24.254015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:03:31.534617 0.000000 udp 10.0.2.109 3683 -> 82.29.206.98 3359 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:03:32.275428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:03:40.106807 0.000000 udp 10.0.2.109 3683 -> 64.140.108.2 3987 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:03:46.205065 0.576192 udp 10.0.2.109 3683 -> 59.99.232.248 2611 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:03:46.781257 0.000000 icmp 59.99.232.248 0x0303 -> 10.0.2.109 0x330a URP 192 1 282 flow=Background 1970/01/07 05:03:48.278091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:03:50.982247 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:03:51.903616 0.000000 udp 10.0.2.109 3683 -> 195.59.222.178 5861 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:03:59.104074 0.369782 udp 10.0.2.109 3683 <-> 84.177.136.209 3908 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:03:59.483660 0.000000 udp 10.0.2.109 3683 -> 213.23.90.82 9544 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:04:06.474401 0.403444 udp 10.0.2.109 3683 <-> 62.169.124.172 5507 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:04:07.164793 0.000000 udp 10.0.2.109 3683 -> 171.98.109.210 9224 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:04:13.544783 0.000000 udp 10.0.2.109 3683 -> 93.207.160.225 3035 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:04:20.284119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:04:20.534996 0.000000 udp 10.0.2.109 3683 -> 81.133.117.67 5042 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:04:29.027022 0.000000 udp 10.0.2.109 3683 -> 88.244.10.182 3086 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:04:35.396115 0.000000 udp 10.0.2.109 3683 -> 87.14.2.108 1315 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:04:39.982666 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:04:41.204375 0.320401 udp 10.0.2.109 3683 <-> 81.149.97.55 1457 CON 0 0 2 852 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:04:41.564377 0.308438 udp 10.0.2.109 3683 <-> 217.246.50.222 5345 CON 0 0 2 669 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:04:41.888888 0.000000 udp 10.0.2.109 3683 -> 217.91.45.54 2415 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:04:47.673845 0.000000 udp 10.0.2.109 3683 -> 219.78.125.63 2599 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:04:53.091892 0.292665 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 766 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:04:53.399504 0.000000 udp 10.0.2.109 3683 -> 204.212.247.79 6481 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:04:59.761253 0.000000 udp 10.0.2.109 3683 -> 188.13.132.211 8014 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:05:06.671319 0.000000 udp 10.0.2.109 3683 -> 114.79.12.128 2081 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:05:13.581454 0.000000 udp 10.0.2.109 3683 -> 178.10.209.234 9436 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:05:21.238841 0.288247 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 741 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:05:21.537305 0.000000 udp 10.0.2.109 3683 -> 86.164.216.240 7102 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:05:25.978451 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:05:30.355333 0.000000 udp 10.0.2.109 3683 -> 79.29.54.147 8487 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:05:37.425387 0.000000 udp 10.0.2.109 3683 -> 83.142.193.110 6612 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:05:44.916165 0.000000 udp 10.0.2.109 3683 -> 216.223.125.82 4321 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:05:52.066421 0.343055 udp 10.0.2.109 3683 <-> 109.151.226.230 5065 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:05:52.518875 0.000000 udp 10.0.2.109 3683 -> 186.103.146.2 8816 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:05:58.896408 0.000000 udp 10.0.2.109 3683 -> 50.73.214.81 5451 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:06:05.535767 0.330546 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:06:05.917006 0.000000 udp 10.0.2.109 3683 -> 76.5.159.196 5464 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:06:10.482543 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:06:12.836680 0.312416 udp 10.0.2.109 3683 <-> 151.78.78.52 1252 CON 0 0 2 830 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:06:13.208290 0.000000 udp 10.0.2.109 3683 -> 95.233.159.14 6639 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:06:21.218190 0.316957 udp 10.0.2.109 3683 <-> 81.135.134.15 2262 CON 0 0 2 825 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:06:21.571965 0.000000 udp 10.0.2.109 3683 -> 78.178.101.173 9698 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:06:28.569212 0.371845 udp 10.0.2.109 3683 <-> 5.98.202.140 6693 CON 0 0 2 852 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:06:28.976361 0.000000 udp 10.0.2.109 3683 -> 95.224.73.156 2976 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:06:37.661812 0.000000 udp 10.0.2.109 3683 -> 203.187.252.98 4404 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:06:45.963701 0.000000 udp 10.0.2.109 3683 -> 68.191.230.122 6095 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:06:54.205900 0.000000 udp 10.0.2.109 3683 -> 95.241.134.179 6209 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:06:58.982042 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:07:01.095570 0.000000 udp 10.0.2.109 3683 -> 188.64.35.10 2083 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:07:08.986855 0.000000 udp 10.0.2.109 3683 -> 81.5.166.66 5911 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:07:17.108339 0.683519 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 817 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:07:19.251047 0.413922 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 659 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:07:19.920623 0.000000 udp 10.0.2.109 3683 -> 66.229.114.179 6372 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:07:28.865869 0.000000 udp 10.0.2.109 3683 -> 96.56.118.106 4157 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:07:34.313397 0.000000 udp 10.0.2.109 3683 -> 89.0.65.21 6172 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:07:42.334578 0.308506 udp 10.0.2.109 3683 -> 93.194.148.71 9462 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:07:42.643084 0.000000 icmp 93.194.148.71 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 243 flow=Background 1970/01/07 05:07:46.981572 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:07:51.307859 0.000000 udp 10.0.2.109 3683 -> 76.108.64.179 3759 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:07:58.978823 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:08:06.590223 0.000000 udp 10.0.2.109 3683 -> 68.114.82.101 6488 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:08:12.101961 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 547 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:08:15.452273 0.000000 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:08:21.310675 0.000000 udp 10.0.2.109 3683 -> 82.111.74.106 8349 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:08:28.160592 0.000000 udp 10.0.2.109 3683 -> 81.156.29.1 8789 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:08:28.772377 2.691517 tcp 10.0.2.109 50470 -> 211.38.175.27 4598 FSPA* 0 0 15 1752 flow=From-Botnet-V1-TCP-Established 1970/01/07 05:08:36.022238 0.000000 udp 10.0.2.109 3683 -> 92.148.248.53 2845 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:08:41.259877 0.000000 udp 10.0.2.109 3683 -> 72.197.243.218 5666 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:08:46.497188 0.000000 udp 10.0.2.109 3683 -> 78.167.82.62 5820 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:08:53.878097 0.000000 udp 10.0.2.109 3683 -> 76.160.222.129 2830 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:09:00.387524 0.000000 udp 10.0.2.109 3683 -> 170.164.246.26 3890 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:09:06.686483 0.000000 udp 10.0.2.109 3683 -> 98.95.85.159 6206 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:09:14.497649 0.000000 udp 10.0.2.109 3683 -> 200.83.106.73 7432 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:09:19.484789 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:09:22.489068 0.284266 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 774 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:09:22.935618 0.575757 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:09:23.523684 0.000000 udp 10.0.2.109 3683 -> 213.55.83.154 4132 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:09:30.490380 0.000000 udp 10.0.2.109 3683 -> 94.212.132.225 2757 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:09:39.443211 0.000000 udp 10.0.2.109 3683 -> 75.26.248.202 3241 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:09:45.972416 0.000000 udp 10.0.2.109 3683 -> 37.44.116.57 6284 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:09:52.722923 0.000000 udp 10.0.2.109 3683 -> 122.166.44.57 7844 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:09:58.601225 0.000000 udp 10.0.2.109 3683 -> 69.49.151.140 2030 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:10:06.121670 0.000000 udp 10.0.2.109 3683 -> 173.164.31.97 9959 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:10:10.978100 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:10:11.789563 0.000000 udp 10.0.2.109 3683 -> 79.206.184.175 6870 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:10:20.412286 0.000000 udp 10.0.2.109 3683 -> 186.95.97.7 6273 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:10:24.289889 3.012083 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 05:10:29.165129 0.000000 udp 10.0.2.109 3683 -> 95.229.248.100 6486 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:10:31.307641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:10:36.064598 0.000000 udp 10.0.2.109 3683 -> 109.193.149.63 4772 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:10:39.309314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:10:42.153301 0.000000 udp 10.0.2.109 3683 -> 82.106.107.14 9499 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:10:55.312175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:11:27.318391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:17:31.324984 3.001257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 05:17:38.331640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:17:46.333208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:18:02.336210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:18:34.342011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:24:38.348799 3.000951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 05:24:45.355970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:24:53.357005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:25:09.360255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:25:41.366531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:31:45.372371 3.001574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 05:31:52.379780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:32:00.381395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:32:16.384151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:32:48.390525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:38:31.463591 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:38:31.463749 2.702924 tcp 10.0.2.109 50471 -> 211.38.175.27 4598 FSPA* 0 0 14 1652 flow=From-Botnet-V1-TCP-Established 1970/01/07 05:38:52.396350 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 05:38:59.403452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:39:07.404761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:39:23.407904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:39:55.413993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:41:12.935972 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 05:41:12.936178 0.405140 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:13.341745 0.308883 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:13.651069 0.416720 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:14.068221 0.428196 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:14.496778 0.537884 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:15.035018 0.276912 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:15.312397 0.407330 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:15.720084 0.392532 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:16.112979 0.377635 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:16.491030 0.466605 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:16.958077 0.427418 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:17.385852 0.456486 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:17.843320 0.452066 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:18.295818 0.277776 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:18.574041 0.348538 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:18.922932 0.399907 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:19.323281 0.402364 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:19.726084 0.000000 udp 10.0.2.109 3683 -> 99.88.164.41 8045 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:41:35.360398 0.563362 tcp 10.0.2.109 50472 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 05:41:35.924063 0.598929 tcp 10.0.2.109 50473 -> 195.113.214.222 80 SRPA* 0 0 19 14683 flow=From-Botnet-V1-TCP-Established 1970/01/07 05:41:36.523506 0.357590 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:36.881510 0.332473 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:37.214346 0.421601 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:37.636295 0.580744 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:38.217390 0.269141 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:38.486893 0.522524 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:39.009815 0.309048 udp 10.0.2.109 3683 <-> 217.91.196.121 6962 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:39.319282 0.407815 udp 10.0.2.109 3683 <-> 198.179.107.162 2237 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:39.727546 0.338307 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:40.066221 0.343213 udp 10.0.2.109 3683 <-> 85.72.253.55 3180 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:40.409842 0.440356 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:40.850594 0.301780 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:41.152780 0.366850 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:41.520010 0.396713 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:41.917277 0.000000 udp 10.0.2.109 3683 -> 101.63.190.254 3244 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 05:41:57.300492 0.566606 tcp 10.0.2.109 50474 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 05:41:57.866992 0.561543 tcp 10.0.2.109 50475 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 05:41:58.428855 1.179768 tcp 10.0.2.109 50476 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 05:41:59.609350 0.306006 udp 10.0.2.109 3683 <-> 95.104.29.18 7727 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:41:59.915795 0.295212 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:00.211458 0.320484 udp 10.0.2.109 3683 <-> 84.177.136.209 3908 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:00.532395 0.412502 udp 10.0.2.109 3683 <-> 62.169.124.172 5507 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:00.945945 0.281826 udp 10.0.2.109 3683 <-> 81.149.97.55 1457 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:01.228176 0.307011 udp 10.0.2.109 3683 <-> 217.246.50.222 5345 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:01.535547 0.310773 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:01.846810 0.289986 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:02.137221 0.308711 udp 10.0.2.109 3683 <-> 109.151.226.230 5065 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:02.446373 0.317485 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:02.764359 0.369083 udp 10.0.2.109 3683 <-> 151.78.78.52 1252 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:03.133871 0.366849 udp 10.0.2.109 3683 <-> 81.135.134.15 2262 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:03.501195 0.397131 udp 10.0.2.109 3683 <-> 5.98.202.140 6693 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:03.898683 0.667827 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:04.566870 0.476575 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:05.043859 0.275226 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:42:05.319498 0.567178 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/07 05:45:59.419649 3.002232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 05:46:06.427798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:46:14.429351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:46:30.432055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:47:02.437802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:53:06.444326 3.001389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 05:53:13.451570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:53:21.452887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:53:37.455772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 05:54:09.461709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:00:13.468693 3.001012 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 06:00:20.475398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:00:28.476644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:00:44.479761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:01:16.616009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:07:20.622874 3.000932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 06:07:27.629397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:07:35.631002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:07:51.634045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:08:23.639953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:08:34.215564 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 06:08:34.215722 2.787598 tcp 10.0.2.109 50477 -> 211.38.175.27 4598 FSPA* 0 0 14 1558 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:12:24.687005 0.000162 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 06:12:24.687272 0.000000 udp 10.0.2.109 3683 -> 99.88.164.41 8045 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 06:12:41.202634 0.998525 tcp 10.0.2.109 50478 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:12:42.201460 0.986534 tcp 10.0.2.109 50479 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:12:43.188297 1.619017 tcp 10.0.2.109 50480 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:12:44.807930 0.000000 udp 10.0.2.109 3683 -> 101.63.190.254 3244 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 06:13:01.281176 0.836212 tcp 10.0.2.109 50481 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:13:02.117300 1.011774 tcp 10.0.2.109 50482 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:13:03.128995 1.569525 tcp 10.0.2.109 50483 -> 195.113.214.222 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:13:04.699105 0.403290 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:05.102809 0.300863 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:05.404041 0.416433 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:05.820838 0.422480 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:06.258767 0.388980 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:06.648147 0.287715 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:06.936258 0.608723 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:07.545491 0.593181 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:08.139190 0.650020 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:08.789631 0.562897 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:09.352959 0.366416 udp 10.0.2.109 3683 <-> 81.133.186.146 7761 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:09.719795 0.477431 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:10.197583 0.565772 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:10.763715 0.638340 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:11.402435 0.411186 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:11.814046 0.502192 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:12.316654 0.716163 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:13.033258 0.593754 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:13.627490 0.525940 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:14.153887 0.588475 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:14.742721 0.805995 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:15.549158 0.478508 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:16.028074 0.000000 udp 10.0.2.109 3683 -> 198.179.107.162 2237 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 06:13:34.959259 1.012803 tcp 10.0.2.109 50484 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:13:35.972370 0.971972 tcp 10.0.2.109 50485 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:13:36.944620 2.027715 tcp 10.0.2.109 50486 -> 195.113.214.222 443 SRPA* 0 0 24 13318 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:13:38.972900 0.548981 udp 10.0.2.109 3683 <-> 217.91.196.121 6962 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:39.522371 0.748954 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:40.271750 0.670321 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:40.942528 0.578657 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:13:41.521648 0.000000 udp 10.0.2.109 3683 -> 85.72.253.55 3180 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 06:13:59.935356 1.019442 tcp 10.0.2.109 50487 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:14:00.955108 1.040768 tcp 10.0.2.109 50488 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:14:01.996246 2.081290 tcp 10.0.2.109 50489 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:14:04.078114 0.622664 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:04.701201 0.534995 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:05.236635 0.585961 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:05.823030 0.000000 udp 10.0.2.109 3683 -> 95.104.29.18 7727 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 06:14:21.235849 1.004708 tcp 10.0.2.109 50490 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:14:22.240850 0.990428 tcp 10.0.2.109 50491 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:14:23.231599 1.902257 tcp 10.0.2.109 50492 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:14:25.134820 0.637924 udp 10.0.2.109 3683 <-> 62.169.124.172 5507 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:25.773186 0.310677 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:26.084286 0.339788 udp 10.0.2.109 3683 <-> 84.177.136.209 3908 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:26.424433 0.315708 udp 10.0.2.109 3683 <-> 81.149.97.55 1457 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:26.740492 0.298686 udp 10.0.2.109 3683 <-> 217.246.50.222 5345 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:27.039540 0.310728 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:27.350673 0.339332 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:27.647074 3.001094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 06:14:27.690633 0.280216 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:27.971222 0.319069 udp 10.0.2.109 3683 <-> 109.151.226.230 5065 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:28.290662 0.399217 udp 10.0.2.109 3683 <-> 151.78.78.52 1252 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:28.690278 0.307062 udp 10.0.2.109 3683 <-> 81.135.134.15 2262 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:28.997730 0.450411 udp 10.0.2.109 3683 <-> 5.98.202.140 6693 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:29.448568 0.789421 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:30.238452 0.803225 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:31.042069 0.644142 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:31.686633 0.492377 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:14:34.653548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:14:42.655302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:14:58.657830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:15:30.663782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:21:34.669967 3.001492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 06:21:41.677433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:21:49.678916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:22:05.682023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:22:37.688406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:28:41.695100 3.000614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 06:28:48.701189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:28:56.703081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:29:12.705794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:29:44.711820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:35:48.718065 3.002027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 06:35:55.725181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:36:03.727044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:36:19.730110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:36:51.736337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:38:37.007456 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 06:38:37.007678 3.187584 tcp 10.0.2.109 50493 -> 211.38.175.27 4598 FSPA* 0 0 14 1562 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:42:55.742737 3.001173 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 06:43:02.749371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:43:10.750755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:43:26.754223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:43:58.760182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:44:41.361573 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 06:44:41.361808 0.422140 udp 10.0.2.109 3683 -> 198.179.107.162 2237 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 06:44:41.783948 0.000000 icmp 198.179.107.162 0x0303 -> 10.0.2.109 0xbd08 URP 192 1 115 flow=Background 1970/01/07 06:44:56.415582 0.566200 tcp 10.0.2.109 50494 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:44:56.982229 0.585150 tcp 10.0.2.109 50495 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:44:57.567694 1.183635 tcp 10.0.2.109 50496 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:44:58.751899 0.000000 udp 10.0.2.109 3683 -> 85.72.253.55 3180 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 06:45:14.580513 1.011463 tcp 10.0.2.109 50497 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:45:15.591815 1.444202 tcp 10.0.2.109 50498 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:45:17.036348 2.070075 tcp 10.0.2.109 50499 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:45:19.107042 0.000000 udp 10.0.2.109 3683 -> 95.104.29.18 7727 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 06:45:36.201182 0.581074 tcp 10.0.2.109 50500 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:45:36.782535 0.568655 tcp 10.0.2.109 50501 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:45:37.351507 1.154374 tcp 10.0.2.109 50502 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:45:38.506702 0.314114 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:38.821245 0.412135 udp 10.0.2.109 3683 <-> 71.16.73.123 1463 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:39.233775 0.410229 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:39.644480 0.432857 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:40.077752 0.288178 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:40.366388 0.404938 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:40.771732 0.500921 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:41.273107 0.461574 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:41.735120 0.400644 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:42.136164 0.382402 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:45:42.518930 0.000000 udp 10.0.2.109 3683 -> 81.133.186.146 7761 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 06:45:57.522549 0.575989 tcp 10.0.2.109 50503 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:45:58.098793 0.577087 tcp 10.0.2.109 50504 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:45:58.675817 1.175346 tcp 10.0.2.109 50505 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 06:45:59.851845 0.348100 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:00.200384 0.459896 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:00.660733 0.305119 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:00.966435 0.440474 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:01.407312 0.408315 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:01.816063 0.418319 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:02.234815 0.370867 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:02.606118 0.425765 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:03.032245 0.305140 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:03.337776 0.586738 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:03.924943 0.281727 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:04.207054 0.312543 udp 10.0.2.109 3683 <-> 217.91.196.121 6962 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:04.519989 0.527299 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:05.047699 0.447310 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:05.495378 0.357070 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:05.852871 0.410469 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:06.263719 0.322839 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:06.586933 0.299801 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:06.887138 0.774058 udp 10.0.2.109 3683 <-> 62.169.124.172 5507 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:07.661608 0.619865 udp 10.0.2.109 3683 <-> 81.149.97.55 1457 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:08.281873 0.294481 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:08.576738 0.322658 udp 10.0.2.109 3683 <-> 84.177.136.209 3908 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:08.899825 0.324406 udp 10.0.2.109 3683 <-> 217.246.50.222 5345 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:09.224687 0.314684 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:09.539779 0.329598 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:09.869759 0.290878 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:10.161048 0.328344 udp 10.0.2.109 3683 <-> 81.135.134.15 2262 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:10.489774 0.302011 udp 10.0.2.109 3683 <-> 109.151.226.230 5065 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:10.792197 0.820029 udp 10.0.2.109 3683 <-> 151.78.78.52 1252 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:11.612669 0.379314 udp 10.0.2.109 3683 <-> 5.98.202.140 6693 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:11.992347 0.680447 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:12.673241 0.585729 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:13.259418 0.418790 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:46:13.678620 0.277896 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/07 06:50:02.765848 3.002127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 06:50:09.773297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:50:17.775205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:50:33.777602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:51:05.783816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:57:09.789966 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 06:57:16.797450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:57:24.799072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:57:40.801858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 06:58:12.807594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:04:16.813881 3.001932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 07:04:23.821365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:04:31.823026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:04:47.826117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:05:19.832081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:08:40.200620 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 07:08:40.200840 2.815695 tcp 10.0.2.109 50506 -> 211.38.175.27 4598 FSPA* 0 0 15 1715 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:11:23.838003 3.001323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 07:11:30.845104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:11:38.846915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:11:54.849929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:12:26.856149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:16:22.545299 0.000158 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 07:16:22.545573 0.000000 udp 10.0.2.109 3683 -> 81.133.186.146 7761 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 07:16:38.560555 0.567179 tcp 10.0.2.109 50507 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:16:39.128058 0.604458 tcp 10.0.2.109 50508 -> 195.113.214.222 80 SRPA* 0 0 19 13412 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:16:39.733011 0.303221 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:16:40.036648 0.000000 udp 10.0.2.109 3683 -> 71.16.73.123 1463 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 07:16:57.586170 0.588119 tcp 10.0.2.109 50509 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:16:58.174662 0.575018 tcp 10.0.2.109 50510 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:16:58.749975 1.155381 tcp 10.0.2.109 50511 -> 195.113.214.222 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:16:59.904442 0.416107 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:00.321010 0.423396 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:00.744771 0.427497 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:01.172705 0.282491 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:01.455537 0.465583 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:01.921472 0.490843 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:02.412729 0.387592 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:02.800742 0.389389 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:03.190503 0.476511 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:03.667388 0.291027 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:03.958841 0.359108 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:04.318396 0.437710 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:04.756494 0.718470 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:05.475320 0.372003 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:05.847757 0.595575 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:06.443777 0.644167 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:07.088330 0.410788 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:07.499477 0.312575 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:07.812466 0.285995 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:08.098910 0.000000 udp 10.0.2.109 3683 -> 217.91.196.121 6962 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 07:17:25.456131 0.574445 tcp 10.0.2.109 50512 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:17:26.030850 0.584408 tcp 10.0.2.109 50513 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:17:26.615432 1.198442 tcp 10.0.2.109 50514 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:17:27.814487 0.365408 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:28.180299 0.524774 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:28.705522 0.448279 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:29.154388 0.405740 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:29.560588 0.376120 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:29.937074 0.313124 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:30.250556 0.650478 udp 10.0.2.109 3683 <-> 62.169.124.172 5507 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:30.901444 0.000000 udp 10.0.2.109 3683 -> 84.177.136.209 3908 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 07:17:49.310712 0.579159 tcp 10.0.2.109 50515 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:17:49.890315 0.562448 tcp 10.0.2.109 50516 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:17:50.452590 1.156438 tcp 10.0.2.109 50517 -> 195.113.214.222 443 SRPA* 0 0 23 13264 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:17:51.609606 0.320090 udp 10.0.2.109 3683 <-> 81.149.97.55 1457 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:51.930218 0.308219 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:52.238884 0.315057 udp 10.0.2.109 3683 <-> 217.246.50.222 5345 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:52.554519 0.307767 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:52.862704 0.312479 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:53.175606 0.306032 udp 10.0.2.109 3683 <-> 109.151.226.230 5065 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:53.482033 0.291972 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:53.774422 0.875292 udp 10.0.2.109 3683 <-> 81.135.134.15 2262 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:54.650084 0.681788 udp 10.0.2.109 3683 <-> 151.78.78.52 1252 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:55.332299 0.368579 udp 10.0.2.109 3683 <-> 5.98.202.140 6693 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:55.701219 0.687594 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:56.389243 0.290973 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:56.680615 0.575360 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:17:57.256332 0.426149 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:18:30.861479 3.001795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 07:18:37.869572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:18:45.870967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:19:01.873660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:19:33.880012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:25:37.886224 3.001366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 07:25:44.893731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:25:52.895499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:26:08.898512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:26:40.904240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:32:44.910459 3.001317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 07:32:51.917503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:32:59.918362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:33:15.921932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:33:47.927701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:38:43.022878 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 07:38:43.022984 2.732218 tcp 10.0.2.109 50518 -> 211.38.175.27 4598 FSPA* 0 0 15 1584 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:39:51.933447 3.002096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 07:39:58.941417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:40:06.942761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:40:22.945890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:40:54.951926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:46:58.957533 3.002205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 07:47:05.965250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:47:13.967019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:47:29.969950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:48:01.976166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:48:20.883423 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 07:48:20.883543 0.427863 udp 10.0.2.109 3683 -> 71.16.73.123 1463 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 07:48:21.311406 0.000000 icmp 71.16.73.123 0x0303 -> 10.0.2.109 0xb705 URP 192 1 277 flow=Background 1970/01/07 07:48:36.087475 0.583494 tcp 10.0.2.109 50519 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:48:36.671258 0.614288 tcp 10.0.2.109 50520 -> 195.113.214.222 80 SRPA* 0 0 18 13412 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:48:37.286068 0.000000 udp 10.0.2.109 3683 -> 217.91.196.121 6962 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 07:48:55.393567 0.571709 tcp 10.0.2.109 50521 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:48:55.965617 0.562659 tcp 10.0.2.109 50522 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:48:56.528568 1.152066 tcp 10.0.2.109 50523 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:48:57.681343 0.000000 udp 10.0.2.109 3683 -> 84.177.136.209 3908 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 07:49:15.813276 0.564075 tcp 10.0.2.109 50524 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:49:16.377642 0.561654 tcp 10.0.2.109 50525 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:49:16.939582 1.157266 tcp 10.0.2.109 50526 -> 195.113.214.222 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:49:18.097438 0.299353 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:18.397194 0.398608 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:18.796176 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 07:49:37.774600 0.569936 tcp 10.0.2.109 50527 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:49:38.344869 0.592524 tcp 10.0.2.109 50528 -> 195.113.214.222 80 SRPA* 0 0 18 13348 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:49:38.938022 0.286991 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:39.225525 0.417978 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:39.643929 0.459045 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:40.103377 0.515527 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:40.619357 0.374542 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:40.994357 0.300700 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:41.295478 0.469217 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:41.765051 0.000000 udp 10.0.2.109 3683 -> 69.159.203.121 9541 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 07:49:58.224376 0.570783 tcp 10.0.2.109 50529 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:49:58.795406 0.601262 tcp 10.0.2.109 50530 -> 195.113.214.222 80 SRPA* 0 0 19 14717 flow=From-Botnet-V1-TCP-Established 1970/01/07 07:49:59.397304 0.429276 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:49:59.826949 0.350796 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:00.178187 0.396895 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:00.575533 0.358181 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:00.934112 0.411519 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:01.346039 0.629406 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:01.975865 0.307819 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:02.284049 0.411430 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:02.695905 0.275659 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:02.971936 0.345828 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:03.318326 0.534869 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:03.853624 0.344923 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:04.198949 0.443837 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:04.643209 0.403542 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:05.047131 0.807749 udp 10.0.2.109 3683 <-> 62.169.124.172 5507 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:05.855254 0.304023 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:06.159698 0.310259 udp 10.0.2.109 3683 <-> 81.149.97.55 1457 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:06.470317 0.315244 udp 10.0.2.109 3683 <-> 217.246.50.222 5345 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:06.785937 0.295452 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:07.081792 0.301177 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:07.383346 0.300016 udp 10.0.2.109 3683 <-> 109.151.226.230 5065 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:07.683710 0.291793 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:07.975937 0.321890 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:08.298414 0.307387 udp 10.0.2.109 3683 <-> 81.135.134.15 2262 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:08.606202 0.374340 udp 10.0.2.109 3683 <-> 5.98.202.140 6693 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:08.980912 0.312110 udp 10.0.2.109 3683 <-> 151.78.78.52 1252 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:09.293451 0.670590 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:09.964419 0.279084 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:10.243901 0.578106 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:50:10.822386 0.410572 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/07 07:54:05.982284 3.001181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 07:54:12.989274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:54:20.990387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:54:36.993859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 07:55:08.999883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:01:13.006432 3.000949 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 08:01:20.013562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:01:28.014378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:01:44.017626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:02:16.023561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:08:20.029691 3.001763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 08:08:27.036870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:08:35.038775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:08:45.754310 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 08:08:45.754452 2.744224 tcp 10.0.2.109 50531 -> 211.38.175.27 4598 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:08:51.041201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:09:23.047380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:15:27.054430 3.000686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 08:15:34.061006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:15:42.062355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:15:58.065213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:16:30.071644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:20:35.945432 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 08:20:35.945579 0.416190 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:36.362185 0.387544 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:36.750301 0.306567 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:37.057285 0.398506 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:37.456191 0.288739 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:37.745440 0.433417 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:38.179213 0.468723 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:38.648336 0.459279 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:39.108027 0.377829 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:39.486372 0.476206 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:39.999948 0.298028 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:40.298402 0.436003 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:40.734822 0.394856 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:41.130196 0.364831 udp 10.0.2.109 3683 <-> 152.2.57.118 6630 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:41.495397 0.353962 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:20:41.849797 0.000000 udp 10.0.2.109 3683 -> 211.38.175.27 2833 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 08:20:59.451501 0.598371 tcp 10.0.2.109 50532 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:21:00.050148 0.626721 tcp 10.0.2.109 50533 -> 195.113.214.222 80 SRPA* 0 0 22 11914 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:21:00.676935 0.408224 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:01.085592 0.275023 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:01.360950 0.312943 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:01.674402 0.424063 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:02.098873 0.351781 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:02.451094 0.542000 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:02.993477 0.366090 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:03.359912 0.441040 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:03.801360 0.403525 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:04.205364 0.372645 udp 10.0.2.109 3683 <-> 62.169.124.172 5507 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:04.578589 0.307403 udp 10.0.2.109 3683 <-> 217.246.50.222 5345 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:04.886422 0.297277 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:05.184123 0.000000 udp 10.0.2.109 3683 -> 81.149.97.55 1457 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 08:21:20.340404 0.572524 tcp 10.0.2.109 50534 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:21:20.913256 0.556439 tcp 10.0.2.109 50535 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:21:21.469987 1.180819 tcp 10.0.2.109 50536 -> 195.113.214.222 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:21:22.651508 0.316637 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:22.968518 0.293343 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:23.262423 0.000000 udp 10.0.2.109 3683 -> 109.151.226.230 5065 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 08:21:41.210160 0.565017 tcp 10.0.2.109 50537 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:21:41.775440 0.571778 tcp 10.0.2.109 50538 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:21:42.347513 1.181362 tcp 10.0.2.109 50539 -> 195.113.214.222 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:21:43.529152 0.284952 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:43.814505 0.403026 udp 10.0.2.109 3683 <-> 5.98.202.140 6693 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:44.217926 0.327510 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:44.545844 0.308314 udp 10.0.2.109 3683 <-> 81.135.134.15 2262 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:44.854587 0.322669 udp 10.0.2.109 3683 <-> 151.78.78.52 1252 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:45.177615 0.684621 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:45.862650 0.287101 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:46.150180 0.586242 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:21:46.736784 0.415425 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:22:34.077975 3.001160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 08:22:41.085190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:22:49.086953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:23:05.089827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:23:37.095581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:29:41.102023 3.000807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 08:29:48.108880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:29:56.110790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:30:12.113743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:30:44.119612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:36:48.126345 3.001126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 08:36:55.133107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:37:03.134385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:37:19.137332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:37:51.143358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:38:48.506482 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 08:38:48.506580 3.746218 tcp 10.0.2.109 50540 -> 211.38.175.27 4598 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:43:55.149815 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 08:44:02.156653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:44:10.158281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:44:26.161216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:44:58.167689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:51:02.173930 3.000952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 08:51:09.180497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:51:17.182687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:51:33.185444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:52:05.191625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:52:16.508127 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 08:52:16.508327 0.576007 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:52:17.084734 0.000000 udp 10.0.2.109 3683 -> 81.149.97.55 1457 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 08:52:34.936899 0.563994 tcp 10.0.2.109 50541 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:52:35.501176 0.580003 tcp 10.0.2.109 50542 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:52:36.081485 1.174515 tcp 10.0.2.109 50543 -> 195.113.214.222 443 SRPA* 0 0 28 14080 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:52:37.256603 0.000000 udp 10.0.2.109 3683 -> 109.151.226.230 5065 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 08:52:52.931440 0.562879 tcp 10.0.2.109 50544 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:52:53.494554 0.587228 tcp 10.0.2.109 50545 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:52:54.082030 1.198375 tcp 10.0.2.109 50546 -> 195.113.214.222 443 SRPA* 0 0 22 13128 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:52:55.281121 0.000000 udp 10.0.2.109 3683 -> 76.240.25.244 2185 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 08:53:12.068833 0.596450 tcp 10.0.2.109 50547 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:53:12.665534 0.675590 tcp 10.0.2.109 50548 -> 195.113.214.222 80 SRPA* 0 0 20 14722 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:53:13.341727 0.390179 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:13.732283 0.407176 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:14.139893 0.307167 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:14.447408 0.296073 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:14.867057 0.459570 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:15.327038 0.420470 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:15.747919 0.383820 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:16.132105 0.467854 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:16.600361 0.474101 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:17.074883 0.307671 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:17.382913 0.426208 rtcp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:17.809558 0.000000 udp 10.0.2.109 3683 -> 152.2.57.118 6630 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 08:53:35.732962 0.571421 tcp 10.0.2.109 50549 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:53:36.304737 0.633424 tcp 10.0.2.109 50550 -> 195.113.214.222 80 SRPA* 0 0 19 14671 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:53:36.938825 0.408024 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:37.347239 0.345651 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:37.693262 0.310724 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:38.004395 0.416897 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:38.421654 0.292817 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:38.714874 0.358688 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:39.073966 0.405574 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:39.479957 0.533738 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:40.014346 0.441730 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:40.456466 0.368679 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:53:40.825496 0.000000 udp 10.0.2.109 3683 -> 217.246.50.222 5345 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 08:53:58.535681 0.574860 tcp 10.0.2.109 50551 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:53:59.110825 0.571924 tcp 10.0.2.109 50552 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:53:59.683108 1.159612 tcp 10.0.2.109 50553 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 08:54:00.843310 0.491194 udp 10.0.2.109 3683 <-> 62.169.124.172 5507 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:01.334937 0.403681 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:01.739012 0.314247 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:02.053695 0.303947 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:02.358201 0.292629 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:02.651266 0.284852 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:02.936500 0.312732 udp 10.0.2.109 3683 <-> 81.135.134.15 2262 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:03.249598 0.371390 udp 10.0.2.109 3683 <-> 5.98.202.140 6693 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:03.621380 0.324395 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:03.946220 0.683766 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:04.630374 0.311578 udp 10.0.2.109 3683 <-> 151.78.78.52 1252 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:04.942338 0.299669 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:05.242363 0.588527 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:54:05.831301 0.436135 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/07 08:58:09.197933 3.001179 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 08:58:16.204455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:58:24.206504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:58:40.209442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 08:59:12.215391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:05:16.221825 3.001164 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 09:05:23.228639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:05:31.230774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:05:47.232938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:06:19.239616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:08:52.259899 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 09:08:52.260123 3.586485 tcp 10.0.2.109 50554 -> 211.38.175.27 4598 FSPA* 0 0 15 1660 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:12:23.245786 3.001494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 09:12:30.252981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:12:38.253908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:12:54.257136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:13:26.263671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:19:30.269681 3.001622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 09:19:37.276789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:19:45.278349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:20:01.281079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:20:33.287122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:24:06.333798 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 09:24:06.333996 0.413695 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:06.748038 0.000000 udp 10.0.2.109 3683 -> 152.2.57.118 6630 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:24:22.409600 0.564361 tcp 10.0.2.109 50555 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:24:22.974350 0.634907 tcp 10.0.2.109 50556 -> 195.113.214.222 80 SRPA* 0 0 18 13426 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:24:23.609891 0.000000 udp 10.0.2.109 3683 -> 217.246.50.222 5345 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:24:42.206143 0.580847 tcp 10.0.2.109 50557 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:24:42.787294 0.579462 tcp 10.0.2.109 50558 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:24:43.367063 1.157042 tcp 10.0.2.109 50559 -> 195.113.214.222 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:24:44.523331 0.585387 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:45.109097 0.403084 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:45.512636 0.307582 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:45.820662 0.389884 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:46.210897 0.289726 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:46.501061 0.464669 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:46.966130 0.433998 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:47.400551 0.376844 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:47.777834 0.466163 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:48.244395 0.464327 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:48.709111 0.300775 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:49.010257 0.429255 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:49.439923 0.352625 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:49.792991 0.388557 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:50.181974 0.309463 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:50.491780 0.279016 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:50.771161 0.419998 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:51.191519 0.361944 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:51.553922 0.441731 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:51.996013 0.531894 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:52.528275 0.441001 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:52.969698 0.379874 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:24:53.349984 0.000000 udp 10.0.2.109 3683 -> 62.169.124.172 5507 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:25:10.457072 0.587213 tcp 10.0.2.109 50560 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:25:11.044620 0.580868 tcp 10.0.2.109 50561 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:25:11.625736 1.161154 tcp 10.0.2.109 50562 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:25:12.787602 0.406460 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:25:13.194570 0.314464 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:25:13.509442 0.301630 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:25:13.811469 0.307937 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:25:14.119823 0.286201 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:25:14.406515 0.333332 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:25:14.740190 0.000000 udp 10.0.2.109 3683 -> 81.135.134.15 2262 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:25:29.865078 0.572576 tcp 10.0.2.109 50563 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:25:30.437465 0.569066 tcp 10.0.2.109 50564 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:25:31.006334 1.154912 tcp 10.0.2.109 50565 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:25:32.161839 0.000000 udp 10.0.2.109 3683 -> 5.98.202.140 6693 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:25:50.965278 0.556507 tcp 10.0.2.109 50566 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:25:51.522028 0.574251 tcp 10.0.2.109 50567 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:25:52.096552 1.175512 tcp 10.0.2.109 50568 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:25:53.272620 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:26:10.813613 0.568974 tcp 10.0.2.109 50569 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:26:11.382881 0.583370 tcp 10.0.2.109 50570 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:26:11.966547 1.170800 tcp 10.0.2.109 50571 -> 195.113.214.222 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:26:13.137866 0.316049 udp 10.0.2.109 3683 <-> 151.78.78.52 1252 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:26:13.454395 0.285999 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:26:13.740802 0.584751 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:26:14.325939 0.453761 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:26:37.294201 3.000921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 09:26:44.300950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:26:52.302039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:27:08.304999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:27:40.310873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:33:44.316504 3.002387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 09:33:51.324898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:33:59.325956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:34:15.329405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:34:47.335300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:38:55.853331 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 09:38:55.853439 2.681991 tcp 10.0.2.109 50572 -> 211.38.175.27 4598 FSPA* 0 0 15 1567 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:40:51.341736 3.001263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 09:40:58.348236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:41:06.350393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:41:22.352975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:41:54.359317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:47:58.365714 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 09:48:05.372642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:48:13.374282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:48:29.376861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:49:01.383233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:55:05.388896 3.002141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 09:55:12.396757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:55:20.397947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:55:36.400979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:56:08.407345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 09:56:30.298900 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 09:56:30.299088 0.860048 udp 10.0.2.109 3683 -> 62.169.124.172 5507 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:56:31.159136 0.000000 icmp 62.169.124.172 0x0303 -> 10.0.2.109 0x8315 URP 192 1 216 flow=Background 1970/01/07 09:56:47.825880 0.563622 tcp 10.0.2.109 50573 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:56:48.389835 0.632817 tcp 10.0.2.109 50574 -> 195.113.214.222 80 SRPA* 0 0 19 13372 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:56:49.023275 0.000000 udp 10.0.2.109 3683 -> 81.135.134.15 2262 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:57:05.700514 0.569492 tcp 10.0.2.109 50575 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:57:06.270445 0.564409 tcp 10.0.2.109 50576 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:57:06.835137 1.169998 tcp 10.0.2.109 50577 -> 195.113.214.222 443 SRPA* 0 0 24 13392 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:57:08.005942 0.000000 udp 10.0.2.109 3683 -> 5.98.202.140 6693 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:57:24.928082 0.561764 tcp 10.0.2.109 50578 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:57:25.489728 0.564512 tcp 10.0.2.109 50579 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:57:26.054520 1.204269 tcp 10.0.2.109 50580 -> 195.113.214.222 443 SRPA* 0 0 22 13128 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:57:27.259384 0.680814 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:27.940618 0.411410 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:28.352443 0.384419 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:28.737240 0.299406 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:29.037002 0.572060 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:29.609455 0.467186 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:30.077032 0.391260 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:30.468721 0.291471 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:30.760619 0.376584 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:31.137601 0.424492 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:31.562449 0.467000 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:32.029862 0.476716 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:32.506990 0.294689 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:32.802260 0.347004 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:33.149652 0.430569 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:33.580642 0.334633 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:33.915685 0.280799 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:34.196871 0.396098 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:34.593318 0.421967 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:35.015795 0.355877 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:35.372039 0.426257 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:35.798765 0.532752 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:36.331872 0.447601 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:36.779885 0.900996 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:37.681249 0.307257 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:37.988889 0.303169 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:38.292435 0.407959 udp 10.0.2.109 3683 <-> 174.91.133.76 1885 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:38.700841 0.298772 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:38.999993 0.325489 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:39.325937 0.282195 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:39.608515 0.000000 udp 10.0.2.109 3683 -> 151.78.78.52 1252 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 09:57:56.213416 0.571792 tcp 10.0.2.109 50581 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:57:56.784974 0.619507 tcp 10.0.2.109 50582 -> 195.113.214.222 80 SRPA* 0 0 18 8384 flow=From-Botnet-V1-TCP-Established 1970/01/07 09:57:57.405005 0.281410 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:57.686813 0.587893 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/07 09:57:58.275125 0.415855 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:02:12.413344 3.001750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 10:02:19.420569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:02:27.421846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:02:43.424941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:03:15.430893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:08:58.534802 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 10:08:58.534914 2.686827 tcp 10.0.2.109 50583 -> 211.38.175.27 4598 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:09:19.437731 3.000878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 10:09:26.444181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:09:34.446276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:09:50.448834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:10:22.455023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:16:26.461671 3.001052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 10:16:33.468175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:16:41.469580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:16:57.473106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:17:29.479338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:23:33.485062 3.001333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 10:23:40.492118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:23:48.493719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:24:04.496973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:24:36.503026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:27:59.785870 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 10:27:59.785984 0.000000 udp 10.0.2.109 3683 -> 151.78.78.52 1252 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 10:28:15.039866 0.580276 tcp 10.0.2.109 50584 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:28:15.619959 0.603447 tcp 10.0.2.109 50585 -> 195.113.214.222 80 SRPA* 0 0 19 14669 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:28:16.224034 0.674118 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:16.898563 0.383662 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:17.282653 0.412998 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:17.695992 0.306478 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:18.002856 0.585822 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:18.589059 0.294966 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:18.884458 0.396341 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:19.281216 0.467669 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:19.749223 0.421374 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:20.171027 0.384217 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:20.555610 0.477097 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:21.033187 0.458881 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:21.492413 0.291809 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:21.784560 0.424194 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:22.209112 0.349174 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:22.558698 0.322827 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:22.881936 0.394166 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:23.276513 0.272318 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:23.549180 0.503951 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:24.053552 0.413010 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:24.466965 0.352806 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:24.820128 0.437789 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:25.258351 0.524890 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:25.783634 0.325345 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:26.109399 0.297594 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:26.407348 0.291561 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:26.699302 0.000000 udp 10.0.2.109 3683 -> 174.91.133.76 1885 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 10:28:42.657984 0.566813 tcp 10.0.2.109 50586 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:28:43.225155 0.584054 tcp 10.0.2.109 50587 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:28:43.809572 1.176518 tcp 10.0.2.109 50588 -> 195.113.214.222 443 SRPA* 0 0 30 14188 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:28:44.986836 0.298797 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:45.286006 0.284289 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:45.570689 0.322237 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:45.893344 0.279154 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:46.172856 0.575287 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:28:46.748554 0.418250 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:30:40.508932 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 10:30:47.516771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:30:55.517735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:31:11.520961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:31:43.526904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:37:47.533089 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 10:37:54.540103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:38:02.541683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:38:18.544650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:38:50.550932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:39:01.226588 0.000175 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 10:39:01.226857 2.670934 tcp 10.0.2.109 50589 -> 211.38.175.27 4598 FSPA* 0 0 14 1650 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:44:54.556981 3.002065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 10:45:01.564530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:45:09.565717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:45:25.568987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:45:57.575102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:52:01.581419 3.001001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 10:52:08.587920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:52:16.589578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:52:32.592773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:53:04.598804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:58:49.404646 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 10:58:49.404855 0.396902 udp 10.0.2.109 3683 -> 174.91.133.76 1885 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 10:58:49.801757 0.000000 icmp 174.91.133.76 0x0303 -> 10.0.2.109 0x5d07 URP 192 1 87 flow=Background 1970/01/07 10:59:06.742346 0.573373 tcp 10.0.2.109 50590 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:59:07.316032 0.591752 tcp 10.0.2.109 50591 -> 195.113.214.222 80 SRPA* 0 0 18 13325 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:59:07.908406 0.676003 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:08.584917 0.389730 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:08.605289 3.000825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 10:59:08.975042 0.408419 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:09.383819 0.294197 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:09.678569 0.594318 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:10.273355 0.281319 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:10.555142 0.467301 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:11.022815 0.396869 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:11.420074 0.371922 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:11.792379 0.429961 udp 10.0.2.109 3683 <-> 75.163.77.21 2186 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:12.222756 0.458495 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:12.681604 0.474289 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:13.156297 0.289686 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:13.446552 0.361381 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:13.808376 0.356650 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:14.165425 0.425896 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:14.591692 0.418883 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:15.010948 0.280874 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:15.292228 0.362024 udp 10.0.2.109 3683 <-> 93.173.128.162 7820 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:15.612143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:59:15.654725 0.419665 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:16.074826 0.406752 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:16.481980 0.530386 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:17.012758 0.438522 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:17.451687 0.300902 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:17.752997 0.307324 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:18.060636 0.330283 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:18.391267 0.000000 udp 10.0.2.109 3683 -> 217.85.203.243 5770 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 10:59:23.613813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 10:59:33.519114 0.560078 tcp 10.0.2.109 50592 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:59:34.079478 0.601592 tcp 10.0.2.109 50593 -> 195.113.214.222 80 SRPA* 0 0 19 14621 flow=From-Botnet-V1-TCP-Established 1970/01/07 10:59:34.681681 0.320855 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:35.002872 0.300917 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:35.304176 0.277300 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:35.581818 0.584727 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:36.166962 0.411761 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/07 10:59:39.617095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:00:11.623186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:06:15.628502 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 11:06:22.636043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:06:30.637363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:06:46.640689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:07:18.646401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:09:03.898712 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 11:09:03.898832 2.700327 tcp 10.0.2.109 50594 -> 211.38.175.27 4598 FSPA* 0 0 14 1621 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:13:22.653160 3.001371 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 11:13:29.660104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:13:37.661420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:13:53.664463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:14:25.671173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:20:29.676934 3.001527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 11:20:36.683776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:20:44.685798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:21:00.688268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:21:32.694623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:27:36.700333 3.002260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 11:27:43.708078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:27:51.709355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:28:07.712762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:28:39.718296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:29:52.914309 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 11:29:52.914413 0.000000 udp 10.0.2.109 3683 -> 217.85.203.243 5770 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 11:30:10.532491 0.591624 tcp 10.0.2.109 50595 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:30:11.124406 0.558354 tcp 10.0.2.109 50596 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:30:11.683057 1.394177 tcp 10.0.2.109 50597 -> 195.113.214.222 443 SRPA* 0 0 37 27275 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:30:13.077988 0.685652 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:13.764003 0.396844 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:14.161281 0.312381 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:14.474018 0.407021 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:14.881414 0.597285 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:15.479099 0.286206 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:15.765690 0.384121 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:16.166862 0.404921 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:16.572163 0.462781 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:17.035293 0.000000 udp 10.0.2.109 3683 -> 75.163.77.21 2186 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 11:30:32.922873 0.582698 tcp 10.0.2.109 50598 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:30:33.505836 0.577543 tcp 10.0.2.109 50599 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:30:34.083713 1.185321 tcp 10.0.2.109 50600 -> 195.113.214.222 443 SRPA* 0 0 23 13378 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:30:35.269777 0.474840 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:35.744976 0.292279 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:36.037659 0.470290 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:36.508393 0.304310 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:36.813139 0.422902 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:37.236478 0.424652 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:37.661534 0.352732 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:38.014627 0.275586 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:38.290639 0.000000 udp 10.0.2.109 3683 -> 93.173.128.162 7820 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 11:30:54.793818 0.601050 tcp 10.0.2.109 50601 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:30:55.395172 0.562979 tcp 10.0.2.109 50602 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:30:55.958458 1.169435 tcp 10.0.2.109 50603 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:30:57.128649 0.407443 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:57.536547 0.415566 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:30:57.952540 0.000000 udp 10.0.2.109 3683 -> 70.239.198.69 9706 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 11:31:16.625293 0.574281 tcp 10.0.2.109 50604 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:31:17.199854 0.677254 tcp 10.0.2.109 50605 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:31:17.877378 1.187578 tcp 10.0.2.109 50606 -> 195.113.214.222 443 SRPA* 0 0 23 13772 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:31:19.065760 0.524111 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:31:19.590486 0.302938 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:31:19.893830 0.419443 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:31:20.313667 0.307531 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:31:20.621645 0.330604 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:31:20.952663 0.316177 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:31:21.269189 0.288399 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:31:21.557934 0.585779 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:31:22.144105 0.408249 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/07 11:34:43.724816 3.001096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 11:34:50.732354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:34:58.733529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:35:14.736541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:35:46.742918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:39:06.600703 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 11:39:06.600845 2.674405 tcp 10.0.2.109 50607 -> 211.38.175.27 4598 FSPA* 0 0 14 1715 flow=From-Botnet-V1-TCP-Established 1970/01/07 11:41:50.748817 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 11:41:57.755666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:42:05.757833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:42:21.760172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:42:53.766361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:48:57.773080 3.000818 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 11:49:04.779726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:49:12.781832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:49:28.784625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:50:00.790254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:56:04.796885 3.001221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 11:56:11.804123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:56:19.805074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:56:35.808409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 11:57:07.814731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:01:32.946298 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 12:01:32.946517 0.000000 udp 10.0.2.109 3683 -> 75.163.77.21 2186 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 12:01:48.821102 0.575036 tcp 10.0.2.109 50608 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:01:49.396413 0.583859 tcp 10.0.2.109 50609 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:01:49.980538 1.195753 tcp 10.0.2.109 50610 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:01:51.177622 0.000000 udp 10.0.2.109 3683 -> 93.173.128.162 7820 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 12:02:09.839888 0.585313 tcp 10.0.2.109 50611 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:02:10.425473 0.568806 tcp 10.0.2.109 50612 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:02:10.994593 1.168280 tcp 10.0.2.109 50613 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:02:12.163588 0.439284 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:12.603255 0.676372 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:13.280038 0.410684 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:13.691139 0.310001 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:14.001576 0.625926 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:14.627971 0.283688 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:14.912034 0.581668 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:15.494133 0.390442 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:15.884913 0.379551 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:16.264886 0.561467 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:16.826762 0.533112 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:17.360223 0.473971 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:17.834620 0.286388 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:18.121435 0.310006 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:18.431801 0.397603 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:18.829810 0.434853 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:19.265058 0.287376 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:19.552833 0.354690 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:19.907977 0.407077 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:20.315403 0.411591 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:20.727347 0.296403 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:21.024145 0.528480 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:21.553039 0.296873 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:21.850342 0.325475 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:22.176252 0.320474 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:22.497138 0.304349 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:22.801920 0.273321 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:23.075604 0.590485 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:02:23.666467 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 12:02:39.192422 0.568230 tcp 10.0.2.109 50614 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:02:39.760946 0.570447 tcp 10.0.2.109 50615 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:02:40.331740 1.167175 tcp 10.0.2.109 50616 -> 195.113.214.222 443 SRPA* 0 0 23 13378 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:03:11.821141 3.001134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 12:03:18.827849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:03:26.829176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:03:42.832113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:04:14.838637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:09:09.282343 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 12:09:09.282533 2.705639 tcp 10.0.2.109 50617 -> 211.38.175.27 4598 FSPA* 0 0 14 1541 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:10:18.844830 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 12:10:25.851764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:10:33.853618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:10:49.856138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:11:21.862365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:17:25.869121 3.000703 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 12:17:32.875936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:17:40.877441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:17:56.880133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:18:28.886522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:24:32.892832 3.001734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 12:24:39.899614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:24:47.901478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:25:03.903950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:25:35.910280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:31:39.916863 3.001406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 12:31:46.923849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:31:54.924913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:32:10.928135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:32:42.934422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:33:00.098977 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 12:33:00.099219 0.416772 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:00.516387 0.440398 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:00.957151 0.301674 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:01.259257 0.668201 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:01.927897 0.410028 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:02.338368 0.384822 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:02.723607 0.289173 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:03.013182 0.583903 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:03.597501 0.404189 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:04.002226 0.370374 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:04.373029 0.488104 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:04.861507 0.455049 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:05.316964 0.471142 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:05.788531 0.310522 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:06.099431 0.292323 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:06.392152 0.397179 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:06.789759 0.356868 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:07.147054 0.433328 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:07.580797 0.282191 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:07.863414 0.430717 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:08.294566 0.401865 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:08.696905 0.531773 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:09.229075 0.297104 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:09.526615 0.296892 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:09.823909 0.427997 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:10.252334 0.323971 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:10.576729 0.329088 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:10.906230 0.272604 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:33:11.179220 0.590295 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/07 12:38:46.940922 3.001058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 12:38:53.947612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:39:01.949533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:39:11.994649 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 12:39:11.994746 2.694071 tcp 10.0.2.109 50618 -> 211.38.175.27 4598 FSPA* 0 0 14 1716 flow=From-Botnet-V1-TCP-Established 1970/01/07 12:39:17.952459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:39:49.958162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:45:53.963713 3.001913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 12:46:00.971757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:46:08.972947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:46:24.976035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:46:56.982561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:53:00.988473 3.001859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 12:53:07.995743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:53:15.997233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:53:32.000032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 12:54:04.006012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:00:08.012915 3.000920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 13:00:15.019698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:00:23.020953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:00:39.023854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:01:11.030126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:03:34.776786 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 13:03:34.776947 0.446239 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:35.223643 0.439536 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:35.663624 0.307561 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:35.971604 0.669315 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:36.641284 0.415956 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:37.057625 0.387282 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:37.445408 0.281785 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:37.727542 0.589632 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:38.317615 0.393129 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:38.711102 0.379423 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:39.090899 0.469633 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:39.560948 0.472082 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:40.068565 0.472611 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:40.541593 0.313897 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:40.855953 0.288935 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:41.145338 0.395949 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:41.541683 0.280725 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:41.822822 0.343433 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:42.166696 0.436489 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:42.603541 0.415296 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:43.019237 0.399544 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:43.419141 0.526714 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:43.946318 0.313325 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:44.260056 0.311312 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:44.571724 0.309231 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:44.881299 0.822430 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:45.704094 0.338286 udp 10.0.2.109 3683 <-> 88.253.110.178 6663 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:46.042776 0.277912 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:03:46.321081 0.586122 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:07:15.036272 3.001206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 13:07:22.043266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:07:30.045317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:07:46.048097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:08:18.053764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:09:14.696412 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 13:09:14.696520 2.738495 tcp 10.0.2.109 50619 -> 211.38.175.27 4598 FSPA* 0 0 14 1697 flow=From-Botnet-V1-TCP-Established 1970/01/07 13:14:22.059793 3.001902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 13:14:29.067657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:14:37.068915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:14:53.072224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:15:25.077880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:21:29.085233 3.000967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 13:21:36.091864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:21:44.093490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:22:00.096296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:22:32.102189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:28:36.108389 3.001366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 13:28:43.115444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:28:51.117291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:29:07.119695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:29:39.125690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:33:57.167475 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 13:33:57.167575 0.301902 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:33:57.469905 0.425492 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:33:57.895782 0.435257 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:33:58.331523 0.669185 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:33:59.001163 0.286168 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:33:59.287746 0.424006 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:33:59.712165 0.394420 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:00.106953 0.582161 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:00.689497 0.400452 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:01.090339 0.395481 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:01.486287 0.528316 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:02.015006 0.327066 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:02.342483 0.517874 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:02.860741 0.493921 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:03.355030 0.296417 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:03.651843 0.395152 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:04.047412 0.295896 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:04.343681 0.360401 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:04.704522 0.429945 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:05.134900 0.529210 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:05.664534 0.418289 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:06.083221 0.410256 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:06.493846 0.288102 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:06.782335 0.309066 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:07.091800 0.307172 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:07.399416 0.750312 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:08.150164 0.588525 udp 10.0.2.109 3683 <-> 111.254.120.123 6738 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:34:08.739087 0.000000 udp 10.0.2.109 3683 -> 88.253.110.178 6663 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 13:34:24.459320 0.567715 tcp 10.0.2.109 50620 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 13:34:25.027349 0.561336 tcp 10.0.2.109 50621 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 13:34:25.588483 1.404030 tcp 10.0.2.109 50622 -> 195.113.214.222 443 SRPA* 0 0 38 27291 flow=From-Botnet-V1-TCP-Established 1970/01/07 13:34:26.993080 0.272961 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/07 13:35:43.132881 3.001084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 13:35:50.139517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:35:58.141137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:36:14.143747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:36:46.150071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:39:17.437728 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 13:39:17.437833 2.662617 tcp 10.0.2.109 50623 -> 211.38.175.27 4598 FSPA* 0 0 15 1778 flow=From-Botnet-V1-TCP-Established 1970/01/07 13:42:50.156587 3.001395 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 13:42:57.163296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:43:05.165011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:43:21.167685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:43:53.173956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:49:57.180053 3.001208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 13:50:04.187162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:50:12.189096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:50:28.191795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:51:00.197793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:57:04.204098 3.001789 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 13:57:11.211242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:57:19.212657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:57:35.216186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 13:58:07.221802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:04:11.227913 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 14:04:18.235697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:04:26.257106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:04:42.259735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:04:49.450268 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 14:04:49.450374 0.000000 udp 10.0.2.109 3683 -> 88.253.110.178 6663 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 14:05:06.047065 0.566807 tcp 10.0.2.109 50624 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:05:06.614219 0.568894 tcp 10.0.2.109 50625 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:05:07.183395 1.166310 tcp 10.0.2.109 50626 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:05:08.350320 0.301218 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:08.651964 0.429604 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:09.081985 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 14:05:14.266055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:05:24.421818 0.563816 tcp 10.0.2.109 50627 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:05:24.985905 0.571141 tcp 10.0.2.109 50628 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:05:25.557356 1.182227 tcp 10.0.2.109 50629 -> 195.113.214.222 443 SRPA* 0 0 24 13200 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:05:26.740280 0.438710 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:27.179410 0.286548 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:27.466395 0.415568 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:27.882519 0.587368 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:28.470412 0.384599 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:28.855432 0.389903 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:29.245707 0.392801 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:29.638912 0.318312 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:29.957637 0.479432 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:30.437477 0.463973 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:30.901832 0.291400 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:31.193645 0.475473 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:31.669464 0.411632 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:32.081537 0.275027 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:32.356986 0.352149 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:32.709560 0.442841 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:33.152883 0.541307 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:33.694530 0.312963 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:34.007875 0.420555 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:34.428840 0.414906 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:34.844092 0.311582 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:35.156112 0.306665 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:35.463161 0.330341 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:05:35.793901 0.000000 rtcp 10.0.2.109 3683 -> 111.254.120.123 6738 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 14:05:52.872666 0.569260 tcp 10.0.2.109 50630 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:05:53.442413 0.580196 tcp 10.0.2.109 50631 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:05:54.022887 1.167878 tcp 10.0.2.109 50632 -> 195.113.214.222 443 SRPA* 0 0 27 12042 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:05:55.190562 0.000000 udp 10.0.2.109 3683 -> 87.185.130.35 3612 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 14:06:14.173219 0.572312 tcp 10.0.2.109 50633 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:06:14.745808 0.595041 tcp 10.0.2.109 50634 -> 195.113.214.222 80 SRPA* 0 0 20 13492 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:09:20.099688 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 14:09:20.099793 2.733267 tcp 10.0.2.109 50635 -> 211.38.175.27 4598 FSPA* 0 0 14 1606 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:11:18.272148 3.001325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 14:11:25.279210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:11:33.281008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:11:49.283947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:12:21.290205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:18:25.296526 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 14:18:32.302928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:18:40.304887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:18:56.307775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:19:28.313492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:25:32.319349 3.002160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 14:25:39.326973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:25:47.328851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:26:03.331758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:26:35.337768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:32:39.343608 3.001913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 14:32:46.351522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:32:54.803009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:33:10.806321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:33:42.812670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:36:38.555634 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 14:36:38.555830 0.669410 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:36:39.225633 0.000000 udp 10.0.2.109 3683 -> 111.254.120.123 6738 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 14:36:55.071521 0.559892 tcp 10.0.2.109 50636 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:36:55.631720 0.569637 tcp 10.0.2.109 50637 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:36:56.201278 1.348699 tcp 10.0.2.109 50638 -> 195.113.214.222 443 SRPA* 0 0 33 24763 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:36:57.550606 0.273922 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:36:57.824942 0.302718 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:36:58.128025 0.417924 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:36:58.546395 0.406119 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:36:58.952893 0.433513 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:36:59.386759 0.289480 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:36:59.676643 0.579808 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:00.256792 0.391839 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:00.649019 0.308327 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:00.957705 0.465051 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:01.423148 0.373457 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:01.797006 0.466720 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:02.264148 0.459833 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:02.724365 0.465158 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:03.189966 0.283701 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:03.474247 0.403318 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:03.877926 0.277798 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:04.156128 0.347128 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:04.503653 0.524335 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:05.028424 0.425393 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:05.454396 0.414839 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:05.869620 0.295101 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:06.165149 0.422724 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:06.588288 0.312484 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:06.901158 0.296269 udp 10.0.2.109 3683 <-> 78.49.196.215 5245 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:37:07.197792 0.435358 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/07 14:39:23.041647 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 14:39:23.041858 2.676797 tcp 10.0.2.109 50639 -> 211.38.175.27 4598 FSPA* 0 0 14 1704 flow=From-Botnet-V1-TCP-Established 1970/01/07 14:39:46.818919 3.001469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 14:39:53.826041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:40:01.827246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:40:17.830177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:40:49.836322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:46:53.842323 3.001350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 14:47:00.849757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:47:08.851741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:47:24.854037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:47:56.860042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:54:00.866466 3.001518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 14:54:07.873905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:54:15.875445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:54:31.877983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 14:55:03.884113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:01:07.891158 3.000652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 15:01:14.897792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:01:22.899485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:01:38.902266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:02:10.908365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:07:23.688148 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 15:07:23.688401 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 15:07:38.952087 0.577505 tcp 10.0.2.109 50640 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:07:39.529423 0.605278 tcp 10.0.2.109 50641 -> 195.113.214.222 80 SRPA* 0 0 18 13423 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:07:40.135211 0.425156 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:40.560786 0.279010 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:40.840169 0.303541 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:41.144111 0.416025 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:41.560499 0.446326 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:42.007180 0.280161 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:42.287741 0.584260 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:42.872418 0.391850 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:43.264650 0.382691 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:43.647672 0.300961 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:43.949078 0.403107 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:44.352578 0.461273 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:44.814438 0.482457 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:45.297296 0.456220 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:45.753860 0.294850 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:46.049075 0.351737 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:46.401304 0.394586 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:46.796281 0.283676 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:47.080362 0.532307 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:47.613024 0.434417 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:48.047841 0.409348 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:48.457620 0.466139 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:48.924219 0.308524 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:49.233104 0.342461 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:49.592788 0.292877 udp 10.0.2.109 3683 <-> 5.178.169.149 8662 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:07:49.886068 0.000000 udp 10.0.2.109 3683 -> 78.49.196.215 5245 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 15:08:06.290222 0.573855 tcp 10.0.2.109 50642 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:08:06.864325 0.580258 tcp 10.0.2.109 50643 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:08:07.444884 1.391319 tcp 10.0.2.109 50644 -> 195.113.214.222 443 SRPA* 0 0 39 27985 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:08:14.914444 3.001664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 15:08:21.921978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:08:29.923546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:08:45.925952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:09:17.952538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:09:25.723956 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 15:09:25.724061 2.710361 tcp 10.0.2.109 50645 -> 211.38.175.27 4598 FSPA* 0 0 14 1689 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:15:21.959173 3.000617 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 15:15:28.965830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:15:36.966976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:15:53.480714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:16:25.486659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:22:29.493620 3.001286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 15:22:36.500518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:22:44.501759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:23:00.504940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:23:32.511282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:29:36.517201 3.001501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 15:29:43.524306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:29:51.526057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:30:07.528657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:30:39.534896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:36:43.540256 3.002076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 15:36:50.548392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:36:58.549702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:37:14.552956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:37:46.558576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:38:38.113379 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 15:38:38.113570 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 15:38:54.688716 0.579203 tcp 10.0.2.109 50646 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:38:55.268232 0.574602 tcp 10.0.2.109 50647 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:38:55.842775 1.156458 tcp 10.0.2.109 50648 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:38:56.999976 0.000000 udp 10.0.2.109 3683 -> 78.49.196.215 5245 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 15:39:15.568065 0.561821 tcp 10.0.2.109 50649 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:39:16.130243 0.565415 tcp 10.0.2.109 50650 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:39:16.695956 1.154916 tcp 10.0.2.109 50651 -> 195.113.214.222 443 SRPA* 0 0 25 13918 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:39:17.851445 0.443528 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:18.295327 0.310233 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:18.605932 0.410478 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:19.016816 0.000000 udp 10.0.2.109 3683 -> 87.185.130.35 3612 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 15:39:28.685965 2.719354 tcp 10.0.2.109 50652 -> 211.38.175.27 4598 FSPA* 0 0 15 1752 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:39:35.676893 0.578306 tcp 10.0.2.109 50653 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:39:36.255493 0.603698 tcp 10.0.2.109 50654 -> 195.113.214.222 80 SRPA* 0 0 19 14641 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:39:36.859689 0.298995 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:37.159017 0.445415 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:37.604800 0.392073 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:37.997216 0.581079 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:38.578660 0.382040 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:38.961122 0.470381 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:39.431873 0.395039 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:39.827349 0.312527 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:40.140260 0.471629 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:40.612249 0.454873 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:41.067470 0.392366 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:41.460254 0.291158 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:41.751786 0.348908 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:42.101145 0.278507 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:42.380015 0.534720 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:42.915082 0.428415 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:43.343925 0.419236 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:43.763551 0.291000 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:44.054959 0.414262 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:44.469645 0.992785 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/07 15:39:45.462797 0.000000 udp 10.0.2.109 3683 -> 5.178.169.149 8662 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 15:40:04.047936 0.577330 tcp 10.0.2.109 50655 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:40:04.625588 0.575789 tcp 10.0.2.109 50656 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:40:05.201660 1.140865 tcp 10.0.2.109 50657 -> 195.113.214.222 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/07 15:43:50.565321 3.000939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 15:43:57.572081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:44:05.573505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:44:21.577101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:44:53.582977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:50:57.589328 3.000963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 15:51:04.596020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:51:12.597872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:51:28.600902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:52:00.607245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:58:04.612863 3.001486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 15:58:11.619849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:58:19.621525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:58:35.624862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 15:59:07.630857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:05:11.637550 3.000606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 16:05:18.644533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:05:26.645703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:05:42.648536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:06:14.654704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:09:31.408152 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:09:31.408288 2.649541 tcp 10.0.2.109 50658 -> 211.38.175.27 4598 FSPA* 0 0 15 1608 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:10:12.196434 0.294382 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:12.491166 0.000000 udp 10.0.2.109 3683 -> 5.178.169.149 8662 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:10:28.061553 0.568021 tcp 10.0.2.109 50659 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:10:28.629881 0.626099 tcp 10.0.2.109 50660 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:10:29.256286 1.153265 tcp 10.0.2.109 50661 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:10:30.410493 0.317256 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:30.728148 0.429716 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:31.158367 0.414372 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:31.573156 0.390613 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:31.964135 0.299061 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:32.263555 0.450637 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:32.714565 0.586496 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:33.301466 0.380707 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:33.682494 0.468375 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:34.151216 0.415122 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:34.566736 0.327334 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:34.894531 0.463394 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:35.358423 0.460976 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:35.819854 0.289756 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:36.110057 0.414906 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:36.525359 0.355635 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:36.881443 0.273034 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:37.154803 0.541210 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:37.696411 0.305503 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:38.002299 0.411078 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:38.413750 0.434441 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:38.848582 0.417927 rtcp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:39.266949 0.358904 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:39.637259 0.296122 udp 10.0.2.109 3683 <-> 87.185.130.35 3612 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:39.933841 0.289813 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 756 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:40.224208 0.409306 udp 10.0.2.109 3683 <-> 76.240.25.244 2185 CON 0 0 2 721 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:40.633993 0.403206 udp 10.0.2.109 3683 <-> 69.159.203.121 9541 CON 0 0 2 835 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:41.037768 0.431791 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:41.470211 0.292095 udp 10.0.2.109 3683 <-> 91.207.7.129 3326 CON 0 0 2 729 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:41.762749 0.450609 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 680 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:42.213857 0.387214 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 745 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:42.601606 0.598027 udp 10.0.2.109 3683 <-> 211.38.175.27 2833 CON 0 0 2 697 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:43.200063 0.400374 udp 10.0.2.109 3683 <-> 71.10.54.162 3559 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:43.676884 0.298332 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 778 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:43.975623 0.461963 udp 10.0.2.109 3683 <-> 76.219.229.27 4508 CON 0 0 2 680 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:44.438023 0.463606 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 808 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:44.902118 0.468178 udp 10.0.2.109 3683 <-> 200.84.7.244 8376 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:45.370811 0.398317 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 784 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:45.769589 0.345751 udp 10.0.2.109 3683 <-> 86.142.201.20 3951 CON 0 0 2 807 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:46.115797 0.305283 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:46.421590 0.276683 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:46.698770 0.538189 udp 10.0.2.109 3683 <-> 58.177.94.240 3935 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:47.237380 0.291844 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:47.529786 0.443805 udp 10.0.2.109 3683 <-> 72.201.209.113 1245 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:47.974166 0.409759 udp 10.0.2.109 3683 <-> 24.89.66.169 9667 CON 0 0 2 792 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:48.384490 0.378195 udp 10.0.2.109 3683 <-> 79.0.63.117 3810 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:48.763220 0.411750 rtcp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 721 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:10:49.175562 0.000000 udp 10.0.2.109 3683 -> 190.171.192.166 2773 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:10:54.367448 0.000000 udp 10.0.2.109 3683 -> 96.46.115.18 8592 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:11:02.027816 0.000000 udp 10.0.2.109 3683 -> 96.56.118.106 4157 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:11:09.669167 0.000000 udp 10.0.2.109 3683 -> 87.29.121.158 9059 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:11:14.485555 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:11:15.297355 0.000000 udp 10.0.2.109 3683 -> 66.184.211.138 6629 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:11:21.926342 0.540033 udp 10.0.2.109 3683 <-> 186.49.74.5 3993 CON 0 0 2 808 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:11:22.543761 0.404573 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 679 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:11:23.014095 0.746493 udp 10.0.2.109 3683 <-> 2.28.32.229 3796 CON 0 0 2 775 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:11:23.801516 0.000000 udp 10.0.2.109 3683 -> 95.137.139.228 8630 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:11:28.966949 0.387090 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 847 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:11:29.468048 0.000000 udp 10.0.2.109 3683 -> 213.178.202.122 5797 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:11:37.258512 0.000000 udp 10.0.2.109 3683 -> 66.229.114.179 6372 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:11:45.901349 0.410302 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:11:46.322828 0.000000 udp 10.0.2.109 3683 -> 79.6.123.222 6222 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:11:52.590879 0.000000 udp 10.0.2.109 3683 -> 203.48.112.135 8661 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:11:59.120358 0.401643 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 838 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:11:59.531932 0.000000 udp 10.0.2.109 3683 -> 108.69.2.137 4983 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:12:03.987018 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:12:06.220067 0.000000 udp 10.0.2.109 3683 -> 76.108.64.179 3759 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:12:15.223313 0.000000 udp 10.0.2.109 3683 -> 87.138.133.142 5320 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:12:18.660810 3.001564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 16:12:23.184664 0.000000 udp 10.0.2.109 3683 -> 213.123.237.210 4919 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:12:25.667973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:12:28.422303 0.000000 udp 10.0.2.109 3683 -> 59.98.248.40 1496 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:12:33.669843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:12:36.193099 0.000000 udp 10.0.2.109 3683 -> 66.226.195.97 1580 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:12:43.834163 0.461580 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 709 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:12:44.305834 0.668693 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:12:44.984211 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:12:48.480656 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:12:49.672435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:12:51.645621 0.000000 udp 10.0.2.109 3683 -> 78.166.67.37 6925 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:12:59.096641 0.000000 udp 10.0.2.109 3683 -> 62.94.88.24 7838 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:13:05.325164 0.000000 udp 10.0.2.109 3683 -> 66.212.108.34 7247 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:13:13.196910 0.355737 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 746 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:13:13.562903 0.000000 udp 10.0.2.109 3683 -> 144.132.220.246 9163 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:13:20.386887 0.000000 udp 10.0.2.109 3683 -> 69.165.146.31 2504 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:13:21.678462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:13:29.279676 0.395678 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 730 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:13:29.694762 0.546622 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 678 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:13:30.250688 0.000000 udp 10.0.2.109 3683 -> 78.180.230.208 3468 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:13:33.986090 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:13:39.003803 0.000000 udp 10.0.2.109 3683 -> 5.55.156.255 6130 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:13:47.526463 0.562094 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:13:48.101809 0.330963 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 746 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:13:48.443564 0.000000 udp 10.0.2.109 3683 -> 187.184.252.54 8969 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:13:56.439000 0.333072 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 777 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:13:56.783610 0.381730 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 787 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:13:57.174894 0.000000 udp 10.0.2.109 3683 -> 109.65.151.122 7938 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:14:04.520163 0.000000 udp 10.0.2.109 3683 -> 78.171.13.28 6828 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:14:10.669376 0.404722 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:14:11.087911 0.000000 udp 10.0.2.109 3683 -> 37.101.255.25 7616 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:14:19.812340 0.000000 udp 10.0.2.109 3683 -> 82.9.88.26 8387 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:14:24.488964 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:14:25.811338 0.424937 udp 10.0.2.109 3683 <-> 99.56.217.101 7727 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:14:26.290376 0.000000 udp 10.0.2.109 3683 -> 66.126.30.70 5587 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:14:31.980008 0.000000 udp 10.0.2.109 3683 -> 84.147.38.236 3294 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:14:38.909760 0.000000 udp 10.0.2.109 3683 -> 75.163.77.21 2186 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:14:47.441828 0.000000 udp 10.0.2.109 3683 -> 98.223.157.184 3808 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:14:55.363939 0.484903 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 737 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:14:55.906480 0.598982 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:14:56.546361 0.000000 udp 10.0.2.109 3683 -> 95.254.46.92 6600 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:15:04.887624 0.388653 udp 10.0.2.109 3683 <-> 74.208.73.146 4587 CON 0 0 2 670 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:15:05.345297 0.000000 udp 10.0.2.109 3683 -> 80.179.199.81 20802 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:15:09.483658 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:15:13.559542 0.000000 udp 10.0.2.109 3683 -> 99.60.238.159 15414 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:15:19.218036 0.000000 udp 10.0.2.109 3683 -> 87.215.202.226 22297 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:15:27.839933 0.000000 udp 10.0.2.109 3683 -> 202.191.245.2 1284 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:15:36.202374 0.527055 udp 10.0.2.109 3683 <-> 177.189.137.123 7012 CON 0 0 2 816 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:15:36.744501 0.414110 udp 10.0.2.109 3683 <-> 147.134.33.131 9549 CON 0 0 2 833 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:15:37.170711 0.000000 udp 10.0.2.109 3683 -> 139.228.203.97 4667 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:15:42.841990 0.000000 udp 10.0.2.109 3683 -> 76.29.144.67 1908 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:15:49.100779 0.271343 udp 10.0.2.109 3683 -> 109.192.150.168 4422 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:15:49.372122 0.000000 icmp 109.192.150.168 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 295 flow=Background 1970/01/07 16:15:53.987682 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:15:55.760397 0.000000 udp 10.0.2.109 3683 -> 24.184.106.21 2952 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:16:03.841623 0.000000 udp 10.0.2.109 3683 -> 84.62.114.173 9349 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:16:08.888982 0.000000 udp 10.0.2.109 3683 -> 109.64.10.28 5505 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:16:15.769013 0.572496 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 692 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:16:16.410599 0.000000 udp 10.0.2.109 3683 -> 184.185.133.4 1639 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:16:21.427336 0.000000 udp 10.0.2.109 3683 -> 87.7.27.28 2288 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:16:27.195515 0.000000 udp 10.0.2.109 3683 -> 66.215.228.243 6110 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:16:35.667768 0.000000 udp 10.0.2.109 3683 -> 186.80.214.123 7208 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:16:40.554322 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:16:41.315677 0.000000 udp 10.0.2.109 3683 -> 87.6.88.67 6306 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:16:49.036834 0.000000 udp 10.0.2.109 3683 -> 213.144.112.172 5422 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:16:55.786906 0.000000 udp 10.0.2.109 3683 -> 99.32.165.211 18955 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:17:00.923734 0.000000 udp 10.0.2.109 3683 -> 69.92.221.11 13549 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:17:06.782819 0.000000 udp 10.0.2.109 3683 -> 79.39.73.164 5553 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:17:13.482029 0.000000 udp 10.0.2.109 3683 -> 91.238.173.126 28102 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:17:22.044298 0.000000 udp 10.0.2.109 3683 -> 212.71.16.46 7158 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:17:26.570350 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:17:27.092004 1.335883 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 811 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:17:28.438309 0.000000 udp 10.0.2.109 3683 -> 65.112.169.227 8791 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:17:36.504940 0.410684 udp 10.0.2.109 3683 <-> 76.243.96.59 4709 CON 0 0 2 812 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:17:36.935500 0.292317 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:17:37.250695 0.617434 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 800 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:17:37.975049 0.000000 udp 10.0.2.109 3683 -> 24.33.151.168 2815 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:17:45.959051 0.000000 udp 10.0.2.109 3683 -> 98.160.151.109 7979 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:17:52.639046 0.000000 udp 10.0.2.109 3683 -> 173.69.4.13 8366 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:17:57.745930 0.000000 udp 10.0.2.109 3683 -> 79.39.94.153 2471 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:18:04.175296 0.000000 udp 10.0.2.109 3683 -> 151.230.85.222 4626 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:18:11.956229 0.000000 udp 10.0.2.109 3683 -> 59.148.240.218 3899 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:18:16.572865 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:18:18.445688 0.000000 udp 10.0.2.109 3683 -> 12.197.95.2 4046 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:18:23.953462 0.000000 udp 10.0.2.109 3683 -> 168.187.116.50 1970 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:18:30.443409 0.000000 udp 10.0.2.109 3683 -> 208.18.132.161 3291 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:18:37.292278 0.000000 udp 10.0.2.109 3683 -> 2.171.219.190 6302 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:18:45.724812 0.000000 udp 10.0.2.109 3683 -> 75.26.248.202 3241 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:18:51.122612 0.000000 udp 10.0.2.109 3683 -> 90.183.128.146 2721 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:18:56.730874 0.000000 udp 10.0.2.109 3683 -> 79.192.172.96 3554 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:19:01.577606 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:19:01.787981 0.000000 udp 10.0.2.109 3683 -> 66.91.144.90 6705 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:19:07.476278 0.296926 udp 10.0.2.109 3683 <-> 93.177.163.6 6052 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:19:07.783800 0.399149 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 755 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:19:08.192397 0.392901 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 852 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:19:08.594683 0.000000 udp 10.0.2.109 3683 -> 79.39.82.138 5482 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:19:14.325462 0.378468 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 748 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:19:14.714833 0.634853 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 710 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:19:15.369671 0.331415 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 718 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:19:15.718081 0.586866 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:19:16.314254 0.392866 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 689 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:19:16.749391 0.480321 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 801 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:19:17.240583 0.000000 udp 10.0.2.109 3683 -> 99.109.43.30 1552 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:19:23.439561 0.000000 udp 10.0.2.109 3683 -> 195.14.157.107 8561 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:19:25.775220 3.000933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 16:19:29.317470 0.000000 udp 10.0.2.109 3683 -> 87.23.134.222 7126 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:19:32.782387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:19:35.867024 0.000000 udp 10.0.2.109 3683 -> 88.211.91.249 5186 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:19:40.783713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:19:44.299178 0.000000 udp 10.0.2.109 3683 -> 77.71.187.151 5284 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:19:49.075761 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:19:53.201387 0.000000 udp 10.0.2.109 3683 -> 184.185.82.43 1215 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:19:56.786538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:19:58.389210 0.000000 udp 10.0.2.109 3683 -> 173.200.183.221 6650 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:20:06.090385 0.000000 udp 10.0.2.109 3683 -> 67.81.34.91 3627 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:20:11.868383 0.750804 udp 10.0.2.109 3683 <-> 181.72.182.161 6408 CON 0 0 2 781 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:20:12.632524 0.000000 udp 10.0.2.109 3683 -> 151.8.176.35 7620 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:20:17.977166 0.000000 udp 10.0.2.109 3683 -> 70.169.54.140 1181 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:20:25.958803 0.000000 udp 10.0.2.109 3683 -> 86.98.46.32 5200 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:20:28.792879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:20:31.006347 0.398611 udp 10.0.2.109 3683 -> 173.160.77.169 4200 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:20:31.404958 0.000000 icmp 173.160.77.169 0x0303 -> 10.0.2.109 0x6810 URP 192 1 201 flow=Background 1970/01/07 16:20:35.572126 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:20:36.063421 0.000000 udp 10.0.2.109 3683 -> 82.11.191.158 2419 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:20:43.243816 0.000000 udp 10.0.2.109 3683 -> 113.110.231.59 9541 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:20:51.375540 0.343742 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 737 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:20:51.728909 0.000000 udp 10.0.2.109 3683 -> 88.253.161.156 5873 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:20:58.015106 0.000000 udp 10.0.2.109 3683 -> 95.149.13.32 2092 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:21:05.646319 0.000000 udp 10.0.2.109 3683 -> 92.44.78.216 9408 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:26:32.798457 3.002144 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 16:26:39.805983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:26:47.807591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:27:03.811142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:27:35.816419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:33:39.823002 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 16:33:46.830326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:33:54.831725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:34:10.834929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:34:42.840372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:39:34.149857 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:39:34.149965 2.677924 tcp 10.0.2.109 50662 -> 211.38.175.27 4598 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:40:46.846959 3.001305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 16:40:53.854045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:41:01.855533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:41:17.858632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:41:49.864907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:47:53.871134 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 16:48:00.878055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:48:08.879552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:48:24.882485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:48:56.888533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:51:24.140628 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 16:51:24.140873 0.000000 udp 10.0.2.109 3683 -> 87.185.130.35 3612 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:51:42.249256 0.553215 tcp 10.0.2.109 50663 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:51:42.802743 0.576331 tcp 10.0.2.109 50664 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:51:43.379405 1.393807 tcp 10.0.2.109 50665 -> 195.113.214.222 443 SRPA* 0 0 36 26973 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:51:44.773813 0.306427 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:51:45.080637 0.420562 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:51:45.501614 0.381265 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:51:45.883270 0.446304 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:51:46.329935 0.314426 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:51:46.644697 0.454899 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:51:47.099978 0.395965 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:51:47.496375 0.000000 udp 10.0.2.109 3683 -> 62.92.158.188 3282 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:52:04.069596 0.589072 tcp 10.0.2.109 50666 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:52:04.658964 0.562036 tcp 10.0.2.109 50667 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:52:05.221270 1.159796 tcp 10.0.2.109 50668 -> 195.113.214.222 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:52:06.381826 0.281605 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:06.663799 0.303508 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:06.967734 0.000000 udp 10.0.2.109 3683 -> 79.0.63.117 3810 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:52:24.818995 0.568233 tcp 10.0.2.109 50669 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:52:25.387474 0.564928 tcp 10.0.2.109 50670 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:52:25.952661 1.141945 tcp 10.0.2.109 50671 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:52:27.095277 0.396828 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:27.492510 0.386055 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:27.878924 0.578604 udp 10.0.2.109 3683 <-> 186.49.74.5 3993 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:28.457931 0.000000 udp 10.0.2.109 3683 -> 2.28.32.229 3796 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:52:44.015919 0.572507 tcp 10.0.2.109 50672 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:52:44.588672 0.584480 tcp 10.0.2.109 50673 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:52:45.173506 1.145987 tcp 10.0.2.109 50674 -> 195.113.214.222 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:52:46.319688 0.405870 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:46.725966 0.431727 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:47.158120 0.382152 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:47.540682 0.455496 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:47.996579 0.661725 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:48.658730 0.352927 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:49.012062 0.389667 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:49.402094 0.458553 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:49.861047 0.326363 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:50.187808 0.559054 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:50.747205 0.311042 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:51.058632 0.398897 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:51.457949 0.395688 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:52:51.854022 0.000000 udp 10.0.2.109 3683 -> 99.56.217.101 7727 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:53:09.963592 0.570438 tcp 10.0.2.109 50675 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:53:10.534295 0.605808 tcp 10.0.2.109 50676 -> 195.113.214.222 80 SRPA* 0 0 18 13404 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:53:11.140715 0.576677 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:11.717771 0.581987 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:12.300120 0.000000 udp 10.0.2.109 3683 -> 177.189.137.123 7012 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:53:30.132681 0.558079 tcp 10.0.2.109 50677 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:53:30.691012 0.616644 tcp 10.0.2.109 50678 -> 195.113.214.222 80 SRPA* 0 0 19 14717 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:53:31.308263 0.000000 udp 10.0.2.109 3683 -> 147.134.33.131 9549 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 16:53:48.799798 0.563497 tcp 10.0.2.109 50679 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:53:49.363571 0.576114 tcp 10.0.2.109 50680 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:53:49.939983 1.148418 tcp 10.0.2.109 50681 -> 195.113.214.222 443 SRPA* 0 0 21 13074 flow=From-Botnet-V1-TCP-Established 1970/01/07 16:53:51.089089 0.579045 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:51.668525 1.534411 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:53.203329 0.434653 udp 10.0.2.109 3683 <-> 76.243.96.59 4709 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:53.638408 0.296003 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:53.934811 0.605344 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:54.540531 0.355957 udp 10.0.2.109 3683 <-> 93.177.163.6 6052 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:54.896971 0.390456 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:55.287926 0.454557 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:55.742894 0.383631 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:56.126930 0.539306 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:56.666599 0.317595 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:56.984591 0.587566 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:57.572559 0.397163 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:57.970136 0.476955 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:58.447495 0.551255 udp 10.0.2.109 3683 <-> 181.72.182.161 6408 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:53:58.999157 0.329077 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 16:55:00.894581 3.001551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 16:55:07.901891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:55:15.903585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:55:31.906716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 16:56:03.912258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:02:07.918360 3.001801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 17:02:14.925826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:02:22.927906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:02:38.930474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:03:10.936209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:09:14.943309 3.000725 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 17:09:21.949807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:09:29.951415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:09:36.831929 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 17:09:36.832158 2.678851 tcp 10.0.2.109 50682 -> 211.38.175.27 4598 FSPA* 0 0 15 1565 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:09:45.954817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:10:17.960838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:16:21.966626 3.001872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 17:16:28.974325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:16:36.975581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:16:52.978714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:17:24.984334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:23:28.991936 3.000025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 17:23:35.997925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:23:43.999300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:24:00.002173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:24:03.627902 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 17:24:03.627990 0.000000 udp 10.0.2.109 3683 -> 87.185.130.35 3612 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:24:20.544214 0.553810 tcp 10.0.2.109 50683 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:24:21.098261 0.558795 tcp 10.0.2.109 50684 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:24:21.657361 1.176365 tcp 10.0.2.109 50685 -> 195.113.214.222 443 SRPA* 0 0 21 12826 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:24:22.834468 0.297801 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:24:23.132632 0.000000 udp 10.0.2.109 3683 -> 79.0.63.117 3810 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:24:32.008746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:24:40.442409 0.569396 tcp 10.0.2.109 50686 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:24:41.012121 0.569524 tcp 10.0.2.109 50687 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:24:41.581486 1.162434 tcp 10.0.2.109 50688 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:24:42.744741 0.000000 udp 10.0.2.109 3683 -> 2.28.32.229 3796 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:25:00.270033 0.555523 tcp 10.0.2.109 50689 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:00.825882 0.574828 tcp 10.0.2.109 50690 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:01.400999 1.149394 tcp 10.0.2.109 50691 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:02.551093 0.000000 udp 10.0.2.109 3683 -> 99.56.217.101 7727 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:25:17.855908 0.557542 tcp 10.0.2.109 50692 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:18.413731 0.554231 tcp 10.0.2.109 50693 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:18.968205 1.154621 tcp 10.0.2.109 50694 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:20.123413 0.000000 udp 10.0.2.109 3683 -> 177.189.137.123 7012 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:25:37.654631 0.573804 tcp 10.0.2.109 50695 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:38.228748 0.579141 tcp 10.0.2.109 50696 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:38.808129 1.143966 tcp 10.0.2.109 50697 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:39.952798 0.000000 udp 10.0.2.109 3683 -> 147.134.33.131 9549 INT 0 1 90 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:25:58.113748 0.575341 tcp 10.0.2.109 50698 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:58.689434 0.571528 tcp 10.0.2.109 50699 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:25:59.261297 1.150626 tcp 10.0.2.109 50700 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:26:00.412625 0.300134 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:00.713112 0.430625 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:01.144126 0.381535 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:01.526022 0.320657 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:01.847025 0.440573 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:02.288014 0.467445 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:02.755906 0.402612 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:03.158904 0.303775 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:03.463079 0.270551 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:03.734025 0.396544 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:04.130947 0.405913 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:04.537246 0.553989 udp 10.0.2.109 3683 <-> 186.49.74.5 3993 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:05.091670 0.387307 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:05.479431 0.455136 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:05.934939 0.388050 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:06.323391 0.414642 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:06.738536 0.667736 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:07.406634 0.364382 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:07.771426 0.000000 udp 10.0.2.109 3683 -> 75.18.91.137 3472 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:26:26.023687 0.576757 tcp 10.0.2.109 50701 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:26:26.600780 0.601929 tcp 10.0.2.109 50702 -> 195.113.214.222 80 SRPA* 0 0 20 14759 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:26:27.203200 0.479139 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:27.682739 0.493135 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:28.176236 0.333742 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:28.510347 0.314848 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:28.825625 0.392635 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:29.218670 0.387782 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:29.606856 0.451513 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:30.058721 0.599908 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:30.659044 0.596724 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:31.256122 0.000000 udp 10.0.2.109 3683 -> 76.243.96.59 4709 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:26:47.084298 0.571556 tcp 10.0.2.109 50703 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:26:47.656154 0.560135 tcp 10.0.2.109 50704 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:26:48.216589 1.141326 tcp 10.0.2.109 50705 -> 195.113.214.222 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:26:49.358791 0.296869 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:49.656002 0.403340 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:50.059726 0.299047 udp 10.0.2.109 3683 <-> 93.177.163.6 6052 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:50.359159 0.604442 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:50.964006 0.420986 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:51.385367 0.391283 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:51.777057 0.333790 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:52.111271 0.381451 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:52.493143 0.544601 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:53.038092 0.410583 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:53.449082 0.580300 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:54.029802 0.467215 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:54.497397 0.551889 udp 10.0.2.109 3683 <-> 181.72.182.161 6408 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:26:55.049729 0.327464 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:30:36.015201 3.000670 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 17:30:43.022045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:30:51.023558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:31:07.026674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:31:39.032262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:37:43.039183 3.000823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 17:37:50.045726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:37:58.046973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:38:14.050467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:38:46.056129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:39:39.513968 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 17:39:39.514073 2.743048 tcp 10.0.2.109 50706 -> 211.38.175.27 4598 FSPA* 0 0 14 1526 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:44:50.062287 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 17:44:57.069503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:45:05.071248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:45:21.074385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:45:53.080003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:51:57.086419 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 17:52:04.093964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:52:12.095362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:52:28.098066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:53:00.104781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:57:01.011062 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 17:57:01.011257 0.000000 udp 10.0.2.109 3683 -> 75.18.91.137 3472 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:57:18.548373 0.555729 tcp 10.0.2.109 50707 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:57:19.104385 0.586829 tcp 10.0.2.109 50708 -> 195.113.214.222 80 SRPA* 0 0 20 14768 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:57:19.691861 0.000000 udp 10.0.2.109 3683 -> 76.243.96.59 4709 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:57:37.575792 0.564480 tcp 10.0.2.109 50709 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:57:38.140605 0.568926 tcp 10.0.2.109 50710 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:57:38.709824 1.156466 tcp 10.0.2.109 50711 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:57:39.867080 0.295869 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:40.163373 0.298526 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:40.462367 0.319122 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:40.781928 0.414851 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:41.197161 0.381652 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:41.579199 0.439393 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:42.018950 0.469491 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:42.488799 0.296092 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:42.785311 0.410833 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:43.196515 0.275429 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:43.472313 0.387905 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:43.860610 0.421620 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:44.282655 0.397373 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:44.680437 1.525245 udp 10.0.2.109 3683 <-> 186.49.74.5 3993 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:46.206300 0.468230 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:46.674920 0.404417 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:47.079766 0.403231 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:47.483395 0.352241 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:47.835985 0.667374 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:48.503721 0.594929 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:49.099047 0.300447 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:49.399851 0.337161 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:49.737375 0.542119 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:50.279908 0.442710 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:50.722986 0.391684 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:51.115078 0.380760 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:51.496254 0.591006 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:52.087673 0.593249 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:52.681284 0.296918 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:52.978559 0.336383 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:57:53.315287 0.000000 udp 10.0.2.109 3683 -> 93.177.163.6 6052 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 17:58:12.144092 0.544310 tcp 10.0.2.109 50712 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:58:12.688753 0.567826 tcp 10.0.2.109 50713 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:58:13.256868 1.159032 tcp 10.0.2.109 50714 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/07 17:58:14.416534 0.588588 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:15.005539 0.418477 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:15.424419 0.380977 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:15.805813 0.506864 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:16.313092 0.327238 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:16.640686 0.389442 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:17.030534 0.390434 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:17.421335 0.585973 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:18.007712 0.468313 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:18.476384 0.548887 udp 10.0.2.109 3683 <-> 181.72.182.161 6408 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:58:19.025696 0.328135 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/07 17:59:04.111209 3.000925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 17:59:11.117876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:59:19.119254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 17:59:35.122215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:00:07.128073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:06:12.365868 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 18:06:19.373546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:06:27.375218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:06:43.377741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:07:15.383727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:09:42.876847 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 18:09:42.877016 2.675883 tcp 10.0.2.109 50715 -> 211.38.175.27 4598 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:13:19.390791 3.001066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 18:13:26.397478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:13:34.399007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:13:50.401610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:14:22.407946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:20:35.427005 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 18:20:42.434724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:20:50.436137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:21:06.439104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:21:38.444927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:27:52.455977 3.000920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 18:27:59.462412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:28:07.463974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:28:23.467522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:28:31.268775 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 18:28:31.268883 0.000000 udp 10.0.2.109 3683 -> 93.177.163.6 6052 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 18:28:48.645828 0.554159 tcp 10.0.2.109 50716 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:28:49.200267 0.562411 tcp 10.0.2.109 50717 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:28:49.763017 1.151608 tcp 10.0.2.109 50718 -> 195.113.214.222 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:28:50.915310 0.312494 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:28:51.228242 0.296093 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:28:51.524760 0.307227 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:28:51.832332 0.432690 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:28:52.265399 0.411451 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:28:52.677265 0.380215 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:28:53.057891 0.462152 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:28:53.520369 0.292054 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:28:53.812817 0.000000 udp 10.0.2.109 3683 -> 70.30.175.164 8866 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 18:28:55.472995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:29:10.425807 0.558609 tcp 10.0.2.109 50719 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:29:10.984718 0.565815 tcp 10.0.2.109 50720 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:29:11.550834 1.140070 tcp 10.0.2.109 50721 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:29:12.691486 0.272983 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:12.964877 0.396838 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:13.362309 0.434533 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:13.797215 0.383745 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:14.181327 0.541894 udp 10.0.2.109 3683 <-> 186.49.74.5 3993 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:14.723675 0.453934 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:15.178051 0.401550 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:15.579960 0.388190 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:15.968552 0.348360 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:16.317302 0.669111 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:16.986847 0.327552 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:17.314829 0.000000 udp 10.0.2.109 3683 -> 151.27.246.255 3395 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 18:29:32.627701 0.548241 tcp 10.0.2.109 50722 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:29:33.176300 0.562437 tcp 10.0.2.109 50723 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:29:33.739083 1.156020 tcp 10.0.2.109 50724 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:29:34.895775 0.594227 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:35.490531 0.489172 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:35.980117 0.592299 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:36.572788 0.399226 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:36.972428 0.386329 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:37.359164 0.308649 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:37.685348 0.594989 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:38.280737 0.606601 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:38.887748 0.348582 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:39.236692 0.600113 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:39.837261 0.404069 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:40.241736 0.389922 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:40.632009 0.385165 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:41.017593 1.575562 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:43.585941 0.319006 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:43.905388 0.383200 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:44.289146 0.584817 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:44.874482 0.472288 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:29:45.347148 0.000000 udp 10.0.2.109 3683 -> 181.72.182.161 6408 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 18:30:00.457867 0.551160 tcp 10.0.2.109 50725 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:30:01.009334 0.587928 tcp 10.0.2.109 50726 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:30:01.597560 1.153576 tcp 10.0.2.109 50727 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:30:02.751871 0.340490 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/07 18:34:59.479793 3.000929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 18:35:06.486556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:35:14.488069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:35:30.491344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:36:02.497498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:39:45.558464 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 18:39:45.558571 2.672349 tcp 10.0.2.109 50728 -> 211.38.175.27 4598 FSPA* 0 0 14 1702 flow=From-Botnet-V1-TCP-Established 1970/01/07 18:42:06.503269 3.001678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 18:42:13.510350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:42:21.511894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:42:37.515212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:43:09.521334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:49:13.526707 3.001891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 18:49:20.534431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:49:28.536001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:49:44.539503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:50:16.545486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:56:20.551246 3.001819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 18:56:27.558512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:56:35.560103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:56:51.563246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 18:57:23.569294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:00:30.677975 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 19:00:30.678279 0.000000 udp 10.0.2.109 3683 -> 70.30.175.164 8866 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 19:00:46.353604 0.559832 tcp 10.0.2.109 50729 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:00:46.913791 0.553416 tcp 10.0.2.109 50730 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:00:47.467507 1.170693 tcp 10.0.2.109 50731 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:00:48.638974 0.304648 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:00:48.944104 0.000000 udp 10.0.2.109 3683 -> 181.72.182.161 6408 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 19:01:04.297463 0.556592 tcp 10.0.2.109 50732 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:01:04.854500 0.549421 tcp 10.0.2.109 50733 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:01:05.404172 1.144806 tcp 10.0.2.109 50734 -> 195.113.214.222 443 SRPA* 0 0 27 10626 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:01:06.549620 0.295839 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:06.845847 0.292400 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:07.138675 0.312622 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:07.451685 0.460377 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:07.912482 0.426314 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:08.339244 0.380283 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:08.719980 0.285788 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:09.006442 0.462350 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:09.469248 0.273053 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:09.742785 0.428270 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:10.171455 0.394992 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:10.566856 0.541526 udp 10.0.2.109 3683 <-> 186.49.74.5 3993 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:11.108871 0.385029 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:11.494360 0.411032 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:11.905845 0.463955 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:12.370223 0.347573 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:12.718151 0.376459 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:13.094962 0.672786 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:13.768136 0.331612 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:14.100111 0.595027 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:14.695581 0.587104 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:15.283146 0.525043 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:15.808642 0.301775 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:16.110835 0.388177 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:16.499376 0.379187 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:16.878989 0.590811 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:17.470133 0.347137 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:17.817655 0.615647 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:18.433704 0.582290 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:19.017250 0.431157 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:19.448798 0.380031 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:19.829190 0.383382 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:20.212993 1.024444 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:21.237854 0.000000 udp 10.0.2.109 3683 -> 70.82.192.56 6689 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 19:01:37.535969 0.566267 tcp 10.0.2.109 50735 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:01:38.102541 0.599572 tcp 10.0.2.109 50736 -> 195.113.214.222 80 SRPA* 0 0 18 8384 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:01:38.700802 0.321884 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:39.023042 0.581676 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:39.605134 0.482398 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:01:40.087909 0.350507 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:03:27.575450 3.001520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 19:03:34.582412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:03:42.584451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:03:58.586830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:04:30.632932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:09:48.239930 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 19:09:48.240035 2.761809 tcp 10.0.2.109 50737 -> 211.38.175.27 4598 FSPA* 0 0 14 1680 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:10:34.639493 3.001276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 19:10:41.647869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:10:49.647792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:11:05.650892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:11:37.657479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:17:41.663688 3.001185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 19:17:48.670860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:17:56.672112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:18:12.675472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:18:44.681309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:24:48.686942 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 19:24:55.694165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:25:03.695972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:25:19.699273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:25:51.705410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:31:55.711201 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 19:32:00.235782 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 19:32:00.236034 0.382660 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:00.619069 0.303783 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:00.923265 0.304988 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:01.228686 0.284322 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:01.513423 0.317403 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:01.831243 0.451847 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:02.283495 0.432780 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:02.716649 0.387260 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:02.718338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:32:03.104342 0.286217 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:03.390963 0.290010 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:03.681382 0.479370 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:04.161184 0.400015 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:04.561619 0.409827 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:04.971795 1.024337 udp 10.0.2.109 3683 <-> 186.49.74.5 3993 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:05.996531 0.384644 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:06.381538 1.476493 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:07.858419 0.465296 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:08.324146 0.353676 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:08.678317 0.384542 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:09.063210 0.666908 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:09.730539 0.339328 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:10.070298 0.559117 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:10.629849 0.452960 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:10.720097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:32:11.083238 0.571682 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:11.655345 0.300998 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:11.956746 0.404075 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:12.361260 0.374116 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:12.735776 0.318661 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:13.054833 0.587598 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:13.642799 0.592418 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:14.235639 0.406048 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:14.642074 0.582477 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:15.224945 0.382707 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:15.608005 0.390014 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:15.998425 0.521539 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:16.520294 0.315809 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:16.836512 0.584655 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:17.421512 0.470564 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:17.892492 0.331725 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/07 19:32:26.723051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:32:58.728955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:39:02.735213 3.001086 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 19:39:09.742350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:39:17.744120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:39:33.746997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:39:51.002338 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 19:39:51.002439 2.662408 tcp 10.0.2.109 50738 -> 211.38.175.27 4598 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/01/07 19:40:05.752936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:46:09.759283 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 19:46:16.766646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:46:24.767594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:46:40.771284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:47:12.777059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:53:16.783298 3.001084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 19:53:23.790204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:53:31.792121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:53:47.794694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 19:54:19.800554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:00:23.807499 3.000895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 20:00:30.814193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:00:38.816040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:00:54.818902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:01:26.825101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:02:28.413668 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 20:02:28.413773 0.384813 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:28.798953 0.297394 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:29.096809 0.309831 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:29.407023 0.323689 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:29.731029 0.313856 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:30.045300 0.436213 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:30.481956 0.462686 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:30.945055 0.378153 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:31.323623 0.274313 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:31.598447 0.290245 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:31.889064 0.467026 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:32.356463 0.400107 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:32.756984 0.399623 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:33.157001 0.598718 udp 10.0.2.109 3683 <-> 186.49.74.5 3993 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:33.756093 0.384117 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:34.140619 0.427160 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:34.568182 0.454669 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:35.023306 0.364525 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:35.388275 0.398753 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:35.787409 0.674900 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:36.462683 0.331461 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:36.794513 0.439084 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:37.233986 0.518606 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:37.752940 0.746523 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:38.499876 0.303348 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:38.803628 0.392739 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:39.196736 0.380481 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:39.577603 0.732130 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:40.310094 0.587430 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:40.897946 0.611132 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:41.509489 0.397520 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:41.907378 0.585045 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:42.492852 0.389006 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:42.882444 0.326101 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:43.208982 0.390389 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:43.599752 1.049253 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:44.649447 0.575897 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:45.225756 0.469480 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:02:45.695651 0.326370 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:07:30.831530 3.001227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 20:07:37.838650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:07:45.840089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:08:01.842791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:08:33.848768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:09:53.663741 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 20:09:53.663864 2.651102 tcp 10.0.2.109 50739 -> 211.38.175.27 4598 FSPA* 0 0 14 1688 flow=From-Botnet-V1-TCP-Established 1970/01/07 20:14:37.855109 3.001168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 20:14:44.862460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:14:52.864066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:15:08.866785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:15:40.872819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:21:44.878159 3.001952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 20:21:51.886163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:21:59.887768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:22:15.890611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:22:47.896839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:28:51.902776 3.001285 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 20:28:58.910080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:29:06.911568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:29:22.914659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:29:54.920713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:32:54.148826 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 20:32:54.148910 0.391639 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:54.540991 0.301410 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:54.842858 0.289897 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:55.133178 0.316349 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:55.449945 0.300866 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:55.751251 0.444781 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:56.196376 0.276314 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:56.473120 0.416638 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:56.890184 0.377666 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:57.268269 0.290795 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:57.559472 0.484949 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:58.044823 0.403003 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:58.448261 0.431445 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:32:58.880045 0.000000 udp 10.0.2.109 3683 -> 186.49.74.5 3993 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 20:33:15.272092 0.569439 tcp 10.0.2.109 50740 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 20:33:15.841814 0.573949 tcp 10.0.2.109 50741 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 20:33:16.416008 1.151413 tcp 10.0.2.109 50742 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 20:33:17.568192 0.387915 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:17.956443 0.443891 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:18.400694 0.559976 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:18.961047 0.452607 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:19.414037 0.349267 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:19.763704 0.678840 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:20.442902 0.340520 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:20.783780 0.450035 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:21.234376 0.465792 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:21.700562 0.541007 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:22.241968 0.294745 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:22.537142 0.406224 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:22.943780 0.384685 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:23.328930 0.335879 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:23.665214 0.582080 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:24.247735 0.603366 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:24.851468 0.402049 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:25.253863 0.592370 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:25.846647 0.382245 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:26.229252 0.387734 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:26.617369 0.323198 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:26.940971 0.583359 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:27.524735 0.582878 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:28.107987 0.480133 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:33:28.588525 0.351364 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/07 20:35:58.927739 3.000697 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 20:36:05.934411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:36:13.935758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:36:29.938999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:37:01.944811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:39:56.315908 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 20:39:56.316075 2.692207 tcp 10.0.2.109 50743 -> 211.38.175.27 4598 FSPA* 0 0 14 1589 flow=From-Botnet-V1-TCP-Established 1970/01/07 20:43:05.950768 3.001341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 20:43:12.957773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:43:20.959573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:43:36.962673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:44:08.968477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:50:12.974847 3.001506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 20:50:19.981980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:50:27.983825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:50:43.986930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:51:15.992624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:57:19.999393 3.000546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 20:57:27.005789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:57:35.007198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:57:51.010291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 20:58:23.016345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:03:37.449086 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 21:03:37.449261 0.000000 udp 10.0.2.109 3683 -> 186.49.74.5 3993 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 21:03:52.542845 0.576244 tcp 10.0.2.109 50744 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 21:03:53.119373 0.612988 tcp 10.0.2.109 50745 -> 195.113.214.222 80 SRPA* 0 0 19 14689 flow=From-Botnet-V1-TCP-Established 1970/01/07 21:03:53.733003 0.390153 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:54.123602 0.298343 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:54.422338 0.289045 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:54.711751 0.325924 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:55.038287 0.295259 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:55.333962 0.272344 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:55.606727 0.446782 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:56.053888 0.296819 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:56.351045 0.394172 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:56.745651 0.417023 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:57.163141 0.403021 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:57.566579 0.469281 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:58.036243 0.470462 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:58.507078 0.384376 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:58.891887 0.417278 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:59.309589 0.360122 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:03:59.670546 0.379018 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:00.049987 0.442308 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:00.492698 0.674640 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:01.167781 0.335223 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:01.503379 0.459177 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:01.962886 0.482752 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:02.445999 0.595242 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:03.041665 0.296130 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:03.338230 0.396322 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:03.734928 0.374732 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:04.110066 0.332080 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:04.442550 0.582794 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:05.025722 0.616389 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:05.642537 0.410434 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:06.053393 0.611191 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:06.665015 0.379021 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:07.044462 0.391737 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:07.436541 0.328029 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:07.764982 0.552249 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:08.317661 0.594411 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:08.912432 0.479560 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:09.392356 0.323362 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:04:27.022540 3.001631 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 21:04:34.029782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:04:42.031703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:04:58.034821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:05:30.040647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:09:59.007943 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 21:09:59.008081 2.744409 tcp 10.0.2.109 50746 -> 211.38.175.27 4598 FSPA* 0 0 15 1657 flow=From-Botnet-V1-TCP-Established 1970/01/07 21:11:34.045980 3.002015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 21:11:41.053897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:11:49.055122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:12:05.058461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:12:37.064505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:18:41.071385 3.000979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 21:18:48.077767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:18:56.079090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:19:12.082113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:19:44.088222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:25:48.094093 3.001704 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 21:25:55.101736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:26:03.103292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:26:19.106732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:26:51.112143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:32:55.118953 3.030902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 21:33:02.156150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:33:10.157440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:33:26.160126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:33:58.166478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:34:31.344364 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 21:34:31.344572 0.284817 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:31.629849 0.384713 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:32.014954 0.330294 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:32.345687 0.317359 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:32.663399 0.293011 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:32.956811 0.275425 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:33.232635 0.380915 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:33.613937 0.429097 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:34.043400 0.308524 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:34.352268 0.429500 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:34.782357 0.399924 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:35.182641 0.463719 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:35.646797 0.409424 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:36.056646 0.356213 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:37.269678 0.381437 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:37.651552 0.405353 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:38.057336 0.388259 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:38.445968 0.444831 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:38.891158 0.674585 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:39.566165 0.328342 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:39.894939 0.000000 udp 10.0.2.109 3683 -> 190.150.34.243 8421 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 21:34:56.062406 0.585617 tcp 10.0.2.109 50747 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 21:34:56.648319 0.563917 tcp 10.0.2.109 50748 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 21:34:57.212541 1.145694 tcp 10.0.2.109 50749 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/07 21:34:58.358958 0.494433 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:58.853744 0.491028 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:59.345163 0.304519 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:34:59.650041 0.384672 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:00.035074 0.382774 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:00.418343 0.348902 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:00.767661 0.586223 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:01.354322 0.609313 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:01.964030 0.390588 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:02.355034 0.608621 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:02.964069 0.319186 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:03.283608 0.389739 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:03.762978 0.385465 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:04.148850 0.534328 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:04.683544 0.337162 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:05.021082 0.587130 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:35:05.608637 0.485960 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/07 21:40:01.760042 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 21:40:01.760154 2.714033 tcp 10.0.2.109 50750 -> 211.38.175.27 4598 FSPA* 0 0 15 1703 flow=From-Botnet-V1-TCP-Established 1970/01/07 21:40:02.173407 3.000606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 21:40:09.179885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:40:17.181021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:40:33.184526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:41:05.190604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:47:09.196802 3.000951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 21:47:16.203993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:47:24.205589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:47:40.208667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:48:12.214260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:54:16.220933 3.001226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 21:54:23.227740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:54:31.229408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:54:47.232085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 21:55:19.238229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:01:23.244081 3.001855 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 22:01:30.252030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:01:38.253476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:01:54.255998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:02:26.262224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:05:22.105870 0.000170 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 22:05:22.106164 0.000000 udp 10.0.2.109 3683 -> 190.150.34.243 8421 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 22:05:38.250493 0.566591 tcp 10.0.2.109 50751 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:05:38.817360 0.576117 tcp 10.0.2.109 50752 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:05:39.393786 1.393165 tcp 10.0.2.109 50753 -> 195.113.214.222 443 SRPA* 0 0 36 25761 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:05:40.787614 0.290334 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:41.078433 0.318264 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:41.397045 0.382546 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:41.780031 0.320009 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:42.100435 0.379553 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:42.480390 0.275541 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:42.756319 0.302896 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:43.059576 0.418203 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:43.478213 0.298736 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:43.777405 0.440658 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:44.218548 0.393705 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:44.612642 0.476686 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:45.089676 0.415823 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:45.505894 0.389573 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:45.895924 0.346454 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:46.242815 0.420537 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:46.663747 0.393005 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:47.057186 0.667083 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:47.724689 0.438281 rtcp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:48.163326 0.336652 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:48.500389 0.582324 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:49.083054 0.980342 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:50.063778 0.418608 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:50.482793 0.329205 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:50.812411 0.387813 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:51.200649 0.381583 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:51.582639 0.588849 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:52.171838 0.603008 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:52.775202 0.385889 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:53.161529 0.392557 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:53.554481 0.603371 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:54.158326 0.318864 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:54.477602 0.400085 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:54.878083 0.588077 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:55.466568 0.340707 udp 10.0.2.109 3683 <-> 84.204.2.158 7514 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:55.807650 0.567840 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:05:56.375872 0.475419 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:08:30.269093 3.001143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 22:08:37.275541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:08:45.277319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:09:01.280029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:09:33.286032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:10:04.481707 0.082166 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 22:10:04.564306 2.666373 tcp 10.0.2.109 50754 -> 211.38.175.27 4598 FSPA* 0 0 14 1689 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:15:37.322632 3.001390 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 22:15:44.329456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:15:52.331419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:16:08.334657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:16:40.340211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:22:44.346959 3.000823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 22:22:51.353690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:22:59.355519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:23:15.357915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:23:47.363958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:29:51.371119 3.000810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 22:29:58.377518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:30:06.379244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:30:22.381844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:30:54.388164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:36:22.249782 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 22:36:22.249942 0.395876 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:22.646279 0.318428 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:22.965100 0.322450 udp 10.0.2.109 3683 <-> 86.162.177.184 5066 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:23.287915 0.295954 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:23.584233 0.383062 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:23.967730 0.276590 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:24.244767 0.296573 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:24.541728 0.318323 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:24.860449 0.521474 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:25.382346 0.438240 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:25.821013 0.396763 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:26.218189 0.465154 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:26.683774 0.419956 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:27.104137 0.000000 udp 10.0.2.109 3683 -> 108.239.148.207 9611 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 22:36:45.195323 0.560958 tcp 10.0.2.109 50755 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:36:45.756556 0.621611 tcp 10.0.2.109 50756 -> 195.113.214.222 80 SRPA* 0 0 18 13376 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:36:46.378811 0.386559 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:46.765779 0.364617 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:47.130753 0.395871 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:47.526984 0.666547 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:48.193949 0.447553 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:48.641837 0.334685 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:48.976891 0.532111 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:49.509625 0.352870 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:49.862884 0.596751 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:50.460116 0.425326 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:50.885859 0.409332 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:51.295597 0.379285 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:51.675308 0.577681 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:52.253414 0.602346 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:52.856163 0.401402 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:53.257922 0.378079 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:53.636439 0.591603 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:54.228383 0.318217 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:36:54.547014 0.000000 udp 10.0.2.109 3683 -> 84.204.2.158 7514 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 22:36:58.394265 3.001806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 22:37:05.401493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:37:11.902134 0.562916 tcp 10.0.2.109 50757 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:37:12.465342 0.571305 tcp 10.0.2.109 50758 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:37:13.036945 1.404071 tcp 10.0.2.109 50759 -> 195.113.214.222 443 SRPA* 0 0 34 24193 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:37:13.403309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:37:14.441573 0.399114 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:37:14.841077 0.533212 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:37:15.374658 0.573679 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:37:15.948757 0.466753 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/07 22:37:29.405812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:38:01.412275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:40:07.233163 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 22:40:07.233312 2.717515 tcp 10.0.2.109 50760 -> 211.38.175.27 4598 FSPA* 0 0 14 1754 flow=From-Botnet-V1-TCP-Established 1970/01/07 22:44:05.418870 3.000851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 22:44:12.425805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:44:20.427251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:44:36.429831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:45:08.436439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:51:12.441692 3.002416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 22:51:19.449203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:51:27.451267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:51:43.453998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:52:15.459774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:58:19.466213 3.001691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 22:58:26.473756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:58:34.475032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:58:50.477793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 22:59:22.484242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:05:26.489451 3.002634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 23:05:33.497726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:05:41.499209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:05:57.501948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:06:29.507696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:07:20.591731 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 23:07:20.591830 0.000000 udp 10.0.2.109 3683 -> 108.239.148.207 9611 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:07:36.987847 0.584736 tcp 10.0.2.109 50761 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:07:37.572866 0.617594 tcp 10.0.2.109 50762 -> 195.113.214.222 80 SRPA* 0 0 18 8384 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:07:38.191093 0.000000 udp 10.0.2.109 3683 -> 84.204.2.158 7514 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:07:54.541447 0.573093 tcp 10.0.2.109 50763 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:07:55.114848 0.565097 tcp 10.0.2.109 50764 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:07:55.680299 1.183698 tcp 10.0.2.109 50765 -> 195.113.214.222 443 SRPA* 0 0 27 11254 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:07:56.864765 0.390707 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:07:57.255898 0.000000 udp 10.0.2.109 3683 -> 86.162.177.184 5066 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:08:14.830819 0.581617 tcp 10.0.2.109 50766 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:08:15.412755 0.584880 tcp 10.0.2.109 50767 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:08:15.997881 1.162615 tcp 10.0.2.109 50768 -> 195.113.214.222 443 SRPA* 0 0 24 14058 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:08:17.161183 0.299757 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:17.461355 0.297568 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:17.759305 0.305729 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:18.065414 0.278671 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:18.344475 0.384361 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:18.729240 0.303155 udp 10.0.2.109 3683 <-> 81.148.20.167 4051 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:19.032802 0.444133 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:19.477360 0.412379 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:19.890311 0.396723 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:20.287466 0.458986 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:20.746865 0.407826 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:21.155223 0.386478 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:21.542094 0.347389 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:21.889837 0.391312 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:22.281545 0.450906 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:22.732823 0.664082 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:23.397277 0.378078 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:23.775733 0.342937 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:24.119031 0.465109 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:24.658969 0.422944 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:25.082292 0.521238 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:25.603940 0.384490 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:25.988930 0.000000 udp 10.0.2.109 3683 -> 4.31.203.2 6291 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:08:42.210869 0.572129 tcp 10.0.2.109 50769 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:08:42.783279 0.564792 tcp 10.0.2.109 50770 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:08:43.348358 1.160729 tcp 10.0.2.109 50771 -> 195.113.214.222 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:08:44.509718 0.612013 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:45.122093 0.580192 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:45.702631 0.412363 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:46.115339 0.397485 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:46.513188 0.328497 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:46.842032 0.591035 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:47.433493 0.387965 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:47.821828 0.491387 udp 10.0.2.109 3683 <-> 106.197.121.158 8520 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:48.313723 0.588289 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:08:48.902393 0.472790 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:10:09.955743 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 23:10:09.955845 2.700037 tcp 10.0.2.109 50772 -> 211.38.175.27 4598 FSPA* 0 0 15 1748 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:12:33.514567 3.000790 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 23:12:40.521840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:12:48.523320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:13:04.526164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:13:36.531858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:19:40.538387 3.001476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 23:19:47.545574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:19:55.546907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:20:11.550413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:20:43.555783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:26:47.562968 3.000677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 23:26:54.569721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:27:02.570551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:27:18.574124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:27:50.580138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:33:54.585846 3.001867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 23:34:01.593442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:34:09.595133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:34:25.597711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:34:57.603575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:39:17.748212 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/07 23:39:17.748440 0.000000 udp 10.0.2.109 3683 -> 86.162.177.184 5066 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:39:33.052505 0.565752 tcp 10.0.2.109 50773 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:39:33.618516 0.574891 tcp 10.0.2.109 50774 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:39:34.193698 1.162110 tcp 10.0.2.109 50775 -> 195.113.214.222 443 SRPA* 0 0 23 13340 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:39:35.356494 0.383146 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:35.740022 0.383243 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:36.123684 0.320592 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:36.444736 0.287826 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:36.732964 0.278860 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:37.012245 0.301025 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:37.313692 0.375423 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:37.689528 0.418867 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:38.108723 0.437977 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:38.547075 0.000000 udp 10.0.2.109 3683 -> 81.148.20.167 4051 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:39:55.133049 0.567173 tcp 10.0.2.109 50776 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:39:55.700526 0.571416 tcp 10.0.2.109 50777 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:39:56.272239 1.192416 tcp 10.0.2.109 50778 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:39:57.465293 0.404211 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:57.869930 0.471921 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:58.342301 0.384271 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:58.726917 0.413094 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:59.140435 0.361071 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:59.501882 0.438804 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:39:59.941050 0.390811 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:00.332270 0.663378 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:00.996066 0.344915 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:01.341387 0.458905 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:01.800648 0.329382 udp 10.0.2.109 3683 <-> 88.0.61.235 6375 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:02.130580 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:40:12.657433 2.675135 tcp 10.0.2.109 50779 -> 211.38.175.27 4598 FSPA* 0 0 14 1627 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:40:17.435116 0.570418 tcp 10.0.2.109 50780 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:40:18.005834 0.572375 tcp 10.0.2.109 50781 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:40:18.577994 1.185050 tcp 10.0.2.109 50782 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:40:19.763747 0.528645 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:20.292775 0.397244 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:20.690439 0.580805 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:20.906539 0.000000 udp 10.0.2.109 3683 <- 46.233.34.99 9203 RSP 0 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:40:21.271629 0.604376 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:21.876423 0.382901 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:22.259736 0.000000 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:40:39.597353 0.568042 tcp 10.0.2.109 50783 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:40:40.165711 0.565761 tcp 10.0.2.109 50784 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:40:40.731332 1.167667 tcp 10.0.2.109 50785 -> 195.113.214.222 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:40:41.899723 0.402616 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:42.302743 0.606642 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:42.909816 0.395013 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:40:43.305198 0.000000 udp 10.0.2.109 3683 -> 106.197.121.158 8520 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/07 23:41:01.308138 0.583054 tcp 10.0.2.109 50786 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:41:01.610053 3.001492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/07 23:41:01.891501 0.577184 tcp 10.0.2.109 50787 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:41:02.468847 1.176510 tcp 10.0.2.109 50788 -> 195.113.214.222 443 SRPA* 0 0 22 13092 flow=From-Botnet-V1-TCP-Established 1970/01/07 23:41:03.645936 0.587857 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:41:04.234296 0.476864 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/07 23:41:08.617103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:41:16.618950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:41:32.621759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:42:04.627782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:48:08.634501 3.001023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 23:48:15.641691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:48:23.642960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:48:39.646055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:49:11.651806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:55:15.658315 3.001452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/07 23:55:22.665234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:55:30.666741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:55:46.670176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/07 23:56:18.676036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:02:22.681371 3.001790 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 00:02:29.689542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:02:37.690481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:02:53.694014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:03:25.700057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:09:29.706992 3.000640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 00:09:36.713362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:09:44.714969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:10:00.717865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:10:15.339305 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 00:10:15.339408 2.704376 tcp 10.0.2.109 50789 -> 211.38.175.27 4598 FSPA* 0 0 15 1584 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:10:32.723803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:11:33.872166 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 00:11:33.872273 0.000000 udp 10.0.2.109 3683 -> 81.148.20.167 4051 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 00:11:52.561053 0.568509 tcp 10.0.2.109 50790 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:11:53.129316 0.600613 tcp 10.0.2.109 50791 -> 195.113.214.222 80 SRPA* 0 0 20 13478 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:11:53.730640 0.418774 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:11:54.149806 0.315393 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:11:54.465598 0.000000 udp 10.0.2.109 3683 -> 106.197.121.158 8520 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 00:12:09.534261 0.564849 tcp 10.0.2.109 50792 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:12:10.099433 0.563653 tcp 10.0.2.109 50793 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:12:10.663384 1.179802 tcp 10.0.2.109 50794 -> 195.113.214.222 443 SRPA* 0 0 22 13092 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:12:11.843843 0.000000 udp 10.0.2.109 3683 -> 4.31.203.2 6291 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 00:12:26.979245 0.603801 tcp 10.0.2.109 50795 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:12:27.583353 0.594431 tcp 10.0.2.109 50796 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:12:28.178055 1.303503 tcp 10.0.2.109 50797 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:12:29.482326 0.401881 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:29.884554 0.293022 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:30.178010 0.000000 udp 10.0.2.109 3683 -> 62.92.158.188 3282 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 00:12:47.308053 0.562203 tcp 10.0.2.109 50798 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:12:47.870587 0.575598 tcp 10.0.2.109 50799 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:12:48.446468 1.156224 tcp 10.0.2.109 50800 -> 195.113.214.222 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:12:49.603344 0.373411 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:49.977109 0.292380 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:50.269946 0.307089 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:50.577429 0.439112 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:51.016960 0.418214 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:51.435493 0.398787 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:51.834645 0.393681 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:52.228800 0.465766 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:52.695369 0.345388 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:53.041119 0.400387 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:53.441918 0.394594 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:53.836920 0.443031 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:54.280364 0.344453 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:54.625191 0.677612 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:55.303211 0.449182 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:12:55.752769 0.000000 udp 10.0.2.109 3683 -> 88.0.61.235 6375 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 00:13:13.375969 0.577865 tcp 10.0.2.109 50801 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:13:13.954067 0.580707 tcp 10.0.2.109 50802 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:13:14.534660 1.170900 tcp 10.0.2.109 50803 -> 195.113.214.222 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:13:15.706111 0.399587 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:13:16.106128 1.736689 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:13:17.843287 0.618687 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:13:18.462523 0.586570 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:13:19.049503 0.382253 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:13:19.432151 0.389569 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:13:19.822067 0.401763 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:13:20.224189 0.575858 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:13:20.800387 0.583355 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:13:21.384148 0.480039 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:16:36.729860 3.001622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 00:16:43.737413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:16:51.738658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:17:07.741851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:17:39.748067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:23:43.753886 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 00:23:50.761180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:23:58.762805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:24:14.765599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:24:46.771695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:30:50.778296 3.001314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 00:30:57.784865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:31:05.786641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:31:21.789972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:31:53.795818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:37:57.801914 3.001337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 00:38:04.809391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:38:12.810323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:38:28.813583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:39:00.819281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:40:18.050805 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 00:40:18.050911 2.790156 tcp 10.0.2.109 50804 -> 211.38.175.27 4598 FSPA* 0 0 14 1506 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:43:33.662014 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 00:43:33.662093 0.388805 udp 10.0.2.109 3683 -> 4.31.203.2 6291 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 00:43:34.050898 0.000000 icmp 4.31.203.2 0x0303 -> 10.0.2.109 0x9318 URP 192 1 187 flow=Background 1970/01/08 00:43:52.050768 0.577882 tcp 10.0.2.109 50805 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:43:52.628968 0.572942 tcp 10.0.2.109 50806 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:43:53.202408 1.172627 tcp 10.0.2.109 50807 -> 195.113.214.222 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:43:54.375597 0.297594 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:43:54.673559 0.000000 udp 10.0.2.109 3683 -> 88.0.61.235 6375 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 00:44:13.019487 0.569222 tcp 10.0.2.109 50808 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:44:13.588994 0.574174 tcp 10.0.2.109 50809 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:44:14.163472 1.185909 tcp 10.0.2.109 50810 -> 195.113.214.222 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/08 00:44:15.350084 0.322005 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:15.672520 0.433489 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:16.106456 0.381871 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:16.488685 0.357502 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:16.846650 0.306189 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:17.153231 0.272836 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:17.426435 0.383672 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:17.810455 0.405911 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:18.216763 0.439370 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:18.656518 0.428037 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:19.084974 0.381117 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:19.466523 0.475730 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:19.942599 0.397859 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:20.340852 0.398020 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:20.739250 0.359848 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:21.099527 0.482765 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:21.582727 0.456783 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:22.039872 0.667538 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:22.707824 0.482383 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:23.190600 0.395228 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:23.586409 0.561663 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:24.148493 0.596048 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:24.744952 0.581796 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:25.327151 0.381119 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:25.708673 0.405472 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:26.114571 0.391794 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:26.506906 0.583976 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:27.091239 0.579821 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:44:27.671419 0.480544 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/08 00:45:04.824883 3.002027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 00:45:11.833228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:45:19.834681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:45:35.837688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:46:07.843361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:52:12.120542 3.000893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 00:52:19.127097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:52:27.128879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:52:43.131778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:53:15.177780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:59:19.222227 3.003590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 00:59:26.231828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:59:34.233292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 00:59:50.235615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:00:22.242325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:06:26.248279 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 01:06:33.255538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:06:41.257040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:06:57.260008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:07:29.265878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:10:21.033293 0.000209 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 01:10:21.033610 2.752346 tcp 10.0.2.109 50811 -> 211.38.175.27 4598 FSPA* 0 0 15 1737 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:13:33.273094 3.000815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 01:13:40.279157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:13:48.280847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:14:04.284056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:14:36.290708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:14:49.078638 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 01:14:49.078754 0.303673 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:14:49.382861 0.390901 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:14:49.774161 0.000000 udp 10.0.2.109 3683 -> 151.27.246.255 3395 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 01:15:07.417716 0.587718 tcp 10.0.2.109 50812 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:15:08.005704 0.933119 tcp 10.0.2.109 50813 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:15:08.939168 1.187411 tcp 10.0.2.109 50814 -> 195.113.214.222 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:15:10.127380 0.416734 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:10.544521 0.395066 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:10.939968 0.302521 udp 10.0.2.109 3683 <-> 81.137.213.212 6826 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:11.242917 0.278667 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:11.521968 0.384935 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:11.907348 0.399099 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:12.306892 0.456736 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:12.764024 0.408844 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:13.173349 0.396266 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:13.569988 0.411038 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:13.981447 0.471395 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:14.453209 0.388730 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:14.842335 0.372508 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:15.215237 0.344403 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:15.559990 0.445302 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:16.005701 0.657665 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:16.663795 0.485937 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:17.150120 0.384762 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:17.535265 0.584840 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:18.120512 0.588527 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:18.709441 0.583789 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:19.293631 0.379268 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:19.673319 0.402029 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:20.075750 0.387811 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:20.463958 0.601596 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:21.065901 0.585474 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:15:21.651780 0.478709 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:20:40.296363 3.001324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 01:20:47.303307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:20:55.304964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:21:11.307611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:21:43.314449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:27:47.320365 3.000917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 01:27:54.327220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:28:02.329027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:28:18.331824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:28:50.337786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:34:54.344389 3.000785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 01:35:01.351235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:35:09.353007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:35:25.355726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:35:57.362145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:40:23.784943 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 01:40:23.785052 2.717682 tcp 10.0.2.109 50815 -> 211.38.175.27 4598 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:42:01.367999 3.001718 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 01:42:08.375389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:42:16.377003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:42:32.379936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:43:04.385958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:45:42.493145 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 01:45:42.493323 0.296902 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:45:42.790677 0.293786 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:45:43.084837 0.000000 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 01:45:59.049964 0.572257 tcp 10.0.2.109 50816 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:45:59.622476 0.560139 tcp 10.0.2.109 50817 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:46:00.182903 1.150690 tcp 10.0.2.109 50818 -> 195.113.214.222 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:46:01.334226 0.436235 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:01.770899 0.388658 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:02.159944 0.000000 udp 10.0.2.109 3683 -> 81.137.213.212 6826 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 01:46:18.846824 0.570093 tcp 10.0.2.109 50819 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:46:19.417188 0.562807 tcp 10.0.2.109 50820 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:46:19.980260 1.169219 tcp 10.0.2.109 50821 -> 195.113.214.222 443 SRPA* 0 0 23 13378 flow=From-Botnet-V1-TCP-Established 1970/01/08 01:46:21.150339 0.285515 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:21.436272 0.379759 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:21.868915 0.400168 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:22.269500 0.440097 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:22.709985 0.400107 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:23.110545 0.413662 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:23.524660 0.387003 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:23.912035 0.464510 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:24.376977 0.389447 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:24.766825 0.342371 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:25.109632 0.364681 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:25.474674 0.437429 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:25.912539 0.673793 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:26.586780 0.536659 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:27.123827 0.382994 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:27.507217 0.507495 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:28.015064 0.582812 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:28.598323 0.593145 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:29.191827 0.384162 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:29.576376 0.419604 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:29.996705 0.399864 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:30.396925 0.576269 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:30.973644 0.575335 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:46:31.549353 0.463408 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/08 01:49:08.392527 3.001002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 01:49:15.399398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:49:23.400874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:49:39.403794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:50:12.270987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:56:20.282305 3.001810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 01:56:27.289824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:56:35.291859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:56:51.294536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 01:57:23.301149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:03:28.308255 3.001403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 02:03:35.315625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:03:43.317368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:03:59.320122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:04:31.326041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:10:26.928189 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 02:10:26.928296 2.746966 tcp 10.0.2.109 50822 -> 211.38.175.27 4598 FSPA* 0 0 15 1776 flow=From-Botnet-V1-TCP-Established 1970/01/08 02:11:00.337911 3.812877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 02:11:08.156699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:11:16.158450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:11:32.161152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:12:04.167422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:16:39.803803 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 02:16:39.803951 0.348767 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:40.153129 0.000000 udp 10.0.2.109 3683 -> 81.137.213.212 6826 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 02:16:55.157937 0.701090 tcp 10.0.2.109 50823 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 02:16:55.859301 0.605031 tcp 10.0.2.109 50824 -> 195.113.214.222 80 SRPA* 0 0 18 13375 flow=From-Botnet-V1-TCP-Established 1970/01/08 02:16:56.464921 0.306851 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:56.772226 0.294953 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:57.067592 0.415766 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:57.483760 0.408955 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:57.893102 0.280749 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:58.174290 0.389724 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:58.564432 0.395533 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:58.960388 0.449104 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:59.409925 0.390008 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:16:59.800275 0.424472 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:00.225183 0.424504 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:00.650034 0.464310 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:01.114786 0.390574 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:01.505758 0.359644 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:01.865831 0.680067 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:02.546381 0.459011 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:03.005816 0.667412 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:03.673624 0.735790 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:04.409757 0.465859 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:04.875981 0.399457 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:05.275795 0.602489 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:05.878722 0.588609 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:06.467786 0.382406 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:06.850683 0.385262 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:07.236352 0.386430 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:07.623193 0.583199 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:08.206761 0.592573 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:17:08.799704 0.476836 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:18:08.243837 3.001476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 02:18:15.250960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:18:23.252197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:18:39.255550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:19:11.261207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:25:15.267004 3.002096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 02:25:22.274767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:25:30.275945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:25:46.279102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:26:18.285532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:32:22.291447 3.231424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 02:32:29.528805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:32:37.530738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:32:53.533837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:33:25.539545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:39:29.544908 3.002299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 02:39:36.552914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:39:44.554452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:40:00.557541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:40:30.250734 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 02:40:30.250839 3.316698 tcp 10.0.2.109 50825 -> 211.38.175.27 4598 FSPA* 0 0 13 1700 flow=From-Botnet-V1-TCP-Established 1970/01/08 02:40:32.564010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:46:36.700636 3.000559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 02:46:43.707088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:46:51.708269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:47:07.711608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:47:30.274083 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 02:47:30.274206 0.000000 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 02:47:39.717550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:47:48.262529 0.577113 tcp 10.0.2.109 50826 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 02:47:48.839940 0.576387 tcp 10.0.2.109 50827 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 02:47:49.416630 1.422018 tcp 10.0.2.109 50828 -> 195.113.214.222 443 SRPA* 0 0 35 25707 flow=From-Botnet-V1-TCP-Established 1970/01/08 02:47:50.839257 0.303489 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:51.143176 0.289687 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:51.433307 0.455154 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:51.888888 0.399793 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:52.289146 0.278089 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:52.567667 0.395814 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:52.963907 0.397855 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:53.362175 0.436985 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:53.799606 0.378504 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:54.178584 0.398720 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:54.577758 0.427125 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:55.005249 0.466111 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:55.471779 0.395556 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:55.867975 0.356974 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:56.225376 0.334976 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:56.560736 0.452489 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:57.013647 0.662576 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:57.676567 0.742017 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:58.418992 0.493052 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:58.912407 0.388388 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:59.301169 0.621228 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:47:59.922818 0.580026 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:48:00.503274 0.392972 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:48:00.896672 0.417128 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:48:01.314324 0.386372 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:48:01.701107 0.582385 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:48:02.283860 0.576350 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:48:02.860720 0.509633 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/08 02:53:43.723536 3.001598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 02:53:50.730990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:53:58.732485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:54:14.735232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 02:54:46.741615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:00:50.748531 3.000515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 03:00:57.755284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:01:05.756244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:01:21.759692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:01:53.765830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:07:57.772119 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 03:08:04.779021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:08:12.780838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:08:28.783513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:09:00.789653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:10:33.573504 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 03:10:33.573702 2.660639 tcp 10.0.2.109 50829 -> 211.38.175.27 4598 FSPA* 0 0 15 1579 flow=From-Botnet-V1-TCP-Established 1970/01/08 03:15:04.796391 3.000966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 03:15:11.803259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:15:19.804114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:15:35.807244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:16:07.813500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:18:15.847882 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 03:18:15.848032 0.335985 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:16.184450 0.423555 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:16.608366 0.313000 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:16.921793 0.298038 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:17.220251 0.388787 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:17.609442 0.000000 udp 10.0.2.109 3683 -> 70.82.192.56 6689 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 03:18:35.097669 0.572917 tcp 10.0.2.109 50830 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 03:18:35.670964 0.560574 tcp 10.0.2.109 50831 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 03:18:36.231839 1.156784 tcp 10.0.2.109 50832 -> 195.113.214.222 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/08 03:18:37.389396 0.275995 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:37.665783 0.393360 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:38.059549 0.457188 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:38.517132 0.418650 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:38.936205 0.388227 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:39.324824 0.411118 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:39.736389 0.464520 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:40.201335 0.386060 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:40.587807 0.354694 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:40.942925 0.393737 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:41.337072 0.446546 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:18:41.784047 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 03:18:57.568778 0.561223 tcp 10.0.2.109 50833 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 03:18:58.130307 0.583170 tcp 10.0.2.109 50834 -> 195.113.214.222 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 03:18:58.713817 1.153289 tcp 10.0.2.109 50835 -> 195.113.214.222 443 SRPA* 0 0 22 12880 flow=From-Botnet-V1-TCP-Established 1970/01/08 03:18:59.867830 0.965628 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:00.833875 0.501153 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:01.335486 0.401043 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:01.736937 0.605820 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:02.343309 0.577473 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:02.921208 0.387926 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:03.309533 0.394728 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:03.704613 0.387548 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:04.092582 0.589023 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:04.681968 0.575188 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:19:05.257554 0.475701 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:22:11.819749 3.001079 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 03:22:18.827160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:22:26.828144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:22:42.831563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:23:14.837770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:29:18.844092 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 03:29:25.851029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:29:33.872570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:29:49.875722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:30:21.881361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:36:25.888328 3.000446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 03:36:32.894958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:36:40.896071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:36:56.899604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:37:28.905689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:40:36.235150 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 03:40:36.235343 2.672887 tcp 10.0.2.109 50836 -> 211.38.175.27 4598 FSPA* 0 0 15 1650 flow=From-Botnet-V1-TCP-Established 1970/01/08 03:43:32.912270 3.001131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 03:43:39.918632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:43:47.920034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:44:03.923235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:44:35.929744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:49:31.274400 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 03:49:31.274564 0.390449 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:31.665379 0.666513 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:32.374763 0.304161 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:32.679351 0.432534 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:33.112309 0.314313 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:33.427084 0.282633 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:33.710072 0.382674 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:34.093166 0.277530 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:34.371041 0.412601 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:34.784071 0.446979 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:35.231443 0.397235 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:35.629082 0.399305 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:36.028791 0.387818 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:36.416964 0.358804 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:36.776214 0.390111 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:37.166743 0.462149 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:37.629281 0.432104 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:38.061756 0.400828 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:38.462971 0.565237 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:39.028641 0.443592 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:39.472665 0.392282 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:39.865355 0.591359 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:40.457063 0.572058 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:41.029519 0.381026 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:41.410915 0.390774 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:41.802234 0.388442 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:42.191039 0.569654 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:42.761112 0.577299 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:49:43.338823 0.485586 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/08 03:50:39.934977 3.002023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 03:50:46.942488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:50:54.944021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:51:10.947360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:51:42.953486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:57:46.959993 3.001046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 03:57:53.967077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:58:01.968428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:58:17.971355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 03:58:49.977257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:04:53.983498 3.001319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 04:05:00.990527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:05:08.992097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:05:24.995410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:05:57.000948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:10:38.907059 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:10:38.907303 2.751744 tcp 10.0.2.109 50837 -> 211.38.175.27 4598 FSPA* 0 0 15 1712 flow=From-Botnet-V1-TCP-Established 1970/01/08 04:12:01.007804 3.000904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 04:12:08.014604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:12:16.016223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:12:32.019073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:13:04.025257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:19:08.031175 3.002067 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 04:19:15.038556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:19:23.039848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:19:39.043431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:20:03.158020 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:20:03.158156 0.411348 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:03.569923 0.676189 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:04.246490 0.000000 udp 10.0.2.109 3683 -> 151.27.246.255 3395 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:20:11.048954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:20:21.177320 0.578368 tcp 10.0.2.109 50838 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 04:20:21.756010 0.572131 tcp 10.0.2.109 50839 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 04:20:22.328083 1.413601 tcp 10.0.2.109 50840 -> 195.113.214.222 443 SRPA* 0 0 39 27985 flow=From-Botnet-V1-TCP-Established 1970/01/08 04:20:23.742580 0.290551 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:24.033534 0.404990 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:24.438967 0.000000 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:20:41.274583 0.562956 tcp 10.0.2.109 50841 -> 195.113.214.234 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 04:20:41.837420 0.570061 tcp 10.0.2.109 50842 -> 195.113.214.222 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 04:20:42.407791 1.165114 tcp 10.0.2.109 50843 -> 195.113.214.222 443 SRPA* 0 0 23 12350 flow=From-Botnet-V1-TCP-Established 1970/01/08 04:20:43.573657 0.380247 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:43.954289 0.277613 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:44.232341 0.416221 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:44.648962 0.445200 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:45.094534 0.399362 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:45.494281 0.369760 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:45.864423 0.407699 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:46.272529 0.383631 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:46.656567 0.385933 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:47.042880 0.455062 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:47.498334 0.437340 udp 10.0.2.109 3683 <-> 98.234.154.124 5235 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:47.936092 0.608223 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:48.544762 0.399062 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:48.944238 0.708635 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:49.653286 0.569096 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:50.222796 0.634715 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:50.857919 0.590812 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:51.449153 0.378955 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:51.828534 0.424817 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:52.253720 0.388239 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:52.642388 0.574423 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:53.217225 0.567096 udp 10.0.2.109 3683 <-> 163.25.87.88 5241 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:20:53.919120 0.478781 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/08 04:26:15.056273 3.000437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 04:26:22.062453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:26:30.064659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:26:46.067391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:27:18.072997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:33:22.079673 3.001222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 04:33:29.086423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:33:37.087779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:33:53.090793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:34:25.097156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:40:29.102835 3.002053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 04:40:36.110951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:40:41.659416 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:40:41.659599 3.003498 tcp 10.0.2.109 50844 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:40:41.659744 3.003353 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 04:40:44.111852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:40:50.661737 0.000064 tcp 10.0.2.109 50844 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:40:50.661801 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 04:40:56.662686 2.992080 tcp 10.0.2.109 50845 -> 195.113.214.234 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:40:56.662782 2.991984 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:41:00.114889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:41:01.609403 4.003842 udp 10.0.2.109 64324 -> 8.8.8.8 53 INT 0 2 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:41:01.609505 4.003740 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 208 flow=Background 1970/01/08 04:41:02.608649 3.004699 udp 10.0.2.109 64324 -> 8.8.4.4 53 INT 0 3 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:41:02.608717 3.004631 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 312 flow=Background 1970/01/08 04:41:05.663368 0.000073 tcp 10.0.2.109 50845 -> 195.113.214.234 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:41:05.663441 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:41:09.618572 0.000075 udp 10.0.2.109 64324 -> 8.8.8.8 53 REQ 0 1 76 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:41:09.618647 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 104 flow=Background 1970/01/08 04:41:09.618735 0.000114 udp 10.0.2.109 64324 -> 8.8.4.4 53 REQ 0 1 76 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:41:09.618849 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 104 flow=Background 1970/01/08 04:41:13.754673 1.875564 arp 10.0.2.109 who 10.0.2.2 CON 4 168 flow=Background-ARP 1970/01/08 04:41:17.011239 4.004131 udp 10.0.2.109 64672 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:41:17.011312 4.004058 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:41:18.010511 3.005012 udp 10.0.2.109 64672 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:41:18.010593 3.004930 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:41:25.020550 0.000070 udp 10.0.2.109 64672 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:41:25.020620 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:41:25.020681 0.000041 udp 10.0.2.109 64672 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:41:25.020722 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:41:29.026949 1.501718 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:41:29.027058 1.501609 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:41:29.363446 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:41:31.279821 3.004116 tcp 10.0.2.109 50846 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:41:31.279892 3.004045 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 04:41:32.121098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:41:40.293139 0.000070 tcp 10.0.2.109 50846 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:41:40.293209 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 04:41:46.282290 2.993803 tcp 10.0.2.109 50847 -> 195.113.214.207 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:41:46.282391 2.993702 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:41:55.274607 0.000083 tcp 10.0.2.109 50847 -> 195.113.214.207 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:41:55.274690 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:42:06.293637 4.002507 udp 10.0.2.109 51299 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:42:06.293826 4.002318 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:42:07.292110 3.004177 udp 10.0.2.109 51299 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:42:07.292183 3.004104 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:42:14.301885 0.000063 udp 10.0.2.109 51299 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:42:14.301948 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:42:14.302030 0.000040 udp 10.0.2.109 51299 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:42:14.302070 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:42:14.963024 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:42:18.307501 1.501927 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:42:18.307564 1.501864 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:42:20.560628 2.994485 tcp 10.0.2.109 50848 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:42:20.560697 2.994416 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 04:42:29.564089 0.000075 tcp 10.0.2.109 50848 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:42:29.564164 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 04:42:35.563508 3.003191 tcp 10.0.2.109 50849 -> 195.113.214.211 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:42:35.563589 3.003110 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:42:44.565234 0.774079 tcp 10.0.2.109 50849 -> 195.113.214.211 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:42:45.339313 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:42:55.944492 4.003540 udp 10.0.2.109 52320 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:42:55.944589 4.003443 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:42:56.942856 3.005205 udp 10.0.2.109 52320 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:42:56.943016 3.005045 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:43:00.828777 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:43:03.953515 0.000070 udp 10.0.2.109 52320 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:43:03.953585 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:43:03.953640 0.000043 udp 10.0.2.109 52320 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:43:03.953683 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:43:07.959388 1.501695 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:43:07.959465 1.501618 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:43:10.212053 2.994919 tcp 10.0.2.109 50850 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:43:10.212214 2.994758 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 04:43:19.204949 0.000123 tcp 10.0.2.109 50850 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:43:19.205072 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 04:43:25.214385 3.003486 tcp 10.0.2.109 50851 -> 195.113.214.226 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:43:25.214458 3.003413 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:43:34.216874 0.000087 tcp 10.0.2.109 50851 -> 195.113.214.226 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:43:34.216961 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:43:45.226119 4.001849 udp 10.0.2.109 52666 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:43:45.226313 4.001655 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:43:46.224050 3.004033 udp 10.0.2.109 52666 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:43:46.224127 3.003956 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:43:49.829308 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:43:53.233644 0.000080 udp 10.0.2.109 52666 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:43:53.233724 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:43:53.233847 0.000138 udp 10.0.2.109 52666 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:43:53.233985 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:43:57.239995 1.502207 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:43:57.240059 1.502143 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:43:59.493182 2.994023 tcp 10.0.2.109 50852 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:43:59.493269 2.993936 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 04:44:08.485728 0.000077 tcp 10.0.2.109 50852 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:44:08.485805 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 04:44:14.496831 3.002213 tcp 10.0.2.109 50853 -> 195.113.214.237 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:44:14.496924 3.002120 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:44:23.497763 0.000091 tcp 10.0.2.109 50853 -> 195.113.214.237 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:44:23.497854 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:44:34.507396 4.001623 udp 10.0.2.109 59106 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:44:34.507472 4.001547 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:44:35.504934 3.004111 udp 10.0.2.109 59106 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:44:35.504992 3.004053 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:44:39.330498 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:44:42.515150 0.000063 udp 10.0.2.109 59106 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:44:42.515213 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:44:42.515280 0.000040 udp 10.0.2.109 59106 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:44:42.515320 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:44:46.520976 1.501783 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:44:46.521039 1.501720 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:44:48.774461 3.003405 tcp 10.0.2.109 50854 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:44:48.774545 3.003321 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 04:44:57.776615 0.000093 tcp 10.0.2.109 50854 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:44:57.776708 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 04:45:03.775995 3.003424 tcp 10.0.2.109 50855 -> 195.113.214.245 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:45:03.776078 3.003341 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:45:12.777988 0.000192 tcp 10.0.2.109 50855 -> 195.113.214.245 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:45:12.778180 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:45:23.786548 4.003098 udp 10.0.2.109 55642 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:45:23.786618 4.003028 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:45:24.785810 3.003953 udp 10.0.2.109 55642 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:45:24.785921 3.003842 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:45:28.330549 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:45:31.795970 0.000059 udp 10.0.2.109 55642 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:45:31.796029 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:45:31.796088 0.000040 udp 10.0.2.109 55642 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:45:31.796128 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:45:35.801691 1.502151 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:45:35.801761 1.502081 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:45:38.054842 3.004555 tcp 10.0.2.109 50856 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:45:38.054965 3.004432 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 04:45:47.057747 0.000098 tcp 10.0.2.109 50856 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:45:47.057845 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 04:45:53.056895 3.003571 tcp 10.0.2.109 50857 -> 195.113.214.221 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:45:53.056975 3.003491 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:46:02.059067 0.000084 tcp 10.0.2.109 50857 -> 195.113.214.221 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:46:02.059151 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:46:13.067499 4.003978 udp 10.0.2.109 58733 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:46:13.067578 4.003899 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:46:14.066150 3.005360 udp 10.0.2.109 58733 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:46:14.066209 3.005301 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:46:17.831576 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:46:21.076435 0.000062 udp 10.0.2.109 58733 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:46:21.076497 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:46:21.076616 0.000050 udp 10.0.2.109 58733 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:46:21.076666 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:46:25.082145 1.502094 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:46:25.082202 1.502037 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:46:27.336040 3.003982 tcp 10.0.2.109 50858 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:46:27.336109 3.003913 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 04:46:36.338763 0.000089 tcp 10.0.2.109 50858 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:46:36.338852 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 04:46:42.337965 3.003176 tcp 10.0.2.109 50859 -> 195.113.214.222 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:46:42.338039 3.003102 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:46:51.340058 0.000075 tcp 10.0.2.109 50859 -> 195.113.214.222 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:46:51.340133 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:47:02.349927 4.001453 udp 10.0.2.109 51379 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:47:02.350026 4.001354 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:47:03.347351 3.004316 udp 10.0.2.109 51379 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:47:03.347464 3.004203 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:47:07.332677 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:47:10.357144 0.000079 udp 10.0.2.109 51379 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:47:10.357223 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:47:10.357302 0.000040 udp 10.0.2.109 51379 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:47:10.357342 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:47:14.363300 1.502068 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:47:14.363397 1.501971 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:47:16.616653 3.004469 tcp 10.0.2.109 50860 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:47:16.616732 3.004390 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 04:47:25.618981 0.000071 tcp 10.0.2.109 50860 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:47:25.619052 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 04:47:31.619776 3.002601 tcp 10.0.2.109 50861 -> 195.113.214.236 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:47:31.619845 3.002532 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:47:36.497376 3.002249 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 04:47:40.620962 0.000118 tcp 10.0.2.109 50861 -> 195.113.214.236 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:47:40.621080 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:47:43.505015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:47:51.506579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:47:51.629868 4.002854 udp 10.0.2.109 61129 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:47:51.629954 4.002768 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:47:52.627915 3.004913 udp 10.0.2.109 61129 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:47:52.627977 3.004851 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:47:56.333763 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:47:59.638045 0.000059 udp 10.0.2.109 61129 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:47:59.638104 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:47:59.638216 0.000041 udp 10.0.2.109 61129 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:47:59.638257 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:48:03.644292 1.501880 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:48:03.644453 1.501719 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:48:05.897814 3.004068 tcp 10.0.2.109 50862 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:48:05.897900 3.003982 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 04:48:07.509883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:48:14.900546 0.000089 tcp 10.0.2.109 50862 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:48:14.900635 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 04:48:20.900083 3.003064 tcp 10.0.2.109 50863 -> 195.113.214.215 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:48:20.900155 3.002992 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:48:29.902071 0.000105 tcp 10.0.2.109 50863 -> 195.113.214.215 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:48:29.902176 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:48:39.515310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:48:40.911088 4.002632 udp 10.0.2.109 63816 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:48:40.911175 4.002545 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:48:41.909164 3.004769 udp 10.0.2.109 63816 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:48:41.909228 3.004705 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:48:45.834356 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:48:48.919332 0.000064 udp 10.0.2.109 63816 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:48:48.919396 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:48:48.919462 0.000042 udp 10.0.2.109 63816 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:48:48.919504 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:48:52.924689 1.502641 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:48:52.924749 1.502581 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:48:55.178065 3.004308 tcp 10.0.2.109 50864 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:48:55.178153 3.004220 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 04:49:04.180855 0.000081 tcp 10.0.2.109 50864 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:49:04.180936 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 04:49:10.180484 3.003795 tcp 10.0.2.109 50865 -> 195.113.214.219 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:49:10.180570 3.003709 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:49:19.192726 0.000127 tcp 10.0.2.109 50865 -> 195.113.214.219 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:49:19.192853 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:49:30.192282 4.001980 udp 10.0.2.109 60427 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:49:30.192380 4.001882 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:49:31.189887 3.004486 udp 10.0.2.109 60427 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:49:31.189945 3.004428 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:49:34.835212 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:49:38.199809 0.000078 udp 10.0.2.109 60427 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:49:38.199887 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:49:38.199919 0.000042 udp 10.0.2.109 60427 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:49:38.199961 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:49:42.206192 1.501802 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:49:42.206268 1.501726 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:49:44.459033 3.004005 tcp 10.0.2.109 50866 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:49:44.459130 3.003908 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 04:49:53.462098 0.000075 tcp 10.0.2.109 50866 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:49:53.462173 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 04:49:59.461371 2.993642 tcp 10.0.2.109 50867 -> 195.113.214.241 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:49:59.461442 2.993571 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:50:08.463750 0.000084 tcp 10.0.2.109 50867 -> 195.113.214.241 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:50:08.463834 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:50:19.472396 4.002812 udp 10.0.2.109 53821 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:50:19.472464 4.002744 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:50:20.470756 3.004592 udp 10.0.2.109 53821 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:50:20.470819 3.004529 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:50:24.326035 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:50:27.480713 0.000097 udp 10.0.2.109 53821 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:50:27.480810 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:50:27.480890 0.000160 udp 10.0.2.109 53821 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:50:27.481050 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:50:31.486720 1.502380 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:50:31.486812 1.502288 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:50:33.740372 2.993451 tcp 10.0.2.109 50868 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:50:33.740550 2.993273 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 04:50:42.743011 0.000068 tcp 10.0.2.109 50868 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:50:42.743079 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 04:50:48.743020 2.992917 tcp 10.0.2.109 50869 -> 195.113.214.230 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:50:48.743098 2.992839 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 188 flow=Background 1970/01/08 04:50:57.734277 0.000076 tcp 10.0.2.109 50869 -> 195.113.214.230 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:50:57.734353 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 1 90 flow=Background 1970/01/08 04:51:08.753435 4.002610 udp 10.0.2.109 65400 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:51:08.753556 4.002489 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:51:09.751550 3.004595 udp 10.0.2.109 65400 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:51:09.751628 3.004517 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:51:13.326466 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:51:16.761511 0.000059 udp 10.0.2.109 65400 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:51:16.761570 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:51:16.761717 0.000044 udp 10.0.2.109 65400 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:51:16.761761 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:51:20.186623 0.000087 udp 10.0.2.109 3683 -> 151.27.246.255 3395 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:51:20.186710 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x971b URN 192 1 189 flow=Background 1970/01/08 04:51:20.767506 1.501957 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:51:20.767584 1.501879 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:51:23.020819 2.994205 tcp 10.0.2.109 50870 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:51:23.020918 2.994106 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 04:51:32.023724 0.000078 tcp 10.0.2.109 50870 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:51:32.023802 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 04:51:38.023286 2.993332 tcp 10.0.2.109 50871 -> 195.113.214.251 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:51:38.023389 3.674337 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 4 376 flow=Background 1970/01/08 04:51:38.703679 2.994047 tcp 10.0.2.109 50872 -> 195.113.214.251 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:51:47.014918 0.000095 tcp 10.0.2.109 50871 -> 195.113.214.251 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:51:47.015013 0.681627 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xc371 URN 192 2 180 flow=Background 1970/01/08 04:51:47.696542 0.000098 tcp 10.0.2.109 50872 -> 195.113.214.251 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:51:58.035242 4.001302 udp 10.0.2.109 53916 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:51:58.035337 4.001207 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 04:51:59.032508 3.004238 udp 10.0.2.109 53916 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:51:59.032577 3.004169 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 04:52:02.828090 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:52:06.042604 0.000098 udp 10.0.2.109 53916 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:06.042702 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:52:06.042724 0.000047 udp 10.0.2.109 53916 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:06.042771 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 100 flow=Background 1970/01/08 04:52:10.048167 3.755937 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:10.048239 3.755865 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:52:12.301764 2.994592 tcp 10.0.2.109 50873 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:52:12.301849 2.994507 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 04:52:14.555089 0.000098 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:14.555187 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x527f URN 192 1 250 flow=Background 1970/01/08 04:52:21.294338 0.000136 tcp 10.0.2.109 50873 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:52:21.294474 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 04:52:27.303724 4.606184 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 9 828 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:27.303784 4.606124 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 9 1080 flow=Background 1970/01/08 04:52:31.842377 3.092380 tcp 10.0.2.109 50874 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:52:31.842458 3.092299 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 04:52:32.662345 1.500813 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:32.662426 1.500732 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:52:34.944030 0.000058 udp 10.0.2.109 3683 -> 70.82.192.56 6689 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:34.944088 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4652 URN 192 1 242 flow=Background 1970/01/08 04:52:40.842976 0.000207 tcp 10.0.2.109 50874 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:52:40.843183 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 04:52:46.874435 4.002280 udp 10.0.2.109 60460 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:46.874521 4.002194 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 04:52:47.872973 3.003896 udp 10.0.2.109 60460 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:47.873037 3.003832 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 04:52:51.858815 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:52:54.883133 0.000079 udp 10.0.2.109 60460 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:54.883212 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:52:54.883301 0.000113 udp 10.0.2.109 60460 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:54.883414 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:52:58.888753 4.507546 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:52:58.888815 4.507484 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 04:53:03.395281 3.003892 tcp 10.0.2.109 50875 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:53:03.395396 3.003777 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 04:53:04.146264 0.751175 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:04.146403 0.751036 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 04:53:05.648909 0.000055 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:05.648964 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xcaa5 URN 192 1 149 flow=Background 1970/01/08 04:53:12.397786 0.000077 tcp 10.0.2.109 50875 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:53:12.397863 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 04:53:18.397963 4.275627 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 7 644 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:18.398046 4.275544 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 7 840 flow=Background 1970/01/08 04:53:22.903243 2.994370 tcp 10.0.2.109 50876 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:53:22.903345 2.994268 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 04:53:23.423985 3.004058 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 5 460 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:23.424077 3.003966 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 5 600 flow=Background 1970/01/08 04:53:27.179395 0.000120 udp 10.0.2.109 3683 -> 62.92.158.188 3282 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:27.179515 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x3e5c URN 192 1 269 flow=Background 1970/01/08 04:53:31.895605 0.000075 tcp 10.0.2.109 50876 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:53:31.895680 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 04:53:36.862784 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:53:37.908812 4.001872 udp 10.0.2.109 54389 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:37.908899 4.001785 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 04:53:38.906113 3.004786 udp 10.0.2.109 54389 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:38.906179 3.004720 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 04:53:45.916079 0.000061 udp 10.0.2.109 54389 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:45.916140 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:53:45.916270 0.000043 udp 10.0.2.109 54389 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:45.916313 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:53:49.922193 4.509127 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:49.922274 4.509046 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 04:53:54.428963 3.003484 tcp 10.0.2.109 50877 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:53:54.429089 3.003358 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 04:53:55.179323 0.751259 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:55.179389 0.751193 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 04:53:56.681716 0.000074 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:53:56.681790 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2ee9 URN 192 1 127 flow=Background 1970/01/08 04:54:03.431610 0.000124 tcp 10.0.2.109 50877 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:54:03.431734 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 04:54:09.431315 4.725639 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 9 828 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:09.431380 4.725574 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 9 1080 flow=Background 1970/01/08 04:54:13.936339 3.004167 tcp 10.0.2.109 50878 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:54:13.936454 3.004052 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 04:54:14.909211 1.500464 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:14.909274 1.500401 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 04:54:17.161547 0.000072 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:17.161619 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x415d URN 192 1 231 flow=Background 1970/01/08 04:54:21.858017 0.000217 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:54:22.939182 0.000099 tcp 10.0.2.109 50878 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:54:22.939281 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 04:54:28.941441 4.002639 udp 10.0.2.109 59777 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:28.941537 4.002543 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 04:54:29.939509 3.004692 udp 10.0.2.109 59777 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:29.939578 3.004623 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 04:54:36.949283 0.000078 udp 10.0.2.109 59777 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:36.949361 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:54:36.949496 0.000040 udp 10.0.2.109 59777 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:36.949536 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:54:40.955344 4.508591 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:40.955454 4.508481 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 04:54:43.551460 3.002018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 04:54:45.462760 2.993190 tcp 10.0.2.109 50879 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:54:45.462834 2.993116 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 04:54:46.213059 0.750730 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:46.213118 0.750671 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 04:54:47.715421 0.000060 udp 10.0.2.109 3683 -> 160.80.52.122 5029 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:54:47.715481 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xa050 URN 192 1 182 flow=Background 1970/01/08 04:54:50.559039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:54:54.454631 0.000076 tcp 10.0.2.109 50879 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:54:54.454707 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 04:54:58.560596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:55:00.464893 4.725138 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 8 736 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:00.464959 4.725072 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 8 960 flow=Background 1970/01/08 04:55:04.970367 2.993975 tcp 10.0.2.109 50880 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:55:04.971021 2.993321 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 04:55:05.940998 2.253351 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 4 368 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:05.941059 2.253290 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 4 480 flow=Background 1970/01/08 04:55:08.945714 0.000094 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:08.945808 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6cfb URN 192 1 182 flow=Background 1970/01/08 04:55:09.856887 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:55:13.973055 0.000066 tcp 10.0.2.109 50880 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 04:55:13.973121 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 04:55:14.563299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:55:19.975202 4.001844 udp 10.0.2.109 62221 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:19.975275 4.001771 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 04:55:20.972677 3.004494 udp 10.0.2.109 62221 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:20.972766 3.004405 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 04:55:27.982884 0.000061 udp 10.0.2.109 62221 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:27.982945 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:55:27.983016 0.000039 udp 10.0.2.109 62221 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:27.983055 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:55:31.988549 4.507641 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:31.988638 4.507552 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 04:55:37.246476 0.750694 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:37.246529 0.750641 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 04:55:38.748869 0.000149 udp 10.0.2.109 3683 -> 93.172.44.24 7820 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:38.749018 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5dac URN 192 1 180 flow=Background 1970/01/08 04:55:46.569550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 04:55:55.303139 3.754321 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:55.303210 3.754250 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:55:59.808999 0.000077 udp 10.0.2.109 3683 -> 70.239.198.69 9706 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:55:59.809076 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x46ef URN 192 1 165 flow=Background 1970/01/08 04:56:04.365514 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:56:16.756589 4.002419 udp 10.0.2.109 52244 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:56:16.756670 4.002338 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 04:56:17.754344 3.004774 udp 10.0.2.109 52244 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:56:17.754403 3.004715 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 04:56:24.764280 0.000065 udp 10.0.2.109 52244 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:56:24.764345 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:56:24.764411 0.000047 udp 10.0.2.109 52244 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:56:24.764458 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:56:28.770764 3.754923 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:56:28.770830 3.754857 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:56:33.277414 0.000064 udp 10.0.2.109 3683 -> 75.34.179.1 1841 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:56:33.277478 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b22 URN 192 1 188 flow=Background 1970/01/08 04:56:51.554145 3.754214 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:56:51.554214 3.754145 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:56:56.060107 0.000073 udp 10.0.2.109 3683 -> 76.72.39.28 3825 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:56:56.060180 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4c48 URN 192 1 290 flow=Background 1970/01/08 04:57:00.856323 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:57:12.678344 4.000903 udp 10.0.2.109 57181 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:57:12.678441 4.000806 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 04:57:13.675170 3.004163 udp 10.0.2.109 57181 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:57:13.675242 3.004091 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 04:57:20.684933 0.000085 udp 10.0.2.109 57181 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:57:20.685018 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:57:20.685105 0.000137 udp 10.0.2.109 57181 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:57:20.685242 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:57:24.690758 3.755609 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:57:24.690852 3.755515 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:57:29.197469 0.000062 udp 10.0.2.109 3683 -> 96.37.204.36 6480 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:57:29.197531 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6025 URN 192 1 130 flow=Background 1970/01/08 04:57:46.112491 3.754356 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:57:46.112594 3.754253 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:57:50.618329 0.000114 udp 10.0.2.109 3683 -> 70.24.111.211 7183 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:57:50.618443 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4618 URN 192 1 155 flow=Background 1970/01/08 04:57:55.364913 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:58:08.426999 4.002317 udp 10.0.2.109 62305 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:58:08.427077 4.002239 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 04:58:09.424981 3.004401 udp 10.0.2.109 62305 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:58:09.425051 3.004331 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 04:58:16.435281 0.000075 udp 10.0.2.109 62305 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:58:16.435356 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:58:16.435382 0.000041 udp 10.0.2.109 62305 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:58:16.435423 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:58:20.441087 3.755107 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:58:20.441172 3.755022 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:58:24.947288 0.000092 udp 10.0.2.109 3683 -> 99.60.181.75 9573 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:58:24.947380 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x633c URN 192 1 158 flow=Background 1970/01/08 04:58:42.453918 3.753908 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:58:42.454005 3.753821 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:58:46.959189 0.000101 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:58:46.959290 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x62ea URN 192 1 159 flow=Background 1970/01/08 04:58:51.856273 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:59:02.183538 4.002936 udp 10.0.2.109 64570 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:02.183619 4.002855 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 04:59:03.182057 3.004529 udp 10.0.2.109 64570 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:03.182134 3.004452 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 04:59:10.192023 0.000057 udp 10.0.2.109 64570 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:10.192080 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:59:10.192158 0.000054 udp 10.0.2.109 64570 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:10.192212 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 04:59:14.198201 3.985407 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:14.198263 3.985345 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:59:18.935428 0.000064 udp 10.0.2.109 3683 -> 2.193.43.250 8099 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:18.935492 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x02c1 URN 192 1 216 flow=Background 1970/01/08 04:59:34.118349 3.753530 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:34.118416 3.753463 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 04:59:38.623889 0.000057 udp 10.0.2.109 3683 -> 50.73.87.77 7002 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:38.623946 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x3249 URN 192 1 212 flow=Background 1970/01/08 04:59:43.570296 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 04:59:56.092235 4.001784 udp 10.0.2.109 56083 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:56.092322 4.001697 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 04:59:57.090035 3.004124 udp 10.0.2.109 56083 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 04:59:57.090251 3.003908 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:00:04.099766 0.000087 udp 10.0.2.109 56083 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:00:04.099853 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:00:04.099940 0.000054 udp 10.0.2.109 56083 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:00:04.099994 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:00:08.106023 3.845461 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:00:08.106237 3.845247 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:00:12.702452 0.000075 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:00:12.702527 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b5c URN 192 1 212 flow=Background 1970/01/08 05:00:29.839584 4.023194 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:00:29.839665 4.023113 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:00:34.614326 0.000062 udp 10.0.2.109 3683 -> 212.12.186.201 5494 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:00:34.614388 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd40c URN 192 1 305 flow=Background 1970/01/08 05:00:37.028085 3.003342 tcp 10.0.2.109 50881 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:00:37.028232 3.003195 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 05:00:39.391075 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:00:46.029924 0.000088 tcp 10.0.2.109 50881 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:00:46.030012 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 05:00:52.031634 4.003107 udp 10.0.2.109 64915 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:00:52.031717 4.003024 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:00:53.029964 3.005073 udp 10.0.2.109 64915 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:00:53.030046 3.004991 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:01:00.040026 0.000055 udp 10.0.2.109 64915 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:00.040081 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:01:00.040150 0.000042 udp 10.0.2.109 64915 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:00.040192 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:01:04.045871 4.508048 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:04.045961 4.507958 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:01:08.553009 2.994221 tcp 10.0.2.109 50882 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:01:08.553109 2.994121 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 05:01:09.303965 0.750636 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:09.304020 0.750581 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:01:10.806361 0.000059 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:10.806420 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x1bfb URN 192 1 125 flow=Background 1970/01/08 05:01:17.545524 0.000084 tcp 10.0.2.109 50882 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:01:17.545608 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 05:01:23.555364 3.753839 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:23.555424 3.753779 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:01:28.061065 2.993758 tcp 10.0.2.109 50883 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:01:28.061236 2.993587 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:01:29.223060 3.754613 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:29.223126 3.754547 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:01:32.887380 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:01:33.729264 0.000095 udp 10.0.2.109 3683 -> 111.254.122.18 6738 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:33.729359 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6ffe URN 192 1 120 flow=Background 1970/01/08 05:01:37.063795 0.000120 tcp 10.0.2.109 50883 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:01:37.063915 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:01:43.065784 4.002088 udp 10.0.2.109 63726 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:43.065867 4.002005 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:01:44.063726 3.004358 udp 10.0.2.109 63726 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:44.063856 3.004228 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:01:51.073638 0.000062 udp 10.0.2.109 63726 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:51.073700 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:01:51.073766 0.000147 udp 10.0.2.109 63726 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:51.073913 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:01:51.106245 3.001449 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 05:01:55.079358 4.507946 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:01:55.079440 4.507864 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:01:58.113485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:01:59.586210 3.003739 tcp 10.0.2.109 50884 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:01:59.586298 3.003651 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 05:02:00.337098 0.750797 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:00.337159 0.750736 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:02:01.839222 0.000083 udp 10.0.2.109 3683 -> 75.149.131.201 1430 INT 0 1 90 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:01.839305 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b95 URN 192 1 118 flow=Background 1970/01/08 05:02:06.115828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:02:08.588732 0.000078 tcp 10.0.2.109 50884 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:02:08.588810 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 05:02:14.588575 4.565354 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 9 828 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:14.588633 4.565296 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 9 1080 flow=Background 1970/01/08 05:02:19.093902 3.004792 tcp 10.0.2.109 50885 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:02:19.094012 3.004682 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 05:02:19.905996 1.501295 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:19.906064 1.501227 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 05:02:22.118578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:02:22.159040 0.000060 udp 10.0.2.109 3683 -> 173.216.254.174 8795 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:22.159100 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xadd8 URN 192 1 311 flow=Background 1970/01/08 05:02:23.891025 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:02:28.097323 0.000070 tcp 10.0.2.109 50885 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:02:28.097393 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 05:02:34.099136 4.002387 udp 10.0.2.109 50244 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:34.099210 4.002313 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:02:35.097004 3.004614 udp 10.0.2.109 50244 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:35.097059 3.004559 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:02:42.107094 0.000055 udp 10.0.2.109 50244 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:42.107149 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:02:42.107214 0.000038 udp 10.0.2.109 50244 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:42.107252 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:02:46.112853 4.507502 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:46.112938 4.507417 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:02:50.619368 3.004353 tcp 10.0.2.109 50886 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:02:50.619438 3.004283 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 05:02:51.370148 0.751232 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:51.370231 0.751149 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:02:52.872717 0.000055 udp 10.0.2.109 3683 -> 70.51.157.146 8685 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:02:52.872772 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4633 URN 192 1 282 flow=Background 1970/01/08 05:02:54.124171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:02:59.622341 0.000075 tcp 10.0.2.109 50886 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:02:59.622416 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 05:03:05.622436 4.394533 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 8 736 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:05.622505 4.394464 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 8 960 flow=Background 1970/01/08 05:03:10.127348 3.004460 tcp 10.0.2.109 50887 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:03:10.127548 3.004260 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 05:03:10.767972 2.383842 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 4 368 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:11.007193 2.144621 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 4 480 flow=Background 1970/01/08 05:03:13.903212 0.000085 udp 10.0.2.109 3683 -> 111.252.171.26 9198 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:13.903297 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6ffc URN 192 1 248 flow=Background 1970/01/08 05:03:15.004315 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:03:19.130603 0.000074 tcp 10.0.2.109 50887 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:03:19.130677 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 05:03:25.242402 4.002768 udp 10.0.2.109 64026 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:25.242473 4.002697 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:03:26.240298 3.004996 udp 10.0.2.109 64026 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:26.240438 3.004856 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:03:33.250605 0.000060 udp 10.0.2.109 64026 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:33.250665 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:03:33.250743 0.000148 udp 10.0.2.109 64026 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:33.250891 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:03:37.256374 4.509102 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:37.256555 4.508921 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:03:41.763420 2.993697 tcp 10.0.2.109 50888 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:03:41.763497 2.993620 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:03:42.513990 0.751008 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:42.514062 0.750936 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:03:44.016239 0.000067 udp 10.0.2.109 3683 -> 163.25.87.88 5241 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:44.016306 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xa319 URN 192 1 197 flow=Background 1970/01/08 05:03:50.755420 0.000074 tcp 10.0.2.109 50888 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:03:50.755494 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:03:56.765623 3.754264 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:03:56.765699 3.754188 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:04:01.271373 2.993789 tcp 10.0.2.109 50889 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:04:01.271460 2.993702 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:04:02.674406 3.754146 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:04:02.674472 3.754080 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:04:05.997531 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:04:07.179497 0.000096 udp 10.0.2.109 3683 -> 108.223.244.17 1064 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:04:07.179593 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6cdf URN 192 1 151 flow=Background 1970/01/08 05:04:10.273640 0.000106 tcp 10.0.2.109 50889 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:04:10.273746 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:04:16.275336 4.002594 udp 10.0.2.109 51164 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:04:16.275420 4.002510 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:04:17.273922 3.004292 udp 10.0.2.109 51164 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:04:17.273995 3.004219 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:04:24.283945 0.000083 udp 10.0.2.109 51164 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:04:24.284028 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:04:24.284146 0.000140 udp 10.0.2.109 51164 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:04:24.284286 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:04:28.289825 4.507669 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:04:28.289907 4.507587 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:04:32.796387 3.004521 tcp 10.0.2.109 50890 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:04:32.796467 3.004441 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 05:04:33.546908 0.751333 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:04:33.546967 0.751274 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:04:41.798789 0.000073 tcp 10.0.2.109 50890 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:04:41.798862 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 05:04:47.799230 3.754307 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:04:47.799299 3.754238 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:04:52.304542 3.004206 tcp 10.0.2.109 50891 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:04:52.304721 3.004027 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:04:57.000697 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:05:01.306992 0.000085 tcp 10.0.2.109 50891 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:05:01.307077 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:05:07.309283 4.002438 udp 10.0.2.109 56030 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:05:07.309470 4.002251 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:05:08.307541 3.004402 udp 10.0.2.109 56030 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:05:08.307620 3.004323 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:05:15.317348 0.000072 udp 10.0.2.109 56030 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:05:15.317420 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:05:15.317551 0.000043 udp 10.0.2.109 56030 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:05:15.317594 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:05:19.323414 3.754797 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:05:19.323469 3.754742 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:05:23.830246 2.993910 tcp 10.0.2.109 50892 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:05:23.830323 2.993833 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 05:05:32.832730 0.000074 tcp 10.0.2.109 50892 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:05:32.832804 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 05:05:38.832459 3.754053 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:05:38.832610 3.753902 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:05:43.338264 3.003825 tcp 10.0.2.109 50893 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:05:43.338381 3.003708 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 05:05:48.003942 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:05:52.340197 0.000088 tcp 10.0.2.109 50893 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:05:52.340285 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 05:05:58.341994 4.003303 udp 10.0.2.109 56317 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:05:58.342104 4.003193 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:05:59.340433 3.005395 udp 10.0.2.109 56317 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:05:59.340509 3.005319 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:06:06.350556 0.000133 udp 10.0.2.109 56317 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:06:06.350689 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:06:06.350712 0.000148 udp 10.0.2.109 56317 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:06:06.350860 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:06:10.356604 3.755544 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:06:10.356682 3.755466 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:06:14.863399 2.994143 tcp 10.0.2.109 50894 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:06:14.863514 2.994028 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:06:23.855946 0.000073 tcp 10.0.2.109 50894 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:06:23.856019 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:06:29.865547 3.754517 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:06:29.865628 3.754436 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:06:34.371606 2.993839 tcp 10.0.2.109 50895 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:06:34.371691 2.993754 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 05:06:38.997720 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:06:43.363833 0.000155 tcp 10.0.2.109 50895 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:06:43.363988 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 05:06:49.376362 4.001727 udp 10.0.2.109 60825 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:06:49.376438 4.001651 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:06:50.373755 3.004455 udp 10.0.2.109 60825 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:06:50.373865 3.004345 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:06:57.383934 0.000058 udp 10.0.2.109 60825 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:06:57.383992 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:06:57.384055 0.000038 udp 10.0.2.109 60825 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:06:57.384093 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:07:01.389870 3.755664 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:07:01.389967 3.755567 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:07:05.896629 3.004504 tcp 10.0.2.109 50896 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:07:05.900052 3.001081 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 05:07:14.899408 0.000062 tcp 10.0.2.109 50896 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:07:14.899470 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 05:07:20.899496 3.753718 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:07:20.899560 3.753654 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:07:25.404562 3.004139 tcp 10.0.2.109 50897 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:07:25.404663 3.004038 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 05:07:30.001183 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:07:34.407605 0.000093 tcp 10.0.2.109 50897 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:07:34.407698 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 05:07:40.408986 4.002844 udp 10.0.2.109 55595 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:07:40.409072 4.002758 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:07:41.407180 3.004897 udp 10.0.2.109 55595 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:07:41.407252 3.004825 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:07:48.417362 0.000111 udp 10.0.2.109 55595 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:07:48.417473 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:07:48.417547 0.000040 udp 10.0.2.109 55595 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:07:48.417587 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:07:52.423962 3.754922 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:07:52.424036 3.754848 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:07:56.929817 2.994401 tcp 10.0.2.109 50898 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:07:56.929902 2.994316 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 05:08:05.932874 0.000078 tcp 10.0.2.109 50898 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:08:05.932952 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 05:08:11.932801 3.754288 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:08:11.932985 3.754104 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:08:16.438032 3.004366 tcp 10.0.2.109 50899 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:08:16.438125 3.004273 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:08:21.004625 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:08:25.440844 0.000165 tcp 10.0.2.109 50899 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:08:25.441009 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:08:31.441981 4.002835 udp 10.0.2.109 63622 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:08:31.442247 4.002569 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:08:32.440574 3.004346 udp 10.0.2.109 63622 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:08:32.440631 3.004289 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:08:39.450844 0.000069 udp 10.0.2.109 63622 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:08:39.450913 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:08:39.450969 0.000055 udp 10.0.2.109 63622 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:08:39.451024 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:08:43.456410 3.755381 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:08:43.456591 3.755200 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:08:47.963131 2.994688 tcp 10.0.2.109 50900 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:08:47.963213 2.994606 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:08:56.955838 0.000079 tcp 10.0.2.109 50900 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:08:56.955917 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:08:58.240792 3.001741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 05:09:02.966276 3.753518 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:09:02.966349 3.753445 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:09:05.248072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:09:07.471346 2.993908 tcp 10.0.2.109 50901 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:09:07.471456 2.993798 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 05:09:11.997711 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:09:13.249566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:09:16.463891 0.000086 tcp 10.0.2.109 50901 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:09:16.463977 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 05:09:22.475419 4.003362 udp 10.0.2.109 65156 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:09:22.475496 4.003285 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:09:23.473813 3.005200 udp 10.0.2.109 65156 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:09:23.473888 3.005125 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:09:29.252714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:09:30.483896 0.000073 udp 10.0.2.109 65156 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:09:30.483969 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:09:30.484030 0.000040 udp 10.0.2.109 65156 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:09:30.484070 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:09:34.489961 3.755305 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:09:34.490042 3.755224 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:09:38.996924 3.004210 tcp 10.0.2.109 50902 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:09:38.997022 3.004112 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:09:47.999069 0.000063 tcp 10.0.2.109 50902 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:09:47.999132 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:09:54.000536 3.753057 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:09:54.000627 3.752966 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:10:01.258438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:14:58.506796 0.000173 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:14:58.507073 3.002896 tcp 10.0.2.109 50903 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:14:58.507177 3.002792 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 05:15:07.508866 0.000115 tcp 10.0.2.109 50903 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:15:07.508981 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 05:15:13.512290 4.001010 udp 10.0.2.109 51698 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:15:13.512365 4.000935 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:15:14.508506 3.004990 udp 10.0.2.109 51698 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:15:14.508599 3.004897 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:15:21.518706 0.000058 udp 10.0.2.109 51698 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:15:21.518764 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:15:21.518880 0.000041 udp 10.0.2.109 51698 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:15:21.518921 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:15:25.524488 3.755382 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:15:25.524566 3.755304 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:15:30.031303 2.994366 tcp 10.0.2.109 50904 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:15:30.031413 2.994256 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 05:15:39.033855 0.000090 tcp 10.0.2.109 50904 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:15:39.033945 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 05:15:44.001393 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:15:45.033603 3.754584 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:15:45.033692 3.754495 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:15:49.539650 3.003907 tcp 10.0.2.109 50905 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:15:49.539785 3.003772 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:15:58.541893 0.000131 tcp 10.0.2.109 50905 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:15:58.542024 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:16:04.544141 4.002478 udp 10.0.2.109 53735 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:16:04.544220 4.002399 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:16:05.265473 3.000450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 05:16:05.542133 3.004694 udp 10.0.2.109 53735 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:16:05.542223 3.004604 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:16:12.272201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:16:12.552343 0.000273 udp 10.0.2.109 53735 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:16:12.552472 0.000177 udp 10.0.2.109 53735 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:16:12.552616 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:16:12.552649 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:16:16.557853 3.755996 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:16:16.557909 3.755940 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:16:20.273753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:16:21.064951 3.004186 tcp 10.0.2.109 50906 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:16:21.065037 3.004100 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 05:16:29.006037 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:16:30.067840 0.000077 tcp 10.0.2.109 50906 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:16:30.067917 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 05:16:36.067312 4.104779 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:16:36.727642 3.444449 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:16:36.730102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:16:40.923200 2.994137 tcp 10.0.2.109 50907 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:16:40.923266 2.994071 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 05:16:49.916208 0.000083 tcp 10.0.2.109 50907 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:16:49.916291 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 05:16:55.928983 4.001446 udp 10.0.2.109 59242 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:16:55.929078 4.001351 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:16:56.926071 3.004572 udp 10.0.2.109 59242 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:16:56.926181 3.004462 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:17:03.936064 0.000060 udp 10.0.2.109 59242 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:17:03.936124 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:17:03.936194 0.000041 udp 10.0.2.109 59242 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:17:03.936235 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:17:07.942096 3.755699 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:17:07.942165 3.755630 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:17:08.733290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:17:12.448347 3.004454 tcp 10.0.2.109 50908 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:17:12.448424 3.004377 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 05:17:17.355373 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:17:21.451734 0.000082 tcp 10.0.2.109 50908 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:17:21.451816 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 05:17:27.451204 3.754320 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:17:27.451265 3.754259 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:17:31.956735 3.004342 tcp 10.0.2.109 50909 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:17:31.956912 3.004165 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 05:17:40.959743 0.000116 tcp 10.0.2.109 50909 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:17:40.959859 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 05:17:46.960679 4.002995 udp 10.0.2.109 53620 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:17:46.960751 4.002923 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:17:47.959180 3.004714 udp 10.0.2.109 53620 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:17:47.959242 3.004652 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:17:54.969330 0.000222 udp 10.0.2.109 53620 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:17:54.969497 0.000083 udp 10.0.2.109 53620 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:17:54.969552 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:17:54.969580 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:17:58.975578 3.754940 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:17:58.975661 3.754857 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:18:03.481729 2.994316 tcp 10.0.2.109 50910 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:18:03.481870 2.994175 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:18:08.348706 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:18:12.475005 0.000072 tcp 10.0.2.109 50910 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:18:12.475077 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:18:18.486445 3.752127 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:18:18.486530 3.752042 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:18:22.989864 3.440868 tcp 10.0.2.109 50911 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:18:22.989965 3.440767 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:18:31.992565 0.000144 tcp 10.0.2.109 50911 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:18:31.992709 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:18:38.204706 4.002845 udp 10.0.2.109 59014 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:18:38.204788 4.002763 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:18:39.203394 3.004256 udp 10.0.2.109 59014 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:18:39.203501 3.004149 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:18:46.213244 0.000091 udp 10.0.2.109 59014 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:18:46.213335 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:18:46.213417 0.000118 udp 10.0.2.109 59014 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:18:46.213535 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:18:50.219254 3.755034 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:18:50.219331 3.754957 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:18:54.725819 3.121960 tcp 10.0.2.109 50912 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:18:54.725908 3.121871 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 05:18:59.602668 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:19:03.728061 0.000080 tcp 10.0.2.109 50912 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:19:03.728141 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 05:19:09.768186 3.844232 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:19:09.768291 3.844127 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:19:14.363935 3.004467 tcp 10.0.2.109 50913 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:19:14.364004 3.004398 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:19:23.366958 0.000069 tcp 10.0.2.109 50913 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:19:23.367027 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:19:29.368293 4.002710 udp 10.0.2.109 53585 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:19:29.368369 4.002634 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:19:30.366675 3.004434 udp 10.0.2.109 53585 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:19:30.366729 3.004380 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:19:37.376501 0.479705 udp 10.0.2.109 53585 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:19:37.856206 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:19:37.856601 0.000193 udp 10.0.2.109 53585 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:19:37.856794 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:19:41.853285 3.755759 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:19:41.853356 3.755688 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:19:46.359630 3.004316 tcp 10.0.2.109 50914 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:19:46.359736 3.004210 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 05:19:50.895952 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:19:55.372294 0.000074 tcp 10.0.2.109 50914 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:19:55.372368 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 05:20:01.362568 3.754505 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:20:01.362652 3.754421 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:20:05.868254 3.003556 tcp 10.0.2.109 50915 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:20:05.868435 3.003375 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 05:20:14.870881 0.000087 tcp 10.0.2.109 50915 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:20:14.870968 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 05:20:20.872043 4.003517 udp 10.0.2.109 53423 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:20:20.872148 4.003412 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:20:21.870819 3.004767 udp 10.0.2.109 53423 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:20:21.870917 3.004669 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:20:28.880721 0.000265 udp 10.0.2.109 53423 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:20:28.880845 0.000166 udp 10.0.2.109 53423 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:20:28.880986 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:20:28.881011 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:20:32.886850 3.755535 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:20:32.886912 3.755473 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:20:37.393008 2.994257 tcp 10.0.2.109 50916 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:20:37.393112 2.994153 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:20:42.390043 0.000195 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:20:46.386578 0.000077 tcp 10.0.2.109 50916 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:20:46.386655 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:20:52.396144 3.753777 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:20:52.396205 3.753716 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:20:56.901697 2.993994 tcp 10.0.2.109 50917 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:20:56.901776 2.993915 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 05:21:05.894351 0.000140 tcp 10.0.2.109 50917 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:21:05.894491 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 05:21:11.905207 4.003200 udp 10.0.2.109 59608 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:21:11.905283 4.003124 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:21:12.903987 3.004493 udp 10.0.2.109 59608 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:21:12.904045 3.004435 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:21:19.914358 0.000068 udp 10.0.2.109 59608 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:21:19.914426 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:21:19.914544 0.000039 udp 10.0.2.109 59608 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:21:19.914583 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:21:23.920149 3.755169 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:21:23.920244 3.755074 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:21:28.426608 3.003937 tcp 10.0.2.109 50918 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:21:28.544419 2.886126 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 05:21:33.443531 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:21:37.429132 0.000061 tcp 10.0.2.109 50918 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:21:37.429193 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 05:21:43.540553 3.753196 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:21:43.540613 3.753136 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:21:48.045181 3.193631 tcp 10.0.2.109 50919 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:21:48.045272 3.193540 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 05:21:57.047811 0.000087 tcp 10.0.2.109 50919 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:21:57.047898 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 05:22:03.129868 4.002212 udp 10.0.2.109 50450 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:22:03.129951 4.002129 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:22:04.128145 3.004077 udp 10.0.2.109 50450 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:22:04.128212 3.004010 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:22:11.138001 0.000079 udp 10.0.2.109 50450 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:22:11.138080 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:22:11.138163 0.000041 udp 10.0.2.109 50450 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:22:11.138204 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:22:15.143573 3.755273 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:22:15.143643 3.755203 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:22:19.650309 2.994352 tcp 10.0.2.109 50920 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:22:19.650467 2.994194 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 05:22:24.527202 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:22:28.653091 0.000130 tcp 10.0.2.109 50920 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:22:28.653221 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 05:22:34.652875 3.754628 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:22:34.652943 3.754560 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:22:39.158649 3.003967 tcp 10.0.2.109 50921 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:22:39.158756 3.003860 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:22:48.160721 0.000084 tcp 10.0.2.109 50921 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:22:48.160805 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:22:54.162391 4.003196 udp 10.0.2.109 64538 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:22:54.162499 4.003088 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:22:55.161320 3.004390 udp 10.0.2.109 64538 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:22:55.161485 3.004225 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:23:02.171272 0.000061 udp 10.0.2.109 64538 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:23:02.171333 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:23:02.171390 0.000036 udp 10.0.2.109 64538 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:23:02.171426 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:23:06.177238 3.755005 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:23:06.177320 3.754923 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:23:10.684058 3.004007 tcp 10.0.2.109 50922 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:23:10.684143 3.003922 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:23:13.410776 3.001047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 05:23:15.520579 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:23:19.686314 0.000081 tcp 10.0.2.109 50922 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:23:19.686395 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:23:20.417753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:23:25.686032 3.754559 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:23:25.686277 3.754314 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:23:28.419263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:23:30.191908 2.994289 tcp 10.0.2.109 50923 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:23:30.191980 2.994217 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 05:23:39.184133 0.000087 tcp 10.0.2.109 50923 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:23:39.184220 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 05:23:44.422097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:23:45.196610 4.002658 udp 10.0.2.109 49324 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:23:45.196688 4.002580 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:23:46.194421 3.004871 udp 10.0.2.109 49324 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:23:46.194602 3.004690 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:23:53.204394 0.000072 udp 10.0.2.109 49324 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:23:53.204466 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:23:53.204529 0.000040 udp 10.0.2.109 49324 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:23:53.204569 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:23:57.210476 3.755547 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:23:57.210650 3.755373 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:24:01.717127 3.003844 tcp 10.0.2.109 50924 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:24:01.717198 3.003773 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:24:06.523742 0.000124 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:24:10.719517 0.000117 tcp 10.0.2.109 50924 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:24:10.719634 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:24:16.427972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:24:16.719214 3.754526 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:24:16.719279 3.754461 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:29:21.226697 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:29:21.226919 3.003512 tcp 10.0.2.109 50925 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:29:21.226986 3.003445 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 05:29:30.229526 0.000159 tcp 10.0.2.109 50925 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:29:30.229685 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 05:29:36.233079 4.000589 udp 10.0.2.109 54015 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:29:36.233173 4.000495 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:29:37.229046 3.004853 udp 10.0.2.109 54015 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:29:37.229103 3.004796 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:29:44.239572 0.000067 udp 10.0.2.109 54015 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:29:44.239639 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:29:44.239707 0.000172 udp 10.0.2.109 54015 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:29:44.239879 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:29:48.245073 3.755639 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:29:48.245230 3.755482 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:29:52.751624 2.994112 tcp 10.0.2.109 50926 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:29:52.751798 2.993938 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 05:30:01.744112 0.000068 tcp 10.0.2.109 50926 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:30:01.744180 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 05:30:06.521497 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:30:07.754475 3.753959 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:30:07.754554 3.753880 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:30:12.260169 3.003830 tcp 10.0.2.109 50927 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:30:12.260250 3.003749 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:30:20.434939 3.000643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 05:30:21.272307 0.000068 tcp 10.0.2.109 50927 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:30:21.272375 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:30:27.263871 4.003350 udp 10.0.2.109 56196 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:30:27.263937 4.003284 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:30:27.441718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:30:28.262573 3.004879 udp 10.0.2.109 56196 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:30:28.262679 3.004773 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:30:35.272835 0.000086 udp 10.0.2.109 56196 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:30:35.272921 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:30:35.273042 0.000119 udp 10.0.2.109 56196 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:30:35.273161 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:30:35.443451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:30:39.278634 3.755560 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:30:39.278816 3.755378 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:30:43.784833 3.004875 tcp 10.0.2.109 50928 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:30:43.784913 3.004795 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 05:30:51.445628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:30:51.525781 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:30:52.787933 0.000131 tcp 10.0.2.109 50928 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:30:52.788064 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 05:30:58.788069 3.753903 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:30:58.788245 3.753727 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:31:03.293465 2.994170 tcp 10.0.2.109 50929 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:31:03.293560 2.994075 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 05:31:12.286178 0.000101 tcp 10.0.2.109 50929 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:31:12.286279 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 05:31:18.298566 4.002010 udp 10.0.2.109 60418 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:31:18.298640 4.001936 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:31:19.295639 3.004967 udp 10.0.2.109 60418 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:31:19.295702 3.004904 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:31:23.451787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:31:26.305769 0.000063 udp 10.0.2.109 60418 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:31:26.305832 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:31:26.305902 0.000047 udp 10.0.2.109 60418 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:31:26.305949 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:31:30.311661 3.755871 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:31:30.311803 3.755729 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:31:34.818418 3.004083 tcp 10.0.2.109 50930 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:31:34.818497 3.004004 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 05:31:39.524923 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:31:43.821352 0.000072 tcp 10.0.2.109 50930 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:31:43.821424 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 05:31:49.821548 3.753497 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:31:49.821670 3.753375 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:31:54.326443 3.004535 tcp 10.0.2.109 50931 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:31:54.326532 3.004446 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 05:32:03.329559 0.000079 tcp 10.0.2.109 50931 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:32:03.329638 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 05:32:09.331802 4.001736 udp 10.0.2.109 58846 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:32:09.331876 4.001662 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:32:10.329194 3.004558 udp 10.0.2.109 58846 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:32:10.329255 3.004497 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:32:17.339719 0.000078 udp 10.0.2.109 58846 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:32:17.339797 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:32:17.339899 0.000054 udp 10.0.2.109 58846 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:32:17.339953 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:32:21.345743 3.855277 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:32:21.570516 3.630504 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:32:25.952232 2.993738 tcp 10.0.2.109 50932 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:32:25.952321 2.993649 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:32:30.618466 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:32:34.944456 0.000142 tcp 10.0.2.109 50932 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:32:34.944598 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:32:40.955606 3.753246 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:32:40.955726 3.753126 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:32:45.459802 2.994350 tcp 10.0.2.109 50933 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:32:45.459937 2.994215 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:32:54.463146 0.000085 tcp 10.0.2.109 50933 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:32:54.463231 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:33:00.465274 4.002027 udp 10.0.2.109 64932 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:00.465351 4.001950 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:33:01.463008 3.004462 udp 10.0.2.109 64932 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:01.463149 3.004321 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:33:08.472812 0.000055 udp 10.0.2.109 64932 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:08.472867 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:33:08.472953 0.000043 udp 10.0.2.109 64932 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:08.472996 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:33:12.478549 3.755527 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:12.478609 3.755467 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:33:16.985696 3.004093 tcp 10.0.2.109 50934 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:33:16.985781 3.004008 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 05:33:21.622029 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:33:25.988308 0.000084 tcp 10.0.2.109 50934 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:33:25.988392 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 05:33:31.988210 3.754558 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:31.988303 3.754465 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:33:36.494414 3.003449 tcp 10.0.2.109 50935 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:33:36.494513 3.003350 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:33:45.495922 0.000077 tcp 10.0.2.109 50935 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:33:45.495999 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:33:51.499226 4.001056 udp 10.0.2.109 52104 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:51.499333 4.000949 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:33:52.496083 3.004503 udp 10.0.2.109 52104 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:52.496167 3.004419 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:33:59.505985 0.000138 udp 10.0.2.109 52104 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:59.506123 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:33:59.506153 0.000173 udp 10.0.2.109 52104 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:33:59.506326 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:34:03.512240 3.755401 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:34:03.512351 3.755290 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:34:08.019231 3.003398 tcp 10.0.2.109 50936 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:34:08.019318 3.003311 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 05:34:12.625302 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:34:17.021549 0.000068 tcp 10.0.2.109 50936 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:34:17.021617 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 05:34:23.020833 3.754802 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:34:23.020947 3.754688 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:34:27.526983 3.003659 tcp 10.0.2.109 50937 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:34:27.527149 3.003493 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 05:34:36.529722 0.000160 tcp 10.0.2.109 50937 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:34:36.529882 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 05:34:42.532192 4.001606 udp 10.0.2.109 61765 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:34:42.532283 4.001515 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:34:43.529296 3.004732 udp 10.0.2.109 61765 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:34:43.529356 3.004672 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:34:50.539747 0.000237 udp 10.0.2.109 61765 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:34:50.539864 0.000151 udp 10.0.2.109 61765 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:34:50.539984 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:34:50.540015 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:34:54.545880 3.755207 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:34:54.545994 3.755093 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:34:59.052400 2.993896 tcp 10.0.2.109 50938 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:34:59.052473 2.993823 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:35:02.697359 0.000068 udp 10.0.2.109 3683 -> 151.27.246.255 3395 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:02.697427 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x971b URN 192 1 184 flow=Background 1970/01/08 05:35:03.618743 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:35:08.045044 0.000064 tcp 10.0.2.109 50938 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:35:08.045108 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:35:14.054906 4.414897 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 8 736 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:14.054976 4.414827 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 8 960 flow=Background 1970/01/08 05:35:18.560150 3.004198 tcp 10.0.2.109 50939 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:35:18.560232 3.004116 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 05:35:19.221156 2.253069 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 4 368 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:19.221222 2.253003 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 4 480 flow=Background 1970/01/08 05:35:22.225348 0.000070 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:22.225418 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x527f URN 192 1 134 flow=Background 1970/01/08 05:35:27.573187 0.000073 tcp 10.0.2.109 50939 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:35:27.573260 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 05:35:33.565046 4.002603 udp 10.0.2.109 51132 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:33.565130 4.002519 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:35:34.563208 3.004506 udp 10.0.2.109 51132 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:34.563270 3.004444 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:35:41.573277 0.000082 udp 10.0.2.109 51132 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:41.573359 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:35:41.573433 0.000040 udp 10.0.2.109 51132 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:41.573473 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:35:45.579082 4.508964 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:45.579183 4.508863 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:35:50.086076 3.003477 tcp 10.0.2.109 50940 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:35:50.086183 3.003370 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 05:35:50.836039 0.951499 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:51.207095 0.580443 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:35:52.539231 0.000125 udp 10.0.2.109 3683 -> 70.82.192.56 6689 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:35:52.539356 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4652 URN 192 1 283 flow=Background 1970/01/08 05:35:54.801808 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:35:59.087972 0.000089 tcp 10.0.2.109 50940 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:35:59.088061 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 05:36:05.268310 4.536997 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:05.268366 4.536941 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:36:09.774383 3.003390 tcp 10.0.2.109 50941 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:36:09.774504 3.003269 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 05:36:10.554870 0.750670 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:10.554982 0.750558 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:36:12.057536 0.000071 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:12.057607 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xcaa5 URN 192 1 250 flow=Background 1970/01/08 05:36:18.776438 0.000155 tcp 10.0.2.109 50941 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:36:18.776593 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 05:36:24.778876 4.002145 udp 10.0.2.109 55673 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:24.778989 4.002032 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:36:25.776298 3.004841 udp 10.0.2.109 55673 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:25.776359 3.004780 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:36:32.786824 0.000088 udp 10.0.2.109 55673 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:32.786912 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:36:32.786951 0.000151 udp 10.0.2.109 55673 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:32.787102 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:36:36.792765 4.507866 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:36.792847 4.507784 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:36:41.299325 3.004372 tcp 10.0.2.109 50942 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:36:41.299397 3.004300 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 05:36:42.049919 0.751113 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:42.050047 0.750985 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:36:43.552193 0.000161 udp 10.0.2.109 3683 -> 62.92.158.188 3282 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:43.552354 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x3e5c URN 192 1 174 flow=Background 1970/01/08 05:36:46.306427 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:36:50.301713 0.000068 tcp 10.0.2.109 50942 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:36:50.301781 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 05:36:56.301882 4.725553 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 9 828 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:36:56.301958 4.725477 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 9 1080 flow=Background 1970/01/08 05:37:00.807057 3.004668 tcp 10.0.2.109 50943 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:37:00.807122 3.004603 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:37:01.719370 1.500827 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:01.719553 1.500644 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 05:37:03.971533 0.000067 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:03.971600 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2ee9 URN 192 1 129 flow=Background 1970/01/08 05:37:09.810387 0.000099 tcp 10.0.2.109 50943 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:37:09.810486 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:37:15.851622 4.015059 udp 10.0.2.109 51674 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:15.851695 4.014986 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:37:16.849815 3.017163 udp 10.0.2.109 51674 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:16.849937 3.017041 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:37:23.869898 0.000079 udp 10.0.2.109 51674 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:23.869977 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:37:23.870106 0.000042 udp 10.0.2.109 51674 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:23.870148 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:37:27.779038 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 05:37:27.876097 4.507982 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:27.876165 4.507914 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:37:32.382866 2.993778 tcp 10.0.2.109 50944 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:37:32.382952 2.993692 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:37:33.133341 0.751155 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:33.133415 0.751081 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:37:34.635641 0.000075 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:34.635716 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x415d URN 192 1 158 flow=Background 1970/01/08 05:37:34.785767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:37:37.379542 1.954913 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:37:41.375135 0.000078 tcp 10.0.2.109 50944 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:37:41.375213 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:37:43.829018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:37:48.366814 3.874495 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:48.366878 3.874431 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:37:52.992321 2.994591 tcp 10.0.2.109 50945 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:37:52.992407 2.994505 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 05:37:53.924307 3.754926 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:53.924399 3.754834 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:37:58.430168 0.000062 udp 10.0.2.109 3683 -> 160.80.52.122 5029 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:37:58.430230 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xa050 URN 192 1 169 flow=Background 1970/01/08 05:37:59.931766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:38:01.985222 0.000135 tcp 10.0.2.109 50945 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:38:01.985357 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 05:38:07.996987 4.002146 udp 10.0.2.109 53353 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:07.997073 4.002060 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:38:08.994938 3.004334 udp 10.0.2.109 53353 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:08.995018 3.004254 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:38:16.004931 0.000055 udp 10.0.2.109 53353 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:16.004986 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:38:16.005046 0.000044 udp 10.0.2.109 53353 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:16.005090 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:38:20.011465 4.507272 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:20.011544 4.507193 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:38:24.517680 3.003816 tcp 10.0.2.109 50946 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:38:24.517760 3.003736 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:38:25.268712 0.750525 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:25.268780 0.750457 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:38:26.770604 0.000066 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:26.770670 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6cfb URN 192 1 301 flow=Background 1970/01/08 05:38:29.424315 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:38:31.938636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:38:33.520004 0.000067 tcp 10.0.2.109 50946 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:38:33.520071 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:38:39.520323 4.484961 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 9 828 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:39.520406 4.484878 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 9 1080 flow=Background 1970/01/08 05:38:44.757798 1.501010 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:44.757887 1.500921 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 05:38:47.009873 0.000100 udp 10.0.2.109 3683 -> 93.172.44.24 7820 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:38:47.009973 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5dac URN 192 1 200 flow=Background 1970/01/08 05:39:04.018675 4.061262 udp 10.0.2.109 54295 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:04.018792 4.061145 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:39:05.015516 3.064751 udp 10.0.2.109 54295 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:05.080244 3.000023 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:39:12.085617 0.000133 udp 10.0.2.109 54295 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:12.085750 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:39:12.085776 0.000038 udp 10.0.2.109 54295 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:12.085814 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:39:16.091662 3.755218 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:16.091755 3.755125 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:39:16.942408 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:39:20.598811 0.000161 udp 10.0.2.109 3683 -> 70.239.198.69 9706 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:20.598972 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x46ef URN 192 1 276 flow=Background 1970/01/08 05:39:37.914720 3.753476 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:37.914792 3.753404 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:39:42.419343 0.000065 udp 10.0.2.109 3683 -> 75.34.179.1 1841 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:42.419408 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b22 URN 192 1 261 flow=Background 1970/01/08 05:39:57.875186 4.002384 udp 10.0.2.109 54586 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:57.875266 4.002304 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:39:58.873118 3.004549 udp 10.0.2.109 54586 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:39:58.873176 3.004491 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:40:02.447873 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:40:05.883305 0.000115 udp 10.0.2.109 54586 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:05.883420 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:40:05.883444 0.000050 udp 10.0.2.109 54586 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:05.883494 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:40:09.889041 3.755196 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:09.889099 3.755138 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:40:14.395413 0.000079 udp 10.0.2.109 3683 -> 76.72.39.28 3825 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:14.395492 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4c48 URN 192 1 167 flow=Background 1970/01/08 05:40:30.509952 3.753996 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:30.510212 3.753736 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:40:35.014916 0.111738 udp 10.0.2.109 3683 -> 96.37.204.36 6480 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:35.126654 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6025 URN 192 1 273 flow=Background 1970/01/08 05:40:51.922726 4.002680 udp 10.0.2.109 49660 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:51.922830 4.002576 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:40:52.920716 3.004897 udp 10.0.2.109 49660 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:52.920772 3.004841 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:40:56.496056 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:40:59.930696 0.000125 udp 10.0.2.109 49660 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:59.930821 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:40:59.930844 0.000040 udp 10.0.2.109 49660 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:40:59.930884 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:41:03.936864 3.755283 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:41:03.936925 3.755222 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:41:08.443691 0.000107 udp 10.0.2.109 3683 -> 70.24.111.211 7183 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:41:08.443798 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4618 URN 192 1 116 flow=Background 1970/01/08 05:41:26.279871 4.005068 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:41:26.806437 3.478502 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:41:31.036022 0.000058 udp 10.0.2.109 3683 -> 99.60.181.75 9573 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:41:31.036080 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x633c URN 192 1 280 flow=Background 1970/01/08 05:41:47.021866 4.002520 udp 10.0.2.109 60801 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:41:47.021951 4.002435 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:41:48.020193 3.004258 udp 10.0.2.109 60801 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:41:48.020273 3.004178 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:41:51.745019 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:41:55.029851 0.000061 udp 10.0.2.109 60801 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:41:55.029912 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:41:55.029981 0.000159 udp 10.0.2.109 60801 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:41:55.030140 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:41:59.035808 4.195941 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:41:59.035871 4.195878 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:42:03.982928 0.000174 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:42:03.983102 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x62ea URN 192 1 295 flow=Background 1970/01/08 05:42:21.810816 3.752921 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:42:21.811029 3.752708 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:42:26.315321 0.000119 udp 10.0.2.109 3683 -> 2.193.43.250 8099 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:42:26.315440 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x02c1 URN 192 1 222 flow=Background 1970/01/08 05:42:45.035535 4.001961 udp 10.0.2.109 49210 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:42:45.035638 4.001858 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:42:46.033443 3.004158 udp 10.0.2.109 49210 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:42:46.033563 3.004038 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:42:49.688303 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:42:53.043430 0.000068 udp 10.0.2.109 49210 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:42:53.043498 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:42:53.043617 0.000042 udp 10.0.2.109 49210 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:42:53.043659 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:42:57.049248 3.755307 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:42:57.049319 3.755236 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:43:01.556487 0.000153 udp 10.0.2.109 3683 -> 50.73.87.77 7002 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:01.556640 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x3249 URN 192 1 177 flow=Background 1970/01/08 05:43:20.344137 3.754310 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:20.344276 3.754171 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:43:24.849513 0.000084 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:24.849597 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b5c URN 192 1 201 flow=Background 1970/01/08 05:43:42.677576 4.002812 udp 10.0.2.109 56729 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:42.677823 4.002565 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:43:43.676573 3.003934 udp 10.0.2.109 56729 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:43.676650 3.003857 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:43:44.788113 3.003851 tcp 10.0.2.109 50947 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:43:44.788205 3.003759 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 05:43:47.181130 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:43:50.686401 0.000116 udp 10.0.2.109 56729 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:50.686517 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:43:50.686536 0.000046 udp 10.0.2.109 56729 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:50.686582 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:43:53.790948 0.000159 tcp 10.0.2.109 50947 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:43:53.791107 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 05:43:54.692121 3.755355 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:54.692195 3.755281 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:43:59.199200 0.000058 udp 10.0.2.109 3683 -> 212.12.186.201 5494 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:59.199258 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd40c URN 192 1 256 flow=Background 1970/01/08 05:43:59.790484 3.754046 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:43:59.790558 3.753972 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:44:04.295967 3.004087 tcp 10.0.2.109 50948 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:44:04.296032 3.004022 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 05:44:13.298780 0.000080 tcp 10.0.2.109 50948 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:44:13.298860 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 05:44:16.924973 4.627370 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:16.925031 4.627312 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:44:21.430781 0.000119 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:21.430900 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x1bfb URN 192 1 120 flow=Background 1970/01/08 05:44:22.302199 0.751038 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:22.302277 0.750960 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:44:23.804424 3.003719 tcp 10.0.2.109 50949 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:44:23.804538 3.003605 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:44:31.684883 0.000198 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:44:32.806995 0.000117 tcp 10.0.2.109 50949 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:44:32.807112 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:44:36.705291 3.041891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 05:44:38.127501 4.002522 udp 10.0.2.109 49753 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:38.127578 4.002445 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:44:39.126348 3.003774 udp 10.0.2.109 49753 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:39.126444 3.003678 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:44:43.752651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:44:46.136387 0.000056 udp 10.0.2.109 49753 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:46.136443 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:44:46.136507 0.000038 udp 10.0.2.109 49753 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:46.136545 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:44:50.142277 4.507463 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:50.142345 4.507395 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:44:51.754191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:44:54.648551 0.000076 udp 10.0.2.109 3683 -> 111.254.122.18 6738 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:54.648627 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6ffe URN 192 1 241 flow=Background 1970/01/08 05:44:55.399148 0.751120 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:44:55.399210 0.751058 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:44:56.901954 2.993926 tcp 10.0.2.109 50950 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:44:56.902033 2.993847 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 05:45:05.894070 0.000095 tcp 10.0.2.109 50950 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:45:05.894165 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 05:45:07.757074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:45:10.582376 4.506601 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:10.582440 4.506537 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:45:15.088342 0.000060 udp 10.0.2.109 3683 -> 75.149.131.201 1430 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:15.088402 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b95 URN 192 1 152 flow=Background 1970/01/08 05:45:15.838837 0.751139 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:15.838915 0.751061 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:45:17.341439 2.994234 tcp 10.0.2.109 50951 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:45:17.341528 2.994145 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 05:45:19.694678 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:45:26.344103 0.000079 tcp 10.0.2.109 50951 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:45:26.344182 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 05:45:32.345669 4.002724 udp 10.0.2.109 58037 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:32.345755 4.002638 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:45:33.344270 3.004288 udp 10.0.2.109 58037 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:33.344361 3.004197 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:45:39.763671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:45:40.353776 0.050841 udp 10.0.2.109 58037 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:40.404617 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:45:40.405185 0.000146 udp 10.0.2.109 58037 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:40.405331 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:45:44.410022 4.508261 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:44.410103 4.508180 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:45:48.917013 3.004131 tcp 10.0.2.109 50952 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:45:48.917094 3.004050 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 05:45:49.667617 0.751076 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:49.667670 0.751023 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:45:51.169888 0.000160 udp 10.0.2.109 3683 -> 173.216.254.174 8795 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:45:51.170048 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xadd8 URN 192 1 205 flow=Background 1970/01/08 05:45:57.919036 0.000082 tcp 10.0.2.109 50952 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:45:57.919118 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 05:46:03.919686 3.753975 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:03.919752 3.753909 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:46:08.424967 3.003937 tcp 10.0.2.109 50953 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:46:08.425060 3.003844 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 05:46:09.927576 3.754170 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:09.927638 3.754108 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:46:13.201098 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:46:14.433110 0.000173 udp 10.0.2.109 3683 -> 70.51.157.146 8685 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:14.433283 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4633 URN 192 1 303 flow=Background 1970/01/08 05:46:17.426958 0.000088 tcp 10.0.2.109 50953 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:46:17.427046 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 05:46:23.428832 4.002997 udp 10.0.2.109 54782 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:23.428918 4.002911 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:46:24.427617 3.004397 udp 10.0.2.109 54782 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:24.427684 3.004330 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:46:31.437329 0.000069 udp 10.0.2.109 54782 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:31.437398 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:46:31.437471 0.000040 udp 10.0.2.109 54782 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:31.437511 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:46:35.443732 4.507440 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:35.443937 4.507235 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:46:39.950172 3.003683 tcp 10.0.2.109 50954 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:46:39.950261 3.003594 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:46:40.700803 0.751186 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:40.700858 0.751131 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:46:42.203495 0.000075 udp 10.0.2.109 3683 -> 111.252.171.26 9198 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:42.203570 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6ffc URN 192 1 296 flow=Background 1970/01/08 05:46:48.962947 0.000070 tcp 10.0.2.109 50954 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:46:48.963017 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:46:54.952427 4.536124 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:46:54.952489 4.536062 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:46:59.457903 3.004577 tcp 10.0.2.109 50955 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:46:59.458016 3.004464 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:47:00.238869 0.751384 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:00.238934 0.751319 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:47:01.741339 0.000098 udp 10.0.2.109 3683 -> 163.25.87.88 5241 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:01.741437 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xa319 URN 192 1 237 flow=Background 1970/01/08 05:47:04.204757 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:47:08.460367 0.000126 tcp 10.0.2.109 50955 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:47:08.460493 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:47:14.462485 4.002894 udp 10.0.2.109 56616 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:14.462573 4.002806 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:47:15.460557 3.004924 udp 10.0.2.109 56616 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:15.460663 3.004818 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:47:22.471014 0.000092 udp 10.0.2.109 56616 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:22.471106 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:47:22.471231 0.000168 udp 10.0.2.109 56616 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:22.471399 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:47:26.476794 4.508026 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:26.476864 4.507956 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 05:47:30.983675 2.994026 tcp 10.0.2.109 50956 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:47:30.983768 2.993933 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 05:47:31.733992 0.751614 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:31.734212 0.751394 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 05:47:33.236365 0.000122 udp 10.0.2.109 3683 -> 108.223.244.17 1064 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:33.236487 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6cdf URN 192 1 162 flow=Background 1970/01/08 05:47:39.976118 0.000065 tcp 10.0.2.109 50956 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:47:39.976183 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 05:47:45.986279 4.775640 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 8 736 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:45.986343 4.775576 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 8 960 flow=Background 1970/01/08 05:47:50.491529 2.993942 tcp 10.0.2.109 50957 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:47:50.491596 2.993875 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:47:51.512456 2.253524 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 4 368 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:47:51.512518 2.253462 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 4 480 flow=Background 1970/01/08 05:47:55.207833 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:47:59.494031 0.000085 tcp 10.0.2.109 50957 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:47:59.494116 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:48:05.496712 4.001634 udp 10.0.2.109 52041 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:48:05.496794 4.001552 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:48:06.494421 3.004033 udp 10.0.2.109 52041 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:48:06.494534 3.003920 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:48:13.503925 0.000064 udp 10.0.2.109 52041 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:48:13.503989 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:48:13.504062 0.000048 udp 10.0.2.109 52041 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:48:13.504110 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:48:17.510239 3.755235 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:48:17.510302 3.755172 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:48:22.016384 3.004853 tcp 10.0.2.109 50958 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:48:22.016512 3.004725 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 05:48:31.019475 0.000157 tcp 10.0.2.109 50958 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:48:31.019632 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 05:48:37.019754 3.753379 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:48:37.019831 3.753302 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:48:41.525082 3.003719 tcp 10.0.2.109 50959 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:48:41.525176 3.003625 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 05:48:46.200810 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:48:50.527222 0.000074 tcp 10.0.2.109 50959 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:48:50.527296 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 05:48:56.529209 4.002853 udp 10.0.2.109 50331 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:48:56.529315 4.002747 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:48:57.527532 3.004645 udp 10.0.2.109 50331 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:48:57.527630 3.004547 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:49:04.537636 0.000058 udp 10.0.2.109 50331 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:49:04.537694 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:49:04.537753 0.000038 udp 10.0.2.109 50331 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:49:04.537791 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:49:08.543500 3.755478 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:49:08.543579 3.755399 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:49:13.050414 2.993787 tcp 10.0.2.109 50960 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:49:13.050486 2.993715 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:49:22.052510 0.000157 tcp 10.0.2.109 50960 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:49:22.052667 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:49:28.052761 3.754036 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:49:28.052838 3.753959 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:49:32.557951 3.004740 tcp 10.0.2.109 50961 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:49:32.558039 3.004652 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 05:49:37.204249 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:49:41.560641 0.000071 tcp 10.0.2.109 50961 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:49:41.560712 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 05:49:47.561897 4.003098 udp 10.0.2.109 55780 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:49:47.562238 4.002757 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:49:48.560893 3.004297 udp 10.0.2.109 55780 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:49:48.560951 3.004239 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:49:55.571618 0.000072 udp 10.0.2.109 55780 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:49:55.571690 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:49:55.571750 0.000041 udp 10.0.2.109 55780 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:49:55.571791 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:49:59.577366 3.754752 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:49:59.577428 3.754690 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:50:04.083253 2.994128 tcp 10.0.2.109 50962 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:50:04.083427 2.993954 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 05:50:13.076009 0.000067 tcp 10.0.2.109 50962 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:50:13.076076 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 05:50:19.086005 3.754208 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:50:19.086210 3.754003 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:50:23.591551 2.994090 tcp 10.0.2.109 50963 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:50:23.591678 2.993963 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 05:50:28.208047 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:50:32.584034 0.000109 tcp 10.0.2.109 50963 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:50:32.584143 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 05:50:38.595267 4.003578 udp 10.0.2.109 62562 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:50:38.595345 4.003500 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:50:39.594423 3.004537 udp 10.0.2.109 62562 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:50:39.594483 3.004477 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:50:46.604194 0.000103 udp 10.0.2.109 62562 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:50:46.604297 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:50:46.604319 0.000038 udp 10.0.2.109 62562 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:50:46.604357 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:50:50.610246 3.755466 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:50:50.610359 3.755353 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:50:55.116429 3.004508 tcp 10.0.2.109 50964 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:50:55.116500 3.004437 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 05:51:04.119665 0.000073 tcp 10.0.2.109 50964 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:51:04.119738 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 05:51:10.119065 3.754154 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:51:10.119132 3.754087 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:51:14.624758 3.004113 tcp 10.0.2.109 50965 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:51:14.624906 3.003965 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:51:19.201319 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:51:23.627465 0.000090 tcp 10.0.2.109 50965 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:51:23.627555 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:51:29.629180 4.003276 udp 10.0.2.109 54635 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:51:29.629248 4.003208 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:51:30.627774 3.004909 udp 10.0.2.109 54635 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:51:30.627838 3.004845 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:51:37.637629 0.000145 udp 10.0.2.109 54635 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:51:37.637753 0.000149 udp 10.0.2.109 54635 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:51:37.637774 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:51:37.637902 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:51:41.643490 3.755342 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:51:41.643546 3.755286 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:51:43.779509 3.001392 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 05:51:46.149849 2.994237 tcp 10.0.2.109 50966 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:51:46.149940 2.994146 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:51:50.786865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:51:55.152696 0.000076 tcp 10.0.2.109 50966 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:51:55.152772 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:51:58.788168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:52:01.153787 3.753425 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:52:01.153850 3.753362 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:52:05.658273 3.003759 tcp 10.0.2.109 50967 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:52:05.658338 3.003694 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 05:52:10.204697 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:52:14.660702 0.000075 tcp 10.0.2.109 50967 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:52:14.660777 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 05:52:14.791371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:52:20.662864 4.002880 udp 10.0.2.109 63485 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:52:20.662989 4.002755 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:52:21.660644 3.005282 udp 10.0.2.109 63485 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:52:21.660736 3.005190 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:52:28.671058 0.000066 udp 10.0.2.109 63485 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:52:28.671124 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:52:28.671190 0.000045 udp 10.0.2.109 63485 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:52:28.671235 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:52:32.676920 3.806749 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:52:32.677020 3.806649 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:52:37.213618 3.004347 tcp 10.0.2.109 50968 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:52:37.213705 3.004260 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:52:46.216087 0.000079 tcp 10.0.2.109 50968 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:52:46.216166 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:52:46.807148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:52:52.216007 3.754058 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:52:52.216084 3.753981 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:57:56.723507 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:57:56.723655 2.993185 tcp 10.0.2.109 50969 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:57:56.723712 2.993128 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 05:58:05.715734 0.000087 tcp 10.0.2.109 50969 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:58:05.715821 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 05:58:11.729149 4.000949 udp 10.0.2.109 62095 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:58:11.729217 4.000881 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:58:12.725650 3.004640 udp 10.0.2.109 62095 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:58:12.725723 3.004567 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:58:19.735905 0.000077 udp 10.0.2.109 62095 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:58:19.735982 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:58:19.736047 0.000036 udp 10.0.2.109 62095 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:58:19.736083 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:58:23.741527 3.755533 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:58:23.741615 3.755445 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:58:28.248134 3.003958 tcp 10.0.2.109 50970 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:58:28.248198 3.003894 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 05:58:37.251305 0.000079 tcp 10.0.2.109 50970 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:58:37.251384 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 05:58:42.217884 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:58:43.250660 3.754100 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:58:43.250734 3.754026 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:58:47.756394 3.004085 tcp 10.0.2.109 50971 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:58:47.756467 3.004012 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 05:58:50.813432 3.001419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 05:58:56.758846 0.000074 tcp 10.0.2.109 50971 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:58:56.758920 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 05:58:57.820436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:59:02.760526 4.082862 udp 10.0.2.109 51107 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:59:02.843371 4.000017 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:59:03.838985 3.004649 udp 10.0.2.109 51107 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:59:03.839046 3.004588 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 05:59:05.861795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:59:10.848988 0.000077 udp 10.0.2.109 51107 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:59:10.849065 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:59:10.849184 0.000040 udp 10.0.2.109 51107 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:59:10.849224 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 05:59:14.855225 3.755321 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:59:14.855314 3.755232 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:59:19.361785 2.994309 tcp 10.0.2.109 50972 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:59:19.361861 2.994233 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 05:59:21.864945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:59:27.252788 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 05:59:28.354175 0.000089 tcp 10.0.2.109 50972 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:59:28.354264 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 05:59:34.364436 3.754499 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:59:34.364541 3.754394 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 05:59:38.869635 2.994761 tcp 10.0.2.109 50973 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:59:38.869785 2.994611 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 05:59:47.872916 0.000114 tcp 10.0.2.109 50973 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 05:59:47.873030 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 05:59:53.871732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 05:59:53.874517 4.002140 udp 10.0.2.109 56928 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:59:53.874598 4.002059 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 05:59:54.872507 3.004298 udp 10.0.2.109 56928 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 05:59:54.872577 3.004228 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:00:01.882772 0.000158 udp 10.0.2.109 56928 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:00:01.882900 0.000059 udp 10.0.2.109 56928 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:00:01.882930 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:00:01.882959 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:00:05.888554 4.937255 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 5 460 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:00:05.888622 4.937187 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 5 600 flow=Background 1970/01/08 06:00:11.576404 0.000054 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:00:11.576458 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 1 120 flow=Background 1970/01/08 06:00:12.328383 3.003882 tcp 10.0.2.109 50974 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:00:12.328503 3.003762 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 06:00:17.074442 2.621368 arp 10.0.2.109 who 10.0.2.2 CON 4 168 flow=Background-ARP 1970/01/08 06:00:21.331161 0.000130 tcp 10.0.2.109 50974 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:00:21.331291 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 06:00:28.602331 3.753921 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:00:28.602402 3.753850 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:00:33.107914 3.003914 tcp 10.0.2.109 50975 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:00:33.108065 3.003763 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 06:00:42.110589 1.051894 tcp 10.0.2.109 50975 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:00:43.162483 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 06:00:48.613774 4.001837 udp 10.0.2.109 63936 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:00:48.613855 4.001756 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:00:49.611429 3.004463 udp 10.0.2.109 63936 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:00:49.611519 3.004373 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:00:56.621625 0.000085 udp 10.0.2.109 63936 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:00:56.621710 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:00:56.621836 0.000121 udp 10.0.2.109 63936 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:00:56.621957 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:01:00.627544 3.845135 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:01:00.683018 3.789661 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:01:05.224025 3.004070 tcp 10.0.2.109 50976 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:01:05.224123 3.003972 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:01:09.920532 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:01:14.227014 0.000146 tcp 10.0.2.109 50976 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:01:14.227160 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:01:20.228164 3.752705 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:01:20.228234 3.752635 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:01:24.732237 2.993734 tcp 10.0.2.109 50977 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:01:24.732310 2.993661 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:01:33.724780 0.000090 tcp 10.0.2.109 50977 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:01:33.724870 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:01:39.736980 4.002379 udp 10.0.2.109 52051 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:01:39.737076 4.002283 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:01:40.734739 3.004654 udp 10.0.2.109 52051 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:01:40.734795 3.004598 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:01:47.745156 0.000061 udp 10.0.2.109 52051 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:01:47.745217 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:01:47.745289 0.000040 udp 10.0.2.109 52051 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:01:47.745329 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:01:51.751068 3.755215 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:01:51.751152 3.755131 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:01:56.257462 3.003898 tcp 10.0.2.109 50978 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:01:56.257533 3.003827 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 06:02:00.924004 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:02:05.260067 0.000072 tcp 10.0.2.109 50978 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:02:05.260139 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 06:02:11.260359 3.753431 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:02:11.260424 3.753366 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:02:15.765133 3.004171 tcp 10.0.2.109 50979 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:02:15.765231 3.004073 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:02:24.767886 0.000157 tcp 10.0.2.109 50979 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:02:24.768043 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:02:30.769413 4.003360 udp 10.0.2.109 61006 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:02:30.769509 4.003264 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:02:31.768081 3.004800 udp 10.0.2.109 61006 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:02:31.768156 3.004725 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:02:38.778210 0.000064 udp 10.0.2.109 61006 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:02:38.778274 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:02:38.778347 0.000161 udp 10.0.2.109 61006 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:02:38.778508 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:02:42.784918 3.754568 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:02:42.785069 3.754417 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:02:47.290697 2.994143 tcp 10.0.2.109 50980 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:02:47.290773 2.994067 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 06:02:51.917265 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:02:56.293229 0.000081 tcp 10.0.2.109 50980 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:02:56.293310 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 06:03:02.293352 3.754471 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:03:02.293426 3.754397 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:03:06.798733 3.004426 tcp 10.0.2.109 50981 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:03:06.798961 3.004198 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 06:03:15.801780 0.000083 tcp 10.0.2.109 50981 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:03:15.801863 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 06:03:21.803866 4.002482 udp 10.0.2.109 52710 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:03:21.803946 4.002402 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:03:22.801221 3.005222 udp 10.0.2.109 52710 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:03:22.801283 3.005160 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:03:29.811993 0.000256 udp 10.0.2.109 52710 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:03:29.812114 0.000163 udp 10.0.2.109 52710 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:03:29.812249 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:03:29.812277 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:03:33.817789 3.754936 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:03:33.817846 3.754879 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:03:38.324646 3.003339 tcp 10.0.2.109 50982 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:03:38.324765 3.003220 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:03:42.920226 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:03:47.326977 0.000079 tcp 10.0.2.109 50982 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:03:47.327056 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:03:53.327089 3.753758 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:03:53.327155 3.753692 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:03:57.832641 2.993450 tcp 10.0.2.109 50983 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:03:57.832791 2.993300 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 06:04:06.824604 0.000100 tcp 10.0.2.109 50983 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:04:06.824704 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 06:04:12.836476 4.002722 udp 10.0.2.109 54396 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:04:12.836583 4.002615 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:04:13.835012 3.004283 udp 10.0.2.109 54396 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:04:13.835103 3.004192 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:04:20.844994 0.000292 udp 10.0.2.109 54396 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:04:20.845139 0.000179 udp 10.0.2.109 54396 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:04:20.845286 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:04:20.845318 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:04:24.851235 3.754902 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:04:24.851332 3.754805 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:04:29.357341 3.004514 tcp 10.0.2.109 50984 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:04:29.357457 3.004398 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 06:04:33.924025 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:04:38.360549 0.000081 tcp 10.0.2.109 50984 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:04:38.360630 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 06:04:44.361137 3.753441 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:04:44.361224 3.753354 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:04:48.865853 3.003976 tcp 10.0.2.109 50985 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:04:48.865982 3.003847 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 06:04:57.868322 0.000078 tcp 10.0.2.109 50985 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:04:57.868400 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 06:05:03.870670 4.002357 udp 10.0.2.109 56753 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:05:03.870866 4.002161 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:05:04.868176 3.004995 udp 10.0.2.109 56753 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:05:04.868263 3.004908 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:05:11.878339 0.000062 udp 10.0.2.109 56753 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:05:11.878401 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:05:11.878474 0.000041 udp 10.0.2.109 56753 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:05:11.878515 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:05:15.884460 3.755137 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:05:15.884522 3.755075 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:05:20.390808 2.994447 tcp 10.0.2.109 50986 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:05:20.390892 2.994363 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 06:05:24.916742 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:05:29.393204 0.000095 tcp 10.0.2.109 50986 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:05:29.393299 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 06:05:35.393319 3.754441 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:05:35.393404 3.754356 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:05:39.899171 3.003526 tcp 10.0.2.109 50987 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:05:39.899250 3.003447 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:05:48.901860 0.000070 tcp 10.0.2.109 50987 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:05:48.901930 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:05:54.904176 4.002111 udp 10.0.2.109 60296 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:05:54.904261 4.002026 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:05:55.901432 3.004978 udp 10.0.2.109 60296 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:05:55.901535 3.004875 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:06:01.042795 3.000724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 06:06:02.911817 0.000066 udp 10.0.2.109 60296 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:06:02.911883 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:06:02.911942 0.000036 udp 10.0.2.109 60296 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:06:02.911978 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:06:06.917822 3.755474 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:06:06.917880 3.755416 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:06:08.049317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:06:11.423970 3.004187 tcp 10.0.2.109 50988 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:06:11.424061 3.004096 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:06:16.050832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:06:16.421124 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:06:20.426767 0.000078 tcp 10.0.2.109 50988 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:06:20.426845 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:06:26.426770 3.754397 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:06:26.426833 3.754334 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:06:30.932641 2.993638 tcp 10.0.2.109 50989 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:06:30.932718 2.993561 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 06:06:32.053566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:06:39.925295 0.000081 tcp 10.0.2.109 50989 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:06:39.925376 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 06:06:45.936318 4.003430 udp 10.0.2.109 64449 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:06:45.936391 4.003357 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:06:46.934973 3.004889 udp 10.0.2.109 64449 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:06:46.935032 3.004830 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:06:53.944973 0.000059 udp 10.0.2.109 64449 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:06:53.945032 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:06:53.945103 0.000039 udp 10.0.2.109 64449 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:06:53.945142 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:06:57.951294 3.755097 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:06:57.951372 3.755019 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:07:02.457667 3.003750 tcp 10.0.2.109 50990 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:07:02.457740 3.003677 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:07:04.059423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:07:07.424598 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:07:11.459962 0.000094 tcp 10.0.2.109 50990 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:07:11.460056 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:07:17.460693 3.753776 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:07:17.460754 3.753715 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:12:21.967741 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:12:21.967952 3.003445 tcp 10.0.2.109 50991 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:12:21.968057 3.003340 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 06:12:30.969955 0.000132 tcp 10.0.2.109 50991 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:12:30.970087 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 06:12:36.973264 4.001398 udp 10.0.2.109 50437 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:12:36.973346 4.001316 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:12:37.969557 3.005356 udp 10.0.2.109 50437 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:12:37.969616 3.005297 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:12:44.980074 0.000064 udp 10.0.2.109 50437 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:12:44.980138 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:12:44.980212 0.000043 udp 10.0.2.109 50437 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:12:44.980255 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:12:48.985777 3.755350 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:12:48.985848 3.755279 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:12:53.492349 2.993984 tcp 10.0.2.109 50992 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:12:53.492430 2.993903 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 06:13:02.485205 0.000066 tcp 10.0.2.109 50992 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:13:02.485271 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 06:13:07.421776 0.273554 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:13:08.185357 3.002446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 06:13:08.615430 3.753630 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:13:08.615512 3.753548 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:13:13.120844 2.993465 tcp 10.0.2.109 50993 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:13:13.120963 2.993346 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:13:15.193348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:13:22.123474 0.000073 tcp 10.0.2.109 50993 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:13:22.123547 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:13:23.194581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:13:28.125026 4.002675 udp 10.0.2.109 57107 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:13:28.125115 4.002586 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:13:29.123320 3.004488 udp 10.0.2.109 57107 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:13:29.123519 3.004289 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:13:36.133044 0.000149 udp 10.0.2.109 57107 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:13:36.133171 0.000155 udp 10.0.2.109 57107 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:13:36.133193 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:13:36.133326 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:13:39.197855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:13:40.139216 3.755412 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:13:40.139330 3.755298 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:13:44.646318 3.003460 tcp 10.0.2.109 50994 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:13:44.646491 3.003287 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 06:13:52.536703 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:13:53.648386 0.000064 tcp 10.0.2.109 50994 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:13:53.648450 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 06:13:59.648680 3.754286 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:13:59.648760 3.754206 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:14:04.154143 3.003712 tcp 10.0.2.109 50995 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:14:04.154209 3.003646 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 06:14:11.204220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:14:13.156866 0.000071 tcp 10.0.2.109 50995 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:14:13.156937 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 06:14:19.157762 4.003203 udp 10.0.2.109 56541 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:14:19.157858 4.003107 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:14:20.156715 3.004306 udp 10.0.2.109 56541 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:14:20.156784 3.004237 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:14:27.166802 0.000092 udp 10.0.2.109 56541 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:14:27.166894 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:14:27.166919 0.000033 udp 10.0.2.109 56541 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:14:27.166952 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:14:31.172596 3.755555 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:14:31.172663 3.755488 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:14:35.679371 3.004193 tcp 10.0.2.109 50996 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:14:35.679461 3.004103 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 06:14:40.535833 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:14:44.681785 0.000173 tcp 10.0.2.109 50996 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:14:44.681958 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 06:14:50.681522 3.754681 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:14:50.681598 3.754605 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:14:55.187400 3.003687 tcp 10.0.2.109 50997 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:14:55.187491 3.003596 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 06:15:04.189984 0.000085 tcp 10.0.2.109 50997 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:15:04.190069 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 06:15:10.191910 4.002524 udp 10.0.2.109 56943 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:15:10.191981 4.002453 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:15:11.189869 3.004781 udp 10.0.2.109 56943 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:15:11.189929 3.004721 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:15:18.200238 0.000278 udp 10.0.2.109 56943 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:15:18.200364 0.000179 udp 10.0.2.109 56943 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:15:18.200516 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:15:18.200543 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:15:22.206564 3.754454 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:15:22.206739 3.754279 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:15:26.712309 2.994231 tcp 10.0.2.109 50998 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:15:26.712411 2.994129 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:15:31.539652 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:15:35.705505 0.000084 tcp 10.0.2.109 50998 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:15:35.705589 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:15:41.716701 3.752911 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:15:41.716760 3.752852 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:15:46.220752 2.994226 tcp 10.0.2.109 50999 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:15:46.220930 2.994048 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:15:55.223137 0.000073 tcp 10.0.2.109 50999 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:15:55.223210 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:16:01.225830 4.001938 udp 10.0.2.109 56889 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:16:01.225917 4.001851 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:16:02.223808 3.004050 udp 10.0.2.109 56889 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:16:02.223868 3.003990 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:16:09.233545 0.000057 udp 10.0.2.109 56889 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:16:09.233602 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:16:09.233672 0.000132 udp 10.0.2.109 56889 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:16:09.233804 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:16:13.239487 3.755232 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:16:13.239583 3.755136 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:16:17.745845 3.004065 tcp 10.0.2.109 51000 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:16:17.745935 3.003975 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 06:16:22.542883 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:16:26.748332 0.000149 tcp 10.0.2.109 51000 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:16:26.748481 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 06:16:32.748931 3.753799 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:16:32.748999 3.753731 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:16:37.254397 3.003833 tcp 10.0.2.109 51001 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:16:37.254477 3.003753 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:16:46.256691 0.000080 tcp 10.0.2.109 51001 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:16:46.256771 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:16:52.258900 4.002247 udp 10.0.2.109 55610 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:16:52.258978 4.002169 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:16:53.257046 3.004131 udp 10.0.2.109 55610 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:16:53.257109 3.004068 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:17:00.266844 0.000084 udp 10.0.2.109 55610 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:17:00.266928 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:17:00.266974 0.000039 udp 10.0.2.109 55610 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:17:00.267013 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:17:04.272602 3.755322 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:17:04.272707 3.755217 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:17:08.779172 3.004029 tcp 10.0.2.109 51002 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:17:08.779287 3.003914 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 06:17:13.535638 0.000164 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:17:17.781726 0.000111 tcp 10.0.2.109 51002 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:17:17.781837 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 06:17:23.781980 3.753939 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:17:23.782040 3.753879 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:17:28.287131 3.004330 tcp 10.0.2.109 51003 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:17:28.287217 3.004244 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 06:17:37.289764 0.000080 tcp 10.0.2.109 51003 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:17:37.289844 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 06:17:43.292746 4.001482 udp 10.0.2.109 50422 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:17:43.292832 4.001396 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:17:44.290549 3.003783 udp 10.0.2.109 50422 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:17:44.290715 3.003617 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:17:51.299932 0.000058 udp 10.0.2.109 50422 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:17:51.299990 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:17:51.300071 0.000036 udp 10.0.2.109 50422 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:17:51.300107 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:17:55.306163 3.755614 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:17:55.306249 3.755528 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:17:59.812924 2.994102 tcp 10.0.2.109 51004 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:17:59.813019 2.994007 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:18:04.539147 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:18:08.805299 0.000146 tcp 10.0.2.109 51004 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:18:08.805445 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:18:13.702715 0.000086 udp 10.0.2.109 3683 -> 151.27.246.255 3395 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:18:13.702801 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x971b URN 192 1 211 flow=Background 1970/01/08 06:18:14.815228 3.754483 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:18:14.815291 3.754420 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:18:19.320620 3.809983 tcp 10.0.2.109 51005 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:18:19.320690 3.809913 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 06:18:28.323291 0.000074 tcp 10.0.2.109 51005 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:18:28.323365 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 06:18:32.993538 4.002587 udp 10.0.2.109 63476 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:18:32.993624 4.002501 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:18:33.991524 3.004697 udp 10.0.2.109 63476 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:18:33.991607 3.004614 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:18:41.001543 0.000067 udp 10.0.2.109 63476 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:18:41.001610 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:18:41.001681 0.000043 udp 10.0.2.109 63476 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:18:41.001724 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:18:45.007913 4.285704 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 9 828 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:18:45.007979 4.285638 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 9 1080 flow=Background 1970/01/08 06:18:49.764671 0.000066 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:18:49.764737 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x527f URN 192 1 262 flow=Background 1970/01/08 06:18:50.047001 1.499935 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:18:50.047070 1.499866 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 06:18:52.298055 3.004567 tcp 10.0.2.109 51006 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:18:52.298124 3.004498 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 06:18:54.661100 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:19:01.301165 0.000091 tcp 10.0.2.109 51006 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:19:01.301256 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 06:19:07.300788 4.506797 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:07.300878 4.506707 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:19:11.806161 3.004229 tcp 10.0.2.109 51007 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:19:11.806233 3.004157 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 06:19:12.556935 0.751183 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:12.556992 0.751126 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:19:14.060066 0.000056 udp 10.0.2.109 3683 -> 70.82.192.56 6689 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:14.060122 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4652 URN 192 1 238 flow=Background 1970/01/08 06:19:20.809166 0.000075 tcp 10.0.2.109 51007 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:19:20.809241 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 06:19:26.810204 4.003380 udp 10.0.2.109 51508 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:26.810307 4.003277 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:19:27.808808 3.005006 udp 10.0.2.109 51508 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:27.808870 3.004944 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:19:34.818898 0.000077 udp 10.0.2.109 51508 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:34.818975 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:19:34.819047 0.000153 udp 10.0.2.109 51508 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:34.819200 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:19:38.825101 4.508170 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:38.825163 4.508108 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:19:39.666009 0.000214 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:19:43.332205 2.993360 tcp 10.0.2.109 51008 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:19:43.332292 2.993273 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 06:19:44.082861 0.750711 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:44.083025 0.750547 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:19:45.584632 0.000079 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:45.584711 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xcaa5 URN 192 1 190 flow=Background 1970/01/08 06:19:52.323910 0.000089 tcp 10.0.2.109 51008 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:19:52.323999 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 06:19:58.334378 3.753714 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:19:58.334443 3.753649 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:20:02.839516 3.004015 tcp 10.0.2.109 51009 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:20:02.839589 3.003942 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:20:03.601220 3.754773 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:03.601286 3.754707 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:20:08.107559 0.000064 udp 10.0.2.109 3683 -> 62.92.158.188 3282 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:08.107623 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x3e5c URN 192 1 145 flow=Background 1970/01/08 06:20:11.852635 0.000116 tcp 10.0.2.109 51009 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:20:11.852751 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:20:17.834107 3.001324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 06:20:17.844444 4.002254 udp 10.0.2.109 60823 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:17.844516 4.002182 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:20:18.842591 3.004179 udp 10.0.2.109 60823 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:18.842657 3.004113 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:20:24.660389 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:20:24.871235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:20:25.852123 0.000083 udp 10.0.2.109 60823 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:25.852206 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:20:25.852334 0.000069 udp 10.0.2.109 60823 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:25.852403 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:20:29.858538 4.948063 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:29.858648 4.947953 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:20:33.083036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:20:34.575474 3.003941 tcp 10.0.2.109 51010 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:20:34.575561 3.003854 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:20:35.556298 0.751180 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:35.556360 0.751118 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:20:37.058599 0.000057 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:37.058656 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2ee9 URN 192 1 171 flow=Background 1970/01/08 06:20:43.578320 0.000068 tcp 10.0.2.109 51010 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:20:43.578388 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:20:49.085933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:20:49.577735 3.754015 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:49.577819 3.753931 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:20:54.083463 2.993835 tcp 10.0.2.109 51011 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:20:54.083536 2.993762 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 06:20:54.825381 3.754681 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:54.825449 3.754613 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:20:59.330830 0.000062 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:20:59.330892 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x415d URN 192 1 272 flow=Background 1970/01/08 06:21:03.075935 0.000117 tcp 10.0.2.109 51011 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:21:03.076052 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 06:21:09.088059 4.002443 udp 10.0.2.109 56983 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:09.088135 4.002367 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:21:10.086030 3.004675 udp 10.0.2.109 56983 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:10.086238 3.004467 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:21:13.871514 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:21:17.095851 0.000083 udp 10.0.2.109 56983 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:17.095934 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:21:17.096002 0.000038 udp 10.0.2.109 56983 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:17.096040 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:21:21.091721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:21:21.101821 4.508101 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:21.101952 4.507970 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:21:25.608705 3.004252 tcp 10.0.2.109 51012 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:21:25.608782 3.004175 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:21:26.359558 0.750747 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:26.359616 0.750689 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:21:27.861962 0.000097 udp 10.0.2.109 3683 -> 160.80.52.122 5029 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:27.862059 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xa050 URN 192 1 138 flow=Background 1970/01/08 06:21:34.611612 0.000079 tcp 10.0.2.109 51012 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:21:34.611691 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:21:40.611313 4.626644 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:40.611419 4.626538 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:21:45.987974 0.750890 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:45.988065 0.750799 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:21:47.490340 0.000065 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:21:47.490405 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6cfb URN 192 1 293 flow=Background 1970/01/08 06:22:03.747314 4.001929 udp 10.0.2.109 58595 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:22:03.747391 4.001852 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:22:04.744744 3.004602 udp 10.0.2.109 58595 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:22:04.744807 3.004539 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:22:08.369962 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:22:11.754828 0.000065 udp 10.0.2.109 58595 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:22:11.754893 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:22:11.754989 0.000044 udp 10.0.2.109 58595 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:22:11.755033 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:22:15.760524 3.755147 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:22:15.760584 3.755087 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:22:20.267280 0.000104 udp 10.0.2.109 3683 -> 93.172.44.24 7820 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:22:20.267384 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5dac URN 192 1 130 flow=Background 1970/01/08 06:22:38.665069 3.754109 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:22:38.665143 3.754035 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:22:43.170275 0.000062 udp 10.0.2.109 3683 -> 70.239.198.69 9706 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:22:43.170337 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x46ef URN 192 1 131 flow=Background 1970/01/08 06:23:00.919354 4.002117 udp 10.0.2.109 54502 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:00.919475 4.001996 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:23:01.917241 3.004350 udp 10.0.2.109 54502 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:01.917298 3.004293 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:23:05.872874 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:23:08.927286 0.000076 udp 10.0.2.109 54502 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:08.927362 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:23:08.927435 0.000117 udp 10.0.2.109 54502 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:08.927552 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:23:12.932891 3.755558 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:12.932950 3.755499 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:23:17.439789 0.000070 udp 10.0.2.109 3683 -> 75.34.179.1 1841 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:17.439859 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b22 URN 192 1 288 flow=Background 1970/01/08 06:23:34.705043 3.754504 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:34.705237 3.754310 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:23:39.210914 0.000073 udp 10.0.2.109 3683 -> 76.72.39.28 3825 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:39.210987 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4c48 URN 192 1 200 flow=Background 1970/01/08 06:23:54.966686 4.002270 udp 10.0.2.109 58008 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:54.966878 4.002078 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:23:55.964614 3.004528 udp 10.0.2.109 58008 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:23:55.964679 3.004463 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:23:59.869839 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:24:02.975024 0.000112 udp 10.0.2.109 58008 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:02.975136 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:24:02.975180 0.000046 udp 10.0.2.109 58008 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:02.975226 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:24:06.980362 3.755408 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:06.980436 3.755334 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:24:11.487254 0.000069 udp 10.0.2.109 3683 -> 96.37.204.36 6480 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:11.487323 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6025 URN 192 1 250 flow=Background 1970/01/08 06:24:28.031947 3.753872 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:28.032059 3.753760 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:24:32.537516 0.000096 udp 10.0.2.109 3683 -> 70.24.111.211 7183 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:32.537612 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4618 URN 192 1 172 flow=Background 1970/01/08 06:24:49.084360 4.002397 udp 10.0.2.109 63862 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:49.084437 4.002320 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:24:50.082521 3.004424 udp 10.0.2.109 63862 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:50.082589 3.004356 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:24:53.867446 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:24:57.092612 0.000074 udp 10.0.2.109 63862 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:57.092686 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:24:57.092805 0.000135 udp 10.0.2.109 63862 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:24:57.092940 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:25:01.098458 3.755437 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:01.098550 3.755345 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:25:05.605045 0.000072 udp 10.0.2.109 3683 -> 99.60.181.75 9573 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:05.605117 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x633c URN 192 1 137 flow=Background 1970/01/08 06:25:21.880646 3.752654 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:21.880722 3.752578 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:25:26.385038 0.000117 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:26.385155 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x62ea URN 192 1 273 flow=Background 1970/01/08 06:25:43.132282 4.002466 udp 10.0.2.109 50902 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:43.132382 4.002366 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:25:44.129849 3.005005 udp 10.0.2.109 50902 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:44.129913 3.004941 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:25:47.875300 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:25:51.139995 0.000289 udp 10.0.2.109 50902 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:51.140132 0.000182 udp 10.0.2.109 50902 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:51.140284 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:25:51.140314 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:25:55.146542 3.754994 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:55.146617 3.754919 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:25:59.652674 0.000067 udp 10.0.2.109 3683 -> 2.193.43.250 8099 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:25:59.652741 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x02c1 URN 192 1 257 flow=Background 1970/01/08 06:26:16.347563 3.754233 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:26:16.347639 3.754157 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:26:20.853000 0.000085 udp 10.0.2.109 3683 -> 50.73.87.77 7002 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:26:20.853085 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x3249 URN 192 1 268 flow=Background 1970/01/08 06:26:38.190982 4.002692 udp 10.0.2.109 62020 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:26:38.191068 4.002606 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:26:39.189290 3.004473 udp 10.0.2.109 62020 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:26:39.189365 3.004398 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:26:42.874189 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:26:45.118273 3.003688 tcp 10.0.2.109 51013 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:26:45.118364 3.003597 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 06:26:46.199360 0.000103 udp 10.0.2.109 62020 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:26:46.199463 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:26:46.199504 0.000037 udp 10.0.2.109 62020 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:26:46.199541 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:26:50.205364 3.755332 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:26:50.205471 3.755225 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:26:54.120366 0.000074 tcp 10.0.2.109 51013 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:26:54.120440 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 06:26:54.711891 0.000072 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:26:54.711963 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b5c URN 192 1 298 flow=Background 1970/01/08 06:27:00.120824 3.753737 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:00.120890 3.753671 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:27:04.625799 3.004382 tcp 10.0.2.109 51014 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:27:04.625871 3.004310 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 06:27:11.947370 3.754973 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:11.947555 3.754788 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:27:13.629057 0.000156 tcp 10.0.2.109 51014 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:27:13.629213 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 06:27:16.453319 0.000101 udp 10.0.2.109 3683 -> 212.12.186.201 5494 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:16.453420 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd40c URN 192 1 285 flow=Background 1970/01/08 06:27:19.629031 1.500874 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:19.629176 1.500729 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 06:27:21.884269 4.001929 udp 10.0.2.109 62524 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:21.884367 4.001831 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 200 flow=Background 1970/01/08 06:27:22.881746 3.004560 udp 10.0.2.109 62524 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:22.881818 3.004488 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 300 flow=Background 1970/01/08 06:27:27.868854 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:27:29.891966 0.000060 udp 10.0.2.109 62524 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:29.892026 2.535074 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 202 flow=Background 1970/01/08 06:27:29.892095 0.000039 udp 10.0.2.109 62524 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:29.892134 4.536663 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 304 flow=Background 1970/01/08 06:27:32.098361 3.001029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 06:27:32.426948 4.047797 udp 10.0.2.109 63481 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:33.427584 3.047573 udp 10.0.2.109 63481 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:33.898105 1.501940 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:33.898183 1.501862 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 06:27:36.151508 2.994333 tcp 10.0.2.109 51015 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:27:36.151583 2.994258 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:27:36.474745 4.002373 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:27:36.475157 4.002044 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:27:39.115775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:27:40.477069 0.000049 udp 10.0.2.109 63481 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:40.477168 0.000033 udp 10.0.2.109 63481 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:44.483334 3.755233 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:44.483421 3.755146 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:27:45.153956 0.000057 tcp 10.0.2.109 51015 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:27:45.154013 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:27:47.116796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:27:48.990332 0.000097 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:48.990429 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x1bfb URN 192 1 273 flow=Background 1970/01/08 06:27:51.164250 3.753966 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:27:51.164437 3.753779 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:27:55.669144 3.004682 tcp 10.0.2.109 51016 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:27:55.669219 3.004607 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 06:28:03.119599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:28:04.672058 0.000069 tcp 10.0.2.109 51016 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:28:04.672127 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 06:28:05.985512 4.846708 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 7 644 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:05.985569 4.846651 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 7 840 flow=Background 1970/01/08 06:28:10.490998 0.000106 udp 10.0.2.109 3683 -> 111.254.122.18 6738 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:10.491104 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6ffe URN 192 1 290 flow=Background 1970/01/08 06:28:11.581738 3.004894 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 5 460 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:11.581812 3.004820 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 5 600 flow=Background 1970/01/08 06:28:15.037248 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:28:15.337606 3.004191 tcp 10.0.2.109 51017 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:28:15.337674 3.004123 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 06:28:24.340608 0.000085 tcp 10.0.2.109 51017 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:28:24.340693 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 06:28:29.452440 4.000968 udp 10.0.2.109 51312 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:29.452517 4.000891 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:28:30.449460 3.004055 udp 10.0.2.109 51312 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:30.449551 3.003964 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:28:35.456202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:28:37.459486 0.000052 udp 10.0.2.109 51312 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:37.459538 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:28:37.459624 0.000037 udp 10.0.2.109 51312 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:37.459661 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:28:41.465029 4.508372 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:41.465099 4.508302 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:28:45.972204 0.000061 udp 10.0.2.109 3683 -> 75.149.131.201 1430 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:45.972265 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b95 URN 192 1 156 flow=Background 1970/01/08 06:28:46.722567 0.750976 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:28:46.722712 0.750831 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:28:48.225104 3.004026 tcp 10.0.2.109 51018 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:28:48.225193 3.003937 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 06:28:57.227560 0.000110 tcp 10.0.2.109 51018 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:28:57.227670 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 06:29:01.565343 4.507429 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:01.565437 4.507335 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:29:02.044253 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:29:06.071856 0.000086 udp 10.0.2.109 3683 -> 173.216.254.174 8795 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:06.071942 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xadd8 URN 192 1 189 flow=Background 1970/01/08 06:29:06.821712 0.750655 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:06.821874 0.750493 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:29:08.323752 3.004219 tcp 10.0.2.109 51019 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:29:08.323823 3.004148 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 06:29:17.326257 0.000119 tcp 10.0.2.109 51019 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:29:17.326376 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 06:29:23.328877 4.002234 udp 10.0.2.109 59981 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:23.328960 4.002151 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:29:24.326982 3.004362 udp 10.0.2.109 59981 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:24.327044 3.004300 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:29:31.336792 0.000105 udp 10.0.2.109 59981 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:31.336897 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:29:31.336928 0.000168 udp 10.0.2.109 59981 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:31.337096 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:29:35.342888 4.507963 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:35.342958 4.507893 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:29:39.849722 3.003761 tcp 10.0.2.109 51020 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:29:39.849801 3.003682 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:29:40.599986 0.750984 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:40.600086 0.750884 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:29:42.102517 0.000080 udp 10.0.2.109 3683 -> 70.51.157.146 8685 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:42.102597 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4633 URN 192 1 304 flow=Background 1970/01/08 06:29:47.039315 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:29:48.852068 0.000108 tcp 10.0.2.109 51020 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:29:48.852176 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:29:54.851789 3.753974 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:54.851867 3.753896 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:29:59.357352 3.004211 tcp 10.0.2.109 51021 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:29:59.357561 3.004002 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:29:59.959410 3.753892 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:29:59.959501 3.753801 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:30:04.464306 0.000066 udp 10.0.2.109 3683 -> 111.252.171.26 9198 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:04.464372 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6ffc URN 192 1 172 flow=Background 1970/01/08 06:30:08.360380 0.000058 tcp 10.0.2.109 51021 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:30:08.360438 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:30:14.361986 4.002193 udp 10.0.2.109 58638 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:14.362166 4.002013 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:30:15.359850 3.004448 udp 10.0.2.109 58638 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:15.359945 3.004353 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:30:22.370181 0.000067 udp 10.0.2.109 58638 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:22.370248 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:30:22.370310 0.000042 udp 10.0.2.109 58638 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:22.370352 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:30:26.375889 4.508186 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:26.375964 4.508111 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:30:30.882813 2.994053 tcp 10.0.2.109 51022 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:30:30.882885 2.993981 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 06:30:31.633316 0.751551 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:31.633420 0.751447 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:30:33.136253 0.000147 udp 10.0.2.109 3683 -> 163.25.87.88 5241 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:33.136400 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xa319 URN 192 1 148 flow=Background 1970/01/08 06:30:35.539384 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:30:39.875060 0.000105 tcp 10.0.2.109 51022 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:30:39.875165 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 06:30:45.885518 4.705548 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 9 828 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:45.885584 4.705482 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 9 1080 flow=Background 1970/01/08 06:30:50.390619 2.993836 tcp 10.0.2.109 51023 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:30:50.390734 2.993721 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:30:51.343091 1.500776 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:51.343157 1.500710 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 06:30:53.595415 0.000097 udp 10.0.2.109 3683 -> 108.223.244.17 1064 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:30:53.595512 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6cdf URN 192 1 268 flow=Background 1970/01/08 06:30:59.392996 0.000069 tcp 10.0.2.109 51023 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:30:59.393065 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:31:05.395259 4.002642 udp 10.0.2.109 57309 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:31:05.395333 4.002568 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:31:06.393751 3.004314 udp 10.0.2.109 57309 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:31:06.393822 3.004243 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:31:13.403445 0.000061 udp 10.0.2.109 57309 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:31:13.403506 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:31:13.403652 0.000126 udp 10.0.2.109 57309 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:31:13.403778 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:31:17.409096 4.508299 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:31:17.409162 4.508233 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 06:31:21.916273 3.003733 tcp 10.0.2.109 51024 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:31:21.916370 3.003636 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 06:31:22.666694 0.751585 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:31:22.666753 0.751526 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 06:31:26.542375 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:31:30.918771 0.000129 tcp 10.0.2.109 51024 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:31:30.918900 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 06:31:36.919909 3.752509 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:31:36.919968 3.752450 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:31:41.424201 3.003692 tcp 10.0.2.109 51025 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:31:41.424287 3.003606 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 06:31:50.426706 0.000115 tcp 10.0.2.109 51025 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:31:50.426821 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 06:31:56.428827 4.002395 udp 10.0.2.109 56496 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:31:56.428928 4.002294 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:31:57.426629 3.004880 udp 10.0.2.109 56496 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:31:57.426693 3.004816 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:32:04.436550 0.000060 udp 10.0.2.109 56496 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:32:04.436610 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:32:04.436677 0.000039 udp 10.0.2.109 56496 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:32:04.436716 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:32:08.443147 3.755300 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:32:08.443209 3.755238 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:32:12.949398 3.003917 tcp 10.0.2.109 51026 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:32:12.949491 3.003824 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:32:17.545562 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:32:21.952287 0.000086 tcp 10.0.2.109 51026 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:32:21.952373 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:32:27.952184 3.754133 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:32:27.952314 3.754003 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:32:32.457689 3.003944 tcp 10.0.2.109 51027 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:32:32.457774 3.003859 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 06:32:41.460304 0.000071 tcp 10.0.2.109 51027 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:32:41.460375 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 06:32:47.461461 4.052842 udp 10.0.2.109 52595 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:32:47.461571 4.052732 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:32:48.459948 3.054463 udp 10.0.2.109 52595 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:32:48.515895 2.998516 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:32:55.520203 0.000222 udp 10.0.2.109 52595 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:32:55.520338 0.000121 udp 10.0.2.109 52595 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:32:55.520425 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:32:55.520459 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:32:59.525936 3.755275 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:32:59.526018 3.755193 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:33:04.033066 2.994173 tcp 10.0.2.109 51028 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:33:04.033153 2.994086 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 06:33:08.559203 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:33:13.025646 0.000066 tcp 10.0.2.109 51028 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:33:13.025712 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 06:33:19.035182 3.754743 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:33:19.035319 3.754606 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:33:23.541263 2.993910 tcp 10.0.2.109 51029 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:33:23.541354 2.993819 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 06:33:32.543650 0.000125 tcp 10.0.2.109 51029 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:33:32.543775 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 06:33:38.544509 4.003629 udp 10.0.2.109 52793 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:33:38.544578 4.003560 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:33:39.543771 3.004388 udp 10.0.2.109 52793 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:33:39.543966 3.004193 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:33:46.553787 0.000054 udp 10.0.2.109 52793 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:33:46.553841 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:33:46.553928 0.000032 udp 10.0.2.109 52793 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:33:46.553960 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:33:50.559556 3.755218 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:33:50.559628 3.755146 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:33:55.066094 3.004051 tcp 10.0.2.109 51030 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:33:55.066201 3.003944 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 06:34:00.063247 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:34:04.068551 0.000067 tcp 10.0.2.109 51030 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:34:04.068618 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 06:34:10.069219 3.753493 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:34:10.069390 3.753322 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:34:14.574305 3.003768 tcp 10.0.2.109 51031 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:34:14.574388 3.003685 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:34:23.577226 0.000115 tcp 10.0.2.109 51031 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:34:23.577341 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:34:29.578807 4.002219 udp 10.0.2.109 54995 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:34:29.578878 4.002148 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:34:30.577206 3.003920 udp 10.0.2.109 54995 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:34:30.577256 3.003870 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:34:37.587275 0.000053 udp 10.0.2.109 54995 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:34:37.587328 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:34:37.587393 0.000032 udp 10.0.2.109 54995 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:34:37.587425 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:34:39.483071 3.000827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 06:34:41.592925 3.755120 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:34:41.592976 3.755069 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:34:46.099923 3.003735 tcp 10.0.2.109 51032 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:34:46.100000 3.003658 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:34:46.489642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:34:51.066344 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:34:54.491614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:34:55.102407 0.000083 tcp 10.0.2.109 51032 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:34:55.102490 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:35:01.103975 3.752246 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:35:01.104057 3.752164 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:35:05.607648 3.003956 tcp 10.0.2.109 51033 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:35:05.607710 3.003894 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 06:35:10.494284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:35:14.610705 0.000077 tcp 10.0.2.109 51033 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:35:14.610782 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 06:35:20.611842 4.003059 udp 10.0.2.109 59438 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:35:20.611927 4.002974 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:35:21.610673 3.004373 udp 10.0.2.109 59438 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:35:21.610740 3.004306 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:35:28.620348 0.000083 udp 10.0.2.109 59438 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:35:28.620431 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:35:28.620510 0.000037 udp 10.0.2.109 59438 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:35:28.620547 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:35:32.626511 3.755021 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:35:32.626674 3.754858 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:35:37.133111 2.994284 tcp 10.0.2.109 51034 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:35:37.133287 2.994108 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:35:42.059802 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:35:42.500795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:35:46.125843 0.000162 tcp 10.0.2.109 51034 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:35:46.126005 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:35:52.135460 3.754536 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:35:52.135520 3.754476 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:40:56.642452 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:40:56.642549 2.993994 tcp 10.0.2.109 51035 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:40:56.642611 2.993932 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 06:41:05.635286 0.000077 tcp 10.0.2.109 51035 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:41:05.635363 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 06:41:11.648852 4.000267 udp 10.0.2.109 51549 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:41:11.648925 4.000194 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:41:12.644987 3.004224 udp 10.0.2.109 51549 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:41:12.645053 3.004158 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:41:19.655402 0.000270 udp 10.0.2.109 51549 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:41:19.655529 0.000169 udp 10.0.2.109 51549 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:41:19.655672 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:41:19.655698 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:41:23.661001 3.755257 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:41:23.661070 3.755188 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:41:28.168037 3.003754 tcp 10.0.2.109 51036 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:41:28.168118 3.003673 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 06:41:37.170437 0.000078 tcp 10.0.2.109 51036 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:41:37.170515 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 06:41:42.056987 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:41:43.170670 3.754122 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:41:43.170729 3.754063 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:41:46.506704 3.001824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 06:41:47.675761 3.004267 tcp 10.0.2.109 51037 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:41:47.675840 3.004188 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:41:53.513846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:41:56.678703 0.000122 tcp 10.0.2.109 51037 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:41:56.678825 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:42:01.515624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:42:02.680433 4.002652 udp 10.0.2.109 57118 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:42:02.680512 4.002573 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:42:03.678976 3.004215 udp 10.0.2.109 57118 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:42:03.679030 3.004161 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:42:10.688430 0.000059 udp 10.0.2.109 57118 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:42:10.688489 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:42:10.688581 0.000039 udp 10.0.2.109 57118 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:42:10.688620 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:42:14.694813 3.754859 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:42:14.694894 3.754778 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:42:17.518754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:42:19.201267 2.994296 tcp 10.0.2.109 51038 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:42:19.201347 2.994216 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 06:42:27.062357 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:42:28.203779 0.000064 tcp 10.0.2.109 51038 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:42:28.203843 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 06:42:34.203645 3.754180 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:42:34.203696 3.754129 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:42:38.708803 3.004390 tcp 10.0.2.109 51039 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:42:38.708868 3.004325 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 06:42:47.712073 0.000195 tcp 10.0.2.109 51039 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:42:47.712268 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 06:42:49.524642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:42:53.713564 4.002515 udp 10.0.2.109 64203 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:42:53.713632 4.002447 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:42:54.712081 3.004106 udp 10.0.2.109 64203 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:42:54.712131 3.004056 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:43:01.721558 0.000053 udp 10.0.2.109 64203 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:43:01.721611 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:43:01.721655 0.000034 udp 10.0.2.109 64203 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:43:01.721689 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:43:05.727488 3.755948 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:43:05.727658 3.755778 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:43:10.234632 3.003907 tcp 10.0.2.109 51040 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:43:10.234700 3.003839 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 06:43:15.061266 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:43:19.237281 0.000075 tcp 10.0.2.109 51040 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:43:19.237356 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 06:43:25.237307 3.753679 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:43:25.237369 3.753617 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:43:29.742651 2.994081 tcp 10.0.2.109 51041 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:43:29.742743 2.993989 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 06:43:38.735386 0.000078 tcp 10.0.2.109 51041 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:43:38.735464 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 06:43:44.747394 4.002320 udp 10.0.2.109 64361 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:43:44.747470 4.002244 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:43:45.745248 3.004571 udp 10.0.2.109 64361 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:43:45.745297 3.004522 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:43:52.755179 0.000056 udp 10.0.2.109 64361 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:43:52.755235 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:43:52.755321 0.000035 udp 10.0.2.109 64361 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:43:52.755356 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:43:56.761398 3.754940 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:43:56.761459 3.754879 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:44:01.267460 3.004501 tcp 10.0.2.109 51042 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:44:01.267634 3.004327 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:44:06.064296 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:44:10.270225 0.000090 tcp 10.0.2.109 51042 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:44:10.270315 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:44:16.271945 3.752773 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:44:16.272001 3.752717 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:44:20.775872 3.004415 tcp 10.0.2.109 51043 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:44:20.776043 3.004244 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:44:29.778286 0.000164 tcp 10.0.2.109 51043 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:44:29.778450 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:44:35.779576 4.003687 udp 10.0.2.109 52082 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:44:35.779641 4.003622 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:44:36.778493 3.004861 udp 10.0.2.109 52082 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:44:36.778549 3.004805 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:44:43.788779 0.000056 udp 10.0.2.109 52082 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:44:43.788835 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:44:43.788909 0.000129 udp 10.0.2.109 52082 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:44:43.789038 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:44:47.794992 3.755284 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:44:47.795048 3.755228 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:44:52.301463 2.994022 tcp 10.0.2.109 51044 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:44:52.301526 2.993959 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 06:44:57.057620 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:45:01.304160 0.000115 tcp 10.0.2.109 51044 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:45:01.304275 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 06:45:07.303778 3.754114 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:45:07.303835 3.754057 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:45:11.809380 3.004136 tcp 10.0.2.109 51045 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:45:11.809546 3.003970 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:45:20.811807 0.000070 tcp 10.0.2.109 51045 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:45:20.811877 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:45:26.814214 4.002124 udp 10.0.2.109 61606 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:45:26.814299 4.002039 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:45:27.812149 3.004329 udp 10.0.2.109 61606 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:45:27.812316 3.004162 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:45:34.821781 0.000066 udp 10.0.2.109 61606 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:45:34.821847 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:45:34.821927 0.000037 udp 10.0.2.109 61606 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:45:34.821964 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:45:38.827911 3.755097 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:45:38.827994 3.755014 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:45:43.334387 3.004158 tcp 10.0.2.109 51046 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:45:43.334506 3.004039 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 06:45:48.060749 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:45:52.337111 0.000174 tcp 10.0.2.109 51046 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:45:52.337285 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 06:45:58.337349 3.753598 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:45:58.337530 3.753417 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:46:02.842594 2.994440 tcp 10.0.2.109 51047 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:46:02.842670 2.994364 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 06:46:11.835437 0.000062 tcp 10.0.2.109 51047 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:46:11.835499 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 06:46:17.847483 4.002365 udp 10.0.2.109 51976 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:46:17.847593 4.002255 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:46:18.845635 3.004356 udp 10.0.2.109 51976 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:46:18.845843 3.004148 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:46:25.855465 0.000053 udp 10.0.2.109 51976 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:46:25.855518 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:46:25.855645 0.000035 udp 10.0.2.109 51976 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:46:25.855680 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:46:29.861541 3.754975 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:46:29.861596 3.754920 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:46:34.368183 3.004014 tcp 10.0.2.109 51048 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:46:34.368269 3.003928 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:46:39.064646 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:46:43.370551 0.479907 tcp 10.0.2.109 51048 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:46:43.850458 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:46:49.580694 3.754631 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:46:49.580747 3.754578 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:46:54.086129 3.004234 tcp 10.0.2.109 51049 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:46:54.086205 3.004158 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 06:47:03.089313 0.000082 tcp 10.0.2.109 51049 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:47:03.089395 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 06:47:09.091975 4.001085 udp 10.0.2.109 49869 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:47:09.092120 4.000940 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:47:10.088866 3.004463 udp 10.0.2.109 49869 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:47:10.088949 3.004380 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:47:17.098736 0.000059 udp 10.0.2.109 49869 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:47:17.098795 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:47:17.098874 0.000050 udp 10.0.2.109 49869 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:47:17.098924 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:47:21.104650 3.756037 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:47:21.104711 3.755976 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:47:25.611508 2.994435 tcp 10.0.2.109 51050 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:47:25.611612 2.994331 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 06:47:30.267709 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:47:34.604131 0.000093 tcp 10.0.2.109 51050 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:47:34.604224 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 06:47:40.615836 3.752824 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:47:40.615892 3.752768 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:47:45.119478 3.004242 tcp 10.0.2.109 51051 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:47:45.119545 3.004175 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 06:47:54.132615 0.000092 tcp 10.0.2.109 51051 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:47:54.132707 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 06:48:00.124237 4.002944 udp 10.0.2.109 59687 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:00.124323 4.002858 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:48:01.122307 3.004898 udp 10.0.2.109 59687 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:01.122476 3.004729 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:48:08.132560 0.000055 udp 10.0.2.109 59687 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:08.132615 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:48:08.132724 0.000033 udp 10.0.2.109 59687 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:08.132757 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:48:12.139132 3.754840 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:12.139189 3.754783 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:48:16.644674 3.004515 tcp 10.0.2.109 51052 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:48:16.644758 3.004431 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 06:48:21.271346 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:48:25.647595 0.000078 tcp 10.0.2.109 51052 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:48:25.647673 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 06:48:31.647432 3.754614 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:31.647489 3.754557 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:48:36.152804 2.994598 tcp 10.0.2.109 51053 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:48:36.152993 2.994409 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:48:45.145639 0.000064 tcp 10.0.2.109 51053 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:48:45.145703 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:48:51.157806 4.002171 udp 10.0.2.109 49765 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:51.157883 4.002094 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:48:52.155433 3.004670 udp 10.0.2.109 49765 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:52.155558 3.004545 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:48:53.740307 3.002445 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 06:48:59.166266 0.316282 udp 10.0.2.109 49765 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:59.482548 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:48:59.483183 0.000056 udp 10.0.2.109 49765 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:48:59.483239 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:49:00.898031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:49:03.482173 3.755309 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:49:03.482246 3.755236 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:49:07.988495 3.004050 tcp 10.0.2.109 51054 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:49:07.988607 3.003938 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:49:08.899823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:49:12.925582 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:49:16.991561 0.000058 tcp 10.0.2.109 51054 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:49:16.991619 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:49:22.990826 3.754371 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:49:22.990880 3.754317 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:49:24.902803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:49:27.496981 3.004377 tcp 10.0.2.109 51055 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:49:27.497062 3.004296 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 06:49:36.499588 0.000073 tcp 10.0.2.109 51055 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:49:36.499661 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 06:49:42.501616 4.002075 udp 10.0.2.109 52293 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:49:42.501686 4.002005 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:49:43.499499 3.004311 udp 10.0.2.109 52293 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:49:43.499574 3.004236 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:49:50.509900 0.000286 udp 10.0.2.109 52293 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:49:50.510024 0.000185 udp 10.0.2.109 52293 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:49:50.510186 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:49:50.510209 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:49:54.515229 3.755836 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:49:54.515299 3.755766 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:49:56.908904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:49:59.022675 2.993314 tcp 10.0.2.109 51056 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:49:59.022740 2.993249 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:50:03.918856 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:50:08.015092 0.000166 tcp 10.0.2.109 51056 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:50:08.015258 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:50:14.025071 3.754292 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:50:14.025130 3.754233 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:55:18.531990 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:55:18.532163 2.993779 tcp 10.0.2.109 51057 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:55:18.532219 2.993723 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 06:55:27.523834 0.000061 tcp 10.0.2.109 51057 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:55:27.523895 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 06:55:33.538110 4.000509 udp 10.0.2.109 63637 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:55:33.538192 4.000427 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:55:34.533978 3.004807 udp 10.0.2.109 63637 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:55:34.534045 3.004740 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:55:41.544631 0.000052 udp 10.0.2.109 63637 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:55:41.544683 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:55:41.544743 0.000039 udp 10.0.2.109 63637 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:55:41.544782 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:55:45.550008 3.755833 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:55:45.550094 3.755747 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:55:50.056786 3.004454 tcp 10.0.2.109 51058 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:55:50.056851 3.004389 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 06:55:59.059925 0.000064 tcp 10.0.2.109 51058 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:55:59.059989 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 06:56:00.915040 3.001157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 06:56:03.926159 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:56:05.059440 3.764710 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:56:05.059500 3.764650 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:56:07.921975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:56:09.574664 3.004329 tcp 10.0.2.109 51059 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:56:09.574768 3.004225 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:56:15.973524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:56:18.577615 0.000061 tcp 10.0.2.109 51059 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:56:18.577676 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:56:24.578912 4.003098 udp 10.0.2.109 50553 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:56:24.578990 4.003020 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:56:25.577780 3.004290 udp 10.0.2.109 50553 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:56:25.577993 3.004077 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:56:31.976785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:56:32.587879 0.000054 udp 10.0.2.109 50553 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:56:32.587933 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:56:32.588009 0.000038 udp 10.0.2.109 50553 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:56:32.588047 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:56:36.593617 3.755742 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:56:36.593710 3.755649 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:56:41.100466 2.993943 tcp 10.0.2.109 51060 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:56:41.100537 2.993872 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 06:56:48.931081 0.000188 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:56:50.103013 0.000078 tcp 10.0.2.109 51060 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:56:50.103091 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 06:56:56.102651 3.754475 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:56:56.102741 3.754385 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:57:00.608223 3.003998 tcp 10.0.2.109 51061 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:57:00.608319 3.003902 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 06:57:03.982889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 06:57:09.611444 0.000156 tcp 10.0.2.109 51061 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:57:09.611600 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 06:57:15.613655 4.001802 udp 10.0.2.109 52358 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:57:15.613757 4.001700 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:57:16.611101 3.004525 udp 10.0.2.109 52358 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:57:16.611160 3.004466 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:57:23.621216 0.000098 udp 10.0.2.109 52358 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:57:23.621314 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:57:23.621341 0.000049 udp 10.0.2.109 52358 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:57:23.621390 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:57:27.627152 3.755236 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:57:27.627218 3.755170 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:57:32.133597 2.994297 tcp 10.0.2.109 51062 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:57:32.133681 2.994213 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 06:57:36.930298 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:57:41.125931 0.000062 tcp 10.0.2.109 51062 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:57:41.125993 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 06:57:47.135614 3.754995 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:57:47.135693 3.754916 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:57:51.641803 2.994181 tcp 10.0.2.109 51063 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:57:51.641875 2.994109 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 06:58:00.634671 0.000111 tcp 10.0.2.109 51063 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:58:00.634782 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 06:58:06.646720 4.002368 udp 10.0.2.109 54426 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:58:06.646802 4.002286 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:58:07.644111 3.005097 udp 10.0.2.109 54426 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:58:07.644183 3.005025 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:58:14.654481 0.000065 udp 10.0.2.109 54426 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:58:14.654546 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:58:14.654606 0.000048 udp 10.0.2.109 54426 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:58:14.654654 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:58:18.660679 3.754745 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:58:18.660735 3.754689 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:58:23.166839 3.004545 tcp 10.0.2.109 51064 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:58:23.166907 3.004477 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:58:27.933904 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:58:32.169839 0.000083 tcp 10.0.2.109 51064 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:58:32.169922 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:58:38.170772 3.753004 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:58:38.170828 3.752948 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:58:42.674772 3.004872 tcp 10.0.2.109 51065 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:58:42.674898 3.004746 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:58:51.677860 0.000070 tcp 10.0.2.109 51065 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:58:51.677930 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:58:57.680235 4.001903 udp 10.0.2.109 59218 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:58:57.680318 4.001820 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:58:58.678139 3.004057 udp 10.0.2.109 59218 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:58:58.678213 3.003983 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:59:05.687973 0.000050 udp 10.0.2.109 59218 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:59:05.688023 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:59:05.688098 0.000036 udp 10.0.2.109 59218 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:59:05.688134 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:59:09.693727 3.755438 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:59:09.693797 3.755368 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:59:14.200197 2.994577 tcp 10.0.2.109 51066 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:59:14.200275 2.994499 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 06:59:18.926951 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 06:59:23.203402 0.000167 tcp 10.0.2.109 51066 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:59:23.203569 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 06:59:29.202688 3.754577 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:59:29.202743 3.754522 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 06:59:33.708598 3.003607 tcp 10.0.2.109 51067 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:59:33.708681 3.003524 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 06:59:42.711158 0.000067 tcp 10.0.2.109 51067 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 06:59:42.711225 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 06:59:48.713171 4.002320 udp 10.0.2.109 56849 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:59:48.713235 4.002256 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 06:59:49.711363 3.004190 udp 10.0.2.109 56849 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:59:49.711519 3.004034 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 06:59:56.721585 0.000049 udp 10.0.2.109 56849 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:59:56.721634 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 06:59:56.721679 0.000028 udp 10.0.2.109 56849 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 06:59:56.721707 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:00:00.727578 3.754692 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:00:00.727644 3.754626 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:00:05.234016 3.004015 tcp 10.0.2.109 51068 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:00:05.234107 3.003924 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 07:00:09.929981 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:00:14.236541 0.000071 tcp 10.0.2.109 51068 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:00:14.236612 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 07:00:20.236098 3.754604 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:00:20.236171 3.754531 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:00:24.741719 2.994081 tcp 10.0.2.109 51069 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:00:24.741837 2.993963 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 07:00:33.734569 0.000084 tcp 10.0.2.109 51069 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:00:33.734653 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 07:00:39.746332 4.003003 udp 10.0.2.109 56490 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:00:39.746456 4.002879 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:00:40.744371 3.005064 udp 10.0.2.109 56490 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:00:40.744498 3.004937 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:00:47.754794 0.000056 udp 10.0.2.109 56490 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:00:47.754850 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:00:47.754957 0.000064 udp 10.0.2.109 56490 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:00:47.755021 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:00:51.760699 3.755322 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:00:51.760773 3.755248 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:00:56.267206 3.003819 tcp 10.0.2.109 51070 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:00:56.267275 3.003750 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:01:00.933799 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:01:05.270038 0.000161 tcp 10.0.2.109 51070 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:01:05.270199 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:01:11.269399 3.754252 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:01:11.269461 3.754190 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:01:15.775677 3.003890 tcp 10.0.2.109 51071 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:01:15.775749 3.003818 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 07:01:24.777730 0.000136 tcp 10.0.2.109 51071 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:01:24.777866 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 07:01:30.779972 4.002781 udp 10.0.2.109 63807 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:01:30.780037 4.002716 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:01:31.778077 3.004759 udp 10.0.2.109 63807 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:01:31.778130 3.004706 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:01:38.787838 0.000081 udp 10.0.2.109 63807 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:01:38.787919 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:01:38.787955 0.000030 udp 10.0.2.109 63807 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:01:38.787985 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:01:42.793664 3.755603 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:01:42.793719 3.755548 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:01:47.301035 2.993583 tcp 10.0.2.109 51072 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:01:47.301106 2.993512 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 07:01:49.473602 0.000081 udp 10.0.2.109 3683 -> 151.27.246.255 3395 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:01:49.473683 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x971b URN 192 1 227 flow=Background 1970/01/08 07:01:51.926877 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:01:56.303322 0.000085 tcp 10.0.2.109 51072 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:01:56.303407 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 07:02:02.304665 4.724388 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 9 828 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:02.304719 4.724334 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 9 1080 flow=Background 1970/01/08 07:02:06.808368 3.004097 tcp 10.0.2.109 51073 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:02:06.808447 3.004018 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 07:02:07.781306 1.500674 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:07.781378 1.500602 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 07:02:10.033351 0.000065 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:10.033416 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x527f URN 192 1 300 flow=Background 1970/01/08 07:02:15.811098 0.000083 tcp 10.0.2.109 51073 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:02:15.811181 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 07:02:21.813514 4.002208 udp 10.0.2.109 65493 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:21.813599 4.002123 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:02:22.811388 3.004449 udp 10.0.2.109 65493 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:22.811441 3.004396 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:02:29.821500 0.000053 udp 10.0.2.109 65493 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:29.821553 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:02:29.821630 0.000036 udp 10.0.2.109 65493 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:29.821666 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:02:33.827450 4.529840 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:33.827596 4.529694 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:02:38.334389 3.003612 tcp 10.0.2.109 51074 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:02:38.355862 2.982139 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 07:02:39.104895 0.751305 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:39.104944 0.751256 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:02:40.607500 0.000152 udp 10.0.2.109 3683 -> 70.82.192.56 6689 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:40.607652 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4652 URN 192 1 302 flow=Background 1970/01/08 07:02:42.930019 0.000211 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:02:47.336795 0.000090 tcp 10.0.2.109 51074 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:02:47.336885 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 07:02:53.356037 4.666169 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 8 736 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:53.356089 4.666117 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 8 960 flow=Background 1970/01/08 07:02:57.862023 2.993766 tcp 10.0.2.109 51075 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:02:57.862087 2.993702 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:02:58.773051 2.253324 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 4 368 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:02:58.773121 2.253254 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 4 480 flow=Background 1970/01/08 07:03:01.777949 0.000170 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:01.778119 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xcaa5 URN 192 1 170 flow=Background 1970/01/08 07:03:06.854396 0.000173 tcp 10.0.2.109 51075 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:03:06.854569 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:03:07.988781 3.001469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 07:03:12.867010 4.002053 udp 10.0.2.109 53677 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:12.867079 4.001984 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:03:13.865017 3.004162 udp 10.0.2.109 53677 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:13.865230 3.003949 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:03:14.996770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:03:20.875231 0.000055 udp 10.0.2.109 53677 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:20.875286 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:03:20.875367 0.000037 udp 10.0.2.109 53677 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:20.875404 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:03:22.998029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:03:24.880893 4.507961 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:24.880963 4.507891 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:03:29.387686 3.004061 tcp 10.0.2.109 51076 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:03:29.387778 3.003969 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:03:30.138223 0.751128 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:30.138279 0.751072 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:03:31.640684 0.000094 udp 10.0.2.109 3683 -> 62.92.158.188 3282 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:31.640778 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x3e5c URN 192 1 196 flow=Background 1970/01/08 07:03:33.933439 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:03:38.389589 0.000066 tcp 10.0.2.109 51076 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:03:38.389655 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:03:39.000990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:03:44.389755 3.754330 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:44.389816 3.754269 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:03:48.895505 3.003686 tcp 10.0.2.109 51077 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:03:48.895583 3.003608 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 07:03:50.438790 3.753984 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:50.438962 3.753812 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:03:54.944490 0.000056 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:03:54.944546 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2ee9 URN 192 1 250 flow=Background 1970/01/08 07:03:57.897671 0.000080 tcp 10.0.2.109 51077 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:03:57.897751 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 07:04:03.899422 4.003221 udp 10.0.2.109 50785 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:03.899496 4.003147 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:04:04.897779 3.004880 udp 10.0.2.109 50785 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:04.897834 3.004825 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:04:11.006877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:04:11.908064 0.000056 udp 10.0.2.109 50785 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:11.908120 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:04:11.908214 0.000037 udp 10.0.2.109 50785 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:11.908251 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:04:15.913832 4.508408 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:15.913897 4.508343 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:04:20.420968 3.128937 tcp 10.0.2.109 51078 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:04:20.421041 3.128864 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:04:21.171327 0.750941 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:21.171375 0.750893 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:04:22.674203 0.000060 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:22.674263 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x415d URN 192 1 204 flow=Background 1970/01/08 07:04:24.967228 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:04:29.423427 0.000082 tcp 10.0.2.109 51078 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:04:29.423509 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:04:35.463708 3.753623 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:35.463781 3.753550 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:04:41.571869 3.754136 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:41.571995 3.754010 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:04:46.077590 0.000067 udp 10.0.2.109 3683 -> 160.80.52.122 5029 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:04:46.077657 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xa050 URN 192 1 275 flow=Background 1970/01/08 07:05:02.926266 4.001389 udp 10.0.2.109 64946 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:02.926377 4.001278 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:05:03.922630 3.005111 udp 10.0.2.109 64946 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:03.922684 3.005057 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:05:09.471170 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:05:10.933178 0.000053 udp 10.0.2.109 64946 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:10.933231 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:05:10.933295 0.000036 udp 10.0.2.109 64946 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:10.933331 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:05:14.939157 3.755338 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:14.939333 3.755162 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:05:19.445530 0.000058 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:19.445588 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6cfb URN 192 1 132 flow=Background 1970/01/08 07:05:37.052114 3.753771 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:37.052174 3.753711 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:05:41.557035 0.000057 udp 10.0.2.109 3683 -> 93.172.44.24 7820 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:41.557092 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5dac URN 192 1 207 flow=Background 1970/01/08 07:05:57.303240 4.002361 udp 10.0.2.109 51365 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:57.303338 4.002263 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:05:58.301077 3.004675 udp 10.0.2.109 51365 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:05:58.301136 3.004616 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:06:01.976488 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:06:05.311227 0.000076 udp 10.0.2.109 51365 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:06:05.311303 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:06:05.311424 0.000038 udp 10.0.2.109 51365 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:06:05.311462 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:06:09.316779 3.755861 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:06:09.316940 3.755700 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:06:13.824049 0.000079 udp 10.0.2.109 3683 -> 70.239.198.69 9706 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:06:13.824128 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x46ef URN 192 1 266 flow=Background 1970/01/08 07:06:31.780583 3.754106 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:06:31.780812 3.753877 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:06:36.286385 0.000070 udp 10.0.2.109 3683 -> 75.34.179.1 1841 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:06:36.286455 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b22 URN 192 1 288 flow=Background 1970/01/08 07:06:54.325369 4.002730 udp 10.0.2.109 50334 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:06:54.325452 4.002647 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:06:55.323256 3.004871 udp 10.0.2.109 50334 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:06:55.323419 3.004708 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:06:58.968133 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:07:02.333493 0.000055 udp 10.0.2.109 50334 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:02.333548 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:07:02.333625 0.000030 udp 10.0.2.109 50334 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:02.333655 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:07:06.339568 3.754856 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:06.339623 3.754801 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:07:10.846000 0.000054 udp 10.0.2.109 3683 -> 76.72.39.28 3825 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:10.846054 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4c48 URN 192 1 236 flow=Background 1970/01/08 07:07:26.008349 3.914926 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:26.008435 3.914840 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:07:30.673953 0.000061 udp 10.0.2.109 3683 -> 96.37.204.36 6480 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:30.674014 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6025 URN 192 1 189 flow=Background 1970/01/08 07:07:45.979662 4.002413 udp 10.0.2.109 60083 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:45.979759 4.002316 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:07:46.977466 3.004658 udp 10.0.2.109 60083 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:46.977527 3.004597 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:07:50.602560 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:07:53.987468 0.016912 udp 10.0.2.109 60083 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:54.004380 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:07:54.004505 0.000052 udp 10.0.2.109 60083 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:54.004557 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:07:58.003416 3.755505 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:07:58.003466 3.755455 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:08:02.510167 0.080212 udp 10.0.2.109 3683 -> 70.24.111.211 7183 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:08:02.590379 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4618 URN 192 1 271 flow=Background 1970/01/08 07:08:19.746942 3.752989 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:08:19.747116 3.752815 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:08:24.251524 0.000148 udp 10.0.2.109 3683 -> 99.60.181.75 9573 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:08:24.251672 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x633c URN 192 1 142 flow=Background 1970/01/08 07:08:40.999059 4.001998 udp 10.0.2.109 49731 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:08:40.999134 4.001923 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:08:41.996502 3.004643 udp 10.0.2.109 49731 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:08:41.996575 3.004570 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:08:45.631768 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:08:49.006437 0.000047 udp 10.0.2.109 49731 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:08:49.006484 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:08:49.006554 0.000024 udp 10.0.2.109 49731 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:08:49.006578 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:08:53.012764 3.755002 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:08:53.012829 3.754937 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:08:57.519022 0.000056 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:08:57.519078 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x62ea URN 192 1 243 flow=Background 1970/01/08 07:09:15.876704 3.753701 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:09:15.876790 3.753615 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:09:20.382327 0.000058 udp 10.0.2.109 3683 -> 2.193.43.250 8099 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:09:20.382385 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x02c1 URN 192 1 139 flow=Background 1970/01/08 07:09:37.190233 4.001865 udp 10.0.2.109 65030 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:09:37.190357 4.001741 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:09:38.187394 3.004784 udp 10.0.2.109 65030 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:09:38.187452 3.004726 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:09:40.130903 2.993337 tcp 10.0.2.109 51079 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:09:40.131077 2.993163 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 07:09:42.133059 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:09:45.197316 0.000066 udp 10.0.2.109 65030 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:09:45.197382 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:09:45.197442 0.000042 udp 10.0.2.109 65030 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:09:45.197484 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:09:49.133074 0.000061 tcp 10.0.2.109 51079 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:09:49.133135 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 07:09:49.203589 3.755333 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:09:49.203664 3.755258 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:09:53.710255 0.000068 udp 10.0.2.109 3683 -> 50.73.87.77 7002 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:09:53.710323 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x3249 URN 192 1 245 flow=Background 1970/01/08 07:09:55.132385 3.754967 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:09:55.132438 3.754914 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:09:59.638182 3.004549 tcp 10.0.2.109 51080 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:09:59.638243 3.004488 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 07:10:08.641014 0.000073 tcp 10.0.2.109 51080 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:10:08.641087 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 07:10:12.087124 4.807423 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:12.087198 4.807349 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:10:15.213878 3.001198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 07:10:16.592907 0.000067 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:16.592974 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b5c URN 192 1 304 flow=Background 1970/01/08 07:10:17.644300 0.750698 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:17.644366 0.750632 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:10:19.146456 3.003856 tcp 10.0.2.109 51081 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:10:19.202144 2.948168 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:10:22.240665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:10:27.147519 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:10:28.149250 0.000103 tcp 10.0.2.109 51081 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:10:28.149353 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:10:30.241827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:10:31.746814 4.003285 udp 10.0.2.109 57084 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:31.746898 4.003201 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:10:32.745950 3.004279 udp 10.0.2.109 57084 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:32.746034 3.004195 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:10:39.755603 0.000067 udp 10.0.2.109 57084 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:39.755670 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:10:39.755740 0.000040 udp 10.0.2.109 57084 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:39.755780 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:10:43.761640 4.507628 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:43.761694 4.507574 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:10:46.244943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:10:48.268231 0.000096 udp 10.0.2.109 3683 -> 212.12.186.201 5494 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:48.268327 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd40c URN 192 1 128 flow=Background 1970/01/08 07:10:49.019325 0.751031 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:10:49.019389 0.750967 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:10:50.522054 2.993643 tcp 10.0.2.109 51082 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:10:50.522157 2.993540 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 07:10:59.514354 0.000071 tcp 10.0.2.109 51082 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:10:59.514425 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 07:11:03.921969 4.506794 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:03.922026 4.506737 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:11:08.428017 0.000054 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:08.428071 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x1bfb URN 192 1 233 flow=Background 1970/01/08 07:11:09.178413 0.751062 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:09.178468 0.751007 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:11:10.680631 2.994265 tcp 10.0.2.109 51083 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:11:10.680697 2.994199 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 07:11:13.153460 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:11:18.251429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:11:19.683444 0.000105 tcp 10.0.2.109 51083 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:11:19.683549 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 07:11:25.685774 4.001926 udp 10.0.2.109 51907 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:25.685852 4.001848 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:11:26.683649 3.004229 udp 10.0.2.109 51907 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:26.683735 3.004143 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:11:33.693120 0.000097 udp 10.0.2.109 51907 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:33.693217 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:11:33.693236 0.000047 udp 10.0.2.109 51907 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:33.693283 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:11:37.699168 4.508130 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:37.699327 4.507971 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:11:42.206036 3.003926 tcp 10.0.2.109 51084 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:11:42.206143 3.003819 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 07:11:42.956314 0.751918 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:42.956380 0.751852 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:11:44.459439 0.000084 udp 10.0.2.109 3683 -> 111.254.122.18 6738 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:44.459523 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6ffe URN 192 1 292 flow=Background 1970/01/08 07:11:51.208851 0.000069 tcp 10.0.2.109 51084 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:11:51.208920 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 07:11:57.208835 4.524874 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 9 828 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:11:57.208930 4.524779 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 9 1080 flow=Background 1970/01/08 07:12:01.713900 3.003803 tcp 10.0.2.109 51085 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:12:01.713965 3.003738 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 07:12:02.485775 1.501260 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:02.485836 1.501199 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/01/08 07:12:04.737987 0.000161 udp 10.0.2.109 3683 -> 75.149.131.201 1430 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:04.738148 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4b95 URN 192 1 285 flow=Background 1970/01/08 07:12:06.650540 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:12:10.716229 0.000075 tcp 10.0.2.109 51085 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:12:10.716304 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 07:12:16.718690 4.002332 udp 10.0.2.109 50047 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:16.718866 4.002156 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:12:17.716743 3.004302 udp 10.0.2.109 50047 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:17.716812 3.004233 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:12:24.726601 0.000069 udp 10.0.2.109 50047 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:24.726670 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:12:24.726728 0.000037 udp 10.0.2.109 50047 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:24.726765 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:12:28.732938 4.507454 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:28.733005 4.507387 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:12:33.238940 3.004083 tcp 10.0.2.109 51086 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:12:33.239013 3.004010 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:12:33.989714 0.751499 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:33.989764 0.751449 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:12:35.492669 0.000138 udp 10.0.2.109 3683 -> 173.216.254.174 8795 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:35.492807 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xadd8 URN 192 1 166 flow=Background 1970/01/08 07:12:42.242023 0.000181 tcp 10.0.2.109 51086 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:12:42.242204 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:12:48.241406 3.754347 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:48.241471 3.754282 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:12:52.747596 3.003750 tcp 10.0.2.109 51087 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:12:52.747683 3.003663 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:12:54.380530 3.754261 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:54.380585 3.754206 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:12:57.654527 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:12:58.886386 0.000055 udp 10.0.2.109 3683 -> 70.51.157.146 8685 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:12:58.886441 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4633 URN 192 1 242 flow=Background 1970/01/08 07:13:01.749605 0.000105 tcp 10.0.2.109 51087 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:13:01.749710 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:13:07.751650 4.003107 udp 10.0.2.109 55918 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:07.751746 4.003011 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:13:08.749808 3.005085 udp 10.0.2.109 55918 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:08.749869 3.005024 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:13:15.760117 0.000274 udp 10.0.2.109 55918 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:15.760245 0.000173 udp 10.0.2.109 55918 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:15.760391 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:13:15.760418 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:13:19.765777 4.508377 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:19.765844 4.508310 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:13:24.272756 2.993616 tcp 10.0.2.109 51088 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:13:24.273075 2.993297 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 07:13:25.023284 0.751340 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:25.023342 0.751282 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:13:26.525842 0.000067 udp 10.0.2.109 3683 -> 111.252.171.26 9198 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:26.525909 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6ffc URN 192 1 164 flow=Background 1970/01/08 07:13:33.265443 0.000111 tcp 10.0.2.109 51088 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:13:33.265554 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 07:13:39.274908 4.746172 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 8 736 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:39.274975 4.746105 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 8 960 flow=Background 1970/01/08 07:13:43.780426 2.994305 tcp 10.0.2.109 51089 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:13:43.780482 2.994249 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:13:44.772015 2.253406 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 4 368 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:44.772230 2.253191 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 4 480 flow=Background 1970/01/08 07:13:47.776295 0.000063 udp 10.0.2.109 3683 -> 163.25.87.88 5241 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:47.776358 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xa319 URN 192 1 227 flow=Background 1970/01/08 07:13:48.647023 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:13:52.783449 0.000077 tcp 10.0.2.109 51089 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:13:52.783526 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:13:58.785756 4.001952 udp 10.0.2.109 64985 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:58.785852 4.001856 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:13:59.783274 3.004551 udp 10.0.2.109 64985 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:13:59.783330 3.004495 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:14:06.793393 0.000077 udp 10.0.2.109 64985 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:06.793470 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:14:06.793593 0.000033 udp 10.0.2.109 64985 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:06.793626 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:14:10.799425 4.507711 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 10 920 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:10.799489 4.507647 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 10 1200 flow=Background 1970/01/08 07:14:15.305832 3.004409 tcp 10.0.2.109 51090 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:14:15.305948 3.004293 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 07:14:16.057020 0.751375 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 2 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:16.057128 0.751267 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 2 240 flow=Background 1970/01/08 07:14:17.558954 0.000074 udp 10.0.2.109 3683 -> 108.223.244.17 1064 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:17.559028 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x6cdf URN 192 1 163 flow=Background 1970/01/08 07:14:24.308915 0.000068 tcp 10.0.2.109 51090 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:14:24.308983 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 07:14:30.310367 3.752838 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:30.310438 3.752767 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:14:34.813928 3.003847 tcp 10.0.2.109 51091 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:14:34.814146 3.003629 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 07:14:35.976917 3.753642 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:35.977083 3.753476 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:14:39.650918 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:14:43.816889 0.000059 tcp 10.0.2.109 51091 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:14:43.816948 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 07:14:49.818785 4.002547 udp 10.0.2.109 54736 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:49.818847 4.002485 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:14:50.816909 3.004447 udp 10.0.2.109 54736 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:50.816964 3.004392 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:14:57.826516 0.000255 udp 10.0.2.109 54736 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:57.826635 0.000161 udp 10.0.2.109 54736 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:14:57.826771 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:14:57.826796 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:15:01.833128 3.755096 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:15:01.833175 3.755049 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:15:06.339082 3.004637 tcp 10.0.2.109 51092 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:15:06.339158 3.004561 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:15:15.341787 0.000074 tcp 10.0.2.109 51092 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:15:15.341861 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:15:21.341963 3.753958 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:15:21.342027 3.753894 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:15:25.847075 3.004500 tcp 10.0.2.109 51093 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:15:25.847160 3.004415 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 07:15:30.653812 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:15:34.850389 0.000065 tcp 10.0.2.109 51093 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:15:34.850454 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 07:15:40.851050 4.003593 udp 10.0.2.109 57207 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:15:40.851118 4.003525 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:15:41.850497 3.004237 udp 10.0.2.109 57207 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:15:41.850551 3.004183 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:15:48.860060 0.000093 udp 10.0.2.109 57207 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:15:48.860153 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:15:48.860177 0.000030 udp 10.0.2.109 57207 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:15:48.860207 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:15:52.866472 3.755318 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:15:52.866550 3.755240 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:15:57.372443 2.994717 tcp 10.0.2.109 51094 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:15:57.372571 2.994589 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 07:16:06.365716 0.000163 tcp 10.0.2.109 51094 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:16:06.365879 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 07:16:12.374730 3.754922 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:16:12.374780 3.754872 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:16:16.880932 2.994336 tcp 10.0.2.109 51095 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:16:16.881025 2.994243 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 07:16:21.646983 0.000164 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:16:25.883808 0.000071 tcp 10.0.2.109 51095 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:16:25.883879 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 07:16:31.886190 4.001749 udp 10.0.2.109 56754 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:16:31.886260 4.001679 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:16:32.883627 3.004416 udp 10.0.2.109 56754 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:16:32.883705 3.004338 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:16:39.893767 0.000077 udp 10.0.2.109 56754 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:16:39.893844 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:16:39.893956 0.000053 udp 10.0.2.109 56754 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:16:39.894009 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:16:43.899770 3.765301 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:16:43.899860 3.765211 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:16:48.416199 3.003852 tcp 10.0.2.109 51096 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:16:48.416318 3.003733 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 07:16:57.418439 0.000236 tcp 10.0.2.109 51096 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:16:57.418675 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 07:17:03.418808 3.754050 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:17:03.418877 3.753981 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:17:07.923960 3.004028 tcp 10.0.2.109 51097 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:17:07.924155 3.003833 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:17:12.650890 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:17:16.927110 0.000060 tcp 10.0.2.109 51097 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:17:16.927170 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:17:22.256525 3.002276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 07:17:22.929268 4.002106 udp 10.0.2.109 62373 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:17:22.929329 4.002045 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:17:23.926953 3.004447 udp 10.0.2.109 62373 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:17:23.927005 3.004395 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:17:29.264648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:17:30.936894 0.000061 udp 10.0.2.109 62373 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:17:30.936955 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:17:30.937065 0.000041 udp 10.0.2.109 62373 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:17:30.937106 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:17:34.943134 3.755069 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:17:34.943234 3.754969 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:17:37.265909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:17:39.449285 3.004711 tcp 10.0.2.109 51098 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:17:39.449385 3.004611 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:17:48.452058 0.000088 tcp 10.0.2.109 51098 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:17:48.452146 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:17:53.268895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:17:54.453381 3.752866 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:17:54.453558 3.752689 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:17:58.957557 3.004195 tcp 10.0.2.109 51099 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:17:58.957626 3.004126 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 07:18:03.654317 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:18:07.959959 0.000073 tcp 10.0.2.109 51099 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:18:07.960032 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 07:18:13.961102 4.003666 udp 10.0.2.109 60090 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:18:13.961171 4.003597 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:18:14.960733 3.004141 udp 10.0.2.109 60090 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:18:14.960786 3.004088 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:18:21.970178 0.000063 udp 10.0.2.109 60090 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:18:21.970241 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:18:21.970305 0.000032 udp 10.0.2.109 60090 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:18:21.970337 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:18:25.274891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:18:25.976228 3.755184 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:18:25.976401 3.755011 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:18:30.482624 2.994528 tcp 10.0.2.109 51100 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:18:30.482722 2.994430 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:18:39.475498 0.000067 tcp 10.0.2.109 51100 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:18:39.475565 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:18:45.484893 3.755068 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:18:45.484937 3.755024 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:23:49.992346 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:23:49.992636 2.993569 tcp 10.0.2.109 51101 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:23:49.992708 2.993497 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 07:23:58.984788 0.000157 tcp 10.0.2.109 51101 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:23:58.984945 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 07:24:04.998956 4.000574 udp 10.0.2.109 53962 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:24:04.999035 4.000495 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:24:05.994736 3.004908 udp 10.0.2.109 53962 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:24:05.994792 3.004852 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:24:13.004914 0.000256 udp 10.0.2.109 53962 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:24:13.005038 0.000158 udp 10.0.2.109 53962 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:24:13.005170 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:24:13.005196 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:24:17.011383 3.755145 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:24:17.011556 3.754972 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:24:21.518585 3.003065 tcp 10.0.2.109 51102 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:24:21.518675 3.002975 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 07:24:29.281608 3.001021 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 07:24:30.520067 0.000492 tcp 10.0.2.109 51102 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:24:30.520559 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 07:24:35.156765 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:24:36.288738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:24:36.520728 3.753928 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:24:36.520781 3.753875 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:24:41.025887 3.003958 tcp 10.0.2.109 51103 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:24:41.025974 3.003871 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:24:44.290290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:24:50.028264 0.000077 tcp 10.0.2.109 51103 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:24:50.028341 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:24:56.029720 4.003429 udp 10.0.2.109 51437 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:24:56.029787 4.003362 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:24:57.028732 3.004472 udp 10.0.2.109 51437 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:24:57.028787 3.004417 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:25:00.293283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:25:04.038541 0.000279 udp 10.0.2.109 51437 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:25:04.038680 0.000165 udp 10.0.2.109 51437 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:25:04.038820 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:25:04.038845 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:25:08.044299 3.755527 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:25:08.044353 3.755473 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:25:12.551169 2.993769 tcp 10.0.2.109 51104 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:25:12.551253 2.993685 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 07:25:20.151603 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:25:21.553566 0.000093 tcp 10.0.2.109 51104 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:25:21.553659 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 07:25:27.553625 3.754314 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:25:27.553694 3.754245 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:25:32.059269 3.003505 tcp 10.0.2.109 51105 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:25:32.059329 3.003445 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 07:25:32.299129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:25:41.061741 0.000069 tcp 10.0.2.109 51105 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:25:41.061810 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 07:25:47.063676 4.002583 udp 10.0.2.109 51510 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:25:47.063747 4.002512 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:25:48.061419 3.004867 udp 10.0.2.109 51510 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:25:48.061468 3.004818 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:25:55.071827 0.000053 udp 10.0.2.109 51510 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:25:55.071880 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:25:55.071968 0.000132 udp 10.0.2.109 51510 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:25:55.072100 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:25:59.077981 3.755193 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:25:59.078045 3.755129 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:26:03.584463 3.004203 tcp 10.0.2.109 51106 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:26:03.584586 3.004080 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 07:26:08.150354 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:26:12.587279 0.000061 tcp 10.0.2.109 51106 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:26:12.587340 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 07:26:18.587345 3.753502 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:26:18.587426 3.753421 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:26:23.092193 2.994034 tcp 10.0.2.109 51107 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:26:23.092275 2.993952 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 07:26:32.085264 0.000076 tcp 10.0.2.109 51107 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:26:32.085340 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 07:26:38.097481 4.002300 udp 10.0.2.109 64864 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:26:38.097548 4.002233 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:26:39.094973 3.004848 udp 10.0.2.109 64864 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:26:39.095039 3.004782 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:26:46.105273 0.000058 udp 10.0.2.109 64864 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:26:46.105331 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:26:46.105393 0.000039 udp 10.0.2.109 64864 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:26:46.105432 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:26:50.111453 3.754986 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:26:50.111517 3.754922 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:26:54.617974 3.003978 tcp 10.0.2.109 51108 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:26:54.618265 3.003687 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:26:59.153792 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:27:03.620258 0.000070 tcp 10.0.2.109 51108 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:27:03.620328 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:27:09.621494 3.752987 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:27:09.621554 3.752927 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:27:14.125946 3.004041 tcp 10.0.2.109 51109 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:27:14.126031 3.003956 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:27:23.128086 0.000064 tcp 10.0.2.109 51109 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:27:23.128150 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:27:29.130677 4.001906 udp 10.0.2.109 54239 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:27:29.130742 4.001841 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:27:30.128524 3.004112 udp 10.0.2.109 54239 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:27:30.128728 3.003908 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:27:37.138292 0.000057 udp 10.0.2.109 54239 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:27:37.138349 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:27:37.138438 0.000032 udp 10.0.2.109 54239 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:27:37.138470 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:27:41.144384 3.755407 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:27:41.144535 3.755256 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:27:45.651342 2.993715 tcp 10.0.2.109 51110 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:27:45.651403 2.993654 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 07:27:50.647830 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:27:54.653499 0.000079 tcp 10.0.2.109 51110 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:27:54.653578 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 07:28:00.653502 3.754682 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:28:00.653556 3.754628 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:28:05.159188 3.004276 tcp 10.0.2.109 51111 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:28:05.159267 3.004197 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:28:14.161895 0.000064 tcp 10.0.2.109 51111 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:28:14.161959 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:28:20.163408 4.002658 udp 10.0.2.109 63014 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:28:20.163493 4.002573 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:28:21.161697 3.004475 udp 10.0.2.109 63014 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:28:21.161750 3.004422 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:28:28.172137 0.000059 udp 10.0.2.109 63014 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:28:28.172196 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:28:28.172312 0.000036 udp 10.0.2.109 63014 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:28:28.172348 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:28:32.178380 3.754988 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:28:32.178468 3.754900 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:28:36.684672 3.004088 tcp 10.0.2.109 51112 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:28:36.684749 3.004011 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 07:28:41.651172 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:28:45.686898 0.000067 tcp 10.0.2.109 51112 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:28:45.686965 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 07:28:51.686774 3.754522 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:28:51.686860 3.754436 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:28:56.192876 2.994033 tcp 10.0.2.109 51113 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:28:56.192975 2.993934 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 07:29:05.185492 0.000105 tcp 10.0.2.109 51113 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:29:05.185597 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 07:29:11.196277 4.003295 udp 10.0.2.109 61239 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:29:11.196340 4.003232 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:29:12.195237 3.004446 udp 10.0.2.109 61239 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:29:12.195391 3.004292 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:29:19.205105 0.000094 udp 10.0.2.109 61239 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:29:19.205199 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:29:19.205228 0.000033 udp 10.0.2.109 61239 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:29:19.205261 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:29:23.211428 3.754914 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:29:23.211506 3.754836 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:29:27.717500 3.004644 tcp 10.0.2.109 51114 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:29:27.717567 3.004577 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:29:32.654627 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:29:36.720713 0.000076 tcp 10.0.2.109 51114 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:29:36.720789 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:29:42.720387 3.754169 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:29:42.720444 3.754112 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:29:47.225899 3.004002 tcp 10.0.2.109 51115 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:29:47.225967 3.003934 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 2 188 flow=Background 1970/01/08 07:29:56.228312 0.000069 tcp 10.0.2.109 51115 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:29:56.228381 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5ef0 URN 192 1 90 flow=Background 1970/01/08 07:30:02.230749 4.002374 udp 10.0.2.109 54264 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:30:02.230823 4.002300 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:30:03.228268 3.004963 udp 10.0.2.109 54264 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:30:03.228339 3.004892 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:30:10.238587 0.000054 udp 10.0.2.109 54264 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:30:10.238641 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:30:10.238687 0.000028 udp 10.0.2.109 54264 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:30:10.238715 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:30:14.244242 3.755657 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:30:14.244300 3.755599 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:30:18.751606 2.994053 tcp 10.0.2.109 51116 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:30:18.751684 2.993975 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 2 188 flow=Background 1970/01/08 07:30:23.647813 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:30:27.753572 0.000093 tcp 10.0.2.109 51116 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:30:27.753665 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x4df2 URN 192 1 90 flow=Background 1970/01/08 07:30:33.755366 3.752429 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:30:33.755436 3.752359 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:30:38.259071 3.004234 tcp 10.0.2.109 51117 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:30:38.259211 3.004094 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 2 188 flow=Background 1970/01/08 07:30:47.262247 0.000068 tcp 10.0.2.109 51117 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:30:47.262315 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x51b6 URN 192 1 90 flow=Background 1970/01/08 07:30:53.264145 4.002463 udp 10.0.2.109 64474 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:30:53.264217 4.002391 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:30:54.261943 3.004779 udp 10.0.2.109 64474 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:30:54.262013 3.004709 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:31:01.271720 0.000057 udp 10.0.2.109 64474 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:31:01.271777 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:31:01.271834 0.000030 udp 10.0.2.109 64474 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:31:01.271864 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:31:05.277758 3.755365 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:31:05.277921 3.755202 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:31:09.784365 3.004670 tcp 10.0.2.109 51118 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:31:09.784443 3.004592 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 2 188 flow=Background 1970/01/08 07:31:14.651167 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:31:18.787558 0.000080 tcp 10.0.2.109 51118 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:31:18.787638 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x2e31 URN 192 1 90 flow=Background 1970/01/08 07:31:24.787557 3.753509 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:31:24.787621 3.753445 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:31:29.292655 2.994036 tcp 10.0.2.109 51119 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:31:29.292729 2.993962 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:31:36.305903 3.001211 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 07:31:38.285346 0.000117 tcp 10.0.2.109 51119 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:31:38.285463 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:31:43.312335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:31:44.297329 4.172589 udp 10.0.2.109 56558 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:31:44.297406 4.172512 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:31:45.295747 3.174275 udp 10.0.2.109 56558 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:31:45.295819 3.174203 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:31:51.394412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:31:52.475468 0.000072 udp 10.0.2.109 56558 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:31:52.475540 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:31:52.475595 0.000042 udp 10.0.2.109 56558 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:31:52.475637 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:31:56.481826 3.755076 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:31:56.481994 3.754908 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:32:00.988036 3.004227 tcp 10.0.2.109 51120 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:32:00.988115 3.004148 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:32:05.734758 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:32:07.396795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:32:09.991130 0.000151 tcp 10.0.2.109 51120 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:32:09.991281 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:32:15.991001 3.753674 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:32:15.991056 3.753619 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:32:20.496182 3.004293 tcp 10.0.2.109 51121 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:32:20.496261 3.004214 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 2 188 flow=Background 1970/01/08 07:32:29.498575 0.000159 tcp 10.0.2.109 51121 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:32:29.498734 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x5707 URN 192 1 90 flow=Background 1970/01/08 07:32:35.500391 4.003260 udp 10.0.2.109 53414 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:32:35.500457 4.003194 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:32:36.499103 3.004649 udp 10.0.2.109 53414 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:32:36.499192 3.004560 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:32:39.403345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:32:43.509275 0.000074 udp 10.0.2.109 53414 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:32:43.509349 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:32:43.509447 0.000127 udp 10.0.2.109 53414 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:32:43.509574 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:32:47.514820 3.755747 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:32:47.514984 3.755583 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:32:52.021479 2.994333 tcp 10.0.2.109 51122 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:32:52.021553 2.994259 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 2 188 flow=Background 1970/01/08 07:32:56.727687 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:33:01.014225 0.000064 tcp 10.0.2.109 51122 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:33:01.014289 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xb049 URN 192 1 90 flow=Background 1970/01/08 07:33:07.024444 3.753649 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:33:07.024501 3.753592 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:38:11.531529 0.000173 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:38:11.531802 2.992881 tcp 10.0.2.109 51123 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:38:11.531872 2.992811 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 2 188 flow=Background 1970/01/08 07:38:20.533550 0.000074 tcp 10.0.2.109 51123 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:38:20.533624 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0xd326 URN 192 1 90 flow=Background 1970/01/08 07:38:26.536569 4.001326 udp 10.0.2.109 52487 -> 8.8.8.8 53 INT 0 2 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:38:26.536632 4.001263 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 2 204 flow=Background 1970/01/08 07:38:27.533691 3.004227 udp 10.0.2.109 52487 -> 8.8.4.4 53 INT 0 3 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:38:27.533850 3.004068 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 3 306 flow=Background 1970/01/08 07:38:34.544027 0.000258 udp 10.0.2.109 52487 -> 8.8.8.8 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:38:34.544148 0.000161 udp 10.0.2.109 52487 -> 8.8.4.4 53 REQ 0 1 74 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:38:34.544285 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:38:34.544309 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0808 URN 192 1 102 flow=Background 1970/01/08 07:38:38.549960 3.754688 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:38:38.550026 3.754622 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/01/08 07:38:43.056065 3.004077 tcp 10.0.2.109 51124 -> 128.255.183.224 9027 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:38:43.056223 3.003919 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 2 188 flow=Background 1970/01/08 07:38:43.409911 3.001199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 07:38:50.416934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:38:52.058828 0.000153 tcp 10.0.2.109 51124 -> 128.255.183.224 9027 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:38:52.058981 0.000000 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x80ff URN 192 1 90 flow=Background 1970/01/08 07:38:56.735729 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:38:58.058872 3.753930 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:38:58.417950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:39:02.674140 0.511783 tcp 10.0.2.109 51125 -> 176.73.166.24 5576 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:39:14.511271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:39:47.258581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:44:48.071409 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:44:48.071663 0.049029 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:48.121234 0.076461 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:48.198290 0.144832 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:48.198676 2.996680 tcp 10.0.2.109 51126 -> 82.127.143.230 5537 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:44:48.343460 0.424227 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:48.768136 0.047055 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:48.815550 0.201016 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:49.016904 0.134692 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:49.152012 0.030347 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:49.182774 0.170771 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:49.366264 0.160070 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:49.526754 0.203693 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:49.730865 0.149008 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:49.880255 0.185273 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:50.065891 0.144085 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:50.210340 0.136729 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:50.347426 0.212870 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:44:50.560629 0.000000 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:44:57.203898 0.000000 tcp 10.0.2.109 51126 -> 82.127.143.230 5537 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 07:45:06.382669 0.010899 udp 10.0.2.109 52960 <-> 8.8.8.8 53 CON 0 0 2 388 flow=From-Botnet-V1-DNS 1970/01/08 07:45:06.394113 0.075688 tcp 10.0.2.109 51127 -> 195.113.214.221 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:06.470848 0.011742 udp 10.0.2.109 63876 <-> 8.8.8.8 53 CON 0 0 2 386 flow=From-Botnet-V1-DNS 1970/01/08 07:45:06.483036 0.117129 tcp 10.0.2.109 51128 -> 195.113.214.234 80 SRPA* 0 0 46 33675 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:06.600805 0.117806 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:06.719099 0.174342 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:06.893837 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:45:13.104669 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:45:13.105090 0.267961 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:13.105419 0.604960 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 SPA_* 0 0 5 441 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:13.373491 0.362538 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:13.736394 0.337497 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:14.074362 0.140616 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:14.215393 0.149689 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:14.365463 0.147988 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:14.513806 0.333337 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:14.847541 0.000000 udp 10.0.2.109 3683 -> 163.25.87.88 5241 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 07:45:20.458812 0.268969 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 5 2322 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:26.296823 3.003321 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 7 5066 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:31.804350 0.083563 tcp 10.0.2.109 51130 -> 195.113.214.221 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:31.888185 0.071567 tcp 10.0.2.109 51131 -> 195.113.214.234 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:31.960035 0.162508 tcp 10.0.2.109 51132 -> 195.113.214.234 443 SRPA* 0 0 57 36589 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:32.123184 0.226070 udp 10.0.2.109 3683 <-> 108.223.244.17 1064 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/08 07:45:32.639753 4.925290 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 10 7440 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:37.683822 3.052922 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 9 5282 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:43.763975 2.791586 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:49.191250 2.702533 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:51.264809 3.000833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 07:45:55.899017 2.939701 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:45:58.271780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:46:01.973796 3.147764 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:46:06.273047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:46:08.079647 3.671336 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:46:15.336037 3.916233 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:46:16.668384 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:46:22.276003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:46:22.530388 4.783423 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:46:30.545982 3.247138 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:46:37.266600 3.045533 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:46:44.347560 3.385587 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:46:51.369685 4.094795 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:46:54.282272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:46:59.518497 4.087390 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:47:04.677066 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:47:07.293581 4.253958 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:47:15.655944 3.943200 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:47:22.916146 3.592697 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:47:30.351023 4.980414 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:47:38.553338 0.784756 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 7 4474 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:47:43.888642 4.940534 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:47:52.330644 4.544634 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:47:59.548857 4.805701 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:48:01.168078 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:48:08.744313 4.579945 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:48:17.164233 4.170207 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:48:24.523714 2.957655 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:48:30.516579 4.751751 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:48:39.006746 3.482936 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:48:46.248716 4.951223 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:48:54.635418 4.820121 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 8 5876 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:48:59.662195 0.573346 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 6 3072 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:49:04.168833 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:49:05.031621 4.895853 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:49:10.127740 3.444868 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 8 4528 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:49:17.175315 4.899779 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:49:25.917227 3.708525 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:49:33.370045 4.121736 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:49:40.872176 3.986884 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:49:48.627906 4.243384 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:49:56.237280 4.286927 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:50:04.262131 4.249028 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:50:04.676123 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:50:11.656479 3.847939 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:50:19.073580 3.416329 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 11 8786 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:50:25.162569 4.159715 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 10 8732 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:50:32.391835 3.198608 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:50:38.198456 3.671190 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:50:45.070895 3.348322 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:50:51.828289 4.111828 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:50:58.775517 3.132574 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:03.670742 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 07:51:04.201672 2.719777 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:09.361400 2.640915 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:14.556982 4.658231 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 17 11158 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:19.663954 4.089629 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 16 11104 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:25.551144 3.242177 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:30.859005 3.657971 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:36.796262 3.129704 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:42.071898 4.789776 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:48.633265 3.937705 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:51:53.771353 0.374164 tcp 10.0.2.109 51129 -> 75.92.139.157 2892 FPA_* 0 0 9 2162 flow=From-Botnet-V1-TCP-Established 1970/01/08 07:52:58.288963 3.001359 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 07:53:05.296028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:53:13.297152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:53:29.300658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 07:54:01.306446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:00:05.312616 3.001488 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 08:00:12.319495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:00:20.321530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:00:36.323967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:01:08.330001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:07:12.336929 3.000663 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 08:07:19.343881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:07:27.345390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:07:43.348395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:08:15.354670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:09:03.544257 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 08:09:03.544358 0.357315 tcp 10.0.2.109 51133 -> 176.73.166.24 5576 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:14:19.360839 3.000848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 08:14:26.367300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:14:34.368948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:14:50.372019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:15:22.377826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:16:02.036397 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 08:16:02.036483 0.000000 udp 10.0.2.109 3683 -> 98.234.154.124 5235 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:16:20.924610 0.071746 tcp 10.0.2.109 51134 -> 195.113.214.221 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:16:20.996598 0.076787 tcp 10.0.2.109 51135 -> 195.113.214.234 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:16:21.073804 0.182883 tcp 10.0.2.109 51136 -> 195.113.214.234 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:16:21.257278 0.000000 udp 10.0.2.109 3683 -> 163.25.87.88 5241 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:16:38.698328 0.069068 tcp 10.0.2.109 51137 -> 195.113.214.221 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:16:38.767701 0.071664 tcp 10.0.2.109 51138 -> 195.113.214.234 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:16:38.839668 0.162561 tcp 10.0.2.109 51139 -> 195.113.214.234 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:16:39.002758 0.045193 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:39.048390 0.157013 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:39.048736 3.004053 tcp 10.0.2.109 51140 -> 62.92.158.188 6222 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 08:16:39.205761 0.075883 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:39.282015 0.051495 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:39.333906 0.421063 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:39.755350 0.030346 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:39.786234 0.172343 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:39.958962 0.136219 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:40.095575 0.191504 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:40.287502 0.152861 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:40.440815 0.147159 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:40.588375 0.178864 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:40.767608 0.230147 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:40.998238 0.140316 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:41.138956 0.158061 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:41.297426 0.136245 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:41.434075 0.102568 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:41.537076 0.147701 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:41.685120 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:16:48.051305 0.000000 tcp 10.0.2.109 51140 -> 62.92.158.188 6222 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 08:16:51.029217 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:16:51.029590 0.277821 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:51.307826 0.347397 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:51.655573 0.156427 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:51.812427 0.148529 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:51.961438 0.351123 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:52.312996 0.151383 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:52.464823 0.337857 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:16:52.803087 0.000000 udp 10.0.2.109 3683 -> 108.223.244.17 1064 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:17:10.764675 0.070789 tcp 10.0.2.109 51141 -> 195.113.214.221 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:17:10.835737 0.082559 tcp 10.0.2.109 51142 -> 195.113.214.234 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:17:10.918660 0.180243 tcp 10.0.2.109 51143 -> 195.113.214.234 443 SRPA* 0 0 72 55622 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:21:26.385198 3.000819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 08:21:33.391662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:21:41.393354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:21:57.396850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:22:29.402073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:28:33.407781 3.001998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 08:28:40.415781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:28:48.417056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:29:04.420349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:29:36.425975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:35:40.432610 3.001398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 08:35:47.439327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:35:55.440963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:36:11.444028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:36:43.449744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:39:03.902896 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 08:39:03.903002 0.361501 tcp 10.0.2.109 51144 -> 176.73.166.24 5576 FSPA* 0 0 14 1727 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:42:47.456715 3.001038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 08:42:54.463890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:43:02.464994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:43:18.468009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:43:50.473950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:47:36.158579 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 08:47:36.158685 0.000000 udp 10.0.2.109 3683 -> 108.223.244.17 1064 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:47:52.864789 0.074623 tcp 10.0.2.109 51145 -> 195.113.214.221 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:47:52.939695 0.075504 tcp 10.0.2.109 51146 -> 195.113.214.234 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:47:53.015534 0.162251 tcp 10.0.2.109 51147 -> 195.113.214.234 443 SRPA* 0 0 21 13036 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:47:53.178419 0.076389 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:47:53.255293 0.052779 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:47:53.255683 3.001483 tcp 10.0.2.109 51148 -> 82.127.143.230 5537 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 08:47:53.308410 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:48:02.256109 0.000000 tcp 10.0.2.109 51148 -> 82.127.143.230 5537 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 08:48:10.639125 0.074002 tcp 10.0.2.109 51149 -> 195.113.214.221 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:48:10.713442 0.114665 tcp 10.0.2.109 51150 -> 195.113.214.234 80 SRPA* 0 0 18 13421 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:48:10.828599 0.031930 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:10.860926 0.170718 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:11.032045 0.046161 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:11.078552 0.144472 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:11.223422 0.155027 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:11.378950 0.115782 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:11.495076 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:48:29.666135 0.074728 tcp 10.0.2.109 51151 -> 195.113.214.221 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:48:29.741191 0.121280 tcp 10.0.2.109 51152 -> 195.113.214.234 80 SRPA* 0 0 20 14745 flow=From-Botnet-V1-TCP-Established 1970/01/08 08:48:29.862993 0.210434 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:30.073846 0.136960 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:30.211150 0.195508 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:30.407087 0.137028 udp 10.0.2.109 3683 <-> 70.24.111.211 7183 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:30.407434 3.003338 tcp 10.0.2.109 51153 -> 70.239.198.69 2059 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 08:48:30.544513 0.095293 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:30.640162 0.147439 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:30.788005 0.142310 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:30.930710 0.190741 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:31.121828 0.386890 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:31.509108 0.369641 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:31.879177 0.149419 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:32.028964 0.150491 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:32.179854 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:48:37.516696 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 08:48:37.517116 0.135992 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:37.653627 0.346403 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:38.000376 0.330765 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/08 08:48:39.409688 0.000000 tcp 10.0.2.109 51153 -> 70.239.198.69 2059 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 08:49:54.480708 3.000640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 08:50:01.487582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:50:09.488720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:50:25.492038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:50:57.497669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:57:01.504516 3.001403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 08:57:08.511674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:57:16.512986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:57:32.515857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 08:58:04.521854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:04:08.528610 3.001183 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 09:04:15.535833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:04:23.536550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:04:39.539903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:05:11.545863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:09:04.271132 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 09:09:04.271233 2.993210 tcp 10.0.2.109 51154 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:09:13.273698 0.000000 tcp 10.0.2.109 51154 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:09:19.273878 3.002834 tcp 10.0.2.109 51155 -> 195.113.214.221 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:09:28.275249 0.000000 tcp 10.0.2.109 51155 -> 195.113.214.221 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:09:39.284757 0.000000 udp 10.0.2.109 52528 -> 8.8.8.8 53 INT 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 09:09:40.282417 0.011305 udp 10.0.2.109 52528 <-> 8.8.4.4 53 CON 0 0 2 183 flow=From-Botnet-V1-DNS 1970/01/08 09:09:40.294086 3.002306 tcp 10.0.2.109 51156 -> 204.79.197.200 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:09:49.295181 0.000000 tcp 10.0.2.109 51156 -> 204.79.197.200 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:09:54.172035 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 09:09:56.317925 4.002961 udp 10.0.2.109 64468 -> 8.8.8.8 53 INT 0 2 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 09:09:57.316769 3.015226 udp 10.0.2.109 64468 <-> 8.8.4.4 53 CON 0 0 4 320 flow=From-Botnet-V1-DNS 1970/01/08 09:10:00.301109 2.994219 tcp 10.0.2.109 51157 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:10:00.332452 0.038506 udp 10.0.2.109 55936 -> 8.8.4.4 53 INT 0 3 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 09:10:09.304345 0.000000 tcp 10.0.2.109 51157 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:10:15.303155 2.993457 tcp 10.0.2.109 51158 -> 195.113.214.241 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:10:24.295360 0.000000 tcp 10.0.2.109 51158 -> 195.113.214.241 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:10:35.345739 3.000461 tcp 10.0.2.109 51159 -> 204.79.197.200 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:10:40.168085 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 09:10:43.416381 0.000145 tcp 10.0.2.109 51156 -> 204.79.197.200 80 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:10:44.344102 0.000000 tcp 10.0.2.109 51159 -> 204.79.197.200 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:10:55.350575 2.994000 tcp 10.0.2.109 51160 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:11:04.352893 0.000000 tcp 10.0.2.109 51160 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:11:10.352599 2.993395 tcp 10.0.2.109 51161 -> 195.113.214.236 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:11:15.551541 3.002153 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 09:11:19.344883 0.000000 tcp 10.0.2.109 51161 -> 195.113.214.236 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:11:22.559332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:11:30.361049 2.993868 tcp 10.0.2.109 51162 -> 204.79.197.200 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:11:30.561040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:11:35.167540 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 09:11:39.363302 0.000000 tcp 10.0.2.109 51162 -> 204.79.197.200 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:11:46.563824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:11:50.369540 3.003861 tcp 10.0.2.109 51163 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:11:59.371908 0.000000 tcp 10.0.2.109 51163 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:12:05.371569 2.993261 tcp 10.0.2.109 51164 -> 195.113.214.226 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:12:14.373558 0.000000 tcp 10.0.2.109 51164 -> 195.113.214.226 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:12:18.569868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:12:25.381536 2.992480 tcp 10.0.2.109 51165 -> 204.79.197.200 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:12:30.176509 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 09:12:34.382567 0.000000 tcp 10.0.2.109 51165 -> 204.79.197.200 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:12:36.419154 0.000129 tcp 10.0.2.109 51164 -> 195.113.214.226 80 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:12:40.422739 0.114947 tcp 10.0.2.109 51165 -> 204.79.197.200 80 RPA_* 0 0 19 15411 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:12:40.617496 0.720374 tcp 10.0.2.109 51166 -> 46.49.66.193 6223 FSPA* 0 0 12 1479 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:18:22.575725 3.001786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 09:18:29.583188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:18:37.584999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:18:51.875738 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 09:18:51.875851 0.419291 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:52.295562 0.173814 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:52.469771 0.076368 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:52.546705 0.052460 udp 10.0.2.109 3683 <-> 151.27.246.255 3395 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:52.547165 3.003111 tcp 10.0.2.109 51167 -> 82.127.143.230 5537 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:18:52.599544 0.033129 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:52.633147 0.159254 udp 10.0.2.109 3683 <-> 70.82.192.56 6689 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:52.792840 0.153725 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:52.946998 0.128710 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:53.076078 0.044848 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:53.121405 0.172354 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:53.294117 0.221590 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:53.516124 0.135600 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:53.587769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:18:53.652088 0.191482 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:18:53.843972 0.000000 udp 10.0.2.109 3683 -> 70.24.111.211 7183 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 09:19:01.549481 0.000000 tcp 10.0.2.109 51167 -> 82.127.143.230 5537 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:19:11.905953 0.075448 tcp 10.0.2.109 51168 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:19:11.984677 0.011478 udp 10.0.2.109 51352 <-> 8.8.8.8 53 CON 0 0 2 386 flow=From-Botnet-V1-DNS 1970/01/08 09:19:11.996670 0.076958 tcp 10.0.2.109 51169 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:19:12.073970 0.149278 tcp 10.0.2.109 51170 -> 195.113.214.237 443 SRPA* 0 0 36 25135 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:19:12.223817 0.100113 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:12.324325 0.145265 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:12.469939 0.141958 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:12.612269 0.348186 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:12.960877 0.160729 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:13.122048 0.199232 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:13.321696 0.146545 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:13.468694 0.146742 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:13.615899 0.763182 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:13.616291 3.004464 tcp 10.0.2.109 51171 -> 70.51.157.146 5497 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:19:14.379491 0.140834 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:14.520758 0.328747 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:14.849842 0.339240 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:19:22.619716 0.000000 tcp 10.0.2.109 51171 -> 70.51.157.146 5497 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:19:25.593852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:19:36.322638 0.009723 udp 10.0.2.109 63383 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/08 09:19:36.332750 0.009532 udp 10.0.2.109 57294 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/08 09:25:29.599320 3.002057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 09:25:36.607349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:25:44.609155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:26:00.611653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:26:32.617630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:32:36.624583 3.001038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 09:32:43.631286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:32:51.632647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:33:07.635770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:33:39.641922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:39:43.647649 3.001737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 09:39:50.655191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:39:58.656371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:40:14.660183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:40:46.665915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:42:41.341224 0.000243 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 09:42:41.341567 0.699564 tcp 10.0.2.109 51172 -> 46.49.66.193 6223 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:46:50.671216 3.002583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 09:46:57.679515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:47:05.680712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:47:21.684013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:47:53.689478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:49:28.896959 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 09:49:28.897080 0.000000 udp 10.0.2.109 3683 -> 70.24.111.211 7183 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 09:49:43.990405 0.078690 tcp 10.0.2.109 51173 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:49:44.069357 0.076649 tcp 10.0.2.109 51174 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:49:44.146346 0.151214 tcp 10.0.2.109 51175 -> 195.113.214.237 443 SRPA* 0 0 24 14816 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:49:44.298046 0.077741 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:49:44.376293 0.000000 udp 10.0.2.109 3683 -> 151.27.246.255 3395 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 09:49:44.376684 2.996557 tcp 10.0.2.109 51176 -> 82.127.143.230 5537 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:49:53.371889 0.000000 tcp 10.0.2.109 51176 -> 82.127.143.230 5537 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:49:59.411056 0.074231 tcp 10.0.2.109 51177 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:49:59.485590 0.125868 tcp 10.0.2.109 51178 -> 195.113.214.237 80 SRPA* 0 0 38 21731 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:49:59.611675 0.032648 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:49:59.644714 0.000000 udp 10.0.2.109 3683 -> 70.82.192.56 6689 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 09:50:16.745859 0.075742 tcp 10.0.2.109 51179 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:50:16.821916 0.076043 tcp 10.0.2.109 51180 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:50:16.898349 0.152048 tcp 10.0.2.109 51181 -> 195.113.214.237 443 SRPA* 0 0 23 13340 flow=From-Botnet-V1-TCP-Established 1970/01/08 09:50:17.050948 0.155025 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:17.206395 0.423653 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:17.630505 0.185351 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:17.816433 0.172033 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:17.816875 3.004568 tcp 10.0.2.109 51182 -> 46.233.34.99 8721 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:50:17.988880 0.229673 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:18.218936 0.136380 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:18.355737 0.195703 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:18.551849 0.111535 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:18.663817 0.045722 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:18.710030 0.146786 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:18.857243 0.141427 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:18.999086 0.350109 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:19.349538 0.109952 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 2 592 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:19.459899 0.197322 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:19.657638 0.170625 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:19.828604 0.146598 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:19.975616 0.179733 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:20.155758 0.331507 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:20.487670 0.755879 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:21.243958 0.139335 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:21.383712 0.333636 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/08 09:50:26.819892 0.000000 tcp 10.0.2.109 51182 -> 46.233.34.99 8721 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 09:53:57.696114 3.000920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 09:54:04.703177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:54:12.704553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:54:28.707851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 09:55:00.713545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:01:04.720287 3.001158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 10:01:11.727105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:01:19.728680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:01:35.731961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:02:07.737915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:08:11.744192 3.001215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 10:08:18.751322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:08:26.752216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:08:42.755904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:09:14.761678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:12:42.040561 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:12:42.040649 0.859959 tcp 10.0.2.109 51183 -> 46.49.66.193 6223 FSPA* 0 0 14 1625 flow=From-Botnet-V1-TCP-Established 1970/01/08 10:15:18.767651 3.001898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 10:15:25.775079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:15:33.776429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:15:49.779828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:16:21.785246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:20:49.931519 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:20:49.931627 0.000000 udp 10.0.2.109 3683 -> 70.82.192.56 6689 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:21:08.539462 0.090314 tcp 10.0.2.109 51184 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 10:21:08.629649 0.075919 tcp 10.0.2.109 51185 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 10:21:08.705374 0.168016 tcp 10.0.2.109 51186 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/08 10:21:08.873999 0.000000 udp 10.0.2.109 3683 -> 151.27.246.255 3395 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:21:27.705959 0.074999 tcp 10.0.2.109 51187 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 10:21:27.781255 0.071956 tcp 10.0.2.109 51188 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 10:21:27.853100 0.149321 tcp 10.0.2.109 51189 -> 195.113.214.237 443 SRPA* 0 0 23 13772 flow=From-Botnet-V1-TCP-Established 1970/01/08 10:21:28.003009 4.959070 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 3 631 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:28.078807 4.374316 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 4 1169 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:28.079189 3.000737 tcp 10.0.2.109 51190 -> 82.127.143.230 5537 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 10:21:28.112265 4.522000 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 4 1205 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:28.293568 4.511715 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 4 1325 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:28.467835 4.493742 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 4 1104 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:28.619090 4.847773 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 4 1091 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:29.041985 4.646990 udp 10.0.2.109 3683 <-> 99.60.181.75 9573 CON 0 0 4 1001 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:29.264528 4.568066 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 4 1178 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:29.399469 4.628789 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 4 1287 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:29.594999 4.551976 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 4 1147 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:29.706577 4.491576 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 4 1109 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:29.751795 4.608433 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 4 1210 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:29.897013 0.141485 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:30.039185 4.682281 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 4 1110 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:30.399801 4.422123 udp 10.0.2.109 3683 <-> 2.193.43.250 8099 CON 0 0 4 1226 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:30.491477 4.571245 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 4 1190 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:30.719668 4.490600 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 4 1151 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:30.868987 4.629197 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 4 1187 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:31.017406 4.655124 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 4 1245 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:31.254542 4.758224 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 4 1224 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:31.590655 4.757551 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 4 1174 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:31.925243 4.924315 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 4 985 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:32.267433 4.223595 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 4 1026 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:33.040172 0.000000 udp 10.0.2.109 3683 <- 82.127.143.230 4509 RSP 0 0 1 541 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:21:35.210765 0.140795 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:21:36.850263 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:21:37.078890 0.000000 tcp 10.0.2.109 51190 -> 82.127.143.230 5537 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 10:21:42.116142 0.000000 udp 10.0.2.109 3683 -> 38.98.127.233 7854 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:21:49.667418 0.000000 udp 10.0.2.109 3683 -> 96.46.115.18 8592 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:21:55.014962 0.000000 udp 10.0.2.109 3683 -> 96.56.118.106 4157 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:22:01.634510 0.000000 udp 10.0.2.109 3683 -> 98.112.171.175 4180 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:22:07.243121 0.323840 udp 10.0.2.109 3683 <-> 186.49.78.131 1314 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:22:07.583500 0.147420 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 817 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:22:07.746998 0.072551 udp 10.0.2.109 3683 <-> 2.28.32.229 3796 CON 0 0 2 848 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:22:07.835766 0.170500 udp 10.0.2.109 3683 -> 66.212.108.34 7247 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:22:08.006266 0.000000 icmp 66.212.108.34 0x0303 -> 10.0.2.109 0x4f1c URP 192 1 309 flow=Background 1970/01/08 10:22:12.169156 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:22:16.305653 0.000000 udp 10.0.2.109 3683 -> 67.191.163.248 9307 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:22:22.665053 0.000000 udp 10.0.2.109 3683 -> 147.134.33.131 9549 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:22:25.791999 3.001549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 10:22:31.186846 0.614006 udp 10.0.2.109 3683 <-> 151.27.247.165 3395 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:22:31.833265 0.164940 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 676 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:22:32.026815 0.000000 udp 10.0.2.109 3683 -> 5.64.102.4 1165 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:22:32.798899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:22:39.488970 0.000000 udp 10.0.2.109 3683 -> 206.116.22.148 8037 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:22:40.800319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:22:45.226815 0.000000 udp 10.0.2.109 3683 -> 69.69.174.69 1025 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:22:51.866768 0.000000 udp 10.0.2.109 3683 -> 50.129.197.95 8300 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:22:56.673502 0.000207 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:22:56.803874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:22:58.305670 0.000000 udp 10.0.2.109 3683 -> 189.47.138.46 2453 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:23:04.695362 0.000000 udp 10.0.2.109 3683 -> 219.92.87.102 3152 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:23:12.686482 0.000000 udp 10.0.2.109 3683 -> 159.247.211.26 3579 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:23:19.145721 0.195509 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:23:19.353609 0.271245 udp 10.0.2.109 3683 <-> 189.135.179.217 1728 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:23:19.659379 0.000000 udp 10.0.2.109 3683 -> 108.46.165.202 8308 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:23:25.635417 0.000000 udp 10.0.2.109 3683 -> 71.45.129.61 4041 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:23:28.809249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:23:33.526343 0.000000 udp 10.0.2.109 3683 -> 62.219.145.62 4816 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:23:39.635265 0.000000 udp 10.0.2.109 3683 -> 92.15.63.218 5965 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:23:44.171261 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:23:45.073060 0.000000 udp 10.0.2.109 3683 -> 71.227.178.24 1753 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:23:53.314891 0.166693 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 815 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:23:53.677969 0.305812 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:23:54.002197 0.000000 udp 10.0.2.109 3683 -> 86.143.180.19 7590 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:23:59.924722 0.000000 udp 10.0.2.109 3683 -> 80.184.19.7 1489 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:24:05.022248 0.000000 udp 10.0.2.109 3683 -> 80.34.193.10 2312 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:24:12.111736 0.000000 udp 10.0.2.109 3683 -> 176.26.176.135 3695 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:24:19.652841 0.153900 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 701 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:24:19.849946 0.000000 udp 10.0.2.109 3683 -> 62.47.210.239 3980 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:24:28.726080 0.000000 udp 10.0.2.109 3683 -> 76.108.64.179 3759 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:24:33.672471 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:24:36.967993 0.000000 udp 10.0.2.109 3683 -> 72.164.128.86 2885 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:24:43.166282 0.000000 udp 10.0.2.109 3683 -> 178.21.182.194 7216 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:24:50.928138 0.000000 udp 10.0.2.109 3683 -> 68.112.193.146 2755 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:24:57.997849 0.000000 udp 10.0.2.109 3683 -> 24.246.129.90 6128 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:04.226681 0.000000 udp 10.0.2.109 3683 -> 213.74.236.69 5158 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:12.127945 0.000000 udp 10.0.2.109 3683 -> 91.42.125.77 6098 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:19.368532 0.099194 udp 10.0.2.109 3683 <-> 188.121.223.226 3653 CON 0 0 2 782 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:25:19.625847 0.371587 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 788 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:25:20.338403 0.000000 udp 10.0.2.109 3683 -> 99.177.167.54 8486 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:24.175785 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:25:26.038335 0.000000 udp 10.0.2.109 3683 -> 86.145.19.112 9856 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:31.846853 0.137736 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:25:32.032137 0.000000 udp 10.0.2.109 3683 -> 209.33.25.73 7207 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:38.266021 0.000000 udp 10.0.2.109 3683 -> 172.129.6.63 8153 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:44.699526 0.000000 udp 10.0.2.109 3683 <- 172.129.6.63 8153 RSP 0 0 1 549 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:45.008591 0.000000 udp 10.0.2.109 3683 -> 137.53.241.13 5038 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:51.084103 0.000000 udp 10.0.2.109 3683 -> 50.48.103.96 3437 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:25:56.592552 0.000000 udp 10.0.2.109 3683 -> 95.229.248.100 6486 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:26:02.540982 0.000000 udp 10.0.2.109 3683 -> 98.140.216.218 9238 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:26:08.889889 0.149492 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 775 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:26:09.049619 0.085836 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 817 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:26:09.153450 0.159857 udp 10.0.2.109 3683 -> 198.179.107.162 2237 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:26:09.313307 0.000000 icmp 198.179.107.162 0x0303 -> 10.0.2.109 0xbd08 URP 192 1 284 flow=Background 1970/01/08 10:26:13.666385 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:26:15.940462 0.000000 udp 10.0.2.109 3683 -> 151.50.49.110 4306 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:26:24.612234 0.000000 udp 10.0.2.109 3683 -> 183.82.168.252 4751 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:26:30.440768 0.098833 udp 10.0.2.109 3683 <-> 94.137.179.120 7381 CON 0 0 2 735 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:26:30.548954 0.000000 udp 10.0.2.109 3683 -> 78.167.58.116 6934 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:26:37.671126 0.060486 udp 10.0.2.109 3683 <-> 78.49.10.237 5245 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:26:37.743882 0.000000 udp 10.0.2.109 3683 -> 93.61.9.193 5584 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:26:43.759730 0.269214 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 856 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:26:44.040337 0.000000 udp 10.0.2.109 3683 -> 80.152.223.128 8707 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:26:50.870076 0.098328 udp 10.0.2.109 3683 <-> 93.177.139.137 7464 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:26:50.993247 0.000000 udp 10.0.2.109 3683 -> 89.0.121.31 6172 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:26:57.349915 0.000000 udp 10.0.2.109 3683 -> 95.233.159.14 6639 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:27:02.166262 0.000171 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:27:03.768402 0.043024 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:27:03.821586 0.000000 udp 10.0.2.109 3683 -> 79.39.123.148 1583 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:27:09.306549 0.000000 udp 10.0.2.109 3683 -> 85.110.43.128 5615 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:27:15.124881 0.000000 udp 10.0.2.109 3683 -> 200.90.243.100 2347 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:27:20.202520 0.092638 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 745 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:27:20.310347 0.000000 udp 10.0.2.109 3683 -> 109.40.139.62 1676 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:27:25.479687 0.094127 udp 10.0.2.109 3683 <-> 82.211.180.109 5805 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:27:25.604812 0.000000 udp 10.0.2.109 3683 -> 2.26.212.2 3779 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:27:32.199614 0.323294 udp 10.0.2.109 3683 <-> 202.73.32.246 2924 CON 0 0 2 838 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:27:32.705257 0.000000 udp 10.0.2.109 3683 -> 182.2.247.145 4661 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:27:41.673591 0.000000 udp 10.0.2.109 3683 -> 24.33.151.168 2815 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:27:46.670281 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:27:49.894858 0.000000 udp 10.0.2.109 3683 -> 93.148.117.226 4216 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:27:58.617601 0.000000 udp 10.0.2.109 3683 -> 31.192.29.170 7498 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:28:04.245560 0.000000 udp 10.0.2.109 3683 -> 111.92.100.14 8608 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:28:10.644838 0.000000 udp 10.0.2.109 3683 -> 151.50.2.152 2490 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:28:18.125923 0.000000 udp 10.0.2.109 3683 -> 70.169.164.213 4942 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:28:24.965885 0.000000 udp 10.0.2.109 3683 -> 188.47.145.167 7761 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:28:32.346629 0.000000 udp 10.0.2.109 3683 -> 2.40.88.185 2147 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:28:37.172915 0.000324 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:28:37.853734 0.179822 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 780 flow=From-Botnet-V1-UDP-Established 1970/01/08 10:28:38.163158 0.000000 udp 10.0.2.109 3683 -> 177.106.55.170 1084 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:28:46.036028 0.000000 udp 10.0.2.109 3683 -> 88.235.75.119 8511 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:28:53.236429 0.000000 udp 10.0.2.109 3683 -> 2.25.99.138 8474 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:28:59.505140 0.000000 udp 10.0.2.109 3683 -> 107.202.60.87 5813 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:29:06.134801 0.000000 udp 10.0.2.109 3683 -> 174.91.133.76 1885 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:29:13.084339 0.000000 udp 10.0.2.109 3683 -> 98.221.120.62 3786 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:29:22.007499 0.000000 udp 10.0.2.109 3683 -> 68.188.35.130 5814 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:29:26.783963 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:29:28.646756 0.000000 udp 10.0.2.109 3683 -> 78.187.74.234 1266 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:29:32.925360 3.002134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 10:29:35.136049 0.000000 udp 10.0.2.109 3683 -> 78.226.247.30 7050 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:29:39.933035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:29:43.759172 0.000000 udp 10.0.2.109 3683 -> 151.84.225.80 5264 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:29:47.934722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:29:49.977814 0.000000 udp 10.0.2.109 3683 -> 89.104.226.174 2371 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:29:56.617498 0.000000 udp 10.0.2.109 3683 -> 66.126.30.70 5587 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:30:02.395721 0.000000 udp 10.0.2.109 3683 -> 81.213.174.94 1024 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:30:03.937405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:30:10.236775 0.202115 udp 10.0.2.109 3683 -> 122.173.132.61 5749 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 10:30:10.438890 0.000000 icmp 122.173.132.61 0x0303 -> 10.0.2.109 0x7516 URP 192 1 251 flow=Background 1970/01/08 10:30:14.782986 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:30:35.943744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:36:39.950108 3.001462 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 10:36:46.957280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:36:54.958373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:37:10.961805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:37:42.967784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:42:43.009400 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 10:42:43.009495 0.694439 tcp 10.0.2.109 51191 -> 46.49.66.193 6223 FSPA* 0 0 14 1577 flow=From-Botnet-V1-TCP-Established 1970/01/08 10:43:46.972965 3.002793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 10:43:53.981220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:44:01.982648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:44:17.985776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:44:49.991734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:50:53.998267 3.001243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 10:51:01.005435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:51:09.006865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:51:25.009507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:51:57.015394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:58:01.022322 3.001001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 10:58:08.029212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:58:16.030409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:58:32.033448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 10:59:04.039454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:00:24.855926 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 11:00:24.856018 0.201012 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:00:25.057378 0.154812 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:00:25.212625 0.031843 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:00:25.245001 0.159937 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:00:25.245476 1.428572 tcp 10.0.2.109 51192 -> 160.80.52.122 6469 FSPA* 0 0 439 330492 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:00:25.405290 0.137261 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:00:25.542944 0.421882 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:00:25.965210 0.000000 udp 10.0.2.109 3683 -> 99.60.181.75 9573 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:00:28.623714 0.101389 tcp 10.0.2.109 51193 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:00:28.725427 0.076857 tcp 10.0.2.109 51194 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:00:28.802593 0.246818 tcp 10.0.2.109 51195 -> 195.113.214.237 443 SRPA* 0 0 20 11486 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:00:45.710272 0.135402 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:00:45.846253 0.000000 udp 10.0.2.109 3683 -> 99.60.181.75 9573 REQ 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:01:02.209812 0.070882 tcp 10.0.2.109 51196 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:02.281065 0.071238 tcp 10.0.2.109 51197 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:02.352148 0.149512 tcp 10.0.2.109 51198 -> 195.113.214.237 443 SRPA* 0 0 23 12544 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:02.502415 0.000000 udp 10.0.2.109 3683 -> 2.193.43.250 8099 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:01:18.112960 0.114838 tcp 10.0.2.109 51199 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:18.228084 0.069885 tcp 10.0.2.109 51200 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:18.298333 0.152081 tcp 10.0.2.109 51201 -> 195.113.214.237 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:18.451024 0.359404 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:18.810823 0.043619 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:18.854817 0.146733 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:19.001900 0.199078 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:19.201389 0.166297 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:19.368055 0.158469 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:19.526975 0.141153 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:19.668534 0.150505 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:19.819450 0.244540 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:20.064418 0.143443 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:20.208263 0.347299 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:20.556012 0.405325 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:20.961678 0.141834 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:21.103860 0.333217 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:21.437475 0.311030 udp 10.0.2.109 3683 <-> 186.49.78.131 1314 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:21.748924 0.000000 udp 10.0.2.109 3683 -> 2.28.32.229 3796 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:01:30.700350 0.691818 tcp 10.0.2.109 51202 -> 46.49.66.193 6223 FSPA* 0 0 14 1549 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:40.665525 0.070713 tcp 10.0.2.109 51203 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:40.736522 0.074409 tcp 10.0.2.109 51204 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:40.811245 0.151795 tcp 10.0.2.109 51205 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:40.963618 0.138716 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:41.102732 0.000000 udp 10.0.2.109 3683 -> 151.27.247.165 3395 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:01:56.878683 0.070133 tcp 10.0.2.109 51206 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:56.949123 0.075848 tcp 10.0.2.109 51207 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:57.025260 0.145164 tcp 10.0.2.109 51208 -> 195.113.214.237 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:01:57.170287 0.163000 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:57.333690 0.190492 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:57.524533 0.298829 udp 10.0.2.109 3683 <-> 189.135.179.217 1728 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:57.823794 0.159653 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:57.983811 0.333585 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:58.317789 0.148010 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:58.466243 0.368724 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:58.835358 0.054374 udp 10.0.2.109 3683 <-> 188.121.223.226 3653 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:58.890315 0.136024 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:01:59.026701 0.000000 udp 10.0.2.109 3683 -> 172.129.6.63 8153 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:02:17.758310 0.078390 tcp 10.0.2.109 51209 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:02:17.836984 0.076876 tcp 10.0.2.109 51210 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:02:17.914190 0.153532 tcp 10.0.2.109 51211 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:02:18.068314 0.054455 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:18.123150 0.155255 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:18.278864 0.000000 udp 10.0.2.109 3683 -> 94.137.179.120 7381 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:02:36.385293 0.074548 tcp 10.0.2.109 51212 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:02:36.460138 0.071710 tcp 10.0.2.109 51213 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:02:36.532110 0.150869 tcp 10.0.2.109 51214 -> 195.113.214.237 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:02:36.683468 0.060230 udp 10.0.2.109 3683 <-> 78.49.10.237 5245 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:36.744121 0.154166 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:36.898696 0.000000 udp 10.0.2.109 3683 -> 93.177.139.137 7464 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:02:52.078384 0.071752 tcp 10.0.2.109 51215 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:02:52.150451 0.108664 tcp 10.0.2.109 51216 -> 195.113.214.237 80 SRPA* 0 0 20 14732 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:02:52.259665 0.041070 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:52.301133 0.058460 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:52.359977 0.056529 udp 10.0.2.109 3683 <-> 82.211.180.109 5805 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:52.416909 0.317624 udp 10.0.2.109 3683 <-> 202.73.32.246 2924 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:52.734887 0.171446 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:52.906741 0.074812 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:52.981934 0.150800 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:53.133107 0.031618 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:53.165129 0.155250 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:53.320829 0.231529 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:02:53.552715 0.420462 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:05:08.116428 3.000510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 11:05:15.123298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:05:23.124414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:05:39.127918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:06:11.133701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:12:15.140931 3.000455 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 11:12:22.147333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:12:30.148509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:12:46.151737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:13:18.157717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:19:22.194585 3.001083 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 11:19:29.201116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:19:37.202568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:19:53.205299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:20:25.211719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:26:29.218423 3.001031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 11:26:36.225340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:26:44.226656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:27:00.229621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:27:32.235649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:31:31.429952 0.000174 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 11:31:31.430245 3.003122 tcp 10.0.2.109 51217 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 11:31:40.442618 0.000000 tcp 10.0.2.109 51217 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 11:31:46.432899 0.075569 tcp 10.0.2.109 51218 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:31:46.508861 0.077141 tcp 10.0.2.109 51219 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:31:46.586345 0.145547 tcp 10.0.2.109 51220 -> 195.113.214.237 443 SRPA* 0 0 21 10744 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:31:46.763371 0.519599 tcp 10.0.2.109 51221 -> 176.73.148.62 8415 FSPA* 0 0 14 1639 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:32:54.318907 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 11:32:54.319004 3.618436 udp 10.0.2.109 3683 -> 2.193.43.250 8099 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:32:57.937440 0.000000 icmp 2.193.43.250 0x0303 -> 10.0.2.109 0xa31f URP 192 1 285 flow=Background 1970/01/08 11:33:10.372323 0.078280 tcp 10.0.2.109 51222 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:10.450908 0.109429 tcp 10.0.2.109 51223 -> 195.113.214.237 80 SRPA* 0 0 18 13346 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:10.560864 0.086338 udp 10.0.2.109 3683 <-> 2.28.32.229 3796 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:33:10.647575 0.000000 udp 10.0.2.109 3683 -> 151.27.247.165 3395 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:33:25.654183 0.078633 tcp 10.0.2.109 51224 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:25.733119 0.079412 tcp 10.0.2.109 51225 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:25.812836 0.154627 tcp 10.0.2.109 51226 -> 195.113.214.237 443 SRPA* 0 0 23 14002 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:25.968256 0.000000 udp 10.0.2.109 3683 -> 172.129.6.63 8153 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:33:36.241366 3.002546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 11:33:42.608848 0.073476 tcp 10.0.2.109 51227 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:42.682699 0.081153 tcp 10.0.2.109 51228 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:42.764149 0.152274 tcp 10.0.2.109 51229 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:42.917065 0.000000 udp 10.0.2.109 3683 -> 94.137.179.120 7381 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:33:43.249857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:33:51.250882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:33:58.180725 0.078126 tcp 10.0.2.109 51230 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:58.259123 0.096939 tcp 10.0.2.109 51231 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:58.356345 0.152520 tcp 10.0.2.109 51232 -> 195.113.214.237 443 SRPA* 0 0 23 13146 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:33:58.509489 0.000000 udp 10.0.2.109 3683 -> 93.177.139.137 7464 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:34:07.253352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:34:15.656329 0.077975 tcp 10.0.2.109 51233 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:34:15.733763 0.117202 tcp 10.0.2.109 51234 -> 195.113.214.237 80 SRPA* 0 0 22 13635 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:34:15.851368 0.137668 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:15.989422 0.397559 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:16.387398 0.145653 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:16.533430 0.047743 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:16.581529 0.230182 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:16.812148 0.152519 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:16.965088 0.148204 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:17.113751 0.140889 udp 10.0.2.109 3683 <-> 96.37.204.36 6480 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:17.255059 0.202784 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:17.458269 0.255386 udp 10.0.2.109 3683 <-> 70.239.198.69 9706 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:17.714008 0.145153 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:17.859629 0.348698 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:18.208690 0.364218 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:18.573321 0.371377 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:18.945096 0.297925 udp 10.0.2.109 3683 <-> 186.49.78.131 1314 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:19.243362 0.140570 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:19.384341 0.135543 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:19.520301 0.163492 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:19.684182 0.158505 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:19.843100 0.000000 udp 10.0.2.109 3683 -> 98.80.199.111 2843 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:34:37.958542 0.076178 tcp 10.0.2.109 51235 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:34:38.034663 0.075674 tcp 10.0.2.109 51236 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:34:38.110632 0.151624 tcp 10.0.2.109 51237 -> 195.113.214.237 443 SRPA* 0 0 42 23318 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:34:38.262205 0.254317 udp 10.0.2.109 3683 <-> 189.135.179.217 1728 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:38.516887 0.057485 udp 10.0.2.109 3683 <-> 188.121.223.226 3653 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:38.574802 0.135821 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:38.711036 0.365281 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:39.076713 0.148521 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:39.225603 0.303568 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:39.259747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:34:39.529552 0.054588 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:39.584501 0.172879 rtcp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:39.757772 0.064085 udp 10.0.2.109 3683 <-> 78.49.10.237 5245 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:39.822429 0.153593 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:39.976437 0.041801 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:40.018669 0.053406 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:40.072476 0.000000 udp 10.0.2.109 3683 -> 82.211.180.109 5805 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:34:58.188499 0.074862 tcp 10.0.2.109 51238 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:34:58.263663 0.078571 tcp 10.0.2.109 51239 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:34:58.342553 0.149333 tcp 10.0.2.109 51240 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:34:58.492501 0.423586 udp 10.0.2.109 3683 <-> 202.73.32.246 2924 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:58.916492 0.171421 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:59.088330 0.075049 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:59.163728 0.153158 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:59.317296 0.172065 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:59.489795 0.448141 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:34:59.938380 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 11:35:15.592675 0.079607 tcp 10.0.2.109 51241 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:35:15.672577 0.071218 tcp 10.0.2.109 51242 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:35:15.743646 0.157839 tcp 10.0.2.109 51243 -> 195.113.214.237 443 SRPA* 0 0 23 13772 flow=From-Botnet-V1-TCP-Established 1970/01/08 11:35:15.902020 0.031797 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/08 11:40:43.265238 3.001872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 11:40:50.273112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:40:58.274519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:41:14.277330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:41:46.283467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:47:50.290069 3.001108 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 11:47:57.296953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:48:05.298313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:48:21.301304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:48:53.307621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:54:57.313227 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 11:55:04.320638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:55:12.322042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:55:28.325620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 11:56:00.331389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:01:47.290713 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 12:01:47.290818 0.521129 tcp 10.0.2.109 51244 -> 176.73.148.62 8415 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:02:04.337558 3.001445 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 12:02:11.344630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:02:19.346142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:02:35.349671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:03:07.355605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:05:44.932010 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 12:05:44.932184 0.376569 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:05:45.309119 0.000000 udp 10.0.2.109 3683 -> 82.211.180.109 5805 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:06:00.576893 0.080884 tcp 10.0.2.109 51245 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:00.658114 0.117159 tcp 10.0.2.109 51246 -> 195.113.214.237 80 SRPA* 0 0 20 14787 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:00.775935 0.177656 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:00.954005 0.140403 udp 10.0.2.109 3683 <-> 2.28.32.229 3796 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:01.094816 0.136808 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:01.232026 0.169851 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:01.402308 0.236854 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:01.639607 0.047278 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:01.687284 0.145590 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:01.833292 0.366678 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:02.200321 0.144531 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:02.345264 0.000000 udp 10.0.2.109 3683 -> 96.37.204.36 6480 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:06:21.154268 0.070145 tcp 10.0.2.109 51247 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:21.224751 0.111997 tcp 10.0.2.109 51248 -> 195.113.214.237 80 SRPA* 0 0 18 13397 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:21.337276 0.162021 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:21.499688 0.000000 udp 10.0.2.109 3683 -> 70.239.198.69 9706 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:06:37.648476 0.066160 tcp 10.0.2.109 51249 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:37.714933 0.073718 tcp 10.0.2.109 51250 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:37.789003 0.150625 tcp 10.0.2.109 51251 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:37.940131 0.160268 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:38.100764 0.347601 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:38.449150 0.285188 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:38.734730 0.361214 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:39.096312 0.161923 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:39.258552 0.144575 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:39.403553 0.321610 udp 10.0.2.109 3683 <-> 186.49.78.131 1314 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:39.725573 0.139755 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:39.865771 0.162744 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:40.028954 0.054909 udp 10.0.2.109 3683 <-> 188.121.223.226 3653 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:40.084273 0.248481 udp 10.0.2.109 3683 <-> 189.135.179.217 1728 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:40.333160 0.152057 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:40.485569 0.317877 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:40.803832 0.054794 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:40.858967 0.157832 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:41.017206 0.058319 udp 10.0.2.109 3683 <-> 78.49.10.237 5245 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:41.075938 0.153286 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:41.229573 0.000000 udp 10.0.2.109 3683 -> 217.85.203.243 5770 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:06:57.226637 0.074424 tcp 10.0.2.109 51252 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:57.301384 0.117645 tcp 10.0.2.109 51253 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:57.419374 0.145245 tcp 10.0.2.109 51254 -> 195.113.214.237 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:06:57.565218 0.195717 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:57.761334 0.364711 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:58.126496 0.055308 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:06:58.182313 0.000000 udp 10.0.2.109 3683 -> 202.73.32.246 2924 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:07:14.461673 0.074489 tcp 10.0.2.109 51255 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:07:14.536420 0.073933 tcp 10.0.2.109 51256 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:07:14.610658 0.143860 tcp 10.0.2.109 51257 -> 195.113.214.237 443 SRPA* 0 0 23 14566 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:07:14.755115 0.173646 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:07:14.929207 0.419654 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:07:15.349230 0.171869 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:07:15.521526 0.076242 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:07:15.598265 0.153178 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:07:15.751850 0.031412 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:09:11.361875 3.000975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 12:09:18.368734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:09:26.370426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:09:42.373282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:10:14.379312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:16:18.385492 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 12:16:25.392425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:16:33.393939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:16:49.397108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:17:21.403092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:23:25.409606 3.001794 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 12:23:32.416365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:23:40.418143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:23:56.420887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:24:28.426938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:30:32.432800 3.002138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 12:30:39.440554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:30:47.442687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:31:03.445292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:31:35.451602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:31:47.819880 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 12:31:47.819981 0.616155 tcp 10.0.2.109 51258 -> 176.73.148.62 8415 FSPA* 0 0 14 1684 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:37:35.846944 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 12:37:35.847098 0.000000 udp 10.0.2.109 3683 -> 70.239.198.69 9706 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:37:39.457332 3.001880 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 12:37:46.464761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:37:52.094586 0.079922 tcp 10.0.2.109 51259 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:37:52.174793 0.071759 tcp 10.0.2.109 51260 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:37:52.246913 0.168522 tcp 10.0.2.109 51261 -> 195.113.214.237 443 SRPA* 0 0 41 22676 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:37:52.414977 0.000000 udp 10.0.2.109 3683 -> 96.37.204.36 6480 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:37:54.466062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:38:09.818543 0.074371 tcp 10.0.2.109 51262 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:38:09.893215 0.076509 tcp 10.0.2.109 51263 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:38:09.970043 0.151773 tcp 10.0.2.109 51264 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:38:10.122444 0.000000 udp 10.0.2.109 3683 -> 217.85.203.243 5770 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:38:10.469245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:38:26.322776 0.071452 tcp 10.0.2.109 51265 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:38:26.393973 0.075958 tcp 10.0.2.109 51266 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:38:26.470316 0.169646 tcp 10.0.2.109 51267 -> 195.113.214.237 443 SRPA* 0 0 41 22812 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:38:26.640210 0.000000 udp 10.0.2.109 3683 -> 202.73.32.246 2924 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:38:42.475588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:38:45.210038 0.070660 tcp 10.0.2.109 51268 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:38:45.281063 0.072131 tcp 10.0.2.109 51269 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:38:45.353538 0.147024 tcp 10.0.2.109 51270 -> 195.113.214.237 443 SRPA* 0 0 21 11772 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:38:45.501185 0.308758 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:45.810496 0.178761 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:45.989605 0.044104 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:46.034112 0.145284 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:46.179788 0.195647 udp 10.0.2.109 3683 <-> 2.28.32.229 3796 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:46.375826 0.245176 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:46.621421 0.174915 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:46.796744 0.135703 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:46.932878 0.366271 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:47.299568 0.141647 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:47.441634 0.110006 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:47.552040 0.164268 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:47.716682 0.712280 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:48.429362 0.342181 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:48.771989 0.318300 udp 10.0.2.109 3683 <-> 186.49.78.131 1314 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:49.090727 0.140050 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:49.231141 0.144521 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:49.376015 0.159994 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:49.536398 0.341173 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:49.878001 0.239959 udp 10.0.2.109 3683 <-> 189.135.179.217 1728 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:50.118521 0.137154 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:50.256045 0.570501 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:50.826941 0.053616 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:50.880955 0.148541 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:38:51.029883 0.000000 udp 10.0.2.109 3683 -> 188.121.223.226 3653 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 12:39:09.134477 0.076331 tcp 10.0.2.109 51271 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:39:09.210693 0.116310 tcp 10.0.2.109 51272 -> 195.113.214.237 80 SRPA* 0 0 20 14766 flow=From-Botnet-V1-TCP-Established 1970/01/08 12:39:09.327399 0.164062 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:09.491906 0.056170 udp 10.0.2.109 3683 <-> 78.49.10.237 5245 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:09.548463 0.154879 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:09.703725 0.145908 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:09.849989 0.377940 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:10.228356 0.053598 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:10.282332 0.173076 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:10.455839 0.075981 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:10.532168 0.153115 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:10.685741 0.033157 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:10.719291 0.420114 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:39:11.139822 0.171296 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/08 12:44:46.481994 3.000745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 12:44:53.488442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:45:01.489779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:45:17.492911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:45:49.499417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:51:53.505254 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 12:52:00.512770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:52:08.513958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:52:24.516976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:52:56.523302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:59:00.529387 3.001061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 12:59:07.536669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:59:15.537757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 12:59:31.541447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:00:03.547275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:01:48.438785 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 13:01:48.438924 0.508252 tcp 10.0.2.109 51273 -> 176.73.148.62 8415 FSPA* 0 0 14 1545 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:06:07.553180 3.001866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 13:06:14.560551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:06:22.561659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:06:38.564898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:07:10.571161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:09:36.651709 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 13:09:36.651814 0.000000 udp 10.0.2.109 3683 -> 188.121.223.226 3653 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 13:09:52.916995 0.071519 tcp 10.0.2.109 51274 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:09:52.988783 0.252107 tcp 10.0.2.109 51275 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:09:53.240737 0.177206 tcp 10.0.2.109 51276 -> 195.113.214.237 443 SRPA* 0 0 23 13772 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:09:53.418657 0.189946 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:53.608971 0.166526 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:53.775874 0.490874 udp 10.0.2.109 3683 <-> 2.28.32.229 3796 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:54.267158 0.240042 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:54.507610 0.176650 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:54.684611 0.136061 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:54.821084 0.046525 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:54.868052 0.150029 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:55.018522 0.356860 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:55.375792 0.165394 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:55.541586 0.106820 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:55.648840 0.143431 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:55.792685 0.310179 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:56.103313 0.341049 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:56.444784 0.149269 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:56.594463 0.171463 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:56.766503 0.347288 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:57.114309 0.137895 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:09:57.252539 0.000000 udp 10.0.2.109 3683 -> 186.49.78.131 1314 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 13:10:14.566038 0.070263 tcp 10.0.2.109 51277 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:10:14.636621 0.115358 tcp 10.0.2.109 51278 -> 195.113.214.237 80 SRPA* 0 0 18 13398 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:10:14.752462 0.058946 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:14.811820 0.250455 udp 10.0.2.109 3683 <-> 189.135.179.217 1728 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:15.062689 0.134964 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:15.198248 0.289597 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:15.488283 0.150415 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:15.639142 0.162232 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:15.801777 0.069013 udp 10.0.2.109 3683 <-> 78.49.10.237 5245 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:15.871162 0.155479 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:16.027068 0.146711 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:16.174207 0.171570 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:16.346222 0.077064 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:16.423688 0.153271 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:16.577361 0.033241 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:16.610933 0.366885 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:16.978290 0.054672 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:10:17.033401 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 13:10:33.733586 0.074161 tcp 10.0.2.109 51279 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:10:33.808064 0.075290 tcp 10.0.2.109 51280 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:10:33.883691 0.166220 tcp 10.0.2.109 51281 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:10:34.050530 0.171483 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:13:14.577426 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 13:13:21.584501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:13:29.586039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:13:45.589375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:14:17.595272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:20:21.602204 3.000287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 13:20:28.608332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:20:36.609995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:20:52.613140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:21:24.619084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:27:28.625852 3.000812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 13:27:35.632599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:27:43.633676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:27:59.637199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:28:31.643095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:31:48.947419 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 13:31:48.947643 3.003367 tcp 10.0.2.109 51282 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 13:31:57.949452 0.000000 tcp 10.0.2.109 51282 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 13:32:03.949947 0.073131 tcp 10.0.2.109 51283 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:04.023430 0.075918 tcp 10.0.2.109 51284 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:04.099438 0.164266 tcp 10.0.2.109 51285 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:04.280889 3.002289 tcp 10.0.2.109 51286 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 13:32:13.281451 0.000000 tcp 10.0.2.109 51286 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 13:32:19.280618 0.069380 tcp 10.0.2.109 51287 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:19.351274 0.074707 tcp 10.0.2.109 51288 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:19.426318 0.162963 tcp 10.0.2.109 51289 -> 195.113.214.237 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:19.637575 2.997663 tcp 10.0.2.109 51290 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 13:32:28.643616 0.000000 tcp 10.0.2.109 51290 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 13:32:34.633093 0.071789 tcp 10.0.2.109 51291 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:34.705252 0.074386 tcp 10.0.2.109 51292 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:34.779553 0.171137 tcp 10.0.2.109 51293 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:34.975181 3.001574 tcp 10.0.2.109 51294 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 13:32:43.975786 0.000000 tcp 10.0.2.109 51294 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/08 13:32:49.975002 0.071235 tcp 10.0.2.109 51295 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:50.045888 0.077551 tcp 10.0.2.109 51296 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:50.123747 0.165849 tcp 10.0.2.109 51297 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:32:50.345865 2.025212 tcp 10.0.2.109 51298 -> 211.38.175.27 4598 FSPA* 0 0 14 1699 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:34:35.649286 3.001109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 13:34:42.656369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:34:50.657910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:35:06.660681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:35:38.667268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:40:34.403198 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 13:40:34.403430 0.000000 udp 10.0.2.109 3683 -> 186.49.78.131 1314 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 13:40:50.597556 0.072799 tcp 10.0.2.109 51299 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:40:50.670692 0.074226 tcp 10.0.2.109 51300 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:40:50.745097 0.150127 tcp 10.0.2.109 51301 -> 195.113.214.237 443 SRPA* 0 0 32 24083 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:40:50.895814 0.420104 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:40:51.316360 0.000000 udp 10.0.2.109 3683 -> 98.80.199.111 2843 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 13:41:07.270117 0.070546 tcp 10.0.2.109 51302 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:41:07.340920 0.071923 tcp 10.0.2.109 51303 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:41:07.413152 0.155417 tcp 10.0.2.109 51304 -> 195.113.214.237 443 SRPA* 0 0 32 24709 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:41:07.569096 0.131046 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:07.700559 0.155351 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:07.856331 0.137906 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:07.994654 0.046079 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:08.041138 0.480283 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:08.521850 0.063512 udp 10.0.2.109 3683 <-> 2.28.32.229 3796 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:08.585802 0.158829 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:08.744992 0.106687 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:08.852090 0.143968 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:08.996400 0.146737 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:09.143496 0.355284 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:09.499191 0.339614 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:09.839158 0.158736 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:09.998278 0.491755 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:10.490389 0.139657 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:10.630470 0.350243 udp 10.0.2.109 3683 <-> 111.252.171.26 9198 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:10.981113 0.137235 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:11.118799 0.055533 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:11.174816 0.284737 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:11.459961 0.147798 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:11.608117 0.163029 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:11.771508 0.059823 udp 10.0.2.109 3683 <-> 78.49.10.237 5245 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:11.831678 0.255322 udp 10.0.2.109 3683 <-> 189.135.179.217 1728 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:12.087428 0.140495 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:12.228439 0.146483 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:12.375334 0.172326 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:12.548008 0.092753 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:12.641152 0.153408 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:12.795033 0.033012 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:12.828424 0.379836 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:13.208705 0.155243 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:13.364299 0.000000 udp 10.0.2.109 3683 -> 176.73.143.18 9191 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 13:41:31.074337 0.074434 tcp 10.0.2.109 51305 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:41:31.149054 0.068029 tcp 10.0.2.109 51306 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:41:31.217379 0.165892 tcp 10.0.2.109 51307 -> 195.113.214.237 443 SRPA* 0 0 41 23302 flow=From-Botnet-V1-TCP-Established 1970/01/08 13:41:31.383093 0.172600 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/08 13:41:42.672752 3.001478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 13:41:49.680628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:41:57.682124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:42:13.684957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:42:45.691251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:48:49.696257 3.002486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 13:48:56.704453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:49:04.705782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:49:20.709199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:49:52.715132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:55:56.721139 3.001382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 13:56:03.728574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:56:11.729806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:56:27.732972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 13:56:59.738466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:02:52.376798 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 14:02:52.376906 2.097666 tcp 10.0.2.109 51308 -> 211.38.175.27 4598 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:03:03.745422 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 14:03:10.751932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:03:18.753736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:03:34.756567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:04:06.763211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:10:10.769162 3.001246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 14:10:17.775835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:10:25.777533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:10:41.780965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:11:13.786742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:12:00.133418 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 14:12:00.133556 0.188248 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:00.322254 0.000000 udp 10.0.2.109 3683 -> 176.73.143.18 9191 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 14:12:15.597612 0.073737 tcp 10.0.2.109 51309 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:12:15.671603 0.074562 tcp 10.0.2.109 51310 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:12:15.746453 0.155748 tcp 10.0.2.109 51311 -> 195.113.214.237 443 SRPA* 0 0 40 24517 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:12:15.901553 0.419252 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:16.321219 0.170921 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:16.492565 0.179977 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:16.672919 0.135556 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:16.808895 0.787305 udp 10.0.2.109 3683 <-> 2.28.32.229 3796 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:17.596557 0.157273 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:17.754406 0.210980 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:17.965811 0.046800 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:18.013010 0.146723 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:18.160097 0.105816 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:18.266331 0.158129 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:18.424848 0.146705 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:18.572018 0.371189 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:18.943591 0.342695 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:19.286700 0.000000 udp 10.0.2.109 3683 -> 111.252.171.26 9198 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 14:12:34.573660 0.074013 tcp 10.0.2.109 51312 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:12:34.647446 0.111752 tcp 10.0.2.109 51313 -> 195.113.214.237 80 SRPA* 0 0 31 20978 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:12:34.757699 0.137540 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:34.895661 0.772734 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:35.668769 0.284051 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:35.953173 0.148400 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:36.101949 0.163229 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:36.265618 0.062612 udp 10.0.2.109 3683 <-> 78.49.10.237 5245 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:36.328610 0.143173 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:36.472232 0.055314 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:36.527935 0.148346 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:36.676731 0.173105 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:36.850275 0.076596 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:36.927297 0.156001 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:37.083699 0.031667 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:37.115732 0.134736 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:37.250884 0.000000 udp 10.0.2.109 3683 -> 189.135.179.217 1728 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 14:12:55.373652 0.073019 tcp 10.0.2.109 51314 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:12:55.446961 0.074779 tcp 10.0.2.109 51315 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:12:55.522089 0.148426 tcp 10.0.2.109 51316 -> 195.113.214.237 443 SRPA* 0 0 37 27431 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:12:55.670985 0.153514 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:55.824924 0.422660 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:12:56.247980 0.169715 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:17:17.793314 3.001082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 14:17:24.799970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:17:32.802031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:17:48.804328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:18:20.810473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:24:24.817006 3.001688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 14:24:31.824067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:24:39.825665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:24:55.828858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:25:27.834594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:31:31.840867 3.001464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 14:31:38.848336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:31:46.849941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:32:02.852696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:32:34.858855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:32:54.477194 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 14:32:54.477392 1.998802 tcp 10.0.2.109 51317 -> 211.38.175.27 4598 FSPA* 0 0 14 1652 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:38:38.865513 3.000529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 14:38:45.871911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:38:53.873467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:39:09.876653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:39:41.882881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:43:08.790873 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 14:43:08.790973 0.000000 udp 10.0.2.109 3683 -> 111.252.171.26 9198 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 14:43:26.067381 0.075388 tcp 10.0.2.109 51318 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:43:26.143046 0.103262 tcp 10.0.2.109 51319 -> 195.113.214.237 80 SRPA* 0 0 33 21320 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:43:26.246762 0.000000 udp 10.0.2.109 3683 -> 189.135.179.217 1728 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 14:43:42.779195 0.073592 tcp 10.0.2.109 51320 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:43:42.853065 0.073742 tcp 10.0.2.109 51321 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:43:42.927090 0.135650 tcp 10.0.2.109 51322 -> 195.113.214.237 443 SRPA* 0 0 34 25383 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:43:43.063331 0.191231 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:43:43.254982 0.133396 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:43:43.388715 0.170236 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:43:43.559407 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 14:43:59.734017 0.074397 tcp 10.0.2.109 51323 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:43:59.808735 0.074720 tcp 10.0.2.109 51324 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:43:59.883771 0.156569 tcp 10.0.2.109 51325 -> 195.113.214.237 443 SRPA* 0 0 44 35374 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:44:00.041075 0.176986 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:00.218416 0.047436 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:00.266314 0.159299 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:00.425989 0.000000 udp 10.0.2.109 3683 -> 2.28.32.229 3796 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 14:44:17.318884 0.075028 tcp 10.0.2.109 51326 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:44:17.394394 0.074980 tcp 10.0.2.109 51327 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:44:17.469698 0.157039 tcp 10.0.2.109 51328 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:44:17.627229 0.354064 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:17.981683 0.364589 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:18.346656 0.144100 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:18.491171 0.170440 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:18.661963 0.104518 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:18.766818 0.175598 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:18.942797 0.342062 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:19.285243 0.139819 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:19.425455 0.331451 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:19.757319 0.291152 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:20.048862 0.163414 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:20.212672 0.000000 udp 10.0.2.109 3683 -> 78.49.10.237 5245 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 14:44:36.247798 0.073592 tcp 10.0.2.109 51329 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:44:36.321663 0.075302 tcp 10.0.2.109 51330 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:44:36.397235 0.152303 tcp 10.0.2.109 51331 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/08 14:44:36.550158 0.137736 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:36.688279 0.055114 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:36.743718 0.197831 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:36.941989 0.173158 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:37.115563 0.076598 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:37.192551 0.152329 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:37.345301 0.031541 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:37.377208 0.155602 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:37.533207 0.134331 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:37.667977 0.226442 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:37.894809 0.364103 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:44:38.259438 0.172788 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/08 14:45:45.888042 3.002552 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 14:45:52.895836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:46:00.897284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:46:16.900503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:46:48.906952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:52:52.912630 3.001774 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 14:52:59.919639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:53:07.921655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:53:23.924197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:53:55.930509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 14:59:59.937009 3.000844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 15:00:06.943756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:00:14.945567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:00:30.948191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:01:02.954686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:02:56.478571 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 15:02:56.478701 2.037953 tcp 10.0.2.109 51332 -> 211.38.175.27 4598 FSPA* 0 0 15 1600 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:07:06.961127 3.000679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 15:07:13.967827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:07:21.969500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:07:37.972794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:08:09.978378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:14:13.985310 3.000570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 15:14:20.991686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:14:28.993245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:14:42.693708 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 15:14:42.693807 0.421266 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:14:43.115516 0.000000 udp 10.0.2.109 3683 -> 2.28.32.229 3796 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 15:14:44.996793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:14:58.698318 0.074181 tcp 10.0.2.109 51333 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:14:58.772764 0.071244 tcp 10.0.2.109 51334 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:14:58.844287 0.152381 tcp 10.0.2.109 51335 -> 195.113.214.237 443 SRPA* 0 0 22 12880 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:14:58.997158 0.000000 udp 10.0.2.109 3683 -> 78.49.10.237 5245 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 15:15:16.792476 0.070655 tcp 10.0.2.109 51336 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:15:16.863449 0.075578 tcp 10.0.2.109 51337 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:15:16.939376 0.156544 tcp 10.0.2.109 51338 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:15:17.002529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:15:17.096495 0.171766 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:17.268653 0.138120 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:17.407180 0.256995 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:17.664566 0.047699 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:17.712664 0.152945 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:17.866003 0.167876 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:18.034317 0.429633 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:18.464306 0.177998 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:18.642673 0.105663 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:18.748743 0.146378 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:18.895513 0.361254 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:19.257182 0.143022 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:19.400560 1.221170 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:20.622245 0.141192 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:20.763843 0.341773 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:21.106117 0.163430 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:21.269927 0.315635 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:21.585983 0.145314 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:21.731707 0.140582 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:21.872690 0.054606 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:21.927714 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 15:15:37.071742 0.074800 tcp 10.0.2.109 51339 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:15:37.146835 0.070660 tcp 10.0.2.109 51340 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:15:37.217814 0.165108 tcp 10.0.2.109 51341 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:15:37.383499 0.075525 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:37.459437 0.148093 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:37.607931 0.032731 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:37.641027 0.151068 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:37.792489 0.135856 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:37.928758 0.155608 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:38.084770 0.363699 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:15:38.448864 0.173709 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:21:21.008242 3.002168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 15:21:28.016357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:21:36.017469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:21:52.020020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:22:24.026619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:28:28.032908 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 15:28:35.039656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:28:43.041204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:28:59.044555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:29:31.050298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:32:58.519141 0.000194 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 15:32:58.519433 2.054047 tcp 10.0.2.109 51342 -> 211.38.175.27 4598 FSPA* 0 0 14 1503 flow=From-Botnet-V1-TCP-Established 1970/01/08 15:35:35.057163 3.000498 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 15:35:42.063883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:35:50.065246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:36:06.068559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:36:38.074196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:42:42.080825 3.000984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 15:42:49.088037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:42:57.089196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:43:13.092557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:43:45.097962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:45:58.760765 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 15:45:58.760865 0.175484 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:45:58.936771 0.421432 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:45:59.358597 0.248615 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:45:59.607621 0.046701 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:45:59.654697 0.149268 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:45:59.804413 0.176648 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:45:59.981477 0.135000 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:00.116900 0.157325 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:00.274643 0.106034 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:00.381105 0.145969 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:00.527464 0.431619 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:00.959479 0.162809 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:01.122713 0.366140 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:01.489179 0.145410 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:01.635001 0.139677 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:01.775070 0.491570 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:02.266971 0.145528 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:02.412866 0.138893 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:02.552139 0.054293 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:02.606824 0.294827 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:02.902068 0.163497 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:03.065907 0.342632 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:03.408982 0.149034 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:03.558551 0.031532 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:03.590405 0.153333 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:03.744239 0.134624 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:03.879284 0.075871 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:03.955554 1.121115 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:05.077072 0.155250 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:46:05.232720 0.365954 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 15:49:49.104799 3.000997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 15:49:56.111785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:50:04.113462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:50:20.116167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:50:52.122212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:56:56.127759 3.002606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 15:57:03.135878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:57:11.137095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:57:27.140005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 15:57:59.146071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:03:00.580349 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 16:03:00.580435 1.980058 tcp 10.0.2.109 51343 -> 211.38.175.27 4598 FSPA* 0 0 15 1629 flow=From-Botnet-V1-TCP-Established 1970/01/08 16:04:03.153117 3.000660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 16:04:10.160074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:04:18.161263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:04:34.164077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:05:06.170337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:11:10.176866 3.001196 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 16:11:17.183306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:11:25.185014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:11:41.187989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:12:13.194349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:16:30.664419 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 16:16:30.664559 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 16:16:45.768128 0.067080 tcp 10.0.2.109 51344 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 16:16:45.835457 0.070186 tcp 10.0.2.109 51345 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 16:16:45.905471 0.157116 tcp 10.0.2.109 51346 -> 195.113.214.237 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/08 16:16:46.061629 0.047276 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:46.109409 0.157927 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:46.267736 0.163578 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:46.431703 0.419363 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:46.851451 0.189908 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:47.041776 0.133884 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:47.176103 0.170832 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:47.347348 0.105974 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:47.453685 0.147760 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:47.601847 0.201614 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:47.803895 0.143412 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:47.947692 0.140628 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:48.088754 0.171033 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:48.260216 0.370866 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:48.631477 1.511679 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:50.143551 0.146239 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:50.290181 0.138108 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:50.428724 0.056267 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:50.485344 0.308026 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:50.793729 0.246513 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:51.040624 0.343598 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:51.384666 0.152373 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:51.537397 0.031525 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:51.569278 0.152825 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:51.722465 0.135538 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:51.858557 0.075117 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:51.934070 0.365925 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:52.300405 0.171241 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:16:52.471997 0.156988 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:18:17.200594 3.001248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 16:18:24.207522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:18:32.209238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:18:48.212164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:19:20.217809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:25:24.224614 3.001238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 16:25:31.231717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:25:39.232911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:25:55.235912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:26:27.242207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:32:31.248277 3.002265 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 16:32:38.255422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:32:46.256656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:33:02.259866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:33:02.561498 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 16:33:02.561595 2.242328 tcp 10.0.2.109 51347 -> 211.38.175.27 4598 FSPA* 0 0 15 1769 flow=From-Botnet-V1-TCP-Established 1970/01/08 16:33:34.265789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:39:38.272306 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 16:39:45.279430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:39:53.280642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:40:09.283913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:40:41.289953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:46:45.296394 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 16:46:52.303845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:46:53.525762 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 16:46:53.525871 0.181532 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:53.708041 0.174353 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:53.882785 0.421280 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:54.304601 0.045334 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:54.350389 0.171060 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:54.521831 0.271992 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:54.794197 0.136135 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:54.930724 0.198245 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:55.129416 0.104525 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:55.234375 0.145712 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:55.380487 0.364110 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:55.744959 0.144389 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:55.889760 0.364571 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:56.254724 0.144650 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:56.399704 0.159388 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:56.559528 0.378853 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:56.938820 0.146346 udp 10.0.2.109 3683 <-> 75.18.91.137 3472 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:57.085532 0.151472 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:57.237433 0.053346 udp 10.0.2.109 3683 <-> 176.73.170.67 9920 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:57.291167 0.285079 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:46:57.576586 0.000000 udp 10.0.2.109 3683 -> 108.239.148.207 9611 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 16:47:00.304586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:47:16.307835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:47:16.360062 0.074857 tcp 10.0.2.109 51348 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 16:47:16.435188 0.105251 tcp 10.0.2.109 51349 -> 195.113.214.237 80 SRPA* 0 0 20 14722 flow=From-Botnet-V1-TCP-Established 1970/01/08 16:47:16.540997 0.340912 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:47:16.882285 0.148787 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:47:17.031480 0.031386 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:47:17.063242 0.154018 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:47:17.217688 0.136092 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:47:17.354146 0.077777 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:47:17.432321 0.153644 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:47:17.586536 0.363310 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:47:17.950277 0.170359 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/08 16:47:48.313948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:53:52.320535 3.000966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 16:53:59.327568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:54:07.328792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:54:23.331703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 16:54:55.337659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:00:59.343525 3.002340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 17:01:06.351114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:01:14.352954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:01:30.356136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:02:02.361576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:03:04.812520 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 17:03:04.812741 1.967311 tcp 10.0.2.109 51350 -> 211.38.175.27 4598 FSPA* 0 0 14 1657 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:08:06.368766 3.000754 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 17:08:13.375128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:08:21.377059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:08:37.379894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:09:09.385696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:15:13.391941 3.001284 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 17:15:20.399414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:15:28.400624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:15:44.403493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:16:16.409989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:17:43.845823 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 17:17:43.846046 0.000000 udp 10.0.2.109 3683 -> 108.239.148.207 9611 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 17:18:01.543337 0.070100 tcp 10.0.2.109 51351 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:01.613692 0.070780 tcp 10.0.2.109 51352 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:01.684773 0.137510 tcp 10.0.2.109 51353 -> 195.113.214.237 443 SRPA* 0 0 27 11692 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:01.821074 0.173961 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:01.995389 0.178655 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:02.174394 0.160258 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:02.335062 0.336352 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:02.671810 0.138242 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:02.810459 0.420307 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:03.231153 0.042460 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:03.274006 0.149245 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:03.423683 0.253019 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:03.677125 0.141697 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:03.819266 0.106074 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:03.925772 0.181920 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:04.108085 0.184973 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:04.293407 0.289567 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:04.583397 0.154732 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:04.738518 0.377695 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:05.116635 0.000000 udp 10.0.2.109 3683 -> 190.129.24.18 2215 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 17:18:22.040977 0.069905 tcp 10.0.2.109 51354 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:22.111171 0.074700 tcp 10.0.2.109 51355 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:22.186233 0.137103 tcp 10.0.2.109 51356 -> 195.113.214.237 443 SRPA* 0 0 35 19576 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:22.321836 0.000000 udp 10.0.2.109 3683 -> 75.18.91.137 3472 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 17:18:40.137012 0.073195 tcp 10.0.2.109 51357 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:40.210559 0.070218 tcp 10.0.2.109 51358 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:40.281039 0.152796 tcp 10.0.2.109 51359 -> 195.113.214.237 443 SRPA* 0 0 35 18600 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:40.434616 0.148977 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:40.583979 0.000000 udp 10.0.2.109 3683 -> 176.73.170.67 9920 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 17:18:57.221249 0.070172 tcp 10.0.2.109 51360 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:57.291719 0.075313 tcp 10.0.2.109 51361 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:57.367408 0.149931 tcp 10.0.2.109 51362 -> 195.113.214.237 443 SRPA* 0 0 32 17642 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:18:57.517933 0.354821 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:57.873188 0.152565 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:58.026323 0.031618 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:58.058304 0.155289 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:58.213993 0.134706 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:58.349130 0.076492 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:58.426025 0.155611 udp 10.0.2.109 3683 <-> 99.20.19.194 8624 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:58.581974 0.371566 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:18:58.953936 0.687162 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:22:20.415887 3.001706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 17:22:27.423622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:22:35.424436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:22:51.428212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:23:23.434174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:29:27.440280 3.001577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 17:29:34.447384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:29:42.449061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:29:58.451661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:30:30.457494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:33:06.783513 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 17:33:06.783620 2.008309 tcp 10.0.2.109 51363 -> 211.38.175.27 4598 FSPA* 0 0 15 1791 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:36:34.464341 3.001313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 17:36:41.470929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:36:49.472796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:37:05.475535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:37:37.481500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:43:41.488442 3.001052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 17:43:48.495385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:43:56.496723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:44:12.499972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:44:44.505714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:49:23.627764 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 17:49:23.627888 0.000000 udp 10.0.2.109 3683 -> 176.73.170.67 9920 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 17:49:42.315782 0.046691 tcp 10.0.2.109 51364 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:49:42.362796 0.048886 tcp 10.0.2.109 51365 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:49:42.411980 0.156858 tcp 10.0.2.109 51366 -> 195.113.214.237 443 SRPA* 0 0 21 11346 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:49:42.569487 0.000000 udp 10.0.2.109 3683 -> 75.18.91.137 3472 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 17:49:59.929922 0.061010 tcp 10.0.2.109 51367 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:49:59.991273 0.045872 tcp 10.0.2.109 51368 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:50:00.037429 0.138824 tcp 10.0.2.109 51369 -> 195.113.214.237 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:50:00.176863 0.000000 udp 10.0.2.109 3683 -> 190.129.24.18 2215 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 17:50:18.796616 0.061352 tcp 10.0.2.109 51370 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:50:18.858403 0.065286 tcp 10.0.2.109 51371 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:50:18.924000 0.134815 tcp 10.0.2.109 51372 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:50:19.059318 0.171612 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:19.231298 0.135142 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:19.366777 0.180401 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:19.547654 0.186834 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:19.734913 0.150287 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:19.885605 0.105433 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:19.991426 0.145383 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:20.137207 0.420448 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:20.558009 0.199477 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:20.757899 0.148806 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:20.907042 0.042605 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:20.950039 2.280288 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:23.230670 0.157454 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:23.388519 0.195956 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:23.584830 0.139686 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:23.724865 0.363723 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:24.088929 0.140378 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:24.229739 0.342663 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:24.572808 0.153768 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:24.727001 0.032725 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:24.760112 0.156397 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:24.916884 0.137081 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:25.054414 0.075584 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:25.130348 0.000000 udp 10.0.2.109 3683 -> 99.20.19.194 8624 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 17:50:44.113712 0.044145 tcp 10.0.2.109 51373 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:50:44.158148 0.063352 tcp 10.0.2.109 51374 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:50:44.221727 0.134504 tcp 10.0.2.109 51375 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/08 17:50:44.356798 0.376881 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:44.734055 0.176430 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/08 17:50:48.511531 3.002196 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 17:50:55.518915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:51:03.520947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:51:19.523472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:51:51.529633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:57:55.535099 3.002533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 17:58:02.543003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:58:10.544538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:58:26.547677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 17:58:58.553469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:03:08.794084 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:03:08.794302 2.081833 tcp 10.0.2.109 51376 -> 211.38.175.27 4598 FSPA* 0 0 14 1654 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:05:02.559934 3.001549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 18:05:09.567327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:05:17.568382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:05:33.571924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:06:05.577778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:12:09.584081 3.001018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 18:12:16.590692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:12:24.592680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:12:40.595731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:13:12.601778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:19:16.607075 3.001796 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 18:19:23.614824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:19:31.696572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:19:47.699455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:20:19.705904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:21:04.420231 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:21:04.420338 0.000000 udp 10.0.2.109 3683 -> 99.20.19.194 8624 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:21:19.943809 0.045321 tcp 10.0.2.109 51377 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:21:19.989482 0.047848 tcp 10.0.2.109 51378 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:21:20.037639 0.153967 tcp 10.0.2.109 51379 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:21:20.192214 0.138433 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:20.331069 0.176034 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:20.507532 0.188093 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:20.695980 0.153955 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:20.850500 0.104508 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:20.955402 0.211543 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:21.167350 0.141027 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:21.308719 0.146405 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:21.455556 0.060604 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:21.516582 0.212308 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:21.729324 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:21:39.500869 0.042244 tcp 10.0.2.109 51380 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:21:39.543425 0.066084 tcp 10.0.2.109 51381 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:21:39.609794 0.142020 tcp 10.0.2.109 51382 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:21:39.752464 0.161008 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:39.913871 0.144245 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:40.058538 0.280361 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:40.339393 0.169658 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:40.509456 0.340063 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:40.849954 0.157379 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:41.007704 0.032968 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:41.041060 0.152052 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:41.193520 0.360371 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:41.554336 0.147928 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:41.702703 0.136078 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:41.839159 0.074816 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:41.914378 0.368234 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:21:42.282971 0.171958 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:26:23.711748 3.001716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 18:26:30.718699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:26:38.720743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:26:54.723629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:27:26.729756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:33:10.904807 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:33:10.904964 2.054148 tcp 10.0.2.109 51383 -> 211.38.175.27 4598 FSPA* 0 0 14 1705 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:33:30.735866 3.001053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 18:33:37.743341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:33:45.744457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:34:01.747763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:34:33.753874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:40:37.760830 3.000685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 18:40:44.767143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:40:52.768816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:41:08.771177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:41:40.777722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:47:44.784207 3.000977 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 18:47:51.791095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:47:59.792557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:48:15.796279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:48:47.801582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:52:06.096830 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:52:06.096937 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:52:21.690933 0.042417 tcp 10.0.2.109 51384 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:52:21.733737 0.042288 tcp 10.0.2.109 51385 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:52:21.776386 0.131240 tcp 10.0.2.109 51386 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/08 18:52:21.908209 4.859066 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 4 1272 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:22.111490 4.802922 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 4 1036 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:22.259575 4.764434 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 4 1006 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:22.364966 4.799161 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 4 1274 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:22.502940 4.817864 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 4 946 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:22.659071 4.807494 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 4 1025 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:22.805940 4.713150 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 4 1085 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:22.849667 0.359962 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:23.209991 4.477517 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 4 1068 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:23.382283 4.452892 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 4 1160 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:23.526331 4.515328 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 4 1267 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:23.711857 4.483534 udp 10.0.2.109 3683 <-> 70.30.175.164 8866 CON 0 0 4 1234 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:23.855997 4.772199 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 3 649 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:24.430207 4.680743 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 4 1255 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:24.597207 4.858170 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 4 1124 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:24.939993 4.669070 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 4 1028 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:25.099146 4.543787 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 4 1172 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:25.132663 4.652011 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 4 983 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:25.272138 4.649466 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 4 1358 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:25.408511 4.592347 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 4 1102 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:25.484762 4.674096 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 4 1132 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:25.638669 4.885715 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 4 1158 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:26.003584 4.692016 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 3 568 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:26.373642 4.321339 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 4 1201 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:28.195982 0.431644 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 811 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:52:28.951831 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 546 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:52:31.071059 0.000000 udp 10.0.2.109 3683 <- 117.194.69.54 2059 RSP 0 0 1 546 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:52:31.071673 0.000000 udp 10.0.2.109 3683 -> 171.98.1.50 1366 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:52:37.531914 0.000000 udp 10.0.2.109 3683 -> 94.82.127.33 3127 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:52:44.621879 0.000000 udp 10.0.2.109 3683 -> 140.254.19.192 5650 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:52:51.792414 0.000000 udp 10.0.2.109 3683 -> 213.120.117.127 9349 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:52:59.253468 0.000000 udp 10.0.2.109 3683 -> 96.56.118.106 4157 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:53:07.425026 0.000000 udp 10.0.2.109 3683 -> 69.198.6.243 2848 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:53:12.401921 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:53:16.077474 0.000000 udp 10.0.2.109 3683 -> 75.81.216.225 2538 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:53:23.838950 0.000000 udp 10.0.2.109 3683 -> 87.29.121.158 9059 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:53:30.418157 0.000000 udp 10.0.2.109 3683 -> 190.129.24.18 2215 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:53:37.518557 0.000000 udp 10.0.2.109 3683 -> 66.212.108.34 7247 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:53:44.388096 0.000000 udp 10.0.2.109 3683 -> 62.153.9.223 3193 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:53:50.236119 0.000000 udp 10.0.2.109 3683 -> 110.33.237.212 7633 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:53:58.287965 0.000000 udp 10.0.2.109 3683 -> 171.98.109.210 9224 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:54:02.904499 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:54:04.096585 0.000000 udp 10.0.2.109 3683 -> 108.239.148.207 9611 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:54:12.077936 0.000000 udp 10.0.2.109 3683 -> 113.79.237.36 7622 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:54:20.109135 0.000000 udp 10.0.2.109 3683 -> 201.233.121.162 1568 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:54:25.396926 0.000000 udp 10.0.2.109 3683 -> 76.2.109.126 2990 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:54:31.786185 0.000000 udp 10.0.2.109 3683 -> 151.84.225.80 5264 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:54:38.205634 0.000000 udp 10.0.2.109 3683 -> 2.90.25.173 5987 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:54:44.334441 0.000000 udp 10.0.2.109 3683 -> 24.33.151.168 2815 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:54:48.910740 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:54:50.843914 0.000000 udp 10.0.2.109 3683 -> 97.65.32.154 2892 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:54:51.807843 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 18:54:58.815156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:54:58.945621 0.000000 udp 10.0.2.109 3683 -> 72.149.234.178 2195 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:55:05.474848 0.232308 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:55:05.718401 1.953851 udp 10.0.2.109 3683 <-> 99.56.217.101 7727 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:55:06.816316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:55:07.684033 0.000000 udp 10.0.2.109 3683 -> 76.29.144.67 1908 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:55:15.519056 0.355492 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:55:15.886534 0.000000 udp 10.0.2.109 3683 -> 109.40.139.62 1676 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:55:22.459012 0.000000 udp 10.0.2.109 3683 -> 180.173.38.109 5188 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:55:22.819392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:55:29.819533 0.386967 udp 10.0.2.109 3683 <-> 27.194.28.135 7702 CON 0 0 2 769 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:55:30.217000 0.000000 udp 10.0.2.109 3683 -> 95.137.139.228 8630 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:55:34.405690 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:55:35.397940 0.000000 udp 10.0.2.109 3683 -> 190.203.210.109 2418 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:55:41.286313 0.000000 udp 10.0.2.109 3683 -> 108.69.2.137 4983 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:55:47.564983 0.000000 udp 10.0.2.109 3683 -> 98.174.255.195 9532 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:55:54.825254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 18:55:56.437975 0.000000 udp 10.0.2.109 3683 -> 68.38.97.135 5587 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:56:03.919047 0.000000 udp 10.0.2.109 3683 -> 213.123.237.210 4919 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:56:10.778199 0.000000 udp 10.0.2.109 3683 -> 176.205.125.214 1548 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:56:18.709780 0.000000 udp 10.0.2.109 3683 -> 95.226.138.116 7311 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:56:23.406577 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:56:25.569793 0.000000 udp 10.0.2.109 3683 -> 99.179.53.156 8355 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:56:31.658310 0.147006 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:56:31.814860 0.000000 udp 10.0.2.109 3683 -> 121.6.35.252 1680 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:56:36.816285 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:56:42.634687 0.178200 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:56:42.822581 0.222827 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:56:43.064528 0.299514 udp 10.0.2.109 3683 <-> 220.86.55.79 5971 CON 0 0 2 724 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:56:43.373818 0.000000 udp 10.0.2.109 3683 -> 58.250.24.97 9561 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:56:49.985315 0.000000 udp 10.0.2.109 3683 -> 210.193.57.55 1751 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:56:56.374384 0.000000 udp 10.0.2.109 3683 -> 80.184.19.7 1489 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:57:05.086731 0.068732 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:57:05.169398 0.000000 udp 10.0.2.109 3683 -> 12.131.150.34 2809 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:57:09.903568 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:57:13.318166 0.000000 udp 10.0.2.109 3683 -> 220.255.188.134 5347 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:57:19.116684 0.000000 udp 10.0.2.109 3683 -> 209.166.114.164 1246 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:57:27.679335 0.000000 udp 10.0.2.109 3683 -> 37.206.148.113 9558 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:57:34.999840 0.000000 udp 10.0.2.109 3683 -> 89.73.233.126 5230 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:57:43.421983 0.000000 udp 10.0.2.109 3683 -> 113.207.190.35 1399 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:57:50.581971 0.000000 udp 10.0.2.109 3683 -> 82.106.107.14 9499 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:57:55.408606 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:57:56.700992 0.000000 udp 10.0.2.109 3683 -> 175.143.18.237 2357 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:58:03.971111 0.000000 udp 10.0.2.109 3683 -> 88.44.122.130 6399 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:58:11.772468 0.000000 udp 10.0.2.109 3683 -> 85.18.99.90 6943 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:58:18.812894 0.000000 udp 10.0.2.109 3683 -> 66.229.9.18 5526 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:58:26.713769 0.000000 udp 10.0.2.109 3683 -> 79.0.24.242 5233 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:58:34.495518 0.000000 udp 10.0.2.109 3683 -> 220.128.143.103 9770 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:58:42.907107 0.000000 udp 10.0.2.109 3683 -> 12.49.179.175 9749 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:58:47.903910 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:58:51.519438 0.098038 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:58:51.632479 0.000000 udp 10.0.2.109 3683 -> 37.44.116.57 3480 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:59:00.342287 0.000000 udp 10.0.2.109 3683 -> 77.71.187.151 5284 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:59:07.392891 0.000000 udp 10.0.2.109 3683 -> 173.160.77.169 4200 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:59:13.661780 0.000000 udp 10.0.2.109 3683 -> 97.68.84.109 3568 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:59:20.691769 0.000000 udp 10.0.2.109 3683 -> 190.222.243.193 9370 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:59:26.740208 0.000000 udp 10.0.2.109 3683 -> 59.189.24.185 3202 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:59:32.698798 0.000000 udp 10.0.2.109 3683 -> 216.188.225.44 2129 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:59:37.405172 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 18:59:41.501413 0.000000 udp 10.0.2.109 3683 -> 95.241.51.188 2760 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:59:47.330250 0.376220 udp 10.0.2.109 3683 <-> 58.8.191.91 6728 CON 0 0 2 845 flow=From-Botnet-V1-UDP-Established 1970/01/08 18:59:48.559957 0.000000 udp 10.0.2.109 3683 -> 173.9.180.222 8263 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 18:59:56.082490 0.000000 udp 10.0.2.109 3683 -> 162.196.230.177 7526 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:00:02.211220 0.000000 udp 10.0.2.109 3683 -> 122.116.39.232 1139 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:00:08.620355 0.360252 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:00:08.996117 0.072410 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 698 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:00:09.091097 3.602985 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:00:12.979894 0.175304 udp 10.0.2.109 3683 <-> 99.0.127.36 1633 CON 0 0 2 782 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:00:13.178269 0.000000 udp 10.0.2.109 3683 -> 65.181.60.122 6772 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:00:19.806742 0.000000 udp 10.0.2.109 3683 -> 82.107.250.90 4423 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:00:24.403312 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 19:00:27.427839 0.000000 udp 10.0.2.109 3683 -> 99.118.122.86 1024 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:00:36.390452 0.000000 udp 10.0.2.109 3683 -> 82.29.206.98 3359 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:00:44.652154 0.000000 udp 10.0.2.109 3683 -> 192.226.145.137 1865 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:00:50.650633 0.000000 udp 10.0.2.109 3683 -> 108.216.86.175 2287 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:00:55.918695 0.000000 udp 10.0.2.109 3683 -> 109.192.150.168 4422 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:02.738296 0.000000 udp 10.0.2.109 3683 -> 70.183.174.168 5598 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:08.546528 0.000000 udp 10.0.2.109 3683 -> 124.45.104.1 3569 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:13.403511 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 19:01:13.624345 0.000000 udp 10.0.2.109 3683 -> 79.39.94.153 2471 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:19.291988 0.000000 udp 10.0.2.109 3683 -> 218.107.208.100 3718 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:28.164735 0.000000 udp 10.0.2.109 3683 -> 202.77.120.68 3712 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:36.596834 0.000000 udp 10.0.2.109 3683 -> 81.130.59.209 9451 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:42.895947 0.000000 udp 10.0.2.109 3683 -> 91.60.96.119 5240 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:49.766241 0.000000 udp 10.0.2.109 3683 -> 87.6.88.67 6306 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:56.625622 0.000000 udp 10.0.2.109 3683 -> 95.228.186.242 4280 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:01:58.832212 3.001215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 19:02:01.402601 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 19:02:02.584517 0.000000 udp 10.0.2.109 3683 -> 197.87.163.248 8688 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:02:05.839257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:02:09.163938 0.000000 udp 10.0.2.109 3683 -> 121.6.244.198 4874 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:02:13.840434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:02:16.373995 0.000000 udp 10.0.2.109 3683 -> 36.224.214.242 4193 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:02:24.155385 0.000000 udp 10.0.2.109 3683 -> 69.246.54.0 7970 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:02:29.843403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:02:31.436033 0.000000 udp 10.0.2.109 3683 -> 202.29.192.179 4802 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:03:01.849300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:03:12.965992 0.000226 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 19:03:12.966392 1.985186 tcp 10.0.2.109 51387 -> 211.38.175.27 4598 FSPA* 0 0 14 1630 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:09:05.855734 3.001361 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 19:09:12.862918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:09:20.864166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:09:36.867673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:10:08.873583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:16:12.879916 3.001154 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 19:16:19.887115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:16:27.887988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:16:43.891152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:17:16.388189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:23:20.393504 3.002145 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 19:23:27.401595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:23:35.402651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:23:51.405971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:24:23.412097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:30:27.418673 3.000681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 19:30:34.425317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:30:42.427106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:30:58.430017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:31:30.436171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:32:49.370180 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 19:32:49.370319 0.148958 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:49.519733 0.105242 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:49.625402 0.187146 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:49.812921 0.132005 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:49.945392 0.134307 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:50.080041 0.146450 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:50.226911 0.046505 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:50.273868 0.172032 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:50.446342 0.145824 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:50.592525 0.157273 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:32:50.750223 0.000000 udp 10.0.2.109 3683 -> 70.30.175.164 8866 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:33:08.729464 0.045943 tcp 10.0.2.109 51388 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:08.775671 0.046856 tcp 10.0.2.109 51389 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:08.822793 0.134350 tcp 10.0.2.109 51390 -> 195.113.214.237 443 SRPA* 0 0 20 11290 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:08.957688 0.255687 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:09.213768 0.838819 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:10.052998 0.158082 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:10.211479 0.340859 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:10.552841 0.156046 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:10.709248 0.032846 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:10.742483 0.138977 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:10.881831 0.000000 udp 10.0.2.109 3683 -> 4.31.203.2 6291 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:33:15.197036 2.052652 tcp 10.0.2.109 51391 -> 211.38.175.27 4598 FSPA* 0 0 15 1564 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:27.965857 0.045669 tcp 10.0.2.109 51392 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:28.011877 0.047278 tcp 10.0.2.109 51393 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:28.059513 0.140348 tcp 10.0.2.109 51394 -> 195.113.214.237 443 SRPA* 0 0 21 11368 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:28.200441 0.075381 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:28.276220 0.363326 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:28.639880 1.228704 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:29.868921 0.151754 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:30.021088 0.364932 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:30.386372 0.229760 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:30.616478 0.000000 udp 10.0.2.109 3683 -> 99.56.217.101 7727 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:33:48.705835 0.045915 tcp 10.0.2.109 51395 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:48.751580 0.046866 tcp 10.0.2.109 51396 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:48.798761 0.134240 tcp 10.0.2.109 51397 -> 195.113.214.237 443 SRPA* 0 0 21 11346 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:33:48.933568 0.314446 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:49.248422 0.386357 udp 10.0.2.109 3683 <-> 27.194.28.135 7702 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:49.635164 0.138548 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:49.774132 0.177654 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:49.952124 0.298854 udp 10.0.2.109 3683 <-> 220.86.55.79 5971 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:50.251353 0.218922 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:50.470672 0.061429 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:50.532493 0.085942 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:50.618786 0.251348 udp 10.0.2.109 3683 <-> 58.8.191.91 6728 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:33:50.870569 0.000000 udp 10.0.2.109 3683 -> 60.190.149.254 6178 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:34:08.463509 0.045800 tcp 10.0.2.109 51398 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:34:08.509598 0.081312 tcp 10.0.2.109 51399 -> 195.113.214.237 80 SRPA* 0 0 19 14733 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:34:08.591400 0.125784 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:34:08.717602 0.218499 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/08 19:34:08.936540 0.000000 udp 10.0.2.109 3683 -> 99.0.127.36 1633 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 19:34:24.937705 0.045091 tcp 10.0.2.109 51400 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:34:24.983069 0.080007 tcp 10.0.2.109 51401 -> 195.113.214.237 80 SRPA* 0 0 20 14742 flow=From-Botnet-V1-TCP-Established 1970/01/08 19:37:34.442625 3.000686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 19:37:41.449273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:37:49.451162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:38:05.453937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:38:37.460015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:44:41.466334 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 19:44:48.473092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:44:56.474951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:45:12.478179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:45:44.483758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:51:48.490963 3.000314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 19:51:55.497390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:52:03.498652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:52:19.501799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:52:51.507701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:58:55.515568 3.000869 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 19:59:02.521277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:59:10.523163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:59:26.525582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 19:59:58.531808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:03:17.258394 0.000194 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 20:03:17.258703 2.044675 tcp 10.0.2.109 51402 -> 211.38.175.27 4598 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:04:37.092572 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 20:04:37.092786 0.000000 udp 10.0.2.109 3683 -> 70.30.175.164 8866 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 20:04:55.180473 0.074100 tcp 10.0.2.109 51403 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:04:55.254828 0.069523 tcp 10.0.2.109 51404 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:04:55.324671 0.129386 tcp 10.0.2.109 51405 -> 195.113.214.237 443 SRPA* 0 0 23 13808 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:04:55.454553 0.136021 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:04:55.590983 0.000000 udp 10.0.2.109 3683 -> 99.56.217.101 7727 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 20:05:13.304951 0.073583 tcp 10.0.2.109 51406 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:05:13.378844 0.101786 tcp 10.0.2.109 51407 -> 195.113.214.237 80 SRPA* 0 0 20 13507 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:05:13.481131 0.453168 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:13.934632 0.000000 udp 10.0.2.109 3683 -> 99.0.127.36 1633 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 20:05:29.518915 0.074058 tcp 10.0.2.109 51408 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:05:29.593253 0.067900 tcp 10.0.2.109 51409 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:05:29.661460 0.130122 tcp 10.0.2.109 51410 -> 195.113.214.237 443 SRPA* 0 0 21 11368 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:05:29.792079 0.189862 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:29.982497 0.103976 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:30.086907 0.173738 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:30.261052 0.147230 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:30.408722 0.160485 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:30.569628 0.173788 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:30.743833 0.135863 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:30.880125 0.145485 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:31.026212 0.044729 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:31.071326 0.161010 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:31.232832 0.194202 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:31.427431 0.141046 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:31.568924 0.159509 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:31.728784 0.386746 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:32.115937 0.153161 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:32.269536 0.033213 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:32.303081 0.342861 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:32.646408 0.076572 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:32.723369 0.371408 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:33.095145 1.103024 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:34.198589 0.230087 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:34.429010 0.369211 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:34.798646 0.152746 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:34.951830 0.299574 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:35.251765 0.385347 udp 10.0.2.109 3683 <-> 27.194.28.135 7702 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:35.637457 0.142572 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:35.780602 0.084355 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:35.865378 0.254639 udp 10.0.2.109 3683 <-> 58.8.191.91 6728 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:36.120395 0.298936 udp 10.0.2.109 3683 <-> 220.86.55.79 5971 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:36.419728 0.176407 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:36.596538 0.222755 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:36.819707 0.064256 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:36.884402 0.067197 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:05:36.951987 0.221898 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:06:02.538437 3.001256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 20:06:09.544935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:06:17.546454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:06:33.550058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:07:05.555898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:13:09.561552 3.001674 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 20:13:16.569439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:13:24.571021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:13:40.573921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:14:12.579871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:20:16.586470 3.001286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 20:20:23.593089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:20:31.594801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:20:47.598281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:21:19.603905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:27:23.610531 3.000967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 20:27:30.617068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:27:38.618897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:27:54.621879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:28:26.627509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:33:19.309149 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 20:33:19.309250 1.962089 tcp 10.0.2.109 51411 -> 211.38.175.27 4598 FSPA* 0 0 12 1591 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:34:30.633815 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 20:34:37.641100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:34:45.642675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:35:01.645539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:35:33.651634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:35:46.059989 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 20:35:46.060102 0.000000 udp 10.0.2.109 3683 -> 4.31.203.2 6291 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 20:36:03.176020 0.068161 tcp 10.0.2.109 51412 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:36:03.244477 0.074719 tcp 10.0.2.109 51413 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:36:03.319538 0.135849 tcp 10.0.2.109 51414 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:36:03.455994 0.359597 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:03.815964 0.189118 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:04.005487 0.106949 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:04.112915 0.147779 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:04.261106 0.145944 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:04.407405 0.159642 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:04.567504 0.171625 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:04.739509 0.138969 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:04.878898 0.203475 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:05.082798 0.261532 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:05.344756 0.145862 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:05.491025 0.180354 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:05.671773 0.147130 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:05.819285 0.047440 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:05.867142 0.589549 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:06.457102 0.147924 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:06.605374 0.033022 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:06.638801 0.342754 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:06.982026 0.076812 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:07.059205 0.382909 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:07.442474 0.372761 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:07.815634 0.172815 udp 10.0.2.109 3683 <-> 99.36.126.28 5085 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:07.988841 0.230793 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:08.220036 0.154899 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:08.375289 0.282398 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:08.658270 0.000000 udp 10.0.2.109 3683 -> 27.194.28.135 7702 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 20:36:27.590239 0.069911 tcp 10.0.2.109 51415 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:36:27.660450 0.072122 tcp 10.0.2.109 51416 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:36:27.732933 0.137002 tcp 10.0.2.109 51417 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/08 20:36:27.870780 0.141654 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:28.012911 0.089718 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:28.102947 0.174864 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:28.278406 0.219858 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:28.498680 0.060408 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:28.559477 0.252479 udp 10.0.2.109 3683 <-> 58.8.191.91 6728 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:28.812307 0.299838 udp 10.0.2.109 3683 <-> 220.86.55.79 5971 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:29.112516 0.323048 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:36:29.435927 0.990884 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/08 20:41:37.657940 3.001523 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 20:41:44.665253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:41:52.666436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:42:08.669637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:42:40.675816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:48:44.682510 3.000777 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 20:48:51.689267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:48:59.690898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:49:15.693622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:49:47.699596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:55:51.705074 3.002030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 20:55:58.713584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:56:06.715255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:56:22.718010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 20:56:54.723710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:02:58.729359 3.001781 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 21:03:05.737164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:03:13.738640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:03:21.280361 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 21:03:21.280467 1.998693 tcp 10.0.2.109 51418 -> 211.38.175.27 4598 FSPA* 0 0 14 1580 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:03:29.741622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:04:01.747989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:06:51.582675 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 21:06:51.582912 0.136106 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:06:51.719481 0.000000 udp 10.0.2.109 3683 -> 27.194.28.135 7702 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 21:07:07.437000 0.071405 tcp 10.0.2.109 51419 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:07:07.508725 0.075238 tcp 10.0.2.109 51420 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:07:07.584233 0.134521 tcp 10.0.2.109 51421 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:07:07.719439 0.334680 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:08.054531 0.104319 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:08.159250 0.148511 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:08.308156 0.145812 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:08.454468 0.185134 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:08.640033 0.204638 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:08.845087 0.136802 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:08.982459 0.188231 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:09.171068 0.162070 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:09.333560 0.165396 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:09.499284 0.144672 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:09.644380 0.047081 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:09.691903 0.139890 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:09.832137 0.268160 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:10.100699 0.033003 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:10.134203 0.151688 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:10.286346 1.678794 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:11.965483 0.429792 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:12.395672 0.077008 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:12.473049 0.343789 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:12.817227 0.368579 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:13.186231 0.194794 udp 10.0.2.109 3683 <-> 190.150.34.243 8421 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:13.381444 0.000000 udp 10.0.2.109 3683 -> 99.36.126.28 5085 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 21:07:29.726972 0.075362 tcp 10.0.2.109 51422 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:07:29.802651 0.108773 tcp 10.0.2.109 51423 -> 195.113.214.237 80 SRPA* 0 0 19 14716 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:07:29.911917 0.233119 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:30.145441 0.154533 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:30.300314 0.138308 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:30.439032 0.086318 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:30.525752 0.177021 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:30.703182 0.221462 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:30.925056 0.063560 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:30.989000 0.282155 udp 10.0.2.109 3683 <-> 58.8.191.91 6728 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:31.271562 0.299293 udp 10.0.2.109 3683 <-> 220.86.55.79 5971 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:31.571189 0.121043 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:07:31.692631 0.000000 udp 10.0.2.109 3683 -> 108.240.98.227 5054 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 21:07:47.522558 0.073893 tcp 10.0.2.109 51424 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:07:47.596839 0.107004 tcp 10.0.2.109 51425 -> 195.113.214.237 80 SRPA* 0 0 33 21972 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:10:05.754232 3.000626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 21:10:12.761194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:10:20.762274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:10:36.765572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:11:08.771186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:17:12.778178 3.000853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 21:17:19.784893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:17:27.786698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:17:43.789747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:18:15.795448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:24:19.801427 3.002020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 21:24:26.809144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:24:34.810538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:24:50.813048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:25:22.819362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:31:26.825789 3.001705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 21:31:33.832646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:31:41.834627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:31:57.837668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:32:29.843274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:33:23.280623 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 21:33:23.280725 1.992171 tcp 10.0.2.109 51426 -> 211.38.175.27 4598 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:37:51.385930 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 21:37:51.386035 0.000000 udp 10.0.2.109 3683 -> 99.36.126.28 5085 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 21:38:08.021589 0.075435 tcp 10.0.2.109 51427 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:38:08.097294 0.115215 tcp 10.0.2.109 51428 -> 195.113.214.237 80 SRPA* 0 0 18 13413 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:38:08.213057 0.226410 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:08.439861 0.134860 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:08.575103 0.173332 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:08.748824 0.144495 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:08.893753 0.160560 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:09.054684 0.171379 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:09.226470 0.104887 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:09.331798 0.375798 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:09.707997 0.170351 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:09.878709 0.146523 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:10.025639 0.188849 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:10.214882 0.139720 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:10.355034 0.136919 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:10.492361 0.044962 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:10.537713 0.188435 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:10.726544 0.278135 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:11.005091 0.033104 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:11.038625 0.150147 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:11.189113 0.077075 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:11.266530 0.443490 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:11.710429 0.346656 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:12.057490 0.342431 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:12.400337 0.000000 udp 10.0.2.109 3683 -> 190.150.34.243 8421 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 21:38:28.289263 0.074279 tcp 10.0.2.109 51429 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:38:28.363903 0.075783 tcp 10.0.2.109 51430 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:38:28.439985 0.152754 tcp 10.0.2.109 51431 -> 195.113.214.237 443 FSRP* 0 0 28 9300 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:38:28.591519 0.357319 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:28.949292 0.156350 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:29.106058 0.142445 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:29.248924 0.077364 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:29.326633 0.211702 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:29.538784 0.175864 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:29.715064 0.300614 udp 10.0.2.109 3683 <-> 220.86.55.79 5971 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:30.016079 0.063298 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:30.079735 0.063071 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:30.143216 0.224846 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/08 21:38:30.368489 0.000000 udp 10.0.2.109 3683 -> 58.8.191.91 6728 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 21:38:33.849067 3.001665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 21:38:40.856999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:38:48.578437 0.074061 tcp 10.0.2.109 51432 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:38:48.652794 0.071957 tcp 10.0.2.109 51433 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:38:48.725070 0.135171 tcp 10.0.2.109 51434 -> 195.113.214.237 443 SRPA* 0 0 44 28270 flow=From-Botnet-V1-TCP-Established 1970/01/08 21:38:48.858347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:39:04.861686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:39:36.867149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:45:40.873589 3.001668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 21:45:47.880935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:45:55.882154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:46:11.884969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:46:43.891290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:52:47.897945 3.000859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 21:52:54.904472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:53:02.906336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:53:18.909154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:53:50.915382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 21:59:54.921687 3.031104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 22:00:01.958602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:00:09.960264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:00:25.963469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:00:57.969556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:03:25.281818 0.000189 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 22:03:25.282104 1.945029 tcp 10.0.2.109 51435 -> 211.38.175.27 4598 FSPA* 0 0 15 1709 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:07:01.976242 3.000424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 22:07:08.983116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:07:16.984054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:07:32.987270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:08:04.993482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:09:09.957320 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 22:09:09.957420 0.000000 udp 10.0.2.109 3683 -> 190.150.34.243 8421 INT 0 1 90 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 22:09:28.495772 0.075503 tcp 10.0.2.109 51436 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:09:28.571560 0.066868 tcp 10.0.2.109 51437 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:09:28.638749 0.153883 tcp 10.0.2.109 51438 -> 195.113.214.237 443 SRPA* 0 0 21 12826 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:09:28.793902 0.000000 udp 10.0.2.109 3683 -> 58.8.191.91 6728 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 22:09:47.191089 0.069078 tcp 10.0.2.109 51439 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:09:47.260538 0.109400 tcp 10.0.2.109 51440 -> 195.113.214.237 80 SRPA* 0 0 25 14442 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:09:47.369515 0.000000 udp 10.0.2.109 3683 -> 4.31.203.2 6291 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 22:10:05.096444 0.069834 tcp 10.0.2.109 51441 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:10:05.166525 0.070862 tcp 10.0.2.109 51442 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:10:05.237651 0.158600 tcp 10.0.2.109 51443 -> 195.113.214.237 443 SRPA* 0 0 26 13972 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:10:05.396900 0.265365 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:05.662653 0.173901 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:05.836920 0.226935 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:06.064228 0.106028 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:06.170657 0.324816 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:06.495849 0.157091 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:06.653348 0.160041 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:06.813739 0.147947 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:06.962121 0.141738 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:07.104261 0.188291 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:07.292916 0.185066 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:07.478415 0.160809 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:07.639568 0.044753 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:07.684751 0.138553 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:07.823649 0.076313 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:07.900362 0.437789 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:08.338530 0.033098 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:08.372022 0.218096 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:08.590465 0.147029 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:08.737915 0.336954 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:09.075238 0.309977 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:09.385633 0.153380 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:09.539460 0.325955 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:09.865832 0.092707 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:09.958924 0.354524 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:10.313850 0.176958 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:10.491222 0.221736 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:10.713369 0.221261 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:11.128691 0.000000 udp 10.0.2.109 3683 -> 220.86.55.79 5971 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 22:10:28.630305 0.071030 tcp 10.0.2.109 51444 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:10:28.701475 0.070831 tcp 10.0.2.109 51445 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:10:28.772561 0.163746 tcp 10.0.2.109 51446 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:10:28.936904 0.066622 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:10:29.003965 0.074385 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:14:09.000099 3.000895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 22:14:16.006937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:14:24.008063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:14:40.011593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:15:12.017325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:21:16.024162 3.000541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 22:21:23.030662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:21:31.032147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:21:47.035500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:22:19.041411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:28:23.047115 3.001951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 22:28:30.054415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:28:38.056043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:28:54.059168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:29:26.064826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:33:27.232655 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 22:33:27.232852 1.910734 tcp 10.0.2.109 51447 -> 211.38.175.27 4598 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:35:30.070973 3.002080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 22:35:37.078533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:35:45.080453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:36:01.083327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:36:33.099454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:40:40.335362 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 22:40:40.335465 0.136920 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:40:40.472797 0.000000 udp 10.0.2.109 3683 -> 220.86.55.79 5971 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 22:40:58.542697 0.075966 tcp 10.0.2.109 51448 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:40:58.618927 0.073780 tcp 10.0.2.109 51449 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:40:58.692593 0.134119 tcp 10.0.2.109 51450 -> 195.113.214.237 443 SRPA* 0 0 32 24687 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:40:58.827219 0.225425 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:40:59.052994 0.172986 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:40:59.226548 0.280396 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:40:59.507286 0.180135 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:40:59.687762 0.157988 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:40:59.846178 0.166629 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:00.013247 0.105141 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:00.118810 0.139526 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:00.258737 0.178146 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:00.437281 0.146131 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:00.583816 0.046064 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:00.630387 0.137457 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:00.768257 0.000000 udp 10.0.2.109 3683 -> 98.80.199.111 2843 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 22:41:17.778915 0.073725 tcp 10.0.2.109 51451 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:41:17.852941 0.074596 tcp 10.0.2.109 51452 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:41:17.927899 0.131333 tcp 10.0.2.109 51453 -> 195.113.214.237 443 SRPA* 0 0 34 24815 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:41:18.059843 0.138447 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:18.198723 0.032840 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:18.231906 0.344957 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:18.577265 0.150676 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:18.728289 0.000000 udp 10.0.2.109 3683 -> 117.194.69.54 2059 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 22:41:33.722127 0.073209 tcp 10.0.2.109 51454 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:41:33.795619 0.075380 tcp 10.0.2.109 51455 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:41:33.871354 0.145649 tcp 10.0.2.109 51456 -> 195.113.214.237 443 SRPA* 0 0 32 24317 flow=From-Botnet-V1-TCP-Established 1970/01/08 22:41:34.017564 0.075814 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:34.093780 0.423727 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:34.517873 0.341452 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:34.859717 0.379054 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:35.239179 0.155021 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:35.394628 0.175844 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:35.570878 0.210643 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:35.781919 0.354580 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:36.136832 0.088174 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:36.225360 0.225486 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:36.451242 0.068265 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:41:36.519895 0.064690 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/08 22:42:37.104611 3.001902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 22:42:44.112455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:42:52.114299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:43:08.117018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:43:40.123251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:49:44.128448 3.002556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 22:49:51.136350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:49:59.137795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:50:15.141049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:50:47.147242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:56:51.152997 3.001962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 22:56:58.160177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:57:06.161661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:57:22.165053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 22:57:54.171099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:03:29.143738 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 23:03:29.143843 1.988374 tcp 10.0.2.109 51457 -> 211.38.175.27 4598 FSPA* 0 0 14 1707 flow=From-Botnet-V1-TCP-Established 1970/01/08 23:03:58.177374 3.000999 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 23:04:05.184666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:04:13.185659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:04:29.188842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:05:01.195186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:11:05.201642 3.000952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 23:11:12.208086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:11:20.209885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:11:36.213235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:12:05.656010 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 23:12:05.656122 0.189932 udp 10.0.2.109 3683 <-> 98.80.199.111 2843 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:05.846472 0.299873 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:06.146727 0.136269 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:06.283418 0.280336 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:06.564177 0.172919 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:06.737494 0.158602 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:06.896517 0.149062 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:07.045966 0.221659 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:07.268026 0.144682 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:07.413113 0.047745 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:07.461264 0.136673 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:07.598274 0.145988 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:07.744711 0.106251 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:07.851367 0.171292 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:08.023082 0.165284 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:08.188774 0.201353 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:08.219183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:12:08.390482 0.147279 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:08.538380 0.031546 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:08.570329 0.136914 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:08.707646 0.345743 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:09.053747 0.076699 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:09.130864 0.144023 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:09.275329 0.306144 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:09.581883 0.154653 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:09.736942 0.177032 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:09.914367 0.231013 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:10.145816 0.228052 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:10.374479 0.104492 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:10.479350 0.063791 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:10.543631 0.366693 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:12:10.910755 0.091316 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:18:12.225530 3.000777 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 23:18:19.232164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:18:27.233955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:18:43.237180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:19:15.242612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:25:19.249132 3.031458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 23:25:26.286319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:25:34.288121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:25:50.291174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:26:22.296912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:32:26.323089 3.001254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 23:32:33.330743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:32:41.331942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:32:57.335202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:33:29.340732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:33:31.153976 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 23:33:31.154157 1.987115 tcp 10.0.2.109 51458 -> 211.38.175.27 4598 FSPA* 0 0 12 1550 flow=From-Botnet-V1-TCP-Established 1970/01/08 23:39:33.347275 3.001581 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 23:39:40.354580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:39:48.356322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:40:04.359095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:40:36.365064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:42:40.974296 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/08 23:42:40.974473 0.000000 udp 10.0.2.109 3683 -> 98.80.199.111 2843 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 23:42:58.592061 0.075154 tcp 10.0.2.109 51459 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 23:42:58.667553 0.080283 tcp 10.0.2.109 51460 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 23:42:58.748146 0.136442 tcp 10.0.2.109 51461 -> 195.113.214.237 443 SRPA* 0 0 61 38625 flow=From-Botnet-V1-TCP-Established 1970/01/08 23:42:58.884842 0.000000 udp 10.0.2.109 3683 -> 60.190.149.254 6178 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/08 23:43:17.767658 0.076594 tcp 10.0.2.109 51462 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/08 23:43:17.844547 0.075597 tcp 10.0.2.109 51463 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/08 23:43:17.920441 0.149277 tcp 10.0.2.109 51464 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/08 23:43:18.070400 0.174103 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:18.244892 0.286364 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:18.531608 0.137723 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:18.669646 0.159818 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:18.829873 0.172548 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:19.002827 0.221650 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:19.224872 0.147804 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:19.373026 0.044178 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:19.417616 0.139200 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:19.557236 0.144825 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:19.702653 0.106895 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:19.809889 0.180124 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:19.990386 0.158026 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:20.148776 0.222686 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:20.371872 0.151311 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:20.523564 0.033076 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:20.557024 0.135982 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:20.693374 0.142319 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:20.836102 0.560560 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:21.397046 0.149591 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:21.547087 0.341999 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:21.889595 0.075901 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:21.965896 0.177882 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:22.144117 0.229037 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:22.373582 0.224710 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:22.598721 0.144002 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:22.743081 0.068336 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:22.811825 0.355677 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:43:23.167922 0.091946 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/08 23:46:40.370800 3.001541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/08 23:46:47.378685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:46:55.379496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:47:11.383245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:47:43.388989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:53:47.395840 3.001111 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/08 23:53:54.402555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:54:02.403454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:54:18.406912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/08 23:54:50.412722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:00:54.418668 3.001651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 00:01:01.426074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:01:09.427997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:01:25.430724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:01:57.436836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:03:33.145166 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 00:03:33.145358 1.978564 tcp 10.0.2.109 51465 -> 211.38.175.27 4598 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:08:01.442420 3.001714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 00:08:08.449881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:08:16.451721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:08:32.454758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:09:04.460656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:13:39.296357 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 00:13:39.296452 0.000000 udp 10.0.2.109 3683 -> 98.80.199.111 2843 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 00:13:56.422516 0.082230 tcp 10.0.2.109 51466 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:13:56.505011 0.077002 tcp 10.0.2.109 51467 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:13:56.582374 0.152548 tcp 10.0.2.109 51468 -> 195.113.214.237 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:13:56.735221 0.390434 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:13:57.126239 0.134541 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:13:57.261167 0.157501 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:13:57.419072 0.170217 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:13:57.589696 0.302083 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:13:57.892176 0.148784 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:13:58.041331 0.284016 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:13:58.325779 0.145044 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:13:58.471227 0.000000 udp 10.0.2.109 3683 -> 62.92.158.188 3282 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 00:14:16.019414 0.074780 tcp 10.0.2.109 51469 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:14:16.094341 0.075878 tcp 10.0.2.109 51470 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:14:16.170494 0.149940 tcp 10.0.2.109 51471 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:14:16.321038 0.138108 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:16.459669 0.146073 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:16.606118 0.106787 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:16.713241 0.147439 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:16.861089 0.168341 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:17.029851 0.203492 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:17.233759 0.148646 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:17.382821 0.033457 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:17.416706 0.138948 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:17.556043 0.143855 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:17.700356 0.333445 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:18.034267 0.576053 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:18.610673 0.155097 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:18.766198 0.000000 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 00:14:34.435711 0.076143 tcp 10.0.2.109 51472 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:14:34.511775 0.111879 tcp 10.0.2.109 51473 -> 195.113.214.237 80 SRPA* 0 0 20 14755 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:14:34.624155 0.179023 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:34.803592 0.220089 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:35.024067 0.222438 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:35.246877 0.286851 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:35.534151 0.064298 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:35.598840 0.360498 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:14:35.959780 0.085739 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:15:08.467701 3.000394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 00:15:15.474734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:15:23.475754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:15:39.479056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:16:11.484564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:22:15.491290 3.001023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 00:22:22.498481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:22:30.499936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:22:46.502507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:23:18.508637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:29:22.515385 3.020706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 00:29:29.542351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:29:37.543928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:29:53.546806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:30:25.552997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:33:35.126066 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 00:33:35.126179 2.016593 tcp 10.0.2.109 51474 -> 211.38.175.27 4598 FSPA* 0 0 14 1565 flow=From-Botnet-V1-TCP-Established 1970/01/09 00:36:29.558152 3.002078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 00:36:36.566076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:36:44.567564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:37:00.570889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:37:32.577064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:43:36.582967 3.001315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 00:43:43.589934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:43:51.591888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:44:07.594877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:44:39.600435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:44:48.153649 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 00:44:48.153802 0.048985 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:48.203236 0.076835 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:48.280422 0.352762 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:48.633711 0.409358 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:49.043392 0.160504 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:49.204257 0.137231 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:49.341918 0.188496 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:49.531191 0.226348 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:49.757943 0.210135 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:49.968491 0.145987 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:50.114835 0.106766 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:50.221975 0.163708 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:50.386043 0.143147 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:50.529576 0.138056 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:50.668026 0.149966 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:50.818426 0.030331 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:50.849106 0.135665 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:50.985181 0.142942 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:51.128478 0.177239 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:51.306276 0.288957 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:51.595643 0.340708 udp 10.0.2.109 3683 <-> 111.254.122.18 6738 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:51.936752 0.658784 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:52.596026 0.153163 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:52.749579 0.178004 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:52.928009 0.230428 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:53.158789 0.220285 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:53.379516 0.064142 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:53.444060 0.067097 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:53.511553 0.350425 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:44:53.862447 0.087483 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 00:50:43.606801 3.001280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 00:50:50.613846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:50:58.615748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:51:14.618620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:51:46.624819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:57:50.631280 3.000827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 00:57:57.638428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:58:05.639621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:58:21.642488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 00:58:53.648716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:03:37.146790 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 01:03:37.146891 1.928774 tcp 10.0.2.109 51475 -> 211.38.175.27 4598 FSPA* 0 0 14 1662 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:04:57.655096 3.000771 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 01:05:04.661859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:05:12.663723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:05:28.666293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:06:00.672884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:12:04.678858 3.001328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 01:12:11.686467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:12:19.687757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:12:35.690478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:13:07.696625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:15:23.953044 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 01:15:23.953295 0.317593 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:24.271237 0.082594 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:24.354399 0.077951 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:24.432674 0.136532 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:24.569621 0.176502 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:24.746428 0.327607 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:25.074599 0.287383 udp 10.0.2.109 3683 <-> 60.190.149.254 6178 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:25.362554 0.158166 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:25.521135 0.149808 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:25.671340 0.147826 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:25.819584 0.110264 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:25.930282 0.178328 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:26.109002 0.147371 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:26.256743 0.138081 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:26.395203 0.147625 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:26.543168 0.036890 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:26.580421 0.175676 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:26.756455 0.254458 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:27.011333 0.137427 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:27.149188 0.142637 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:27.292243 0.152378 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:27.445066 0.000000 udp 10.0.2.109 3683 -> 111.254.122.18 6738 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 01:15:45.725605 0.076178 tcp 10.0.2.109 51476 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:15:45.802082 0.074736 tcp 10.0.2.109 51477 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:15:45.877096 0.151378 tcp 10.0.2.109 51478 -> 195.113.214.237 443 SRPA* 0 0 26 9778 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:15:46.029179 0.319332 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:46.348871 0.178860 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:46.528128 0.231041 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:46.759607 0.224643 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:46.984645 0.067152 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:47.052209 0.063406 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:47.115980 0.363027 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:15:47.479445 0.087794 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:19:11.703405 3.001101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 01:19:18.709982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:19:26.711684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:19:42.714823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:20:14.720731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:26:18.727013 3.020771 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 01:26:25.753747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:26:33.755533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:26:49.758744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:27:21.764725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:33:25.771263 3.000532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 01:33:32.778435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:33:39.077255 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 01:33:39.077341 1.925287 tcp 10.0.2.109 51479 -> 211.38.175.27 4598 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:33:40.779388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:33:56.782529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:34:28.788762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:40:32.795413 3.000391 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 01:40:39.802139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:40:47.803135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:41:03.806369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:41:35.812578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:46:15.754963 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 01:46:15.755081 0.346127 udp 10.0.2.109 3683 -> 111.254.122.18 6738 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 01:46:16.101208 0.000000 icmp 111.254.122.18 0x0303 -> 10.0.2.109 0x521a URP 192 1 249 flow=Background 1970/01/09 01:46:34.453976 0.075494 tcp 10.0.2.109 51480 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:46:34.529784 0.076904 tcp 10.0.2.109 51481 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:46:34.606994 0.165216 tcp 10.0.2.109 51482 -> 195.113.214.237 443 SRPA* 0 0 23 13772 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:46:34.772707 0.055128 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:46:34.828212 0.000000 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 01:46:51.767401 0.085403 tcp 10.0.2.109 51483 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:46:51.853101 0.076122 tcp 10.0.2.109 51484 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:46:51.929523 0.163168 tcp 10.0.2.109 51485 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:46:52.093156 0.000000 udp 10.0.2.109 3683 -> 4.31.203.2 6291 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 01:47:09.672973 0.076054 tcp 10.0.2.109 51486 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:47:09.749310 0.075516 tcp 10.0.2.109 51487 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:47:09.825157 0.150746 tcp 10.0.2.109 51488 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:47:09.976520 0.172337 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:10.149266 0.283563 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:10.433261 0.156241 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:10.589821 0.170804 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:10.761029 0.372207 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:11.133666 0.146569 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:11.280660 0.000000 udp 10.0.2.109 3683 -> 60.190.149.254 6178 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 01:47:28.109753 0.075050 tcp 10.0.2.109 51489 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:47:28.185092 0.076329 tcp 10.0.2.109 51490 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:47:28.261724 0.168832 tcp 10.0.2.109 51491 -> 195.113.214.237 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:47:28.431133 0.107894 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:28.539393 0.138277 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:28.678072 0.147558 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:28.826072 0.033871 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:28.860261 0.166914 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:29.027557 0.144573 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:29.172501 0.163006 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:29.335944 0.153499 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:29.489877 0.202710 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:29.693060 0.138739 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:29.832221 0.144147 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:29.976721 0.433562 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:30.410637 0.178950 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:30.590230 0.221815 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:30.812393 0.069408 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:30.882439 0.354499 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:31.237291 0.089572 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:31.327193 0.000000 udp 10.0.2.109 3683 -> 108.196.220.248 9105 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 01:47:39.818206 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 01:47:46.825708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:47:48.458696 0.079510 tcp 10.0.2.109 51492 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:47:48.538528 0.110750 tcp 10.0.2.109 51493 -> 195.113.214.237 80 SRPA* 0 0 18 8384 flow=From-Botnet-V1-TCP-Established 1970/01/09 01:47:48.649695 0.065387 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/09 01:47:54.827552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:48:10.830413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:48:42.836140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:54:46.942884 3.000955 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 01:54:53.949589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:55:01.951300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:55:17.954300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 01:55:49.960583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:01:53.967026 3.001420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 02:02:00.973548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:02:08.975530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:02:24.978306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:02:56.984279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:03:41.108465 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 02:03:41.108683 1.914599 tcp 10.0.2.109 51494 -> 211.38.175.27 4598 FSPA* 0 0 15 1625 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:09:00.991124 3.001016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 02:09:07.997613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:09:15.999514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:09:32.002033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:10:04.008382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:16:08.014911 3.000844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 02:16:15.022046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:16:23.023172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:16:39.026145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:17:11.032381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:18:17.097759 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 02:18:17.098016 0.134836 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:17.233267 0.077084 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:17.310766 0.000000 udp 10.0.2.109 3683 -> 60.190.149.254 6178 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 02:18:33.412543 0.075587 tcp 10.0.2.109 51495 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:18:33.488351 0.116767 tcp 10.0.2.109 51496 -> 195.113.214.237 80 SRPA* 0 0 31 19736 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:18:33.605695 0.222638 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:33.828694 0.043655 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:33.872881 0.151031 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:34.024271 0.243351 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:34.268037 0.000000 udp 10.0.2.109 3683 -> 117.194.69.54 2059 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 02:18:50.866506 0.077070 tcp 10.0.2.109 51497 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:18:50.943944 0.065388 tcp 10.0.2.109 51498 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:18:51.009657 0.162794 tcp 10.0.2.109 51499 -> 195.113.214.237 443 SRPA* 0 0 27 11254 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:18:51.171923 0.158926 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:51.331246 0.227846 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:51.559506 0.147169 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:51.707115 0.137286 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:51.844800 0.150201 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:51.995428 0.032971 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:52.028796 0.109127 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:52.138383 0.154265 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:52.293073 0.273646 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:52.567053 0.134273 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:52.701715 0.145641 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:52.847778 0.163170 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:53.011375 0.178979 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:53.190730 0.177449 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:53.368586 0.229994 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:53.598963 0.066382 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:53.665772 0.143375 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:53.809462 0.363918 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:54.173904 0.357673 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:54.531999 0.084252 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:18:54.616610 0.065392 udp 10.0.2.109 3683 <-> 31.52.140.245 1670 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:23:15.038686 3.001359 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 02:23:22.045888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:23:30.047330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:23:46.050330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:24:18.056190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:30:22.063128 3.000884 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 02:30:29.069557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:30:37.071409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:30:53.074104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:31:25.080149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:33:43.029617 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 02:33:43.029797 1.921551 tcp 10.0.2.109 51500 -> 211.38.175.27 4598 FSPA* 0 0 14 1590 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:37:29.086134 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 02:37:36.094058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:37:44.095606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:38:00.097881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:38:32.104155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:44:36.110726 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 02:44:43.117727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:44:51.119401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:45:07.122041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:45:39.128107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:49:08.980471 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 02:49:08.980584 0.479019 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:09.460015 0.137645 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:09.598046 0.000000 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 02:49:26.767625 0.071716 tcp 10.0.2.109 51501 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:49:26.839652 0.099776 tcp 10.0.2.109 51502 -> 195.113.214.237 80 SRPA* 0 0 21 15953 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:49:26.939929 0.046498 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:26.986817 0.219733 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:27.206951 0.173294 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:27.380652 0.150503 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:27.531571 0.226963 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:27.758941 0.145394 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:27.904732 0.137309 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:28.042495 0.158651 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:28.201475 0.158558 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:28.360447 0.033102 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:28.393992 0.109241 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:28.503577 0.155047 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:28.659036 0.241647 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:28.901097 0.137013 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:29.038488 0.146968 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:29.185804 0.158973 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:29.345136 0.145194 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:29.490762 0.178598 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:29.669757 0.221284 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:29.891450 0.067731 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:29.959628 0.143086 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:30.103063 0.088021 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:30.191506 0.000000 udp 10.0.2.109 3683 -> 31.52.140.245 1670 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 02:49:47.115151 0.080861 tcp 10.0.2.109 51503 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:49:47.196243 0.078015 tcp 10.0.2.109 51504 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:49:47.274542 0.168525 tcp 10.0.2.109 51505 -> 195.113.214.237 443 SRPA* 0 0 42 22672 flow=From-Botnet-V1-TCP-Established 1970/01/09 02:49:47.443717 0.263345 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:49:47.707492 0.359758 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/09 02:51:43.135229 3.000731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 02:51:50.141788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:51:58.142897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:52:14.145982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:52:46.152034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:58:50.158056 3.001864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 02:58:57.165920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:59:05.167431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:59:21.169883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 02:59:53.175836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:03:44.959870 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 03:03:44.959965 1.931963 tcp 10.0.2.109 51506 -> 211.38.175.27 4598 FSPA* 0 0 14 1656 flow=From-Botnet-V1-TCP-Established 1970/01/09 03:05:57.182070 3.001646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 03:06:04.189378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:06:12.190871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:06:28.193872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:07:00.200136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:13:04.206257 3.001828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 03:13:11.213495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:13:19.214893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:13:35.217842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:14:07.224097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:19:54.683859 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 03:19:54.684000 0.075549 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:19:54.759911 0.000000 udp 10.0.2.109 3683 -> 31.52.140.245 1670 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 03:20:11.230933 3.000727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 03:20:13.473265 0.070805 tcp 10.0.2.109 51507 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 03:20:13.544352 0.067629 tcp 10.0.2.109 51508 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 03:20:13.612280 0.155853 tcp 10.0.2.109 51509 -> 195.113.214.237 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/09 03:20:13.768897 0.388002 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:14.157274 0.136106 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:14.293803 0.047312 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:14.341467 0.173967 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:14.515856 0.301982 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:14.818275 0.261428 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:15.080066 0.223410 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:15.303884 0.145273 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:15.449580 0.156312 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:15.606433 0.033214 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:15.640047 0.109755 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:15.750381 0.152715 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:15.903487 0.262739 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:16.166645 0.150318 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:16.317302 0.142055 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:16.459785 0.145352 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:16.605546 0.158607 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:16.764576 0.181553 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:16.946518 0.177919 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:17.124843 0.220438 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:17.345683 0.068545 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:17.414647 0.138413 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:17.553466 0.091388 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:17.645241 0.177943 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:17.823611 0.258980 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:18.082934 0.412873 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:20:18.237739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:20:26.239472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:20:42.241793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:21:14.248044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:27:18.254764 3.001008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 03:27:25.261732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:27:33.262857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:27:49.266301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:28:21.272299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:33:46.891273 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 03:33:46.891379 2.019223 tcp 10.0.2.109 51510 -> 211.38.175.27 4598 FSPA* 0 0 14 1614 flow=From-Botnet-V1-TCP-Established 1970/01/09 03:34:25.278492 3.001118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 03:34:32.285770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:34:40.286634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:34:56.289705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:35:28.295638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:41:32.301948 3.001808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 03:41:39.309195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:41:47.310775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:42:03.313788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:42:35.319686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:48:39.326376 3.001757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 03:48:46.333287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:48:54.334724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:49:10.338365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:49:42.343753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:50:36.292000 0.000153 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 03:50:36.292264 0.000000 udp 10.0.2.109 3683 -> 82.127.143.230 4509 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 03:50:53.127836 0.081273 tcp 10.0.2.109 51511 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 03:50:53.209431 0.075375 tcp 10.0.2.109 51512 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 03:50:53.285128 0.143007 tcp 10.0.2.109 51513 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/09 03:50:53.428711 0.046776 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:53.475848 0.148938 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:53.625191 0.261088 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:53.886657 0.278932 udp 10.0.2.109 3683 <-> 117.194.69.54 2059 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:54.166002 0.139147 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:54.305555 0.171820 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:54.477797 0.228215 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:54.706398 0.146466 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:54.853257 0.157763 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:55.011397 0.033020 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:55.044806 0.109523 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:55.154730 0.154246 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:55.309324 0.481824 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:55.791537 0.155275 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:55.947156 0.139351 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:56.086910 0.139563 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:56.226900 0.168123 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:56.395414 0.184415 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:56.580238 0.069108 udp 10.0.2.109 3683 <-> 86.148.233.16 5066 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:56.649715 0.137830 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:56.787901 0.087553 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:56.875890 0.144094 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:57.020400 0.179868 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:57.200666 0.220796 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:57.421863 0.349073 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:50:57.771305 0.349167 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/09 03:55:46.350426 3.001433 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 03:55:53.356980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:56:01.358602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:56:17.361555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 03:56:49.367722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:02:53.374700 3.001037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 04:03:00.381174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:03:08.382689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:03:24.385657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:03:48.911623 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 04:03:48.911815 2.041571 tcp 10.0.2.109 51514 -> 211.38.175.27 4598 FSPA* 0 0 14 1668 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:03:56.391510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:10:00.398445 3.000956 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 04:10:07.405594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:10:15.406448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:10:31.409752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:11:03.415866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:17:07.422551 3.001100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 04:17:14.428873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:17:22.430748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:17:38.433774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:18:10.439533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:21:20.022581 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 04:21:20.022682 0.075652 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:20.098712 0.218947 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:20.318031 0.046478 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:20.364960 0.154233 udp 10.0.2.109 3683 <-> 173.216.254.174 8795 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:20.519567 0.000000 udp 10.0.2.109 3683 -> 117.194.69.54 2059 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 04:21:38.690882 0.080502 tcp 10.0.2.109 51515 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:21:38.771605 0.072761 tcp 10.0.2.109 51516 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:21:38.844657 0.200202 tcp 10.0.2.109 51517 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:21:39.045489 0.135856 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:39.181739 0.171984 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:39.354202 0.222995 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:39.577567 0.145486 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:39.723473 0.157960 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:39.881790 0.031769 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:39.914030 0.127526 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:40.041905 0.154182 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:40.196531 0.271907 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:40.468841 0.147926 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:40.617122 0.141512 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:40.759027 0.145899 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:40.905350 0.184260 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:41.090009 0.164027 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:21:41.254454 0.000000 udp 10.0.2.109 3683 -> 86.148.233.16 5066 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 04:21:59.659941 0.072638 tcp 10.0.2.109 51518 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:21:59.732907 0.072264 tcp 10.0.2.109 51519 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:21:59.805447 0.176222 tcp 10.0.2.109 51520 -> 195.113.214.237 443 SRPA* 0 0 41 23302 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:21:59.981529 0.136018 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:22:00.117994 0.092756 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:22:00.211115 0.221107 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:22:00.432625 0.356750 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:22:00.789794 0.143758 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:22:00.933933 0.181734 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:22:01.116039 0.355680 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:24:14.446564 3.001136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 04:24:21.453086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:24:29.454485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:24:45.457924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:25:17.463853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:31:21.470053 3.001166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 04:31:28.476850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:31:36.478415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:31:52.481585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:32:24.487894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:33:50.952493 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 04:33:50.952587 1.968462 tcp 10.0.2.109 51521 -> 211.38.175.27 4598 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:38:28.494431 3.021096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 04:38:35.521429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:38:43.522893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:38:59.525481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:39:31.532047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:45:35.537897 3.001947 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 04:45:42.544937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:45:50.546948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:46:06.549389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:46:38.555849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:52:26.336498 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 04:52:26.336592 0.000000 udp 10.0.2.109 3683 -> 117.194.69.54 2059 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 04:52:41.540174 0.071040 tcp 10.0.2.109 51522 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:52:41.611517 0.075073 tcp 10.0.2.109 51523 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:52:41.686901 0.150135 tcp 10.0.2.109 51524 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:52:41.837500 0.000000 udp 10.0.2.109 3683 -> 86.148.233.16 5066 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 04:52:42.562664 3.000300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 04:52:49.569219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:52:57.570814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:52:57.961858 0.076363 tcp 10.0.2.109 51525 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:52:58.038501 0.087306 tcp 10.0.2.109 51526 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:52:58.126048 0.157909 tcp 10.0.2.109 51527 -> 195.113.214.237 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:52:58.284541 0.046574 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:52:58.331546 0.223464 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:52:58.555365 0.077252 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:52:58.632923 0.000000 udp 10.0.2.109 3683 -> 173.216.254.174 8795 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 04:53:13.573579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:53:14.184629 0.072623 tcp 10.0.2.109 51528 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:53:14.257505 0.116899 tcp 10.0.2.109 51529 -> 195.113.214.237 80 SRPA* 0 0 20 13482 flow=From-Botnet-V1-TCP-Established 1970/01/09 04:53:14.375722 0.174668 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:14.550756 0.224401 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:14.775503 0.145252 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:14.921112 0.136149 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:15.057629 0.041470 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:15.099553 0.159220 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:15.259175 0.227499 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:15.487082 0.151798 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:15.639276 0.138696 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:15.778340 0.146136 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:15.924871 0.155876 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:16.081150 0.106955 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:16.188492 0.176233 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:16.365093 0.170124 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:16.535615 0.137462 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:16.673491 0.094498 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:16.768377 0.222463 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:16.991210 0.302037 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:17.293655 0.142373 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:17.436424 0.180472 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:17.617313 0.373874 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/09 04:53:45.579297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 04:59:49.585954 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 04:59:56.592677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:00:04.594636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:00:20.597642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:00:52.603383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:03:52.923941 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:03:52.924072 1.931099 tcp 10.0.2.109 51530 -> 211.38.175.27 4598 FSPA* 0 0 15 1565 flow=From-Botnet-V1-TCP-Established 1970/01/09 05:06:56.609746 3.001956 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 05:07:03.616758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:07:11.618414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:07:27.621319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:07:59.627987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:14:03.634555 3.000844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 05:14:10.640630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:14:18.642740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:14:34.645794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:15:06.651473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:21:10.657898 3.001138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 05:21:17.665085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:21:25.666244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:21:41.669509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:22:13.675456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:23:37.005370 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:23:37.005459 0.147209 udp 10.0.2.109 3683 -> 173.216.254.174 8795 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:23:37.152668 0.000000 icmp 173.216.254.174 0x0303 -> 10.0.2.109 0x5b22 URP 192 1 248 flow=Background 1970/01/09 05:23:53.761705 0.176660 tcp 10.0.2.109 51531 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 05:23:53.938645 0.114580 tcp 10.0.2.109 51532 -> 195.113.214.237 80 SRPA* 0 0 20 14742 flow=From-Botnet-V1-TCP-Established 1970/01/09 05:23:54.053700 4.862905 udp 10.0.2.109 3683 <-> 108.240.98.227 5054 CON 0 0 3 665 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:54.277603 4.021319 udp 10.0.2.109 3683 <-> 62.92.158.188 3282 CON 0 0 4 1101 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:54.321592 4.056335 udp 10.0.2.109 3683 <-> 82.127.143.230 4509 CON 0 0 4 1231 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:54.398518 4.126541 udp 10.0.2.109 3683 <-> 50.73.87.77 7002 CON 0 0 4 1200 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:54.544287 4.150434 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 4 925 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:54.717369 4.198768 udp 10.0.2.109 3683 <-> 108.196.220.248 9105 CON 0 0 4 1106 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:54.941133 4.338602 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 4 1070 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:55.078675 4.234961 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 4 1285 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:55.112266 4.366687 udp 10.0.2.109 3683 <-> 69.193.126.13 8069 CON 0 0 4 1225 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:55.274340 4.490176 udp 10.0.2.109 3683 <-> 212.12.186.201 5494 CON 0 0 4 1096 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:55.487456 4.428416 udp 10.0.2.109 3683 <-> 23.28.66.171 7388 CON 0 0 4 1256 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:55.637028 4.420306 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 4 1287 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:55.777797 4.425283 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 4 1054 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:55.925244 4.434725 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 4 1187 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:56.082434 4.423549 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 4 1124 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:56.228761 4.419321 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 4 1198 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:56.369970 4.453874 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 4 1312 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:56.564643 4.398432 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 4 1219 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:56.702756 4.356627 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 4 1102 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:56.795178 0.220016 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:57.015529 4.222362 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 4 1273 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:57.196839 4.434625 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 4 1136 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:57.584193 4.448967 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 4 1194 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:57.941439 4.460882 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 4 1126 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:23:59.142287 0.000000 udp 10.0.2.109 3683 <- 108.240.98.227 5054 RSP 0 0 1 543 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:02.033648 0.221085 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:24:02.403127 0.000000 udp 10.0.2.109 3683 -> 82.211.180.144 4314 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:09.101845 0.000000 udp 10.0.2.109 3683 -> 96.56.118.106 4157 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:15.941296 0.000000 udp 10.0.2.109 3683 -> 99.177.167.54 8486 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:21.328894 0.000000 udp 10.0.2.109 3683 -> 75.81.216.225 2538 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:26.766895 0.000000 udp 10.0.2.109 3683 -> 98.112.171.175 4180 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:32.985662 0.000000 udp 10.0.2.109 3683 -> 70.30.175.164 8866 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:38.093494 0.295497 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 736 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:24:38.407156 0.169942 udp 10.0.2.109 3683 -> 66.212.108.34 7247 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:38.577098 0.000000 icmp 66.212.108.34 0x0303 -> 10.0.2.109 0x4f1c URP 192 1 264 flow=Background 1970/01/09 05:24:42.760033 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:24:43.641489 0.000000 udp 10.0.2.109 3683 -> 82.91.9.28 2380 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:51.102492 0.000000 udp 10.0.2.109 3683 -> 176.33.124.10 9564 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:24:56.659883 0.000000 udp 10.0.2.109 3683 -> 173.14.141.234 4358 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:25:03.509637 0.164530 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 766 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:25:03.696234 0.107878 udp 10.0.2.109 3683 <-> 79.53.33.204 2706 CON 0 0 2 693 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:25:03.818712 0.000000 udp 10.0.2.109 3683 -> 181.95.169.131 2135 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:25:09.899148 0.000000 udp 10.0.2.109 3683 -> 186.95.97.7 6273 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:25:18.851662 0.000000 udp 10.0.2.109 3683 -> 173.9.120.21 5253 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:25:24.850710 0.055321 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 665 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:25:24.923023 0.067488 udp 10.0.2.109 3683 <-> 79.116.8.40 6804 CON 0 0 2 774 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:25:25.001565 0.000000 udp 10.0.2.109 3683 -> 69.198.6.243 2848 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:25:29.757391 0.000036 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:25:31.720515 0.159173 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 723 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:25:31.892312 0.000000 udp 10.0.2.109 3683 -> 173.161.206.161 2578 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:25:40.392639 0.000000 udp 10.0.2.109 3683 -> 5.87.138.231 7299 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:25:45.871093 0.000000 udp 10.0.2.109 3683 -> 93.66.14.201 1025 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:25:53.882188 0.000000 udp 10.0.2.109 3683 -> 95.137.220.69 1028 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:01.082815 0.000000 udp 10.0.2.109 3683 -> 78.150.26.88 7865 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:09.374321 0.153593 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 691 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:26:09.541475 0.055758 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 795 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:26:09.611800 0.037245 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 770 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:26:09.665711 0.000000 udp 10.0.2.109 3683 -> 151.50.51.7 4306 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:14.260974 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:26:15.002828 0.000000 udp 10.0.2.109 3683 -> 188.95.122.20 2456 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:21.892142 0.043197 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 721 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:26:21.963409 0.000000 udp 10.0.2.109 3683 -> 115.243.100.219 6612 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:27.891266 0.000000 udp 10.0.2.109 3683 -> 82.38.81.215 3219 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:34.470701 0.000000 udp 10.0.2.109 3683 -> 95.145.168.200 2598 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:40.679911 0.000000 udp 10.0.2.109 3683 -> 98.80.199.111 2843 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:46.227851 0.000000 udp 10.0.2.109 3683 -> 82.152.40.137 5588 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:51.254621 0.000000 udp 10.0.2.109 3683 -> 216.188.225.44 2129 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:26:56.992903 0.184489 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:26:57.228805 0.079938 udp 10.0.2.109 3683 <-> 86.181.216.139 7208 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:26:57.323678 0.000000 udp 10.0.2.109 3683 -> 80.179.199.81 20802 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:27:01.759769 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:27:02.651231 0.000000 udp 10.0.2.109 3683 -> 66.235.168.5 11159 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:27:09.530972 0.097922 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:27:09.638916 0.000000 udp 10.0.2.109 3683 -> 99.60.238.159 15414 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:27:17.532533 0.000000 udp 10.0.2.109 3683 -> 87.215.202.226 22297 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:27:26.275001 0.000000 udp 10.0.2.109 3683 -> 82.61.80.3 7735 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:27:34.506997 0.000000 udp 10.0.2.109 3683 -> 82.58.201.235 2919 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:27:40.645926 0.467308 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 674 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:27:41.224535 0.000000 udp 10.0.2.109 3683 -> 96.249.192.17 6247 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:27:50.119542 0.000000 udp 10.0.2.109 3683 -> 97.68.84.109 3568 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:27:54.765724 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:27:57.800278 0.000000 udp 10.0.2.109 3683 -> 79.239.117.102 8710 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:28:03.959396 0.212673 udp 10.0.2.109 3683 <-> 216.255.39.77 6532 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:04.211676 0.155321 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 714 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:04.414100 0.712842 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:05.141744 0.166818 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 774 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:05.327726 0.052418 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:05.412249 0.047123 udp 10.0.2.109 3683 <-> 84.130.202.166 8279 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:05.472913 0.144936 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 746 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:05.667466 0.000000 udp 10.0.2.109 3683 -> 80.169.202.242 9327 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:28:12.842299 0.000000 udp 10.0.2.109 3683 -> 173.13.4.181 8140 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:28:17.680895 3.002296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 05:28:18.540138 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:28:24.688764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:28:26.812486 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:28:32.690315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:28:34.383203 0.109345 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:28:34.492548 0.000000 icmp 92.241.71.34 0x0303 -> 10.0.2.109 0x6213 URP 192 1 264 flow=Background 1970/01/09 05:28:39.259592 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:28:41.954206 0.000000 udp 10.0.2.109 3683 -> 141.250.23.111 2134 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:28:47.181732 0.051382 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 795 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:47.368189 0.052991 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 855 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:47.477856 0.000000 udp 10.0.2.109 3683 -> 174.25.214.206 5515 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:28:48.693396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:28:52.889945 0.099584 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:53.029566 0.000000 udp 10.0.2.109 3683 -> 80.133.179.220 5564 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:28:58.177598 0.327726 udp 10.0.2.109 3683 <-> 218.145.118.4 6830 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:28:58.523008 0.000000 udp 10.0.2.109 3683 -> 61.195.130.230 3327 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:29:04.927063 0.000000 udp 10.0.2.109 3683 -> 195.212.29.172 9607 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:29:10.464913 0.000000 udp 10.0.2.109 3683 -> 86.177.209.169 6017 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:29:19.026995 0.000000 udp 10.0.2.109 3683 -> 75.119.226.76 3326 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:29:20.699620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:29:23.763549 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:29:24.885503 0.184888 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 796 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:29:25.102697 0.000000 udp 10.0.2.109 3683 -> 173.209.148.186 8105 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:29:32.877220 0.000000 udp 10.0.2.109 3683 -> 79.210.61.80 2613 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:29:38.955749 0.000000 udp 10.0.2.109 3683 -> 188.3.166.27 3013 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:29:44.834650 0.000000 udp 10.0.2.109 3683 -> 118.97.24.243 5036 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:29:51.504076 0.000000 udp 10.0.2.109 3683 -> 80.36.234.42 2109 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:29:59.815940 0.000000 udp 10.0.2.109 3683 -> 82.106.29.170 5906 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:30:04.892949 0.320648 udp 10.0.2.109 3683 -> 125.0.166.143 9760 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:30:05.213597 0.000000 icmp 125.0.166.143 0x0303 -> 10.0.2.109 0x2026 URP 192 1 327 flow=Background 1970/01/09 05:30:09.759578 0.000037 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:30:11.492650 0.000000 udp 10.0.2.109 3683 -> 213.160.152.100 7856 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:30:20.015083 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:30:28.897692 0.000000 udp 10.0.2.109 3683 -> 79.46.8.45 7022 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:30:37.269425 0.000000 udp 10.0.2.109 3683 -> 121.141.11.194 7956 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:30:45.652025 0.313230 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 736 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:30:45.981922 0.000000 udp 10.0.2.109 3683 -> 186.6.223.55 2209 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:30:52.551324 0.105188 udp 10.0.2.109 3683 -> 62.38.144.8 1899 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:30:52.656512 0.000000 icmp 62.38.144.8 0x0303 -> 10.0.2.109 0x6b07 URP 192 1 138 flow=Background 1970/01/09 05:30:57.258258 0.000148 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:31:00.593380 0.000000 udp 10.0.2.109 3683 -> 125.2.83.168 4368 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:31:07.784091 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:31:14.392701 0.000000 udp 10.0.2.109 3683 -> 223.205.55.34 4018 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:31:20.412010 0.000000 udp 10.0.2.109 3683 -> 23.24.76.117 3168 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:31:27.121048 0.000000 udp 10.0.2.109 3683 -> 66.237.226.20 1336 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:31:32.349169 0.000000 udp 10.0.2.109 3683 -> 87.24.2.194 4081 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:31:38.988455 0.053208 udp 10.0.2.109 3683 -> 31.150.187.119 5895 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:31:39.041663 0.000000 icmp 31.150.187.119 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 132 flow=Background 1970/01/09 05:31:43.764734 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:31:44.025665 0.000000 udp 10.0.2.109 3683 -> 217.158.253.12 8257 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:31:51.676826 0.000000 udp 10.0.2.109 3683 -> 95.224.214.119 1701 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:31:58.165790 0.000000 udp 10.0.2.109 3683 -> 87.2.46.38 2833 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:32:03.303692 0.094719 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 702 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:32:03.427601 0.165772 udp 10.0.2.109 3683 <-> 76.232.30.68 5026 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:32:03.626645 0.000000 udp 10.0.2.109 3683 -> 201.144.156.78 8628 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:32:09.181922 0.000000 udp 10.0.2.109 3683 -> 92.236.159.67 4313 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:32:16.322238 0.055318 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:32:16.421603 0.000000 udp 10.0.2.109 3683 -> 122.176.108.138 8609 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:32:22.190818 0.000000 udp 10.0.2.109 3683 -> 119.74.146.220 1652 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:32:29.921780 0.000000 udp 10.0.2.109 3683 -> 176.221.10.118 1106 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:32:34.758551 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:32:36.440816 0.215965 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:32:36.689026 0.000000 udp 10.0.2.109 3683 -> 46.197.185.32 2950 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:32:42.169637 0.000000 udp 10.0.2.109 3683 -> 174.26.75.247 4660 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:32:50.992124 0.000000 udp 10.0.2.109 3683 -> 50.198.149.114 6612 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:32:58.112350 0.000000 udp 10.0.2.109 3683 -> 111.250.17.185 5460 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:33:06.104033 0.058403 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 658 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:33:06.205373 0.045009 udp 10.0.2.109 3683 <-> 87.153.127.125 4545 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:33:06.286285 0.000000 udp 10.0.2.109 3683 -> 84.176.111.198 6122 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:33:14.745998 0.055262 udp 10.0.2.109 3683 -> 80.81.0.120 9503 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:33:14.801260 0.000000 icmp 80.81.0.120 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 161 flow=Background 1970/01/09 05:33:19.262637 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 05:33:22.186999 0.000000 udp 10.0.2.109 3683 -> 24.255.132.13 7399 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:33:27.614748 0.000000 udp 10.0.2.109 3683 -> 94.71.224.255 6898 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:33:32.992666 0.000000 udp 10.0.2.109 3683 -> 77.181.114.218 8243 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:33:39.722192 0.057160 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:33:39.845472 0.000000 udp 10.0.2.109 3683 -> 173.217.224.134 5177 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:33:47.323349 0.000000 udp 10.0.2.109 3683 -> 93.192.135.117 6589 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:33:53.131276 0.000000 udp 10.0.2.109 3683 -> 195.59.133.50 4399 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:33:54.854484 1.913968 tcp 10.0.2.109 51533 -> 211.38.175.27 4598 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/01/09 05:34:00.732533 0.167200 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 747 flow=From-Botnet-V1-UDP-Established 1970/01/09 05:34:00.909779 0.000000 udp 10.0.2.109 3683 -> 212.252.194.101 3690 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:34:06.360507 0.000000 udp 10.0.2.109 3683 -> 95.227.67.150 3581 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:34:11.588193 0.000000 udp 10.0.2.109 3683 -> 98.229.142.155 7447 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 05:35:24.706226 3.000779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 05:35:31.713268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:35:39.714355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:35:55.717446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:36:27.723651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:42:31.729845 3.001405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 05:42:38.736812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:42:46.738014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:43:02.741667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:43:34.747610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:49:38.753523 3.001589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 05:49:45.761103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:49:53.762136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:50:09.765327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:50:41.771221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:56:45.778002 3.000914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 05:56:52.784598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:57:00.786388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:57:16.789282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 05:57:48.794971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:03:52.801886 3.000716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 06:03:56.774767 0.000212 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 06:03:56.775076 1.915641 tcp 10.0.2.109 51534 -> 211.38.175.27 4598 FSPA* 0 0 15 1562 flow=From-Botnet-V1-TCP-Established 1970/01/09 06:03:59.808416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:04:07.810612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:04:23.813306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:04:27.569071 0.032804 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:27.602290 0.134381 udp 10.0.2.109 3683 <-> 4.31.203.2 6291 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:27.737024 0.148426 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:27.885854 0.138824 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:28.025070 0.182558 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:28.208032 0.163268 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:28.371656 0.151754 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:28.523805 0.158901 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:28.683045 0.168999 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:28.852420 0.376700 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:29.229620 0.089034 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:29.319051 0.179478 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:29.498908 0.221307 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:29.720568 0.143829 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:29.864825 0.322677 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:30.187918 0.313680 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:30.501945 0.162615 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:30.664953 0.083738 udp 10.0.2.109 3683 <-> 79.53.33.204 2706 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:30.749105 0.066597 udp 10.0.2.109 3683 <-> 79.116.8.40 6804 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:30.816044 0.055092 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:30.871560 0.157388 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:31.029320 0.135203 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:31.165195 0.036439 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:31.201998 0.055295 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:31.257699 0.042101 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:31.300202 0.074853 udp 10.0.2.109 3683 <-> 86.181.216.139 7208 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:31.375438 0.187365 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:31.563196 0.091112 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:31.654702 0.419668 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:32.074783 0.139931 udp 10.0.2.109 3683 <-> 216.255.39.77 6532 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:32.215109 0.157397 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:32.372887 0.165887 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:32.539207 0.050887 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:32.590503 0.000000 udp 10.0.2.109 3683 -> 84.130.202.166 8279 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 06:04:48.811613 0.070950 tcp 10.0.2.109 51535 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 06:04:48.882880 0.071105 tcp 10.0.2.109 51536 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 06:04:48.954393 0.165693 tcp 10.0.2.109 51537 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/09 06:04:49.120704 0.141805 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:49.262885 0.136981 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:49.400303 0.053717 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:49.454391 0.049417 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:49.504199 0.118574 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:49.623125 0.300828 udp 10.0.2.109 3683 <-> 218.145.118.4 6830 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:49.924354 0.189182 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:50.113873 0.314018 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:50.428289 0.166929 udp 10.0.2.109 3683 <-> 76.232.30.68 5026 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:50.595602 0.094477 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:50.690439 0.035662 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:50.726434 0.203159 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:50.929999 0.054612 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:50.984984 0.047755 udp 10.0.2.109 3683 <-> 87.153.127.125 4545 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:51.033133 0.056312 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:51.089794 0.163731 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:04:55.819420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:10:59.826008 3.001618 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 06:11:06.833089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:11:14.833861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:11:30.837471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:12:02.843212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:18:06.850180 3.000949 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 06:18:13.856676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:18:21.857822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:18:37.861174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:19:09.867582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:25:13.873650 3.001119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 06:25:20.880751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:25:28.882464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:25:44.884783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:26:16.891332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:32:20.897343 3.001409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 06:32:27.904665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:32:35.906109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:32:51.908992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:33:23.915253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:33:58.695823 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 06:33:58.695964 1.940096 tcp 10.0.2.109 51538 -> 211.38.175.27 4598 FSPA* 0 0 15 1674 flow=From-Botnet-V1-TCP-Established 1970/01/09 06:35:01.656423 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 06:35:01.656512 0.046372 udp 10.0.2.109 3683 <-> 84.130.202.166 8279 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:01.703270 0.142173 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:01.845859 0.031980 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:01.878358 0.000000 udp 10.0.2.109 3683 -> 4.31.203.2 6291 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 06:35:19.803958 0.070117 tcp 10.0.2.109 51539 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 06:35:19.874372 0.075507 tcp 10.0.2.109 51540 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 06:35:19.950367 0.155391 tcp 10.0.2.109 51541 -> 195.113.214.237 443 SRPA* 0 0 33 19404 flow=From-Botnet-V1-TCP-Established 1970/01/09 06:35:20.106591 0.137120 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:20.244129 0.176269 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:20.420814 0.152359 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:20.573573 0.131822 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:20.705870 0.176132 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:20.882436 0.137557 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:21.020323 0.176850 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:21.197532 0.210104 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:21.407993 0.144630 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:21.553013 0.385842 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:21.939273 0.095407 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:22.035078 0.163692 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:22.199145 0.090753 udp 10.0.2.109 3683 <-> 79.53.33.204 2706 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:22.290398 0.066838 udp 10.0.2.109 3683 <-> 79.116.8.40 6804 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:22.357578 0.053485 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:22.411475 0.315642 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:22.727542 0.290055 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.017942 0.139800 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.158159 0.034389 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.192930 0.053531 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.246881 0.040935 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.288196 0.073349 udp 10.0.2.109 3683 <-> 86.181.216.139 7208 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.361957 0.187570 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.549904 0.089721 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.640014 0.157762 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.798209 0.165471 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:23.964078 0.050243 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:24.014693 0.420762 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:24.435856 0.142916 udp 10.0.2.109 3683 <-> 216.255.39.77 6532 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:24.579186 0.156230 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:24.735790 0.138477 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:24.874695 0.136306 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:25.011392 0.053785 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:25.065506 0.049703 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:25.115592 0.100119 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:25.216101 0.299078 udp 10.0.2.109 3683 <-> 218.145.118.4 6830 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:25.515576 0.191495 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:25.707437 0.311347 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:26.019201 0.165717 udp 10.0.2.109 3683 <-> 76.232.30.68 5026 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:26.185321 0.090638 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:26.276325 0.037463 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:26.314179 0.201856 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:26.516431 0.053894 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:26.570685 0.167252 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:26.738352 0.048203 udp 10.0.2.109 3683 <-> 87.153.127.125 4545 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:35:26.786990 0.055346 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/09 06:39:27.921937 3.000831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 06:39:34.928423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:39:42.929976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:39:58.933342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:40:30.939446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:46:34.945434 3.001138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 06:46:41.952269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:46:49.953783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:47:05.957225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:47:37.962836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:53:41.969300 3.001733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 06:53:48.976403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:53:56.977923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:54:12.980873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 06:54:44.987193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:00:48.993375 3.000967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 07:00:56.000109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:01:04.001754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:01:20.004954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:01:52.011157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:04:00.636471 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 07:04:00.636547 1.968225 tcp 10.0.2.109 51542 -> 211.38.175.27 4598 FSPA* 0 0 14 1708 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:05:29.954770 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 07:05:29.954850 0.000000 udp 10.0.2.109 3683 -> 4.31.203.2 6291 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:05:46.109301 0.069638 tcp 10.0.2.109 51543 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:05:46.179201 0.068898 tcp 10.0.2.109 51544 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:05:46.248387 0.151424 tcp 10.0.2.109 51545 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:05:46.446529 0.147710 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:46.594649 0.041618 udp 10.0.2.109 3683 <-> 84.130.202.166 8279 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:46.636675 0.033236 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:46.670320 0.135570 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:46.806489 0.159996 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:46.966803 0.152158 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:47.119433 0.207140 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:47.326908 0.176698 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:47.504008 0.140338 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:47.644695 0.178237 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:47.864668 0.221713 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:48.086785 0.143202 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:48.230382 0.356686 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:48.600670 0.090209 udp 10.0.2.109 3683 <-> 79.53.33.204 2706 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:05:48.691285 0.000000 udp 10.0.2.109 3683 -> 79.116.8.40 6804 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:06:05.065655 0.068089 tcp 10.0.2.109 51546 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:06:05.134042 0.069580 tcp 10.0.2.109 51547 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:06:05.203969 0.158525 tcp 10.0.2.109 51548 -> 195.113.214.237 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:06:05.363070 0.054345 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:05.417816 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:06:17.098404 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:06:17.098862 0.095223 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:17.099221 0.619919 tcp 10.0.2.109 51549 -> 75.92.139.157 6108 SPA_* 0 0 5 527 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:06:17.194506 0.161324 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:17.356163 0.274022 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:17.630578 0.135833 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:17.766742 0.034271 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:17.801415 0.057934 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:17.859756 0.040680 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:17.900820 0.073175 udp 10.0.2.109 3683 <-> 86.181.216.139 7208 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:17.974432 0.183245 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:18.158071 0.087327 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:18.245768 0.157592 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:18.403816 0.166203 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:18.570496 0.136807 udp 10.0.2.109 3683 <-> 216.255.39.77 6532 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:18.707718 0.156562 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:18.864684 0.157272 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:19.022372 0.051222 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:19.073995 0.423790 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:19.498242 0.137056 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:19.635658 0.052389 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:19.688414 0.052575 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:19.741381 0.105804 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:19.847624 0.000000 udp 10.0.2.109 3683 -> 218.145.118.4 6830 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:06:26.197875 0.258109 tcp 10.0.2.109 51549 -> 75.92.139.157 6108 A_PA 0 0 5 2322 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:06:35.488970 0.102996 tcp 10.0.2.109 51550 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:06:35.592198 0.070085 tcp 10.0.2.109 51551 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:06:35.662622 0.147838 tcp 10.0.2.109 51552 -> 195.113.214.237 443 SRPA* 0 0 23 14004 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:06:35.811041 0.184462 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:35.995916 0.312390 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:36.308701 0.166141 udp 10.0.2.109 3683 <-> 76.232.30.68 5026 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:36.475249 0.094978 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:36.570586 0.036561 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:36.607485 0.212780 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:36.820682 0.053749 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:36.874854 0.165239 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:37.040493 0.041644 udp 10.0.2.109 3683 <-> 87.153.127.125 4545 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:37.082479 0.058683 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:06:41.014850 0.213497 tcp 10.0.2.109 51549 -> 75.92.139.157 6108 A_PA 0 0 5 3622 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:06:49.601889 0.197313 tcp 10.0.2.109 51549 -> 75.92.139.157 6108 A_PA 0 0 2 1456 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:07:00.514069 0.201133 tcp 10.0.2.109 51549 -> 75.92.139.157 6108 A_PA 0 0 2 1456 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:07:05.754524 0.207572 tcp 10.0.2.109 51549 -> 75.92.139.157 6108 A_PA 0 0 2 1356 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:07:35.755217 0.961892 tcp 10.0.2.109 51549 -> 75.92.139.157 6108 FRA_* 0 0 4 1112 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:07:56.017434 3.001092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 07:08:03.024074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:08:11.025711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:08:27.029016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:08:59.034749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:15:03.041269 3.001299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 07:15:10.048142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:15:18.049771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:15:34.053175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:16:06.059071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:22:10.064792 3.002061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 07:22:17.072766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:22:25.073767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:22:41.076679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:23:13.082601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:29:17.089255 3.001483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 07:29:24.096171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:29:32.097878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:29:48.110918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:30:20.116917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:34:02.607535 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 07:34:02.607647 2.055045 tcp 10.0.2.109 51553 -> 211.38.175.27 4598 FSPA* 0 0 15 1709 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:36:24.123097 3.001421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 07:36:31.130434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:36:38.290688 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 07:36:38.290823 0.000000 udp 10.0.2.109 3683 -> 79.116.8.40 6804 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:36:39.131726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:36:55.135266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:36:56.488646 0.070467 tcp 10.0.2.109 51554 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:36:56.559389 0.068118 tcp 10.0.2.109 51555 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:36:56.627799 0.182579 tcp 10.0.2.109 51556 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:36:56.810930 0.000000 udp 10.0.2.109 3683 -> 218.145.118.4 6830 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:37:12.970884 0.068034 tcp 10.0.2.109 51557 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:37:13.039201 0.069339 tcp 10.0.2.109 51558 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:37:13.108812 0.172402 tcp 10.0.2.109 51559 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:37:13.281688 0.166228 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:13.448277 0.034376 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:13.483008 0.046117 udp 10.0.2.109 3683 <-> 84.130.202.166 8279 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:13.529594 0.144727 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:13.674657 0.136488 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:13.811551 0.138782 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:13.950703 0.179083 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:14.130303 0.215960 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:14.346619 0.154543 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:14.501544 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:37:27.141248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:37:30.486379 0.069049 tcp 10.0.2.109 51560 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:37:30.555728 0.076238 tcp 10.0.2.109 51561 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:37:30.632246 0.152479 tcp 10.0.2.109 51562 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:37:30.785196 0.139863 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:30.925403 0.222574 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:31.148348 0.096201 udp 10.0.2.109 3683 <-> 79.53.33.204 2706 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:31.244876 0.385165 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:31.630444 0.054124 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:31.684962 0.093612 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:31.778939 0.163312 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:31.950265 0.469682 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:32.420443 0.139302 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:32.420838 3.001782 tcp 10.0.2.109 51563 -> 190.129.24.18 4213 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/09 07:37:32.560146 0.036082 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:32.596595 0.057891 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:32.654879 0.041325 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:32.696570 0.075027 udp 10.0.2.109 3683 <-> 86.181.216.139 7208 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:32.771975 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:37:41.421062 0.000000 tcp 10.0.2.109 51563 -> 190.129.24.18 4213 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/09 07:37:47.920976 0.067109 tcp 10.0.2.109 51564 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:37:47.988438 0.074196 tcp 10.0.2.109 51565 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:37:48.062905 0.153287 tcp 10.0.2.109 51566 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:37:48.216815 0.157336 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:48.374482 0.166578 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:37:48.541440 0.000000 udp 10.0.2.109 3683 -> 216.255.39.77 6532 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:38:05.416513 0.067777 tcp 10.0.2.109 51567 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:38:05.484602 0.070707 tcp 10.0.2.109 51568 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:38:05.555649 0.208807 tcp 10.0.2.109 51569 -> 195.113.214.237 443 SRPA* 0 0 36 18266 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:38:05.765082 0.155820 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:05.921280 0.186950 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:06.108673 0.087924 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:06.196978 0.424582 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:06.621899 0.136025 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:06.758284 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 07:38:22.100353 0.068614 tcp 10.0.2.109 51570 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:38:22.169309 0.102753 tcp 10.0.2.109 51571 -> 195.113.214.237 80 SRPA* 0 0 20 14750 flow=From-Botnet-V1-TCP-Established 1970/01/09 07:38:22.272454 0.051182 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:22.324052 0.090848 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:22.415316 0.058695 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:22.474429 2.974412 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:25.449270 0.184090 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:25.633724 0.310920 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:25.944982 0.165651 udp 10.0.2.109 3683 <-> 76.232.30.68 5026 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:26.110979 0.094262 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:26.205628 0.063571 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:26.269641 0.211190 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:26.481190 0.058275 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:26.539836 0.054641 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:26.594843 0.166662 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:38:26.761885 0.047920 udp 10.0.2.109 3683 <-> 87.153.127.125 4545 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/09 07:43:31.146678 3.001572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 07:43:38.153937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:43:46.155842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:44:02.159094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:44:34.164810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:50:38.171155 3.001055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 07:50:45.178060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:50:53.180019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:51:09.182540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:51:41.188506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:57:45.194694 3.001818 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 07:57:52.201882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:58:00.203439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:58:16.207060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 07:58:48.213038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:04:04.668731 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:04:04.668918 2.007470 tcp 10.0.2.109 51572 -> 211.38.175.27 4598 FSPA* 0 0 15 1657 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:04:52.219220 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 08:04:59.225918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:05:07.227669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:05:23.230341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:05:55.236580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:08:55.566629 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:08:55.566718 0.175112 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:08:55.742205 2.557100 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:08:58.299879 0.000000 udp 10.0.2.109 3683 -> 216.255.39.77 6532 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 08:08:58.300308 4.786078 tcp 10.0.2.109 51573 -> 75.92.139.157 6108 SPA_* 0 0 10 2788 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:13.724240 0.071498 tcp 10.0.2.109 51574 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:13.795595 0.070747 tcp 10.0.2.109 51575 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:13.866623 0.151288 tcp 10.0.2.109 51576 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:14.018535 0.050796 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:14.069688 0.035631 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:14.105719 0.135586 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:14.241632 0.145573 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:14.387621 0.168472 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:14.556517 0.138785 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:14.695736 0.045910 udp 10.0.2.109 3683 <-> 84.130.202.166 8279 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:14.742025 0.153321 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:14.895762 0.134972 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:15.031070 0.176368 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:15.207779 0.142046 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:15.350230 0.085789 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:15.436377 0.163074 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:15.599865 0.230300 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:15.830543 0.145884 udp 10.0.2.109 3683 <-> 79.53.33.204 2706 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:15.976815 0.398861 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:16.376068 0.055335 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:16.431753 0.061242 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:16.493320 0.034632 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:16.528263 0.074508 udp 10.0.2.109 3683 <-> 86.181.216.139 7208 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:16.603196 0.140497 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:16.744137 0.322992 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:17.067447 0.041738 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:17.109660 0.166175 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:17.276179 0.157308 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:17.433886 0.154616 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:17.588837 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 08:09:32.889792 0.000074 tcp 10.0.2.109 51573 -> 75.92.139.157 6108 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:35.243887 0.074466 tcp 10.0.2.109 51577 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:35.318623 0.113840 tcp 10.0.2.109 51578 -> 195.113.214.237 80 SRPA* 0 0 18 13370 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:35.432847 0.136076 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:35.569357 0.087408 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:35.657171 0.183468 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:35.841012 0.054079 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:35.841353 2.996579 tcp 10.0.2.109 51579 -> 108.255.85.52 8205 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/09 08:09:35.895483 0.051367 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:35.947231 0.090604 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:36.038228 0.184033 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:36.222707 0.311173 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:36.534398 1.257988 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:37.792786 0.094679 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:37.887863 0.037170 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:37.925428 0.200648 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:38.126455 0.054926 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:38.181757 0.054588 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:38.236724 0.165272 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:38.402391 0.000000 udp 10.0.2.109 3683 -> 87.153.127.125 4545 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 08:09:44.836920 0.000000 tcp 10.0.2.109 51579 -> 108.255.85.52 8205 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/09 08:09:56.494040 0.070358 tcp 10.0.2.109 51580 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:56.564680 0.071360 tcp 10.0.2.109 51581 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:56.636406 0.170290 tcp 10.0.2.109 51582 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:09:56.807221 0.165019 udp 10.0.2.109 3683 <-> 76.232.30.68 5026 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:09:56.973642 3.005264 tcp 10.0.2.109 51583 -> 76.232.30.68 6979 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/09 08:10:05.977035 0.000000 tcp 10.0.2.109 51583 -> 76.232.30.68 6979 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/09 08:11:32.892108 0.000178 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:11:32.892381 0.000000 tcp 10.0.2.109 51573 ?> 75.92.139.157 6108 RA_ 0 1 54 flow=Background 1970/01/09 08:11:59.242224 3.002417 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 08:12:06.250396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:12:14.251770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:12:30.254434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:13:02.260981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:19:06.266691 3.001630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 08:19:13.273923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:19:21.275391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:19:37.278620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:20:09.284413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:26:13.290430 3.002101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 08:26:20.297711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:26:28.299345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:26:44.302357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:27:16.308535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:33:20.315370 3.001039 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 08:33:27.322241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:33:35.323467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:33:51.326671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:34:06.679563 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:34:06.679656 2.008359 tcp 10.0.2.109 51584 -> 211.38.175.27 4598 FSPA* 0 0 15 1729 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:34:23.332249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:40:23.500612 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:40:23.500797 0.423795 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:40:23.924989 0.000000 udp 10.0.2.109 3683 -> 87.153.127.125 4545 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 08:40:27.338695 3.001692 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 08:40:34.345659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:40:42.347345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:40:42.689436 0.069023 tcp 10.0.2.109 51585 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:40:42.758764 0.077433 tcp 10.0.2.109 51586 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:40:42.836529 0.145706 tcp 10.0.2.109 51587 -> 195.113.214.237 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:40:42.982711 0.169357 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:40:43.152461 4.119479 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:40:47.272397 0.136186 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:40:47.272766 1.805429 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 SPA_* 0 0 5 364 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:40:47.408963 0.146826 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:40:47.556186 0.182140 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:40:47.738688 0.143261 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:40:47.882348 0.000000 udp 10.0.2.109 3683 -> 84.130.202.166 8279 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 08:40:57.806921 0.203190 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 2 1456 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:40:58.350398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:41:03.869169 0.069323 tcp 10.0.2.109 51589 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:03.938817 0.072600 tcp 10.0.2.109 51590 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:04.011733 0.172884 tcp 10.0.2.109 51591 -> 195.113.214.237 443 SRPA* 0 0 24 13238 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:04.185391 0.148961 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:04.334768 0.035435 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:04.370537 0.241251 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:04.612184 0.163484 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:04.775995 0.177218 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:04.953568 0.089879 udp 10.0.2.109 3683 <-> 79.53.33.204 2706 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:05.043813 0.127380 udp 10.0.2.109 3683 <-> 93.172.44.24 7820 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:05.171549 0.198895 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:05.370796 0.229174 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:05.600350 0.093565 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:05.694466 0.053564 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:05.748410 0.034887 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:05.783650 0.072704 udp 10.0.2.109 3683 <-> 86.181.216.139 7208 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:05.856674 0.143748 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:06.000865 0.367468 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:06.368665 0.053839 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:06.422870 0.156635 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:06.579939 0.286038 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:06.866365 0.041794 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:06.908530 0.165691 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:07.074572 0.157723 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:07.232651 0.088931 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:07.322003 0.188611 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:07.510966 0.052451 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:07.563867 0.052599 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:07.616853 0.136700 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:07.753889 0.311168 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:08.065464 0.184029 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:08.215666 4.375338 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 10 7388 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:08.249877 0.102367 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:08.352625 0.094671 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:08.447703 1.192837 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:09.640935 0.000000 udp 10.0.2.109 3683 -> 77.22.244.77 9684 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 08:41:17.055698 0.201847 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 5 4314 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:26.321672 0.069784 tcp 10.0.2.109 51592 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:26.391744 0.072536 tcp 10.0.2.109 51593 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:26.464547 0.161270 tcp 10.0.2.109 51594 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:26.626311 0.165227 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:26.791906 0.281734 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:27.074028 0.053707 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:27.128116 0.055205 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:27.183694 0.166164 udp 10.0.2.109 3683 <-> 76.232.30.68 5026 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/09 08:41:30.357014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:41:34.695676 0.207504 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 2 1456 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:40.745341 4.502583 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 9 5878 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:53.240979 0.398624 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 7 5278 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:41:58.826482 0.401348 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 4 2964 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:42:04.560594 4.190574 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 9 7126 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:42:13.257815 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:42:13.285953 4.949199 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 14 10500 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:42:18.294420 3.795442 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 15 11050 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:42:24.680966 3.781361 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 22 17572 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:42:31.945894 0.441696 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 11 8786 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:42:37.146799 0.796778 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:42:42.951599 0.199577 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 5 4366 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:42:54.368241 0.399379 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 4 2264 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:43:07.319339 4.243075 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 10 6684 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:43:16.111849 3.541817 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 12 10136 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:43:16.258709 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:43:22.123194 4.941234 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 16 13904 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:43:27.149144 0.004636 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 3 2210 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:43:32.416132 0.416672 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 7 5822 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:43:47.941512 0.193486 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 8 7276 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:43:53.588852 0.204263 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 8 6576 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:43:59.743901 0.207637 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 2 1456 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:44:06.875795 0.206187 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 2 808 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:44:23.845714 4.456878 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 4 1576 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:44:28.762834 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:44:29.751074 4.830387 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 11 8774 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:44:38.828473 4.815784 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 7 5770 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:44:48.136642 0.204774 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 5 3070 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:44:59.888892 0.199006 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 2 1456 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:45:04.906530 4.174131 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 9 5902 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:45:13.757612 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:45:14.085078 0.203393 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 5 4314 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:45:19.808077 0.589155 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 7 4606 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:45:29.918197 0.203293 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 9 8678 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:45:35.168407 4.834358 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 6 4491 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:45:40.195917 0.240005 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 3 1510 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:45:51.979359 4.540039 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 9 7259 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:46:00.429958 4.790545 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 10 8628 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:46:08.663265 4.915185 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 9 6734 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:46:13.774228 4.662335 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 20 15416 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:46:22.249838 4.573556 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 13 10942 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:46:23.257375 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:46:31.387735 0.202246 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 5 4366 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:46:36.989279 4.867432 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 20 14716 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:46:42.055086 4.453012 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 12 7492 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:46:50.628371 4.888990 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 20 13368 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:46:55.704034 4.236617 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 10 6684 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:47:05.900025 0.199231 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 5 4366 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:47:14.838040 4.159730 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 15 11050 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:47:19.839271 4.388279 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 9 7226 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:47:26.773343 3.991738 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 15 10454 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:47:27.760443 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:47:32.013905 4.086010 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 17 13206 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:47:34.362392 3.002130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 08:47:37.862794 1.668621 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 11 8786 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:47:41.370413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:47:45.988281 4.705302 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 14 13044 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:47:49.371671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:47:53.843943 3.889904 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 17 14554 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:48:01.758380 4.518750 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 20 16116 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:48:05.374824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:48:10.567793 4.629005 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 24 17680 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:48:20.116791 0.198998 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 2 1456 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:48:26.691430 4.430794 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 10 7384 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:48:35.249339 4.434776 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 18 15204 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:48:37.380531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:48:44.197201 4.268903 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 19 14766 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:48:55.917698 0.200090 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 8 7276 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:49:00.763975 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 08:49:06.399186 0.203173 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 2 1456 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:49:17.952246 0.196667 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 5 3922 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:49:23.295599 3.955740 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_PA 0 0 9 5902 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:49:31.091496 4.753282 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 FPA_* 0 0 17 10899 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:49:42.307208 0.000140 tcp 10.0.2.109 51588 -> 75.92.139.157 6108 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/09 08:54:41.386826 3.001117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 08:54:48.394017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:54:56.395633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:55:12.398128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 08:55:44.404115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:01:48.410359 3.001494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 09:01:55.417653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:02:03.419331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:02:19.422307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:02:51.428185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:04:08.690189 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 09:04:08.690284 1.906630 tcp 10.0.2.109 51595 -> 211.38.175.27 4598 FSPA* 0 0 14 1520 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:08:55.434663 3.001306 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 09:09:02.442021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:09:10.443641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:09:26.446473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:09:58.452558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:11:41.330571 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 09:11:41.330672 0.000000 udp 10.0.2.109 3683 -> 84.130.202.166 8279 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:11:58.406670 0.073123 tcp 10.0.2.109 51596 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:11:58.480079 0.078529 tcp 10.0.2.109 51597 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:11:58.558898 0.220603 tcp 10.0.2.109 51598 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:11:58.779994 2.644564 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:01.562918 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:12:17.543062 0.069883 tcp 10.0.2.109 51599 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:12:17.613230 0.073361 tcp 10.0.2.109 51600 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:12:17.686867 0.152158 tcp 10.0.2.109 51601 -> 195.113.214.237 443 SRPA* 0 0 23 13340 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:12:17.839517 0.188142 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:18.028059 0.146150 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:18.174615 0.159067 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:18.334065 0.138709 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:18.473153 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:12:25.045200 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:12:25.045537 0.137614 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:25.183592 0.163465 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:25.347446 0.179768 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:25.527555 0.035415 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:25.563366 0.155871 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:25.719588 0.049293 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:25.769342 0.000000 udp 10.0.2.109 3683 -> 79.53.33.204 2706 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:12:40.956585 0.068998 tcp 10.0.2.109 51602 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:12:41.025933 0.069981 tcp 10.0.2.109 51603 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:12:41.096177 0.151091 tcp 10.0.2.109 51604 -> 195.113.214.237 443 SRPA* 0 0 23 13808 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:12:41.247913 0.171474 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:41.419805 0.222212 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:41.642503 0.084378 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:41.727297 0.062991 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:41.790674 0.035844 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:41.826850 0.000000 udp 10.0.2.109 3683 -> 86.181.216.139 7208 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:12:57.370300 0.065146 tcp 10.0.2.109 51605 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:12:57.435765 0.070425 tcp 10.0.2.109 51606 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:12:57.506532 0.156332 tcp 10.0.2.109 51607 -> 195.113.214.237 443 SRPA* 0 0 23 13794 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:12:57.663433 0.137589 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:12:57.801369 0.000000 udp 10.0.2.109 3683 -> 93.172.44.24 7820 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:13:16.016828 0.070252 tcp 10.0.2.109 51608 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:13:16.087319 0.067586 tcp 10.0.2.109 51609 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:13:16.155201 0.148528 tcp 10.0.2.109 51610 -> 195.113.214.237 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:13:16.304176 0.329032 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:16.633548 0.042176 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:16.676131 0.058605 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:16.735146 0.360568 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:17.096109 0.157150 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:17.253657 0.157234 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:17.411268 0.089728 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:17.501367 0.187687 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:17.689559 0.047876 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:17.737770 0.052472 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:17.790612 0.137206 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:17.928227 0.166352 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:18.094980 0.094211 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:18.189713 0.184546 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:18.374597 0.311833 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:18.686829 0.096193 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:18.783414 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:13:24.625100 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:13:24.625471 0.164979 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:24.790778 0.062905 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:24.854069 0.168063 udp 10.0.2.109 3683 <-> 76.232.30.68 5026 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:25.022543 0.210214 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:13:25.233148 0.054006 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:16:02.458942 3.000920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 09:16:09.465753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:16:17.466976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:16:33.470116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:17:05.476187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:23:09.481899 3.002114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 09:23:16.489492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:23:24.491529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:23:40.494308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:24:12.500260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:30:16.507151 3.000598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 09:30:23.513807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:30:31.515561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:30:47.518371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:31:19.524108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:34:10.601146 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 09:34:10.601396 1.975813 tcp 10.0.2.109 51611 -> 211.38.175.27 4598 FSPA* 0 0 14 1580 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:37:23.531041 3.000575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 09:37:30.537645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:37:38.539539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:37:54.541910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:38:26.548343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:43:31.337133 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 09:43:31.337232 0.423737 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:43:31.761366 0.000000 udp 10.0.2.109 3683 -> 79.53.33.204 2706 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:43:47.511849 0.072002 tcp 10.0.2.109 51612 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:43:47.584131 0.082507 tcp 10.0.2.109 51613 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:43:47.666929 0.161004 tcp 10.0.2.109 51614 -> 195.113.214.237 443 SRPA* 0 0 33 24720 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:43:47.828552 0.000000 udp 10.0.2.109 3683 -> 93.172.44.24 7820 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:44:05.095886 0.072652 tcp 10.0.2.109 51615 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:44:05.168859 0.072033 tcp 10.0.2.109 51616 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:44:05.241214 0.144828 tcp 10.0.2.109 51617 -> 195.113.214.237 443 SRPA* 0 0 37 27877 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:44:05.386819 0.000000 udp 10.0.2.109 3683 -> 86.181.216.139 7208 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:44:20.608037 0.070756 tcp 10.0.2.109 51618 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:44:20.679073 0.071577 tcp 10.0.2.109 51619 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:44:20.750938 0.161000 tcp 10.0.2.109 51620 -> 195.113.214.237 443 SRPA* 0 0 38 27929 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:44:20.912459 0.036564 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:20.949358 0.159293 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:21.109025 0.145626 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:21.255009 0.212564 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:21.467926 0.141973 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:21.610271 0.177220 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:21.787884 0.035631 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:21.823854 0.164918 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:21.989135 0.055758 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:22.045267 0.135169 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:22.180771 0.222437 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:22.403541 0.246966 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:22.650885 0.035707 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:22.686994 0.142769 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:22.830353 0.220384 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:23.051119 0.085278 udp 10.0.2.109 3683 <-> 178.43.187.58 5402 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:23.136749 0.066649 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:23.203846 0.146693 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:23.350949 0.289175 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:23.640491 0.041362 udp 10.0.2.109 3683 <-> 217.85.203.243 5770 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:23.682357 0.068407 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:23.751143 0.157433 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:23.908929 0.088220 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:23.997545 0.183885 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:24.181817 0.053430 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:24.235617 0.052657 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:24.288630 0.136048 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:24.425049 0.360409 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:24.785813 0.155658 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:24.941868 0.164797 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:25.106982 0.096761 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:25.204102 0.183826 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:25.388293 0.313559 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:25.702249 0.093666 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:25.796271 0.076044 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:25.872705 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:44:30.554331 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 09:44:37.359788 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:44:37.360185 0.166248 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:37.526843 0.063793 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:44:37.561313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:44:37.590978 0.000000 udp 10.0.2.109 3683 -> 76.232.30.68 5026 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 09:44:45.563274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:44:55.278320 0.076054 tcp 10.0.2.109 51621 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:44:55.354619 0.081159 tcp 10.0.2.109 51622 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:44:55.436038 0.168959 tcp 10.0.2.109 51623 -> 195.113.214.237 443 SRPA* 0 0 33 24741 flow=From-Botnet-V1-TCP-Established 1970/01/09 09:44:55.605611 0.220472 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/09 09:45:01.566287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:45:33.572085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:51:37.578335 3.001424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 09:51:44.585289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:51:52.587346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:52:08.590072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:52:40.595852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:58:44.602853 3.001141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 09:58:51.609570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:58:59.610948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:59:15.614319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 09:59:47.620085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:04:12.581891 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 10:04:12.582219 1.974541 tcp 10.0.2.109 51624 -> 211.38.175.27 4598 FSPA* 0 0 14 1610 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:05:51.626406 3.001841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 10:05:58.633502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:06:06.635387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:06:22.638031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:06:54.643816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:12:58.651109 3.000563 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 10:13:05.657531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:13:13.659277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:13:29.662115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:14:01.668106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:15:12.901119 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 10:15:12.901320 0.000000 udp 10.0.2.109 3683 -> 76.232.30.68 5026 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:15:31.309440 0.073271 tcp 10.0.2.109 51625 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:15:31.383009 0.085907 tcp 10.0.2.109 51626 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:15:31.469242 0.160994 tcp 10.0.2.109 51627 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:15:31.630803 0.423460 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:32.054700 0.052920 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:32.108026 0.148752 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:32.257179 0.170656 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:32.428207 0.141244 udp 10.0.2.109 3683 <-> 75.149.131.201 1430 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:32.569824 0.179057 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:32.749303 0.035922 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:32.785617 0.162737 rtcp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:32.948751 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:15:50.084243 0.070871 tcp 10.0.2.109 51628 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:15:50.155399 0.077737 tcp 10.0.2.109 51629 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:15:50.233422 0.158315 tcp 10.0.2.109 51630 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:15:50.392299 0.137494 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:50.530203 0.052942 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:50.583467 0.035969 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:50.619786 0.147205 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:50.767355 0.230525 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:50.998258 0.280404 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:15:51.279021 0.000000 udp 10.0.2.109 3683 -> 178.43.187.58 5402 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:16:09.583098 0.071383 tcp 10.0.2.109 51631 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:16:09.654813 0.075542 tcp 10.0.2.109 51632 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:16:09.730654 0.150446 tcp 10.0.2.109 51633 -> 195.113.214.237 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:16:09.881741 0.065206 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:09.947375 0.137794 udp 10.0.2.109 3683 <-> 173.13.37.161 1028 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:10.085584 0.281821 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:10.367859 0.000000 udp 10.0.2.109 3683 -> 217.85.203.243 5770 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:16:26.657134 0.071318 tcp 10.0.2.109 51634 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:16:26.728730 0.073899 tcp 10.0.2.109 51635 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:16:26.802902 0.160660 tcp 10.0.2.109 51636 -> 195.113.214.237 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:16:26.964044 0.054655 udp 10.0.2.109 3683 <-> 176.73.148.5 2115 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:27.019121 0.157133 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:27.176601 0.086465 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:27.263424 0.220642 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:27.484458 0.052996 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:27.537863 0.136376 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:27.674588 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:16:44.753489 0.072431 tcp 10.0.2.109 51637 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:16:44.826408 0.079268 tcp 10.0.2.109 51638 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:16:44.905605 0.163118 tcp 10.0.2.109 51639 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:16:45.069313 0.155983 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:45.225643 0.183834 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:45.409891 0.053520 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:45.463807 0.183569 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:45.647772 0.313288 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:45.961495 0.092553 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:46.054492 0.063875 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:46.118774 0.091805 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:46.210948 0.165255 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:46.376624 4.735108 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:51.112129 0.165928 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:51.278467 0.058105 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:16:51.336885 0.208368 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:20:05.674444 3.001443 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 10:20:12.681566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:20:20.683433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:20:36.685750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:21:08.692347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:27:12.698417 3.001048 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 10:27:19.705646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:27:27.706828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:27:43.709761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:28:15.715922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:34:14.562560 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 10:34:14.562664 1.972042 tcp 10.0.2.109 51640 -> 211.38.175.27 4598 FSPA* 0 0 14 1632 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:34:19.727333 2.996691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 10:34:26.739666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:34:34.741312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:34:50.744094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:35:22.750282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:41:26.755887 3.001810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 10:41:33.763434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:41:41.765028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:41:57.767605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:42:29.773747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:47:12.991620 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 10:47:12.991817 0.176540 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:47:13.168768 0.000000 udp 10.0.2.109 3683 -> 178.43.187.58 5402 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:47:29.196599 0.077365 tcp 10.0.2.109 51641 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:47:29.274387 0.076431 tcp 10.0.2.109 51642 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:47:29.351175 0.180738 tcp 10.0.2.109 51643 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:47:29.532379 0.000000 udp 10.0.2.109 3683 -> 217.85.203.243 5770 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:47:46.099391 0.074457 tcp 10.0.2.109 51644 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:47:46.174137 0.080263 tcp 10.0.2.109 51645 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:47:46.254699 0.155899 tcp 10.0.2.109 51646 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:47:46.411185 0.360803 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:47:46.772382 0.159558 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:47:46.932338 0.037170 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:47:46.969928 0.185580 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:47:47.158344 0.140461 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:47:47.299250 0.052433 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:47:47.352111 0.176395 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:47:47.528846 0.000000 udp 10.0.2.109 3683 -> 75.149.131.201 1430 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:48:05.768086 0.068598 tcp 10.0.2.109 51647 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:48:05.837035 0.084013 tcp 10.0.2.109 51648 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:48:05.921364 0.167332 tcp 10.0.2.109 51649 -> 195.113.214.237 443 SRPA* 0 0 36 19086 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:48:06.089307 0.421871 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:06.511573 0.039138 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:06.551076 0.137252 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:06.688905 0.048127 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:06.737434 0.155809 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:06.893583 0.142034 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:07.035956 0.255881 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:07.292252 0.069649 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:07.362727 0.000000 udp 10.0.2.109 3683 -> 173.13.37.161 1028 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:48:25.726509 0.070600 tcp 10.0.2.109 51650 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:48:25.797390 0.081020 tcp 10.0.2.109 51651 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:48:25.878709 0.172893 tcp 10.0.2.109 51652 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:48:26.052182 0.334062 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:26.386676 0.238207 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:26.625276 0.052643 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:26.678334 0.135192 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:26.813949 0.157787 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:26.972098 0.000000 udp 10.0.2.109 3683 -> 176.73.148.5 2115 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:48:33.780752 3.000507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 10:48:40.787346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:48:43.562293 0.102208 tcp 10.0.2.109 51653 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:48:43.664748 0.079175 tcp 10.0.2.109 51654 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:48:43.744219 0.163102 tcp 10.0.2.109 51655 -> 195.113.214.237 443 SRPA* 0 0 22 13092 flow=From-Botnet-V1-TCP-Established 1970/01/09 10:48:43.908009 0.091338 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:43.999744 0.187007 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:44.187145 0.053597 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:44.241107 0.183510 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:44.425023 0.314006 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:44.739433 0.157972 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:44.897793 0.062654 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:44.960854 0.094316 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:45.055544 0.165671 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:45.221561 0.091131 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:45.313069 0.054930 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:45.368372 0.215231 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:48:45.583994 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:48:48.788620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:48:52.612585 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 10:48:52.612999 0.161544 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/09 10:49:04.791553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:49:36.797715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:55:40.803509 3.002168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 10:55:47.811540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:55:55.812906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:56:11.815799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 10:56:43.822111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:02:47.828736 3.001341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 11:02:54.835662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:03:02.837141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:03:18.840082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:03:50.845816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:04:16.543661 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 11:04:16.543747 1.982281 tcp 10.0.2.109 51656 -> 211.38.175.27 4598 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:09:54.852702 3.011092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 11:10:01.869421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:10:09.870994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:10:25.873794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:10:57.879594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:17:01.885758 3.001884 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 11:17:08.893264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:17:16.894529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:17:32.897445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:18:04.904002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:18:57.269590 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 11:18:57.269753 0.000000 udp 10.0.2.109 3683 -> 75.149.131.201 1430 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 11:19:13.043944 0.112218 tcp 10.0.2.109 51657 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:19:13.156010 0.071614 tcp 10.0.2.109 51658 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:19:13.227919 0.170438 tcp 10.0.2.109 51659 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:19:13.398986 0.000000 udp 10.0.2.109 3683 -> 173.13.37.161 1028 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 11:19:32.059966 0.075093 tcp 10.0.2.109 51660 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:19:32.135312 0.144014 tcp 10.0.2.109 51661 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:19:32.279174 0.171194 tcp 10.0.2.109 51662 -> 195.113.214.237 443 SRPA* 0 0 20 11522 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:19:32.450881 0.000000 udp 10.0.2.109 3683 -> 176.73.148.5 2115 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 11:19:48.062551 0.083088 tcp 10.0.2.109 51663 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:19:48.145934 0.073165 tcp 10.0.2.109 51664 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:19:48.219426 0.162779 tcp 10.0.2.109 51665 -> 195.113.214.237 443 SRPA* 0 0 23 13340 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:19:48.382834 0.171907 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:19:48.555156 0.035801 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:19:48.591363 0.365285 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:19:48.957078 0.161172 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:19:49.118668 0.176813 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:19:49.295872 0.000000 udp 10.0.2.109 3683 -> 77.22.244.77 9684 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 11:20:06.168540 0.079911 tcp 10.0.2.109 51666 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:20:06.248768 0.075735 tcp 10.0.2.109 51667 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:20:06.324389 0.200923 tcp 10.0.2.109 51668 -> 195.113.214.237 443 SRPA* 0 0 35 18598 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:20:06.524082 0.144312 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:06.668791 0.164044 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:06.833184 0.152813 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:06.986355 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 11:20:24.645694 0.071293 tcp 10.0.2.109 51669 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:20:24.717284 0.122462 tcp 10.0.2.109 51670 -> 195.113.214.237 80 SRPA* 0 0 22 16020 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:20:24.840154 0.035058 udp 10.0.2.109 3683 <-> 84.192.72.233 8873 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:24.876168 0.134931 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:25.011485 0.420716 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:25.432572 0.143422 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:25.576332 0.064686 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:25.641423 0.426681 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:26.068501 0.052488 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:26.121362 0.143599 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:26.265343 0.157686 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:26.423427 0.219933 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:26.643811 1.329985 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:27.974242 0.088807 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:28.063462 0.197041 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:28.260884 0.313298 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:28.574571 0.155823 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:28.730763 0.065475 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:28.796626 0.187773 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:28.984803 0.054388 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:29.039565 0.090217 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:29.130268 0.165843 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:29.296491 0.089299 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:29.386237 0.059976 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:29.446561 0.210184 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:29.657118 2.262946 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:20:31.920393 0.165830 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:24:08.909086 3.002738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 11:24:15.917547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:24:23.918901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:24:39.921729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:25:11.927851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:31:15.934003 3.001669 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 11:31:22.941149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:31:30.943015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:31:46.945929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:32:18.951949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:34:18.534667 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 11:34:18.534768 2.056306 tcp 10.0.2.109 51671 -> 211.38.175.27 4598 FSPA* 0 0 15 1747 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:38:22.957194 3.002226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 11:38:29.964802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:38:37.966869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:38:53.970019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:39:25.975542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:45:29.982024 3.001192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 11:45:36.988765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:45:44.990261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:46:00.993626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:46:32.999550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:51:00.294425 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 11:51:00.294523 0.037407 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:00.332312 0.046934 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:00.379628 0.032688 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:00.412629 0.359091 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:00.772065 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 11:51:19.002970 0.075758 tcp 10.0.2.109 51672 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:51:19.079005 0.076402 tcp 10.0.2.109 51673 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:51:19.155263 0.167910 tcp 10.0.2.109 51674 -> 195.113.214.237 443 SRPA* 0 0 24 14058 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:51:19.323698 0.161693 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:19.485739 0.175720 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:19.661821 0.154213 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:19.816427 0.164841 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:19.981691 0.146386 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:20.128438 0.000000 udp 10.0.2.109 3683 -> 84.192.72.233 8873 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 11:51:35.735914 0.071681 tcp 10.0.2.109 51675 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:51:35.807888 0.088258 tcp 10.0.2.109 51676 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:51:35.896470 0.185409 tcp 10.0.2.109 51677 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:51:36.082454 0.142037 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:36.224901 0.063220 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:36.288473 0.132229 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:36.421109 0.420666 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:36.842201 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 11:51:53.431216 0.074735 tcp 10.0.2.109 51678 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:51:53.506261 0.141361 tcp 10.0.2.109 51679 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:51:53.647906 0.170535 tcp 10.0.2.109 51680 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 11:51:53.818954 0.049791 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:53.869142 0.147604 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:54.017095 0.158644 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:54.176083 0.219342 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:54.395809 0.495154 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:54.891335 0.311443 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:55.203114 0.156333 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:55.359812 0.056717 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:55.416902 0.186351 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:55.603644 0.092423 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:55.696439 0.197350 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:55.894140 0.054918 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:55.949486 0.090356 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:56.040229 0.165275 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:56.205899 0.089341 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:56.295577 0.058383 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:56.354362 0.226606 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:51:56.581349 4.041686 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:52:00.623364 0.164474 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 11:52:37.006321 3.001009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 11:52:44.012824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:52:52.014712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:53:08.017671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:53:40.023936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:59:44.029986 3.001605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 11:59:51.036688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 11:59:59.038403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:00:15.041403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:00:47.047782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:04:20.595539 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 12:04:20.595736 1.928262 tcp 10.0.2.109 51681 -> 211.38.175.27 4598 FSPA* 0 0 15 1596 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:06:51.053816 3.001438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 12:06:58.060825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:07:06.062441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:07:22.065570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:07:54.071715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:13:58.077899 3.001160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 12:14:05.085351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:14:13.086365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:14:29.089839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:15:01.095518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:21:05.101865 3.001471 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 12:21:12.109214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:21:20.110302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:21:36.113105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:22:08.119215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:22:30.712146 0.000037 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 12:22:30.712224 0.181026 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:22:30.893668 0.000000 udp 10.0.2.109 3683 -> 84.192.72.233 8873 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 12:22:46.817465 0.156236 tcp 10.0.2.109 51682 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:22:46.974025 0.076790 tcp 10.0.2.109 51683 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:22:47.051115 0.171188 tcp 10.0.2.109 51684 -> 195.113.214.237 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:22:47.222871 0.267429 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:22:47.490696 0.042017 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:22:47.533125 0.032948 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:22:47.566457 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 12:23:04.832056 0.076897 tcp 10.0.2.109 51685 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:23:04.909284 0.120197 tcp 10.0.2.109 51686 -> 195.113.214.237 80 SRPA* 0 0 18 8384 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:23:05.028914 0.363285 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:05.392623 0.165349 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:05.558404 0.180232 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:05.739029 0.159719 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:05.899167 0.153630 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:06.053215 0.145462 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:06.199072 0.424447 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:06.624014 0.053528 udp 10.0.2.109 3683 <-> 176.73.143.18 9191 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:06.677947 0.144296 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:06.822629 0.134363 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:06.957381 0.049910 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:07.007659 0.139355 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:07.147438 0.157422 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:07.305265 0.221520 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:07.527122 0.000000 udp 10.0.2.109 3683 -> 190.129.24.18 2215 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 12:23:23.137777 0.070781 tcp 10.0.2.109 51687 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:23:23.208823 0.076958 tcp 10.0.2.109 51688 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:23:23.285604 0.176893 tcp 10.0.2.109 51689 -> 195.113.214.237 443 SRPA* 0 0 41 23496 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:23:23.461110 0.059825 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:23.521256 0.188514 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:23.710175 0.087044 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:23.797621 0.189818 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:23.987841 0.056020 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:24.044258 0.311852 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:24.356527 0.159059 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:24.515977 0.094324 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:24.610638 0.166101 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:24.777119 0.097885 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:24.875418 0.053722 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:24.929566 0.211173 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:25.141110 1.650505 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:23:26.792039 0.164507 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:28:12.156335 3.000986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 12:28:19.163041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:28:27.164204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:28:43.167641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:29:15.173619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:34:22.556464 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 12:34:22.556697 1.944279 tcp 10.0.2.109 51690 -> 211.38.175.27 4598 FSPA* 0 0 15 1656 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:35:19.180190 3.001280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 12:35:26.186575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:35:34.188100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:35:50.191852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:36:22.197565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:42:26.203157 3.002303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 12:42:33.210789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:42:41.212576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:42:57.215361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:43:29.221398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:49:33.227652 3.001307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 12:49:40.235196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:49:48.236508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:50:04.239376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:50:36.245338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:53:53.559281 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 12:53:53.559473 0.048530 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:53.608432 0.322872 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:53.931657 0.160132 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:54.092207 0.276526 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:54.369148 0.033088 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:54.402540 0.034675 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:54.437594 0.178269 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:54.616252 0.160082 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:54.776735 0.162300 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:54.939443 0.361232 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:55.301065 0.423175 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:53:55.724688 0.000000 udp 10.0.2.109 3683 -> 176.73.143.18 9191 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 12:54:13.109043 0.072763 tcp 10.0.2.109 51691 -> 195.113.214.237 80 FSPA* 0 0 10 1888 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:54:13.182307 0.131298 tcp 10.0.2.109 51692 -> 195.113.214.237 80 FSPA* 0 0 10 1920 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:54:13.313915 0.167696 tcp 10.0.2.109 51693 -> 195.113.214.237 443 SRPA* 0 0 23 12541 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:54:13.482470 0.142998 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:13.625870 0.138073 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:13.764321 0.052553 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:13.817242 0.147455 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:13.965092 0.152575 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:14.118042 0.220340 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:14.338761 0.157516 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:14.496659 0.137579 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:14.634618 0.088514 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:14.723501 0.184259 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:14.908227 0.054640 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:14.963270 0.183303 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:15.146979 0.058073 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:15.205423 0.311897 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:15.517727 0.157039 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:15.675152 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 12:54:30.692822 0.073894 tcp 10.0.2.109 51694 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:54:30.766999 0.083850 tcp 10.0.2.109 51695 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:54:30.851166 0.167861 tcp 10.0.2.109 51696 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/09 12:54:31.019557 0.169591 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:31.189536 0.095958 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:31.285847 0.053936 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:31.340102 0.211347 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:31.551840 2.048876 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:54:33.601143 0.165276 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/09 12:56:40.251235 3.001581 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 12:56:47.258568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:56:55.260623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:57:11.263691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 12:57:43.269383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:03:47.275111 3.002166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 13:03:54.282573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:04:02.284560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:04:18.287182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:04:24.506835 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 13:04:24.507015 2.032741 tcp 10.0.2.109 51697 -> 211.38.175.27 4598 FSPA* 0 0 14 1677 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:04:50.293564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:10:54.300150 3.000741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 13:11:01.306878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:11:09.307990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:11:25.311195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:11:57.317240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:18:01.323196 3.021823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 13:18:08.350574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:18:16.352066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:18:32.354908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:19:04.361326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:24:39.924159 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 13:24:39.924258 0.000000 udp 10.0.2.109 3683 -> 176.73.143.18 9191 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 13:24:58.321678 0.086885 tcp 10.0.2.109 51698 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:24:58.408843 0.114396 tcp 10.0.2.109 51699 -> 195.113.214.237 80 SRPA* 0 0 18 8384 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:24:58.523591 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 13:25:08.368171 3.001097 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 13:25:15.374956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:25:16.697312 0.076111 tcp 10.0.2.109 51700 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:25:16.773758 0.077333 tcp 10.0.2.109 51701 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:25:16.850946 0.179416 tcp 10.0.2.109 51702 -> 195.113.214.237 443 SRPA* 0 0 21 11368 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:25:17.030889 0.323386 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:17.354655 0.053160 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:17.408241 0.033096 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:17.441736 0.035825 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:17.477916 0.175938 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:17.654218 0.171509 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:17.826318 0.160887 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:17.987557 0.262391 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:18.250309 0.159731 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:18.410389 0.423013 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:18.833796 0.358945 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:19.193108 0.050962 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:19.244433 0.144562 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:19.389360 0.143098 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:19.532827 0.137770 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:19.670998 0.159388 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:19.830762 0.137859 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:19.969009 0.091198 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:20.060632 0.183429 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:20.244397 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 13:25:23.375905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:25:38.919390 0.075466 tcp 10.0.2.109 51703 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:25:38.995215 0.076175 tcp 10.0.2.109 51704 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:25:39.071864 0.170845 tcp 10.0.2.109 51705 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:25:39.243247 0.237164 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:39.379592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:25:39.480746 0.152157 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:39.633279 0.154152 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:39.787833 0.182974 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:39.971155 0.048440 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:40.019998 0.313263 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:40.333694 0.167860 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:40.501926 0.099692 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:40.602009 0.058049 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:40.660443 0.211028 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:40.871860 0.207922 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:25:41.080197 0.167652 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:26:11.384888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:32:15.391882 3.001293 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 13:32:22.398846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:32:30.399901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:32:46.403425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:33:18.409511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:34:26.547847 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 13:34:26.548077 1.935409 tcp 10.0.2.109 51706 -> 211.38.175.27 4598 FSPA* 0 0 15 1629 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:39:22.415967 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 13:39:29.422494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:39:37.424153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:39:53.427377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:40:25.433003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:46:29.439650 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 13:46:36.446558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:46:44.448066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:47:00.451409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:47:32.457469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:53:36.463655 3.001249 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 13:53:43.470660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:53:51.471824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:54:07.475379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:54:39.481343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 13:55:49.162028 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 13:55:49.162225 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 13:56:05.486498 0.074212 tcp 10.0.2.109 51707 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:56:05.560967 0.074462 tcp 10.0.2.109 51708 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:56:05.635771 0.149948 tcp 10.0.2.109 51709 -> 195.113.214.237 443 SRPA* 0 0 33 24295 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:56:05.786376 0.045673 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:05.832423 0.033035 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:05.865785 0.038363 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:05.904506 0.179387 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:06.084323 0.187192 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:06.271917 0.162599 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:06.434926 0.349146 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:06.784488 0.516115 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:07.301009 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 13:56:25.884648 0.077977 tcp 10.0.2.109 51710 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:56:25.962444 0.076618 tcp 10.0.2.109 51711 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:56:26.039329 0.146905 tcp 10.0.2.109 51712 -> 195.113.214.237 443 SRPA* 0 0 35 26919 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:56:26.186776 0.178760 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:26.365889 0.146989 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:26.513281 0.351117 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:26.864748 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 13:56:43.530552 0.073315 tcp 10.0.2.109 51713 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:56:43.604131 0.072129 tcp 10.0.2.109 51714 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:56:43.676193 0.147635 tcp 10.0.2.109 51715 -> 195.113.214.237 443 SRPA* 0 0 35 24849 flow=From-Botnet-V1-TCP-Established 1970/01/09 13:56:43.824444 0.157756 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:43.982539 0.152628 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:44.135504 0.143753 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:44.279640 0.050197 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:44.330229 0.183425 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:44.514028 0.088383 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:44.602800 0.156851 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:44.760042 0.183013 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:44.943482 0.048123 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:44.992034 0.221002 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:45.213387 0.151982 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:45.365760 0.312005 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:45.678342 0.166248 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:45.844998 0.088619 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:45.934011 0.052771 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:45.987147 0.206452 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:46.193994 0.141189 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/09 13:56:46.335568 0.166245 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:00:43.487041 3.001918 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 14:00:50.494414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:00:58.495870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:01:14.499380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:01:46.505330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:04:28.488335 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 14:04:28.488423 2.042835 tcp 10.0.2.109 51716 -> 211.38.175.27 4598 FSPA* 0 0 14 1650 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:07:50.511774 3.000623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 14:07:57.518161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:08:05.520086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:08:21.523141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:08:53.529247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:14:57.535883 3.000938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 14:15:04.542326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:15:12.543655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:15:28.546668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:16:00.553079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:22:04.559824 3.000583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 14:22:11.566268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:22:19.567700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:22:35.570754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:23:07.577255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:27:15.694043 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 14:27:15.694188 0.423587 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:16.118163 0.136108 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:16.254668 0.032938 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:16.288011 0.051686 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:16.340074 0.036595 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:16.377107 0.352148 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:16.729586 0.164643 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:16.894650 0.175852 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:17.070913 0.162176 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:17.233417 0.284678 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:17.518464 0.145382 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:17.664174 0.141652 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:17.806268 0.370614 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:18.177222 0.157332 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:18.334957 0.135487 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:18.470830 0.142184 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:18.613428 0.049644 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:18.663442 0.183455 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:18.847346 0.089688 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:18.937404 0.155809 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:19.093553 0.181946 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:19.275917 0.069896 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:19.346191 0.220912 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:19.567511 0.151673 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:19.719563 0.311338 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:20.031259 0.165886 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:20.197543 0.100249 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:20.298369 0.058025 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:20.356733 0.167179 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:20.524285 0.227294 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:27:20.751960 1.779216 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:29:11.583155 3.001427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 14:29:18.590534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:29:26.592148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:29:42.595396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:30:14.600768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:34:30.539598 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 14:34:30.539699 1.922383 tcp 10.0.2.109 51717 -> 211.38.175.27 4598 FSPA* 0 0 14 1570 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:36:18.607095 3.001337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 14:36:25.614651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:36:33.616152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:36:49.619025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:37:21.624545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:43:25.631410 3.001081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 14:43:32.638022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:43:40.639901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:43:56.642750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:44:28.649412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:50:32.655690 3.001540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 14:50:39.662501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:50:47.663936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:51:03.667128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:51:35.672604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:57:39.679092 3.001779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 14:57:42.640986 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 14:57:42.641129 0.418519 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:43.060062 0.138209 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:43.198640 0.033225 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:43.232273 0.053297 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:43.285932 0.035352 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:43.321674 0.313654 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:43.635741 0.164901 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:43.801066 0.276015 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:44.077487 0.173792 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:44.251649 0.142322 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:44.394499 0.175935 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:44.570772 0.158464 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:44.729631 0.359634 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:57:45.089627 0.000000 udp 10.0.2.109 3683 -> 71.2.232.26 7618 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 14:57:46.686305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:57:54.687680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:58:01.739734 0.075416 tcp 10.0.2.109 51718 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:58:01.815426 0.072798 tcp 10.0.2.109 51719 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:58:01.888594 0.143772 tcp 10.0.2.109 51720 -> 195.113.214.237 443 SRPA* 0 0 32 24709 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:58:02.032994 0.135265 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:02.168663 0.144466 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:02.313511 0.050542 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:02.364421 0.183576 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:02.548401 0.091402 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:02.640178 0.063253 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:02.703840 0.219590 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:02.924021 0.153810 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:03.078376 0.155096 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:03.233857 0.186272 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:03.420516 0.311302 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:03.732215 0.165161 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:03.897737 0.091572 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:03.989706 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 14:58:10.690760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 14:58:22.408359 0.074370 tcp 10.0.2.109 51721 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:58:22.482995 0.069652 tcp 10.0.2.109 51722 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:58:22.552983 0.156830 tcp 10.0.2.109 51723 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:58:22.710493 0.166856 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:22.877746 0.000000 udp 10.0.2.109 3683 -> 108.199.165.214 9919 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 14:58:39.833459 0.069286 tcp 10.0.2.109 51724 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:58:39.903030 0.077562 tcp 10.0.2.109 51725 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:58:39.980921 0.163516 tcp 10.0.2.109 51726 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/09 14:58:40.145199 1.596345 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/09 14:58:42.696456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:04:32.470012 0.000197 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 15:04:32.470302 2.039791 tcp 10.0.2.109 51727 -> 211.38.175.27 4598 FSPA* 0 0 14 1633 flow=From-Botnet-V1-TCP-Established 1970/01/09 15:04:46.702372 3.002290 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 15:04:53.710030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:05:01.711802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:05:18.175282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:05:50.181694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:11:54.188103 3.001195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 15:12:01.195265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:12:09.196373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:12:25.199658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:12:57.205338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:19:01.212031 3.001081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 15:19:08.218871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:19:16.220154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:19:32.223544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:20:04.229068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:26:08.235684 3.001671 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 15:26:15.242417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:26:23.314692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:26:39.317454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:27:11.323297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:28:53.140113 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 15:28:53.140365 0.157351 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:28:53.298227 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 15:29:09.756018 0.071453 tcp 10.0.2.109 51728 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 15:29:09.827747 0.077785 tcp 10.0.2.109 51729 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 15:29:09.905819 0.166286 tcp 10.0.2.109 51730 -> 195.113.214.237 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/09 15:29:10.072967 0.199114 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:10.272455 0.033006 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:10.305818 0.343853 udp 10.0.2.109 3683 <-> 190.129.24.18 2215 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:10.650244 0.166992 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:10.817598 0.136081 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:10.954014 0.035761 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:10.990102 0.049251 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:11.039720 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 15:29:27.410081 0.073812 tcp 10.0.2.109 51731 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/09 15:29:27.484229 0.072271 tcp 10.0.2.109 51732 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/09 15:29:27.556793 0.158096 tcp 10.0.2.109 51733 -> 195.113.214.237 443 SRPA* 0 0 23 11452 flow=From-Botnet-V1-TCP-Established 1970/01/09 15:29:27.715427 0.144580 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:27.860408 0.256420 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:28.117242 0.174129 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:28.291734 0.176938 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:28.469109 0.176866 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:28.646376 0.349361 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:28.996143 0.089334 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:29.085839 0.065294 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:29.151522 0.211139 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:29.363048 0.136842 udp 10.0.2.109 3683 <-> 67.87.59.187 3841 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:29.500262 0.049097 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:29.549765 0.143393 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:29.693556 0.183443 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:29.877509 0.312037 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:30.190007 0.167117 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:30.357520 0.103669 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:30.461524 0.172011 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:30.634005 0.152499 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:30.786851 0.182714 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:30.970007 0.165732 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:29:31.136137 0.365109 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:33:15.330021 3.011224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 15:33:22.346671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:33:30.348048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:33:46.351708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:34:18.357108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:34:34.781969 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 15:34:34.782201 1.904675 tcp 10.0.2.109 51734 -> 211.38.175.27 4598 FSPA* 0 0 14 1705 flow=From-Botnet-V1-TCP-Established 1970/01/09 15:40:22.363460 3.001711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 15:40:29.370672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:40:37.372152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:40:53.375418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:41:25.381012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:47:29.387973 3.000710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 15:47:36.394554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:47:44.396753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:48:00.399035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:48:32.405585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:54:36.412181 3.000691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 15:54:43.418401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:54:51.420114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:55:07.423664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:55:39.429350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 15:59:53.354664 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 15:59:53.354844 0.421307 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:59:53.776549 0.157748 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:59:53.934681 0.804231 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:59:54.739314 0.161816 udp 10.0.2.109 3683 <-> 108.239.148.207 9611 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:59:54.901526 0.032958 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/09 15:59:54.934860 0.000000 udp 10.0.2.109 3683 -> 190.129.24.18 2215 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 16:00:10.561238 0.070782 tcp 10.0.2.109 51735 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:00:10.632276 0.079774 tcp 10.0.2.109 51736 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:00:10.711894 0.159439 tcp 10.0.2.109 51737 -> 195.113.214.237 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:00:10.871955 0.047790 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:10.920146 0.036201 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:10.956736 0.137698 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:11.094835 0.140037 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:11.235310 0.176886 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:11.412592 0.175886 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:11.588920 0.315225 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:11.904542 0.181618 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:12.086550 0.354444 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:12.441346 0.090619 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:12.532283 0.063663 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:12.596285 0.220936 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:12.817568 0.000000 udp 10.0.2.109 3683 -> 67.87.59.187 3841 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 16:00:28.335289 0.074397 tcp 10.0.2.109 51738 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:00:28.409833 0.075147 tcp 10.0.2.109 51739 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:00:28.485273 0.158497 tcp 10.0.2.109 51740 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:00:28.644340 0.049335 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:28.694082 0.146201 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:28.840625 0.183225 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:29.024263 0.097247 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:29.121906 0.168196 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:29.290517 0.151858 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:29.442773 0.311210 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:29.754544 0.165668 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:29.920631 0.236149 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:30.157127 0.186563 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:00:30.344037 0.163326 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:01:43.435925 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 16:01:50.442490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:01:58.444320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:02:14.446896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:02:46.453581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:04:36.692213 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 16:04:36.692303 1.956700 tcp 10.0.2.109 51741 -> 211.38.175.27 4598 FSPA* 0 0 12 1441 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:08:50.459908 3.000815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 16:08:57.466728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:09:05.468136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:09:21.471296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:09:53.477212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:15:57.484022 3.001016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 16:16:04.490767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:16:12.491964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:16:28.495299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:17:00.501260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:23:04.507344 3.001471 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 16:23:11.514505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:23:19.516022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:23:35.518881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:24:07.555539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:30:11.561877 3.000749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 16:30:18.568444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:30:26.570076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:30:42.573381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:30:51.386569 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 16:30:51.386740 0.000000 udp 10.0.2.109 3683 -> 190.129.24.18 2215 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 16:31:06.549986 0.073391 tcp 10.0.2.109 51742 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:31:06.623713 0.092163 tcp 10.0.2.109 51743 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:31:06.716126 0.158432 tcp 10.0.2.109 51744 -> 195.113.214.237 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:31:06.875140 0.000000 udp 10.0.2.109 3683 -> 67.87.59.187 3841 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 16:31:14.579070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:31:25.214667 0.073696 tcp 10.0.2.109 51745 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:31:25.288651 0.073966 tcp 10.0.2.109 51746 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:31:25.362960 0.156054 tcp 10.0.2.109 51747 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:31:25.519515 0.420404 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:25.940378 0.197234 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:26.137958 0.000000 udp 10.0.2.109 3683 -> 108.239.148.207 9611 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 16:31:44.031670 0.069576 tcp 10.0.2.109 51748 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:31:44.101566 0.073518 tcp 10.0.2.109 51749 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:31:44.175362 0.165339 tcp 10.0.2.109 51750 -> 195.113.214.237 443 SRPA* 0 0 27 11692 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:31:44.341278 0.157262 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:44.498915 0.032812 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:44.532080 0.176331 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:44.708828 0.113863 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:44.823123 0.055040 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:44.878490 0.161873 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:45.040695 0.176226 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:45.217237 0.262927 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:45.480540 0.144696 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:45.625631 0.091390 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:45.717444 0.062909 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:45.780704 0.211448 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:45.992526 0.370375 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:46.363261 0.166508 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:46.530323 0.049958 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:46.580649 0.144270 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:46.725359 0.183285 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:46.909020 0.092965 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:47.002384 0.170204 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:47.172930 0.153727 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:47.327035 0.311329 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:47.638766 0.182700 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:47.821794 0.164837 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:47.986981 0.165819 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/09 16:31:48.153209 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 16:32:05.833615 0.073834 tcp 10.0.2.109 51751 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:32:05.907739 0.074545 tcp 10.0.2.109 51752 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:32:05.982571 0.161906 tcp 10.0.2.109 51753 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:34:38.653150 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 16:34:38.653342 2.052800 tcp 10.0.2.109 51754 -> 211.38.175.27 4598 FSPA* 0 0 14 1510 flow=From-Botnet-V1-TCP-Established 1970/01/09 16:37:18.585911 3.000872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 16:37:25.593079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:37:33.593812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:37:49.597033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:38:21.603399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:44:25.609031 3.001692 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 16:44:32.616192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:44:40.618142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:44:56.620861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:45:28.626914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:51:32.633622 3.001643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 16:51:39.640587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:51:47.641785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:52:03.645358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:52:35.651453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:58:39.656543 3.001829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 16:58:46.664864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:58:54.666249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:59:10.668864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 16:59:42.674744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:02:15.895580 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 17:02:15.895709 0.000000 udp 10.0.2.109 3683 -> 108.239.148.207 9611 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 17:02:32.391261 0.073643 tcp 10.0.2.109 51755 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 17:02:32.465188 0.077439 tcp 10.0.2.109 51756 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 17:02:32.542937 0.138758 tcp 10.0.2.109 51757 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/09 17:02:32.682526 0.146498 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:32.829380 0.423316 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:33.253086 0.211910 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:33.465343 0.032443 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:33.498306 0.164726 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:33.663376 0.035912 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:33.699671 0.054131 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:33.754239 0.157667 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:33.912388 0.232329 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:34.145126 0.147372 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:34.292916 0.092263 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:34.385542 0.063235 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:34.449172 0.177155 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:34.626731 0.174745 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:34.801892 0.073014 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:34.875325 0.050067 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:34.925706 0.141653 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:35.067696 0.219884 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:35.287945 0.360354 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:35.648684 0.092239 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:35.741313 0.172065 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:35.913788 0.156715 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:36.070917 0.311396 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:36.382698 0.185587 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:36.568656 0.184097 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:02:36.753111 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 17:02:51.987848 0.069193 tcp 10.0.2.109 51758 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 17:02:52.057328 0.078949 tcp 10.0.2.109 51759 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 17:02:52.136584 0.158153 tcp 10.0.2.109 51760 -> 195.113.214.237 443 SRPA* 0 0 35 19372 flow=From-Botnet-V1-TCP-Established 1970/01/09 17:02:52.294216 0.165686 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:04:40.714043 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 17:04:40.714152 2.050146 tcp 10.0.2.109 51761 -> 211.38.175.27 4598 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/01/09 17:05:46.681796 3.000536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 17:05:53.688361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:06:01.689767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:06:17.693250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:06:49.699543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:12:53.705489 3.001072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 17:13:00.712355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:13:08.714182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:13:24.717100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:13:56.722749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:20:00.728618 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 17:20:07.736320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:20:15.738278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:20:31.740995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:21:03.747023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:27:07.753258 3.001337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 17:27:14.760079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:27:22.762010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:27:38.765252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:28:10.771237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:33:09.060300 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 17:33:09.060544 0.385801 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:09.446791 1.161218 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:10.608371 0.171840 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:10.780633 0.035172 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:10.816172 0.046233 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:10.862788 0.418888 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:11.282084 0.218071 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:11.500572 0.032884 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:11.533800 0.173076 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:11.707278 0.168137 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:11.875808 0.090065 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:11.966312 0.050269 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:12.016891 0.176476 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:12.193793 0.165173 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:12.359354 0.167233 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:12.527004 0.315693 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:12.843054 0.166059 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:13.009515 0.212067 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:13.221977 0.352556 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:13.574902 0.093566 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:13.668946 0.187483 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:13.856802 0.050804 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:13.908000 0.184534 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:14.092947 0.153297 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:14.246653 0.311084 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:14.558180 0.186079 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:33:14.744604 0.165702 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/09 17:34:14.797521 3.000713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 17:34:21.804058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:34:29.806047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:34:42.765192 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 17:34:42.765318 2.048511 tcp 10.0.2.109 51762 -> 211.38.175.27 4598 FSPA* 0 0 15 1572 flow=From-Botnet-V1-TCP-Established 1970/01/09 17:34:45.808508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:35:17.815310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:41:21.821593 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 17:41:28.828171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:41:36.829468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:41:52.832762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:42:24.838586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:48:28.844319 3.002941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 17:48:35.852149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:48:43.853479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:48:59.856628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:49:31.863103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:55:35.869275 3.001394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 17:55:42.875956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:55:50.877488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:56:06.880652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 17:56:38.887021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:02:42.893168 3.001521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 18:02:49.900112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:02:57.901613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:03:13.904767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:03:37.659163 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 18:03:37.659241 0.205669 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:37.865268 0.035370 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:37.900999 0.055157 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:37.956562 3.992183 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:41.949082 0.149621 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:42.099105 0.426396 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:42.525887 0.208190 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:42.734485 0.033251 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:42.768081 0.169511 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:42.937999 0.163044 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:43.101424 0.089890 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:43.191718 0.048162 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:43.240268 0.176792 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:43.417525 0.190479 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:43.608396 0.174152 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:43.782916 0.283746 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:44.067074 0.376059 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:44.443533 0.090083 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:44.534045 0.192357 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:44.726795 0.147754 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:44.874946 0.233010 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:45.108316 0.049809 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:45.158512 0.183799 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:45.342752 0.153565 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:45.496742 0.311820 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:45.809003 0.196151 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:03:45.911076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:03:46.005585 0.165507 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:04:44.816428 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 18:04:44.816527 1.967517 tcp 10.0.2.109 51763 -> 211.38.175.27 4598 FSPA* 0 0 15 1601 flow=From-Botnet-V1-TCP-Established 1970/01/09 18:09:49.916326 3.031986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 18:09:56.953862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:10:04.955779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:10:20.959096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:10:52.965056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:16:56.971274 3.020805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 18:17:03.998294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:17:11.999915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:17:28.002479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:18:00.008497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:24:04.014546 3.002075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 18:24:11.021811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:24:19.023734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:24:35.036661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:25:07.042819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:31:11.049300 3.000866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 18:31:18.056023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:31:26.057442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:31:42.060332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:32:14.066734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:33:58.987876 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 18:33:58.988092 0.166773 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:33:59.155218 0.036362 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:33:59.191981 0.059619 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:33:59.251955 0.420404 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:33:59.672774 0.216886 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:33:59.890070 0.032905 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:33:59.923374 0.954869 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:00.878591 0.140856 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:01.019839 0.157136 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:01.177356 0.146508 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:01.324204 0.089625 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:01.414252 0.048055 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:01.462706 0.175905 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:01.639007 0.167657 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:01.807053 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 18:34:18.597991 0.042592 tcp 10.0.2.109 51764 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 18:34:18.640883 0.042713 tcp 10.0.2.109 51765 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 18:34:18.683890 0.133423 tcp 10.0.2.109 51766 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/09 18:34:18.818953 0.095639 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:18.915060 0.172606 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:19.088081 0.142799 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:19.231269 0.255609 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:19.487282 0.351272 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:19.838947 0.220156 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:20.059436 0.049638 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:20.109413 0.183468 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:20.293290 0.153183 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:20.446861 0.311328 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:20.758642 0.183376 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:20.942370 0.170596 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/09 18:34:46.786675 1.918806 tcp 10.0.2.109 51767 -> 211.38.175.27 4598 FSPA* 0 0 15 1743 flow=From-Botnet-V1-TCP-Established 1970/01/09 18:38:18.072782 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 18:38:25.080412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:38:33.081839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:38:49.084952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:39:21.091056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:45:25.096501 3.001828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 18:45:32.104096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:45:40.105438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:45:56.108943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:46:28.114809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:52:32.121291 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 18:52:39.128218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:52:47.129644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:53:03.132611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:53:35.138230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:59:39.144404 3.001987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 18:59:46.152058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 18:59:54.153699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:00:10.156850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:00:42.162543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:04:33.975934 0.000158 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 19:04:33.976178 0.168106 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:34.144634 0.047233 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:34.192279 0.424064 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:34.616708 0.209929 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:34.827072 0.192433 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:35.019893 0.036340 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:35.056561 0.140471 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:35.197441 0.032983 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:35.230798 0.157506 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:35.388706 0.144768 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:35.533881 0.089072 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:35.623368 0.051793 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:35.675566 0.177738 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:35.853705 0.186186 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:36.040293 0.134952 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:36.175694 0.143832 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:36.319924 0.287574 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:36.607956 0.359570 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:36.967962 0.092279 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:37.060624 0.171831 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:37.232889 0.211835 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:37.445131 0.050613 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:37.496139 0.183907 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:37.680483 0.153543 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:37.834495 0.314247 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:38.149176 0.185915 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:38.335489 0.164994 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:04:48.707843 2.002193 tcp 10.0.2.109 51768 -> 211.38.175.27 4598 FSPA* 0 0 14 1502 flow=From-Botnet-V1-TCP-Established 1970/01/09 19:06:46.168848 3.001421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 19:06:53.175645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:07:01.177281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:07:17.180291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:07:49.186269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:13:53.193002 3.001137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 19:14:00.199917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:14:08.201094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:14:24.204579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:14:56.210791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:21:00.216222 3.001569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 19:21:07.224114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:21:15.225669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:21:31.238368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:22:03.244694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:28:07.250225 3.031664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 19:28:14.287755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:28:22.289118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:28:38.292654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:29:10.298140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:34:48.655504 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 19:34:48.655752 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 19:34:50.719059 1.920540 tcp 10.0.2.109 51769 -> 211.38.175.27 4598 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/01/09 19:35:07.234022 0.045471 tcp 10.0.2.109 51770 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 19:35:07.279770 0.045204 tcp 10.0.2.109 51771 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 19:35:07.325331 0.140139 tcp 10.0.2.109 51772 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/09 19:35:07.466019 0.199425 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:07.665847 0.174874 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:07.841130 0.052508 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:07.894053 0.324033 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:08.218456 0.036454 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:08.255328 2.212095 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:10.467770 0.033235 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:10.501437 0.157451 udp 10.0.2.109 3683 <-> 71.2.232.26 7618 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:10.659285 0.147623 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:10.807298 0.088235 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:10.895901 0.059234 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:10.955522 0.177333 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:11.133226 0.161292 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:11.294869 0.136916 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:11.432153 0.141002 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:11.573509 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 19:35:14.303983 3.001961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 19:35:21.312147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:35:27.661764 0.043888 tcp 10.0.2.109 51773 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 19:35:27.705968 0.045009 tcp 10.0.2.109 51774 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 19:35:27.751240 0.138313 tcp 10.0.2.109 51775 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/09 19:35:27.890281 0.366675 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:28.257359 0.090370 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:28.348075 0.170378 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:28.518871 0.220526 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:28.739814 0.049943 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:28.790174 0.183721 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:28.974403 0.154594 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:29.129412 0.166666 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:29.296448 0.312503 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:29.313649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:35:29.609371 0.183212 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/09 19:35:31.343880 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 19:35:45.316504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:36:17.322750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:42:21.328269 3.001477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 19:42:28.336142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:42:36.337452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:42:52.340145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:43:24.346384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:49:28.352054 3.001666 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 19:49:35.359983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:49:43.361521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:49:59.364099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:50:31.370666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:56:35.376464 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 19:56:42.383848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:56:50.385173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:57:06.387943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 19:57:38.394832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:03:42.400833 3.001185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 20:03:49.407391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:03:57.409556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:04:13.412125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:04:45.417996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:04:52.639202 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 20:04:52.639297 1.933001 tcp 10.0.2.109 51776 -> 211.38.175.27 4598 FSPA* 0 0 15 1693 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:05:50.822587 0.422659 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:05:51.245692 0.280336 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:05:51.526417 0.207822 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:05:51.734660 0.181801 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:05:51.916854 0.047717 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:05:51.964970 0.034584 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:05:51.999974 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 20:05:55.548870 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 20:06:09.541555 0.074245 tcp 10.0.2.109 51777 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:06:09.616071 0.074960 tcp 10.0.2.109 51778 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:06:09.691350 0.137935 tcp 10.0.2.109 51779 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:06:09.829891 1.209935 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:11.040158 0.145059 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:11.185612 0.088128 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:11.274291 0.000000 udp 10.0.2.109 3683 -> 71.2.232.26 7618 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 20:06:28.326871 0.072769 tcp 10.0.2.109 51780 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:06:28.399959 0.071255 tcp 10.0.2.109 51781 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:06:28.471492 0.135722 tcp 10.0.2.109 51782 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:06:28.607871 0.032877 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:28.641148 0.192560 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:28.834100 0.138068 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:28.972566 0.142968 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:29.115937 0.177739 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:29.294055 0.056519 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:29.350971 0.156534 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:29.507936 0.221205 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:29.729514 0.049081 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:29.778941 0.354167 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:30.133499 0.093201 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:30.227109 0.184620 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:30.412129 0.155516 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:30.568055 0.166372 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:30.734771 0.310580 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:06:31.045728 0.186098 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:10:49.424863 3.001168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 20:10:56.431592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:11:04.433052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:11:20.436015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:11:52.442056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:17:56.448257 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 20:18:03.455688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:18:11.457160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:18:27.460380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:18:59.466607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:25:03.472034 3.001704 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 20:25:10.479683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:25:18.480808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:25:34.484027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:26:06.490339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:32:10.506826 3.010959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 20:32:17.523308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:32:25.524985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:32:41.528189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:33:13.534263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:34:54.580375 0.000197 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 20:34:54.580690 1.957004 tcp 10.0.2.109 51783 -> 211.38.175.27 4598 FSPA* 0 0 15 1776 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:36:55.844303 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 20:36:55.844401 0.167381 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:36:56.012190 0.000000 udp 10.0.2.109 3683 -> 71.2.232.26 7618 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 20:37:11.137364 0.075155 tcp 10.0.2.109 51784 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:37:11.212784 0.071569 tcp 10.0.2.109 51785 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:37:11.284640 0.137320 tcp 10.0.2.109 51786 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:37:11.422600 0.268456 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:11.691456 0.420340 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:12.112169 0.200287 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:12.312876 0.052449 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:12.365689 0.180097 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:12.546353 0.036169 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:12.582875 0.144927 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:12.728199 2.689672 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:15.418289 0.087223 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:15.505886 0.035913 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:15.542212 0.159769 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:15.702576 0.139000 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:15.841945 0.145995 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:15.988335 0.176871 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:16.165611 0.055384 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:16.221392 0.155698 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:16.377465 0.211587 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:16.589486 0.050755 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:16.640611 0.189149 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:16.830249 0.155735 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:16.986531 0.165457 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:17.152394 0.403889 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:17.556655 0.095329 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:17.652404 0.311732 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/09 20:37:17.964574 0.000000 udp 10.0.2.109 3683 -> 108.255.85.52 9066 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 20:37:35.932112 0.066295 tcp 10.0.2.109 51787 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:37:35.998783 0.076532 tcp 10.0.2.109 51788 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:37:36.075652 0.137118 tcp 10.0.2.109 51789 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/09 20:39:17.540352 3.001650 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 20:39:24.547535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:39:32.549475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:39:48.551962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:40:20.557942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:46:24.563526 3.002218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 20:46:31.571864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:46:39.573006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:46:55.576102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:47:27.582263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:53:31.588601 3.001134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 20:53:38.595867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:53:46.597423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:54:02.599821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 20:54:34.605957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:00:38.612589 3.001347 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 21:00:45.619894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:00:53.621395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:01:09.623830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:01:41.629892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:04:56.540805 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 21:04:56.541030 2.116844 tcp 10.0.2.109 51790 -> 211.38.175.27 4598 FSPA* 0 0 14 1730 flow=From-Botnet-V1-TCP-Established 1970/01/09 21:07:44.932494 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 21:07:44.932591 0.186703 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:07:45.119702 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 21:07:45.635701 3.002319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 21:07:52.643701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:08:00.645040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:08:02.428830 0.073952 tcp 10.0.2.109 51791 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 21:08:02.503057 0.071346 tcp 10.0.2.109 51792 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 21:08:02.574685 0.136046 tcp 10.0.2.109 51793 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/09 21:08:02.711254 0.255443 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:02.967040 0.210090 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:03.177545 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 21:08:16.648352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:08:18.511436 0.068513 tcp 10.0.2.109 51794 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 21:08:18.580290 0.071555 tcp 10.0.2.109 51795 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 21:08:18.652129 0.137992 tcp 10.0.2.109 51796 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/09 21:08:18.790644 0.164626 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:18.955640 0.035422 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:18.991420 0.145977 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:19.137800 0.420698 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:19.558897 0.033110 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:19.592377 0.160751 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:19.753511 0.140689 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:19.894550 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 21:08:26.764472 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 21:08:26.764852 0.092314 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:26.857583 0.178608 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:27.036546 0.051663 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:27.088580 0.157681 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:27.246660 0.219508 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:27.466561 0.050576 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:27.517497 0.184344 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:27.751709 0.146085 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:27.898233 0.102163 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:28.000752 0.165447 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:28.166584 0.153789 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:28.320767 0.345528 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:28.666694 0.312089 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:08:48.654014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:14:52.659885 3.001559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 21:14:59.667625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:15:07.668797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:15:23.671718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:15:55.677748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:21:59.684205 3.001786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 21:22:06.691620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:22:14.693166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:22:30.695592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:23:02.701598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:29:06.708745 3.000802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 21:29:13.795793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:29:21.796646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:29:37.799664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:30:09.806060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:34:58.691868 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 21:34:58.691949 2.288358 tcp 10.0.2.109 51797 -> 211.38.175.27 4598 FSPA* 0 0 15 1742 flow=From-Botnet-V1-TCP-Established 1970/01/09 21:36:13.812209 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 21:36:20.819744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:36:28.820736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:36:44.823986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:37:16.830314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:38:44.096305 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 21:38:44.096399 0.168157 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:44.264986 0.047376 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:44.312761 0.182582 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:44.495761 0.284438 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:44.780606 0.212516 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:44.993486 0.170421 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:45.164234 0.039701 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:45.204278 0.146103 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:45.350775 0.421469 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:45.772665 0.033011 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:45.806044 0.163390 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:45.969799 0.137063 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:46.107257 3.082758 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:49.190389 0.090148 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:49.280866 0.178629 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:49.459907 0.051253 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:49.511492 0.155005 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:49.666922 0.222616 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:49.889943 0.050840 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:49.941132 0.190320 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:50.131849 0.146238 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:50.278487 0.153883 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:50.432776 0.355516 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:50.788696 0.093516 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:50.882598 0.165464 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:38:51.048421 0.310865 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/09 21:43:20.835671 3.002245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 21:43:27.843219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:43:35.845112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:43:51.847761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:44:23.854046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:50:27.860638 3.001176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 21:50:34.867851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:50:42.868768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:50:58.871635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:51:30.877796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:57:34.884683 3.000627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 21:57:41.891472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:57:49.892840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:58:05.896040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 21:58:37.902247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:04:41.907339 3.002121 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 22:04:48.915247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:04:56.917006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:05:00.983317 0.000178 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 22:05:00.983590 2.005443 tcp 10.0.2.109 51798 -> 211.38.175.27 4598 FSPA* 0 0 14 1752 flow=From-Botnet-V1-TCP-Established 1970/01/09 22:05:12.919689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:05:44.925879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:08:56.602060 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 22:08:56.602157 0.190123 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:56.792649 0.268645 rtcp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:57.061728 0.163418 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:57.225497 0.049569 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:57.275488 0.221489 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:57.497384 0.081612 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:57.579347 0.035103 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:57.614813 0.144513 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:57.759721 0.420719 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:58.180829 0.032877 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:58.214064 0.174360 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:58.388815 0.134364 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:08:58.523603 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 22:09:04.848607 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 22:09:04.848998 0.087038 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:04.936439 0.175715 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:05.112532 0.056240 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:05.169279 0.156398 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:05.326028 0.212216 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:05.538662 0.145677 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:05.684685 0.155457 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:05.840555 0.346289 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:06.187257 0.126377 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:06.314042 0.049801 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:06.364237 0.189771 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:09:06.554448 0.000000 udp 10.0.2.109 3683 -> 99.91.214.150 1059 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 22:09:24.033531 0.075031 tcp 10.0.2.109 51799 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 22:09:24.108857 0.071467 tcp 10.0.2.109 51800 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 22:09:24.180615 0.157891 tcp 10.0.2.109 51801 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 22:09:24.339192 0.312695 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:11:48.931507 3.001743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 22:11:55.939288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:12:03.940832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:12:19.943431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:12:51.950578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:18:55.956187 3.071401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 22:19:03.033406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:19:11.035127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:19:27.037649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:19:59.043716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:26:03.050566 3.010970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 22:26:10.067721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:26:18.068882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:26:34.071481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:27:06.077744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:33:10.084382 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 22:33:17.091367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:33:25.092633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:33:41.095574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:34:13.102155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:35:03.024142 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 22:35:03.024227 1.963078 tcp 10.0.2.109 51802 -> 211.38.175.27 4598 FSPA* 0 0 15 1570 flow=From-Botnet-V1-TCP-Established 1970/01/09 22:39:29.837931 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 22:39:29.838215 0.167156 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:30.005782 0.183635 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:30.189823 0.167782 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:30.358034 0.050942 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:30.409311 0.207611 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:30.617276 0.179824 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:30.797499 0.035360 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:30.833282 0.146933 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:30.980661 0.277885 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:31.258942 0.418730 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:31.678049 0.138642 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:31.817052 0.159225 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:31.976701 0.032790 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:32.009881 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 22:39:37.391177 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 22:39:37.391515 0.054225 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:37.446313 0.090484 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:37.537231 0.220121 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:37.757745 0.148951 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:37.907071 0.153138 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:38.060601 0.157406 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:38.218386 0.178337 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:38.397113 0.190414 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:38.587886 0.374575 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:38.962882 0.103321 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:39.066563 0.049828 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:39:39.116727 0.313229 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/09 22:40:17.108240 3.001373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 22:40:24.115564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:40:32.116847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:40:48.119820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:41:20.126091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:47:24.131379 3.002347 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 22:47:31.139240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:47:39.140603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:47:55.143869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:48:27.150270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:54:31.156100 3.001649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 22:54:38.163443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:54:46.164335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:55:02.167645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 22:55:34.173423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:01:38.180598 3.001133 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 23:01:45.187588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:01:53.188552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:02:09.191646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:02:41.197747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:05:04.995137 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 23:05:04.995248 1.930109 tcp 10.0.2.109 51803 -> 211.38.175.27 4598 FSPA* 0 0 14 1641 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:08:45.204066 3.021312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 23:08:52.231077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:09:00.232273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:09:16.235575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:09:40.851401 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 23:09:40.851498 0.166334 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:41.018212 0.184334 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:41.202896 0.167565 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:41.370873 0.049578 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:41.420830 0.211984 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:41.633157 0.177222 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:41.810772 0.037864 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:41.848983 0.419401 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:42.268794 0.140435 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:42.409638 0.144880 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:42.554923 0.261058 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:42.816330 0.158514 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:42.975297 0.033437 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:43.009125 2.459746 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:45.469196 0.052176 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:45.521704 0.139181 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:45.661288 0.229085 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:45.890742 0.151493 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:46.042571 0.177295 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:46.220216 0.194516 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:09:46.415125 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 23:09:48.241696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:10:01.622933 0.073839 tcp 10.0.2.109 51804 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:10:01.697050 0.075307 tcp 10.0.2.109 51805 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:10:01.772666 0.150866 tcp 10.0.2.109 51806 -> 195.113.214.237 443 SRPA* 0 0 33 24763 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:10:01.924072 0.154392 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:10:02.078855 0.155873 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:10:02.235080 0.312866 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:10:02.548303 0.101507 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:10:02.650235 0.050620 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:15:52.247798 3.041539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 23:15:59.295284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:16:07.296332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:16:23.299641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:16:55.305898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:22:59.311950 3.001062 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 23:23:06.319540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:23:14.320487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:23:30.323478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:24:02.329840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:30:06.335689 3.001921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 23:30:13.343080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:30:21.344835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:30:37.347750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:31:09.353982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:35:06.936118 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 23:35:06.936322 1.994872 tcp 10.0.2.109 51807 -> 211.38.175.27 4598 FSPA* 0 0 14 1544 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:37:13.359761 3.001570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 23:37:20.367147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:37:28.368762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:37:44.371978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:38:16.377647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:40:30.841136 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/09 23:40:30.841379 0.240547 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:40:31.082353 0.000000 udp 10.0.2.109 3683 -> 108.255.85.52 9066 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 23:40:48.939283 0.077553 tcp 10.0.2.109 51808 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:40:49.017128 0.074079 tcp 10.0.2.109 51809 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:40:49.091515 0.165731 tcp 10.0.2.109 51810 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:40:49.257980 0.167323 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:40:49.425678 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/09 23:41:07.444384 0.073534 tcp 10.0.2.109 51811 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:41:07.518401 0.072961 tcp 10.0.2.109 51812 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:41:07.591596 0.169158 tcp 10.0.2.109 51813 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/09 23:41:07.761369 0.202642 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:07.964385 0.080916 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:08.045673 0.036065 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:08.082290 0.166457 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:08.249093 0.420299 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:08.669736 0.229097 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:08.899224 0.146754 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:09.046381 0.134656 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:09.181460 0.165108 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:09.346950 0.033168 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:09.380457 0.232270 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:09.613122 0.141035 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:09.754535 0.045526 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:09.800440 0.089505 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:09.890349 0.184831 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:10.075567 0.146798 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:10.222773 0.179259 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:10.402379 0.314060 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:10.716774 0.102341 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:10.819583 0.050158 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:10.870165 0.154010 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:41:11.024512 0.155413 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/09 23:44:20.384057 3.000901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/09 23:44:27.391447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:44:35.392188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:44:51.395694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:45:23.401673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:51:27.407461 3.001915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 23:51:34.415191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:51:42.416713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:51:58.419288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:52:30.425815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:58:34.431157 3.001862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/09 23:58:41.438601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:58:49.440456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:59:05.443932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/09 23:59:37.449175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:05:08.936581 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 00:05:08.936676 2.040128 tcp 10.0.2.109 51814 -> 211.38.175.27 4598 FSPA* 0 0 15 1766 flow=From-Botnet-V1-TCP-Established 1970/01/10 00:05:41.456018 3.001304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 00:05:48.463239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:05:56.464067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:06:12.467603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:06:44.473366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:11:18.287782 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 00:11:18.288026 0.054709 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:18.343174 0.183298 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:18.526849 0.281369 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:18.808553 0.164476 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:18.973456 0.212716 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:19.186549 0.102105 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:19.289011 0.038347 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:19.327765 0.168639 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:19.496821 0.590802 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:20.087981 0.268510 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:20.356922 0.147820 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:20.505142 0.139341 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:20.644865 0.164212 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 198 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:20.809502 0.035076 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:20.844912 0.228708 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:21.073981 2.693323 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:23.767725 0.049044 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:23.817163 0.090838 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:23.908423 0.182292 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:24.091045 0.314063 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:24.405553 0.090181 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:24.496182 0.050578 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:24.547144 0.185250 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:24.732805 0.145248 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:24.878418 0.155744 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:11:25.034559 0.156990 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:12:48.480211 3.000941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 00:12:55.487144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:13:03.488698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:13:19.491314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:13:51.497805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:19:55.502821 3.002400 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 00:20:02.510941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:20:10.511987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:20:26.515545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:20:58.521135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:27:02.527990 3.001334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 00:27:09.535065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:27:17.535971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:27:33.539353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:28:05.545491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:34:09.551663 3.001596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 00:34:16.559106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:34:24.570734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:34:40.573446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:35:10.977809 0.000178 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 00:35:10.978080 2.539167 tcp 10.0.2.109 51815 -> 211.38.175.27 4598 FSPA* 0 0 13 1513 flow=From-Botnet-V1-TCP-Established 1970/01/10 00:35:12.579309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:41:16.585638 3.001048 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 00:41:23.593025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:41:31.594342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:41:47.597150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:41:49.259805 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 00:41:49.259900 0.270668 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:41:49.530925 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 00:42:05.635383 0.071993 tcp 10.0.2.109 51816 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 00:42:05.707628 0.074207 tcp 10.0.2.109 51817 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 00:42:05.782187 0.160069 tcp 10.0.2.109 51818 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/10 00:42:05.942771 0.054257 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:05.997469 0.186966 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:06.184814 0.051874 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:06.237096 0.166277 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:06.403800 0.211846 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:06.616034 0.061636 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:06.678035 0.421222 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:07.099616 0.261834 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:07.361868 0.147800 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:07.510048 0.135266 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:07.645665 0.159255 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:07.805306 0.033122 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:07.838785 0.228687 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:08.067848 0.086003 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:08.154413 0.142528 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:08.297404 0.049203 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:08.346993 0.178430 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:08.525819 0.311832 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:08.838235 0.089796 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:08.928422 0.050202 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:08.978940 0.190574 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:09.169922 0.146656 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:09.316950 0.154885 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:09.472208 0.156053 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/10 00:42:19.603694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:48:23.609500 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 00:48:30.617129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:48:38.618041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:48:54.621091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:49:26.627087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:55:30.653678 3.001628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 00:55:37.661010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:55:45.662037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:56:01.664881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 00:56:33.671347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:02:37.677694 3.001597 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 01:02:44.684693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:02:52.685980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:03:08.689358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:03:40.695562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:05:13.539643 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 01:05:13.539754 2.036971 tcp 10.0.2.109 51819 -> 211.38.175.27 4598 FSPA* 0 0 15 1556 flow=From-Botnet-V1-TCP-Established 1970/01/10 01:09:44.701482 3.001278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 01:09:51.708302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:09:59.710094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:10:15.713060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:10:47.719269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:12:36.926465 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 01:12:36.926564 0.167050 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:37.094045 0.242055 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:37.336480 0.035579 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:37.372452 0.166421 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:37.539290 0.203291 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:37.742973 0.129940 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:37.873315 0.048979 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:37.922656 0.186136 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:38.109163 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 01:12:53.141228 0.076952 tcp 10.0.2.109 51820 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 01:12:53.218400 0.071875 tcp 10.0.2.109 51821 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 01:12:53.290560 0.171438 tcp 10.0.2.109 51822 -> 195.113.214.237 443 SRPA* 0 0 25 14112 flow=From-Botnet-V1-TCP-Established 1970/01/10 01:12:53.462704 0.250148 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:53.713253 0.143444 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:53.857113 0.135296 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:53.992746 0.183677 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:54.176806 0.032792 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:54.209971 0.211546 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:54.421937 0.090639 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:54.512967 0.138539 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:54.651892 0.052546 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:54.704791 0.178524 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:54.883732 0.314493 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:55.198631 0.089483 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:55.288507 0.148709 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:55.437615 0.153396 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:55.591409 0.156880 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:55.748632 0.049733 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:12:55.798715 0.184400 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 199 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:16:51.725754 3.001328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 01:16:58.732510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:17:06.733891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:17:22.737276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:17:54.743306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:23:58.749218 3.001541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 01:24:05.756451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:24:13.758306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:24:29.761059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:25:01.767356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:31:05.773173 3.001950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 01:31:12.780190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:31:20.781987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:31:36.784938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:32:08.791498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:35:15.580689 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 01:35:15.580981 1.935970 tcp 10.0.2.109 51823 -> 211.38.175.27 4598 FSPA* 0 0 13 1637 flow=From-Botnet-V1-TCP-Established 1970/01/10 01:38:12.797073 3.001833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 01:38:19.804515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:38:27.805981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:38:43.809305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:39:15.815342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:43:05.516157 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 01:43:05.516257 0.420772 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:05.937501 0.035969 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:05.973843 0.166560 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:06.140775 0.201230 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:06.342518 0.168568 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:06.511478 0.054720 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:06.566560 0.230679 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:06.797666 0.165601 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:06.963687 0.000000 udp 10.0.2.109 3683 -> 108.255.85.52 9066 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 01:43:24.835264 0.070996 tcp 10.0.2.109 51824 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 01:43:24.906211 0.074676 tcp 10.0.2.109 51825 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 01:43:24.981178 0.169069 tcp 10.0.2.109 51826 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/10 01:43:25.150900 0.139447 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:25.290768 0.243762 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:25.534905 0.152582 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:25.687894 0.167030 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:25.855283 0.033017 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:25.888616 0.219786 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:26.108796 0.091072 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:26.200195 3.087624 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:29.288216 0.065204 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:29.353795 0.178229 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:29.532408 0.140365 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:29.673138 0.153955 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:29.827485 0.154932 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:29.982799 0.052594 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:30.035808 0.185276 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:30.221415 0.313134 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:43:30.534967 0.090915 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/10 01:45:19.821821 3.000746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 01:45:26.828779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:45:34.830437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:45:50.833052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:46:22.838679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:52:26.845115 3.001209 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 01:52:33.852455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:52:41.853956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:52:57.856799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:53:29.863112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:59:33.868268 3.002620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 01:59:40.876058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 01:59:48.878070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:00:04.881052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:00:36.886753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:05:17.520660 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 02:05:17.520829 1.954151 tcp 10.0.2.109 51827 -> 211.38.175.27 4598 FSPA* 0 0 15 1619 flow=From-Botnet-V1-TCP-Established 1970/01/10 02:06:40.893797 3.000749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 02:06:47.900240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:06:55.901952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:07:11.904665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:07:43.910791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:13:47.916997 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 02:13:54.924011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:13:58.269426 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 02:13:58.269527 0.186415 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:13:58.456371 0.424391 udp 10.0.2.109 3683 <-> 202.165.88.73 2770 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:13:58.881176 0.055565 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:13:58.937149 0.166292 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:13:59.103803 0.054311 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:13:59.158478 0.233921 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:13:59.392803 0.166345 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:13:59.559501 0.174692 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:13:59.734614 0.222122 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:13:59.957164 0.139166 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:00.096733 0.276696 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:00.373836 0.147052 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:00.521280 0.159014 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:00.680693 0.041027 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:00.722156 0.221972 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:00.944477 0.088165 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:01.033115 0.533314 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:01.566781 0.053159 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:01.620262 0.178814 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:01.799417 0.141942 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:01.941774 0.157948 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:02.100119 0.155429 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:02.255932 0.312514 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:02.568780 0.090210 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:02.659368 0.050789 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:02.710542 0.224744 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:14:02.925988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:14:18.929230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:14:50.935274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:20:54.940786 3.001722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 02:21:01.948640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:21:09.950041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:21:25.952585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:21:57.958938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:28:01.965423 3.001121 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 02:28:08.972296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:28:16.973956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:28:32.976900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:29:05.033106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:35:09.039074 3.001759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 02:35:16.046070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:35:19.491902 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 02:35:19.492129 2.362690 tcp 10.0.2.109 51828 -> 211.38.175.27 4598 FSPA* 0 0 14 1688 flow=From-Botnet-V1-TCP-Established 1970/01/10 02:35:24.048109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:35:40.050700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:36:12.056511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:42:16.062276 3.002674 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 02:42:23.070630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:42:31.072047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:42:47.074919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:43:19.080787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:44:29.812620 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 02:44:29.812754 0.037517 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:29.850667 0.182862 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:30.033901 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 02:44:46.989387 0.066781 tcp 10.0.2.109 51829 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 02:44:47.056438 0.086546 tcp 10.0.2.109 51830 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 02:44:47.143254 0.170793 tcp 10.0.2.109 51831 -> 195.113.214.237 443 SRPA* 0 0 27 14784 flow=From-Botnet-V1-TCP-Established 1970/01/10 02:44:47.314778 0.166306 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:47.481485 0.149306 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:47.631184 0.355305 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:47.986864 0.168137 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:48.155387 0.187930 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:48.343685 0.218225 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:48.562331 0.137914 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:48.700621 0.264559 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:48.965582 0.149826 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:49.115805 0.172092 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:49.288320 0.033198 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:49.321924 0.221163 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:49.543434 0.054310 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:49.598247 0.178377 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:49.777071 0.146868 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:49.924331 0.089079 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:50.013815 0.138683 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:50.152817 0.150472 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:50.303661 0.156553 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:50.460636 0.313126 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:50.774159 0.120767 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:50.895345 0.049661 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:44:50.945388 0.184805 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/10 02:49:23.087661 3.000702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 02:49:30.094392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:49:38.095634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:49:54.098716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:50:26.104436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:56:30.111613 3.000698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 02:56:37.117962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:56:45.119994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:57:01.123186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 02:57:33.128816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:03:37.134277 3.002002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 03:03:44.142328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:03:52.143334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:04:08.147012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:04:40.152848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:05:21.862851 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 03:05:21.862947 2.559127 tcp 10.0.2.109 51832 -> 211.38.175.27 4598 FSPA* 0 0 14 1671 flow=From-Botnet-V1-TCP-Established 1970/01/10 03:10:44.159185 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 03:10:51.165955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:10:59.167776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:11:15.170910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:11:47.176912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:15:08.597064 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 03:15:08.597163 0.000000 udp 10.0.2.109 3683 -> 202.165.88.73 2770 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 03:15:25.341954 0.105947 tcp 10.0.2.109 51833 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 03:15:25.448182 0.067014 tcp 10.0.2.109 51834 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 03:15:25.515485 0.172468 tcp 10.0.2.109 51835 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/10 03:15:25.688625 0.036823 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:25.725824 0.187432 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:25.913656 0.165152 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:26.079254 0.050255 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:26.129887 0.463730 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:26.594058 0.200989 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:26.795486 0.135710 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:26.931592 0.262667 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:27.194643 0.164669 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:27.359664 0.177257 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:27.537281 0.148444 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:27.686082 0.158800 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:27.845254 0.033091 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:27.878644 0.233387 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:28.112447 0.051392 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:28.164252 0.179087 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:28.343741 0.146909 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:28.491015 0.152596 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:28.644009 0.155088 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:28.799499 0.312432 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:29.112264 0.110386 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:29.223001 0.048919 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:29.272326 0.087006 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:29.359690 0.412966 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:15:29.773077 0.184606 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:17:51.183097 3.001221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 03:17:58.189825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:18:06.191541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:18:22.194485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:18:54.200318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:24:58.206252 3.001779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 03:25:05.214453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:25:13.215811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:25:29.218933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:26:01.225016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:32:05.230887 3.001435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 03:32:12.237832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:32:20.239483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:32:36.242586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:33:08.248815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:35:24.424663 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 03:35:24.424757 2.221968 tcp 10.0.2.109 51836 -> 211.38.175.27 4598 FSPA* 0 0 12 1477 flow=From-Botnet-V1-TCP-Established 1970/01/10 03:39:12.253844 3.002076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 03:39:19.262090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:39:27.263143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:39:43.266579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:40:15.272825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:45:53.539163 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 03:45:53.539366 0.227580 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:53.767361 0.353005 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:54.120703 0.458545 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:54.579625 0.321156 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:54.901176 0.283829 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:55.185373 0.325936 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:55.511687 0.226136 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:55.738219 0.427693 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:56.166476 0.357014 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:56.523815 0.389533 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:56.913789 0.268693 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:57.182902 0.307054 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:57.490406 0.106359 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:57.597174 0.263696 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:57.861268 0.256429 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:58.118126 0.260753 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:58.379350 0.255609 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:58.635350 0.331711 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:58.967444 0.139942 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:59.107766 0.473900 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:59.582074 0.211914 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:59.794399 0.164698 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:45:59.959494 0.215471 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:46:00.175344 0.279410 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:46:00.455111 0.313324 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/10 03:46:19.277982 3.001925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 03:46:26.286232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:46:34.287287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:46:50.290312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:47:22.296366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:53:26.302533 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 03:53:33.309630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:53:41.311786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:53:57.314742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 03:54:29.320115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:00:33.326485 3.001605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 04:00:40.333727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:00:48.335384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:01:04.338658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:01:36.344261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:05:26.646335 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 04:05:26.646422 2.309531 tcp 10.0.2.109 51837 -> 211.38.175.27 4598 FSPA* 0 0 14 1727 flow=From-Botnet-V1-TCP-Established 1970/01/10 04:07:40.351043 3.001095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 04:07:47.357960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:07:55.359531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:08:11.362103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:08:43.368633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:14:47.374457 3.001696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 04:14:54.382073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:15:02.383265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:15:18.386691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:15:50.392538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:16:16.680367 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 04:16:16.680454 0.363363 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:17.044452 0.496767 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:17.541589 0.454147 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:17.996105 0.597909 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:18.594528 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 04:16:34.327786 0.353299 tcp 10.0.2.109 51838 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 04:16:34.681402 0.364420 tcp 10.0.2.109 51839 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 04:16:35.046267 0.718748 tcp 10.0.2.109 51840 -> 195.113.214.237 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/10 04:16:35.765396 0.316757 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:36.082544 0.214612 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:36.297560 0.358742 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:36.656706 0.420835 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:37.077950 0.383831 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:37.462162 0.338528 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:37.801093 0.379773 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:38.181272 0.282353 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:38.463987 0.474049 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:38.938397 0.500329 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:39.439163 0.524547 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:39.964083 0.397728 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:40.362359 0.486036 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:40.848736 0.386461 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:41.235629 0.577932 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:41.813924 0.436803 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:42.251149 0.128682 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:42.380180 0.337036 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:42.717644 0.251541 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:16:42.969599 1.642242 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:21:54.398224 3.001548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 04:22:01.405898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:22:09.407148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:22:25.410237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:22:57.416670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:29:01.422604 3.001290 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 04:29:08.430229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:29:16.431479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:29:32.433937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:30:04.439958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:35:28.957329 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 04:35:28.957424 3.965248 tcp 10.0.2.109 51841 -> 211.38.175.27 4598 FSPA* 0 0 15 1664 flow=From-Botnet-V1-TCP-Established 1970/01/10 04:36:08.446778 3.000840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 04:36:15.453513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:36:23.455691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:36:39.457919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:37:11.464207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:43:15.470619 3.001140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 04:43:22.477667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:43:30.479185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:43:46.482334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:44:18.488483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:46:48.804738 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 04:46:48.804842 0.772314 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:46:49.577564 0.891199 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:46:50.469161 0.631593 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:46:51.101137 0.000000 udp 10.0.2.109 3683 -> 108.255.85.52 9066 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 04:47:07.072374 1.331487 tcp 10.0.2.109 51842 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 04:47:08.404100 1.352322 tcp 10.0.2.109 51843 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 04:47:09.756659 2.745093 tcp 10.0.2.109 51844 -> 195.113.214.237 443 SRPA* 0 0 21 12436 flow=From-Botnet-V1-TCP-Established 1970/01/10 04:47:12.502332 0.822007 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:13.324690 0.826496 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:14.151567 0.946307 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:15.098269 0.789037 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:15.887690 0.797583 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:16.685644 0.968279 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:17.654351 0.827536 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:18.482312 0.785735 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:19.268394 0.652307 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:19.921086 0.874500 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:20.796030 0.837788 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:21.634216 0.782839 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:22.417448 0.803491 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:23.221309 0.865324 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:24.087014 0.597464 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:24.684843 0.938024 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:25.623215 0.886102 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:26.509672 0.810699 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:27.320683 0.718880 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:28.039926 0.699482 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:47:28.739816 1.190929 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/10 04:50:22.494034 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 04:50:29.501604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:50:37.503198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:50:53.506136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:51:25.512105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:57:29.519160 3.000379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 04:57:36.525460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:57:44.527290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:58:00.529826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 04:58:32.535992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:04:36.541875 3.002011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 05:04:43.549784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:04:51.551320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:05:07.554591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:05:32.931169 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 05:05:32.931375 1.008651 tcp 10.0.2.109 51845 -> 211.38.175.27 4598 SPA_* 0 0 9 1077 flow=From-Botnet-V1-TCP-Established 1970/01/10 05:05:39.560116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:05:40.214090 0.002588 tcp 10.0.2.109 51845 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/10 05:11:43.566277 3.011285 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 05:11:50.583628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:11:58.585373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:12:14.588256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:12:46.593788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:17:36.411238 0.091993 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 05:17:36.503443 0.741037 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:17:37.244923 0.759538 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:17:38.004869 0.785896 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:17:38.791190 0.711488 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:17:39.503088 0.913410 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:17:40.416861 0.754938 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:17:41.172182 0.936324 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:17:42.108966 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 9203 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 05:17:59.025537 1.114545 tcp 10.0.2.109 51846 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 05:18:00.140379 1.136470 tcp 10.0.2.109 51847 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 05:18:01.276734 2.342559 tcp 10.0.2.109 51848 -> 195.113.214.237 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/10 05:18:03.619985 0.766984 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:04.387296 0.838612 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:05.226412 0.742241 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:05.969190 0.674297 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:06.643888 0.710435 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:07.354706 0.814654 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:08.169834 0.826116 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:08.996376 0.891771 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:09.888581 0.843015 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:10.731924 0.772267 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:11.504527 0.667840 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:12.172783 1.027710 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:13.200912 0.853852 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:14.055694 0.763311 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:14.819424 0.714481 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:15.534460 0.630357 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:16.165200 1.685645 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:18:50.640335 3.001328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 05:18:57.647923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:19:05.648807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:19:21.652391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:19:53.658227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:25:57.664812 3.001050 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 05:26:04.671820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:26:12.673159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:26:28.675941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:27:00.682407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:33:04.689094 3.000930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 05:33:11.695414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:33:19.696837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:33:35.699694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:34:07.706120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:35:40.260273 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 05:35:40.260511 3.730692 tcp 10.0.2.109 51849 -> 211.38.175.27 4598 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/01/10 05:40:11.712624 3.011149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 05:40:18.729403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:40:26.730862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:40:42.733907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:41:14.740340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:47:18.746044 3.001915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 05:47:25.753552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:47:33.755216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:47:49.758223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:48:21.764204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:48:44.777344 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 05:48:44.777537 0.803587 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:45.581553 0.830568 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:46.412522 0.752884 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:47.165822 0.914483 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:48.080719 0.715557 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:48.796709 0.872118 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:49.669205 0.841242 udp 10.0.2.109 3683 <-> 99.91.214.150 1059 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:50.510825 1.111341 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:51.622578 0.803826 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:52.426810 1.022329 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:53.449482 0.746006 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:54.195882 0.815639 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:55.011893 0.595441 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:55.607775 0.801591 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:56.409767 0.824740 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:57.234926 0.926046 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:58.161372 0.805535 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:58.967313 0.854074 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:48:59.821795 0.590203 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:49:00.412342 1.022815 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:49:01.435531 0.856719 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:49:02.292612 0.782148 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:49:03.075155 0.731545 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:49:03.807135 0.576033 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:49:04.383490 1.700091 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/10 05:54:25.770406 3.001469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 05:54:32.777266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:54:40.779228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:54:56.781995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 05:55:28.787642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:01:32.794168 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 06:01:39.801281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:01:47.802771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:02:03.805832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:02:35.812136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:05:43.992818 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:05:43.992988 2.929649 tcp 10.0.2.109 51850 -> 211.38.175.27 4598 FSPA* 0 0 15 1627 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:08:39.818755 3.000910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 06:08:46.825091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:08:54.827054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:09:10.829873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:09:42.835890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:15:46.841536 3.002034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 06:15:53.849653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:16:01.851060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:16:17.854006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:16:49.859889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:19:17.132165 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:19:17.132264 0.455484 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:17.588172 0.490501 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:18.079216 0.454987 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:18.534603 0.568581 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:19.103520 0.317228 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:19.421166 0.544181 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:19.965750 0.000000 udp 10.0.2.109 3683 -> 99.91.214.150 1059 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:19:37.282659 0.705985 tcp 10.0.2.109 51851 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:19:37.988977 0.344767 tcp 10.0.2.109 51852 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:19:38.334039 0.858145 tcp 10.0.2.109 51853 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:19:39.192800 0.527380 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:39.720601 0.335995 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:40.056983 0.458898 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:40.516325 0.359483 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:40.876232 0.376658 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:41.253245 0.239647 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:41.493270 0.381155 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:41.874835 0.364940 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:42.240208 0.427792 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:42.668424 0.341224 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:43.010057 0.339581 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:43.350023 0.290076 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:43.640485 0.594398 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:44.235251 0.451413 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:44.687062 0.421419 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:45.108883 0.379354 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:45.488620 0.409289 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:19:45.898353 0.675145 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:22:53.866165 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 06:23:00.873594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:23:08.875229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:23:24.877462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:23:56.883477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:30:00.890107 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 06:30:07.896992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:30:15.898971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:30:31.901651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:31:03.907736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:35:46.925599 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:35:46.925704 2.721782 tcp 10.0.2.109 51854 -> 211.38.175.27 4598 FSPA* 0 0 15 1619 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:37:07.914489 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 06:37:14.921149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:37:22.922702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:37:38.925794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:38:10.931926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:44:14.937699 3.002080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 06:44:21.945319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:44:29.946973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:44:45.949861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:45:17.955741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:50:04.478337 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:50:04.478432 0.000000 udp 10.0.2.109 3683 -> 99.91.214.150 1059 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:50:23.166462 0.729806 tcp 10.0.2.109 51855 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:50:23.896545 0.647054 tcp 10.0.2.109 51856 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:50:24.543913 1.377995 tcp 10.0.2.109 51857 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:50:25.922465 0.525607 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:26.448519 0.559037 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:27.007930 0.411043 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:27.419332 0.610681 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:28.030377 0.285077 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:28.315811 0.482935 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:28.799157 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:50:46.579314 0.657122 tcp 10.0.2.109 51858 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:50:47.236712 0.656046 tcp 10.0.2.109 51859 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:50:47.893049 1.346861 tcp 10.0.2.109 51860 -> 195.113.214.237 443 SRPA* 0 0 25 13918 flow=From-Botnet-V1-TCP-Established 1970/01/10 06:50:49.240831 0.502368 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:49.743565 0.469090 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:50.213036 0.633596 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:50.846978 0.345108 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:51.192520 0.413289 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:51.606357 0.493822 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:52.100604 0.454922 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:52.555920 0.518648 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:53.074956 0.553283 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:53.628665 0.444535 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:54.073660 0.378121 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:54.452136 0.583937 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:55.036472 1.187879 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:56.224761 0.378161 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:56.603305 0.368742 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:56.972480 0.472791 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:57.445611 0.402505 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:57.862563 0.710173 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 777 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:58.573332 0.445745 udp 10.0.2.109 3683 <-> 108.255.85.52 9066 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:59.019654 0.491085 udp 10.0.2.109 3683 <-> 46.233.34.99 9203 CON 0 0 2 801 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:59.516938 0.463035 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 718 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:50:59.980540 0.608103 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 656 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:00.589213 0.476052 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 776 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:01.065854 0.280771 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 773 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:01.347114 0.466121 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 750 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:01.813920 0.577720 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 758 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:02.392193 0.357603 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 730 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:02.750312 0.386920 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 680 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:03.137692 0.470387 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:03.608657 0.496086 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 674 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:04.105313 0.476308 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 756 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:04.582224 0.572995 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 852 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:05.155806 0.432687 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 683 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:05.588941 0.348338 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:05.937925 0.616036 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:06.554582 0.485454 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 797 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:07.040639 0.604458 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 683 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:07.645692 0.385971 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 764 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:08.032287 0.400720 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:08.433678 3.224564 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 668 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:11.658854 0.439765 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 855 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:12.099511 0.506862 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:12.621465 0.252446 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:51:12.887387 0.000000 udp 10.0.2.109 3683 -> 58.211.29.98 9979 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:51:20.897687 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:51:21.962302 3.001131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 06:51:25.904982 0.000000 udp 10.0.2.109 3683 -> 5.146.171.52 7876 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:51:28.968791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:51:31.272636 0.000000 udp 10.0.2.109 3683 -> 124.178.140.68 4395 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:51:36.189680 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:51:36.970678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:51:38.132834 0.000000 udp 10.0.2.109 3683 -> 188.121.192.23 3859 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:51:45.543330 0.000000 udp 10.0.2.109 3683 -> 108.18.182.31 3420 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:51:52.973710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:51:54.345998 0.000000 udp 10.0.2.109 3683 -> 80.195.39.105 9821 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:52:00.424243 0.000000 udp 10.0.2.109 3683 -> 66.162.9.208 2122 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:52:07.785241 0.000000 udp 10.0.2.109 3683 -> 80.169.202.242 9327 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:52:15.966955 0.402922 udp 10.0.2.109 3683 -> 89.210.26.147 7331 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:52:16.369877 0.000000 icmp 89.210.26.147 0x0303 -> 10.0.2.109 0xa31c URP 192 1 170 flow=Background 1970/01/10 06:52:20.683372 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:52:21.294806 0.000000 udp 10.0.2.109 3683 -> 93.67.243.131 8552 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:52:24.979974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:52:29.857152 0.000000 udp 10.0.2.109 3683 -> 79.210.54.54 2613 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:52:38.128638 0.000000 udp 10.0.2.109 3683 -> 146.255.2.106 3317 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:52:44.627751 0.000000 udp 10.0.2.109 3683 -> 186.6.223.55 2209 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:52:49.965744 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:52:56.224544 0.000000 udp 10.0.2.109 3683 -> 80.36.234.42 2109 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:53:03.705859 0.000000 udp 10.0.2.109 3683 -> 82.106.29.170 5906 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:53:08.692456 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:53:10.695237 0.000000 udp 10.0.2.109 3683 -> 92.74.156.242 2336 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:53:18.636922 0.000000 udp 10.0.2.109 3683 -> 23.24.76.117 3168 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:53:25.566830 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:53:31.275470 0.000000 udp 10.0.2.109 3683 -> 79.8.86.141 4498 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:53:37.834301 0.000000 udp 10.0.2.109 3683 -> 91.39.83.243 9714 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:53:44.955198 0.000000 udp 10.0.2.109 3683 -> 87.24.2.194 4081 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:53:52.065152 0.000000 udp 10.0.2.109 3683 -> 88.227.68.61 9837 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:53:56.691310 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:53:58.054132 0.000000 udp 10.0.2.109 3683 -> 78.152.125.2 8385 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:54:06.556077 0.405604 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:54:06.972096 0.394218 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 665 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:54:07.381635 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:54:14.136995 0.000000 udp 10.0.2.109 3683 -> 95.137.167.17 6559 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:54:20.235445 0.000000 udp 10.0.2.109 3683 -> 117.242.168.174 2202 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:54:27.285620 0.000000 udp 10.0.2.109 3683 -> 79.5.50.198 6806 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:54:35.577465 0.000000 udp 10.0.2.109 3683 -> 86.180.83.50 9460 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:54:42.717554 0.320295 udp 10.0.2.109 3683 <-> 87.153.126.86 4545 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:54:43.056788 0.000000 udp 10.0.2.109 3683 -> 95.237.224.70 3946 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:54:47.684739 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:54:48.215719 0.000000 udp 10.0.2.109 3683 -> 80.81.0.120 9503 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:54:56.817828 0.000000 udp 10.0.2.109 3683 -> 41.188.1.30 3761 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:55:01.905440 0.000000 udp 10.0.2.109 3683 -> 188.3.20.169 5197 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:55:10.317564 0.327028 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:55:10.655574 0.000000 udp 10.0.2.109 3683 -> 173.217.224.134 5177 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:55:17.457626 0.000000 udp 10.0.2.109 3683 -> 82.107.156.32 2612 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:55:25.089214 0.000000 udp 10.0.2.109 3683 -> 78.87.185.198 1024 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:55:33.700944 0.660502 udp 10.0.2.109 3683 <-> 59.115.40.236 2346 CON 0 0 2 710 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:55:34.370349 0.423849 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:55:34.807622 0.000000 udp 10.0.2.109 3683 -> 79.38.30.118 7292 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:55:38.687853 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:55:42.864077 0.000000 udp 10.0.2.109 3683 -> 174.44.198.251 9389 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:55:48.863010 0.000000 udp 10.0.2.109 3683 -> 95.137.146.45 1054 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:55:53.900439 0.000000 udp 10.0.2.109 3683 -> 80.116.248.40 3890 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:55:59.498354 0.575369 udp 10.0.2.109 3683 <-> 14.97.114.78 2039 CON 0 0 2 770 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:56:00.106022 0.000000 udp 10.0.2.109 3683 -> 95.224.214.119 1701 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:56:08.511645 0.000000 udp 10.0.2.109 3683 -> 41.250.110.200 6398 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:56:15.180646 0.000000 udp 10.0.2.109 3683 -> 92.234.13.59 9046 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:56:23.472480 0.000000 udp 10.0.2.109 3683 -> 37.99.76.60 4893 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:56:28.189149 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:56:29.941680 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:56:37.202362 0.000000 udp 10.0.2.109 3683 -> 79.37.102.38 4324 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:56:43.320964 0.000000 udp 10.0.2.109 3683 -> 93.192.137.111 6589 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:56:49.210182 0.493019 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 855 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:56:49.733622 0.608790 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 789 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:56:50.351940 0.492547 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 784 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:56:50.859576 0.355325 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 836 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:56:51.225244 0.359137 udp 10.0.2.109 3683 <-> 92.20.158.207 4478 CON 0 0 2 692 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:56:51.593239 0.000000 udp 10.0.2.109 3683 -> 125.2.83.168 4368 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:56:58.663512 0.000000 udp 10.0.2.109 3683 -> 172.129.32.85 3980 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:57:06.274041 0.321954 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:57:06.801248 0.000000 udp 10.0.2.109 3683 -> 70.113.215.93 3192 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:57:14.145538 0.000000 udp 10.0.2.109 3683 -> 184.148.126.28 9266 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:57:18.692025 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:57:20.604774 0.000000 udp 10.0.2.109 3683 -> 86.160.238.166 9969 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:57:29.187503 0.000000 udp 10.0.2.109 3683 -> 66.189.88.238 9162 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:57:36.547900 0.000000 udp 10.0.2.109 3683 -> 134.3.115.148 9419 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:57:44.940162 0.647417 udp 10.0.2.109 3683 <-> 14.97.23.192 7779 CON 0 0 2 775 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:57:45.600435 0.403515 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 701 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:57:46.021902 0.000000 udp 10.0.2.109 3683 -> 98.229.142.155 7447 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:57:53.732339 0.000000 udp 10.0.2.109 3683 -> 80.58.221.36 2250 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:02.384764 0.000000 udp 10.0.2.109 3683 -> 95.224.40.185 8276 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:07.191929 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:58:08.894190 0.000000 udp 10.0.2.109 3683 -> 184.74.16.119 7551 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:16.194768 0.312678 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 779 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:58:16.529435 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 2600 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:21.722952 0.000000 udp 10.0.2.109 3683 -> 78.160.9.92 1058 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:28.985800 3.001341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 06:58:29.724495 0.452296 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:58:30.185941 0.525323 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:58:30.732422 0.000000 udp 10.0.2.109 3683 -> 91.11.69.206 5832 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:35.823059 0.000000 udp 10.0.2.109 3683 -> 142.177.141.38 4755 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:35.993406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:58:41.441227 0.487941 udp 10.0.2.109 3683 <-> 75.52.70.200 9688 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:58:41.938708 0.000000 udp 10.0.2.109 3683 -> 24.88.248.115 2722 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:43.994958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:58:50.164183 0.000000 udp 10.0.2.109 3683 -> 95.227.67.150 3581 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:54.690420 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:58:58.756004 0.000000 udp 10.0.2.109 3683 -> 162.203.161.125 5497 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:58:59.997713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:59:04.734775 0.000000 udp 10.0.2.109 3683 -> 95.253.224.5 7276 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:59:09.881823 0.000000 udp 10.0.2.109 3683 -> 87.6.122.69 3613 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:59:16.751602 0.000000 udp 10.0.2.109 3683 -> 31.223.32.175 4274 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:59:22.279540 0.000000 udp 10.0.2.109 3683 -> 14.201.112.146 1852 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:59:27.978212 0.000000 udp 10.0.2.109 3683 -> 95.177.51.186 9158 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:59:32.003551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 06:59:33.195517 0.405747 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:59:33.881204 0.351884 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 671 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:59:34.453732 0.000000 udp 10.0.2.109 3683 -> 188.216.148.27 1134 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:59:39.183700 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 06:59:39.845270 0.428174 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 790 flow=From-Botnet-V1-UDP-Established 1970/01/10 06:59:40.298570 0.000000 udp 10.0.2.109 3683 -> 95.239.66.95 1851 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:59:49.218390 0.000000 udp 10.0.2.109 3683 -> 99.155.22.227 4499 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 06:59:57.370504 0.000000 udp 10.0.2.109 3683 -> 82.15.193.127 2579 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:00:03.649462 0.000000 udp 10.0.2.109 3683 -> 85.189.141.67 2894 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:00:10.318776 0.000000 udp 10.0.2.109 3683 -> 81.144.233.246 1140 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:00:18.690851 0.000000 udp 10.0.2.109 3683 -> 92.232.219.88 1712 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:00:23.687575 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 07:00:26.131460 0.000000 udp 10.0.2.109 3683 -> 70.184.106.29 6298 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:00:33.532118 0.000000 udp 10.0.2.109 3683 -> 218.103.32.197 9286 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:00:39.070026 0.000000 udp 10.0.2.109 3683 -> 24.43.11.22 6509 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:00:45.149319 0.000000 udp 10.0.2.109 3683 -> 95.254.115.104 3818 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:00:53.781095 0.000000 udp 10.0.2.109 3683 -> 217.155.195.57 3520 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:00:58.848721 0.759004 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 831 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:00:59.616447 0.000000 udp 10.0.2.109 3683 -> 98.175.165.173 8272 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:01:08.162117 0.000000 udp 10.0.2.109 3683 -> 203.15.121.61 2078 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:01:12.688003 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 07:01:16.674696 0.000000 udp 10.0.2.109 3683 -> 59.167.25.129 9713 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:01:22.302399 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:01:27.680210 0.000000 udp 10.0.2.109 3683 -> 74.108.67.59 5006 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:01:33.488373 0.000000 udp 10.0.2.109 3683 -> 95.225.128.139 8521 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:01:39.136244 0.392417 udp 10.0.2.109 3683 <-> 94.64.167.136 4853 CON 0 0 2 727 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:01:39.551299 0.000000 udp 10.0.2.109 3683 -> 46.49.42.199 9748 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:01:48.299691 0.490985 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 660 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:01:48.840849 0.458679 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 775 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:01:49.319381 0.000000 udp 10.0.2.109 3683 -> 201.144.156.78 8628 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:01:54.989562 0.000000 udp 10.0.2.109 3683 -> 95.227.166.142 9293 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:01:59.685619 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 07:02:00.407120 0.000000 udp 10.0.2.109 3683 -> 83.8.150.14 5061 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:02:07.277185 0.000000 udp 10.0.2.109 3683 -> 81.109.147.18 3206 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:02:12.825159 0.000000 udp 10.0.2.109 3683 -> 69.161.20.101 2972 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:02:18.362987 0.000000 udp 10.0.2.109 3683 -> 85.124.198.201 8825 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:02:26.144120 0.000000 udp 10.0.2.109 3683 -> 68.224.220.228 8351 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:02:32.553732 0.000000 udp 10.0.2.109 3683 -> 87.24.99.112 6414 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:05:36.009595 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 07:05:43.017096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:05:49.647024 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 07:05:49.647152 2.898251 tcp 10.0.2.109 51861 -> 211.38.175.27 4598 FSPA* 0 0 14 1517 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:05:51.018796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:06:07.021920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:06:39.027782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:12:43.034388 3.001001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 07:12:50.040689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:12:58.042651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:13:14.045920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:13:46.052466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:19:50.057862 3.041339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 07:19:57.104870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:20:05.106450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:20:21.109751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:20:53.115368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:26:57.121434 3.001848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 07:27:04.129244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:27:12.130366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:27:28.133684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:28:00.139635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:32:55.925578 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 07:32:55.925744 0.597834 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:32:56.524065 0.437130 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:32:56.961549 0.573606 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:32:57.535565 0.278671 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:32:57.814660 0.442892 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:32:58.258013 0.820487 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:32:59.078866 0.640244 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:32:59.719522 0.504135 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:00.224047 0.529884 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:00.754354 0.370404 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:01.125171 0.440330 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:01.565856 0.378682 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:01.944933 0.400421 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:02.345752 0.500469 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:02.846630 0.409931 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:03.256966 0.693813 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:03.951180 0.463742 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:04.415268 0.514213 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:04.929918 0.394375 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:05.324670 0.377182 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:05.702285 0.959238 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:06.661948 0.607131 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:07.269463 0.562458 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:07.832348 0.000000 udp 10.0.2.109 3683 -> 201.209.10.82 5879 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:33:25.750008 0.668285 tcp 10.0.2.109 51862 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:33:26.418610 0.657612 tcp 10.0.2.109 51863 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:33:27.076511 1.360820 tcp 10.0.2.109 51864 -> 195.113.214.237 443 SRPA* 0 0 25 12650 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:33:28.437752 0.264764 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:28.702887 0.413219 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:29.116489 0.259461 udp 10.0.2.109 3683 <-> 87.153.126.86 4545 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:29.376345 0.330569 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:29.707305 0.448095 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:30.155783 0.741805 rtcp 10.0.2.109 3683 <-> 59.115.40.236 2346 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:30.898010 0.447737 udp 10.0.2.109 3683 <-> 14.97.114.78 2039 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:31.346164 0.460495 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:31.806997 0.452767 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:32.260171 0.691971 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:32.952512 0.397962 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:33.350906 0.358505 udp 10.0.2.109 3683 <-> 92.20.158.207 4478 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:33.709821 0.297683 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:34.007913 0.000000 udp 10.0.2.109 3683 -> 14.97.23.192 7779 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:33:50.373442 0.781903 tcp 10.0.2.109 51865 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:33:51.155626 0.767201 tcp 10.0.2.109 51866 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:33:51.923083 1.315855 tcp 10.0.2.109 51867 -> 195.113.214.237 443 SRPA* 0 0 27 13556 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:33:52.015322 0.000000 udp 10.0.2.109 3683 <- 14.97.23.192 7779 RSP 0 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:33:53.239471 0.560217 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:53.800093 0.405896 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:54.206409 1.128854 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:55.335693 0.466763 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:55.802863 0.529276 udp 10.0.2.109 3683 <-> 75.52.70.200 9688 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:56.332484 0.322279 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:56.655136 0.412949 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:57.068401 0.430963 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:57.499776 0.750378 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:58.250490 0.341124 udp 10.0.2.109 3683 <-> 94.64.167.136 4853 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:33:58.592014 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 07:34:04.145531 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 07:34:11.152946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:34:15.460048 0.717447 tcp 10.0.2.109 51868 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:34:16.177754 0.692742 tcp 10.0.2.109 51869 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:34:16.870802 1.409371 tcp 10.0.2.109 51870 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:34:18.280796 0.539826 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/10 07:34:19.154537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:34:35.157627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:35:07.163796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:35:52.559546 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 07:35:52.559640 3.005195 tcp 10.0.2.109 51871 -> 211.38.175.27 4598 FSPA* 0 0 14 1501 flow=From-Botnet-V1-TCP-Established 1970/01/10 07:41:11.169875 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 07:41:18.176808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:41:26.178701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:41:42.181462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:42:14.187730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:48:18.193114 3.001966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 07:48:25.200921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:48:33.202397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:48:49.205147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:49:21.211555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:55:25.217282 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 07:55:32.224527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:55:40.226105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:55:56.229329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 07:56:28.235626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:02:32.241528 3.001216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 08:02:39.248913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:02:47.250585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:03:03.253479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:03:35.259305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:04:33.993981 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 08:04:33.994079 0.258997 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:34.253535 0.000000 udp 10.0.2.109 3683 -> 14.97.23.192 7779 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 08:04:50.810195 0.070398 tcp 10.0.2.109 51872 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:04:50.880872 0.076898 tcp 10.0.2.109 51873 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:04:50.958214 0.171461 tcp 10.0.2.109 51874 -> 195.113.214.237 443 SRPA* 0 0 21 11346 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:04:51.130384 0.164136 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:51.294876 0.063166 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:51.358465 0.138525 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:51.497417 0.257129 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:51.754936 0.036368 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:51.791697 0.164404 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:51.956464 0.203532 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:52.160352 0.267176 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:52.427943 0.158361 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:52.586740 0.148738 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:52.735814 0.033801 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:52.770027 0.178617 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:52.948998 0.143558 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:53.092931 0.213024 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:53.306376 0.055839 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:53.362538 0.312006 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:53.674899 0.158989 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:53.834269 0.153267 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:53.987965 0.184415 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:54.172784 0.050807 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:54.223971 0.089571 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:54.313943 1.976993 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:56.291361 0.116135 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:56.407912 0.046304 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:56.454594 0.054352 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:56.509358 0.040678 udp 10.0.2.109 3683 <-> 87.153.126.86 4545 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:56.550592 0.181350 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:56.732327 0.056397 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:04:56.789115 0.000000 udp 10.0.2.109 3683 -> 59.115.40.236 2346 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 08:05:15.434147 0.070525 tcp 10.0.2.109 51875 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:05:15.504965 0.073793 tcp 10.0.2.109 51876 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:05:15.579126 0.168651 tcp 10.0.2.109 51877 -> 195.113.214.237 443 SRPA* 0 0 23 13184 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:05:15.748390 0.173726 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:15.922511 0.226344 udp 10.0.2.109 3683 <-> 14.97.114.78 2039 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:16.149251 0.190377 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:16.339953 0.152122 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:16.492475 0.509326 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:17.002269 0.056086 udp 10.0.2.109 3683 <-> 92.20.158.207 4478 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:17.058712 0.056731 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:17.115845 0.043832 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:17.160068 0.188164 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:17.348646 0.066106 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:17.415144 0.959529 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:18.375070 0.203601 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:18.579096 0.251298 udp 10.0.2.109 3683 <-> 75.52.70.200 9688 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:18.830781 0.106907 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:18.938117 0.054548 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:18.992986 0.145645 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:19.138956 0.000000 udp 10.0.2.109 3683 -> 125.113.182.191 5711 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 08:05:34.251415 0.078568 tcp 10.0.2.109 51878 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:05:34.330369 0.082201 tcp 10.0.2.109 51879 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:05:34.412429 0.160826 tcp 10.0.2.109 51880 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:05:34.573797 0.000000 udp 10.0.2.109 3683 -> 94.64.167.136 4853 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 08:05:51.786382 0.075010 tcp 10.0.2.109 51881 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:05:51.861692 0.080035 tcp 10.0.2.109 51882 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:05:51.942019 0.171350 tcp 10.0.2.109 51883 -> 195.113.214.237 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:05:52.113904 0.146717 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:05:55.571551 2.004335 tcp 10.0.2.109 51884 -> 211.38.175.27 4598 FSPA* 0 0 14 1742 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:09:39.266656 3.060679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 08:09:46.332983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:09:54.334577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:10:10.337757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:10:42.343794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:16:46.349523 3.002046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 08:16:53.357008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:17:01.358015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:17:17.361578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:17:49.367435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:23:53.373597 3.001138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 08:24:00.380740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:24:08.382260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:24:24.385496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:24:56.391059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:31:00.397527 3.001744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 08:31:07.404433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:31:15.406310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:31:31.409271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:32:03.415332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:35:57.602674 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 08:35:57.602902 1.957305 tcp 10.0.2.109 51885 -> 211.38.175.27 4598 FSPA* 0 0 15 1761 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:04.712676 0.000000 udp 10.0.2.109 3683 -> 59.115.40.236 2346 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 08:36:20.276958 0.074463 tcp 10.0.2.109 51886 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:20.351666 0.074276 tcp 10.0.2.109 51887 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:20.426226 0.170773 tcp 10.0.2.109 51888 -> 195.113.214.237 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:20.597547 0.335144 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:20.933055 0.000000 udp 10.0.2.109 3683 -> 94.64.167.136 4853 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 08:36:36.999708 0.073447 tcp 10.0.2.109 51889 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:37.073448 0.079855 tcp 10.0.2.109 51890 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:37.153661 0.167756 tcp 10.0.2.109 51891 -> 195.113.214.237 443 SRPA* 0 0 25 14112 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:37.322049 0.414701 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:37.737157 0.239199 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:37.976769 0.040054 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:38.017209 0.168943 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:38.186586 0.161027 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:38.348015 0.135398 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:38.483775 0.053251 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:38.537457 0.143404 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:38.681257 0.033242 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:38.714858 0.178735 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:38.894001 0.225139 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:39.119558 0.287180 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:39.407134 0.177501 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:39.585031 0.154235 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:39.739657 0.152089 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:39.892145 0.055085 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:39.948002 0.221417 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:40.169872 0.347988 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:40.518450 0.155810 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:40.674610 0.184634 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:40.859616 0.050679 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:40.910726 0.091881 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:41.002939 0.046180 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:41.049450 0.120977 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:41.170814 0.056183 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:41.227376 0.091250 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:41.319046 0.143358 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:41.462812 0.000000 udp 10.0.2.109 3683 -> 87.153.126.86 4545 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 08:36:58.590784 0.071134 tcp 10.0.2.109 51892 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:58.662506 0.118887 tcp 10.0.2.109 51893 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:58.781700 0.163940 tcp 10.0.2.109 51894 -> 195.113.214.237 443 SRPA* 0 0 23 13808 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:36:58.946435 0.052798 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:58.999660 0.171268 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:59.171278 0.137701 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:59.309350 0.192033 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:36:59.501787 0.000000 udp 10.0.2.109 3683 -> 14.97.114.78 2039 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 08:37:17.047189 0.066101 tcp 10.0.2.109 51895 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:37:17.113550 0.074538 tcp 10.0.2.109 51896 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:37:17.188413 0.161790 tcp 10.0.2.109 51897 -> 195.113.214.237 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:37:17.350799 0.300111 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:17.651354 0.044787 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:17.696544 0.192215 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:17.889152 0.055940 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:17.945478 0.056423 udp 10.0.2.109 3683 <-> 92.20.158.207 4478 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:18.002395 0.062790 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:18.065559 0.053190 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:18.119136 0.158449 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:18.278069 0.000000 udp 10.0.2.109 3683 -> 75.52.70.200 9688 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 08:37:34.221755 0.074134 tcp 10.0.2.109 51898 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:37:34.296197 0.068561 tcp 10.0.2.109 51899 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:37:34.364609 0.174519 tcp 10.0.2.109 51900 -> 195.113.214.237 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/10 08:37:34.539606 0.212951 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:34.752976 0.086494 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:34.839888 0.145034 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:37:34.985255 0.149976 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/10 08:38:07.422381 3.001123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 08:38:14.428425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:38:22.430191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:38:38.433054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:39:10.439422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:45:14.445524 3.001622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 08:45:21.452757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:45:29.454694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:45:45.457460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:46:17.463311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:52:21.469402 3.001555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 08:52:28.476692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:52:36.478154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:52:52.480876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:53:24.487712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:59:28.494234 3.000474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 08:59:35.500718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:59:43.502354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 08:59:59.504968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:00:31.511553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:05:59.564084 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 09:05:59.564181 1.992526 tcp 10.0.2.109 51901 -> 211.38.175.27 4598 FSPA* 0 0 14 1507 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:06:35.517789 3.001385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 09:06:42.524503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:06:50.526026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:07:06.528784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:07:38.535204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:07:50.552735 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 09:07:50.552830 0.000000 udp 10.0.2.109 3683 -> 87.153.126.86 4545 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 09:08:09.120810 0.076316 tcp 10.0.2.109 51902 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:08:09.197403 0.072281 tcp 10.0.2.109 51903 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:08:09.270000 0.165281 tcp 10.0.2.109 51904 -> 195.113.214.237 443 SRPA* 0 0 23 13340 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:08:09.435925 0.000000 udp 10.0.2.109 3683 -> 14.97.114.78 2039 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 09:08:28.006767 0.068063 tcp 10.0.2.109 51905 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:08:28.075175 0.077693 tcp 10.0.2.109 51906 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:08:28.153122 0.139232 tcp 10.0.2.109 51907 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:08:28.293029 0.000000 udp 10.0.2.109 3683 -> 75.52.70.200 9688 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 09:08:44.610835 0.071080 tcp 10.0.2.109 51908 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:08:44.682411 0.075307 tcp 10.0.2.109 51909 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:08:44.757659 0.159359 tcp 10.0.2.109 51910 -> 195.113.214.237 443 SRPA* 0 0 25 14714 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:08:44.917578 0.312762 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:08:45.230698 0.346929 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:08:45.578027 0.000000 udp 10.0.2.109 3683 -> 77.22.244.77 9684 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 09:09:02.736553 0.073253 tcp 10.0.2.109 51911 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:09:02.810108 0.074388 tcp 10.0.2.109 51912 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:09:02.884755 0.159381 tcp 10.0.2.109 51913 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:09:03.044797 0.239734 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:03.284943 0.147097 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:03.432388 0.138370 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:03.571102 0.157778 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:03.729300 0.165618 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:03.895331 0.161993 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:04.057692 0.032934 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:04.091053 0.162521 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:04.253912 0.048390 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:04.302716 0.284818 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:04.587973 0.209131 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:04.797503 0.150284 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:04.948162 0.178291 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:05.126875 0.143988 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:05.271261 0.050652 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:05.322524 0.088787 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:05.411728 0.041487 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:05.453579 0.311454 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:05.765441 0.220288 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:05.986064 0.184628 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:06.171055 0.156647 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:06.328124 0.091639 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:06.420175 0.121900 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:06.542463 0.053647 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:06.596457 0.139092 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:06.736026 0.054840 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:06.791252 0.189397 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:06.981056 0.138883 rtcp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:07.120326 0.171991 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:07.292654 0.043858 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:07.336918 0.190758 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:07.528090 0.055746 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:07.584267 0.000000 udp 10.0.2.109 3683 -> 92.20.158.207 4478 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 09:09:26.240769 0.075626 tcp 10.0.2.109 51914 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:09:26.316700 0.067793 tcp 10.0.2.109 51915 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:09:26.384806 0.143703 tcp 10.0.2.109 51916 -> 195.113.214.237 443 SRPA* 0 0 25 13880 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:09:26.529035 0.064771 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:26.683645 0.270161 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:26.954182 0.149812 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:27.104378 0.054679 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:27.159446 0.143472 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:27.303262 0.352657 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:27.656293 0.094122 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:09:27.750823 0.145861 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:13:42.540859 3.001625 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 09:13:49.548661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:13:57.549855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:14:13.553092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:14:45.559529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:20:49.564798 3.002207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 09:20:56.572663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:21:04.574113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:21:20.577408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:21:52.582964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:27:56.589136 3.001740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 09:28:03.596624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:28:11.598315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:28:27.601191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:28:59.607093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:35:03.612630 3.002127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 09:35:10.620166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:35:18.622112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:35:34.635293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:36:01.564457 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 09:36:01.564558 1.893245 tcp 10.0.2.109 51917 -> 211.38.175.27 4598 FSPA* 0 0 14 1556 flow=From-Botnet-V1-TCP-Established 1970/01/10 09:36:06.641110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:39:33.729462 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 09:39:33.729563 0.041521 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:33.771506 0.060070 udp 10.0.2.109 3683 <-> 92.20.158.207 4478 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:33.831972 0.569175 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:34.401543 0.378285 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:34.780252 0.146736 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:34.927385 0.137296 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:35.065075 0.185313 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:35.250785 0.164879 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:35.416083 0.161244 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:35.577752 0.239464 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:35.817609 0.289475 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.107411 0.237062 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.344888 0.156600 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.501906 0.048413 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.550671 0.033043 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.584074 0.054735 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.639176 0.141604 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.781119 0.050575 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.832099 0.090365 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.922858 0.040407 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:36.963655 0.313123 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:37.277206 0.221173 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:37.498799 0.177106 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:37.676240 0.098560 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:37.775130 0.119542 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:37.895010 0.054749 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:37.950335 0.158317 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:38.109054 0.052787 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:38.162331 0.188868 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:38.351599 0.184331 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:38.536325 0.155980 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:38.692697 0.045745 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:38.738838 0.189754 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:38.928937 0.053674 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:38.983016 0.312015 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:39.295438 0.172470 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:39.468297 0.300426 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:39.769060 0.066927 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:39.836327 0.144414 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:39.981113 0.344190 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:40.325682 0.085953 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:40.412031 0.145713 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:40.558149 0.150197 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:39:40.708751 0.053176 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/10 09:42:10.646968 3.001378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 09:42:17.654462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:42:25.655618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:42:41.658785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:43:13.664852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:49:17.671626 3.001220 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 09:49:24.678328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:49:32.680068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:49:48.682948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:50:20.689187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:56:24.695267 3.001171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 09:56:31.702105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:56:39.703799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:56:55.706551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 09:57:27.712845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:03:31.719134 3.001707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 10:03:38.726028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:03:46.727520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:04:02.730770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:04:34.737076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:06:03.465154 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 10:06:03.465360 2.258868 tcp 10.0.2.109 51918 -> 211.38.175.27 4598 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/01/10 10:10:07.505991 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 10:10:07.506218 0.038579 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:07.545133 0.058672 udp 10.0.2.109 3683 <-> 92.20.158.207 4478 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:07.604206 0.480800 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:08.085496 0.000000 udp 10.0.2.109 3683 -> 201.209.10.82 5879 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 10:10:23.470101 0.080791 tcp 10.0.2.109 51919 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 10:10:23.551166 0.072401 tcp 10.0.2.109 51920 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 10:10:23.623905 0.148907 tcp 10.0.2.109 51921 -> 195.113.214.237 443 SRPA* 0 0 35 25820 flow=From-Botnet-V1-TCP-Established 1970/01/10 10:10:23.773452 0.145858 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:23.919687 0.138875 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:24.058994 0.161667 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:24.221030 0.241320 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:24.462819 0.180866 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:24.644078 0.164584 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:24.809036 0.265216 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:25.074655 0.272677 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:25.347736 0.152909 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:25.501031 0.138359 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:25.639751 0.032922 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:25.673077 0.057284 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:25.730789 0.147234 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:25.878500 0.050686 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:25.929600 0.088155 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:26.018188 0.045035 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:26.063595 0.312030 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:26.375958 0.222594 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:26.598923 0.176039 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:26.775342 0.094968 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:26.870654 0.121066 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:26.992101 0.058333 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:27.050825 0.191182 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:27.242359 0.185801 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:27.428588 0.159963 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:27.588928 0.044461 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:27.633809 0.188099 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:27.822445 0.054271 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:27.877102 0.155896 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:28.033368 0.058379 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:28.092101 0.137461 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:28.229912 0.172334 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:28.402651 0.263289 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:28.666365 0.063746 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:28.730506 0.144208 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:28.875114 0.147172 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:29.022691 0.151213 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:29.174365 0.053819 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:29.228526 0.212104 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:29.440968 0.087291 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:10:38.743349 3.001019 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 10:10:45.750263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:10:53.751519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:11:09.755079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:11:41.761127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:17:45.767112 3.011556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 10:17:52.784189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:18:00.786028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:18:16.788809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:18:48.794520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:24:52.801236 3.001136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 10:24:59.807936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:25:07.810073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:25:23.812430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:25:55.818776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:31:59.824397 3.002232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 10:32:06.832086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:32:14.833937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:32:30.836671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:33:02.842805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:36:05.726446 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 10:36:05.726689 2.043718 tcp 10.0.2.109 51922 -> 211.38.175.27 4598 FSPA* 0 0 14 1604 flow=From-Botnet-V1-TCP-Established 1970/01/10 10:39:06.848217 3.001879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 10:39:13.856203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:39:21.857819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:39:37.860761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:40:09.866882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:40:46.229136 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 10:40:46.229236 0.374757 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:46.604450 0.038278 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:46.643157 0.060231 udp 10.0.2.109 3683 <-> 92.20.158.207 4478 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:46.703772 0.341588 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:47.045736 0.149982 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:47.196114 0.136892 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:47.333486 0.175807 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:47.509688 0.168609 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:47.678647 0.160587 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:47.839596 0.239174 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:48.079141 0.220449 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:48.299925 0.218631 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:48.518949 0.153330 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:48.672706 0.083447 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:48.756504 0.032993 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:48.789801 0.053361 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:48.843518 0.139855 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:48.983819 0.050724 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:49.034916 0.089896 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:49.125210 0.046636 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:49.172206 0.312223 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:49.484976 0.223390 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:49.708734 0.179276 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:49.888427 0.102929 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:49.991718 0.120390 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:50.112465 0.055740 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:50.168578 0.156681 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:50.325681 0.043929 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:50.370019 0.192944 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:50.563363 0.054440 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:50.618237 0.154466 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:50.773134 0.188932 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:50.962491 0.185190 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:51.148069 0.053150 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:51.201619 0.148072 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:51.350038 0.174609 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:51.524981 0.312980 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:51.838328 0.069805 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:51.908529 0.143505 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:52.052395 0.144836 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:52.197686 0.284152 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:52.482373 0.081040 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:52.563773 0.288712 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:40:52.852870 0.057577 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/10 10:46:13.872501 3.002110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 10:46:20.880087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:46:28.881576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:46:44.884916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:47:16.890936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:53:20.896920 3.001125 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 10:53:27.904368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:53:35.905349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:53:51.908505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 10:54:23.914409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:00:27.921141 3.000985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 11:00:34.928353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:00:42.929685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:00:58.932366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:01:30.938285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:06:07.777151 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 11:06:07.777250 1.973090 tcp 10.0.2.109 51923 -> 211.38.175.27 4598 FSPA* 0 0 15 1686 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:07:34.945225 3.000720 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 11:07:41.951821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:07:49.953881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:08:05.956400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:08:37.963213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:11:04.493928 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 11:11:04.494018 0.000000 udp 10.0.2.109 3683 -> 92.20.158.207 4478 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 11:11:21.329458 0.078247 tcp 10.0.2.109 51924 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:11:21.408005 0.079343 tcp 10.0.2.109 51925 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:11:21.487715 0.168608 tcp 10.0.2.109 51926 -> 195.113.214.237 443 SRPA* 0 0 23 13340 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:11:21.656829 0.408333 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:22.065576 0.399298 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:22.465274 0.037193 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:22.502863 0.147501 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:22.650764 0.137316 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:22.788447 0.185928 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:22.974777 0.167074 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:23.142460 0.159926 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:23.302804 0.251680 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:23.554857 0.298471 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:23.853756 0.239060 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:24.093215 0.153652 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:24.247277 0.115642 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:24.363313 0.032958 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:24.396737 0.054048 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:24.451200 0.142281 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:24.593817 0.050920 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:24.645159 0.090538 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:24.736131 0.046173 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:24.782683 0.314578 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:25.097569 0.210857 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:25.308776 0.177274 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:25.486449 0.090156 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:25.576964 0.156387 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:25.733726 0.045943 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:25.780050 0.316900 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:26.097377 0.058785 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:26.156553 0.745761 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:26.902714 0.189502 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:27.092595 0.121774 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:27.214796 0.068371 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:27.283526 0.185413 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:27.469276 0.054625 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:27.524318 0.145425 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:27.670074 0.172137 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:27.842636 0.309555 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:28.152544 0.065031 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:28.217900 0.142345 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:28.360634 0.088237 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:28.449278 0.670845 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:29.120475 0.054654 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:29.175549 0.163422 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:11:29.339379 0.781116 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:14:41.968918 3.001468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 11:14:48.975843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:14:56.977689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:15:12.980924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:15:44.986703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:21:48.992201 3.002139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 11:21:55.999716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:22:04.001508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:22:20.004472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:22:52.010727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:28:56.016539 3.041390 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 11:29:03.063933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:29:11.065202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:29:27.068240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:29:59.074267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:36:03.080270 3.002006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 11:36:09.768311 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 11:36:09.768400 1.958243 tcp 10.0.2.109 51927 -> 211.38.175.27 4598 FSPA* 0 0 14 1635 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:36:10.088307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:36:18.089961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:36:34.093271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:37:06.098336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:41:51.889608 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 11:41:51.889699 0.000000 udp 10.0.2.109 3683 -> 92.20.158.207 4478 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 11:42:09.706522 0.091097 tcp 10.0.2.109 51928 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:42:09.797843 0.075359 tcp 10.0.2.109 51929 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:42:09.873457 0.168780 tcp 10.0.2.109 51930 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:42:10.042903 0.281816 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:10.325121 0.145859 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:10.471314 0.138366 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:10.610038 0.158199 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:10.768646 0.378980 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:11.148029 0.037161 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:11.185557 0.167696 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:11.353704 0.160933 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:11.514998 0.240089 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:11.755472 0.262180 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.017986 0.270940 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.289384 0.154942 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.444690 0.055757 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.500854 0.032875 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.534037 0.053812 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.588237 0.162263 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.750876 0.051257 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.802556 0.092078 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.895039 0.045742 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:12.941177 0.313028 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:13.254593 0.211343 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:13.466317 0.178414 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:13.645142 0.146112 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:13.791650 0.156125 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:13.948165 0.043988 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:13.992552 0.203613 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:14.196580 0.191225 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:14.388201 0.053693 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:14.442443 0.190656 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:14.633432 0.000000 udp 10.0.2.109 3683 -> 108.161.164.13 9770 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 11:42:31.166210 0.074659 tcp 10.0.2.109 51931 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:42:31.241163 0.084726 tcp 10.0.2.109 51932 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:42:31.326304 0.179765 tcp 10.0.2.109 51933 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/10 11:42:31.506874 0.056160 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:31.563396 0.186601 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:31.750344 0.054033 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:31.804757 0.148783 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:31.953930 0.172233 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:32.126561 0.143649 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:32.270609 0.082512 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:32.353491 0.246601 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:32.600479 0.066395 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:32.667202 0.148140 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:32.815725 0.150952 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:32.967114 0.052967 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:42:33.020461 0.297095 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/10 11:43:10.105158 3.001197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 11:43:17.111600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:43:25.113503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:43:41.117105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:44:13.122634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:50:17.128421 3.001600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 11:50:24.136018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:50:32.137356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:50:48.140203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:51:20.146434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:57:24.152786 3.001581 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 11:57:31.160126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:57:39.161157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:57:55.164593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 11:58:27.170360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:04:31.176778 3.001493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 12:04:38.183821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:04:46.184998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:05:02.188014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:05:34.194319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:06:11.729079 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 12:06:11.729178 1.930578 tcp 10.0.2.109 51934 -> 211.38.175.27 4598 FSPA* 0 0 15 1729 flow=From-Botnet-V1-TCP-Established 1970/01/10 12:11:38.200714 3.001112 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 12:11:45.207649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:11:53.209406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:12:09.222252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:12:41.228486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:12:45.535307 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 12:12:45.535406 0.120221 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:12:45.656043 0.138654 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:12:45.795171 0.159640 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:12:45.955221 0.298741 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:12:46.254517 0.147488 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:12:46.402343 0.035501 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:12:46.438280 0.166712 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:12:46.605345 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 12:13:04.012783 0.077653 tcp 10.0.2.109 51935 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 12:13:04.090757 0.071194 tcp 10.0.2.109 51936 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 12:13:04.162261 0.166867 tcp 10.0.2.109 51937 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/10 12:13:04.329653 0.242719 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:04.572758 0.288162 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:04.861307 0.309141 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:05.170889 0.074078 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:05.245325 0.154171 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:05.399842 0.232302 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:05.632533 0.055127 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:05.688090 0.232659 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:05.921152 0.051162 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:05.972734 0.090725 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:06.063926 0.040776 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:06.105090 0.032787 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:06.138384 0.189637 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:06.328379 0.090033 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:06.418796 0.155559 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:06.574702 0.043722 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:06.618823 0.210716 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:06.829954 0.310178 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:07.140601 0.196782 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:07.337773 0.829359 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:08.167470 0.192901 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:08.360759 0.054887 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:08.416007 0.054752 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:08.471154 0.144526 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:08.616048 0.056263 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:08.672652 0.195612 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:08.868601 0.169926 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:09.038952 0.145967 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:09.185270 0.075788 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:09.261470 0.246606 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:09.508473 0.067124 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:09.575974 0.147126 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:09.723499 0.862800 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:10.586726 0.056223 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:13:10.643324 0.204365 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:18:45.234834 3.031053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 12:18:52.271938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:19:00.273403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:19:16.276162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:19:48.282463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:25:52.288022 3.002441 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 12:25:59.295692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:26:07.407743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:26:23.410327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:26:55.416191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:32:59.423078 3.000760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 12:33:06.429925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:33:14.431229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:33:30.434567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:34:02.440153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:36:13.710015 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 12:36:13.710331 1.936860 tcp 10.0.2.109 51938 -> 211.38.175.27 4598 FSPA* 0 0 15 1733 flow=From-Botnet-V1-TCP-Established 1970/01/10 12:40:06.446958 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 12:40:13.453600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:40:21.455048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:40:37.458296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:41:09.464740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:43:24.208218 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 12:43:24.208368 0.161098 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:24.369886 0.132473 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:24.502690 0.133440 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:24.636564 0.174336 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:24.811260 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 12:43:40.803458 0.074954 tcp 10.0.2.109 51939 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 12:43:40.878728 0.068229 tcp 10.0.2.109 51940 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 12:43:40.947305 0.160817 tcp 10.0.2.109 51941 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/10 12:43:41.108779 0.149651 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:41.258814 0.338240 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:41.597473 0.037203 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:41.635046 0.238963 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:41.874500 0.253738 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:42.128638 0.152301 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:42.281303 0.216731 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:42.498512 0.063451 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:42.562393 0.147308 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:42.710039 0.050563 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:42.760994 0.088644 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:42.850009 0.328757 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:43.179122 0.050590 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:43.230208 0.046092 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:43.276646 0.032816 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:43.309811 0.178643 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:43.488856 0.103856 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:43.593100 0.155995 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:43.749494 0.044095 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:43.793979 0.223461 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:44.017849 0.311737 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:44.329962 0.188643 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:44.519016 0.137965 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:44.657370 0.188149 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:44.845908 0.053628 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:44.899937 0.054137 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:44.954483 0.139198 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:45.094041 0.055619 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:45.150033 0.184110 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:45.334528 0.171327 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:45.506284 0.266259 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:45.772945 0.071660 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:45.844997 0.147170 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:45.992538 0.143056 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:46.136002 0.087819 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:46.224225 0.206330 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:46.430909 0.191043 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:43:46.622353 0.054573 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 12:47:13.469941 3.002235 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 12:47:20.477550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:47:28.479133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:47:44.482312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:48:16.488152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:54:20.495185 3.000554 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 12:54:27.501592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:54:35.503362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:54:51.505988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 12:55:23.512111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:01:27.518481 3.001291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 13:01:34.525656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:01:42.527490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:01:58.530626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:02:30.536400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:06:15.650168 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 13:06:15.650388 2.141359 tcp 10.0.2.109 51942 -> 211.38.175.27 4598 FSPA* 0 0 15 1656 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:08:34.542455 3.001856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 13:08:41.549895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:08:49.551387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:09:05.554571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:09:37.560140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:14:12.906599 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 13:14:12.906696 0.166146 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:13.073268 0.171423 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:13.245109 0.134279 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:13.379735 0.163164 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:13.543285 0.123387 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:13.667070 0.144554 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:13.812033 0.279940 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:14.092349 0.041785 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:14.134501 0.239492 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:14.374414 0.208514 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:14.583315 0.053657 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:14.637349 0.143531 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:14.781261 0.050559 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:14.832207 0.087237 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:14.919769 0.264136 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:15.184310 0.154650 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:15.339380 0.377872 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:15.717584 0.054513 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:15.772525 0.045531 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:15.818473 0.032982 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:15.851819 0.182985 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:16.035134 0.092895 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:16.128426 0.154754 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:16.283563 0.046121 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:16.330051 0.219518 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:16.549902 0.233863 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:16.784185 0.257384 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:17.041981 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 13:14:32.336285 0.077989 tcp 10.0.2.109 51943 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:14:32.414652 0.070436 tcp 10.0.2.109 51944 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:14:32.485378 0.157782 tcp 10.0.2.109 51945 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:14:32.643800 0.055754 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:32.699977 0.313780 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:33.014184 0.189185 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:33.203733 0.137619 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:33.341706 0.054666 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:33.396712 0.184478 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:33.581619 0.172350 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:33.754340 0.247627 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:34.002453 0.067781 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:34.070595 0.146938 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:34.217957 0.204846 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:34.423156 0.149304 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:34.572833 0.055568 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:34.628774 0.143283 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:14:34.772393 0.079546 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:15:41.566370 3.001607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 13:15:48.573838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:15:56.575155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:16:12.577976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:16:44.584384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:22:48.590395 3.001438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 13:22:55.597691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:23:03.599082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:23:19.601967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:23:51.608342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:29:55.615215 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 13:30:02.621933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:30:10.622864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:30:26.626079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:30:58.632451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:36:17.792109 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 13:36:17.792337 1.952671 tcp 10.0.2.109 51946 -> 211.38.175.27 4598 FSPA* 0 0 12 1450 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:37:02.639105 3.000840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 13:37:09.645873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:37:17.647437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:37:33.700036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:38:05.706208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:44:09.712825 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 13:44:16.719713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:44:24.720912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:44:40.724056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:45:00.252389 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 13:45:00.252573 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 13:45:12.729867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:45:18.269568 0.075285 tcp 10.0.2.109 51947 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:45:18.345129 0.076636 tcp 10.0.2.109 51948 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:45:18.422092 0.148694 tcp 10.0.2.109 51949 -> 195.113.214.237 443 SRPA* 0 0 35 24849 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:45:18.571351 0.137347 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:18.709094 0.160697 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:18.870483 0.122525 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:18.993441 0.146199 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:19.140035 0.167172 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:19.307609 0.163793 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:19.471761 0.040873 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:19.512993 0.241354 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:19.754744 0.201154 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:19.956259 0.053094 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:20.009751 0.142376 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:20.152537 0.050919 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:20.203851 0.280697 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:20.484938 0.090551 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:20.575877 0.352423 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:20.928714 0.374092 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:21.303230 0.040976 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:21.344636 0.032890 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:21.377837 0.071839 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:21.450246 0.154239 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:21.604830 0.156355 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:21.761591 0.045146 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:21.807097 0.211429 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:22.018878 0.248448 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:22.267757 0.089882 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:22.358037 0.182496 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:22.540967 0.191075 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:22.732449 0.054504 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:22.787358 0.311391 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:23.099140 0.191385 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:23.290909 0.135725 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:23.426971 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 13:45:39.078525 0.076585 tcp 10.0.2.109 51950 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:45:39.155382 0.070486 tcp 10.0.2.109 51951 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:45:39.226219 0.145465 tcp 10.0.2.109 51952 -> 195.113.214.237 443 SRPA* 0 0 33 24741 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:45:39.372309 0.184262 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:39.556933 0.172073 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:39.729373 0.247437 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:39.977293 0.203832 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:40.181565 0.152187 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:40.334125 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 13:45:56.003187 0.082027 tcp 10.0.2.109 51953 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:45:56.085556 0.075242 tcp 10.0.2.109 51954 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:45:56.160698 0.163761 tcp 10.0.2.109 51955 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 13:45:56.325069 0.145084 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:56.470572 0.083817 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:56.554816 0.070367 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:45:56.625592 0.145832 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/10 13:51:16.737046 3.000546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 13:51:23.743715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:51:31.744781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:51:47.747980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:52:19.754045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:58:23.760645 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 13:58:30.767823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:58:38.769263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:58:54.772384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 13:59:26.778016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:05:30.784865 3.000572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 14:05:37.791581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:05:45.793144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:06:01.795860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:06:19.762608 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 14:06:19.762682 1.941811 tcp 10.0.2.109 51956 -> 211.38.175.27 4598 FSPA* 0 0 12 1467 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:06:33.801910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:12:37.808477 3.001163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 14:12:44.815212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:12:52.817309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:13:08.819736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:13:40.825722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:16:01.919669 0.000265 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 14:16:01.920036 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 14:16:18.394512 0.108959 tcp 10.0.2.109 51957 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:16:18.503729 0.075044 tcp 10.0.2.109 51958 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:16:18.579093 0.136217 tcp 10.0.2.109 51959 -> 195.113.214.237 443 SRPA* 0 0 36 26973 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:16:18.715878 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 14:16:34.526387 0.071798 tcp 10.0.2.109 51960 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:16:34.598461 0.076004 tcp 10.0.2.109 51961 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:16:34.674775 0.154634 tcp 10.0.2.109 51962 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:16:34.830228 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 14:16:52.652281 0.071247 tcp 10.0.2.109 51963 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:16:52.723788 0.074101 tcp 10.0.2.109 51964 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:16:52.798279 0.162401 tcp 10.0.2.109 51965 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:16:52.961176 0.138271 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:53.099881 0.125446 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:53.225839 0.160510 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:53.226388 3.000937 tcp 10.0.2.109 51966 -> 108.161.164.13 2963 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 14:16:53.386779 0.039898 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:53.427082 0.238875 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:53.666385 0.209156 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:53.875885 0.049901 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:53.926236 0.164969 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:54.091561 0.145973 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:54.237958 0.336490 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:54.574905 0.463055 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:55.038488 0.050341 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:55.089228 0.144556 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:55.234120 0.091641 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:16:55.326348 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 14:17:02.225240 0.000000 tcp 10.0.2.109 51966 -> 108.161.164.13 2963 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 14:17:14.243256 0.073596 tcp 10.0.2.109 51967 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:17:14.317186 0.071840 tcp 10.0.2.109 51968 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:17:14.389263 0.161327 tcp 10.0.2.109 51969 -> 195.113.214.237 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:17:14.551117 0.152727 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:14.704238 0.156021 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:14.860617 0.043954 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:14.904952 0.230438 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:15.135804 0.047285 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:15.183435 0.266019 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:15.449816 0.032832 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:15.483072 0.191445 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:15.674934 0.054620 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:15.729975 0.105049 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:15.835393 0.151678 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:15.987394 0.180843 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:16.168567 0.138240 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:16.307210 0.192116 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:16.499682 0.311934 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:16.812063 0.247382 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:17.059871 0.170886 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:17.231139 0.184216 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:17.415759 0.150044 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:17.566238 0.553933 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:18.120556 0.063371 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:18.184770 0.143995 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:18.329100 0.142210 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:17:18.471737 0.094414 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:19:44.832684 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 14:19:51.839789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:19:59.840946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:20:15.843784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:20:47.850361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:26:51.856814 3.001008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 14:26:58.863265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:27:06.864779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:27:22.868210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:27:54.873742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:33:58.881034 3.000572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 14:34:05.887495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:34:13.889032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:34:29.891761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:35:01.897692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:36:21.703696 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 14:36:21.703799 2.064895 tcp 10.0.2.109 51970 -> 211.38.175.27 4598 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:41:05.904191 3.001135 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 14:41:12.911021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:41:20.913244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:41:36.916001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:42:08.922000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:47:38.065816 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 14:47:38.065956 0.161310 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:38.227633 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 14:47:56.353430 0.075820 tcp 10.0.2.109 51971 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:47:56.429516 0.076097 tcp 10.0.2.109 51972 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:47:56.505905 0.161531 tcp 10.0.2.109 51973 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 14:47:56.668100 0.120225 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:56.788783 0.180923 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:56.789110 2.997079 tcp 10.0.2.109 51974 -> 108.161.164.13 2963 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 14:47:56.970234 0.034156 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:57.004725 0.241971 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:57.247036 0.136978 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:57.384395 0.048827 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:57.433587 0.212420 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:57.646425 0.348367 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:57.995186 0.510458 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:58.506043 0.146018 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:58.652471 0.168254 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:58.821071 0.050666 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:58.872151 0.143867 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:59.016397 0.088868 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:59.105690 0.044994 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:59.151064 0.154014 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:59.305431 0.156418 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:59.462250 0.220784 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:59.683430 0.053130 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:47:59.736944 0.263655 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:00.001930 0.032966 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:00.035265 0.188699 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:00.224341 0.053961 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:00.278704 0.104699 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:00.383787 1.546727 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:01.930875 0.189785 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:02.121067 0.312546 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:02.433938 0.174996 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:02.609276 0.144677 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:02.754449 0.246261 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:03.001050 0.172350 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:03.173769 0.184950 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:03.359126 0.555294 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:03.914809 0.143040 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:04.058286 0.139967 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:04.198663 0.086116 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:04.285124 0.207622 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:04.493202 0.067698 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/10 14:48:05.784949 0.000000 tcp 10.0.2.109 51974 -> 108.161.164.13 2963 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 14:48:12.928629 3.000852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 14:48:19.935177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:48:27.936535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:48:43.939816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:49:15.945844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:55:19.951909 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 14:55:26.959261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:55:34.960458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:55:50.963520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 14:56:22.969675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:02:26.975623 3.001935 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 15:02:33.983054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:02:41.984582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:02:57.987754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:03:29.994041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:06:23.774619 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 15:06:23.774718 1.968057 tcp 10.0.2.109 51975 -> 211.38.175.27 4598 FSPA* 0 0 15 1734 flow=From-Botnet-V1-TCP-Established 1970/01/10 15:09:33.999917 3.001589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 15:09:41.007248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:09:49.008411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:10:05.012013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:10:37.018189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:16:41.023952 3.001270 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 15:16:48.031473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:16:56.033041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:17:12.035856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:17:44.041546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:18:33.253022 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 15:18:33.253116 0.161297 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:33.414779 0.035432 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:33.450551 0.121290 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:33.572323 0.215057 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:33.572784 2.994379 tcp 10.0.2.109 51976 -> 108.161.164.13 2963 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 15:18:33.787724 0.239417 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:34.027561 0.138357 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:34.166324 0.048355 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:34.215052 0.207261 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:34.422733 0.400282 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:34.823354 0.166111 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:34.989877 0.050742 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:35.041003 0.139000 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:35.180388 0.494745 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:35.675555 0.145594 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:35.821531 0.091674 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:35.913610 0.047021 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:35.960980 0.157763 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:36.119176 0.164880 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:36.284454 0.211413 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:36.496268 0.045804 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:36.542463 0.266268 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:36.809120 0.033005 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:36.842501 0.103002 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:36.945917 0.191463 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:37.137856 0.054265 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:37.192542 0.145729 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:37.338701 0.189979 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:37.529085 0.311919 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:37.841373 0.178501 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:38.020267 0.144168 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:38.164842 0.246550 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:38.411739 0.923179 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:39.335319 0.171342 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:39.506979 0.183775 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:39.691143 0.084660 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:39.776205 0.206040 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:39.982656 0.062680 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:40.045746 0.145094 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:40.191194 0.141927 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:18:42.565492 0.000000 tcp 10.0.2.109 51976 -> 108.161.164.13 2963 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 15:23:48.048646 3.001183 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 15:23:55.055527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:24:03.057136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:24:19.059634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:24:51.065843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:30:55.071968 3.001691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 15:31:02.079042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:31:10.080298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:31:26.083518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:31:58.089471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:36:25.745054 0.023726 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 15:36:25.769232 1.917282 tcp 10.0.2.109 51977 -> 211.38.175.27 4598 FSPA* 0 0 15 1589 flow=From-Botnet-V1-TCP-Established 1970/01/10 15:38:02.095340 3.001797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 15:38:09.103248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:38:17.104879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:38:33.107301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:39:05.113536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:45:09.119369 3.001835 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 15:45:16.127113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:45:24.128463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:45:40.131839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:46:12.137823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:49:00.089684 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 15:49:00.089944 0.119901 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:00.210466 0.166699 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:00.210925 3.002335 tcp 10.0.2.109 51978 -> 108.161.164.13 2963 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 15:49:00.377588 0.238754 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:00.616705 0.160657 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:00.777766 0.039159 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:00.817287 0.137613 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:00.955300 0.049666 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:01.005357 0.216152 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:01.221880 0.365631 rtcp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:01.587901 0.167030 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:01.755320 0.050409 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:01.806282 0.147599 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:01.954321 0.087645 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:02.042377 0.043804 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:02.086637 0.145901 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:02.232916 0.513369 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:02.746724 0.154848 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:02.901968 0.170763 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:03.073122 0.224038 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:03.297532 0.040282 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:03.338244 0.301389 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:03.640128 0.033068 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:03.673544 0.088986 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:03.762942 0.149229 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:03.912514 0.189522 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:04.102463 0.312766 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:04.415614 0.175903 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:04.591878 0.192379 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:04.784659 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 15:49:09.212385 0.000000 tcp 10.0.2.109 51978 -> 108.161.164.13 2963 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 15:49:21.591862 0.075521 tcp 10.0.2.109 51979 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 15:49:21.667628 0.074727 tcp 10.0.2.109 51980 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 15:49:21.742658 0.136455 tcp 10.0.2.109 51981 -> 195.113.214.237 443 SRPA* 0 0 33 24763 flow=From-Botnet-V1-TCP-Established 1970/01/10 15:49:21.879828 0.136940 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:22.017119 0.246469 rtcp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:22.264004 0.479471 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:22.743824 0.170439 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:22.914689 0.188866 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:23.104035 0.083496 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:23.104447 3.002150 tcp 10.0.2.109 51982 -> 172.6.250.142 3128 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 15:49:23.187888 0.240744 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:23.429014 0.144191 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:23.573582 0.063320 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:23.637299 0.145749 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/10 15:49:32.105360 0.000000 tcp 10.0.2.109 51982 -> 172.6.250.142 3128 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 15:52:16.143804 3.001190 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 15:52:23.151627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:52:31.153114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:52:47.156317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:53:19.161561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:59:23.168163 3.001172 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 15:59:30.175045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:59:38.176363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 15:59:54.179872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:00:26.185413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:06:27.686109 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 16:06:27.686191 1.961042 tcp 10.0.2.109 51983 -> 211.38.175.27 4598 FSPA* 0 0 15 1758 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:06:30.191869 3.001464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 16:06:37.198996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:06:45.200258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:07:01.203351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:07:33.209739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:13:37.215801 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 16:13:44.222955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:13:52.224245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:14:08.227761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:14:40.233788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:19:25.313415 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 16:19:25.313515 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 16:19:42.229422 0.074485 tcp 10.0.2.109 51984 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:19:42.304236 0.074570 tcp 10.0.2.109 51985 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:19:42.379111 0.157680 tcp 10.0.2.109 51986 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:19:42.537298 0.238971 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:42.776679 0.162115 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:42.939124 0.070935 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:43.010502 0.135718 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:43.146634 0.049383 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:43.146954 3.006063 tcp 10.0.2.109 51987 -> 65.93.51.243 9776 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 16:19:43.196416 0.121743 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:43.318548 0.168104 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:43.487065 0.169131 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:43.656555 0.045998 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:43.702980 0.144893 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:43.848270 0.707475 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:44.556184 0.386196 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:44.942805 0.144858 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:19:45.088007 0.000000 udp 10.0.2.109 3683 -> 125.113.182.191 5711 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 16:19:52.151968 0.000000 tcp 10.0.2.109 51987 -> 65.93.51.243 9776 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 16:20:01.115643 0.074714 tcp 10.0.2.109 51988 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:20:01.190671 0.075315 tcp 10.0.2.109 51989 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:20:01.266485 0.159234 tcp 10.0.2.109 51990 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:20:01.426394 0.154029 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:01.580760 0.091459 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:01.672633 0.044810 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:01.717865 0.045640 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:01.763902 0.240164 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:02.004447 0.033030 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:02.037861 0.102398 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:02.140697 0.141460 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:02.282534 0.220715 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:02.503653 0.155237 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:02.659394 0.188511 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:02.848309 0.193344 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:03.042044 0.312301 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:03.354688 0.178799 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:03.533836 0.136458 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:03.670696 0.247672 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:03.918824 0.150892 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:04.070070 0.170366 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:04.240941 0.203494 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:04.241344 3.002439 tcp 10.0.2.109 51991 -> 99.140.86.184 8325 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 16:20:04.444818 0.141817 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:04.586982 0.065303 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:04.652688 0.143994 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:04.797086 0.185180 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:04.982686 0.110973 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:20:13.242230 0.000000 tcp 10.0.2.109 51991 -> 99.140.86.184 8325 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 16:20:44.239822 3.001046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 16:20:51.247314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:20:59.248026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:21:15.251216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:21:47.257493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:27:51.264154 3.001214 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 16:27:58.270984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:28:06.272227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:28:22.275476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:28:54.281494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:34:58.297818 3.011047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 16:35:05.314700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:35:13.316526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:35:29.319610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:36:01.325647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:36:29.646641 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 16:36:29.646737 1.947937 tcp 10.0.2.109 51992 -> 211.38.175.27 4598 FSPA* 0 0 15 1717 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:42:05.331052 3.001634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 16:42:12.338981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:42:20.340169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:42:36.343597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:43:08.349772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:49:12.355210 3.001551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 16:49:19.362848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:49:27.363921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:49:43.367532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:50:15.373463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:50:21.011497 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 16:50:21.011576 0.373773 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:21.385753 0.035276 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:21.421420 0.238436 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:21.660217 0.160617 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:21.821231 0.048387 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:21.870020 0.120235 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:21.870602 2.996505 tcp 10.0.2.109 51993 -> 217.41.6.243 9473 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 16:50:21.990659 0.170619 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:22.161696 0.152154 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:22.314379 0.051203 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:22.365999 0.147653 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:22.514032 0.165239 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:22.679626 0.000000 udp 10.0.2.109 3683 -> 108.199.165.214 9919 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 16:50:30.865298 0.000000 tcp 10.0.2.109 51993 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 16:50:41.172083 0.071065 tcp 10.0.2.109 51994 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:50:41.243431 0.075202 tcp 10.0.2.109 51995 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:50:41.318933 0.152745 tcp 10.0.2.109 51996 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:50:41.472290 0.403413 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:41.876068 0.143564 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:42.020033 0.153525 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:42.173962 0.090397 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:42.264740 0.044566 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:42.309716 0.046066 udp 10.0.2.109 3683 <-> 84.130.206.71 8279 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:42.356126 0.223751 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:42.580275 0.033037 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:42.613640 0.221400 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:50:42.835387 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 16:51:00.378524 0.073702 tcp 10.0.2.109 51997 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:51:00.452494 0.073278 tcp 10.0.2.109 51998 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:51:00.526063 0.151858 tcp 10.0.2.109 51999 -> 195.113.214.237 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/10 16:51:00.678723 0.191177 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:00.870469 0.189118 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:00.870785 3.002222 tcp 10.0.2.109 52000 -> 187.191.25.14 4085 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 16:51:01.059956 0.113861 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:01.174190 0.138157 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:01.312745 0.313291 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:01.626588 0.178641 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:01.805588 0.137043 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:01.943037 0.245458 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:02.188929 0.207998 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:02.397324 0.144257 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:02.541934 0.123763 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:02.666065 0.143318 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:02.809807 0.184049 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:02.994407 0.180211 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:03.174986 0.170854 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:03.346217 0.085952 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/10 16:51:09.871395 0.000000 tcp 10.0.2.109 52000 -> 187.191.25.14 4085 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 16:56:19.379230 3.001515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 16:56:26.386453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:56:34.387935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:56:50.390898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 16:57:22.397096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:03:26.402863 3.002171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 17:03:33.410837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:03:41.411938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:03:57.415342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:04:29.421314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:06:31.597808 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 17:06:31.598038 2.021048 tcp 10.0.2.109 52001 -> 211.38.175.27 4598 FSPA* 0 0 15 1771 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:10:33.427436 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 17:10:40.434957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:10:48.435978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:11:04.439390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:11:36.445086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:17:40.451154 3.001503 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 17:17:47.458498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:17:55.460014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:18:11.463125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:18:43.469369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:21:11.772756 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 17:21:11.772836 0.000000 udp 10.0.2.109 3683 -> 108.199.165.214 9919 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 17:21:27.797671 0.075425 tcp 10.0.2.109 52002 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:21:27.873330 0.076097 tcp 10.0.2.109 52003 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:21:27.949713 0.158621 tcp 10.0.2.109 52004 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:21:28.108855 0.170605 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:28.279948 0.239501 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:28.280361 3.000075 tcp 10.0.2.109 52005 -> 70.88.72.57 7429 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 17:21:28.519782 0.160511 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:28.680693 0.054534 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:28.735605 0.124700 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:28.860740 0.290161 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:29.151654 0.054445 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:29.206508 0.163011 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:29.369925 0.151828 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:29.522194 0.163297 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:29.685922 0.050586 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:29.736884 0.148161 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:29.885445 0.378856 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:30.264689 0.145494 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:30.410541 0.045082 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:30.456024 0.000000 udp 10.0.2.109 3683 -> 84.130.206.71 8279 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 17:21:37.279306 0.000000 tcp 10.0.2.109 52005 -> 70.88.72.57 7429 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 17:21:48.546392 0.071130 tcp 10.0.2.109 52006 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:21:48.617823 0.076485 tcp 10.0.2.109 52007 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:21:48.694687 0.156357 tcp 10.0.2.109 52008 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:21:48.851640 0.264912 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:49.116960 0.033020 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:49.150389 0.229988 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:49.380880 0.090524 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:49.381269 2.999825 tcp 10.0.2.109 52009 -> 99.60.181.75 7801 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 17:21:49.471803 0.152034 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:49.624233 0.188045 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:49.812659 0.139264 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:49.952319 0.311112 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:50.263822 0.179982 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:50.444146 0.135931 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:50.580442 0.192257 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:50.773082 0.091223 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:50.864688 0.246974 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:51.112057 0.206404 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:51.318900 0.158395 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:51.477654 0.069085 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:51.547134 0.143434 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:51.690936 0.189138 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:51.880417 0.087947 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:51.968804 0.152778 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:52.121992 0.170466 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:21:58.379524 0.000000 tcp 10.0.2.109 52009 -> 99.60.181.75 7801 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 17:24:47.475929 3.000883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 17:24:54.482378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:25:02.484023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:25:18.487205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:25:50.493394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:31:54.499716 3.001272 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 17:32:01.507016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:32:09.507728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:32:25.511327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:32:57.517353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:36:33.618793 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 17:36:33.618895 2.121323 tcp 10.0.2.109 52010 -> 211.38.175.27 4598 FSPA* 0 0 15 1695 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:39:01.522921 3.001722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 17:39:08.530320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:39:16.532341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:39:32.535401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:40:04.541378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:46:08.546814 3.002193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 17:46:15.554574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:46:23.556141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:46:39.559111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:47:11.564844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:51:56.565461 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 17:51:56.565712 0.000000 udp 10.0.2.109 3683 -> 84.130.206.71 8279 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 17:52:14.462754 0.071121 tcp 10.0.2.109 52011 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:52:14.534179 0.071266 tcp 10.0.2.109 52012 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:52:14.605864 0.153938 tcp 10.0.2.109 52013 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 17:52:14.760307 0.162081 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:14.922788 0.048137 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:14.971347 0.122823 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:14.971689 2.994099 tcp 10.0.2.109 52014 -> 217.41.6.243 9473 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 17:52:15.094529 0.171645 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:15.266554 0.239300 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:15.506286 0.038721 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:15.545413 0.205970 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:15.751815 0.353534 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:16.105689 0.168745 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:16.274787 0.050481 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:16.325692 0.145503 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:16.471636 0.184755 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:16.656820 0.173565 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:16.830762 0.365850 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:17.196949 0.045795 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:17.243155 0.274637 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:17.518163 0.032882 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:17.551358 0.220391 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:17.772144 0.088452 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:17.860985 0.152719 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:18.014063 0.192008 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:18.206498 0.140926 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:18.347830 0.141991 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:18.490254 0.189890 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:18.680492 0.089500 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:18.770370 0.311934 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:19.082709 0.179479 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:19.262574 0.246476 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:19.509473 0.207573 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:19.717466 0.140261 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:19.858317 0.064293 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:19.923015 0.145401 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:20.068806 0.188386 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:20.257606 0.099226 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:20.357247 0.630273 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:20.987921 0.171209 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/10 17:52:23.963803 0.000000 tcp 10.0.2.109 52014 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 17:53:15.572047 3.000385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 17:53:22.578884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:53:30.580027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:53:46.583077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 17:54:18.589325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:00:22.595117 3.001418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 18:00:29.602653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:00:37.603890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:00:53.606983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:01:25.613170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:06:35.739939 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 18:06:35.740171 2.142451 tcp 10.0.2.109 52015 -> 211.38.175.27 4598 FSPA* 0 0 15 1655 flow=From-Botnet-V1-TCP-Established 1970/01/10 18:07:29.619026 3.001680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 18:07:36.626181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:07:44.628240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:08:00.630908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:08:32.637163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:14:36.643755 3.001149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 18:14:43.650295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:14:51.651694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:15:07.654534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:15:39.660893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:21:43.667160 3.001378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 18:21:50.673986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:21:58.675969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:22:14.678702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:22:44.772502 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 18:22:44.772692 0.161074 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:44.934347 0.050654 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:44.985433 0.122004 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:44.985837 3.000898 tcp 10.0.2.109 52016 -> 217.41.6.243 9473 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 18:22:45.107788 0.168721 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:45.276918 0.240320 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:45.517575 0.034329 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:45.552349 0.223962 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:45.776711 0.050594 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:45.827647 0.141911 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:45.969933 0.135445 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:46.105727 0.147638 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:46.253770 0.317705 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:46.571877 0.162729 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:46.685320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:22:46.734950 0.302288 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:47.037641 0.043682 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:47.081735 0.262992 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:47.345065 0.035368 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:47.380843 0.211008 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:47.592253 0.071315 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:47.663985 0.152011 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:47.816425 0.141895 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:47.958687 0.189555 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:48.148661 0.089581 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:48.238648 0.190842 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:48.429973 0.659994 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:49.090396 0.312629 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:49.403422 0.183170 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:49.586989 0.247032 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:49.834431 0.202904 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:50.037729 0.142206 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:50.180362 0.065354 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:50.246138 0.086509 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:50.333070 0.341432 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:50.674915 0.146574 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:50.821883 0.188878 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:51.011171 0.169174 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:22:53.985578 0.000000 tcp 10.0.2.109 52016 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 18:28:50.690932 3.011815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 18:28:57.708163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:29:05.709710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:29:21.712490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:29:53.719305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:35:57.724915 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 18:36:04.732079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:36:12.733631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:36:28.736726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:36:37.890657 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 18:36:37.890735 2.069747 tcp 10.0.2.109 52017 -> 211.38.175.27 4598 FSPA* 0 0 14 1657 flow=From-Botnet-V1-TCP-Established 1970/01/10 18:37:00.742859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:43:04.749343 3.000790 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 18:43:11.756656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:43:19.757533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:43:35.760415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:44:07.766581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:50:11.772425 3.001742 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 18:50:18.780018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:50:26.781720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:50:42.784850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:51:14.790932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:53:02.566314 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 18:53:02.566416 0.160661 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:02.727491 0.051596 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:02.779660 0.121387 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:02.780129 2.999831 tcp 10.0.2.109 52018 -> 217.41.6.243 9473 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 18:53:02.901462 0.186845 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:03.088712 0.239956 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:03.329084 0.036333 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:03.365796 0.292919 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:03.659117 0.050467 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:03.709986 0.141706 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:03.852150 0.436807 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:04.289394 0.160631 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:04.450418 0.301530 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:04.752343 0.151816 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:04.904560 0.143661 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:05.048632 0.043862 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:05.092871 0.265530 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:05.358799 0.032820 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:05.391939 0.233534 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:05.625905 0.073967 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:05.700270 0.153164 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:05.853836 0.144552 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:05.998783 0.190594 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:06.189738 0.190620 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:06.380751 0.089031 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:06.470185 1.228180 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:07.698777 0.310878 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:08.010207 0.181934 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:08.192558 0.247515 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:08.440474 0.207904 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:08.648793 0.085275 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:08.734519 0.779809 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:09.514761 0.148442 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:09.663620 0.189706 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:09.853755 0.154780 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:10.008911 0.066624 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:10.075941 0.170444 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/10 18:53:11.779301 0.000000 tcp 10.0.2.109 52018 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 18:57:18.796651 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 18:57:25.803994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:57:33.805304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:57:49.808340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 18:58:21.815087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:04:25.821093 3.001037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 19:04:32.827828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:04:40.829356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:04:56.832749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:05:28.838575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:06:39.961898 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 19:06:39.961994 2.037734 tcp 10.0.2.109 52019 -> 211.38.175.27 4598 FSPA* 0 0 15 1759 flow=From-Botnet-V1-TCP-Established 1970/01/10 19:11:32.844892 3.001212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 19:11:39.851999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:11:47.853809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:12:03.856979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:12:35.864166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:18:39.869379 3.001114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 19:18:46.875937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:18:54.877859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:19:10.880357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:19:42.886348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:23:19.498261 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 19:23:19.498450 0.120429 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:19.619436 0.162292 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:19.619934 3.002778 tcp 10.0.2.109 52020 -> 108.161.164.13 2963 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 19:23:19.782295 0.053105 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:19.835783 0.169710 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:20.005874 0.248036 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:20.254360 0.035359 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:20.290135 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 19:23:28.621433 0.000000 tcp 10.0.2.109 52020 -> 108.161.164.13 2963 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 19:23:38.337296 0.075104 tcp 10.0.2.109 52021 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/10 19:23:38.412761 0.075300 tcp 10.0.2.109 52022 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/10 19:23:38.487919 0.159183 tcp 10.0.2.109 52023 -> 195.113.214.237 443 SRPA* 0 0 21 12826 flow=From-Botnet-V1-TCP-Established 1970/01/10 19:23:38.647747 0.050652 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:38.698855 0.146299 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:38.845530 0.315113 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:39.160961 0.136095 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:39.297443 0.408835 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:39.706624 0.192763 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:39.899770 0.142216 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:40.042421 0.044398 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:40.087248 0.269489 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:40.357162 0.033046 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:40.390601 0.213256 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:40.604296 0.070889 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:40.675576 0.153766 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:40.829683 0.143585 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:40.973686 0.102326 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:41.076433 0.188562 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:41.265444 0.192387 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:41.265775 3.007805 tcp 10.0.2.109 52024 -> 187.191.25.14 4085 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 19:23:41.458198 0.316266 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:41.774899 0.314019 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:42.089384 0.179636 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:42.269360 0.352555 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:42.622294 0.206460 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:42.829206 0.082973 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:42.912586 0.195551 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:43.108571 0.145308 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:43.254444 0.149963 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:43.404828 0.143830 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:43.549011 0.065664 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:43.615023 0.171225 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:23:50.271994 0.000000 tcp 10.0.2.109 52024 -> 187.191.25.14 4085 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 19:25:46.893126 3.001026 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 19:25:53.899850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:26:01.901783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:26:17.904581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:26:49.910249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:32:53.917230 3.020741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 19:33:00.944207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:33:08.945831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:33:24.948189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:33:56.954244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:36:42.002560 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 19:36:42.002784 1.951317 tcp 10.0.2.109 52025 -> 211.38.175.27 4598 FSPA* 0 0 15 1783 flow=From-Botnet-V1-TCP-Established 1970/01/10 19:40:00.960055 3.001976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 19:40:07.967666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:40:15.969572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:40:31.972179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:41:03.978353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:47:07.984398 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 19:47:14.991932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:47:22.993604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:47:38.996536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:48:11.002766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:54:04.631026 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 19:54:04.631129 0.165033 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:04.796588 0.048199 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:04.796986 2.998228 tcp 10.0.2.109 52026 -> 142.161.36.205 3707 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 19:54:04.845185 0.156769 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:05.002394 0.121664 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:05.124474 0.163336 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:05.288203 0.238990 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:05.527623 0.036022 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:05.564040 0.050500 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:05.614904 0.147774 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:05.763081 0.410768 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:06.174389 0.162338 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:06.337159 0.291338 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:06.628902 0.135578 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:06.764877 0.140107 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:06.905365 0.044860 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:06.950650 0.248942 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:07.200038 0.032821 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:07.233289 0.212236 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:07.445891 0.072442 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:07.518721 0.153041 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:07.672236 0.138985 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:07.811606 0.194874 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:08.006887 1.396519 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:09.403784 0.089599 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:09.493777 0.192877 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:09.687067 0.311023 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:09.998500 0.182191 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:10.181111 0.451868 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:10.633366 0.203253 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:10.837030 0.093286 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:10.930738 0.151086 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:11.082352 0.148902 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:11.231608 0.064616 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:11.296615 0.173855 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:11.470883 0.185049 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:11.656327 0.142568 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/10 19:54:13.804329 0.000000 tcp 10.0.2.109 52026 -> 142.161.36.205 3707 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 19:54:15.009540 3.000472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 19:54:22.015812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:54:30.017711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:54:46.020459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 19:55:18.026736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:01:22.033069 3.000901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 20:01:29.039832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:01:37.041265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:01:53.044050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:02:25.050939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:06:43.952922 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 20:06:43.953063 2.297805 tcp 10.0.2.109 52027 -> 211.38.175.27 4598 FSPA* 0 0 14 1590 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:08:29.057561 3.001018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 20:08:36.063822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:08:44.065380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:09:00.068232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:09:32.074468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:15:36.083878 2.998120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 20:15:43.087784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:15:51.089570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:16:07.092097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:16:39.098105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:22:43.104642 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 20:22:50.112011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:22:58.113202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:23:14.116369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:23:46.122200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:24:13.071631 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 20:24:13.071720 0.157012 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:13.229266 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 20:24:13.229739 2.995997 tcp 10.0.2.109 52028 -> 70.88.72.57 7429 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 20:24:22.224440 0.000000 tcp 10.0.2.109 52028 -> 70.88.72.57 7429 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/10 20:24:29.736893 0.074489 tcp 10.0.2.109 52029 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:24:29.811230 0.071372 tcp 10.0.2.109 52030 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:24:29.882851 0.155917 tcp 10.0.2.109 52031 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:24:30.039462 0.048235 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:30.088079 0.121530 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:30.210204 0.160886 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:30.371488 0.251747 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:30.623665 0.035122 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:30.659178 0.050588 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:30.710178 0.144994 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:30.855566 0.271553 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:31.127472 0.134532 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:31.262423 0.147357 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:31.410273 0.045489 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:31.456202 0.000000 udp 10.0.2.109 3683 -> 125.113.182.191 5711 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 20:24:50.184907 0.065466 tcp 10.0.2.109 52032 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:24:50.250654 0.074572 tcp 10.0.2.109 52033 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:24:50.325487 0.157226 tcp 10.0.2.109 52034 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:24:50.483344 0.173783 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:50.657539 0.262688 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:50.920696 0.032920 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:50.921098 4.903372 tcp 10.0.2.109 52035 -> 75.92.139.157 6108 SPA_* 0 0 186 133198 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:24:50.954012 0.231126 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:51.185611 0.074022 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:51.260036 0.153255 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:51.413705 0.135741 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:51.549804 0.192980 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:51.743155 0.189445 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:51.932965 0.311577 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:52.244882 0.139581 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:52.384972 0.089863 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:52.475231 0.191270 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:52.666895 0.562052 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:53.229302 0.203535 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:53.433209 0.098072 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:53.531625 0.065353 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:53.597388 0.182442 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:53.780193 0.184147 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:53.964754 0.139395 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:54.104522 0.858036 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:54.962918 0.142023 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:24:56.038510 4.976046 tcp 10.0.2.109 52035 -> 75.92.139.157 6108 A_PA 0 0 216 159120 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:25:01.238401 4.922961 tcp 10.0.2.109 52035 -> 75.92.139.157 6108 A_PA 0 0 216 159120 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:25:06.371443 1.520615 tcp 10.0.2.109 52035 -> 75.92.139.157 6108 FPA_* 0 0 55 36866 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:29:50.129314 3.150965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/10 20:29:57.285987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:30:05.287855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:30:21.290397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:30:53.296844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:36:46.315343 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 20:36:46.315530 2.011822 tcp 10.0.2.109 52036 -> 211.38.175.27 4598 FSPA* 0 0 15 1694 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:36:57.301840 3.002601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 20:37:04.309831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:37:12.311261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:37:28.314259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:38:00.320367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:44:04.325845 3.002081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 20:44:11.334250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:44:19.335563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:44:35.338081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:45:07.344391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:51:11.351502 3.000389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 20:51:18.358022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:51:26.359459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:51:42.362040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:52:14.368062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:54:58.705413 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 20:54:58.705639 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 20:55:16.171724 0.073998 tcp 10.0.2.109 52037 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:55:16.246079 0.074226 tcp 10.0.2.109 52038 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:55:16.320555 0.155891 tcp 10.0.2.109 52039 -> 195.113.214.237 443 SRPA* 0 0 21 11346 flow=From-Botnet-V1-TCP-Established 1970/01/10 20:55:16.476963 0.583558 udp 10.0.2.109 3683 <-> 125.113.182.191 5711 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:17.060957 0.155468 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:17.216853 0.161387 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:17.378639 0.050815 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:17.429824 0.034361 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:17.464522 0.050717 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:17.515671 0.144604 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:17.660646 0.256741 rtcp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:17.917779 0.120719 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:18.038911 0.044070 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:18.083383 0.275198 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:18.358973 0.134722 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:18.494126 0.146438 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:18.640897 0.033041 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:18.674353 0.175645 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:18.850384 0.279598 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:19.130415 0.229868 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:19.360624 0.072063 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:19.433106 0.153040 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:19.586517 0.144823 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:19.731699 0.193427 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:19.925517 0.187477 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:20.113320 0.102666 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:20.216347 0.193268 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:20.409990 0.312218 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:20.722544 1.633051 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:22.355958 0.411853 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:22.768208 0.354213 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:23.122841 0.086623 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:23.210162 0.066131 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:23.276681 0.171870 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:23.448970 0.184058 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:23.633402 0.152095 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:23.785919 0.352796 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:55:24.139112 0.140638 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/10 20:58:18.375133 3.000698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 20:58:25.381584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:58:33.383225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:58:49.386666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 20:59:21.392304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:05:25.399027 3.001027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 21:05:32.406442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:05:40.407889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:05:56.410376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:06:28.416015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:06:48.335745 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 21:06:48.335879 1.963005 tcp 10.0.2.109 52040 -> 211.38.175.27 4598 FSPA* 0 0 14 1740 flow=From-Botnet-V1-TCP-Established 1970/01/10 21:12:32.422066 3.001860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 21:12:39.430097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:12:47.431699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:13:03.434056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:13:35.439958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:19:39.446300 3.001448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 21:19:46.453969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:19:54.455411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:20:10.457962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:20:42.464178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:25:24.750415 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 21:25:24.763024 0.000000 udp 10.0.2.109 3683 -> 125.113.182.191 5711 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 21:25:43.098534 0.069817 tcp 10.0.2.109 52041 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 21:25:43.168583 0.067743 tcp 10.0.2.109 52042 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 21:25:43.236636 0.155496 tcp 10.0.2.109 52043 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/10 21:25:43.392765 0.155097 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:43.548270 0.161687 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:43.710516 0.054499 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:43.765431 0.035412 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:43.801235 0.050755 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:43.852388 0.147641 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:44.000390 0.240678 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:44.241483 0.294477 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:44.536314 0.139218 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:44.675878 0.147569 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:44.823841 0.033112 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:44.857361 0.208028 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:45.065862 0.120181 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:45.186607 0.046282 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:45.233318 0.265159 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:45.498890 0.233252 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:45.732612 0.072153 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:45.805198 0.152089 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:45.957641 0.138336 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:46.096383 0.192606 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:46.289446 0.191610 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:46.481608 0.313697 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:46.795676 0.188361 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:46.984427 0.090539 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:47.075377 0.197029 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:47.272777 0.258466 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 198 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:47.531656 0.231316 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:47.763370 0.079269 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:47.843135 0.067795 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:47.911296 0.172565 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:48.084218 0.190270 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:48.274891 0.145122 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:48.420412 0.483769 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:25:48.904585 0.146900 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:26:46.470892 3.001375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 21:26:53.477475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:27:01.479453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:27:17.482003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:27:49.488014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:33:53.493647 3.001961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 21:34:00.501539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:34:08.503256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:34:24.506143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:34:56.512424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:36:50.306722 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 21:36:50.306814 2.008786 tcp 10.0.2.109 52044 -> 211.38.175.27 4598 FSPA* 0 0 15 1769 flow=From-Botnet-V1-TCP-Established 1970/01/10 21:41:00.517773 3.002134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 21:41:07.525839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:41:15.526992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:41:31.530310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:42:03.535832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:48:07.541545 3.002624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 21:48:14.549605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:48:22.551176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:48:38.553988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:49:10.559847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:55:14.565774 3.001892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 21:55:21.573397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:55:29.575342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:55:45.577875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:55:55.402736 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 21:55:55.402983 0.000000 udp 10.0.2.109 3683 -> 125.113.182.191 5711 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/10 21:56:11.107238 0.075755 tcp 10.0.2.109 52045 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/10 21:56:11.183230 0.076946 tcp 10.0.2.109 52046 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/10 21:56:11.260521 0.155833 tcp 10.0.2.109 52047 -> 195.113.214.237 443 SRPA* 0 0 72 55180 flow=From-Botnet-V1-TCP-Established 1970/01/10 21:56:11.416575 0.155918 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:11.572899 0.165648 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:11.738881 0.052612 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:11.791837 0.035804 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:11.828042 0.050848 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:11.879238 0.145085 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:12.024714 0.139895 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:12.164980 0.147543 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:12.312860 0.033239 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:12.346505 0.288968 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:12.635854 0.265623 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:12.901866 0.165539 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:13.067787 0.120059 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:13.188189 0.044589 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:13.233151 0.244414 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:13.477971 0.231908 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:13.710436 0.073597 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:13.784419 0.152876 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:13.937680 0.177300 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:14.115390 0.310680 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:14.426461 0.188134 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:14.614968 0.143298 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:14.758648 0.192859 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:14.951893 0.090632 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:15.042898 0.139321 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:15.182614 0.420132 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:15.603098 0.203375 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:15.806796 0.083378 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:15.890491 0.068923 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:15.959829 0.142265 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:16.102447 1.157602 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:17.260456 0.173046 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:17.433903 0.189374 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/10 21:56:17.583747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 21:56:17.623666 0.146890 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:02:21.590114 3.001949 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 22:02:28.597693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:02:36.599366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:02:52.601912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:03:24.607783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:06:52.317429 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 22:06:52.317512 1.973906 tcp 10.0.2.109 52048 -> 211.38.175.27 4598 FSPA* 0 0 15 1653 flow=From-Botnet-V1-TCP-Established 1970/01/10 22:09:28.614785 3.000925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 22:09:35.621439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:09:43.623307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:09:59.625823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:10:31.632151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:16:35.638920 3.000899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 22:16:42.645778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:16:50.647409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:17:06.649596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:17:38.655674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:23:42.661541 3.002236 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 22:23:49.669453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:23:57.670772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:24:13.673994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:24:45.679904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:26:26.294810 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 22:26:26.294905 0.055009 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:26.350335 0.036066 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:26.386786 0.050901 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:26.450466 0.157825 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:26.608701 0.162316 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:26.771411 0.146205 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:26.917979 0.137880 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:27.056229 0.146194 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:27.202822 0.033020 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:27.236252 0.243331 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:27.479943 0.268049 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:27.748323 0.174537 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:27.923231 0.120025 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:28.043622 0.044903 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:28.088913 0.259077 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:28.348381 0.231287 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:28.580062 0.072837 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:28.653268 0.153183 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:28.806811 0.188426 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:28.995651 0.160192 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:29.156267 0.192794 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:29.349393 0.185760 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:29.535573 0.312052 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:29.847972 0.089844 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:29.938272 0.139244 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:30.077912 0.246781 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:30.325117 0.205598 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:30.531133 0.086692 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:30.618389 0.073777 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:30.692551 0.146079 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:30.838984 0.184511 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:31.023873 0.146533 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:31.170762 1.037813 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:26:32.208912 0.176617 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:30:49.686730 3.001300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 22:30:56.693477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:31:04.695207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:31:20.697890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:31:52.703692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:36:54.298203 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 22:36:54.298445 2.506111 tcp 10.0.2.109 52049 -> 211.38.175.27 4598 FSPA* 0 0 15 1763 flow=From-Botnet-V1-TCP-Established 1970/01/10 22:37:56.709430 3.002194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 22:38:03.717712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:38:11.719100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:38:27.721881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:38:59.727574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:45:03.734472 3.001005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 22:45:10.740964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:45:18.742646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:45:34.746274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:46:06.751619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:52:10.758366 3.001420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 22:52:17.765314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:52:25.766839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:52:41.769463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:53:13.775558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:56:53.922759 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 22:56:53.922857 0.050802 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:53.974058 0.156888 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:54.131297 0.162348 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:54.294043 0.145964 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:54.440430 0.055593 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:54.496400 0.037900 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:54.534735 0.136222 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:54.671321 0.148118 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:54.819838 0.033118 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:54.853337 0.258312 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:55.112052 0.288314 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:55.400764 0.158670 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:55.559868 0.119978 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:55.680187 0.044176 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:55.724772 0.275922 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:56.001127 0.230669 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:56.232148 0.074768 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:56.307316 0.151789 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:56.459501 0.188080 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:56.647916 0.179350 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:56.827644 0.312681 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:57.140725 0.096576 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:57.237657 0.145265 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:57.383323 0.193864 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:57.577638 0.433616 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:58.011658 0.247595 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:58.259648 0.204620 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:58.464649 0.086149 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:58.551211 0.069226 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:58.620756 0.144680 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:58.765891 0.189828 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:58.956108 0.145279 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:59.101783 0.151057 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:56:59.253251 0.173638 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/10 22:59:17.781413 3.002268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 22:59:24.789467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:59:32.790884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 22:59:48.793400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:00:20.820135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:06:24.826060 3.001655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 23:06:31.833112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:06:39.834713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:06:55.837867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:06:56.809484 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 23:06:56.809765 1.960136 tcp 10.0.2.109 52050 -> 211.38.175.27 4598 FSPA* 0 0 15 1570 flow=From-Botnet-V1-TCP-Established 1970/01/10 23:07:27.843738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:13:31.849644 3.001989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 23:13:38.857085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:13:46.858353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:14:02.861587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:14:34.867524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:20:38.874039 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 23:20:45.880941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:20:53.882588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:21:09.885570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:21:41.891541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:27:19.156846 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 23:27:19.156953 0.299103 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:19.456503 0.439604 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:19.896500 0.480828 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:20.377748 0.480947 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:20.859123 0.477757 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:21.337290 0.256487 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:21.594351 0.477717 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:22.072490 0.501238 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:22.588945 0.381663 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:22.971011 0.487339 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:23.458773 0.409832 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:23.869010 0.262719 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:24.132084 0.523634 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:24.656111 0.624200 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:25.280686 0.517920 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:25.798939 0.576627 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:26.375989 0.359582 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:26.735979 0.415775 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:27.152172 0.512316 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:27.664908 0.483869 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:28.149195 0.447892 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:28.597461 0.576603 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:29.174490 0.616290 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:29.791132 0.413211 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:30.204679 2.316757 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:32.521890 0.550704 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:33.072937 0.437109 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:33.510581 0.341053 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:33.852031 0.288029 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:34.140472 0.427670 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:34.568532 0.539986 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:35.108931 0.482425 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:35.591754 0.478163 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:36.070346 1.149401 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:27:45.897700 3.002046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 23:27:52.904785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:28:00.906627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:28:16.909992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:28:48.915691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:34:52.921603 3.002023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 23:34:59.929145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:35:07.930879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:35:23.933827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:35:55.939505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:36:58.770771 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 23:36:58.770922 2.840156 tcp 10.0.2.109 52051 -> 211.38.175.27 4598 FSPA* 0 0 14 1728 flow=From-Botnet-V1-TCP-Established 1970/01/10 23:41:59.946008 3.001232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 23:42:06.952687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:42:14.954468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:42:30.957763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:43:02.963849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:49:06.970267 3.000636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 23:49:13.976996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:49:21.978883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:49:37.981865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:50:09.987894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:56:13.994224 3.001075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/10 23:56:21.001302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:56:29.002560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:56:45.005717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:57:17.011718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/10 23:57:48.907793 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/10 23:57:48.907965 0.302047 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:49.210399 0.417027 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:49.627865 0.500754 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:50.129110 0.458217 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:50.587756 0.406098 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:50.994415 0.320631 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:51.315469 0.434426 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:51.750435 0.475685 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:52.226508 0.397254 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:52.624198 0.460380 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:53.084983 0.442565 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:53.527887 0.267340 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:53.795640 0.550250 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:54.346265 0.663443 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:55.010120 0.569772 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:55.580355 0.542379 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:56.123153 0.341476 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:56.465029 0.411192 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:56.876624 0.554171 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:57.431159 0.452721 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:57.884213 0.468372 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:58.352956 0.525335 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:58.878713 0.628644 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:59.507704 0.440222 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:57:59.948331 0.389134 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:58:00.337850 0.467445 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:58:00.805758 0.471902 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:58:01.278239 0.331941 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:58:01.610595 0.382340 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:58:01.993338 0.437285 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:58:02.431015 0.479350 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:58:02.910755 0.456683 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:58:03.367810 0.407481 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/10 23:58:03.775634 0.451681 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:03:21.017985 3.000971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 00:03:28.024999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:03:36.026567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:03:52.029462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:04:24.035766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:07:01.612780 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 00:07:01.613016 2.995964 tcp 10.0.2.109 52052 -> 211.38.175.27 4598 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/01/11 00:10:28.041355 3.001464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 00:10:35.048735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:10:43.050391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:10:59.053250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:11:31.059481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:17:35.065858 3.001155 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 00:17:42.072520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:17:50.074077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:18:06.077091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:18:38.083589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:24:42.089842 3.001118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 00:24:49.096991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:24:57.098024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:25:13.101467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:25:45.107072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:28:14.432836 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 00:28:14.432937 0.340613 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:14.773949 0.432669 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:15.206976 0.364534 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:15.571930 0.445138 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:16.017480 0.485310 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:16.503164 0.371231 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:16.874762 0.424806 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:17.300011 0.480245 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:17.780654 0.395750 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:18.176800 0.313292 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:18.490443 0.463232 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:18.954208 0.468696 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:19.423291 0.482957 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:19.906636 0.490812 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:20.397803 0.521224 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:20.919425 0.570959 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:21.490740 0.344732 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:21.835890 0.377718 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:22.213983 0.558870 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:22.773266 0.526290 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:23.300143 0.454384 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:23.754905 0.548897 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:24.304202 0.629370 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:24.933990 0.418896 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:25.353269 1.011952 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:26.365752 1.007491 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:27.373659 0.403741 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:27.777851 0.408790 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:28.187024 0.315992 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:28.503415 0.406874 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:28.910691 0.507671 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:29.418747 0.508743 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:29.927832 0.451500 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:28:30.379770 0.592908 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:31:49.113186 3.002087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 00:31:56.121118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:32:04.122383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:32:20.125352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:32:52.181567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:37:04.635073 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 00:37:04.635177 3.225257 tcp 10.0.2.109 52053 -> 211.38.175.27 4598 FSPA* 0 0 14 1504 flow=From-Botnet-V1-TCP-Established 1970/01/11 00:38:56.186677 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 00:39:03.195154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:39:11.196328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:39:27.199163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:39:59.205609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:46:03.212014 3.001075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 00:46:10.218941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:46:18.219964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:46:34.223746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:47:06.229930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:53:10.235392 3.001865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 00:53:17.243128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:53:25.294462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:53:41.337259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:54:13.343307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 00:58:57.732993 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 00:58:57.733096 0.380934 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:58:58.114503 0.432027 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:58:58.546955 0.332177 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:58:58.879494 0.307868 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:58:59.187729 0.459911 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:58:59.648036 0.470062 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:00.118504 0.494850 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:00.613761 0.352034 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:00.966352 0.232781 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:01.199554 0.336017 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:01.536000 0.424689 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:01.961121 0.475439 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:02.436964 0.495562 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:02.932903 0.446964 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:03.380272 0.498520 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:03.879119 0.563988 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:04.443525 0.371964 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:04.815890 0.411588 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:05.227887 0.499671 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:05.727947 0.472539 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:06.200829 0.453165 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:06.654582 0.499275 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:07.154317 0.637635 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:07.792355 0.443667 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:08.236380 3.557307 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:11.794074 0.646180 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:12.440585 0.509675 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:12.950625 0.451620 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:13.402591 0.418750 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:13.821787 0.333493 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:14.155669 0.449328 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:14.605324 0.446942 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:15.052673 0.485366 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/11 00:59:15.538455 0.487504 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:00:17.349817 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 01:00:24.356892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:00:32.358570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:00:48.361697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:01:20.367546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:07:07.957349 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 01:07:07.957492 2.882298 tcp 10.0.2.109 52054 -> 211.38.175.27 4598 FSPA* 0 0 14 1608 flow=From-Botnet-V1-TCP-Established 1970/01/11 01:07:24.402656 3.002396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 01:07:31.411021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:07:39.412395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:07:55.415636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:08:27.421427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:14:31.427622 3.001227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 01:14:38.434838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:14:46.436237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:15:02.439635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:15:34.445270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:21:38.451329 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 01:21:45.458968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:21:53.460409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:22:09.463411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:22:41.469442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:28:45.474989 3.002264 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 01:28:52.483231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:29:00.484604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:29:16.487583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:29:40.332199 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 01:29:40.332436 0.058380 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:40.391223 0.051276 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:40.442878 0.155400 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:40.598680 0.040784 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:40.639854 0.161049 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:40.801308 0.143840 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:40.945573 0.145682 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:41.091664 0.136590 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:41.228622 0.032967 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:41.262009 0.044689 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:41.307094 0.163566 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:41.471061 0.121258 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:41.592716 0.261247 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:41.854354 0.246358 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:42.101083 0.259836 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:42.361292 0.222957 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:42.584677 0.070192 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:42.655356 0.154558 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:42.810463 0.191420 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:43.002452 0.178248 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:43.181145 0.136590 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:43.318058 0.190060 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:43.508520 0.303107 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:43.812071 0.101761 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:43.914448 4.786608 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:48.493592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:29:48.701421 0.247392 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:48.949233 0.202493 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:49.152129 0.143128 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:49.295689 0.086549 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:49.382599 0.069561 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:49.452569 0.190256 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:49.643203 0.174564 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:49.818238 0.146413 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:29:49.965068 0.851814 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:35:52.499658 3.001350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 01:35:59.506932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:36:07.508305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:36:23.511782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:36:55.517258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:37:10.840260 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 01:37:10.840370 1.954895 tcp 10.0.2.109 52055 -> 211.38.175.27 4598 FSPA* 0 0 15 1799 flow=From-Botnet-V1-TCP-Established 1970/01/11 01:42:59.523874 3.001043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 01:43:06.531007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:43:14.532373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:43:30.535632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:44:02.540954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:50:06.547985 3.001225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 01:50:13.554914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:50:21.556136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:50:37.559480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:51:09.565405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:57:13.571747 3.001197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 01:57:20.578286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:57:28.580400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:57:44.583073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:58:16.589099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 01:59:51.175725 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 01:59:51.175818 0.156318 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:51.332478 0.739830 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:52.072727 0.161239 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:52.234404 0.146368 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:52.381178 0.060108 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:52.441685 0.050432 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:52.492508 0.149047 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:52.641988 0.139135 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:52.781541 0.040362 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:52.822320 0.045741 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:52.868467 0.164273 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:53.033113 0.121299 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:53.154790 0.266563 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:53.421699 0.252948 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:53.675005 0.273617 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:53.949156 0.233502 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:54.183118 0.068125 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:54.251613 0.156947 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:54.408966 0.192095 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:54.601400 0.191900 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/11 01:59:54.793653 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 9964 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 02:00:11.906928 0.071924 tcp 10.0.2.109 52056 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 02:00:11.979232 0.071109 tcp 10.0.2.109 52057 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 02:00:12.050675 0.149082 tcp 10.0.2.109 52058 -> 195.113.214.237 443 SRPA* 0 0 55 50706 flow=From-Botnet-V1-TCP-Established 1970/01/11 02:00:12.200423 0.096516 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:12.297325 0.181285 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:12.479035 0.144844 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:12.624306 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 02:00:22.713998 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 02:00:22.714429 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 02:00:40.336308 0.076978 tcp 10.0.2.109 52059 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 02:00:40.413641 0.075456 tcp 10.0.2.109 52060 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 02:00:40.489416 0.154737 tcp 10.0.2.109 52061 -> 195.113.214.237 443 SRPA* 0 0 38 27931 flow=From-Botnet-V1-TCP-Established 1970/01/11 02:00:40.644795 0.203298 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:40.848518 0.140150 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:40.989151 0.088403 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:41.077941 0.067122 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:41.145475 0.184921 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:41.330804 0.174550 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:41.505772 0.143577 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:00:41.649735 0.149847 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:04:20.595833 3.000916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 02:04:27.602245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:04:35.604041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:04:51.607101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:05:23.613380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:07:12.801175 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 02:07:12.801264 2.101422 tcp 10.0.2.109 52062 -> 211.38.175.27 4598 FSPA* 0 0 14 1573 flow=From-Botnet-V1-TCP-Established 1970/01/11 02:11:27.619306 3.011901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 02:11:34.636618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:11:42.638124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:11:58.641296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:12:30.647201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:18:34.653209 3.001892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 02:18:41.660705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:18:49.662314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:19:05.664971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:19:37.671471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:25:41.676508 3.002510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 02:25:48.684325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:25:56.686071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:26:12.689309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:26:44.694967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:30:42.116785 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 02:30:42.117029 0.360300 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:42.477782 0.247408 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:42.746198 0.155361 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:42.901961 0.146320 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:43.048677 0.054605 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:43.103654 0.051057 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:43.155096 0.148100 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:43.303613 0.139263 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:43.443287 0.058023 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:43.501695 0.044469 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:43.546537 0.161321 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:43.708495 0.055903 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:43.764804 0.279333 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:44.044563 0.261470 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:44.306447 0.160542 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:44.467360 0.120849 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:44.588641 0.245907 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:44.834945 0.187432 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:45.022779 0.192866 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:45.216044 0.231015 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:45.447546 0.153333 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:45.447972 2.997295 tcp 10.0.2.109 52063 -> 99.60.181.75 7801 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 02:30:45.601233 0.070836 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:45.672391 0.096292 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:45.769028 0.180364 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:45.949839 0.144378 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:46.094630 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 02:30:52.428164 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 02:30:52.428570 0.207662 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:52.636628 0.143421 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:52.780470 0.087048 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:52.867868 0.064174 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:52.932367 0.201425 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:53.134207 0.174791 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:53.309429 0.143970 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:53.453833 0.152267 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/11 02:30:54.443836 0.000000 tcp 10.0.2.109 52063 -> 99.60.181.75 7801 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 02:32:48.701586 3.001308 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 02:32:55.708855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:33:03.710135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:33:19.713340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:33:51.718851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:37:14.901671 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 02:37:14.901774 2.189298 tcp 10.0.2.109 52064 -> 211.38.175.27 4598 FSPA* 0 0 15 1620 flow=From-Botnet-V1-TCP-Established 1970/01/11 02:39:55.725356 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 02:40:02.732207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:40:10.733977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:40:26.736775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:40:58.742910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:47:02.749079 3.001507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 02:47:09.756120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:47:17.757660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:47:33.760852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:48:05.767221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:54:09.773426 3.001111 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 02:54:16.780559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:54:24.781886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:54:40.784664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 02:55:12.791153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:01:16.797019 3.001696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 03:01:18.146536 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 03:01:18.146693 0.156352 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:18.303401 0.356376 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:18.660168 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 03:01:23.804104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:01:31.806302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:01:35.222823 0.067175 tcp 10.0.2.109 52065 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:01:35.290341 0.083099 tcp 10.0.2.109 52066 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:01:35.373691 0.166701 tcp 10.0.2.109 52067 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:01:35.540924 0.146611 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:35.687907 0.046592 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:35.735003 0.050812 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:35.735364 3.000172 tcp 10.0.2.109 52068 -> 217.41.6.243 9473 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 03:01:35.786193 0.151742 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:35.938297 0.138551 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:36.077260 0.032981 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:36.110658 0.043514 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:36.166901 0.162301 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:36.329601 0.036816 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:36.366787 0.183040 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:36.550250 0.119943 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:36.670603 0.274936 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:36.945940 0.385432 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:37.331736 0.266553 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:37.598674 0.191158 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:37.790278 0.192918 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:37.983562 0.230097 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:38.214204 0.156022 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:38.370630 0.072357 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:38.443376 0.089711 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:38.533416 0.178639 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:38.712446 0.135954 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:38.848807 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 03:01:44.734199 0.000000 tcp 10.0.2.109 52068 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 03:01:45.760560 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 03:01:45.760901 0.204167 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:45.965550 0.141960 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:46.107879 0.098178 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:46.206609 0.069682 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:46.276626 0.147133 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:46.424158 0.150306 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:46.574848 0.185326 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:46.760579 0.173541 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:01:47.808512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:02:19.815239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:07:17.092852 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 03:07:17.093081 2.569614 tcp 10.0.2.109 52069 -> 211.38.175.27 4598 FSPA* 0 0 14 1508 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:08:23.820487 3.002235 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 03:08:30.828369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:08:38.829776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:08:54.833156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:09:26.838629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:15:30.845304 3.001428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 03:15:37.851918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:15:45.853939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:16:01.856640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:16:33.862812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:22:37.868885 3.001278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 03:22:44.875975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:22:52.877763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:23:08.880744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:23:40.887021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:29:44.892575 3.001823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 03:29:51.899874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:29:59.901781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:30:15.905079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:30:47.911038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:32:10.009188 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 03:32:10.009280 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 03:32:28.738018 0.105137 tcp 10.0.2.109 52070 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:32:28.843428 0.074042 tcp 10.0.2.109 52071 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:32:28.917757 0.162128 tcp 10.0.2.109 52072 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:32:29.080429 0.155732 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:29.236551 0.342932 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:29.579905 0.051001 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:29.631351 0.148559 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:29.780386 0.147750 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:29.780786 3.000374 tcp 10.0.2.109 52073 -> 70.51.157.146 5497 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 03:32:29.928520 0.049474 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:29.978397 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 03:32:38.780595 0.000000 tcp 10.0.2.109 52073 -> 70.51.157.146 5497 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 03:32:46.081268 0.097204 tcp 10.0.2.109 52074 -> 195.113.214.237 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:32:46.178752 0.070392 tcp 10.0.2.109 52075 -> 195.113.214.237 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:32:46.249446 0.164869 tcp 10.0.2.109 52076 -> 195.113.214.237 443 SRPA* 0 0 41 23300 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:32:46.412990 0.034776 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:46.449474 0.044465 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:46.494511 0.161694 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:46.656536 0.207731 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:46.864700 0.181203 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:47.046473 0.122094 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:32:47.169041 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 03:33:02.965389 0.074334 tcp 10.0.2.109 52077 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:33:03.039999 0.071944 tcp 10.0.2.109 52078 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:33:03.112211 0.163546 tcp 10.0.2.109 52079 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:33:03.276388 0.293052 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:03.569855 0.259838 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:03.830038 0.189460 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:04.019858 0.191033 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:04.211254 0.068622 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:04.280225 0.089498 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:04.370164 0.178743 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:04.549310 0.143143 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:04.692864 0.213123 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:04.693188 2.998757 tcp 10.0.2.109 52080 -> 68.195.125.143 4009 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 03:33:04.906365 0.155033 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:05.061817 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 03:33:11.284907 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 03:33:11.285252 0.206984 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:11.492617 0.070242 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:11.563218 0.146308 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:11.709949 0.796399 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:12.506678 0.185104 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:12.692165 0.174201 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:12.866760 0.142832 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:13.009979 0.086546 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/11 03:33:13.690427 0.000000 tcp 10.0.2.109 52080 -> 68.195.125.143 4009 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 03:36:51.940915 2.997433 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 03:36:58.943852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:37:06.945379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:37:19.664595 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 03:37:19.664771 2.561912 tcp 10.0.2.109 52081 -> 211.38.175.27 4598 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/01/11 03:37:22.948770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:37:54.955159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:43:58.960066 3.002785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 03:44:05.968031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:44:13.969402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:44:29.972468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:45:01.979037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:51:05.984274 3.001806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 03:51:12.992376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:51:20.993475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:51:36.996761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:52:09.003032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:58:13.009091 3.000893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 03:58:20.016297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:58:28.017612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:58:44.020806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 03:59:16.026725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:03:39.375618 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 04:03:39.375796 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 04:03:57.363016 0.076118 tcp 10.0.2.109 52082 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 04:03:57.439462 0.073828 tcp 10.0.2.109 52083 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 04:03:57.513578 0.163560 tcp 10.0.2.109 52084 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/11 04:03:57.677810 0.137586 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:57.815762 0.146038 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:57.962354 0.146813 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:57.962750 2.993978 tcp 10.0.2.109 52085 -> 70.51.157.146 5497 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 04:03:58.109580 0.048691 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:58.158623 0.337811 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:58.496768 0.156037 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:58.653170 0.050644 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:58.704141 0.162192 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:58.866727 0.043245 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:58.910366 0.033882 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:58.944602 0.045856 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:58.990873 0.121497 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:59.112712 0.163583 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:59.276632 0.256239 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:59.533267 0.280288 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:03:59.813921 0.188034 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:00.002323 0.189410 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:00.192136 0.068701 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:00.261245 0.105664 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:00.367309 0.181106 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:00.548946 0.137434 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:00.686790 0.211987 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:00.899230 0.151884 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:01.051464 0.064862 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:01.116678 0.146110 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:01.263162 3.680063 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:04.943623 0.209255 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:05.153246 0.149970 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:05.303637 0.184657 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:05.488652 0.171016 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:05.660002 0.140615 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:05.801061 0.088606 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:04:06.954996 0.000000 tcp 10.0.2.109 52085 -> 70.51.157.146 5497 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 04:05:20.032895 3.001370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 04:05:27.040081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:05:35.041234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:05:51.044800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:06:23.050410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:07:22.226529 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 04:07:22.226711 2.184176 tcp 10.0.2.109 52086 -> 211.38.175.27 4598 FSPA* 0 0 12 1524 flow=From-Botnet-V1-TCP-Established 1970/01/11 04:12:27.056207 3.001796 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 04:12:34.064163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:12:42.065674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:12:58.068448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:13:30.074787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:19:34.081012 3.000875 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 04:19:41.088067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:19:49.089218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:20:05.092411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:20:37.098953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:26:41.104837 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 04:26:48.111608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:26:56.113598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:27:12.116410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:27:44.122456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:33:48.128659 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 04:33:55.136036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:34:03.137496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:34:19.150350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:34:28.379896 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 04:34:28.380008 0.461377 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:28.841772 0.490088 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:29.332305 0.496342 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:29.332696 2.996961 tcp 10.0.2.109 52087 -> 70.51.157.146 5497 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 04:34:29.829136 0.279304 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:30.108848 0.635794 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:30.744999 0.475753 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:31.221161 0.389854 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:31.611381 0.418328 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:32.030099 0.199790 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:32.230347 0.033162 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:32.263932 0.176271 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:32.440597 0.464087 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:32.905050 0.444102 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:33.349571 0.412431 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:33.762549 0.365906 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:34.128951 0.468940 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:34.598315 0.430732 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:35.029426 0.315191 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:35.344939 0.342088 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:35.687410 0.420846 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:36.108642 0.404777 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:36.513813 0.484738 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:36.998923 0.391467 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:37.390740 0.422977 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:37.814056 0.305897 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:38.120400 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 04:34:38.327649 0.000000 tcp 10.0.2.109 52087 -> 70.51.157.146 5497 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 04:34:51.156376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:34:55.394963 0.611911 tcp 10.0.2.109 52088 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 04:34:56.007170 0.662261 tcp 10.0.2.109 52089 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 04:34:56.669764 1.341933 tcp 10.0.2.109 52090 -> 195.113.214.237 443 SRPA* 0 0 21 12436 flow=From-Botnet-V1-TCP-Established 1970/01/11 04:34:58.012353 0.458328 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:58.471079 0.486950 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:58.958447 0.553616 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:34:59.512390 0.497713 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:35:00.010580 0.442605 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:35:00.010972 3.002590 tcp 10.0.2.109 52091 -> 99.140.86.184 8325 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 04:35:00.453594 0.456681 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/11 04:35:09.012347 0.000000 tcp 10.0.2.109 52091 -> 99.140.86.184 8325 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 04:37:24.417650 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 04:37:24.417754 3.179114 tcp 10.0.2.109 52092 -> 211.38.175.27 4598 FSPA* 0 0 15 1598 flow=From-Botnet-V1-TCP-Established 1970/01/11 04:40:55.163052 3.000951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 04:41:02.170058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:41:10.171622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:41:26.174184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:41:58.180452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:48:02.186752 3.001198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 04:48:09.194211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:48:17.195738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:48:33.198403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:49:05.204481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:55:09.210686 3.001307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 04:55:16.217836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:55:24.218985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:55:40.222184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 04:56:12.228750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:02:16.234422 3.001771 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 05:02:23.241797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:02:31.243483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:02:47.246454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:03:19.252119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:05:12.165114 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 05:05:12.165272 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 05:05:26.250451 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 05:05:26.250996 0.481878 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:26.251474 0.614522 tcp 10.0.2.109 52093 -> 99.233.251.108 8420 SPA_* 0 0 5 346 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:05:26.733242 0.475385 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:27.209070 0.481358 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:27.690832 0.691592 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:28.382816 0.360978 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:28.744172 0.345327 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:29.089891 0.416557 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:29.506842 0.372937 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:29.880146 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 05:05:40.934221 0.202082 tcp 10.0.2.109 52093 -> 99.233.251.108 8420 A_PA 0 0 5 2322 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:05:48.508826 0.679959 tcp 10.0.2.109 52094 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:05:49.188741 0.662818 tcp 10.0.2.109 52095 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:05:49.851814 1.315956 tcp 10.0.2.109 52096 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:05:51.168410 0.636873 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:51.805713 0.309475 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:52.115585 0.327630 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:52.443592 0.611406 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:53.055390 0.448034 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:53.503875 0.467513 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:53.971818 0.433790 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:54.405954 0.419305 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:54.825664 0.560275 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:55.386478 0.379764 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:55.813212 0.523287 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:56.029114 0.429134 tcp 10.0.2.109 52093 -> 99.233.251.108 8420 A_PA 0 0 4 1712 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:05:56.336835 0.425397 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:56.762649 0.600229 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:57.363275 0.419582 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:57.783252 0.346556 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:58.130190 0.445201 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:58.575799 0.430474 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:59.006721 0.551323 rtcp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:05:59.558493 0.462443 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:06:00.021330 0.485069 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:06:00.506744 0.465859 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:06:00.973005 0.444668 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:06:26.251094 0.000070 tcp 10.0.2.109 52093 -> 99.233.251.108 8420 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:06:42.019475 0.000150 tcp 10.0.2.109 52093 -> 99.233.251.108 8420 RA_PA 0 0 2 319 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:07:27.600351 0.000170 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 05:07:27.600617 3.196271 tcp 10.0.2.109 52097 -> 211.38.175.27 4598 FSPA* 0 0 14 1752 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:09:23.258281 3.001491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 05:09:30.266037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:09:38.267192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:09:54.270442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:10:26.276539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:16:30.282863 3.001212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 05:16:37.289967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:16:45.291133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:17:01.294126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:17:33.299937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:23:37.306170 3.001432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 05:23:44.314398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:23:52.315979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:24:08.318369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:24:40.324182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:30:44.330764 3.001010 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 05:30:51.337679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:30:59.339513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:31:15.342374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:31:47.347876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:36:19.920484 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 05:36:19.920587 0.504395 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:20.425399 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 05:36:28.966004 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 05:36:28.966527 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 05:36:28.966994 0.635414 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 SPA_* 0 0 5 488 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:36:38.777051 0.200418 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 5 2322 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:36:44.707807 0.633181 tcp 10.0.2.109 52099 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:36:45.341273 0.672259 tcp 10.0.2.109 52100 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:36:46.013819 1.380914 tcp 10.0.2.109 52101 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:36:47.395486 0.508748 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:47.904600 0.337904 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:48.117483 0.383401 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:36:48.242846 0.538954 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:48.782227 0.317200 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:49.099827 0.312039 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:49.412258 0.433089 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:49.845743 0.327345 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:50.173498 0.633850 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:50.807711 0.327131 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:51.135188 0.288545 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:51.424106 0.411653 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:51.836212 0.532906 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:36:52.369510 0.000000 udp 10.0.2.109 3683 -> 187.191.25.14 4408 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 05:36:56.466222 0.817338 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 14 7252 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:37:05.121828 0.944213 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 17 9110 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:37:09.362116 0.469831 tcp 10.0.2.109 52102 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:37:09.832217 0.504893 tcp 10.0.2.109 52103 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:37:10.337380 0.899794 tcp 10.0.2.109 52104 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:37:11.237805 0.366822 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:11.605022 0.274934 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:11.880326 0.395925 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:12.276588 0.292540 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:12.569549 0.384670 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:12.954641 0.351871 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:13.306906 0.426652 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:13.733926 0.403370 rtcp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:14.137653 0.322545 udp 10.0.2.109 3683 <-> 65.93.108.147 1365 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:14.393349 0.395360 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 4 2264 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:37:14.460592 0.276439 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:14.737385 0.386614 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:15.124345 0.415593 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:15.540292 0.378557 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:15.919296 0.488030 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:16.407753 0.500512 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:16.908622 0.397696 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/11 05:37:30.802431 3.230171 tcp 10.0.2.109 52105 -> 211.38.175.27 4598 FSPA* 0 0 14 1522 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:37:31.875345 0.264809 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 8 5976 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:37:50.683782 0.207435 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 8 7176 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:37:51.354602 3.001346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 05:37:58.361695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:37:59.253483 0.650501 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:38:06.363305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:38:08.564680 0.412290 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 7 4474 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:38:22.365893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:38:27.461768 0.202304 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 9 8678 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:38:32.450500 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 05:38:36.841998 0.505448 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 10 6684 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:38:42.530734 4.800411 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_PA 0 0 12 6792 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:38:47.532517 0.000000 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 A_ 0 0 1 54 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:38:54.371826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:39:17.325400 0.000061 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:39:27.132836 0.000172 tcp 10.0.2.109 52098 -> 99.233.251.108 8420 RA_A 0 0 2 1528 flow=From-Botnet-V1-TCP-Established 1970/01/11 05:44:58.377757 3.001924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 05:45:05.385455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:45:13.387470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:45:29.390014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:46:01.396016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:52:05.401849 3.002263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 05:52:12.409421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:52:20.410993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:52:36.413921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:53:08.420024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:59:12.426614 3.001135 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 05:59:19.433670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:59:27.434924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 05:59:43.438056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:00:15.444373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:06:19.450537 3.001208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 06:06:26.457625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:06:34.459076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:06:50.461947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:07:22.467962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:07:23.750067 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 06:07:23.750316 0.480631 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:07:24.231481 0.000000 udp 10.0.2.109 3683 -> 187.191.25.14 4408 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 06:07:24.232000 2.992727 tcp 10.0.2.109 52106 -> 65.93.51.243 9776 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 06:07:33.233630 0.000000 tcp 10.0.2.109 52106 -> 65.93.51.243 9776 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 06:07:34.035018 3.129519 tcp 10.0.2.109 52107 -> 211.38.175.27 4598 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:07:42.078446 0.575490 tcp 10.0.2.109 52108 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:07:42.654365 0.547740 tcp 10.0.2.109 52109 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:07:43.202422 1.208820 tcp 10.0.2.109 52110 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:07:44.411836 0.399443 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:07:44.811637 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 06:08:00.093075 0.706442 tcp 10.0.2.109 52111 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:08:00.799804 0.675826 tcp 10.0.2.109 52112 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:08:01.475889 1.300940 tcp 10.0.2.109 52113 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:08:02.777425 0.385630 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:03.163502 0.506269 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:03.163822 3.006750 tcp 10.0.2.109 52114 -> 50.100.234.238 7191 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 06:08:03.670210 0.713858 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:04.384465 0.330768 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:04.715610 0.351937 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:05.067968 0.428895 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:05.497271 0.609835 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:06.107502 0.287674 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:06.395908 0.317006 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:06.713286 0.364729 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:07.078375 0.503198 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:07.581929 0.578207 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:08.160536 0.485094 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:08.645981 0.432465 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:09.078852 0.426939 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:09.506327 0.498409 udp 10.0.2.109 3683 <-> 70.140.18.131 8543 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:10.005103 0.434608 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:10.440039 0.346355 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:10.786783 0.598615 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:11.385789 0.507443 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:11.893688 0.000000 udp 10.0.2.109 3683 -> 65.93.108.147 1365 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 06:08:12.169657 0.000000 tcp 10.0.2.109 52114 -> 50.100.234.238 7191 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 06:08:28.994256 0.769313 tcp 10.0.2.109 52115 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:08:29.763856 0.613945 tcp 10.0.2.109 52116 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:08:30.378044 1.358333 tcp 10.0.2.109 52117 -> 195.113.214.237 443 SRPA* 0 0 23 13794 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:08:31.736888 0.313346 udp 10.0.2.109 3683 <-> 217.39.110.9 4397 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:32.050649 0.459087 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:32.050968 3.001074 tcp 10.0.2.109 52118 -> 217.39.110.9 1059 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 06:08:32.510077 0.396525 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:32.906976 0.563342 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:33.470715 0.459202 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:33.930450 0.503255 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:34.434025 0.383369 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:08:41.050947 0.000000 tcp 10.0.2.109 52118 -> 217.39.110.9 1059 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 06:13:26.474911 3.000799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 06:13:33.481476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:13:41.482612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:13:57.486263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:14:29.491854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:20:33.498415 3.001391 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 06:20:40.505757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:20:48.507251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:21:04.509818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:21:36.516305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:27:40.523318 3.250422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 06:27:47.779657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:27:55.781405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:28:11.784178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:28:43.789956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:34:47.796615 3.001151 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 06:34:54.803708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:35:02.805267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:35:18.807908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:35:50.814282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:37:37.278629 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 06:37:37.278732 3.292508 tcp 10.0.2.109 52119 -> 211.38.175.27 4598 FSPA* 0 0 15 1601 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:38:43.783272 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 06:38:43.783368 4.491879 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:38:48.275749 0.000000 udp 10.0.2.109 3683 -> 65.93.108.147 1365 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 06:38:48.276105 4.580096 tcp 10.0.2.109 52120 -> 99.233.251.108 8420 SPA_* 0 0 10 2659 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:38:57.008989 4.886453 tcp 10.0.2.109 52120 -> 99.233.251.108 8420 A_PA 0 0 12 7040 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:02.099553 0.970908 tcp 10.0.2.109 52120 -> 99.233.251.108 8420 A_PA 0 0 15 6706 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:04.604976 0.075749 tcp 10.0.2.109 52121 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:04.681025 0.070603 tcp 10.0.2.109 52122 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:04.751940 0.172996 tcp 10.0.2.109 52123 -> 195.113.214.237 443 SRPA* 0 0 23 14004 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:04.926011 0.135374 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:05.061778 0.163058 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:05.225267 0.142475 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:05.368162 0.144103 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:05.512642 0.034745 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:05.547740 0.313111 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:05.861203 0.157907 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:06.019466 0.055617 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:06.075469 0.048926 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:06.124804 0.266788 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:06.391952 0.040437 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:06.432779 0.045488 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:06.478662 0.168009 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:06.647090 0.122896 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:06.770338 0.267995 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:07.038702 0.070810 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:07.109922 0.181117 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:07.291416 0.000000 udp 10.0.2.109 3683 -> 70.140.18.131 8543 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 06:39:08.594638 1.115447 tcp 10.0.2.109 52120 -> 99.233.251.108 8420 A_PA 0 0 17 9110 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:15.895755 0.493697 tcp 10.0.2.109 52120 -> 99.233.251.108 8420 A_PA 0 0 8 4528 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:24.572262 0.076602 tcp 10.0.2.109 52124 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:24.649164 0.076455 tcp 10.0.2.109 52125 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:24.725902 0.171256 tcp 10.0.2.109 52126 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:24.897825 0.111819 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:25.009998 0.143727 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:25.294997 0.210826 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:25.506417 0.153446 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:25.660298 0.000000 udp 10.0.2.109 3683 -> 217.39.110.9 4397 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 06:39:29.027845 0.200910 tcp 10.0.2.109 52120 -> 99.233.251.108 8420 A_PA 0 0 9 8678 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:35.960547 0.417903 tcp 10.0.2.109 52120 -> 99.233.251.108 8420 A_PA 0 0 7 4474 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:40.675558 0.075139 tcp 10.0.2.109 52127 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:40.750981 0.076131 tcp 10.0.2.109 52128 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:40.827430 0.184641 tcp 10.0.2.109 52129 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:39:41.012573 0.145676 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:41.158653 0.151275 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:41.310465 0.205899 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:41.516739 0.184751 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:41.701927 0.172805 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:39:41.875135 0.100966 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/11 06:40:06.181414 0.000127 tcp 10.0.2.109 52120 -> 99.233.251.108 8420 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:40:31.984228 0.000151 tcp 10.0.2.109 52120 -> 99.233.251.108 8420 RA_A 0 0 2 1528 flow=From-Botnet-V1-TCP-Established 1970/01/11 06:41:54.820835 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 06:42:01.827910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:42:09.829086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:42:25.831923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:42:57.838004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:49:01.844237 3.001904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 06:49:08.851805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:49:16.853294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:49:32.856315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:50:04.861982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:56:08.868342 3.001629 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 06:56:15.875564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:56:23.877038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:56:39.879844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 06:57:11.886528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:03:15.892668 3.001282 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 07:03:22.899436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:03:30.900950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:03:46.904140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:04:18.909791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:07:40.570390 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 07:07:40.570574 2.170584 tcp 10.0.2.109 52130 -> 211.38.175.27 4598 FSPA* 0 0 15 1777 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:09:50.046720 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 07:09:50.046824 0.000000 udp 10.0.2.109 3683 -> 70.140.18.131 8543 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 07:10:05.300672 0.075262 tcp 10.0.2.109 52131 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:05.376226 0.077035 tcp 10.0.2.109 52132 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:05.453119 0.167840 tcp 10.0.2.109 52133 -> 195.113.214.237 443 SRPA* 0 0 27 11652 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:05.619618 0.000000 udp 10.0.2.109 3683 -> 217.39.110.9 4397 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 07:10:21.040960 0.074933 tcp 10.0.2.109 52134 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:21.116173 0.073118 tcp 10.0.2.109 52135 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:21.189633 0.168442 tcp 10.0.2.109 52136 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:21.358600 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 07:10:22.916972 3.000975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 07:10:29.460645 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 07:10:29.461061 0.143127 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:29.461386 0.256977 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 SPA_* 0 0 5 430 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:29.604595 0.147073 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:29.752089 0.036928 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:29.789404 0.312470 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:29.923567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:10:30.102440 0.156510 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:30.259300 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 07:10:37.925361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:10:39.209938 0.397522 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:47.379356 0.073323 tcp 10.0.2.109 52138 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:47.452967 0.071791 tcp 10.0.2.109 52139 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:47.525009 0.163385 tcp 10.0.2.109 52140 -> 195.113.214.237 443 SRPA* 0 0 21 13038 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:47.689089 0.134075 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:47.823545 0.035784 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:47.859756 0.046012 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:47.906119 0.214560 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:48.070270 4.245564 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 6 2296 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:10:48.121076 0.124038 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:48.245495 0.050205 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:48.296106 0.057062 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:48.353565 0.260888 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:48.614780 0.180410 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:48.795613 0.070163 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:48.866205 0.275823 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:49.142382 0.096188 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:49.239012 0.230508 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:49.469903 0.233045 udp 10.0.2.109 3683 <-> 99.60.181.75 8527 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:49.703339 0.144387 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:49.848080 0.149141 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:49.997628 0.204035 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:50.202206 0.184083 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:50.386622 0.172485 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:50.559468 0.085414 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:50.645405 0.142194 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:10:53.927692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:10:55.486422 1.365738 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 7 2998 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:11:05.439420 0.216161 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 5 2366 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:11:21.223775 0.403935 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 4 2963 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:11:25.934121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:11:27.342812 2.917210 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 4 1264 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:11:32.052612 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 07:11:35.113387 3.999728 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 6 1634 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:11:44.259753 3.856129 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 7 2311 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:11:52.311914 4.356027 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 7 2616 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:12:01.830789 4.250719 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 9 3147 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:12:09.918602 2.593659 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 10 3333 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:12:15.612675 4.589220 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 4 1264 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:12:17.057713 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 07:12:30.891583 4.101989 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 9 5867 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:12:38.852303 1.758884 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 5 1842 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:12:45.087710 3.815620 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 4 1143 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:13:08.858545 4.269585 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 9 5255 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:13:14.059775 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 07:13:15.526073 3.440724 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 4 1788 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:13:25.668854 3.972790 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 4 2094 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:13:32.870892 3.540883 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 6 2145 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:13:43.013475 3.092458 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 5 1842 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:13:52.225746 4.244393 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 7 2169 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:13:58.553115 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 07:14:01.033141 0.194366 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 2 533 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:14:21.928779 0.399193 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 7 4551 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:14:28.581153 0.396171 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 4 1767 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:14:35.568905 0.398490 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 4 2241 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:14:42.555695 0.201447 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 A_PA 0 0 2 1156 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:14:47.554083 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 07:15:12.549793 0.000062 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:15:19.945271 0.000154 tcp 10.0.2.109 52137 -> 99.233.251.108 8420 RA_PA 0 0 2 632 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:17:29.940841 3.000713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 07:17:36.947871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:17:44.949098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:18:00.952012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:18:32.958263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:24:36.964485 3.000865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 07:24:43.971311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:24:51.972858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:25:07.975628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:25:39.982391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:31:43.988646 3.000829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 07:31:50.995561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:31:58.996692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:32:14.999625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:32:47.015895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:37:42.742046 0.000196 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 07:37:42.742351 2.033875 tcp 10.0.2.109 52141 -> 211.38.175.27 4598 FSPA* 0 0 14 1555 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:38:51.021849 3.001857 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 07:38:58.029617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:39:06.031412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:39:22.033692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:39:54.039692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:41:11.251826 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 07:41:11.251916 0.161890 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:11.414197 0.092880 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:11.507499 0.142359 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:11.650327 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 07:41:11.650690 2.995195 tcp 10.0.2.109 52142 -> 50.100.234.238 7191 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 07:41:18.475795 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 07:41:18.476201 0.146004 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:18.622570 0.155660 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:18.778573 0.314428 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:19.093423 0.045869 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:19.139714 0.136778 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:19.276902 0.032875 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:19.310168 0.162781 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:19.473304 0.121313 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:19.595016 0.050617 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:19.646061 0.053509 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:19.699947 0.267158 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:19.967422 0.180719 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:20.148552 0.069890 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:20.218846 0.283938 rtcp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:20.503151 0.093041 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:20.596537 0.153679 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:20.644672 0.000000 tcp 10.0.2.109 52142 -> 50.100.234.238 7191 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 07:41:20.750552 0.000000 udp 10.0.2.109 3683 -> 99.60.181.75 8527 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 07:41:36.669497 0.077130 tcp 10.0.2.109 52143 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:41:36.746900 0.076695 tcp 10.0.2.109 52144 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:41:36.823870 0.165606 tcp 10.0.2.109 52145 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 07:41:36.990266 0.146917 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:37.137755 0.860777 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:37.138098 3.004691 tcp 10.0.2.109 52146 -> 68.195.125.143 4009 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 07:41:37.998920 0.173099 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:38.172407 0.076979 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:38.249822 0.138451 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:38.388613 0.213669 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:38.602633 0.184746 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/11 07:41:46.141476 0.000000 tcp 10.0.2.109 52146 -> 68.195.125.143 4009 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 07:45:58.045748 3.002208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 07:46:05.053425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:46:13.054827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:46:29.057888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:47:01.064235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:53:05.070040 3.001517 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 07:53:12.077189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:53:20.078683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:53:36.081645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 07:54:08.088086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:00:12.094839 3.000975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 08:00:19.101503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:00:27.103101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:00:43.105882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:01:15.111780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:07:19.117531 3.002117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 08:07:26.125181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:07:34.127046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:07:44.782452 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:07:44.782545 0.335433 tcp 10.0.2.109 52147 -> 211.38.175.27 4598 SPA_* 0 0 9 1151 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:07:50.129783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:08:03.120383 0.021063 tcp 10.0.2.109 52147 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:08:22.136085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:12:06.809548 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:12:06.809731 0.000000 udp 10.0.2.109 3683 -> 99.60.181.75 8527 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 08:12:24.185847 0.100563 tcp 10.0.2.109 52148 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:12:24.286726 0.077322 tcp 10.0.2.109 52149 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:12:24.364021 0.158919 tcp 10.0.2.109 52150 -> 195.113.214.237 443 SRPA* 0 0 35 24849 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:12:24.523580 0.146774 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:24.689305 0.161992 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:24.689799 2.999336 tcp 10.0.2.109 52151 -> 50.100.234.238 7191 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 08:12:24.851736 0.718705 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:25.570871 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 08:12:33.687755 0.000000 tcp 10.0.2.109 52151 -> 50.100.234.238 7191 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 08:12:43.582638 0.074126 tcp 10.0.2.109 52152 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:12:43.657107 0.087262 tcp 10.0.2.109 52153 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:12:43.744681 0.170078 tcp 10.0.2.109 52154 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:12:43.915270 0.148253 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:44.063925 0.156629 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:44.220967 0.043886 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:44.265193 0.350749 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:44.616328 0.033062 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:44.649777 0.166954 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:44.817118 0.120296 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:44.937822 0.050033 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:44.988204 0.052910 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:45.041458 0.338056 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:45.379912 0.134928 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:45.515206 0.096382 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:45.612010 0.152415 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:45.764833 0.178378 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:45.943726 0.072305 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:45.944128 3.005093 tcp 10.0.2.109 52155 -> 99.181.8.171 8724 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 08:12:46.016375 0.279795 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:46.296567 0.138051 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:46.434971 0.150153 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:46.585536 0.149935 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:46.735803 0.207076 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:46.943297 0.190019 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:47.133736 0.173252 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:47.307391 0.114612 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:12:54.947728 0.000000 tcp 10.0.2.109 52155 -> 99.181.8.171 8724 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/11 08:13:02.702458 0.009770 udp 10.0.2.109 59124 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/11 08:13:02.712630 0.009717 udp 10.0.2.109 50321 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/11 08:14:26.141836 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 08:14:33.149065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:14:41.150856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:14:57.153427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:15:29.159878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:21:33.165748 3.001655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 08:21:40.173475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:21:48.174975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:22:04.177568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:22:36.184018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:28:40.189619 3.001832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 08:28:47.197242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:28:55.198865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:29:11.201982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:29:43.207515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:35:47.213587 3.031642 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 08:35:54.250997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:36:02.252707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:36:18.255524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:36:50.261747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:38:03.147055 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:38:03.147251 0.515979 tcp 10.0.2.109 52156 -> 211.38.175.27 4598 SPA_* 0 0 9 1186 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:38:26.961537 0.005621 tcp 10.0.2.109 52156 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:42:48.026572 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:42:48.026759 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 08:42:54.267724 3.001924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 08:42:54.280163 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 08:42:54.280623 0.150508 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:54.281014 0.289313 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 SPA_* 0 0 5 377 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:42:54.431500 0.163539 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:54.595423 0.035959 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:54.631702 0.146703 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:54.778774 0.156759 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:54.935924 0.043752 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:54.980080 0.354572 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:55.335020 0.033044 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:55.368445 0.167122 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:55.535965 0.122736 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:55.659113 0.049761 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:55.709286 0.053379 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:55.763047 0.520485 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:56.283948 0.140796 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:56.425131 0.091977 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:56.517509 0.152875 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:56.670751 0.183371 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:56.854557 0.070837 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:56.925817 0.149902 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:57.076222 0.143181 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:57.219855 0.869180 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:58.089407 0.265159 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:58.354965 0.152676 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:58.508024 0.088535 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:58.596947 0.191233 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:42:58.788571 0.172577 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/11 08:43:01.275458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:43:01.590955 0.195393 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 5 2322 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:43:09.069587 0.301057 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 6 2344 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:43:09.276905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:43:25.279406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:43:30.578459 4.922174 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 8 5263 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:43:35.694756 0.000000 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_ 0 0 1 54 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:43:44.841089 0.196769 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 2 632 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:43:49.554469 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:43:52.268244 2.723850 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 10 7022 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:43:57.285595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:43:59.793151 2.046338 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 5 2366 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:44:06.498203 0.401254 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 4 1793 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:44:13.355157 0.404411 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 4 1738 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:44:27.834445 0.205568 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 5 3975 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:44:33.530049 1.810372 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 6 1896 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:44:38.555128 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:44:41.074836 1.846385 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 6 2171 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:44:47.553945 2.647865 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 2199 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:44:55.176978 2.355607 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 4 1788 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:45:02.376185 2.796826 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 2152 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:45:10.411463 2.573562 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 8 2956 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:45:17.485926 3.035652 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 10 3610 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:45:23.058795 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:45:26.678091 0.196821 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 2 632 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:45:36.620113 0.398555 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 5509 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:45:41.745734 2.603593 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 6 2420 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:45:50.466546 2.134532 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 6 2800 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:45:58.515723 0.354645 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 5 1842 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:46:06.624750 0.407235 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 4 1788 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:46:11.558557 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:46:12.224003 3.400240 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 4 981 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:46:32.463110 4.937164 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 8 4936 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:46:37.596135 3.439825 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 4 1264 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:46:45.670346 4.744071 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 4 1108 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:47:05.702193 0.394616 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 5094 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:47:11.793681 2.715333 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 2474 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:47:20.263536 2.988261 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 2736 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:47:26.862396 2.388141 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 2736 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:47:35.549853 0.400345 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 4 1995 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:47:41.194035 1.725964 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 2634 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:47:48.331372 2.770322 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 9 3342 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:47:53.054892 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:47:56.633408 3.008572 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 10 3761 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:48:03.998719 3.951121 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 10 4040 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:48:12.354289 4.735140 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 12 4840 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:48:21.297250 4.894786 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 13 5151 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:48:29.658218 4.853205 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 4 1676 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:48:34.704418 4.182165 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 11 5235 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:48:39.551291 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:48:42.814611 4.267792 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 15 6574 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:48:50.669111 4.860559 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 13 6607 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:48:55.724719 4.710492 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 12 5792 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:49:06.829169 4.478225 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 13 10418 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:49:16.875291 0.560336 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 4046 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:49:22.130557 1.341881 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 8 4449 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:49:28.370931 1.282322 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 10 5256 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:49:34.503889 1.548654 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 10 5780 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:49:40.649388 1.592291 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 3154 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:49:53.700332 0.897527 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 9 7217 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:50:00.835422 0.433276 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 3426 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:50:01.292076 3.001519 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 08:50:05.555207 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 08:50:06.294755 1.173685 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 8 3588 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:50:08.299340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:50:12.637135 1.563813 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 8 3442 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:50:16.300256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:50:27.577022 0.400661 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 A_PA 0 0 7 4741 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:50:32.303286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:50:57.780017 4.508061 tcp 10.0.2.109 52157 -> 99.233.251.108 8420 FRA_* 0 0 4 1264 flow=From-Botnet-V1-TCP-Established 1970/01/11 08:51:04.309945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:57:08.315967 3.001615 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 08:57:15.323254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:57:23.324547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:57:39.327501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 08:58:11.333697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:04:15.340380 3.000954 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 09:04:22.347239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:04:30.348212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:04:46.351458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:05:18.357640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:08:26.969608 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:08:26.969705 2.001919 tcp 10.0.2.109 52158 -> 211.38.175.27 4598 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:11:22.363924 3.001178 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 09:11:29.371383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:11:37.372799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:11:53.375757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:12:25.381265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:13:07.222272 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:13:07.222371 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 09:13:13.532414 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 09:13:13.533195 0.240931 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 SPA_* 0 0 5 331 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:13:13.554252 0.148422 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:13.703076 0.162756 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:13.866394 0.322083 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:14.188870 0.147192 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:14.336430 0.155588 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:14.492437 0.043613 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:14.536404 0.173645 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:14.710480 0.121139 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:14.832047 0.049983 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:14.882442 0.054497 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:14.937280 0.335209 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:15.272850 0.032985 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:15.306396 0.639430 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:15.946261 0.138755 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:16.085366 0.096621 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:16.182485 0.153873 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:16.336749 0.179310 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:16.516471 0.069917 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:16.586741 0.706792 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:17.293961 0.144621 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:17.438972 0.137714 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:17.577082 0.085430 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:17.662929 0.184452 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:17.847721 0.172712 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:18.020789 0.300585 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:18.321755 0.280983 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:13:20.205142 0.205584 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 5 2322 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:13:26.272552 0.174414 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 6 2459 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:13:32.759557 0.286363 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 6 2420 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:13:39.783844 4.973182 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 6 2194 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:13:44.955939 2.192770 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 5 1842 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:13:53.248276 0.399786 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 4 1788 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:13:59.081284 0.979472 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 5 1445 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:14:05.054650 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:14:11.764804 0.399872 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 4 2783 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:14:18.210002 4.902299 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 5 1580 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:14:23.311508 3.043819 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 6 1896 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:14:30.197935 2.636577 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 6 1896 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:14:37.119248 2.375070 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 5 1842 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:14:43.942117 2.692581 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 6 2420 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:14:51.551608 0.260405 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:14:56.235215 0.403980 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 7 5094 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:01.289678 0.346336 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 5 1831 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:07.014708 0.429669 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 4 2251 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:12.567215 4.901468 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 7 3001 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:18.138431 4.968959 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 7 3485 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:23.742994 4.951995 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 7 3522 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:29.871652 4.571595 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 10 4429 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:35.701756 4.429828 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 10 4732 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:39.159794 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:15:41.467553 3.811462 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 10 5506 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:47.304064 3.449021 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 13 5942 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:53.159485 3.304033 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 13 6216 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:15:58.293641 4.160893 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 17 6930 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:16:03.346777 4.892555 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 16 7532 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:16:08.547066 1.894373 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 15 6954 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:16:13.857523 2.906365 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 15 7954 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:16:20.312084 1.876389 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 13 5846 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:16:28.232014 4.585588 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 11 7738 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:16:34.406665 0.054067 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 3 1210 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:16:44.100186 2.627169 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 9 7202 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:16:49.160722 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:16:50.452333 2.263466 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 7 2902 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:16:57.040601 1.874648 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 4 1264 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:17:22.819358 0.200593 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 5 3519 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:17:29.078157 4.967243 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 5 1580 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:17:33.664999 0.000037 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:17:35.535576 4.528591 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 A_PA 0 0 5 1842 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:17:41.461628 0.087969 tcp 10.0.2.109 52159 -> 99.233.251.108 8420 FA_F* 0 0 6 1289 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:18:29.497126 3.002210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 09:18:36.505265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:18:44.656496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:19:00.659789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:19:32.665613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:25:36.672296 3.001131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 09:25:43.679320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:25:51.680990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:26:07.683522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:26:39.689542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:32:43.696499 3.001023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 09:32:50.703256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:32:58.705031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:33:14.707685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:33:46.713837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:38:29.160525 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:38:29.160800 1.983289 tcp 10.0.2.109 52160 -> 211.38.175.27 4598 FSPA* 0 0 15 1586 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:39:50.720042 3.001737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 09:39:57.727162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:40:05.729064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:40:21.731618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:40:53.737646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:43:21.640923 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:43:21.641167 0.161253 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:21.802804 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 09:43:28.322870 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 09:43:28.323371 0.150194 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:28.323782 0.199043 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 SPA_* 0 0 5 357 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:43:28.475042 0.034809 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:28.510227 0.149370 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:28.659986 0.155872 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:28.816289 0.045774 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:28.862432 0.160523 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:29.023318 0.122141 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:29.145839 0.049939 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:29.196200 0.054106 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:29.250694 0.313001 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:29.564086 0.032882 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:29.597301 0.488040 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:30.085761 0.154132 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:30.240259 0.181006 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:30.421653 0.072685 udp 10.0.2.109 3683 <-> 94.69.181.33 13055 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:30.520035 0.138392 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:30.658846 0.103517 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:30.762760 0.150114 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:30.913719 0.145258 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:31.059326 0.148899 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:31.208606 0.086934 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:31.295880 0.190197 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:31.486427 0.172227 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:31.659000 0.204523 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:31.863874 0.266683 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/11 09:43:33.998779 0.199672 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 5 2322 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:43:40.836484 0.123944 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 6 2459 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:43:47.204715 0.413200 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 5 2366 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:43:53.942203 4.864994 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 6 2194 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:43:59.003971 1.414650 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 4 1788 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:44:07.000099 0.395928 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 4 1788 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:44:12.108827 2.028184 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 5 1445 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:44:18.659004 0.072368 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 3 1210 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:44:18.732802 0.000031 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:44:36.922714 0.196557 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 5 3702 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:44:43.821035 2.240685 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 4 1788 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:45:07.558671 0.204430 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 A_PA 0 0 2 632 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:45:12.730050 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 09:45:37.556431 1.268191 tcp 10.0.2.109 52161 -> 99.233.251.108 8420 FRA_* 0 0 7 3218 flow=From-Botnet-V1-TCP-Established 1970/01/11 09:46:57.743502 3.002029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 09:47:04.751520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:47:12.753023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:47:28.755836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:48:00.762251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:54:04.767990 3.001289 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 09:54:11.775442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:54:19.776335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:54:35.779651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 09:55:07.786036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:01:11.792791 3.000255 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 10:01:18.799504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:01:26.800976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:01:42.803559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:02:14.809363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:08:18.815523 3.002033 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 10:08:25.823108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:08:31.151878 0.000229 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 10:08:31.152233 1.986047 tcp 10.0.2.109 52162 -> 211.38.175.27 4598 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:08:33.824635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:08:49.827754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:09:21.833542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:14:01.155645 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 10:14:01.155874 0.162686 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:01.318990 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 10:14:06.411734 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 10:14:06.412300 0.152056 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:06.412858 0.311099 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 SPA_* 0 0 5 510 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:06.585099 0.037464 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:06.622978 0.145259 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:06.768675 0.154821 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:06.923957 0.045031 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:06.969527 0.051051 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:07.020975 0.053748 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:07.075075 0.313897 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:07.389403 0.033137 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:07.422874 0.158876 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:07.582248 0.121126 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:07.703724 0.405751 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:08.109854 0.160917 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:08.271202 0.181313 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:08.452900 0.000000 udp 10.0.2.109 3683 -> 94.69.181.33 13055 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 10:14:11.422380 4.742809 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 8708 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:21.344024 0.831602 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 7252 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:24.871873 0.070822 tcp 10.0.2.109 52164 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:24.942988 0.071965 tcp 10.0.2.109 52165 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:25.014781 0.165373 tcp 10.0.2.109 52166 -> 195.113.214.237 443 SRPA* 0 0 35 27167 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:25.180764 0.141217 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:25.322413 0.096769 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:25.419580 0.772343 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:26.192289 0.091487 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:26.284168 0.184691 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:26.469332 0.171509 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:26.491058 0.891835 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 9056 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:26.641242 0.243758 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:26.885384 0.145405 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:27.031196 0.138556 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:27.170163 0.280852 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:14:31.893377 4.853537 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 19 13314 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:36.982483 4.951912 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:42.151387 0.373506 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 9 4582 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:47.842090 0.791077 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:52.864584 0.866367 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:14:57.907358 4.838665 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 10476 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:02.943975 4.835878 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 26 16368 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:07.981188 4.996403 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 9 6030 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:13.016728 4.873115 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 19 11866 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:18.085887 0.000000 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_ 0 0 1 54 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:23.148895 4.972554 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 10476 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:25.839380 3.001700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 10:15:28.320396 0.471398 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 13 7474 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:32.847429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:15:33.466406 0.862975 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 9056 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:38.745907 0.861069 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 15 9002 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:40.848564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:15:46.184296 4.618837 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 23 17626 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:53.663171 4.389726 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 29 17950 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:15:56.851279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:16:01.911846 0.787739 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 9056 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:07.380308 1.107633 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 9056 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:13.322645 1.154574 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 17 9110 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:18.960084 0.764217 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 15 9002 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:24.851422 0.921667 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 17 9110 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:28.857713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:16:30.292770 0.827677 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 9056 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:35.669130 1.009525 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 9056 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:40.853449 0.652445 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:46.146568 0.997125 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 9056 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:51.479273 0.691918 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 15 9002 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:16:57.222303 0.887668 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 16 9056 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:02.810820 0.656196 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:09.225736 4.887441 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 21 13422 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:14.310512 4.808998 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 24 13584 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:23.983860 0.673699 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:30.412347 0.664995 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:36.741408 0.654947 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:41.732268 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 10:17:42.174912 0.658831 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:47.255362 0.665519 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:52.479610 0.659298 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 14 8948 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:17:57.612773 0.683105 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 15 9002 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:02.757311 1.216953 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 17 9110 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:08.139061 1.243048 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 17 9110 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:13.406468 1.193353 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 17 9110 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:18.971240 1.186017 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 17 9110 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:24.544661 1.331040 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 17 9110 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:30.340883 1.803693 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 18 9164 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:36.533084 1.610245 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 18 9164 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:41.962479 4.860035 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 26 13692 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:47.016425 4.776639 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 19 9218 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:52.728767 4.810541 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 22 13476 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:18:57.741905 4.823101 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 7 4474 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:19:02.768832 4.937488 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 A_PA 0 0 15 8618 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:19:07.810333 0.291068 tcp 10.0.2.109 52163 -> 99.233.251.108 8420 FPA_* 0 0 6 328 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:22:32.863994 3.001407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/11 10:22:39.871026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:22:47.872620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:23:03.875281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:23:35.881726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:29:39.888081 3.031583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 10:29:46.924988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:29:54.926588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:30:10.929842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:30:42.935834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:36:46.941830 3.001398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 10:36:53.949117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:37:01.950555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:37:17.953611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:37:49.959942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:38:33.142603 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 10:38:33.142704 1.957385 tcp 10.0.2.109 52167 -> 211.38.175.27 4598 FSPA* 0 0 14 1668 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:43:53.966267 3.001285 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 10:44:00.973284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:44:08.974148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:44:24.977750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:44:48.361754 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 10:44:48.361945 0.000000 udp 10.0.2.109 3683 -> 94.69.181.33 13055 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 10:44:56.983189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:45:06.829738 0.073827 tcp 10.0.2.109 52168 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:45:06.903858 0.074005 tcp 10.0.2.109 52169 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:45:06.978369 0.144712 tcp 10.0.2.109 52170 -> 195.113.214.237 443 SRPA* 0 0 34 25145 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:45:07.123640 0.160884 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:07.284903 0.146279 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:07.431556 0.156509 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:07.588440 0.043666 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:07.632463 3.246448 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:10.879326 0.149155 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:11.028931 0.036269 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:11.065536 0.049758 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:11.115624 0.314700 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:11.430695 0.032923 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:11.464026 0.160490 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:11.624864 0.120874 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:11.746091 0.055143 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:11.801581 0.152380 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:11.954371 0.000000 udp 10.0.2.109 3683 -> 201.209.10.82 5879 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 10:45:30.422310 0.073835 tcp 10.0.2.109 52171 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:45:30.496438 0.071002 tcp 10.0.2.109 52172 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:45:30.567739 0.148813 tcp 10.0.2.109 52173 -> 195.113.214.237 443 SRPA* 0 0 33 23891 flow=From-Botnet-V1-TCP-Established 1970/01/11 10:45:30.717098 0.185815 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:30.903436 0.137540 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:31.041388 0.102198 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:31.144020 0.781288 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:31.925701 0.085072 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:32.011115 0.189923 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:32.201370 0.172150 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:32.373925 0.282449 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:32.656750 0.240013 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:32.897085 0.694791 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:45:33.592279 0.140501 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/11 10:51:00.989818 3.001446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 10:51:07.996783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:51:15.998389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:51:32.001368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:52:04.007346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:58:08.014388 3.000417 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 10:58:15.021319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:58:23.022770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:58:39.025318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 10:59:11.031594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:05:15.036943 3.001914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 11:05:22.044516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:05:30.046554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:05:46.049529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:06:18.055391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:08:35.103098 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 11:08:35.103202 1.952903 tcp 10.0.2.109 52174 -> 211.38.175.27 4598 FSPA* 0 0 14 1720 flow=From-Botnet-V1-TCP-Established 1970/01/11 11:12:22.061579 3.001891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 11:12:29.068630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:12:37.070053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:12:53.073010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:13:25.079628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:15:51.470236 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 11:15:51.470336 0.000000 udp 10.0.2.109 3683 -> 201.209.10.82 5879 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 11:16:08.786740 0.070803 tcp 10.0.2.109 52175 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 11:16:08.857809 0.071471 tcp 10.0.2.109 52176 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 11:16:08.929537 0.132137 tcp 10.0.2.109 52177 -> 195.113.214.237 443 SRPA* 0 0 33 23869 flow=From-Botnet-V1-TCP-Established 1970/01/11 11:16:09.062184 0.156388 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:09.218930 0.043895 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:09.263233 0.162418 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:09.426239 0.149049 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:09.575669 0.154500 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:09.730592 0.035486 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:09.766406 0.147355 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:09.914191 0.311987 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:10.226583 0.032682 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:10.259652 0.165598 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:10.425674 0.120857 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:10.546949 0.053737 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:10.601069 0.154542 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:10.756016 0.051198 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:10.807593 0.180451 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:10.988421 0.764693 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:11.753511 0.090477 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:11.844416 0.136667 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:11.981493 0.088808 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:12.070697 0.190075 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:12.261164 0.172280 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:12.433777 0.211140 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:12.645305 0.263445 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:12.909145 0.777422 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:16:13.686912 0.139711 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:19:29.085150 3.002190 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 11:19:36.092555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:19:44.094235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:20:00.097484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:20:32.103439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:26:36.109875 3.000805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 11:26:43.157176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:26:51.157968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:27:07.161327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:27:39.167504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:33:43.173214 3.002106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 11:33:50.180488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:33:58.182407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:34:14.185640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:34:46.191345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:38:37.074404 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 11:38:37.074639 1.925909 tcp 10.0.2.109 52178 -> 211.38.175.27 4598 FSPA* 0 0 15 1752 flow=From-Botnet-V1-TCP-Established 1970/01/11 11:40:50.217736 3.001586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 11:40:57.224679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:41:05.226019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:41:21.229029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:41:53.235238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:46:39.667438 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 11:46:39.667520 0.160411 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:39.828369 0.144661 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:39.973366 4.167686 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:44.141429 0.035779 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:44.177542 0.143349 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:44.321303 0.157039 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:44.478762 0.044230 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:44.523373 0.312768 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:44.836467 0.032553 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:44.869363 0.160946 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:45.030707 0.120222 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:45.151286 0.052240 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:45.203950 0.155467 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:45.359845 0.049626 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:45.409795 0.180205 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:45.590362 0.137481 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:45.728227 0.149988 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:45.878630 0.097369 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:45.976408 0.097571 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:46.074522 0.183610 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:46.258495 0.171170 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:46.430026 0.206841 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:46.637211 0.263674 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:46.901244 0.141471 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:46:47.043076 0.135913 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/11 11:47:57.240530 3.002732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 11:48:04.248921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:48:12.249976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:48:28.253475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:49:00.259527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:55:04.264671 3.002586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 11:55:11.273046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:55:19.274330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:55:35.277297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 11:56:07.283323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:02:11.288923 3.001992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 12:02:18.296844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:02:26.297915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:02:42.301260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:03:14.307085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:08:39.004972 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 12:08:39.005072 1.970311 tcp 10.0.2.109 52179 -> 211.38.175.27 4598 FSPA* 0 0 15 1644 flow=From-Botnet-V1-TCP-Established 1970/01/11 12:09:18.313890 3.000697 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 12:09:25.320530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:09:33.322005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:09:49.325463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:10:21.331166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:16:25.337489 3.001620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 12:16:32.344912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:16:40.346381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:16:53.585641 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 12:16:53.585738 0.161641 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:53.747810 0.143749 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:53.891962 0.138072 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:54.030509 0.035746 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:54.066651 0.139933 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:54.206971 0.155903 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:54.363204 0.045649 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:54.409211 0.313552 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:54.723191 0.032999 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:54.756585 0.161128 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:54.918276 0.120281 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:55.038892 0.055190 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:55.094436 0.156861 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:55.251653 0.049635 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:55.301663 0.182584 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:55.484640 0.139671 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:55.624720 0.151075 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:55.776166 0.085027 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:55.861582 0.173240 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:56.035177 0.203257 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:56.238778 0.268422 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:56.349426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:16:56.507619 0.468293 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:56.976333 0.096285 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:57.073038 0.185516 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:16:57.258912 0.139495 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:17:28.354946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:23:32.361662 3.001372 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 12:23:39.368291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:23:47.370555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:24:03.373284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:24:35.379038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:30:39.385663 3.000909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 12:30:46.392711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:30:54.393775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:31:10.397250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:31:42.403068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:37:46.419818 3.000862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 12:37:53.426615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:38:01.428283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:38:17.431148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:38:40.975900 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 12:38:40.976045 1.935598 tcp 10.0.2.109 52180 -> 211.38.175.27 4598 FSPA* 0 0 14 1697 flow=From-Botnet-V1-TCP-Established 1970/01/11 12:38:49.436830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:44:53.443085 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 12:45:00.450360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:45:08.451758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:45:24.464848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:45:56.470895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:47:11.158604 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 12:47:11.158724 0.467976 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:11.627110 0.162502 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:11.790021 0.148105 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:11.938542 0.036958 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:11.975921 0.146337 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:12.122619 0.156226 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:12.279213 0.043955 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:12.323541 0.313495 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:12.637439 0.033101 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:12.670922 0.157069 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:12.828467 0.122625 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:12.951482 0.054989 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:13.006873 0.154375 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:13.161612 0.049816 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:13.211818 0.175347 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:13.387546 0.137567 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:13.525514 0.462409 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:13.988403 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 12:47:31.379215 0.069158 tcp 10.0.2.109 52181 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 12:47:31.448671 0.071591 tcp 10.0.2.109 52182 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 12:47:31.520537 0.155777 tcp 10.0.2.109 52183 -> 195.113.214.237 443 SRPA* 0 0 33 24139 flow=From-Botnet-V1-TCP-Established 1970/01/11 12:47:31.676964 0.170063 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:31.847429 0.144450 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:31.992222 0.206881 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:32.199504 0.249580 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:32.449502 0.150782 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:32.600712 0.092170 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:47:32.693272 0.212111 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/11 12:52:00.476481 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 12:52:07.484426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:52:15.485852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:52:31.488878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:53:03.495115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:59:07.501188 3.001527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 12:59:14.508509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:59:22.509845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 12:59:38.513160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:00:10.519337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:06:14.525358 3.001544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 13:06:21.532672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:06:29.534015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:06:45.536763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:07:17.543102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:08:42.916588 0.000165 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 13:08:42.916873 1.995780 tcp 10.0.2.109 52184 -> 211.38.175.27 4598 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/01/11 13:13:21.549189 3.001564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 13:13:28.556247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:13:36.557834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:13:52.561061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:14:24.566868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:17:43.092831 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 13:17:43.092961 0.076670 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:43.169974 0.147069 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:43.317425 0.038903 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:43.356714 0.153907 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:43.511004 0.160101 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:43.671501 0.158025 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:43.829897 0.045851 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:43.876085 0.312271 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:44.188696 0.032830 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:44.221897 0.146499 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:44.368742 0.120775 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:44.489915 0.051165 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:44.541415 0.160831 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:44.702645 0.138945 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:44.841995 0.158336 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:45.000733 0.049950 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:45.051072 0.150150 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:45.201579 0.179181 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:45.381172 0.142894 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:45.524485 0.169808 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:45.694689 0.136508 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:45.831527 0.102380 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:45.934339 0.189733 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:46.124506 0.307675 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:17:46.432554 0.261866 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:20:28.573143 3.001234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 13:20:35.580389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:20:43.582149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:20:59.584699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:21:31.590986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:27:35.600329 2.997981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 13:27:42.604450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:27:50.605906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:28:06.608817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:28:38.614715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:34:42.621221 3.001204 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 13:34:49.628770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:34:57.630568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:35:13.632983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:35:45.638699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:38:44.917373 0.000190 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 13:38:44.917661 2.022567 tcp 10.0.2.109 52185 -> 211.38.175.27 4598 FSPA* 0 0 14 1736 flow=From-Botnet-V1-TCP-Established 1970/01/11 13:41:49.645539 3.000853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 13:41:56.652066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:42:04.653626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:42:20.656976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:42:52.663145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:48:08.366928 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 13:48:08.367099 0.037828 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:08.405309 0.756160 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:09.161872 0.163475 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:09.325733 0.156729 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:09.482860 0.044159 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:09.527417 0.087608 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:09.615381 0.146054 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:09.761876 0.313432 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:10.075719 0.032611 rtcp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:10.108722 0.153294 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:10.262494 0.120325 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:10.383214 0.049939 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:10.433545 0.168261 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:10.602367 0.139779 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:10.742543 0.770917 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:11.513844 0.051585 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:11.565883 0.154053 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:11.720283 0.176625 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:11.897312 0.144344 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:12.042000 0.174363 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:12.216757 0.138561 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:12.355725 0.100346 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:12.456465 0.278417 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:12.735391 0.189133 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:12.924927 0.204956 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/11 13:48:56.669443 3.001158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 13:49:03.676093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:49:11.677645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:49:27.680447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:49:59.686732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:56:03.693400 3.000672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 13:56:10.699908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:56:18.701721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:56:34.704617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 13:57:06.710360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:03:10.717144 3.000869 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 14:03:17.724303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:03:25.725698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:03:41.728832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:04:13.734427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:08:46.948494 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 14:08:46.948727 1.951339 tcp 10.0.2.109 52186 -> 211.38.175.27 4598 FSPA* 0 0 15 1563 flow=From-Botnet-V1-TCP-Established 1970/01/11 14:10:17.740648 3.001978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 14:10:24.748044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:10:32.749845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:10:48.752857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:11:20.758349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:17:24.765104 3.001211 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 14:17:31.772397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:17:39.773599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:17:55.776439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:18:27.782917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:18:31.518406 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 14:18:31.518506 0.039379 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:31.558332 0.155476 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:31.714216 0.045318 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:31.759950 0.085738 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:31.846123 0.146563 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:31.993112 0.152042 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:32.145602 0.162501 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:32.308541 0.310375 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:32.619306 0.032908 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:32.652559 0.144136 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:32.797092 0.119422 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:32.916889 0.051625 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:32.968917 0.158405 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:33.127672 0.136127 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:33.264191 0.152239 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:33.416815 0.176362 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:33.593580 0.146411 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:33.740386 0.707243 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:34.448032 0.049685 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:34.498092 0.172132 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:34.670630 0.135815 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:34.806846 0.093519 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:34.900785 0.271708 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:35.172900 0.188889 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:18:35.362215 0.213706 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:24:31.789048 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 14:24:38.795737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:24:46.797638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:25:02.800540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:25:34.806790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:31:38.812858 3.002082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 14:31:45.819644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:31:53.821592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:32:09.824795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:32:41.830703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:38:45.836951 3.021426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 14:38:48.908922 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 14:38:48.909106 1.983761 tcp 10.0.2.109 52187 -> 211.38.175.27 4598 FSPA* 0 0 15 1805 flow=From-Botnet-V1-TCP-Established 1970/01/11 14:38:52.863764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:39:00.865668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:39:16.868545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:39:48.874270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:45:52.880516 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 14:45:59.887752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:46:07.889205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:46:23.892154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:46:55.898872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:48:42.562283 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 14:48:42.562450 0.046010 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:42.608856 0.083291 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:42.692572 0.144737 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:42.837698 0.036091 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:42.874203 0.156827 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:43.031409 1.136601 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:44.168481 0.160286 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:44.329191 0.311619 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:44.641155 0.032905 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:44.674533 0.146072 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:44.820959 0.121660 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:44.948911 0.049313 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:44.998621 0.175223 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:45.174333 0.136350 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:45.311040 0.153303 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:45.464751 0.177028 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:45.642333 0.142459 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:45.785180 0.169321 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:45.954860 0.145734 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:46.101000 0.105919 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:46.207272 0.821068 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:47.028702 0.051110 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:47.080203 0.330674 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:47.411224 0.265454 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:48:47.677084 0.183598 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/11 14:52:59.903885 3.001930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 14:53:06.911553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:53:14.913303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:53:30.916080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 14:54:02.922504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:00:06.929213 3.000635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 15:00:13.936014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:00:21.937457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:00:37.940491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:01:09.946101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:07:13.952666 3.001152 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 15:07:20.960209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:07:28.960982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:07:44.964553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:08:16.970035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:08:50.899796 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 15:08:50.899894 1.905405 tcp 10.0.2.109 52188 -> 211.38.175.27 4598 FSPA* 0 0 15 1786 flow=From-Botnet-V1-TCP-Established 1970/01/11 15:14:20.976924 3.000771 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 15:14:27.983526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:14:35.985514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:14:51.988181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:15:23.994654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:19:00.776418 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 15:19:00.776518 0.147715 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:00.924602 0.036256 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:00.961251 0.157118 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:01.118735 0.045610 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:01.164711 0.079390 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:01.244540 4.196289 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:05.441248 0.162328 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:05.603984 0.310986 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:05.915365 0.032962 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:05.948724 0.145575 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:06.094651 0.120255 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:06.215281 0.046374 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:06.262030 0.160467 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:06.422839 0.135573 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:06.558815 0.157107 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:06.716276 0.181358 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:06.898030 0.142289 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:07.040712 0.170512 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:07.211589 0.697033 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:07.909013 0.136099 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:08.045514 0.100486 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:08.146409 0.268975 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:08.415811 0.183681 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:08.599828 0.049852 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:19:08.650065 0.202959 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:21:28.000408 3.001391 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 15:21:35.008124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:21:43.009451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:21:59.012654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:22:31.018043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:28:35.024635 3.001110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 15:28:42.031624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:28:50.033459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:29:06.036274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:29:38.041933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:35:42.047992 3.002028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 15:35:49.055636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:35:57.057303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:36:13.060371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:36:45.066030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:38:52.810846 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 15:38:52.811051 2.048525 tcp 10.0.2.109 52189 -> 211.38.175.27 4598 FSPA* 0 0 15 1738 flow=From-Botnet-V1-TCP-Established 1970/01/11 15:42:49.072385 3.001990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 15:42:56.079776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:43:04.081224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:43:20.084338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:43:52.089923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:49:25.940664 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 15:49:25.940764 0.145217 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:26.086352 0.035355 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:26.122073 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 15:49:43.317108 0.075218 tcp 10.0.2.109 52190 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 15:49:43.392594 0.066838 tcp 10.0.2.109 52191 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 15:49:43.459720 0.139010 tcp 10.0.2.109 52192 -> 195.113.214.237 443 SRPA* 0 0 33 24763 flow=From-Botnet-V1-TCP-Established 1970/01/11 15:49:43.599315 0.043677 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:43.643341 0.077615 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:43.721372 0.312306 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:44.034047 0.032793 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:44.067258 0.151761 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:44.219466 0.160851 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:44.380712 0.145157 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:44.526441 0.120511 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:44.647350 0.048181 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:44.695885 0.161412 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:44.857663 0.133856 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:44.991887 0.155499 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:45.147792 0.179249 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:45.327439 0.142292 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:45.470143 0.138302 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:45.608840 0.169973 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:45.779233 1.032216 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:46.811853 0.188761 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:47.001097 0.049933 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:47.051395 0.213003 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:47.264807 0.106986 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:47.372164 0.294889 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/11 15:49:56.096816 3.001365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 15:50:03.103984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:50:11.105219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:50:27.108303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:50:59.113960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:57:03.120644 3.001450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 15:57:10.127667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:57:18.128851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:57:34.132065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 15:58:06.137970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:04:10.144569 3.001059 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 16:04:17.151551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:04:25.152821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:04:41.156324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:05:13.161957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:08:54.861605 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 16:08:54.861686 2.015273 tcp 10.0.2.109 52193 -> 211.38.175.27 4598 FSPA* 0 0 15 1579 flow=From-Botnet-V1-TCP-Established 1970/01/11 16:11:17.168553 3.001087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 16:11:24.175846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:11:32.177032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:11:48.180352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:12:20.186360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:18:24.192798 3.001147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 16:18:31.199533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:18:39.201159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:18:55.204014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:19:27.210487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:19:53.448338 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 16:19:53.448530 0.157349 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:53.606319 0.147043 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:53.753775 0.035054 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:53.789263 0.312362 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:54.102040 0.044604 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:54.147062 0.093328 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:54.240731 0.033034 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:54.274106 1.914389 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:56.188886 0.162453 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:56.351750 0.143890 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:56.496055 0.120124 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:56.616576 0.051752 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:56.668770 0.170072 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:56.839301 0.136928 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:56.976641 0.141876 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:57.118956 0.137007 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:57.256361 0.170387 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:57.427150 0.155425 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:57.582906 0.180982 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:57.764333 0.155209 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:57.919929 0.182778 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:58.103053 0.103716 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:58.207170 0.279235 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:58.486823 0.049421 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:19:58.536632 0.204132 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:25:31.215629 3.002254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 16:25:38.223746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:25:46.225106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:26:02.228301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:26:34.233974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:32:38.240859 3.000730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 16:32:45.247675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:32:53.248943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:33:09.251842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:33:41.257898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:38:56.882780 0.000262 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 16:38:56.883160 1.948764 tcp 10.0.2.109 52194 -> 211.38.175.27 4598 FSPA* 0 0 15 1569 flow=From-Botnet-V1-TCP-Established 1970/01/11 16:39:45.263684 3.002012 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 16:39:52.271165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:40:00.273119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:40:16.276114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:40:48.282208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:46:52.288581 3.000833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 16:46:59.295266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:47:07.297004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:47:23.299753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:47:55.306023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:49:59.494589 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 16:49:59.494770 0.035283 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:49:59.530443 0.156847 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:49:59.687644 0.145180 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:49:59.833189 0.100112 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:49:59.933691 0.033005 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:49:59.967080 0.312544 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:00.280001 0.044031 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:00.324433 1.228668 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:01.553513 0.159139 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:01.713015 0.144355 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:01.857818 0.119747 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:01.978026 0.050066 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:02.028542 0.168492 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:02.197394 0.136469 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:02.334422 0.142421 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:02.477193 0.150068 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:02.627597 0.170013 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:02.798014 0.151163 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:02.949568 0.175806 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:03.125715 0.467504 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:03.593622 0.266168 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:03.860195 0.049805 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:03.910394 0.206445 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:04.117246 0.183499 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:50:04.301204 0.099996 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/11 16:53:59.311980 3.001747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 16:54:06.319233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:54:14.321000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:54:30.324209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 16:55:02.329952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:01:06.336517 3.000833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 17:01:13.343162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:01:21.344936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:01:37.347666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:02:09.354322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:08:13.359378 3.001751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 17:08:20.367463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:08:28.368607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:08:44.371692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:08:58.853500 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 17:08:58.853601 2.250689 tcp 10.0.2.109 52195 -> 211.38.175.27 4598 FSPA* 0 0 15 1569 flow=From-Botnet-V1-TCP-Established 1970/01/11 17:09:16.438183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:15:20.444817 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 17:15:27.451367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:15:35.452635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:15:51.455464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:16:23.462026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:20:30.667941 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 17:20:30.668131 0.146027 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:30.814510 0.085834 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:30.900755 0.033107 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:30.934305 0.034543 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:30.969285 0.158921 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:31.128607 0.313021 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:31.442036 0.043640 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:31.486015 0.145051 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:31.631449 0.120652 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:31.752480 0.049553 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:31.802425 0.142907 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:31.945712 0.160503 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:32.106557 0.220114 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:32.327007 0.131905 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:32.459328 0.143155 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:32.602857 0.145854 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:32.749138 0.170074 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:32.919650 0.152516 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:33.072519 0.257419 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:33.330419 0.050843 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:33.381706 0.180058 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:33.562183 0.158833 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:33.721413 0.092586 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:33.814359 0.202903 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:20:34.017624 0.188796 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:22:27.468590 3.000745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 17:22:34.475365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:22:42.476613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:22:58.479998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:23:30.485572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:29:34.491523 3.001914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 17:29:41.499585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:29:49.500945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:30:05.503677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:30:37.509987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:36:41.515802 3.041793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 17:36:48.562926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:36:56.564977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:37:12.567943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:37:44.574200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:39:01.113984 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 17:39:01.114063 1.914783 tcp 10.0.2.109 52196 -> 211.38.175.27 4598 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/01/11 17:43:48.580555 3.001210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 17:43:55.586887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:44:03.588766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:44:19.591772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:44:51.597935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:50:55.604241 3.001468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 17:50:58.445785 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 17:50:58.445979 0.032847 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:58.479260 0.034702 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:58.514473 0.147146 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:58.662018 0.086634 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:58.749051 0.167999 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:58.917403 0.311719 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:59.229554 0.044150 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:59.274244 0.145047 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:59.419715 0.121301 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:59.541427 0.050668 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:50:59.592518 0.997436 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:00.590350 0.162863 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:00.753614 0.160923 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:00.914912 0.136598 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:01.051892 0.143290 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:01.195558 0.137217 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:01.333173 0.171832 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:01.505490 0.050731 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:01.556569 0.178587 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:01.735530 0.295359 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:02.031283 0.099966 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:02.131627 0.210324 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:02.342350 0.151125 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:02.493859 0.270140 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:02.611665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:51:02.764365 0.184115 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/11 17:51:10.612449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:51:26.615358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:51:58.622022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:58:02.627110 3.002649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 17:58:09.635057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:58:17.636675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:58:33.639815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 17:59:05.645336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:05:09.652220 3.002066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 18:05:16.659690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:05:24.660771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:05:40.663811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:06:12.669435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:09:03.035069 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 18:09:03.035154 1.958145 tcp 10.0.2.109 52197 -> 211.38.175.27 4598 FSPA* 0 0 15 1751 flow=From-Botnet-V1-TCP-Established 1970/01/11 18:12:16.675465 3.001784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 18:12:23.683189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:12:31.714596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:12:47.717555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:13:19.723746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:19:23.730553 3.001183 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 18:19:30.737389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:19:38.738681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:19:54.741779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:20:26.747631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:21:31.501054 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 18:21:31.501164 0.145053 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:31.646563 0.086046 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:31.732943 0.170469 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:31.903897 0.032864 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:31.937103 0.035878 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:31.973303 0.311726 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:32.285405 0.043882 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:32.329696 0.147133 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:32.477232 0.123153 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:32.600763 0.049758 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:32.650921 0.222735 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:32.873994 0.159852 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:33.034282 0.157259 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:33.191914 0.138981 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:33.331238 0.143565 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:33.475150 0.148763 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:33.624300 0.170086 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:33.794718 0.049500 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:33.844645 0.178262 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:34.023270 0.982896 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:35.006560 0.152063 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:35.158960 0.276822 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:35.436195 0.189446 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:35.626007 0.104550 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:21:35.730941 0.207597 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:26:30.753107 3.002054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 18:26:37.760954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:26:45.762400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:27:01.765595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:27:33.771810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:33:37.777159 3.002138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 18:33:44.785042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:33:52.786191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:34:08.789552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:34:40.795402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:39:04.996238 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 18:39:04.996424 1.951230 tcp 10.0.2.109 52198 -> 211.38.175.27 4598 FSPA* 0 0 15 1765 flow=From-Botnet-V1-TCP-Established 1970/01/11 18:40:44.801282 3.002136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 18:40:51.808903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:40:59.810628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:41:15.813741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:41:47.819293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:47:51.825334 3.001869 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 18:47:58.833330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:48:06.834657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:48:22.837545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:48:54.843847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:51:36.656530 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 18:51:36.656612 0.162222 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:36.819227 0.032607 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:36.852175 0.040412 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:36.892940 0.143936 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:37.037227 0.077541 rtcp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:37.115127 0.313244 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:37.428762 0.043673 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:37.472839 0.143884 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:37.617130 0.130301 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:37.747856 0.047893 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:37.796148 1.399569 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:39.196061 0.162191 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:39.358602 0.160876 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:39.519879 0.137470 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:39.657724 0.143542 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:39.801669 0.137207 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:39.939215 0.169663 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:40.109317 0.048652 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:40.158529 0.178339 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:40.337277 0.599809 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:40.937455 0.189102 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:41.126978 0.092884 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:41.220267 0.203362 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:41.423995 0.154050 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:51:41.578462 0.268995 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/11 18:54:58.850040 3.000946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 18:55:05.857421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:55:13.858422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:55:29.861990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 18:56:01.867706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:02:05.873263 3.002476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 19:02:12.880749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:02:20.882085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:02:36.885311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:03:08.891300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:09:06.946686 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 19:09:06.946785 2.849251 tcp 10.0.2.109 52199 -> 211.38.175.27 4598 FSPA* 0 0 14 1574 flow=From-Botnet-V1-TCP-Established 1970/01/11 19:09:12.897845 3.000910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 19:09:19.905030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:09:27.906837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:09:43.909187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:10:15.915380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:16:19.921523 3.001168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 19:16:26.929166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:16:34.930418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:16:50.933338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:17:22.939714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:21:50.194112 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 19:21:50.194222 0.035182 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:50.229819 0.144113 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:50.374303 0.156736 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:50.531424 0.033138 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:50.564898 0.093430 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:50.658761 0.313285 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:50.972449 0.043636 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:51.016423 0.140958 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:51.157790 0.121011 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:51.279146 0.050103 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:51.329653 0.140542 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:51.470528 0.162133 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:51.633067 0.159038 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:51.792535 0.137457 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:51.930530 0.144542 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:52.075435 0.151284 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:52.227080 0.179420 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:52.406871 0.174414 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:52.581685 0.171226 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:52.753309 0.049939 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:52.803667 0.188808 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:52.992831 0.093598 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:53.086838 0.206254 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:53.293441 0.151599 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:21:53.445435 0.250626 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:23:26.945461 3.001540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 19:23:33.952991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:23:41.953926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:23:57.957634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:24:29.963217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:30:33.970100 3.000523 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 19:30:40.976621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:30:48.978049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:31:04.981283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:31:36.987344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:37:40.993322 3.001881 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 19:37:48.000545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:37:56.001975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:38:12.005202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:38:44.011594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:39:09.799305 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 19:39:09.799402 2.020212 tcp 10.0.2.109 52200 -> 211.38.175.27 4598 FSPA* 0 0 15 1791 flow=From-Botnet-V1-TCP-Established 1970/01/11 19:44:48.017943 3.011262 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 19:44:55.034543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:45:03.035937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:45:19.039416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:45:51.045274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:51:55.051472 3.001850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 19:51:57.862717 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 19:51:57.862804 0.155907 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.019103 0.033739 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.053179 0.076398 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.129925 0.313097 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.443444 0.044003 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.487835 0.034720 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.522959 0.146847 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.670175 0.146646 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.817149 0.120798 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.938425 0.048535 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:51:58.987303 2.822729 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:01.810415 0.160058 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:01.970865 0.162949 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:02.058597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:52:02.134234 0.137768 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:02.272385 0.143464 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:02.416232 0.136827 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:02.553413 0.178324 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:02.732161 0.149933 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:02.882487 0.172711 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:03.055535 0.050953 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:03.106889 0.188751 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:03.296033 0.154282 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:03.450701 0.278902 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:03.730017 0.094102 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:03.824539 0.203438 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 19:52:10.060008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:52:26.063509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:52:58.068865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:59:02.075946 3.001159 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 19:59:09.082372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:59:17.084075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 19:59:33.087228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:00:05.093006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:06:09.099863 3.001194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 20:06:16.106984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:06:24.107748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:06:40.111276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:07:12.116879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:09:11.820039 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 20:09:11.820229 2.087194 tcp 10.0.2.109 52201 -> 211.38.175.27 4598 FSPA* 0 0 13 1594 flow=From-Botnet-V1-TCP-Established 1970/01/11 20:13:16.123437 3.001453 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 20:13:23.130781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:13:31.131706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:13:47.135100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:14:19.141014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:20:23.147453 3.000952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 20:20:30.154182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:20:38.156128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:20:54.158686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:21:26.165388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:22:28.214443 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 20:22:28.214543 0.154387 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:28.369365 0.033034 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:28.402740 0.085733 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:28.488906 0.311545 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:28.800788 0.044159 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:28.845367 0.036057 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:28.881825 0.148918 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:29.031142 0.145274 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:29.176815 0.120977 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:29.298320 0.048782 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:29.347483 0.609828 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:29.957737 0.161062 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:30.119141 0.164320 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:30.283812 0.134535 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:30.418741 0.142843 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:30.561992 0.136878 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:30.699292 0.178128 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:30.877827 0.925344 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:31.803544 0.169563 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:31.973443 0.153052 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:32.126913 0.266373 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:32.393674 0.109322 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:32.503346 0.204018 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:32.707741 0.050429 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:22:32.758530 0.198443 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:27:30.171335 3.001034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 20:27:37.178567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:27:45.180110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:28:01.183135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:28:33.189201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:34:37.195044 3.001967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 20:34:44.202729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:34:52.203885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:35:08.207229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:35:40.212947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:39:13.910882 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 20:39:13.910979 2.040459 tcp 10.0.2.109 52202 -> 211.38.175.27 4598 FSPA* 0 0 15 1685 flow=From-Botnet-V1-TCP-Established 1970/01/11 20:41:44.219064 3.002094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 20:41:51.226546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:41:59.227897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:42:15.230837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:42:47.236832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:48:51.242669 3.002208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 20:48:58.250396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:49:06.251527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:49:22.255244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:49:54.260715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:52:37.105269 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 20:52:37.105414 0.157227 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:37.263048 0.033177 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:37.296606 0.085083 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:37.382048 0.312305 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:37.694708 0.045993 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:37.741100 0.035445 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:37.776924 0.147053 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:37.924320 0.051528 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:37.976232 0.137815 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:38.114502 0.147950 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:38.262858 0.121367 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:38.384645 0.161321 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:38.546366 0.171378 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:38.718255 0.139993 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:38.858652 0.145747 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:39.004802 0.138568 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:39.143725 0.176805 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:39.320931 0.261489 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:39.582820 0.173680 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:39.756861 0.097093 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:39.854331 0.218453 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:40.073207 0.049843 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:40.123409 0.199587 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:40.323393 0.152822 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:52:40.476607 0.266128 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/11 20:55:58.267387 3.001037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 20:56:05.274692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:56:13.275474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:56:29.278772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 20:57:01.284721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:03:05.291181 3.001015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 21:03:12.298420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:03:20.299622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:03:36.302981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:04:08.308902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:09:15.951530 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 21:09:15.951814 2.219036 tcp 10.0.2.109 52203 -> 211.38.175.27 4598 FSPA* 0 0 15 1691 flow=From-Botnet-V1-TCP-Established 1970/01/11 21:10:12.315073 3.001685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 21:10:19.322463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:10:27.323556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:10:43.327021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:11:15.332492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:17:19.829506 3.001692 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 21:17:26.837015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:17:34.838088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:17:50.841790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:18:22.847738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:22:43.753359 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 21:22:43.753457 0.084540 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:43.838444 0.311849 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:44.150660 0.046489 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:44.197522 0.036200 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:44.234131 0.146859 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:44.381384 0.050919 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:44.432694 0.156398 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:44.589497 0.032892 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:44.622744 2.477875 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:47.101025 0.142401 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:47.243772 0.119232 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:47.363428 0.160028 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:47.523869 0.159348 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:47.683621 0.138584 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:47.822593 0.142014 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:47.964989 0.511203 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:48.476623 0.170932 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:48.647989 0.101695 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:48.750239 0.143738 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:48.894447 0.175720 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:49.070586 0.206305 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:49.277304 0.050714 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:49.328424 0.184354 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:49.513175 0.152287 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:22:49.665862 0.264703 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:24:26.853368 3.001888 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 21:24:33.861020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:24:41.862409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:24:57.865259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:25:29.872173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:31:33.877436 3.001364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 21:31:40.885096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:31:48.886816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:32:04.889458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:32:36.895732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:38:40.901152 3.002104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 21:38:47.908943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:38:55.910411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:39:11.913449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:39:18.403797 0.000174 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 21:39:18.404088 2.006849 tcp 10.0.2.109 52204 -> 211.38.175.27 4598 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/01/11 21:39:43.919307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:45:47.926560 3.000733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 21:45:54.943206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:46:02.944109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:46:18.947171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:46:50.953656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:52:54.959486 3.001762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 21:53:00.645717 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 21:53:00.645815 0.084983 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:00.731204 0.035705 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:00.767284 0.148577 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:00.916262 0.052822 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:00.969439 0.156788 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:01.126636 0.032834 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:01.159892 0.314527 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:01.474816 0.044442 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:01.519667 0.307822 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:01.827895 0.145963 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:01.966757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:53:01.974379 0.120432 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:02.095198 0.161075 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:02.256658 0.177279 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:02.434331 0.135453 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:02.570224 0.172521 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:02.743120 0.089543 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:02.833045 0.136314 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:02.969767 0.143759 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:03.113921 0.149766 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:03.263999 0.177111 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:03.441446 0.206043 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:03.647873 0.050766 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:03.699016 0.188739 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:03.888149 0.154138 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:04.042698 0.277431 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/11 21:53:09.968603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:53:25.971545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 21:53:57.977328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:00:01.983055 3.001968 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 22:00:08.990970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:00:16.992002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:00:32.995011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:01:05.001145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:07:09.006861 3.001809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 22:07:16.014510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:07:24.015964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:07:40.019588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:08:12.025283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:09:20.414276 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 22:09:20.414381 2.312288 tcp 10.0.2.109 52205 -> 211.38.175.27 4598 FSPA* 0 0 14 1573 flow=From-Botnet-V1-TCP-Established 1970/01/11 22:14:16.032243 3.000509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 22:14:23.038911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:14:31.040170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:14:47.042831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:15:19.049405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:21:23.055538 3.000977 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 22:21:30.062546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:21:38.064510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:21:54.067076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:22:26.073171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:23:14.463243 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 22:23:14.463332 0.091556 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:14.555234 0.034451 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:14.590044 0.145802 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:14.736224 0.051043 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:14.787705 0.156756 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:14.944884 0.034767 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:14.980046 0.313413 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:15.293869 0.045243 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:15.339484 0.143044 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:15.482861 0.145904 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:15.629208 0.120076 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:15.749624 0.162309 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:15.912274 0.174843 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:16.087526 0.137680 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:16.225679 0.183890 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:16.409928 0.097995 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:16.508277 0.148169 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:16.656843 0.145895 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:16.803132 0.737454 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:17.541010 0.178100 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:17.719552 0.207393 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:17.927295 0.050457 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:17.978206 0.189188 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:18.167764 0.152938 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:23:18.321121 0.261334 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:28:30.079212 3.002111 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 22:28:37.087207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:28:45.088657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:29:01.091050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:29:33.097397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:35:37.102958 3.002083 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 22:35:44.110418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:35:52.112268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:36:08.114742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:36:40.121410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:39:22.735775 0.018906 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 22:39:22.754840 2.135482 tcp 10.0.2.109 52206 -> 211.38.175.27 4598 FSPA* 0 0 14 1637 flow=From-Botnet-V1-TCP-Established 1970/01/11 22:42:44.127006 3.001820 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 22:42:51.134643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:42:59.136263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:43:15.139199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:43:47.145375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:49:51.150891 3.002061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 22:49:58.158867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:50:06.159721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:50:22.163050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:50:54.168872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:53:37.053837 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 22:53:37.053938 0.147636 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:37.201978 0.055262 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:37.257653 0.094268 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:37.352270 0.034811 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:37.387440 0.155065 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:37.542870 0.033462 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:37.576870 0.312078 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:37.889344 0.044353 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:37.934480 0.139874 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:38.074759 0.147111 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:38.222273 0.120381 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:38.343052 0.161914 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:38.505410 0.163741 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:38.669478 0.142748 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:38.812617 0.172140 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:38.985087 0.109413 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:39.094878 0.138053 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:39.233335 0.141299 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:39.375021 1.004418 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:40.379795 0.177916 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:40.558197 0.189206 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:40.747787 0.152522 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:40.900644 0.270053 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:41.171095 0.207364 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:53:41.378959 0.050052 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/11 22:56:58.175891 3.000720 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 22:57:05.182107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:57:13.183927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:57:29.187041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 22:58:01.193093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:04:05.199539 3.001054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 23:04:12.206085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:04:20.207725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:04:36.210922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:05:08.216823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:09:24.896873 0.000173 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 23:09:24.897145 2.015815 tcp 10.0.2.109 52207 -> 211.38.175.27 4598 FSPA* 0 0 15 1779 flow=From-Botnet-V1-TCP-Established 1970/01/11 23:11:12.223879 3.000521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 23:11:19.230729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:11:27.241904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:11:43.245144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:12:15.251116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:18:19.257792 3.000986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 23:18:26.264150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:18:34.265899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:18:50.268853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:19:22.274898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:23:49.459520 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 23:23:49.459616 0.086153 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:49.546193 0.035921 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:49.582510 0.155038 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:49.737958 0.033095 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:49.771442 0.330378 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:50.102278 0.146870 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:50.249592 0.054063 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:50.304002 0.044554 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:50.348959 0.339236 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:50.688641 0.148493 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:50.837597 0.120861 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:50.958888 0.163262 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:51.122556 0.176271 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:51.299248 0.135388 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:51.435022 0.143566 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:51.579008 0.144135 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:51.723542 0.174248 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:51.898123 0.121141 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:52.019606 0.529086 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:52.549095 0.177927 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:52.727413 0.189710 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:52.917462 0.152330 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:53.070301 0.050926 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:53.121574 0.273490 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:23:53.395472 0.207576 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:25:26.281236 3.001426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 23:25:33.288066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:25:41.289726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:25:57.293009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:26:29.298862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:32:33.304920 3.001717 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 23:32:40.311955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:32:48.353834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:33:04.387122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:33:36.393213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:39:26.987375 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 23:39:26.987517 2.100436 tcp 10.0.2.109 52208 -> 211.38.175.27 4598 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/01/11 23:39:40.400111 3.020352 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 23:39:47.426147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:39:55.427825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:40:11.431179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:40:43.436782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:46:47.442802 3.001600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 23:46:54.450382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:47:02.451531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:47:18.454528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:47:50.461119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:53:54.467419 3.001173 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/11 23:54:01.474032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:54:06.722072 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/11 23:54:06.722173 0.156754 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:06.879293 0.032916 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:06.912531 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/11 23:54:09.476113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:54:23.788206 0.073813 tcp 10.0.2.109 52209 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/11 23:54:23.862454 0.069086 tcp 10.0.2.109 52210 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/11 23:54:23.931981 0.150911 tcp 10.0.2.109 52211 -> 195.113.214.237 443 SRPA* 0 0 35 27129 flow=From-Botnet-V1-TCP-Established 1970/01/11 23:54:24.083440 0.035539 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:24.119322 0.340792 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:24.460513 0.150047 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:24.610977 0.050908 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:24.662293 0.044344 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:24.706968 0.141716 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:24.849102 0.145931 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:24.995423 0.119849 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:25.115613 0.163566 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:25.279590 0.161302 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:25.441283 0.138931 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:25.479104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/11 23:54:25.580612 0.142676 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:25.723699 0.143649 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:25.867729 0.174894 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:26.043001 0.176935 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:26.220325 0.098926 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:26.319670 0.150128 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:26.470265 0.048974 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:26.519652 0.248402 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:26.768478 0.226653 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:26.995536 0.184743 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:27.180610 0.155890 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/11 23:54:57.484900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:01:01.491346 3.000833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 00:01:08.498121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:01:16.500050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:01:32.502900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:02:04.508517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:08:08.514944 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 00:08:15.521934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:08:23.523458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:08:39.526969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:09:11.532448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:09:29.088556 0.000193 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:09:29.088867 2.347404 tcp 10.0.2.109 52212 -> 211.38.175.27 4598 FSPA* 0 0 14 1698 flow=From-Botnet-V1-TCP-Established 1970/01/12 00:15:15.589132 3.001165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 00:15:22.596078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:15:30.597908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:15:46.601021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:16:18.606541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:22:22.613369 3.001250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 00:22:29.620119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:22:37.621509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:22:53.625138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:23:25.630951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:24:39.637847 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:24:39.638086 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:24:56.944101 0.066692 tcp 10.0.2.109 52213 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 00:24:57.011076 0.073627 tcp 10.0.2.109 52214 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 00:24:57.084984 0.165339 tcp 10.0.2.109 52215 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 00:24:57.250919 0.155872 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:57.407135 4.356781 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 4 1222 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:57.440576 4.451651 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 4 1027 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:57.476000 4.779600 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 4 1127 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:57.832564 4.572186 udp 10.0.2.109 3683 <-> 70.51.157.146 8685 CON 0 0 4 1080 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:57.977799 4.624475 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1163 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:58.029964 4.617942 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 4 1108 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:58.074930 4.715041 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 4 1265 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:58.217500 4.721449 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 4 1220 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:58.367350 4.693260 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 4 1230 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:58.488251 4.732811 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 4 1257 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:58.651394 4.733740 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 4 1105 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:58.832394 4.692351 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 4 1262 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:58.970732 0.144748 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:59.115907 4.552742 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 4 1084 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:59.260320 4.580367 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 4 1066 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:59.432554 4.585371 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 4 1013 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:59.611517 4.514465 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 4 1278 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:24:59.718372 4.551735 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 3 556 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:00.724985 4.148898 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1355 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:00.774232 4.362117 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 4 1353 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:01.002555 4.683121 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 4 1393 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:01.156281 4.189362 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 4 1108 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:01.363953 4.166292 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 4 1174 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:02.405330 0.156047 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 784 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:04.126608 0.142900 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:04.824149 0.000000 udp 10.0.2.109 3683 <- 24.208.145.212 9983 RSP 0 0 1 538 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:25:05.686477 0.500151 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:06.299974 0.042063 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:06.374499 0.000000 udp 10.0.2.109 3683 -> 123.176.13.131 6448 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:25:12.284103 0.145343 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 765 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:25:12.439422 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:25:21.267049 0.000000 udp 10.0.2.109 3683 -> 117.203.182.208 1380 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:25:26.925192 0.000000 udp 10.0.2.109 3683 -> 69.247.168.80 5188 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:25:32.002876 0.000000 udp 10.0.2.109 3683 -> 80.169.202.242 9327 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:25:39.783897 0.089770 udp 10.0.2.109 3683 -> 89.210.26.147 7331 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:25:39.873667 0.000000 icmp 89.210.26.147 0x0303 -> 10.0.2.109 0xa31c URP 192 1 164 flow=Background 1970/01/12 00:25:44.640613 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:25:45.011292 0.000000 udp 10.0.2.109 3683 -> 108.184.193.223 4491 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:25:53.042583 0.000000 udp 10.0.2.109 3683 -> 186.6.223.55 2209 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:26:00.724118 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:26:09.706957 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:26:16.676948 0.000000 udp 10.0.2.109 3683 -> 79.34.49.154 1501 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:26:22.795799 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:26:28.083472 0.205736 udp 10.0.2.109 3683 -> 124.253.29.219 4028 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:26:28.289208 0.000000 icmp 124.253.29.219 0x0303 -> 10.0.2.109 0xbc0f URP 192 1 292 flow=Background 1970/01/12 00:26:32.639710 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:26:36.005196 0.000000 udp 10.0.2.109 3683 -> 122.160.135.249 4956 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:26:43.946185 0.000000 udp 10.0.2.109 3683 -> 59.90.134.122 3895 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:26:52.658933 0.067176 udp 10.0.2.109 3683 <-> 79.132.5.126 2921 CON 0 0 2 714 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:26:52.738788 0.308515 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 802 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:26:53.069993 0.000000 rtcp 10.0.2.109 3683 -> 95.137.180.2 8728 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:27:00.189161 0.000000 udp 10.0.2.109 3683 -> 117.218.169.232 8793 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:27:06.528542 0.000000 udp 10.0.2.109 3683 -> 182.72.246.121 3623 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:27:14.740050 0.078672 udp 10.0.2.109 3683 <-> 91.6.38.195 5333 CON 0 0 2 725 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:27:14.833081 0.070416 udp 10.0.2.109 3683 -> 87.187.220.114 9783 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:27:14.903497 0.000000 icmp 87.187.220.114 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 213 flow=Background 1970/01/12 00:27:19.637122 0.000177 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:27:23.613400 0.049950 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 743 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:27:23.673328 0.258940 udp 10.0.2.109 3683 <-> 14.97.92.41 2039 CON 0 0 2 690 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:27:23.941388 0.000000 udp 10.0.2.109 3683 -> 106.240.84.83 9978 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:27:32.305443 0.000000 udp 10.0.2.109 3683 -> 61.16.243.234 3528 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:27:39.235945 0.000000 udp 10.0.2.109 3683 -> 109.109.37.169 8411 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:27:47.567254 0.000000 udp 10.0.2.109 3683 -> 87.69.158.189 9285 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:27:54.557853 0.000000 udp 10.0.2.109 3683 -> 91.39.75.54 9714 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:28:01.197263 0.000000 udp 10.0.2.109 3683 -> 87.24.2.194 4081 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:28:06.134260 0.000175 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:28:09.068176 0.000000 udp 10.0.2.109 3683 -> 78.152.125.2 8385 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:28:15.648037 0.000000 udp 10.0.2.109 3683 -> 95.90.117.118 9335 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:28:21.085380 0.000000 udp 10.0.2.109 3683 -> 41.72.201.86 7723 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:28:26.893778 0.000000 udp 10.0.2.109 3683 -> 82.254.61.110 8715 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:28:33.463870 0.000000 udp 10.0.2.109 3683 -> 14.201.112.146 1852 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:28:41.805683 0.000000 udp 10.0.2.109 3683 -> 94.123.187.203 5664 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:28:48.034571 0.182279 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 679 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:28:48.292193 0.072198 udp 10.0.2.109 3683 -> 94.85.203.138 5231 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:28:48.364391 0.000000 icmp 94.80.80.28 0x0303 -> 10.0.2.109 0x6f14 URP 192 1 188 flow=Background 1970/01/12 00:28:52.640855 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:28:54.573752 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9986 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:29:00.993238 0.000000 udp 10.0.2.109 3683 -> 182.52.61.149 4405 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:29:08.103516 0.000000 udp 10.0.2.109 3683 -> 95.227.166.142 9293 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:29:15.133097 0.000000 udp 10.0.2.109 3683 -> 79.34.158.142 1500 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:29:23.615768 0.000000 udp 10.0.2.109 3683 -> 124.253.53.147 6029 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:29:29.637401 3.000808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 00:29:30.666026 0.224757 udp 10.0.2.109 3683 <-> 68.98.114.217 5063 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:29:31.171284 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:29:36.344020 2.951822 udp 10.0.2.109 3683 <-> 115.253.35.246 4477 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:29:36.644072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:29:39.350732 0.319981 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 771 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:29:39.688040 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:29:41.140951 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:29:44.645790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:29:45.166624 0.000000 udp 10.0.2.109 3683 -> 173.217.224.134 5177 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:29:50.945199 0.000000 udp 10.0.2.109 3683 -> 82.107.80.169 7820 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:29:59.627613 0.366723 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 764 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:30:00.136932 0.000000 udp 10.0.2.109 3683 -> 213.160.152.100 7856 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:30:00.649086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:30:05.195329 0.386189 udp 10.0.2.109 3683 <-> 78.38.17.100 2243 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:30:05.751205 0.000000 udp 10.0.2.109 3683 -> 208.90.195.170 7614 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:30:14.468638 0.223514 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 784 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:30:14.759966 0.000000 udp 10.0.2.109 3683 -> 82.53.184.140 3504 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:30:20.207312 0.406421 udp 10.0.2.109 3683 <-> 117.220.3.86 4109 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:30:20.684112 0.000000 udp 10.0.2.109 3683 -> 88.58.153.178 8974 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:30:25.634277 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:30:29.110038 0.000000 udp 10.0.2.109 3683 -> 98.245.241.39 6516 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:30:32.654454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:30:35.208461 0.000000 udp 10.0.2.109 3683 -> 182.71.91.46 9810 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:30:40.937168 0.000000 udp 10.0.2.109 3683 -> 195.91.157.11 1954 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:30:49.939970 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:30:55.757943 0.000000 udp 10.0.2.109 3683 -> 14.96.160.69 3969 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:03.649600 0.194085 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 807 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:31:04.134716 0.000000 udp 10.0.2.109 3683 -> 88.215.35.41 3824 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:09.487669 0.054794 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:31:09.689440 0.000000 udp 10.0.2.109 3683 -> 95.227.140.10 8859 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:14.134037 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:31:17.409328 0.165554 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 741 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:31:17.720808 0.000000 udp 10.0.2.109 3683 -> 79.23.147.195 1133 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:26.211869 0.642244 udp 10.0.2.109 3683 <-> 1.169.254.203 2346 CON 0 0 2 836 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:31:27.125249 0.000000 udp 10.0.2.109 3683 -> 219.160.122.169 6729 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:32.500810 0.000000 udp 10.0.2.109 3683 -> 79.126.183.212 3588 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:37.517926 0.000000 udp 10.0.2.109 3683 -> 59.95.7.58 1042 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:43.015939 0.000000 udp 10.0.2.109 3683 -> 182.72.48.106 5303 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:48.033332 0.000000 udp 10.0.2.109 3683 -> 23.24.76.117 3168 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:54.182321 0.000000 udp 10.0.2.109 3683 -> 95.251.25.111 3890 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:31:59.139336 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:32:02.364048 0.000000 udp 10.0.2.109 3683 -> 114.143.182.67 6776 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:32:09.574266 0.000000 udp 10.0.2.109 3683 -> 213.246.144.211 8654 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:32:17.114915 0.000000 udp 10.0.2.109 3683 -> 82.127.119.139 8607 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:32:22.973383 0.000000 udp 10.0.2.109 3683 -> 115.119.84.154 3301 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:32:28.341367 0.000000 udp 10.0.2.109 3683 -> 122.165.229.223 8589 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:32:37.063746 0.000000 udp 10.0.2.109 3683 -> 114.175.12.164 5731 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:32:43.222789 0.183524 udp 10.0.2.109 3683 -> 122.169.161.127 4949 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:32:43.406313 0.000000 icmp 122.169.161.127 0x0303 -> 10.0.2.109 0x5513 URP 192 1 170 flow=Background 1970/01/12 00:32:48.139592 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:32:51.815185 0.000000 udp 10.0.2.109 3683 -> 14.97.17.162 7145 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:32:58.124342 0.000000 udp 10.0.2.109 3683 -> 50.142.232.216 4935 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:33:05.364561 0.000000 udp 10.0.2.109 3683 -> 64.39.153.176 1052 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:33:12.785172 0.138923 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 790 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:33:12.932515 0.074134 udp 10.0.2.109 3683 <-> 62.158.84.185 4036 CON 0 0 2 782 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:33:13.041684 0.000000 udp 10.0.2.109 3683 -> 98.175.165.173 8272 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:33:18.353299 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:33:24.401772 0.000000 udp 10.0.2.109 3683 -> 62.98.160.90 7793 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:33:32.684075 0.000000 udp 10.0.2.109 3683 -> 91.84.58.111 3826 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:33:37.640692 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:33:41.647044 0.000000 udp 10.0.2.109 3683 -> 123.237.164.180 5802 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:33:47.745061 0.000000 udp 10.0.2.109 3683 -> 78.182.169.241 6877 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:33:55.556939 0.000000 udp 10.0.2.109 3683 -> 82.15.193.127 2579 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:34:01.385142 0.000000 udp 10.0.2.109 3683 -> 14.99.231.147 6003 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:34:08.535453 0.260291 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 755 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:34:08.843994 0.394842 udp 10.0.2.109 3683 <-> 218.107.47.153 3137 CON 0 0 2 826 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:34:09.253680 0.204269 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 840 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:34:09.479492 0.000000 udp 10.0.2.109 3683 -> 66.117.98.8 7629 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:34:15.425610 0.000000 udp 10.0.2.109 3683 -> 202.62.72.186 1119 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:34:22.064599 0.000000 udp 10.0.2.109 3683 -> 64.118.118.19 1578 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:34:26.640837 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:34:29.886395 0.000000 udp 10.0.2.109 3683 -> 188.9.44.5 7479 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:34:37.787592 0.000000 udp 10.0.2.109 3683 -> 173.220.58.250 2489 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:34:44.246653 0.000000 udp 10.0.2.109 3683 -> 81.134.4.178 4027 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:34:51.777516 0.000000 udp 10.0.2.109 3683 -> 85.189.141.67 2894 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:34:58.236830 0.345034 udp 10.0.2.109 3683 <-> 101.63.196.178 6360 CON 0 0 2 796 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:34:58.738970 0.253351 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 832 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:34:59.003227 0.000000 udp 10.0.2.109 3683 -> 208.104.146.97 4149 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:35:07.440285 0.000000 udp 10.0.2.109 3683 -> 41.130.195.2 7732 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:35:12.136765 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:35:15.571707 0.000000 udp 10.0.2.109 3683 -> 182.59.110.110 3516 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:35:22.891998 0.000000 udp 10.0.2.109 3683 -> 46.115.104.178 5384 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:35:28.540168 1.219536 udp 10.0.2.109 3683 <-> 115.242.214.29 4699 CON 0 0 2 860 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:35:29.813296 0.047406 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 715 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:35:29.874581 0.000000 udp 10.0.2.109 3683 -> 171.7.119.16 4411 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:35:36.491505 0.000000 udp 10.0.2.109 3683 -> 95.227.147.49 3412 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:35:44.673769 0.000000 udp 10.0.2.109 3683 -> 217.29.8.102 7027 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:35:51.974054 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 2600 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:35:56.640807 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:35:59.084027 0.000000 udp 10.0.2.109 3683 -> 81.109.147.18 3206 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:36:06.114758 0.000000 udp 10.0.2.109 3683 -> 116.246.37.19 5760 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:36:14.977442 0.000000 udp 10.0.2.109 3683 -> 83.110.192.191 4415 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:36:21.536633 0.000000 udp 10.0.2.109 3683 -> 116.14.190.82 8085 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 00:36:29.488310 0.124033 udp 10.0.2.109 3683 <-> 88.250.43.108 3728 CON 0 0 2 789 flow=From-Botnet-V1-UDP-Established 1970/01/12 00:36:36.661265 3.001045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 00:36:43.667874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:36:51.669972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:37:07.673001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:37:39.678673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:39:31.439944 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 00:39:31.440038 2.310996 tcp 10.0.2.109 52216 -> 211.38.175.27 4598 FSPA* 0 0 15 1730 flow=From-Botnet-V1-TCP-Established 1970/01/12 00:43:43.685385 3.001581 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 00:43:50.692081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:43:58.693696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:44:14.696638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:44:46.702743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:50:50.708380 3.001691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 00:50:57.715969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:51:05.717764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:51:21.720814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:51:53.726822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:57:57.733491 3.001203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 00:58:04.739802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:58:12.741240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:58:28.744530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 00:59:00.750855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:05:04.757414 3.000921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 01:05:11.764010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:05:19.765752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:05:35.768520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:06:07.774707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:06:35.064348 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 01:06:35.064449 0.035161 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:35.100009 0.054488 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:35.154948 0.046112 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:35.201399 0.354780 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:35.556605 0.137055 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:35.694242 0.156486 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:35.851134 0.173060 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:36.024545 0.119278 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:36.144219 0.145713 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:36.290270 0.161295 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:36.451957 0.160502 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:36.612847 0.133831 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:36.747173 0.188514 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:36.936109 0.050532 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:36.987119 0.095976 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:37.083523 0.143991 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:37.227854 0.264953 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:37.493251 0.153307 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:37.647041 0.207946 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:37.855333 0.185293 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:38.041041 0.279155 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:38.320588 0.045662 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:38.366657 0.137623 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:38.504677 0.063669 udp 10.0.2.109 3683 <-> 79.132.5.126 2921 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:38.568717 0.354078 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:38.923217 0.064345 udp 10.0.2.109 3683 <-> 91.6.38.195 5333 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:38.987976 0.040764 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:39.029134 0.240598 udp 10.0.2.109 3683 <-> 14.97.92.41 2039 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:39.270045 0.183504 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:39.453964 0.292144 udp 10.0.2.109 3683 <-> 68.98.114.217 5063 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:39.746539 0.239267 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:39.986212 0.000000 udp 10.0.2.109 3683 -> 115.253.35.246 4477 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 01:06:57.047018 0.080671 tcp 10.0.2.109 52217 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:06:57.127965 0.071982 tcp 10.0.2.109 52218 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:06:57.200229 0.159578 tcp 10.0.2.109 52219 -> 195.113.214.237 443 SRPA* 0 0 32 24687 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:06:57.360271 0.334155 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:57.694845 0.344548 udp 10.0.2.109 3683 <-> 78.38.17.100 2243 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:58.039737 0.216022 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:06:58.256127 0.000000 udp 10.0.2.109 3683 -> 117.220.3.86 4109 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 01:07:14.410812 0.074273 tcp 10.0.2.109 52220 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:07:14.485373 0.074767 tcp 10.0.2.109 52221 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:07:14.560431 0.167937 tcp 10.0.2.109 52222 -> 195.113.214.237 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:07:14.728035 0.191948 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:14.920431 0.055807 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:14.976593 0.180414 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:15.157409 0.384097 udp 10.0.2.109 3683 <-> 1.169.254.203 2346 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:15.541905 0.072668 udp 10.0.2.109 3683 <-> 62.158.84.185 4036 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:15.615001 0.132606 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:15.748043 0.201063 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:15.949503 0.200042 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:16.149967 0.402012 udp 10.0.2.109 3683 <-> 218.107.47.153 3137 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:16.552383 0.166523 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:16.719298 0.280866 udp 10.0.2.109 3683 <-> 101.63.196.178 6360 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:17.000481 0.041742 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:17.042556 1.207141 udp 10.0.2.109 3683 <-> 115.242.214.29 4699 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:07:18.250110 0.122548 udp 10.0.2.109 3683 <-> 88.250.43.108 3728 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:09:33.751655 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 01:09:33.751758 1.932852 tcp 10.0.2.109 52223 -> 211.38.175.27 4598 FSPA* 0 0 14 1707 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:12:11.781062 3.000960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 01:12:18.787736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:12:26.789781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:12:42.792678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:13:14.798358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:19:18.804816 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 01:19:25.812242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:19:33.813827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:19:49.816386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:20:21.822362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:26:25.828784 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 01:26:32.835602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:26:40.837661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:26:56.840525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:27:28.846694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:33:32.852961 3.001164 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 01:33:39.859767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:33:47.861780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:34:03.864400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:34:35.870299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:37:30.812393 0.000155 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 01:37:30.812663 0.000000 udp 10.0.2.109 3683 -> 115.253.35.246 4477 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 01:37:49.681003 0.171606 tcp 10.0.2.109 52224 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:37:49.852885 0.071664 tcp 10.0.2.109 52225 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:37:49.924881 0.166540 tcp 10.0.2.109 52226 -> 195.113.214.237 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:37:50.091928 0.000000 udp 10.0.2.109 3683 -> 117.220.3.86 4109 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 01:38:07.184769 0.074691 tcp 10.0.2.109 52227 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:38:07.259766 0.076541 tcp 10.0.2.109 52228 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:38:07.336595 0.181388 tcp 10.0.2.109 52229 -> 195.113.214.237 443 SRPA* 0 0 20 10922 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:38:07.518806 0.312779 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:07.831936 0.138309 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:07.970660 0.154013 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:08.125078 0.171577 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:08.297048 0.044114 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:08.341553 0.054018 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:08.396016 0.038027 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:08.434457 0.161533 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:08.596408 0.172675 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:08.769510 0.137306 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:08.907253 0.149177 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:09.056851 0.049516 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:09.106723 0.142181 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:09.249409 0.122045 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:09.371791 0.202952 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:09.575076 0.106709 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:09.682214 0.137036 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:09.819643 0.268798 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:10.088868 0.151873 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:10.241151 0.140327 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:10.381882 0.000000 udp 10.0.2.109 3683 -> 79.132.5.126 2921 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 01:38:27.373858 0.073810 tcp 10.0.2.109 52230 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:38:27.447981 0.072006 tcp 10.0.2.109 52231 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:38:27.520268 0.170699 tcp 10.0.2.109 52232 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:38:27.691446 0.299982 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:27.991838 0.068868 udp 10.0.2.109 3683 <-> 91.6.38.195 5333 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:28.061042 0.046315 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:28.107692 0.284023 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:28.392131 0.184528 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:28.577077 0.046339 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:28.623829 0.177995 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:28.802257 0.230600 udp 10.0.2.109 3683 <-> 14.97.92.41 2039 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:29.033225 0.000000 udp 10.0.2.109 3683 -> 68.98.114.217 5063 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 01:38:46.651496 0.072797 tcp 10.0.2.109 52233 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:38:46.724203 0.075688 tcp 10.0.2.109 52234 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:38:46.800170 0.172017 tcp 10.0.2.109 52235 -> 195.113.214.237 443 SRPA* 0 0 48 40274 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:38:46.972920 0.233068 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:47.206409 0.337996 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:47.544799 0.309771 udp 10.0.2.109 3683 <-> 78.38.17.100 2243 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:47.854978 0.206819 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:48.062148 0.187970 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:48.250493 0.055756 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:38:48.306641 0.000000 udp 10.0.2.109 3683 -> 70.113.215.93 3192 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 01:39:07.056131 0.078896 tcp 10.0.2.109 52236 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:39:07.135332 0.076412 tcp 10.0.2.109 52237 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:39:07.212020 0.174265 tcp 10.0.2.109 52238 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:39:07.386857 0.386825 udp 10.0.2.109 3683 <-> 1.169.254.203 2346 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:07.774090 0.067097 udp 10.0.2.109 3683 <-> 62.158.84.185 4036 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:07.841578 0.132165 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:07.974260 0.227468 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:08.202530 0.165219 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:08.368078 0.486937 udp 10.0.2.109 3683 <-> 101.63.196.178 6360 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:08.855458 0.202324 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:09.058247 0.373946 udp 10.0.2.109 3683 <-> 218.107.47.153 3137 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:09.432581 0.046697 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:09.479642 0.000000 udp 10.0.2.109 3683 -> 115.242.214.29 4699 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 01:39:27.470381 0.074548 tcp 10.0.2.109 52239 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:39:27.545170 0.073514 tcp 10.0.2.109 52240 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:39:27.619046 0.168880 tcp 10.0.2.109 52241 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:39:27.788529 0.118420 udp 10.0.2.109 3683 <-> 88.250.43.108 3728 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/12 01:39:35.692418 1.982881 tcp 10.0.2.109 52242 -> 211.38.175.27 4598 FSPA* 0 0 15 1760 flow=From-Botnet-V1-TCP-Established 1970/01/12 01:40:39.876351 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 01:40:46.883897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:40:54.885617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:41:10.888452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:41:42.894685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:47:46.900898 3.001117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 01:47:53.907779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:48:01.909505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:48:17.912121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:48:49.919592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:54:53.924154 3.001646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 01:55:00.932135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:55:08.933465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:55:24.936108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 01:55:56.942027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:02:00.949052 3.000870 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 02:02:07.956018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:02:15.957436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:02:31.960114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:03:03.965978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:09:07.973360 3.090404 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 02:09:15.069711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:09:23.071631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:09:37.723387 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 02:09:37.723477 1.985070 tcp 10.0.2.109 52243 -> 211.38.175.27 4598 FSPA* 0 0 15 1600 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:09:39.074144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:09:42.159316 0.061938 udp 10.0.2.109 3683 <-> 79.132.5.126 2921 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:09:42.221772 0.000000 udp 10.0.2.109 3683 -> 68.98.114.217 5063 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:09:59.515514 0.080656 tcp 10.0.2.109 52244 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:09:59.596426 0.074856 tcp 10.0.2.109 52245 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:09:59.671131 0.179913 tcp 10.0.2.109 52246 -> 195.113.214.237 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:09:59.851635 0.000000 udp 10.0.2.109 3683 -> 70.113.215.93 3192 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:10:11.130657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:10:14.896077 0.075407 tcp 10.0.2.109 52247 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:10:14.971765 0.084694 tcp 10.0.2.109 52248 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:10:15.056294 0.167486 tcp 10.0.2.109 52249 -> 195.113.214.237 443 SRPA* 0 0 24 13826 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:10:15.224364 0.000000 udp 10.0.2.109 3683 -> 115.242.214.29 4699 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:10:32.171455 0.074818 tcp 10.0.2.109 52250 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:10:32.246536 0.075509 tcp 10.0.2.109 52251 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:10:32.321899 0.168345 tcp 10.0.2.109 52252 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:10:32.490835 0.314671 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:32.805868 0.139822 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:32.946221 0.052114 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:32.998764 0.162261 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:33.161457 0.180315 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:33.342327 0.138173 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:33.480904 0.169191 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:33.650513 0.156031 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:33.806940 0.056612 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:33.863953 0.044223 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:33.908506 0.144457 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:34.053311 0.144017 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:34.197664 0.049711 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:34.247710 0.094804 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:34.342918 0.449349 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:34.792674 0.121320 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:34.914588 0.203989 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:35.118976 0.140900 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:35.260293 0.154234 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:35.414949 0.277407 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:35.692686 0.364702 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:36.057811 0.293348 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:36.351629 0.183304 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:36.535295 0.041551 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:36.577167 0.073145 udp 10.0.2.109 3683 <-> 91.6.38.195 5333 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:36.650723 0.040657 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:36.691708 0.185103 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:36.877188 0.234532 udp 10.0.2.109 3683 <-> 14.97.92.41 2039 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:37.112127 0.228446 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:37.340901 0.360378 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:37.701668 0.406415 udp 10.0.2.109 3683 <-> 78.38.17.100 2243 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:38.108480 0.195633 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:38.304524 0.051571 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:38.356477 0.191244 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:38.548124 0.067141 udp 10.0.2.109 3683 <-> 62.158.84.185 4036 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:38.615656 0.368135 udp 10.0.2.109 3683 <-> 1.169.254.203 2346 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:38.984191 0.132143 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:39.116739 0.000000 udp 10.0.2.109 3683 -> 101.63.196.178 6360 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:10:57.878435 0.072641 tcp 10.0.2.109 52253 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:10:57.950887 0.073142 tcp 10.0.2.109 52254 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:10:58.024333 0.178189 tcp 10.0.2.109 52255 -> 195.113.214.237 443 SRPA* 0 0 21 11772 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:10:58.203004 0.205117 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:58.408535 0.164888 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:10:58.573833 0.000000 udp 10.0.2.109 3683 -> 218.107.47.153 3137 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:11:17.446558 0.074515 tcp 10.0.2.109 52256 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:11:17.521365 0.074460 tcp 10.0.2.109 52257 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:11:17.596145 0.180903 tcp 10.0.2.109 52258 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:11:17.777506 0.200717 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:11:17.978635 0.041381 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:11:18.020420 0.000000 udp 10.0.2.109 3683 -> 88.250.43.108 3728 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:11:34.931339 0.075355 tcp 10.0.2.109 52259 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:11:35.006950 0.071006 tcp 10.0.2.109 52260 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:11:35.078286 0.174866 tcp 10.0.2.109 52261 -> 195.113.214.237 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:16:15.136536 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 02:16:22.144087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:16:30.145160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:16:46.148636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:17:18.154394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:23:22.160944 3.001104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 02:23:29.167700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:23:37.169303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:23:53.172052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:24:25.178651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:30:29.185328 3.000785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 02:30:36.192159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:30:44.193371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:31:00.196315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:31:32.202472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:37:36.208227 3.001657 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 02:37:43.215680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:37:51.217365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:38:07.220226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:38:39.226063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:39:39.714008 0.000312 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 02:39:39.714448 1.937510 tcp 10.0.2.109 52262 -> 211.38.175.27 4598 FSPA* 0 0 12 1414 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:41:54.637711 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 02:41:54.637952 0.000000 udp 10.0.2.109 3683 -> 101.63.196.178 6360 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:42:09.920793 0.091362 tcp 10.0.2.109 52263 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:42:10.012441 0.070619 tcp 10.0.2.109 52264 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:42:10.083357 0.171547 tcp 10.0.2.109 52265 -> 195.113.214.237 443 SRPA* 0 0 21 12436 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:42:10.255377 0.000000 udp 10.0.2.109 3683 -> 218.107.47.153 3137 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:42:28.586645 0.067430 tcp 10.0.2.109 52266 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:42:28.654380 0.066523 tcp 10.0.2.109 52267 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:42:28.721186 0.182390 tcp 10.0.2.109 52268 -> 195.113.214.237 443 SRPA* 0 0 23 13340 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:42:28.904156 0.000000 udp 10.0.2.109 3683 -> 88.250.43.108 3728 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:42:47.664396 0.074022 tcp 10.0.2.109 52269 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:42:47.738735 0.074668 tcp 10.0.2.109 52270 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:42:47.813918 0.177656 tcp 10.0.2.109 52271 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:42:47.992093 0.061410 udp 10.0.2.109 3683 <-> 79.132.5.126 2921 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:48.053931 0.373775 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:48.428108 0.042520 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:48.471099 0.143637 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:48.615091 0.155807 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:48.771321 0.136319 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:48.908070 0.043854 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:48.952289 0.143694 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:49.096375 0.170375 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:49.267080 0.053023 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:49.320530 0.174776 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:49.495705 0.160393 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:49.656456 0.119148 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:49.776000 0.101071 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:49.877479 0.144070 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:50.022018 0.049793 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:50.072144 0.150244 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:50.222806 0.274477 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:50.497637 0.358523 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:50.856526 0.153210 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:51.010131 0.138502 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:51.149048 0.207855 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:51.357267 0.041518 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:51.399127 0.184891 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:51.584445 0.182487 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:42:51.767296 0.000000 udp 10.0.2.109 3683 -> 91.6.38.195 5333 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 02:43:10.216289 0.074993 tcp 10.0.2.109 52272 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:43:10.291565 0.071139 tcp 10.0.2.109 52273 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:43:10.362953 0.189811 tcp 10.0.2.109 52274 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 02:43:10.553370 0.042007 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:10.595811 0.271140 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:10.867382 0.247032 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:11.114805 0.350704 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:11.465896 0.236068 udp 10.0.2.109 3683 <-> 14.97.92.41 2039 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:11.702359 0.073997 udp 10.0.2.109 3683 <-> 62.158.84.185 4036 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:11.776731 0.389494 udp 10.0.2.109 3683 <-> 1.169.254.203 2346 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:12.166601 0.051878 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:12.218864 0.208513 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:12.427750 0.408685 udp 10.0.2.109 3683 <-> 78.38.17.100 2243 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:12.836792 0.193489 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:13.030677 0.133907 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:13.164923 0.180057 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:13.345377 0.221249 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:13.566970 0.201020 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:43:13.768410 0.044624 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/12 02:44:43.231770 3.001904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 02:44:50.239760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:44:58.241341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:45:14.244227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:45:46.249996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:51:50.256206 3.001745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 02:51:57.263823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:52:05.265469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:52:21.268094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:52:53.273978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:58:57.280904 3.000960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 02:59:04.287658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:59:12.289002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 02:59:28.292263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:00:00.298263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:06:04.305589 3.000428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 03:06:11.311514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:06:19.313179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:06:35.315842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:07:07.322563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:09:41.654827 0.000184 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 03:09:41.655141 2.388432 tcp 10.0.2.109 52275 -> 211.38.175.27 4598 FSPA* 0 0 15 1724 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:13:11.329501 3.000478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 03:13:18.335837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:13:19.237123 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 03:13:19.237222 0.000000 udp 10.0.2.109 3683 -> 91.6.38.195 5333 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 03:13:26.337150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:13:36.263342 0.076581 tcp 10.0.2.109 52276 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:13:36.340168 0.083682 tcp 10.0.2.109 52277 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:13:36.423706 0.173989 tcp 10.0.2.109 52278 -> 195.113.214.237 443 SRPA* 0 0 23 13146 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:13:36.598200 0.064243 udp 10.0.2.109 3683 <-> 79.132.5.126 2921 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:36.662834 0.440454 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:37.103699 0.156595 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:37.260658 0.136792 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:37.397842 0.043493 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:37.441776 0.312483 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:37.754623 0.034961 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:37.789895 0.051323 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:37.841607 0.171149 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:38.013194 0.162153 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:38.175748 0.121373 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:38.297538 0.160181 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:38.458129 0.146371 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:38.604941 0.143540 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:38.749083 0.050878 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:38.800305 0.157093 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:38.957813 0.359351 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:39.317556 0.152757 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:39.470750 0.149718 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:39.620849 0.263033 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:39.884294 0.041029 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:39.925728 0.189434 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:40.115521 0.185643 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:40.301587 0.206797 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:40.508810 0.141481 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:40.650717 0.047573 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:40.698690 0.355910 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:41.055003 0.242414 udp 10.0.2.109 3683 <-> 14.97.92.41 2039 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:41.297829 0.065245 udp 10.0.2.109 3683 <-> 62.158.84.185 4036 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:41.363451 0.247153 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:41.611005 0.347247 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:41.958656 0.390282 udp 10.0.2.109 3683 <-> 1.169.254.203 2346 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:42.339821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:13:42.349322 0.053659 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:42.403415 0.207041 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:42.610869 0.390033 udp 10.0.2.109 3683 <-> 78.38.17.100 2243 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:43.001240 0.191644 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:43.193290 0.223283 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:13:43.416935 0.000000 udp 10.0.2.109 3683 -> 108.196.44.119 3295 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 03:14:01.829007 0.076494 tcp 10.0.2.109 52279 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:14:01.905804 0.074723 tcp 10.0.2.109 52280 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:14:01.980810 0.176907 tcp 10.0.2.109 52281 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:14:02.158196 0.046676 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:14:02.205464 0.134167 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:14:02.339987 0.166698 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:14:14.346372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:20:18.352425 3.001324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 03:20:25.359951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:20:33.361267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:20:49.364040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:21:21.370021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:27:25.376337 3.001597 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 03:27:32.383685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:27:40.385404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:27:56.388289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:28:28.393902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:34:32.399711 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 03:34:39.407727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:34:47.409286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:35:03.412059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:35:35.418305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:39:44.046483 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 03:39:44.046648 2.138408 tcp 10.0.2.109 52282 -> 211.38.175.27 4598 FSPA* 0 0 15 1751 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:41:39.424530 3.001238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 03:41:46.431564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:41:54.432970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:42:10.435963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:42:42.441870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:44:31.826331 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 03:44:31.826503 0.197014 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:44:32.023932 0.000000 udp 10.0.2.109 3683 -> 79.132.5.126 2921 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 03:44:48.875487 0.075087 tcp 10.0.2.109 52283 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:44:48.950747 0.076582 tcp 10.0.2.109 52284 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:44:49.027689 0.168339 tcp 10.0.2.109 52285 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:44:49.196611 0.155417 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:44:49.352399 0.136954 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:44:49.489684 0.045037 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:44:49.535122 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 9964 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 03:45:07.791447 0.072383 tcp 10.0.2.109 52286 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:45:07.864122 0.074133 tcp 10.0.2.109 52287 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:45:07.938603 0.168850 tcp 10.0.2.109 52288 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:45:08.107944 0.037142 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:08.145458 0.050848 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:08.196699 0.173079 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:08.370343 0.177258 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:08.547991 0.160764 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:08.709178 0.145534 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:08.855149 0.137951 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:08.993511 0.049166 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:09.043005 0.121651 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:09.164999 0.164187 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:09.329518 0.123810 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:09.453682 0.150239 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:09.604345 0.259787 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:09.864511 0.046134 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:09.911037 0.154432 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:10.065877 0.300346 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:10.366662 0.204501 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:10.571523 0.143298 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:10.715224 0.041280 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:10.756838 0.352887 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:11.110154 0.184650 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:11.295165 0.186442 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:11.481976 0.433648 udp 10.0.2.109 3683 <-> 14.97.92.41 2039 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:11.915986 0.364862 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:12.281242 0.261844 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:12.543466 0.072501 udp 10.0.2.109 3683 <-> 62.158.84.185 4036 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:12.616299 0.000000 udp 10.0.2.109 3683 -> 78.38.17.100 2243 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 03:45:28.291230 0.074785 tcp 10.0.2.109 52289 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:45:28.366304 0.071954 tcp 10.0.2.109 52290 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:45:28.438542 0.169855 tcp 10.0.2.109 52291 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 03:45:28.609002 0.053318 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:28.662689 0.393882 udp 10.0.2.109 3683 <-> 1.169.254.203 2346 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:29.056975 0.208660 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:29.266044 0.189256 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:29.455686 0.275463 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:29.731548 0.165596 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:29.897571 0.046467 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:45:29.944470 0.131151 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/12 03:48:46.447816 3.001993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 03:48:53.455837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:49:01.457208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:49:17.459931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:49:49.465825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:55:53.471714 3.001890 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 03:56:00.479672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:56:08.480577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:56:24.483580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 03:56:56.489978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:03:00.496298 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 04:03:07.503367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:03:15.504548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:03:31.507896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:04:03.513755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:09:46.187143 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 04:09:46.187223 2.252461 tcp 10.0.2.109 52292 -> 211.38.175.27 4598 FSPA* 0 0 15 1566 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:10:07.529923 3.001756 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 04:10:14.537619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:10:22.539190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:10:38.541946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:11:10.547729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:15:53.154917 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 04:15:53.155006 0.000000 udp 10.0.2.109 3683 -> 79.132.5.126 2921 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 04:16:11.462802 0.076534 tcp 10.0.2.109 52293 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:16:11.539645 0.075633 tcp 10.0.2.109 52294 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:16:11.615604 0.217500 tcp 10.0.2.109 52295 -> 195.113.214.237 443 SRPA* 0 0 26 13972 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:16:11.833638 0.381002 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:12.215053 0.000000 udp 10.0.2.109 3683 -> 78.38.17.100 2243 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 04:16:28.645575 0.074820 tcp 10.0.2.109 52296 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:16:28.720743 0.077471 tcp 10.0.2.109 52297 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:16:28.798572 0.176212 tcp 10.0.2.109 52298 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:16:28.975381 0.197641 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:29.173383 0.155743 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:29.329475 0.046247 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:29.376059 0.137292 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:29.513777 0.173909 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:29.688077 0.150805 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:29.839285 0.162941 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:30.002566 0.054773 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:30.057730 0.034977 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:30.093073 0.143298 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:30.236769 0.051027 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:30.288199 0.142496 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:30.431086 0.120061 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:30.551577 0.193940 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:30.745916 0.259363 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:31.005728 0.046387 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:31.052546 0.151018 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:31.203962 0.157720 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:31.362196 0.095420 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:31.458010 0.141261 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:31.599802 0.046341 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:31.646473 0.299172 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:31.946010 0.231199 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:32.177647 0.235206 udp 10.0.2.109 3683 <-> 14.97.92.41 2039 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:32.413195 0.180155 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:32.593741 0.186335 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:32.780494 0.281575 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:33.062464 0.070613 udp 10.0.2.109 3683 <-> 62.158.84.185 4036 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:33.133434 0.255515 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:33.389301 0.356462 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:33.746174 0.050787 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:33.797337 0.000000 udp 10.0.2.109 3683 -> 1.169.254.203 2346 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 04:16:52.330109 0.073730 tcp 10.0.2.109 52299 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:16:52.404099 0.067594 tcp 10.0.2.109 52300 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:16:52.471928 0.182188 tcp 10.0.2.109 52301 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:16:52.654730 0.220602 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:52.875708 0.165180 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:53.041235 0.041190 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:53.082825 0.132023 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:53.215235 0.197324 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:16:53.412933 0.187925 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:17:14.555148 3.000765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 04:17:21.561042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:17:29.562853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:17:45.566092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:18:17.571794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:24:21.577414 3.002098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 04:24:28.585607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:24:36.587109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:24:52.589544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:25:24.596180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:31:28.602691 3.001103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 04:31:35.609335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:31:43.610900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:31:59.614103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:32:31.619583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:38:35.626089 3.001673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 04:38:42.633385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:38:50.634972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:39:06.637393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:39:38.643496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:39:48.438792 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 04:39:48.438888 1.064068 tcp 10.0.2.109 52302 -> 211.38.175.27 4598 SPA_* 0 0 9 1131 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:39:54.607091 0.001744 tcp 10.0.2.109 52302 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:45:42.650055 3.001282 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 04:45:49.656847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:45:57.658818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:46:13.661727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:46:45.667793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:47:17.274020 0.000221 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 04:47:17.274334 0.000000 udp 10.0.2.109 3683 -> 1.169.254.203 2346 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 04:47:33.899643 0.076813 tcp 10.0.2.109 52303 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:47:33.976725 0.075299 tcp 10.0.2.109 52304 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:47:34.052347 0.175197 tcp 10.0.2.109 52305 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:47:34.228188 0.383947 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:34.612509 0.158059 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:34.771014 0.044488 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:34.815911 0.138837 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:34.955141 0.173438 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:35.128979 0.443084 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:35.572437 0.160619 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:35.733418 0.060015 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:35.793874 0.039555 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:35.833749 0.198147 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:36.032322 0.136914 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:36.169696 0.119944 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:36.290141 0.348063 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:36.638617 0.283781 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:36.922733 0.046331 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:36.969430 0.143519 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:37.113309 0.048790 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:37.162459 0.098232 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:37.261042 0.140134 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:37.401554 0.041626 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:37.443557 0.378699 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:37.822704 0.169801 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:37.992963 0.151722 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:38.145080 0.180966 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:38.326514 0.184028 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:38.510971 0.382473 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:38.893777 0.205031 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:39.099155 0.225151 udp 10.0.2.109 3683 <-> 14.97.92.41 2039 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:39.324784 0.367740 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:39.692903 0.053867 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:39.747132 0.000000 udp 10.0.2.109 3683 -> 62.158.84.185 4036 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 04:47:56.940484 1.503931 tcp 10.0.2.109 52306 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:47:58.444727 0.076744 tcp 10.0.2.109 52307 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:47:58.521759 0.169893 tcp 10.0.2.109 52308 -> 195.113.214.237 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 04:47:58.692246 0.277950 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:58.970556 0.040725 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:59.011676 0.210251 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:59.222341 0.229155 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:59.451844 0.189289 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:59.641549 0.132114 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:47:59.774105 0.205858 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/12 04:52:49.673611 3.001592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 04:52:56.681143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:53:04.682713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:53:20.685695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:53:52.691495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 04:59:56.698577 3.000705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 05:00:03.705274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:00:11.707042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:00:27.709362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:00:59.715595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:07:03.721935 3.001442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 05:07:10.728988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:07:18.730577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:07:34.733488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:08:06.739576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:09:54.615370 0.000192 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 05:09:54.615665 0.932651 tcp 10.0.2.109 52309 -> 211.38.175.27 4598 SPA_* 0 0 9 1135 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:10:00.003818 0.187907 tcp 10.0.2.109 52309 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:14:10.745455 3.002132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 05:14:17.753051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:14:25.754410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:14:41.757862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:15:13.763733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:18:20.352535 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 05:18:20.352722 0.000000 udp 10.0.2.109 3683 -> 62.158.84.185 4036 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 05:18:35.695900 0.073649 tcp 10.0.2.109 52310 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:18:35.769886 0.073821 tcp 10.0.2.109 52311 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:18:35.843994 0.178839 tcp 10.0.2.109 52312 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:18:36.023449 0.045772 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:36.069666 0.137429 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:36.207420 0.383787 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:36.591558 0.156673 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:36.748655 0.162436 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:36.911406 0.055786 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:36.967607 0.036591 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:37.004626 0.200091 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:37.205115 0.174533 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:37.380040 0.811107 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:38.191532 0.396056 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:38.587948 0.227397 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:38.815737 0.040211 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:38.856311 0.119790 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:38.976515 0.143234 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:39.120126 0.115747 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:39.236253 0.140758 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:39.377413 0.041890 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:39.419811 0.321316 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:39.741493 0.162708 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:39.904623 0.048903 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:39.953908 0.139677 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:40.093974 0.184839 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:40.279229 0.493649 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:40.773271 0.151052 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:40.924730 0.178370 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:41.103491 0.373365 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:41.477265 0.053006 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:41.530672 0.207291 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:18:41.738362 0.000000 udp 10.0.2.109 3683 -> 14.97.92.41 2039 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 05:19:00.380110 0.070412 tcp 10.0.2.109 52313 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:19:00.450840 0.076593 tcp 10.0.2.109 52314 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:19:00.527733 0.175812 tcp 10.0.2.109 52315 -> 195.113.214.237 443 SRPA* 0 0 33 19366 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:19:00.704163 0.041358 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:19:00.745864 0.229708 udp 10.0.2.109 3683 <-> 14.98.139.106 9410 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:19:00.975917 0.189807 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:19:01.166185 0.134429 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:19:01.300946 0.210214 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:19:01.511541 0.224877 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:19:01.736809 0.167661 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:21:17.770397 3.001219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 05:21:24.777114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:21:32.778674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:21:48.781786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:22:20.787684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:28:24.794311 3.000567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 05:28:31.801360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:28:39.802704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:28:55.805281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:29:27.811861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:35:31.817840 3.001259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 05:35:38.824854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:35:46.826273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:36:02.829199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:36:34.835178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:40:00.190926 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 05:40:00.191097 1.109904 tcp 10.0.2.109 52316 -> 211.38.175.27 4598 SPA_* 0 0 9 1077 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:40:05.740679 0.055769 tcp 10.0.2.109 52316 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:42:38.842077 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 05:42:45.849293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:42:53.850272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:43:09.853382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:43:41.859560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:49:06.927317 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 05:49:06.927419 0.000000 udp 10.0.2.109 3683 -> 14.97.92.41 2039 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 05:49:22.140690 0.070698 tcp 10.0.2.109 52317 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:49:22.211712 0.076951 tcp 10.0.2.109 52318 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:49:22.288993 0.178080 tcp 10.0.2.109 52319 -> 195.113.214.237 443 SRPA* 0 0 21 13038 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:49:22.467701 0.045380 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:22.513486 0.383243 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:22.897130 0.154921 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:23.052453 0.160400 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:23.213316 0.052585 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:23.266338 0.042863 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:23.309539 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 05:49:39.204139 0.070357 tcp 10.0.2.109 52320 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:49:39.274768 0.073702 tcp 10.0.2.109 52321 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:49:39.348786 0.170055 tcp 10.0.2.109 52322 -> 195.113.214.237 443 SRPA* 0 0 23 13378 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:49:39.519635 0.174553 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:39.694588 0.201584 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:39.896533 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 05:49:45.306622 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 05:49:45.307034 0.055841 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:45.363265 0.120882 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:45.484541 0.263785 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:45.748718 0.149738 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:45.864805 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 05:49:45.898832 0.110046 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:46.009224 0.161498 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:46.171070 0.047510 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:46.218953 0.379525 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:46.598880 0.163462 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:46.762732 0.067123 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:46.830394 0.161566 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:46.992295 0.143560 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:47.136276 0.183623 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:47.320301 0.312895 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:47.633588 0.152946 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:47.786938 0.302618 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:48.089945 0.337028 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:48.427367 0.186533 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:48.614236 0.053219 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:48.667838 0.046725 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:49:48.714912 0.000000 udp 10.0.2.109 3683 -> 14.98.139.106 9410 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 05:49:52.872967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:50:00.874098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:50:04.970439 0.073926 tcp 10.0.2.109 52323 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:50:05.044708 0.078096 tcp 10.0.2.109 52324 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:50:05.123177 0.182711 tcp 10.0.2.109 52325 -> 195.113.214.237 443 SRPA* 0 0 23 14004 flow=From-Botnet-V1-TCP-Established 1970/01/12 05:50:05.306382 0.216726 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:50:05.523500 0.236591 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:50:05.760465 0.166506 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:50:05.927349 0.187680 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:50:06.115430 0.132251 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/12 05:50:16.877230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:50:48.883294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:56:52.889736 3.001428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 05:56:59.896489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:57:07.898013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:57:23.901219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 05:57:55.907396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:03:59.914193 3.001000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 06:04:06.920545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:04:14.922518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:04:30.925410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:05:02.931337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:10:05.797259 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 06:10:05.797474 1.187190 tcp 10.0.2.109 52326 -> 211.38.175.27 4598 SPA_* 0 0 9 1140 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:10:17.990724 0.114032 tcp 10.0.2.109 52326 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:11:06.937724 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 06:11:13.944563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:11:21.946277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:11:37.949521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:12:09.955613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:18:13.961179 3.001724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 06:18:20.968879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:18:28.970317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:18:44.973638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:19:16.979205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:20:09.765801 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 06:20:09.765898 0.137895 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:09.904174 0.000000 udp 10.0.2.109 3683 -> 14.98.139.106 9410 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 06:20:26.861449 0.069667 tcp 10.0.2.109 52327 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:20:26.931340 0.070297 tcp 10.0.2.109 52328 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:20:27.001872 0.170674 tcp 10.0.2.109 52329 -> 195.113.214.237 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:20:27.200755 0.156673 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:27.357853 0.312009 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:27.670308 0.044974 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:27.715642 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 06:20:45.397048 0.069184 tcp 10.0.2.109 52330 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:20:45.466543 0.070283 tcp 10.0.2.109 52331 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:20:45.537142 0.171536 tcp 10.0.2.109 52332 -> 195.113.214.237 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:20:45.709264 0.034299 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:45.743946 0.056243 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:45.800540 0.199335 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:46.000218 0.171819 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:46.172451 2.830824 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:49.003727 0.287174 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:49.291330 0.150821 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:49.442572 0.103689 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:49.546658 0.121286 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:49.668297 0.047302 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:49.715994 0.317660 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:50.033987 0.160761 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:50.195160 0.050879 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:50.246506 0.141376 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:50.388233 0.048098 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:50.436732 0.140066 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:50.577203 0.317592 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:50.895140 0.151713 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:51.047165 0.207666 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:51.255214 0.137341 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:51.392983 0.189704 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:51.583084 0.053910 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:51.637385 0.041411 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:51.679172 0.360860 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:52.040459 0.181085 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:52.221919 0.167133 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:52.389488 0.208651 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:52.598562 0.209115 udp 10.0.2.109 3683 <-> 14.97.68.224 7779 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:52.807986 0.187777 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:20:52.996185 0.132469 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:25:20.985493 3.001288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 06:25:27.992740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:25:35.994283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:25:51.997175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:26:24.003165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:32:28.009657 3.011523 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 06:32:35.026811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:32:43.028283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:32:59.031388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:33:31.037479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:39:35.043753 3.001045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 06:39:42.050700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:39:50.051805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:40:06.055213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:40:18.112940 0.000196 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 06:40:18.113250 2.157602 tcp 10.0.2.109 52333 -> 211.38.175.27 4598 FSPA* 0 0 14 1513 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:40:38.061477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:46:42.066846 3.002770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 06:46:49.075582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:46:57.076130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:47:13.078788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:47:45.085312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:51:06.525047 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 06:51:06.525150 0.160788 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:06.686329 0.136295 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:06.823084 0.313569 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:07.136994 0.156202 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:07.293600 0.043510 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:07.337405 0.197853 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:07.535706 0.034675 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:07.570717 0.050525 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:07.621601 0.169369 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:07.791304 0.143915 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:07.935621 0.100982 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:08.037069 0.120983 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:08.158469 0.046445 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:08.205308 0.000000 udp 10.0.2.109 3683 -> 218.145.118.6 6830 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 06:51:26.985812 0.071181 tcp 10.0.2.109 52334 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:51:27.057266 0.073713 tcp 10.0.2.109 52335 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:51:27.131259 0.172096 tcp 10.0.2.109 52336 -> 195.113.214.237 443 SRPA* 0 0 24 14778 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:51:27.303880 0.287485 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:27.591784 0.150798 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:27.742986 0.180196 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:27.923582 0.049568 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:27.973471 0.142156 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:28.115962 0.047446 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:28.163808 0.139945 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:28.304142 0.569185 udp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:28.873763 0.153487 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:29.027653 0.188955 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:29.216979 0.052357 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:29.269706 0.041430 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:29.311494 0.362656 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:29.674584 0.207484 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:29.882457 0.136980 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:30.019863 0.177322 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:30.197607 0.164607 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:30.362630 0.215581 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:30.578565 0.000000 udp 10.0.2.109 3683 -> 14.97.68.224 7779 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 06:51:46.702945 0.073200 tcp 10.0.2.109 52337 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:51:46.776445 0.076103 tcp 10.0.2.109 52338 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:51:46.852856 0.172234 tcp 10.0.2.109 52339 -> 195.113.214.237 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/12 06:51:47.025839 0.193588 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:51:47.219898 0.133194 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/12 06:53:49.091850 3.001141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 06:53:56.098679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:54:04.099805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:54:20.102748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 06:54:52.109372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:00:56.114716 3.002335 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 07:01:03.123135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:01:11.123872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:01:27.126868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:01:59.133345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:08:03.139591 3.000994 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 07:08:10.146417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:08:18.148330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:08:34.151276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:09:06.156764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:10:20.274603 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 07:10:20.274760 0.889310 tcp 10.0.2.109 52340 -> 211.38.175.27 4598 SPA_* 0 0 9 1214 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:10:25.558440 0.002550 tcp 10.0.2.109 52340 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:15:10.163612 3.001171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 07:15:17.170124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:15:25.172065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:15:41.174792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:16:13.181300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:21:54.341848 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 07:21:54.342010 0.000000 udp 10.0.2.109 3683 -> 218.145.118.6 6830 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:22:12.249127 0.073795 tcp 10.0.2.109 52341 -> 195.113.214.237 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:22:12.323274 0.072095 tcp 10.0.2.109 52342 -> 195.113.214.237 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:22:12.395690 0.179676 tcp 10.0.2.109 52343 -> 195.113.214.237 443 SRPA* 0 0 48 41734 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:22:12.575921 0.000000 udp 10.0.2.109 3683 -> 14.97.68.224 7779 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:22:17.188068 3.000899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 07:22:24.194326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:22:30.253889 3.003469 tcp 10.0.2.109 52344 -> 195.113.214.237 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 07:22:32.196164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:22:39.256392 0.000000 tcp 10.0.2.109 52344 -> 195.113.214.237 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 07:22:48.198940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:22:50.348806 3.999259 udp 10.0.2.109 62691 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:22:51.343505 3.004669 udp 10.0.2.109 62691 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:22:57.201918 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 07:22:58.353633 0.000000 udp 10.0.2.109 62691 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:22:58.353752 0.000000 udp 10.0.2.109 62691 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:23:02.376527 1.494932 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:23:04.637077 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:23:20.204821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:23:23.079872 3.003527 tcp 10.0.2.109 52345 -> 195.113.214.245 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 07:23:32.081752 0.000000 tcp 10.0.2.109 52345 -> 195.113.214.245 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 07:23:43.090521 4.003378 udp 10.0.2.109 63016 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:23:44.089358 3.004635 udp 10.0.2.109 63016 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:23:47.704123 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 07:23:51.099091 0.000000 udp 10.0.2.109 63016 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:23:51.099195 0.000000 udp 10.0.2.109 63016 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:23:55.105145 1.501792 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:23:57.358410 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:14.143435 2.993202 tcp 10.0.2.109 52346 -> 195.113.214.249 80 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 07:24:23.135077 0.000000 tcp 10.0.2.109 52346 -> 195.113.214.249 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 07:24:33.353183 4.002350 udp 10.0.2.109 60514 -> 8.8.8.8 53 INT 0 2 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:34.179378 3.998066 udp 10.0.2.109 62159 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:34.351577 3.004112 udp 10.0.2.109 60514 -> 8.8.4.4 53 INT 0 3 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:35.173017 3.170173 udp 10.0.2.109 62159 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:35.322666 3.020524 icmp 147.32.83.216 0x0103 -> 10.0.2.109 0x0808 URH 192 2 200 flow=Background 1970/01/12 07:24:38.206726 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 07:24:41.361325 0.000000 udp 10.0.2.109 60514 -> 8.8.8.8 53 REQ 0 1 76 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:41.361448 0.000000 udp 10.0.2.109 60514 -> 8.8.4.4 53 REQ 0 1 76 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:42.182692 0.000000 udp 10.0.2.109 62159 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:42.182812 0.000000 udp 10.0.2.109 62159 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:45.367824 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 07:24:46.188874 1.501775 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:24:48.441825 0.000000 udp 10.0.2.109 3683 -> 81.136.245.57 3409 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:25:04.175050 0.066414 tcp 10.0.2.109 52347 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:25:04.242625 3.747592 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:25:08.741199 0.000000 udp 10.0.2.109 3683 -> 108.196.44.119 3295 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:25:26.758440 0.073198 tcp 10.0.2.109 52348 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:25:26.834824 0.011413 udp 10.0.2.109 51325 <-> 8.8.8.8 53 CON 0 0 2 386 flow=From-Botnet-V1-DNS 1970/01/12 07:25:26.846692 0.078006 tcp 10.0.2.109 52349 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:25:26.924944 0.139382 tcp 10.0.2.109 52350 -> 195.113.214.211 443 SRPA* 0 0 33 24741 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:25:27.064937 0.038290 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:27.103557 0.055394 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:27.159363 0.172731 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:27.332443 0.157387 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:27.490232 0.096314 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:27.586944 2.170105 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:29.757429 0.386617 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:30.144442 0.039621 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:30.184441 0.120930 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:30.305791 0.177499 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:30.483679 0.049164 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:30.533222 0.150737 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:30.684288 0.276917 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:30.961585 0.142002 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:31.103967 0.430270 rtcp 10.0.2.109 3683 <-> 201.209.10.82 5879 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:31.534608 0.156245 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:31.691195 0.143827 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:31.835439 0.041212 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:31.876979 0.043481 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:31.920851 0.337471 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:32.258688 0.207613 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:32.466710 0.137816 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:32.604922 0.052873 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:32.658309 0.189643 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:32.848309 0.183050 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:33.031737 0.168698 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:33.200842 0.206369 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:33.407635 0.192041 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:25:33.600051 0.132410 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:29:24.210769 3.001963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 07:29:31.219271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:29:39.219687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:29:55.222995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:30:27.229126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:36:31.235507 3.000777 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 07:36:38.242032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:36:46.243880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:37:02.246748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:37:34.253324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:40:25.570123 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 07:40:25.570236 0.853459 tcp 10.0.2.109 52351 -> 211.38.175.27 4598 SPA_* 0 0 9 1115 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:40:30.821479 0.002935 tcp 10.0.2.109 52351 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:43:38.259302 3.001051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 07:43:45.266613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:43:53.268515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:44:09.290892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:44:41.297238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:50:45.302760 3.001635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 07:50:52.310112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:51:00.311567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:51:16.315260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:51:48.321172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:55:45.472212 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 07:55:45.472315 0.000000 udp 10.0.2.109 3683 -> 14.97.68.224 7779 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:56:03.860451 0.074224 tcp 10.0.2.109 52352 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:56:03.935022 0.076555 tcp 10.0.2.109 52353 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:56:04.011933 0.168237 tcp 10.0.2.109 52354 -> 195.113.214.211 443 SRPA* 0 0 41 23302 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:56:04.180378 0.162916 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:04.343699 0.138828 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:04.482882 0.046364 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:04.529643 0.000000 udp 10.0.2.109 3683 -> 108.196.44.119 3295 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:56:20.312370 0.074136 tcp 10.0.2.109 52355 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:56:20.386847 0.066205 tcp 10.0.2.109 52356 -> 195.113.214.211 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:56:20.453353 0.157753 tcp 10.0.2.109 52357 -> 195.113.214.211 443 SRPA* 0 0 41 23300 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:56:20.611274 0.035731 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:20.647406 0.055020 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:20.702782 0.170117 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:20.873225 0.158798 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:21.032444 0.093322 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:21.126313 2.540504 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:23.667238 0.313042 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:23.980677 0.041620 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:24.022674 0.124878 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:24.147903 0.171730 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:24.320014 0.048985 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:24.369381 0.152101 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:24.521827 0.393185 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:24.915409 0.153124 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:25.068898 0.143067 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:25.212355 0.046444 udp 10.0.2.109 3683 <-> 87.153.125.83 4545 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:25.259195 0.046811 udp 10.0.2.109 3683 <-> 93.223.99.135 4817 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:25.306428 0.141038 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:25.447870 0.000000 udp 10.0.2.109 3683 -> 201.209.10.82 5879 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 07:56:41.613023 0.072692 tcp 10.0.2.109 52358 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:56:41.686071 0.072493 tcp 10.0.2.109 52359 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:56:41.758892 0.164919 tcp 10.0.2.109 52360 -> 195.113.214.211 443 SRPA* 0 0 47 40462 flow=From-Botnet-V1-TCP-Established 1970/01/12 07:56:41.924415 0.365419 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:42.290286 0.203828 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:42.494545 0.143076 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:42.638014 0.052694 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:42.691113 0.184173 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:42.875633 0.182984 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:43.058964 0.192584 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:43.251948 0.135318 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:43.387678 0.165658 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:56:43.553737 0.217323 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/12 07:57:52.327389 3.001090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 07:57:59.334239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:58:07.335746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:58:23.338883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 07:58:55.344923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:04:59.351156 3.001170 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 08:05:06.358034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:05:14.359603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:05:30.363115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:06:02.368451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:10:30.825607 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 08:10:30.825700 1.058754 tcp 10.0.2.109 52361 -> 211.38.175.27 4598 SPA_* 0 0 9 1208 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:10:39.538040 0.051386 tcp 10.0.2.109 52361 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:12:06.374402 3.002344 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 08:12:13.381954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:12:21.383642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:12:37.387151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:13:09.393049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:19:13.399496 3.001028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 08:19:20.406414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:19:28.407995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:19:44.411058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:20:16.416405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:26:20.422832 3.001775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 08:26:27.429830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:26:35.431569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:26:46.928631 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 08:26:46.928730 0.000000 udp 10.0.2.109 3683 -> 201.209.10.82 5879 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 08:26:51.434818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:27:03.082791 0.083858 tcp 10.0.2.109 52362 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:03.166969 0.138862 tcp 10.0.2.109 52363 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:03.306292 0.161158 tcp 10.0.2.109 52364 -> 195.113.214.211 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:03.468074 0.043579 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:03.512074 0.162041 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:03.674760 0.135082 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:03.810387 0.171598 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:03.982383 0.156968 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:04.139769 0.053954 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:04.194264 0.049049 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:04.243680 0.089895 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:04.333928 0.040455 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:04.374753 0.382169 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:04.757277 0.140123 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:04.897842 0.049827 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:04.948103 0.150312 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:05.098838 0.280092 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:05.379290 0.000000 udp 10.0.2.109 3683 -> 75.34.179.1 1841 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 08:27:23.130994 0.073627 tcp 10.0.2.109 52365 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:23.204858 0.069818 tcp 10.0.2.109 52366 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:23.274965 0.154931 tcp 10.0.2.109 52367 -> 195.113.214.211 443 SRPA* 0 0 16 7026 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:23.430709 0.122712 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:23.440603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:27:23.553840 0.158456 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:23.712627 0.140932 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:23.854015 0.145951 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:27:24.000302 0.000000 udp 10.0.2.109 3683 -> 87.153.125.83 4545 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 08:27:42.338340 0.117852 tcp 10.0.2.109 52368 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:42.456519 0.067862 tcp 10.0.2.109 52369 -> 195.113.214.211 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:42.524678 0.155991 tcp 10.0.2.109 52370 -> 195.113.214.211 443 SRPA* 0 0 23 13808 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:42.681265 0.000000 udp 10.0.2.109 3683 -> 93.223.99.135 4817 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 08:27:59.453226 0.461343 tcp 10.0.2.109 52371 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:59.914873 0.076216 tcp 10.0.2.109 52372 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:27:59.991431 0.173045 tcp 10.0.2.109 52373 -> 195.113.214.211 443 SRPA* 0 0 21 7296 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:28:00.164879 0.366795 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:28:00.532088 0.226589 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:28:00.759090 0.143083 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:28:00.902570 0.053556 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:28:00.956489 0.184334 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:28:01.141231 0.182827 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:28:01.324398 0.166081 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:28:01.490926 0.197120 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:28:01.688474 0.190347 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:28:01.879214 0.133005 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:33:27.447249 3.010892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 08:33:34.464356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:33:42.465318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:33:58.468954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:34:30.474685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:40:34.481108 3.001238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 08:40:39.595836 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 08:40:39.595922 3.003666 tcp 10.0.2.109 52374 -> 211.38.175.27 4598 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 08:40:41.487948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:40:48.598498 0.000000 tcp 10.0.2.109 52374 -> 211.38.175.27 4598 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 08:40:49.489262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:40:54.598276 0.083263 tcp 10.0.2.109 52375 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:40:54.681851 0.273947 tcp 10.0.2.109 52376 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:40:54.754366 0.468809 tcp 10.0.2.109 52377 -> 195.113.214.211 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:40:55.269520 0.133397 tcp 10.0.2.109 52378 -> 128.255.183.224 9027 SPA_* 0 0 9 1165 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:41:05.492526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:41:11.860077 0.000160 tcp 10.0.2.109 52374 -> 211.38.175.27 4598 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:41:25.401881 0.074917 tcp 10.0.2.109 52379 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:41:25.477094 0.074876 tcp 10.0.2.109 52380 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:41:25.552242 0.172064 tcp 10.0.2.109 52381 -> 195.113.214.211 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:41:25.736400 0.000065 tcp 10.0.2.109 52378 -> 128.255.183.224 9027 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:41:25.736682 1.288610 tcp 10.0.2.109 52382 -> 176.73.166.24 5576 FSPA* 0 0 14 1672 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:41:37.498673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:43:25.744473 0.000159 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 08:43:25.744728 0.000000 tcp 10.0.2.109 52378 ?> 128.255.183.224 9027 RA_ 0 1 54 flow=Background 1970/01/12 08:47:41.504338 3.001889 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 08:47:48.511991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:47:56.513888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:48:12.516323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:48:44.522561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:54:48.528965 3.001682 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 08:54:55.535771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:55:03.537637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:55:19.540444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:55:51.547033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 08:58:12.029777 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 08:58:12.029877 0.149620 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:12.179947 0.000000 udp 10.0.2.109 3683 -> 93.223.99.135 4817 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 08:58:30.747814 0.084105 tcp 10.0.2.109 52383 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:58:30.832246 0.075583 tcp 10.0.2.109 52384 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:58:30.908165 0.161731 tcp 10.0.2.109 52385 -> 195.113.214.211 443 SRPA* 0 0 22 13130 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:58:31.070422 0.000000 udp 10.0.2.109 3683 -> 87.153.125.83 4545 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 08:58:47.330265 0.069297 tcp 10.0.2.109 52386 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:58:47.399879 0.076390 tcp 10.0.2.109 52387 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:58:47.476644 0.167567 tcp 10.0.2.109 52388 -> 195.113.214.211 443 SRPA* 0 0 45 41864 flow=From-Botnet-V1-TCP-Established 1970/01/12 08:58:47.645885 0.135945 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:47.782394 0.160458 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:47.943242 0.043088 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:47.986715 0.171295 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:48.158416 0.091704 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:48.250576 0.043299 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:48.294475 0.364873 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:48.659704 0.054091 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:48.714296 0.049881 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:48.764508 0.156586 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:48.921490 0.044518 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:48.966544 2.769753 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:51.736631 0.584236 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:52.321294 0.245964 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:52.567682 0.135951 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:52.704029 0.191624 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:52.896144 0.121667 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:53.018248 0.145217 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:53.163831 0.208017 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:53.372223 0.142861 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:53.515526 0.054286 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:53.570232 0.341340 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:53.911977 0.177083 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:54.089397 0.228487 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:54.318388 0.206545 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:54.525293 0.189650 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:54.715276 0.131149 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 08:58:54.846778 0.184689 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:01:55.553041 3.001232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 09:02:02.559660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:02:10.561183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:02:26.564420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:02:58.570726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:09:02.586952 3.001143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 09:09:09.593939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:09:17.595578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:09:33.598721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:10:05.604617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:11:27.041683 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 09:11:27.041816 0.361258 tcp 10.0.2.109 52389 -> 176.73.166.24 5576 FSPA* 0 0 14 1638 flow=From-Botnet-V1-TCP-Established 1970/01/12 09:16:09.610178 3.002133 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 09:16:16.617766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:16:24.619608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:16:40.622132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:17:12.628447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:23:16.635273 3.000635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 09:23:23.641873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:23:31.643506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:23:47.646503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:24:19.652250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:29:03.670993 0.000163 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 09:29:03.671256 0.154102 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:03.825747 0.044709 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:03.870863 0.137676 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:04.008949 0.160789 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:04.170362 0.171855 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:04.342559 0.090275 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:04.433171 0.041249 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:04.474841 0.313360 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:04.788629 0.052603 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:04.841565 0.048999 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:04.890898 0.159673 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:05.051004 0.036213 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:05.087601 0.144351 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:05.232354 0.150542 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:05.383300 0.260720 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:05.644404 0.138228 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:05.783013 0.160584 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:05.943997 0.118992 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:06.063348 0.144069 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:06.207805 0.052610 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:06.260805 0.339543 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:06.600778 0.143862 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:06.745023 0.206593 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:06.952031 0.178086 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:07.130442 0.164796 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:07.295567 0.207568 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:07.503490 0.000000 udp 10.0.2.109 3683 -> 187.191.25.14 4408 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 09:29:23.110860 0.071517 tcp 10.0.2.109 52390 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 09:29:23.182682 0.075185 tcp 10.0.2.109 52391 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 09:29:23.258222 0.153795 tcp 10.0.2.109 52392 -> 195.113.214.211 443 SRPA* 0 0 47 37300 flow=From-Botnet-V1-TCP-Established 1970/01/12 09:29:23.412634 0.133609 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:29:23.546673 0.184545 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:30:23.658448 3.002030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 09:30:30.666387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:30:38.667424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:30:54.670139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:31:26.676264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:37:30.682389 3.001357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 09:37:37.689758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:37:45.691511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:38:01.694010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:38:33.700754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:41:27.410344 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 09:41:27.410443 0.573854 tcp 10.0.2.109 52393 -> 176.73.166.24 5576 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/01/12 09:44:37.707242 3.000855 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 09:44:44.713788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:44:52.715291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:45:08.718651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:45:40.724287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:51:44.731159 3.000984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 09:51:51.737569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:51:59.739264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:52:15.742210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:52:47.748042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:58:51.754215 3.001612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 09:58:58.761921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:59:06.763566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:59:22.765897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:59:39.030224 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 09:59:39.030376 0.000000 udp 10.0.2.109 3683 -> 187.191.25.14 4408 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 09:59:54.772383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 09:59:57.017747 0.077641 tcp 10.0.2.109 52394 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 09:59:57.095672 0.070625 tcp 10.0.2.109 52395 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 09:59:57.166600 0.164834 tcp 10.0.2.109 52396 -> 195.113.214.211 443 SRPA* 0 0 60 40494 flow=From-Botnet-V1-TCP-Established 1970/01/12 09:59:57.329766 0.137953 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:57.468147 0.150676 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:57.619278 0.045210 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:57.664839 0.172196 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:57.837438 0.091198 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:57.929049 0.046809 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:57.976275 0.369207 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:58.345947 0.054987 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:58.401342 0.163089 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:58.564832 0.049896 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/12 09:59:58.615099 4.932971 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:03.548507 0.217902 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:03.766805 0.325737 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:04.092893 0.141472 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:04.234794 0.206631 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:04.441779 0.052767 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:04.494950 0.156944 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:04.652290 0.144262 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:04.796999 0.053463 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:04.850855 0.336894 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:05.188071 0.144205 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:05.332677 0.206908 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:05.539997 0.120012 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:05.660389 0.167179 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:05.828007 0.181465 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:06.009863 0.197843 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:06.208042 0.132586 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:00:06.341030 0.184923 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:05:58.778703 3.000956 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 10:06:05.785960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:06:13.787482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:06:29.789917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:07:01.796285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:11:27.989438 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 10:11:27.989663 0.449129 tcp 10.0.2.109 52397 -> 176.73.166.24 5576 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/01/12 10:13:05.803071 3.000701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 10:13:12.809833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:13:20.811072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:13:36.814519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:14:08.820148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:20:12.826645 3.001112 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 10:20:19.833861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:20:27.835160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:20:43.838049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:21:15.844082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:27:19.851065 3.000509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 10:27:26.857950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:27:34.858876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:27:50.862234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:28:22.867966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:30:12.215530 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 10:30:12.215641 0.046157 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:12.262202 0.170377 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:12.433017 0.090913 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:12.524316 0.040783 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:12.565521 0.135789 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:12.701787 0.151873 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:12.854062 0.368014 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:13.222420 0.051970 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:13.274816 0.161203 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:13.436432 0.050992 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:13.487837 4.156228 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:17.644424 0.150236 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:17.795065 0.282590 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:18.078035 0.141073 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:18.219485 0.176554 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:18.396426 0.052658 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:18.449462 0.157871 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:18.607750 0.144733 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:18.752911 0.050260 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:18.803585 0.368825 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:19.172829 0.144910 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:19.318136 0.203379 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:19.521872 0.125366 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:19.650865 0.167038 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:19.818395 0.132757 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:19.951539 0.260594 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:20.212510 0.180997 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:30:20.393937 0.299404 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/12 10:34:26.875364 3.000257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 10:34:33.881915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:34:41.883080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:34:57.886132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:35:29.891826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:41:28.438270 0.030084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 10:41:28.468636 0.388375 tcp 10.0.2.109 52398 -> 176.73.166.24 5576 FSPA* 0 0 15 1783 flow=From-Botnet-V1-TCP-Established 1970/01/12 10:41:33.898110 3.002006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 10:41:40.905581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:41:48.907438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:42:04.909721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:42:36.915971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:48:40.922764 3.001117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 10:48:47.929434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:48:55.931066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:49:11.933809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:49:43.940151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:55:47.946894 3.000961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 10:55:54.953121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:56:02.954648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:56:18.957758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 10:56:50.964335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:00:28.847740 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 11:00:28.847919 0.090454 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:28.938870 0.040922 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:28.980191 0.135349 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:29.115898 0.153825 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:29.270089 0.045222 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:29.315707 0.169728 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:29.485853 0.320543 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:29.806808 0.054997 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:29.862355 0.162286 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:30.025052 0.049677 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:30.075134 2.682040 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:32.757573 0.149076 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:32.907051 0.338068 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:33.245524 0.142530 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:33.388448 0.163409 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:33.552253 0.035954 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:33.588533 0.156453 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:33.745349 0.144666 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:33.890458 0.049573 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:33.940384 0.378901 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:34.319690 0.859252 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:35.179456 0.207323 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:35.387179 0.121464 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:35.509059 0.170973 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:35.680444 0.135575 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:35.816419 0.207688 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:36.024534 0.184406 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:00:36.209352 0.183320 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:02:54.970487 3.001023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 11:03:01.977198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:03:09.979311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:03:25.982161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:03:57.987811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:10:01.994460 3.001122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 11:10:09.001566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:10:17.002957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:10:33.005994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:11:05.011964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:11:28.856996 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 11:11:28.857085 0.465535 tcp 10.0.2.109 52399 -> 176.73.166.24 5576 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/01/12 11:17:09.017528 3.001776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 11:17:16.025487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:17:24.026880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:17:40.029547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:18:12.035895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:24:16.042738 3.000537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 11:24:23.049338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:24:31.051077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:24:47.053707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:25:19.059715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:30:56.255300 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 11:30:56.255399 0.173991 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:56.429860 0.040954 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:56.471221 0.138039 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:56.609596 0.148242 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:56.758278 0.044380 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:56.803052 0.170597 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:56.974036 0.313040 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:57.287404 0.049608 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:57.337410 0.161710 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:57.499551 0.049682 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:57.549626 2.386744 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:30:59.936797 0.151073 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:00.088276 0.395665 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:00.484386 0.142111 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:00.626919 0.158962 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:00.786406 0.036545 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:00.823379 0.157241 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:00.981017 0.137921 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:01.119315 0.053474 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:01.173190 0.337818 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:01.511406 0.144512 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:01.656296 0.207075 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:01.863763 0.121622 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:01.985731 0.167071 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:02.153190 0.136863 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:02.290386 0.181380 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:02.472170 0.205755 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:02.678344 0.530087 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/12 11:31:23.086685 3.000520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 11:31:30.093604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:31:38.095554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:31:54.098491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:32:26.104076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:38:30.110056 3.001641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 11:38:37.117314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:38:45.118425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:39:01.121612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:39:33.127783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:41:29.345275 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 11:41:29.345368 0.402255 tcp 10.0.2.109 52400 -> 176.73.166.24 5576 FSPA* 0 0 14 1660 flow=From-Botnet-V1-TCP-Established 1970/01/12 11:45:37.134727 3.001139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 11:45:44.141005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:45:52.142815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:46:08.145436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:46:40.151937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:52:44.157477 3.001789 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 11:52:51.165525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:52:59.166723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:53:15.169869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:53:47.176076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 11:59:51.182536 3.000754 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 11:59:58.189222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:00:06.190588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:00:22.193843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:00:54.199682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:01:21.399228 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 12:01:21.399314 0.103531 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:21.503216 0.041639 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:21.545264 0.137079 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:21.682717 0.155410 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:21.838537 0.045584 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:21.884528 0.169726 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:22.054598 0.161561 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:22.216567 0.049974 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:22.266949 0.313254 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:22.580631 0.054535 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:22.635530 3.002077 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:25.638035 0.149669 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:25.788095 0.275911 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:26.064362 0.139178 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:26.203939 0.162018 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:26.366385 0.035550 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:26.402346 0.158457 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:26.561203 0.151426 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:26.713027 0.051086 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:26.764512 0.358841 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:27.123754 0.143164 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:27.267275 0.207581 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:27.475208 0.121054 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:27.596679 0.177366 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:27.774557 0.205377 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:27.980337 0.164247 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:28.144968 0.139832 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:01:28.285143 0.184407 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:06:58.206366 3.001020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 12:07:05.213067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:07:13.214306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:07:29.217759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:08:01.223860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:11:29.754030 0.000349 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 12:11:29.754521 0.368622 tcp 10.0.2.109 52401 -> 176.73.166.24 5576 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/01/12 12:14:05.230735 3.000761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 12:14:12.236753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:14:20.238741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:14:36.241703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:15:08.247502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:21:12.253724 3.001859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 12:21:19.260939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:21:27.262468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:21:43.275557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:22:15.281638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:28:19.288231 3.000710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 12:28:26.294868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:28:34.296434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:28:50.299764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:29:22.305786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:31:46.843943 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 12:31:46.844044 0.136026 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:46.980540 0.153474 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:47.134370 0.045665 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:47.180510 0.090031 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:47.270946 0.041138 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:47.312494 0.172791 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:47.485709 0.160782 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:47.646860 0.050691 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:47.697963 0.313501 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:48.011931 0.050475 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:48.062743 0.152614 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:48.215772 0.258183 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:48.474499 0.347802 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:48.822704 0.138942 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:48.961995 0.182716 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:49.145123 0.043875 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:49.189357 0.157267 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:49.347070 0.150482 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:49.497933 0.056840 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:49.555169 0.363506 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:49.919014 0.144836 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:50.064254 0.204599 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:50.269323 0.120046 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:50.389864 0.177871 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:50.568130 0.197483 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:50.765943 0.184035 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:50.950353 0.165996 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:31:51.116676 0.131715 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/12 12:35:26.311716 3.011653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 12:35:33.329068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:35:41.330638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:35:57.333661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:36:29.339529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:41:30.122350 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 12:41:30.122440 0.453509 tcp 10.0.2.109 52402 -> 176.73.166.24 5576 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/01/12 12:42:33.346128 3.021549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 12:42:40.372713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:42:48.374602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:43:04.377734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:43:36.383919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:49:40.390256 3.001044 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 12:49:47.396787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:49:55.398790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:50:11.401330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:50:43.407469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:56:47.413403 3.002018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 12:56:54.420684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:57:02.422365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:57:18.425565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 12:57:50.431865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:01:53.721864 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 13:01:53.722017 0.136131 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:53.858584 0.153068 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:54.012097 0.046058 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:54.058557 0.088704 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:54.147656 0.040287 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:54.188377 0.169858 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:54.358643 0.161287 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:54.520384 0.050074 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:54.570859 0.311443 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:54.882731 0.759554 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:55.642651 0.263739 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:55.906794 0.142371 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:56.049551 0.050441 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:56.100357 0.153942 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:56.254653 0.163733 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:56.418774 0.035567 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:56.454695 0.156421 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:56.611550 0.136020 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:56.747923 0.050510 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:56.798814 0.365219 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:57.164450 0.120235 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:57.285030 0.178080 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:57.463515 0.206058 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:57.670021 0.184390 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:57.854862 0.146560 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:58.001752 0.203889 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:58.206003 0.226156 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:01:58.432568 0.133467 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:03:54.437681 3.002004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 13:04:01.445173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:04:09.446446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:04:25.449330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:04:57.455344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:11:01.461781 3.001534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 13:11:08.469163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:11:16.470717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:11:30.581503 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 13:11:30.581649 0.365826 tcp 10.0.2.109 52403 -> 176.73.166.24 5576 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/01/12 13:11:32.473559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:12:04.479137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:18:08.485867 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 13:18:15.492698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:18:23.494609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:18:39.497032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:19:11.503482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:25:15.509352 3.001992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 13:25:22.517129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:25:30.518370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:25:46.521523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:26:18.527157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:32:14.750148 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 13:32:14.750256 0.135677 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:14.886495 0.153496 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:15.040403 0.043972 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:15.084798 0.102321 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:15.187515 0.045992 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:15.233871 0.171218 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:15.419790 0.160130 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:15.580333 0.050286 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:15.631048 0.312507 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:15.943953 1.080160 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:17.024532 0.262607 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:17.287520 0.136454 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:17.424398 0.048173 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:17.472953 0.138345 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:17.611657 0.167548 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:17.779576 0.037315 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:17.817224 0.154896 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:17.972472 0.140130 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:18.112992 0.054334 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:18.167728 0.337411 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:18.505552 0.120428 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:18.626350 0.182815 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:18.809561 0.204242 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:19.014383 0.183756 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:19.198516 0.142932 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:19.341830 0.132762 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:19.474966 0.206473 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:19.681822 0.165512 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/12 13:32:22.533560 3.001631 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 13:32:29.540701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:32:37.541966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:32:53.545438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:33:25.551498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:39:29.557603 3.001705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 13:39:36.564925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:39:44.566435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:40:00.569286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:40:32.575519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:41:30.949655 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 13:41:30.949743 0.362987 tcp 10.0.2.109 52404 -> 176.73.166.24 5576 FSPA* 0 0 14 1707 flow=From-Botnet-V1-TCP-Established 1970/01/12 13:46:36.581173 3.041871 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 13:46:43.628485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:46:51.630011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:47:07.633428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:47:39.639429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:53:43.645025 3.002147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 13:53:50.652724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:53:58.653888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:54:14.657075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 13:54:46.663442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:00:50.669930 3.000990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 14:00:57.676683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:01:05.678109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:01:21.681136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:01:53.687380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:02:32.473511 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 14:02:32.473610 0.134758 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:32.608830 0.156352 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:32.765520 0.044645 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:32.810545 0.113061 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:32.923951 0.046578 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:32.970877 0.169782 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:33.141038 0.184076 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:33.325546 0.051126 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:33.377069 0.310780 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:33.688242 0.149471 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:33.838126 0.259602 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:34.098249 0.138187 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:34.236837 0.047716 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:34.284984 1.120697 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:35.406267 0.157655 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:35.564285 0.047908 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:35.612529 0.157384 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:35.770364 0.144800 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:35.915566 0.050113 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:35.966002 0.361133 rtcp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:36.327534 0.120946 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:36.448968 0.180639 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:36.629997 0.217770 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:36.848161 0.132906 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:36.981405 0.207723 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:37.189523 0.164429 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:37.354420 0.183977 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:02:37.538824 0.139818 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:07:57.694055 3.000694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 14:08:04.700597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:08:12.702214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:08:28.705492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:09:00.711192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:11:31.328329 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 14:11:31.328440 0.612318 tcp 10.0.2.109 52405 -> 176.73.166.24 5576 FSPA* 0 0 14 1717 flow=From-Botnet-V1-TCP-Established 1970/01/12 14:15:04.718025 3.000726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 14:15:11.744649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:15:19.745860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:15:35.749196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:16:07.755081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:22:11.761683 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 14:22:18.768611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:22:26.769889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:22:42.773490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:23:14.779396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:29:18.785840 3.001316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 14:29:25.792380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:29:33.793857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:29:49.797016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:30:21.803183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:32:40.963397 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 14:32:40.963594 0.044545 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:41.008566 0.092607 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:41.101599 0.053312 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:41.155310 0.138556 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:41.294312 0.153243 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:41.447886 0.170569 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:41.618827 0.161355 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:41.780634 0.048820 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:41.829805 0.311590 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:42.141779 0.150241 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:42.292433 0.049389 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:42.342320 0.267042 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:42.609761 0.140943 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:42.751057 0.137359 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:42.888781 0.169359 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:43.058486 0.048631 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:43.107493 0.156098 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:43.263896 0.138364 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:43.402591 0.050087 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:43.453102 0.354533 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:43.808051 0.123004 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:43.931426 0.177902 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:44.109716 0.206461 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:44.316569 0.134845 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:44.451805 0.184680 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:44.636892 0.143656 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:44.780929 0.203114 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:32:44.984459 0.165797 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/12 14:36:25.808860 3.001924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 14:36:32.816714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:36:40.817894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:36:56.821090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:37:28.827320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:41:31.946724 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 14:41:31.975793 0.567523 tcp 10.0.2.109 52406 -> 176.73.166.24 5576 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/01/12 14:43:32.833371 3.001326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 14:43:39.840591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:43:47.841808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:44:03.845349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:44:35.851436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:50:39.857971 3.000923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 14:50:46.864761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:50:54.866038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:51:10.869401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:51:42.875358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:57:46.881568 3.001199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 14:57:53.888639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:58:01.890290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:58:17.893069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 14:58:49.899339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:02:59.788397 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 15:02:59.788493 0.045817 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:02:59.834797 0.102160 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:02:59.937321 0.047185 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:02:59.984884 0.137880 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:00.123143 0.153042 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:00.276611 0.170186 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:00.447204 0.162779 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:00.610387 0.049928 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:00.660740 0.051370 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:00.712480 0.293477 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:01.006324 0.139261 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:01.145916 2.861206 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:04.007545 0.335433 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:04.343381 1.907120 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:06.250858 0.162155 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:06.413438 0.038648 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:06.452479 0.156017 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:06.608901 0.143500 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:06.752811 0.054245 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:06.807470 0.364123 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:07.171971 0.128230 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:07.300547 0.132655 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:07.433563 0.183955 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:07.617920 0.144208 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:07.762453 0.202058 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:07.964900 0.187559 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:08.152869 0.196670 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:03:08.349969 0.164635 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:04:53.904965 3.001742 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 15:05:00.912077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:05:08.913731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:05:24.917137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:05:56.923274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:11:32.546074 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 15:11:32.546162 0.402289 tcp 10.0.2.109 52407 -> 176.73.166.24 5576 FSPA* 0 0 14 1619 flow=From-Botnet-V1-TCP-Established 1970/01/12 15:12:00.929137 3.001731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 15:12:07.936107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:12:15.937709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:12:31.940674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:13:03.947199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:19:07.952947 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 15:19:14.960255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:19:22.961680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:19:38.965035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:20:10.970885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:26:14.976253 3.002161 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 15:26:21.984722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:26:29.985641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:26:45.989104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:27:17.994911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:33:22.001199 3.001778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 15:33:27.045951 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 15:33:27.046056 0.046591 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:27.093054 0.043576 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:27.137018 0.101144 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:27.238548 0.133105 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:27.372032 0.153954 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:27.526369 0.170605 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:27.697343 0.160315 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:27.858206 0.048679 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:27.907222 0.051032 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:27.958680 0.283872 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:28.242981 0.138049 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:28.381421 3.513891 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:29.008012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:33:31.895683 0.314126 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:32.210202 0.151182 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:32.361857 0.187335 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:32.549589 0.035339 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:32.585261 0.156979 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:32.742582 0.137719 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:32.880685 0.053177 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:32.934461 0.366799 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:33.301645 0.120869 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:33.422841 0.133608 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:33.556754 0.184173 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:33.741311 0.142513 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:33.884212 0.225021 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:34.109620 0.167281 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:34.277302 0.178027 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:34.455726 0.197934 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/12 15:33:37.009750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:33:53.012540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:34:25.018692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:40:29.025668 3.001205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 15:40:36.032266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:40:44.033752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:41:00.036712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:41:32.042629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:41:32.954664 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 15:41:32.954763 0.452535 tcp 10.0.2.109 52408 -> 176.73.166.24 5576 FSPA* 0 0 15 1796 flow=From-Botnet-V1-TCP-Established 1970/01/12 15:47:36.049065 3.001568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 15:47:43.055861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:47:51.067750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:48:07.070670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:48:39.076885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:54:43.082151 3.002620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 15:54:50.090354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:54:58.091357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:55:14.094810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 15:55:46.101576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:01:50.107721 3.001360 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 16:01:57.114406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:02:05.115909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:02:21.118623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:02:53.124562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:04:03.576092 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 16:04:03.576187 0.046041 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:03.622645 0.044571 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:03.667549 0.093362 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:03.761302 0.137096 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:03.898839 0.152055 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:04.051301 0.173612 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:04.225310 0.162306 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:04.388003 0.050843 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:04.439227 0.049528 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:04.489169 0.258973 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:04.748540 0.139041 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:04.887970 1.238485 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:06.126905 0.312355 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:06.439695 0.824086 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:07.264162 0.163347 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:07.427907 0.036045 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:07.464275 0.158417 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:07.623088 0.136494 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:07.759984 0.051898 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:07.812330 0.357267 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:08.170017 0.123411 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:08.293797 0.388953 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:08.683124 0.189176 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:08.872686 0.144452 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:09.017540 0.183037 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:09.200909 0.208150 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:09.409441 0.206517 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:04:09.616360 0.165138 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:08:57.131053 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 16:09:04.137818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:09:12.139690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:09:28.142710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:10:00.148359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:11:33.413087 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 16:11:33.413370 0.389677 tcp 10.0.2.109 52409 -> 176.73.166.24 5576 FSPA* 0 0 14 1731 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:16:04.154595 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 16:16:11.161792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:16:19.163770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:16:35.166530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:17:07.172501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:23:11.178976 3.001111 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 16:23:18.186357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:23:26.187970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:23:42.190701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:24:14.196464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:30:18.202767 3.001788 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 16:30:25.210070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:30:33.211474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:30:49.214611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:31:21.220610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:34:12.136917 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 16:34:12.137020 0.100816 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:12.238220 0.137078 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:12.375678 0.046786 udp 10.0.2.109 3683 <-> 93.198.197.22 8279 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:12.422852 0.045877 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:12.469083 0.154244 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:12.623676 0.171245 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:12.795480 0.162401 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:12.958315 0.050024 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:13.008746 0.049210 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:13.058376 0.268437 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:13.327225 0.146285 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:13.473911 1.619117 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:15.093436 0.311837 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:15.405717 0.149280 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:15.555339 0.159330 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:15.715076 0.036165 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:15.751598 0.156144 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:15.908156 0.136698 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:16.045215 0.053914 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:16.099552 0.368139 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:16.468082 0.119892 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:16.588334 0.134796 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:16.723519 0.212134 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:16.936073 0.142741 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:17.079169 0.204059 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:17.283595 0.166143 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:17.450102 0.183594 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:34:17.634301 0.202268 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/12 16:37:25.225745 3.012149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 16:37:32.243660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:37:40.245459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:37:56.248155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:38:28.254562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:41:33.802239 0.000633 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 16:41:33.802968 2.992856 tcp 10.0.2.109 52410 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:41:42.794278 0.000000 tcp 10.0.2.109 52410 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:41:48.804183 0.075569 tcp 10.0.2.109 52411 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:41:48.880024 0.070274 tcp 10.0.2.109 52412 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:41:48.950588 0.131274 tcp 10.0.2.109 52413 -> 195.113.214.211 443 SRPA* 0 0 56 38843 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:41:49.154250 3.003355 tcp 10.0.2.109 52414 -> 94.240.219.11 9035 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:41:58.156085 0.000000 tcp 10.0.2.109 52414 -> 94.240.219.11 9035 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:42:04.155630 0.072706 tcp 10.0.2.109 52415 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:04.228649 0.074210 tcp 10.0.2.109 52416 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:04.303123 0.153360 tcp 10.0.2.109 52417 -> 195.113.214.211 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:04.540056 2.999903 tcp 10.0.2.109 52418 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:42:13.538070 0.000000 tcp 10.0.2.109 52418 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:42:19.537735 0.069258 tcp 10.0.2.109 52419 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:19.607289 0.074254 tcp 10.0.2.109 52420 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:19.681856 0.152399 tcp 10.0.2.109 52421 -> 195.113.214.211 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:20.252206 3.000101 tcp 10.0.2.109 52422 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:42:29.251029 0.000000 tcp 10.0.2.109 52422 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:42:35.250493 0.066940 tcp 10.0.2.109 52423 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:35.317744 0.072096 tcp 10.0.2.109 52424 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:35.390161 0.153925 tcp 10.0.2.109 52425 -> 195.113.214.211 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:35.712853 2.991984 tcp 10.0.2.109 52426 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:42:44.713180 0.000000 tcp 10.0.2.109 52426 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 16:42:50.712636 0.073521 tcp 10.0.2.109 52427 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:50.786525 0.076396 tcp 10.0.2.109 52428 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:50.862798 0.157845 tcp 10.0.2.109 52429 -> 195.113.214.211 443 SRPA* 0 0 36 18910 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:42:51.154195 0.542713 tcp 10.0.2.109 52430 -> 176.73.148.62 8415 FSPA* 0 0 14 1515 flow=From-Botnet-V1-TCP-Established 1970/01/12 16:44:32.260842 3.001005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 16:44:39.267665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:44:47.269658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:45:03.272381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:45:35.278424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:51:39.284822 3.000996 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 16:51:46.291931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:51:54.293286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:52:10.296404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:52:42.302371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:58:46.309037 3.000934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 16:58:53.316161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:59:01.317669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:59:17.320503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 16:59:49.326271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:04:38.232163 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 17:04:38.232266 0.088176 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:38.320856 0.138473 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:38.459753 0.000000 udp 10.0.2.109 3683 -> 93.198.197.22 8279 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 17:04:54.877409 0.066202 tcp 10.0.2.109 52431 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:04:54.943857 0.062964 tcp 10.0.2.109 52432 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:04:55.006808 0.158332 tcp 10.0.2.109 52433 -> 195.113.214.211 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:04:55.165763 0.046215 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:55.212389 0.153000 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:55.365809 0.172422 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:55.538631 0.162078 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:55.701143 0.050755 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:55.752249 0.137680 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:55.890447 0.049723 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:55.940507 0.263673 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:04:56.204573 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 17:05:11.890663 0.061167 tcp 10.0.2.109 52434 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:05:11.952115 0.065208 tcp 10.0.2.109 52435 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:05:12.017602 0.153201 tcp 10.0.2.109 52436 -> 195.113.214.211 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:05:12.171436 0.311324 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:12.483178 0.610001 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:13.093566 0.165045 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:13.259031 0.036783 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:13.296192 0.158342 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:13.454962 0.138334 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:13.593671 0.054240 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:13.648308 0.348549 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:13.997244 0.121117 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:14.118840 0.133184 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:14.252411 0.200021 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:14.452767 0.228640 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:14.681814 0.178362 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:14.860576 0.209172 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:15.070159 0.140221 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:15.210776 0.236172 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:05:53.332985 3.000801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 17:06:00.339739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:06:08.341192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:06:24.344466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:06:56.350278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:12:51.702003 0.000195 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 17:12:51.702243 0.440770 tcp 10.0.2.109 52437 -> 176.73.148.62 8415 FSPA* 0 0 14 1569 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:13:00.357251 3.000504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 17:13:07.364135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:13:15.365472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:13:31.368574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:14:03.384142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:20:07.391115 3.000893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 17:20:14.397865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:20:22.399183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:20:38.402287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:21:10.408176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:27:14.415122 3.000980 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 17:27:21.421428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:27:29.423378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:27:45.426280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:28:17.432741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:34:21.439250 3.000884 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 17:34:28.445570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:34:36.447432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:34:52.450010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:35:24.455990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:35:32.007272 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 17:35:32.007370 0.000000 udp 10.0.2.109 3683 -> 93.198.197.22 8279 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 17:35:49.874635 0.065883 tcp 10.0.2.109 52438 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:35:49.940883 0.064922 tcp 10.0.2.109 52439 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:35:50.006073 0.153998 tcp 10.0.2.109 52440 -> 195.113.214.211 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:35:50.160317 1.627575 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:51.788255 0.100253 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:51.888938 0.146685 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:52.035969 0.045418 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:52.081738 0.161380 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:52.243463 0.050541 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:52.294386 0.147794 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:52.442599 0.048765 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:52.491729 0.169651 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:52.661753 0.156117 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:52.818420 0.264963 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:53.083838 0.311686 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:53.395875 0.754951 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:54.151248 0.174542 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:54.326168 0.040797 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:54.367354 0.156234 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:54.523929 0.144252 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:54.668627 0.054364 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:54.723384 0.340751 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:55.064547 0.197067 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:55.261986 0.165803 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:55.428199 0.183998 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:55.612590 0.121772 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:55.734812 0.142990 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:55.878438 0.232649 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:56.111413 0.206867 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:35:56.318623 0.139002 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/12 17:41:28.461745 3.002220 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 17:41:35.469923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:41:43.471657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:41:59.473954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:42:31.480176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:42:52.150619 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 17:42:52.150714 0.621409 tcp 10.0.2.109 52441 -> 176.73.148.62 8415 FSPA* 0 0 14 1527 flow=From-Botnet-V1-TCP-Established 1970/01/12 17:48:35.486882 3.000888 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 17:48:42.493471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:48:50.495098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:49:06.497910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:49:38.504005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:55:42.510204 3.001841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 17:55:49.517879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:55:57.519195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:56:13.522352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 17:56:45.527847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:02:49.534824 3.000986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 18:02:56.541744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:03:04.543545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:03:20.546137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:03:52.552180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:05:57.712678 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 18:05:57.712853 3.072382 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:00.785624 0.092610 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:00.878644 0.138252 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:01.017230 0.043913 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:01.061569 0.163298 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:01.225253 0.050677 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:01.276333 0.142011 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:01.418794 0.047632 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:01.466813 0.170622 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:01.637916 0.153706 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:01.792022 0.264918 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:02.057341 0.313532 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:02.371294 0.167758 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:02.539448 0.169442 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:02.709214 0.039457 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:02.749107 0.156582 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:02.906153 0.145240 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:03.051747 0.053669 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:03.105810 0.343149 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:03.449411 0.195548 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:03.645315 0.165551 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:03.811259 0.182836 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:03.994525 0.120976 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:04.115904 0.131142 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:04.247429 0.144025 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:04.391792 0.203670 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:06:04.595847 0.209024 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:09:56.558236 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 18:10:03.565674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:10:11.567483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:10:27.569727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:10:59.575944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:12:52.779563 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 18:12:52.779653 0.543187 tcp 10.0.2.109 52442 -> 176.73.148.62 8415 FSPA* 0 0 12 1584 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:17:03.581795 3.002119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 18:17:10.589709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:17:18.591322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:17:34.593889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:18:06.610098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:24:10.616821 3.001333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 18:24:17.623857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:24:25.625162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:24:41.628359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:25:13.633909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:31:17.640061 3.001422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 18:31:24.647317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:31:32.649415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:31:48.651974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:32:20.657686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:36:10.729017 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 18:36:10.729192 0.139408 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:10.868998 4.210920 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:15.080353 0.101861 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:15.182618 0.043986 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:15.227014 0.160700 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:15.388134 0.050867 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:15.439400 0.142193 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:15.582000 0.048281 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:15.630608 0.170549 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:15.801555 0.153766 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:15.955766 0.272547 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:16.228712 0.311290 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:16.540352 0.157290 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:16.698039 0.194195 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:16.892616 0.036492 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:16.929504 0.158656 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:17.088497 0.156972 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:17.245893 0.051868 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:17.298374 0.361304 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:17.660049 0.196760 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:17.857204 0.168261 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:18.025834 0.185233 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:18.211475 0.156396 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:18.368253 0.206749 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:18.575350 0.197408 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:18.773092 0.121327 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:36:18.894889 0.133802 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/12 18:38:24.663430 3.002170 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 18:38:31.671805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:38:39.673208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:38:55.675608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:39:27.681970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:42:53.327974 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 18:42:53.328260 3.003321 tcp 10.0.2.109 52443 -> 176.73.148.62 8415 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 18:43:02.330615 0.000000 tcp 10.0.2.109 52443 -> 176.73.148.62 8415 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 18:43:08.330573 0.062138 tcp 10.0.2.109 52444 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:08.392984 0.068001 tcp 10.0.2.109 52445 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:08.461273 0.156980 tcp 10.0.2.109 52446 -> 195.113.214.211 443 SRPA* 0 0 27 11692 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:08.674731 3.009451 tcp 10.0.2.109 52447 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 18:43:17.692440 0.000000 tcp 10.0.2.109 52447 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 18:43:23.672152 0.066377 tcp 10.0.2.109 52448 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:23.738787 0.068850 tcp 10.0.2.109 52449 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:23.807938 0.155546 tcp 10.0.2.109 52450 -> 195.113.214.211 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:23.992925 2.993225 tcp 10.0.2.109 52451 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 18:43:32.984696 0.000000 tcp 10.0.2.109 52451 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 18:43:38.994408 0.067161 tcp 10.0.2.109 52452 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:39.061824 0.067382 tcp 10.0.2.109 52453 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:39.129050 0.157000 tcp 10.0.2.109 52454 -> 195.113.214.211 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:39.325391 3.002327 tcp 10.0.2.109 52455 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 18:43:48.326649 0.000000 tcp 10.0.2.109 52455 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 18:43:54.326074 0.063880 tcp 10.0.2.109 52456 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:54.389812 0.062962 tcp 10.0.2.109 52457 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:54.453136 0.156417 tcp 10.0.2.109 52458 -> 195.113.214.211 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:43:54.647463 1.125997 tcp 10.0.2.109 52459 -> 211.38.175.27 4598 SPA_* 0 0 9 1121 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:44:02.352592 0.063955 tcp 10.0.2.109 52459 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/12 18:45:31.688101 3.001743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 18:45:38.695792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:45:46.697053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:46:02.699601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:46:34.705874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:52:38.711843 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 18:52:45.719739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:52:53.720552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:53:09.723588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:53:41.730288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 18:59:45.736781 3.000961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 18:59:52.743573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:00:00.745057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:00:16.747897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:00:48.754000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:06:39.568703 0.000773 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 19:06:39.569581 0.137503 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:39.707528 0.399755 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:40.107711 0.095910 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:40.204050 0.043702 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:40.248166 0.159562 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:40.408130 0.050186 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:40.458711 0.139417 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:40.598532 0.047709 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:40.646658 0.171910 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:40.818993 0.153539 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:40.972932 0.261785 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:41.235133 0.311527 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:41.547079 0.392518 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:41.940008 0.165035 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:42.105462 0.034543 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:42.140415 0.049297 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:42.190154 0.344737 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:42.535272 0.197143 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:42.732941 0.165828 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:42.899231 0.156307 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:43.055942 0.143373 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:43.199780 0.177956 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:43.378173 0.143119 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:43.521714 0.206239 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:43.728333 0.208078 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:43.936830 0.120518 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:44.057763 0.133778 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:06:52.760430 3.001570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 19:06:59.767664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:07:07.769107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:07:23.771672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:07:55.777710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:13:59.783690 3.001815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 19:14:02.415229 0.000165 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 19:14:02.415597 1.211478 tcp 10.0.2.109 52460 -> 211.38.175.27 4598 SPA_* 0 0 9 1029 flow=From-Botnet-V1-TCP-Established 1970/01/12 19:14:06.791281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:14:07.696572 0.093663 tcp 10.0.2.109 52460 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/12 19:14:14.792621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:14:30.796064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:15:02.802248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:21:06.807410 3.001695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 19:21:13.815483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:21:21.816899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:21:37.819553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:22:09.825490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:28:13.831902 3.001367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 19:28:20.839139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:28:28.841013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:28:44.843698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:29:16.849883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:35:20.855872 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 19:35:27.863341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:35:35.864737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:35:51.867400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:36:23.873971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:36:47.017108 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 19:36:47.017201 0.137155 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:47.154792 3.744051 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:50.899253 0.091431 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:50.991071 0.043754 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:51.035218 0.160315 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:51.195935 0.048961 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:51.245268 0.138470 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:51.384150 0.051495 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:51.436008 0.170645 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:51.607055 0.154882 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:51.762444 1.127436 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:52.890413 0.265672 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:53.156451 0.311430 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:53.468279 0.171002 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:53.639711 0.035513 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:53.675618 0.053261 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:53.729291 0.354320 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:54.084005 0.196659 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:54.281071 0.165407 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:54.446840 0.184450 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:54.631697 0.140650 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:54.772692 0.207631 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:54.980739 0.214380 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:55.195478 0.154894 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:55.350739 0.144153 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:55.495323 0.121398 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:36:55.617139 0.133212 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/12 19:42:27.880717 3.000335 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 19:42:34.886773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:42:42.888456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:42:58.891526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:43:30.897736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:44:07.792274 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 19:44:07.792374 1.111086 tcp 10.0.2.109 52461 -> 211.38.175.27 4598 SPA_* 0 0 9 1198 flow=From-Botnet-V1-TCP-Established 1970/01/12 19:44:13.600141 0.018488 tcp 10.0.2.109 52461 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/12 19:49:34.903755 3.001785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 19:49:41.911544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:49:49.912278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:50:05.915361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:50:37.921727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:56:41.927250 3.002399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 19:56:48.935227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:56:56.936524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:57:12.939869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 19:57:44.945800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:03:48.952260 3.000783 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 20:03:55.959293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:04:03.960618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:04:19.963805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:04:51.969388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:07:08.345942 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 20:07:08.346255 0.137621 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:08.484390 1.611683 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:10.096487 0.116113 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:10.213003 0.044830 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:10.258253 0.160519 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:10.419150 0.049632 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:10.469097 0.139719 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:10.609163 0.054229 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:10.663806 0.171140 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:10.835351 0.153770 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:10.989517 0.152718 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:11.142597 0.264666 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:11.407685 0.313021 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:11.721116 0.158488 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:11.879982 0.036419 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:11.916781 0.052023 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:11.969200 0.363989 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:12.333602 0.197183 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:12.531215 0.168679 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:12.700225 0.183643 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:12.884254 0.143263 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:13.027885 0.207666 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:13.235943 0.137262 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:13.373624 0.124016 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:13.497988 0.134474 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:13.632818 0.198713 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:07:13.831941 0.156059 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:10:55.976383 3.001037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 20:11:02.983279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:11:10.984689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:11:26.987250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:11:58.993840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:14:13.617521 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 20:14:13.617598 1.190164 tcp 10.0.2.109 52462 -> 211.38.175.27 4598 SPA_* 0 0 9 1034 flow=From-Botnet-V1-TCP-Established 1970/01/12 20:14:19.126797 0.031952 tcp 10.0.2.109 52462 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/12 20:18:02.999219 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 20:18:10.006709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:18:18.008254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:18:34.011407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:19:06.017758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:25:10.023789 3.001642 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 20:25:17.031219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:25:25.032395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:25:41.035197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:26:13.041552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:32:17.048402 3.000998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 20:32:24.054849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:32:32.056048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:32:48.059218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:33:20.065408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:37:17.447105 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 20:37:17.447209 0.135524 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:17.583083 0.147966 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:17.731477 0.098282 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:17.830259 0.043626 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:17.874474 0.159477 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:18.034323 0.050472 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:18.085210 0.139175 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:18.224728 0.055316 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:18.280459 0.172179 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:18.453034 0.151354 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:18.604784 0.149658 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:18.754839 0.344043 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:19.099782 0.317282 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:19.417452 0.159281 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:19.577162 0.036057 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:19.613613 0.051584 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:19.665577 0.168477 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:19.834447 0.181221 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:20.016102 0.143461 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:20.159973 0.350883 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:20.511221 0.191857 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:20.703558 0.206744 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:20.910653 0.135866 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:21.046926 0.121507 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:21.168858 0.134115 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:21.303371 0.206180 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:37:21.509882 0.155333 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/12 20:39:24.072113 3.001325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 20:39:31.078989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:39:39.080013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:39:55.083094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:40:27.089056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:44:19.163734 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 20:44:19.163830 1.116942 tcp 10.0.2.109 52463 -> 211.38.175.27 4598 SPA_* 0 0 9 1169 flow=From-Botnet-V1-TCP-Established 1970/01/12 20:44:28.108181 0.077296 tcp 10.0.2.109 52463 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/12 20:46:31.096206 3.001143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 20:46:38.103283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:46:46.104533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:47:02.107842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:47:34.113501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:53:38.119881 3.001261 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 20:53:45.126976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:53:53.128658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:54:09.131325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 20:54:41.137582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:00:45.144098 3.000852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 21:00:52.150793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:01:00.152613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:01:16.155470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:01:48.161412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:07:46.617044 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 21:07:46.617234 0.107972 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:46.725614 0.043833 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:46.770252 0.134511 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:46.905149 0.144368 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:47.049913 0.161023 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:47.211356 0.051083 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:47.262802 0.140836 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:47.404076 0.054447 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:47.458987 0.170757 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:47.630180 0.156376 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:47.786888 0.239709 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:48.026992 0.270145 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:48.297480 0.325571 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:48.623396 0.177733 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:48.801515 0.035051 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:48.836960 0.055095 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:48.892426 0.229597 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:49.122486 0.183079 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:49.305912 0.190940 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:49.497191 0.203414 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:49.700979 0.143622 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:49.844995 0.347232 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:50.192633 0.136110 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:50.329151 0.120850 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:50.450385 0.132425 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:50.583187 0.207599 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:50.791136 0.156298 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:07:52.167654 3.001309 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 21:07:59.174685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:08:07.176199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:08:23.179722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:08:55.185625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:14:28.184354 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 21:14:28.184448 1.203235 tcp 10.0.2.109 52464 -> 211.38.175.27 4598 SPA_* 0 0 9 1197 flow=From-Botnet-V1-TCP-Established 1970/01/12 21:14:37.541743 0.092330 tcp 10.0.2.109 52464 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/12 21:14:59.191366 3.001479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 21:15:06.199151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:15:14.200438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:15:30.203284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:16:02.209014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:22:06.215621 3.001221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 21:22:13.222613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:22:21.223917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:22:37.226977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:23:09.233511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:29:13.238809 3.002044 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 21:29:20.246512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:29:28.247778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:29:44.251039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:30:16.257233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:36:20.262970 3.002267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 21:36:27.271010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:36:35.271911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:36:51.274795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:37:23.281482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:38:14.305189 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 21:38:14.305358 0.135770 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:14.441538 0.100362 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:14.542359 0.045070 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:14.587831 3.647759 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:18.235929 0.160644 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:18.396923 0.049656 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:18.446966 0.140144 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 203 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:18.587522 0.047189 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:18.635093 0.172420 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:18.807851 0.150938 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:18.959201 0.151744 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:19.111317 0.261630 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:19.373356 0.340899 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:19.714607 0.166588 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:19.881557 0.036403 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:19.918346 0.053831 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:19.972576 0.191230 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:20.164169 0.203850 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:20.368393 0.142572 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:20.511302 0.165253 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:20.676892 0.182459 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:20.859759 0.359537 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:21.219660 0.138334 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:21.358420 0.122236 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:21.481059 0.134865 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:21.616313 0.207925 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:38:21.824657 0.157713 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/12 21:43:27.287920 3.000982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 21:43:34.294309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:43:42.295846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:43:58.299430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:44:30.305276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:44:37.635899 0.000037 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 21:44:37.635975 3.952417 tcp 10.0.2.109 52465 -> 211.38.175.27 4598 SPA_* 0 0 10 1302 flow=From-Botnet-V1-TCP-Established 1970/01/12 21:44:46.604878 0.010321 tcp 10.0.2.109 52465 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/12 21:50:34.311672 3.000905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 21:50:41.318598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:50:49.319682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:51:05.323386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:51:37.329292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:57:41.335701 3.001253 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 21:57:48.342427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:57:56.343770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:58:12.347302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 21:58:44.352699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:04:48.359168 3.001761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 22:04:55.366483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:05:03.367765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:05:19.371033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:05:51.377334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:08:41.812356 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 22:08:41.812459 0.044228 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:41.857048 0.139366 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:41.996863 0.090670 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:42.087929 3.061452 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:45.149815 0.161432 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:45.311634 0.049750 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:45.361806 0.140035 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:45.502302 0.052623 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:45.555314 0.171326 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:45.727026 0.155192 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:45.882622 0.419689 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:46.302722 0.274900 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:46.578031 0.357003 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:46.935414 0.161486 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:47.097322 0.057205 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:47.155009 0.052789 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:47.208151 0.144801 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:47.353374 0.165049 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:47.518903 0.185717 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:47.704930 0.196001 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:47.901316 0.203000 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:48.104660 0.366757 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:48.471787 0.143840 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:48.616040 0.120770 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:48.737156 0.131817 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:48.869428 0.207874 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:08:49.077737 0.156725 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:11:55.383571 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 22:12:02.390047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:12:10.392074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:12:26.395284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:12:58.401205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:14:46.617033 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 22:14:46.617125 1.080240 tcp 10.0.2.109 52466 -> 211.38.175.27 4598 SPA_* 0 0 9 1217 flow=From-Botnet-V1-TCP-Established 1970/01/12 22:15:01.716042 0.055821 tcp 10.0.2.109 52466 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/12 22:19:02.407165 3.001243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 22:19:09.414571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:19:17.415887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:19:33.419128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:20:05.425242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:26:09.431022 3.001203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 22:26:16.437989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:26:24.439594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:26:40.442963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:27:12.449203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:33:16.454267 3.002053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 22:33:23.462294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:33:31.463759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:33:47.466949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:34:19.472621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:39:14.126598 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 22:39:14.126695 0.044153 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:14.171266 0.136274 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:14.308009 0.090280 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:14.398643 3.374950 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:17.773965 0.160889 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:17.935296 0.048871 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:17.984586 0.136269 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:18.121217 0.053901 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:18.175556 0.171775 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:18.347749 0.154677 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:18.502846 0.312245 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:18.815463 0.261278 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:19.077090 0.306220 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:19.383733 0.164151 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:19.548281 0.035453 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:19.584113 0.050931 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:19.635452 0.000000 udp 10.0.2.109 3683 -> 67.71.166.60 5215 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 22:39:36.981266 0.051594 tcp 10.0.2.109 52467 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 22:39:37.033151 0.052715 tcp 10.0.2.109 52468 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 22:39:37.086364 0.126210 tcp 10.0.2.109 52469 -> 195.113.214.211 443 SRPA* 0 0 77 80167 flow=From-Botnet-V1-TCP-Established 1970/01/12 22:39:37.213266 0.164434 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:37.378049 0.187325 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:37.565706 0.196746 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:37.762786 0.137405 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:37.900639 0.121307 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:38.022569 0.132393 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:38.155342 0.203403 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:38.359140 0.370664 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:38.730378 0.208312 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:39:38.939084 0.156032 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/12 22:40:23.479010 3.001254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 22:40:30.486022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:40:38.487474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:40:54.490613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:41:26.496913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:45:01.777090 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 22:45:01.777249 1.237421 tcp 10.0.2.109 52470 -> 211.38.175.27 4598 SPA_* 0 0 9 1081 flow=From-Botnet-V1-TCP-Established 1970/01/12 22:45:32.719195 0.019391 tcp 10.0.2.109 52470 -> 211.38.175.27 4598 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/12 22:47:30.503652 3.000483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 22:47:37.510045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:47:45.512020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:48:01.514794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:48:33.520852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:54:37.527331 3.001306 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 22:54:44.533841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:54:52.535672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:55:08.538820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 22:55:40.545030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:01:44.550510 3.001641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 23:01:51.557940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:01:59.559523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:02:15.562527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:02:47.568766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:08:51.574271 3.002428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 23:08:58.582291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:09:06.583463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:09:22.586542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:09:52.600098 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 23:09:52.600175 0.143625 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:52.744168 0.090681 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:52.842352 0.043910 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:52.886707 0.137637 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:53.024741 0.050404 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:53.075550 0.700034 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:53.776016 0.161146 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:53.937526 0.137862 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:54.075793 0.152217 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:54.228335 0.313887 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:54.542615 0.172638 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:54.592737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:09:54.715646 0.049399 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:54.765450 0.175012 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:54.940900 0.035898 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:54.977181 0.052200 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:55.029801 0.272461 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:55.302649 0.408205 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:55.711269 0.196776 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:55.908425 0.136004 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:56.044845 0.121737 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:56.166976 0.164761 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:56.332163 0.186074 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:56.518666 0.133044 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:56.652070 0.204382 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:56.856849 0.362773 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:57.220032 0.206792 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:09:57.427184 0.156539 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:15:32.739479 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 23:15:32.739577 1.020538 tcp 10.0.2.109 52471 -> 211.38.175.27 4598 SPA_* 0 0 9 1006 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:15:38.082750 0.055474 tcp 10.0.2.109 52471 -> 211.38.175.27 4598 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:15:58.598369 3.002066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 23:16:05.606144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:16:13.607256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:16:29.610790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:17:01.616531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:23:05.623115 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 23:23:12.629966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:23:20.631836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:23:36.634789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:24:08.640755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:30:12.646386 3.001537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 23:30:19.654099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:30:27.655461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:30:43.658784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:31:15.664772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:37:19.671136 3.001202 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 23:37:26.758067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:37:34.759930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:37:50.762830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:38:22.768448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:40:00.359465 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 23:40:00.359559 0.046134 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:00.406083 0.136148 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:00.542588 0.148946 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:00.691911 0.096921 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:00.789224 0.160542 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:00.950160 0.049829 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:01.000321 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/12 23:40:16.885237 0.053500 tcp 10.0.2.109 52472 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:40:16.939106 0.052589 tcp 10.0.2.109 52473 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:40:16.991945 0.146099 tcp 10.0.2.109 52474 -> 195.113.214.211 443 SRPA* 0 0 41 23302 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:40:17.138303 0.140659 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:17.279388 0.153266 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:17.433086 0.313146 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:17.746632 0.170478 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:17.917463 0.049773 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:17.967684 0.159320 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:18.127396 0.052274 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:18.180072 0.058813 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:18.239311 0.190957 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:18.430667 0.280278 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:18.711292 0.149485 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:18.861140 0.137013 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:18.998560 0.122969 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:19.121899 0.167048 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:19.289384 0.179066 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:19.468871 0.132256 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:19.601535 0.223233 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:19.825170 0.155883 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:19.981443 0.343197 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:40:20.325038 0.197084 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/12 23:44:26.774826 3.001125 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/12 23:44:33.781837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:44:41.783616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:44:57.786401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:45:29.792512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:45:38.175522 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 23:45:38.175816 0.954577 tcp 10.0.2.109 52475 -> 211.38.175.27 4598 FSPA* 0 0 13 1229 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:38.844038 0.052233 tcp 10.0.2.109 52476 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:38.896550 0.052763 tcp 10.0.2.109 52477 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:38.949612 0.151182 tcp 10.0.2.109 52478 -> 195.113.214.211 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:39.130629 0.566560 tcp 10.0.2.109 52479 -> 128.255.183.224 9027 FSPA* 0 0 13 1229 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:39.435084 0.052021 tcp 10.0.2.109 52480 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:39.486963 0.052158 tcp 10.0.2.109 52481 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:39.539446 0.146356 tcp 10.0.2.109 52482 -> 195.113.214.211 443 SRPA* 0 0 47 32290 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:39.697437 3.003667 tcp 10.0.2.109 52483 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:45:48.699987 0.000000 tcp 10.0.2.109 52483 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:45:54.699254 0.052876 tcp 10.0.2.109 52484 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:54.751947 0.052614 tcp 10.0.2.109 52485 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:54.804900 0.148641 tcp 10.0.2.109 52486 -> 195.113.214.211 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:54.975658 0.446751 tcp 10.0.2.109 52487 -> 94.240.219.11 9035 FSPA* 0 0 13 1229 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:55.084086 0.052259 tcp 10.0.2.109 52488 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:55.136203 0.052580 tcp 10.0.2.109 52489 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:55.189099 0.217307 tcp 10.0.2.109 52490 -> 195.113.214.211 443 SRPA* 0 0 32 22202 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:45:55.422625 3.001432 tcp 10.0.2.109 52491 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:46:04.432304 0.000000 tcp 10.0.2.109 52491 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:46:10.421321 0.051901 tcp 10.0.2.109 52492 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:10.473072 0.053559 tcp 10.0.2.109 52493 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:10.526491 0.147129 tcp 10.0.2.109 52494 -> 195.113.214.211 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:10.745096 3.000330 tcp 10.0.2.109 52495 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:46:19.744029 0.000000 tcp 10.0.2.109 52495 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:46:25.743854 0.051763 tcp 10.0.2.109 52496 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:25.795930 0.055430 tcp 10.0.2.109 52497 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:25.851692 0.144471 tcp 10.0.2.109 52498 -> 195.113.214.211 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:26.007825 2.999705 tcp 10.0.2.109 52499 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:46:35.005977 0.000000 tcp 10.0.2.109 52499 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:46:41.005941 0.051975 tcp 10.0.2.109 52500 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:41.057868 0.052027 tcp 10.0.2.109 52501 -> 195.113.214.211 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:41.110320 0.142245 tcp 10.0.2.109 52502 -> 195.113.214.211 443 SRPA* 0 0 20 11312 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:41.314591 0.383943 tcp 10.0.2.109 52503 -> 176.73.148.62 8415 FSPA* 0 0 13 1229 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:41.434391 0.051309 tcp 10.0.2.109 52504 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:41.485993 0.052553 tcp 10.0.2.109 52505 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:41.538904 0.147326 tcp 10.0.2.109 52506 -> 195.113.214.211 443 SRPA* 0 0 35 19202 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:41.698751 3.001350 tcp 10.0.2.109 52507 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:46:50.699039 0.000000 tcp 10.0.2.109 52507 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:46:56.698022 0.051637 tcp 10.0.2.109 52508 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:56.749933 0.051758 tcp 10.0.2.109 52509 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:56.801973 0.142569 tcp 10.0.2.109 52510 -> 195.113.214.211 443 SRPA* 0 0 24 13356 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:46:56.955954 3.005979 tcp 10.0.2.109 52511 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:47:05.960716 0.000000 tcp 10.0.2.109 52511 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:47:11.950228 0.051946 tcp 10.0.2.109 52512 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:47:12.002136 0.052304 tcp 10.0.2.109 52513 -> 195.113.214.211 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:47:12.054805 0.149472 tcp 10.0.2.109 52514 -> 195.113.214.211 443 SRPA* 0 0 26 12628 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:47:12.260926 2.993035 tcp 10.0.2.109 52515 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:47:21.262926 0.000000 tcp 10.0.2.109 52515 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:47:27.262492 0.052009 tcp 10.0.2.109 52516 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:47:27.314826 0.052718 tcp 10.0.2.109 52517 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:47:27.367855 0.143820 tcp 10.0.2.109 52518 -> 195.113.214.211 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:47:27.668936 0.667631 tcp 10.0.2.109 52519 -> 211.38.175.27 4598 FSPA* 0 0 13 1229 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:47:28.336461 0.291966 tcp 10.0.2.109 52520 -> 128.255.183.224 9027 FSPA* 0 0 11 1121 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:47:28.628580 2.999478 tcp 10.0.2.109 52521 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:47:37.626492 0.000000 tcp 10.0.2.109 52521 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:47:43.624964 0.108812 tcp 10.0.2.109 52522 -> 94.240.219.11 9035 FSPA* 0 0 13 1229 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:47:43.734041 3.005598 tcp 10.0.2.109 52523 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:47:52.737728 0.000000 tcp 10.0.2.109 52523 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:47:58.726846 3.003864 tcp 10.0.2.109 52524 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:48:07.729860 0.000000 tcp 10.0.2.109 52524 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:48:13.768879 3.004091 tcp 10.0.2.109 52525 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:48:22.771076 0.000000 tcp 10.0.2.109 52525 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:48:27.778096 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 23:48:28.770603 0.113894 tcp 10.0.2.109 52526 -> 176.73.148.62 8415 FSPA* 0 0 13 1229 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:48:28.884754 2.999666 tcp 10.0.2.109 52527 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:48:37.893189 0.000000 tcp 10.0.2.109 52527 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:48:43.881679 2.993885 tcp 10.0.2.109 52528 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:48:52.874868 0.000000 tcp 10.0.2.109 52528 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:48:58.883374 2.993768 tcp 10.0.2.109 52529 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:49:07.875891 0.000000 tcp 10.0.2.109 52529 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:51:33.808876 3.001381 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 23:51:40.815799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:51:48.817903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:52:04.820745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:52:36.826729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:54:13.886907 0.000172 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/12 23:54:13.887175 3.003071 tcp 10.0.2.109 52530 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:54:22.889038 0.000000 tcp 10.0.2.109 52530 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:54:28.889724 0.053630 tcp 10.0.2.109 52531 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:54:28.943717 0.053082 tcp 10.0.2.109 52532 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:54:28.997141 0.144340 tcp 10.0.2.109 52533 -> 195.113.214.211 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:54:29.162422 2.999796 tcp 10.0.2.109 52534 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:54:38.161041 0.000000 tcp 10.0.2.109 52534 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:54:44.159866 0.052920 tcp 10.0.2.109 52535 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:54:44.213119 0.052041 tcp 10.0.2.109 52536 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:54:44.265457 0.153310 tcp 10.0.2.109 52537 -> 195.113.214.211 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:54:44.428496 0.058292 tcp 10.0.2.109 52538 -> 176.73.148.62 8415 SPA_* 0 0 9 1175 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:14.428974 0.272662 tcp 10.0.2.109 52538 -> 176.73.148.62 8415 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:14.429971 0.051803 tcp 10.0.2.109 52539 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:14.482063 0.051353 tcp 10.0.2.109 52540 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:14.533803 0.147854 tcp 10.0.2.109 52541 -> 195.113.214.211 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:14.701892 2.995777 tcp 10.0.2.109 52542 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:55:23.696307 0.000000 tcp 10.0.2.109 52542 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:55:29.695665 0.050834 tcp 10.0.2.109 52543 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:29.746834 0.052261 tcp 10.0.2.109 52544 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:29.799331 0.149251 tcp 10.0.2.109 52545 -> 195.113.214.211 443 SRPA* 0 0 21 10744 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:29.963840 3.006432 tcp 10.0.2.109 52546 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:55:38.968089 0.000000 tcp 10.0.2.109 52546 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:55:44.957456 0.052177 tcp 10.0.2.109 52547 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:45.009963 0.053340 tcp 10.0.2.109 52548 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:45.063574 0.143766 tcp 10.0.2.109 52549 -> 195.113.214.211 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:55:45.218244 3.003769 tcp 10.0.2.109 52550 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:55:54.220067 0.000000 tcp 10.0.2.109 52550 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:56:00.219518 0.051873 tcp 10.0.2.109 52551 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:00.271669 0.054048 tcp 10.0.2.109 52552 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:00.326050 0.147821 tcp 10.0.2.109 52553 -> 195.113.214.211 443 SRPA* 0 0 32 16646 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:00.485800 0.928051 tcp 10.0.2.109 52554 -> 211.38.175.27 4598 FSPA* 0 0 13 1391 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:01.150394 0.051624 tcp 10.0.2.109 52555 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:01.202424 0.053658 tcp 10.0.2.109 52556 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:01.256323 0.147559 tcp 10.0.2.109 52557 -> 195.113.214.211 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:01.414095 0.577778 tcp 10.0.2.109 52558 -> 128.255.183.224 9027 FSPA* 0 0 13 1391 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:01.718485 0.051357 tcp 10.0.2.109 52559 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:01.770372 0.051382 tcp 10.0.2.109 52560 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:01.822091 0.158390 tcp 10.0.2.109 52561 -> 195.113.214.211 443 SRPA* 0 0 33 19404 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:01.992042 2.993789 tcp 10.0.2.109 52562 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:56:10.984105 0.000000 tcp 10.0.2.109 52562 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:56:16.993578 0.051498 tcp 10.0.2.109 52563 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:17.045419 0.052945 tcp 10.0.2.109 52564 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:17.098645 0.158580 tcp 10.0.2.109 52565 -> 195.113.214.211 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:17.277699 0.369317 tcp 10.0.2.109 52566 -> 94.240.219.11 9035 FSPA* 0 0 13 1391 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:17.384371 0.051197 tcp 10.0.2.109 52567 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:17.435855 0.051941 tcp 10.0.2.109 52568 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:17.488106 0.143010 tcp 10.0.2.109 52569 -> 195.113.214.211 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:17.647259 3.000975 tcp 10.0.2.109 52570 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:56:26.647323 0.000000 tcp 10.0.2.109 52570 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:56:32.646632 0.053003 tcp 10.0.2.109 52571 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:32.699875 0.052742 tcp 10.0.2.109 52572 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:32.752925 0.147068 tcp 10.0.2.109 52573 -> 195.113.214.211 443 SRPA* 0 0 42 22672 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:56:32.908938 3.001307 tcp 10.0.2.109 52574 -> 81.182.251.82 2897 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:56:41.908700 0.000000 tcp 10.0.2.109 52574 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:56:47.907911 3.004044 tcp 10.0.2.109 52575 -> 46.49.66.193 6223 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:56:56.910819 0.000000 tcp 10.0.2.109 52575 -> 46.49.66.193 6223 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:57:02.909158 0.120248 tcp 10.0.2.109 52576 -> 176.73.148.62 8415 FSPA* 0 0 13 1391 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:57:03.029336 3.004300 tcp 10.0.2.109 52577 -> 176.73.200.207 7943 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:57:12.032420 0.000000 tcp 10.0.2.109 52577 -> 176.73.200.207 7943 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:57:18.021235 2.994119 tcp 10.0.2.109 52578 -> 87.7.80.220 8893 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:57:27.014072 0.000000 tcp 10.0.2.109 52578 -> 87.7.80.220 8893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:57:33.022901 2.994056 tcp 10.0.2.109 52579 -> 176.73.226.233 5309 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:57:42.015462 0.000000 tcp 10.0.2.109 52579 -> 176.73.226.233 5309 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:57:48.024254 0.667986 tcp 10.0.2.109 52580 -> 211.38.175.27 4598 FSPA* 0 0 13 1391 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:57:48.692449 0.289482 tcp 10.0.2.109 52581 -> 128.255.183.224 9027 FSPA* 0 0 13 1391 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:57:48.982154 2.997781 tcp 10.0.2.109 52582 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:57:57.978356 0.000000 tcp 10.0.2.109 52582 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:58:03.977421 0.109576 tcp 10.0.2.109 52583 -> 94.240.219.11 9035 FSPA* 0 0 13 1391 flow=From-Botnet-V1-TCP-Established 1970/01/12 23:58:04.087146 3.004049 tcp 10.0.2.109 52584 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:58:13.089710 0.000000 tcp 10.0.2.109 52584 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/12 23:58:40.833300 3.001271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/12 23:58:47.840363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:58:55.841837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:59:11.844885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/12 23:59:43.850440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:03:19.110361 0.000167 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:03:19.110622 0.464576 tcp 10.0.2.109 52585 -> 176.73.148.62 8415 FSPA* 0 0 13 1253 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:19.234934 0.071251 tcp 10.0.2.109 52586 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:19.306508 0.052447 tcp 10.0.2.109 52587 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:19.359248 0.144770 tcp 10.0.2.109 52588 -> 195.113.214.211 443 SRPA* 0 0 39 31858 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:19.575508 2.760025 tcp 10.0.2.109 52589 -> 211.38.175.27 4598 FSPA* 0 0 13 1253 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:20.239665 0.051953 tcp 10.0.2.109 52590 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:20.291901 0.055230 tcp 10.0.2.109 52591 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:20.347419 0.233738 tcp 10.0.2.109 52592 -> 195.113.214.211 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:22.335769 0.977534 tcp 10.0.2.109 52593 -> 128.255.183.224 9027 FSPA* 0 0 13 1253 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:22.612707 0.051277 tcp 10.0.2.109 52594 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:22.664272 0.052436 tcp 10.0.2.109 52595 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:22.717099 0.144457 tcp 10.0.2.109 52596 -> 195.113.214.211 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:23.313546 2.996475 tcp 10.0.2.109 52597 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:03:32.309340 0.000000 tcp 10.0.2.109 52597 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:03:38.308290 0.051953 tcp 10.0.2.109 52598 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:38.360529 0.052883 tcp 10.0.2.109 52599 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:38.413257 0.142383 tcp 10.0.2.109 52600 -> 195.113.214.211 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:38.603213 0.389588 tcp 10.0.2.109 52601 -> 94.240.219.11 9035 FSPA* 0 0 13 1253 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:38.716929 0.053676 tcp 10.0.2.109 52602 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:38.770923 0.054047 tcp 10.0.2.109 52603 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:38.825189 0.145361 tcp 10.0.2.109 52604 -> 195.113.214.211 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:38.993039 3.000140 tcp 10.0.2.109 52605 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:03:47.991166 0.000000 tcp 10.0.2.109 52605 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:03:53.991017 0.052337 tcp 10.0.2.109 52606 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:54.043640 0.052864 tcp 10.0.2.109 52607 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:54.096778 0.152318 tcp 10.0.2.109 52608 -> 195.113.214.211 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:54.264219 0.109021 tcp 10.0.2.109 52609 -> 176.73.148.62 8415 FSPA* 0 0 13 1253 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:54.373477 0.665417 tcp 10.0.2.109 52610 -> 211.38.175.27 4598 FSPA* 0 0 13 1253 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:55.039087 0.275817 tcp 10.0.2.109 52611 -> 128.255.183.224 9027 FSPA* 0 0 13 1253 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:03:55.315183 3.001185 tcp 10.0.2.109 52612 -> 176.73.166.24 5576 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:04:04.315083 0.000000 tcp 10.0.2.109 52612 -> 176.73.166.24 5576 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:04:10.314301 0.107615 tcp 10.0.2.109 52613 -> 94.240.219.11 9035 FSPA* 0 0 13 1253 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:04:10.422315 2.995747 tcp 10.0.2.109 52614 -> 77.242.51.250 4311 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:04:19.416815 0.000000 tcp 10.0.2.109 52614 -> 77.242.51.250 4311 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:05:48.888321 3.001608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 00:05:55.895207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:06:03.897175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:06:19.899750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:06:51.906297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:09:25.417020 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:09:25.417153 0.978784 tcp 10.0.2.109 52615 -> 211.38.175.27 4598 FSPA* 0 0 11 1180 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:09:26.090300 0.052603 tcp 10.0.2.109 52616 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:09:26.143177 0.051599 tcp 10.0.2.109 52617 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:09:26.195068 0.148429 tcp 10.0.2.109 52618 -> 195.113.214.211 443 SRPA* 0 0 50 30758 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:09:26.396107 0.664028 tcp 10.0.2.109 52619 -> 211.38.175.27 4598 FSPA* 0 0 13 1288 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:10:39.423503 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:10:39.423609 2.970685 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:10:42.420201 0.160338 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:10:42.556847 0.167031 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:10:42.703825 0.096428 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:10:42.800679 0.164630 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:10:42.962278 0.052811 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:10:43.056480 0.044489 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:10:43.101347 0.375435 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:10:43.528595 0.171253 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:10:43.700275 0.070814 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 5 2123 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:00.133414 0.054594 tcp 10.0.2.109 52620 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:11:00.188358 0.052406 tcp 10.0.2.109 52621 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:11:00.241074 0.144322 tcp 10.0.2.109 52622 -> 195.113.214.211 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:11:00.385997 0.166506 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:00.528295 0.189915 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:00.684497 0.162276 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:00.882693 0.048298 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:00.922291 0.075431 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:00.977714 0.202122 rtp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:01.176884 0.311549 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:01.474772 0.000000 udp 10.0.2.109 3683 -> 24.208.145.212 9983 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 00:11:18.509669 0.052659 tcp 10.0.2.109 52623 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:11:18.562637 0.054468 tcp 10.0.2.109 52624 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:11:18.616814 0.152044 tcp 10.0.2.109 52625 -> 195.113.214.211 443 SRPA* 0 0 27 12044 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:11:18.767945 0.135993 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:18.904362 0.188834 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:19.086460 0.156236 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:19.221602 0.207397 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:19.429579 0.164195 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:19.586561 0.125956 rtp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:19.729749 0.172920 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:19.900076 0.370694 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:11:20.298540 0.230705 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:12:55.912607 3.001169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 00:13:02.919075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:13:10.920783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:13:26.923991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:13:58.929638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:14:27.060816 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:14:27.060911 0.395022 tcp 10.0.2.109 52626 -> 176.73.169.112 1959 FSPA* 0 0 13 1231 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:27.174516 0.052928 tcp 10.0.2.109 52627 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:27.227730 0.052314 tcp 10.0.2.109 52628 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:27.280339 0.149308 tcp 10.0.2.109 52629 -> 195.113.214.211 443 SRPA* 0 0 23 13810 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:27.456214 2.999266 tcp 10.0.2.109 52630 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:14:36.464198 0.000000 tcp 10.0.2.109 52630 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:14:42.453124 0.052807 tcp 10.0.2.109 52631 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:42.506332 0.054315 tcp 10.0.2.109 52632 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:42.560455 0.153286 tcp 10.0.2.109 52633 -> 195.113.214.211 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:42.817116 2.990197 tcp 10.0.2.109 52634 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:14:51.806129 0.000000 tcp 10.0.2.109 52634 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:14:57.815500 0.051760 tcp 10.0.2.109 52635 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:57.867575 0.052190 tcp 10.0.2.109 52636 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:57.920043 0.147733 tcp 10.0.2.109 52637 -> 195.113.214.211 443 SRPA* 0 0 27 11652 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:58.120630 0.605436 tcp 10.0.2.109 52638 -> 70.113.215.93 3558 FSPA* 0 0 13 1231 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:58.453918 0.052823 tcp 10.0.2.109 52639 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:58.507022 0.053874 tcp 10.0.2.109 52640 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:58.561228 0.147420 tcp 10.0.2.109 52641 -> 195.113.214.211 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:14:58.726293 3.003584 tcp 10.0.2.109 52642 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:15:07.729095 0.000000 tcp 10.0.2.109 52642 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:15:13.727968 0.052448 tcp 10.0.2.109 52643 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:15:13.780259 0.053131 tcp 10.0.2.109 52644 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:15:13.833786 0.144725 tcp 10.0.2.109 52645 -> 195.113.214.211 443 SRPA* 0 0 20 11314 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:15:14.008651 0.105801 tcp 10.0.2.109 52646 -> 176.73.169.112 1959 FSPA* 0 0 13 1231 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:15:14.114726 3.007810 tcp 10.0.2.109 52647 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:15:23.120622 0.000000 tcp 10.0.2.109 52647 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:15:29.109539 2.994259 tcp 10.0.2.109 52648 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:15:38.112735 0.000000 tcp 10.0.2.109 52648 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:15:44.110957 0.337515 tcp 10.0.2.109 52649 -> 70.113.215.93 3558 FSPA* 0 0 13 1231 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:15:44.448641 2.997409 tcp 10.0.2.109 52650 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:15:53.444818 0.000000 tcp 10.0.2.109 52650 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:20:02.935664 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 00:20:09.943649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:20:17.944855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:20:33.948067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:20:59.445627 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:20:59.445735 0.426191 tcp 10.0.2.109 52651 -> 176.73.169.112 1959 FSPA* 0 0 13 1262 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:20:59.557345 0.052555 tcp 10.0.2.109 52652 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:20:59.610299 0.054078 tcp 10.0.2.109 52653 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:20:59.664731 0.195878 tcp 10.0.2.109 52654 -> 195.113.214.211 443 SRPA* 0 0 39 31858 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:20:59.872145 2.997431 tcp 10.0.2.109 52655 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:21:05.953590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:21:08.867763 0.000000 tcp 10.0.2.109 52655 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:21:14.867060 0.052062 tcp 10.0.2.109 52656 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:14.919391 0.053386 tcp 10.0.2.109 52657 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:14.973130 0.144795 tcp 10.0.2.109 52658 -> 195.113.214.211 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:15.151342 2.999934 tcp 10.0.2.109 52659 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:21:24.150020 0.000000 tcp 10.0.2.109 52659 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:21:30.149180 0.051550 tcp 10.0.2.109 52660 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:30.200642 0.054427 tcp 10.0.2.109 52661 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:30.255306 0.234031 tcp 10.0.2.109 52662 -> 195.113.214.211 443 SRPA* 0 0 38 31804 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:30.538234 0.611624 tcp 10.0.2.109 52663 -> 70.113.215.93 3558 FSPA* 0 0 13 1262 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:30.872147 0.051696 tcp 10.0.2.109 52664 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:30.924182 0.053478 tcp 10.0.2.109 52665 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:30.978003 0.154815 tcp 10.0.2.109 52666 -> 195.113.214.211 443 SRPA* 0 0 27 11840 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:31.150107 2.994380 tcp 10.0.2.109 52667 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:21:40.153312 0.000000 tcp 10.0.2.109 52667 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:21:46.152194 0.051822 tcp 10.0.2.109 52668 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:46.204294 0.054962 tcp 10.0.2.109 52669 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:46.259647 0.147520 tcp 10.0.2.109 52670 -> 195.113.214.211 443 SRPA* 0 0 20 10690 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:46.436012 0.107540 tcp 10.0.2.109 52671 -> 176.73.169.112 1959 FSPA* 0 0 13 1262 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:21:46.543761 2.992433 tcp 10.0.2.109 52672 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:21:55.535454 0.000000 tcp 10.0.2.109 52672 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:22:01.543766 3.004135 tcp 10.0.2.109 52673 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:22:10.546644 0.000000 tcp 10.0.2.109 52673 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:22:16.545628 0.168861 tcp 10.0.2.109 52674 -> 70.113.215.93 3558 SPA_* 0 0 9 1046 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:22:46.708709 0.171850 tcp 10.0.2.109 52674 -> 70.113.215.93 3558 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:22:46.709012 3.003852 tcp 10.0.2.109 52675 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:22:55.712016 0.000000 tcp 10.0.2.109 52675 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:27:09.960364 3.001207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 00:27:16.967638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:27:24.969086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:27:40.971810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:28:01.712608 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:28:01.712735 0.057793 tcp 10.0.2.109 52676 -> 176.73.169.112 1959 SPA_* 0 0 9 1183 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:12.977658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:28:21.816893 0.275178 tcp 10.0.2.109 52676 -> 176.73.169.112 1959 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:21.818978 0.053171 tcp 10.0.2.109 52677 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:21.872432 0.052236 tcp 10.0.2.109 52678 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:21.924501 0.151343 tcp 10.0.2.109 52679 -> 195.113.214.211 443 SRPA* 0 0 39 33056 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:22.092279 2.993125 tcp 10.0.2.109 52680 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:28:31.093976 0.000000 tcp 10.0.2.109 52680 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:28:37.093152 0.050931 tcp 10.0.2.109 52681 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:37.144441 0.051725 tcp 10.0.2.109 52682 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:37.196409 0.143759 tcp 10.0.2.109 52683 -> 195.113.214.211 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:37.351267 2.995849 tcp 10.0.2.109 52684 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:28:46.345480 0.000000 tcp 10.0.2.109 52684 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:28:52.345446 0.052009 tcp 10.0.2.109 52685 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:52.397765 0.052279 tcp 10.0.2.109 52686 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:52.450369 0.145434 tcp 10.0.2.109 52687 -> 195.113.214.211 443 SRPA* 0 0 51 32908 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:52.620330 0.606585 tcp 10.0.2.109 52688 -> 70.113.215.93 3558 FSPA* 0 0 13 1399 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:52.952126 0.051025 tcp 10.0.2.109 52689 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:53.003795 0.052306 tcp 10.0.2.109 52690 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:53.056410 0.147268 tcp 10.0.2.109 52691 -> 195.113.214.211 443 SRPA* 0 0 35 18718 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:28:53.227128 3.002973 tcp 10.0.2.109 52692 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:29:02.228815 0.000000 tcp 10.0.2.109 52692 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:29:08.228128 0.051030 tcp 10.0.2.109 52693 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:29:08.279528 0.053358 tcp 10.0.2.109 52694 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:29:08.333304 0.140554 tcp 10.0.2.109 52695 -> 195.113.214.211 443 SRPA* 0 0 24 13864 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:29:08.529158 0.108383 tcp 10.0.2.109 52696 -> 176.73.169.112 1959 FSPA* 0 0 13 1399 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:29:08.637399 3.004923 tcp 10.0.2.109 52697 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:29:17.640653 0.000000 tcp 10.0.2.109 52697 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:29:23.629731 3.004179 tcp 10.0.2.109 52698 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:29:32.642537 0.000000 tcp 10.0.2.109 52698 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:29:38.631081 0.337644 tcp 10.0.2.109 52699 -> 70.113.215.93 3558 FSPA* 0 0 13 1399 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:29:38.968944 2.996911 tcp 10.0.2.109 52700 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:29:47.964718 0.000000 tcp 10.0.2.109 52700 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:34:16.984674 3.000991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 00:34:23.991542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:34:31.992774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:34:47.995859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:34:53.964935 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:34:53.965025 0.377190 tcp 10.0.2.109 52701 -> 176.73.169.112 1959 FSPA* 0 0 13 1225 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:34:54.076640 0.051734 tcp 10.0.2.109 52702 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:34:54.128688 0.053447 tcp 10.0.2.109 52703 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:34:54.182398 0.146714 tcp 10.0.2.109 52704 -> 195.113.214.211 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:34:54.342412 2.996824 tcp 10.0.2.109 52705 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:35:03.337645 0.000000 tcp 10.0.2.109 52705 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:35:09.337110 0.052212 tcp 10.0.2.109 52706 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:09.389620 0.051992 tcp 10.0.2.109 52707 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:09.442041 0.152008 tcp 10.0.2.109 52708 -> 195.113.214.211 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:09.704578 3.006702 tcp 10.0.2.109 52709 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:35:18.709910 0.000000 tcp 10.0.2.109 52709 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:35:20.001635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:35:24.698910 0.050754 tcp 10.0.2.109 52710 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:24.750007 0.052845 tcp 10.0.2.109 52711 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:24.803166 0.145305 tcp 10.0.2.109 52712 -> 195.113.214.211 443 SRPA* 0 0 22 12882 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:24.972286 0.675884 tcp 10.0.2.109 52713 -> 70.113.215.93 3558 FSPA* 0 0 13 1225 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:25.309316 0.052717 tcp 10.0.2.109 52714 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:25.362487 0.053012 tcp 10.0.2.109 52715 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:25.415792 0.159141 tcp 10.0.2.109 52716 -> 195.113.214.211 443 SRPA* 0 0 68 69854 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:25.648330 2.996089 tcp 10.0.2.109 52717 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:35:34.653072 0.000000 tcp 10.0.2.109 52717 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:35:40.642094 0.068958 tcp 10.0.2.109 52718 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:40.711366 0.052088 tcp 10.0.2.109 52719 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:40.763772 0.144899 tcp 10.0.2.109 52720 -> 195.113.214.211 443 SRPA* 0 0 39 33056 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:41.013079 0.107888 tcp 10.0.2.109 52721 -> 176.73.169.112 1959 FSPA* 0 0 13 1225 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:35:41.121233 2.995325 tcp 10.0.2.109 52722 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:35:50.115252 0.000000 tcp 10.0.2.109 52722 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:35:56.114092 3.003922 tcp 10.0.2.109 52723 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:36:05.116980 0.000000 tcp 10.0.2.109 52723 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:36:11.115845 0.334674 tcp 10.0.2.109 52724 -> 70.113.215.93 3558 FSPA* 0 0 11 1117 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:36:11.450738 2.999020 tcp 10.0.2.109 52725 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:36:20.448802 0.000000 tcp 10.0.2.109 52725 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:41:24.007810 3.001481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 00:41:27.280265 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:41:27.280513 0.053338 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 3 695 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:27.330688 0.000000 udp 10.0.2.109 3683 -> 24.208.145.212 9983 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 00:41:31.015433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:41:39.016637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:41:41.450803 0.054966 tcp 10.0.2.109 52726 -> 5.178.178.199 4758 SPA_* 0 0 7 1121 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:41:44.937326 0.052311 tcp 10.0.2.109 52727 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:41:44.989944 0.052706 tcp 10.0.2.109 52728 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:41:45.042959 0.154153 tcp 10.0.2.109 52729 -> 195.113.214.211 443 SRPA* 0 0 45 34818 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:41:45.212828 0.108815 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:45.303827 0.165198 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:45.465870 0.166727 rtp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:45.608103 0.164816 rtp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:45.748568 1.116431 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 3 818 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:46.753504 0.049915 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:46.801140 0.049548 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 3 917 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:46.874864 0.174941 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 4 1303 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:47.046330 0.377933 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:47.471460 0.160299 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:47.650689 0.057703 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 4 1232 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:47.703914 0.073752 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:47.759142 0.165190 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 3 823 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:47.916447 0.142984 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 3 838 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:48.055154 0.279149 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 3 871 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:48.317808 0.192191 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 3 730 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:48.509331 0.140893 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1321 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:48.646709 0.190900 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:48.829541 0.138244 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 3 858 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:48.963520 0.209408 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 3 1032 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:49.172110 0.162556 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 5 1903 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:49.329804 0.128206 rtp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:49.454814 0.167387 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:49.622616 0.361507 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 3 883 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:50.020952 0.222380 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 3 779 flow=From-Botnet-V1-UDP-Established 1970/01/13 00:41:55.019608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:42:02.547866 0.262590 tcp 10.0.2.109 52726 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:42:02.548810 0.052067 tcp 10.0.2.109 52730 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:42:02.601189 0.052135 tcp 10.0.2.109 52731 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:42:02.653576 0.142255 tcp 10.0.2.109 52732 -> 195.113.214.211 443 SRPA* 0 0 27 11840 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:42:02.810664 2.994438 tcp 10.0.2.109 52733 -> 5.178.178.199 4758 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:42:11.813693 0.055750 tcp 10.0.2.109 52733 -> 5.178.178.199 4758 SPA_* 0 0 9 1225 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:42:27.025935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:42:32.874828 0.000312 tcp 10.0.2.109 52733 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:47:32.876440 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:47:32.876536 0.433233 tcp 10.0.2.109 52734 -> 176.73.169.112 1959 FSPA* 0 0 13 1281 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:47:32.989487 0.053488 tcp 10.0.2.109 52735 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:47:33.043266 0.055272 tcp 10.0.2.109 52736 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:47:33.098833 0.182019 tcp 10.0.2.109 52737 -> 195.113.214.211 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:47:33.310007 3.000702 tcp 10.0.2.109 52738 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:47:42.309270 0.000000 tcp 10.0.2.109 52738 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:47:48.308174 0.051004 tcp 10.0.2.109 52739 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:47:48.359530 0.053152 tcp 10.0.2.109 52740 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:47:48.412562 0.146293 tcp 10.0.2.109 52741 -> 195.113.214.211 443 SRPA* 0 0 46 41918 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:47:48.621726 3.000790 tcp 10.0.2.109 52742 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:47:57.621281 0.000000 tcp 10.0.2.109 52742 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:48:03.620368 0.052120 tcp 10.0.2.109 52743 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:03.672280 0.051958 tcp 10.0.2.109 52744 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:03.724532 0.143240 tcp 10.0.2.109 52745 -> 195.113.214.211 443 SRPA* 0 0 20 11292 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:03.887988 0.607219 tcp 10.0.2.109 52746 -> 70.113.215.93 3558 FSPA* 0 0 13 1281 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:04.227083 0.051962 tcp 10.0.2.109 52747 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:04.278896 0.053066 tcp 10.0.2.109 52748 -> 195.113.214.211 80 FSPA* 0 0 10 1923 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:04.332319 0.148995 tcp 10.0.2.109 52749 -> 195.113.214.211 443 SRPA* 0 0 68 53862 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:04.495360 2.999836 tcp 10.0.2.109 52750 -> 5.178.194.36 4983 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:48:13.494233 0.000000 tcp 10.0.2.109 52750 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:48:19.493287 0.050326 tcp 10.0.2.109 52751 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:19.543861 0.054136 tcp 10.0.2.109 52752 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:19.598351 0.147340 tcp 10.0.2.109 52753 -> 195.113.214.211 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:19.767471 2.999457 tcp 10.0.2.109 52754 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:48:28.765932 0.000000 tcp 10.0.2.109 52754 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:48:31.031429 3.002146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 00:48:34.765405 0.052806 tcp 10.0.2.109 52755 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:34.818509 0.051345 tcp 10.0.2.109 52756 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:34.870198 0.150314 tcp 10.0.2.109 52757 -> 195.113.214.211 443 SRPA* 0 0 42 35570 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:35.056319 3.002739 tcp 10.0.2.109 52758 -> 5.178.178.199 4758 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:48:38.039689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:48:44.058333 0.000000 tcp 10.0.2.109 52758 -> 5.178.178.199 4758 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:48:46.040954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:48:50.057470 0.053225 tcp 10.0.2.109 52759 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:50.110935 0.052985 tcp 10.0.2.109 52760 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:50.164210 0.147744 tcp 10.0.2.109 52761 -> 195.113.214.211 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:50.348350 0.110885 tcp 10.0.2.109 52762 -> 176.73.169.112 1959 FSPA* 0 0 13 1281 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:48:50.459019 3.002011 tcp 10.0.2.109 52763 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:48:59.459728 0.000000 tcp 10.0.2.109 52763 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:49:02.043945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:49:05.458906 3.004056 tcp 10.0.2.109 52764 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:49:14.461709 0.000000 tcp 10.0.2.109 52764 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:49:20.460125 0.334820 tcp 10.0.2.109 52765 -> 70.113.215.93 3558 FSPA* 0 0 13 1281 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:49:20.795096 3.000071 tcp 10.0.2.109 52766 -> 5.178.194.36 4983 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:49:29.803911 0.000000 tcp 10.0.2.109 52766 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:49:34.100169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:49:35.842219 2.994720 tcp 10.0.2.109 52767 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:49:44.835393 0.000000 tcp 10.0.2.109 52767 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:49:50.844117 3.060784 tcp 10.0.2.109 52768 -> 5.178.178.199 4758 SPA_* 0 0 10 1131 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:50:14.967416 0.000447 tcp 10.0.2.109 52768 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:14.960457 0.000179 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 00:55:14.960744 0.420005 tcp 10.0.2.109 52769 -> 176.73.169.112 1959 FSPA* 0 0 13 1348 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:15.074022 0.053220 tcp 10.0.2.109 52770 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:15.127566 0.052244 tcp 10.0.2.109 52771 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:15.180190 0.161594 tcp 10.0.2.109 52772 -> 195.113.214.211 443 SRPA* 0 0 42 23356 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:15.381052 2.993753 tcp 10.0.2.109 52773 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:55:24.383837 0.000000 tcp 10.0.2.109 52773 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:55:30.382685 0.051368 tcp 10.0.2.109 52774 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:30.434327 0.052589 tcp 10.0.2.109 52775 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:30.487190 0.159047 tcp 10.0.2.109 52776 -> 195.113.214.211 443 SRPA* 0 0 21 13076 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:30.657993 2.998758 tcp 10.0.2.109 52777 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:55:38.106384 3.001347 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 00:55:39.655799 0.000000 tcp 10.0.2.109 52777 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:55:45.112938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:55:45.654664 0.050893 tcp 10.0.2.109 52778 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:45.705869 0.053724 tcp 10.0.2.109 52779 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:45.759885 0.153652 tcp 10.0.2.109 52780 -> 195.113.214.211 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:45.924824 0.602956 tcp 10.0.2.109 52781 -> 70.113.215.93 3558 FSPA* 0 0 13 1348 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:46.260593 0.051151 tcp 10.0.2.109 52782 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:46.312019 0.051667 tcp 10.0.2.109 52783 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:46.364006 0.152305 tcp 10.0.2.109 52784 -> 195.113.214.211 443 SRPA* 0 0 33 19156 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:55:46.528001 3.001880 tcp 10.0.2.109 52785 -> 5.178.194.36 4983 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:55:53.114904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:55:55.527896 0.000000 tcp 10.0.2.109 52785 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:56:01.527429 0.051878 tcp 10.0.2.109 52786 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:01.579628 0.053540 tcp 10.0.2.109 52787 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:01.633433 0.147319 tcp 10.0.2.109 52788 -> 195.113.214.211 443 SRPA* 0 0 27 11670 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:01.792259 2.998938 tcp 10.0.2.109 52789 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:56:09.118023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:56:10.790029 0.000000 tcp 10.0.2.109 52789 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:56:16.789748 0.050665 tcp 10.0.2.109 52790 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:16.840701 0.052824 tcp 10.0.2.109 52791 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:16.893828 0.149989 tcp 10.0.2.109 52792 -> 195.113.214.211 443 SRPA* 0 0 43 37084 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:17.055526 3.008087 tcp 10.0.2.109 52793 -> 5.178.178.199 4758 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:56:26.062065 0.000000 tcp 10.0.2.109 52793 -> 5.178.178.199 4758 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:56:32.051169 0.051574 tcp 10.0.2.109 52794 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:32.103041 0.052440 tcp 10.0.2.109 52795 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:32.155775 0.146666 tcp 10.0.2.109 52796 -> 195.113.214.211 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:32.324467 0.109727 tcp 10.0.2.109 52797 -> 176.73.169.112 1959 FSPA* 0 0 13 1348 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:56:32.434400 3.001044 tcp 10.0.2.109 52798 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:56:41.123674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 00:56:41.434474 0.000000 tcp 10.0.2.109 52798 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:56:47.433279 2.994000 tcp 10.0.2.109 52799 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:56:56.425749 0.000000 tcp 10.0.2.109 52799 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:57:02.434750 0.334593 tcp 10.0.2.109 52800 -> 70.113.215.93 3558 FSPA* 0 0 13 1348 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:57:02.769180 3.000198 tcp 10.0.2.109 52801 -> 5.178.194.36 4983 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:57:11.767802 0.000000 tcp 10.0.2.109 52801 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:57:17.766832 3.004319 tcp 10.0.2.109 52802 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:57:26.769563 0.000000 tcp 10.0.2.109 52802 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 00:57:32.768128 3.061960 tcp 10.0.2.109 52803 -> 5.178.178.199 4758 SPA_* 0 0 8 1090 flow=From-Botnet-V1-TCP-Established 1970/01/13 00:57:57.501535 0.000274 tcp 10.0.2.109 52803 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:02:45.130411 3.000756 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 01:02:52.137560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:02:57.495859 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 01:02:57.495958 0.380240 tcp 10.0.2.109 52804 -> 176.73.169.112 1959 FSPA* 0 0 13 1244 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:02:57.607313 0.052210 tcp 10.0.2.109 52805 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:02:57.659825 0.054716 tcp 10.0.2.109 52806 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:02:57.714830 0.150414 tcp 10.0.2.109 52807 -> 195.113.214.211 443 SRPA* 0 0 40 22374 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:02:57.876413 3.003323 tcp 10.0.2.109 52808 -> 176.74.96.2 6834 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:03:00.138884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:03:06.878393 0.000000 tcp 10.0.2.109 52808 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:03:12.877832 0.052759 tcp 10.0.2.109 52809 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:12.930878 0.053742 tcp 10.0.2.109 52810 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:12.984977 0.148001 tcp 10.0.2.109 52811 -> 195.113.214.211 443 SRPA* 0 0 41 22618 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:13.143277 2.998109 tcp 10.0.2.109 52812 -> 79.191.178.157 4683 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:03:16.141526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:03:22.140328 0.000000 tcp 10.0.2.109 52812 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:03:28.139661 0.052046 tcp 10.0.2.109 52813 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:28.192027 0.053344 tcp 10.0.2.109 52814 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:28.245694 0.149071 tcp 10.0.2.109 52815 -> 195.113.214.211 443 SRPA* 0 0 37 32020 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:28.406510 0.608338 tcp 10.0.2.109 52816 -> 70.113.215.93 3558 FSPA* 0 0 13 1244 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:28.741911 0.052307 tcp 10.0.2.109 52817 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:28.794457 0.053865 tcp 10.0.2.109 52818 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:28.848603 0.148013 tcp 10.0.2.109 52819 -> 195.113.214.211 443 SRPA* 0 0 24 13238 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:29.015021 2.999601 tcp 10.0.2.109 52820 -> 5.178.194.36 4983 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:03:38.023584 0.000000 tcp 10.0.2.109 52820 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:03:44.012271 0.051520 tcp 10.0.2.109 52821 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:44.064099 0.053513 tcp 10.0.2.109 52822 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:44.117925 0.145736 tcp 10.0.2.109 52823 -> 195.113.214.211 443 SRPA* 0 0 23 12936 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:44.276465 2.999785 tcp 10.0.2.109 52824 -> 119.75.180.21 4993 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:03:48.147795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:03:53.275510 0.000000 tcp 10.0.2.109 52824 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:03:59.274625 0.053362 tcp 10.0.2.109 52825 -> 195.113.214.219 80 FSPA* 0 0 10 1894 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:59.328357 0.051804 tcp 10.0.2.109 52826 -> 195.113.214.211 80 FSPA* 0 0 10 1929 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:59.380453 0.150180 tcp 10.0.2.109 52827 -> 195.113.214.211 443 SRPA* 0 0 21 12828 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:03:59.560549 2.997770 tcp 10.0.2.109 52828 -> 5.178.178.199 4758 S_ 0 2 132 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:04:08.557309 0.315004 tcp 10.0.2.109 52828 -> 5.178.178.199 4758 FSPA* 0 0 13 1240 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:04:08.669057 0.052961 tcp 10.0.2.109 52829 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:04:08.722348 0.130789 tcp 10.0.2.109 52830 -> 195.113.214.211 80 SRPA* 0 0 41 38010 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:04:08.872538 0.105731 tcp 10.0.2.109 52831 -> 176.73.169.112 1959 FSPA* 0 0 13 1240 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:04:08.978451 3.003458 tcp 10.0.2.109 52832 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:04:17.980992 0.000000 tcp 10.0.2.109 52832 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:04:23.979649 3.004087 tcp 10.0.2.109 52833 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:04:32.982634 0.000000 tcp 10.0.2.109 52833 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:04:38.980867 0.333725 tcp 10.0.2.109 52834 -> 70.113.215.93 3558 FSPA* 0 0 13 1240 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:04:39.314789 3.000872 tcp 10.0.2.109 52835 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:04:48.313995 0.000000 tcp 10.0.2.109 52835 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:04:54.313239 2.993722 tcp 10.0.2.109 52836 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:05:03.305603 0.000000 tcp 10.0.2.109 52836 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:05:09.314875 3.004423 tcp 10.0.2.109 52837 -> 5.178.178.199 4758 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:05:18.317252 0.000000 tcp 10.0.2.109 52837 -> 5.178.178.199 4758 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:09:52.154421 3.001126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 01:09:59.161257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:10:07.162706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:10:23.165758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:10:24.317618 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 01:10:24.317801 0.413654 tcp 10.0.2.109 52838 -> 176.73.169.112 1959 FSPA* 0 0 13 1405 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:24.428090 0.053046 tcp 10.0.2.109 52839 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:24.481423 0.052099 tcp 10.0.2.109 52840 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:24.533875 0.152029 tcp 10.0.2.109 52841 -> 195.113.214.211 443 SRPA* 0 0 34 17786 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:24.731677 3.000424 tcp 10.0.2.109 52842 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:10:33.731031 0.000000 tcp 10.0.2.109 52842 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:10:39.730311 0.052546 tcp 10.0.2.109 52843 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:39.782795 0.051947 tcp 10.0.2.109 52844 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:39.835088 0.144119 tcp 10.0.2.109 52845 -> 195.113.214.211 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:40.104444 3.000185 tcp 10.0.2.109 52846 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:10:49.112772 0.000000 tcp 10.0.2.109 52846 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:10:55.102733 0.050932 tcp 10.0.2.109 52847 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:55.154006 0.051466 tcp 10.0.2.109 52848 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:55.171663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:10:55.205830 0.147647 tcp 10.0.2.109 52849 -> 195.113.214.211 443 SRPA* 0 0 32 22198 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:55.425824 0.601850 tcp 10.0.2.109 52850 -> 70.113.215.93 3558 FSPA* 0 0 13 1405 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:55.762456 0.052508 tcp 10.0.2.109 52851 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:55.815279 0.053319 tcp 10.0.2.109 52852 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:55.869177 0.147836 tcp 10.0.2.109 52853 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:10:56.027898 2.999559 tcp 10.0.2.109 52854 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:11:05.025919 0.000000 tcp 10.0.2.109 52854 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:11:11.025494 0.051348 tcp 10.0.2.109 52855 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:11:11.076702 0.052013 tcp 10.0.2.109 52856 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:11:11.128962 0.152802 tcp 10.0.2.109 52857 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:11:11.304084 3.004969 tcp 10.0.2.109 52858 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:11:20.307504 0.000000 tcp 10.0.2.109 52858 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:11:26.297182 0.052119 tcp 10.0.2.109 52859 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:11:26.349187 0.052775 tcp 10.0.2.109 52860 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:11:26.402296 0.144097 tcp 10.0.2.109 52861 -> 195.113.214.211 443 SRPA* 0 0 21 11534 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:11:26.589403 0.108705 tcp 10.0.2.109 52862 -> 176.73.169.112 1959 FSPA* 0 0 13 1405 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:11:26.698336 3.002679 tcp 10.0.2.109 52863 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:11:35.699713 0.000000 tcp 10.0.2.109 52863 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:11:41.698466 3.004540 tcp 10.0.2.109 52864 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:11:50.701709 0.000000 tcp 10.0.2.109 52864 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:11:56.700211 0.338711 tcp 10.0.2.109 52865 -> 70.113.215.93 3558 FSPA* 0 0 13 1405 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:11:57.039212 2.995768 tcp 10.0.2.109 52866 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:12:06.043925 0.000000 tcp 10.0.2.109 52866 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:12:10.360342 0.049160 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:10.409852 0.170172 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:10.557836 0.160858 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:10.739868 0.093463 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:10.833700 0.164914 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:10.994882 0.052319 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:11.133552 3.457338 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:12.032133 2.994498 tcp 10.0.2.109 52867 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:12:14.591321 0.047952 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:14.637012 0.172343 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:14.809740 0.384352 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:15.203765 0.163578 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:15.470717 0.035972 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:15.507105 0.051648 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:15.559104 0.194219 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:15.717323 0.190683 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:15.909328 0.136400 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:16.046137 0.196654 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:16.235444 0.155521 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:16.371266 0.166441 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:16.514327 0.264914 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:16.779680 0.213579 rtp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:16.988654 0.157696 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:17.146793 0.121036 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:17.268228 0.236424 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 3 647 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:17.503779 0.354932 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:17.859123 0.230916 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:12:21.025064 0.000000 tcp 10.0.2.109 52867 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:16:59.178815 3.000843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 01:17:06.185024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:17:14.186683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:17:27.058308 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 01:17:27.058419 3.001142 tcp 10.0.2.109 52868 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:17:30.189877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:17:36.058138 0.000000 tcp 10.0.2.109 52868 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:17:42.058707 0.052782 tcp 10.0.2.109 52869 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:42.111760 0.052704 tcp 10.0.2.109 52870 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:42.164776 0.151297 tcp 10.0.2.109 52871 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:42.348630 0.383242 tcp 10.0.2.109 52872 -> 176.73.169.112 1959 FSPA* 0 0 13 1307 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:42.456496 0.050762 tcp 10.0.2.109 52873 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:42.507577 0.052100 tcp 10.0.2.109 52874 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:42.560000 0.145579 tcp 10.0.2.109 52875 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:42.732063 2.999908 tcp 10.0.2.109 52876 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:17:51.730309 0.000000 tcp 10.0.2.109 52876 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:17:57.729711 0.051550 tcp 10.0.2.109 52877 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:57.781548 0.053424 tcp 10.0.2.109 52878 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:57.835339 0.149148 tcp 10.0.2.109 52879 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:57.996556 0.650046 tcp 10.0.2.109 52880 -> 70.113.215.93 3558 FSPA* 0 0 11 1199 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:58.330835 0.092116 tcp 10.0.2.109 52881 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:58.423254 0.053966 tcp 10.0.2.109 52882 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:58.477106 0.145886 tcp 10.0.2.109 52883 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:17:58.646764 2.988020 tcp 10.0.2.109 52884 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:18:02.195449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:18:07.643477 0.000000 tcp 10.0.2.109 52884 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:18:13.642735 0.051332 tcp 10.0.2.109 52885 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:18:13.694441 0.053677 tcp 10.0.2.109 52886 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:18:13.748441 0.146547 tcp 10.0.2.109 52887 -> 195.113.214.211 443 SRPA* 0 0 40 24678 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:18:13.907239 2.999306 tcp 10.0.2.109 52888 -> 5.178.178.199 4758 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:18:22.905535 0.625970 tcp 10.0.2.109 52888 -> 5.178.178.199 4758 FSPA* 0 0 13 1307 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:18:23.039180 0.052838 tcp 10.0.2.109 52889 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:18:23.092360 0.054208 tcp 10.0.2.109 52890 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:18:23.146833 0.152157 tcp 10.0.2.109 52891 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:18:23.531669 2.998663 tcp 10.0.2.109 52892 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:18:32.529401 0.000000 tcp 10.0.2.109 52892 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:18:38.527906 0.111853 tcp 10.0.2.109 52893 -> 176.73.169.112 1959 FSPA* 0 0 13 1307 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:18:38.639581 3.002973 tcp 10.0.2.109 52894 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:18:47.641237 0.000000 tcp 10.0.2.109 52894 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:18:53.639694 0.339067 tcp 10.0.2.109 52895 -> 70.113.215.93 3558 FSPA* 0 0 13 1307 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:18:53.978971 2.995344 tcp 10.0.2.109 52896 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:19:02.983731 0.000000 tcp 10.0.2.109 52896 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:19:08.972105 0.058217 tcp 10.0.2.109 52897 -> 5.178.178.199 4758 SPA_* 0 0 9 1091 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:19:30.050566 0.000320 tcp 10.0.2.109 52897 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:24:06.201942 3.001208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 01:24:13.209372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:24:21.211010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:24:30.044360 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 01:24:30.044453 3.003162 tcp 10.0.2.109 52898 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:24:37.213642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:24:39.046541 0.000000 tcp 10.0.2.109 52898 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:24:45.046773 0.053987 tcp 10.0.2.109 52899 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:24:45.101049 0.053825 tcp 10.0.2.109 52900 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:24:45.155157 0.144373 tcp 10.0.2.109 52901 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:24:45.317681 0.370967 tcp 10.0.2.109 52902 -> 176.73.169.112 1959 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:24:45.426940 0.052946 tcp 10.0.2.109 52903 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:24:45.479743 0.053145 tcp 10.0.2.109 52904 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:24:45.533163 0.145849 tcp 10.0.2.109 52905 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:24:45.688860 3.001038 tcp 10.0.2.109 52906 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:24:54.688545 0.000000 tcp 10.0.2.109 52906 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:25:00.688350 0.052960 tcp 10.0.2.109 52907 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:00.741534 0.052651 tcp 10.0.2.109 52908 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:00.794270 0.146601 tcp 10.0.2.109 52909 -> 195.113.214.211 443 SRPA* 0 0 49 30830 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:00.952132 0.604276 tcp 10.0.2.109 52910 -> 70.113.215.93 3558 FSPA* 0 0 11 1152 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:01.292242 0.053494 tcp 10.0.2.109 52911 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:01.346066 0.053634 tcp 10.0.2.109 52912 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:01.399930 0.144219 tcp 10.0.2.109 52913 -> 195.113.214.211 443 SRPA* 0 0 41 22012 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:01.556619 3.006582 tcp 10.0.2.109 52914 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:25:09.219906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:25:10.561235 0.000000 tcp 10.0.2.109 52914 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:25:16.550685 0.052335 tcp 10.0.2.109 52915 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:16.603302 0.053192 tcp 10.0.2.109 52916 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:16.656807 0.152801 tcp 10.0.2.109 52917 -> 195.113.214.211 443 SRPA* 0 0 48 40692 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:16.827883 0.379886 tcp 10.0.2.109 52918 -> 5.178.178.199 4758 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:16.939178 0.052282 tcp 10.0.2.109 52919 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:16.991836 0.053891 tcp 10.0.2.109 52920 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:17.046032 0.143852 tcp 10.0.2.109 52921 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:17.207985 2.997219 tcp 10.0.2.109 52922 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:25:26.204405 0.000000 tcp 10.0.2.109 52922 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:25:32.203311 0.108846 tcp 10.0.2.109 52923 -> 176.73.169.112 1959 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:32.312366 2.994768 tcp 10.0.2.109 52924 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:25:41.305652 0.000000 tcp 10.0.2.109 52924 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:25:47.304849 0.337890 tcp 10.0.2.109 52925 -> 70.113.215.93 3558 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:25:47.642596 2.996352 tcp 10.0.2.109 52926 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:25:56.637592 0.000000 tcp 10.0.2.109 52926 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:26:02.636657 0.111392 tcp 10.0.2.109 52927 -> 5.178.178.199 4758 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:02.748790 0.000364 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 01:31:02.749252 3.002747 tcp 10.0.2.109 52928 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:31:11.751210 0.000000 tcp 10.0.2.109 52928 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:31:13.225753 3.001755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 01:31:17.751343 0.054909 tcp 10.0.2.109 52929 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:17.806049 0.053381 tcp 10.0.2.109 52930 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:17.859783 0.150484 tcp 10.0.2.109 52931 -> 195.113.214.211 443 SRPA* 0 0 48 36430 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:18.029716 0.503227 tcp 10.0.2.109 52932 -> 176.73.169.112 1959 FSPA* 0 0 13 1342 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:18.135766 0.052228 tcp 10.0.2.109 52933 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:18.188286 0.117493 tcp 10.0.2.109 52934 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:18.306466 0.149109 tcp 10.0.2.109 52935 -> 195.113.214.211 443 SRPA* 0 0 51 33778 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:18.533229 2.991778 tcp 10.0.2.109 52936 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:31:20.233170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:31:27.533455 0.000000 tcp 10.0.2.109 52936 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:31:28.234826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:31:33.532392 0.052026 tcp 10.0.2.109 52937 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:33.584740 0.053610 tcp 10.0.2.109 52938 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:33.638732 0.152671 tcp 10.0.2.109 52939 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:33.973032 0.648510 tcp 10.0.2.109 52940 -> 70.113.215.93 3558 FSPA* 0 0 13 1342 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:34.308973 0.052722 tcp 10.0.2.109 52941 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:34.361991 0.053683 tcp 10.0.2.109 52942 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:34.415987 0.151196 tcp 10.0.2.109 52943 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:34.621818 2.995935 tcp 10.0.2.109 52944 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:31:43.616806 0.000000 tcp 10.0.2.109 52944 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:31:44.237738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:31:49.616168 0.051158 tcp 10.0.2.109 52945 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:49.667685 0.054243 tcp 10.0.2.109 52946 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:49.721772 0.153990 tcp 10.0.2.109 52947 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:31:49.900515 2.999524 tcp 10.0.2.109 52948 -> 5.178.178.199 4758 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:31:58.898535 0.000000 tcp 10.0.2.109 52948 -> 5.178.178.199 4758 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:32:04.897971 0.053467 tcp 10.0.2.109 52949 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:32:04.951780 0.054035 tcp 10.0.2.109 52950 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:32:05.006140 0.152793 tcp 10.0.2.109 52951 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:32:05.360961 3.001430 tcp 10.0.2.109 52952 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:32:14.360861 0.000000 tcp 10.0.2.109 52952 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:32:16.243891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:32:20.359804 0.109215 tcp 10.0.2.109 52953 -> 176.73.169.112 1959 FSPA* 0 0 13 1342 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:32:20.469198 2.994682 tcp 10.0.2.109 52954 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:32:29.472305 0.000000 tcp 10.0.2.109 52954 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:32:35.461403 0.331430 tcp 10.0.2.109 52955 -> 70.113.215.93 3558 FSPA* 0 0 11 1234 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:32:35.792694 2.993628 tcp 10.0.2.109 52956 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:32:44.784308 0.000000 tcp 10.0.2.109 52956 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:32:50.793589 0.131029 tcp 10.0.2.109 52957 -> 5.178.178.199 4758 FSPA* 0 0 13 1342 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:37:50.925230 0.028241 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 01:37:50.953686 2.975320 tcp 10.0.2.109 52958 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:37:59.927894 0.000000 tcp 10.0.2.109 52958 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:38:05.948615 0.053438 tcp 10.0.2.109 52959 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:06.002367 0.054195 tcp 10.0.2.109 52960 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:06.056846 0.153856 tcp 10.0.2.109 52961 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:06.239641 0.494980 tcp 10.0.2.109 52962 -> 176.73.169.112 1959 FSPA* 0 0 13 1330 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:06.349154 0.053068 tcp 10.0.2.109 52963 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:06.402465 0.054313 tcp 10.0.2.109 52964 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:06.457080 0.240593 tcp 10.0.2.109 52965 -> 195.113.214.211 443 SRPA* 0 0 77 64440 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:06.734797 3.006718 tcp 10.0.2.109 52966 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:38:15.740268 0.000000 tcp 10.0.2.109 52966 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:38:20.249635 3.001635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 01:38:21.729560 0.052200 tcp 10.0.2.109 52967 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:21.782036 0.054877 tcp 10.0.2.109 52968 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:21.837198 0.158817 tcp 10.0.2.109 52969 -> 195.113.214.211 443 SRPA* 0 0 52 34604 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:22.027940 0.639733 tcp 10.0.2.109 52970 -> 70.113.215.93 3558 FSPA* 0 0 13 1330 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:22.358878 0.052439 tcp 10.0.2.109 52971 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:22.411589 0.054688 tcp 10.0.2.109 52972 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:22.466136 0.158739 tcp 10.0.2.109 52973 -> 195.113.214.211 443 SRPA* 0 0 39 20232 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:22.667903 2.996824 tcp 10.0.2.109 52974 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:38:27.257147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:38:31.673473 0.000000 tcp 10.0.2.109 52974 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:38:35.258476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:38:37.662766 0.052925 tcp 10.0.2.109 52975 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:37.716021 0.054698 tcp 10.0.2.109 52976 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:37.770974 0.203515 tcp 10.0.2.109 52977 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:38.004729 0.056325 tcp 10.0.2.109 52978 -> 5.178.178.199 4758 SPA_* 0 0 9 1114 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:38:51.261903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:39:02.322246 0.318205 tcp 10.0.2.109 52978 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:39:02.323166 0.053061 tcp 10.0.2.109 52979 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:39:02.376483 0.054557 tcp 10.0.2.109 52980 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:39:02.430920 0.147543 tcp 10.0.2.109 52981 -> 195.113.214.211 443 SRPA* 0 0 46 40990 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:39:02.640640 3.001830 tcp 10.0.2.109 52982 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:39:11.640995 0.000000 tcp 10.0.2.109 52982 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:39:17.639312 0.109877 tcp 10.0.2.109 52983 -> 176.73.169.112 1959 FSPA* 0 0 13 1330 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:39:17.749474 2.994586 tcp 10.0.2.109 52984 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:39:23.267707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:39:26.752226 0.000000 tcp 10.0.2.109 52984 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:39:32.751171 0.332222 tcp 10.0.2.109 52985 -> 70.113.215.93 3558 FSPA* 0 0 13 1330 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:39:33.083102 2.993005 tcp 10.0.2.109 52986 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:39:42.074439 0.000000 tcp 10.0.2.109 52986 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:39:48.083733 2.993919 tcp 10.0.2.109 52987 -> 5.178.178.199 4758 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:39:57.076025 0.117208 tcp 10.0.2.109 52987 -> 5.178.178.199 4758 FSPA* 0 0 13 1330 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:42:21.664146 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 01:42:21.664240 0.076480 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:21.722209 0.165897 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:21.864999 0.144035 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 3 871 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:22.002710 0.124502 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 3 664 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:22.189434 0.165803 rtp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:22.352448 0.052673 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:22.436199 0.174664 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 3 861 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:22.609184 0.722812 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:23.246281 0.045598 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 3 891 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:23.291358 0.373589 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:23.666559 0.161620 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:23.827364 0.057695 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 5 1862 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:23.880625 0.073879 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:23.933210 0.230298 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:24.127477 0.196873 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:24.320092 0.146601 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 3 840 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:24.463385 0.167112 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:24.607844 0.278713 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 5 1732 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:24.874077 0.208662 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:25.077649 0.186700 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:25.256787 0.157060 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:25.392954 0.164526 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:25.551198 0.120240 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 3 711 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:25.672920 0.167348 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 3 853 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:25.839079 0.345764 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 3 896 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:42:26.196027 0.241359 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/13 01:44:57.188422 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 01:44:57.188738 3.003391 tcp 10.0.2.109 52988 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:45:06.190343 0.000000 tcp 10.0.2.109 52988 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:45:12.191545 0.053851 tcp 10.0.2.109 52989 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:12.245687 0.055200 tcp 10.0.2.109 52990 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:12.301236 0.157133 tcp 10.0.2.109 52991 -> 195.113.214.211 443 SRPA* 0 0 25 11932 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:12.543004 0.545086 tcp 10.0.2.109 52992 -> 176.73.169.112 1959 FSPA* 0 0 13 1454 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:12.654243 0.052054 tcp 10.0.2.109 52993 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:12.706557 0.055445 tcp 10.0.2.109 52994 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:12.761828 0.143639 tcp 10.0.2.109 52995 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:13.088328 2.996269 tcp 10.0.2.109 52996 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:45:22.093495 0.000000 tcp 10.0.2.109 52996 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:45:27.274316 3.001165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 01:45:28.082651 0.053132 tcp 10.0.2.109 52997 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:28.136063 0.053937 tcp 10.0.2.109 52998 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:28.190327 0.154855 tcp 10.0.2.109 52999 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:28.355282 3.001612 tcp 10.0.2.109 53000 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:45:34.281115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:45:37.355499 0.000000 tcp 10.0.2.109 53000 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:45:42.283148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:45:43.354545 0.052791 tcp 10.0.2.109 53001 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:43.407631 0.056043 tcp 10.0.2.109 53002 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:43.463958 0.151948 tcp 10.0.2.109 53003 -> 195.113.214.211 443 SRPA* 0 0 20 10252 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:43.641178 0.618878 tcp 10.0.2.109 53004 -> 70.113.215.93 3558 FSPA* 0 0 13 1454 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:43.979449 0.052645 tcp 10.0.2.109 53005 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:44.032390 0.053145 tcp 10.0.2.109 53006 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:44.085850 0.151794 tcp 10.0.2.109 53007 -> 195.113.214.211 443 SRPA* 0 0 49 46230 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:44.260289 2.999495 tcp 10.0.2.109 53008 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:45:53.258012 0.000000 tcp 10.0.2.109 53008 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:45:58.285686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:45:59.257253 0.052152 tcp 10.0.2.109 53009 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:59.309685 0.054095 tcp 10.0.2.109 53010 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:59.364087 0.149147 tcp 10.0.2.109 53011 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:45:59.541557 2.999864 tcp 10.0.2.109 53012 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:46:08.540010 0.000000 tcp 10.0.2.109 53012 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:46:14.539560 0.052449 tcp 10.0.2.109 53013 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:14.592301 0.052848 tcp 10.0.2.109 53014 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:14.645512 0.151863 tcp 10.0.2.109 53015 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:14.807394 0.345396 tcp 10.0.2.109 53016 -> 160.80.52.122 6469 FSPA* 0 0 13 1454 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:14.872649 0.052454 tcp 10.0.2.109 53017 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:14.925454 0.055528 tcp 10.0.2.109 53018 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:14.981366 0.158048 tcp 10.0.2.109 53019 -> 195.113.214.211 443 SRPA* 0 0 48 29136 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:15.152966 0.056272 tcp 10.0.2.109 53020 -> 5.178.178.199 4758 SPA_* 0 0 9 1238 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:30.291774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:46:36.387931 0.284240 tcp 10.0.2.109 53020 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:36.388959 0.052845 tcp 10.0.2.109 53021 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:36.442083 0.053059 tcp 10.0.2.109 53022 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:36.495454 0.153639 tcp 10.0.2.109 53023 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:36.672357 2.992945 tcp 10.0.2.109 53024 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:46:45.673605 0.000000 tcp 10.0.2.109 53024 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:46:51.672147 0.109722 tcp 10.0.2.109 53025 -> 176.73.169.112 1959 FSPA* 0 0 13 1454 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:46:51.782166 2.994502 tcp 10.0.2.109 53026 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:47:00.775456 0.000000 tcp 10.0.2.109 53026 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:47:06.784259 3.004298 tcp 10.0.2.109 53027 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:47:15.786967 0.000000 tcp 10.0.2.109 53027 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:47:21.785639 0.543181 tcp 10.0.2.109 53028 -> 70.113.215.93 3558 FSPA* 0 0 13 1454 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:47:22.329044 3.001278 tcp 10.0.2.109 53029 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:47:31.329331 0.000000 tcp 10.0.2.109 53029 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:47:37.328717 3.003188 tcp 10.0.2.109 53030 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:47:46.330789 0.000000 tcp 10.0.2.109 53030 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:47:52.329967 0.066036 tcp 10.0.2.109 53031 -> 160.80.52.122 6469 FSPA* 0 0 13 1454 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:47:52.396233 2.997637 tcp 10.0.2.109 53032 -> 5.178.178.199 4758 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:48:01.402295 0.000000 tcp 10.0.2.109 53032 -> 5.178.178.199 4758 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:52:34.388909 3.000480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 01:52:41.395292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:52:49.396922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:53:05.399538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:53:07.393207 0.000198 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 01:53:07.393516 2.993300 tcp 10.0.2.109 53033 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:53:16.385105 0.000000 tcp 10.0.2.109 53033 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:53:22.395703 0.053891 tcp 10.0.2.109 53034 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:22.449864 0.055380 tcp 10.0.2.109 53035 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:22.505474 0.150858 tcp 10.0.2.109 53036 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:22.667873 0.377216 tcp 10.0.2.109 53037 -> 176.73.169.112 1959 FSPA* 0 0 13 1288 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:22.780607 0.052771 tcp 10.0.2.109 53038 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:22.833724 0.054077 tcp 10.0.2.109 53039 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:22.888079 0.146355 tcp 10.0.2.109 53040 -> 195.113.214.211 443 SRPA* 0 0 37 30466 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:23.045270 3.003825 tcp 10.0.2.109 53041 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:53:32.048166 0.000000 tcp 10.0.2.109 53041 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:53:37.405668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:53:38.047576 0.052707 tcp 10.0.2.109 53042 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:38.100550 0.054150 tcp 10.0.2.109 53043 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:38.155049 0.148425 tcp 10.0.2.109 53044 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:38.319585 3.001452 tcp 10.0.2.109 53045 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:53:47.320022 0.000000 tcp 10.0.2.109 53045 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:53:53.319008 0.053026 tcp 10.0.2.109 53046 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:53.372383 0.052385 tcp 10.0.2.109 53047 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:53.425024 0.152571 tcp 10.0.2.109 53048 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:53.616562 0.608147 tcp 10.0.2.109 53049 -> 70.113.215.93 3558 FSPA* 0 0 13 1288 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:53.949116 0.054005 tcp 10.0.2.109 53050 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:54.002924 0.053627 tcp 10.0.2.109 53051 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:54.056779 0.156847 tcp 10.0.2.109 53052 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:53:54.224937 2.999009 tcp 10.0.2.109 53053 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:54:03.232964 0.000000 tcp 10.0.2.109 53053 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:54:09.221752 0.052693 tcp 10.0.2.109 53054 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:09.274795 0.053902 tcp 10.0.2.109 53055 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:09.328959 0.152557 tcp 10.0.2.109 53056 -> 195.113.214.211 443 SRPA* 0 0 50 36538 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:09.499790 2.996139 tcp 10.0.2.109 53057 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:54:18.494724 0.000000 tcp 10.0.2.109 53057 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:54:24.493573 0.053660 tcp 10.0.2.109 53058 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:24.547515 0.053285 tcp 10.0.2.109 53059 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:24.601053 0.161672 tcp 10.0.2.109 53060 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:24.773380 0.333889 tcp 10.0.2.109 53061 -> 160.80.52.122 6469 FSPA* 0 0 13 1288 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:24.838447 0.053459 tcp 10.0.2.109 53062 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:24.892175 0.055177 tcp 10.0.2.109 53063 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:24.947658 0.149179 tcp 10.0.2.109 53064 -> 195.113.214.211 443 SRPA* 0 0 35 19505 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:25.107466 3.001162 tcp 10.0.2.109 53065 -> 5.178.178.199 4758 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:54:34.107412 0.000000 tcp 10.0.2.109 53065 -> 5.178.178.199 4758 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:54:40.106635 0.052457 tcp 10.0.2.109 53066 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:40.159381 0.053392 tcp 10.0.2.109 53067 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:40.213117 0.151418 tcp 10.0.2.109 53068 -> 195.113.214.211 443 SRPA* 0 0 51 32502 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:40.384131 3.006420 tcp 10.0.2.109 53069 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:54:49.389199 0.000000 tcp 10.0.2.109 53069 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:54:55.377773 0.107742 tcp 10.0.2.109 53070 -> 176.73.169.112 1959 FSPA* 0 0 13 1288 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:54:55.485743 3.006255 tcp 10.0.2.109 53071 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:55:04.491203 0.000000 tcp 10.0.2.109 53071 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:55:10.479761 3.004109 tcp 10.0.2.109 53072 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:55:19.492080 0.000000 tcp 10.0.2.109 53072 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:55:25.481456 0.336743 tcp 10.0.2.109 53073 -> 70.113.215.93 3558 FSPA* 0 0 13 1288 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:55:25.818354 2.997776 tcp 10.0.2.109 53074 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:55:34.814112 0.000000 tcp 10.0.2.109 53074 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:55:40.813256 2.994258 tcp 10.0.2.109 53075 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:55:49.805659 0.000000 tcp 10.0.2.109 53075 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 01:55:55.814890 0.064691 tcp 10.0.2.109 53076 -> 160.80.52.122 6469 FSPA* 0 0 13 1288 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:55:55.879810 0.058955 tcp 10.0.2.109 53077 -> 5.178.178.199 4758 SPA_* 0 0 9 1072 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:56:18.724855 0.000295 tcp 10.0.2.109 53077 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 01:59:41.411986 3.001011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 01:59:48.419482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 01:59:56.420567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:00:12.423921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:00:44.429747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:01:18.719813 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 02:01:18.720101 3.003246 tcp 10.0.2.109 53078 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:01:27.721837 0.000000 tcp 10.0.2.109 53078 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:01:33.722235 0.054233 tcp 10.0.2.109 53079 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:33.776737 0.054035 tcp 10.0.2.109 53080 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:33.831065 0.151878 tcp 10.0.2.109 53081 -> 195.113.214.211 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:34.023487 0.443178 tcp 10.0.2.109 53082 -> 176.73.169.112 1959 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:34.129504 0.052437 tcp 10.0.2.109 53083 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:34.182388 0.053127 tcp 10.0.2.109 53084 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:34.235816 0.212724 tcp 10.0.2.109 53085 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:34.466815 2.999197 tcp 10.0.2.109 53086 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:01:43.464349 0.000000 tcp 10.0.2.109 53086 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:01:49.463873 0.052715 tcp 10.0.2.109 53087 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:49.516875 0.054131 tcp 10.0.2.109 53088 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:49.571284 0.150262 tcp 10.0.2.109 53089 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:01:49.751624 2.996208 tcp 10.0.2.109 53090 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:01:58.746900 0.000000 tcp 10.0.2.109 53090 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:02:04.745794 0.054307 tcp 10.0.2.109 53091 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:04.800452 0.055797 tcp 10.0.2.109 53092 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:04.856555 0.156865 tcp 10.0.2.109 53093 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:05.036263 0.620086 tcp 10.0.2.109 53094 -> 70.113.215.93 3558 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:05.369220 0.052208 tcp 10.0.2.109 53095 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:05.421756 0.054696 tcp 10.0.2.109 53096 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:05.476745 0.143010 tcp 10.0.2.109 53097 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:05.656670 3.004409 tcp 10.0.2.109 53098 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:02:14.659541 0.000000 tcp 10.0.2.109 53098 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:02:20.658627 0.053140 tcp 10.0.2.109 53099 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:20.712051 0.055405 tcp 10.0.2.109 53100 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:20.767784 0.144617 tcp 10.0.2.109 53101 -> 195.113.214.211 443 SRPA* 0 0 32 24224 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:20.963081 2.999606 tcp 10.0.2.109 53102 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:02:29.961495 0.000000 tcp 10.0.2.109 53102 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:02:35.960310 0.052243 tcp 10.0.2.109 53103 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:36.012854 0.054649 tcp 10.0.2.109 53104 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:36.067321 0.165616 tcp 10.0.2.109 53105 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:36.265049 0.450656 tcp 10.0.2.109 53106 -> 160.80.52.122 6469 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:36.330028 0.052798 tcp 10.0.2.109 53107 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:36.383107 0.054696 tcp 10.0.2.109 53108 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:36.438047 0.150517 tcp 10.0.2.109 53109 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:02:36.715900 3.055930 tcp 10.0.2.109 53110 -> 5.178.178.199 4758 SPA_* 0 0 10 1254 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:03:01.115475 0.266209 tcp 10.0.2.109 53110 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:03:01.116585 0.053212 tcp 10.0.2.109 53111 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:03:01.170233 0.053567 tcp 10.0.2.109 53112 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:03:01.224113 0.145580 tcp 10.0.2.109 53113 -> 195.113.214.211 443 SRPA* 0 0 42 30322 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:03:01.381949 2.999106 tcp 10.0.2.109 53114 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:03:10.379817 0.000000 tcp 10.0.2.109 53114 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:03:16.377904 0.113099 tcp 10.0.2.109 53115 -> 176.73.169.112 1959 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:03:16.491172 3.001719 tcp 10.0.2.109 53116 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:03:25.490959 0.000000 tcp 10.0.2.109 53116 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:03:31.490134 2.994271 tcp 10.0.2.109 53117 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:03:40.492992 0.000000 tcp 10.0.2.109 53117 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:03:46.491401 0.331997 tcp 10.0.2.109 53118 -> 70.113.215.93 3558 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:03:46.823573 2.992730 tcp 10.0.2.109 53119 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:03:55.815012 0.000000 tcp 10.0.2.109 53119 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:04:01.823899 2.993664 tcp 10.0.2.109 53120 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:04:10.816519 0.000000 tcp 10.0.2.109 53120 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:04:16.825405 0.065509 tcp 10.0.2.109 53121 -> 160.80.52.122 6469 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:04:16.891164 2.998360 tcp 10.0.2.109 53122 -> 5.178.178.199 4758 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:04:25.888003 0.000000 tcp 10.0.2.109 53122 -> 5.178.178.199 4758 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:06:48.436037 3.001014 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 02:06:55.442953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:07:03.444856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:07:19.447760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:07:51.453601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:09:31.888456 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 02:09:31.888557 3.003974 tcp 10.0.2.109 53123 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:09:40.891105 0.000000 tcp 10.0.2.109 53123 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:09:46.891372 0.054419 tcp 10.0.2.109 53124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:09:46.945642 0.053199 tcp 10.0.2.109 53125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:09:46.999105 0.153200 tcp 10.0.2.109 53126 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:09:47.227510 0.444744 tcp 10.0.2.109 53127 -> 176.73.169.112 1959 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:09:47.334991 0.053169 tcp 10.0.2.109 53128 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:09:47.388453 0.054912 tcp 10.0.2.109 53129 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:09:47.443709 0.145318 tcp 10.0.2.109 53130 -> 195.113.214.211 443 SRPA* 0 0 44 40926 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:09:47.672492 2.992650 tcp 10.0.2.109 53131 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:09:56.673736 0.000000 tcp 10.0.2.109 53131 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:10:02.672552 0.052687 tcp 10.0.2.109 53132 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:02.725499 0.055584 tcp 10.0.2.109 53133 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:02.781343 0.184192 tcp 10.0.2.109 53134 -> 195.113.214.211 443 SRPA* 0 0 23 12930 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:03.155574 3.001731 tcp 10.0.2.109 53135 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:10:12.155571 0.000000 tcp 10.0.2.109 53135 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:10:18.155222 0.053100 tcp 10.0.2.109 53136 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:18.208620 0.054315 tcp 10.0.2.109 53137 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:18.263290 0.159099 tcp 10.0.2.109 53138 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:18.550201 0.641183 tcp 10.0.2.109 53139 -> 70.113.215.93 3558 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:18.888793 0.052482 tcp 10.0.2.109 53140 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:18.941620 0.053441 tcp 10.0.2.109 53141 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:18.995351 0.148992 tcp 10.0.2.109 53142 -> 195.113.214.211 443 SRPA* 0 0 49 30146 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:19.191613 2.998958 tcp 10.0.2.109 53143 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:10:28.188928 0.000000 tcp 10.0.2.109 53143 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:10:34.188353 0.051876 tcp 10.0.2.109 53144 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:34.240574 0.053927 tcp 10.0.2.109 53145 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:34.294798 0.151851 tcp 10.0.2.109 53146 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:34.588621 3.003760 tcp 10.0.2.109 53147 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:10:43.591367 0.000000 tcp 10.0.2.109 53147 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:10:49.590824 0.059984 tcp 10.0.2.109 53148 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:49.651150 0.053687 tcp 10.0.2.109 53149 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:49.705148 0.149139 tcp 10.0.2.109 53150 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:49.881051 0.378463 tcp 10.0.2.109 53151 -> 160.80.52.122 6469 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:49.945977 0.053254 tcp 10.0.2.109 53152 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:49.999656 0.059803 tcp 10.0.2.109 53153 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:50.059801 0.144510 tcp 10.0.2.109 53154 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:10:50.259750 2.995058 tcp 10.0.2.109 53155 -> 5.178.178.199 4758 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:10:59.263653 0.000000 tcp 10.0.2.109 53155 -> 5.178.178.199 4758 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:11:05.253272 0.053587 tcp 10.0.2.109 53156 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:11:05.307171 0.054050 tcp 10.0.2.109 53157 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:11:05.361475 0.143013 tcp 10.0.2.109 53158 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:11:05.521022 2.995626 tcp 10.0.2.109 53159 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:11:14.515469 0.000000 tcp 10.0.2.109 53159 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:11:20.514690 0.111707 tcp 10.0.2.109 53160 -> 176.73.169.112 1959 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:11:20.626631 3.002195 tcp 10.0.2.109 53161 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:11:29.626993 0.000000 tcp 10.0.2.109 53161 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:11:35.625760 3.004090 tcp 10.0.2.109 53162 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:11:44.629073 0.000000 tcp 10.0.2.109 53162 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:11:50.627941 0.399567 tcp 10.0.2.109 53163 -> 70.113.215.93 3558 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:11:51.027803 3.004718 tcp 10.0.2.109 53164 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:12:00.031384 0.000000 tcp 10.0.2.109 53164 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:12:06.030241 3.003945 tcp 10.0.2.109 53165 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:12:15.042513 0.000000 tcp 10.0.2.109 53165 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:12:21.031256 0.064790 tcp 10.0.2.109 53166 -> 160.80.52.122 6469 FSPA* 0 0 13 1260 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:12:21.096212 2.999520 tcp 10.0.2.109 53167 -> 5.178.178.199 4758 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:12:30.094182 0.055745 tcp 10.0.2.109 53167 -> 5.178.178.199 4758 SPA_* 0 0 9 1044 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:12:43.343345 0.138164 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:43.481941 0.074469 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:43.538145 0.166060 rtp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:43.718639 0.115228 rtp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:43.816888 0.166069 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:43.979509 0.050648 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:44.030540 0.170908 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:44.201813 0.377831 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:44.606628 0.160825 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:44.796981 0.048021 rtp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:44.834900 0.072869 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:44.889634 2.285622 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:47.175699 0.045735 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:47.221855 0.151444 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:47.373715 0.202781 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:47.572081 0.146845 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:47.710026 0.163635 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:47.851079 0.293253 rtcp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:48.118975 0.132890 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:48.252252 0.163048 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:48.409306 0.129780 rtp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:48.530845 0.172074 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:48.698726 0.207196 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:48.906454 0.186793 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:49.085062 0.346647 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:49.441699 0.223738 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 3 875 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:12:54.004242 0.000307 tcp 10.0.2.109 53167 -> 5.178.178.199 4758 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:13:55.459745 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 02:14:02.467049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:14:10.468747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:14:26.471665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:14:58.477693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:17:54.000150 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 02:17:54.000248 3.003742 tcp 10.0.2.109 53168 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:18:03.013059 0.000000 tcp 10.0.2.109 53168 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:18:09.003614 0.057693 tcp 10.0.2.109 53169 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:09.061616 0.055333 tcp 10.0.2.109 53170 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:09.117277 0.149000 tcp 10.0.2.109 53171 -> 195.113.214.211 443 SRPA* 0 0 41 31962 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:09.301341 0.381994 tcp 10.0.2.109 53172 -> 176.73.169.112 1959 FSPA* 0 0 13 1394 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:09.411374 0.053080 tcp 10.0.2.109 53173 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:09.464777 0.053460 tcp 10.0.2.109 53174 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:09.518515 0.149054 tcp 10.0.2.109 53175 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:09.683602 2.993260 tcp 10.0.2.109 53176 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:18:18.675313 0.000000 tcp 10.0.2.109 53176 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:18:24.685027 0.052513 tcp 10.0.2.109 53177 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:24.737840 0.054039 tcp 10.0.2.109 53178 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:24.791718 0.154900 tcp 10.0.2.109 53179 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:24.964185 0.446778 tcp 10.0.2.109 53180 -> 176.73.51.253 1158 FSPA* 0 0 13 1394 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:25.070389 0.120320 tcp 10.0.2.109 53181 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:25.191023 0.053266 tcp 10.0.2.109 53182 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:25.244603 0.150940 tcp 10.0.2.109 53183 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:25.411182 2.998063 tcp 10.0.2.109 53184 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:18:34.407753 0.000000 tcp 10.0.2.109 53184 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:18:40.407233 0.053674 tcp 10.0.2.109 53185 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:40.460690 0.054160 tcp 10.0.2.109 53186 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:40.515160 0.155066 tcp 10.0.2.109 53187 -> 195.113.214.211 443 SRPA* 0 0 49 37404 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:40.808573 3.003219 tcp 10.0.2.109 53188 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:18:49.809785 0.000000 tcp 10.0.2.109 53188 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:18:55.809053 0.052312 tcp 10.0.2.109 53189 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:55.861623 0.053138 tcp 10.0.2.109 53190 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:55.915107 0.148523 tcp 10.0.2.109 53191 -> 195.113.214.211 443 SRPA* 0 0 50 31630 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:18:56.073233 3.000282 tcp 10.0.2.109 53192 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:19:05.072352 0.000000 tcp 10.0.2.109 53192 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:19:11.071283 0.105846 tcp 10.0.2.109 53193 -> 176.73.169.112 1959 FSPA* 0 0 13 1394 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:19:11.177348 2.998047 tcp 10.0.2.109 53194 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:19:20.174066 0.000000 tcp 10.0.2.109 53194 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:19:26.172574 0.110900 tcp 10.0.2.109 53195 -> 176.73.51.253 1158 FSPA* 0 0 13 1394 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:19:26.283786 2.992799 tcp 10.0.2.109 53196 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:19:35.275365 0.000000 tcp 10.0.2.109 53196 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:19:41.284097 3.004625 tcp 10.0.2.109 53197 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:19:50.287375 0.000000 tcp 10.0.2.109 53197 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:21:02.483931 3.001478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 02:21:09.490992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:21:17.492594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:21:33.495262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:22:05.501198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:24:56.287472 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 02:24:56.287667 3.003707 tcp 10.0.2.109 53198 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:25:05.290294 0.000000 tcp 10.0.2.109 53198 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:25:11.290707 0.053130 tcp 10.0.2.109 53199 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:11.344119 0.054755 tcp 10.0.2.109 53200 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:11.399297 0.151261 tcp 10.0.2.109 53201 -> 195.113.214.211 443 SRPA* 0 0 41 32316 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:11.572777 0.057877 tcp 10.0.2.109 53202 -> 176.73.169.112 1959 SPA_* 0 0 9 1158 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:31.615631 0.305519 tcp 10.0.2.109 53202 -> 176.73.169.112 1959 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:31.616589 0.052392 tcp 10.0.2.109 53203 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:31.669250 0.054712 tcp 10.0.2.109 53204 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:31.724245 0.154939 tcp 10.0.2.109 53205 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:31.921456 3.000967 tcp 10.0.2.109 53206 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:25:40.921427 0.000000 tcp 10.0.2.109 53206 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:25:46.920627 0.052806 tcp 10.0.2.109 53207 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:46.973764 0.054478 tcp 10.0.2.109 53208 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:47.028094 0.154707 tcp 10.0.2.109 53209 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:47.205545 0.399312 tcp 10.0.2.109 53210 -> 176.73.51.253 1158 FSPA* 0 0 13 1374 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:47.315856 0.052655 tcp 10.0.2.109 53211 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:47.368353 0.054834 tcp 10.0.2.109 53212 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:47.423478 0.154252 tcp 10.0.2.109 53213 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:25:47.605139 2.999659 tcp 10.0.2.109 53214 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:25:56.613814 0.000000 tcp 10.0.2.109 53214 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:26:02.603047 0.052524 tcp 10.0.2.109 53215 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:26:02.655833 0.055148 tcp 10.0.2.109 53216 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:26:02.711224 0.144518 tcp 10.0.2.109 53217 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:26:02.903222 2.993774 tcp 10.0.2.109 53218 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:26:11.895749 0.000000 tcp 10.0.2.109 53218 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:26:17.904746 0.052623 tcp 10.0.2.109 53219 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:26:17.957678 0.053030 tcp 10.0.2.109 53220 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:26:18.011079 0.148438 tcp 10.0.2.109 53221 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:26:18.202130 2.996817 tcp 10.0.2.109 53222 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:26:27.197694 0.000000 tcp 10.0.2.109 53222 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:26:33.196741 0.108068 tcp 10.0.2.109 53223 -> 176.73.169.112 1959 FSPA* 0 0 13 1374 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:26:33.305037 3.006063 tcp 10.0.2.109 53224 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:26:42.309767 0.000000 tcp 10.0.2.109 53224 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:26:48.298065 0.116509 tcp 10.0.2.109 53225 -> 176.73.51.253 1158 FSPA* 0 0 11 1266 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:26:48.414797 3.007775 tcp 10.0.2.109 53226 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:26:57.421518 0.000000 tcp 10.0.2.109 53226 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:27:03.409739 2.994174 tcp 10.0.2.109 53227 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:27:12.413077 0.000000 tcp 10.0.2.109 53227 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:28:09.508110 3.001227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 02:28:16.515149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:28:24.516716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:28:40.519160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:29:12.525782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:32:18.413354 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 02:32:18.413463 2.993283 tcp 10.0.2.109 53228 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:32:27.406107 0.000000 tcp 10.0.2.109 53228 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:32:33.416626 0.053694 tcp 10.0.2.109 53229 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:33.470671 0.053176 tcp 10.0.2.109 53230 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:33.524180 0.155868 tcp 10.0.2.109 53231 -> 195.113.214.211 443 SRPA* 0 0 51 24272 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:33.746518 0.479652 tcp 10.0.2.109 53232 -> 176.73.169.112 1959 FSPA* 0 0 13 1458 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:33.854764 0.052644 tcp 10.0.2.109 53233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:33.907657 0.053176 tcp 10.0.2.109 53234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:33.961152 0.166425 tcp 10.0.2.109 53235 -> 195.113.214.211 443 SRPA* 0 0 57 36886 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:34.226410 3.003403 tcp 10.0.2.109 53236 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:32:43.228280 0.000000 tcp 10.0.2.109 53236 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:32:49.227726 0.053723 tcp 10.0.2.109 53237 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:49.281784 1.622037 tcp 10.0.2.109 53238 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:50.904149 0.152050 tcp 10.0.2.109 53239 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:51.079140 0.382308 tcp 10.0.2.109 53240 -> 176.73.51.253 1158 FSPA* 0 0 13 1458 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:51.191770 0.052730 tcp 10.0.2.109 53241 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:51.244831 0.053602 tcp 10.0.2.109 53242 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:51.298796 0.152892 tcp 10.0.2.109 53243 -> 195.113.214.211 443 SRPA* 0 0 39 32186 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:32:51.461662 2.993028 tcp 10.0.2.109 53244 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:33:00.463059 0.000000 tcp 10.0.2.109 53244 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:33:06.463222 0.052802 tcp 10.0.2.109 53245 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:33:06.515853 0.054388 tcp 10.0.2.109 53246 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:33:06.570446 0.155092 tcp 10.0.2.109 53247 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:33:06.803520 3.002925 tcp 10.0.2.109 53248 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:33:15.805487 0.000000 tcp 10.0.2.109 53248 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:33:21.804559 0.052383 tcp 10.0.2.109 53249 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:33:21.857202 0.076891 tcp 10.0.2.109 53250 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:33:21.934398 0.153203 tcp 10.0.2.109 53251 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:33:22.108080 3.000798 tcp 10.0.2.109 53252 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:33:31.107542 0.000000 tcp 10.0.2.109 53252 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:33:37.105938 0.109618 tcp 10.0.2.109 53253 -> 176.73.169.112 1959 FSPA* 0 0 13 1458 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:33:37.215821 3.004289 tcp 10.0.2.109 53254 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:33:46.219278 0.000000 tcp 10.0.2.109 53254 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:33:52.208218 0.108520 tcp 10.0.2.109 53255 -> 176.73.51.253 1158 FSPA* 0 0 13 1458 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:33:52.316651 3.005108 tcp 10.0.2.109 53256 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:34:01.320905 0.000000 tcp 10.0.2.109 53256 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:34:07.310550 3.003214 tcp 10.0.2.109 53257 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:34:16.322232 0.000000 tcp 10.0.2.109 53257 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:35:16.531394 3.001794 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 02:35:23.539387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:35:31.540078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:35:47.543477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:36:19.549796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:39:22.313246 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 02:39:22.313341 2.993284 tcp 10.0.2.109 53258 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:39:31.305191 0.000000 tcp 10.0.2.109 53258 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:39:37.316688 0.054106 tcp 10.0.2.109 53259 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:37.371068 0.053844 tcp 10.0.2.109 53260 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:37.425283 0.147308 tcp 10.0.2.109 53261 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:37.583684 0.390745 tcp 10.0.2.109 53262 -> 176.73.169.112 1959 FSPA* 0 0 13 1317 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:37.695546 0.052474 tcp 10.0.2.109 53263 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:37.748297 0.054612 tcp 10.0.2.109 53264 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:37.803196 0.158836 tcp 10.0.2.109 53265 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:37.974722 3.004623 tcp 10.0.2.109 53266 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:39:46.977737 0.000000 tcp 10.0.2.109 53266 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:39:52.966956 0.053863 tcp 10.0.2.109 53267 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:53.021106 0.055056 tcp 10.0.2.109 53268 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:53.076459 0.158755 tcp 10.0.2.109 53269 -> 195.113.214.211 443 SRPA* 0 0 33 17460 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:53.463537 0.586084 tcp 10.0.2.109 53270 -> 176.73.51.253 1158 FSPA* 0 0 13 1317 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:53.569710 0.052495 tcp 10.0.2.109 53271 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:53.622452 0.057870 tcp 10.0.2.109 53272 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:53.680639 0.150522 tcp 10.0.2.109 53273 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:39:54.049852 3.002730 tcp 10.0.2.109 53274 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:40:03.050572 0.000000 tcp 10.0.2.109 53274 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:40:09.050358 0.052697 tcp 10.0.2.109 53275 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:40:09.103428 0.054526 tcp 10.0.2.109 53276 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:40:09.158288 0.146063 tcp 10.0.2.109 53277 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:40:09.426730 3.007199 tcp 10.0.2.109 53278 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:40:18.443333 0.000000 tcp 10.0.2.109 53278 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:40:24.422244 0.052419 tcp 10.0.2.109 53279 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:40:24.474969 0.054135 tcp 10.0.2.109 53280 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:40:24.529387 0.149649 tcp 10.0.2.109 53281 -> 195.113.214.211 443 SRPA* 0 0 46 25902 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:40:24.703706 2.992430 tcp 10.0.2.109 53282 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:40:33.694796 0.000000 tcp 10.0.2.109 53282 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:40:39.703880 0.118858 tcp 10.0.2.109 53283 -> 176.73.169.112 1959 FSPA* 0 0 13 1317 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:40:39.822942 2.994681 tcp 10.0.2.109 53284 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:40:48.816596 0.000000 tcp 10.0.2.109 53284 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:40:54.815060 0.111569 tcp 10.0.2.109 53285 -> 176.73.51.253 1158 FSPA* 0 0 13 1317 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:40:54.926852 3.003091 tcp 10.0.2.109 53286 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:41:03.928048 0.000000 tcp 10.0.2.109 53286 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:41:09.927038 3.004050 tcp 10.0.2.109 53287 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:41:18.930006 0.000000 tcp 10.0.2.109 53287 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:42:23.556178 3.000905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 02:42:30.562576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:42:38.564335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:42:54.567187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:43:06.374887 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 02:43:06.375153 0.159962 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:06.512486 0.069442 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:06.886057 0.171614 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:07.036441 0.117401 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:07.352932 0.166516 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:07.516809 0.052674 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:07.619849 0.192651 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:07.850621 0.063131 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:07.904666 0.073255 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:08.018187 0.184484 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:08.194895 0.314333 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:08.602913 3.363152 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:11.891186 0.050377 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:11.939107 0.189160 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:12.095678 0.195288 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:12.287794 0.146052 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:12.429697 0.166404 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:12.572678 0.280571 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:12.839410 0.157149 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:12.975674 0.163413 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:13.133848 0.126119 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:13.323586 0.171595 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:13.491746 0.223053 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:13.709653 0.242406 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:13.931648 0.191873 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:14.115958 0.371051 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/01/13 02:43:26.573566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:46:24.930599 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 02:46:24.930696 3.003391 tcp 10.0.2.109 53288 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:46:33.942900 0.000000 tcp 10.0.2.109 53288 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 02:46:39.933777 0.053149 tcp 10.0.2.109 53289 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:46:39.987202 0.054908 tcp 10.0.2.109 53290 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:46:40.042444 0.152809 tcp 10.0.2.109 53291 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:46:40.216307 0.520880 tcp 10.0.2.109 53292 -> 176.73.169.112 1959 FSPA* 0 0 14 1655 flow=From-Botnet-V1-TCP-Established 1970/01/13 02:49:30.580128 3.001327 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 02:49:37.587186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:49:45.588174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:50:01.591582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:50:33.597426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:56:37.603106 3.002308 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 02:56:44.611096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:56:52.612701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:57:08.615434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 02:57:40.621456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:03:44.628100 3.001293 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 03:03:51.634898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:03:59.636111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:04:15.639452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:04:47.645359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:10:51.652158 3.001154 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 03:10:58.658542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:11:06.660399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:11:22.663673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:11:54.669012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:13:30.727909 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 03:13:30.728009 0.145012 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:30.873437 0.133115 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:31.006975 0.054811 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:31.062352 0.112854 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:31.175632 0.162368 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:31.338509 0.070237 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:31.409157 0.166120 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:31.575625 0.036861 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:31.612892 0.055254 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:31.668520 0.174060 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:31.842975 0.383263 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:32.226637 1.622997 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:33.850036 0.043967 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:33.894489 0.157520 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:34.052397 0.184140 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:34.236933 0.143763 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:34.381120 0.141298 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:34.522833 0.262263 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 594 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:34.785569 0.131988 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:34.917986 0.165966 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:35.084324 0.203015 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:35.287679 0.197208 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:35.485342 0.155822 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:35.641553 0.121287 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:35.763272 0.177744 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:13:35.941385 0.349390 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:16:40.741063 0.000177 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 03:16:40.741358 0.467028 tcp 10.0.2.109 53293 -> 176.73.169.112 1959 FSPA* 0 0 12 1576 flow=From-Botnet-V1-TCP-Established 1970/01/13 03:17:58.675396 3.001691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 03:18:05.682796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:18:13.684361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:18:29.686990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:19:01.693488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:25:05.699256 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 03:25:12.706357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:25:20.708075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:25:36.711047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:26:08.716866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:32:12.723331 3.001793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 03:32:19.730701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:32:27.732037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:32:43.735325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:33:15.741416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:39:19.746733 3.002645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 03:39:26.755025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:39:34.756167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:39:50.759081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:40:22.765317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:43:44.355341 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 03:43:44.355587 0.142865 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:44.498859 0.137722 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:44.636987 0.055075 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:44.708803 0.315577 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:45.024769 0.161609 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:45.186785 0.050986 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:45.238190 0.163719 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:45.402422 0.042970 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:45.445829 0.054457 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:45.500688 0.171926 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:45.673019 0.386740 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:46.060170 0.159092 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:46.219622 0.043607 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:46.263626 0.152301 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:46.416309 0.184337 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:46.601033 0.145601 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:46.746997 0.140599 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:46.888017 0.262935 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:43:47.151351 0.000000 udp 10.0.2.109 3683 -> 67.237.9.201 1219 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 03:44:02.203223 0.055252 tcp 10.0.2.109 53294 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 03:44:02.258713 0.053336 tcp 10.0.2.109 53295 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 03:44:02.312344 0.147169 tcp 10.0.2.109 53296 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 03:44:02.460818 0.208495 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:44:02.669749 0.155116 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:44:02.825235 0.121613 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:44:02.947232 0.181947 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:44:03.129653 0.165793 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:44:03.295846 0.206162 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:44:03.502448 0.352932 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/13 03:46:26.771146 3.001942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 03:46:33.778729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:46:41.209485 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 03:46:41.209572 0.537626 tcp 10.0.2.109 53297 -> 176.73.169.112 1959 FSPA* 0 0 14 1555 flow=From-Botnet-V1-TCP-Established 1970/01/13 03:46:41.780463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:46:57.783120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:47:29.789533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:53:33.795949 3.001160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 03:53:40.802382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:53:48.803993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:54:04.807118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 03:54:36.813189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:00:40.819457 3.001413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 04:00:47.826831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:00:55.828088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:01:11.831100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:01:43.837260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:07:47.843969 3.000422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 04:07:54.850604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:08:02.851766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:08:18.855173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:08:50.861391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:14:28.246350 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 04:14:28.246448 0.132426 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:28.379311 0.057060 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:28.437209 0.108689 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:28.546284 0.138538 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:28.685288 0.135528 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:28.821239 0.049425 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:28.871032 0.181915 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:29.053310 0.051528 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:29.105219 0.058253 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:29.163835 0.162312 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:29.326549 0.173183 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:29.500127 0.043998 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:29.544528 0.153392 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:29.698359 0.184301 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:29.883082 0.138050 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:30.021565 0.140862 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:30.162836 0.148354 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:30.311576 0.387625 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:30.699559 0.275613 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:30.975507 0.120086 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:31.095951 0.199254 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:31.295618 0.156115 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:31.452088 0.229776 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:31.682316 0.347902 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:32.030573 0.182751 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:32.213720 0.176900 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:14:54.867588 3.001278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 04:15:01.874701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:15:09.875610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:15:25.879369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:15:57.885399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:16:41.748787 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 04:16:41.748868 0.546545 tcp 10.0.2.109 53298 -> 176.73.169.112 1959 FSPA* 0 0 14 1574 flow=From-Botnet-V1-TCP-Established 1970/01/13 04:22:01.892061 3.000714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 04:22:08.898226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:22:16.899559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:22:32.903564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:23:04.908792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:29:08.914757 3.001877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 04:29:15.922742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:29:23.924117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:29:39.927061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:30:11.933211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:36:15.939568 3.001346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 04:36:22.946439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:36:30.947946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:36:46.950764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:37:18.956902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:43:22.963989 3.000893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 04:43:30.000569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:43:38.002062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:43:54.005202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:44:26.011296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:44:53.861527 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 04:44:53.861707 0.112379 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:44:53.974533 0.145746 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:44:54.120684 0.137354 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:44:54.258554 0.048696 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:44:54.307668 0.132369 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:44:54.440474 0.051979 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:44:54.492854 0.160080 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:44:54.653334 0.035621 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:44:54.689346 0.059266 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:44:54.749014 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 04:45:12.059374 0.053659 tcp 10.0.2.109 53299 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 04:45:12.113353 0.054412 tcp 10.0.2.109 53300 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 04:45:12.168080 0.158403 tcp 10.0.2.109 53301 -> 195.113.214.211 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/01/13 04:45:12.326975 0.172922 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:12.500296 0.046691 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:12.547349 0.158247 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:12.705939 0.183837 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:12.890229 0.145964 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:13.036555 0.386328 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:13.423324 0.264942 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:13.688720 0.141001 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:13.830276 1.121673 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:14.952370 0.119737 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:15.072514 0.198170 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:15.271124 0.157088 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:15.428609 0.203793 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:15.632737 0.351643 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:15.984817 0.182066 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:45:16.167281 0.169773 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/13 04:46:42.297263 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 04:46:42.297362 0.471026 tcp 10.0.2.109 53302 -> 176.73.169.112 1959 FSPA* 0 0 15 1610 flow=From-Botnet-V1-TCP-Established 1970/01/13 04:50:30.017249 3.001258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 04:50:37.024329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:50:45.025528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:51:01.028759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:51:33.034525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:57:37.040928 3.001717 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 04:57:44.047971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:57:52.050208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:58:08.052468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 04:58:40.058512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:04:44.064452 3.001731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 05:04:51.072049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:04:59.073993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:05:15.076609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:05:47.083131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:11:51.089163 3.001216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 05:11:58.096060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:12:06.097368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:12:22.100583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:12:54.106845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:15:35.779376 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 05:15:35.779456 0.188361 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:35.968161 0.161765 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:36.130364 0.049715 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:36.180451 0.134382 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:36.315205 0.143028 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:36.458647 0.158350 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:36.617356 0.034486 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:36.652236 0.054406 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:36.707003 0.059480 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:36.766890 0.134832 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:36.902129 0.173453 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:37.076012 0.044340 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:37.120750 0.154231 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:37.275411 0.189486 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:37.465303 0.139584 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:37.605262 0.137689 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:37.743367 0.387552 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:38.131378 0.277612 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:38.409414 0.136696 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:38.546463 0.121163 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:38.668017 0.207705 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:38.876149 0.155253 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:39.031780 0.203138 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:39.235293 0.368614 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:39.604361 0.187149 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:15:39.791919 0.234510 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:16:42.796190 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 05:16:42.796334 0.489278 tcp 10.0.2.109 53303 -> 176.73.169.112 1959 FSPA* 0 0 14 1562 flow=From-Botnet-V1-TCP-Established 1970/01/13 05:18:58.133528 3.001247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 05:19:05.140024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:19:13.141480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:19:29.144808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:20:01.150957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:26:05.157828 3.000877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 05:26:12.164056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:26:20.166008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:26:36.169040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:27:08.174641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:33:12.180040 3.002553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 05:33:19.187831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:33:27.189685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:33:43.192627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:34:15.198667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:40:19.205237 3.070972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 05:40:26.282388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:40:34.283385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:40:50.287034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:41:22.292884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:45:53.733883 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 05:45:53.734071 0.160573 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:53.895054 0.095153 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:53.990607 0.049919 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.040916 0.131144 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.172466 0.141409 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.314311 0.164767 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.479465 0.035821 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.515676 0.055636 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.571728 0.048513 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.620632 0.131558 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.752625 0.172776 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.925818 0.045333 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:54.971866 0.155186 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:55.127466 0.189748 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:55.317633 0.143382 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:55.461413 0.140883 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:55.602712 0.311636 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:55.914783 0.268114 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:56.183313 2.197993 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:58.381700 0.120409 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:58.502477 0.197302 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:58.700201 0.156828 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:58.857422 0.178039 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:59.035845 0.178570 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:59.214863 0.204106 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:45:59.419408 0.357768 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/13 05:46:43.304842 0.546910 tcp 10.0.2.109 53304 -> 176.73.169.112 1959 FSPA* 0 0 15 1598 flow=From-Botnet-V1-TCP-Established 1970/01/13 05:47:26.299587 3.001174 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 05:47:33.306347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:47:41.308097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:47:57.310750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:48:29.316617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:54:33.322568 3.001750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 05:54:40.330030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:54:48.332129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:55:04.334659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 05:55:36.341033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:01:40.347380 3.001161 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 06:01:47.353866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:01:55.355335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:02:11.358994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:02:43.364625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:08:47.371356 3.001158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 06:08:54.377982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:09:02.379789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:09:18.382420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:09:50.388703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:15:54.395395 3.000544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 06:16:01.401965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:16:07.821263 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 06:16:07.821414 0.049896 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:07.871738 0.163666 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:08.035755 0.096824 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:08.161368 0.000000 udp 10.0.2.109 3683 -> 67.237.9.201 1219 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 06:16:09.403587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:16:25.406419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:16:26.350815 0.056670 tcp 10.0.2.109 53305 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 06:16:26.407755 0.057419 tcp 10.0.2.109 53306 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 06:16:26.465463 0.153992 tcp 10.0.2.109 53307 -> 195.113.214.211 443 SRPA* 0 0 35 18208 flow=From-Botnet-V1-TCP-Established 1970/01/13 06:16:26.620035 0.142465 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:26.762981 0.158171 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:26.921513 0.036098 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:26.958413 0.052336 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:27.011153 0.054715 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:27.066423 0.135967 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:27.202771 0.209470 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:27.412622 0.044195 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:27.457177 0.156222 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:27.613722 0.189423 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:27.803546 0.135593 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:27.939648 0.140839 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:28.080798 0.385065 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:28.490070 0.264230 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:28.754763 0.755710 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:29.510826 0.120903 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:29.632125 0.218588 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:29.851061 0.157209 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:30.008632 0.184087 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:30.193073 0.370762 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:30.564261 0.167470 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:30.732145 0.206547 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:16:43.853467 0.514564 tcp 10.0.2.109 53308 -> 176.73.169.112 1959 FSPA* 0 0 14 1747 flow=From-Botnet-V1-TCP-Established 1970/01/13 06:16:57.412530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:23:01.419009 3.000965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 06:23:08.425645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:23:16.427781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:23:32.430817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:24:04.436172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:30:08.443182 3.001217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 06:30:15.450343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:30:23.451505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:30:39.454123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:31:11.460433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:37:15.466029 3.001824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 06:37:22.473694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:37:30.475504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:37:46.478085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:38:18.484131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:44:22.490872 3.000905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 06:44:29.497795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:44:37.499694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:44:53.502690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:45:25.508154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:46:36.130536 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 06:46:36.130635 0.000000 udp 10.0.2.109 3683 -> 67.237.9.201 1219 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 06:46:44.372906 0.498219 tcp 10.0.2.109 53309 -> 176.73.169.112 1959 FSPA* 0 0 15 1780 flow=From-Botnet-V1-TCP-Established 1970/01/13 06:46:52.906127 0.053930 tcp 10.0.2.109 53310 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 06:46:52.960328 0.054208 tcp 10.0.2.109 53311 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 06:46:53.014916 0.148801 tcp 10.0.2.109 53312 -> 195.113.214.211 443 SRPA* 0 0 66 47916 flow=From-Botnet-V1-TCP-Established 1970/01/13 06:46:53.165185 0.049916 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:53.215533 0.162632 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:53.378574 0.156526 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:53.535498 0.139205 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:53.675113 0.164035 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:53.839563 0.035246 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:53.875178 0.054049 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:53.929597 0.053409 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:53.983355 0.133801 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:54.117544 0.174316 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:54.292306 0.046737 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:54.339488 0.149759 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:54.489597 0.184551 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:54.674546 0.145120 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:54.820010 0.139213 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:54.959583 0.314471 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:55.274403 0.284709 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:46:55.559537 4.953474 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:47:00.513457 0.125568 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:47:00.639371 0.209181 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:47:00.848969 0.155967 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:47:01.005271 0.173018 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:47:01.178671 0.206946 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:47:01.386034 0.184009 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:47:01.570541 0.363150 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/13 06:51:29.515281 3.001055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 06:51:36.521676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:51:44.523084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:52:00.526031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:52:32.532551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:58:36.541043 2.998849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 06:58:43.545973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:58:51.547990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:59:07.550187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 06:59:39.556347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:05:43.562589 3.001093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 07:05:50.569470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:05:58.571241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:06:14.574787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:06:46.580452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:12:50.586679 3.021198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 07:12:57.613573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:13:05.615622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:13:21.618437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:13:53.624028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:16:44.870702 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 07:16:44.870840 0.623233 tcp 10.0.2.109 53313 -> 176.73.169.112 1959 FSPA* 0 0 15 1617 flow=From-Botnet-V1-TCP-Established 1970/01/13 07:17:02.916555 0.114403 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:03.031310 0.145834 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:03.177576 0.159956 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:03.338012 0.053700 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:03.392117 0.055214 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:03.447729 0.054151 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:03.502253 0.048775 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:03.551415 0.163217 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:03.715033 0.138374 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:03.853805 0.173306 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:04.027442 0.045691 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:04.073530 0.152426 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:04.226358 0.184954 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:04.411734 0.143972 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:04.556093 0.137860 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:04.694373 0.383433 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:05.078261 0.265345 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:05.344012 3.273664 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:08.618045 0.119450 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:08.737866 0.219165 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:08.957439 0.155658 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:09.113444 0.187307 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:09.301169 0.350740 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:09.652266 0.167520 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:17:09.820197 0.207287 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:19:57.630402 3.001475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 07:20:04.638033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:20:12.639201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:20:28.642101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:21:00.647974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:27:04.655241 3.000763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 07:27:11.661815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:27:19.663215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:27:35.666033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:28:07.672562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:34:11.678713 3.000857 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 07:34:18.685415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:34:26.687129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:34:42.689977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:35:14.696258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:41:18.702516 3.021050 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 07:41:25.729390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:41:33.731511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:41:49.733959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:42:21.739974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:46:45.500212 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 07:46:45.500391 0.472963 tcp 10.0.2.109 53314 -> 176.73.169.112 1959 FSPA* 0 0 16 1749 flow=From-Botnet-V1-TCP-Established 1970/01/13 07:47:12.238098 0.129047 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:12.367575 0.140724 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:12.508665 0.160508 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:12.669603 0.034922 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:12.704943 0.055958 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:12.761329 0.053960 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:12.815613 0.049576 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:12.865601 0.161909 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:13.027922 0.138601 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:13.166928 0.172250 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:13.339618 0.044586 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:13.384573 0.155603 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:13.540579 0.184577 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:13.725553 0.144498 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:13.870467 0.137537 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:14.008382 0.386522 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:14.395242 0.258467 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:14.654107 0.206271 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:14.860764 0.383290 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:15.244413 0.120172 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:15.365013 0.156700 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:15.522336 0.181989 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:15.704680 0.344857 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:16.049970 0.170922 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:47:16.221299 0.203577 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/13 07:48:25.746317 3.001820 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 07:48:32.753433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:48:40.755273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:48:56.758463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:49:28.763945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:55:32.770751 3.000841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 07:55:39.777860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:55:47.778990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:56:03.781779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 07:56:35.788224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:02:39.794294 3.001634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 08:02:46.801687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:02:54.802733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:03:10.806407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:03:42.812212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:09:46.818675 3.000917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 08:09:53.825574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:10:01.827234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:10:17.829943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:10:49.835876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:16:45.978807 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 08:16:45.978898 0.606454 tcp 10.0.2.109 53315 -> 176.73.169.112 1959 FSPA* 0 0 14 1700 flow=From-Botnet-V1-TCP-Established 1970/01/13 08:16:53.842873 3.000516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 08:17:00.849705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:17:08.851115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:17:19.876972 0.158097 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.035432 0.036351 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.072182 0.057713 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.130382 0.053559 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.184376 0.049881 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.234633 0.161240 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.396241 0.096853 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.493529 0.146120 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.640042 0.136094 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.776567 0.171827 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.948781 0.044589 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:20.993745 0.156030 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:21.150337 0.190072 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:21.340847 0.144128 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:21.485387 0.141315 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:21.627052 0.208445 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:21.835861 0.384835 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:22.221071 0.267216 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:22.488602 1.275304 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:23.764274 0.120522 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:23.885171 0.156195 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:24.041813 0.182914 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:24.225113 0.364875 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:24.590361 0.166651 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:24.757422 0.203192 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:17:24.854150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:17:56.860053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:24:00.866659 3.001240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 08:24:07.873446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:24:15.874646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:24:31.879001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:25:03.884255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:31:07.890477 3.001047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 08:31:14.897736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:31:22.898624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:31:38.901978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:32:10.908141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:38:14.914265 3.001717 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 08:38:21.921279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:38:29.923051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:38:45.925988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:39:17.931919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:45:21.938671 3.000928 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 08:45:28.945307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:45:36.947170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:45:52.949742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:46:24.955698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:46:46.587485 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 08:46:46.587683 0.496353 tcp 10.0.2.109 53316 -> 176.73.169.112 1959 FSPA* 0 0 14 1562 flow=From-Botnet-V1-TCP-Established 1970/01/13 08:47:52.963306 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 08:47:52.963547 0.159891 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:53.123778 0.059261 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:53.183435 0.053461 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:53.237314 0.055387 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:53.293143 0.050717 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:53.344216 0.162120 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:53.506749 0.115949 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:53.623126 0.142821 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:53.766503 0.138683 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:53.905599 0.174796 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:54.080799 0.046321 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:54.127496 0.152598 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:54.280448 0.999102 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:55.279909 0.142928 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:55.423243 0.140521 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:55.564156 0.207851 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:55.772342 0.373792 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:56.146495 0.268332 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:56.415211 0.908645 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:57.324221 0.132197 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:57.456819 0.155491 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:57.612664 0.167306 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:57.780362 0.207409 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:57.988178 0.183700 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:47:58.172245 0.338779 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/13 08:52:28.961719 3.001591 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 08:52:35.969345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:52:43.971132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:52:59.974307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:53:31.979852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:59:35.986455 3.000722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 08:59:42.993396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 08:59:50.994829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:00:06.997893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:00:39.003559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:06:43.010576 3.001249 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 09:06:50.017024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:06:58.018986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:07:14.021499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:07:46.027495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:13:50.034246 3.001224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 09:13:57.041043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:14:05.072832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:14:21.076097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:14:53.081489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:16:47.086274 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 09:16:47.086494 0.705364 tcp 10.0.2.109 53317 -> 176.73.169.112 1959 FSPA* 0 0 14 1566 flow=From-Botnet-V1-TCP-Established 1970/01/13 09:17:59.890495 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 09:17:59.890687 0.157968 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.049087 0.036440 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.085948 0.057705 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.144011 0.052837 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.197242 0.050406 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.247996 0.160326 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.408714 0.105208 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.514369 0.143212 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.657994 0.138794 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.797203 0.173667 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:00.971284 0.044342 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:01.016035 0.154895 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:01.171327 0.184455 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:01.356162 0.137097 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:01.493650 0.141409 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:01.635470 0.206328 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:01.842359 0.312739 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:02.155507 0.226215 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:02.382209 3.961528 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:06.344129 0.120790 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:06.465306 0.155657 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:06.621382 0.229778 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:06.851584 0.206531 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:07.058526 0.178542 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:18:07.237404 0.342371 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:20:57.088229 3.000893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 09:21:04.095005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:21:12.096529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:21:28.099876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:22:00.106027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:28:04.111397 3.001893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 09:28:11.119347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:28:19.120742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:28:35.123667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:29:07.130019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:35:11.135772 3.001831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 09:35:18.143469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:35:26.144915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:35:42.147508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:36:14.153965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:42:18.160251 3.001230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 09:42:25.166872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:42:33.168739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:42:49.171674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:43:21.177498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:46:47.795263 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 09:46:47.795361 0.711773 tcp 10.0.2.109 53318 -> 176.73.169.112 1959 FSPA* 0 0 15 1751 flow=From-Botnet-V1-TCP-Established 1970/01/13 09:48:22.711498 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 09:48:22.711596 0.178086 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:22.890037 0.055648 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:22.946059 0.056494 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:23.002901 0.054046 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:23.057336 0.050698 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:23.108367 0.161978 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:23.270737 0.108022 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:23.379154 0.145206 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:23.524774 0.134049 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:23.659236 0.202467 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:23.862328 0.043530 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:23.906287 0.340293 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:24.247021 0.192812 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:24.440242 0.142053 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:24.582702 0.310381 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:24.893484 0.207676 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:25.101552 0.313435 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:25.415431 0.264367 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:25.680199 2.491266 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:28.171884 0.120098 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:28.292362 0.156868 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:28.449626 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 09:48:44.284044 0.052266 tcp 10.0.2.109 53319 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 09:48:44.336647 0.051904 tcp 10.0.2.109 53320 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 09:48:44.388837 0.131262 tcp 10.0.2.109 53321 -> 195.113.214.211 443 SRPA* 0 0 87 80660 flow=From-Botnet-V1-TCP-Established 1970/01/13 09:48:44.520805 0.206518 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:44.727690 0.187616 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:48:44.915655 0.347432 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/13 09:49:25.184331 3.000959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 09:49:32.191368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:49:40.192924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:49:56.195786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:50:28.201699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:56:32.207470 3.001668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 09:56:39.215060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:56:47.216822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:57:03.219866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 09:57:35.225296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:03:39.232220 3.001035 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 10:03:46.238879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:03:54.240184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:04:10.243521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:04:42.249448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:10:46.256179 3.001251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 10:10:53.262842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:11:01.264138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:11:17.267431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:11:49.273346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:16:48.514605 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 10:16:48.514732 0.719664 tcp 10.0.2.109 53322 -> 176.73.169.112 1959 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/01/13 10:17:53.280535 3.000402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 10:18:00.286993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:18:08.288580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:18:24.291744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:18:56.297628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:19:11.559976 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 10:19:11.560069 0.272925 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:11.833735 0.056405 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:11.890490 0.059851 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:11.950746 0.163602 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:12.114718 0.037045 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:12.152099 0.161563 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:12.314085 0.097041 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:12.411541 0.144361 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:12.556256 0.049731 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:12.606554 0.175109 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:12.782047 0.043892 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:12.838894 0.134918 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:12.974244 0.145083 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:13.119766 0.140535 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:13.260682 0.189647 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:13.450701 0.151679 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:13.602790 0.208530 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:13.811736 0.324418 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:14.136551 0.292348 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:14.429312 0.154275 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:14.584010 0.120123 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:14.704551 0.677223 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:15.382191 0.203456 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:15.586088 0.183372 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:19:15.769797 0.337093 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:25:00.304224 3.001291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 10:25:07.311150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:25:15.312128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:25:31.315851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:26:03.321482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:32:07.328030 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 10:32:14.335252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:32:22.336613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:32:38.339071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:33:10.346562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:39:14.352529 3.000484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 10:39:21.358976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:39:29.360163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:39:45.363740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:40:17.369134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:46:21.376160 3.001154 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 10:46:28.392865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:46:36.394371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:46:49.233271 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 10:46:49.233366 0.633291 tcp 10.0.2.109 53323 -> 176.73.169.112 1959 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/01/13 10:46:52.397572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:47:24.403336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:49:35.682734 0.000157 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 10:49:35.682995 0.053278 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:35.736655 0.166683 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:35.903741 0.057833 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:35.961941 0.158106 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:36.120468 0.035988 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:36.156823 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 10:49:51.707325 0.053091 tcp 10.0.2.109 53324 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 10:49:51.760650 0.052799 tcp 10.0.2.109 53325 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 10:49:51.813753 0.148697 tcp 10.0.2.109 53326 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/13 10:49:51.962961 0.089814 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:52.053126 0.145658 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:52.199227 0.049233 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:52.248826 0.171740 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:52.420955 0.044302 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:52.465648 0.138659 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:52.604643 0.136141 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:52.741165 0.141444 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:52.883034 0.188857 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:53.072300 0.154017 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:53.226692 0.199429 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:53.426523 0.156737 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:53.583607 0.120422 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:53.704433 0.360741 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:54.065556 0.266351 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:54.332255 0.181728 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:54.514422 2.158933 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:56.673731 0.208437 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:49:56.882523 0.343071 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/13 10:53:28.410016 3.001226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 10:53:35.416964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:53:43.418362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:53:59.421596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 10:54:31.427481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:00:35.433669 3.001529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 11:00:42.440919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:00:50.442745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:01:06.444962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:01:38.451095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:07:42.458022 3.000803 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 11:07:49.464929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:07:57.466208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:08:13.469036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:08:45.475347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:14:49.481469 3.001666 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 11:14:56.488729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:15:04.490045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:15:20.493230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:15:52.499333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:16:49.872128 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 11:16:49.872258 0.664449 tcp 10.0.2.109 53327 -> 176.73.169.112 1959 FSPA* 0 0 15 1770 flow=From-Botnet-V1-TCP-Established 1970/01/13 11:20:24.220494 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 11:20:24.220592 0.160611 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:24.381617 0.223750 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:24.605769 0.047054 rtcp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:24.653239 0.054625 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:24.708202 0.179420 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:24.888003 0.055509 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:24.943865 0.089176 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:25.033400 0.145042 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:25.178843 0.050848 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:25.230289 0.170554 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:25.401256 0.046612 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:25.448227 0.138319 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:25.586913 0.144150 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:25.731476 0.143299 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:25.875119 0.189313 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:26.064811 0.156333 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:26.221567 0.123112 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:26.344987 0.335823 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:26.681148 0.151881 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:26.833448 0.207142 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:27.040992 0.274339 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:27.315731 0.178652 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:27.494779 0.143024 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:27.638910 0.206952 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:20:27.846447 0.340213 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:21:56.505914 3.001251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 11:22:03.512940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:22:11.513889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:22:27.517413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:22:59.523377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:29:03.529503 3.001376 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 11:29:10.536965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:29:18.538055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:29:34.541210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:30:06.547462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:36:10.553925 3.001078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 11:36:17.560342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:36:25.561844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:36:41.565152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:37:13.571266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:43:17.577835 3.000958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 11:43:24.594942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:43:32.596161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:43:48.598920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:44:20.604980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:46:50.541506 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 11:46:50.541614 0.500210 tcp 10.0.2.109 53328 -> 176.73.169.112 1959 FSPA* 0 0 14 1555 flow=From-Botnet-V1-TCP-Established 1970/01/13 11:50:24.612169 3.000709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 11:50:31.618712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:50:39.619759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:50:46.790525 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 11:50:46.790728 0.051147 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:46.842441 0.054071 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:46.896914 0.174807 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:47.072126 0.036308 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:47.108832 0.090121 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:47.199303 0.161620 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:47.361342 0.166740 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:47.528501 0.141302 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:47.670350 0.049876 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:47.720628 0.172791 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:47.893833 0.045021 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:47.939245 0.137028 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:48.076650 0.137640 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:48.214671 0.141128 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:48.356197 0.258078 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:48.614629 0.317226 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:48.932249 0.154029 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:49.086669 0.198151 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:49.285231 0.163103 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:49.448757 0.121157 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:49.570270 0.232209 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:49.802867 0.183844 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:49.987104 0.155266 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:50.142750 0.203243 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:50.346520 0.372476 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/13 11:50:55.623441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:51:27.629071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:57:31.634346 3.002443 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 11:57:38.642789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:57:46.644139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:58:02.646853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 11:58:34.653045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:04:38.659387 3.020982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 12:04:45.686386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:04:53.687928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:05:09.691251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:05:41.696678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:11:45.703849 3.001198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 12:11:52.710410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:12:00.712114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:12:16.714632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:12:48.720917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:16:51.050383 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 12:16:51.050480 0.628786 tcp 10.0.2.109 53329 -> 176.73.169.112 1959 FSPA* 0 0 15 1626 flow=From-Botnet-V1-TCP-Established 1970/01/13 12:18:52.727437 3.001256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 12:18:59.744451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:19:07.745723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:19:23.748609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:19:55.754830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:21:05.756317 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 12:21:05.756499 0.169372 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:05.926316 0.050090 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:05.976733 0.053212 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:06.030510 0.052813 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:06.083735 0.089419 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:06.173527 0.160938 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:06.334881 0.166182 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:06.501479 0.138907 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:06.640800 0.049635 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:06.690863 0.172173 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:06.863446 0.045667 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:06.909549 0.136917 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:07.046859 0.151675 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:07.198878 0.141857 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:07.341152 0.241782 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:07.583356 0.312496 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:07.896291 0.151680 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:08.048306 0.215752 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:08.264476 0.155258 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:08.420082 0.122187 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:08.542646 0.302613 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:08.845664 0.186236 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:09.032322 0.347812 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:09.380554 1.026231 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:21:10.407179 0.206574 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:25:59.761317 3.001501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 12:26:06.768560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:26:14.769824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:26:30.773045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:27:02.778748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:33:06.785150 3.001885 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 12:33:13.792370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:33:21.793600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:33:37.797113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:34:09.802973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:40:13.808591 3.002036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 12:40:20.815988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:40:28.817570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:40:44.821047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:41:16.827164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:46:51.679288 0.000182 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 12:46:51.679568 0.543518 tcp 10.0.2.109 53330 -> 176.73.169.112 1959 FSPA* 0 0 15 1661 flow=From-Botnet-V1-TCP-Established 1970/01/13 12:47:20.873009 3.001884 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 12:47:27.880393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:47:35.881516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:47:51.885046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:48:23.890543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:51:39.883345 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 12:51:39.883608 0.053933 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:39.937947 0.036207 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:39.974533 0.170731 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:40.145693 0.055927 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:40.202043 0.102082 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:40.304516 0.162290 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:40.467238 0.165634 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:40.633233 0.142790 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:40.776416 0.049701 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:40.826516 0.169318 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:40.996241 0.043868 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:41.040527 0.136383 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:41.177373 0.138065 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:41.315847 0.137913 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:41.454317 0.183944 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:41.638688 0.313454 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:41.952535 0.151676 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:42.104574 0.120248 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:42.225230 0.318906 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:42.544569 0.178712 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:42.723695 0.197435 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:42.921527 0.156853 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:43.078836 0.345878 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:43.425084 0.158257 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:51:43.583765 0.206388 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/13 12:54:27.897294 3.001239 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 12:54:34.903991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:54:42.905665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:54:58.908574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 12:55:30.915233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:01:34.920807 3.001723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 13:01:41.928135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:01:49.929428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:02:05.933115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:02:37.939298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:08:41.945381 3.000947 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 13:08:48.952381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:08:56.953856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:09:12.956972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:09:44.962985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:15:48.969445 3.021650 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 13:15:55.996503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:16:03.997787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:16:20.001026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:16:52.007088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:16:52.227545 0.107575 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 13:16:52.335406 0.507360 tcp 10.0.2.109 53331 -> 176.73.169.112 1959 FSPA* 0 0 14 1699 flow=From-Botnet-V1-TCP-Established 1970/01/13 13:22:05.227874 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 13:22:05.227980 0.054552 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:05.283017 0.038370 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:05.321813 0.290973 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:05.613191 0.047865 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:05.661405 0.094254 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:05.756060 0.161709 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:05.918197 0.165523 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:06.084131 0.143648 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:06.228122 0.049937 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:06.278483 0.168825 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:06.447714 0.045906 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:06.494012 0.136428 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:06.630776 0.138270 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:06.769443 0.141317 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:06.911165 0.183642 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:07.095223 0.311652 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:07.407212 0.156406 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:07.564025 0.126854 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:07.691292 0.284430 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:07.976120 0.183313 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:08.159823 0.215602 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:08.375831 0.139490 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:08.515674 0.207570 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:08.723572 0.156793 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:08.880797 0.363737 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:22:56.053590 3.001274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 13:23:03.060321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:23:11.061436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:23:27.064442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:23:59.071227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:30:03.077300 3.001361 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 13:30:10.084603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:30:18.086161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:30:34.088585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:31:06.094437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:37:10.100502 3.002077 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 13:37:17.108104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:37:25.109758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:37:41.112597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:38:13.119072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:44:17.125249 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 13:44:24.131815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:44:32.133683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:44:48.136607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:45:20.142902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:46:52.846548 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 13:46:52.846775 0.611770 tcp 10.0.2.109 53332 -> 176.73.169.112 1959 FSPA* 0 0 12 1548 flow=From-Botnet-V1-TCP-Established 1970/01/13 13:51:24.148785 3.001856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 13:51:31.155785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:51:39.157670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:51:55.160571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:52:25.805136 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 13:52:25.805305 0.163907 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:25.969622 0.048656 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:26.018673 0.090098 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:26.109161 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 13:52:27.166940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:52:41.128959 0.052871 tcp 10.0.2.109 53333 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 13:52:41.182162 0.052726 tcp 10.0.2.109 53334 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 13:52:41.235193 0.122264 tcp 10.0.2.109 53335 -> 195.113.214.211 443 SRPA* 0 0 56 37989 flow=From-Botnet-V1-TCP-Established 1970/01/13 13:52:41.358252 0.056362 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:41.414981 0.035237 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:41.450549 0.167345 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:41.618265 0.140409 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:41.759096 0.049823 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:41.809278 0.171847 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:41.981458 0.044183 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:42.026190 0.139514 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:42.166105 0.144487 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:42.310984 0.137828 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:42.449187 0.150683 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:42.600243 0.120851 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:42.721468 0.311695 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:43.033560 0.000000 udp 10.0.2.109 3683 -> 172.6.250.142 9694 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 13:52:58.512054 0.052007 tcp 10.0.2.109 53336 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 13:52:58.564373 0.053151 tcp 10.0.2.109 53337 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 13:52:58.617882 0.142830 tcp 10.0.2.109 53338 -> 195.113.214.211 443 SRPA* 0 0 69 69902 flow=From-Botnet-V1-TCP-Established 1970/01/13 13:52:58.761352 0.312338 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:59.074092 0.185174 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:59.259641 0.208139 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:59.468176 0.155414 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:59.624075 0.203534 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:59.828019 0.156701 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:52:59.985143 0.375710 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/13 13:58:31.173290 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 13:58:38.180186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:58:46.181765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:59:02.184821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 13:59:34.190554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:05:38.196065 3.002263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 14:05:45.203998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:05:53.205768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:06:09.208535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:06:41.214524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:12:45.220893 3.001426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 14:12:52.227675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:13:00.229191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:13:16.232794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:13:48.238705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:16:53.465529 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 14:16:53.465759 0.669089 tcp 10.0.2.109 53339 -> 176.73.169.112 1959 FSPA* 0 0 15 1705 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:19:52.245281 3.000612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 14:19:59.251839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:20:07.253365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:20:23.256323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:20:55.262340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:23:22.374410 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 14:23:22.374511 0.162615 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:22.537563 0.188604 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:22.726485 0.049036 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:22.775926 0.165608 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:22.941958 0.089313 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:23.031592 0.230190 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:23.262363 0.139730 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:23.402510 0.050003 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:23.452913 0.036123 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:23.489446 0.053248 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:23.543125 0.044204 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:23.587727 0.169443 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:23.757568 0.139676 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:23.897630 0.155913 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:24.053937 0.120494 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:24.174844 0.323037 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:24.498407 0.135716 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:24.634525 0.136948 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:24.771876 0.204329 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:24.976612 0.156282 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:25.133295 0.203869 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:25.337538 0.156751 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:25.494688 0.311664 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:25.806760 0.183238 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:23:25.990406 0.368851 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:26:59.268164 3.002336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 14:27:06.275831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:27:14.277208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:27:30.280484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:28:02.286689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:34:06.292872 3.001711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 14:34:13.299575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:34:21.301343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:34:37.304653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:35:09.310136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:41:13.316848 3.000941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 14:41:20.323754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:41:28.325259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:41:44.328094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:42:16.334325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:46:54.134191 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 14:46:54.223633 2.914653 tcp 10.0.2.109 53340 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:47:03.137029 0.000000 tcp 10.0.2.109 53340 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:47:08.724432 0.009660 udp 10.0.2.109 50058 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/13 14:47:08.734587 0.009744 udp 10.0.2.109 62926 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/13 14:47:09.137387 0.053327 tcp 10.0.2.109 53341 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:09.191056 0.052915 tcp 10.0.2.109 53342 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:09.244361 0.144282 tcp 10.0.2.109 53343 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:09.412666 2.997377 tcp 10.0.2.109 53344 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:47:18.408772 0.000000 tcp 10.0.2.109 53344 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:47:24.407890 0.051263 tcp 10.0.2.109 53345 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:24.459425 0.053418 tcp 10.0.2.109 53346 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:24.513107 0.149964 tcp 10.0.2.109 53347 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:24.742185 3.000069 tcp 10.0.2.109 53348 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:47:33.741019 0.000000 tcp 10.0.2.109 53348 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:47:39.740112 0.051646 tcp 10.0.2.109 53349 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:39.792092 0.053827 tcp 10.0.2.109 53350 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:39.846389 0.144611 tcp 10.0.2.109 53351 -> 195.113.214.211 443 SRPA* 0 0 35 19388 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:40.001780 2.992289 tcp 10.0.2.109 53352 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:47:49.003354 0.000000 tcp 10.0.2.109 53352 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:47:55.001817 0.052749 tcp 10.0.2.109 53353 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:55.054911 0.052271 tcp 10.0.2.109 53354 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:55.107577 0.144565 tcp 10.0.2.109 53355 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:47:55.261759 2.984251 tcp 10.0.2.109 53356 -> 176.73.51.253 1158 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:48:04.244473 0.000000 tcp 10.0.2.109 53356 -> 176.73.51.253 1158 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:48:10.263764 0.052805 tcp 10.0.2.109 53357 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:10.316922 0.053807 tcp 10.0.2.109 53358 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:10.370577 0.143831 tcp 10.0.2.109 53359 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:10.553076 2.995033 tcp 10.0.2.109 53360 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:48:19.546799 0.000000 tcp 10.0.2.109 53360 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:48:20.339997 3.002068 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 14:48:25.546211 0.051950 tcp 10.0.2.109 53361 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:25.598461 0.052036 tcp 10.0.2.109 53362 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:25.650821 0.148273 tcp 10.0.2.109 53363 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:25.869676 3.000102 tcp 10.0.2.109 53364 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:48:27.347636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:48:34.868829 0.000000 tcp 10.0.2.109 53364 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:48:35.349126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:48:40.867655 0.051458 tcp 10.0.2.109 53365 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:40.919442 0.817883 tcp 10.0.2.109 53366 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:41.737639 0.144413 tcp 10.0.2.109 53367 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:42.168774 3.004331 tcp 10.0.2.109 53368 -> 176.73.142.63 5203 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:48:51.171863 0.000000 tcp 10.0.2.109 53368 -> 176.73.142.63 5203 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:48:51.352344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:48:57.161418 0.051242 tcp 10.0.2.109 53369 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:57.212949 0.052592 tcp 10.0.2.109 53370 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:57.265892 0.145304 tcp 10.0.2.109 53371 -> 195.113.214.211 443 SRPA* 0 0 33 26044 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:48:57.429547 2.996158 tcp 10.0.2.109 53372 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:49:06.433935 0.000000 tcp 10.0.2.109 53372 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:49:12.423871 0.052043 tcp 10.0.2.109 53373 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:49:12.476226 0.052704 tcp 10.0.2.109 53374 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:49:12.529223 0.146137 tcp 10.0.2.109 53375 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:49:12.929119 2.998538 tcp 10.0.2.109 53376 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:49:21.925971 0.000000 tcp 10.0.2.109 53376 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:49:23.358314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:49:27.924934 3.004063 tcp 10.0.2.109 53377 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:49:36.927618 0.000000 tcp 10.0.2.109 53377 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:49:42.926366 3.004571 tcp 10.0.2.109 53378 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:49:51.929752 0.000000 tcp 10.0.2.109 53378 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:49:56.555993 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 14:49:57.928061 3.004061 tcp 10.0.2.109 53379 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:50:06.931246 0.000000 tcp 10.0.2.109 53379 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:50:12.929925 3.003718 tcp 10.0.2.109 53380 -> 176.73.51.253 1158 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:50:21.942976 0.000000 tcp 10.0.2.109 53380 -> 176.73.51.253 1158 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:50:27.931793 2.993893 tcp 10.0.2.109 53381 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:50:36.923783 0.000000 tcp 10.0.2.109 53381 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:50:41.561028 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 14:50:42.932706 2.994225 tcp 10.0.2.109 53382 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:50:51.925524 0.000000 tcp 10.0.2.109 53382 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:50:57.934663 3.004216 tcp 10.0.2.109 53383 -> 176.73.142.63 5203 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:51:06.937554 0.000000 tcp 10.0.2.109 53383 -> 176.73.142.63 5203 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:51:12.936282 3.003583 tcp 10.0.2.109 53384 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:51:21.938545 0.000000 tcp 10.0.2.109 53384 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:51:26.555721 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 14:53:31.034774 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 14:53:31.034893 0.049230 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:31.084495 0.159243 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:31.244223 0.088674 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:31.333269 0.162336 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:31.496010 0.189308 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:31.685727 0.166089 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:31.852241 0.142640 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:31.995270 0.049010 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:32.044704 0.047442 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:32.092537 0.054859 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:32.147783 0.045748 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:32.193898 0.173944 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:32.368231 0.136143 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:32.504720 0.152574 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:32.657619 0.137163 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:32.795178 0.143413 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:32.938910 0.196709 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:33.135957 0.120354 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:33.256648 0.293671 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:33.550657 0.156677 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:33.707748 0.204348 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:33.912497 0.155493 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:34.068405 0.313015 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:34.381783 0.181267 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:53:34.563438 0.341326 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/13 14:55:27.364459 3.001265 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 14:55:34.371659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:55:42.373603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:55:58.376518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:56:27.939489 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 14:56:27.939689 3.003416 tcp 10.0.2.109 53385 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:56:30.382503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 14:56:36.941716 0.000000 tcp 10.0.2.109 53385 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:56:42.942614 0.054475 tcp 10.0.2.109 53386 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:56:42.997017 0.053194 tcp 10.0.2.109 53387 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:56:43.050521 0.142158 tcp 10.0.2.109 53388 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:56:43.202804 2.992478 tcp 10.0.2.109 53389 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:56:52.204100 0.000000 tcp 10.0.2.109 53389 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:56:58.202993 0.052326 tcp 10.0.2.109 53390 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:56:58.255572 0.052222 tcp 10.0.2.109 53391 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:56:58.308076 0.150916 tcp 10.0.2.109 53392 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:56:58.468000 2.998790 tcp 10.0.2.109 53393 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:57:07.465713 0.000000 tcp 10.0.2.109 53393 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:57:13.464641 0.053054 tcp 10.0.2.109 53394 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:13.517992 0.052888 tcp 10.0.2.109 53395 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:13.571158 0.144002 tcp 10.0.2.109 53396 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:13.729773 2.998841 tcp 10.0.2.109 53397 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:57:22.727557 0.000000 tcp 10.0.2.109 53397 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:57:28.726697 0.052731 tcp 10.0.2.109 53398 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:28.779745 0.052423 tcp 10.0.2.109 53399 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:28.832394 0.142857 tcp 10.0.2.109 53400 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:28.988018 3.002961 tcp 10.0.2.109 53401 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:57:37.989881 0.000000 tcp 10.0.2.109 53401 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:57:43.988602 0.051049 tcp 10.0.2.109 53402 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:44.039933 0.054518 tcp 10.0.2.109 53403 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:44.094719 0.139605 tcp 10.0.2.109 53404 -> 195.113.214.211 443 SRPA* 0 0 26 13660 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:44.245058 3.007885 tcp 10.0.2.109 53405 -> 176.73.51.253 1158 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:57:53.251610 0.000000 tcp 10.0.2.109 53405 -> 176.73.51.253 1158 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:57:59.240758 0.051715 tcp 10.0.2.109 53406 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:59.292734 0.052595 tcp 10.0.2.109 53407 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:59.345630 0.146191 tcp 10.0.2.109 53408 -> 195.113.214.211 443 SRPA* 0 0 46 40162 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:57:59.502497 2.992301 tcp 10.0.2.109 53409 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:58:08.503283 0.000000 tcp 10.0.2.109 53409 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:58:14.502881 0.052543 tcp 10.0.2.109 53410 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:58:14.555705 0.053830 tcp 10.0.2.109 53411 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:58:14.609826 0.143010 tcp 10.0.2.109 53412 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:58:14.763960 3.003043 tcp 10.0.2.109 53413 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:58:23.765309 0.000000 tcp 10.0.2.109 53413 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:58:29.764285 0.052933 tcp 10.0.2.109 53414 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:58:29.817529 0.053733 tcp 10.0.2.109 53415 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:58:29.871549 0.142939 tcp 10.0.2.109 53416 -> 195.113.214.211 443 SRPA* 0 0 29 18472 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:58:30.025114 3.003182 tcp 10.0.2.109 53417 -> 176.73.142.63 5203 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:58:39.026933 0.000000 tcp 10.0.2.109 53417 -> 176.73.142.63 5203 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:58:45.026642 0.052244 tcp 10.0.2.109 53418 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:58:45.079218 0.052313 tcp 10.0.2.109 53419 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:58:45.131816 0.143409 tcp 10.0.2.109 53420 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/13 14:58:45.291423 2.998853 tcp 10.0.2.109 53421 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:58:54.289493 0.000000 tcp 10.0.2.109 53421 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:59:00.288213 3.004222 tcp 10.0.2.109 53422 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:59:09.290921 0.000000 tcp 10.0.2.109 53422 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:59:15.289701 3.003849 tcp 10.0.2.109 53423 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:59:24.302668 0.000000 tcp 10.0.2.109 53423 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:59:30.291340 2.993824 tcp 10.0.2.109 53424 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:59:35.057635 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 14:59:39.293844 0.000000 tcp 10.0.2.109 53424 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:59:45.292482 2.994596 tcp 10.0.2.109 53425 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 14:59:54.285132 0.000000 tcp 10.0.2.109 53425 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:00:00.294326 3.003762 tcp 10.0.2.109 53426 -> 176.73.51.253 1158 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:00:09.296848 0.000000 tcp 10.0.2.109 53426 -> 176.73.51.253 1158 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:00:15.296141 3.003697 tcp 10.0.2.109 53427 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:00:20.052227 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:00:24.298543 0.000000 tcp 10.0.2.109 53427 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:00:30.297288 3.004028 tcp 10.0.2.109 53428 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:00:39.300519 0.000000 tcp 10.0.2.109 53428 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:00:45.298912 3.004438 tcp 10.0.2.109 53429 -> 176.73.142.63 5203 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:00:54.301750 0.000000 tcp 10.0.2.109 53429 -> 176.73.142.63 5203 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:02:34.389245 3.000526 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 15:02:41.395789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:02:49.397298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:03:05.400570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:03:37.406061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:06:00.302514 0.000175 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:06:00.302787 2.993164 tcp 10.0.2.109 53430 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:06:09.294975 0.000000 tcp 10.0.2.109 53430 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:06:15.304911 0.053321 tcp 10.0.2.109 53431 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:06:15.358507 0.052787 tcp 10.0.2.109 53432 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:06:15.411581 0.147074 tcp 10.0.2.109 53433 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:06:15.584175 3.003636 tcp 10.0.2.109 53434 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:06:24.586476 0.000000 tcp 10.0.2.109 53434 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:06:30.585971 0.051942 tcp 10.0.2.109 53435 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:06:30.638216 0.053922 tcp 10.0.2.109 53436 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:06:30.692450 0.146105 tcp 10.0.2.109 53437 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:06:31.062815 2.997130 tcp 10.0.2.109 53438 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:06:40.059073 0.000000 tcp 10.0.2.109 53438 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:06:46.058076 0.052395 tcp 10.0.2.109 53439 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:06:46.110787 0.053567 tcp 10.0.2.109 53440 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:06:46.164667 0.864997 tcp 10.0.2.109 53441 -> 195.113.214.211 443 SRPA* 0 0 75 78328 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:06:47.113964 3.009497 tcp 10.0.2.109 53442 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:06:56.121768 0.000000 tcp 10.0.2.109 53442 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:07:02.111008 0.052672 tcp 10.0.2.109 53443 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:02.163481 0.052697 tcp 10.0.2.109 53444 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:02.216482 0.141217 tcp 10.0.2.109 53445 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:02.437783 2.987566 tcp 10.0.2.109 53446 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:07:11.434026 0.000000 tcp 10.0.2.109 53446 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:07:17.433130 0.052960 tcp 10.0.2.109 53447 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:17.485972 0.052732 tcp 10.0.2.109 53448 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:17.539003 0.141498 tcp 10.0.2.109 53449 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:17.712255 2.995179 tcp 10.0.2.109 53450 -> 176.73.51.253 1158 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:07:26.706234 0.000000 tcp 10.0.2.109 53450 -> 176.73.51.253 1158 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:07:32.704974 0.053468 tcp 10.0.2.109 53451 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:32.758730 0.053848 tcp 10.0.2.109 53452 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:32.812867 0.143436 tcp 10.0.2.109 53453 -> 195.113.214.211 443 SRPA* 0 0 46 40750 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:32.977613 3.001326 tcp 10.0.2.109 53454 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:07:41.977729 0.000000 tcp 10.0.2.109 53454 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:07:47.977335 0.051676 tcp 10.0.2.109 53455 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:48.029386 0.051586 tcp 10.0.2.109 53456 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:48.081220 0.143216 tcp 10.0.2.109 53457 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:07:48.354984 3.006132 tcp 10.0.2.109 53458 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:07:57.360260 0.000000 tcp 10.0.2.109 53458 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:08:03.349034 0.050513 tcp 10.0.2.109 53459 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:08:03.399866 0.052840 tcp 10.0.2.109 53460 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:08:03.452996 0.142919 tcp 10.0.2.109 53461 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:08:03.609137 3.004468 tcp 10.0.2.109 53462 -> 176.73.142.63 5203 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:08:12.611834 0.000000 tcp 10.0.2.109 53462 -> 176.73.142.63 5203 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:08:18.611113 0.052112 tcp 10.0.2.109 53463 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:08:18.663500 0.053176 tcp 10.0.2.109 53464 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:08:18.716997 0.144214 tcp 10.0.2.109 53465 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:08:18.880474 2.994696 tcp 10.0.2.109 53466 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:08:27.873743 0.000000 tcp 10.0.2.109 53466 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:08:33.872816 2.993765 tcp 10.0.2.109 53467 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:08:42.865691 0.000000 tcp 10.0.2.109 53467 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:08:48.874049 3.004036 tcp 10.0.2.109 53468 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:08:57.876737 0.000000 tcp 10.0.2.109 53468 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:09:03.876190 3.004117 tcp 10.0.2.109 53469 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:09:08.552241 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:09:12.878272 0.000000 tcp 10.0.2.109 53469 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:09:18.877343 3.004008 tcp 10.0.2.109 53470 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:09:27.879917 0.000000 tcp 10.0.2.109 53470 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:09:33.879190 3.004264 tcp 10.0.2.109 53471 -> 176.73.51.253 1158 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:09:41.412557 3.001077 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 15:09:42.882028 0.000000 tcp 10.0.2.109 53471 -> 176.73.51.253 1158 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:09:48.420187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:09:48.880538 2.994250 tcp 10.0.2.109 53472 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:09:53.557307 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:09:56.421499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:09:57.883670 0.000000 tcp 10.0.2.109 53472 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:10:03.882358 2.993545 tcp 10.0.2.109 53473 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:10:12.424856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:10:12.874895 0.000000 tcp 10.0.2.109 53473 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:10:18.883502 2.994236 tcp 10.0.2.109 53474 -> 176.73.142.63 5203 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:10:27.876101 0.000000 tcp 10.0.2.109 53474 -> 176.73.142.63 5203 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:10:44.430526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:15:33.887321 0.000178 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:15:33.887596 3.002924 tcp 10.0.2.109 53475 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:15:42.889337 0.000000 tcp 10.0.2.109 53475 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:15:48.889906 0.052385 tcp 10.0.2.109 53476 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:15:48.942570 0.053406 tcp 10.0.2.109 53477 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:15:48.996267 0.143243 tcp 10.0.2.109 53478 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:15:49.160772 3.001750 tcp 10.0.2.109 53479 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:15:58.161813 0.000000 tcp 10.0.2.109 53479 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:16:04.160267 0.051469 tcp 10.0.2.109 53480 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:04.211584 0.053718 tcp 10.0.2.109 53481 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:04.265108 0.144198 tcp 10.0.2.109 53482 -> 195.113.214.211 443 SRPA* 0 0 34 17906 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:04.680092 2.994795 tcp 10.0.2.109 53483 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:16:13.683584 0.000000 tcp 10.0.2.109 53483 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:16:19.672696 0.053300 tcp 10.0.2.109 53484 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:19.726285 0.053090 tcp 10.0.2.109 53485 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:19.779678 0.141096 tcp 10.0.2.109 53486 -> 195.113.214.211 443 SRPA* 0 0 38 30106 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:19.992454 2.994864 tcp 10.0.2.109 53487 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:16:28.985636 0.000000 tcp 10.0.2.109 53487 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:16:34.985034 0.051663 tcp 10.0.2.109 53488 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:35.036980 0.052206 tcp 10.0.2.109 53489 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:35.089526 0.141820 tcp 10.0.2.109 53490 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:35.325538 3.003530 tcp 10.0.2.109 53491 -> 176.73.51.253 1158 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:16:44.327640 0.000000 tcp 10.0.2.109 53491 -> 176.73.51.253 1158 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:16:48.436675 3.001122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 15:16:50.327323 0.052287 tcp 10.0.2.109 53492 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:50.379913 0.052882 tcp 10.0.2.109 53493 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:50.433083 0.144133 tcp 10.0.2.109 53494 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:16:50.599492 3.001775 tcp 10.0.2.109 53495 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:16:55.443644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:16:59.599342 0.000000 tcp 10.0.2.109 53495 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:17:03.445332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:17:05.599359 0.052484 tcp 10.0.2.109 53496 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:17:05.651697 0.053511 tcp 10.0.2.109 53497 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:17:05.705634 0.146579 tcp 10.0.2.109 53498 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:17:05.880748 3.002451 tcp 10.0.2.109 53499 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:17:14.881310 0.000000 tcp 10.0.2.109 53499 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:17:19.448514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:17:20.880591 0.053266 tcp 10.0.2.109 53500 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:17:20.934301 0.052371 tcp 10.0.2.109 53501 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:17:20.986516 0.147704 tcp 10.0.2.109 53502 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:17:21.202785 2.992029 tcp 10.0.2.109 53503 -> 176.73.142.63 5203 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:17:30.203339 0.000000 tcp 10.0.2.109 53503 -> 176.73.142.63 5203 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:17:36.202771 0.053182 tcp 10.0.2.109 53504 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:17:36.256261 0.052502 tcp 10.0.2.109 53505 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:17:36.309054 0.142786 tcp 10.0.2.109 53506 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:17:36.587446 2.999773 tcp 10.0.2.109 53507 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:17:45.585738 0.000000 tcp 10.0.2.109 53507 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:17:51.454113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:17:51.584723 3.004198 tcp 10.0.2.109 53508 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:18:00.587302 0.000000 tcp 10.0.2.109 53508 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:18:06.585957 3.004105 tcp 10.0.2.109 53509 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:18:15.588910 0.000000 tcp 10.0.2.109 53509 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:18:20.555723 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:18:21.587891 3.004307 tcp 10.0.2.109 53510 -> 46.49.87.149 3726 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:18:30.590725 0.000000 tcp 10.0.2.109 53510 -> 46.49.87.149 3726 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:18:36.589385 3.003921 tcp 10.0.2.109 53511 -> 176.73.51.253 1158 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:18:45.592437 0.000000 tcp 10.0.2.109 53511 -> 176.73.51.253 1158 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:18:51.591167 2.993776 tcp 10.0.2.109 53512 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:19:00.593403 0.000000 tcp 10.0.2.109 53512 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:19:05.561082 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:19:06.592789 2.993851 tcp 10.0.2.109 53513 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:19:15.585402 0.000000 tcp 10.0.2.109 53513 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:19:21.594378 3.003646 tcp 10.0.2.109 53514 -> 176.73.142.63 5203 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:19:30.596633 0.000000 tcp 10.0.2.109 53514 -> 176.73.142.63 5203 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:23:55.460948 3.001182 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 15:23:57.300276 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:23:57.300445 0.107849 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:57.392364 0.167369 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:57.556614 0.196083 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:57.749109 0.170014 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:57.915321 0.168752 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.060999 0.052076 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.124538 0.066333 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.174347 0.163435 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.350632 0.046596 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.388860 0.072285 rtp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.442029 0.048763 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.488526 0.183776 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.664812 0.164138 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.805848 0.194862 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:58.962883 0.159349 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:59.097855 0.154459 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:23:59.240649 0.000000 udp 10.0.2.109 3683 -> 108.199.165.214 9919 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:24:02.467764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:24:10.469480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:24:16.089502 0.053383 tcp 10.0.2.109 53515 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:24:16.143166 0.052629 tcp 10.0.2.109 53516 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:24:16.196086 0.146024 tcp 10.0.2.109 53517 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:24:16.340866 0.127232 rtp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:24:16.470890 0.345111 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:24:16.764175 1.602764 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:24:18.301583 0.214162 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 6 2502 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:24:18.511139 0.162441 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:24:18.668956 0.362971 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:24:19.038627 0.314140 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:24:19.358570 0.192041 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:24:26.472116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:24:36.597527 3.003773 tcp 10.0.2.109 53518 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:24:45.599631 0.000000 tcp 10.0.2.109 53518 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:24:51.598882 0.051815 tcp 10.0.2.109 53519 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:24:51.651019 0.054693 tcp 10.0.2.109 53520 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:24:51.706006 0.147367 tcp 10.0.2.109 53521 -> 195.113.214.211 443 SRPA* 0 0 46 41622 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:24:51.909274 3.003425 tcp 10.0.2.109 53522 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:24:58.478415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:25:00.911888 0.000000 tcp 10.0.2.109 53522 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:25:06.911261 0.052573 tcp 10.0.2.109 53523 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:06.964130 0.052142 tcp 10.0.2.109 53524 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:07.016545 0.144421 tcp 10.0.2.109 53525 -> 195.113.214.211 443 SRPA* 0 0 36 29998 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:07.192744 2.992750 tcp 10.0.2.109 53526 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:25:16.193927 0.000000 tcp 10.0.2.109 53526 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:25:22.193058 0.052626 tcp 10.0.2.109 53527 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:22.245975 0.054006 tcp 10.0.2.109 53528 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:22.300308 0.147885 tcp 10.0.2.109 53529 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:22.624827 2.992035 tcp 10.0.2.109 53530 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:25:31.616142 0.000000 tcp 10.0.2.109 53530 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:25:37.625130 0.052282 tcp 10.0.2.109 53531 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:37.677711 0.053724 tcp 10.0.2.109 53532 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:37.731773 0.142176 tcp 10.0.2.109 53533 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:37.893256 2.996232 tcp 10.0.2.109 53534 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:25:46.887843 0.000000 tcp 10.0.2.109 53534 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:25:52.886941 0.053630 tcp 10.0.2.109 53535 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:52.940423 0.052489 tcp 10.0.2.109 53536 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:52.993216 0.145103 tcp 10.0.2.109 53537 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:25:53.184017 3.007203 tcp 10.0.2.109 53538 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:26:02.189730 0.000000 tcp 10.0.2.109 53538 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:26:08.178447 3.004074 tcp 10.0.2.109 53539 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:26:17.181005 0.000000 tcp 10.0.2.109 53539 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:26:23.180191 3.004361 tcp 10.0.2.109 53540 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:26:32.193190 0.000000 tcp 10.0.2.109 53540 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:26:37.060250 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:26:38.181943 2.993676 tcp 10.0.2.109 53541 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:26:47.174114 0.000000 tcp 10.0.2.109 53541 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:26:53.183468 2.993981 tcp 10.0.2.109 53542 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:27:02.176091 0.000000 tcp 10.0.2.109 53542 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:31:02.484668 3.000873 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 15:31:09.491615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:31:17.493227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:31:33.495971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:32:05.502358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:32:08.186791 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:32:08.186885 3.003442 tcp 10.0.2.109 53543 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:32:17.189158 0.000000 tcp 10.0.2.109 53543 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:32:23.189466 0.054296 tcp 10.0.2.109 53544 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:32:23.244173 0.053313 tcp 10.0.2.109 53545 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:32:23.297849 0.141982 tcp 10.0.2.109 53546 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:32:23.449572 3.002791 tcp 10.0.2.109 53547 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:32:32.450923 0.000000 tcp 10.0.2.109 53547 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:32:38.450176 0.051771 tcp 10.0.2.109 53548 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:32:38.502430 0.053006 tcp 10.0.2.109 53549 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:32:38.555763 0.146017 tcp 10.0.2.109 53550 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:32:38.713067 3.001009 tcp 10.0.2.109 53551 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:32:47.722935 0.000000 tcp 10.0.2.109 53551 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:32:53.712313 0.052797 tcp 10.0.2.109 53552 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:32:53.765472 0.053953 tcp 10.0.2.109 53553 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:32:53.819781 0.142030 tcp 10.0.2.109 53554 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:32:53.977106 2.998769 tcp 10.0.2.109 53555 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:33:02.975131 0.000000 tcp 10.0.2.109 53555 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:33:08.974085 0.051441 tcp 10.0.2.109 53556 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:33:09.025300 0.053176 tcp 10.0.2.109 53557 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:33:09.078763 0.146612 tcp 10.0.2.109 53558 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:33:09.235587 3.002142 tcp 10.0.2.109 53559 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:33:18.236711 0.000000 tcp 10.0.2.109 53559 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:33:24.236271 0.066215 tcp 10.0.2.109 53560 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:33:24.302790 0.053445 tcp 10.0.2.109 53561 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:33:24.356508 0.143000 tcp 10.0.2.109 53562 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:33:24.511609 2.998379 tcp 10.0.2.109 53563 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:33:33.508849 0.000000 tcp 10.0.2.109 53563 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:33:39.507726 3.003936 tcp 10.0.2.109 53564 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:33:48.510226 0.000000 tcp 10.0.2.109 53564 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:33:54.508727 3.004830 tcp 10.0.2.109 53565 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:34:03.511693 0.000000 tcp 10.0.2.109 53565 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:34:09.510654 2.994360 tcp 10.0.2.109 53566 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:34:14.056859 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:34:18.513543 0.000000 tcp 10.0.2.109 53566 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:34:24.512136 2.993828 tcp 10.0.2.109 53567 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:34:33.504696 0.000000 tcp 10.0.2.109 53567 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:38:09.508425 3.001243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 15:38:16.515466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:38:24.516989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:38:40.520103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:39:12.526180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:39:39.515284 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:39:39.515458 3.003880 tcp 10.0.2.109 53568 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:39:48.517511 0.000000 tcp 10.0.2.109 53568 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:39:54.518015 0.052178 tcp 10.0.2.109 53569 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:39:54.570428 0.053359 tcp 10.0.2.109 53570 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:39:54.624104 0.144895 tcp 10.0.2.109 53571 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:39:54.820330 3.000765 tcp 10.0.2.109 53572 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:40:03.819503 0.000000 tcp 10.0.2.109 53572 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:40:09.819294 0.052000 tcp 10.0.2.109 53573 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:09.871613 0.056975 tcp 10.0.2.109 53574 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:09.928975 0.143317 tcp 10.0.2.109 53575 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:10.113962 3.008921 tcp 10.0.2.109 53576 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:40:19.121619 0.000000 tcp 10.0.2.109 53576 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:40:25.110943 0.051811 tcp 10.0.2.109 53577 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:25.163045 0.053418 tcp 10.0.2.109 53578 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:25.216757 0.141173 tcp 10.0.2.109 53579 -> 195.113.214.211 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:25.376869 2.998569 tcp 10.0.2.109 53580 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:40:34.383569 0.000000 tcp 10.0.2.109 53580 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:40:40.373326 0.052494 tcp 10.0.2.109 53581 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:40.425661 0.053043 tcp 10.0.2.109 53582 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:40.479026 0.144241 tcp 10.0.2.109 53583 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:40.639345 2.997395 tcp 10.0.2.109 53584 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:40:49.636097 0.000000 tcp 10.0.2.109 53584 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:40:55.635022 0.052314 tcp 10.0.2.109 53585 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:55.687633 0.074674 tcp 10.0.2.109 53586 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:55.762679 0.142328 tcp 10.0.2.109 53587 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:40:55.950966 2.998451 tcp 10.0.2.109 53588 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:41:04.947883 0.000000 tcp 10.0.2.109 53588 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:41:10.946803 3.004254 tcp 10.0.2.109 53589 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:41:19.949601 0.000000 tcp 10.0.2.109 53589 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:41:25.948146 3.003755 tcp 10.0.2.109 53590 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:41:34.951333 0.000000 tcp 10.0.2.109 53590 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:41:40.949897 3.004027 tcp 10.0.2.109 53591 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:41:45.556391 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:41:49.962681 0.000000 tcp 10.0.2.109 53591 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:41:55.951436 2.993679 tcp 10.0.2.109 53592 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:42:04.953988 0.000000 tcp 10.0.2.109 53592 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:45:16.532322 3.001586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 15:45:23.539583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:45:31.540730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:45:47.543919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:46:19.550336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:47:10.954729 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:47:10.954937 3.003680 tcp 10.0.2.109 53593 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:47:19.956826 0.000000 tcp 10.0.2.109 53593 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:47:25.957417 0.051908 tcp 10.0.2.109 53594 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:47:26.009642 0.052217 tcp 10.0.2.109 53595 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:47:26.062177 0.144396 tcp 10.0.2.109 53596 -> 195.113.214.211 443 SRPA* 0 0 29 15268 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:47:26.252011 2.998269 tcp 10.0.2.109 53597 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:47:35.249180 0.000000 tcp 10.0.2.109 53597 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:47:41.248107 0.053207 tcp 10.0.2.109 53598 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:47:41.301621 0.052309 tcp 10.0.2.109 53599 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:47:41.354258 0.142187 tcp 10.0.2.109 53600 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:47:41.530779 3.001807 tcp 10.0.2.109 53601 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:47:50.530664 0.000000 tcp 10.0.2.109 53601 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:47:56.530096 0.052575 tcp 10.0.2.109 53602 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:47:56.582589 0.053882 tcp 10.0.2.109 53603 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:47:56.636767 0.144986 tcp 10.0.2.109 53604 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:47:56.961455 2.993172 tcp 10.0.2.109 53605 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:48:05.963193 0.000000 tcp 10.0.2.109 53605 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:48:11.962446 0.072636 tcp 10.0.2.109 53606 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:48:12.035362 0.053829 tcp 10.0.2.109 53607 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:48:12.089048 0.142289 tcp 10.0.2.109 53608 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:48:12.260264 2.996219 tcp 10.0.2.109 53609 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:48:21.255225 0.000000 tcp 10.0.2.109 53609 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:48:27.254616 0.050775 tcp 10.0.2.109 53610 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:48:27.305784 0.051429 tcp 10.0.2.109 53611 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:48:27.357497 0.145605 tcp 10.0.2.109 53612 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:48:27.537262 3.000948 tcp 10.0.2.109 53613 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:48:36.536677 0.000000 tcp 10.0.2.109 53613 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:48:42.536151 3.003477 tcp 10.0.2.109 53614 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:48:51.538274 0.000000 tcp 10.0.2.109 53614 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:48:57.537516 3.003798 tcp 10.0.2.109 53615 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:49:06.539955 0.000000 tcp 10.0.2.109 53615 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:49:12.539132 3.003964 tcp 10.0.2.109 53616 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:49:17.055026 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:49:21.541508 0.000000 tcp 10.0.2.109 53616 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:49:27.540209 2.994328 tcp 10.0.2.109 53617 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:49:36.543647 0.000000 tcp 10.0.2.109 53617 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:52:23.556426 3.001400 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 15:52:30.563923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:52:38.565070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:52:54.567894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:53:26.574262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:54:47.791537 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:54:47.791803 0.000000 udp 10.0.2.109 3683 -> 108.199.165.214 9919 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:06.680600 0.053374 tcp 10.0.2.109 53618 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:06.734272 0.052823 tcp 10.0.2.109 53619 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:06.786949 0.147098 tcp 10.0.2.109 53620 -> 195.113.214.211 443 SRPA* 0 0 32 24222 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:06.934645 4.996458 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 7 2671 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.126268 4.988304 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 7 2538 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.293478 4.982456 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 7 2583 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.444957 4.975903 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 7 2432 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.547553 4.978577 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 7 2527 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.710516 4.974316 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 7 2483 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.762500 4.966148 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 7 2288 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.819476 4.994738 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 8 3329 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.856272 4.958416 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 7 2662 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.913646 4.996142 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 8 3053 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:07.960718 4.949472 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 7 2508 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:08.133363 4.946227 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 7 2466 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:08.275562 4.947188 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 7 2315 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:08.429710 4.949923 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 7 2524 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:08.647268 4.894438 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 7 2583 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:08.786538 4.892041 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 7 2600 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:08.931588 4.889076 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 7 2241 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:09.055947 4.884617 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 7 2597 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:09.341685 1.386447 rtp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:10.635994 3.780834 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 8 2995 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:10.844994 3.729202 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 8 2946 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:11.017559 0.344307 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:11.371995 0.312525 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:11.698049 0.195673 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:12.113956 0.000000 udp 10.0.2.109 3683 <- 172.6.250.142 9694 RSP 0 0 1 547 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:12.275382 0.000000 udp 10.0.2.109 3683 <- 107.214.174.97 6448 RSP 0 0 1 550 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:12.420358 0.000000 udp 10.0.2.109 3683 <- 67.71.166.60 5215 RSP 0 0 1 540 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:12.525690 0.000000 udp 10.0.2.109 3683 <- 79.23.255.212 5743 RSP 0 0 1 548 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:12.547158 3.003410 tcp 10.0.2.109 53621 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:55:12.684297 0.000000 udp 10.0.2.109 3683 <- 99.100.249.136 7827 RSP 0 0 1 543 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:12.728141 0.000000 udp 10.0.2.109 3683 <- 217.41.6.243 7642 RSP 0 0 1 548 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:12.778115 0.000000 udp 10.0.2.109 3683 <- 147.163.75.36 3026 RSP 0 0 1 540 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:12.863431 0.000000 udp 10.0.2.109 3683 <- 109.157.121.65 7375 RSP 0 0 1 549 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:13.079129 0.000000 udp 10.0.2.109 3683 <- 99.140.86.184 2221 RSP 0 0 1 550 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:13.222224 0.000000 udp 10.0.2.109 3683 <- 174.91.197.106 6066 RSP 0 0 1 547 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:13.379084 0.000000 udp 10.0.2.109 3683 <- 75.34.179.1 1841 RSP 0 0 1 540 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:13.541234 0.000000 udp 10.0.2.109 3683 <- 76.72.39.28 3825 RSP 0 0 1 543 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:13.678015 0.000000 udp 10.0.2.109 3683 <- 68.195.125.143 4222 RSP 0 0 1 550 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:13.820147 0.000000 udp 10.0.2.109 3683 <- 65.93.51.243 8004 RSP 0 0 1 546 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:13.940058 0.000000 udp 10.0.2.109 3683 <- 108.161.164.13 9770 RSP 0 0 1 539 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:14.207333 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 540 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:14.574704 2.204325 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:16.779588 0.312032 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:17.092177 0.181650 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 782 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:17.274439 0.342081 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 765 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:17.617199 0.294450 udp 10.0.2.109 3683 <-> 179.192.76.110 3874 CON 0 0 2 830 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:17.930261 0.000000 udp 10.0.2.109 3683 -> 90.221.168.78 6791 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:21.549039 0.000000 tcp 10.0.2.109 53621 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:55:24.573727 0.435891 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 769 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:25.019985 0.000000 udp 10.0.2.109 3683 -> 117.239.16.150 8356 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:27.548254 0.052233 tcp 10.0.2.109 53622 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:27.600746 0.051202 tcp 10.0.2.109 53623 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:27.652231 0.148142 tcp 10.0.2.109 53624 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:27.824913 3.007858 tcp 10.0.2.109 53625 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:55:33.496834 0.052623 udp 10.0.2.109 3683 <-> 93.198.205.176 8279 CON 0 0 2 792 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:55:33.557741 0.000000 udp 10.0.2.109 3683 -> 76.87.115.182 7373 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:36.831145 0.000000 tcp 10.0.2.109 53625 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:55:42.339667 0.000000 udp 10.0.2.109 3683 -> 70.64.137.53 7965 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:42.820650 0.051659 tcp 10.0.2.109 53626 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:42.872198 0.052053 tcp 10.0.2.109 53627 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:42.924592 0.141928 tcp 10.0.2.109 53628 -> 195.113.214.211 443 SRPA* 0 0 37 30896 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:43.084141 3.000725 tcp 10.0.2.109 53629 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:55:50.591372 0.000000 udp 10.0.2.109 3683 -> 98.213.115.19 5529 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:55:52.093554 0.000000 tcp 10.0.2.109 53629 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:55:58.082686 0.051763 tcp 10.0.2.109 53630 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:58.134691 0.051796 tcp 10.0.2.109 53631 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:58.186806 0.140266 tcp 10.0.2.109 53632 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:55:58.337118 2.999214 tcp 10.0.2.109 53633 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:55:58.803174 0.000000 udp 10.0.2.109 3683 -> 86.186.85.148 4899 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:56:04.771636 0.000000 udp 10.0.2.109 3683 -> 80.169.202.242 9327 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:56:07.335238 0.000000 tcp 10.0.2.109 53633 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:56:13.334738 0.051482 tcp 10.0.2.109 53634 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:56:13.386542 0.053137 tcp 10.0.2.109 53635 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:56:13.440013 0.140000 tcp 10.0.2.109 53636 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:56:13.603080 2.995087 tcp 10.0.2.109 53637 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:56:13.634112 0.000000 udp 10.0.2.109 3683 -> 67.214.9.223 4097 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:56:21.135398 0.000000 udp 10.0.2.109 3683 -> 1.1.130.42 9838 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:56:22.597288 0.000000 tcp 10.0.2.109 53637 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:56:27.073903 0.000000 udp 10.0.2.109 3683 -> 82.41.217.110 2645 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:56:28.596654 0.050615 tcp 10.0.2.109 53638 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:56:28.647553 0.052320 tcp 10.0.2.109 53639 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:56:28.700117 0.139646 tcp 10.0.2.109 53640 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/13 15:56:28.849090 3.001559 tcp 10.0.2.109 53641 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:56:34.244381 0.090259 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 841 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:56:34.355389 0.000000 udp 10.0.2.109 3683 -> 220.189.251.66 8575 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:56:37.849328 0.000000 tcp 10.0.2.109 53641 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:56:40.352544 0.000000 udp 10.0.2.109 3683 -> 81.34.46.227 9249 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:56:43.847587 3.004242 tcp 10.0.2.109 53642 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:56:48.384523 0.000000 udp 10.0.2.109 3683 -> 182.160.43.27 9379 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:56:52.850431 0.000000 tcp 10.0.2.109 53642 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:56:53.902124 0.060261 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:56:53.996606 0.000000 udp 10.0.2.109 3683 -> 91.40.63.62 4990 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:56:58.849093 3.004736 tcp 10.0.2.109 53643 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:57:01.653334 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:57:07.161597 0.168744 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 672 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:57:07.340806 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:57:07.852171 0.000000 tcp 10.0.2.109 53643 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:57:13.490794 0.201825 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 763 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:57:13.718787 0.136970 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 693 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:57:13.851034 2.993748 tcp 10.0.2.109 53644 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:57:13.874117 0.056187 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 773 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:57:13.944532 0.000000 udp 10.0.2.109 3683 -> 78.240.113.190 7230 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:57:18.057219 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:57:22.583467 0.000000 udp 10.0.2.109 3683 -> 124.149.1.47 5809 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:57:22.843977 0.000000 tcp 10.0.2.109 53644 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:57:28.852302 2.994597 tcp 10.0.2.109 53645 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:57:30.855144 0.000000 udp 10.0.2.109 3683 -> 178.215.221.180 7318 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:57:37.655320 0.051925 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 2 826 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:57:37.717784 0.000000 udp 10.0.2.109 3683 -> 92.232.219.88 1712 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:57:37.844968 0.000000 tcp 10.0.2.109 53645 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 15:57:44.244699 0.000000 udp 10.0.2.109 3683 -> 2.96.249.106 5820 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:57:51.515065 0.068051 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 796 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:57:51.595137 0.000000 udp 10.0.2.109 3683 -> 24.68.218.6 3480 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:57:59.356257 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:58:04.052972 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:58:05.775862 0.000000 udp 10.0.2.109 3683 -> 65.94.128.233 2487 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:58:11.703978 0.000000 udp 10.0.2.109 3683 -> 70.63.104.222 6280 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:58:20.316572 0.135318 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 835 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:58:20.492614 0.000000 udp 10.0.2.109 3683 -> 86.186.233.16 9368 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:58:26.595371 0.000000 udp 10.0.2.109 3683 -> 173.221.112.62 8592 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:58:32.984922 0.000000 udp 10.0.2.109 3683 -> 80.137.132.230 5052 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:58:38.973687 0.000000 udp 10.0.2.109 3683 -> 50.4.164.144 7465 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:58:45.983227 0.000000 udp 10.0.2.109 3683 -> 95.224.253.97 6524 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:58:50.559650 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:58:54.546038 0.518197 udp 10.0.2.109 3683 <-> 119.234.187.104 5726 CON 0 0 2 736 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:58:55.087807 0.000000 udp 10.0.2.109 3683 -> 81.149.9.157 1173 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:59:01.615962 0.000000 udp 10.0.2.109 3683 -> 99.5.94.150 4004 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:59:07.544634 0.081362 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 847 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:59:07.642300 0.314178 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:59:07.969621 0.226357 udp 10.0.2.109 3683 <-> 172.9.109.51 5643 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:59:08.219495 0.000000 udp 10.0.2.109 3683 -> 176.33.165.99 3439 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:59:16.817961 0.000000 udp 10.0.2.109 3683 -> 99.57.180.250 3360 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:59:25.159936 0.000000 udp 10.0.2.109 3683 -> 125.103.89.6 5085 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:59:30.580844 3.001357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 15:59:31.488963 0.000000 udp 10.0.2.109 3683 -> 87.17.95.221 6466 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:59:36.055384 0.000267 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 15:59:37.587658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:59:39.970726 0.245503 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 812 flow=From-Botnet-V1-UDP-Established 1970/01/13 15:59:40.386974 0.000000 udp 10.0.2.109 3683 -> 107.202.9.127 3836 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:59:45.589337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 15:59:46.570817 0.000000 udp 10.0.2.109 3683 -> 118.69.124.132 4662 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 15:59:54.582346 0.000000 udp 10.0.2.109 3683 -> 74.76.179.164 1293 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:00:01.592011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:00:02.624364 0.000000 udp 10.0.2.109 3683 -> 74.93.64.17 9073 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:00:09.123285 0.000000 udp 10.0.2.109 3683 -> 72.70.194.231 3380 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:00:14.330532 0.000000 udp 10.0.2.109 3683 -> 218.119.16.22 1744 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:00:23.213232 0.000000 udp 10.0.2.109 3683 -> 74.163.3.194 5481 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:00:28.059907 0.312184 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:00:28.390427 0.000000 udp 10.0.2.109 3683 -> 188.9.44.5 7479 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:00:33.717925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:00:35.230826 0.149833 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 706 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:00:35.392681 0.000000 udp 10.0.2.109 3683 -> 96.231.119.162 2198 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:00:43.763062 0.161380 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:00:44.028019 0.324966 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:00:44.380628 0.000000 udp 10.0.2.109 3683 -> 87.152.112.23 1178 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:00:52.555762 0.000000 udp 10.0.2.109 3683 -> 67.223.1.5 5628 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:00:57.703204 0.000000 udp 10.0.2.109 3683 -> 77.44.97.60 6233 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:01:04.873293 0.077914 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 729 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:01:04.992203 0.150057 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:01:05.186492 0.182268 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:01:05.379704 0.175516 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 712 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:01:05.587515 0.000000 udp 10.0.2.109 3683 -> 99.60.238.159 15414 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:01:10.851980 0.000000 udp 10.0.2.109 3683 -> 82.50.253.29 8102 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:01:15.678593 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:01:16.460230 0.000000 udp 10.0.2.109 3683 -> 96.56.118.106 4157 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:01:25.312570 0.000000 udp 10.0.2.109 3683 -> 97.91.183.124 3655 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:01:33.203952 0.137269 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:01:33.435826 0.000000 udp 10.0.2.109 3683 -> 99.60.181.75 4433 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:01:40.925204 0.000000 udp 10.0.2.109 3683 -> 78.87.211.164 6765 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:01:48.555954 0.000000 udp 10.0.2.109 3683 -> 86.139.39.206 4759 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:01:57.549025 0.000000 udp 10.0.2.109 3683 -> 203.37.90.131 2662 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:02:02.175484 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:02:05.831074 0.000000 udp 10.0.2.109 3683 -> 213.123.237.210 4919 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:02:13.021049 0.000000 udp 10.0.2.109 3683 -> 67.182.13.100 5082 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:02:19.961229 0.000000 udp 10.0.2.109 3683 -> 209.74.77.116 5072 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:02:26.600445 0.082311 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:02:26.776487 0.000000 udp 10.0.2.109 3683 -> 209.48.147.94 2748 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:02:34.782502 0.000000 udp 10.0.2.109 3683 -> 188.66.107.234 7151 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:02:39.879882 0.000000 udp 10.0.2.109 3683 -> 92.148.248.53 2845 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:02:43.976071 3.003356 tcp 10.0.2.109 53646 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:02:48.552046 0.000000 udp 10.0.2.109 3683 -> 72.197.243.218 5666 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:02:48.672320 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:02:52.978556 0.000000 tcp 10.0.2.109 53646 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:02:55.181918 0.000000 udp 10.0.2.109 3683 -> 78.188.176.205 4663 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:02:58.979412 0.053685 tcp 10.0.2.109 53647 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:02:59.033432 0.053114 tcp 10.0.2.109 53648 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:02:59.086869 0.141801 tcp 10.0.2.109 53649 -> 195.113.214.211 443 SRPA* 0 0 63 41002 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:02:59.335544 2.996328 tcp 10.0.2.109 53650 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:03:01.430404 0.000000 udp 10.0.2.109 3683 -> 78.167.82.62 5820 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:03:06.478353 0.000000 udp 10.0.2.109 3683 -> 76.160.222.129 2830 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:03:08.330159 0.000000 tcp 10.0.2.109 53650 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:03:14.008796 0.000000 udp 10.0.2.109 3683 -> 146.60.142.190 9349 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:03:14.329862 0.050665 tcp 10.0.2.109 53651 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:03:14.380848 0.053109 tcp 10.0.2.109 53652 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:03:14.434267 0.139645 tcp 10.0.2.109 53653 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:03:14.627098 2.996538 tcp 10.0.2.109 53654 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:03:20.728310 0.000000 udp 10.0.2.109 3683 -> 98.95.85.159 6206 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:03:23.632323 0.000000 tcp 10.0.2.109 53654 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:03:26.416353 0.000000 udp 10.0.2.109 3683 -> 78.29.210.225 1421 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:03:29.621617 0.051582 tcp 10.0.2.109 53655 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:03:29.673466 0.052777 tcp 10.0.2.109 53656 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:03:29.726548 0.146479 tcp 10.0.2.109 53657 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:03:29.899488 2.996042 tcp 10.0.2.109 53658 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:03:33.547746 0.000000 udp 10.0.2.109 3683 -> 96.35.227.151 1879 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:03:38.894271 0.000000 tcp 10.0.2.109 53658 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:03:39.255248 0.000000 udp 10.0.2.109 3683 -> 87.11.90.137 5858 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:03:44.853282 0.000000 udp 10.0.2.109 3683 -> 108.56.171.225 1707 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:03:44.893879 0.051531 tcp 10.0.2.109 53659 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:03:44.945670 0.052314 tcp 10.0.2.109 53660 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:03:44.998314 0.148407 tcp 10.0.2.109 53661 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:03:45.158403 2.999352 tcp 10.0.2.109 53662 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:03:51.883578 0.000000 udp 10.0.2.109 3683 -> 70.43.155.38 3440 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:03:54.156054 0.000000 tcp 10.0.2.109 53662 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:03:59.313957 0.000000 udp 10.0.2.109 3683 -> 95.226.138.116 7311 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:04:00.155632 0.051127 tcp 10.0.2.109 53663 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:04:00.207058 0.052905 tcp 10.0.2.109 53664 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:04:00.260302 0.143234 tcp 10.0.2.109 53665 -> 195.113.214.211 443 SRPA* 0 0 37 30896 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:04:00.415193 3.004330 tcp 10.0.2.109 53666 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:04:09.417969 0.000000 tcp 10.0.2.109 53666 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:04:15.416984 3.004388 tcp 10.0.2.109 53667 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:04:24.419534 0.000000 tcp 10.0.2.109 53667 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:04:30.418604 3.004063 tcp 10.0.2.109 53668 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:04:39.421682 0.000000 tcp 10.0.2.109 53668 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:04:45.420144 2.994550 tcp 10.0.2.109 53669 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:04:50.177127 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:04:54.423228 0.000000 tcp 10.0.2.109 53669 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:05:00.421635 2.994163 tcp 10.0.2.109 53670 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:05:09.414448 0.000000 tcp 10.0.2.109 53670 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:06:37.724631 3.001328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 16:06:44.731872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:06:52.732854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:07:08.735814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:07:40.742807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:10:15.425099 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:10:15.425268 3.003407 tcp 10.0.2.109 53671 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:10:24.427744 0.000000 tcp 10.0.2.109 53671 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:10:30.427737 0.051968 tcp 10.0.2.109 53672 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:10:30.479934 0.053008 tcp 10.0.2.109 53673 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:10:30.532806 0.144497 tcp 10.0.2.109 53674 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:10:30.711195 2.999411 tcp 10.0.2.109 53675 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:10:39.709344 0.000000 tcp 10.0.2.109 53675 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:10:45.708433 0.052179 tcp 10.0.2.109 53676 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:10:45.760976 0.053183 tcp 10.0.2.109 53677 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:10:45.814414 0.141451 tcp 10.0.2.109 53678 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:10:46.034937 2.997650 tcp 10.0.2.109 53679 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:10:55.031563 0.000000 tcp 10.0.2.109 53679 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:11:01.030635 0.051591 tcp 10.0.2.109 53680 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:11:01.082582 0.053477 tcp 10.0.2.109 53681 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:11:01.136332 0.140658 tcp 10.0.2.109 53682 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:11:01.299563 2.995545 tcp 10.0.2.109 53683 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:11:10.303314 0.000000 tcp 10.0.2.109 53683 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:11:16.292940 0.051042 tcp 10.0.2.109 53684 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:11:16.344286 0.051957 tcp 10.0.2.109 53685 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:11:16.396543 0.141337 tcp 10.0.2.109 53686 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:11:16.586234 3.000262 tcp 10.0.2.109 53687 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:11:25.585092 0.000000 tcp 10.0.2.109 53687 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:11:31.584737 0.051678 tcp 10.0.2.109 53688 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:11:31.636764 0.053870 tcp 10.0.2.109 53689 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:11:31.690440 0.140757 tcp 10.0.2.109 53690 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:11:31.852374 2.996219 tcp 10.0.2.109 53691 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:11:40.847569 0.000000 tcp 10.0.2.109 53691 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:11:46.846039 3.003981 tcp 10.0.2.109 53692 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:11:55.848992 0.000000 tcp 10.0.2.109 53692 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:12:01.847904 3.003624 tcp 10.0.2.109 53693 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:12:10.850639 0.000000 tcp 10.0.2.109 53693 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:12:16.849393 3.003790 tcp 10.0.2.109 53694 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:12:21.675953 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:12:25.851718 0.000000 tcp 10.0.2.109 53694 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:12:31.850926 2.994138 tcp 10.0.2.109 53695 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:12:40.853834 0.000000 tcp 10.0.2.109 53695 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:13:44.749611 2.999915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 16:13:51.755897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:13:59.757092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:14:15.759823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:14:47.765909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:17:46.854279 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:17:46.854451 3.003197 tcp 10.0.2.109 53696 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:17:55.856456 0.000000 tcp 10.0.2.109 53696 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:18:01.857374 0.053701 tcp 10.0.2.109 53697 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:01.911369 0.053392 tcp 10.0.2.109 53698 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:01.965037 0.144389 tcp 10.0.2.109 53699 -> 195.113.214.211 443 SRPA* 0 0 42 22478 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:02.192611 2.997104 tcp 10.0.2.109 53700 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:18:11.188823 0.000000 tcp 10.0.2.109 53700 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:18:17.187956 0.052164 tcp 10.0.2.109 53701 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:17.240422 0.052861 tcp 10.0.2.109 53702 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:17.293567 0.151148 tcp 10.0.2.109 53703 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:17.487857 3.004052 tcp 10.0.2.109 53704 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:18:26.490552 0.000000 tcp 10.0.2.109 53704 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:18:32.489516 0.052826 tcp 10.0.2.109 53705 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:32.542644 0.052138 tcp 10.0.2.109 53706 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:32.595082 0.145024 tcp 10.0.2.109 53707 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:32.753483 3.000536 tcp 10.0.2.109 53708 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:18:41.762290 0.000000 tcp 10.0.2.109 53708 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:18:47.751849 0.051336 tcp 10.0.2.109 53709 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:47.803528 0.052450 tcp 10.0.2.109 53710 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:47.856267 0.145305 tcp 10.0.2.109 53711 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:18:48.014536 3.000954 tcp 10.0.2.109 53712 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:18:57.014155 0.000000 tcp 10.0.2.109 53712 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:19:03.013940 0.050612 tcp 10.0.2.109 53713 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:19:03.064837 0.053292 tcp 10.0.2.109 53714 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:19:03.118470 0.145154 tcp 10.0.2.109 53715 -> 195.113.214.211 443 SRPA* 0 0 34 24942 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:19:03.295519 3.002055 tcp 10.0.2.109 53716 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:19:12.296422 0.000000 tcp 10.0.2.109 53716 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:19:18.295412 3.003767 tcp 10.0.2.109 53717 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:19:27.297822 0.000000 tcp 10.0.2.109 53717 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:19:33.296787 3.004313 tcp 10.0.2.109 53718 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:19:42.299545 0.000000 tcp 10.0.2.109 53718 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:19:47.176823 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:19:48.298054 3.004483 tcp 10.0.2.109 53719 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:19:57.301013 0.000000 tcp 10.0.2.109 53719 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:20:03.300080 3.003958 tcp 10.0.2.109 53720 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:20:12.312397 0.000000 tcp 10.0.2.109 53720 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:20:51.772501 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 16:20:58.779225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:21:06.780868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:21:22.783879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:21:54.789969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:27:58.796720 3.001274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 16:28:05.803328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:28:13.805423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:28:29.807917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:29:01.813985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:34:23.917781 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:34:23.917874 0.190372 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:24.104281 0.171599 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:24.273367 0.170909 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2542 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:24.422235 0.106867 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:24.513389 0.166337 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:24.676602 0.068052 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:24.727310 0.052409 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:24.790537 0.045483 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:24.826625 0.073304 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:24.879561 0.000000 udp 10.0.2.109 3683 -> 81.136.245.57 3409 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:34:33.361466 2.993363 tcp 10.0.2.109 53721 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:34:40.682833 0.052662 tcp 10.0.2.109 53722 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:34:40.735722 0.052081 tcp 10.0.2.109 53723 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:34:40.788102 0.143253 tcp 10.0.2.109 53724 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:34:40.931544 0.125805 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:41.085014 0.183640 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:41.261903 0.177109 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:41.417150 0.194207 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:41.577875 0.169954 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:41.759142 0.154452 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:41.905775 0.158076 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:42.042631 0.316119 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:42.323462 0.214187 rtp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:42.363635 0.000000 tcp 10.0.2.109 53721 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:34:42.533230 0.163960 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:42.691476 2.283712 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:44.924147 0.344004 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:45.271481 2.246993 rtp 10.0.2.109 3683 <-> 179.192.76.110 3874 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:47.460639 0.313034 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:47.797403 0.194830 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:47.985005 0.304732 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:48.254771 0.045704 udp 10.0.2.109 3683 <-> 93.198.205.176 8279 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:48.301312 0.126928 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:48.362646 0.052953 tcp 10.0.2.109 53725 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:34:48.387472 0.083926 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:48.415942 0.053085 tcp 10.0.2.109 53726 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:34:48.442601 0.173651 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:48.469322 0.144938 tcp 10.0.2.109 53727 -> 195.113.214.211 443 SRPA* 0 0 50 30098 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:34:48.624996 3.002308 tcp 10.0.2.109 53728 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:34:48.635915 0.187468 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:48.833365 0.045219 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:48.875220 0.155497 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:49.012003 0.079467 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:49.097245 0.071645 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:49.167436 0.196840 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:49.297291 0.750181 udp 10.0.2.109 3683 <-> 119.234.187.104 5726 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:49.807630 0.106053 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:49.882571 0.310802 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:34:50.190012 0.000000 udp 10.0.2.109 3683 -> 172.9.109.51 5643 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:34:57.625638 0.000000 tcp 10.0.2.109 53728 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:35:03.624549 0.050857 tcp 10.0.2.109 53729 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:03.675270 0.052416 tcp 10.0.2.109 53730 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:03.727964 0.141499 tcp 10.0.2.109 53731 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:03.885791 3.003272 tcp 10.0.2.109 53732 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:35:05.537189 0.052200 tcp 10.0.2.109 53733 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:05.589639 0.054130 tcp 10.0.2.109 53734 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:05.644064 0.140681 tcp 10.0.2.109 53735 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:05.785332 0.000000 udp 10.0.2.109 3683 -> 108.196.44.119 3295 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 16:35:05.820241 3.001314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 16:35:12.827314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:35:12.887379 0.000000 tcp 10.0.2.109 53732 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:35:18.886796 0.052690 tcp 10.0.2.109 53736 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:18.939784 0.053984 tcp 10.0.2.109 53737 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:18.994081 0.144004 tcp 10.0.2.109 53738 -> 195.113.214.211 443 SRPA* 0 0 38 30106 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:19.154061 3.007227 tcp 10.0.2.109 53739 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:35:20.829111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:35:22.391641 0.051963 tcp 10.0.2.109 53740 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:22.443881 0.053344 tcp 10.0.2.109 53741 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:22.497081 0.141829 tcp 10.0.2.109 53742 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:35:22.639663 0.152254 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:35:22.789944 0.201480 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:35:22.991818 0.076884 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:35:23.053230 0.189558 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:35:23.233096 0.175427 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:35:23.386972 0.111749 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 6 2568 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:35:23.460051 0.176538 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:35:23.634273 0.143452 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:35:23.772203 0.094626 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/13 16:35:28.159796 0.000000 tcp 10.0.2.109 53739 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:35:34.148646 3.004050 tcp 10.0.2.109 53743 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:35:36.831925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:35:43.151222 0.000000 tcp 10.0.2.109 53743 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:35:49.149951 3.003997 tcp 10.0.2.109 53744 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:35:58.162629 0.000000 tcp 10.0.2.109 53744 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:36:08.837953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:41:04.153284 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 16:41:04.153383 2.993821 tcp 10.0.2.109 53745 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:41:13.145688 0.000000 tcp 10.0.2.109 53745 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:41:19.155969 0.051830 tcp 10.0.2.109 53746 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:41:19.208080 0.052829 tcp 10.0.2.109 53747 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:41:19.260773 0.144570 tcp 10.0.2.109 53748 -> 195.113.214.211 443 SRPA* 0 0 39 26672 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:41:19.482904 2.996233 tcp 10.0.2.109 53749 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:41:28.477659 0.000000 tcp 10.0.2.109 53749 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:41:34.476619 0.051594 tcp 10.0.2.109 53750 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:41:34.528530 0.053808 tcp 10.0.2.109 53751 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:41:34.582698 0.142355 tcp 10.0.2.109 53752 -> 195.113.214.211 443 SRPA* 0 0 57 36348 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:41:34.767812 3.003281 tcp 10.0.2.109 53753 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:41:43.769903 0.000000 tcp 10.0.2.109 53753 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/13 16:41:49.768577 0.053006 tcp 10.0.2.109 53754 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:41:49.821893 0.052531 tcp 10.0.2.109 53755 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:41:49.874575 0.143677 tcp 10.0.2.109 53756 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:41:50.109844 1.176049 tcp 10.0.2.109 53757 -> 190.200.221.34 1330 FSPA* 0 0 15 1737 flow=From-Botnet-V1-TCP-Established 1970/01/13 16:42:12.844678 3.000795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 16:42:19.851626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:42:27.853292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:42:43.855921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:43:15.861749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:49:19.867699 3.001898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 16:49:26.875271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:49:34.877252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:49:50.880070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:50:22.885768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:56:26.892701 3.000594 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 16:56:33.899266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:56:41.901129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:56:57.903930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 16:57:29.909786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:03:33.916687 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 17:03:40.923703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:03:48.924966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:04:04.928059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:04:36.933867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:05:53.324084 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 17:05:53.324274 0.044579 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:05:53.369191 0.000000 udp 10.0.2.109 3683 -> 172.9.109.51 5643 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 17:06:09.999809 0.054186 tcp 10.0.2.109 53758 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:06:10.054279 0.054032 tcp 10.0.2.109 53759 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:06:10.108646 0.140845 tcp 10.0.2.109 53760 -> 195.113.214.211 443 SRPA* 0 0 39 31004 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:06:10.250094 0.201874 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:10.452412 0.160503 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:10.613338 0.146087 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:10.759856 0.048357 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:10.808661 0.035919 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:10.845068 0.050741 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:10.896205 0.165168 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:11.061762 0.048675 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:11.110827 0.089971 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:11.201213 0.265267 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:11.466849 0.120700 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:11.587966 0.156152 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:11.744527 0.166182 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:11.911140 0.144612 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:12.056114 0.137758 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:12.194282 0.171614 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:12.366444 0.137979 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:12.504794 0.290309 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:12.795469 0.207988 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:13.003830 0.158880 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:13.163083 4.474182 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:17.637722 0.355877 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:17.993984 0.312602 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:18.306921 2.729308 udp 10.0.2.109 3683 <-> 179.192.76.110 3874 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:21.036600 0.178288 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:21.215282 0.077854 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:21.293538 0.053837 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:21.347755 0.000000 udp 10.0.2.109 3683 -> 93.198.205.176 8279 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 17:06:39.109764 0.053531 tcp 10.0.2.109 53761 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:06:39.163181 0.052381 tcp 10.0.2.109 53762 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:06:39.215845 0.145875 tcp 10.0.2.109 53763 -> 195.113.214.211 443 SRPA* 0 0 34 26098 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:06:39.362341 0.185889 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:39.548631 0.050336 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:39.599400 0.132311 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:39.732065 0.046889 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:39.779398 0.317989 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:40.097767 0.167704 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:40.265876 0.078840 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:40.345088 0.070961 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:40.416385 0.132942 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:40.549668 0.489602 udp 10.0.2.109 3683 <-> 119.234.187.104 5726 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:41.039692 0.256405 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:41.296509 0.155465 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:41.452389 0.737744 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:42.190543 0.148633 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:42.339607 0.150322 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:42.490361 0.071513 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:42.562268 0.171974 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:42.734666 0.136912 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:42.871978 0.078754 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:06:42.951058 0.177939 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:10:40.939356 3.002469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 17:10:47.947552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:10:55.949034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:11:11.951967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:11:43.957542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:11:51.288659 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 17:11:51.288850 1.254230 tcp 10.0.2.109 53764 -> 190.200.221.34 1330 FSPA* 0 0 15 1710 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:17:47.964639 3.000908 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 17:17:54.970985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:18:02.972768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:18:18.976089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:18:50.981990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:24:54.988454 3.001134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 17:25:01.995280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:25:09.996656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:25:25.999874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:25:58.005491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:32:02.132649 3.000836 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 17:32:09.139587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:32:17.141043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:32:33.143789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:33:05.150179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:36:45.857878 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 17:36:45.857975 0.000000 udp 10.0.2.109 3683 -> 93.198.205.176 8279 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 17:37:03.274309 0.052631 tcp 10.0.2.109 53765 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:37:03.327227 0.052641 tcp 10.0.2.109 53766 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:37:03.380475 0.145392 tcp 10.0.2.109 53767 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:37:03.524317 0.044033 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:03.568789 0.160492 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:03.729754 0.147165 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:03.877264 0.050876 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:03.928503 0.034792 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:03.963652 0.050307 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:04.014485 0.166768 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:04.181609 0.203118 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:04.385097 0.188828 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:04.574333 0.120005 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:04.694752 0.155587 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:04.850782 0.049019 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:04.900169 0.089036 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:04.989576 0.135974 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:05.125987 0.176248 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:05.302722 0.139723 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:05.442851 0.315381 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:05.758623 0.202723 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:05.961654 0.135395 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:06.097511 0.171888 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:06.269768 0.157745 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:06.427915 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 17:37:22.930972 0.050955 tcp 10.0.2.109 53768 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:37:22.982256 0.052122 tcp 10.0.2.109 53769 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:37:23.034650 0.142684 tcp 10.0.2.109 53770 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:37:23.177947 0.356437 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:23.534895 0.311462 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:23.846770 0.290191 udp 10.0.2.109 3683 <-> 179.192.76.110 3874 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:24.137319 0.183236 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:24.320899 0.070521 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:24.391813 0.052730 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:24.444883 0.133154 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:24.578434 0.047726 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:24.626580 0.197756 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:24.824780 0.041377 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:24.866511 0.287707 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:25.154642 0.167931 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:25.322982 0.072345 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:25.395748 0.066560 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:25.462702 0.132034 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:25.595253 0.471505 udp 10.0.2.109 3683 <-> 119.234.187.104 5726 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:26.067170 0.272942 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:26.340539 0.152049 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:26.492970 0.000000 udp 10.0.2.109 3683 -> 80.177.149.34 2494 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 17:37:41.618270 0.052774 tcp 10.0.2.109 53771 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:37:41.671368 0.054070 tcp 10.0.2.109 53772 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:37:41.725701 0.142866 tcp 10.0.2.109 53773 -> 195.113.214.211 443 SRPA* 0 0 35 26150 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:37:41.869300 0.157061 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:42.026728 0.148895 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:42.175980 0.070881 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:42.247251 0.181425 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:42.429072 0.138595 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:42.568099 0.070787 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:37:42.639204 0.178703 rtcp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/13 17:39:09.156564 3.001141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 17:39:16.163129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:39:24.165070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:39:40.167888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:40:12.173752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:41:52.598427 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 17:41:52.598528 1.282714 tcp 10.0.2.109 53774 -> 190.200.221.34 1330 FSPA* 0 0 15 1688 flow=From-Botnet-V1-TCP-Established 1970/01/13 17:46:16.180131 3.001340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 17:46:23.187480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:46:31.299286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:46:47.302328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:47:19.308040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:53:23.314892 3.000584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 17:53:30.321532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:53:38.322721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:53:54.325807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 17:54:26.331999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:00:30.338427 3.000900 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 18:00:37.345186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:00:45.347259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:01:01.349615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:01:33.356146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:07:37.362950 3.000433 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 18:07:44.369468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:07:52.370802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:08:02.265597 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 18:08:02.265700 1.172098 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:03.438384 0.068635 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:03.507435 0.035714 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:03.543535 0.057730 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:03.601672 0.146334 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:03.748401 0.161933 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:03.910729 0.044249 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:03.955390 0.049918 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:04.005728 0.188844 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:04.195020 0.120121 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:04.315554 0.152266 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:04.468266 0.051241 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:04.519921 0.089847 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:04.610188 0.166327 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:04.776897 0.201800 udp 10.0.2.109 3683 <-> 108.196.44.119 3295 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:04.979100 0.202837 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:05.182348 0.137568 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:05.320247 0.140858 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:05.461512 0.309701 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:05.771675 0.167721 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:05.939799 0.136019 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:06.076230 0.154631 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:06.231259 0.173965 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:06.405691 0.358366 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:06.764396 0.310561 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:07.075297 2.631915 udp 10.0.2.109 3683 <-> 179.192.76.110 3874 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:08.373611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:08:09.707569 0.052419 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:09.760350 0.135379 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:09.896139 0.046320 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:09.942830 0.184832 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:10.128104 0.048371 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:10.176902 0.070809 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:10.248044 0.187241 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:10.435705 0.173521 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:10.609632 0.080213 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:10.690280 0.070172 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:10.760832 0.133886 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:10.895082 0.271859 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:11.167342 0.484019 udp 10.0.2.109 3683 <-> 119.234.187.104 5726 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:11.651824 0.349448 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:12.001644 0.153820 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:12.155822 0.151592 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:12.307803 0.144825 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:12.453081 0.070811 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:12.524248 0.235484 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:12.760172 0.138439 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:12.899007 0.073898 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:12.973242 0.179436 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:08:40.379581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:11:53.938698 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 18:11:53.938795 0.988320 tcp 10.0.2.109 53775 -> 190.200.221.34 1330 SPA_* 0 0 9 1235 flow=From-Botnet-V1-TCP-Established 1970/01/13 18:12:00.077765 0.057187 tcp 10.0.2.109 53775 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/13 18:14:44.386134 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 18:14:51.393511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:14:59.394667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:15:15.398174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:15:47.404133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:21:51.409664 3.002170 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 18:21:58.417238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:22:06.418788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:22:22.421495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:22:54.427909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:28:58.434694 3.000761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 18:29:05.441498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:29:13.443164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:29:29.445945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:30:01.452001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:36:05.458185 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 18:36:12.465054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:36:20.466726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:36:36.469778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:37:08.475684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:38:37.944478 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 18:38:37.944567 0.064668 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:38.009619 0.056095 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:38.066072 0.144495 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:38.210995 0.162042 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:38.373447 0.044391 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:38.418423 0.050857 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:38.469635 1.595905 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:40.065954 0.343357 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:40.409772 0.184076 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:40.594291 0.119274 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:40.713976 0.153499 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:40.867831 0.050071 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:40.918345 0.102412 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:41.021133 0.164813 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:41.186370 0.000000 udp 10.0.2.109 3683 -> 108.196.44.119 3295 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 18:38:58.595763 0.054032 tcp 10.0.2.109 53776 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 18:38:58.650011 0.053600 tcp 10.0.2.109 53777 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 18:38:58.703867 0.150361 tcp 10.0.2.109 53778 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/13 18:38:58.854913 0.142368 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:58.997628 0.279918 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:59.277973 0.158958 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:59.437321 0.132551 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:59.570237 0.214627 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:59.785258 0.144376 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:38:59.930036 0.156492 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:00.086940 0.710756 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:00.798208 0.339512 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:01.138114 0.311520 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:01.450036 0.132554 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:01.583010 0.045759 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:01.629108 0.264009 udp 10.0.2.109 3683 <-> 179.192.76.110 3874 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:01.893469 0.046534 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:01.940406 0.185509 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:02.126289 0.049566 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:02.176285 0.079202 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:02.255842 0.187688 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:02.443932 0.171344 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:02.615719 0.071509 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:02.687608 0.067862 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:02.755913 0.134694 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:02.891006 0.209815 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:03.101229 0.273808 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:03.375395 0.484157 udp 10.0.2.109 3683 <-> 119.234.187.104 5726 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:03.859961 0.151888 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:04.012240 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 18:39:22.799757 0.052901 tcp 10.0.2.109 53779 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 18:39:22.852929 0.053672 tcp 10.0.2.109 53780 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 18:39:22.906919 0.135836 tcp 10.0.2.109 53781 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/13 18:39:23.042539 0.145754 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:23.188617 0.069028 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:23.258055 0.170709 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:23.429183 0.136709 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:23.566340 0.077437 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:39:23.644219 0.195408 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/13 18:42:00.135809 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 18:42:00.136053 1.367899 tcp 10.0.2.109 53782 -> 190.200.221.34 1330 FSPA* 0 0 15 1645 flow=From-Botnet-V1-TCP-Established 1970/01/13 18:43:12.482937 3.000337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 18:43:19.488864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:43:27.490833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:43:43.494047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:44:15.500073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:50:19.505765 3.001774 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 18:50:26.513437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:50:34.514543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:50:50.517717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:51:22.523969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:57:26.529922 3.001098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 18:57:33.537294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:57:41.538861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:57:57.541640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 18:58:29.547801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:04:33.553535 3.011497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 19:04:40.571160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:04:48.572429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:05:04.575498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:05:36.581754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:09:48.845302 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 19:09:48.845401 0.000000 udp 10.0.2.109 3683 -> 108.196.44.119 3295 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 19:10:07.523163 0.032346 tcp 10.0.2.109 53783 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:10:07.555729 0.032611 tcp 10.0.2.109 53784 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:10:07.588614 0.125682 tcp 10.0.2.109 53785 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:10:07.714988 0.149109 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:07.864542 0.054878 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:07.919838 0.036203 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:07.956374 0.044165 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:08.000972 0.049872 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:08.051253 0.163435 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:08.215117 0.143865 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:08.359339 0.981673 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:09.341427 0.510071 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:09.851921 0.050508 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:09.902873 0.089936 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:09.993236 0.151532 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:10.145210 0.123087 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:10.268727 0.189475 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:10.458658 0.166795 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:10.625919 0.143431 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:10.769726 0.283146 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:11.053359 0.135277 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:11.189063 0.207531 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:11.397011 0.135590 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:11.533027 0.155449 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:11.688932 0.159304 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:11.848690 0.173008 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:12.022131 0.134216 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:12.156707 0.045176 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:12.202310 0.274133 udp 10.0.2.109 3683 <-> 179.192.76.110 3874 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:12.476855 0.052981 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:12.530272 0.342562 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:12.873184 0.311329 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:13.184878 0.067865 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:13.253155 0.181721 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:13.435240 0.170880 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:13.606563 0.087804 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:13.694787 0.070574 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:13.765809 0.131065 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:13.897319 0.186297 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:14.084036 0.042463 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:14.126914 0.000000 udp 10.0.2.109 3683 -> 119.234.187.104 5726 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 19:10:30.845823 0.030803 tcp 10.0.2.109 53786 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:10:30.876465 0.031339 tcp 10.0.2.109 53787 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:10:30.908119 0.143801 tcp 10.0.2.109 53788 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:10:31.052563 0.154653 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:31.207633 0.260004 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:31.468039 0.330081 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:31.798543 0.170945 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:31.969906 0.143998 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:32.114365 1.039913 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:33.154711 0.177188 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:33.332340 0.146266 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:10:33.479016 0.071426 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:11:40.588100 3.001449 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 19:11:47.595245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:11:55.596394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:12:01.505337 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 19:12:01.505433 1.389183 tcp 10.0.2.109 53789 -> 190.200.221.34 1330 FSPA* 0 0 15 1691 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:12:11.599924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:12:43.605458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:18:47.612595 3.000661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 19:18:54.619486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:19:02.620704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:19:18.623843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:19:50.629273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:25:54.635568 3.001757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 19:26:01.643665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:26:09.645240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:26:25.647379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:26:57.653452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:33:01.659747 3.001676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 19:33:08.666938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:33:16.668523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:33:32.671864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:34:04.677725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:40:08.684060 3.000777 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 19:40:15.691229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:40:23.692317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:40:39.695460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:40:41.818748 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 19:40:41.818958 0.000000 udp 10.0.2.109 3683 -> 119.234.187.104 5726 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 19:40:59.735689 0.031776 tcp 10.0.2.109 53790 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:40:59.767709 0.030498 tcp 10.0.2.109 53791 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:40:59.798537 0.123144 tcp 10.0.2.109 53792 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:40:59.922522 0.036357 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:40:59.959274 0.044111 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:00.003721 0.149193 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:00.153320 0.053556 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:00.207274 0.145009 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:00.352621 0.050845 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:00.403881 0.161418 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:00.565727 0.049525 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:00.615721 2.055975 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:02.672199 0.089152 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:02.761729 0.063524 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:02.825595 0.121264 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:02.947291 0.156429 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:03.104150 0.141469 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:03.245959 0.166476 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:03.412793 0.183845 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:03.597043 0.306959 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:03.904419 0.207172 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:04.112004 0.136440 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:04.248863 0.157609 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:04.406904 0.158827 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:04.566263 0.134687 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:04.701353 0.045645 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:04.747426 0.269668 udp 10.0.2.109 3683 <-> 179.192.76.110 3874 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:05.017450 0.054176 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:05.072040 0.347626 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:05.420036 0.134367 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:05.554843 0.172673 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:05.727864 0.081353 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:05.809599 0.177529 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:05.987514 0.164683 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:06.152543 0.070517 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:06.223469 0.067077 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:06.290952 0.133746 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:06.425044 0.310319 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:06.735745 0.198730 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:06.934842 0.047381 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:06.982617 0.158931 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:07.141933 0.282161 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:07.424511 0.000000 udp 10.0.2.109 3683 -> 99.186.18.66 4605 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 19:41:11.701585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:41:25.101292 0.030611 tcp 10.0.2.109 53793 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:41:25.132137 0.031551 tcp 10.0.2.109 53794 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:41:25.163972 0.121537 tcp 10.0.2.109 53795 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:41:25.286085 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 19:41:42.055628 0.030434 tcp 10.0.2.109 53796 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:41:42.086366 0.031164 tcp 10.0.2.109 53797 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:41:42.117867 0.120800 tcp 10.0.2.109 53798 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:41:42.239297 0.139928 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:42.379672 0.147415 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:42.527433 0.070523 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:42.598370 0.077697 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:41:42.676510 0.178468 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/13 19:42:02.895443 1.792419 tcp 10.0.2.109 53799 -> 190.200.221.34 1330 SPA_* 0 0 9 1134 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:42:11.585698 0.050542 tcp 10.0.2.109 53799 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/13 19:47:15.708117 3.001354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 19:47:22.714559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:47:30.716205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:47:46.719509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:48:18.725120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:54:22.731853 3.001643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 19:54:29.738721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:54:37.740160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:54:53.743689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 19:55:25.749265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:01:29.756361 3.000619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 20:01:36.763287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:01:44.764680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:02:00.767316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:02:32.773185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:08:36.779583 3.001541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 20:08:43.786573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:08:51.788479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:09:07.791024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:09:39.797257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:11:58.677351 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 20:11:58.677449 0.265083 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:58.942884 0.172899 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.116181 0.035438 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.152033 0.051431 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.203879 0.144170 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.348479 0.048901 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.397847 0.160978 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.559190 0.056283 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.615886 0.201596 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.817886 0.042135 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.860405 0.100834 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:11:59.961696 2.883277 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:02.845392 0.120526 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:02.966340 0.064612 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:03.031357 0.183910 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:03.215667 0.150321 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:03.366500 0.283525 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:03.650435 0.167111 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:03.817874 0.139718 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:03.958035 0.156456 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:04.114945 0.163263 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:04.278593 0.136809 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:04.415759 0.045892 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:04.462111 0.143590 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:04.606050 0.203502 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:04.809946 0.173331 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:04.983720 0.088081 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:05.072211 0.186670 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:05.259261 0.000000 udp 10.0.2.109 3683 -> 179.192.76.110 3874 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 20:12:11.635974 1.293163 tcp 10.0.2.109 53800 -> 190.200.221.34 1330 FSPA* 0 0 15 1583 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:12:23.935683 0.030446 tcp 10.0.2.109 53801 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:12:23.966409 0.031454 tcp 10.0.2.109 53802 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:12:23.998108 0.123896 tcp 10.0.2.109 53803 -> 195.113.214.211 443 SRPA* 0 0 38 19178 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:12:24.122217 0.359342 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:24.481943 0.045602 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:24.527922 0.133620 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:24.661894 0.067679 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:24.729912 0.133779 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:24.864090 0.312908 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:25.177426 0.186760 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:25.364586 0.042884 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:25.407871 0.172414 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:25.580702 0.073623 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:25.654654 0.344257 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:25.999346 0.152355 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:26.152077 0.068279 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:26.220742 0.074918 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:26.296150 0.179981 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:26.476551 0.136360 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:12:26.613318 0.147199 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:15:43.803773 3.000946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 20:15:50.810698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:15:58.812650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:16:14.815217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:16:46.821122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:22:50.827224 3.001958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 20:22:57.834834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:23:05.836297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:23:21.839422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:23:53.845192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:29:57.851595 3.001009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 20:30:04.858586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:30:12.859933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:30:28.862881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:31:00.868933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:37:04.875679 3.001276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 20:37:11.882742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:37:19.884419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:37:35.887508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:38:07.892900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:42:12.935793 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 20:42:12.935919 1.952386 tcp 10.0.2.109 53804 -> 190.200.221.34 1330 FSPA* 0 0 15 1698 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:42:27.606911 0.000000 udp 10.0.2.109 3683 -> 179.192.76.110 3874 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 20:42:43.901564 0.053299 tcp 10.0.2.109 53805 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:42:43.955101 0.052231 tcp 10.0.2.109 53806 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:42:44.007694 0.153449 tcp 10.0.2.109 53807 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:42:44.161639 0.227984 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:44.390067 0.035938 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:44.426357 0.051838 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:44.478635 0.146061 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:44.625118 0.049772 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:44.675233 0.160712 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:44.836298 0.054062 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:44.890763 0.149382 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:45.040661 0.042071 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:45.083133 0.102002 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:42:45.185483 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 20:43:03.789112 0.050346 tcp 10.0.2.109 53808 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:43:03.839740 0.052770 tcp 10.0.2.109 53809 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:43:03.892800 0.148523 tcp 10.0.2.109 53810 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/13 20:43:04.040052 2.205081 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:06.245500 0.121175 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:06.367070 0.152664 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:06.520137 0.321666 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:06.842212 0.167243 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:07.009888 0.141272 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:07.151555 0.064895 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:07.216849 0.184080 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:07.401294 0.138398 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:07.540023 0.045966 udp 10.0.2.109 3683 <-> 85.176.84.55 6133 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:07.586437 0.138011 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:07.724869 0.203455 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:07.928757 0.171947 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:08.101037 0.207757 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:08.309182 0.156618 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:08.466326 0.181459 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:08.648144 0.081205 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:08.729745 0.133655 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:08.863745 0.069754 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:08.933931 0.138335 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:09.072647 0.361806 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:09.434852 0.048613 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:09.483825 0.310780 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:09.795013 0.278042 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:10.073452 0.040300 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:10.114117 0.165309 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:10.279778 0.065627 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:10.345839 0.074135 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:10.420394 0.076756 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:10.497725 0.177973 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:10.676123 0.141106 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:10.817619 0.147004 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:10.965034 0.279862 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:43:11.245288 0.155139 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/13 20:44:11.919748 3.001072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 20:44:18.926902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:44:26.927980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:44:42.931083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:45:14.937024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:51:18.943951 3.001194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 20:51:25.950524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:51:33.952377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:51:49.954955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:52:21.961321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:58:25.967085 3.001828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 20:58:32.974702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:58:40.976056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:58:56.978852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 20:59:28.985114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:05:32.991479 3.001609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 21:05:39.998792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:05:47.999813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:06:04.003499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:06:36.009374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:12:14.896714 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 21:12:14.896958 2.094927 tcp 10.0.2.109 53811 -> 190.200.221.34 1330 SPA_* 0 0 9 1072 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:12:21.413437 0.018837 tcp 10.0.2.109 53811 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:12:40.015032 3.001773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 21:12:47.022673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:12:55.023870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:13:11.026692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:13:30.355477 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 21:13:30.355567 0.171426 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:30.527371 0.054631 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:30.582499 0.141414 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:30.724342 0.051115 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:30.775896 0.162178 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:30.938426 0.053806 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:30.992660 0.306136 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:31.299220 0.034348 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:31.333979 0.102431 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:31.436852 0.044320 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:31.481515 0.159670 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:31.641585 0.153402 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:31.795347 0.336178 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:32.131920 0.164895 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:32.297219 2.314079 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:34.611705 0.120974 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:34.733156 0.142083 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:34.875641 0.457188 rtcp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:35.333222 0.190021 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:35.523572 0.138650 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:35.662838 0.000000 udp 10.0.2.109 3683 -> 85.176.84.55 6133 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 21:13:43.043282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:13:50.795991 0.052603 tcp 10.0.2.109 53812 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:13:50.848622 0.053255 tcp 10.0.2.109 53813 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:13:50.902193 0.141027 tcp 10.0.2.109 53814 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:13:51.043827 0.143341 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:51.187575 0.207288 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:51.395290 0.176737 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:51.574873 0.160843 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:51.736052 0.154488 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:51.890951 0.182021 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:52.073326 0.186101 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:52.259787 0.132051 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:52.392247 0.067297 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:52.459903 0.051640 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:52.511978 0.311182 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:52.823587 0.134534 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:52.958461 0.354989 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:53.313851 0.470467 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:53.784689 0.040723 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:53.825864 0.169804 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:53.996078 0.071322 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:54.067844 0.070511 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:54.138777 0.077231 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:54.216345 0.176786 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:54.393493 0.135817 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:54.529724 0.151878 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:54.681991 0.504811 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:13:55.187231 0.151273 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:19:47.048989 3.001674 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 21:19:54.056543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:20:02.058328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:20:18.061040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:20:50.067061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:26:54.073528 3.001275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 21:27:01.080577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:27:09.081818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:27:25.085302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:27:57.090731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:34:01.097226 3.001667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 21:34:08.104542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:34:16.105828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:34:32.108908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:35:04.114898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:41:08.121909 3.000960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 21:41:15.128194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:41:23.129620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:41:39.132689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:42:11.149315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:42:21.434290 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 21:42:21.434386 0.674086 tcp 10.0.2.109 53815 -> 190.200.221.34 1330 SPA_* 0 0 9 1226 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:42:27.221046 0.033999 tcp 10.0.2.109 53815 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:44:22.438106 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 21:44:22.438324 0.000000 udp 10.0.2.109 3683 -> 85.176.84.55 6133 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 21:44:39.494242 0.052451 tcp 10.0.2.109 53816 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:44:39.547003 0.052390 tcp 10.0.2.109 53817 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:44:39.599740 0.145509 tcp 10.0.2.109 53818 -> 195.113.214.211 443 SRPA* 0 0 32 22198 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:44:39.746170 0.143365 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:39.889947 0.050137 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:39.943213 0.161362 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:40.104933 0.053945 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:40.159291 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 21:44:55.385861 0.052618 tcp 10.0.2.109 53819 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:44:55.438777 0.053386 tcp 10.0.2.109 53820 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:44:55.492008 0.144828 tcp 10.0.2.109 53821 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/13 21:44:55.637448 0.053909 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:55.691786 0.035156 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:55.727404 0.088835 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:55.816673 0.045230 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:55.862271 0.337737 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:56.200404 0.153187 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:56.354039 0.148889 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:56.503324 0.166298 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:56.669966 0.252797 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:56.923157 1.662168 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:58.585722 0.121033 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:58.707157 0.140250 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:58.847841 0.189649 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:59.037903 0.212089 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:59.250568 0.137897 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:59.388879 0.136183 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:59.525451 0.207335 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:59.733177 0.174049 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:44:59.907633 0.159033 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:00.067030 0.154730 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:00.222361 0.133454 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:00.356169 0.071475 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:00.428082 0.045500 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:00.473921 0.311060 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:00.785323 0.144271 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:00.929937 0.181642 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:01.111994 0.076757 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:01.189114 0.346108 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:01.535668 0.191621 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:01.727674 0.044636 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:01.772712 0.166031 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:01.939156 0.074406 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:02.013915 0.178265 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:02.192624 0.145193 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:02.338250 0.146918 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:02.485566 0.070726 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:02.556703 0.069785 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:02.626895 0.424879 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:45:03.052139 0.153359 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/13 21:48:15.156148 3.000482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 21:48:22.162687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:48:30.164211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:48:46.166902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:49:18.173204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:55:22.178768 3.001685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 21:55:29.185978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:55:37.188178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:55:53.191105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 21:56:25.197236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:02:29.203468 3.000974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 22:02:36.210576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:02:44.211476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:03:00.214529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:03:32.221102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:09:36.227103 3.001246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 22:09:43.233920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:09:51.235714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:10:07.238446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:10:39.244697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:12:27.260648 0.000165 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 22:12:27.260905 1.994187 tcp 10.0.2.109 53822 -> 190.200.221.34 1330 SPA_* 0 0 9 1020 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:12:36.861308 0.117227 tcp 10.0.2.109 53822 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:15:19.748260 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 22:15:19.748369 0.174581 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:19.923371 0.144609 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.068374 0.049917 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.118744 0.162523 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.281643 0.055095 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.337150 0.056786 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.394491 0.034359 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.429279 0.090117 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.519757 0.042635 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.562799 0.188890 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.752099 0.166348 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:20.918826 0.296773 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:21.218796 0.274833 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:21.494052 0.154108 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:21.648555 0.139076 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:21.788041 4.140104 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:25.928456 0.119464 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:26.048331 0.184400 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:26.233204 0.218991 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:26.452608 0.134490 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:26.587528 0.136803 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:26.724709 0.202628 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:26.927718 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 22:15:43.754753 0.080899 tcp 10.0.2.109 53823 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:15:43.835955 0.051639 tcp 10.0.2.109 53824 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:15:43.887890 0.141116 tcp 10.0.2.109 53825 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:15:44.029573 0.134818 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:15:44.164729 0.000000 udp 10.0.2.109 3683 -> 24.133.153.242 3636 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 22:16:02.740551 0.051628 tcp 10.0.2.109 53826 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:16:02.792504 0.052981 tcp 10.0.2.109 53827 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:16:02.845840 0.149318 tcp 10.0.2.109 53828 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:16:02.995663 0.051779 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:03.047844 0.340304 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:03.388588 0.130525 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:03.519512 0.158605 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:03.678555 0.156478 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:03.835390 0.183874 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:04.019677 0.083638 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:04.103673 0.357319 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:04.461393 0.386808 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:04.848673 0.043959 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:04.893267 0.169939 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:05.063645 0.076848 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:05.140955 0.151365 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:05.292726 0.076129 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:05.369228 0.070833 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:05.440470 0.178859 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:05.619764 0.133359 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:05.753537 0.295793 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:06.049743 0.153038 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:16:43.251152 3.000981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 22:16:50.258168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:16:58.259850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:17:14.263024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:17:46.268736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:23:50.275408 3.000804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 22:23:57.282237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:24:05.283873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:24:21.286513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:24:53.293066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:30:57.299379 3.000710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 22:31:04.305878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:31:12.307688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:31:28.310328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:32:00.317036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:38:04.322223 3.002304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 22:38:11.330413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:38:19.331436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:38:35.334741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:39:07.340891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:42:36.982850 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 22:42:36.982953 4.736232 tcp 10.0.2.109 53829 -> 190.200.221.34 1330 FSPA* 0 0 15 1702 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:45:11.346629 3.002116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 22:45:18.354241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:45:26.375482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:45:42.379027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:46:14.384706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:46:20.644081 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 22:46:20.644171 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 22:46:37.880257 0.051492 tcp 10.0.2.109 53830 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:46:37.932034 0.052007 tcp 10.0.2.109 53831 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:46:37.984370 0.150369 tcp 10.0.2.109 53832 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:46:38.135491 0.000000 udp 10.0.2.109 3683 -> 24.133.153.242 3636 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 22:46:56.576236 0.051735 tcp 10.0.2.109 53833 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:46:56.628188 0.052685 tcp 10.0.2.109 53834 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:46:56.681213 0.143981 tcp 10.0.2.109 53835 -> 195.113.214.211 443 SRPA* 0 0 40 22290 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:46:56.824823 0.172624 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:46:56.997871 0.165367 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:46:57.163588 0.054182 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:46:57.218223 0.058873 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:46:57.277501 0.035101 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:46:57.313092 0.112728 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:46:57.426411 0.041734 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:46:57.468553 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 22:47:13.730651 0.052633 tcp 10.0.2.109 53836 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:47:13.783563 0.053401 tcp 10.0.2.109 53837 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:47:13.837272 0.141039 tcp 10.0.2.109 53838 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/13 22:47:13.978962 0.227231 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:14.206589 0.048804 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:14.255741 0.141085 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:14.397226 0.249309 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:14.646955 0.319798 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:14.967170 0.141080 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:15.108678 0.154051 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:15.263078 3.390899 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:18.654509 0.123750 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:18.778593 0.136101 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:18.915031 0.203231 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:19.118641 0.059214 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:19.178288 0.136086 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:19.314791 0.190479 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:19.505635 0.133426 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:19.639396 0.139649 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:19.779429 0.175018 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:19.954934 0.155774 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:20.111060 0.183993 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:20.295418 0.054059 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:20.349889 0.319759 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:20.670236 0.084256 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:20.754860 0.363963 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:21.119256 0.187639 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:21.307313 0.048853 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:21.356513 0.167237 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:21.524163 0.075619 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:21.600123 0.148648 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:21.749210 0.076631 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:21.826238 0.068683 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:21.895328 0.178107 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:22.073815 0.136973 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:22.211211 0.519697 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:47:22.731296 0.155162 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/13 22:52:18.390917 3.001592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/13 22:52:25.397904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:52:33.399738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:52:49.402509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:53:21.408765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:59:25.414584 3.001461 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 22:59:32.421920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:59:40.423594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 22:59:56.426672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:00:28.432412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:06:32.438444 3.001647 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 23:06:39.445869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:06:47.447674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:07:03.450655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:07:35.456557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:12:41.727319 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 23:12:41.727429 4.637251 tcp 10.0.2.109 53839 -> 190.200.221.34 1330 FSPA* 0 0 15 1595 flow=From-Botnet-V1-TCP-Established 1970/01/13 23:13:39.462767 3.001840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 23:13:46.470406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:13:54.471151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:14:10.474344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:14:42.490879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:17:40.847391 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 23:17:40.847600 0.202353 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.050344 0.173168 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.223911 0.036387 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.260735 0.089628 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.350698 0.044814 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.395899 0.052287 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.448522 0.161998 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.610931 0.054848 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.666213 0.166767 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.833405 0.049716 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:41.883534 0.141660 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:42.025550 0.262753 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:42.288743 0.258850 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:42.548004 0.141709 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:42.690233 0.153124 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:42.843733 0.151527 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:42.995717 0.974709 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:43.970843 0.129956 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:44.101145 0.206528 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:44.308084 0.059556 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:44.368051 0.137313 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:44.505768 0.186126 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:44.692323 0.133128 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:44.825835 0.134624 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:44.960857 0.181984 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:45.143224 0.048950 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:45.192597 0.361292 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:45.554332 0.078967 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:45.633659 0.156274 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:45.790351 0.187025 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:45.977704 0.341374 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:46.319490 0.192619 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:46.512574 0.051974 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:46.564905 0.168129 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:46.733473 0.076917 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:46.810798 0.148765 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:46.959932 0.071073 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:47.031397 0.072051 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:17:47.103819 0.000000 udp 10.0.2.109 3683 -> 201.209.10.129 5879 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 23:18:05.263458 0.053223 tcp 10.0.2.109 53840 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/13 23:18:05.316963 0.053445 tcp 10.0.2.109 53841 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/13 23:18:05.370695 0.153907 tcp 10.0.2.109 53842 -> 195.113.214.211 443 SRPA* 0 0 42 32014 flow=From-Botnet-V1-TCP-Established 1970/01/13 23:18:05.525266 0.155951 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:18:05.681608 0.177891 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:18:05.859871 0.137920 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:20:46.497262 3.000902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 23:20:53.503775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:21:01.505939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:21:17.508598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:21:49.514722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:27:53.520719 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 23:28:00.527709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:28:08.529586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:28:24.532772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:28:56.538372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:35:00.544928 3.001452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 23:35:07.552100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:35:15.553186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:35:31.556498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:36:03.562200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:42:07.568410 3.022201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 23:42:14.596045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:42:22.597446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:42:38.600398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:42:46.371897 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 23:42:46.371993 4.427946 tcp 10.0.2.109 53843 -> 190.200.221.34 1330 SPA_* 0 0 10 1187 flow=From-Botnet-V1-TCP-Established 1970/01/13 23:42:55.463916 0.039547 tcp 10.0.2.109 53843 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/13 23:43:10.606486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:48:18.219475 0.073660 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/13 23:48:18.293432 0.309471 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:18.603321 0.174433 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:18.778101 0.034220 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:18.812737 0.101893 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:18.915015 0.041783 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:18.957175 0.050896 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:19.008554 0.164702 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:19.173685 0.058709 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:19.232811 0.166844 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:19.400059 0.049901 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:19.450421 0.215798 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:19.666587 0.138833 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:19.805774 0.143290 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:19.949446 0.152593 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:20.102457 0.143578 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:20.246440 0.275832 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:20.522606 0.269745 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:20.792756 2.579946 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:23.373047 0.208629 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:23.582086 0.137193 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:23.719611 0.189947 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:23.910029 0.132803 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:24.043229 0.163036 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:24.206681 0.203816 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:24.410902 0.121049 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:24.532349 0.362721 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:24.895479 0.080455 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:24.976354 0.156812 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:25.133557 0.187059 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:25.321011 0.158838 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:25.480235 0.049222 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:25.529817 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/13 23:48:42.465747 0.052957 tcp 10.0.2.109 53844 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/13 23:48:42.518987 0.052966 tcp 10.0.2.109 53845 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/13 23:48:42.572467 0.147722 tcp 10.0.2.109 53846 -> 195.113.214.211 443 SRPA* 0 0 50 28710 flow=From-Botnet-V1-TCP-Established 1970/01/13 23:48:42.720852 0.166122 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:42.887390 0.071348 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:42.959086 0.145188 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:43.104710 0.459619 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:43.564720 0.348280 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:43.913392 0.074257 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:43.988096 0.069775 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:44.058489 0.135494 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:44.194440 0.152475 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:48:44.347303 0.177529 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/13 23:49:14.642077 3.002033 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 23:49:21.649921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:49:29.651161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:49:45.654601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:50:17.660543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:56:21.666018 3.002333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/13 23:56:28.673515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:56:36.675064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:56:52.678055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/13 23:57:24.685234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:03:28.691690 3.000553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 00:03:35.697712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:03:43.699679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:03:59.702006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:04:31.708119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:10:35.715184 3.001163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 00:10:42.721542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:10:50.723428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:11:06.726095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:11:38.732238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:12:55.533195 0.000183 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 00:12:55.533475 0.767314 tcp 10.0.2.109 53847 -> 190.200.221.34 1330 SPA_* 0 0 9 1077 flow=From-Botnet-V1-TCP-Established 1970/01/14 00:13:01.202650 0.038783 tcp 10.0.2.109 53847 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 00:17:42.738650 3.001248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 00:17:49.745565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:17:57.747332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:18:13.750127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:18:45.756022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:19:06.215790 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 00:19:06.216009 0.052201 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:06.268648 0.035615 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:06.304670 0.095693 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:06.400797 0.042309 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:06.443505 0.055312 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:06.499265 0.274632 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:06.774489 0.172080 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:06.946883 0.058830 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:07.006132 0.165334 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:07.171877 0.050767 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:07.223080 0.148282 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:07.371770 0.162919 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:07.535089 0.143179 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:07.678658 0.141843 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:07.820886 0.150784 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:07.972082 0.232792 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:08.205316 0.285908 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:08.491605 0.136488 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:08.628505 0.136788 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:08.765727 0.192463 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:08.958607 0.133128 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:09.092154 0.064971 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:09.157529 0.985332 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:10.143258 0.273836 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:10.417581 0.120571 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:10.538564 0.372701 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:10.911672 0.070322 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:10.982482 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 00:19:27.358276 0.052725 tcp 10.0.2.109 53848 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 00:19:27.411276 0.055506 tcp 10.0.2.109 53849 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 00:19:27.466632 0.128390 tcp 10.0.2.109 53850 -> 195.113.214.211 443 SRPA* 0 0 34 25358 flow=From-Botnet-V1-TCP-Established 1970/01/14 00:19:27.595633 0.127030 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:27.723058 0.156258 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:27.879726 0.186733 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:28.066828 0.170398 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:28.237634 0.168920 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:28.406965 0.122786 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:28.530302 0.364426 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:28.895059 0.070140 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:28.965579 0.146260 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:29.112265 0.901396 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:30.013998 0.154263 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:30.168656 0.176687 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:30.345734 0.073969 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:19:30.420089 0.137043 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:24:49.762027 3.002065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 00:24:56.769675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:25:04.771529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:25:20.773957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:25:52.780106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:31:56.786711 3.000886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 00:32:03.793995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:32:11.795257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:32:27.798240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:32:59.804493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:39:03.810990 3.000961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 00:39:10.817965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:39:18.819012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:39:34.821851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:40:06.827935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:43:01.249464 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 00:43:01.249563 4.945810 tcp 10.0.2.109 53851 -> 190.200.221.34 1330 FSPA* 0 0 15 1561 flow=From-Botnet-V1-TCP-Established 1970/01/14 00:46:10.835335 3.000300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 00:46:17.841873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:46:25.842989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:46:41.846152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:47:13.852452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:49:58.178718 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 00:49:58.178978 0.136652 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:58.315981 0.036466 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:58.352824 0.097180 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:58.450414 0.041303 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:58.492091 0.050280 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:58.542776 0.267655 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:58.810847 0.171407 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:58.982588 0.058012 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:59.040916 0.050139 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:59.091422 0.050846 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:59.142715 0.214281 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:59.357404 0.167014 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:59.524823 0.146697 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:59.671915 0.140904 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:59.813185 0.154098 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:49:59.967647 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 00:50:15.565768 0.053928 tcp 10.0.2.109 53852 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 00:50:15.619995 0.052790 tcp 10.0.2.109 53853 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 00:50:15.673125 0.156556 tcp 10.0.2.109 53854 -> 195.113.214.211 443 SRPA* 0 0 43 32942 flow=From-Botnet-V1-TCP-Established 1970/01/14 00:50:15.830205 0.137369 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:15.967988 0.185432 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:16.153766 0.307638 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:16.461834 0.250307 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:16.712548 0.144122 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:16.857085 0.407237 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:17.264695 0.132194 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:17.397273 0.369421 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:17.767027 0.076770 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:17.844187 0.377556 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:18.222330 0.204041 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:18.426773 0.120760 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:18.547944 0.055333 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:18.603709 0.157080 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:18.761201 0.182315 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:18.943914 0.160962 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:19.105258 0.166265 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:19.271901 0.074315 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:19.346609 0.356003 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:19.702985 0.070653 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:19.774006 0.149444 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:19.923804 0.187158 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:20.111359 0.076815 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:20.188622 0.135107 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:20.324114 0.151078 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:50:20.475597 0.176700 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/14 00:53:17.858341 3.001364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 00:53:24.875279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:53:32.896937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:53:48.909866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 00:54:20.916359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:00:24.922570 3.001560 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 01:00:31.930005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:00:39.931456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:00:55.933968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:01:27.940139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:07:31.946617 3.000867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 01:07:38.953617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:07:46.955290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:08:02.957838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:08:34.964047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:13:06.234386 0.045461 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 01:13:06.280271 0.812475 tcp 10.0.2.109 53855 -> 190.200.221.34 1330 SPA_* 0 0 9 1081 flow=From-Botnet-V1-TCP-Established 1970/01/14 01:13:11.283335 4.049712 tcp 10.0.2.109 53855 -> 190.200.221.34 1330 FA_F* 0 0 7 615 flow=From-Botnet-V1-TCP-Established 1970/01/14 01:14:38.979812 3.001768 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 01:14:45.987516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:14:53.989414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:15:09.991972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:15:41.997827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:20:49.069806 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 01:20:49.070016 0.163507 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:49.233869 0.036374 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:49.270681 0.096857 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:49.367966 0.042608 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:49.410934 0.055507 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:49.466855 0.306200 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:49.773483 0.171439 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:49.945323 0.055820 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:50.001557 0.134002 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:50.135910 0.204368 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:50.340688 0.165762 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:50.506871 0.141858 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:50.649164 0.148456 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:50.798017 0.153555 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:50.951962 0.046019 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:50.998422 0.050049 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:51.048913 0.136092 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:51.185365 0.219694 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:51.405434 0.141803 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:51.547556 0.189595 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:51.737593 0.324712 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:52.062678 0.293569 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:52.356596 0.132679 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:52.489674 0.357490 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:52.847609 0.077086 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:52.925096 0.120241 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:53.045699 0.051172 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:53.097242 0.155343 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:53.252986 0.179585 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:53.432985 0.382873 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:53.816312 0.204444 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:54.021123 0.159380 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:54.180903 0.165363 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:54.346605 0.071736 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:54.418770 0.370860 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:54.789934 0.070078 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:54.860420 0.149858 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:55.010610 0.139538 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:55.150513 0.152842 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:55.303721 0.178658 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:55.482779 0.290999 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:20:55.774152 0.069483 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:21:46.005156 3.000476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 01:21:53.011843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:22:01.013035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:22:17.015692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:22:49.021913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:28:53.028376 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 01:29:00.035305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:29:08.037267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:29:24.040116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:29:56.046549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:36:00.052924 3.000713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 01:36:07.059282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:36:15.060873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:36:31.064268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:37:03.069700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:43:07.077238 3.000450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 01:43:14.083360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:43:15.335415 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 01:43:15.335498 1.287194 tcp 10.0.2.109 53856 -> 190.200.221.34 1330 FSPA* 0 0 15 1695 flow=From-Botnet-V1-TCP-Established 1970/01/14 01:43:22.084726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:43:38.087782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:44:10.094266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:50:14.099807 3.002024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 01:50:21.107219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:50:29.109122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:50:45.111809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:51:03.888813 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 01:51:03.888900 0.107087 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:03.996363 0.042650 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:04.039469 0.052456 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:04.092259 0.324697 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:04.417367 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 01:51:17.117786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:51:20.965593 0.053311 tcp 10.0.2.109 53857 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 01:51:21.019227 0.055096 tcp 10.0.2.109 53858 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 01:51:21.074602 0.148993 tcp 10.0.2.109 53859 -> 195.113.214.211 443 SRPA* 0 0 39 19244 flow=From-Botnet-V1-TCP-Established 1970/01/14 01:51:21.224317 0.055578 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:21.280291 0.162597 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:21.443292 0.034916 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:21.478618 0.136018 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:21.614993 0.197809 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:21.813193 0.165249 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:21.978871 0.140719 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:22.119940 0.147951 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:22.268290 0.155040 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:22.423683 0.048109 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:22.472170 0.049968 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:22.522547 0.142972 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:22.665871 0.218589 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:22.884779 0.267976 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:23.153084 0.138407 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:23.291921 0.289103 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:23.581405 0.260354 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:23.842208 0.132307 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:23.974918 0.372920 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:24.348293 0.000000 udp 10.0.2.109 3683 -> 79.236.145.240 8699 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 01:51:40.622160 0.052241 tcp 10.0.2.109 53860 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 01:51:40.674686 0.052461 tcp 10.0.2.109 53861 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 01:51:40.727458 0.144144 tcp 10.0.2.109 53862 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/14 01:51:40.872189 0.120265 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:40.992852 0.184819 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:41.178204 1.128972 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:42.307559 0.206468 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:42.514464 0.046437 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:42.561290 0.155762 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:42.717439 0.163418 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:42.881217 0.165372 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:43.046985 0.087704 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:43.135070 0.352473 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:43.487948 0.072552 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:43.560916 0.164598 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:43.725923 0.178620 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:43.904891 1.112261 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:45.017554 0.078611 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:45.096574 0.134585 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:51:45.231555 0.152964 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/14 01:57:21.124565 3.000825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 01:57:28.131466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:57:36.132778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:57:52.135978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 01:58:24.142231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:04:28.147758 3.001706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 02:04:35.155280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:04:43.156909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:04:59.159892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:05:31.166055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:11:35.172141 3.001179 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 02:11:42.179246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:11:50.180539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:12:06.183671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:12:38.189798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:13:16.625255 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:13:16.625535 1.486811 tcp 10.0.2.109 53863 -> 190.200.221.34 1330 FSPA* 0 0 13 1542 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:18:42.196400 3.001407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 02:18:49.203261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:18:57.204893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:19:13.207754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:19:45.213937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:21:59.627258 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:21:59.627499 0.173643 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:21:59.801549 0.000000 udp 10.0.2.109 3683 -> 79.236.145.240 8699 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 02:22:17.474679 0.053168 tcp 10.0.2.109 53864 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:17.528142 0.052096 tcp 10.0.2.109 53865 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:17.580584 0.149686 tcp 10.0.2.109 53866 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:17.781894 0.051070 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:17.833364 0.042351 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:17.876123 0.097035 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:17.973520 0.329371 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:18.303317 2.694730 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:21.088512 0.128151 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:21.115603 0.032987 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 SPA_* 0 0 5 558 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:21.217023 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 02:22:27.363886 3.157663 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:33.379955 0.396188 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:38.132737 0.052199 tcp 10.0.2.109 53868 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:38.185236 0.052599 tcp 10.0.2.109 53869 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:38.238220 0.148970 tcp 10.0.2.109 53870 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:38.387799 0.168016 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:38.556250 0.162546 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:38.719191 0.057080 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:38.776675 0.155123 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:38.932224 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 02:22:39.844745 0.200511 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 464 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:49.670817 0.398985 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 8732 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:55.598034 0.054800 tcp 10.0.2.109 53871 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:55.653076 0.052842 tcp 10.0.2.109 53872 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:55.706256 0.147421 tcp 10.0.2.109 53873 -> 195.113.214.211 443 SRPA* 0 0 29 14130 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:22:55.854363 0.057354 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:55.912095 0.144242 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:56.056689 0.184802 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:56.241907 0.141399 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:56.383732 0.139615 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:56.523778 0.252253 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:56.776445 0.134977 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:56.911844 0.134120 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:57.046382 0.133956 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:57.180692 0.292547 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:57.473652 0.312900 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:57.786954 0.129315 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:57.916647 0.184205 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:58.101229 0.139575 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:58.241211 0.203937 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:22:58.445486 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 02:22:59.344358 3.373597 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 8028 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:23:11.691007 0.199952 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 920 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:23:15.717326 0.051980 tcp 10.0.2.109 53874 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:23:15.769608 0.053285 tcp 10.0.2.109 53875 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:23:15.823259 0.157256 tcp 10.0.2.109 53876 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:23:15.981032 0.155430 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:16.136884 0.160393 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:16.297697 0.171622 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:16.469739 0.088053 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:16.558129 0.364546 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:16.923122 0.071479 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:16.995000 0.149843 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:17.145225 0.177126 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:17.337952 0.458906 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:17.797224 0.074067 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:17.871652 0.135433 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:18.007486 0.155785 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:23:22.593038 3.698760 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 5466 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:23:35.765393 0.199844 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 1272 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:23:45.859639 3.545572 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 6616 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:23:52.481468 3.853598 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:24:00.871509 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:24:02.693359 0.191044 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 7726 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:24:10.727563 3.583241 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:24:17.561432 3.779341 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:24:27.674530 0.205266 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 736 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:24:35.073479 0.407812 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 2484 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:24:42.589341 3.897564 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 13 9390 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:24:53.493235 0.394476 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:25:00.743283 3.649018 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:25:11.275818 3.591913 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:25:21.859231 3.913866 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:25:26.874849 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:25:33.149103 3.410209 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:25:39.601079 3.607412 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:25:46.141104 0.201729 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:25:49.220697 3.000967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 02:25:53.491152 3.236476 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 6 1968 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:25:56.227249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:26:03.664878 0.203122 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 5 3920 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:26:04.228515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:26:11.031287 0.398079 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 2162 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:26:15.865129 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:26:18.021186 3.892647 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:26:20.232161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:26:29.026888 0.198199 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:26:36.316830 3.563253 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:26:43.221081 3.758852 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:26:52.238157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:26:53.990686 3.854934 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:27:00.820904 3.614405 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:27:14.866775 0.204448 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 13 12286 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:27:22.248719 3.687850 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:27:29.272548 0.399406 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 7 4722 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:27:30.873595 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:27:36.326135 0.205492 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 1176 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:27:51.688486 3.660009 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 6712 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:28:02.538503 3.685652 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:28:13.224193 3.666000 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:28:18.371197 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:28:20.112353 3.667145 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:28:33.653891 0.199993 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 1136 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:28:48.524125 3.906558 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 4884 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:29:02.223095 3.706964 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:29:09.220152 3.829749 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:29:16.094146 0.401114 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:29:23.122970 0.192348 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 316 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:29:30.464074 3.836408 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 11 7626 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:29:35.372418 0.000202 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:29:37.340166 0.395693 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:29:44.630027 3.911004 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:29:55.415959 0.205509 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:30:02.439890 0.401849 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:30:09.739996 3.626992 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:30:16.573903 0.408225 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:30:21.368191 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:30:23.431675 0.200114 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 1124 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:30:30.334750 0.207424 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 8158 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:30:37.711826 3.554990 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:30:44.445685 0.206248 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:30:51.881614 3.756092 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:30:58.621655 3.775954 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:31:05.565843 0.406468 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:31:12.387522 0.404745 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1652 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:31:19.430322 0.402370 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 2756 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:31:26.941799 3.666230 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 13 9758 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:31:33.887547 3.860546 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:31:42.374825 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:31:44.336913 4.086828 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 13 10838 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:31:51.521352 3.502180 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:31:58.183537 3.709928 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 15 10946 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:32:08.833333 0.400864 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1652 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:32:15.582301 0.201023 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 5 4426 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:32:22.686027 3.752168 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 17 14150 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:32:29.759241 0.404639 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:32:37.303346 3.756524 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:32:44.369145 3.970671 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:32:54.792939 0.196157 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 1316 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:32:56.243989 3.001515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 02:33:02.603209 3.792696 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 16 12688 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:33:03.250827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:33:07.366879 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:33:11.252998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:33:16.704040 0.206387 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 572 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:33:24.489130 3.897926 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 11 7370 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:33:27.255974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:33:35.595312 3.628347 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:33:42.479001 3.704121 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:33:53.444985 0.208498 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:33:58.370308 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:33:59.261384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:34:00.855136 3.624500 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:34:19.364837 0.720151 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 7 3274 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:34:27.370783 3.767037 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:34:34.496719 3.790985 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:34:53.382733 3.861948 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 11 4938 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:35:04.296596 3.613672 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:35:09.372119 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:35:22.888490 3.489292 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:35:29.558341 3.878990 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:35:43.842571 3.554775 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:35:50.738532 0.403794 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:35:55.869387 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:35:57.098235 0.203291 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 2 700 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:36:03.712077 3.773940 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 13 10246 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:36:14.788328 3.693860 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:36:25.912170 3.655902 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:36:36.688373 0.200504 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:36:41.865515 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:36:43.678169 0.400458 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:36:50.944038 3.579852 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:36:57.704142 3.929935 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:37:08.424107 3.570882 tcp 10.0.2.109 53867 -> 77.22.244.77 5353 FRPA* 0 0 12 2972 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:40:03.268464 3.000802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 02:40:10.275411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:40:18.276402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:40:34.279895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:41:06.285796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:43:18.131792 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:43:18.131866 1.817769 tcp 10.0.2.109 53877 -> 190.200.221.34 1330 SPA_* 0 0 9 999 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:43:25.868871 0.054325 tcp 10.0.2.109 53877 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:47:10.292710 3.000878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 02:47:17.299147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:47:25.300527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:47:41.303776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:48:13.309697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:53:18.568687 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 02:53:18.568958 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 02:53:36.556360 0.055813 tcp 10.0.2.109 53878 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:53:36.612453 0.054136 tcp 10.0.2.109 53879 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:53:36.666874 0.150104 tcp 10.0.2.109 53880 -> 195.113.214.211 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:53:36.817478 0.045372 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:36.863282 0.048644 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:36.912258 0.172344 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:37.085015 0.099014 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:37.184359 0.049603 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:37.234427 0.041929 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:37.276737 0.355835 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:37.632952 0.000000 udp 10.0.2.109 3683 -> 77.22.244.77 9684 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 02:53:52.858593 0.051809 tcp 10.0.2.109 53881 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:53:52.910665 0.052838 tcp 10.0.2.109 53882 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:53:52.963864 0.273012 tcp 10.0.2.109 53883 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/01/14 02:53:53.237504 0.135645 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:53.373533 0.226148 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:53.600060 0.161787 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:53.762294 0.151942 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:53.914584 0.052847 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:53.967825 0.140228 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:54.108439 0.052641 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:54.161471 0.139649 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:54.301484 0.331396 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:54.633285 0.064606 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:54.698308 0.132725 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:54.831391 0.141138 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:54.972934 0.184959 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:55.158391 0.122735 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:55.281460 0.137969 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:55.419868 0.274766 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:55.695272 0.313395 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:56.009181 2.760445 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:58.769989 0.179572 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:58.949949 0.207433 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:59.157770 0.170425 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:59.328572 0.162469 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:59.499295 0.236164 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:59.735856 0.079125 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:53:59.815396 0.376792 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:54:00.192581 0.119525 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:54:00.312530 0.928701 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:54:01.241592 0.073872 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:54:01.315798 0.136126 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:54:01.452317 0.151227 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:54:01.603893 0.177874 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:54:01.782331 0.254661 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 02:54:17.316194 3.001313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 02:54:24.323042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:54:32.324806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:54:48.327754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 02:55:20.333499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:01:24.340270 3.000712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 03:01:31.346708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:01:39.348235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:01:55.351762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:02:27.357488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:08:31.364034 3.001318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 03:08:38.371091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:08:46.372646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:09:02.375250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:09:34.381333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:13:25.925272 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 03:13:25.925509 1.313734 tcp 10.0.2.109 53884 -> 190.200.221.34 1330 FSPA* 0 0 15 1664 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:15:38.398595 3.000687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 03:15:45.404632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:15:53.406802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:16:09.409152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:16:41.415743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:22:45.421237 3.002274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 03:22:52.428761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:23:00.430111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:23:16.433317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:23:48.439739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:24:21.727974 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 03:24:21.728120 3.309498 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:25.038016 0.051789 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:25.090212 0.041005 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:25.131634 0.172685 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:25.304683 0.303379 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:25.608405 0.054934 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:25.663732 0.092860 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:25.756977 0.043012 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:25.800382 0.136960 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:25.937755 0.172068 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:26.110258 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 03:24:42.689762 0.053509 tcp 10.0.2.109 53885 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:24:42.743563 0.067913 tcp 10.0.2.109 53886 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:24:42.811748 0.145224 tcp 10.0.2.109 53887 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:24:42.957703 0.361739 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:43.319835 0.056596 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:43.376842 0.146177 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:43.523365 0.253641 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:43.777381 0.063925 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:43.841675 0.133518 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:43.975552 0.147542 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:44.123494 0.136680 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:44.260577 0.053662 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:44.314638 0.190205 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:44.505220 0.119545 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:44.625144 0.135857 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:44.761366 0.275383 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:45.037248 0.349344 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:45.386973 0.142212 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:45.529646 0.185971 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:45.716025 0.159689 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:45.876064 0.169413 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:46.045903 0.145735 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:46.192062 0.206936 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:46.399360 0.156057 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:46.555828 0.361892 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:46.918148 0.072071 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:46.990605 0.136442 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:47.127432 0.146919 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:47.274737 0.178508 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:47.453615 0.210510 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:47.664447 2.226299 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:24:49.891053 0.077305 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:29:52.445898 3.010920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 03:29:59.462584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:30:07.464704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:30:23.467457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:30:55.473860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:36:59.479104 3.002318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 03:37:06.486878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:37:14.488587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:37:30.491197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:38:02.497316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:43:27.244520 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 03:43:27.244694 3.003729 tcp 10.0.2.109 53888 -> 190.200.221.34 1330 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 03:43:32.671547 0.001760 tcp 10.0.2.109 53888 -> 190.200.221.34 1330 PA_SA 0 0 8 1007 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:43:43.020365 0.196787 tcp 10.0.2.109 53888 -> 190.200.221.34 1330 A_PA 0 0 2 340 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:43:50.999361 0.107916 tcp 10.0.2.109 53888 -> 190.200.221.34 1330 FA_F* 0 0 5 275 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:44:06.503451 3.011679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 03:44:13.521072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:44:21.522357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:44:37.525050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:45:09.531687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:51:13.537944 3.001388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 03:51:20.545134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:51:28.546508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:51:44.549391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:52:16.555370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:55:12.287949 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 03:55:12.288158 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 03:55:28.773720 0.085655 tcp 10.0.2.109 53889 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:55:28.859655 0.054304 tcp 10.0.2.109 53890 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:55:28.914445 0.148387 tcp 10.0.2.109 53891 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:55:29.063326 0.050520 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:29.114218 0.058030 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:29.172657 0.194640 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:29.367684 0.382138 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:29.750256 0.049027 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:29.799668 0.116579 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:29.916628 0.042155 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:29.959213 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 03:55:46.557657 0.051422 tcp 10.0.2.109 53892 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:55:46.609396 0.053482 tcp 10.0.2.109 53893 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:55:46.663155 0.148190 tcp 10.0.2.109 53894 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/14 03:55:46.811833 3.513507 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:50.325747 0.169455 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:50.495608 0.140551 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:50.636478 0.324730 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:50.961647 0.064831 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:51.026877 0.133270 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:51.160549 0.149062 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:51.309949 0.055445 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:51.365774 0.147353 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:51.513533 0.136800 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:51.650717 0.056779 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:51.707855 0.185318 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:51.893508 0.119586 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:52.013446 0.140227 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:52.154079 0.399193 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:52.553622 0.183763 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:52.737760 0.175013 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:52.913226 0.296222 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:53.209798 0.384585 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:53.594785 0.171845 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:53.767028 0.070564 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:53.837998 0.203214 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:54.041559 0.154814 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:54.196788 0.361529 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:54.558694 0.072654 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:54.631787 0.182483 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:54.814664 0.157565 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:54.972618 0.134955 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:55.107965 0.226756 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:55.335106 0.903471 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:55:56.238973 0.067886 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/14 03:58:20.562014 3.001331 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 03:58:27.568594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:58:35.570334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:58:51.573442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 03:59:23.579257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:05:27.585981 3.010809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 04:05:34.602824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:05:42.603950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:05:58.607598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:06:30.613558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:12:34.619486 3.001176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 04:12:41.626839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:12:49.628044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:13:05.631548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:13:37.637073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:13:51.106764 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 04:13:51.106857 1.722360 tcp 10.0.2.109 53895 -> 190.200.221.34 1330 SPA_* 0 0 9 1175 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:22.834577 0.056340 tcp 10.0.2.109 53896 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:22.891236 0.055454 tcp 10.0.2.109 53897 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:22.947054 0.149935 tcp 10.0.2.109 53898 -> 195.113.214.211 443 SRPA* 0 0 39 34490 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:23.130839 4.149147 tcp 10.0.2.109 53895 -> 190.200.221.34 1330 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:23.131100 2.995718 tcp 10.0.2.109 53899 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 04:14:32.125364 0.000000 tcp 10.0.2.109 53899 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 04:14:38.134997 0.052182 tcp 10.0.2.109 53900 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:38.187506 0.052502 tcp 10.0.2.109 53901 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:38.240283 0.161800 tcp 10.0.2.109 53902 -> 195.113.214.211 443 SRPA* 0 0 22 13123 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:38.477644 3.001462 tcp 10.0.2.109 53903 -> 82.211.180.109 8663 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 04:14:47.477417 0.000000 tcp 10.0.2.109 53903 -> 82.211.180.109 8663 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 04:14:53.476927 0.071148 tcp 10.0.2.109 53904 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:53.548342 0.053148 tcp 10.0.2.109 53905 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:53.601771 0.151898 tcp 10.0.2.109 53906 -> 195.113.214.211 443 SRPA* 0 0 43 35912 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:14:53.797294 3.003646 tcp 10.0.2.109 53907 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 04:15:02.799362 0.000000 tcp 10.0.2.109 53907 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 04:15:08.798630 0.050817 tcp 10.0.2.109 53908 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:15:08.849766 0.065344 tcp 10.0.2.109 53909 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:15:08.915468 0.148221 tcp 10.0.2.109 53910 -> 195.113.214.211 443 SRPA* 0 0 50 30200 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:15:09.074782 0.654964 tcp 10.0.2.109 53911 -> 176.73.169.112 1959 FSPA* 0 0 14 1682 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:19:41.653243 3.031427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 04:19:48.690559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:19:56.692457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:20:12.694955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:20:44.701668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:26:11.381557 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 04:26:11.381658 0.138661 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:11.520708 0.212846 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:11.733952 0.297582 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:12.031962 0.059034 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:12.091375 0.093414 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:12.185224 0.042370 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:12.227997 0.046581 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:12.274962 0.048710 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:12.324048 0.143072 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:12.467518 0.000000 udp 10.0.2.109 3683 -> 99.186.18.66 4605 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 04:26:30.089714 0.053314 tcp 10.0.2.109 53912 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:26:30.143327 0.052393 tcp 10.0.2.109 53913 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:26:30.196005 0.158857 tcp 10.0.2.109 53914 -> 195.113.214.211 443 SRPA* 0 0 39 31252 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:26:30.355494 3.225634 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:33.581585 0.166368 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:33.748333 0.060577 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:33.809316 0.133519 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:33.943253 0.149487 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:34.093111 0.057142 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:34.150658 0.145370 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:34.296462 0.139029 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:34.435924 0.053947 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:34.490232 0.185185 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:34.676535 0.119475 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:34.796387 0.136491 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:34.933303 2.560678 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:37.494527 0.179760 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:37.674638 0.162579 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:37.837675 0.166514 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:38.004536 0.504907 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:38.509842 0.281123 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:38.791355 0.377448 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:39.169151 0.207352 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:39.376848 0.153815 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:39.531085 0.343563 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:39.874981 0.073329 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:39.948748 0.178849 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:40.127984 0.147523 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:40.275941 0.137121 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:40.413501 0.145024 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:40.558942 0.186591 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:40.745850 0.075220 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:26:48.707409 3.001418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 04:26:55.714625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:27:03.716100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:27:19.719003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:27:51.725898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:33:55.730732 3.002298 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 04:34:02.738654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:34:10.740145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:34:26.743137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:34:58.749063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:41:02.756082 3.000946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 04:41:09.762826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:41:17.764495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:41:33.766921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:42:05.783208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:45:09.738502 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 04:45:09.738601 0.492463 tcp 10.0.2.109 53915 -> 176.73.169.112 1959 FSPA* 0 0 14 1683 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:48:09.789977 3.001248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 04:48:16.796635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:48:24.797913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:48:40.801165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:49:12.807087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:55:16.813419 3.001612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 04:55:23.820825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:55:31.821889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:55:47.825112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:56:19.831461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 04:57:02.973189 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 04:57:02.973279 0.000000 udp 10.0.2.109 3683 -> 99.186.18.66 4605 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 04:57:20.810974 0.053629 tcp 10.0.2.109 53916 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:57:20.864859 0.052255 tcp 10.0.2.109 53917 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:57:20.917341 0.152932 tcp 10.0.2.109 53918 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/14 04:57:21.079855 0.125892 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:21.206181 0.161763 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:21.368335 0.112496 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:21.481228 0.388736 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:21.870574 0.049788 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:21.920726 0.056719 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:21.977821 0.143708 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.121907 0.042646 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.164915 0.044128 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.209443 0.064892 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.274722 0.121674 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.396758 0.036299 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.433408 0.160280 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.594093 0.139186 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.733662 0.053986 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.788035 0.142851 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:22.931284 0.136086 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:23.067753 0.053370 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:23.121502 0.190985 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:23.312900 0.122021 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:23.435407 0.137845 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:23.573667 0.160558 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:23.734639 0.166073 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:23.901041 3.111079 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:27.012636 0.175882 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:27.188857 0.077833 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:27.267082 0.275156 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:27.542621 0.370954 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:27.913916 0.206929 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:28.121253 0.151264 rtcp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:28.272847 0.341056 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:28.614456 0.072536 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:28.687397 0.139008 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:28.826758 0.142850 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:28.970040 0.272056 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:29.242492 0.078123 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:29.321062 0.178455 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/14 04:57:29.499881 0.154212 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:02:23.837438 3.001321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 05:02:30.844416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:02:38.845731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:02:54.848844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:03:26.855170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:09:30.863415 2.999762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 05:09:37.868188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:09:45.870375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:10:01.873001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:10:33.879469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:15:10.236515 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 05:15:10.236651 0.511049 tcp 10.0.2.109 53919 -> 176.73.169.112 1959 FSPA* 0 0 15 1698 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:16:37.885872 3.000980 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 05:16:44.892163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:16:52.893745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:17:08.897135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:17:40.902798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:23:44.908911 3.112118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 05:23:52.026835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:24:00.027784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:24:16.030979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:24:48.037467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:27:30.761299 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 05:27:30.761387 0.094086 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:30.855879 0.300450 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:31.156708 0.263548 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:31.420688 0.052595 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:31.473646 0.128767 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:31.602871 0.155455 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:31.758674 0.141940 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:31.901027 0.042371 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:31.943750 0.049159 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:31.993312 0.000000 udp 10.0.2.109 3683 -> 80.177.149.34 2494 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 05:27:48.728881 0.053304 tcp 10.0.2.109 53920 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:27:48.782471 0.052650 tcp 10.0.2.109 53921 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:27:48.835409 0.155647 tcp 10.0.2.109 53922 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:27:48.990776 0.122405 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:49.113526 0.035765 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:49.149713 0.161561 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:49.311666 0.135469 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:49.447516 0.062790 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:49.510648 0.141899 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:49.652953 0.150025 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:49.803411 0.053692 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:49.857518 0.189864 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:50.047803 0.124441 udp 10.0.2.109 3683 <-> 108.161.164.13 9770 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:50.172644 0.138218 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:50.311291 0.163239 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:50.474941 0.169234 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:50.644585 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 05:27:59.274513 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 05:27:59.274966 0.296637 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:59.571980 0.378849 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:27:59.951179 0.175932 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:00.127508 0.243665 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:00.371656 0.207473 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:00.579534 0.152168 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:00.732098 0.362567 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:01.095055 0.073170 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:01.168574 0.142859 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:01.311785 0.144302 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:01.456483 0.177418 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:01.634341 0.152257 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:01.786953 1.240560 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:28:03.027843 0.216550 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:30:52.043194 3.001930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 05:30:59.050628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:31:07.051962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:31:23.055046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:31:55.060857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:37:59.067561 3.001346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 05:38:06.074439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:38:14.075879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:38:30.079019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:39:02.085336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:45:06.091582 3.001233 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 05:45:10.805943 0.000300 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 05:45:10.806330 0.528616 tcp 10.0.2.109 53923 -> 176.73.169.112 1959 FSPA* 0 0 15 1784 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:45:13.128407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:45:21.129739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:45:37.133427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:46:09.139453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:52:13.145487 3.001038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 05:52:20.152429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:52:28.154412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:52:44.157365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:53:16.163006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:58:06.701000 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 05:58:06.701157 2.258703 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:08.960341 0.104133 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:09.064870 0.047787 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:09.113079 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 05:58:28.053834 0.053945 tcp 10.0.2.109 53924 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:58:28.108048 0.054333 tcp 10.0.2.109 53925 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:58:28.162742 0.140770 tcp 10.0.2.109 53926 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:58:28.304011 0.166455 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:28.470890 0.142759 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:28.613985 0.044431 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:28.658827 0.052474 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:28.711624 0.517992 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:29.230002 0.053729 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:29.284123 0.122649 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:29.407181 0.036089 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:29.443668 0.160417 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:29.604490 0.138569 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:29.743490 0.062012 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:29.805974 0.141104 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:29.947445 0.145620 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:30.093460 0.051714 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:30.145535 0.192450 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:30.338425 0.000000 udp 10.0.2.109 3683 -> 108.161.164.13 9770 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 05:58:47.760630 0.052632 tcp 10.0.2.109 53927 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:58:47.813601 0.054254 tcp 10.0.2.109 53928 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:58:47.868134 0.150239 tcp 10.0.2.109 53929 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/14 05:58:48.019030 0.137100 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:48.156511 0.162576 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:48.319468 0.166423 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:48.486451 0.371482 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:48.858543 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 05:58:57.406768 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 05:58:57.407091 0.472975 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:57.880449 0.207748 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:58.088560 0.147192 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:58.236155 0.176290 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:58.412838 0.126832 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:58.540070 0.348386 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:58.888827 0.071354 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:58.960605 0.140778 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:59.101760 0.146411 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:59.248567 0.178018 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:59.426979 0.155671 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:59.583057 0.187293 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:58:59.770745 0.068218 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/14 05:59:20.169710 3.000669 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 05:59:27.176392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:59:35.177875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 05:59:51.181014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:00:23.187242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:06:27.193159 3.001213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 06:06:34.200413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:06:42.201645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:06:58.204837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:07:30.210887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:13:34.216743 3.012098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 06:13:41.254160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:13:49.255833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:14:05.259072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:14:37.264959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:15:11.334698 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 06:15:11.334805 0.482659 tcp 10.0.2.109 53930 -> 176.73.169.112 1959 FSPA* 0 0 15 1603 flow=From-Botnet-V1-TCP-Established 1970/01/14 06:20:41.271522 3.000972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 06:20:48.278672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:20:56.280119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:21:12.282769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:21:44.288810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:27:48.295753 3.000708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 06:27:55.302545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:28:03.304137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:28:19.307017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:28:51.313191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:29:28.306728 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 06:29:28.306823 0.133981 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:28.441142 0.000000 udp 10.0.2.109 3683 -> 108.161.164.13 9770 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 06:29:44.881375 0.053325 tcp 10.0.2.109 53931 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/14 06:29:44.935022 0.058084 tcp 10.0.2.109 53932 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/14 06:29:44.993408 0.146328 tcp 10.0.2.109 53933 -> 195.113.214.211 443 SRPA* 0 0 59 39324 flow=From-Botnet-V1-TCP-Established 1970/01/14 06:29:45.138642 0.112904 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:45.251964 2.195490 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:47.447809 0.053036 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:47.501217 0.043177 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:47.544749 0.052548 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:47.597637 0.159648 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:47.757687 0.141545 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:47.899656 0.042063 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:47.942158 0.121649 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:48.064228 0.036391 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:48.101012 0.323429 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 587 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:48.424875 0.141230 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:48.566501 0.054740 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:48.621595 0.141110 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:48.763143 0.138012 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:48.901533 0.159243 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:49.061162 0.190223 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:49.251821 0.053201 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:49.305417 0.168608 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:49.474422 0.169590 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:49.644440 0.381917 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:50.026818 0.139010 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:50.166400 0.213950 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:29:50.380725 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 06:30:06.521799 0.051525 tcp 10.0.2.109 53934 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 06:30:06.573611 0.051797 tcp 10.0.2.109 53935 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 06:30:06.625757 0.152136 tcp 10.0.2.109 53936 -> 195.113.214.211 443 SRPA* 0 0 42 21258 flow=From-Botnet-V1-TCP-Established 1970/01/14 06:30:06.778538 0.343838 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:07.122782 0.151505 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:07.274725 0.176504 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:07.451725 0.080606 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:07.532832 0.352511 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:07.885768 0.072981 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:07.959141 0.179044 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:08.138520 0.154441 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:08.293417 0.227050 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:08.520896 0.113796 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:08.635028 0.140517 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:30:08.775925 0.147200 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/14 06:34:55.318352 3.002271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 06:35:02.326650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:35:10.328287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:35:26.330633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:35:58.336884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:42:02.343612 3.000834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 06:42:09.350480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:42:17.351885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:42:33.354844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:43:05.360681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:45:11.822727 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 06:45:11.822915 0.544839 tcp 10.0.2.109 53937 -> 176.73.169.112 1959 FSPA* 0 0 14 1663 flow=From-Botnet-V1-TCP-Established 1970/01/14 06:49:09.367257 3.001471 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 06:49:16.374250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:49:24.375604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:49:40.379076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:50:12.384788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:56:16.391035 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 06:56:23.398443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:56:31.399646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:56:47.402441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 06:57:19.408694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:00:21.020227 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 07:00:21.020331 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 07:00:37.605872 0.053602 tcp 10.0.2.109 53938 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:00:37.659808 0.054463 tcp 10.0.2.109 53939 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:00:37.714540 0.159591 tcp 10.0.2.109 53940 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:00:37.872601 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 07:00:55.920763 0.051902 tcp 10.0.2.109 53941 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:00:55.972946 0.053589 tcp 10.0.2.109 53942 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:00:56.026938 0.168365 tcp 10.0.2.109 53943 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:00:56.195951 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 07:01:15.088315 0.052874 tcp 10.0.2.109 53944 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:01:15.141065 0.053182 tcp 10.0.2.109 53945 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:01:15.194586 0.144433 tcp 10.0.2.109 53946 -> 195.113.214.211 443 SRPA* 0 0 41 31962 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:01:15.339597 0.055065 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:15.395057 0.042817 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:15.438478 0.064036 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:15.502872 0.176696 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:15.680033 0.141206 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:15.821607 0.048597 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:15.870603 0.124966 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:15.995971 0.000000 udp 10.0.2.109 3683 -> 80.177.149.34 2494 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 07:01:31.642442 0.053185 tcp 10.0.2.109 53947 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:01:31.695922 0.052863 tcp 10.0.2.109 53948 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:01:31.749082 0.146713 tcp 10.0.2.109 53949 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:01:31.896427 0.137287 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:32.034047 0.057627 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:32.092114 0.144998 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:32.237453 0.144956 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:32.382769 0.222250 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:32.605436 0.316588 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:32.922535 0.036895 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:32.959827 0.159158 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:33.119420 0.215445 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:33.335264 0.312388 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:33.648055 0.052261 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:33.700669 0.184901 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:33.885971 0.218389 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:34.104780 0.135834 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:34.241021 0.290887 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:34.597175 0.147654 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:34.745165 0.180880 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:34.926681 0.078141 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:35.005224 0.333819 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:35.339471 0.071808 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:35.411664 0.000000 udp 10.0.2.109 3683 -> 116.58.61.124 1206 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 07:01:53.483295 0.052292 tcp 10.0.2.109 53950 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:01:53.535917 0.054254 tcp 10.0.2.109 53951 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:01:53.589972 0.151988 tcp 10.0.2.109 53952 -> 195.113.214.211 443 SRPA* 0 0 48 40512 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:01:53.742680 0.077334 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:53.820375 0.137605 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:53.958499 0.150570 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:54.109498 0.178132 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:01:54.287980 0.154887 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:03:23.414453 3.002200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 07:03:30.422061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:03:38.424116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:03:54.426968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:04:26.432873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:10:30.439304 3.091139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 07:10:37.536348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:10:45.537998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:11:01.540947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:11:33.547254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:15:12.411982 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 07:15:12.412089 0.720217 tcp 10.0.2.109 53953 -> 176.73.169.112 1959 FSPA* 0 0 15 1677 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:17:37.552495 3.001817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 07:17:44.560318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:17:52.561518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:18:08.564846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:18:40.570552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:24:44.577269 3.001185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 07:24:51.584482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:24:59.585899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:25:15.588636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:25:47.594847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:31:51.601545 3.001061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 07:31:58.608422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:32:04.186685 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 07:32:04.186774 0.135181 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:04.322410 0.103900 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:04.426746 1.883424 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:06.310551 0.000000 udp 10.0.2.109 3683 -> 116.58.61.124 1206 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 07:32:06.609518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:32:22.154114 0.053938 tcp 10.0.2.109 53954 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:32:22.208392 0.053185 tcp 10.0.2.109 53955 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:32:22.261933 0.154329 tcp 10.0.2.109 53956 -> 195.113.214.211 443 SRPA* 0 0 48 40512 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:32:22.476994 0.156667 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:22.612756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:32:22.634052 0.144125 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:22.778624 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 07:32:40.168719 0.052851 tcp 10.0.2.109 53957 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:32:40.221879 0.054636 tcp 10.0.2.109 53958 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:32:40.276798 0.148986 tcp 10.0.2.109 53959 -> 195.113.214.211 443 SRPA* 0 0 21 11340 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:32:40.426391 0.124105 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:40.550938 0.044521 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:40.595808 0.053240 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:40.649411 0.052831 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:40.702713 0.058717 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:40.761832 0.143274 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:40.905448 0.159874 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:41.065704 0.300706 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:41.366778 0.035561 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:41.402767 0.137803 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:41.540925 0.145148 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:41.686508 0.373060 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:42.059992 0.053791 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:42.114314 0.192069 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:42.306784 0.167627 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:42.474785 0.166031 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:42.641175 0.147514 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:42.789101 0.175735 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:42.965223 0.087685 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:43.053265 0.206960 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:43.260568 0.138399 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:43.399373 0.249076 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:43.648878 0.071517 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:43.720733 0.310007 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:44.031094 0.074812 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:44.106469 0.137163 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:44.244124 0.165807 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:44.410353 0.148664 udp 10.0.2.109 3683 <-> 50.100.234.238 3644 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:44.559457 0.181077 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 07:32:54.619319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:38:58.624903 3.001931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 07:39:05.631891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:39:13.633711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:39:29.637014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:40:01.642986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:45:13.131099 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 07:45:13.131188 0.486010 tcp 10.0.2.109 53960 -> 176.73.169.112 1959 FSPA* 0 0 14 1514 flow=From-Botnet-V1-TCP-Established 1970/01/14 07:46:05.649322 3.001271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 07:46:12.656178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:46:20.657976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:46:36.660647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:47:08.667055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:53:12.673259 3.000827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 07:53:19.680342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:53:27.681749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:53:43.684427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 07:54:15.690667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:00:19.696910 3.001328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 08:00:26.704009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:00:34.705686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:00:50.708654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:01:22.714894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:03:06.854465 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 08:03:06.854618 0.043622 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:06.898680 0.209945 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:07.109102 0.089470 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:07.198949 0.060718 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:07.260085 0.156444 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:07.416933 0.145511 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:07.562773 0.125781 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:07.688908 0.043255 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:07.732566 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 08:03:25.383006 0.053591 tcp 10.0.2.109 53961 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:03:25.436908 0.053400 tcp 10.0.2.109 53962 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:03:25.490660 0.156410 tcp 10.0.2.109 53963 -> 195.113.214.211 443 SRPA* 0 0 52 35798 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:03:25.647877 0.053807 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:25.702047 0.059451 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:25.761981 0.134680 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:25.897043 0.037169 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:25.934581 0.146823 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:26.081801 0.144714 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:26.226973 0.200083 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:26.427429 0.303005 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:26.730840 0.381652 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:27.112854 0.051804 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:27.165052 0.191124 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:27.356573 0.223765 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:27.580718 0.173933 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:27.755096 0.187616 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:27.943109 0.176156 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:28.119690 0.095260 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:28.215387 0.207048 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:28.422865 0.137407 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:28.560649 0.434185 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:28.995225 0.072795 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:29.068442 0.364194 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:29.433033 0.154156 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:29.587594 0.000000 udp 10.0.2.109 3683 -> 50.100.234.238 3644 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 08:03:48.574985 0.051620 tcp 10.0.2.109 53964 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:03:48.626884 0.053790 tcp 10.0.2.109 53965 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:03:48.680491 0.143638 tcp 10.0.2.109 53966 -> 195.113.214.211 443 SRPA* 0 0 25 14904 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:03:48.824766 0.177073 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:49.002471 0.074943 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:03:49.077826 0.136250 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:07:26.720982 3.001506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 08:07:33.728128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:07:41.729515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:07:57.732860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:08:29.738472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:14:33.744816 3.001700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 08:14:40.751881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:14:48.753472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:15:04.756450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:15:13.619419 0.000179 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 08:15:13.619705 0.579417 tcp 10.0.2.109 53967 -> 176.73.169.112 1959 FSPA* 0 0 15 1598 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:15:36.762701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:21:40.768800 3.001884 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 08:21:47.776151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:21:55.777733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:22:11.780649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:22:43.786331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:28:47.792476 3.001359 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 08:28:54.800360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:29:02.801706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:29:18.804413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:29:50.810225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:33:49.343923 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 08:33:49.344027 0.055517 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:33:49.399972 0.000000 udp 10.0.2.109 3683 -> 50.100.234.238 3644 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 08:34:07.992218 0.063611 tcp 10.0.2.109 53968 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:34:08.056197 0.116823 tcp 10.0.2.109 53969 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:34:08.173333 0.146018 tcp 10.0.2.109 53970 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:34:08.319701 0.049309 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:08.369399 0.115919 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:08.485737 0.183241 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:08.669394 0.139390 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:08.809232 0.121954 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:08.931522 0.044758 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:08.976685 0.094690 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:09.071764 0.129429 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:09.201576 0.055461 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:09.257428 0.051817 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:09.309659 0.036440 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:09.346498 0.140289 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:09.487158 0.140547 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:09.628061 0.165811 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:09.794304 0.318720 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:10.113518 0.145129 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:10.259060 0.182974 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:10.442435 0.167801 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:10.610620 0.146666 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:10.757733 0.191187 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:10.949314 0.053510 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:11.003147 0.309299 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:11.312818 0.213613 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:11.526851 0.139438 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:11.666645 0.345675 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:12.012692 0.181602 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:12.194671 0.106685 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:12.301780 0.371425 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:12.673623 0.071137 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:12.745156 0.155987 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:12.901512 1.432837 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:14.334751 0.080560 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:34:14.415737 0.139409 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/14 08:35:54.817214 3.000658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 08:36:01.824084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:36:09.825353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:36:25.828771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:36:57.834396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:43:01.839997 3.022069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 08:43:08.867578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:43:16.869826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:43:32.872809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:44:04.879194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:45:14.198258 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 08:45:14.198481 0.548145 tcp 10.0.2.109 53971 -> 176.73.169.112 1959 FSPA* 0 0 15 1578 flow=From-Botnet-V1-TCP-Established 1970/01/14 08:50:08.885301 3.001279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 08:50:15.891790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:50:23.893287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:50:39.896182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:51:11.902443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:57:15.908409 3.001654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 08:57:22.916273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:57:30.917078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:57:46.920550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 08:58:18.926137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:04:22.933145 3.000695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 09:04:29.939723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:04:37.941166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:04:40.525672 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 09:04:40.525778 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 09:04:53.944159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:04:59.514925 0.053606 tcp 10.0.2.109 53972 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 09:04:59.568861 0.052021 tcp 10.0.2.109 53973 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 09:04:59.621200 0.192600 tcp 10.0.2.109 53974 -> 195.113.214.211 443 SRPA* 0 0 41 34010 flow=From-Botnet-V1-TCP-Established 1970/01/14 09:04:59.815107 0.164614 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:04:59.980151 0.142841 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:00.123450 0.123322 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:00.247184 0.042292 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:00.289879 0.048795 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:00.339066 0.192035 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:00.531487 0.091627 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:00.623518 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 09:05:19.181401 0.053356 tcp 10.0.2.109 53975 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 09:05:19.235045 0.053301 tcp 10.0.2.109 53976 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 09:05:19.288614 0.144761 tcp 10.0.2.109 53977 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/14 09:05:19.433927 0.057244 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:19.491542 0.058170 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:19.550057 0.036236 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:19.586611 0.149565 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:19.736576 0.145953 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:19.882906 0.158689 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:20.042088 0.318698 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:20.361182 0.146780 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:20.508313 0.171167 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:20.679839 0.159967 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:20.840216 0.151320 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:20.991950 0.191836 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:21.184175 0.052650 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:21.237178 0.138599 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:21.376155 1.469086 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:22.845594 0.288183 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:23.134202 0.207140 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:23.341753 0.176942 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:23.519150 0.172736 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:23.692270 0.343506 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:24.036105 0.071053 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:24.107638 0.153231 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:24.261253 0.135096 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:24.396750 0.177893 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:24.575045 0.079376 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:05:25.950659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:11:29.956533 3.031267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 09:11:36.994106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:11:44.995646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:12:00.998615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:12:33.004113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:15:14.747530 0.000184 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 09:15:14.747837 0.569014 tcp 10.0.2.109 53978 -> 176.73.169.112 1959 FSPA* 0 0 15 1767 flow=From-Botnet-V1-TCP-Established 1970/01/14 09:18:37.009993 3.001794 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 09:18:44.017775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:18:52.018950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:19:08.022260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:19:40.028259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:25:44.034816 3.001307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 09:25:51.041768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:25:59.043765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:26:15.046070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:26:47.052416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:32:51.058429 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 09:32:58.065909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:33:06.067193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:33:22.070275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:33:54.076547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:35:45.557177 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 09:35:45.557372 0.054980 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:45.612787 0.408263 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.021418 0.158873 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.180655 0.123346 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.304423 0.049233 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.354082 0.060893 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.415365 0.101301 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.517070 0.043162 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.560668 0.149315 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.710475 0.035446 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.746468 0.133731 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:46.880612 0.152428 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:47.033363 0.159662 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:47.193443 0.057675 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:47.251506 0.054504 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:47.306370 0.590408 udp 10.0.2.109 3683 <-> 201.209.10.129 5879 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:47.897172 0.147083 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:48.044660 0.172795 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:48.217840 0.157364 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:48.375624 0.149460 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:48.525489 0.143282 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:48.669174 0.185505 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:48.855081 0.052786 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:48.908274 0.367624 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:49.276284 0.304194 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:49.580865 0.282825 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:49.864069 0.179126 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:50.043527 0.073724 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:50.117669 0.373726 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:50.491789 0.148150 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:50.640351 0.178436 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:50.819168 0.071237 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:50.890803 0.069069 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:35:50.960272 0.156615 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 09:39:58.082825 3.031273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 09:40:05.120000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:40:13.121540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:40:29.124308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:41:01.130499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:45:15.316478 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 09:45:15.316824 0.501989 tcp 10.0.2.109 53979 -> 176.73.169.112 1959 FSPA* 0 0 15 1640 flow=From-Botnet-V1-TCP-Established 1970/01/14 09:47:05.136387 3.001263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 09:47:12.143764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:47:20.145309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:47:36.147954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:48:08.154367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:54:12.159678 3.002107 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 09:54:19.167345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:54:27.168804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:54:43.172252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 09:55:15.178053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:01:19.185270 3.000784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 10:01:26.191995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:01:34.193416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:01:50.196109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:02:22.201806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:06:04.001084 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 10:06:04.001182 0.049529 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:04.051149 0.135065 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:04.186614 0.161437 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:04.348441 0.123616 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:04.472465 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 10:06:21.778493 0.052997 tcp 10.0.2.109 53980 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:06:21.831804 0.053074 tcp 10.0.2.109 53981 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:06:21.885172 0.146960 tcp 10.0.2.109 53982 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:06:22.032628 0.078481 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:22.111517 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 10:06:38.080477 0.053170 tcp 10.0.2.109 53983 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:06:38.133424 0.053115 tcp 10.0.2.109 53984 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:06:38.186826 0.230061 tcp 10.0.2.109 53985 -> 195.113.214.211 443 SRPA* 0 0 59 37906 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:06:38.415483 0.043198 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:38.459030 0.138856 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:38.598436 0.035573 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:38.634627 0.142175 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:38.777232 0.142254 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:38.919898 0.055612 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:38.975887 0.000000 udp 10.0.2.109 3683 -> 201.209.10.129 5879 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 10:06:56.847344 0.052277 tcp 10.0.2.109 53986 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:06:56.899907 0.053452 tcp 10.0.2.109 53987 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:06:56.953631 0.161505 tcp 10.0.2.109 53988 -> 195.113.214.211 443 SRPA* 0 0 41 31962 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:06:57.115788 0.163594 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:57.279732 0.052991 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:57.333149 0.134758 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:57.468233 0.178897 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:57.647522 0.215948 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:57.863874 0.148231 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:58.012469 0.137349 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:58.150256 0.189211 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:58.339904 0.051374 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:58.391688 0.206938 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:58.599046 0.682897 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:59.282331 0.300685 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:59.583375 0.182198 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:59.765963 0.074002 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:06:59.840329 0.339752 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:07:00.180453 0.136066 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:07:00.316876 0.176328 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:07:00.493609 0.073559 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:07:00.567600 0.074236 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:07:00.642391 0.154258 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:08:26.208499 3.001157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 10:08:33.215569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:08:41.217485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:08:57.220295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:09:29.226378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:15:15.825084 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 10:15:15.825306 0.620629 tcp 10.0.2.109 53989 -> 176.73.169.112 1959 FSPA* 0 0 15 1688 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:15:33.232107 3.112114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 10:15:40.350208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:15:48.350998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:16:04.353871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:16:36.359978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:22:40.366665 3.001039 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 10:22:47.373569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:22:55.375031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:23:11.377872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:23:43.384228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:29:47.390338 3.001178 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 10:29:54.397292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:30:02.398908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:30:18.402017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:30:50.408254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:36:54.415249 3.000822 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 10:37:01.421575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:37:09.422789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:37:25.425863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:37:25.476255 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 10:37:25.476340 0.048272 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:25.524983 0.105859 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:25.631201 0.000000 udp 10.0.2.109 3683 -> 201.209.10.129 5879 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 10:37:41.611691 0.053186 tcp 10.0.2.109 53990 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:37:41.665221 0.056064 tcp 10.0.2.109 53991 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:37:41.721140 0.128473 tcp 10.0.2.109 53992 -> 195.113.214.211 443 SRPA* 0 0 33 23584 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:37:41.867263 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 10:37:57.302701 0.051186 tcp 10.0.2.109 53993 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:37:57.354285 0.052775 tcp 10.0.2.109 53994 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:37:57.407357 0.153105 tcp 10.0.2.109 53995 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:37:57.432158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:37:57.559746 0.155047 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:57.715235 0.127288 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:57.842955 0.122609 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:57.965940 0.064807 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.031132 0.140650 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.172126 0.144884 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.317439 0.058949 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.376750 0.042046 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.419139 0.141819 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.561387 0.038020 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.599830 0.158845 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.759084 0.057534 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.817030 0.136600 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:58.954101 0.162728 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:59.117230 0.164542 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:59.282254 0.150460 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:59.433145 0.051316 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:59.484871 0.206845 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:59.692099 0.136558 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:37:59.828992 0.184771 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:00.014134 0.412896 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:00.427480 0.300777 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:00.728610 0.181679 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:00.910771 0.069649 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:00.980770 0.179916 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:01.161094 0.068078 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:01.229565 0.071551 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:01.301517 0.154270 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:01.456206 0.341309 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:38:01.797856 0.135280 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/14 10:44:01.438673 3.000943 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 10:44:08.445843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:44:16.447417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:44:32.450015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:45:04.455763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:45:16.503804 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 10:45:16.504097 0.507201 tcp 10.0.2.109 53996 -> 176.73.169.112 1959 FSPA* 0 0 15 1575 flow=From-Botnet-V1-TCP-Established 1970/01/14 10:51:08.462115 3.011572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 10:51:15.479260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:51:23.481400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:51:39.483958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:52:11.490404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:58:15.497018 3.000737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 10:58:22.503258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:58:30.505136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:58:46.507768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 10:59:18.514026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:05:22.520837 3.020732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 11:05:29.547516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:05:37.548890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:05:53.551679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:06:25.557775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:08:03.909853 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 11:08:03.910098 0.054844 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:03.965343 0.049458 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:04.015195 0.091807 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:04.107410 0.123626 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:04.231427 0.075643 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:04.307488 0.159933 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:04.467834 0.138043 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:04.606316 0.145824 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:04.752542 0.147592 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:04.900550 0.055213 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:04.956163 0.000000 udp 10.0.2.109 3683 -> 81.136.245.57 3409 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 11:08:23.770091 0.053669 tcp 10.0.2.109 53997 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 11:08:23.824070 0.054716 tcp 10.0.2.109 53998 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 11:08:23.879098 0.150305 tcp 10.0.2.109 53999 -> 195.113.214.211 443 SRPA* 0 0 48 41100 flow=From-Botnet-V1-TCP-Established 1970/01/14 11:08:24.030000 0.143457 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:24.173817 0.049566 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:24.223996 0.218754 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:24.443184 0.059293 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:24.502878 0.143253 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:24.646534 0.168043 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:24.814950 0.167120 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:24.982410 0.147878 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:25.130671 0.052686 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:25.183718 0.476249 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:25.660368 0.136961 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:25.797761 0.185071 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:25.983338 0.180673 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:26.164409 0.074196 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:26.239046 0.276637 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:26.516094 0.303335 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:26.819845 0.183799 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:27.004031 0.079002 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:27.083448 0.070246 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:27.154090 0.154578 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:27.309067 0.340962 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:08:27.650425 0.132881 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:12:29.564678 3.001231 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 11:12:36.571564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:12:44.573214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:13:00.576084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:13:32.582077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:15:17.012545 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 11:15:17.012645 0.691092 tcp 10.0.2.109 54000 -> 176.73.169.112 1959 FSPA* 0 0 15 1574 flow=From-Botnet-V1-TCP-Established 1970/01/14 11:19:36.588874 3.081221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 11:19:43.675930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:19:51.677099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:20:07.680344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:20:39.685850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:26:43.692600 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 11:26:50.699811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:26:58.701014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:27:14.703985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:27:46.710337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:33:50.715919 3.001806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 11:33:57.723651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:34:05.724898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:34:21.727739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:34:53.734157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:38:57.014490 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 11:38:57.014591 0.044827 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:38:57.059851 0.053207 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:38:57.113486 0.043351 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:38:57.157226 2.131632 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:38:59.289258 0.088061 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:38:59.377681 0.133668 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:38:59.511700 0.145311 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:38:59.657419 0.147963 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:38:59.805761 0.053933 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:38:59.860104 0.164947 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:00.025432 0.123520 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:00.149371 0.142011 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:00.291803 0.037077 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:00.329228 0.159860 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:00.489485 0.055958 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:00.545857 0.146351 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:00.692611 0.160599 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:00.866895 0.161146 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:01.028416 0.649293 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:01.678086 0.137369 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:01.815778 0.265516 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:02.081647 0.147591 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:02.229591 0.051537 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:02.281488 0.176203 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:02.458108 0.077539 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:02.536066 0.261450 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:02.797892 0.298820 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:03.097049 0.179191 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:03.276654 0.074906 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:03.351907 0.329722 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:03.681995 0.134468 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:03.816841 0.072506 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:39:03.889774 0.154355 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/14 11:40:57.740653 3.001189 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 11:41:04.747588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:41:12.749267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:41:28.751627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:42:00.758273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:45:17.742200 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 11:45:17.742307 0.503245 tcp 10.0.2.109 54001 -> 176.73.169.112 1959 FSPA* 0 0 14 1732 flow=From-Botnet-V1-TCP-Established 1970/01/14 11:48:04.763600 3.002370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 11:48:11.771373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:48:19.772628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:48:35.776137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:49:07.782043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:55:11.808374 3.001218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 11:55:18.815055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:55:26.817181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:55:42.820150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 11:56:14.825968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:02:18.832237 3.001345 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 12:02:25.839685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:02:33.841156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:02:49.844195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:03:21.849799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:09:07.817526 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 12:09:07.817802 0.041837 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:07.860022 0.043713 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:07.904118 0.051753 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:07.956271 2.131748 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:10.088411 0.091086 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:10.193623 0.135967 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:10.330082 0.136372 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:10.466856 0.146047 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:10.613247 0.052550 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:10.666196 0.154352 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:10.820930 0.120964 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:10.942308 0.142460 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:11.085167 0.035497 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:11.121030 0.157755 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:11.279129 0.056005 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:11.335530 0.134103 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:11.470027 0.162877 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:11.633296 0.170761 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:11.804530 0.205462 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:12.010422 0.136865 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:12.147678 0.185450 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:12.333535 0.150059 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:12.484037 0.052697 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:12.537133 0.178882 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:12.716383 0.566740 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:13.283551 0.261579 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:13.545565 0.145068 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:13.691029 0.365087 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:14.056520 0.177125 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:14.234056 0.071475 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:14.305871 0.302553 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:14.608764 0.178413 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:14.787595 0.155361 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:09:25.856810 3.001099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 12:09:32.863758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:09:40.865033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:09:56.867684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:10:28.873645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:15:18.250103 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 12:15:18.250201 0.471512 tcp 10.0.2.109 54002 -> 176.73.169.112 1959 FSPA* 0 0 14 1634 flow=From-Botnet-V1-TCP-Established 1970/01/14 12:16:32.880717 3.000508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 12:16:39.887257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:16:47.889013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:17:03.891457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:17:35.897716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:23:39.903742 3.002147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 12:23:46.911614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:23:54.912888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:24:10.916046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:24:42.921502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:30:46.928388 3.000842 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 12:30:53.935384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:31:01.936750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:31:17.939619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:31:49.946052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:37:53.951788 3.001905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 12:38:00.959144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:38:08.960780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:38:24.963903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:38:56.970250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:39:36.176902 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 12:39:36.177151 0.047932 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:36.225435 0.058445 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:36.284300 0.043615 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:36.328245 0.000000 udp 10.0.2.109 3683 -> 80.177.149.34 2494 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 12:39:53.523462 0.052954 tcp 10.0.2.109 54003 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 12:39:53.576700 0.054203 tcp 10.0.2.109 54004 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 12:39:53.630765 0.149878 tcp 10.0.2.109 54005 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/14 12:39:53.781125 0.092631 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:53.874287 0.273830 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:54.148500 0.148446 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:54.297317 0.146549 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:54.444258 0.051721 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:54.496371 0.154337 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:54.651109 0.123236 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:54.774752 0.141406 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:54.916569 0.035309 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:54.952270 0.157674 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:55.110476 0.055055 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:55.165960 0.132772 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:55.299094 0.166626 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:55.466165 0.183147 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:55.649757 0.207532 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:55.857711 0.151499 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:56.009658 0.051883 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:56.061951 0.179368 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:56.241663 0.138351 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:56.380429 0.185165 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:56.566033 0.598714 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:57.165158 0.321219 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:57.486778 0.073417 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:57.560555 0.072517 udp 10.0.2.109 3683 <-> 94.69.181.33 17363 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:57.633487 0.299643 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:57.933540 0.178202 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:58.112137 0.155195 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:58.267776 0.354534 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:39:58.622710 0.145462 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/14 12:45:00.975772 3.021906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 12:45:08.003397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:45:16.004777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:45:18.729106 0.000188 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 12:45:18.729386 0.686677 tcp 10.0.2.109 54006 -> 176.73.169.112 1959 FSPA* 0 0 15 1598 flow=From-Botnet-V1-TCP-Established 1970/01/14 12:45:32.007736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:46:04.013853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:52:08.020558 3.000695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 12:52:15.027174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:52:23.028308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:52:39.031967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:53:11.037786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:59:15.044482 3.001289 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 12:59:22.051539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:59:30.052757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 12:59:46.055870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:00:18.061997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:06:22.068429 3.000570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 13:06:29.075080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:06:37.076506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:06:53.079734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:07:25.085299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:10:14.399486 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 13:10:14.399695 2.342831 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:16.742892 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 13:10:35.321040 0.040444 tcp 10.0.2.109 54007 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:10:35.361752 0.031313 tcp 10.0.2.109 54008 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:10:35.393297 0.165674 tcp 10.0.2.109 54009 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:10:35.559639 0.052263 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:35.612308 0.042007 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:35.654664 0.089734 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:35.744789 0.138320 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:35.883545 0.140877 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:36.024829 0.143580 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:36.168818 0.053839 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:36.223053 0.161416 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:36.384902 0.206540 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:36.591881 0.140761 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:36.733081 0.039491 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:36.772977 0.158487 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:36.931867 0.051377 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:36.983559 0.143819 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:37.127793 0.166767 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:37.294925 0.159858 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:37.455190 0.234641 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:37.690274 0.150264 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:37.840943 0.141912 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:37.983253 0.190220 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:38.173817 0.052611 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:38.226770 0.175570 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:38.402756 0.978052 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:39.381240 0.265775 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:39.647382 0.074212 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:39.721964 0.000000 udp 10.0.2.109 3683 -> 94.69.181.33 17363 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 13:10:58.663023 0.030486 tcp 10.0.2.109 54010 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:10:58.693779 0.031841 tcp 10.0.2.109 54011 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:10:58.725426 0.141583 tcp 10.0.2.109 54012 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:10:58.867230 0.304090 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:59.171746 0.364160 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:59.536347 0.132479 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:59.669222 0.183224 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:10:59.852901 0.153331 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:13:29.091498 3.002119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 13:13:36.099358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:13:44.100480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:14:00.103567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:14:32.109770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:15:19.417933 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 13:15:19.418033 0.611404 tcp 10.0.2.109 54013 -> 176.73.169.112 1959 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:20:36.116526 3.000588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 13:20:43.122968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:20:51.124775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:21:07.127724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:21:39.133763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:27:43.139606 3.001528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 13:27:50.147416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:27:58.149025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:28:14.151718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:28:46.157784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:34:50.163558 3.001603 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 13:34:57.171289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:35:05.172194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:35:21.175610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:35:53.181685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:41:24.688047 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 13:41:24.688147 0.100291 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:41:24.788806 0.000000 udp 10.0.2.109 3683 -> 94.69.181.33 17363 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 13:41:43.046349 0.031576 tcp 10.0.2.109 54014 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:41:43.078291 0.031288 tcp 10.0.2.109 54015 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:41:43.109875 0.130879 tcp 10.0.2.109 54016 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:41:43.239789 2.458618 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:41:45.698802 0.089010 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:41:45.788166 0.136213 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:41:45.924737 0.054785 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:41:45.979936 0.044718 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:41:46.025080 0.053615 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:41:46.079051 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 13:41:57.187791 3.001366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 13:42:03.354504 0.030186 tcp 10.0.2.109 54017 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:42:03.384993 0.031933 tcp 10.0.2.109 54018 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:42:03.417173 0.121590 tcp 10.0.2.109 54019 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:42:03.539474 0.123056 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:03.662904 0.144675 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:03.807970 0.145497 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:03.953851 0.035175 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:03.989379 0.166624 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:04.156457 0.055561 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:04.194798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:42:04.212434 0.140266 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:04.353106 0.163695 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:04.517197 0.466173 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:04.983770 0.147268 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:05.131434 0.138020 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:05.269838 0.180489 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:05.450732 0.142177 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:05.593332 0.172919 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:05.766647 0.179596 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:05.946643 0.052775 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:05.999840 0.074536 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:06.074783 0.521527 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:06.596704 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 13:42:12.196353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:42:15.670649 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 13:42:15.671164 0.140041 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:15.671604 3.201234 tcp 10.0.2.109 54020 -> 75.92.139.157 6108 SPA_* 0 0 6 613 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:42:15.811620 0.172444 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:15.984460 0.153050 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:16.137898 0.304294 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:16.442620 0.354354 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/14 13:42:28.199493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:42:31.927061 3.752930 tcp 10.0.2.109 54020 -> 75.92.139.157 6108 A_PA 0 0 7 3098 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:42:42.787931 0.203100 tcp 10.0.2.109 54020 -> 75.92.139.157 6108 A_PA 0 0 2 1444 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:42:51.828295 0.205234 tcp 10.0.2.109 54020 -> 75.92.139.157 6108 A_PA 0 0 2 132 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:42:57.119034 0.202336 tcp 10.0.2.109 54020 -> 75.92.139.157 6108 A_PA 0 0 2 128 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:43:00.205609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:43:27.113999 0.000074 tcp 10.0.2.109 54020 -> 75.92.139.157 6108 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:43:36.220098 0.000157 tcp 10.0.2.109 54020 -> 75.92.139.157 6108 RA_A 0 0 2 1528 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:45:20.036945 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 13:45:20.037130 0.784832 tcp 10.0.2.109 54021 -> 176.73.169.112 1959 FSPA* 0 0 15 1587 flow=From-Botnet-V1-TCP-Established 1970/01/14 13:49:04.211214 3.001872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 13:49:11.218603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:49:19.220553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:49:35.223328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:50:07.229752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:56:11.236361 3.001046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 13:56:18.242663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:56:26.244053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:56:42.247380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 13:57:14.253227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:03:18.260179 3.000845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 14:03:25.267168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:03:33.268122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:03:49.271531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:04:21.277431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:10:25.283696 3.001723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 14:10:32.290432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:10:40.292074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:10:56.295328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:11:28.301577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:12:34.136715 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 14:12:34.136903 0.157845 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:34.295178 0.043614 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:34.369947 0.049436 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:34.419776 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 14:12:52.203304 0.031270 tcp 10.0.2.109 54022 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:12:52.234830 0.032833 tcp 10.0.2.109 54023 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:12:52.267962 0.129024 tcp 10.0.2.109 54024 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:12:52.397489 0.065408 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:52.463283 0.125089 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:52.588848 0.052212 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:52.589300 2.997709 tcp 10.0.2.109 54025 -> 24.222.53.20 8009 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:12:52.641464 0.043882 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:52.685731 0.136590 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:52.822689 0.035601 udp 10.0.2.109 3683 <-> 77.22.244.77 9684 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:52.858723 0.124188 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:52.983381 0.139366 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:53.123129 0.159470 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:53.282935 0.053935 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:53.337270 0.141562 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:53.479271 0.198293 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:53.678151 0.207082 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:53.885568 0.165349 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:54.051319 0.146192 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:54.197946 0.178672 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:54.377030 0.179445 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:54.556829 0.053651 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:54.610946 0.149607 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:54.760900 0.136441 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:54.897741 0.069967 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:54.968054 0.517287 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:55.485720 0.179391 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:12:55.665584 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 14:13:01.585480 0.000000 tcp 10.0.2.109 54025 -> 24.222.53.20 8009 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:13:01.915448 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 14:13:01.915857 0.137176 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:13:02.053440 0.376408 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:13:02.430359 0.154173 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:13:02.584929 0.299420 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:15:20.825728 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 14:15:20.825866 0.526158 tcp 10.0.2.109 54026 -> 176.73.169.112 1959 FSPA* 0 0 15 1685 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:17:32.307041 3.002241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 14:17:39.345068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:17:47.346009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:18:03.349094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:18:35.355395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:24:39.361821 3.001463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 14:24:46.368586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:24:54.370026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:25:10.373060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:25:42.379688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:31:46.385970 3.000805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 14:31:53.392617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:32:01.393961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:32:17.397368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:32:49.403501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:38:53.408825 3.132378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 14:39:00.547264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:39:08.548398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:39:24.551587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:39:56.557351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:43:29.914584 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 14:43:29.914698 0.089661 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:43:30.004814 0.067178 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:43:30.072386 0.154410 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:43:30.227200 0.056458 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:43:30.284047 0.060172 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:43:30.344657 0.128925 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:43:30.474219 0.052752 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:43:30.474665 3.004730 tcp 10.0.2.109 54027 -> 24.222.53.20 8009 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:43:30.527329 0.042326 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:43:30.570032 0.136849 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:43:30.707270 0.000000 udp 10.0.2.109 3683 -> 77.22.244.77 9684 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 14:43:39.478009 0.000000 tcp 10.0.2.109 54027 -> 24.222.53.20 8009 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:43:46.220073 0.030931 tcp 10.0.2.109 54028 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:43:46.251341 0.031134 tcp 10.0.2.109 54029 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:43:46.282770 0.125666 tcp 10.0.2.109 54030 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:43:46.408776 0.000000 udp 10.0.2.109 3683 -> 67.237.9.201 1219 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 14:44:04.584260 0.030948 tcp 10.0.2.109 54031 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:44:04.615087 0.031443 tcp 10.0.2.109 54032 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:44:04.646804 0.123179 tcp 10.0.2.109 54033 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:44:04.770735 0.141015 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:04.912163 0.158148 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:05.070716 0.053141 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:05.124221 0.139617 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:05.264240 0.161400 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:05.264604 3.004799 tcp 10.0.2.109 54034 -> 174.91.197.106 6016 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:44:05.425985 0.205302 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:05.631705 0.161162 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:05.793279 0.137174 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:05.930871 0.179740 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:06.111001 0.183822 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:06.295164 0.052438 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:06.347996 0.146353 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:06.494804 0.136596 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:06.631767 0.074991 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:06.707320 0.434340 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:07.141986 0.178045 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:07.320379 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 14:44:13.879964 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 14:44:13.880384 0.152466 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:14.033284 0.304232 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:14.268111 0.000000 tcp 10.0.2.109 54034 -> 174.91.197.106 6016 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:44:14.337908 0.132770 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:44:14.471157 0.373109 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/14 14:45:21.415392 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 14:45:21.415510 3.003257 tcp 10.0.2.109 54035 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:45:30.417630 0.000000 tcp 10.0.2.109 54035 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:45:36.416627 0.030735 tcp 10.0.2.109 54036 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:45:36.447638 0.032603 tcp 10.0.2.109 54037 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:45:36.480510 0.129599 tcp 10.0.2.109 54038 -> 195.113.214.211 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:45:36.633379 2.997344 tcp 10.0.2.109 54039 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:45:45.629302 0.000000 tcp 10.0.2.109 54039 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 14:45:51.628328 0.030271 tcp 10.0.2.109 54040 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:45:51.658843 0.031733 tcp 10.0.2.109 54041 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:45:51.690917 0.128614 tcp 10.0.2.109 54042 -> 195.113.214.211 443 SRPA* 0 0 36 18262 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:45:51.856541 1.745750 tcp 10.0.2.109 54043 -> 190.200.221.34 1330 SPA_* 0 0 9 1173 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:45:59.691942 0.055574 tcp 10.0.2.109 54043 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 14:46:00.564253 3.000849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 14:46:07.570580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:46:15.572178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:46:31.575412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:47:03.581239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:53:07.588316 3.000652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 14:53:14.594594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:53:22.596357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:53:38.599570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 14:54:10.605402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:00:14.611842 3.000911 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 15:00:21.618740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:00:29.620111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:00:45.623144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:01:17.629321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:07:21.736184 3.000598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 15:07:28.743100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:07:36.744100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:07:52.747251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:08:24.753622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:14:22.037334 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 15:14:22.037413 3.123056 udp 10.0.2.109 3683 -> 67.237.9.201 1219 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 15:14:25.160469 0.000000 icmp 67.237.9.201 0x0103 -> 10.0.2.109 0x43ed URH 192 1 167 flow=Background 1970/01/14 15:14:28.760681 3.000466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 15:14:35.766705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:14:40.706083 0.031701 tcp 10.0.2.109 54044 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:14:40.738052 0.031650 tcp 10.0.2.109 54045 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:14:40.770013 0.125543 tcp 10.0.2.109 54046 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:14:40.895861 0.000000 udp 10.0.2.109 3683 -> 77.22.244.77 9684 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 15:14:43.768372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:14:59.181087 0.030340 tcp 10.0.2.109 54047 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:14:59.211743 0.031366 tcp 10.0.2.109 54048 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:14:59.242953 0.126274 tcp 10.0.2.109 54049 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:14:59.400818 0.089059 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:14:59.490447 0.043605 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:14:59.534482 0.051958 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:14:59.586784 0.050232 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:14:59.637417 0.042292 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:14:59.680043 0.144356 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:14:59.771454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:14:59.824804 0.155287 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:14:59.980423 0.197837 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:00.178689 0.083435 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:00.178994 2.997463 tcp 10.0.2.109 54050 -> 24.222.53.20 8009 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 15:15:00.262595 0.142847 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:00.405871 0.161639 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:00.567886 0.055253 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:00.623516 0.139963 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:00.763889 0.161786 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:00.926089 0.205616 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:01.132086 0.178154 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:01.310592 0.137462 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:01.448462 0.052755 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:01.501769 0.145879 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:01.648074 0.134676 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:01.783148 0.000000 udp 10.0.2.109 3683 -> 2.85.7.32 2179 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 15:15:09.174909 0.000000 tcp 10.0.2.109 54050 -> 24.222.53.20 8009 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 15:15:18.068295 0.053701 tcp 10.0.2.109 54051 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:15:18.122304 0.031986 tcp 10.0.2.109 54052 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:15:18.154263 0.126777 tcp 10.0.2.109 54053 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:15:18.281747 0.174160 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:18.456257 0.183703 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:18.640384 0.525408 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:19.166249 0.173015 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:19.339728 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 15:15:27.910849 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 15:15:27.911383 0.155265 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:27.911980 2.993751 tcp 10.0.2.109 54054 -> 75.92.139.157 6108 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 15:15:28.067049 0.374851 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:28.442334 0.301988 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:28.744723 0.137462 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:15:31.777517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:15:33.748835 0.000354 tcp 10.0.2.109 54054 -> 75.92.139.157 6108 PA_SA 0 0 4 324 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:15:41.576515 4.812222 tcp 10.0.2.109 54054 -> 75.92.139.157 6108 A_PA 0 0 6 3044 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:15:46.588821 3.244715 tcp 10.0.2.109 54054 -> 75.92.139.157 6108 A_PA 0 0 5 2942 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:15:54.493829 1.468098 tcp 10.0.2.109 54054 -> 75.92.139.157 6108 A_PA 0 0 4 2912 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:15:59.788129 3.487948 tcp 10.0.2.109 54055 -> 190.200.221.34 1330 SPA_* 0 0 10 1269 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:16:01.713908 0.206418 tcp 10.0.2.109 54054 -> 75.92.139.157 6108 A_PA 0 0 2 812 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:16:24.160001 0.280826 tcp 10.0.2.109 54055 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:16:28.800757 0.399262 tcp 10.0.2.109 54054 -> 75.92.139.157 6108 A_PA 0 0 4 1668 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:16:59.002914 0.000074 tcp 10.0.2.109 54054 -> 75.92.139.157 6108 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:17:15.350469 0.000182 tcp 10.0.2.109 54054 -> 75.92.139.157 6108 RA_PA 0 0 2 1468 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:21:35.783499 3.001201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 15:21:42.790608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:21:50.792730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:22:06.795618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:22:38.801628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:28:42.808087 3.000875 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 15:28:49.814615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:28:57.816334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:29:13.819415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:29:45.825120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:35:49.832147 3.000601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 15:35:56.838857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:36:04.839891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:36:20.843079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:36:52.849480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:42:56.856169 3.000538 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 15:43:03.862789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:43:11.864344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:43:27.866990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:43:59.873094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:45:49.281023 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 15:45:49.281131 0.316796 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:45:49.598404 0.057139 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:45:49.598781 4.993597 tcp 10.0.2.109 54056 -> 2.85.7.32 6858 SPA_* 0 0 126 88871 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:45:49.655924 0.047577 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:45:49.703860 0.051054 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:45:49.755286 0.146402 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:45:49.902225 0.138285 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:45:50.040877 0.161633 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:45:50.202915 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 15:45:54.810476 4.988216 tcp 10.0.2.109 54056 -> 2.85.7.32 6858 A_PA 0 0 141 103870 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:45:59.824702 4.946991 tcp 10.0.2.109 54056 -> 2.85.7.32 6858 A_PA 0 0 168 123760 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:46:04.835471 4.989902 tcp 10.0.2.109 54056 -> 2.85.7.32 6858 A_PA 0 0 144 106080 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:46:08.740333 0.030758 tcp 10.0.2.109 54057 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:46:08.771329 0.031329 tcp 10.0.2.109 54058 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:46:08.802857 0.122853 tcp 10.0.2.109 54059 -> 195.113.214.211 443 SRPA* 0 0 25 13040 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:46:08.926595 0.143100 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:09.070047 0.139114 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:09.209550 0.058195 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:09.268113 0.139606 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:09.408050 0.170647 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:09.579145 0.160409 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:09.740005 0.063551 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:09.803916 0.180848 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:09.851022 4.013111 tcp 10.0.2.109 54056 -> 2.85.7.32 6858 FPA_* 0 0 113 78700 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:46:09.985159 0.053374 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:10.038890 0.146374 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:10.185679 0.136345 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:10.322417 0.202836 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:10.525646 0.166961 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:10.692988 0.172793 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:10.866313 0.183708 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:11.050388 0.548062 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:11.598796 0.177188 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:11.776327 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 15:46:19.289146 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 15:46:19.289506 0.300712 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:19.590558 0.134875 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:19.725857 0.208532 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:19.934802 0.364300 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/14 15:46:24.481335 2.970675 tcp 10.0.2.109 54060 -> 190.200.221.34 1330 SPA_* 0 0 9 1078 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:46:49.091048 0.196029 tcp 10.0.2.109 54060 -> 190.200.221.34 1330 A_PA 0 0 2 340 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:46:55.436616 0.014981 tcp 10.0.2.109 54060 -> 190.200.221.34 1330 FA_F* 0 0 5 275 flow=From-Botnet-V1-TCP-Established 1970/01/14 15:50:03.920022 3.001067 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 15:50:10.926975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:50:18.928422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:50:34.931327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:51:06.936919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:57:10.944070 3.000503 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 15:57:17.950844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:57:25.951983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:57:41.955547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 15:58:13.960887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:04:17.967718 3.001416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 16:04:24.974338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:04:32.976035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:04:48.979074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:05:20.985357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:11:24.991049 3.001899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 16:11:31.998753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:11:40.000353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:11:56.003218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:12:28.009437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:16:33.392124 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 16:16:33.392262 0.101968 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:33.494615 0.047725 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:33.542746 0.046417 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:33.598978 0.138367 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:33.770046 0.048263 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:33.818683 0.079995 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:33.899129 0.048247 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:33.947807 0.159487 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:34.107674 0.143745 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:34.251867 0.137798 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:34.390069 0.056608 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:34.447026 0.141724 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:34.589076 0.156384 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:34.745889 0.156719 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:34.903021 0.061167 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:34.964554 0.132349 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:35.097339 0.051687 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:35.149490 0.206013 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:35.355928 0.163837 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:35.520182 0.172756 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:35.693293 0.189540 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:35.883273 0.149271 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:36.032957 0.139900 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:36.173207 0.099443 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:36.272984 0.177299 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:36.450703 0.137346 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:36.588529 0.149835 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:36.738784 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 16:16:45.142845 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 16:16:45.143184 0.298836 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:45.442409 0.355852 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:16:55.453947 1.907791 tcp 10.0.2.109 54061 -> 190.200.221.34 1330 SPA_* 0 0 9 1068 flow=From-Botnet-V1-TCP-Established 1970/01/14 16:17:13.656768 0.050403 tcp 10.0.2.109 54061 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 16:18:32.015820 3.000801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 16:18:39.022744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:18:47.023842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:19:03.027173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:19:35.033446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:25:39.040097 3.000706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 16:25:46.046617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:25:54.047910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:26:10.051489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:26:42.056963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:32:46.063072 3.001520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 16:32:53.070355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:33:01.072128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:33:17.074730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:33:49.081301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:39:53.087681 3.031224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 16:40:00.124732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:40:08.125849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:40:24.129428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:40:56.134766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:47:00.141295 3.001419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 16:47:07.148775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:47:12.746606 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 16:47:12.746761 0.046244 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:12.793374 0.155987 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:12.949792 0.047913 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:12.998054 0.108818 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:13.107303 0.054959 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:13.162628 0.102853 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:13.265887 0.051263 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:13.317607 0.164660 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:13.482624 0.141217 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:13.624301 0.158052 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:13.708384 1.811830 tcp 10.0.2.109 54062 -> 190.200.221.34 1330 SPA_* 0 0 7 924 flow=From-Botnet-V1-TCP-Established 1970/01/14 16:47:13.782695 0.054099 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:13.837195 0.140100 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:13.977646 0.157385 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:14.135433 0.159340 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:14.295197 0.059540 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:14.355079 0.138506 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:14.493988 0.052639 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:14.547050 0.206629 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:14.754235 0.182926 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:14.937580 0.175186 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:15.113117 0.187009 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:15.149850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:47:15.300504 0.149779 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:15.450691 0.178368 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:15.629490 0.135219 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:15.765144 0.153132 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:15.918689 0.135977 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:16.055078 0.073103 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:16.128594 0.348979 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:16.477944 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 16:47:25.755637 0.046634 tcp 10.0.2.109 54062 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 16:47:29.034496 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 16:47:29.034888 0.299535 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/14 16:47:31.152871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:48:03.159055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:54:07.164873 3.002037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 16:54:14.172314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:54:22.173825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:54:38.177299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 16:55:10.182819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:01:14.188793 3.001727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 17:01:21.196080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:01:29.197797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:01:45.201018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:02:17.206859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:08:21.213437 3.000937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 17:08:28.220297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:08:36.222288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:08:52.225025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:09:24.231025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:15:28.237739 3.000702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 17:15:35.244510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:15:43.266242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:15:59.268818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:16:31.274940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:17:25.803531 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 17:17:25.803729 3.941063 tcp 10.0.2.109 54063 -> 190.200.221.34 1330 SPA_* 0 0 10 1249 flow=From-Botnet-V1-TCP-Established 1970/01/14 17:17:36.646577 0.049888 tcp 10.0.2.109 54063 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 17:17:50.398653 0.040595 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:17:50.439628 0.044088 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:17:50.484085 0.140844 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:17:50.625308 0.069997 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:17:50.695684 0.046824 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:17:50.742874 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 17:18:06.853899 0.031557 tcp 10.0.2.109 54064 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 17:18:06.885797 0.030890 tcp 10.0.2.109 54065 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 17:18:06.916973 0.122167 tcp 10.0.2.109 54066 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/14 17:18:07.039774 0.058861 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:07.098989 0.156929 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:07.256297 0.142695 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:07.399419 0.128507 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:07.528312 0.055843 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:07.584544 0.141359 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:07.726334 0.161710 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:07.888463 0.162233 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:08.051117 0.060212 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:08.111726 0.151209 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:08.263349 0.052360 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:08.316052 0.204665 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:08.521069 0.168302 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:08.689806 0.174755 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:08.864921 0.179412 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:09.044760 0.167676 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:09.212785 0.177503 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:09.390684 0.134334 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:09.525433 0.151767 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:09.677595 0.137082 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:09.815031 0.076689 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:09.892112 0.353561 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:18:10.246152 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 17:18:20.554375 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 17:18:20.554733 0.299542 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:22:35.282601 3.000183 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 17:22:42.288628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:22:50.290085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:23:06.292829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:23:38.298709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:29:42.304739 3.001963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 17:29:49.311958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:29:57.314008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:30:13.316708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:30:45.322856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:36:49.329263 3.001273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 17:36:56.335941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:37:04.337689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:37:20.340439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:37:52.346944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:43:56.353057 3.001395 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 17:44:03.359918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:44:11.361982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:44:27.364789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:44:59.410618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:47:36.707587 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 17:47:36.707680 2.607631 tcp 10.0.2.109 54067 -> 190.200.221.34 1330 SPA_* 0 0 9 1182 flow=From-Botnet-V1-TCP-Established 1970/01/14 17:47:55.128667 0.195620 tcp 10.0.2.109 54067 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 17:48:42.301615 0.089004 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:42.391033 0.072918 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:42.464317 0.048676 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:42.513377 0.046687 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:42.560406 0.043452 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:42.604276 0.139333 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:42.744007 0.049550 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:42.793996 0.160331 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:42.954679 0.152702 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:43.107774 0.131485 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:43.239608 0.054189 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:43.294253 0.140977 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:43.435596 0.158059 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:43.594044 0.155582 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:43.749980 0.308735 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:44.059084 0.145787 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:44.205226 0.052559 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:44.258205 0.204056 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:44.462692 0.165110 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:44.628199 0.177720 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:44.806402 0.184014 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:44.990815 0.161103 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:45.152322 0.179493 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:45.332241 0.143870 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:45.476509 0.155146 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:45.632014 0.134681 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:45.767146 0.073065 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:45.840625 0.374802 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:46.215874 0.351095 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:46.567327 0.297862 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/14 17:48:47.228262 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 17:51:03.417283 3.001166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 17:51:10.424140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:51:18.426242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:51:34.428937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:52:06.434945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:58:10.440959 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 17:58:17.448230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:58:25.449665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:58:41.452635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 17:59:13.459225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:05:17.464550 3.011550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 18:05:24.482032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:05:32.483846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:05:48.486880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:06:20.492748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:12:24.498638 3.002078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 18:12:31.506207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:12:39.507672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:12:55.510368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:13:27.516626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:17:55.331998 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 18:17:55.332096 0.959455 tcp 10.0.2.109 54068 -> 190.200.221.34 1330 SPA_* 0 0 9 1150 flow=From-Botnet-V1-TCP-Established 1970/01/14 18:18:01.458738 0.044882 tcp 10.0.2.109 54068 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 18:18:54.728108 0.090432 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:54.818922 0.070364 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:54.889738 0.054866 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:54.945029 0.044016 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:54.989416 0.041469 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:55.031290 0.148921 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:55.180572 0.048448 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:55.229431 0.158661 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:55.388483 0.055067 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:55.443977 0.141158 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:55.585481 0.170767 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:55.756648 0.155972 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:55.913078 0.075200 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:55.988695 0.144891 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:56.133998 0.129421 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:56.263874 0.145669 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:56.410256 0.052568 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:56.463213 0.206070 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:56.669698 0.166865 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:56.836956 0.178201 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:57.015570 0.189422 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:57.205397 0.149338 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:57.355126 0.180267 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:57.535818 0.136208 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:57.672418 0.151381 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:57.824210 0.137363 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:57.961986 0.073490 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:58.035879 0.301445 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:58.337723 0.362420 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:58.700520 0.246033 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:18:59.233499 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 18:19:31.522967 3.001568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 18:19:38.530122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:19:46.531960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:20:02.534877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:20:34.540864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:26:38.547396 3.000688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 18:26:45.553935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:26:53.555513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:27:09.558899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:27:41.564464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:33:45.571030 3.000936 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 18:33:52.577890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:34:00.579917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:34:16.582449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:34:48.588727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:40:52.594753 3.001361 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 18:40:59.601971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:41:07.603826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:41:23.606255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:41:55.612243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:47:59.618582 3.001812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 18:48:01.509606 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 18:48:01.509913 1.153535 tcp 10.0.2.109 54069 -> 190.200.221.34 1330 SPA_* 0 0 9 1165 flow=From-Botnet-V1-TCP-Established 1970/01/14 18:48:06.625947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:48:08.221779 0.137940 tcp 10.0.2.109 54069 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 18:48:14.627686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:48:30.630955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:49:02.636450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:49:10.007416 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 18:49:10.007572 0.044462 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.052488 0.045718 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.098608 0.042410 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.141430 0.089175 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.230984 0.071230 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.302595 0.135854 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.438844 0.053546 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.492772 0.156600 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.649805 0.056663 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.706831 0.137902 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:10.845138 0.166796 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:11.012334 0.160765 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:11.173505 0.064867 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:11.238837 0.144303 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:11.383530 0.134760 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:11.518669 0.137236 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:11.656322 0.052523 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:11.709181 0.241014 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:11.950595 0.162207 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:12.113156 0.177620 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:12.291111 0.184644 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:12.476187 0.146565 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:12.623143 0.180114 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:12.803649 0.131115 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:12.935112 0.155972 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:13.091458 0.139078 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:13.230970 0.075612 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:13.306943 0.279418 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:13.586777 0.298610 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:49:13.885779 0.363641 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/14 18:55:06.643215 3.000763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 18:55:13.649928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:55:21.651581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:55:37.654289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 18:56:09.660496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:02:13.667161 3.000733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 19:02:20.674158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:02:28.675233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:02:44.678121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:03:16.684698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:09:20.690031 3.001870 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 19:09:27.697794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:09:35.699641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:09:51.702494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:10:23.708682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:16:27.714899 3.001319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 19:16:34.722331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:16:42.723577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:16:58.726035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:17:30.732447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:18:08.367069 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 19:18:08.367162 3.003906 tcp 10.0.2.109 54070 -> 190.200.221.34 1330 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/14 19:18:13.384482 0.001966 tcp 10.0.2.109 54070 -> 190.200.221.34 1330 PA_SA 0 0 8 1055 flow=From-Botnet-V1-TCP-Established 1970/01/14 19:18:23.166623 0.201068 tcp 10.0.2.109 54070 -> 190.200.221.34 1330 A_PA 0 0 2 340 flow=From-Botnet-V1-TCP-Established 1970/01/14 19:18:38.049408 0.071416 tcp 10.0.2.109 54070 -> 190.200.221.34 1330 FA_F* 0 0 5 275 flow=From-Botnet-V1-TCP-Established 1970/01/14 19:19:29.303530 0.053541 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:29.357534 0.046304 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:29.404255 0.049395 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:29.454231 0.099565 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:29.554221 0.072021 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:29.626664 0.140657 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:29.767733 0.052012 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:29.820092 0.155026 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:29.975536 0.056340 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:30.032250 0.138857 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:30.171507 0.168957 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:30.340882 0.159817 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:30.501103 0.059376 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:30.560881 0.144106 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:30.705388 0.134797 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:30.840538 0.135806 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:30.976697 0.052560 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:31.029670 0.202616 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:31.232708 0.184534 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:31.417673 0.146849 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:31.564884 0.175552 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:31.740851 0.136982 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:31.878431 0.164032 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:32.042900 0.172457 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:32.215786 0.154222 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:32.370515 0.139436 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:32.510396 0.076379 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:32.587172 0.278361 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:32.865953 0.299274 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:33.165672 0.339187 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:19:34.229679 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 19:23:34.738986 3.001138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 19:23:41.745929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:23:49.747698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:24:05.750633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:24:37.756147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:30:41.762250 3.001702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 19:30:48.769860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:30:56.771697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:31:12.774550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:31:44.780073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:37:48.787186 3.000964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 19:37:55.793985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:38:03.795276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:38:19.797930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:38:51.804004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:44:55.810918 3.030916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 19:45:02.847576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:45:10.849477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:45:26.851940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:45:58.858245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:48:38.127969 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 19:48:38.128061 1.886511 tcp 10.0.2.109 54071 -> 190.200.221.34 1330 SPA_* 0 0 9 1154 flow=From-Botnet-V1-TCP-Established 1970/01/14 19:48:46.280632 0.030577 tcp 10.0.2.109 54071 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 19:49:46.265666 0.054285 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:46.320363 0.044455 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:46.365195 0.042263 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:46.407843 0.101634 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:46.509890 0.106668 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:46.616985 0.142016 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:46.759359 0.053406 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:46.813175 0.158212 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:46.971822 0.055486 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:47.027702 0.142011 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:47.170121 0.153982 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:47.324519 0.162531 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:47.487462 0.070683 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:47.558544 0.144075 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:47.702975 0.137955 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:47.841346 0.137281 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:47.979050 0.052930 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:48.032355 0.152663 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:48.185396 0.177621 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:48.363438 0.139309 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:48.503114 0.165409 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:48.668996 0.233620 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:48.903029 0.182171 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:49.085591 0.174921 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:49.260932 0.149451 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:49.410748 0.138008 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:49.549208 0.072358 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:49.621967 0.350439 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:49.972796 0.302009 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:50.359287 0.361152 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/14 19:49:51.232112 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 19:52:02.864649 3.001308 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 19:52:09.871970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:52:17.873506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:52:33.876049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:53:05.882182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:59:09.888291 3.001406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 19:59:16.895984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:59:24.897263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 19:59:40.900022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:00:12.906033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:06:16.912153 3.002116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 20:06:23.919671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:06:31.920930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:06:47.923980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:07:19.930044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:13:23.936796 3.021456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 20:13:30.964016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:13:38.975239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:13:54.977884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:14:26.984595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:18:46.317355 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 20:18:46.317466 0.952082 tcp 10.0.2.109 54072 -> 190.200.221.34 1330 SPA_* 0 0 9 1147 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:18:52.338468 0.206048 tcp 10.0.2.109 54072 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:20:11.690149 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 20:20:11.690302 0.057026 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:11.747814 0.045892 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:11.794071 0.048825 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 593 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:11.843337 0.100927 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:11.944704 0.076392 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:12.021511 0.172885 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:12.194825 0.059072 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:12.254329 0.186626 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:12.441381 0.055560 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:12.497317 0.140931 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:12.638641 0.153491 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:12.792515 0.158586 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:12.951617 0.059458 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:13.011436 0.146856 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:13.158709 0.135345 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:13.294482 0.137400 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:13.432314 0.052866 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:13.485571 0.130693 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:13.616615 0.166428 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:13.783488 0.202570 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:13.986601 0.150059 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:14.137022 0.178267 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:14.315702 0.189960 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:14.506063 0.179017 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:14.685477 0.156148 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:14.841988 0.136975 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:14.979365 0.079108 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:15.058907 0.286689 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:15.345962 0.297915 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:15.644289 0.326161 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:20:30.991927 3.000008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 20:20:37.997788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:20:45.998843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:21:02.002113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:21:34.008194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:27:38.014319 3.001596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 20:27:45.021648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:27:53.023051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:28:09.025784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:28:41.032356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:34:45.038226 3.001730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 20:34:52.045755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:35:00.047307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:35:16.050044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:35:48.056173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:41:52.062669 3.021129 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 20:41:59.089529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:42:07.090781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:42:23.094785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:42:55.100597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:48:52.544550 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 20:48:52.544777 1.204512 tcp 10.0.2.109 54073 -> 190.200.221.34 1330 SPA_* 0 0 9 1096 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:48:59.106221 3.001538 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 20:49:02.937382 0.127417 tcp 10.0.2.109 54073 -> 190.200.221.34 1330 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:49:06.113706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:49:14.114699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:49:30.117764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:50:02.124002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:50:29.473797 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 20:50:29.473895 0.047594 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:50:29.521900 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 20:50:47.320793 0.030806 tcp 10.0.2.109 54074 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:50:47.351895 0.030837 tcp 10.0.2.109 54075 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:50:47.383048 0.103860 tcp 10.0.2.109 54076 -> 195.113.214.211 443 SRPA* 0 0 57 36500 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:50:47.486922 0.094417 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:50:47.581779 0.049995 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:50:47.632163 0.044370 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:50:47.676951 0.143018 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:50:47.820370 0.052732 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:50:47.873460 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 20:51:05.335345 0.030021 tcp 10.0.2.109 54077 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:51:05.365649 0.030530 tcp 10.0.2.109 54078 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:51:05.396398 0.126903 tcp 10.0.2.109 54079 -> 195.113.214.211 443 SRPA* 0 0 49 28736 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:51:05.523919 0.055823 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:05.580175 0.142072 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:05.722654 0.172118 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:05.895147 0.157008 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:06.052516 0.069393 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:06.122351 0.146201 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:06.268926 0.129060 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:06.398406 0.137946 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:06.536723 0.052624 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:06.589777 0.135383 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:06.725557 0.000000 udp 10.0.2.109 3683 -> 70.113.215.93 3192 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 20:51:23.110760 0.030428 tcp 10.0.2.109 54080 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:51:23.141504 0.030927 tcp 10.0.2.109 54081 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:51:23.172771 0.124601 tcp 10.0.2.109 54082 -> 195.113.214.211 443 SRPA* 0 0 59 42616 flow=From-Botnet-V1-TCP-Established 1970/01/14 20:51:23.297651 0.206713 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:23.504726 0.146500 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:23.651605 0.172862 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:23.824831 0.189778 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:24.015057 0.172334 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:24.187785 0.156429 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:24.344628 0.137572 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:24.482554 0.093839 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:24.576798 0.359646 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:24.936844 0.278126 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:51:25.215384 0.304105 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/14 20:56:06.130783 3.001018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 20:56:13.137621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:56:21.138792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:56:37.141784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 20:57:09.147741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:03:13.153752 3.001994 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 21:03:20.161322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:03:28.163098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:03:44.165807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:04:16.171942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:10:20.178640 3.001284 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 21:10:27.185393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:10:35.186930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:10:51.190120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:11:23.195919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:17:27.202509 3.031158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 21:17:34.239222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:17:42.241179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:17:58.244004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:18:30.250195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:19:03.067857 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 21:19:03.067948 1.477382 tcp 10.0.2.109 54083 -> 190.200.221.34 1330 SPA_* 0 0 9 1057 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:19:13.998229 0.204804 tcp 10.0.2.109 54083 -> 190.200.221.34 1330 A_PA 0 0 2 340 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:19:19.272736 0.062882 tcp 10.0.2.109 54083 -> 190.200.221.34 1330 FA_F* 0 0 5 275 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:21:35.887216 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 21:21:35.887413 0.088983 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:21:35.976836 0.198044 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:21:36.175301 0.000000 udp 10.0.2.109 3683 -> 70.113.215.93 3192 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 21:21:51.651786 0.031342 tcp 10.0.2.109 54084 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:21:51.683447 0.051501 tcp 10.0.2.109 54085 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:21:51.735291 0.127527 tcp 10.0.2.109 54086 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:21:51.863327 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 21:22:08.474441 0.030402 tcp 10.0.2.109 54087 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:22:08.505121 0.052900 tcp 10.0.2.109 54088 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:22:08.558403 0.129247 tcp 10.0.2.109 54089 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:22:08.687863 0.183136 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:08.871336 0.052735 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:08.924434 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 21:22:25.178300 0.031637 tcp 10.0.2.109 54090 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:22:25.209789 0.031759 tcp 10.0.2.109 54091 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:22:25.241812 0.145636 tcp 10.0.2.109 54092 -> 195.113.214.211 443 SRPA* 0 0 46 40404 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:22:25.388204 0.079293 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:25.467904 0.042109 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:25.510442 0.160497 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 203 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:25.671362 0.157895 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:25.829668 0.140892 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:25.970957 0.058827 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:26.030234 0.135042 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:26.165671 0.136253 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:26.302336 0.053884 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:26.356598 0.136951 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:26.493951 0.143653 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:26.638022 0.059527 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:26.697984 0.179987 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:26.878406 0.195033 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:27.073816 0.223013 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:27.297233 0.188255 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:27.485884 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 21:22:44.906637 0.052397 tcp 10.0.2.109 54093 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:22:44.959331 0.052471 tcp 10.0.2.109 54094 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:22:45.012097 0.143131 tcp 10.0.2.109 54095 -> 195.113.214.211 443 SRPA* 0 0 46 40402 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:22:45.155826 0.153142 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:45.309322 0.136482 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:45.446251 0.070902 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:45.517571 0.343925 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:45.861935 0.303010 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:22:46.165364 0.342778 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:24:34.256430 3.001295 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 21:24:41.263499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:24:49.265194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:25:05.267721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:25:37.273847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:31:41.279555 3.001824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 21:31:48.287416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:31:56.288949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:32:12.292151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:32:44.298294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:38:48.304543 3.030957 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 21:38:55.341581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:39:03.343150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:39:19.345871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:39:51.352144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:45:55.357391 3.012355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 21:46:02.375526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:46:10.376597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:46:26.379720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:46:58.385726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:49:19.339074 0.000190 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 21:49:19.339374 1.117678 tcp 10.0.2.109 54096 -> 190.200.221.34 1330 SPA_* 0 0 9 999 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:49:27.788132 0.038952 tcp 10.0.2.109 54096 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:53:02.392661 3.001094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 21:53:09.398975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:53:10.080458 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 21:53:10.080558 0.042259 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:10.123235 0.054248 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:10.177863 0.174585 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:10.352793 0.116665 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:10.469830 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 21:53:17.400657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:53:28.448723 0.054334 tcp 10.0.2.109 54097 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:53:28.503344 0.031006 tcp 10.0.2.109 54098 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:53:28.534641 0.124445 tcp 10.0.2.109 54099 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/14 21:53:28.659681 0.142429 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:28.802499 0.056137 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:28.859020 0.156988 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.016344 0.042356 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.059071 0.073912 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.133330 0.055527 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.189233 0.132256 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.321876 0.150091 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.472390 0.054214 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.526989 0.124394 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.651757 0.134938 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.787023 0.066835 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:29.854243 0.164568 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:30.019222 0.125318 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:30.144976 0.122998 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:30.268330 0.173987 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:30.442722 0.350740 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:30.793914 0.145152 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:30.939447 0.147476 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:31.087304 0.132666 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:31.220367 0.086256 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:31.307002 0.342937 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:31.650471 0.264298 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:31.915114 0.304981 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/14 21:53:33.403826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 21:54:05.409790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:00:09.416741 3.000975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 22:00:16.423376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:00:26.016874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:00:42.019880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:01:14.025977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:07:18.032220 3.001280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 22:07:25.039885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:07:33.041113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:07:49.043716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:08:21.050147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:14:25.055528 3.002134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 22:14:32.063294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:14:40.064972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:14:56.067890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:15:28.074498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:19:28.610734 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 22:19:28.610971 1.211226 tcp 10.0.2.109 54100 -> 190.200.221.34 1330 SPA_* 0 0 9 1152 flow=From-Botnet-V1-TCP-Established 1970/01/14 22:19:35.183898 0.321730 tcp 10.0.2.109 54100 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 22:21:32.080626 3.021333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 22:21:39.107630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:21:47.108748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:22:03.111819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:22:35.118002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:23:36.606737 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 22:23:36.606827 0.166088 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:36.773329 0.048381 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:36.822239 0.173447 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:36.996100 0.099427 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.095943 0.049106 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.145423 0.151101 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.296972 0.042038 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.339384 0.143397 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.483198 0.056388 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.539956 0.070363 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.610721 0.058417 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.669523 0.137133 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.807038 0.145386 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:37.952797 0.052632 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:38.005869 0.121243 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:38.127526 0.137212 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:38.265150 0.061492 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:38.327051 0.164422 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:38.491908 0.177739 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:38.670009 0.346533 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:39.016938 0.146388 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:39.163714 0.171056 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:39.335202 0.132603 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:39.468206 0.148087 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:39.616738 0.129126 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:39.746328 0.072383 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:39.819142 0.344788 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:40.164359 0.396679 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:23:40.561437 0.298550 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:28:39.124935 3.000832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 22:28:46.131599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:28:54.132979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:29:10.135823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:29:42.141677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:35:46.148952 3.000530 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 22:35:53.155320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:36:01.157182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:36:17.160029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:36:49.166156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:42:53.172181 3.001530 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 22:43:00.179496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:43:08.180681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:43:24.183827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:43:56.190271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:49:35.508238 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 22:49:35.508334 1.307876 tcp 10.0.2.109 54101 -> 190.200.221.34 1330 SPA_* 0 0 9 1018 flow=From-Botnet-V1-TCP-Established 1970/01/14 22:49:41.229174 0.037561 tcp 10.0.2.109 54101 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 22:50:00.196537 3.001104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 22:50:07.203287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:50:15.204768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:50:31.207892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:51:03.214079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:54:09.021391 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 22:54:09.021664 0.153770 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:09.175874 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 22:54:28.009966 0.067547 tcp 10.0.2.109 54102 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/14 22:54:28.077772 0.053931 tcp 10.0.2.109 54103 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/14 22:54:28.131963 0.140643 tcp 10.0.2.109 54104 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/14 22:54:28.273071 0.180657 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:28.454152 0.107384 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:28.561863 0.040843 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:28.603076 0.166905 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:28.770563 0.044704 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:28.815594 0.140607 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:28.956594 0.053741 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.010722 0.087163 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.098312 0.056450 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.155125 0.134451 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.289976 0.144565 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.434921 0.053329 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.488621 0.128466 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.617471 0.139788 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.757648 0.072557 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.830590 0.162807 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:29.993783 0.182201 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:30.176383 0.195086 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:30.372053 0.140027 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:30.512563 0.136530 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:30.649489 0.134182 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:30.784075 0.146729 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:30.931240 0.132866 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:31.064454 0.081484 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:31.146493 0.330066 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:54:31.476917 0.000000 udp 10.0.2.109 3683 -> 75.92.139.157 4824 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 22:54:40.202055 0.000000 udp 10.0.2.109 3683 <- 75.92.139.157 4824 RSP 0 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 22:54:40.202450 0.299262 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/14 22:57:07.219484 3.001962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 22:57:14.227713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:57:22.228469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:57:38.231567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 22:58:10.237783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:04:14.243902 3.001480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 23:04:21.250982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:04:29.252971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:04:45.255911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:05:17.261830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:11:21.267758 3.001527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 23:11:28.275591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:11:36.276751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:11:52.280035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:12:24.286231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:18:28.292233 3.021221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 23:18:35.319250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:18:43.320850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:18:59.323883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:19:31.329921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:19:41.274565 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 23:19:41.274659 4.168497 tcp 10.0.2.109 54105 -> 190.200.221.34 1330 SPA_* 0 0 10 1113 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:20:10.061829 0.018092 tcp 10.0.2.109 54105 -> 190.200.221.34 1330 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:24:53.533612 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 23:24:53.533711 0.050121 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:24:53.584270 0.160604 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:24:53.745227 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 23:25:12.171614 0.054006 tcp 10.0.2.109 54106 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:25:12.225890 0.053020 tcp 10.0.2.109 54107 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:25:12.279210 0.148026 tcp 10.0.2.109 54108 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:25:12.427814 0.211794 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:12.640042 0.041196 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:12.681616 0.174234 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:12.856251 0.098749 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:12.955407 0.133704 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.089486 0.051224 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.141113 0.108382 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.249898 0.058457 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.308751 0.139227 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.448317 0.144696 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.593384 0.051391 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.645166 0.123791 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.769399 0.133913 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.903662 0.071737 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:13.975796 0.188131 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:14.164338 0.144766 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:14.309483 0.130876 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:14.440760 0.124858 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:14.566049 0.166023 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:14.732454 0.187435 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:14.920254 0.146094 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:15.066757 0.128525 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:15.195762 0.074605 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:15.270765 0.364689 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:15.635872 0.263163 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:15.899482 0.305990 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:25:35.335999 3.001307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/14 23:25:42.343582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:25:50.344590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:26:06.347604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:26:38.354079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:32:42.359400 3.002381 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 23:32:49.367047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:32:57.369020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:33:13.371971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:33:45.377787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:39:49.383755 3.031964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 23:39:56.421174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:40:04.422947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:40:20.425345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:40:52.431563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:46:56.438530 3.000985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 23:47:03.444793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:47:11.446468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:47:27.449528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:47:59.456072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:50:10.083934 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 23:50:10.084115 0.977879 tcp 10.0.2.109 54109 -> 190.200.221.34 1330 SPA_* 0 0 9 1074 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:50:15.882835 0.157538 tcp 10.0.2.109 54109 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:54:03.461859 3.001970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/14 23:54:10.469337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:54:18.470686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:54:34.473665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:55:06.479611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/14 23:55:28.601996 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/14 23:55:28.602234 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/14 23:55:47.140342 0.054483 tcp 10.0.2.109 54110 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:55:47.195115 0.052876 tcp 10.0.2.109 54111 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:55:47.248270 0.149602 tcp 10.0.2.109 54112 -> 195.113.214.211 443 SRPA* 0 0 51 32500 flow=From-Botnet-V1-TCP-Established 1970/01/14 23:55:47.398571 0.052528 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:47.451505 0.154746 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:47.606678 0.151980 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:47.759067 0.044113 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:47.803545 0.172764 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:47.976747 0.100566 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:48.077706 0.135117 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:48.213208 0.043953 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:48.257547 0.074294 udp 10.0.2.109 3683 <-> 2.85.7.32 2179 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:48.332298 0.061994 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:48.394704 0.138512 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:48.533640 0.155482 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:48.689559 0.054018 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:48.743985 0.121218 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:48.865616 0.194193 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:49.060228 0.139557 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:49.200192 0.153398 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:49.354003 0.123842 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:49.478183 0.164056 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:49.642625 0.136366 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:49.779403 1.759125 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:51.538885 0.187418 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:51.726702 0.148056 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:51.875167 0.129952 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:52.005497 0.121756 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:52.127647 0.376413 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:52.504457 0.307852 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/14 23:55:52.812730 0.312355 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:01:10.485644 3.001755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 00:01:17.493544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:01:25.494934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:01:41.497668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:02:13.503669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:08:17.510041 3.001437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 00:08:24.517092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:08:32.518398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:08:48.521524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:09:20.527759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:15:24.533307 3.012210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 00:15:31.551097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:15:39.552595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:15:55.555988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:16:27.561584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:20:16.040691 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 00:20:16.040933 0.921399 tcp 10.0.2.109 54113 -> 190.200.221.34 1330 SPA_* 0 0 9 1086 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:20:22.393899 0.098318 tcp 10.0.2.109 54113 -> 190.200.221.34 1330 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:22:31.567951 3.001164 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 00:22:38.575098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:22:46.576375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:23:02.579698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:23:34.585363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:26:00.690439 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 00:26:00.690575 0.154781 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:00.845803 0.042557 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:00.888725 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 00:26:18.583479 0.052841 tcp 10.0.2.109 54114 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:26:18.636648 0.052121 tcp 10.0.2.109 54115 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:26:18.689043 0.146597 tcp 10.0.2.109 54116 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:26:18.836129 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 00:26:37.478837 0.053800 tcp 10.0.2.109 54117 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:26:37.532928 0.053925 tcp 10.0.2.109 54118 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:26:37.587079 0.148722 tcp 10.0.2.109 54119 -> 195.113.214.211 443 SRPA* 0 0 52 37566 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:26:37.736635 0.169267 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:37.906362 0.104648 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:38.011435 0.136816 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:38.148653 0.050840 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:38.200187 0.000000 udp 10.0.2.109 3683 -> 2.85.7.32 2179 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 00:26:56.696665 0.052246 tcp 10.0.2.109 54120 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:26:56.749210 0.053759 tcp 10.0.2.109 54121 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:26:56.803257 0.215792 tcp 10.0.2.109 54122 -> 195.113.214.211 443 SRPA* 0 0 48 40836 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:26:57.019668 0.055514 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:57.075550 0.138230 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:57.214231 0.156436 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:57.371003 0.052148 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:57.423593 0.119426 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:57.543425 0.193718 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:57.737537 0.138934 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:57.876916 0.133203 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:58.010465 0.122647 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:58.133474 0.166040 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:58.299899 0.145298 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:58.445603 0.067577 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:58.513606 0.180833 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:58.694800 0.075187 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:58.770537 0.357764 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:59.128686 0.263373 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:59.392487 0.149145 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:59.542001 0.130910 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:26:59.673326 0.390768 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:29:38.591388 3.001984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 00:29:45.599228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:29:53.600108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:30:09.603733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:30:41.609633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:36:45.615414 3.002012 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 00:36:52.622817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:37:00.624163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:37:16.627864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:37:48.633677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:43:52.640301 3.000853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 00:43:59.647275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:44:07.648214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:44:23.651267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:44:55.657783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:50:22.497500 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 00:50:22.497618 2.055954 tcp 10.0.2.109 54123 -> 190.200.221.34 1330 FSPA* 0 0 13 1436 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:24.247591 0.053173 tcp 10.0.2.109 54124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:24.301107 0.052504 tcp 10.0.2.109 54125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:24.353846 0.148859 tcp 10.0.2.109 54126 -> 195.113.214.211 443 SRPA* 0 0 35 19388 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:24.553832 2.990989 tcp 10.0.2.109 54127 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:50:33.553312 0.000000 tcp 10.0.2.109 54127 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:50:39.552275 0.056582 tcp 10.0.2.109 54128 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:39.609151 0.053821 tcp 10.0.2.109 54129 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:39.663217 0.142665 tcp 10.0.2.109 54130 -> 195.113.214.211 443 SRPA* 0 0 44 37132 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:39.817806 0.417275 tcp 10.0.2.109 54131 -> 82.211.180.109 8663 FSPA* 0 0 13 1436 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:39.946826 0.056807 tcp 10.0.2.109 54132 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:40.003418 0.054771 tcp 10.0.2.109 54133 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:40.058463 0.148248 tcp 10.0.2.109 54134 -> 195.113.214.211 443 SRPA* 0 0 39 31852 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:40.235232 3.001664 tcp 10.0.2.109 54135 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:50:49.235977 0.000000 tcp 10.0.2.109 54135 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:50:55.234693 0.052643 tcp 10.0.2.109 54136 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:55.287634 0.052886 tcp 10.0.2.109 54137 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:55.340875 0.157768 tcp 10.0.2.109 54138 -> 195.113.214.211 443 SRPA* 0 0 32 17786 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:55.510787 0.400514 tcp 10.0.2.109 54139 -> 176.73.169.112 1959 FSPA* 0 0 13 1436 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:55.631307 0.052191 tcp 10.0.2.109 54140 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:55.683342 0.053408 tcp 10.0.2.109 54141 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:55.737046 0.150231 tcp 10.0.2.109 54142 -> 195.113.214.211 443 SRPA* 0 0 51 33778 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:50:55.911537 2.998389 tcp 10.0.2.109 54143 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:50:59.663000 3.001921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 00:51:04.908341 0.000000 tcp 10.0.2.109 54143 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:51:06.670819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:51:10.907421 0.051924 tcp 10.0.2.109 54144 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:51:10.959645 0.053811 tcp 10.0.2.109 54145 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:51:11.013812 0.150445 tcp 10.0.2.109 54146 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:51:11.180767 1.050625 tcp 10.0.2.109 54147 -> 190.200.221.34 1330 FSPA* 0 0 11 1328 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:51:12.231566 3.001886 tcp 10.0.2.109 54148 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:51:14.672663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:51:21.231741 0.000000 tcp 10.0.2.109 54148 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:51:27.230682 0.060967 tcp 10.0.2.109 54149 -> 82.211.180.109 8663 SPA_* 0 0 9 1220 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:51:30.675303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:51:57.293556 0.065835 tcp 10.0.2.109 54149 -> 82.211.180.109 8663 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:51:57.293904 3.003681 tcp 10.0.2.109 54150 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:52:02.681545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:52:06.296846 0.000000 tcp 10.0.2.109 54150 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:52:12.295438 0.109017 tcp 10.0.2.109 54151 -> 176.73.169.112 1959 FSPA* 0 0 13 1436 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:52:12.404676 3.004977 tcp 10.0.2.109 54152 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:52:21.408321 0.000000 tcp 10.0.2.109 54152 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:57:27.398528 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 00:57:27.398638 3.004032 tcp 10.0.2.109 54153 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:57:29.862377 0.281265 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:57:30.144039 0.454403 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:57:30.598839 0.000000 udp 10.0.2.109 3683 -> 2.85.7.32 2179 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 00:57:36.401267 0.000000 tcp 10.0.2.109 54153 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:57:42.401967 0.621555 tcp 10.0.2.109 54154 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:43.023842 0.655889 tcp 10.0.2.109 54155 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:43.680018 1.333912 tcp 10.0.2.109 54156 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:45.399391 3.442681 tcp 10.0.2.109 54157 -> 176.73.169.112 1959 FSPA* 0 0 13 1384 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:46.126016 0.682561 tcp 10.0.2.109 54158 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:46.808878 0.658397 tcp 10.0.2.109 54159 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:47.467224 1.354758 tcp 10.0.2.109 54160 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:48.842292 4.860069 tcp 10.0.2.109 54161 -> 190.200.221.34 1330 FSPA* 0 0 13 1384 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:49.460205 0.656807 tcp 10.0.2.109 54162 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:50.117303 0.675618 tcp 10.0.2.109 54163 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:50.793222 1.402269 tcp 10.0.2.109 54164 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:50.985744 0.610761 tcp 10.0.2.109 54165 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:51.596357 0.720377 tcp 10.0.2.109 54166 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:52.196080 0.525372 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:57:52.317227 1.374256 tcp 10.0.2.109 54167 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:57:52.721868 0.258157 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:57:52.980384 0.355709 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:57:53.336473 0.440774 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:57:53.702573 2.997671 tcp 10.0.2.109 54168 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:57:53.777565 0.457716 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:57:54.235702 0.516439 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:57:54.752585 0.000000 udp 10.0.2.109 3683 -> 109.157.121.65 7375 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 00:58:02.698623 0.000000 tcp 10.0.2.109 54168 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:58:06.688205 3.000693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 00:58:08.698698 0.666718 tcp 10.0.2.109 54169 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:09.365721 0.676363 tcp 10.0.2.109 54170 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:10.042404 1.411034 tcp 10.0.2.109 54171 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:10.400481 0.635513 tcp 10.0.2.109 54172 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:11.036235 0.704844 tcp 10.0.2.109 54173 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:11.467553 3.480772 tcp 10.0.2.109 54174 -> 82.211.180.109 8663 FSPA* 0 0 13 1384 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:11.741410 1.428881 tcp 10.0.2.109 54175 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:12.219735 0.658561 tcp 10.0.2.109 54176 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:12.878614 0.679509 tcp 10.0.2.109 54177 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:13.170772 0.467171 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:13.558615 1.380061 tcp 10.0.2.109 54178 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:13.638494 0.521334 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:13.694904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:58:14.160255 0.377653 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:14.538462 0.431197 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:14.948457 3.002203 tcp 10.0.2.109 54179 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:58:14.969949 0.559291 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:15.529659 0.428945 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:15.959090 0.518262 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:16.477779 0.445579 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:16.923761 0.376318 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:17.300472 0.436180 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:17.737072 0.423517 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:18.160983 0.450618 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:18.612006 0.392174 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:19.004536 0.352942 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:19.357880 0.480600 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:19.838904 0.540441 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:20.379670 0.779197 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:21.159249 0.742583 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/15 00:58:21.696645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:58:23.949773 0.000000 tcp 10.0.2.109 54179 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:58:29.948013 0.473107 tcp 10.0.2.109 54180 -> 176.73.169.112 1959 FSPA* 0 0 13 1384 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:58:30.421318 3.001504 tcp 10.0.2.109 54181 -> 190.200.221.34 1330 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:58:37.699255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 00:58:39.421618 0.000000 tcp 10.0.2.109 54181 -> 190.200.221.34 1330 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:58:45.420219 2.994664 tcp 10.0.2.109 54182 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:58:54.423614 0.000000 tcp 10.0.2.109 54182 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 00:59:00.422341 0.772999 tcp 10.0.2.109 54183 -> 82.211.180.109 8663 FSPA* 0 0 13 1384 flow=From-Botnet-V1-TCP-Established 1970/01/15 00:59:09.705561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:04:01.194711 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 01:04:01.194811 1.514231 tcp 10.0.2.109 54184 -> 176.73.169.112 1959 FSPA* 0 0 13 1352 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:01.560497 0.296983 tcp 10.0.2.109 54185 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:01.857758 0.255735 tcp 10.0.2.109 54186 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:02.113800 0.549318 tcp 10.0.2.109 54187 -> 195.113.214.211 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:02.709287 1.815423 tcp 10.0.2.109 54188 -> 190.200.221.34 1330 FSPA* 0 0 13 1352 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:03.273214 0.301080 tcp 10.0.2.109 54189 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:03.574663 0.291603 tcp 10.0.2.109 54190 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:03.866517 0.646819 tcp 10.0.2.109 54191 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:04.524868 3.008482 tcp 10.0.2.109 54192 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:04:13.531833 0.000000 tcp 10.0.2.109 54192 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:04:19.521627 0.212171 tcp 10.0.2.109 54193 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:19.734211 0.275636 tcp 10.0.2.109 54194 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:20.010265 0.525590 tcp 10.0.2.109 54195 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:20.547265 1.471857 tcp 10.0.2.109 54196 -> 82.211.180.109 8663 FSPA* 0 0 13 1352 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:20.897568 0.255108 tcp 10.0.2.109 54197 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:21.152915 0.258903 tcp 10.0.2.109 54198 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:21.411680 0.583920 tcp 10.0.2.109 54199 -> 195.113.214.211 443 SRPA* 0 0 28 13202 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:22.019359 0.307425 tcp 10.0.2.109 54200 -> 176.73.169.112 1959 FSPA* 0 0 13 1352 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:22.326937 0.498822 tcp 10.0.2.109 54201 -> 190.200.221.34 1330 FSPA* 0 0 13 1352 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:04:22.825965 3.003555 tcp 10.0.2.109 54202 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:04:31.828757 0.000000 tcp 10.0.2.109 54202 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:04:37.827329 0.672479 tcp 10.0.2.109 54203 -> 82.211.180.109 8663 FSPA* 0 0 13 1352 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:05:13.711679 3.001696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 01:05:20.719089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:05:28.719942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:05:44.723180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:06:16.729690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:09:38.499972 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 01:09:38.500062 3.855101 tcp 10.0.2.109 54204 -> 190.200.221.34 1330 FSPA* 0 0 13 1215 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:09:39.492610 0.718288 tcp 10.0.2.109 54205 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:09:40.211173 0.644223 tcp 10.0.2.109 54206 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:09:40.855698 1.346284 tcp 10.0.2.109 54207 -> 195.113.214.211 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:09:42.355382 1.033527 tcp 10.0.2.109 54208 -> 190.200.221.34 1330 FSPA* 0 0 13 1215 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:12:20.735754 3.001377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 01:12:27.742788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:12:35.744184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:12:51.747379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:13:23.752996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:19:27.759658 3.001289 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 01:19:34.766975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:19:42.768367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:19:58.771340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:20:30.777083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:26:34.783841 3.001096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 01:26:41.790798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:26:49.792306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:27:05.795526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:27:37.800921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:28:46.520375 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 01:28:46.520475 0.671011 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:47.191891 0.643084 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:47.835364 0.720827 rtp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:48.552312 0.755068 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:49.304590 0.778855 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:50.075608 0.615841 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:50.675902 0.581950 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:51.258411 0.665342 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:51.924259 0.775931 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:52.700552 0.741348 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:53.442481 0.659018 rtp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:54.142807 0.554262 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:54.697492 0.638840 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:55.332088 0.776057 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 3 772 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:56.106704 0.746093 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 3 786 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:56.848238 0.698234 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:57.546884 0.830926 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:58.358413 0.750649 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:58.477921 1.226768 tcp 10.0.2.109 54209 -> 176.73.169.112 1959 SPA_* 0 0 11 1305 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:28:59.098312 0.728695 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:28:59.706576 1.210028 tcp 10.0.2.109 54210 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:28:59.819316 0.674386 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:29:00.494053 0.717532 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:29:00.916919 1.146667 tcp 10.0.2.109 54211 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:01.211994 0.566254 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:29:01.778640 0.608286 rtp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:29:02.063895 2.622799 tcp 10.0.2.109 54212 -> 195.113.214.211 443 SRPA* 0 0 21 13034 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:02.363573 0.709270 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:29:03.073231 0.878170 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:29:03.951796 0.910722 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:29:04.775046 0.000047 tcp 10.0.2.109 54209 -> 176.73.169.112 1959 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:04.775397 3.005481 tcp 10.0.2.109 54213 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:29:04.862899 1.064460 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:29:13.779436 0.000000 tcp 10.0.2.109 54213 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:29:19.768531 1.193247 tcp 10.0.2.109 54214 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:20.962135 1.249966 tcp 10.0.2.109 54215 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:22.212396 2.595648 tcp 10.0.2.109 54216 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:24.886478 4.793179 tcp 10.0.2.109 54217 -> 31.192.53.209 9615 FSPA* 0 0 13 1413 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:25.778638 0.963124 tcp 10.0.2.109 54218 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:26.742216 1.097983 tcp 10.0.2.109 54219 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:27.840064 1.707408 tcp 10.0.2.109 54220 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:29.679897 2.996483 tcp 10.0.2.109 54221 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:29:38.675006 0.000000 tcp 10.0.2.109 54221 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:29:44.674607 1.230923 tcp 10.0.2.109 54222 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:45.905812 1.299307 tcp 10.0.2.109 54223 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:47.204931 2.674350 tcp 10.0.2.109 54224 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:49.995336 1.417678 tcp 10.0.2.109 54225 -> 82.211.180.109 8663 SPA_* 0 0 11 1305 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:51.413690 0.902454 tcp 10.0.2.109 54226 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:52.316405 0.956193 tcp 10.0.2.109 54227 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:53.272883 2.012410 tcp 10.0.2.109 54228 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:55.680871 0.000105 tcp 10.0.2.109 54225 -> 82.211.180.109 8663 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:29:55.681224 3.002233 tcp 10.0.2.109 54229 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:30:04.692237 0.000000 tcp 10.0.2.109 54229 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:30:10.682305 1.190871 tcp 10.0.2.109 54230 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:30:11.873409 1.354008 tcp 10.0.2.109 54231 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:30:13.227732 1.972699 tcp 10.0.2.109 54232 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:30:15.216848 0.579261 tcp 10.0.2.109 54233 -> 176.73.169.112 1959 SPA_* 0 0 9 1197 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:30:45.791526 0.614606 tcp 10.0.2.109 54233 -> 176.73.169.112 1959 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:30:45.791792 2.993853 tcp 10.0.2.109 54234 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:30:54.784316 0.000000 tcp 10.0.2.109 54234 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:31:00.793295 1.403120 tcp 10.0.2.109 54235 -> 31.192.53.209 9615 FSPA* 0 0 13 1413 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:31:02.196559 3.003031 tcp 10.0.2.109 54236 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:31:11.197656 0.000000 tcp 10.0.2.109 54236 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:31:17.196483 1.328176 tcp 10.0.2.109 54237 -> 82.211.180.109 8663 FSPA* 0 0 13 1413 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:31:18.524880 3.007801 tcp 10.0.2.109 54238 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:31:27.531558 0.000000 tcp 10.0.2.109 54238 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:33:41.807440 3.001702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 01:33:48.814743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:33:56.816465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:34:12.818888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:34:44.824986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:36:33.522594 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 01:36:33.522814 2.742064 tcp 10.0.2.109 54239 -> 176.73.169.112 1959 FSPA* 0 0 13 1354 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:34.179631 0.684047 tcp 10.0.2.109 54240 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:34.864000 0.647602 tcp 10.0.2.109 54241 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:35.511894 0.738413 tcp 10.0.2.109 54242 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:36.265146 3.004344 tcp 10.0.2.109 54243 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:36:45.268113 0.000000 tcp 10.0.2.109 54243 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:36:51.267370 0.578422 tcp 10.0.2.109 54244 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:51.846229 0.198632 tcp 10.0.2.109 54245 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:52.045153 0.889052 tcp 10.0.2.109 54246 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:52.952323 2.563465 tcp 10.0.2.109 54247 -> 31.192.53.209 9615 FSPA* 0 0 13 1354 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:53.540270 0.483250 tcp 10.0.2.109 54248 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:54.023830 0.480326 tcp 10.0.2.109 54249 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:54.504560 1.000392 tcp 10.0.2.109 54250 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:36:55.516015 3.001668 tcp 10.0.2.109 54251 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:37:04.515679 0.000000 tcp 10.0.2.109 54251 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:37:10.514961 0.159612 tcp 10.0.2.109 54252 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:10.675254 0.397730 tcp 10.0.2.109 54253 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:11.073231 0.965352 tcp 10.0.2.109 54254 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:12.105870 3.005274 tcp 10.0.2.109 54255 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:37:21.109801 0.000000 tcp 10.0.2.109 54255 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:37:27.099368 0.348351 tcp 10.0.2.109 54256 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:27.448010 0.383822 tcp 10.0.2.109 54257 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:27.832130 0.837738 tcp 10.0.2.109 54258 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:28.751559 2.035455 tcp 10.0.2.109 54259 -> 82.211.180.109 8663 FSPA* 0 0 13 1354 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:29.165414 0.403773 tcp 10.0.2.109 54260 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:29.569492 0.367281 tcp 10.0.2.109 54261 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:29.937074 0.833285 tcp 10.0.2.109 54262 -> 195.113.214.211 443 SRPA* 0 0 23 13790 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:30.787224 3.000624 tcp 10.0.2.109 54263 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:37:39.786437 0.000000 tcp 10.0.2.109 54263 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:37:45.786012 0.449916 tcp 10.0.2.109 54264 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:46.236253 0.508780 tcp 10.0.2.109 54265 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:46.745368 1.246522 tcp 10.0.2.109 54266 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:48.045987 0.665881 tcp 10.0.2.109 54267 -> 176.73.169.112 1959 FSPA* 0 0 13 1354 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:37:48.712075 3.002156 tcp 10.0.2.109 54268 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:37:57.722444 0.000000 tcp 10.0.2.109 54268 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:38:03.710932 0.450635 tcp 10.0.2.109 54269 -> 31.192.53.209 9615 FSPA* 0 0 13 1354 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:38:04.161792 2.994539 tcp 10.0.2.109 54270 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:38:13.154518 0.000000 tcp 10.0.2.109 54270 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:38:19.163672 2.994056 tcp 10.0.2.109 54271 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:38:28.155886 0.000000 tcp 10.0.2.109 54271 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:38:34.165259 0.781032 tcp 10.0.2.109 54272 -> 82.211.180.109 8663 FSPA* 0 0 13 1354 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:38:34.946471 3.003763 tcp 10.0.2.109 54273 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:38:43.949219 0.000000 tcp 10.0.2.109 54273 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:40:48.831473 3.001458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 01:40:55.838774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:41:03.839770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:41:19.843452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:41:51.849533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:43:49.949714 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 01:43:49.949809 3.103708 tcp 10.0.2.109 54274 -> 176.73.169.112 1959 FSPA* 0 0 13 1315 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:43:50.617810 0.541292 tcp 10.0.2.109 54275 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:43:51.159399 0.568363 tcp 10.0.2.109 54276 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:43:51.728115 1.307071 tcp 10.0.2.109 54277 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:43:53.053725 3.003974 tcp 10.0.2.109 54278 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:44:02.056290 0.000000 tcp 10.0.2.109 54278 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:44:08.055648 0.235210 tcp 10.0.2.109 54279 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:08.291153 0.250084 tcp 10.0.2.109 54280 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:08.541550 0.606561 tcp 10.0.2.109 54281 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:09.283483 1.663315 tcp 10.0.2.109 54282 -> 31.192.53.209 9615 FSPA* 0 0 13 1315 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:09.696745 0.314274 tcp 10.0.2.109 54283 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:10.011300 0.306617 tcp 10.0.2.109 54284 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:10.318344 0.608733 tcp 10.0.2.109 54285 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:10.946989 3.006243 tcp 10.0.2.109 54286 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:44:19.952277 0.000000 tcp 10.0.2.109 54286 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:44:25.941747 0.580918 tcp 10.0.2.109 54287 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:26.522975 0.661645 tcp 10.0.2.109 54288 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:27.184855 1.372166 tcp 10.0.2.109 54289 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:28.585282 3.003277 tcp 10.0.2.109 54290 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:44:37.587565 0.000000 tcp 10.0.2.109 54290 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:44:43.586612 0.640425 tcp 10.0.2.109 54291 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:44.227318 0.683329 tcp 10.0.2.109 54292 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:44.910884 0.745852 tcp 10.0.2.109 54293 -> 195.113.214.211 443 SRPA* 0 0 23 13298 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:45.681277 3.131222 tcp 10.0.2.109 54294 -> 82.211.180.109 8663 FSPA* 0 0 13 1315 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:46.328941 0.609337 tcp 10.0.2.109 54295 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:46.938640 0.601406 tcp 10.0.2.109 54296 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:47.539884 1.240645 tcp 10.0.2.109 54297 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:44:48.812728 2.995013 tcp 10.0.2.109 54298 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:44:57.806503 0.000000 tcp 10.0.2.109 54298 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:45:03.805667 0.603492 tcp 10.0.2.109 54299 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:45:04.409402 0.641618 tcp 10.0.2.109 54300 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:45:05.051299 1.336510 tcp 10.0.2.109 54301 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:45:06.405757 0.731912 tcp 10.0.2.109 54302 -> 176.73.169.112 1959 FSPA* 0 0 13 1315 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:45:07.137839 2.996407 tcp 10.0.2.109 54303 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:45:16.142712 0.000000 tcp 10.0.2.109 54303 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:45:22.131820 0.692495 tcp 10.0.2.109 54304 -> 31.192.53.209 9615 FSPA* 0 0 13 1315 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:45:22.824504 3.001906 tcp 10.0.2.109 54305 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:45:31.825656 0.000000 tcp 10.0.2.109 54305 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:45:37.824343 3.004244 tcp 10.0.2.109 54306 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:45:46.827264 0.000000 tcp 10.0.2.109 54306 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:45:52.825796 0.713348 tcp 10.0.2.109 54307 -> 82.211.180.109 8663 FSPA* 0 0 11 1207 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:45:53.539408 3.001172 tcp 10.0.2.109 54308 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:46:02.539311 0.000000 tcp 10.0.2.109 54308 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:47:55.855266 3.001654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 01:48:02.862626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:48:10.864350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:48:26.867306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:48:58.873796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:51:08.540733 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 01:51:08.540838 3.300685 tcp 10.0.2.109 54309 -> 176.73.169.112 1959 FSPA* 0 0 13 1280 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:09.221310 0.628964 tcp 10.0.2.109 54310 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:09.850545 0.648953 tcp 10.0.2.109 54311 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:10.499768 1.332289 tcp 10.0.2.109 54312 -> 195.113.214.211 443 SRPA* 0 0 23 13790 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:11.841701 2.997265 tcp 10.0.2.109 54313 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:51:20.836830 0.000000 tcp 10.0.2.109 54313 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:51:26.836647 0.486633 tcp 10.0.2.109 54314 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:27.323550 0.466306 tcp 10.0.2.109 54315 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:27.790172 0.940064 tcp 10.0.2.109 54316 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:28.759014 3.099890 tcp 10.0.2.109 54317 -> 31.192.53.209 9615 FSPA* 0 0 13 1280 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:29.406977 0.561492 tcp 10.0.2.109 54318 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:29.968804 0.588453 tcp 10.0.2.109 54319 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:30.557618 1.270821 tcp 10.0.2.109 54320 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:31.859122 2.998573 tcp 10.0.2.109 54321 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:51:40.856000 0.000000 tcp 10.0.2.109 54321 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:51:46.855550 0.685898 tcp 10.0.2.109 54322 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:47.541751 0.631474 tcp 10.0.2.109 54323 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:48.173524 1.392131 tcp 10.0.2.109 54324 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:51:49.578722 3.004201 tcp 10.0.2.109 54325 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:51:58.581622 0.000000 tcp 10.0.2.109 54325 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:52:04.581039 0.586126 tcp 10.0.2.109 54326 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:05.167476 0.649701 tcp 10.0.2.109 54327 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:05.817466 1.394783 tcp 10.0.2.109 54328 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:07.250789 3.437419 tcp 10.0.2.109 54329 -> 82.211.180.109 8663 FSPA* 0 0 13 1280 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:07.984707 0.672654 tcp 10.0.2.109 54330 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:08.657632 0.625315 tcp 10.0.2.109 54331 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:09.283593 1.339216 tcp 10.0.2.109 54332 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:10.688375 3.005074 tcp 10.0.2.109 54333 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:52:19.691567 0.000000 tcp 10.0.2.109 54333 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:52:25.691165 0.591492 tcp 10.0.2.109 54334 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:26.282971 0.626928 tcp 10.0.2.109 54335 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:26.910358 1.265546 tcp 10.0.2.109 54336 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:29.670207 0.617247 tcp 10.0.2.109 54337 -> 176.73.169.112 1959 FSPA* 0 0 13 1280 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:52:30.287750 3.003948 tcp 10.0.2.109 54338 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:52:39.289634 0.000000 tcp 10.0.2.109 54338 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:52:45.288991 0.261355 tcp 10.0.2.109 54339 -> 31.192.53.209 9615 SPA_* 0 0 9 1064 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:53:05.804733 0.000307 tcp 10.0.2.109 54339 -> 31.192.53.209 9615 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:53:05.805238 3.007580 tcp 10.0.2.109 54340 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:53:14.811006 0.000000 tcp 10.0.2.109 54340 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:53:20.799774 3.004094 tcp 10.0.2.109 54341 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:53:29.812879 0.000000 tcp 10.0.2.109 54341 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:53:35.801077 0.624943 tcp 10.0.2.109 54342 -> 82.211.180.109 8663 FSPA* 0 0 13 1280 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:53:36.426412 3.000197 tcp 10.0.2.109 54343 -> 95.104.29.18 9798 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:53:45.425224 0.000000 tcp 10.0.2.109 54343 -> 95.104.29.18 9798 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:55:02.879670 3.001924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 01:55:09.886546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:55:17.888261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:55:33.891385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:56:05.896731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 01:58:51.425545 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 01:58:51.425645 3.003893 tcp 10.0.2.109 54344 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:59:00.427717 0.000000 tcp 10.0.2.109 54344 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:59:06.428383 0.241679 tcp 10.0.2.109 54345 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:59:06.670358 0.270008 tcp 10.0.2.109 54346 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:59:06.940617 0.605178 tcp 10.0.2.109 54347 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:59:07.558115 2.994608 tcp 10.0.2.109 54348 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:59:11.884485 0.116998 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:11.981023 0.134975 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:12.081717 0.241095 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:12.319503 0.228977 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:12.544689 0.252861 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:12.790414 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 01:59:16.551284 0.000000 tcp 10.0.2.109 54348 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 01:59:28.769531 0.138493 tcp 10.0.2.109 54349 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:59:28.908321 0.098953 tcp 10.0.2.109 54350 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:59:29.007623 0.309329 tcp 10.0.2.109 54351 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/15 01:59:29.317463 0.084568 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:29.402440 0.153470 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:29.556309 0.183954 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:29.740610 0.214140 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 1925 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:29.929999 0.219965 rtp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:30.167821 0.108369 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:30.277544 0.175012 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:30.448209 0.254116 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:30.702730 0.199845 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:30.902960 0.211958 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:31.125116 0.229698 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:31.330900 0.233992 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:31.565254 0.269773 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:31.835402 0.438390 rtcp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:32.254104 0.253873 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:32.504076 0.243653 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:32.724017 0.189156 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:32.891033 0.232036 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:33.123515 0.428073 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:33.578222 0.521369 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/15 01:59:34.029921 0.510215 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 3 826 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:02:09.902645 3.001743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 02:02:16.910553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:02:24.911662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:02:40.915520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:03:12.920892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:04:22.551119 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 02:04:22.551219 2.849033 tcp 10.0.2.109 54352 -> 176.73.169.112 1959 FSPA* 0 0 13 1302 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:04:23.257015 0.600864 tcp 10.0.2.109 54353 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:04:23.858181 0.510318 tcp 10.0.2.109 54354 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:04:24.368816 1.021141 tcp 10.0.2.109 54355 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:04:25.400460 2.998889 tcp 10.0.2.109 54356 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:04:34.397897 0.000000 tcp 10.0.2.109 54356 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:04:40.397707 0.647463 tcp 10.0.2.109 54357 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:04:41.044962 0.651095 tcp 10.0.2.109 54358 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:04:41.696349 1.228891 tcp 10.0.2.109 54359 -> 195.113.214.211 443 SRPA* 0 0 23 13790 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:04:42.966391 2.998591 tcp 10.0.2.109 54360 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:04:51.973280 0.000000 tcp 10.0.2.109 54360 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:04:57.962427 0.637370 tcp 10.0.2.109 54361 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:04:58.600104 0.670317 tcp 10.0.2.109 54362 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:04:59.270706 1.321711 tcp 10.0.2.109 54363 -> 195.113.214.211 443 SRPA* 0 0 23 13334 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:00.638437 3.001591 tcp 10.0.2.109 54364 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:05:09.638602 0.000000 tcp 10.0.2.109 54364 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:05:15.638458 0.628572 tcp 10.0.2.109 54365 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:16.267291 0.686132 tcp 10.0.2.109 54366 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:16.953721 1.145414 tcp 10.0.2.109 54367 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:18.109392 2.985676 tcp 10.0.2.109 54368 -> 46.49.110.222 8525 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:05:27.093619 0.000000 tcp 10.0.2.109 54368 -> 46.49.110.222 8525 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:05:33.103162 0.540865 tcp 10.0.2.109 54369 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:33.644417 0.508746 tcp 10.0.2.109 54370 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:34.153470 0.846016 tcp 10.0.2.109 54371 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:35.012583 2.997363 tcp 10.0.2.109 54372 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:05:44.008117 0.000000 tcp 10.0.2.109 54372 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:05:50.007480 0.639314 tcp 10.0.2.109 54373 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:50.647102 0.516009 tcp 10.0.2.109 54374 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:51.162964 1.200981 tcp 10.0.2.109 54375 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:05:52.470835 2.994109 tcp 10.0.2.109 54376 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:06:01.473117 0.000000 tcp 10.0.2.109 54376 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:06:07.472871 0.571354 tcp 10.0.2.109 54377 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:06:08.044496 0.598147 tcp 10.0.2.109 54378 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:06:08.642998 1.377598 tcp 10.0.2.109 54379 -> 195.113.214.211 443 SRPA* 0 0 23 13298 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:06:10.043202 0.621874 tcp 10.0.2.109 54380 -> 176.73.169.112 1959 FSPA* 0 0 13 1302 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:06:10.665238 3.005540 tcp 10.0.2.109 54381 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:06:19.669417 0.000000 tcp 10.0.2.109 54381 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:06:25.658650 3.003854 tcp 10.0.2.109 54382 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:06:34.661326 0.000000 tcp 10.0.2.109 54382 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:06:40.659820 2.994034 tcp 10.0.2.109 54383 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:06:49.662630 0.000000 tcp 10.0.2.109 54383 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:06:55.661483 2.993965 tcp 10.0.2.109 54384 -> 46.49.110.222 8525 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:07:00.507935 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 02:07:04.654078 0.000000 tcp 10.0.2.109 54384 -> 46.49.110.222 8525 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:07:10.663022 2.994260 tcp 10.0.2.109 54385 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:07:19.655695 0.000000 tcp 10.0.2.109 54385 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:07:25.664576 3.004430 tcp 10.0.2.109 54386 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:07:34.667456 0.000000 tcp 10.0.2.109 54386 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:09:16.927264 3.001716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 02:09:23.934315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:09:31.936122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:09:47.938974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:10:19.945199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:12:40.668069 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 02:12:40.668282 3.498906 tcp 10.0.2.109 54387 -> 176.73.169.112 1959 FSPA* 0 0 13 1284 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:12:41.381355 0.697662 tcp 10.0.2.109 54388 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:12:42.079397 0.681048 tcp 10.0.2.109 54389 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:12:42.760751 1.374072 tcp 10.0.2.109 54390 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:12:44.167386 2.999660 tcp 10.0.2.109 54391 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:12:53.165408 0.000000 tcp 10.0.2.109 54391 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:12:59.164732 0.707995 tcp 10.0.2.109 54392 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:12:59.872588 0.655462 tcp 10.0.2.109 54393 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:00.528367 1.369698 tcp 10.0.2.109 54394 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:01.911930 3.000184 tcp 10.0.2.109 54395 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:13:10.911129 0.000000 tcp 10.0.2.109 54395 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:13:16.909895 0.583616 tcp 10.0.2.109 54396 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:17.493819 0.605513 tcp 10.0.2.109 54397 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:18.099596 1.320047 tcp 10.0.2.109 54398 -> 195.113.214.211 443 SRPA* 0 0 23 13766 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:19.481501 2.996127 tcp 10.0.2.109 54399 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:13:28.476344 0.000000 tcp 10.0.2.109 54399 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:13:34.475399 0.559458 tcp 10.0.2.109 54400 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:35.035136 0.619633 tcp 10.0.2.109 54401 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:35.655060 0.743076 tcp 10.0.2.109 54402 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:36.434154 3.007434 tcp 10.0.2.109 54403 -> 46.49.110.222 8525 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:13:45.440452 0.000000 tcp 10.0.2.109 54403 -> 46.49.110.222 8525 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:13:51.430193 0.755362 tcp 10.0.2.109 54404 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:52.186245 0.652346 tcp 10.0.2.109 54405 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:52.838870 1.392739 tcp 10.0.2.109 54406 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:13:54.245300 2.992094 tcp 10.0.2.109 54407 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:14:03.236188 0.000000 tcp 10.0.2.109 54407 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:14:09.245335 0.502421 tcp 10.0.2.109 54408 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:14:09.748051 0.588368 tcp 10.0.2.109 54409 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:14:10.336706 1.484078 tcp 10.0.2.109 54410 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:14:11.884447 3.008102 tcp 10.0.2.109 54411 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:14:20.891710 0.000000 tcp 10.0.2.109 54411 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:14:26.881978 0.694930 tcp 10.0.2.109 54412 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:14:27.577201 0.649712 tcp 10.0.2.109 54413 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:14:28.227215 1.430734 tcp 10.0.2.109 54414 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:14:29.693576 0.767349 tcp 10.0.2.109 54415 -> 176.73.169.112 1959 FSPA* 0 0 13 1284 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:14:30.461137 2.998651 tcp 10.0.2.109 54416 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:14:39.457856 0.000000 tcp 10.0.2.109 54416 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:14:45.456564 3.004526 tcp 10.0.2.109 54417 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:14:54.459735 0.000000 tcp 10.0.2.109 54417 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:15:00.458309 3.004099 tcp 10.0.2.109 54418 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:15:09.461587 0.000000 tcp 10.0.2.109 54418 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:15:15.460163 2.993942 tcp 10.0.2.109 54419 -> 46.49.110.222 8525 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:15:20.006020 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 02:15:24.462733 0.000000 tcp 10.0.2.109 54419 -> 46.49.110.222 8525 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:15:30.461511 2.993875 tcp 10.0.2.109 54420 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:15:39.454416 0.000000 tcp 10.0.2.109 54420 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:15:45.463676 3.003740 tcp 10.0.2.109 54421 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:15:54.466160 0.000000 tcp 10.0.2.109 54421 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:16:23.951454 3.000995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 02:16:30.958402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:16:38.959665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:16:54.963086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:17:26.968981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:21:00.466193 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 02:21:00.466288 0.390983 tcp 10.0.2.109 54422 -> 176.73.169.112 1959 SPA_* 0 0 9 1123 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:11.210123 2.208334 tcp 10.0.2.109 54422 -> 176.73.169.112 1959 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:11.212334 0.520489 tcp 10.0.2.109 54423 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:11.733107 0.477105 tcp 10.0.2.109 54424 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:12.210573 1.182543 tcp 10.0.2.109 54425 -> 195.113.214.211 443 SRPA* 0 0 23 13790 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:13.418615 3.000491 tcp 10.0.2.109 54426 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:21:22.417300 0.000000 tcp 10.0.2.109 54426 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:21:28.416605 0.591332 tcp 10.0.2.109 54427 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:29.007794 0.514581 tcp 10.0.2.109 54428 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:29.522682 1.069138 tcp 10.0.2.109 54429 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:30.625955 3.007826 tcp 10.0.2.109 54430 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:21:39.632093 0.000000 tcp 10.0.2.109 54430 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:21:45.621507 0.707801 tcp 10.0.2.109 54431 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:46.329645 0.721649 tcp 10.0.2.109 54432 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:47.051534 1.423333 tcp 10.0.2.109 54433 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:21:48.516735 3.002524 tcp 10.0.2.109 54434 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:21:57.517669 0.000000 tcp 10.0.2.109 54434 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:22:03.517095 0.564818 tcp 10.0.2.109 54435 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:04.082238 0.550657 tcp 10.0.2.109 54436 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:04.633155 1.264321 tcp 10.0.2.109 54437 -> 195.113.214.211 443 SRPA* 0 0 28 13202 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:05.910684 3.003703 tcp 10.0.2.109 54438 -> 46.49.110.222 8525 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:22:14.923396 0.000000 tcp 10.0.2.109 54438 -> 46.49.110.222 8525 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:22:20.912640 0.745109 tcp 10.0.2.109 54439 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:21.658086 0.675520 tcp 10.0.2.109 54440 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:22.333456 1.359765 tcp 10.0.2.109 54441 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:23.765787 3.003848 tcp 10.0.2.109 54442 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:22:32.768562 0.000000 tcp 10.0.2.109 54442 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:22:38.767859 0.704989 tcp 10.0.2.109 54443 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:39.473094 0.610602 tcp 10.0.2.109 54444 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:40.084000 1.241777 tcp 10.0.2.109 54445 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:41.381666 2.993565 tcp 10.0.2.109 54446 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:22:50.383938 0.000000 tcp 10.0.2.109 54446 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:22:56.383234 0.657840 tcp 10.0.2.109 54447 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:57.041411 0.669733 tcp 10.0.2.109 54448 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:57.711479 1.352060 tcp 10.0.2.109 54449 -> 195.113.214.211 443 SRPA* 0 0 23 13298 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:59.086622 0.771144 tcp 10.0.2.109 54450 -> 176.73.169.112 1959 FSPA* 0 0 13 1339 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:22:59.857965 3.003915 tcp 10.0.2.109 54451 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:23:08.860288 0.000000 tcp 10.0.2.109 54451 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:23:14.859356 3.004170 tcp 10.0.2.109 54452 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:23:23.861720 0.000000 tcp 10.0.2.109 54452 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:23:29.860837 2.994122 tcp 10.0.2.109 54453 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:23:30.975092 3.001597 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 02:23:37.982541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:23:38.864110 0.000000 tcp 10.0.2.109 54453 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:23:44.862620 2.993929 tcp 10.0.2.109 54454 -> 46.49.110.222 8525 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:23:45.984041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:23:49.509324 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 02:23:53.855097 0.000000 tcp 10.0.2.109 54454 -> 46.49.110.222 8525 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:23:59.864009 3.003882 tcp 10.0.2.109 54455 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:24:01.987089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:24:08.867094 0.000000 tcp 10.0.2.109 54455 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:24:14.865251 3.004117 tcp 10.0.2.109 54456 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:24:23.867999 0.000000 tcp 10.0.2.109 54456 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:24:33.992836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:29:29.868753 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 02:29:29.868863 3.479467 tcp 10.0.2.109 54457 -> 176.73.169.112 1959 FSPA* 0 0 13 1377 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:29:30.601403 0.682198 tcp 10.0.2.109 54458 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:29:31.283911 0.684725 tcp 10.0.2.109 54459 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:29:31.968903 1.362563 tcp 10.0.2.109 54460 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:29:33.348217 2.989419 tcp 10.0.2.109 54461 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:29:42.336345 0.000000 tcp 10.0.2.109 54461 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:29:48.345969 0.680834 tcp 10.0.2.109 54462 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:29:49.026677 0.680459 tcp 10.0.2.109 54463 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:29:49.706958 1.435922 tcp 10.0.2.109 54464 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:29:51.199016 3.004345 tcp 10.0.2.109 54465 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:30:00.202189 0.000000 tcp 10.0.2.109 54465 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:30:03.456666 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 02:30:06.201302 0.560288 tcp 10.0.2.109 54466 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:06.761398 0.563787 tcp 10.0.2.109 54467 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:07.325422 1.117023 tcp 10.0.2.109 54468 -> 195.113.214.211 443 SRPA* 0 0 24 14054 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:08.454656 3.003107 tcp 10.0.2.109 54469 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:30:17.457107 0.000000 tcp 10.0.2.109 54469 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:30:21.583487 0.716766 tcp 10.0.2.109 54470 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:22.300078 0.665706 tcp 10.0.2.109 54471 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:22.966064 1.306103 tcp 10.0.2.109 54472 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:23.455783 0.616851 tcp 10.0.2.109 54473 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:24.072466 0.668436 tcp 10.0.2.109 54474 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:24.272790 0.396418 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:24.669567 0.495394 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:24.741228 1.371417 tcp 10.0.2.109 54475 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:25.165323 0.518645 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:25.684416 0.375937 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:26.060758 0.342192 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:26.132060 3.001174 tcp 10.0.2.109 54476 -> 46.49.110.222 8525 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:30:26.403395 0.436855 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:26.840654 0.370502 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:27.211556 0.413302 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:27.625245 0.354824 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:27.980415 0.534858 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:28.515612 0.382458 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:28.898480 0.405517 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:29.304506 0.572242 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:29.877175 0.414519 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:30.292168 0.351862 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:30.644361 0.526142 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:31.170892 0.454944 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:31.626432 0.492921 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:32.119722 0.415732 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:32.535930 0.429532 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:32.965855 0.419598 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:33.385816 0.672869 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:34.059112 0.434032 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:34.493524 0.431946 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:34.925888 0.658360 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:35.132097 0.000000 tcp 10.0.2.109 54476 -> 46.49.110.222 8525 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:30:35.584677 0.674827 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/15 02:30:37.998601 3.001972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 02:30:41.131772 0.738381 tcp 10.0.2.109 54477 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:41.870343 0.691795 tcp 10.0.2.109 54478 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:42.562469 1.415786 tcp 10.0.2.109 54479 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:43.989369 2.999969 tcp 10.0.2.109 54480 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:30:45.006589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:30:52.987727 0.000000 tcp 10.0.2.109 54480 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:30:53.007676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:30:58.987251 0.602349 tcp 10.0.2.109 54481 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:30:59.589966 0.598715 tcp 10.0.2.109 54482 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:31:00.188948 1.246591 tcp 10.0.2.109 54483 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:31:01.446305 2.987973 tcp 10.0.2.109 54484 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:31:09.011169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:31:10.442831 0.000000 tcp 10.0.2.109 54484 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:31:16.442454 0.612379 tcp 10.0.2.109 54485 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:31:17.055121 0.615986 tcp 10.0.2.109 54486 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:31:17.671397 1.236047 tcp 10.0.2.109 54487 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:31:18.925996 0.700930 tcp 10.0.2.109 54488 -> 176.73.169.112 1959 FSPA* 0 0 13 1377 flow=From-Botnet-V1-TCP-Established 1970/01/15 02:31:19.627148 3.003605 tcp 10.0.2.109 54489 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:31:28.629328 0.000000 tcp 10.0.2.109 54489 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:31:34.627938 3.004005 tcp 10.0.2.109 54490 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:31:41.016578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:31:43.630661 0.000000 tcp 10.0.2.109 54490 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:31:49.629267 3.004334 tcp 10.0.2.109 54491 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:31:58.632313 0.000000 tcp 10.0.2.109 54491 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:32:04.631049 2.994403 tcp 10.0.2.109 54492 -> 46.49.110.222 8525 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:32:09.507696 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 02:32:13.633403 0.000000 tcp 10.0.2.109 54492 -> 46.49.110.222 8525 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:32:19.632392 2.994654 tcp 10.0.2.109 54493 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:32:28.625426 0.000000 tcp 10.0.2.109 54493 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:32:34.634310 3.004005 tcp 10.0.2.109 54494 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:32:43.636928 0.000000 tcp 10.0.2.109 54494 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 02:37:45.022293 3.002418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 02:37:52.029996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:38:00.031786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:38:16.034770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:38:48.041244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:44:52.047413 3.001036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 02:44:59.054643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:45:07.055484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:45:23.059113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:45:55.084727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:51:59.091144 3.001294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 02:52:06.098396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:52:14.099684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:52:30.102696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:53:02.108716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:59:06.115488 3.000937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 02:59:13.122350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:59:21.123859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 02:59:37.126779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:00:09.132459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:01:03.771625 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 03:01:03.771876 0.164811 rtp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2567 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:03.933233 0.160438 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:04.090493 0.183960 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 3 886 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:04.273035 0.144968 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 3 821 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:04.409307 0.065789 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 3 706 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:04.468486 0.069415 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 4 1452 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:04.527345 0.046408 udp 10.0.2.109 3683 <-> 81.136.245.57 3409 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:04.572463 0.123823 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:04.679429 0.158046 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:04.783849 2.993588 tcp 10.0.2.109 54495 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:01:04.815503 0.145455 rtp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:04.978663 0.054086 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 3 875 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:05.047110 0.127786 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:05.190867 0.193832 rtp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:05.379971 0.160506 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:05.519228 0.133931 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:05.645089 0.176107 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:05.811576 0.147091 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:05.952448 0.190266 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:06.094330 0.085112 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:06.163586 0.197092 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 3 775 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:06.359736 0.144499 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 4 1405 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:06.492390 0.360287 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 3 783 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:06.858679 0.088917 udp 10.0.2.109 3683 <-> 82.109.209.98 1241 CON 0 0 3 960 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:06.941478 0.199864 rtp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:07.194424 0.281468 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 3 808 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:07.454105 0.396744 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:01:13.775764 0.000000 tcp 10.0.2.109 54495 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:01:19.786510 0.054055 tcp 10.0.2.109 54496 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:01:19.840865 0.060876 tcp 10.0.2.109 54497 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:01:19.902313 0.152954 tcp 10.0.2.109 54498 -> 195.113.214.211 443 SRPA* 0 0 41 22612 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:01:20.081932 2.997146 tcp 10.0.2.109 54499 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:01:29.077684 0.000000 tcp 10.0.2.109 54499 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:01:35.076728 0.052518 tcp 10.0.2.109 54500 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:01:35.129103 0.054640 tcp 10.0.2.109 54501 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:01:35.184109 0.204482 tcp 10.0.2.109 54502 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:01:35.398750 3.002122 tcp 10.0.2.109 54503 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:01:44.399546 0.000000 tcp 10.0.2.109 54503 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:01:50.399281 0.052872 tcp 10.0.2.109 54504 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:01:50.452485 0.085977 tcp 10.0.2.109 54505 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:01:50.538780 0.151739 tcp 10.0.2.109 54506 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:01:50.744363 3.009037 tcp 10.0.2.109 54507 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:01:59.751879 0.000000 tcp 10.0.2.109 54507 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:02:05.740758 0.055627 tcp 10.0.2.109 54508 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:02:05.796664 0.051102 tcp 10.0.2.109 54509 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:02:05.848063 0.159654 tcp 10.0.2.109 54510 -> 195.113.214.211 443 SRPA* 0 0 46 40404 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:02:06.048346 2.996992 tcp 10.0.2.109 54511 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:02:15.054001 0.000000 tcp 10.0.2.109 54511 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:02:21.042984 0.054103 tcp 10.0.2.109 54512 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:02:21.097383 0.061627 tcp 10.0.2.109 54513 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:02:21.159330 0.154688 tcp 10.0.2.109 54514 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:02:21.327845 2.999555 tcp 10.0.2.109 54515 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:02:30.325945 0.000000 tcp 10.0.2.109 54515 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:02:36.324911 3.003690 tcp 10.0.2.109 54516 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:02:45.327439 0.000000 tcp 10.0.2.109 54516 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:02:51.325906 3.004098 tcp 10.0.2.109 54517 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:03:00.328687 0.000000 tcp 10.0.2.109 54517 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:03:06.327752 3.004322 tcp 10.0.2.109 54518 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:03:11.004347 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 03:03:15.330804 0.000000 tcp 10.0.2.109 54518 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:03:21.328902 3.004234 tcp 10.0.2.109 54519 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:03:30.332191 0.000000 tcp 10.0.2.109 54519 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:06:13.138604 3.001745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 03:06:20.146290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:06:28.147785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:06:44.150406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:07:16.157147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:08:36.332872 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 03:08:36.333186 2.992876 tcp 10.0.2.109 54520 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:08:45.324827 0.000000 tcp 10.0.2.109 54520 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:08:51.335439 0.368063 tcp 10.0.2.109 54521 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:08:51.703860 0.369139 tcp 10.0.2.109 54522 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:08:52.072940 0.783181 tcp 10.0.2.109 54523 -> 195.113.214.211 443 SRPA* 0 0 30 14184 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:08:53.041493 2.086223 tcp 10.0.2.109 54524 -> 176.73.169.112 1959 FSPA* 0 0 13 1456 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:08:53.508053 0.385197 tcp 10.0.2.109 54525 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:08:53.893553 0.386523 tcp 10.0.2.109 54526 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:08:54.280370 0.822421 tcp 10.0.2.109 54527 -> 195.113.214.211 443 SRPA* 0 0 24 13844 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:08:55.127879 3.005779 tcp 10.0.2.109 54528 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:09:04.132253 0.000000 tcp 10.0.2.109 54528 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:09:10.121551 0.667301 tcp 10.0.2.109 54529 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:09:10.789194 0.674212 tcp 10.0.2.109 54530 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:09:11.463682 1.354946 tcp 10.0.2.109 54531 -> 195.113.214.211 443 SRPA* 0 0 28 14076 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:09:12.985560 3.003755 tcp 10.0.2.109 54532 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:09:21.987693 0.000000 tcp 10.0.2.109 54532 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:09:27.986692 0.660351 tcp 10.0.2.109 54533 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:09:28.647395 0.668460 tcp 10.0.2.109 54534 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:09:29.316160 1.485877 tcp 10.0.2.109 54535 -> 195.113.214.211 443 SRPA* 0 0 21 13034 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:09:30.881041 2.993722 tcp 10.0.2.109 54536 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:09:39.883455 0.000000 tcp 10.0.2.109 54536 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:09:45.882812 0.670652 tcp 10.0.2.109 54537 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:09:46.553717 0.641936 tcp 10.0.2.109 54538 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:09:47.195935 1.401198 tcp 10.0.2.109 54539 -> 195.113.214.211 443 SRPA* 0 0 24 13196 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:09:48.765334 3.005231 tcp 10.0.2.109 54540 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:09:57.769304 0.000000 tcp 10.0.2.109 54540 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:10:03.758781 0.610860 tcp 10.0.2.109 54541 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:04.369942 0.636269 tcp 10.0.2.109 54542 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:05.006503 1.397265 tcp 10.0.2.109 54543 -> 195.113.214.211 443 SRPA* 0 0 31 14222 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:06.713037 2.993208 tcp 10.0.2.109 54544 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:10:15.704667 0.000000 tcp 10.0.2.109 54544 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:10:21.714685 0.670145 tcp 10.0.2.109 54545 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:22.385096 0.686946 tcp 10.0.2.109 54546 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:23.071906 1.339776 tcp 10.0.2.109 54547 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:24.445994 3.005797 tcp 10.0.2.109 54548 -> 76.181.145.117 4797 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:10:33.450397 0.000000 tcp 10.0.2.109 54548 -> 76.181.145.117 4797 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:10:39.440044 0.711276 tcp 10.0.2.109 54549 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:40.151608 0.630328 tcp 10.0.2.109 54550 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:40.782458 1.320580 tcp 10.0.2.109 54551 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:42.115226 2.991988 tcp 10.0.2.109 54552 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:10:51.106042 0.000000 tcp 10.0.2.109 54552 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:10:57.115031 0.483902 tcp 10.0.2.109 54553 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:57.599223 0.493143 tcp 10.0.2.109 54554 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:58.092624 1.045670 tcp 10.0.2.109 54555 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:10:59.165902 3.005586 tcp 10.0.2.109 54556 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:11:08.170327 0.000000 tcp 10.0.2.109 54556 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:11:14.159407 0.278555 tcp 10.0.2.109 54557 -> 176.73.169.112 1959 SPA_* 0 0 9 1240 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:11:24.779739 0.000305 tcp 10.0.2.109 54557 -> 176.73.169.112 1959 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:11:24.780286 2.998507 tcp 10.0.2.109 54558 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:11:33.777189 0.000000 tcp 10.0.2.109 54558 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:11:39.776358 3.003523 tcp 10.0.2.109 54559 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:11:48.778916 0.000000 tcp 10.0.2.109 54559 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:11:54.777292 3.004478 tcp 10.0.2.109 54560 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:12:03.780588 0.000000 tcp 10.0.2.109 54560 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:12:09.778974 3.004312 tcp 10.0.2.109 54561 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:12:14.505543 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 03:12:18.782019 0.000000 tcp 10.0.2.109 54561 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:12:24.780321 2.994391 tcp 10.0.2.109 54562 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:12:33.783467 0.000000 tcp 10.0.2.109 54562 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:12:39.782011 2.994402 tcp 10.0.2.109 54563 -> 76.181.145.117 4797 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:12:48.775284 0.000000 tcp 10.0.2.109 54563 -> 76.181.145.117 4797 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:12:54.784031 3.004107 tcp 10.0.2.109 54564 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:12:59.510538 0.000182 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 03:13:03.786323 0.000000 tcp 10.0.2.109 54564 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:13:20.163032 3.001575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 03:13:27.170515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:13:35.171661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:13:51.175185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:14:23.181041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:18:09.787257 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 03:18:09.787368 3.003396 tcp 10.0.2.109 54565 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:18:18.789238 0.000000 tcp 10.0.2.109 54565 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 03:18:24.789692 0.420616 tcp 10.0.2.109 54566 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:18:25.210585 0.506048 tcp 10.0.2.109 54567 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:18:25.716928 1.119451 tcp 10.0.2.109 54568 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:18:26.868797 2.806774 tcp 10.0.2.109 54569 -> 176.73.169.112 1959 FSPA* 0 0 13 1343 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:18:27.424406 0.513457 tcp 10.0.2.109 54570 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:18:27.938300 0.551226 tcp 10.0.2.109 54571 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:18:28.489810 1.141537 tcp 10.0.2.109 54572 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:18:29.675805 1.364989 tcp 10.0.2.109 54573 -> 176.74.96.2 6834 FSPA* 0 0 14 1634 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:20:27.186793 3.001678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 03:20:34.193979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:20:42.195965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:20:58.198793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:21:30.204792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:27:34.210994 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 03:27:41.218162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:27:49.219730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:28:05.222301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:28:37.228834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:31:36.576887 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 03:31:36.577081 0.000000 rtcp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 03:31:54.664057 0.428483 tcp 10.0.2.109 54574 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:31:55.092870 0.442781 tcp 10.0.2.109 54575 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:31:55.535853 0.952255 tcp 10.0.2.109 54576 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:31:56.488634 0.436502 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:31:56.925552 0.409483 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:31:57.335457 0.403573 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:31:57.739415 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 03:32:15.323085 0.610115 tcp 10.0.2.109 54577 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:32:15.933537 0.639636 tcp 10.0.2.109 54578 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:32:16.573470 1.430492 tcp 10.0.2.109 54579 -> 195.113.214.211 443 SRPA* 0 0 23 13790 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:32:18.004458 0.419030 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:18.423865 0.000000 udp 10.0.2.109 3683 -> 81.136.245.57 3409 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 03:32:36.252698 0.699375 tcp 10.0.2.109 54580 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:32:36.952397 0.692261 tcp 10.0.2.109 54581 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:32:37.644553 1.372572 tcp 10.0.2.109 54582 -> 195.113.214.211 443 SRPA* 0 0 23 13790 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:32:39.018277 0.351328 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:39.369970 0.365625 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:39.736031 0.521431 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:40.257861 0.408987 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:40.667266 0.405600 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:41.073223 0.582471 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:41.656119 0.383446 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:42.039954 0.449802 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:42.490249 0.397980 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:42.888640 0.463443 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:43.352493 0.451047 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:43.803961 0.421147 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:44.225527 0.504288 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:44.730402 0.453005 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:45.183769 0.703926 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:45.888050 0.525927 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:32:46.414348 0.000000 udp 10.0.2.109 3683 -> 82.109.209.98 1241 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 03:33:04.784134 0.496656 tcp 10.0.2.109 54583 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:33:05.280669 0.535591 tcp 10.0.2.109 54584 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:33:05.816632 1.398327 tcp 10.0.2.109 54585 -> 195.113.214.211 443 SRPA* 0 0 24 13196 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:33:07.215586 0.407532 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:33:07.623523 0.701034 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/15 03:34:41.234956 3.001582 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 03:34:48.241919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:34:56.243324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:35:12.246533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:35:44.252573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:41:48.258951 3.001215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 03:41:55.265963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:42:03.267797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:42:19.270426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:42:51.276544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:48:31.045541 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 03:48:31.045723 1.174579 tcp 10.0.2.109 54586 -> 176.74.96.2 6834 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/01/15 03:48:55.283260 3.001389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 03:49:02.289783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:49:10.291595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:49:26.294199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:49:58.300635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:56:02.306667 3.001204 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 03:56:09.313697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:56:17.315437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:56:33.318630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 03:57:05.324479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:03:09.331192 3.000999 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 04:03:16.337981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:03:16.899453 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:03:16.899640 0.000000 udp 10.0.2.109 3683 -> 81.136.245.57 3409 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:03:24.339716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:03:35.267457 0.054135 tcp 10.0.2.109 54587 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:03:35.321930 0.052996 tcp 10.0.2.109 54588 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:03:35.375272 0.156190 tcp 10.0.2.109 54589 -> 195.113.214.211 443 SRPA* 0 0 40 21360 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:03:35.532092 0.185457 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:03:35.717945 0.048082 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:03:35.766601 0.000000 udp 10.0.2.109 3683 -> 82.109.209.98 1241 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:03:40.342131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:03:52.670922 0.053975 tcp 10.0.2.109 54590 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:03:52.725186 0.053794 tcp 10.0.2.109 54591 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:03:52.779236 0.159390 tcp 10.0.2.109 54592 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:03:52.939326 0.151813 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:03:53.091574 0.175145 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:03:53.267058 0.145921 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:03:53.413472 0.055788 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:03:53.413889 2.991953 tcp 10.0.2.109 54593 -> 75.34.179.1 6262 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:03:53.469653 0.135843 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:03:53.605877 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:04:02.404046 0.000000 tcp 10.0.2.109 54593 -> 75.34.179.1 6262 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:04:10.135981 0.052278 tcp 10.0.2.109 54594 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:04:10.188530 0.054735 tcp 10.0.2.109 54595 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:04:10.243220 0.155337 tcp 10.0.2.109 54596 -> 195.113.214.211 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:04:10.398957 0.151273 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:10.550628 0.052570 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:10.603595 0.187773 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:10.791726 0.126624 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:10.918812 0.138955 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:11.058341 0.212340 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:11.271078 0.165042 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:11.436611 0.140316 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:11.577327 0.129570 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:11.707363 0.172255 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:11.879968 0.466479 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:12.346850 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:04:12.348264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:04:29.633688 0.052525 tcp 10.0.2.109 54597 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:04:29.686485 0.055413 tcp 10.0.2.109 54598 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:04:29.742346 0.150023 tcp 10.0.2.109 54599 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:04:29.892634 0.371017 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:30.264048 0.290263 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:30.554719 0.148338 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:30.703491 0.397566 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:31.140247 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 REQ 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:04:39.878446 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 REQ 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:04:45.866695 0.159507 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 824 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:46.026710 0.052938 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:46.080050 0.051851 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:46.132378 0.134464 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:46.267340 0.177501 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:46.445341 0.154305 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 842 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:46.600067 0.147603 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 716 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:46.748094 0.150730 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 771 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:46.899304 0.189322 udp 10.0.2.109 3683 <-> 12.204.159.195 1272 CON 0 0 2 683 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:47.099573 0.053123 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 815 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:47.153165 0.129681 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 768 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:47.283495 0.162576 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:47.446490 0.140395 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 690 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:47.587373 0.131312 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:47.719184 0.124768 udp 10.0.2.109 3683 <-> 173.13.37.161 1324 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:47.844345 0.138915 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 689 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:47.983797 0.171087 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:48.155368 0.072834 udp 10.0.2.109 3683 <-> 80.177.149.34 2494 CON 0 0 2 823 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:48.228624 0.357258 udp 10.0.2.109 3683 <-> 75.92.139.157 4824 CON 0 0 2 762 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:48.586379 0.153413 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 664 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:48.740212 0.371276 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:49.111965 0.397501 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 720 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:49.509981 0.000000 udp 10.0.2.109 3683 -> 212.186.84.130 4104 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:04:58.024518 0.233102 udp 10.0.2.109 3683 <-> 190.204.17.28 5879 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:04:58.280689 0.000000 udp 10.0.2.109 3683 -> 87.22.193.31 2101 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:05:03.602047 0.000000 udp 10.0.2.109 3683 -> 76.87.115.182 7373 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:05:09.450577 0.000000 udp 10.0.2.109 3683 -> 74.84.70.50 1698 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:05:14.007376 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:05:15.759676 0.000000 udp 10.0.2.109 3683 -> 81.149.183.120 1369 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:05:22.399825 0.000000 udp 10.0.2.109 3683 -> 61.16.243.234 3528 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:05:30.150396 0.000000 udp 10.0.2.109 3683 -> 24.47.205.118 3901 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:05:37.100376 0.000000 udp 10.0.2.109 3683 -> 94.95.188.235 5130 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:05:45.202134 0.000000 udp 10.0.2.109 3683 -> 94.162.188.63 6575 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:05:54.184771 0.000000 udp 10.0.2.109 3683 -> 81.134.73.11 2522 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:05:59.011653 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:06:02.246451 0.000000 udp 10.0.2.109 3683 -> 180.1.88.127 4657 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:06:09.036163 0.000000 udp 10.0.2.109 3683 -> 88.233.192.87 2454 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:06:16.598649 0.191063 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 664 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:06:17.082737 3.786196 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:06:21.025664 0.000000 udp 10.0.2.109 3683 -> 113.193.10.62 8612 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:06:26.491905 0.000000 udp 10.0.2.109 3683 -> 122.160.135.249 4956 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:06:32.290039 0.000000 udp 10.0.2.109 3683 -> 68.57.103.182 9428 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:06:38.067917 0.044377 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 683 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:06:38.199709 0.000000 udp 10.0.2.109 3683 -> 63.141.238.56 7512 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:06:45.148321 0.318055 udp 10.0.2.109 3683 <-> 218.145.118.4 6830 CON 0 0 2 672 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:06:45.475418 0.000000 udp 10.0.2.109 3683 -> 71.118.60.202 4102 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:06:50.005404 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:06:52.729206 0.084288 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:06:52.843727 0.000000 udp 10.0.2.109 3683 -> 78.14.195.185 7760 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:07:01.582077 0.079326 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 665 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:07:01.716396 0.000000 udp 10.0.2.109 3683 -> 135.196.37.111 2846 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:07:10.024064 0.000000 udp 10.0.2.109 3683 -> 65.112.128.182 4143 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:07:17.204452 0.051632 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:07:17.280472 0.000000 udp 10.0.2.109 3683 -> 67.87.43.33 3841 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:07:24.023868 0.000000 udp 10.0.2.109 3683 -> 95.6.36.152 6989 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:07:32.256237 0.270719 udp 10.0.2.109 3683 <-> 14.97.216.185 3969 CON 0 0 2 719 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:07:32.585421 0.000000 udp 10.0.2.109 3683 -> 62.252.11.112 3286 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:07:37.012333 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:07:41.068724 0.225195 udp 10.0.2.109 3683 <-> 115.252.223.173 5441 CON 0 0 2 741 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:07:41.304926 0.133626 udp 10.0.2.109 3683 <-> 80.149.38.177 4378 CON 0 0 2 784 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:07:41.486454 0.044988 udp 10.0.2.109 3683 <-> 87.153.124.250 4545 CON 0 0 2 823 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:07:41.569083 0.000000 udp 10.0.2.109 3683 -> 76.187.242.4 2030 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:07:50.371968 0.000000 udp 10.0.2.109 3683 -> 111.250.28.71 5460 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:07:57.982827 0.338805 udp 10.0.2.109 3683 <-> 183.23.143.36 1354 CON 0 0 2 801 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:07:58.351916 0.000000 udp 10.0.2.109 3683 -> 88.242.156.36 1826 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:08:04.742828 0.000000 udp 10.0.2.109 3683 -> 84.176.124.158 6122 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:08:11.803125 0.000000 udp 10.0.2.109 3683 -> 217.41.21.197 2916 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:08:17.901898 0.092710 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 852 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:08:18.022935 0.208402 udp 10.0.2.109 3683 <-> 173.25.73.202 5768 CON 0 0 2 727 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:08:18.266821 0.000000 udp 10.0.2.109 3683 -> 202.175.99.66 6935 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:08:22.508313 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:08:25.492862 0.030833 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 784 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:08:25.659519 0.000000 udp 10.0.2.109 3683 -> 78.152.125.2 8385 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:08:32.863522 0.056481 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 720 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:08:32.934992 0.000000 udp 10.0.2.109 3683 -> 89.97.191.9 1369 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:08:40.434420 0.000000 udp 10.0.2.109 3683 -> 196.217.182.192 6398 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:08:47.194030 0.000000 udp 10.0.2.109 3683 -> 50.240.97.161 6393 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:08:52.822036 0.000000 udp 10.0.2.109 3683 -> 41.72.201.86 7723 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:08:59.511879 0.000000 udp 10.0.2.109 3683 -> 178.16.6.138 9467 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:09:08.084160 0.419018 udp 10.0.2.109 3683 <-> 85.189.224.126 6018 CON 0 0 2 800 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:09:08.553902 0.000000 udp 10.0.2.109 3683 -> 5.68.63.101 9664 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:09:13.010841 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:09:15.624368 0.000000 udp 10.0.2.109 3683 -> 78.171.40.166 4897 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:09:24.407335 0.000000 udp 10.0.2.109 3683 -> 78.90.226.115 7460 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:09:31.407801 0.000000 udp 10.0.2.109 3683 -> 117.219.195.99 2894 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:09:37.316159 0.351204 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 721 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:09:37.784927 0.249306 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 836 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:09:38.094465 0.000000 udp 10.0.2.109 3683 -> 71.166.245.104 7615 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:09:45.387744 0.000000 udp 10.0.2.109 3683 -> 216.16.107.230 8269 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:09:52.847965 0.058628 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 741 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:09:52.971359 0.056251 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 777 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:09:53.091624 0.000000 udp 10.0.2.109 3683 -> 81.214.84.209 3038 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:09:57.504338 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:10:00.839638 0.000000 udp 10.0.2.109 3683 -> 72.51.209.160 2898 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:10:08.741363 0.663579 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 836 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:10:09.446078 0.261387 udp 10.0.2.109 3683 <-> 117.196.43.39 8244 CON 0 0 2 792 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:10:09.780233 0.000000 udp 10.0.2.109 3683 -> 2.120.67.16 4863 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:10:14.799987 0.000000 udp 10.0.2.109 3683 -> 39.212.13.106 7643 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:10:16.354217 3.001624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 04:10:21.619517 0.000000 udp 10.0.2.109 3683 -> 109.96.131.110 7305 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:10:23.361837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:10:29.290567 0.000000 udp 10.0.2.109 3683 -> 83.79.100.73 4114 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:10:31.363536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:10:36.991838 0.000000 udp 10.0.2.109 3683 -> 95.243.168.30 2173 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:10:43.270611 0.105351 udp 10.0.2.109 3683 -> 77.69.3.156 5995 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:10:43.375962 0.000000 icmp 77.69.3.156 0x0303 -> 10.0.2.109 0x6b17 URP 192 1 128 flow=Background 1970/01/15 04:10:47.366528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:10:48.007237 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:10:50.651390 0.000000 udp 10.0.2.109 3683 -> 217.19.148.78 5747 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:10:57.671608 0.000000 udp 10.0.2.109 3683 -> 182.64.187.163 6174 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:11:05.122164 0.000000 udp 10.0.2.109 3683 -> 122.176.45.75 9573 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:11:13.935158 0.000000 udp 10.0.2.109 3683 -> 85.100.146.218 2608 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:11:19.372409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:11:20.384323 0.000000 udp 10.0.2.109 3683 -> 213.165.33.47 3713 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:11:28.886547 0.320654 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 693 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:11:29.271041 0.197711 udp 10.0.2.109 3683 -> 67.158.153.50 7579 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:11:29.468752 0.000000 icmp 67.158.153.50 0x0303 -> 10.0.2.109 0x9b1d URP 192 1 203 flow=Background 1970/01/15 04:11:33.512821 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:11:38.029461 0.195820 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:11:38.264987 0.000000 udp 10.0.2.109 3683 -> 212.5.158.246 2184 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:11:46.311005 0.000000 udp 10.0.2.109 3683 -> 88.97.12.179 7470 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:11:53.211323 0.000000 udp 10.0.2.109 3683 -> 70.171.83.178 4380 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:11:58.679464 0.171015 udp 10.0.2.109 3683 <-> 49.204.155.148 6413 CON 0 0 2 718 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:11:58.870208 0.079077 udp 10.0.2.109 3683 <-> 86.157.1.225 9940 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:11:58.992510 0.000000 udp 10.0.2.109 3683 -> 86.135.134.123 6017 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:12:05.839805 0.000000 udp 10.0.2.109 3683 -> 107.212.20.36 7375 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:12:10.906400 0.000000 udp 10.0.2.109 3683 -> 113.161.162.136 7350 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:12:18.277096 0.034055 udp 10.0.2.109 3683 -> 78.131.200.4 5323 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:12:18.311151 0.000000 icmp 78.131.200.4 0x0303 -> 10.0.2.109 0xcb14 URP 192 1 174 flow=Background 1970/01/15 04:12:23.003706 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:12:27.180264 0.000000 udp 10.0.2.109 3683 -> 114.172.59.243 6033 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:12:35.471891 0.053318 udp 10.0.2.109 3683 <-> 5.13.156.79 8062 CON 0 0 2 725 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:12:35.704425 0.000000 udp 10.0.2.109 3683 -> 117.218.63.128 9019 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:12:41.460551 0.166532 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 759 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:12:41.941664 0.000000 udp 10.0.2.109 3683 -> 76.186.238.126 6653 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:12:47.989682 0.436647 udp 10.0.2.109 3683 <-> 94.196.152.27 4763 CON 0 0 2 668 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:12:48.597274 0.000000 udp 10.0.2.109 3683 -> 2.39.253.4 1748 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:12:54.839989 0.000000 udp 10.0.2.109 3683 -> 95.227.157.228 4497 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:13:01.408996 0.053745 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 815 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:13:01.620506 0.000000 udp 10.0.2.109 3683 -> 87.5.122.81 9180 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:13:09.350902 0.124743 udp 10.0.2.109 3683 -> 80.92.176.110 2139 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:13:09.475645 0.000000 icmp 80.92.176.110 0x0303 -> 10.0.2.109 0x5b08 URP 192 1 307 flow=Background 1970/01/15 04:13:14.007305 0.000194 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:13:15.529325 0.834952 udp 10.0.2.109 3683 <-> 121.245.171.34 8669 CON 0 0 2 810 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:13:16.641492 0.000000 udp 10.0.2.109 3683 -> 95.224.21.109 3418 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:13:21.938838 0.071066 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 748 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:13:22.034197 0.000000 udp 10.0.2.109 3683 -> 1.22.166.76 8126 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:13:30.821653 0.147476 udp 10.0.2.109 3683 <-> 66.186.103.50 6545 CON 0 0 2 789 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:13:30.978718 0.000000 udp 10.0.2.109 3683 -> 95.224.253.97 6524 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:13:38.201958 0.000000 udp 10.0.2.109 3683 -> 93.44.41.174 5334 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:13:46.674956 0.079622 udp 10.0.2.109 3683 <-> 213.123.248.98 8134 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:13:46.771546 0.000000 udp 10.0.2.109 3683 -> 190.248.133.202 7599 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:13:54.525454 0.000000 udp 10.0.2.109 3683 -> 2.126.125.112 9732 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:13:59.512283 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:14:02.156479 0.000000 udp 10.0.2.109 3683 -> 217.203.240.98 3641 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:14:09.476856 0.000000 udp 10.0.2.109 3683 -> 95.6.50.221 2827 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:14:18.420158 0.000000 udp 10.0.2.109 3683 -> 97.93.43.130 1910 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:14:25.379742 0.000000 udp 10.0.2.109 3683 -> 70.168.4.185 4460 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:14:32.169880 0.470589 udp 10.0.2.109 3683 <-> 14.97.119.14 7779 CON 0 0 2 790 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:14:32.686188 0.357595 udp 10.0.2.109 3683 <-> 59.115.50.4 2346 CON 0 0 2 761 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:14:33.290570 0.000000 udp 10.0.2.109 3683 -> 88.62.241.155 6468 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:14:39.189771 0.398346 udp 10.0.2.109 3683 <-> 117.201.233.72 8708 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:14:39.684806 0.283746 udp 10.0.2.109 3683 <-> 117.217.1.67 1712 CON 0 0 2 707 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:14:39.991846 0.000000 udp 10.0.2.109 3683 -> 109.155.235.217 4764 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:14:44.006269 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:14:46.239719 0.000000 udp 10.0.2.109 3683 -> 95.93.38.26 4268 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:14:53.470076 0.000000 udp 10.0.2.109 3683 -> 79.4.20.215 8394 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:15:02.002726 0.000000 udp 10.0.2.109 3683 -> 83.110.141.126 8778 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:15:07.109708 0.000000 udp 10.0.2.109 3683 -> 99.137.230.116 3975 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:15:12.207249 0.044879 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 802 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:17:23.379594 3.000339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 04:17:30.386169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:17:38.387221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:17:54.390325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:18:26.396812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:18:32.225524 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:18:32.225628 0.703024 tcp 10.0.2.109 54600 -> 176.74.96.2 6834 FSPA* 0 0 14 1518 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:24:30.403041 3.001085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 04:24:37.409752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:24:45.411596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:25:01.414348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:25:33.420578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:31:37.426529 3.001177 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 04:31:44.434013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:31:52.435300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:32:08.438623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:32:40.444308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:38:44.450766 3.000950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 04:38:51.457614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:38:59.459091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:39:15.462074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:39:47.468496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:45:27.848276 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:45:27.848370 0.144596 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:27.993434 0.174611 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:27.993805 3.008205 tcp 10.0.2.109 54601 -> 174.91.197.106 6016 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:45:28.185713 0.162824 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:28.348983 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:45:37.000867 0.000000 tcp 10.0.2.109 54601 -> 174.91.197.106 6016 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:45:43.462682 0.053304 tcp 10.0.2.109 54602 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:45:43.516335 0.054219 tcp 10.0.2.109 54603 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:45:43.570841 0.143208 tcp 10.0.2.109 54604 -> 195.113.214.211 443 SRPA* 0 0 33 26348 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:45:43.714741 0.062921 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:43.778069 0.146348 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:43.925168 0.052531 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:43.978092 0.187913 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:44.166563 0.395853 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:44.562827 0.216419 udp 10.0.2.109 3683 <-> 190.204.17.28 5879 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:44.779676 0.191981 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:44.971996 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:45:51.475130 3.000749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 04:45:54.384086 0.000000 udp 10.0.2.109 3683 <- 99.233.251.108 8768 RSP 0 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:45:54.384550 0.047528 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:54.432461 0.316599 udp 10.0.2.109 3683 <-> 218.145.118.4 6830 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:54.432787 2.997178 tcp 10.0.2.109 54605 -> 93.212.249.173 9588 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:45:54.749525 0.082039 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:54.831977 0.069532 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:54.901953 0.049876 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:54.952233 0.920993 udp 10.0.2.109 3683 <-> 14.97.216.185 3969 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:45:55.873634 0.000000 udp 10.0.2.109 3683 -> 115.252.223.173 5441 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:45:58.482011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:46:03.429008 0.000000 tcp 10.0.2.109 54605 -> 93.212.249.173 9588 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:46:06.483203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:46:12.593014 0.054069 tcp 10.0.2.109 54606 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:12.647366 0.054481 tcp 10.0.2.109 54607 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:12.702324 0.147813 tcp 10.0.2.109 54608 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:12.850787 0.042131 udp 10.0.2.109 3683 <-> 87.153.124.250 4545 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:12.893317 0.000000 udp 10.0.2.109 3683 -> 80.149.38.177 4378 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:46:21.294272 0.000000 udp 10.0.2.109 3683 <- 80.149.38.177 4378 RSP 0 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:46:21.294831 0.323601 udp 10.0.2.109 3683 <-> 183.23.143.36 1354 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:21.295244 3.003861 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:46:21.618875 0.091936 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:21.711239 0.206501 udp 10.0.2.109 3683 <-> 173.25.73.202 5768 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:21.918308 0.029128 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:21.947848 0.052712 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:22.000970 0.224364 udp 10.0.2.109 3683 <-> 85.189.224.126 6018 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:22.225754 0.000000 udp 10.0.2.109 3683 -> 125.113.191.17 5674 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:46:22.486408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:46:28.337551 0.000372 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 PA_SA 0 0 4 456 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:34.273854 1.511348 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 8 3912 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:39.361145 0.053133 tcp 10.0.2.109 54610 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:39.414367 0.055027 tcp 10.0.2.109 54611 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:39.469733 0.152085 tcp 10.0.2.109 54612 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:39.622322 0.220206 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:39.875237 0.057133 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:39.932728 0.053776 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:39.986922 0.932439 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:40.297770 2.157307 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 14 9324 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:40.919755 0.938623 udp 10.0.2.109 3683 <-> 117.196.43.39 8244 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:41.858842 0.361766 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:42.221030 0.199460 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:42.420875 0.000000 udp 10.0.2.109 3683 -> 86.157.1.225 9940 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:46:46.408781 2.748347 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 30 18756 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:53.534325 4.070157 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 70 38052 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:54.492029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:46:58.217970 0.054958 tcp 10.0.2.109 54613 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:58.272859 0.057152 tcp 10.0.2.109 54614 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:58.330367 0.162255 tcp 10.0.2.109 54615 -> 195.113.214.211 443 SRPA* 0 0 33 19398 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:46:58.493271 0.166835 udp 10.0.2.109 3683 <-> 49.204.155.148 6413 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:46:58.660430 0.000000 udp 10.0.2.109 3683 -> 5.13.156.79 8062 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:47:02.483872 4.870851 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 85 46002 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:12.074116 0.508906 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 15 9378 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:16.223972 0.055647 tcp 10.0.2.109 54616 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:16.279934 0.053802 tcp 10.0.2.109 54617 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:16.334037 0.150937 tcp 10.0.2.109 54618 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:16.485525 0.158657 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:47:16.644584 0.000000 udp 10.0.2.109 3683 -> 94.196.152.27 4763 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:47:22.072402 0.200092 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 2 1364 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:31.877188 0.053029 tcp 10.0.2.109 54619 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:31.930470 0.054361 tcp 10.0.2.109 54620 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:31.984709 0.219238 tcp 10.0.2.109 54621 -> 195.113.214.211 443 SRPA* 0 0 48 31184 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:32.204165 0.058693 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:47:32.263271 0.000000 udp 10.0.2.109 3683 -> 121.245.171.34 8669 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:47:38.065314 4.965646 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 5 1710 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:43.232251 0.053768 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 7 3394 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:48.614737 0.626057 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 11 7586 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:51.034063 0.053175 tcp 10.0.2.109 54622 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:51.087525 0.052955 tcp 10.0.2.109 54623 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:51.140781 0.152285 tcp 10.0.2.109 54624 -> 195.113.214.211 443 SRPA* 0 0 46 41914 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:47:51.293842 0.070376 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:47:51.364599 0.149960 udp 10.0.2.109 3683 <-> 66.186.103.50 6545 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:47:51.514898 0.074347 udp 10.0.2.109 3683 <-> 213.123.248.98 8134 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:47:51.589644 0.252209 udp 10.0.2.109 3683 <-> 14.97.119.14 7779 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:47:51.842265 0.000000 udp 10.0.2.109 3683 -> 59.115.50.4 2346 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:47:54.272562 1.647643 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 23 14302 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:00.693805 2.267069 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 28 19988 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:07.808593 2.613115 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 30 22124 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:10.011269 0.052870 tcp 10.0.2.109 54625 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:10.064376 0.052693 tcp 10.0.2.109 54626 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:10.117306 0.146789 tcp 10.0.2.109 54627 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:10.264754 0.228568 udp 10.0.2.109 3683 <-> 117.201.233.72 8708 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:48:10.493682 0.000000 udp 10.0.2.109 3683 -> 117.217.1.67 1712 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 04:48:15.504605 3.418362 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 35 17709 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:25.857964 1.386387 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 23 12666 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:27.546860 0.052552 tcp 10.0.2.109 54628 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:27.599261 0.057226 tcp 10.0.2.109 54629 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:27.656849 0.257173 tcp 10.0.2.109 54630 -> 195.113.214.211 443 SRPA* 0 0 28 14076 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:27.914918 0.044410 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/15 04:48:32.934429 3.003588 tcp 10.0.2.109 54631 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:48:34.460252 1.198077 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 17 9486 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:40.467467 3.964861 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 19 9919 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:41.936421 0.000000 tcp 10.0.2.109 54631 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:48:47.937186 0.052182 tcp 10.0.2.109 54632 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:47.989662 0.054141 tcp 10.0.2.109 54633 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:48.044088 0.235111 tcp 10.0.2.109 54634 -> 195.113.214.211 443 SRPA* 0 0 45 37188 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:48.376327 3.004050 tcp 10.0.2.109 54635 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:48:49.658041 4.243219 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 25 12774 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:48:57.378861 0.000000 tcp 10.0.2.109 54635 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:48:58.378817 4.812424 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 26 12955 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:03.378589 0.057262 tcp 10.0.2.109 54636 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:03.436280 0.054886 tcp 10.0.2.109 54637 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:03.491477 0.154868 tcp 10.0.2.109 54638 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:03.841826 3.000871 tcp 10.0.2.109 54639 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:49:07.367891 4.759168 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 25 14100 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:12.841200 0.000000 tcp 10.0.2.109 54639 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:49:15.874304 4.913366 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 29 15846 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:18.840243 0.053175 tcp 10.0.2.109 54640 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:18.893756 0.054218 tcp 10.0.2.109 54641 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:18.948278 0.144326 tcp 10.0.2.109 54642 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:19.297904 2.997033 tcp 10.0.2.109 54643 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:49:23.561938 4.528857 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 28 15792 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:28.303357 0.000000 tcp 10.0.2.109 54643 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:49:30.428603 4.197781 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 31 17382 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:34.292468 0.192769 tcp 10.0.2.109 54644 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:34.485588 0.052514 tcp 10.0.2.109 54645 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:34.538388 0.162808 tcp 10.0.2.109 54646 -> 195.113.214.211 443 SRPA* 0 0 40 33078 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:34.772051 2.984920 tcp 10.0.2.109 54647 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:49:36.769176 3.618020 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 29 15846 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:41.812960 4.837239 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 13 7842 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:43.755431 0.000000 tcp 10.0.2.109 54647 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:49:47.038334 3.366470 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 25 12774 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:49.764586 0.055569 tcp 10.0.2.109 54648 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:49.820423 0.055330 tcp 10.0.2.109 54649 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:49.875619 0.160674 tcp 10.0.2.109 54650 -> 195.113.214.211 443 SRPA* 0 0 42 21468 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:50.069339 2.999949 tcp 10.0.2.109 54651 -> 76.181.145.117 4797 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:49:52.205833 4.165783 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 32 17436 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:58.550247 4.909981 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 11 6298 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:49:59.067759 0.000000 tcp 10.0.2.109 54651 -> 76.181.145.117 4797 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 04:50:03.654028 4.746981 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 31 15962 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:50:05.066632 0.053634 tcp 10.0.2.109 54652 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:50:05.120116 0.055306 tcp 10.0.2.109 54653 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:50:05.175706 0.142439 tcp 10.0.2.109 54654 -> 195.113.214.211 443 SRPA* 0 0 46 39778 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:50:05.331408 1.137937 tcp 10.0.2.109 54655 -> 95.104.50.9 3421 FSPA* 0 0 15 1756 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:50:10.496171 3.938190 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 23 12666 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:50:23.660808 0.202665 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 2 243 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:50:36.026434 4.280227 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 60 51657 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:50:55.050973 0.197603 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 2 843 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:51:00.065572 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 04:51:06.676167 2.939670 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 26 20380 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:51:16.993193 1.062684 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 7 3234 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:51:23.662897 4.083615 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 8 4608 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:51:32.188002 4.189681 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 A_PA 0 0 9 4281 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:51:37.291787 0.347237 tcp 10.0.2.109 54609 -> 80.149.38.177 8251 FRPA* 0 0 11 2551 flow=From-Botnet-V1-TCP-Established 1970/01/15 04:52:58.559407 3.000532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 04:53:05.565751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:53:13.567137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:53:29.570639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 04:54:01.576111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:00:05.583042 3.902682 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 05:00:13.491345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:00:21.492608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:00:37.495635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:01:09.501603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:07:13.508346 3.000956 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 05:07:20.515165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:07:28.516348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:07:44.519663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:08:16.525739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:14:20.532123 3.001243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 05:14:27.539106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:14:35.540784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:14:51.543272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:15:23.549327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:18:30.188411 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 05:18:30.188508 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:18:46.413267 0.053169 tcp 10.0.2.109 54656 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:18:46.466714 0.053741 tcp 10.0.2.109 54657 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:18:46.520785 0.147745 tcp 10.0.2.109 54658 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:18:46.669188 0.000000 udp 10.0.2.109 3683 -> 115.252.223.173 5441 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:19:02.224456 0.052182 tcp 10.0.2.109 54659 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:02.276894 0.052898 tcp 10.0.2.109 54660 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:02.330059 0.150175 tcp 10.0.2.109 54661 -> 195.113.214.211 443 SRPA* 0 0 55 34730 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:02.480462 0.289177 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:19:02.770090 0.000000 udp 10.0.2.109 3683 -> 86.157.1.225 9940 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:19:21.582762 0.097551 tcp 10.0.2.109 54662 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:21.680595 0.053887 tcp 10.0.2.109 54663 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:21.734725 0.159851 tcp 10.0.2.109 54664 -> 195.113.214.211 443 SRPA* 0 0 32 17012 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:21.895157 0.000000 udp 10.0.2.109 3683 -> 5.13.156.79 8062 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:19:37.024845 0.053896 tcp 10.0.2.109 54665 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:37.079039 0.053560 tcp 10.0.2.109 54666 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:37.132848 0.140755 tcp 10.0.2.109 54667 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:37.274287 0.000000 udp 10.0.2.109 3683 -> 94.196.152.27 4763 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:19:56.272337 0.054781 tcp 10.0.2.109 54668 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:56.327399 0.054475 tcp 10.0.2.109 54669 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:56.382313 0.152349 tcp 10.0.2.109 54670 -> 195.113.214.211 443 SRPA* 0 0 25 13040 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:19:56.535215 0.000000 udp 10.0.2.109 3683 -> 121.245.171.34 8669 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:20:06.937579 0.541378 tcp 10.0.2.109 54671 -> 95.104.50.9 3421 FSPA* 0 0 15 1609 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:11.914743 0.056017 tcp 10.0.2.109 54672 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:11.971084 0.053750 tcp 10.0.2.109 54673 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:12.025118 0.153248 tcp 10.0.2.109 54674 -> 195.113.214.211 443 SRPA* 0 0 38 22510 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:12.178841 0.462978 udp 10.0.2.109 3683 <-> 59.115.50.4 2346 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:12.642391 0.000000 udp 10.0.2.109 3683 -> 117.217.1.67 1712 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:20:28.217967 0.057990 tcp 10.0.2.109 54675 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:28.276317 0.064787 tcp 10.0.2.109 54676 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:28.341471 0.174185 tcp 10.0.2.109 54677 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:28.516181 0.162942 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:28.679546 0.140825 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:28.820759 0.180931 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:29.002100 0.063588 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:29.066053 0.190323 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:29.256833 0.053709 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:29.310911 0.146654 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:29.457993 0.438428 udp 10.0.2.109 3683 <-> 190.204.17.28 5879 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:29.896911 0.395406 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:30.292681 0.186418 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:30.479491 0.314658 udp 10.0.2.109 3683 <-> 218.145.118.4 6830 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:30.794557 0.042470 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:30.837428 0.076874 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:30.914667 3.968288 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:34.883337 0.055106 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:34.938842 0.072629 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:35.011891 0.359565 udp 10.0.2.109 3683 <-> 14.97.216.185 3969 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:35.371850 0.042093 udp 10.0.2.109 3683 <-> 87.153.124.250 4545 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:20:35.414403 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:20:52.563136 0.054457 tcp 10.0.2.109 54678 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:52.617987 0.052430 tcp 10.0.2.109 54679 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:52.670737 0.143332 tcp 10.0.2.109 54680 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:20:52.814737 0.000000 udp 10.0.2.109 3683 -> 80.149.38.177 4378 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:21:00.103232 0.000000 udp 10.0.2.109 3683 <- 80.149.38.177 4378 RSP 0 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:21:00.103731 0.000000 udp 10.0.2.109 3683 -> 183.23.143.36 1354 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:21:19.001283 0.053187 tcp 10.0.2.109 54681 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:21:19.054775 0.061294 tcp 10.0.2.109 54682 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:21:19.116384 0.163572 tcp 10.0.2.109 54683 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:21:19.279254 0.030606 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:19.310248 0.053994 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:19.364634 0.221626 udp 10.0.2.109 3683 <-> 173.25.73.202 5768 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:19.586667 0.000000 udp 10.0.2.109 3683 -> 85.189.224.126 6018 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:21:27.555390 3.002017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 05:21:34.562595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:21:38.449377 0.063130 tcp 10.0.2.109 54684 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:21:38.512383 0.053554 tcp 10.0.2.109 54685 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:21:38.566246 0.159460 tcp 10.0.2.109 54686 -> 195.113.214.211 443 SRPA* 0 0 43 23406 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:21:38.726392 0.054603 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:38.781433 0.197737 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:38.979605 0.057876 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:39.037881 0.199584 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:39.237867 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:21:42.564254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:21:57.257265 0.053485 tcp 10.0.2.109 54687 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:21:57.311034 0.053124 tcp 10.0.2.109 54688 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:21:57.364006 0.151421 tcp 10.0.2.109 54689 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:21:57.515728 0.461176 udp 10.0.2.109 3683 <-> 117.196.43.39 8244 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:57.977315 0.202601 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:58.180319 0.163488 udp 10.0.2.109 3683 <-> 49.204.155.148 6413 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:58.344212 0.162560 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:58.507199 0.056181 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:58.563723 0.385375 udp 10.0.2.109 3683 <-> 14.97.119.14 7779 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:58.567558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:21:58.949550 0.235343 udp 10.0.2.109 3683 <-> 213.123.248.98 8134 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:21:59.185235 0.000000 udp 10.0.2.109 3683 -> 24.133.153.242 3636 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:22:18.096151 0.051590 tcp 10.0.2.109 54690 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:22:18.148055 0.054255 tcp 10.0.2.109 54691 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:22:18.202627 0.144016 tcp 10.0.2.109 54692 -> 195.113.214.211 443 SRPA* 0 0 41 23260 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:22:18.347369 0.154633 udp 10.0.2.109 3683 <-> 66.186.103.50 6545 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:22:18.502382 0.246911 udp 10.0.2.109 3683 <-> 117.201.233.72 8708 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:22:18.749647 0.039749 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:22:30.573823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:28:34.579889 3.001036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 05:28:41.587142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:28:49.588201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:29:05.591290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:29:37.597468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:35:41.604322 3.000743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 05:35:48.610641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:35:56.612210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:36:12.615241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:36:44.621257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:42:48.627363 3.001710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 05:42:55.634978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:43:03.636351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:43:19.639683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:43:51.645466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:49:55.652176 3.000744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 05:50:02.678482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:50:07.486331 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 05:50:07.486432 0.980492 tcp 10.0.2.109 54693 -> 95.104.50.9 3421 FSPA* 0 0 16 1670 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:50:10.680666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:50:26.683577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:50:58.689651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:52:23.351478 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 05:52:23.351645 0.088306 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:52:23.440356 0.000000 udp 10.0.2.109 3683 -> 183.23.143.36 1354 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:52:39.386216 0.054319 tcp 10.0.2.109 54694 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:52:39.440833 0.053644 tcp 10.0.2.109 54695 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:52:39.494783 0.168507 tcp 10.0.2.109 54696 -> 195.113.214.211 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:52:39.663864 0.067508 udp 10.0.2.109 3683 <-> 85.189.224.126 6018 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:52:39.731768 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:52:58.201709 0.052077 tcp 10.0.2.109 54697 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:52:58.254293 0.056857 tcp 10.0.2.109 54698 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:52:58.311460 0.155710 tcp 10.0.2.109 54699 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:52:58.467962 0.516911 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:52:58.985292 0.286724 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:52:59.272454 0.527923 udp 10.0.2.109 3683 <-> 59.115.50.4 2346 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:52:59.800782 0.164176 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:52:59.965371 0.549410 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:00.515172 0.372120 udp 10.0.2.109 3683 <-> 190.204.17.28 5879 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:00.887692 0.146695 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:01.034815 0.052394 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:01.087557 0.179971 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:01.267885 0.056752 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:01.325026 0.176764 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:01.502151 0.192135 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:01.694640 0.435142 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:02.130366 0.000000 udp 10.0.2.109 3683 -> 218.145.118.4 6830 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:53:19.492725 0.056147 tcp 10.0.2.109 54700 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:53:19.549211 0.064185 tcp 10.0.2.109 54701 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:53:19.613708 0.632397 tcp 10.0.2.109 54702 -> 195.113.214.211 443 SRPA* 0 0 32 24705 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:53:20.246637 0.083036 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:20.330112 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:53:38.970682 0.052796 tcp 10.0.2.109 54703 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:53:39.023763 0.053501 tcp 10.0.2.109 54704 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:53:39.077562 0.409922 tcp 10.0.2.109 54705 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:53:39.488140 0.053463 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:39.541937 4.087556 udp 10.0.2.109 3683 <-> 99.233.251.108 8768 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:43.629931 0.449842 udp 10.0.2.109 3683 <-> 14.97.216.185 3969 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:44.080099 0.046670 udp 10.0.2.109 3683 <-> 87.153.124.250 4545 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:44.127165 0.064677 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:44.192238 0.098365 udp 10.0.2.109 3683 <-> 80.149.38.177 4378 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:44.291012 0.046924 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:44.338363 0.052535 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:44.391269 0.211235 udp 10.0.2.109 3683 <-> 173.25.73.202 5768 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:44.602924 0.055711 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:44.659002 0.193396 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:44.852749 0.199647 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:45.052838 0.055862 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:45.109105 0.200616 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:53:45.310111 0.000000 udp 10.0.2.109 3683 -> 49.204.155.148 6413 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 05:54:04.276824 0.053211 tcp 10.0.2.109 54706 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:54:04.330305 0.061175 tcp 10.0.2.109 54707 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:54:04.391844 0.391513 tcp 10.0.2.109 54708 -> 195.113.214.211 443 SRPA* 0 0 44 31272 flow=From-Botnet-V1-TCP-Established 1970/01/15 05:54:04.784024 0.156238 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:54:04.940606 0.055152 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:54:04.996132 0.451330 udp 10.0.2.109 3683 <-> 14.97.119.14 7779 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:54:05.447918 0.217138 udp 10.0.2.109 3683 <-> 117.196.43.39 8244 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:54:05.665473 0.123285 udp 10.0.2.109 3683 <-> 213.123.248.98 8134 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:54:05.789169 0.044036 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:54:05.833615 0.154963 udp 10.0.2.109 3683 <-> 66.186.103.50 6545 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:54:05.988996 0.318079 udp 10.0.2.109 3683 <-> 117.201.233.72 8708 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/15 05:57:02.695597 3.001534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 05:57:09.703154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:57:17.704063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:57:33.707538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 05:58:05.713286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:04:09.720218 3.000605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 06:04:16.726644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:04:24.728144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:04:40.731074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:05:12.737574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:11:16.743241 3.101865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 06:11:23.851179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:11:31.852648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:11:47.855319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:12:19.861311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:18:23.868105 3.000751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 06:18:30.874981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:18:38.876235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:18:54.879328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:19:26.885437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:20:08.505813 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 06:20:08.505912 3.003692 tcp 10.0.2.109 54709 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 06:20:17.508072 0.000000 tcp 10.0.2.109 54709 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 06:20:23.508278 0.118630 tcp 10.0.2.109 54710 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:20:23.627293 0.082879 tcp 10.0.2.109 54711 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:20:23.710510 0.167606 tcp 10.0.2.109 54712 -> 195.113.214.211 443 SRPA* 0 0 61 49301 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:20:23.959145 3.002731 tcp 10.0.2.109 54713 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 06:20:32.960134 0.000000 tcp 10.0.2.109 54713 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 06:20:38.959742 0.053045 tcp 10.0.2.109 54714 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:20:39.013080 0.052728 tcp 10.0.2.109 54715 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:20:39.066231 0.154690 tcp 10.0.2.109 54716 -> 195.113.214.211 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:20:39.537416 0.603425 tcp 10.0.2.109 54717 -> 176.73.169.112 1959 FSPA* 0 0 15 1745 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:21:11.672868 0.000166 tcp 10.0.2.109 54709 -> 95.104.50.9 3421 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:24:30.081752 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 06:24:30.081993 0.336323 udp 10.0.2.109 3683 <-> 218.145.118.4 6830 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:24:30.418743 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 90 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:24:45.975934 0.054257 tcp 10.0.2.109 54718 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:24:46.030529 0.053412 tcp 10.0.2.109 54719 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:24:46.084267 0.151474 tcp 10.0.2.109 54720 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:24:46.235421 0.000000 udp 10.0.2.109 3683 -> 49.204.155.148 6413 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:25:04.651832 0.058954 tcp 10.0.2.109 54721 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:04.711045 0.063102 tcp 10.0.2.109 54722 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:04.774391 0.144343 tcp 10.0.2.109 54723 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:04.919178 0.087497 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:05.007085 0.295971 udp 10.0.2.109 3683 <-> 85.189.224.126 6018 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:05.303457 0.994628 udp 10.0.2.109 3683 <-> 59.115.50.4 2346 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:06.298527 0.000000 udp 10.0.2.109 3683 -> 125.113.191.17 5674 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:25:23.718875 0.059612 tcp 10.0.2.109 54724 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:23.778765 0.053438 tcp 10.0.2.109 54725 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:23.832560 0.161080 tcp 10.0.2.109 54726 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:23.994002 0.000000 udp 10.0.2.109 3683 -> 24.133.153.242 3636 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:25:30.891796 3.001688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 06:25:37.898824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:25:41.074233 0.056731 tcp 10.0.2.109 54727 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:41.131312 0.053176 tcp 10.0.2.109 54728 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:41.184337 0.156469 tcp 10.0.2.109 54729 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:41.341303 0.158046 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:41.499783 0.260517 udp 10.0.2.109 3683 <-> 190.204.17.28 5879 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:41.760693 0.143398 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:41.904568 0.187308 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:42.092281 0.191022 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:42.283709 0.054989 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:42.339107 0.185017 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:42.524551 0.151519 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:42.676423 0.051688 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:42.728497 0.402815 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:43.131759 0.092266 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:43.224469 0.054714 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:43.279618 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:25:45.900055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:25:58.429537 0.052022 tcp 10.0.2.109 54730 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:58.481846 0.060698 tcp 10.0.2.109 54731 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:58.542849 0.144834 tcp 10.0.2.109 54732 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:25:58.688312 0.041379 udp 10.0.2.109 3683 <-> 87.153.124.250 4545 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:58.730112 0.067843 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:58.798384 0.100182 udp 10.0.2.109 3683 <-> 80.149.38.177 4378 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:58.898912 0.269217 udp 10.0.2.109 3683 <-> 14.97.216.185 3969 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:59.168534 0.056185 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:25:59.225014 0.000000 udp 10.0.2.109 3683 -> 173.25.73.202 5768 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:26:01.903117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:26:14.291846 0.052842 tcp 10.0.2.109 54733 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:26:14.344905 0.054268 tcp 10.0.2.109 54734 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:26:14.399437 0.148608 tcp 10.0.2.109 54735 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:26:14.548681 0.060289 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:14.609372 0.182820 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:14.792759 0.042469 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:14.835580 0.197600 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:15.033646 0.186186 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:15.220228 0.055783 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:15.276435 0.162906 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:15.439745 0.423882 udp 10.0.2.109 3683 <-> 14.97.119.14 7779 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:15.864027 0.246372 udp 10.0.2.109 3683 <-> 117.196.43.39 8244 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:16.110763 0.182387 udp 10.0.2.109 3683 <-> 213.123.248.98 8134 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:16.293536 0.044233 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:16.338296 0.056394 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:26:16.395057 0.000000 udp 10.0.2.109 3683 -> 66.186.103.50 6545 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:26:33.909308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:26:34.470820 0.051815 tcp 10.0.2.109 54736 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:26:34.522890 0.054233 tcp 10.0.2.109 54737 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:26:34.577406 0.167735 tcp 10.0.2.109 54738 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:26:34.745666 0.225755 udp 10.0.2.109 3683 <-> 117.201.233.72 8708 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:32:37.915010 3.001971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 06:32:44.922716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:32:52.924570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:33:08.927404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:33:40.933415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:39:44.939987 3.001089 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 06:39:51.946594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:39:59.948448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:40:15.950907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:40:47.957289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:46:51.964109 3.031209 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 06:46:59.111266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:47:07.112625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:47:23.115248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:47:55.121755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:50:40.198941 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 06:50:40.199041 0.439591 tcp 10.0.2.109 54739 -> 176.73.169.112 1959 FSPA* 0 0 15 1578 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:53:59.127026 3.002247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 06:54:06.134677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:54:14.136354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:54:30.139161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:55:02.145085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 06:56:58.352843 0.000162 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 06:56:58.353106 0.000000 udp 10.0.2.109 3683 -> 24.133.153.242 3636 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:57:14.067441 0.054278 tcp 10.0.2.109 54740 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:57:14.122052 0.053718 tcp 10.0.2.109 54741 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:57:14.176089 0.155588 tcp 10.0.2.109 54742 -> 195.113.214.211 443 SRPA* 0 0 44 28514 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:57:14.332424 0.295321 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:57:14.628127 0.000000 udp 10.0.2.109 3683 -> 99.233.251.108 8768 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:57:31.541326 0.074623 tcp 10.0.2.109 54743 -> 195.113.214.219 80 FSPA* 0 0 10 1535 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:57:31.616230 0.052789 tcp 10.0.2.109 54744 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:57:31.669329 0.152652 tcp 10.0.2.109 54745 -> 195.113.214.211 443 SRPA* 0 0 35 17960 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:57:31.822631 0.000000 udp 10.0.2.109 3683 -> 173.25.73.202 5768 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:57:49.176236 0.051649 tcp 10.0.2.109 54746 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:57:49.228181 0.053390 tcp 10.0.2.109 54747 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:57:49.281932 0.172724 tcp 10.0.2.109 54748 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:57:49.455926 0.000000 udp 10.0.2.109 3683 -> 66.186.103.50 6545 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:58:07.783365 0.052195 tcp 10.0.2.109 54749 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:58:07.835810 0.053357 tcp 10.0.2.109 54750 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:58:07.889469 0.140146 tcp 10.0.2.109 54751 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:58:08.030161 0.000000 udp 10.0.2.109 3683 -> 218.145.118.4 6830 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:58:25.578627 0.052768 tcp 10.0.2.109 54752 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:58:25.631730 0.052408 tcp 10.0.2.109 54753 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:58:25.684410 0.150094 tcp 10.0.2.109 54754 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:58:25.835093 0.083500 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:58:25.918974 0.324584 udp 10.0.2.109 3683 <-> 85.189.224.126 6018 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:58:26.243952 0.000000 udp 10.0.2.109 3683 -> 59.115.50.4 2346 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:58:43.424310 0.054756 tcp 10.0.2.109 54755 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:58:43.479343 0.053228 tcp 10.0.2.109 54756 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:58:43.532805 0.158237 tcp 10.0.2.109 54757 -> 195.113.214.211 443 SRPA* 0 0 54 37654 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:58:43.691815 0.000000 udp 10.0.2.109 3683 -> 190.204.17.28 5879 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:59:01.139751 0.055971 tcp 10.0.2.109 54758 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:01.195981 0.054047 tcp 10.0.2.109 54759 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:01.250358 0.147175 tcp 10.0.2.109 54760 -> 195.113.214.211 443 SRPA* 0 0 41 23490 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:01.397772 0.143435 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:01.541628 0.157977 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:01.700324 0.054684 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:01.755431 0.185747 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:01.941576 0.057868 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:01.999815 0.190860 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:02.191008 0.181441 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:02.372774 0.161388 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:02.534525 0.395764 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:02.930711 0.000000 udp 10.0.2.109 3683 -> 82.152.144.139 2641 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:59:21.839259 0.055709 tcp 10.0.2.109 54761 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:21.895297 0.052340 tcp 10.0.2.109 54762 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:21.947899 0.148087 tcp 10.0.2.109 54763 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:22.096588 0.046608 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:22.143634 0.071105 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:22.215136 0.040195 udp 10.0.2.109 3683 <-> 87.153.124.250 4545 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:22.255684 0.095703 udp 10.0.2.109 3683 <-> 80.149.38.177 4378 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:22.351907 0.261964 udp 10.0.2.109 3683 <-> 14.97.216.185 3969 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:22.614438 0.052833 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:22.667617 0.057781 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:22.725777 0.187948 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:22.914311 0.029907 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:22.944583 0.060115 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:23.005046 0.157872 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:23.163278 0.000000 udp 10.0.2.109 3683 -> 14.97.119.14 7779 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:59:40.336364 0.054962 tcp 10.0.2.109 54764 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:40.391682 0.054090 tcp 10.0.2.109 54765 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:40.446265 0.154511 tcp 10.0.2.109 54766 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:40.601146 0.182838 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:40.784340 0.196013 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:40.980709 0.054405 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/15 06:59:41.035513 0.000000 udp 10.0.2.109 3683 -> 117.196.43.39 8244 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 06:59:59.833680 0.052664 tcp 10.0.2.109 54767 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:59.886625 0.058920 tcp 10.0.2.109 54768 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 06:59:59.945865 0.150908 tcp 10.0.2.109 54769 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:00:00.097441 0.836292 udp 10.0.2.109 3683 <-> 213.123.248.98 8134 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:00:00.934085 0.039926 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:00:00.974462 0.234163 udp 10.0.2.109 3683 <-> 117.201.233.72 8708 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:01:06.151837 3.001287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 07:01:13.158803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:01:21.160057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:01:37.163415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:02:09.169255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:08:13.175001 3.001972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 07:08:20.183156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:08:28.184580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:08:44.187470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:09:16.193557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:15:20.199799 3.001357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 07:15:27.227107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:15:35.228115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:15:51.231558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:16:23.237605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:20:40.638610 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 07:20:40.638716 0.484421 tcp 10.0.2.109 54770 -> 176.73.169.112 1959 FSPA* 0 0 15 1558 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:22:27.243893 3.001023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 07:22:34.250415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:22:42.252575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:22:58.255594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:23:30.261049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:29:34.268259 3.000484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 07:29:41.274818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:29:49.275870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:30:02.255565 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 07:30:02.255823 1.664817 udp 10.0.2.109 3683 -> 218.145.118.4 6830 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 07:30:03.920640 0.000000 icmp 121.138.228.250 0x0103 -> 10.0.2.109 0xda91 URH 192 1 290 flow=Background 1970/01/15 07:30:05.279619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:30:19.882294 0.053781 tcp 10.0.2.109 54771 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:30:19.936358 0.063425 tcp 10.0.2.109 54772 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:30:20.000078 0.151939 tcp 10.0.2.109 54773 -> 195.113.214.211 443 SRPA* 0 0 74 52366 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:30:20.150596 0.000000 udp 10.0.2.109 3683 -> 59.115.50.4 2346 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 07:30:36.905396 0.056124 tcp 10.0.2.109 54774 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:30:36.961832 0.112410 tcp 10.0.2.109 54775 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:30:37.074581 0.151895 tcp 10.0.2.109 54776 -> 195.113.214.211 443 SRPA* 0 0 32 14292 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:30:37.226805 0.000000 udp 10.0.2.109 3683 -> 190.204.17.28 5879 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 07:30:37.285279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:30:54.530495 0.052470 tcp 10.0.2.109 54777 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:30:54.583269 0.054538 tcp 10.0.2.109 54778 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:30:54.638171 0.145870 tcp 10.0.2.109 54779 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:30:54.784575 0.080073 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:30:54.865005 0.000000 udp 10.0.2.109 3683 -> 14.97.119.14 7779 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 07:31:11.986204 0.052429 tcp 10.0.2.109 54780 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:31:12.038926 0.054954 tcp 10.0.2.109 54781 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:31:12.094240 0.153192 tcp 10.0.2.109 54782 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:31:12.246530 0.000000 udp 10.0.2.109 3683 -> 117.196.43.39 8244 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 07:31:29.961651 0.052393 tcp 10.0.2.109 54783 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:31:30.014412 0.053116 tcp 10.0.2.109 54784 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:31:30.067873 0.155381 tcp 10.0.2.109 54785 -> 195.113.214.211 443 SRPA* 0 0 35 18782 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:31:30.224004 0.320590 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:30.545025 0.092541 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:30.637993 0.000000 udp 10.0.2.109 3683 -> 85.189.224.126 6018 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 07:31:46.064580 0.052636 tcp 10.0.2.109 54786 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:31:46.117067 0.053287 tcp 10.0.2.109 54787 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:31:46.170640 0.152413 tcp 10.0.2.109 54788 -> 195.113.214.211 443 SRPA* 0 0 35 26670 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:31:46.323691 0.188217 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:46.512322 0.053406 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:46.566251 0.161224 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:46.727817 0.143078 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:46.871301 0.058878 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:46.930540 0.191767 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:47.122727 0.179185 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:47.302379 0.151131 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:47.453911 0.392049 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:47.846392 0.042009 udp 10.0.2.109 3683 <-> 87.153.124.250 4545 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:31:47.888771 0.000000 udp 10.0.2.109 3683 -> 80.149.38.177 4378 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 07:32:03.299752 0.051292 tcp 10.0.2.109 54789 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:32:03.351325 0.053892 tcp 10.0.2.109 54790 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:32:03.405587 0.153452 tcp 10.0.2.109 54791 -> 195.113.214.211 443 SRPA* 0 0 27 11834 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:32:03.559708 0.258729 udp 10.0.2.109 3683 <-> 14.97.216.185 3969 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:03.818848 0.054620 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:03.873849 0.054527 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:03.928719 0.183517 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:04.112644 0.029482 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:04.142568 0.062409 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:04.205325 0.055103 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:04.260818 0.071975 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:04.333234 0.159003 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:04.492603 0.198597 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:04.691672 0.186967 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:04.879004 0.056884 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:04.936277 0.488961 udp 10.0.2.109 3683 <-> 213.123.248.98 8134 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:05.425591 0.044417 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:32:05.470400 0.235043 udp 10.0.2.109 3683 <-> 117.201.233.72 8708 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/15 07:36:41.292068 3.010623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 07:36:48.308590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:36:56.310305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:37:12.313157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:37:44.319133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:43:48.324774 3.002436 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 07:43:55.332728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:44:03.333946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:44:19.337401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:44:51.343258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:50:41.126595 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 07:50:41.126702 0.450350 tcp 10.0.2.109 54792 -> 176.73.169.112 1959 FSPA* 0 0 14 1693 flow=From-Botnet-V1-TCP-Established 1970/01/15 07:50:55.349198 3.002028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 07:51:02.356571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:51:10.358011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:51:26.361018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:51:58.367339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:58:02.373722 3.001152 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 07:58:09.380723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:58:17.381995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:58:33.385339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 07:59:05.390940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:02:17.488503 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 08:02:17.488650 0.000000 udp 10.0.2.109 3683 -> 85.189.224.126 6018 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 08:02:36.386497 0.053629 tcp 10.0.2.109 54793 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:02:36.439973 0.053510 tcp 10.0.2.109 54794 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:02:36.493740 0.145180 tcp 10.0.2.109 54795 -> 195.113.214.211 443 SRPA* 0 0 31 21428 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:02:36.639573 0.000000 udp 10.0.2.109 3683 -> 80.149.38.177 4378 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 08:02:52.408380 0.052683 tcp 10.0.2.109 54796 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:02:52.461484 0.057299 tcp 10.0.2.109 54797 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:02:52.519104 0.156398 tcp 10.0.2.109 54798 -> 195.113.214.211 443 SRPA* 0 0 35 27290 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:02:52.676071 0.000000 udp 10.0.2.109 3683 -> 82.152.144.139 2641 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 08:03:11.035063 0.052461 tcp 10.0.2.109 54799 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:03:11.087874 0.032103 tcp 10.0.2.109 54800 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:03:11.120293 0.150761 tcp 10.0.2.109 54801 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:03:11.271282 0.091796 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:11.363471 0.377711 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:11.741599 0.158943 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:11.900967 0.052481 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:11.953794 0.190051 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:12.144254 0.054228 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:12.198921 0.144129 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:12.343452 0.302249 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:12.646124 0.042090 udp 10.0.2.109 3683 <-> 87.153.124.250 4545 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:12.688555 0.191646 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:12.880597 0.180994 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:13.061936 0.154471 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:13.216818 0.000000 udp 10.0.2.109 3683 -> 14.97.216.185 3969 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 08:03:31.193800 0.053767 tcp 10.0.2.109 54802 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:03:31.247839 0.053224 tcp 10.0.2.109 54803 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:03:31.301430 0.148873 tcp 10.0.2.109 54804 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:03:31.450963 0.054648 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:31.506007 0.056388 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:31.562736 0.189537 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:31.752703 0.030839 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:31.783862 0.054819 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:31.839098 0.054051 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:31.893500 0.067473 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:31.961350 0.159387 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:32.121227 0.215817 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:32.337463 0.186329 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:32.524208 0.061388 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:32.585949 0.234924 udp 10.0.2.109 3683 <-> 117.201.233.72 8708 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:32.821335 0.466750 udp 10.0.2.109 3683 <-> 213.123.248.98 8134 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:03:33.288503 0.044327 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:05:09.397647 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 08:05:16.404218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:05:24.406126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:05:40.409344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:06:12.414768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:12:16.421617 3.000920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 08:12:23.438228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:12:31.439881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:12:47.443464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:13:19.449354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:19:23.455756 3.001238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 08:19:30.462358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:19:38.463679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:19:54.467039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:20:26.623237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:20:41.645834 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 08:20:41.645933 0.729613 tcp 10.0.2.109 54805 -> 176.73.169.112 1959 FSPA* 0 0 15 1589 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:26:30.629385 3.001552 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 08:26:37.636648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:26:45.638029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:27:01.641380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:27:33.647558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:33:37.653416 3.001136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 08:33:44.660827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:33:52.602902 0.000126 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 08:33:52.603130 0.000000 udp 10.0.2.109 3683 -> 82.152.144.139 2641 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 08:33:52.662648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:34:08.665238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:34:08.707227 0.052684 tcp 10.0.2.109 54806 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:34:08.760175 0.053149 tcp 10.0.2.109 54807 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:34:08.813595 0.154839 tcp 10.0.2.109 54808 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:34:08.968951 0.000000 udp 10.0.2.109 3683 -> 14.97.216.185 3969 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 08:34:24.618707 0.053065 tcp 10.0.2.109 54809 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:34:24.672048 0.053881 tcp 10.0.2.109 54810 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:34:24.726401 0.156704 tcp 10.0.2.109 54811 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:34:24.883793 0.052612 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:24.936765 0.083475 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:25.020662 0.387284 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:25.408309 0.157390 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:25.566265 0.057120 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:25.623775 0.184956 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:25.809145 0.298891 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:26.108442 0.040323 udp 10.0.2.109 3683 <-> 87.153.124.250 4545 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:26.149154 0.193095 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:26.342644 0.181391 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:26.524435 0.140767 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:26.665602 0.148643 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:26.814648 0.054745 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:26.869789 0.055573 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:26.925733 0.185385 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:27.111519 0.030360 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:27.142244 0.057073 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:27.199780 0.053979 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:27.254166 0.073022 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:27.327588 0.199737 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:27.527763 0.057290 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:27.585467 0.000000 udp 10.0.2.109 3683 -> 117.201.233.72 8708 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 08:34:40.671098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:34:46.310009 0.051495 tcp 10.0.2.109 54812 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:34:46.361784 0.052528 tcp 10.0.2.109 54813 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:34:46.414601 0.154424 tcp 10.0.2.109 54814 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:34:46.569265 0.161563 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:46.731209 0.206837 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:34:46.938546 0.000000 udp 10.0.2.109 3683 -> 213.123.248.98 8134 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 08:35:04.546790 0.053452 tcp 10.0.2.109 54815 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:35:04.600100 0.053834 tcp 10.0.2.109 54816 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:35:04.654247 0.153666 tcp 10.0.2.109 54817 -> 195.113.214.211 443 SRPA* 0 0 42 35858 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:35:04.808571 0.039976 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/15 08:40:44.677928 3.121063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 08:40:51.804663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:40:59.806082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:41:15.809497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:41:47.815310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:47:51.821642 3.001567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 08:47:58.828965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:48:06.829997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:48:22.833229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:48:54.839566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:50:42.424411 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 08:50:42.424512 0.474174 tcp 10.0.2.109 54818 -> 176.73.169.112 1959 FSPA* 0 0 15 1784 flow=From-Botnet-V1-TCP-Established 1970/01/15 08:54:58.846533 3.000241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 08:55:05.852669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:55:13.854249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:55:29.857010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 08:56:01.862974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:02:05.869880 3.000955 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 09:02:12.876343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:02:20.877996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:02:36.881533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:03:08.887156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:05:22.820421 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:05:22.820512 0.000000 udp 10.0.2.109 3683 -> 117.201.233.72 8708 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:05:41.779120 0.053742 tcp 10.0.2.109 54819 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:05:41.833214 0.054091 tcp 10.0.2.109 54820 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:05:41.887631 0.153615 tcp 10.0.2.109 54821 -> 195.113.214.211 443 SRPA* 0 0 41 21414 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:05:42.041466 0.077942 udp 10.0.2.109 3683 <-> 213.123.248.98 8134 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:42.119812 0.053539 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:42.173760 0.092054 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:42.266272 0.185496 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:42.452180 0.392630 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:42.845218 0.160578 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:43.006199 0.053838 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:43.060455 0.303383 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:43.364283 0.144951 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:43.509595 0.150840 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:43.660799 0.053970 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:43.715199 0.055303 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:43.770856 0.181000 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:05:43.952257 0.000000 udp 10.0.2.109 3683 -> 87.153.124.250 4545 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:06:02.397603 0.052689 tcp 10.0.2.109 54822 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:06:02.450528 0.059402 tcp 10.0.2.109 54823 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:06:02.510239 0.148694 tcp 10.0.2.109 54824 -> 195.113.214.211 443 SRPA* 0 0 45 34814 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:06:02.659839 0.190523 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:02.850783 0.059907 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:02.911107 0.055796 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:02.967323 0.064863 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:03.032562 0.199473 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:03.232467 0.056159 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:03.289018 0.029972 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:03.319299 0.182493 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:03.502217 0.201463 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:03.704100 0.153000 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:06:03.857478 0.044377 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:09:12.893095 3.002130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 09:09:19.900851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:09:27.902085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:09:43.905110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:10:15.911122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:16:19.917787 3.000797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 09:16:26.924533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:16:34.925907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:16:50.929238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:17:22.935351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:20:42.903086 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:20:42.903275 0.538697 tcp 10.0.2.109 54825 -> 176.73.169.112 1959 FSPA* 0 0 15 1574 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:23:26.941458 3.001699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 09:23:33.948805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:23:41.949784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:23:57.952753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:24:29.958927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:30:33.964574 3.002437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 09:30:40.972773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:30:48.973753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:31:04.977149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:31:36.982754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:36:25.117790 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:36:25.117893 0.000000 udp 10.0.2.109 3683 -> 87.153.124.250 4545 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:36:42.825394 0.069282 tcp 10.0.2.109 54826 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:36:42.894948 0.041553 tcp 10.0.2.109 54827 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:36:42.936857 0.132437 tcp 10.0.2.109 54828 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:36:43.069871 0.094906 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:36:43.165214 0.185009 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:36:43.350572 0.430542 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:36:43.781527 0.157359 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:36:43.939300 0.057559 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:36:43.997272 0.000000 udp 10.0.2.109 3683 -> 213.123.248.98 8134 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:37:00.849281 0.069431 tcp 10.0.2.109 54829 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:37:00.918987 0.031449 tcp 10.0.2.109 54830 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:37:00.950748 0.132898 tcp 10.0.2.109 54831 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:37:01.084233 0.052799 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:01.137379 0.149504 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:01.287307 0.055743 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:01.343415 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:37:20.307675 0.031338 tcp 10.0.2.109 54832 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:37:20.339272 0.053776 tcp 10.0.2.109 54833 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:37:20.393304 0.121544 tcp 10.0.2.109 54834 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:37:20.515448 0.174168 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:20.689969 0.299598 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:20.989906 0.143690 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:21.133941 0.059487 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:21.193890 0.068156 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:21.262432 0.192126 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:21.454920 0.060490 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:21.515886 0.214788 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:21.731058 0.064226 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:21.795721 0.031374 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:21.827550 0.000000 udp 10.0.2.109 3683 -> 123.237.23.0 1902 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:37:39.144407 0.052593 tcp 10.0.2.109 54835 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:37:39.197320 0.053325 tcp 10.0.2.109 54836 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:37:39.250925 0.153733 tcp 10.0.2.109 54837 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:37:39.405154 0.208562 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:39.614067 0.160869 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:39.775302 0.040073 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:39.828371 0.000000 udp 10.0.2.109 3683 -> 213.123.248.98 8134 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:37:40.989272 3.001626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 09:37:45.473332 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 REQ 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:37:47.996604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:37:52.943862 0.000000 udp 10.0.2.109 3683 -> 123.237.23.0 1902 REQ 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:37:55.997776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:37:59.703437 0.055134 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 848 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:59.759156 0.158079 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 655 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:37:59.917701 0.092875 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 734 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:00.011116 0.395843 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 857 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:00.407499 0.184170 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 840 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:00.592134 0.152006 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:00.744607 0.052882 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 758 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:00.798229 0.054941 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 771 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:00.853655 0.300392 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 845 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:01.154523 0.174099 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 816 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:01.329308 0.143238 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 729 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:01.473039 0.193995 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:01.667574 0.054971 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 691 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:01.723111 0.199856 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:01.923496 0.066971 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 747 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:01.990921 0.512132 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 751 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:02.503623 0.072896 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 706 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:02.577129 0.042659 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:02.620347 0.160154 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:02.780988 0.040198 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 758 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:02.821802 0.291407 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:03.113897 0.000000 udp 10.0.2.109 3683 -> 151.77.51.108 4188 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:38:11.059963 0.000000 udp 10.0.2.109 3683 -> 31.189.177.233 3303 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:38:12.001150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:38:18.259972 0.057094 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:18.386805 0.000000 udp 10.0.2.109 3683 -> 95.242.41.12 9745 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:38:25.120194 0.099256 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 825 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:25.234460 0.046713 udp 10.0.2.109 3683 -> 83.97.28.139 9706 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:38:25.281173 0.000000 icmp 83.97.28.139 0x0303 -> 10.0.2.109 0xea25 URP 192 1 207 flow=Background 1970/01/15 09:38:29.726332 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:38:30.538060 0.059224 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 709 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:38:30.611460 0.000000 udp 10.0.2.109 3683 -> 91.32.124.98 6094 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:38:36.266236 0.000000 udp 10.0.2.109 3683 -> 74.223.7.75 4328 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:38:41.713992 0.000000 udp 10.0.2.109 3683 -> 201.230.138.193 4469 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:38:44.007139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:38:48.172998 0.000000 udp 10.0.2.109 3683 -> 79.39.115.64 4926 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:38:55.313357 0.000000 udp 10.0.2.109 3683 -> 77.183.117.253 3056 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:39:04.226270 0.000000 udp 10.0.2.109 3683 -> 83.20.98.155 1766 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:39:10.445179 0.000000 udp 10.0.2.109 3683 -> 71.53.108.242 2122 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:39:15.221583 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:39:19.347839 0.000000 udp 10.0.2.109 3683 -> 24.60.116.142 6739 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:39:27.960464 0.000000 udp 10.0.2.109 3683 -> 164.215.108.35 7746 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:39:35.801707 0.000000 udp 10.0.2.109 3683 -> 173.209.148.186 8105 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:39:43.903288 0.000000 udp 10.0.2.109 3683 -> 92.20.172.161 4478 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:39:50.422414 0.000000 udp 10.0.2.109 3683 -> 108.184.193.223 4491 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:39:57.132046 0.000000 udp 10.0.2.109 3683 -> 209.183.16.77 6354 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:40:01.728548 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:40:04.753166 0.000000 udp 10.0.2.109 3683 -> 46.197.185.32 2950 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:40:12.243881 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:40:18.793219 0.000000 udp 10.0.2.109 3683 -> 50.20.182.29 3684 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:40:25.193098 0.000000 udp 10.0.2.109 3683 -> 82.106.29.170 5906 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:40:32.532965 0.000000 udp 10.0.2.109 3683 -> 190.51.188.186 1794 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:40:37.800878 0.000000 udp 10.0.2.109 3683 -> 2.126.125.112 9732 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:40:42.838085 0.000000 udp 10.0.2.109 3683 -> 173.3.60.198 6109 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:40:47.725169 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:40:48.636614 0.000000 udp 10.0.2.109 3683 -> 174.0.55.32 7269 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:40:54.304720 0.000000 udp 10.0.2.109 3683 -> 208.122.107.254 7175 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:41:03.017356 0.045902 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:41:03.087807 0.000000 udp 10.0.2.109 3683 -> 77.97.169.18 7272 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:41:10.758408 0.000000 udp 10.0.2.109 3683 -> 65.27.209.172 4888 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:41:17.297933 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:41:25.499307 0.000000 udp 10.0.2.109 3683 -> 84.158.131.254 5255 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:41:31.798352 0.000000 udp 10.0.2.109 3683 -> 95.15.123.65 2519 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:41:36.725362 0.000177 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:41:37.086410 0.000000 udp 10.0.2.109 3683 -> 186.6.48.166 2209 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:41:43.254846 0.000000 udp 10.0.2.109 3683 -> 86.152.75.193 4663 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:41:48.392221 0.000000 udp 10.0.2.109 3683 -> 84.148.227.81 3430 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:41:56.403874 0.000000 udp 10.0.2.109 3683 -> 151.77.30.166 1581 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:42:02.002223 0.049616 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:42:02.064773 0.000000 udp 10.0.2.109 3683 -> 67.11.214.101 2975 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:42:10.273564 0.000000 udp 10.0.2.109 3683 -> 78.171.40.166 4897 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:42:17.744402 0.000000 udp 10.0.2.109 3683 -> 78.162.158.129 4502 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:42:22.721519 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:42:22.791890 0.000000 udp 10.0.2.109 3683 -> 87.16.112.23 5463 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:42:30.933319 0.000000 udp 10.0.2.109 3683 -> 77.69.3.156 6045 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:42:37.953262 0.000000 udp 10.0.2.109 3683 -> 5.143.174.49 2068 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:42:45.434586 0.064674 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:42:45.978976 0.000000 udp 10.0.2.109 3683 -> 50.194.240.97 3346 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:42:52.995393 0.000000 udp 10.0.2.109 3683 -> 95.241.195.192 7324 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:42:59.855235 0.000000 udp 10.0.2.109 3683 -> 95.144.216.133 3044 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:43:07.756188 0.000000 udp 10.0.2.109 3683 -> 68.113.39.237 3525 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:43:12.723356 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:43:13.324529 0.139597 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:43:13.478349 0.000000 udp 10.0.2.109 3683 -> 88.117.122.15 1442 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:43:21.145406 0.341028 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 720 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:43:21.697147 0.000000 udp 10.0.2.109 3683 -> 87.22.193.31 2101 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:43:28.516132 0.000000 udp 10.0.2.109 3683 -> 79.34.158.142 1500 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:43:35.736658 0.000000 udp 10.0.2.109 3683 -> 65.103.248.89 9963 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:43:42.456286 0.000000 udp 10.0.2.109 3683 -> 70.184.180.3 6988 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:43:51.028558 0.000000 udp 10.0.2.109 3683 -> 151.229.221.226 8572 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:43:56.526831 0.000000 udp 10.0.2.109 3683 -> 71.190.72.30 9884 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:44:01.223334 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:44:02.334978 0.000000 udp 10.0.2.109 3683 -> 149.3.33.235 3650 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:44:10.987411 0.000000 udp 10.0.2.109 3683 -> 118.96.116.7 8178 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:44:17.636713 0.000000 udp 10.0.2.109 3683 -> 31.199.205.209 2936 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:44:23.155254 0.000000 udp 10.0.2.109 3683 -> 173.15.71.174 8537 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:44:29.403659 0.000000 udp 10.0.2.109 3683 -> 93.203.200.237 5601 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:44:34.871952 0.054451 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 763 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:44:35.065569 0.000000 udp 10.0.2.109 3683 -> 69.163.48.230 1367 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:44:40.379960 0.000000 udp 10.0.2.109 3683 -> 208.23.77.130 5769 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:44:48.013013 3.001747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 09:44:48.050740 0.000000 udp 10.0.2.109 3683 -> 151.26.138.138 4483 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:44:52.727377 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:44:54.940188 0.147142 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 670 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:44:55.020185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:44:55.138701 0.000000 udp 10.0.2.109 3683 -> 95.225.128.139 8521 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:45:02.771631 0.000000 udp 10.0.2.109 3683 -> 86.147.5.136 7908 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:45:03.021893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:45:10.593869 0.000000 udp 10.0.2.109 3683 -> 78.164.104.68 9293 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:45:16.070999 0.139076 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 700 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:45:16.287923 0.000000 udp 10.0.2.109 3683 -> 83.22.66.217 9147 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:45:19.024987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:45:25.173897 0.000000 udp 10.0.2.109 3683 -> 83.221.84.14 1735 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:45:33.626283 0.000000 udp 10.0.2.109 3683 -> 79.39.199.78 4301 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:45:38.222192 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:45:40.256002 0.000000 udp 10.0.2.109 3683 -> 88.233.167.10 1024 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:45:47.326064 0.000000 udp 10.0.2.109 3683 -> 27.106.30.63 9178 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:45:51.031316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:45:52.743521 0.140473 udp 10.0.2.109 3683 <-> 168.216.121.38 3665 CON 0 0 2 725 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:45:52.920318 0.054440 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 848 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:45:53.004086 0.000000 udp 10.0.2.109 3683 -> 88.235.102.17 6877 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:46:01.265746 0.000000 udp 10.0.2.109 3683 -> 178.214.89.184 7318 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:46:06.433341 0.000000 udp 10.0.2.109 3683 -> 82.15.193.127 2579 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:46:12.892263 0.000000 udp 10.0.2.109 3683 -> 81.111.246.120 9712 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:46:20.273308 0.000000 udp 10.0.2.109 3683 -> 85.154.204.41 5729 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:46:25.229918 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:46:28.364591 0.000000 udp 10.0.2.109 3683 -> 92.232.219.88 1712 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:46:37.267789 0.000000 udp 10.0.2.109 3683 -> 151.56.227.25 1095 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:46:43.316691 0.067310 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:46:43.400891 0.000000 udp 10.0.2.109 3683 -> 203.15.121.61 2078 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:46:51.738382 0.000000 udp 10.0.2.109 3683 -> 59.167.25.129 9713 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:46:57.476625 0.000000 udp 10.0.2.109 3683 -> 175.143.30.243 3228 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:47:05.047884 0.123901 udp 10.0.2.109 3683 -> 46.103.65.213 5123 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:47:05.171785 0.000000 icmp 46.103.65.213 0x0303 -> 10.0.2.109 0x0314 URP 192 1 184 flow=Background 1970/01/15 09:47:09.724341 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:47:11.417097 0.176737 udp 10.0.2.109 3683 <-> 107.222.204.217 2798 CON 0 0 2 832 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:47:11.857131 0.000000 udp 10.0.2.109 3683 -> 186.47.87.233 2825 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:47:20.399982 0.000000 udp 10.0.2.109 3683 -> 217.92.68.17 3955 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:47:27.229365 0.000000 udp 10.0.2.109 3683 -> 119.234.187.104 5726 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:47:34.740630 0.000000 udp 10.0.2.109 3683 -> 98.164.214.254 3263 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:47:40.338302 0.000000 udp 10.0.2.109 3683 -> 187.199.166.122 2832 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:47:48.149552 0.000000 udp 10.0.2.109 3683 -> 14.97.51.45 7507 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:47:56.451210 0.000000 udp 10.0.2.109 3683 -> 2.85.7.32 2179 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:48:01.227938 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:48:02.840950 0.174503 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 763 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:48:03.052850 0.000000 udp 10.0.2.109 3683 -> 117.200.81.126 5757 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:48:09.800696 0.000000 udp 10.0.2.109 3683 -> 181.55.226.193 5858 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:48:16.049841 0.000000 udp 10.0.2.109 3683 -> 78.181.131.213 1024 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:48:22.639032 0.000000 udp 10.0.2.109 3683 -> 82.82.85.239 2026 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:48:30.550330 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:48:37.159913 0.000000 udp 10.0.2.109 3683 -> 79.15.62.57 4010 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:48:43.639397 0.000000 udp 10.0.2.109 3683 -> 195.24.211.146 7072 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:48:48.226075 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:48:49.277753 0.081249 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 802 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:48:49.380866 0.000000 udp 10.0.2.109 3683 -> 95.232.65.64 9365 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:48:55.406178 0.000000 udp 10.0.2.109 3683 -> 186.55.200.147 1457 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:49:04.198922 0.000000 udp 10.0.2.109 3683 -> 95.245.162.202 2957 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:49:09.917067 0.355472 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 716 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:49:10.399351 0.000000 udp 10.0.2.109 3683 -> 173.3.220.240 3117 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:49:17.888697 0.000000 udp 10.0.2.109 3683 -> 60.240.129.130 8726 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:49:25.008609 0.000000 udp 10.0.2.109 3683 -> 216.196.133.90 7833 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:49:30.586860 0.000000 udp 10.0.2.109 3683 -> 219.74.118.238 8464 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:49:35.222954 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:49:36.555790 0.092908 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:49:36.725732 0.323676 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:49:37.057908 0.000000 udp 10.0.2.109 3683 -> 186.213.21.116 5441 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:49:43.154985 0.337475 udp 10.0.2.109 3683 <-> 14.120.92.51 6763 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/15 09:49:43.665670 0.000000 udp 10.0.2.109 3683 -> 31.112.9.171 6466 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:49:50.175324 0.000000 udp 10.0.2.109 3683 -> 217.41.61.136 4129 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:49:56.894895 0.000000 udp 10.0.2.109 3683 -> 207.8.253.50 8056 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:50:05.637247 0.000000 udp 10.0.2.109 3683 -> 85.124.198.201 8825 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 09:50:43.441964 0.000205 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 09:50:43.442267 0.681946 tcp 10.0.2.109 54838 -> 176.73.169.112 1959 FSPA* 0 0 15 1557 flow=From-Botnet-V1-TCP-Established 1970/01/15 09:51:55.036929 3.001834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 09:52:02.044081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:52:10.045592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:52:26.048915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:52:58.055051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:59:02.060552 3.002329 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 09:59:09.068728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:59:17.069724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 09:59:33.073248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:00:05.078948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:06:09.084420 3.002395 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 10:06:16.092184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:06:24.094056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:06:40.096832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:07:12.102883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:13:16.109074 3.362348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 10:13:23.477175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:13:31.478044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:13:47.481640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:14:19.487603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:20:23.492896 3.052302 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 10:20:30.381431 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 10:20:30.381540 0.160185 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:30.542152 0.088096 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:30.550659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:20:30.630671 0.056799 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:30.687815 0.147544 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:30.835944 0.053213 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:30.889595 0.070626 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:30.960588 0.390358 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:31.351409 0.184600 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:31.536415 0.191250 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:31.728034 0.058210 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:31.786592 0.186263 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:31.973314 0.087163 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:31.973771 4.946340 tcp 10.0.2.109 54839 -> 116.58.61.124 2758 SPA_* 0 0 307 219611 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:20:32.060865 0.302168 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:32.363374 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 10:20:37.064601 4.961233 tcp 10.0.2.109 54839 -> 116.58.61.124 2758 A_PA 0 0 369 243158 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:20:38.552136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:20:42.076374 1.228980 tcp 10.0.2.109 54839 -> 116.58.61.124 2758 FPA_* 0 0 74 41937 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:20:44.321425 0.542277 tcp 10.0.2.109 54840 -> 176.73.169.112 1959 FSPA* 0 0 14 1517 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:20:51.232753 0.056077 tcp 10.0.2.109 54841 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:20:51.289114 0.060486 tcp 10.0.2.109 54842 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:20:51.349898 0.149911 tcp 10.0.2.109 54843 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:20:51.500357 0.140698 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:51.641443 0.066644 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:51.708500 0.054455 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:51.763356 0.160091 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:51.923889 0.044325 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:51.968575 0.030306 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:51.999227 0.210244 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:52.209838 0.072260 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:52.282486 0.095727 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:52.378582 0.056351 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:52.435355 0.049428 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:52.485125 0.041301 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:52.526815 0.065645 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:52.592985 0.167720 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:52.761065 0.365614 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:53.127080 0.062632 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:53.190259 0.144873 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:53.335523 0.127813 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:53.463770 0.140084 udp 10.0.2.109 3683 <-> 168.216.121.38 3665 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:53.604285 0.052669 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:53.657347 0.070682 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:53.728461 0.175629 udp 10.0.2.109 3683 <-> 107.222.204.217 2798 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:53.904565 0.171513 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:54.076489 0.072481 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 200 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:54.149374 0.345330 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:54.495158 0.322872 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:54.555750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:20:54.818476 0.084001 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:20:54.902874 0.371003 udp 10.0.2.109 3683 <-> 14.120.92.51 6763 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:21:26.561460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:27:30.568190 3.001035 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 10:27:37.574678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:27:45.576583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:28:01.579308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:28:33.585771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:34:37.591781 3.001248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 10:34:44.599171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:34:52.600055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:35:08.603361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:35:40.609267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:41:44.616357 3.000987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 10:41:51.622559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:41:59.624502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:42:15.626960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:42:47.633061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:48:51.639649 3.001240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 10:48:58.647007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:49:06.648156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:49:22.651098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:49:54.657082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:50:44.870370 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 10:50:44.870610 0.400962 tcp 10.0.2.109 54844 -> 176.73.169.112 1959 FSPA* 0 0 15 1722 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:51:09.765941 0.176357 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:09.942729 0.055113 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:09.998252 0.151828 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:10.150453 0.158173 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:10.308992 0.087997 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:10.397422 0.390406 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:10.788170 0.190272 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:10.978833 0.191735 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:11.170957 0.056798 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:11.228090 0.058496 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:11.287233 0.052367 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:11.340076 0.181850 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:11.522388 0.068169 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:11.590951 0.302648 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:11.893947 0.057062 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:11.951470 0.145135 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.097011 0.073340 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.170758 0.154981 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.326077 0.040202 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.366684 0.030278 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.397385 0.197132 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.594888 0.058233 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.653498 0.102466 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.756349 0.055639 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.812389 0.041246 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.854058 0.046064 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.900501 0.065386 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:12.966449 0.146956 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:13.113810 0.139967 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:13.254341 0.127782 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:13.382545 0.000000 udp 10.0.2.109 3683 -> 168.216.121.38 3665 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 10:51:32.148950 0.053358 tcp 10.0.2.109 54845 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:51:32.202597 0.053966 tcp 10.0.2.109 54846 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:51:32.256940 0.153003 tcp 10.0.2.109 54847 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:51:32.410282 0.051914 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:32.462639 0.070723 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:32.533771 0.340837 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:32.875024 0.056275 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:32.931724 0.171018 udp 10.0.2.109 3683 <-> 107.222.204.217 2798 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:33.103087 0.171388 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:33.274866 0.074651 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:33.349920 0.345268 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:33.695619 0.353273 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:34.049337 0.088357 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/15 10:51:34.138097 0.000000 udp 10.0.2.109 3683 -> 14.120.92.51 6763 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 10:51:49.242622 0.052618 tcp 10.0.2.109 54848 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:51:49.295525 0.053906 tcp 10.0.2.109 54849 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:51:49.349289 0.160347 tcp 10.0.2.109 54850 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/15 10:55:58.663920 3.001396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 10:56:05.670856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:56:13.672021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:56:29.675446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 10:57:01.681013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:03:05.688315 3.000390 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 11:03:12.694350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:03:20.696156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:03:36.699209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:04:08.705445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:10:12.710501 3.002649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 11:10:19.718854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:10:27.720426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:10:43.723621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:11:15.728979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:17:19.736239 3.000988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 11:17:26.742571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:17:34.773984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:17:50.777574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:18:22.783867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:20:45.278617 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 11:20:45.278823 0.564323 tcp 10.0.2.109 54851 -> 176.73.169.112 1959 FSPA* 0 0 15 1585 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:21:51.173121 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 11:21:51.173218 0.000000 udp 10.0.2.109 3683 -> 168.216.121.38 3665 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 11:22:07.107601 0.060606 tcp 10.0.2.109 54852 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:07.168461 0.056743 tcp 10.0.2.109 54853 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:07.225466 0.160021 tcp 10.0.2.109 54854 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:07.384490 0.000000 udp 10.0.2.109 3683 -> 14.120.92.51 6763 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 11:22:23.149747 0.030685 tcp 10.0.2.109 54855 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:23.180727 0.031027 tcp 10.0.2.109 54856 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:23.212002 0.168928 tcp 10.0.2.109 54857 -> 195.113.214.211 443 SRPA* 0 0 41 23260 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:23.381051 0.159342 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:23.540824 0.083738 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:23.624986 0.384221 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:24.009669 0.146058 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:24.156167 0.063463 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:24.220032 0.174973 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:24.395407 0.053424 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:24.449167 0.052218 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:24.501809 0.181832 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:24.684024 0.000000 udp 10.0.2.109 3683 -> 93.177.176.251 7216 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 11:22:41.726044 0.052643 tcp 10.0.2.109 54858 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:41.778923 0.059813 tcp 10.0.2.109 54859 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:41.839074 0.154922 tcp 10.0.2.109 54860 -> 195.113.214.211 443 SRPA* 0 0 22 13124 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:41.994647 0.190695 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:42.185828 0.185065 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:42.371258 0.058568 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:42.430339 0.141295 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:42.571964 0.072404 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:42.644787 0.054665 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:42.699795 0.044299 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:42.744536 0.029134 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:42.774254 0.196725 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:42.971386 0.297459 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:43.269272 0.099230 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:43.368840 0.055543 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:43.424724 0.046188 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:43.471421 0.086888 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:43.558730 0.155692 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:43.714829 0.143684 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:43.858923 0.128752 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:43.988067 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 11:22:59.542160 0.069320 tcp 10.0.2.109 54861 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:59.611752 0.041076 tcp 10.0.2.109 54862 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:59.653126 0.142438 tcp 10.0.2.109 54863 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:22:59.796144 0.045574 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:59.842096 0.139568 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:22:59.982033 0.372744 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:23:00.355158 0.053427 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:23:00.408951 0.068722 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:23:00.478076 0.175180 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:23:00.653620 0.075929 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:23:00.729904 0.345187 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:23:01.075495 0.056435 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:23:01.132259 0.000000 udp 10.0.2.109 3683 -> 107.222.204.217 2798 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 11:23:18.108832 0.054036 tcp 10.0.2.109 54864 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:23:18.163158 0.061822 tcp 10.0.2.109 54865 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:23:18.225303 0.170849 tcp 10.0.2.109 54866 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:23:18.395508 0.196802 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:23:18.592659 0.084340 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:24:26.790423 3.000292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 11:24:33.796561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:24:41.797916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:24:57.801472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:25:29.807127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:31:33.813398 3.001514 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 11:31:40.820633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:31:48.821832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:32:04.825140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:32:36.831405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:38:40.836699 3.002048 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 11:38:47.844689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:38:55.845820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:39:11.849386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:39:43.855570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:45:47.860512 3.002471 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 11:45:54.868480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:46:02.869830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:46:18.873047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:46:50.878736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:50:45.847953 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 11:50:45.848053 0.540467 tcp 10.0.2.109 54867 -> 176.73.169.112 1959 FSPA* 0 0 14 1675 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:52:54.884772 3.001630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 11:53:01.892142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:53:09.893725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:53:25.896994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:53:45.585540 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 11:53:45.585704 0.000000 udp 10.0.2.109 3683 -> 93.177.176.251 7216 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 11:53:57.903080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 11:54:02.471388 0.053620 tcp 10.0.2.109 54868 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:54:02.525240 0.054381 tcp 10.0.2.109 54869 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:54:02.579937 0.144203 tcp 10.0.2.109 54870 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:54:02.724744 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 11:54:19.494844 0.052632 tcp 10.0.2.109 54871 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:54:19.547286 0.055107 tcp 10.0.2.109 54872 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:54:19.602712 0.152577 tcp 10.0.2.109 54873 -> 195.113.214.211 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:54:19.754817 0.000000 udp 10.0.2.109 3683 -> 107.222.204.217 2798 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 11:54:35.687835 0.053038 tcp 10.0.2.109 54874 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:54:35.740725 0.062694 tcp 10.0.2.109 54875 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:54:35.803707 0.150306 tcp 10.0.2.109 54876 -> 195.113.214.211 443 SRPA* 0 0 52 30936 flow=From-Botnet-V1-TCP-Established 1970/01/15 11:54:35.954691 0.087999 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:36.043192 0.218984 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:36.262542 0.180241 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:36.443199 0.054710 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:36.498499 0.051478 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:36.550490 0.185948 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:36.736815 0.057357 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:36.794570 0.146939 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:36.941842 0.507124 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:37.449356 0.191836 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:37.641585 0.050909 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:37.692897 0.044363 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:37.737659 0.042393 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:37.781422 0.053291 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:37.835119 0.189875 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.025391 0.065658 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.091445 0.142099 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.233933 0.090751 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.325094 0.052874 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.378377 0.047040 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.425793 0.055519 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.482052 0.161467 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.643907 0.146641 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.790964 0.205910 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:38.997314 0.302091 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:39.299852 0.142588 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:39.442845 0.047866 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:39.491064 0.051527 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:39.543045 0.066228 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:39.609727 0.182426 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:39.792546 0.073250 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:39.866223 0.374431 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:40.241020 0.146401 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:40.387826 0.056214 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:40.444409 0.405793 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:40.850654 0.426561 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/15 11:54:41.277555 0.087823 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:00:01.909727 3.000919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 12:00:08.916314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:00:16.918030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:00:32.921017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:01:04.927222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:07:08.933327 3.001524 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 12:07:15.940445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:07:23.941716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:07:39.944789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:08:11.950912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:14:15.958695 3.000144 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 12:14:22.964142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:14:30.965972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:14:46.988983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:15:18.995066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:20:46.396619 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 12:20:46.396819 0.557000 tcp 10.0.2.109 54877 -> 176.73.169.112 1959 FSPA* 0 0 14 1608 flow=From-Botnet-V1-TCP-Established 1970/01/15 12:21:23.001385 3.000970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 12:21:30.008051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:21:38.010395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:21:54.012587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:22:26.018568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:24:47.482654 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 12:24:47.482766 0.178250 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:47.661457 0.054494 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:47.716354 0.052500 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:47.769264 0.182308 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:47.951947 0.057732 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:48.010107 0.092159 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:48.102698 0.156659 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:48.259719 0.152012 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:48.412173 0.388077 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:48.800661 0.191639 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:48.992640 0.053004 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.046047 0.039976 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.086528 0.032644 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.119592 0.062683 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.182638 0.190122 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.373158 0.073787 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.447330 0.141297 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.588958 0.099276 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.688646 0.055654 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.744779 0.050349 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.795465 0.056987 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:49.852858 0.154628 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:50.007926 0.142192 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:50.150573 0.200041 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:50.351019 0.297789 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:50.649246 0.137340 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:50.786920 0.045474 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:50.832721 0.151400 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:50.984553 0.079941 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:51.064883 0.173487 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:51.238786 0.079022 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:51.318391 0.065419 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:51.384207 0.344065 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:51.728661 0.364510 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:52.093576 0.137537 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:52.231525 0.155898 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:24:52.387819 0.088131 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:28:30.025002 3.001252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 12:28:37.032018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:28:45.033820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:29:01.036773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:29:33.042731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:35:37.049458 3.001351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 12:35:44.056632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:35:52.057898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:36:08.060789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:36:40.066987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:42:44.073314 3.001061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 12:42:51.080373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:42:59.081454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:43:15.084610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:43:47.090638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:49:51.096343 3.002246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 12:49:58.104055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:50:06.106018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:50:22.108923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:50:46.955344 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 12:50:46.955573 0.611233 tcp 10.0.2.109 54878 -> 176.73.169.112 1959 FSPA* 0 0 15 1734 flow=From-Botnet-V1-TCP-Established 1970/01/15 12:50:54.115133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:54:55.241557 0.000160 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 12:54:55.241816 0.052962 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:55.295202 0.174130 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:55.469729 0.052908 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:55.523034 0.186395 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:55.709869 0.057213 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:55.767419 0.083590 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:55.851409 0.156837 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:56.008582 0.148322 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:56.157336 0.381480 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:56.539237 0.193189 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:56.732847 0.050024 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:56.783226 0.044442 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:56.828062 0.034217 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:56.862593 0.055410 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:56.918432 0.189594 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:57.108428 0.072284 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:57.181109 0.141198 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:57.322730 0.089437 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:57.412575 0.056116 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:57.469106 0.045573 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:57.515016 0.054183 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:57.569606 0.208912 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:57.778925 0.298921 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.078289 0.137384 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.216072 0.046203 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.262616 0.152263 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.415275 0.142419 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.558039 0.047005 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.605401 0.070232 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.676038 0.179206 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.855594 0.072109 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.928098 0.055479 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:58.983906 0.344834 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:59.329104 0.155609 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:59.485116 0.088112 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:59.573650 0.366625 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:54:59.940674 0.131593 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/15 12:56:58.121226 3.001081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 12:57:05.127851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:57:13.129611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:57:29.132481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 12:58:01.138993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:04:05.145266 3.000785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 13:04:12.152452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:04:20.153511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:04:36.156360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:05:08.162767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:11:12.169360 3.000976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 13:11:19.176124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:11:27.177607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:11:43.180576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:12:15.187132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:18:19.192491 3.002005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 13:18:26.199871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:18:34.201875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:18:50.204457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:19:22.210874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:20:47.574040 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 13:20:47.574272 0.541395 tcp 10.0.2.109 54879 -> 176.73.169.112 1959 FSPA* 0 0 13 1677 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:25:21.517693 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 13:25:21.517812 0.054882 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:21.573097 0.186044 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:21.759592 0.055196 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:21.815319 0.092179 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:21.907960 0.051700 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:21.960098 0.178110 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:22.138605 0.163297 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:22.302424 0.150555 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:22.453335 0.364011 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:22.817701 0.192667 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.010742 0.049908 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.060976 0.044186 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.105602 0.029356 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.135314 0.057899 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.193621 0.186649 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.380612 0.071478 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.452488 0.141299 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.594141 0.090395 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.684870 0.054359 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:23.739647 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 13:25:26.236830 3.002035 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 13:25:33.243790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:25:39.744905 0.052178 tcp 10.0.2.109 54880 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:25:39.797325 0.052446 tcp 10.0.2.109 54881 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:25:39.850053 0.140458 tcp 10.0.2.109 54882 -> 195.113.214.211 443 SRPA* 0 0 36 26969 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:25:39.991024 0.065158 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:40.056581 0.196011 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:40.252981 0.298265 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:40.551588 0.135711 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:40.687697 0.043483 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:40.731526 0.155802 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:40.887765 0.145461 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:41.033651 0.058802 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:41.092863 0.070444 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:41.163705 0.175171 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:41.245763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:25:41.339241 0.344325 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:41.683957 0.173803 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:41.858196 0.094382 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:41.953039 0.072111 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:42.025552 0.056117 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:42.082065 0.363842 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:42.446338 0.133070 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:25:57.248449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:26:29.254382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:32:33.261515 3.000534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 13:32:40.267720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:32:48.269969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:33:04.272406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:33:36.278782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:39:40.284413 3.002162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 13:39:47.291701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:39:55.293635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:40:11.296361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:40:43.302417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:46:47.308856 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 13:46:54.315745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:47:02.417677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:47:18.420299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:47:50.426579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:50:48.162928 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 13:50:48.163040 0.478470 tcp 10.0.2.109 54883 -> 176.73.169.112 1959 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:53:54.433192 3.000883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 13:54:01.439866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:54:09.441662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:54:25.444928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:54:57.450473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 13:56:10.376106 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 13:56:10.376200 0.046922 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:10.423545 0.055116 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:10.478994 0.056380 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:10.535807 0.186442 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:10.722668 0.172153 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:10.895236 0.163222 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:11.058884 0.150168 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:11.209472 0.281940 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:11.491842 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 13:56:28.603761 0.053348 tcp 10.0.2.109 54884 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:56:28.657426 0.100501 tcp 10.0.2.109 54885 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:56:28.758372 0.144671 tcp 10.0.2.109 54886 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:56:28.903642 0.053349 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:28.957451 0.191124 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.148948 0.043946 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.193316 0.031477 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.225129 0.056798 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.282353 0.184543 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.467313 0.066587 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.534334 0.141042 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.675718 0.101228 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.777349 0.051835 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.829522 0.049323 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:29.879325 0.302919 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:30.182684 0.126697 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:30.309843 0.042396 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:30.352595 0.055513 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:30.408508 0.197106 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:30.606198 0.161733 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:30.768269 0.142204 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:30.910890 0.054787 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:30.966044 0.070136 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:31.036555 0.174352 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:31.211304 0.344155 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:31.555862 0.154853 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:31.711074 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 13:56:48.400318 0.052363 tcp 10.0.2.109 54887 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:56:48.453012 0.052475 tcp 10.0.2.109 54888 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:56:48.505821 0.147703 tcp 10.0.2.109 54889 -> 195.113.214.211 443 SRPA* 0 0 41 34598 flow=From-Botnet-V1-TCP-Established 1970/01/15 13:56:48.654637 0.367102 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:49.022112 0.140205 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:49.162716 0.088140 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/15 13:56:49.251238 0.071799 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:01:01.456971 3.001285 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 14:01:08.463714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:01:16.465558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:01:32.468670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:02:04.474591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:08:08.481613 3.000446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 14:08:15.487964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:08:23.489310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:08:39.492683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:09:11.498433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:15:15.505380 3.000804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 14:15:22.512408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:15:30.513209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:15:46.516520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:16:18.522986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:20:48.641228 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 14:20:48.641328 0.491738 tcp 10.0.2.109 54890 -> 176.73.169.112 1959 FSPA* 0 0 15 1677 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:22:22.529027 3.001693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 14:22:29.535745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:22:37.537266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:22:53.540604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:23:25.546721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:27:00.776177 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 14:27:00.776277 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 14:27:16.240699 0.053012 tcp 10.0.2.109 54891 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:27:16.294024 0.052607 tcp 10.0.2.109 54892 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:27:16.346923 0.140068 tcp 10.0.2.109 54893 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:27:16.487523 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 14:27:35.426104 0.051146 tcp 10.0.2.109 54894 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:27:35.477500 0.052819 tcp 10.0.2.109 54895 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:27:35.530584 0.141131 tcp 10.0.2.109 54896 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:27:35.670565 0.182388 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:35.853359 0.172790 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.026536 0.047610 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.074503 0.052917 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.127803 0.057943 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.186328 0.156586 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.343346 0.289876 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.633632 0.147222 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.781254 0.052610 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.834374 0.089268 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.924051 0.045710 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:36.970201 0.061615 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:37.032183 0.190051 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:37.222594 0.072826 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:37.295828 0.140783 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:37.437019 0.089930 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:37.527323 0.058749 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:37.586514 0.051005 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:37.637917 0.191839 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:37.830312 0.040609 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:37.871281 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 14:27:55.515128 0.051628 tcp 10.0.2.109 54897 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:27:55.567021 0.051930 tcp 10.0.2.109 54898 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:27:55.619270 0.145836 tcp 10.0.2.109 54899 -> 195.113.214.211 443 SRPA* 0 0 49 30146 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:27:55.765783 0.199155 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:55.965340 0.161066 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:56.126763 0.142776 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:56.269933 0.299311 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:56.569654 0.126943 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:56.696994 0.174533 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:56.871928 0.241914 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:57.114433 0.308407 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:57.423180 0.048914 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:57.472535 0.071448 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:57.544325 0.083981 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:57.628742 0.072640 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:57.701786 0.362041 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:27:58.064227 0.136762 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:29:29.552780 3.001063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 14:29:36.559720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:29:44.561087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:30:00.564103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:30:32.570174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:36:36.576150 3.002296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 14:36:43.583543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:36:51.585444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:37:07.588444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:37:39.594754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:43:43.600294 3.001997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 14:43:50.607942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:43:58.609278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:44:14.612121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:44:46.618139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:50:49.140584 0.000193 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 14:50:49.140926 2.992731 tcp 10.0.2.109 54900 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:50:50.625244 3.000534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 14:50:57.631917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:50:58.142612 0.000000 tcp 10.0.2.109 54900 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:51:04.143127 0.055243 tcp 10.0.2.109 54901 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:04.198651 0.052225 tcp 10.0.2.109 54902 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:04.251160 0.142752 tcp 10.0.2.109 54903 -> 195.113.214.211 443 SRPA* 0 0 24 14774 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:04.541343 2.994576 tcp 10.0.2.109 54904 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:51:05.633543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:51:13.534770 0.000000 tcp 10.0.2.109 54904 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:51:19.543856 0.053377 tcp 10.0.2.109 54905 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:19.597517 0.052070 tcp 10.0.2.109 54906 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:19.649845 0.144984 tcp 10.0.2.109 54907 -> 195.113.214.211 443 SRPA* 0 0 46 40992 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:19.839634 2.998189 tcp 10.0.2.109 54908 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:51:21.636447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:51:28.836780 0.000000 tcp 10.0.2.109 54908 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:51:34.835730 0.052668 tcp 10.0.2.109 54909 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:34.888283 0.052790 tcp 10.0.2.109 54910 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:34.941361 0.145236 tcp 10.0.2.109 54911 -> 195.113.214.211 443 SRPA* 0 0 50 42130 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:35.101095 2.998746 tcp 10.0.2.109 54912 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:51:44.098822 0.000000 tcp 10.0.2.109 54912 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:51:50.098194 0.050756 tcp 10.0.2.109 54913 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:50.149290 0.051688 tcp 10.0.2.109 54914 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:50.201222 0.145778 tcp 10.0.2.109 54915 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:51:50.368576 3.003149 tcp 10.0.2.109 54916 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:51:53.642041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:51:59.370475 0.000000 tcp 10.0.2.109 54916 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:52:05.369554 0.050800 tcp 10.0.2.109 54917 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:05.420620 0.053409 tcp 10.0.2.109 54918 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:05.474350 0.143859 tcp 10.0.2.109 54919 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:05.724049 2.990000 tcp 10.0.2.109 54920 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:52:14.722653 0.000000 tcp 10.0.2.109 54920 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:52:20.721805 0.052268 tcp 10.0.2.109 54921 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:20.774353 0.052778 tcp 10.0.2.109 54922 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:20.827565 0.141397 tcp 10.0.2.109 54923 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:21.094763 3.001012 tcp 10.0.2.109 54924 -> 76.181.145.117 4797 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:52:30.094966 0.000000 tcp 10.0.2.109 54924 -> 76.181.145.117 4797 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:52:36.093831 0.052964 tcp 10.0.2.109 54925 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:36.147104 0.627934 tcp 10.0.2.109 54926 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:36.775346 0.193055 tcp 10.0.2.109 54927 -> 195.113.214.211 443 SRPA* 0 0 60 41160 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:37.012684 2.996553 tcp 10.0.2.109 54928 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:52:46.007822 0.000000 tcp 10.0.2.109 54928 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:52:52.006691 0.051668 tcp 10.0.2.109 54929 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:52.058635 0.052494 tcp 10.0.2.109 54930 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:52.111440 0.148174 tcp 10.0.2.109 54931 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:52:52.274533 3.006774 tcp 10.0.2.109 54932 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:53:01.279355 0.000000 tcp 10.0.2.109 54932 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:53:07.268218 3.004364 tcp 10.0.2.109 54933 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:53:16.271296 0.000000 tcp 10.0.2.109 54933 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:53:22.269587 2.994207 tcp 10.0.2.109 54934 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:53:31.272358 0.000000 tcp 10.0.2.109 54934 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:53:37.271532 2.993807 tcp 10.0.2.109 54935 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:53:41.957692 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 14:53:46.263949 0.000000 tcp 10.0.2.109 54935 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:53:52.273408 2.994164 tcp 10.0.2.109 54936 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:54:01.265915 0.000000 tcp 10.0.2.109 54936 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:54:07.274528 3.004633 tcp 10.0.2.109 54937 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:54:16.277395 0.000000 tcp 10.0.2.109 54937 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:54:22.276539 3.003614 tcp 10.0.2.109 54938 -> 76.181.145.117 4797 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:54:26.952594 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 14:54:31.279417 0.000000 tcp 10.0.2.109 54938 -> 76.181.145.117 4797 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:54:37.277823 3.003743 tcp 10.0.2.109 54939 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:54:46.280479 0.000000 tcp 10.0.2.109 54939 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:57:57.648961 3.001003 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 14:58:04.655860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:58:12.657540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:58:22.492009 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 14:58:22.492263 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 14:58:28.660140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:58:37.685328 0.051613 tcp 10.0.2.109 54940 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:58:37.737284 0.052969 tcp 10.0.2.109 54941 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:58:37.790635 0.142474 tcp 10.0.2.109 54942 -> 195.113.214.211 443 SRPA* 0 0 40 33956 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:58:37.933783 0.181323 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:38.115571 0.044486 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:38.160395 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 14:58:54.918794 0.051890 tcp 10.0.2.109 54943 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:58:54.970963 0.052829 tcp 10.0.2.109 54944 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:58:55.024017 0.158484 tcp 10.0.2.109 54945 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 14:58:55.183205 0.054924 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:55.238508 0.179394 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:55.418280 0.288547 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:55.707261 0.146586 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:55.854398 0.053597 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:55.908439 0.172799 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.081642 0.061383 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.143418 0.059326 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.203164 0.183734 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.387297 0.073900 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.461569 0.142474 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.604479 0.089088 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.693959 0.056251 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.750764 0.049979 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.801116 0.192161 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:56.993676 0.046458 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:57.040518 0.030359 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:57.071171 0.144901 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:57.216429 0.296851 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:57.513675 0.127487 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:57.641587 0.171027 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:57.813026 0.203899 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:58.017296 0.152520 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:58.170450 0.344753 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:58.515569 0.285570 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:58.801498 0.047793 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:58.849684 0.066933 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:58.916961 0.087885 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:59.005273 0.071554 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:59.077232 0.346547 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:58:59.424259 0.138432 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/15 14:59:00.666613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 14:59:52.280556 2.994403 tcp 10.0.2.109 54946 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 14:59:56.957388 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:00:01.283177 0.000000 tcp 10.0.2.109 54946 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:00:07.282605 0.053801 tcp 10.0.2.109 54947 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:07.336219 0.053263 tcp 10.0.2.109 54948 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:07.389364 0.146362 tcp 10.0.2.109 54949 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:07.747477 2.999424 tcp 10.0.2.109 54950 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:00:16.745747 0.000000 tcp 10.0.2.109 54950 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:00:22.744603 0.057721 tcp 10.0.2.109 54951 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:22.802609 0.052096 tcp 10.0.2.109 54952 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:22.854980 0.148157 tcp 10.0.2.109 54953 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:23.041733 2.997199 tcp 10.0.2.109 54954 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:00:32.037977 0.000000 tcp 10.0.2.109 54954 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:00:38.036823 0.052595 tcp 10.0.2.109 54955 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:38.089689 0.051498 tcp 10.0.2.109 54956 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:38.141447 0.142489 tcp 10.0.2.109 54957 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:38.294935 3.006197 tcp 10.0.2.109 54958 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:00:47.299794 0.000000 tcp 10.0.2.109 54958 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:00:53.288546 0.053535 tcp 10.0.2.109 54959 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:53.342325 0.053870 tcp 10.0.2.109 54960 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:53.396555 0.142805 tcp 10.0.2.109 54961 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:00:53.670469 3.002824 tcp 10.0.2.109 54962 -> 76.181.145.117 4797 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:01:02.671910 0.000000 tcp 10.0.2.109 54962 -> 76.181.145.117 4797 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:01:08.671058 0.051670 tcp 10.0.2.109 54963 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:01:08.723032 0.051895 tcp 10.0.2.109 54964 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:01:08.775216 0.141739 tcp 10.0.2.109 54965 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:01:08.945453 2.999470 tcp 10.0.2.109 54966 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:01:17.953796 0.000000 tcp 10.0.2.109 54966 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:01:23.943152 0.050518 tcp 10.0.2.109 54967 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:01:23.993948 0.053588 tcp 10.0.2.109 54968 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:01:24.047810 0.144919 tcp 10.0.2.109 54969 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:01:24.336887 3.000393 tcp 10.0.2.109 54970 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:01:33.335788 0.000000 tcp 10.0.2.109 54970 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:01:39.334291 3.004502 tcp 10.0.2.109 54971 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:01:48.337339 0.000000 tcp 10.0.2.109 54971 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:01:54.336732 3.003644 tcp 10.0.2.109 54972 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:02:03.339321 0.000000 tcp 10.0.2.109 54972 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:02:09.337641 3.004358 tcp 10.0.2.109 54973 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:02:13.954188 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:02:18.340149 0.000000 tcp 10.0.2.109 54973 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:02:24.338928 3.004712 tcp 10.0.2.109 54974 -> 76.181.145.117 4797 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:02:33.342249 0.000000 tcp 10.0.2.109 54974 -> 76.181.145.117 4797 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:02:39.340676 2.994638 tcp 10.0.2.109 54975 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:02:48.343428 0.000000 tcp 10.0.2.109 54975 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:05:04.672840 3.001015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 15:05:11.679604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:05:19.681059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:05:35.684099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:06:07.690160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:07:54.344541 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:07:54.344639 3.003065 tcp 10.0.2.109 54976 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:08:03.346366 0.000000 tcp 10.0.2.109 54976 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:08:09.347098 0.053055 tcp 10.0.2.109 54977 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:08:09.400462 0.052800 tcp 10.0.2.109 54978 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:08:09.453529 0.144414 tcp 10.0.2.109 54979 -> 195.113.214.211 443 SRPA* 0 0 38 30106 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:08:10.038481 3.001998 tcp 10.0.2.109 54980 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:08:19.039275 0.000000 tcp 10.0.2.109 54980 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:08:25.038918 0.051940 tcp 10.0.2.109 54981 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:08:25.091237 0.052646 tcp 10.0.2.109 54982 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:08:25.144198 0.144024 tcp 10.0.2.109 54983 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:08:25.334498 3.008135 tcp 10.0.2.109 54984 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:08:34.341394 0.000000 tcp 10.0.2.109 54984 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:08:40.330537 0.050759 tcp 10.0.2.109 54985 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:08:40.381574 0.052833 tcp 10.0.2.109 54986 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:08:40.434720 0.152115 tcp 10.0.2.109 54987 -> 195.113.214.211 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:08:40.596638 2.997724 tcp 10.0.2.109 54988 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:08:49.603416 0.000000 tcp 10.0.2.109 54988 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:08:55.592284 2.993807 tcp 10.0.2.109 54989 -> 176.74.96.2 6834 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:09:04.584686 0.000000 tcp 10.0.2.109 54989 -> 176.74.96.2 6834 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:09:10.593453 2.994133 tcp 10.0.2.109 54990 -> 95.104.50.9 3421 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:09:19.585943 0.000000 tcp 10.0.2.109 54990 -> 95.104.50.9 3421 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:12:11.695967 3.001782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 15:12:18.703502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:12:26.705496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:12:42.708499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:13:14.714129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:14:25.596399 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:14:25.596508 3.004218 tcp 10.0.2.109 54991 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:14:34.598726 0.000000 tcp 10.0.2.109 54991 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:14:40.600130 0.053794 tcp 10.0.2.109 54992 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:14:40.654242 0.052888 tcp 10.0.2.109 54993 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:14:40.707380 0.145814 tcp 10.0.2.109 54994 -> 195.113.214.211 443 SRPA* 0 0 21 13070 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:14:40.907428 3.005351 tcp 10.0.2.109 54995 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:14:49.911417 0.000000 tcp 10.0.2.109 54995 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:19:18.720259 3.001860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 15:19:25.727706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:19:33.729193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:19:49.731911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:20:21.738000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:26:25.744859 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 15:26:32.751833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:26:40.753286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:26:56.756172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:27:28.762277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:29:00.975135 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:29:00.975237 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 15:29:19.453412 0.053375 tcp 10.0.2.109 54996 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:29:19.507064 0.052651 tcp 10.0.2.109 54997 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:29:19.560005 0.146860 tcp 10.0.2.109 54998 -> 195.113.214.211 443 SRPA* 0 0 53 41370 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:29:19.707718 0.190180 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:20.474036 0.054272 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:20.526316 0.324473 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:20.814401 0.157727 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:20.966763 0.055308 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:21.026610 0.075751 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:21.082703 0.167763 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:21.247964 0.181584 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:21.421999 0.041463 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:21.468291 0.073844 rtp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 1945 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:21.528496 0.186871 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:21.710363 0.115050 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:21.783943 0.164570 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:21.926190 0.118899 udp 10.0.2.109 3683 <-> 79.23.255.212 5743 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:22.029606 0.073473 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:22.084419 0.065277 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:22.133103 0.198075 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:22.324574 0.057911 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:22.412749 0.060531 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:22.469654 0.167032 rtp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:22.614330 0.302923 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:22.915666 0.259120 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:23.107892 0.970408 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:24.064669 0.344517 rtp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:24.568322 0.168094 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:24.724659 0.086059 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:25.155479 0.224698 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:25.358928 0.172840 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:25.524962 0.075044 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:25.631022 0.084441 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:25.717303 0.114406 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:25.897319 0.366542 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:25.960688 2.993939 tcp 10.0.2.109 54999 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:29:26.264372 0.147907 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:29:34.963874 0.000000 tcp 10.0.2.109 54999 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:29:40.962908 0.052435 tcp 10.0.2.109 55000 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:29:41.015697 0.053740 tcp 10.0.2.109 55001 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:29:41.069737 0.141341 tcp 10.0.2.109 55002 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:29:41.221821 2.995350 tcp 10.0.2.109 55003 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:29:50.215969 0.000000 tcp 10.0.2.109 55003 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:29:56.215006 0.051871 tcp 10.0.2.109 55004 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:29:56.267106 0.053241 tcp 10.0.2.109 55005 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:29:56.320699 0.141937 tcp 10.0.2.109 55006 -> 195.113.214.211 443 SRPA* 0 0 20 11286 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:29:56.473708 3.005599 tcp 10.0.2.109 55007 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:30:05.477295 0.000000 tcp 10.0.2.109 55007 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:30:11.466979 0.052876 tcp 10.0.2.109 55008 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:30:11.520210 0.053437 tcp 10.0.2.109 55009 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:30:11.574026 0.147503 tcp 10.0.2.109 55010 -> 195.113.214.211 443 SRPA* 0 0 40 21824 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:30:11.732528 2.998333 tcp 10.0.2.109 55011 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:30:20.729744 0.000000 tcp 10.0.2.109 55011 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:30:26.728245 3.004011 tcp 10.0.2.109 55012 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:30:35.730848 0.000000 tcp 10.0.2.109 55012 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:30:41.729628 3.004228 tcp 10.0.2.109 55013 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:30:50.742930 0.000000 tcp 10.0.2.109 55013 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:33:32.768164 3.002029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 15:33:39.776004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:33:47.777347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:34:03.779798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:34:35.786454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:35:56.733060 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:35:56.733161 2.993657 tcp 10.0.2.109 55014 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:36:05.725475 0.000000 tcp 10.0.2.109 55014 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:36:11.735536 0.054349 tcp 10.0.2.109 55015 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:36:11.790375 0.052382 tcp 10.0.2.109 55016 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:36:11.843061 0.143314 tcp 10.0.2.109 55017 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:36:11.995804 3.003119 tcp 10.0.2.109 55018 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:36:20.997611 0.000000 tcp 10.0.2.109 55018 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:36:26.997039 0.053255 tcp 10.0.2.109 55019 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:36:27.050590 0.053595 tcp 10.0.2.109 55020 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:36:27.104502 0.147074 tcp 10.0.2.109 55021 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:36:27.266816 3.004129 tcp 10.0.2.109 55022 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:36:36.269138 0.000000 tcp 10.0.2.109 55022 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:36:42.268387 0.052104 tcp 10.0.2.109 55023 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:36:42.320844 0.053951 tcp 10.0.2.109 55024 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:36:42.375150 0.141349 tcp 10.0.2.109 55025 -> 195.113.214.211 443 SRPA* 0 0 36 18318 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:36:42.528294 3.004524 tcp 10.0.2.109 55026 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:36:51.531101 0.000000 tcp 10.0.2.109 55026 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:36:57.529885 2.994112 tcp 10.0.2.109 55027 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:37:06.532645 0.000000 tcp 10.0.2.109 55027 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:37:12.531747 2.994061 tcp 10.0.2.109 55028 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:37:21.524724 0.000000 tcp 10.0.2.109 55028 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:37:26.451141 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:40:39.792256 3.001416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 15:40:46.799304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:40:54.801271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:41:10.803874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:41:42.810258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:42:27.535014 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:42:27.535126 3.003232 tcp 10.0.2.109 55029 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:42:36.537595 0.000000 tcp 10.0.2.109 55029 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:42:42.537391 0.052736 tcp 10.0.2.109 55030 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:42:42.590431 0.060826 tcp 10.0.2.109 55031 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:42:42.651546 0.144730 tcp 10.0.2.109 55032 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:42:42.822536 2.998355 tcp 10.0.2.109 55033 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:42:51.819643 0.000000 tcp 10.0.2.109 55033 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:42:57.818947 0.052249 tcp 10.0.2.109 55034 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:42:57.871480 0.052592 tcp 10.0.2.109 55035 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:42:57.924334 0.141132 tcp 10.0.2.109 55036 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:42:58.121606 3.001138 tcp 10.0.2.109 55037 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:43:07.121216 0.000000 tcp 10.0.2.109 55037 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:43:13.120308 0.052902 tcp 10.0.2.109 55038 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:43:13.173549 0.052807 tcp 10.0.2.109 55039 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:43:13.226637 0.144985 tcp 10.0.2.109 55040 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:43:13.484620 3.000238 tcp 10.0.2.109 55041 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:43:22.493616 0.000000 tcp 10.0.2.109 55041 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:43:28.482425 2.994109 tcp 10.0.2.109 55042 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:43:37.474737 0.000000 tcp 10.0.2.109 55042 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:43:43.483844 3.003723 tcp 10.0.2.109 55043 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:43:52.486765 0.000000 tcp 10.0.2.109 55043 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:43:57.453475 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:47:46.816444 3.002250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 15:47:53.824614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:48:01.826180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:48:17.828105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:48:49.833784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:48:58.487123 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:48:58.487304 3.003757 tcp 10.0.2.109 55044 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:49:07.489081 0.000000 tcp 10.0.2.109 55044 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:49:13.490486 0.052879 tcp 10.0.2.109 55045 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:49:13.543651 0.053132 tcp 10.0.2.109 55046 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:49:13.597037 0.144164 tcp 10.0.2.109 55047 -> 195.113.214.211 443 SRPA* 0 0 35 17676 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:49:13.812288 3.000220 tcp 10.0.2.109 55048 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:49:22.811427 0.000000 tcp 10.0.2.109 55048 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:49:28.810797 0.052608 tcp 10.0.2.109 55049 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:49:28.863628 0.053133 tcp 10.0.2.109 55050 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:49:28.917106 0.142327 tcp 10.0.2.109 55051 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:49:29.131581 2.993487 tcp 10.0.2.109 55052 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:49:38.133248 0.000000 tcp 10.0.2.109 55052 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:49:44.132785 0.051353 tcp 10.0.2.109 55053 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:49:44.184423 0.052477 tcp 10.0.2.109 55054 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:49:44.237181 0.144424 tcp 10.0.2.109 55055 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:49:44.515553 2.991636 tcp 10.0.2.109 55056 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:49:53.505826 0.000000 tcp 10.0.2.109 55056 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:49:59.514319 3.004558 tcp 10.0.2.109 55057 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:50:08.517636 0.000000 tcp 10.0.2.109 55057 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:50:14.516370 3.003432 tcp 10.0.2.109 55058 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:50:23.519037 0.000000 tcp 10.0.2.109 55058 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:50:28.456050 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:54:53.840675 3.001416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 15:55:00.847747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:55:08.848816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:55:24.851973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:55:56.857727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 15:59:39.188314 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 15:59:39.188396 0.207057 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:39.388761 0.053063 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:39.820283 0.323288 rtp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:40.108729 0.158063 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:40.260838 0.055999 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2536 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:40.385750 0.079699 rtp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:40.650023 0.296931 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:40.943657 0.188664 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:41.132964 0.046805 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:41.275322 0.074442 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:41.335000 0.185372 rtp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:41.517062 0.115849 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:41.647973 0.166473 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:41.792490 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 15:59:44.555892 3.003827 tcp 10.0.2.109 55059 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:59:53.558444 0.000000 tcp 10.0.2.109 55059 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 15:59:57.335644 0.053611 tcp 10.0.2.109 55060 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:59:57.389531 0.053478 tcp 10.0.2.109 55061 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:59:57.443040 0.143164 tcp 10.0.2.109 55062 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:59:57.586742 0.075032 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:57.643630 0.065966 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:58.064192 0.197345 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:58.788263 0.062179 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:59.498066 0.083674 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/15 15:59:59.557117 0.051882 tcp 10.0.2.109 55063 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:59:59.609340 0.055213 tcp 10.0.2.109 55064 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 15:59:59.664845 0.144367 tcp 10.0.2.109 55065 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:00:00.039137 3.002700 tcp 10.0.2.109 55066 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:00:00.121928 0.172597 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:00.294973 0.305650 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:00.599385 0.184279 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:01.727767 0.157216 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:02.044248 0.241039 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:02.583014 0.347706 rtp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:02.974303 0.086839 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:03.049315 0.230532 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:03.260709 0.167614 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:03.420768 0.072478 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:03.491814 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 16:00:09.040642 0.000000 tcp 10.0.2.109 55066 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:00:15.040153 0.052429 tcp 10.0.2.109 55067 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:00:15.092506 0.052142 tcp 10.0.2.109 55068 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:00:15.145007 0.149268 tcp 10.0.2.109 55069 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:00:15.356132 3.007662 tcp 10.0.2.109 55070 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:00:22.370083 0.053062 tcp 10.0.2.109 55071 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:00:22.422996 0.053561 tcp 10.0.2.109 55072 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:00:22.476412 0.146882 tcp 10.0.2.109 55073 -> 195.113.214.211 443 SRPA* 0 0 42 26530 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:00:22.623979 0.119593 rtp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2603 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:22.702585 0.327923 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:23.037862 0.147764 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:00:24.372613 0.000000 tcp 10.0.2.109 55070 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:00:30.351423 2.994262 tcp 10.0.2.109 55074 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:00:39.354021 0.000000 tcp 10.0.2.109 55074 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:02:00.864527 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 16:02:07.871229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:02:15.873232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:02:31.875786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:03:03.882208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:05:45.354861 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:05:45.354959 3.003392 tcp 10.0.2.109 55075 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:05:54.357294 0.000000 tcp 10.0.2.109 55075 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:06:00.358360 0.030822 tcp 10.0.2.109 55076 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:06:00.389408 0.031484 tcp 10.0.2.109 55077 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:06:00.420748 0.129529 tcp 10.0.2.109 55078 -> 195.113.214.211 443 SRPA* 0 0 35 18224 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:06:00.571049 2.999271 tcp 10.0.2.109 55079 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:06:09.568794 0.000000 tcp 10.0.2.109 55079 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:06:15.568245 0.030793 tcp 10.0.2.109 55080 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:06:15.599346 0.030940 tcp 10.0.2.109 55081 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:06:15.630640 0.132870 tcp 10.0.2.109 55082 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:06:15.777831 3.004014 tcp 10.0.2.109 55083 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:06:24.780465 0.000000 tcp 10.0.2.109 55083 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:06:30.780559 0.030150 tcp 10.0.2.109 55084 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:06:30.810982 0.031544 tcp 10.0.2.109 55085 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:06:30.842816 0.125629 tcp 10.0.2.109 55086 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:06:31.011148 2.992592 tcp 10.0.2.109 55087 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:06:40.013052 0.000000 tcp 10.0.2.109 55087 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:06:46.011766 2.994031 tcp 10.0.2.109 55088 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:06:55.004062 0.000000 tcp 10.0.2.109 55088 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:07:01.013350 2.994117 tcp 10.0.2.109 55089 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:07:10.005688 0.000000 tcp 10.0.2.109 55089 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:07:14.953132 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:09:07.888669 3.001018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 16:09:14.895774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:09:22.897145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:09:38.899714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:10:10.905856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:12:16.016662 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:12:16.016756 3.003288 tcp 10.0.2.109 55090 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:12:25.018946 0.000000 tcp 10.0.2.109 55090 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:12:31.019774 0.031483 tcp 10.0.2.109 55091 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:12:31.051556 0.066875 tcp 10.0.2.109 55092 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:12:31.118726 0.124617 tcp 10.0.2.109 55093 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:12:31.432669 2.999417 tcp 10.0.2.109 55094 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:12:40.430579 0.000000 tcp 10.0.2.109 55094 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:12:46.430324 0.030799 tcp 10.0.2.109 55095 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:12:46.461382 0.030708 tcp 10.0.2.109 55096 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:12:46.492489 0.125660 tcp 10.0.2.109 55097 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:12:46.674574 2.999794 tcp 10.0.2.109 55098 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:12:55.683174 0.000000 tcp 10.0.2.109 55098 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:13:01.671807 0.030896 tcp 10.0.2.109 55099 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:13:01.702923 0.031569 tcp 10.0.2.109 55100 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:13:01.734365 0.125405 tcp 10.0.2.109 55101 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:13:01.879681 2.996229 tcp 10.0.2.109 55102 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:13:10.874354 0.000000 tcp 10.0.2.109 55102 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:13:16.873831 2.993897 tcp 10.0.2.109 55103 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:13:25.866507 0.000000 tcp 10.0.2.109 55103 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:13:31.875067 3.003976 tcp 10.0.2.109 55104 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:13:40.877709 0.000000 tcp 10.0.2.109 55104 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:16:14.921584 3.002216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 16:16:21.929372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:16:29.930786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:16:45.933611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:17:17.939713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:18:46.877913 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:18:46.878023 3.003749 tcp 10.0.2.109 55105 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:18:55.880383 0.000000 tcp 10.0.2.109 55105 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:19:01.881265 0.031876 tcp 10.0.2.109 55106 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:19:01.913452 0.031119 tcp 10.0.2.109 55107 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:19:01.944892 0.122609 tcp 10.0.2.109 55108 -> 195.113.214.211 443 SRPA* 0 0 39 20258 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:19:02.086430 2.997313 tcp 10.0.2.109 55109 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:19:11.092599 0.000000 tcp 10.0.2.109 55109 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:19:17.082356 0.031568 tcp 10.0.2.109 55110 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:19:17.113773 0.031909 tcp 10.0.2.109 55111 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:19:17.145962 0.125825 tcp 10.0.2.109 55112 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:19:17.467814 2.998197 tcp 10.0.2.109 55113 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:19:26.464708 0.000000 tcp 10.0.2.109 55113 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:19:32.464328 0.030380 tcp 10.0.2.109 55114 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:19:32.494985 0.030896 tcp 10.0.2.109 55115 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:19:32.526264 0.125785 tcp 10.0.2.109 55116 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:19:32.683633 3.004352 tcp 10.0.2.109 55117 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:19:41.686301 0.000000 tcp 10.0.2.109 55117 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:19:47.685313 3.003921 tcp 10.0.2.109 55118 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:19:56.687972 0.000000 tcp 10.0.2.109 55118 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:20:02.686833 3.004369 tcp 10.0.2.109 55119 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:20:11.689806 0.000000 tcp 10.0.2.109 55119 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:23:21.946114 3.001743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 16:23:28.953288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:23:36.954911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:23:52.958074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:24:24.963833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:25:17.690267 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:25:17.690444 2.993744 tcp 10.0.2.109 55120 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:25:26.692621 0.000000 tcp 10.0.2.109 55120 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:25:32.693628 0.032110 tcp 10.0.2.109 55121 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:25:32.726060 0.030559 tcp 10.0.2.109 55122 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:25:32.756916 0.126425 tcp 10.0.2.109 55123 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:25:32.927979 2.997589 tcp 10.0.2.109 55124 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:25:41.924350 0.000000 tcp 10.0.2.109 55124 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:25:47.924073 0.029968 tcp 10.0.2.109 55125 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:25:47.954341 0.031351 tcp 10.0.2.109 55126 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:25:47.985995 0.126239 tcp 10.0.2.109 55127 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:25:48.121334 2.996320 tcp 10.0.2.109 55128 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:25:57.116243 0.000000 tcp 10.0.2.109 55128 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:26:03.115985 0.031148 tcp 10.0.2.109 55129 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:26:03.147444 0.030855 tcp 10.0.2.109 55130 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:26:03.178649 0.127689 tcp 10.0.2.109 55131 -> 195.113.214.211 443 SRPA* 0 0 35 17596 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:26:03.347719 3.001914 tcp 10.0.2.109 55132 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:26:12.348153 0.000000 tcp 10.0.2.109 55132 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:26:18.346715 3.004163 tcp 10.0.2.109 55133 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:26:27.349500 0.000000 tcp 10.0.2.109 55133 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:26:33.348556 3.004148 tcp 10.0.2.109 55134 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:26:42.351185 0.000000 tcp 10.0.2.109 55134 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:30:28.970299 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 16:30:31.511557 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:30:31.511724 0.000000 udp 10.0.2.109 3683 -> 79.23.255.212 5743 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 16:30:35.977214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:30:43.978999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:30:47.837364 0.031450 tcp 10.0.2.109 55135 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:30:47.869089 0.030755 tcp 10.0.2.109 55136 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:30:47.899696 0.125833 tcp 10.0.2.109 55137 -> 195.113.214.211 443 SRPA* 0 0 60 42654 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:30:48.024785 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 16:30:59.981532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:31:05.820791 0.030551 tcp 10.0.2.109 55138 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:31:05.851590 0.030656 tcp 10.0.2.109 55139 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:31:05.882533 0.128078 tcp 10.0.2.109 55140 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:31:06.011527 0.200280 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:06.224952 0.051287 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:06.273767 0.078973 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:06.329845 0.156620 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:06.480391 0.382980 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:06.829811 0.056367 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:06.896117 0.166688 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:07.059123 0.191606 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:07.245906 0.108920 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:07.313840 0.167075 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:07.454765 0.048016 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:07.507987 0.187935 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:07.688527 0.074033 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:07.748787 0.073431 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:07.802868 0.199568 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:07.995789 0.081917 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:08.059615 0.057190 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:08.103599 0.300385 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:08.402631 0.040977 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:08.434035 0.166706 rtp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:08.578680 0.202038 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:08.716171 0.156034 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:08.861078 0.204917 rtp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:09.066757 0.212942 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:09.256818 0.167654 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:09.415814 0.076444 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:09.497958 0.310855 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:09.809273 0.091362 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:09.865977 0.111060 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:09.971313 0.344464 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:10.317488 0.147746 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/15 16:31:31.988021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:31:48.351878 2.994007 tcp 10.0.2.109 55141 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:31:52.957697 0.000171 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:31:57.344482 0.000000 tcp 10.0.2.109 55141 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:32:03.353804 0.030229 tcp 10.0.2.109 55142 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:32:03.384311 0.031626 tcp 10.0.2.109 55143 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:32:03.415813 0.126302 tcp 10.0.2.109 55144 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:32:03.599230 2.998474 tcp 10.0.2.109 55145 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:32:12.596306 0.000000 tcp 10.0.2.109 55145 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:32:18.595845 0.030856 tcp 10.0.2.109 55146 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:32:18.626965 0.030893 tcp 10.0.2.109 55147 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:32:18.658126 0.126721 tcp 10.0.2.109 55148 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:32:18.804419 3.005186 tcp 10.0.2.109 55149 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:32:27.808447 0.000000 tcp 10.0.2.109 55149 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:32:33.797727 0.031086 tcp 10.0.2.109 55150 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:32:33.828728 0.030924 tcp 10.0.2.109 55151 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:32:33.859928 0.123441 tcp 10.0.2.109 55152 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:32:34.009353 3.001983 tcp 10.0.2.109 55153 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:32:43.010374 0.000000 tcp 10.0.2.109 55153 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:32:49.008820 3.004165 tcp 10.0.2.109 55154 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:32:58.011434 0.000000 tcp 10.0.2.109 55154 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:33:04.009999 2.994591 tcp 10.0.2.109 55155 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:33:13.013163 0.000000 tcp 10.0.2.109 55155 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:33:17.959890 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:37:35.993524 3.001891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 16:37:43.000974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:37:51.002599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:38:07.005851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:38:19.013725 0.000179 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:38:19.014003 3.003365 tcp 10.0.2.109 55156 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:38:28.016259 0.000000 tcp 10.0.2.109 55156 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:38:34.016052 0.031429 tcp 10.0.2.109 55157 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:38:34.047819 0.030862 tcp 10.0.2.109 55158 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:38:34.078957 0.123996 tcp 10.0.2.109 55159 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:38:34.276530 3.002608 tcp 10.0.2.109 55160 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:38:39.011592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:38:43.278292 0.000000 tcp 10.0.2.109 55160 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:38:49.277504 0.030414 tcp 10.0.2.109 55161 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:38:49.308211 0.030769 tcp 10.0.2.109 55162 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:38:49.339265 0.125884 tcp 10.0.2.109 55163 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:38:49.519834 3.001736 tcp 10.0.2.109 55164 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:38:58.519592 0.000000 tcp 10.0.2.109 55164 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:39:04.518961 0.031989 tcp 10.0.2.109 55165 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:39:04.551228 0.031699 tcp 10.0.2.109 55166 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:39:04.583167 0.127047 tcp 10.0.2.109 55167 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:39:04.722755 3.000609 tcp 10.0.2.109 55168 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:39:13.722045 0.000000 tcp 10.0.2.109 55168 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:39:19.720497 2.994322 tcp 10.0.2.109 55169 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:39:28.723150 0.000000 tcp 10.0.2.109 55169 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:39:34.722363 2.993520 tcp 10.0.2.109 55170 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:39:43.714713 0.000000 tcp 10.0.2.109 55170 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:44:43.018318 3.001202 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 16:44:49.725529 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:44:49.725729 3.003436 tcp 10.0.2.109 55171 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:44:50.025076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:44:58.026840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:44:58.727679 0.000000 tcp 10.0.2.109 55171 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:45:04.728655 0.032296 tcp 10.0.2.109 55172 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:45:04.760798 0.030555 tcp 10.0.2.109 55173 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:45:04.791652 0.124196 tcp 10.0.2.109 55174 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:45:04.944897 3.006449 tcp 10.0.2.109 55175 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:45:13.949312 0.000000 tcp 10.0.2.109 55175 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:45:14.029660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:45:19.939274 0.030609 tcp 10.0.2.109 55176 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:45:19.970204 0.052382 tcp 10.0.2.109 55177 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:45:20.022898 0.128153 tcp 10.0.2.109 55178 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:45:20.160018 3.002929 tcp 10.0.2.109 55179 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:45:29.161309 0.000000 tcp 10.0.2.109 55179 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:45:35.161177 0.030138 tcp 10.0.2.109 55180 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:45:35.191562 0.031100 tcp 10.0.2.109 55181 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:45:35.222944 0.126502 tcp 10.0.2.109 55182 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:45:35.360531 2.994494 tcp 10.0.2.109 55183 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:45:44.363511 0.000000 tcp 10.0.2.109 55183 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:45:46.036016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:45:50.362027 2.994058 tcp 10.0.2.109 55184 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:45:59.355188 0.000000 tcp 10.0.2.109 55184 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:46:05.364035 3.003804 tcp 10.0.2.109 55185 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:46:14.366669 0.000000 tcp 10.0.2.109 55185 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:51:20.366802 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 16:51:20.366882 3.004422 tcp 10.0.2.109 55186 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:51:29.369633 0.000000 tcp 10.0.2.109 55186 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:51:35.369407 0.030771 tcp 10.0.2.109 55187 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:51:35.400429 0.031179 tcp 10.0.2.109 55188 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:51:35.431844 0.129313 tcp 10.0.2.109 55189 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:51:35.649454 3.003080 tcp 10.0.2.109 55190 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:51:44.651464 0.000000 tcp 10.0.2.109 55190 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:51:50.042375 3.000959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 16:51:50.650346 0.030032 tcp 10.0.2.109 55191 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:51:50.680648 0.031447 tcp 10.0.2.109 55192 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:51:50.712310 0.125504 tcp 10.0.2.109 55193 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:51:50.927506 2.997002 tcp 10.0.2.109 55194 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:51:57.049316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:51:59.933688 0.000000 tcp 10.0.2.109 55194 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:52:05.050990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:52:05.922811 0.030506 tcp 10.0.2.109 55195 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:52:05.953585 0.033151 tcp 10.0.2.109 55196 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:52:05.987021 0.126197 tcp 10.0.2.109 55197 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 16:52:06.127098 2.999945 tcp 10.0.2.109 55198 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:52:15.125041 0.000000 tcp 10.0.2.109 55198 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:52:21.053818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:52:21.124169 3.003919 tcp 10.0.2.109 55199 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:52:30.127151 0.000000 tcp 10.0.2.109 55199 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:52:36.125459 3.004096 tcp 10.0.2.109 55200 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:52:45.128744 0.000000 tcp 10.0.2.109 55200 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 16:52:53.060089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:58:57.065848 3.001585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 16:59:04.073369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:59:12.074524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 16:59:28.077768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:00:00.083926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:01:30.854478 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:01:30.854591 0.076077 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:30.910727 0.156987 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:31.060169 0.412186 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:31.430995 0.056256 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:31.488606 0.193766 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 1962 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:31.676581 0.051280 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:31.725501 0.168923 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:31.891619 0.191841 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.078777 0.106688 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.149778 0.168852 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.295569 0.041584 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.344411 0.188734 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.526386 0.074750 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.594174 0.075479 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.651196 0.200563 rtp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.845135 0.070333 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.896688 0.059915 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:32.939755 0.300226 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:33.238665 0.040027 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:33.294464 0.168814 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:33.439447 0.197317 rtp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:33.580966 0.161458 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:33.729771 0.195875 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:33.915400 0.000000 udp 10.0.2.109 3683 -> 108.199.165.214 9919 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 17:01:36.152520 2.993292 tcp 10.0.2.109 55201 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:01:45.144439 0.000000 tcp 10.0.2.109 55201 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:01:51.155549 0.032288 tcp 10.0.2.109 55202 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:01:51.188087 0.052688 tcp 10.0.2.109 55203 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:01:51.241044 0.125682 tcp 10.0.2.109 55204 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:01:51.441004 2.996784 tcp 10.0.2.109 55205 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:01:52.094873 0.031039 tcp 10.0.2.109 55206 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:01:52.126195 0.031615 tcp 10.0.2.109 55207 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:01:52.158318 0.122957 tcp 10.0.2.109 55208 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:01:52.281978 0.165675 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:52.440351 0.075552 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:52.523590 0.252852 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:52.798902 0.086198 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:52.849780 0.147846 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:52.989122 0.111219 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:01:53.063901 0.362552 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:02:00.436938 0.000000 tcp 10.0.2.109 55205 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:02:06.436397 0.030599 tcp 10.0.2.109 55209 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:02:06.467269 0.032040 tcp 10.0.2.109 55210 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:02:06.499649 0.123371 tcp 10.0.2.109 55211 -> 195.113.214.211 443 SRPA* 0 0 50 42130 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:02:06.659867 2.999898 tcp 10.0.2.109 55212 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:02:15.658463 0.000000 tcp 10.0.2.109 55212 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:02:21.658367 0.030174 tcp 10.0.2.109 55213 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:02:21.688873 0.031539 tcp 10.0.2.109 55214 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:02:21.720693 0.124771 tcp 10.0.2.109 55215 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:02:21.892372 2.999204 tcp 10.0.2.109 55216 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:02:30.890379 0.000000 tcp 10.0.2.109 55216 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:02:36.889162 3.004618 tcp 10.0.2.109 55217 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:02:45.892661 0.000000 tcp 10.0.2.109 55217 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:02:51.890554 2.994341 tcp 10.0.2.109 55218 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:03:00.893658 0.000000 tcp 10.0.2.109 55218 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:06:04.090351 3.001428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 17:06:11.097384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:06:19.098924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:06:35.102074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:07:07.107962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:08:06.894672 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:08:06.894768 3.002868 tcp 10.0.2.109 55219 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:08:15.896786 0.000000 tcp 10.0.2.109 55219 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:08:21.897343 0.031578 tcp 10.0.2.109 55220 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:08:21.929255 0.031186 tcp 10.0.2.109 55221 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:08:21.960723 0.128301 tcp 10.0.2.109 55222 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:08:22.100681 2.999267 tcp 10.0.2.109 55223 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:08:31.098957 0.000000 tcp 10.0.2.109 55223 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:08:37.098207 0.030940 tcp 10.0.2.109 55224 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:08:37.129413 0.030715 tcp 10.0.2.109 55225 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:08:37.160517 0.173855 tcp 10.0.2.109 55226 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:08:37.376177 3.005262 tcp 10.0.2.109 55227 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:08:46.380705 0.000000 tcp 10.0.2.109 55227 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:08:52.369808 0.031381 tcp 10.0.2.109 55228 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:08:52.401492 0.030705 tcp 10.0.2.109 55229 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:08:52.432513 0.123721 tcp 10.0.2.109 55230 -> 195.113.214.211 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:08:52.568243 3.005362 tcp 10.0.2.109 55231 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:09:01.571958 0.000000 tcp 10.0.2.109 55231 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:09:07.560969 2.994579 tcp 10.0.2.109 55232 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:09:16.563740 0.000000 tcp 10.0.2.109 55232 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:09:22.562612 2.994030 tcp 10.0.2.109 55233 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:09:31.555495 0.000000 tcp 10.0.2.109 55233 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:09:36.462454 0.000308 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:13:11.113862 3.001628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 17:13:18.120786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:13:26.122557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:13:42.125725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:14:14.131679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:14:37.566474 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:14:37.566575 3.003155 tcp 10.0.2.109 55234 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:14:46.568203 0.000000 tcp 10.0.2.109 55234 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:14:52.568958 0.030947 tcp 10.0.2.109 55235 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:14:52.600170 0.030892 tcp 10.0.2.109 55236 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:14:52.631385 0.127127 tcp 10.0.2.109 55237 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:14:52.788726 3.002969 tcp 10.0.2.109 55238 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:15:01.790036 0.000000 tcp 10.0.2.109 55238 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:15:07.789752 0.030139 tcp 10.0.2.109 55239 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:15:07.820131 0.031273 tcp 10.0.2.109 55240 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:15:07.851628 0.120413 tcp 10.0.2.109 55241 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:15:08.007712 3.005910 tcp 10.0.2.109 55242 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:15:17.012095 0.000000 tcp 10.0.2.109 55242 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:15:23.001173 0.029755 tcp 10.0.2.109 55243 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:15:23.031206 0.031682 tcp 10.0.2.109 55244 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:15:23.063218 0.127737 tcp 10.0.2.109 55245 -> 195.113.214.211 443 SRPA* 0 0 38 19298 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:15:23.255894 2.999109 tcp 10.0.2.109 55246 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:15:32.263787 0.000000 tcp 10.0.2.109 55246 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:15:38.252699 2.994189 tcp 10.0.2.109 55247 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:15:47.245612 0.000000 tcp 10.0.2.109 55247 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:15:53.254113 3.004750 tcp 10.0.2.109 55248 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:16:02.257024 0.000000 tcp 10.0.2.109 55248 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:20:18.137093 3.002632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 17:20:25.145361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:20:33.146970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:20:49.149658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:21:08.257299 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:21:08.257449 3.003573 tcp 10.0.2.109 55249 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:21:17.259915 0.000000 tcp 10.0.2.109 55249 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:21:21.155838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:21:23.260471 0.031322 tcp 10.0.2.109 55250 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:21:23.292123 0.030555 tcp 10.0.2.109 55251 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:21:23.322957 0.127765 tcp 10.0.2.109 55252 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:21:23.472675 3.000469 tcp 10.0.2.109 55253 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:21:32.472163 0.000000 tcp 10.0.2.109 55253 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:21:38.470812 0.030242 tcp 10.0.2.109 55254 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:21:38.501279 0.032535 tcp 10.0.2.109 55255 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:21:38.534019 0.127094 tcp 10.0.2.109 55256 -> 195.113.214.211 443 SRPA* 0 0 35 18388 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:21:38.676059 2.999293 tcp 10.0.2.109 55257 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:21:47.684048 0.000000 tcp 10.0.2.109 55257 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:21:53.673249 0.030808 tcp 10.0.2.109 55258 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:21:53.703895 0.032715 tcp 10.0.2.109 55259 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:21:53.736885 0.131169 tcp 10.0.2.109 55260 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:21:53.903577 3.003694 tcp 10.0.2.109 55261 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:22:02.905668 0.000000 tcp 10.0.2.109 55261 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:22:08.904262 3.004230 tcp 10.0.2.109 55262 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:22:17.907087 0.000000 tcp 10.0.2.109 55262 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:22:23.905889 3.004425 tcp 10.0.2.109 55263 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:22:32.908431 0.000000 tcp 10.0.2.109 55263 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:27:25.161569 3.001909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 17:27:32.169433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:27:38.909562 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:27:38.909756 3.003408 tcp 10.0.2.109 55264 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:27:40.170827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:27:47.911468 0.000000 tcp 10.0.2.109 55264 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:27:53.912396 0.032924 tcp 10.0.2.109 55265 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:27:53.945628 0.031541 tcp 10.0.2.109 55266 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:27:53.977450 0.126171 tcp 10.0.2.109 55267 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:27:54.175528 2.999772 tcp 10.0.2.109 55268 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:27:56.173956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:28:03.183558 0.000000 tcp 10.0.2.109 55268 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:28:28.179390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:31:56.880370 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:31:56.880659 0.000000 udp 10.0.2.109 3683 -> 108.199.165.214 9919 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 17:32:13.645862 0.030957 tcp 10.0.2.109 55269 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:32:13.677099 0.030502 tcp 10.0.2.109 55270 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:32:13.707871 0.126621 tcp 10.0.2.109 55271 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:32:13.835850 0.080547 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:13.892733 0.187867 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:14.102865 0.283855 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:14.384337 0.163974 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:14.544149 0.157191 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:14.696229 0.496610 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2566 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:15.035113 0.053675 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:15.090516 0.192071 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:15.276822 0.166237 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:15.420590 0.041807 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:15.473159 0.183822 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:15.649399 0.074061 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:15.708367 0.075921 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:15.766605 0.200343 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:15.959278 0.069597 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:16.011049 0.110071 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:16.083613 0.167928 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:16.229191 0.200900 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:16.369808 0.153724 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:16.513904 0.183955 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:16.698301 0.056175 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:16.739367 0.301094 udp 10.0.2.109 3683 <-> 175.195.224.65 9964 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:17.039142 0.120415 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:17.151581 0.166051 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:17.309903 0.077474 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:17.402881 0.300331 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:17.703634 0.081743 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:17.751668 0.379280 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:18.142538 0.149109 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:32:18.283985 0.111087 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/15 17:33:09.173751 3.003941 tcp 10.0.2.109 55272 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:33:13.960606 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:33:18.176525 0.000000 tcp 10.0.2.109 55272 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:33:24.176283 0.030386 tcp 10.0.2.109 55273 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:33:24.207005 0.030837 tcp 10.0.2.109 55274 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:33:24.238138 0.127182 tcp 10.0.2.109 55275 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:33:24.497196 3.002686 tcp 10.0.2.109 55276 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:33:33.498620 0.000000 tcp 10.0.2.109 55276 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:33:39.497539 0.030522 tcp 10.0.2.109 55277 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:33:39.528395 0.031405 tcp 10.0.2.109 55278 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:33:39.560097 0.125579 tcp 10.0.2.109 55279 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:33:39.710584 3.001096 tcp 10.0.2.109 55280 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:33:48.710117 0.000000 tcp 10.0.2.109 55280 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:33:54.709425 0.030690 tcp 10.0.2.109 55281 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:33:54.740456 0.030900 tcp 10.0.2.109 55282 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:33:54.771731 0.124461 tcp 10.0.2.109 55283 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:33:54.959103 3.004823 tcp 10.0.2.109 55284 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:34:03.972403 0.000000 tcp 10.0.2.109 55284 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:34:09.951474 2.993885 tcp 10.0.2.109 55285 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:34:18.943850 0.000000 tcp 10.0.2.109 55285 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:34:24.952834 2.994025 tcp 10.0.2.109 55286 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:34:32.185039 3.002373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 17:34:33.945524 0.000000 tcp 10.0.2.109 55286 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:34:39.193357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:34:47.194393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:35:03.197598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:35:35.203734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:39:39.956208 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:39:39.956310 3.003191 tcp 10.0.2.109 55287 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:39:48.958449 0.000000 tcp 10.0.2.109 55287 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:39:54.959267 0.033663 tcp 10.0.2.109 55288 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:39:54.993298 0.031583 tcp 10.0.2.109 55289 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:39:55.025173 0.126783 tcp 10.0.2.109 55290 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:39:55.297412 3.004807 tcp 10.0.2.109 55291 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:40:04.300559 0.000000 tcp 10.0.2.109 55291 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:40:10.289705 0.030610 tcp 10.0.2.109 55292 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:40:10.320652 0.030539 tcp 10.0.2.109 55293 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:40:10.351537 0.126599 tcp 10.0.2.109 55294 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:40:10.536661 3.007418 tcp 10.0.2.109 55295 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:40:19.552459 0.000000 tcp 10.0.2.109 55295 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:40:25.531845 0.029940 tcp 10.0.2.109 55296 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:40:25.562069 0.031175 tcp 10.0.2.109 55297 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:40:25.593522 0.127242 tcp 10.0.2.109 55298 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:40:26.326189 2.999918 tcp 10.0.2.109 55299 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:40:35.325188 0.000000 tcp 10.0.2.109 55299 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:40:41.324064 3.004123 tcp 10.0.2.109 55300 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:40:50.326335 0.000000 tcp 10.0.2.109 55300 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:40:56.325428 3.004259 tcp 10.0.2.109 55301 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:41:05.328049 0.000000 tcp 10.0.2.109 55301 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:41:09.964763 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:41:39.210331 3.001411 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 17:41:46.217182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:41:54.218179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:42:10.221402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:42:42.227700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:46:11.328430 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:46:11.328549 3.004291 tcp 10.0.2.109 55302 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:46:20.331106 0.000000 tcp 10.0.2.109 55302 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:46:26.331402 0.031343 tcp 10.0.2.109 55303 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:46:26.363013 0.031491 tcp 10.0.2.109 55304 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:46:26.394780 0.122849 tcp 10.0.2.109 55305 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:46:26.784844 2.999486 tcp 10.0.2.109 55306 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:46:35.793163 0.000000 tcp 10.0.2.109 55306 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:46:41.782253 0.030341 tcp 10.0.2.109 55307 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:46:41.812870 0.030731 tcp 10.0.2.109 55308 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:46:41.843856 0.127993 tcp 10.0.2.109 55309 -> 195.113.214.211 443 SRPA* 0 0 35 17676 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:46:42.263463 2.993229 tcp 10.0.2.109 55310 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:46:51.255258 0.000000 tcp 10.0.2.109 55310 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:46:57.264907 0.030702 tcp 10.0.2.109 55311 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:46:57.295897 0.031572 tcp 10.0.2.109 55312 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:46:57.327766 0.130777 tcp 10.0.2.109 55313 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:46:57.555477 3.003752 tcp 10.0.2.109 55314 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:47:06.557652 0.000000 tcp 10.0.2.109 55314 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:47:12.556566 3.003598 tcp 10.0.2.109 55315 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:47:21.559120 0.000000 tcp 10.0.2.109 55315 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:47:27.557930 3.003876 tcp 10.0.2.109 55316 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:47:36.560493 0.000000 tcp 10.0.2.109 55316 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:47:41.457566 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:48:46.234078 3.001162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 17:48:53.241055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:49:01.242584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:49:17.245387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:49:49.251189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:52:42.561091 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:52:42.561290 2.993921 tcp 10.0.2.109 55317 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:52:51.563872 0.000000 tcp 10.0.2.109 55317 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:52:57.563609 0.031896 tcp 10.0.2.109 55318 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:52:57.595867 0.031523 tcp 10.0.2.109 55319 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:52:57.627683 0.168332 tcp 10.0.2.109 55320 -> 195.113.214.211 443 SRPA* 0 0 42 35858 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:52:57.900229 2.996937 tcp 10.0.2.109 55321 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:53:06.895748 0.000000 tcp 10.0.2.109 55321 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:53:12.894924 0.031352 tcp 10.0.2.109 55322 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:53:12.926525 0.032315 tcp 10.0.2.109 55323 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:53:12.958623 0.123815 tcp 10.0.2.109 55324 -> 195.113.214.211 443 SRPA* 0 0 30 16534 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:53:13.176400 3.002697 tcp 10.0.2.109 55325 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:53:22.177848 0.000000 tcp 10.0.2.109 55325 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:53:28.176570 0.030120 tcp 10.0.2.109 55326 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:53:28.206990 0.031082 tcp 10.0.2.109 55327 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:53:28.238355 0.122418 tcp 10.0.2.109 55328 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 17:53:28.625594 3.005392 tcp 10.0.2.109 55329 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:53:37.629504 0.000000 tcp 10.0.2.109 55329 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:53:43.618794 3.004109 tcp 10.0.2.109 55330 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:53:52.621631 0.000000 tcp 10.0.2.109 55330 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:53:58.620129 2.994218 tcp 10.0.2.109 55331 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:54:07.623026 0.000000 tcp 10.0.2.109 55331 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 17:54:12.459909 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 17:55:53.258324 3.001087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 17:56:00.264819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:56:08.266107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:56:24.269532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 17:56:56.275638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:02:18.539307 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:02:18.539407 0.078050 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:18.596629 0.168337 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:18.760990 0.154985 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:18.910981 0.188819 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:19.174762 0.044089 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:19.217340 0.385273 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:19.538561 0.054101 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:19.633095 0.185969 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:19.815153 0.164762 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:19.960273 0.045890 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:20.036654 0.187339 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:20.215940 0.073934 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:20.293421 0.069562 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:20.344821 0.198264 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:20.536455 0.069056 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:20.586024 0.113839 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:20.666319 0.169029 rtp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:20.815111 0.199165 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:20.955554 0.154457 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:21.116491 0.187839 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:21.296491 0.065179 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:21.407924 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 9964 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 18:02:28.643817 3.003956 tcp 10.0.2.109 55332 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:02:37.337833 0.031716 tcp 10.0.2.109 55333 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:37.369850 0.031872 tcp 10.0.2.109 55334 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:37.402030 0.128202 tcp 10.0.2.109 55335 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:37.528628 0.040376 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:37.560474 0.167250 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:37.646027 0.000000 tcp 10.0.2.109 55332 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:02:37.719446 0.074407 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:37.894917 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 18:02:43.645344 0.030569 tcp 10.0.2.109 55336 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:43.675791 0.031279 tcp 10.0.2.109 55337 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:43.707262 0.124024 tcp 10.0.2.109 55338 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:43.919698 2.999938 tcp 10.0.2.109 55339 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:02:52.917856 0.000000 tcp 10.0.2.109 55339 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:02:56.694408 0.030144 tcp 10.0.2.109 55340 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:56.724835 0.030739 tcp 10.0.2.109 55341 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:56.755850 0.127216 tcp 10.0.2.109 55342 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:56.883720 0.091770 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:56.940619 0.119189 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:57.325729 0.373996 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:57.700970 0.148871 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:02:58.917357 0.029953 tcp 10.0.2.109 55343 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:58.947582 0.030801 tcp 10.0.2.109 55344 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:58.978676 0.122947 tcp 10.0.2.109 55345 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:02:59.377266 3.004726 tcp 10.0.2.109 55346 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:03:00.280958 3.002315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 18:03:07.289211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:03:08.380087 0.000000 tcp 10.0.2.109 55346 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:03:14.369723 0.029915 tcp 10.0.2.109 55347 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:03:14.399905 0.031753 tcp 10.0.2.109 55348 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:03:14.431546 0.125171 tcp 10.0.2.109 55349 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:03:14.730934 3.003075 tcp 10.0.2.109 55350 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:03:15.290173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:03:23.742828 0.000000 tcp 10.0.2.109 55350 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:03:29.731601 2.993709 tcp 10.0.2.109 55351 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:03:31.293701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:03:38.734046 0.000000 tcp 10.0.2.109 55351 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:03:44.732857 2.993871 tcp 10.0.2.109 55352 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:03:53.725543 0.000000 tcp 10.0.2.109 55352 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:03:58.462178 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:04:03.299713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:08:59.736198 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:08:59.736301 3.003404 tcp 10.0.2.109 55353 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:09:08.738329 0.000000 tcp 10.0.2.109 55353 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:09:14.739062 0.031180 tcp 10.0.2.109 55354 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:09:14.770509 0.035111 tcp 10.0.2.109 55355 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:09:14.805935 0.124387 tcp 10.0.2.109 55356 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:09:15.036356 2.996113 tcp 10.0.2.109 55357 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:09:24.030533 0.000000 tcp 10.0.2.109 55357 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:09:30.029614 0.029754 tcp 10.0.2.109 55358 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:09:30.059607 0.031764 tcp 10.0.2.109 55359 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:09:30.091642 0.122822 tcp 10.0.2.109 55360 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:09:30.275740 3.008080 tcp 10.0.2.109 55361 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:09:39.292464 0.000000 tcp 10.0.2.109 55361 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:09:45.271699 0.030203 tcp 10.0.2.109 55362 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:09:45.302211 0.030954 tcp 10.0.2.109 55363 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:09:45.333481 0.122959 tcp 10.0.2.109 55364 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:09:45.642885 2.992870 tcp 10.0.2.109 55365 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:09:54.634461 0.000000 tcp 10.0.2.109 55365 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:10:00.643414 2.994198 tcp 10.0.2.109 55366 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:10:07.305996 3.001017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 18:10:09.636309 0.000000 tcp 10.0.2.109 55366 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:10:14.312898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:10:15.645186 3.003952 tcp 10.0.2.109 55367 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:10:22.314208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:10:24.647850 0.000000 tcp 10.0.2.109 55367 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:10:29.464790 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:10:38.317045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:11:10.323221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:15:30.648301 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:15:30.648447 3.003599 tcp 10.0.2.109 55368 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:15:39.650262 0.000000 tcp 10.0.2.109 55368 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:15:45.651401 0.031830 tcp 10.0.2.109 55369 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:15:45.683503 0.031327 tcp 10.0.2.109 55370 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:15:45.715138 0.125826 tcp 10.0.2.109 55371 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:15:45.912538 3.001440 tcp 10.0.2.109 55372 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:15:54.922781 0.000000 tcp 10.0.2.109 55372 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:16:00.911418 0.031125 tcp 10.0.2.109 55373 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:16:00.942818 0.030808 tcp 10.0.2.109 55374 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:16:00.973910 0.126430 tcp 10.0.2.109 55375 -> 195.113.214.211 443 SRPA* 0 0 35 17998 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:16:01.135558 3.000345 tcp 10.0.2.109 55376 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:16:10.134780 0.000000 tcp 10.0.2.109 55376 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:16:16.133503 0.030471 tcp 10.0.2.109 55377 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:16:16.164250 0.030915 tcp 10.0.2.109 55378 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:16:16.195441 0.125569 tcp 10.0.2.109 55379 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:16:16.360475 2.997564 tcp 10.0.2.109 55380 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:16:25.356264 0.000000 tcp 10.0.2.109 55380 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:16:31.355488 3.004065 tcp 10.0.2.109 55381 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:16:40.357659 0.000000 tcp 10.0.2.109 55381 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:16:46.356792 3.003846 tcp 10.0.2.109 55382 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:16:55.359655 0.000000 tcp 10.0.2.109 55382 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:17:14.329681 3.001555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 18:17:21.336709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:17:29.338796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:17:45.341393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:18:17.347731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:22:01.359624 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:22:01.359719 3.003669 tcp 10.0.2.109 55383 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:22:10.372456 0.000000 tcp 10.0.2.109 55383 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:22:16.363005 0.031384 tcp 10.0.2.109 55384 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:22:16.394701 0.031236 tcp 10.0.2.109 55385 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:22:16.426302 0.127079 tcp 10.0.2.109 55386 -> 195.113.214.211 443 SRPA* 0 0 49 42076 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:22:16.571493 2.993747 tcp 10.0.2.109 55387 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:22:25.564053 0.000000 tcp 10.0.2.109 55387 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:22:31.573227 0.097912 tcp 10.0.2.109 55388 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:22:31.671441 0.030858 tcp 10.0.2.109 55389 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:22:31.702641 0.123281 tcp 10.0.2.109 55390 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:22:31.883825 3.003890 tcp 10.0.2.109 55391 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:22:40.885902 0.000000 tcp 10.0.2.109 55391 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:22:46.885093 0.030420 tcp 10.0.2.109 55392 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:22:46.915862 0.031908 tcp 10.0.2.109 55393 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:22:46.948054 0.127750 tcp 10.0.2.109 55394 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:22:47.100063 2.999326 tcp 10.0.2.109 55395 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:22:56.097944 0.000000 tcp 10.0.2.109 55395 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:23:02.096716 3.004104 tcp 10.0.2.109 55396 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:23:11.099495 0.000000 tcp 10.0.2.109 55396 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:23:17.208336 3.004361 tcp 10.0.2.109 55397 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:23:26.211660 0.000000 tcp 10.0.2.109 55397 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:24:21.404100 3.000919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 18:24:28.411349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:24:36.412376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:24:52.415038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:25:24.421547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:28:32.211554 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:28:32.211718 2.994284 tcp 10.0.2.109 55398 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:28:41.204422 0.000000 tcp 10.0.2.109 55398 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:28:47.215231 0.031197 tcp 10.0.2.109 55399 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:28:47.246694 0.031075 tcp 10.0.2.109 55400 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:28:47.278011 0.128272 tcp 10.0.2.109 55401 -> 195.113.214.211 443 SRPA* 0 0 27 11834 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:28:47.416441 3.001343 tcp 10.0.2.109 55402 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:28:56.415816 0.000000 tcp 10.0.2.109 55402 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:31:28.426917 3.001977 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 18:31:35.435138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:31:43.436044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:31:59.439329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:32:31.445514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:33:22.410428 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:33:22.410525 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 9964 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 18:33:37.422399 0.031803 tcp 10.0.2.109 55403 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:33:37.454485 0.030949 tcp 10.0.2.109 55404 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:33:37.485717 0.124168 tcp 10.0.2.109 55405 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:33:37.610614 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 18:33:54.625919 0.030235 tcp 10.0.2.109 55406 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:33:54.656429 0.031583 tcp 10.0.2.109 55407 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:33:54.688385 0.124586 tcp 10.0.2.109 55408 -> 195.113.214.211 443 SRPA* 0 0 46 36072 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:33:54.813611 0.210002 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:55.020305 0.077245 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:55.370059 0.157484 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:55.522454 0.495471 rtp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:55.858589 0.055255 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:55.956001 0.192583 rtp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:56.214037 0.192234 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:56.471270 0.048250 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:56.518236 0.165604 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:56.915088 0.070640 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:56.967326 0.199428 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:57.436382 0.066306 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:57.486422 0.105617 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:57.636472 0.168505 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:57.784691 0.075536 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:57.871650 0.185881 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:58.050765 0.045782 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:58.169212 0.157135 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:58.318645 0.192286 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:58.451344 0.188144 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 1999 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:58.694778 0.064638 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:58.742811 0.075649 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:58.863676 0.167231 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:59.517861 0.039898 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:59.548998 0.359234 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:33:59.976314 0.151298 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:34:00.122990 0.085448 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:34:00.284735 0.114483 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/01/15 18:34:02.416439 3.004247 tcp 10.0.2.109 55409 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:34:11.419272 0.000000 tcp 10.0.2.109 55409 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:34:17.418551 0.030551 tcp 10.0.2.109 55410 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:34:17.449492 0.032060 tcp 10.0.2.109 55411 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:34:17.481921 0.125816 tcp 10.0.2.109 55412 -> 195.113.214.211 443 SRPA* 0 0 36 29998 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:34:17.681126 3.001255 tcp 10.0.2.109 55413 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:34:26.680819 0.000000 tcp 10.0.2.109 55413 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:34:32.680293 0.030240 tcp 10.0.2.109 55414 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:34:32.710812 0.031119 tcp 10.0.2.109 55415 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:34:32.741780 0.126827 tcp 10.0.2.109 55416 -> 195.113.214.211 443 SRPA* 0 0 35 24408 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:34:33.095396 2.999387 tcp 10.0.2.109 55417 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:34:42.103517 0.000000 tcp 10.0.2.109 55417 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:34:48.112635 0.030133 tcp 10.0.2.109 55418 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:34:48.143012 0.031424 tcp 10.0.2.109 55419 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:34:48.174842 0.125627 tcp 10.0.2.109 55420 -> 195.113.214.211 443 SRPA* 0 0 35 19218 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:34:48.357866 2.998300 tcp 10.0.2.109 55421 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:34:57.355231 0.000000 tcp 10.0.2.109 55421 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:35:03.354015 3.003835 tcp 10.0.2.109 55422 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:35:12.356436 0.000000 tcp 10.0.2.109 55422 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:35:18.355493 3.003913 tcp 10.0.2.109 55423 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:35:27.357902 0.000000 tcp 10.0.2.109 55423 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:38:35.471794 3.001123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 18:38:42.478653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:38:50.480244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:39:06.483103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:39:38.489504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:40:33.358888 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:40:33.358988 3.003814 tcp 10.0.2.109 55424 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:40:42.360832 0.000000 tcp 10.0.2.109 55424 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:40:48.361865 0.031372 tcp 10.0.2.109 55425 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:40:48.393546 0.030788 tcp 10.0.2.109 55426 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:40:48.424650 0.126011 tcp 10.0.2.109 55427 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:40:48.562329 2.991968 tcp 10.0.2.109 55428 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:40:57.562805 0.000000 tcp 10.0.2.109 55428 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:41:03.562207 0.030237 tcp 10.0.2.109 55429 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:41:03.592684 0.031763 tcp 10.0.2.109 55430 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:41:03.624298 0.126104 tcp 10.0.2.109 55431 -> 195.113.214.211 443 SRPA* 0 0 35 22360 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:41:03.808749 2.997780 tcp 10.0.2.109 55432 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:41:12.804838 0.000000 tcp 10.0.2.109 55432 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:41:18.803965 0.030713 tcp 10.0.2.109 55433 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:41:18.835037 0.030825 tcp 10.0.2.109 55434 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:41:18.866165 0.128071 tcp 10.0.2.109 55435 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:41:19.092238 2.996041 tcp 10.0.2.109 55436 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:41:28.086882 0.000000 tcp 10.0.2.109 55436 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:41:34.085915 3.004225 tcp 10.0.2.109 55437 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:41:43.088817 0.000000 tcp 10.0.2.109 55437 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:41:49.087668 3.003936 tcp 10.0.2.109 55438 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:41:58.090419 0.000000 tcp 10.0.2.109 55438 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:42:03.027477 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:45:42.496011 3.000848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 18:45:49.502607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:45:57.504261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:46:13.507148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:46:45.513523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:47:04.090471 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:47:04.090578 2.993720 tcp 10.0.2.109 55439 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:47:13.093239 0.000000 tcp 10.0.2.109 55439 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:47:19.093190 0.031747 tcp 10.0.2.109 55440 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:47:19.125220 0.030750 tcp 10.0.2.109 55441 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:47:19.156247 0.160567 tcp 10.0.2.109 55442 -> 195.113.214.211 443 SRPA* 0 0 73 78220 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:47:19.414834 3.001305 tcp 10.0.2.109 55443 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:47:28.415170 0.000000 tcp 10.0.2.109 55443 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:47:34.414265 0.048898 tcp 10.0.2.109 55444 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:47:34.463014 0.030631 tcp 10.0.2.109 55445 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:47:34.493937 0.126557 tcp 10.0.2.109 55446 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:47:34.632862 2.995173 tcp 10.0.2.109 55447 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:47:43.626921 0.000000 tcp 10.0.2.109 55447 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:47:49.626364 0.030582 tcp 10.0.2.109 55448 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:47:49.656745 0.032490 tcp 10.0.2.109 55449 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:47:49.689529 0.122586 tcp 10.0.2.109 55450 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:47:49.835473 3.004278 tcp 10.0.2.109 55451 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:47:58.838735 0.000000 tcp 10.0.2.109 55451 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:48:04.827457 3.004481 tcp 10.0.2.109 55452 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:48:13.830720 0.000000 tcp 10.0.2.109 55452 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:48:19.829393 3.003594 tcp 10.0.2.109 55453 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:48:28.832201 0.000000 tcp 10.0.2.109 55453 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:52:49.519907 3.020946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 18:52:56.546747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:53:04.547998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:53:20.551715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:53:34.832507 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 18:53:34.832614 2.993147 tcp 10.0.2.109 55454 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:53:43.824773 0.000000 tcp 10.0.2.109 55454 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:53:49.835352 0.031157 tcp 10.0.2.109 55455 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:53:49.866772 0.031401 tcp 10.0.2.109 55456 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:53:49.898438 0.126159 tcp 10.0.2.109 55457 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:53:50.042574 2.995092 tcp 10.0.2.109 55458 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:53:52.557494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 18:53:59.036261 0.000000 tcp 10.0.2.109 55458 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:54:05.036291 0.030301 tcp 10.0.2.109 55459 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:54:05.066925 0.032907 tcp 10.0.2.109 55460 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:54:05.100148 0.124363 tcp 10.0.2.109 55461 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:54:05.237926 3.001933 tcp 10.0.2.109 55462 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:54:14.238901 0.000000 tcp 10.0.2.109 55462 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:54:20.237431 0.031256 tcp 10.0.2.109 55463 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:54:20.268541 0.031187 tcp 10.0.2.109 55464 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:54:20.300064 0.126383 tcp 10.0.2.109 55465 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/15 18:54:20.438027 3.003550 tcp 10.0.2.109 55466 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:54:29.439997 0.000000 tcp 10.0.2.109 55466 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:54:35.438755 3.004919 tcp 10.0.2.109 55467 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:54:44.451594 0.000000 tcp 10.0.2.109 55467 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:54:50.440362 2.994355 tcp 10.0.2.109 55468 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:54:59.443785 0.000000 tcp 10.0.2.109 55468 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 18:59:56.564047 3.000747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 19:00:03.570904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:00:11.571927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:00:27.575236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:00:59.581477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:04:17.986813 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:04:17.987075 0.159619 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:18.141516 0.465534 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:18.465318 0.055759 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:18.523741 0.168827 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:18.703947 0.076068 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:18.757849 0.185602 rtp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:18.939609 0.196212 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:19.128965 0.049515 rtp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:19.177296 0.163384 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:19.317908 0.076666 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:19.376450 0.193948 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:19.563782 0.069441 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:19.615717 0.115565 rtp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:19.691849 0.167506 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:19.837338 0.073562 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:19.897222 0.183806 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:20.073341 0.041169 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:20.116139 0.159695 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:20.267179 0.166465 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:20.404755 0.197646 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:20.470139 2.994260 tcp 10.0.2.109 55469 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:04:20.580020 0.064796 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:20.849178 0.074821 udp 10.0.2.109 3683 <-> 24.133.153.242 3636 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:20.946780 0.366991 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:21.315144 0.171631 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:21.476629 0.036163 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:21.529992 0.116279 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:21.605841 0.153833 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:21.752030 0.088137 rtp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:04:29.473423 0.000000 tcp 10.0.2.109 55469 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:04:35.472969 0.031042 tcp 10.0.2.109 55470 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:04:35.504367 0.031553 tcp 10.0.2.109 55471 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:04:35.536231 0.123305 tcp 10.0.2.109 55472 -> 195.113.214.211 443 SRPA* 0 0 32 17434 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:04:35.699840 2.996263 tcp 10.0.2.109 55473 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:04:44.694999 0.000000 tcp 10.0.2.109 55473 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:04:50.694416 0.030307 tcp 10.0.2.109 55474 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:04:50.725061 0.041583 tcp 10.0.2.109 55475 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:04:50.766921 0.124257 tcp 10.0.2.109 55476 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:04:50.903038 2.994852 tcp 10.0.2.109 55477 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:04:59.897177 0.000000 tcp 10.0.2.109 55477 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:05:05.897775 0.030170 tcp 10.0.2.109 55478 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:05:05.928283 0.031035 tcp 10.0.2.109 55479 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:05:05.959657 0.126567 tcp 10.0.2.109 55480 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:05:06.095711 2.994184 tcp 10.0.2.109 55481 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:05:15.088722 0.000000 tcp 10.0.2.109 55481 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:05:21.097454 3.003792 tcp 10.0.2.109 55482 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:05:30.100020 0.000000 tcp 10.0.2.109 55482 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:05:36.098862 3.003950 tcp 10.0.2.109 55483 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:05:45.101443 0.000000 tcp 10.0.2.109 55483 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:05:50.028889 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:07:03.588133 3.000856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 19:07:10.594600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:07:18.595983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:07:34.599068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:08:06.605648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:10:51.102446 0.000172 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:10:51.102718 2.993043 tcp 10.0.2.109 55484 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:11:00.094324 0.000000 tcp 10.0.2.109 55484 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:11:06.105609 0.031305 tcp 10.0.2.109 55485 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:11:06.137186 0.032319 tcp 10.0.2.109 55486 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:11:06.169798 0.125419 tcp 10.0.2.109 55487 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:11:06.330230 2.997515 tcp 10.0.2.109 55488 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:11:15.326249 0.000000 tcp 10.0.2.109 55488 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:11:21.325926 0.030366 tcp 10.0.2.109 55489 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:11:21.356548 0.030626 tcp 10.0.2.109 55490 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:11:21.387473 0.125609 tcp 10.0.2.109 55491 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:11:21.532708 2.997330 tcp 10.0.2.109 55492 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:11:30.528081 0.000000 tcp 10.0.2.109 55492 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:11:36.527476 0.030324 tcp 10.0.2.109 55493 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:11:36.558250 0.030747 tcp 10.0.2.109 55494 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:11:36.589293 0.124242 tcp 10.0.2.109 55495 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:11:37.177579 3.004453 tcp 10.0.2.109 55496 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:11:46.180738 0.000000 tcp 10.0.2.109 55496 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:11:52.169372 3.004592 tcp 10.0.2.109 55497 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:12:01.182794 0.000000 tcp 10.0.2.109 55497 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:12:07.171572 2.993623 tcp 10.0.2.109 55498 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:12:16.173833 0.000000 tcp 10.0.2.109 55498 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:12:21.030900 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:14:10.610901 3.001685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 19:14:17.618757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:14:25.619993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:14:41.623265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:15:13.629021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:17:22.174804 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:17:22.174910 3.003418 tcp 10.0.2.109 55499 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:17:31.177086 0.000000 tcp 10.0.2.109 55499 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:17:37.177616 0.030608 tcp 10.0.2.109 55500 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:17:37.208434 0.030615 tcp 10.0.2.109 55501 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:17:37.239364 0.124197 tcp 10.0.2.109 55502 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:17:37.390647 2.999480 tcp 10.0.2.109 55503 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:17:46.388796 0.000000 tcp 10.0.2.109 55503 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:17:52.388213 0.030935 tcp 10.0.2.109 55504 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:17:52.418936 0.031561 tcp 10.0.2.109 55505 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:17:52.450839 0.124833 tcp 10.0.2.109 55506 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:17:52.758832 3.003200 tcp 10.0.2.109 55507 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:18:01.761212 0.000000 tcp 10.0.2.109 55507 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:18:07.760402 0.030716 tcp 10.0.2.109 55508 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:18:07.791054 0.030722 tcp 10.0.2.109 55509 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:18:07.822111 0.120511 tcp 10.0.2.109 55510 -> 195.113.214.211 443 SRPA* 0 0 35 18224 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:18:08.011716 2.992411 tcp 10.0.2.109 55511 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:18:17.012932 0.000000 tcp 10.0.2.109 55511 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:18:23.011604 2.994308 tcp 10.0.2.109 55512 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:18:32.004634 0.000000 tcp 10.0.2.109 55512 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:18:38.012994 2.994078 tcp 10.0.2.109 55513 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:18:47.006081 0.000000 tcp 10.0.2.109 55513 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:21:17.634934 3.002022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 19:21:24.642924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:21:32.644392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:21:48.647190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:22:20.653521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:23:53.016439 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:23:53.016538 3.003565 tcp 10.0.2.109 55514 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:24:02.019091 0.000000 tcp 10.0.2.109 55514 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:24:08.019976 0.032086 tcp 10.0.2.109 55515 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:24:08.052347 0.031939 tcp 10.0.2.109 55516 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:24:08.084587 0.125371 tcp 10.0.2.109 55517 -> 195.113.214.211 443 SRPA* 0 0 32 17434 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:24:08.264045 3.007926 tcp 10.0.2.109 55518 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:24:17.270642 0.000000 tcp 10.0.2.109 55518 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:24:23.260237 0.031480 tcp 10.0.2.109 55519 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:24:23.291588 0.031266 tcp 10.0.2.109 55520 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:24:23.323110 0.127147 tcp 10.0.2.109 55521 -> 195.113.214.211 443 SRPA* 0 0 44 27206 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:24:23.466837 2.997143 tcp 10.0.2.109 55522 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:24:32.472479 0.000000 tcp 10.0.2.109 55522 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:24:38.461995 0.030995 tcp 10.0.2.109 55523 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:24:38.493426 0.031574 tcp 10.0.2.109 55524 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:24:38.525313 0.125185 tcp 10.0.2.109 55525 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:24:38.664621 3.001353 tcp 10.0.2.109 55526 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:24:47.664579 0.000000 tcp 10.0.2.109 55526 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:24:53.663119 2.994342 tcp 10.0.2.109 55527 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:25:02.656031 0.000000 tcp 10.0.2.109 55527 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:25:08.664915 3.003998 tcp 10.0.2.109 55528 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:25:17.667358 0.000000 tcp 10.0.2.109 55528 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:28:24.659216 3.001635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 19:28:31.667791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:28:39.668496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:28:55.671185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:29:27.677411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:34:31.153908 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:34:31.154006 0.055370 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:31.219499 0.168059 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:31.384122 0.080059 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:31.441929 0.192027 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:31.629078 0.150729 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:31.781356 0.643610 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:32.293825 0.194842 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:32.555293 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 19:34:38.694924 3.003848 tcp 10.0.2.109 55529 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:34:47.697132 0.000000 tcp 10.0.2.109 55529 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:34:48.039452 0.030871 tcp 10.0.2.109 55530 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:34:48.070600 0.031252 tcp 10.0.2.109 55531 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:34:48.102236 0.125689 tcp 10.0.2.109 55532 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:34:48.228483 0.167040 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:48.370356 0.074520 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:48.424920 0.194858 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:48.612139 0.074551 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:48.668919 0.108236 rtp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:48.737821 0.165698 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:48.883318 0.074165 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:48.943687 0.188656 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:49.125031 0.051854 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:49.187906 0.156079 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:49.329688 0.169752 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:49.473043 0.200945 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2549 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:49.651201 0.063281 rtp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:34:49.699370 0.000000 udp 10.0.2.109 3683 -> 24.133.153.242 3636 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 19:34:53.696405 0.030206 tcp 10.0.2.109 55533 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:34:53.726927 0.030877 tcp 10.0.2.109 55534 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:34:53.758070 0.126324 tcp 10.0.2.109 55535 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:34:53.911285 2.999534 tcp 10.0.2.109 55536 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:35:02.908768 0.000000 tcp 10.0.2.109 55536 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:35:08.027496 0.030450 tcp 10.0.2.109 55537 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:35:08.058373 0.031376 tcp 10.0.2.109 55538 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:35:08.089655 0.124742 tcp 10.0.2.109 55539 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:35:08.215030 0.041598 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:35:08.249157 0.110963 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:35:08.358197 0.145725 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:35:08.496120 0.087009 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:35:08.545955 0.365739 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:35:08.908082 0.030083 tcp 10.0.2.109 55540 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:35:08.930994 0.175876 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/01/15 19:35:08.938473 0.031390 tcp 10.0.2.109 55541 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:35:08.970395 0.123891 tcp 10.0.2.109 55542 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:35:09.113625 3.008378 tcp 10.0.2.109 55543 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:35:18.120899 0.000000 tcp 10.0.2.109 55543 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:35:24.109964 3.003724 tcp 10.0.2.109 55544 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:35:31.683631 3.001128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 19:35:33.122338 0.000000 tcp 10.0.2.109 55544 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:35:38.690891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:35:46.692252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:36:02.694886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:36:34.701450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:40:39.113019 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:40:39.113202 2.993624 tcp 10.0.2.109 55545 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:40:48.105475 0.000000 tcp 10.0.2.109 55545 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:40:54.115833 0.031294 tcp 10.0.2.109 55546 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:40:54.147400 0.031458 tcp 10.0.2.109 55547 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:40:54.179194 0.128293 tcp 10.0.2.109 55548 -> 195.113.214.211 443 SRPA* 0 0 43 35316 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:40:54.319309 2.999295 tcp 10.0.2.109 55549 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:41:03.317670 0.000000 tcp 10.0.2.109 55549 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:41:09.316630 0.029956 tcp 10.0.2.109 55550 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:41:09.346919 0.032106 tcp 10.0.2.109 55551 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:41:09.378859 0.125950 tcp 10.0.2.109 55552 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:41:09.577385 3.003316 tcp 10.0.2.109 55553 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:41:18.579015 0.000000 tcp 10.0.2.109 55553 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:41:24.578820 0.031228 tcp 10.0.2.109 55554 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:41:24.610421 0.031488 tcp 10.0.2.109 55555 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:41:24.642338 0.129580 tcp 10.0.2.109 55556 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:41:24.783768 3.009072 tcp 10.0.2.109 55557 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:41:33.790873 0.000000 tcp 10.0.2.109 55557 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:41:39.779685 3.004169 tcp 10.0.2.109 55558 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:41:48.792711 0.000000 tcp 10.0.2.109 55558 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:41:54.781607 2.993772 tcp 10.0.2.109 55559 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:42:03.784006 0.000000 tcp 10.0.2.109 55559 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:42:38.707095 3.001512 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 19:42:45.714800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:42:53.716134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:43:09.719199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:43:41.725400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:47:09.784910 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:47:09.785009 3.003270 tcp 10.0.2.109 55560 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:47:18.786920 0.000000 tcp 10.0.2.109 55560 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:47:24.787710 0.030942 tcp 10.0.2.109 55561 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:47:24.819023 0.030931 tcp 10.0.2.109 55562 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:47:24.850386 0.127988 tcp 10.0.2.109 55563 -> 195.113.214.211 443 SRPA* 0 0 38 33350 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:47:25.042768 2.998022 tcp 10.0.2.109 55564 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:47:34.039438 0.000000 tcp 10.0.2.109 55564 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:47:40.038038 0.030816 tcp 10.0.2.109 55565 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:47:40.068709 0.052737 tcp 10.0.2.109 55566 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:47:40.121732 0.120558 tcp 10.0.2.109 55567 -> 195.113.214.211 443 SRPA* 0 0 25 12168 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:47:40.296591 2.995495 tcp 10.0.2.109 55568 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:47:49.291470 0.000000 tcp 10.0.2.109 55568 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:47:55.290732 0.030650 tcp 10.0.2.109 55569 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:47:55.321655 0.033849 tcp 10.0.2.109 55570 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:47:55.355298 0.129219 tcp 10.0.2.109 55571 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:47:55.516061 2.997883 tcp 10.0.2.109 55572 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:48:04.523135 0.000000 tcp 10.0.2.109 55572 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:48:10.511879 2.994059 tcp 10.0.2.109 55573 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:48:19.504358 0.000000 tcp 10.0.2.109 55573 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:48:25.513582 2.993649 tcp 10.0.2.109 55574 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:48:34.506194 0.000000 tcp 10.0.2.109 55574 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:49:45.731760 3.000652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 19:49:52.738841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:50:00.740044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:50:16.743149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:50:48.749076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:53:40.516446 0.000425 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:53:40.516952 3.003203 tcp 10.0.2.109 55575 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:53:49.518931 0.000000 tcp 10.0.2.109 55575 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:53:55.519455 0.031291 tcp 10.0.2.109 55576 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:53:55.551081 0.031142 tcp 10.0.2.109 55577 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:53:55.582556 0.124208 tcp 10.0.2.109 55578 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:53:55.722977 2.999056 tcp 10.0.2.109 55579 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:54:04.720431 0.000000 tcp 10.0.2.109 55579 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:54:10.720205 0.030179 tcp 10.0.2.109 55580 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:54:10.750625 0.030850 tcp 10.0.2.109 55581 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:54:10.781730 0.124130 tcp 10.0.2.109 55582 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:54:10.930075 2.993813 tcp 10.0.2.109 55583 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:54:19.932680 0.000000 tcp 10.0.2.109 55583 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:54:25.931616 0.030204 tcp 10.0.2.109 55584 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:54:25.962298 0.031332 tcp 10.0.2.109 55585 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:54:25.993946 0.131320 tcp 10.0.2.109 55586 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/15 19:54:26.135383 3.000415 tcp 10.0.2.109 55587 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:54:35.134348 0.000000 tcp 10.0.2.109 55587 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:54:41.133560 2.993770 tcp 10.0.2.109 55588 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:54:50.125918 0.000000 tcp 10.0.2.109 55588 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:54:56.134857 3.004307 tcp 10.0.2.109 55589 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:55:05.137935 0.000000 tcp 10.0.2.109 55589 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 19:55:10.034671 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 19:56:52.755650 3.001417 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 19:56:59.762499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:57:07.763844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:57:23.767119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 19:57:55.772888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:00:11.138357 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:00:11.138531 3.003502 tcp 10.0.2.109 55590 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:00:20.140195 0.000000 tcp 10.0.2.109 55590 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:00:26.141113 0.031362 tcp 10.0.2.109 55591 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:00:26.172793 0.032279 tcp 10.0.2.109 55592 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:00:26.205346 0.126149 tcp 10.0.2.109 55593 -> 195.113.214.211 443 SRPA* 0 0 36 26206 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:00:26.350694 3.003215 tcp 10.0.2.109 55594 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:00:35.362594 0.000000 tcp 10.0.2.109 55594 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:00:41.351583 0.030636 tcp 10.0.2.109 55595 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:00:41.382369 0.030455 tcp 10.0.2.109 55596 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:00:41.413102 0.122456 tcp 10.0.2.109 55597 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:00:41.571404 2.994094 tcp 10.0.2.109 55598 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:00:50.564452 0.000000 tcp 10.0.2.109 55598 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:00:56.574008 0.030358 tcp 10.0.2.109 55599 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:00:56.604652 0.030973 tcp 10.0.2.109 55600 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:00:56.635931 0.127366 tcp 10.0.2.109 55601 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:00:56.943146 2.994861 tcp 10.0.2.109 55602 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:01:05.936079 0.000000 tcp 10.0.2.109 55602 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:01:11.935120 3.004474 tcp 10.0.2.109 55603 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:01:20.937667 0.000000 tcp 10.0.2.109 55603 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:01:26.936771 3.003920 tcp 10.0.2.109 55604 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:01:35.939340 0.000000 tcp 10.0.2.109 55604 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:03:59.778429 3.002255 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 20:04:06.786255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:04:14.787808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:04:30.791202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:05:02.797272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:05:29.045261 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:05:29.045439 0.051655 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:29.090637 0.000000 udp 10.0.2.109 3683 -> 24.133.153.242 3636 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 20:05:44.609186 0.031976 tcp 10.0.2.109 55605 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:05:44.641433 0.030900 tcp 10.0.2.109 55606 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:05:44.672598 0.125482 tcp 10.0.2.109 55607 -> 195.113.214.211 443 SRPA* 0 0 37 30052 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:05:44.798651 0.196859 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:44.990621 0.153459 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:45.139110 0.055566 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:45.232567 0.077082 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:45.287942 0.227586 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:45.513246 0.194627 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:45.701523 0.462954 rtp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:46.017515 0.073048 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:46.072205 0.194649 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:46.259287 0.066545 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:46.307978 0.113563 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:46.380143 0.163041 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:46.519176 0.075844 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:46.580274 0.171007 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:46.727191 0.168376 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:46.865394 0.193736 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:47.048970 0.057989 rtp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:47.092214 0.183429 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:47.267849 0.041866 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:47.320628 0.154443 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:47.463245 0.038243 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:47.497034 0.113280 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:47.571684 0.151829 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:47.719514 0.090091 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:47.775868 0.358602 rtp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:05:48.159254 0.167276 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:06:41.939915 2.993851 tcp 10.0.2.109 55608 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:06:46.525863 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:06:50.942733 0.000000 tcp 10.0.2.109 55608 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:06:56.941897 0.030588 tcp 10.0.2.109 55609 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:06:56.972747 0.030787 tcp 10.0.2.109 55610 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:06:57.003836 0.128008 tcp 10.0.2.109 55611 -> 195.113.214.211 443 SRPA* 0 0 34 28146 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:06:57.201228 2.994584 tcp 10.0.2.109 55612 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:07:06.194119 0.000000 tcp 10.0.2.109 55612 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:07:12.203391 0.030934 tcp 10.0.2.109 55613 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:07:12.234669 0.031119 tcp 10.0.2.109 55614 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:07:12.266084 0.127540 tcp 10.0.2.109 55615 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:07:12.409106 2.998191 tcp 10.0.2.109 55616 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:07:21.406503 0.000000 tcp 10.0.2.109 55616 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:07:27.405439 0.029991 tcp 10.0.2.109 55617 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:07:27.435763 0.032214 tcp 10.0.2.109 55618 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:07:27.467833 0.132941 tcp 10.0.2.109 55619 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:07:27.667431 3.002139 tcp 10.0.2.109 55620 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:07:36.667968 0.000000 tcp 10.0.2.109 55620 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:07:42.667306 3.003827 tcp 10.0.2.109 55621 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:07:51.669562 0.000000 tcp 10.0.2.109 55621 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:07:57.668287 3.004583 tcp 10.0.2.109 55622 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:08:06.671166 0.000000 tcp 10.0.2.109 55622 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:08:11.528334 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:11:06.803121 3.001763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 20:11:13.810730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:11:21.812086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:11:37.814783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:12:09.820983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:13:12.671812 0.000200 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:13:12.672110 2.993350 tcp 10.0.2.109 55623 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:13:21.664013 0.000000 tcp 10.0.2.109 55623 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:13:27.674417 0.030925 tcp 10.0.2.109 55624 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:13:27.705698 0.030793 tcp 10.0.2.109 55625 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:13:27.736790 0.127928 tcp 10.0.2.109 55626 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:13:28.077270 3.000404 tcp 10.0.2.109 55627 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:13:37.076122 0.000000 tcp 10.0.2.109 55627 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:13:43.075497 0.030436 tcp 10.0.2.109 55628 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:13:43.106214 0.030516 tcp 10.0.2.109 55629 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:13:43.136995 0.123417 tcp 10.0.2.109 55630 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:13:43.332047 2.997496 tcp 10.0.2.109 55631 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:13:52.328450 0.000000 tcp 10.0.2.109 55631 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:13:58.327870 0.030397 tcp 10.0.2.109 55632 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:13:58.358514 0.030936 tcp 10.0.2.109 55633 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:13:58.389805 0.123092 tcp 10.0.2.109 55634 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:13:58.574680 3.006701 tcp 10.0.2.109 55635 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:14:07.580115 0.000000 tcp 10.0.2.109 55635 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:14:13.569265 3.004199 tcp 10.0.2.109 55636 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:14:22.572080 0.000000 tcp 10.0.2.109 55636 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:14:28.570344 2.994723 tcp 10.0.2.109 55637 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:14:37.573131 0.000000 tcp 10.0.2.109 55637 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:14:42.530554 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:18:13.826678 3.002281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 20:18:20.834068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:18:28.835879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:18:44.839360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:19:16.845014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:19:43.574009 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:19:43.574086 3.003519 tcp 10.0.2.109 55638 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:19:52.575909 0.000000 tcp 10.0.2.109 55638 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:19:58.577195 0.031565 tcp 10.0.2.109 55639 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:19:58.609029 0.031524 tcp 10.0.2.109 55640 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:19:58.640367 0.124537 tcp 10.0.2.109 55641 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:19:58.783682 3.005565 tcp 10.0.2.109 55642 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:20:07.788455 0.000000 tcp 10.0.2.109 55642 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:20:13.777382 0.030580 tcp 10.0.2.109 55643 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:20:13.808256 0.031658 tcp 10.0.2.109 55644 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:20:13.839785 0.124117 tcp 10.0.2.109 55645 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:20:14.017261 3.004043 tcp 10.0.2.109 55646 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:20:23.020092 0.000000 tcp 10.0.2.109 55646 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:20:29.009629 0.030522 tcp 10.0.2.109 55647 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:20:29.040460 0.031095 tcp 10.0.2.109 55648 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:20:29.071869 0.124018 tcp 10.0.2.109 55649 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:20:29.271094 3.002304 tcp 10.0.2.109 55650 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:20:38.271784 0.000000 tcp 10.0.2.109 55650 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:20:44.270659 2.994520 tcp 10.0.2.109 55651 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:20:53.273543 0.000000 tcp 10.0.2.109 55651 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:20:59.272150 2.994446 tcp 10.0.2.109 55652 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:21:08.265402 0.000000 tcp 10.0.2.109 55652 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:25:20.851462 3.001119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 20:25:27.858326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:25:35.859708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:25:51.863108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:26:14.275846 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:26:14.276040 3.003521 tcp 10.0.2.109 55653 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:26:23.278021 0.000000 tcp 10.0.2.109 55653 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:26:23.868935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:26:29.278189 0.031806 tcp 10.0.2.109 55654 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:26:29.310398 0.031815 tcp 10.0.2.109 55655 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:26:29.342496 0.130677 tcp 10.0.2.109 55656 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:26:29.508740 3.002362 tcp 10.0.2.109 55657 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:26:38.509575 0.000000 tcp 10.0.2.109 55657 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:26:44.508947 0.030779 tcp 10.0.2.109 55658 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:26:44.539994 0.031305 tcp 10.0.2.109 55659 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:26:44.571575 0.129316 tcp 10.0.2.109 55660 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:26:44.711355 3.001694 tcp 10.0.2.109 55661 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:26:53.711973 0.000000 tcp 10.0.2.109 55661 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:26:59.710807 0.030693 tcp 10.0.2.109 55662 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:26:59.741348 0.068083 tcp 10.0.2.109 55663 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:26:59.809685 0.125980 tcp 10.0.2.109 55664 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:26:59.946259 2.998453 tcp 10.0.2.109 55665 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:27:08.953708 0.000000 tcp 10.0.2.109 55665 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:27:14.942139 2.994103 tcp 10.0.2.109 55666 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:27:23.935431 0.000000 tcp 10.0.2.109 55666 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:27:29.943709 3.004533 tcp 10.0.2.109 55667 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:27:38.946716 0.000000 tcp 10.0.2.109 55667 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:32:27.874408 3.011810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 20:32:34.892588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:32:42.894254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:32:58.897541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:33:30.903008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:35:50.783928 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:35:50.784020 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 20:36:06.198666 0.032172 tcp 10.0.2.109 55668 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:06.231171 0.031596 tcp 10.0.2.109 55669 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:06.263095 0.126836 tcp 10.0.2.109 55670 -> 195.113.214.211 443 SRPA* 0 0 33 26044 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:06.390776 0.197550 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:06.582639 0.078938 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:06.640438 0.164182 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:06.800303 0.000000 udp 10.0.2.109 3683 -> 116.58.61.124 1206 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 20:36:14.969212 3.003801 tcp 10.0.2.109 55671 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:36:23.971969 0.000000 tcp 10.0.2.109 55671 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:36:24.573195 0.030424 tcp 10.0.2.109 55672 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:24.603842 0.031128 tcp 10.0.2.109 55673 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:24.635240 0.123736 tcp 10.0.2.109 55674 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:24.759285 0.157532 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:24.911355 0.054332 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:24.967403 0.401185 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:25.271206 0.075695 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:25.326974 0.200427 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:25.519955 0.069028 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2012 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:25.574723 0.113088 rtp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:25.644588 0.166207 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:25.789373 0.076442 rtp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:25.869094 0.168840 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:26.015338 0.154032 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:26.143790 0.212900 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:26.343482 0.059898 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:26.436899 0.183207 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:26.612867 0.041050 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:26.663499 0.153446 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:26.809230 0.039137 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:26.840422 0.118965 rtp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:26.919159 0.160447 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:27.057733 0.087242 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:27.108563 0.341978 rtp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:27.450346 0.167140 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/15 20:36:29.970811 0.030167 tcp 10.0.2.109 55675 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:30.000837 0.031583 tcp 10.0.2.109 55676 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:30.032688 0.127577 tcp 10.0.2.109 55677 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:30.169703 2.985490 tcp 10.0.2.109 55678 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:36:39.163548 0.000000 tcp 10.0.2.109 55678 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:36:45.162674 0.030597 tcp 10.0.2.109 55679 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:45.193547 0.032840 tcp 10.0.2.109 55680 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:45.226720 0.124015 tcp 10.0.2.109 55681 -> 195.113.214.211 443 SRPA* 0 0 32 17434 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:36:45.388397 2.998521 tcp 10.0.2.109 55682 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:36:54.385662 0.000000 tcp 10.0.2.109 55682 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:37:00.384262 3.003715 tcp 10.0.2.109 55683 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:37:09.386731 0.000000 tcp 10.0.2.109 55683 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:39:34.909285 3.001094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 20:39:41.916527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:39:49.917583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:40:05.921006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:40:37.927095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:42:15.387740 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:42:15.387890 3.003486 tcp 10.0.2.109 55684 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:42:24.389767 0.000000 tcp 10.0.2.109 55684 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:42:30.390693 0.031301 tcp 10.0.2.109 55685 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:42:30.422296 0.031646 tcp 10.0.2.109 55686 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:42:30.454256 0.129926 tcp 10.0.2.109 55687 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:42:30.600436 3.002310 tcp 10.0.2.109 55688 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:42:39.602035 0.000000 tcp 10.0.2.109 55688 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:42:45.600880 0.030269 tcp 10.0.2.109 55689 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:42:45.631410 0.030863 tcp 10.0.2.109 55690 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:42:45.662566 0.188722 tcp 10.0.2.109 55691 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:42:45.871579 2.993766 tcp 10.0.2.109 55692 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:42:54.873701 0.000000 tcp 10.0.2.109 55692 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:43:00.873334 0.031380 tcp 10.0.2.109 55693 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:43:00.904737 0.030936 tcp 10.0.2.109 55694 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:43:00.935929 0.125597 tcp 10.0.2.109 55695 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:43:01.112281 2.994858 tcp 10.0.2.109 55696 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:43:10.105526 0.000000 tcp 10.0.2.109 55696 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:43:16.104089 3.004575 tcp 10.0.2.109 55697 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:43:25.107295 0.000000 tcp 10.0.2.109 55697 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:43:31.105734 3.004617 tcp 10.0.2.109 55698 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:43:40.108414 0.000000 tcp 10.0.2.109 55698 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:43:45.025861 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:46:41.932786 3.001959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 20:46:48.939991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:46:56.942040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:47:12.944817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:47:44.950488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:48:46.109475 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:48:46.109755 3.003232 tcp 10.0.2.109 55699 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:48:55.111510 0.000000 tcp 10.0.2.109 55699 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:49:01.111934 0.031139 tcp 10.0.2.109 55700 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:49:01.143326 0.031958 tcp 10.0.2.109 55701 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:49:01.175142 0.130084 tcp 10.0.2.109 55702 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:49:01.327626 2.997096 tcp 10.0.2.109 55703 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:49:10.333469 0.000000 tcp 10.0.2.109 55703 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:49:16.322969 0.030627 tcp 10.0.2.109 55704 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:49:16.353890 0.030231 tcp 10.0.2.109 55705 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:49:16.384448 0.126114 tcp 10.0.2.109 55706 -> 195.113.214.211 443 SRPA* 0 0 32 16804 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:49:16.548633 2.998351 tcp 10.0.2.109 55707 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:49:25.545292 0.000000 tcp 10.0.2.109 55707 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:49:31.544565 0.030818 tcp 10.0.2.109 55708 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:49:31.575672 0.052153 tcp 10.0.2.109 55709 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:49:31.628108 0.128562 tcp 10.0.2.109 55710 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:49:31.793154 2.995341 tcp 10.0.2.109 55711 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:49:40.787901 0.000000 tcp 10.0.2.109 55711 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:49:46.785888 3.004460 tcp 10.0.2.109 55712 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:49:55.788534 0.000000 tcp 10.0.2.109 55712 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:50:01.787817 3.003778 tcp 10.0.2.109 55713 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:50:10.790310 0.000000 tcp 10.0.2.109 55713 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:53:48.957074 3.001040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 20:53:55.964545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:54:03.965893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:54:19.968971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:54:51.984595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 20:55:16.791236 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 20:55:16.791405 2.993423 tcp 10.0.2.109 55714 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:55:25.793093 0.000000 tcp 10.0.2.109 55714 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:55:31.794700 0.032005 tcp 10.0.2.109 55715 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:55:31.827025 0.031060 tcp 10.0.2.109 55716 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:55:31.858388 0.122641 tcp 10.0.2.109 55717 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:55:32.259501 2.997576 tcp 10.0.2.109 55718 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:55:41.255853 0.000000 tcp 10.0.2.109 55718 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:55:47.254628 0.030508 tcp 10.0.2.109 55719 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:55:47.285406 0.031432 tcp 10.0.2.109 55720 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:55:47.317093 0.125400 tcp 10.0.2.109 55721 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:55:47.459421 2.999344 tcp 10.0.2.109 55722 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:55:56.457685 0.000000 tcp 10.0.2.109 55722 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:56:02.456352 0.031403 tcp 10.0.2.109 55723 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:56:02.488063 0.030911 tcp 10.0.2.109 55724 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:56:02.519248 0.128953 tcp 10.0.2.109 55725 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/15 20:56:02.661483 2.999111 tcp 10.0.2.109 55726 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:56:11.659514 0.000000 tcp 10.0.2.109 55726 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:56:17.657754 3.004238 tcp 10.0.2.109 55727 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:56:26.661173 0.000000 tcp 10.0.2.109 55727 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:56:32.659761 3.004116 tcp 10.0.2.109 55728 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 20:56:41.672546 0.000000 tcp 10.0.2.109 55728 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:00:55.990820 3.001263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 21:01:02.997841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:01:10.999953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:01:27.002945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:01:47.662719 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:01:47.662818 2.994013 tcp 10.0.2.109 55729 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:01:56.655314 0.000000 tcp 10.0.2.109 55729 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:01:59.008780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:02:02.665938 0.031165 tcp 10.0.2.109 55730 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:02:02.697386 0.032559 tcp 10.0.2.109 55731 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:02:02.730422 0.131894 tcp 10.0.2.109 55732 -> 195.113.214.211 443 SRPA* 0 0 60 42654 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:02:02.905203 3.003073 tcp 10.0.2.109 55733 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:02:11.906890 0.000000 tcp 10.0.2.109 55733 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:06:49.506578 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:06:49.506700 0.046994 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:49.552105 2.018869 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:51.562990 0.077328 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:51.621988 0.194981 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:51.814373 0.169951 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:51.981305 0.152402 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:52.128637 0.056326 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:52.250219 0.480363 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:52.605075 0.077121 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:52.662589 0.198833 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 1907 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:52.858346 0.067379 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:52.908050 0.111438 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:53.039632 0.178269 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:53.197587 0.073488 rtp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:53.257289 0.166248 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:53.401790 0.137087 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:53.546567 0.192605 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:53.721715 0.065094 udp 10.0.2.109 3683 <-> 87.153.112.133 4545 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:53.770673 0.181761 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:53.945563 0.042763 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:54.022484 0.153913 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:54.166002 0.039039 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:54.217904 0.118946 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:54.297530 0.332030 rtp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:54.675268 0.166592 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:54.834622 0.142423 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:06:54.969253 0.082579 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:07:17.908080 3.003281 tcp 10.0.2.109 55734 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:07:26.910513 0.000000 tcp 10.0.2.109 55734 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:07:32.910893 0.038281 tcp 10.0.2.109 55735 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:07:32.949440 0.031602 tcp 10.0.2.109 55736 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:07:32.981355 0.137152 tcp 10.0.2.109 55737 -> 195.113.214.211 443 SRPA* 0 0 40 20888 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:07:33.136719 2.997036 tcp 10.0.2.109 55738 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:07:42.132093 0.000000 tcp 10.0.2.109 55738 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:07:48.131699 0.050943 tcp 10.0.2.109 55739 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:07:48.182921 0.032134 tcp 10.0.2.109 55740 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:07:48.215390 0.147170 tcp 10.0.2.109 55741 -> 195.113.214.211 443 SRPA* 0 0 32 17614 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:07:48.425357 2.999744 tcp 10.0.2.109 55742 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:07:57.434080 0.000000 tcp 10.0.2.109 55742 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:08:03.015016 3.001368 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 21:08:03.423493 0.050929 tcp 10.0.2.109 55743 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:08:03.474767 0.051091 tcp 10.0.2.109 55744 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:08:03.526266 0.144937 tcp 10.0.2.109 55745 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:08:03.736267 3.001157 tcp 10.0.2.109 55746 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:08:10.022353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:08:12.735773 0.000000 tcp 10.0.2.109 55746 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:08:18.023765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:08:18.735032 3.004169 tcp 10.0.2.109 55747 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:08:27.737634 0.000000 tcp 10.0.2.109 55747 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:08:33.736103 3.004637 tcp 10.0.2.109 55748 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:08:34.026901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:08:42.738937 0.000000 tcp 10.0.2.109 55748 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:09:06.032934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:13:48.740020 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:13:48.740119 3.003069 tcp 10.0.2.109 55749 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:13:57.741767 0.000000 tcp 10.0.2.109 55749 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:14:03.742774 0.031435 tcp 10.0.2.109 55750 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:14:03.774528 0.051699 tcp 10.0.2.109 55751 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:14:03.826544 0.128185 tcp 10.0.2.109 55752 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:14:03.971173 2.993836 tcp 10.0.2.109 55753 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:14:12.974363 0.000000 tcp 10.0.2.109 55753 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:14:18.973548 0.036475 tcp 10.0.2.109 55754 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:14:19.010321 0.032521 tcp 10.0.2.109 55755 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:14:19.043098 0.130536 tcp 10.0.2.109 55756 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:14:19.194654 2.992677 tcp 10.0.2.109 55757 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:14:28.185539 0.000000 tcp 10.0.2.109 55757 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:14:34.195150 0.051098 tcp 10.0.2.109 55758 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:14:34.246153 0.052967 tcp 10.0.2.109 55759 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:14:34.299424 0.127114 tcp 10.0.2.109 55760 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:14:34.436676 3.002390 tcp 10.0.2.109 55761 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:14:43.437440 0.000000 tcp 10.0.2.109 55761 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:14:49.436305 3.004686 tcp 10.0.2.109 55762 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:14:58.439417 0.000000 tcp 10.0.2.109 55762 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:15:04.438155 3.003900 tcp 10.0.2.109 55763 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:15:10.039304 3.000848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 21:15:13.440561 0.000000 tcp 10.0.2.109 55763 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:15:17.046261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:15:25.047547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:15:41.050418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:16:13.056553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:20:19.441815 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:20:19.442021 2.993418 tcp 10.0.2.109 55764 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:20:28.443650 0.000000 tcp 10.0.2.109 55764 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:20:34.444448 0.031046 tcp 10.0.2.109 55765 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:20:34.475747 0.051565 tcp 10.0.2.109 55766 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:20:34.527609 0.143749 tcp 10.0.2.109 55767 -> 195.113.214.211 443 SRPA* 0 0 40 22540 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:20:34.741549 2.995584 tcp 10.0.2.109 55768 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:20:43.735795 0.000000 tcp 10.0.2.109 55768 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:20:49.735414 0.051785 tcp 10.0.2.109 55769 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:20:49.787545 0.053798 tcp 10.0.2.109 55770 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:20:49.841793 0.143571 tcp 10.0.2.109 55771 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:20:50.179320 3.000312 tcp 10.0.2.109 55772 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:20:59.177745 0.000000 tcp 10.0.2.109 55772 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:21:05.177458 0.030140 tcp 10.0.2.109 55773 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:21:05.207871 0.052351 tcp 10.0.2.109 55774 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:21:05.260529 0.125229 tcp 10.0.2.109 55775 -> 195.113.214.211 443 SRPA* 0 0 47 41968 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:21:05.435350 3.005637 tcp 10.0.2.109 55776 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:21:14.439762 0.000000 tcp 10.0.2.109 55776 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:21:20.428408 3.004124 tcp 10.0.2.109 55777 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:21:29.431194 0.000000 tcp 10.0.2.109 55777 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:21:35.430475 2.993914 tcp 10.0.2.109 55778 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:21:44.433274 0.000000 tcp 10.0.2.109 55778 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:22:17.063426 3.000595 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 21:22:24.069816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:22:32.071911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:22:48.074333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:23:20.080522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:26:50.433762 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:26:50.434055 3.003015 tcp 10.0.2.109 55779 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:26:59.435704 0.000000 tcp 10.0.2.109 55779 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:27:05.436735 0.053309 tcp 10.0.2.109 55780 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:27:05.490428 0.051447 tcp 10.0.2.109 55781 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:27:05.542257 0.129212 tcp 10.0.2.109 55782 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:27:05.680085 2.999255 tcp 10.0.2.109 55783 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:27:14.678240 0.000000 tcp 10.0.2.109 55783 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:27:20.676858 0.485947 tcp 10.0.2.109 55784 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:27:21.163066 0.052660 tcp 10.0.2.109 55785 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:27:21.216056 0.138766 tcp 10.0.2.109 55786 -> 195.113.214.211 443 SRPA* 0 0 53 29032 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:27:21.763575 2.999277 tcp 10.0.2.109 55787 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:27:30.761004 0.000000 tcp 10.0.2.109 55787 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:27:36.760404 0.030579 tcp 10.0.2.109 55788 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:27:36.791262 0.052420 tcp 10.0.2.109 55789 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:27:36.843971 0.130956 tcp 10.0.2.109 55790 -> 195.113.214.211 443 SRPA* 0 0 25 13040 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:27:37.016154 2.998441 tcp 10.0.2.109 55791 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:27:46.022624 0.000000 tcp 10.0.2.109 55791 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:27:52.011848 2.993723 tcp 10.0.2.109 55792 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:28:01.004533 0.000000 tcp 10.0.2.109 55792 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:28:07.013485 2.994176 tcp 10.0.2.109 55793 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:28:16.005991 0.000000 tcp 10.0.2.109 55793 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:29:24.086806 3.001792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 21:29:31.094153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:29:39.095271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:29:55.098582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:30:27.104742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:36:31.110250 3.002257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 21:36:38.117734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:36:46.119603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:37:02.122709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:37:23.483266 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:37:23.483367 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 21:37:34.128452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:37:41.551461 0.053441 tcp 10.0.2.109 55794 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:37:41.605237 0.053237 tcp 10.0.2.109 55795 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:37:41.658853 0.144325 tcp 10.0.2.109 55796 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:37:41.803846 0.193177 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:41.991781 0.166101 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:42.153559 0.556815 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:42.704259 0.079296 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:42.763784 0.156728 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2536 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:42.913479 0.055903 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:43.023469 0.695763 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:43.571957 0.080660 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:43.633505 0.199957 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:43.825842 0.070223 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:43.877015 0.119932 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2615 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:43.959526 0.165716 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:44.103251 0.077319 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:44.186183 0.166327 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:44.329225 0.162916 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:44.467419 0.203111 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:37:44.653143 0.000000 udp 10.0.2.109 3683 -> 87.153.112.133 4545 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 21:37:52.044909 3.003961 tcp 10.0.2.109 55797 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:38:01.047135 0.000000 tcp 10.0.2.109 55797 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:38:01.768656 0.051800 tcp 10.0.2.109 55798 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:01.820733 0.052611 tcp 10.0.2.109 55799 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:01.873806 0.146085 tcp 10.0.2.109 55800 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:02.020364 0.183684 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:38:02.196436 0.039882 rtp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:38:02.270812 0.117084 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:38:02.350250 0.344727 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:38:02.738927 0.168462 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:38:02.899279 0.160813 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:38:03.052580 0.041351 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:38:03.343855 0.149697 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:38:03.485670 0.081439 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/01/15 21:38:07.046398 0.051515 tcp 10.0.2.109 55801 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:07.098372 0.052999 tcp 10.0.2.109 55802 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:07.151711 0.146753 tcp 10.0.2.109 55803 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:07.332249 2.998451 tcp 10.0.2.109 55804 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:38:16.329385 0.000000 tcp 10.0.2.109 55804 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:38:22.328115 0.050739 tcp 10.0.2.109 55805 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:22.379190 0.052243 tcp 10.0.2.109 55806 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:22.431703 0.140920 tcp 10.0.2.109 55807 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:22.585716 3.006767 tcp 10.0.2.109 55808 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:38:31.591559 0.000000 tcp 10.0.2.109 55808 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:38:37.580578 0.051117 tcp 10.0.2.109 55809 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:37.632020 0.054748 tcp 10.0.2.109 55810 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:37.687053 0.144804 tcp 10.0.2.109 55811 -> 195.113.214.211 443 SRPA* 0 0 48 36182 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:38:37.846749 2.997767 tcp 10.0.2.109 55812 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:38:46.853280 0.000000 tcp 10.0.2.109 55812 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:38:52.841981 2.994078 tcp 10.0.2.109 55813 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:39:01.834852 0.000000 tcp 10.0.2.109 55813 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:39:07.843419 2.994395 tcp 10.0.2.109 55814 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:39:16.835904 0.000000 tcp 10.0.2.109 55814 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:43:38.135206 3.000801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 21:43:45.141741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:43:53.143342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:44:09.146184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:44:22.846761 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:44:22.846859 3.003658 tcp 10.0.2.109 55815 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:44:31.848897 0.000000 tcp 10.0.2.109 55815 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:44:37.849214 0.053120 tcp 10.0.2.109 55816 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:44:37.902620 0.052438 tcp 10.0.2.109 55817 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:44:37.955351 0.150988 tcp 10.0.2.109 55818 -> 195.113.214.211 443 SRPA* 0 0 41 21414 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:44:38.134433 3.008208 tcp 10.0.2.109 55819 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:44:41.152657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:44:47.141298 0.000000 tcp 10.0.2.109 55819 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:44:53.130364 0.052609 tcp 10.0.2.109 55820 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:44:53.183246 0.051335 tcp 10.0.2.109 55821 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:44:53.234884 0.141148 tcp 10.0.2.109 55822 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:44:53.412460 2.991838 tcp 10.0.2.109 55823 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:45:02.412918 0.000000 tcp 10.0.2.109 55823 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:45:08.412365 0.052013 tcp 10.0.2.109 55824 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:45:08.464693 0.053156 tcp 10.0.2.109 55825 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:45:08.518102 0.150550 tcp 10.0.2.109 55826 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:45:08.705894 3.000901 tcp 10.0.2.109 55827 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:45:17.705086 0.000000 tcp 10.0.2.109 55827 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:45:23.703684 3.004034 tcp 10.0.2.109 55828 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:45:32.706709 0.000000 tcp 10.0.2.109 55828 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:45:38.705104 3.004212 tcp 10.0.2.109 55829 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:45:47.708051 0.000000 tcp 10.0.2.109 55829 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:50:45.158936 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 21:50:52.165880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:50:53.708675 0.000168 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:50:53.708935 3.003628 tcp 10.0.2.109 55830 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:51:00.167731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:51:02.711400 0.000000 tcp 10.0.2.109 55830 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:51:08.711300 0.052997 tcp 10.0.2.109 55831 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:51:08.764605 0.053984 tcp 10.0.2.109 55832 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:51:08.818379 0.146335 tcp 10.0.2.109 55833 -> 195.113.214.211 443 SRPA* 0 0 49 30830 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:51:09.006943 2.997700 tcp 10.0.2.109 55834 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:51:16.170865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:51:18.013095 0.000000 tcp 10.0.2.109 55834 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:51:24.002534 0.052865 tcp 10.0.2.109 55835 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:51:24.055697 0.055038 tcp 10.0.2.109 55836 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:51:24.111031 0.145897 tcp 10.0.2.109 55837 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:51:24.315151 3.000973 tcp 10.0.2.109 55838 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:51:33.315381 0.000000 tcp 10.0.2.109 55838 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:51:39.314414 0.052651 tcp 10.0.2.109 55839 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:51:39.367287 0.051784 tcp 10.0.2.109 55840 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:51:39.419445 0.144102 tcp 10.0.2.109 55841 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:51:39.575382 3.002735 tcp 10.0.2.109 55842 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:51:48.176360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:51:48.577320 0.000000 tcp 10.0.2.109 55842 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:51:54.575601 3.004441 tcp 10.0.2.109 55843 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:52:03.578928 0.000000 tcp 10.0.2.109 55843 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:52:09.577678 3.004100 tcp 10.0.2.109 55844 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:52:18.579906 0.000000 tcp 10.0.2.109 55844 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:52:23.527574 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:57:24.580666 0.000175 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 21:57:24.580941 2.993276 tcp 10.0.2.109 55845 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:57:33.583002 0.000000 tcp 10.0.2.109 55845 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:57:39.583811 0.053012 tcp 10.0.2.109 55846 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:57:39.637119 0.053956 tcp 10.0.2.109 55847 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:57:39.691371 0.145550 tcp 10.0.2.109 55848 -> 195.113.214.211 443 SRPA* 0 0 47 36374 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:57:39.849365 2.997424 tcp 10.0.2.109 55849 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:57:48.845042 0.000000 tcp 10.0.2.109 55849 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:57:52.182589 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 21:57:54.844397 0.051714 tcp 10.0.2.109 55850 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:57:54.896348 0.052839 tcp 10.0.2.109 55851 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:57:54.949462 0.148216 tcp 10.0.2.109 55852 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:57:55.108161 3.000208 tcp 10.0.2.109 55853 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:57:59.190339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:58:04.106748 0.000000 tcp 10.0.2.109 55853 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:58:07.191241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:58:10.106374 0.054298 tcp 10.0.2.109 55854 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:58:10.160909 0.053524 tcp 10.0.2.109 55855 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:58:10.214824 0.146127 tcp 10.0.2.109 55856 -> 195.113.214.211 443 SRPA* 0 0 35 18596 flow=From-Botnet-V1-TCP-Established 1970/01/15 21:58:10.372244 2.998046 tcp 10.0.2.109 55857 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:58:19.369001 0.000000 tcp 10.0.2.109 55857 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:58:23.194534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 21:58:25.367881 3.004121 tcp 10.0.2.109 55858 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:58:34.370128 0.000000 tcp 10.0.2.109 55858 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:58:40.369337 3.003921 tcp 10.0.2.109 55859 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:58:49.372380 0.000000 tcp 10.0.2.109 55859 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 21:58:55.200136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:04:59.206753 3.001427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 22:05:06.213847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:05:14.215524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:05:30.218103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:06:02.224622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:08:15.876655 0.000157 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:08:15.876910 0.050807 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:15.926322 0.000000 udp 10.0.2.109 3683 -> 87.153.112.133 4545 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 22:08:25.400415 2.994274 tcp 10.0.2.109 55860 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:08:31.631346 0.053239 tcp 10.0.2.109 55861 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:08:31.684858 0.052871 tcp 10.0.2.109 55862 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:08:31.738051 0.149508 tcp 10.0.2.109 55863 -> 195.113.214.211 443 SRPA* 0 0 35 19260 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:08:31.888347 0.217501 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:32.099210 0.080352 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:32.157060 0.156727 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:32.307710 0.056512 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2566 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:32.464662 0.195214 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:32.653390 0.165104 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:32.815858 0.497379 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:33.237803 0.073187 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:33.292372 0.112699 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:33.387360 0.195018 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:33.574556 0.078625 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:33.680939 0.167354 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:33.826338 0.157558 rtp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:33.958932 0.192037 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:34.133412 0.074760 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:34.219942 0.169631 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:34.365885 0.181722 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:34.403235 0.000000 tcp 10.0.2.109 55860 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:08:34.540429 0.041154 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:34.575387 0.112735 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:34.652424 0.366898 rtp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:35.024060 0.167830 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:35.182354 0.157241 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:35.331435 0.089752 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:35.386991 0.152090 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:35.534860 0.041237 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:08:40.402067 0.052794 tcp 10.0.2.109 55864 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:08:40.455179 0.054195 tcp 10.0.2.109 55865 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:08:40.509668 0.143915 tcp 10.0.2.109 55866 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:08:40.704356 3.002099 tcp 10.0.2.109 55867 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:08:49.705417 0.000000 tcp 10.0.2.109 55867 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:12:06.230802 3.001601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 22:12:13.237876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:12:21.239391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:12:37.242382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:13:09.248465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:13:55.705422 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:13:55.705526 3.004224 tcp 10.0.2.109 55868 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:14:04.707811 0.000000 tcp 10.0.2.109 55868 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:14:10.708277 0.052785 tcp 10.0.2.109 55869 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:14:10.761341 0.052859 tcp 10.0.2.109 55870 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:14:10.814487 0.151778 tcp 10.0.2.109 55871 -> 195.113.214.211 443 SRPA* 0 0 59 39326 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:14:11.087382 3.003939 tcp 10.0.2.109 55872 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:14:20.090522 0.000000 tcp 10.0.2.109 55872 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:14:26.089547 0.053068 tcp 10.0.2.109 55873 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:14:26.142941 0.052756 tcp 10.0.2.109 55874 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:14:26.195938 0.141164 tcp 10.0.2.109 55875 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:14:26.346475 3.006925 tcp 10.0.2.109 55876 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:14:35.351956 0.000000 tcp 10.0.2.109 55876 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:14:41.341147 0.052185 tcp 10.0.2.109 55877 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:14:41.393620 0.052080 tcp 10.0.2.109 55878 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:14:41.446012 0.146044 tcp 10.0.2.109 55879 -> 195.113.214.211 443 SRPA* 0 0 41 21412 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:14:41.623800 2.991591 tcp 10.0.2.109 55880 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:14:50.613940 0.000000 tcp 10.0.2.109 55880 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:14:56.622671 2.994556 tcp 10.0.2.109 55881 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:15:05.615701 0.000000 tcp 10.0.2.109 55881 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:15:11.624291 3.004450 tcp 10.0.2.109 55882 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:15:20.627042 0.000000 tcp 10.0.2.109 55882 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:15:25.534019 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:19:13.254619 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 22:19:20.261882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:19:28.263389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:19:44.266652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:20:16.272103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:20:26.627652 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:20:26.627754 3.003630 tcp 10.0.2.109 55883 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:20:35.629926 0.000000 tcp 10.0.2.109 55883 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:20:41.630553 0.053367 tcp 10.0.2.109 55884 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:20:41.684242 0.053684 tcp 10.0.2.109 55885 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:20:41.738291 0.149239 tcp 10.0.2.109 55886 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:20:42.021586 3.002018 tcp 10.0.2.109 55887 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:20:51.022053 0.000000 tcp 10.0.2.109 55887 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:20:57.021405 0.052571 tcp 10.0.2.109 55888 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:20:57.074247 0.053806 tcp 10.0.2.109 55889 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:20:57.128343 0.139812 tcp 10.0.2.109 55890 -> 195.113.214.211 443 SRPA* 0 0 22 13086 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:20:57.283114 2.992536 tcp 10.0.2.109 55891 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:21:06.274039 0.000000 tcp 10.0.2.109 55891 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:21:12.283808 0.052989 tcp 10.0.2.109 55892 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:21:12.336649 0.053302 tcp 10.0.2.109 55893 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:21:12.390436 0.154796 tcp 10.0.2.109 55894 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:21:12.725449 3.002122 tcp 10.0.2.109 55895 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:21:21.726448 0.000000 tcp 10.0.2.109 55895 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:21:27.725276 3.003916 tcp 10.0.2.109 55896 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:21:36.727720 0.000000 tcp 10.0.2.109 55896 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:21:42.727011 3.003666 tcp 10.0.2.109 55897 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:21:51.729827 0.000000 tcp 10.0.2.109 55897 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:21:56.526346 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:26:20.278269 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 22:26:27.285923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:26:35.287339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:26:51.290279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:26:57.730468 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:26:57.730652 3.003264 tcp 10.0.2.109 55898 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:27:06.742431 0.000000 tcp 10.0.2.109 55898 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:27:12.733058 0.051902 tcp 10.0.2.109 55899 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:27:12.785188 0.053654 tcp 10.0.2.109 55900 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:27:12.839216 0.151395 tcp 10.0.2.109 55901 -> 195.113.214.211 443 SRPA* 0 0 34 19454 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:27:13.143881 2.991903 tcp 10.0.2.109 55902 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:27:22.134959 0.000000 tcp 10.0.2.109 55902 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:27:23.295986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:27:28.144742 0.051638 tcp 10.0.2.109 55903 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:27:28.196661 0.051356 tcp 10.0.2.109 55904 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:27:28.248353 0.147727 tcp 10.0.2.109 55905 -> 195.113.214.211 443 SRPA* 0 0 49 41154 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:27:28.430732 2.997276 tcp 10.0.2.109 55906 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:27:37.426377 0.000000 tcp 10.0.2.109 55906 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:27:43.425977 0.052912 tcp 10.0.2.109 55907 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:27:43.479184 0.053313 tcp 10.0.2.109 55908 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:27:43.532762 0.140896 tcp 10.0.2.109 55909 -> 195.113.214.211 443 SRPA* 0 0 41 21368 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:27:43.684221 3.005417 tcp 10.0.2.109 55910 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:27:52.688357 0.000000 tcp 10.0.2.109 55910 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:27:58.677299 3.004492 tcp 10.0.2.109 55911 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:28:07.679865 0.000000 tcp 10.0.2.109 55911 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:28:13.678947 3.004106 tcp 10.0.2.109 55912 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:28:22.681725 0.000000 tcp 10.0.2.109 55912 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:33:27.302818 3.001055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 22:33:28.682589 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:33:28.682685 2.993263 tcp 10.0.2.109 55913 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:33:34.309531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:33:37.674761 0.000000 tcp 10.0.2.109 55913 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:33:42.311035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:33:43.685152 0.053363 tcp 10.0.2.109 55914 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:33:43.738805 0.054183 tcp 10.0.2.109 55915 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:33:43.792807 0.154769 tcp 10.0.2.109 55916 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:33:44.071111 2.996646 tcp 10.0.2.109 55917 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:33:53.066707 0.000000 tcp 10.0.2.109 55917 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:33:58.314195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:33:59.065850 0.052666 tcp 10.0.2.109 55918 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:33:59.118830 0.055728 tcp 10.0.2.109 55919 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:33:59.174953 0.145584 tcp 10.0.2.109 55920 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:33:59.393529 2.996517 tcp 10.0.2.109 55921 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:34:08.388812 0.000000 tcp 10.0.2.109 55921 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:34:14.387451 3.004239 tcp 10.0.2.109 55922 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:34:23.389943 0.000000 tcp 10.0.2.109 55922 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:34:30.320040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:38:58.105448 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:38:58.105632 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 22:39:16.763612 0.052688 tcp 10.0.2.109 55923 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:39:16.816568 0.053681 tcp 10.0.2.109 55924 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:39:16.870230 0.147662 tcp 10.0.2.109 55925 -> 195.113.214.211 443 SRPA* 0 0 67 48776 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:39:17.018267 0.155736 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:17.168310 0.055426 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:17.286536 0.193740 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:17.476023 0.163062 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 1981 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:17.636035 0.251405 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:17.881901 0.083441 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:17.943578 0.566362 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:18.266138 0.068852 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:18.340021 0.115654 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:18.416172 0.196558 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:18.606245 0.079633 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:18.668525 0.170275 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:18.815776 0.159531 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:18.951412 0.172049 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:19.096767 0.187639 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:19.277278 0.039798 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:19.355564 0.118021 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:19.434901 0.215464 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:19.637085 0.071269 rtp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:19.693469 0.339658 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:20.042574 0.169478 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:20.205290 0.153660 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:20.350866 0.089166 rtp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:20.406704 0.140593 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:20.543369 0.042022 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/01/15 22:39:29.390312 2.994218 tcp 10.0.2.109 55926 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:39:38.393312 0.000000 tcp 10.0.2.109 55926 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:39:44.392286 0.052482 tcp 10.0.2.109 55927 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:39:44.445051 0.052393 tcp 10.0.2.109 55928 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:39:44.497688 0.198398 tcp 10.0.2.109 55929 -> 195.113.214.211 443 SRPA* 0 0 58 39152 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:39:44.840254 2.996764 tcp 10.0.2.109 55930 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:39:53.835659 0.000000 tcp 10.0.2.109 55930 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:39:59.834636 0.053662 tcp 10.0.2.109 55931 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:39:59.888639 0.053582 tcp 10.0.2.109 55932 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:39:59.942507 0.146786 tcp 10.0.2.109 55933 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:40:00.200597 2.998421 tcp 10.0.2.109 55934 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:40:09.197626 0.000000 tcp 10.0.2.109 55934 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:40:15.196351 0.051823 tcp 10.0.2.109 55935 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:40:15.248029 0.052535 tcp 10.0.2.109 55936 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:40:15.300820 0.142867 tcp 10.0.2.109 55937 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:40:15.495955 3.004892 tcp 10.0.2.109 55938 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:40:24.499769 0.000000 tcp 10.0.2.109 55938 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:40:30.487971 3.004271 tcp 10.0.2.109 55939 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:40:34.326992 3.001051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 22:40:39.491178 0.000000 tcp 10.0.2.109 55939 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:40:41.333766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:40:45.489893 3.004115 tcp 10.0.2.109 55940 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:40:49.335201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:40:54.502761 0.000000 tcp 10.0.2.109 55940 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:41:05.338076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:41:37.344317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:46:00.493452 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:46:00.493548 2.993460 tcp 10.0.2.109 55941 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:46:09.485468 0.000000 tcp 10.0.2.109 55941 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:46:15.495697 0.052645 tcp 10.0.2.109 55942 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:46:15.548631 0.054810 tcp 10.0.2.109 55943 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:46:15.603764 0.143447 tcp 10.0.2.109 55944 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:46:15.763410 2.995307 tcp 10.0.2.109 55945 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:46:24.757592 0.000000 tcp 10.0.2.109 55945 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:46:30.756452 0.052988 tcp 10.0.2.109 55946 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:46:30.809808 0.059512 tcp 10.0.2.109 55947 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:46:30.869181 0.147518 tcp 10.0.2.109 55948 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:46:31.036035 3.004759 tcp 10.0.2.109 55949 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:46:40.039817 0.000000 tcp 10.0.2.109 55949 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:46:46.038700 0.052216 tcp 10.0.2.109 55950 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:46:46.091229 0.054034 tcp 10.0.2.109 55951 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:46:46.145557 0.181897 tcp 10.0.2.109 55952 -> 195.113.214.211 443 SRPA* 0 0 48 28548 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:46:46.343092 2.999536 tcp 10.0.2.109 55953 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:46:55.341511 0.000000 tcp 10.0.2.109 55953 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:47:01.340158 2.994478 tcp 10.0.2.109 55954 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:47:10.342662 0.000000 tcp 10.0.2.109 55954 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:47:16.341917 2.993947 tcp 10.0.2.109 55955 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:47:25.334724 0.000000 tcp 10.0.2.109 55955 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:47:41.350386 3.001185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 22:47:48.357690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:47:56.359322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:48:12.362478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:48:44.367940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:52:31.345061 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:52:31.345145 3.003560 tcp 10.0.2.109 55956 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:52:40.347435 0.000000 tcp 10.0.2.109 55956 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:52:46.348206 0.052273 tcp 10.0.2.109 55957 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:52:46.400746 0.052815 tcp 10.0.2.109 55958 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:52:46.453874 0.148370 tcp 10.0.2.109 55959 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:52:46.665254 3.005533 tcp 10.0.2.109 55960 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:52:55.669762 0.000000 tcp 10.0.2.109 55960 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:53:01.658490 0.051186 tcp 10.0.2.109 55961 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:53:01.709971 0.054484 tcp 10.0.2.109 55962 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:53:01.764750 0.151464 tcp 10.0.2.109 55963 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:53:02.042029 3.001032 tcp 10.0.2.109 55964 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:53:11.041371 0.000000 tcp 10.0.2.109 55964 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:53:17.040410 0.051465 tcp 10.0.2.109 55965 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:53:17.092152 0.053395 tcp 10.0.2.109 55966 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:53:17.145884 0.148452 tcp 10.0.2.109 55967 -> 195.113.214.211 443 SRPA* 0 0 40 33106 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:53:17.328946 2.996078 tcp 10.0.2.109 55968 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:53:26.333798 0.000000 tcp 10.0.2.109 55968 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:53:32.322351 2.993796 tcp 10.0.2.109 55969 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:53:41.314870 0.000000 tcp 10.0.2.109 55969 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:53:47.324088 3.003646 tcp 10.0.2.109 55970 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:53:56.326741 0.000000 tcp 10.0.2.109 55970 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:54:48.374823 3.000853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 22:54:55.381771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:55:03.382923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:55:19.386024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:55:51.391997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 22:59:02.327161 0.000177 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 22:59:02.327439 3.003480 tcp 10.0.2.109 55971 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:59:11.329744 0.000000 tcp 10.0.2.109 55971 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:59:17.330276 0.054688 tcp 10.0.2.109 55972 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:59:17.385279 0.052854 tcp 10.0.2.109 55973 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:59:17.438512 0.147882 tcp 10.0.2.109 55974 -> 195.113.214.211 443 SRPA* 0 0 42 35858 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:59:17.596577 3.006151 tcp 10.0.2.109 55975 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:59:26.601782 0.000000 tcp 10.0.2.109 55975 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:59:32.590601 0.051452 tcp 10.0.2.109 55976 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:59:32.642351 0.052999 tcp 10.0.2.109 55977 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:59:32.695653 0.147391 tcp 10.0.2.109 55978 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:59:32.917315 2.988171 tcp 10.0.2.109 55979 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:59:41.913771 0.000000 tcp 10.0.2.109 55979 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:59:47.912422 0.050863 tcp 10.0.2.109 55980 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:59:47.963559 0.052678 tcp 10.0.2.109 55981 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:59:48.016524 0.145115 tcp 10.0.2.109 55982 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 22:59:48.203399 2.993457 tcp 10.0.2.109 55983 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 22:59:57.195693 0.000000 tcp 10.0.2.109 55983 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:00:03.204195 3.003962 tcp 10.0.2.109 55984 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:00:12.207491 0.000000 tcp 10.0.2.109 55984 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:00:18.205912 3.004100 tcp 10.0.2.109 55985 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:00:27.208796 0.000000 tcp 10.0.2.109 55985 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:01:55.397571 3.002250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 23:02:02.405541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:02:10.407150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:02:26.410017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:02:58.416048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:09:02.421568 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 23:09:09.429745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:09:17.430999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:09:27.596363 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 23:09:27.596548 0.045437 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:27.640532 0.193748 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:27.828496 0.162762 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:27.987339 0.000000 udp 10.0.2.109 3683 -> 116.58.61.124 1206 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 23:09:33.234468 3.003569 tcp 10.0.2.109 55986 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:09:33.433823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:09:42.236554 0.000000 tcp 10.0.2.109 55986 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:09:45.774202 0.052888 tcp 10.0.2.109 55987 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:09:45.827433 0.052513 tcp 10.0.2.109 55988 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:09:45.880191 0.145572 tcp 10.0.2.109 55989 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:09:46.026554 0.082954 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:46.090107 0.153209 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:46.237996 0.055178 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:46.301371 0.552140 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:46.678419 0.072889 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:46.731943 0.113698 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:46.835209 0.197614 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:47.025199 0.078462 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:47.085438 0.167553 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:47.230107 0.166324 rtp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:47.369159 0.039498 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:47.469501 0.115100 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:47.544999 0.190464 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:47.719928 0.072767 rtp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:47.779110 0.169242 rtp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:47.927748 0.181494 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:09:48.101559 0.000000 udp 10.0.2.109 3683 -> 223.17.68.245 8575 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 23:09:48.235869 0.051811 tcp 10.0.2.109 55990 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:09:48.287954 0.053269 tcp 10.0.2.109 55991 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:09:48.341555 0.225556 tcp 10.0.2.109 55992 -> 195.113.214.211 443 SRPA* 0 0 47 42216 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:09:48.588478 3.001918 tcp 10.0.2.109 55993 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:09:57.588618 0.000000 tcp 10.0.2.109 55993 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:10:03.587986 0.051217 tcp 10.0.2.109 55994 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:10:03.639502 0.056443 tcp 10.0.2.109 55995 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:10:03.696327 0.146165 tcp 10.0.2.109 55996 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:10:03.862557 2.999478 tcp 10.0.2.109 55997 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:10:05.440082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:10:05.640719 0.052098 tcp 10.0.2.109 55998 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:10:05.693103 0.053461 tcp 10.0.2.109 55999 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:10:05.746839 0.148503 tcp 10.0.2.109 56000 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:10:05.895823 0.173565 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:10:06.061311 0.161377 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:10:06.384063 0.083201 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:10:06.434878 0.146150 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:10:06.569246 0.052609 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:10:12.860811 0.000000 tcp 10.0.2.109 55997 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:10:18.859730 3.003874 tcp 10.0.2.109 56001 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:10:27.872187 0.000000 tcp 10.0.2.109 56001 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:15:33.862743 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 23:15:33.862847 2.993651 tcp 10.0.2.109 56002 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:15:42.854848 0.000000 tcp 10.0.2.109 56002 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:15:48.865740 0.056311 tcp 10.0.2.109 56003 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:15:48.922360 0.052047 tcp 10.0.2.109 56004 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:15:48.974728 0.146281 tcp 10.0.2.109 56005 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:15:49.177074 3.001187 tcp 10.0.2.109 56006 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:15:58.177035 0.000000 tcp 10.0.2.109 56006 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:16:04.176453 0.052979 tcp 10.0.2.109 56007 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:16:04.229742 0.053391 tcp 10.0.2.109 56008 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:16:04.283015 0.154008 tcp 10.0.2.109 56009 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:16:04.532144 2.998537 tcp 10.0.2.109 56010 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:16:09.445500 3.002261 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 23:16:13.529453 0.000000 tcp 10.0.2.109 56010 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:16:16.453522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:16:19.528415 0.052290 tcp 10.0.2.109 56011 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:16:19.581038 0.055706 tcp 10.0.2.109 56012 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:16:19.637060 0.159698 tcp 10.0.2.109 56013 -> 195.113.214.211 443 SRPA* 0 0 68 48248 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:16:19.832059 3.000490 tcp 10.0.2.109 56014 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:16:24.454865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:16:28.831189 0.000000 tcp 10.0.2.109 56014 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:16:34.829950 2.994028 tcp 10.0.2.109 56015 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:16:40.457864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:16:43.833169 0.000000 tcp 10.0.2.109 56015 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:16:49.831420 2.994534 tcp 10.0.2.109 56016 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:16:58.824494 0.000000 tcp 10.0.2.109 56016 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:17:12.463950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:22:04.834834 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 23:22:04.834938 3.003556 tcp 10.0.2.109 56017 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:22:13.837023 0.000000 tcp 10.0.2.109 56017 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/15 23:22:19.837793 0.053928 tcp 10.0.2.109 56018 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:22:19.892106 0.052406 tcp 10.0.2.109 56019 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:22:19.944810 0.156924 tcp 10.0.2.109 56020 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:22:20.139901 0.480643 tcp 10.0.2.109 56021 -> 176.73.169.112 1959 FSPA* 0 0 15 1682 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:23:16.471085 3.000492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 23:23:23.477477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:23:31.478773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:23:47.481684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:24:19.487730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:30:23.494772 3.001213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 23:30:30.501130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:30:38.503111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:30:54.505798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:31:26.512037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:37:30.517695 3.002170 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 23:37:37.525619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:37:45.526966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:38:01.530471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:38:33.535647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:40:21.070826 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 23:40:21.070930 0.000000 udp 10.0.2.109 3683 -> 116.58.61.124 1206 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 23:40:39.348493 0.052770 tcp 10.0.2.109 56022 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:40:39.401623 0.054274 tcp 10.0.2.109 56023 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:40:39.456131 0.129236 tcp 10.0.2.109 56024 -> 195.113.214.211 443 SRPA* 0 0 34 25604 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:40:39.585987 0.363394 rtp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:40.027799 0.200492 rtp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:40.222674 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/15 23:40:55.870940 0.051367 tcp 10.0.2.109 56025 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:40:55.922601 0.054398 tcp 10.0.2.109 56026 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:40:55.977291 0.144639 tcp 10.0.2.109 56027 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:40:56.122425 0.162935 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:56.281441 0.054019 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:56.350047 0.551168 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:56.749860 0.065290 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:57.101224 0.114895 rtp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:57.176960 0.078619 rtp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:57.305647 0.153400 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:57.454052 0.077477 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:57.525254 0.169206 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:57.671800 0.158188 rtp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:57.802221 0.708039 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:58.484557 0.198783 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:58.646644 0.277989 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:58.971943 0.077716 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:59.033789 0.169700 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:59.239159 0.197715 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:59.429257 0.192435 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:59.614494 0.089950 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:59.670447 0.144903 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:59.805729 0.041179 rtp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:40:59.902243 0.172383 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:41:00.063887 0.153894 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/01/15 23:44:37.542340 3.001606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/15 23:44:44.549372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:44:52.550810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:45:08.554080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:45:40.559780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:51:44.566057 3.001660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 23:51:51.573288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:51:59.574748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:52:15.577702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:52:20.625723 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/15 23:52:20.625935 0.569277 tcp 10.0.2.109 56028 -> 176.73.169.112 1959 FSPA* 0 0 15 1735 flow=From-Botnet-V1-TCP-Established 1970/01/15 23:52:47.583818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:58:51.590518 3.000892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/15 23:58:58.597498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:59:06.598743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:59:22.601979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/15 23:59:54.607880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:05:58.615095 3.000702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 00:06:05.620945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:06:13.622797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:06:29.625860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:07:01.632221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:11:10.830457 0.091644 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 00:11:10.922372 0.045424 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:10.966014 0.366625 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:11.374888 0.191677 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:11.562485 0.621928 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:12.029392 0.229409 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:12.434708 0.055774 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:12.516503 0.067008 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:12.567683 0.115319 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:12.649725 0.080409 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:12.758834 0.155197 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:12.908940 0.073286 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:12.986722 0.168474 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:13.132610 0.161785 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:13.334143 0.184918 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:13.511107 0.045013 rtp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:13.589530 0.252200 rtp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:13.800474 0.078040 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:13.864596 0.171140 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:14.010814 0.195519 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:14.198719 0.183182 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:14.374643 0.088474 rtp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:14.430258 0.156386 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:14.578319 0.041025 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:14.638491 0.173431 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:11:14.804984 0.157278 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:13:05.678613 3.000632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 00:13:12.685350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:13:20.686999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:13:36.689750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:14:08.696093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:20:12.702462 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 00:20:19.709505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:20:27.711029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:20:43.713889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:21:15.719975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:22:21.234667 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 00:22:21.234862 0.492309 tcp 10.0.2.109 56029 -> 176.73.169.112 1959 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:27:19.725995 3.001658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 00:27:26.733098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:27:34.734958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:27:50.737874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:28:22.743683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:34:26.749884 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 00:34:33.757297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:34:41.758721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:34:57.761969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:35:29.767841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:41:25.629771 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 00:41:25.629881 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 00:41:33.863821 3.001909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 00:41:40.870964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:41:43.797965 0.059291 tcp 10.0.2.109 56030 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:41:43.857519 0.055777 tcp 10.0.2.109 56031 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:41:43.913138 0.163813 tcp 10.0.2.109 56032 -> 195.113.214.211 443 SRPA* 0 0 27 10624 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:41:44.077301 0.500454 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:41:44.426081 0.369867 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:41:44.797280 0.198344 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:41:44.990309 0.164433 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:41:45.151650 0.054573 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:41:45.225376 0.067942 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:41:45.275418 0.110042 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:41:45.344749 0.086320 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:41:45.409443 0.154755 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:41:45.558354 0.000000 udp 10.0.2.109 3683 -> 31.54.36.117 1084 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 00:41:48.873102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:42:02.012221 0.053604 tcp 10.0.2.109 56033 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:42:02.066094 0.053277 tcp 10.0.2.109 56034 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:42:02.119646 0.211547 tcp 10.0.2.109 56035 -> 195.113.214.211 443 SRPA* 0 0 44 36220 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:42:02.331921 0.168809 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:02.478535 0.166333 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:02.617347 0.214468 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:02.791916 0.039923 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:02.883353 0.307897 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:03.150813 0.082971 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:03.213827 0.169792 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:03.359747 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 00:42:04.875990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:42:18.816320 0.053031 tcp 10.0.2.109 56036 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:42:18.869662 0.052574 tcp 10.0.2.109 56037 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:42:18.922567 0.147503 tcp 10.0.2.109 56038 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:42:19.070658 0.146313 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:19.212960 0.045936 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:19.264934 0.170846 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:19.428108 0.157985 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:19.576375 0.199147 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:19.768031 0.182814 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/16 00:42:36.881752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:48:40.991094 2.998906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 00:48:47.995325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:48:55.996574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:49:11.999691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:49:44.005802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:52:21.823547 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 00:52:21.823652 0.511172 tcp 10.0.2.109 56039 -> 176.73.169.112 1959 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/01/16 00:55:48.012659 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 00:55:55.019407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:56:03.021611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:56:19.024709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 00:56:51.030916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:02:55.334336 3.004038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 01:03:02.344129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:03:10.345658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:03:26.348228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:03:58.354334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:10:02.370439 3.001432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 01:10:09.377747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:10:17.379298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:10:33.382075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:11:05.388012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:12:29.840186 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:12:29.840332 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:12:48.108270 0.052095 tcp 10.0.2.109 56040 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:12:48.160675 0.054270 tcp 10.0.2.109 56041 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:12:48.215265 0.185671 tcp 10.0.2.109 56042 -> 195.113.214.211 443 SRPA* 0 0 44 39162 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:12:48.402274 0.078024 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:48.460425 4.583931 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 14 5424 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:48.538499 4.824035 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 9 3155 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:48.948162 0.196052 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:49.138379 0.436595 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:49.531978 0.111497 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:49.673349 0.072975 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:49.758345 0.157119 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:49.910330 0.059974 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:50.027625 0.166998 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:50.191235 0.082774 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:50.542343 0.192999 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:50.727291 0.040645 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:50.857392 0.131474 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:51.091012 0.169904 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:51.235518 0.122625 rtp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:51.332774 0.079809 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:51.538943 0.168515 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:51.684007 0.146764 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:51.823137 0.045765 rtp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:51.964803 0.168317 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:52.124645 0.155256 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:52.384893 0.197938 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:52.575207 0.187978 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:53.715940 0.000082 udp 10.0.2.109 3683 <- 223.17.68.245 8575 RSP 0 0 5 2434 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:12:53.887058 0.120164 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 8 3036 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:53.989494 0.390740 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 8 3098 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:54.376176 1.115300 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 8 3001 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:55.449986 0.305957 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 8 3190 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:55.714461 0.112710 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3260 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:55.807798 0.311853 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 8 3283 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:56.114245 0.181350 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3042 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:56.351020 0.318473 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3237 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:56.665441 0.118423 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 8 2815 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:56.764584 0.369280 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 8 3027 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:57.125304 0.224572 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 8 3232 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:57.342012 0.286044 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 8 3424 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:57.597634 0.396150 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 8 2979 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:57.970221 0.230652 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 8 2952 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:58.165211 0.122300 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 8 3090 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:58.272844 0.309938 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 8 2985 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:58.558368 0.317225 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 2912 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:58.871407 0.315721 rtp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 8 2950 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:59.247019 0.297649 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 8 2789 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:59.536737 0.391091 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 8 2982 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:12:59.920166 0.436328 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 3294 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:13:00.348583 0.418881 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 8 3111 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:13:00.759388 0.000000 udp 10.0.2.109 3683 -> 58.185.247.70 4377 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:13:07.233713 0.000000 udp 10.0.2.109 3683 -> 117.200.92.78 5757 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:13:15.355504 0.000000 udp 10.0.2.109 3683 -> 65.27.209.172 4888 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:13:21.303821 0.087462 udp 10.0.2.109 3683 <-> 87.167.240.247 8279 CON 0 0 8 3152 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:13:21.509844 0.000000 udp 10.0.2.109 3683 -> 119.160.180.250 1482 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:13:28.804793 0.000000 udp 10.0.2.109 3683 -> 81.174.5.43 5410 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:13:33.671745 0.000199 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:13:36.866059 0.000000 udp 10.0.2.109 3683 -> 58.211.29.98 9979 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:13:44.196672 0.000000 udp 10.0.2.109 3683 -> 83.97.28.139 9706 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:13:51.217142 0.000000 udp 10.0.2.109 3683 -> 87.159.157.254 5099 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:13:57.035788 0.000000 udp 10.0.2.109 3683 -> 175.209.209.141 2499 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:14:05.136876 0.000000 udp 10.0.2.109 3683 -> 109.96.131.110 7305 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:14:12.177368 0.134936 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 8 3086 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:14:12.325059 0.000000 udp 10.0.2.109 3683 -> 117.240.78.74 2889 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:14:19.958370 0.000000 udp 10.0.2.109 3683 -> 78.172.166.86 8659 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:14:24.665109 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:14:25.045704 0.721823 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 8 2995 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:14:25.792163 0.000000 udp 10.0.2.109 3683 -> 77.183.117.253 3056 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:14:34.178547 0.000000 udp 10.0.2.109 3683 -> 151.75.35.220 6983 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:14:40.627953 0.000000 udp 10.0.2.109 3683 -> 78.93.187.132 3720 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:14:47.827980 0.000000 udp 10.0.2.109 3683 -> 80.169.202.242 9327 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:14:55.759874 0.000000 udp 10.0.2.109 3683 -> 113.21.73.122 1115 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:15:02.258811 0.883040 udp 10.0.2.109 3683 <-> 59.161.91.164 3896 CON 0 0 8 2986 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:15:02.859727 0.112580 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 8 3144 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:15:03.001030 0.000000 udp 10.0.2.109 3683 -> 87.22.193.31 2101 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:15:08.007453 0.000000 udp 10.0.2.109 3683 -> 14.98.54.41 2584 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:15:12.663736 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:15:14.366470 0.000000 udp 10.0.2.109 3683 -> 173.200.169.42 9250 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:15:20.675321 0.000000 udp 10.0.2.109 3683 -> 182.72.48.106 5303 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:15:27.775987 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:15:35.226445 0.115603 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 8 3102 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:15:35.350634 0.000000 udp 10.0.2.109 3683 -> 80.81.0.120 9503 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:15:40.534155 0.000000 udp 10.0.2.109 3683 -> 95.90.117.118 9335 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:15:48.145065 0.000000 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:15:56.296950 0.531803 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 8 3288 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:15:56.853360 0.487813 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 8 3138 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:15:57.366702 0.000000 udp 10.0.2.109 3683 -> 202.143.165.212 1187 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:16:01.163182 0.000408 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:16:03.867819 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:16:09.105181 0.000000 udp 10.0.2.109 3683 -> 95.253.15.144 7421 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:16:15.965221 0.000000 udp 10.0.2.109 3683 -> 188.9.163.175 9349 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:16:21.372473 0.112523 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 8 3043 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:16:21.520191 0.000000 udp 10.0.2.109 3683 -> 80.153.246.231 3374 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:16:27.041187 0.000000 udp 10.0.2.109 3683 -> 41.72.201.86 7723 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:16:33.019929 0.713504 udp 10.0.2.109 3683 <-> 220.255.131.221 3364 CON 0 0 8 2713 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:16:33.884917 0.000000 udp 10.0.2.109 3683 -> 217.92.79.27 8842 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:16:41.100974 0.264821 udp 10.0.2.109 3683 -> 117.192.106.28 9894 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:16:41.365795 0.000000 icmp 117.192.106.28 0x0303 -> 10.0.2.109 0xa626 URP 192 1 200 flow=Background 1970/01/16 01:16:45.667707 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:16:48.431979 0.000000 udp 10.0.2.109 3683 -> 176.110.122.126 5759 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:16:56.993889 0.000000 udp 10.0.2.109 3683 -> 77.69.3.156 5795 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:17:04.014554 0.000000 udp 10.0.2.109 3683 -> 80.153.161.180 5887 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:17:09.395115 3.000725 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 01:17:12.836576 0.000000 udp 10.0.2.109 3683 -> 87.29.77.35 1077 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:17:16.401809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:17:19.676267 0.000000 udp 10.0.2.109 3683 -> 202.142.107.122 2211 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:17:24.403017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:17:25.625016 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:17:30.171175 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:17:31.343056 0.000000 udp 10.0.2.109 3683 -> 62.98.160.90 7793 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:17:37.532277 0.000000 udp 10.0.2.109 3683 -> 80.138.54.246 1208 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:17:40.405898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:17:45.774396 0.399523 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 8 2957 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:17:46.228098 0.289681 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 8 3109 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:17:46.708332 0.000000 udp 10.0.2.109 3683 -> 180.22.49.254 5101 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:17:53.846137 0.601576 rtp 10.0.2.109 3683 <-> 151.77.160.30 6789 CON 0 0 8 3088 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:17:54.761221 0.000000 udp 10.0.2.109 3683 -> 201.144.156.78 8628 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:17:59.934295 0.000000 udp 10.0.2.109 3683 -> 151.63.114.11 7693 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:18:06.323522 0.000000 udp 10.0.2.109 3683 -> 92.234.13.59 9046 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:18:11.941941 0.000000 udp 10.0.2.109 3683 -> 182.52.108.182 3980 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:18:12.412142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:18:16.668570 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:18:17.740306 0.000000 udp 10.0.2.109 3683 -> 86.171.101.15 9152 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:18:26.202369 0.206379 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 8 2961 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:18:26.962344 0.000000 udp 10.0.2.109 3683 -> 115.119.133.114 5272 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:18:32.842175 0.000000 udp 10.0.2.109 3683 -> 211.3.248.168 1444 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:18:41.354150 0.000000 udp 10.0.2.109 3683 -> 176.221.10.118 1335 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:18:48.484076 0.339074 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 8 3025 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:18:48.848356 0.000000 udp 10.0.2.109 3683 -> 81.109.147.18 3206 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:18:54.332616 0.000000 udp 10.0.2.109 3683 -> 151.66.161.149 5338 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:19:01.162821 0.000000 udp 10.0.2.109 3683 -> 175.143.30.243 3228 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:19:05.668737 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:19:07.711961 0.000000 udp 10.0.2.109 3683 -> 85.124.198.201 8825 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:19:13.580422 0.000000 udp 10.0.2.109 3683 -> 78.186.202.67 1035 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:19:20.119846 0.000000 udp 10.0.2.109 3683 -> 195.145.84.210 2218 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:19:27.871220 4.261182 udp 10.0.2.109 3683 <-> 101.63.227.205 4699 CON 0 0 8 3239 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:19:31.983927 0.141473 udp 10.0.2.109 3683 <-> 151.45.199.197 9853 CON 0 0 8 3050 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:19:32.122994 0.000000 udp 10.0.2.109 3683 -> 79.33.143.78 1133 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:19:38.015852 0.110616 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 8 3047 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:19:38.144664 0.000000 udp 10.0.2.109 3683 -> 50.142.232.216 4935 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:19:45.186274 0.316873 udp 10.0.2.109 3683 -> 114.172.59.243 6033 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:19:45.503147 0.000000 icmp 114.172.59.243 0x0303 -> 10.0.2.109 0x9117 URP 192 1 277 flow=Background 1970/01/16 01:19:50.172893 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:19:53.527883 0.000000 udp 10.0.2.109 3683 -> 67.158.153.50 7579 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:20:01.329296 0.000000 udp 10.0.2.109 3683 -> 50.74.142.90 8540 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:20:08.849700 0.000000 udp 10.0.2.109 3683 -> 92.232.219.88 1712 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:20:14.147109 0.311299 udp 10.0.2.109 3683 <-> 120.88.33.221 5482 CON 0 0 8 3105 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:20:14.498146 0.150290 udp 10.0.2.109 3683 <-> 86.184.62.219 2291 CON 0 0 8 3116 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:20:14.676163 0.000000 udp 10.0.2.109 3683 -> 118.167.112.43 4272 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:20:21.038525 0.334964 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 8 3120 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:20:21.537503 0.000000 udp 10.0.2.109 3683 -> 66.189.88.238 9162 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:20:27.626457 0.000000 udp 10.0.2.109 3683 -> 90.201.178.99 7154 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:20:35.878638 0.502424 udp 10.0.2.109 3683 <-> 115.248.103.59 4328 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:20:36.493517 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 2600 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:20:40.665356 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:20:42.398276 0.000000 udp 10.0.2.109 3683 -> 41.182.93.231 9934 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:20:50.920566 0.000000 udp 10.0.2.109 3683 -> 113.140.7.42 1301 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:20:59.352605 0.000000 udp 10.0.2.109 3683 -> 59.183.173.172 1024 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:21:04.900665 0.160703 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 830 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:21:05.146488 0.000000 udp 10.0.2.109 3683 -> 220.227.201.9 1794 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:21:10.939224 0.000000 udp 10.0.2.109 3683 -> 87.23.171.88 5420 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:21:19.882065 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9986 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:21:25.169702 0.000000 udp 10.0.2.109 3683 -> 81.215.233.202 8541 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:21:30.166640 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:21:31.398329 0.000000 udp 10.0.2.109 3683 -> 80.148.10.226 9339 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:21:37.647489 0.000000 udp 10.0.2.109 3683 -> 80.20.201.225 7208 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:21:46.040421 0.236349 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 702 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:21:46.389748 0.000000 udp 10.0.2.109 3683 -> 87.25.56.218 8783 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:21:52.658783 0.000000 udp 10.0.2.109 3683 -> 79.28.38.200 7285 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:21:58.827984 0.000000 udp 10.0.2.109 3683 -> 186.47.87.233 2825 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:22:04.906546 0.000000 udp 10.0.2.109 3683 -> 217.133.87.17 2647 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:22:10.945093 0.000000 udp 10.0.2.109 3683 -> 36.2.107.42 1947 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:22:15.671741 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:22:19.167021 0.307443 udp 10.0.2.109 3683 <-> 182.185.82.112 5872 CON 0 0 2 698 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:22:19.556872 0.000000 udp 10.0.2.109 3683 -> 64.196.175.254 4607 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:22:22.352387 0.484670 tcp 10.0.2.109 56043 -> 176.73.169.112 1959 FSPA* 0 0 15 1732 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:22:25.035951 0.000000 udp 10.0.2.109 3683 -> 49.249.136.184 9979 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:22:33.597803 0.000000 udp 10.0.2.109 3683 -> 210.83.207.14 4708 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:22:39.376537 0.000000 udp 10.0.2.109 3683 -> 218.222.66.125 6817 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:22:47.017244 0.000000 udp 10.0.2.109 3683 -> 125.2.83.168 4368 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:22:53.166488 0.000000 udp 10.0.2.109 3683 -> 74.142.195.191 4245 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:23:00.796934 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:23:09.569366 0.215635 udp 10.0.2.109 3683 <-> 14.97.189.216 7779 CON 0 0 2 712 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:23:09.816390 0.264430 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:23:10.131368 0.000000 udp 10.0.2.109 3683 -> 14.32.38.138 2875 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:23:14.165826 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:23:17.380720 0.000000 udp 10.0.2.109 3683 -> 79.28.2.87 4896 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:23:25.191820 0.000000 udp 10.0.2.109 3683 -> 217.39.42.30 4371 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:24:16.419216 3.000362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 01:24:23.425937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:24:31.426892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:24:47.430209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:25:19.436127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:31:23.442847 3.001225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 01:31:30.449632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:31:38.451539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:31:54.453967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:32:26.460401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:38:30.466523 3.001189 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 01:38:37.473413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:38:45.475385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:39:01.477823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:39:33.484190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:45:37.490817 3.040978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 01:45:44.537771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:45:52.539127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:46:08.541833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:46:40.547982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:52:22.850393 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:52:22.850492 1.052010 tcp 10.0.2.109 56044 -> 176.73.169.112 1959 FSPA* 0 0 15 1710 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:52:44.553992 3.002115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 01:52:51.561254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:52:59.563395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:53:15.565767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:53:47.571987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 01:54:03.766101 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 01:54:03.766250 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:54:21.463022 0.053535 tcp 10.0.2.109 56045 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:54:21.516875 0.054491 tcp 10.0.2.109 56046 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:54:21.571702 0.143961 tcp 10.0.2.109 56047 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:54:21.716360 0.059237 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:21.776321 0.182836 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:21.959516 0.071369 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:22.031303 0.053237 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:22.084970 0.506468 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:22.591868 0.052312 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:22.644589 0.156854 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:22.801842 0.056194 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:22.858662 0.152153 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.011180 0.039695 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.051235 0.133808 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.185420 0.143525 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.329512 0.170566 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.500424 0.132376 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.633228 0.077358 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.710955 0.061525 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.772871 0.141908 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.915183 0.039973 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:23.955561 0.190993 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:24.146936 0.151076 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:24.298386 0.163453 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:24.462410 0.172251 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:24.635062 0.000000 udp 10.0.2.109 3683 -> 87.167.240.247 8279 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:54:41.520707 0.055561 tcp 10.0.2.109 56048 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:54:41.576061 0.058492 tcp 10.0.2.109 56049 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:54:41.634860 0.156828 tcp 10.0.2.109 56050 -> 195.113.214.211 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:54:41.790726 0.056197 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:41.847298 0.364472 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:42.212151 0.298419 udp 10.0.2.109 3683 <-> 59.161.91.164 3896 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:42.510979 0.053607 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:42.564987 0.042024 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:42.607462 0.211203 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:42.819086 0.298306 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:43.117803 0.058045 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:43.176223 0.405190 udp 10.0.2.109 3683 <-> 220.255.131.221 3364 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:43.581825 0.146551 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:43.728778 0.217606 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:54:43.946798 0.000000 udp 10.0.2.109 3683 -> 151.77.160.30 6789 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:55:02.179896 0.052635 tcp 10.0.2.109 56051 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:02.232781 0.054162 tcp 10.0.2.109 56052 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:02.287239 0.150999 tcp 10.0.2.109 56053 -> 195.113.214.211 443 SRPA* 0 0 42 24342 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:02.437659 0.097608 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:02.535695 0.153669 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:02.689759 0.000000 udp 10.0.2.109 3683 -> 101.63.227.205 4699 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:55:20.996853 0.052782 tcp 10.0.2.109 56054 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:21.049888 0.052395 tcp 10.0.2.109 56055 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:21.102493 0.154125 tcp 10.0.2.109 56056 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:21.257244 0.000000 udp 10.0.2.109 3683 -> 151.45.199.197 9853 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:55:38.272340 0.053031 tcp 10.0.2.109 56057 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:38.325691 0.053090 tcp 10.0.2.109 56058 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:38.379303 0.147338 tcp 10.0.2.109 56059 -> 195.113.214.211 443 SRPA* 0 0 52 42486 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:38.527255 0.060095 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:38.587741 0.141323 udp 10.0.2.109 3683 <-> 120.88.33.221 5482 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:38.729540 0.055786 udp 10.0.2.109 3683 <-> 86.184.62.219 2291 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:38.785738 0.165031 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:38.951130 0.190987 udp 10.0.2.109 3683 <-> 115.248.103.59 4328 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:39.142543 0.155655 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:39.298567 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 01:55:56.207638 0.060734 tcp 10.0.2.109 56060 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:56.268661 0.099951 tcp 10.0.2.109 56061 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:56.368863 0.142567 tcp 10.0.2.109 56062 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/16 01:55:56.511936 0.298446 udp 10.0.2.109 3683 <-> 182.185.82.112 5872 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:56.810758 1.247444 udp 10.0.2.109 3683 <-> 14.97.189.216 7779 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:55:58.058625 0.728043 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/16 01:59:51.577752 3.002280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 01:59:58.585944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:00:06.586992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:00:22.589798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:00:54.596272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:06:58.602856 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 02:07:05.609885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:07:13.610971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:07:29.614137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:08:01.620494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:14:05.626574 3.001166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 02:14:12.633525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:14:20.635221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:14:36.637818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:15:08.644083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:21:12.650065 3.001304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 02:21:19.657833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:21:27.659215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:21:43.661890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:22:15.668271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:22:23.910243 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 02:22:23.910347 0.617628 tcp 10.0.2.109 56063 -> 176.73.169.112 1959 FSPA* 0 0 15 1570 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:03.836563 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 02:26:03.836808 0.046680 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:26:03.883917 0.040744 udp 10.0.2.109 3683 <-> 87.167.240.247 8279 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:26:03.925077 0.000000 udp 10.0.2.109 3683 -> 151.77.160.30 6789 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:26:22.354466 0.053831 tcp 10.0.2.109 56064 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:22.408710 0.055104 tcp 10.0.2.109 56065 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:22.464122 0.151393 tcp 10.0.2.109 56066 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:22.615718 0.000000 udp 10.0.2.109 3683 -> 101.63.227.205 4699 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:26:40.779683 0.053076 tcp 10.0.2.109 56067 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:40.833049 0.056020 tcp 10.0.2.109 56068 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:40.889357 0.157327 tcp 10.0.2.109 56069 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:41.045725 0.000000 udp 10.0.2.109 3683 -> 151.45.199.197 9853 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:26:59.356221 0.052925 tcp 10.0.2.109 56070 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:59.409468 0.053380 tcp 10.0.2.109 56071 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:59.463137 0.156202 tcp 10.0.2.109 56072 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:26:59.619846 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:27:17.542509 0.052430 tcp 10.0.2.109 56073 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:27:17.595293 0.057019 tcp 10.0.2.109 56074 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:27:17.652593 0.144487 tcp 10.0.2.109 56075 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:27:17.797294 0.189666 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:17.987364 0.056695 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:18.044454 0.065306 udp 10.0.2.109 3683 <-> 91.6.26.23 5333 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:18.110188 0.149202 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:18.259841 0.427447 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:18.687705 0.052386 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:18.740430 0.161742 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:18.902571 0.064979 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:18.968018 0.049257 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.017633 0.058416 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.076445 0.141479 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.218421 0.040054 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.258897 0.128061 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.387297 0.039148 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.426812 0.084746 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.511949 0.144640 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.657029 0.176665 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.834050 0.142780 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:19.977252 0.186846 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:20.164494 0.145914 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:20.310811 0.163775 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:20.474989 0.179596 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:20.654987 0.056753 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:20.712153 0.269838 udp 10.0.2.109 3683 <-> 59.161.91.164 3896 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:20.982535 0.367605 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:21.350566 0.205934 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:21.556929 0.042926 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:21.600286 0.060450 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:21.661159 0.143990 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:21.805582 0.052829 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:21.858809 0.000000 udp 10.0.2.109 3683 -> 220.255.131.221 3364 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:27:39.183829 0.051885 tcp 10.0.2.109 56076 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:27:39.235671 0.057113 tcp 10.0.2.109 56077 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:27:39.293095 0.147548 tcp 10.0.2.109 56078 -> 195.113.214.211 443 SRPA* 0 0 46 40390 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:27:39.441283 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:27:56.068034 0.052704 tcp 10.0.2.109 56079 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:27:56.121083 0.052538 tcp 10.0.2.109 56080 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:27:56.173922 0.157164 tcp 10.0.2.109 56081 -> 195.113.214.211 443 SRPA* 0 0 23 11876 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:27:56.331703 0.228485 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:56.560579 0.101960 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:56.662949 0.156364 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:56.819708 0.166545 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:56.986597 0.140745 udp 10.0.2.109 3683 <-> 120.88.33.221 5482 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:57.127700 0.055258 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:57.183356 0.057637 udp 10.0.2.109 3683 <-> 86.184.62.219 2291 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:57.241407 0.257059 udp 10.0.2.109 3683 <-> 115.248.103.59 4328 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:57.498887 0.159574 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:57.658801 0.303639 udp 10.0.2.109 3683 <-> 182.185.82.112 5872 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:57.962835 0.221924 udp 10.0.2.109 3683 <-> 14.97.189.216 7779 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:27:58.185090 0.799836 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:28:19.674251 3.001830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 02:28:26.681437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:28:34.682853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:28:50.685999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:29:22.691812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:35:26.698086 3.001932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 02:35:33.705720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:35:41.707002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:35:57.709574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:36:29.715837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:42:33.722871 3.000988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 02:42:40.729705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:42:48.800916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:43:04.803903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:43:36.809774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:49:40.816848 3.021118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 02:49:47.843555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:49:55.845027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:50:11.847703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:50:43.853888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:52:24.549773 0.149820 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 02:52:24.699943 0.536579 tcp 10.0.2.109 56082 -> 176.73.169.112 1959 FSPA* 0 0 15 1686 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:56:47.919679 3.002557 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 02:56:54.927447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:57:02.928883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:57:18.931922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:57:50.937841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 02:58:06.280418 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 02:58:06.280667 0.000000 udp 10.0.2.109 3683 -> 220.255.131.221 3364 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:58:21.724041 0.052946 tcp 10.0.2.109 56083 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:58:21.776821 0.054659 tcp 10.0.2.109 56084 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:58:21.831815 0.152404 tcp 10.0.2.109 56085 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:58:21.984984 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:58:39.258474 0.055023 tcp 10.0.2.109 56086 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:58:39.313852 0.053749 tcp 10.0.2.109 56087 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:58:39.367857 0.147179 tcp 10.0.2.109 56088 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:58:39.515251 0.049712 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:58:39.565356 0.039890 udp 10.0.2.109 3683 <-> 87.167.240.247 8279 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:58:39.605919 0.190927 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:58:39.797235 0.150492 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:58:39.948122 0.000000 udp 10.0.2.109 3683 -> 125.113.191.17 5674 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:58:56.953465 0.052258 tcp 10.0.2.109 56089 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:58:57.006059 0.053368 tcp 10.0.2.109 56090 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:58:57.059703 0.157072 tcp 10.0.2.109 56091 -> 195.113.214.211 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:58:57.217263 0.053353 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:58:57.270973 0.159573 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:58:57.430946 0.056240 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:58:57.487569 0.049525 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:58:57.537483 0.061037 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:58:57.598895 0.000000 udp 10.0.2.109 3683 -> 91.6.26.23 5333 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:59:13.246795 0.054273 tcp 10.0.2.109 56092 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:59:13.301355 0.051924 tcp 10.0.2.109 56093 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:59:13.353553 0.151932 tcp 10.0.2.109 56094 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:59:13.506293 0.054716 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:13.561404 0.030888 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:13.592619 0.334303 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:13.927278 0.143948 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:14.071623 0.175193 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:14.247155 0.142930 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:14.390494 0.143001 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:14.533912 0.039871 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:14.574340 0.127949 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:14.702661 0.177788 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:14.880856 0.053525 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:14.934755 0.000000 udp 10.0.2.109 3683 -> 59.161.91.164 3896 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:59:33.546453 0.052113 tcp 10.0.2.109 56095 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:59:33.598901 0.052838 tcp 10.0.2.109 56096 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:59:33.652038 0.154211 tcp 10.0.2.109 56097 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:59:33.806743 0.186295 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:33.993479 0.157203 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:34.151096 0.154263 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:34.305706 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 02:59:50.460294 0.053934 tcp 10.0.2.109 56098 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:59:50.514531 0.054341 tcp 10.0.2.109 56099 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:59:50.569229 0.195919 tcp 10.0.2.109 56100 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 02:59:50.765624 0.064662 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:50.830697 0.206042 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/16 02:59:51.037179 0.000000 udp 10.0.2.109 3683 -> 210.217.156.13 9328 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 03:00:07.435182 0.051523 tcp 10.0.2.109 56101 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:00:07.486995 0.053973 tcp 10.0.2.109 56102 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:00:07.541283 0.145718 tcp 10.0.2.109 56103 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:00:07.687582 0.047686 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:07.735675 0.062410 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:07.798533 0.188209 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:07.987088 0.108468 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:08.095962 0.157470 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:08.253825 0.166284 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:08.420501 0.062424 udp 10.0.2.109 3683 <-> 86.184.62.219 2291 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:08.483372 0.249560 udp 10.0.2.109 3683 <-> 115.248.103.59 4328 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:08.733282 0.159087 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:08.892750 0.000000 udp 10.0.2.109 3683 -> 182.185.82.112 5872 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 03:00:27.613962 0.053041 tcp 10.0.2.109 56104 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:00:27.667335 0.054610 tcp 10.0.2.109 56105 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:00:27.722299 0.150912 tcp 10.0.2.109 56106 -> 195.113.214.211 443 SRPA* 0 0 44 28014 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:00:27.873600 0.141483 udp 10.0.2.109 3683 <-> 120.88.33.221 5482 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:28.015478 0.057028 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:28.072939 0.209875 udp 10.0.2.109 3683 <-> 14.97.189.216 7779 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:00:28.283255 0.808917 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:03:54.943537 3.002491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 03:04:01.951760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:04:09.953076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:04:25.955967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:04:57.962104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:11:01.968892 3.000537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 03:11:08.975536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:11:16.977251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:11:32.979886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:12:04.995667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:18:09.001439 3.072807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 03:18:16.079853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:18:24.081014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:18:40.084008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:19:12.089873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:22:25.268417 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 03:22:25.268520 0.510781 tcp 10.0.2.109 56107 -> 176.73.169.112 1959 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:25:16.095802 3.001842 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 03:25:23.103382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:25:31.104940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:25:47.107913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:26:19.114103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:30:56.413372 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 03:30:56.413474 0.000000 udp 10.0.2.109 3683 -> 91.6.26.23 5333 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 03:31:15.041898 0.053018 tcp 10.0.2.109 56108 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:31:15.095205 0.053000 tcp 10.0.2.109 56109 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:31:15.148495 0.154237 tcp 10.0.2.109 56110 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:31:15.303361 0.000000 udp 10.0.2.109 3683 -> 125.113.191.17 5674 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 03:31:32.545067 0.051568 tcp 10.0.2.109 56111 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:31:32.596528 0.053242 tcp 10.0.2.109 56112 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:31:32.649999 0.150812 tcp 10.0.2.109 56113 -> 195.113.214.211 443 SRPA* 0 0 42 37026 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:31:32.801414 0.000000 udp 10.0.2.109 3683 -> 59.161.91.164 3896 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 03:31:49.189321 0.053240 tcp 10.0.2.109 56114 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:31:49.242838 0.053519 tcp 10.0.2.109 56115 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:31:49.296372 0.160409 tcp 10.0.2.109 56116 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:31:49.457238 0.000000 udp 10.0.2.109 3683 -> 210.217.156.13 9328 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 03:32:06.143331 0.051738 tcp 10.0.2.109 56117 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:32:06.195353 0.054504 tcp 10.0.2.109 56118 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:32:06.250137 0.149385 tcp 10.0.2.109 56119 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:32:06.400195 0.148211 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:06.548789 0.000000 udp 10.0.2.109 3683 -> 182.185.82.112 5872 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 03:32:21.646257 0.052794 tcp 10.0.2.109 56120 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:32:21.699322 0.056446 tcp 10.0.2.109 56121 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:32:21.756063 0.146740 tcp 10.0.2.109 56122 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:32:21.903270 0.000000 udp 10.0.2.109 3683 -> 87.167.240.247 8279 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 03:32:23.121190 3.000849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 03:32:30.127410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:32:38.129002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:32:40.392679 0.051717 tcp 10.0.2.109 56123 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:32:40.444676 0.052600 tcp 10.0.2.109 56124 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:32:40.497591 0.149337 tcp 10.0.2.109 56125 -> 195.113.214.211 443 SRPA* 0 0 48 38772 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:32:40.647563 0.054959 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:40.702848 0.193195 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:40.896460 0.147454 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.044352 0.051206 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.095968 0.059445 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.155802 0.050385 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.206547 0.161634 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.368583 0.058829 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.427787 0.057037 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.485206 0.030096 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.515625 0.079797 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.595829 0.126476 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.722717 0.145093 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.868160 0.060996 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:41.929557 0.170956 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:42.100928 0.144982 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:42.246437 0.136952 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:42.383832 0.040109 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:42.424305 0.172742 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:42.597462 0.191972 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:42.789852 0.158302 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:42.948555 0.163652 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:43.112563 0.052664 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:43.165603 0.194758 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:43.360773 0.187757 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:43.548969 0.048369 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:43.597664 0.053618 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:43.651686 0.102588 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:43.754620 0.055155 udp 10.0.2.109 3683 <-> 86.184.62.219 2291 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:43.810160 0.275232 udp 10.0.2.109 3683 <-> 115.248.103.59 4328 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:44.085759 0.155502 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:44.241635 0.166307 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:44.408362 0.172802 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:44.581504 0.638341 udp 10.0.2.109 3683 <-> 120.88.33.221 5482 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:45.220183 0.055546 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:45.276129 1.103697 udp 10.0.2.109 3683 <-> 14.97.189.216 7779 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:46.380176 0.206351 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 03:32:54.131996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:33:26.137652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:39:30.144732 3.000813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 03:39:37.151844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:39:45.153608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:40:01.156544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:40:33.162348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:46:37.168666 3.001252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 03:46:44.175209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:46:52.176787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:47:08.179986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:47:40.185687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:52:25.786715 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 03:52:25.786821 0.553100 tcp 10.0.2.109 56126 -> 176.73.169.112 1959 FSPA* 0 0 14 1556 flow=From-Botnet-V1-TCP-Established 1970/01/16 03:53:44.191837 3.001852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 03:53:51.199220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:53:59.201003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:54:15.203852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 03:54:47.209577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:00:51.216376 3.061675 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 04:00:58.283215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:01:06.284676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:01:22.288195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:01:54.294264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:03:02.182039 0.000161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 04:03:02.182301 0.000000 udp 10.0.2.109 3683 -> 87.167.240.247 8279 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 04:03:18.567130 0.054335 tcp 10.0.2.109 56127 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:03:18.621764 0.054227 tcp 10.0.2.109 56128 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:03:18.676269 0.144957 tcp 10.0.2.109 56129 -> 195.113.214.211 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:03:18.821773 0.151603 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:18.973801 0.150955 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:19.125183 0.054725 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:19.180300 0.185202 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:19.365859 0.053569 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:19.419774 0.062804 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:19.482990 0.481535 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:19.964948 0.162537 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:20.127909 0.061718 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:20.128219 3.003341 tcp 10.0.2.109 56130 -> 107.214.174.97 5272 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 04:03:20.189971 0.057553 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:20.247915 0.029407 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:20.277721 0.078686 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:20.356746 0.135182 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:20.492346 0.144639 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:20.637404 0.057327 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:20.695077 0.168894 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:20.864398 0.144252 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:21.009123 0.144246 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:21.153694 0.044341 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:21.198539 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 04:03:29.129928 0.000000 tcp 10.0.2.109 56130 -> 107.214.174.97 5272 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 04:03:36.461533 0.009638 udp 10.0.2.109 61441 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/16 04:03:36.471565 0.009481 udp 10.0.2.109 49688 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/16 04:03:36.671779 0.052015 tcp 10.0.2.109 56131 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:03:36.723669 0.107405 tcp 10.0.2.109 56132 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:03:36.831396 0.167736 tcp 10.0.2.109 56133 -> 195.113.214.211 443 SRPA* 0 0 49 38538 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:03:36.999657 0.192530 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:37.192610 0.174743 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:37.367689 0.204295 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:37.572736 0.207463 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:37.780605 0.047188 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:37.828197 0.054873 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:37.883475 0.097523 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:37.981378 0.000000 udp 10.0.2.109 3683 -> 86.184.62.219 2291 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 04:03:54.286961 0.051432 tcp 10.0.2.109 56134 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:03:54.338618 0.053569 tcp 10.0.2.109 56135 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:03:54.392492 0.182910 tcp 10.0.2.109 56136 -> 195.113.214.211 443 SRPA* 0 0 24 10254 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:03:54.574344 0.161780 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:54.736507 0.052880 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:54.789805 0.257136 udp 10.0.2.109 3683 <-> 115.248.103.59 4328 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:55.047295 0.152554 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:55.200353 0.160133 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:55.200743 3.001294 tcp 10.0.2.109 56137 -> 65.95.29.164 7524 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 04:03:55.360903 0.175500 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:55.536766 0.140968 udp 10.0.2.109 3683 <-> 120.88.33.221 5482 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:55.678105 0.057456 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:55.735941 0.226019 udp 10.0.2.109 3683 <-> 14.97.189.216 7779 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:03:55.962530 0.280987 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:04:04.200519 0.000000 tcp 10.0.2.109 56137 -> 65.95.29.164 7524 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 04:04:11.454449 0.009380 udp 10.0.2.109 49844 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/16 04:04:11.464141 0.009710 udp 10.0.2.109 55414 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/16 04:07:58.299708 3.002056 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 04:08:05.307345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:08:13.308999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:08:29.312346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:09:01.318282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:15:05.324205 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 04:15:12.331750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:15:20.333014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:15:36.336076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:16:08.342257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:22:12.348742 3.000607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 04:22:19.355218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:22:26.366151 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 04:22:26.366252 0.506165 tcp 10.0.2.109 56138 -> 176.73.169.112 1959 FSPA* 0 0 15 1575 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:22:27.356542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:22:43.359507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:23:15.365740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:29:19.371916 3.001876 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 04:29:26.379325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:29:34.380668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:29:50.383942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:30:22.389575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:34:17.247743 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 04:34:17.247934 0.179178 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:17.427506 0.000000 udp 10.0.2.109 3683 -> 86.184.62.219 2291 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 04:34:33.843183 0.052764 tcp 10.0.2.109 56139 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:34:33.896252 0.052480 tcp 10.0.2.109 56140 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:34:33.948995 0.146376 tcp 10.0.2.109 56141 -> 195.113.214.211 443 SRPA* 0 0 51 42184 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:34:34.096012 0.143001 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.239450 0.185220 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.425079 0.053270 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.478772 0.063467 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.542583 0.051711 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.594680 0.051925 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.646963 0.147250 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.794621 0.056488 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.851509 0.029750 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.887575 0.079881 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.967927 0.136398 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:34.968303 2.999140 tcp 10.0.2.109 56142 -> 81.157.133.94 3800 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 04:34:35.104673 0.143532 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:35.248633 0.057660 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:35.306609 0.095034 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:35.402043 0.145626 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:35.548079 0.223264 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:35.771666 0.286143 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:36.058260 0.136171 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:36.194885 0.040324 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:36.235596 0.191496 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:36.427485 0.047058 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:36.474976 0.053368 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:36.528783 0.121331 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:36.650532 0.187568 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:36.838473 0.145019 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:36.983918 0.203685 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:37.187974 0.054782 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:37.243412 0.000000 udp 10.0.2.109 3683 -> 115.248.103.59 4328 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 04:34:43.965973 0.000000 tcp 10.0.2.109 56142 -> 81.157.133.94 3800 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 04:34:55.082289 0.054479 tcp 10.0.2.109 56143 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:34:55.136917 0.053059 tcp 10.0.2.109 56144 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:34:55.189852 0.145712 tcp 10.0.2.109 56145 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:34:55.336188 0.156457 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:55.492989 0.164793 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:55.658204 0.320923 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:55.979465 0.154872 udp 10.0.2.109 3683 <-> 120.88.33.221 5482 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:56.134782 0.056529 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:56.191781 0.228754 udp 10.0.2.109 3683 <-> 14.97.189.216 7779 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:56.192171 4.242265 tcp 10.0.2.109 56146 -> 5.178.194.36 4983 FSPA* 0 0 680 500844 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:34:56.420904 0.155556 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:34:56.576821 0.533590 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/16 04:36:26.405635 3.001996 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 04:36:33.413604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:36:41.415056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:36:57.417770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:37:29.423973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:43:33.429709 3.002099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 04:43:40.437344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:43:48.439004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:44:04.441390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:44:36.448100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:50:40.454954 3.000789 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 04:50:47.461503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:50:55.462346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:51:11.465977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:51:43.471979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:52:26.884591 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 04:52:26.884874 0.510028 tcp 10.0.2.109 56147 -> 176.73.169.112 1959 FSPA* 0 0 15 1662 flow=From-Botnet-V1-TCP-Established 1970/01/16 04:57:47.477953 3.001859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 04:57:54.484992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:58:02.486718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:58:18.489733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 04:58:50.495913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:04:54.502329 3.000782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 05:05:01.508855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:05:09.510699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:05:18.233209 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 05:05:18.233307 0.179654 udp 10.0.2.109 3683 -> 115.248.103.59 4328 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 05:05:18.412961 0.000000 icmp 115.248.102.53 0x0103 -> 10.0.2.109 0x73f8 URH 192 1 130 flow=Background 1970/01/16 05:05:25.513271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:05:34.788911 0.054629 tcp 10.0.2.109 56148 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:05:34.843878 0.052810 tcp 10.0.2.109 56149 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:05:34.897004 0.148460 tcp 10.0.2.109 56150 -> 195.113.214.211 443 SRPA* 0 0 50 29664 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:05:35.044664 0.174553 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:35.219560 0.185017 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:35.404925 0.055153 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:35.460444 0.060485 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:35.521333 0.048994 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:35.570665 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 90 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 05:05:52.202465 0.052598 tcp 10.0.2.109 56151 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:05:52.255383 0.073183 tcp 10.0.2.109 56152 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:05:52.328858 0.150780 tcp 10.0.2.109 56153 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:05:52.480120 0.150247 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:52.630773 0.058559 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:52.689683 0.029155 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:52.719232 0.080643 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:52.800226 0.152476 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:52.953075 0.146965 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:05:53.100390 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 05:05:57.519844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:06:09.637957 0.052527 tcp 10.0.2.109 56154 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:06:09.690753 0.056779 tcp 10.0.2.109 56155 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:06:09.747828 0.150459 tcp 10.0.2.109 56156 -> 195.113.214.211 443 SRPA* 0 0 40 21398 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:06:09.898674 0.059393 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:09.958515 0.142017 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:10.100957 0.160673 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:10.261978 0.183920 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:10.446486 0.060770 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:10.507682 0.191450 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:10.699574 0.046851 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:10.746831 0.056027 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:10.803266 0.107552 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:10.911252 0.192162 rtcp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:11.103821 0.345164 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:11.449353 0.135750 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:11.585521 0.040147 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:11.626097 0.209139 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:11.835602 0.053899 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:11.889936 0.171999 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:12.062346 0.153448 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:12.216182 0.166622 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:12.383161 0.053587 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:12.437133 0.231432 udp 10.0.2.109 3683 <-> 14.97.189.216 7779 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:12.668974 0.156116 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:06:12.825486 0.000000 udp 10.0.2.109 3683 -> 120.88.33.221 5482 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 05:06:28.434881 0.055489 tcp 10.0.2.109 56157 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:06:28.490663 0.056281 tcp 10.0.2.109 56158 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:06:28.547226 0.147926 tcp 10.0.2.109 56159 -> 195.113.214.211 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:06:28.695646 0.186885 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:12:01.526005 3.061746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 05:12:08.593245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:12:16.595005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:12:32.597875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:13:04.603652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:19:08.610691 3.000432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 05:19:15.616980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:19:23.618994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:19:39.621568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:20:11.627958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:22:27.423065 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 05:22:27.423166 0.516443 tcp 10.0.2.109 56160 -> 176.73.169.112 1959 FSPA* 0 0 14 1656 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:26:15.633383 3.002135 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 05:26:22.641036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:26:30.642344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:26:46.645276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:27:18.651295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:33:22.657447 3.002140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 05:33:29.664811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:33:37.666690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:33:53.669498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:34:25.675865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:36:40.850088 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 05:36:40.850299 0.047890 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:40.898584 0.132825 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:41.031771 0.000000 udp 10.0.2.109 3683 -> 120.88.33.221 5482 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 05:36:57.476341 0.053720 tcp 10.0.2.109 56161 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:36:57.530397 0.054174 tcp 10.0.2.109 56162 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:36:57.584881 0.151502 tcp 10.0.2.109 56163 -> 195.113.214.211 443 SRPA* 0 0 39 33218 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:36:57.736917 0.053108 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:57.790441 0.060655 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:57.851452 0.051799 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:57.903570 0.190354 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:58.094385 0.173902 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:58.268724 0.149897 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:58.418954 0.056272 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:58.475686 0.150034 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:58.626246 0.030474 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:58.657110 0.182264 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:58.839727 0.143655 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:58.983779 0.059257 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:59.043421 0.144788 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:59.188659 0.173093 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:59.362162 0.062101 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:59.424644 0.187822 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:59.612864 0.042621 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:59.655816 0.057257 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:59.713451 0.102238 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:59.816077 0.161094 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:36:59.977586 0.161555 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:00.139522 0.140127 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:00.280141 0.040002 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:00.320540 0.202110 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:00.522993 0.053602 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:00.576959 0.204033 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:00.781458 0.194908 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:00.976760 0.426825 udp 10.0.2.109 3683 <-> 14.97.189.216 7779 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:01.403993 0.153637 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:01.558041 0.154852 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:01.713309 0.167872 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:01.881577 0.055508 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:37:01.937470 0.186805 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/16 05:40:29.681840 3.001338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 05:40:36.689074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:40:44.690391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:41:00.693768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:41:32.699653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:47:36.705025 3.002324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 05:47:43.712658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:47:51.714535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:48:07.717647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:48:39.723761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:52:27.942446 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 05:52:27.942547 0.533539 tcp 10.0.2.109 56164 -> 176.73.169.112 1959 FSPA* 0 0 15 1719 flow=From-Botnet-V1-TCP-Established 1970/01/16 05:54:43.729124 3.001959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 05:54:50.736962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:54:58.738195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:55:14.741783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 05:55:46.747743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:01:50.753970 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 06:01:57.760699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:02:05.762623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:02:21.765603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:02:53.771445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:07:14.796924 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 06:07:14.797031 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 06:07:32.764890 0.054876 tcp 10.0.2.109 56165 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:07:32.820159 0.052687 tcp 10.0.2.109 56166 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:07:32.873124 0.147817 tcp 10.0.2.109 56167 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:07:33.021571 0.148362 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:33.170327 0.055451 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:33.226228 0.051126 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:33.277715 0.058993 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:33.337115 0.199275 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:33.536824 0.173349 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:33.710573 0.144914 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:33.855828 0.060586 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:33.916819 0.150214 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:34.067446 0.029111 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:34.096980 0.290639 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:34.388060 0.142626 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:34.531069 0.056627 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:34.588128 0.142217 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:34.730764 1.219052 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:35.950237 0.058755 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:36.009369 0.193853 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:36.203570 0.048122 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:36.252054 0.053530 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:36.306014 0.097203 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:36.403557 0.158990 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:36.567412 0.379465 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:36.947303 0.143245 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:37.090917 0.041910 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:37.133259 0.210027 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:37.343618 0.055330 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:37.399355 0.167807 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:37.567564 0.193512 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:37.761433 0.158120 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:37.920037 0.166203 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:38.086704 0.056513 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:38.143621 0.000000 udp 10.0.2.109 3683 -> 14.97.189.216 7779 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 06:07:57.117974 0.069390 tcp 10.0.2.109 56168 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:07:57.187668 0.053418 tcp 10.0.2.109 56169 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:07:57.241363 0.159755 tcp 10.0.2.109 56170 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:07:57.401576 0.151793 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:07:57.553760 0.201976 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:08:57.778090 3.000841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 06:09:04.785033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:09:12.786811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:09:28.789568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:10:00.795100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:16:04.802235 3.000831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 06:16:11.808497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:16:19.810019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:16:35.813477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:17:07.819487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:22:28.480575 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 06:22:28.480681 0.500796 tcp 10.0.2.109 56171 -> 176.73.169.112 1959 FSPA* 0 0 14 1521 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:23:11.825461 3.002050 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 06:23:18.833214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:23:26.834080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:23:42.837396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:24:14.843188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:30:18.849386 3.001317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 06:30:25.866993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:30:33.867993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:30:49.871440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:31:21.877375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:37:25.883427 3.001567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 06:37:32.890738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:37:40.892215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:37:56.895294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:38:19.347940 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 06:38:19.348039 0.138374 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:38:19.486762 0.000000 udp 10.0.2.109 3683 -> 14.97.189.216 7779 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 06:38:28.901080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:38:34.841443 0.054368 tcp 10.0.2.109 56172 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:38:34.896052 0.052559 tcp 10.0.2.109 56173 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:38:34.948956 0.148873 tcp 10.0.2.109 56174 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:38:35.098370 0.052304 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:38:35.151068 0.052854 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:38:35.204266 0.077951 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:38:35.282602 0.183420 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:38:35.466520 0.172869 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:38:35.639750 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 06:38:52.756252 0.053408 tcp 10.0.2.109 56175 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:38:52.810027 0.054017 tcp 10.0.2.109 56176 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:38:52.864382 0.166447 tcp 10.0.2.109 56177 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:38:53.031301 0.061257 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:38:53.092924 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 06:39:10.331586 0.051804 tcp 10.0.2.109 56178 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:39:10.383727 0.053991 tcp 10.0.2.109 56179 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:39:10.438042 0.148353 tcp 10.0.2.109 56180 -> 195.113.214.211 443 SRPA* 0 0 23 13260 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:39:10.586867 0.031449 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:10.618666 0.149861 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:10.768870 0.059864 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:10.829161 0.759727 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:11.589263 0.145877 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:11.735573 0.229995 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:11.965994 0.057677 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:12.024071 0.352970 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:12.377395 0.100968 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:12.478769 0.164598 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:12.643797 0.169071 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:12.813259 0.055244 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:12.868919 0.047663 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:12.916968 0.191141 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:13.108469 0.058863 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:13.167749 0.205800 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:13.373974 0.054738 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:13.429100 0.168477 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:13.598033 0.197327 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:13.795768 0.152188 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:13.948396 0.133222 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:14.082035 0.055067 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:14.137457 0.172761 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:14.310623 0.158500 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:39:14.469533 0.186213 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/16 06:44:32.907733 3.101920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 06:44:40.015308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:44:48.016309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:45:04.019461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:45:36.025534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:51:40.032205 3.000960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 06:51:47.038494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:51:55.040189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:52:11.043572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:52:29.029981 0.000168 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 06:52:29.030245 0.504445 tcp 10.0.2.109 56181 -> 176.73.169.112 1959 FSPA* 0 0 14 1539 flow=From-Botnet-V1-TCP-Established 1970/01/16 06:52:43.049253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:58:47.055258 3.001574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 06:58:54.063010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:59:02.063954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:59:18.067694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 06:59:50.073333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:05:54.079585 3.001736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 07:06:01.087112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:06:09.088034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:06:25.091243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:06:57.097675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:09:28.154620 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 07:09:28.154802 0.127836 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:28.283060 0.147338 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:28.430832 0.049768 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:28.481009 0.047424 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:28.528839 0.174561 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:28.703801 0.052005 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:28.756214 0.187261 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:28.943829 0.062219 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:29.006451 0.058452 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:29.065329 0.055940 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:29.121691 0.030481 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:29.152576 0.147505 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:29.300488 0.172767 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:29.473619 0.142961 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:29.616927 0.144164 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:29.761436 0.058264 udp 10.0.2.109 3683 <-> 86.151.77.149 6627 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:29.820098 1.244276 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:31.064771 0.103438 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:31.168630 0.160069 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:31.329195 0.169024 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:31.498594 0.055232 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:31.554417 0.039966 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:31.594743 0.192768 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:31.787917 0.044453 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:31.832771 0.214244 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:32.047413 0.059326 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:32.107150 0.174194 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:32.281746 0.190931 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:32.473123 0.155594 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:32.629156 0.166334 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:32.795825 0.152064 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:32.948283 0.186284 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:33.134950 0.136208 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:09:33.271522 0.053682 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:13:01.102509 3.002659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 07:13:08.110642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:13:16.112162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:13:32.115399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:14:04.121630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:20:08.128151 3.001029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 07:20:15.134916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:20:23.135853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:20:39.139155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:21:11.145168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:22:29.538900 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 07:22:29.539013 0.544729 tcp 10.0.2.109 56182 -> 176.73.169.112 1959 FSPA* 0 0 14 1599 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:27:15.151366 3.001805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 07:27:22.159032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:27:30.160052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:27:46.162971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:28:18.169073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:34:22.174980 3.001834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 07:34:29.182764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:34:37.184228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:34:53.186839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:35:25.192988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:39:35.974077 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 07:39:35.974292 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 07:39:53.521112 0.152480 tcp 10.0.2.109 56183 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:39:53.673862 0.054042 tcp 10.0.2.109 56184 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:39:53.728467 0.149067 tcp 10.0.2.109 56185 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:39:53.878161 0.054932 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:53.933466 0.172396 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.106345 0.053506 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.160186 0.191513 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.352045 0.061831 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.414441 0.127671 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.542604 0.155175 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.698253 0.060945 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.759611 0.058562 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.818575 0.029791 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.848747 0.148730 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:39:54.997912 0.000000 udp 10.0.2.109 3683 -> 81.157.133.94 5187 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 07:40:10.704057 0.054338 tcp 10.0.2.109 56186 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:40:10.758700 0.053622 tcp 10.0.2.109 56187 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:40:10.812690 0.259447 tcp 10.0.2.109 56188 -> 195.113.214.211 443 SRPA* 0 0 49 42518 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:40:11.073951 0.143768 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:11.218131 0.142791 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:11.361394 0.000000 udp 10.0.2.109 3683 -> 86.151.77.149 6627 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 07:40:30.072185 0.053547 tcp 10.0.2.109 56189 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:40:30.125707 0.053051 tcp 10.0.2.109 56190 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:40:30.179058 0.155244 tcp 10.0.2.109 56191 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:40:30.333557 0.192646 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:30.526615 0.105688 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:30.632770 0.160604 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:30.793725 0.347621 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:31.141744 0.055580 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:31.197757 0.046671 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:31.244848 0.195294 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:31.440537 0.044624 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:31.485553 0.199867 udp 10.0.2.109 3683 <-> 2.187.235.146 2243 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:31.685815 0.055191 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:31.741426 0.265141 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:32.007002 0.183984 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:32.191386 0.769622 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:32.961383 0.166649 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:33.128476 0.157074 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:33.286008 0.059879 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:33.346365 0.444504 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:40:33.791298 0.144083 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/16 07:41:29.229350 3.001860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 07:41:36.237001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:41:44.237905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:42:00.241225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:42:32.247014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:48:36.253110 3.001735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 07:48:43.260824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:48:51.261998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:49:07.264897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:49:39.272179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:52:30.117394 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 07:52:30.117491 0.533764 tcp 10.0.2.109 56192 -> 176.73.169.112 1959 FSPA* 0 0 15 1779 flow=From-Botnet-V1-TCP-Established 1970/01/16 07:55:43.278565 3.000222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 07:55:50.284584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:55:58.286414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:56:14.289285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 07:56:46.294872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:02:50.301759 3.000854 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 08:02:57.308328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:03:05.310268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:03:21.313014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:03:53.319166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:09:57.324648 3.001858 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 08:10:04.332598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:10:12.334072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:10:28.336932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:10:49.828503 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 08:10:49.828604 0.053804 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:10:49.882809 0.000000 udp 10.0.2.109 3683 -> 86.151.77.149 6627 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 08:11:00.343160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:11:07.275972 0.053788 tcp 10.0.2.109 56193 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:11:07.330076 0.054509 tcp 10.0.2.109 56194 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:11:07.384825 0.151825 tcp 10.0.2.109 56195 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:11:07.537176 0.082365 udp 10.0.2.109 3683 <-> 81.157.133.94 5187 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:07.619941 0.058067 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:07.678359 0.184119 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:07.862882 0.058918 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:07.922205 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 08:11:24.398115 0.053894 tcp 10.0.2.109 56196 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:11:24.452302 0.053612 tcp 10.0.2.109 56197 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:11:24.506265 0.149689 tcp 10.0.2.109 56198 -> 195.113.214.211 443 SRPA* 0 0 26 14958 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:11:24.656547 0.153305 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:24.810411 0.174737 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:24.985522 0.058839 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:25.044773 0.033180 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:25.078364 0.148740 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:25.227513 0.052774 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:25.280656 0.060722 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:25.341797 0.143591 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:25.485803 0.144616 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:25.630830 0.292000 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:25.923162 0.149018 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:26.072537 0.160865 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:26.233749 0.162502 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:26.396691 0.054549 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:26.451642 0.046863 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:26.498867 0.190767 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:26.690007 0.044479 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:26.734892 0.000000 udp 10.0.2.109 3683 -> 2.187.235.146 2243 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 08:11:45.598739 0.063599 tcp 10.0.2.109 56199 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:11:45.662602 0.053038 tcp 10.0.2.109 56200 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:11:45.715534 0.161745 tcp 10.0.2.109 56201 -> 195.113.214.211 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:11:45.877785 0.054931 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:45.933065 0.186206 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:46.119685 0.191440 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:46.311529 1.092069 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:47.404002 0.053617 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:47.457971 1.984036 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:49.442426 0.137440 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:49.580274 0.166013 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:11:49.746682 0.158459 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:17:04.349934 3.000625 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 08:17:11.356152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:17:19.357867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:17:35.360651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:18:07.367004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:22:30.656205 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 08:22:30.656436 0.524315 tcp 10.0.2.109 56202 -> 176.73.169.112 1959 FSPA* 0 0 14 1571 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:24:11.373855 3.000643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 08:24:18.380343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:24:26.381855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:24:42.385003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:25:14.391169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:31:18.397117 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 08:31:25.404109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:31:33.406109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:31:49.408805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:32:21.414920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:38:25.421165 3.001169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 08:38:32.428118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:38:40.430089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:38:56.433077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:39:28.439071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:42:01.729743 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 08:42:01.729844 0.138077 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:01.868341 0.000000 udp 10.0.2.109 3683 -> 2.187.235.146 2243 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 08:42:16.963575 0.058128 tcp 10.0.2.109 56203 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:42:17.021591 0.055604 tcp 10.0.2.109 56204 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:42:17.077543 0.157772 tcp 10.0.2.109 56205 -> 195.113.214.211 443 SRPA* 0 0 50 30414 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:42:17.233520 0.054020 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:17.287882 0.061477 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:17.349992 0.053416 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:17.403796 0.000000 udp 10.0.2.109 3683 -> 81.157.133.94 5187 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 08:42:36.119416 0.052020 tcp 10.0.2.109 56206 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:42:36.171744 0.054967 tcp 10.0.2.109 56207 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:42:36.227065 0.156333 tcp 10.0.2.109 56208 -> 195.113.214.211 443 SRPA* 0 0 46 41622 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:42:36.384093 0.184834 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:36.626962 0.173537 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:36.800834 0.149113 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:36.950363 0.030616 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:36.981398 0.058971 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:37.040776 0.059174 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:37.100402 0.140043 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:37.240802 0.142280 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:37.383533 0.169035 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:37.552969 0.104572 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:37.657957 0.151425 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:37.809826 0.052199 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:37.862444 0.047535 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:37.910382 0.188937 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:38.099742 0.044398 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:38.144562 0.221493 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:38.366482 0.166913 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:38.533811 0.056589 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:38.590798 0.053986 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:38.645201 0.176395 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:38.821987 0.182063 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:39.004525 0.155460 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:39.160392 0.055217 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:39.216015 0.166257 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:39.382666 0.157601 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:39.540701 0.585594 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:42:40.126702 0.139567 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/16 08:45:32.445475 3.000759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 08:45:39.452291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:45:47.453840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:46:03.456858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:46:35.462670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:52:31.184677 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 08:52:31.184923 0.496076 tcp 10.0.2.109 56209 -> 176.73.169.112 1959 FSPA* 0 0 15 1588 flow=From-Botnet-V1-TCP-Established 1970/01/16 08:52:39.469171 3.001590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 08:52:46.476278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:52:54.477568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:53:10.481104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:53:42.486785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 08:59:46.492894 3.001464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 08:59:53.500126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:00:01.501586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:00:17.505015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:00:49.511032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:06:53.517095 3.001169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 09:07:00.523971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:07:08.525746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:07:24.528553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:07:56.535022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:12:58.849965 0.041223 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 09:12:58.891378 0.000000 udp 10.0.2.109 3683 -> 81.157.133.94 5187 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 09:13:14.923955 0.053672 tcp 10.0.2.109 56210 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:13:14.977886 0.051652 tcp 10.0.2.109 56211 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:13:15.029865 0.151034 tcp 10.0.2.109 56212 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:13:15.181513 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 09:13:32.458019 0.053235 tcp 10.0.2.109 56213 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:13:32.511535 0.053374 tcp 10.0.2.109 56214 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:13:32.565153 0.152235 tcp 10.0.2.109 56215 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:13:32.717881 0.058556 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:32.776810 0.055410 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:32.832623 0.057689 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:32.890660 0.193174 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:33.084256 0.173744 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:33.258554 0.154290 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:33.413233 0.030521 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:33.444114 0.057776 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:33.502293 0.055973 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:33.558674 0.142946 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:33.702012 0.142201 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:33.844566 0.178894 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:34.135338 0.101881 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:34.237623 0.150180 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:34.388195 0.052493 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:34.441085 0.042027 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:34.483516 0.192706 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:34.676640 0.040282 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:34.717319 0.164125 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:34.882216 0.171613 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:35.054272 0.058798 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:35.113455 0.054867 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:35.168697 0.171889 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:35.340975 0.186515 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:35.527915 0.165827 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:35.694306 0.149701 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:35.844443 0.155932 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:36.000790 0.064802 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:36.066010 1.124169 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:13:37.190536 0.141405 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:14:00.550698 3.001560 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 09:14:07.557867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:14:15.559379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:14:31.562910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:15:03.568797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:21:07.575264 3.001437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 09:21:14.582169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:21:22.583563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:21:38.586521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:22:10.592948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:22:31.693628 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 09:22:31.693910 0.453323 tcp 10.0.2.109 56216 -> 176.73.169.112 1959 FSPA* 0 0 12 1431 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:28:14.599683 3.000471 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 09:28:21.605779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:28:29.607684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:28:45.610693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:29:17.616822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:35:21.623154 3.001163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 09:35:28.629761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:35:36.631570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:35:52.634270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:36:24.640306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:42:28.647459 3.000530 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 09:42:35.653928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:42:43.655434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:42:59.668231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:43:31.674963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:44:02.639722 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 09:44:02.639832 0.139599 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:02.779805 0.054729 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:02.834900 0.186223 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:03.021655 0.058457 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:03.080466 0.053773 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:03.134664 0.174889 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:03.310021 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 09:44:19.185457 0.053558 tcp 10.0.2.109 56217 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:44:19.238811 0.054326 tcp 10.0.2.109 56218 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:44:19.293422 0.138450 tcp 10.0.2.109 56219 -> 195.113.214.211 443 SRPA* 0 0 38 27884 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:44:19.432499 0.596090 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.029040 0.059636 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.089108 0.057314 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.146813 0.147229 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.294494 0.142088 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.436998 0.173426 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.610849 0.102542 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.713821 0.153768 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.868035 0.051470 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.919899 0.042378 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:20.962688 0.189886 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:21.153001 0.044189 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:21.197558 0.195021 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:21.392931 0.308925 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:21.702453 0.054691 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:21.757542 0.059429 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:21.817373 0.175804 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:21.993592 0.000000 udp 10.0.2.109 3683 -> 123.237.23.0 1902 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 09:44:39.883690 0.052685 tcp 10.0.2.109 56220 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:44:39.936671 0.052341 tcp 10.0.2.109 56221 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:44:39.989327 0.267158 tcp 10.0.2.109 56222 -> 195.113.214.211 443 SRPA* 0 0 26 13966 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:44:40.257137 0.167125 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:40.424611 0.153322 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:40.578491 0.153042 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:40.731891 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 09:44:56.146969 0.052452 tcp 10.0.2.109 56223 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:44:56.199818 0.054078 tcp 10.0.2.109 56224 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:44:56.254229 0.159076 tcp 10.0.2.109 56225 -> 195.113.214.211 443 SRPA* 0 0 31 21106 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:44:56.413891 0.272688 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:44:56.687041 0.144080 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/16 09:49:35.681289 3.001053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 09:49:42.688084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:49:50.689189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:50:06.692809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:50:38.698778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:52:32.151939 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 09:52:32.152077 0.537819 tcp 10.0.2.109 56226 -> 176.73.169.112 1959 FSPA* 0 0 15 1624 flow=From-Botnet-V1-TCP-Established 1970/01/16 09:56:42.705472 3.000976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 09:56:49.711832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:56:57.713715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:57:13.716196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 09:57:45.722703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:03:49.729260 3.000645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 10:03:56.736094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:04:04.737765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:04:20.740476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:04:52.746758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:10:56.752006 3.002238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 10:11:03.759792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:11:11.761780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:11:27.764213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:11:59.770425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:15:09.594195 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 10:15:09.594376 0.175651 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:09.770480 0.000000 udp 10.0.2.109 3683 -> 123.237.23.0 1902 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 10:15:25.127871 0.076302 tcp 10.0.2.109 56227 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:15:25.204403 0.055307 tcp 10.0.2.109 56228 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:15:25.259980 0.160367 tcp 10.0.2.109 56229 -> 195.113.214.211 443 SRPA* 0 0 48 34976 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:15:25.420507 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 10:15:41.249691 0.052076 tcp 10.0.2.109 56230 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:15:41.302072 0.644872 tcp 10.0.2.109 56231 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:15:41.947220 0.155813 tcp 10.0.2.109 56232 -> 195.113.214.211 443 SRPA* 0 0 50 37458 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:15:42.103636 0.054008 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:42.158041 0.134995 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:42.293431 0.185623 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:42.479396 0.056336 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:42.536112 0.055926 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:42.592408 0.174528 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:42.767382 0.045537 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:42.813294 0.060495 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:42.874212 0.174873 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:43.049541 0.107834 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:43.157806 0.177986 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:43.336213 0.052628 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:43.389199 0.040092 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:43.429709 0.199350 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:43.629530 0.139984 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:43.769926 0.057105 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:43.827384 0.260503 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:44.088301 0.177642 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:44.266379 0.058740 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:44.325542 0.057961 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:44.383909 0.177891 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:44.562349 0.046027 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:44.608777 0.192246 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:44.801496 0.154676 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:44.956533 0.160390 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:45.117361 0.156455 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:45.274194 0.510428 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:15:45.785102 0.138462 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:18:03.776563 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 10:18:10.783709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:18:18.785772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:18:34.788087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:19:06.794507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:22:32.690953 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 10:22:32.691051 0.487662 tcp 10.0.2.109 56233 -> 176.73.169.112 1959 FSPA* 0 0 15 1588 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:25:10.800712 3.001225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 10:25:17.807664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:25:25.809479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:25:41.812359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:26:13.818071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:32:17.825239 3.000545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 10:32:24.831951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:32:32.833140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:32:48.836193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:33:20.842135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:39:24.848935 3.010959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 10:39:31.865896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:39:39.867386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:39:55.869987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:40:27.876121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:45:58.572035 0.028317 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 10:45:58.600568 0.169968 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:58.770940 0.058273 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:58.829631 0.126243 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:58.956318 0.183898 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:59.140624 0.054849 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:59.195872 0.049550 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:59.245786 0.174360 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:59.420546 0.047448 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:59.468397 0.058579 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:59.527346 0.142527 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:59.670391 0.106808 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:45:59.777624 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 10:46:17.651091 0.077858 tcp 10.0.2.109 56234 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:46:17.729251 0.058660 tcp 10.0.2.109 56235 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:46:17.788196 0.152816 tcp 10.0.2.109 56236 -> 195.113.214.211 443 SRPA* 0 0 42 22882 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:46:17.940421 0.052770 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:17.993625 0.000000 udp 10.0.2.109 3683 -> 87.153.124.203 4545 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 10:46:31.882038 3.001960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 10:46:34.213902 0.052758 tcp 10.0.2.109 56237 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:46:34.266950 0.057328 tcp 10.0.2.109 56238 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:46:34.324632 0.158265 tcp 10.0.2.109 56239 -> 195.113.214.211 443 SRPA* 0 0 49 42556 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:46:34.483563 0.171814 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:34.655852 0.144819 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:34.801076 0.058980 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:34.860436 0.163261 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:35.024133 0.175256 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:35.199744 0.058481 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:35.258625 0.057870 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:35.316833 0.177056 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:35.494268 0.040139 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:35.534821 0.188413 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:35.723640 0.156370 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:35.880358 2.796932 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:38.677711 0.141568 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:38.678028 3.155882 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 SPA_* 0 0 10 2780 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:46:38.819752 0.166629 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:38.889825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:46:38.986761 0.158839 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/16 10:46:44.385032 2.957158 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 16 12448 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:46:46.891362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:46:49.897641 3.032700 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 15 11754 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:46:55.512331 3.045858 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 18 15308 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:01.139547 3.187005 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 22 17572 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:02.893935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:47:06.926464 3.118391 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 18 17356 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:12.795641 3.327967 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 22 17572 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:18.556871 3.524914 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 32 18112 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:24.517388 3.302696 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 28 17896 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:30.178864 3.439487 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 27 17842 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:34.900068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:47:36.094608 3.382509 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 31 18058 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:41.836172 3.479354 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 30 18004 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:47.500486 3.562664 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 32 18112 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:53.235742 3.605730 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 32 18112 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:47:59.176840 3.693481 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 32 18112 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:48:05.248927 3.520106 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 32 18112 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:48:11.162060 3.665269 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 32 18112 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:48:17.355906 3.570516 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 34 18220 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:48:23.387774 3.828090 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 32 18112 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:48:29.669730 3.814704 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 32 18112 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:48:35.896844 4.006794 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 34 18220 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:48:42.189110 4.203727 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 36 18328 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:48:48.636650 4.225942 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 35 18274 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:48:55.176282 4.315871 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 34 18220 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:49:01.825833 4.205594 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 34 18220 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:49:08.393168 4.177961 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 35 18274 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:49:15.072258 4.327928 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 35 18274 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:49:21.753222 4.316672 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 34 18220 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:49:28.568805 4.231039 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 34 18220 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:49:35.400116 4.299612 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 34 18220 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:49:42.243562 4.216285 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_PA 0 0 34 18220 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:49:48.844394 3.669379 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 FPA_* 0 0 19 7282 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:49:55.714862 0.000142 tcp 10.0.2.109 56240 -> 116.58.61.124 2758 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:52:33.179487 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 10:52:33.179587 0.537776 tcp 10.0.2.109 56241 -> 176.73.169.112 1959 FSPA* 0 0 13 1548 flow=From-Botnet-V1-TCP-Established 1970/01/16 10:53:38.906474 3.001206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 10:53:45.913493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:53:53.915268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:54:09.918031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 10:54:41.924428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:00:45.930315 3.001420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 11:00:52.937891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:01:00.939464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:01:16.942402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:01:48.947993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:07:52.954114 3.001948 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 11:07:59.961426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:08:07.963408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:08:23.966312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:08:55.972319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:14:59.978373 3.001717 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 11:15:06.985461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:15:14.986841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:15:30.989996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:16:02.996022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:16:44.796309 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 11:16:44.796405 0.047726 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:44.844475 0.152090 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:44.996935 0.056104 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:45.053441 0.149299 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:45.203147 0.222059 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:45.425611 0.053503 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:45.479612 0.174583 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:45.654569 0.053169 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:45.708090 0.060549 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:45.769000 0.146557 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:45.915909 0.108175 udp 10.0.2.109 3683 <-> 176.74.96.2 8122 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:46.024505 0.184666 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:46.209549 0.032105 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:46.242194 0.052768 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:46.295479 0.196078 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:46.491992 0.142777 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:46.635264 0.058266 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:46.635736 3.007366 tcp 10.0.2.109 56242 -> 174.91.197.106 6016 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 11:16:46.693906 0.161996 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:46.856350 0.271713 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:47.128476 0.058674 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:47.187552 0.056490 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:47.244422 0.185824 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:47.430664 0.044155 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:47.475205 0.191989 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:47.667551 0.155309 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:47.823314 0.166218 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:47.989932 0.520505 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:48.510854 0.155454 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:48.666721 0.163941 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:16:55.641820 0.000000 tcp 10.0.2.109 56242 -> 174.91.197.106 6016 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 11:22:07.002290 3.001795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 11:22:14.009374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:22:22.011350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:22:33.718530 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 11:22:33.718628 0.576419 tcp 10.0.2.109 56243 -> 176.73.169.112 1959 FSPA* 0 0 15 1588 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:22:38.014180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:23:10.020405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:29:14.026614 3.001109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 11:29:21.033698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:29:29.035035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:29:45.037792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:30:17.044158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:36:21.049920 3.002095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 11:36:28.057734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:36:36.058841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:36:52.061862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:37:24.068224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:43:28.073675 3.002273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 11:43:35.081530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:43:43.133118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:43:59.135999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:44:31.142095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:46:56.511167 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 11:46:56.511257 0.061072 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:56.572712 0.047077 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:56.620203 0.152920 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:56.773626 0.147954 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:56.774075 3.001459 tcp 10.0.2.109 56244 -> 70.88.72.57 7429 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 11:46:56.922201 0.134537 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:57.057167 0.047487 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:57.105057 0.174598 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:57.280015 0.052596 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:57.333037 0.058791 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:57.392182 0.144267 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:46:57.536877 0.000000 udp 10.0.2.109 3683 -> 176.74.96.2 8122 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 11:47:05.774360 0.000000 tcp 10.0.2.109 56244 -> 70.88.72.57 7429 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 11:47:15.981367 0.056059 tcp 10.0.2.109 56245 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:47:16.037709 0.061758 tcp 10.0.2.109 56246 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:47:16.099742 0.171327 tcp 10.0.2.109 56247 -> 195.113.214.211 443 SRPA* 0 0 34 18150 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:47:16.271714 0.184627 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:16.456704 0.029701 rtcp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:16.486708 0.054168 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:16.541324 2.761640 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:19.303471 0.144985 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:19.303908 3.114841 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 SPA_* 0 0 6 474 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:47:19.448826 0.059017 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:19.508233 0.157474 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:19.666116 0.161847 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:19.828384 0.096952 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:19.925743 0.058204 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:19.984355 0.178754 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:20.163542 0.046662 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:20.210598 0.190108 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:20.401102 0.156507 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:20.557963 0.166450 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:20.724828 0.155886 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:20.881050 0.187178 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:21.139455 0.141552 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/16 11:47:25.118998 3.068209 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 10 5488 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:47:33.375325 4.946118 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 11 9386 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:47:40.794366 3.175234 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 10 6084 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:47:48.619864 0.196068 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 2 1308 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:47:53.662940 3.034742 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 14 10396 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:48:01.414720 4.826710 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 17 10558 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:48:10.917801 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 11:48:11.461646 0.197833 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 2 1308 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:48:18.852934 2.626020 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 11 8186 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:48:24.092093 3.139248 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:48:29.432084 3.177388 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 20 12872 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:48:37.608293 0.198842 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 5 3766 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:48:43.603719 2.565361 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 12 7392 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:48:48.761063 2.955490 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:48:53.939583 4.237042 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 13 9846 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:00.113500 3.039901 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 14 10996 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:05.412069 3.098939 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:10.898555 0.396478 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 4 2864 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:16.649544 4.862869 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 10 6904 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:21.419065 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 11:49:21.709616 4.706962 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 19 13094 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:31.573585 0.200618 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 5 4366 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:36.754839 4.701053 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 15 8050 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:43.917866 2.993203 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 15 11402 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:51.714329 4.194199 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 22 15772 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:49:58.235014 2.851880 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 17 13558 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:03.460608 4.185003 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 39 26682 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:08.870580 4.443776 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 48 27168 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:15.136624 3.124532 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 21 11374 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:20.620264 4.451215 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 15 13098 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:27.077449 4.932596 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 14 12416 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:32.211489 2.564809 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 18 11240 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:35.147626 3.002454 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 11:50:38.701487 0.199539 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 2 708 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:42.155810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:50:44.621135 4.574927 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 17 12006 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:50.157219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:50:51.261739 2.820820 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 16 10256 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:50:56.418902 4.383779 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 13 10942 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:02.440494 4.190599 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 22 19020 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:06.159932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:51:08.680886 4.999703 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 24 18280 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:13.704778 4.893692 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 30 22100 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:18.707475 2.760870 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 21 10774 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:25.600918 3.873107 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 16 13752 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:31.165973 4.807444 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 21 17518 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:38.165749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:51:38.264236 4.948357 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 18 12032 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:43.413570 4.226315 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 24 16860 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:49.735332 4.919177 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 27 19262 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:51:54.859783 4.767214 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 A_PA 0 0 36 25100 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:52:00.924725 4.977511 tcp 10.0.2.109 56248 -> 66.115.90.55 5707 FPA_* 0 0 37 16617 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:52:34.307250 0.436494 tcp 10.0.2.109 56249 -> 176.73.169.112 1959 FSPA* 0 0 15 1724 flow=From-Botnet-V1-TCP-Established 1970/01/16 11:57:42.171879 3.002190 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 11:57:49.179743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:57:57.181167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:58:13.184253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 11:58:45.189875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:04:49.196132 3.001603 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 12:04:56.203966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:05:04.204624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:05:20.208125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:05:52.213715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:11:56.220717 3.001149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 12:12:03.227193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:12:11.229193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:12:27.231680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:12:59.237796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:17:50.527522 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 12:17:50.527719 0.000000 udp 10.0.2.109 3683 -> 176.74.96.2 8122 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 12:18:07.372799 0.125423 tcp 10.0.2.109 56250 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 12:18:07.498420 0.053894 tcp 10.0.2.109 56251 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 12:18:07.552558 0.158143 tcp 10.0.2.109 56252 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 12:18:07.711010 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 12:18:24.215802 0.059345 tcp 10.0.2.109 56253 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 12:18:24.275475 0.052827 tcp 10.0.2.109 56254 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 12:18:24.328618 0.150502 tcp 10.0.2.109 56255 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 12:18:24.479269 0.145771 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:24.625453 0.055295 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:24.681156 0.047753 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:24.729237 0.174644 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:24.904229 0.055768 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:24.960391 0.058631 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:25.019461 0.143181 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:25.163063 0.049725 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:25.213289 0.139722 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:25.213694 2.997100 tcp 10.0.2.109 56256 -> 79.242.184.36 7570 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 12:18:25.353417 0.052513 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:25.406375 0.184885 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:25.591668 0.029535 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:25.621544 0.820166 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:26.442249 0.141676 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:26.584324 0.062818 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:26.647581 0.159918 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:26.807840 0.179425 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:26.987670 0.064242 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:27.052306 0.058082 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:27.110771 0.192618 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:27.303779 0.157132 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:27.461372 0.164854 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:27.626603 0.155145 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:27.782166 0.176509 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:27.959307 0.044612 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:28.004259 0.199430 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:28.204114 0.144250 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:18:34.209790 0.000000 tcp 10.0.2.109 56256 -> 79.242.184.36 7570 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 12:19:03.243819 3.002025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 12:19:10.251120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:19:18.252983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:19:34.255790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:20:06.261984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:22:34.745957 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 12:22:34.746218 0.530254 tcp 10.0.2.109 56257 -> 176.73.169.112 1959 FSPA* 0 0 14 1500 flow=From-Botnet-V1-TCP-Established 1970/01/16 12:26:10.268141 3.001665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 12:26:17.275699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:26:25.276511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:26:41.280016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:27:13.286707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:33:17.293154 3.001215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 12:33:24.299583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:33:32.301194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:33:48.303678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:34:20.310237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:40:24.315558 3.002207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 12:40:31.323024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:40:39.324639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:40:55.398343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:41:27.404125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:47:31.411095 3.000378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 12:47:38.417515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:47:46.419378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:48:02.421625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:48:34.097721 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 12:48:34.097860 0.149218 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:34.247659 0.041815 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:34.248127 3.003631 tcp 10.0.2.109 56258 -> 70.88.72.57 7429 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 12:48:34.289827 0.175886 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:34.427742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:48:34.466154 0.053419 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:34.519958 0.151555 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:34.671901 0.054293 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:34.726578 0.058570 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:34.785512 0.144950 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:34.930839 0.051017 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:34.982232 0.129409 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:35.112041 0.051678 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:35.164087 0.184727 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:35.349239 0.032221 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:35.381767 0.219981 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:35.602129 0.141063 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:35.743636 0.061664 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:35.805669 0.217936 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:36.024015 0.171176 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:36.195533 0.054583 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:36.250653 0.054589 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:36.305573 0.189483 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:36.495471 0.157105 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:36.653007 0.165321 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:36.818667 0.155058 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:36.974070 0.177603 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:37.152081 0.136709 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:37.289258 0.048132 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:37.337752 0.187367 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/16 12:48:43.250197 0.000000 tcp 10.0.2.109 56258 -> 70.88.72.57 7429 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 12:52:35.314469 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 12:52:35.314618 0.540358 tcp 10.0.2.109 56259 -> 176.73.169.112 1959 FSPA* 0 0 14 1613 flow=From-Botnet-V1-TCP-Established 1970/01/16 12:54:38.434095 3.001571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 12:54:45.441643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:54:53.443108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:55:09.445949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 12:55:41.451721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:01:45.458318 3.001386 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 13:01:52.465167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:02:00.466869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:02:16.469706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:02:48.475763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:08:52.482381 3.001072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 13:08:59.489597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:09:07.491122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:09:23.493867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:09:55.499892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:15:59.506392 3.001276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 13:16:06.513531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:16:14.524807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:16:30.527513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:17:02.533610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:18:45.662710 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 13:18:45.662865 0.149919 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:45.813277 0.042755 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:45.813715 3.002488 tcp 10.0.2.109 56260 -> 70.88.72.57 7429 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:18:45.856419 0.177171 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.034004 0.050773 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.085133 0.146406 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.231930 0.057701 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.289962 0.057304 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.347705 0.141513 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.489608 0.055585 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.545574 0.127834 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.673815 0.052770 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.726983 0.179579 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:46.906924 0.794424 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:47.701724 0.183305 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:47.885419 0.136632 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:48.022505 0.060173 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:48.083074 0.159409 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:48.242827 0.156051 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:48.399324 0.054694 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:48.454370 0.055198 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:48.509945 0.198899 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:48.709346 0.154411 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:48.864161 0.168742 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:49.033353 0.152985 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:49.186681 0.044551 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:49.231591 0.203377 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:49.435384 0.177664 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:49.613452 0.143094 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:18:54.814818 0.000000 tcp 10.0.2.109 56260 -> 70.88.72.57 7429 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:22:35.853534 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 13:22:35.853654 0.466286 tcp 10.0.2.109 56261 -> 176.73.169.112 1959 FSPA* 0 0 15 1737 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:23:06.539766 3.001923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 13:23:13.547488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:23:21.548816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:23:37.551952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:24:09.557924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:30:13.564072 3.001399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 13:30:20.571220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:30:28.572400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:30:44.576031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:31:16.581827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:37:20.588450 3.000874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 13:37:27.596201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:37:35.596610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:37:51.599795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:38:23.605930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:44:27.611418 3.152457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 13:44:34.769418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:44:42.771053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:44:58.773830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:45:30.780122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:49:01.092758 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 13:49:01.092907 0.151198 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:01.244650 0.042465 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:01.245119 3.001690 tcp 10.0.2.109 56262 -> 70.88.72.57 7429 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:49:01.287557 0.176368 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:01.464307 0.052436 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:01.517124 0.143031 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:01.660570 0.053184 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:01.714105 0.060035 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:01.774535 0.143645 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:01.918602 0.052229 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:01.971192 0.148973 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:02.120513 0.052721 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:02.173624 0.192019 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:02.366091 0.029560 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:02.395987 0.220012 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:02.616391 0.140770 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:02.757524 0.059872 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:02.817823 0.161969 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:02.980181 0.144972 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:03.125516 0.134016 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:03.259943 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 13:49:10.245315 0.000000 tcp 10.0.2.109 56262 -> 70.88.72.57 7429 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:49:18.949719 0.054669 tcp 10.0.2.109 56263 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:49:19.004728 0.051873 tcp 10.0.2.109 56264 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:49:19.056872 0.139507 tcp 10.0.2.109 56265 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:49:19.196871 0.185481 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:19.382752 0.155752 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:19.538909 0.166729 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:19.705975 0.188344 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:19.894751 0.172913 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:20.068140 0.145772 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:20.214514 0.149921 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:49:20.364826 0.039988 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/16 13:51:34.786326 3.001386 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 13:51:41.793119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:51:49.794886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:52:05.797810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:52:36.392718 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 13:52:36.392812 2.993686 tcp 10.0.2.109 56266 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:52:37.804084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:52:45.384601 0.000000 tcp 10.0.2.109 56266 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:52:51.395355 0.053052 tcp 10.0.2.109 56267 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:52:51.448722 0.051348 tcp 10.0.2.109 56268 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:52:51.500389 0.139163 tcp 10.0.2.109 56269 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:52:51.668375 2.999905 tcp 10.0.2.109 56270 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:53:00.666837 0.000000 tcp 10.0.2.109 56270 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:53:06.665628 0.051730 tcp 10.0.2.109 56271 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:53:06.717595 0.051938 tcp 10.0.2.109 56272 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:53:06.769827 0.144081 tcp 10.0.2.109 56273 -> 195.113.214.211 443 SRPA* 0 0 50 31620 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:53:06.923753 3.005953 tcp 10.0.2.109 56274 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:53:15.928233 0.000000 tcp 10.0.2.109 56274 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:53:21.917950 0.051317 tcp 10.0.2.109 56275 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:53:21.969497 0.032431 tcp 10.0.2.109 56276 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:53:22.002401 0.139100 tcp 10.0.2.109 56277 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:53:22.246913 2.995338 tcp 10.0.2.109 56278 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:53:31.240487 0.000000 tcp 10.0.2.109 56278 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:53:37.239784 0.051930 tcp 10.0.2.109 56279 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:53:37.292041 0.052311 tcp 10.0.2.109 56280 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:53:37.344621 0.141720 tcp 10.0.2.109 56281 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 13:53:37.538313 3.005842 tcp 10.0.2.109 56282 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:53:46.552922 0.000000 tcp 10.0.2.109 56282 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:53:52.531449 2.994222 tcp 10.0.2.109 56283 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:54:01.524078 0.000000 tcp 10.0.2.109 56283 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:54:07.533052 2.994216 tcp 10.0.2.109 56284 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:54:16.526081 0.000000 tcp 10.0.2.109 56284 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:54:21.522988 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 13:54:22.534557 3.004072 tcp 10.0.2.109 56285 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:54:31.537165 0.000000 tcp 10.0.2.109 56285 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:58:41.809288 3.002004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 13:58:48.817249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:58:56.818417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:59:12.821619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:59:37.537840 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 13:59:37.537932 3.003707 tcp 10.0.2.109 56286 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 13:59:44.827538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 13:59:54.328321 0.000000 tcp 10.0.2.109 56286 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:00:00.245117 0.053295 tcp 10.0.2.109 56287 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:00.298689 0.052570 tcp 10.0.2.109 56288 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:00.351567 0.141950 tcp 10.0.2.109 56289 -> 195.113.214.211 443 SRPA* 0 0 37 31144 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:01.428476 2.954185 tcp 10.0.2.109 56290 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:00:10.303549 0.000000 tcp 10.0.2.109 56290 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:00:16.214783 0.052568 tcp 10.0.2.109 56291 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:16.267654 0.052266 tcp 10.0.2.109 56292 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:16.320231 0.151019 tcp 10.0.2.109 56293 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:16.983112 2.958109 tcp 10.0.2.109 56294 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:00:25.867111 0.000000 tcp 10.0.2.109 56294 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:00:31.786322 0.051521 tcp 10.0.2.109 56295 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:31.838179 0.051251 tcp 10.0.2.109 56296 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:31.889744 0.143297 tcp 10.0.2.109 56297 -> 195.113.214.211 443 SRPA* 0 0 44 27482 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:32.063482 2.963020 tcp 10.0.2.109 56298 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:00:40.947108 0.000000 tcp 10.0.2.109 56298 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:00:46.866199 0.051174 tcp 10.0.2.109 56299 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:46.917757 0.035363 tcp 10.0.2.109 56300 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:46.953516 0.151330 tcp 10.0.2.109 56301 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:00:47.133097 2.966924 tcp 10.0.2.109 56302 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:00:56.018744 0.000000 tcp 10.0.2.109 56302 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:01:01.927761 2.956817 tcp 10.0.2.109 56303 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:01:10.804354 0.000000 tcp 10.0.2.109 56303 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:01:16.723627 2.951356 tcp 10.0.2.109 56304 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:01:25.598178 0.000000 tcp 10.0.2.109 56304 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:01:30.493181 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:01:31.518607 2.953314 tcp 10.0.2.109 56305 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:01:40.386039 0.000000 tcp 10.0.2.109 56305 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:05:50.966870 3.001959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 14:05:57.974101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:06:05.975663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:06:21.978570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:06:42.188324 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:06:42.188500 3.003440 tcp 10.0.2.109 56306 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:06:51.190952 0.000000 tcp 10.0.2.109 56306 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:06:53.985100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:06:57.191071 0.054307 tcp 10.0.2.109 56307 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:06:57.245642 0.051090 tcp 10.0.2.109 56308 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:06:57.297013 0.129988 tcp 10.0.2.109 56309 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:06:57.441638 2.992056 tcp 10.0.2.109 56310 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:07:06.442535 0.000000 tcp 10.0.2.109 56310 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:07:12.442312 0.051459 tcp 10.0.2.109 56311 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:07:12.494029 0.052968 tcp 10.0.2.109 56312 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:07:12.546840 0.141614 tcp 10.0.2.109 56313 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:07:12.703718 3.002183 tcp 10.0.2.109 56314 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:07:21.704421 0.000000 tcp 10.0.2.109 56314 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:07:27.704251 0.052548 tcp 10.0.2.109 56315 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:07:27.757038 0.051611 tcp 10.0.2.109 56316 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:07:27.808950 0.143885 tcp 10.0.2.109 56317 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:07:27.963388 2.994711 tcp 10.0.2.109 56318 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:07:36.956389 0.000000 tcp 10.0.2.109 56318 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:07:42.966636 0.051300 tcp 10.0.2.109 56319 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:07:43.018230 0.052472 tcp 10.0.2.109 56320 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:07:43.070980 0.146893 tcp 10.0.2.109 56321 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:07:43.232398 2.997849 tcp 10.0.2.109 56322 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:07:52.228739 0.000000 tcp 10.0.2.109 56322 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:07:58.227475 3.003863 tcp 10.0.2.109 56323 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:08:07.230292 0.000000 tcp 10.0.2.109 56323 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:08:13.228802 3.004177 tcp 10.0.2.109 56324 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:08:22.231619 0.000000 tcp 10.0.2.109 56324 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:08:27.148783 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:08:28.230676 2.993864 tcp 10.0.2.109 56325 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:08:37.233466 0.000000 tcp 10.0.2.109 56325 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:12:57.990825 3.001518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 14:13:04.998303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:13:12.999939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:13:29.002521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:13:43.233570 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:13:43.233672 3.003857 tcp 10.0.2.109 56326 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:13:52.236290 0.000000 tcp 10.0.2.109 56326 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:13:58.236961 0.052049 tcp 10.0.2.109 56327 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:13:58.289334 0.051441 tcp 10.0.2.109 56328 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:13:58.341066 0.138905 tcp 10.0.2.109 56329 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:13:58.688809 3.001117 tcp 10.0.2.109 56330 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:14:01.008458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:14:07.688540 0.000000 tcp 10.0.2.109 56330 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:14:13.688093 0.052240 tcp 10.0.2.109 56331 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:14:13.740194 0.033621 tcp 10.0.2.109 56332 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:14:13.774119 0.141296 tcp 10.0.2.109 56333 -> 195.113.214.211 443 SRPA* 0 0 35 18714 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:14:14.087585 3.004208 tcp 10.0.2.109 56334 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:14:23.090629 0.000000 tcp 10.0.2.109 56334 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:14:29.079623 0.050305 tcp 10.0.2.109 56335 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:14:29.130437 0.052750 tcp 10.0.2.109 56336 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:14:29.183543 0.144641 tcp 10.0.2.109 56337 -> 195.113.214.211 443 SRPA* 0 0 49 30146 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:14:29.339143 3.004963 tcp 10.0.2.109 56338 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:14:38.352348 0.000000 tcp 10.0.2.109 56338 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:14:44.331208 0.051409 tcp 10.0.2.109 56339 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:14:44.382887 0.051592 tcp 10.0.2.109 56340 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:14:44.434767 0.149438 tcp 10.0.2.109 56341 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:14:44.596414 2.999127 tcp 10.0.2.109 56342 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:14:53.594015 0.000000 tcp 10.0.2.109 56342 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:14:59.592826 2.994540 tcp 10.0.2.109 56343 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:15:08.585625 0.000000 tcp 10.0.2.109 56343 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:15:14.594970 3.004315 tcp 10.0.2.109 56344 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:15:23.597657 0.000000 tcp 10.0.2.109 56344 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:15:29.596235 3.004164 tcp 10.0.2.109 56345 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:15:34.142448 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:15:38.599001 0.000000 tcp 10.0.2.109 56345 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:19:40.727447 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:19:40.727632 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 14:19:57.482672 0.052624 tcp 10.0.2.109 56346 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:19:57.535630 0.052455 tcp 10.0.2.109 56347 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:19:57.588416 0.142932 tcp 10.0.2.109 56348 -> 195.113.214.211 443 SRPA* 0 0 42 24322 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:19:57.732104 0.058570 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:57.775260 0.186068 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:57.775651 3.000168 tcp 10.0.2.109 56349 -> 87.153.124.203 5250 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:19:57.953886 0.065918 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:58.002991 0.150212 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:58.150680 0.076796 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:58.208886 0.080792 rtp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:58.271174 0.168846 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:58.419244 0.155288 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:58.538060 0.157074 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:58.690290 0.214371 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:58.898979 0.039926 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:58.977644 0.219545 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:59.181335 0.169176 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:59.324648 0.073469 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:59.384679 0.163734 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:59.545850 0.186526 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:59.676240 0.055725 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:59.750344 0.056588 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:19:59.967048 0.164630 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:20:00.150727 0.203507 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2570 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:20:00.346569 0.201345 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:20:00.604119 0.169082 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:20:00.810476 0.187767 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:20:01.019756 0.159754 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:20:01.172196 0.054275 rtp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:20:01.246705 0.197080 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:20:01.427648 0.251737 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:20:06.775098 0.000000 tcp 10.0.2.109 56349 -> 87.153.124.203 5250 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:20:20.016557 3.001233 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 14:20:27.023900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:20:35.025244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:20:44.599255 3.004303 tcp 10.0.2.109 56350 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:20:49.145499 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:20:51.027953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:20:53.601740 0.000000 tcp 10.0.2.109 56350 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:20:59.601693 0.051641 tcp 10.0.2.109 56351 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:20:59.653626 0.052735 tcp 10.0.2.109 56352 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:20:59.706858 0.143838 tcp 10.0.2.109 56353 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:20:59.930352 2.984996 tcp 10.0.2.109 56354 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:21:08.924356 0.000000 tcp 10.0.2.109 56354 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:21:14.923319 0.051916 tcp 10.0.2.109 56355 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:21:14.975509 0.052436 tcp 10.0.2.109 56356 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:21:15.028307 0.145255 tcp 10.0.2.109 56357 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:21:15.280639 2.987036 tcp 10.0.2.109 56358 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:21:23.034340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:21:24.265937 0.000000 tcp 10.0.2.109 56358 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:21:30.275587 0.052040 tcp 10.0.2.109 56359 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:21:30.327480 0.053297 tcp 10.0.2.109 56360 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:21:30.381100 0.144151 tcp 10.0.2.109 56361 -> 195.113.214.211 443 SRPA* 0 0 38 31798 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:21:30.563820 3.005597 tcp 10.0.2.109 56362 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:21:39.567755 0.000000 tcp 10.0.2.109 56362 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:21:45.557765 0.052217 tcp 10.0.2.109 56363 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:21:45.610302 0.053326 tcp 10.0.2.109 56364 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:21:45.663915 0.212018 tcp 10.0.2.109 56365 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:21:46.033196 2.998784 tcp 10.0.2.109 56366 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:21:55.030177 0.000000 tcp 10.0.2.109 56366 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:22:01.029253 3.003616 tcp 10.0.2.109 56367 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:22:10.032116 0.000000 tcp 10.0.2.109 56367 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:22:16.030352 2.994178 tcp 10.0.2.109 56368 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:22:25.033069 0.000000 tcp 10.0.2.109 56368 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:22:31.031997 2.994537 tcp 10.0.2.109 56369 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:22:35.648555 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:22:40.025038 0.000000 tcp 10.0.2.109 56369 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:27:27.040264 3.002497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 14:27:34.047589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:27:42.048981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:27:46.035530 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:27:46.035705 3.003619 tcp 10.0.2.109 56370 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:27:55.038328 0.000000 tcp 10.0.2.109 56370 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:27:58.052473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:28:01.037912 0.052796 tcp 10.0.2.109 56371 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:01.091033 0.053711 tcp 10.0.2.109 56372 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:01.145024 0.149529 tcp 10.0.2.109 56373 -> 195.113.214.211 443 SRPA* 0 0 32 17990 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:01.307123 3.004089 tcp 10.0.2.109 56374 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:28:10.309788 0.000000 tcp 10.0.2.109 56374 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:28:16.309418 0.052887 tcp 10.0.2.109 56375 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:16.362596 0.052484 tcp 10.0.2.109 56376 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:16.415382 0.141623 tcp 10.0.2.109 56377 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:16.568873 3.003970 tcp 10.0.2.109 56378 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:28:25.571666 0.000000 tcp 10.0.2.109 56378 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:28:30.058409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:28:31.570783 0.053530 tcp 10.0.2.109 56379 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:31.624142 0.053631 tcp 10.0.2.109 56380 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:31.677613 0.144154 tcp 10.0.2.109 56381 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:31.859812 2.995674 tcp 10.0.2.109 56382 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:28:40.863909 0.000000 tcp 10.0.2.109 56382 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:28:46.852699 0.051226 tcp 10.0.2.109 56383 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:46.904267 0.052445 tcp 10.0.2.109 56384 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:46.957046 0.142447 tcp 10.0.2.109 56385 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:28:47.109397 2.997459 tcp 10.0.2.109 56386 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:28:56.106002 0.000000 tcp 10.0.2.109 56386 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:29:02.104506 3.004429 tcp 10.0.2.109 56387 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:29:11.107331 0.000000 tcp 10.0.2.109 56387 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:29:17.106213 3.003879 tcp 10.0.2.109 56388 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:29:26.109183 0.000000 tcp 10.0.2.109 56388 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:29:32.107501 3.004518 tcp 10.0.2.109 56389 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:29:36.643701 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:29:41.110310 0.000000 tcp 10.0.2.109 56389 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:34:34.064663 3.001052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 14:34:41.071848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:34:47.110670 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:34:47.110770 2.993954 tcp 10.0.2.109 56390 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:34:49.073404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:34:56.113457 0.000000 tcp 10.0.2.109 56390 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:35:02.113250 0.053018 tcp 10.0.2.109 56391 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:02.166569 0.052477 tcp 10.0.2.109 56392 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:02.219305 0.175839 tcp 10.0.2.109 56393 -> 195.113.214.211 443 SRPA* 0 0 33 24278 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:02.765453 3.001886 tcp 10.0.2.109 56394 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:35:05.076362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:35:11.765720 0.000000 tcp 10.0.2.109 56394 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:35:17.764651 0.051598 tcp 10.0.2.109 56395 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:17.816562 0.053531 tcp 10.0.2.109 56396 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:17.870452 0.143224 tcp 10.0.2.109 56397 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:18.122390 2.996849 tcp 10.0.2.109 56398 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:35:27.117702 0.000000 tcp 10.0.2.109 56398 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:35:33.117021 0.051870 tcp 10.0.2.109 56399 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:33.169177 0.052858 tcp 10.0.2.109 56400 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:33.222450 0.141092 tcp 10.0.2.109 56401 -> 195.113.214.211 443 SRPA* 0 0 38 23358 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:33.505041 3.006324 tcp 10.0.2.109 56402 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:35:37.082217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:35:42.510309 0.000000 tcp 10.0.2.109 56402 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:35:48.498922 0.051237 tcp 10.0.2.109 56403 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:48.550413 0.052417 tcp 10.0.2.109 56404 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:48.603057 0.142181 tcp 10.0.2.109 56405 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:35:48.811944 3.001532 tcp 10.0.2.109 56406 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:35:57.811883 0.000000 tcp 10.0.2.109 56406 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:36:03.810571 2.994155 tcp 10.0.2.109 56407 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:36:12.813639 0.000000 tcp 10.0.2.109 56407 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:36:18.812786 2.993385 tcp 10.0.2.109 56408 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:36:27.804931 0.000000 tcp 10.0.2.109 56408 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:36:32.642208 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:36:33.814119 3.003678 tcp 10.0.2.109 56409 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:36:42.816372 0.000000 tcp 10.0.2.109 56409 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:41:41.089264 3.000766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 14:41:48.095403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:41:48.817440 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:41:48.817536 3.003794 tcp 10.0.2.109 56410 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:41:56.097340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:41:57.819270 0.000000 tcp 10.0.2.109 56410 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:42:03.820327 0.054221 tcp 10.0.2.109 56411 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:03.874820 0.052459 tcp 10.0.2.109 56412 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:03.927564 0.144914 tcp 10.0.2.109 56413 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:04.225112 3.008174 tcp 10.0.2.109 56414 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:42:12.100524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:42:13.231626 0.000000 tcp 10.0.2.109 56414 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:42:19.221455 0.052349 tcp 10.0.2.109 56415 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:19.274073 0.052711 tcp 10.0.2.109 56416 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:19.327245 0.143260 tcp 10.0.2.109 56417 -> 195.113.214.211 443 SRPA* 0 0 42 23350 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:19.496020 2.999594 tcp 10.0.2.109 56418 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:42:28.503997 0.000000 tcp 10.0.2.109 56418 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:42:34.492615 0.051548 tcp 10.0.2.109 56419 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:34.544438 0.051853 tcp 10.0.2.109 56420 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:34.596624 0.143022 tcp 10.0.2.109 56421 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:34.770845 2.986591 tcp 10.0.2.109 56422 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:42:43.755917 0.000000 tcp 10.0.2.109 56422 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:42:44.106238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:42:49.764662 0.052628 tcp 10.0.2.109 56423 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:49.817162 0.053435 tcp 10.0.2.109 56424 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:49.870930 0.146975 tcp 10.0.2.109 56425 -> 195.113.214.211 443 SRPA* 0 0 69 69904 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:42:50.036867 3.002286 tcp 10.0.2.109 56426 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:42:59.037931 0.000000 tcp 10.0.2.109 56426 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:43:05.036281 3.004453 tcp 10.0.2.109 56427 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:43:14.039386 0.000000 tcp 10.0.2.109 56427 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:43:20.038324 3.003601 tcp 10.0.2.109 56428 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:43:29.040900 0.000000 tcp 10.0.2.109 56428 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:43:35.039763 3.003612 tcp 10.0.2.109 56429 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:43:39.645658 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:43:44.052568 0.000000 tcp 10.0.2.109 56429 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:48:48.112739 3.000994 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 14:48:55.119879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:49:03.121283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:49:19.124414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:49:51.129931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:50:06.653080 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:50:06.653173 0.065929 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:06.702500 0.152744 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:06.702989 2.993773 tcp 10.0.2.109 56430 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:50:06.852209 0.078599 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:06.950749 0.059668 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:06.994368 0.185642 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:07.537940 0.082013 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:07.601642 0.168111 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:07.846640 0.087086 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:07.901203 0.157107 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:08.050827 0.186909 rtp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:08.232675 0.069647 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:08.486653 0.185592 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:08.662967 0.169113 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:08.810125 0.073398 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:09.083474 0.161277 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:09.328797 0.212932 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:09.484722 0.056374 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:09.615494 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 14:50:15.695317 0.000000 tcp 10.0.2.109 56430 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:50:20.051954 2.993754 tcp 10.0.2.109 56431 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:50:27.413956 0.054030 tcp 10.0.2.109 56432 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:27.468258 0.054530 tcp 10.0.2.109 56433 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:27.523100 0.145492 tcp 10.0.2.109 56434 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:27.668858 0.204047 rtp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:27.883131 0.165296 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:28.049567 4.998811 tcp 10.0.2.109 56435 -> 70.113.215.93 3558 SPA_* 0 0 333 235344 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:28.240988 0.165651 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:28.396510 0.200378 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:28.588224 0.188004 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:28.839607 0.166622 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:28.999108 0.041198 rtp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:29.044713 0.000000 tcp 10.0.2.109 56431 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:50:29.104029 0.195597 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:29.283149 0.145928 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/01/16 14:50:33.054275 4.983082 tcp 10.0.2.109 56435 -> 70.113.215.93 3558 A_PA 0 0 366 261428 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:35.054163 0.052545 tcp 10.0.2.109 56436 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:35.107062 0.053313 tcp 10.0.2.109 56437 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:35.160215 0.144693 tcp 10.0.2.109 56438 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:35.469485 2.998616 tcp 10.0.2.109 56439 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:50:38.164798 1.279531 tcp 10.0.2.109 56435 -> 70.113.215.93 3558 FPA_* 0 0 48 31785 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:44.467026 0.000000 tcp 10.0.2.109 56439 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:50:50.596157 0.052717 tcp 10.0.2.109 56440 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:50.649117 0.052777 tcp 10.0.2.109 56441 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:50.702245 0.140732 tcp 10.0.2.109 56442 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:50:50.947321 3.002918 tcp 10.0.2.109 56443 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:50:59.949016 0.000000 tcp 10.0.2.109 56443 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:51:05.948445 0.052680 tcp 10.0.2.109 56444 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:51:06.001443 0.054075 tcp 10.0.2.109 56445 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:51:06.055840 0.146485 tcp 10.0.2.109 56446 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:51:06.263342 2.998785 tcp 10.0.2.109 56447 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:51:15.261100 0.000000 tcp 10.0.2.109 56447 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:51:21.259955 2.993958 tcp 10.0.2.109 56448 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:51:30.262722 0.000000 tcp 10.0.2.109 56448 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:51:36.261371 2.994234 tcp 10.0.2.109 56449 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:51:45.254371 0.000000 tcp 10.0.2.109 56449 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:55:56.267579 3.002037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 14:56:03.274912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:56:11.276792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:56:27.279634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:56:51.264846 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:56:51.264952 3.003415 tcp 10.0.2.109 56450 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:56:59.285498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 14:57:00.267379 0.000000 tcp 10.0.2.109 56450 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:57:06.268175 0.053711 tcp 10.0.2.109 56451 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:06.322167 0.054095 tcp 10.0.2.109 56452 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:06.376559 0.143785 tcp 10.0.2.109 56453 -> 195.113.214.211 443 SRPA* 0 0 42 35856 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:06.531467 2.998881 tcp 10.0.2.109 56454 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:57:15.528955 0.000000 tcp 10.0.2.109 56454 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:57:21.528084 0.052943 tcp 10.0.2.109 56455 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:21.580857 0.054593 tcp 10.0.2.109 56456 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:21.635774 0.143707 tcp 10.0.2.109 56457 -> 195.113.214.211 443 SRPA* 0 0 48 36430 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:21.801794 3.000276 tcp 10.0.2.109 56458 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:57:30.800991 0.000000 tcp 10.0.2.109 56458 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:57:36.800269 0.052182 tcp 10.0.2.109 56459 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:36.852727 0.052202 tcp 10.0.2.109 56460 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:36.905273 0.143682 tcp 10.0.2.109 56461 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:37.060430 3.003915 tcp 10.0.2.109 56462 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:57:46.073318 0.000000 tcp 10.0.2.109 56462 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:57:52.062529 0.052144 tcp 10.0.2.109 56463 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:52.114921 0.052624 tcp 10.0.2.109 56464 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:52.167777 0.139041 tcp 10.0.2.109 56465 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/16 14:57:52.318388 2.998090 tcp 10.0.2.109 56466 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:58:01.315062 0.000000 tcp 10.0.2.109 56466 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:58:07.313722 3.003998 tcp 10.0.2.109 56467 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:58:16.316874 0.000000 tcp 10.0.2.109 56467 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:58:22.315371 3.003947 tcp 10.0.2.109 56468 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:58:31.317699 0.000000 tcp 10.0.2.109 56468 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:58:36.275377 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 14:58:37.317170 3.003468 tcp 10.0.2.109 56469 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 14:58:46.319890 0.000000 tcp 10.0.2.109 56469 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:03:03.291829 3.001894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 15:03:10.299352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:03:18.300822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:03:34.303959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:03:52.320444 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:03:52.320543 3.003019 tcp 10.0.2.109 56470 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:04:01.332590 0.000000 tcp 10.0.2.109 56470 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:04:06.310106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:04:07.322837 0.053837 tcp 10.0.2.109 56471 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:07.376970 0.054336 tcp 10.0.2.109 56472 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:07.431635 0.152270 tcp 10.0.2.109 56473 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:07.717336 2.998785 tcp 10.0.2.109 56474 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:04:16.714302 0.000000 tcp 10.0.2.109 56474 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:04:22.713791 0.053249 tcp 10.0.2.109 56475 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:22.766882 0.054156 tcp 10.0.2.109 56476 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:22.820890 0.148264 tcp 10.0.2.109 56477 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:22.981551 2.996277 tcp 10.0.2.109 56478 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:04:31.976468 0.000000 tcp 10.0.2.109 56478 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:04:37.976269 0.052466 tcp 10.0.2.109 56479 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:38.028591 0.053818 tcp 10.0.2.109 56480 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:38.082256 0.144048 tcp 10.0.2.109 56481 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:38.356704 3.003719 tcp 10.0.2.109 56482 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:04:47.358547 0.000000 tcp 10.0.2.109 56482 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:04:53.357951 0.052846 tcp 10.0.2.109 56483 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:53.411095 0.053331 tcp 10.0.2.109 56484 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:53.464669 0.145204 tcp 10.0.2.109 56485 -> 195.113.214.211 443 SRPA* 0 0 41 19176 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:04:53.641161 3.000668 tcp 10.0.2.109 56486 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:05:02.640648 0.000000 tcp 10.0.2.109 56486 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:05:08.639995 3.003620 tcp 10.0.2.109 56487 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:05:17.652002 0.000000 tcp 10.0.2.109 56487 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:05:23.641340 2.993954 tcp 10.0.2.109 56488 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:05:32.643873 0.000000 tcp 10.0.2.109 56488 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:05:38.643043 2.993637 tcp 10.0.2.109 56489 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:05:43.278748 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:05:47.635467 0.000000 tcp 10.0.2.109 56489 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:10:10.316393 3.001236 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 15:10:17.323292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:10:25.324632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:10:41.327339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:10:53.646321 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:10:53.646420 3.003249 tcp 10.0.2.109 56490 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:11:02.648207 0.000000 tcp 10.0.2.109 56490 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:11:08.648915 0.053140 tcp 10.0.2.109 56491 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:08.701896 0.054053 tcp 10.0.2.109 56492 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:08.756295 0.149960 tcp 10.0.2.109 56493 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:09.053386 2.998382 tcp 10.0.2.109 56494 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:11:13.333805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:11:18.050334 0.000000 tcp 10.0.2.109 56494 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:11:24.049451 0.052565 tcp 10.0.2.109 56495 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:24.102415 0.055535 tcp 10.0.2.109 56496 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:24.158279 0.140990 tcp 10.0.2.109 56497 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:24.311051 3.002787 tcp 10.0.2.109 56498 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:11:33.322066 0.000000 tcp 10.0.2.109 56498 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:11:39.311780 0.052126 tcp 10.0.2.109 56499 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:39.364201 0.053759 tcp 10.0.2.109 56500 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:39.418324 0.141333 tcp 10.0.2.109 56501 -> 195.113.214.211 443 SRPA* 0 0 40 33956 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:39.604065 3.001552 tcp 10.0.2.109 56502 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:11:48.604505 0.000000 tcp 10.0.2.109 56502 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:11:54.603773 0.052387 tcp 10.0.2.109 56503 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:54.656435 0.053392 tcp 10.0.2.109 56504 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:54.710200 0.141295 tcp 10.0.2.109 56505 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:11:54.895520 3.002508 tcp 10.0.2.109 56506 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:12:03.896448 0.000000 tcp 10.0.2.109 56506 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:12:09.895250 3.004243 tcp 10.0.2.109 56507 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:12:18.897709 0.000000 tcp 10.0.2.109 56507 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:12:24.896584 3.004492 tcp 10.0.2.109 56508 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:12:33.899132 0.000000 tcp 10.0.2.109 56508 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:12:38.776635 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:12:39.898049 3.004264 tcp 10.0.2.109 56509 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:12:48.901223 0.000000 tcp 10.0.2.109 56509 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:17:17.339911 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 15:17:24.347490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:17:32.348483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:17:48.351999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:17:54.901279 0.000174 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:17:54.901552 2.994203 tcp 10.0.2.109 56510 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:18:03.894039 0.000000 tcp 10.0.2.109 56510 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:18:09.903736 0.031583 tcp 10.0.2.109 56511 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:18:09.935629 0.031197 tcp 10.0.2.109 56512 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:18:09.967065 0.126189 tcp 10.0.2.109 56513 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:18:10.155816 3.001755 tcp 10.0.2.109 56514 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:18:19.155966 0.000000 tcp 10.0.2.109 56514 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:18:20.357928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:20:32.538311 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:20:32.538425 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 15:20:51.215390 0.051968 tcp 10.0.2.109 56515 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:20:51.267643 0.031489 tcp 10.0.2.109 56516 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:20:51.299013 0.124733 tcp 10.0.2.109 56517 -> 195.113.214.211 443 SRPA* 0 0 41 19176 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:20:51.424108 0.078211 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:51.479854 0.059546 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:51.691487 0.071834 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:51.922786 0.152143 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:52.070983 0.166596 rtp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:52.215187 0.084067 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:52.333668 0.157085 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:52.485644 0.186009 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:52.907379 0.083537 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:52.970185 0.044315 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:53.006350 0.196718 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:53.178667 0.160388 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:53.318662 0.195697 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:53.509946 0.056357 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 1955 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:53.703312 0.162651 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:53.862214 0.077336 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:53.921791 0.231554 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:54.087424 0.204360 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:54.323277 0.170512 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:54.587729 0.173164 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:54.752540 0.199469 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:54.944487 0.206210 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:55.288891 0.165079 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:55.446261 3.212779 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:58.098864 0.041216 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:20:58.161758 0.197057 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:23:25.156398 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:23:25.156647 3.003445 tcp 10.0.2.109 56518 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:23:34.158976 0.000000 tcp 10.0.2.109 56518 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:23:40.159694 0.359448 tcp 10.0.2.109 56519 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:23:40.519008 0.030295 tcp 10.0.2.109 56520 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:23:40.549575 0.130361 tcp 10.0.2.109 56521 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:23:40.892032 3.001007 tcp 10.0.2.109 56522 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:23:49.891673 0.000000 tcp 10.0.2.109 56522 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:23:55.890904 0.030517 tcp 10.0.2.109 56523 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:23:55.921780 0.052194 tcp 10.0.2.109 56524 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:23:55.974451 0.124671 tcp 10.0.2.109 56525 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:23:56.217045 2.997979 tcp 10.0.2.109 56526 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:24:05.223478 0.000000 tcp 10.0.2.109 56526 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:24:11.213042 0.053229 tcp 10.0.2.109 56527 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:24:11.266616 0.030981 tcp 10.0.2.109 56528 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:24:11.297907 0.124681 tcp 10.0.2.109 56529 -> 195.113.214.211 443 SRPA* 0 0 33 17068 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:24:11.643657 2.993503 tcp 10.0.2.109 56530 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:24:20.635596 0.000000 tcp 10.0.2.109 56530 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:24:24.533727 3.002179 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 15:24:26.645255 0.029964 tcp 10.0.2.109 56531 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:24:26.675482 0.053410 tcp 10.0.2.109 56532 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:24:26.729143 0.142606 tcp 10.0.2.109 56533 -> 195.113.214.211 443 SRPA* 0 0 35 18262 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:24:27.181413 2.998247 tcp 10.0.2.109 56534 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:24:31.541650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:24:36.177775 0.000000 tcp 10.0.2.109 56534 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:24:39.542777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:24:42.176837 3.003939 tcp 10.0.2.109 56535 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:24:51.179722 0.000000 tcp 10.0.2.109 56535 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:24:55.545832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:24:57.178570 3.004250 tcp 10.0.2.109 56536 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:25:06.181365 0.000000 tcp 10.0.2.109 56536 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:25:10.948124 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:25:12.179682 2.994263 tcp 10.0.2.109 56537 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:25:21.182677 0.000000 tcp 10.0.2.109 56537 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:25:27.551527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:30:27.183481 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:30:27.183693 2.993351 tcp 10.0.2.109 56538 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:30:36.175553 0.000000 tcp 10.0.2.109 56538 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:30:42.186694 0.031465 tcp 10.0.2.109 56539 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:30:42.218378 0.031208 tcp 10.0.2.109 56540 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:30:42.249848 0.125574 tcp 10.0.2.109 56541 -> 195.113.214.211 443 SRPA* 0 0 76 52142 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:30:42.384631 3.004440 tcp 10.0.2.109 56542 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:30:51.387760 0.000000 tcp 10.0.2.109 56542 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:30:57.386327 0.030193 tcp 10.0.2.109 56543 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:30:57.416787 0.030969 tcp 10.0.2.109 56544 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:30:57.448032 0.127033 tcp 10.0.2.109 56545 -> 195.113.214.211 443 SRPA* 0 0 52 35798 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:30:57.586713 3.003993 tcp 10.0.2.109 56546 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:31:06.589572 0.000000 tcp 10.0.2.109 56546 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:31:12.588597 0.030191 tcp 10.0.2.109 56547 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:31:12.619064 0.030795 tcp 10.0.2.109 56548 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:31:12.650145 0.124347 tcp 10.0.2.109 56549 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:31:12.787735 3.005005 tcp 10.0.2.109 56550 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:31:21.791025 0.000000 tcp 10.0.2.109 56550 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:31:27.780547 0.034443 tcp 10.0.2.109 56551 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:31:27.815252 0.091417 tcp 10.0.2.109 56552 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:31:27.907016 0.121844 tcp 10.0.2.109 56553 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:31:28.111043 2.993142 tcp 10.0.2.109 56554 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:31:31.558825 3.000744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 15:31:37.113473 0.000000 tcp 10.0.2.109 56554 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:31:38.565595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:31:43.112291 2.993763 tcp 10.0.2.109 56555 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:31:46.566922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:31:52.104502 0.000000 tcp 10.0.2.109 56555 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:31:58.113344 2.994581 tcp 10.0.2.109 56556 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:32:02.569645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:32:07.106490 0.000000 tcp 10.0.2.109 56556 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:32:11.943094 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:32:13.114802 3.004633 tcp 10.0.2.109 56557 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:32:22.118030 0.000000 tcp 10.0.2.109 56557 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:32:34.575996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:37:28.118186 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:37:28.118412 3.004120 tcp 10.0.2.109 56558 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:37:37.120978 0.000000 tcp 10.0.2.109 56558 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:37:43.121140 0.030787 tcp 10.0.2.109 56559 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:37:43.152227 0.052840 tcp 10.0.2.109 56560 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:37:43.205371 0.128402 tcp 10.0.2.109 56561 -> 195.113.214.211 443 SRPA* 0 0 41 30268 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:37:43.352545 2.991550 tcp 10.0.2.109 56562 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:37:52.352912 0.000000 tcp 10.0.2.109 56562 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:37:58.351970 0.030371 tcp 10.0.2.109 56563 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:37:58.382620 0.031669 tcp 10.0.2.109 56564 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:37:58.414557 0.127170 tcp 10.0.2.109 56565 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:37:58.635719 2.990186 tcp 10.0.2.109 56566 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:38:07.624828 0.000000 tcp 10.0.2.109 56566 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:38:13.633739 0.051523 tcp 10.0.2.109 56567 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:38:13.685538 0.053052 tcp 10.0.2.109 56568 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:38:13.738775 0.148583 tcp 10.0.2.109 56569 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:38:14.037808 3.000043 tcp 10.0.2.109 56570 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:38:23.036966 0.000000 tcp 10.0.2.109 56570 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:38:29.036209 0.031026 tcp 10.0.2.109 56571 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:38:29.067503 0.051675 tcp 10.0.2.109 56572 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:38:29.119437 0.123659 tcp 10.0.2.109 56573 -> 195.113.214.211 443 SRPA* 0 0 20 11307 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:38:29.287963 3.002514 tcp 10.0.2.109 56574 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:38:38.288549 0.000000 tcp 10.0.2.109 56574 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:38:38.581811 3.001584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 15:38:44.287761 3.003870 tcp 10.0.2.109 56575 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:38:45.599647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:38:53.290046 0.000000 tcp 10.0.2.109 56575 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:38:53.600665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:38:59.329474 3.003565 tcp 10.0.2.109 56576 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:39:08.331720 0.000000 tcp 10.0.2.109 56576 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:39:09.603813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:39:14.330378 2.994647 tcp 10.0.2.109 56577 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:39:18.957117 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:39:23.333500 0.000000 tcp 10.0.2.109 56577 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:39:41.609615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:44:29.334399 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:44:29.334500 3.003162 tcp 10.0.2.109 56578 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:44:38.336565 0.000000 tcp 10.0.2.109 56578 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:44:44.336932 0.030795 tcp 10.0.2.109 56579 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:44:44.368033 0.031122 tcp 10.0.2.109 56580 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:44:44.399442 0.124759 tcp 10.0.2.109 56581 -> 195.113.214.211 443 SRPA* 0 0 32 17514 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:44:44.556853 3.002844 tcp 10.0.2.109 56582 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:44:53.558226 0.000000 tcp 10.0.2.109 56582 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:44:59.558126 0.032481 tcp 10.0.2.109 56583 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:44:59.590827 0.031572 tcp 10.0.2.109 56584 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:44:59.622746 0.125832 tcp 10.0.2.109 56585 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:44:59.764129 3.007639 tcp 10.0.2.109 56586 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:45:08.769879 0.000000 tcp 10.0.2.109 56586 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:45:14.759626 0.031031 tcp 10.0.2.109 56587 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:45:14.790940 0.031652 tcp 10.0.2.109 56588 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:45:14.822876 0.130490 tcp 10.0.2.109 56589 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:45:15.006877 3.006672 tcp 10.0.2.109 56590 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:45:24.012344 0.000000 tcp 10.0.2.109 56590 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:45:30.001173 0.052412 tcp 10.0.2.109 56591 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:45:30.053410 0.031792 tcp 10.0.2.109 56592 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:45:30.085076 0.129546 tcp 10.0.2.109 56593 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:45:30.256863 2.998346 tcp 10.0.2.109 56594 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:45:39.263738 0.000000 tcp 10.0.2.109 56594 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:45:45.252601 2.994586 tcp 10.0.2.109 56595 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:45:45.616061 3.001824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 15:45:52.623323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:45:54.245835 0.000000 tcp 10.0.2.109 56595 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:46:00.254267 3.004274 tcp 10.0.2.109 56596 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:46:00.624981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:46:09.257295 0.000000 tcp 10.0.2.109 56596 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:46:15.256125 3.003817 tcp 10.0.2.109 56597 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:46:16.628038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:46:19.952469 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:46:24.258666 0.000000 tcp 10.0.2.109 56597 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:46:48.633799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:50:59.614828 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:50:59.614966 0.078768 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:50:59.671019 0.057709 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:50:59.802410 0.166521 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:50:59.947433 0.083932 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:00.403085 0.153584 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:00.550801 0.065551 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:00.663135 0.152965 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:00.813336 0.186248 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:00.992228 0.084540 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:01.064306 0.039663 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:01.149087 0.181869 rtp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:01.321839 0.164997 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:01.548476 0.196228 rtp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:01.741106 0.055406 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:01.910727 0.213346 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:02.053603 0.201747 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:02.342038 0.209490 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:02.593837 0.168642 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:02.749238 0.164797 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:02.911293 0.074656 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:03.057447 0.199488 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:03.249505 0.188017 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:03.472681 0.168367 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:03.632724 0.197416 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:03.883655 0.445010 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:04.192420 0.065427 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/01/16 15:51:30.259265 3.003632 tcp 10.0.2.109 56598 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:51:39.261901 0.000000 tcp 10.0.2.109 56598 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:51:43.957992 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:51:45.261970 0.032533 tcp 10.0.2.109 56599 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:51:45.294790 0.031706 tcp 10.0.2.109 56600 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:51:45.326785 0.125426 tcp 10.0.2.109 56601 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:51:45.462653 2.992306 tcp 10.0.2.109 56602 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:51:54.463771 0.000000 tcp 10.0.2.109 56602 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:52:00.462721 0.030485 tcp 10.0.2.109 56603 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:52:00.493512 0.031201 tcp 10.0.2.109 56604 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:52:00.524970 0.127697 tcp 10.0.2.109 56605 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:52:00.699825 2.996570 tcp 10.0.2.109 56606 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:52:09.695298 0.000000 tcp 10.0.2.109 56606 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:52:15.694449 0.031234 tcp 10.0.2.109 56607 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:52:15.725495 0.031168 tcp 10.0.2.109 56608 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:52:15.756967 0.126106 tcp 10.0.2.109 56609 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:52:15.896441 3.001808 tcp 10.0.2.109 56610 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:52:24.897156 0.000000 tcp 10.0.2.109 56610 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:52:30.896556 0.030636 tcp 10.0.2.109 56611 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:52:30.927482 0.032289 tcp 10.0.2.109 56612 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:52:30.959607 0.134050 tcp 10.0.2.109 56613 -> 195.113.214.211 443 SRPA* 0 0 31 14540 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:52:31.111061 2.999557 tcp 10.0.2.109 56614 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:52:40.109331 0.000000 tcp 10.0.2.109 56614 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:52:46.107771 3.004369 tcp 10.0.2.109 56615 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:52:52.639748 3.001790 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 15:52:55.110795 0.000000 tcp 10.0.2.109 56615 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:52:59.647472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:53:01.109467 3.004358 tcp 10.0.2.109 56616 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:53:07.648985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:53:10.112091 0.000000 tcp 10.0.2.109 56616 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:53:16.111051 2.993950 tcp 10.0.2.109 56617 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:53:20.957756 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:53:23.651758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:53:25.103678 0.000000 tcp 10.0.2.109 56617 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:53:55.657873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 15:58:31.114488 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 15:58:31.114599 3.003150 tcp 10.0.2.109 56618 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:58:40.116481 0.000000 tcp 10.0.2.109 56618 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:58:46.117179 0.030954 tcp 10.0.2.109 56619 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:58:46.148427 0.030640 tcp 10.0.2.109 56620 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:58:46.179343 0.128371 tcp 10.0.2.109 56621 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:58:46.342609 2.997572 tcp 10.0.2.109 56622 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:58:55.338727 0.000000 tcp 10.0.2.109 56622 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:59:01.337950 0.030329 tcp 10.0.2.109 56623 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:59:01.368635 0.031253 tcp 10.0.2.109 56624 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:59:01.399759 0.125682 tcp 10.0.2.109 56625 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:59:01.537096 3.004915 tcp 10.0.2.109 56626 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:59:10.540667 0.000000 tcp 10.0.2.109 56626 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:59:16.529350 0.030614 tcp 10.0.2.109 56627 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:59:16.560215 0.030957 tcp 10.0.2.109 56628 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:59:16.591523 0.125518 tcp 10.0.2.109 56629 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:59:16.727583 3.005896 tcp 10.0.2.109 56630 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:59:25.732297 0.000000 tcp 10.0.2.109 56630 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:59:31.721270 0.030199 tcp 10.0.2.109 56631 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:59:31.751821 0.031602 tcp 10.0.2.109 56632 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:59:31.783762 0.127254 tcp 10.0.2.109 56633 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/16 15:59:31.921358 2.993928 tcp 10.0.2.109 56634 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:59:40.923776 0.000000 tcp 10.0.2.109 56634 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 15:59:52.403953 2.960374 tcp 10.0.2.109 56635 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:00:01.288756 0.000000 tcp 10.0.2.109 56635 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:00:04.990292 2.964399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 16:00:07.221705 2.969229 tcp 10.0.2.109 56636 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:00:11.905593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:00:16.109964 0.000000 tcp 10.0.2.109 56636 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:00:19.797425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:00:22.027791 2.963666 tcp 10.0.2.109 56637 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:00:26.492448 0.000148 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:00:30.910983 0.000000 tcp 10.0.2.109 56637 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:00:35.592778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:01:07.160967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:05:34.022734 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:05:34.022833 2.993651 tcp 10.0.2.109 56638 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:05:43.015100 0.000000 tcp 10.0.2.109 56638 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:05:49.025254 0.031046 tcp 10.0.2.109 56639 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:05:49.056561 0.031898 tcp 10.0.2.109 56640 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:05:49.088312 0.125637 tcp 10.0.2.109 56641 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:05:49.225642 3.002467 tcp 10.0.2.109 56642 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:05:58.226752 0.000000 tcp 10.0.2.109 56642 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:06:04.225744 0.030476 tcp 10.0.2.109 56643 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:06:04.256475 0.033410 tcp 10.0.2.109 56644 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:06:04.290326 0.125333 tcp 10.0.2.109 56645 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:06:04.428199 3.001325 tcp 10.0.2.109 56646 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:06:13.428140 0.000000 tcp 10.0.2.109 56646 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:06:19.427983 0.030915 tcp 10.0.2.109 56647 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:06:19.459201 0.030971 tcp 10.0.2.109 56648 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:06:19.490468 0.127651 tcp 10.0.2.109 56649 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:06:19.628597 3.003278 tcp 10.0.2.109 56650 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:06:28.630033 0.000000 tcp 10.0.2.109 56650 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:06:34.629500 0.051892 tcp 10.0.2.109 56651 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:06:34.681741 0.031189 tcp 10.0.2.109 56652 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:06:34.713129 0.127298 tcp 10.0.2.109 56653 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:06:34.883764 3.009994 tcp 10.0.2.109 56654 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:06:43.892236 0.000000 tcp 10.0.2.109 56654 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:06:49.881287 2.994231 tcp 10.0.2.109 56655 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:06:58.873994 0.000000 tcp 10.0.2.109 56655 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:07:04.882836 2.993660 tcp 10.0.2.109 56656 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:07:08.781341 3.000990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 16:07:13.875346 0.000000 tcp 10.0.2.109 56656 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:07:15.787918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:07:19.884177 3.004385 tcp 10.0.2.109 56657 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:07:23.789571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:07:24.550536 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:07:28.886825 0.000000 tcp 10.0.2.109 56657 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:07:39.792781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:08:11.798469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:12:34.887421 0.033839 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:12:34.921599 2.969301 tcp 10.0.2.109 56658 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:12:43.889585 0.000000 tcp 10.0.2.109 56658 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:12:49.921293 0.031734 tcp 10.0.2.109 56659 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:12:49.953353 0.097546 tcp 10.0.2.109 56660 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:12:50.051142 0.124578 tcp 10.0.2.109 56661 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:12:50.186756 3.006635 tcp 10.0.2.109 56662 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:12:59.192129 0.000000 tcp 10.0.2.109 56662 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:13:05.181052 0.030742 tcp 10.0.2.109 56663 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:13:05.212071 0.031929 tcp 10.0.2.109 56664 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:13:05.244286 0.126944 tcp 10.0.2.109 56665 -> 195.113.214.211 443 SRPA* 0 0 39 20488 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:13:05.471718 2.993576 tcp 10.0.2.109 56666 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:13:14.473934 0.000000 tcp 10.0.2.109 56666 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:13:20.472670 0.030677 tcp 10.0.2.109 56667 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:13:20.503669 0.031243 tcp 10.0.2.109 56668 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:13:20.535238 0.125471 tcp 10.0.2.109 56669 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:13:20.672555 2.994162 tcp 10.0.2.109 56670 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:13:29.665640 0.000000 tcp 10.0.2.109 56670 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:13:35.665301 0.030821 tcp 10.0.2.109 56671 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:13:35.695981 0.030801 tcp 10.0.2.109 56672 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:13:35.727115 0.124620 tcp 10.0.2.109 56673 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:13:36.109881 2.999469 tcp 10.0.2.109 56674 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:13:45.108001 0.000000 tcp 10.0.2.109 56674 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:13:51.106627 3.004374 tcp 10.0.2.109 56675 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:14:00.109688 0.000000 tcp 10.0.2.109 56675 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:14:06.108175 3.004130 tcp 10.0.2.109 56676 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:14:15.111199 0.000000 tcp 10.0.2.109 56676 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:14:18.808421 3.002733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 16:14:20.047788 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:14:21.109960 2.994101 tcp 10.0.2.109 56677 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:14:25.816442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:14:30.112885 0.000000 tcp 10.0.2.109 56677 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:14:33.817625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:14:49.821260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:15:21.827064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:21:25.832862 3.002054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 16:21:32.840480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:21:33.951993 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:21:33.952246 0.180309 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:34.111544 0.082089 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:34.838204 0.059434 rtp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:34.926733 0.074511 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:34.986012 0.153561 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:35.137107 0.081229 rtp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:35.185668 0.152831 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:35.333358 0.183846 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:35.509350 0.082295 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:35.650280 0.043965 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:35.682210 0.530781 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:36.125548 3.003952 tcp 10.0.2.109 56678 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:21:36.193602 0.179519 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:36.352280 0.191814 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:36.539686 0.054133 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:36.650715 0.175134 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:36.837162 0.164428 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:36.991385 0.166939 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:37.155594 0.172510 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:37.294696 0.204923 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:37.506780 0.074522 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:37.563619 0.200278 rtp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:37.757235 0.194106 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:37.950658 0.167739 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:38.110045 0.197640 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:38.293007 0.157355 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:38.443079 0.045791 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:21:40.841927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:21:45.128071 0.000000 tcp 10.0.2.109 56678 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:21:51.128956 0.031066 tcp 10.0.2.109 56679 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:21:51.160275 0.052906 tcp 10.0.2.109 56680 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:21:51.213544 0.124681 tcp 10.0.2.109 56681 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:21:51.352551 2.999136 tcp 10.0.2.109 56682 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:21:56.844560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:22:00.349586 0.000000 tcp 10.0.2.109 56682 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:22:06.349399 0.030622 tcp 10.0.2.109 56683 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:22:06.380304 0.030598 tcp 10.0.2.109 56684 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:22:06.411176 0.128134 tcp 10.0.2.109 56685 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:22:06.557100 3.005903 tcp 10.0.2.109 56686 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:22:15.561563 0.000000 tcp 10.0.2.109 56686 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:22:21.551091 0.030059 tcp 10.0.2.109 56687 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:22:21.581429 0.031296 tcp 10.0.2.109 56688 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:22:21.613079 0.126048 tcp 10.0.2.109 56689 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:22:21.780119 2.995388 tcp 10.0.2.109 56690 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:22:28.851233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:22:30.784005 0.000000 tcp 10.0.2.109 56690 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:22:36.772504 2.994007 tcp 10.0.2.109 56691 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:22:45.765136 0.000000 tcp 10.0.2.109 56691 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:22:51.774369 3.003462 tcp 10.0.2.109 56692 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:23:00.776713 0.000000 tcp 10.0.2.109 56692 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:28:06.777699 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:28:06.777790 3.003231 tcp 10.0.2.109 56693 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:28:15.779651 0.000000 tcp 10.0.2.109 56693 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:28:21.780102 0.030934 tcp 10.0.2.109 56694 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:28:21.811354 0.031214 tcp 10.0.2.109 56695 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:28:21.842851 0.124218 tcp 10.0.2.109 56696 -> 195.113.214.211 443 SRPA* 0 0 41 35208 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:28:22.004354 3.008453 tcp 10.0.2.109 56697 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:28:31.011713 0.000000 tcp 10.0.2.109 56697 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:28:32.857647 3.000767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 16:28:37.000763 0.030719 tcp 10.0.2.109 56698 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:28:37.031768 0.032096 tcp 10.0.2.109 56699 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:28:37.064153 0.124496 tcp 10.0.2.109 56700 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:28:37.200149 2.994990 tcp 10.0.2.109 56701 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:28:39.864039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:28:46.203564 0.000000 tcp 10.0.2.109 56701 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:28:47.865535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:28:52.192754 0.030187 tcp 10.0.2.109 56702 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:28:52.223193 0.031169 tcp 10.0.2.109 56703 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:28:52.254648 0.125559 tcp 10.0.2.109 56704 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:28:52.443085 2.993696 tcp 10.0.2.109 56705 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:29:01.435730 0.000000 tcp 10.0.2.109 56705 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:29:03.868528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:29:07.444533 0.030812 tcp 10.0.2.109 56706 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:29:07.475584 0.030807 tcp 10.0.2.109 56707 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:29:07.506736 0.123775 tcp 10.0.2.109 56708 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:29:07.721096 2.997519 tcp 10.0.2.109 56709 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:29:16.717099 0.000000 tcp 10.0.2.109 56709 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:29:22.715847 3.004494 tcp 10.0.2.109 56710 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:29:31.718850 0.000000 tcp 10.0.2.109 56710 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:29:35.875260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:29:37.717466 3.004733 tcp 10.0.2.109 56711 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:29:46.720515 0.000000 tcp 10.0.2.109 56711 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:29:51.547475 0.000174 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:29:52.719240 3.004045 tcp 10.0.2.109 56712 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:30:01.722359 0.000000 tcp 10.0.2.109 56712 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:35:07.722992 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:35:07.723104 2.993289 tcp 10.0.2.109 56713 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:35:16.715134 0.000000 tcp 10.0.2.109 56713 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:35:22.725478 0.031505 tcp 10.0.2.109 56714 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:35:22.757303 0.030760 tcp 10.0.2.109 56715 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:35:22.788328 0.130034 tcp 10.0.2.109 56716 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:35:22.968361 2.999695 tcp 10.0.2.109 56717 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:35:31.966999 0.000000 tcp 10.0.2.109 56717 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:35:37.966383 0.029800 tcp 10.0.2.109 56718 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:35:37.996452 0.053119 tcp 10.0.2.109 56719 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:35:38.049851 0.137243 tcp 10.0.2.109 56720 -> 195.113.214.211 443 SRPA* 0 0 44 27006 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:35:38.310527 3.000118 tcp 10.0.2.109 56721 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:35:39.880566 3.002362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 16:35:46.887975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:35:47.309201 0.000000 tcp 10.0.2.109 56721 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:35:53.308350 0.031204 tcp 10.0.2.109 56722 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:35:53.339851 0.030849 tcp 10.0.2.109 56723 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:35:53.371002 0.123253 tcp 10.0.2.109 56724 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:35:53.555961 3.006297 tcp 10.0.2.109 56725 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:35:54.889677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:36:02.561198 0.000000 tcp 10.0.2.109 56725 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:36:08.550020 0.030943 tcp 10.0.2.109 56726 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:36:08.581318 0.030773 tcp 10.0.2.109 56727 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:36:08.612466 0.126573 tcp 10.0.2.109 56728 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:36:08.802561 2.991692 tcp 10.0.2.109 56729 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:36:10.892765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:36:17.802590 0.000000 tcp 10.0.2.109 56729 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:36:23.801436 2.994537 tcp 10.0.2.109 56730 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:36:32.804309 0.000000 tcp 10.0.2.109 56730 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:36:38.803292 2.994155 tcp 10.0.2.109 56731 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:36:42.898636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:36:47.795810 0.000000 tcp 10.0.2.109 56731 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:36:53.804501 3.004579 tcp 10.0.2.109 56732 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:36:58.551443 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:37:02.807642 0.000000 tcp 10.0.2.109 56732 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:42:08.807791 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:42:08.807892 3.004108 tcp 10.0.2.109 56733 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:42:17.810001 0.000000 tcp 10.0.2.109 56733 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:42:23.811170 0.031142 tcp 10.0.2.109 56734 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:42:23.842569 0.032121 tcp 10.0.2.109 56735 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:42:23.874947 0.127144 tcp 10.0.2.109 56736 -> 195.113.214.211 443 SRPA* 0 0 45 32178 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:42:24.040860 3.002754 tcp 10.0.2.109 56737 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:42:33.042308 0.000000 tcp 10.0.2.109 56737 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:42:39.041637 0.030392 tcp 10.0.2.109 56738 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:42:39.072259 0.031086 tcp 10.0.2.109 56739 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:42:39.103642 0.130059 tcp 10.0.2.109 56740 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:42:39.257376 2.998271 tcp 10.0.2.109 56741 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:42:46.904988 3.001765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 16:42:48.263864 0.000000 tcp 10.0.2.109 56741 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:42:53.912605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:42:54.253066 0.030371 tcp 10.0.2.109 56742 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:42:54.283707 0.031378 tcp 10.0.2.109 56743 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:42:54.315367 0.124654 tcp 10.0.2.109 56744 -> 195.113.214.211 443 SRPA* 0 0 33 19149 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:42:54.456476 3.000771 tcp 10.0.2.109 56745 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:43:01.914497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:43:03.455857 0.000000 tcp 10.0.2.109 56745 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:43:09.455238 0.030716 tcp 10.0.2.109 56746 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:43:09.486469 0.030963 tcp 10.0.2.109 56747 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:43:09.517767 0.127837 tcp 10.0.2.109 56748 -> 195.113.214.211 443 SRPA* 0 0 49 35030 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:43:09.741552 2.997870 tcp 10.0.2.109 56749 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:43:17.917545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:43:18.737808 0.000000 tcp 10.0.2.109 56749 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:43:24.736665 3.004114 tcp 10.0.2.109 56750 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:43:33.739505 0.000000 tcp 10.0.2.109 56750 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:43:39.738026 3.004609 tcp 10.0.2.109 56751 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:43:48.741419 0.000000 tcp 10.0.2.109 56751 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:43:49.922669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:43:53.548072 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:43:54.739608 3.004274 tcp 10.0.2.109 56752 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:44:03.752543 0.000000 tcp 10.0.2.109 56752 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:49:09.743013 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:49:09.743130 2.993656 tcp 10.0.2.109 56753 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:49:18.735591 0.000000 tcp 10.0.2.109 56753 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:49:24.746609 0.030960 tcp 10.0.2.109 56754 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:49:24.777832 0.031064 tcp 10.0.2.109 56755 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:49:24.809230 0.123451 tcp 10.0.2.109 56756 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:49:24.973909 3.004988 tcp 10.0.2.109 56757 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:49:33.977112 0.000000 tcp 10.0.2.109 56757 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:49:53.928461 3.001814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 16:50:00.936372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:50:08.937858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:50:24.940432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:50:56.947163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:51:48.771231 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:51:48.771385 0.065256 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:48.820638 0.071759 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:48.902311 0.170609 rtp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:49.048046 0.081262 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:49.111211 0.151312 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 1997 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:49.259316 0.093792 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:49.319111 0.155697 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:49.469888 0.184472 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:49.646517 0.082060 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:49.707454 0.039538 rtp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:49.761246 0.293858 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:50.012624 0.166845 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:50.154799 0.196901 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:50.346924 0.055146 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:50.422658 0.196101 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:50.650462 0.158180 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:50.798927 0.387916 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:51.180945 0.220026 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:51.345582 0.208955 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:51.519921 0.076273 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:51.581394 0.194829 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:51.768555 0.194143 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:51.956594 0.144797 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:52.094292 0.041731 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:52.138750 0.165639 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:51:52.297644 0.199757 rtp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/01/16 16:54:39.968308 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:54:39.968406 3.003147 tcp 10.0.2.109 56758 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:54:48.970128 0.000000 tcp 10.0.2.109 56758 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:54:54.970897 0.031980 tcp 10.0.2.109 56759 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:54:55.003132 0.030850 tcp 10.0.2.109 56760 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:54:55.034324 0.122132 tcp 10.0.2.109 56761 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:54:55.386977 3.006588 tcp 10.0.2.109 56762 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:55:04.402753 0.000000 tcp 10.0.2.109 56762 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:55:10.381802 0.030053 tcp 10.0.2.109 56763 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:55:10.412144 0.035455 tcp 10.0.2.109 56764 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:55:10.447889 0.122660 tcp 10.0.2.109 56765 -> 195.113.214.211 443 SRPA* 0 0 35 18432 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:55:10.769252 2.996744 tcp 10.0.2.109 56766 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:55:19.764549 0.000000 tcp 10.0.2.109 56766 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:55:25.763558 0.030249 tcp 10.0.2.109 56767 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:55:25.794301 0.031896 tcp 10.0.2.109 56768 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:55:25.825978 0.130502 tcp 10.0.2.109 56769 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:55:25.966214 3.001606 tcp 10.0.2.109 56770 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:55:34.966347 0.000000 tcp 10.0.2.109 56770 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:55:40.965668 0.030438 tcp 10.0.2.109 56771 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:55:40.996459 0.032491 tcp 10.0.2.109 56772 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:55:41.029317 0.186813 tcp 10.0.2.109 56773 -> 195.113.214.211 443 SRPA* 0 0 30 17508 flow=From-Botnet-V1-TCP-Established 1970/01/16 16:55:41.228116 3.001353 tcp 10.0.2.109 56774 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:55:50.228741 0.000000 tcp 10.0.2.109 56774 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:55:56.227112 3.003937 tcp 10.0.2.109 56775 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:56:05.230068 0.000000 tcp 10.0.2.109 56775 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:56:11.228742 3.004236 tcp 10.0.2.109 56776 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:56:20.231350 0.000000 tcp 10.0.2.109 56776 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:56:26.230131 2.994677 tcp 10.0.2.109 56777 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:56:31.047174 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 16:56:35.232802 0.000000 tcp 10.0.2.109 56777 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 16:57:00.952609 3.002088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 16:57:07.960130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:57:15.961520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:57:31.964929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 16:58:03.970647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:01:41.233843 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:01:41.234077 3.003518 tcp 10.0.2.109 56778 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:01:50.236148 0.000000 tcp 10.0.2.109 56778 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:01:56.236225 0.031496 tcp 10.0.2.109 56779 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:01:56.268037 0.030921 tcp 10.0.2.109 56780 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:01:56.299205 0.125201 tcp 10.0.2.109 56781 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:01:56.474484 3.005243 tcp 10.0.2.109 56782 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:02:05.477850 0.000000 tcp 10.0.2.109 56782 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:02:11.467625 0.029755 tcp 10.0.2.109 56783 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:02:11.497680 0.031091 tcp 10.0.2.109 56784 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:02:11.529034 0.126923 tcp 10.0.2.109 56785 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:02:11.683233 2.997610 tcp 10.0.2.109 56786 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:02:20.679619 0.000000 tcp 10.0.2.109 56786 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:02:26.678957 0.029964 tcp 10.0.2.109 56787 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:02:26.709267 0.030944 tcp 10.0.2.109 56788 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:02:26.740529 0.122991 tcp 10.0.2.109 56789 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:02:27.181337 3.002196 tcp 10.0.2.109 56790 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:02:36.181769 0.000000 tcp 10.0.2.109 56790 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:02:42.181270 0.031088 tcp 10.0.2.109 56791 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:02:42.212628 0.030633 tcp 10.0.2.109 56792 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:02:42.243563 0.125239 tcp 10.0.2.109 56793 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:02:42.734842 3.001080 tcp 10.0.2.109 56794 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:02:51.734585 0.000000 tcp 10.0.2.109 56794 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:02:57.733827 3.003363 tcp 10.0.2.109 56795 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:03:06.735803 0.000000 tcp 10.0.2.109 56795 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:03:12.734514 3.004776 tcp 10.0.2.109 56796 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:03:21.737617 0.000000 tcp 10.0.2.109 56796 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:03:26.544356 0.000164 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:03:27.736738 3.004086 tcp 10.0.2.109 56797 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:03:36.739091 0.000000 tcp 10.0.2.109 56797 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:04:07.978070 3.000342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 17:04:14.984191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:04:22.985329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:04:38.988776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:05:10.995033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:08:42.739619 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:08:42.739807 3.003767 tcp 10.0.2.109 56798 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:08:51.741965 0.000000 tcp 10.0.2.109 56798 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:08:57.743056 0.031785 tcp 10.0.2.109 56799 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:08:57.775179 0.030804 tcp 10.0.2.109 56800 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:08:57.806333 0.124926 tcp 10.0.2.109 56801 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:08:57.980572 2.994427 tcp 10.0.2.109 56802 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:09:06.983970 0.000000 tcp 10.0.2.109 56802 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:09:12.973011 0.029951 tcp 10.0.2.109 56803 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:09:13.003195 0.031077 tcp 10.0.2.109 56804 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:09:13.034592 0.128794 tcp 10.0.2.109 56805 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:09:13.250609 2.996555 tcp 10.0.2.109 56806 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:09:22.245789 0.000000 tcp 10.0.2.109 56806 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:09:28.244984 0.030116 tcp 10.0.2.109 56807 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:09:28.274987 0.030995 tcp 10.0.2.109 56808 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:09:28.306332 0.124017 tcp 10.0.2.109 56809 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:09:28.480080 2.999402 tcp 10.0.2.109 56810 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:09:37.478142 0.000000 tcp 10.0.2.109 56810 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:09:43.476806 0.030371 tcp 10.0.2.109 56811 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:09:43.507063 0.031058 tcp 10.0.2.109 56812 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:09:43.538365 0.122202 tcp 10.0.2.109 56813 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:09:43.679730 3.001331 tcp 10.0.2.109 56814 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:09:52.679537 0.000000 tcp 10.0.2.109 56814 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:09:58.678740 3.004177 tcp 10.0.2.109 56815 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:10:07.681207 0.000000 tcp 10.0.2.109 56815 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:10:13.679952 3.003956 tcp 10.0.2.109 56816 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:10:22.692994 0.000000 tcp 10.0.2.109 56816 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:10:28.681760 2.994007 tcp 10.0.2.109 56817 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:10:33.548213 0.000134 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:10:37.674293 0.000000 tcp 10.0.2.109 56817 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:11:15.001349 3.000967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 17:11:22.007869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:11:30.059386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:11:46.062958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:12:18.068780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:15:43.704777 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:15:43.704972 3.004052 tcp 10.0.2.109 56818 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:15:52.707162 0.000000 tcp 10.0.2.109 56818 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:15:58.707705 0.031312 tcp 10.0.2.109 56819 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:15:58.739315 0.031058 tcp 10.0.2.109 56820 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:15:58.770639 0.124981 tcp 10.0.2.109 56821 -> 195.113.214.211 443 SRPA* 0 0 31 22144 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:15:58.949323 3.001688 tcp 10.0.2.109 56822 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:16:07.949231 0.000000 tcp 10.0.2.109 56822 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:16:13.948391 0.031004 tcp 10.0.2.109 56823 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:16:13.979673 0.031645 tcp 10.0.2.109 56824 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:16:14.011173 0.122403 tcp 10.0.2.109 56825 -> 195.113.214.211 443 SRPA* 0 0 36 24462 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:16:14.151192 3.001239 tcp 10.0.2.109 56826 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:16:23.150876 0.000000 tcp 10.0.2.109 56826 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:16:29.150045 0.031050 tcp 10.0.2.109 56827 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:16:29.181369 0.031890 tcp 10.0.2.109 56828 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:16:29.213557 0.127019 tcp 10.0.2.109 56829 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:16:29.357052 2.996984 tcp 10.0.2.109 56830 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:16:38.362747 0.000000 tcp 10.0.2.109 56830 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:16:44.352449 0.030297 tcp 10.0.2.109 56831 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:16:44.383052 0.031984 tcp 10.0.2.109 56832 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:16:44.415313 0.126950 tcp 10.0.2.109 56833 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:16:44.586782 2.999795 tcp 10.0.2.109 56834 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:16:53.584726 0.000000 tcp 10.0.2.109 56834 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:16:59.713882 3.003854 tcp 10.0.2.109 56835 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:17:08.716903 0.000000 tcp 10.0.2.109 56835 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:17:14.715617 3.004311 tcp 10.0.2.109 56836 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:17:23.717991 0.000000 tcp 10.0.2.109 56836 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:17:28.695281 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:17:29.717171 3.003641 tcp 10.0.2.109 56837 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:17:38.719858 0.000000 tcp 10.0.2.109 56837 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:18:22.204733 3.001822 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 17:18:29.212009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:18:37.214112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:18:53.217176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:19:25.223181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:22:16.949865 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:22:16.949974 0.000000 udp 10.0.2.109 3683 -> 87.153.124.203 4545 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 17:22:33.895904 0.030930 tcp 10.0.2.109 56838 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:22:33.927166 0.031181 tcp 10.0.2.109 56839 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:22:33.958655 0.124605 tcp 10.0.2.109 56840 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:22:34.083815 0.065188 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1943 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:34.131794 0.168525 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:34.279258 0.089912 rtp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:34.348542 0.158594 rtp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:34.503704 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 17:22:44.720119 3.003897 tcp 10.0.2.109 56841 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:22:50.058350 0.030450 tcp 10.0.2.109 56842 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:22:50.089149 0.031747 tcp 10.0.2.109 56843 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:22:50.121160 0.125693 tcp 10.0.2.109 56844 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:22:50.247186 0.158497 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:50.400528 0.186438 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:50.578399 0.082038 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:50.703238 0.038091 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:50.733357 0.396773 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:51.088633 0.166821 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:51.233248 0.190973 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:51.419497 0.054427 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:51.475311 0.205231 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:51.675856 0.157408 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:51.825094 0.190024 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:52.010879 0.230011 rtp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:52.180788 0.202353 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:52.413656 0.074978 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:52.472876 0.198862 rtp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:52.664218 0.193485 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:52.851445 0.167227 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:53.010707 0.200086 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:53.193977 0.180711 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:53.356526 0.045546 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:22:53.732921 0.000000 tcp 10.0.2.109 56841 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:22:59.722076 0.030344 tcp 10.0.2.109 56845 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:22:59.752698 0.031411 tcp 10.0.2.109 56846 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:22:59.784445 0.125187 tcp 10.0.2.109 56847 -> 195.113.214.211 443 SRPA* 0 0 31 24170 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:22:59.950037 2.996208 tcp 10.0.2.109 56848 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:23:08.944245 0.000000 tcp 10.0.2.109 56848 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:23:14.944039 0.030312 tcp 10.0.2.109 56849 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:23:14.974637 0.032604 tcp 10.0.2.109 56850 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:23:15.007560 0.127870 tcp 10.0.2.109 56851 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:23:15.537282 3.001014 tcp 10.0.2.109 56852 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:23:24.537304 0.000000 tcp 10.0.2.109 56852 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:23:30.536587 0.031163 tcp 10.0.2.109 56853 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:23:30.568026 0.031589 tcp 10.0.2.109 56854 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:23:30.600052 0.127002 tcp 10.0.2.109 56855 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:23:30.744323 3.005949 tcp 10.0.2.109 56856 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:23:39.749017 0.000000 tcp 10.0.2.109 56856 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:23:45.737938 3.004042 tcp 10.0.2.109 56857 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:23:54.740608 0.000000 tcp 10.0.2.109 56857 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:24:00.739518 3.003699 tcp 10.0.2.109 56858 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:24:09.741894 0.000000 tcp 10.0.2.109 56858 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:24:14.699071 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:25:29.229274 3.000972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 17:25:36.236149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:25:44.237983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:26:00.241049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:26:32.246554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:29:15.742379 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:29:15.742483 2.993594 tcp 10.0.2.109 56859 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:29:24.734887 0.000000 tcp 10.0.2.109 56859 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:29:30.745210 0.031149 tcp 10.0.2.109 56860 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:29:30.776653 0.031381 tcp 10.0.2.109 56861 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:29:30.808306 0.123909 tcp 10.0.2.109 56862 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:29:31.094592 3.003441 tcp 10.0.2.109 56863 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:29:40.096601 0.000000 tcp 10.0.2.109 56863 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:29:46.096577 0.030902 tcp 10.0.2.109 56864 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:29:46.127910 0.030802 tcp 10.0.2.109 56865 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:29:46.158974 0.123096 tcp 10.0.2.109 56866 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:29:46.435093 3.005300 tcp 10.0.2.109 56867 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:29:55.439242 0.000000 tcp 10.0.2.109 56867 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:30:01.428277 0.030547 tcp 10.0.2.109 56868 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:30:01.459093 0.031280 tcp 10.0.2.109 56869 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:30:01.490680 0.125327 tcp 10.0.2.109 56870 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:30:01.640167 3.001828 tcp 10.0.2.109 56871 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:30:10.640819 0.000000 tcp 10.0.2.109 56871 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:30:16.640293 0.029794 tcp 10.0.2.109 56872 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:30:16.670343 0.032211 tcp 10.0.2.109 56873 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:30:16.702394 0.125079 tcp 10.0.2.109 56874 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:30:16.839406 2.994778 tcp 10.0.2.109 56875 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:30:25.842654 0.000000 tcp 10.0.2.109 56875 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:30:31.831487 2.994316 tcp 10.0.2.109 56876 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:30:40.823907 0.000000 tcp 10.0.2.109 56876 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:30:46.833133 2.993909 tcp 10.0.2.109 56877 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:30:55.825675 0.000000 tcp 10.0.2.109 56877 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:31:01.834294 3.004713 tcp 10.0.2.109 56878 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:31:06.691169 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:31:10.837620 0.000000 tcp 10.0.2.109 56878 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:32:36.252694 3.001975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 17:32:43.260143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:32:51.261601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:33:07.264790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:33:39.270668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:36:16.837476 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:36:16.837580 3.004093 tcp 10.0.2.109 56879 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:36:25.840015 0.000000 tcp 10.0.2.109 56879 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:36:31.840839 0.031159 tcp 10.0.2.109 56880 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:36:31.872294 0.030828 tcp 10.0.2.109 56881 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:36:31.903403 0.124201 tcp 10.0.2.109 56882 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:36:32.040648 3.002663 tcp 10.0.2.109 56883 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:36:41.041806 0.000000 tcp 10.0.2.109 56883 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:36:47.041678 0.030219 tcp 10.0.2.109 56884 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:36:47.072175 0.030979 tcp 10.0.2.109 56885 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:36:47.103460 0.125135 tcp 10.0.2.109 56886 -> 195.113.214.211 443 SRPA* 0 0 36 18906 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:36:47.240285 2.994940 tcp 10.0.2.109 56887 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:36:56.233727 0.000000 tcp 10.0.2.109 56887 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:37:02.233392 0.030803 tcp 10.0.2.109 56888 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:37:02.264511 0.031678 tcp 10.0.2.109 56889 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:37:02.296481 0.125501 tcp 10.0.2.109 56890 -> 195.113.214.211 443 SRPA* 0 0 45 41860 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:37:02.434367 3.003018 tcp 10.0.2.109 56891 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:37:11.435506 0.000000 tcp 10.0.2.109 56891 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:37:17.434836 0.030284 tcp 10.0.2.109 56892 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:37:17.464969 0.031715 tcp 10.0.2.109 56893 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:37:17.497059 0.128765 tcp 10.0.2.109 56894 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:37:17.636484 3.002413 tcp 10.0.2.109 56895 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:37:26.637663 0.000000 tcp 10.0.2.109 56895 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:37:32.636790 3.004131 tcp 10.0.2.109 56896 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:37:41.638930 0.000000 tcp 10.0.2.109 56896 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:37:47.637933 3.004003 tcp 10.0.2.109 56897 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:37:56.641038 0.000000 tcp 10.0.2.109 56897 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:38:02.639672 3.004050 tcp 10.0.2.109 56898 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:38:07.196000 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:38:11.652294 0.000000 tcp 10.0.2.109 56898 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:39:43.276956 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 17:39:50.284316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:39:58.285605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:40:14.288859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:40:46.295075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:43:17.642790 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:43:17.642895 2.993547 tcp 10.0.2.109 56899 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:43:26.635440 0.000000 tcp 10.0.2.109 56899 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:43:32.645489 0.031715 tcp 10.0.2.109 56900 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:43:32.677469 0.031105 tcp 10.0.2.109 56901 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:43:32.708436 0.195522 tcp 10.0.2.109 56902 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:43:32.915604 3.003311 tcp 10.0.2.109 56903 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:43:41.917152 0.000000 tcp 10.0.2.109 56903 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:43:47.916714 0.030118 tcp 10.0.2.109 56904 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:43:47.947127 0.030477 tcp 10.0.2.109 56905 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:43:47.977901 0.122800 tcp 10.0.2.109 56906 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:43:48.144181 3.006409 tcp 10.0.2.109 56907 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:43:57.149562 0.000000 tcp 10.0.2.109 56907 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:44:03.138770 0.030184 tcp 10.0.2.109 56908 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:44:03.169198 0.030897 tcp 10.0.2.109 56909 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:44:03.200441 0.124065 tcp 10.0.2.109 56910 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:44:03.409596 3.002727 tcp 10.0.2.109 56911 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:44:12.411092 0.000000 tcp 10.0.2.109 56911 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:44:18.410236 0.030545 tcp 10.0.2.109 56912 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:44:18.441115 0.031068 tcp 10.0.2.109 56913 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:44:18.472447 0.125325 tcp 10.0.2.109 56914 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:44:18.785028 2.999735 tcp 10.0.2.109 56915 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:44:27.793389 0.000000 tcp 10.0.2.109 56915 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:44:33.781862 2.994053 tcp 10.0.2.109 56916 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:44:42.775025 0.000000 tcp 10.0.2.109 56916 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:44:48.783435 2.994262 tcp 10.0.2.109 56917 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:44:57.776563 0.000000 tcp 10.0.2.109 56917 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:45:02.693353 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:45:03.785302 3.004310 tcp 10.0.2.109 56918 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:45:12.787721 0.000000 tcp 10.0.2.109 56918 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:46:50.301466 3.001141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 17:46:57.308548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:47:05.309797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:47:21.313037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:47:53.319152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:50:18.788321 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:50:18.788532 3.003400 tcp 10.0.2.109 56919 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:50:27.790920 0.000000 tcp 10.0.2.109 56919 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:50:33.791944 0.031382 tcp 10.0.2.109 56920 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:50:33.823555 0.030776 tcp 10.0.2.109 56921 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:50:33.854666 0.124324 tcp 10.0.2.109 56922 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:50:34.004614 2.999387 tcp 10.0.2.109 56923 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:50:43.012376 0.000000 tcp 10.0.2.109 56923 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:53:09.013091 0.000147 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:53:09.013350 0.058914 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.056734 0.089938 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.114450 0.077716 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.188092 0.152560 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.337487 0.065512 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.385777 0.167679 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.529759 0.077130 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.587733 0.042511 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.642525 0.156411 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.793989 0.184015 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:09.971264 0.202493 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:10.149417 0.164780 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:10.289818 0.192516 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:10.477047 0.055495 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:10.627787 0.204299 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:10.884672 0.154530 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:11.031350 0.166828 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:11.195656 0.213595 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:11.353923 0.204433 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:11.521909 0.081212 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:11.714512 0.200760 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:11.907664 0.184743 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:12.103347 0.169610 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:12.263645 0.045642 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:12.350369 0.215347 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:12.548798 0.216518 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 1997 flow=From-Botnet-V1-UDP-Established 1970/01/16 17:53:57.324973 3.001752 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 17:54:04.331870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:54:12.333614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:54:28.336617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:55:00.343477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 17:55:49.003414 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:55:49.003545 2.993296 tcp 10.0.2.109 56924 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:55:57.995299 0.000000 tcp 10.0.2.109 56924 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:56:04.006058 0.031809 tcp 10.0.2.109 56925 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:04.038242 0.031000 tcp 10.0.2.109 56926 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:04.069519 0.126196 tcp 10.0.2.109 56927 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:04.205407 3.003557 tcp 10.0.2.109 56928 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:56:13.207760 0.000000 tcp 10.0.2.109 56928 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:56:19.207050 0.030424 tcp 10.0.2.109 56929 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:19.237741 0.031513 tcp 10.0.2.109 56930 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:19.269524 0.126157 tcp 10.0.2.109 56931 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:19.406139 3.004769 tcp 10.0.2.109 56932 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:56:28.409252 0.000000 tcp 10.0.2.109 56932 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:56:34.399040 0.030403 tcp 10.0.2.109 56933 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:34.429683 0.031115 tcp 10.0.2.109 56934 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:34.460728 0.126917 tcp 10.0.2.109 56935 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:34.604458 3.008172 tcp 10.0.2.109 56936 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:56:43.611464 0.000000 tcp 10.0.2.109 56936 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:56:49.600327 0.030289 tcp 10.0.2.109 56937 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:49.630964 0.030780 tcp 10.0.2.109 56938 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:49.662223 0.128125 tcp 10.0.2.109 56939 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/16 17:56:49.801638 2.993075 tcp 10.0.2.109 56940 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:56:58.803259 0.000000 tcp 10.0.2.109 56940 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:57:04.801982 2.994032 tcp 10.0.2.109 56941 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:57:13.794494 0.000000 tcp 10.0.2.109 56941 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:57:19.803703 2.993996 tcp 10.0.2.109 56942 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:57:28.796191 0.000000 tcp 10.0.2.109 56942 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:57:33.693054 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 17:57:34.804860 3.004251 tcp 10.0.2.109 56943 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 17:57:43.807858 0.000000 tcp 10.0.2.109 56943 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:01:04.348531 3.002101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 18:01:11.356074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:01:19.357707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:01:35.360572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:02:07.366809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:02:49.808137 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:02:49.808331 3.003647 tcp 10.0.2.109 56944 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:02:58.810695 0.000000 tcp 10.0.2.109 56944 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:03:04.810811 0.052609 tcp 10.0.2.109 56945 -> 195.113.214.219 80 FSPA* 0 0 10 1531 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:04.863712 0.031116 tcp 10.0.2.109 56946 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:04.895118 0.123491 tcp 10.0.2.109 56947 -> 195.113.214.211 443 SRPA* 0 0 40 33104 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:05.049236 2.994428 tcp 10.0.2.109 56948 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:03:14.052530 0.000000 tcp 10.0.2.109 56948 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:03:20.052005 0.030486 tcp 10.0.2.109 56949 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:20.082795 0.031448 tcp 10.0.2.109 56950 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:20.114494 0.122417 tcp 10.0.2.109 56951 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:20.261320 2.994127 tcp 10.0.2.109 56952 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:03:29.254331 0.000000 tcp 10.0.2.109 56952 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:03:35.263866 0.030033 tcp 10.0.2.109 56953 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:35.294264 0.032418 tcp 10.0.2.109 56954 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:35.327007 0.124007 tcp 10.0.2.109 56955 -> 195.113.214.211 443 SRPA* 0 0 37 30052 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:35.554470 2.993081 tcp 10.0.2.109 56956 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:03:44.546059 0.000000 tcp 10.0.2.109 56956 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:03:50.555684 0.030158 tcp 10.0.2.109 56957 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:50.586262 0.030870 tcp 10.0.2.109 56958 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:50.617417 0.133194 tcp 10.0.2.109 56959 -> 195.113.214.211 443 SRPA* 0 0 44 32124 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:03:50.811526 2.998494 tcp 10.0.2.109 56960 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:03:59.808026 0.000000 tcp 10.0.2.109 56960 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:04:05.807321 3.004163 tcp 10.0.2.109 56961 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:04:14.810170 0.000000 tcp 10.0.2.109 56961 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:04:20.808911 3.004196 tcp 10.0.2.109 56962 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:04:29.811497 0.000000 tcp 10.0.2.109 56962 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:04:34.698607 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:04:35.809962 2.994673 tcp 10.0.2.109 56963 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:04:44.812681 0.000000 tcp 10.0.2.109 56963 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:08:11.373059 3.001377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 18:08:18.379944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:08:26.381635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:08:42.384806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:09:14.391055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:09:50.814011 0.000218 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:09:50.814317 3.003016 tcp 10.0.2.109 56964 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:09:59.815720 0.000000 tcp 10.0.2.109 56964 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:10:05.816522 0.031746 tcp 10.0.2.109 56965 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:05.848531 0.031568 tcp 10.0.2.109 56966 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:05.879944 0.126824 tcp 10.0.2.109 56967 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:06.060063 2.999082 tcp 10.0.2.109 56968 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:10:15.057694 0.000000 tcp 10.0.2.109 56968 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:10:21.057487 0.030206 tcp 10.0.2.109 56969 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:21.087983 0.030712 tcp 10.0.2.109 56970 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:21.118942 0.125756 tcp 10.0.2.109 56971 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:21.368391 3.003071 tcp 10.0.2.109 56972 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:10:30.369905 0.000000 tcp 10.0.2.109 56972 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:10:36.369206 0.030782 tcp 10.0.2.109 56973 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:36.399846 0.031513 tcp 10.0.2.109 56974 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:36.431668 0.128021 tcp 10.0.2.109 56975 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:36.570392 3.002552 tcp 10.0.2.109 56976 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:10:45.571876 0.000000 tcp 10.0.2.109 56976 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:10:51.570917 0.031104 tcp 10.0.2.109 56977 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:51.602379 0.030864 tcp 10.0.2.109 56978 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:51.633514 0.179336 tcp 10.0.2.109 56979 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:10:51.895524 2.999824 tcp 10.0.2.109 56980 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:11:00.903859 0.000000 tcp 10.0.2.109 56980 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:11:06.892531 2.993905 tcp 10.0.2.109 56981 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:11:15.885363 0.000000 tcp 10.0.2.109 56981 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:11:21.894450 3.004094 tcp 10.0.2.109 56982 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:11:30.896792 0.000000 tcp 10.0.2.109 56982 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:11:35.693883 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:11:36.895390 3.004266 tcp 10.0.2.109 56983 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:11:45.898172 0.000000 tcp 10.0.2.109 56983 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:15:18.396945 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 18:15:25.403936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:15:33.405802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:15:49.408973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:16:21.414987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:16:51.898727 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:16:51.898816 3.003941 tcp 10.0.2.109 56984 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:17:00.901039 0.000000 tcp 10.0.2.109 56984 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:17:06.901422 0.031903 tcp 10.0.2.109 56985 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:06.933663 0.031411 tcp 10.0.2.109 56986 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:06.964886 0.126497 tcp 10.0.2.109 56987 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:07.114425 3.000390 tcp 10.0.2.109 56988 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:17:16.123445 0.000000 tcp 10.0.2.109 56988 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:17:22.112913 0.030720 tcp 10.0.2.109 56989 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:22.143491 0.031416 tcp 10.0.2.109 56990 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:22.175309 0.124184 tcp 10.0.2.109 56991 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:22.377959 2.998755 tcp 10.0.2.109 56992 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:17:31.374973 0.000000 tcp 10.0.2.109 56992 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:17:37.374539 0.031155 tcp 10.0.2.109 56993 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:37.405977 0.031466 tcp 10.0.2.109 56994 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:37.437723 0.124431 tcp 10.0.2.109 56995 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:37.592142 2.996129 tcp 10.0.2.109 56996 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:17:46.586776 0.000000 tcp 10.0.2.109 56996 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:17:52.586610 0.031321 tcp 10.0.2.109 56997 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:52.617792 0.031001 tcp 10.0.2.109 56998 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:52.649056 0.139791 tcp 10.0.2.109 56999 -> 195.113.214.211 443 SRPA* 0 0 54 39058 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:17:52.827845 3.002409 tcp 10.0.2.109 57000 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:18:01.828893 0.000000 tcp 10.0.2.109 57000 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:18:07.828058 3.003937 tcp 10.0.2.109 57001 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:18:16.830946 0.000000 tcp 10.0.2.109 57001 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:18:22.829700 3.003749 tcp 10.0.2.109 57002 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:18:31.832160 0.000000 tcp 10.0.2.109 57002 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:18:36.699099 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:18:37.831259 2.993570 tcp 10.0.2.109 57003 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:18:46.833686 0.000000 tcp 10.0.2.109 57003 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:22:25.421304 3.001053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 18:22:32.428062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:22:40.429667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:22:56.432292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:23:28.438425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:23:38.142867 0.000147 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:23:38.143115 0.064197 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:38.191661 0.081231 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:38.344099 0.079118 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:38.402776 0.147154 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:38.547078 0.064803 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:38.709410 0.166829 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:38.853888 0.082414 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:38.915383 0.049478 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:38.950827 0.160493 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:39.106028 0.183013 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:39.281675 0.189464 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:39.775530 0.166103 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:40.481142 0.187056 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:41.098672 0.054899 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 1954 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:41.365136 0.196850 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:41.690740 0.157059 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:42.259941 0.206286 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:42.609897 0.079655 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:42.672841 0.200045 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:42.865251 0.167145 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:43.029867 0.207380 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:43.166878 0.192882 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:43.354586 0.171799 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:43.518913 0.046172 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:43.601218 0.198214 udp 10.0.2.109 3683 <-> 216.183.193.199 2898 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:43.783886 0.151777 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:23:52.834151 3.003760 tcp 10.0.2.109 57004 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:24:01.836376 0.000000 tcp 10.0.2.109 57004 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:24:07.836939 0.031677 tcp 10.0.2.109 57005 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:07.868966 0.031427 tcp 10.0.2.109 57006 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:07.900650 0.122941 tcp 10.0.2.109 57007 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:08.109416 3.000175 tcp 10.0.2.109 57008 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:24:17.108587 0.000000 tcp 10.0.2.109 57008 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:24:23.108032 0.032298 tcp 10.0.2.109 57009 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:23.140627 0.031970 tcp 10.0.2.109 57010 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:23.172954 0.121932 tcp 10.0.2.109 57011 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:23.346841 3.004974 tcp 10.0.2.109 57012 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:24:32.350272 0.000000 tcp 10.0.2.109 57012 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:24:38.339902 0.030591 tcp 10.0.2.109 57013 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:38.370770 0.030821 tcp 10.0.2.109 57014 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:38.401854 0.126853 tcp 10.0.2.109 57015 -> 195.113.214.211 443 SRPA* 0 0 42 35262 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:38.592679 3.000772 tcp 10.0.2.109 57016 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:24:47.602154 0.000000 tcp 10.0.2.109 57016 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:24:53.591685 0.030319 tcp 10.0.2.109 57017 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:53.622415 0.031475 tcp 10.0.2.109 57018 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:53.654686 0.133117 tcp 10.0.2.109 57019 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:24:54.172138 2.994255 tcp 10.0.2.109 57020 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:25:03.165101 0.000000 tcp 10.0.2.109 57020 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:25:09.173397 2.994012 tcp 10.0.2.109 57021 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:25:18.166082 0.000000 tcp 10.0.2.109 57021 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:25:24.175585 3.003894 tcp 10.0.2.109 57022 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:25:33.177693 0.000000 tcp 10.0.2.109 57022 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:25:37.694455 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:25:39.176570 3.004207 tcp 10.0.2.109 57023 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:25:48.179727 0.000000 tcp 10.0.2.109 57023 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:29:32.446066 2.999984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 18:29:39.452001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:29:47.453799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:30:03.457085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:30:35.462254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:30:54.179803 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:30:54.179893 3.004040 tcp 10.0.2.109 57024 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:31:03.192725 0.000000 tcp 10.0.2.109 57024 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:31:09.182724 0.031328 tcp 10.0.2.109 57025 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:09.214381 0.030914 tcp 10.0.2.109 57026 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:09.245536 0.126121 tcp 10.0.2.109 57027 -> 195.113.214.211 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:09.502461 2.993059 tcp 10.0.2.109 57028 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:31:18.494720 0.000000 tcp 10.0.2.109 57028 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:31:24.503874 0.029939 tcp 10.0.2.109 57029 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:24.534215 0.030795 tcp 10.0.2.109 57030 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:24.565228 0.124803 tcp 10.0.2.109 57031 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:25.075135 3.002724 tcp 10.0.2.109 57032 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:31:34.076909 0.000000 tcp 10.0.2.109 57032 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:31:40.076381 0.030840 tcp 10.0.2.109 57033 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:40.107510 0.030981 tcp 10.0.2.109 57034 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:40.138783 0.124335 tcp 10.0.2.109 57035 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:40.292680 2.997230 tcp 10.0.2.109 57036 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:31:49.289022 0.000000 tcp 10.0.2.109 57036 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:31:55.287954 0.030769 tcp 10.0.2.109 57037 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:55.318975 0.030943 tcp 10.0.2.109 57038 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:55.350355 0.126149 tcp 10.0.2.109 57039 -> 195.113.214.211 443 SRPA* 0 0 35 19368 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:31:55.487285 3.004376 tcp 10.0.2.109 57040 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:32:04.490558 0.000000 tcp 10.0.2.109 57040 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:32:10.479388 3.004236 tcp 10.0.2.109 57041 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:32:19.481864 0.000000 tcp 10.0.2.109 57041 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:32:25.480854 2.994430 tcp 10.0.2.109 57042 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:32:34.483945 0.000000 tcp 10.0.2.109 57042 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:32:40.482749 2.993887 tcp 10.0.2.109 57043 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:32:45.199304 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:32:49.475218 0.000000 tcp 10.0.2.109 57043 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:36:39.469280 3.000767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 18:36:46.475770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:36:54.477433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:37:10.480863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:37:42.487012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:37:55.485446 0.000177 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:37:55.485719 3.004026 tcp 10.0.2.109 57044 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:38:04.487808 0.000000 tcp 10.0.2.109 57044 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:38:10.488955 0.030925 tcp 10.0.2.109 57045 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:10.520183 0.030910 tcp 10.0.2.109 57046 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:10.551363 0.125485 tcp 10.0.2.109 57047 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:10.687823 3.003667 tcp 10.0.2.109 57048 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:38:19.690070 0.000000 tcp 10.0.2.109 57048 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:38:25.689477 0.030462 tcp 10.0.2.109 57049 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:25.719819 0.030759 tcp 10.0.2.109 57050 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:25.750853 0.126255 tcp 10.0.2.109 57051 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:25.907192 3.006353 tcp 10.0.2.109 57052 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:38:34.911524 0.000000 tcp 10.0.2.109 57052 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:38:40.900840 0.030682 tcp 10.0.2.109 57053 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:40.931372 0.031295 tcp 10.0.2.109 57054 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:40.963000 0.122686 tcp 10.0.2.109 57055 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:41.095422 2.999626 tcp 10.0.2.109 57056 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:38:50.103713 0.000000 tcp 10.0.2.109 57056 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:38:56.092873 0.030438 tcp 10.0.2.109 57057 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:56.123604 0.032347 tcp 10.0.2.109 57058 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:56.156201 0.125378 tcp 10.0.2.109 57059 -> 195.113.214.211 443 SRPA* 0 0 43 25288 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:38:56.292658 2.994325 tcp 10.0.2.109 57060 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:39:05.285474 0.000000 tcp 10.0.2.109 57060 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:39:11.294283 3.004080 tcp 10.0.2.109 57061 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:39:20.296773 0.000000 tcp 10.0.2.109 57061 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:39:26.295728 3.004311 tcp 10.0.2.109 57062 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:39:35.298859 0.000000 tcp 10.0.2.109 57062 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:39:40.195785 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:39:41.297524 3.004382 tcp 10.0.2.109 57063 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:39:50.300130 0.000000 tcp 10.0.2.109 57063 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:43:46.492592 3.001395 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 18:43:53.499948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:44:01.501573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:44:17.504890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:44:49.510291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:44:56.300612 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:44:56.300838 2.993348 tcp 10.0.2.109 57064 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:45:05.303280 0.000000 tcp 10.0.2.109 57064 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:45:11.303369 0.551345 tcp 10.0.2.109 57065 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:11.855066 0.031386 tcp 10.0.2.109 57066 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:11.886735 0.125422 tcp 10.0.2.109 57067 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:12.028082 2.999363 tcp 10.0.2.109 57068 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:45:21.025864 0.000000 tcp 10.0.2.109 57068 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:45:27.025031 0.030890 tcp 10.0.2.109 57069 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:27.056223 0.031297 tcp 10.0.2.109 57070 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:27.087374 0.124940 tcp 10.0.2.109 57071 -> 195.113.214.211 443 SRPA* 0 0 35 19260 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:27.284804 3.004570 tcp 10.0.2.109 57072 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:45:36.287429 0.000000 tcp 10.0.2.109 57072 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:45:42.286729 0.031525 tcp 10.0.2.109 57073 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:42.317009 0.032048 tcp 10.0.2.109 57074 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:42.349305 0.129031 tcp 10.0.2.109 57075 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:42.508441 3.002420 tcp 10.0.2.109 57076 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:45:51.510003 0.000000 tcp 10.0.2.109 57076 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:45:57.509004 0.030407 tcp 10.0.2.109 57077 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:57.539660 0.030907 tcp 10.0.2.109 57078 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:57.570831 0.124123 tcp 10.0.2.109 57079 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:45:57.722769 3.000117 tcp 10.0.2.109 57080 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:46:06.721543 0.000000 tcp 10.0.2.109 57080 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:46:12.720098 2.994461 tcp 10.0.2.109 57081 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:46:21.722945 0.000000 tcp 10.0.2.109 57081 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:46:27.721734 2.994605 tcp 10.0.2.109 57082 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:46:36.714586 0.000000 tcp 10.0.2.109 57082 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:46:41.691799 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:46:42.723712 2.993589 tcp 10.0.2.109 57083 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:46:51.716498 0.000000 tcp 10.0.2.109 57083 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:50:53.517218 3.001090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 18:51:00.523768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:51:08.525096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:51:24.528167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:51:56.534390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:54:08.364481 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:54:08.364621 0.063702 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:08.413652 0.083925 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:08.498641 0.083119 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:08.560734 0.148002 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:08.706028 0.067295 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:08.760430 0.169617 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:08.908192 0.079503 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:08.968692 0.039514 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:09.316564 0.186899 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:09.487588 0.156138 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:09.637201 0.186486 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:09.816317 0.167724 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:09.961182 0.193759 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:10.150003 0.055794 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:10.274650 0.164006 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2649 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:10.451424 0.076242 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:10.513022 0.201612 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2006 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:10.728510 0.166382 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:10.891530 0.157672 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:11.045412 0.204306 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:11.269757 0.201427 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:11.406688 0.194014 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:11.595042 0.170349 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:11.758134 0.052731 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:11.924965 0.000000 udp 10.0.2.109 3683 -> 216.183.193.199 2898 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 18:54:12.740564 2.994328 tcp 10.0.2.109 57084 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:54:21.742987 0.000000 tcp 10.0.2.109 57084 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:54:27.413493 0.032432 tcp 10.0.2.109 57085 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:27.446234 0.031193 tcp 10.0.2.109 57086 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:27.477691 0.122512 tcp 10.0.2.109 57087 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:27.600676 0.148179 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/01/16 18:54:27.742235 0.029856 tcp 10.0.2.109 57088 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:27.772355 0.031094 tcp 10.0.2.109 57089 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:27.803736 0.129944 tcp 10.0.2.109 57090 -> 195.113.214.211 443 SRPA* 0 0 55 34268 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:28.130278 2.996345 tcp 10.0.2.109 57091 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:54:37.125460 0.000000 tcp 10.0.2.109 57091 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:54:43.124604 0.030245 tcp 10.0.2.109 57092 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:43.155156 0.031706 tcp 10.0.2.109 57093 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:43.187127 0.125415 tcp 10.0.2.109 57094 -> 195.113.214.211 443 SRPA* 0 0 46 41914 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:43.424504 3.004308 tcp 10.0.2.109 57095 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:54:52.427055 0.000000 tcp 10.0.2.109 57095 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:54:58.426496 0.030424 tcp 10.0.2.109 57096 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:58.457210 0.031365 tcp 10.0.2.109 57097 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:58.488831 0.125920 tcp 10.0.2.109 57098 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:54:58.640292 3.000705 tcp 10.0.2.109 57099 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:55:07.639468 0.000000 tcp 10.0.2.109 57099 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:55:13.638363 0.030027 tcp 10.0.2.109 57100 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:55:13.668652 0.030749 tcp 10.0.2.109 57101 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:55:13.699692 0.123038 tcp 10.0.2.109 57102 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 18:55:14.072421 3.000648 tcp 10.0.2.109 57103 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:55:23.071122 0.000000 tcp 10.0.2.109 57103 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:55:29.069950 2.994702 tcp 10.0.2.109 57104 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:55:38.072925 0.000000 tcp 10.0.2.109 57104 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:55:44.071607 2.994377 tcp 10.0.2.109 57105 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:55:53.064778 0.000000 tcp 10.0.2.109 57105 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:55:59.073361 2.994073 tcp 10.0.2.109 57106 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:56:03.700078 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 18:56:08.065875 0.000000 tcp 10.0.2.109 57106 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 18:58:00.540892 3.001526 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 18:58:07.547746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:58:15.549161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:58:31.552690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 18:59:03.558293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:01:14.076840 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:01:14.076963 3.003622 tcp 10.0.2.109 57107 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:01:23.078629 0.000000 tcp 10.0.2.109 57107 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:01:29.079696 0.031313 tcp 10.0.2.109 57108 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:01:29.111351 0.031383 tcp 10.0.2.109 57109 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:01:29.143008 0.129633 tcp 10.0.2.109 57110 -> 195.113.214.211 443 SRPA* 0 0 47 42216 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:01:29.316654 3.005712 tcp 10.0.2.109 57111 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:01:38.321260 0.000000 tcp 10.0.2.109 57111 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:01:44.310291 0.030346 tcp 10.0.2.109 57112 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:01:44.340950 0.031320 tcp 10.0.2.109 57113 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:01:44.372556 0.124337 tcp 10.0.2.109 57114 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:01:44.520634 2.993387 tcp 10.0.2.109 57115 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:01:53.522792 0.000000 tcp 10.0.2.109 57115 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:01:59.521760 0.031433 tcp 10.0.2.109 57116 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:01:59.552980 0.032597 tcp 10.0.2.109 57117 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:01:59.585351 0.125992 tcp 10.0.2.109 57118 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:01:59.849889 2.996199 tcp 10.0.2.109 57119 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:02:08.844462 0.000000 tcp 10.0.2.109 57119 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:02:14.844130 0.031074 tcp 10.0.2.109 57120 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:02:14.875564 0.031736 tcp 10.0.2.109 57121 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:02:14.907612 0.125588 tcp 10.0.2.109 57122 -> 195.113.214.211 443 SRPA* 0 0 36 25050 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:02:15.057196 3.001293 tcp 10.0.2.109 57123 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:02:24.056576 0.000000 tcp 10.0.2.109 57123 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:02:30.055874 3.003653 tcp 10.0.2.109 57124 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:02:39.058004 0.000000 tcp 10.0.2.109 57124 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:02:45.056814 3.004616 tcp 10.0.2.109 57125 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:02:54.059937 0.000000 tcp 10.0.2.109 57125 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:03:00.058780 3.004277 tcp 10.0.2.109 57126 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:03:04.695235 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:03:09.061168 0.000000 tcp 10.0.2.109 57126 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:05:07.564828 3.001528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 19:05:14.571560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:05:22.573441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:05:38.576655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:06:10.582113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:08:15.062731 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:08:15.062832 2.993024 tcp 10.0.2.109 57127 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:08:24.054261 0.000000 tcp 10.0.2.109 57127 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:08:30.065798 0.031794 tcp 10.0.2.109 57128 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:08:30.097892 0.031106 tcp 10.0.2.109 57129 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:08:30.129364 0.129560 tcp 10.0.2.109 57130 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:08:30.275162 3.002432 tcp 10.0.2.109 57131 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:08:39.276243 0.000000 tcp 10.0.2.109 57131 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:08:45.275300 0.030355 tcp 10.0.2.109 57132 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:08:45.305887 0.031248 tcp 10.0.2.109 57133 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:08:45.337372 0.129877 tcp 10.0.2.109 57134 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:08:45.479364 2.999753 tcp 10.0.2.109 57135 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:08:54.477707 0.000000 tcp 10.0.2.109 57135 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:09:00.477215 0.030432 tcp 10.0.2.109 57136 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:09:00.507950 0.031577 tcp 10.0.2.109 57137 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:09:00.539423 0.123886 tcp 10.0.2.109 57138 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:09:00.674878 3.006285 tcp 10.0.2.109 57139 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:09:09.679748 0.000000 tcp 10.0.2.109 57139 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:09:15.669305 0.031035 tcp 10.0.2.109 57140 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:09:15.700615 0.032372 tcp 10.0.2.109 57141 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:09:15.733282 0.125061 tcp 10.0.2.109 57142 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:09:15.902715 3.000186 tcp 10.0.2.109 57143 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:09:24.901417 0.000000 tcp 10.0.2.109 57143 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:09:30.900828 2.994292 tcp 10.0.2.109 57144 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:09:39.903560 0.000000 tcp 10.0.2.109 57144 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:09:45.902017 2.993890 tcp 10.0.2.109 57145 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:09:54.894850 0.000000 tcp 10.0.2.109 57145 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:10:00.903925 3.004159 tcp 10.0.2.109 57146 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:10:05.700509 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:10:09.906777 0.000000 tcp 10.0.2.109 57146 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:12:14.588707 3.001254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 19:12:21.596138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:12:29.597726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:12:45.600484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:13:17.606068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:15:15.907349 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:15:15.907649 3.002957 tcp 10.0.2.109 57147 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:15:24.909680 0.000000 tcp 10.0.2.109 57147 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:15:30.909353 0.031160 tcp 10.0.2.109 57148 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:15:30.940841 0.030677 tcp 10.0.2.109 57149 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:15:30.971882 0.130574 tcp 10.0.2.109 57150 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:15:31.224038 3.008700 tcp 10.0.2.109 57151 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:15:40.231437 0.000000 tcp 10.0.2.109 57151 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:15:46.220497 0.060353 tcp 10.0.2.109 57152 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:15:46.281119 0.031798 tcp 10.0.2.109 57153 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:15:46.312758 0.130938 tcp 10.0.2.109 57154 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:15:46.563084 2.992150 tcp 10.0.2.109 57155 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:15:55.563281 0.000000 tcp 10.0.2.109 57155 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:16:01.563518 0.030648 tcp 10.0.2.109 57156 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:16:01.594448 0.030860 tcp 10.0.2.109 57157 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:16:01.625597 0.128863 tcp 10.0.2.109 57158 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:16:01.906414 3.000650 tcp 10.0.2.109 57159 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:16:10.905751 0.000000 tcp 10.0.2.109 57159 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:16:16.904960 0.032670 tcp 10.0.2.109 57160 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:16:16.937919 0.031140 tcp 10.0.2.109 57161 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:16:16.968873 0.126856 tcp 10.0.2.109 57162 -> 195.113.214.211 443 SRPA* 0 0 47 28426 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:16:17.319290 3.000034 tcp 10.0.2.109 57163 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:16:26.317607 0.000000 tcp 10.0.2.109 57163 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:16:32.316820 3.003906 tcp 10.0.2.109 57164 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:16:41.319158 0.000000 tcp 10.0.2.109 57164 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:16:47.318089 3.004302 tcp 10.0.2.109 57165 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:16:56.321042 0.000000 tcp 10.0.2.109 57165 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:17:01.198048 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:17:02.319528 3.004527 tcp 10.0.2.109 57166 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:17:11.332397 0.000000 tcp 10.0.2.109 57166 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:19:21.613192 3.000761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 19:19:28.619423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:19:36.621177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:19:52.623960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:20:24.630383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:24:39.367211 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:24:39.367361 0.157267 udp 10.0.2.109 3683 -> 216.183.193.199 2898 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 19:24:39.524628 0.000000 icmp 216.49.225.154 0x000b -> 10.0.2.109 0x0000 TXD 192 1 163 flow=Background 1970/01/16 19:24:58.165733 0.031166 tcp 10.0.2.109 57167 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:24:58.197234 0.031157 tcp 10.0.2.109 57168 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:24:58.228291 0.128768 tcp 10.0.2.109 57169 -> 195.113.214.211 443 SRPA* 0 0 31 24170 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:24:58.357727 0.084568 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:58.405362 0.078485 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:58.463268 0.152963 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:58.613244 0.071147 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:58.669587 0.166469 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:58.814427 0.074592 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:58.871027 0.060531 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:58.995846 0.153086 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:59.143807 0.038597 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:59.197001 0.166011 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:59.342280 0.193183 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:59.528283 0.190934 rtp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:59.705109 0.191273 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:59.893065 0.075762 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:24:59.954129 0.200300 rtp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:00.147756 0.173791 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:00.317175 0.164008 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:00.471022 0.170049 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:00.679588 0.054923 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:00.815413 0.160410 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:00.968867 0.045412 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:01.049273 0.230858 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:01.262823 0.159602 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:01.394951 0.194747 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:01.583039 0.288815 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:25:02.339650 3.003988 tcp 10.0.2.109 57170 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:25:11.352431 0.000000 tcp 10.0.2.109 57170 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:25:17.341646 0.030129 tcp 10.0.2.109 57171 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:25:17.372049 0.030587 tcp 10.0.2.109 57172 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:25:17.402910 1.491639 tcp 10.0.2.109 57173 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:25:18.975116 3.002620 tcp 10.0.2.109 57174 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:25:27.976352 0.000000 tcp 10.0.2.109 57174 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:25:33.975389 0.030312 tcp 10.0.2.109 57175 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:25:34.006004 0.030692 tcp 10.0.2.109 57176 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:25:34.037003 0.123518 tcp 10.0.2.109 57177 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:25:34.213009 2.997007 tcp 10.0.2.109 57178 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:25:43.208708 0.000000 tcp 10.0.2.109 57178 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:25:49.207584 0.034049 tcp 10.0.2.109 57179 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:25:49.241895 0.031749 tcp 10.0.2.109 57180 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:25:49.273931 0.124733 tcp 10.0.2.109 57181 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:25:49.420502 3.001240 tcp 10.0.2.109 57182 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:25:58.419846 0.000000 tcp 10.0.2.109 57182 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:26:04.419759 0.030589 tcp 10.0.2.109 57183 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:26:04.450605 0.031069 tcp 10.0.2.109 57184 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:26:04.481976 0.124543 tcp 10.0.2.109 57185 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:26:04.647478 3.006189 tcp 10.0.2.109 57186 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:26:13.652285 0.000000 tcp 10.0.2.109 57186 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:26:19.641166 2.993671 tcp 10.0.2.109 57187 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:26:28.636321 3.001449 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 19:26:28.643904 0.000000 tcp 10.0.2.109 57187 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:26:34.642416 2.994502 tcp 10.0.2.109 57188 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:26:35.643584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:26:43.635103 0.000000 tcp 10.0.2.109 57188 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:26:43.645139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:26:49.644109 3.004004 tcp 10.0.2.109 57189 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:26:54.190087 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:26:58.647134 0.000000 tcp 10.0.2.109 57189 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:26:59.648175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:27:31.653979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:32:04.647678 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:32:04.647792 3.003448 tcp 10.0.2.109 57190 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:32:13.649745 0.000000 tcp 10.0.2.109 57190 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:32:19.650288 0.031836 tcp 10.0.2.109 57191 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:32:19.682438 0.031121 tcp 10.0.2.109 57192 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:32:19.713803 0.125515 tcp 10.0.2.109 57193 -> 195.113.214.211 443 SRPA* 0 0 27 13112 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:32:19.872749 3.000053 tcp 10.0.2.109 57194 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:32:28.871615 0.000000 tcp 10.0.2.109 57194 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:32:34.870914 0.030433 tcp 10.0.2.109 57195 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:32:34.901142 0.031115 tcp 10.0.2.109 57196 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:32:34.932535 0.125233 tcp 10.0.2.109 57197 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:32:35.115658 2.998954 tcp 10.0.2.109 57198 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:32:44.123260 0.000000 tcp 10.0.2.109 57198 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:32:50.112487 0.031360 tcp 10.0.2.109 57199 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:32:50.143650 0.030632 tcp 10.0.2.109 57200 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:32:50.174515 0.126278 tcp 10.0.2.109 57201 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:32:50.391314 2.995443 tcp 10.0.2.109 57202 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:32:59.385747 0.000000 tcp 10.0.2.109 57202 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:33:05.384964 0.030901 tcp 10.0.2.109 57203 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:33:05.415724 0.031682 tcp 10.0.2.109 57204 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:33:05.447676 0.127761 tcp 10.0.2.109 57205 -> 195.113.214.211 443 SRPA* 0 0 36 28558 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:33:05.675945 3.003056 tcp 10.0.2.109 57206 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:33:14.677677 0.000000 tcp 10.0.2.109 57206 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:33:20.675954 3.004157 tcp 10.0.2.109 57207 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:33:29.678890 0.000000 tcp 10.0.2.109 57207 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:33:35.661393 3.000802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 19:33:35.677915 3.003969 tcp 10.0.2.109 57208 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:33:42.667772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:33:44.680723 0.000000 tcp 10.0.2.109 57208 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:33:50.669321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:33:50.679462 3.004423 tcp 10.0.2.109 57209 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:33:55.195702 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:33:59.682565 0.000000 tcp 10.0.2.109 57209 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:34:06.672023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:34:38.677951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:39:05.682860 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:39:05.682961 2.993120 tcp 10.0.2.109 57210 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:39:14.675000 0.000000 tcp 10.0.2.109 57210 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:39:20.685861 0.031032 tcp 10.0.2.109 57211 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:39:20.717161 0.031603 tcp 10.0.2.109 57212 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:39:20.748974 0.122315 tcp 10.0.2.109 57213 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:39:20.887144 3.000896 tcp 10.0.2.109 57214 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:39:29.886696 0.000000 tcp 10.0.2.109 57214 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:39:35.885879 0.030208 tcp 10.0.2.109 57215 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:39:35.916367 0.030761 tcp 10.0.2.109 57216 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:39:35.947407 0.126125 tcp 10.0.2.109 57217 -> 195.113.214.211 443 SRPA* 0 0 27 13714 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:39:36.098822 3.001554 tcp 10.0.2.109 57218 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:39:45.098871 0.000000 tcp 10.0.2.109 57218 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:39:51.098371 0.030378 tcp 10.0.2.109 57219 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:39:51.128964 0.032024 tcp 10.0.2.109 57220 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:39:51.160861 0.123964 tcp 10.0.2.109 57221 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:39:51.296164 3.005591 tcp 10.0.2.109 57222 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:40:00.300430 0.000000 tcp 10.0.2.109 57222 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:40:06.289941 0.030013 tcp 10.0.2.109 57223 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:40:06.320294 0.030622 tcp 10.0.2.109 57224 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:40:06.351188 0.125804 tcp 10.0.2.109 57225 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:40:06.487457 3.006404 tcp 10.0.2.109 57226 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:40:15.502722 0.000000 tcp 10.0.2.109 57226 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:40:21.481149 2.994029 tcp 10.0.2.109 57227 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:40:30.483980 0.000000 tcp 10.0.2.109 57227 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:40:36.482927 2.994135 tcp 10.0.2.109 57228 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:40:42.685097 3.001063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 19:40:45.475512 0.000000 tcp 10.0.2.109 57228 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:40:49.691822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:40:51.484239 3.004513 tcp 10.0.2.109 57229 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:40:56.190845 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:40:57.693237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:41:00.487541 0.000000 tcp 10.0.2.109 57229 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:41:13.696353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:41:45.702228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:46:06.488102 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:46:06.488327 3.002924 tcp 10.0.2.109 57230 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:46:15.490223 0.000000 tcp 10.0.2.109 57230 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:46:21.490803 0.031220 tcp 10.0.2.109 57231 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:46:21.549390 0.031177 tcp 10.0.2.109 57232 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:46:21.580821 0.104045 tcp 10.0.2.109 57233 -> 195.113.214.211 443 SRPA* 0 0 51 33060 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:46:21.960471 3.003020 tcp 10.0.2.109 57234 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:46:30.972426 0.000000 tcp 10.0.2.109 57234 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:46:36.961542 0.030090 tcp 10.0.2.109 57235 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:46:36.991920 0.031368 tcp 10.0.2.109 57236 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:46:37.023569 0.124680 tcp 10.0.2.109 57237 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:46:37.168459 2.987091 tcp 10.0.2.109 57238 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:46:46.163825 0.000000 tcp 10.0.2.109 57238 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:46:52.164162 0.031211 tcp 10.0.2.109 57239 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:46:52.195338 0.030971 tcp 10.0.2.109 57240 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:46:52.226583 0.122636 tcp 10.0.2.109 57241 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:46:52.379705 2.997867 tcp 10.0.2.109 57242 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:47:01.376412 0.000000 tcp 10.0.2.109 57242 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:47:07.374992 0.030237 tcp 10.0.2.109 57243 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:47:07.405544 0.031642 tcp 10.0.2.109 57244 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:47:07.437493 0.126904 tcp 10.0.2.109 57245 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:47:07.579902 2.999272 tcp 10.0.2.109 57246 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:47:16.577750 0.000000 tcp 10.0.2.109 57246 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:47:22.576710 3.004275 tcp 10.0.2.109 57247 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:47:31.579393 0.000000 tcp 10.0.2.109 57247 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:47:37.578288 3.004196 tcp 10.0.2.109 57248 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:47:46.581274 0.000000 tcp 10.0.2.109 57248 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:47:49.708492 3.001048 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 19:47:52.580254 2.993667 tcp 10.0.2.109 57249 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:47:56.715415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:47:57.196586 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:48:01.582879 0.000000 tcp 10.0.2.109 57249 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:48:04.717169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:48:20.720068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:48:52.725878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:54:56.732100 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 19:55:03.739828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:55:11.740772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:55:27.743873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:55:31.150460 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:55:31.150563 0.153094 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:31.300869 0.069845 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:31.598702 0.181918 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:31.758709 0.080151 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:31.821599 0.063750 udp 10.0.2.109 3683 <-> 87.153.124.203 4545 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:32.034904 0.091218 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:32.091118 0.083698 rtp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:32.180020 0.160237 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:32.335218 0.039877 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:32.710867 0.167796 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:32.854621 0.182892 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:33.030389 0.203341 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:33.226099 0.197642 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:33.420976 0.079069 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:33.511529 0.198298 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:33.703340 0.167283 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:33.866321 0.157191 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:34.015761 0.170606 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:34.219254 0.054718 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:34.311188 0.170516 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:34.474673 0.046145 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:34.534289 0.195926 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:34.723591 0.261806 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:34.919570 0.199013 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:35.283408 0.166769 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/16 19:55:37.598496 3.004540 tcp 10.0.2.109 57250 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:55:46.601282 0.000000 tcp 10.0.2.109 57250 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:55:52.601978 0.033076 tcp 10.0.2.109 57251 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:55:52.635325 0.032275 tcp 10.0.2.109 57252 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:55:52.667394 0.127873 tcp 10.0.2.109 57253 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:55:52.847407 2.997418 tcp 10.0.2.109 57254 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:55:59.750144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 19:56:01.852948 0.000000 tcp 10.0.2.109 57254 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:56:07.842492 0.030707 tcp 10.0.2.109 57255 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:56:07.873484 0.031804 tcp 10.0.2.109 57256 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:56:07.905228 0.123705 tcp 10.0.2.109 57257 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:56:08.068446 2.997942 tcp 10.0.2.109 57258 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:56:17.065426 0.000000 tcp 10.0.2.109 57258 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:56:23.064868 0.030612 tcp 10.0.2.109 57259 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:56:23.095766 0.032701 tcp 10.0.2.109 57260 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:56:23.128757 0.129482 tcp 10.0.2.109 57261 -> 195.113.214.211 443 SRPA* 0 0 42 25154 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:56:23.293259 2.994935 tcp 10.0.2.109 57262 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:56:32.286576 0.000000 tcp 10.0.2.109 57262 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:56:38.285884 0.030251 tcp 10.0.2.109 57263 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:56:38.316487 0.031293 tcp 10.0.2.109 57264 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:56:38.348086 0.127242 tcp 10.0.2.109 57265 -> 195.113.214.211 443 SRPA* 0 0 41 19176 flow=From-Botnet-V1-TCP-Established 1970/01/16 19:56:38.751247 2.999270 tcp 10.0.2.109 57266 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:56:47.749412 0.000000 tcp 10.0.2.109 57266 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:56:53.747941 3.004376 tcp 10.0.2.109 57267 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:57:02.750502 0.000000 tcp 10.0.2.109 57267 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:57:08.749730 3.004038 tcp 10.0.2.109 57268 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:57:17.751993 0.000000 tcp 10.0.2.109 57268 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:57:22.699628 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 19:57:23.751152 2.993977 tcp 10.0.2.109 57269 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 19:57:32.753719 0.000000 tcp 10.0.2.109 57269 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:02:03.755764 3.002010 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 20:02:10.763313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:02:18.764851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:02:34.768036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:02:38.754807 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:02:38.754899 3.003000 tcp 10.0.2.109 57270 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:02:47.756798 0.000000 tcp 10.0.2.109 57270 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:02:53.757808 0.031795 tcp 10.0.2.109 57271 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:02:53.789854 0.031783 tcp 10.0.2.109 57272 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:02:53.821872 0.127782 tcp 10.0.2.109 57273 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:02:54.059392 3.000557 tcp 10.0.2.109 57274 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:03:03.058939 0.000000 tcp 10.0.2.109 57274 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:03:06.774209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:03:09.059048 0.030227 tcp 10.0.2.109 57275 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:03:09.089164 0.030616 tcp 10.0.2.109 57276 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:03:09.120164 0.129989 tcp 10.0.2.109 57277 -> 195.113.214.211 443 SRPA* 0 0 35 19430 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:03:09.281587 3.000185 tcp 10.0.2.109 57278 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:03:18.280792 0.000000 tcp 10.0.2.109 57278 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:03:24.279587 0.030573 tcp 10.0.2.109 57279 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:03:24.310440 0.031165 tcp 10.0.2.109 57280 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:03:24.341819 0.124401 tcp 10.0.2.109 57281 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:03:24.483197 3.000456 tcp 10.0.2.109 57282 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:03:33.492764 0.000000 tcp 10.0.2.109 57282 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:03:39.481944 0.030023 tcp 10.0.2.109 57283 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:03:39.512279 0.030959 tcp 10.0.2.109 57284 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:03:39.543536 0.123772 tcp 10.0.2.109 57285 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:03:39.696896 2.998891 tcp 10.0.2.109 57286 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:03:48.694339 0.000000 tcp 10.0.2.109 57286 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:03:54.692853 2.994563 tcp 10.0.2.109 57287 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:04:03.686043 0.000000 tcp 10.0.2.109 57287 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:04:09.694669 3.004400 tcp 10.0.2.109 57288 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:04:18.697650 0.000000 tcp 10.0.2.109 57288 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:04:23.694658 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:04:24.696077 3.004450 tcp 10.0.2.109 57289 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:04:33.699078 0.000000 tcp 10.0.2.109 57289 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:09:10.780334 3.001546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 20:09:17.787656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:09:25.788925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:09:39.699653 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:09:39.699762 3.003645 tcp 10.0.2.109 57290 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:09:41.792554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:09:48.702355 0.000000 tcp 10.0.2.109 57290 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:09:54.702832 0.031183 tcp 10.0.2.109 57291 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:09:54.734266 0.031586 tcp 10.0.2.109 57292 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:09:54.766247 0.122974 tcp 10.0.2.109 57293 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:09:54.908632 2.996833 tcp 10.0.2.109 57294 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:10:03.913657 0.000000 tcp 10.0.2.109 57294 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:10:09.902950 0.030541 tcp 10.0.2.109 57295 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:10:09.933336 0.031399 tcp 10.0.2.109 57296 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:10:09.965019 0.126513 tcp 10.0.2.109 57297 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:10:10.277474 3.000047 tcp 10.0.2.109 57298 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:10:13.797912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:10:19.275750 0.000000 tcp 10.0.2.109 57298 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:10:25.275088 0.032233 tcp 10.0.2.109 57299 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:10:25.307613 0.030761 tcp 10.0.2.109 57300 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:10:25.338676 0.131074 tcp 10.0.2.109 57301 -> 195.113.214.211 443 SRPA* 0 0 41 26642 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:10:25.669425 2.999698 tcp 10.0.2.109 57302 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:10:34.667765 0.000000 tcp 10.0.2.109 57302 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:10:40.667418 0.031068 tcp 10.0.2.109 57303 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:10:40.698820 0.032424 tcp 10.0.2.109 57304 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:10:40.731577 0.123587 tcp 10.0.2.109 57305 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:10:40.882082 2.999078 tcp 10.0.2.109 57306 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:10:49.879756 0.000000 tcp 10.0.2.109 57306 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:10:55.878708 3.004279 tcp 10.0.2.109 57307 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:11:04.881711 0.000000 tcp 10.0.2.109 57307 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:11:10.880450 2.994096 tcp 10.0.2.109 57308 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:11:19.883234 0.000000 tcp 10.0.2.109 57308 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:11:25.882119 2.993661 tcp 10.0.2.109 57309 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:11:30.698554 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:11:34.874281 0.000000 tcp 10.0.2.109 57309 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:16:17.804329 3.001217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 20:16:24.811839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:16:32.813055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:16:40.885514 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:16:40.885683 3.003601 tcp 10.0.2.109 57310 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:16:48.815765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:16:49.887809 0.000000 tcp 10.0.2.109 57310 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:16:55.888104 0.031640 tcp 10.0.2.109 57311 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:16:55.920007 0.031327 tcp 10.0.2.109 57312 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:16:55.951638 0.126119 tcp 10.0.2.109 57313 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:16:56.170039 3.000515 tcp 10.0.2.109 57314 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:17:05.169300 0.000000 tcp 10.0.2.109 57314 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:17:11.168501 0.029836 tcp 10.0.2.109 57315 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:17:11.198611 0.031770 tcp 10.0.2.109 57316 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:17:11.230229 0.122819 tcp 10.0.2.109 57317 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:17:11.367603 3.005035 tcp 10.0.2.109 57318 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:17:20.371476 0.000000 tcp 10.0.2.109 57318 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:17:20.821817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:17:26.360729 0.030268 tcp 10.0.2.109 57319 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:17:26.391266 0.031868 tcp 10.0.2.109 57320 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:17:26.423380 0.124337 tcp 10.0.2.109 57321 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:17:26.560043 2.994287 tcp 10.0.2.109 57322 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:17:35.563509 0.000000 tcp 10.0.2.109 57322 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:17:41.562780 0.031957 tcp 10.0.2.109 57323 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:17:41.595065 0.030841 tcp 10.0.2.109 57324 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:17:41.626227 0.126821 tcp 10.0.2.109 57325 -> 195.113.214.211 443 SRPA* 0 0 31 15978 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:17:41.780630 2.995903 tcp 10.0.2.109 57326 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:17:50.775048 0.000000 tcp 10.0.2.109 57326 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:17:56.773704 3.004651 tcp 10.0.2.109 57327 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:18:05.776490 0.000000 tcp 10.0.2.109 57327 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:18:11.775143 3.004329 tcp 10.0.2.109 57328 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:18:20.777978 0.000000 tcp 10.0.2.109 57328 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:18:25.695049 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:18:26.777198 3.003799 tcp 10.0.2.109 57329 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:18:35.780126 0.000000 tcp 10.0.2.109 57329 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:23:24.828808 3.000930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 20:23:31.835336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:23:39.837003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:23:55.839935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:24:27.846388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:26:03.493580 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:26:03.493765 0.166830 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:03.637339 0.081201 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:03.698213 0.000000 udp 10.0.2.109 3683 -> 87.153.124.203 4545 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:26:11.795556 3.003990 tcp 10.0.2.109 57330 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:26:19.167893 0.031309 tcp 10.0.2.109 57331 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:26:19.199521 0.052036 tcp 10.0.2.109 57332 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:26:19.251897 0.123799 tcp 10.0.2.109 57333 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:26:19.376247 0.170895 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:19.544066 0.071921 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:19.599326 0.086305 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:19.652491 0.081073 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:19.713920 0.154008 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:19.861793 0.039678 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:19.893507 0.165500 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:20.032623 0.184621 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:20.208623 0.285079 rtp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:20.463714 0.187724 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:20.649107 0.080634 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:20.713138 0.200202 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:20.798447 0.000000 tcp 10.0.2.109 57330 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:26:20.905630 0.168654 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:21.070382 0.155244 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:21.217623 0.185323 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:21.393673 0.051766 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:21.462557 0.319820 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:21.778876 0.151392 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:21.922509 0.174964 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:22.114373 0.054811 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:22.171259 0.204435 rtp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:22.375934 0.165577 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:26:26.797567 0.030290 tcp 10.0.2.109 57334 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:26:26.828140 0.030688 tcp 10.0.2.109 57335 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:26:26.859195 0.132179 tcp 10.0.2.109 57336 -> 195.113.214.211 443 SRPA* 0 0 38 24548 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:26:27.005823 3.005576 tcp 10.0.2.109 57337 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:26:36.010348 0.000000 tcp 10.0.2.109 57337 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:26:41.999427 0.030033 tcp 10.0.2.109 57338 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:26:42.029739 0.031159 tcp 10.0.2.109 57339 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:26:42.061155 0.128958 tcp 10.0.2.109 57340 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:26:42.201522 3.002077 tcp 10.0.2.109 57341 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:26:51.202421 0.000000 tcp 10.0.2.109 57341 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:26:57.201031 2.993957 tcp 10.0.2.109 57342 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:27:06.203848 0.000000 tcp 10.0.2.109 57342 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:30:31.852621 3.000868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 20:30:38.859420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:30:46.861029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:31:02.893693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:31:34.899765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:32:12.204354 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:32:12.204489 3.003866 tcp 10.0.2.109 57343 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:32:21.206281 0.000000 tcp 10.0.2.109 57343 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:32:27.206866 0.031461 tcp 10.0.2.109 57344 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:32:27.238568 0.030388 tcp 10.0.2.109 57345 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:32:27.269210 0.122964 tcp 10.0.2.109 57346 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:32:27.421275 2.998288 tcp 10.0.2.109 57347 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:32:36.418334 0.000000 tcp 10.0.2.109 57347 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:32:42.417852 0.031287 tcp 10.0.2.109 57348 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:32:42.448996 0.031343 tcp 10.0.2.109 57349 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:32:42.480196 0.128443 tcp 10.0.2.109 57350 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:32:42.619897 3.002136 tcp 10.0.2.109 57351 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:32:51.620395 0.000000 tcp 10.0.2.109 57351 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:32:57.619567 0.031066 tcp 10.0.2.109 57352 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:32:57.650487 0.031589 tcp 10.0.2.109 57353 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:32:57.682425 0.129336 tcp 10.0.2.109 57354 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:32:57.828378 3.005520 tcp 10.0.2.109 57355 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:33:06.831812 0.000000 tcp 10.0.2.109 57355 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:33:12.821430 0.030478 tcp 10.0.2.109 57356 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:33:12.852106 0.032128 tcp 10.0.2.109 57357 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:33:12.884581 0.124224 tcp 10.0.2.109 57358 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:33:13.019704 2.995774 tcp 10.0.2.109 57359 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:33:22.024321 0.000000 tcp 10.0.2.109 57359 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:33:28.012941 2.993660 tcp 10.0.2.109 57360 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:33:37.005554 0.000000 tcp 10.0.2.109 57360 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:33:43.014287 3.004417 tcp 10.0.2.109 57361 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:33:52.017058 0.000000 tcp 10.0.2.109 57361 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:33:58.016355 3.004063 tcp 10.0.2.109 57362 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:34:02.692808 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:34:07.018761 0.000000 tcp 10.0.2.109 57362 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:37:38.906624 3.001057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 20:37:45.913282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:37:53.915257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:38:09.917764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:38:41.923711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:39:13.019373 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:39:13.019484 3.003394 tcp 10.0.2.109 57363 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:39:22.021584 0.000000 tcp 10.0.2.109 57363 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:39:28.022411 0.052076 tcp 10.0.2.109 57364 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:39:28.074780 0.030542 tcp 10.0.2.109 57365 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:39:28.105645 0.123798 tcp 10.0.2.109 57366 -> 195.113.214.211 443 SRPA* 0 0 32 17014 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:39:28.291255 2.993651 tcp 10.0.2.109 57367 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:39:37.293366 0.000000 tcp 10.0.2.109 57367 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:39:43.292640 0.030357 tcp 10.0.2.109 57368 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:39:43.322928 0.031309 tcp 10.0.2.109 57369 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:39:43.354461 0.128038 tcp 10.0.2.109 57370 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:39:43.523918 3.002574 tcp 10.0.2.109 57371 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:39:52.525118 0.000000 tcp 10.0.2.109 57371 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:39:58.524449 0.030100 tcp 10.0.2.109 57372 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:39:58.554844 0.031480 tcp 10.0.2.109 57373 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:39:58.586603 0.130113 tcp 10.0.2.109 57374 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:39:58.740179 2.998260 tcp 10.0.2.109 57375 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:40:07.737109 0.000000 tcp 10.0.2.109 57375 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:40:13.736888 0.030481 tcp 10.0.2.109 57376 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:40:13.767581 0.031403 tcp 10.0.2.109 57377 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:40:13.798833 0.129280 tcp 10.0.2.109 57378 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:40:13.979380 3.001383 tcp 10.0.2.109 57379 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:40:22.979400 0.000000 tcp 10.0.2.109 57379 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:40:28.977789 3.004264 tcp 10.0.2.109 57380 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:40:37.980967 0.000000 tcp 10.0.2.109 57380 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:40:43.979805 3.003821 tcp 10.0.2.109 57381 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:40:52.992062 0.000000 tcp 10.0.2.109 57381 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:40:58.981464 2.994068 tcp 10.0.2.109 57382 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:41:03.697441 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:41:07.973880 0.000000 tcp 10.0.2.109 57382 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:44:45.930013 3.001969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 20:44:52.937823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:45:00.939083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:45:16.941984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:45:48.948041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:46:13.984180 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:46:13.984362 3.003993 tcp 10.0.2.109 57383 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:46:22.986768 0.000000 tcp 10.0.2.109 57383 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:46:28.987050 0.031669 tcp 10.0.2.109 57384 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:46:29.018965 0.031178 tcp 10.0.2.109 57385 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:46:29.050405 0.125089 tcp 10.0.2.109 57386 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:46:29.206670 3.003414 tcp 10.0.2.109 57387 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:46:38.208712 0.000000 tcp 10.0.2.109 57387 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:46:44.208020 0.031405 tcp 10.0.2.109 57388 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:46:44.239344 0.030815 tcp 10.0.2.109 57389 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:46:44.269994 0.127211 tcp 10.0.2.109 57390 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:46:44.624714 3.007336 tcp 10.0.2.109 57391 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:46:53.630831 0.000000 tcp 10.0.2.109 57391 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:46:59.620656 0.030012 tcp 10.0.2.109 57392 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:46:59.650898 0.031881 tcp 10.0.2.109 57393 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:46:59.683047 0.124563 tcp 10.0.2.109 57394 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:46:59.929083 2.995171 tcp 10.0.2.109 57395 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:47:08.932784 0.000000 tcp 10.0.2.109 57395 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:47:14.922625 0.029735 tcp 10.0.2.109 57396 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:47:14.952724 0.031384 tcp 10.0.2.109 57397 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:47:14.983988 0.124679 tcp 10.0.2.109 57398 -> 195.113.214.211 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:47:15.192474 2.994174 tcp 10.0.2.109 57399 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:47:24.185188 0.000000 tcp 10.0.2.109 57399 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:47:30.193524 3.004198 tcp 10.0.2.109 57400 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:47:39.196111 0.000000 tcp 10.0.2.109 57400 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:47:45.195325 3.003826 tcp 10.0.2.109 57401 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:47:54.197727 0.000000 tcp 10.0.2.109 57401 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:47:59.194905 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:48:00.196447 3.004646 tcp 10.0.2.109 57402 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:48:09.199812 0.000000 tcp 10.0.2.109 57402 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:51:52.954708 3.000569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 20:51:59.961600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:52:07.962960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:52:23.965678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:52:55.971622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:53:15.200322 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:53:15.200459 3.003401 tcp 10.0.2.109 57403 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:53:24.212597 0.000000 tcp 10.0.2.109 57403 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:53:30.203109 0.030886 tcp 10.0.2.109 57404 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:53:30.234423 0.052428 tcp 10.0.2.109 57405 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:53:30.287135 0.152272 tcp 10.0.2.109 57406 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:53:30.451290 2.994630 tcp 10.0.2.109 57407 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:53:39.444619 0.000000 tcp 10.0.2.109 57407 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:53:45.443335 0.030158 tcp 10.0.2.109 57408 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:53:45.473763 0.031354 tcp 10.0.2.109 57409 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:53:45.505407 0.130373 tcp 10.0.2.109 57410 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:53:45.967050 3.001554 tcp 10.0.2.109 57411 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:53:54.967054 0.000000 tcp 10.0.2.109 57411 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:54:00.965679 3.003733 tcp 10.0.2.109 57412 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:54:09.968590 0.000000 tcp 10.0.2.109 57412 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:56:39.113175 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:56:39.113428 0.000000 udp 10.0.2.109 3683 -> 87.153.124.203 4545 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:56:57.761382 0.031878 tcp 10.0.2.109 57413 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:56:57.793580 0.032006 tcp 10.0.2.109 57414 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:56:57.825873 0.126549 tcp 10.0.2.109 57415 -> 195.113.214.211 443 SRPA* 0 0 27 11247 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:56:57.951169 0.166615 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:58.096183 0.079868 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:58.157467 0.186077 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:58.340778 0.072279 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:58.396130 0.090875 rtp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:58.451187 0.088108 rtp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:58.516557 0.158333 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:58.668902 0.039780 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:58.716728 0.171462 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:58.861294 0.185795 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:59.039776 0.184218 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:59.216715 0.188595 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:59.399407 0.078032 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2536 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:56:59.466981 0.000000 udp 10.0.2.109 3683 -> 187.191.25.14 4408 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:57:17.238437 0.030606 tcp 10.0.2.109 57416 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:57:17.269436 0.031089 tcp 10.0.2.109 57417 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:57:17.300801 0.129542 tcp 10.0.2.109 57418 -> 195.113.214.211 443 SRPA* 0 0 36 18460 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:57:17.430982 0.231566 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:17.657510 0.153513 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:17.802997 0.167557 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:17.961947 0.041676 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:18.022639 0.399014 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:18.416047 0.194029 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:18.587017 0.207173 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:18.742900 0.196209 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:18.909360 0.176566 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:19.107580 0.056476 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:19.176818 0.000000 udp 10.0.2.109 3683 -> 187.191.25.14 4408 REQ 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:57:26.430997 0.057608 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 789 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:26.489004 0.177406 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 661 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:26.666872 0.044078 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 770 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:26.711387 0.057651 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 750 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:26.769466 0.052835 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:26.822693 0.150691 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:26.974019 0.072334 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 736 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:27.046803 0.141978 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 688 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:27.189229 0.175451 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:27.365148 0.141856 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:27.507466 0.137303 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:27.645238 0.179994 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 840 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:27.825677 0.183246 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 716 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:28.009403 0.145107 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 725 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:28.154904 0.158447 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 834 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:28.313864 0.040795 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:28.355044 0.159372 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:28.514868 0.655965 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 821 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:29.171341 0.133008 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 746 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:29.304819 0.162589 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 846 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:29.467887 0.135987 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 814 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:29.604401 0.053494 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 719 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:29.658518 0.176099 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:29.835262 0.050610 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 774 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:57:29.895693 0.000000 udp 10.0.2.109 3683 -> 117.200.92.78 5757 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:57:37.817439 0.000000 udp 10.0.2.109 3683 -> 50.127.15.141 1596 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:57:46.079325 0.000000 udp 10.0.2.109 3683 -> 58.211.29.98 9979 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:57:54.481214 0.000000 udp 10.0.2.109 3683 -> 183.77.154.236 1611 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:58:02.452576 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:58:07.198988 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:58:11.175194 0.311987 udp 10.0.2.109 3683 <-> 190.118.139.24 5253 CON 0 0 2 842 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:58:11.497322 0.000000 udp 10.0.2.109 3683 -> 77.183.12.220 3056 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:58:19.447391 0.084085 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 859 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:58:19.543132 0.000000 udp 10.0.2.109 3683 -> 78.93.187.132 3720 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:58:26.387028 0.000000 udp 10.0.2.109 3683 -> 218.189.254.190 2347 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:58:33.677940 0.000000 udp 10.0.2.109 3683 -> 75.152.224.140 2340 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:58:39.125472 0.000000 udp 10.0.2.109 3683 -> 213.135.241.104 2148 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:58:46.115690 0.000000 udp 10.0.2.109 3683 -> 113.161.162.136 7350 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:58:54.587817 0.000000 udp 10.0.2.109 3683 -> 50.20.182.29 3684 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:58:59.193745 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 20:58:59.978068 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 20:59:01.897902 0.000000 udp 10.0.2.109 3683 -> 125.174.229.182 7402 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:59:06.985505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:59:10.790970 0.073123 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 702 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:59:10.874996 0.000000 udp 10.0.2.109 3683 -> 172.4.184.226 8552 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:59:14.986508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:59:15.968356 3.004246 tcp 10.0.2.109 57419 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:59:18.011308 0.000000 udp 10.0.2.109 3683 -> 220.189.251.66 5933 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:59:24.971078 0.000000 tcp 10.0.2.109 57419 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:59:24.991443 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:59:30.579255 0.342636 udp 10.0.2.109 3683 <-> 111.250.27.248 5460 CON 0 0 2 664 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:59:30.931785 0.807364 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/16 20:59:30.970942 0.030685 tcp 10.0.2.109 57420 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:59:30.990240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 20:59:31.001901 0.031304 tcp 10.0.2.109 57421 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:59:31.033529 0.128302 tcp 10.0.2.109 57422 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:59:31.173532 2.990554 tcp 10.0.2.109 57423 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:59:31.747765 0.000000 udp 10.0.2.109 3683 -> 66.237.226.20 1336 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:59:39.912714 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:59:40.172758 0.000000 tcp 10.0.2.109 57423 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:59:46.172781 0.031051 tcp 10.0.2.109 57424 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:59:46.203673 0.031328 tcp 10.0.2.109 57425 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:59:46.235341 0.124311 tcp 10.0.2.109 57426 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 20:59:46.514008 3.002110 tcp 10.0.2.109 57427 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:59:47.924119 0.000000 udp 10.0.2.109 3683 -> 123.127.153.253 1010 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 20:59:55.515138 0.000000 tcp 10.0.2.109 57427 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 20:59:56.616602 0.000000 udp 10.0.2.109 3683 -> 207.210.61.76 7656 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:00:01.515545 0.030415 tcp 10.0.2.109 57428 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:00:01.546221 0.031204 tcp 10.0.2.109 57429 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:00:01.577793 0.128517 tcp 10.0.2.109 57430 -> 195.113.214.211 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:00:01.741284 2.997140 tcp 10.0.2.109 57431 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:00:02.995751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:00:05.239366 0.000000 udp 10.0.2.109 3683 -> 78.152.125.2 8385 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:00:10.246450 0.000000 udp 10.0.2.109 3683 -> 86.4.248.161 3809 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:00:10.737345 0.000000 tcp 10.0.2.109 57431 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:00:15.263847 0.000000 udp 10.0.2.109 3683 -> 62.231.24.234 2221 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:00:16.736141 0.029685 tcp 10.0.2.109 57432 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:00:16.766150 0.030800 tcp 10.0.2.109 57433 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:00:16.797227 0.126769 tcp 10.0.2.109 57434 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:00:17.064395 3.005813 tcp 10.0.2.109 57435 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:00:23.445419 0.000000 udp 10.0.2.109 3683 -> 174.119.58.128 2049 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:00:26.069311 0.000000 tcp 10.0.2.109 57435 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:00:32.058536 3.003251 tcp 10.0.2.109 57436 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:00:32.097915 0.061792 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 842 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:00:32.269540 0.046374 udp 10.0.2.109 3683 <-> 87.163.29.87 5818 CON 0 0 2 701 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:00:32.328244 0.042019 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:00:32.403716 0.361260 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 658 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:00:32.808840 0.000000 udp 10.0.2.109 3683 -> 218.217.92.244 9399 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:00:38.777991 0.000000 udp 10.0.2.109 3683 -> 89.97.18.48 7366 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:00:41.060723 0.000000 tcp 10.0.2.109 57436 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:00:47.059849 3.004124 tcp 10.0.2.109 57437 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:00:47.650615 0.320200 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 759 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:00:48.059039 0.186880 udp 10.0.2.109 3683 <-> 93.69.21.114 2478 CON 0 0 2 750 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:00:48.271991 0.000000 udp 10.0.2.109 3683 -> 171.207.0.183 3531 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:00:54.339969 0.000000 udp 10.0.2.109 3683 -> 222.117.216.156 8559 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:00:56.062258 0.000000 tcp 10.0.2.109 57437 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:01:02.061188 2.994106 tcp 10.0.2.109 57438 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:01:02.701971 0.000000 udp 10.0.2.109 3683 -> 86.147.231.27 3877 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:01:06.697529 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:01:08.460278 0.000000 udp 10.0.2.109 3683 -> 14.98.33.69 3896 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:01:11.063433 0.000000 tcp 10.0.2.109 57438 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:01:14.338320 0.000000 udp 10.0.2.109 3683 -> 82.41.217.110 2645 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:01:21.128132 0.000000 udp 10.0.2.109 3683 -> 217.255.133.79 8276 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:01:28.809619 0.049451 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:01:28.894697 0.000000 udp 10.0.2.109 3683 -> 110.77.193.22 1112 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:01:36.480213 0.000000 udp 10.0.2.109 3683 -> 67.182.237.155 7047 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:01:42.739491 0.000000 udp 10.0.2.109 3683 -> 62.49.68.120 6711 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:01:49.799526 0.000000 udp 10.0.2.109 3683 -> 96.246.159.35 5764 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:01:54.696531 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:01:54.846664 0.270353 udp 10.0.2.109 3683 <-> 115.241.165.253 1853 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:01:55.161118 0.000000 udp 10.0.2.109 3683 -> 103.4.238.11 8882 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:02:03.319458 0.000000 udp 10.0.2.109 3683 -> 79.15.14.142 1661 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:02:11.060419 0.000000 udp 10.0.2.109 3683 -> 72.220.181.239 6798 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:02:18.049991 0.000000 udp 10.0.2.109 3683 -> 58.216.213.28 9360 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:02:26.863026 0.199137 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 745 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:02:27.096031 0.000000 udp 10.0.2.109 3683 -> 5.65.154.116 1639 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:02:35.775356 0.000000 udp 10.0.2.109 3683 -> 87.24.2.194 4081 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:02:40.692408 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:02:43.396980 0.000000 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:02:48.984559 0.054908 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 803 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:02:49.060529 0.000000 udp 10.0.2.109 3683 -> 60.244.120.113 9923 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:02:54.462409 0.000000 udp 10.0.2.109 3683 -> 116.14.191.234 8187 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:03:02.594178 0.520249 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 810 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:03:03.542816 0.058954 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 2 805 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:03:03.660253 0.000000 udp 10.0.2.109 3683 -> 64.196.175.254 4607 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:03:11.276590 0.000000 udp 10.0.2.109 3683 -> 173.27.138.221 1031 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:03:17.155589 0.093312 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 670 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:03:17.266428 0.000000 udp 10.0.2.109 3683 -> 81.136.245.57 3409 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:03:24.866178 0.000000 udp 10.0.2.109 3683 -> 75.149.248.142 9940 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:03:29.693405 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:03:32.306901 0.976094 udp 10.0.2.109 3683 <-> 121.245.178.160 8669 CON 0 0 2 697 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:03:33.292543 0.000000 udp 10.0.2.109 3683 -> 79.5.150.126 9996 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:03:41.690780 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 2600 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:03:48.851109 0.000000 udp 10.0.2.109 3683 -> 208.90.195.170 7614 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:03:54.188199 0.000000 udp 10.0.2.109 3683 -> 85.124.198.201 8825 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:04:00.057606 0.000000 udp 10.0.2.109 3683 -> 217.199.19.124 2140 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:04:08.268325 0.000000 udp 10.0.2.109 3683 -> 12.204.159.195 1272 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:04:16.881417 0.000000 udp 10.0.2.109 3683 -> 181.192.152.195 3501 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:04:21.697830 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:04:23.279994 0.201240 udp 10.0.2.109 3683 <-> 171.60.223.1 7507 CON 0 0 2 773 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:04:23.490718 0.000000 udp 10.0.2.109 3683 -> 2.85.7.32 2179 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:04:28.758373 0.059139 udp 10.0.2.109 3683 <-> 86.122.232.164 1918 CON 0 0 2 775 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:04:28.833237 0.355897 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 782 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:04:29.202737 0.000000 udp 10.0.2.109 3683 -> 93.147.134.216 4700 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:04:37.781049 0.000000 udp 10.0.2.109 3683 -> 139.228.11.212 9033 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:04:46.623867 0.343027 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 770 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:04:46.976876 0.000000 udp 10.0.2.109 3683 -> 92.232.219.88 1712 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:04:53.323467 0.000000 udp 10.0.2.109 3683 -> 182.185.160.168 7364 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:04:59.712351 0.558865 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:05:00.309088 0.178219 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:05:00.497598 0.154453 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 685 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:05:00.662205 0.043221 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 846 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:05:00.728234 0.370731 udp 10.0.2.109 3683 <-> 120.151.34.23 9642 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:05:01.122877 0.000000 udp 10.0.2.109 3683 -> 99.234.40.48 7842 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:05:08.244549 0.286985 udp 10.0.2.109 3683 <-> 182.188.159.151 6941 CON 0 0 2 725 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:05:08.541262 0.252099 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 823 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:05:08.813491 0.000000 udp 10.0.2.109 3683 -> 208.104.146.97 4149 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:05:13.191475 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:05:15.886239 0.000000 udp 10.0.2.109 3683 -> 197.228.219.200 3323 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:05:21.864259 0.000000 udp 10.0.2.109 3683 -> 182.52.235.84 3206 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:05:28.864337 0.104331 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:05:28.978911 0.000000 udp 10.0.2.109 3683 -> 79.7.145.151 5204 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:05:34.272591 0.000000 udp 10.0.2.109 3683 -> 93.44.41.174 5334 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:06:07.002901 3.001090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 21:06:14.009205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:06:17.064794 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:06:17.064976 3.002734 tcp 10.0.2.109 57439 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:06:22.010978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:06:26.066590 0.000000 tcp 10.0.2.109 57439 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:06:32.068026 0.031237 tcp 10.0.2.109 57440 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:06:32.099589 0.031314 tcp 10.0.2.109 57441 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:06:32.131214 0.125005 tcp 10.0.2.109 57442 -> 195.113.214.211 443 SRPA* 0 0 38 31800 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:06:32.316730 3.003252 tcp 10.0.2.109 57443 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:06:38.014099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:06:41.318661 0.000000 tcp 10.0.2.109 57443 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:06:47.318048 0.030486 tcp 10.0.2.109 57444 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:06:47.348768 0.030806 tcp 10.0.2.109 57445 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:06:47.379877 0.127640 tcp 10.0.2.109 57446 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:06:47.529296 3.002686 tcp 10.0.2.109 57447 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:06:56.530589 0.000000 tcp 10.0.2.109 57447 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:07:02.529730 0.030724 tcp 10.0.2.109 57448 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:07:02.560743 0.030839 tcp 10.0.2.109 57449 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:07:02.591852 0.132471 tcp 10.0.2.109 57450 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:07:02.807409 3.006253 tcp 10.0.2.109 57451 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:07:10.019953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:07:11.822053 0.000000 tcp 10.0.2.109 57451 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:07:17.801566 0.031191 tcp 10.0.2.109 57452 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:07:17.832549 0.030847 tcp 10.0.2.109 57453 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:07:17.863685 0.128309 tcp 10.0.2.109 57454 -> 195.113.214.211 443 SRPA* 0 0 46 40990 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:07:18.036640 2.998983 tcp 10.0.2.109 57455 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:07:27.034308 0.000000 tcp 10.0.2.109 57455 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:07:33.033377 2.993830 tcp 10.0.2.109 57456 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:07:42.025481 0.000000 tcp 10.0.2.109 57456 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:07:48.034336 3.004554 tcp 10.0.2.109 57457 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:07:57.037627 0.000000 tcp 10.0.2.109 57457 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:08:03.035904 3.004632 tcp 10.0.2.109 57458 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:08:07.692392 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:08:12.039295 0.000000 tcp 10.0.2.109 57458 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:13:14.026308 3.001248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 21:13:18.039211 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:13:18.039308 3.004025 tcp 10.0.2.109 57459 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:13:21.033268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:13:27.041749 0.000000 tcp 10.0.2.109 57459 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:13:29.034663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:13:33.042947 0.099428 tcp 10.0.2.109 57460 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:13:33.142712 0.032285 tcp 10.0.2.109 57461 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:13:33.175256 0.140360 tcp 10.0.2.109 57462 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:13:33.465210 3.000486 tcp 10.0.2.109 57463 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:13:42.473817 0.000000 tcp 10.0.2.109 57463 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:13:45.057756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:13:48.463219 0.031044 tcp 10.0.2.109 57464 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:13:48.494439 0.031190 tcp 10.0.2.109 57465 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:13:48.525905 0.125048 tcp 10.0.2.109 57466 -> 195.113.214.211 443 SRPA* 0 0 47 28038 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:13:48.752905 2.994691 tcp 10.0.2.109 57467 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:13:57.745842 0.000000 tcp 10.0.2.109 57467 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:14:03.755361 0.030633 tcp 10.0.2.109 57468 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:14:03.785851 0.031805 tcp 10.0.2.109 57469 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:14:03.818011 0.125388 tcp 10.0.2.109 57470 -> 195.113.214.211 443 SRPA* 0 0 47 36128 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:14:04.163900 3.005668 tcp 10.0.2.109 57471 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:14:13.167865 0.000000 tcp 10.0.2.109 57471 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:14:17.063951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:14:19.157275 0.030113 tcp 10.0.2.109 57472 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:14:19.187693 0.031089 tcp 10.0.2.109 57473 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:14:19.219073 0.127123 tcp 10.0.2.109 57474 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:14:19.519026 3.002641 tcp 10.0.2.109 57475 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:14:28.519947 0.000000 tcp 10.0.2.109 57475 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:14:34.519306 3.004178 tcp 10.0.2.109 57476 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:14:43.521719 0.000000 tcp 10.0.2.109 57476 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:14:49.520840 2.994069 tcp 10.0.2.109 57477 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:14:58.523524 0.000000 tcp 10.0.2.109 57477 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:15:04.521907 2.994103 tcp 10.0.2.109 57478 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:15:09.218923 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:15:13.515058 0.000000 tcp 10.0.2.109 57478 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:20:19.525266 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:20:19.525369 3.003796 tcp 10.0.2.109 57479 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:20:21.070858 3.000591 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 21:20:28.077937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:20:28.527660 0.000000 tcp 10.0.2.109 57479 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:20:34.527890 0.031503 tcp 10.0.2.109 57480 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:20:34.559680 0.052105 tcp 10.0.2.109 57481 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:20:34.612075 0.146330 tcp 10.0.2.109 57482 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:20:34.780031 3.001492 tcp 10.0.2.109 57483 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:20:36.079117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:20:43.779755 0.000000 tcp 10.0.2.109 57483 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:20:49.779175 0.054492 tcp 10.0.2.109 57484 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:20:49.833959 0.031229 tcp 10.0.2.109 57485 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:20:49.865480 0.147778 tcp 10.0.2.109 57486 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:20:50.059403 3.004052 tcp 10.0.2.109 57487 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:20:52.082210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:20:59.061846 0.000000 tcp 10.0.2.109 57487 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:21:05.060712 0.054190 tcp 10.0.2.109 57488 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:21:05.115203 0.031728 tcp 10.0.2.109 57489 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:21:05.147188 0.127108 tcp 10.0.2.109 57490 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:21:05.285938 2.999493 tcp 10.0.2.109 57491 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:21:14.293905 0.000000 tcp 10.0.2.109 57491 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:21:20.282762 0.050635 tcp 10.0.2.109 57492 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:21:20.333676 0.031112 tcp 10.0.2.109 57493 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:21:20.365075 0.128539 tcp 10.0.2.109 57494 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:21:20.523601 3.003617 tcp 10.0.2.109 57495 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:21:24.087813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:21:29.525579 0.000000 tcp 10.0.2.109 57495 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:21:35.524061 3.004567 tcp 10.0.2.109 57496 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:21:44.527465 0.000000 tcp 10.0.2.109 57496 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:21:50.525950 3.003979 tcp 10.0.2.109 57497 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:21:59.528494 0.000000 tcp 10.0.2.109 57497 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:22:05.527192 3.004642 tcp 10.0.2.109 57498 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:22:10.213839 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:22:14.529957 0.000000 tcp 10.0.2.109 57498 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:27:28.094524 3.001140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 21:27:35.101561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:27:43.102968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:27:59.106044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:28:31.111903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:34:35.117971 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 21:34:42.125310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:34:50.126352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:35:06.129690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:35:38.135834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:36:00.628530 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:36:00.628645 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:36:18.125378 0.030764 tcp 10.0.2.109 57499 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:18.156426 0.053097 tcp 10.0.2.109 57500 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:18.209904 0.132356 tcp 10.0.2.109 57501 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:18.343025 0.081446 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:18.403684 0.101534 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:18.637348 0.172978 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:18.804918 0.072168 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:18.959616 0.182834 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:19.135051 0.082806 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:19.201043 0.193491 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:19.389081 0.173606 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:19.540511 0.205695 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:19.738995 0.046074 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:19.841007 0.164652 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:20.002284 0.209839 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:20.286272 2.498265 rtp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:20.587341 3.003887 tcp 10.0.2.109 57502 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:36:22.778063 0.175839 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:23.035360 0.068279 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:23.086027 0.055147 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:23.166342 0.132714 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:23.295011 0.148332 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:23.439052 0.248160 udp 10.0.2.109 3683 <-> 190.118.139.24 5253 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:23.679198 0.112367 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:23.858790 0.108818 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:23.927495 0.340887 udp 10.0.2.109 3683 <-> 111.250.27.248 5460 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:24.357204 0.279432 rtp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:24.607258 0.061253 udp 10.0.2.109 3683 <-> 87.163.29.87 5818 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:24.714249 0.051698 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:24.761885 0.054697 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:24.914543 0.358563 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:25.372292 0.344085 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:25.696977 1.274982 udp 10.0.2.109 3683 <-> 93.69.21.114 2478 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:36:26.916992 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:36:29.589925 0.000000 tcp 10.0.2.109 57502 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:36:35.588644 0.041880 tcp 10.0.2.109 57503 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:35.630760 0.031847 tcp 10.0.2.109 57504 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:35.662916 0.144274 tcp 10.0.2.109 57505 -> 195.113.214.211 443 SRPA* 0 0 41 22594 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:35.816691 3.005912 tcp 10.0.2.109 57506 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:36:44.551826 0.051443 tcp 10.0.2.109 57507 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:44.603566 0.052395 tcp 10.0.2.109 57508 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:44.656310 0.145114 tcp 10.0.2.109 57509 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:44.801633 0.000000 udp 10.0.2.109 3683 -> 115.241.165.253 1853 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 21:36:44.821677 0.000000 tcp 10.0.2.109 57506 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:36:50.810674 0.052423 tcp 10.0.2.109 57510 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:50.863480 0.052912 tcp 10.0.2.109 57511 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:50.916232 0.140661 tcp 10.0.2.109 57512 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:36:51.074081 3.000924 tcp 10.0.2.109 57513 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:37:00.083580 0.000000 tcp 10.0.2.109 57513 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:37:00.564433 0.030886 tcp 10.0.2.109 57514 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:37:00.595595 0.051124 tcp 10.0.2.109 57515 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:37:00.646566 0.145368 tcp 10.0.2.109 57516 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:37:00.792509 0.703072 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:01.489445 0.070031 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:01.541068 0.741206 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:02.022330 0.073763 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:02.078140 0.097897 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:02.179712 0.980450 udp 10.0.2.109 3683 <-> 121.245.178.160 8669 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:02.879023 0.322406 udp 10.0.2.109 3683 <-> 171.60.223.1 7507 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:03.050317 0.063968 udp 10.0.2.109 3683 <-> 86.122.232.164 1918 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:03.115278 0.355330 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:03.472089 0.246365 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:03.734339 0.063868 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:03.782305 0.151174 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:03.934621 0.189226 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:04.151480 0.627769 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:04.595066 0.385467 udp 10.0.2.109 3683 <-> 120.151.34.23 9642 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:04.963480 0.260358 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:05.225432 0.641364 udp 10.0.2.109 3683 <-> 182.188.159.151 6941 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:05.499622 0.092144 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/01/16 21:37:06.072627 2.994171 tcp 10.0.2.109 57517 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:37:15.065289 0.000000 tcp 10.0.2.109 57517 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:41:42.142318 3.131031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 21:41:49.279420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:41:57.280831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:42:13.283953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:42:21.135934 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 21:42:21.136031 3.003361 tcp 10.0.2.109 57518 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:42:30.138310 0.000000 tcp 10.0.2.109 57518 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:42:36.139788 0.053667 tcp 10.0.2.109 57519 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:42:36.193724 0.052225 tcp 10.0.2.109 57520 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:42:36.246400 0.147509 tcp 10.0.2.109 57521 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:42:36.420030 3.001502 tcp 10.0.2.109 57522 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:42:45.289561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:42:45.419966 0.000000 tcp 10.0.2.109 57522 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:42:51.418926 0.052410 tcp 10.0.2.109 57523 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:42:51.471654 0.052440 tcp 10.0.2.109 57524 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:42:51.524332 0.146228 tcp 10.0.2.109 57525 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:42:51.837575 3.005662 tcp 10.0.2.109 57526 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:43:00.842341 0.000000 tcp 10.0.2.109 57526 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/16 21:43:06.831216 0.054224 tcp 10.0.2.109 57527 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:43:06.885740 0.031610 tcp 10.0.2.109 57528 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:43:06.917708 0.128067 tcp 10.0.2.109 57529 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:43:07.058709 1.052351 tcp 10.0.2.109 57530 -> 70.113.215.93 3558 FSPA* 0 0 14 1607 flow=From-Botnet-V1-TCP-Established 1970/01/16 21:48:49.296176 3.001505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 21:48:56.303602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:49:04.305155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:49:20.307967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:49:52.314386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:55:56.320305 3.001112 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 21:56:03.327113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:56:11.329024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:56:27.332256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 21:56:59.337621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:03:03.344358 3.001247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 22:03:10.351279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:03:18.353230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:03:34.355680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:04:06.362033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:07:33.650225 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 22:07:33.650324 0.053360 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:33.704104 0.048780 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:33.753242 0.000000 udp 10.0.2.109 3683 -> 115.241.165.253 1853 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:07:49.283720 0.196592 tcp 10.0.2.109 57531 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:07:49.480329 0.196070 tcp 10.0.2.109 57532 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:07:49.676685 1.617696 tcp 10.0.2.109 57533 -> 195.113.214.211 443 SRPA* 0 0 34 19206 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:07:51.295018 0.053026 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:51.348371 0.060218 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:51.408962 0.058426 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:51.467841 0.150595 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:51.618787 0.181522 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:51.800664 0.146332 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:51.947364 0.060129 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:52.007897 0.040131 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:52.048402 0.157003 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:52.205797 0.159437 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:52.365667 0.174340 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:52.540425 0.157895 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:52.698745 0.242566 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:52.941683 0.173347 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.115445 0.127183 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.243072 0.132008 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.375431 0.258107 udp 10.0.2.109 3683 <-> 190.118.139.24 5253 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.633912 0.081491 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.715853 0.073401 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.789635 0.052985 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.843029 0.052178 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.895606 0.040745 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.936785 0.058625 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:53.995758 0.333934 udp 10.0.2.109 3683 <-> 111.250.27.248 5460 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:54.330263 0.249357 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:07:54.580017 0.000000 udp 10.0.2.109 3683 -> 87.163.29.87 5818 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:08:12.085396 0.030337 tcp 10.0.2.109 57534 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:08:12.116079 0.062781 tcp 10.0.2.109 57535 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:08:12.179152 0.158606 tcp 10.0.2.109 57536 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:08:12.338398 0.358973 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:12.697771 0.384148 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:13.082297 0.000000 udp 10.0.2.109 3683 -> 93.69.21.114 2478 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:08:31.523690 0.061539 tcp 10.0.2.109 57537 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:08:31.585543 0.060830 tcp 10.0.2.109 57538 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:08:31.646678 0.157939 tcp 10.0.2.109 57539 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:08:31.805081 0.612096 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:32.417613 0.050869 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:32.468926 0.735703 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:33.205035 0.742382 udp 10.0.2.109 3683 <-> 121.245.178.160 8669 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:33.947822 0.000000 udp 10.0.2.109 3683 -> 171.60.223.1 7507 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:08:51.222437 0.060861 tcp 10.0.2.109 57540 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:08:51.283653 0.062238 tcp 10.0.2.109 57541 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:08:51.346126 0.155145 tcp 10.0.2.109 57542 -> 195.113.214.211 443 SRPA* 0 0 41 34904 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:08:51.501934 0.056678 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:51.558957 0.097326 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:51.656680 0.056594 udp 10.0.2.109 3683 <-> 86.122.232.164 1918 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:51.713684 0.341414 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:52.055451 0.242293 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:52.298203 0.041427 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:52.340066 0.149778 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:52.490263 0.367801 udp 10.0.2.109 3683 <-> 120.151.34.23 9642 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:52.858544 0.187785 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:53.046721 0.724137 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:53.771301 0.103260 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:53.875006 0.261567 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:08:54.136964 0.000000 udp 10.0.2.109 3683 -> 182.188.159.151 6941 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:09:10.820162 0.196528 tcp 10.0.2.109 57543 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:09:11.016538 0.196919 tcp 10.0.2.109 57544 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:09:11.213746 0.166567 tcp 10.0.2.109 57545 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:10:10.367162 3.002151 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 22:10:17.375456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:10:25.376565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:10:41.379765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:11:13.386301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:13:08.111353 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 22:13:08.111649 1.116974 tcp 10.0.2.109 57546 -> 70.113.215.93 3558 FSPA* 0 0 14 1732 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:17:17.391768 3.001816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 22:17:24.399266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:17:32.400543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:17:48.403928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:18:20.410103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:24:24.416312 3.001437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 22:24:31.423356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:24:39.424877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:24:55.427971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:25:27.433365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:31:31.439688 3.001982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 22:31:38.447203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:31:46.448440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:32:02.451558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:32:34.457665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:38:38.464170 3.000794 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 22:38:45.470766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:38:53.472814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:39:09.505656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:39:38.247058 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 22:39:38.247303 0.000000 udp 10.0.2.109 3683 -> 87.163.29.87 5818 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:39:41.511476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:39:57.136300 0.062552 tcp 10.0.2.109 57547 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:39:57.199218 0.061792 tcp 10.0.2.109 57548 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:39:57.261303 0.154593 tcp 10.0.2.109 57549 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:39:57.416509 0.000000 udp 10.0.2.109 3683 -> 93.69.21.114 2478 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:40:12.877328 0.062190 tcp 10.0.2.109 57550 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:40:12.939375 0.061769 tcp 10.0.2.109 57551 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:40:13.001383 0.158964 tcp 10.0.2.109 57552 -> 195.113.214.211 443 SRPA* 0 0 46 41914 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:40:13.160934 0.000000 udp 10.0.2.109 3683 -> 171.60.223.1 7507 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:40:28.930519 0.063628 tcp 10.0.2.109 57553 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:40:28.994502 0.062220 tcp 10.0.2.109 57554 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:40:29.057021 0.162240 tcp 10.0.2.109 57555 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:40:29.219469 0.000000 udp 10.0.2.109 3683 -> 182.188.159.151 6941 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:40:46.676179 0.061920 tcp 10.0.2.109 57556 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:40:46.738412 0.061688 tcp 10.0.2.109 57557 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:40:46.800398 0.155776 tcp 10.0.2.109 57558 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:40:46.956804 0.046545 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.003734 0.045223 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.049330 0.175574 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.225313 0.143857 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.369565 0.058607 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.428516 0.053906 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.482824 0.063262 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.546456 0.064075 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.610960 0.150152 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.761520 0.187623 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:47.949586 0.159673 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:48.109668 0.044467 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:48.154557 0.173468 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:48.328433 0.161296 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:48.490080 0.157618 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:48.648268 0.074870 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:48.723527 0.066713 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:48.790666 0.229748 udp 10.0.2.109 3683 <-> 190.118.139.24 5253 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:49.020799 0.050089 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:49.071235 0.046517 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:49.118188 0.133070 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:49.251647 0.134372 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:49.386558 0.055986 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:49.442939 0.169267 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:49.612619 0.053533 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:49.666510 0.332663 udp 10.0.2.109 3683 <-> 111.250.27.248 5460 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:49.999592 0.435054 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:50.435033 0.361615 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:50.797112 0.316633 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:51.114307 0.050269 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:51.165000 0.291229 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:51.456581 0.578682 udp 10.0.2.109 3683 <-> 121.245.178.160 8669 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:52.035691 0.448354 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:40:52.484508 0.000000 udp 10.0.2.109 3683 -> 86.122.232.164 1918 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 22:41:09.148214 0.060187 tcp 10.0.2.109 57559 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:41:09.208707 0.063140 tcp 10.0.2.109 57560 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:41:09.272136 0.163867 tcp 10.0.2.109 57561 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:41:09.435040 0.097359 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:09.532793 0.055376 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:09.588573 0.244151 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:09.833111 0.041751 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:09.875230 0.150357 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:10.025977 0.368692 udp 10.0.2.109 3683 <-> 120.151.34.23 9642 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:10.395041 0.352434 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:10.747936 0.492673 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:11.240981 0.188780 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:11.430248 0.091332 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:41:11.522033 0.267523 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/16 22:43:09.230496 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 22:43:09.230616 1.029775 tcp 10.0.2.109 57562 -> 70.113.215.93 3558 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/01/16 22:45:45.517470 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 22:45:52.525226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:46:00.526576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:46:16.529861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:46:48.535594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:52:52.542525 3.001404 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 22:52:59.549333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:53:07.551043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:53:23.553635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:53:55.559934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 22:59:59.566039 3.000915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 23:00:06.572790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:00:14.574907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:00:30.577254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:01:02.583413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:07:06.589392 3.001605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 23:07:13.597243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:07:21.598463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:07:37.601842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:08:09.607871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:11:40.921703 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 23:11:40.921800 0.000000 udp 10.0.2.109 3683 -> 86.122.232.164 1918 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 23:11:57.848271 0.063052 tcp 10.0.2.109 57563 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:11:57.911347 0.090666 tcp 10.0.2.109 57564 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:11:58.001942 0.177655 tcp 10.0.2.109 57565 -> 195.113.214.211 443 SRPA* 0 0 24 12986 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:11:58.180202 0.052100 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:11:58.232851 0.181581 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:11:58.414781 0.142680 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:11:58.557833 0.056388 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:11:58.614689 0.054297 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:11:58.669402 0.061642 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:11:58.731450 0.060335 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:11:58.792190 0.149172 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:11:58.941784 0.762006 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:11:59.704194 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 23:12:18.345869 0.060684 tcp 10.0.2.109 57566 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:12:18.406849 0.081276 tcp 10.0.2.109 57567 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:12:18.488466 0.170873 tcp 10.0.2.109 57568 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:12:18.659909 0.044784 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:18.705099 0.155641 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:18.861146 0.158202 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:19.019699 0.081633 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:19.101733 0.074281 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:19.176409 0.000000 udp 10.0.2.109 3683 -> 190.118.139.24 5253 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 23:12:37.893644 0.031209 tcp 10.0.2.109 57569 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:12:37.925215 0.061772 tcp 10.0.2.109 57570 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:12:37.987230 0.270530 tcp 10.0.2.109 57571 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:12:38.258283 0.163930 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:38.422608 0.176496 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:38.599546 0.040821 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:38.640759 0.145883 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:38.786993 0.132907 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:38.920296 0.055174 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:38.975832 0.169600 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:39.145905 0.052929 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:39.199267 0.327938 udp 10.0.2.109 3683 <-> 111.250.27.248 5460 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:39.527689 0.050496 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:39.578607 0.358222 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:39.937152 0.475587 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:40.413108 0.690347 udp 10.0.2.109 3683 <-> 121.245.178.160 8669 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:41.103863 0.052514 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:41.156798 0.350734 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:41.507924 0.225855 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:41.734234 0.685849 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:42.420456 0.096901 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:42.517754 0.059697 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:42.577869 0.328026 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:42.906455 0.041074 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:42.947955 0.149150 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:43.097528 0.369123 udp 10.0.2.109 3683 <-> 120.151.34.23 9642 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:43.467035 0.337279 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:43.804712 0.103347 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:43.908467 0.263177 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:44.172105 0.594976 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:12:44.767430 0.190852 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:13:10.260309 0.992627 tcp 10.0.2.109 57572 -> 70.113.215.93 3558 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:14:13.613541 3.002057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/16 23:14:20.621222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:14:28.622339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:14:44.625245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:15:16.631540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:21:20.637919 3.001123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 23:21:27.644889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:21:35.646833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:21:51.649627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:22:23.655146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:28:27.662118 3.001180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 23:28:34.668886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:28:42.670610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:28:58.673331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:29:30.679407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:35:34.685962 3.091376 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 23:35:41.782954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:35:49.784747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:36:05.787162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:36:37.793609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:42:41.799835 3.001383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 23:42:48.807259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:42:49.678601 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/16 23:42:49.678699 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 23:42:56.808111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:43:07.355285 0.062628 tcp 10.0.2.109 57573 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:07.418216 0.062083 tcp 10.0.2.109 57574 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:07.480148 0.154768 tcp 10.0.2.109 57575 -> 195.113.214.211 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:07.635436 0.000000 udp 10.0.2.109 3683 -> 190.118.139.24 5253 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 23:43:11.299973 1.072378 tcp 10.0.2.109 57576 -> 70.113.215.93 3558 FSPA* 0 0 14 1551 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:12.811462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:43:22.666479 0.060835 tcp 10.0.2.109 57577 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:22.727695 0.062384 tcp 10.0.2.109 57578 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:22.790420 0.157618 tcp 10.0.2.109 57579 -> 195.113.214.211 443 SRPA* 0 0 90 71038 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:22.948252 0.059267 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:23.007863 0.180656 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:23.188867 0.061649 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:23.250978 0.061185 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:23.312590 0.147553 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:23.460525 0.050207 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:23.511162 0.143359 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:23.654972 0.049606 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 592 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:23.705068 0.187205 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:23.892605 0.155943 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.048947 0.153525 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.202889 0.044617 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.247839 0.066212 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.314440 0.079419 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.394285 0.040887 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.435579 0.141991 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.577984 0.149203 udp 10.0.2.109 3683 <-> 24.222.53.20 1991 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.727578 0.058820 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.786820 0.158225 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:24.945417 0.175670 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:25.121481 0.173081 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:25.294961 0.053380 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:25.348784 0.329674 udp 10.0.2.109 3683 <-> 111.250.27.248 5460 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:25.678868 0.049914 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:25.729211 0.352660 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:26.082366 0.329407 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:26.412121 0.320099 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:26.732584 0.150174 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:26.883199 0.646260 udp 10.0.2.109 3683 <-> 121.245.178.160 8669 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:27.529818 0.049704 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:27.579852 0.456530 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:28.036788 0.093229 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:28.130427 0.000000 udp 10.0.2.109 3683 -> 81.130.11.16 5196 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/16 23:43:44.817175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:43:46.410196 0.062453 tcp 10.0.2.109 57580 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:46.472367 0.063233 tcp 10.0.2.109 57581 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:46.535919 0.157162 tcp 10.0.2.109 57582 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/16 23:43:46.693582 0.310034 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:47.003966 0.047591 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:47.051942 0.343065 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:47.395412 0.116394 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:47.512205 0.149733 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:47.662303 0.369435 udp 10.0.2.109 3683 <-> 120.151.34.23 9642 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:48.032137 0.184174 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:48.216709 0.260852 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:43:48.477913 0.546991 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/16 23:49:48.823717 3.001502 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 23:49:55.831256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:50:03.832405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:50:19.835138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:50:51.841240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:56:55.847861 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/16 23:57:02.854543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:57:10.856525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:57:26.859300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/16 23:57:58.865476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:04:02.870778 3.002300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 00:04:09.879037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:04:17.880654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:04:33.883199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:05:05.889525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:11:09.895904 3.000952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 00:11:16.902814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:11:24.903994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:11:40.907589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:12:12.913516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:13:12.379818 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 00:13:12.379916 1.063007 tcp 10.0.2.109 57583 -> 70.113.215.93 3558 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:14:18.324241 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 00:14:18.324394 0.051455 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:18.376250 0.057000 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:18.433713 0.054057 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:18.488184 0.059524 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:18.548106 0.149696 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:18.698228 0.050568 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:18.749205 0.142269 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:18.891854 0.052000 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:18.944272 0.894039 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:19.838741 0.156040 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:19.995219 0.181165 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:20.176881 0.040933 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:20.218255 0.158051 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:20.376768 0.080658 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:20.457851 0.039877 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:20.498136 0.140153 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:20.638682 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 00:14:37.793321 0.062293 tcp 10.0.2.109 57584 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:14:37.855886 0.062780 tcp 10.0.2.109 57585 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:14:37.919007 0.168371 tcp 10.0.2.109 57586 -> 195.113.214.211 443 SRPA* 0 0 45 36364 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:14:38.087997 0.055273 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:38.143657 0.157279 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:38.301343 0.066098 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:38.367794 0.056904 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:38.425132 0.000000 udp 10.0.2.109 3683 -> 111.250.27.248 5460 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 00:14:57.089901 0.062953 tcp 10.0.2.109 57587 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:14:57.153177 0.070594 tcp 10.0.2.109 57588 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:14:57.224112 0.159990 tcp 10.0.2.109 57589 -> 195.113.214.211 443 SRPA* 0 0 58 39272 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:14:57.384315 0.052606 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:57.437274 0.163514 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:57.601204 0.174102 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:57.775716 0.356277 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:58.132420 0.353692 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:58.486518 0.250412 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:58.737337 0.345445 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:59.083155 0.049848 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:59.133443 0.677593 udp 10.0.2.109 3683 <-> 121.245.178.160 8669 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:14:59.811449 0.566172 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:00.377999 0.100521 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:00.478923 0.243669 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:00.723003 0.046276 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:00.769702 0.154427 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:00.924552 0.370042 udp 10.0.2.109 3683 <-> 120.151.34.23 9642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:01.295002 0.341699 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:01.637056 0.090726 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:01.728192 0.621907 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:02.350523 0.190608 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:15:02.541488 0.261249 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:18:16.940044 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 00:18:23.946797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:18:31.948000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:18:47.951341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:19:19.957254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:25:23.963310 3.002023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 00:25:30.970995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:25:38.972495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:25:54.975290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:26:26.981220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:32:30.986779 3.002490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 00:32:37.994375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:32:45.995881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:33:01.999624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:33:34.004960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:39:38.012083 3.000975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 00:39:45.018870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:39:53.020321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:40:09.023314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:40:41.028869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:43:13.448478 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 00:43:13.448560 0.998893 tcp 10.0.2.109 57590 -> 70.113.215.93 3558 FSPA* 0 0 14 1553 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:45:18.067861 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 00:45:18.067961 0.000000 udp 10.0.2.109 3683 -> 24.222.53.20 1991 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 00:45:35.955588 0.062729 tcp 10.0.2.109 57591 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:45:36.018589 0.062289 tcp 10.0.2.109 57592 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:45:36.081198 0.233161 tcp 10.0.2.109 57593 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:45:36.314954 0.000000 udp 10.0.2.109 3683 -> 111.250.27.248 5460 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 00:45:54.750730 0.061026 tcp 10.0.2.109 57594 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:45:54.812085 0.062268 tcp 10.0.2.109 57595 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:45:54.874679 0.174076 tcp 10.0.2.109 57596 -> 195.113.214.211 443 SRPA* 0 0 49 30146 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:45:55.049324 0.061191 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:55.110977 0.147067 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:55.258468 0.061749 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:55.320661 0.139026 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:55.460058 0.053997 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:55.514450 0.052642 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:55.567506 0.051804 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:55.619651 0.059600 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:55.679669 0.204333 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:55.884392 0.155152 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.039942 0.080579 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.120935 0.046669 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.167986 0.192785 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.361167 0.039997 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.401543 0.190042 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.591930 0.158273 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.750601 0.072785 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.823778 0.052772 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.877011 0.053579 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:56.931020 0.164238 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:57.095674 0.176265 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:57.272358 0.050657 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:57.323361 0.163750 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:57.487448 0.149689 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:57.637539 0.358679 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:57.996642 0.249322 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:58.246349 0.589572 udp 10.0.2.109 3683 <-> 121.245.178.160 8669 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:58.836292 0.350190 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:59.186824 0.056599 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:45:59.243809 0.878346 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:00.122518 0.093206 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:00.216161 0.245352 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:00.461902 0.047997 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:00.510492 0.154001 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:00.664885 0.103070 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:00.768356 0.000000 udp 10.0.2.109 3683 -> 120.151.34.23 9642 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 00:46:18.815226 0.062219 tcp 10.0.2.109 57597 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:46:18.877299 0.062690 tcp 10.0.2.109 57598 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:46:18.940276 0.151885 tcp 10.0.2.109 57599 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/17 00:46:19.092779 0.364408 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:19.457610 0.244777 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:19.702783 0.368895 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:20.072055 0.187914 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/17 00:46:45.035822 3.001021 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 00:46:52.042974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:47:00.044102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:47:16.047493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:47:48.053536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:53:52.185575 2.995590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 00:53:59.186645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:54:07.187970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:54:23.191234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 00:54:55.197706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:00:59.401957 3.003455 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 01:01:06.411006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:01:14.412213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:01:30.415627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:02:02.421887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:08:06.427763 3.001519 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 01:08:13.435364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:08:21.436415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:08:37.439346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:09:09.445491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:13:14.538076 0.000167 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 01:13:14.538395 1.072558 tcp 10.0.2.109 57600 -> 70.113.215.93 3558 FSPA* 0 0 14 1616 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:15:13.451375 3.001721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 01:15:20.458658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:15:28.460468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:15:44.463827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:16:16.469751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:16:33.003860 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 01:16:33.003959 0.000000 udp 10.0.2.109 3683 -> 120.151.34.23 9642 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 01:16:51.962924 0.061319 tcp 10.0.2.109 57601 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:16:52.024522 0.061816 tcp 10.0.2.109 57602 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:16:52.086631 0.172604 tcp 10.0.2.109 57603 -> 195.113.214.211 443 SRPA* 0 0 35 25740 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:16:52.259864 0.148250 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:52.408558 0.062518 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:52.471476 0.144480 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:52.616365 0.046331 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:52.663140 0.079924 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:52.743457 0.048419 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:52.792230 0.065931 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:52.858584 0.288646 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:53.147651 0.149925 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:53.297922 0.062060 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:53.360423 0.040502 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:53.401286 0.134269 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:53.535982 0.082416 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:53.618847 0.190559 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:53.809772 0.158879 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:53.969063 0.068724 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:54.038235 0.054338 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:54.093033 0.054498 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:54.147930 0.040199 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:54.188466 0.049948 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:54.238840 0.161545 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:54.400867 0.151408 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:54.552689 0.364257 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:54.917344 0.173584 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:55.091356 0.157923 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:55.249694 0.250230 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:16:55.500306 0.000000 udp 10.0.2.109 3683 -> 121.245.178.160 8669 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 01:17:11.358959 0.061341 tcp 10.0.2.109 57604 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:17:11.420578 0.061436 tcp 10.0.2.109 57605 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:17:11.482316 0.158812 tcp 10.0.2.109 57606 -> 195.113.214.211 443 SRPA* 0 0 31 14238 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:17:11.641783 0.050474 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:11.692683 0.331379 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:12.024510 0.097131 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:12.122025 0.041532 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:12.163919 0.149149 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:12.313484 0.103280 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:12.417193 0.357719 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:12.775332 0.471757 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:13.247485 0.564638 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:13.812495 0.368692 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:14.181617 0.235689 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:17:14.417755 0.197285 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:22:20.475829 3.001169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 01:22:27.483051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:22:35.484101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:22:51.487539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:23:23.493736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:29:27.499163 3.001641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 01:29:34.506700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:29:42.508332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:29:58.511725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:30:30.517699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:36:34.524024 3.001085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 01:36:41.531227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:36:49.532499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:37:05.535773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:37:37.541743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:43:15.617669 0.000173 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 01:43:15.617943 1.040886 tcp 10.0.2.109 57607 -> 70.113.215.93 3558 FSPA* 0 0 14 1733 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:43:41.547905 3.001496 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 01:43:48.554927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:43:56.556172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:44:12.559714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:44:44.565529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:47:22.643188 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 01:47:22.643298 0.000000 udp 10.0.2.109 3683 -> 121.245.178.160 8669 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 01:47:38.737970 0.062033 tcp 10.0.2.109 57608 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:47:38.800283 0.062445 tcp 10.0.2.109 57609 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:47:38.863074 0.162653 tcp 10.0.2.109 57610 -> 195.113.214.211 443 SRPA* 0 0 31 14236 flow=From-Botnet-V1-TCP-Established 1970/01/17 01:47:39.025676 0.140790 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.166896 0.051907 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.219242 0.060677 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.280318 0.055321 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.336048 0.059287 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.395671 0.146339 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.542424 0.062880 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.605737 0.151030 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.757181 0.063160 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.820709 0.046202 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:39.867309 0.143999 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:40.011723 1.077699 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:41.089788 0.188174 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:41.278391 0.164523 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:41.443338 0.070659 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:41.514551 0.083052 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:41.598003 0.044579 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:41.642984 0.050647 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:41.694015 0.164936 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:41.859372 0.149545 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:42.009315 0.382377 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:42.392089 0.053306 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:42.445746 0.055632 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:42.501716 0.176213 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:42.678554 0.164042 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:42.843014 0.250205 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:43.093651 0.057533 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:43.151598 0.347182 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:43.499146 0.092808 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:43.592365 0.046069 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:43.638871 0.154095 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:43.793442 0.090933 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:43.884743 0.276707 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:44.161858 0.466058 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:44.628327 0.408450 udp 10.0.2.109 3683 <-> 125.113.191.17 5674 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:45.037183 0.190382 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:45.227964 0.334263 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:47:45.562628 0.236404 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/17 01:50:48.571807 3.001406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 01:50:55.578950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:51:03.580631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:51:19.583152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:51:51.589154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:57:55.595234 3.001489 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 01:58:02.602673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:58:10.604227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:58:26.606973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 01:58:58.613531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:05:02.619522 3.001687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 02:05:09.627022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:05:17.627963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:05:33.631185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:06:05.637401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:12:09.643774 3.040885 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 02:12:16.691023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:12:24.692281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:12:40.695588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:13:12.701473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:13:16.667589 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 02:13:16.667670 0.957506 tcp 10.0.2.109 57611 -> 70.113.215.93 3558 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:17:59.333388 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 02:17:59.333487 0.145731 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:17:59.479649 0.053401 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:17:59.533446 0.177215 udp 10.0.2.109 3683 <-> 81.130.11.16 5196 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:17:59.711042 0.052329 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:17:59.763819 0.063226 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:17:59.827408 0.152299 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:17:59.980127 0.066103 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:00.046618 0.156729 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:00.203693 0.063492 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:00.267617 0.046534 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:00.314506 0.192770 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:00.507704 0.183023 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:00.691134 0.190470 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:00.881991 0.153696 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:01.036100 0.071812 udp 10.0.2.109 3683 <-> 91.6.29.205 5333 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:01.108334 0.000000 udp 10.0.2.109 3683 -> 82.152.144.139 2641 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 02:18:19.023610 0.064504 tcp 10.0.2.109 57612 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:18:19.088416 0.062234 tcp 10.0.2.109 57613 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:18:19.151016 0.184166 tcp 10.0.2.109 57614 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:18:19.334282 0.044521 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:19.379135 0.050607 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:19.430183 0.163364 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:19.593946 0.150572 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:19.744926 0.054493 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:19.799782 0.175788 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:19.975923 0.159060 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:20.135399 0.397854 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:20.533725 0.052604 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:20.586766 0.247979 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:20.835154 0.052276 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:20.887819 0.347131 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:21.235287 0.096966 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:21.332645 0.047319 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:21.380368 0.149917 udp 10.0.2.109 3683 <-> 64.151.63.168 5883 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:21.530691 0.104241 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:21.635349 0.000000 udp 10.0.2.109 3683 -> 125.113.191.17 5674 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 02:18:40.513282 0.061331 tcp 10.0.2.109 57615 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:18:40.574913 0.062385 tcp 10.0.2.109 57616 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:18:40.637656 0.190636 tcp 10.0.2.109 57617 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:18:40.828867 0.244371 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:41.073636 0.448994 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:41.523067 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 02:18:57.668159 0.061427 tcp 10.0.2.109 57618 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:18:57.729819 0.061516 tcp 10.0.2.109 57619 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:18:57.791633 0.168428 tcp 10.0.2.109 57620 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:18:57.960445 0.184168 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:18:58.144978 0.367438 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:19:16.707265 3.001994 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 02:19:23.714605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:19:31.716070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:19:47.719205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:20:19.724990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:26:23.732083 3.001095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 02:26:30.739075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:26:38.739904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:26:54.742984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:27:26.749472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:33:30.755377 3.001722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 02:33:37.762818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:33:45.764528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:34:01.766979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:34:33.773438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:40:37.780015 3.000582 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 02:40:44.786280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:40:52.787826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:41:08.791453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:41:40.796832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:43:17.626502 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 02:43:17.626656 1.840051 tcp 10.0.2.109 57621 -> 70.113.215.93 3558 FSPA* 0 0 14 1501 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:47:44.804082 3.001001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 02:47:51.811004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:47:59.812023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:48:15.815032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:48:47.821370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:49:00.519588 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 02:49:00.519765 0.083983 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:49:00.604158 0.000000 udp 10.0.2.109 3683 -> 125.113.191.17 5674 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 02:49:17.064686 0.095232 tcp 10.0.2.109 57622 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:49:17.160197 0.061343 tcp 10.0.2.109 57623 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:49:17.221849 0.168698 tcp 10.0.2.109 57624 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:49:17.391188 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 02:49:34.158614 0.062566 tcp 10.0.2.109 57625 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:49:34.221483 0.062813 tcp 10.0.2.109 57626 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:49:34.284581 0.162870 tcp 10.0.2.109 57627 -> 195.113.214.211 443 SRPA* 0 0 51 42176 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:49:34.448236 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 02:49:49.600274 0.062234 tcp 10.0.2.109 57628 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:49:49.662857 0.062267 tcp 10.0.2.109 57629 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:49:49.725377 0.158214 tcp 10.0.2.109 57630 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:49:49.884063 0.146903 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:49:50.031325 0.059123 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:49:50.090794 0.055645 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:49:50.146850 0.058954 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:49:50.206265 0.000000 udp 10.0.2.109 3683 -> 81.130.11.16 5196 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 02:50:09.088448 0.062525 tcp 10.0.2.109 57631 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:50:09.151256 0.063021 tcp 10.0.2.109 57632 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:50:09.214631 0.165672 tcp 10.0.2.109 57633 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:50:09.380885 0.139839 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:09.521100 0.230566 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:09.752058 0.040133 udp 10.0.2.109 3683 <-> 84.130.217.10 8279 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:09.792593 0.161364 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:09.954600 0.156140 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:10.111161 0.064678 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:10.176254 0.185165 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:10.361757 0.225691 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:10.587791 0.000000 udp 10.0.2.109 3683 -> 91.6.29.205 5333 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 02:50:29.407854 0.060828 tcp 10.0.2.109 57634 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:50:29.468972 0.062151 tcp 10.0.2.109 57635 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:50:29.531414 0.159499 tcp 10.0.2.109 57636 -> 195.113.214.211 443 SRPA* 0 0 40 21824 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:50:29.689929 0.171254 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:29.861610 0.056420 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:29.918451 0.173782 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:30.092661 0.164765 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:30.257842 0.056218 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:30.314488 0.044421 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:30.359340 0.249319 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:30.609106 0.051259 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:30.660717 0.366722 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:31.027831 0.159449 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:31.187692 0.051527 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:31.239648 0.000000 udp 10.0.2.109 3683 -> 64.151.63.168 5883 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 02:50:48.084423 0.063957 tcp 10.0.2.109 57637 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:50:48.148678 0.060919 tcp 10.0.2.109 57638 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:50:48.209877 0.180532 tcp 10.0.2.109 57639 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/17 02:50:48.390906 0.091806 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:48.483115 0.321065 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:48.804566 0.041698 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:48.846670 0.097252 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:48.944277 0.289665 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:49.259472 0.463420 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:49.723302 0.191512 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:50:49.915205 0.361154 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/01/17 02:54:51.827230 3.001231 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 02:54:58.834809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:55:06.835944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:55:22.839440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 02:55:54.845300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:01:58.852045 3.000361 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 03:02:05.858428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:02:13.860055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:02:29.862957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:03:01.868893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:09:05.876058 3.000788 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 03:09:12.882717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:09:20.883863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:09:36.886897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:10:08.893111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:13:19.467717 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 03:13:19.467820 1.313224 tcp 10.0.2.109 57640 -> 70.113.215.93 3558 FSPA* 0 0 15 1584 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:16:12.899884 3.000632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 03:16:19.906375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:16:27.907704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:16:43.911043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:17:15.917295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:21:17.334813 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 03:21:17.334912 0.000000 udp 10.0.2.109 3683 -> 81.130.11.16 5196 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 03:21:32.768006 0.061056 tcp 10.0.2.109 57641 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:21:32.829362 0.068273 tcp 10.0.2.109 57642 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:21:32.897902 0.173828 tcp 10.0.2.109 57643 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:21:33.072257 0.048259 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:21:33.120877 0.000000 udp 10.0.2.109 3683 -> 91.6.29.205 5333 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 03:21:49.991382 0.060983 tcp 10.0.2.109 57644 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:21:50.052652 0.062586 tcp 10.0.2.109 57645 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:21:50.115544 0.166338 tcp 10.0.2.109 57646 -> 195.113.214.211 443 SRPA* 0 0 58 38616 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:21:50.283158 0.000000 udp 10.0.2.109 3683 -> 64.151.63.168 5883 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 03:22:07.236711 0.060935 tcp 10.0.2.109 57647 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:22:07.297883 0.061942 tcp 10.0.2.109 57648 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:22:07.360138 0.164789 tcp 10.0.2.109 57649 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:22:07.582408 0.110499 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:07.693333 0.151541 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:07.845270 0.047566 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:07.893236 0.064275 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:07.957870 0.059977 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:08.018286 0.143853 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:08.162523 0.187247 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:08.350226 0.000000 udp 10.0.2.109 3683 -> 84.130.217.10 8279 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 03:22:27.205487 0.060759 tcp 10.0.2.109 57650 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:22:27.266531 0.062222 tcp 10.0.2.109 57651 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:22:27.329110 0.154006 tcp 10.0.2.109 57652 -> 195.113.214.211 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:22:27.483647 0.155692 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:27.639772 0.106992 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:27.747225 0.160775 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:27.908450 0.188453 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:28.097323 0.137809 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:28.235568 0.145741 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:28.381688 0.055124 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:28.437221 0.176428 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:28.614192 0.250802 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:28.865390 0.056618 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:28.922473 0.415698 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:29.338585 0.044343 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:29.383321 0.163993 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:29.547790 0.056214 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:29.604377 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 03:22:48.535979 0.061849 tcp 10.0.2.109 57653 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:22:48.598123 0.063140 tcp 10.0.2.109 57654 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:22:48.661137 0.159605 tcp 10.0.2.109 57655 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:22:48.821353 0.052736 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:48.874448 0.315284 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:49.190165 0.044568 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:49.235147 0.096925 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:49.332471 0.103294 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:49.436150 0.216452 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:49.652997 0.307097 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:49.960457 0.561359 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:22:50.522205 0.347369 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:23:19.922520 3.001782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 03:23:26.930305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:23:34.931662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:23:50.935190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:24:22.941035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:30:26.947444 3.001293 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 03:30:33.954797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:30:41.955643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:30:57.959275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:31:29.964883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:37:33.970970 3.001799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 03:37:40.977997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:37:48.980052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:38:04.982687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:38:36.989198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:43:20.787547 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 03:43:20.787833 1.007296 tcp 10.0.2.109 57656 -> 70.113.215.93 3558 FSPA* 0 0 14 1622 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:44:40.995805 3.010822 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 03:44:48.012048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:44:56.014054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:45:12.016476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:45:44.022573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:51:48.029218 3.001370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 03:51:55.036037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:52:03.037688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:52:19.041022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:52:51.127146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:53:10.415324 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 03:53:10.415426 0.000000 udp 10.0.2.109 3683 -> 84.130.217.10 8279 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 03:53:26.088951 0.064763 tcp 10.0.2.109 57657 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:53:26.154035 0.065019 tcp 10.0.2.109 57658 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:53:26.219344 0.159454 tcp 10.0.2.109 57659 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:53:26.379025 0.170525 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:53:26.549955 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 03:53:44.704359 0.061877 tcp 10.0.2.109 57660 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:53:44.766476 0.065347 tcp 10.0.2.109 57661 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:53:44.832180 0.169706 tcp 10.0.2.109 57662 -> 195.113.214.211 443 SRPA* 0 0 50 32438 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:53:45.001088 0.064694 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:53:45.066353 0.060605 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:53:45.127456 0.000000 udp 10.0.2.109 3683 -> 82.152.144.139 2641 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 03:54:01.138494 0.061059 tcp 10.0.2.109 57663 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:54:01.199842 0.063398 tcp 10.0.2.109 57664 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:54:01.263532 0.158117 tcp 10.0.2.109 57665 -> 195.113.214.211 443 SRPA* 0 0 40 33942 flow=From-Botnet-V1-TCP-Established 1970/01/17 03:54:01.422436 0.154504 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:01.577363 0.044861 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:01.622548 0.144100 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:01.766985 0.813456 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:02.580782 0.154885 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:02.736030 0.056691 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:02.793084 0.165573 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:02.959006 0.284574 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:03.244003 0.055065 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:03.299451 0.175809 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:03.475688 0.413407 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:03.889529 0.050478 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:03.940383 0.131209 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:04.072036 0.190210 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:04.262691 0.052698 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:04.315767 0.375976 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:04.692077 0.044431 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:04.736896 0.163279 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:04.900544 0.052247 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:04.953232 0.346911 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:05.300595 0.042093 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:05.343095 0.096885 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:05.440409 0.090937 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:05.531675 0.191573 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:05.723653 0.465312 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:06.189413 0.506717 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:54:06.696533 0.358404 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/17 03:58:55.133650 3.000855 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 03:59:02.140113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:59:10.141704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:59:26.144936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 03:59:58.150792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:06:02.157280 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 04:06:09.164257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:06:17.166289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:06:33.168505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:07:05.175080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:13:09.181092 3.051854 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 04:13:16.238555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:13:21.847407 0.000197 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 04:13:21.847729 1.078009 tcp 10.0.2.109 57666 -> 70.113.215.93 3558 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/01/17 04:13:24.350087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:13:40.352710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:14:12.359216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:20:16.365563 3.001383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 04:20:23.372464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:20:31.373714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:20:47.377223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:21:19.383330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:24:23.247860 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 04:24:23.248022 0.046770 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:23.295215 0.084020 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:23.379664 0.159080 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:23.539144 0.064309 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:23.603866 0.059511 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:23.663743 0.146964 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:23.811151 0.052057 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:23.863581 0.139902 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:24.003901 0.063673 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:24.067899 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 04:24:42.036519 0.061545 tcp 10.0.2.109 57667 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 04:24:42.098319 0.062831 tcp 10.0.2.109 57668 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 04:24:42.161383 0.157622 tcp 10.0.2.109 57669 -> 195.113.214.211 443 SRPA* 0 0 43 23406 flow=From-Botnet-V1-TCP-Established 1970/01/17 04:24:42.317987 1.671246 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:43.989677 0.155098 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:44.145193 0.555179 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:44.700786 0.056138 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:44.757406 0.181879 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:44.939683 0.319683 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:45.259826 0.049838 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:45.310062 0.053009 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:45.363458 0.382883 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:45.746735 0.044334 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:45.791411 0.159190 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:45.950963 0.052961 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:46.004315 0.138565 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:46.143274 0.182754 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:46.326565 0.318950 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:46.645892 0.042367 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:46.688675 0.093145 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:46.782371 0.090853 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:46.873666 0.188188 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:47.062245 0.385717 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:47.448846 0.457916 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:24:47.907206 0.351480 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:27:23.389730 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 04:27:30.396151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:27:38.397730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:27:54.400846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:28:26.407353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:34:30.413179 3.001724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 04:34:37.420785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:34:45.421597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:35:01.424852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:35:33.431054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:41:37.438117 3.001205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 04:41:44.444360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:41:52.445526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:42:08.448749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:42:40.455093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:43:22.926598 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 04:43:22.926682 1.092876 tcp 10.0.2.109 57670 -> 70.113.215.93 3558 FSPA* 0 0 14 1655 flow=From-Botnet-V1-TCP-Established 1970/01/17 04:48:44.460922 3.001500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 04:48:51.468281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:48:59.469513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:49:15.472956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:49:47.479140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:55:17.954396 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 04:55:17.954498 0.155191 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.110086 0.078974 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.189408 0.160032 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.349890 0.060085 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.410337 0.061214 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.471997 0.149638 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.621995 0.049469 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.671856 0.142663 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.814920 0.054783 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.870272 0.062715 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:18.933399 0.663368 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:19.597268 0.056495 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:19.654206 0.176262 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:19.831000 0.158202 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:19.989574 0.144423 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:20.134433 0.304272 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:20.439076 0.051121 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:20.490595 0.052272 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:20.543267 0.402129 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:20.945751 0.040069 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:20.986209 0.164336 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:21.150922 0.066362 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:21.217688 0.130011 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:21.348037 0.190466 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:21.538909 0.321467 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:21.860740 0.041004 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:21.902171 0.098765 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:22.001310 0.090958 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:22.092673 0.463085 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:22.556164 0.188380 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:22.744923 0.245197 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:22.990540 0.363784 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 04:55:51.485409 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 04:55:58.492283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:56:06.493917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:56:22.496524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 04:56:54.503179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:02:58.509816 3.000380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 05:03:05.516132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:03:13.518004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:03:29.521053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:04:01.526505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:10:05.533825 3.000473 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 05:10:12.540379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:10:20.541504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:10:36.544568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:11:08.550895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:13:24.026008 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 05:13:24.026155 1.001142 tcp 10.0.2.109 57671 -> 70.113.215.93 3558 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:17:12.557471 3.001164 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 05:17:19.564077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:17:27.565492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:17:43.568909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:18:15.574546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:24:19.581371 3.001092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 05:24:26.588116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:24:34.590040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:24:50.592771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:25:22.598806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:25:51.811202 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 05:25:51.811450 0.170024 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:25:51.981883 0.084036 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:25:52.066341 0.176176 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:25:52.242956 0.055220 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:25:52.298587 0.059888 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:25:52.358880 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 05:26:08.747326 0.065194 tcp 10.0.2.109 57672 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:26:08.812813 0.063137 tcp 10.0.2.109 57673 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:26:08.876247 0.162283 tcp 10.0.2.109 57674 -> 195.113.214.211 443 SRPA* 0 0 42 22882 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:26:09.037587 0.049167 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:09.087154 0.142659 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:09.230260 0.056160 udp 10.0.2.109 3683 <-> 79.242.184.36 7041 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:09.286816 0.061661 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:09.348861 0.175824 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:09.525053 0.154064 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:09.679465 1.199889 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:10.879801 0.054966 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:10.935192 0.150576 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:11.086308 0.000000 udp 10.0.2.109 3683 -> 183.23.142.16 1354 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 05:26:27.862933 0.062089 tcp 10.0.2.109 57675 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:26:27.925204 0.061964 tcp 10.0.2.109 57676 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:26:27.987473 0.154027 tcp 10.0.2.109 57677 -> 195.113.214.211 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:26:28.141959 0.051953 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:28.194470 0.051988 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:28.246819 0.364515 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:28.611768 0.040132 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:28.652298 0.164885 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:28.817604 0.048627 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:28.866627 0.133410 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:29.000437 0.190289 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:29.191066 0.385388 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:29.576817 0.047076 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:29.624265 0.093186 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:29.717822 0.204179 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:29.922529 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 05:26:47.271140 0.066335 tcp 10.0.2.109 57678 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:26:47.337805 0.064483 tcp 10.0.2.109 57679 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:26:47.402606 0.162954 tcp 10.0.2.109 57680 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:26:47.566212 0.115129 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:47.681798 0.431401 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:26:48.113634 0.364173 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:31:26.605581 3.010478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 05:31:33.622244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:31:41.623583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:31:57.626823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:32:29.632653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:38:33.638676 3.001798 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 05:38:40.645950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:38:48.647803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:39:04.650720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:39:36.656964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:43:25.035962 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 05:43:25.036169 0.981283 tcp 10.0.2.109 57681 -> 70.113.215.93 3558 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:45:40.663034 3.001116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 05:45:47.669742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:45:55.671563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:46:11.674267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:46:43.680660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:52:47.687258 3.000693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 05:52:54.694123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:53:02.695686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:53:18.698425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:53:50.704755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 05:57:07.737913 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 05:57:07.738095 0.201628 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:07.940138 0.315318 udp 10.0.2.109 3683 <-> 183.23.142.16 1354 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:08.255853 0.308345 udp 10.0.2.109 3683 <-> 113.105.8.141 3137 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:08.564516 0.244725 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:08.809645 0.059556 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:08.869644 0.211743 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:09.081781 0.082670 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:09.164825 0.065406 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:09.230655 0.060773 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:09.291779 0.143289 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:09.435482 0.160938 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:09.596786 0.055287 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:09.652479 0.179945 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:09.832840 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 05:57:27.919229 0.064010 tcp 10.0.2.109 57682 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:57:27.983477 0.062071 tcp 10.0.2.109 57683 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:57:28.045844 0.137419 tcp 10.0.2.109 57684 -> 195.113.214.211 443 SRPA* 0 0 55 45914 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:57:28.183824 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 05:57:46.323892 0.062828 tcp 10.0.2.109 57685 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:57:46.387029 0.064718 tcp 10.0.2.109 57686 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:57:46.451926 0.156368 tcp 10.0.2.109 57687 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:57:46.609010 0.186477 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:46.795876 0.160214 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:46.956533 0.039997 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:46.997010 0.166334 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:47.163691 0.047824 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:47.211947 0.140321 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:47.352671 0.050984 udp 10.0.2.109 3683 <-> 109.155.245.237 4764 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:47.404073 0.050932 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:47.455394 0.377301 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:57:47.833125 0.000000 udp 10.0.2.109 3683 -> 87.153.127.7 4545 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 05:58:06.182734 0.061776 tcp 10.0.2.109 57688 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:58:06.244818 0.062078 tcp 10.0.2.109 57689 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:58:06.307209 0.168002 tcp 10.0.2.109 57690 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/17 05:58:06.475463 0.097267 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:58:06.573069 0.194240 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:58:06.767707 0.184777 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:58:06.952821 0.312987 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:58:07.266398 0.103132 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:58:07.369961 0.453016 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:58:07.823351 0.398058 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/17 05:59:54.710479 3.001574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 06:00:01.717662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:00:14.348336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:00:30.128393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:00:59.851856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:07:03.857288 3.002184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 06:07:10.865361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:07:18.866400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:07:34.869813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:08:06.875739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:13:28.137963 0.022016 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 06:13:28.160134 1.020779 tcp 10.0.2.109 57691 -> 70.113.215.93 3558 FSPA* 0 0 14 1576 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:14:16.890533 3.001108 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 06:14:23.897651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:14:31.899042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:14:47.901833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:15:19.907946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:21:23.914934 3.000812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 06:21:30.921267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:21:38.922978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:21:54.925834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:22:26.932088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:28:27.961944 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 06:28:27.962094 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 06:28:30.938198 3.001727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 06:28:37.945765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:28:45.598838 0.063623 tcp 10.0.2.109 57692 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:28:45.662288 0.061213 tcp 10.0.2.109 57693 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:28:45.723822 0.157924 tcp 10.0.2.109 57694 -> 195.113.214.211 443 SRPA* 0 0 41 22594 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:28:45.881984 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 06:28:45.947235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:29:01.950507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:29:02.221054 0.061290 tcp 10.0.2.109 57695 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:02.282191 0.065071 tcp 10.0.2.109 57696 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:02.347586 0.352138 tcp 10.0.2.109 57697 -> 195.113.214.211 443 SRPA* 0 0 42 29588 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:02.711542 0.049907 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:02.761858 0.199016 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:02.961225 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 06:29:18.123690 0.077676 tcp 10.0.2.109 57698 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:18.201662 0.062549 tcp 10.0.2.109 57699 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:18.264477 0.262587 tcp 10.0.2.109 57700 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:18.527683 0.234311 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:18.762528 0.000000 udp 10.0.2.109 3683 -> 183.23.142.16 1354 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 06:29:33.955946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:29:35.619296 0.063764 tcp 10.0.2.109 57701 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:35.683395 0.063519 tcp 10.0.2.109 57702 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:35.747201 0.159570 tcp 10.0.2.109 57703 -> 195.113.214.211 443 SRPA* 0 0 60 42670 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:35.906575 0.063693 udp 10.0.2.109 3683 <-> 109.157.121.65 7375 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:35.970630 0.081351 udp 10.0.2.109 3683 <-> 82.152.144.139 2641 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:36.052375 0.155906 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:36.208699 0.052857 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:36.261960 0.179008 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:36.441313 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 06:29:52.523413 0.061880 tcp 10.0.2.109 57704 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:52.585150 0.063971 tcp 10.0.2.109 57705 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:52.649431 0.155280 tcp 10.0.2.109 57706 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:29:52.805045 0.059469 udp 10.0.2.109 3683 <-> 31.54.36.117 1084 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:52.864909 0.059283 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:52.924593 0.145219 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:53.070391 0.040193 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:53.110945 0.149797 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:53.261216 0.187504 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:29:53.449138 0.000000 udp 10.0.2.109 3683 -> 109.155.245.237 4764 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 06:30:12.041893 0.062427 tcp 10.0.2.109 57707 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:30:12.104601 0.065455 tcp 10.0.2.109 57708 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:30:12.169914 0.164852 tcp 10.0.2.109 57709 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:30:12.333483 0.050994 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:12.384932 0.000000 udp 10.0.2.109 3683 -> 210.217.156.13 9328 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 06:30:30.998583 0.065519 tcp 10.0.2.109 57710 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:30:31.064405 0.061881 tcp 10.0.2.109 57711 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:30:31.126574 0.165141 tcp 10.0.2.109 57712 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:30:31.291929 0.166380 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:31.458768 0.047494 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:31.506668 0.136996 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:31.654824 0.093201 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:31.748386 0.187700 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:31.936461 0.189997 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:32.126830 0.438894 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:32.566109 0.404395 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:32.970931 0.115580 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:30:33.086885 0.356281 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/17 06:35:37.963008 3.000610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 06:35:44.969202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:35:52.971127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:36:08.973966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:36:40.979903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:42:44.986320 3.001370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 06:42:51.993193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:42:59.995242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:43:15.997924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:43:29.187346 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 06:43:29.187455 1.052413 tcp 10.0.2.109 57713 -> 70.113.215.93 3558 FSPA* 0 0 14 1610 flow=From-Botnet-V1-TCP-Established 1970/01/17 06:43:48.003727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:49:52.011181 3.020786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 06:49:59.037546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:50:07.039441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:50:23.041913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:50:55.048159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:56:59.053692 3.002130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 06:57:06.061349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:57:14.063220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:57:30.066020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 06:58:02.072021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:00:41.501251 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:00:41.501373 0.000000 udp 10.0.2.109 3683 -> 183.23.142.16 1354 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:00:57.937358 0.066522 tcp 10.0.2.109 57714 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:00:58.004111 0.062854 tcp 10.0.2.109 57715 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:00:58.067304 0.175373 tcp 10.0.2.109 57716 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:00:58.243542 0.000000 udp 10.0.2.109 3683 -> 113.105.8.141 3137 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:01:14.059001 0.062410 tcp 10.0.2.109 57717 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:01:14.121703 0.066862 tcp 10.0.2.109 57718 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:01:14.188838 0.158628 tcp 10.0.2.109 57719 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:01:14.347956 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:01:31.032915 0.062511 tcp 10.0.2.109 57720 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:01:31.095655 0.064953 tcp 10.0.2.109 57721 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:01:31.160453 0.167880 tcp 10.0.2.109 57722 -> 195.113.214.211 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:01:31.328880 0.000000 udp 10.0.2.109 3683 -> 210.217.156.13 9328 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:01:49.159018 0.093911 tcp 10.0.2.109 57723 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:01:49.253204 0.063538 tcp 10.0.2.109 57724 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:01:49.316710 0.180577 tcp 10.0.2.109 57725 -> 195.113.214.211 443 SRPA* 0 0 51 32714 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:01:49.497914 0.000000 udp 10.0.2.109 3683 -> 109.155.245.237 4764 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:02:04.591525 0.085648 tcp 10.0.2.109 57726 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:04.677532 0.068457 tcp 10.0.2.109 57727 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:04.746430 0.176666 tcp 10.0.2.109 57728 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:04.923410 0.198917 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:05.122718 0.040243 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:05.163423 0.255439 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:05.419298 0.000000 udp 10.0.2.109 3683 -> 109.157.121.65 7375 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:02:22.186444 0.065904 tcp 10.0.2.109 57729 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:22.252644 0.063213 tcp 10.0.2.109 57730 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:22.316112 0.156997 tcp 10.0.2.109 57731 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:22.473610 0.000000 udp 10.0.2.109 3683 -> 82.152.144.139 2641 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:02:40.282367 0.062380 tcp 10.0.2.109 57732 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:40.344633 0.062262 tcp 10.0.2.109 57733 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:40.407240 0.158263 tcp 10.0.2.109 57734 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:40.566001 0.151479 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:40.717900 0.176071 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:40.894423 0.049367 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:40.944206 0.143701 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:41.088323 0.000000 udp 10.0.2.109 3683 -> 31.54.36.117 1084 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:02:58.318820 0.063727 tcp 10.0.2.109 57735 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:58.382839 0.061925 tcp 10.0.2.109 57736 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:58.445048 0.155268 tcp 10.0.2.109 57737 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:02:58.601028 0.058791 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:58.660261 0.148678 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:58.809337 0.044460 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:58.854332 0.202860 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:59.057603 0.050392 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:59.108352 0.164594 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:59.273347 0.046836 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:59.320581 0.182563 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:59.503554 0.097287 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:59.601258 0.190845 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:02:59.792579 0.347041 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:03:00.139993 0.090870 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:03:00.231213 0.183244 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:03:00.414891 0.556806 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:03:00.972089 0.354977 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:04:06.078506 3.001132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 07:04:13.085203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:04:21.086899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:04:37.090024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:05:09.095954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:11:13.102642 3.010697 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 07:11:20.119563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:11:28.121180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:11:44.123643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:12:16.129719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:13:30.247434 0.000208 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:13:30.247736 1.063606 tcp 10.0.2.109 57738 -> 70.113.215.93 3558 FSPA* 0 0 14 1725 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:18:20.136704 3.000977 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 07:18:27.143776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:18:35.144887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:18:51.147793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:19:23.153788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:25:27.160733 3.000688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 07:25:34.167544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:25:42.169042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:25:58.171682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:26:30.178027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:32:34.183577 3.001779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 07:32:41.191206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:32:49.192816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:33:05.195803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:33:13.898520 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:33:13.898622 0.000000 udp 10.0.2.109 3683 -> 109.157.121.65 7375 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:33:31.656155 0.063163 tcp 10.0.2.109 57739 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:33:31.719600 0.065843 tcp 10.0.2.109 57740 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:33:31.785786 0.162616 tcp 10.0.2.109 57741 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:33:31.949034 0.000000 udp 10.0.2.109 3683 -> 82.152.144.139 2641 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:33:37.201543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:33:50.241130 0.061853 tcp 10.0.2.109 57742 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:33:50.303263 0.070109 tcp 10.0.2.109 57743 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:33:50.373694 0.158403 tcp 10.0.2.109 57744 -> 195.113.214.211 443 SRPA* 0 0 38 23854 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:33:50.532738 0.000000 udp 10.0.2.109 3683 -> 31.54.36.117 1084 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:34:07.926664 0.066600 tcp 10.0.2.109 57745 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:34:07.993485 0.063198 tcp 10.0.2.109 57746 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:34:08.056534 0.156215 tcp 10.0.2.109 57747 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:34:08.213300 4.603761 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 4 1080 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:08.391411 4.475078 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 4 1136 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:08.438460 4.589007 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1228 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:08.601878 4.572461 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 4 1287 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:08.746460 4.589604 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 4 1011 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:08.901877 4.610870 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1117 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:09.077779 4.819857 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1075 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:09.132368 4.442446 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 4 1029 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:09.195090 4.620187 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 4 1046 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:09.348936 4.507320 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 4 1079 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:09.389405 4.508643 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 3 634 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:10.272618 4.735129 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 4 1159 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:10.323550 4.853742 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 4 1065 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:10.502425 4.724074 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1161 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:10.550786 4.812804 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1309 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:10.688421 4.772807 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 4 1275 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:10.788053 4.870777 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 4 1044 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:10.986047 0.196980 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:11.183471 4.984624 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 4 1162 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:11.669040 4.849251 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1225 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:12.022724 0.107643 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:12.130785 4.925906 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 4 1283 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:14.952976 0.000000 udp 10.0.2.109 3683 <- 116.58.61.124 1206 RSP 0 0 1 540 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:34:16.518762 0.178381 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 800 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:17.057191 0.103594 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:34:17.171354 0.000000 udp 10.0.2.109 3683 -> 87.19.251.56 6489 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:34:25.390952 0.000000 udp 10.0.2.109 3683 -> 80.133.141.24 5564 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:34:33.433130 0.000000 udp 10.0.2.109 3683 -> 50.75.168.171 3660 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:34:41.393980 0.000000 udp 10.0.2.109 3683 -> 81.174.5.43 5410 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:34:49.626589 0.000000 udp 10.0.2.109 3683 -> 66.208.243.101 3463 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:34:54.332580 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:34:55.013803 0.000000 udp 10.0.2.109 3683 -> 31.54.36.117 1084 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:35:03.596329 0.000000 udp 10.0.2.109 3683 -> 176.221.166.164 3056 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:35:12.078245 0.000000 udp 10.0.2.109 3683 -> 79.179.119.96 6445 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:35:19.939992 0.000000 udp 10.0.2.109 3683 -> 77.183.13.60 3056 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:35:28.571823 0.000000 udp 10.0.2.109 3683 -> 173.209.148.186 8105 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:35:34.290395 0.000000 udp 10.0.2.109 3683 -> 108.184.193.223 4491 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:35:38.836901 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:35:39.397916 0.000000 udp 10.0.2.109 3683 -> 79.38.30.118 7292 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:35:46.247233 0.000000 udp 10.0.2.109 3683 -> 88.250.181.240 6427 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:35:54.839756 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:36:00.057499 0.000000 udp 10.0.2.109 3683 -> 195.50.180.62 4590 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:36:05.945985 0.000000 udp 10.0.2.109 3683 -> 88.234.146.204 2454 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:36:13.757372 0.000000 udp 10.0.2.109 3683 -> 50.20.182.29 3684 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:36:19.895830 0.000000 udp 10.0.2.109 3683 -> 90.33.248.201 2886 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:36:24.832870 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:36:25.423684 0.000000 udp 10.0.2.109 3683 -> 5.65.154.116 1639 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:36:31.131732 0.000000 udp 10.0.2.109 3683 -> 70.184.180.3 6988 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:36:37.761389 0.000000 udp 10.0.2.109 3683 -> 100.40.68.228 7805 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:36:45.923311 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:36:52.643270 0.000000 udp 10.0.2.109 3683 -> 84.148.214.167 3430 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:37:00.163714 0.000000 udp 10.0.2.109 3683 -> 62.38.192.120 3845 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:37:07.364544 0.000000 udp 10.0.2.109 3683 -> 223.205.185.194 4018 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:37:12.331421 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:37:15.135293 0.000000 udp 10.0.2.109 3683 -> 23.24.76.117 3168 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:37:20.583331 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:37:27.092484 0.058177 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 663 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:37:27.161224 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:37:36.135405 0.000000 udp 10.0.2.109 3683 -> 207.210.61.76 7656 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:37:42.003640 0.000000 udp 10.0.2.109 3683 -> 108.48.75.237 8247 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:37:50.195952 0.000000 udp 10.0.2.109 3683 -> 87.25.244.75 4668 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:37:58.718162 0.000000 udp 10.0.2.109 3683 -> 91.39.84.106 9714 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:38:03.334608 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:38:06.569475 0.000000 udp 10.0.2.109 3683 -> 87.24.2.194 4081 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:38:14.991476 0.000000 udp 10.0.2.109 3683 -> 88.236.211.97 6598 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:38:20.008713 0.000000 udp 10.0.2.109 3683 -> 80.183.90.254 3890 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:38:26.378079 0.000000 udp 10.0.2.109 3683 -> 90.221.107.235 4980 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:38:33.067409 0.000000 udp 10.0.2.109 3683 -> 212.253.12.244 3439 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:38:38.995817 0.000000 udp 10.0.2.109 3683 -> 213.149.207.210 4941 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:38:47.177789 0.000000 udp 10.0.2.109 3683 -> 2.232.12.79 3460 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:38:51.834570 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:38:53.907745 0.000000 udp 10.0.2.109 3683 -> 81.74.145.38 7067 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:39:02.119638 0.000000 udp 10.0.2.109 3683 -> 176.25.234.148 5180 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:39:08.308313 0.000000 udp 10.0.2.109 3683 -> 2.217.155.118 7107 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:39:16.649900 0.000000 udp 10.0.2.109 3683 -> 72.91.101.230 8778 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:39:22.168061 0.000000 udp 10.0.2.109 3683 -> 217.92.79.27 8842 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:39:27.776305 0.000000 udp 10.0.2.109 3683 -> 203.117.128.214 4686 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:39:35.987757 0.000000 udp 10.0.2.109 3683 -> 188.2.93.192 8903 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:39:40.834393 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:39:41.358630 3.001140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 07:39:44.670703 0.000000 udp 10.0.2.109 3683 -> 173.162.234.250 3763 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:39:48.365480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:39:51.159564 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:39:56.377180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:39:56.757845 0.000000 udp 10.0.2.109 3683 -> 173.217.224.134 5177 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:40:03.727921 0.000000 udp 10.0.2.109 3683 -> 68.15.223.145 3051 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:40:11.188200 0.030326 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 736 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:40:11.243634 0.000000 udp 10.0.2.109 3683 -> 83.27.180.239 8949 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:40:12.380072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:40:20.111571 0.000000 udp 10.0.2.109 3683 -> 71.238.192.166 9053 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:40:26.030009 0.371609 udp 10.0.2.109 3683 -> 122.224.119.123 3535 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:40:26.401618 0.000000 icmp 122.224.119.123 0x0303 -> 10.0.2.109 0xcf0d URP 192 1 264 flow=Background 1970/01/17 07:40:30.836850 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:40:33.129829 0.000000 udp 10.0.2.109 3683 -> 174.119.58.128 2049 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:40:41.102004 0.000000 udp 10.0.2.109 3683 -> 94.85.203.138 5231 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:40:44.385760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:40:46.809669 0.000000 udp 10.0.2.109 3683 -> 2.37.139.47 8104 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:40:53.989705 0.000000 udp 10.0.2.109 3683 -> 79.15.14.142 1661 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:41:00.499348 0.000000 udp 10.0.2.109 3683 -> 75.137.157.96 8807 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:41:07.669796 0.000000 udp 10.0.2.109 3683 -> 66.180.248.3 7258 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:41:15.601361 0.127763 udp 10.0.2.109 3683 -> 46.198.124.22 7191 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:41:15.729124 0.000000 icmp 46.198.124.22 0x0303 -> 10.0.2.109 0x171c URP 192 1 174 flow=Background 1970/01/17 07:41:20.327928 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:41:20.828609 0.000000 udp 10.0.2.109 3683 -> 78.184.232.223 6877 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:41:29.080508 0.000000 udp 10.0.2.109 3683 -> 209.31.119.130 4843 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:41:36.701514 0.000000 udp 10.0.2.109 3683 -> 82.15.193.127 2579 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:41:44.001959 0.000000 udp 10.0.2.109 3683 -> 79.33.143.78 1133 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:41:50.601517 0.000000 udp 10.0.2.109 3683 -> 71.238.52.199 6289 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:41:57.040357 0.000000 udp 10.0.2.109 3683 -> 86.98.88.184 4997 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:42:02.678651 0.000000 udp 10.0.2.109 3683 -> 80.229.237.59 7222 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:42:07.335566 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:42:07.706009 0.000000 udp 10.0.2.109 3683 -> 75.149.248.142 9940 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:42:15.867819 0.000000 udp 10.0.2.109 3683 -> 182.71.183.58 1125 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:42:24.379934 0.000000 udp 10.0.2.109 3683 -> 110.77.210.231 2385 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:42:32.831861 0.000000 udp 10.0.2.109 3683 -> 174.7.230.65 5764 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:42:38.670618 0.000000 udp 10.0.2.109 3683 -> 72.27.64.230 4548 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:42:47.563498 0.600856 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:42:48.164354 0.000000 icmp 64.79.228.174 0x0303 -> 10.0.2.109 0xed26 URP 192 1 151 flow=Background 1970/01/17 07:42:52.329704 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:42:52.750980 0.000000 udp 10.0.2.109 3683 -> 115.95.236.59 3030 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:42:58.588841 0.000000 udp 10.0.2.109 3683 -> 79.46.23.232 6466 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:43:05.759737 0.000000 udp 10.0.2.109 3683 -> 99.137.230.116 3975 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:43:13.090027 0.000000 udp 10.0.2.109 3683 -> 190.37.232.246 5580 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:43:19.228977 0.000000 udp 10.0.2.109 3683 -> 79.5.150.126 9996 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:43:24.737054 0.000000 udp 10.0.2.109 3683 -> 92.232.219.88 1712 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:43:31.055987 0.142229 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 801 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:43:31.514787 1.066334 tcp 10.0.2.109 57748 -> 70.113.215.93 3558 FSPA* 0 0 14 1631 flow=From-Botnet-V1-TCP-Established 1970/01/17 07:43:31.515018 0.000000 udp 10.0.2.109 3683 -> 80.20.201.225 7208 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:43:38.156246 0.000000 udp 10.0.2.109 3683 -> 121.215.4.23 2946 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:43:46.217958 0.000000 udp 10.0.2.109 3683 -> 95.227.166.142 9293 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:43:54.939957 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 2600 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:44:01.950594 0.000000 udp 10.0.2.109 3683 -> 70.184.106.29 6298 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:44:10.913425 0.000000 udp 10.0.2.109 3683 -> 208.90.195.170 7614 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:44:15.940568 0.000000 udp 10.0.2.109 3683 -> 208.104.146.97 4149 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:44:20.836836 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:44:24.382342 0.000000 udp 10.0.2.109 3683 -> 2.96.133.170 2279 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:44:31.803048 0.000000 udp 10.0.2.109 3683 -> 87.245.120.179 7596 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:44:40.455812 0.000000 udp 10.0.2.109 3683 -> 72.44.168.154 3269 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:44:47.104935 0.000000 udp 10.0.2.109 3683 -> 1.179.156.26 6129 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:44:54.105240 0.000000 udp 10.0.2.109 3683 -> 173.85.117.192 6415 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:45:01.625988 0.000000 udp 10.0.2.109 3683 -> 85.179.203.108 6402 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:45:06.332665 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:45:07.053932 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:45:13.522903 0.145847 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 660 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:45:13.688352 0.057183 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:45:13.779601 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:45:19.651874 0.000000 udp 10.0.2.109 3683 -> 88.68.210.218 3072 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:45:26.932314 0.000000 udp 10.0.2.109 3683 -> 92.74.156.242 2336 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:45:34.753608 0.000000 udp 10.0.2.109 3683 -> 62.219.143.195 9366 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:45:42.494753 0.000000 udp 10.0.2.109 3683 -> 89.182.9.113 3565 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:45:47.591895 0.000000 udp 10.0.2.109 3683 -> 78.131.6.92 8776 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:45:52.328604 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:45:54.572358 0.000000 udp 10.0.2.109 3683 -> 79.48.206.60 3420 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:46:02.012637 0.000000 udp 10.0.2.109 3683 -> 101.108.195.175 3866 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:46:10.334957 0.000000 udp 10.0.2.109 3683 -> 217.19.148.78 5747 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:46:19.027470 0.000000 udp 10.0.2.109 3683 -> 95.227.147.49 3412 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:46:24.966265 0.000000 udp 10.0.2.109 3683 -> 178.214.89.184 7318 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:46:30.273453 0.000000 udp 10.0.2.109 3683 -> 203.15.121.61 2078 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:46:38.715834 0.000000 udp 10.0.2.109 3683 -> 151.26.137.7 4483 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:46:43.331922 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:46:44.394201 0.000000 udp 10.0.2.109 3683 -> 59.167.25.129 9713 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:46:48.392809 3.000630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 07:46:52.955887 0.000000 udp 10.0.2.109 3683 -> 175.143.30.243 3228 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:46:55.399624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:46:58.593935 0.000000 udp 10.0.2.109 3683 -> 85.141.34.186 2951 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:47:03.441194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:47:07.376888 0.000000 udp 10.0.2.109 3683 -> 85.124.198.201 8825 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:47:13.796446 0.000000 udp 10.0.2.109 3683 -> 87.25.157.60 8256 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:47:19.444061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:47:22.488869 0.000000 udp 10.0.2.109 3683 -> 2.50.4.76 6505 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:47:29.748913 0.000000 udp 10.0.2.109 3683 -> 2.85.7.32 2179 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:47:34.375485 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:47:35.858003 0.000000 udp 10.0.2.109 3683 -> 46.49.42.199 9748 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:47:42.326936 0.000000 udp 10.0.2.109 3683 -> 64.253.147.122 2113 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:47:50.098103 0.042325 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:47:50.395575 0.000000 udp 10.0.2.109 3683 -> 81.133.41.103 2346 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:47:51.450355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:47:57.638847 0.000000 udp 10.0.2.109 3683 -> 209.42.56.203 6601 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:48:06.101547 0.000000 udp 10.0.2.109 3683 -> 79.9.245.190 4739 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:48:13.231908 0.055150 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 747 flow=From-Botnet-V1-UDP-Established 1970/01/17 07:48:13.359800 0.000000 udp 10.0.2.109 3683 -> 188.153.90.39 1378 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:48:19.300522 0.000000 udp 10.0.2.109 3683 -> 2.126.125.112 9732 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:48:23.876892 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 07:48:26.831132 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 07:53:55.456859 3.010938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 07:54:02.473697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:54:10.474840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:54:26.477868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 07:54:58.484098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:01:02.489896 3.001769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 08:01:09.497716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:01:17.498629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:01:33.502242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:02:05.507691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:08:09.514966 3.000380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 08:08:16.521581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:08:24.523378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:08:40.525975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:09:12.532379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:13:32.626243 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 08:13:32.626434 1.119893 tcp 10.0.2.109 57749 -> 70.113.215.93 3558 FSPA* 0 0 14 1541 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:15:16.537531 3.001884 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 08:15:23.545257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:15:31.547259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:15:47.550283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:16:19.555925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:18:46.807974 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 08:18:46.808055 0.160802 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:46.969243 0.181975 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:47.151637 0.047519 udp 10.0.2.109 3683 <-> 87.153.127.7 4545 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:47.199582 0.145112 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:47.345109 0.153696 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:47.499252 0.179362 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:47.679111 0.058583 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:47.738042 0.150797 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:47.889276 0.040089 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:47.929693 0.054216 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:47.984322 0.050543 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:48.035204 0.796954 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:48.832577 0.048071 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:48.881054 0.137331 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:49.018855 0.097203 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:49.116496 0.178335 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:49.295253 0.173467 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:49.469077 0.353796 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:49.823303 0.485456 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:50.309152 0.363728 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:50.673351 0.184986 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:50.858706 0.090981 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:18:50.950177 0.000000 udp 10.0.2.109 3683 -> 86.152.213.101 7785 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 08:19:09.101687 0.055076 tcp 10.0.2.109 57750 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:19:09.157050 0.056589 tcp 10.0.2.109 57751 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:19:09.214020 0.147471 tcp 10.0.2.109 57752 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:19:09.361994 0.029582 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:19:09.391967 0.136263 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:19:09.528649 0.142777 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:19:09.671811 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 08:19:27.196055 0.052322 tcp 10.0.2.109 57753 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:19:27.248670 0.053914 tcp 10.0.2.109 57754 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:19:27.302846 0.153600 tcp 10.0.2.109 57755 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:19:27.457026 0.046602 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:19:27.503992 0.055169 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:22:23.562402 3.001629 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 08:22:30.569339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:22:38.570943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:22:54.574021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:23:26.579583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:29:30.585974 3.001910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 08:29:37.593047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:29:45.594842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:30:01.598110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:30:33.603787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:36:37.610424 3.001002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 08:36:44.617463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:36:52.619078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:37:08.621749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:37:40.627783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:43:33.745896 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 08:43:33.746008 1.068858 tcp 10.0.2.109 57756 -> 70.113.215.93 3558 FSPA* 0 0 14 1617 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:43:44.634389 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 08:43:51.641631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:43:59.643066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:44:15.645753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:44:47.651632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:49:27.864759 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 08:49:27.864957 0.000000 udp 10.0.2.109 3683 -> 86.152.213.101 7785 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 08:49:45.983171 0.053368 tcp 10.0.2.109 57757 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:49:46.036380 0.053689 tcp 10.0.2.109 57758 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:49:46.090375 0.153479 tcp 10.0.2.109 57759 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:49:46.244574 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 08:50:02.004196 0.053299 tcp 10.0.2.109 57760 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:50:02.057798 0.054876 tcp 10.0.2.109 57761 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:50:02.112965 0.325990 tcp 10.0.2.109 57762 -> 195.113.214.211 443 SRPA* 0 0 74 78478 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:50:02.439459 0.145164 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:02.585040 0.155374 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:02.740821 0.175508 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:02.916718 0.062586 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:02.979666 0.000000 udp 10.0.2.109 3683 -> 87.153.127.7 4545 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 08:50:19.739666 0.052662 tcp 10.0.2.109 57763 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:50:19.792625 0.053295 tcp 10.0.2.109 57764 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:50:19.846250 0.225553 tcp 10.0.2.109 57765 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:50:20.071708 0.179785 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:20.251919 0.161395 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:20.413685 0.055838 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:20.469953 0.044704 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:20.515057 0.000000 udp 10.0.2.109 3683 -> 116.58.61.124 1206 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 08:50:37.075064 0.053077 tcp 10.0.2.109 57766 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:50:37.128418 0.053012 tcp 10.0.2.109 57767 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:50:37.181751 0.149453 tcp 10.0.2.109 57768 -> 195.113.214.211 443 SRPA* 0 0 50 41828 flow=From-Botnet-V1-TCP-Established 1970/01/17 08:50:37.331838 0.047895 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:37.380135 0.151567 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:37.532047 0.050703 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:37.583137 0.336258 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:37.919755 0.137517 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:38.057671 0.097272 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:38.155321 0.192283 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:38.347946 0.165538 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:38.513829 0.473569 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:38.987831 0.324110 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:39.312381 0.186246 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:39.499039 0.091710 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:39.591134 0.141421 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:39.732959 0.030124 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:39.763487 0.145619 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:39.909507 0.039641 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:39.949501 0.056397 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/17 08:50:51.728685 3.001189 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 08:50:58.735291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:51:06.737191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:51:22.739635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:51:54.745817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:57:58.752162 3.001192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 08:58:05.758947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:58:13.760970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:58:29.763452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 08:59:01.769522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:05:05.776260 3.000916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 09:05:12.783046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:05:20.784934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:05:36.787599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:06:08.794085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:12:12.800150 3.051294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 09:12:19.857306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:12:27.859016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:12:43.861694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:13:15.868550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:13:34.905869 0.000204 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 09:13:34.906216 1.142827 tcp 10.0.2.109 57769 -> 70.113.215.93 3558 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:19:19.873717 3.051879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 09:19:26.931509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:19:34.932637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:19:50.936040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:20:22.942249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:20:41.548792 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 09:20:41.548928 0.000000 udp 10.0.2.109 3683 -> 87.153.127.7 4545 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 09:20:59.587249 0.053523 tcp 10.0.2.109 57770 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:20:59.641144 0.079331 tcp 10.0.2.109 57771 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:20:59.720773 0.148700 tcp 10.0.2.109 57772 -> 195.113.214.211 443 SRPA* 0 0 25 14710 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:20:59.870006 0.000000 udp 10.0.2.109 3683 -> 116.58.61.124 1206 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 09:21:18.212090 0.053431 tcp 10.0.2.109 57773 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:21:18.265814 0.054099 tcp 10.0.2.109 57774 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:21:18.320199 0.150998 tcp 10.0.2.109 57775 -> 195.113.214.211 443 SRPA* 0 0 50 31084 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:21:18.472210 0.174882 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:18.647498 0.153527 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:18.801443 0.141002 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:18.942890 0.060932 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:19.004211 0.073253 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:19.077893 0.175685 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:19.254002 0.160661 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:19.415020 0.056332 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:19.471782 0.047714 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:19.519853 0.258905 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:19.779170 0.050312 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:19.829844 0.365417 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:20.195673 0.190621 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:20.386728 0.172329 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:20.559436 0.216685 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:20.776515 0.101353 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:20.878291 0.480549 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:21.359197 0.351629 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:21.711186 0.190621 udp 10.0.2.109 3683 <-> 172.6.250.142 9694 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:21.902250 0.103316 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:22.005974 0.138650 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:22.145057 0.030631 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:22.176113 0.140881 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:22.317425 0.046786 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:21:22.364545 0.055693 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:26:26.948422 3.001048 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 09:26:33.955477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:26:41.956856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:26:57.959499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:27:29.965998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:33:33.972810 3.000799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 09:33:40.978907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:33:48.980732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:34:04.983779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:34:36.989951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:40:40.995672 3.001708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 09:40:48.002880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:40:56.004864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:41:12.007868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:41:44.014070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:43:36.065134 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 09:43:36.065244 0.958666 tcp 10.0.2.109 57776 -> 70.113.215.93 3558 FSPA* 0 0 14 1498 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:47:48.021026 3.060913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 09:47:55.087616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:48:03.088557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:48:19.091831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:48:51.097672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:51:24.798848 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 09:51:24.798955 0.145574 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:24.944968 0.175691 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:25.121067 0.156183 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:25.277618 0.060003 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:25.337986 0.040263 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:25.378656 0.179857 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:25.558937 0.165475 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:25.724822 0.054257 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:25.779452 0.048078 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:25.827942 0.150330 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:25.978630 0.051557 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:26.030600 0.378038 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:26.408997 0.000000 udp 10.0.2.109 3683 -> 123.237.23.0 1902 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 09:51:45.220102 0.053161 tcp 10.0.2.109 57777 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:51:45.273609 0.053448 tcp 10.0.2.109 57778 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:51:45.327344 0.152462 tcp 10.0.2.109 57779 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:51:45.480430 0.177328 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:45.658177 0.621459 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:51:46.280065 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 09:52:03.334600 0.059885 tcp 10.0.2.109 57780 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:52:03.394784 0.060385 tcp 10.0.2.109 57781 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:52:03.455446 0.158832 tcp 10.0.2.109 57782 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:52:03.614878 0.000000 udp 10.0.2.109 3683 -> 172.6.250.142 9694 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 09:52:20.830283 0.052678 tcp 10.0.2.109 57783 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:52:20.883235 0.055252 tcp 10.0.2.109 57784 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:52:20.938357 0.181050 tcp 10.0.2.109 57785 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:52:21.146386 0.502524 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:52:21.649333 0.347554 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:52:21.997274 0.103746 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:52:22.101413 0.148949 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:52:22.250785 0.029805 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:52:22.280981 0.142852 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:52:22.424249 0.040484 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/17 09:52:22.465124 0.000000 udp 10.0.2.109 3683 -> 5.178.177.20 7491 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 09:52:39.867072 0.053347 tcp 10.0.2.109 57786 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:52:39.920263 0.062477 tcp 10.0.2.109 57787 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:52:39.983028 0.161427 tcp 10.0.2.109 57788 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/17 09:54:55.104537 3.001055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 09:55:02.110896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:55:10.113068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:55:26.116001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 09:55:58.121608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:02:02.127979 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 10:02:09.135189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:02:17.136659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:02:33.139832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:03:05.145832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:09:09.152670 3.000398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 10:09:16.159252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:09:24.160734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:09:40.164012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:10:12.169757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:13:37.044515 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:13:37.044626 1.077280 tcp 10.0.2.109 57789 -> 70.113.215.93 3558 FSPA* 0 0 14 1688 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:16:16.176297 3.001302 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 10:16:23.183156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:16:31.214806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:16:47.217375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:17:19.223814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:22:47.756225 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:22:47.756327 0.000000 udp 10.0.2.109 3683 -> 123.237.23.0 1902 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:23:05.874199 0.060097 tcp 10.0.2.109 57790 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:05.934571 0.055561 tcp 10.0.2.109 57791 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:05.987962 0.202969 tcp 10.0.2.109 57792 -> 195.113.214.211 443 SRPA* 0 0 21 8692 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:06.191429 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:23:21.675805 0.061737 tcp 10.0.2.109 57793 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:21.737895 0.060062 tcp 10.0.2.109 57794 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:21.797795 0.168814 tcp 10.0.2.109 57795 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:21.967110 0.000000 udp 10.0.2.109 3683 -> 172.6.250.142 9694 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:23:23.230318 3.001031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 10:23:30.237191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:23:38.028671 0.058954 tcp 10.0.2.109 57796 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:38.087460 0.062517 tcp 10.0.2.109 57797 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:38.150299 0.162705 tcp 10.0.2.109 57798 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:38.238833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:23:38.313668 0.000000 udp 10.0.2.109 3683 -> 5.178.177.20 7491 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:23:54.241434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:23:55.964646 0.059830 tcp 10.0.2.109 57799 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:56.024782 0.060898 tcp 10.0.2.109 57800 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:56.086067 0.150418 tcp 10.0.2.109 57801 -> 195.113.214.211 443 SRPA* 0 0 24 13426 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:23:56.237072 4.016753 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 4 1095 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:56.375280 3.334288 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 4 1193 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:56.554983 3.315597 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1046 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:56.714467 3.197758 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 927 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:56.767385 3.193028 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1103 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:56.815325 3.299677 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 4 1245 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:56.963638 3.466956 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1387 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:57.139968 3.453641 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 4 1205 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:57.294816 3.354900 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 4 1110 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:57.355920 3.334743 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 4 1185 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:57.396308 3.349191 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 4 1015 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:57.446508 3.659266 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 4 1096 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:57.811402 3.459587 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 4 974 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:57.981137 4.286589 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1135 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:58.119258 3.676821 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 4 1220 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:58.596523 3.533087 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1257 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:58.931425 3.785997 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 4 1016 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:59.074611 3.233797 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 4 1384 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:59.116042 3.284504 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 4 1236 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:59.207621 3.333451 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 4 910 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:23:59.342900 3.229108 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 4 1194 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:24:02.717980 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:24:11.576546 0.000000 udp 10.0.2.109 3683 -> 209.151.54.137 1567 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:24:19.658015 0.000000 udp 10.0.2.109 3683 -> 50.75.168.171 3660 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:24:26.247896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:24:27.720121 0.000000 udp 10.0.2.109 3683 -> 77.97.169.18 1024 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:24:34.009295 0.000000 udp 10.0.2.109 3683 -> 81.174.5.43 5410 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:24:42.040231 0.000000 udp 10.0.2.109 3683 -> 105.224.131.141 6767 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:24:46.987857 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:24:48.399980 0.000000 udp 10.0.2.109 3683 -> 31.54.36.117 1084 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:24:53.867803 0.000000 udp 10.0.2.109 3683 -> 89.156.205.185 9225 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:25:00.667674 0.000000 udp 10.0.2.109 3683 -> 77.183.13.60 3056 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:25:06.615992 0.000000 udp 10.0.2.109 3683 -> 94.132.120.17 9235 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:25:13.425417 0.000000 udp 10.0.2.109 3683 -> 98.175.222.3 7270 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:25:20.715842 0.000000 udp 10.0.2.109 3683 -> 108.184.193.223 4491 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:25:27.045416 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:25:31.992006 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:25:33.855494 0.000000 udp 10.0.2.109 3683 -> 188.153.90.39 1378 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:25:42.327010 0.000000 udp 10.0.2.109 3683 -> 8.3.49.199 3205 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:25:49.797914 0.000000 udp 10.0.2.109 3683 -> 41.135.73.198 9181 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:25:55.806535 0.000000 udp 10.0.2.109 3683 -> 90.33.248.201 2886 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:26:02.857362 0.000000 udp 10.0.2.109 3683 -> 5.65.154.116 1639 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:26:10.547877 0.000000 udp 10.0.2.109 3683 -> 70.184.180.3 6988 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:26:17.417945 0.000000 udp 10.0.2.109 3683 -> 39.225.21.220 6499 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:26:21.994353 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:26:25.078813 0.044931 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:26:25.260369 0.000000 udp 10.0.2.109 3683 -> 89.97.18.48 7366 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:26:31.097457 0.000000 udp 10.0.2.109 3683 -> 124.121.178.134 1513 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:26:36.214850 0.000000 udp 10.0.2.109 3683 -> 80.145.204.99 3430 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:26:42.003300 0.000000 udp 10.0.2.109 3683 -> 188.153.161.12 5036 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:26:47.541172 0.000000 udp 10.0.2.109 3683 -> 62.38.192.120 3845 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:26:54.571612 0.000000 udp 10.0.2.109 3683 -> 23.24.76.117 3168 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:00.679722 0.000000 udp 10.0.2.109 3683 -> 188.3.234.112 7288 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:06.748590 0.000000 udp 10.0.2.109 3683 -> 201.193.183.227 1740 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:11.495570 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:27:14.119658 0.060795 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 765 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:27:14.208711 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:21.810295 0.000000 udp 10.0.2.109 3683 -> 207.210.61.76 7656 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:28.770301 0.000000 udp 10.0.2.109 3683 -> 108.48.75.237 8247 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:35.870360 0.000000 udp 10.0.2.109 3683 -> 91.39.84.106 9714 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:41.668672 0.000000 udp 10.0.2.109 3683 -> 62.219.143.195 9366 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:50.231121 0.000000 udp 10.0.2.109 3683 -> 78.152.125.2 8385 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:56.930770 0.066617 udp 10.0.2.109 3683 -> 151.84.80.40 6801 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:27:56.997387 0.000000 icmp 151.84.80.40 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 241 flow=Background 1970/01/17 10:28:01.487305 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:28:03.430181 0.044926 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:28:03.811395 0.000000 udp 10.0.2.109 3683 -> 108.20.54.46 7824 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:28:12.653779 0.000000 udp 10.0.2.109 3683 -> 50.240.63.105 9774 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:28:17.660854 0.000000 udp 10.0.2.109 3683 -> 185.12.247.145 1396 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:28:23.148175 0.000000 udp 10.0.2.109 3683 -> 92.151.174.221 4329 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:28:31.750793 0.000000 udp 10.0.2.109 3683 -> 72.91.101.230 8778 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:28:40.703959 0.000000 udp 10.0.2.109 3683 -> 98.195.107.32 1189 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:28:46.552152 0.099871 udp 10.0.2.109 3683 -> 81.213.204.115 7167 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:28:46.652023 0.000000 icmp 81.213.204.115 0x0303 -> 10.0.2.109 0xff1b URP 192 1 286 flow=Background 1970/01/17 10:28:51.489294 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:28:53.021296 0.000000 udp 10.0.2.109 3683 -> 173.162.234.250 3763 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:29:01.323282 0.000000 udp 10.0.2.109 3683 -> 173.217.224.134 5177 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:29:07.882554 0.000000 udp 10.0.2.109 3683 -> 68.15.223.145 3051 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:29:13.290536 0.000000 udp 10.0.2.109 3683 -> 68.199.59.172 3909 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:29:21.863444 0.000000 udp 10.0.2.109 3683 -> 71.238.192.166 9053 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:29:30.315097 0.000000 udp 10.0.2.109 3683 -> 122.224.119.123 3535 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:29:37.385554 0.000000 udp 10.0.2.109 3683 -> 98.102.135.174 1576 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:29:41.991251 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:29:46.157921 0.000000 udp 10.0.2.109 3683 -> 202.128.21.92 8080 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:29:54.049010 0.000000 udp 10.0.2.109 3683 -> 94.171.254.46 7317 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:30:01.289578 0.000000 udp 10.0.2.109 3683 -> 94.85.203.138 5231 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:30:07.518453 0.000000 udp 10.0.2.109 3683 -> 2.37.139.47 8104 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:30:16.481665 0.219892 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:30:16.721280 0.000000 udp 10.0.2.109 3683 -> 78.171.36.75 1052 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:30:24.633454 0.037592 udp 10.0.2.109 3683 <-> 86.8.180.38 8844 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:30:24.680107 0.000000 udp 10.0.2.109 3683 -> 50.20.182.29 3684 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:30:29.489670 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:30:30.201426 0.000000 udp 10.0.2.109 3683 -> 83.21.115.84 8153 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:30:30.253885 3.001630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 10:30:35.208038 0.000000 udp 10.0.2.109 3683 -> 2.126.125.112 9732 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:30:37.261663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:30:43.790862 0.000000 udp 10.0.2.109 3683 -> 2.146.141.23 8483 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:30:45.263208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:30:48.847910 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:30:55.457551 0.000000 udp 10.0.2.109 3683 -> 174.0.55.32 7269 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:31:01.265404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:31:01.936658 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:31:09.547961 0.000000 udp 10.0.2.109 3683 -> 63.234.32.146 7831 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:31:14.494755 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:31:18.540364 0.000000 udp 10.0.2.109 3683 -> 75.109.189.157 7538 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:31:27.423373 0.000000 udp 10.0.2.109 3683 -> 92.74.156.242 2336 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:31:33.271504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:31:35.785506 0.000000 udp 10.0.2.109 3683 -> 151.24.67.17 7445 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:31:41.584068 0.000000 udp 10.0.2.109 3683 -> 195.53.174.49 8284 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:31:50.025732 0.000000 udp 10.0.2.109 3683 -> 176.25.234.148 5180 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:31:56.915966 0.000000 udp 10.0.2.109 3683 -> 82.10.115.207 6415 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:32:01.492089 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:32:04.466745 0.000000 udp 10.0.2.109 3683 -> 91.13.67.46 7011 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:32:10.956079 0.000000 udp 10.0.2.109 3683 -> 194.54.10.70 7283 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:32:17.385240 0.000000 udp 10.0.2.109 3683 -> 188.4.117.135 4301 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:32:24.015076 0.000000 udp 10.0.2.109 3683 -> 197.255.192.12 8045 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:32:32.557118 0.000000 udp 10.0.2.109 3683 -> 88.58.153.178 8974 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:32:38.555709 0.711800 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 770 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:32:39.299578 0.055111 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 766 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:32:39.374650 0.000000 udp 10.0.2.109 3683 -> 117.200.90.172 5757 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:32:48.169356 0.000000 udp 10.0.2.109 3683 -> 88.243.89.28 2719 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:32:52.996298 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:32:56.771668 0.000000 udp 10.0.2.109 3683 -> 94.69.155.205 18423 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:33:04.643247 0.000000 udp 10.0.2.109 3683 -> 79.16.76.245 8607 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:33:10.541935 0.035956 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 778 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:33:10.608026 0.000000 udp 10.0.2.109 3683 -> 93.193.27.73 6734 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:33:19.053641 0.000000 udp 10.0.2.109 3683 -> 87.185.154.25 3612 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:33:24.391902 0.145400 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 773 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:33:24.571906 0.000000 udp 10.0.2.109 3683 -> 111.254.120.123 6738 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:33:30.170073 0.000000 udp 10.0.2.109 3683 -> 99.116.221.255 6113 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:33:38.081185 0.000000 udp 10.0.2.109 3683 -> 152.2.57.118 6630 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:33:42.997783 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:33:43.128301 0.000000 udp 10.0.2.109 3683 -> 74.223.7.75 4328 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:33:50.739446 0.000000 udp 10.0.2.109 3683 -> 46.197.185.32 2950 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:33:56.177038 0.000000 udp 10.0.2.109 3683 -> 82.82.85.239 2024 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:34:02.235866 0.000000 udp 10.0.2.109 3683 -> 173.160.98.166 2328 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:34:10.297729 0.055073 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:34:10.509745 0.170598 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 835 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:34:10.828475 0.000000 udp 10.0.2.109 3683 -> 64.171.30.161 1024 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:34:17.587988 0.000000 udp 10.0.2.109 3683 -> 186.95.97.7 6273 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:34:25.539845 0.000000 udp 10.0.2.109 3683 -> 144.132.220.246 9163 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:34:30.496565 0.000191 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:34:32.389104 0.000000 udp 10.0.2.109 3683 -> 82.38.81.215 3219 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:34:39.489504 0.183963 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 724 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:34:39.810518 0.000000 udp 10.0.2.109 3683 -> 168.215.190.135 7015 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:34:48.442679 0.000000 udp 10.0.2.109 3683 -> 93.61.9.193 5584 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:34:53.720059 0.000000 udp 10.0.2.109 3683 -> 74.56.122.142 4260 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:35:00.629624 0.222026 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 737 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:35:00.947883 0.000000 udp 10.0.2.109 3683 -> 201.184.116.95 7531 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:35:09.602796 0.275755 udp 10.0.2.109 3683 <-> 190.18.180.74 8784 CON 0 0 2 751 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:35:09.966985 0.000000 udp 10.0.2.109 3683 -> 88.242.251.104 1054 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:35:15.391078 0.000000 udp 10.0.2.109 3683 -> 88.104.136.78 8182 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:35:19.997365 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:35:21.169426 0.000000 udp 10.0.2.109 3683 -> 42.61.218.243 9944 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:35:29.401547 0.000000 udp 10.0.2.109 3683 -> 69.198.6.243 2848 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:35:36.713767 0.000000 udp 10.0.2.109 3683 -> 212.16.153.176 6519 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:35:45.304306 0.226077 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:35:45.540762 0.000000 udp 10.0.2.109 3683 -> 151.84.225.80 5264 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:35:50.782249 0.210027 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:35:51.002326 0.000000 udp 10.0.2.109 3683 -> 24.210.230.4 2815 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:35:57.652104 0.000000 udp 10.0.2.109 3683 -> 91.97.47.17 2664 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:36:05.383191 0.000000 udp 10.0.2.109 3683 -> 71.52.138.12 6085 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:36:09.999308 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:36:13.264367 0.000000 udp 10.0.2.109 3683 -> 114.95.202.142 4121 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:36:20.224210 0.000000 udp 10.0.2.109 3683 -> 132.177.202.146 5322 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:36:28.225669 0.000000 udp 10.0.2.109 3683 -> 172.248.51.183 1037 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:36:36.858482 0.000000 udp 10.0.2.109 3683 -> 41.205.63.125 7140 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:36:45.430361 0.000000 udp 10.0.2.109 3683 -> 95.58.112.127 6523 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:36:51.108734 0.000000 udp 10.0.2.109 3683 -> 146.60.156.73 4443 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:36:56.005441 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:36:58.679449 0.000000 udp 10.0.2.109 3683 -> 66.226.195.97 1580 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:37:03.716881 0.000000 udp 10.0.2.109 3683 -> 108.48.92.57 2807 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:37:09.485088 0.000000 udp 10.0.2.109 3683 -> 59.124.112.123 7829 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 10:37:17.396403 0.176032 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 678 flow=From-Botnet-V1-UDP-Established 1970/01/17 10:37:37.288335 3.001113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 10:37:44.295357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:37:52.296457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:38:08.299867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:38:40.505709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:43:38.224124 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 10:43:38.224410 0.974824 tcp 10.0.2.109 57802 -> 70.113.215.93 3558 FSPA* 0 0 15 1703 flow=From-Botnet-V1-TCP-Established 1970/01/17 10:44:44.512630 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 10:44:51.519513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:44:59.520691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:45:15.524094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:45:47.530166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:51:51.537306 3.000585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 10:51:58.543560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:52:06.544594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:52:22.547860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:52:54.553960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:58:58.559865 3.001876 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 10:59:05.567223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:59:13.568859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 10:59:29.571844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:00:01.577790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:06:05.584352 3.001233 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 11:06:12.591430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:06:20.593034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:06:36.595898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:07:08.602028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:07:19.838002 0.000158 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 11:07:19.838282 0.049566 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:19.888275 0.047838 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:19.936491 0.200272 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:20.137184 0.161400 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:20.298972 0.149576 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:20.448947 0.142789 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:20.592196 0.172877 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:20.765503 0.157960 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:20.923876 0.061002 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:20.985213 0.080544 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:21.066361 0.056377 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:21.123075 0.374168 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:21.497648 0.194715 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:21.692858 2.860056 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:24.553310 0.164444 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:24.718185 0.046277 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:24.764870 0.103175 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:24.868454 0.171358 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:25.040237 0.030736 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:25.071393 0.143839 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:25.215673 0.366558 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:25.582678 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 11:07:44.134810 0.051885 tcp 10.0.2.109 57803 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:07:44.187015 0.068094 tcp 10.0.2.109 57804 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:07:44.255439 0.166830 tcp 10.0.2.109 57805 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:07:44.422550 0.054921 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:44.477906 0.047375 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:44.525684 0.141909 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:44.667967 0.033265 udp 10.0.2.109 3683 <-> 86.8.180.38 8844 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:44.701640 0.219897 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:44.921923 0.054896 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:44.977226 0.035819 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:45.013484 0.139591 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:45.153448 0.054851 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:45.208731 0.159273 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:45.368352 0.180789 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:45.549548 0.206338 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:45.756332 0.267215 udp 10.0.2.109 3683 <-> 190.18.180.74 8784 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:46.023967 0.217071 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:46.241465 0.185872 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:07:46.483320 0.148887 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:13:12.608452 3.000794 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 11:13:19.615449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:13:27.617095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:13:39.203718 0.123309 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 11:13:39.327363 0.963323 tcp 10.0.2.109 57806 -> 70.113.215.93 3558 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:13:43.680261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:14:15.686122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:20:19.691586 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 11:20:26.699639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:20:34.700903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:20:50.704012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:21:22.709570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:27:26.715776 3.001683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 11:27:33.722965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:27:41.724892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:27:57.727904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:28:29.733608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:34:33.740310 3.001152 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 11:34:40.747605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:34:48.748348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:35:04.751943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:35:36.758083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:38:00.114710 0.000158 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 11:38:00.114975 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 11:38:19.032710 0.060870 tcp 10.0.2.109 57807 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:38:19.093929 0.052613 tcp 10.0.2.109 57808 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:38:19.146384 0.154015 tcp 10.0.2.109 57809 -> 195.113.214.211 443 SRPA* 0 0 48 42268 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:38:19.300998 0.054991 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:19.356445 0.051465 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:19.408317 0.159529 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:19.568217 0.149102 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:19.717687 0.140630 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:19.858717 0.174898 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:20.034022 0.155517 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:20.189939 0.000000 udp 10.0.2.109 3683 -> 86.178.149.181 5838 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 11:38:37.598109 0.082478 tcp 10.0.2.109 57810 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:38:37.680877 0.060416 tcp 10.0.2.109 57811 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:38:37.741549 0.175400 tcp 10.0.2.109 57812 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:38:37.917467 0.179462 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:38.097432 0.053706 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:38.151522 0.163975 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:38.315904 0.373194 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:38.689467 0.050895 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:38.740776 0.045794 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:38.786974 0.091632 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:38.879017 0.578428 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:39.457854 0.236457 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:39.694738 0.145482 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:39.840610 0.334702 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.175673 0.139544 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.315633 0.033974 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.349973 0.142425 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.492812 0.034458 udp 10.0.2.109 3683 <-> 86.8.180.38 8844 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.527690 0.183703 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.711814 0.058908 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.771126 0.035727 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.807284 0.056897 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.864610 0.046938 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:40.911887 0.138145 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:41.050452 0.059816 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:41.110675 0.158534 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:41.269634 0.266143 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:41.536133 0.221426 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:41.758052 0.197350 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:41.955807 0.144860 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:42.101098 0.273322 udp 10.0.2.109 3683 <-> 190.18.180.74 8784 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:38:42.374910 0.183392 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 11:41:40.763986 3.001463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 11:41:47.770944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:41:55.773107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:42:11.775523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:42:43.781704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:43:40.293562 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 11:43:40.293654 0.962366 tcp 10.0.2.109 57813 -> 70.113.215.93 3558 FSPA* 0 0 14 1736 flow=From-Botnet-V1-TCP-Established 1970/01/17 11:48:47.788271 3.021107 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 11:48:54.814849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:49:02.816375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:49:18.819804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:49:50.825999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:55:54.832241 3.001005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 11:56:01.839458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:56:09.840449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:56:25.843472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 11:56:57.849333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:03:01.855975 3.001334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 12:03:08.863406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:03:16.874859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:03:32.877398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:04:04.883777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:08:54.900701 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 12:08:54.900894 0.000000 udp 10.0.2.109 3683 -> 86.178.149.181 5838 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 12:09:13.489032 0.053757 tcp 10.0.2.109 57814 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 12:09:13.542652 0.051545 tcp 10.0.2.109 57815 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 12:09:13.594546 0.148980 tcp 10.0.2.109 57816 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/17 12:09:13.744156 0.149684 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:13.894281 0.144822 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:14.039555 0.178291 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:14.218305 0.047886 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:14.266620 0.054073 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:14.321078 0.160604 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:14.482104 0.156162 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:14.638680 0.176122 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:14.815204 0.042943 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:14.858586 0.164144 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:15.023165 0.362545 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:15.386225 0.050827 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:15.437559 0.045906 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:15.483878 0.103256 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:15.587563 0.142249 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:15.730266 0.532677 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:16.263328 0.143421 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:16.407098 0.313175 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:16.720710 0.138484 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:16.859627 0.029018 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:16.889080 0.142460 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.031962 0.034087 udp 10.0.2.109 3683 <-> 86.8.180.38 8844 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.066436 0.185640 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.252448 0.064227 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.317087 0.035609 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.353096 0.059894 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.413364 0.046492 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.460226 0.134623 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.595254 0.184079 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.779728 0.208665 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:17.988818 0.192179 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:18.181452 0.052866 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:18.234671 0.163711 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:18.398800 0.215443 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:18.614576 0.142939 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:09:18.757948 0.273952 udp 10.0.2.109 3683 <-> 190.18.180.74 8784 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:10:08.889660 3.001666 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 12:10:15.897110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:10:23.898523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:10:39.901633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:11:11.907992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:13:41.262616 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 12:13:41.262771 0.991026 tcp 10.0.2.109 57817 -> 70.113.215.93 3558 FSPA* 0 0 12 1548 flow=From-Botnet-V1-TCP-Established 1970/01/17 12:17:15.913128 3.001974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 12:17:22.921260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:17:30.922780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:17:46.925861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:18:18.931853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:24:22.937960 3.001212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 12:24:29.944670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:24:37.946771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:24:53.949497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:25:25.955647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:31:29.962067 3.191500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 12:31:37.159317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:31:45.160999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:32:01.163833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:32:33.170172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:38:37.176462 3.000754 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 12:38:44.182838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:38:52.184886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:39:08.187865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:39:28.116718 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 12:39:28.116965 0.153149 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:28.270537 0.141272 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:28.412155 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 12:39:40.193865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:39:44.923108 0.053022 tcp 10.0.2.109 57818 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 12:39:44.976404 0.058007 tcp 10.0.2.109 57819 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 12:39:45.034709 0.288237 tcp 10.0.2.109 57820 -> 195.113.214.211 443 SRPA* 0 0 44 34948 flow=From-Botnet-V1-TCP-Established 1970/01/17 12:39:45.322809 0.047120 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:45.370324 0.051466 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:45.422198 0.162239 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:45.584889 0.156205 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:45.741562 0.180668 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:45.922600 0.046735 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:45.969783 0.171767 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:46.142067 0.046726 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:46.189192 0.094409 udp 10.0.2.109 3683 <-> 128.59.33.17 1755 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:46.284007 0.148243 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:46.432673 0.362437 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:46.795548 0.050715 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:46.846678 0.447958 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:47.295047 0.182908 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:47.478488 0.368128 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:47.847027 0.135710 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:47.983139 0.033739 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.017284 0.152078 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.169757 0.035037 udp 10.0.2.109 3683 <-> 86.8.180.38 8844 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.205207 0.184609 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.390371 0.055164 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.445889 0.035594 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.481912 0.060408 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.542764 0.038955 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.582255 0.132698 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.715305 0.175920 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:48.891665 0.222245 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:49.114382 0.157525 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:49.272305 0.163164 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:49.435882 0.148835 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:49.585084 0.274944 udp 10.0.2.109 3683 <-> 190.18.180.74 8784 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:49.860764 0.190342 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:39:50.051456 0.055734 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/17 12:43:42.342271 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 12:43:42.342523 0.986184 tcp 10.0.2.109 57821 -> 70.113.215.93 3558 FSPA* 0 0 14 1627 flow=From-Botnet-V1-TCP-Established 1970/01/17 12:45:44.200122 3.001290 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 12:45:51.206970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:45:59.208846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:46:15.211925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:46:47.217969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:52:51.223746 3.001912 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 12:52:58.231531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:53:06.232813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:53:22.235866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:53:54.242044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 12:59:58.247612 3.001939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 13:00:05.255095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:00:13.256469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:00:29.259553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:01:01.265985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:07:05.272566 3.000744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 13:07:12.279029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:07:20.280382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:07:36.283969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:08:08.289623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:09:57.938151 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 13:09:57.938248 0.174530 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:09:58.113215 0.151238 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:09:58.264877 0.142531 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:09:58.407754 0.048008 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:09:58.456199 0.061835 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:09:58.518574 0.161183 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:09:58.680141 0.158934 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:09:58.839481 0.177671 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:09:59.017533 0.051306 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:09:59.069264 0.000000 udp 10.0.2.109 3683 -> 128.59.33.17 1755 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 13:10:14.513582 0.052761 tcp 10.0.2.109 57822 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:10:14.566555 0.053361 tcp 10.0.2.109 57823 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:10:14.619794 0.150922 tcp 10.0.2.109 57824 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:10:14.771257 0.143239 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:14.914855 0.342430 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:15.257686 0.057369 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:15.315447 0.165652 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:15.481497 0.046466 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:15.528295 0.462013 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:15.990662 0.180201 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:16.171284 0.361939 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:16.533638 0.137854 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:16.671858 0.030582 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:16.702820 0.137340 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:16.840573 0.033997 udp 10.0.2.109 3683 <-> 86.8.180.38 8844 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:16.874932 0.197855 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:17.073194 0.059458 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:17.133000 0.035492 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:17.168989 0.056968 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:17.226512 0.039713 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:17.266656 0.134984 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:17.402063 0.177891 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:17.580358 0.160245 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:17.741024 0.181903 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:17.923387 0.000000 udp 10.0.2.109 3683 -> 190.18.180.74 8784 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 13:10:36.413199 0.054075 tcp 10.0.2.109 57825 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:10:36.467123 0.055070 tcp 10.0.2.109 57826 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:10:36.522534 0.155247 tcp 10.0.2.109 57827 -> 195.113.214.211 443 SRPA* 0 0 42 33214 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:10:36.678550 0.203074 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:36.882003 0.220445 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:37.102859 0.175008 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:10:37.278346 0.054529 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:13:43.331982 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 13:13:43.332184 0.993230 tcp 10.0.2.109 57828 -> 70.113.215.93 3558 FSPA* 0 0 14 1558 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:14:12.296680 3.000561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 13:14:19.303007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:14:27.304346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:14:43.307430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:15:15.313251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:21:19.320176 3.001394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 13:21:26.326933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:21:34.328185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:21:50.331379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:22:22.337949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:28:26.344190 3.050925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 13:28:33.401216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:28:41.402328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:28:57.405572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:29:29.411762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:35:33.417846 3.001648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 13:35:40.425271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:35:48.426382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:36:04.429193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:36:36.435591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:40:57.871886 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 13:40:57.872076 0.000000 udp 10.0.2.109 3683 -> 128.59.33.17 1755 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 13:41:14.176905 0.052543 tcp 10.0.2.109 57829 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:41:14.229675 0.051553 tcp 10.0.2.109 57830 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:41:14.281515 0.143775 tcp 10.0.2.109 57831 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:41:14.424602 0.000000 udp 10.0.2.109 3683 -> 190.18.180.74 8784 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 13:41:30.628880 0.054702 tcp 10.0.2.109 57832 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:41:30.683842 0.052291 tcp 10.0.2.109 57833 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:41:30.736488 0.145264 tcp 10.0.2.109 57834 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:41:30.882418 0.047805 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:30.930643 0.052089 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:30.983082 0.150494 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:31.133979 0.158950 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:31.293371 0.179217 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:31.473003 0.183800 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:31.657303 0.161998 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:31.819728 0.139564 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:31.959724 0.047767 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:32.007879 0.143847 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:32.152118 0.172224 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:32.324754 0.047043 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:32.372162 0.452123 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:32.824702 0.050915 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:32.876034 0.355538 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:33.232035 0.137621 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:33.370063 0.029052 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:33.399540 0.142124 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:33.542000 0.035257 udp 10.0.2.109 3683 <-> 86.8.180.38 8844 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:33.577677 0.229528 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:33.807545 0.321345 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:34.129312 0.139450 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:34.269239 0.035496 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:34.305113 0.056472 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:34.361999 0.041909 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:34.404236 0.137509 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:34.542233 0.178424 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:34.721041 0.216737 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:34.938316 0.144725 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:35.083401 0.067154 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:35.150971 0.187112 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:35.338491 0.054368 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:35.393267 0.202554 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:41:35.596165 0.160059 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/17 13:42:40.441086 3.002248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 13:42:47.449362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:42:55.450130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:43:11.453803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:43:43.459702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:43:44.350762 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 13:43:44.350856 0.960417 tcp 10.0.2.109 57835 -> 70.113.215.93 3558 FSPA* 0 0 14 1684 flow=From-Botnet-V1-TCP-Established 1970/01/17 13:49:47.465830 3.001367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 13:49:54.473026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:50:02.474086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:50:18.477735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:50:50.484218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:56:54.489879 3.001195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 13:57:01.497007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:57:09.498311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:57:25.501585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 13:57:57.507395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:04:01.513211 3.002008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 14:04:08.520849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:04:16.522634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:04:32.525322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:05:04.531919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:11:08.537474 3.102339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 14:11:15.645479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:11:23.646654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:11:39.649412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:11:41.342311 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 14:11:41.342420 0.047944 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:41.390853 0.048699 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:41.439960 0.160598 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:41.600977 0.155875 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:41.757217 0.175775 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:42.026976 0.173680 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:42.201108 0.158204 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:42.359715 0.139840 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:42.499947 0.044322 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:42.544613 0.040697 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:42.585717 0.462986 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:43.049067 0.050726 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:43.100202 0.143861 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:43.244516 0.166320 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:43.411167 0.364030 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:43.775617 0.136217 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:43.912250 0.032465 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:43.945125 0.146705 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:11:44.092233 0.000000 udp 10.0.2.109 3683 -> 86.8.180.38 8844 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 14:12:00.461225 0.053143 tcp 10.0.2.109 57836 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:12:00.514704 0.053921 tcp 10.0.2.109 57837 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:12:00.568915 0.150183 tcp 10.0.2.109 57838 -> 195.113.214.211 443 SRPA* 0 0 51 33094 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:12:00.719817 0.185845 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:00.906375 0.328152 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:01.234944 0.134022 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:01.369421 0.035559 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:01.405321 0.058600 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:01.464262 0.042442 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:01.507066 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 14:12:11.655719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:12:17.014061 0.188575 tcp 10.0.2.109 57839 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:12:17.202914 0.053408 tcp 10.0.2.109 57840 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:12:17.256630 0.146267 tcp 10.0.2.109 57841 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:12:17.400813 0.178129 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:17.579405 0.161734 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:17.741544 0.221663 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:17.963584 0.059863 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:18.023843 0.220390 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:18.244567 0.161258 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:12:18.406280 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 14:12:36.411627 0.052092 tcp 10.0.2.109 57842 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:12:36.463657 0.052174 tcp 10.0.2.109 57843 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:12:36.516103 0.170922 tcp 10.0.2.109 57844 -> 195.113.214.211 443 SRPA* 0 0 32 16642 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:12:36.687195 0.197366 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:13:45.400362 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 14:13:45.400472 1.079723 tcp 10.0.2.109 57845 -> 70.113.215.93 3558 FSPA* 0 0 12 1633 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:18:15.722396 3.001216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 14:18:22.729157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:18:30.730341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:18:46.733576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:19:18.739469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:25:22.745070 3.142194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 14:25:29.893409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:25:37.894902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:25:53.897761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:26:25.903576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:32:29.910698 3.000813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 14:32:36.917099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:32:44.918538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:33:00.921443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:33:32.927752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:39:36.934491 3.000909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 14:39:43.940879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:39:51.942882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:40:07.945629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:40:39.951641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:43:00.774660 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 14:43:00.774765 0.000000 udp 10.0.2.109 3683 -> 86.8.180.38 8844 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 14:43:16.007558 0.062194 tcp 10.0.2.109 57846 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:16.070003 0.052612 tcp 10.0.2.109 57847 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:16.122897 0.122548 tcp 10.0.2.109 57848 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:16.245974 0.134871 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:16.381221 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 14:43:31.618888 0.053538 tcp 10.0.2.109 57849 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:31.672266 0.031391 tcp 10.0.2.109 57850 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:31.703931 0.134101 tcp 10.0.2.109 57851 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:31.838340 0.185111 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:32.023857 0.187543 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:32.211834 0.158919 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:32.371152 0.503203 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:32.874705 0.050953 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:32.926053 0.047884 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:32.974327 0.044302 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:33.019081 0.051154 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:33.070615 0.139896 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:33.210963 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 14:43:46.550400 1.064289 tcp 10.0.2.109 57852 -> 70.113.215.93 3558 FSPA* 0 0 14 1716 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:51.036796 0.051223 tcp 10.0.2.109 57853 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:51.088262 0.030886 tcp 10.0.2.109 57854 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:51.119435 0.143026 tcp 10.0.2.109 57855 -> 195.113.214.211 443 SRPA* 0 0 41 34010 flow=From-Botnet-V1-TCP-Established 1970/01/17 14:43:51.263084 0.141073 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:51.404508 0.443599 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:51.848503 0.040416 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:51.889313 0.198534 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:52.088291 0.355904 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:52.444612 0.165213 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:52.610262 0.137708 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:52.748327 0.030188 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:52.779002 0.035590 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:52.815006 0.054474 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:52.869903 0.046453 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:52.916754 0.360841 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:53.278061 0.185003 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:53.463392 0.150377 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:53.614224 0.146200 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:53.760854 0.056171 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:53.817440 0.178632 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:53.996412 0.161123 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:54.157882 0.166938 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:54.325258 0.219991 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:43:54.545582 0.197847 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/17 14:46:43.957216 3.002284 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 14:46:50.964734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:46:58.966732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:47:14.969685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:47:46.976035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:53:50.982541 3.001228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 14:53:57.988785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:54:05.990341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:54:21.993865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 14:54:53.999614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:00:58.005542 3.001464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 15:01:05.012837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:01:13.014532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:01:30.529530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:02:02.536004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:08:06.542747 3.000367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 15:08:13.549250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:08:21.550298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:08:37.553325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:09:10.310610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:13:48.741765 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 15:13:48.741866 1.182975 tcp 10.0.2.109 57856 -> 70.113.215.93 3558 FSPA* 0 0 12 1399 flow=From-Botnet-V1-TCP-Established 1970/01/17 15:14:20.556991 0.161235 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:20.718584 0.136116 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:20.855104 0.181753 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:21.037236 0.153594 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:21.191183 0.051761 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:21.882865 0.047143 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:21.930498 0.044496 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:21.975461 0.154418 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:22.130284 0.178995 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:22.309620 0.143989 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:22.453966 0.050794 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:22.505083 0.040713 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:22.546202 0.139573 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:22.686357 0.476880 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:23.163600 0.143572 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:23.307591 0.378291 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:23.686307 0.164856 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:23.851567 0.136331 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:23.988291 0.042534 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:24.031214 0.035488 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:24.067054 0.056496 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:24.123904 0.041571 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:24.165884 0.330400 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:24.496717 0.184919 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:24.682002 0.137765 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:24.820155 0.142033 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:24.987656 0.054407 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:25.042535 0.179767 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:25.222671 0.221453 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:25.444528 0.188796 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:25.633764 0.160109 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:14:25.794472 0.160475 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:15:14.317406 3.000752 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 15:15:21.324014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:15:29.325584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:15:45.328371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:16:17.335027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:22:21.340359 3.002290 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 15:22:28.348248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:22:36.349937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:22:52.352938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:23:24.809414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:29:28.815742 3.001757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 15:29:35.822616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:29:43.823940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:29:59.827581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:30:31.833462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:36:35.840589 3.000490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 15:36:42.846793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:36:50.848114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:37:06.850996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:37:38.857543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:43:42.863549 3.001395 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 15:43:49.870855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:43:50.141502 0.000153 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 15:43:50.141751 1.031982 tcp 10.0.2.109 57857 -> 70.113.215.93 3558 FSPA* 0 0 14 1530 flow=From-Botnet-V1-TCP-Established 1970/01/17 15:43:57.871881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:44:13.875441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:44:45.881589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:44:53.031700 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 15:44:53.031799 0.176244 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:53.208449 0.159642 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:53.368526 0.143512 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:53.512386 0.157890 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:53.670699 0.048879 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:53.719946 0.047908 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:53.768279 0.044065 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:53.812760 0.141298 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:53.954423 0.057265 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:54.012073 0.041605 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:54.054234 0.139454 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:54.194084 0.169059 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:54.363560 0.174046 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:54.538014 0.480781 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:44:55.019183 0.000000 udp 10.0.2.109 3683 -> 70.50.203.154 6552 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 15:45:10.468347 0.031345 tcp 10.0.2.109 57858 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 15:45:10.499956 0.030966 tcp 10.0.2.109 57859 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 15:45:10.531201 0.127950 tcp 10.0.2.109 57860 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/17 15:45:10.658417 0.359578 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:11.018354 0.173595 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:11.192389 0.135500 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:11.328327 0.035471 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:11.364141 0.035420 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:11.399982 0.058549 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:11.458981 0.047274 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:11.506653 0.319752 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:11.826816 0.185231 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:12.012423 0.151937 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:12.164705 0.146031 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:12.311133 0.054656 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:12.366298 0.191123 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:12.557760 0.162452 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:12.720565 0.157685 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:12.878665 0.177987 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:45:13.057076 0.207787 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/17 15:50:49.887388 3.001334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 15:50:56.894973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:51:04.896019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:51:20.899092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:51:52.905069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:57:56.911489 3.001056 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 15:58:03.919127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:58:11.920138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:58:27.923011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 15:58:59.929285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:05:03.935994 3.080992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 16:05:12.084123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:05:20.085420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:05:36.088700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:06:08.094903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:12:12.100311 3.001971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 16:12:19.108110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:12:27.109800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:12:43.112937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:13:15.118799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:13:51.731798 0.000148 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 16:13:51.732052 1.176015 tcp 10.0.2.109 57861 -> 70.113.215.93 3558 FSPA* 0 0 14 1658 flow=From-Botnet-V1-TCP-Established 1970/01/17 16:15:32.706802 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 16:15:32.706914 0.000000 udp 10.0.2.109 3683 -> 70.50.203.154 6552 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 16:15:48.671292 0.051700 tcp 10.0.2.109 57862 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 16:15:48.723303 0.052761 tcp 10.0.2.109 57863 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 16:15:48.776400 0.123816 tcp 10.0.2.109 57864 -> 195.113.214.211 443 SRPA* 0 0 33 23844 flow=From-Botnet-V1-TCP-Established 1970/01/17 16:15:48.900810 0.161780 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:49.063017 0.137521 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:49.200992 0.155133 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:49.356561 0.050480 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:49.407468 0.049007 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:49.456888 0.047543 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:49.504833 0.176738 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:49.681964 0.145170 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:49.827542 0.179370 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:50.007292 0.175463 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:50.183125 0.142582 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:50.326115 0.051467 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:50.377987 0.046355 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:50.424733 0.484873 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:50.910015 0.358848 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:51.269205 0.203058 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:51.472682 0.137074 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:51.610115 0.034524 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:51.645072 0.035643 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:51.681052 0.060141 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:51.741630 0.046777 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:51.788761 0.336439 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:52.125536 0.184588 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:52.310529 0.143449 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:52.454381 0.144208 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:52.599045 0.052847 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:52.652277 0.196777 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:52.849476 0.161807 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:53.011682 0.164029 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:53.176085 0.180395 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:15:53.356909 0.207344 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:19:19.125222 3.001098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 16:19:26.132140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:19:34.133488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:19:50.136936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:20:22.142507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:26:26.149108 3.000976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 16:26:33.156199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:26:41.157297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:26:57.160594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:27:29.167058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:33:33.173147 3.131388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 16:33:40.309958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:33:48.311994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:34:04.315194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:34:36.471314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:40:40.477742 3.000879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 16:40:47.484475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:40:55.486137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:41:11.488888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:41:43.495364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:43:53.041524 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 16:43:53.041678 1.076500 tcp 10.0.2.109 57865 -> 70.113.215.93 3558 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/01/17 16:45:59.683957 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 16:45:59.684048 0.158852 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:45:59.843372 0.261532 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.105295 0.151105 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.256820 0.047872 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.305096 0.047137 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.352661 0.044250 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.397326 0.178067 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.575809 0.141509 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.717768 0.182482 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.900653 0.051907 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.952914 0.040413 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:00.993728 0.465168 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:01.459324 0.185725 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:01.645402 0.143735 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:01.789538 0.378996 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:02.168878 0.194622 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:02.363900 0.137445 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:02.501696 0.035855 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:02.537955 0.035329 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:02.573672 0.056010 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:02.630028 0.047259 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:02.677728 0.313470 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:02.991619 0.865157 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:03.857178 0.144233 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:04.001814 0.145608 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:04.147846 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 16:46:22.728279 0.031521 tcp 10.0.2.109 57866 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 16:46:22.760125 0.030782 tcp 10.0.2.109 57867 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 16:46:22.791226 0.125863 tcp 10.0.2.109 57868 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/17 16:46:22.917527 0.190283 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:23.108198 0.161505 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:23.270073 0.220588 rtcp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:23.491046 0.159589 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:46:23.650984 0.178446 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/17 16:47:47.501808 3.001020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 16:47:54.508285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:48:02.509720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:48:18.513045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:48:50.519211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:54:54.525121 3.001337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 16:55:01.532246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:55:09.533691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:55:25.536597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 16:55:57.543033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:02:01.549230 3.762466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 17:02:09.317679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:02:17.319308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:02:33.321904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:03:05.327721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:09:09.334226 3.001480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 17:09:16.341211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:09:24.693357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:09:40.696370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:10:12.702427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:13:54.641839 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 17:13:54.641943 1.170130 tcp 10.0.2.109 57869 -> 70.113.215.93 3558 FSPA* 0 0 14 1634 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:16:16.708014 3.001997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 17:16:23.715537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:16:31.717874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:16:36.655003 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 17:16:36.655200 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 17:16:47.720187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:16:52.198571 0.031722 tcp 10.0.2.109 57870 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:16:52.230636 0.055629 tcp 10.0.2.109 57871 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:16:52.286562 0.147704 tcp 10.0.2.109 57872 -> 195.113.214.211 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:16:52.434558 0.139110 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:16:52.574026 0.153064 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:16:52.727527 0.049686 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:16:52.777588 0.047734 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:16:52.825721 0.044303 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:16:52.870419 0.177911 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:16:53.048783 0.140197 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:16:53.189359 0.159513 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:16:53.349304 0.041953 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:16:53.391612 0.000000 udp 10.0.2.109 3683 -> 24.208.145.212 9983 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 17:17:11.925614 0.053091 tcp 10.0.2.109 57873 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:17:11.979013 0.051888 tcp 10.0.2.109 57874 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:17:12.031182 0.143863 tcp 10.0.2.109 57875 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:17:12.173652 0.186588 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:12.360649 0.142935 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:12.503994 0.502718 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:13.007094 0.050690 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:13.058133 0.138029 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:13.196526 0.035552 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:13.232521 0.035488 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:13.268326 0.059139 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:13.327867 0.047564 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:13.375811 0.202137 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:13.578505 0.343986 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:13.922962 0.366724 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:14.290083 0.199784 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:14.490384 0.189404 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:14.680220 0.149057 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:14.829722 0.190207 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:15.020270 0.157142 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:15.177836 0.220793 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:15.399051 0.160791 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:15.560210 0.181021 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:17:19.726719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:23:23.732301 3.001854 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 17:23:30.740056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:23:38.741684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:23:54.744312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:24:26.750728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:30:30.757311 3.001068 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 17:30:37.763466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:30:45.765222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:31:01.768121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:31:33.774292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:37:37.781113 3.000733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 17:37:44.787576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:37:52.789342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:38:08.792224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:38:40.798481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:43:55.811548 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 17:43:55.811669 1.044066 tcp 10.0.2.109 57876 -> 70.113.215.93 3558 FSPA* 0 0 14 1646 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:44:44.805178 3.000678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 17:44:51.812108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:44:59.813329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:45:15.816613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:45:47.822619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:47:17.421078 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 17:47:17.421282 0.000000 udp 10.0.2.109 3683 -> 24.208.145.212 9983 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 17:47:33.175948 0.055153 tcp 10.0.2.109 57877 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:47:33.231053 0.030663 tcp 10.0.2.109 57878 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:47:33.262003 0.123559 tcp 10.0.2.109 57879 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/17 17:47:33.386207 0.064074 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:33.450705 0.047944 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:33.499031 0.138482 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:33.637876 0.153919 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:33.792159 0.138970 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:33.931482 0.161390 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:34.093256 0.045934 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:34.139528 0.179317 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:34.319309 0.044729 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:34.364440 0.176067 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:34.540946 0.144215 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:34.685593 0.506875 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:35.192814 0.051840 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:35.245102 0.136628 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:35.382275 0.035054 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:35.417779 0.035441 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:35.453625 0.056716 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:35.510749 0.041491 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:35.552579 0.195408 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:35.748334 0.131539 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:35.880268 0.191320 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:36.072021 0.353722 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:36.426322 0.377011 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:36.803776 0.144459 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:36.948644 0.196801 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:37.145845 0.162761 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:37.309021 0.208400 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:37.517828 0.158143 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:47:37.676342 0.178014 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/17 17:51:51.827956 3.001711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 17:51:58.836027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:52:06.837311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:52:22.840478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:52:54.846323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:58:58.853072 3.000667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 17:59:05.859536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:59:13.861445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 17:59:29.863873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:00:01.870510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:06:05.876753 3.000894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 18:06:12.883491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:06:20.885447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:06:36.887942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:07:08.894133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:13:12.901272 3.000244 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 18:13:19.907588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:13:27.909020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:13:43.911997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:13:56.860767 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 18:13:56.860874 1.210422 tcp 10.0.2.109 57880 -> 70.113.215.93 3558 FSPA* 0 0 14 1561 flow=From-Botnet-V1-TCP-Established 1970/01/17 18:14:15.917921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:17:56.185314 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 18:17:56.185512 0.137823 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:56.323753 0.148952 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:56.473070 0.049317 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:56.522723 0.046896 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:56.570017 0.140279 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:56.710752 0.159212 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:56.870329 0.040186 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:56.910865 0.178137 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:57.089419 0.073042 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:57.162969 0.181348 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:57.344717 0.143287 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:57.488401 0.610869 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:58.099709 0.049590 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:58.149672 0.137348 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:58.287430 0.034841 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:58.322580 0.035094 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:58.357985 0.056140 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:58.414543 0.041249 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:58.456194 0.205355 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:58.661962 0.364219 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:59.026544 0.316237 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:59.343205 0.158048 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:59.501636 0.185810 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:59.687784 0.148787 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:17:59.836981 0.193634 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:18:00.030965 0.161001 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:18:00.192372 0.216036 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:18:00.408803 0.162081 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:18:00.571267 0.202270 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:20:19.923857 3.002128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 18:20:26.931886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:20:34.932976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:20:50.936463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:21:23.262733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:27:27.268893 3.001484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 18:27:34.275805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:27:42.277656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:27:58.281092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:28:30.286533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:34:34.293198 3.000952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 18:34:41.300217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:34:49.301591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:35:05.304249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:35:37.310200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:41:41.317100 3.001454 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 18:41:48.323840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:41:56.325603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:42:12.328675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:42:44.334680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:43:58.220981 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 18:43:58.221266 1.179136 tcp 10.0.2.109 57881 -> 70.113.215.93 3558 FSPA* 0 0 14 1662 flow=From-Botnet-V1-TCP-Established 1970/01/17 18:48:28.098989 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 18:48:28.099088 0.050033 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:28.149528 0.047317 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:28.197236 0.143041 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:28.340666 0.139046 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:28.480143 0.158350 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:28.638939 0.160258 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:28.799620 0.041179 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:28.841161 0.179769 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:29.021309 0.044147 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:29.065850 0.187359 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:29.253607 0.144474 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:29.398507 0.585980 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:29.984924 0.051407 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:30.036734 0.137950 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:30.175096 0.034030 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:30.209548 0.035713 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:30.245677 0.057177 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:30.303257 0.047497 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:30.351170 0.180577 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:30.532093 0.145535 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:30.678044 0.183186 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:30.861651 0.363334 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:31.225457 0.349761 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:31.575626 0.143263 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:31.719318 0.187993 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:31.907723 0.159804 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:32.067941 0.208170 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:32.276519 0.172697 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:32.449591 0.177099 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/17 18:48:48.340796 3.001808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 18:48:55.348066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:49:03.349343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:49:19.352634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:49:51.358225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:55:55.364190 3.001914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 18:56:02.371750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:56:10.373276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:56:26.376078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 18:56:58.382713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:03:02.387920 3.002056 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 19:03:09.395753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:03:17.397028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:03:33.400520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:04:05.406676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:10:10.344239 3.000934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 19:10:17.351411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:10:25.352675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:10:41.355770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:11:13.361565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:13:59.851821 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 19:13:59.852030 1.263091 tcp 10.0.2.109 57882 -> 70.113.215.93 3558 FSPA* 0 0 14 1625 flow=From-Botnet-V1-TCP-Established 1970/01/17 19:17:17.367589 3.001898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 19:17:24.375161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:17:32.376485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:17:48.379946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:18:20.385728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:19:02.737063 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 19:19:02.737235 0.049412 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:02.787106 0.048887 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:02.836337 0.139030 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:02.975764 0.135114 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:03.111302 0.157672 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:03.269370 0.161331 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:03.431144 0.040220 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:03.471720 0.179145 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:03.651266 0.142772 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:03.794463 0.176517 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:04.199258 0.044364 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:04.244030 0.488662 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:04.733125 0.052010 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:04.785534 0.137304 udp 10.0.2.109 3683 <-> 67.237.9.201 1219 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:04.923240 0.035080 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:04.958758 0.035660 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:04.994895 0.059131 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:05.054453 0.045619 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:05.100466 0.178092 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:05.278985 0.144685 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:05.424042 0.189481 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:05.613929 0.147784 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:05.762128 0.192240 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:05.954730 0.343940 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:06.299086 0.329482 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:06.628997 0.167476 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:06.796865 0.183042 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:06.980335 0.160683 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:19:07.141408 0.233281 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:24:24.392794 3.651380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 19:24:32.049836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:24:40.051648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:24:56.054598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:25:28.060389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:31:32.066733 3.001773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 19:31:39.073853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:31:47.075118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:32:03.078700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:32:35.084889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:38:39.091922 3.000046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 19:38:46.097645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:38:54.099237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:39:10.102258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:39:42.108366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:44:01.421561 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 19:44:01.421653 0.963916 tcp 10.0.2.109 57883 -> 70.113.215.93 3558 FSPA* 0 0 14 1515 flow=From-Botnet-V1-TCP-Established 1970/01/17 19:45:46.114989 3.001060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 19:45:53.121931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:46:01.123502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:46:17.126714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:46:49.132507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:49:33.278788 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 19:49:33.278904 0.143815 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:33.423138 0.053139 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:33.476643 0.048915 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:33.525925 0.135637 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:33.662020 0.153722 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:33.816190 0.160530 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:33.977134 0.040881 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:34.018429 0.181599 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:34.200431 0.142275 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:34.343126 0.178837 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:34.522346 0.039952 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:34.562698 0.554203 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:35.117257 0.049790 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:35.167417 0.000000 udp 10.0.2.109 3683 -> 67.237.9.201 1219 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 19:49:52.938851 0.052692 tcp 10.0.2.109 57884 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 19:49:52.991812 0.031707 tcp 10.0.2.109 57885 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 19:49:53.024072 0.129145 tcp 10.0.2.109 57886 -> 195.113.214.211 443 SRPA* 0 0 74 55446 flow=From-Botnet-V1-TCP-Established 1970/01/17 19:49:53.151943 0.035089 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:53.187423 0.035582 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:53.223368 0.058032 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:53.281819 0.048025 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:53.330231 0.164416 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:53.495027 0.171085 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:53.666460 0.188420 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:53.855296 0.144270 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:53.999985 0.190284 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:54.190605 0.188912 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:54.379920 0.240598 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:54.620923 0.357750 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:54.979083 0.313216 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:55.292724 0.163881 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:49:55.456985 0.208214 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/17 19:52:53.138050 3.002244 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 19:53:00.145515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:53:08.147491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:53:24.150913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 19:53:56.156503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:00:00.163024 3.000974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 20:00:07.169493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:00:15.171324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:00:31.174120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:01:03.180769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:07:07.187284 3.000482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 20:07:14.193993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:07:22.195460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:07:38.198180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:08:10.204027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:14:02.391176 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 20:14:02.391343 0.987839 tcp 10.0.2.109 57887 -> 70.113.215.93 3558 FSPA* 0 0 12 1459 flow=From-Botnet-V1-TCP-Established 1970/01/17 20:14:14.210604 3.001208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 20:14:21.217805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:14:29.218956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:14:45.222248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:15:17.228162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:20:24.019583 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 20:20:24.019690 0.000000 udp 10.0.2.109 3683 -> 67.237.9.201 1219 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 20:20:40.595229 0.053683 tcp 10.0.2.109 57888 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 20:20:40.649216 0.030756 tcp 10.0.2.109 57889 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 20:20:40.680232 0.123916 tcp 10.0.2.109 57890 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/17 20:20:40.804515 0.047543 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:40.852450 0.130280 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:40.983176 0.170850 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:41.154538 0.137198 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:41.292141 0.048794 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:41.341354 0.161564 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:41.546880 0.144548 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:41.691802 0.177300 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:41.869536 0.039847 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:41.909787 0.181163 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:42.091298 0.040897 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:42.132618 0.486821 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:42.619895 0.051613 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:42.671857 0.034138 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:42.706436 0.035403 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:42.742282 0.059549 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:42.802289 0.047018 udp 10.0.2.109 3683 <-> 87.153.124.206 4545 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:42.849724 0.163072 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:43.013154 0.177502 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:43.191010 0.195992 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:43.387375 0.181232 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:43.569010 0.178009 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:43.747436 0.145600 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:43.893391 0.188040 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:44.081790 0.162879 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:44.245150 0.222687 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:44.468278 0.372239 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:20:44.840888 0.319177 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:21:21.235292 3.000849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 20:21:28.241801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:21:36.243235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:21:52.246554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:22:24.252375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:28:28.258039 3.001870 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 20:28:35.265407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:28:43.267507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:28:59.270460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:29:31.276148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:35:35.462144 3.002299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 20:35:42.469724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:35:50.471754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:36:06.474642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:36:38.480482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:42:42.487536 3.000370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 20:42:49.493531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:42:57.495561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:43:13.498357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:43:45.504536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:44:03.470779 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 20:44:03.470868 0.993308 tcp 10.0.2.109 57891 -> 70.113.215.93 3558 FSPA* 0 0 14 1656 flow=From-Botnet-V1-TCP-Established 1970/01/17 20:49:49.510808 3.001204 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 20:49:56.517720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:50:04.519462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:50:20.522084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:50:46.970812 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 20:50:46.970905 0.046475 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:47.017774 0.135038 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:47.153242 0.156500 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:47.310331 0.139230 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:47.449994 0.055339 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:47.505721 0.159251 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:47.665327 0.145876 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:47.811612 0.178290 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:47.990294 0.044305 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:48.035011 0.181744 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:48.217160 0.040492 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:48.258048 0.447732 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:48.706120 0.051784 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:48.758296 0.034582 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:48.793305 0.035650 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:48.829289 0.058306 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:50:48.888006 0.000000 udp 10.0.2.109 3683 -> 87.153.124.206 4545 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 20:50:52.528114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:51:06.299607 0.053592 tcp 10.0.2.109 57892 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 20:51:06.353459 0.054285 tcp 10.0.2.109 57893 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 20:51:06.408042 0.146618 tcp 10.0.2.109 57894 -> 195.113.214.211 443 SRPA* 0 0 49 30146 flow=From-Botnet-V1-TCP-Established 1970/01/17 20:51:06.553827 0.169462 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:06.723697 0.131307 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:06.855386 0.187018 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:07.042832 0.156971 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:07.200206 0.178355 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:07.378970 0.148702 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:07.528098 0.221987 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:07.750504 0.343696 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:08.094580 0.193704 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:08.288648 0.160380 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:51:08.449472 0.334653 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/17 20:56:56.534718 3.001005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 20:57:03.541792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:57:11.543304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:57:27.546266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 20:57:59.552168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:04:03.558743 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 21:04:10.566227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:04:18.567359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:04:34.570533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:05:06.576005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:11:10.582248 3.002097 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 21:11:17.589651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:11:25.591442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:11:41.594070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:12:13.600159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:14:04.469925 0.000298 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 21:14:04.470316 0.956875 tcp 10.0.2.109 57895 -> 70.113.215.93 3558 FSPA* 0 0 14 1599 flow=From-Botnet-V1-TCP-Established 1970/01/17 21:18:17.606286 3.001486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 21:18:24.613601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:18:33.717036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:18:49.719978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:19:21.726372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:21:21.245266 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 21:21:21.245350 0.000000 udp 10.0.2.109 3683 -> 87.153.124.206 4545 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 21:21:36.531405 0.055351 tcp 10.0.2.109 57896 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 21:21:36.587096 0.053272 tcp 10.0.2.109 57897 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 21:21:36.640677 0.149944 tcp 10.0.2.109 57898 -> 195.113.214.211 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/01/17 21:21:36.791136 0.046768 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:36.838304 0.156583 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:36.995278 0.141420 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:37.137148 0.053340 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:37.190844 0.160278 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:37.351685 0.140237 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:37.492264 0.177554 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:37.670276 0.138765 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:37.809433 0.062178 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:37.871951 0.496435 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:38.368730 0.050187 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:38.419273 0.035043 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:38.454656 0.035357 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:38.490541 0.057967 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:38.548856 0.179932 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:38.729309 0.040877 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:38.770529 0.166569 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:38.937442 0.137907 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:39.075712 0.187392 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:39.263522 0.158164 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:39.422093 0.229766 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:39.652268 0.150049 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:39.802695 0.208581 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:40.011665 0.164632 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:40.176668 0.348800 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:40.525811 0.362258 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:21:40.888474 0.187405 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:25:25.732366 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 21:25:32.739595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:25:40.740606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:25:56.744052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:26:28.749836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:32:43.761211 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 21:32:50.769344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:32:58.770826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:33:14.773715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:33:46.779518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:40:09.793250 3.001485 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 21:40:16.800111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:40:24.801552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:40:40.804765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:41:12.810938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:44:05.970465 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 21:44:05.970569 0.978317 tcp 10.0.2.109 57899 -> 70.113.215.93 3558 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/01/17 21:47:16.816934 3.001639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 21:47:23.824337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:47:31.826081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:47:47.828803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:48:19.835148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:52:03.636939 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 21:52:03.637164 0.146717 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:03.784348 0.055012 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:03.839773 0.159452 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:03.999603 0.142647 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:04.142646 0.176318 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:04.319348 0.048841 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:04.368533 0.152040 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:04.520976 0.138206 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:04.659596 0.040043 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:04.700049 0.459130 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:05.159534 0.049521 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:05.209452 0.034686 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:05.244483 0.035501 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:05.280375 0.058326 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:05.339103 0.176050 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:05.515542 0.045673 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:05.648517 0.170883 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:05.820229 0.130462 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:05.951089 0.184585 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:06.136031 0.161464 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:06.297842 0.195524 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:06.493784 0.141984 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:06.636107 0.321753 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:06.958300 0.363401 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:07.322031 0.207375 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:07.529843 0.160535 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:52:07.690761 0.194617 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/17 21:54:23.841151 3.001084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 21:54:30.848084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:54:38.850282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:54:54.852446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 21:55:26.858486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:01:31.866858 3.000897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 22:01:38.874019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:01:46.875150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:02:02.878359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:02:34.883913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:08:38.891103 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 22:08:45.897706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:08:53.899419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:09:09.902052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:09:41.907868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:14:06.949994 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 22:14:06.950090 1.109939 tcp 10.0.2.109 57900 -> 70.113.215.93 3558 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:15:45.913938 3.002175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 22:15:52.921600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:16:00.922766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:16:16.925954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:16:48.932022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:22:29.241779 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 22:22:29.241956 0.159138 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:29.401536 0.141493 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:29.543425 0.060678 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:29.604540 0.146457 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:29.751333 0.181251 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:29.932912 0.047517 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:29.980790 0.157920 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:30.139170 0.138501 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:30.383470 0.039966 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:30.423791 0.487142 udp 10.0.2.109 3683 <-> 119.234.165.196 5726 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:30.911375 0.056870 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:30.968643 0.035048 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:31.004186 0.035869 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:31.040452 0.059420 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:31.100214 0.181697 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:31.282277 0.039514 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:31.322207 0.168949 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:31.491558 0.216091 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:31.708063 0.182878 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:31.891334 0.164249 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:32.055990 0.183307 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:32.239718 0.378252 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:32.618332 0.222511 udp 10.0.2.109 3683 <-> 108.70.74.206 6653 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:32.841252 0.160255 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:33.001896 0.145690 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:33.147954 0.319233 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:33.467823 0.195635 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:22:52.937592 3.002142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 22:22:59.945512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:23:07.946877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:23:23.950312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:23:55.956080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:29:59.962187 3.001256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 22:30:06.969842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:30:15.061295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:30:31.064484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:31:03.069931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:37:07.076185 3.001464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 22:37:14.083863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:37:22.085304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:37:38.107874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:38:10.114076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:44:08.099647 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 22:44:08.099760 1.203734 tcp 10.0.2.109 57901 -> 70.113.215.93 3558 FSPA* 0 0 14 1673 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:44:14.121139 3.000927 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 22:44:21.127788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:44:29.128958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:44:45.132173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:45:17.138118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:51:21.144740 3.001002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 22:51:28.151278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:51:36.153151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:51:52.156486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:52:24.162389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:52:35.879231 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 22:52:35.879404 0.055832 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:52:35.935704 0.145806 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:52:36.081947 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 22:52:51.834312 0.053615 tcp 10.0.2.109 57902 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:52:51.888199 0.053024 tcp 10.0.2.109 57903 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:52:51.941567 0.147101 tcp 10.0.2.109 57904 -> 195.113.214.211 443 SRPA* 0 0 41 31904 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:52:52.089423 0.159704 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:52:52.249504 0.143959 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:52:52.393867 0.047107 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:52:52.441322 0.155205 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:52:52.596987 0.138029 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:52:52.735449 0.065591 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:52:52.801444 0.000000 udp 10.0.2.109 3683 -> 119.234.165.196 5726 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 22:53:10.909771 0.055524 tcp 10.0.2.109 57905 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:53:10.965635 0.055979 tcp 10.0.2.109 57906 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:53:11.021962 0.146019 tcp 10.0.2.109 57907 -> 195.113.214.211 443 SRPA* 0 0 36 25838 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:53:11.168627 0.057659 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:11.226672 0.036332 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:11.263430 0.035353 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:11.299188 0.060462 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:11.360050 0.181998 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:11.542419 0.040017 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:11.582810 0.165485 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:11.748753 0.143396 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:11.892571 0.191323 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:12.084282 0.364344 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:12.449023 0.000000 udp 10.0.2.109 3683 -> 108.70.74.206 6653 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 22:53:28.786226 0.056941 tcp 10.0.2.109 57908 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:53:28.843453 0.054392 tcp 10.0.2.109 57909 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:53:28.898135 0.206620 tcp 10.0.2.109 57910 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/01/17 22:53:29.105221 0.154535 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:29.260276 0.184079 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:29.444766 0.353340 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:29.798543 0.190153 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:29.989131 0.162282 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:53:30.151815 0.146838 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/17 22:58:28.167730 3.002524 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 22:58:35.175804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:58:43.177087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:58:59.180234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 22:59:31.185950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:05:35.192397 3.001552 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 23:05:42.199453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:05:50.201376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:06:06.204352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:06:38.210176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:12:42.215754 3.002148 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 23:12:49.223283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:12:57.224795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:13:13.227689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:13:45.234403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:14:09.308970 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 23:14:09.309132 1.037541 tcp 10.0.2.109 57911 -> 70.113.215.93 3558 FSPA* 0 0 14 1509 flow=From-Botnet-V1-TCP-Established 1970/01/17 23:19:49.240760 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 23:19:56.247609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:20:04.249231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:20:20.251846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:20:52.258380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:23:31.176716 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 23:23:31.176843 0.184639 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:23:31.361916 0.000000 udp 10.0.2.109 3683 -> 119.234.165.196 5726 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 23:23:48.093165 0.064036 tcp 10.0.2.109 57912 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 23:23:48.157487 0.052864 tcp 10.0.2.109 57913 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 23:23:48.210682 0.158928 tcp 10.0.2.109 57914 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/17 23:23:48.369728 0.000000 udp 10.0.2.109 3683 -> 108.70.74.206 6653 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/17 23:24:03.964418 0.051483 tcp 10.0.2.109 57915 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/17 23:24:04.016214 0.053911 tcp 10.0.2.109 57916 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/17 23:24:04.070416 0.153833 tcp 10.0.2.109 57917 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/17 23:24:04.223447 0.049781 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:04.273661 0.143743 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:04.417812 0.150929 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:04.569175 0.140098 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:04.709708 0.040006 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:04.750109 0.047870 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:04.798348 0.139196 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:04.937946 0.159601 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:05.097993 0.035367 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:05.133775 0.059085 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:05.193237 0.188269 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:05.381938 0.044799 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:05.427157 0.171840 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:05.599409 0.142878 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:05.742677 0.034473 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:05.777530 0.051074 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:05.828965 0.370893 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:06.379421 0.194268 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:06.574044 0.315603 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:06.890077 0.192164 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:07.082634 0.163003 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:07.246067 0.182877 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:07.429333 0.175775 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:24:07.605498 0.146511 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:26:56.264852 3.001106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/17 23:27:03.271729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:27:11.272968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:27:27.275918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:27:59.292241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:34:03.298600 3.000863 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 23:34:10.305751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:34:18.306879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:34:34.309617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:35:06.315604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:41:10.321859 3.001547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 23:41:17.329519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:41:25.331203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:41:41.333662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:42:13.339721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:44:10.348553 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 23:44:10.348841 1.052943 tcp 10.0.2.109 57918 -> 70.113.215.93 3558 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/17 23:48:17.345890 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 23:48:24.353450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:48:32.354899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:48:48.357887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:49:20.363705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:54:30.469790 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/17 23:54:30.469904 0.516095 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:30.986458 0.491787 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:31.478619 0.456047 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:31.935010 0.429043 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:32.364481 0.352569 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:32.717407 0.411357 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:33.129163 0.388783 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:33.518327 0.442412 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:33.961189 0.514739 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:34.476353 0.342890 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:34.819616 0.356199 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:35.176231 0.463468 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:35.640121 0.370296 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:36.010843 0.474036 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:36.485238 0.419264 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:36.904949 0.398148 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:37.303506 0.337525 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:37.641454 0.566923 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:38.208743 0.687429 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:38.896552 0.452962 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:39.349898 0.478877 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:39.829283 0.453835 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:40.283561 0.458126 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:40.742064 0.529915 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:54:41.272406 0.473883 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/17 23:55:24.370421 3.001359 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/17 23:55:31.377340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:55:39.379033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:55:55.381760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/17 23:56:27.388947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:02:31.395005 3.000379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 00:02:38.400948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:02:46.403034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:03:02.406023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:03:34.561926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:09:38.568406 3.001493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 00:09:45.575434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:09:53.577173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:10:09.579996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:10:41.586033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:14:11.478022 0.000226 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 00:14:11.478327 2.258626 tcp 10.0.2.109 57919 -> 70.113.215.93 3558 FSPA* 0 0 14 1736 flow=From-Botnet-V1-TCP-Established 1970/01/18 00:16:45.592240 3.001443 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 00:16:52.599297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:17:00.601174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:17:16.603758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:17:48.609689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:23:52.615748 3.111961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 00:23:59.733200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:24:07.734818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:24:23.737876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:24:55.744397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:24:56.214814 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 00:24:56.214963 0.406880 rtcp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:24:56.622421 0.488787 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:24:57.111630 0.484474 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:24:57.596571 0.416924 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:24:58.013848 0.348448 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:24:58.362741 0.385782 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:24:58.749001 0.405202 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:24:59.154554 0.400333 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:24:59.555311 0.503925 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:00.059655 0.318021 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:00.378262 0.340388 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:00.719093 0.475899 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:01.195344 0.352807 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:01.548587 0.458117 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:02.007070 0.461840 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:02.469272 0.411061 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:02.880673 0.361603 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:03.242704 0.606076 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:03.849208 0.692328 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:04.541890 0.492797 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:05.035102 0.471030 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:05.506561 0.492256 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:05.999261 0.467170 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:06.466829 0.569664 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:25:07.036838 0.462124 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:30:59.750507 3.001378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 00:31:06.757191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:31:14.759187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:31:30.762213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:32:02.768062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:38:06.773427 3.002169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 00:38:13.781495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:38:21.783302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:38:37.785686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:39:09.791696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:44:13.789834 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 00:44:13.790012 1.967240 tcp 10.0.2.109 57920 -> 70.113.215.93 3558 FSPA* 0 0 14 1586 flow=From-Botnet-V1-TCP-Established 1970/01/18 00:45:13.797658 3.002248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 00:45:20.805593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:45:28.807137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:45:44.810016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:46:16.815786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:52:20.821591 3.001698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 00:52:27.829744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:52:35.830812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:52:51.833725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:53:23.840093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:55:36.110412 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 00:55:36.110493 0.486853 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:36.597712 0.462599 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:37.060721 0.495749 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:37.556904 0.385918 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:37.943238 0.313879 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:38.257555 0.399388 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:38.657296 0.413802 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:39.071509 0.446445 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:39.518377 0.409599 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:39.928396 0.429307 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:40.358120 0.350797 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:40.709414 0.471637 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:55:41.181433 0.000000 udp 10.0.2.109 3683 -> 93.198.218.99 8279 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 00:55:57.763175 0.750218 tcp 10.0.2.109 57921 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 00:55:58.513729 0.645120 tcp 10.0.2.109 57922 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 00:55:59.159242 1.661237 tcp 10.0.2.109 57923 -> 195.113.214.211 443 SRPA* 0 0 34 24791 flow=From-Botnet-V1-TCP-Established 1970/01/18 00:56:00.821067 0.439303 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:01.260712 0.470303 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:01.731436 0.408435 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:02.140350 0.333986 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:02.474800 0.644215 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:03.119436 0.644040 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:03.763928 0.523297 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:04.287685 0.475175 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:04.763309 0.500868 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:05.264596 0.488967 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:05.754242 0.523902 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:56:06.278491 0.480935 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/18 00:59:27.865877 3.001664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 00:59:34.873750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:59:42.874904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 00:59:58.878355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:00:30.883855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:06:34.890391 3.001218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 01:06:42.638449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:06:50.639771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:07:06.643014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:07:38.649038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:13:42.655894 3.001066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 01:13:49.662356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:13:57.663644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:14:13.666794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:14:16.140776 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:14:16.141071 1.761103 tcp 10.0.2.109 57924 -> 70.113.215.93 3558 FSPA* 0 0 14 1621 flow=From-Botnet-V1-TCP-Established 1970/01/18 01:14:45.672594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:20:49.679389 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 01:20:56.686457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:21:04.688155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:21:20.690924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:21:52.697313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:26:27.612148 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:26:27.612234 0.000000 udp 10.0.2.109 3683 -> 93.198.218.99 8279 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:26:44.598659 0.682830 tcp 10.0.2.109 57925 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 01:26:45.281830 0.648481 tcp 10.0.2.109 57926 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 01:26:45.930623 1.389575 tcp 10.0.2.109 57927 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/18 01:26:47.320422 0.429610 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:47.750435 0.362786 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:48.113621 0.424972 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:48.539022 0.486443 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:49.025899 0.250083 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:49.276409 0.434305 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:49.711128 0.530959 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:50.242492 0.389536 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:50.632445 0.331671 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:50.964527 0.438497 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:51.403420 0.406375 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:51.810371 0.471819 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:52.282615 0.460512 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:52.743577 0.517457 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:53.261496 0.353758 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:53.615664 0.340623 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:53.956737 0.655800 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:54.612938 0.652393 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:55.265753 0.500376 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:55.766527 0.507037 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:56.273917 0.533770 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:56.808043 0.477520 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:57.285985 0.569762 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:57.856091 0.463551 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:58.493341 0.514930 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 679 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:59.008691 0.426897 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 825 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:59.435998 0.376927 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:26:59.813298 0.406913 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 723 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:00.220626 0.372691 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 740 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:00.593877 0.402150 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 681 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:00.996436 0.340186 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 658 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:01.337125 0.316736 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 831 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:02.097616 0.402688 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 683 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:02.500770 0.353726 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 805 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:02.855034 0.425780 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:03.281333 0.552013 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:03.833912 0.447731 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 790 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:04.282125 0.407292 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 772 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:04.689813 0.346417 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 668 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:05.036709 0.418145 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:05.455392 0.658037 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 781 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:06.113911 0.686380 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 812 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:06.800734 0.472798 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 737 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:07.273961 0.447556 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 666 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:07.721952 0.545863 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:08.268242 0.505555 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 710 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:08.774328 0.467770 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:09.242609 0.495887 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:09.739003 0.000000 udp 10.0.2.109 3683 -> 111.94.149.197 3909 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:27:16.162363 0.000000 udp 10.0.2.109 3683 -> 58.185.247.70 4377 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:27:24.804275 0.000000 udp 10.0.2.109 3683 -> 57.66.102.98 5028 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:27:29.991712 0.406475 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:27:30.398187 0.000000 icmp 69.43.36.190 0x0303 -> 10.0.2.109 0xaf21 URP 192 1 134 flow=Background 1970/01/18 01:27:34.518341 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:27:36.712024 0.000000 udp 10.0.2.109 3683 -> 50.33.170.80 4968 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:27:45.444106 0.616019 udp 10.0.2.109 3683 <-> 124.106.223.192 1057 CON 0 0 2 827 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:46.412071 0.000000 udp 10.0.2.109 3683 -> 117.200.90.172 5757 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:27:54.998700 0.318218 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 669 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:27:55.468757 0.000000 udp 10.0.2.109 3683 -> 99.228.230.225 8319 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:27:56.813364 3.001314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 01:28:02.799446 0.000000 udp 10.0.2.109 3683 -> 81.174.5.43 5410 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:28:03.820321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:28:10.330157 0.000000 udp 10.0.2.109 3683 -> 5.146.171.52 7876 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:28:11.821623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:28:18.982331 0.000000 udp 10.0.2.109 3683 -> 117.240.78.74 2889 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:28:23.629230 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:28:24.710388 0.000000 udp 10.0.2.109 3683 -> 91.32.122.201 6094 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:28:27.824965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:28:33.472897 0.000000 udp 10.0.2.109 3683 -> 74.223.7.75 4328 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:28:41.755498 0.000000 udp 10.0.2.109 3683 -> 77.183.13.60 3056 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:28:49.586299 0.566788 udp 10.0.2.109 3683 <-> 14.99.103.101 3969 CON 0 0 2 810 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:28:50.343298 0.000000 udp 10.0.2.109 3683 -> 2.126.125.112 9732 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:28:58.379419 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:28:59.831286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:29:07.362351 0.409096 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 827 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:29:07.888252 0.481466 udp 10.0.2.109 3683 <-> 217.203.95.49 6373 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:29:08.404710 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:29:12.128618 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:29:15.713810 0.000000 udp 10.0.2.109 3683 -> 209.89.10.73 9456 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:29:21.812566 0.000000 udp 10.0.2.109 3683 -> 116.14.176.109 4706 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:29:29.083515 0.000000 udp 10.0.2.109 3683 -> 78.14.195.185 7760 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:29:35.482304 0.000000 udp 10.0.2.109 3683 -> 69.71.1.1 6013 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:29:43.673955 0.319219 udp 10.0.2.109 3683 <-> 91.6.38.34 5333 CON 0 0 2 795 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:29:44.051872 0.000000 udp 10.0.2.109 3683 -> 82.106.126.103 2918 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:29:50.914733 0.000000 udp 10.0.2.109 3683 -> 87.182.149.171 3558 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:29:58.726013 0.364894 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:29:59.090907 0.000000 icmp 87.138.128.192 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 195 flow=Background 1970/01/18 01:30:03.261908 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:30:04.243645 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:30:11.704680 0.000000 udp 10.0.2.109 3683 -> 41.133.133.80 3802 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:30:19.375672 0.000000 udp 10.0.2.109 3683 -> 78.152.125.2 8385 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:30:26.976193 0.000000 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:30:35.459244 0.000000 udp 10.0.2.109 3683 -> 173.16.194.248 3054 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:30:42.609140 0.490058 udp 10.0.2.109 3683 <-> 14.97.13.131 5259 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:30:43.760202 0.000000 udp 10.0.2.109 3683 -> 95.8.2.210 6439 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:30:48.757495 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:30:49.619334 0.000000 udp 10.0.2.109 3683 -> 87.29.77.35 1077 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:30:58.111450 0.407347 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 736 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:30:58.682806 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:31:07.204313 0.000000 udp 10.0.2.109 3683 -> 87.22.193.31 2101 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:31:15.195840 0.000000 udp 10.0.2.109 3683 -> 217.91.73.172 5533 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:31:22.656278 0.000000 udp 10.0.2.109 3683 -> 82.152.144.139 2641 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:31:31.319257 0.317058 udp 10.0.2.109 3683 -> 78.177.48.19 6942 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:31:31.636315 0.000000 icmp 78.177.48.19 0x0303 -> 10.0.2.109 0x1e1b URP 192 1 253 flow=Background 1970/01/18 01:31:36.296011 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:31:39.391038 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:31:44.898571 0.000000 udp 10.0.2.109 3683 -> 89.97.18.48 7366 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:31:53.851792 0.396964 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 744 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:31:54.515613 0.000000 udp 10.0.2.109 3683 -> 182.93.184.4 7222 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:32:01.972866 0.000000 udp 10.0.2.109 3683 -> 82.15.193.127 2579 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:32:08.452513 0.524197 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:32:09.119712 0.000000 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:32:16.564204 0.000000 udp 10.0.2.109 3683 -> 67.76.197.13 9044 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:32:21.300435 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:32:24.375432 0.000000 udp 10.0.2.109 3683 -> 64.118.118.19 1578 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:32:32.126291 0.000000 udp 10.0.2.109 3683 -> 217.199.19.124 2140 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:32:38.646275 0.490505 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 676 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:32:39.318914 0.000000 udp 10.0.2.109 3683 -> 64.129.150.2 9244 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:32:45.205126 0.000000 udp 10.0.2.109 3683 -> 88.196.130.218 2959 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:32:50.512692 0.614779 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:32:51.186697 0.000000 udp 10.0.2.109 3683 -> 82.107.59.118 5881 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:32:59.776080 0.378693 udp 10.0.2.109 3683 <-> 5.248.136.71 7959 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:33:00.390281 0.000000 udp 10.0.2.109 3683 -> 77.176.121.11 1393 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:33:05.474622 0.360677 udp 10.0.2.109 3683 <-> 92.228.122.66 4643 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:33:05.918803 0.544798 udp 10.0.2.109 3683 -> 201.144.156.78 8628 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:33:06.463601 0.000000 icmp 201.117.171.205 0x0303 -> 10.0.2.109 0xb421 URP 192 1 235 flow=Background 1970/01/18 01:33:10.301071 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:33:14.427138 0.717023 udp 10.0.2.109 3683 <-> 114.38.31.181 1995 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:33:15.630697 0.388053 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:33:16.316933 0.000000 udp 10.0.2.109 3683 -> 95.253.15.144 7421 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:33:25.112617 0.000000 udp 10.0.2.109 3683 -> 79.242.184.36 7041 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:33:31.131225 0.565502 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:33:31.807098 0.434002 udp 10.0.2.109 3683 <-> 86.144.41.31 7375 CON 0 0 2 831 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:33:32.394378 0.000000 udp 10.0.2.109 3683 -> 95.227.147.49 3412 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:33:37.820806 0.603796 udp 10.0.2.109 3683 <-> 202.55.66.186 3274 CON 0 0 2 835 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:33:38.817791 0.000000 udp 10.0.2.109 3683 -> 85.40.215.218 4176 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:33:45.281702 0.000000 udp 10.0.2.109 3683 -> 160.87.37.30 3275 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:33:53.262898 0.000000 udp 10.0.2.109 3683 -> 213.135.242.168 2435 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:33:57.799300 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:34:00.293285 0.000000 udp 10.0.2.109 3683 -> 87.173.36.56 9074 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:34:05.400210 0.000000 udp 10.0.2.109 3683 -> 64.196.175.254 4607 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:34:11.879918 0.352187 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/01/18 01:34:12.578178 0.000000 udp 10.0.2.109 3683 -> 81.149.203.14 4912 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:34:17.658423 0.000000 udp 10.0.2.109 3683 -> 95.240.79.187 9628 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:34:25.509661 0.000000 udp 10.0.2.109 3683 -> 93.64.240.33 7864 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:34:34.472214 0.000000 udp 10.0.2.109 3683 -> 213.177.225.232 1711 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:34:42.584029 0.681938 udp 10.0.2.109 3683 -> 175.208.244.63 8825 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:34:43.265967 0.000000 icmp 175.208.244.63 0x0303 -> 10.0.2.109 0x7922 URP 192 1 182 flow=Background 1970/01/18 01:34:47.300621 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:34:51.246450 0.000000 udp 10.0.2.109 3683 -> 85.104.118.17 1987 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:00.229363 0.000000 udp 10.0.2.109 3683 -> 118.167.113.239 4272 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:04.007657 3.000919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 01:35:05.597085 0.000000 udp 10.0.2.109 3683 -> 90.222.177.96 5363 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:11.014741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:35:12.266557 0.000000 udp 10.0.2.109 3683 -> 84.3.130.125 6440 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:17.403844 0.000000 udp 10.0.2.109 3683 -> 122.170.64.7 6454 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:19.016227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:35:24.073618 0.000000 udp 10.0.2.109 3683 -> 213.120.115.215 9742 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:29.742014 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:34.297819 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:35:35.019321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:35:35.439841 0.000000 udp 10.0.2.109 3683 -> 95.6.78.113 2499 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:42.950550 0.000000 udp 10.0.2.109 3683 -> 92.232.219.88 1712 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:49.640229 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 2600 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:35:55.899117 0.000000 udp 10.0.2.109 3683 -> 178.26.8.233 2781 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:36:01.787799 0.000000 udp 10.0.2.109 3683 -> 125.113.191.17 5674 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:36:07.024907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:36:08.116882 0.000000 udp 10.0.2.109 3683 -> 60.51.148.197 3050 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:36:13.525043 0.000000 udp 10.0.2.109 3683 -> 195.145.84.210 2218 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:36:21.105449 0.000000 udp 10.0.2.109 3683 -> 49.144.154.155 9131 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 01:36:25.801799 0.000188 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:42:11.031675 3.001123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 01:42:18.038510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:42:26.039936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:42:42.043168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:43:14.048897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:44:18.181594 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 01:44:18.181750 2.018180 tcp 10.0.2.109 57928 -> 70.113.215.93 3558 FSPA* 0 0 14 1619 flow=From-Botnet-V1-TCP-Established 1970/01/18 01:49:18.055160 3.001703 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 01:49:25.062533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:49:33.063988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:49:49.067211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:50:21.073427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:56:25.079827 3.000986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 01:56:32.086825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:56:40.088218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:56:56.090862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 01:57:28.097365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:03:32.103390 3.001611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 02:03:39.110644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:03:47.112151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:04:03.115556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:04:35.120951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:06:33.971979 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 02:06:33.972082 0.509679 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:34.482386 0.372756 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:34.855541 0.440747 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:35.296733 0.489774 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:35.786855 0.419296 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:36.206558 0.418987 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:36.625884 0.406015 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:37.032241 0.331850 udp 10.0.2.109 3683 <-> 86.152.213.101 7785 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:37.364544 0.388808 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:37.753724 0.382610 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:38.136728 0.496268 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:38.633339 0.446908 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:39.080614 0.488840 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:39.569894 0.405826 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:39.976094 0.468649 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:40.445100 0.385422 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:40.830920 0.628398 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:41.459660 0.648765 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:42.108831 0.603675 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:42.712901 0.468779 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:43.182050 0.513286 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:43.695717 0.499041 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:44.195171 0.474250 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:44.669809 0.473284 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:45.143438 0.655049 udp 10.0.2.109 3683 <-> 124.106.223.192 1057 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:45.798884 0.407426 udp 10.0.2.109 3683 <-> 93.198.218.99 8279 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:46.206748 0.538517 udp 10.0.2.109 3683 <-> 14.99.103.101 3969 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:46.745675 0.472776 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:06:47.218890 0.000000 udp 10.0.2.109 3683 -> 217.203.95.49 6373 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:07:05.018504 0.671713 tcp 10.0.2.109 57929 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:07:05.690429 0.669980 tcp 10.0.2.109 57930 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:07:06.360692 1.382352 tcp 10.0.2.109 57931 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:07:07.743636 0.285296 udp 10.0.2.109 3683 <-> 91.6.38.34 5333 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:08.029328 0.000000 udp 10.0.2.109 3683 -> 14.97.13.131 5259 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:07:24.254682 0.714238 tcp 10.0.2.109 57932 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:07:24.969233 0.671928 tcp 10.0.2.109 57933 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:07:25.641404 1.392550 tcp 10.0.2.109 57934 -> 195.113.214.211 443 SRPA* 0 0 25 16326 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:07:27.034610 0.539619 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:27.574649 0.387036 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:27.962118 0.471237 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:28.433708 0.468716 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:28.902836 0.591788 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:29.495031 0.340708 udp 10.0.2.109 3683 <-> 5.248.136.71 7959 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:29.836178 0.000000 udp 10.0.2.109 3683 -> 92.228.122.66 4643 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:07:45.225084 0.594792 tcp 10.0.2.109 57935 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:07:45.820173 0.603959 tcp 10.0.2.109 57936 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:07:46.424391 1.428340 tcp 10.0.2.109 57937 -> 195.113.214.211 443 SRPA* 0 0 25 13250 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:07:47.853387 0.699222 udp 10.0.2.109 3683 <-> 114.38.31.181 1995 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:48.553014 0.409866 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:48.963227 0.565668 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:07:49.529230 0.000000 udp 10.0.2.109 3683 -> 86.144.41.31 7375 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:08:08.408416 0.713212 tcp 10.0.2.109 57938 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:08:09.121990 0.679383 tcp 10.0.2.109 57939 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:08:09.801669 1.380879 tcp 10.0.2.109 57940 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:08:11.181400 0.000000 udp 10.0.2.109 3683 -> 202.55.66.186 3274 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:08:28.757778 0.795681 tcp 10.0.2.109 57941 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:08:29.553796 0.654646 tcp 10.0.2.109 57942 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:08:30.208682 1.385121 tcp 10.0.2.109 57943 -> 195.113.214.211 443 SRPA* 0 0 23 13768 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:08:31.594425 0.322030 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:10:39.187147 3.002053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 02:10:46.194526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:10:54.196107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:11:10.198956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:11:42.204831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:14:20.262669 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 02:14:20.262867 2.174726 tcp 10.0.2.109 57944 -> 70.113.215.93 3558 FSPA* 0 0 14 1599 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:17:46.211857 3.091058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 02:17:53.308954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:18:01.310276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:18:17.313030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:18:49.319109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:24:53.325970 3.001238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 02:25:00.332695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:25:08.334299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:25:24.336956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:25:56.342881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:32:00.349539 3.081849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 02:32:07.436803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:32:15.438200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:32:31.441487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:33:03.447655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:38:54.262345 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 02:38:54.262447 1.865651 udp 10.0.2.109 3683 -> 217.203.95.49 6373 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:38:56.128098 0.000000 icmp 217.203.95.49 0x0303 -> 10.0.2.109 0xe518 URP 192 1 182 flow=Background 1970/01/18 02:39:07.452772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:39:12.936040 1.975859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/18 02:39:14.100301 0.700078 tcp 10.0.2.109 57945 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:39:14.800729 0.657843 tcp 10.0.2.109 57946 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:39:15.458912 1.374864 tcp 10.0.2.109 57947 -> 195.113.214.211 443 SRPA* 0 0 25 13250 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:39:16.834418 0.000000 udp 10.0.2.109 3683 -> 14.97.13.131 5259 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:39:18.865665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:39:26.003193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:39:31.245217 0.665939 tcp 10.0.2.109 57948 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:39:31.911454 0.693133 tcp 10.0.2.109 57949 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:39:32.604865 1.371489 tcp 10.0.2.109 57950 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:39:33.976941 0.000000 udp 10.0.2.109 3683 -> 92.228.122.66 4643 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:39:42.000581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:39:54.709303 0.698337 tcp 10.0.2.109 57951 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:39:55.407930 0.672283 tcp 10.0.2.109 57952 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:39:56.080455 1.372497 tcp 10.0.2.109 57953 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:39:57.453472 0.000000 udp 10.0.2.109 3683 -> 86.144.41.31 7375 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:40:15.018441 0.746217 tcp 10.0.2.109 57954 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:40:15.765021 0.678694 tcp 10.0.2.109 57955 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:40:16.099884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:40:16.443996 1.378208 tcp 10.0.2.109 57956 -> 195.113.214.211 443 SRPA* 0 0 24 13844 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:40:17.822733 0.000000 udp 10.0.2.109 3683 -> 202.55.66.186 3274 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:40:36.399478 0.714215 tcp 10.0.2.109 57957 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:40:37.113983 0.660012 tcp 10.0.2.109 57958 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:40:37.774406 1.360797 tcp 10.0.2.109 57959 -> 195.113.214.211 443 SRPA* 0 0 23 13790 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:40:39.135695 0.285237 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:40:39.421327 0.530010 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:40:39.951822 0.441383 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:40:40.393641 0.518225 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:40:40.912316 0.474071 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:40:41.386782 0.421963 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:40:41.809160 0.387902 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:40:42.197440 0.404647 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:40:42.602553 0.000000 udp 10.0.2.109 3683 -> 86.152.213.101 7785 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:41:00.924137 0.600950 tcp 10.0.2.109 57960 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:41:01.525378 0.650006 tcp 10.0.2.109 57961 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:41:02.175654 1.357075 tcp 10.0.2.109 57962 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:41:03.533350 0.406571 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:03.940314 0.365152 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:04.305953 0.506119 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:04.812481 0.291635 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:05.104520 0.467239 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:05.572133 0.404052 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:05.976523 0.436066 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:06.412960 0.691635 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:07.105027 0.486276 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:07.591639 0.646922 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:08.238909 0.538169 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:08.777401 0.437929 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:09.215723 0.525616 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:09.741771 0.502663 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:10.244840 0.446027 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:10.691280 0.703694 udp 10.0.2.109 3683 <-> 124.106.223.192 1057 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:41:11.395404 0.000000 udp 10.0.2.109 3683 -> 14.99.103.101 3969 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:41:28.904275 3.560210 tcp 10.0.2.109 57963 -> 195.113.214.219 80 FSPA* 0 0 11 1948 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:41:32.464764 0.719291 tcp 10.0.2.109 57964 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:41:33.183898 1.433226 tcp 10.0.2.109 57965 -> 195.113.214.211 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:41:34.615679 0.000000 udp 10.0.2.109 3683 -> 93.198.218.99 8279 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:41:50.706407 0.696274 tcp 10.0.2.109 57966 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:41:51.402560 0.672687 tcp 10.0.2.109 57967 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:41:52.075549 1.355564 tcp 10.0.2.109 57968 -> 195.113.214.211 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:41:53.431627 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 02:42:11.396018 0.627308 tcp 10.0.2.109 57969 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:42:12.023645 0.678992 tcp 10.0.2.109 57970 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:42:12.702944 1.339624 tcp 10.0.2.109 57971 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:42:14.043178 0.436135 udp 10.0.2.109 3683 <-> 91.6.38.34 5333 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:14.479788 0.333780 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:14.813945 0.441122 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:15.255426 0.488404 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:15.744282 0.517199 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:16.261908 0.584021 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:16.846378 0.351262 udp 10.0.2.109 3683 <-> 5.248.136.71 7959 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:17.198059 0.730909 udp 10.0.2.109 3683 <-> 114.38.31.181 1995 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:17.929420 0.445853 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:18.375710 0.682321 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:42:19.137207 0.360249 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/18 02:44:28.001678 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 02:44:28.001796 1.979559 tcp 10.0.2.109 57972 -> 70.113.215.93 3558 FSPA* 0 0 14 1613 flow=From-Botnet-V1-TCP-Established 1970/01/18 02:46:21.387967 3.000744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 02:46:28.394898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:46:39.590788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:46:55.593485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:47:27.599700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:53:31.605373 3.001783 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 02:53:38.613055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:53:46.614850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:54:02.617661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 02:54:34.623821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:00:38.630571 3.001050 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 03:00:45.637083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:00:53.638291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:01:09.642014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:01:41.647795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:07:45.654388 3.040869 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 03:07:52.701395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:08:00.702794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:08:16.705933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:08:48.711676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:12:43.779950 1.348223 arp 10.0.2.109 who 10.0.2.2 CON 4 168 flow=Background-ARP 1970/01/18 03:12:45.128256 0.000000 udp 10.0.2.109 3683 -> 86.152.213.101 7785 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 03:13:02.568563 0.052956 tcp 10.0.2.109 57973 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:02.621788 0.052897 tcp 10.0.2.109 57974 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:02.675017 0.168438 tcp 10.0.2.109 57975 -> 195.113.214.211 443 SRPA* 0 0 81 62638 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:02.843915 0.000000 udp 10.0.2.109 3683 -> 14.99.103.101 3969 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 03:13:18.460147 0.052522 tcp 10.0.2.109 57976 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:18.512946 0.052795 tcp 10.0.2.109 57977 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:18.566115 0.165343 tcp 10.0.2.109 57978 -> 195.113.214.211 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:18.731951 0.000000 udp 10.0.2.109 3683 -> 93.198.218.99 8279 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 03:13:35.124098 0.052386 tcp 10.0.2.109 57979 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:35.176819 0.058375 tcp 10.0.2.109 57980 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:35.235485 0.236331 tcp 10.0.2.109 57981 -> 195.113.214.211 443 SRPA* 0 0 41 22206 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:35.472319 0.041460 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:35.514372 0.040286 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:35.555080 0.133415 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:35.688988 0.179508 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:35.868948 0.160147 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:36.029553 0.140004 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:36.169962 0.052523 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:36.222904 0.145746 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:36.369074 0.051866 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:36.421397 0.035595 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:36.457337 0.176155 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:36.633855 0.205834 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:36.840115 0.158048 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:36.998575 0.036442 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:37.035481 0.050333 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:37.086420 0.163592 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:37.250452 0.364080 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:37.614900 0.211746 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:37.827026 0.349807 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:38.177242 0.182698 udp 10.0.2.109 3683 <-> 71.54.74.147 2791 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:38.360321 0.161858 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:38.522535 0.199374 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:38.722342 0.156706 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:38.879441 0.147082 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:39.026883 0.391233 udp 10.0.2.109 3683 <-> 124.106.223.192 1057 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:39.418599 0.000000 udp 10.0.2.109 3683 -> 91.6.38.34 5333 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 03:13:55.232588 0.053015 tcp 10.0.2.109 57982 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:55.285853 0.053960 tcp 10.0.2.109 57983 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:55.340141 0.149371 tcp 10.0.2.109 57984 -> 195.113.214.211 443 SRPA* 0 0 49 37404 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:13:55.490193 0.174673 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:55.665272 0.041273 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:55.706988 0.191494 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:55.898890 0.256314 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:56.155634 0.170165 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:56.326234 0.099343 udp 10.0.2.109 3683 <-> 5.248.136.71 7959 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:56.426006 0.342453 udp 10.0.2.109 3683 <-> 114.38.31.181 1995 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:56.768900 0.074941 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:56.844262 0.315498 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:13:57.160101 0.080010 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:14:32.205570 0.968328 tcp 10.0.2.109 57985 -> 70.113.215.93 3558 FSPA* 0 0 14 1503 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:14:53.368591 3.001744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 03:15:00.375945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:15:08.377847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:15:24.380483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:15:56.386564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:22:02.866715 3.000837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 03:22:09.873622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:22:17.875130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:22:33.877756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:23:05.884344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:29:09.890640 3.001276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 03:29:16.897666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:29:24.898861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:29:40.901867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:30:12.908465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:36:16.913530 3.002522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 03:36:23.921234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:36:31.923327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:36:48.366361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:37:20.372856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:43:24.378252 0.999551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/18 03:43:51.460968 3.952030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/18 03:44:03.312228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:44:22.084883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:44:34.799623 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 03:44:34.799711 0.000000 udp 10.0.2.109 3683 -> 91.6.38.34 5333 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 03:44:51.362359 0.052840 tcp 10.0.2.109 57986 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:44:51.415542 0.058687 tcp 10.0.2.109 57987 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:44:51.474509 0.148398 tcp 10.0.2.109 57988 -> 195.113.214.211 443 SRPA* 0 0 25 14070 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:44:51.623470 0.140702 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:51.764612 0.180200 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:51.945219 0.157193 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.102785 0.044041 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.147238 0.044341 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.192046 0.051697 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.244142 0.143165 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.387678 0.054132 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.442304 0.037211 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.479883 0.179546 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.659820 0.136463 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.796738 0.143687 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.940883 0.038403 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:52.979667 0.050390 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:53.031615 0.158943 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:53.191004 0.372207 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:53.563697 0.192108 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:53.756235 0.162965 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:53.919636 0.191422 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:54.111543 0.201987 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:54.313998 0.143718 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:54.458177 0.159135 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:44:54.617764 0.000000 udp 10.0.2.109 3683 -> 71.54.74.147 2791 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 03:44:57.008553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:45:04.033539 1.597255 tcp 10.0.2.109 57989 -> 70.113.215.93 3558 SPA_* 0 0 10 1312 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:45:09.809356 1.623134 tcp 10.0.2.109 57989 -> 70.113.215.93 3558 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:45:12.002393 0.053959 tcp 10.0.2.109 57990 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:45:12.056609 0.052915 tcp 10.0.2.109 57991 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:45:12.109829 0.160060 tcp 10.0.2.109 57992 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:45:12.270588 0.352084 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:12.623133 0.000000 udp 10.0.2.109 3683 -> 124.106.223.192 1057 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 03:45:30.255675 0.824037 tcp 10.0.2.109 57993 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:45:31.079960 0.053856 tcp 10.0.2.109 57994 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:45:31.134318 0.152075 tcp 10.0.2.109 57995 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/18 03:45:31.286896 0.041368 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:31.328626 0.181064 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:31.510127 0.167535 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:31.678155 0.170615 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:31.849189 0.098620 udp 10.0.2.109 3683 <-> 5.248.136.71 7959 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:31.948212 0.356306 udp 10.0.2.109 3683 <-> 114.38.31.181 1995 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:32.305045 0.075360 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:32.380894 0.256808 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:32.638161 0.315933 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:45:32.954536 0.068601 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/18 03:50:56.950113 2.952499 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 03:51:03.853233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:51:11.731830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:51:27.482142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:51:59.023583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:57:57.650418 2.962397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 03:58:04.555435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:58:12.440355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:58:28.207999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 03:58:59.719040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:04:58.534071 2.954570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 04:05:05.443332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:05:13.331005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:05:29.099628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:06:00.638595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:11:59.382243 2.962701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 04:12:06.293850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:12:14.180188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:12:29.959879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:13:01.512246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:14:45.917394 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 04:14:45.917490 1.052070 tcp 10.0.2.109 57996 -> 70.113.215.93 3558 FSPA* 0 0 14 1640 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:15:33.089757 0.703036 udp 10.0.2.109 3683 -> 71.54.74.147 2791 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 04:15:33.792793 0.000000 icmp 71.54.74.147 0x0103 -> 10.0.2.109 0x4736 URH 192 1 240 flow=Background 1970/01/18 04:15:37.615663 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 04:15:50.325714 0.054688 tcp 10.0.2.109 57997 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:15:50.380243 0.110101 tcp 10.0.2.109 57998 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:15:50.490717 0.158513 tcp 10.0.2.109 57999 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:15:50.649437 0.000000 udp 10.0.2.109 3683 -> 124.106.223.192 1057 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 04:16:06.577798 0.054201 tcp 10.0.2.109 58000 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:16:06.632350 0.096292 tcp 10.0.2.109 58001 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:16:06.728937 0.174133 tcp 10.0.2.109 58002 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:16:06.903802 0.152268 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:07.056459 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 04:16:23.822642 0.051200 tcp 10.0.2.109 58003 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:16:23.874249 0.057853 tcp 10.0.2.109 58004 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:16:23.931898 0.156743 tcp 10.0.2.109 58005 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:16:24.089228 0.070430 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:24.160051 0.178471 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:24.338888 0.143442 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:24.482727 0.049522 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:24.532644 0.035488 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:24.568489 0.177035 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:24.745930 0.052419 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:24.798788 0.140630 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:24.939861 0.143480 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:25.083727 0.049706 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:25.133850 0.160759 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:25.294971 0.361254 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:25.656587 0.135716 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:25.792686 0.034925 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:25.827960 0.149256 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:25.977612 0.161419 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:26.139451 0.191100 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:26.330960 0.192593 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:26.523981 0.171355 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:26.695758 0.162491 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:26.858622 0.389927 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:27.248892 0.040933 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:27.290267 0.182958 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:27.473662 0.169818 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:27.643913 0.170680 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:27.815001 0.000000 udp 10.0.2.109 3683 -> 5.248.136.71 7959 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 04:16:43.390505 0.053602 tcp 10.0.2.109 58006 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:16:43.443991 0.055739 tcp 10.0.2.109 58007 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:16:43.499601 0.149558 tcp 10.0.2.109 58008 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:16:43.649632 0.369955 udp 10.0.2.109 3683 <-> 114.38.31.181 1995 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:44.020002 0.372880 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:44.393212 0.069425 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:44.463042 0.257311 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:16:44.720712 0.317214 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:19:01.621550 3.001607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 04:19:08.628896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:19:16.630561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:19:32.633444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:20:04.639414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:26:08.645527 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 04:26:15.652862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:26:23.654797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:26:39.657336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:27:11.663436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:33:15.669650 3.001763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 04:33:22.676591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:33:30.678260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:33:47.052074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:34:19.057911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:40:23.064184 3.001126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 04:40:30.071376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:40:38.073233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:40:54.075580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:41:26.081903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:44:44.817865 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 04:44:44.817968 1.552226 tcp 10.0.2.109 58009 -> 70.113.215.93 3558 FSPA* 0 0 14 1513 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:47:09.055688 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 04:47:09.055795 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 04:47:25.730772 0.060210 tcp 10.0.2.109 58010 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:47:25.791286 0.057765 tcp 10.0.2.109 58011 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:47:25.849348 0.147358 tcp 10.0.2.109 58012 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:47:25.995622 0.000000 udp 10.0.2.109 3683 -> 5.248.136.71 7959 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 04:47:30.088789 3.000630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 04:47:37.095013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:47:43.054396 0.070810 tcp 10.0.2.109 58013 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:47:43.125008 0.058492 tcp 10.0.2.109 58014 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:47:43.183784 0.158743 tcp 10.0.2.109 58015 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/18 04:47:43.343141 0.158109 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:43.501694 0.181069 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:43.683147 0.144338 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:43.827908 0.050003 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:43.878461 0.035298 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:43.914272 0.181018 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:44.095678 0.052525 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:44.148648 0.139137 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:44.288222 0.043062 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:44.331705 0.145733 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:44.477829 0.160867 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:44.639049 0.335528 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:44.974990 0.137808 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:45.096906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:47:45.113201 0.035473 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:45.149058 0.049985 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:45.199473 0.199197 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:45.399036 0.173211 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:45.572671 0.158675 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:45.731721 0.161511 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:45.893706 0.143918 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:46.038012 0.185427 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:46.223846 0.178632 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:46.402893 0.159077 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:46.562432 0.331407 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:46.894367 0.046901 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:46.941726 0.171217 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:47.113314 0.079945 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:47.193690 0.080903 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:47.275002 0.249491 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:47.524844 0.382206 udp 10.0.2.109 3683 <-> 114.38.31.181 1995 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:47:47.907893 0.313751 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/18 04:48:01.099654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:48:33.105671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:54:37.112056 3.001713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 04:54:44.119676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:54:52.120758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:55:08.123857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 04:55:40.129660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:01:44.135914 3.001728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 05:01:51.142968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:01:59.144477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:02:15.147688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:02:47.154332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:08:51.159540 3.002301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 05:08:58.167640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:09:06.168981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:09:22.171931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:09:54.177538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:14:46.378197 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 05:14:46.378388 1.049262 tcp 10.0.2.109 58016 -> 70.113.215.93 3558 FSPA* 0 0 14 1592 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:15:58.183822 3.001498 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 05:16:05.191167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:16:13.193116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:16:29.195702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:17:01.201549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:18:11.823902 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 05:18:11.824103 0.144695 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:11.969218 0.159077 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:12.128672 0.180400 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:12.309518 0.048858 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:12.358711 0.036216 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:12.395333 0.180796 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:12.576547 0.053086 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:12.630216 0.890385 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:13.520933 0.040932 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:13.562292 0.142752 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:13.705455 0.159469 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:13.865305 0.365996 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:14.231703 0.144329 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:14.376483 0.041561 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:14.418625 0.051741 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:14.470800 0.192321 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:14.663550 0.162766 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:14.826718 0.160326 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:14.987453 0.183934 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:15.171843 0.000000 udp 10.0.2.109 3683 -> 98.177.224.252 4874 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 05:18:30.842438 0.053399 tcp 10.0.2.109 58017 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:18:30.896122 0.059134 tcp 10.0.2.109 58018 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:18:30.955055 0.161728 tcp 10.0.2.109 58019 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:18:31.117275 0.174727 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:31.292408 0.160363 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:31.453162 0.148773 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:31.602455 0.320587 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:31.923456 0.041239 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:31.965077 0.169625 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:32.135051 0.077175 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:32.212577 0.072530 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:32.285514 0.254119 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:18:32.539992 0.000000 udp 10.0.2.109 3683 -> 114.38.31.181 1995 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 05:18:49.247697 0.052171 tcp 10.0.2.109 58020 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:18:49.299661 0.058879 tcp 10.0.2.109 58021 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:18:49.358840 0.153402 tcp 10.0.2.109 58022 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:18:49.511537 0.000000 udp 10.0.2.109 3683 -> 210.210.116.215 8899 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 05:19:07.744604 0.052843 tcp 10.0.2.109 58023 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:19:07.797765 0.060739 tcp 10.0.2.109 58024 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:19:07.858780 0.151551 tcp 10.0.2.109 58025 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:23:05.208399 3.000984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 05:23:12.215344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:23:20.216969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:23:36.219976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:24:08.366041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:30:12.371703 3.001907 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 05:30:19.379104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:30:27.380717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:30:43.383538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:31:15.390370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:37:19.396285 3.001241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 05:37:26.403100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:37:34.404855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:37:50.407992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:38:22.413615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:44:26.419972 3.001417 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 05:44:33.427152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:44:41.428611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:44:47.488300 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 05:44:47.488403 0.961885 tcp 10.0.2.109 58026 -> 70.113.215.93 3558 FSPA* 0 0 14 1682 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:44:57.432075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:45:29.437874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:49:30.444815 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 05:49:30.444929 0.184547 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:30.629888 0.000000 udp 10.0.2.109 3683 -> 210.210.116.215 8899 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 05:49:46.859408 0.054112 tcp 10.0.2.109 58027 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:49:46.913790 0.054890 tcp 10.0.2.109 58028 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:49:46.968990 0.162470 tcp 10.0.2.109 58029 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/18 05:49:47.132125 0.379303 udp 10.0.2.109 3683 <-> 114.38.31.181 1995 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:47.511858 0.178653 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:47.690929 0.174235 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:47.865553 0.052422 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:47.918407 0.159028 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.077849 0.035677 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.113915 0.052655 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.167022 0.147956 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.315405 0.136906 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.452719 0.039916 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.493046 0.143702 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.637125 0.051804 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.689351 0.133996 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.823774 0.164446 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:48.988669 0.378564 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:49.367656 0.192947 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:49.561009 0.160927 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:49.722478 0.035572 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:49.758595 0.181924 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:49.940863 0.169895 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:50.111095 0.164022 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:50.275445 0.171138 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:50.447009 0.201986 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:50.649360 0.075776 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:50.725524 0.079983 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:50.805837 0.260558 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:51.066793 0.336002 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:51.403265 0.169789 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:49:51.573469 0.046535 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/18 05:51:33.444775 3.001160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 05:51:40.451509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:51:48.452688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:52:04.455618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:52:36.461806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:58:40.467878 3.001755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 05:58:47.475525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:58:55.477007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:59:11.479848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 05:59:43.485764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:05:47.491927 3.011701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 06:05:54.508856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:06:02.510657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:06:18.514015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:06:50.519431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:12:54.525704 3.002052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 06:13:01.533394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:13:09.535323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:13:25.537482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:13:57.543917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:14:48.457082 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 06:14:48.457178 1.169574 tcp 10.0.2.109 58030 -> 70.113.215.93 3558 FSPA* 0 0 14 1622 flow=From-Botnet-V1-TCP-Established 1970/01/18 06:19:53.966182 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 06:19:53.966289 0.181563 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:19:54.148244 0.183951 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:19:54.332559 0.000000 udp 10.0.2.109 3683 -> 114.38.31.181 1995 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 06:20:01.549426 3.002177 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 06:20:08.557427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:20:13.226176 0.056023 tcp 10.0.2.109 58031 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 06:20:13.282914 0.056164 tcp 10.0.2.109 58032 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 06:20:13.338904 0.158697 tcp 10.0.2.109 58033 -> 195.113.214.211 443 SRPA* 0 0 41 21414 flow=From-Botnet-V1-TCP-Established 1970/01/18 06:20:13.497539 0.179736 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:13.677708 0.052680 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:13.730814 0.157623 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:13.888794 0.035822 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:13.925018 0.054018 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:13.979401 0.145133 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:14.124896 0.139844 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:14.265092 0.043173 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:14.308675 0.141424 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:14.450487 0.051019 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:14.501898 0.145836 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 203 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:14.648183 0.204265 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:14.852805 0.359540 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:15.212787 0.196979 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:15.417428 0.160309 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:15.578147 0.038871 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:15.617369 0.188011 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:15.805830 0.162261 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:15.968430 0.160647 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:16.129520 0.168542 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:16.298494 0.146615 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:16.445537 0.081613 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:16.527601 0.078374 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:16.558277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:20:16.606384 0.170037 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:16.776876 0.039852 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:16.817093 0.463277 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:17.280788 0.351468 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:20:32.561312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:21:04.567765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:27:08.883780 3.002110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 06:27:15.891748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:27:23.893242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:27:39.896148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:28:11.901906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:34:15.908381 3.001136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 06:34:22.915689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:34:30.917015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:34:46.919871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:35:18.926190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:41:22.931646 3.001737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 06:41:29.939199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:41:37.940841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:41:53.944168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:42:25.949906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:44:49.767047 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 06:44:49.767146 0.971272 tcp 10.0.2.109 58034 -> 70.113.215.93 3558 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/01/18 06:48:29.956832 3.000962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 06:48:36.963441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:48:44.964913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:49:00.967782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:49:32.973883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:50:37.397173 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 06:50:37.397364 0.000000 udp 10.0.2.109 3683 -> 114.38.31.181 1995 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 06:50:55.324115 0.053990 tcp 10.0.2.109 58035 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 06:50:55.378440 0.059902 tcp 10.0.2.109 58036 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 06:50:55.438630 0.152662 tcp 10.0.2.109 58037 -> 195.113.214.211 443 SRPA* 0 0 42 37026 flow=From-Botnet-V1-TCP-Established 1970/01/18 06:50:55.591913 0.182000 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:55.774373 0.174360 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:55.949130 0.158016 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.107556 0.181193 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.289155 0.052632 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.342224 0.035424 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.378044 0.052617 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.431066 0.143789 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.575261 0.139202 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.714871 0.039765 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.755019 0.140998 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.896419 0.051225 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:56.948012 0.182564 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:57.131001 0.199353 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:57.330782 0.341309 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:57.672491 0.197830 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:57.870692 0.159219 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:58.030359 0.037929 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:58.068654 0.187504 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:58.256505 0.165212 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:58.422310 0.162871 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:58.585598 0.163763 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:58.749776 0.147456 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:58.897605 0.088257 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:58.986440 0.077840 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:59.064688 0.171660 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:59.236759 0.041429 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:59.278547 0.257367 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:50:59.536354 0.329716 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/18 06:55:36.980891 3.001112 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 06:55:43.987709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:55:51.988962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:56:07.992030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 06:56:39.997974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:02:44.004596 3.000817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 07:02:51.011055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:02:59.012730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:03:15.016044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:03:47.022318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:09:51.028021 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 07:09:58.035709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:10:06.036936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:10:22.039873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:10:54.046196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:14:50.746809 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 07:14:50.747023 1.229756 tcp 10.0.2.109 58038 -> 70.113.215.93 3558 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/01/18 07:16:58.051727 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 07:17:05.059283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:17:13.060462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:17:29.063600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:18:01.270094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:21:20.386545 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 07:21:20.386653 0.183759 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:20.570821 0.180472 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:20.751651 0.160729 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:20.912727 0.180587 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.117313 0.052380 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.170136 0.036258 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.206810 0.054982 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.262214 0.140935 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.403519 0.138267 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.542157 0.040235 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.582736 0.142285 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.725365 0.051368 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.777121 0.189938 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:21.967504 0.165519 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:22.133388 0.357465 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:22.491269 0.190973 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:22.682648 0.160586 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:22.843656 0.035916 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:22.880001 0.183660 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:23.063997 0.165184 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:23.229549 0.159777 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:23.389770 0.175503 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:23.565676 0.141374 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:23.707473 0.200387 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:23.908272 0.042246 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:23.950845 0.252609 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:24.203871 0.353588 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:24.557886 0.069056 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:21:24.627323 0.172578 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:24:05.276248 3.001478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 07:24:12.283406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:24:20.284736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:24:36.287966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:25:08.294132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:31:12.301118 3.000607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 07:31:19.307866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:31:27.308771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:31:43.312164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:32:15.318398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:38:19.323802 3.001917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 07:38:26.331769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:38:34.332763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:38:50.336097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:39:22.341711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:44:52.066616 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 07:44:52.066811 1.030107 tcp 10.0.2.109 58039 -> 70.113.215.93 3558 FSPA* 0 0 14 1698 flow=From-Botnet-V1-TCP-Established 1970/01/18 07:45:26.348621 3.000858 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 07:45:33.355619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:45:41.357022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:45:57.360096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:46:29.365658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:51:54.874013 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 07:51:54.874109 0.159043 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:55.033540 0.179160 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:55.213125 0.184470 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:55.398011 0.180679 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:55.579131 0.053375 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:55.632915 0.035574 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:55.668854 0.054283 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:55.723626 0.138317 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:55.862387 0.134591 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:55.997399 0.044216 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:56.042004 0.143278 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:56.185705 0.050175 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:56.236283 0.135847 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:56.372588 0.173366 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:56.546329 0.354087 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:56.900819 2.127153 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:59.028399 0.159763 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:59.188623 0.035762 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:59.224773 0.234799 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:59.459996 0.173531 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:59.633945 0.159872 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:59.794266 0.173926 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:51:59.968549 0.395202 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:52:00.364150 0.302977 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:52:00.667526 0.040658 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:52:00.708554 0.078548 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:52:00.787517 0.169936 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:52:00.957846 0.254718 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:52:01.212907 0.313763 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/18 07:52:33.372852 3.000567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 07:52:40.379596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:52:48.381254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:53:04.383922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:53:36.389807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:59:40.396294 3.001468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 07:59:47.403733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 07:59:55.405214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:00:11.407947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:00:43.413587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:06:47.419525 3.001716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 08:06:54.427758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:07:02.428514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:07:18.431857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:07:50.438085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:13:54.443715 3.002087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 08:14:01.451491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:14:09.453107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:14:25.456094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:14:53.096450 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 08:14:53.096582 1.054566 tcp 10.0.2.109 58040 -> 70.113.215.93 3558 FSPA* 0 0 13 1462 flow=From-Botnet-V1-TCP-Established 1970/01/18 08:14:57.461849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:21:01.467787 3.001731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 08:21:08.474943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:21:16.476839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:21:32.479833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:22:04.486132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:22:30.723893 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 08:22:30.723982 0.155077 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:30.879491 0.185247 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:31.065167 0.181924 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:31.247516 0.182044 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:31.429965 0.055169 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:31.485541 0.035531 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:31.521417 0.054526 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:31.576382 0.213348 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:31.790110 0.139200 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:31.929697 0.040169 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:31.970285 0.145512 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:32.116144 0.050692 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:32.167248 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 08:22:49.421800 0.057792 tcp 10.0.2.109 58041 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 08:22:49.479870 0.053681 tcp 10.0.2.109 58042 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 08:22:49.533398 0.133827 tcp 10.0.2.109 58043 -> 195.113.214.211 443 SRPA* 0 0 33 24135 flow=From-Botnet-V1-TCP-Established 1970/01/18 08:22:49.667757 0.163403 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:49.831587 0.333327 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:50.165318 0.195412 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:50.361217 0.221742 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:50.583389 0.174825 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:50.758637 0.162859 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:50.921905 0.275672 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:51.198004 0.161452 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:51.359855 0.035795 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:51.396069 0.148946 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:51.545417 0.095415 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:51.641271 0.041254 udp 10.0.2.109 3683 <-> 87.153.119.161 4545 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:51.682864 0.067444 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:51.750732 0.169659 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:51.920897 0.250952 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:22:52.172240 0.330744 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:28:08.491915 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 08:28:15.499411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:28:23.500973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:28:39.503906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:29:11.509860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:35:15.516284 3.001176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 08:35:22.522871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:35:30.524492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:35:46.527784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:36:18.533764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:42:22.539613 3.001910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 08:42:29.547277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:42:37.548659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:42:53.552041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:43:25.557763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:44:54.155796 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 08:44:54.156026 1.015282 tcp 10.0.2.109 58044 -> 70.113.215.93 3558 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/01/18 08:49:29.563929 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 08:49:36.571150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:49:44.572410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:50:00.575918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:50:32.581837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:53:08.416402 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 08:53:08.416506 0.138960 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:08.555859 0.157993 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:08.714378 0.182993 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:08.897774 0.178838 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.076966 0.052394 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.129776 0.177292 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.307479 0.052411 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.360241 0.142710 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.503318 0.135334 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.638997 0.044169 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.683533 0.037227 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.721084 0.051098 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.772586 0.141535 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:09.914536 0.164885 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:10.079828 0.364230 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:10.444467 0.188356 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:10.633222 0.182498 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:10.816072 0.160891 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:10.977433 0.179543 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:11.157375 0.189466 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:11.347701 0.175930 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:11.523994 0.034831 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:11.559228 0.145759 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:11.705392 0.077889 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:11.783710 0.000000 udp 10.0.2.109 3683 -> 87.153.119.161 4545 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 08:53:30.398840 0.053446 tcp 10.0.2.109 58045 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 08:53:30.452588 0.055749 tcp 10.0.2.109 58046 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 08:53:30.508655 0.146963 tcp 10.0.2.109 58047 -> 195.113.214.211 443 SRPA* 0 0 48 41692 flow=From-Botnet-V1-TCP-Established 1970/01/18 08:53:30.656375 0.073583 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:30.730455 0.179531 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:30.910407 0.262941 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:53:31.173689 0.378748 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/18 08:56:36.588084 3.001316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 08:56:43.594980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:56:51.596995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:57:07.600001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 08:57:39.605915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:03:43.612359 3.001128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 09:03:50.619202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:03:58.620819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:04:15.655167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:04:47.661056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:10:53.670338 3.001624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 09:11:00.677212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:11:08.678933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:11:24.681591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:11:56.688109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:14:55.685713 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 09:14:55.685810 1.150217 tcp 10.0.2.109 58048 -> 70.113.215.93 3558 FSPA* 0 0 14 1723 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:18:05.701658 3.000930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 09:18:12.708251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:18:20.709912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:18:36.712937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:19:08.719295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:24:01.280426 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 09:24:01.280612 0.000000 udp 10.0.2.109 3683 -> 87.153.119.161 4545 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 09:24:16.413715 0.055982 tcp 10.0.2.109 58049 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:24:16.470000 0.054020 tcp 10.0.2.109 58050 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:24:16.524303 0.156354 tcp 10.0.2.109 58051 -> 195.113.214.211 443 SRPA* 0 0 33 24078 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:24:16.681295 0.183912 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:16.865636 0.182534 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:17.048518 0.155090 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:17.203937 0.052855 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:17.257203 0.181156 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:17.438814 0.055592 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:17.494793 0.146232 udp 10.0.2.109 3683 <-> 67.71.166.60 5215 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:17.641383 0.137220 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:17.778974 0.178300 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:17.957661 0.035283 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:17.993281 0.051285 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:18.044963 0.142516 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:18.187887 0.044361 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:18.232624 0.194357 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:18.427461 0.183982 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:18.611780 0.160396 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:18.772564 0.359014 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:19.131998 0.164259 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:19.296616 0.188684 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:19.485677 0.159219 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:19.645253 0.037227 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:19.682860 0.147777 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:19.831045 0.230170 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:20.061620 0.164396 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:20.226513 0.078102 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:20.305029 0.168745 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:20.474114 0.256488 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:24:20.730958 0.316748 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:25:37.731568 3.001469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 09:25:44.738406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:25:52.739834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:26:08.743515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:26:40.989708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:32:44.995674 3.101850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 09:32:52.102770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:33:00.104468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:33:16.107259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:33:48.113251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:39:52.119239 3.002061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 09:39:59.126910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:40:07.128171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:40:23.131154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:40:55.137305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:44:56.985911 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 09:44:56.986048 0.975372 tcp 10.0.2.109 58052 -> 70.113.215.93 3558 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:46:59.143809 3.001421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 09:47:06.150899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:47:14.152125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:47:30.155356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:48:02.161346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:54:06.167722 3.001207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 09:54:13.174780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:54:21.176166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:54:37.179146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:54:42.887866 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 09:54:42.887964 0.154070 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:54:43.042411 0.053279 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:54:43.096103 0.182470 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:54:43.278944 0.056115 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:54:43.335423 0.000000 udp 10.0.2.109 3683 -> 67.71.166.60 5215 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 09:54:59.953794 0.058498 tcp 10.0.2.109 58053 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:00.012570 0.054681 tcp 10.0.2.109 58054 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:00.067562 0.155693 tcp 10.0.2.109 58055 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:00.223933 0.182522 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:00.406800 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 09:55:09.185380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 09:55:17.608072 0.052925 tcp 10.0.2.109 58056 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:17.661295 0.055601 tcp 10.0.2.109 58057 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:17.717221 0.148992 tcp 10.0.2.109 58058 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:17.866729 0.000000 udp 10.0.2.109 3683 -> 65.93.51.243 8004 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 09:55:35.213733 0.052580 tcp 10.0.2.109 58059 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:35.266619 0.053424 tcp 10.0.2.109 58060 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:35.320370 0.156439 tcp 10.0.2.109 58061 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:35.477280 0.179839 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:35.657534 0.035338 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:35.693271 0.050906 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:35.744586 0.139892 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:35.884831 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 09:55:51.025995 0.053917 tcp 10.0.2.109 58062 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:51.079787 0.055423 tcp 10.0.2.109 58063 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:51.135060 0.148366 tcp 10.0.2.109 58064 -> 195.113.214.211 443 SRPA* 0 0 32 17990 flow=From-Botnet-V1-TCP-Established 1970/01/18 09:55:51.281998 0.198882 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:51.481279 0.193479 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:51.675188 0.159483 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:51.835011 0.339998 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:52.175419 0.192827 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:52.368658 0.246107 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:52.615118 0.181921 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:52.797385 0.036234 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:52.834007 0.159820 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:52.994259 0.079066 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:53.073642 0.159817 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:53.233872 0.074026 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:53.308306 0.198772 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:53.507493 0.257774 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/18 09:55:53.765684 0.386569 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:01:13.191675 3.001026 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 10:01:20.198882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:01:28.199968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:01:44.203143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:02:16.209410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:08:20.216232 3.000562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 10:08:27.223140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:08:35.224164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:08:51.226954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:09:23.233301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:14:57.965055 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 10:14:57.965336 1.189445 tcp 10.0.2.109 58065 -> 70.113.215.93 3558 FSPA* 0 0 14 1571 flow=From-Botnet-V1-TCP-Established 1970/01/18 10:15:27.239026 3.002007 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 10:15:34.247027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:15:42.248111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:15:58.251089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:16:30.257221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:22:34.263880 3.001288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 10:22:41.270807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:22:49.271861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:23:05.275282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:23:37.281411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:26:21.397540 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 10:26:21.397738 0.138874 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:21.536975 0.000000 udp 10.0.2.109 3683 -> 67.71.166.60 5215 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 10:26:37.271680 0.054827 tcp 10.0.2.109 58066 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 10:26:37.326782 0.055015 tcp 10.0.2.109 58067 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 10:26:37.382178 0.148368 tcp 10.0.2.109 58068 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/18 10:26:37.529255 0.131392 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:37.661076 0.040036 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:37.701535 0.054596 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:37.756466 0.154404 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:37.911221 0.187014 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:38.098653 0.052908 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:38.151959 0.175616 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:38.328000 0.195405 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:38.523834 0.035419 udp 10.0.2.109 3683 <-> 160.80.52.122 5029 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:38.559654 0.050978 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:38.611039 0.143959 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:38.755380 0.196303 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:38.952103 0.199926 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:39.152392 0.164660 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:39.317428 0.177368 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:39.495214 0.169977 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:39.665576 0.035455 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:39.701458 0.364573 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:40.066446 0.164270 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:40.231121 0.147370 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:40.378839 0.220302 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:40.599552 0.160851 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:40.760805 0.067918 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:40.829123 0.187305 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:41.016862 0.282853 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:26:41.300078 0.350974 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:29:41.288222 3.000376 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 10:29:48.294817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:29:56.296034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:30:12.298957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:30:44.305325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:36:48.310831 3.002153 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 10:36:55.318520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:37:03.319878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:37:19.323101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:37:51.329467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:43:55.335775 3.001214 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 10:44:02.342479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:44:10.343984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:44:26.347498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:44:58.353177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:44:59.154563 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 10:44:59.154639 0.984509 tcp 10.0.2.109 58069 -> 70.113.215.93 3558 FSPA* 0 0 14 1550 flow=From-Botnet-V1-TCP-Established 1970/01/18 10:51:02.359763 3.001115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 10:51:09.366944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:51:17.367765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:51:33.371086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:52:05.376772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:57:04.557585 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 10:57:04.557729 0.132291 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:04.690401 0.053770 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:04.744585 0.137567 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:04.882586 0.040714 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:04.923707 0.158020 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:05.082268 0.181686 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:05.264369 0.052044 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:05.316820 0.176244 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:05.493473 0.181055 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:05.674965 0.000000 udp 10.0.2.109 3683 -> 160.80.52.122 5029 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 10:57:22.775481 0.053787 tcp 10.0.2.109 58070 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 10:57:22.829567 0.055185 tcp 10.0.2.109 58071 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 10:57:22.885064 0.153568 tcp 10.0.2.109 58072 -> 195.113.214.211 443 SRPA* 0 0 42 21700 flow=From-Botnet-V1-TCP-Established 1970/01/18 10:57:23.039324 0.058108 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:23.097830 0.142542 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:23.240779 0.196893 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:23.438043 0.185429 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:23.623873 0.174792 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:23.799032 0.174707 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:23.974165 0.159686 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:24.134283 0.037533 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:24.172247 0.361465 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:24.534242 0.163624 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:24.698319 0.147048 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:24.845764 0.081244 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:24.927424 0.189727 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:25.117565 0.078454 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:25.196434 0.354025 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:25.550872 0.194891 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:57:25.746288 0.524220 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/18 10:58:09.382785 3.002140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 10:58:16.390664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:58:24.392250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:58:40.395386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 10:59:12.401420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:05:16.407270 3.001662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 11:05:23.414819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:05:31.416200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:05:47.419477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:06:19.425329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:12:23.432020 3.001028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 11:12:30.438274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:12:38.439636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:12:54.442953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:13:26.479155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:15:00.143736 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 11:15:00.143934 1.323091 tcp 10.0.2.109 58073 -> 70.113.215.93 3558 FSPA* 0 0 14 1733 flow=From-Botnet-V1-TCP-Established 1970/01/18 11:19:30.515816 3.000609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 11:19:37.522490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:19:45.524114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:20:01.527224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:20:33.613239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:26:37.619814 3.001226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 11:26:44.626806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:26:52.628023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:27:08.630789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:27:29.340999 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 11:27:29.341090 0.000000 udp 10.0.2.109 3683 -> 160.80.52.122 5029 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 11:27:40.637030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:27:47.679222 0.229562 tcp 10.0.2.109 58074 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 11:27:47.909061 0.053534 tcp 10.0.2.109 58075 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 11:27:47.962917 0.153148 tcp 10.0.2.109 58076 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/18 11:27:48.116578 0.203866 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:48.320814 0.053037 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:48.374221 0.155812 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:48.530388 0.138150 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:48.668963 0.052823 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:48.722221 0.176077 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:48.898707 0.179743 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:49.078807 0.182775 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:49.261915 0.039821 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:49.302284 0.057583 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:49.360283 0.145492 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:49.360589 0.545205 tcp 10.0.2.109 58077 -> 2.229.48.91 9006 FSPA* 0 0 14 1154 flow=From-Botnet-V1-TCP-Established 1970/01/18 11:27:49.506359 1.158109 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:50.664851 0.204623 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:50.869901 0.204070 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:51.074413 0.048273 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:51.123109 0.334477 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:51.457909 0.166631 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:51.624913 0.154278 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:51.779630 0.172919 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:51.952953 0.161787 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:52.115169 0.076359 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:52.191944 0.161369 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:52.353717 0.073073 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:52.427193 0.333926 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:52.761478 0.170020 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:27:52.931909 0.256375 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:33:44.723977 3.000853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 11:33:51.731271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:33:59.733064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:34:15.735809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:34:47.740878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:40:51.747878 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 11:40:58.754988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:41:06.795993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:41:22.798860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:41:54.805318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:45:01.594602 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 11:45:01.594698 1.071814 tcp 10.0.2.109 58078 -> 70.113.215.93 3558 FSPA* 0 0 14 1667 flow=From-Botnet-V1-TCP-Established 1970/01/18 11:47:58.810727 3.002034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 11:48:05.818423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:48:13.820172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:48:29.823264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:49:01.829162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:55:05.834938 3.001823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 11:55:12.842940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:55:20.844100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:55:36.847412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:56:08.852947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 11:58:05.571395 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 11:58:05.571656 0.155535 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:05.727633 0.136443 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:05.864491 0.051706 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:05.916646 0.181182 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:06.098336 0.135322 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:06.234342 0.056013 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:06.290704 0.203129 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:06.494320 0.181251 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:06.676012 0.044318 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:06.720751 0.051357 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:06.772458 0.142448 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:06.915321 0.193924 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:07.109600 0.212688 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:07.322700 0.158336 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:07.481421 0.036470 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:07.518425 0.345882 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:07.864695 0.195082 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:08.060203 0.146482 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:08.207093 0.190722 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:08.398247 0.161039 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:08.559618 0.069785 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:08.629799 0.355330 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:08.985563 0.192179 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:09.178133 0.170621 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:09.349170 0.077807 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/18 11:58:09.427337 0.472797 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:02:12.859506 3.001139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 12:02:19.867024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:02:27.867781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:02:44.351611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:03:16.357684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:09:20.363736 3.001925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 12:09:27.370988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:09:35.372974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:09:51.375580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:10:23.381887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:15:02.924361 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 12:15:02.924451 1.178576 tcp 10.0.2.109 58079 -> 70.113.215.93 3558 FSPA* 0 0 14 1648 flow=From-Botnet-V1-TCP-Established 1970/01/18 12:16:27.398489 3.000823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 12:16:34.405175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:16:42.406791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:16:58.409792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:17:30.415840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:23:34.422572 3.001020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 12:23:41.428939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:23:49.430607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:24:05.433965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:24:37.439769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:28:35.802642 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 12:28:35.802738 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 12:28:53.509916 0.052999 tcp 10.0.2.109 58080 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 12:28:53.563217 0.053222 tcp 10.0.2.109 58081 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 12:28:53.616733 0.153294 tcp 10.0.2.109 58082 -> 195.113.214.211 443 SRPA* 0 0 47 28676 flow=From-Botnet-V1-TCP-Established 1970/01/18 12:28:53.768387 0.154757 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:53.923556 0.136423 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:54.060391 0.188287 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:54.249113 0.140224 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:54.389784 0.052982 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:54.443174 0.187162 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:54.630748 0.179854 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:54.811006 0.039892 rtcp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:54.851334 0.051500 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:54.903229 0.142639 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:55.046325 0.198608 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:55.245332 0.184329 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:55.430101 0.160908 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:55.591412 0.035413 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:55.627257 0.351805 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:55.979595 0.171711 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:55.979951 4.893494 tcp 10.0.2.109 58083 -> 223.17.68.245 4353 SPA_* 0 0 114 94343 flow=From-Botnet-V1-TCP-Established 1970/01/18 12:28:56.151624 0.147184 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:56.299223 0.195694 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:56.495285 0.160152 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:56.655792 0.072907 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:56.729165 0.358543 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:57.088100 0.078890 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:57.167480 0.251114 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:57.419012 0.170311 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:28:57.589732 0.161208 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:01.206637 4.812017 tcp 10.0.2.109 58083 -> 223.17.68.245 4353 A_PA 0 0 142 122356 flow=From-Botnet-V1-TCP-Established 1970/01/18 12:29:06.349564 4.778503 tcp 10.0.2.109 58083 -> 223.17.68.245 4353 A_PA 0 0 166 123652 flow=From-Botnet-V1-TCP-Established 1970/01/18 12:29:11.456994 2.420222 tcp 10.0.2.109 58083 -> 223.17.68.245 4353 FPA_* 0 0 42 26231 flow=From-Botnet-V1-TCP-Established 1970/01/18 12:29:31.235482 0.051237 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:31.287081 0.153341 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:31.440842 0.136466 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:31.577681 0.179926 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:31.758030 0.138873 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:31.897309 0.038135 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:31.935832 0.174833 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:32.111068 0.174934 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:32.286505 0.039899 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:32.326797 0.050573 udp 10.0.2.109 3683 <-> 2.229.48.91 3338 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:32.377727 0.139326 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:32.517450 0.187021 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:32.704807 0.186861 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:32.892128 0.159058 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:33.051603 0.050996 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:33.102939 0.351632 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:33.455017 0.172421 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:33.627881 0.142112 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:33.770431 0.181302 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:33.952157 0.160073 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:34.112623 0.079099 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:34.192144 0.249680 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:34.442263 0.167462 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:34.610203 0.161175 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:34.771744 0.354192 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:29:35.126352 0.080059 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:30:16.106875 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 12:30:16.106971 1.185601 tcp 10.0.2.109 58084 -> 70.113.215.93 3558 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/01/18 12:30:41.485967 3.061568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 12:30:48.553402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:30:56.555020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:31:12.557752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:31:44.563780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:37:48.569569 3.001870 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 12:37:55.577318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:38:03.579009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:38:19.581910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:38:51.587575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:44:55.594606 3.001007 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 12:45:02.601289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:45:10.602911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:45:26.605771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:45:58.612040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:52:02.618393 3.000726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 12:52:09.625325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:52:17.626500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:52:33.629907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:53:05.635515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:59:09.642022 3.001242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 12:59:16.649307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:59:24.650770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:59:40.653376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 12:59:43.087736 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 12:59:43.087920 0.139633 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:59:43.227956 0.176974 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:59:43.405297 0.136411 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:59:43.542215 0.053506 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:59:43.596124 0.153780 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:59:43.750349 0.052829 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:59:43.803601 0.179836 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:59:43.983869 0.192703 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:59:44.176962 0.053001 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/18 12:59:44.230412 0.000000 udp 10.0.2.109 3683 -> 2.229.48.91 3338 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 13:00:01.706148 0.052526 tcp 10.0.2.109 58085 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:00:01.759017 0.052809 tcp 10.0.2.109 58086 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:00:01.812087 0.145367 tcp 10.0.2.109 58087 -> 195.113.214.211 443 SRPA* 0 0 39 34228 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:00:01.958088 0.141817 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:02.100339 0.192611 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:02.293465 0.194073 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:02.487971 0.174632 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:02.663005 0.054597 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:02.718012 0.364716 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:03.083086 0.162593 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:03.246337 0.141931 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:03.388675 0.078668 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:03.467691 0.255812 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:03.723910 0.168083 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:03.892386 0.160879 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:04.053627 0.176180 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:04.230378 0.162378 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:04.393194 0.361304 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:04.754897 0.075918 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:00:12.870029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:00:17.406996 1.124930 tcp 10.0.2.109 58088 -> 70.113.215.93 3558 FSPA* 0 0 14 1684 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:06:16.875970 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 13:06:23.883334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:06:31.885162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:06:47.887767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:07:19.893986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:13:23.900673 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 13:13:30.907752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:13:38.908736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:13:54.911758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:14:26.917702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:20:30.925374 3.000392 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 13:20:37.931629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:20:45.932526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:21:01.935526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:21:34.081959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:27:38.089095 3.000574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 13:27:45.095179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:27:53.096944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:28:09.100395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:28:41.105933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:30:18.598133 0.000345 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 13:30:18.598578 1.101026 tcp 10.0.2.109 58089 -> 70.113.215.93 3558 FSPA* 0 0 12 1542 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:30:24.425263 0.000000 udp 10.0.2.109 3683 -> 2.229.48.91 3338 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 13:30:43.303823 0.052499 tcp 10.0.2.109 58090 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:30:43.356611 0.054212 tcp 10.0.2.109 58091 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:30:43.411164 0.145966 tcp 10.0.2.109 58092 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:30:43.557815 0.184803 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:43.743019 0.143623 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:43.887074 0.054096 rtcp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:43.941580 0.155761 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:44.097743 0.053745 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:44.151844 0.178174 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:44.330464 0.133004 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:44.463947 0.176161 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:44.640534 0.044310 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:44.685260 0.141796 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:44.827392 0.196088 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:45.023857 0.188056 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:45.212318 0.159972 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:45.372719 0.035917 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:45.408972 0.370049 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:45.779502 0.165231 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:45.945085 0.144767 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:46.090275 0.088098 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:46.178769 0.248004 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:30:46.427120 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 13:31:02.840195 0.052824 tcp 10.0.2.109 58093 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:31:02.893397 0.053178 tcp 10.0.2.109 58094 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:31:02.946858 0.145819 tcp 10.0.2.109 58095 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/18 13:31:03.093186 0.162404 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:31:03.256014 0.399638 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:31:03.656077 0.073754 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:31:03.730247 0.159128 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:31:03.889805 0.175590 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 13:34:45.111694 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 13:34:52.119527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:35:00.121287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:35:16.123986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:35:48.129695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:41:52.136239 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 13:41:59.143547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:42:07.144984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:42:23.148105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:42:55.153770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:48:59.160140 3.001643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 13:49:06.167280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:49:14.168939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:49:30.172067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:50:02.178241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:56:06.183686 3.002212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 13:56:13.191287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:56:21.192606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:56:37.195705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 13:57:09.202098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:00:19.706385 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:00:19.706483 1.209191 tcp 10.0.2.109 58096 -> 70.113.215.93 3558 FSPA* 0 0 14 1685 flow=From-Botnet-V1-TCP-Established 1970/01/18 14:01:21.614722 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:01:21.614873 0.168337 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 200 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:21.783645 0.054341 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:21.838454 0.174428 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:22.013372 0.144930 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:22.158691 0.049672 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:22.208770 0.178738 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:22.387914 0.136070 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:22.524356 0.180147 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:22.704948 0.158319 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:22.863703 0.144472 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:23.008579 0.194430 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:23.203418 0.039626 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:23.243409 0.036241 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:23.280061 0.360133 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:23.640598 0.164158 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:23.805092 0.170135 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:23.975571 0.202594 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:24.178568 0.143241 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:24.322185 0.089972 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:24.412583 0.254547 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:24.667499 0.252339 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:24.920256 0.160435 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:25.081111 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:01:41.665795 0.051532 tcp 10.0.2.109 58097 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 14:01:41.717605 0.053502 tcp 10.0.2.109 58098 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 14:01:41.771422 0.145859 tcp 10.0.2.109 58099 -> 195.113.214.211 443 SRPA* 0 0 25 13040 flow=From-Botnet-V1-TCP-Established 1970/01/18 14:01:41.917893 0.158762 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:01:42.077098 0.328181 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:03:13.208935 3.001224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 14:03:20.285405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:03:28.287038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:03:44.289632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:04:16.295734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:10:20.302624 3.001111 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 14:10:27.309735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:10:35.321273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:10:51.323612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:11:23.329833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:17:27.336635 3.000804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 14:17:34.343540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:17:42.345203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:17:58.347819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:18:30.353741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:24:34.360638 3.241206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 14:24:41.607822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:24:49.609326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:25:05.612004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:25:37.617953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:30:21.046027 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:30:21.046128 1.131762 tcp 10.0.2.109 58100 -> 70.113.215.93 3558 FSPA* 0 0 14 1554 flow=From-Botnet-V1-TCP-Established 1970/01/18 14:31:41.625042 3.000920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 14:31:48.632015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:31:56.633120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:32:05.455867 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:32:05.456025 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:32:12.636013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:32:23.614161 0.053282 tcp 10.0.2.109 58101 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 14:32:23.667808 0.052350 tcp 10.0.2.109 58102 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 14:32:23.720447 0.146615 tcp 10.0.2.109 58103 -> 195.113.214.211 443 SRPA* 0 0 51 34052 flow=From-Botnet-V1-TCP-Established 1970/01/18 14:32:23.867565 4.846467 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 3 608 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:24.056039 3.927662 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 4 1136 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:24.226578 3.811411 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1243 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:24.280743 3.798810 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1095 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:24.331025 3.925182 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 4 1021 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:24.509877 3.886160 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 4 1089 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:24.649016 3.932822 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 4 1235 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:24.832153 3.881481 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1201 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:24.963374 4.075673 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 4 1283 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:25.105710 4.095564 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 4 1005 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:25.260852 3.975873 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 4 1065 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:25.296632 4.283332 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 4 1348 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:25.639466 4.105660 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 4 987 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:25.804280 4.098886 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 4 1218 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:25.964718 4.148997 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 4 1231 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:26.164947 3.993891 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 4 1167 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:26.209478 4.206765 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 4 1246 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:26.462296 4.029112 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 4 1333 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:26.538568 4.145271 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 4 1126 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:26.727442 4.105069 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 4 1306 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:26.872606 4.051313 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 4 1060 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:26.957689 4.655096 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1222 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:27.119119 3.968588 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 4 1159 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:27.279638 4.171796 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1180 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:28.895645 0.000000 udp 10.0.2.109 3683 <- 99.6.74.153 6911 RSP 0 0 1 542 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:32:31.613431 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:32:37.361576 0.000000 udp 10.0.2.109 3683 -> 36.2.207.138 8548 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:32:44.642411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:32:44.982741 0.000000 udp 10.0.2.109 3683 -> 117.200.90.172 5757 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:32:52.493841 0.000000 udp 10.0.2.109 3683 -> 186.4.63.37 6341 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:32:58.252031 0.064051 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:32:58.474398 0.000000 udp 10.0.2.109 3683 -> 178.128.3.179 7159 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:33:04.230919 0.000000 udp 10.0.2.109 3683 -> 151.95.47.197 9438 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:33:08.976964 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:33:11.400551 0.000000 udp 10.0.2.109 3683 -> 90.208.155.73 8298 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:33:17.169326 0.000000 udp 10.0.2.109 3683 -> 92.20.137.145 4478 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:33:25.401195 0.000000 udp 10.0.2.109 3683 -> 68.43.248.92 1049 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:33:32.281098 0.000000 udp 10.0.2.109 3683 -> 69.21.103.130 4619 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:33:40.613336 0.148705 udp 10.0.2.109 3683 <-> 174.88.206.34 1908 CON 0 0 2 784 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:33:41.090498 0.000000 udp 10.0.2.109 3683 -> 173.220.58.250 2489 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:33:46.150978 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:33:52.279613 0.108976 udp 10.0.2.109 3683 -> 78.14.195.185 7760 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:33:52.388589 0.000000 icmp 78.14.195.185 0x0303 -> 10.0.2.109 0x501e URP 192 1 189 flow=Background 1970/01/18 14:33:56.976297 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:33:59.700421 0.000000 udp 10.0.2.109 3683 -> 187.191.25.14 4408 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:34:08.413166 0.000000 udp 10.0.2.109 3683 -> 121.12.163.98 9064 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:34:13.430224 0.072921 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:34:13.648136 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:34:19.258316 0.000000 udp 10.0.2.109 3683 -> 122.183.17.226 3367 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:34:27.790374 0.000000 udp 10.0.2.109 3683 -> 172.2.138.79 1779 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:34:33.609437 0.000000 udp 10.0.2.109 3683 -> 197.6.69.105 6101 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:34:42.502005 0.000000 udp 10.0.2.109 3683 -> 70.60.193.10 2063 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:34:47.468433 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:34:49.551803 0.047608 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:34:49.647165 0.000000 udp 10.0.2.109 3683 -> 109.155.245.237 4764 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:34:58.024246 0.000000 udp 10.0.2.109 3683 -> 90.221.168.78 6791 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:35:06.957197 0.000000 udp 10.0.2.109 3683 -> 50.75.48.164 3660 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:35:15.940170 0.047723 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 805 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:35:16.020927 0.000000 udp 10.0.2.109 3683 -> 77.183.13.60 3056 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:35:21.417918 0.121887 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 671 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:35:21.752847 0.000000 udp 10.0.2.109 3683 -> 185.13.143.150 8956 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:35:29.539399 0.000000 udp 10.0.2.109 3683 -> 77.181.46.79 2940 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:35:34.476019 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:35:37.661322 0.000000 udp 10.0.2.109 3683 -> 24.98.64.134 4880 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:35:45.892739 0.000000 udp 10.0.2.109 3683 -> 89.97.18.48 7366 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:35:52.302294 0.000000 udp 10.0.2.109 3683 -> 80.145.200.99 3430 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:36:00.073544 0.000000 udp 10.0.2.109 3683 -> 75.109.189.157 7538 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:36:08.605708 0.000000 udp 10.0.2.109 3683 -> 95.90.117.118 9335 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:36:15.716196 0.028400 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:36:15.744596 0.000000 icmp 217.91.147.140 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 277 flow=Background 1970/01/18 14:36:20.512526 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:36:23.557424 0.000000 udp 10.0.2.109 3683 -> 195.53.174.49 8284 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:36:31.388369 0.058461 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 816 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:36:31.456736 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:36:37.607361 0.000000 udp 10.0.2.109 3683 -> 68.15.223.145 3051 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:36:45.508351 0.000000 udp 10.0.2.109 3683 -> 94.69.215.238 3439 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:36:51.677729 0.000000 udp 10.0.2.109 3683 -> 200.87.228.38 6963 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:36:59.288278 0.000000 udp 10.0.2.109 3683 -> 94.55.30.216 9333 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:37:04.806678 0.291314 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 688 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:37:05.251232 0.056479 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 657 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:37:05.431273 0.213612 udp 10.0.2.109 3683 <-> 189.167.62.117 3188 CON 0 0 2 773 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:37:05.694907 0.044303 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 2 836 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:37:05.769362 0.000000 udp 10.0.2.109 3683 -> 87.236.212.210 8421 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:37:09.513104 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:37:11.296036 0.000000 udp 10.0.2.109 3683 -> 64.180.226.146 7224 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:37:20.299205 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:37:28.270154 0.000000 udp 10.0.2.109 3683 -> 78.152.125.2 8385 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:37:35.190323 0.000000 udp 10.0.2.109 3683 -> 88.247.94.236 5931 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:37:40.417788 0.000000 udp 10.0.2.109 3683 -> 71.180.82.166 6782 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:37:47.677853 0.000000 udp 10.0.2.109 3683 -> 61.247.170.97 6830 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:37:53.566319 0.000000 udp 10.0.2.109 3683 -> 81.155.150.218 9868 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:37:58.523170 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:38:01.738018 0.000000 udp 10.0.2.109 3683 -> 164.58.145.60 4526 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:38:07.897453 0.000000 udp 10.0.2.109 3683 -> 86.168.156.54 1651 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:38:15.859044 0.000000 udp 10.0.2.109 3683 -> 80.149.187.98 2660 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:38:22.948736 0.000000 udp 10.0.2.109 3683 -> 186.95.97.7 6273 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:38:28.797232 0.000000 udp 10.0.2.109 3683 -> 173.220.177.234 1546 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:38:37.289508 0.000000 udp 10.0.2.109 3683 -> 78.143.160.1 3502 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:38:42.296908 0.241177 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 776 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:38:42.676830 0.000000 udp 10.0.2.109 3683 -> 192.65.232.30 6346 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:38:47.043320 0.055115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:38:48.729142 3.000584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 14:38:51.169045 0.000000 udp 10.0.2.109 3683 -> 174.141.42.248 1142 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:38:55.735831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:38:58.600275 0.000000 udp 10.0.2.109 3683 -> 182.160.1.149 9379 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:39:03.737470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:39:04.678621 0.000000 udp 10.0.2.109 3683 -> 99.8.121.25 4727 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:39:13.531591 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:39:19.740651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:39:21.853664 0.000000 udp 10.0.2.109 3683 -> 173.16.194.248 3054 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:39:29.684540 0.000000 udp 10.0.2.109 3683 -> 78.162.186.47 4502 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:39:34.551325 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:39:37.075687 0.000000 udp 10.0.2.109 3683 -> 75.120.46.136 8254 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:39:45.927879 0.236986 udp 10.0.2.109 3683 <-> 69.237.153.59 4192 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:39:46.182672 0.236218 udp 10.0.2.109 3683 <-> 76.219.181.10 7295 CON 0 0 2 789 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:39:46.466823 0.000000 udp 10.0.2.109 3683 -> 82.114.178.74 5105 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:39:51.746090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:39:53.558922 0.135052 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 733 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:39:53.704334 0.000000 udp 10.0.2.109 3683 -> 76.21.46.106 5235 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:00.438795 0.181151 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 812 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:40:00.634373 0.000000 udp 10.0.2.109 3683 -> 94.66.204.180 6063 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:06.066912 0.176884 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:40:06.314093 0.000000 udp 10.0.2.109 3683 -> 173.189.26.188 9737 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:11.865454 0.000000 udp 10.0.2.109 3683 -> 96.56.118.106 4157 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:17.944240 0.162146 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:40:18.140399 0.000000 udp 10.0.2.109 3683 -> 86.168.205.107 2229 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:22.550751 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:40:24.032844 0.000000 udp 10.0.2.109 3683 -> 99.60.181.75 4433 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:29.901720 0.000000 udp 10.0.2.109 3683 -> 64.135.20.162 4265 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:35.679682 0.000000 udp 10.0.2.109 3683 -> 50.195.163.205 3119 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:43.671186 0.000000 udp 10.0.2.109 3683 -> 188.10.89.239 4286 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:50.631465 0.000000 udp 10.0.2.109 3683 -> 203.206.139.148 3549 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:40:58.942768 0.000000 udp 10.0.2.109 3683 -> 59.99.232.248 2834 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:41:04.140262 0.000000 udp 10.0.2.109 3683 -> 92.148.248.53 2845 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:41:09.047193 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:41:11.000615 0.206233 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:41:11.470309 0.000000 udp 10.0.2.109 3683 -> 72.197.243.218 5666 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:41:16.898578 0.208853 udp 10.0.2.109 3683 <-> 108.245.72.131 6836 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:41:17.322323 0.000000 udp 10.0.2.109 3683 -> 87.24.2.194 6427 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:41:22.417932 0.000000 udp 10.0.2.109 3683 -> 71.166.245.104 7615 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:41:30.869312 0.000000 udp 10.0.2.109 3683 -> 72.69.14.81 8209 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:41:39.070853 0.000000 udp 10.0.2.109 3683 -> 176.25.234.148 5180 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:41:44.969475 0.000000 udp 10.0.2.109 3683 -> 186.104.153.1 8811 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:41:53.391380 0.000000 udp 10.0.2.109 3683 -> 77.103.132.89 1649 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:41:58.047827 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:42:01.292485 0.059041 udp 10.0.2.109 3683 <-> 91.58.150.62 1205 CON 0 0 2 659 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:42:01.384779 0.000000 udp 10.0.2.109 3683 -> 86.124.80.202 3415 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:42:09.094152 0.000000 udp 10.0.2.109 3683 -> 96.8.193.166 2626 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:42:16.214153 0.000000 udp 10.0.2.109 3683 -> 212.12.183.226 1741 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:42:25.057090 0.000000 udp 10.0.2.109 3683 -> 86.21.10.53 8957 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:42:30.494404 0.000000 udp 10.0.2.109 3683 -> 173.14.132.109 6278 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:42:35.902656 0.000000 udp 10.0.2.109 3683 -> 83.215.96.121 7758 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:42:44.264465 0.031874 udp 10.0.2.109 3683 -> 188.100.2.173 9349 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:42:44.296339 0.000000 icmp 188.100.2.173 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 261 flow=Background 1970/01/18 14:42:49.050929 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:42:50.913958 0.000000 udp 10.0.2.109 3683 -> 200.83.106.73 7432 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:42:58.955349 0.000000 udp 10.0.2.109 3683 -> 115.132.63.31 7109 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:43:06.336317 0.000000 udp 10.0.2.109 3683 -> 81.151.23.66 8102 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:43:14.838361 0.000000 udp 10.0.2.109 3683 -> 50.55.191.34 8620 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:43:20.236509 0.000000 udp 10.0.2.109 3683 -> 217.92.2.136 9103 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:43:25.263331 0.000000 udp 10.0.2.109 3683 -> 72.71.251.32 7491 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:43:33.515199 0.341210 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 730 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:43:33.871255 0.000000 udp 10.0.2.109 3683 -> 69.198.6.243 1140 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:43:38.051858 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 14:43:42.428330 0.084217 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 793 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:43:42.526990 0.402472 udp 10.0.2.109 3683 <-> 190.129.24.18 8243 CON 0 0 2 798 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:43:43.004225 0.000000 udp 10.0.2.109 3683 -> 116.14.221.155 4878 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:43:49.347754 0.000000 udp 10.0.2.109 3683 -> 71.87.6.165 4424 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:43:56.448242 0.000000 udp 10.0.2.109 3683 -> 71.172.141.7 1153 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:44:01.715554 0.176811 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 662 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:44:01.903435 0.251414 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/18 14:44:02.212905 0.000000 udp 10.0.2.109 3683 -> 96.235.98.21 8958 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:44:08.215644 0.000000 udp 10.0.2.109 3683 -> 112.139.130.73 9493 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:44:17.128186 0.000000 udp 10.0.2.109 3683 -> 78.180.162.95 2165 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 14:45:55.753195 3.000424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 14:46:02.759388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:46:10.761308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:46:26.764532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:46:58.770629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:53:02.776777 3.001095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 14:53:09.783502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:53:17.785263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:53:33.788250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 14:54:05.794080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:00:09.800989 3.000963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 15:00:17.539119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:00:22.626502 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 15:00:22.626596 1.025432 tcp 10.0.2.109 58104 -> 70.113.215.93 3558 FSPA* 0 0 14 1660 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:00:25.540058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:00:41.543117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:01:13.549338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:07:17.556805 3.000139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 15:07:25.384243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:07:33.385153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:07:49.388675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:08:21.394599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:14:25.401387 3.000466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 15:14:32.037808 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 15:14:32.037909 0.169808 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:32.208063 0.175622 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:32.384071 0.051439 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:32.407730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:14:32.435965 0.052022 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:32.488437 0.177103 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:32.665877 0.138526 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:32.804849 0.176685 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:32.982004 0.137885 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:33.120301 0.035825 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:33.156529 0.375432 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:33.532340 0.172381 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:33.705081 0.160730 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:33.866254 0.136726 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:34.003386 0.154320 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:34.158276 0.085738 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:34.244456 0.190951 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:34.435857 0.039838 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:34.476060 0.248517 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:34.724948 0.073520 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:35.346654 0.182168 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:35.529152 0.147530 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:35.677025 0.163419 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:35.840840 0.323992 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:36.165171 0.159869 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:36.325394 0.053263 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:36.378998 0.141648 udp 10.0.2.109 3683 <-> 174.88.206.34 1908 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:36.521057 0.065741 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:36.587141 0.048118 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:36.635672 0.040126 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:36.676165 0.118595 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:14:36.795166 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:14:40.408965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:14:52.739476 0.052017 tcp 10.0.2.109 58105 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:14:52.791754 0.052604 tcp 10.0.2.109 58106 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:14:52.844727 0.146052 tcp 10.0.2.109 58107 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:14:52.991261 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:14:56.412198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:15:09.742391 0.051390 tcp 10.0.2.109 58108 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:15:09.794057 0.054312 tcp 10.0.2.109 58109 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:15:09.848643 0.148015 tcp 10.0.2.109 58110 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:15:09.997129 0.157131 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:10.154724 0.223533 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:10.531527 0.412921 udp 10.0.2.109 3683 <-> 189.167.62.117 3188 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:10.944817 0.177785 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:11.122999 0.000000 udp 10.0.2.109 3683 -> 69.237.153.59 4192 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:15:28.518382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:15:29.660514 0.055109 tcp 10.0.2.109 58111 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:15:29.715554 0.054120 tcp 10.0.2.109 58112 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:15:29.769979 0.149353 tcp 10.0.2.109 58113 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:15:29.919967 0.222888 udp 10.0.2.109 3683 <-> 76.219.181.10 7295 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:30.143252 0.128805 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:30.272495 0.179647 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:30.452567 0.170187 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:30.625882 0.161372 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:30.787648 0.158891 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:30.946945 0.205900 udp 10.0.2.109 3683 <-> 108.245.72.131 6836 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:31.153267 0.000000 udp 10.0.2.109 3683 -> 91.58.150.62 1205 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:15:49.889715 0.052950 tcp 10.0.2.109 58114 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:15:49.942497 0.054470 tcp 10.0.2.109 58115 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:15:49.997277 0.129438 tcp 10.0.2.109 58116 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:15:50.127143 0.367617 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:50.583359 0.079366 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:15:50.663173 0.000000 udp 10.0.2.109 3683 -> 190.129.24.18 8243 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:16:06.293373 0.052757 tcp 10.0.2.109 58117 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:16:06.346447 0.053155 tcp 10.0.2.109 58118 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:16:06.399839 0.143575 tcp 10.0.2.109 58119 -> 195.113.214.211 443 SRPA* 0 0 21 11362 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:16:06.543974 0.169886 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:16:06.714400 0.173040 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:21:32.525690 3.000128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 15:21:39.531740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:21:47.533455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:22:03.536209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:22:35.542361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:28:39.549139 3.000894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 15:28:46.555991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:28:54.557416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:29:10.560074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:29:42.566757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:30:24.086637 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 15:30:24.086745 1.037408 tcp 10.0.2.109 58120 -> 70.113.215.93 3558 FSPA* 0 0 14 1575 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:35:46.572539 3.001574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 15:35:53.580031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:36:01.581751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:36:17.584026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:36:49.590609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:42:53.596698 3.001019 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 15:43:00.603524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:43:10.007341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:43:26.010672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:43:58.016364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:46:21.292728 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 15:46:21.292846 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:46:39.561122 0.053280 tcp 10.0.2.109 58121 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:46:39.614695 0.054096 tcp 10.0.2.109 58122 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:46:39.669087 0.148312 tcp 10.0.2.109 58123 -> 195.113.214.211 443 SRPA* 0 0 45 40960 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:46:39.817976 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:46:57.395914 0.051889 tcp 10.0.2.109 58124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:46:57.448184 0.052751 tcp 10.0.2.109 58125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:46:57.501321 0.149681 tcp 10.0.2.109 58126 -> 195.113.214.211 443 SRPA* 0 0 39 23116 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:46:57.651687 0.000000 udp 10.0.2.109 3683 -> 69.237.153.59 4192 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:47:14.449688 0.052528 tcp 10.0.2.109 58127 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:47:14.502533 0.053293 tcp 10.0.2.109 58128 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:47:14.555645 0.144267 tcp 10.0.2.109 58129 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:47:14.700538 0.000000 udp 10.0.2.109 3683 -> 91.58.150.62 1205 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:47:30.122163 0.052833 tcp 10.0.2.109 58130 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:47:30.175275 0.054144 tcp 10.0.2.109 58131 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:47:30.229292 0.146146 tcp 10.0.2.109 58132 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:47:30.375964 0.000000 udp 10.0.2.109 3683 -> 190.129.24.18 8243 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:47:47.977636 0.053322 tcp 10.0.2.109 58133 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:47:48.031232 0.053471 tcp 10.0.2.109 58134 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:47:48.084999 0.146198 tcp 10.0.2.109 58135 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:47:48.231786 0.188489 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:48.420657 0.051774 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:48.472818 0.177071 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:48.650337 0.175070 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:48.825820 0.133844 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:48.960087 0.050150 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:49.010637 0.172209 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:49.183178 0.140725 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:49.324342 0.359359 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:49.684119 0.036170 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:49.720687 0.133019 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:49.854197 0.158641 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:50.013214 0.171343 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:50.184898 0.157150 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:50.342472 0.188152 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:50.531028 0.040039 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:50.571439 0.253769 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:50.825624 0.086550 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:50.912604 0.110818 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:51.023839 0.142744 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:51.167034 0.163525 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:51.330971 0.183780 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:51.515095 0.066078 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:51.581592 0.119236 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:47:51.701252 0.000000 udp 10.0.2.109 3683 -> 174.88.206.34 1908 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 15:48:10.359954 0.053223 tcp 10.0.2.109 58136 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:48:10.413546 0.053991 tcp 10.0.2.109 58137 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:48:10.467420 0.194354 tcp 10.0.2.109 58138 -> 195.113.214.211 443 SRPA* 0 0 47 37276 flow=From-Botnet-V1-TCP-Established 1970/01/18 15:48:10.662552 0.057897 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:10.720882 0.040017 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:10.761284 0.048127 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:10.809759 0.314175 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:11.124288 0.160199 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:11.284878 0.224658 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:11.509933 0.598145 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:12.108511 0.205529 udp 10.0.2.109 3683 <-> 189.167.62.117 3188 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:12.314470 0.187531 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:12.502504 0.208452 udp 10.0.2.109 3683 <-> 76.219.181.10 7295 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:12.711361 0.170536 rtcp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:12.882458 0.163353 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:13.046220 0.251344 udp 10.0.2.109 3683 <-> 108.245.72.131 6836 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:13.297976 0.141783 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:13.440179 0.173747 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:13.614467 0.179749 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:13.794683 1.065639 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:14.860736 0.336761 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:15.197910 0.174641 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:48:15.372963 0.174175 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/18 15:50:02.021797 3.002331 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 15:50:09.029939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:50:17.030974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:50:33.034152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:51:05.040041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:57:09.046989 3.000846 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 15:57:16.053427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:57:24.055556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:57:40.058385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 15:58:12.064573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:00:25.817694 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 16:00:25.817792 1.157847 tcp 10.0.2.109 58139 -> 70.113.215.93 3558 FSPA* 0 0 14 1731 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:04:16.070621 3.001113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 16:04:23.077667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:04:31.078903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:04:47.082291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:05:19.087952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:11:23.095117 3.000708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 16:11:30.101942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:11:38.193348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:11:54.196315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:12:26.202337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:18:30.208967 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 16:18:37.215712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:18:38.177595 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 16:18:38.177689 0.000000 udp 10.0.2.109 3683 -> 174.88.206.34 1908 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 16:18:45.217014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:18:56.585383 0.053557 tcp 10.0.2.109 58140 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:18:56.639264 0.072077 tcp 10.0.2.109 58141 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:18:56.711663 0.142219 tcp 10.0.2.109 58142 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:18:56.854513 0.188003 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:18:57.042881 0.000000 udp 10.0.2.109 3683 -> 98.177.224.252 4874 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 16:19:01.220046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:19:15.290970 0.052910 tcp 10.0.2.109 58143 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:19:15.344237 0.051884 tcp 10.0.2.109 58144 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:19:15.396469 0.146163 tcp 10.0.2.109 58145 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:19:15.543124 0.054067 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:15.597730 0.138004 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:15.736136 0.050416 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:15.786888 0.168947 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:15.956230 0.145608 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:16.102311 0.364634 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:16.467345 0.035267 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:16.503031 0.182234 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:16.685725 0.131960 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:16.818038 0.154065 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:16.972503 0.192701 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:17.165570 0.309366 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:17.475357 0.170959 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:17.646757 0.186464 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:17.833640 0.091314 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:17.925374 0.075442 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:18.001170 0.147445 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:18.149005 0.160162 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:18.309545 0.187516 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:18.497479 0.073010 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:18.570844 0.118584 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:18.689854 0.249910 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:18.940174 0.055188 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:18.995788 0.039888 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:19.036029 0.042380 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:19.078816 0.370240 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:19.449490 0.159656 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:19.609633 0.224061 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:19.834067 0.178572 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:20.013073 0.000000 udp 10.0.2.109 3683 -> 76.219.181.10 7295 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 16:19:33.226513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:19:37.563163 0.051203 tcp 10.0.2.109 58146 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:19:37.614240 0.052231 tcp 10.0.2.109 58147 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:19:37.666781 0.146007 tcp 10.0.2.109 58148 -> 195.113.214.211 443 SRPA* 0 0 32 17434 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:19:37.813319 0.000000 udp 10.0.2.109 3683 -> 84.152.214.101 1251 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 16:19:52.945603 0.053784 tcp 10.0.2.109 58149 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:19:52.999240 0.053423 tcp 10.0.2.109 58150 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:19:53.052941 0.148818 tcp 10.0.2.109 58151 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:19:53.202396 0.201785 udp 10.0.2.109 3683 <-> 189.167.62.117 3188 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:53.404523 0.174295 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:53.579157 0.158229 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:53.737811 0.222705 udp 10.0.2.109 3683 <-> 108.245.72.131 6836 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:53.960863 0.127725 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:54.089020 0.174766 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:54.264214 0.183049 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:54.447658 0.176064 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:54.624107 0.173760 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:54.798428 0.076720 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:19:54.875584 0.336845 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:25:37.232566 3.082015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 16:25:44.320107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:25:52.321149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:26:08.324153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:26:40.330715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:30:27.046544 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 16:30:27.046717 1.130170 tcp 10.0.2.109 58152 -> 70.113.215.93 3558 FSPA* 0 0 14 1676 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:32:44.336173 3.001568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 16:32:51.343813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:32:59.345408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:33:15.348056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:33:47.354633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:39:51.360865 3.000836 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 16:39:59.569662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:40:07.571667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:40:23.574539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:40:55.579746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:46:59.585454 3.002303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 16:47:06.593701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:47:14.594661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:47:30.597952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:48:02.604059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:50:00.303882 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 16:50:00.304145 0.177246 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:00.481826 0.000000 udp 10.0.2.109 3683 -> 76.219.181.10 7295 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 16:50:17.330259 0.053814 tcp 10.0.2.109 58153 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:50:17.384447 0.053490 tcp 10.0.2.109 58154 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:50:17.438260 0.149282 tcp 10.0.2.109 58155 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:50:17.588201 0.000000 udp 10.0.2.109 3683 -> 84.152.214.101 1251 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 16:50:35.303921 0.051985 tcp 10.0.2.109 58156 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:50:35.356226 0.030797 tcp 10.0.2.109 58157 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:50:35.387300 0.145696 tcp 10.0.2.109 58158 -> 195.113.214.211 443 SRPA* 0 0 45 41860 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:50:35.533727 0.180058 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:35.714236 0.138981 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:35.853617 0.051410 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:35.905455 0.049964 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:35.955759 0.324379 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:36.280490 0.035154 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:36.315994 0.174645 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:36.491049 0.138034 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:36.629432 0.167492 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:36.797324 0.136892 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:36.934698 0.163961 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:37.099077 0.044170 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:37.143654 0.180153 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:37.324150 0.200280 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:37.524834 0.175640 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:37.700884 0.161221 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:37.862520 0.185738 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:38.048662 0.073057 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:38.122056 0.118204 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:38.240693 0.087720 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:38.328825 0.148561 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:38.477880 0.158900 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:38.637190 0.312885 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:38.950438 0.160007 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:39.110805 0.295402 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:39.406637 0.256065 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:39.663019 0.056550 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:39.719976 0.041276 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:39.761614 0.043383 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:39.805448 0.175507 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:39.981347 0.201877 udp 10.0.2.109 3683 <-> 189.167.62.117 3188 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:40.183642 0.174893 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:40.358932 0.163305 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:40.522592 0.173080 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:40.696001 0.182815 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:40.879193 0.177139 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:41.056716 0.173373 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:41.230493 0.000000 udp 10.0.2.109 3683 -> 108.245.72.131 6836 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 16:50:58.568050 0.052425 tcp 10.0.2.109 58159 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:50:58.620758 0.052595 tcp 10.0.2.109 58160 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:50:58.673658 0.220778 tcp 10.0.2.109 58161 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/18 16:50:58.894907 0.127884 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:59.023141 0.077222 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:50:59.100764 0.370789 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/18 16:54:06.609959 3.001618 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 16:54:13.617464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:54:21.619190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:54:37.622155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 16:55:09.627738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:00:28.777570 0.000191 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 17:00:28.777863 1.136131 tcp 10.0.2.109 58162 -> 70.113.215.93 3558 FSPA* 0 0 15 1572 flow=From-Botnet-V1-TCP-Established 1970/01/18 17:01:13.634255 3.001080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 17:01:20.641527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:01:28.642732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:01:44.645959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:02:17.683651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:08:24.694462 3.000889 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 17:08:31.701283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:08:39.702928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:08:55.705993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:09:27.711630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:15:34.722855 3.000757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 17:15:41.729367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:15:49.750657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:16:05.754337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:16:37.760390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:21:12.044478 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 17:21:12.044565 0.000000 udp 10.0.2.109 3683 -> 108.245.72.131 6836 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 17:21:28.269806 0.053771 tcp 10.0.2.109 58163 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 17:21:28.323900 0.053157 tcp 10.0.2.109 58164 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 17:21:28.377346 0.145802 tcp 10.0.2.109 58165 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/18 17:21:28.523362 0.180597 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:28.704401 0.053330 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:28.758325 0.048746 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:28.807477 0.179710 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:28.987530 0.134946 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:29.122888 0.376928 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:29.500221 0.141740 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:29.642381 0.169960 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:29.812740 0.136609 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:29.949842 0.174080 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:30.124333 0.036308 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:30.161027 0.156635 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:30.318207 0.194854 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:30.513462 0.183316 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:30.697199 0.159637 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:30.857235 0.201865 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:31.059497 0.044483 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:31.104379 0.158733 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:31.263450 0.093872 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:31.357696 0.149101 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:31.507147 0.092424 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:31.599927 0.334385 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:31.934739 0.118633 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:32.053776 0.067886 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:32.122010 0.316153 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:32.438566 0.058211 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:32.497194 0.039998 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:32.537620 0.041355 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:32.579299 0.220358 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:32.800081 0.160062 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:32.960555 0.207725 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:33.168775 0.159468 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:33.328649 0.173913 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:33.502965 0.180942 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:33.684312 0.176014 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:33.860886 0.200759 udp 10.0.2.109 3683 <-> 189.167.62.117 3188 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:34.061963 0.173733 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:34.236094 0.177551 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:34.414078 0.135399 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:34.549860 0.078660 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:21:34.628988 0.330542 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:23:06.771647 3.001654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 17:23:13.779658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:23:21.780591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:23:37.783768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:24:09.789628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:30:13.796645 3.001082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 17:30:20.803398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:30:28.805220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:30:30.427739 0.000178 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 17:30:30.428084 0.996881 tcp 10.0.2.109 58166 -> 70.113.215.93 3558 FSPA* 0 0 14 1700 flow=From-Botnet-V1-TCP-Established 1970/01/18 17:30:44.807643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:31:16.813984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:37:24.826336 3.000683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 17:37:31.833200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:37:39.834975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:37:55.837758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:38:27.843655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:44:35.855280 3.001916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 17:44:42.862987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:44:50.864405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:45:06.867414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:45:38.873183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:51:42.879324 3.002073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 17:51:49.886634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:51:51.719627 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 17:51:51.719774 0.179496 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:51.899643 0.053626 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:51.953696 0.055099 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:52.009150 0.175692 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:52.185276 0.137555 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:52.323166 0.335199 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:52.658796 0.141620 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:52.800889 0.168700 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:52.970047 0.138858 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:53.109312 0.181598 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:53.291328 0.036310 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:53.328056 0.155487 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:53.483939 0.197424 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:53.681792 0.176324 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:53.858489 0.160286 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:54.019195 0.184783 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:54.204392 0.044343 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:54.249166 0.167229 rtcp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:54.416798 0.079931 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:54.497160 0.145677 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:54.643231 0.168651 rtcp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:54.812258 0.367575 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:55.180228 0.120151 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:55.300757 0.067992 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:55.369146 0.252065 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:55.621678 0.057290 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:55.679376 0.045947 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:55.725711 0.041307 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:55.767416 0.177848 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:55.945721 0.159138 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:56.105212 0.218032 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:56.323623 0.180594 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:56.504637 0.275460 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:56.780458 0.179761 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:56.960626 0.176511 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:51:57.137500 0.000000 udp 10.0.2.109 3683 -> 189.167.62.117 3188 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 17:51:57.887981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:52:13.891639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:52:14.394585 0.031419 tcp 10.0.2.109 58167 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 17:52:14.426365 0.030993 tcp 10.0.2.109 58168 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 17:52:14.457767 0.142990 tcp 10.0.2.109 58169 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/18 17:52:14.600998 0.142611 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:52:14.744010 0.085281 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:52:14.829718 0.369136 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:52:15.199314 0.175926 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:52:15.375665 0.174056 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/18 17:52:45.897437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:58:49.906720 2.998783 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 17:58:56.910882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:59:04.912382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:59:20.915144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 17:59:52.921156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:00:31.427430 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 18:00:31.427533 1.255457 tcp 10.0.2.109 58170 -> 70.113.215.93 3558 FSPA* 0 0 14 1572 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:05:56.927902 3.111518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 18:06:04.044669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:06:12.046377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:06:28.049100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:07:00.055632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:13:04.061275 3.001958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 18:13:11.068684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:13:19.070180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:13:35.073461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:14:07.079446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:20:11.086078 3.000942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 18:20:18.093113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:20:26.093982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:20:42.097304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:21:14.103022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:22:36.392372 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 18:22:36.392469 0.000000 udp 10.0.2.109 3683 -> 189.167.62.117 3188 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 18:22:53.318002 0.052970 tcp 10.0.2.109 58171 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:22:53.371355 0.031290 tcp 10.0.2.109 58172 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:22:53.402522 0.126272 tcp 10.0.2.109 58173 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:22:53.529290 0.181682 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:22:53.711419 0.052511 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:22:53.764309 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 18:23:12.083757 0.029973 tcp 10.0.2.109 58174 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:23:12.114233 0.030870 tcp 10.0.2.109 58175 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:23:12.145364 0.301396 tcp 10.0.2.109 58176 -> 195.113.214.211 443 SRPA* 0 0 35 26872 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:23:12.447329 0.137776 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:12.585481 0.366368 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:12.952334 0.141288 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:13.094015 0.168900 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:13.263375 0.048770 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:13.312553 0.172767 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:13.485733 0.144252 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:13.630401 0.191960 udp 10.0.2.109 3683 <-> 70.51.117.142 2264 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:13.822707 0.192388 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:14.015620 0.158856 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:14.174893 0.035401 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:14.210665 0.044407 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:14.255420 0.176226 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:14.431999 0.083963 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:14.516363 0.146575 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:14.663340 0.076527 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:14.740249 0.186239 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:14.926966 0.160420 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:15.087822 0.065130 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:15.153299 0.255180 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:15.408892 0.057942 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:15.467233 0.040133 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:15.507782 0.044726 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:15.552869 0.176462 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:15.729741 0.399795 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:16.129928 0.117668 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:16.248034 0.164989 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:16.413421 0.173490 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:16.587281 0.182707 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:16.770516 0.187314 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:17.061907 0.162694 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:17.225004 0.175531 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:17.400932 0.135058 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:17.536332 0.085507 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:17.622429 0.171140 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:17.793904 0.348664 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:23:18.142911 0.179595 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:27:18.108928 3.002230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 18:27:25.116491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:27:33.118133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:27:49.121203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:28:21.128534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:30:32.736695 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 18:30:32.736799 1.105838 tcp 10.0.2.109 58177 -> 70.113.215.93 3558 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:34:25.133914 3.002012 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 18:34:32.140415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:34:40.142116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:34:56.145429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:35:28.151418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:41:32.157855 3.001201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 18:41:39.164808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:41:47.166288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:42:03.169082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:42:35.175034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:48:39.181083 3.001505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 18:48:46.188999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:48:54.190108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:49:10.193161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:49:42.199261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:53:29.857136 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 18:53:29.857235 0.179506 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:30.037116 0.176190 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:30.213681 0.052274 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:30.266388 0.138309 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:30.405111 0.357651 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:30.763197 0.141827 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:30.905409 0.167642 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:31.073422 0.048612 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:31.122509 0.172467 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:31.295396 0.143900 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:31.439700 0.000000 udp 10.0.2.109 3683 -> 70.51.117.142 2264 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 18:53:48.445550 0.053813 tcp 10.0.2.109 58178 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:53:48.499639 0.032591 tcp 10.0.2.109 58179 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:53:48.532564 0.126144 tcp 10.0.2.109 58180 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:53:48.658578 0.171644 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:48.830628 0.061575 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:48.892604 0.160435 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:49.053455 0.083652 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:49.137510 0.146251 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:49.284177 0.202938 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:49.487526 0.185936 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:49.673859 0.154760 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:49.829028 0.036306 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:49.865725 0.162700 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:50.028783 0.067621 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:50.096801 0.249865 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:50.347059 0.058206 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:50.405725 0.040451 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:50.446584 0.049056 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:50.496040 0.177407 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:50.673879 0.159404 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:53:50.833715 0.000000 udp 10.0.2.109 3683 -> 108.236.241.21 1867 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 18:54:07.761603 0.053051 tcp 10.0.2.109 58181 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:54:07.815003 0.053626 tcp 10.0.2.109 58182 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:54:07.868929 0.137590 tcp 10.0.2.109 58183 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/18 18:54:08.007136 0.180763 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:08.188283 0.353362 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:08.542060 0.118545 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:08.660958 0.271312 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:08.932676 0.160033 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:09.093122 0.176745 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:09.270408 0.134825 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:09.405664 0.074783 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:09.480855 0.250659 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:09.731886 0.336191 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:54:10.068510 0.193972 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/18 18:55:46.205314 3.001861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 18:55:53.212571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:56:01.214047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:56:17.217513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 18:56:49.223572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:00:33.846665 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 19:00:33.846902 1.156614 tcp 10.0.2.109 58184 -> 70.113.215.93 3558 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:02:53.230444 3.000349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 19:03:00.236892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:03:08.237840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:03:24.241031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:03:56.247221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:10:00.253214 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 19:10:07.260876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:10:15.262070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:10:31.265446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:11:03.271322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:17:07.277299 3.001605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 19:17:14.284364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:17:22.285718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:17:38.292027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:18:10.295200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:24:14.301358 3.001384 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 19:24:19.466369 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 19:24:19.466473 0.000000 udp 10.0.2.109 3683 -> 70.51.117.142 2264 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 19:24:21.308156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:24:29.309896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:24:35.450692 0.031808 tcp 10.0.2.109 58185 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:24:35.482416 0.031552 tcp 10.0.2.109 58186 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:24:35.514443 0.126189 tcp 10.0.2.109 58187 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:24:35.639575 0.000000 udp 10.0.2.109 3683 -> 108.236.241.21 1867 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 19:24:45.312961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:24:50.811581 0.030772 tcp 10.0.2.109 58188 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:24:50.842700 0.031132 tcp 10.0.2.109 58189 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:24:50.874288 0.131590 tcp 10.0.2.109 58190 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:24:51.004575 0.137839 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:51.142876 0.370089 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:51.513365 0.140649 rtcp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:51.654541 0.177480 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:51.832431 0.052698 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:51.885474 0.179640 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:52.065523 0.054105 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:52.120060 0.169085 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:52.289524 0.179269 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:52.469250 0.131703 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:52.601363 0.172825 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:52.774537 0.040543 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:52.815478 0.162715 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:52.978584 0.146102 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:53.125109 0.155725 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:53.281260 0.188866 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:53.470548 0.150050 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:53.621001 0.034945 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:53.656290 0.091022 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:53.747726 0.251251 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:53.999369 0.056307 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:54.056086 0.044882 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:54.101304 0.052955 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:54.154603 0.178642 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:54.333676 0.159774 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:54.493855 0.157943 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:54.652182 0.066281 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:54.718878 0.382498 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:55.101787 0.117661 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:55.219896 0.186495 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:24:55.406804 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 19:25:13.994524 0.034492 tcp 10.0.2.109 58191 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:25:14.028855 0.031745 tcp 10.0.2.109 58192 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:25:14.060447 0.147588 tcp 10.0.2.109 58193 -> 195.113.214.211 443 SRPA* 0 0 40 22630 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:25:14.208554 0.177311 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:25:14.386290 0.128050 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:25:14.514756 0.072133 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:25:14.587811 0.172416 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:25:14.760673 0.175485 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:25:14.936524 0.343724 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:25:15.280667 0.174765 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:25:17.318868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:30:35.006339 0.000198 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 19:30:35.006653 1.052501 tcp 10.0.2.109 58194 -> 70.113.215.93 3558 FSPA* 0 0 14 1528 flow=From-Botnet-V1-TCP-Established 1970/01/18 19:31:21.325398 3.001127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 19:31:28.332152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:31:36.333713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:31:52.337062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:32:24.423371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:38:28.428754 3.002034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 19:38:35.436704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:38:43.437856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:38:59.440830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:39:31.857756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:45:35.863555 3.002042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 19:45:42.871322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:45:50.872944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:46:06.875286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:46:38.881765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:52:42.888638 3.000566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 19:52:49.895055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:52:57.896633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:53:13.899798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:53:45.905724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 19:55:45.828475 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 19:55:45.828657 0.181445 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:46.010499 0.139721 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:46.150635 0.179062 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:46.330121 0.052477 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:46.382995 0.135892 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:46.519242 0.336407 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:46.856135 0.049101 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:46.905655 0.168953 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:47.075012 0.175508 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:47.250876 0.143761 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:47.395038 0.183132 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:47.578569 0.061403 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:47.640351 0.159742 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:47.800446 0.164861 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:47.965653 0.183840 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:48.149933 0.155703 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:48.306043 0.036923 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:48.343369 0.089522 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:48.433293 0.252672 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:48.686332 0.146181 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:48.832929 0.246684 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:49.080026 0.048081 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:49.128494 0.182177 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:49.311055 0.165696 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:49.477118 0.160355 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:49.637876 0.069762 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:49.708006 0.054687 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:49.763061 0.040819 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:49.804337 0.187861 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:49.992592 0.118403 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:50.111428 0.346091 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:50.457947 0.076768 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:50.535113 0.172822 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:50.708359 0.162262 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:50.871045 0.172567 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:51.044028 0.135307 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:51.179707 0.346345 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:55:51.526465 0.175109 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/18 19:59:49.911153 3.292767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 19:59:57.209427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:00:05.210958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:00:21.874720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:00:36.756810 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 20:00:36.757099 1.117707 tcp 10.0.2.109 58195 -> 70.113.215.93 3558 FSPA* 0 0 14 1508 flow=From-Botnet-V1-TCP-Established 1970/01/18 20:00:53.881243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:06:57.887123 3.071272 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 20:07:04.964217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:07:12.966262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:07:28.968825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:08:00.974820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:14:04.981879 3.000804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 20:14:11.988376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:14:19.989858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:14:35.992840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:15:07.999025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:21:12.005550 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 20:21:19.012341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:21:27.013972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:21:43.116733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:22:15.123303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:26:14.838207 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 20:26:14.838306 0.181462 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:15.020130 0.051574 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:15.072076 0.136471 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:15.208872 0.179964 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:15.389224 0.141923 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:15.531576 0.282632 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:15.814568 0.052718 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:15.867725 0.169818 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:16.037959 0.174412 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:16.212801 0.143354 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:16.356593 0.183565 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:16.540540 0.045366 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:16.586351 0.158794 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:16.745507 0.164801 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:16.910690 0.197328 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:17.108428 0.153523 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:17.262442 0.035783 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:17.298696 0.094043 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:17.393188 0.246579 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:17.640124 0.147735 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:17.788237 0.176188 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:17.964813 0.164062 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:18.129307 0.161163 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:18.290881 0.072767 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:18.364026 0.059477 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:18.423908 0.041142 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:18.465436 0.071983 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:18.537855 0.212676 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:18.750969 0.242768 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:18.994085 0.117856 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:19.112351 0.361445 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:19.474238 0.075977 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:19.550624 0.173051 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:19.724074 0.134863 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:19.859365 0.357373 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:20.217094 0.177583 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:20.395033 0.159050 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:26:20.554509 0.171814 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:28:19.129645 3.001163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 20:28:26.136191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:28:34.137943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:28:50.140682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:29:22.147406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:30:37.956283 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 20:30:37.956605 1.118011 tcp 10.0.2.109 58196 -> 70.113.215.93 3558 FSPA* 0 0 12 1612 flow=From-Botnet-V1-TCP-Established 1970/01/18 20:35:26.153282 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 20:35:33.160157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:35:41.161841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:35:57.165622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:36:29.170802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:42:33.177072 3.001903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 20:42:40.184418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:42:48.186382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:43:04.188955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:43:36.194983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:49:40.200716 3.002089 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 20:49:47.208096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:49:55.210036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:50:11.213022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:50:43.219292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:56:28.696340 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 20:56:28.696442 0.137265 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:28.834104 0.181643 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:29.016201 0.141403 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:29.158002 0.345482 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:29.503910 0.049489 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:29.553768 0.178650 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:29.732794 0.052779 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:29.785994 0.167581 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:29.953955 0.171990 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:30.126457 0.142935 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:30.269766 0.183070 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:30.453199 0.057434 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:30.511019 0.156344 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:30.667779 0.170953 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:30.839165 0.212553 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:31.052471 0.155305 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:31.208171 0.035205 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:31.243766 0.085038 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:31.329148 0.253725 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:31.583296 0.148428 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:31.732187 0.175473 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:31.908009 0.071380 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:31.979811 0.054479 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:32.034699 0.046312 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:32.081409 0.078348 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:32.160160 0.051899 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:32.212522 0.199719 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:32.412573 0.193775 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:32.606710 0.163724 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:32.770810 0.119892 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:32.891112 0.377167 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:33.268702 0.078982 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:33.348108 0.175527 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:33.523981 0.128050 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:33.652438 0.161369 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:33.814161 0.176861 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:33.991438 0.354600 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:34.346438 0.175302 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/18 20:56:47.225276 3.001121 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 20:56:54.232315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:57:02.233539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:57:18.237097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 20:57:50.242916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:00:39.075887 0.000193 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 21:00:39.076184 1.269197 tcp 10.0.2.109 58197 -> 70.113.215.93 3558 FSPA* 0 0 14 1741 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:03:54.249403 3.001319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 21:04:01.256144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:04:09.257769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:04:25.260723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:04:57.266970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:11:01.273829 3.000840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 21:11:08.280072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:11:16.281775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:11:32.285086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:12:04.290930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:18:08.296861 3.002130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 21:18:15.304511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:18:23.305932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:18:39.308658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:19:11.314727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:25:15.321298 3.001104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 21:25:22.358151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:25:30.359882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:25:46.362706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:26:18.368588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:26:39.589546 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 21:26:39.589739 0.137208 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:39.727359 0.179163 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:39.906887 0.142941 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:40.050430 0.372649 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:40.423506 0.049059 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:40.472998 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 21:26:55.824644 0.053193 tcp 10.0.2.109 58198 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:26:55.878037 0.053883 tcp 10.0.2.109 58199 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:26:55.932214 0.155133 tcp 10.0.2.109 58200 -> 195.113.214.211 443 SRPA* 0 0 44 40338 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:26:56.088392 0.053611 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:56.142611 0.167933 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:56.310918 0.179636 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:56.490982 0.050821 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:56.542152 0.174903 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:56.717442 0.162701 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:56.880588 0.174127 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:57.055117 0.135852 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:57.191415 0.186322 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:57.378327 0.150621 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:57.529368 0.034710 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:57.564402 0.087621 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:57.652427 0.249717 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:57.902551 0.147175 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:58.050263 0.176747 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:58.227399 0.066792 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:58.294612 0.078181 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:58.373192 0.049082 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:58.422660 0.203725 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:58.626810 0.161307 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:58.788529 0.161295 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:58.950310 0.118425 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:59.069110 0.055528 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:59.125045 0.041224 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:59.166668 0.322806 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:59.489891 0.084136 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:59.575015 0.173256 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:59.748616 0.134760 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:26:59.883783 0.161071 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:27:00.045265 0.171091 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:27:00.216766 0.336244 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:27:00.553379 0.161974 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:30:40.345858 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 21:30:40.345968 1.208696 tcp 10.0.2.109 58201 -> 70.113.215.93 3558 FSPA* 0 0 14 1739 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:32:22.375093 3.001477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 21:32:29.382436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:32:37.384065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:32:53.386711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:33:25.392894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:39:29.399108 3.001223 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 21:39:36.405969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:39:44.407736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:40:00.410849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:40:32.416800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:46:36.423757 3.000324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 21:46:43.429822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:46:51.432142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:47:07.435042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:47:39.440544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:53:43.446671 3.001834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 21:53:50.454593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:53:58.455457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:54:14.458728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:54:46.464542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 21:57:18.914215 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 21:57:18.914310 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 21:57:35.159078 0.051977 tcp 10.0.2.109 58202 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:57:35.211334 0.052411 tcp 10.0.2.109 58203 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:57:35.264087 0.146423 tcp 10.0.2.109 58204 -> 195.113.214.211 443 SRPA* 0 0 30 21034 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:57:35.411012 0.140658 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:35.552099 0.179851 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:35.732404 0.363737 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:36.096550 0.141213 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:36.238197 0.054537 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:36.293157 0.051465 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:36.345028 0.167790 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:36.513230 0.180599 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:36.694285 0.044337 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:36.738980 0.156513 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:36.895936 0.162352 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:37.058692 0.208323 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:37.267407 0.158977 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:37.426792 0.036441 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:37.463612 0.085308 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:37.549401 0.257137 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:37.807075 0.174288 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:37.981789 0.145485 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:38.127705 0.148808 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:38.276910 0.176498 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:38.453776 0.068888 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:38.523083 0.098788 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:38.622502 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/18 21:57:57.059627 0.052273 tcp 10.0.2.109 58205 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:57:57.112226 0.053356 tcp 10.0.2.109 58206 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:57:57.165898 0.153646 tcp 10.0.2.109 58207 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/18 21:57:57.320091 0.504017 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:57.824476 0.166894 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:57.991764 0.157382 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:58.149593 0.118728 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:58.268731 0.058181 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:58.327315 0.046069 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:58.373780 0.370922 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:58.745065 0.083551 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:58.829025 0.172688 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:59.002108 0.128199 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:59.130709 0.337292 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:59.468397 0.157324 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:59.626214 0.160342 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/18 21:57:59.786924 0.174266 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:00:41.555769 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 22:00:41.555866 1.041687 tcp 10.0.2.109 58208 -> 70.113.215.93 3558 FSPA* 0 0 14 1584 flow=From-Botnet-V1-TCP-Established 1970/01/18 22:00:50.471103 3.001518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 22:00:57.477878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:01:05.479919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:01:21.482890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:01:53.488328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:07:57.494894 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 22:08:04.502199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:08:12.503459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:08:28.506556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:09:00.512422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:15:04.519085 3.001016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 22:15:11.526247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:15:19.527751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:15:35.530899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:16:07.536838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:22:11.542086 3.001892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 22:22:18.549733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:22:26.551858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:22:42.554692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:23:14.560433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:28:08.894094 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 22:28:08.894213 0.047365 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:08.942029 0.137287 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:09.079899 0.180523 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:09.260781 0.143578 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:09.419606 0.051594 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:09.471544 0.053717 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:09.525680 0.170704 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:09.696799 0.181930 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:09.879091 0.044299 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:09.923815 0.162909 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:10.087088 0.336154 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:10.423702 0.157176 rtcp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:10.581296 0.038751 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:10.620469 0.091184 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:10.712080 0.253931 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:10.966396 0.172691 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:11.139526 0.179690 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:11.319573 0.172104 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:11.492037 0.254555 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:11.747001 0.066866 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:11.814469 0.194136 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:12.008977 0.145227 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:12.154574 0.143266 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:12.298228 0.268770 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:12.567878 0.165875 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:12.734112 0.162213 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:12.896673 0.119861 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:13.016896 0.055721 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:13.072985 0.046264 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:13.119648 0.317123 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:13.437157 0.084155 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:13.521694 0.172956 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:13.695036 0.159363 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:13.854790 0.159218 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:14.014432 0.174412 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:14.189257 0.141623 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:28:14.331334 0.351792 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:29:18.566520 3.001345 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 22:29:25.573891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:29:33.575735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:29:49.578321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:30:21.584476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:30:42.604856 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 22:30:42.604957 1.435498 tcp 10.0.2.109 58209 -> 70.113.215.93 3558 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/01/18 22:36:25.591066 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 22:36:32.597863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:36:40.599206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:36:56.602532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:37:28.608151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:43:32.615058 3.000737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 22:43:39.622112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:43:47.623515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:44:03.626476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:44:35.632517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:50:39.638521 3.001269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 22:50:46.645646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:50:54.647306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:51:10.650264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:51:42.656450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:57:46.662682 3.001369 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 22:57:53.670270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:58:01.671601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:58:16.052392 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 22:58:16.052495 0.047107 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:16.100061 0.136362 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:16.236865 0.179511 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:16.416793 0.143078 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:16.560238 0.053039 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:16.613727 0.053304 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:16.667436 0.169290 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:16.837096 0.182792 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:17.020292 0.044280 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:17.064911 0.152622 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:17.217917 0.037919 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:17.256230 0.087538 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:17.344158 0.250964 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:17.595513 0.160295 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:17.674067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 22:58:17.756263 0.346357 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:18.103041 0.181201 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:18.284596 0.192159 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:18.477135 0.163089 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:18.640651 0.258836 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:18.899901 0.066323 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:18.966565 0.152092 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:19.119026 0.216869 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:19.336287 0.167281 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:19.503965 0.163168 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:19.667529 0.076747 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:19.744690 0.147962 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:19.893062 0.117181 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:20.010650 0.057432 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:20.068511 0.046904 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:20.115815 0.347157 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:20.463381 0.074658 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:20.538569 0.249195 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:20.788166 0.160199 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:20.948771 0.127429 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:21.076595 0.329628 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:21.406654 0.159413 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:21.566483 0.176400 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 22:58:49.680398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:00:44.045197 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 23:00:44.045374 1.278263 tcp 10.0.2.109 58210 -> 70.113.215.93 3558 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/01/18 23:04:53.687145 3.000747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 23:05:00.693513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:05:08.695208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:05:24.698073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:05:56.704564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:12:00.710740 3.181409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 23:12:07.898241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:12:15.899659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:12:31.902433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:13:03.908828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:19:07.914987 3.001052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 23:19:14.922028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:19:22.923408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:19:38.926220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:20:10.932571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:26:14.939664 3.000258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 23:26:21.945772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:26:29.947751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:26:45.950307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:27:17.956763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:28:42.778673 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 23:28:42.778790 0.182653 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:42.961880 0.142251 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:43.104548 0.053387 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:43.158502 0.053189 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:43.212098 0.170363 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:43.382837 0.046196 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:43.429445 0.137376 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:43.567187 0.177705 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:43.745243 0.040025 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:43.785649 0.156407 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:43.942412 0.680002 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:44.622819 0.092032 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:44.715261 0.251346 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:44.966958 0.169381 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:45.136761 0.350368 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:45.487474 0.174691 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:45.662585 0.380153 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:46.043149 0.171192 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:46.214678 0.244336 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:46.459486 0.071494 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:46.531314 0.162732 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:46.694465 0.162563 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:46.857381 0.253818 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:47.111624 0.146695 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:47.258713 0.136909 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:47.396017 0.203791 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:47.600165 0.119331 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:47.719889 0.061291 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:47.781580 0.040156 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:47.822121 0.345213 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:48.167685 0.081853 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:48.249996 0.173901 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:48.424210 0.161099 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:48.585746 0.161303 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:48.747363 0.177464 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:48.925174 0.135024 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:28:49.060542 0.335589 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:30:45.404740 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 23:30:45.404947 2.951885 tcp 10.0.2.109 58211 -> 70.113.215.93 3558 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/01/18 23:33:21.962734 3.001724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/18 23:33:28.969859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:33:36.971706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:33:52.974429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:34:24.980798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:40:28.987261 3.000579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 23:40:35.994040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:40:43.995051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:41:01.330124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:41:33.336205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:47:37.343309 3.000489 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 23:47:44.349808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:47:53.222324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:48:09.225393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:48:41.231457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:54:45.237567 3.001834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/18 23:54:52.244982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:55:00.246773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:55:16.249868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:55:48.255388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/18 23:59:18.568079 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/18 23:59:18.568181 0.181012 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:18.749656 0.145469 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:18.895557 0.048489 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:18.944448 0.052258 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:18.997077 0.167794 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:19.165287 0.042612 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:19.208303 0.138180 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:19.346898 0.178876 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:19.526216 0.039670 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:19.566446 0.154375 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:19.721226 0.252188 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:19.973852 0.053516 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:20.027808 0.092427 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:20.120608 0.180749 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:20.301775 0.192330 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:20.494540 0.158453 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:20.653363 0.369149 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:21.022921 0.164055 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:21.187398 0.176588 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:21.364393 0.066491 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:21.431285 0.323795 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:21.755475 0.162786 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:21.918689 0.143973 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:22.063650 0.189536 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:22.253607 0.119509 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:22.373547 0.061885 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:22.435853 0.040382 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:22.476679 0.162301 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:22.639381 0.144717 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:22.784567 0.333828 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:23.118828 0.082627 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:23.201858 0.172718 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:23.374997 0.160190 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:23.535586 0.162046 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:23.698076 0.172307 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:23.870722 0.134510 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/18 23:59:24.005672 0.347590 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:00:49.438718 0.000203 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 00:00:49.439021 1.321637 tcp 10.0.2.109 58212 -> 70.113.215.93 3558 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/01/19 00:01:52.261324 3.001772 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/19 00:01:59.269217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:02:07.270136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:02:23.273484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:02:55.279677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:08:59.285764 3.002131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 00:09:06.292773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:09:14.294293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:09:30.297280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:10:02.303536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:16:06.310283 3.000670 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 00:16:13.316939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:16:21.318826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:16:37.321076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:17:09.327749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:23:13.333689 3.001217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 00:23:20.340491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:23:28.832815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:23:44.835843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:24:16.842232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:29:29.431907 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 00:29:29.432013 0.181673 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:29.614107 0.142775 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:29.757364 0.054806 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:29.812596 0.052463 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:29.865413 0.169880 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:30.035708 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 00:29:46.127880 0.052019 tcp 10.0.2.109 58213 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 00:29:46.180188 0.052215 tcp 10.0.2.109 58214 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 00:29:46.232702 0.130478 tcp 10.0.2.109 58215 -> 195.113.214.211 443 SRPA* 0 0 62 49293 flow=From-Botnet-V1-TCP-Established 1970/01/19 00:29:46.363680 0.137700 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:46.501723 0.176463 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:46.678543 0.039726 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:46.718625 0.156493 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:46.875513 0.092582 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:46.968504 0.180530 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:47.149404 0.183186 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:47.333101 0.168730 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:47.502360 0.260211 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:47.762964 0.035459 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:47.798844 0.355449 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:48.155523 0.164049 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:48.320006 0.176861 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:48.497287 0.069923 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:48.567614 0.164372 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:48.732334 0.423646 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:49.156382 0.120882 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:49.277707 0.057632 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:49.335731 0.046375 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:49.382534 0.078451 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:49.461390 0.144997 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:49.606830 0.160898 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:49.768155 0.139039 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:49.907601 0.348234 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:50.256187 0.072847 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:50.329487 0.174730 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:50.504561 0.160618 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:50.665566 0.160366 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:50.826501 0.175490 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:51.002392 0.141824 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:29:51.144623 0.367745 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/19 00:30:20.848802 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 00:30:27.855793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:30:35.857623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:30:51.000537 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 00:30:51.000631 1.513659 tcp 10.0.2.109 58216 -> 70.113.215.93 3558 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/01/19 00:30:51.860057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:31:23.976119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:37:27.983052 3.001088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 00:37:34.989339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:37:42.991145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:37:58.993899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:38:30.999927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:44:35.005819 3.001915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 00:44:42.013641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:44:50.015312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:45:06.017964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:45:38.024054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:51:42.030709 3.001033 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 00:51:49.037782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:51:57.039152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:52:13.042397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:52:45.047968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:58:49.054980 3.000488 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 00:58:56.061808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:59:04.063104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:59:20.066357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 00:59:52.072150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:00:08.325578 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 01:00:08.325687 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 01:00:27.184172 0.053787 tcp 10.0.2.109 58217 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:00:27.237739 0.054141 tcp 10.0.2.109 58218 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:00:27.291832 0.151851 tcp 10.0.2.109 58219 -> 195.113.214.211 443 SRPA* 0 0 46 40992 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:00:27.444295 0.052402 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:27.497062 0.142376 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:27.639841 0.179569 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:27.819872 0.053795 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:27.874075 0.170855 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:28.045369 0.134465 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:28.180279 0.175953 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:28.356598 0.041346 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:28.398494 0.151783 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:28.550704 0.081893 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:28.633014 0.168444 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:28.801909 0.254253 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:29.056562 0.060899 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:29.117876 0.174764 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:29.293065 0.183182 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:29.476639 0.341975 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:29.819033 0.165376 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:29.984813 0.175679 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:30.160914 0.067282 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:30.228624 0.164398 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:30.393458 0.056441 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:30.450394 0.040656 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:30.491411 0.127608 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:30.619418 0.148498 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:30.768347 0.161607 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:30.930466 0.145288 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:31.076159 0.270234 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:31.346758 0.178718 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:31.525863 0.315432 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:31.841693 0.074412 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:31.916532 0.173646 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:32.090521 0.160279 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:32.251216 0.159325 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:32.410986 0.177824 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:32.589194 0.127613 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:32.717242 0.330065 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:00:52.519519 1.115089 tcp 10.0.2.109 58220 -> 70.113.215.93 3558 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:05:56.079334 3.010227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/19 01:06:03.095172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:06:11.096677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:06:27.100171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:06:59.105959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:13:03.111959 3.001910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 01:13:10.119344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:13:18.121184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:13:34.123998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:14:06.129802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:20:10.135513 3.002781 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 01:20:17.203868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:20:25.205268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:20:41.208042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:21:13.214078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:27:17.220738 3.001187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 01:27:24.227151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:27:32.229244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:27:48.241703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:28:20.247783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:30:53.659086 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 01:30:53.659188 1.134982 tcp 10.0.2.109 58221 -> 70.113.215.93 3558 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:01.600040 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 01:31:18.285854 0.053058 tcp 10.0.2.109 58222 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:18.339165 0.053168 tcp 10.0.2.109 58223 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:18.392185 0.153252 tcp 10.0.2.109 58224 -> 195.113.214.211 443 SRPA* 0 0 24 14656 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:18.546236 0.053697 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:18.600337 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 01:31:34.778433 0.152712 tcp 10.0.2.109 58225 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:34.931442 0.054838 tcp 10.0.2.109 58226 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:34.986022 0.154446 tcp 10.0.2.109 58227 -> 195.113.214.211 443 SRPA* 0 0 46 29794 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:35.139165 0.052703 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:35.192212 0.141612 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:35.334333 0.137719 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:35.472490 0.184917 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:35.657785 0.044354 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:35.702566 0.156726 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:35.859718 0.083983 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:35.944042 0.189436 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:36.133876 0.257407 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:36.391645 0.181870 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:36.573879 0.363373 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:36.937748 0.164797 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:37.102994 0.035163 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:37.138543 0.177921 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:37.316867 0.179958 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:37.497237 0.066355 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:37.564026 0.161406 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:37.725848 0.060279 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:37.786523 0.040034 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:37.826973 0.086380 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:37.913708 0.147427 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:38.061546 0.157090 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:38.218990 0.162710 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:38.382262 0.346009 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:38.728607 0.080374 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:38.809385 0.138815 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:38.948580 0.000000 udp 10.0.2.109 3683 -> 108.73.78.87 8340 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 01:31:55.918852 0.051545 tcp 10.0.2.109 58228 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:55.970640 0.057934 tcp 10.0.2.109 58229 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:56.028946 0.145612 tcp 10.0.2.109 58230 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/19 01:31:56.174434 0.173528 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:56.348295 0.161988 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:56.510681 0.165310 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:56.676394 0.171442 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:56.848238 0.134719 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:31:56.983336 0.370653 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 01:34:24.254694 3.031257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/19 01:34:31.291760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:34:39.292730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:34:55.295718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:35:27.302332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:41:31.308412 3.001445 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 01:41:38.315617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:41:46.317331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:42:02.320072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:42:34.326445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:48:38.332286 3.001357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 01:48:45.339457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:48:53.340995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:49:09.343939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:49:41.349992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:55:45.356680 3.001404 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 01:55:52.363663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:56:00.365713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:56:16.367834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 01:56:48.373941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:00:54.799132 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 02:00:54.799240 0.976729 tcp 10.0.2.109 58231 -> 70.113.215.93 3558 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/01/19 02:02:25.759664 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 02:02:25.759836 0.179547 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:25.939844 0.170008 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:26.110338 0.255054 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:26.365827 0.051798 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:26.418331 0.140744 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:26.559532 0.137214 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:26.697182 0.178969 udp 10.0.2.109 3683 <-> 98.177.224.252 4874 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:26.876602 0.039956 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:26.917020 0.154987 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:27.072414 0.089580 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:27.162553 0.052378 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:27.215295 0.157973 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:27.373691 0.373369 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:27.747465 0.234249 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:27.982150 0.252022 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:28.234603 0.036099 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:28.271094 0.177703 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:28.449244 0.177611 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:28.627289 0.073977 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:28.701675 0.183447 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:28.885537 0.063254 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:28.949238 0.045064 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:28.994695 0.161051 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:29.156146 0.143660 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:29.300210 0.172069 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:29.472630 0.080379 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:29.553424 0.145240 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:29.699018 0.162440 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:29.861877 0.119397 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:29.981718 0.348204 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:30.330472 0.173650 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:30.504535 0.159722 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:30.664682 0.159627 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:30.824650 0.173952 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:30.999025 0.141701 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:31.141136 0.356546 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:02:52.380303 3.001124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/19 02:02:59.387563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:03:07.388779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:03:23.392025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:03:55.397923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:09:59.404086 3.001639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 02:10:06.411575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:10:14.413137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:10:30.415670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:11:02.421682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:17:06.429087 3.000565 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 02:17:13.435588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:17:21.436978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:17:37.439818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:18:09.445564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:24:13.452195 3.001194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 02:24:20.458986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:24:28.460684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:24:44.464161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:25:16.539741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:30:55.808416 0.000200 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 02:30:55.808721 2.341751 tcp 10.0.2.109 58232 -> 70.113.215.93 3558 FSPA* 0 0 14 1678 flow=From-Botnet-V1-TCP-Established 1970/01/19 02:31:20.546715 3.000904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 02:31:27.553556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:31:35.554515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:31:51.558045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:32:23.563575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:32:53.898037 0.168752 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 02:32:54.067432 0.180714 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:32:54.248513 0.170693 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:32:54.419960 0.208471 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:32:54.628847 0.049524 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:32:54.678827 0.143080 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:32:54.822469 0.137446 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:32:54.960322 0.000000 udp 10.0.2.109 3683 -> 98.177.224.252 4874 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 02:33:10.753395 0.056138 tcp 10.0.2.109 58233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 02:33:10.809801 0.053039 tcp 10.0.2.109 58234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 02:33:10.863127 0.146284 tcp 10.0.2.109 58235 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/19 02:33:11.009967 0.039934 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:11.050353 0.156269 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:11.207017 0.158081 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:11.365526 0.340946 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:11.706874 0.184443 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:11.891714 0.091088 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:11.983164 0.052334 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:12.035939 0.254331 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:12.363166 0.036539 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:12.400043 0.172904 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:12.573359 0.175721 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:12.749487 0.071445 udp 10.0.2.109 3683 <-> 91.6.39.72 5333 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:12.821287 0.163270 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:12.984946 0.061376 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:13.046816 0.041693 udp 10.0.2.109 3683 <-> 87.167.232.74 8279 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:13.088900 0.164649 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:13.253969 0.085390 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:13.339833 0.143195 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:13.483391 0.162464 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:13.646329 0.118560 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:13.765312 0.264663 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:14.030446 0.146538 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:14.177470 0.314678 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:14.492557 0.173407 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:14.666391 0.163132 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:14.829892 0.158499 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:14.988763 0.177544 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:15.166719 0.134856 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:33:15.301983 0.342947 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/19 02:38:27.650569 3.001201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 02:38:34.657484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:38:42.658886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:38:58.661634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:39:31.149024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:45:35.154523 3.001886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 02:45:42.161953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:45:50.163624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:46:06.166431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:46:38.172455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:52:42.179448 3.000655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 02:52:49.186475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:52:57.187865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:53:13.190221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:53:45.196541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 02:59:49.202779 3.001242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 02:59:56.209761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:00:04.211500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:00:20.214825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:00:52.220369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:00:58.460083 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 03:00:58.460170 1.043192 tcp 10.0.2.109 58236 -> 70.113.215.93 3558 FSPA* 0 0 15 1791 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:03:17.700785 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 03:03:17.700878 0.000000 udp 10.0.2.109 3683 -> 98.177.224.252 4874 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 03:03:35.717667 0.055025 tcp 10.0.2.109 58237 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:03:35.773088 0.054117 tcp 10.0.2.109 58238 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:03:35.827507 0.317267 tcp 10.0.2.109 58239 -> 195.113.214.211 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:03:36.145417 0.053292 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:36.199143 0.142087 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:36.341567 0.139323 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:36.481328 0.168842 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:36.650536 0.263864 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:36.914782 0.187916 udp 10.0.2.109 3683 <-> 108.73.78.87 8340 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:37.103127 0.039858 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:37.143395 0.348759 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:37.492601 0.371323 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:37.864331 0.091440 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:37.956189 0.052874 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:38.009494 0.150155 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:38.160079 0.162157 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:38.322639 0.254153 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:38.577152 0.035499 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:38.612976 0.185912 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:38.799230 0.176178 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:38.975815 0.000000 udp 10.0.2.109 3683 -> 91.6.39.72 5333 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 03:03:56.386392 0.051729 tcp 10.0.2.109 58240 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:03:56.438424 0.052300 tcp 10.0.2.109 58241 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:03:56.491030 0.146092 tcp 10.0.2.109 58242 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:03:56.637751 0.163575 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:56.801740 0.057722 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:03:56.859903 0.000000 udp 10.0.2.109 3683 -> 87.167.232.74 8279 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 03:04:14.872654 0.051540 tcp 10.0.2.109 58243 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:04:14.924490 0.054994 tcp 10.0.2.109 58244 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:04:14.979841 0.169974 tcp 10.0.2.109 58245 -> 195.113.214.211 443 SRPA* 0 0 34 18098 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:04:15.149271 0.137166 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:15.286889 0.158915 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:15.446233 0.159506 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:15.606305 0.084409 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:15.691149 0.171386 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:15.862967 0.081246 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:15.944635 0.146875 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:16.091889 0.349764 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:16.442040 0.250460 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:16.692903 0.159126 udp 10.0.2.109 3683 <-> 69.137.67.50 2399 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:16.852364 0.160021 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:17.012734 0.335415 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:17.348550 0.174540 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:04:17.523503 0.134502 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:06:56.225879 3.002345 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/19 03:07:03.233630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:07:11.235460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:07:27.238199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:07:59.244352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:14:03.250136 3.001893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 03:14:10.258067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:14:18.259610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:14:34.262133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:15:06.268625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:21:10.275331 3.000596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 03:21:17.282080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:21:25.283069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:21:41.286433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:22:13.292623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:28:17.299120 3.000757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 03:28:24.306346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:28:32.307576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:28:48.310062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:29:20.317022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:30:59.509213 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 03:30:59.509437 1.259176 tcp 10.0.2.109 58246 -> 70.113.215.93 3558 FSPA* 0 0 14 1693 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:34:18.905825 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 03:34:18.906204 0.000000 udp 10.0.2.109 3683 -> 91.6.39.72 5333 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 03:34:37.864836 0.053082 tcp 10.0.2.109 58247 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:34:37.918238 0.052393 tcp 10.0.2.109 58248 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:34:37.970993 0.153727 tcp 10.0.2.109 58249 -> 195.113.214.211 443 SRPA* 0 0 40 21276 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:34:38.123246 0.000000 udp 10.0.2.109 3683 -> 87.167.232.74 8279 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 03:34:53.806610 0.051963 tcp 10.0.2.109 58250 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:34:53.858909 0.056130 tcp 10.0.2.109 58251 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:34:53.914925 0.146172 tcp 10.0.2.109 58252 -> 195.113.214.211 443 SRPA* 0 0 41 22012 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:34:54.061729 0.170343 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:34:54.232492 0.180369 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:34:54.413220 0.136748 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:34:54.550336 0.143267 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:34:54.693993 0.053667 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:34:54.748100 0.192975 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:34:54.941524 0.044440 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:34:54.986474 0.000000 udp 10.0.2.109 3683 -> 108.73.78.87 8340 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 03:35:11.962883 0.055676 tcp 10.0.2.109 58253 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:35:12.018452 0.053277 tcp 10.0.2.109 58254 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:35:12.072017 0.180364 tcp 10.0.2.109 58255 -> 195.113.214.211 443 SRPA* 0 0 35 27160 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:35:12.253062 0.363146 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:12.616557 0.158171 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:12.775138 0.171426 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:12.946925 0.251995 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:13.199346 0.053019 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:13.252805 0.175216 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:13.428435 0.036906 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:13.465710 0.082335 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:13.548479 0.177359 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:13.726286 0.161431 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:13.888124 0.061625 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:13.950248 0.136749 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:14.087390 0.159205 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:14.246969 0.140863 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:14.388237 0.120075 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:14.508753 0.165238 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:14.674431 0.080306 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:14.755151 0.173552 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:14.929127 0.000000 udp 10.0.2.109 3683 -> 69.137.67.50 2399 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 03:35:24.322943 3.001001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/19 03:35:30.299055 0.053287 tcp 10.0.2.109 58256 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:35:30.352620 0.051643 tcp 10.0.2.109 58257 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:35:30.404554 0.149388 tcp 10.0.2.109 58258 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/19 03:35:30.554565 0.149310 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:30.704294 0.352118 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:31.056854 0.176797 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:31.234075 0.134697 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:31.329872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:35:31.369194 0.160166 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:31.529780 0.335503 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/19 03:35:39.331091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:35:55.334134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:36:27.340096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:42:31.347117 3.000659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 03:42:38.353915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:42:46.685791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:43:02.688910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:43:34.694891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:49:38.702569 3.000200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 03:49:45.708091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:49:53.709716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:50:09.713005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:50:41.718697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:56:45.725170 3.001128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 03:56:52.731869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:57:00.733872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:57:16.736858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 03:57:48.742618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:01:00.969665 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 04:01:00.969783 1.001896 tcp 10.0.2.109 58259 -> 70.113.215.93 3558 FSPA* 0 0 14 1627 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:03:52.859306 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 04:03:59.866395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:04:07.868202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:04:23.870812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:04:55.876964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:05:52.728702 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 04:05:52.728790 0.000000 udp 10.0.2.109 3683 -> 108.73.78.87 8340 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 04:06:10.406448 0.054157 tcp 10.0.2.109 58260 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:06:10.460411 0.052968 tcp 10.0.2.109 58261 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:06:10.513726 0.322007 tcp 10.0.2.109 58262 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:06:10.836239 0.000000 udp 10.0.2.109 3683 -> 69.137.67.50 2399 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 04:06:27.078420 0.052821 tcp 10.0.2.109 58263 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:06:27.131091 0.054049 tcp 10.0.2.109 58264 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:06:27.185040 0.147289 tcp 10.0.2.109 58265 -> 195.113.214.211 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:06:27.331136 0.143188 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:27.474752 0.064992 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:27.540150 0.184261 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:27.724819 0.169727 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:27.894981 0.138158 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:28.040790 0.180024 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:28.221234 0.039870 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:28.261493 0.363617 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:28.625531 0.164144 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:28.790062 0.155284 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:28.945748 0.172826 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:29.118978 0.252779 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:29.372186 0.090598 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:29.463174 0.178126 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:29.641728 0.158805 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:29.800931 0.061667 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:29.863025 0.035188 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:29.898640 0.051634 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:29.950698 0.164111 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:30.115201 0.163062 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:30.278599 0.077808 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:30.356814 0.162785 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:30.520059 0.083521 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:30.603951 0.174041 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:30.778636 0.144291 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:30.923337 0.147443 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:31.071364 0.134829 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:31.206632 0.161841 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:31.368889 0.333162 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:31.702480 0.332042 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:06:32.035013 0.172595 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:10:59.882904 3.001802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/19 04:11:06.890178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:11:14.891605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:11:31.345460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:12:03.351155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:18:07.357898 3.001242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 04:18:14.365195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:18:22.366613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:18:38.369085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:19:10.375523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:25:14.381574 3.001675 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 04:25:21.388783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:25:29.390481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:25:45.393435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:26:17.399764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:31:02.199626 0.000183 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 04:31:02.199915 1.201099 tcp 10.0.2.109 58266 -> 70.113.215.93 3558 FSPA* 0 0 14 1703 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:32:21.406228 3.000831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 04:32:28.412835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:32:36.414467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:32:52.417582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:33:24.423619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:36:40.556055 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 04:36:40.556293 0.191401 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:36:40.748136 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 04:36:58.753506 0.052862 tcp 10.0.2.109 58267 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:36:58.806615 0.056214 tcp 10.0.2.109 58268 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:36:58.863116 0.148130 tcp 10.0.2.109 58269 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/01/19 04:36:59.011737 0.138303 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:36:59.150418 0.144939 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:36:59.295762 0.051535 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:36:59.347695 0.234869 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:36:59.582976 0.044340 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:36:59.627660 0.347214 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:36:59.975280 0.170602 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:00.146322 0.153937 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:00.300614 0.172119 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:00.473137 0.254566 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:00.728130 0.093031 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:00.821585 0.177033 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:00.998983 0.159353 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:01.158736 0.061341 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:01.220481 0.036272 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:01.257142 0.052504 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:01.310040 0.159330 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:01.469745 0.167009 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:01.637147 0.211165 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:01.848691 0.164081 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:02.013197 0.086035 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:02.099582 0.173693 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:02.273624 0.132597 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:02.406690 0.162469 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:02.569550 0.329827 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:02.899816 0.349470 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:03.249734 0.147142 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:03.397294 0.134976 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:37:03.532632 0.176095 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/19 04:39:28.429422 3.392514 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 04:39:35.827125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:39:43.828665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:39:59.831702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:40:31.887837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:46:35.894456 3.001581 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 04:46:42.901206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:46:50.902957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:47:06.906231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:47:38.911824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:53:42.918909 3.001000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 04:53:49.925458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:53:57.927125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:54:13.929786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 04:54:45.936195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:00:49.942721 3.001154 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 05:00:56.949493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:01:03.609492 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 05:01:03.609584 1.155482 tcp 10.0.2.109 58270 -> 70.113.215.93 3558 FSPA* 0 0 14 1671 flow=From-Botnet-V1-TCP-Established 1970/01/19 05:01:04.950831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:01:20.953683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:01:52.959533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:07:10.256430 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 05:07:10.256604 0.168347 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:10.425346 0.185434 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:10.611183 0.136364 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:10.747965 0.144455 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:10.892779 0.051115 rtcp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:10.944303 0.181909 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:11.126615 0.040169 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:11.167170 0.157860 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:11.325428 0.173440 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:11.499352 0.257084 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:11.756831 0.092900 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:11.850284 0.365832 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:12.216524 0.163862 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:12.380776 0.176849 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:12.557981 0.160361 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:12.718767 0.060512 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:12.779666 0.035944 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:12.816076 0.052308 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:12.868745 0.162855 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:13.031953 0.180165 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:13.212539 0.076085 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:13.288957 0.172303 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:13.461596 0.138229 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:13.600234 0.161059 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:13.761748 0.165301 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:13.927468 0.085990 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:14.013871 0.364372 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:14.378645 0.350576 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:14.729627 0.150580 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:15.043185 0.134758 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:15.178381 0.175368 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:07:56.966238 3.001538 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 05:08:03.973636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:08:11.974751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:08:27.978314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:08:59.984121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:15:03.989786 3.011991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 05:15:11.007254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:15:19.008783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:15:35.011871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:16:07.017477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:22:11.024939 3.000766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 05:22:18.031186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:22:26.032866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:22:42.035718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:23:14.042039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:29:18.047817 3.001424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 05:29:25.055374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:29:33.056957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:29:49.059953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:30:21.066203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:31:04.768875 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 05:31:04.768976 1.108633 tcp 10.0.2.109 58271 -> 70.113.215.93 3558 FSPA* 0 0 14 1531 flow=From-Botnet-V1-TCP-Established 1970/01/19 05:36:25.072245 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 05:36:32.079158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:36:40.080575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:36:56.083501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:37:28.089572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:37:28.961347 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 05:37:28.961438 0.138281 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:29.100078 0.142947 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:29.243461 0.054968 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:29.298839 0.168243 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:29.467507 0.251295 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:29.740091 0.180954 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:29.921428 0.040165 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:29.962007 0.158610 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:30.121052 0.180854 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:30.302474 0.251257 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:30.554107 0.089631 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:30.644149 0.370602 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:31.015193 0.176717 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:31.192343 0.223337 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:31.416101 0.160082 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:31.576538 0.059851 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:31.636794 0.035698 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:31.672841 0.053556 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:31.726826 0.165266 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:31.892472 0.194586 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:32.087475 0.220293 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:32.308149 0.176156 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:32.484731 0.139440 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:32.624563 0.160276 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:32.785271 0.172674 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:32.958481 0.078564 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:33.037466 0.149227 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:33.187042 0.351058 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:33.538455 0.420070 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:33.958922 0.128198 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:37:34.087521 0.176156 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/19 05:43:32.096139 3.001147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 05:43:39.103168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:43:47.104755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:44:03.107679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:44:35.113684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:50:39.120192 3.001292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 05:50:46.127146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:50:54.128588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:51:10.131962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:51:42.137536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:57:46.143885 3.001757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 05:57:53.150729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:58:01.152267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:58:17.155797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 05:58:49.161792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:01:05.878416 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 06:01:05.878517 0.976922 tcp 10.0.2.109 58272 -> 70.113.215.93 3558 FSPA* 0 0 14 1582 flow=From-Botnet-V1-TCP-Established 1970/01/19 06:04:53.168135 3.001130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 06:05:00.174999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:05:08.176441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:05:24.179329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:05:56.185421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:07:59.463354 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 06:07:59.463457 0.136416 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:07:59.600285 0.143626 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:07:59.744253 0.052903 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:07:59.797565 0.169156 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:07:59.967135 0.182144 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:00.149712 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 06:08:17.751091 0.056243 tcp 10.0.2.109 58273 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 06:08:17.807174 0.054346 tcp 10.0.2.109 58274 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 06:08:17.861793 0.135136 tcp 10.0.2.109 58275 -> 195.113.214.211 443 SRPA* 0 0 63 42057 flow=From-Botnet-V1-TCP-Established 1970/01/19 06:08:17.997410 0.039886 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:18.037690 0.253172 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:18.291224 0.092144 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:18.383742 0.358784 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:18.742941 0.153682 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:18.897114 0.186515 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:19.084033 0.160673 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:19.245136 0.180138 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:19.425662 0.161161 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:19.587272 0.061954 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:19.649652 0.035587 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:19.685645 0.052883 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:19.738916 0.167385 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:19.906721 0.000000 udp 10.0.2.109 3683 -> 69.77.153.151 9344 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 06:08:35.385074 0.051891 tcp 10.0.2.109 58276 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 06:08:35.436796 0.052670 tcp 10.0.2.109 58277 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 06:08:35.489774 0.148513 tcp 10.0.2.109 58278 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/19 06:08:35.638078 0.197709 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:35.836154 0.173444 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:36.010026 0.137944 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:36.148371 0.162048 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:36.310837 0.174906 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:36.486327 0.074944 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:36.561640 0.330853 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:36.892866 0.135134 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:37.028372 0.148862 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:37.177661 0.329710 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:08:37.507819 0.176548 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:12:00.191650 3.001242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/19 06:12:07.199252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:12:15.200650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:12:31.203499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:13:03.209688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:19:07.215971 3.001035 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 06:19:14.223258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:19:22.224143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:19:38.227594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:20:10.454173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:26:14.460062 3.001490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 06:26:21.467378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:26:29.469160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:26:45.471832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:27:17.477834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:31:06.957965 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 06:31:06.958134 1.061566 tcp 10.0.2.109 58279 -> 70.113.215.93 3558 FSPA* 0 0 14 1576 flow=From-Botnet-V1-TCP-Established 1970/01/19 06:33:21.484304 3.001416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 06:33:28.491520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:33:36.492718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:33:52.496066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:34:24.501450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:38:39.148099 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 06:38:39.148200 0.194368 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:39.343032 0.170491 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:39.513933 0.134474 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:39.648837 0.052963 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:39.702363 0.144263 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:39.847050 0.169115 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:40.016558 0.189112 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:40.206277 0.044217 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:40.250900 0.092244 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:40.343586 0.253269 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:40.597270 0.157434 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:40.755106 0.340656 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:41.096198 0.180382 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:41.276978 0.156901 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:41.434329 0.063694 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:41.498696 0.035436 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:41.534486 0.053625 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:41.588519 0.163087 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:41.751985 0.182854 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:41.935265 0.182065 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:42.117757 0.162032 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:42.280190 0.172718 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:42.453257 0.131999 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:42.585667 0.160882 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:42.746926 0.164643 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:42.911974 0.074125 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:42.986495 0.380620 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:43.367508 0.128452 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:43.496333 0.175695 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:43.672404 0.148516 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:38:43.821346 0.329715 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/19 06:40:28.507638 3.001737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 06:40:35.515529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:40:43.516566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:40:59.519356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:41:31.525778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:47:35.531606 3.001537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 06:47:42.538812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:47:50.541002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:48:06.543573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:48:38.549988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:54:42.556097 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 06:54:49.563122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:54:57.564886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:55:13.567714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 06:55:45.573331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:01:08.027526 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 07:01:08.027629 1.060019 tcp 10.0.2.109 58280 -> 70.113.215.93 3558 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/01/19 07:01:49.580524 3.000942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 07:01:56.587434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:02:04.588835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:02:20.591258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:02:52.597480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:08:56.604080 3.001210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 07:09:03.611130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:09:11.612892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:09:14.066637 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 07:09:14.066883 0.181334 rtcp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:14.248569 0.117316 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:14.366252 0.137882 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:14.504543 0.053096 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:14.558071 0.142406 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:14.751339 0.171555 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:14.923283 0.089166 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:15.012859 0.252627 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:15.265879 0.154124 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:15.420390 0.181381 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:15.602105 0.044287 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:15.646796 0.373494 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:16.020673 0.181250 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:16.202282 0.159595 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:16.362456 0.058794 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:16.421567 0.035385 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:16.457420 0.051354 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:16.509137 0.161117 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:16.670623 0.177179 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:16.848211 0.165152 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:17.013713 0.249432 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:17.263567 0.255832 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:17.519817 0.134933 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:17.655155 0.159239 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:17.814795 0.172532 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:17.987754 0.078829 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:18.066941 0.179810 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:18.247106 0.147113 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:18.394632 0.320669 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:18.715693 0.134874 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:18.850960 0.350131 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:09:27.615523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:09:59.621841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:16:03.627434 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 07:16:10.635313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:16:18.636284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:16:34.639415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:17:06.645635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:23:10.651910 3.001145 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 07:23:17.658913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:23:25.660611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:23:41.663711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:24:13.669730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:30:17.676053 3.001417 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 07:30:24.683016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:30:32.684169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:30:48.687222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:31:09.087242 0.132222 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 07:31:09.219523 1.081031 tcp 10.0.2.109 58281 -> 70.113.215.93 3558 FSPA* 0 0 14 1497 flow=From-Botnet-V1-TCP-Established 1970/01/19 07:31:20.763743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:37:24.769248 3.001636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 07:37:31.776666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:37:39.778529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:37:55.781746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:38:27.787771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:39:38.739563 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 07:39:38.739672 0.180184 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:38.920253 0.119060 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:39.039816 0.132706 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:39.172887 0.053969 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:39.227267 0.143862 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:39.371540 0.172273 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:39.544214 0.083954 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:39.628594 0.203852 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:39.832825 0.044359 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:39.877620 0.360017 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:40.238060 0.251719 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:40.490200 0.155169 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:40.699647 0.182948 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:40.883023 0.159611 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:41.043040 0.136055 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:41.179506 0.034353 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:41.214391 0.052852 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:41.267690 0.398394 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:41.666520 0.179690 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:41.846627 0.173070 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:42.020108 0.078973 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:42.099485 0.173442 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:42.273347 0.137183 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:42.410915 0.160086 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:42.571389 0.173554 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:42.745365 0.080686 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:42.826402 0.314042 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:43.140847 0.127946 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:43.269637 0.177583 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:43.447608 0.145876 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:39:43.593844 0.344686 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/19 07:44:31.794405 3.001032 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 07:44:38.801078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:44:46.802142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:45:02.805500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:45:34.811481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:51:38.817090 3.001874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 07:51:45.824577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:51:53.826564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:52:09.829260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:52:41.835793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:58:45.840529 3.002625 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 07:58:52.849046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:59:00.850159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:59:16.853303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 07:59:48.859378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:01:10.307309 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 08:01:10.307414 1.076449 tcp 10.0.2.109 58282 -> 70.113.215.93 3558 FSPA* 0 0 14 1558 flow=From-Botnet-V1-TCP-Established 1970/01/19 08:05:52.865761 3.001762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 08:05:59.872513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:06:08.014629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:06:24.017558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:06:56.224143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:09:45.187495 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 08:09:45.187597 0.180869 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:45.368944 0.169915 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:45.539290 0.138386 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:45.678294 0.056150 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:45.734839 0.317281 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:46.052523 0.169721 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:46.222652 0.090265 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:46.313340 0.231317 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:46.545094 0.044155 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:46.589645 0.155822 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:46.745849 0.175805 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:46.922034 0.174314 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:47.096721 0.330434 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:47.427500 0.252414 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:47.680247 0.060555 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:47.741205 0.035322 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:47.776940 0.051656 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:47.829086 0.160583 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:47.990027 0.177943 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:48.168396 0.162322 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:48.331132 0.180170 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:48.511799 0.173853 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:48.686079 0.153650 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:48.840090 0.160568 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:49.001080 0.163856 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:49.165347 0.077499 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:49.243259 0.175891 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:49.419565 0.146138 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:49.566057 0.344975 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:49.911468 0.370208 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:09:50.282038 0.127954 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:13:00.230429 3.001384 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 08:13:07.236999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:13:15.238736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:13:31.241977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:14:03.248185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:20:07.254688 3.000706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 08:20:14.261673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:20:22.263168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:20:38.265904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:21:10.271670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:27:14.949231 3.051340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 08:27:22.006117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:27:30.007644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:27:46.010593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:28:18.016567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:31:11.887688 0.000583 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 08:31:11.888374 1.297239 tcp 10.0.2.109 58283 -> 70.113.215.93 3558 FSPA* 0 0 14 1704 flow=From-Botnet-V1-TCP-Established 1970/01/19 08:34:22.023539 3.001055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 08:34:29.029993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:34:37.031838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:34:53.034719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:35:25.040999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:39:55.790209 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 08:39:55.790323 0.131460 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:55.922219 0.052648 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:55.975267 0.204595 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:56.180213 0.152326 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:56.332956 0.143291 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:56.476648 0.190398 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:56.667518 0.089328 rtcp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:56.757243 0.221385 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:56.979029 0.048964 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:57.028388 0.156487 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:57.185261 0.174452 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:57.360084 0.161502 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:39:57.522025 0.000000 udp 10.0.2.109 3683 -> 223.17.68.245 8575 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 08:40:15.900748 0.058043 tcp 10.0.2.109 58284 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 08:40:15.958579 0.054760 tcp 10.0.2.109 58285 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 08:40:16.013653 0.138437 tcp 10.0.2.109 58286 -> 195.113.214.211 443 SRPA* 0 0 77 80163 flow=From-Botnet-V1-TCP-Established 1970/01/19 08:40:16.152582 0.253601 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:16.406595 0.060182 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:16.467186 0.036173 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:16.503774 0.177866 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:16.682026 0.160357 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:16.842767 0.119156 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:16.962473 0.172796 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:17.135697 0.052613 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:17.188800 0.187315 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:17.376505 0.146112 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:17.523038 0.184306 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:17.707748 0.162439 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:17.870606 0.080532 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:17.951529 0.176555 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:18.128506 0.211572 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:18.340483 0.142047 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:18.482947 0.366888 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:40:18.850266 0.316946 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/19 08:41:29.046753 3.001961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 08:41:36.054208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:41:44.826991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:42:00.829738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:42:32.835979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:48:36.841195 3.002663 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 08:48:43.849313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:48:51.850448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:49:07.853892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:49:39.860132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:55:43.866750 3.000974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 08:55:50.873511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:55:58.874410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:56:14.878031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 08:56:46.883503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:01:13.577695 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 09:01:13.577982 1.028781 tcp 10.0.2.109 58287 -> 70.113.215.93 3558 FSPA* 0 0 12 1625 flow=From-Botnet-V1-TCP-Established 1970/01/19 09:02:50.890229 3.001475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 09:02:57.896882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:03:05.898912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:03:21.901944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:03:53.908080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:09:57.914454 3.000915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 09:10:04.921490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:10:12.922885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:10:28.925972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:10:30.758512 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 09:10:30.758699 0.365667 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:31.124823 0.138058 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:31.263298 0.055898 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:31.319550 0.126929 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:31.902869 0.141874 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:32.045077 0.172980 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:32.218513 0.179747 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:32.398634 0.189204 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:32.588204 0.040059 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:32.628708 0.080913 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:32.709988 0.183113 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:32.893501 0.154621 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:33.048565 0.158450 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:33.207430 0.260211 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:33.468002 0.063321 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:33.531727 0.038473 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:33.570600 0.178310 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:33.749304 0.169903 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:33.919602 0.077919 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:33.997933 0.173818 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:34.172145 0.052262 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:34.224837 0.163516 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:34.388739 0.142654 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:34.531786 0.161712 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:34.693944 0.173514 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:34.867819 0.078634 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:34.946822 0.127948 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:35.075196 0.359880 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:35.435456 0.178280 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:35.614150 0.146696 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:10:35.761273 0.360972 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:11:00.931838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:17:04.938576 3.000891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 09:17:11.944952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:17:19.946550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:17:35.949492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:18:07.955818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:24:11.961485 3.001699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 09:24:18.968962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:24:26.970810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:24:42.973662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:25:14.979463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:31:14.607341 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 09:31:14.607430 1.092050 tcp 10.0.2.109 58288 -> 70.113.215.93 3558 FSPA* 0 0 14 1674 flow=From-Botnet-V1-TCP-Established 1970/01/19 09:31:18.985829 3.001452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 09:31:25.993449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:31:33.994940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:31:49.997453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:32:22.003925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:38:26.009561 3.071847 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 09:38:33.086796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:38:41.088737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:38:57.091649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:39:29.097648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:40:47.621218 0.000161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 09:40:47.621476 0.052265 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:47.674129 0.121596 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:47.796143 0.144268 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:47.940792 0.340983 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:48.282321 0.135172 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:48.417936 0.194692 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:48.613019 0.226932 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:48.840345 0.188047 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:49.028831 0.044473 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:49.073665 0.089473 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:49.163573 0.178526 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:49.342478 0.154772 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:49.497649 0.726539 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:50.224525 0.253761 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:50.478624 0.069891 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:50.548916 0.036555 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:50.585907 0.207904 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:50.794287 0.170627 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:50.965319 0.194932 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:51.160715 0.174361 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:51.335448 0.053388 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:51.389231 0.163964 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:51.553587 0.141062 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:51.695066 0.182189 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:51.877640 0.170936 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:52.048986 0.074215 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:52.123618 0.175091 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:52.299142 0.148496 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:52.448060 0.135893 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:52.631363 0.394269 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:40:53.025998 0.364058 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/19 09:45:33.103297 3.002320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 09:45:40.111348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:45:48.112556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:46:04.115626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:46:36.121327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:52:40.127712 3.001611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 09:52:47.135044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:52:55.136736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:53:11.139567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:53:43.145293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 09:59:47.151716 3.001279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 09:59:54.159070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:00:02.160237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:00:18.163939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:00:50.169463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:01:15.736435 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 10:01:15.736530 0.979104 tcp 10.0.2.109 58289 -> 70.113.215.93 3558 FSPA* 0 0 12 1540 flow=From-Botnet-V1-TCP-Established 1970/01/19 10:06:54.176599 3.000517 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 10:07:01.182867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:07:09.184177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:07:25.187442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:07:57.193389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:11:01.949655 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 10:11:01.949756 0.142683 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:02.092877 0.055603 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:02.148896 0.123340 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:02.272661 0.432775 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:02.705863 0.137201 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:02.843488 0.183285 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:03.027203 0.179717 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:03.207270 0.197723 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:03.405432 0.040007 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:03.445901 0.155682 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:03.601941 0.083588 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:03.685917 0.182080 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:03.868405 0.167153 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:04.035916 0.257434 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:04.293781 0.060608 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:04.354800 0.043505 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:04.398673 0.187417 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:04.586520 0.165996 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:04.753037 0.079656 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:04.833468 0.248529 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:05.082516 0.051435 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:05.134372 0.160870 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:05.295686 0.144854 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:05.440942 0.177672 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:05.618995 0.164184 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:05.783574 0.146091 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:05.930074 0.141944 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:06.072410 0.403115 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:06.491284 0.078418 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:11:06.570208 0.000000 rtcp 10.0.2.109 3683 -> 99.181.8.171 9687 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 10:11:21.589297 0.055437 tcp 10.0.2.109 58290 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 10:11:21.645066 0.055372 tcp 10.0.2.109 58291 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 10:11:21.700744 0.136599 tcp 10.0.2.109 58292 -> 195.113.214.211 443 SRPA* 0 0 33 24759 flow=From-Botnet-V1-TCP-Established 1970/01/19 10:11:21.837933 0.350933 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:14:01.230616 3.000624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 10:14:08.237299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:14:16.238197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:14:32.241845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:15:04.247744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:21:08.254504 3.000742 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 10:21:15.261173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:21:23.262752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:21:39.265711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:22:11.592511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:28:15.598637 3.001318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 10:28:22.605057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:28:30.607215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:28:46.610047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:29:18.615966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:31:16.906394 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 10:31:16.906495 1.528622 tcp 10.0.2.109 58293 -> 70.113.215.93 3558 FSPA* 0 0 14 1519 flow=From-Botnet-V1-TCP-Established 1970/01/19 10:35:22.623043 3.000569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 10:35:29.629544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:35:37.630648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:35:53.634322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:36:25.639817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:41:36.978367 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 10:41:36.978525 0.177513 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:37.156449 0.142843 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:37.299634 0.365005 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:37.665025 0.137465 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:37.802926 0.168447 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:37.971789 0.048040 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:38.020229 0.118423 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:38.139057 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 10:41:53.763794 0.057359 tcp 10.0.2.109 58294 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/19 10:41:53.821542 0.052035 tcp 10.0.2.109 58295 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/19 10:41:53.873816 0.149297 tcp 10.0.2.109 58296 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/19 10:41:54.023662 0.150159 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:54.174398 0.239803 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:54.414626 0.197502 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:54.612522 0.180287 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:54.793220 0.157918 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:54.951537 0.085876 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:55.037813 0.035214 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:55.073377 0.175038 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:55.248842 0.156657 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:55.405899 0.346287 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:55.752603 0.174063 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:55.927083 0.060078 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:55.987606 0.253425 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:56.241416 0.163541 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:56.405386 0.152173 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:56.557959 0.173406 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:56.731766 0.165341 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:56.897470 0.147966 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:57.047170 0.135205 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:57.182805 0.052903 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:57.236105 0.076099 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:57.312609 0.373508 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:41:57.686533 0.396539 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/19 10:42:29.646214 3.001524 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 10:42:36.653172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:42:44.655043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:43:00.657711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:43:32.663970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:49:36.669811 3.001637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 10:49:43.707585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:49:51.709246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:50:07.711800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:50:39.718091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:56:43.724788 3.000443 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 10:56:50.731522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:56:58.732453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:57:14.735590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 10:57:46.741809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:01:18.436747 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 11:01:18.436826 1.166331 tcp 10.0.2.109 58297 -> 70.113.215.93 3558 FSPA* 0 0 12 1397 flow=From-Botnet-V1-TCP-Established 1970/01/19 11:03:50.748352 3.001215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 11:03:57.755712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:04:05.756683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:04:21.759977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:04:53.766015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:10:57.772490 3.001143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 11:11:04.779279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:11:12.782038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:11:28.783767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:11:59.628097 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 11:11:59.628340 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 11:12:00.790027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:12:16.084677 0.054626 tcp 10.0.2.109 58298 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 11:12:16.139225 0.056658 tcp 10.0.2.109 58299 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 11:12:16.195388 0.154354 tcp 10.0.2.109 58300 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/19 11:12:16.349511 0.358666 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:16.708607 0.135067 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:16.844083 0.186612 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:17.031036 0.053080 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:17.084512 0.179772 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:17.264716 0.144243 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:17.409306 0.186157 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:17.595854 0.202885 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:17.799144 0.176413 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:17.975958 0.219427 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:18.195788 0.088129 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:18.284346 0.035671 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:18.320430 0.155124 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:18.475969 0.197541 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:18.673936 0.194534 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:18.868889 0.160044 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:19.029334 0.081609 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:19.111368 0.249182 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:19.360940 0.057266 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:19.418686 0.256138 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:19.675845 0.182833 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:19.859074 0.137443 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:19.996876 0.179644 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:20.176945 0.164502 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:20.341891 0.146436 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:20.488742 0.077256 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:20.566460 0.393563 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:20.960436 0.383207 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:21.344067 0.134945 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:12:21.479409 0.052668 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:18:04.796262 3.001008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 11:18:11.803435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:18:19.805076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:18:35.807821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:19:07.814062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:25:11.819552 3.001993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 11:25:19.668156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:25:27.669770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:25:43.673162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:26:15.679151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:31:20.006630 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 11:31:20.006727 1.169983 tcp 10.0.2.109 58301 -> 70.113.215.93 3558 FSPA* 0 0 14 1611 flow=From-Botnet-V1-TCP-Established 1970/01/19 11:32:19.684712 3.002378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 11:32:26.691999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:32:34.694178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:32:50.697111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:33:23.103798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:39:38.115973 3.001320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 11:39:45.122397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:39:53.123886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:40:09.127490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:40:41.133370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:42:42.518474 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 11:42:42.518575 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 11:42:57.682130 0.053174 tcp 10.0.2.109 58302 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 11:42:57.735628 0.053494 tcp 10.0.2.109 58303 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 11:42:57.789766 0.157606 tcp 10.0.2.109 58304 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/19 11:42:57.947891 0.056841 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:58.005075 0.346047 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:58.351481 0.137016 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:58.489004 0.177009 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:58.666387 0.141441 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:58.808229 0.160331 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:58.969030 0.186257 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:59.155696 0.187720 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:59.343825 0.158860 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:59.503045 0.088051 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:59.591511 0.035431 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:59.627360 0.150214 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:59.777989 0.182283 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:42:59.960684 0.177858 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:00.138943 0.164541 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:00.303838 0.062559 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:00.366819 0.254578 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:00.621749 0.159839 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:00.781967 0.137242 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:00.919614 0.106768 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:01.026727 0.172231 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:01.199311 0.161147 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:01.360896 0.164720 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:01.526024 0.148707 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:01.675160 0.076535 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:01.752092 0.398154 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:02.150675 0.051235 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:02.202444 0.389816 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:43:02.592688 0.128028 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 11:47:03.145255 3.001483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 11:47:10.152228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:47:18.154225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:47:34.157351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:48:06.163481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:54:10.169660 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 11:54:17.177019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:54:25.178247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:54:41.181513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 11:55:13.186774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:01:17.193416 3.001069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 12:01:21.366977 0.000174 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 12:01:21.367278 0.995564 tcp 10.0.2.109 58305 -> 70.113.215.93 3558 FSPA* 0 0 12 1607 flow=From-Botnet-V1-TCP-Established 1970/01/19 12:01:24.200358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:01:32.202226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:01:48.205266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:02:20.210708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:08:24.216416 3.002114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 12:08:31.224613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:08:39.596595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:08:55.599219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:09:27.605951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:13:32.838297 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 12:13:32.838455 0.167999 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:33.006880 0.135537 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:33.142822 0.170748 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:33.313989 0.141989 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:33.456326 0.048518 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:33.505251 0.362197 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:33.867876 0.161160 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:34.029485 0.184267 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:34.214105 0.174729 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:34.389262 0.159356 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:34.549031 0.093756 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:34.643185 0.034467 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:34.678025 0.155380 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:34.833815 0.180124 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:35.014359 0.177300 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:35.192065 0.170176 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:35.362654 0.058053 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:35.421155 0.251039 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:35.672568 0.159906 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:35.832838 0.133343 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:35.966615 0.076247 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:36.043279 0.173140 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:36.216790 0.164944 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:36.382151 0.162045 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:36.544584 0.145642 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:36.690645 0.076262 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:36.767320 0.346418 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:37.114079 0.134940 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:37.249468 0.394601 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:13:37.644427 0.051553 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:15:31.611214 3.002257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 12:15:38.619222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:15:46.620698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:16:02.623351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:16:34.629718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:22:38.636187 3.000761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 12:22:45.642989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:22:53.644801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:23:09.647567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:23:41.653764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:29:45.740150 3.061375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 12:29:52.807471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:30:00.808744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:30:16.811764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:30:48.817849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:31:22.596496 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 12:31:22.596691 1.170477 tcp 10.0.2.109 58306 -> 70.113.215.93 3558 FSPA* 0 0 12 1452 flow=From-Botnet-V1-TCP-Established 1970/01/19 12:36:52.823972 3.001271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 12:36:59.831252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:37:07.832208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:37:23.835570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:37:55.841698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:43:39.896381 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 12:43:39.896540 0.168929 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:40.065869 0.139891 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:40.206313 0.051156 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:40.257876 0.360755 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:40.619057 0.119777 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:40.739253 0.138489 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:40.878319 0.176499 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:41.055217 0.184287 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:41.239868 0.175016 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:41.415270 0.162158 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:41.577766 0.087295 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:41.665458 0.035213 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:41.701099 0.158215 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:41.859697 0.183143 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:42.043274 0.182979 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:42.226678 0.245359 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:42.472408 0.058108 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:42.530914 0.253053 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:42.784403 0.160557 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:42.945370 0.144363 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:43.090197 0.078561 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:43:43.169149 0.000000 udp 10.0.2.109 3683 -> 108.245.201.41 9676 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 12:43:59.848177 3.001250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 12:44:00.057708 0.054093 tcp 10.0.2.109 58307 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 12:44:00.112086 0.053507 tcp 10.0.2.109 58308 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 12:44:00.165442 0.152411 tcp 10.0.2.109 58309 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/19 12:44:00.317308 0.160622 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:44:00.478393 0.161588 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:44:00.640338 0.149466 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:44:00.790211 0.075397 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:44:00.866014 0.402542 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:44:01.268954 0.052481 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:44:01.321827 0.345607 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:44:01.667906 0.135112 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 12:44:06.855227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:44:14.856381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:44:30.859731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:45:02.865788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:51:06.871968 3.001593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 12:51:13.879011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:51:21.880662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:51:37.883695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:52:09.889810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:58:13.896059 3.001359 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 12:58:20.903114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:58:28.904422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:58:44.907799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 12:59:16.913554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:01:23.766396 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 13:01:23.766505 1.068371 tcp 10.0.2.109 58310 -> 70.113.215.93 3558 FSPA* 0 0 14 1726 flow=From-Botnet-V1-TCP-Established 1970/01/19 13:05:20.920252 3.001593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 13:05:27.926748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:05:35.928098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:05:51.931764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:06:23.937694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:12:27.943766 3.001276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 13:12:34.951005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:12:42.982238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:12:58.985432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:13:30.991158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:14:27.142376 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 13:14:27.142476 0.171022 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:27.313934 0.168775 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:27.483143 0.050352 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:27.533899 0.374006 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:27.908312 0.119534 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:28.127139 0.140171 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:28.267797 0.175975 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:28.444183 0.142134 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:28.586696 0.176045 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:28.763133 0.196285 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:28.959800 0.035608 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:28.995847 0.156560 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:29.152802 0.191738 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:29.344938 0.083610 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:29.428957 0.159773 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:29.589136 0.061537 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:29.651069 0.254666 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:29.906181 0.161173 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:30.067744 0.136689 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:30.204861 0.155137 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:30.360404 0.190050 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:30.550861 0.082130 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:30.633432 0.171892 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:30.805765 0.165357 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:30.971561 0.147049 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:31.118944 0.075339 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:31.194685 0.314250 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:31.509374 0.135550 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:31.645390 0.398129 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:14:32.043915 0.052536 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:19:34.997726 3.001481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 13:19:42.005271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:19:50.006569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:20:06.009870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:20:38.015558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:26:42.022327 3.000856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 13:26:49.029132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:26:57.030251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:27:13.033250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:27:45.039252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:31:24.835741 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 13:31:24.835843 0.936033 tcp 10.0.2.109 58311 -> 70.113.215.93 3558 FSPA* 0 0 12 1464 flow=From-Botnet-V1-TCP-Established 1970/01/19 13:33:49.045969 3.001088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 13:33:56.052868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:34:04.054058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:34:20.057523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:34:52.063190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:40:56.069152 3.001608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 13:41:03.206624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:41:11.208145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:41:27.211881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:41:59.217627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:44:56.312341 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 13:44:56.312494 0.049630 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:56.362572 0.359448 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:56.722435 0.172796 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:56.895650 0.169104 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:57.065132 0.118924 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:57.184439 0.139071 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:57.323862 0.176468 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:57.500763 0.141994 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:57.643200 0.182545 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:57.826153 0.186516 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:58.013052 0.037588 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:58.051067 0.154477 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:58.205928 0.181258 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:58.387590 0.095172 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:58.483115 0.158874 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:58.642441 0.062478 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:58.705337 0.253667 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:58.959400 0.164750 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:59.124589 0.222396 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:59.347441 0.076183 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:59.424027 0.159696 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:59.584466 0.167631 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:59.752506 0.137106 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:44:59.889957 0.160009 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:45:00.050386 0.148245 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:45:00.199089 0.076974 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:45:00.276399 0.319785 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:45:00.596602 0.135367 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:45:00.732344 0.412302 udp 10.0.2.109 3683 <-> 111.252.181.114 9198 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:45:01.144990 0.052682 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/19 13:48:03.223605 3.001970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 13:48:10.230808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:48:18.232580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:48:34.235685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:49:06.241457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:55:10.247366 3.001440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 13:55:17.255086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:55:25.256163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:55:41.259380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 13:56:13.265576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:01:25.835638 0.000184 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 14:01:25.835936 1.039619 tcp 10.0.2.109 58312 -> 70.113.215.93 3558 FSPA* 0 0 14 1521 flow=From-Botnet-V1-TCP-Established 1970/01/19 14:02:17.271708 3.001365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 14:02:24.279015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:02:32.280555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:02:48.283284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:03:20.289493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:09:24.295604 3.001722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 14:09:31.302802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:09:39.303989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:09:55.307521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:10:27.313305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:15:05.303517 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 14:15:05.303685 0.171476 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:05.475616 0.054290 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:05.530351 0.354304 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:05.884966 0.168046 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:06.053433 0.118534 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:06.172370 0.136448 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:06.309263 0.175986 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:06.485659 0.140446 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:06.626431 0.181847 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:06.808689 0.218768 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:07.027815 0.037485 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:07.066037 0.156730 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:07.223177 0.177883 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:07.401466 0.097253 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:07.499113 0.162180 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:07.661651 0.064793 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:07.726868 0.255879 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:07.983157 0.160313 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:08.143884 0.177764 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:08.322239 0.075302 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:08.397934 0.160241 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:08.703297 0.172350 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:08.876056 0.131571 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:09.008024 0.161661 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:09.170038 0.357687 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:09.528141 0.142742 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:09.671298 0.144234 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:09.815868 0.076465 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:15:09.892770 0.000000 udp 10.0.2.109 3683 -> 111.252.181.114 9198 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 14:15:25.463647 0.054284 tcp 10.0.2.109 58313 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 14:15:25.518354 0.054795 tcp 10.0.2.109 58314 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 14:15:25.573448 0.145582 tcp 10.0.2.109 58315 -> 195.113.214.211 443 SRPA* 0 0 32 24683 flow=From-Botnet-V1-TCP-Established 1970/01/19 14:15:25.719511 0.053311 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:16:31.319679 3.001652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 14:16:38.327060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:16:46.328133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:17:02.330978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:17:34.337194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:23:38.343765 3.001018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 14:23:45.350968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:23:53.352518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:24:09.355412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:24:41.361582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:30:45.367617 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 14:30:52.375213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:31:00.376562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:31:16.378966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:31:26.875155 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 14:31:26.875262 1.221663 tcp 10.0.2.109 58316 -> 70.113.215.93 3558 FSPA* 0 0 14 1604 flow=From-Botnet-V1-TCP-Established 1970/01/19 14:31:48.385278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:37:52.391808 3.001107 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 14:37:59.398492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:38:07.399991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:38:23.402992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:38:55.409393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:44:59.415004 3.002189 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 14:45:06.423069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:45:14.424308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:45:30.427266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:45:30.588075 0.000156 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 14:45:30.588329 0.324348 udp 10.0.2.109 3683 -> 111.252.181.114 9198 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 14:45:30.912677 0.000000 icmp 111.252.181.114 0x0303 -> 10.0.2.109 0xee23 URP 192 1 167 flow=Background 1970/01/19 14:45:47.573960 0.053571 tcp 10.0.2.109 58317 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/19 14:45:47.627861 0.053711 tcp 10.0.2.109 58318 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/19 14:45:47.681904 0.151979 tcp 10.0.2.109 58319 -> 195.113.214.211 443 SRPA* 0 0 40 21148 flow=From-Botnet-V1-TCP-Established 1970/01/19 14:45:47.834168 0.345259 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:48.179888 0.167636 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:48.347944 0.171795 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:48.520090 0.048088 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:48.568616 0.136872 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:48.705871 0.176403 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:48.882697 0.141116 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:49.024270 0.181539 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:49.206355 0.118282 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:49.325057 0.202599 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:49.528034 0.177646 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:49.706080 0.093209 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:49.799697 0.164506 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:49.964627 0.058727 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:50.023791 0.255973 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:50.280174 0.154846 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:50.435454 0.035048 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:50.470929 0.076712 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:50.548035 0.159860 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:50.708332 0.162647 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:50.871355 0.143619 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:51.015395 0.160532 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:51.176330 0.177941 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:51.354718 0.128865 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:51.483945 0.148736 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:51.633072 0.077229 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:51.710692 0.163091 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:51.874197 0.332306 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:45:52.206919 0.052483 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/19 14:46:02.432981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:52:06.440677 3.000250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 14:52:13.447061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:52:21.448047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:52:37.451495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:53:09.457277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:59:13.463741 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 14:59:20.470635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:59:28.472415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 14:59:44.475017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:00:16.481065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:01:28.104164 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 15:01:28.104250 1.077410 tcp 10.0.2.109 58320 -> 70.113.215.93 3558 FSPA* 0 0 12 1475 flow=From-Botnet-V1-TCP-Established 1970/01/19 15:06:20.487402 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 15:06:27.494929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:06:35.495736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:06:51.499537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:07:23.505079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:13:27.510734 3.002214 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 15:13:34.718675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:13:42.720513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:13:58.723473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:14:30.729584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:16:13.707840 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 15:16:13.707946 0.248399 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:13.956699 0.057867 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:14.014978 0.137656 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:14.153058 0.178875 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:14.332346 0.142608 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:14.475336 0.336564 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:14.812299 0.169338 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:14.981996 0.180793 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:15.163195 0.119136 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:15.282754 0.184538 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:15.467687 0.179505 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:15.647564 0.086548 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:15.734508 0.159194 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:15.894257 0.055639 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:15.950351 0.250762 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:16.201473 0.153634 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:16.463715 0.035809 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:16.499935 0.326376 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:16.826689 0.161842 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:16.988954 0.163013 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:17.152614 0.144722 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:17.297734 0.135018 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:17.433144 0.146716 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:17.580256 0.075664 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:17.656352 0.167091 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:17.823835 0.163409 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:17.987652 0.205080 udp 10.0.2.109 3683 <-> 71.54.74.147 2659 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:18.193104 0.326895 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:16:18.520402 0.052399 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:20:34.735234 3.001917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 15:20:41.743161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:20:49.743957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:21:05.747595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:21:37.833400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:27:41.840120 3.001045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 15:27:48.847122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:27:56.848140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:28:12.851435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:28:44.857456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:31:29.294680 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 15:31:29.294780 1.175982 tcp 10.0.2.109 58321 -> 70.113.215.93 3558 FSPA* 0 0 12 1479 flow=From-Botnet-V1-TCP-Established 1970/01/19 15:34:48.863621 3.001636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 15:34:55.871124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:35:03.872558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:35:19.875534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:35:51.881468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:41:55.887819 3.001346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 15:42:02.896149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:42:10.896628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:42:27.510470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:42:59.516611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:46:46.322598 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 15:46:46.322856 0.172429 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:46.495712 0.047631 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:46.543757 0.141170 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:46.685261 0.342031 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:47.027689 0.169608 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:47.197690 0.137834 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:47.335907 0.177644 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:47.513968 0.175513 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:47.689895 0.118449 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:47.808702 0.187505 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:47.996578 0.178533 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:48.175549 0.092919 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:48.268866 0.159462 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:48.428660 0.057284 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:48.486503 0.252683 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:48.739520 0.152203 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:48.892130 0.035900 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:48.928420 0.318038 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:49.246847 0.160184 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:49.407386 0.173349 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:49.581144 0.141070 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:49.722616 0.127911 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:49.850893 0.148763 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:50.000080 0.076568 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:50.076994 0.163347 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:50.240751 0.158040 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:50.399208 0.052682 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:46:50.452296 0.000000 udp 10.0.2.109 3683 -> 71.54.74.147 2659 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 15:47:08.726281 0.052811 tcp 10.0.2.109 58322 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 15:47:08.779449 0.052875 tcp 10.0.2.109 58323 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 15:47:08.832174 0.133534 tcp 10.0.2.109 58324 -> 195.113.214.211 443 SRPA* 0 0 38 30106 flow=From-Botnet-V1-TCP-Established 1970/01/19 15:47:08.966338 0.320997 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/19 15:49:03.521635 3.002338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 15:49:10.529909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:49:18.531316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:49:34.534467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:50:06.540026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:56:10.546873 3.000838 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 15:56:17.553598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:56:25.555269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:56:41.558356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 15:57:13.564085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:01:30.774429 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 16:01:30.774518 1.341107 tcp 10.0.2.109 58325 -> 70.113.215.93 3558 FSPA* 0 0 14 1637 flow=From-Botnet-V1-TCP-Established 1970/01/19 16:03:17.570834 3.000991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 16:03:24.577866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:03:32.578737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:03:48.582291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:04:20.587787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:10:24.594484 3.001109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 16:10:31.601541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:10:39.602898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:10:55.605725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:11:27.612002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:17:14.571119 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 16:17:14.571275 3.049564 udp 10.0.2.109 3683 -> 71.54.74.147 2659 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 16:17:17.620839 0.000000 icmp 71.54.74.147 0x0103 -> 10.0.2.109 0x4736 URH 192 1 301 flow=Background 1970/01/19 16:17:31.147337 0.052042 tcp 10.0.2.109 58326 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/19 16:17:31.199728 0.132588 tcp 10.0.2.109 58327 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/19 16:17:31.332604 0.150249 tcp 10.0.2.109 58328 -> 195.113.214.211 443 SRPA* 0 0 40 21148 flow=From-Botnet-V1-TCP-Established 1970/01/19 16:17:31.483037 0.140354 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:31.623727 0.173142 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:31.648855 3.001070 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 16:17:31.797288 0.051992 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:31.849654 0.158357 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:32.008366 0.179060 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:32.187791 0.180528 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:32.368750 0.119893 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:32.489016 0.360117 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:32.849570 0.171170 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:33.021116 0.178845 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:33.200377 0.082855 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:33.283635 0.159940 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:33.443978 0.062189 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:33.506533 0.253430 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:33.760355 0.158982 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:33.919768 0.037518 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:33.957700 0.190121 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:34.202935 0.175968 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:34.379289 0.142024 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:34.521711 0.142183 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:34.664285 0.210897 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:34.875539 0.159805 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:35.035740 0.156556 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:35.192699 0.160098 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:35.353259 0.053748 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:35.407446 0.077130 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:35.485007 0.146209 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:35.631640 0.374091 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:17:38.655560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:17:46.657144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:18:02.660469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:18:34.665875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:24:38.671765 3.002174 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 16:24:45.679468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:24:53.681217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:25:09.683699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:25:41.689829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:31:32.725410 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 16:31:32.725625 0.980626 tcp 10.0.2.109 58329 -> 70.113.215.93 3558 FSPA* 0 0 14 1681 flow=From-Botnet-V1-TCP-Established 1970/01/19 16:31:46.858567 3.000849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 16:31:53.865454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:32:01.866443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:32:17.869354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:32:49.875518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:38:53.881499 3.001873 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 16:39:00.888777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:39:08.890433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:39:24.893295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:39:56.899681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:46:05.913588 3.070953 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 16:46:12.990645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:46:20.991648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:46:36.994550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:47:09.001063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:47:52.132828 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 16:47:52.132909 0.048559 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:52.181910 0.139601 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:52.321871 0.172671 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:52.494949 0.182044 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:52.677335 0.118145 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:52.795904 0.369743 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:53.166199 0.148928 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:53.315524 0.179156 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:53.495085 0.168830 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:53.664285 0.177502 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:53.842248 0.084377 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:53.927037 0.158474 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:54.085895 0.058440 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:54.144758 0.250695 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:54.395842 0.154776 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:54.551024 0.035468 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:54.586885 0.143755 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:54.731072 0.134842 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:54.866342 0.077875 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:55.007155 0.187774 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:55.195337 0.165016 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:55.360749 0.160550 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:55.521693 0.162299 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:55.684348 0.160376 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:55.845163 0.053722 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:55.899352 0.078532 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:55.978348 0.146404 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:47:56.125115 0.380005 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/19 16:53:30.011733 3.001476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 16:53:37.018470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:53:45.020477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:54:01.023148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 16:54:33.029558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:00:37.036176 3.000908 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 17:00:44.042962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:00:52.044207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:01:08.047155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:01:33.744388 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 17:01:33.744482 1.042828 tcp 10.0.2.109 58330 -> 70.113.215.93 3558 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/01/19 17:01:40.052965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:07:44.059661 3.001644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 17:07:51.066597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:07:59.068024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:08:15.071072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:08:47.077328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:14:51.082779 3.002093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 17:14:58.090474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:15:06.092589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:15:22.095009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:15:54.101191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:18:24.237665 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 17:18:24.237768 0.246321 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:24.484506 0.049406 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:24.534434 0.142520 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:24.677325 0.188384 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:24.866149 0.119871 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:24.986433 0.349755 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:25.336593 0.139424 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:25.476352 0.179500 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:25.656237 0.085093 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:25.741660 0.176837 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:25.918931 0.176128 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:26.095437 0.169356 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:26.265251 0.060506 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:26.326187 0.249318 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:26.575924 0.151898 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:26.728219 0.035237 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:26.763869 0.152254 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:26.916549 0.183777 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:27.100801 0.178092 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:27.299539 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 17:18:44.497610 0.053231 tcp 10.0.2.109 58331 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 17:18:44.551121 0.031072 tcp 10.0.2.109 58332 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 17:18:44.582772 0.143991 tcp 10.0.2.109 58333 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/19 17:18:44.727466 0.127717 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:44.855587 0.079346 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:44.935368 0.157820 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:45.093589 0.158025 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:45.252019 0.053013 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:45.305400 0.071032 rtcp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:45.376850 0.145117 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:18:45.522610 0.324407 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:21:58.126611 3.002458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 17:22:05.134567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:22:13.135956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:22:29.139342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:23:01.145365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:29:05.150915 3.002149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 17:29:12.158846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:29:20.159830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:29:36.163440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:30:08.169381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:31:34.814471 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 17:31:34.814576 1.260362 tcp 10.0.2.109 58334 -> 70.113.215.93 3558 FSPA* 0 0 14 1658 flow=From-Botnet-V1-TCP-Established 1970/01/19 17:36:12.175169 3.001847 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 17:36:19.182957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:36:27.183923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:36:43.187475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:37:15.193127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:43:19.199302 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 17:43:26.206298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:43:34.207869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:43:50.211029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:44:22.216847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:48:50.803581 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 17:48:50.803693 0.161184 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:50.965303 0.049632 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:51.015348 0.141160 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:51.156917 0.180352 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:51.337711 0.118283 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:51.456374 0.170431 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:51.627215 0.177512 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:51.805048 0.086245 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:51.891639 0.377365 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:52.269404 0.159540 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:52.429341 0.137652 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:52.567389 0.176994 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:52.744791 0.252674 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:52.997811 0.152605 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:53.150842 0.035781 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:53.187017 0.136792 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:53.324271 0.056439 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:53.381144 0.170271 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:53.551828 0.178149 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:53.730558 0.182562 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:53.913543 0.127871 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:54.041818 0.147898 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:54.190166 0.164192 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:54.354706 0.160872 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:54.515973 0.052675 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:54.569017 0.076760 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:54.646202 0.146227 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:48:54.792828 0.318829 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/19 17:50:26.223710 3.001202 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 17:50:33.230353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:50:41.232011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:50:57.235406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:51:29.241150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:57:33.247458 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 17:57:40.254296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:57:48.255657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:58:04.258697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 17:58:36.265319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:01:36.074208 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 18:01:36.074311 0.989637 tcp 10.0.2.109 58335 -> 70.113.215.93 3558 FSPA* 0 0 14 1638 flow=From-Botnet-V1-TCP-Established 1970/01/19 18:04:40.271430 3.001488 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 18:04:47.278359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:04:55.279743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:05:11.282635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:05:43.288930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:11:47.294668 3.002053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 18:11:54.302780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:12:02.303975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:12:18.306853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:12:50.312929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:18:54.319358 3.171551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 18:19:01.496952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:19:09.497977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:19:20.955138 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 18:19:20.955242 0.161877 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:21.117530 0.050244 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:21.168165 0.141709 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:21.310321 0.177502 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:21.488229 0.128969 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:21.617591 0.175300 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:21.793302 0.180954 rtcp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:21.974684 0.088609 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:22.063714 0.138774 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:22.202915 0.172860 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:22.376202 0.253845 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:22.630470 0.364513 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:22.995389 0.159120 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:23.154930 0.158698 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:23.314048 0.039150 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:23.353644 0.144659 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:23.498688 0.061195 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:23.560330 0.170433 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:23.731184 0.196174 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:23.927779 0.183402 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:24.111567 0.165334 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:24.277244 0.163690 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:24.441351 0.053617 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:24.495357 0.073677 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:24.569441 0.149572 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:24.719581 0.141890 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:24.861826 0.243035 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:25.105255 0.371899 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:19:25.500974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:19:57.507489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:26:01.513454 3.121630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 18:26:08.640449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:26:16.641982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:26:32.645926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:27:04.652071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:31:37.183601 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 18:31:37.183697 1.069464 tcp 10.0.2.109 58336 -> 70.113.215.93 3558 FSPA* 0 0 14 1606 flow=From-Botnet-V1-TCP-Established 1970/01/19 18:33:08.656985 3.002275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 18:33:15.664823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:33:23.666323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:33:39.669051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:34:11.675521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:40:15.681038 3.002070 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 18:40:22.689366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:40:30.690506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:40:46.693298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:41:18.698943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:47:22.705697 3.001251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 18:47:29.712733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:47:37.713964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:47:53.717466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:48:25.723236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:49:49.043449 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 18:49:49.043554 0.160277 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:49.204306 0.051819 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:49.256516 0.144880 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:49.401834 0.179230 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:49.581499 0.118872 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:49.700852 0.173099 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:49.874381 0.178237 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:50.053010 0.079204 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:50.132663 0.245588 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:50.378656 0.365077 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:50.744214 0.138596 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:50.883231 0.178876 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:51.062536 0.165464 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:51.228434 0.154736 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:51.383589 0.035086 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:51.419055 0.135765 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:51.555199 0.057551 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:51.613163 0.168494 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:51.782078 0.195925 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:51.978484 0.185590 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:52.164427 0.157296 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:52.322119 0.162024 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:52.485182 0.051691 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:52.537274 0.075687 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:52.613349 0.142911 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:52.756652 0.135262 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:52.892319 0.075006 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:49:52.967661 0.347936 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 18:54:29.729711 3.001304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 18:54:36.736846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:54:44.738132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:55:00.740813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 18:55:32.747247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:01:36.753464 3.001548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 19:01:38.252954 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 19:01:38.253061 1.149983 tcp 10.0.2.109 58337 -> 70.113.215.93 3558 FSPA* 0 0 14 1513 flow=From-Botnet-V1-TCP-Established 1970/01/19 19:01:43.760713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:01:51.761989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:02:07.765421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:02:39.770846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:08:43.777833 3.001402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 19:08:50.784354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:08:58.786140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:09:14.789303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:09:46.795197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:15:50.901440 3.111485 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 19:15:58.019080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:16:06.020101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:16:22.023662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:16:54.029201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:20:22.419280 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 19:20:22.419528 0.160905 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:22.580801 0.051128 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:22.632296 0.140954 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:22.773666 0.173987 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:22.948040 0.134421 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:23.082849 0.246916 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:23.330196 0.254204 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:23.584737 0.341777 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:23.926849 0.138844 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:24.066260 0.181703 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:24.248365 0.087612 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:24.336405 0.176088 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:24.512860 0.159675 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:24.672918 0.154408 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:24.827709 0.035845 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:24.863962 0.129959 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:24.994376 0.058090 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:25.052921 0.168427 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:25.221759 0.173902 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:25.396079 0.184324 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:25.580824 0.157002 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:25.738231 0.160531 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:25.899175 0.051433 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:25.951022 0.069774 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:26.021231 0.145322 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:26.166939 0.134634 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:26.301933 0.334071 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:20:26.636394 0.349259 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:22:58.035509 3.001566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 19:23:05.043245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:23:13.044155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:23:29.047552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:24:01.053201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:30:05.059545 3.001226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 19:30:12.067010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:30:20.068146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:30:36.071442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:31:08.077224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:31:39.492850 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 19:31:39.492956 1.311584 tcp 10.0.2.109 58338 -> 70.113.215.93 3558 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/01/19 19:37:12.083465 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 19:37:19.090908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:37:27.092141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:37:43.095149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:38:15.101892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:44:19.107681 3.001625 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 19:44:26.115042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:44:34.116169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:44:50.119136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:45:22.125516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:50:41.564608 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 19:50:41.564711 0.137045 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:41.702225 0.174202 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:41.876755 0.161615 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:42.038781 0.049557 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:42.088722 0.255554 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:42.344624 0.352753 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:42.697798 0.118637 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:42.816864 0.172410 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:42.989705 0.138050 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:43.128155 0.179141 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:43.307686 0.088614 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:43.396689 0.178013 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:43.575128 0.160320 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:43.735857 0.152980 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:43.889229 0.035222 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:43.924887 0.136929 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:44.062259 0.056200 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:44.118842 0.169140 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:44.288423 0.164935 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:44.453781 0.186430 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:44.640657 0.166339 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:44.807470 0.164579 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:44.972457 0.052060 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:45.024949 0.073670 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:45.099021 0.172226 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:45.271633 0.364210 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:45.636272 0.141754 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:50:45.778462 0.134827 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/19 19:51:26.131753 3.001273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 19:51:33.138793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:51:41.139951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:51:57.143114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:52:29.149334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:58:33.155241 3.001891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 19:58:40.162557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:58:48.163849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:59:04.167437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 19:59:36.173126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:01:40.812921 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 20:01:40.813026 1.054567 tcp 10.0.2.109 58339 -> 70.113.215.93 3558 FSPA* 0 0 14 1567 flow=From-Botnet-V1-TCP-Established 1970/01/19 20:05:40.179278 3.001435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 20:05:47.186527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:05:55.188332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:06:11.191132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:06:43.196892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:12:47.202684 3.002051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 20:12:54.210882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:13:02.211974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:13:18.214771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:13:50.220773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:19:54.227522 3.001585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 20:20:01.234422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:20:09.235986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:20:25.239365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:20:56.524031 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 20:20:56.524265 0.138337 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:56.663032 0.179378 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:56.842811 0.248707 udp 10.0.2.109 3683 <-> 70.137.128.104 6135 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:57.091929 0.357508 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:57.245086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:20:57.449884 0.120086 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:57.570538 0.172648 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:57.743646 0.160025 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:57.904038 0.051211 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:57.955650 0.134986 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:58.091036 0.181360 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:58.272817 0.091416 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:58.364636 0.179644 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:58.544623 0.171601 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:58.716628 0.153907 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:58.870960 0.034720 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:58.906083 0.135920 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:59.042422 0.060189 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:59.103047 0.167703 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:59.271162 0.169479 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:59.441054 0.187509 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:59.628966 0.169434 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:59.798738 0.160173 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:20:59.959298 0.051811 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:21:00.011454 0.317485 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:21:00.329333 0.145882 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:21:00.475624 0.141748 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:21:00.617784 0.074165 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:21:00.692396 0.135663 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:27:01.251434 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 20:27:08.258707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:27:16.259820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:27:32.263437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:28:04.269067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:31:41.872386 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 20:31:41.872566 1.189399 tcp 10.0.2.109 58340 -> 70.113.215.93 3558 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/01/19 20:34:08.275476 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 20:34:15.282279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:34:23.283699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:34:39.287311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:35:11.292941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:41:15.299341 3.001658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 20:41:22.306346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:41:30.308019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:41:46.310955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:42:18.316642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:48:22.323247 3.001325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 20:48:29.330589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:48:37.331776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:48:53.335055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:49:25.340728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:51:10.982983 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 20:51:10.983083 0.137473 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:11.120982 0.180087 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:11.301491 0.160481 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:11.462360 0.170304 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:11.633044 0.160617 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:11.794037 0.053134 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:11.847581 0.000000 udp 10.0.2.109 3683 -> 70.137.128.104 6135 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 20:51:29.671516 0.053577 tcp 10.0.2.109 58341 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 20:51:29.725400 0.052794 tcp 10.0.2.109 58342 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 20:51:29.778486 0.145720 tcp 10.0.2.109 58343 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/19 20:51:29.924380 0.355646 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:30.280363 0.133038 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:30.413797 0.320874 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:30.735102 0.092919 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:30.828389 0.176542 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:31.005327 0.161570 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:31.167325 0.152886 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:31.320596 0.036503 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:31.357499 0.142904 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:31.500824 0.059849 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:31.561081 0.169390 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:31.730832 0.170690 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:31.901984 0.184144 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:32.086563 0.183922 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:32.270857 0.159845 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:32.431110 0.052619 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:32.484068 0.141998 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:32.626485 0.075055 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:32.701942 0.272631 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:32.974989 0.366070 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:51:33.341759 0.148280 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/19 20:55:29.346499 3.001861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 20:55:36.354524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:55:44.356105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:56:00.358605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 20:56:32.365027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:01:43.061912 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 21:01:43.062009 1.011785 tcp 10.0.2.109 58344 -> 70.113.215.93 3558 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/01/19 21:02:36.371457 3.001018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 21:02:43.378167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:02:51.380115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:03:07.383068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:03:39.388803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:09:43.394883 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 21:09:50.402022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:09:58.403901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:10:14.407043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:10:46.412597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:16:50.419244 3.001663 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 21:16:57.425992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:17:05.528054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:17:21.531084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:17:53.537529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:21:48.374927 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 21:21:48.375085 0.245901 udp 10.0.2.109 3683 -> 70.137.128.104 6135 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 21:21:48.620986 0.000000 icmp 70.137.128.104 0x0303 -> 10.0.2.109 0xf717 URP 192 1 137 flow=Background 1970/01/19 21:22:04.930344 0.031980 tcp 10.0.2.109 58345 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 21:22:04.961959 0.031480 tcp 10.0.2.109 58346 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 21:22:04.993731 0.142691 tcp 10.0.2.109 58347 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/19 21:22:05.136551 0.184732 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:05.321686 0.161406 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:05.483486 0.170632 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:05.654551 0.159271 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:05.814369 0.051146 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:05.865944 0.140626 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:06.006989 0.179003 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:06.186550 0.090527 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:06.277482 0.178043 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:06.455945 0.346592 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:06.802952 0.133046 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:06.936408 0.161519 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:07.098506 0.150382 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:07.249305 0.040518 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:07.290383 0.134086 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:07.424863 0.061793 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:07.487087 0.169446 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:07.656891 0.163598 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:07.820912 0.184629 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:08.005947 0.168103 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:08.174437 0.162228 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:08.337025 0.052677 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:08.390052 0.135139 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:08.525611 0.075991 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:08.601964 0.205395 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:08.807720 0.322484 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:22:09.130633 0.146669 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:23:57.543099 3.001290 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 21:24:04.550150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:24:12.551926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:24:28.554668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:25:00.561130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:31:04.566354 3.002541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 21:31:12.415559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:31:20.416719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:31:36.419948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:31:44.542052 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 21:31:44.542161 1.105327 tcp 10.0.2.109 58348 -> 70.113.215.93 3558 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/01/19 21:32:08.426130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:38:12.432793 3.001206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 21:38:19.439162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:38:27.441264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:38:43.443907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:39:16.471193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:45:20.478429 3.000806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 21:45:28.446612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:45:36.448148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:45:52.450581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:46:24.457153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:52:18.346242 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 21:52:18.346353 0.192260 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:18.539016 0.161731 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:18.701160 0.172514 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:18.874124 0.158040 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:19.032586 0.048823 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:19.081816 0.141385 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:19.223611 0.178630 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:19.402684 0.382459 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:19.785492 0.138591 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:19.924502 0.181975 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:20.106863 0.082310 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:20.189704 0.175899 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:20.366020 0.155497 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:20.521939 0.034939 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:20.557257 0.138480 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:20.696175 0.061062 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:20.757643 0.169995 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:20.928055 0.172312 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:21.100734 0.185365 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:21.286548 0.052421 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:21.339423 0.127919 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:21.467677 0.075617 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:21.543691 0.103041 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:21.647148 0.182542 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:21.830110 0.162576 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:21.993034 0.334575 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:22.328019 0.148308 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/19 21:52:28.463374 3.000941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 21:52:35.470240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:52:43.471930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:52:59.474621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:53:31.480842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 21:59:45.491866 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 21:59:52.498336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:00:00.499982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:00:18.205291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:00:50.211559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:01:47.434681 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 22:01:47.434787 1.288241 tcp 10.0.2.109 58349 -> 70.113.215.93 3558 FSPA* 0 0 14 1733 flow=From-Botnet-V1-TCP-Established 1970/01/19 22:06:59.225646 3.000665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 22:07:06.232107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:07:14.234040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:07:30.237043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:08:02.242691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:14:06.249912 3.000900 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 22:14:13.256095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:14:21.257858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:14:37.260978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:15:09.266414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:21:13.273406 3.001309 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 22:21:20.280048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:21:28.281846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:21:44.285018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:22:16.290918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:22:46.093943 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 22:22:46.094037 0.174312 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:46.268700 0.119205 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:46.388283 0.180979 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:46.569669 0.159839 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:46.729922 0.050758 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:46.781059 0.357790 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:47.139324 0.136667 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:47.276346 0.140701 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:48.639301 0.176223 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:48.815906 0.181944 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 592 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:48.998242 0.090394 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:49.089062 0.159313 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:49.248773 0.154137 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:49.403301 0.034456 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:49.438157 0.136117 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:49.574677 0.057306 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:49.632385 0.168383 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:49.801172 0.172417 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:49.974005 0.200934 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:50.175295 0.052567 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:50.228315 0.127749 rtcp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:50.356400 0.076640 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:50.433462 0.160302 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:50.594139 0.574670 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:51.169194 0.134376 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:51.303981 0.168595 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:22:51.472946 0.145292 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:28:20.296240 3.072495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 22:28:27.374017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:28:35.375485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:28:51.378576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:29:23.384795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:31:48.744374 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 22:31:48.744514 1.418844 tcp 10.0.2.109 58350 -> 70.113.215.93 3558 FSPA* 0 0 14 1621 flow=From-Botnet-V1-TCP-Established 1970/01/19 22:35:27.391657 3.000439 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 22:35:34.398431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:35:42.400058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:35:58.402382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:36:30.408676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:42:34.415589 3.000553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 22:42:41.421956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:42:49.423594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:43:05.426750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:43:37.542980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:49:41.549338 3.001101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 22:49:48.556527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:49:56.557922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:50:12.561005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:50:44.566993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:52:59.330767 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 22:52:59.330897 0.173730 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:52:59.505042 0.160799 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:52:59.666278 0.048255 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:52:59.714977 0.174806 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:52:59.890188 0.119110 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:00.009708 0.352449 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:00.362496 0.140412 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:00.503273 0.181103 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:00.684766 0.138693 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:00.823903 0.179687 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:01.003941 0.088794 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:01.093166 0.159354 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:01.252863 0.155265 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:01.408479 0.034758 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:01.443655 0.132024 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:01.576097 0.059166 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:01.635683 0.169928 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:01.806210 0.164708 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:01.971272 0.183276 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:02.154987 0.052327 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:02.207708 0.134883 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:02.342954 0.072567 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:02.415911 0.159448 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:02.575789 0.173714 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:02.749912 0.146327 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:02.896595 0.310212 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:53:03.207221 0.277983 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/19 22:56:48.573200 3.001189 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 22:56:55.580094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:57:03.581901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:57:19.585180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 22:57:51.590674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:01:50.214348 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 23:01:50.214460 1.024722 tcp 10.0.2.109 58351 -> 70.113.215.93 3558 FSPA* 0 0 14 1662 flow=From-Botnet-V1-TCP-Established 1970/01/19 23:03:55.597163 3.001609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 23:04:02.605050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:04:10.605867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:04:26.608581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:04:58.615273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:11:02.661393 3.031487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 23:11:09.698167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:11:17.699889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:11:33.703124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:12:05.708550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:18:09.715510 3.001106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 23:18:16.722332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:18:24.723823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:18:40.727059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:19:12.732989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:23:23.593729 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 23:23:23.593919 0.052819 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:23.647164 0.182195 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:23.829778 0.173340 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:24.003461 0.248368 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:24.252285 0.160778 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:24.413415 0.341090 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:24.754960 0.136331 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:24.891702 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/19 23:23:40.820801 0.057067 tcp 10.0.2.109 58352 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/19 23:23:40.878292 0.054445 tcp 10.0.2.109 58353 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/19 23:23:40.933046 0.130294 tcp 10.0.2.109 58354 -> 195.113.214.211 443 SRPA* 0 0 78 77417 flow=From-Botnet-V1-TCP-Established 1970/01/19 23:23:41.064421 0.144185 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:41.209016 0.176809 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:41.386292 0.086713 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:41.473347 0.158856 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:41.632567 0.155747 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:41.788684 0.035371 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:41.824418 0.137840 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:41.962665 0.061548 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:42.024614 0.170256 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:42.195257 0.166113 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:42.361808 0.182947 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:42.545182 0.052677 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:42.598257 0.128140 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:42.726777 0.734970 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:43.462156 0.161836 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:43.624360 0.195104 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:43.819902 0.143811 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:43.964119 0.317344 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:23:44.281884 0.249102 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:25:16.739180 3.001118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 23:25:23.745993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:25:31.748037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:25:47.750821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:26:19.757043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:31:51.253962 0.000172 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 23:31:51.254256 1.348856 tcp 10.0.2.109 58355 -> 70.113.215.93 3558 FSPA* 0 0 14 1535 flow=From-Botnet-V1-TCP-Established 1970/01/19 23:32:23.762953 3.001400 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 23:32:30.769974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:32:38.771768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:32:54.775040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:33:26.780803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:39:30.786199 3.002017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 23:39:37.793988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:39:45.795879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:40:01.798668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:40:33.804899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:46:37.811082 3.001462 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 23:46:44.818032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:46:52.819673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:47:08.822862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:47:40.828571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:53:44.834216 3.002316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/19 23:53:51.841770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:53:59.843498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:54:03.469158 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/19 23:54:03.469303 0.179096 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:03.648863 0.185718 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:03.834981 0.051378 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:03.886765 0.164893 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:04.052087 0.137328 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:04.189772 0.159722 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:04.349895 0.172869 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:04.523175 0.371881 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:04.895437 0.141239 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:05.037073 0.175477 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:05.212887 0.095076 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:05.308302 0.162237 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:05.470939 0.156752 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:05.628107 0.035158 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:05.663711 0.143652 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:05.807773 0.059016 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:05.867192 0.184432 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:06.052063 0.052622 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:06.105123 0.135250 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:06.240735 0.169945 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:06.411094 0.164530 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:06.576041 0.081670 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:06.658078 0.161228 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:06.819753 0.168081 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:06.988211 0.147116 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:07.135690 0.333361 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:07.469428 0.298184 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/19 23:54:15.846482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/19 23:54:47.852491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:00:51.879078 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 00:00:58.885877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:01:06.887510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:01:22.890398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:01:52.623833 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 00:01:52.623932 1.090532 tcp 10.0.2.109 58356 -> 70.113.215.93 3558 FSPA* 0 0 14 1518 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:01:54.896599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:07:58.903047 3.091472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 00:08:06.000120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:08:14.001625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:08:30.004902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:09:02.010929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:15:06.016564 3.001460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 00:15:13.023800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:15:21.025843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:15:37.029207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:16:09.034991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:22:13.041389 3.000919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 00:22:20.048001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:22:28.049577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:22:44.052963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:23:16.299167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:24:26.700229 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 00:24:26.700463 0.054694 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:26.755630 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 00:24:42.264578 0.054089 tcp 10.0.2.109 58357 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:24:42.318957 0.056424 tcp 10.0.2.109 58358 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:24:42.375744 0.152962 tcp 10.0.2.109 58359 -> 195.113.214.211 443 SRPA* 0 0 46 35782 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:24:42.529460 0.174419 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:42.704254 0.120938 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:42.825530 0.137212 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:42.963156 0.159373 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:43.122959 0.281557 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:43.404935 0.382044 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:43.787317 0.138460 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:43.926329 0.176597 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:44.103332 0.086215 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:44.189964 0.159181 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:44.349453 0.527240 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:44.877116 0.035177 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:44.912690 0.131752 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:45.044873 0.058188 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:45.103500 0.183907 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:45.287759 0.052556 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:45.340740 0.128061 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:45.469188 0.170411 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:45.640013 0.162203 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:45.802646 0.073746 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:45.876781 0.158515 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:46.035717 0.165748 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:46.201857 0.080056 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:46.282323 0.146128 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:24:46.428807 0.318996 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:29:20.304328 3.002358 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 00:29:27.312633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:29:35.313854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:29:51.316884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:30:23.323069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:31:53.853618 0.000157 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 00:31:53.853886 0.945759 tcp 10.0.2.109 58360 -> 70.113.215.93 3558 FSPA* 0 0 14 1554 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:36:27.328592 3.002543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 00:36:34.336394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:36:42.337880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:36:58.341062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:37:30.346880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:43:34.353921 3.000844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 00:43:41.360222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:43:49.362030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:44:05.365141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:44:37.370571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:50:41.376380 3.011985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 00:50:48.394022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:50:56.395870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:51:12.398528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:51:44.405171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:55:09.730487 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 00:55:09.730593 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 00:55:26.646727 0.054814 tcp 10.0.2.109 58361 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:55:26.701340 0.067909 tcp 10.0.2.109 58362 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:55:26.769564 0.152462 tcp 10.0.2.109 58363 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:55:26.921516 0.050342 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:26.972209 0.172259 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:27.144869 0.166734 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:27.312037 0.138419 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:27.450864 0.159483 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:27.610761 0.000000 udp 10.0.2.109 3683 -> 108.245.201.41 9676 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 00:55:45.562457 0.051822 tcp 10.0.2.109 58364 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:55:45.614567 0.055592 tcp 10.0.2.109 58365 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:55:45.670518 0.155818 tcp 10.0.2.109 58366 -> 195.113.214.211 443 SRPA* 0 0 50 30418 flow=From-Botnet-V1-TCP-Established 1970/01/20 00:55:45.825463 0.339646 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:46.165521 0.091200 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:46.257124 0.161895 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:46.419453 0.140897 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:46.560685 0.175843 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:46.736945 0.154277 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:46.891628 0.038156 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:46.930206 0.136604 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:47.067145 0.059894 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:47.127455 0.187374 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:47.315173 0.052310 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:47.367860 0.128046 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:47.496316 0.169046 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:47.665730 0.165003 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:47.831156 0.182914 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:48.014521 0.297533 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:48.312449 0.149104 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:48.461905 0.316640 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:48.778890 0.084727 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:55:48.863954 0.157378 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/20 00:57:48.501054 3.001913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 00:57:55.508111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:58:03.509734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:58:19.513031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 00:58:51.519244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:01:54.893198 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 01:01:54.893303 1.143951 tcp 10.0.2.109 58367 -> 70.113.215.93 3558 FSPA* 0 0 14 1703 flow=From-Botnet-V1-TCP-Established 1970/01/20 01:04:55.525107 3.001392 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 01:05:02.532286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:05:10.534022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:05:26.536735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:05:58.543355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:12:02.549777 3.000952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 01:12:09.556362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:12:17.557648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:12:33.561047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:13:05.566807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:19:09.572579 3.002053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 01:19:16.650289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:19:24.651578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:19:40.655107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:20:12.661080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:25:59.320091 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 01:25:59.320353 0.172808 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:25:59.493507 0.140013 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:25:59.633921 0.161551 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:25:59.795876 0.178429 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:25:59.974644 0.054992 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:00.030012 0.181143 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:00.211551 0.377548 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:00.589507 0.081202 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:00.671146 0.157806 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:00.829380 0.141056 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:00.970845 0.177711 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:01.148970 0.158753 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:01.308135 0.033916 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:01.342476 0.136555 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:01.479396 0.062263 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:01.542013 0.182202 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:01.724644 0.052599 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:01.777660 0.134785 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:01.912843 0.169374 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:02.082679 0.175428 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:02.258499 0.150567 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:02.409468 0.362066 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:02.771901 0.075901 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:02.848220 0.162570 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:03.011147 0.753095 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:03.764639 0.164029 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:26:16.667946 3.000935 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 01:26:23.674221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:26:31.675558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:26:47.829196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:27:19.835071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:31:56.132833 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 01:31:56.132932 1.463368 tcp 10.0.2.109 58368 -> 70.113.215.93 3558 FSPA* 0 0 14 1658 flow=From-Botnet-V1-TCP-Established 1970/01/20 01:33:23.841820 3.001221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 01:33:30.848644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:33:38.850012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:33:54.853302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:34:26.859288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:40:30.865562 3.001084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 01:40:37.872704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:40:45.874450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:41:01.877089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:41:33.883166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:47:37.889800 3.001073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 01:47:44.896174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:47:52.898079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:48:08.900807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:48:40.907092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:54:44.913297 3.021676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 01:54:51.940353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:54:59.941913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:55:15.944675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:55:47.950967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 01:56:08.260470 0.000147 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 01:56:08.260717 0.161674 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:08.422778 0.173307 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:08.596475 0.136621 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:08.733519 0.179163 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:08.913110 0.052358 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:08.965875 0.170097 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:09.136338 0.363005 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:09.499771 0.090697 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:09.590890 0.161298 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:09.752533 0.140953 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:09.893897 0.177028 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:10.071345 0.155597 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:10.227364 0.704186 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:10.931956 0.136354 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:11.068655 0.060348 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:11.129466 0.185400 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:11.315226 0.051517 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:11.367169 0.134691 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:11.502461 0.144808 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:11.647697 0.322922 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:11.971025 0.075339 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:12.046764 0.168497 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:12.215653 0.165158 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:12.381224 0.168756 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:12.550349 0.172064 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/20 01:56:12.722813 0.169631 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:01:51.957550 3.001375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 02:01:57.603219 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 02:01:57.603312 1.037659 tcp 10.0.2.109 58369 -> 70.113.215.93 3558 FSPA* 0 0 12 1635 flow=From-Botnet-V1-TCP-Established 1970/01/20 02:01:58.964405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:02:06.966345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:02:22.969287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:02:54.975237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:08:58.980407 3.002493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 02:09:05.988505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:09:13.990155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:09:29.993108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:10:01.998986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:16:06.005485 3.001162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 02:16:13.012376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:16:21.013796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:16:37.016980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:17:09.023051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:23:13.028897 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 02:23:20.036634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:23:28.038214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:23:44.040532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:24:16.047134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:26:35.898314 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 02:26:35.898500 0.137940 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:36.036835 0.186700 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:36.223907 0.054425 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:36.278760 0.159739 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:36.438902 0.000000 udp 10.0.2.109 3683 -> 108.245.201.41 9676 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 02:26:52.383987 0.057244 tcp 10.0.2.109 58370 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/20 02:26:52.441073 0.054150 tcp 10.0.2.109 58371 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/20 02:26:52.495474 0.137872 tcp 10.0.2.109 58372 -> 195.113.214.211 443 SRPA* 0 0 37 27267 flow=From-Botnet-V1-TCP-Established 1970/01/20 02:26:52.633838 0.163553 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:52.797910 0.371375 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:53.169720 0.091793 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:53.261878 0.165654 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:53.427963 0.142547 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:53.570904 0.040884 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:53.612215 0.175606 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:53.788164 0.154811 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:53.943372 0.136767 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:54.080551 0.057716 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:54.138647 0.185025 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:54.324102 0.053209 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:54.377834 0.127961 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:54.506190 0.150707 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:54.657327 0.322167 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:54.979915 0.163657 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:55.143998 0.183992 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:55.328398 0.245031 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:55.573845 0.162401 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:55.736650 0.082089 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:26:55.819095 0.169383 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:30:20.052408 3.002002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 02:30:27.060118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:30:35.061726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:30:51.064845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:31:23.070830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:31:58.642293 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 02:31:58.642402 1.120464 tcp 10.0.2.109 58373 -> 70.113.215.93 3558 FSPA* 0 0 14 1564 flow=From-Botnet-V1-TCP-Established 1970/01/20 02:37:27.077480 3.001341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 02:37:34.084478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:37:42.086105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:37:58.088965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:38:30.094813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:44:34.101444 3.001088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 02:44:41.108046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:44:49.109664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:45:05.112570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:45:37.119141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:51:41.125589 3.000916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 02:51:48.131910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:51:56.133809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:52:12.136580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:52:44.143206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:57:07.982608 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 02:57:07.982703 0.172282 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:08.155443 0.160654 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:08.316474 0.186728 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:08.503577 0.137167 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:08.641162 0.047907 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:08.689478 0.163925 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:08.853894 0.337515 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:09.191811 0.090135 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:09.282419 0.164952 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:09.447774 0.143258 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:09.591485 0.047147 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:09.638959 0.000000 udp 10.0.2.109 3683 -> 99.181.8.171 9687 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 02:57:27.742896 0.053088 tcp 10.0.2.109 58374 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 02:57:27.796250 0.054781 tcp 10.0.2.109 58375 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 02:57:27.851317 0.152241 tcp 10.0.2.109 58376 -> 195.113.214.211 443 SRPA* 0 0 83 60700 flow=From-Botnet-V1-TCP-Established 1970/01/20 02:57:28.001668 0.155975 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:28.158017 0.139824 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:28.298260 0.059494 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:28.358214 0.184569 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:28.543166 0.052314 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:28.595849 0.134606 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:28.730876 0.149696 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:28.880943 0.362859 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:29.244216 0.110917 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:29.355578 0.161106 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:29.517021 0.079901 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:29.597326 0.163675 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:29.761410 0.250440 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:57:30.012257 0.169470 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/20 02:58:48.214064 2.996665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 02:58:55.216168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:59:03.217681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:59:19.220882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 02:59:51.226625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:02:00.192417 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 03:02:00.192655 1.046233 tcp 10.0.2.109 58377 -> 70.113.215.93 3558 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/01/20 03:05:56.054347 3.001180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 03:06:03.231712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:06:11.232981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:06:27.235846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:06:59.402136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:13:03.408587 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 03:13:10.415741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:13:18.417617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:13:34.420147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:14:06.426491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:20:10.432792 3.001018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 03:20:17.439801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:20:25.821971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:20:41.824547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:21:13.830715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:27:17.837219 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 03:27:24.844180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:27:31.473830 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 03:27:31.473930 0.174325 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:31.648673 0.159741 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:31.808747 0.174113 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:31.983237 0.136602 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:32.120262 0.056607 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:32.177263 0.177503 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:32.355411 0.248755 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:32.604609 0.143917 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:32.748933 0.036567 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:32.785968 0.375520 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:32.845919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:27:33.161833 0.086616 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:33.248881 0.165972 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:33.415236 0.156846 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:33.572491 0.136831 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:33.709716 0.114634 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:33.824700 0.190275 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:34.015340 0.051558 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:34.067301 0.134732 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:34.202456 0.149425 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:34.352228 0.164431 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:34.517035 0.074922 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:34.592311 0.166115 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:34.758788 0.364806 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:35.124023 0.167997 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:35.292452 0.160517 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:35.453317 0.170161 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:27:48.849098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:28:20.854799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:32:01.572926 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 03:32:01.573190 1.129546 tcp 10.0.2.109 58378 -> 70.113.215.93 3558 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/01/20 03:34:24.861546 3.001325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 03:34:31.868152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:34:39.869774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:34:55.872565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:35:27.878950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:41:31.884975 3.001759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 03:41:38.891961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:41:46.893531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:42:02.896743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:42:34.902714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:48:38.909155 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 03:48:45.916586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:48:53.917649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:49:09.920874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:49:41.927030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:55:45.933370 3.000733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 03:55:52.939896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:56:00.941969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:56:16.944645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:56:48.950773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 03:57:56.588469 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 03:57:56.588559 0.170323 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:56.759334 0.178592 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:56.938358 0.178570 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:57.117373 0.138900 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:57.256701 0.053829 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:57.310952 0.119880 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:57.431226 0.182630 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:57.614246 0.144236 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:57.758889 0.037296 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:57.796618 0.345713 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:58.142721 0.092383 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:58.235490 0.166144 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:58.402062 0.152633 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:58.555103 0.138525 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:58.694056 0.063652 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:58.758259 0.196752 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:58.955395 0.051587 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:59.007383 0.134973 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:59.142799 0.147773 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:59.290964 0.162674 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:59.454199 0.082414 rtcp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:59.537002 0.162300 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:59.699713 0.161121 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:57:59.861227 0.173548 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:58:00.035125 0.316987 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/20 03:58:00.352566 0.079160 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:02:02.702368 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 04:02:02.702477 0.985709 tcp 10.0.2.109 58379 -> 70.113.215.93 3558 FSPA* 0 0 14 1513 flow=From-Botnet-V1-TCP-Established 1970/01/20 04:02:52.958403 3.000129 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 04:02:59.964037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:03:07.965472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:03:23.968607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:03:55.975158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:09:59.981570 3.001304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 04:10:06.987777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:10:14.989445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:10:30.992706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:11:02.999028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:17:07.004396 3.001651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 04:17:14.012139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:17:22.013454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:17:38.016676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:18:10.022311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:24:14.028319 3.002038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 04:24:21.035712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:24:29.037729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:24:45.040215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:25:17.046577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:28:08.182657 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 04:28:08.182775 0.176726 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:08.359938 0.160151 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:08.520491 0.174170 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:08.695051 0.136087 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:08.831485 0.056562 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:08.888480 0.195008 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:09.083918 0.171976 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:09.256271 0.141738 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:09.398416 0.039423 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:09.438344 0.363769 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:09.802535 0.085850 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:09.888853 0.159017 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:10.048305 0.159577 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:10.208289 0.140488 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:10.349166 0.062914 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:10.412484 0.183026 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:10.595852 0.053473 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:10.649770 0.134965 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:10.785114 0.150059 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:10.935569 0.163456 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:11.099442 0.076749 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:11.176526 0.162840 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:11.339786 0.165384 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:11.505573 0.130170 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:11.636142 0.169442 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:28:11.806021 0.364288 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:31:21.052569 3.001713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 04:31:28.059981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:31:36.061516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:31:52.064692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:32:03.691802 0.000195 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 04:32:03.692095 1.029143 tcp 10.0.2.109 58380 -> 70.113.215.93 3558 FSPA* 0 0 14 1520 flow=From-Botnet-V1-TCP-Established 1970/01/20 04:32:24.070743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:38:28.076410 3.002648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 04:38:35.083652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:38:43.085200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:38:59.088532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:39:31.094621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:45:35.101010 3.000990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 04:45:42.107682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:45:50.112570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:46:06.112122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:46:38.119005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:52:42.127504 2.998979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 04:52:49.131951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:52:57.133244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:53:13.136425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:53:45.142646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 04:58:24.534950 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 04:58:24.535052 0.182282 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:24.717793 0.136411 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:24.854613 0.175802 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:25.030845 0.159676 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:25.190887 0.054377 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:25.245681 0.168254 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:25.414312 0.172072 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:25.586764 0.142522 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:25.729612 0.034418 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:25.764430 0.356921 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:26.121707 0.090671 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:26.212818 0.159161 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:26.372390 0.156463 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:26.529202 0.145935 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:26.675512 0.060548 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:26.736469 0.187344 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:26.924235 0.051227 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:26.975842 0.142017 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:27.118291 0.082312 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:27.200976 0.163402 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:27.364793 0.163659 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:27.528865 0.271663 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:27.800937 0.169408 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:27.970728 0.145483 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:28.116624 0.162318 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:58:28.279330 0.363477 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/20 04:59:49.148712 3.001118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 04:59:56.156604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:00:04.158369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:00:20.160683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:00:52.166349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:02:04.721321 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 05:02:04.721418 1.119136 tcp 10.0.2.109 58381 -> 70.113.215.93 3558 FSPA* 0 0 14 1539 flow=From-Botnet-V1-TCP-Established 1970/01/20 05:06:56.171645 3.002555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 05:07:03.180043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:07:11.181133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:07:27.184096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:07:59.190379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:14:03.196977 3.000779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 05:14:10.203927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:14:18.205388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:14:34.208477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:15:06.214153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:21:10.220659 3.001725 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 05:21:17.228174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:21:25.229296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:21:41.232374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:22:13.238508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:28:17.244282 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 05:28:24.251892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:28:32.253321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:28:44.321242 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 05:28:44.321334 0.181988 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:28:44.503725 0.136718 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:28:44.640780 0.177562 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:28:44.818758 0.160258 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:28:44.979430 0.050768 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:28:45.030536 0.169845 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:28:45.200778 0.000000 udp 10.0.2.109 3683 -> 108.245.201.41 9676 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 05:28:48.256003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:29:01.977986 0.053680 tcp 10.0.2.109 58382 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 05:29:02.031957 0.055865 tcp 10.0.2.109 58383 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 05:29:02.088121 0.132487 tcp 10.0.2.109 58384 -> 195.113.214.211 443 SRPA* 0 0 33 24135 flow=From-Botnet-V1-TCP-Established 1970/01/20 05:29:02.221121 0.140055 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:02.361589 0.035308 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:02.397309 0.344520 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:02.742422 0.082471 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:02.825318 0.172352 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:02.998002 0.158760 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:03.157130 0.136136 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:03.293655 0.062276 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:03.356327 0.188512 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:03.545231 0.052545 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:03.598223 0.128072 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:03.726713 0.224274 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:03.951400 0.164387 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:04.116156 0.180168 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:04.296653 0.282662 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:04.579718 0.505339 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:05.085494 0.374873 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:05.460773 0.169291 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:05.630474 0.146739 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:29:20.382266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:32:05.920568 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 05:32:05.920671 1.228357 tcp 10.0.2.109 58385 -> 70.113.215.93 3558 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/01/20 05:35:24.389056 3.050856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 05:35:31.445932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:35:39.447573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:35:55.450293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:36:27.737034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:42:31.742886 3.001809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 05:42:38.749995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:42:46.751490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:43:02.754696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:43:34.761152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:49:38.767546 3.000762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 05:49:45.774487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:49:53.775817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:50:09.779109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:50:41.785005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:56:45.791660 3.000702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 05:56:52.797904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:57:00.799420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:57:16.802400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:57:48.809089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 05:59:35.622497 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 05:59:35.622754 0.173792 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:35.797948 0.138624 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:35.937001 0.174843 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:36.112298 0.176086 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:36.288826 0.185007 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:36.474400 0.055212 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:36.530000 0.191122 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:36.721557 0.350204 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:37.072190 0.089422 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:37.162034 0.146211 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:37.308642 0.037589 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:37.346631 0.158455 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:37.505476 0.152921 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:37.658809 0.138678 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:37.797902 0.060045 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:37.858407 0.182049 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:38.040807 0.052539 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:38.093704 0.142072 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:38.236170 0.171536 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:38.408072 0.145234 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:38.553692 0.080860 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:38.634903 0.164301 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:38.799596 0.182844 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:38.982844 0.142505 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:39.125741 0.560814 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/20 05:59:39.686913 0.345301 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:02:07.300914 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 06:02:07.301014 0.975352 tcp 10.0.2.109 58386 -> 70.113.215.93 3558 FSPA* 0 0 14 1570 flow=From-Botnet-V1-TCP-Established 1970/01/20 06:03:52.815104 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 06:03:59.821862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:04:07.823988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:04:23.826642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:04:55.832502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:10:59.839285 3.321267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 06:11:07.166886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:11:15.167802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:11:31.171022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:12:03.177199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:18:07.183479 3.001410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 06:18:14.190921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:18:22.191784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:18:38.195024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:19:10.491385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:25:14.497606 3.001291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 06:25:21.504646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:25:29.506570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:25:45.509432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:26:17.515667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:30:02.759833 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 06:30:02.760010 0.195834 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:02.956298 0.136802 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:03.093492 0.121535 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:03.215445 0.059005 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:03.274865 0.158976 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:03.434276 0.172419 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:03.607104 0.176884 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:03.784357 0.358649 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:04.143418 0.090820 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:04.234658 0.143763 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:04.378789 0.041419 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:04.420616 0.174054 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:04.595109 0.157801 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:04.753325 0.140070 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:04.893807 0.057959 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:04.952192 0.183014 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:05.135680 0.051558 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:05.187601 0.135056 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:05.323067 0.292342 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:05.615827 0.172434 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:05.788608 0.078398 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:05.867402 0.193821 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:06.061634 0.169361 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:06.231408 0.146449 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:06.378440 0.161873 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:30:06.540709 0.322296 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/20 06:32:08.570635 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 06:32:08.570738 1.129347 tcp 10.0.2.109 58387 -> 70.113.215.93 3558 FSPA* 0 0 14 1657 flow=From-Botnet-V1-TCP-Established 1970/01/20 06:32:21.522437 3.000751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 06:32:28.529338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:32:36.530341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:32:52.533670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:33:24.539156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:39:28.786833 3.001085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 06:39:35.793136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:39:43.794763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:39:59.797891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:40:31.803609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:46:35.810521 3.000832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 06:46:42.817426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:46:50.818598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:47:06.821697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:47:38.828155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:53:42.834508 3.001110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 06:53:49.841097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:53:57.842527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:54:13.845879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 06:54:45.851899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:00:32.060179 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 07:00:32.060317 0.198588 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:32.259294 0.138347 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:32.398390 0.118191 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:32.517030 0.053808 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:32.571247 0.191100 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:32.762752 0.176028 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:32.939171 0.171100 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:33.110671 0.144252 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:33.255341 0.035679 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:33.291361 0.160756 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:33.452499 0.156624 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:33.609592 0.329882 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:33.939843 0.090133 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:34.030402 0.137091 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:34.167856 0.062562 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:34.230843 0.212824 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:34.444081 0.051792 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:34.496265 0.128294 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:34.624921 0.158385 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:34.783637 0.173373 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:34.957408 0.200030 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:35.157844 0.144986 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:35.303206 0.160101 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:35.463716 0.077961 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:35.542090 0.207434 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:35.749948 0.362206 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:00:49.858479 3.001080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 07:00:56.865324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:01:04.867202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:01:20.869963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:01:52.875991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:02:09.800517 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 07:02:09.800627 1.100697 tcp 10.0.2.109 58388 -> 70.113.215.93 3558 FSPA* 0 0 15 1558 flow=From-Botnet-V1-TCP-Established 1970/01/20 07:07:56.882564 3.001005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 07:08:03.889096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:08:11.890451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:08:27.893776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:08:59.900160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:15:03.906038 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 07:15:10.913258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:15:18.914630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:15:34.917471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:16:06.923334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:22:10.929033 3.002466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 07:22:17.938346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:22:25.938482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:22:41.941539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:23:13.947773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:29:17.954473 3.000508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 07:29:24.960907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:29:32.962281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:29:48.965805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:30:20.971786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:30:36.654491 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 07:30:36.654642 0.175847 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:36.830883 0.052138 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:36.883443 0.190336 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:37.074374 0.251626 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:37.326508 0.136502 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:37.463386 0.175425 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:37.639214 0.170707 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:37.810350 0.147097 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:37.957776 0.036351 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:37.994576 0.168515 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:38.163510 0.157527 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:38.321434 0.374357 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:38.696215 0.088204 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:38.784848 0.132371 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:38.917633 0.062890 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:38.980854 0.224944 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:39.206249 0.053601 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:39.260269 0.141988 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:39.402670 0.185393 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:39.588502 0.148411 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:39.737337 0.187416 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:39.925150 0.104977 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:40.030544 0.194260 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:40.225210 0.078340 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:40.303969 0.193213 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:30:40.497604 0.362579 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/20 07:32:10.899745 0.000190 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 07:32:10.900031 1.072515 tcp 10.0.2.109 58389 -> 70.113.215.93 3558 FSPA* 0 0 14 1683 flow=From-Botnet-V1-TCP-Established 1970/01/20 07:36:24.978719 3.000593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 07:36:31.985091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:36:39.986210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:36:55.989345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:37:27.995223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:43:32.001508 3.001438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 07:43:39.009124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:43:47.010726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:44:03.013536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:44:35.019667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:50:39.025971 3.001081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 07:50:46.032873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:50:54.034743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:51:10.037617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:51:42.043593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:57:46.050223 3.000844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 07:57:53.057027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:58:01.058474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:58:17.061058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 07:58:49.067291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:01:01.177871 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 08:01:01.178139 0.168792 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:01.347390 0.058933 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:01.406740 0.168222 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:01.575327 0.181041 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:01.756792 0.132272 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:01.889464 0.174492 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:02.064359 0.178771 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:02.243535 0.168202 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:02.412157 0.154647 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:02.567199 0.348730 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:02.916309 0.084321 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:03.001025 0.142538 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:03.143919 0.034761 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:03.179019 0.144096 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:03.323466 0.060256 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:03.384122 0.198606 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:03.583181 0.051713 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:03.635290 0.134874 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:03.770574 0.179708 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:03.950681 0.148159 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:04.099232 0.164840 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:04.264477 0.180374 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:04.445253 0.169876 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:04.615493 0.315373 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:04.931264 0.171169 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:01:05.102868 0.085994 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:02:11.980180 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 08:02:11.980285 1.112726 tcp 10.0.2.109 58390 -> 70.113.215.93 3558 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/20 08:04:53.073595 3.001411 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 08:05:00.080631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:05:08.082310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:05:24.085022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:05:56.091525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:12:00.097811 3.001559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 08:12:07.104619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:12:15.106521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:12:31.109258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:13:03.115182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:19:07.121969 3.001255 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 08:19:14.128813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:19:22.130618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:19:38.133383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:20:10.139725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:26:14.146603 3.000064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 08:26:21.153107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:26:29.154626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:26:45.157089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:27:17.163543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:31:07.985573 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 08:31:07.985674 0.137817 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:08.123923 0.054757 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:08.179093 0.196032 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:08.375477 0.209925 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:08.585830 0.140780 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:08.727032 0.198274 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:08.925714 0.153022 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:09.079133 0.175150 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:09.254744 0.177332 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:09.432489 0.383748 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:09.816624 0.086739 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:09.903765 0.145526 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:10.049714 0.038146 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:10.088321 0.136908 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:10.225586 0.058839 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:10.337527 0.212588 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:10.550530 0.052892 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:10.603838 0.134866 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:10.739067 0.165173 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:10.904640 0.077850 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:10.982894 0.187503 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:11.170797 0.158615 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:11.329821 0.144223 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:11.474518 0.081098 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:11.555959 0.351700 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:31:11.908073 0.189609 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/20 08:32:13.099130 0.000190 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 08:32:13.099415 1.164701 tcp 10.0.2.109 58391 -> 70.113.215.93 3558 FSPA* 0 0 14 1731 flow=From-Botnet-V1-TCP-Established 1970/01/20 08:33:21.169376 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 08:33:28.176688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:33:36.177878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:33:52.181532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:34:24.187738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:40:28.194231 3.000780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 08:40:35.200895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:40:43.201977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:40:59.205176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:41:31.441543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:47:35.447898 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 08:47:42.454867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:47:50.456264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:48:06.459874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:48:38.465636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:54:42.472198 3.001263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 08:54:49.478722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:54:57.480118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:55:13.483890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 08:55:45.489488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:01:28.803226 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 09:01:28.803379 0.188801 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:28.992634 0.188341 udp 10.0.2.109 3683 <-> 108.245.201.41 9676 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:29.181369 0.134949 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:29.316712 0.144141 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:29.461286 0.055240 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:29.516979 0.175600 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:29.693023 0.150640 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:29.844118 0.174880 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:30.019431 0.174478 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:30.194336 0.403507 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:30.598260 0.091931 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:30.690584 0.140607 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:30.831605 0.037076 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:30.869053 0.130893 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:31.000282 0.060423 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:31.061085 0.195892 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:31.257327 0.052552 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:31.310305 0.134938 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:31.445675 0.190492 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:31.636515 0.159985 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:31.796915 0.147708 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:31.944974 0.084082 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:32.029438 0.162557 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:32.192415 0.080782 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:32.273618 0.351887 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:32.625904 0.192373 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:01:49.495926 3.000988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 09:01:56.503077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:02:04.504465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:02:14.390413 1.083868 tcp 10.0.2.109 58392 -> 70.113.215.93 3558 FSPA* 0 0 14 1621 flow=From-Botnet-V1-TCP-Established 1970/01/20 09:02:20.507710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:02:52.513194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:08:56.520051 3.000882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 09:09:03.526871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:09:11.618723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:09:27.621769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:09:59.627759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:16:03.634416 3.000851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 09:16:10.640770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:16:18.662588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:16:34.665856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:17:06.671440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:23:10.677762 3.031136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 09:23:17.714932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:23:25.716682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:23:41.719607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:24:13.725326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:30:17.732315 3.001219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 09:30:24.739331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:30:32.740337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:30:48.743202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:31:20.749486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:31:34.489667 0.934134 arp 10.0.2.109 who 10.0.2.2 CON 4 168 flow=Background-ARP 1970/01/20 09:31:35.423389 0.195040 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:35.618871 0.119847 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:35.739116 0.052911 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:35.792401 0.186176 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:35.979010 0.154765 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:36.134204 0.173245 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:36.307883 0.000000 udp 10.0.2.109 3683 -> 108.245.201.41 9676 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 09:31:52.547376 0.049960 tcp 10.0.2.109 58393 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 09:31:52.597719 0.049649 tcp 10.0.2.109 58394 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 09:31:52.647677 0.133887 tcp 10.0.2.109 58395 -> 195.113.214.211 443 SRPA* 0 0 39 26909 flow=From-Botnet-V1-TCP-Established 1970/01/20 09:31:52.782265 0.135535 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:52.918248 0.175990 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:53.094658 0.355038 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:53.450102 0.090613 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:53.541085 0.143283 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:53.684799 0.045434 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:53.730634 0.144623 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:53.875660 0.065359 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:53.941433 0.212362 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:54.154223 0.056339 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:54.210961 0.141479 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:54.587227 0.205147 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:54.792784 0.187280 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:54.980484 0.145742 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:55.126638 0.293544 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:55.420616 0.464962 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:55.886002 0.178896 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:56.065309 0.080640 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:31:56.146395 0.169723 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/20 09:32:15.969006 1.068927 tcp 10.0.2.109 58396 -> 70.113.215.93 3558 FSPA* 0 0 14 1674 flow=From-Botnet-V1-TCP-Established 1970/01/20 09:37:25.216415 3.001811 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 09:37:32.223552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:37:40.225165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:37:56.227932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:38:28.233941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:44:32.241003 3.000881 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 09:44:39.247567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:44:47.249067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:45:03.252018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:45:35.258157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:51:39.263834 3.001715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 09:51:46.341857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:51:54.343383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:52:10.345792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:52:42.351939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:58:58.365540 3.001578 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 09:59:05.373025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:59:13.374687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 09:59:29.377048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:00:01.383565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:02:14.515034 0.000162 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 10:02:14.515303 0.000000 udp 10.0.2.109 3683 -> 108.245.201.41 9676 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 10:02:17.068576 1.458801 tcp 10.0.2.109 58397 -> 70.113.215.93 3558 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/01/20 10:02:30.570030 0.052165 tcp 10.0.2.109 58398 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 10:02:30.622466 0.049813 tcp 10.0.2.109 58399 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 10:02:30.672587 0.160626 tcp 10.0.2.109 58400 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/20 10:02:30.833754 0.055077 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:30.889297 0.197935 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:31.087649 0.158445 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:31.246536 0.172425 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:31.419837 0.119178 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:31.539432 0.191143 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:31.730981 0.401489 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:32.132962 0.137993 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:32.271305 0.175215 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:32.446958 0.097195 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:32.544547 0.145267 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:32.690179 0.040694 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:32.731317 0.136543 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:32.868362 0.060302 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:32.929009 0.216093 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:33.145510 0.052320 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:33.198416 0.127764 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:33.326529 0.205273 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:33.532198 0.166483 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:33.699105 0.143686 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:33.843219 0.172874 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:34.016420 0.078044 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:34.094886 0.217147 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:34.312474 0.377660 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:02:34.690587 0.184009 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:06:05.389916 3.001061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 10:06:12.396510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:06:20.398878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:06:36.401130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:07:08.407508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:13:12.414790 3.000781 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 10:13:19.421486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:13:27.422065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:13:43.425019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:14:15.431597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:20:19.438231 3.000891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 10:20:26.445118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:20:34.446293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:20:50.449372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:21:22.805632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:27:26.812310 3.001092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 10:27:33.899624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:27:41.900876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:27:57.903720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:28:30.440310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:32:18.979596 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 10:32:18.979828 1.147003 tcp 10.0.2.109 58401 -> 70.113.215.93 3558 FSPA* 0 0 14 1547 flow=From-Botnet-V1-TCP-Established 1970/01/20 10:32:40.380127 0.051649 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:40.432131 0.181252 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:40.613795 0.121908 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:40.736040 0.196584 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:40.933068 0.355625 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:41.289034 0.228271 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:41.517702 0.159581 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:41.677674 0.139673 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:41.817744 0.176854 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:42.016577 0.091563 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:42.108552 0.143151 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:42.252100 0.036832 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:42.289330 0.137817 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:42.427487 0.061735 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:42.489571 0.219499 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:42.709431 0.051518 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:42.761278 0.134961 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:42.896575 0.147875 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:43.045261 0.378290 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:43.423956 0.081658 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:43.506002 0.190525 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:43.696930 0.207813 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:43.905157 0.158338 rtcp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:44.063915 0.364064 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:32:44.428327 0.195158 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/20 10:34:34.446913 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 10:34:41.453867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:34:49.455466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:35:05.458938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:35:37.464856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:41:41.471170 3.001088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 10:41:48.477806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:41:56.479456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:42:12.482337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:42:44.488794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:48:48.494010 3.002379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 10:48:55.501662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:49:03.503562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:49:19.506577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:49:51.512336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:55:55.518398 3.001486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 10:56:02.525874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:56:10.527627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:56:26.530260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 10:56:58.536721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:02:20.129316 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 11:02:20.129423 1.174941 tcp 10.0.2.109 58402 -> 70.113.215.93 3558 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/01/20 11:02:58.073587 0.118248 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:58.192244 0.172444 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:58.365099 0.054590 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:58.420099 0.174525 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:58.595063 0.157126 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:58.752595 0.138817 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:58.891954 0.329753 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:59.222133 0.204913 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:59.427479 0.177881 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:59.605759 0.085996 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:59.692162 0.143514 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:59.836095 0.036445 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:02:59.873546 0.135974 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:00.009929 0.057329 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:00.067562 0.221634 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:00.289620 0.052754 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:00.342799 0.143090 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:00.486452 0.079918 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:00.566771 0.194962 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:00.762288 0.195905 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:00.958616 0.149402 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:01.108412 0.335056 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:01.443943 0.186321 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:01.630682 0.169272 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:01.800293 0.319322 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:03:02.542620 3.001206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 11:03:05.494261 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 11:03:09.549826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:03:17.551495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:03:33.554439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:04:05.560385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:10:09.567503 3.000505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 11:10:16.574093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:10:24.575598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:10:40.578671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:11:12.584231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:17:16.591417 3.001025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 11:17:23.598344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:17:31.599502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:17:47.602286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:18:19.908727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:24:23.914645 3.001545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 11:24:30.922391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:24:38.923871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:24:54.926836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:25:26.932480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:31:30.938260 3.002500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 11:31:37.945912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:31:45.947640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:32:01.950651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:32:21.449651 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 11:32:21.449955 1.120930 tcp 10.0.2.109 58403 -> 70.113.215.93 3558 FSPA* 0 0 14 1693 flow=From-Botnet-V1-TCP-Established 1970/01/20 11:32:33.956983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:33:16.448078 0.048780 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:16.497276 0.175322 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:16.672991 0.155358 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:16.828789 0.136276 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:16.965500 0.119394 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:17.103183 0.197409 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:17.300939 0.355997 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:17.657439 0.182126 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:17.840004 0.000000 udp 10.0.2.109 3683 -> 99.181.8.171 9687 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 11:33:21.134466 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 11:33:35.377102 0.061066 tcp 10.0.2.109 58404 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 11:33:35.438497 0.054908 tcp 10.0.2.109 58405 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 11:33:35.493762 0.132031 tcp 10.0.2.109 58406 -> 195.113.214.211 443 SRPA* 0 0 53 34577 flow=From-Botnet-V1-TCP-Established 1970/01/20 11:33:35.625981 0.079335 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:35.705702 0.144888 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:35.850951 0.036839 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:35.888192 0.136472 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:36.025096 0.060733 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:36.086199 0.214414 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:36.301050 0.051169 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:36.352582 0.138676 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:36.491654 0.075909 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:36.567952 0.217569 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:36.785927 0.193087 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:36.979384 0.197453 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:37.177202 0.157369 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:37.334929 0.147355 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:37.482631 0.100396 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:33:37.583373 0.454348 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/20 11:38:37.962751 3.001359 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 11:38:44.970041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:38:52.971592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:39:08.974697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:39:40.980774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:45:44.986984 3.001607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 11:45:51.993946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:45:59.995977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:46:15.998461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:46:48.165191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:52:52.170563 3.001866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 11:52:59.178413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:53:07.180091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:53:23.182743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:53:55.188564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 11:59:59.195578 3.000639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 12:00:06.202023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:00:14.203980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:00:30.206780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:01:02.213131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:02:22.649023 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 12:02:22.649138 1.205058 tcp 10.0.2.109 58407 -> 70.113.215.93 3558 FSPA* 0 0 15 1766 flow=From-Botnet-V1-TCP-Established 1970/01/20 12:04:07.179446 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 12:04:07.179536 0.178288 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:07.358247 0.175168 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:07.533822 0.154171 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:07.688390 0.137922 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:07.826755 0.050621 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:07.877717 0.204282 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:08.082490 0.116503 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:08.199365 0.186166 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:08.385885 0.376351 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:08.762645 0.090473 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:08.853471 0.144199 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:08.998063 0.034670 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:09.033216 0.136130 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:09.170143 0.061153 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:09.232402 0.225403 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:09.458278 0.051687 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:09.510534 0.135066 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:09.645965 0.082600 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:09.728957 0.236097 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:09.965454 0.190783 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:10.156655 0.147594 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:10.304670 0.346522 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:10.651573 0.393114 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:11.045086 0.195327 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:04:11.240848 0.157554 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:07:06.218914 3.001786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 12:07:13.226091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:07:21.227667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:07:37.231159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:08:09.236915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:14:13.242992 3.041397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 12:14:20.290007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:14:28.292023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:14:44.294585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:15:16.300708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:21:20.307616 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 12:21:27.314403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:21:35.315700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:21:51.319235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:22:23.324818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:28:27.331003 3.001376 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 12:28:34.338199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:28:42.339581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:28:58.342908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:29:30.349020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:32:23.858286 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 12:32:23.858477 1.114804 tcp 10.0.2.109 58408 -> 70.113.215.93 3558 FSPA* 0 0 14 1552 flow=From-Botnet-V1-TCP-Established 1970/01/20 12:34:28.597588 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 12:34:28.597845 0.156972 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:28.755249 0.138034 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:28.893660 0.049603 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:28.943722 0.184527 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:29.128659 0.174358 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:29.303424 0.211907 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:29.515738 0.120133 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:29.636319 0.160794 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:29.797506 0.349073 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:30.146922 0.092891 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:30.240295 0.140963 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:30.381686 0.036038 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:30.418060 0.139128 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:30.557547 0.059611 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:30.617560 0.198770 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:30.816742 0.051410 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:30.868522 0.135764 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:31.004702 0.077522 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:31.082558 0.188725 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:31.271659 0.163869 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:31.435949 0.177840 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:31.614356 0.144325 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:31.759042 0.165691 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:31.925166 0.359326 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:34:32.284899 0.160609 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/20 12:35:34.355147 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 12:35:41.361867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:35:49.363674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:36:05.366686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:36:37.372797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:42:41.379159 3.000942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 12:42:48.386436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:42:56.387743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:43:12.390617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:43:44.396499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:49:48.403355 3.001094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 12:49:55.410586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:50:03.411307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:50:19.414391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:50:51.420935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:56:55.426903 3.001214 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 12:57:02.433844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:57:10.435441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:57:26.438769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 12:57:58.445027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:02:24.978373 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 13:02:24.978486 1.160881 tcp 10.0.2.109 58409 -> 70.113.215.93 3558 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/01/20 13:04:02.451376 3.000675 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 13:04:09.458338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:04:17.459527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:04:33.462545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:04:46.101216 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 13:04:46.101467 0.047143 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:46.149015 0.155705 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:46.305084 0.131295 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:46.436781 0.160459 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:46.597691 0.118861 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:46.716927 0.159098 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:46.876413 0.182663 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:47.059480 0.182507 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:47.242424 0.336651 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:47.579525 0.084446 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:47.664352 0.141700 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:47.806459 0.040246 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:47.847114 0.135619 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:47.983127 0.057840 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:48.041387 0.187375 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:48.229208 0.052375 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:48.281978 0.131481 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:48.413876 0.075796 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:48.490076 0.167580 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:48.658060 0.144142 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:48.802611 0.164114 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:48.967145 0.076996 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:49.044546 0.195910 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:49.240870 0.394234 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:04:49.635506 0.162374 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:05:05.468665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:11:09.474203 3.002199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 13:11:16.481791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:11:24.483174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:11:40.486202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:12:12.492462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:18:16.499170 3.000927 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 13:18:23.506096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:18:31.507686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:18:47.510172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:19:19.516183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:25:23.522311 3.001731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 13:25:30.529864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:25:38.531321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:25:54.534916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:26:26.540494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:32:26.138038 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 13:32:26.138138 1.441075 tcp 10.0.2.109 58410 -> 70.113.215.93 3558 FSPA* 0 0 14 1668 flow=From-Botnet-V1-TCP-Established 1970/01/20 13:32:30.546976 3.000949 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 13:32:37.554238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:32:45.555753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:33:01.558111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:33:35.657663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:35:05.547179 0.000126 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 13:35:05.547412 0.137490 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:05.685346 0.162289 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:05.848019 0.118805 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:05.967183 0.176157 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:06.143790 0.050136 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:06.194360 0.153862 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:06.348633 0.182799 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:06.531841 0.181480 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:06.713754 0.348185 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:07.062601 0.081367 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:07.144386 0.141538 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:07.286347 0.043559 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:07.330321 0.135568 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:07.466334 0.060751 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:07.527494 0.200239 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:07.728182 0.052590 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:07.781157 0.135270 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:07.916767 0.163266 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:08.080471 0.169265 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:08.250674 0.145646 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:08.396761 0.163313 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:08.560475 0.356175 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:08.917052 0.162681 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:09.080162 0.075228 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:35:09.155746 0.202143 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/20 13:39:39.664145 3.001065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 13:39:46.671209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:39:54.672365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:40:10.675660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:40:42.681811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:46:46.687852 3.001036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 13:46:53.695123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:47:01.696088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:47:17.699103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:47:49.705535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:53:53.711925 3.001151 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 13:54:00.719058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:54:08.720381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:54:24.723180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 13:54:56.729262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:01:00.736222 3.000485 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 14:01:07.743178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:01:15.744151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:01:31.747303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:02:03.753135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:02:28.589538 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 14:02:28.589729 1.504244 tcp 10.0.2.109 58411 -> 70.113.215.93 3558 FSPA* 0 0 14 1745 flow=From-Botnet-V1-TCP-Established 1970/01/20 14:05:34.626935 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 14:05:34.627033 0.118204 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:34.745602 0.137431 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:34.883379 0.201287 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:35.085082 0.154391 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:35.239890 0.179103 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:35.419389 0.173452 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:35.593198 0.160512 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:35.754306 0.049249 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:35.803900 0.336632 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:36.140923 0.082566 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:36.223852 0.137133 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:36.361414 0.041478 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:36.403254 0.144314 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:36.547993 0.058476 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:36.606875 0.197844 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:36.805103 0.053663 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:36.859182 0.135059 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:36.994676 0.147922 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:37.143014 0.192460 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:37.335909 0.346891 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:37.683208 0.073754 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:37.757327 0.170391 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:37.928145 0.201591 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:38.130326 0.162096 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:05:38.292867 0.081062 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:08:07.759932 3.000831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 14:08:14.766628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:08:22.767973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:08:38.770940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:09:10.777100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:15:14.783945 3.000856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 14:15:21.791032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:15:29.791937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:15:45.795279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:16:17.801516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:22:21.806519 3.002215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 14:22:28.814913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:22:36.815868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:22:52.819566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:23:24.825217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:29:28.832084 3.001087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 14:29:35.838846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:29:43.840336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:29:59.842883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:30:31.849251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:32:30.099552 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 14:32:30.099684 1.207154 tcp 10.0.2.109 58412 -> 70.113.215.93 3558 FSPA* 0 0 12 1558 flow=From-Botnet-V1-TCP-Established 1970/01/20 14:36:05.759527 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 14:36:05.759633 0.119076 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:05.879142 0.137979 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:06.017527 0.177477 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:06.195439 0.173866 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:06.369668 0.157752 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:06.527812 0.051789 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:06.579957 0.201408 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:06.781714 0.156322 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:06.938496 0.360285 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:07.299105 0.089122 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:07.388607 0.135956 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:07.524954 0.034942 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:07.560296 0.130502 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:07.691191 0.056638 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:07.748242 0.274387 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:08.023426 0.052693 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:08.076539 0.128049 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:08.205027 0.364140 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:08.569570 0.118885 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:08.688870 0.167746 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:08.857024 0.146726 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:09.004161 0.161835 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:09.166410 0.075091 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:09.241909 0.205064 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:09.447746 0.175040 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/20 14:36:35.855603 3.001621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 14:36:42.862729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:36:50.864028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:37:06.867417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:37:38.873449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:43:42.878807 3.001836 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 14:43:49.886583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:43:57.887789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:44:13.891288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:44:45.896923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:50:49.903899 3.000726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 14:50:56.910339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:51:04.911739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:51:20.914821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:51:52.921350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:57:56.927599 3.001060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 14:58:03.934672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:58:11.935993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:58:27.938995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 14:58:59.945235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:02:31.309627 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 15:02:31.309828 1.116844 tcp 10.0.2.109 58413 -> 70.113.215.93 3558 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/01/20 15:05:03.951450 3.001598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 15:05:10.958418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:05:18.959801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:05:34.962813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:06:06.968853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:06:37.152751 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 15:06:37.152863 0.119635 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:38.746704 0.136153 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:38.883261 0.160205 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:39.043839 0.048053 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:39.092264 0.213294 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:39.305969 0.154097 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:39.460424 0.178540 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:39.639362 0.175432 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:39.927178 0.352113 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:40.279634 0.088596 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:40.368623 0.139275 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:40.508322 0.034717 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:40.543495 0.136964 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:40.680856 0.059706 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:40.740966 0.181162 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:40.922502 0.051455 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:40.974560 0.135502 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:41.110421 0.310536 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:41.421337 0.075629 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:41.497393 0.170295 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:41.668130 0.147111 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:41.815648 0.204178 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:42.020273 0.160650 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:42.181332 0.157852 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:06:42.339549 0.078257 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:12:10.975254 3.001728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 15:12:17.982555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:12:25.983661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:12:41.986985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:13:13.992891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:19:17.999471 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 15:19:25.006063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:19:33.007902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:19:49.011136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:20:21.016618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:26:25.023050 3.001745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 15:26:32.030298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:26:40.031989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:26:56.034903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:27:28.040927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:32:32.428857 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 15:32:32.429142 1.185917 tcp 10.0.2.109 58414 -> 70.113.215.93 3558 FSPA* 0 0 14 1553 flow=From-Botnet-V1-TCP-Established 1970/01/20 15:33:32.049487 2.998989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 15:33:39.054786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:33:47.055553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:34:03.059146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:34:35.064922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:36:54.746359 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 15:36:54.746493 0.118545 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:54.865466 0.138327 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:55.004193 0.201616 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:55.206461 0.150197 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:55.357037 0.172570 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:55.530009 0.179377 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:55.709745 0.160936 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:55.871070 0.048633 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:55.920027 0.346734 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:56.267176 0.089471 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:56.357035 0.140798 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:56.498277 0.035794 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:56.534429 0.137502 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:56.672352 0.057964 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:56.730717 0.733509 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:57.464627 0.053331 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:57.518407 0.128041 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:57.646796 0.334994 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:57.982204 0.261632 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:58.244254 0.169099 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:58.413771 0.145965 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:58.560124 0.182674 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:58.743166 0.076925 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:58.820454 0.199087 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:36:59.019932 0.161839 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/20 15:40:39.071389 3.001087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 15:40:46.078051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:40:54.079864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:41:10.083430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:41:42.089308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:47:46.095916 3.000243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 15:47:53.102187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:48:01.104158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:48:17.107225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:48:49.112760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:54:53.118479 3.002212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 15:55:00.126403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:55:08.127962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:55:24.130426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 15:55:56.136456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:02:00.143637 3.010963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 16:02:07.160600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:02:15.162019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:02:31.165012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:02:33.618825 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 16:02:33.618942 1.109154 tcp 10.0.2.109 58415 -> 70.113.215.93 3558 FSPA* 0 0 12 1474 flow=From-Botnet-V1-TCP-Established 1970/01/20 16:03:03.170550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:07:10.015767 0.000148 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 16:07:10.016016 0.118589 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:10.135018 0.136069 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:10.271503 0.177875 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:10.449702 0.178041 rtcp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:10.628196 0.158427 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:10.787029 0.050296 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:10.837762 0.164259 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:11.002485 0.154953 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:11.157903 0.331650 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:11.489934 0.082660 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:11.573000 0.142632 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:11.716034 0.039209 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:11.755684 0.143575 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:11.899664 0.053749 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:11.953794 0.142630 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:12.096808 0.318635 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:12.415857 0.187015 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:12.603268 0.052348 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:12.656024 0.225390 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:12.881836 0.168462 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:13.050730 0.146756 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:13.197909 0.157144 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:13.355541 0.074834 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:13.430794 0.213837 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:07:13.645036 0.161190 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:09:07.177132 3.000945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 16:09:14.184103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:09:22.185615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:09:38.188375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:10:10.194864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:16:14.200893 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 16:16:21.207920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:16:29.209450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:16:45.212985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:17:17.218734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:23:21.225068 3.001398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 16:23:28.232266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:23:36.233419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:23:52.236620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:24:24.242966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:30:28.248943 3.001059 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 16:30:35.255981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:30:43.257921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:30:59.260492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:31:31.637043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:32:34.898309 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 16:32:34.898425 1.126608 tcp 10.0.2.109 58416 -> 70.113.215.93 3558 FSPA* 0 0 14 1608 flow=From-Botnet-V1-TCP-Established 1970/01/20 16:37:18.456387 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 16:37:18.456486 0.177510 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:18.634404 0.196647 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:18.831474 0.159477 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:18.991356 0.047428 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:19.039135 0.163128 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:19.202621 0.120312 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:19.323295 0.140158 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:19.463854 0.155673 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:19.619974 0.336339 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:19.956763 0.090381 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:20.047604 0.141135 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:20.189141 0.035151 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:20.224697 0.143782 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:20.368952 0.061655 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:20.430952 0.672215 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:21.103620 0.051451 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:21.155531 0.221592 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:21.377519 0.142256 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:21.520145 0.364805 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:21.885293 0.170952 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:22.056677 0.146467 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:22.203545 0.168242 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:22.372186 0.074887 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:22.447478 0.197536 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:22.645375 0.161369 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/20 16:37:35.643255 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 16:37:42.651026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:37:50.652068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:38:06.655576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:38:38.661150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:44:42.667746 3.001279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 16:44:49.674389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:44:57.676313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:45:13.679193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:45:45.685277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:51:49.691251 3.001195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 16:51:56.698502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:52:04.699924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:52:20.703154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:52:52.989505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:58:56.995653 3.001566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 16:59:04.002816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:59:12.004605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 16:59:28.007407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:00:00.013242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:02:36.158354 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 17:02:36.158475 1.123527 tcp 10.0.2.109 58417 -> 70.113.215.93 3558 FSPA* 0 0 15 1698 flow=From-Botnet-V1-TCP-Established 1970/01/20 17:06:04.020279 3.001147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 17:06:11.026840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:06:19.028110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:06:35.031624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:07:07.037903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:07:42.208505 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 17:07:42.208630 0.161794 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:42.370810 0.172940 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:42.544136 0.189245 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:42.733715 0.052608 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:42.786745 0.194757 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:42.981921 0.118890 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:43.101238 0.147400 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:43.249088 0.156747 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:43.406262 0.342192 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:43.748900 0.084487 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:43.834396 0.152537 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:43.987339 0.038200 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:44.025966 0.133100 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:44.159474 0.058916 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:44.218751 0.186202 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:44.405376 0.142010 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:44.548669 0.351445 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:44.900508 0.186299 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:45.087218 0.051406 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:45.139082 0.169450 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:45.308925 0.146191 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:45.455555 0.171967 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:45.627861 0.076661 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:45.704927 0.198249 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:07:45.903615 0.160796 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:13:11.044043 3.000953 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 17:13:18.051000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:13:26.052229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:13:42.055264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:14:14.061529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:20:18.068009 3.001201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 17:20:25.074910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:20:33.076448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:20:49.079632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:21:21.085536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:27:25.091716 3.091433 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 17:27:32.188904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:27:40.190738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:27:56.193681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:28:28.199560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:32:37.318041 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 17:32:37.318186 1.308669 tcp 10.0.2.109 58418 -> 70.113.215.93 3558 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/01/20 17:34:32.205938 3.011457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 17:34:39.223086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:34:47.224628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:35:03.227006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:35:35.233280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:38:08.043173 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 17:38:08.043309 0.181368 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:08.225076 0.050273 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:08.275764 0.159433 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:08.435599 0.159087 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:08.595072 0.175928 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:08.771403 0.120551 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:08.963274 0.136229 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:09.099845 0.152611 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:09.252874 0.363192 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:09.616470 0.094187 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:09.711062 0.154976 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:09.866461 0.036208 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:09.903087 0.144192 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:10.047703 0.058079 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:10.106225 0.080170 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:10.186736 0.143346 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:10.330518 0.381312 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:10.712239 0.168880 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:10.881521 0.152019 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:11.033958 0.164907 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:11.199300 0.075673 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:11.275380 0.197453 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:11.473257 0.190235 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:11.663907 0.053373 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:38:11.717699 0.164014 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/20 17:41:39.240141 3.001015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 17:41:46.246930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:41:54.248015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:42:10.251590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:42:42.257427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:48:46.263548 3.001326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 17:48:53.270897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:49:01.272319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:49:17.275573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:49:49.281271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:55:53.286870 3.002292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 17:56:00.294879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:56:08.296170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:56:24.299089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 17:56:56.305236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:02:38.628170 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 18:02:38.628285 1.098025 tcp 10.0.2.109 58419 -> 70.113.215.93 3558 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/01/20 18:03:00.311311 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 18:03:07.319005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:03:15.320559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:03:31.323488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:04:03.329516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:08:31.114758 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 18:08:31.114868 0.158133 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:31.273409 0.160858 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:31.434670 0.171950 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:31.607027 0.119178 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:31.726605 0.175263 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:31.902457 0.048361 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:31.951224 0.136607 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:32.088278 0.154612 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:32.243229 0.358680 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:32.602348 0.092036 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:32.695282 0.140823 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:32.836546 0.037110 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:32.874203 0.139772 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:33.014430 0.128034 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:33.142845 0.324908 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:33.468155 0.167156 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:33.635716 0.148915 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:33.785084 0.056576 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:33.842053 0.075760 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:33.918418 0.165531 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:34.084353 0.077460 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:34.162242 0.205319 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:34.367976 0.189145 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:34.557545 0.051629 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:08:34.609581 0.161151 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:10:07.335882 3.001215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 18:10:14.342323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:10:22.343946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:10:38.347384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:11:10.353004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:17:14.359516 3.001014 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 18:17:21.367043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:17:29.367795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:17:45.370795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:18:17.377531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:24:21.383555 3.001567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 18:24:28.390274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:24:36.391966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:24:52.395177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:25:24.401346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:31:28.407594 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 18:31:35.415183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:31:43.416603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:31:59.419778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:32:31.635076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:32:39.817374 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 18:32:39.817461 1.509122 tcp 10.0.2.109 58420 -> 70.113.215.93 3558 FSPA* 0 0 14 1556 flow=From-Botnet-V1-TCP-Established 1970/01/20 18:38:35.792500 3.000886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 18:38:38.202628 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 18:38:38.202727 0.177954 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:38.381083 0.119694 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:38.501190 0.191514 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:38.693148 0.050677 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:38.744260 0.159320 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:38.903915 0.159873 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:39.064176 0.134337 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:39.198865 0.156842 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:39.356055 0.381056 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:39.737532 0.088015 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:39.825961 0.141900 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:39.968206 0.034768 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:40.003358 0.138547 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:40.142323 0.167869 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:40.310615 0.144697 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:40.455720 0.056341 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:40.512440 0.307993 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:40.820811 0.134892 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:40.956083 0.352391 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:41.308835 0.173199 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:41.482412 0.081075 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:41.563858 0.202930 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:41.767226 0.199549 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:41.967184 0.051592 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:42.019171 0.161509 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/20 18:38:42.799299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:38:50.800683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:39:06.803800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:39:38.809650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:45:42.816101 3.001353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 18:45:49.822830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:45:57.824669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:46:13.827392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:46:45.833343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:52:49.839545 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 18:52:56.847059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:53:04.848187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:53:20.851584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:53:52.857757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 18:59:56.864233 3.001127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 19:00:03.870891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:00:11.872760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:00:27.875171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:00:59.881670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:02:41.327908 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 19:02:41.328008 1.047937 tcp 10.0.2.109 58421 -> 70.113.215.93 3558 FSPA* 0 0 14 1637 flow=From-Botnet-V1-TCP-Established 1970/01/20 19:07:03.889285 3.000059 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 19:07:10.895042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:07:18.896072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:07:34.899512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:08:06.905536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:09:02.666401 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 19:09:02.666507 0.174796 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:02.841764 0.049705 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:02.891937 0.158294 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:03.050755 0.175424 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:03.226631 0.118438 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:03.345492 0.160331 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:03.506258 0.139325 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:03.646010 0.156182 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:03.802586 0.371668 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:04.174674 0.085105 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:04.260189 0.141512 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:04.402113 0.036072 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:04.438647 0.137140 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:04.576437 0.168095 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:04.752024 0.147783 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:04.900207 0.057605 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:04.958265 0.075382 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:05.034209 0.159878 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:05.194521 0.075467 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:05.270435 0.200503 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:05.471288 0.128341 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:05.600026 0.348497 rtcp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:05.948909 0.160241 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:06.109584 0.185508 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:09:06.310875 0.051184 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:14:10.911527 3.001442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 19:14:17.919003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:14:25.920355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:14:41.923309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:15:13.930501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:21:17.935272 3.002015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 19:21:24.942997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:21:32.944326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:21:48.947224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:22:20.953132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:28:24.959467 3.001899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 19:28:31.966908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:28:39.968649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:28:55.971181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:29:27.977258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:32:42.377406 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 19:32:42.377516 1.172384 tcp 10.0.2.109 58422 -> 70.113.215.93 3558 FSPA* 0 0 14 1665 flow=From-Botnet-V1-TCP-Established 1970/01/20 19:35:31.983923 3.001200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 19:35:38.991039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:35:46.992036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:36:02.995253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:36:35.001745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:39:12.978591 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 19:39:12.978695 0.174899 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:13.153965 0.048851 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:13.203244 0.118701 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:13.322312 0.175592 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:13.498350 0.138002 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:13.636757 0.158251 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:13.795414 0.190991 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:13.986819 0.171806 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:14.159042 0.350618 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:14.510048 0.085127 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:14.595595 0.141362 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:14.737384 0.055761 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:14.793482 0.135855 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:14.929759 0.169289 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:15.099439 0.146528 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:15.246562 0.061747 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:15.308717 0.077580 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:15.386640 0.161878 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:15.548916 0.077133 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:15.626415 0.192635 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:15.819429 0.134769 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:15.954681 0.570454 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:16.525499 0.052819 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:16.578733 0.397071 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:39:16.976150 0.160726 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/20 19:42:39.008106 3.000535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 19:42:46.015032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:42:54.016328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:43:10.019209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:43:42.025501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:49:46.031343 3.001813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 19:49:53.038512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:50:01.040522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:50:17.043083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:50:49.049355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:56:53.055253 3.001836 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 19:57:00.062608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:57:08.063961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:57:24.067232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 19:57:56.073258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:02:43.556826 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 20:02:43.556928 0.982715 tcp 10.0.2.109 58423 -> 70.113.215.93 3558 FSPA* 0 0 14 1561 flow=From-Botnet-V1-TCP-Established 1970/01/20 20:04:00.079372 3.001798 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 20:04:07.086722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:04:15.087862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:04:31.090885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:05:03.097354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:09:33.586403 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 20:09:33.586507 0.119372 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:33.706388 0.161295 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:33.868025 0.134256 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:34.002676 0.152099 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:34.155138 0.180131 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:34.335659 0.051825 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:34.387897 0.159797 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:34.548095 0.171085 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:34.719562 0.365834 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:35.085751 0.093858 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:35.180010 0.141273 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:35.331470 0.034701 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:35.366625 0.143713 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:35.510787 0.168160 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:35.679362 0.147488 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:35.827245 0.058667 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:35.886453 0.199906 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:36.087288 0.160937 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:36.248607 0.083041 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:36.332042 0.166911 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:36.499357 0.052348 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:36.552118 0.127949 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:36.680466 0.187522 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:36.868388 0.362620 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:09:37.231492 0.162342 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:11:07.103525 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 20:11:14.110782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:11:22.111847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:11:38.115206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:12:10.120822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:18:14.127585 3.001305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 20:18:21.134866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:18:29.135790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:18:45.138933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:19:17.145213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:25:21.150497 3.002373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 20:25:28.158496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:25:36.159859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:25:52.163143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:26:24.169460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:32:28.175097 3.001300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 20:32:35.182173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:32:43.183789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:32:44.546534 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 20:32:44.546717 1.166150 tcp 10.0.2.109 58424 -> 70.113.215.93 3558 FSPA* 0 0 14 1670 flow=From-Botnet-V1-TCP-Established 1970/01/20 20:32:59.186690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:33:31.193181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:39:35.199200 3.001574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 20:39:42.206626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:39:48.385846 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 20:39:48.386113 0.119734 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:48.506612 0.160666 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:48.667671 0.175031 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:48.843110 0.055407 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:48.898910 0.159476 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:49.058783 0.175924 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:49.235127 0.138307 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:49.373807 0.157115 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:49.531315 0.369643 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:49.901383 0.086280 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:49.988065 0.145849 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:50.143343 0.034091 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:50.178098 0.146428 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:50.208089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:39:50.324965 0.168870 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:50.494271 0.147625 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:50.642313 0.061404 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:50.704163 0.327560 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:51.032148 0.155982 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:51.188543 0.091965 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:51.280913 0.172951 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:51.454313 0.052489 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:51.507673 0.135151 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:51.643206 0.191952 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:51.835596 0.355335 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:39:52.191344 0.161718 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/20 20:40:06.210823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:40:38.216673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:46:42.223936 3.000398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 20:46:49.230615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:46:57.231729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:47:13.234583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:47:45.240686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:53:49.247655 3.000991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 20:53:56.254050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:54:04.255772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:54:20.258609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 20:54:52.264871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:00:56.271208 3.001220 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 21:01:03.278032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:01:11.279635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:01:27.282797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:01:59.289095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:02:45.715863 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 21:02:45.716048 0.976486 tcp 10.0.2.109 58425 -> 70.113.215.93 3558 FSPA* 0 0 14 1550 flow=From-Botnet-V1-TCP-Established 1970/01/20 21:08:03.295172 3.001066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 21:08:10.302305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:08:18.303789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:08:34.307179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:09:06.312955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:10:02.123476 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 21:10:02.123580 0.172439 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:02.296394 0.051065 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:02.347879 0.117317 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:02.465580 0.159155 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:02.625170 0.159761 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:02.785310 0.178419 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:02.964136 0.138344 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:03.102832 0.157375 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:03.260710 0.366500 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:03.627602 0.094036 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:03.721988 0.145017 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:03.867361 0.035391 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:03.903170 0.143507 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:04.047085 0.170505 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:04.217972 0.147820 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:04.366323 0.060388 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:04.427032 0.317307 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:04.744722 0.186537 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:04.931590 0.080223 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:05.012216 0.164860 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:05.177520 0.052359 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:05.230346 0.134921 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:05.365622 0.182708 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:05.548752 0.316603 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:10:05.865751 0.161207 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:15:10.319697 3.000654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 21:15:17.326076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:15:25.328034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:15:41.330706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:16:13.337149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:22:17.343047 3.001608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 21:22:24.349976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:22:32.351782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:22:48.354769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:23:20.360762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:29:24.367708 3.000512 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 21:29:31.374026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:29:39.375462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:29:55.378832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:30:27.384994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:32:46.695631 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 21:32:46.695730 1.195316 tcp 10.0.2.109 58426 -> 70.113.215.93 3558 FSPA* 0 0 14 1553 flow=From-Botnet-V1-TCP-Established 1970/01/20 21:36:31.391335 3.000806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 21:36:38.397952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:36:46.400048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:37:02.403703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:37:34.408635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:40:31.223221 0.000270 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 21:40:31.223581 0.158338 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:31.382386 0.159025 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:31.541871 0.158294 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:31.700577 0.178318 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:31.879302 0.057985 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:32.036217 0.176815 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:32.213442 0.136924 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:32.350812 0.155267 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:32.506513 0.334529 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:32.841428 0.089653 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:32.931490 0.145980 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:33.077806 0.034903 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:33.113131 0.143629 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:33.257160 0.169863 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:33.427422 0.148696 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:33.576556 0.063968 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:33.640889 0.077645 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:33.718929 0.171074 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:33.890449 0.052833 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:33.943665 0.127851 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:34.071909 0.188190 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:34.260514 0.333489 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:34.594380 0.161197 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:34.756009 0.083527 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:40:34.839889 0.161976 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/20 21:43:38.415473 3.000583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 21:43:45.422182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:43:53.423578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:44:09.766954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:44:41.772995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:50:45.779967 3.001116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 21:50:52.786365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:51:00.787921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:51:16.791452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:51:48.797505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:57:52.803733 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 21:57:59.810732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:58:07.811746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:58:23.815297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 21:58:55.821487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:02:48.045499 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:02:48.045604 3.003559 tcp 10.0.2.109 58427 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:02:57.047662 0.000000 tcp 10.0.2.109 58427 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:03:03.048972 0.052559 tcp 10.0.2.109 58428 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:03.101834 0.052108 tcp 10.0.2.109 58429 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:03.154276 0.130231 tcp 10.0.2.109 58430 -> 195.113.214.211 443 SRPA* 0 0 57 38248 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:03.395673 3.005982 tcp 10.0.2.109 58431 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:03:12.400017 0.000000 tcp 10.0.2.109 58431 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:03:18.389651 0.053504 tcp 10.0.2.109 58432 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:18.443007 0.053676 tcp 10.0.2.109 58433 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:18.496518 0.264814 tcp 10.0.2.109 58434 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:18.940310 3.003381 tcp 10.0.2.109 58435 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:03:27.952264 0.000000 tcp 10.0.2.109 58435 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:03:33.941740 0.053346 tcp 10.0.2.109 58436 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:33.995377 0.054072 tcp 10.0.2.109 58437 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:34.049764 0.149877 tcp 10.0.2.109 58438 -> 195.113.214.211 443 SRPA* 0 0 44 35674 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:34.244236 3.001285 tcp 10.0.2.109 58439 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:03:43.244184 0.000000 tcp 10.0.2.109 58439 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:03:49.243932 0.053514 tcp 10.0.2.109 58440 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:49.297732 0.052690 tcp 10.0.2.109 58441 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:49.350691 0.160825 tcp 10.0.2.109 58442 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:03:49.542526 2.994819 tcp 10.0.2.109 58443 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:03:58.535976 0.000000 tcp 10.0.2.109 58443 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:04:04.535168 3.004223 tcp 10.0.2.109 58444 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:04:13.537741 0.000000 tcp 10.0.2.109 58444 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:04:19.536899 3.004367 tcp 10.0.2.109 58445 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:04:28.539167 0.000000 tcp 10.0.2.109 58445 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:04:33.436386 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:04:34.538323 3.003928 tcp 10.0.2.109 58446 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:04:43.541084 0.000000 tcp 10.0.2.109 58446 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:04:59.827257 3.001501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 22:05:06.834607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:05:14.835959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:05:30.838712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:06:02.845250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:09:49.541473 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:09:49.541571 2.993864 tcp 10.0.2.109 58447 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:09:58.543880 0.000000 tcp 10.0.2.109 58447 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:10:04.544805 0.170305 tcp 10.0.2.109 58448 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:04.715428 0.059775 tcp 10.0.2.109 58449 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:04.775494 0.356551 tcp 10.0.2.109 58450 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:05.214526 3.003183 tcp 10.0.2.109 58451 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:10:14.216584 0.000000 tcp 10.0.2.109 58451 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:10:20.215652 0.053200 tcp 10.0.2.109 58452 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:20.269137 0.088734 tcp 10.0.2.109 58453 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:20.358310 0.145683 tcp 10.0.2.109 58454 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:20.671853 2.997940 tcp 10.0.2.109 58455 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:10:29.668389 0.000000 tcp 10.0.2.109 58455 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:10:35.667905 0.053009 tcp 10.0.2.109 58456 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:35.721242 0.055759 tcp 10.0.2.109 58457 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:35.777359 0.131726 tcp 10.0.2.109 58458 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:36.013877 2.998099 tcp 10.0.2.109 58459 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:10:45.010877 0.000000 tcp 10.0.2.109 58459 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:10:47.945341 0.176087 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:48.121863 0.180813 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:48.303105 0.158685 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:48.462358 0.161676 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:48.624415 0.051979 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:48.676759 0.173023 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:48.850282 0.136860 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:48.987523 0.155025 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:49.142951 0.365953 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:49.509355 0.082536 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:49.592255 0.146018 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:49.738724 0.035252 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:49.774422 0.142968 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:49.917834 0.169317 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:50.087509 0.146782 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:50.234710 0.061618 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:50.296666 0.315459 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:10:50.612513 0.000000 udp 10.0.2.109 3683 -> 70.113.215.93 3192 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:10:51.009789 0.052676 tcp 10.0.2.109 58460 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:51.062760 0.056700 tcp 10.0.2.109 58461 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:51.119713 0.154375 tcp 10.0.2.109 58462 -> 195.113.214.211 443 SRPA* 0 0 42 23546 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:10:51.400699 2.993638 tcp 10.0.2.109 58463 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:11:00.402722 0.000000 tcp 10.0.2.109 58463 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:11:06.401427 2.994223 tcp 10.0.2.109 58464 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:11:07.914865 0.052836 tcp 10.0.2.109 58465 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:11:07.967979 0.055026 tcp 10.0.2.109 58466 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:11:08.022795 0.152515 tcp 10.0.2.109 58467 -> 195.113.214.211 443 SRPA* 0 0 40 21958 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:11:08.175474 0.000000 udp 10.0.2.109 3683 -> 66.115.90.55 3922 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:11:15.394178 0.000000 tcp 10.0.2.109 58464 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:11:21.403129 2.994185 tcp 10.0.2.109 58468 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:11:24.528489 0.053355 tcp 10.0.2.109 58469 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:11:24.581606 0.054512 tcp 10.0.2.109 58470 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:11:24.636011 0.174599 tcp 10.0.2.109 58471 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:11:24.811187 0.381525 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:11:25.323004 0.173581 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:11:25.496996 0.081549 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:11:25.578942 0.052419 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:11:25.631709 0.127960 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:11:25.760076 0.162056 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:11:30.395668 0.000000 tcp 10.0.2.109 58468 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:11:36.405009 3.003854 tcp 10.0.2.109 58472 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:11:45.407511 0.000000 tcp 10.0.2.109 58472 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:12:06.851276 3.001136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 22:12:13.858576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:12:21.859800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:12:37.863343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:13:09.868729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:16:51.408163 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:16:51.408254 3.003321 tcp 10.0.2.109 58473 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:17:00.410524 0.000000 tcp 10.0.2.109 58473 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:17:06.411011 0.053929 tcp 10.0.2.109 58474 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:06.465218 0.054507 tcp 10.0.2.109 58475 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:06.520084 0.150084 tcp 10.0.2.109 58476 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:06.796106 2.998051 tcp 10.0.2.109 58477 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:17:15.802445 0.000000 tcp 10.0.2.109 58477 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:17:21.792141 0.052596 tcp 10.0.2.109 58478 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:21.845014 0.052641 tcp 10.0.2.109 58479 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:21.897961 0.157207 tcp 10.0.2.109 58480 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:22.165272 3.000495 tcp 10.0.2.109 58481 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:17:31.164886 0.000000 tcp 10.0.2.109 58481 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:17:37.164244 0.055134 tcp 10.0.2.109 58482 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:37.219691 0.053455 tcp 10.0.2.109 58483 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:37.273498 0.146594 tcp 10.0.2.109 58484 -> 195.113.214.211 443 SRPA* 0 0 70 69958 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:37.460225 2.997470 tcp 10.0.2.109 58485 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:17:46.456633 0.000000 tcp 10.0.2.109 58485 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:17:52.456065 0.052864 tcp 10.0.2.109 58486 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:52.509270 0.053850 tcp 10.0.2.109 58487 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:52.563372 0.147908 tcp 10.0.2.109 58488 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:17:52.933131 2.996952 tcp 10.0.2.109 58489 -> 99.233.249.144 8420 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:18:01.929173 0.000000 tcp 10.0.2.109 58489 -> 99.233.249.144 8420 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:18:07.927747 3.003777 tcp 10.0.2.109 58490 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:18:16.930381 0.000000 tcp 10.0.2.109 58490 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:18:22.929010 3.004242 tcp 10.0.2.109 58491 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:18:31.931857 0.000000 tcp 10.0.2.109 58491 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:18:36.939311 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:18:37.930809 2.994245 tcp 10.0.2.109 58492 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:18:46.933291 0.000000 tcp 10.0.2.109 58492 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:19:13.875291 3.001521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 22:19:20.882377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:19:28.883993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:19:44.886627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:20:17.123259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:23:53.044597 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:23:53.044692 3.003040 tcp 10.0.2.109 58493 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:24:02.047098 0.000000 tcp 10.0.2.109 58493 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:24:08.047619 0.054226 tcp 10.0.2.109 58494 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:24:08.101685 0.053248 tcp 10.0.2.109 58495 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:24:08.155127 0.146185 tcp 10.0.2.109 58496 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:24:08.362652 2.997678 tcp 10.0.2.109 58497 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:24:17.358585 0.000000 tcp 10.0.2.109 58497 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:26:21.129819 3.001249 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 22:26:28.136786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:26:36.138340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:26:52.141544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:27:24.147469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:33:28.153064 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 22:33:35.160506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:33:43.162597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:33:59.165062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:34:31.171194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:40:35.177623 3.001425 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 22:40:42.185381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:40:50.186455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:41:06.189354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:41:38.195232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:41:50.823442 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:41:50.823546 0.000000 udp 10.0.2.109 3683 -> 70.113.215.93 3192 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:42:06.658516 0.053008 tcp 10.0.2.109 58498 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:06.711959 0.053169 tcp 10.0.2.109 58499 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:06.765415 0.212589 tcp 10.0.2.109 58500 -> 195.113.214.211 443 SRPA* 0 0 44 26966 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:06.977922 0.195414 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:07.159414 0.165916 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:07.320409 0.185113 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:07.547341 0.186924 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:07.726323 0.165560 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:07.867667 0.166733 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:08.032780 0.071668 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:08.085930 0.139314 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:08.572301 3.000623 tcp 10.0.2.109 58501 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:42:08.582629 0.171646 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:08.727149 0.044943 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:08.780914 0.140811 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:08.916946 0.366441 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:09.295788 0.201299 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:09.831921 0.128308 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:10.210523 4.501191 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 8 2969 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:10.362559 4.516829 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 8 3155 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:10.534239 4.401900 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 8 3179 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:10.857337 4.154922 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 8 3030 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:11.076909 4.376176 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 8 3148 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:11.425051 4.190317 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 8 3056 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:11.824702 3.857102 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 8 2942 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:11.909982 3.824934 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3199 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:12.059104 3.982204 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 8 3105 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:12.291230 3.607681 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 8 3212 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:12.505426 0.206832 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 798 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:12.712677 0.176992 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 824 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:12.890218 0.175531 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:13.066285 0.173787 udp 10.0.2.109 3683 <-> 99.181.8.171 9687 CON 0 0 2 805 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:13.240505 0.140130 udp 10.0.2.109 3683 <-> 65.93.51.243 8004 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:13.381208 0.179432 udp 10.0.2.109 3683 <-> 173.161.86.181 8122 CON 0 0 2 777 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:13.561195 0.122005 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 847 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:13.683695 0.142929 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 688 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:13.827051 0.037337 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 678 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:13.864903 0.133321 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 706 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:13.998758 0.039056 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:14.038379 0.363751 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 825 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:14.402726 0.161480 udp 10.0.2.109 3683 <-> 65.95.29.164 1365 CON 0 0 2 824 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:15.012751 0.091147 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:16.042057 0.000000 udp 10.0.2.109 3683 -> 109.155.245.237 4764 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:42:17.571826 0.000000 tcp 10.0.2.109 58501 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:42:23.571248 0.053519 tcp 10.0.2.109 58502 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:23.624684 0.055243 tcp 10.0.2.109 58503 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:23.680268 0.153147 tcp 10.0.2.109 58504 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:23.977362 2.998112 tcp 10.0.2.109 58505 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:42:24.943116 0.053806 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 777 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:25.073526 0.000000 udp 10.0.2.109 3683 -> 117.200.87.196 5757 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:42:32.914374 0.000000 udp 10.0.2.109 3683 -> 124.82.58.43 4497 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:42:32.983750 0.000000 tcp 10.0.2.109 58505 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:42:38.973285 0.056366 tcp 10.0.2.109 58506 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:39.029997 0.053145 tcp 10.0.2.109 58507 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:39.082992 0.150547 tcp 10.0.2.109 58508 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:39.329386 2.998239 tcp 10.0.2.109 58509 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:42:39.944599 0.000000 udp 10.0.2.109 3683 -> 88.251.174.238 5528 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:42:44.961581 0.000000 udp 10.0.2.109 3683 -> 78.172.166.86 8659 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:42:48.326015 0.000000 tcp 10.0.2.109 58509 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:42:52.141391 0.000000 udp 10.0.2.109 3683 -> 122.163.38.34 5440 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:42:54.325548 0.051371 tcp 10.0.2.109 58510 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:54.377194 0.052468 tcp 10.0.2.109 58511 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:54.429501 0.147960 tcp 10.0.2.109 58512 -> 195.113.214.211 443 SRPA* 0 0 34 15888 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:42:54.624366 3.005293 tcp 10.0.2.109 58513 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:42:58.831598 0.357685 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 733 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:42:59.202984 0.000000 udp 10.0.2.109 3683 -> 131.191.38.85 5603 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:43:03.628403 0.000000 tcp 10.0.2.109 58513 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:43:07.263724 0.000000 udp 10.0.2.109 3683 -> 199.189.242.40 3540 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:43:09.616731 3.004189 tcp 10.0.2.109 58514 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:43:14.734307 0.000000 udp 10.0.2.109 3683 -> 186.6.219.29 2209 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:43:18.619422 0.000000 tcp 10.0.2.109 58514 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:43:19.922003 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:43:24.618201 3.004521 tcp 10.0.2.109 58515 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:43:28.454024 0.000000 udp 10.0.2.109 3683 -> 41.133.247.91 9181 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:43:33.621521 0.000000 tcp 10.0.2.109 58515 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:43:34.342140 0.096261 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 838 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:43:34.504487 0.000000 udp 10.0.2.109 3683 -> 83.110.110.10 1388 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:43:38.547998 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:43:42.533927 0.000000 udp 10.0.2.109 3683 -> 213.131.55.226 6890 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:43:48.562818 0.000000 udp 10.0.2.109 3683 -> 24.98.64.134 4880 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:43:54.381585 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:00.590046 0.000000 udp 10.0.2.109 3683 -> 89.97.18.48 7366 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:06.809101 0.000000 udp 10.0.2.109 3683 -> 95.240.79.187 9628 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:12.897941 0.000000 udp 10.0.2.109 3683 -> 97.113.21.74 3390 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:18.465569 0.000000 udp 10.0.2.109 3683 -> 94.68.245.130 2306 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:23.042068 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:44:24.434218 0.000000 udp 10.0.2.109 3683 -> 85.107.139.204 5845 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:31.955162 0.000000 udp 10.0.2.109 3683 -> 87.24.2.194 6427 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:39.255904 0.000000 udp 10.0.2.109 3683 -> 62.219.143.195 9366 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:44.783429 0.000000 udp 10.0.2.109 3683 -> 78.131.6.92 8776 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:50.782109 0.000000 udp 10.0.2.109 3683 -> 71.166.245.104 7615 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:44:58.493447 0.000000 udp 10.0.2.109 3683 -> 80.116.98.12 3946 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:45:06.444589 0.034894 udp 10.0.2.109 3683 -> 95.90.117.118 9335 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:45:06.479483 0.000000 icmp 95.90.117.118 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 191 flow=Background 1970/01/20 22:45:11.040959 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:45:13.895215 0.000000 udp 10.0.2.109 3683 -> 95.8.169.74 1024 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:45:19.333598 0.000000 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:45:26.543634 0.000000 udp 10.0.2.109 3683 -> 71.180.82.166 6782 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:45:31.991438 0.000000 udp 10.0.2.109 3683 -> 213.177.225.232 1711 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:45:37.890453 0.000000 udp 10.0.2.109 3683 -> 96.250.68.130 8832 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:45:45.921446 0.000000 udp 10.0.2.109 3683 -> 139.194.47.31 5600 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:45:53.993403 0.317540 udp 10.0.2.109 3683 -> 175.208.244.63 8825 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:45:54.310943 0.000000 icmp 175.208.244.63 0x0303 -> 10.0.2.109 0x7922 URP 192 1 222 flow=Background 1970/01/20 22:45:58.549881 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:46:00.672961 0.000000 udp 10.0.2.109 3683 -> 201.144.156.78 8628 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:46:08.123728 0.000000 udp 10.0.2.109 3683 -> 220.255.131.221 3364 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:46:15.354292 0.000000 udp 10.0.2.109 3683 -> 68.15.113.36 2483 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:46:22.754915 0.000000 udp 10.0.2.109 3683 -> 92.156.208.36 1798 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:46:30.705761 0.204681 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 816 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:46:31.529389 0.000000 udp 10.0.2.109 3683 -> 87.0.37.84 2030 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:46:38.787640 0.047421 udp 10.0.2.109 3683 <-> 87.167.230.89 8279 CON 0 0 2 819 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:46:39.024458 0.000000 udp 10.0.2.109 3683 -> 60.54.42.194 8376 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:46:43.544063 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:46:46.488360 0.000000 udp 10.0.2.109 3683 -> 178.128.3.179 7163 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:46:52.347484 0.000000 udp 10.0.2.109 3683 -> 78.14.127.22 7760 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:46:58.315994 0.046377 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 716 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:46:58.450689 0.303497 udp 10.0.2.109 3683 <-> 14.222.163.26 1354 CON 0 0 2 724 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:46:58.902702 0.000000 udp 10.0.2.109 3683 -> 123.63.10.74 1856 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:47:07.789512 0.000000 udp 10.0.2.109 3683 -> 84.138.17.201 5708 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:47:14.539197 0.000000 udp 10.0.2.109 3683 -> 171.7.102.234 4411 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:47:22.901324 0.000000 udp 10.0.2.109 3683 -> 110.168.65.129 8546 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:47:31.162558 0.000000 udp 10.0.2.109 3683 -> 173.217.224.134 5177 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:47:36.049605 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:47:39.024097 0.000000 udp 10.0.2.109 3683 -> 68.15.223.145 3051 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:47:42.201928 3.001031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 22:47:45.563222 0.000000 udp 10.0.2.109 3683 -> 36.2.243.65 7478 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:47:49.208877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:47:52.703986 0.000000 udp 10.0.2.109 3683 -> 109.193.21.120 2327 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:47:57.210361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:48:01.436646 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:48:07.174322 0.096864 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:48:07.358288 0.000000 udp 10.0.2.109 3683 -> 50.75.48.164 3660 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:48:13.212964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:48:14.385096 0.000000 udp 10.0.2.109 3683 -> 36.2.207.138 8548 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:48:20.133488 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:48:25.049973 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:48:25.170722 0.000000 udp 10.0.2.109 3683 -> 125.2.83.168 4368 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:48:33.452354 0.195128 udp 10.0.2.109 3683 <-> 115.254.63.133 2891 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:48:33.716494 0.000000 udp 10.0.2.109 3683 -> 112.200.73.158 7694 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:48:39.622270 2.993501 tcp 10.0.2.109 58516 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:48:41.283378 0.000000 udp 10.0.2.109 3683 -> 24.103.120.69 3559 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:48:45.218885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:48:48.464023 0.000000 udp 10.0.2.109 3683 -> 91.106.104.27 1569 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:48:48.624013 0.000000 tcp 10.0.2.109 58516 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:48:54.624408 0.085342 tcp 10.0.2.109 58517 -> 195.113.214.219 80 FSPA* 0 0 10 1535 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:48:54.710091 0.054102 tcp 10.0.2.109 58518 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:48:54.764524 0.210835 tcp 10.0.2.109 58519 -> 195.113.214.211 443 SRPA* 0 0 34 16492 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:48:55.090083 2.997651 tcp 10.0.2.109 58520 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:48:56.085234 0.000000 udp 10.0.2.109 3683 -> 182.52.28.89 3980 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:49:03.945972 0.434752 udp 10.0.2.109 3683 <-> 203.198.84.127 4049 CON 0 0 2 680 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:49:04.086200 0.000000 tcp 10.0.2.109 58520 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:49:04.758790 0.040674 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:49:05.323805 0.536575 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:49:06.573056 0.000000 udp 10.0.2.109 3683 -> 78.110.72.200 2027 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:49:10.085318 0.051865 tcp 10.0.2.109 58521 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:10.137477 0.055437 tcp 10.0.2.109 58522 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:10.193207 0.149043 tcp 10.0.2.109 58523 -> 195.113.214.211 443 SRPA* 0 0 25 10516 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:10.658533 3.001296 tcp 10.0.2.109 58524 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:49:12.628389 0.000000 udp 10.0.2.109 3683 -> 78.93.187.132 3720 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:49:19.658519 0.000000 tcp 10.0.2.109 58524 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:49:20.353166 0.079053 udp 10.0.2.109 3683 <-> 91.6.22.51 5333 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:49:20.751452 0.000000 udp 10.0.2.109 3683 -> 71.238.204.251 9777 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:49:25.658374 0.054176 tcp 10.0.2.109 58525 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:25.712789 0.054214 tcp 10.0.2.109 58526 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:25.766886 0.195444 tcp 10.0.2.109 58527 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:26.426728 3.006323 tcp 10.0.2.109 58528 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:49:27.209611 0.000000 udp 10.0.2.109 3683 -> 176.92.255.182 7191 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:49:33.658854 0.000000 udp 10.0.2.109 3683 -> 58.9.146.211 2267 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:49:35.431291 0.000000 tcp 10.0.2.109 58528 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:49:41.420325 0.052395 tcp 10.0.2.109 58529 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:41.449870 0.000000 udp 10.0.2.109 3683 -> 162.83.13.106 7575 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:49:41.472548 0.054250 tcp 10.0.2.109 58530 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:41.527164 0.146337 tcp 10.0.2.109 58531 -> 195.113.214.211 443 SRPA* 0 0 47 41968 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:41.743187 2.991677 tcp 10.0.2.109 58532 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:49:47.398923 0.000000 udp 10.0.2.109 3683 -> 37.232.50.126 4810 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:49:50.743608 0.000000 tcp 10.0.2.109 58532 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:49:55.269873 0.328706 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 771 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:49:56.560697 0.000000 udp 10.0.2.109 3683 -> 68.179.37.137 6670 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:49:56.742578 0.052615 tcp 10.0.2.109 58533 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:56.795439 0.053293 tcp 10.0.2.109 58534 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:56.849022 0.147289 tcp 10.0.2.109 58535 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:49:57.155141 3.001699 tcp 10.0.2.109 58536 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:50:03.892151 0.000000 udp 10.0.2.109 3683 -> 112.218.223.156 2153 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:50:06.155661 0.000000 tcp 10.0.2.109 58536 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:50:09.240063 0.000000 udp 10.0.2.109 3683 -> 113.32.109.10 7262 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:50:12.154353 3.003784 tcp 10.0.2.109 58537 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:50:17.451651 0.000000 udp 10.0.2.109 3683 -> 98.175.165.173 8272 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:50:21.156977 0.000000 tcp 10.0.2.109 58537 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:50:23.250199 0.000000 udp 10.0.2.109 3683 -> 202.29.240.41 2970 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:50:27.326060 3.004399 tcp 10.0.2.109 58538 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:50:30.260889 0.000000 udp 10.0.2.109 3683 -> 24.43.28.215 3555 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:50:35.347938 0.000000 udp 10.0.2.109 3683 -> 61.199.55.208 5820 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:50:36.329213 0.000000 tcp 10.0.2.109 58538 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:50:41.126014 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:50:42.327593 3.004389 tcp 10.0.2.109 58539 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:50:43.208794 0.000000 udp 10.0.2.109 3683 -> 94.205.189.42 2289 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:50:51.271029 0.000000 udp 10.0.2.109 3683 -> 124.181.105.71 1031 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:50:51.330276 0.000000 tcp 10.0.2.109 58539 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:50:56.478277 0.054945 udp 10.0.2.109 3683 <-> 46.49.110.222 9016 CON 0 0 2 846 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:50:56.582483 0.000000 udp 10.0.2.109 3683 -> 122.181.176.181 5371 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:50:57.329595 3.003582 tcp 10.0.2.109 58540 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:51:01.695850 0.076475 udp 10.0.2.109 3683 <-> 81.138.17.73 9428 CON 0 0 2 858 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:51:01.855564 1.044353 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 775 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:51:02.910387 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:51:06.331741 0.000000 tcp 10.0.2.109 58540 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:51:11.139315 0.000000 udp 10.0.2.109 3683 -> 118.167.115.10 4272 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:51:18.099051 0.000000 udp 10.0.2.109 3683 -> 70.166.91.211 8069 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:51:23.747119 0.432609 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 841 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:51:24.219699 0.000000 udp 10.0.2.109 3683 -> 208.90.195.170 7614 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:51:28.623832 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:51:31.709039 0.000000 udp 10.0.2.109 3683 -> 72.44.168.154 3269 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:51:39.970363 0.000000 udp 10.0.2.109 3683 -> 79.31.160.54 5940 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:51:46.620311 0.180617 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 761 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:51:46.811713 0.157928 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 847 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:51:47.366601 0.000000 udp 10.0.2.109 3683 -> 14.96.174.244 1405 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:51:52.568001 0.000000 udp 10.0.2.109 3683 <- 14.96.174.244 1405 RSP 0 0 1 550 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:51:52.694488 0.000000 udp 10.0.2.109 3683 -> 183.62.200.114 9510 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:51:58.898218 0.032370 udp 10.0.2.109 3683 <-> 89.149.25.244 8337 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:51:58.965115 0.000000 udp 10.0.2.109 3683 -> 77.96.98.65 7382 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:52:04.717089 0.000000 udp 10.0.2.109 3683 -> 195.175.83.206 8539 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:52:11.375945 0.056536 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 706 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:52:11.479515 0.722972 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:52:12.312734 0.000000 udp 10.0.2.109 3683 -> 121.6.215.7 3561 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:52:16.122014 0.000182 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:52:17.424741 0.051228 udp 10.0.2.109 3683 <-> 78.50.28.25 4643 CON 0 0 2 716 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:52:17.659410 0.000000 udp 10.0.2.109 3683 -> 85.189.141.67 2894 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:52:24.374088 0.181184 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:52:24.571743 0.000000 udp 10.0.2.109 3683 -> 117.215.168.123 8599 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:52:32.425859 0.000000 udp 10.0.2.109 3683 -> 176.35.215.154 8769 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:52:37.834027 0.278343 udp 10.0.2.109 3683 <-> 101.63.140.182 4699 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:52:38.232521 0.000000 udp 10.0.2.109 3683 -> 86.162.104.104 9245 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:52:45.053865 0.305766 udp 10.0.2.109 3683 <-> 115.242.87.197 7292 CON 0 0 2 801 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:52:45.387091 0.000000 udp 10.0.2.109 3683 -> 220.241.218.121 8055 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:52:54.227637 0.000000 udp 10.0.2.109 3683 -> 217.168.187.48 7362 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:53:02.068816 0.362728 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:53:02.547687 0.215078 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 854 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:53:02.833425 0.235917 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 691 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:53:03.221513 0.000000 udp 10.0.2.109 3683 -> 92.46.227.198 2999 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:53:06.624650 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:53:09.478991 0.000000 udp 10.0.2.109 3683 -> 77.20.168.94 5899 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:53:17.240495 0.146028 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/20 22:53:17.641257 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 22:54:49.305856 3.001515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 22:54:56.312577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:55:04.314614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:55:20.317510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:55:52.323236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 22:56:12.332495 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:56:12.332590 2.993399 tcp 10.0.2.109 58541 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:56:21.324720 0.000000 tcp 10.0.2.109 58541 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:56:27.335404 0.053298 tcp 10.0.2.109 58542 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:56:27.389075 0.054378 tcp 10.0.2.109 58543 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:56:27.443771 0.159026 tcp 10.0.2.109 58544 -> 195.113.214.211 443 SRPA* 0 0 21 12356 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:56:27.621088 2.997311 tcp 10.0.2.109 58545 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:56:36.617257 0.000000 tcp 10.0.2.109 58545 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:56:42.616469 0.052365 tcp 10.0.2.109 58546 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:56:42.669108 0.058008 tcp 10.0.2.109 58547 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:56:42.727405 0.156519 tcp 10.0.2.109 58548 -> 195.113.214.211 443 SRPA* 0 0 35 19570 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:56:42.895796 3.004165 tcp 10.0.2.109 58549 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:56:51.899159 0.000000 tcp 10.0.2.109 58549 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:56:57.898361 0.054195 tcp 10.0.2.109 58550 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:56:57.952845 0.052962 tcp 10.0.2.109 58551 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:56:58.006179 0.146798 tcp 10.0.2.109 58552 -> 195.113.214.211 443 SRPA* 0 0 24 14054 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:56:58.165969 3.006164 tcp 10.0.2.109 58553 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:57:07.170642 0.000000 tcp 10.0.2.109 58553 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:57:13.160363 0.055915 tcp 10.0.2.109 58554 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:57:13.216154 0.053526 tcp 10.0.2.109 58555 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:57:13.269966 0.151209 tcp 10.0.2.109 58556 -> 195.113.214.211 443 SRPA* 0 0 56 38938 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:57:13.480110 2.994018 tcp 10.0.2.109 58557 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:57:22.483068 0.000000 tcp 10.0.2.109 58557 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:57:28.482502 0.052748 tcp 10.0.2.109 58558 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:57:28.535561 0.053921 tcp 10.0.2.109 58559 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:57:28.589334 0.161549 tcp 10.0.2.109 58560 -> 195.113.214.211 443 SRPA* 0 0 42 37026 flow=From-Botnet-V1-TCP-Established 1970/01/20 22:57:28.767070 2.999404 tcp 10.0.2.109 58561 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:57:37.764627 0.000000 tcp 10.0.2.109 58561 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:57:43.763830 3.003875 tcp 10.0.2.109 58562 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:57:52.766104 0.000000 tcp 10.0.2.109 58562 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:57:58.765460 3.004007 tcp 10.0.2.109 58563 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:58:07.767866 0.000000 tcp 10.0.2.109 58563 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:58:12.625047 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 22:58:13.766437 3.004468 tcp 10.0.2.109 58564 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:58:22.769496 0.000000 tcp 10.0.2.109 58564 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:58:28.768708 3.003948 tcp 10.0.2.109 58565 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 22:58:37.771487 0.000000 tcp 10.0.2.109 58565 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:01:56.329329 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 23:02:03.336621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:02:11.338440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:02:27.341240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:02:59.347102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:03:43.771964 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 23:03:43.772066 2.992987 tcp 10.0.2.109 58566 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:03:52.774050 0.000000 tcp 10.0.2.109 58566 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:03:58.774513 0.053974 tcp 10.0.2.109 58567 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:03:58.828806 0.055255 tcp 10.0.2.109 58568 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:03:58.884365 0.145451 tcp 10.0.2.109 58569 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:03:59.833437 3.005121 tcp 10.0.2.109 58570 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:04:08.837259 0.000000 tcp 10.0.2.109 58570 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:04:14.826480 0.054157 tcp 10.0.2.109 58571 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:04:14.880939 0.077318 tcp 10.0.2.109 58572 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:04:14.958050 0.153627 tcp 10.0.2.109 58573 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:04:15.485388 3.005620 tcp 10.0.2.109 58574 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:04:24.489541 0.000000 tcp 10.0.2.109 58574 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:04:30.478622 0.055873 tcp 10.0.2.109 58575 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:04:30.534287 0.055318 tcp 10.0.2.109 58576 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:04:30.589928 0.162657 tcp 10.0.2.109 58577 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:04:31.229689 3.004087 tcp 10.0.2.109 58578 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:04:40.232152 0.000000 tcp 10.0.2.109 58578 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:04:46.231969 0.052295 tcp 10.0.2.109 58579 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:04:46.284575 0.054645 tcp 10.0.2.109 58580 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:04:46.339550 0.147758 tcp 10.0.2.109 58581 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:04:46.630949 2.994785 tcp 10.0.2.109 58582 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:04:55.624295 0.000000 tcp 10.0.2.109 58582 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:05:01.623363 0.052942 tcp 10.0.2.109 58583 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:05:01.676543 0.156128 tcp 10.0.2.109 58584 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:05:01.832520 0.148614 tcp 10.0.2.109 58585 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:05:01.996512 3.001222 tcp 10.0.2.109 58586 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:05:10.996223 0.000000 tcp 10.0.2.109 58586 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:05:16.995884 3.003587 tcp 10.0.2.109 58587 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:05:25.997901 0.000000 tcp 10.0.2.109 58587 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:05:31.997512 3.003370 tcp 10.0.2.109 58588 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:05:40.999699 0.000000 tcp 10.0.2.109 58588 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:05:46.998258 3.004112 tcp 10.0.2.109 58589 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:05:51.625154 0.000148 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 23:05:56.001540 0.000000 tcp 10.0.2.109 58589 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:06:01.999880 2.994010 tcp 10.0.2.109 58590 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:06:11.003090 0.000000 tcp 10.0.2.109 58590 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:09:03.854232 3.001486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 23:09:10.861636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:09:18.862545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:09:34.865983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:10:06.872279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:11:18.034751 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 23:11:18.034932 3.003772 tcp 10.0.2.109 58591 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:11:27.037419 0.000000 tcp 10.0.2.109 58591 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:11:33.038932 0.054037 tcp 10.0.2.109 58592 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:11:33.093324 0.053174 tcp 10.0.2.109 58593 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:11:33.146379 0.145525 tcp 10.0.2.109 58594 -> 195.113.214.211 443 SRPA* 0 0 29 19306 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:11:33.312908 2.997356 tcp 10.0.2.109 58595 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:11:42.309346 0.000000 tcp 10.0.2.109 58595 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:11:48.308379 0.054185 tcp 10.0.2.109 58596 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:11:48.362849 0.054309 tcp 10.0.2.109 58597 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:11:48.417015 0.155748 tcp 10.0.2.109 58598 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:11:48.658784 3.003413 tcp 10.0.2.109 58599 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:11:57.661470 0.000000 tcp 10.0.2.109 58599 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:12:03.660158 2.993776 tcp 10.0.2.109 58600 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:12:12.662599 0.000000 tcp 10.0.2.109 58600 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:16:10.878321 3.001034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 23:16:17.885204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:16:25.886932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:16:41.889922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:17:13.896172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:23:39.914261 3.001000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 23:23:46.921068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:23:49.765771 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 23:23:49.765955 0.166831 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:49.927862 0.072613 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:50.388960 0.172252 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:50.536254 0.137794 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:50.657717 0.190656 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:50.812562 0.048412 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:50.888032 0.084731 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:50.954556 0.175460 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:51.310188 0.342003 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:51.915035 0.172682 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:52.065103 0.194408 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:52.313480 0.197909 rtp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:52.552372 0.128635 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:52.757561 0.105724 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:52.845363 0.055677 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:53.031898 0.118499 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:53.200076 0.371878 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:53.550983 0.196912 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:53.779982 0.056426 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:53.927071 0.361125 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:54.318948 0.123279 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 6 2009 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:54.476990 0.221188 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:54.683778 0.051442 udp 10.0.2.109 3683 <-> 87.167.230.89 8279 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:54.792826 0.052755 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:54.837889 0.636156 udp 10.0.2.109 3683 <-> 14.222.163.26 1354 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:54.922667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:23:55.655466 0.106817 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:56.206744 0.199545 udp 10.0.2.109 3683 <-> 115.254.63.133 2891 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:56.392883 0.403911 rtp 10.0.2.109 3683 <-> 203.198.84.127 4049 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:56.769649 0.045733 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:57.099713 0.739924 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:57.832972 0.124033 udp 10.0.2.109 3683 <-> 91.6.22.51 5333 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:58.342311 0.330449 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:59.483426 0.062035 udp 10.0.2.109 3683 <-> 46.49.110.222 9016 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:59.569896 0.096270 udp 10.0.2.109 3683 <-> 81.138.17.73 9428 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:23:59.639421 0.829508 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:00.289040 1.087248 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:01.330508 0.160139 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:01.553627 0.182050 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:01.796157 0.000000 udp 10.0.2.109 3683 -> 14.96.174.244 1405 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 23:24:03.705582 3.003483 tcp 10.0.2.109 58601 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:24:10.925146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:24:12.708087 0.000000 tcp 10.0.2.109 58601 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:24:18.087378 0.055573 tcp 10.0.2.109 58602 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:18.143300 0.052953 tcp 10.0.2.109 58603 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:18.196546 0.153043 tcp 10.0.2.109 58604 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:18.350271 0.032627 udp 10.0.2.109 3683 <-> 89.149.25.244 8337 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:18.684175 0.056262 rtp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:18.706606 0.054294 tcp 10.0.2.109 58605 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:18.761181 0.053435 tcp 10.0.2.109 58606 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:18.814934 0.149037 tcp 10.0.2.109 58607 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:18.872730 0.838636 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 5 2013 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:19.071099 3.000661 tcp 10.0.2.109 58608 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:24:19.686583 0.000000 udp 10.0.2.109 3683 -> 78.50.28.25 4643 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 23:24:28.069872 0.000000 tcp 10.0.2.109 58608 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/20 23:24:34.069460 0.051365 tcp 10.0.2.109 58609 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:34.121142 0.053499 tcp 10.0.2.109 58610 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:34.175017 0.149480 tcp 10.0.2.109 58611 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:34.571759 0.568189 tcp 10.0.2.109 58612 -> 188.129.248.221 6410 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:37.424275 0.055010 tcp 10.0.2.109 58613 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:37.479604 0.053534 tcp 10.0.2.109 58614 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:37.532952 0.145637 tcp 10.0.2.109 58615 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:37.677727 0.191678 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:37.862167 0.000000 udp 10.0.2.109 3683 -> 101.63.140.182 4699 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 23:24:42.931848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:24:55.380261 0.114363 tcp 10.0.2.109 58616 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:55.494974 0.056808 tcp 10.0.2.109 58617 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:55.551629 0.156728 tcp 10.0.2.109 58618 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:24:55.708902 0.560885 udp 10.0.2.109 3683 <-> 115.242.87.197 7292 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:55.998690 0.236718 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:56.388894 0.234450 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:56.600673 0.358744 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:24:56.956647 0.145029 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2610 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:31:06.946506 3.101298 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 23:31:14.054002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:31:22.055042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:31:38.058199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:32:10.064060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:38:14.070860 3.001484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 23:38:21.077472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:38:29.079250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:38:45.082001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:39:17.088021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:45:21.094963 3.000789 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 23:45:28.172075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:45:36.173515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:45:52.176032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:46:24.182094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:52:28.188792 3.001101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/20 23:52:35.195790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:52:43.197187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:52:59.200022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:53:31.206371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:54:35.199321 0.000223 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/20 23:54:35.199644 0.750690 tcp 10.0.2.109 58619 -> 188.129.248.221 6410 FSPA* 0 0 14 1511 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:02.318216 0.000000 udp 10.0.2.109 3683 -> 14.96.174.244 1405 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 23:55:19.073407 0.052664 tcp 10.0.2.109 58620 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:19.126362 0.056023 tcp 10.0.2.109 58621 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:19.182781 0.145397 tcp 10.0.2.109 58622 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:19.327771 0.000000 udp 10.0.2.109 3683 -> 78.50.28.25 4643 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 23:55:35.575843 0.052168 tcp 10.0.2.109 58623 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:35.628311 0.055863 tcp 10.0.2.109 58624 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:35.684455 0.284706 tcp 10.0.2.109 58625 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:35.968213 0.000000 udp 10.0.2.109 3683 -> 101.63.140.182 4699 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 23:55:53.852209 0.275159 tcp 10.0.2.109 58626 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:54.127628 0.053995 tcp 10.0.2.109 58627 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:54.181430 0.149616 tcp 10.0.2.109 58628 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:55:54.331228 0.125301 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:54.456936 0.146060 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:54.603401 0.054602 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:54.658466 0.160769 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:54.819651 0.336785 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:55.156739 0.132225 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:55.289344 0.065912 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:55.355593 0.034907 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:55.390849 0.170872 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:55.562137 0.153253 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:55.715782 0.146813 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:55.948345 0.081562 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:56.030269 0.134924 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:56.165592 0.085996 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:56.251940 0.081814 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:56.334337 0.052665 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:56.387407 0.364077 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:56.751879 0.160307 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:56.912635 0.358382 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:57.271361 0.056772 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:57.328561 0.110968 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:57.439953 0.040667 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:57.481018 0.206142 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:57.687531 0.040894 udp 10.0.2.109 3683 <-> 87.167.230.89 8279 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:57.728860 0.433191 udp 10.0.2.109 3683 <-> 14.222.163.26 1354 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:58.162536 0.204011 udp 10.0.2.109 3683 <-> 115.254.63.133 2891 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:58.366967 0.075039 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:58.442440 0.040688 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:58.483535 0.373455 udp 10.0.2.109 3683 <-> 203.198.84.127 4049 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:58.857388 0.602711 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:59.460538 0.328159 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:59.789124 0.070819 udp 10.0.2.109 3683 <-> 91.6.22.51 5333 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:55:59.860349 0.000000 udp 10.0.2.109 3683 -> 46.49.110.222 9016 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 23:56:15.022273 0.052465 tcp 10.0.2.109 58629 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:56:15.075058 0.053810 tcp 10.0.2.109 58630 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:56:15.129169 0.154733 tcp 10.0.2.109 58631 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:56:15.284485 0.000000 udp 10.0.2.109 3683 -> 81.138.17.73 9428 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/20 23:56:33.559192 0.073792 tcp 10.0.2.109 58632 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:56:33.633287 0.053333 tcp 10.0.2.109 58633 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:56:33.686935 0.156568 tcp 10.0.2.109 58634 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/20 23:56:33.843992 0.796835 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:34.641250 0.156950 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:34.798629 0.193195 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:34.992213 0.384976 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:35.377655 0.032319 udp 10.0.2.109 3683 <-> 89.149.25.244 8337 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:35.410368 0.052858 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:35.463613 0.854592 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:36.318660 0.178904 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:36.498047 0.236534 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:36.735089 0.311904 udp 10.0.2.109 3683 <-> 115.242.87.197 7292 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:37.047364 0.140594 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:37.188360 0.242804 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:56:37.431580 0.360488 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/20 23:59:35.212781 3.001122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/20 23:59:42.220157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/20 23:59:50.221529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:00:06.224099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:00:38.230396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:06:42.236589 3.001242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 00:06:49.243734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:06:57.926557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:07:13.929189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:07:45.935350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:13:49.942295 3.000950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 00:13:56.948655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:14:04.950206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:14:20.953245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:14:52.959036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:20:56.965865 3.001405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 00:21:03.972939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:21:11.974067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:21:27.977435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:21:59.983661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:24:36.278037 0.120965 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 00:24:36.399305 0.675803 tcp 10.0.2.109 58635 -> 188.129.248.221 6410 FSPA* 0 0 14 1593 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:27:06.854441 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 00:27:06.854592 0.000000 udp 10.0.2.109 3683 -> 46.49.110.222 9016 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 00:27:22.689228 0.053406 tcp 10.0.2.109 58636 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:27:22.742905 0.055112 tcp 10.0.2.109 58637 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:27:22.797864 0.152390 tcp 10.0.2.109 58638 -> 195.113.214.211 443 SRPA* 0 0 23 13766 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:27:22.950792 0.000000 udp 10.0.2.109 3683 -> 81.138.17.73 9428 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 00:27:40.413436 0.056174 tcp 10.0.2.109 58639 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:27:40.469903 0.053840 tcp 10.0.2.109 58640 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:27:40.524031 0.153048 tcp 10.0.2.109 58641 -> 195.113.214.211 443 SRPA* 0 0 46 22884 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:27:40.677305 0.050218 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:40.727948 0.146729 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:40.875055 0.118922 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:40.994394 0.161051 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:41.155827 0.064397 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:41.220642 0.038520 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:41.259555 0.170157 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:41.430287 0.162099 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:41.592788 0.146569 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:41.739725 0.135952 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:42.027369 0.347741 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:42.375551 0.052877 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:42.428817 0.326599 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:42.755851 0.327581 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:43.083878 0.141768 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:43.226011 0.081466 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:43.307889 0.080828 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:43.389141 0.082047 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:43.471611 0.047277 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:43.519336 0.208870 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:43.728644 0.047395 udp 10.0.2.109 3683 <-> 87.167.230.89 8279 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:43.776456 0.361779 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:44.138671 0.087943 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:44.226985 0.053517 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:44.280856 0.377877 udp 10.0.2.109 3683 <-> 203.198.84.127 4049 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:44.659081 0.339496 udp 10.0.2.109 3683 <-> 14.222.163.26 1354 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:44.998971 0.223314 udp 10.0.2.109 3683 <-> 115.254.63.133 2891 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:45.222693 0.093620 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:45.316778 0.049116 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:45.366412 0.329123 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:45.696021 1.013795 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:46.710378 0.066222 udp 10.0.2.109 3683 <-> 91.6.22.51 5333 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:46.777003 0.567838 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:47.345195 0.158818 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:47.504450 0.218468 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 587 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:27:47.723751 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 00:28:04.039388 3.001450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 00:28:04.617949 0.053895 tcp 10.0.2.109 58642 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:28:04.672095 0.056582 tcp 10.0.2.109 58643 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:28:04.728974 0.155650 tcp 10.0.2.109 58644 -> 195.113.214.211 443 SRPA* 0 0 41 21414 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:28:04.885144 0.381916 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:28:05.267477 0.000000 udp 10.0.2.109 3683 -> 89.149.25.244 8337 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 00:28:11.047421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:28:19.048037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:28:22.193271 0.309348 tcp 10.0.2.109 58645 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:28:22.502928 0.053483 tcp 10.0.2.109 58646 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:28:22.556770 0.164658 tcp 10.0.2.109 58647 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:28:22.722009 0.707793 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:28:23.430313 0.178842 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:28:23.609545 0.236561 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:28:23.846498 0.223796 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:28:24.070650 0.354904 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:28:24.425960 0.254354 udp 10.0.2.109 3683 <-> 115.242.87.197 7292 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:28:24.680675 0.142165 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:28:35.161267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:29:07.167387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:35:11.174426 3.000740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 00:35:18.180814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:35:26.182018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:35:42.185025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:36:14.191739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:42:18.197790 3.000958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 00:42:25.204852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:42:33.206004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:42:49.209118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:43:21.215587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:49:25.220813 3.002328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 00:49:32.228843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:49:40.230710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:49:56.233211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:50:28.238995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:54:37.188003 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 00:54:37.188098 0.594938 tcp 10.0.2.109 58648 -> 188.129.248.221 6410 FSPA* 0 0 14 1569 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:56:32.245716 3.001047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 00:56:39.252739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:56:47.254105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:57:03.257367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:57:35.263197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 00:58:34.629145 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 00:58:34.629283 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 00:58:50.062584 0.059711 tcp 10.0.2.109 58649 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:58:50.122591 0.054702 tcp 10.0.2.109 58650 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:58:50.177143 0.165295 tcp 10.0.2.109 58651 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:58:50.341784 0.000000 udp 10.0.2.109 3683 -> 89.149.25.244 8337 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 00:59:06.174679 0.052755 tcp 10.0.2.109 58652 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:59:06.227753 0.053536 tcp 10.0.2.109 58653 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:59:06.281586 0.149413 tcp 10.0.2.109 58654 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 00:59:06.431591 0.056724 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:06.488667 0.142452 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:06.631553 0.067204 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:06.699168 2.818153 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:09.517745 0.169900 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:09.688061 0.178128 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:09.866662 0.146837 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:10.013868 0.157842 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:10.172084 0.121509 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:10.293993 0.332574 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:10.626958 0.151431 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:10.778807 0.052527 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:10.831702 0.320547 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:11.152651 0.239103 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:11.392150 0.093464 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:11.485974 0.081226 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:11.567616 0.085240 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:11.653280 0.209168 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:11.862856 0.046569 udp 10.0.2.109 3683 <-> 87.167.230.89 8279 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:11.909868 0.161737 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:12.072022 0.141917 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:12.214392 0.390597 udp 10.0.2.109 3683 <-> 14.222.163.26 1354 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:12.605358 0.358216 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:12.964018 0.053567 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:13.017939 0.087629 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:13.105910 0.372838 udp 10.0.2.109 3683 <-> 203.198.84.127 4049 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:13.493476 0.040280 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:13.534158 0.328191 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:13.862804 0.076370 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:13.939531 0.699267 udp 10.0.2.109 3683 <-> 115.254.63.133 2891 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:14.639185 1.990668 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:16.630289 0.072765 udp 10.0.2.109 3683 <-> 91.6.22.51 5333 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:16.703483 0.219769 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:16.923625 0.159386 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:17.083414 2.500141 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:19.583940 0.386469 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:19.970819 0.236854 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:20.208070 0.218559 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:20.427033 0.788918 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:21.216367 0.177607 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:21.394348 0.143145 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:21.537848 0.366737 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/21 00:59:21.905028 0.436007 udp 10.0.2.109 3683 <-> 115.242.87.197 7292 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:03:39.269201 3.001973 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 01:03:46.277080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:03:54.278446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:04:10.280881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:04:42.287459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:10:46.293042 3.001701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 01:10:53.300578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:11:01.301985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:11:17.305009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:11:49.311416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:17:53.316521 3.002203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 01:18:00.324481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:18:08.326163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:18:24.328810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:18:56.335381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:24:37.787086 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 01:24:37.787195 0.687489 tcp 10.0.2.109 58655 -> 188.129.248.221 6410 FSPA* 0 0 14 1725 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:25:00.341510 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 01:25:07.348676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:25:15.350101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:25:31.353343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:26:03.359298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:29:36.676284 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 01:29:36.676383 0.065551 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:36.742474 0.052111 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:36.742795 2.997629 tcp 10.0.2.109 58656 -> 86.167.165.238 2422 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 01:29:36.795373 0.143980 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:36.939818 0.168112 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:37.108396 0.034699 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:37.143513 0.170338 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:37.314458 0.147786 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:37.462673 0.159973 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:37.623088 0.178386 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:37.801869 0.353566 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:38.155863 0.130136 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:38.286493 0.052448 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:38.339413 0.087805 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:38.427587 0.084255 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:38.512215 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 01:29:45.738948 0.000000 tcp 10.0.2.109 58656 -> 86.167.165.238 2422 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 01:29:54.172817 0.055791 tcp 10.0.2.109 58657 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:29:54.228455 0.054683 tcp 10.0.2.109 58658 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:29:54.283508 0.152799 tcp 10.0.2.109 58659 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:29:54.436926 0.224510 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:54.661836 0.046523 udp 10.0.2.109 3683 <-> 87.167.230.89 8279 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:54.708811 0.323872 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:55.033103 0.190145 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:55.223618 0.165550 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:55.389615 0.141861 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:55.531882 0.367294 udp 10.0.2.109 3683 <-> 14.222.163.26 1354 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:55.899615 0.402631 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:56.302668 0.055368 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:56.358551 0.090689 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:29:56.449691 0.000000 udp 10.0.2.109 3683 -> 203.198.84.127 4049 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 01:30:14.971273 0.053976 tcp 10.0.2.109 58660 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:30:15.025533 0.053680 tcp 10.0.2.109 58661 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:30:15.079594 0.145971 tcp 10.0.2.109 58662 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:30:15.226034 0.039981 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:15.266408 0.328874 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:15.595622 0.093243 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:15.689302 0.218012 udp 10.0.2.109 3683 <-> 115.254.63.133 2891 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:15.907734 0.203772 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:16.111902 2.700142 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:18.812484 0.066711 udp 10.0.2.109 3683 <-> 91.6.22.51 5333 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:18.907448 0.158296 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:19.066094 0.647758 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:19.714258 0.389138 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:20.103761 0.236545 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:20.340698 0.220208 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:20.561301 0.964566 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:21.526372 0.178294 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:21.705087 0.185401 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:21.890855 0.354739 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/21 01:30:22.245961 0.000000 udp 10.0.2.109 3683 -> 115.242.87.197 7292 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 01:30:39.216416 0.052287 tcp 10.0.2.109 58663 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:30:39.269063 0.053215 tcp 10.0.2.109 58664 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:30:39.322623 0.153406 tcp 10.0.2.109 58665 -> 195.113.214.211 443 FSRP* 0 0 28 9296 flow=From-Botnet-V1-TCP-Established 1970/01/21 01:32:07.365356 3.001601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 01:32:14.372883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:32:22.374285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:32:38.376898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:33:10.383007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:39:14.389496 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 01:39:21.396765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:39:29.398206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:39:45.400714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:40:17.407449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:46:21.413362 3.001430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 01:46:28.420454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:46:36.882789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:46:52.885548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:47:24.891461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:53:28.897314 3.002126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 01:53:35.905443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:53:43.906870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:53:59.909822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:54:31.916115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 01:54:38.696065 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 01:54:38.696150 0.499758 tcp 10.0.2.109 58666 -> 188.129.248.221 6410 FSPA* 0 0 12 1421 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:00:35.922890 3.000721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 02:00:42.929179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:00:50.930746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:00:55.738210 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 02:00:55.738318 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 02:01:06.933662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:01:10.751007 0.052732 tcp 10.0.2.109 58667 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:10.804086 0.054774 tcp 10.0.2.109 58668 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:10.859239 0.148395 tcp 10.0.2.109 58669 -> 195.113.214.211 443 SRPA* 0 0 52 35498 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:11.005774 0.000000 udp 10.0.2.109 3683 -> 203.198.84.127 4049 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 02:01:28.835607 0.052636 tcp 10.0.2.109 58670 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:28.888535 0.060812 tcp 10.0.2.109 58671 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:28.949645 0.142497 tcp 10.0.2.109 58672 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:29.092676 0.266849 udp 10.0.2.109 3683 <-> 115.242.87.197 7292 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:29.359996 0.149992 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:29.360345 4.863024 tcp 10.0.2.109 58673 -> 115.242.87.197 1670 SPA_* 0 0 137 77102 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:29.510399 0.055246 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:29.566088 0.072497 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:29.638992 0.148229 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:29.787614 0.160955 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:29.948986 0.117581 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:30.066987 0.042023 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:30.109431 0.170411 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:30.280225 0.171582 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:30.452201 0.086326 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:30.538910 0.143809 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:30.683087 0.364581 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:31.048029 0.052670 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:31.101050 0.093179 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:31.194553 0.046235 udp 10.0.2.109 3683 <-> 87.167.230.89 8279 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:31.241195 0.226109 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:31.467699 0.141658 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:31.609687 0.162213 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:31.772310 0.356303 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:32.129027 0.356910 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:32.486344 0.728858 udp 10.0.2.109 3683 <-> 14.222.163.26 1354 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:33.215537 0.377318 udp 10.0.2.109 3683 <-> 210.217.156.13 9328 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:33.593247 0.087663 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:33.681329 0.059869 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:33.741508 0.236106 udp 10.0.2.109 3683 <-> 115.254.63.133 2891 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:33.978025 0.044463 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:34.022953 0.327576 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:34.350934 0.086365 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:34.376151 4.884335 tcp 10.0.2.109 58673 -> 115.242.87.197 1670 A_PA 0 0 180 105976 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:34.437704 0.191882 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:34.629965 0.071527 udp 10.0.2.109 3683 <-> 91.6.22.51 5333 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:34.701914 3.137007 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:37.839271 0.158255 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:37.998003 0.857346 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:38.855720 0.461768 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:38.939754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:01:39.317931 0.378637 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:39.696989 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 02:01:39.701802 4.987730 tcp 10.0.2.109 58673 -> 115.242.87.197 1670 A_PA 0 0 81 45334 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:44.762879 4.995936 tcp 10.0.2.109 58673 -> 115.242.87.197 1670 A_PA 0 0 111 62738 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:49.814648 4.962542 tcp 10.0.2.109 58673 -> 115.242.87.197 1670 A_PA 0 0 205 123710 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:54.824161 4.912911 tcp 10.0.2.109 58673 -> 115.242.87.197 1670 A_PA 0 0 207 122370 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:55.714390 0.052062 tcp 10.0.2.109 58674 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:55.766779 0.051605 tcp 10.0.2.109 58675 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:55.818657 0.148160 tcp 10.0.2.109 58676 -> 195.113.214.211 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:01:55.965840 0.180047 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:56.146330 0.534424 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:56.681163 0.139946 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:56.821545 0.361834 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:01:59.939955 0.842951 tcp 10.0.2.109 58673 -> 115.242.87.197 1670 FPA_* 0 0 9 1574 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:07:42.946713 3.000448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 02:07:49.953431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:07:57.954364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:08:13.957514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:08:45.963629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:14:49.969753 3.001608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 02:14:56.976671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:15:04.978211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:15:20.981398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:15:52.987743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:21:56.993753 3.001813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 02:22:04.000639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:22:12.002181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:22:28.005870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:23:00.011634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:24:39.194594 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 02:24:39.194702 0.748307 tcp 10.0.2.109 58677 -> 188.129.248.221 6410 FSPA* 0 0 14 1558 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:29:04.017900 3.001538 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 02:29:11.025092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:29:19.377144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:29:35.380157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:30:07.816726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:32:02.842159 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 02:32:02.842273 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 02:32:20.228908 0.054203 tcp 10.0.2.109 58678 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:32:20.283435 0.125074 tcp 10.0.2.109 58679 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:32:20.407903 0.157114 tcp 10.0.2.109 58680 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:32:20.563617 0.060019 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:20.624016 0.062553 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:20.686905 0.147625 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:20.834893 0.252790 udp 10.0.2.109 3683 <-> 115.242.87.197 7292 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:21.088117 0.144284 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:21.232880 0.125294 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:21.358623 0.631202 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:21.990408 0.170144 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:22.160935 0.157371 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:22.318728 0.078495 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:22.397584 0.158996 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:22.556917 0.136754 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:22.694161 0.355973 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:23.050556 0.045934 udp 10.0.2.109 3683 <-> 87.167.230.89 8279 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:23.096845 0.000000 udp 10.0.2.109 3683 -> 27.96.86.6 7537 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 02:32:40.045797 0.054331 tcp 10.0.2.109 58681 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:32:40.099978 0.054356 tcp 10.0.2.109 58682 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:32:40.154627 0.172430 tcp 10.0.2.109 58683 -> 195.113.214.211 443 SRPA* 0 0 52 37566 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:32:40.327617 0.141533 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:40.469597 0.159125 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:40.629063 0.094453 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:40.723865 0.053285 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:40.777557 0.079478 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:40.857444 0.335759 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:41.193642 0.087659 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:41.281730 0.055390 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:32:41.337555 0.000000 udp 10.0.2.109 3683 -> 14.222.163.26 1354 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 02:32:59.724688 0.052283 tcp 10.0.2.109 58684 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:32:59.776831 0.052809 tcp 10.0.2.109 58685 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:32:59.829996 0.145290 tcp 10.0.2.109 58686 -> 195.113.214.211 443 SRPA* 0 0 40 29092 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:32:59.975955 0.000000 udp 10.0.2.109 3683 -> 210.217.156.13 9328 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 02:33:15.316485 0.050963 tcp 10.0.2.109 58687 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:33:15.367729 0.124094 tcp 10.0.2.109 58688 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:33:15.491642 0.156446 tcp 10.0.2.109 58689 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:33:15.648555 0.327086 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:15.976068 0.199627 udp 10.0.2.109 3683 <-> 115.254.63.133 2891 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:16.176084 0.192610 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:16.369043 0.068790 udp 10.0.2.109 3683 <-> 91.6.22.51 5333 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:16.438278 0.079254 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:16.517913 0.040174 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:16.558466 1.184108 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:17.742965 0.157249 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:17.900607 0.384974 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:18.286007 0.614144 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:18.900570 0.222017 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:19.122925 0.146903 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:19.270244 0.177378 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:19.448028 0.566983 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:33:20.015342 0.355621 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/21 02:36:11.843372 3.000731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 02:36:18.849811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:36:26.851394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:36:42.854251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:37:14.860687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:43:18.867047 3.000874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 02:43:25.873993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:43:33.875230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:43:49.878836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:44:21.884531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:50:25.891245 3.001054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 02:50:32.897705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:50:40.899600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:50:56.902672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:51:28.908547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:54:40.334295 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 02:54:40.334384 0.652516 tcp 10.0.2.109 58690 -> 188.129.248.221 6410 FSPA* 0 0 14 1672 flow=From-Botnet-V1-TCP-Established 1970/01/21 02:57:32.915225 3.000985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 02:57:39.922106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:57:47.923279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:58:03.926181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 02:58:35.932771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:03:42.663627 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 03:03:42.663867 0.232562 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:03:42.896844 0.000000 udp 10.0.2.109 3683 -> 210.217.156.13 9328 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 03:03:58.308120 0.058098 tcp 10.0.2.109 58691 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:03:58.365957 0.051233 tcp 10.0.2.109 58692 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:03:58.417556 0.154353 tcp 10.0.2.109 58693 -> 195.113.214.211 443 SRPA* 0 0 27 9016 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:03:58.572601 0.000000 udp 10.0.2.109 3683 -> 14.222.163.26 1354 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 03:04:13.919231 0.114511 tcp 10.0.2.109 58694 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:04:14.033600 0.054106 tcp 10.0.2.109 58695 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:04:14.088003 0.156910 tcp 10.0.2.109 58696 -> 195.113.214.211 443 SRPA* 0 0 45 37188 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:04:14.245598 0.054792 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:14.300841 0.061626 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:14.362875 0.116723 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:14.479927 0.259905 udp 10.0.2.109 3683 <-> 115.242.87.197 7292 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:14.740208 0.146878 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:14.887495 0.148151 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:15.036061 0.158240 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:15.194662 0.171001 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:15.366257 0.151325 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:15.517924 3.361388 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:18.879668 0.075542 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:18.955570 0.158765 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:19.114758 0.000000 udp 10.0.2.109 3683 -> 87.167.230.89 8279 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 03:04:37.473098 0.053611 tcp 10.0.2.109 58697 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:04:37.526998 0.052333 tcp 10.0.2.109 58698 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:04:37.579624 0.150756 tcp 10.0.2.109 58699 -> 195.113.214.211 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:04:37.730879 0.369486 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:38.100746 0.051621 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:38.152778 0.141930 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:38.391365 0.162219 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:38.554013 0.093783 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:38.648189 0.090454 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:38.738983 0.357111 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:39.096508 0.264050 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:39.361355 0.055462 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:39.417242 0.201655 udp 10.0.2.109 3683 <-> 115.254.63.133 2891 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:39.619318 0.194916 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:39.814645 0.000000 udp 10.0.2.109 3683 -> 91.6.22.51 5333 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 03:04:39.958710 3.001558 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 03:04:46.965708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:04:54.967740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:04:58.332528 0.055570 tcp 10.0.2.109 58700 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:04:58.387944 0.054330 tcp 10.0.2.109 58701 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:04:58.442539 0.160429 tcp 10.0.2.109 58702 -> 195.113.214.211 443 SRPA* 0 0 42 22844 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:04:58.601740 0.080893 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:58.683056 0.040263 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:58.723774 0.327421 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:04:59.051537 3.190728 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:05:02.242613 0.387617 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:05:02.630621 0.159351 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:05:02.790536 0.195827 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:05:02.986769 0.141108 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:05:03.128240 0.177772 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:05:03.306567 0.694574 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:05:04.001544 1.001121 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:05:05.003008 0.356522 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:05:10.970567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:05:42.976380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:11:46.982453 3.001447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 03:11:55.402312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:12:03.403784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:12:19.406173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:12:51.412405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:18:55.418909 3.001086 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 03:19:02.425880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:19:10.427072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:19:26.430594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:19:58.436322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:24:41.704029 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 03:24:41.704123 0.534825 tcp 10.0.2.109 58703 -> 188.129.248.221 6410 FSPA* 0 0 14 1516 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:26:13.448685 3.001240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 03:26:20.456066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:26:28.457554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:26:44.459921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:27:16.466060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:33:37.477208 3.000987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 03:33:44.483988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:33:52.485763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:34:08.488521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:34:40.494559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:35:31.378377 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 03:35:31.378478 0.000000 udp 10.0.2.109 3683 -> 87.167.230.89 8279 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 03:35:48.775486 0.052625 tcp 10.0.2.109 58704 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:35:48.828410 0.052436 tcp 10.0.2.109 58705 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:35:48.881160 0.148630 tcp 10.0.2.109 58706 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:35:49.029972 0.000000 udp 10.0.2.109 3683 -> 91.6.22.51 5333 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 03:36:05.117105 0.055072 tcp 10.0.2.109 58707 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:36:05.172417 0.052342 tcp 10.0.2.109 58708 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:36:05.225069 0.149091 tcp 10.0.2.109 58709 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:36:05.374780 0.182584 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:05.557775 0.279519 udp 10.0.2.109 3683 <-> 115.242.87.197 7292 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:05.837676 0.067719 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:05.905771 0.053791 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:05.959939 0.118690 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:06.079022 0.145879 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:06.225296 0.136812 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:06.362546 0.141906 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:06.504870 0.168854 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:06.674151 0.156290 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:06.830786 0.078677 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:06.909891 0.046346 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:06.956643 0.160161 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:07.117146 0.141889 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:07.259426 0.163009 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:07.422866 0.085611 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:07.508999 0.086455 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:07.595889 0.052538 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:07.648795 0.376861 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:08.026098 0.000000 udp 10.0.2.109 3683 -> 115.254.63.133 2891 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 03:36:25.115913 0.051904 tcp 10.0.2.109 58710 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:36:25.168061 0.056069 tcp 10.0.2.109 58711 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:36:25.224428 0.146850 tcp 10.0.2.109 58712 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:36:25.371745 0.221051 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:25.593193 0.364997 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:25.958580 0.082165 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:26.041164 0.056559 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:26.098637 0.076179 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:26.175242 0.044205 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:26.219873 0.328733 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:26.549000 1.194508 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:27.743856 1.071665 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:28.815872 0.157962 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:28.974323 0.177098 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:29.151859 0.197420 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:29.349683 0.162651 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:29.512743 0.000000 udp 10.0.2.109 3683 -> 59.161.13.118 6035 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 03:36:38.195082 0.000000 udp 10.0.2.109 3683 <- 59.161.13.118 6035 RSP 0 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 03:36:38.195496 0.625016 udp 10.0.2.109 3683 <-> 181.25.254.34 4258 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:36:38.820959 0.363610 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/21 03:40:44.500649 3.001961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 03:40:51.507892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:40:59.509829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:41:15.512305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:41:47.518418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:47:51.525327 3.000695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 03:47:58.532843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:48:06.533190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:48:22.536394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:48:54.753168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:54:42.333009 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 03:54:42.333246 0.632514 tcp 10.0.2.109 58713 -> 188.129.248.221 6410 FSPA* 0 0 14 1738 flow=From-Botnet-V1-TCP-Established 1970/01/21 03:54:59.760450 3.001203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 03:55:06.767429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:55:14.769485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:55:30.771995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 03:56:02.777969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:02:06.783941 3.002065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 04:02:13.791978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:02:21.793502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:02:37.796111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:03:09.801983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:06:54.705861 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 04:06:54.706062 0.000000 udp 10.0.2.109 3683 -> 115.254.63.133 2891 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 04:07:11.311854 0.134956 tcp 10.0.2.109 58714 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:07:11.446632 0.050917 tcp 10.0.2.109 58715 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:07:11.497837 0.147779 tcp 10.0.2.109 58716 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:07:11.646428 0.060439 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:11.707273 0.054066 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:11.761760 0.120912 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:11.883012 0.152823 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:12.036269 0.137176 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:12.173890 0.301949 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:12.476279 0.000000 udp 10.0.2.109 3683 -> 115.242.87.197 7292 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 04:07:30.357895 0.051802 tcp 10.0.2.109 58717 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:07:30.409551 0.050327 tcp 10.0.2.109 58718 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:07:30.459726 0.169113 tcp 10.0.2.109 58719 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:07:30.629515 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 04:07:48.663984 0.049971 tcp 10.0.2.109 58720 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:07:48.714456 0.050242 tcp 10.0.2.109 58721 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:07:48.765060 0.148271 tcp 10.0.2.109 58722 -> 195.113.214.211 443 SRPA* 0 0 35 18208 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:07:48.912268 0.159670 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:49.072418 0.142674 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:49.215489 0.035342 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:49.251250 0.158439 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:49.410277 0.142077 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:49.552739 0.162113 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:49.715243 0.080213 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:49.795878 0.052870 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:49.849086 0.348592 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:50.198012 0.092038 udp 10.0.2.109 3683 <-> 86.154.9.192 7559 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:50.290432 0.082963 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:50.373784 0.086215 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:50.460394 0.058862 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:50.519700 0.092414 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:50.612511 0.040175 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:50.653126 0.192106 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:50.845640 0.317848 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:51.163927 0.328603 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:51.492867 0.430549 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:51.923776 0.421925 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:52.346135 0.157459 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:52.504012 0.141626 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:52.646075 0.180219 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:52.826674 0.211433 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:53.038539 0.617521 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:07:53.656457 0.000000 udp 10.0.2.109 3683 -> 181.25.254.34 4258 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 04:08:09.884628 0.048975 tcp 10.0.2.109 58723 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:08:09.933887 0.049749 tcp 10.0.2.109 58724 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:08:09.983966 0.313075 tcp 10.0.2.109 58725 -> 195.113.214.211 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:08:10.297644 0.374373 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:09:13.808387 3.001721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 04:09:20.815962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:09:28.817291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:09:44.819955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:10:16.825913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:16:20.832270 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 04:16:27.839568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:16:35.841365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:16:51.844191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:17:23.850595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:23:27.856989 3.000550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 04:23:34.863823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:23:42.865307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:23:58.868254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:24:30.874341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:24:42.972377 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 04:24:42.972484 0.774628 tcp 10.0.2.109 58726 -> 188.129.248.221 6410 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:30:34.881954 2.999894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 04:30:41.887761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:30:49.889123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:31:05.892483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:31:37.897984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:37:41.904618 3.000934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 04:37:48.911699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:37:56.913440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:38:12.915883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:38:27.858357 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 04:38:27.858523 0.000000 udp 10.0.2.109 3683 -> 115.242.87.197 7292 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 04:38:44.073273 0.056551 tcp 10.0.2.109 58727 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:38:44.130266 0.054862 tcp 10.0.2.109 58728 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:38:44.185465 0.159824 tcp 10.0.2.109 58729 -> 195.113.214.211 443 SRPA* 0 0 46 37240 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:38:44.346016 0.169128 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:38:44.515512 0.000000 udp 10.0.2.109 3683 -> 181.25.254.34 4258 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 04:38:44.922234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:39:00.134224 0.093329 tcp 10.0.2.109 58730 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:39:00.227895 0.080776 tcp 10.0.2.109 58731 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:39:00.308980 0.161150 tcp 10.0.2.109 58732 -> 195.113.214.211 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:39:00.470733 0.167689 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:00.638812 0.048024 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:00.687249 0.063895 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:00.751526 0.133284 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:00.885283 0.149111 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:01.034743 0.211934 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:01.247103 0.161399 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:01.408899 0.146246 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:01.555543 0.175406 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:01.731368 0.259220 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:01.991006 0.078718 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:02.070298 0.052207 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:02.122874 0.141840 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:02.265146 0.035029 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:02.300574 0.000000 udp 10.0.2.109 3683 -> 86.154.9.192 7559 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 04:39:18.050303 0.053208 tcp 10.0.2.109 58733 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:39:18.103802 0.055088 tcp 10.0.2.109 58734 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:39:18.159278 0.249162 tcp 10.0.2.109 58735 -> 195.113.214.211 443 SRPA* 0 0 55 37728 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:39:18.408651 0.085110 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:18.494176 0.199632 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:18.694156 0.055384 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:18.749962 0.075746 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:18.826102 0.044588 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:18.871149 0.199614 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:19.071102 0.370212 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:19.442101 0.354427 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:19.796939 0.327084 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:20.124459 0.494716 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:20.619850 0.176521 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:20.796732 0.179410 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:20.976493 0.159703 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:21.136626 0.425042 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:21.562086 2.856926 udp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:24.419405 0.210557 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:39:24.630527 0.369046 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/21 04:44:48.928248 3.001575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 04:44:55.935447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:45:03.937298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:45:19.940106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:45:51.945885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:51:55.953484 3.000124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 04:52:02.959390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:52:10.961253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:52:26.963743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:52:58.969873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:54:43.751519 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 04:54:43.751625 0.544890 tcp 10.0.2.109 58736 -> 188.129.248.221 6410 FSPA* 0 0 14 1750 flow=From-Botnet-V1-TCP-Established 1970/01/21 04:59:02.976385 3.001637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 04:59:09.983105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:59:17.985227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 04:59:33.987619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:00:05.993894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:06:10.000795 3.000706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 05:06:17.007765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:06:25.009181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:06:41.012100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:07:13.017927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:09:42.764457 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 05:09:42.764726 0.000000 udp 10.0.2.109 3683 -> 86.154.9.192 7559 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 05:09:57.856556 0.051281 tcp 10.0.2.109 58737 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:09:57.907681 0.051666 tcp 10.0.2.109 58738 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:09:57.959659 0.148575 tcp 10.0.2.109 58739 -> 195.113.214.211 443 SRPA* 0 0 59 30504 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:09:58.108933 0.182886 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:09:58.292212 0.143882 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:09:58.436498 0.139927 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:09:58.576848 0.055066 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:09:58.577161 3.052860 tcp 10.0.2.109 58740 -> 69.77.153.151 7795 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 05:09:58.632312 0.063175 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:09:58.695961 0.168288 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:09:58.864667 0.629014 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:09:59.494026 0.150498 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:09:59.644935 0.201989 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:09:59.847370 0.176100 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.023903 0.144511 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.168814 0.034779 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.203942 0.055413 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.259772 0.083547 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.343732 0.119999 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.464138 0.088668 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.553203 0.177102 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.730692 0.053500 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.784600 0.086888 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.871902 0.040285 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:00.912569 0.336649 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:01.249627 0.200354 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:01.450376 0.435515 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:01.886312 0.334184 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:02.220886 0.203702 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:02.424996 0.203738 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:02.629129 0.177416 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:02.806890 0.157824 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:02.965141 0.425454 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:03.391000 0.380249 udp 10.0.2.109 3683 <-> 114.38.3.110 1995 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:03.771678 0.591676 rtcp 10.0.2.109 3683 <-> 59.161.13.118 6035 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:04.363771 0.197049 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:10:07.629015 0.000000 tcp 10.0.2.109 58740 -> 69.77.153.151 7795 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 05:13:17.074818 3.000861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 05:13:24.081365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:13:32.083415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:13:48.085877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:14:20.092472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:20:24.098775 3.001226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 05:20:31.105729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:20:39.106588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:20:55.109959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:21:27.116035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:24:44.350303 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 05:24:44.350495 0.678349 tcp 10.0.2.109 58741 -> 188.129.248.221 6410 FSPA* 0 0 14 1690 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:27:31.122042 3.001901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 05:27:38.129428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:27:46.131119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:28:02.133791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:28:34.139725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:34:38.146775 3.000752 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 05:34:45.153134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:34:53.154804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:35:09.157524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:35:41.164071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:40:13.825968 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 05:40:13.826088 0.169408 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:13.996006 0.143392 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:14.139801 0.117585 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:14.257942 0.062198 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:14.258455 3.002314 tcp 10.0.2.109 58742 -> 69.77.153.151 7795 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 05:40:14.320537 0.062199 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:14.383164 0.158696 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:14.542295 0.157195 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:14.699839 0.215389 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:14.915651 0.000000 udp 10.0.2.109 3683 -> 27.96.86.6 7537 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 05:40:23.259195 0.000000 tcp 10.0.2.109 58742 -> 69.77.153.151 7795 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 05:40:31.343107 0.051879 tcp 10.0.2.109 58743 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:40:31.395336 0.051190 tcp 10.0.2.109 58744 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:40:31.446326 0.158605 tcp 10.0.2.109 58745 -> 195.113.214.211 443 SRPA* 0 0 48 39058 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:40:31.605055 0.143243 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:31.748709 0.149998 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:31.899045 0.035768 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:31.935172 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 05:40:49.027623 0.051124 tcp 10.0.2.109 58746 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:40:49.079031 0.058901 tcp 10.0.2.109 58747 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:40:49.137785 0.156104 tcp 10.0.2.109 58748 -> 195.113.214.211 443 SRPA* 0 0 67 46896 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:40:49.293356 0.087938 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:49.381777 0.132188 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:49.382091 2.998858 tcp 10.0.2.109 58749 -> 86.183.154.163 4015 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 05:40:49.514398 0.085498 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:49.600267 0.314019 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:49.914645 0.055163 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:49.970238 0.088140 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:50.058844 0.041060 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:50.100252 0.337176 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:50.437852 0.355048 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:50.793300 0.181922 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:50.975641 0.335196 udp 10.0.2.109 3683 <-> 211.105.183.14 3131 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:51.311189 0.284106 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:51.595701 0.145981 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:51.742034 0.179776 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:51.922246 0.168343 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:52.091037 0.423222 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:40:52.514675 0.000000 udp 10.0.2.109 3683 -> 114.38.3.110 1995 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 05:40:58.379830 0.000000 tcp 10.0.2.109 58749 -> 86.183.154.163 4015 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 05:41:10.758433 0.049546 tcp 10.0.2.109 58750 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:10.808464 0.050953 tcp 10.0.2.109 58751 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:10.859753 0.156495 tcp 10.0.2.109 58752 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:11.016761 0.000000 udp 10.0.2.109 3683 -> 59.161.13.118 6035 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 05:41:29.595875 0.050571 tcp 10.0.2.109 58753 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:29.646808 0.056681 tcp 10.0.2.109 58754 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:29.703838 0.151730 tcp 10.0.2.109 58755 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:29.855914 0.718907 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/21 05:41:30.576198 4.653274 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 SPA_* 0 0 16 5370 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:37.150649 3.611073 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 24 14328 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:44.567908 4.945602 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 29 21054 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:45.210903 3.000552 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 05:41:50.057566 3.453482 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 26 15140 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:41:52.217684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:41:55.181198 4.817404 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 64 36824 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:00.219046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:42:00.501286 1.572077 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 12 10288 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:05.640741 1.788810 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 12 6440 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:10.971232 4.780069 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 42 25748 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:16.157397 4.871097 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 52 30528 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:16.221558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:42:21.354342 3.814426 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 36 22776 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:26.719092 3.998326 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 35 22266 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:32.089982 4.961394 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 31 23678 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:37.251781 4.987326 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 47 24246 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:42.653974 4.481374 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 33 19614 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:48.228090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:42:48.782265 4.227201 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 27 16890 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:42:54.866447 3.475258 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 17 11054 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:00.126205 4.975582 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 16 9512 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:09.401794 3.811922 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 31 19258 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:14.824629 4.721180 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 34 19668 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:20.240149 3.576972 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 31 17706 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:25.383679 4.854746 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 17 11054 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:30.438370 4.630348 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 51 29834 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:36.873761 4.951475 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 47 29762 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:43.009589 4.995316 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 28 17516 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:48.204026 4.868031 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 38 24360 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:53.273265 4.236463 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 10 4036 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:43:58.300120 4.324381 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 18 9660 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:44:03.387771 4.029896 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 23 15330 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:44:09.164917 4.779629 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 13 7198 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:44:14.575913 4.627499 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 A_PA 0 0 25 18242 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:44:20.102847 0.474023 tcp 10.0.2.109 58756 -> 67.117.43.205 9780 FPA_* 0 0 6 328 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:48:52.234447 3.001187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 05:48:59.241537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:49:07.242868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:49:23.245846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:49:55.251738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:54:45.069615 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 05:54:45.069711 0.593512 tcp 10.0.2.109 58757 -> 188.129.248.221 6410 FSPA* 0 0 14 1586 flow=From-Botnet-V1-TCP-Established 1970/01/21 05:55:59.259244 3.000150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 05:56:06.265542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:56:14.267077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:56:30.269915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 05:57:02.275878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:03:06.282555 3.000978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 06:03:13.289157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:03:21.290869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:03:37.293609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:04:09.299540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:10:13.305593 3.021881 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 06:10:20.333637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:10:28.334790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:10:44.337732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:11:16.343558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:11:56.812337 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 06:11:56.812434 0.207201 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:11:57.020056 0.051574 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:11:57.072043 0.000000 udp 10.0.2.109 3683 -> 114.38.3.110 1995 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 06:12:12.085845 0.057439 tcp 10.0.2.109 58758 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:12:12.143107 0.055276 tcp 10.0.2.109 58759 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:12:12.198719 0.158765 tcp 10.0.2.109 58760 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:12:12.356081 0.000000 udp 10.0.2.109 3683 -> 59.161.13.118 6035 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 06:12:31.161752 0.051111 tcp 10.0.2.109 58761 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:12:31.212676 0.051592 tcp 10.0.2.109 58762 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:12:31.264560 0.150224 tcp 10.0.2.109 58763 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:12:31.413140 0.169926 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:31.583514 0.153159 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:31.737108 0.161238 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:31.898700 0.199946 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:32.099065 0.062809 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:32.162306 0.162368 udp 10.0.2.109 3683 <-> 69.77.153.151 9344 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:32.325060 0.062266 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:32.387737 0.143903 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:32.532067 0.163666 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:32.696142 3.493531 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:36.190080 0.146469 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:36.336969 0.088480 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:36.425984 0.055313 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:36.481689 0.085197 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:36.567331 0.111701 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:36.679381 0.105098 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:36.784877 0.082685 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:36.867967 0.186414 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:37.054771 0.040264 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:37.095443 0.000000 udp 10.0.2.109 3683 -> 223.17.68.245 8575 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 06:12:52.472446 0.048822 tcp 10.0.2.109 58764 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:12:52.521556 0.050035 tcp 10.0.2.109 58765 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:12:52.571895 0.153224 tcp 10.0.2.109 58766 -> 195.113.214.211 443 SRPA* 0 0 55 37728 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:12:52.724089 0.350220 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:53.074716 0.179039 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:53.254151 0.157348 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:12:53.411904 0.000000 udp 10.0.2.109 3683 -> 211.105.183.14 3131 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 06:13:09.467027 0.049646 tcp 10.0.2.109 58767 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:13:09.516494 0.050059 tcp 10.0.2.109 58768 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:13:09.566885 0.150063 tcp 10.0.2.109 58769 -> 195.113.214.211 443 SRPA* 0 0 25 13288 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:13:09.717449 0.180031 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:13:09.897888 0.701613 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:13:10.599902 0.425651 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:13:11.025947 0.368763 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:17:20.349979 3.001426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 06:17:27.357351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:17:35.358419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:17:51.361689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:18:23.378179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:24:27.383601 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 06:24:34.390875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:24:42.392930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:24:45.667909 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 06:24:45.667999 0.576127 tcp 10.0.2.109 58770 -> 188.129.248.221 6410 FSPA* 0 0 14 1511 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:24:58.395704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:25:30.401583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:31:34.407974 3.001526 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 06:31:41.415312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:31:49.416806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:32:05.419447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:32:37.425546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:38:41.431546 3.001992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 06:38:48.519383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:38:56.520829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:39:12.523413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:39:44.529838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:43:22.443733 0.000167 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 06:43:22.444021 0.362681 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:43:22.807144 0.000000 udp 10.0.2.109 3683 -> 211.105.183.14 3131 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 06:43:40.541057 0.054809 tcp 10.0.2.109 58771 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:43:40.596135 0.054607 tcp 10.0.2.109 58772 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:43:40.651064 0.159548 tcp 10.0.2.109 58773 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:43:40.808776 0.614033 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:43:41.423244 0.052918 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:43:41.476566 0.166366 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:43:41.643296 0.169134 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:43:41.812862 0.153727 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:43:41.967002 0.148638 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:43:42.116090 0.247262 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:43:42.363752 0.000000 udp 10.0.2.109 3683 -> 69.77.153.151 9344 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 06:43:59.587132 0.104366 tcp 10.0.2.109 58774 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:43:59.691354 0.053804 tcp 10.0.2.109 58775 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:43:59.745416 0.156562 tcp 10.0.2.109 58776 -> 195.113.214.211 443 SRPA* 0 0 22 13124 flow=From-Botnet-V1-TCP-Established 1970/01/21 06:43:59.902478 0.066119 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:43:59.969022 0.152894 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:00.122288 0.050324 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:00.173071 0.055183 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:00.228698 0.084281 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:00.313353 0.106911 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:00.420684 0.080784 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:00.501831 0.091195 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:00.593432 3.451499 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:04.045331 0.143481 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:04.189268 0.274280 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:04.463908 0.181901 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:04.646248 0.040410 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:04.687060 0.159689 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:04.847157 0.348085 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:05.195682 0.180062 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:05.376091 0.200757 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:05.577188 0.316970 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:05.894567 0.421036 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:44:06.316063 0.229162 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/21 06:45:48.536642 3.000929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 06:45:55.543239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:46:03.544806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:46:19.888118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:46:51.894663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:52:55.899925 3.002362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 06:53:02.907679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:53:10.909295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:53:26.912610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:53:58.917888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 06:54:46.426968 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 06:54:46.427211 0.744445 tcp 10.0.2.109 58777 -> 188.129.248.221 6410 FSPA* 0 0 12 1569 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:00:02.924323 3.081323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 07:00:10.011792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:00:18.013115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:00:34.016069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:01:06.022555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:07:10.028917 3.000765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 07:07:17.035928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:07:25.036885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:07:41.040042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:08:13.046543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:14:17.052898 3.000747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 07:14:20.445084 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 07:14:20.445194 0.000000 udp 10.0.2.109 3683 -> 69.77.153.151 9344 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 07:14:24.059500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:14:32.061140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:14:38.683042 0.137296 tcp 10.0.2.109 58778 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:14:38.820650 0.050158 tcp 10.0.2.109 58779 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:14:38.871138 0.158647 tcp 10.0.2.109 58780 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:14:39.028069 0.348495 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:39.376932 0.160693 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:39.537974 0.164364 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:39.702676 0.159780 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:39.862814 0.052812 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:39.916050 0.208867 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:40.125336 0.160833 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:40.286526 0.146265 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:40.433271 0.065280 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:40.498921 0.141747 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:40.641088 0.052204 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:40.693798 0.055371 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:40.749641 0.110042 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:40.860078 0.106935 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:40.967400 0.081024 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:41.048851 0.112261 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:41.161540 2.068179 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:43.230292 0.188797 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:43.419473 0.044621 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:43.464519 0.157206 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:43.622159 0.145101 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:43.767656 0.083691 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:43.851697 0.322834 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:44.174930 0.177268 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:44.352653 0.157199 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:44.510284 0.304801 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:14:44.815441 0.000000 udp 10.0.2.109 3683 -> 59.115.37.92 2346 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 07:14:48.084391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:15:01.654394 0.091872 tcp 10.0.2.109 58781 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:15:01.746551 0.051801 tcp 10.0.2.109 58782 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:15:01.798720 0.152747 tcp 10.0.2.109 58783 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:15:01.951987 0.197405 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:15:20.090021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:21:24.097117 3.000988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 07:21:31.103578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:21:39.105441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:21:55.107865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:22:27.114263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:24:47.226706 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 07:24:47.226909 0.700943 tcp 10.0.2.109 58784 -> 188.129.248.221 6410 FSPA* 0 0 14 1650 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:28:31.120529 3.001433 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 07:28:38.127640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:28:46.128789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:29:02.131957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:29:34.137870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:35:38.144864 3.001308 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 07:35:45.151467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:35:53.153477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:36:09.155839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:36:41.162143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:42:45.169045 3.000717 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 07:42:52.175536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:43:00.177139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:43:16.180179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:43:48.186516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:45:05.367148 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 07:45:05.367345 0.469710 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:05.837464 0.161801 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:05.999736 0.344580 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:06.344685 0.157045 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:06.502131 0.052267 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:06.554835 0.000000 udp 10.0.2.109 3683 -> 27.96.86.6 7537 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 07:45:23.214768 0.054042 tcp 10.0.2.109 58785 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:45:23.269114 0.054368 tcp 10.0.2.109 58786 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:45:23.323782 0.158551 tcp 10.0.2.109 58787 -> 195.113.214.211 443 SRPA* 0 0 51 29444 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:45:23.482221 0.154463 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:23.637095 0.139977 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:23.777469 0.159624 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:23.937506 0.181264 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:24.171564 0.050899 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:24.222879 0.055584 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:24.278907 0.062985 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:24.342479 0.121335 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:24.464161 0.085329 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:24.549888 0.131983 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:24.682295 0.092476 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:24.775196 0.191061 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:24.966667 0.044357 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:25.011447 0.157521 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:25.169362 0.146053 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:25.315811 0.084536 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:25.400782 2.900913 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:28.302282 0.185982 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:28.488708 0.334690 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:28.823779 0.179222 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:45:29.003439 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 07:45:47.738508 0.053923 tcp 10.0.2.109 58788 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:45:47.792296 0.053603 tcp 10.0.2.109 58789 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:45:47.845765 0.147881 tcp 10.0.2.109 58790 -> 195.113.214.211 443 SRPA* 0 0 24 14054 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:45:47.994361 0.562265 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/21 07:49:52.192600 3.001297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 07:49:59.199683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:50:07.204434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:50:23.203991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:50:55.210473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:54:47.935395 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 07:54:47.935599 0.679091 tcp 10.0.2.109 58791 -> 188.129.248.221 6410 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/01/21 07:56:59.216936 3.000791 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 07:57:06.223697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:57:14.225153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:57:30.227690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 07:58:02.233961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:04:06.240316 3.001183 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 08:04:13.247291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:04:21.249224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:04:37.251860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:05:09.258249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:11:13.266256 2.999414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 08:11:20.271099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:11:28.273113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:11:44.276318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:12:16.282152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:16:13.453682 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 08:16:13.453788 3.176929 udp 10.0.2.109 3683 -> 27.96.86.6 7537 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 08:16:16.630717 0.000000 icmp 27.96.86.2 0x0103 -> 10.0.2.109 0x1b60 URH 192 1 171 flow=Background 1970/01/21 08:16:29.177956 0.063037 tcp 10.0.2.109 58792 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 08:16:29.241303 0.050997 tcp 10.0.2.109 58793 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 08:16:29.292617 0.131589 tcp 10.0.2.109 58794 -> 195.113.214.211 443 SRPA* 0 0 87 80660 flow=From-Botnet-V1-TCP-Established 1970/01/21 08:16:29.424723 0.146433 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:29.571573 0.425408 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:29.997398 0.053213 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:30.051006 0.366196 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:30.417559 0.172234 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:30.590207 0.159325 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:30.749870 0.164128 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:30.914500 0.235673 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:31.150613 0.159753 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:31.310702 0.057540 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:31.368701 0.057861 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:31.426968 0.063536 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:31.490910 0.090714 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:31.582097 0.085677 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:31.668191 0.107640 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:31.776281 0.088184 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:31.864861 0.146374 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:32.011671 0.146573 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:32.158621 0.158496 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:32.317529 0.207079 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:32.525012 0.047307 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:32.572754 0.150769 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:32.796985 0.337504 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:33.134928 0.188121 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:33.323468 2.783904 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:36.107782 0.178687 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:16:36.286913 0.211717 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:18:20.288587 3.001101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 08:18:27.295673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:18:35.296740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:18:51.299599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:19:23.305626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:24:48.614256 0.000197 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 08:24:48.614554 0.485674 tcp 10.0.2.109 58795 -> 188.129.248.221 6410 FSPA* 0 0 14 1565 flow=From-Botnet-V1-TCP-Established 1970/01/21 08:25:27.312048 3.001759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 08:25:34.319343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:25:42.320760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:25:58.323534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:26:30.459901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:32:34.466644 3.001130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 08:32:41.473465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:32:49.474684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:33:05.478250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:33:37.483828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:39:41.489745 3.001864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 08:39:48.497886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:39:56.498753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:40:12.501849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:40:44.507978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:46:48.515123 3.130964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 08:46:55.651761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:46:59.417246 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 08:46:59.417382 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 08:47:03.653447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:47:15.001981 0.050192 tcp 10.0.2.109 58796 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 08:47:15.052442 0.051176 tcp 10.0.2.109 58797 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 08:47:15.103974 0.153966 tcp 10.0.2.109 58798 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/21 08:47:15.258713 0.335528 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:15.594618 0.165090 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:15.760118 0.169843 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:15.930534 0.419837 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:16.350796 0.052316 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:16.403545 0.163187 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:16.567086 0.136226 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:16.703722 0.159584 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:16.863713 0.059913 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:16.924043 0.056341 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:16.980793 0.061795 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:17.043019 0.079489 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:17.122956 0.084790 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:17.208121 0.107489 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:17.315963 0.075877 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:17.392263 0.143515 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:17.536202 0.148919 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:17.685528 0.199389 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:17.895163 0.184481 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:18.080066 0.044152 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:18.124643 0.160869 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:18.285946 0.324228 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:18.610537 0.205596 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:18.816654 0.205401 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:19.022481 0.045004 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:19.067876 0.180865 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/21 08:47:19.656136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:47:51.661902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:53:55.668143 3.001616 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 08:54:02.675371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:54:10.677358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:54:26.680123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 08:54:49.213071 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 08:54:49.213174 0.521759 tcp 10.0.2.109 58799 -> 188.129.248.221 6410 FSPA* 0 0 14 1734 flow=From-Botnet-V1-TCP-Established 1970/01/21 08:54:58.685816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:01:02.692846 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 09:01:09.699878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:01:17.700789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:01:33.704072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:02:05.709819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:08:09.716621 3.000808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 09:08:16.723876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:08:24.724935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:08:40.727816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:09:12.733766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:15:16.740429 3.031399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 09:15:23.777789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:15:31.778725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:15:47.782045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:16:19.787965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:17:30.620758 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 09:17:30.620871 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 09:17:46.584900 0.055170 tcp 10.0.2.109 58800 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 09:17:46.640371 0.053288 tcp 10.0.2.109 58801 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 09:17:46.693966 0.157821 tcp 10.0.2.109 58802 -> 195.113.214.211 443 SRPA* 0 0 50 29546 flow=From-Botnet-V1-TCP-Established 1970/01/21 09:17:46.850899 0.158498 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:47.009789 0.363817 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:47.374083 0.165769 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:47.540216 0.417026 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:47.957603 0.053530 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:48.011546 0.200991 rtcp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:48.212986 0.258097 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:48.471443 0.159151 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:48.630962 0.053510 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:48.684894 0.053577 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:48.738853 0.064515 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:48.803796 0.080231 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:48.884441 0.093047 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:48.977846 0.120454 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:49.098741 0.083227 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:49.182533 0.147559 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:49.330558 0.146534 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:49.477516 0.241143 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:49.719106 0.157345 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:49.876844 0.350361 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:50.227652 0.315791 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:50.543854 0.190746 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:50.735088 0.081131 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:50.816640 0.176778 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:50.993768 0.211044 udp 10.0.2.109 3683 <-> 67.117.43.205 3038 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:17:51.205229 2.397476 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:22:23.794950 3.000807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 09:22:30.801732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:22:38.803468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:22:54.805724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:23:26.812185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:24:49.741908 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 09:24:49.742108 0.710196 tcp 10.0.2.109 58803 -> 188.129.248.221 6410 FSPA* 0 0 14 1701 flow=From-Botnet-V1-TCP-Established 1970/01/21 09:29:30.817550 3.002099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 09:29:37.825344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:29:45.827235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:30:01.829642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:30:33.835815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:36:37.842948 3.000521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 09:36:44.849686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:36:52.850912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:37:08.853682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:37:40.859779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:43:44.865988 3.002198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 09:43:51.874097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:43:59.875256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:44:15.877958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:44:47.883627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:48:19.538239 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 09:48:19.538402 0.162886 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:19.701708 0.383204 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:20.085304 0.169868 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:20.255626 0.379346 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:20.635393 0.053983 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:20.689767 0.159814 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:20.850197 0.142435 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:20.993085 0.161783 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:21.155306 0.054086 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:21.209798 0.053734 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:21.263980 0.064212 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:21.328595 0.082306 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:21.411313 0.088148 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:21.499792 0.131829 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:21.632052 0.085496 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:21.717977 0.146805 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:21.865174 0.149825 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:22.015418 0.156365 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:22.172241 0.158165 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:22.330823 0.180799 udp 10.0.2.109 3683 <-> 123.237.23.0 1902 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:22.512006 0.044645 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:22.557064 0.323278 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:22.880763 0.225572 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:23.106744 0.180016 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:48:23.287098 0.000000 udp 10.0.2.109 3683 -> 67.117.43.205 3038 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 09:48:42.102341 0.050489 tcp 10.0.2.109 58804 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 09:48:42.153091 0.051173 tcp 10.0.2.109 58805 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 09:48:42.204636 0.147376 tcp 10.0.2.109 58806 -> 195.113.214.211 443 SRPA* 0 0 76 62812 flow=From-Botnet-V1-TCP-Established 1970/01/21 09:48:42.353074 0.050555 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/21 09:50:51.890616 3.000672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 09:50:58.897576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:51:06.898885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:51:22.902294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:51:54.907782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:54:50.460549 0.000192 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 09:54:50.460859 0.642404 tcp 10.0.2.109 58807 -> 188.129.248.221 6410 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/21 09:57:58.914247 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 09:58:05.921129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:58:13.923091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:58:29.926132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 09:59:01.931864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:05:05.938347 3.001460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 10:05:12.945415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:05:20.946985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:05:36.949791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:06:08.955782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:12:12.962478 3.000993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 10:12:19.969525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:12:27.970922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:12:43.973860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:13:16.630566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:18:58.032097 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:18:58.032187 0.218902 udp 10.0.2.109 3683 -> 67.117.43.205 3038 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:18:58.251089 0.000000 icmp 67.117.43.205 0x0303 -> 10.0.2.109 0xde0b URP 192 1 273 flow=Background 1970/01/21 10:19:13.064738 0.054180 tcp 10.0.2.109 58808 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:19:13.119255 0.053738 tcp 10.0.2.109 58809 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:19:13.173302 0.145571 tcp 10.0.2.109 58810 -> 195.113.214.211 443 SRPA* 0 0 46 40728 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:19:13.319532 0.169783 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:13.489772 0.051606 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:13.541806 0.163758 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:13.705985 1.229341 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:14.935740 0.158503 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:15.094591 0.346330 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:15.441268 0.159516 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:15.601142 0.141493 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:15.743034 0.060987 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:15.804418 0.060811 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:15.865669 0.078713 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:15.944800 0.084392 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:16.029591 0.107625 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:16.137637 0.100360 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:16.238551 0.144467 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:16.383424 0.058822 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:16.442674 0.083687 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:16.526728 0.157107 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:16.684225 0.000000 udp 10.0.2.109 3683 -> 123.237.23.0 1902 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:19:20.637056 3.001530 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 10:19:27.644330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:19:35.496338 0.056875 tcp 10.0.2.109 58811 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:19:35.553495 0.054006 tcp 10.0.2.109 58812 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:19:35.607818 0.161613 tcp 10.0.2.109 58813 -> 195.113.214.211 443 SRPA* 0 0 28 14076 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:19:35.645478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:19:35.769937 0.044450 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:35.814823 0.327920 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:36.143144 0.402534 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:36.546264 0.179726 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:36.726542 0.187357 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:36.914333 1.193410 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:19:51.648766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:20:23.654357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:24:51.419998 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:24:51.420080 0.778745 tcp 10.0.2.109 58814 -> 188.129.248.221 6410 FSPA* 0 0 14 1575 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:26:27.661773 3.000892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 10:26:34.667796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:26:42.669547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:26:58.672304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:27:30.678745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:33:34.684776 3.001840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 10:33:41.691870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:33:49.693355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:34:05.696331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:34:37.702724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:40:41.709335 3.003235 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 10:40:48.715735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:40:56.717639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:41:12.720596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:41:44.726824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:47:48.732552 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 10:47:55.739681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:48:03.741172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:48:19.744396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:48:51.750698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:49:46.309749 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:49:46.309866 0.000000 udp 10.0.2.109 3683 -> 123.237.23.0 1902 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:50:04.397406 0.050301 tcp 10.0.2.109 58815 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:50:04.448020 0.051513 tcp 10.0.2.109 58816 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:50:04.499827 0.156903 tcp 10.0.2.109 58817 -> 195.113.214.211 443 SRPA* 0 0 50 31878 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:50:04.655224 0.160343 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:04.816081 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:50:22.992687 0.109423 tcp 10.0.2.109 58818 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:50:23.102462 0.050853 tcp 10.0.2.109 58819 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:50:23.153130 0.146813 tcp 10.0.2.109 58820 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:50:23.300621 0.053533 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:23.354536 0.213951 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:23.568844 0.382494 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:23.951711 0.160960 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:24.113147 0.147532 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:24.261005 0.065593 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:24.326937 0.383681 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:24.710961 0.066939 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:24.778305 0.106973 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:24.885705 0.093310 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:24.979452 0.146912 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:25.126766 0.052046 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:25.179191 0.274319 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:25.453869 0.157411 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:25.611721 0.090613 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:25.702737 0.080139 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:25.783295 0.039831 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:25.823568 0.178775 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:26.002749 0.324155 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:26.327288 0.143044 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:26.470769 0.187505 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:26.658679 1.723565 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:28.783876 0.163268 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 748 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:28.947564 0.267651 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 653 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:29.215750 0.158192 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:29.374504 0.053723 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 736 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:29.428703 0.383648 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 771 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:29.812912 0.161315 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 771 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:29.974776 0.148643 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:30.123949 0.055959 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 826 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:30.180471 0.834644 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 728 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.015624 0.056842 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 692 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.073037 0.107101 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 748 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.180672 0.096469 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.277689 0.151460 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 666 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.429709 0.040030 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 816 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.470349 0.129528 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.600434 0.160459 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 681 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.761572 0.102372 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 803 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.864495 0.068088 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 772 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.933127 0.040883 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 688 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:31.974756 0.323288 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 824 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:32.298629 0.144597 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 743 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:32.443768 0.187015 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:32.631329 0.177490 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 863 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:32.809257 2.526555 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 670 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:50:35.336555 0.000000 udp 10.0.2.109 3683 -> 109.155.247.121 4764 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:50:42.710279 0.000000 udp 10.0.2.109 3683 -> 108.231.24.99 6183 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:50:50.962230 0.000000 udp 10.0.2.109 3683 -> 75.142.188.46 5824 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:50:59.835244 0.000000 udp 10.0.2.109 3683 -> 217.109.21.101 8146 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:51:08.317227 0.000000 udp 10.0.2.109 3683 -> 173.209.148.186 8105 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:51:13.313787 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:51:14.396117 0.000000 udp 10.0.2.109 3683 -> 86.145.49.136 3877 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:51:20.965446 0.000000 udp 10.0.2.109 3683 -> 108.184.193.223 4491 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:51:28.335725 0.000000 udp 10.0.2.109 3683 -> 186.6.219.29 2209 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:51:33.583403 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:51:41.063903 0.000000 udp 10.0.2.109 3683 -> 82.107.59.118 5881 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:51:48.425012 0.052066 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 2 788 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:51:48.497171 0.000000 udp 10.0.2.109 3683 -> 82.82.85.239 2021 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:51:56.616602 0.000000 udp 10.0.2.109 3683 -> 24.98.64.134 4880 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:52:01.312797 0.000134 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:52:05.409478 0.000000 udp 10.0.2.109 3683 -> 153.162.217.99 1449 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:52:13.340669 0.000000 udp 10.0.2.109 3683 -> 212.156.88.102 5749 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:52:21.772350 0.048676 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 850 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:52:21.862690 0.000000 udp 10.0.2.109 3683 -> 89.97.18.48 7366 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:52:30.014952 0.270331 udp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 2 712 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:52:30.294427 0.000000 udp 10.0.2.109 3683 -> 223.205.185.194 4018 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:52:38.536929 0.000000 udp 10.0.2.109 3683 -> 23.24.76.117 3168 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:52:47.139331 0.000000 udp 10.0.2.109 3683 -> 78.175.54.225 2525 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:52:51.815322 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:52:53.918939 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:53:00.448009 0.000000 udp 10.0.2.109 3683 -> 87.6.122.69 3613 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:53:06.867698 0.000000 udp 10.0.2.109 3683 -> 24.123.16.230 8648 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:53:14.148161 0.000000 udp 10.0.2.109 3683 -> 95.240.87.247 4794 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:53:21.217879 0.000000 udp 10.0.2.109 3683 -> 173.160.98.166 2328 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:53:28.448778 0.000000 udp 10.0.2.109 3683 -> 91.39.89.163 9714 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:53:35.498807 0.000000 udp 10.0.2.109 3683 -> 85.106.155.151 9596 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:53:40.315599 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:53:42.889570 0.000000 udp 10.0.2.109 3683 -> 80.116.98.12 3946 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:53:48.117156 0.000000 udp 10.0.2.109 3683 -> 95.224.214.119 1701 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:53:55.317131 0.000000 udp 10.0.2.109 3683 -> 216.37.43.242 5760 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:54:02.116786 0.000000 udp 10.0.2.109 3683 -> 84.138.28.251 5708 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:54:10.839815 0.000000 udp 10.0.2.109 3683 -> 62.77.180.233 4057 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:54:17.909814 0.000000 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:54:26.622392 0.000000 udp 10.0.2.109 3683 -> 213.177.225.232 1711 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:54:31.308413 0.000162 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:54:33.421885 0.000000 udp 10.0.2.109 3683 -> 175.208.244.63 8825 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:54:38.649861 0.000000 udp 10.0.2.109 3683 -> 201.144.156.78 8628 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:54:45.048948 0.000000 udp 10.0.2.109 3683 -> 176.25.234.148 5180 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:54:52.199249 0.641215 tcp 10.0.2.109 58821 -> 188.129.248.221 6410 FSPA* 0 0 14 1663 flow=From-Botnet-V1-TCP-Established 1970/01/21 10:54:53.240245 0.000000 udp 10.0.2.109 3683 -> 173.16.194.248 3054 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:54:55.756393 3.001597 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 10:54:58.928577 0.000000 udp 10.0.2.109 3683 -> 212.54.184.25 3664 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:55:02.763644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:55:05.179428 0.000000 udp 10.0.2.109 3683 -> 68.15.113.36 1587 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:55:10.765613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:55:11.566731 0.000000 udp 10.0.2.109 3683 -> 46.1.91.9 7998 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:55:19.999299 0.000000 udp 10.0.2.109 3683 -> 78.162.150.5 4502 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:55:25.827037 0.000000 udp 10.0.2.109 3683 -> 173.51.43.241 9057 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:55:26.768253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:55:32.316523 0.000000 udp 10.0.2.109 3683 -> 194.178.123.100 9704 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:55:37.313529 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:55:39.336408 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:55:47.468346 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:55:54.929537 0.000000 udp 10.0.2.109 3683 -> 68.15.223.145 3051 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:55:58.774428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 10:56:02.189485 0.184528 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 851 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:56:02.427751 0.000000 udp 10.0.2.109 3683 -> 95.242.41.12 9745 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:56:10.711640 0.000000 udp 10.0.2.109 3683 -> 88.243.155.216 2719 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:56:17.321550 0.233212 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 2 821 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:56:17.701046 0.000000 udp 10.0.2.109 3683 -> 69.77.153.151 9344 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:56:22.318521 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:56:25.072165 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:56:32.863812 0.000000 udp 10.0.2.109 3683 -> 78.14.127.22 7760 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:56:40.965704 0.000000 udp 10.0.2.109 3683 -> 5.65.154.116 4508 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:56:47.395024 0.000000 udp 10.0.2.109 3683 -> 90.198.228.96 3063 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:56:52.732100 0.000000 udp 10.0.2.109 3683 -> 89.135.81.12 8413 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:57:00.793932 0.000000 udp 10.0.2.109 3683 -> 59.94.199.172 6887 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:57:08.925913 0.000000 udp 10.0.2.109 3683 -> 84.164.57.218 1214 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:57:13.812015 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:57:17.758612 0.000000 udp 10.0.2.109 3683 -> 92.156.208.36 1798 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:57:24.467774 0.000000 udp 10.0.2.109 3683 -> 91.13.66.165 7011 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:57:30.356749 0.000000 udp 10.0.2.109 3683 -> 50.161.132.110 3093 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:57:37.456325 0.000000 udp 10.0.2.109 3683 -> 94.171.254.46 7317 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:57:44.816930 0.000000 udp 10.0.2.109 3683 -> 87.175.172.122 9470 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:57:52.818630 0.000000 udp 10.0.2.109 3683 -> 74.126.140.73 6520 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:58:00.108858 0.000000 udp 10.0.2.109 3683 -> 24.107.135.112 2326 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:58:04.815606 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:58:08.831589 0.166768 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:58:09.174403 0.180030 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 789 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:58:09.397097 0.000000 udp 10.0.2.109 3683 -> 117.200.91.34 5757 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:58:17.744320 0.000000 udp 10.0.2.109 3683 -> 187.174.144.86 1299 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:58:26.056539 0.000000 udp 10.0.2.109 3683 -> 94.65.15.4 6669 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:58:34.428324 0.000000 udp 10.0.2.109 3683 -> 31.52.215.188 9868 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:58:41.498328 0.000000 udp 10.0.2.109 3683 -> 108.71.190.93 1768 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:58:49.560528 0.000000 udp 10.0.2.109 3683 -> 79.10.217.100 3259 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:58:54.317139 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:58:54.848008 0.000000 udp 10.0.2.109 3683 -> 98.175.165.173 8272 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:59:02.659489 0.000000 udp 10.0.2.109 3683 -> 95.10.121.195 5114 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:59:09.238429 0.000000 udp 10.0.2.109 3683 -> 151.226.179.219 2903 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:59:17.269753 0.000000 udp 10.0.2.109 3683 -> 94.69.155.205 18423 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:59:25.642011 0.045476 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 811 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:59:25.699690 0.000000 udp 10.0.2.109 3683 -> 174.91.133.76 1885 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:59:34.144033 0.000000 udp 10.0.2.109 3683 -> 93.193.27.73 6734 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:59:38.811078 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 10:59:42.857238 0.182031 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 659 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:59:43.144474 0.000000 udp 10.0.2.109 3683 -> 87.185.154.25 3612 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:59:49.186133 0.000000 udp 10.0.2.109 3683 -> 111.254.120.123 6738 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 10:59:55.054196 0.258475 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 658 flow=From-Botnet-V1-UDP-Established 1970/01/21 10:59:55.322544 0.000000 udp 10.0.2.109 3683 -> 99.116.221.255 6113 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:00:02.275236 0.000000 udp 10.0.2.109 3683 -> 152.2.57.118 6630 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:00:09.575449 0.000000 udp 10.0.2.109 3683 -> 62.158.126.190 2640 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:00:14.732588 0.194820 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 706 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:00:14.941056 0.170304 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:00:15.127266 0.000000 udp 10.0.2.109 3683 -> 99.99.73.107 6296 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:00:22.754478 0.000000 udp 10.0.2.109 3683 -> 50.240.153.129 8486 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:00:27.310719 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 11:00:30.275174 0.000000 udp 10.0.2.109 3683 -> 37.60.68.170 2566 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:00:38.316319 0.000000 udp 10.0.2.109 3683 -> 68.69.216.143 7386 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:00:47.029260 0.000000 udp 10.0.2.109 3683 -> 85.186.140.50 9006 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:00:54.299711 0.000000 udp 10.0.2.109 3683 -> 79.22.218.156 3332 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:01:00.027946 0.000000 udp 10.0.2.109 3683 -> 99.20.150.62 6485 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:01:05.475796 0.000000 udp 10.0.2.109 3683 -> 96.56.118.106 4157 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:01:12.555551 0.000000 udp 10.0.2.109 3683 -> 69.198.6.243 2848 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:01:17.312694 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 11:01:18.534355 0.000000 udp 10.0.2.109 3683 -> 99.60.181.75 4433 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:01:26.405947 0.000000 udp 10.0.2.109 3683 -> 89.73.233.126 5230 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:01:32.755018 0.000000 udp 10.0.2.109 3683 -> 92.148.248.53 2845 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:01:41.016494 0.073654 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 809 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:01:41.109410 0.000000 udp 10.0.2.109 3683 -> 95.239.110.114 4855 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:01:46.414682 0.000000 udp 10.0.2.109 3683 -> 95.240.53.29 4167 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:01:53.805426 0.000000 udp 10.0.2.109 3683 -> 72.197.243.218 5666 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:00.865471 0.077789 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 817 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:02:00.956723 0.000000 udp 10.0.2.109 3683 -> 82.107.80.169 7820 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:02.780819 3.001192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 11:02:05.812046 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 11:02:06.213211 0.000000 udp 10.0.2.109 3683 -> 91.9.68.146 8896 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:09.787760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:02:12.251418 0.000000 udp 10.0.2.109 3683 -> 201.144.120.146 1561 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:17.789109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:02:20.132943 0.000000 udp 10.0.2.109 3683 -> 82.104.213.75 9454 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:27.423269 0.000000 udp 10.0.2.109 3683 -> 50.163.65.110 8690 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:33.792154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:02:34.734484 0.000000 udp 10.0.2.109 3683 -> 92.23.169.175 2782 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:40.132084 0.000000 udp 10.0.2.109 3683 -> 37.6.120.72 3092 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:46.581193 0.000000 udp 10.0.2.109 3683 -> 82.36.113.69 8242 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:51.317807 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 11:02:52.169192 0.000000 udp 10.0.2.109 3683 -> 89.71.81.18 6106 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:02:58.868409 0.000000 udp 10.0.2.109 3683 -> 72.16.165.57 1677 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:03:05.798615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:03:06.539970 0.000000 udp 10.0.2.109 3683 -> 93.203.224.102 6216 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:03:11.657435 0.067423 udp 10.0.2.109 3683 <-> 81.136.164.238 3464 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:03:11.939530 0.000000 udp 10.0.2.109 3683 -> 178.15.1.46 7284 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:03:17.645759 0.000000 udp 10.0.2.109 3683 -> 98.197.200.236 6835 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:03:23.634796 0.461296 udp 10.0.2.109 3683 <-> 116.203.125.138 5738 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:03:24.233838 0.000000 udp 10.0.2.109 3683 -> 93.186.211.64 1042 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:03:30.553961 0.000000 udp 10.0.2.109 3683 -> 70.164.204.78 8576 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:09:09.804503 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 11:09:16.812016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:09:24.813098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:09:40.816093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:10:12.822616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:16:16.828616 3.001418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 11:16:23.836088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:16:31.837386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:16:47.840266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:17:19.846224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:23:24.013360 3.191378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 11:23:31.210064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:23:39.212567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:23:55.215016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:24:27.220760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:24:53.008610 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 11:24:53.008744 3.003310 tcp 10.0.2.109 58822 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 11:25:02.011085 0.000000 tcp 10.0.2.109 58822 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 11:25:07.652404 0.009510 udp 10.0.2.109 54526 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/21 11:25:07.662398 0.009388 udp 10.0.2.109 59593 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/21 11:25:08.041639 0.037056 tcp 10.0.2.109 58823 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:25:08.078494 0.032531 tcp 10.0.2.109 58824 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:25:08.111257 0.134314 tcp 10.0.2.109 58825 -> 195.113.214.211 443 SRPA* 0 0 42 22688 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:25:08.668981 2.995706 tcp 10.0.2.109 58826 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 11:25:17.673754 0.000000 tcp 10.0.2.109 58826 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 11:25:23.662685 0.033307 tcp 10.0.2.109 58827 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:25:23.695902 0.031998 tcp 10.0.2.109 58828 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:25:23.728293 0.132893 tcp 10.0.2.109 58829 -> 195.113.214.211 443 SRPA* 0 0 39 30996 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:25:24.232362 2.994629 tcp 10.0.2.109 58830 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 11:25:33.225636 0.000000 tcp 10.0.2.109 58830 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 11:25:39.224948 0.030862 tcp 10.0.2.109 58831 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:25:39.256076 0.032866 tcp 10.0.2.109 58832 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:25:39.288799 0.132665 tcp 10.0.2.109 58833 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:25:39.687475 0.503718 tcp 10.0.2.109 58834 -> 176.73.148.5 3964 FSPA* 0 0 15 1718 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:30:31.257209 3.001228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 11:30:38.264163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:30:46.265702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:31:02.269084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:31:34.374842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:33:55.287908 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 11:33:55.288016 0.172796 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:55.461151 0.053282 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:55.514847 0.366155 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:55.881409 0.171083 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:56.052910 0.165168 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:56.218440 0.053541 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:56.272392 0.161302 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:56.434107 0.136885 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:56.571387 0.384044 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:56.955834 0.060234 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.016396 0.119276 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.136042 0.093959 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.230478 0.150735 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.381584 0.055165 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.437184 0.078578 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.516134 0.158745 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.675294 0.091693 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.767422 0.079438 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.847285 0.044306 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:57.891996 0.367684 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:58.260076 0.147338 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:58.407796 0.187332 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:58.595536 0.178570 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:58.774548 0.036407 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:58.811375 0.704239 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:59.516014 0.041889 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:33:59.558344 0.000000 udp 10.0.2.109 3683 -> 72.160.17.24 6351 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:34:18.292444 0.033003 tcp 10.0.2.109 58835 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:34:18.325759 0.031640 tcp 10.0.2.109 58836 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:34:18.357658 0.148337 tcp 10.0.2.109 58837 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:34:18.506639 0.174834 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:18.681896 0.240046 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:18.922330 0.194246 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:19.117003 0.166362 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:19.283702 0.045284 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:19.329419 0.182524 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:19.512391 0.239664 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:19.752462 0.192441 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:19.945293 0.165336 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:20.111056 0.069920 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:20.181449 0.062896 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:20.244793 0.070425 udp 10.0.2.109 3683 <-> 81.136.164.238 3464 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/21 11:34:20.315624 0.000000 udp 10.0.2.109 3683 -> 116.203.125.138 5738 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 11:34:39.171674 0.033402 tcp 10.0.2.109 58838 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:34:39.205317 0.032694 tcp 10.0.2.109 58839 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:34:39.238331 0.144230 tcp 10.0.2.109 58840 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:37:38.381274 3.181542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 11:37:45.568871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:37:53.569959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:38:09.573064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:38:41.578951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:44:45.585540 3.001199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 11:44:52.592561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:45:00.594549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:45:16.596870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:45:48.603073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:51:52.609495 3.001454 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 11:51:59.616724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:52:07.617883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:52:23.621133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:52:55.627415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:55:40.314575 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 11:55:40.314667 0.525022 tcp 10.0.2.109 58841 -> 176.73.148.5 3964 FSPA* 0 0 15 1803 flow=From-Botnet-V1-TCP-Established 1970/01/21 11:58:59.633752 3.001483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 11:59:06.640279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:59:14.641788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 11:59:30.645332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:00:02.650849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:04:43.625315 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 12:04:43.625481 0.267022 udp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:04:43.892881 0.000000 udp 10.0.2.109 3683 -> 116.203.125.138 5738 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 12:05:01.672456 0.031663 tcp 10.0.2.109 58842 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:05:01.704417 0.031181 tcp 10.0.2.109 58843 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:05:01.735913 0.135963 tcp 10.0.2.109 58844 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:05:01.872359 0.053421 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:01.926419 0.194090 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:02.120934 0.355554 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:02.476902 0.055640 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:02.532950 0.160263 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:02.693626 0.140567 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:02.834566 0.385824 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:03.220843 0.058038 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:03.279242 0.169737 udp 10.0.2.109 3683 <-> 75.34.179.1 1841 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:03.449401 0.175165 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:03.624929 0.222225 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:03.847561 0.054449 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:03.902418 0.234632 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:04.137403 0.094754 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:04.232514 0.087522 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:04.320432 0.084746 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:04.405596 0.044993 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:04.451017 0.142549 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:04.593972 0.157436 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:04.751809 0.178497 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:04.930726 1.354068 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:06.285176 0.186372 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:06.471903 0.331007 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:06.803226 0.137541 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:06.941150 0.044230 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:06.985788 0.818560 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:07.804762 0.225090 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:08.030195 0.180066 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:08.210684 0.045204 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:08.256309 0.163653 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:08.420328 0.176550 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:08.597289 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 12:05:27.008077 0.031832 tcp 10.0.2.109 58845 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:05:27.039737 0.044633 tcp 10.0.2.109 58846 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:05:27.084748 0.134379 tcp 10.0.2.109 58847 -> 195.113.214.211 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:05:27.219622 0.193134 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:27.413114 0.180777 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:27.594440 0.209995 udp 10.0.2.109 3683 <-> 81.136.164.238 3464 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:27.804858 0.070541 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:27.875815 0.162910 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:05:28.039085 0.052632 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:06:06.737849 3.001240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 12:06:13.744368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:06:21.746369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:06:37.749018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:07:10.195884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:13:14.202953 3.000835 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 12:13:21.209079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:13:29.210879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:13:45.214361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:14:17.219547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:20:21.226522 3.001275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 12:20:28.233428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:20:36.234685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:20:52.237699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:21:24.243481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:25:41.103601 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 12:25:41.103715 0.564514 tcp 10.0.2.109 58848 -> 176.73.148.5 3964 FSPA* 0 0 15 1698 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:27:28.319998 3.001919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 12:27:35.497712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:27:43.499392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:27:59.502327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:28:31.508043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:34:35.514594 3.001205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 12:34:42.521424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:34:50.633446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:35:06.636406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:35:30.821775 0.000172 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 12:35:30.822045 0.239439 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:31.061977 0.266589 udp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:31.328963 0.052765 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 587 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:31.382138 0.345159 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:31.727674 0.054960 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:31.783009 0.161911 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:31.945264 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 12:35:38.642528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:35:47.426982 0.055299 tcp 10.0.2.109 58849 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:35:47.482071 0.032661 tcp 10.0.2.109 58850 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:35:47.514532 0.211672 tcp 10.0.2.109 58851 -> 195.113.214.211 443 SRPA* 0 0 27 12037 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:35:47.726613 0.164836 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:47.891841 0.170072 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:48.062390 0.379577 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:48.442409 0.057926 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:48.500790 0.056905 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:48.558245 0.147511 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:35:48.706175 0.000000 udp 10.0.2.109 3683 -> 75.34.179.1 1841 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 12:36:07.414562 0.095968 tcp 10.0.2.109 58852 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:36:07.510885 0.032341 tcp 10.0.2.109 58853 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:36:07.543492 0.196662 tcp 10.0.2.109 58854 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:36:07.740649 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 12:36:25.840458 0.030944 tcp 10.0.2.109 58855 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:36:25.871673 0.064770 tcp 10.0.2.109 58856 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:36:25.936292 0.134931 tcp 10.0.2.109 58857 -> 195.113.214.211 443 SRPA* 0 0 32 17990 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:36:26.070410 0.090027 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:26.160875 0.071288 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:26.232598 0.040099 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:26.273109 0.142867 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:26.416395 0.159138 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:26.575971 0.177932 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:26.754469 0.217291 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:26.972167 0.325721 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:27.298395 0.142664 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:27.441495 0.042490 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:27.484327 0.036985 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:27.521730 0.186531 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:27.708680 0.043853 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:27.771284 0.224904 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:27.996598 0.165049 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:28.162099 0.180641 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:28.343175 0.045328 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:36:28.388933 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 12:36:45.919686 0.031172 tcp 10.0.2.109 58858 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:36:45.950729 0.032178 tcp 10.0.2.109 58859 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:36:45.983206 0.171578 tcp 10.0.2.109 58860 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:36:46.155378 0.000000 udp 10.0.2.109 3683 -> 81.136.164.238 3464 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 12:37:01.502031 0.035522 tcp 10.0.2.109 58861 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:37:01.537889 0.032910 tcp 10.0.2.109 58862 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:37:01.571039 0.130822 tcp 10.0.2.109 58863 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:37:01.702191 0.068944 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:37:01.771548 0.185848 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:37:01.957809 0.179410 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:37:02.137650 0.163017 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:37:02.301087 0.152881 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/21 12:41:42.647556 3.002273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 12:41:49.655495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:41:57.657485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:42:13.660421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:42:45.665988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:48:49.672481 3.001527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 12:48:56.679512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:49:04.680798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:49:20.684630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:49:53.230938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:55:42.043256 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 12:55:42.043360 0.565213 tcp 10.0.2.109 58864 -> 176.73.148.5 3964 FSPA* 0 0 15 1718 flow=From-Botnet-V1-TCP-Established 1970/01/21 12:55:57.237666 3.001111 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 12:56:04.244725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:56:12.245769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:56:28.248565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 12:57:00.254933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:03:04.261474 3.000913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 13:03:11.268342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:03:19.269711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:03:35.272889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:04:07.279122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:07:24.052147 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:07:24.052272 0.222064 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:07:24.275133 0.000000 udp 10.0.2.109 3683 -> 75.34.179.1 1841 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 13:07:42.129884 0.036769 tcp 10.0.2.109 58865 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:07:42.165583 0.032787 tcp 10.0.2.109 58866 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:07:42.198249 0.142125 tcp 10.0.2.109 58867 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:07:42.339221 0.087350 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:07:42.426969 0.187646 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:07:42.615026 0.000000 udp 10.0.2.109 3683 -> 81.136.164.238 3464 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 13:08:00.945742 0.032510 tcp 10.0.2.109 58868 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:08:00.978564 0.033478 tcp 10.0.2.109 58869 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:08:01.012328 0.133348 tcp 10.0.2.109 58870 -> 195.113.214.211 443 SRPA* 0 0 36 19628 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:08:01.144140 0.053074 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:01.197653 0.355219 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:01.553258 0.274710 udp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:01.828381 0.159594 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:01.988375 0.054596 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:02.043387 0.240312 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:02.284114 0.186950 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:02.471463 0.169181 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:02.641048 0.061906 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:02.703332 0.054389 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:02.758140 0.146083 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:02.904615 0.383659 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:03.289457 0.127985 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:03.417866 0.151177 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:03.569512 0.179893 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:03.749760 0.191427 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:03.941593 0.079101 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:04.021057 0.040046 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:04.061481 0.075152 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:04.137040 0.036818 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:04.174336 0.186361 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:04.361103 0.211595 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:04.573107 0.223027 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:04.796516 0.318708 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:05.115628 0.138677 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:05.254742 0.048771 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:05.303823 0.225735 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:05.529916 0.180006 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:05.710367 0.045327 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:05.756142 0.064628 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:05.821186 0.185986 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:06.007582 0.057058 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:06.065036 0.179488 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:08:06.244928 0.173314 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:10:11.285345 3.001593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 13:10:18.292015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:10:26.293801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:10:42.296500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:11:14.303092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:17:18.309987 3.000806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 13:17:25.316457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:17:33.318001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:17:49.320667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:18:21.326763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:24:25.332940 3.001685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 13:24:32.340419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:24:40.341606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:24:56.344856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:25:28.351227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:25:42.611672 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:25:42.611771 2.993535 tcp 10.0.2.109 58871 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:25:51.604319 0.000000 tcp 10.0.2.109 58871 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:25:57.614627 0.092326 tcp 10.0.2.109 58872 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:25:57.707283 0.031916 tcp 10.0.2.109 58873 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:25:57.739533 0.127923 tcp 10.0.2.109 58874 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:25:58.288069 2.999694 tcp 10.0.2.109 58875 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:26:07.286375 0.000000 tcp 10.0.2.109 58875 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:26:13.285737 0.031165 tcp 10.0.2.109 58876 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:13.317227 0.032444 tcp 10.0.2.109 58877 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:13.349955 0.131485 tcp 10.0.2.109 58878 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:13.616330 3.004048 tcp 10.0.2.109 58879 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:26:22.619064 0.000000 tcp 10.0.2.109 58879 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:26:28.618330 0.031281 tcp 10.0.2.109 58880 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:28.649899 0.032187 tcp 10.0.2.109 58881 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:28.681967 0.144375 tcp 10.0.2.109 58882 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:28.837789 3.004141 tcp 10.0.2.109 58883 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:26:37.840990 0.000000 tcp 10.0.2.109 58883 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:26:43.830506 0.093161 tcp 10.0.2.109 58884 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:43.924028 0.032095 tcp 10.0.2.109 58885 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:43.956422 0.214037 tcp 10.0.2.109 58886 -> 195.113.214.211 443 SRPA* 0 0 41 23260 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:44.392998 2.991484 tcp 10.0.2.109 58887 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:26:53.392873 0.000000 tcp 10.0.2.109 58887 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:26:59.392325 0.032516 tcp 10.0.2.109 58888 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:59.424728 0.031724 tcp 10.0.2.109 58889 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:59.456720 0.185584 tcp 10.0.2.109 58890 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:26:59.929469 2.997350 tcp 10.0.2.109 58891 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:27:08.925664 0.000000 tcp 10.0.2.109 58891 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:27:14.995386 0.029744 tcp 10.0.2.109 58892 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:27:15.025443 0.032571 tcp 10.0.2.109 58893 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:27:15.057871 0.135751 tcp 10.0.2.109 58894 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:27:15.437276 3.001833 tcp 10.0.2.109 58895 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:27:24.437708 0.000000 tcp 10.0.2.109 58895 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:27:30.436296 3.004315 tcp 10.0.2.109 58896 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:27:39.439239 0.000000 tcp 10.0.2.109 58896 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:27:45.437925 3.004044 tcp 10.0.2.109 58897 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:27:54.441072 0.000000 tcp 10.0.2.109 58897 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:27:59.397646 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:28:00.439698 3.004038 tcp 10.0.2.109 58898 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:28:09.452421 0.000000 tcp 10.0.2.109 58898 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:28:15.441094 2.994508 tcp 10.0.2.109 58899 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:28:24.443987 0.000000 tcp 10.0.2.109 58899 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:28:30.442384 2.994757 tcp 10.0.2.109 58900 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:28:39.435322 0.000000 tcp 10.0.2.109 58900 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:28:44.392244 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:31:32.426270 3.002498 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 13:31:39.433969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:31:47.435479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:32:03.438745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:32:35.445056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:33:45.446226 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:33:45.446316 3.003936 tcp 10.0.2.109 58901 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:33:54.448459 0.000000 tcp 10.0.2.109 58901 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:34:00.449305 0.031684 tcp 10.0.2.109 58902 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:00.481228 0.032545 tcp 10.0.2.109 58903 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:00.514054 0.150617 tcp 10.0.2.109 58904 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:00.693806 3.007695 tcp 10.0.2.109 58905 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:34:09.700548 0.000000 tcp 10.0.2.109 58905 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:34:15.689920 0.031530 tcp 10.0.2.109 58906 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:15.721746 0.033473 tcp 10.0.2.109 58907 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:15.755027 0.130267 tcp 10.0.2.109 58908 -> 195.113.214.211 443 SRPA* 0 0 41 22790 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:15.957203 3.006401 tcp 10.0.2.109 58909 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:34:24.972001 0.000000 tcp 10.0.2.109 58909 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:34:30.951603 0.030481 tcp 10.0.2.109 58910 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:30.982396 0.031292 tcp 10.0.2.109 58911 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:31.013992 0.128412 tcp 10.0.2.109 58912 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:31.223821 3.001812 tcp 10.0.2.109 58913 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:34:40.223866 0.000000 tcp 10.0.2.109 58913 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:34:46.223865 0.030762 tcp 10.0.2.109 58914 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:46.254893 0.031056 tcp 10.0.2.109 58915 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:46.286271 0.144853 tcp 10.0.2.109 58916 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:34:46.448926 2.998564 tcp 10.0.2.109 58917 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:34:55.445848 0.000000 tcp 10.0.2.109 58917 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:35:01.445556 0.030858 tcp 10.0.2.109 58918 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:35:01.476747 0.031998 tcp 10.0.2.109 58919 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:35:01.508597 0.129365 tcp 10.0.2.109 58920 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:35:01.869897 2.999640 tcp 10.0.2.109 58921 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:35:10.868063 0.000000 tcp 10.0.2.109 58921 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:35:16.868013 0.030744 tcp 10.0.2.109 58922 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:35:16.899100 0.031736 tcp 10.0.2.109 58923 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:35:16.931132 0.134023 tcp 10.0.2.109 58924 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:35:17.211493 3.000521 tcp 10.0.2.109 58925 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:35:26.210659 0.000000 tcp 10.0.2.109 58925 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:35:32.209257 3.004029 tcp 10.0.2.109 58926 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:35:41.211954 0.000000 tcp 10.0.2.109 58926 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:35:47.491420 2.994034 tcp 10.0.2.109 58927 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:35:56.483576 0.000000 tcp 10.0.2.109 58927 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:36:02.493075 2.993572 tcp 10.0.2.109 58928 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:36:07.169225 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:36:11.485302 0.000000 tcp 10.0.2.109 58928 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:36:17.494058 3.004141 tcp 10.0.2.109 58929 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:36:26.497374 0.000000 tcp 10.0.2.109 58929 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:36:32.495820 3.004020 tcp 10.0.2.109 58930 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:36:41.498880 0.000000 tcp 10.0.2.109 58930 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:38:28.052502 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:38:28.052605 0.137500 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:28.190531 0.092040 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:28.282975 0.176167 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:28.459653 0.266783 udp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:28.726889 0.052600 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:28.779944 0.368237 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:29.148600 0.160014 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:29.309007 0.059841 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:29.369184 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 13:38:39.732261 3.000636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 13:38:45.288706 0.031736 tcp 10.0.2.109 58931 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:38:45.320766 0.031256 tcp 10.0.2.109 58932 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:38:45.352312 0.167391 tcp 10.0.2.109 58933 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:38:45.518794 0.182695 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:45.701896 0.162072 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:45.864421 0.058981 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:45.923837 0.051632 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:45.975871 0.150970 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:46.127214 0.158997 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:46.286639 0.178077 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:46.465104 0.386936 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:46.739237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:38:46.852467 0.135696 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:46.988543 0.078744 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:47.067710 0.084072 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:47.152165 0.044160 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:47.196674 0.075132 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:47.272242 0.034933 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:47.309857 0.185665 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:47.495915 0.531621 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:48.027903 0.238409 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:48.266715 0.354722 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:48.621818 0.138435 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:48.760654 0.055351 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:48.816376 0.207910 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:49.024715 0.165706 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:49.190793 0.044732 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:49.235927 0.067336 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:49.303684 0.178099 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:49.482396 0.165624 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:49.648352 0.185828 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:49.834621 0.052465 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/21 13:38:54.750393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:39:10.753012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:39:42.759111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:41:47.498821 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:41:47.498913 3.004028 tcp 10.0.2.109 58934 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:41:56.501171 0.000000 tcp 10.0.2.109 58934 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:42:02.501656 0.032156 tcp 10.0.2.109 58935 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:02.534146 0.031391 tcp 10.0.2.109 58936 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:02.565886 0.140793 tcp 10.0.2.109 58937 -> 195.113.214.211 443 SRPA* 0 0 44 34760 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:02.845125 2.999442 tcp 10.0.2.109 58938 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:42:11.853197 0.000000 tcp 10.0.2.109 58938 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:42:17.842540 0.031180 tcp 10.0.2.109 58939 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:17.873998 0.031358 tcp 10.0.2.109 58940 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:17.905700 0.132155 tcp 10.0.2.109 58941 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:18.319043 2.998127 tcp 10.0.2.109 58942 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:42:27.316095 0.000000 tcp 10.0.2.109 58942 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:42:33.314646 0.031272 tcp 10.0.2.109 58943 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:33.345713 0.032633 tcp 10.0.2.109 58944 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:33.378646 0.132071 tcp 10.0.2.109 58945 -> 195.113.214.211 443 SRPA* 0 0 49 30830 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:33.985164 3.004376 tcp 10.0.2.109 58946 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:42:42.988089 0.000000 tcp 10.0.2.109 58946 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:42:48.988168 0.030840 tcp 10.0.2.109 58947 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:49.019309 0.031752 tcp 10.0.2.109 58948 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:49.051321 0.150207 tcp 10.0.2.109 58949 -> 195.113.214.211 443 FSRP* 0 0 28 9296 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:42:49.683111 2.998815 tcp 10.0.2.109 58950 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:42:58.681633 0.000000 tcp 10.0.2.109 58950 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:43:04.680637 0.031656 tcp 10.0.2.109 58951 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:43:04.711673 0.031435 tcp 10.0.2.109 58952 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:43:04.743287 0.125899 tcp 10.0.2.109 58953 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:43:04.992591 2.991844 tcp 10.0.2.109 58954 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:43:13.992558 0.000000 tcp 10.0.2.109 58954 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:43:19.992064 0.032113 tcp 10.0.2.109 58955 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:43:20.024505 0.031769 tcp 10.0.2.109 58956 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:43:20.056575 0.130741 tcp 10.0.2.109 58957 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:43:20.403545 2.993135 tcp 10.0.2.109 58958 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:43:29.395186 0.000000 tcp 10.0.2.109 58958 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:43:35.403935 3.003788 tcp 10.0.2.109 58959 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:43:44.406684 0.000000 tcp 10.0.2.109 58959 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:43:50.485368 3.003965 tcp 10.0.2.109 58960 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:43:59.488141 0.000000 tcp 10.0.2.109 58960 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:44:04.215244 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:44:05.487467 3.004075 tcp 10.0.2.109 58961 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:44:14.489782 0.000000 tcp 10.0.2.109 58961 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:44:20.488732 3.004110 tcp 10.0.2.109 58962 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:44:29.491472 0.000000 tcp 10.0.2.109 58962 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:44:35.490310 2.994301 tcp 10.0.2.109 58963 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:44:44.493037 0.000000 tcp 10.0.2.109 58963 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:44:49.209900 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:45:46.805416 3.001483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 13:45:53.812971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:46:01.814505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:46:17.816891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:46:49.823790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:49:50.493878 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 13:49:50.494101 2.993019 tcp 10.0.2.109 58964 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:49:59.485952 0.000000 tcp 10.0.2.109 58964 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:50:05.527037 0.032471 tcp 10.0.2.109 58965 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:50:05.559797 0.032291 tcp 10.0.2.109 58966 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:50:05.592442 0.128615 tcp 10.0.2.109 58967 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:50:05.948076 3.001486 tcp 10.0.2.109 58968 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:50:14.948174 0.000000 tcp 10.0.2.109 58968 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:50:20.947633 0.031416 tcp 10.0.2.109 58969 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:50:20.979337 0.032660 tcp 10.0.2.109 58970 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:50:21.012353 0.130547 tcp 10.0.2.109 58971 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/21 13:50:21.156960 3.004447 tcp 10.0.2.109 58972 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:50:30.159855 0.000000 tcp 10.0.2.109 58972 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:50:36.148909 3.004004 tcp 10.0.2.109 58973 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:50:45.151769 0.000000 tcp 10.0.2.109 58973 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 13:52:53.859668 3.001402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 13:53:00.866549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:53:08.868226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:53:24.871412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 13:53:56.877300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:00:00.884194 3.761817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/21 14:00:11.708975 3.945340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/21 14:00:23.558468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:00:39.367924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:01:11.022546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:07:14.787933 3.000814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 14:07:21.794830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:07:29.796093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:07:45.799328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:08:17.805398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:09:16.629919 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:09:16.630018 0.241953 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:16.926943 0.184184 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:17.103549 0.289455 rtp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:17.372866 0.055171 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:17.619369 0.153560 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:17.765306 0.115686 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:17.861882 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 14:09:24.681980 2.993174 tcp 10.0.2.109 58974 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:09:33.295325 0.032019 tcp 10.0.2.109 58975 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:33.327629 0.032433 tcp 10.0.2.109 58976 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:33.360382 0.146343 tcp 10.0.2.109 58977 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:33.505051 0.346778 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:33.673812 0.000000 tcp 10.0.2.109 58974 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:09:33.957110 0.158713 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:34.110552 0.169803 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:34.282568 0.166120 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:34.445654 0.063622 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:34.494985 0.176131 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:34.646741 0.158915 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:34.879841 0.187351 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:35.060496 0.433425 rtp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2535 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:35.447361 0.080830 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:35.528748 0.130304 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:35.679418 0.121599 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:35.761587 0.128856 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:35.854356 0.045553 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:35.925363 0.105253 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:36.012882 0.049908 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:36.183031 0.188131 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:36.390758 0.370936 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:36.743695 0.166981 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:37.144711 0.052279 rtp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:37.258621 0.623217 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:37.879449 0.272547 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:38.103809 0.197537 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:38.289923 0.176568 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:38.540298 0.047387 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:38.586243 0.110743 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:38.723531 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 14:09:39.683591 0.031127 tcp 10.0.2.109 58978 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:39.715064 0.032522 tcp 10.0.2.109 58979 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:39.747392 0.132705 tcp 10.0.2.109 58980 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:39.899959 2.997353 tcp 10.0.2.109 58981 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:09:48.895834 0.000000 tcp 10.0.2.109 58981 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:09:54.895181 0.031570 tcp 10.0.2.109 58982 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:54.926544 0.032966 tcp 10.0.2.109 58983 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:54.959864 0.197635 tcp 10.0.2.109 58984 -> 195.113.214.211 443 SRPA* 0 0 49 33036 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:54.975085 0.031651 tcp 10.0.2.109 58985 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:55.007120 0.030888 tcp 10.0.2.109 58986 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:55.038443 0.139128 tcp 10.0.2.109 58987 -> 195.113.214.211 443 SRPA* 0 0 54 37092 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:09:55.169152 3.000063 tcp 10.0.2.109 58988 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:09:55.178291 0.183281 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:55.415259 0.197076 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:09:55.604835 0.077688 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:10:04.168068 0.000000 tcp 10.0.2.109 58988 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:10:10.167284 0.032291 tcp 10.0.2.109 58989 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:10:10.199422 0.032649 tcp 10.0.2.109 58990 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:10:10.232419 0.142211 tcp 10.0.2.109 58991 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:10:10.424683 3.006395 tcp 10.0.2.109 58992 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:10:19.429709 0.000000 tcp 10.0.2.109 58992 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:10:25.418910 3.004204 tcp 10.0.2.109 58993 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:10:34.421121 0.000000 tcp 10.0.2.109 58993 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:10:40.419935 2.994639 tcp 10.0.2.109 58994 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:10:49.423097 0.000000 tcp 10.0.2.109 58994 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:14:21.811485 3.001595 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 14:14:28.818452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:14:36.819794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:14:52.823022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:15:24.829387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:15:55.423467 0.000183 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:15:55.423748 3.003848 tcp 10.0.2.109 58995 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:16:04.425921 0.000000 tcp 10.0.2.109 58995 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:16:10.426492 0.032288 tcp 10.0.2.109 58996 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:10.459082 0.032691 tcp 10.0.2.109 58997 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:10.492023 0.143208 tcp 10.0.2.109 58998 -> 195.113.214.211 443 SRPA* 0 0 21 13034 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:11.426585 3.003653 tcp 10.0.2.109 58999 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:16:20.428929 0.000000 tcp 10.0.2.109 58999 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:16:26.428296 0.090705 tcp 10.0.2.109 59000 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:26.519284 0.031855 tcp 10.0.2.109 59001 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:26.551397 0.127706 tcp 10.0.2.109 59002 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:27.136743 3.006000 tcp 10.0.2.109 59003 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:16:36.141589 0.000000 tcp 10.0.2.109 59003 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:16:42.130913 0.046809 tcp 10.0.2.109 59004 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:42.177570 0.032145 tcp 10.0.2.109 59005 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:42.210027 0.212501 tcp 10.0.2.109 59006 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:42.591829 2.993265 tcp 10.0.2.109 59007 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:16:51.593414 0.000000 tcp 10.0.2.109 59007 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:16:57.593203 0.031019 tcp 10.0.2.109 59008 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:57.624510 0.032124 tcp 10.0.2.109 59009 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:57.656945 0.139225 tcp 10.0.2.109 59010 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:16:59.910088 2.022233 tcp 10.0.2.109 59011 -> 46.50.226.74 10856 FSPA* 0 0 14 1757 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:17:00.674310 0.030847 tcp 10.0.2.109 59012 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:17:00.705401 0.032869 tcp 10.0.2.109 59013 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:17:00.738573 0.132685 tcp 10.0.2.109 59014 -> 195.113.214.211 443 SRPA* 0 0 43 22186 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:17:01.932581 3.000472 tcp 10.0.2.109 59015 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:17:10.931628 0.000000 tcp 10.0.2.109 59015 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:17:16.931077 0.031526 tcp 10.0.2.109 59016 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:17:16.962884 0.033243 tcp 10.0.2.109 59017 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:17:16.996484 0.140273 tcp 10.0.2.109 59018 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:17:18.108294 2.997545 tcp 10.0.2.109 59019 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:17:27.104622 0.000000 tcp 10.0.2.109 59019 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:17:33.103767 3.004045 tcp 10.0.2.109 59020 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:17:42.106287 0.000000 tcp 10.0.2.109 59020 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:17:48.105498 3.003850 tcp 10.0.2.109 59021 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:17:57.107782 0.000000 tcp 10.0.2.109 59021 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:18:01.684920 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:18:03.106783 3.003885 tcp 10.0.2.109 59022 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:18:12.109533 0.000000 tcp 10.0.2.109 59022 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:18:18.108299 0.701280 tcp 10.0.2.109 59023 -> 46.50.226.74 10856 FSPA* 0 0 14 1757 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:18:18.809816 3.003895 tcp 10.0.2.109 59024 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:18:27.812187 0.000000 tcp 10.0.2.109 59024 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:21:28.835887 3.001128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 14:21:35.842161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:21:43.843843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:21:59.847245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:22:31.852696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:23:33.813127 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:23:33.813227 2.993438 tcp 10.0.2.109 59025 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:23:42.804984 0.000000 tcp 10.0.2.109 59025 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:23:48.815462 0.098790 tcp 10.0.2.109 59026 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:23:48.914513 0.032672 tcp 10.0.2.109 59027 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:23:48.947037 0.127688 tcp 10.0.2.109 59028 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:23:49.304881 3.003872 tcp 10.0.2.109 59029 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:23:58.307074 0.000000 tcp 10.0.2.109 59029 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:24:04.307097 0.030629 tcp 10.0.2.109 59030 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:04.338226 0.032101 tcp 10.0.2.109 59031 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:04.370608 0.128893 tcp 10.0.2.109 59032 -> 195.113.214.211 443 SRPA* 0 0 40 33106 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:04.517563 3.002768 tcp 10.0.2.109 59033 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:24:13.519126 0.000000 tcp 10.0.2.109 59033 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:24:19.518496 0.031371 tcp 10.0.2.109 59034 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:19.549698 0.033191 tcp 10.0.2.109 59035 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:19.583202 0.135496 tcp 10.0.2.109 59036 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:19.914925 3.008123 tcp 10.0.2.109 59037 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:24:28.921332 0.000000 tcp 10.0.2.109 59037 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:24:34.910359 0.042037 tcp 10.0.2.109 59038 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:34.952228 0.034747 tcp 10.0.2.109 59039 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:34.987232 0.145345 tcp 10.0.2.109 59040 -> 195.113.214.211 443 SRPA* 0 0 43 30376 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:35.270780 1.081245 tcp 10.0.2.109 59041 -> 46.50.226.74 10856 FSPA* 0 0 12 1480 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:35.974291 0.032775 tcp 10.0.2.109 59042 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:36.007359 0.032228 tcp 10.0.2.109 59043 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:36.039892 0.141155 tcp 10.0.2.109 59044 -> 195.113.214.211 443 SRPA* 0 0 51 32766 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:36.352288 2.993637 tcp 10.0.2.109 59045 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:24:45.344922 0.000000 tcp 10.0.2.109 59045 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:24:51.354590 0.030854 tcp 10.0.2.109 59046 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:51.385674 0.031456 tcp 10.0.2.109 59047 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:51.417415 0.127663 tcp 10.0.2.109 59048 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:24:51.611543 2.996526 tcp 10.0.2.109 59049 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:25:00.606948 0.000000 tcp 10.0.2.109 59049 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:25:06.605801 3.004389 tcp 10.0.2.109 59050 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:25:15.608762 0.000000 tcp 10.0.2.109 59050 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:25:21.917924 3.003912 tcp 10.0.2.109 59051 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:25:30.920694 0.000000 tcp 10.0.2.109 59051 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:25:36.919627 3.003798 tcp 10.0.2.109 59052 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:25:41.495789 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:25:45.922238 0.000000 tcp 10.0.2.109 59052 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:25:51.920786 0.697387 tcp 10.0.2.109 59053 -> 46.50.226.74 10856 FSPA* 0 0 14 1588 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:25:52.618359 2.998404 tcp 10.0.2.109 59054 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:26:01.615003 0.000000 tcp 10.0.2.109 59054 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:28:36.170018 3.001165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 14:28:43.176906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:28:51.178061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:29:07.181195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:29:39.187783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:31:07.615324 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:31:07.615494 3.003006 tcp 10.0.2.109 59055 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:31:16.617605 0.000000 tcp 10.0.2.109 59055 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:31:22.618293 0.031700 tcp 10.0.2.109 59056 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:31:22.650389 0.031925 tcp 10.0.2.109 59057 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:31:22.682580 0.131311 tcp 10.0.2.109 59058 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:31:22.956559 3.004250 tcp 10.0.2.109 59059 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:31:31.959715 0.000000 tcp 10.0.2.109 59059 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:31:37.948581 0.031631 tcp 10.0.2.109 59060 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:31:37.980024 0.032564 tcp 10.0.2.109 59061 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:31:38.012434 0.135943 tcp 10.0.2.109 59062 -> 195.113.214.211 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:31:38.196082 3.006918 tcp 10.0.2.109 59063 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:31:47.201423 0.000000 tcp 10.0.2.109 59063 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:31:53.190965 0.045814 tcp 10.0.2.109 59064 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:31:53.237089 0.032461 tcp 10.0.2.109 59065 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:31:53.269859 0.153718 tcp 10.0.2.109 59066 -> 195.113.214.211 443 SRPA* 0 0 48 33054 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:31:53.457407 2.997829 tcp 10.0.2.109 59067 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:32:02.463596 0.000000 tcp 10.0.2.109 59067 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:32:08.452830 0.031051 tcp 10.0.2.109 59068 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:08.484258 0.032187 tcp 10.0.2.109 59069 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:08.516807 0.130759 tcp 10.0.2.109 59070 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:08.755406 0.925368 tcp 10.0.2.109 59071 -> 46.50.226.74 10856 FSPA* 0 0 14 1762 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:09.359482 0.030468 tcp 10.0.2.109 59072 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:09.390445 0.032968 tcp 10.0.2.109 59073 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:09.423729 0.130024 tcp 10.0.2.109 59074 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:09.680976 2.997346 tcp 10.0.2.109 59075 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:32:18.676469 0.000000 tcp 10.0.2.109 59075 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:32:24.675736 0.030436 tcp 10.0.2.109 59076 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:24.706511 0.032139 tcp 10.0.2.109 59077 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:24.738933 0.140944 tcp 10.0.2.109 59078 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:32:24.972255 2.997470 tcp 10.0.2.109 59079 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:32:33.968754 0.000000 tcp 10.0.2.109 59079 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:32:39.967733 3.003565 tcp 10.0.2.109 59080 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:32:48.970493 0.000000 tcp 10.0.2.109 59080 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:32:54.968949 3.004328 tcp 10.0.2.109 59081 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:33:03.972131 0.000000 tcp 10.0.2.109 59081 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:33:09.970311 2.994093 tcp 10.0.2.109 59082 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:33:14.496990 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:33:18.973541 0.000000 tcp 10.0.2.109 59082 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:33:24.971852 0.782853 tcp 10.0.2.109 59083 -> 46.50.226.74 10856 FSPA* 0 0 14 1762 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:33:25.754971 3.002402 tcp 10.0.2.109 59084 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:33:34.756082 0.000000 tcp 10.0.2.109 59084 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:35:43.193469 3.002048 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 14:35:50.200900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:35:58.202356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:36:14.205402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:36:46.211694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:38:40.816510 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:38:40.816701 3.003907 tcp 10.0.2.109 59085 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:38:49.819347 0.000000 tcp 10.0.2.109 59085 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:38:55.819313 0.031326 tcp 10.0.2.109 59086 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:38:55.850910 0.033640 tcp 10.0.2.109 59087 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:38:55.884430 0.134504 tcp 10.0.2.109 59088 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:38:56.435667 3.007585 tcp 10.0.2.109 59089 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:39:05.441394 0.000000 tcp 10.0.2.109 59089 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:39:11.432451 0.031348 tcp 10.0.2.109 59090 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:11.464069 0.030857 tcp 10.0.2.109 59091 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:11.495233 0.130443 tcp 10.0.2.109 59092 -> 195.113.214.211 443 SRPA* 0 0 42 23350 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:11.709353 1.313569 tcp 10.0.2.109 59093 -> 46.50.226.74 10856 FSPA* 0 0 14 1703 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:12.401086 0.030692 tcp 10.0.2.109 59094 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:12.431632 0.032209 tcp 10.0.2.109 59095 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:12.464208 0.130348 tcp 10.0.2.109 59096 -> 195.113.214.211 443 SRPA* 0 0 26 13058 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:13.022764 2.993979 tcp 10.0.2.109 59097 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:39:22.015306 0.000000 tcp 10.0.2.109 59097 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:39:28.415553 0.033231 tcp 10.0.2.109 59098 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:28.448594 0.033144 tcp 10.0.2.109 59099 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:28.482294 0.128097 tcp 10.0.2.109 59100 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:28.690450 2.998634 tcp 10.0.2.109 59101 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:39:37.687724 0.000000 tcp 10.0.2.109 59101 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:39:43.687072 3.003693 tcp 10.0.2.109 59102 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:39:52.689251 0.000000 tcp 10.0.2.109 59102 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:39:58.688402 0.658289 tcp 10.0.2.109 59103 -> 46.50.226.74 10856 FSPA* 0 0 14 1703 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:39:59.346548 3.007008 tcp 10.0.2.109 59104 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:40:08.351817 0.000000 tcp 10.0.2.109 59104 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:40:15.182123 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 14:40:33.638887 0.030976 tcp 10.0.2.109 59105 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:40:33.670211 0.074895 tcp 10.0.2.109 59106 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:40:33.745462 0.128981 tcp 10.0.2.109 59107 -> 195.113.214.211 443 SRPA* 0 0 37 32078 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:40:33.875240 0.182669 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:34.054626 0.243262 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:34.317826 0.055461 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:34.416704 0.153946 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:34.563294 0.115663 rtp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:34.802360 0.329585 udp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:35.111691 0.184726 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:35.289196 0.342162 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:35.738631 0.161464 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:35.913681 0.167215 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:36.076333 0.175686 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:36.230340 0.151974 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:36.578426 0.067812 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:36.628475 0.165902 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:37.096681 0.081341 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:37.159910 0.143458 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:37.389127 0.166721 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:37.519594 0.115391 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:37.637065 0.041687 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:37.683266 0.429074 rtp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:38.062404 0.188402 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:38.243676 0.188688 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:38.546927 0.348384 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:38.873230 0.098739 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:38.957522 0.043925 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2567 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:39.484852 0.170967 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:39.633417 0.045304 rtp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:39.918802 0.104179 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:40.021568 0.176239 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:40.385350 0.047253 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:40.611241 0.115899 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:40.680534 0.275933 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:40.904621 0.196372 rtp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:41.092728 0.065407 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:41.256494 0.175899 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:40:41.428184 0.194692 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/01/21 14:42:50.728609 3.000841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 14:42:57.735775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:43:05.737223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:43:21.740221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:43:53.746216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:45:14.342378 0.000147 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:45:14.342663 2.993468 tcp 10.0.2.109 59108 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:45:23.334726 0.000000 tcp 10.0.2.109 59108 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:45:29.345759 0.031393 tcp 10.0.2.109 59109 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:45:29.377376 0.031609 tcp 10.0.2.109 59110 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:45:29.409333 0.129091 tcp 10.0.2.109 59111 -> 195.113.214.211 443 SRPA* 0 0 28 19218 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:45:30.402550 2.996432 tcp 10.0.2.109 59112 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:45:39.397651 0.000000 tcp 10.0.2.109 59112 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:45:45.397117 0.029917 tcp 10.0.2.109 59113 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:45:45.427341 0.031633 tcp 10.0.2.109 59114 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:45:45.459401 0.130558 tcp 10.0.2.109 59115 -> 195.113.214.211 443 SRPA* 0 0 27 17742 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:45:45.707114 3.004259 tcp 10.0.2.109 59116 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:45:54.709930 0.000000 tcp 10.0.2.109 59116 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:46:01.360154 0.030929 tcp 10.0.2.109 59117 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:01.391000 0.031529 tcp 10.0.2.109 59118 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:01.422766 0.134179 tcp 10.0.2.109 59119 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:01.883463 2.990786 tcp 10.0.2.109 59120 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:46:10.883212 0.000000 tcp 10.0.2.109 59120 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:46:16.882601 0.030349 tcp 10.0.2.109 59121 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:16.912846 0.031685 tcp 10.0.2.109 59122 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:16.944385 0.131573 tcp 10.0.2.109 59123 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:17.473877 0.904882 tcp 10.0.2.109 59124 -> 46.50.226.74 10856 FSPA* 0 0 14 1731 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:18.139212 0.030567 tcp 10.0.2.109 59125 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:18.169703 0.031267 tcp 10.0.2.109 59126 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:18.201272 0.132745 tcp 10.0.2.109 59127 -> 195.113.214.211 443 SRPA* 0 0 23 11450 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:18.378992 2.999448 tcp 10.0.2.109 59128 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:46:27.376921 0.000000 tcp 10.0.2.109 59128 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:46:33.376630 0.031713 tcp 10.0.2.109 59129 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:33.408700 0.032573 tcp 10.0.2.109 59130 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:33.441541 0.150924 tcp 10.0.2.109 59131 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:46:33.760207 3.000345 tcp 10.0.2.109 59132 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:46:42.759080 0.000000 tcp 10.0.2.109 59132 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:46:48.757836 3.003954 tcp 10.0.2.109 59133 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:46:57.760540 0.000000 tcp 10.0.2.109 59133 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:47:03.759525 3.004536 tcp 10.0.2.109 59134 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:47:12.771920 0.000000 tcp 10.0.2.109 59134 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:47:17.769202 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:47:18.761047 2.993937 tcp 10.0.2.109 59135 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:47:27.764148 0.000000 tcp 10.0.2.109 59135 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:47:33.762538 0.705606 tcp 10.0.2.109 59136 -> 46.50.226.74 10856 FSPA* 0 0 14 1731 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:47:34.468323 2.999235 tcp 10.0.2.109 59137 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:47:43.466054 0.000000 tcp 10.0.2.109 59137 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:49:58.072772 3.001528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 14:50:05.080149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:50:13.081300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:50:29.084148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:51:01.090212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:52:49.466661 0.000180 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:52:49.466941 3.004052 tcp 10.0.2.109 59138 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:52:58.469735 0.000000 tcp 10.0.2.109 59138 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:53:04.469555 0.031838 tcp 10.0.2.109 59139 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:04.501662 0.031811 tcp 10.0.2.109 59140 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:04.533842 0.144331 tcp 10.0.2.109 59141 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:05.350825 3.002882 tcp 10.0.2.109 59142 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:53:14.351865 0.000000 tcp 10.0.2.109 59142 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:53:20.351178 0.030734 tcp 10.0.2.109 59143 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:20.381756 0.031098 tcp 10.0.2.109 59144 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:20.413177 0.131489 tcp 10.0.2.109 59145 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:20.712081 2.993452 tcp 10.0.2.109 59146 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:53:29.703893 0.000000 tcp 10.0.2.109 59146 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:53:35.713265 0.031076 tcp 10.0.2.109 59147 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:35.744577 0.031494 tcp 10.0.2.109 59148 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:35.776359 0.130197 tcp 10.0.2.109 59149 -> 195.113.214.211 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:35.920892 2.996165 tcp 10.0.2.109 59150 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:53:44.916316 0.000000 tcp 10.0.2.109 59150 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:53:50.915326 0.030049 tcp 10.0.2.109 59151 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:50.945649 0.032174 tcp 10.0.2.109 59152 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:50.977702 0.127955 tcp 10.0.2.109 59153 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:51.284901 1.486918 tcp 10.0.2.109 59154 -> 46.50.226.74 10856 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:51.963288 0.030986 tcp 10.0.2.109 59155 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:51.994196 0.031498 tcp 10.0.2.109 59156 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:52.026034 0.126457 tcp 10.0.2.109 59157 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:53:52.771849 2.999864 tcp 10.0.2.109 59158 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:54:01.770283 0.000000 tcp 10.0.2.109 59158 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:54:07.769752 0.031050 tcp 10.0.2.109 59159 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:54:07.801119 0.031728 tcp 10.0.2.109 59160 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:54:07.832701 0.137911 tcp 10.0.2.109 59161 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:54:08.353002 3.000971 tcp 10.0.2.109 59162 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:54:17.362337 0.000000 tcp 10.0.2.109 59162 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:54:23.351341 2.994217 tcp 10.0.2.109 59163 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:54:32.343907 0.000000 tcp 10.0.2.109 59163 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:54:38.353087 2.994410 tcp 10.0.2.109 59164 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:54:47.345724 0.000000 tcp 10.0.2.109 59164 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:54:52.272969 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 14:54:53.354765 3.003913 tcp 10.0.2.109 59165 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:55:02.357561 0.000000 tcp 10.0.2.109 59165 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:55:08.356514 0.667856 tcp 10.0.2.109 59166 -> 46.50.226.74 10856 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/01/21 14:55:09.024582 3.006970 tcp 10.0.2.109 59167 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:55:18.029788 0.000000 tcp 10.0.2.109 59167 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 14:57:05.096567 3.001284 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 14:57:12.104240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:57:20.105493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:57:36.108722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 14:58:08.154437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:00:24.020496 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:00:24.020681 3.003721 tcp 10.0.2.109 59168 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:00:33.033223 0.000000 tcp 10.0.2.109 59168 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:00:39.153416 0.031737 tcp 10.0.2.109 59169 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:00:39.185439 0.031693 tcp 10.0.2.109 59170 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:00:39.217372 0.134670 tcp 10.0.2.109 59171 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:00:39.542369 2.994437 tcp 10.0.2.109 59172 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:00:48.534972 0.000000 tcp 10.0.2.109 59172 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:00:54.543977 0.030228 tcp 10.0.2.109 59173 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:00:54.574506 0.031540 tcp 10.0.2.109 59174 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:00:54.606520 0.127918 tcp 10.0.2.109 59175 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:00:55.248742 3.000289 tcp 10.0.2.109 59176 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:01:04.247866 0.000000 tcp 10.0.2.109 59176 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:01:10.246801 0.031620 tcp 10.0.2.109 59177 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:10.278691 0.031373 tcp 10.0.2.109 59178 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:10.310379 0.130498 tcp 10.0.2.109 59179 -> 195.113.214.211 443 SRPA* 0 0 27 12036 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:11.282977 2.998939 tcp 10.0.2.109 59180 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:01:20.280607 0.000000 tcp 10.0.2.109 59180 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:01:26.280373 0.030742 tcp 10.0.2.109 59181 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:26.310970 0.032184 tcp 10.0.2.109 59182 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:26.342957 0.130170 tcp 10.0.2.109 59183 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:26.493140 4.036750 tcp 10.0.2.109 59184 -> 46.50.226.74 10856 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:30.139579 0.030004 tcp 10.0.2.109 59185 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:30.169857 0.031254 tcp 10.0.2.109 59186 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:30.201406 0.132411 tcp 10.0.2.109 59187 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:30.530224 2.999229 tcp 10.0.2.109 59188 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:01:39.528643 0.000000 tcp 10.0.2.109 59188 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:01:45.528085 0.030756 tcp 10.0.2.109 59189 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:45.559145 0.031868 tcp 10.0.2.109 59190 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:45.591317 0.129863 tcp 10.0.2.109 59191 -> 195.113.214.211 443 SRPA* 0 0 37 31144 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:01:45.817968 3.003694 tcp 10.0.2.109 59192 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:01:54.820047 0.000000 tcp 10.0.2.109 59192 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:02:00.819084 3.004158 tcp 10.0.2.109 59193 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:02:09.821945 0.000000 tcp 10.0.2.109 59193 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:02:15.820444 2.994681 tcp 10.0.2.109 59194 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:02:24.823510 0.000000 tcp 10.0.2.109 59194 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:02:30.822571 2.993900 tcp 10.0.2.109 59195 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:02:35.398589 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:02:39.814856 0.000000 tcp 10.0.2.109 59195 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:02:45.823796 0.661969 tcp 10.0.2.109 59196 -> 46.50.226.74 10856 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:02:46.485996 3.003047 tcp 10.0.2.109 59197 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:02:55.487595 0.000000 tcp 10.0.2.109 59197 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:04:12.290195 3.002509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 15:04:19.298132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:04:27.299904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:04:43.302925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:05:15.308675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:08:01.488243 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:08:01.488342 3.003204 tcp 10.0.2.109 59198 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:08:10.490650 0.000000 tcp 10.0.2.109 59198 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:08:16.490684 0.031526 tcp 10.0.2.109 59199 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:08:16.522557 0.031100 tcp 10.0.2.109 59200 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:08:16.553950 0.134208 tcp 10.0.2.109 59201 -> 195.113.214.211 443 SRPA* 0 0 27 11666 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:08:16.950048 3.003748 tcp 10.0.2.109 59202 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:08:25.962882 0.000000 tcp 10.0.2.109 59202 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:08:31.951738 0.034540 tcp 10.0.2.109 59203 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:08:31.986014 0.031674 tcp 10.0.2.109 59204 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:08:32.018015 0.131742 tcp 10.0.2.109 59205 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:08:32.452475 2.993675 tcp 10.0.2.109 59206 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:08:41.444995 0.000000 tcp 10.0.2.109 59206 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:08:47.454593 0.030544 tcp 10.0.2.109 59207 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:08:47.485489 0.033005 tcp 10.0.2.109 59208 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:08:47.518795 0.132627 tcp 10.0.2.109 59209 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:08:47.683741 3.004237 tcp 10.0.2.109 59210 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:08:56.686671 0.000000 tcp 10.0.2.109 59210 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:09:02.685778 0.030702 tcp 10.0.2.109 59211 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:02.716303 0.032341 tcp 10.0.2.109 59212 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:02.748982 0.354781 tcp 10.0.2.109 59213 -> 195.113.214.211 443 SRPA* 0 0 27 11060 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:03.615285 1.653253 tcp 10.0.2.109 59214 -> 46.50.226.74 10856 FSPA* 0 0 14 1701 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:04.241656 0.032480 tcp 10.0.2.109 59215 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:04.274031 0.032914 tcp 10.0.2.109 59216 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:04.307244 0.185222 tcp 10.0.2.109 59217 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:05.268817 3.004656 tcp 10.0.2.109 59218 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:09:14.271936 0.000000 tcp 10.0.2.109 59218 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:09:20.391971 0.030423 tcp 10.0.2.109 59219 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:20.422671 0.031637 tcp 10.0.2.109 59220 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:20.454583 0.128778 tcp 10.0.2.109 59221 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:09:20.622695 2.992634 tcp 10.0.2.109 59222 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:09:29.614325 0.000000 tcp 10.0.2.109 59222 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:09:35.622978 2.993987 tcp 10.0.2.109 59223 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:09:44.615982 0.000000 tcp 10.0.2.109 59223 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:09:50.624609 3.004159 tcp 10.0.2.109 59224 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:09:59.627681 0.000000 tcp 10.0.2.109 59224 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:10:04.534353 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:10:05.626365 3.004343 tcp 10.0.2.109 59225 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:10:14.629014 0.000000 tcp 10.0.2.109 59225 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:10:20.627505 0.704728 tcp 10.0.2.109 59226 -> 46.50.226.74 10856 FSPA* 0 0 14 1701 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:10:21.332045 3.001164 tcp 10.0.2.109 59227 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:10:30.331798 0.000000 tcp 10.0.2.109 59227 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:10:43.270678 0.140137 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:43.680442 0.148424 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:43.824835 0.106017 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:43.913591 0.184660 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:44.095443 0.247494 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:44.337859 0.377692 udp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:44.694741 0.196397 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:44.883627 0.354965 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:45.245687 0.161998 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:45.421830 0.164280 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:45.580292 0.069941 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:45.753056 0.168148 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:45.915127 0.168858 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:46.142044 0.173116 rtp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:46.311855 0.080832 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:46.420332 0.136753 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:46.708564 0.190025 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:46.920871 0.125504 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:47.013831 0.045584 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:47.129292 0.179836 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:47.379786 0.372610 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:47.731752 0.436188 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:48.119922 0.188024 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:48.335171 0.170098 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:48.482910 0.049049 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:48.567648 0.104210 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:48.654244 0.057303 rtp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:48.758905 0.050385 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:48.882939 0.204776 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:49.146847 0.046702 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:49.335778 0.119157 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:49.406261 0.269723 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:49.626738 0.176998 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:49.814703 0.195224 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:50.001056 0.197552 rtp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:10:50.185612 0.062413 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:11:19.475534 3.001000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 15:11:26.482088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:11:34.484021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:11:50.486504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:12:22.493297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:15:36.361885 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:15:36.362134 2.993452 tcp 10.0.2.109 59228 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:15:45.354743 0.000000 tcp 10.0.2.109 59228 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:15:51.365036 0.031557 tcp 10.0.2.109 59229 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:15:51.396926 0.032836 tcp 10.0.2.109 59230 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:15:51.429529 0.132944 tcp 10.0.2.109 59231 -> 195.113.214.211 443 SRPA* 0 0 42 36138 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:15:51.590803 2.997311 tcp 10.0.2.109 59232 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:16:00.586663 0.000000 tcp 10.0.2.109 59232 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:16:06.585639 0.030285 tcp 10.0.2.109 59233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:06.616219 0.031827 tcp 10.0.2.109 59234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:06.647836 0.130362 tcp 10.0.2.109 59235 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:06.873482 2.996565 tcp 10.0.2.109 59236 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:16:15.868292 0.000000 tcp 10.0.2.109 59236 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:16:21.867960 0.031237 tcp 10.0.2.109 59237 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:21.899536 0.032032 tcp 10.0.2.109 59238 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:21.931412 0.135009 tcp 10.0.2.109 59239 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:22.078243 3.003181 tcp 10.0.2.109 59240 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:16:31.079915 0.000000 tcp 10.0.2.109 59240 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:16:37.079442 0.032340 tcp 10.0.2.109 59241 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:37.112066 0.031262 tcp 10.0.2.109 59242 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:37.143648 0.133135 tcp 10.0.2.109 59243 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:37.342899 0.879906 tcp 10.0.2.109 59244 -> 46.50.226.74 10856 FSPA* 0 0 14 1759 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:37.966325 0.030823 tcp 10.0.2.109 59245 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:37.997006 0.030797 tcp 10.0.2.109 59246 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:38.028093 0.154196 tcp 10.0.2.109 59247 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:38.223145 2.991854 tcp 10.0.2.109 59248 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:16:47.223285 0.000000 tcp 10.0.2.109 59248 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:16:53.222645 0.030599 tcp 10.0.2.109 59249 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:53.253528 0.032223 tcp 10.0.2.109 59250 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:53.286197 0.132884 tcp 10.0.2.109 59251 -> 195.113.214.211 443 SRPA* 0 0 39 31252 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:16:53.550299 2.996533 tcp 10.0.2.109 59252 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:17:02.545612 0.000000 tcp 10.0.2.109 59252 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:17:08.544145 3.003964 tcp 10.0.2.109 59253 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:17:17.546858 0.000000 tcp 10.0.2.109 59253 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:17:23.546157 3.003797 tcp 10.0.2.109 59254 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:17:32.548497 0.000000 tcp 10.0.2.109 59254 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:17:38.547366 3.004443 tcp 10.0.2.109 59255 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:17:43.067002 0.000035 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:17:47.550046 0.000000 tcp 10.0.2.109 59255 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:17:53.549317 0.616521 tcp 10.0.2.109 59256 -> 46.50.226.74 10856 FSPA* 0 0 14 1759 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:17:54.166066 2.997964 tcp 10.0.2.109 59257 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:18:03.172706 0.000000 tcp 10.0.2.109 59257 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:18:26.499320 3.001078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 15:18:33.506525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:18:41.508039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:18:57.511152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:19:29.516781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:23:09.163260 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:23:09.163360 2.993689 tcp 10.0.2.109 59258 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:23:18.155798 0.000000 tcp 10.0.2.109 59258 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:23:24.166376 0.031650 tcp 10.0.2.109 59259 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:23:24.198460 0.031379 tcp 10.0.2.109 59260 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:23:24.230149 0.130401 tcp 10.0.2.109 59261 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:23:24.490376 2.998888 tcp 10.0.2.109 59262 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:23:33.487497 0.000000 tcp 10.0.2.109 59262 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:23:39.487095 0.031403 tcp 10.0.2.109 59263 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:23:39.518843 0.031218 tcp 10.0.2.109 59264 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:23:39.550385 0.124912 tcp 10.0.2.109 59265 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:23:39.948944 3.001941 tcp 10.0.2.109 59266 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:23:48.949478 0.000000 tcp 10.0.2.109 59266 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:23:54.948783 0.030393 tcp 10.0.2.109 59267 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:23:54.979054 0.032236 tcp 10.0.2.109 59268 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:23:55.011560 0.127996 tcp 10.0.2.109 59269 -> 195.113.214.211 443 SRPA* 0 0 38 31800 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:23:55.265586 3.007863 tcp 10.0.2.109 59270 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:24:04.272119 0.000000 tcp 10.0.2.109 59270 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:24:10.261323 0.031978 tcp 10.0.2.109 59271 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:10.293171 0.086238 tcp 10.0.2.109 59272 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:10.379245 0.128403 tcp 10.0.2.109 59273 -> 195.113.214.211 443 SRPA* 0 0 29 15870 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:11.083623 1.336922 tcp 10.0.2.109 59274 -> 46.50.226.74 10856 FSPA* 0 0 14 1735 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:11.724072 0.030365 tcp 10.0.2.109 59275 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:11.754286 0.032316 tcp 10.0.2.109 59276 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:11.786871 0.131811 tcp 10.0.2.109 59277 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:12.420631 2.997585 tcp 10.0.2.109 59278 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:24:21.416668 0.000000 tcp 10.0.2.109 59278 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:24:27.415992 0.029969 tcp 10.0.2.109 59279 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:27.446272 0.032300 tcp 10.0.2.109 59280 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:27.478888 0.126838 tcp 10.0.2.109 59281 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:24:27.646116 3.003630 tcp 10.0.2.109 59282 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:24:36.648332 0.000000 tcp 10.0.2.109 59282 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:24:42.647409 3.003983 tcp 10.0.2.109 59283 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:24:51.649913 0.000000 tcp 10.0.2.109 59283 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:24:57.648870 3.004138 tcp 10.0.2.109 59284 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:25:06.651334 0.000000 tcp 10.0.2.109 59284 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:25:11.558642 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:25:12.650274 2.994441 tcp 10.0.2.109 59285 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:25:21.653486 0.000000 tcp 10.0.2.109 59285 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:25:27.651936 0.682176 tcp 10.0.2.109 59286 -> 46.50.226.74 10856 FSPA* 0 0 14 1735 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:25:28.334354 3.002608 tcp 10.0.2.109 59287 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:25:33.522502 3.002009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 15:25:37.335947 0.000000 tcp 10.0.2.109 59287 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:25:40.530722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:25:48.531614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:26:04.535000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:26:36.540545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:30:43.336498 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:30:43.336586 3.003482 tcp 10.0.2.109 59288 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:30:52.338968 0.000000 tcp 10.0.2.109 59288 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:30:58.339646 0.032063 tcp 10.0.2.109 59289 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:30:58.372024 0.032751 tcp 10.0.2.109 59290 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:30:58.405110 0.134409 tcp 10.0.2.109 59291 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:30:58.865095 3.006987 tcp 10.0.2.109 59292 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:31:07.871165 0.000000 tcp 10.0.2.109 59292 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:31:13.860458 0.031058 tcp 10.0.2.109 59293 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:13.891914 0.030762 tcp 10.0.2.109 59294 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:13.922523 0.126958 tcp 10.0.2.109 59295 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:14.232021 2.992334 tcp 10.0.2.109 59296 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:31:23.232746 0.000000 tcp 10.0.2.109 59296 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:31:29.232673 0.031264 tcp 10.0.2.109 59297 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:29.263769 0.032079 tcp 10.0.2.109 59298 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:29.296154 0.127958 tcp 10.0.2.109 59299 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:29.603118 2.993590 tcp 10.0.2.109 59300 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:31:38.595332 0.000000 tcp 10.0.2.109 59300 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:31:44.604440 0.030146 tcp 10.0.2.109 59301 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:44.634909 0.030915 tcp 10.0.2.109 59302 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:44.666063 0.128332 tcp 10.0.2.109 59303 -> 195.113.214.211 443 SRPA* 0 0 31 22144 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:44.880579 0.934467 tcp 10.0.2.109 59304 -> 46.50.226.74 10856 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:45.535337 0.030069 tcp 10.0.2.109 59305 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:45.565706 0.031677 tcp 10.0.2.109 59306 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:45.597683 0.125243 tcp 10.0.2.109 59307 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:31:45.815283 3.004576 tcp 10.0.2.109 59308 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:31:54.818526 0.000000 tcp 10.0.2.109 59308 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:32:00.807495 0.030209 tcp 10.0.2.109 59309 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:32:00.838051 0.030911 tcp 10.0.2.109 59310 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:32:00.869313 0.129578 tcp 10.0.2.109 59311 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:32:01.128126 3.003970 tcp 10.0.2.109 59312 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:32:10.130067 0.000000 tcp 10.0.2.109 59312 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:32:16.129475 3.003644 tcp 10.0.2.109 59313 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:32:25.131767 0.000000 tcp 10.0.2.109 59313 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:32:31.130593 2.994542 tcp 10.0.2.109 59314 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:32:40.133198 0.000000 tcp 10.0.2.109 59314 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:32:40.547995 3.000396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 15:32:45.060284 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:32:46.132547 2.993931 tcp 10.0.2.109 59315 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:32:47.554116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:32:55.125411 0.000000 tcp 10.0.2.109 59315 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:32:55.555852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:33:01.134002 0.653572 tcp 10.0.2.109 59316 -> 46.50.226.74 10856 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:33:01.787764 3.000888 tcp 10.0.2.109 59317 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:33:10.787797 0.000000 tcp 10.0.2.109 59317 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:33:11.568968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:33:43.575118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:38:16.798091 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:38:16.798202 3.003453 tcp 10.0.2.109 59318 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:38:25.800512 0.000000 tcp 10.0.2.109 59318 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:38:31.801078 0.052305 tcp 10.0.2.109 59319 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:38:31.853758 0.052980 tcp 10.0.2.109 59320 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:38:31.907007 0.149366 tcp 10.0.2.109 59321 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:38:32.496893 2.997742 tcp 10.0.2.109 59322 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:38:41.503069 0.000000 tcp 10.0.2.109 59322 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:38:47.492620 0.030780 tcp 10.0.2.109 59323 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:38:47.523711 0.031367 tcp 10.0.2.109 59324 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:38:47.555416 0.128079 tcp 10.0.2.109 59325 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:38:48.529153 2.998403 tcp 10.0.2.109 59326 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:38:57.525904 0.000000 tcp 10.0.2.109 59326 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:39:03.525194 0.052328 tcp 10.0.2.109 59327 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:03.577799 0.052688 tcp 10.0.2.109 59328 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:03.630833 0.124848 tcp 10.0.2.109 59329 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:04.502161 2.998300 tcp 10.0.2.109 59330 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:39:13.498853 0.000000 tcp 10.0.2.109 59330 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:39:19.498240 0.029762 tcp 10.0.2.109 59331 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:19.528233 0.032565 tcp 10.0.2.109 59332 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:19.561220 0.125593 tcp 10.0.2.109 59333 -> 195.113.214.211 443 SRPA* 0 0 39 31408 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:20.057746 1.015418 tcp 10.0.2.109 59334 -> 46.50.226.74 10856 FSPA* 0 0 14 1623 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:20.730501 0.031025 tcp 10.0.2.109 59335 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:20.761373 0.032782 tcp 10.0.2.109 59336 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:20.794017 0.125755 tcp 10.0.2.109 59337 -> 195.113.214.211 443 SRPA* 0 0 21 11361 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:21.073538 2.991055 tcp 10.0.2.109 59338 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:39:30.072879 0.000000 tcp 10.0.2.109 59338 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:39:36.072208 0.052467 tcp 10.0.2.109 59339 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:36.124972 0.054230 tcp 10.0.2.109 59340 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:36.179536 0.144324 tcp 10.0.2.109 59341 -> 195.113.214.211 443 SRPA* 0 0 40 20722 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:39:36.371682 2.994545 tcp 10.0.2.109 59342 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:39:45.364978 0.000000 tcp 10.0.2.109 59342 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:39:47.580563 3.002038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 15:39:51.373757 3.003887 tcp 10.0.2.109 59343 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:39:54.588520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:40:00.376525 0.000000 tcp 10.0.2.109 59343 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:40:02.620036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:40:06.375472 3.004211 tcp 10.0.2.109 59344 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:40:15.378043 0.000000 tcp 10.0.2.109 59344 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:40:18.622577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:40:21.376520 3.004657 tcp 10.0.2.109 59345 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:40:26.073378 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:40:30.379501 0.000000 tcp 10.0.2.109 59345 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:40:36.378397 0.674507 tcp 10.0.2.109 59346 -> 46.50.226.74 10856 FSPA* 0 0 14 1623 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:40:37.053148 3.000493 tcp 10.0.2.109 59347 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:40:46.052291 0.000000 tcp 10.0.2.109 59347 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:40:50.738840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:40:56.437620 0.113701 rtp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:56.532115 0.056096 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:56.801914 0.153969 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:56.948655 0.291582 udp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:57.219861 0.185558 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:57.482181 0.182474 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:57.661486 0.244384 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:58.244254 0.367863 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:58.734527 0.163865 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:59.004483 0.159650 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:59.251318 0.067984 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:59.303680 0.159249 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:59.668799 0.192652 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:40:59.902744 0.129582 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:00.121771 0.258737 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:00.341990 0.123366 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:00.432355 0.172791 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:00.663587 0.165052 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:00.825250 0.041989 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:00.893788 0.194530 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:01.082215 0.373056 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:01.437203 0.167466 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:01.595219 0.122549 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:01.713772 0.106587 rtp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:01.804821 0.045473 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:02.066273 0.877340 rtp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:02.936931 0.440111 rtp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2581 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:03.327800 0.188488 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:03.520775 0.199351 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:03.957242 0.048093 rtp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:04.287591 0.111831 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:04.353136 0.279979 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:04.584023 0.218697 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:04.866972 0.202072 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:05.059718 0.201841 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:41:05.253285 0.057027 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/01/21 15:45:52.162722 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:45:52.162964 2.993294 tcp 10.0.2.109 59348 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:46:01.155126 0.000000 tcp 10.0.2.109 59348 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:46:07.165508 0.031143 tcp 10.0.2.109 59349 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:07.196961 0.052662 tcp 10.0.2.109 59350 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:07.250060 0.140582 tcp 10.0.2.109 59351 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:07.603112 2.995722 tcp 10.0.2.109 59352 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:46:16.597665 0.000000 tcp 10.0.2.109 59352 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:46:22.596694 0.030527 tcp 10.0.2.109 59353 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:22.627061 0.051979 tcp 10.0.2.109 59354 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:22.679356 0.144285 tcp 10.0.2.109 59355 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:22.840713 2.999877 tcp 10.0.2.109 59356 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:46:31.839005 0.000000 tcp 10.0.2.109 59356 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:46:37.838308 0.051075 tcp 10.0.2.109 59357 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:37.889689 0.038608 tcp 10.0.2.109 59358 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:37.928614 0.141702 tcp 10.0.2.109 59359 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:38.360289 3.002931 tcp 10.0.2.109 59360 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:46:47.361724 0.000000 tcp 10.0.2.109 59360 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:46:53.361127 0.052139 tcp 10.0.2.109 59361 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:53.413107 0.053233 tcp 10.0.2.109 59362 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:53.466321 0.141770 tcp 10.0.2.109 59363 -> 195.113.214.211 443 SRPA* 0 0 31 22144 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:53.628773 1.163718 tcp 10.0.2.109 59364 -> 46.50.226.74 10856 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:54.271014 0.052786 tcp 10.0.2.109 59365 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:54.324076 0.053175 tcp 10.0.2.109 59366 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:54.377524 0.128943 tcp 10.0.2.109 59367 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:46:54.745498 3.000832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 15:46:54.792741 2.993802 tcp 10.0.2.109 59368 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:47:01.752047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:47:03.785139 0.000000 tcp 10.0.2.109 59368 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:47:09.773802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:47:09.794511 0.052373 tcp 10.0.2.109 59369 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:47:09.847114 0.053466 tcp 10.0.2.109 59370 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:47:09.900981 0.126949 tcp 10.0.2.109 59371 -> 195.113.214.211 443 SRPA* 0 0 41 32924 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:47:10.341229 2.998007 tcp 10.0.2.109 59372 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:47:19.337408 0.000000 tcp 10.0.2.109 59372 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:47:25.336783 3.004025 tcp 10.0.2.109 59373 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:47:25.776976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:47:34.339190 0.000000 tcp 10.0.2.109 59373 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:47:40.338524 3.003739 tcp 10.0.2.109 59374 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:47:49.340702 0.000000 tcp 10.0.2.109 59374 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:47:54.177388 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:47:55.339543 3.004377 tcp 10.0.2.109 59375 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:47:57.783345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:48:04.352636 0.000000 tcp 10.0.2.109 59375 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:48:10.341157 0.721566 tcp 10.0.2.109 59376 -> 46.50.226.74 10856 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:48:11.062687 2.994517 tcp 10.0.2.109 59377 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:48:20.055216 0.000000 tcp 10.0.2.109 59377 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:53:26.065453 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:53:26.065598 3.003781 tcp 10.0.2.109 59378 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:53:35.068090 0.000000 tcp 10.0.2.109 59378 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:53:41.068700 0.053194 tcp 10.0.2.109 59379 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:53:41.121721 0.052885 tcp 10.0.2.109 59380 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:53:41.174914 0.125625 tcp 10.0.2.109 59381 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:53:41.780634 3.001341 tcp 10.0.2.109 59382 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:53:50.780787 0.000000 tcp 10.0.2.109 59382 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:53:56.779734 0.044024 tcp 10.0.2.109 59383 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:53:56.823605 0.053439 tcp 10.0.2.109 59384 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:53:56.877284 0.144298 tcp 10.0.2.109 59385 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:53:57.069889 3.004049 tcp 10.0.2.109 59386 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:54:01.789900 3.040853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 15:54:06.082204 0.000000 tcp 10.0.2.109 59386 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:54:08.836107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:54:12.081600 0.030439 tcp 10.0.2.109 59387 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:12.112344 0.053329 tcp 10.0.2.109 59388 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:12.165929 0.124942 tcp 10.0.2.109 59389 -> 195.113.214.211 443 SRPA* 0 0 71 70012 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:12.991854 2.994474 tcp 10.0.2.109 59390 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:54:16.838358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:54:21.985417 0.000000 tcp 10.0.2.109 59390 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:54:27.984253 0.052379 tcp 10.0.2.109 59391 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:28.036932 0.053500 tcp 10.0.2.109 59392 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:28.090713 0.125672 tcp 10.0.2.109 59393 -> 195.113.214.211 443 SRPA* 0 0 47 41316 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:28.411340 1.064418 tcp 10.0.2.109 59394 -> 46.50.226.74 10856 FSPA* 0 0 14 1697 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:29.033622 0.052148 tcp 10.0.2.109 59395 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:29.086115 0.052052 tcp 10.0.2.109 59396 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:29.138490 0.142611 tcp 10.0.2.109 59397 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:29.476075 3.004403 tcp 10.0.2.109 59398 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:54:32.841015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:54:38.479323 0.000000 tcp 10.0.2.109 59398 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:54:44.508292 0.031540 tcp 10.0.2.109 59399 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:44.539685 0.031610 tcp 10.0.2.109 59400 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:44.571577 0.143210 tcp 10.0.2.109 59401 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:54:44.993681 3.009141 tcp 10.0.2.109 59402 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:54:54.001532 0.000000 tcp 10.0.2.109 59402 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:54:59.989935 2.994265 tcp 10.0.2.109 59403 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:55:04.927059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 15:55:08.992920 0.000000 tcp 10.0.2.109 59403 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:55:14.991838 2.994087 tcp 10.0.2.109 59404 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:55:23.984387 0.000000 tcp 10.0.2.109 59404 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:55:28.721339 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 15:55:29.993536 2.994081 tcp 10.0.2.109 59405 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:55:38.986356 0.000000 tcp 10.0.2.109 59405 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:55:44.995196 0.748759 tcp 10.0.2.109 59406 -> 46.50.226.74 10856 FSPA* 0 0 14 1697 flow=From-Botnet-V1-TCP-Established 1970/01/21 15:55:45.743802 2.996077 tcp 10.0.2.109 59407 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 15:55:54.739070 0.000000 tcp 10.0.2.109 59407 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:01:00.739076 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:01:00.739160 3.003953 tcp 10.0.2.109 59408 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:01:08.933166 3.001996 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 16:01:09.741495 0.000000 tcp 10.0.2.109 59408 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:01:15.742320 3.495033 tcp 10.0.2.109 59409 -> 195.113.214.219 80 FSPA* 0 0 12 2006 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:01:19.207235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:01:19.237626 0.030571 tcp 10.0.2.109 59410 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:01:19.268533 0.142596 tcp 10.0.2.109 59411 -> 195.113.214.211 443 SRPA* 0 0 34 26098 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:01:19.551897 2.997999 tcp 10.0.2.109 59412 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:01:27.206851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:01:28.548867 0.000000 tcp 10.0.2.109 59412 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:01:34.548090 0.053065 tcp 10.0.2.109 59413 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:01:34.601007 0.031763 tcp 10.0.2.109 59414 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:01:34.633143 0.145119 tcp 10.0.2.109 59415 -> 195.113.214.211 443 SRPA* 0 0 49 31336 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:01:35.124408 3.007647 tcp 10.0.2.109 59416 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:01:43.209636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:01:44.130870 0.000000 tcp 10.0.2.109 59416 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:01:50.120315 0.052588 tcp 10.0.2.109 59417 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:01:50.173197 0.030975 tcp 10.0.2.109 59418 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:01:50.204477 0.125566 tcp 10.0.2.109 59419 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:01:50.840148 2.994935 tcp 10.0.2.109 59420 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:01:59.843536 0.000000 tcp 10.0.2.109 59420 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:02:05.832508 0.051684 tcp 10.0.2.109 59421 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:05.884507 0.053075 tcp 10.0.2.109 59422 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:05.937864 0.146742 tcp 10.0.2.109 59423 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:06.347584 1.099589 tcp 10.0.2.109 59424 -> 46.50.226.74 10856 FSPA* 0 0 12 1428 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:07.036609 0.052883 tcp 10.0.2.109 59425 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:07.089829 0.031456 tcp 10.0.2.109 59426 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:07.121624 0.143542 tcp 10.0.2.109 59427 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:07.447041 3.001946 tcp 10.0.2.109 59428 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:02:15.215710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:02:16.447513 0.000000 tcp 10.0.2.109 59428 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:02:22.446900 0.030254 tcp 10.0.2.109 59429 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:22.477469 0.052530 tcp 10.0.2.109 59430 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:22.530557 0.144380 tcp 10.0.2.109 59431 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:02:22.702571 2.997889 tcp 10.0.2.109 59432 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:02:31.699654 0.000000 tcp 10.0.2.109 59432 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:02:39.550914 2.994124 tcp 10.0.2.109 59433 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:02:48.553808 0.000000 tcp 10.0.2.109 59433 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:02:54.562803 2.993971 tcp 10.0.2.109 59434 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:03:03.555545 0.000000 tcp 10.0.2.109 59434 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:03:10.255421 3.004036 tcp 10.0.2.109 59435 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:03:14.982044 0.000216 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:03:19.257700 0.000000 tcp 10.0.2.109 59435 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:03:25.257139 0.707863 tcp 10.0.2.109 59436 -> 46.50.226.74 10856 FSPA* 0 0 12 1428 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:03:25.965221 3.006985 tcp 10.0.2.109 59437 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:03:34.970552 0.000000 tcp 10.0.2.109 59437 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:08:31.770527 3.000710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 16:08:38.777090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:08:40.960917 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:08:40.961026 2.993943 tcp 10.0.2.109 59438 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:08:46.778679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:08:49.963368 0.000000 tcp 10.0.2.109 59438 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:08:55.963331 0.030661 tcp 10.0.2.109 59439 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:08:55.994303 0.053168 tcp 10.0.2.109 59440 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:08:56.047760 0.139124 tcp 10.0.2.109 59441 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:08:56.227839 2.998649 tcp 10.0.2.109 59442 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:09:02.781498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:09:05.225254 0.000000 tcp 10.0.2.109 59442 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:09:11.224519 0.052502 tcp 10.0.2.109 59443 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:11.277317 0.030709 tcp 10.0.2.109 59444 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:11.308290 0.129402 tcp 10.0.2.109 59445 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:11.760553 2.998460 tcp 10.0.2.109 59446 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:09:20.757853 0.000000 tcp 10.0.2.109 59446 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:09:26.756576 0.053111 tcp 10.0.2.109 59447 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:26.810019 0.053756 tcp 10.0.2.109 59448 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:26.863687 0.143740 tcp 10.0.2.109 59449 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:27.361808 2.999216 tcp 10.0.2.109 59450 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:09:34.787872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:09:36.359744 0.000000 tcp 10.0.2.109 59450 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:09:42.359714 0.052933 tcp 10.0.2.109 59451 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:42.412936 0.053171 tcp 10.0.2.109 59452 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:42.466441 0.139456 tcp 10.0.2.109 59453 -> 195.113.214.211 443 SRPA* 0 0 27 13714 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:42.750483 1.099322 tcp 10.0.2.109 59454 -> 46.50.226.74 10856 FSPA* 0 0 14 1657 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:43.412069 0.052302 tcp 10.0.2.109 59455 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:43.464397 0.053430 tcp 10.0.2.109 59456 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:43.518276 0.143616 tcp 10.0.2.109 59457 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:43.850024 2.994685 tcp 10.0.2.109 59458 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:09:52.853908 0.000000 tcp 10.0.2.109 59458 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:09:58.842885 0.051965 tcp 10.0.2.109 59459 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:58.895210 0.030377 tcp 10.0.2.109 59460 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:58.925840 0.128801 tcp 10.0.2.109 59461 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:09:59.757577 3.000223 tcp 10.0.2.109 59462 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:10:08.756326 0.000000 tcp 10.0.2.109 59462 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:10:14.755350 3.004409 tcp 10.0.2.109 59463 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:10:23.757852 0.000000 tcp 10.0.2.109 59463 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:10:29.756984 3.004089 tcp 10.0.2.109 59464 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:10:38.759930 0.000000 tcp 10.0.2.109 59464 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:10:43.486487 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:10:44.758896 3.003667 tcp 10.0.2.109 59465 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:10:53.761013 0.000000 tcp 10.0.2.109 59465 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:10:59.759927 0.645603 tcp 10.0.2.109 59466 -> 46.50.226.74 10856 FSPA* 0 0 14 1657 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:11:00.405368 2.999722 tcp 10.0.2.109 59467 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:11:09.413802 0.000000 tcp 10.0.2.109 59467 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:11:20.049271 0.155051 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:20.196568 0.296927 udp 10.0.2.109 3683 <-> 72.160.17.24 6351 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:20.473640 0.097710 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:20.552630 0.055483 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:20.642137 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 16:11:36.603989 0.052523 tcp 10.0.2.109 59468 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:11:36.656735 0.052434 tcp 10.0.2.109 59469 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:11:36.709456 0.144418 tcp 10.0.2.109 59470 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:11:36.853028 0.185266 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:37.031454 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 16:11:52.646315 0.051902 tcp 10.0.2.109 59471 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:11:52.698579 0.054563 tcp 10.0.2.109 59472 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:11:52.753025 0.134650 tcp 10.0.2.109 59473 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:11:52.888307 0.366982 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:53.258818 0.159601 rtp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:53.433302 0.159549 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:53.608169 0.077790 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:53.666178 0.143877 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:53.820010 0.068370 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:53.922557 0.166810 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:54.084535 0.257748 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:54.302961 0.116429 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:54.385409 0.175660 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:54.538128 0.172562 rtp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:54.707655 0.068506 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:54.779215 0.187976 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:54.966352 0.051946 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:55.014310 0.105363 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:55.100177 0.045419 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:55.185182 0.366126 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:55.531933 0.166508 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:55.674996 0.187872 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:55.854878 0.523272 udp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:56.371898 0.433320 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:56.756250 0.204232 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:56.974577 0.048103 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:57.021062 0.118118 rtp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:57.091651 0.269375 udp 10.0.2.109 3683 <-> 187.205.173.40 3188 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:57.313777 0.192345 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:57.497118 0.058807 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:57.553392 0.175075 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:11:57.724048 0.194529 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:15:46.843180 3.004000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 16:15:53.853487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:16:01.854712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:16:15.403910 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:16:15.404150 3.003779 tcp 10.0.2.109 59474 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:16:17.858112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:16:24.406686 0.000000 tcp 10.0.2.109 59474 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:16:30.407455 0.053253 tcp 10.0.2.109 59475 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:16:30.460973 0.052581 tcp 10.0.2.109 59476 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:16:30.513902 0.126960 tcp 10.0.2.109 59477 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:16:30.722884 2.996829 tcp 10.0.2.109 59478 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:16:39.718694 0.000000 tcp 10.0.2.109 59478 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:16:45.717932 0.052967 tcp 10.0.2.109 59479 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:16:45.771256 0.042602 tcp 10.0.2.109 59480 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:16:45.813671 0.144282 tcp 10.0.2.109 59481 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:16:45.969488 3.002534 tcp 10.0.2.109 59482 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:16:49.863341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:16:54.970612 0.000000 tcp 10.0.2.109 59482 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:17:00.969952 0.031009 tcp 10.0.2.109 59483 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:01.000815 0.032453 tcp 10.0.2.109 59484 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:01.033137 0.145828 tcp 10.0.2.109 59485 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:01.215430 2.998362 tcp 10.0.2.109 59486 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:17:10.222879 0.000000 tcp 10.0.2.109 59486 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:17:16.212004 0.051752 tcp 10.0.2.109 59487 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:16.263993 0.053346 tcp 10.0.2.109 59488 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:16.317703 0.125399 tcp 10.0.2.109 59489 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:16.470940 0.900956 tcp 10.0.2.109 59490 -> 46.50.226.74 10856 FSPA* 0 0 14 1680 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:17.125765 0.052465 tcp 10.0.2.109 59491 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:17.178313 0.032151 tcp 10.0.2.109 59492 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:17.210832 0.128680 tcp 10.0.2.109 59493 -> 195.113.214.211 443 SRPA* 0 0 35 18264 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:17.372115 2.994802 tcp 10.0.2.109 59494 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:17:26.365434 0.000000 tcp 10.0.2.109 59494 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:17:32.365286 0.051631 tcp 10.0.2.109 59495 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:32.417258 0.053325 tcp 10.0.2.109 59496 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:32.470877 0.139592 tcp 10.0.2.109 59497 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:17:32.647864 3.001700 tcp 10.0.2.109 59498 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:17:41.647904 0.000000 tcp 10.0.2.109 59498 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:17:47.646393 3.004474 tcp 10.0.2.109 59499 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:17:56.648949 0.000000 tcp 10.0.2.109 59499 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:18:02.647923 3.004450 tcp 10.0.2.109 59500 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:18:11.651072 0.000000 tcp 10.0.2.109 59500 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:18:17.649963 3.003960 tcp 10.0.2.109 59501 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:18:22.486680 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:18:26.662575 0.000000 tcp 10.0.2.109 59501 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:18:32.650924 0.675097 tcp 10.0.2.109 59502 -> 46.50.226.74 10856 FSPA* 0 0 14 1680 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:18:33.326254 2.999728 tcp 10.0.2.109 59503 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:18:42.324808 0.000000 tcp 10.0.2.109 59503 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:23:05.956962 3.001051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 16:23:12.963831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:23:20.965699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:23:36.968753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:23:48.325742 0.000172 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:23:48.326010 3.003382 tcp 10.0.2.109 59504 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:23:57.327569 0.000000 tcp 10.0.2.109 59504 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:24:03.328336 0.053188 tcp 10.0.2.109 59505 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:03.381826 0.053072 tcp 10.0.2.109 59506 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:03.435247 0.143206 tcp 10.0.2.109 59507 -> 195.113.214.211 443 SRPA* 0 0 30 15922 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:03.819418 3.002368 tcp 10.0.2.109 59508 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:24:08.974978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:24:12.819812 0.000000 tcp 10.0.2.109 59508 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:24:18.819481 0.052504 tcp 10.0.2.109 59509 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:18.872332 0.053883 tcp 10.0.2.109 59510 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:18.926509 0.139691 tcp 10.0.2.109 59511 -> 195.113.214.211 443 SRPA* 0 0 48 29902 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:19.236533 3.007029 tcp 10.0.2.109 59512 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:24:28.252097 0.000000 tcp 10.0.2.109 59512 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:24:34.282052 0.053011 tcp 10.0.2.109 59513 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:34.335361 0.031132 tcp 10.0.2.109 59514 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:34.366816 0.127918 tcp 10.0.2.109 59515 -> 195.113.214.211 443 SRPA* 0 0 37 31248 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:34.564037 3.001527 tcp 10.0.2.109 59516 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:24:43.564291 0.000000 tcp 10.0.2.109 59516 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:24:49.563945 0.052424 tcp 10.0.2.109 59517 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:49.616699 0.052350 tcp 10.0.2.109 59518 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:49.669405 0.141314 tcp 10.0.2.109 59519 -> 195.113.214.211 443 SRPA* 0 0 40 24678 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:50.014917 1.508320 tcp 10.0.2.109 59520 -> 46.50.226.74 10856 FSPA* 0 0 14 1739 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:50.716929 0.052244 tcp 10.0.2.109 59521 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:50.769495 0.053127 tcp 10.0.2.109 59522 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:50.822893 0.139426 tcp 10.0.2.109 59523 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:24:51.523427 2.996306 tcp 10.0.2.109 59524 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:25:00.518819 0.000000 tcp 10.0.2.109 59524 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:25:06.518086 0.030537 tcp 10.0.2.109 59525 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:25:06.548975 0.032066 tcp 10.0.2.109 59526 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:25:06.581025 0.142668 tcp 10.0.2.109 59527 -> 195.113.214.211 443 SRPA* 0 0 35 18174 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:25:06.887989 3.004516 tcp 10.0.2.109 59528 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:25:15.891099 0.000000 tcp 10.0.2.109 59528 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:25:21.889474 3.003945 tcp 10.0.2.109 59529 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:25:30.902400 0.000000 tcp 10.0.2.109 59529 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:25:36.891299 2.994338 tcp 10.0.2.109 59530 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:25:45.893730 0.000000 tcp 10.0.2.109 59530 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:25:51.892664 2.994449 tcp 10.0.2.109 59531 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:25:56.539145 0.000156 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:26:00.885325 0.000000 tcp 10.0.2.109 59531 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:26:06.894262 0.668662 tcp 10.0.2.109 59532 -> 46.50.226.74 10856 FSPA* 0 0 14 1739 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:26:07.563115 2.996051 tcp 10.0.2.109 59533 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:26:16.557711 0.000000 tcp 10.0.2.109 59533 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:30:16.035490 3.001093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 16:30:23.042342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:30:31.043816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:30:47.047383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:31:19.053178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:31:22.558997 0.000153 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:31:22.559249 3.002734 tcp 10.0.2.109 59534 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:31:31.560982 0.000000 tcp 10.0.2.109 59534 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:31:37.561014 0.052912 tcp 10.0.2.109 59535 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:31:37.614359 0.053446 tcp 10.0.2.109 59536 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:31:37.667661 0.144119 tcp 10.0.2.109 59537 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:31:38.644978 3.000404 tcp 10.0.2.109 59538 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:31:47.644369 0.000000 tcp 10.0.2.109 59538 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:31:53.643384 0.052439 tcp 10.0.2.109 59539 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:31:53.696102 0.052676 tcp 10.0.2.109 59540 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:31:53.749157 0.142915 tcp 10.0.2.109 59541 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:31:54.298466 2.999257 tcp 10.0.2.109 59542 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:32:03.296389 0.000000 tcp 10.0.2.109 59542 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:32:09.456126 0.052852 tcp 10.0.2.109 59543 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:09.509351 0.052759 tcp 10.0.2.109 59544 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:09.561989 0.141735 tcp 10.0.2.109 59545 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:09.800159 3.000476 tcp 10.0.2.109 59546 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:32:18.798784 0.000000 tcp 10.0.2.109 59546 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:32:24.797880 0.052439 tcp 10.0.2.109 59547 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:24.850679 0.052565 tcp 10.0.2.109 59548 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:24.903092 0.145398 tcp 10.0.2.109 59549 -> 195.113.214.211 443 SRPA* 0 0 30 22168 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:25.325669 1.059560 tcp 10.0.2.109 59550 -> 46.50.226.74 10856 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:26.000865 0.041010 tcp 10.0.2.109 59551 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:26.042078 0.052246 tcp 10.0.2.109 59552 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:26.094576 0.125968 tcp 10.0.2.109 59553 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:26.385444 2.998560 tcp 10.0.2.109 59554 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:32:35.392995 0.000000 tcp 10.0.2.109 59554 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:32:41.382202 0.052268 tcp 10.0.2.109 59555 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:41.434776 0.030480 tcp 10.0.2.109 59556 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:41.465552 0.131614 tcp 10.0.2.109 59557 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:32:41.743097 2.992731 tcp 10.0.2.109 59558 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:32:50.734562 0.000000 tcp 10.0.2.109 59558 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:32:56.743678 2.994136 tcp 10.0.2.109 59559 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:33:05.736108 0.000000 tcp 10.0.2.109 59559 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:33:11.744957 3.004640 tcp 10.0.2.109 59560 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:33:20.748115 0.000000 tcp 10.0.2.109 59560 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:33:25.695009 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:33:26.746443 3.004450 tcp 10.0.2.109 59561 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:33:35.749342 0.000000 tcp 10.0.2.109 59561 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:33:41.748110 0.739397 tcp 10.0.2.109 59562 -> 46.50.226.74 10856 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:33:42.487326 3.005836 tcp 10.0.2.109 59563 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:33:51.491926 0.000000 tcp 10.0.2.109 59563 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:37:23.219686 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 16:37:30.226953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:37:38.228463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:37:54.231107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:38:26.236893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:38:57.482722 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:38:57.482821 2.993230 tcp 10.0.2.109 59564 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:39:06.475059 0.000000 tcp 10.0.2.109 59564 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:39:12.485420 0.053875 tcp 10.0.2.109 59565 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:12.539567 0.050917 tcp 10.0.2.109 59566 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:12.590816 0.141286 tcp 10.0.2.109 59567 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:12.940995 2.997781 tcp 10.0.2.109 59568 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:39:21.937396 0.000000 tcp 10.0.2.109 59568 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:39:27.936788 0.051882 tcp 10.0.2.109 59569 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:27.989030 0.051932 tcp 10.0.2.109 59570 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:28.040813 0.139726 tcp 10.0.2.109 59571 -> 195.113.214.211 443 SRPA* 0 0 21 11340 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:28.191938 2.998461 tcp 10.0.2.109 59572 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:39:37.188835 0.000000 tcp 10.0.2.109 59572 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:39:43.188379 0.051762 tcp 10.0.2.109 59573 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:43.240526 0.051873 tcp 10.0.2.109 59574 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:43.292693 0.141748 tcp 10.0.2.109 59575 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:43.851852 3.001489 tcp 10.0.2.109 59576 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:39:52.851777 0.000000 tcp 10.0.2.109 59576 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:39:58.850902 0.051307 tcp 10.0.2.109 59577 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:58.902565 0.032456 tcp 10.0.2.109 59578 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:58.934880 0.149279 tcp 10.0.2.109 59579 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:39:59.411959 1.095538 tcp 10.0.2.109 59580 -> 46.50.226.74 10856 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:40:00.113894 0.051815 tcp 10.0.2.109 59581 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:40:00.165988 0.052645 tcp 10.0.2.109 59582 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:40:00.218938 0.123800 tcp 10.0.2.109 59583 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:40:00.507779 2.999143 tcp 10.0.2.109 59584 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:40:09.505948 0.000000 tcp 10.0.2.109 59584 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:40:15.544766 0.052357 tcp 10.0.2.109 59585 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:40:15.597399 0.053007 tcp 10.0.2.109 59586 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:40:15.650266 0.137841 tcp 10.0.2.109 59587 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:40:15.893279 2.995912 tcp 10.0.2.109 59588 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:40:24.887829 0.000000 tcp 10.0.2.109 59588 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:40:30.886725 3.003806 tcp 10.0.2.109 59589 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:40:39.890187 0.000000 tcp 10.0.2.109 59589 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:40:45.888007 3.004297 tcp 10.0.2.109 59590 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:40:54.890724 0.000000 tcp 10.0.2.109 59590 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:40:59.737642 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:41:00.889610 3.004326 tcp 10.0.2.109 59591 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:41:09.902567 0.000000 tcp 10.0.2.109 59591 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:41:15.891624 0.687837 tcp 10.0.2.109 59592 -> 46.50.226.74 10856 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:41:16.579689 2.996856 tcp 10.0.2.109 59593 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:41:25.575086 0.000000 tcp 10.0.2.109 59593 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:42:00.325424 0.247994 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:00.570609 0.184534 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:00.751278 0.147853 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:01.132715 0.000000 udp 10.0.2.109 3683 -> 72.160.17.24 6351 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 16:42:05.232115 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:42:17.752238 0.032225 tcp 10.0.2.109 59594 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:42:17.784723 0.051402 tcp 10.0.2.109 59595 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:42:17.836406 0.143909 tcp 10.0.2.109 59596 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:42:17.980974 0.055040 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2002 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:18.577662 0.370236 rtp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 1968 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:19.153440 0.192470 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:19.338003 0.159585 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:19.510515 0.355503 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:19.935802 0.167895 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:20.194922 0.079751 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:20.280135 0.135831 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:20.516462 0.065549 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:20.566106 0.169559 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:21.054572 0.118530 rtp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:21.133823 0.120630 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:21.531726 0.171548 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:21.680095 0.165352 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:21.842559 0.045865 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:21.993610 0.104923 rtp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:22.079634 0.044235 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:22.242860 0.338411 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:22.562857 0.172783 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:22.843836 0.187921 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:23.024495 0.191093 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:23.354337 0.066396 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:23.412772 0.046601 rtp 10.0.2.109 3683 <-> 84.152.214.101 1251 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:23.635660 0.431900 rtp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:24.027659 0.199744 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:24.506104 0.047607 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:24.730647 0.116215 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:24.799216 0.000000 udp 10.0.2.109 3683 -> 187.205.173.40 3188 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 16:42:43.577655 0.051464 tcp 10.0.2.109 59597 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:42:43.629433 0.030929 tcp 10.0.2.109 59598 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:42:43.660250 0.127962 tcp 10.0.2.109 59599 -> 195.113.214.211 443 SRPA* 0 0 40 33458 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:42:43.788963 2.535671 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:46.301872 0.201927 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:46.496603 0.061729 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:42:46.656385 0.183348 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/01/21 16:44:31.285309 3.001053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 16:44:38.292048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:44:46.293770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:45:02.296821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:45:34.302934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:46:31.575536 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:46:31.575727 3.003475 tcp 10.0.2.109 59600 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:46:40.578271 0.000000 tcp 10.0.2.109 59600 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:46:46.578994 0.031673 tcp 10.0.2.109 59601 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:46:46.611018 0.054123 tcp 10.0.2.109 59602 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:46:46.665450 0.143687 tcp 10.0.2.109 59603 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:46:47.216763 3.005353 tcp 10.0.2.109 59604 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:46:56.220357 0.000000 tcp 10.0.2.109 59604 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:47:02.209509 0.052946 tcp 10.0.2.109 59605 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:02.262309 0.053642 tcp 10.0.2.109 59606 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:02.316250 0.123946 tcp 10.0.2.109 59607 -> 195.113.214.211 443 SRPA* 0 0 37 30896 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:02.624963 2.998767 tcp 10.0.2.109 59608 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:47:11.632353 0.000000 tcp 10.0.2.109 59608 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:47:17.621931 0.052480 tcp 10.0.2.109 59609 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:17.674257 0.053448 tcp 10.0.2.109 59610 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:17.728066 0.126445 tcp 10.0.2.109 59611 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:18.297778 2.998702 tcp 10.0.2.109 59612 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:47:27.294864 0.000000 tcp 10.0.2.109 59612 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:47:33.293881 0.051937 tcp 10.0.2.109 59613 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:33.346094 0.042088 tcp 10.0.2.109 59614 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:33.388462 0.139902 tcp 10.0.2.109 59615 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:34.702000 1.843190 tcp 10.0.2.109 59616 -> 46.50.226.74 10856 FSPA* 0 0 14 1683 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:35.351463 0.030143 tcp 10.0.2.109 59617 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:35.381953 0.031009 tcp 10.0.2.109 59618 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:35.413195 0.142188 tcp 10.0.2.109 59619 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:36.545381 3.007157 tcp 10.0.2.109 59620 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:47:45.551022 0.000000 tcp 10.0.2.109 59620 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:47:51.540285 0.052260 tcp 10.0.2.109 59621 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:51.592393 0.054026 tcp 10.0.2.109 59622 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:51.646785 0.143017 tcp 10.0.2.109 59623 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:47:52.016145 2.998802 tcp 10.0.2.109 59624 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:48:01.023616 0.000000 tcp 10.0.2.109 59624 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:48:07.012712 2.993656 tcp 10.0.2.109 59625 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:48:16.005090 0.000000 tcp 10.0.2.109 59625 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:48:22.064206 3.003883 tcp 10.0.2.109 59626 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:48:31.066549 0.000000 tcp 10.0.2.109 59626 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:48:35.783816 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:48:37.065829 3.003993 tcp 10.0.2.109 59627 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:48:46.068125 0.000000 tcp 10.0.2.109 59627 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:48:52.077089 0.653001 tcp 10.0.2.109 59628 -> 46.50.226.74 10856 FSPA* 0 0 14 1683 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:48:52.729954 3.002080 tcp 10.0.2.109 59629 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:49:01.730862 0.000000 tcp 10.0.2.109 59629 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:51:38.368360 3.002100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 16:51:45.375818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:51:53.377873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:52:09.380612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:52:41.386564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:54:07.731750 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:54:07.731854 2.993149 tcp 10.0.2.109 59630 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:54:16.723723 0.000000 tcp 10.0.2.109 59630 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:54:22.734351 0.052423 tcp 10.0.2.109 59631 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:54:22.787084 0.053524 tcp 10.0.2.109 59632 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:54:22.840926 0.331500 tcp 10.0.2.109 59633 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:54:23.751439 2.996983 tcp 10.0.2.109 59634 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:54:32.746606 0.000000 tcp 10.0.2.109 59634 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:54:38.746123 0.052241 tcp 10.0.2.109 59635 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:54:38.798665 0.052122 tcp 10.0.2.109 59636 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:54:38.851045 0.141556 tcp 10.0.2.109 59637 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:54:39.167110 3.003009 tcp 10.0.2.109 59638 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:54:48.168616 0.000000 tcp 10.0.2.109 59638 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:54:54.508386 0.052810 tcp 10.0.2.109 59639 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:54:54.561494 0.052497 tcp 10.0.2.109 59640 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:54:54.614323 0.143272 tcp 10.0.2.109 59641 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:54:54.913210 2.999618 tcp 10.0.2.109 59642 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:55:03.911776 0.000000 tcp 10.0.2.109 59642 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:55:09.910981 0.052999 tcp 10.0.2.109 59643 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:09.964265 0.030770 tcp 10.0.2.109 59644 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:09.995389 0.139797 tcp 10.0.2.109 59645 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:10.171719 1.013505 tcp 10.0.2.109 59646 -> 46.50.226.74 10856 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:10.837305 0.050933 tcp 10.0.2.109 59647 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:10.888542 0.031596 tcp 10.0.2.109 59648 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:10.920017 0.145084 tcp 10.0.2.109 59649 -> 195.113.214.211 443 SRPA* 0 0 32 16642 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:11.185517 3.000718 tcp 10.0.2.109 59650 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:55:20.185254 0.000000 tcp 10.0.2.109 59650 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:55:26.294683 0.051727 tcp 10.0.2.109 59651 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:26.346768 0.032319 tcp 10.0.2.109 59652 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:26.378946 0.144191 tcp 10.0.2.109 59653 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:55:26.718904 3.000110 tcp 10.0.2.109 59654 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:55:35.717510 0.000000 tcp 10.0.2.109 59654 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:55:41.716097 3.003933 tcp 10.0.2.109 59655 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:55:50.719187 0.000000 tcp 10.0.2.109 59655 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:55:56.717756 3.003746 tcp 10.0.2.109 59656 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:56:05.720406 0.000000 tcp 10.0.2.109 59656 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:56:10.567550 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 16:56:11.719639 3.003624 tcp 10.0.2.109 59657 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:56:20.722381 0.000000 tcp 10.0.2.109 59657 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:56:26.720888 0.634686 tcp 10.0.2.109 59658 -> 46.50.226.74 10856 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/21 16:56:27.355796 3.000200 tcp 10.0.2.109 59659 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:56:36.354587 0.000000 tcp 10.0.2.109 59659 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 16:58:45.664041 3.000690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 16:58:52.670193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:59:00.672382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:59:16.675261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 16:59:48.681392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:01:42.355235 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:01:42.355330 3.003641 tcp 10.0.2.109 59660 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:01:51.357643 0.000000 tcp 10.0.2.109 59660 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:01:57.357859 0.052872 tcp 10.0.2.109 59661 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:01:57.411021 0.054310 tcp 10.0.2.109 59662 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:01:57.465617 0.142664 tcp 10.0.2.109 59663 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:01:58.215830 3.005966 tcp 10.0.2.109 59664 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:02:07.219959 0.000000 tcp 10.0.2.109 59664 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:02:13.209753 0.051835 tcp 10.0.2.109 59665 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:13.261886 0.053711 tcp 10.0.2.109 59666 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:13.315841 0.125641 tcp 10.0.2.109 59667 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:13.649569 3.004439 tcp 10.0.2.109 59668 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:02:22.662237 0.000000 tcp 10.0.2.109 59668 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:02:28.651907 0.052165 tcp 10.0.2.109 59669 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:28.704340 0.032428 tcp 10.0.2.109 59670 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:28.736700 0.141959 tcp 10.0.2.109 59671 -> 195.113.214.211 443 SRPA* 0 0 35 18824 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:28.907944 2.997818 tcp 10.0.2.109 59672 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:02:37.904116 0.000000 tcp 10.0.2.109 59672 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:02:43.903482 0.031311 tcp 10.0.2.109 59673 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:43.935066 0.032633 tcp 10.0.2.109 59674 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:43.968008 0.124831 tcp 10.0.2.109 59675 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:44.291212 1.312482 tcp 10.0.2.109 59676 -> 46.50.226.74 10856 FSPA* 0 0 14 1725 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:44.952478 0.051523 tcp 10.0.2.109 59677 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:45.004295 0.054362 tcp 10.0.2.109 59678 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:45.058495 0.143708 tcp 10.0.2.109 59679 -> 195.113.214.211 443 SRPA* 0 0 35 29092 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:02:45.603966 2.995493 tcp 10.0.2.109 59680 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:02:54.597982 0.000000 tcp 10.0.2.109 59680 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:03:00.598023 0.052267 tcp 10.0.2.109 59681 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:03:00.650580 0.051817 tcp 10.0.2.109 59682 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:03:00.702699 0.139156 tcp 10.0.2.109 59683 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:03:00.995029 3.006660 tcp 10.0.2.109 59684 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:03:10.000601 0.000000 tcp 10.0.2.109 59684 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:03:15.989463 3.003731 tcp 10.0.2.109 59685 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:03:24.991980 0.000000 tcp 10.0.2.109 59685 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:03:30.991166 2.994194 tcp 10.0.2.109 59686 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:03:39.993617 0.000000 tcp 10.0.2.109 59686 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:03:45.992794 2.994009 tcp 10.0.2.109 59687 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:03:50.569035 0.001515 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:03:54.985278 0.000000 tcp 10.0.2.109 59687 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:04:00.993891 0.671657 tcp 10.0.2.109 59688 -> 46.50.226.74 10856 FSPA* 0 0 14 1725 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:04:01.665767 3.003540 tcp 10.0.2.109 59689 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:04:10.667520 0.000000 tcp 10.0.2.109 59689 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:05:52.827869 3.001213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 17:05:59.834974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:06:07.835941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:06:23.838990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:06:55.845223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:09:16.809030 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:09:16.809132 3.003101 tcp 10.0.2.109 59690 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:09:25.810746 0.000000 tcp 10.0.2.109 59690 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:09:31.811196 0.031230 tcp 10.0.2.109 59691 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:09:31.842700 0.031815 tcp 10.0.2.109 59692 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:09:31.874326 0.126159 tcp 10.0.2.109 59693 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:09:32.011846 3.002223 tcp 10.0.2.109 59694 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:09:41.022620 0.000000 tcp 10.0.2.109 59694 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:09:47.011588 0.030109 tcp 10.0.2.109 59695 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:09:47.042029 0.031753 tcp 10.0.2.109 59696 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:09:47.073623 0.132898 tcp 10.0.2.109 59697 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:09:47.242724 2.993057 tcp 10.0.2.109 59698 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:09:56.234366 0.000000 tcp 10.0.2.109 59698 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:10:02.243522 0.031084 tcp 10.0.2.109 59699 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:02.274886 0.031568 tcp 10.0.2.109 59700 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:02.306685 0.132032 tcp 10.0.2.109 59701 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:02.447485 3.000199 tcp 10.0.2.109 59702 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:10:11.446336 0.000000 tcp 10.0.2.109 59702 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:10:17.445811 0.030545 tcp 10.0.2.109 59703 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:17.476642 0.054063 tcp 10.0.2.109 59704 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:17.530538 0.143272 tcp 10.0.2.109 59705 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:17.761317 0.910068 tcp 10.0.2.109 59706 -> 46.50.226.74 10856 FSPA* 0 0 12 1533 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:18.449277 0.052407 tcp 10.0.2.109 59707 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:18.501998 0.031281 tcp 10.0.2.109 59708 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:18.533564 0.127109 tcp 10.0.2.109 59709 -> 195.113.214.211 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:18.671643 2.999376 tcp 10.0.2.109 59710 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:10:27.669557 0.000000 tcp 10.0.2.109 59710 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:10:33.669252 0.052974 tcp 10.0.2.109 59711 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:33.722558 0.030900 tcp 10.0.2.109 59712 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:33.753746 0.138623 tcp 10.0.2.109 59713 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:10:33.905751 3.007379 tcp 10.0.2.109 59714 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:10:42.911641 0.000000 tcp 10.0.2.109 59714 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:10:48.902832 2.991999 tcp 10.0.2.109 59715 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:10:57.903039 0.000000 tcp 10.0.2.109 59715 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:11:03.902039 2.993791 tcp 10.0.2.109 59716 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:11:12.894640 0.000000 tcp 10.0.2.109 59716 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:11:18.903519 2.994588 tcp 10.0.2.109 59717 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:11:23.709995 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:11:27.896168 0.000000 tcp 10.0.2.109 59717 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:11:33.905132 0.644406 tcp 10.0.2.109 59718 -> 46.50.226.74 10856 FSPA* 0 0 14 1641 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:11:34.549392 3.000697 tcp 10.0.2.109 59719 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:11:43.549204 0.000000 tcp 10.0.2.109 59719 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:12:59.852128 3.000757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 17:13:06.858653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:13:08.280870 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:13:08.280968 0.000000 udp 10.0.2.109 3683 -> 72.160.17.24 6351 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 17:13:14.860062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:13:27.199569 0.053219 tcp 10.0.2.109 59720 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:13:27.253084 0.053501 tcp 10.0.2.109 59721 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:13:27.306889 0.143573 tcp 10.0.2.109 59722 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:13:27.448846 0.000000 udp 10.0.2.109 3683 -> 187.205.173.40 3188 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 17:13:30.862936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:13:43.892714 0.052574 tcp 10.0.2.109 59723 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:13:43.945141 0.054664 tcp 10.0.2.109 59724 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:13:43.999653 0.127868 tcp 10.0.2.109 59725 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:13:44.128091 0.178394 rtp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2007 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:44.302890 0.257454 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:44.568912 0.146322 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:44.796031 0.056159 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:44.939914 0.185250 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:45.117503 0.106219 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:45.371450 0.079630 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:45.433023 0.129190 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:45.578572 0.067132 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:45.626434 0.175261 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:45.819534 0.351773 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:46.196038 0.152093 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:46.347968 0.207458 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:46.517369 0.144345 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:46.628186 0.173864 rtp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:46.779723 0.167607 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:46.944123 0.167975 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:47.106703 0.419005 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:47.503589 0.169387 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:47.648370 0.188624 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:47.829114 0.193279 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:48.020780 0.106427 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:48.137705 0.041562 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:48.227356 0.045131 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:13:48.492516 0.000000 udp 10.0.2.109 3683 -> 84.152.214.101 1251 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 17:14:02.869582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:14:04.802206 0.052033 tcp 10.0.2.109 59726 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:14:04.854456 0.052663 tcp 10.0.2.109 59727 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:14:04.907501 0.144509 tcp 10.0.2.109 59728 -> 195.113.214.211 443 SRPA* 0 0 44 32124 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:14:05.051901 0.431862 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:14:05.433616 0.203017 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:14:05.650532 0.047820 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:14:05.697289 0.059529 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:14:05.798812 0.112797 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:14:05.865864 0.057115 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:14:05.971056 0.185433 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:14:06.187069 0.224502 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:14:06.399040 0.194286 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:16:49.548924 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:16:49.549001 3.004427 tcp 10.0.2.109 59729 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:16:58.551734 0.000000 tcp 10.0.2.109 59729 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:17:04.551747 0.053433 tcp 10.0.2.109 59730 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:04.605456 0.052088 tcp 10.0.2.109 59731 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:04.657804 0.144223 tcp 10.0.2.109 59732 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:04.816765 2.998592 tcp 10.0.2.109 59733 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:17:13.823416 0.000000 tcp 10.0.2.109 59733 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:17:19.812942 0.052147 tcp 10.0.2.109 59734 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:19.865371 0.051830 tcp 10.0.2.109 59735 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:19.917558 0.140643 tcp 10.0.2.109 59736 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:20.097685 2.999167 tcp 10.0.2.109 59737 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:17:29.096044 0.000000 tcp 10.0.2.109 59737 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:17:35.095272 0.051018 tcp 10.0.2.109 59738 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:35.146652 0.054053 tcp 10.0.2.109 59739 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:35.200551 0.126498 tcp 10.0.2.109 59740 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:35.606003 3.003610 tcp 10.0.2.109 59741 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:17:44.607747 0.000000 tcp 10.0.2.109 59741 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:17:50.607622 0.093482 tcp 10.0.2.109 59742 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:50.701427 0.052197 tcp 10.0.2.109 59743 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:50.753989 0.132589 tcp 10.0.2.109 59744 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:51.172334 1.047768 tcp 10.0.2.109 59745 -> 46.50.226.74 10856 FSPA* 0 0 14 1590 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:51.860384 0.052741 tcp 10.0.2.109 59746 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:51.912955 0.052986 tcp 10.0.2.109 59747 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:51.966396 0.167528 tcp 10.0.2.109 59748 -> 195.113.214.211 443 SRPA* 0 0 72 78370 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:17:52.220382 3.002520 tcp 10.0.2.109 59749 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:18:01.222041 0.000000 tcp 10.0.2.109 59749 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:18:07.221116 0.051962 tcp 10.0.2.109 59750 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:18:07.273389 0.041638 tcp 10.0.2.109 59751 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:18:07.315438 0.126574 tcp 10.0.2.109 59752 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:18:07.584769 3.000366 tcp 10.0.2.109 59753 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:18:16.593722 0.000000 tcp 10.0.2.109 59753 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:18:22.582532 2.994073 tcp 10.0.2.109 59754 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:18:31.575234 0.000000 tcp 10.0.2.109 59754 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:18:37.584075 3.004575 tcp 10.0.2.109 59755 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:18:46.587311 0.000000 tcp 10.0.2.109 59755 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:18:52.586240 3.003999 tcp 10.0.2.109 59756 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:18:57.202087 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:19:01.588426 0.000000 tcp 10.0.2.109 59756 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:19:07.587733 0.683201 tcp 10.0.2.109 59757 -> 46.50.226.74 10856 FSPA* 0 0 14 1590 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:19:08.270799 3.001681 tcp 10.0.2.109 59758 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:19:17.271153 0.000000 tcp 10.0.2.109 59758 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:20:06.875285 3.001464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 17:20:13.882453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:20:21.884140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:20:37.887250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:21:09.893018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:24:23.271575 0.000159 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:24:23.271824 2.993629 tcp 10.0.2.109 59759 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:24:32.274210 0.000000 tcp 10.0.2.109 59759 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:24:38.274459 0.052708 tcp 10.0.2.109 59760 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:24:38.327451 0.054289 tcp 10.0.2.109 59761 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:24:38.382007 0.130042 tcp 10.0.2.109 59762 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:24:38.687733 2.999715 tcp 10.0.2.109 59763 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:24:47.686465 0.000000 tcp 10.0.2.109 59763 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:24:53.685569 0.030413 tcp 10.0.2.109 59764 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:24:53.716272 0.031845 tcp 10.0.2.109 59765 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:24:53.747875 0.151785 tcp 10.0.2.109 59766 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:24:54.184947 3.004743 tcp 10.0.2.109 59767 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:25:03.188560 0.000000 tcp 10.0.2.109 59767 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:25:09.177647 0.030724 tcp 10.0.2.109 59768 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:09.208719 0.052695 tcp 10.0.2.109 59769 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:09.261778 0.145497 tcp 10.0.2.109 59770 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:09.580193 3.001745 tcp 10.0.2.109 59771 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:25:18.580760 0.000000 tcp 10.0.2.109 59771 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:25:24.580041 0.029946 tcp 10.0.2.109 59772 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:24.610299 0.053912 tcp 10.0.2.109 59773 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:24.664471 0.125913 tcp 10.0.2.109 59774 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:25.076803 1.252350 tcp 10.0.2.109 59775 -> 46.50.226.74 10856 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:25.700653 0.052228 tcp 10.0.2.109 59776 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:25.753169 0.031223 tcp 10.0.2.109 59777 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:25.784711 0.142328 tcp 10.0.2.109 59778 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:26.328923 2.996975 tcp 10.0.2.109 59779 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:25:35.324639 0.000000 tcp 10.0.2.109 59779 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:25:41.324358 0.052388 tcp 10.0.2.109 59780 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:41.376597 0.053758 tcp 10.0.2.109 59781 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:41.430337 0.135627 tcp 10.0.2.109 59782 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:25:41.720197 2.998383 tcp 10.0.2.109 59783 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:25:50.716921 0.000000 tcp 10.0.2.109 59783 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:25:56.715479 3.004471 tcp 10.0.2.109 59784 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:26:05.718931 0.000000 tcp 10.0.2.109 59784 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:26:11.717356 3.004400 tcp 10.0.2.109 59785 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:26:20.720495 0.000000 tcp 10.0.2.109 59785 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:26:25.707067 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:26:26.718943 3.004061 tcp 10.0.2.109 59786 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:26:35.721392 0.000000 tcp 10.0.2.109 59786 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:26:41.720395 0.703345 tcp 10.0.2.109 59787 -> 46.50.226.74 10856 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:26:42.424026 3.001800 tcp 10.0.2.109 59788 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:26:51.433846 0.000000 tcp 10.0.2.109 59788 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:27:13.898600 3.002476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 17:27:20.906438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:27:28.908080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:27:44.911227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:28:16.917139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:31:57.424592 0.000180 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:31:57.424866 3.003276 tcp 10.0.2.109 59789 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:32:06.427177 0.000000 tcp 10.0.2.109 59789 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:32:12.427698 0.031733 tcp 10.0.2.109 59790 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:12.459699 0.031742 tcp 10.0.2.109 59791 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:12.491322 0.128546 tcp 10.0.2.109 59792 -> 195.113.214.211 443 SRPA* 0 0 40 20096 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:12.639266 3.001083 tcp 10.0.2.109 59793 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:32:21.638582 0.000000 tcp 10.0.2.109 59793 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:32:27.638157 0.030575 tcp 10.0.2.109 59794 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:27.669013 0.031492 tcp 10.0.2.109 59795 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:27.700793 0.125146 tcp 10.0.2.109 59796 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:27.930540 3.001867 tcp 10.0.2.109 59797 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:32:36.931209 0.000000 tcp 10.0.2.109 59797 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:32:42.930639 0.051915 tcp 10.0.2.109 59798 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:42.982907 0.030402 tcp 10.0.2.109 59799 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:43.013602 0.566477 tcp 10.0.2.109 59800 -> 195.113.214.211 443 SRPA* 0 0 33 23887 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:44.039534 2.995831 tcp 10.0.2.109 59801 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:32:53.044072 0.000000 tcp 10.0.2.109 59801 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:32:59.033703 0.052974 tcp 10.0.2.109 59802 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:59.086995 0.053831 tcp 10.0.2.109 59803 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:32:59.141189 0.627654 tcp 10.0.2.109 59804 -> 195.113.214.211 443 SRPA* 0 0 65 39793 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:33:00.029189 1.266659 tcp 10.0.2.109 59805 -> 46.50.226.74 10856 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:33:00.668110 0.052183 tcp 10.0.2.109 59806 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:33:00.720553 0.053237 tcp 10.0.2.109 59807 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:33:00.774222 0.127528 tcp 10.0.2.109 59808 -> 195.113.214.211 443 SRPA* 0 0 35 18264 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:33:01.296040 3.003930 tcp 10.0.2.109 59809 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:33:10.298770 0.000000 tcp 10.0.2.109 59809 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:33:16.298003 0.053976 tcp 10.0.2.109 59810 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:33:16.352335 0.031352 tcp 10.0.2.109 59811 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:33:16.384052 0.127819 tcp 10.0.2.109 59812 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:33:16.734944 3.007440 tcp 10.0.2.109 59813 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:33:25.740773 0.000000 tcp 10.0.2.109 59813 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:33:31.730120 2.993753 tcp 10.0.2.109 59814 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:33:40.732960 0.000000 tcp 10.0.2.109 59814 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:33:46.761621 2.993929 tcp 10.0.2.109 59815 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:33:55.754052 0.000000 tcp 10.0.2.109 59815 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:34:01.763090 2.993994 tcp 10.0.2.109 59816 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:34:06.289493 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:34:10.755485 0.000000 tcp 10.0.2.109 59816 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:34:16.764683 0.638991 tcp 10.0.2.109 59817 -> 46.50.226.74 10856 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:34:17.403912 3.005953 tcp 10.0.2.109 59818 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:34:21.003851 3.000826 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 17:34:26.408595 0.000000 tcp 10.0.2.109 59818 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:34:28.010545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:34:36.011962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:34:52.015138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:35:24.021192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:39:32.398487 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:39:32.398572 3.003959 tcp 10.0.2.109 59819 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:39:41.401623 0.000000 tcp 10.0.2.109 59819 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:39:47.401740 0.053500 tcp 10.0.2.109 59820 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:39:47.455543 0.053384 tcp 10.0.2.109 59821 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:39:47.509294 0.127482 tcp 10.0.2.109 59822 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:39:47.646401 2.998393 tcp 10.0.2.109 59823 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:39:56.653259 0.000000 tcp 10.0.2.109 59823 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:40:02.642325 0.054074 tcp 10.0.2.109 59824 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:02.696248 0.052888 tcp 10.0.2.109 59825 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:02.749505 0.123918 tcp 10.0.2.109 59826 -> 195.113.214.211 443 SRPA* 0 0 24 10254 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:03.088749 2.997990 tcp 10.0.2.109 59827 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:40:12.085136 0.000000 tcp 10.0.2.109 59827 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:40:18.404871 0.051846 tcp 10.0.2.109 59828 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:18.456969 0.053007 tcp 10.0.2.109 59829 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:18.510533 0.127126 tcp 10.0.2.109 59830 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:19.460743 2.999362 tcp 10.0.2.109 59831 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:40:28.459275 0.000000 tcp 10.0.2.109 59831 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:40:34.457904 0.052581 tcp 10.0.2.109 59832 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:34.510775 0.031883 tcp 10.0.2.109 59833 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:34.542944 0.124853 tcp 10.0.2.109 59834 -> 195.113.214.211 443 SRPA* 0 0 40 20888 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:35.205894 1.311925 tcp 10.0.2.109 59835 -> 46.50.226.74 10856 FSPA* 0 0 14 1677 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:35.898367 0.051914 tcp 10.0.2.109 59836 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:35.950671 0.071485 tcp 10.0.2.109 59837 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:36.021998 0.330387 tcp 10.0.2.109 59838 -> 195.113.214.211 443 SRPA* 0 0 72 76746 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:36.518094 2.996826 tcp 10.0.2.109 59839 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:40:45.523532 0.000000 tcp 10.0.2.109 59839 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:40:51.512843 0.030634 tcp 10.0.2.109 59840 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:51.543778 0.053278 tcp 10.0.2.109 59841 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:51.596866 0.125120 tcp 10.0.2.109 59842 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:40:52.016260 3.000943 tcp 10.0.2.109 59843 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:41:01.015581 0.000000 tcp 10.0.2.109 59843 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:41:07.014342 3.003951 tcp 10.0.2.109 59844 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:41:16.017138 0.000000 tcp 10.0.2.109 59844 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:41:22.016128 3.004144 tcp 10.0.2.109 59845 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:41:28.348022 3.001592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 17:41:31.018615 0.000000 tcp 10.0.2.109 59845 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:41:35.355100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:41:37.017921 3.003851 tcp 10.0.2.109 59846 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:41:41.604052 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:41:43.356899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:41:46.020451 0.000000 tcp 10.0.2.109 59846 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:41:52.019248 0.685044 tcp 10.0.2.109 59847 -> 46.50.226.74 10856 FSPA* 0 0 14 1677 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:41:52.704512 2.999676 tcp 10.0.2.109 59848 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:41:59.359673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:42:01.713323 0.000000 tcp 10.0.2.109 59848 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:42:31.365443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:44:22.666100 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:44:22.666209 0.000000 udp 10.0.2.109 3683 -> 84.152.214.101 1251 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 17:44:40.372659 0.054227 tcp 10.0.2.109 59849 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:44:40.427239 0.053103 tcp 10.0.2.109 59850 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:44:40.480585 0.144067 tcp 10.0.2.109 59851 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:44:40.625257 0.146031 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:40.767194 0.056687 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:40.904169 0.183935 rtp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:41.084422 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 17:44:57.185803 0.052064 tcp 10.0.2.109 59852 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:44:57.238171 0.052818 tcp 10.0.2.109 59853 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:44:57.291284 0.124115 tcp 10.0.2.109 59854 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:44:57.415892 0.078685 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:57.478061 0.135773 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:57.892900 0.068395 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:57.942340 0.173416 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:58.368875 0.190205 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:59.074855 0.110932 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:59.404105 0.160917 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:59.523172 0.121922 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:44:59.612204 0.175322 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:00.123957 0.174090 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:00.295097 0.368622 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:00.666510 0.158927 rtp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:00.859992 0.166348 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:01.001455 0.187971 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:01.252645 0.404786 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:01.636944 0.173816 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:01.805409 0.045626 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:01.959800 0.193673 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:02.147233 0.098084 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:02.229153 0.046089 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:02.468953 0.429001 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:02.855782 0.205867 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:03.074791 0.047250 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:03.343031 0.085994 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:03.420899 0.112213 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:03.564542 0.062367 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:03.620019 0.197200 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:04.113523 0.183302 rtp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:45:04.447547 0.193827 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/01/21 17:47:07.703602 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:47:07.703752 2.993652 tcp 10.0.2.109 59855 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:47:16.695988 0.000000 tcp 10.0.2.109 59855 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:47:22.705022 0.032587 tcp 10.0.2.109 59856 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:47:22.737454 0.031362 tcp 10.0.2.109 59857 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:47:22.769163 0.146782 tcp 10.0.2.109 59858 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:47:23.279362 3.000987 tcp 10.0.2.109 59859 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:47:32.277937 0.000000 tcp 10.0.2.109 59859 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:47:38.387845 0.052841 tcp 10.0.2.109 59860 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:47:38.440545 0.052397 tcp 10.0.2.109 59861 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:47:38.493239 0.145515 tcp 10.0.2.109 59862 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:47:38.654858 3.006647 tcp 10.0.2.109 59863 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:47:47.660648 0.000000 tcp 10.0.2.109 59863 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:47:53.651001 0.052505 tcp 10.0.2.109 59864 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:47:53.703354 0.053560 tcp 10.0.2.109 59865 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:47:53.756758 0.127795 tcp 10.0.2.109 59866 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:47:53.928352 3.005535 tcp 10.0.2.109 59867 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:48:02.941992 0.000000 tcp 10.0.2.109 59867 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:48:08.921828 0.030517 tcp 10.0.2.109 59868 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:08.952201 0.053446 tcp 10.0.2.109 59869 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:09.005998 0.124997 tcp 10.0.2.109 59870 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:09.428753 1.033595 tcp 10.0.2.109 59871 -> 46.50.226.74 10856 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:10.113600 0.052895 tcp 10.0.2.109 59872 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:10.166755 0.031682 tcp 10.0.2.109 59873 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:10.198724 0.124323 tcp 10.0.2.109 59874 -> 195.113.214.211 443 SRPA* 0 0 32 17434 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:10.462661 2.994881 tcp 10.0.2.109 59875 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:48:19.456098 0.000000 tcp 10.0.2.109 59875 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:48:25.455224 0.053879 tcp 10.0.2.109 59876 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:25.508953 0.053820 tcp 10.0.2.109 59877 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:25.562728 0.121751 tcp 10.0.2.109 59878 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:48:25.888429 3.001045 tcp 10.0.2.109 59879 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:48:34.888579 0.000000 tcp 10.0.2.109 59879 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:48:35.482203 3.001658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 17:48:40.886835 3.004728 tcp 10.0.2.109 59880 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:48:42.489421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:48:49.890297 0.000000 tcp 10.0.2.109 59880 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:48:50.490595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:48:55.888304 3.004772 tcp 10.0.2.109 59881 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:49:04.891301 0.000000 tcp 10.0.2.109 59881 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:49:06.493585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:49:09.718009 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:49:10.890356 2.994102 tcp 10.0.2.109 59882 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:49:19.893453 0.000000 tcp 10.0.2.109 59882 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:49:25.891458 1.634309 tcp 10.0.2.109 59883 -> 46.50.226.74 10856 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:49:27.525999 3.001936 tcp 10.0.2.109 59884 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:49:36.526990 0.000000 tcp 10.0.2.109 59884 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:49:38.499713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:54:42.527454 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:54:42.527560 3.003258 tcp 10.0.2.109 59885 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:54:51.529686 0.000000 tcp 10.0.2.109 59885 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:54:57.530471 0.054160 tcp 10.0.2.109 59886 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:54:57.584481 0.053964 tcp 10.0.2.109 59887 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:54:57.638649 0.129255 tcp 10.0.2.109 59888 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:54:57.958250 3.005165 tcp 10.0.2.109 59889 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:55:06.961752 0.000000 tcp 10.0.2.109 59889 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:55:13.021266 0.030649 tcp 10.0.2.109 59890 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:13.051758 0.052196 tcp 10.0.2.109 59891 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:13.104264 0.125393 tcp 10.0.2.109 59892 -> 195.113.214.211 443 SRPA* 0 0 37 30052 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:13.533199 2.992185 tcp 10.0.2.109 59893 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:55:22.524461 0.000000 tcp 10.0.2.109 59893 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:55:28.533693 0.051462 tcp 10.0.2.109 59894 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:28.585406 0.031673 tcp 10.0.2.109 59895 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:28.617359 0.130214 tcp 10.0.2.109 59896 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:29.064195 3.003577 tcp 10.0.2.109 59897 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:55:38.066481 0.000000 tcp 10.0.2.109 59897 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:55:42.576884 3.551229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 17:55:44.326111 0.030825 tcp 10.0.2.109 59898 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:44.356787 0.032185 tcp 10.0.2.109 59899 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:44.388820 0.125508 tcp 10.0.2.109 59900 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:44.538512 1.033872 tcp 10.0.2.109 59901 -> 46.50.226.74 10856 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:45.231917 0.052602 tcp 10.0.2.109 59902 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:45.284872 0.031555 tcp 10.0.2.109 59903 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:45.316703 0.126122 tcp 10.0.2.109 59904 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:55:45.572685 2.999526 tcp 10.0.2.109 59905 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:55:50.133928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:55:54.570232 0.000000 tcp 10.0.2.109 59905 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:55:58.135391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:56:00.569434 0.052658 tcp 10.0.2.109 59906 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:56:00.622400 0.053566 tcp 10.0.2.109 59907 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:56:00.675844 0.127983 tcp 10.0.2.109 59908 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:56:01.067422 3.006605 tcp 10.0.2.109 59909 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:56:10.082714 0.000000 tcp 10.0.2.109 59909 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:56:14.138804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:56:16.061849 2.993897 tcp 10.0.2.109 59910 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:56:25.054514 0.000000 tcp 10.0.2.109 59910 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:56:31.063534 3.003784 tcp 10.0.2.109 59911 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:56:40.065495 0.000000 tcp 10.0.2.109 59911 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:56:45.042857 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 17:56:46.064850 3.003603 tcp 10.0.2.109 59912 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:56:46.144388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 17:56:55.067264 0.000000 tcp 10.0.2.109 59912 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:57:01.066125 0.664133 tcp 10.0.2.109 59913 -> 46.50.226.74 10856 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/01/21 17:57:01.730486 3.000666 tcp 10.0.2.109 59914 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 17:57:10.729901 0.000000 tcp 10.0.2.109 59914 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:02:16.730134 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:02:16.730227 2.993765 tcp 10.0.2.109 59915 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:02:25.733059 0.000000 tcp 10.0.2.109 59915 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:02:31.734882 0.031494 tcp 10.0.2.109 59916 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:02:31.766281 0.031391 tcp 10.0.2.109 59917 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:02:31.797535 0.131102 tcp 10.0.2.109 59918 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:02:31.943679 3.002616 tcp 10.0.2.109 59919 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:02:40.944816 0.000000 tcp 10.0.2.109 59919 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:02:46.943781 0.030139 tcp 10.0.2.109 59920 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:02:46.974470 0.054927 tcp 10.0.2.109 59921 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:02:47.029218 0.146125 tcp 10.0.2.109 59922 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:02:47.193242 2.994775 tcp 10.0.2.109 59923 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:02:50.150752 3.001241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 18:02:56.186701 0.000000 tcp 10.0.2.109 59923 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:02:57.158086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:03:02.186132 0.031937 tcp 10.0.2.109 59924 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:02.217752 0.031947 tcp 10.0.2.109 59925 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:02.249974 0.125746 tcp 10.0.2.109 59926 -> 195.113.214.211 443 FSRP* 0 0 29 9119 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:02.408572 3.001560 tcp 10.0.2.109 59927 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:03:05.159713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:03:11.408183 0.000000 tcp 10.0.2.109 59927 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:03:17.407554 0.053589 tcp 10.0.2.109 59928 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:17.461003 0.052541 tcp 10.0.2.109 59929 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:17.513830 0.128305 tcp 10.0.2.109 59930 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:17.650802 0.967535 tcp 10.0.2.109 59931 -> 46.50.226.74 10856 FSPA* 0 0 14 1528 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:18.355800 0.053088 tcp 10.0.2.109 59932 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:18.409171 0.030982 tcp 10.0.2.109 59933 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:18.440469 0.125173 tcp 10.0.2.109 59934 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:18.618594 3.004470 tcp 10.0.2.109 59935 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:03:21.162910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:03:27.621790 0.000000 tcp 10.0.2.109 59935 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:03:33.610948 0.030730 tcp 10.0.2.109 59936 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:33.641920 0.053299 tcp 10.0.2.109 59937 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:33.695534 0.128287 tcp 10.0.2.109 59938 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:03:33.835132 3.000006 tcp 10.0.2.109 59939 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:03:42.843816 0.000000 tcp 10.0.2.109 59939 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:03:48.832159 2.994120 tcp 10.0.2.109 59940 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:03:53.168343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:03:57.825461 0.000000 tcp 10.0.2.109 59940 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:04:03.834217 3.003756 tcp 10.0.2.109 59941 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:04:12.836875 0.000000 tcp 10.0.2.109 59941 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:04:18.835737 3.004006 tcp 10.0.2.109 59942 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:04:23.542131 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:04:27.838397 0.000000 tcp 10.0.2.109 59942 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:04:33.837472 0.655504 tcp 10.0.2.109 59943 -> 46.50.226.74 10856 FSPA* 0 0 14 1528 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:04:34.493213 2.999344 tcp 10.0.2.109 59944 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:04:43.491022 0.000000 tcp 10.0.2.109 59944 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:09:49.491315 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:09:49.491422 2.993565 tcp 10.0.2.109 59945 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:09:57.174370 3.002197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 18:09:58.493919 0.000000 tcp 10.0.2.109 59945 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:10:04.182203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:10:04.493654 0.031885 tcp 10.0.2.109 59946 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:04.525838 0.032194 tcp 10.0.2.109 59947 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:04.557880 0.127912 tcp 10.0.2.109 59948 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:05.133867 3.004064 tcp 10.0.2.109 59949 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:10:12.183282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:10:14.136291 0.000000 tcp 10.0.2.109 59949 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:10:20.135341 0.030680 tcp 10.0.2.109 59950 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:20.165865 0.052642 tcp 10.0.2.109 59951 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:20.218885 0.129050 tcp 10.0.2.109 59952 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:20.550879 2.998767 tcp 10.0.2.109 59953 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:10:28.186793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:10:29.548554 0.000000 tcp 10.0.2.109 59953 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:10:35.547632 0.052933 tcp 10.0.2.109 59954 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:35.600452 0.030682 tcp 10.0.2.109 59955 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:35.631444 0.125925 tcp 10.0.2.109 59956 -> 195.113.214.211 443 SRPA* 0 0 27 11686 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:35.801058 3.000801 tcp 10.0.2.109 59957 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:10:44.800057 0.000000 tcp 10.0.2.109 59957 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:10:50.799400 0.052282 tcp 10.0.2.109 59958 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:50.851961 0.053883 tcp 10.0.2.109 59959 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:50.905693 0.130084 tcp 10.0.2.109 59960 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:51.091819 1.109084 tcp 10.0.2.109 59961 -> 46.50.226.74 10856 FSPA* 0 0 12 1559 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:51.736020 0.053457 tcp 10.0.2.109 59962 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:51.789485 0.031010 tcp 10.0.2.109 59963 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:51.820848 0.127811 tcp 10.0.2.109 59964 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:10:52.201233 2.994376 tcp 10.0.2.109 59965 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:11:00.192236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:11:01.193897 0.000000 tcp 10.0.2.109 59965 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:11:07.203427 0.030459 tcp 10.0.2.109 59966 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:11:07.234223 0.053272 tcp 10.0.2.109 59967 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:11:07.287373 0.129640 tcp 10.0.2.109 59968 -> 195.113.214.211 443 SRPA* 0 0 26 13094 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:11:07.466252 3.001038 tcp 10.0.2.109 59969 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:11:16.465845 0.000000 tcp 10.0.2.109 59969 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:11:22.464570 3.004478 tcp 10.0.2.109 59970 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:11:31.467642 0.000000 tcp 10.0.2.109 59970 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:11:37.466115 3.004649 tcp 10.0.2.109 59971 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:11:46.468857 0.000000 tcp 10.0.2.109 59971 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:11:52.467928 3.003848 tcp 10.0.2.109 59972 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:11:57.044009 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:12:01.470556 0.000000 tcp 10.0.2.109 59972 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:12:07.469239 0.652232 tcp 10.0.2.109 59973 -> 46.50.226.74 10856 FSPA* 0 0 14 1667 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:12:08.121696 2.992662 tcp 10.0.2.109 59974 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:12:17.123011 0.000000 tcp 10.0.2.109 59974 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:15:09.681249 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:15:09.681367 0.246174 rtp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:09.922965 0.145946 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:10.754955 0.055277 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:11.007948 0.183042 rtp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:11.187909 0.068503 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:11.279183 0.076859 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:11.338296 0.135929 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:11.611901 0.158333 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:11.970946 0.198762 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:12.161427 0.097522 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:12.240081 0.224006 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:12.646296 0.121835 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:12.732606 0.374881 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:13.150481 0.158499 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:13.383346 0.174563 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2581 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:13.532076 0.174899 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:13.742823 0.164476 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:13.885171 0.188278 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:14.065642 0.366874 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:14.413218 0.168255 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:14.655194 0.045605 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:14.746119 0.045447 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:14.800554 0.424473 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:15.182345 0.192191 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:15.862175 0.101422 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:15.944998 0.207490 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2558 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:16.195114 0.048157 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2579 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:16.241481 0.047665 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:16.387782 0.112269 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:16.457045 0.064653 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:16.677897 0.252817 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:16.901553 0.195895 rtp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:15:17.117910 0.182159 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:17:04.198830 3.001166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 18:17:11.205891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:17:19.207485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:17:23.123464 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:17:23.123637 2.993405 tcp 10.0.2.109 59975 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:17:32.115865 0.000000 tcp 10.0.2.109 59975 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:17:35.210815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:17:38.126802 0.052920 tcp 10.0.2.109 59976 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:17:38.180015 0.031570 tcp 10.0.2.109 59977 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:17:38.211882 0.126681 tcp 10.0.2.109 59978 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:17:38.724507 3.005510 tcp 10.0.2.109 59979 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:17:47.728730 0.000000 tcp 10.0.2.109 59979 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:17:53.718025 0.030539 tcp 10.0.2.109 59980 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:17:53.748840 0.053719 tcp 10.0.2.109 59981 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:17:53.802838 0.129668 tcp 10.0.2.109 59982 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:17:54.267438 3.004468 tcp 10.0.2.109 59983 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:18:03.271091 0.000000 tcp 10.0.2.109 59983 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:18:07.336496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:18:09.380211 0.030850 tcp 10.0.2.109 59984 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:09.411342 0.031033 tcp 10.0.2.109 59985 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:09.442678 0.125847 tcp 10.0.2.109 59986 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:09.719520 2.995140 tcp 10.0.2.109 59987 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:18:18.722677 0.000000 tcp 10.0.2.109 59987 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:18:24.712428 0.052393 tcp 10.0.2.109 59988 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:24.765110 0.031069 tcp 10.0.2.109 59989 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:24.796481 0.127503 tcp 10.0.2.109 59990 -> 195.113.214.211 443 SRPA* 0 0 35 18264 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:25.221155 1.030921 tcp 10.0.2.109 59991 -> 46.50.226.74 10856 FSPA* 0 0 14 1522 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:25.876776 0.056092 tcp 10.0.2.109 59992 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:25.933130 0.052060 tcp 10.0.2.109 59993 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:25.985493 0.202919 tcp 10.0.2.109 59994 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:26.252324 2.995790 tcp 10.0.2.109 59995 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:18:35.246820 0.000000 tcp 10.0.2.109 59995 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:18:41.245930 0.053055 tcp 10.0.2.109 59996 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:41.299274 0.052849 tcp 10.0.2.109 59997 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:41.352429 0.127885 tcp 10.0.2.109 59998 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:18:41.801719 2.999064 tcp 10.0.2.109 59999 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:18:50.799491 0.000000 tcp 10.0.2.109 59999 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:18:56.798167 3.003728 tcp 10.0.2.109 60000 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:19:05.800505 0.000000 tcp 10.0.2.109 60000 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:19:11.799726 3.003940 tcp 10.0.2.109 60001 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:19:20.812300 0.000000 tcp 10.0.2.109 60001 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:19:25.669527 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:19:26.801120 2.993948 tcp 10.0.2.109 60002 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:19:35.793482 0.000000 tcp 10.0.2.109 60002 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:19:41.802935 0.651826 tcp 10.0.2.109 60003 -> 46.50.226.74 10856 FSPA* 0 0 14 1522 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:19:42.454923 3.002632 tcp 10.0.2.109 60004 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:19:51.456620 0.000000 tcp 10.0.2.109 60004 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:24:11.343638 3.000396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 18:24:18.350002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:24:26.351906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:24:42.354847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:24:57.456954 0.000171 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:24:57.457221 3.003064 tcp 10.0.2.109 60005 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:25:06.459011 0.000000 tcp 10.0.2.109 60005 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:25:12.459354 0.031313 tcp 10.0.2.109 60006 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:12.490953 0.031057 tcp 10.0.2.109 60007 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:12.522479 0.127395 tcp 10.0.2.109 60008 -> 195.113.214.211 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:12.762014 3.000986 tcp 10.0.2.109 60009 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:25:14.360961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:25:21.761501 0.000000 tcp 10.0.2.109 60009 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:25:27.760230 0.030943 tcp 10.0.2.109 60010 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:27.791015 0.030703 tcp 10.0.2.109 60011 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:27.821974 0.126575 tcp 10.0.2.109 60012 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:28.267447 2.997766 tcp 10.0.2.109 60013 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:25:37.273856 0.000000 tcp 10.0.2.109 60013 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:25:43.613444 0.036172 tcp 10.0.2.109 60014 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:43.649480 0.031215 tcp 10.0.2.109 60015 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:43.681001 0.129317 tcp 10.0.2.109 60016 -> 195.113.214.211 443 SRPA* 0 0 35 18264 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:44.412469 2.995548 tcp 10.0.2.109 60017 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:25:53.406588 0.000000 tcp 10.0.2.109 60017 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:25:59.405844 0.030802 tcp 10.0.2.109 60018 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:59.436893 0.031825 tcp 10.0.2.109 60019 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:59.468985 0.126993 tcp 10.0.2.109 60020 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:25:59.809384 1.013376 tcp 10.0.2.109 60021 -> 46.50.226.74 10856 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:26:00.494727 0.031738 tcp 10.0.2.109 60022 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:26:00.526335 0.032655 tcp 10.0.2.109 60023 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:26:00.558837 0.128944 tcp 10.0.2.109 60024 -> 195.113.214.211 443 SRPA* 0 0 48 29862 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:26:00.822962 2.999065 tcp 10.0.2.109 60025 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:26:09.820011 0.000000 tcp 10.0.2.109 60025 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:26:15.819567 0.030475 tcp 10.0.2.109 60026 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:26:15.850341 0.031724 tcp 10.0.2.109 60027 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:26:15.881870 0.125909 tcp 10.0.2.109 60028 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:26:16.123038 3.000610 tcp 10.0.2.109 60029 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:26:25.132501 0.000000 tcp 10.0.2.109 60029 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:26:31.120992 2.994416 tcp 10.0.2.109 60030 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:26:40.124123 0.000000 tcp 10.0.2.109 60030 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:26:46.123088 2.993974 tcp 10.0.2.109 60031 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:26:55.115490 0.000000 tcp 10.0.2.109 60031 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:27:01.124282 3.004087 tcp 10.0.2.109 60032 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:27:05.830950 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:27:10.127382 0.000000 tcp 10.0.2.109 60032 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:27:16.125963 0.725203 tcp 10.0.2.109 60033 -> 46.50.226.74 10856 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:27:16.851023 2.999893 tcp 10.0.2.109 60034 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:27:25.849713 0.000000 tcp 10.0.2.109 60034 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:31:18.527146 3.001106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 18:31:25.534012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:31:33.535895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:31:49.538777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:32:21.545020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:32:31.850441 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:32:31.850538 2.993587 tcp 10.0.2.109 60035 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:32:40.852496 0.000000 tcp 10.0.2.109 60035 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:32:46.853063 0.052703 tcp 10.0.2.109 60036 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:32:46.906048 0.032336 tcp 10.0.2.109 60037 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:32:46.938746 0.127088 tcp 10.0.2.109 60038 -> 195.113.214.211 443 SRPA* 0 0 40 20910 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:32:47.154413 3.001816 tcp 10.0.2.109 60039 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:32:56.154694 0.000000 tcp 10.0.2.109 60039 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:33:02.153834 0.031458 tcp 10.0.2.109 60040 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:02.185100 0.031500 tcp 10.0.2.109 60041 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:02.216899 0.126017 tcp 10.0.2.109 60042 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:02.555364 3.002376 tcp 10.0.2.109 60043 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:33:11.556976 0.000000 tcp 10.0.2.109 60043 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:33:17.556308 0.030379 tcp 10.0.2.109 60044 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:17.586973 0.030979 tcp 10.0.2.109 60045 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:17.618259 0.122927 tcp 10.0.2.109 60046 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:17.819764 3.000030 tcp 10.0.2.109 60047 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:33:26.818561 0.000000 tcp 10.0.2.109 60047 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:33:32.818008 0.031126 tcp 10.0.2.109 60048 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:32.849507 0.032479 tcp 10.0.2.109 60049 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:32.881777 0.125080 tcp 10.0.2.109 60050 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:33.339242 0.885705 tcp 10.0.2.109 60051 -> 46.50.226.74 10856 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:34.025282 0.031309 tcp 10.0.2.109 60052 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:34.056892 0.031426 tcp 10.0.2.109 60053 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:34.088618 0.126017 tcp 10.0.2.109 60054 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:34.225149 3.008363 tcp 10.0.2.109 60055 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:33:43.232437 0.000000 tcp 10.0.2.109 60055 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:33:49.221190 0.030018 tcp 10.0.2.109 60056 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:49.251492 0.032179 tcp 10.0.2.109 60057 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:49.283517 0.125344 tcp 10.0.2.109 60058 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:33:49.560900 2.995073 tcp 10.0.2.109 60059 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:33:58.554199 0.000000 tcp 10.0.2.109 60059 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:34:04.553180 2.993866 tcp 10.0.2.109 60060 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:34:13.545631 0.000000 tcp 10.0.2.109 60060 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:34:19.554583 3.004250 tcp 10.0.2.109 60061 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:34:28.557703 0.000000 tcp 10.0.2.109 60061 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:34:33.323930 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:34:34.556392 3.003644 tcp 10.0.2.109 60062 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:34:43.558663 0.000000 tcp 10.0.2.109 60062 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:34:49.557568 0.681290 tcp 10.0.2.109 60063 -> 46.50.226.74 10856 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:34:50.239155 3.003414 tcp 10.0.2.109 60064 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:34:59.242055 0.000000 tcp 10.0.2.109 60064 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:38:25.551488 3.000966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 18:38:32.558406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:38:40.559649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:38:56.562975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:39:28.568827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:40:05.241823 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:40:05.241911 2.993929 tcp 10.0.2.109 60065 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:40:14.234735 0.000000 tcp 10.0.2.109 60065 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:40:20.245150 0.053147 tcp 10.0.2.109 60066 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:40:20.298569 0.031512 tcp 10.0.2.109 60067 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:40:20.330333 0.131278 tcp 10.0.2.109 60068 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:40:20.694569 3.003370 tcp 10.0.2.109 60069 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:40:29.696715 0.000000 tcp 10.0.2.109 60069 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:40:35.697052 0.031021 tcp 10.0.2.109 60070 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:40:35.728414 0.031475 tcp 10.0.2.109 60071 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:40:35.760186 0.127585 tcp 10.0.2.109 60072 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:40:36.042472 2.997559 tcp 10.0.2.109 60073 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:40:45.038366 0.000000 tcp 10.0.2.109 60073 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:40:51.037834 0.053105 tcp 10.0.2.109 60074 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:40:51.091213 0.031607 tcp 10.0.2.109 60075 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:40:51.123106 0.128907 tcp 10.0.2.109 60076 -> 195.113.214.211 443 SRPA* 0 0 38 26314 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:40:51.891636 3.001377 tcp 10.0.2.109 60077 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:41:00.891333 0.000000 tcp 10.0.2.109 60077 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:41:06.890578 0.031066 tcp 10.0.2.109 60078 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:06.921920 0.031975 tcp 10.0.2.109 60079 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:06.953686 0.125398 tcp 10.0.2.109 60080 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:07.172120 1.095617 tcp 10.0.2.109 60081 -> 46.50.226.74 10856 FSPA* 0 0 14 1603 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:07.845652 0.051580 tcp 10.0.2.109 60082 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:07.897481 0.031005 tcp 10.0.2.109 60083 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:07.928808 0.125551 tcp 10.0.2.109 60084 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:08.267955 2.998324 tcp 10.0.2.109 60085 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:41:17.264972 0.000000 tcp 10.0.2.109 60085 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:41:23.264485 0.051920 tcp 10.0.2.109 60086 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:23.316759 0.031591 tcp 10.0.2.109 60087 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:23.348658 0.126906 tcp 10.0.2.109 60088 -> 195.113.214.211 443 SRPA* 0 0 20 11286 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:41:23.568950 2.999151 tcp 10.0.2.109 60089 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:41:32.567253 0.000000 tcp 10.0.2.109 60089 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:41:38.565787 3.004341 tcp 10.0.2.109 60090 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:41:47.568908 0.000000 tcp 10.0.2.109 60090 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:41:53.567198 3.004239 tcp 10.0.2.109 60091 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:42:02.570073 0.000000 tcp 10.0.2.109 60091 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:42:08.568875 3.004647 tcp 10.0.2.109 60092 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:42:13.325345 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:42:17.571850 0.000000 tcp 10.0.2.109 60092 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:42:23.570741 0.706503 tcp 10.0.2.109 60093 -> 46.50.226.74 10856 FSPA* 0 0 14 1603 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:42:24.277063 2.998832 tcp 10.0.2.109 60094 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:42:33.274305 0.000000 tcp 10.0.2.109 60094 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:45:24.651341 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:45:24.651433 0.242402 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:25.093217 0.249635 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:25.460689 0.055499 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:25.855432 0.184492 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:26.036707 0.067272 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:26.241435 0.079031 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:26.302294 0.129021 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:26.447597 0.183232 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:26.774686 0.112764 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:26.852698 0.122665 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:26.988566 0.197331 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:27.178892 0.109912 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:27.269210 0.366850 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:27.637393 0.160286 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:27.827639 0.171548 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:27.975654 0.165703 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:28.138662 0.166410 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:28.555233 0.168226 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:28.717342 0.045427 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:28.839884 0.041199 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:29.071646 0.188990 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:29.253307 0.340429 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:29.574308 0.099920 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:29.657344 0.446317 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:30.067567 0.188317 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:30.255648 0.203189 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:30.460815 0.046963 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:30.506067 0.086413 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:30.724107 0.116774 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:30.794852 0.063446 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:30.945714 0.200891 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:31.138127 0.202130 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:31.333279 0.174679 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/01/21 18:45:32.575208 3.001566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 18:45:39.582825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:45:47.583738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:46:03.586514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:46:35.592667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:47:39.274991 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:47:39.275271 3.003447 tcp 10.0.2.109 60095 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:47:48.277590 0.000000 tcp 10.0.2.109 60095 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:47:54.277502 0.031304 tcp 10.0.2.109 60096 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:47:54.309073 0.032091 tcp 10.0.2.109 60097 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:47:54.341469 0.126234 tcp 10.0.2.109 60098 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:47:54.676426 3.004106 tcp 10.0.2.109 60099 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:48:03.679459 0.000000 tcp 10.0.2.109 60099 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:48:09.678509 0.030271 tcp 10.0.2.109 60100 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:09.709068 0.031704 tcp 10.0.2.109 60101 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:09.741074 0.133428 tcp 10.0.2.109 60102 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:09.947834 3.004867 tcp 10.0.2.109 60103 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:48:18.951005 0.000000 tcp 10.0.2.109 60103 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:48:24.940377 0.030712 tcp 10.0.2.109 60104 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:24.971353 0.031960 tcp 10.0.2.109 60105 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:25.003619 0.127144 tcp 10.0.2.109 60106 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:25.208837 2.995571 tcp 10.0.2.109 60107 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:48:34.213579 0.000000 tcp 10.0.2.109 60107 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:48:40.202692 0.031486 tcp 10.0.2.109 60108 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:40.234466 0.030878 tcp 10.0.2.109 60109 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:40.265566 0.129206 tcp 10.0.2.109 60110 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:40.537473 1.183892 tcp 10.0.2.109 60111 -> 46.50.226.74 10856 FSPA* 0 0 12 1585 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:41.224379 0.030728 tcp 10.0.2.109 60112 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:41.255397 0.032185 tcp 10.0.2.109 60113 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:41.287391 0.129453 tcp 10.0.2.109 60114 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:41.721579 2.997141 tcp 10.0.2.109 60115 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:48:50.717330 0.000000 tcp 10.0.2.109 60115 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:48:56.716505 0.031202 tcp 10.0.2.109 60116 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:56.747984 0.031799 tcp 10.0.2.109 60117 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:56.779503 0.124385 tcp 10.0.2.109 60118 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:48:57.311057 2.999865 tcp 10.0.2.109 60119 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:49:06.309849 0.000000 tcp 10.0.2.109 60119 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:49:12.307988 3.004194 tcp 10.0.2.109 60120 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:49:21.310800 0.000000 tcp 10.0.2.109 60120 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:49:27.310054 2.993541 tcp 10.0.2.109 60121 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:49:36.312372 0.000000 tcp 10.0.2.109 60121 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:49:41.229506 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:49:42.711627 2.994252 tcp 10.0.2.109 60122 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:49:51.704769 0.000000 tcp 10.0.2.109 60122 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:49:57.713352 3.626219 tcp 10.0.2.109 60123 -> 46.50.226.74 10856 FSPA* 0 0 14 1693 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:50:01.339754 3.003182 tcp 10.0.2.109 60124 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:50:10.341358 0.000000 tcp 10.0.2.109 60124 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:52:39.999656 3.001440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 18:52:47.006652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:52:55.007946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:53:11.011478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:53:43.017585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 18:55:16.342216 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:55:16.342378 2.993684 tcp 10.0.2.109 60125 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:55:25.334226 0.000000 tcp 10.0.2.109 60125 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:55:31.344732 0.031276 tcp 10.0.2.109 60126 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:55:31.375881 0.031116 tcp 10.0.2.109 60127 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:55:31.406844 0.128990 tcp 10.0.2.109 60128 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:55:31.561799 2.996010 tcp 10.0.2.109 60129 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:55:40.555943 0.000000 tcp 10.0.2.109 60129 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:55:46.555282 0.031433 tcp 10.0.2.109 60130 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:55:46.586997 0.031481 tcp 10.0.2.109 60131 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:55:46.618766 0.155014 tcp 10.0.2.109 60132 -> 195.113.214.211 443 SRPA* 0 0 35 19570 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:55:47.071646 2.998030 tcp 10.0.2.109 60133 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:55:56.068490 0.000000 tcp 10.0.2.109 60133 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:56:02.077727 0.030723 tcp 10.0.2.109 60134 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:02.108791 0.031112 tcp 10.0.2.109 60135 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:02.140203 0.123974 tcp 10.0.2.109 60136 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:02.588593 3.003469 tcp 10.0.2.109 60137 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:56:11.590670 0.000000 tcp 10.0.2.109 60137 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:56:17.589893 0.031074 tcp 10.0.2.109 60138 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:17.621301 0.032181 tcp 10.0.2.109 60139 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:17.653771 0.123640 tcp 10.0.2.109 60140 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:17.957270 1.089745 tcp 10.0.2.109 60141 -> 46.50.226.74 10856 FSPA* 0 0 14 1677 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:18.643389 0.030811 tcp 10.0.2.109 60142 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:18.674476 0.030935 tcp 10.0.2.109 60143 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:18.705704 0.128881 tcp 10.0.2.109 60144 -> 195.113.214.211 443 SRPA* 0 0 23 12058 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:19.047306 2.998498 tcp 10.0.2.109 60145 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:56:28.044219 0.000000 tcp 10.0.2.109 60145 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:56:34.074023 0.031429 tcp 10.0.2.109 60146 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:34.105377 0.031396 tcp 10.0.2.109 60147 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:34.137109 0.130372 tcp 10.0.2.109 60148 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:56:34.495019 3.002913 tcp 10.0.2.109 60149 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:56:43.497107 0.000000 tcp 10.0.2.109 60149 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:56:49.495345 3.004519 tcp 10.0.2.109 60150 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:56:58.498334 0.000000 tcp 10.0.2.109 60150 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:57:04.497466 3.003951 tcp 10.0.2.109 60151 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:57:13.499925 0.000000 tcp 10.0.2.109 60151 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:57:18.256632 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 18:57:19.498857 3.004270 tcp 10.0.2.109 60152 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:57:28.501507 0.000000 tcp 10.0.2.109 60152 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:57:34.500103 0.682503 tcp 10.0.2.109 60153 -> 46.50.226.74 10856 FSPA* 0 0 14 1677 flow=From-Botnet-V1-TCP-Established 1970/01/21 18:57:35.182853 2.992375 tcp 10.0.2.109 60154 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:57:44.183698 0.000000 tcp 10.0.2.109 60154 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 18:59:47.053279 3.001649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 18:59:54.060891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:00:02.062081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:00:18.065066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:00:50.071617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:02:50.184432 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:02:50.184543 3.003417 tcp 10.0.2.109 60155 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:02:59.187006 0.000000 tcp 10.0.2.109 60155 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:03:05.187331 0.032465 tcp 10.0.2.109 60156 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:05.220141 0.032165 tcp 10.0.2.109 60157 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:05.252663 0.128116 tcp 10.0.2.109 60158 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:05.387257 3.002794 tcp 10.0.2.109 60159 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:03:14.388785 0.000000 tcp 10.0.2.109 60159 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:03:20.458471 0.030525 tcp 10.0.2.109 60160 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:20.489277 0.031427 tcp 10.0.2.109 60161 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:20.520550 0.129821 tcp 10.0.2.109 60162 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:20.660228 3.002125 tcp 10.0.2.109 60163 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:03:29.660880 0.000000 tcp 10.0.2.109 60163 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:03:35.660416 0.030465 tcp 10.0.2.109 60164 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:35.690704 0.032134 tcp 10.0.2.109 60165 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:35.723100 0.132663 tcp 10.0.2.109 60166 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:35.981573 3.002522 tcp 10.0.2.109 60167 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:03:44.992451 0.000000 tcp 10.0.2.109 60167 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:03:50.982271 0.029951 tcp 10.0.2.109 60168 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:51.012569 0.031320 tcp 10.0.2.109 60169 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:51.044203 0.179421 tcp 10.0.2.109 60170 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:51.251421 0.841769 tcp 10.0.2.109 60171 -> 46.50.226.74 10856 FSPA* 0 0 12 1634 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:51.871495 0.030694 tcp 10.0.2.109 60172 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:51.902573 0.031974 tcp 10.0.2.109 60173 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:51.934340 0.132859 tcp 10.0.2.109 60174 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:03:52.092996 2.994203 tcp 10.0.2.109 60175 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:04:01.085997 0.000000 tcp 10.0.2.109 60175 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:04:07.097793 0.031617 tcp 10.0.2.109 60176 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:04:07.129354 0.031586 tcp 10.0.2.109 60177 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:04:07.161296 0.130121 tcp 10.0.2.109 60178 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:04:07.409428 3.000091 tcp 10.0.2.109 60179 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:04:16.407969 0.000000 tcp 10.0.2.109 60179 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:04:22.406432 3.004853 tcp 10.0.2.109 60180 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:04:31.409772 0.000000 tcp 10.0.2.109 60180 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:04:37.408493 3.004399 tcp 10.0.2.109 60181 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:04:46.411100 0.000000 tcp 10.0.2.109 60181 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:04:51.327860 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:04:52.409637 3.004459 tcp 10.0.2.109 60182 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:05:01.423005 0.000000 tcp 10.0.2.109 60182 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:05:07.411775 0.673722 tcp 10.0.2.109 60183 -> 46.50.226.74 10856 FSPA* 0 0 14 1742 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:05:08.085743 3.000687 tcp 10.0.2.109 60184 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:05:17.084904 0.000000 tcp 10.0.2.109 60184 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:06:54.147743 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 19:07:01.154906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:07:09.156554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:07:25.159170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:07:57.165486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:10:23.085719 0.000177 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:10:23.085991 3.003320 tcp 10.0.2.109 60185 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:10:32.087794 0.000000 tcp 10.0.2.109 60185 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:10:38.088803 0.032124 tcp 10.0.2.109 60186 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:10:38.120734 0.031971 tcp 10.0.2.109 60187 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:10:38.153072 0.127135 tcp 10.0.2.109 60188 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:10:38.306533 3.005078 tcp 10.0.2.109 60189 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:10:47.309928 0.000000 tcp 10.0.2.109 60189 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:10:53.299372 0.029984 tcp 10.0.2.109 60190 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:10:53.329638 0.031697 tcp 10.0.2.109 60191 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:10:53.361642 0.125879 tcp 10.0.2.109 60192 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:10:53.499618 3.003760 tcp 10.0.2.109 60193 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:11:02.501622 0.000000 tcp 10.0.2.109 60193 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:11:08.501363 0.030915 tcp 10.0.2.109 60194 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:08.532570 0.032181 tcp 10.0.2.109 60195 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:08.564603 0.178107 tcp 10.0.2.109 60196 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:08.758122 2.997190 tcp 10.0.2.109 60197 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:11:17.764093 0.000000 tcp 10.0.2.109 60197 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:11:23.753341 0.173851 tcp 10.0.2.109 60198 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:23.927489 0.031675 tcp 10.0.2.109 60199 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:23.959014 0.129096 tcp 10.0.2.109 60200 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:25.024644 0.873474 tcp 10.0.2.109 60201 -> 46.50.226.74 10856 FSPA* 0 0 14 1671 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:25.696090 0.032153 tcp 10.0.2.109 60202 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:25.728053 0.031338 tcp 10.0.2.109 60203 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:25.759680 0.132193 tcp 10.0.2.109 60204 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:25.898335 3.001484 tcp 10.0.2.109 60205 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:11:34.898120 0.000000 tcp 10.0.2.109 60205 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:11:40.897853 0.031626 tcp 10.0.2.109 60206 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:40.929372 0.031333 tcp 10.0.2.109 60207 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:40.960992 0.131780 tcp 10.0.2.109 60208 -> 195.113.214.211 443 SRPA* 0 0 42 24482 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:11:41.237551 3.004272 tcp 10.0.2.109 60209 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:11:50.240563 0.000000 tcp 10.0.2.109 60209 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:11:56.239518 3.004020 tcp 10.0.2.109 60210 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:12:05.238458 0.000000 tcp 10.0.2.109 60210 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:12:11.241061 2.993921 tcp 10.0.2.109 60211 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:12:20.243426 0.000000 tcp 10.0.2.109 60211 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:12:26.242512 2.994158 tcp 10.0.2.109 60212 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:12:30.829064 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:12:35.235111 0.000000 tcp 10.0.2.109 60212 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:12:41.514751 0.660768 tcp 10.0.2.109 60213 -> 46.50.226.74 10856 FSPA* 0 0 14 1671 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:12:42.175821 3.003643 tcp 10.0.2.109 60214 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:12:51.177784 0.000000 tcp 10.0.2.109 60214 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:14:01.442452 3.000914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 19:14:08.449416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:14:16.450926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:14:32.453822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:15:04.459745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:15:43.155512 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:15:43.155794 0.053996 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:43.424578 0.243085 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:43.682332 0.152885 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:43.827118 0.179287 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:44.226831 0.072584 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:44.320774 0.075695 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:44.667349 0.129300 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:44.895468 0.160954 rtp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2588 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:45.065931 0.191530 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:45.495037 0.098841 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:46.994887 0.356563 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:48.187674 0.160154 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:48.347421 0.347162 rtp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:48.656544 0.126059 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:48.810029 0.172362 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:48.960955 0.172675 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2562 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:49.130426 0.167003 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:49.935989 0.169192 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:50.099178 0.048152 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:50.147557 0.383994 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:50.513526 0.959149 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:51.452351 0.041822 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:51.663011 0.187266 rtp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:52.186991 0.428617 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:52.582440 0.194853 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:52.805132 0.197342 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:53.162796 0.047993 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:53.406207 0.050120 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:53.710316 0.124214 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:53.785430 0.203521 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:53.979893 0.057771 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:54.181345 0.195213 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:15:54.368513 0.180828 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:17:57.179088 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:17:57.179190 3.002839 tcp 10.0.2.109 60215 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:18:06.180634 0.000000 tcp 10.0.2.109 60215 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:18:12.181317 0.031507 tcp 10.0.2.109 60216 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:12.213082 0.031286 tcp 10.0.2.109 60217 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:12.244720 0.151621 tcp 10.0.2.109 60218 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:12.887102 2.998131 tcp 10.0.2.109 60219 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:18:21.893938 0.000000 tcp 10.0.2.109 60219 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:18:27.882746 0.643785 tcp 10.0.2.109 60220 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:28.526835 0.031152 tcp 10.0.2.109 60221 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:28.558358 0.126338 tcp 10.0.2.109 60222 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:29.088049 2.999849 tcp 10.0.2.109 60223 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:18:38.086506 0.000000 tcp 10.0.2.109 60223 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:18:44.086190 0.030786 tcp 10.0.2.109 60224 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:44.116827 0.034242 tcp 10.0.2.109 60225 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:44.150913 0.125197 tcp 10.0.2.109 60226 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:44.395639 3.004597 tcp 10.0.2.109 60227 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:18:53.398736 0.000000 tcp 10.0.2.109 60227 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:18:59.398102 0.030766 tcp 10.0.2.109 60228 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:59.429183 0.032807 tcp 10.0.2.109 60229 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:59.462357 0.129675 tcp 10.0.2.109 60230 -> 195.113.214.211 443 SRPA* 0 0 41 26684 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:18:59.673115 1.021396 tcp 10.0.2.109 60231 -> 46.50.226.74 10856 FSPA* 0 0 14 1684 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:19:00.395586 0.031145 tcp 10.0.2.109 60232 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:19:00.426616 0.031493 tcp 10.0.2.109 60233 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:19:00.458488 0.123805 tcp 10.0.2.109 60234 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:19:00.694789 3.009063 tcp 10.0.2.109 60235 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:19:09.712668 0.000000 tcp 10.0.2.109 60235 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:19:15.691654 0.030196 tcp 10.0.2.109 60236 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:19:15.722186 0.031152 tcp 10.0.2.109 60237 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:19:15.753639 0.123132 tcp 10.0.2.109 60238 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:19:16.153319 2.992542 tcp 10.0.2.109 60239 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:19:25.144463 0.000000 tcp 10.0.2.109 60239 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:19:31.153019 2.994226 tcp 10.0.2.109 60240 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:19:40.145745 0.000000 tcp 10.0.2.109 60240 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:19:46.154910 3.003938 tcp 10.0.2.109 60241 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:19:55.157758 0.000000 tcp 10.0.2.109 60241 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:19:59.914756 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:20:01.156860 3.003550 tcp 10.0.2.109 60242 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:20:10.159591 0.000000 tcp 10.0.2.109 60242 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:20:16.157948 0.663775 tcp 10.0.2.109 60243 -> 46.50.226.74 10856 FSPA* 0 0 14 1684 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:20:16.821586 3.001861 tcp 10.0.2.109 60244 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:20:25.821518 0.000000 tcp 10.0.2.109 60244 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:21:08.786308 3.002072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 19:21:15.793932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:21:23.795013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:21:39.797910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:22:11.803972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:25:31.822570 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:25:31.822764 2.993043 tcp 10.0.2.109 60245 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:25:40.814421 0.000000 tcp 10.0.2.109 60245 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:25:46.825635 0.031191 tcp 10.0.2.109 60246 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:25:46.857098 0.031617 tcp 10.0.2.109 60247 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:25:46.888569 0.126701 tcp 10.0.2.109 60248 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:25:47.423891 3.004383 tcp 10.0.2.109 60249 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:25:56.427183 0.000000 tcp 10.0.2.109 60249 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:26:02.416136 0.031173 tcp 10.0.2.109 60250 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:02.447179 0.032233 tcp 10.0.2.109 60251 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:02.479765 0.124117 tcp 10.0.2.109 60252 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:02.799579 3.001121 tcp 10.0.2.109 60253 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:26:11.798859 0.000000 tcp 10.0.2.109 60253 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:26:17.798198 0.030081 tcp 10.0.2.109 60254 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:17.828612 0.031908 tcp 10.0.2.109 60255 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:17.860798 0.125978 tcp 10.0.2.109 60256 -> 195.113.214.211 443 SRPA* 0 0 43 35786 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:18.036018 3.006297 tcp 10.0.2.109 60257 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:26:27.041033 0.000000 tcp 10.0.2.109 60257 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:26:33.029953 0.031020 tcp 10.0.2.109 60258 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:33.060817 0.032008 tcp 10.0.2.109 60259 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:33.093111 0.128420 tcp 10.0.2.109 60260 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:33.392686 1.320073 tcp 10.0.2.109 60261 -> 46.50.226.74 10856 FSPA* 0 0 14 1687 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:34.115341 0.030938 tcp 10.0.2.109 60262 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:34.146531 0.030708 tcp 10.0.2.109 60263 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:34.177545 0.126379 tcp 10.0.2.109 60264 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:34.713038 2.993341 tcp 10.0.2.109 60265 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:26:43.704761 0.000000 tcp 10.0.2.109 60265 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:26:49.714355 0.030270 tcp 10.0.2.109 60266 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:49.744954 0.032390 tcp 10.0.2.109 60267 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:49.777652 0.126580 tcp 10.0.2.109 60268 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:26:50.007939 3.000442 tcp 10.0.2.109 60269 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:26:59.007257 0.000000 tcp 10.0.2.109 60269 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:27:05.006043 3.003623 tcp 10.0.2.109 60270 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:27:14.009192 0.000000 tcp 10.0.2.109 60270 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:27:20.007411 3.004401 tcp 10.0.2.109 60271 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:27:29.010266 0.000000 tcp 10.0.2.109 60271 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:27:33.917583 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:27:35.009204 3.003864 tcp 10.0.2.109 60272 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:27:44.011734 0.000000 tcp 10.0.2.109 60272 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:27:50.010996 0.638009 tcp 10.0.2.109 60273 -> 46.50.226.74 10856 FSPA* 0 0 14 1687 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:27:50.649160 2.996778 tcp 10.0.2.109 60274 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:27:59.643893 0.000000 tcp 10.0.2.109 60274 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:28:15.811242 3.000989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 19:28:22.817445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:28:30.818770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:28:46.821907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:29:18.827815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:33:05.644582 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:33:05.644669 3.004051 tcp 10.0.2.109 60275 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:33:14.646821 0.000000 tcp 10.0.2.109 60275 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:33:20.647807 0.031766 tcp 10.0.2.109 60276 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:33:20.679309 0.080596 tcp 10.0.2.109 60277 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:33:20.760223 0.122971 tcp 10.0.2.109 60278 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:33:21.052586 2.998023 tcp 10.0.2.109 60279 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:33:30.049067 0.000000 tcp 10.0.2.109 60279 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:33:36.048329 0.051879 tcp 10.0.2.109 60280 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:33:36.100060 0.031540 tcp 10.0.2.109 60281 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:33:36.131937 0.123559 tcp 10.0.2.109 60282 -> 195.113.214.211 443 SRPA* 0 0 35 18264 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:33:36.543225 3.000052 tcp 10.0.2.109 60283 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:33:45.541364 0.000000 tcp 10.0.2.109 60283 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:33:51.541027 0.034534 tcp 10.0.2.109 60284 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:33:51.575830 0.030757 tcp 10.0.2.109 60285 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:33:51.606860 0.129222 tcp 10.0.2.109 60286 -> 195.113.214.211 443 SRPA* 0 0 37 30896 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:33:52.178751 2.996616 tcp 10.0.2.109 60287 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:34:01.184148 0.000000 tcp 10.0.2.109 60287 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:34:07.173387 0.030140 tcp 10.0.2.109 60288 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:07.203834 0.031383 tcp 10.0.2.109 60289 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:07.235452 0.129057 tcp 10.0.2.109 60290 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:07.498082 1.186127 tcp 10.0.2.109 60291 -> 46.50.226.74 10856 FSPA* 0 0 14 1564 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:08.155721 0.030346 tcp 10.0.2.109 60292 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:08.186365 0.031813 tcp 10.0.2.109 60293 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:08.218561 0.126194 tcp 10.0.2.109 60294 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:08.684364 3.004464 tcp 10.0.2.109 60295 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:34:17.687448 0.000000 tcp 10.0.2.109 60295 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:34:23.676933 0.031016 tcp 10.0.2.109 60296 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:23.708191 0.031637 tcp 10.0.2.109 60297 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:23.740161 0.128329 tcp 10.0.2.109 60298 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:34:23.999854 3.001124 tcp 10.0.2.109 60299 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:34:32.999754 0.000000 tcp 10.0.2.109 60299 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:34:38.998377 3.004034 tcp 10.0.2.109 60300 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:34:48.001733 0.000000 tcp 10.0.2.109 60300 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:34:54.000480 2.993828 tcp 10.0.2.109 60301 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:35:03.003250 0.000000 tcp 10.0.2.109 60301 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:35:07.919667 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:35:09.001815 2.994115 tcp 10.0.2.109 60302 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:35:17.994503 0.000000 tcp 10.0.2.109 60302 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:35:22.834488 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 19:35:24.003125 0.997221 tcp 10.0.2.109 60303 -> 46.50.226.74 10856 FSPA* 0 0 14 1564 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:35:25.000637 2.998143 tcp 10.0.2.109 60304 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:35:29.841706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:35:33.997643 0.000000 tcp 10.0.2.109 60304 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:35:37.843446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:35:53.846316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:36:25.852450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:40:39.998231 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:40:39.998334 3.003128 tcp 10.0.2.109 60305 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:40:49.000294 0.000000 tcp 10.0.2.109 60305 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:40:55.000600 0.030809 tcp 10.0.2.109 60306 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:40:55.031672 0.030763 tcp 10.0.2.109 60307 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:40:55.062786 0.126220 tcp 10.0.2.109 60308 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:40:55.295489 2.998188 tcp 10.0.2.109 60309 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:41:04.303387 0.000000 tcp 10.0.2.109 60309 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:41:10.291490 0.031262 tcp 10.0.2.109 60310 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:10.322989 0.031555 tcp 10.0.2.109 60311 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:10.354407 0.126650 tcp 10.0.2.109 60312 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:10.745032 3.000703 tcp 10.0.2.109 60313 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:41:19.744697 0.000000 tcp 10.0.2.109 60313 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:41:25.743573 0.030595 tcp 10.0.2.109 60314 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:25.774461 0.031817 tcp 10.0.2.109 60315 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:25.806587 0.122819 tcp 10.0.2.109 60316 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:26.329123 2.999499 tcp 10.0.2.109 60317 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:41:35.326731 0.000000 tcp 10.0.2.109 60317 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:41:41.326400 0.030623 tcp 10.0.2.109 60318 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:41.356856 0.032744 tcp 10.0.2.109 60319 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:41.389987 0.126863 tcp 10.0.2.109 60320 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:41.972448 0.989105 tcp 10.0.2.109 60321 -> 46.50.226.74 10856 FSPA* 0 0 14 1545 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:42.627996 0.030244 tcp 10.0.2.109 60322 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:42.658497 0.031772 tcp 10.0.2.109 60323 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:42.690601 0.124959 tcp 10.0.2.109 60324 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:42.961899 3.000074 tcp 10.0.2.109 60325 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:41:51.960879 0.000000 tcp 10.0.2.109 60325 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:41:57.960280 0.126941 tcp 10.0.2.109 60326 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:58.087515 0.031476 tcp 10.0.2.109 60327 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:58.119308 0.128941 tcp 10.0.2.109 60328 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:41:58.668644 2.996083 tcp 10.0.2.109 60329 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:42:07.673627 0.000000 tcp 10.0.2.109 60329 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:42:13.662553 2.994208 tcp 10.0.2.109 60330 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:42:22.655017 0.000000 tcp 10.0.2.109 60330 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:42:28.663973 3.004383 tcp 10.0.2.109 60331 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:42:29.898854 3.001172 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 19:42:36.905613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:42:37.666319 0.000000 tcp 10.0.2.109 60331 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:42:42.453399 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:42:43.665290 3.004320 tcp 10.0.2.109 60332 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:42:44.907437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:42:52.668360 0.000000 tcp 10.0.2.109 60332 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:42:58.667123 0.724768 tcp 10.0.2.109 60333 -> 46.50.226.74 10856 FSPA* 0 0 12 1437 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:42:59.392101 2.999757 tcp 10.0.2.109 60334 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:43:00.909813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:43:08.390658 0.000000 tcp 10.0.2.109 60334 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:43:32.915832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:46:17.532944 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:46:17.533181 0.055878 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:17.774507 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 19:46:33.177382 0.031410 tcp 10.0.2.109 60335 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:46:33.209077 0.030732 tcp 10.0.2.109 60336 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:46:33.240114 0.127295 tcp 10.0.2.109 60337 -> 195.113.214.211 443 SRPA* 0 0 50 32448 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:46:33.368038 0.062242 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1975 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:33.415952 0.100483 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:33.723010 0.147405 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:33.862691 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 19:46:51.742334 0.030701 tcp 10.0.2.109 60338 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:46:51.773310 0.031570 tcp 10.0.2.109 60339 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:46:51.805225 0.124502 tcp 10.0.2.109 60340 -> 195.113.214.211 443 SRPA* 0 0 35 19016 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:46:51.930403 0.135960 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:52.087413 0.167663 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:52.403360 0.185393 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:52.743396 0.097203 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:53.002058 0.118824 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:53.081573 0.122541 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:53.234106 0.351604 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:53.703029 0.171539 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:53.870757 0.174939 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:54.023356 0.173618 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:54.192911 0.167289 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:54.426930 0.166882 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:54.715171 0.045144 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:54.753509 0.393658 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:55.124463 0.097622 rtp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:55.207128 0.045609 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:55.410015 0.195330 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:55.683373 0.188927 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:55.900891 0.430830 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:56.285344 0.177153 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:56.582714 0.047099 rtp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:56.628420 0.046894 rtp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:56.818513 0.111379 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:56.885030 0.242287 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:57.094835 0.187464 rtp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:57.437592 0.197861 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:46:57.628541 0.056858 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/21 19:48:14.391537 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:48:14.391744 2.993287 tcp 10.0.2.109 60341 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:48:23.393950 0.000000 tcp 10.0.2.109 60341 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:48:29.392835 0.030696 tcp 10.0.2.109 60342 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:48:29.423840 0.032037 tcp 10.0.2.109 60343 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:48:29.456116 0.127016 tcp 10.0.2.109 60344 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:48:29.731286 2.996211 tcp 10.0.2.109 60345 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:48:38.726249 0.000000 tcp 10.0.2.109 60345 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:48:44.724795 0.241339 tcp 10.0.2.109 60346 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:48:44.966477 0.031555 tcp 10.0.2.109 60347 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:48:44.997880 0.127064 tcp 10.0.2.109 60348 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:48:45.338427 3.001392 tcp 10.0.2.109 60349 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:48:54.337963 0.000000 tcp 10.0.2.109 60349 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:49:00.337448 0.031162 tcp 10.0.2.109 60350 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:00.368425 0.031383 tcp 10.0.2.109 60351 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:00.400050 0.127656 tcp 10.0.2.109 60352 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:01.022248 2.999622 tcp 10.0.2.109 60353 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:49:10.021144 0.000000 tcp 10.0.2.109 60353 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:49:16.020011 0.030220 tcp 10.0.2.109 60354 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:16.050530 0.030654 tcp 10.0.2.109 60355 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:16.081490 0.124457 tcp 10.0.2.109 60356 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:16.384387 1.278295 tcp 10.0.2.109 60357 -> 46.50.226.74 10856 FSPA* 0 0 14 1728 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:17.038452 0.030846 tcp 10.0.2.109 60358 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:17.069648 0.032394 tcp 10.0.2.109 60359 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:17.101863 0.126726 tcp 10.0.2.109 60360 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:17.662901 2.993196 tcp 10.0.2.109 60361 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:49:26.654684 0.000000 tcp 10.0.2.109 60361 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:49:32.664078 0.031139 tcp 10.0.2.109 60362 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:32.694934 0.031804 tcp 10.0.2.109 60363 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:32.727034 0.131508 tcp 10.0.2.109 60364 -> 195.113.214.211 443 SRPA* 0 0 43 26792 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:49:32.891868 2.995849 tcp 10.0.2.109 60365 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:49:37.022365 3.001226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 19:49:41.886475 0.000000 tcp 10.0.2.109 60365 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:49:44.029985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:49:47.885496 3.004128 tcp 10.0.2.109 60366 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:49:52.031283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:49:56.887828 0.000000 tcp 10.0.2.109 60366 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:50:02.887076 3.003689 tcp 10.0.2.109 60367 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:50:08.034603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:50:11.889994 0.000000 tcp 10.0.2.109 60367 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:50:17.888399 3.004010 tcp 10.0.2.109 60368 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:50:22.555188 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:50:26.891046 0.000000 tcp 10.0.2.109 60368 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:50:32.890121 0.628485 tcp 10.0.2.109 60369 -> 46.50.226.74 10856 FSPA* 0 0 14 1728 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:50:33.518750 2.996432 tcp 10.0.2.109 60370 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:50:40.040005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:50:42.523957 0.000000 tcp 10.0.2.109 60370 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:55:48.514336 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:55:48.514431 3.003624 tcp 10.0.2.109 60371 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:55:57.517048 0.000000 tcp 10.0.2.109 60371 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:56:03.516851 0.031624 tcp 10.0.2.109 60372 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:03.548720 0.031026 tcp 10.0.2.109 60373 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:03.580002 0.127888 tcp 10.0.2.109 60374 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:03.717707 3.001858 tcp 10.0.2.109 60375 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:56:12.718568 0.000000 tcp 10.0.2.109 60375 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:56:18.718210 0.030633 tcp 10.0.2.109 60376 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:18.748697 0.032070 tcp 10.0.2.109 60377 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:18.781040 0.126147 tcp 10.0.2.109 60378 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:18.918696 3.003081 tcp 10.0.2.109 60379 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:56:27.920773 0.000000 tcp 10.0.2.109 60379 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:56:33.919714 0.083828 tcp 10.0.2.109 60380 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:34.003830 0.033110 tcp 10.0.2.109 60381 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:34.037252 0.124564 tcp 10.0.2.109 60382 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:34.184001 3.000077 tcp 10.0.2.109 60383 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:56:43.192552 0.000000 tcp 10.0.2.109 60383 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:56:44.047010 3.000673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 19:56:49.181290 0.030123 tcp 10.0.2.109 60384 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:49.211707 0.031112 tcp 10.0.2.109 60385 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:49.243049 0.129345 tcp 10.0.2.109 60386 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:49.509920 0.868590 tcp 10.0.2.109 60387 -> 46.50.226.74 10856 FSPA* 0 0 14 1724 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:50.165389 0.030206 tcp 10.0.2.109 60388 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:50.195870 0.030988 tcp 10.0.2.109 60389 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:50.227166 0.127763 tcp 10.0.2.109 60390 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:56:50.378772 2.998530 tcp 10.0.2.109 60391 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:56:51.053332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:56:59.055321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:56:59.375396 0.000000 tcp 10.0.2.109 60391 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:57:05.375069 0.030948 tcp 10.0.2.109 60392 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:57:05.406530 0.031524 tcp 10.0.2.109 60393 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:57:05.437930 0.125746 tcp 10.0.2.109 60394 -> 195.113.214.211 443 SRPA* 0 0 23 11450 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:57:05.588766 3.000379 tcp 10.0.2.109 60395 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:57:14.587581 0.000000 tcp 10.0.2.109 60395 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:57:15.057955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:57:20.586436 3.004347 tcp 10.0.2.109 60396 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:57:29.589180 0.000000 tcp 10.0.2.109 60396 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:57:35.589317 3.002590 tcp 10.0.2.109 60397 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:57:44.590287 0.000000 tcp 10.0.2.109 60397 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:57:47.064128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 19:57:49.557518 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 19:57:50.589435 3.004274 tcp 10.0.2.109 60398 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:57:59.592085 0.000000 tcp 10.0.2.109 60398 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:58:05.590951 0.672941 tcp 10.0.2.109 60399 -> 46.50.226.74 10856 FSPA* 0 0 14 1724 flow=From-Botnet-V1-TCP-Established 1970/01/21 19:58:06.264057 2.992316 tcp 10.0.2.109 60400 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 19:58:15.254633 0.000000 tcp 10.0.2.109 60400 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:03:21.265819 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:03:21.266113 3.002519 tcp 10.0.2.109 60401 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:03:30.267716 0.000000 tcp 10.0.2.109 60401 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:03:36.268586 0.031251 tcp 10.0.2.109 60402 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:03:36.299685 0.031553 tcp 10.0.2.109 60403 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:03:36.331524 0.127866 tcp 10.0.2.109 60404 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:03:36.624299 3.006617 tcp 10.0.2.109 60405 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:03:45.629483 0.000000 tcp 10.0.2.109 60405 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:03:51.070967 3.001090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 20:03:51.619071 0.030316 tcp 10.0.2.109 60406 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:03:51.649668 0.031445 tcp 10.0.2.109 60407 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:03:51.681473 0.132060 tcp 10.0.2.109 60408 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:03:51.984935 3.008108 tcp 10.0.2.109 60409 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:03:58.077738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:04:00.991583 0.000000 tcp 10.0.2.109 60409 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:04:06.079584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:04:06.980747 0.032062 tcp 10.0.2.109 60410 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:07.012611 0.031808 tcp 10.0.2.109 60411 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:07.044209 0.130097 tcp 10.0.2.109 60412 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:07.301289 2.994000 tcp 10.0.2.109 60413 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:04:16.304051 0.000000 tcp 10.0.2.109 60413 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:04:22.081800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:04:22.303062 0.030548 tcp 10.0.2.109 60414 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:22.333463 0.031410 tcp 10.0.2.109 60415 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:22.365164 0.128047 tcp 10.0.2.109 60416 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:22.579003 1.293381 tcp 10.0.2.109 60417 -> 46.50.226.74 10856 FSPA* 0 0 14 1557 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:23.283960 0.031185 tcp 10.0.2.109 60418 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:23.314993 0.031692 tcp 10.0.2.109 60419 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:23.346896 0.129425 tcp 10.0.2.109 60420 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:23.872638 2.996375 tcp 10.0.2.109 60421 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:04:32.867458 0.000000 tcp 10.0.2.109 60421 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:04:38.866706 0.031223 tcp 10.0.2.109 60422 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:38.898365 0.031946 tcp 10.0.2.109 60423 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:38.930664 0.127617 tcp 10.0.2.109 60424 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:04:39.107223 3.003347 tcp 10.0.2.109 60425 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:04:48.109495 0.000000 tcp 10.0.2.109 60425 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:04:54.087856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:04:54.108016 3.004577 tcp 10.0.2.109 60426 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:05:03.110991 0.000000 tcp 10.0.2.109 60426 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:05:09.110068 2.994156 tcp 10.0.2.109 60427 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:05:18.112544 0.000000 tcp 10.0.2.109 60427 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:05:23.059825 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:05:24.111599 2.993729 tcp 10.0.2.109 60428 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:05:33.103996 0.000000 tcp 10.0.2.109 60428 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:05:39.113307 1.432716 tcp 10.0.2.109 60429 -> 46.50.226.74 10856 FSPA* 0 0 14 1557 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:05:40.546280 3.002631 tcp 10.0.2.109 60430 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:05:49.548140 0.000000 tcp 10.0.2.109 60430 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:10:55.548487 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:10:55.548586 3.003782 tcp 10.0.2.109 60431 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:10:58.094743 3.000818 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 20:11:04.551073 0.000000 tcp 10.0.2.109 60431 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:11:05.101244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:11:10.551280 0.031359 tcp 10.0.2.109 60432 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:10.582977 0.031523 tcp 10.0.2.109 60433 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:10.614855 0.130138 tcp 10.0.2.109 60434 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:10.807191 2.996527 tcp 10.0.2.109 60435 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:11:13.103362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:11:19.812735 0.000000 tcp 10.0.2.109 60435 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:11:25.801618 0.031145 tcp 10.0.2.109 60436 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:25.833015 0.031925 tcp 10.0.2.109 60437 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:25.865307 0.125672 tcp 10.0.2.109 60438 -> 195.113.214.211 443 SRPA* 0 0 44 33322 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:26.087709 2.988097 tcp 10.0.2.109 60439 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:11:29.105879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:11:35.074897 0.000000 tcp 10.0.2.109 60439 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:11:41.084039 0.031330 tcp 10.0.2.109 60440 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:41.115630 0.032750 tcp 10.0.2.109 60441 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:41.148236 0.127445 tcp 10.0.2.109 60442 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:41.771235 2.997404 tcp 10.0.2.109 60443 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:11:50.767513 0.000000 tcp 10.0.2.109 60443 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:11:56.766475 0.030210 tcp 10.0.2.109 60444 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:56.796966 0.030988 tcp 10.0.2.109 60445 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:56.828242 0.127766 tcp 10.0.2.109 60446 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:57.117213 0.895020 tcp 10.0.2.109 60447 -> 46.50.226.74 10856 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:57.753198 0.029928 tcp 10.0.2.109 60448 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:57.783432 0.032253 tcp 10.0.2.109 60449 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:57.815490 0.131501 tcp 10.0.2.109 60450 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:11:58.012556 2.999466 tcp 10.0.2.109 60451 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:12:01.112235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:12:07.010468 0.000000 tcp 10.0.2.109 60451 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:12:13.009924 0.030264 tcp 10.0.2.109 60452 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:12:13.040498 0.031105 tcp 10.0.2.109 60453 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:12:13.071458 0.129647 tcp 10.0.2.109 60454 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:12:13.359086 3.004924 tcp 10.0.2.109 60455 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:12:22.372671 0.000000 tcp 10.0.2.109 60455 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:12:28.381777 2.993654 tcp 10.0.2.109 60456 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:12:37.374223 0.000000 tcp 10.0.2.109 60456 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:12:43.442818 2.994722 tcp 10.0.2.109 60457 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:12:52.435836 0.000000 tcp 10.0.2.109 60457 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:12:58.444463 3.004036 tcp 10.0.2.109 60458 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:13:03.151454 0.000283 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:13:07.447668 0.000000 tcp 10.0.2.109 60458 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:13:13.446511 0.706904 tcp 10.0.2.109 60459 -> 46.50.226.74 10856 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:13:14.153232 2.998555 tcp 10.0.2.109 60460 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:13:23.149760 0.000000 tcp 10.0.2.109 60460 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:17:25.068410 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:17:25.068525 0.274874 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:25.341320 0.184188 rtp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:25.629988 0.055779 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:25.797770 0.081327 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:25.860216 0.066654 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:25.991877 0.151044 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:26.138717 0.128859 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:26.381821 0.196528 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:26.718815 0.193048 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:26.904394 0.117396 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:27.005454 0.120900 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:27.105424 0.164120 rtp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:27.364871 0.178045 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:27.518694 0.124497 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:27.610421 0.351130 rtp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:28.129634 0.173177 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:28.299464 0.169223 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:28.445980 0.167198 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:28.743154 0.044149 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:28.780043 0.046157 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:28.832521 0.193898 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:29.020415 0.191698 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:29.204237 0.367182 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:29.552167 0.099495 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:29.813832 0.431321 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:30.195049 0.174910 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:30.521643 0.047147 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:30.614729 0.062360 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:30.675510 0.113480 rtp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:30.925556 0.195892 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:31.112958 0.057832 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:31.181453 0.199056 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:17:31.355742 0.174156 rtp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:18:05.207875 3.002233 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 20:18:12.215865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:18:20.216978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:18:29.150919 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:18:29.151016 2.993047 tcp 10.0.2.109 60461 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:18:36.219950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:18:38.152638 0.000000 tcp 10.0.2.109 60461 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:18:44.153415 0.032225 tcp 10.0.2.109 60462 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:18:44.185951 0.030964 tcp 10.0.2.109 60463 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:18:44.217221 0.129902 tcp 10.0.2.109 60464 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:18:44.865231 3.001637 tcp 10.0.2.109 60465 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:18:53.865622 0.000000 tcp 10.0.2.109 60465 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:18:59.864636 0.030386 tcp 10.0.2.109 60466 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:18:59.895406 0.032312 tcp 10.0.2.109 60467 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:18:59.927580 0.144287 tcp 10.0.2.109 60468 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:00.433715 3.005550 tcp 10.0.2.109 60469 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:19:08.226565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:19:09.438279 0.000000 tcp 10.0.2.109 60469 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:19:15.427620 0.037915 tcp 10.0.2.109 60470 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:15.465796 0.031062 tcp 10.0.2.109 60471 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:15.497126 0.126635 tcp 10.0.2.109 60472 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:15.787460 3.004129 tcp 10.0.2.109 60473 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:19:24.789672 0.000000 tcp 10.0.2.109 60473 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:19:30.789115 0.030416 tcp 10.0.2.109 60474 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:30.819802 0.032025 tcp 10.0.2.109 60475 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:30.851749 0.128940 tcp 10.0.2.109 60476 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:31.186921 1.286373 tcp 10.0.2.109 60477 -> 46.50.226.74 10856 FSPA* 0 0 14 1747 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:31.893496 0.030814 tcp 10.0.2.109 60478 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:31.924632 0.031168 tcp 10.0.2.109 60479 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:31.956107 0.124628 tcp 10.0.2.109 60480 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:32.473507 3.002191 tcp 10.0.2.109 60481 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:19:41.473816 0.000000 tcp 10.0.2.109 60481 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:19:47.473518 0.039273 tcp 10.0.2.109 60482 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:47.513075 0.030571 tcp 10.0.2.109 60483 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:47.543942 0.131578 tcp 10.0.2.109 60484 -> 195.113.214.211 443 SRPA* 0 0 84 69580 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:19:48.223315 2.994936 tcp 10.0.2.109 60485 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:19:57.216910 0.000000 tcp 10.0.2.109 60485 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:20:03.215536 3.004278 tcp 10.0.2.109 60486 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:20:12.217840 0.000000 tcp 10.0.2.109 60486 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:20:18.216669 3.004596 tcp 10.0.2.109 60487 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:20:27.219441 0.000000 tcp 10.0.2.109 60487 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:20:32.146861 0.000153 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:20:33.218284 3.004507 tcp 10.0.2.109 60488 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:20:42.221175 0.000000 tcp 10.0.2.109 60488 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:20:48.220078 0.659153 tcp 10.0.2.109 60489 -> 46.50.226.74 10856 FSPA* 0 0 14 1747 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:20:48.879393 2.995914 tcp 10.0.2.109 60490 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:20:57.883854 0.000000 tcp 10.0.2.109 60490 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:25:12.232358 3.001690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 20:25:19.239593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:25:27.240947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:25:43.244130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:26:03.874689 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:26:03.874791 3.003146 tcp 10.0.2.109 60491 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:26:12.876394 0.000000 tcp 10.0.2.109 60491 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:26:15.250412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:26:18.877231 0.031873 tcp 10.0.2.109 60492 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:26:18.909442 0.030985 tcp 10.0.2.109 60493 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:26:18.940683 0.126597 tcp 10.0.2.109 60494 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:26:19.360704 2.999982 tcp 10.0.2.109 60495 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:26:28.359188 0.000000 tcp 10.0.2.109 60495 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:26:34.358242 0.030210 tcp 10.0.2.109 60496 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:26:34.388715 0.031196 tcp 10.0.2.109 60497 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:26:34.420210 0.128221 tcp 10.0.2.109 60498 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:26:34.732321 3.000512 tcp 10.0.2.109 60499 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:26:43.730850 0.000000 tcp 10.0.2.109 60499 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:26:49.730547 0.030488 tcp 10.0.2.109 60500 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:26:49.761328 0.031873 tcp 10.0.2.109 60501 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:26:49.792778 0.128312 tcp 10.0.2.109 60502 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:26:50.156842 2.997624 tcp 10.0.2.109 60503 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:26:59.163565 0.000000 tcp 10.0.2.109 60503 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:27:05.152213 0.030690 tcp 10.0.2.109 60504 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:05.182786 0.032829 tcp 10.0.2.109 60505 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:05.215945 0.123346 tcp 10.0.2.109 60506 -> 195.113.214.211 443 SRPA* 0 0 37 30896 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:05.542516 1.155893 tcp 10.0.2.109 60507 -> 46.50.226.74 10856 FSPA* 0 0 14 1666 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:06.187470 0.031158 tcp 10.0.2.109 60508 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:06.218877 0.031233 tcp 10.0.2.109 60509 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:06.250361 0.146630 tcp 10.0.2.109 60510 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:06.698626 3.000133 tcp 10.0.2.109 60511 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:27:15.696944 0.000000 tcp 10.0.2.109 60511 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:27:21.706563 0.030853 tcp 10.0.2.109 60512 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:21.737774 0.031485 tcp 10.0.2.109 60513 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:21.769552 0.127121 tcp 10.0.2.109 60514 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:27:22.385175 3.005953 tcp 10.0.2.109 60515 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:27:31.389641 0.000000 tcp 10.0.2.109 60515 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:27:37.378051 3.004392 tcp 10.0.2.109 60516 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:27:46.381312 0.000000 tcp 10.0.2.109 60516 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:27:52.379744 2.994455 tcp 10.0.2.109 60517 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:28:01.382810 0.000000 tcp 10.0.2.109 60517 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:28:06.159695 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:28:07.381374 2.994367 tcp 10.0.2.109 60518 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:28:16.374619 0.000000 tcp 10.0.2.109 60518 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:28:22.383481 0.685384 tcp 10.0.2.109 60519 -> 46.50.226.74 10856 FSPA* 0 0 14 1666 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:28:23.069042 2.998999 tcp 10.0.2.109 60520 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:28:32.067136 0.000000 tcp 10.0.2.109 60520 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:32:19.266523 3.001234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 20:32:26.273609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:32:34.274817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:32:50.278107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:33:22.284321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:33:38.067184 0.000220 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:33:38.067503 3.003898 tcp 10.0.2.109 60521 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:33:47.069589 0.000000 tcp 10.0.2.109 60521 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:33:53.070505 0.030920 tcp 10.0.2.109 60522 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:33:53.101713 0.031426 tcp 10.0.2.109 60523 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:33:53.133430 0.128071 tcp 10.0.2.109 60524 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:33:53.497017 3.006131 tcp 10.0.2.109 60525 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:34:02.502312 0.000000 tcp 10.0.2.109 60525 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:34:08.491536 0.052275 tcp 10.0.2.109 60526 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:08.544131 0.030887 tcp 10.0.2.109 60527 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:08.575316 0.133221 tcp 10.0.2.109 60528 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:09.189771 2.996607 tcp 10.0.2.109 60529 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:34:18.184415 0.000000 tcp 10.0.2.109 60529 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:34:24.183930 0.030421 tcp 10.0.2.109 60530 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:24.214689 0.030825 tcp 10.0.2.109 60531 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:24.245800 0.126002 tcp 10.0.2.109 60532 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:25.007288 3.001004 tcp 10.0.2.109 60533 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:34:34.007320 0.000000 tcp 10.0.2.109 60533 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:34:40.006377 0.030268 tcp 10.0.2.109 60534 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:40.036880 0.031665 tcp 10.0.2.109 60535 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:40.068873 0.129000 tcp 10.0.2.109 60536 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:40.547814 1.116359 tcp 10.0.2.109 60537 -> 46.50.226.74 10856 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:41.216103 0.029733 tcp 10.0.2.109 60538 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:41.246136 0.031386 tcp 10.0.2.109 60539 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:41.278007 0.130152 tcp 10.0.2.109 60540 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:41.664347 3.008279 tcp 10.0.2.109 60541 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:34:50.671112 0.000000 tcp 10.0.2.109 60541 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:34:56.690494 0.030067 tcp 10.0.2.109 60542 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:56.720813 0.031346 tcp 10.0.2.109 60543 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:56.752536 0.127517 tcp 10.0.2.109 60544 -> 195.113.214.211 443 SRPA* 0 0 32 25990 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:34:57.084586 3.000146 tcp 10.0.2.109 60545 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:35:06.093749 0.000000 tcp 10.0.2.109 60545 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:35:12.101957 2.994517 tcp 10.0.2.109 60546 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:35:21.094709 0.000000 tcp 10.0.2.109 60546 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:35:27.103988 3.003731 tcp 10.0.2.109 60547 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:35:36.106705 0.000000 tcp 10.0.2.109 60547 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:35:42.105036 3.004383 tcp 10.0.2.109 60548 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:35:46.711921 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:35:51.107841 0.000000 tcp 10.0.2.109 60548 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:35:57.107132 0.674884 tcp 10.0.2.109 60549 -> 46.50.226.74 10856 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:35:57.782345 2.999426 tcp 10.0.2.109 60550 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:36:06.780594 0.000000 tcp 10.0.2.109 60550 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:39:26.420785 3.001350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 20:39:33.427909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:39:41.428945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:39:57.432619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:40:29.438590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:41:12.861286 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:41:12.861512 2.993802 tcp 10.0.2.109 60551 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:41:21.863924 0.000000 tcp 10.0.2.109 60551 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:41:27.864303 0.051658 tcp 10.0.2.109 60552 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:41:27.916237 0.031515 tcp 10.0.2.109 60553 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:41:27.948035 0.128504 tcp 10.0.2.109 60554 -> 195.113.214.211 443 SRPA* 0 0 50 32304 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:41:28.255231 3.001748 tcp 10.0.2.109 60555 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:41:37.255930 0.000000 tcp 10.0.2.109 60555 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:41:43.255597 0.031028 tcp 10.0.2.109 60556 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:41:43.286947 0.053196 tcp 10.0.2.109 60557 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:41:43.340337 0.131837 tcp 10.0.2.109 60558 -> 195.113.214.211 443 SRPA* 0 0 33 17506 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:41:43.712502 2.996538 tcp 10.0.2.109 60559 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:41:52.707752 0.000000 tcp 10.0.2.109 60559 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:41:58.707501 0.030195 tcp 10.0.2.109 60560 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:41:58.738019 0.032528 tcp 10.0.2.109 60561 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:41:58.770832 0.127193 tcp 10.0.2.109 60562 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:41:59.201916 2.999927 tcp 10.0.2.109 60563 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:42:08.200678 0.000000 tcp 10.0.2.109 60563 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:42:14.199260 0.030763 tcp 10.0.2.109 60564 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:14.230376 0.030837 tcp 10.0.2.109 60565 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:14.261563 0.128657 tcp 10.0.2.109 60566 -> 195.113.214.211 443 SRPA* 0 0 46 40404 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:14.536448 0.967007 tcp 10.0.2.109 60567 -> 46.50.226.74 10856 FSPA* 0 0 14 1724 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:15.204890 0.031105 tcp 10.0.2.109 60568 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:15.236328 0.031305 tcp 10.0.2.109 60569 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:15.267939 0.127953 tcp 10.0.2.109 60570 -> 195.113.214.211 443 SRPA* 0 0 40 22630 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:15.503705 2.991442 tcp 10.0.2.109 60571 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:42:24.493884 0.000000 tcp 10.0.2.109 60571 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:42:30.502861 0.030134 tcp 10.0.2.109 60572 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:30.533356 0.031703 tcp 10.0.2.109 60573 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:30.565298 0.125336 tcp 10.0.2.109 60574 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:42:31.117675 2.999776 tcp 10.0.2.109 60575 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:42:40.115838 0.000000 tcp 10.0.2.109 60575 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:42:46.114809 3.004606 tcp 10.0.2.109 60576 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:42:55.117426 0.000000 tcp 10.0.2.109 60576 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:43:01.116260 3.004173 tcp 10.0.2.109 60577 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:43:10.119008 0.000000 tcp 10.0.2.109 60577 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:43:14.796046 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:43:16.157870 3.004192 tcp 10.0.2.109 60578 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:43:25.161100 0.000000 tcp 10.0.2.109 60578 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:43:31.159546 0.796051 tcp 10.0.2.109 60579 -> 46.50.226.74 10856 FSPA* 0 0 14 1724 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:43:31.955413 2.999260 tcp 10.0.2.109 60580 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:43:40.963772 0.000000 tcp 10.0.2.109 60580 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:46:33.455307 3.000585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 20:46:40.461435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:46:48.463427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:47:04.466118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:47:36.472390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:47:55.329709 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:47:55.329809 0.053861 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:47:55.455546 0.082014 rtp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:47:55.516628 0.069908 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:47:55.760207 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 20:48:10.834021 0.031391 tcp 10.0.2.109 60581 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:48:10.865660 0.030867 tcp 10.0.2.109 60582 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:48:10.896836 0.144870 tcp 10.0.2.109 60583 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:48:11.041924 0.185367 rtp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:11.224001 0.145898 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:11.561689 0.128783 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:11.887218 0.168707 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:12.194804 0.192195 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:12.379061 0.111188 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:12.470376 0.174164 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:12.621674 0.121404 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:12.856316 0.362506 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:13.378691 0.299682 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:13.637711 0.160171 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:13.943844 0.172708 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:14.112879 0.172551 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:14.261969 0.167297 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:14.424195 0.043741 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:14.833633 0.042752 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:14.877813 0.276168 udp 10.0.2.109 3683 <-> 116.58.61.124 1206 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:15.148254 0.103023 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:15.232361 0.188068 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:15.412689 0.338835 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:15.729239 0.428659 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:16.109269 0.173055 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:16.446941 0.047013 rtp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:16.492716 0.051073 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:16.739017 0.118187 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:16.809338 1.227746 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:18.009273 0.181769 rtp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 1978 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:18.367387 0.203897 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:18.561681 0.060910 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/01/21 20:48:46.954264 3.003515 tcp 10.0.2.109 60584 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:48:55.956420 0.000000 tcp 10.0.2.109 60584 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:49:00.793374 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:49:01.955698 0.051331 tcp 10.0.2.109 60585 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:02.007326 0.030878 tcp 10.0.2.109 60586 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:02.038486 0.144944 tcp 10.0.2.109 60587 -> 195.113.214.211 443 SRPA* 0 0 52 42238 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:02.553881 3.006237 tcp 10.0.2.109 60588 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:49:11.558917 0.000000 tcp 10.0.2.109 60588 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:49:17.548329 0.030900 tcp 10.0.2.109 60589 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:17.579534 0.031268 tcp 10.0.2.109 60590 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:17.611150 0.129221 tcp 10.0.2.109 60591 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:17.997342 3.005260 tcp 10.0.2.109 60592 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:49:27.001300 0.000000 tcp 10.0.2.109 60592 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:49:32.990672 0.031394 tcp 10.0.2.109 60593 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:33.021875 0.031463 tcp 10.0.2.109 60594 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:33.053655 0.134906 tcp 10.0.2.109 60595 -> 195.113.214.211 443 SRPA* 0 0 51 41284 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:33.408931 2.995895 tcp 10.0.2.109 60596 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:49:42.413240 0.000000 tcp 10.0.2.109 60596 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:49:48.402660 0.030437 tcp 10.0.2.109 60597 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:48.433377 0.031131 tcp 10.0.2.109 60598 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:48.464815 0.129615 tcp 10.0.2.109 60599 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:49.367130 3.597929 tcp 10.0.2.109 60600 -> 46.50.226.74 10856 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:52.336366 0.227218 tcp 10.0.2.109 60601 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:52.563892 0.031191 tcp 10.0.2.109 60602 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:52.595372 0.130962 tcp 10.0.2.109 60603 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:49:52.965250 3.007242 tcp 10.0.2.109 60604 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:50:01.971512 0.000000 tcp 10.0.2.109 60604 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:50:07.960819 0.030496 tcp 10.0.2.109 60605 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:50:07.991594 0.051687 tcp 10.0.2.109 60606 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:50:08.043568 0.128422 tcp 10.0.2.109 60607 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:50:08.808622 2.997121 tcp 10.0.2.109 60608 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:50:17.804542 0.000000 tcp 10.0.2.109 60608 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:50:23.803290 2.993822 tcp 10.0.2.109 60609 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:50:32.795893 0.000000 tcp 10.0.2.109 60609 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:50:38.804745 3.003654 tcp 10.0.2.109 60610 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:50:47.807664 0.000000 tcp 10.0.2.109 60610 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:50:52.383772 0.043097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:50:53.816063 3.004029 tcp 10.0.2.109 60611 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:51:02.818612 0.000000 tcp 10.0.2.109 60611 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:51:08.997681 0.604662 tcp 10.0.2.109 60612 -> 46.50.226.74 10856 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:51:09.602556 3.000259 tcp 10.0.2.109 60613 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:51:18.601425 0.000000 tcp 10.0.2.109 60613 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:53:40.757999 3.002722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 20:53:47.766612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:53:55.767909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:54:11.770543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:54:43.776461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 20:56:24.601931 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:56:24.602398 2.993530 tcp 10.0.2.109 60614 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:56:33.594291 0.000000 tcp 10.0.2.109 60614 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:56:39.605290 0.053409 tcp 10.0.2.109 60615 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:56:39.659042 0.053020 tcp 10.0.2.109 60616 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:56:39.711950 0.147129 tcp 10.0.2.109 60617 -> 195.113.214.211 443 SRPA* 0 0 50 32304 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:56:40.000893 2.997413 tcp 10.0.2.109 60618 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:56:48.996810 0.000000 tcp 10.0.2.109 60618 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:56:54.996031 0.053612 tcp 10.0.2.109 60619 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:56:55.049918 0.052450 tcp 10.0.2.109 60620 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:56:55.102634 0.145014 tcp 10.0.2.109 60621 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:56:55.264043 3.006108 tcp 10.0.2.109 60622 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:57:04.269017 0.000000 tcp 10.0.2.109 60622 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:57:10.257821 0.053610 tcp 10.0.2.109 60623 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:10.311706 0.051436 tcp 10.0.2.109 60624 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:10.363439 0.147251 tcp 10.0.2.109 60625 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:10.528197 3.003707 tcp 10.0.2.109 60626 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:57:19.530613 0.000000 tcp 10.0.2.109 60626 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:57:25.529749 0.052472 tcp 10.0.2.109 60627 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:25.582531 0.054779 tcp 10.0.2.109 60628 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:25.637045 0.142154 tcp 10.0.2.109 60629 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:25.791318 0.984105 tcp 10.0.2.109 60630 -> 46.50.226.74 10856 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:26.493642 0.053025 tcp 10.0.2.109 60631 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:26.546864 0.053838 tcp 10.0.2.109 60632 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:26.601032 0.148575 tcp 10.0.2.109 60633 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:26.775644 2.999851 tcp 10.0.2.109 60634 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:57:35.783673 0.000000 tcp 10.0.2.109 60634 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:57:41.773491 0.051618 tcp 10.0.2.109 60635 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:41.825438 0.054909 tcp 10.0.2.109 60636 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:41.880657 0.144851 tcp 10.0.2.109 60637 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:57:42.060899 2.996088 tcp 10.0.2.109 60638 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:57:51.055913 0.000000 tcp 10.0.2.109 60638 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:57:57.055113 3.003715 tcp 10.0.2.109 60639 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:58:06.057371 0.000000 tcp 10.0.2.109 60639 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:58:12.056312 3.004215 tcp 10.0.2.109 60640 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:58:21.059304 0.000000 tcp 10.0.2.109 60640 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:58:27.057545 3.004513 tcp 10.0.2.109 60641 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:58:31.573996 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 20:58:36.060742 0.000000 tcp 10.0.2.109 60641 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:58:42.059177 0.621655 tcp 10.0.2.109 60642 -> 46.50.226.74 10856 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/01/21 20:58:42.680649 2.993663 tcp 10.0.2.109 60643 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 20:58:51.683385 0.000000 tcp 10.0.2.109 60643 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:00:47.783736 3.000375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 21:00:54.789926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:01:02.791670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:01:18.794587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:01:50.800494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:03:57.683911 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:03:57.684008 3.003219 tcp 10.0.2.109 60644 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:04:06.686321 0.000000 tcp 10.0.2.109 60644 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:04:12.686426 0.156127 tcp 10.0.2.109 60645 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:12.842830 0.054477 tcp 10.0.2.109 60646 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:12.897593 0.142977 tcp 10.0.2.109 60647 -> 195.113.214.211 443 SRPA* 0 0 39 28720 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:13.195029 3.004734 tcp 10.0.2.109 60648 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:04:22.198742 0.000000 tcp 10.0.2.109 60648 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:04:28.187906 0.163961 tcp 10.0.2.109 60649 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:28.351755 0.054873 tcp 10.0.2.109 60650 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:28.406469 0.144692 tcp 10.0.2.109 60651 -> 195.113.214.211 443 SRPA* 0 0 20 10684 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:28.682537 2.999482 tcp 10.0.2.109 60652 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:04:37.680795 0.000000 tcp 10.0.2.109 60652 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:04:43.680031 0.052510 tcp 10.0.2.109 60653 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:43.732883 0.054468 tcp 10.0.2.109 60654 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:43.787197 0.145860 tcp 10.0.2.109 60655 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:43.955574 3.008248 tcp 10.0.2.109 60656 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:04:52.972604 0.000000 tcp 10.0.2.109 60656 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:04:58.952021 0.053655 tcp 10.0.2.109 60657 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:59.005515 0.054552 tcp 10.0.2.109 60658 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:59.060476 0.148962 tcp 10.0.2.109 60659 -> 195.113.214.211 443 SRPA* 0 0 34 26098 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:59.297488 0.972428 tcp 10.0.2.109 60660 -> 46.50.226.74 10856 FSPA* 0 0 12 1467 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:04:59.980490 0.053137 tcp 10.0.2.109 60661 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:05:00.033868 0.052539 tcp 10.0.2.109 60662 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:05:00.086706 0.148674 tcp 10.0.2.109 60663 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:05:00.270308 2.996671 tcp 10.0.2.109 60664 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:05:09.265738 0.000000 tcp 10.0.2.109 60664 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:05:15.295143 0.052932 tcp 10.0.2.109 60665 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:05:15.348376 0.054131 tcp 10.0.2.109 60666 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:05:15.402416 0.149290 tcp 10.0.2.109 60667 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:05:15.599425 3.000015 tcp 10.0.2.109 60668 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:05:24.597922 0.000000 tcp 10.0.2.109 60668 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:05:30.596978 3.004036 tcp 10.0.2.109 60669 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:05:39.599533 0.000000 tcp 10.0.2.109 60669 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:05:45.598567 3.004245 tcp 10.0.2.109 60670 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:05:54.600907 0.000000 tcp 10.0.2.109 60670 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:06:00.599766 3.004082 tcp 10.0.2.109 60671 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:06:05.156193 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:06:09.612879 0.000000 tcp 10.0.2.109 60671 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:06:15.601396 0.685873 tcp 10.0.2.109 60672 -> 46.50.226.74 10856 FSPA* 0 0 14 1575 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:06:16.287521 2.999302 tcp 10.0.2.109 60673 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:06:25.285091 0.000000 tcp 10.0.2.109 60673 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:07:54.887300 3.000838 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 21:08:01.894074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:08:09.916032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:08:25.918547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:08:57.924597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:11:31.285777 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:11:31.285957 3.003525 tcp 10.0.2.109 60674 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:11:40.287882 0.000000 tcp 10.0.2.109 60674 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:11:46.288259 0.053188 tcp 10.0.2.109 60675 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:11:46.341720 0.055252 tcp 10.0.2.109 60676 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:11:46.396811 0.146699 tcp 10.0.2.109 60677 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:11:46.669239 3.002454 tcp 10.0.2.109 60678 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:11:55.669984 0.000000 tcp 10.0.2.109 60678 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:12:01.669452 0.052940 tcp 10.0.2.109 60679 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:01.722688 0.055473 tcp 10.0.2.109 60680 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:01.778491 0.144808 tcp 10.0.2.109 60681 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:01.950272 3.003438 tcp 10.0.2.109 60682 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:12:10.951916 0.000000 tcp 10.0.2.109 60682 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:12:16.951792 0.052520 tcp 10.0.2.109 60683 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:17.004603 0.053842 tcp 10.0.2.109 60684 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:17.058802 0.154094 tcp 10.0.2.109 60685 -> 195.113.214.211 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:17.233193 2.992506 tcp 10.0.2.109 60686 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:12:26.234222 0.000000 tcp 10.0.2.109 60686 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:12:32.233625 0.052942 tcp 10.0.2.109 60687 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:32.286929 0.054255 tcp 10.0.2.109 60688 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:32.341030 0.157696 tcp 10.0.2.109 60689 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:32.700138 1.093781 tcp 10.0.2.109 60690 -> 46.50.226.74 10856 FSPA* 0 0 14 1689 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:33.327276 0.052942 tcp 10.0.2.109 60691 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:33.380486 0.053479 tcp 10.0.2.109 60692 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:33.434273 0.148329 tcp 10.0.2.109 60693 -> 195.113.214.211 443 SRPA* 0 0 88 70930 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:33.794200 3.005545 tcp 10.0.2.109 60694 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:12:42.797724 0.000000 tcp 10.0.2.109 60694 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:12:48.787088 0.053435 tcp 10.0.2.109 60695 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:48.840399 0.053438 tcp 10.0.2.109 60696 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:48.893723 0.151756 tcp 10.0.2.109 60697 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:12:49.109220 3.002121 tcp 10.0.2.109 60698 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:12:58.109978 0.000000 tcp 10.0.2.109 60698 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:13:04.108938 3.004397 tcp 10.0.2.109 60699 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:13:13.111777 0.000000 tcp 10.0.2.109 60699 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:13:19.110749 2.993972 tcp 10.0.2.109 60700 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:13:28.113265 0.000000 tcp 10.0.2.109 60700 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:13:34.112242 2.994116 tcp 10.0.2.109 60701 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:13:38.658721 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:13:43.104393 0.000000 tcp 10.0.2.109 60701 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:13:49.113554 1.098225 tcp 10.0.2.109 60702 -> 46.50.226.74 10856 FSPA* 0 0 12 1581 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:13:50.212014 2.997151 tcp 10.0.2.109 60703 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:13:59.207962 0.000000 tcp 10.0.2.109 60703 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:15:02.120565 3.002295 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 21:15:09.128119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:15:17.130437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:15:33.132615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:16:05.139230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:18:25.881747 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:18:25.881902 0.263880 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:26.397476 0.082011 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:26.459909 0.056367 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:26.817980 0.069241 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2026 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:27.645359 0.135953 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:28.206900 0.189375 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:28.905104 0.167872 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:29.065230 0.175077 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:29.392750 0.190586 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:29.585253 0.103804 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:29.694533 0.171328 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:29.842766 0.122379 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:29.983233 0.161518 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:30.219335 0.358914 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:30.764421 0.316333 rtp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2613 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:31.039636 0.171978 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:31.271809 0.170415 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:31.418440 0.159094 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:31.572646 0.530190 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:32.081524 0.046096 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:32.236716 0.190028 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:32.419250 0.342885 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:32.740883 0.000000 udp 10.0.2.109 3683 -> 116.58.61.124 1206 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 21:18:49.296791 0.053762 tcp 10.0.2.109 60704 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:18:49.350817 0.055118 tcp 10.0.2.109 60705 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:18:49.405787 0.150773 tcp 10.0.2.109 60706 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:18:49.557133 1.146934 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:50.685268 0.473567 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:51.089561 0.178449 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:51.273227 0.047000 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:51.319104 0.051184 rtp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:51.537508 0.111755 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:51.605893 0.196459 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:52.143675 0.151704 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:52.293111 0.165244 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:18:52.760070 0.196987 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:19:05.208204 3.004087 tcp 10.0.2.109 60707 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:19:14.211092 0.000000 tcp 10.0.2.109 60707 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:19:20.210161 0.054358 tcp 10.0.2.109 60708 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:19:20.264358 0.052905 tcp 10.0.2.109 60709 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:19:20.317652 0.143863 tcp 10.0.2.109 60710 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:19:20.494064 3.000029 tcp 10.0.2.109 60711 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:19:29.502877 0.000000 tcp 10.0.2.109 60711 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:19:35.492600 0.053430 tcp 10.0.2.109 60712 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:19:35.546338 0.054278 tcp 10.0.2.109 60713 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:19:35.600915 0.147836 tcp 10.0.2.109 60714 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:19:35.914184 3.002277 tcp 10.0.2.109 60715 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:19:44.915208 0.000000 tcp 10.0.2.109 60715 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:19:50.914107 0.052764 tcp 10.0.2.109 60716 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:19:50.967172 0.055201 tcp 10.0.2.109 60717 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:19:51.022581 0.150207 tcp 10.0.2.109 60718 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:19:51.280287 2.997791 tcp 10.0.2.109 60719 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:20:00.277178 0.000000 tcp 10.0.2.109 60719 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:20:06.276138 0.052457 tcp 10.0.2.109 60720 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:06.328952 0.052932 tcp 10.0.2.109 60721 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:06.381652 0.143638 tcp 10.0.2.109 60722 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:06.603195 1.370542 tcp 10.0.2.109 60723 -> 46.50.226.74 10856 FSPA* 0 0 14 1622 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:07.257422 0.052894 tcp 10.0.2.109 60724 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:07.310615 0.053280 tcp 10.0.2.109 60725 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:07.364217 0.146085 tcp 10.0.2.109 60726 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:07.973994 3.008440 tcp 10.0.2.109 60727 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:20:16.980824 0.000000 tcp 10.0.2.109 60727 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:20:22.970648 0.054227 tcp 10.0.2.109 60728 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:23.024733 0.054194 tcp 10.0.2.109 60729 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:23.079274 0.148395 tcp 10.0.2.109 60730 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:20:23.456816 2.997792 tcp 10.0.2.109 60731 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:20:32.463571 0.000000 tcp 10.0.2.109 60731 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:20:38.451800 2.994564 tcp 10.0.2.109 60732 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:20:47.444612 0.000000 tcp 10.0.2.109 60732 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:20:53.453500 3.004406 tcp 10.0.2.109 60733 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:21:02.456716 0.000000 tcp 10.0.2.109 60733 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:21:07.353348 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:21:08.455277 3.003748 tcp 10.0.2.109 60734 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:21:17.457666 0.000000 tcp 10.0.2.109 60734 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:21:23.457176 0.749800 tcp 10.0.2.109 60735 -> 46.50.226.74 10856 FSPA* 0 0 14 1622 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:21:24.206829 3.005035 tcp 10.0.2.109 60736 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:21:33.210735 0.000000 tcp 10.0.2.109 60736 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:22:09.145275 3.001046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 21:22:16.152349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:22:24.153782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:22:40.157240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:23:12.162794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:26:39.201504 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:26:39.201634 2.993358 tcp 10.0.2.109 60737 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:26:48.203357 0.000000 tcp 10.0.2.109 60737 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:26:54.203960 0.053761 tcp 10.0.2.109 60738 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:26:54.258021 0.052171 tcp 10.0.2.109 60739 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:26:54.310572 0.144175 tcp 10.0.2.109 60740 -> 195.113.214.211 443 SRPA* 0 0 62 59396 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:26:54.821160 2.995916 tcp 10.0.2.109 60741 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:27:03.816074 0.000000 tcp 10.0.2.109 60741 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:27:09.815216 0.052259 tcp 10.0.2.109 60742 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:09.867736 0.053599 tcp 10.0.2.109 60743 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:09.921735 0.152495 tcp 10.0.2.109 60744 -> 195.113.214.211 443 SRPA* 0 0 66 47184 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:10.552238 2.997574 tcp 10.0.2.109 60745 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:27:19.548828 0.000000 tcp 10.0.2.109 60745 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:27:25.558162 0.073015 tcp 10.0.2.109 60746 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:25.631468 0.053308 tcp 10.0.2.109 60747 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:25.684667 0.156932 tcp 10.0.2.109 60748 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:26.269536 3.003294 tcp 10.0.2.109 60749 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:27:35.271245 0.000000 tcp 10.0.2.109 60749 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:27:41.270034 0.054126 tcp 10.0.2.109 60750 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:41.323969 0.054016 tcp 10.0.2.109 60751 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:41.377812 0.148439 tcp 10.0.2.109 60752 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:41.732788 1.264427 tcp 10.0.2.109 60753 -> 46.50.226.74 10856 FSPA* 0 0 14 1675 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:42.390558 0.054685 tcp 10.0.2.109 60754 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:42.445524 0.053465 tcp 10.0.2.109 60755 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:42.499221 0.146264 tcp 10.0.2.109 60756 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:42.997404 2.998876 tcp 10.0.2.109 60757 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:27:51.995155 0.000000 tcp 10.0.2.109 60757 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:27:57.995000 0.052967 tcp 10.0.2.109 60758 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:58.047813 0.053121 tcp 10.0.2.109 60759 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:58.101184 0.148713 tcp 10.0.2.109 60760 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:27:58.769824 2.999591 tcp 10.0.2.109 60761 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:28:07.767587 0.000000 tcp 10.0.2.109 60761 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:28:13.766401 3.004770 tcp 10.0.2.109 60762 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:28:22.769833 0.000000 tcp 10.0.2.109 60762 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:28:28.768438 3.004560 tcp 10.0.2.109 60763 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:28:37.770911 0.000000 tcp 10.0.2.109 60763 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:28:42.347600 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:28:43.769752 2.994160 tcp 10.0.2.109 60764 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:28:52.772964 0.000000 tcp 10.0.2.109 60764 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:28:58.771337 0.648395 tcp 10.0.2.109 60765 -> 46.50.226.74 10856 FSPA* 0 0 14 1675 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:28:59.419593 2.996560 tcp 10.0.2.109 60766 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:29:08.415161 0.000000 tcp 10.0.2.109 60766 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:29:16.169165 3.001970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 21:29:23.176120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:29:31.177652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:29:47.181076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:30:19.187264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:34:14.416106 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:34:14.416212 3.003649 tcp 10.0.2.109 60767 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:34:23.417813 0.000000 tcp 10.0.2.109 60767 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:34:29.418532 0.053123 tcp 10.0.2.109 60768 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:34:29.471998 0.055901 tcp 10.0.2.109 60769 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:34:29.528257 0.148280 tcp 10.0.2.109 60770 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:34:30.064908 3.006706 tcp 10.0.2.109 60771 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:34:39.070512 0.000000 tcp 10.0.2.109 60771 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:34:45.059646 0.051622 tcp 10.0.2.109 60772 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:34:45.111514 0.052720 tcp 10.0.2.109 60773 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:34:45.164542 0.142964 tcp 10.0.2.109 60774 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:34:45.383230 2.990560 tcp 10.0.2.109 60775 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:34:54.382426 0.000000 tcp 10.0.2.109 60775 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:35:00.381903 0.053167 tcp 10.0.2.109 60776 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:00.435371 0.052297 tcp 10.0.2.109 60777 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:00.487956 0.149395 tcp 10.0.2.109 60778 -> 195.113.214.211 443 SRPA* 0 0 41 23260 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:01.208348 2.998674 tcp 10.0.2.109 60779 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:35:10.205357 0.000000 tcp 10.0.2.109 60779 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:35:16.204710 0.052461 tcp 10.0.2.109 60780 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:16.257470 0.052727 tcp 10.0.2.109 60781 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:16.310448 0.142660 tcp 10.0.2.109 60782 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:16.576479 1.027388 tcp 10.0.2.109 60783 -> 46.50.226.74 10856 FSPA* 0 0 14 1752 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:17.233501 0.051534 tcp 10.0.2.109 60784 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:17.285188 0.055102 tcp 10.0.2.109 60785 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:17.340604 0.154796 tcp 10.0.2.109 60786 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:17.604105 3.005917 tcp 10.0.2.109 60787 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:35:26.609521 0.000000 tcp 10.0.2.109 60787 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:35:32.598667 0.053351 tcp 10.0.2.109 60788 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:32.652322 0.055169 tcp 10.0.2.109 60789 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:32.707737 0.178722 tcp 10.0.2.109 60790 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:35:33.328493 3.004232 tcp 10.0.2.109 60791 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:35:42.331752 0.000000 tcp 10.0.2.109 60791 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:35:48.520462 2.994431 tcp 10.0.2.109 60792 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:35:57.523668 0.000000 tcp 10.0.2.109 60792 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:36:03.522414 2.993922 tcp 10.0.2.109 60793 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:36:12.515077 0.000000 tcp 10.0.2.109 60793 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:36:17.051528 0.568517 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:36:18.774221 3.003799 tcp 10.0.2.109 60794 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:36:24.645316 3.001571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 21:36:27.776659 0.000000 tcp 10.0.2.109 60794 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:36:31.652095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:36:33.776127 0.635569 tcp 10.0.2.109 60795 -> 46.50.226.74 10856 FSPA* 0 0 14 1752 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:36:34.411515 2.998973 tcp 10.0.2.109 60796 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:36:39.653830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:36:43.409271 0.000000 tcp 10.0.2.109 60796 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:36:55.657289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:37:27.662944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:41:49.410412 0.000179 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:41:49.410710 3.002971 tcp 10.0.2.109 60797 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:41:58.412203 0.000000 tcp 10.0.2.109 60797 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:42:04.412341 0.053302 tcp 10.0.2.109 60798 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:04.465434 0.053556 tcp 10.0.2.109 60799 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:04.518847 0.142306 tcp 10.0.2.109 60800 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:04.691851 2.993741 tcp 10.0.2.109 60801 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:42:13.683899 0.000000 tcp 10.0.2.109 60801 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:42:19.693609 0.053245 tcp 10.0.2.109 60802 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:19.747150 0.052412 tcp 10.0.2.109 60803 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:19.799853 0.142007 tcp 10.0.2.109 60804 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:20.107019 3.000696 tcp 10.0.2.109 60805 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:42:29.106546 0.000000 tcp 10.0.2.109 60805 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:42:35.105370 0.053742 tcp 10.0.2.109 60806 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:35.158872 0.054566 tcp 10.0.2.109 60807 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:35.213244 0.152021 tcp 10.0.2.109 60808 -> 195.113.214.211 443 SRPA* 0 0 56 36832 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:35.656384 3.003604 tcp 10.0.2.109 60809 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:42:44.658860 0.000000 tcp 10.0.2.109 60809 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:42:50.657675 0.052683 tcp 10.0.2.109 60810 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:50.710624 0.053064 tcp 10.0.2.109 60811 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:50.763923 0.142171 tcp 10.0.2.109 60812 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:51.260010 1.096870 tcp 10.0.2.109 60813 -> 46.50.226.74 10856 FSPA* 0 0 14 1715 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:51.967223 0.054118 tcp 10.0.2.109 60814 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:52.021599 0.053036 tcp 10.0.2.109 60815 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:52.074921 0.141872 tcp 10.0.2.109 60816 -> 195.113.214.211 443 SRPA* 0 0 46 41914 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:42:52.357101 2.997079 tcp 10.0.2.109 60817 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:43:01.362611 0.000000 tcp 10.0.2.109 60817 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:43:07.352218 0.054444 tcp 10.0.2.109 60818 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:43:07.407010 0.053331 tcp 10.0.2.109 60819 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:43:07.460647 0.146587 tcp 10.0.2.109 60820 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:43:07.645745 3.000480 tcp 10.0.2.109 60821 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:43:16.644598 0.000000 tcp 10.0.2.109 60821 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:43:22.643417 2.994239 tcp 10.0.2.109 60822 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:43:31.636283 0.000000 tcp 10.0.2.109 60822 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:43:31.669427 3.001099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 21:43:37.644956 3.004255 tcp 10.0.2.109 60823 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:43:38.676340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:43:46.647746 0.000000 tcp 10.0.2.109 60823 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:43:46.677725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:43:52.646709 3.004259 tcp 10.0.2.109 60824 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:43:57.303429 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:44:01.649299 0.000000 tcp 10.0.2.109 60824 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:44:02.680635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:44:07.647959 0.636278 tcp 10.0.2.109 60825 -> 46.50.226.74 10856 FSPA* 0 0 14 1715 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:44:08.284396 3.009244 tcp 10.0.2.109 60826 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:44:17.292025 0.000000 tcp 10.0.2.109 60826 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:44:34.687246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:48:55.041893 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:48:55.041995 0.701117 udp 10.0.2.109 3683 -> 116.58.61.124 1206 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 21:48:55.743112 0.000000 icmp 116.58.61.124 0x0303 -> 10.0.2.109 0xb604 URP 192 1 275 flow=Background 1970/01/21 21:49:11.646584 0.052552 tcp 10.0.2.109 60827 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:49:11.699445 0.053566 tcp 10.0.2.109 60828 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:49:11.753259 0.140749 tcp 10.0.2.109 60829 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:49:11.894536 0.054744 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:11.990936 0.273479 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:12.253252 0.080189 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:12.496770 0.142623 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:13.517644 0.070546 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:13.593955 0.186251 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:13.777111 0.194157 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:13.974697 0.176010 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:14.311037 0.147508 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:14.800193 0.195657 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:15.759296 0.119040 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:16.182985 0.102872 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2047 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:16.406477 0.158992 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:17.014627 0.370368 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:17.384840 0.168804 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:17.531170 0.166948 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:17.692034 0.166710 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:17.858774 0.127576 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:17.948662 0.344765 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:18.274159 0.045656 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:18.525665 0.045944 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:18.580983 0.190796 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:18.763988 1.419075 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:20.230270 0.436282 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:20.614334 0.167170 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:20.840849 0.047523 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:20.917978 0.057278 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:21.006850 0.113774 rtp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:21.099896 0.160747 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:21.451168 0.198384 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:21.640438 0.193879 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:21.905702 0.182018 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 4 1174 flow=From-Botnet-V1-UDP-Established 1970/01/21 21:49:23.282244 2.993853 tcp 10.0.2.109 60830 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:49:32.274803 0.000000 tcp 10.0.2.109 60830 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:49:38.283977 0.051706 tcp 10.0.2.109 60831 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:49:38.335951 0.053780 tcp 10.0.2.109 60832 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:49:38.389715 0.144171 tcp 10.0.2.109 60833 -> 195.113.214.211 443 SRPA* 0 0 38 33834 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:49:38.702050 2.996530 tcp 10.0.2.109 60834 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:49:47.696762 0.000000 tcp 10.0.2.109 60834 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:49:53.696591 0.052652 tcp 10.0.2.109 60835 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:49:53.749119 0.053733 tcp 10.0.2.109 60836 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:49:53.803147 0.143201 tcp 10.0.2.109 60837 -> 195.113.214.211 443 SRPA* 0 0 35 19368 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:49:54.336771 3.003914 tcp 10.0.2.109 60838 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:50:03.339708 0.000000 tcp 10.0.2.109 60838 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:50:09.339028 0.051808 tcp 10.0.2.109 60839 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:09.391131 0.052490 tcp 10.0.2.109 60840 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:09.443907 0.146021 tcp 10.0.2.109 60841 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:09.705127 3.008041 tcp 10.0.2.109 60842 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:50:18.711534 0.000000 tcp 10.0.2.109 60842 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:50:24.700659 0.052476 tcp 10.0.2.109 60843 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:24.752957 0.053219 tcp 10.0.2.109 60844 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:24.806361 0.155507 tcp 10.0.2.109 60845 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:24.979299 1.033588 tcp 10.0.2.109 60846 -> 46.50.226.74 10856 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:25.617351 0.052511 tcp 10.0.2.109 60847 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:25.669690 0.053126 tcp 10.0.2.109 60848 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:25.723110 0.142645 tcp 10.0.2.109 60849 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:26.013135 2.992978 tcp 10.0.2.109 60850 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:50:35.005158 0.000000 tcp 10.0.2.109 60850 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:50:38.693992 3.000484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 21:50:41.014368 0.051549 tcp 10.0.2.109 60851 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:41.066231 0.052587 tcp 10.0.2.109 60852 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:41.119037 0.146431 tcp 10.0.2.109 60853 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:50:41.280066 2.998069 tcp 10.0.2.109 60854 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:50:45.700356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:50:50.276883 0.000000 tcp 10.0.2.109 60854 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:50:53.701893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:50:56.275768 3.003805 tcp 10.0.2.109 60855 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:51:05.278773 0.000000 tcp 10.0.2.109 60855 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:51:09.704978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:51:11.277421 3.003989 tcp 10.0.2.109 60856 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:51:20.279731 0.000000 tcp 10.0.2.109 60856 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:51:26.279015 3.003756 tcp 10.0.2.109 60857 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:51:30.794830 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:51:35.281284 0.000000 tcp 10.0.2.109 60857 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:51:41.280737 0.674171 tcp 10.0.2.109 60858 -> 46.50.226.74 10856 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:51:41.710628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:51:41.955083 3.000401 tcp 10.0.2.109 60859 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:51:50.954528 0.000000 tcp 10.0.2.109 60859 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:56:56.954353 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:56:56.954531 3.003735 tcp 10.0.2.109 60860 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:57:05.957159 0.000000 tcp 10.0.2.109 60860 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:57:11.958250 0.052568 tcp 10.0.2.109 60861 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:12.011081 0.052724 tcp 10.0.2.109 60862 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:12.064135 0.147652 tcp 10.0.2.109 60863 -> 195.113.214.211 443 SRPA* 0 0 49 42076 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:12.224975 3.005359 tcp 10.0.2.109 60864 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:57:21.229055 0.000000 tcp 10.0.2.109 60864 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:57:27.218289 0.051414 tcp 10.0.2.109 60865 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:27.269549 0.052997 tcp 10.0.2.109 60866 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:27.322844 0.142559 tcp 10.0.2.109 60867 -> 195.113.214.211 443 SRPA* 0 0 51 33778 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:27.477788 3.004843 tcp 10.0.2.109 60868 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:57:36.480827 0.000000 tcp 10.0.2.109 60868 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:57:42.480187 0.052296 tcp 10.0.2.109 60869 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:42.532333 0.051148 tcp 10.0.2.109 60870 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:42.583808 0.144790 tcp 10.0.2.109 60871 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:42.744445 2.999638 tcp 10.0.2.109 60872 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:57:45.716535 3.002040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 21:57:51.752760 0.000000 tcp 10.0.2.109 60872 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:57:52.724140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:57:57.742378 0.052331 tcp 10.0.2.109 60873 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:57.795004 0.053921 tcp 10.0.2.109 60874 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:57.849271 0.143161 tcp 10.0.2.109 60875 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:58.008953 0.941973 tcp 10.0.2.109 60876 -> 46.50.226.74 10856 FSPA* 0 0 12 1537 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:58.687002 0.052574 tcp 10.0.2.109 60877 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:58.739939 0.055678 tcp 10.0.2.109 60878 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:58.795902 0.144695 tcp 10.0.2.109 60879 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:57:58.951221 2.996540 tcp 10.0.2.109 60880 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:58:00.725815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:58:07.945847 0.000000 tcp 10.0.2.109 60880 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:58:13.945579 0.052213 tcp 10.0.2.109 60881 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:58:13.998246 0.053710 tcp 10.0.2.109 60882 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:58:14.051831 0.144815 tcp 10.0.2.109 60883 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:58:14.207249 3.002370 tcp 10.0.2.109 60884 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:58:16.729198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:58:23.208290 0.000000 tcp 10.0.2.109 60884 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:58:29.207001 3.004385 tcp 10.0.2.109 60885 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:58:38.210001 0.000000 tcp 10.0.2.109 60885 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:58:44.208185 3.004458 tcp 10.0.2.109 60886 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:58:48.735213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 21:58:53.210932 0.000000 tcp 10.0.2.109 60886 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:58:59.209821 2.994150 tcp 10.0.2.109 60887 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:59:03.796705 0.000134 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 21:59:08.213171 0.000000 tcp 10.0.2.109 60887 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:59:14.211819 3.961422 tcp 10.0.2.109 60888 -> 46.50.226.74 10856 FSPA* 0 0 14 1645 flow=From-Botnet-V1-TCP-Established 1970/01/21 21:59:18.062052 2.999284 tcp 10.0.2.109 60889 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 21:59:27.059596 0.000000 tcp 10.0.2.109 60889 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:04:33.060064 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:04:33.060260 2.993710 tcp 10.0.2.109 60890 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:04:42.063113 0.000000 tcp 10.0.2.109 60890 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:04:48.063652 0.056280 tcp 10.0.2.109 60891 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:04:48.120220 0.053540 tcp 10.0.2.109 60892 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:04:48.173592 0.141858 tcp 10.0.2.109 60893 -> 195.113.214.211 443 SRPA* 0 0 41 34010 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:04:48.587225 2.999307 tcp 10.0.2.109 60894 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:04:52.740390 3.002198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 22:04:57.585060 0.000000 tcp 10.0.2.109 60894 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:04:59.748073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:05:03.584810 0.052178 tcp 10.0.2.109 60895 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:03.636838 0.053411 tcp 10.0.2.109 60896 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:03.689865 0.145806 tcp 10.0.2.109 60897 -> 195.113.214.211 443 SRPA* 0 0 43 24396 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:04.204488 3.004380 tcp 10.0.2.109 60898 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:05:08.000078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:05:13.207721 0.000000 tcp 10.0.2.109 60898 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:05:19.447509 0.052932 tcp 10.0.2.109 60899 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:19.500294 0.053286 tcp 10.0.2.109 60900 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:19.553899 0.148632 tcp 10.0.2.109 60901 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:20.189491 3.002763 tcp 10.0.2.109 60902 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:05:24.002992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:05:29.190518 0.000000 tcp 10.0.2.109 60902 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:05:35.190241 0.052003 tcp 10.0.2.109 60903 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:35.242198 0.052439 tcp 10.0.2.109 60904 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:35.294476 0.143728 tcp 10.0.2.109 60905 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:35.478768 0.964263 tcp 10.0.2.109 60906 -> 46.50.226.74 10856 FSPA* 0 0 14 1604 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:36.175276 0.051713 tcp 10.0.2.109 60907 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:36.227336 0.052578 tcp 10.0.2.109 60908 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:36.280214 0.147079 tcp 10.0.2.109 60909 -> 195.113.214.211 443 SRPA* 0 0 48 28720 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:36.443306 2.992186 tcp 10.0.2.109 60910 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:05:45.433797 0.000000 tcp 10.0.2.109 60910 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:05:51.443289 0.051114 tcp 10.0.2.109 60911 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:51.494250 0.051744 tcp 10.0.2.109 60912 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:51.546432 0.150073 tcp 10.0.2.109 60913 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:05:51.759901 2.997263 tcp 10.0.2.109 60914 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:05:56.008887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:06:00.755641 0.000000 tcp 10.0.2.109 60914 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:06:06.754794 3.004328 tcp 10.0.2.109 60915 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:06:15.757254 0.000000 tcp 10.0.2.109 60915 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:06:21.756595 3.004173 tcp 10.0.2.109 60916 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:06:30.759376 0.000000 tcp 10.0.2.109 60916 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:06:36.758105 3.003747 tcp 10.0.2.109 60917 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:06:41.544826 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:06:45.760747 0.000000 tcp 10.0.2.109 60917 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:06:51.759972 0.625905 tcp 10.0.2.109 60918 -> 46.50.226.74 10856 FSPA* 0 0 14 1604 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:06:52.386268 2.998531 tcp 10.0.2.109 60919 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:07:01.393369 0.000000 tcp 10.0.2.109 60919 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:12:00.015160 3.001372 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 22:12:07.022798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:12:07.383751 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:12:07.383919 2.993580 tcp 10.0.2.109 60920 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:12:15.023790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:12:16.376119 0.000000 tcp 10.0.2.109 60920 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:12:22.447085 0.055519 tcp 10.0.2.109 60921 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:12:22.502521 0.052670 tcp 10.0.2.109 60922 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:12:22.555579 0.147289 tcp 10.0.2.109 60923 -> 195.113.214.211 443 SRPA* 0 0 34 19454 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:12:22.763195 2.996651 tcp 10.0.2.109 60924 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:12:31.087557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:12:31.758571 0.000000 tcp 10.0.2.109 60924 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:12:37.757360 0.051256 tcp 10.0.2.109 60925 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:12:37.808873 0.052471 tcp 10.0.2.109 60926 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:12:37.861592 0.144865 tcp 10.0.2.109 60927 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:12:38.101459 2.999983 tcp 10.0.2.109 60928 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:12:47.099952 0.000000 tcp 10.0.2.109 60928 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:12:53.099238 0.052591 tcp 10.0.2.109 60929 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:12:53.151672 0.053029 tcp 10.0.2.109 60930 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:12:53.205018 0.143387 tcp 10.0.2.109 60931 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:12:53.359269 3.004556 tcp 10.0.2.109 60932 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:13:02.362434 0.000000 tcp 10.0.2.109 60932 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:13:03.093197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:13:08.361259 0.052576 tcp 10.0.2.109 60933 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:08.414193 0.052393 tcp 10.0.2.109 60934 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:08.466889 0.143752 tcp 10.0.2.109 60935 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:08.672530 1.318702 tcp 10.0.2.109 60936 -> 46.50.226.74 10856 FSPA* 0 0 14 1550 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:09.327683 0.052649 tcp 10.0.2.109 60937 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:09.380680 0.053468 tcp 10.0.2.109 60938 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:09.434517 0.150916 tcp 10.0.2.109 60939 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:09.991544 2.995637 tcp 10.0.2.109 60940 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:13:18.985810 0.000000 tcp 10.0.2.109 60940 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:13:24.985107 0.052672 tcp 10.0.2.109 60941 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:25.038230 0.053715 tcp 10.0.2.109 60942 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:25.092235 0.146238 tcp 10.0.2.109 60943 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:13:25.364504 3.005038 tcp 10.0.2.109 60944 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:13:34.368369 0.000000 tcp 10.0.2.109 60944 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:13:40.357018 3.004018 tcp 10.0.2.109 60945 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:13:49.359821 0.000000 tcp 10.0.2.109 60945 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:13:55.358654 3.004109 tcp 10.0.2.109 60946 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:14:04.360949 0.000000 tcp 10.0.2.109 60946 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:14:10.359875 2.994014 tcp 10.0.2.109 60947 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:14:15.106421 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:14:19.363269 0.000000 tcp 10.0.2.109 60947 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:14:25.361831 0.622885 tcp 10.0.2.109 60948 -> 46.50.226.74 10856 FSPA* 0 0 14 1550 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:14:25.984999 3.001638 tcp 10.0.2.109 60949 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:14:34.985385 0.000000 tcp 10.0.2.109 60949 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:19:07.098729 3.002028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 22:19:14.106877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:19:22.107886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:19:31.021203 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:19:31.021440 0.055216 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:31.131141 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 22:19:38.110918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:19:40.985904 3.003987 tcp 10.0.2.109 60950 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:19:47.877436 0.053486 tcp 10.0.2.109 60951 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:19:47.931212 0.054063 tcp 10.0.2.109 60952 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:19:47.985566 0.151505 tcp 10.0.2.109 60953 -> 195.113.214.211 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:19:48.136545 0.084065 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:48.200836 0.135574 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:48.536583 0.072489 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:48.625215 0.183539 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:48.805263 0.197466 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:49.007530 0.174005 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:49.159433 0.167337 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:49.386281 0.150914 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:49.533451 0.152854 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:49.939297 0.122252 rtp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:49.988061 0.000000 tcp 10.0.2.109 60950 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:19:50.025866 0.104558 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:50.267894 0.344439 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:50.742940 0.168774 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:50.886322 0.167136 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:51.294530 0.167962 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:51.459349 0.198385 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:51.619199 0.041073 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:51.772001 0.190852 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:51.956096 0.345122 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:52.408872 0.045812 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:52.446820 0.099869 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:52.679511 1.647386 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:54.290602 0.178358 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:54.551983 0.047050 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:54.597894 0.047222 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:54.787263 0.207302 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:54.982270 0.788482 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:55.728373 0.116800 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:55.962684 0.161203 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:55.987509 0.053601 tcp 10.0.2.109 60954 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:19:56.041444 0.052518 tcp 10.0.2.109 60955 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:19:56.094460 0.145686 tcp 10.0.2.109 60956 -> 195.113.214.211 443 SRPA* 0 0 63 44510 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:19:56.175370 0.183142 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:19:56.367148 3.004993 tcp 10.0.2.109 60957 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:20:05.370389 0.000000 tcp 10.0.2.109 60957 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:20:10.117341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:25:11.360673 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:25:11.360851 2.993993 tcp 10.0.2.109 60958 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:25:20.362981 0.000000 tcp 10.0.2.109 60958 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:25:26.364008 0.051915 tcp 10.0.2.109 60959 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:25:26.416264 0.052393 tcp 10.0.2.109 60960 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:25:26.469083 0.145368 tcp 10.0.2.109 60961 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:25:27.012358 2.994759 tcp 10.0.2.109 60962 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:25:36.005378 0.000000 tcp 10.0.2.109 60962 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:25:42.004786 0.052501 tcp 10.0.2.109 60963 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:25:42.057566 0.055412 tcp 10.0.2.109 60964 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:25:42.113285 0.153829 tcp 10.0.2.109 60965 -> 195.113.214.211 443 SRPA* 0 0 44 28476 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:25:42.406377 3.002689 tcp 10.0.2.109 60966 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:25:51.407849 0.000000 tcp 10.0.2.109 60966 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:25:57.407486 0.052621 tcp 10.0.2.109 60967 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:25:57.459944 0.053352 tcp 10.0.2.109 60968 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:25:57.513149 0.149264 tcp 10.0.2.109 60969 -> 195.113.214.211 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:25:58.606327 3.005944 tcp 10.0.2.109 60970 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:26:07.610911 0.000000 tcp 10.0.2.109 60970 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:26:13.600779 0.051906 tcp 10.0.2.109 60971 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:13.652971 0.052686 tcp 10.0.2.109 60972 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:13.705952 0.158085 tcp 10.0.2.109 60973 -> 195.113.214.211 443 SRPA* 0 0 87 61168 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:13.955230 1.570356 tcp 10.0.2.109 60974 -> 46.50.226.74 10856 FSPA* 0 0 14 1753 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:14.122619 3.002277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 22:26:15.171221 0.051451 tcp 10.0.2.109 60975 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:15.222934 0.053014 tcp 10.0.2.109 60976 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:15.276175 0.146598 tcp 10.0.2.109 60977 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:15.525866 3.000647 tcp 10.0.2.109 60978 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:26:21.150941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:26:24.525449 0.000000 tcp 10.0.2.109 60978 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:26:29.152109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:26:30.544696 0.051686 tcp 10.0.2.109 60979 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:30.596628 0.052788 tcp 10.0.2.109 60980 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:30.649648 0.146716 tcp 10.0.2.109 60981 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:26:31.223188 2.996504 tcp 10.0.2.109 60982 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:26:40.218209 0.000000 tcp 10.0.2.109 60982 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:26:45.155520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:26:46.216656 3.004609 tcp 10.0.2.109 60983 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:26:55.219648 0.000000 tcp 10.0.2.109 60983 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:27:01.218283 3.004384 tcp 10.0.2.109 60984 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:27:10.221248 0.000000 tcp 10.0.2.109 60984 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:27:15.127907 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:27:16.219999 2.994335 tcp 10.0.2.109 60985 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:27:17.160980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:27:25.222705 0.000000 tcp 10.0.2.109 60985 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:27:31.221430 0.676096 tcp 10.0.2.109 60986 -> 46.50.226.74 10856 FSPA* 0 0 14 1753 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:27:31.897709 2.998988 tcp 10.0.2.109 60987 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:27:40.895562 0.000000 tcp 10.0.2.109 60987 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:32:46.896191 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:32:46.896423 3.003373 tcp 10.0.2.109 60988 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:32:55.898309 0.000000 tcp 10.0.2.109 60988 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:33:01.899340 0.052898 tcp 10.0.2.109 60989 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:01.952500 0.051984 tcp 10.0.2.109 60990 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:02.004275 0.143819 tcp 10.0.2.109 60991 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:02.231944 2.999450 tcp 10.0.2.109 60992 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:33:11.229995 0.000000 tcp 10.0.2.109 60992 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:33:17.229550 0.051736 tcp 10.0.2.109 60993 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:17.281608 0.054118 tcp 10.0.2.109 60994 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:17.335518 0.146665 tcp 10.0.2.109 60995 -> 195.113.214.211 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:17.865080 3.009404 tcp 10.0.2.109 60996 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:33:21.167878 3.001000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 22:33:26.883053 0.000000 tcp 10.0.2.109 60996 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:33:28.174593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:33:32.861916 0.056868 tcp 10.0.2.109 60997 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:32.918634 0.053425 tcp 10.0.2.109 60998 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:32.972418 0.148492 tcp 10.0.2.109 60999 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:33.648696 2.998106 tcp 10.0.2.109 61000 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:33:36.176383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:33:42.645574 0.000000 tcp 10.0.2.109 61000 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:33:48.644451 0.051815 tcp 10.0.2.109 61001 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:48.696547 0.054317 tcp 10.0.2.109 61002 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:48.750712 0.150761 tcp 10.0.2.109 61003 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:49.268385 1.014818 tcp 10.0.2.109 61004 -> 46.50.226.74 10856 FSPA* 0 0 14 1765 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:49.943410 0.051802 tcp 10.0.2.109 61005 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:49.995499 0.054293 tcp 10.0.2.109 61006 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:50.050012 0.146174 tcp 10.0.2.109 61007 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:33:50.283438 2.997985 tcp 10.0.2.109 61008 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:33:52.179399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:33:59.279374 0.000000 tcp 10.0.2.109 61008 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:34:05.279104 0.051146 tcp 10.0.2.109 61009 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:34:05.330142 0.051820 tcp 10.0.2.109 61010 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:34:05.382475 0.147336 tcp 10.0.2.109 61011 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:34:05.589874 3.002939 tcp 10.0.2.109 61012 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:34:14.591366 0.000000 tcp 10.0.2.109 61012 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:34:20.590055 2.993941 tcp 10.0.2.109 61013 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:34:24.184879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:34:29.593095 0.000000 tcp 10.0.2.109 61013 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:34:35.591889 2.993669 tcp 10.0.2.109 61014 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:34:44.584518 0.000000 tcp 10.0.2.109 61014 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:34:50.593173 2.994180 tcp 10.0.2.109 61015 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:34:55.129807 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:34:59.586498 0.000000 tcp 10.0.2.109 61015 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:35:05.594852 0.724463 tcp 10.0.2.109 61016 -> 46.50.226.74 10856 FSPA* 0 0 14 1765 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:35:06.319474 3.000481 tcp 10.0.2.109 61017 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:35:15.318640 0.000000 tcp 10.0.2.109 61017 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:40:21.319643 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:40:21.319780 3.003346 tcp 10.0.2.109 61018 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:40:28.191339 3.001748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 22:40:30.321901 0.000000 tcp 10.0.2.109 61018 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:40:35.198639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:40:36.322116 0.062250 tcp 10.0.2.109 61019 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:40:36.384654 0.051599 tcp 10.0.2.109 61020 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:40:36.436548 0.150386 tcp 10.0.2.109 61021 -> 195.113.214.211 443 SRPA* 0 0 45 38344 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:40:36.819231 2.996049 tcp 10.0.2.109 61022 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:40:43.199876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:40:45.824124 0.000000 tcp 10.0.2.109 61022 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:40:51.823168 0.051610 tcp 10.0.2.109 61023 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:40:51.875117 0.051937 tcp 10.0.2.109 61024 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:40:51.927364 0.146201 tcp 10.0.2.109 61025 -> 195.113.214.211 443 SRPA* 0 0 41 23282 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:40:52.568497 2.999247 tcp 10.0.2.109 61026 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:40:59.212899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:41:01.566499 0.000000 tcp 10.0.2.109 61026 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:41:07.566026 0.051412 tcp 10.0.2.109 61027 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:07.617805 0.052032 tcp 10.0.2.109 61028 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:07.669682 0.142826 tcp 10.0.2.109 61029 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:07.964055 3.005595 tcp 10.0.2.109 61030 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:41:16.968413 0.000000 tcp 10.0.2.109 61030 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:41:22.958244 0.052342 tcp 10.0.2.109 61031 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:23.010873 0.051699 tcp 10.0.2.109 61032 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:23.062925 0.148835 tcp 10.0.2.109 61033 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:23.424363 1.224740 tcp 10.0.2.109 61034 -> 46.50.226.74 10856 FSPA* 0 0 14 1685 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:24.072774 0.051269 tcp 10.0.2.109 61035 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:24.124333 0.052004 tcp 10.0.2.109 61036 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:24.176209 0.147662 tcp 10.0.2.109 61037 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:24.649375 2.994472 tcp 10.0.2.109 61038 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:41:31.219463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:41:33.652657 0.000000 tcp 10.0.2.109 61038 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:41:39.652167 0.052111 tcp 10.0.2.109 61039 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:39.704121 0.052409 tcp 10.0.2.109 61040 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:39.756763 0.152315 tcp 10.0.2.109 61041 -> 195.113.214.211 443 SRPA* 0 0 39 21208 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:41:40.365523 3.000876 tcp 10.0.2.109 61042 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:41:49.366194 0.000000 tcp 10.0.2.109 61042 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:41:55.364254 3.003563 tcp 10.0.2.109 61043 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:42:04.366418 0.000000 tcp 10.0.2.109 61043 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:42:10.365641 3.003891 tcp 10.0.2.109 61044 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:42:19.368427 0.000000 tcp 10.0.2.109 61044 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:42:24.134852 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:42:25.366918 3.004194 tcp 10.0.2.109 61045 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:42:34.369934 0.000000 tcp 10.0.2.109 61045 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:42:40.368889 0.672993 tcp 10.0.2.109 61046 -> 46.50.226.74 10856 FSPA* 0 0 14 1685 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:42:41.042088 3.001688 tcp 10.0.2.109 61047 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:42:50.052645 0.000000 tcp 10.0.2.109 61047 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:47:35.224533 3.002074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 22:47:42.232540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:47:50.233755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:47:56.043141 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:47:56.043368 2.993362 tcp 10.0.2.109 61048 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:48:05.035242 0.000000 tcp 10.0.2.109 61048 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:48:06.237412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:48:11.045755 0.051989 tcp 10.0.2.109 61049 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:11.098097 0.052198 tcp 10.0.2.109 61050 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:11.150655 0.148851 tcp 10.0.2.109 61051 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:11.324534 3.004106 tcp 10.0.2.109 61052 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:48:20.326978 0.000000 tcp 10.0.2.109 61052 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:48:26.316713 0.051108 tcp 10.0.2.109 61053 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:26.368105 0.052294 tcp 10.0.2.109 61054 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:26.420719 0.149609 tcp 10.0.2.109 61055 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:26.629491 3.001410 tcp 10.0.2.109 61056 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:48:35.629636 0.000000 tcp 10.0.2.109 61056 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:48:38.243276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:48:41.628469 0.051789 tcp 10.0.2.109 61057 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:41.680095 0.055054 tcp 10.0.2.109 61058 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:41.735508 0.152383 tcp 10.0.2.109 61059 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:41.991532 1.046385 tcp 10.0.2.109 61060 -> 46.50.226.74 10856 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:42.648042 0.052094 tcp 10.0.2.109 61061 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:42.700461 0.051970 tcp 10.0.2.109 61062 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:42.752724 0.147168 tcp 10.0.2.109 61063 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:43.037785 2.996247 tcp 10.0.2.109 61064 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:48:52.043077 0.000000 tcp 10.0.2.109 61064 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:48:58.032391 0.051423 tcp 10.0.2.109 61065 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:58.084129 0.053000 tcp 10.0.2.109 61066 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:58.136920 0.146226 tcp 10.0.2.109 61067 -> 195.113.214.211 443 SRPA* 0 0 33 19359 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:48:58.543931 3.002617 tcp 10.0.2.109 61068 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:49:07.545053 0.000000 tcp 10.0.2.109 61068 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:49:13.544292 3.003779 tcp 10.0.2.109 61069 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:49:22.546693 0.000000 tcp 10.0.2.109 61069 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:49:28.545708 3.003935 tcp 10.0.2.109 61070 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:49:37.548145 0.000000 tcp 10.0.2.109 61070 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:49:43.547457 0.640232 tcp 10.0.2.109 61071 -> 46.50.226.74 10856 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:49:44.187900 3.004584 tcp 10.0.2.109 61072 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:49:53.190778 0.000000 tcp 10.0.2.109 61072 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:50:15.583080 0.261658 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:15.843852 0.055346 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:15.911922 0.064687 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:15.960486 0.177245 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:16.134805 0.089103 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:16.204309 0.128638 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:16.360041 0.195094 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:16.546333 0.173631 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:16.697647 0.164532 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:16.876442 0.151302 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:17.023888 0.152418 rtp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:17.177761 0.363367 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:17.542591 0.170778 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 1962 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:17.689855 0.116233 rtp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:17.773482 0.111238 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:17.864813 0.166366 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:18.025946 0.166632 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:18.189801 0.118777 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:18.267174 0.045919 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:18.372007 0.188274 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:18.553894 0.626811 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:19.162344 0.389855 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:19.532731 0.047191 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:19.572979 0.930878 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:20.464563 0.167237 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:20.633584 0.047189 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:20.679454 0.045807 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:20.723685 0.202771 rtp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:20.917495 0.194140 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:21.099124 0.119872 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:21.173502 0.167307 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:50:21.342328 0.183503 rtp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/01/21 22:54:42.249893 3.001095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 22:54:49.256992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:54:57.257737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:54:59.181815 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:54:59.181907 2.993010 tcp 10.0.2.109 61073 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:55:08.183596 0.000000 tcp 10.0.2.109 61073 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:55:13.261431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:55:14.184638 0.053618 tcp 10.0.2.109 61074 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:55:14.238546 0.051613 tcp 10.0.2.109 61075 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:55:14.290469 0.149196 tcp 10.0.2.109 61076 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:55:14.515771 2.991581 tcp 10.0.2.109 61077 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:55:23.505727 0.000000 tcp 10.0.2.109 61077 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:55:29.515118 0.051588 tcp 10.0.2.109 61078 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:55:29.567003 0.051505 tcp 10.0.2.109 61079 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:55:29.618836 0.147441 tcp 10.0.2.109 61080 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:55:29.783903 3.004977 tcp 10.0.2.109 61081 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:55:38.788102 0.000000 tcp 10.0.2.109 61081 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:55:44.776776 0.051436 tcp 10.0.2.109 61082 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:55:44.828547 0.052140 tcp 10.0.2.109 61083 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:55:44.880977 0.145244 tcp 10.0.2.109 61084 -> 195.113.214.211 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:55:45.093247 2.997718 tcp 10.0.2.109 61085 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:55:45.266976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 22:55:54.089502 0.000000 tcp 10.0.2.109 61085 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:56:00.088846 0.051645 tcp 10.0.2.109 61086 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:00.140775 0.052919 tcp 10.0.2.109 61087 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:00.194009 0.141449 tcp 10.0.2.109 61088 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:00.425941 1.011819 tcp 10.0.2.109 61089 -> 46.50.226.74 10856 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:01.115929 0.051724 tcp 10.0.2.109 61090 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:01.167951 0.054270 tcp 10.0.2.109 61091 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:01.222613 0.149279 tcp 10.0.2.109 61092 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:01.437990 2.996956 tcp 10.0.2.109 61093 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:56:10.443023 0.000000 tcp 10.0.2.109 61093 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:56:16.432589 0.070471 tcp 10.0.2.109 61094 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:16.503892 0.051754 tcp 10.0.2.109 61095 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:16.556011 0.149981 tcp 10.0.2.109 61096 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:56:16.911462 2.995374 tcp 10.0.2.109 61097 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:56:25.905744 0.000000 tcp 10.0.2.109 61097 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:56:31.904045 3.004124 tcp 10.0.2.109 61098 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:56:40.907117 0.000000 tcp 10.0.2.109 61098 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:56:46.905808 3.004318 tcp 10.0.2.109 61099 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:56:55.908633 0.000000 tcp 10.0.2.109 61099 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:57:00.635308 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 22:57:01.907173 3.004549 tcp 10.0.2.109 61100 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:57:10.909892 0.000000 tcp 10.0.2.109 61100 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:57:16.909318 3.151997 tcp 10.0.2.109 61101 -> 46.50.226.74 10856 SPA_* 0 0 10 1211 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:57:24.020769 0.000351 tcp 10.0.2.109 61101 -> 46.50.226.74 10856 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/01/21 22:57:24.021333 3.001902 tcp 10.0.2.109 61102 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 22:57:33.021674 0.000000 tcp 10.0.2.109 61102 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:01:49.273086 3.002023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 23:01:56.281612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:02:04.281956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:02:20.284674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:02:39.022721 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 23:02:39.022820 2.993210 tcp 10.0.2.109 61103 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:02:48.014973 0.000000 tcp 10.0.2.109 61103 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:02:52.291045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:02:54.025523 0.051802 tcp 10.0.2.109 61104 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:02:54.077688 0.053191 tcp 10.0.2.109 61105 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:02:54.131172 0.145063 tcp 10.0.2.109 61106 -> 195.113.214.211 443 SRPA* 0 0 35 17960 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:02:54.289001 2.999354 tcp 10.0.2.109 61107 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:03:03.286512 0.000000 tcp 10.0.2.109 61107 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:03:09.286193 0.051629 tcp 10.0.2.109 61108 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:09.338123 0.054941 tcp 10.0.2.109 61109 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:09.392897 0.149205 tcp 10.0.2.109 61110 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:09.625008 3.005334 tcp 10.0.2.109 61111 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:03:18.629026 0.000000 tcp 10.0.2.109 61111 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:03:24.617790 0.051414 tcp 10.0.2.109 61112 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:24.669535 0.051810 tcp 10.0.2.109 61113 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:24.721624 0.148010 tcp 10.0.2.109 61114 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:24.912889 2.999581 tcp 10.0.2.109 61115 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:03:33.910638 0.000000 tcp 10.0.2.109 61115 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:03:39.909992 0.051183 tcp 10.0.2.109 61116 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:39.961475 0.052929 tcp 10.0.2.109 61117 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:40.014841 0.151298 tcp 10.0.2.109 61118 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:40.210463 1.024389 tcp 10.0.2.109 61119 -> 46.50.226.74 10856 FSPA* 0 0 14 1560 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:40.871534 0.052430 tcp 10.0.2.109 61120 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:40.923862 0.052576 tcp 10.0.2.109 61121 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:40.976329 0.151019 tcp 10.0.2.109 61122 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:41.235136 3.000686 tcp 10.0.2.109 61123 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:03:50.234354 0.000000 tcp 10.0.2.109 61123 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:03:56.233315 0.057865 tcp 10.0.2.109 61124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:56.291467 0.055523 tcp 10.0.2.109 61125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:56.346792 0.157246 tcp 10.0.2.109 61126 -> 195.113.214.211 443 SRPA* 0 0 50 29664 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:03:56.593544 2.994095 tcp 10.0.2.109 61127 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:04:05.586343 0.000000 tcp 10.0.2.109 61127 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:04:11.594883 3.004835 tcp 10.0.2.109 61128 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:04:20.598298 0.000000 tcp 10.0.2.109 61128 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:04:26.597188 3.003507 tcp 10.0.2.109 61129 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:04:35.599336 0.000000 tcp 10.0.2.109 61129 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:04:41.598308 3.003861 tcp 10.0.2.109 61130 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:04:46.134889 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 23:04:50.601115 0.000000 tcp 10.0.2.109 61130 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:04:56.599864 0.610895 tcp 10.0.2.109 61131 -> 46.50.226.74 10856 FSPA* 0 0 14 1560 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:04:57.210641 2.994109 tcp 10.0.2.109 61132 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:05:06.213214 0.000000 tcp 10.0.2.109 61132 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:08:56.297704 3.001279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/21 23:09:03.304329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:09:11.306109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:09:27.309057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:09:59.315021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:10:12.214635 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 23:10:12.214739 3.003329 tcp 10.0.2.109 61133 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:10:21.216520 0.000000 tcp 10.0.2.109 61133 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/21 23:10:27.217212 0.055396 tcp 10.0.2.109 61134 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:10:27.272875 0.054005 tcp 10.0.2.109 61135 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:10:27.327167 0.181056 tcp 10.0.2.109 61136 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:10:27.542787 0.492787 tcp 10.0.2.109 61137 -> 176.73.169.112 1959 FSPA* 0 0 15 1648 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:16:03.321667 3.000741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 23:16:10.328430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:16:18.330261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:16:34.333178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:17:06.338630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:20:37.192299 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 23:20:37.192396 0.055139 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:37.247981 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 23:20:53.668207 0.054723 tcp 10.0.2.109 61138 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:20:53.723945 0.054413 tcp 10.0.2.109 61139 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:20:53.778709 0.162972 tcp 10.0.2.109 61140 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:20:53.941898 0.051590 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:53.993907 0.179217 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:54.173579 0.061652 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:54.235643 0.141884 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:54.377871 0.187679 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:54.565979 0.144602 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:54.710979 0.198041 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:54.909451 0.134969 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:55.045243 0.149435 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:55.195038 0.080842 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:55.276299 0.077866 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:55.354540 0.159788 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:55.514767 0.160265 udp 10.0.2.109 3683 <-> 74.59.112.79 7943 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:55.675456 0.336307 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:56.012114 0.169656 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:56.182219 0.078773 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:56.261413 0.055736 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:56.317549 0.185451 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:56.503353 0.035353 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:56.539144 0.083386 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:56.622934 0.372120 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:56.995463 0.770774 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:57.766675 0.175920 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:57.942979 0.044485 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:57.988617 0.049173 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:58.038278 0.193755 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:58.232478 0.162988 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:58.395872 0.171321 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:58.567626 0.188719 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:20:58.756746 0.074389 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:23:10.405221 3.001470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 23:23:17.412489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:23:25.413695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:23:41.416897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:24:13.423162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:30:17.429207 3.001833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 23:30:24.436673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:30:32.437704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:30:48.441264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:31:20.447087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:37:24.452510 3.002227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 23:37:31.460476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:37:39.462035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:37:55.465289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:38:27.471259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:40:28.094964 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 23:40:28.095061 0.636536 tcp 10.0.2.109 61141 -> 176.73.169.112 1959 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:44:31.476614 3.002364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 23:44:38.484309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:44:46.485550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:45:02.488922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:45:34.494890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:51:10.688964 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/21 23:51:10.689116 0.243893 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:10.933375 0.053764 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:10.987574 0.053217 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:11.041195 0.174199 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:11.215754 0.353204 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:11.569384 0.141994 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:11.711727 0.181687 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:11.893828 0.145333 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:12.039516 0.166064 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:12.205988 0.136443 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:12.342866 0.087481 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:12.430810 0.158601 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:12.589897 0.000000 udp 10.0.2.109 3683 -> 74.59.112.79 7943 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/21 23:51:28.736576 0.055437 tcp 10.0.2.109 61142 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:51:28.792353 0.052984 tcp 10.0.2.109 61143 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:51:28.845640 0.154355 tcp 10.0.2.109 61144 -> 195.113.214.211 443 SRPA* 0 0 41 22752 flow=From-Botnet-V1-TCP-Established 1970/01/21 23:51:29.000636 0.372040 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:29.373108 0.141902 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:29.515391 0.085533 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:29.601362 0.168825 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:29.770590 0.076829 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:29.847843 0.044621 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:29.892868 0.181074 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:30.074333 0.035504 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:30.110271 0.080013 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:30.190683 0.352207 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:30.543324 0.044794 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:30.588534 0.047446 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:30.636389 0.380394 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:31.017200 0.173049 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:31.190697 0.187497 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:31.378612 0.156954 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:31.535970 0.166266 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:31.702642 1.879638 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:33.582632 0.068468 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/21 23:51:38.502384 3.000891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 23:51:45.508284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:51:53.509515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:52:09.512940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:52:41.518867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:58:45.524589 3.001651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/21 23:58:52.532715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:59:00.533933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:59:16.626776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/21 23:59:48.633106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:05:52.639414 3.001566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 00:05:59.736192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:06:07.738119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:06:23.740993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:06:55.747352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:10:28.803794 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 00:10:28.804075 0.499063 tcp 10.0.2.109 61145 -> 176.73.169.112 1959 FSPA* 0 0 14 1666 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:12:59.753788 3.000769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 00:13:06.760716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:13:14.762134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:13:30.765068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:14:02.770928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:20:06.777423 3.001410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 00:20:13.784489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:20:21.785831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:20:37.789065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:21:09.794722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:21:48.290841 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 00:21:48.291091 0.000000 udp 10.0.2.109 3683 -> 74.59.112.79 7943 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 00:22:05.377138 0.053494 tcp 10.0.2.109 61146 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:22:05.430921 0.053670 tcp 10.0.2.109 61147 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:22:05.484890 0.158138 tcp 10.0.2.109 61148 -> 195.113.214.211 443 SRPA* 0 0 31 13612 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:22:05.642932 0.052715 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:05.696044 0.239608 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:05.935981 0.049934 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:05.986379 0.068166 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:06.054961 0.134581 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:06.189978 0.175153 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:06.365565 0.145564 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:06.511519 0.182970 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:06.694927 0.162615 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:06.857945 0.161444 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:07.019781 0.144627 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:07.164838 0.076251 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:07.241499 0.344010 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:07.585873 0.144212 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:07.730445 0.110903 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:07.841693 0.169932 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:08.012022 0.193259 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:08.205637 0.044313 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:08.250507 0.179204 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:08.430318 0.337566 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:08.768285 0.044712 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:08.813407 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 00:22:24.143143 0.230873 tcp 10.0.2.109 61149 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:22:24.373816 0.058995 tcp 10.0.2.109 61150 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:22:24.432673 0.146957 tcp 10.0.2.109 61151 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:22:24.580250 0.584434 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:25.165092 0.035586 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:25.201015 0.089700 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:25.291332 0.163664 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:25.455422 0.193909 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:25.649748 0.164285 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:25.814510 0.158471 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:25.973405 0.317142 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:22:26.291027 0.181378 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:27:13.801261 3.001582 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 00:27:20.808453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:27:28.810024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:27:44.813289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:28:16.819411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:34:20.825579 3.001180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 00:34:27.832640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:34:35.833581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:34:51.836716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:35:23.842629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:40:29.302444 0.000184 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 00:40:29.302730 1.384710 tcp 10.0.2.109 61152 -> 176.73.169.112 1959 FSPA* 0 0 14 1555 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:41:27.848871 3.002036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 00:41:34.856214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:41:42.858237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:41:58.860527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:42:31.117302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:48:35.123101 3.002140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 00:48:42.130550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:48:50.132019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:49:06.135166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:49:38.141225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:52:50.097499 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 00:52:50.097594 0.042022 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:52:50.140020 0.144255 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:52:50.284617 0.069014 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:52:50.354491 0.052780 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:52:50.407647 0.240242 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:52:50.648338 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 00:53:09.106723 0.053197 tcp 10.0.2.109 61153 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:53:09.160194 0.057115 tcp 10.0.2.109 61154 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:53:09.217589 0.148638 tcp 10.0.2.109 61155 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:53:09.366467 0.150131 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:09.516963 0.182236 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:09.699635 0.134958 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:09.834952 0.159351 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:09.994679 0.160932 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:10.156057 0.378210 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:10.534669 0.143077 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:10.678158 0.091218 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:10.769694 0.162010 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:10.932123 0.084147 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:11.016676 0.136216 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:11.153300 0.386708 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:11.540419 0.045092 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:11.585915 0.077590 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:11.663865 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 00:53:29.413987 0.052540 tcp 10.0.2.109 61156 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:53:29.466822 0.053483 tcp 10.0.2.109 61157 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:53:29.520595 0.144998 tcp 10.0.2.109 61158 -> 195.113.214.211 443 SRPA* 0 0 38 31548 flow=From-Botnet-V1-TCP-Established 1970/01/22 00:53:29.666149 0.178575 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:29.845149 2.288533 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:32.134061 0.035477 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:32.169958 0.079720 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:32.250235 0.169420 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:32.420067 0.194799 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:32.615419 0.166817 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:32.782629 0.165698 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:32.948748 0.928821 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:53:33.877990 0.067209 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/22 00:55:42.147990 3.000806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 00:55:49.154360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:55:57.156319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:56:13.159186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 00:56:45.164967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:02:49.171860 3.000841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 01:02:56.178619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:03:04.180295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:03:20.183257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:03:52.549689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:09:56.556315 3.001190 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 01:10:03.562821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:10:11.584281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:10:27.587652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:10:30.993009 0.000163 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 01:10:30.993268 0.565281 tcp 10.0.2.109 61159 -> 176.73.169.112 1959 FSPA* 0 0 14 1588 flow=From-Botnet-V1-TCP-Established 1970/01/22 01:10:59.593810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:17:03.600436 3.000778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 01:17:10.607152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:17:18.608789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:17:34.611761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:18:06.617762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:23:37.964347 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 01:23:37.964597 0.172108 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:38.137121 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 01:23:54.800633 0.053148 tcp 10.0.2.109 61160 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 01:23:54.854073 0.056001 tcp 10.0.2.109 61161 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 01:23:54.910380 0.153646 tcp 10.0.2.109 61162 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/22 01:23:55.062882 0.053468 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:55.116743 0.241132 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:55.358267 0.056863 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:55.415510 0.047740 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:55.463684 0.051284 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:55.516061 0.143933 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:55.660336 0.179277 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:55.840020 0.142090 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:55.982552 0.190810 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:56.173743 0.159935 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:56.334234 0.086123 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:56.420759 0.163054 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:56.584228 0.087618 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:56.672260 0.143830 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:56.816505 0.344691 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:57.161622 0.089457 udp 10.0.2.109 3683 <-> 86.167.67.213 5187 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:57.251492 0.135227 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:57.387111 0.323056 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:57.710536 0.045393 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:57.756332 0.178332 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:57.935084 0.381405 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:58.316854 0.035972 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:58.353290 0.087031 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:58.440720 0.170948 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:58.612104 0.187770 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:58.800304 0.155982 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:58.956694 0.060430 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:59.017511 0.532870 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:23:59.550767 0.374546 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:24:10.623073 3.002298 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 01:24:17.631085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:24:25.632396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:24:41.635924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:25:13.641787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:31:17.647296 3.001724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 01:31:24.655133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:31:33.447723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:31:49.450772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:32:21.456987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:38:25.463587 3.000533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 01:38:32.469853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:38:40.472094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:38:56.474809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:39:28.481012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:40:31.952574 0.000190 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 01:40:31.952871 0.654039 tcp 10.0.2.109 61163 -> 176.73.169.112 1959 FSPA* 0 0 14 1592 flow=From-Botnet-V1-TCP-Established 1970/01/22 01:45:32.487251 3.081336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 01:45:39.574501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:45:47.576049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:46:03.579031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:46:35.585035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:52:39.590706 3.001949 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 01:52:46.598460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:52:54.599742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:53:10.602662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:53:42.608560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 01:54:03.478917 0.000165 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 01:54:03.479179 0.172785 udp 10.0.2.109 3683 <-> 108.251.186.225 1468 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:03.652388 0.052004 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:03.704872 0.244918 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:03.950261 0.068522 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:04.019262 0.050078 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:04.069700 0.053822 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:04.123892 0.145899 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:04.270220 0.203661 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:04.474329 0.151516 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:04.626433 0.093749 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:04.720597 0.161676 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:04.882700 0.086614 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:04.969712 0.145015 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:05.115108 0.141765 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:05.257331 0.183178 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:05.440872 0.337917 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:05.858961 0.000000 udp 10.0.2.109 3683 -> 86.167.67.213 5187 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 01:54:22.167541 0.054742 tcp 10.0.2.109 61164 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 01:54:22.222155 0.056294 tcp 10.0.2.109 61165 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 01:54:22.278412 0.144883 tcp 10.0.2.109 61166 -> 195.113.214.211 443 SRPA* 0 0 32 17200 flow=From-Botnet-V1-TCP-Established 1970/01/22 01:54:22.423918 0.143745 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:22.568040 0.329841 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:22.898309 0.045192 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:22.943875 0.180858 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:23.125144 0.383366 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:23.508920 0.035687 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:23.544940 0.093295 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:23.638619 0.164904 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:23.803925 0.187507 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:23.991833 0.188506 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:24.180744 0.157506 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:24.338666 0.126060 rtcp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:54:24.465159 0.067638 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/22 01:59:46.615454 3.000652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 01:59:53.622239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:00:01.623671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:00:17.626341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:00:49.632514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:06:53.639211 3.001257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 02:07:00.646042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:07:08.647738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:07:24.650927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:07:56.656327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:10:32.641472 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 02:10:32.641575 0.518290 tcp 10.0.2.109 61167 -> 176.73.169.112 1959 FSPA* 0 0 14 1564 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:14:00.663120 3.001002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 02:14:07.669955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:14:15.671819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:14:31.674571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:15:03.680688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:21:07.687537 3.000687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 02:21:14.693858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:21:22.695279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:21:38.698409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:22:10.704576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:24:33.670426 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 02:24:33.670527 0.000000 udp 10.0.2.109 3683 -> 86.167.67.213 5187 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 02:24:49.815743 0.101565 tcp 10.0.2.109 61168 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:24:49.917668 0.053838 tcp 10.0.2.109 61169 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:24:49.971358 0.156732 tcp 10.0.2.109 61170 -> 195.113.214.211 443 SRPA* 0 0 40 32780 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:24:50.128764 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 02:25:07.699575 0.529278 tcp 10.0.2.109 61171 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:25:08.228707 0.054385 tcp 10.0.2.109 61172 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:25:08.283376 0.151710 tcp 10.0.2.109 61173 -> 195.113.214.211 443 SRPA* 0 0 48 29900 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:25:08.435699 0.051222 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:08.487329 0.066497 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:08.554266 0.049856 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:08.604471 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 02:25:25.796027 0.052845 tcp 10.0.2.109 61174 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:25:25.849122 0.059781 tcp 10.0.2.109 61175 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:25:25.909199 0.151417 tcp 10.0.2.109 61176 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:25:26.060954 0.149197 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:26.210530 0.167264 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:26.378247 0.301820 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:26.680489 0.093154 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:26.773985 0.169904 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:26.944284 0.161342 rtcp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:27.106022 0.134985 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:27.241425 0.181301 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:27.475910 0.367072 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:27.843374 0.142818 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:27.986608 0.093400 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:28.080379 0.152071 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:28.232821 0.384308 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:28.617481 0.045096 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:28.662991 0.180968 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:28.844376 0.387901 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:29.232616 0.034905 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:29.267952 0.097835 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:29.366310 0.166279 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:29.532958 0.163082 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:29.696643 0.054287 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:29.751332 0.059077 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:29.810808 0.193320 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:25:30.004538 0.185086 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:28:14.941296 3.001243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 02:28:21.968209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:28:29.969699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:28:45.973102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:29:17.979074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:35:21.985301 3.000933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 02:35:28.992116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:35:36.993913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:35:52.996955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:36:25.003197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:40:33.390699 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 02:40:33.390893 0.625373 tcp 10.0.2.109 61177 -> 176.73.169.112 1959 FSPA* 0 0 14 1621 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:42:29.008934 3.002028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 02:42:36.016304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:42:44.017867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:43:00.020784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:43:32.027176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:49:36.033697 3.001100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 02:49:43.040061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:49:51.041842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:50:07.045096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:50:39.051029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:55:32.623763 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 02:55:32.623940 0.000000 udp 10.0.2.109 3683 -> 108.251.186.225 1468 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 02:55:51.111483 0.054378 tcp 10.0.2.109 61178 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:55:51.166224 0.055609 tcp 10.0.2.109 61179 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:55:51.222363 0.155198 tcp 10.0.2.109 61180 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/01/22 02:55:51.376114 0.053725 rtcp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:51.430291 0.066558 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:51.497249 0.052776 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:51.550421 0.117539 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:51.668364 0.147717 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:51.816498 0.087720 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:51.904719 0.169560 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:52.074644 0.161693 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:52.236725 0.158747 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:52.395900 0.239258 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:52.635547 0.128091 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:52.764017 0.183839 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:52.948301 0.353930 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:53.302650 0.144325 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:53.447353 0.080467 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:53.528249 0.044939 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:53.573625 0.179032 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:53.753073 0.145848 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:53.899412 0.326377 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:54.226265 0.384874 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:54.611538 0.035727 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:54.647701 0.078796 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:54.726857 0.173598 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:54.900917 0.163966 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:55.065366 0.079501 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:55.145323 0.269313 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:55.415014 0.195115 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:55:55.610558 0.190937 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/22 02:56:43.057587 3.000556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 02:56:50.063923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:56:58.065961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:57:14.068804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 02:57:46.074572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:03:50.080353 3.001886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 03:03:57.087880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:04:05.089859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:04:21.092420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:04:53.098934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:10:34.019573 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 03:10:34.019685 0.511408 tcp 10.0.2.109 61181 -> 176.73.169.112 1959 FSPA* 0 0 15 1654 flow=From-Botnet-V1-TCP-Established 1970/01/22 03:10:57.105076 3.001399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 03:11:04.111836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:11:12.113940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:11:28.117069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:12:00.122659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:18:04.129828 3.000529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 03:18:11.136366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:18:19.137823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:18:35.140752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:19:07.146877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:25:11.153595 3.000721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 03:25:18.159980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:25:26.161350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:25:42.164749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:26:00.661482 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 03:26:00.661583 0.304064 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:00.966014 0.291480 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:01.257849 0.527584 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:01.785955 0.333859 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:02.120216 0.311668 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:02.432313 0.303105 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:02.735773 0.386737 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:03.122954 0.397996 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:03.521362 0.397996 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:03.919830 0.467852 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:04.388103 0.373812 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:04.762379 0.432422 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:05.195178 0.567208 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:05.762789 0.380811 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:06.143989 0.327245 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:06.471606 0.307556 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:06.779524 0.401208 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:07.181154 0.371899 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:07.553506 0.277241 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:07.831106 0.326316 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:08.157868 0.413543 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:08.571829 0.624877 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:09.197118 0.665304 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:09.862805 0.412814 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:10.276033 0.276396 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:10.552817 0.298345 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:10.851560 0.429847 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:11.281822 0.421932 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:26:15.462527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:32:19.468970 3.001225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 03:32:26.475927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:32:34.477400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:32:50.480945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:33:22.486639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:39:26.493186 3.001010 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 03:39:33.499904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:39:41.501278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:39:57.504125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:40:29.510369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:40:35.199521 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 03:40:35.199765 1.395227 tcp 10.0.2.109 61182 -> 176.73.169.112 1959 FSPA* 0 0 15 1782 flow=From-Botnet-V1-TCP-Established 1970/01/22 03:46:33.516837 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 03:46:40.524131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:46:48.525600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:47:04.528022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:47:36.534303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:53:40.540223 3.002294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 03:53:47.547720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:53:55.549630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:54:11.552125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:55:33.373695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 03:57:33.658820 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 03:57:33.659005 0.271320 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:33.930771 0.284735 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:34.215961 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 03:57:51.097730 0.537834 tcp 10.0.2.109 61183 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 03:57:51.635891 0.553913 tcp 10.0.2.109 61184 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 03:57:52.190128 1.285010 tcp 10.0.2.109 61185 -> 195.113.214.211 443 SRPA* 0 0 36 24856 flow=From-Botnet-V1-TCP-Established 1970/01/22 03:57:53.475670 0.392500 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:53.868583 0.335266 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:54.204225 0.304189 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:54.508864 0.405069 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:54.914371 0.399371 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:55.314382 0.400443 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:55.715295 0.581246 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:56.296939 0.382851 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:56.680151 0.407077 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:57.087641 0.582111 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:57.670250 0.358448 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:58.029062 0.331331 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:58.360818 0.378154 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:58.739405 0.276647 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:59.016506 0.420250 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:59.437209 0.409541 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:57:59.847210 0.276373 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:58:00.124070 0.312427 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:58:00.436972 0.600888 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:58:01.038485 0.291118 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:58:01.329984 0.660430 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:58:01.990802 0.404001 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:58:02.395199 0.818490 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:58:03.214075 0.293603 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/22 03:58:03.508068 0.443331 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:01:37.386850 2.953837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 04:01:44.276909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:01:52.143166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:02:07.894307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:02:39.412330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:08:37.749904 2.955768 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 04:08:44.647385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:08:52.529758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:09:08.292166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:09:39.793151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:11:17.310783 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 04:11:17.310871 1.276901 tcp 10.0.2.109 61186 -> 176.73.169.112 1959 FSPA* 0 0 14 1571 flow=From-Botnet-V1-TCP-Established 1970/01/22 04:15:38.358607 2.952487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 04:15:45.262825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:15:53.145680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:16:08.905706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:16:40.428532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:22:38.914887 2.965664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 04:22:45.821690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:22:53.704782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:23:09.472938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:23:40.995696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:27:54.704293 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 04:27:54.704393 0.281442 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:54.986284 0.270434 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:55.257167 0.289086 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:55.546615 0.385614 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:55.932601 0.337290 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:56.270301 0.304955 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:56.575615 0.381234 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:56.957261 0.374657 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:57.332280 0.412850 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:57.745491 0.418912 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:58.164847 0.469240 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:58.634551 0.364411 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:58.999346 0.590651 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:59.590408 0.378177 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:27:59.968976 0.328845 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:00.298315 0.393050 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:00.691732 0.293053 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:00.985211 0.390511 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:01.376349 0.404075 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:01.780795 0.564959 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:02.346392 0.272601 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:02.619488 0.322700 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:02.942560 0.292389 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:03.235391 0.674635 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:03.910574 0.391034 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:04.302044 0.417468 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:04.719976 0.422726 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:28:05.143085 0.317586 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:29:39.502433 2.950712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 04:29:46.402932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:29:54.278811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:30:10.036303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:30:41.575971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:36:40.022499 2.954190 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 04:36:46.915815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:36:54.786942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:37:10.545305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:37:42.033278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:40:51.248673 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 04:40:51.248789 1.150305 tcp 10.0.2.109 61187 -> 176.73.169.112 1959 FSPA* 0 0 15 1592 flow=From-Botnet-V1-TCP-Established 1970/01/22 04:43:40.379133 2.956219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 04:43:47.283334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:43:55.158307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:44:10.905933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:44:42.416958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:50:38.844893 3.002187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 04:50:45.852565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:50:53.853733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:51:09.857298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:51:41.863248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:57:45.365858 0.059141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 04:57:45.425182 0.276398 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:45.701966 0.385483 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:46.087842 0.298130 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:46.386536 0.285319 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:46.672291 0.408951 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:47.081708 0.345736 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:47.427844 0.303977 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:47.732179 0.399251 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:48.131838 0.376933 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:48.509201 0.416835 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:48.926472 0.483782 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:49.410639 0.380974 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:49.855042 0.624922 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:50.480395 0.382445 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:50.863262 0.316576 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:51.180237 0.356256 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:51.536892 0.275344 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:51.812598 0.417276 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:52.230451 0.408271 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:52.639154 0.299773 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:52.939388 0.614468 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:53.554294 0.898918 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:54.453667 0.312490 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:57:54.766560 0.662066 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:58:00.400748 3.010716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 04:58:00.410592 0.368993 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:58:00.780007 0.433563 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:58:01.214215 0.434967 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:58:01.649598 0.304558 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/22 04:58:07.417811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:58:15.419127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:58:31.421783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 04:59:04.690026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:05:22.696580 3.001145 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 05:05:29.703437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:05:37.705086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:05:53.708151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:06:25.713878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:10:43.996025 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 05:10:43.996167 1.201627 tcp 10.0.2.109 61188 -> 176.73.169.112 1959 FSPA* 0 0 12 1493 flow=From-Botnet-V1-TCP-Established 1970/01/22 05:12:29.719870 3.001925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 05:12:36.727647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:12:44.729066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:13:00.731639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:13:32.738051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:19:36.744044 3.001484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 05:19:43.751474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:19:51.753127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:20:07.756091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:20:39.761684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:26:43.769076 3.000390 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 05:26:50.775605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:26:58.776613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:27:14.779889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:27:46.785680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:28:23.228333 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 05:28:23.228426 0.291390 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:23.520178 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 05:28:42.238042 0.516574 tcp 10.0.2.109 61189 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 05:28:42.754904 0.542765 tcp 10.0.2.109 61190 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 05:28:43.297895 1.345458 tcp 10.0.2.109 61191 -> 195.113.214.211 443 SRPA* 0 0 33 24737 flow=From-Botnet-V1-TCP-Established 1970/01/22 05:28:44.643851 0.382858 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:45.027114 0.326392 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:45.353869 0.294751 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:45.649009 0.410588 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:46.059955 0.304493 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:46.364836 0.409090 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:46.774366 0.405389 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:47.180082 0.378655 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:47.559221 0.414235 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:47.974203 0.494409 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:48.468989 0.595566 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:49.064964 0.382687 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:49.447989 0.326957 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:49.775363 0.390050 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:50.165825 0.291030 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:50.457223 0.304271 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:50.761896 0.421428 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:51.183721 0.418861 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:51.602948 0.598689 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:52.202042 0.242916 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:52.445351 0.399129 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:52.844885 0.674068 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:53.519313 0.406385 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:53.926106 0.414133 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:54.340587 0.424993 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:28:54.765936 0.307486 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:33:50.791664 3.001448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 05:33:57.799128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:34:05.800693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:34:21.803689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:34:53.809984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:40:45.205687 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 05:40:45.205897 1.189846 tcp 10.0.2.109 61192 -> 176.73.169.112 1959 FSPA* 0 0 15 1765 flow=From-Botnet-V1-TCP-Established 1970/01/22 05:40:57.816068 3.141956 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 05:41:04.963753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:41:12.965186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:41:28.967619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:42:00.973700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:48:04.980754 3.000806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 05:48:11.987541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:48:19.988970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:48:35.991502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:49:07.998305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:55:12.004015 3.001393 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 05:55:19.011009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:55:27.012611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:55:43.016294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:56:15.021723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 05:59:03.804507 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 05:59:03.804653 0.512709 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:04.317780 0.576763 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:04.894869 0.578635 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:05.473936 0.666692 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:06.140993 0.670286 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:06.811690 0.758917 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:07.571022 0.603027 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:08.174477 0.652895 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:08.827787 0.773827 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:09.602078 0.699374 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:10.301887 0.747300 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:11.049544 0.840808 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:11.890755 0.894726 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:12.785875 0.584637 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:13.370858 0.707717 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:14.078914 0.565432 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:14.644697 0.637876 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:15.282985 0.611848 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:15.895238 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 05:59:33.528944 1.193660 tcp 10.0.2.109 61193 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 05:59:34.722861 1.472805 tcp 10.0.2.109 61194 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 05:59:36.195934 2.356725 tcp 10.0.2.109 61195 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 05:59:38.553239 0.657290 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:39.210937 0.921997 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:40.133337 0.608484 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:40.742272 0.708734 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:41.451385 2.154508 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:43.606275 0.664368 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:44.271030 0.716665 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:45.572431 0.733186 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/22 05:59:46.305978 0.525589 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:02:19.028488 3.001530 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 06:02:26.035383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:02:34.036857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:02:50.040039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:03:22.045679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:09:26.051534 3.041660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 06:09:33.099255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:09:41.100640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:09:57.103818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:10:29.109498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:10:46.465104 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 06:10:46.465290 1.677835 tcp 10.0.2.109 61196 -> 176.73.169.112 1959 FSPA* 0 0 14 1560 flow=From-Botnet-V1-TCP-Established 1970/01/22 06:16:33.115657 3.001548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 06:16:40.123663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:16:48.124846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:17:04.127535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:17:36.133631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:23:40.140251 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 06:23:47.147129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:23:55.148934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:24:11.151507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:24:43.157680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:30:15.125460 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 06:30:15.125566 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 06:30:33.884315 0.748828 tcp 10.0.2.109 61197 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 06:30:34.633397 0.601047 tcp 10.0.2.109 61198 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 06:30:35.234726 1.344112 tcp 10.0.2.109 61199 -> 195.113.214.211 443 SRPA* 0 0 23 13260 flow=From-Botnet-V1-TCP-Established 1970/01/22 06:30:36.579370 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 06:30:47.193305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:30:54.891174 1.974349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/22 06:30:58.565918 0.727180 tcp 10.0.2.109 61200 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 06:30:59.293392 0.640840 tcp 10.0.2.109 61201 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 06:30:59.934521 1.312475 tcp 10.0.2.109 61202 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 06:31:00.816709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:31:01.247604 0.407493 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:01.655498 0.319605 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:01.975488 0.408384 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:02.384190 0.458836 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:02.843421 0.399343 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:03.243130 0.445143 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:03.688723 0.373893 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:04.062992 0.397840 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:04.461268 0.422313 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:04.883960 0.508353 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:05.392684 0.534999 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:05.928081 0.608141 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:06.536662 0.451170 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:06.988203 0.411709 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:07.400351 0.330026 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:07.730759 0.491357 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:08.222496 0.369300 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:08.592188 0.451352 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:08.704815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:31:09.043938 0.378638 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:09.423000 0.632123 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:10.055540 0.393478 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:10.449370 1.515451 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:11.965214 1.147639 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:13.113231 0.365729 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:13.479392 0.560801 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:14.040566 0.340004 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/22 06:31:24.485331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:31:56.056379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:37:56.301156 3.000961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 06:38:03.308317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:38:11.309506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:38:27.312798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:38:59.318870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:40:52.352192 0.000000 arp 10.0.2.109 who 10.0.2.2 INT 1 42 flow=Background-ARP 1970/01/22 06:41:07.807016 0.000000 arp 10.0.2.109 who 10.0.2.2 RSP 1 42 flow=Background-ARP 1970/01/22 06:41:07.807277 1.472028 tcp 10.0.2.109 61203 -> 176.73.169.112 1959 FSPA* 0 0 15 1771 flow=From-Botnet-V1-TCP-Established 1970/01/22 06:45:22.293108 2.966951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 06:45:29.208505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:45:37.094730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:45:52.878771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:46:24.431151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:52:23.363019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:52:32.900403 4.405113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/22 06:52:41.256358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:52:49.148708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:53:04.929971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:53:36.487336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:59:35.415315 2.951142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 06:59:42.321814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 06:59:50.207001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:00:05.988556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:00:39.160356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:01:48.352297 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 07:01:48.352472 0.686173 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:01:49.039102 0.694281 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:01:49.733799 0.776348 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:01:50.510545 0.570892 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:01:51.081812 0.639378 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:01:51.721610 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 07:02:09.282733 1.432999 tcp 10.0.2.109 61204 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 07:02:10.716008 1.149815 tcp 10.0.2.109 61205 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 07:02:11.866245 2.390770 tcp 10.0.2.109 61206 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 07:02:14.257553 0.935169 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:15.193114 0.792178 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:15.985672 0.709197 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:16.695248 0.868535 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:17.564234 0.839875 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:18.404487 0.966979 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:19.371895 1.032736 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:20.405085 0.735462 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:21.140896 0.765713 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:21.907084 0.612976 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:22.520430 0.946370 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:23.467147 0.787738 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:24.255352 0.712800 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:24.968577 0.739382 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:25.708351 0.885787 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:26.594516 0.689079 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:27.283964 1.239196 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:28.523507 0.886350 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:29.410293 0.861062 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:30.271696 0.904215 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:02:31.176348 0.815099 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:06:38.145726 2.965299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 07:06:45.053789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:06:53.002485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:07:08.787313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:07:40.343453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:10:55.944523 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 07:10:55.944613 2.786469 tcp 10.0.2.109 61207 -> 176.73.169.112 1959 FSPA* 0 0 15 1625 flow=From-Botnet-V1-TCP-Established 1970/01/22 07:13:40.664265 3.001362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 07:13:47.671673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:13:55.673185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:14:12.617078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:14:44.623424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:20:48.629828 3.000950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 07:20:55.636474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:21:03.638173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:21:19.641243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:21:51.647237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:27:58.657113 3.001944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 07:28:05.664839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:28:13.666651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:28:32.313705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:29:04.319269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:32:45.197332 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 07:32:45.197498 0.169242 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:45.367145 0.049687 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:45.417179 0.146687 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:45.564226 0.054984 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:45.619513 0.052471 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:45.672358 0.085628 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:45.758371 0.153390 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:45.912145 0.061314 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:45.973734 0.191836 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:46.165970 0.258614 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:46.424984 0.142573 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:46.567950 0.240313 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:46.808620 0.378359 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:47.187371 0.145521 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:47.333257 0.080273 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:47.413912 1.203250 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:52.163124 0.137041 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:52.300492 0.044735 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:52.345597 0.200123 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:52.546108 0.039627 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:52.586036 0.332663 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:52.919080 0.070640 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:52.990111 0.429971 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:53.420444 0.236414 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:53.657233 0.164191 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:53.821814 0.186663 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:32:54.008884 0.062683 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/22 07:35:18.328950 3.002354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 07:35:25.337206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:35:33.338670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:35:49.341575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:36:21.608133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:41:33.868550 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 07:41:33.868719 4.009245 tcp 10.0.2.109 61208 -> 176.73.169.112 1959 FSPA* 0 0 14 1641 flow=From-Botnet-V1-TCP-Established 1970/01/22 07:42:57.607424 0.979727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/22 07:43:05.027201 3.942694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/22 07:43:16.848076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:43:38.468814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:44:10.021215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:50:08.614340 2.956601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 07:50:15.516649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:50:23.399846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:50:39.160465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:51:10.680531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:57:09.164284 2.954144 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 07:57:16.070280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:57:23.951445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:57:39.718531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 07:58:11.248690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:03:39.506515 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 08:03:39.506618 0.164029 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:39.670991 0.041370 udp 10.0.2.109 3683 <-> 93.212.249.173 5834 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:39.712710 0.150205 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:39.863277 0.055484 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:39.919111 0.052430 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:39.971910 0.090049 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:40.062472 0.160313 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:40.223162 0.072789 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:40.296325 0.181014 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:40.477739 0.170893 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:40.649043 0.179810 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:40.829241 0.253214 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:41.082892 0.378320 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:41.461591 0.143967 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:41.605916 0.167082 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:41.773389 0.044909 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:41.818673 0.165043 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:41.984149 0.034658 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:42.019232 0.083817 udp 10.0.2.109 3683 <-> 86.183.154.163 5599 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:42.103485 0.143786 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:42.247650 0.323842 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:42.571905 0.057185 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:42.629416 1.310993 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:43.940772 0.197688 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:44.138839 0.155622 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:44.294843 0.186573 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:03:44.481824 0.068714 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:04:09.735948 2.960569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 08:04:16.633773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:04:24.514876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:04:40.277122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:05:11.812268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:11:10.411213 2.953105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 08:11:17.312856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:11:21.202170 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 08:11:21.202279 0.616219 tcp 10.0.2.109 61209 -> 176.73.169.112 1959 FSPA* 0 0 14 1684 flow=From-Botnet-V1-TCP-Established 1970/01/22 08:11:25.192888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:11:40.947998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:12:12.482636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:18:11.082365 2.958030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 08:18:17.985419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:18:25.871046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:18:41.640426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:19:13.155095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:25:09.900488 3.002123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 08:25:16.908162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:25:24.910073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:25:40.913053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:26:12.919196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:32:26.929503 3.011103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 08:32:33.946915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:32:41.947997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:32:57.951136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:33:29.957280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:33:38.219726 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 08:33:38.219876 0.169439 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:38.389694 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 08:33:53.472502 0.050828 tcp 10.0.2.109 61210 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 08:33:53.523596 0.058577 tcp 10.0.2.109 61211 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 08:33:53.582383 0.132885 tcp 10.0.2.109 61212 -> 195.113.214.211 443 SRPA* 0 0 35 26305 flow=From-Botnet-V1-TCP-Established 1970/01/22 08:33:53.715753 0.148840 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:53.865001 0.073914 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:53.939234 0.053861 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:53.993430 0.090078 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:54.083880 0.159182 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:54.243429 0.064338 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:54.308093 0.131323 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:54.439773 0.252070 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:54.692174 0.181793 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:54.874332 0.160911 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:55.035619 0.353671 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:55.389680 0.144478 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:55.534485 0.086012 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:55.620869 0.045114 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:55.666296 0.172260 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:55.838919 0.034904 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:33:55.874126 0.000000 udp 10.0.2.109 3683 -> 86.183.154.163 5599 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 08:34:12.599176 0.050138 tcp 10.0.2.109 61213 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 08:34:12.649537 0.051821 tcp 10.0.2.109 61214 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 08:34:12.701645 0.144367 tcp 10.0.2.109 61215 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/22 08:34:12.846685 0.143186 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:34:12.990383 0.314831 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:34:13.305589 0.172470 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:34:13.478409 0.156300 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:34:13.635089 0.444370 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:34:14.079862 0.247574 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:34:14.327773 0.192443 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:34:14.520553 0.066684 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/22 08:39:33.962835 3.002030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 08:39:40.970478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:39:48.971845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:40:04.974910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:40:36.981463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:41:07.445388 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 08:41:07.445577 0.447282 tcp 10.0.2.109 61216 -> 176.73.169.112 1959 FSPA* 0 0 15 1612 flow=From-Botnet-V1-TCP-Established 1970/01/22 08:46:48.988230 3.002644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 08:46:55.995938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:47:03.997561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:47:20.001138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:47:52.006869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:53:56.012479 3.002232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 08:54:03.019949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:54:11.021616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:54:27.024838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 08:54:59.030253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:01:03.036108 3.001924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 09:01:10.044015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:01:18.045854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:01:34.048775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:02:06.054386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:04:27.027806 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 09:04:27.027990 0.000000 udp 10.0.2.109 3683 -> 93.212.249.173 5834 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 09:04:42.741780 0.053961 tcp 10.0.2.109 61217 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 09:04:42.796055 0.053967 tcp 10.0.2.109 61218 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 09:04:42.850304 0.142106 tcp 10.0.2.109 61219 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 09:04:42.992928 0.000000 udp 10.0.2.109 3683 -> 86.183.154.163 5599 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 09:05:00.736641 0.052696 tcp 10.0.2.109 61220 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 09:05:00.789699 0.052308 tcp 10.0.2.109 61221 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 09:05:00.842271 0.150235 tcp 10.0.2.109 61222 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/22 09:05:00.992723 0.171139 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:01.164239 0.189138 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:01.375155 0.053396 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:01.428896 0.052559 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:01.481877 0.065289 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:01.547514 0.134930 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:01.682835 0.161787 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:01.844976 0.087144 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:01.932522 0.187553 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:02.120507 0.193745 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:02.314661 0.262429 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:02.577458 0.177182 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:02.754999 0.044534 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:02.799867 0.164353 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:02.964572 0.035174 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:03.000069 0.142166 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:03.142545 0.337845 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:03.480783 0.069597 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:03.550740 0.156555 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:03.707667 0.211203 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:03.919227 0.363975 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:04.283566 0.186975 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:04.470905 0.073103 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:04.544362 0.523971 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:05:05.068731 0.313779 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:08:10.060555 3.002001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 09:08:17.068141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:08:25.069150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:08:41.072380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:09:13.078657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:11:07.894186 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 09:11:07.894387 0.556814 tcp 10.0.2.109 61223 -> 176.73.169.112 1959 FSPA* 0 0 15 1698 flow=From-Botnet-V1-TCP-Established 1970/01/22 09:15:17.084241 3.101932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 09:15:24.191768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:15:32.193233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:15:48.196246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:16:20.202821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:22:24.208264 3.002556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 09:22:31.216371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:22:39.217406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:22:55.220718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:23:27.226251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:29:31.233389 3.000635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 09:29:38.239913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:29:46.241758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:30:02.244205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:30:34.250433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:35:21.593661 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 09:35:21.593842 0.049110 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:21.643321 0.052574 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:21.696226 0.064547 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:21.761132 0.135785 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:21.897337 0.153108 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:22.050844 0.094828 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:22.146035 0.168903 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:22.315264 0.147025 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:22.462640 0.188346 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:22.651373 0.157876 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:22.809623 0.259148 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:23.069167 0.079643 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:23.149160 0.044968 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:23.194506 0.173684 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:23.368564 0.034807 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:23.403734 0.066390 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:23.470507 0.164771 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:23.635661 0.140683 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:23.776673 0.143746 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:23.920751 0.352921 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:24.274020 0.363242 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:24.637656 0.193216 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:24.831271 0.071452 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:24.903074 1.591233 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:35:26.494636 0.343049 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/22 09:36:38.255960 3.002001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 09:36:45.263647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:36:53.265694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:37:09.268151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:37:41.274850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:41:08.493194 0.000124 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 09:41:08.493992 0.526407 tcp 10.0.2.109 61224 -> 176.73.169.112 1959 FSPA* 0 0 14 1638 flow=From-Botnet-V1-TCP-Established 1970/01/22 09:43:45.279920 3.001914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 09:43:52.287940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:44:00.289194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:44:16.292659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:44:48.298330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:50:52.304140 3.002076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 09:50:59.311855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:51:07.313374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:51:23.316175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:51:55.322484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:57:59.329071 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 09:58:06.335921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:58:14.337339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:58:30.340489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 09:59:02.346356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:05:06.352041 3.001854 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 10:05:13.359878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:05:21.361734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:05:29.172945 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 10:05:29.173096 0.063206 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:29.236711 0.135592 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:29.372725 0.159316 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:29.532379 0.053571 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:29.586417 0.051855 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:29.638613 0.094883 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:29.733905 0.169396 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:29.903716 0.147535 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:30.051627 0.188073 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:30.240036 0.172240 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:30.412684 0.269768 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:30.682815 0.075912 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:30.759133 0.044624 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:30.804128 0.163681 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:30.968191 0.035331 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:31.003880 0.073460 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:31.077722 0.171491 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:31.249633 0.143520 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:31.393535 0.139948 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:31.533866 0.201119 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:31.735343 0.070467 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:31.806352 0.365575 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:32.172323 0.352500 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:32.525187 0.412685 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:32.938310 0.187564 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:05:37.364418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:06:09.380401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:11:09.021937 0.052382 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 10:11:09.074493 0.612906 tcp 10.0.2.109 61225 -> 176.73.169.112 1959 FSPA* 0 0 15 1764 flow=From-Botnet-V1-TCP-Established 1970/01/22 10:12:13.406689 3.001048 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 10:12:20.413916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:12:28.415048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:12:44.418477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:13:16.424205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:19:20.429879 3.002240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 10:19:27.437740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:19:35.439691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:19:51.442085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:20:23.448473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:26:27.454489 3.001248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 10:26:34.462331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:26:42.463157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:26:58.466557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:27:30.472083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:33:34.477876 3.002015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 10:33:41.485728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:33:49.487029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:34:05.490297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:34:37.496104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:35:50.431813 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 10:35:50.431892 0.162567 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:50.594820 0.055048 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:50.650238 0.053434 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:50.703987 0.078838 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:50.783175 0.162496 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:50.946051 0.149478 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:51.095896 0.063140 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:51.159408 0.134088 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:51.293893 0.175823 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:51.470109 0.158648 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:51.629127 0.259703 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:51.889219 0.076821 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:51.966512 0.044670 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:52.011535 0.164827 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:52.176666 0.039743 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:52.216683 0.061584 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:52.278641 0.165353 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:52.444377 0.147657 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:52.592387 0.141828 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:52.734647 0.186295 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:52.921323 0.071442 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:52.993074 1.453955 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:54.447405 0.366145 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:54.813982 0.397647 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:35:55.212052 0.695495 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/22 10:40:41.501991 3.001858 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 10:40:48.509996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:40:56.511515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:41:09.690884 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 10:41:09.691063 0.471506 tcp 10.0.2.109 61226 -> 176.73.169.112 1959 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/01/22 10:41:12.513928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:41:44.520215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:47:48.526019 3.002076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 10:47:55.533849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:48:03.535249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:48:19.538024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:48:51.544623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:54:55.549485 3.002525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 10:55:02.557944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:55:10.559303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:55:26.561858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 10:55:58.568423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:02:02.573906 3.002309 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 11:02:09.582492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:02:17.583274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:02:33.586464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:03:05.592490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:06:00.894792 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 11:06:00.894976 0.052476 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:00.947820 0.087804 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:01.036057 0.173052 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:01.209521 0.147743 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:01.357664 0.159468 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:01.517476 0.055661 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:01.573569 0.063170 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:01.637143 0.142214 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:01.779803 0.182562 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:01.962757 0.157771 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:02.120903 0.272076 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:02.393337 0.081377 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:02.475074 0.044869 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:02.520277 0.165243 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:02.685885 0.053342 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:02.739609 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 8343 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 11:06:20.794684 0.049419 tcp 10.0.2.109 61227 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 11:06:20.844397 0.051201 tcp 10.0.2.109 61228 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 11:06:20.895906 0.137376 tcp 10.0.2.109 61229 -> 195.113.214.211 443 SRPA* 0 0 36 26359 flow=From-Botnet-V1-TCP-Established 1970/01/22 11:06:21.033935 0.161712 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:21.196040 0.138834 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:21.335271 0.142389 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:21.478059 0.194336 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:21.672746 0.078578 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:21.751716 0.380657 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:22.132783 0.371952 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:22.505083 0.323046 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:06:22.828546 0.182087 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:09:09.651419 2.998497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 11:09:16.655433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:09:24.657485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:09:40.660377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:10:12.666024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:11:10.169648 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 11:11:10.169788 0.537144 tcp 10.0.2.109 61230 -> 176.73.169.112 1959 FSPA* 0 0 14 1571 flow=From-Botnet-V1-TCP-Established 1970/01/22 11:16:16.671977 3.002385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 11:16:23.679753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:16:31.681305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:16:47.684304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:17:19.690007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:23:23.696046 3.001965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 11:23:30.703473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:23:38.705431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:23:54.707979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:24:26.714244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:30:30.720115 3.001814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 11:30:37.727578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:30:45.729319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:31:01.731996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:31:33.738458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:36:42.852846 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 11:36:42.852937 0.106200 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:42.959493 0.052629 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:43.012488 0.090425 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:43.103288 0.147664 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:43.251341 0.160319 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:43.412037 0.052196 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:43.464574 0.063940 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:43.528871 0.135608 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:43.664864 0.169701 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:43.834942 0.176436 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:36:44.011766 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 11:37:01.081120 0.082445 tcp 10.0.2.109 61231 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 11:37:01.163810 0.053398 tcp 10.0.2.109 61232 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 11:37:01.217403 0.157538 tcp 10.0.2.109 61233 -> 195.113.214.211 443 SRPA* 0 0 39 22722 flow=From-Botnet-V1-TCP-Established 1970/01/22 11:37:01.375354 0.044904 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:01.420592 0.176084 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:01.597058 0.054158 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:01.651548 0.162736 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:01.814706 0.272582 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:02.087656 0.166901 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:02.254966 0.241814 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:02.497173 0.144065 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:02.641631 0.192613 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:02.834620 0.066812 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:02.901749 0.323984 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:03.226167 0.180470 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:03.407009 0.385481 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:03.792886 0.369227 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/22 11:37:37.743625 3.002307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 11:37:44.751225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:37:52.753420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:38:08.756463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:38:40.761724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:41:10.708206 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 11:41:10.708456 0.437009 tcp 10.0.2.109 61234 -> 176.73.169.112 1959 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/01/22 11:44:44.767939 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 11:44:51.775742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:44:59.777134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:45:15.779925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:45:47.786194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:51:51.791986 3.001639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 11:51:58.799547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:52:06.800782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:52:22.803606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:52:54.809872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:58:58.815748 3.002134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 11:59:05.823377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:59:13.825098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 11:59:29.827804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:00:01.834105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:06:05.839731 3.001591 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 12:06:12.847490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:06:20.849238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:06:36.851564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:07:08.858162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:07:22.828473 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:07:22.828698 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:07:39.643973 0.053104 tcp 10.0.2.109 61235 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:07:39.697274 0.053037 tcp 10.0.2.109 61236 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:07:39.750637 0.162196 tcp 10.0.2.109 61237 -> 195.113.214.211 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:07:39.913521 4.421798 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 4 958 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:39.969961 4.307276 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1051 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:40.023072 4.473845 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1170 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:40.184868 4.401687 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 4 1216 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:40.272859 4.371423 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 4 1224 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:40.339281 4.434228 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 4 1126 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:40.468001 4.472016 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 4 1114 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:40.637218 4.485909 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1314 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:40.821784 4.344035 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1288 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:40.878845 4.436434 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 4 1112 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:41.028132 4.332717 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 4 1238 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:41.073450 4.452799 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 4 1171 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:41.237423 4.327749 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 4 1162 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:41.657097 4.067919 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 4 1196 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:41.820038 4.179796 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 4 1097 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:42.092498 4.071800 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 4 1106 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:42.255052 4.046962 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1092 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:42.396361 4.052554 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 4 1162 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:42.544033 4.091042 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 4 1102 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:42.731662 4.026093 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 4 1079 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:42.797650 0.387509 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:43.185539 3.897309 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1013 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:43.511595 4.512327 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 4 1192 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:43.692555 4.693929 rtcp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 4 1080 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:48.387054 0.396918 udp 10.0.2.109 3683 <-> 59.115.37.92 2346 CON 0 0 2 713 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:07:48.784525 0.000000 udp 10.0.2.109 3683 -> 109.155.246.38 4764 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:07:56.436684 0.000000 udp 10.0.2.109 3683 -> 108.231.24.99 6183 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:08:05.228850 0.000000 udp 10.0.2.109 3683 -> 75.142.188.46 5824 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:08:11.267479 0.000000 udp 10.0.2.109 3683 -> 117.200.95.144 5757 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:08:16.565922 0.038383 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 781 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:08:16.685695 0.000000 udp 10.0.2.109 3683 -> 79.37.161.177 4739 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:08:23.805618 0.000000 udp 10.0.2.109 3683 -> 79.53.252.101 8944 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:08:28.732812 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:08:30.916205 0.000000 udp 10.0.2.109 3683 -> 176.33.248.220 2292 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:08:37.004485 0.000000 udp 10.0.2.109 3683 -> 77.183.13.60 3056 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:08:45.436922 0.000000 udp 10.0.2.109 3683 -> 94.132.120.17 9235 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:08:52.507228 0.000000 udp 10.0.2.109 3683 -> 172.6.250.142 9694 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:08:57.835186 0.000000 udp 10.0.2.109 3683 -> 69.21.103.130 4619 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:09:03.162918 0.000000 udp 10.0.2.109 3683 -> 186.6.219.29 2209 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:09:10.743059 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:09:15.740002 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:09:19.425955 0.000000 udp 10.0.2.109 3683 -> 74.38.183.27 5879 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:09:25.264566 0.000000 udp 10.0.2.109 3683 -> 24.98.64.134 4880 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:09:33.596369 0.029759 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:09:33.666250 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:09:42.599446 0.000000 udp 10.0.2.109 3683 -> 92.74.156.242 2336 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:09:50.680362 0.000000 udp 10.0.2.109 3683 -> 223.205.185.194 4018 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:09:58.622321 0.000000 udp 10.0.2.109 3683 -> 66.237.226.20 1336 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:10:03.238238 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:10:03.679831 0.000000 udp 10.0.2.109 3683 -> 95.240.87.247 4794 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:10:10.629686 0.000000 udp 10.0.2.109 3683 -> 88.242.156.36 1826 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:10:18.940980 0.000000 udp 10.0.2.109 3683 -> 91.39.85.33 9714 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:10:25.841606 0.000000 udp 10.0.2.109 3683 -> 62.219.143.195 9366 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:10:32.090042 0.000000 udp 10.0.2.109 3683 -> 50.13.224.157 6588 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:10:37.858255 0.000000 udp 10.0.2.109 3683 -> 90.199.151.187 7954 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:10:43.146523 0.060103 udp 10.0.2.109 3683 -> 91.40.47.155 4990 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:10:43.206626 0.000000 icmp 91.40.47.155 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 278 flow=Background 1970/01/22 12:10:47.732226 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:10:50.657187 0.000000 udp 10.0.2.109 3683 -> 212.252.186.48 3439 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:10:57.346315 0.000000 udp 10.0.2.109 3683 -> 95.90.117.118 9335 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:11:05.258117 0.000000 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:11:11.166609 0.677572 tcp 10.0.2.109 61238 -> 176.73.169.112 1959 FSPA* 0 0 15 1653 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:11:12.558791 0.000000 udp 10.0.2.109 3683 -> 213.177.225.232 1711 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:11:21.251132 0.000000 udp 10.0.2.109 3683 -> 83.217.123.164 8446 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:11:29.482898 0.000000 udp 10.0.2.109 3683 -> 195.53.174.49 8284 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:11:35.320798 0.000000 udp 10.0.2.109 3683 -> 201.144.156.78 8628 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:11:41.019636 0.000000 udp 10.0.2.109 3683 -> 212.54.184.25 3664 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:11:49.191313 0.000000 udp 10.0.2.109 3683 -> 84.234.183.49 4673 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:11:57.973936 0.000000 udp 10.0.2.109 3683 -> 68.15.113.36 1671 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:02.740048 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:12:03.561845 0.000000 udp 10.0.2.109 3683 -> 31.196.180.250 5727 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:08.839148 0.000000 udp 10.0.2.109 3683 -> 194.178.123.100 9704 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:16.159823 0.000000 udp 10.0.2.109 3683 -> 173.217.224.134 5177 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:22.919772 0.000000 udp 10.0.2.109 3683 -> 86.134.177.150 9736 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:28.347565 0.000000 udp 10.0.2.109 3683 -> 109.157.121.65 7375 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:34.607092 0.000000 udp 10.0.2.109 3683 -> 2.85.59.104 4298 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:39.813716 0.000000 udp 10.0.2.109 3683 -> 84.3.130.125 6440 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:47.745070 0.000000 udp 10.0.2.109 3683 -> 94.171.254.46 7317 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:52.732278 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:12:53.823711 0.000000 udp 10.0.2.109 3683 -> 103.4.238.11 8882 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:12:58.961105 0.000000 udp 10.0.2.109 3683 -> 190.92.84.66 9246 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:13:04.629577 0.084743 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:13:04.732340 0.000000 udp 10.0.2.109 3683 -> 95.227.140.10 8998 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:13:10.718031 0.057648 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:13:10.809450 0.054163 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 855 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:13:10.879471 0.000000 udp 10.0.2.109 3683 -> 200.88.99.25 5151 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:13:13.885098 3.001626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 12:13:16.135888 0.000000 udp 10.0.2.109 3683 -> 41.133.182.62 1000 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:13:20.892699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:13:23.216015 0.043377 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:13:23.311613 0.051694 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 683 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:13:23.436155 0.000000 udp 10.0.2.109 3683 -> 86.29.3.91 4575 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:13:28.704528 0.000000 udp 10.0.2.109 3683 -> 213.120.115.215 9742 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:13:28.894499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:13:37.026236 0.000000 udp 10.0.2.109 3683 -> 211.3.248.168 1444 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:13:41.732454 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:13:44.897656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:13:45.919250 0.000000 udp 10.0.2.109 3683 -> 88.108.192.163 8250 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:13:52.168146 0.000000 udp 10.0.2.109 3683 -> 70.184.106.29 6298 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:01.000912 0.000000 udp 10.0.2.109 3683 -> 208.90.195.170 7614 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:07.319673 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:12.386905 0.145880 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:14:12.573003 0.059140 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 743 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:14:12.703616 0.000000 udp 10.0.2.109 3683 -> 83.21.121.5 5061 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:16.903836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:14:19.407148 0.000000 udp 10.0.2.109 3683 -> 84.158.131.252 5255 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:24.504270 0.247572 udp 10.0.2.109 3683 -> 78.14.127.22 7760 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:24.751842 0.000000 icmp 78.14.127.22 0x0303 -> 10.0.2.109 0x501e URP 192 1 274 flow=Background 1970/01/22 12:14:29.240812 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:14:30.082079 0.000000 udp 10.0.2.109 3683 -> 80.18.170.11 1253 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:35.410900 0.000000 udp 10.0.2.109 3683 -> 125.205.220.126 2192 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:41.148030 0.991037 udp 10.0.2.109 3683 <-> 59.161.78.143 9410 CON 0 0 2 793 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:14:42.237136 0.000000 udp 10.0.2.109 3683 -> 69.177.225.155 3422 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:49.860608 0.054910 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:14:49.964039 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:14:56.099932 0.058178 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 743 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:14:56.230996 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:15:05.222641 0.000000 udp 10.0.2.109 3683 -> 209.151.54.137 1567 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:15:13.915744 0.000000 udp 10.0.2.109 3683 -> 82.127.60.226 1580 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:15:18.732394 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:15:21.657081 0.000000 udp 10.0.2.109 3683 -> 78.177.14.244 6942 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:15:30.649840 0.000000 udp 10.0.2.109 3683 -> 178.190.4.44 8783 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:15:37.729595 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:15:43.498248 0.000000 udp 10.0.2.109 3683 -> 31.200.56.161 9160 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:15:50.548267 0.000000 udp 10.0.2.109 3683 -> 213.96.82.97 9337 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:15:57.357968 0.000000 udp 10.0.2.109 3683 -> 78.94.16.96 3243 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:16:04.257897 0.000000 udp 10.0.2.109 3683 -> 173.12.157.5 8061 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:16:09.234528 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:16:11.087468 0.000000 udp 10.0.2.109 3683 -> 220.246.36.52 5815 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:16:18.177875 0.000000 udp 10.0.2.109 3683 -> 80.183.29.116 1024 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:16:23.215074 0.000000 udp 10.0.2.109 3683 -> 66.76.12.254 7189 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:16:30.315323 0.000000 udp 10.0.2.109 3683 -> 212.159.98.73 6753 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:16:37.986502 0.094175 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 696 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:16:38.090277 0.000000 udp 10.0.2.109 3683 -> 63.234.32.146 7831 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:16:46.929216 0.000000 udp 10.0.2.109 3683 -> 94.54.85.56 9358 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:16:55.050764 0.000000 udp 10.0.2.109 3683 -> 92.232.219.88 1712 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:16:59.737289 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:17:01.629995 0.000000 udp 10.0.2.109 3683 -> 68.179.37.137 6670 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:17:09.231103 0.000000 udp 10.0.2.109 3683 -> 96.41.163.158 9327 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:17:18.103938 0.000000 udp 10.0.2.109 3683 -> 94.212.51.230 3662 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:17:23.121311 0.153678 udp 10.0.2.109 3683 <-> 67.70.206.168 1365 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:17:23.285520 0.000000 udp 10.0.2.109 3683 -> 64.22.214.50 1378 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:17:31.523736 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:17:36.680918 0.000000 udp 10.0.2.109 3683 -> 79.5.34.131 9263 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:17:41.768350 0.000000 udp 10.0.2.109 3683 -> 79.39.135.74 7302 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:17:46.735379 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:17:48.377183 0.000000 udp 10.0.2.109 3683 -> 85.107.140.241 7255 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:20:20.909334 3.001712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 12:20:27.916891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:20:35.918034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:20:51.921080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:21:23.927382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:27:27.933490 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 12:27:34.940526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:27:42.942476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:27:58.944998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:28:30.951131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:34:34.957430 3.001219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 12:34:41.964945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:34:49.966046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:35:05.969204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:35:37.975623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:41:11.845580 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:41:11.845737 0.509821 tcp 10.0.2.109 61239 -> 176.73.169.112 1959 FSPA* 0 0 15 1769 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:41:41.981805 3.001123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 12:41:48.988301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:41:56.990018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:42:12.993438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:42:44.999775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:47:56.727815 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 12:47:56.728063 0.053714 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:56.782133 0.159441 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:56.942050 0.087565 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:57.029992 0.064468 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:57.094795 0.136595 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:57.231783 0.168954 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:57.401081 0.053685 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:57.455034 0.187322 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:57.642752 0.053703 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:57.696799 0.147921 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:57.845112 0.044629 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:57.890042 0.172405 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:58.062783 0.036880 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:58.099976 0.158799 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:58.259147 0.271625 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:58.531116 0.186526 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:58.718032 0.067915 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:58.786322 0.320993 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:59.107681 0.163281 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:59.271329 0.144542 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:59.416196 0.144080 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:59.560648 0.180325 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:47:59.741328 0.369762 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:48:00.111454 0.000000 udp 10.0.2.109 3683 -> 59.115.37.92 2346 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:48:16.507312 0.053803 tcp 10.0.2.109 61240 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:48:16.561300 0.053733 tcp 10.0.2.109 61241 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:48:16.615211 0.149518 tcp 10.0.2.109 61242 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:48:16.765234 0.041621 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:48:16.807206 0.030857 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:48:16.838421 0.072427 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:48:16.911190 0.053668 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:48:16.965163 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:48:32.339388 0.052350 tcp 10.0.2.109 61243 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:48:32.391956 0.058928 tcp 10.0.2.109 61244 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:48:32.451137 0.153588 tcp 10.0.2.109 61245 -> 195.113.214.211 443 SRPA* 0 0 46 26334 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:48:32.604936 0.040763 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:48:32.645990 0.043936 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:48:32.690299 0.059518 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:48:32.750180 0.147169 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:48:32.897742 0.000000 udp 10.0.2.109 3683 -> 59.161.78.143 9410 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:48:49.007323 2.999732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 12:48:50.966231 0.088517 tcp 10.0.2.109 61246 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:48:51.055032 0.052914 tcp 10.0.2.109 61247 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:48:51.108223 0.143887 tcp 10.0.2.109 61248 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:48:51.252484 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:48:56.012606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:49:04.014640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:49:07.690151 0.052780 tcp 10.0.2.109 61249 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:49:07.743235 0.053480 tcp 10.0.2.109 61250 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:49:07.796948 0.147233 tcp 10.0.2.109 61251 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:49:07.944644 0.054922 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:49:07.999934 0.084809 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/22 12:49:08.085092 0.000000 udp 10.0.2.109 3683 -> 67.70.206.168 1365 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 12:49:20.017224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:49:24.353919 0.052967 tcp 10.0.2.109 61252 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:49:24.407125 0.053022 tcp 10.0.2.109 61253 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:49:24.460449 0.144268 tcp 10.0.2.109 61254 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 12:49:52.023344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:55:56.028618 3.002140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 12:56:03.036301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:56:11.038300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:56:27.041375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 12:56:59.047149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:03:03.054391 3.000431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 13:03:10.060204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:03:18.062475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:03:34.064964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:04:06.071300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:10:10.076575 3.002486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 13:10:17.084800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:10:25.086278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:10:41.088909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:11:12.354531 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 13:11:12.354633 0.480123 tcp 10.0.2.109 61255 -> 176.73.169.112 1959 FSPA* 0 0 14 1719 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:11:13.094720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:17:17.100973 3.011417 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 13:17:24.118560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:17:32.119953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:17:48.122715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:18:20.128905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:19:46.683814 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 13:19:46.683967 0.355102 udp 10.0.2.109 3683 -> 59.115.37.92 2346 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:19:47.039069 0.000000 icmp 59.115.37.92 0x0303 -> 10.0.2.109 0x2a09 URP 192 1 163 flow=Background 1970/01/22 13:20:02.588547 0.055426 tcp 10.0.2.109 61256 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:02.644245 0.053101 tcp 10.0.2.109 61257 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:02.697609 0.159136 tcp 10.0.2.109 61258 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:02.857215 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:20:20.041674 0.052609 tcp 10.0.2.109 61259 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:20.094527 0.054082 tcp 10.0.2.109 61260 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:20.148867 0.144013 tcp 10.0.2.109 61261 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:20.293257 0.000000 udp 10.0.2.109 3683 -> 59.161.78.143 9410 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:20:36.385311 0.052610 tcp 10.0.2.109 61262 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:36.438373 0.053815 tcp 10.0.2.109 61263 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:36.492438 0.158535 tcp 10.0.2.109 61264 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:36.651466 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:20:53.640211 0.052308 tcp 10.0.2.109 61265 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:53.692748 0.053468 tcp 10.0.2.109 61266 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:53.746519 0.150247 tcp 10.0.2.109 61267 -> 195.113.214.211 443 SRPA* 0 0 22 13086 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:20:53.897233 0.000000 udp 10.0.2.109 3683 -> 67.70.206.168 1365 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:21:09.373177 0.052720 tcp 10.0.2.109 61268 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:21:09.426299 0.053732 tcp 10.0.2.109 61269 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:21:09.480239 0.149725 tcp 10.0.2.109 61270 -> 195.113.214.211 443 SRPA* 0 0 43 22186 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:21:09.630516 0.062982 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:09.693908 0.159571 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:09.853872 0.188119 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:10.042436 0.054143 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:10.096959 0.146060 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:10.243411 0.044379 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:10.288135 0.062743 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:10.351319 0.084439 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:10.436074 0.161840 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:10.598339 0.052652 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:10.651364 0.136009 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:10.787753 0.440077 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:11.228224 0.185663 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:11.414317 0.036110 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:11.450749 0.262179 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:11.713282 0.182339 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:11.895991 0.173144 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:12.069508 0.165403 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:12.235282 0.181155 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:12.416849 0.145231 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:12.562487 0.323608 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:12.886457 0.139826 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:13.026648 0.342541 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:13.369555 0.072099 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:13.442049 0.041099 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:13.483489 0.031279 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:13.515107 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:21:30.754087 0.051958 tcp 10.0.2.109 61271 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:21:30.806282 0.053162 tcp 10.0.2.109 61272 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:21:30.859649 0.155141 tcp 10.0.2.109 61273 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:21:31.015232 0.043497 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:31.059109 0.141937 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:31.201449 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:21:46.776590 0.052231 tcp 10.0.2.109 61274 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:21:46.829146 0.052496 tcp 10.0.2.109 61275 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:21:46.882018 0.203712 tcp 10.0.2.109 61276 -> 195.113.214.211 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:21:47.086230 0.047649 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:47.134292 0.060508 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:21:47.195173 0.081483 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:24:24.135168 3.001553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 13:24:31.142596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:24:39.143641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:24:55.146978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:25:27.152824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:31:31.158656 3.002251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 13:31:38.166838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:31:46.167991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:32:02.171101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:32:34.176682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:38:38.182320 3.002157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 13:38:45.190637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:38:53.192282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:39:09.194568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:39:41.201309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:41:12.842825 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 13:41:12.842999 0.833264 tcp 10.0.2.109 61277 -> 176.73.169.112 1959 FSPA* 0 0 14 1671 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:45:45.206837 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 13:45:52.214661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:46:00.216228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:46:16.219256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:46:48.225290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:51:57.980798 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 13:51:57.981100 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:52:15.768102 0.053074 tcp 10.0.2.109 61278 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:52:15.821425 0.052926 tcp 10.0.2.109 61279 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:52:15.874574 0.145095 tcp 10.0.2.109 61280 -> 195.113.214.211 443 SRPA* 0 0 36 18888 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:52:16.020233 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:52:31.639119 0.052198 tcp 10.0.2.109 61281 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:52:31.691577 0.053976 tcp 10.0.2.109 61282 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:52:31.745760 0.147319 tcp 10.0.2.109 61283 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:52:31.893554 0.057208 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:31.951079 0.159074 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:32.110558 0.146712 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:32.257634 0.044904 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:32.302931 0.063550 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:32.366844 0.092649 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:32.459856 0.161385 udp 10.0.2.109 3683 <-> 99.100.249.136 7827 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:32.621639 0.053334 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:32.675306 0.135093 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:32.810794 0.052664 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:32.863806 0.182037 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:33.046260 0.260465 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:33.307109 0.167113 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:33.474648 0.035569 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:33.510609 0.193810 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:33.704785 0.069501 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:33.774618 0.355496 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:34.130529 0.164141 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:34.295004 0.000000 udp 10.0.2.109 3683 -> 66.115.90.55 3922 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 13:52:49.945669 0.052874 tcp 10.0.2.109 61284 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:52:49.998791 0.054020 tcp 10.0.2.109 61285 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:52:50.052988 0.149982 tcp 10.0.2.109 61286 -> 195.113.214.211 443 SRPA* 0 0 40 33956 flow=From-Botnet-V1-TCP-Established 1970/01/22 13:52:50.203414 0.155237 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:50.359044 0.143821 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:50.503247 0.041603 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:50.545168 0.031426 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:50.576931 0.362397 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:50.939717 0.141053 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:51.081155 0.073772 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:51.155299 0.042185 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:51.197767 0.142445 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:51.340621 0.084587 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:51.425564 0.048632 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:51.474494 0.055331 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/22 13:52:52.230666 3.002095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 13:52:59.238570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:53:07.240158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:53:23.242573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:53:55.248990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 13:59:59.254530 3.002223 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 14:00:06.262257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:00:14.263797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:00:30.266488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:01:02.272641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:07:06.278775 3.001866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 14:07:13.286478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:07:21.287746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:07:37.290638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:08:09.297042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:11:13.682383 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 14:11:13.682555 0.556580 tcp 10.0.2.109 61287 -> 176.73.169.112 1959 FSPA* 0 0 14 1552 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:14:13.302878 3.001740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 14:14:20.310201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:14:28.311385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:14:44.314614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:15:16.320445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:21:20.326574 3.001527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 14:21:27.334464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:21:35.335773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:21:51.338924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:22:23.344710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:23:03.953692 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 14:23:03.953909 0.000000 udp 10.0.2.109 3683 -> 66.115.90.55 3922 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 14:23:22.841865 0.052942 tcp 10.0.2.109 61288 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:23:22.895021 0.053254 tcp 10.0.2.109 61289 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:23:22.948536 0.147930 tcp 10.0.2.109 61290 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:23:23.096905 0.053321 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:23.150593 0.153986 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:23.304958 0.045100 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:23.350426 0.062896 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:23.413657 0.084234 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:23.498333 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 14:23:38.783758 0.051936 tcp 10.0.2.109 61291 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:23:38.835918 0.054066 tcp 10.0.2.109 61292 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:23:38.890267 0.148689 tcp 10.0.2.109 61293 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:23:39.039307 0.051945 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:39.091607 0.161057 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:39.253004 0.070514 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:39.323852 0.140335 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:39.464599 0.170403 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:39.635381 0.041685 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:39.677467 0.185408 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:39.863243 0.068228 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:39.931853 0.259641 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:40.191840 0.182928 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:40.375153 0.175240 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:40.550748 0.352490 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:40.903625 0.046028 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:40.950037 0.029295 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:40.979661 0.346095 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:41.326168 0.164240 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:41.490784 0.137051 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:41.628238 0.140473 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:41.769125 0.074274 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:41.843785 0.048816 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:41.892994 0.138515 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:42.031932 0.083031 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:42.115360 0.047736 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:23:42.163507 0.055093 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:28:27.351159 3.001394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 14:28:34.357847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:28:42.359554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:28:58.363153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:29:30.368704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:35:34.374379 3.001867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 14:35:41.382389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:35:49.383443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:36:05.386349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:36:37.392897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:41:14.241588 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 14:41:14.241734 0.466294 tcp 10.0.2.109 61294 -> 176.73.169.112 1959 FSPA* 0 0 14 1700 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:42:41.398442 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 14:42:48.406746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:42:56.407529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:43:12.410516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:43:44.416670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:49:48.422279 3.002347 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 14:49:55.429701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:50:03.431485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:50:19.434572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:50:51.440321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:53:49.035931 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 14:53:49.036216 0.000000 udp 10.0.2.109 3683 -> 99.100.249.136 7827 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 14:54:07.916420 0.054555 tcp 10.0.2.109 61295 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:54:07.971223 0.052820 tcp 10.0.2.109 61296 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:54:08.024479 0.141304 tcp 10.0.2.109 61297 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/22 14:54:08.166471 0.062685 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:08.229703 0.091869 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:08.321895 0.147927 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:08.470282 0.070655 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:08.541265 0.044420 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:08.586005 0.051587 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:08.637938 0.160798 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:08.799121 0.053696 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:08.853140 0.174864 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:09.028385 0.166709 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:09.195478 0.035548 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:09.231342 0.192429 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:09.424124 0.069280 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:09.493807 0.267758 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:09.762021 0.182537 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:09.944909 0.166598 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:10.111887 0.353457 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:10.465777 0.040549 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:10.506642 0.031266 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:10.538253 0.377022 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:10.915654 0.169490 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:11.085501 0.137407 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:11.223258 0.142028 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:11.365645 0.077721 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:11.443741 0.046968 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:11.491097 0.042128 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:11.533546 0.061282 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:11.595144 0.141857 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:54:11.737374 0.082659 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/22 14:56:55.445831 3.002094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 14:57:02.454282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:57:10.455720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:57:26.458896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 14:57:58.464281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:04:02.471204 3.031194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 15:04:09.507876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:04:17.509696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:04:33.513011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:05:05.518907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:11:09.524010 3.001900 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 15:11:14.709614 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 15:11:14.709801 0.657080 tcp 10.0.2.109 61298 -> 176.73.169.112 1959 FSPA* 0 0 14 1550 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:11:16.532026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:11:24.533534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:11:40.536410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:12:12.542212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:18:16.548065 3.001988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 15:18:23.555709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:18:31.557344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:18:47.560559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:19:19.566997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:24:35.381071 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 15:24:35.381250 0.147813 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:35.529458 0.055470 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:35.585279 0.045255 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:35.630840 0.052792 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:35.683957 0.150150 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:35.834486 0.049387 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:35.884169 0.057530 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:35.942067 0.093118 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:36.035561 0.109192 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:36.145108 0.166891 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:36.312380 0.030660 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:36.343396 0.185760 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:36.529550 0.068862 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:36.598799 0.260057 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:36.859256 0.175630 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:37.035277 0.046504 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:37.082220 0.029178 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:37.111759 0.351818 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:37.464016 0.170301 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:37.634645 0.353656 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:37.988659 0.154899 rtcp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:38.143920 0.136697 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:38.281003 0.138316 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:38.419731 0.075498 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:38.495611 0.043002 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:38.538970 0.041787 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:38.581129 0.056882 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:38.638387 0.141264 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:24:38.780025 0.080068 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:25:23.571880 3.002429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 15:25:30.579583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:25:38.581748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:25:54.584657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:26:26.590352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:32:30.596781 3.071113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 15:32:37.674422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:32:45.675520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:33:01.678558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:33:33.684193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:39:37.690057 3.002344 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 15:39:44.697657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:39:52.699545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:40:08.702130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:40:40.708776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:41:15.398876 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 15:41:15.399043 3.003608 tcp 10.0.2.109 61299 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:41:24.401641 0.000000 tcp 10.0.2.109 61299 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:41:30.401185 0.053384 tcp 10.0.2.109 61300 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:41:30.455048 0.054215 tcp 10.0.2.109 61301 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:41:30.509557 0.145094 tcp 10.0.2.109 61302 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:41:30.674324 3.000290 tcp 10.0.2.109 61303 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:41:39.683527 0.000000 tcp 10.0.2.109 61303 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:41:45.672221 0.052303 tcp 10.0.2.109 61304 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:41:45.724757 0.054086 tcp 10.0.2.109 61305 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:41:45.779082 0.143499 tcp 10.0.2.109 61306 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:41:45.932725 2.994164 tcp 10.0.2.109 61307 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:41:54.925117 0.000000 tcp 10.0.2.109 61307 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:42:00.934096 0.053015 tcp 10.0.2.109 61308 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:00.987368 0.054371 tcp 10.0.2.109 61309 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:01.042003 0.144280 tcp 10.0.2.109 61310 -> 195.113.214.211 443 SRPA* 0 0 32 16642 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:01.195996 0.911392 tcp 10.0.2.109 61311 -> 46.50.226.74 10856 FSPA* 0 0 14 1605 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:01.849594 0.053041 tcp 10.0.2.109 61312 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:01.902862 0.053122 tcp 10.0.2.109 61313 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:01.956215 0.142033 tcp 10.0.2.109 61314 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:02.107563 3.002046 tcp 10.0.2.109 61315 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:42:11.108476 0.000000 tcp 10.0.2.109 61315 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:42:17.107475 0.053023 tcp 10.0.2.109 61316 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:17.160728 0.053050 tcp 10.0.2.109 61317 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:17.213958 0.149209 tcp 10.0.2.109 61318 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:17.377584 3.003824 tcp 10.0.2.109 61319 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:42:26.380091 0.000000 tcp 10.0.2.109 61319 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:42:32.379895 0.052383 tcp 10.0.2.109 61320 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:32.432502 0.054024 tcp 10.0.2.109 61321 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:32.486747 0.144235 tcp 10.0.2.109 61322 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:42:32.649115 3.004766 tcp 10.0.2.109 61323 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:42:41.662534 0.000000 tcp 10.0.2.109 61323 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:42:47.640848 2.995088 tcp 10.0.2.109 61324 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:42:56.643839 0.000000 tcp 10.0.2.109 61324 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:43:02.643082 2.993748 tcp 10.0.2.109 61325 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:43:11.635847 0.000000 tcp 10.0.2.109 61325 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:43:17.644551 0.585465 tcp 10.0.2.109 61326 -> 46.50.226.74 10856 FSPA* 0 0 14 1605 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:43:18.230218 2.999078 tcp 10.0.2.109 61327 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:43:27.227921 0.000000 tcp 10.0.2.109 61327 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:43:33.226888 3.003838 tcp 10.0.2.109 61328 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:43:42.229748 0.000000 tcp 10.0.2.109 61328 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:46:44.714295 3.001507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 15:46:51.722023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:46:59.723065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:47:15.726379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:47:47.732296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:48:48.230016 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 15:48:48.230180 2.993788 tcp 10.0.2.109 61329 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:48:57.232582 0.000000 tcp 10.0.2.109 61329 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:49:03.232350 0.053972 tcp 10.0.2.109 61330 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:03.286637 0.053540 tcp 10.0.2.109 61331 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:03.340405 0.142309 tcp 10.0.2.109 61332 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:03.492872 2.993139 tcp 10.0.2.109 61333 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:49:12.483979 0.000000 tcp 10.0.2.109 61333 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:49:18.493455 0.053521 tcp 10.0.2.109 61334 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:18.547246 0.054606 tcp 10.0.2.109 61335 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:18.602064 0.143340 tcp 10.0.2.109 61336 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:18.756782 2.990692 tcp 10.0.2.109 61337 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:49:27.746489 0.000000 tcp 10.0.2.109 61337 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:49:33.755299 0.052038 tcp 10.0.2.109 61338 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:33.807548 0.054154 tcp 10.0.2.109 61339 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:33.862000 0.143597 tcp 10.0.2.109 61340 -> 195.113.214.211 443 SRPA* 0 0 21 11360 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:34.015240 0.904386 tcp 10.0.2.109 61341 -> 46.50.226.74 10856 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:34.652597 0.053119 tcp 10.0.2.109 61342 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:34.705943 0.053702 tcp 10.0.2.109 61343 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:34.759964 0.146617 tcp 10.0.2.109 61344 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:34.919819 3.001017 tcp 10.0.2.109 61345 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:49:43.919226 0.000000 tcp 10.0.2.109 61345 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:49:49.918371 0.052380 tcp 10.0.2.109 61346 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:49.970943 0.053858 tcp 10.0.2.109 61347 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:50.025032 0.144938 tcp 10.0.2.109 61348 -> 195.113.214.211 443 SRPA* 0 0 42 33214 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:49:50.179193 3.003681 tcp 10.0.2.109 61349 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:49:59.181332 0.000000 tcp 10.0.2.109 61349 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:50:05.180370 2.993646 tcp 10.0.2.109 61350 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:50:14.182987 0.000000 tcp 10.0.2.109 61350 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:50:20.181441 2.994684 tcp 10.0.2.109 61351 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:50:29.174498 0.000000 tcp 10.0.2.109 61351 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:50:35.183251 0.703599 tcp 10.0.2.109 61352 -> 46.50.226.74 10856 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:50:35.887043 3.001432 tcp 10.0.2.109 61353 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:50:44.887597 0.000000 tcp 10.0.2.109 61353 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:53:51.738050 3.001977 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 15:53:58.745861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:54:06.747710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:54:22.750209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:54:54.185475 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 15:54:54.185722 0.047138 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:54.231851 0.054265 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:54.287488 0.158161 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:54.439632 0.069222 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:54.490413 0.084839 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:54.556068 0.211074 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2010 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:54.743839 0.087220 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:54.757523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 15:54:54.828461 0.120275 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:54.917152 0.108170 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:55.033546 0.165742 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:55.215437 0.039502 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:55.246996 0.195838 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:55.435753 0.120257 rtp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:55.509329 0.263016 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:55.770653 0.192001 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:55.954766 0.046748 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:55.997312 0.031912 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:56.042576 0.369139 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:56.433255 0.199510 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:56.621100 0.375626 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:56.976362 0.157111 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:57.142806 0.156494 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:57.291414 0.167068 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:57.435400 0.114865 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:57.512365 0.053757 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:57.559086 0.058482 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:57.601134 0.071668 rtp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:57.658757 0.165087 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:54:57.802519 0.125136 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/22 15:55:50.887951 3.003325 tcp 10.0.2.109 61354 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:55:55.764453 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 15:55:59.890043 0.000000 tcp 10.0.2.109 61354 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:56:05.890167 0.053967 tcp 10.0.2.109 61355 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:05.944359 0.053443 tcp 10.0.2.109 61356 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:05.998024 0.142314 tcp 10.0.2.109 61357 -> 195.113.214.211 443 SRPA* 0 0 21 11340 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:06.175012 3.008764 tcp 10.0.2.109 61358 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:56:15.182189 0.000000 tcp 10.0.2.109 61358 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:56:21.170812 0.052258 tcp 10.0.2.109 61359 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:21.223265 0.053707 tcp 10.0.2.109 61360 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:21.277200 0.143154 tcp 10.0.2.109 61361 -> 195.113.214.211 443 SRPA* 0 0 40 21314 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:21.434355 3.001185 tcp 10.0.2.109 61362 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:56:30.433679 0.000000 tcp 10.0.2.109 61362 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:56:36.433228 0.052582 tcp 10.0.2.109 61363 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:36.486245 0.053432 tcp 10.0.2.109 61364 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:36.539901 0.143315 tcp 10.0.2.109 61365 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:36.693974 3.003149 tcp 10.0.2.109 61366 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:56:45.695760 0.000000 tcp 10.0.2.109 61366 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:56:51.695048 0.052567 tcp 10.0.2.109 61367 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:51.747827 0.053564 tcp 10.0.2.109 61368 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:51.801620 0.142886 tcp 10.0.2.109 61369 -> 195.113.214.211 443 SRPA* 0 0 20 11286 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:56:51.953515 3.005368 tcp 10.0.2.109 61370 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:57:00.958050 0.000000 tcp 10.0.2.109 61370 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:57:06.946718 0.052996 tcp 10.0.2.109 61371 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:06.999970 0.053798 tcp 10.0.2.109 61372 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:07.053929 0.145003 tcp 10.0.2.109 61373 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:07.225380 0.912619 tcp 10.0.2.109 61374 -> 46.50.226.74 10856 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:07.879710 0.053033 tcp 10.0.2.109 61375 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:07.933024 0.054112 tcp 10.0.2.109 61376 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:07.987355 0.141788 tcp 10.0.2.109 61377 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:08.138204 3.004287 tcp 10.0.2.109 61378 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:57:17.141295 0.000000 tcp 10.0.2.109 61378 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:57:23.140613 0.052877 tcp 10.0.2.109 61379 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:23.193682 0.053463 tcp 10.0.2.109 61380 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:23.247341 0.145543 tcp 10.0.2.109 61381 -> 195.113.214.211 443 SRPA* 0 0 43 26792 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:57:23.417407 2.997111 tcp 10.0.2.109 61382 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:57:32.422949 0.000000 tcp 10.0.2.109 61382 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:57:38.411725 2.994185 tcp 10.0.2.109 61383 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:57:47.404760 0.000000 tcp 10.0.2.109 61383 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:57:53.413256 2.994290 tcp 10.0.2.109 61384 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:58:02.406589 0.000000 tcp 10.0.2.109 61384 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:58:08.414849 3.004092 tcp 10.0.2.109 61385 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:58:13.261936 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 15:58:17.417406 0.000000 tcp 10.0.2.109 61385 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:58:23.416256 3.004797 tcp 10.0.2.109 61386 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:58:32.419307 0.000000 tcp 10.0.2.109 61386 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:58:38.417815 0.654107 tcp 10.0.2.109 61387 -> 46.50.226.74 10856 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/01/22 15:58:39.072082 3.001062 tcp 10.0.2.109 61388 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 15:58:48.071599 0.000000 tcp 10.0.2.109 61388 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:00:58.762804 3.001651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 16:01:05.769886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:01:13.771535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:01:29.774154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:02:01.780431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:03:54.072042 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:03:54.072183 2.994108 tcp 10.0.2.109 61389 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:04:03.064406 0.000000 tcp 10.0.2.109 61389 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:04:09.075305 0.054202 tcp 10.0.2.109 61390 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:09.129763 0.052031 tcp 10.0.2.109 61391 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:09.182072 0.146680 tcp 10.0.2.109 61392 -> 195.113.214.211 443 SRPA* 0 0 20 10684 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:09.379513 2.999104 tcp 10.0.2.109 61393 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:04:18.376954 0.000000 tcp 10.0.2.109 61393 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:04:24.375911 0.052477 tcp 10.0.2.109 61394 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:24.428636 0.053696 tcp 10.0.2.109 61395 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:24.482545 0.140575 tcp 10.0.2.109 61396 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:24.639947 3.000417 tcp 10.0.2.109 61397 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:04:33.638904 0.000000 tcp 10.0.2.109 61397 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:04:39.637860 0.051651 tcp 10.0.2.109 61398 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:39.689759 0.052657 tcp 10.0.2.109 61399 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:39.742653 0.160255 tcp 10.0.2.109 61400 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:40.004831 2.997081 tcp 10.0.2.109 61401 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:04:49.000834 0.000000 tcp 10.0.2.109 61401 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:04:55.000038 0.052370 tcp 10.0.2.109 61402 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:55.052681 0.052648 tcp 10.0.2.109 61403 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:55.105573 0.150422 tcp 10.0.2.109 61404 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:04:55.532542 2.991849 tcp 10.0.2.109 61405 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:05:04.533238 0.000000 tcp 10.0.2.109 61405 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:05:10.532061 0.052127 tcp 10.0.2.109 61406 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:10.584472 0.054414 tcp 10.0.2.109 61407 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:10.639119 0.140271 tcp 10.0.2.109 61408 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:10.805970 0.909544 tcp 10.0.2.109 61409 -> 46.50.226.74 10856 FSPA* 0 0 14 1720 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:11.458626 0.052373 tcp 10.0.2.109 61410 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:11.511223 0.053441 tcp 10.0.2.109 61411 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:11.564960 0.141710 tcp 10.0.2.109 61412 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:11.715709 3.001909 tcp 10.0.2.109 61413 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:05:20.716557 0.000000 tcp 10.0.2.109 61413 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:05:26.715849 0.052465 tcp 10.0.2.109 61414 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:26.768557 0.054558 tcp 10.0.2.109 61415 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:26.823357 0.144920 tcp 10.0.2.109 61416 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:05:27.006134 3.004021 tcp 10.0.2.109 61417 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:05:36.008613 0.000000 tcp 10.0.2.109 61417 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:05:42.046867 3.004715 tcp 10.0.2.109 61418 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:05:51.049771 0.000000 tcp 10.0.2.109 61418 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:05:57.049191 3.003395 tcp 10.0.2.109 61419 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:06:06.051351 0.000000 tcp 10.0.2.109 61419 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:06:12.050021 2.994596 tcp 10.0.2.109 61420 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:06:16.806821 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:06:21.053032 0.000000 tcp 10.0.2.109 61420 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:06:27.051598 2.994581 tcp 10.0.2.109 61421 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:06:36.044535 0.000000 tcp 10.0.2.109 61421 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:06:42.053500 0.643877 tcp 10.0.2.109 61422 -> 46.50.226.74 10856 FSPA* 0 0 14 1720 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:06:42.697237 3.001293 tcp 10.0.2.109 61423 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:06:51.697093 0.000000 tcp 10.0.2.109 61423 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:08:05.825856 3.002039 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 16:08:12.834270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:08:20.835128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:08:36.838092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:09:08.844126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:11:57.697784 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:11:57.698026 3.003200 tcp 10.0.2.109 61424 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:12:06.700318 0.000000 tcp 10.0.2.109 61424 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:12:12.700684 0.052383 tcp 10.0.2.109 61425 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:12.753436 0.053329 tcp 10.0.2.109 61426 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:12.806951 0.146339 tcp 10.0.2.109 61427 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:13.202730 3.001251 tcp 10.0.2.109 61428 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:12:22.212527 0.000000 tcp 10.0.2.109 61428 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:12:28.201476 0.051123 tcp 10.0.2.109 61429 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:28.252872 0.053136 tcp 10.0.2.109 61430 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:28.306290 0.147177 tcp 10.0.2.109 61431 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:28.463519 3.001969 tcp 10.0.2.109 61432 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:12:37.464191 0.000000 tcp 10.0.2.109 61432 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:12:43.463659 0.052653 tcp 10.0.2.109 61433 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:43.516577 0.053600 tcp 10.0.2.109 61434 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:43.570425 0.140887 tcp 10.0.2.109 61435 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:43.771144 2.996464 tcp 10.0.2.109 61436 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:12:52.766429 0.000000 tcp 10.0.2.109 61436 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:12:58.765153 0.051089 tcp 10.0.2.109 61437 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:58.816478 0.052989 tcp 10.0.2.109 61438 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:58.869804 0.141110 tcp 10.0.2.109 61439 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:12:59.119518 3.000055 tcp 10.0.2.109 61440 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:13:08.118233 0.000000 tcp 10.0.2.109 61440 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:13:14.117865 0.051580 tcp 10.0.2.109 61441 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:14.169698 0.052941 tcp 10.0.2.109 61442 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:14.222943 0.140454 tcp 10.0.2.109 61443 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:14.501374 0.869822 tcp 10.0.2.109 61444 -> 46.50.226.74 10856 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:15.108654 0.051955 tcp 10.0.2.109 61445 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:15.160874 0.052756 tcp 10.0.2.109 61446 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:15.213927 0.148122 tcp 10.0.2.109 61447 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:15.371356 3.001796 tcp 10.0.2.109 61448 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:13:24.371678 0.000000 tcp 10.0.2.109 61448 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:13:30.370797 0.052994 tcp 10.0.2.109 61449 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:30.424092 0.052767 tcp 10.0.2.109 61450 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:30.477078 0.145287 tcp 10.0.2.109 61451 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:13:30.691057 2.994391 tcp 10.0.2.109 61452 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:13:39.693536 0.000000 tcp 10.0.2.109 61452 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:13:45.692753 2.993868 tcp 10.0.2.109 61453 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:13:54.685415 0.000000 tcp 10.0.2.109 61453 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:14:00.694291 3.003721 tcp 10.0.2.109 61454 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:14:09.696968 0.000000 tcp 10.0.2.109 61454 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:14:15.695643 3.004012 tcp 10.0.2.109 61455 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:14:20.302528 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:14:24.698452 0.000000 tcp 10.0.2.109 61455 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:14:30.697283 3.004036 tcp 10.0.2.109 61456 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:14:39.699763 0.000000 tcp 10.0.2.109 61456 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:14:45.698561 0.688738 tcp 10.0.2.109 61457 -> 46.50.226.74 10856 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:14:46.387524 3.006205 tcp 10.0.2.109 61458 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:14:55.402570 0.000000 tcp 10.0.2.109 61458 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:15:12.850443 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 16:15:19.857724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:15:27.859770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:15:43.862556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:16:15.868241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:20:01.383217 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:20:01.383356 2.993828 tcp 10.0.2.109 61459 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:20:10.375157 0.000000 tcp 10.0.2.109 61459 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:20:16.385746 0.053737 tcp 10.0.2.109 61460 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:20:16.439719 0.053390 tcp 10.0.2.109 61461 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:20:16.493401 0.141765 tcp 10.0.2.109 61462 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:20:16.646458 3.002607 tcp 10.0.2.109 61463 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:20:25.647123 0.000000 tcp 10.0.2.109 61463 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:20:31.647000 0.053266 tcp 10.0.2.109 61464 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:20:31.700604 0.054682 tcp 10.0.2.109 61465 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:20:31.755508 0.141627 tcp 10.0.2.109 61466 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:20:31.912085 2.998365 tcp 10.0.2.109 61467 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:20:40.909296 0.000000 tcp 10.0.2.109 61467 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:20:46.908573 0.051945 tcp 10.0.2.109 61468 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:20:46.960792 0.053727 tcp 10.0.2.109 61469 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:20:47.014753 0.144857 tcp 10.0.2.109 61470 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:20:47.171170 3.001869 tcp 10.0.2.109 61471 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:20:56.171180 0.000000 tcp 10.0.2.109 61471 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:21:02.170189 0.053461 tcp 10.0.2.109 61472 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:02.223899 0.052270 tcp 10.0.2.109 61473 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:02.276358 0.147295 tcp 10.0.2.109 61474 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:02.456376 2.998328 tcp 10.0.2.109 61475 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:21:11.463434 0.000000 tcp 10.0.2.109 61475 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:21:17.452314 0.052497 tcp 10.0.2.109 61476 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:17.505042 0.053269 tcp 10.0.2.109 61477 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:17.558573 0.144828 tcp 10.0.2.109 61478 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:17.783381 0.993619 tcp 10.0.2.109 61479 -> 46.50.226.74 10856 FSPA* 0 0 14 1674 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:18.512820 0.052888 tcp 10.0.2.109 61480 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:18.565980 0.055092 tcp 10.0.2.109 61481 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:18.621267 0.145629 tcp 10.0.2.109 61482 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:18.777192 3.000657 tcp 10.0.2.109 61483 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:21:27.777175 0.000000 tcp 10.0.2.109 61483 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:21:33.775808 0.051765 tcp 10.0.2.109 61484 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:33.827861 0.052609 tcp 10.0.2.109 61485 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:33.880724 0.144955 tcp 10.0.2.109 61486 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:21:34.107506 3.002845 tcp 10.0.2.109 61487 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:21:43.109024 0.000000 tcp 10.0.2.109 61487 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:21:49.107526 3.004696 tcp 10.0.2.109 61488 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:21:58.110374 0.000000 tcp 10.0.2.109 61488 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:22:04.109204 3.004031 tcp 10.0.2.109 61489 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:22:13.111982 0.000000 tcp 10.0.2.109 61489 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:22:19.110688 2.994145 tcp 10.0.2.109 61490 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:22:19.874599 3.001109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 16:22:23.807029 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:22:26.881891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:22:28.113531 0.000000 tcp 10.0.2.109 61490 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:22:34.112387 2.994009 tcp 10.0.2.109 61491 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:22:34.883342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:22:43.104743 0.000000 tcp 10.0.2.109 61491 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:22:49.113856 0.633656 tcp 10.0.2.109 61492 -> 46.50.226.74 10856 FSPA* 0 0 14 1674 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:22:49.747696 3.001617 tcp 10.0.2.109 61493 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:22:50.886434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:22:58.747725 0.000000 tcp 10.0.2.109 61493 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:23:22.892192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:25:05.169623 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:25:05.169831 0.047489 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:05.245736 0.054409 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:05.342790 0.153528 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:05.491173 0.063829 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1966 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:05.539720 0.081880 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:05.622745 0.172743 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2047 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:05.771984 0.104624 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:05.873950 0.147732 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:05.990155 0.108345 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:06.149933 0.164352 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2591 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:06.333738 0.041493 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:06.367256 0.196246 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:06.556133 0.118238 rtp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:06.628690 0.262527 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:06.898012 0.191279 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:07.081896 0.047371 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:07.125337 0.033716 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:07.157652 0.336055 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:07.491950 0.337186 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:07.886636 0.200424 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:08.158703 0.158820 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:08.312733 0.148369 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:08.457643 0.167780 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:08.602979 0.112781 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2026 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:08.687629 0.143102 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:08.825655 0.058523 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:08.868833 0.072768 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:08.927880 0.167721 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:25:09.074365 0.127052 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:28:04.748312 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:28:04.748498 3.003453 tcp 10.0.2.109 61494 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:28:13.750535 0.000000 tcp 10.0.2.109 61494 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:28:19.751177 0.052944 tcp 10.0.2.109 61495 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:28:19.804381 0.051830 tcp 10.0.2.109 61496 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:28:19.856462 0.147469 tcp 10.0.2.109 61497 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:28:20.163502 2.990402 tcp 10.0.2.109 61498 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:28:29.162508 0.000000 tcp 10.0.2.109 61498 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:28:35.161486 0.052079 tcp 10.0.2.109 61499 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:28:35.213877 0.053241 tcp 10.0.2.109 61500 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:28:35.267343 0.141073 tcp 10.0.2.109 61501 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:28:35.462306 2.993797 tcp 10.0.2.109 61502 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:28:44.454976 0.000000 tcp 10.0.2.109 61502 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:28:50.463847 0.051765 tcp 10.0.2.109 61503 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:28:50.515904 0.052553 tcp 10.0.2.109 61504 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:28:50.568752 0.145498 tcp 10.0.2.109 61505 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:28:50.736282 3.001696 tcp 10.0.2.109 61506 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:28:59.736696 0.000000 tcp 10.0.2.109 61506 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:29:05.735902 0.052107 tcp 10.0.2.109 61507 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:05.788266 0.053109 tcp 10.0.2.109 61508 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:05.841605 0.141583 tcp 10.0.2.109 61509 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:05.999228 3.001077 tcp 10.0.2.109 61510 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:29:14.998279 0.000000 tcp 10.0.2.109 61510 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:29:20.997524 0.051932 tcp 10.0.2.109 61511 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:21.049722 0.053044 tcp 10.0.2.109 61512 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:21.103013 0.142852 tcp 10.0.2.109 61513 -> 195.113.214.211 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:21.255106 0.994043 tcp 10.0.2.109 61514 -> 46.50.226.74 10856 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:21.910545 0.052388 tcp 10.0.2.109 61515 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:21.963188 0.053305 tcp 10.0.2.109 61516 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:22.016797 0.145382 tcp 10.0.2.109 61517 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:22.249365 3.003987 tcp 10.0.2.109 61518 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:29:26.898647 3.001119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 16:29:31.251712 0.000000 tcp 10.0.2.109 61518 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:29:33.905955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:29:37.251159 0.051970 tcp 10.0.2.109 61519 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:37.303462 0.052594 tcp 10.0.2.109 61520 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:37.356298 0.140078 tcp 10.0.2.109 61521 -> 195.113.214.211 443 SRPA* 0 0 41 35208 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:29:37.592324 2.993095 tcp 10.0.2.109 61522 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:29:41.907515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:29:46.594175 0.000000 tcp 10.0.2.109 61522 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:29:52.592710 2.994327 tcp 10.0.2.109 61523 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:29:57.910083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:30:01.585452 0.000000 tcp 10.0.2.109 61523 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:30:07.594633 3.004186 tcp 10.0.2.109 61524 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:30:16.597468 0.000000 tcp 10.0.2.109 61524 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:30:22.596204 3.004241 tcp 10.0.2.109 61525 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:30:27.302167 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:30:29.916015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:30:31.598858 0.000000 tcp 10.0.2.109 61525 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:30:37.597204 3.004416 tcp 10.0.2.109 61526 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:30:46.599921 0.000000 tcp 10.0.2.109 61526 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:30:52.599223 0.623396 tcp 10.0.2.109 61527 -> 46.50.226.74 10856 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:30:53.222814 3.000983 tcp 10.0.2.109 61528 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:31:02.232704 0.000000 tcp 10.0.2.109 61528 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:36:08.243248 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:36:08.243441 2.993451 tcp 10.0.2.109 61529 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:36:17.235971 0.000000 tcp 10.0.2.109 61529 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:36:23.246256 0.053512 tcp 10.0.2.109 61530 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:36:23.299954 0.053419 tcp 10.0.2.109 61531 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:36:23.353536 0.144691 tcp 10.0.2.109 61532 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:36:23.507243 3.001689 tcp 10.0.2.109 61533 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:36:32.507584 0.000000 tcp 10.0.2.109 61533 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:36:33.942922 3.001245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 16:36:38.507031 0.050884 tcp 10.0.2.109 61534 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:36:38.558159 0.052330 tcp 10.0.2.109 61535 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:36:38.610755 0.144499 tcp 10.0.2.109 61536 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:36:38.776711 3.004437 tcp 10.0.2.109 61537 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:36:40.949833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:36:47.779959 0.000000 tcp 10.0.2.109 61537 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:36:48.950920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:36:53.779117 0.051900 tcp 10.0.2.109 61538 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:36:53.831201 0.053600 tcp 10.0.2.109 61539 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:36:53.885009 0.142829 tcp 10.0.2.109 61540 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:36:54.049903 3.003326 tcp 10.0.2.109 61541 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:37:03.051786 0.000000 tcp 10.0.2.109 61541 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:37:04.954301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:37:09.050366 0.052512 tcp 10.0.2.109 61542 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:09.103132 0.052945 tcp 10.0.2.109 61543 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:09.156254 0.140512 tcp 10.0.2.109 61544 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:09.307342 2.997549 tcp 10.0.2.109 61545 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:37:18.313485 0.000000 tcp 10.0.2.109 61545 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:37:24.302347 0.052177 tcp 10.0.2.109 61546 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:24.354757 0.053819 tcp 10.0.2.109 61547 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:24.408779 0.144189 tcp 10.0.2.109 61548 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:24.562550 0.913291 tcp 10.0.2.109 61549 -> 46.50.226.74 10856 FSPA* 0 0 14 1664 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:25.216052 0.053075 tcp 10.0.2.109 61550 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:25.269415 0.053162 tcp 10.0.2.109 61551 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:25.322862 0.144256 tcp 10.0.2.109 61552 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:25.476024 3.002023 tcp 10.0.2.109 61553 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:37:34.476330 0.000000 tcp 10.0.2.109 61553 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:37:36.959995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:37:40.475894 0.050688 tcp 10.0.2.109 61554 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:40.526795 0.053456 tcp 10.0.2.109 61555 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:40.580507 0.145891 tcp 10.0.2.109 61556 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:37:40.740647 2.999023 tcp 10.0.2.109 61557 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:37:49.738672 0.000000 tcp 10.0.2.109 61557 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:37:55.737720 3.003531 tcp 10.0.2.109 61558 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:38:04.740241 0.000000 tcp 10.0.2.109 61558 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:38:10.738900 3.004258 tcp 10.0.2.109 61559 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:38:19.742093 0.000000 tcp 10.0.2.109 61559 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:38:25.740547 2.994268 tcp 10.0.2.109 61560 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:38:30.327087 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:38:34.743039 0.000000 tcp 10.0.2.109 61560 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:38:40.742256 2.993836 tcp 10.0.2.109 61561 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:38:49.735096 0.000000 tcp 10.0.2.109 61561 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:38:55.743376 0.704295 tcp 10.0.2.109 61562 -> 46.50.226.74 10856 FSPA* 0 0 14 1664 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:38:56.447821 3.001327 tcp 10.0.2.109 61563 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:39:05.447504 0.000000 tcp 10.0.2.109 61563 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:43:40.965693 3.002045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 16:43:47.973572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:43:55.975261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:44:11.448133 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:44:11.448294 3.003551 tcp 10.0.2.109 61564 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:44:11.978166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:44:20.450779 0.000000 tcp 10.0.2.109 61564 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:44:26.450332 0.053111 tcp 10.0.2.109 61565 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:44:26.503645 0.053211 tcp 10.0.2.109 61566 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:44:26.557109 0.139916 tcp 10.0.2.109 61567 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:44:26.706927 3.006909 tcp 10.0.2.109 61568 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:44:35.722009 0.000000 tcp 10.0.2.109 61568 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:44:41.701557 0.052946 tcp 10.0.2.109 61569 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:44:41.754718 0.052208 tcp 10.0.2.109 61570 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:44:41.807104 0.142900 tcp 10.0.2.109 61571 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:44:41.959192 2.996252 tcp 10.0.2.109 61572 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:44:43.984437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:44:50.954187 0.000000 tcp 10.0.2.109 61572 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:44:56.953288 0.051749 tcp 10.0.2.109 61573 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:44:57.005296 0.053316 tcp 10.0.2.109 61574 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:44:57.058807 0.142267 tcp 10.0.2.109 61575 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:44:57.210678 2.996576 tcp 10.0.2.109 61576 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:45:06.206239 0.000000 tcp 10.0.2.109 61576 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:45:12.205425 0.051703 tcp 10.0.2.109 61577 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:12.257344 0.052161 tcp 10.0.2.109 61578 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:12.309755 0.158057 tcp 10.0.2.109 61579 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:12.477934 3.001661 tcp 10.0.2.109 61580 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:45:21.477875 0.000000 tcp 10.0.2.109 61580 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:45:27.477047 0.051638 tcp 10.0.2.109 61581 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:27.528965 0.052946 tcp 10.0.2.109 61582 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:27.582347 0.142016 tcp 10.0.2.109 61583 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:27.734372 0.896984 tcp 10.0.2.109 61584 -> 46.50.226.74 10856 FSPA* 0 0 14 1662 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:28.367536 0.051522 tcp 10.0.2.109 61585 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:28.419273 0.052363 tcp 10.0.2.109 61586 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:28.471930 0.150476 tcp 10.0.2.109 61587 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:28.631545 3.001208 tcp 10.0.2.109 61588 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:45:37.631290 0.000000 tcp 10.0.2.109 61588 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:45:43.631050 0.051892 tcp 10.0.2.109 61589 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:43.683253 0.052318 tcp 10.0.2.109 61590 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:43.735898 0.140301 tcp 10.0.2.109 61591 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:45:43.890069 2.994311 tcp 10.0.2.109 61592 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:45:52.893249 0.000000 tcp 10.0.2.109 61592 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:45:58.892405 2.993551 tcp 10.0.2.109 61593 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:46:07.885210 0.000000 tcp 10.0.2.109 61593 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:46:13.893504 3.004289 tcp 10.0.2.109 61594 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:46:22.896153 0.000000 tcp 10.0.2.109 61594 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:46:27.823857 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:46:28.894978 3.004373 tcp 10.0.2.109 61595 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:46:37.898357 0.000000 tcp 10.0.2.109 61595 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:46:43.896917 3.004056 tcp 10.0.2.109 61596 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:46:52.900012 0.000000 tcp 10.0.2.109 61596 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:46:58.898606 0.684648 tcp 10.0.2.109 61597 -> 46.50.226.74 10856 FSPA* 0 0 14 1662 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:46:59.583414 2.999953 tcp 10.0.2.109 61598 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:47:08.582042 0.000000 tcp 10.0.2.109 61598 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:50:47.989945 3.002100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 16:50:54.997604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:51:02.999156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:51:19.002278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:51:51.008015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:52:14.583101 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:52:14.583261 2.993041 tcp 10.0.2.109 61599 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:52:23.575535 0.000000 tcp 10.0.2.109 61599 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:52:29.585667 0.053137 tcp 10.0.2.109 61600 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:52:29.638990 0.052138 tcp 10.0.2.109 61601 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:52:29.691387 0.140836 tcp 10.0.2.109 61602 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:52:29.841729 2.996790 tcp 10.0.2.109 61603 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:52:38.836762 0.000000 tcp 10.0.2.109 61603 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:52:44.836164 0.051749 tcp 10.0.2.109 61604 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:52:44.888099 0.054146 tcp 10.0.2.109 61605 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:52:44.942445 0.143675 tcp 10.0.2.109 61606 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:52:45.096389 3.004054 tcp 10.0.2.109 61607 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:52:54.098899 0.000000 tcp 10.0.2.109 61607 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:53:00.097929 0.052650 tcp 10.0.2.109 61608 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:00.150836 0.051834 tcp 10.0.2.109 61609 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:00.202903 0.144161 tcp 10.0.2.109 61610 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:00.356447 3.005497 tcp 10.0.2.109 61611 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:53:09.361147 0.000000 tcp 10.0.2.109 61611 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:53:15.349736 0.052129 tcp 10.0.2.109 61612 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:15.402352 0.052021 tcp 10.0.2.109 61613 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:15.454688 0.137914 tcp 10.0.2.109 61614 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:15.602398 2.991894 tcp 10.0.2.109 61615 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:53:24.603043 0.000000 tcp 10.0.2.109 61615 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:53:30.602317 0.052263 tcp 10.0.2.109 61616 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:30.654816 0.053531 tcp 10.0.2.109 61617 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:30.708580 0.142064 tcp 10.0.2.109 61618 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:30.860084 0.984850 tcp 10.0.2.109 61619 -> 46.50.226.74 10856 FSPA* 0 0 14 1772 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:31.581571 0.051579 tcp 10.0.2.109 61620 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:31.633436 0.052889 tcp 10.0.2.109 61621 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:31.686593 0.147583 tcp 10.0.2.109 61622 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:31.845175 3.002000 tcp 10.0.2.109 61623 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:53:40.845804 0.000000 tcp 10.0.2.109 61623 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:53:46.845024 0.052262 tcp 10.0.2.109 61624 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:46.897487 0.053754 tcp 10.0.2.109 61625 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:46.951436 0.140262 tcp 10.0.2.109 61626 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:53:47.138154 3.001432 tcp 10.0.2.109 61627 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:53:56.137777 0.000000 tcp 10.0.2.109 61627 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:54:02.136789 3.004390 tcp 10.0.2.109 61628 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:54:11.139927 0.000000 tcp 10.0.2.109 61628 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:54:17.138799 3.003571 tcp 10.0.2.109 61629 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:54:26.140909 0.000000 tcp 10.0.2.109 61629 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:54:32.139899 2.994699 tcp 10.0.2.109 61630 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:54:36.826360 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 16:54:41.142854 0.000000 tcp 10.0.2.109 61630 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:54:47.141427 2.993981 tcp 10.0.2.109 61631 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:54:56.134204 0.000000 tcp 10.0.2.109 61631 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:55:02.143286 3.520530 tcp 10.0.2.109 61632 -> 46.50.226.74 10856 FSPA* 0 0 14 1772 flow=From-Botnet-V1-TCP-Established 1970/01/22 16:55:05.663981 3.008221 tcp 10.0.2.109 61633 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:55:14.671569 0.000000 tcp 10.0.2.109 61633 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 16:55:34.099112 0.153477 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:34.261978 0.069218 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:34.313564 0.079677 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:34.374448 0.173759 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:34.524558 0.062804 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:34.580271 0.123580 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:34.670036 0.046735 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:34.730635 0.055806 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:34.805605 0.108983 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:34.925338 0.162495 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:35.105059 0.043252 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:35.136232 0.194906 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:35.322677 0.122736 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:35.396152 0.264858 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:35.656823 0.190611 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:35.840076 0.341301 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:36.161570 0.357911 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:36.520908 0.199763 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:36.722071 0.052317 rtp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:36.770899 0.033497 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:36.802938 0.151556 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:36.955873 0.147512 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:37.095694 0.162957 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:37.235404 0.113249 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:37.313015 0.053761 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:37.363513 0.063483 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:37.411171 0.076672 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:37.471251 0.163835 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:55:37.613815 0.124578 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/22 16:57:55.013867 3.002270 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 16:58:02.021906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:58:10.023149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:58:26.025877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 16:58:58.031922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:00:20.661394 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:00:20.661546 2.994014 tcp 10.0.2.109 61634 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:00:29.664112 0.000000 tcp 10.0.2.109 61634 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:00:35.664435 0.053096 tcp 10.0.2.109 61635 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:00:35.717794 0.053610 tcp 10.0.2.109 61636 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:00:35.771695 0.142011 tcp 10.0.2.109 61637 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:00:35.931371 2.996023 tcp 10.0.2.109 61638 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:00:44.926014 0.000000 tcp 10.0.2.109 61638 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:00:50.925295 0.053248 tcp 10.0.2.109 61639 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:00:50.978730 0.055655 tcp 10.0.2.109 61640 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:00:51.034691 0.144575 tcp 10.0.2.109 61641 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:00:51.188626 3.000910 tcp 10.0.2.109 61642 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:01:00.188169 0.000000 tcp 10.0.2.109 61642 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:01:06.187111 0.051404 tcp 10.0.2.109 61643 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:06.238811 0.054265 tcp 10.0.2.109 61644 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:06.293352 0.142836 tcp 10.0.2.109 61645 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:06.446749 3.004847 tcp 10.0.2.109 61646 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:01:15.449802 0.000000 tcp 10.0.2.109 61646 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:01:21.438935 0.052363 tcp 10.0.2.109 61647 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:21.491582 0.054038 tcp 10.0.2.109 61648 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:21.545915 0.143613 tcp 10.0.2.109 61649 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:21.707250 3.005974 tcp 10.0.2.109 61650 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:01:30.711519 0.000000 tcp 10.0.2.109 61650 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:01:36.700669 0.052570 tcp 10.0.2.109 61651 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:36.753466 0.052886 tcp 10.0.2.109 61652 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:36.806610 0.145659 tcp 10.0.2.109 61653 -> 195.113.214.211 443 SRPA* 0 0 39 20834 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:36.961252 0.920307 tcp 10.0.2.109 61654 -> 46.50.226.74 10856 FSPA* 0 0 14 1760 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:37.615821 0.053651 tcp 10.0.2.109 61655 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:37.669719 0.053817 tcp 10.0.2.109 61656 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:37.723780 0.142467 tcp 10.0.2.109 61657 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:37.881720 2.994227 tcp 10.0.2.109 61658 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:01:46.875099 0.000000 tcp 10.0.2.109 61658 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:01:52.884651 0.052830 tcp 10.0.2.109 61659 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:52.937778 0.053820 tcp 10.0.2.109 61660 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:52.991877 0.142803 tcp 10.0.2.109 61661 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:01:53.144402 3.004063 tcp 10.0.2.109 61662 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:02:02.146614 0.000000 tcp 10.0.2.109 61662 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:02:08.145828 3.003641 tcp 10.0.2.109 61663 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:02:17.148459 0.000000 tcp 10.0.2.109 61663 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:02:23.146904 3.004656 tcp 10.0.2.109 61664 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:02:32.149848 0.000000 tcp 10.0.2.109 61664 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:02:38.149080 3.004035 tcp 10.0.2.109 61665 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:02:42.825103 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:02:47.151233 0.000000 tcp 10.0.2.109 61665 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:02:53.150181 2.994302 tcp 10.0.2.109 61666 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:03:02.152797 0.000000 tcp 10.0.2.109 61666 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:03:08.151682 0.659685 tcp 10.0.2.109 61667 -> 46.50.226.74 10856 FSPA* 0 0 14 1760 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:03:08.811580 2.995764 tcp 10.0.2.109 61668 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:03:17.806006 0.000000 tcp 10.0.2.109 61668 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:05:02.037638 3.002603 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 17:05:09.045931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:05:17.047642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:05:33.050321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:06:05.056427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:08:23.805913 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:08:23.806016 3.003575 tcp 10.0.2.109 61669 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:08:32.808547 0.000000 tcp 10.0.2.109 61669 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:08:38.809235 0.053363 tcp 10.0.2.109 61670 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:08:38.862916 0.052125 tcp 10.0.2.109 61671 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:08:38.915276 0.144235 tcp 10.0.2.109 61672 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:08:39.165598 2.996185 tcp 10.0.2.109 61673 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:08:48.160906 0.000000 tcp 10.0.2.109 61673 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:08:54.159785 0.053473 tcp 10.0.2.109 61674 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:08:54.213534 0.054883 tcp 10.0.2.109 61675 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:08:54.268301 0.143721 tcp 10.0.2.109 61676 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:08:54.460239 3.003545 tcp 10.0.2.109 61677 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:09:03.472688 0.000000 tcp 10.0.2.109 61677 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:09:09.461727 0.051711 tcp 10.0.2.109 61678 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:09.513672 0.053291 tcp 10.0.2.109 61679 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:09.567217 0.140863 tcp 10.0.2.109 61680 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:09.718272 2.997584 tcp 10.0.2.109 61681 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:09:18.714907 0.000000 tcp 10.0.2.109 61681 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:09:24.713446 0.052187 tcp 10.0.2.109 61682 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:24.765927 0.053785 tcp 10.0.2.109 61683 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:24.819968 0.145299 tcp 10.0.2.109 61684 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:24.974549 3.003255 tcp 10.0.2.109 61685 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:09:33.976855 0.000000 tcp 10.0.2.109 61685 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:09:39.976057 0.053281 tcp 10.0.2.109 61686 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:40.029708 0.053723 tcp 10.0.2.109 61687 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:40.083704 0.142627 tcp 10.0.2.109 61688 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:40.236523 0.886564 tcp 10.0.2.109 61689 -> 46.50.226.74 10856 FSPA* 0 0 14 1716 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:40.862309 0.052385 tcp 10.0.2.109 61690 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:40.914969 0.051657 tcp 10.0.2.109 61691 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:40.966857 0.141877 tcp 10.0.2.109 61692 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:41.123242 2.997955 tcp 10.0.2.109 61693 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:09:50.120056 0.000000 tcp 10.0.2.109 61693 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:09:56.119358 0.052223 tcp 10.0.2.109 61694 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:56.171808 0.053352 tcp 10.0.2.109 61695 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:56.225445 0.138124 tcp 10.0.2.109 61696 -> 195.113.214.211 443 SRPA* 0 0 22 11416 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:09:56.403372 2.999551 tcp 10.0.2.109 61697 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:10:05.402026 0.000000 tcp 10.0.2.109 61697 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:10:11.400849 2.994283 tcp 10.0.2.109 61698 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:10:20.403513 0.000000 tcp 10.0.2.109 61698 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:10:26.401731 2.994475 tcp 10.0.2.109 61699 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:10:35.394988 0.000000 tcp 10.0.2.109 61699 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:10:40.321997 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:10:41.403728 2.993991 tcp 10.0.2.109 61700 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:10:50.396338 0.000000 tcp 10.0.2.109 61700 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:10:56.405196 3.004152 tcp 10.0.2.109 61701 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:11:05.407748 0.000000 tcp 10.0.2.109 61701 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:11:11.406549 0.675069 tcp 10.0.2.109 61702 -> 46.50.226.74 10856 FSPA* 0 0 14 1716 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:11:12.081796 3.000541 tcp 10.0.2.109 61703 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:11:21.080950 0.000000 tcp 10.0.2.109 61703 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:12:09.061617 3.002098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 17:12:16.069622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:12:24.070969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:12:40.074336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:13:12.080118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:16:27.080653 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:16:27.080731 2.993892 tcp 10.0.2.109 61704 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:16:36.083579 0.000000 tcp 10.0.2.109 61704 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:16:42.083766 0.052311 tcp 10.0.2.109 61705 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:16:42.136306 0.051701 tcp 10.0.2.109 61706 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:16:42.188262 0.144578 tcp 10.0.2.109 61707 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:16:42.348249 2.998186 tcp 10.0.2.109 61708 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:16:51.345088 0.000000 tcp 10.0.2.109 61708 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:16:57.344457 0.050955 tcp 10.0.2.109 61709 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:16:57.395701 0.052783 tcp 10.0.2.109 61710 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:16:57.448751 0.142733 tcp 10.0.2.109 61711 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:16:57.601649 2.996667 tcp 10.0.2.109 61712 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:17:06.597387 0.000000 tcp 10.0.2.109 61712 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:17:12.596152 0.053483 tcp 10.0.2.109 61713 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:12.649966 0.053167 tcp 10.0.2.109 61714 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:12.703439 0.148665 tcp 10.0.2.109 61715 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:12.935933 3.005047 tcp 10.0.2.109 61716 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:17:21.939307 0.000000 tcp 10.0.2.109 61716 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:17:27.928599 0.052623 tcp 10.0.2.109 61717 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:27.981539 0.053548 tcp 10.0.2.109 61718 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:28.035269 0.146600 tcp 10.0.2.109 61719 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:28.196368 3.005959 tcp 10.0.2.109 61720 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:17:37.201206 0.000000 tcp 10.0.2.109 61720 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:17:43.190168 0.051875 tcp 10.0.2.109 61721 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:43.242437 0.052239 tcp 10.0.2.109 61722 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:43.294918 0.145204 tcp 10.0.2.109 61723 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:43.450348 0.884099 tcp 10.0.2.109 61724 -> 46.50.226.74 10856 FSPA* 0 0 14 1678 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:44.073658 0.051755 tcp 10.0.2.109 61725 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:44.125657 0.054157 tcp 10.0.2.109 61726 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:44.180036 0.144457 tcp 10.0.2.109 61727 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:44.334646 3.001071 tcp 10.0.2.109 61728 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:17:53.334710 0.000000 tcp 10.0.2.109 61728 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:17:59.333839 0.050949 tcp 10.0.2.109 61729 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:59.385017 0.051392 tcp 10.0.2.109 61730 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:59.436634 0.150696 tcp 10.0.2.109 61731 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:17:59.602862 2.994993 tcp 10.0.2.109 61732 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:18:08.596829 0.000000 tcp 10.0.2.109 61732 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:18:14.595526 3.003799 tcp 10.0.2.109 61733 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:18:23.597909 0.000000 tcp 10.0.2.109 61733 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:18:29.596705 3.003874 tcp 10.0.2.109 61734 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:18:38.599806 0.000000 tcp 10.0.2.109 61734 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:18:44.598299 3.003899 tcp 10.0.2.109 61735 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:18:49.325168 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:18:53.601020 0.000000 tcp 10.0.2.109 61735 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:18:59.600023 2.994000 tcp 10.0.2.109 61736 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:19:08.602560 0.000000 tcp 10.0.2.109 61736 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:19:14.601307 0.663002 tcp 10.0.2.109 61737 -> 46.50.226.74 10856 FSPA* 0 0 14 1678 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:19:15.264507 3.002267 tcp 10.0.2.109 61738 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:19:16.085909 3.001672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 17:19:23.093579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:19:24.264864 0.000000 tcp 10.0.2.109 61738 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:19:31.094985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:19:47.097787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:20:19.104408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:24:30.266097 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:24:30.266200 3.003524 tcp 10.0.2.109 61739 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:24:39.267966 0.000000 tcp 10.0.2.109 61739 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:24:45.267975 0.054015 tcp 10.0.2.109 61740 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:24:45.322239 0.053620 tcp 10.0.2.109 61741 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:24:45.376099 0.144964 tcp 10.0.2.109 61742 -> 195.113.214.211 443 SRPA* 0 0 36 18906 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:24:45.555840 3.005652 tcp 10.0.2.109 61743 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:24:54.560203 0.000000 tcp 10.0.2.109 61743 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:25:00.549119 0.051330 tcp 10.0.2.109 61744 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:00.600750 0.054786 tcp 10.0.2.109 61745 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:00.655810 0.144552 tcp 10.0.2.109 61746 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:00.836075 3.007733 tcp 10.0.2.109 61747 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:25:09.841987 0.000000 tcp 10.0.2.109 61747 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:25:15.831616 0.052486 tcp 10.0.2.109 61748 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:15.884395 0.053237 tcp 10.0.2.109 61749 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:15.937928 0.145260 tcp 10.0.2.109 61750 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:16.353712 2.992159 tcp 10.0.2.109 61751 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:25:25.344074 0.000000 tcp 10.0.2.109 61751 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:25:31.353505 0.051883 tcp 10.0.2.109 61752 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:31.405641 0.052988 tcp 10.0.2.109 61753 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:31.458938 0.144075 tcp 10.0.2.109 61754 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:31.646931 3.000607 tcp 10.0.2.109 61755 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:25:40.646074 0.000000 tcp 10.0.2.109 61755 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:25:43.650982 0.161073 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:43.822532 0.072072 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:43.876887 0.082320 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:43.940680 0.173587 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2003 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:44.092809 0.057300 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:44.146055 0.123765 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:44.238021 0.047371 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:44.284291 0.055746 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:44.365865 0.107952 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:44.530766 0.164336 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:44.703902 0.041973 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:44.799707 0.196316 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:44.986952 0.115492 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:45.110864 0.263455 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:45.372526 0.186858 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2553 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:45.550865 0.204826 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:45.766818 0.050670 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:45.814252 0.033658 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:45.873730 0.162591 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:46.032339 0.368760 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:46.381646 0.345728 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:46.645302 0.052945 tcp 10.0.2.109 61756 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:46.698516 0.054467 tcp 10.0.2.109 61757 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:46.750320 0.148878 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:46.753195 0.142897 tcp 10.0.2.109 61758 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:46.891719 0.169081 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:46.921097 0.938422 tcp 10.0.2.109 61759 -> 46.50.226.74 10856 FSPA* 0 0 14 1552 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:47.039577 0.117192 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:47.117900 0.062582 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:47.182721 0.063650 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:47.232061 0.074170 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:47.291741 0.164998 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:47.435483 0.118873 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:25:47.594224 0.051457 tcp 10.0.2.109 61760 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:47.645981 0.053494 tcp 10.0.2.109 61761 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:47.699786 0.144330 tcp 10.0.2.109 61762 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:25:47.859765 3.001201 tcp 10.0.2.109 61763 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:25:56.859342 0.000000 tcp 10.0.2.109 61763 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:26:02.858831 0.051921 tcp 10.0.2.109 61764 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:26:02.910980 0.052644 tcp 10.0.2.109 61765 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:26:02.963948 0.142640 tcp 10.0.2.109 61766 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:26:03.171024 3.002178 tcp 10.0.2.109 61767 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:26:12.171942 0.000000 tcp 10.0.2.109 61767 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:26:18.170270 2.994669 tcp 10.0.2.109 61768 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:26:23.111492 3.000187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 17:26:27.173195 0.000000 tcp 10.0.2.109 61768 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:26:30.117308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:26:33.172072 2.994412 tcp 10.0.2.109 61769 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:26:38.119306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:26:42.164600 0.000000 tcp 10.0.2.109 61769 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:26:48.173792 2.994057 tcp 10.0.2.109 61770 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:26:52.820019 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:26:54.122323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:26:57.166472 0.000000 tcp 10.0.2.109 61770 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:27:03.175303 3.004259 tcp 10.0.2.109 61771 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:27:12.177701 0.000000 tcp 10.0.2.109 61771 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:27:18.177269 0.691132 tcp 10.0.2.109 61772 -> 46.50.226.74 10856 FSPA* 0 0 14 1552 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:27:18.868603 3.003202 tcp 10.0.2.109 61773 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:27:26.127801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:27:27.870652 0.000000 tcp 10.0.2.109 61773 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:32:33.870812 0.016000 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:32:33.886871 2.977896 tcp 10.0.2.109 61774 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:32:42.873243 0.000000 tcp 10.0.2.109 61774 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:32:48.883756 0.053177 tcp 10.0.2.109 61775 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:32:48.937123 0.052428 tcp 10.0.2.109 61776 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:32:48.989809 0.148646 tcp 10.0.2.109 61777 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:32:49.146870 2.990077 tcp 10.0.2.109 61778 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:32:58.135523 0.000000 tcp 10.0.2.109 61778 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:33:04.144568 0.051626 tcp 10.0.2.109 61779 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:04.196480 0.053899 tcp 10.0.2.109 61780 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:04.250656 0.144529 tcp 10.0.2.109 61781 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:04.406487 3.002600 tcp 10.0.2.109 61782 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:33:13.407539 0.000000 tcp 10.0.2.109 61782 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:33:19.406142 0.054443 tcp 10.0.2.109 61783 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:19.460801 0.053546 tcp 10.0.2.109 61784 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:19.514535 0.142749 tcp 10.0.2.109 61785 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:19.670202 3.000566 tcp 10.0.2.109 61786 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:33:28.669492 0.000000 tcp 10.0.2.109 61786 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:33:30.133347 3.002033 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 17:33:34.668479 0.052575 tcp 10.0.2.109 61787 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:34.721305 0.054972 tcp 10.0.2.109 61788 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:34.776511 0.147399 tcp 10.0.2.109 61789 -> 195.113.214.211 443 SRPA* 0 0 39 20526 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:34.937158 3.005610 tcp 10.0.2.109 61790 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:33:37.141143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:33:43.941407 0.000000 tcp 10.0.2.109 61790 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:33:45.142979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:33:49.930759 0.052099 tcp 10.0.2.109 61791 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:49.983080 0.053625 tcp 10.0.2.109 61792 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:50.036936 0.142924 tcp 10.0.2.109 61793 -> 195.113.214.211 443 SRPA* 0 0 36 18318 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:50.190225 0.958867 tcp 10.0.2.109 61794 -> 46.50.226.74 10856 FSPA* 0 0 14 1554 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:50.847959 0.052698 tcp 10.0.2.109 61795 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:50.900883 0.051652 tcp 10.0.2.109 61796 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:50.952763 0.145139 tcp 10.0.2.109 61797 -> 195.113.214.211 443 SRPA* 0 0 47 35836 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:33:51.149307 2.996325 tcp 10.0.2.109 61798 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:34:00.144378 0.000000 tcp 10.0.2.109 61798 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:34:01.146314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:34:06.143543 0.051365 tcp 10.0.2.109 61799 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:34:06.195091 0.053019 tcp 10.0.2.109 61800 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:34:06.248386 0.147541 tcp 10.0.2.109 61801 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:34:06.410446 2.997495 tcp 10.0.2.109 61802 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:34:15.406548 0.000000 tcp 10.0.2.109 61802 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:34:21.405239 3.003995 tcp 10.0.2.109 61803 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:34:30.407683 0.000000 tcp 10.0.2.109 61803 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:34:33.152170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:34:36.407025 3.003893 tcp 10.0.2.109 61804 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:34:45.409826 0.000000 tcp 10.0.2.109 61804 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:34:50.326677 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:34:51.408243 3.004655 tcp 10.0.2.109 61805 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:35:00.410856 0.000000 tcp 10.0.2.109 61805 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:35:06.410383 2.993579 tcp 10.0.2.109 61806 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:35:15.412711 0.000000 tcp 10.0.2.109 61806 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:35:21.411688 2.068626 tcp 10.0.2.109 61807 -> 46.50.226.74 10856 FSPA* 0 0 14 1554 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:35:23.480499 2.998150 tcp 10.0.2.109 61808 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:35:32.476920 0.000000 tcp 10.0.2.109 61808 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:40:37.158606 3.001291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 17:40:38.477608 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:40:38.477838 3.003975 tcp 10.0.2.109 61809 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:40:44.165259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:40:47.480108 0.000000 tcp 10.0.2.109 61809 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:40:52.166626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:40:53.480723 0.054724 tcp 10.0.2.109 61810 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:40:53.535749 0.052558 tcp 10.0.2.109 61811 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:40:53.588549 0.147944 tcp 10.0.2.109 61812 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:40:53.748862 3.004904 tcp 10.0.2.109 61813 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:41:02.751805 0.000000 tcp 10.0.2.109 61813 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:41:08.170001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:41:08.741150 0.052956 tcp 10.0.2.109 61814 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:08.794344 0.053069 tcp 10.0.2.109 61815 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:08.847630 0.145540 tcp 10.0.2.109 61816 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:09.008833 2.996579 tcp 10.0.2.109 61817 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:41:18.003963 0.000000 tcp 10.0.2.109 61817 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:41:24.003050 0.051460 tcp 10.0.2.109 61818 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:24.054687 0.053008 tcp 10.0.2.109 61819 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:24.107918 0.150595 tcp 10.0.2.109 61820 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:24.268152 2.999534 tcp 10.0.2.109 61821 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:41:33.265963 0.000000 tcp 10.0.2.109 61821 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:41:39.265028 0.053242 tcp 10.0.2.109 61822 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:39.318513 0.053810 tcp 10.0.2.109 61823 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:39.372534 0.141103 tcp 10.0.2.109 61824 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:39.522826 2.996913 tcp 10.0.2.109 61825 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:41:40.175857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:41:48.517596 0.000000 tcp 10.0.2.109 61825 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:41:54.517320 0.053256 tcp 10.0.2.109 61826 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:54.570783 0.053472 tcp 10.0.2.109 61827 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:54.624510 0.147061 tcp 10.0.2.109 61828 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:54.822834 0.950266 tcp 10.0.2.109 61829 -> 46.50.226.74 10856 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:55.506825 0.051336 tcp 10.0.2.109 61830 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:55.558363 0.054008 tcp 10.0.2.109 61831 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:55.612597 0.147874 tcp 10.0.2.109 61832 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:41:55.773257 2.999239 tcp 10.0.2.109 61833 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:42:04.771638 0.000000 tcp 10.0.2.109 61833 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:42:10.770659 0.051330 tcp 10.0.2.109 61834 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:42:10.822249 0.053703 tcp 10.0.2.109 61835 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:42:10.876198 0.143893 tcp 10.0.2.109 61836 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:42:11.031158 2.993828 tcp 10.0.2.109 61837 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:42:20.032951 0.000000 tcp 10.0.2.109 61837 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:42:26.031846 2.994282 tcp 10.0.2.109 61838 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:42:35.024952 0.000000 tcp 10.0.2.109 61838 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:42:41.033965 2.993455 tcp 10.0.2.109 61839 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:42:50.026173 0.000000 tcp 10.0.2.109 61839 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:42:56.035357 3.004158 tcp 10.0.2.109 61840 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:43:00.822323 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:43:05.037929 0.000000 tcp 10.0.2.109 61840 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:43:11.036673 3.004342 tcp 10.0.2.109 61841 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:43:20.039606 0.000000 tcp 10.0.2.109 61841 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:43:26.038287 0.653485 tcp 10.0.2.109 61842 -> 46.50.226.74 10856 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:43:26.691945 3.001910 tcp 10.0.2.109 61843 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:43:35.691766 0.000000 tcp 10.0.2.109 61843 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:47:44.182600 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 17:47:51.189743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:47:59.190699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:48:15.193918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:48:41.692578 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:48:41.692725 2.993410 tcp 10.0.2.109 61844 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:48:47.199784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:48:50.684899 0.000000 tcp 10.0.2.109 61844 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:48:56.696012 0.054767 tcp 10.0.2.109 61845 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:48:56.751050 0.054386 tcp 10.0.2.109 61846 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:48:56.805627 0.148291 tcp 10.0.2.109 61847 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:48:56.964017 3.004650 tcp 10.0.2.109 61848 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:49:05.966825 0.000000 tcp 10.0.2.109 61848 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:49:11.966233 0.052267 tcp 10.0.2.109 61849 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:12.018792 0.052604 tcp 10.0.2.109 61850 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:12.071617 0.144400 tcp 10.0.2.109 61851 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:12.226200 3.003911 tcp 10.0.2.109 61852 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:49:21.228916 0.000000 tcp 10.0.2.109 61852 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:49:27.228053 0.052915 tcp 10.0.2.109 61853 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:27.281205 0.053338 tcp 10.0.2.109 61854 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:27.334739 0.145844 tcp 10.0.2.109 61855 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:27.491717 3.000103 tcp 10.0.2.109 61856 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:49:36.490685 0.000000 tcp 10.0.2.109 61856 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:49:42.490576 0.052729 tcp 10.0.2.109 61857 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:42.543523 0.052741 tcp 10.0.2.109 61858 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:42.596475 0.145354 tcp 10.0.2.109 61859 -> 195.113.214.211 443 SRPA* 0 0 32 17434 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:42.751024 2.993337 tcp 10.0.2.109 61860 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:49:51.752864 0.000000 tcp 10.0.2.109 61860 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:49:57.752165 0.052485 tcp 10.0.2.109 61861 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:57.804872 0.052383 tcp 10.0.2.109 61862 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:57.857411 0.144245 tcp 10.0.2.109 61863 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:58.011062 0.933687 tcp 10.0.2.109 61864 -> 46.50.226.74 10856 FSPA* 0 0 14 1597 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:58.683218 0.052278 tcp 10.0.2.109 61865 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:58.735741 0.053396 tcp 10.0.2.109 61866 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:58.789400 0.146457 tcp 10.0.2.109 61867 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:49:58.944937 3.002406 tcp 10.0.2.109 61868 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:50:07.945931 0.000000 tcp 10.0.2.109 61868 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:50:13.944973 0.051783 tcp 10.0.2.109 61869 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:50:13.997018 0.052987 tcp 10.0.2.109 61870 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:50:14.050237 0.142255 tcp 10.0.2.109 61871 -> 195.113.214.211 443 SRPA* 0 0 24 12114 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:50:14.230372 2.998690 tcp 10.0.2.109 61872 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:50:23.228145 0.000000 tcp 10.0.2.109 61872 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:50:29.227159 3.004165 tcp 10.0.2.109 61873 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:50:38.229314 0.000000 tcp 10.0.2.109 61873 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:50:44.228201 3.004619 tcp 10.0.2.109 61874 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:50:53.230865 0.000000 tcp 10.0.2.109 61874 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:50:59.230236 2.993605 tcp 10.0.2.109 61875 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:51:03.826463 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:51:08.232705 0.000000 tcp 10.0.2.109 61875 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:51:14.231517 2.993894 tcp 10.0.2.109 61876 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:51:23.234194 0.000000 tcp 10.0.2.109 61876 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:51:29.233292 0.705512 tcp 10.0.2.109 61877 -> 46.50.226.74 10856 FSPA* 0 0 14 1597 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:51:29.938969 2.999032 tcp 10.0.2.109 61878 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:51:38.937084 0.000000 tcp 10.0.2.109 61878 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:54:51.205318 3.002634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 17:54:58.213151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:55:06.214898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:55:22.217883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:55:54.223658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 17:55:57.669236 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:55:57.669328 0.061570 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:57.731267 0.146004 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:57.877646 0.048659 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:57.926886 0.148164 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.075430 0.087611 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.163384 0.082384 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.246323 0.044428 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.291077 0.053434 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.344873 0.106968 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.452159 0.162400 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.614927 0.030460 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.645737 0.198719 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.844866 0.074490 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:58.919729 0.259366 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:59.179424 0.185349 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:59.365090 0.198807 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:59.564457 0.041177 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:59.605996 0.031247 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:55:59.637568 0.363231 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:00.001182 0.137080 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:00.138660 0.155552 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:00.294605 0.351703 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:00.646730 0.143608 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:00.790747 0.077254 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:00.868379 0.051011 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:00.919687 0.040391 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:00.960453 0.057690 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:01.018518 0.145747 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:01.164612 0.083598 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/22 17:56:44.937141 3.004303 tcp 10.0.2.109 61879 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:56:49.823581 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:56:53.940137 0.000000 tcp 10.0.2.109 61879 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:56:59.939739 0.053690 tcp 10.0.2.109 61880 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:56:59.993658 0.052938 tcp 10.0.2.109 61881 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:00.046773 0.145700 tcp 10.0.2.109 61882 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:00.211669 3.001435 tcp 10.0.2.109 61883 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:57:09.212106 0.000000 tcp 10.0.2.109 61883 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:57:15.210833 0.052754 tcp 10.0.2.109 61884 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:15.263788 0.053026 tcp 10.0.2.109 61885 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:15.316995 0.146233 tcp 10.0.2.109 61886 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:15.472167 2.993105 tcp 10.0.2.109 61887 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:57:24.473296 0.000000 tcp 10.0.2.109 61887 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:57:30.473022 0.052572 tcp 10.0.2.109 61888 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:30.525785 0.051883 tcp 10.0.2.109 61889 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:30.577874 0.144196 tcp 10.0.2.109 61890 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:30.731852 2.995019 tcp 10.0.2.109 61891 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:57:39.725435 0.000000 tcp 10.0.2.109 61891 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:57:45.724393 0.052424 tcp 10.0.2.109 61892 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:45.777008 0.053927 tcp 10.0.2.109 61893 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:45.831096 0.144106 tcp 10.0.2.109 61894 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 17:57:45.985860 3.003154 tcp 10.0.2.109 61895 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:57:54.987815 0.000000 tcp 10.0.2.109 61895 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:58:00.986367 3.004361 tcp 10.0.2.109 61896 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:58:09.988954 0.000000 tcp 10.0.2.109 61896 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:58:15.987504 3.004763 tcp 10.0.2.109 61897 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:58:24.990720 0.000000 tcp 10.0.2.109 61897 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:58:30.989598 3.004331 tcp 10.0.2.109 61898 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 17:58:35.826729 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 17:58:39.992475 0.000000 tcp 10.0.2.109 61898 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:01:58.230895 3.000630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 18:02:05.237171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:02:13.239236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:02:29.241777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:03:01.247989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:09:05.253104 3.002460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 18:09:12.261516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:09:20.263099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:09:36.265513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:10:08.271915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:16:12.277982 3.001185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 18:16:19.285355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:16:27.286587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:16:43.290260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:17:15.295597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:23:19.301444 3.001832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 18:23:26.309431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:23:34.310966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:23:50.313883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:24:22.320008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:26:23.744489 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:26:23.744650 0.070458 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:23.798016 0.082258 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:23.862850 0.157896 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:24.014821 0.177849 rtp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:24.232088 0.115515 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:24.340500 0.116299 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:24.422911 0.048156 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2542 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:24.492414 0.055177 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 1973 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:24.655962 0.107759 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:24.794246 0.164720 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:24.993282 0.039863 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:25.025290 0.196727 rtp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:25.212297 0.117139 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:25.281424 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 18:26:31.135696 3.003547 tcp 10.0.2.109 61899 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:26:40.137707 0.000000 tcp 10.0.2.109 61899 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:26:41.661516 0.053754 tcp 10.0.2.109 61900 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:26:41.715454 0.053652 tcp 10.0.2.109 61901 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:26:41.769392 0.145248 tcp 10.0.2.109 61902 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:26:41.915104 0.192298 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:42.099552 0.215085 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:42.309833 0.050906 rtp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:42.356813 0.034225 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2502 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:42.389423 0.356847 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:42.790812 0.147320 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:42.930732 0.166709 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:43.089343 0.398981 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:43.510440 0.170390 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:43.657401 0.115453 rtp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:43.735393 0.054618 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:43.788972 0.058810 rtp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:43.831880 0.126033 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:43.916668 0.080154 rtp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:44.007214 0.168314 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:26:46.136716 0.052449 tcp 10.0.2.109 61903 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:26:46.189462 0.054553 tcp 10.0.2.109 61904 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:26:46.244287 0.145731 tcp 10.0.2.109 61905 -> 195.113.214.211 443 SRPA* 0 0 24 11526 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:26:46.436534 3.004400 tcp 10.0.2.109 61906 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:26:55.440002 0.000000 tcp 10.0.2.109 61906 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:27:01.429401 0.053456 tcp 10.0.2.109 61907 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:01.483109 0.052976 tcp 10.0.2.109 61908 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:01.536371 0.143363 tcp 10.0.2.109 61909 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:01.693236 3.000347 tcp 10.0.2.109 61910 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:27:10.692117 0.000000 tcp 10.0.2.109 61910 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:27:16.691472 0.053531 tcp 10.0.2.109 61911 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:16.745192 0.054731 tcp 10.0.2.109 61912 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:16.800163 0.145258 tcp 10.0.2.109 61913 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:17.044869 2.990573 tcp 10.0.2.109 61914 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:27:26.043781 0.000000 tcp 10.0.2.109 61914 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:27:32.042942 0.052681 tcp 10.0.2.109 61915 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:32.095920 0.053126 tcp 10.0.2.109 61916 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:32.149318 0.145721 tcp 10.0.2.109 61917 -> 195.113.214.211 443 SRPA* 0 0 39 20528 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:32.335813 0.880053 tcp 10.0.2.109 61918 -> 46.50.226.74 10856 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:32.941424 0.051569 tcp 10.0.2.109 61919 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:32.993250 0.052731 tcp 10.0.2.109 61920 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:33.046249 0.143686 tcp 10.0.2.109 61921 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:33.216105 3.002516 tcp 10.0.2.109 61922 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:27:42.216877 0.000000 tcp 10.0.2.109 61922 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:27:48.216525 0.052594 tcp 10.0.2.109 61923 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:48.269382 0.053974 tcp 10.0.2.109 61924 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:48.323666 0.145203 tcp 10.0.2.109 61925 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:27:48.479136 3.001041 tcp 10.0.2.109 61926 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:27:57.478888 0.000000 tcp 10.0.2.109 61926 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:28:03.478106 3.003875 tcp 10.0.2.109 61927 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:28:12.480787 0.000000 tcp 10.0.2.109 61927 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:28:18.479555 3.004361 tcp 10.0.2.109 61928 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:28:27.482379 0.000000 tcp 10.0.2.109 61928 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:28:33.480756 2.994870 tcp 10.0.2.109 61929 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:28:38.328157 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:28:42.473568 0.000000 tcp 10.0.2.109 61929 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:28:48.482885 0.670512 tcp 10.0.2.109 61930 -> 46.50.226.74 10856 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:28:49.153573 3.003871 tcp 10.0.2.109 61931 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:28:58.156017 0.000000 tcp 10.0.2.109 61931 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:30:26.325626 3.001750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 18:30:33.332936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:30:41.334811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:30:57.337705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:31:29.343796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:34:04.156460 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:34:04.156725 3.003900 tcp 10.0.2.109 61932 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:34:13.159305 0.000000 tcp 10.0.2.109 61932 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:34:19.161443 0.053884 tcp 10.0.2.109 61933 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:34:19.215565 0.052848 tcp 10.0.2.109 61934 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:34:19.268687 0.147871 tcp 10.0.2.109 61935 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:34:19.441735 3.000731 tcp 10.0.2.109 61936 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:34:28.441369 0.000000 tcp 10.0.2.109 61936 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:34:34.440280 0.052281 tcp 10.0.2.109 61937 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:34:34.492800 0.054149 tcp 10.0.2.109 61938 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:34:34.547166 0.143960 tcp 10.0.2.109 61939 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:34:34.701438 2.993389 tcp 10.0.2.109 61940 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:34:43.703043 0.000000 tcp 10.0.2.109 61940 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:34:49.702581 0.052144 tcp 10.0.2.109 61941 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:34:49.754983 0.054067 tcp 10.0.2.109 61942 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:34:49.809267 0.142840 tcp 10.0.2.109 61943 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:34:49.961127 2.985486 tcp 10.0.2.109 61944 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:34:58.945009 0.000000 tcp 10.0.2.109 61944 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:35:04.954412 0.052381 tcp 10.0.2.109 61945 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:05.007016 0.053456 tcp 10.0.2.109 61946 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:05.060693 0.144459 tcp 10.0.2.109 61947 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:05.214510 3.003634 tcp 10.0.2.109 61948 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:35:14.217332 0.000000 tcp 10.0.2.109 61948 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:35:20.216468 0.053274 tcp 10.0.2.109 61949 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:20.269969 0.053783 tcp 10.0.2.109 61950 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:20.323936 0.145907 tcp 10.0.2.109 61951 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:20.484999 0.964361 tcp 10.0.2.109 61952 -> 46.50.226.74 10856 FSPA* 0 0 14 1757 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:21.189452 0.051972 tcp 10.0.2.109 61953 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:21.241682 0.053922 tcp 10.0.2.109 61954 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:21.295806 0.142987 tcp 10.0.2.109 61955 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:21.449613 3.002061 tcp 10.0.2.109 61956 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:35:30.450017 0.000000 tcp 10.0.2.109 61956 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:35:36.449900 0.053210 tcp 10.0.2.109 61957 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:36.503298 0.053930 tcp 10.0.2.109 61958 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:36.557400 0.143932 tcp 10.0.2.109 61959 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:35:36.712412 3.001550 tcp 10.0.2.109 61960 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:35:45.721994 0.000000 tcp 10.0.2.109 61960 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:35:51.711196 2.994114 tcp 10.0.2.109 61961 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:36:00.704125 0.000000 tcp 10.0.2.109 61961 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:36:06.712748 2.994280 tcp 10.0.2.109 61962 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:36:15.705796 0.000000 tcp 10.0.2.109 61962 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:36:21.714276 3.004521 tcp 10.0.2.109 61963 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:36:26.320949 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:36:30.716717 0.000000 tcp 10.0.2.109 61963 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:36:36.715530 3.004580 tcp 10.0.2.109 61964 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:36:45.718760 0.000000 tcp 10.0.2.109 61964 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:36:51.717465 0.705968 tcp 10.0.2.109 61965 -> 46.50.226.74 10856 FSPA* 0 0 14 1757 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:36:52.423601 3.009196 tcp 10.0.2.109 61966 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:37:01.430905 0.000000 tcp 10.0.2.109 61966 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:37:33.349048 3.002482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 18:37:40.357253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:37:48.358398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:38:04.361773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:38:36.367816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:42:07.421510 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:42:07.421693 2.993734 tcp 10.0.2.109 61967 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:42:16.424452 0.000000 tcp 10.0.2.109 61967 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:42:22.424427 0.053204 tcp 10.0.2.109 61968 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:42:22.477817 0.054171 tcp 10.0.2.109 61969 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:42:22.532170 0.142520 tcp 10.0.2.109 61970 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:42:22.707578 2.999504 tcp 10.0.2.109 61971 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:42:31.705777 0.000000 tcp 10.0.2.109 61971 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:42:37.705114 0.050898 tcp 10.0.2.109 61972 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:42:37.756239 0.053477 tcp 10.0.2.109 61973 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:42:37.810028 0.147453 tcp 10.0.2.109 61974 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:42:37.967105 3.002256 tcp 10.0.2.109 61975 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:42:46.967888 0.000000 tcp 10.0.2.109 61975 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:42:52.967212 0.052459 tcp 10.0.2.109 61976 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:42:53.019947 0.053449 tcp 10.0.2.109 61977 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:42:53.073585 0.143925 tcp 10.0.2.109 61978 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:42:53.227810 3.003590 tcp 10.0.2.109 61979 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:43:02.230050 0.000000 tcp 10.0.2.109 61979 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:43:08.229323 0.051472 tcp 10.0.2.109 61980 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:08.281004 0.052559 tcp 10.0.2.109 61981 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:08.333813 0.141272 tcp 10.0.2.109 61982 -> 195.113.214.211 443 SRPA* 0 0 32 17434 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:08.484423 3.008760 tcp 10.0.2.109 61983 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:43:17.492308 0.000000 tcp 10.0.2.109 61983 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:43:23.480944 0.052608 tcp 10.0.2.109 61984 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:23.533774 0.054877 tcp 10.0.2.109 61985 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:23.588873 0.145330 tcp 10.0.2.109 61986 -> 195.113.214.211 443 SRPA* 0 0 34 17746 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:23.744054 0.933309 tcp 10.0.2.109 61987 -> 46.50.226.74 10856 FSPA* 0 0 14 1711 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:24.419455 0.052441 tcp 10.0.2.109 61988 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:24.472084 0.052526 tcp 10.0.2.109 61989 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:24.524821 0.143382 tcp 10.0.2.109 61990 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:24.677565 2.999318 tcp 10.0.2.109 61991 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:43:33.675010 0.000000 tcp 10.0.2.109 61991 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:43:39.674813 0.052602 tcp 10.0.2.109 61992 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:39.727673 0.052658 tcp 10.0.2.109 61993 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:39.780604 0.140759 tcp 10.0.2.109 61994 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:43:39.934414 3.004186 tcp 10.0.2.109 61995 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:43:48.937001 0.000000 tcp 10.0.2.109 61995 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:43:54.936013 3.004032 tcp 10.0.2.109 61996 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:44:03.938662 0.000000 tcp 10.0.2.109 61996 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:44:09.937502 3.003748 tcp 10.0.2.109 61997 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:44:18.940097 0.000000 tcp 10.0.2.109 61997 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:44:23.827299 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:44:24.938992 3.004399 tcp 10.0.2.109 61998 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:44:33.942364 0.000000 tcp 10.0.2.109 61998 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:44:39.940491 2.994023 tcp 10.0.2.109 61999 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:44:40.373195 3.002062 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 18:44:47.380770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:44:48.943283 0.000000 tcp 10.0.2.109 61999 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:44:54.942517 0.624334 tcp 10.0.2.109 62000 -> 46.50.226.74 10856 FSPA* 0 0 14 1711 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:44:55.383012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:44:55.567054 3.000540 tcp 10.0.2.109 62001 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:45:04.565488 0.000000 tcp 10.0.2.109 62001 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:45:11.385662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:45:43.391893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:50:10.566324 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:50:10.566581 3.003624 tcp 10.0.2.109 62002 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:50:19.569041 0.000000 tcp 10.0.2.109 62002 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:50:25.568651 0.055193 tcp 10.0.2.109 62003 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:50:25.624115 0.051884 tcp 10.0.2.109 62004 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:50:25.676273 0.143634 tcp 10.0.2.109 62005 -> 195.113.214.211 443 SRPA* 0 0 32 17014 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:50:25.830263 3.001796 tcp 10.0.2.109 62006 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:50:34.830873 0.000000 tcp 10.0.2.109 62006 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:50:40.830379 0.051265 tcp 10.0.2.109 62007 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:50:40.881920 0.053226 tcp 10.0.2.109 62008 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:50:40.935386 0.143085 tcp 10.0.2.109 62009 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:50:41.087865 2.996387 tcp 10.0.2.109 62010 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:50:50.092882 0.000000 tcp 10.0.2.109 62010 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:50:56.081583 0.052651 tcp 10.0.2.109 62011 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:50:56.134404 0.055166 tcp 10.0.2.109 62012 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:50:56.189791 0.149214 tcp 10.0.2.109 62013 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:50:56.354778 3.001006 tcp 10.0.2.109 62014 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:51:05.354879 0.000000 tcp 10.0.2.109 62014 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:51:11.353393 0.052311 tcp 10.0.2.109 62015 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:11.405893 0.053404 tcp 10.0.2.109 62016 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:11.459589 0.125247 tcp 10.0.2.109 62017 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:11.595562 3.001916 tcp 10.0.2.109 62018 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:51:20.596352 0.000000 tcp 10.0.2.109 62018 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:51:26.595723 0.052135 tcp 10.0.2.109 62019 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:26.648073 0.052206 tcp 10.0.2.109 62020 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:26.700466 0.146425 tcp 10.0.2.109 62021 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:26.856630 0.941819 tcp 10.0.2.109 62022 -> 46.50.226.74 10856 FSPA* 0 0 14 1534 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:27.540901 0.051746 tcp 10.0.2.109 62023 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:27.592834 0.053413 tcp 10.0.2.109 62024 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:27.646482 0.142551 tcp 10.0.2.109 62025 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:27.798637 3.002316 tcp 10.0.2.109 62026 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:51:36.799958 0.000000 tcp 10.0.2.109 62026 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:51:42.799078 0.053392 tcp 10.0.2.109 62027 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:42.852653 0.053678 tcp 10.0.2.109 62028 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:42.906514 0.143455 tcp 10.0.2.109 62029 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:51:43.060430 3.002547 tcp 10.0.2.109 62030 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:51:47.398863 3.000630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 18:51:52.061911 0.000000 tcp 10.0.2.109 62030 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:51:54.405196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:51:58.060335 2.994027 tcp 10.0.2.109 62031 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:52:02.407011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:52:07.063275 0.000000 tcp 10.0.2.109 62031 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:52:13.062402 2.993591 tcp 10.0.2.109 62032 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:52:18.409487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:52:22.054602 0.000000 tcp 10.0.2.109 62032 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:52:28.063891 2.994031 tcp 10.0.2.109 62033 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:52:32.819931 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:52:37.056534 0.000000 tcp 10.0.2.109 62033 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:52:43.065318 3.004412 tcp 10.0.2.109 62034 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:52:50.415370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:52:52.068093 0.000000 tcp 10.0.2.109 62034 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:52:58.066887 0.699920 tcp 10.0.2.109 62035 -> 46.50.226.74 10856 FSPA* 0 0 14 1534 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:52:58.766978 3.005264 tcp 10.0.2.109 62036 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:53:07.770357 0.000000 tcp 10.0.2.109 62036 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:57:06.955226 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:57:06.955414 0.263083 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:07.231502 0.068563 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:07.284229 0.077790 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:07.343210 0.175551 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:07.495619 0.057391 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:07.550178 0.122165 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:07.639998 0.047214 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:07.695547 0.155785 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:07.845288 0.108021 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:07.963355 0.159732 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:08.124706 0.056606 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:08.192582 0.196993 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:08.379510 0.040031 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:08.425474 0.116775 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:08.496583 0.190249 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:08.679507 0.266404 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:08.934026 0.051773 rtp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:08.982439 0.031495 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:09.012565 0.340281 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:09.368996 0.152754 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:09.517742 0.169717 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:09.682755 0.380180 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:10.043290 0.166935 rtp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:10.188483 0.114979 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:10.266917 0.051753 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:10.316394 0.059894 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:10.360230 0.118852 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:10.441682 0.075546 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2620 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:57:10.501445 0.165024 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/22 18:58:13.760747 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 18:58:13.760918 2.994272 tcp 10.0.2.109 62037 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:58:22.763701 0.000000 tcp 10.0.2.109 62037 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:58:28.763645 0.054012 tcp 10.0.2.109 62038 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:58:28.817884 0.031172 tcp 10.0.2.109 62039 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:58:28.849269 0.123766 tcp 10.0.2.109 62040 -> 195.113.214.211 443 SRPA* 0 0 24 12986 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:58:28.991047 2.985334 tcp 10.0.2.109 62041 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:58:37.975130 0.000000 tcp 10.0.2.109 62041 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:58:43.984407 0.052923 tcp 10.0.2.109 62042 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:58:44.037587 0.053390 tcp 10.0.2.109 62043 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:58:44.091246 0.143554 tcp 10.0.2.109 62044 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:58:44.245644 3.002999 tcp 10.0.2.109 62045 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:58:53.246921 0.000000 tcp 10.0.2.109 62045 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:58:54.421565 3.001505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 18:58:59.246424 0.052416 tcp 10.0.2.109 62046 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:58:59.299007 0.054145 tcp 10.0.2.109 62047 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:58:59.353423 0.143764 tcp 10.0.2.109 62048 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:58:59.507066 3.003895 tcp 10.0.2.109 62049 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:59:01.428854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:59:08.509322 0.000000 tcp 10.0.2.109 62049 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:59:09.430558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:59:14.508260 0.052219 tcp 10.0.2.109 62050 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:14.560721 0.053940 tcp 10.0.2.109 62051 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:14.614903 0.146704 tcp 10.0.2.109 62052 -> 195.113.214.211 443 SRPA* 0 0 32 17514 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:14.770260 3.002269 tcp 10.0.2.109 62053 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:59:23.771389 0.000000 tcp 10.0.2.109 62053 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:59:25.433402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 18:59:29.770379 0.052653 tcp 10.0.2.109 62054 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:29.823272 0.052567 tcp 10.0.2.109 62055 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:29.876048 0.144137 tcp 10.0.2.109 62056 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:30.041691 0.897271 tcp 10.0.2.109 62057 -> 46.50.226.74 10856 FSPA* 0 0 14 1760 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:30.650752 0.051582 tcp 10.0.2.109 62058 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:30.702570 0.054115 tcp 10.0.2.109 62059 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:30.756925 0.143643 tcp 10.0.2.109 62060 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:30.939135 2.996331 tcp 10.0.2.109 62061 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:59:39.934736 0.000000 tcp 10.0.2.109 62061 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:59:45.933855 0.031410 tcp 10.0.2.109 62062 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:45.965601 0.053924 tcp 10.0.2.109 62063 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:46.019800 0.144370 tcp 10.0.2.109 62064 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 18:59:46.176148 3.001498 tcp 10.0.2.109 62065 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:59:55.176341 0.000000 tcp 10.0.2.109 62065 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 18:59:57.439726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:00:01.175445 3.004152 tcp 10.0.2.109 62066 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:00:10.177544 0.000000 tcp 10.0.2.109 62066 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:00:16.176414 3.004706 tcp 10.0.2.109 62067 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:00:25.179130 0.000000 tcp 10.0.2.109 62067 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:00:31.177947 3.004883 tcp 10.0.2.109 62068 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:00:35.824998 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:00:40.181106 0.000000 tcp 10.0.2.109 62068 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:00:46.179714 3.004315 tcp 10.0.2.109 62069 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:00:55.192781 0.000000 tcp 10.0.2.109 62069 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:01:01.181260 1.053293 tcp 10.0.2.109 62070 -> 46.50.226.74 10856 FSPA* 0 0 14 1760 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:01:02.234789 3.002525 tcp 10.0.2.109 62071 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:01:11.235508 0.000000 tcp 10.0.2.109 62071 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:06:01.445072 3.002166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 19:06:08.453045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:06:16.454603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:06:17.236517 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:06:17.236731 3.003546 tcp 10.0.2.109 62072 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:06:26.238407 0.000000 tcp 10.0.2.109 62072 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:06:32.239619 0.052509 tcp 10.0.2.109 62073 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:06:32.292416 0.054690 tcp 10.0.2.109 62074 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:06:32.347470 0.144303 tcp 10.0.2.109 62075 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:06:32.457677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:06:32.590317 3.001626 tcp 10.0.2.109 62076 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:06:41.590313 0.000000 tcp 10.0.2.109 62076 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:06:47.590038 0.052557 tcp 10.0.2.109 62077 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:06:47.642932 0.054599 tcp 10.0.2.109 62078 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:06:47.697856 0.147235 tcp 10.0.2.109 62079 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:06:47.867607 2.996312 tcp 10.0.2.109 62080 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:06:56.872333 0.000000 tcp 10.0.2.109 62080 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:07:02.861782 0.052203 tcp 10.0.2.109 62081 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:02.914280 0.052995 tcp 10.0.2.109 62082 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:02.967570 0.144458 tcp 10.0.2.109 62083 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:03.525581 3.001121 tcp 10.0.2.109 62084 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:07:04.463962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:07:12.525312 0.000000 tcp 10.0.2.109 62084 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:07:18.524495 0.052060 tcp 10.0.2.109 62085 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:18.576838 0.032451 tcp 10.0.2.109 62086 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:18.609148 0.145156 tcp 10.0.2.109 62087 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:18.865536 3.003058 tcp 10.0.2.109 62088 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:07:27.866849 0.000000 tcp 10.0.2.109 62088 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:07:33.866457 0.053131 tcp 10.0.2.109 62089 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:33.919902 0.041987 tcp 10.0.2.109 62090 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:33.962249 0.146445 tcp 10.0.2.109 62091 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:34.131130 1.037923 tcp 10.0.2.109 62092 -> 46.50.226.74 10856 FSPA* 0 0 14 1709 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:34.818983 0.051846 tcp 10.0.2.109 62093 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:34.871142 0.032084 tcp 10.0.2.109 62094 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:34.903562 0.122287 tcp 10.0.2.109 62095 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:35.169323 3.002757 tcp 10.0.2.109 62096 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:07:44.170975 0.000000 tcp 10.0.2.109 62096 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:07:50.169651 0.052630 tcp 10.0.2.109 62097 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:50.222546 0.041727 tcp 10.0.2.109 62098 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:50.264573 0.143544 tcp 10.0.2.109 62099 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:07:50.439873 2.993906 tcp 10.0.2.109 62100 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:07:59.442364 0.000000 tcp 10.0.2.109 62100 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:08:05.441498 2.994294 tcp 10.0.2.109 62101 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:08:14.433833 0.000000 tcp 10.0.2.109 62101 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:08:20.443221 2.994200 tcp 10.0.2.109 62102 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:08:29.435605 0.000000 tcp 10.0.2.109 62102 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:08:34.322872 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:08:35.444227 3.004519 tcp 10.0.2.109 62103 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:08:44.447052 0.000000 tcp 10.0.2.109 62103 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:08:50.446279 3.003725 tcp 10.0.2.109 62104 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:08:59.449161 0.000000 tcp 10.0.2.109 62104 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:09:05.447846 0.617741 tcp 10.0.2.109 62105 -> 46.50.226.74 10856 FSPA* 0 0 14 1709 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:09:06.065775 3.006842 tcp 10.0.2.109 62106 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:09:15.071097 0.000000 tcp 10.0.2.109 62106 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:13:08.470062 3.001158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 19:13:15.476822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:13:23.478526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:13:39.481573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:14:11.487944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:14:21.062277 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:14:21.062371 2.993411 tcp 10.0.2.109 62107 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:14:30.054290 0.000000 tcp 10.0.2.109 62107 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:14:36.064776 0.053441 tcp 10.0.2.109 62108 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:14:36.118397 0.052946 tcp 10.0.2.109 62109 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:14:36.171633 0.139671 tcp 10.0.2.109 62110 -> 195.113.214.211 443 SRPA* 0 0 36 18906 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:14:36.368545 2.999223 tcp 10.0.2.109 62111 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:14:45.366278 0.000000 tcp 10.0.2.109 62111 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:14:51.365270 0.051935 tcp 10.0.2.109 62112 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:14:51.417474 0.053528 tcp 10.0.2.109 62113 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:14:51.471311 0.144178 tcp 10.0.2.109 62114 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:14:51.635254 3.004323 tcp 10.0.2.109 62115 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:15:00.637983 0.000000 tcp 10.0.2.109 62115 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:15:06.637213 0.030753 tcp 10.0.2.109 62116 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:06.668228 0.053307 tcp 10.0.2.109 62117 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:06.721784 0.143036 tcp 10.0.2.109 62118 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:06.896489 3.004791 tcp 10.0.2.109 62119 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:15:15.899945 0.000000 tcp 10.0.2.109 62119 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:15:21.889451 0.052168 tcp 10.0.2.109 62120 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:21.941888 0.053616 tcp 10.0.2.109 62121 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:21.995771 0.142233 tcp 10.0.2.109 62122 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:22.190315 3.003508 tcp 10.0.2.109 62123 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:15:31.192075 0.000000 tcp 10.0.2.109 62123 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:15:37.191257 0.051698 tcp 10.0.2.109 62124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:37.243212 0.056286 tcp 10.0.2.109 62125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:37.299769 0.146513 tcp 10.0.2.109 62126 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:37.572811 1.006786 tcp 10.0.2.109 62127 -> 46.50.226.74 10856 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:38.278878 0.051845 tcp 10.0.2.109 62128 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:38.330985 0.054098 tcp 10.0.2.109 62129 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:38.385300 0.146252 tcp 10.0.2.109 62130 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:38.579778 2.997015 tcp 10.0.2.109 62131 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:15:47.576137 0.000000 tcp 10.0.2.109 62131 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:15:53.574763 0.052347 tcp 10.0.2.109 62132 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:53.627360 0.096712 tcp 10.0.2.109 62133 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:53.724387 0.141194 tcp 10.0.2.109 62134 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:15:54.222774 2.997008 tcp 10.0.2.109 62135 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:16:03.217870 0.000000 tcp 10.0.2.109 62135 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:16:09.217171 3.003609 tcp 10.0.2.109 62136 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:16:18.219797 0.000000 tcp 10.0.2.109 62136 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:16:24.218470 3.004397 tcp 10.0.2.109 62137 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:16:33.221432 0.000000 tcp 10.0.2.109 62137 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:16:37.817955 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:16:39.220113 2.993970 tcp 10.0.2.109 62138 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:16:48.223175 0.000000 tcp 10.0.2.109 62138 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:16:54.221824 2.993596 tcp 10.0.2.109 62139 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:17:03.214384 0.000000 tcp 10.0.2.109 62139 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:17:09.223571 0.608110 tcp 10.0.2.109 62140 -> 46.50.226.74 10856 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:17:09.831883 2.996007 tcp 10.0.2.109 62141 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:17:18.827258 0.000000 tcp 10.0.2.109 62141 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:20:15.494277 3.001221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 19:20:22.501030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:20:30.502556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:20:46.505898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:21:18.511845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:22:24.827264 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:22:24.827463 3.003907 tcp 10.0.2.109 62142 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:22:33.829737 0.000000 tcp 10.0.2.109 62142 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:22:39.829833 0.052734 tcp 10.0.2.109 62143 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:22:39.882859 0.052740 tcp 10.0.2.109 62144 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:22:39.935833 0.137968 tcp 10.0.2.109 62145 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:22:40.135757 3.007729 tcp 10.0.2.109 62146 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:22:49.141931 0.000000 tcp 10.0.2.109 62146 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:22:55.130872 0.052720 tcp 10.0.2.109 62147 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:22:55.183850 0.053517 tcp 10.0.2.109 62148 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:22:55.237618 0.138186 tcp 10.0.2.109 62149 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:22:55.385589 2.999133 tcp 10.0.2.109 62150 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:23:04.393774 0.000000 tcp 10.0.2.109 62150 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:23:10.383467 0.051728 tcp 10.0.2.109 62151 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:10.435517 0.052908 tcp 10.0.2.109 62152 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:10.488760 0.144997 tcp 10.0.2.109 62153 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:10.696259 3.000463 tcp 10.0.2.109 62154 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:23:19.695583 0.000000 tcp 10.0.2.109 62154 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:23:25.695067 0.052444 tcp 10.0.2.109 62155 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:25.747768 0.054992 tcp 10.0.2.109 62156 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:25.803009 0.147728 tcp 10.0.2.109 62157 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:26.128790 3.000619 tcp 10.0.2.109 62158 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:23:35.127542 0.000000 tcp 10.0.2.109 62158 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:23:41.126984 0.052672 tcp 10.0.2.109 62159 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:41.179980 0.052256 tcp 10.0.2.109 62160 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:41.232492 0.149154 tcp 10.0.2.109 62161 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:41.487812 0.947074 tcp 10.0.2.109 62162 -> 46.50.226.74 10856 FSPA* 0 0 14 1577 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:42.172848 0.052474 tcp 10.0.2.109 62163 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:42.225521 0.031781 tcp 10.0.2.109 62164 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:42.257567 0.127273 tcp 10.0.2.109 62165 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:42.435078 3.007381 tcp 10.0.2.109 62166 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:23:51.441845 0.000000 tcp 10.0.2.109 62166 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:23:57.430287 0.051361 tcp 10.0.2.109 62167 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:57.481861 0.031843 tcp 10.0.2.109 62168 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:57.513964 0.141064 tcp 10.0.2.109 62169 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:23:57.667768 2.986665 tcp 10.0.2.109 62170 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:24:06.662957 0.000000 tcp 10.0.2.109 62170 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:24:12.661711 2.994715 tcp 10.0.2.109 62171 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:24:21.654627 0.000000 tcp 10.0.2.109 62171 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:24:27.663823 2.994031 tcp 10.0.2.109 62172 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:24:36.656212 0.000000 tcp 10.0.2.109 62172 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:24:42.665306 3.004083 tcp 10.0.2.109 62173 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:24:47.321696 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:24:51.668267 0.000000 tcp 10.0.2.109 62173 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:24:57.666782 3.004385 tcp 10.0.2.109 62174 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:25:06.669190 0.000000 tcp 10.0.2.109 62174 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:25:12.668202 1.420783 tcp 10.0.2.109 62175 -> 46.50.226.74 10856 FSPA* 0 0 14 1577 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:25:14.089192 2.995121 tcp 10.0.2.109 62176 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:25:23.093042 0.000000 tcp 10.0.2.109 62176 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:27:16.546361 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:27:16.546574 0.262047 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:16.807944 0.073083 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:17.063689 0.087498 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:17.131663 0.178656 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:17.286567 0.073348 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:17.373155 0.121735 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:17.461138 0.047424 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:17.525058 0.155198 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:17.674687 0.108202 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:17.860651 0.169818 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:18.107541 0.055310 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:18.220278 0.196328 rtp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:18.407415 0.038590 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:18.472705 0.119148 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:18.542965 0.190501 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:18.731570 0.278672 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:19.066678 0.052305 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:19.115372 0.033769 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:19.206944 0.154256 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:19.472208 0.353562 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:19.825734 0.146916 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:19.964623 0.340777 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:20.286641 0.169144 rtcp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:20.431037 0.118898 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:20.562510 0.120973 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:20.797046 0.059985 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:20.840142 0.122564 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:20.936011 0.075842 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:21.084853 0.162044 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:27:22.517541 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 19:27:29.525000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:27:37.526698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:27:53.529837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:28:25.535250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:30:29.083512 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:30:29.083698 2.993335 tcp 10.0.2.109 62177 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:30:38.075652 0.000000 tcp 10.0.2.109 62177 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:30:44.086340 0.041560 tcp 10.0.2.109 62178 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:30:44.128145 0.052923 tcp 10.0.2.109 62179 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:30:44.181416 0.144578 tcp 10.0.2.109 62180 -> 195.113.214.211 443 SRPA* 0 0 49 33592 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:30:44.346983 3.002634 tcp 10.0.2.109 62181 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:30:53.347713 0.000000 tcp 10.0.2.109 62181 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:30:59.347591 0.030865 tcp 10.0.2.109 62182 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:30:59.378744 0.053858 tcp 10.0.2.109 62183 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:30:59.432888 0.143597 tcp 10.0.2.109 62184 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:30:59.591087 3.000046 tcp 10.0.2.109 62185 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:31:08.589786 0.000000 tcp 10.0.2.109 62185 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:31:14.589062 0.052834 tcp 10.0.2.109 62186 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:14.642241 0.030903 tcp 10.0.2.109 62187 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:14.673415 0.145437 tcp 10.0.2.109 62188 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:14.842459 3.000446 tcp 10.0.2.109 62189 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:31:23.841765 0.000000 tcp 10.0.2.109 62189 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:31:29.841197 0.051577 tcp 10.0.2.109 62190 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:29.893078 0.052824 tcp 10.0.2.109 62191 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:29.946313 0.142989 tcp 10.0.2.109 62192 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:30.107009 2.997813 tcp 10.0.2.109 62193 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:31:39.113918 0.000000 tcp 10.0.2.109 62193 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:31:45.102984 0.051419 tcp 10.0.2.109 62194 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:45.154731 0.053533 tcp 10.0.2.109 62195 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:45.208557 0.123690 tcp 10.0.2.109 62196 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:45.360270 0.908515 tcp 10.0.2.109 62197 -> 46.50.226.74 10856 FSPA* 0 0 14 1635 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:46.014766 0.051263 tcp 10.0.2.109 62198 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:46.066280 0.053506 tcp 10.0.2.109 62199 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:46.120074 0.124024 tcp 10.0.2.109 62200 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:31:46.268997 2.999427 tcp 10.0.2.109 62201 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:31:55.266674 0.000000 tcp 10.0.2.109 62201 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:32:01.266012 0.052879 tcp 10.0.2.109 62202 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:32:01.319173 0.052772 tcp 10.0.2.109 62203 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:32:01.372153 0.146266 tcp 10.0.2.109 62204 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:32:01.676606 3.003717 tcp 10.0.2.109 62205 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:32:10.679315 0.000000 tcp 10.0.2.109 62205 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:32:16.677703 3.004406 tcp 10.0.2.109 62206 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:32:25.680689 0.000000 tcp 10.0.2.109 62206 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:32:31.679838 3.004099 tcp 10.0.2.109 62207 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:32:40.682107 0.000000 tcp 10.0.2.109 62207 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:32:46.681167 2.993925 tcp 10.0.2.109 62208 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:32:51.317736 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:32:55.683869 0.000000 tcp 10.0.2.109 62208 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:33:01.682727 2.994083 tcp 10.0.2.109 62209 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:33:10.675207 0.000000 tcp 10.0.2.109 62209 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:33:16.683910 0.652924 tcp 10.0.2.109 62210 -> 46.50.226.74 10856 FSPA* 0 0 14 1635 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:33:17.337026 3.001928 tcp 10.0.2.109 62211 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:33:26.337907 0.000000 tcp 10.0.2.109 62211 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:34:29.541260 3.001770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 19:34:36.548875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:34:44.550626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:35:00.553295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:35:32.559444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:38:32.338604 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:38:32.338874 3.003240 tcp 10.0.2.109 62212 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:38:41.340762 0.000000 tcp 10.0.2.109 62212 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:38:47.341102 0.053985 tcp 10.0.2.109 62213 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:38:47.395264 0.031744 tcp 10.0.2.109 62214 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:38:47.427179 0.147689 tcp 10.0.2.109 62215 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:38:47.588052 2.995933 tcp 10.0.2.109 62216 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:38:56.592686 0.000000 tcp 10.0.2.109 62216 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:39:02.581773 0.051788 tcp 10.0.2.109 62217 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:02.633804 0.032514 tcp 10.0.2.109 62218 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:02.666726 0.123643 tcp 10.0.2.109 62219 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:02.799293 2.996424 tcp 10.0.2.109 62220 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:39:11.794424 0.000000 tcp 10.0.2.109 62220 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:39:17.794244 0.052541 tcp 10.0.2.109 62221 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:17.846999 0.031245 tcp 10.0.2.109 62222 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:17.878498 0.140358 tcp 10.0.2.109 62223 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:18.028345 2.999384 tcp 10.0.2.109 62224 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:39:27.026592 0.000000 tcp 10.0.2.109 62224 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:39:33.025569 0.051282 tcp 10.0.2.109 62225 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:33.077197 0.051839 tcp 10.0.2.109 62226 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:33.129301 0.121875 tcp 10.0.2.109 62227 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:33.260637 2.999443 tcp 10.0.2.109 62228 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:39:42.258874 0.000000 tcp 10.0.2.109 62228 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:39:48.257648 0.052140 tcp 10.0.2.109 62229 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:48.309975 0.053190 tcp 10.0.2.109 62230 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:48.363348 0.143257 tcp 10.0.2.109 62231 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:48.515863 2.540517 tcp 10.0.2.109 62232 -> 46.50.226.74 10856 FSPA* 0 0 14 1593 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:50.798314 0.050922 tcp 10.0.2.109 62233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:50.849466 0.053814 tcp 10.0.2.109 62234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:50.903483 0.143261 tcp 10.0.2.109 62235 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:39:51.056591 2.999290 tcp 10.0.2.109 62236 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:40:00.053859 0.000000 tcp 10.0.2.109 62236 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:40:06.053514 0.052596 tcp 10.0.2.109 62237 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:40:06.106446 0.053013 tcp 10.0.2.109 62238 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:40:06.159760 0.142470 tcp 10.0.2.109 62239 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:40:06.314273 3.003469 tcp 10.0.2.109 62240 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:40:15.315637 0.000000 tcp 10.0.2.109 62240 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:40:21.314418 3.004589 tcp 10.0.2.109 62241 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:40:30.317488 0.000000 tcp 10.0.2.109 62241 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:40:36.316005 3.004262 tcp 10.0.2.109 62242 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:40:45.319169 0.000000 tcp 10.0.2.109 62242 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:40:50.325908 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:40:51.317886 3.004087 tcp 10.0.2.109 62243 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:41:00.320694 0.000000 tcp 10.0.2.109 62243 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:41:06.319411 3.004224 tcp 10.0.2.109 62244 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:41:15.321920 0.000000 tcp 10.0.2.109 62244 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:41:21.321411 0.686031 tcp 10.0.2.109 62245 -> 46.50.226.74 10856 FSPA* 0 0 14 1593 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:41:22.007635 2.998348 tcp 10.0.2.109 62246 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:41:31.004878 0.000000 tcp 10.0.2.109 62246 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:41:36.565372 3.001819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 19:41:43.572555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:41:51.574286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:42:07.577715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:42:39.583559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:46:37.005244 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:46:37.005394 3.003495 tcp 10.0.2.109 62247 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:46:46.007737 0.000000 tcp 10.0.2.109 62247 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:46:52.007756 0.054794 tcp 10.0.2.109 62248 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:46:52.062844 0.030693 tcp 10.0.2.109 62249 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:46:52.093789 0.124697 tcp 10.0.2.109 62250 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:46:52.276611 3.004105 tcp 10.0.2.109 62251 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:47:01.279307 0.000000 tcp 10.0.2.109 62251 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:47:07.268588 0.030685 tcp 10.0.2.109 62252 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:07.299454 0.053196 tcp 10.0.2.109 62253 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:07.352873 0.149282 tcp 10.0.2.109 62254 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:07.511499 3.001400 tcp 10.0.2.109 62255 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:47:16.511454 0.000000 tcp 10.0.2.109 62255 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:47:22.511079 0.030542 tcp 10.0.2.109 62256 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:22.541882 0.052368 tcp 10.0.2.109 62257 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:22.594548 0.139129 tcp 10.0.2.109 62258 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:22.758421 2.996492 tcp 10.0.2.109 62259 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:47:31.763107 0.000000 tcp 10.0.2.109 62259 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:47:37.752368 0.030755 tcp 10.0.2.109 62260 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:37.783420 0.053078 tcp 10.0.2.109 62261 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:37.836771 0.142977 tcp 10.0.2.109 62262 -> 195.113.214.211 443 SRPA* 0 0 32 17434 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:37.994780 3.002261 tcp 10.0.2.109 62263 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:47:46.995382 0.000000 tcp 10.0.2.109 62263 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:47:52.994434 0.055608 tcp 10.0.2.109 62264 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:53.050255 0.052947 tcp 10.0.2.109 62265 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:53.103424 0.141876 tcp 10.0.2.109 62266 -> 195.113.214.211 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:53.265653 0.880400 tcp 10.0.2.109 62267 -> 46.50.226.74 10856 FSPA* 0 0 14 1668 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:53.905395 0.052076 tcp 10.0.2.109 62268 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:53.957667 0.053478 tcp 10.0.2.109 62269 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:54.011329 0.124376 tcp 10.0.2.109 62270 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:47:54.146203 3.004278 tcp 10.0.2.109 62271 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:48:03.148675 0.000000 tcp 10.0.2.109 62271 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:48:09.148149 0.051606 tcp 10.0.2.109 62272 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:48:09.199932 0.054024 tcp 10.0.2.109 62273 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:48:09.254263 0.128562 tcp 10.0.2.109 62274 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:48:09.423137 2.998487 tcp 10.0.2.109 62275 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:48:18.420565 0.000000 tcp 10.0.2.109 62275 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:48:24.419196 3.004021 tcp 10.0.2.109 62276 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:48:33.421804 0.000000 tcp 10.0.2.109 62276 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:48:39.420814 2.994748 tcp 10.0.2.109 62277 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:48:43.588839 3.002341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 19:48:48.423505 0.000000 tcp 10.0.2.109 62277 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:48:50.596632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:48:53.321041 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:48:54.422390 2.994113 tcp 10.0.2.109 62278 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:48:58.598513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:49:03.415451 0.000000 tcp 10.0.2.109 62278 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:49:09.423734 3.004677 tcp 10.0.2.109 62279 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:49:14.601507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:49:18.426727 0.000000 tcp 10.0.2.109 62279 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:49:24.425911 0.676743 tcp 10.0.2.109 62280 -> 46.50.226.74 10856 FSPA* 0 0 14 1668 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:49:25.102683 2.998212 tcp 10.0.2.109 62281 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:49:34.099304 0.000000 tcp 10.0.2.109 62281 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:49:46.607423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:54:40.100209 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:54:40.100386 3.003302 tcp 10.0.2.109 62282 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:54:49.102315 0.000000 tcp 10.0.2.109 62282 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:54:55.102962 0.053145 tcp 10.0.2.109 62283 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:54:55.156268 0.031644 tcp 10.0.2.109 62284 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:54:55.188113 0.143161 tcp 10.0.2.109 62285 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:54:55.341672 2.993744 tcp 10.0.2.109 62286 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:55:04.334148 0.000000 tcp 10.0.2.109 62286 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:55:10.343248 0.051267 tcp 10.0.2.109 62287 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:10.394796 0.032503 tcp 10.0.2.109 62288 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:10.427568 0.143882 tcp 10.0.2.109 62289 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:10.580927 2.996167 tcp 10.0.2.109 62290 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:55:19.575906 0.000000 tcp 10.0.2.109 62290 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:55:25.575349 0.030816 tcp 10.0.2.109 62291 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:25.606430 0.030637 tcp 10.0.2.109 62292 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:25.637272 0.142185 tcp 10.0.2.109 62293 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:25.789834 2.999134 tcp 10.0.2.109 62294 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:55:34.787965 0.000000 tcp 10.0.2.109 62294 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:55:40.787239 0.052298 tcp 10.0.2.109 62295 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:40.839760 0.030664 tcp 10.0.2.109 62296 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:40.870655 0.126547 tcp 10.0.2.109 62297 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:41.006773 3.004891 tcp 10.0.2.109 62298 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:55:50.010209 0.000000 tcp 10.0.2.109 62298 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:55:50.613052 3.001620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 19:55:56.008910 0.052926 tcp 10.0.2.109 62299 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:56.062060 0.031339 tcp 10.0.2.109 62300 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:56.093574 0.126192 tcp 10.0.2.109 62301 -> 195.113.214.211 443 SRPA* 0 0 49 33592 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:56.230253 0.866684 tcp 10.0.2.109 62302 -> 46.50.226.74 10856 FSPA* 0 0 14 1570 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:56.882661 0.031489 tcp 10.0.2.109 62303 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:56.914361 0.030966 tcp 10.0.2.109 62304 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:56.945596 0.141214 tcp 10.0.2.109 62305 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:55:57.097086 2.997156 tcp 10.0.2.109 62306 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:55:57.620762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:56:05.622603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:56:06.103041 0.000000 tcp 10.0.2.109 62306 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:56:12.092192 0.051733 tcp 10.0.2.109 62307 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:56:12.144181 0.031254 tcp 10.0.2.109 62308 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:56:12.175654 0.141039 tcp 10.0.2.109 62309 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:56:12.326047 3.000330 tcp 10.0.2.109 62310 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:56:21.325114 0.000000 tcp 10.0.2.109 62310 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:56:21.625507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:56:27.323801 2.993818 tcp 10.0.2.109 62311 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:56:36.316405 0.000000 tcp 10.0.2.109 62311 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:56:42.325353 3.004272 tcp 10.0.2.109 62312 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:56:51.327828 0.000000 tcp 10.0.2.109 62312 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:56:53.631304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 19:56:56.325345 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 19:56:57.326583 3.004680 tcp 10.0.2.109 62313 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:57:06.329423 0.000000 tcp 10.0.2.109 62313 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:57:12.328035 3.004294 tcp 10.0.2.109 62314 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:57:21.331166 0.000000 tcp 10.0.2.109 62314 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:57:27.329913 0.654850 tcp 10.0.2.109 62315 -> 46.50.226.74 10856 FSPA* 0 0 14 1570 flow=From-Botnet-V1-TCP-Established 1970/01/22 19:57:27.984968 3.000407 tcp 10.0.2.109 62316 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 19:57:31.986519 0.262093 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:32.256560 0.066152 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:32.307544 0.080092 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:32.368292 0.173253 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:32.518023 0.152839 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:32.663213 0.126499 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:32.755684 0.046520 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:32.869969 0.162533 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:33.041348 0.109934 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:33.161714 0.184134 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:33.358298 0.054362 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:33.421818 0.196040 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:33.610455 0.039305 rtp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:33.641688 0.121857 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:33.714530 0.186427 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:33.893627 0.168236 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:34.063487 0.158943 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:34.218384 0.353887 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:34.573607 0.154685 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:34.720030 0.046942 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:34.762887 0.033363 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 1993 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:34.794832 0.372320 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:35.146384 0.168428 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:35.293711 0.113433 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:35.370009 0.053668 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:35.416471 0.063139 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:35.464852 0.121751 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:35.546193 0.077784 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:35.606321 0.166451 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/22 19:57:36.993847 0.000000 tcp 10.0.2.109 62316 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:02:42.984320 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 20:02:42.984471 3.003305 tcp 10.0.2.109 62317 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:02:51.986232 0.000000 tcp 10.0.2.109 62317 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:02:57.636571 3.002307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 20:02:57.986843 0.031224 tcp 10.0.2.109 62318 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:02:58.018266 0.051834 tcp 10.0.2.109 62319 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:02:58.070354 0.142447 tcp 10.0.2.109 62320 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:02:58.231086 2.998478 tcp 10.0.2.109 62321 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:03:04.644834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:03:07.228080 0.000000 tcp 10.0.2.109 62321 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:03:12.645971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:03:13.227473 0.052570 tcp 10.0.2.109 62322 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:13.280295 0.031705 tcp 10.0.2.109 62323 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:13.312261 0.144283 tcp 10.0.2.109 62324 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:13.467037 3.004632 tcp 10.0.2.109 62325 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:03:22.470278 0.000000 tcp 10.0.2.109 62325 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:03:28.459530 0.051247 tcp 10.0.2.109 62326 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:28.511087 0.052664 tcp 10.0.2.109 62327 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:28.564049 0.142661 tcp 10.0.2.109 62328 -> 195.113.214.211 443 SRPA* 0 0 23 12058 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:28.649649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:03:28.863307 3.000217 tcp 10.0.2.109 62329 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:03:37.872558 0.000000 tcp 10.0.2.109 62329 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:03:43.861825 0.051751 tcp 10.0.2.109 62330 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:43.913877 0.052677 tcp 10.0.2.109 62331 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:43.966873 0.140099 tcp 10.0.2.109 62332 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:44.152226 2.993326 tcp 10.0.2.109 62333 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:03:53.144334 0.000000 tcp 10.0.2.109 62333 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:03:59.153557 0.030313 tcp 10.0.2.109 62334 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:59.184171 0.030656 tcp 10.0.2.109 62335 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:59.215062 0.122522 tcp 10.0.2.109 62336 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:03:59.351048 0.891645 tcp 10.0.2.109 62337 -> 46.50.226.74 10856 FSPA* 0 0 14 1723 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:04:00.024544 0.030107 tcp 10.0.2.109 62338 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:04:00.054896 0.038438 tcp 10.0.2.109 62339 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:04:00.093629 0.123458 tcp 10.0.2.109 62340 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:04:00.242888 2.995757 tcp 10.0.2.109 62341 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:04:00.655378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:04:09.238014 0.000000 tcp 10.0.2.109 62341 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:04:15.236613 0.051653 tcp 10.0.2.109 62342 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:04:15.288497 0.053101 tcp 10.0.2.109 62343 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:04:15.341896 0.126883 tcp 10.0.2.109 62344 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:04:15.483917 3.006666 tcp 10.0.2.109 62345 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:04:24.489638 0.000000 tcp 10.0.2.109 62345 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:04:30.478606 3.003500 tcp 10.0.2.109 62346 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:04:39.481333 0.000000 tcp 10.0.2.109 62346 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:04:45.479840 2.994007 tcp 10.0.2.109 62347 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:04:54.482839 0.000000 tcp 10.0.2.109 62347 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:05:00.481128 2.994556 tcp 10.0.2.109 62348 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:05:05.318545 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 20:05:09.474214 0.000000 tcp 10.0.2.109 62348 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:05:15.482709 2.994184 tcp 10.0.2.109 62349 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:05:24.475972 0.000000 tcp 10.0.2.109 62349 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:05:30.486021 0.629938 tcp 10.0.2.109 62350 -> 46.50.226.74 10856 FSPA* 0 0 14 1723 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:05:31.116173 3.003642 tcp 10.0.2.109 62351 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:05:40.117939 0.000000 tcp 10.0.2.109 62351 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:10:04.661101 3.001868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 20:10:11.668364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:10:19.670451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:10:35.672888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:10:46.118529 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 20:10:46.118648 3.004184 tcp 10.0.2.109 62352 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:10:55.121194 0.000000 tcp 10.0.2.109 62352 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:11:01.121151 0.052939 tcp 10.0.2.109 62353 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:01.174370 0.052755 tcp 10.0.2.109 62354 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:01.227425 0.248937 tcp 10.0.2.109 62355 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:01.504959 3.000084 tcp 10.0.2.109 62356 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:11:07.679387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:11:10.513597 0.000000 tcp 10.0.2.109 62356 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:11:16.502183 0.050810 tcp 10.0.2.109 62357 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:16.553273 0.055206 tcp 10.0.2.109 62358 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:16.608726 0.141229 tcp 10.0.2.109 62359 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:16.788491 2.998109 tcp 10.0.2.109 62360 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:11:25.785169 0.000000 tcp 10.0.2.109 62360 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:11:31.784819 0.052410 tcp 10.0.2.109 62361 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:31.837511 0.052400 tcp 10.0.2.109 62362 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:31.890395 0.145606 tcp 10.0.2.109 62363 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:32.127455 3.001039 tcp 10.0.2.109 62364 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:11:41.127243 0.000000 tcp 10.0.2.109 62364 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:11:47.126558 0.030231 tcp 10.0.2.109 62365 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:47.157022 0.053085 tcp 10.0.2.109 62366 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:47.210348 0.145853 tcp 10.0.2.109 62367 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:11:47.477333 3.003140 tcp 10.0.2.109 62368 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:11:56.479595 0.000000 tcp 10.0.2.109 62368 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:12:02.478627 0.051218 tcp 10.0.2.109 62369 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:02.530106 0.052365 tcp 10.0.2.109 62370 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:02.582675 0.141447 tcp 10.0.2.109 62371 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:02.926345 1.000985 tcp 10.0.2.109 62372 -> 46.50.226.74 10856 FSPA* 0 0 14 1715 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:03.579969 0.051454 tcp 10.0.2.109 62373 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:03.631669 0.053236 tcp 10.0.2.109 62374 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:03.685171 0.171246 tcp 10.0.2.109 62375 -> 195.113.214.211 443 SRPA* 0 0 74 77144 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:03.927399 2.996982 tcp 10.0.2.109 62376 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:12:12.933042 0.000000 tcp 10.0.2.109 62376 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:12:18.922454 0.051536 tcp 10.0.2.109 62377 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:18.974308 0.031808 tcp 10.0.2.109 62378 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:19.006379 0.143742 tcp 10.0.2.109 62379 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:12:19.301813 2.994707 tcp 10.0.2.109 62380 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:12:28.295262 0.000000 tcp 10.0.2.109 62380 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:12:34.294108 3.003623 tcp 10.0.2.109 62381 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:12:43.296715 0.000000 tcp 10.0.2.109 62381 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:12:49.295351 3.004363 tcp 10.0.2.109 62382 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:12:58.298155 0.000000 tcp 10.0.2.109 62382 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:13:04.297431 3.004104 tcp 10.0.2.109 62383 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:13:08.823652 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 20:13:13.300097 0.000000 tcp 10.0.2.109 62383 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:13:19.298826 3.004068 tcp 10.0.2.109 62384 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:13:28.301575 0.000000 tcp 10.0.2.109 62384 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:13:34.299977 0.627541 tcp 10.0.2.109 62385 -> 46.50.226.74 10856 FSPA* 0 0 14 1715 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:13:34.927769 2.997311 tcp 10.0.2.109 62386 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:13:43.923786 0.000000 tcp 10.0.2.109 62386 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:17:11.685153 3.002463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 20:17:18.693491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:17:26.694262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:17:42.697258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:18:14.703248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:18:49.924404 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 20:18:49.924589 3.003323 tcp 10.0.2.109 62387 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:18:58.926891 0.000000 tcp 10.0.2.109 62387 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:19:04.927109 0.031059 tcp 10.0.2.109 62388 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:04.958386 0.033597 tcp 10.0.2.109 62389 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:04.992263 0.143743 tcp 10.0.2.109 62390 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:05.145022 3.004904 tcp 10.0.2.109 62391 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:19:14.148571 0.000000 tcp 10.0.2.109 62391 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:19:20.137706 0.034118 tcp 10.0.2.109 62392 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:20.172070 0.030972 tcp 10.0.2.109 62393 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:20.203252 0.125580 tcp 10.0.2.109 62394 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:20.338390 3.003699 tcp 10.0.2.109 62395 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:19:29.340384 0.000000 tcp 10.0.2.109 62395 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:19:35.339991 0.051446 tcp 10.0.2.109 62396 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:35.391708 0.054098 tcp 10.0.2.109 62397 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:35.446062 0.146544 tcp 10.0.2.109 62398 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:35.611926 3.002303 tcp 10.0.2.109 62399 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:19:44.622331 0.000000 tcp 10.0.2.109 62399 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:19:50.611949 0.051324 tcp 10.0.2.109 62400 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:50.663475 0.031134 tcp 10.0.2.109 62401 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:50.694864 0.141910 tcp 10.0.2.109 62402 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:19:50.904571 2.990922 tcp 10.0.2.109 62403 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:19:59.894076 0.000000 tcp 10.0.2.109 62403 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:20:05.903623 0.030156 tcp 10.0.2.109 62404 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:05.934018 0.052645 tcp 10.0.2.109 62405 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:05.986929 0.121230 tcp 10.0.2.109 62406 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:06.203360 0.922156 tcp 10.0.2.109 62407 -> 46.50.226.74 10856 FSPA* 0 0 14 1568 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:06.848789 0.052014 tcp 10.0.2.109 62408 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:06.901060 0.052590 tcp 10.0.2.109 62409 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:06.953881 0.145319 tcp 10.0.2.109 62410 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:07.125776 3.003236 tcp 10.0.2.109 62411 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:20:16.127440 0.000000 tcp 10.0.2.109 62411 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:20:22.126590 0.051649 tcp 10.0.2.109 62412 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:22.178486 0.053782 tcp 10.0.2.109 62413 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:22.232512 0.147774 tcp 10.0.2.109 62414 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:20:22.426959 3.003846 tcp 10.0.2.109 62415 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:20:31.429784 0.000000 tcp 10.0.2.109 62415 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:20:37.418674 3.004285 tcp 10.0.2.109 62416 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:20:46.421483 0.000000 tcp 10.0.2.109 62416 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:20:52.420489 3.003934 tcp 10.0.2.109 62417 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:21:01.432850 0.000000 tcp 10.0.2.109 62417 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:21:06.319745 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 20:21:07.421644 2.993835 tcp 10.0.2.109 62418 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:21:16.414488 0.000000 tcp 10.0.2.109 62418 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:21:22.423069 2.994169 tcp 10.0.2.109 62419 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:21:31.416156 0.000000 tcp 10.0.2.109 62419 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:21:37.425087 0.681861 tcp 10.0.2.109 62420 -> 46.50.226.74 10856 FSPA* 0 0 14 1568 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:21:38.107107 3.002505 tcp 10.0.2.109 62421 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:21:47.108508 0.000000 tcp 10.0.2.109 62421 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:24:18.709616 3.000932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 20:24:25.716488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:24:33.717876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:24:49.720812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:25:21.727408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:26:53.109468 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 20:26:53.109641 3.003054 tcp 10.0.2.109 62422 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:27:02.111563 0.000000 tcp 10.0.2.109 62422 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:27:08.111727 0.053994 tcp 10.0.2.109 62423 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:08.166013 0.053096 tcp 10.0.2.109 62424 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:08.219347 0.143520 tcp 10.0.2.109 62425 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:08.398696 2.995959 tcp 10.0.2.109 62426 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:27:17.403164 0.000000 tcp 10.0.2.109 62426 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:27:23.392464 0.052744 tcp 10.0.2.109 62427 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:23.445409 0.053565 tcp 10.0.2.109 62428 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:23.499208 0.144155 tcp 10.0.2.109 62429 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:23.687794 2.999002 tcp 10.0.2.109 62430 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:27:32.685754 0.000000 tcp 10.0.2.109 62430 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:27:38.685213 0.052853 tcp 10.0.2.109 62431 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:38.738311 0.052781 tcp 10.0.2.109 62432 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:38.791309 0.143178 tcp 10.0.2.109 62433 -> 195.113.214.211 443 SRPA* 0 0 22 11392 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:38.996230 3.002473 tcp 10.0.2.109 62434 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:27:44.813163 0.061937 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:44.875484 0.150336 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:45.026175 0.071353 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:45.097867 0.083951 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:45.182250 0.044904 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:45.227495 0.260629 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:45.488533 0.051432 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:45.540281 0.146414 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:45.687099 0.106938 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:45.794451 0.162924 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:45.957758 0.052557 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:46.010639 0.185967 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:46.196981 0.030008 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:46.227301 0.070386 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:46.298018 0.176162 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:46.474541 0.340943 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:46.815864 0.144412 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:46.960667 0.046432 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:47.007488 0.029217 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:47.037021 0.167424 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:47.230940 0.154286 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:47.385638 0.317917 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:47.703925 0.142845 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:47.847167 0.076371 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:47.923904 0.057333 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:47.981578 0.042425 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:47.997832 0.000000 tcp 10.0.2.109 62434 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:27:48.024349 0.079195 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:48.103948 0.058446 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:48.162756 0.141006 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:27:53.996465 0.051685 tcp 10.0.2.109 62435 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:54.048450 0.052098 tcp 10.0.2.109 62436 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:54.100823 0.146750 tcp 10.0.2.109 62437 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:27:54.266851 3.004129 tcp 10.0.2.109 62438 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:28:03.269581 0.000000 tcp 10.0.2.109 62438 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:28:09.268707 0.052616 tcp 10.0.2.109 62439 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:09.321566 0.030673 tcp 10.0.2.109 62440 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:09.352433 0.128050 tcp 10.0.2.109 62441 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:09.544462 0.865911 tcp 10.0.2.109 62442 -> 46.50.226.74 10856 FSPA* 0 0 14 1629 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:10.167999 0.032637 tcp 10.0.2.109 62443 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:10.200921 0.053636 tcp 10.0.2.109 62444 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:10.254803 0.145931 tcp 10.0.2.109 62445 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:10.410567 3.003473 tcp 10.0.2.109 62446 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:28:19.422730 0.000000 tcp 10.0.2.109 62446 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:28:25.412312 0.053413 tcp 10.0.2.109 62447 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:25.465986 0.054032 tcp 10.0.2.109 62448 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:25.520231 0.145498 tcp 10.0.2.109 62449 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:28:25.797418 2.998382 tcp 10.0.2.109 62450 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:28:34.794595 0.000000 tcp 10.0.2.109 62450 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:28:40.793260 2.994460 tcp 10.0.2.109 62451 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:28:49.786008 0.000000 tcp 10.0.2.109 62451 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:28:55.795478 3.004021 tcp 10.0.2.109 62452 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:29:04.798050 0.000000 tcp 10.0.2.109 62452 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:29:10.796882 3.003588 tcp 10.0.2.109 62453 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:29:15.322665 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 20:29:19.799223 0.000000 tcp 10.0.2.109 62453 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:29:25.797906 3.004759 tcp 10.0.2.109 62454 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:29:34.800701 0.000000 tcp 10.0.2.109 62454 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:29:40.799915 0.691673 tcp 10.0.2.109 62455 -> 46.50.226.74 10856 FSPA* 0 0 14 1629 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:29:41.491733 2.993368 tcp 10.0.2.109 62456 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:29:50.493874 0.000000 tcp 10.0.2.109 62456 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:31:25.732550 3.002448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 20:31:32.740276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:31:40.742214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:31:56.744777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:32:28.751529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:38:32.757030 3.001556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 20:38:39.764985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:38:47.766473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:39:03.769055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:39:35.775467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:45:39.781219 3.001868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 20:45:46.788496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:45:54.790025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:46:10.792926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:46:42.799329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:52:46.804484 3.002779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 20:52:53.812168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:53:01.814007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:53:17.817549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:53:49.823131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 20:58:01.805778 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 20:58:01.805964 0.086184 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:01.872532 0.176747 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:02.023319 0.114432 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:02.132605 0.113843 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:02.212226 0.047349 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:02.257763 0.264622 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:02.519345 0.071971 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:02.574667 0.150029 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:02.734274 0.108098 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:02.859903 0.161930 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:03.034218 0.052832 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:03.095170 0.196723 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:03.283534 0.041783 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:03.314923 0.117712 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:03.387044 0.191439 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:03.571147 0.366117 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:03.938588 0.148928 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2616 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:04.079707 0.051512 rtcp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:04.127818 0.033717 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:04.173618 0.177056 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:04.348048 0.153564 rtp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:04.502362 0.378758 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:04.859175 0.172663 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:05.006343 0.112870 rtp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:05.084226 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 20:58:11.639649 3.003914 tcp 10.0.2.109 62457 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:58:20.652671 0.000000 tcp 10.0.2.109 62457 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:58:23.318004 0.054035 tcp 10.0.2.109 62458 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:23.372305 0.054494 tcp 10.0.2.109 62459 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:23.427028 0.146931 tcp 10.0.2.109 62460 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:23.574607 0.073758 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:23.633534 0.166812 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:23.781312 0.059208 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:23.824891 0.128363 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/01/22 20:58:26.641295 0.052048 tcp 10.0.2.109 62461 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:26.693571 0.110771 tcp 10.0.2.109 62462 -> 195.113.214.211 80 SRPA* 0 0 18 13405 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:26.813886 2.991380 tcp 10.0.2.109 62463 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:58:35.804141 0.000000 tcp 10.0.2.109 62463 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:58:41.813599 0.054295 tcp 10.0.2.109 62464 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:41.868179 0.053452 tcp 10.0.2.109 62465 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:41.921926 0.143911 tcp 10.0.2.109 62466 -> 195.113.214.211 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:42.076817 3.000867 tcp 10.0.2.109 62467 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:58:51.076412 0.000000 tcp 10.0.2.109 62467 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:58:57.075786 0.052777 tcp 10.0.2.109 62468 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:57.128763 0.052623 tcp 10.0.2.109 62469 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:57.181607 0.143262 tcp 10.0.2.109 62470 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:58:57.339995 2.999503 tcp 10.0.2.109 62471 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:59:06.337744 0.000000 tcp 10.0.2.109 62471 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:59:12.337127 0.052375 tcp 10.0.2.109 62472 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:12.389727 0.053312 tcp 10.0.2.109 62473 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:12.443260 0.146296 tcp 10.0.2.109 62474 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:12.603491 0.878869 tcp 10.0.2.109 62475 -> 46.50.226.74 10856 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:13.224609 0.052766 tcp 10.0.2.109 62476 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:13.277666 0.051740 tcp 10.0.2.109 62477 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:13.329660 0.141254 tcp 10.0.2.109 62478 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:13.482513 3.000401 tcp 10.0.2.109 62479 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:59:22.481350 0.000000 tcp 10.0.2.109 62479 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:59:28.480784 0.052858 tcp 10.0.2.109 62480 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:28.533862 0.052785 tcp 10.0.2.109 62481 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:28.586858 0.147120 tcp 10.0.2.109 62482 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 20:59:28.745053 2.999816 tcp 10.0.2.109 62483 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:59:37.753468 0.000000 tcp 10.0.2.109 62483 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:59:43.742329 2.994102 tcp 10.0.2.109 62484 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:59:52.734848 0.000000 tcp 10.0.2.109 62484 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 20:59:53.829088 3.001957 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 20:59:58.743679 2.994128 tcp 10.0.2.109 62485 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:00:00.836631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:00:07.736169 0.000000 tcp 10.0.2.109 62485 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:00:08.837812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:00:13.745389 3.003857 tcp 10.0.2.109 62486 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:00:18.321565 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:00:22.748025 0.000000 tcp 10.0.2.109 62486 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:00:24.841030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:00:28.747101 0.587765 tcp 10.0.2.109 62487 -> 46.50.226.74 10856 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:00:29.335041 3.006372 tcp 10.0.2.109 62488 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:00:38.340075 0.000000 tcp 10.0.2.109 62488 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:00:56.847306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:05:44.330955 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:05:44.331054 2.993770 tcp 10.0.2.109 62489 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:05:53.333037 0.000000 tcp 10.0.2.109 62489 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:05:59.333531 0.052250 tcp 10.0.2.109 62490 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:05:59.386022 0.051369 tcp 10.0.2.109 62491 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:05:59.437652 0.143514 tcp 10.0.2.109 62492 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:05:59.590837 2.995513 tcp 10.0.2.109 62493 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:06:08.585054 0.000000 tcp 10.0.2.109 62493 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:06:14.584517 0.051810 tcp 10.0.2.109 62494 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:06:14.636574 0.054444 tcp 10.0.2.109 62495 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:06:14.691238 0.148272 tcp 10.0.2.109 62496 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:06:15.008687 3.000427 tcp 10.0.2.109 62497 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:06:24.007405 0.000000 tcp 10.0.2.109 62497 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:06:30.006767 0.052914 tcp 10.0.2.109 62498 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:06:30.059926 0.054607 tcp 10.0.2.109 62499 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:06:30.114810 0.127017 tcp 10.0.2.109 62500 -> 195.113.214.211 443 SRPA* 0 0 33 24716 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:06:30.299796 3.001241 tcp 10.0.2.109 62501 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:06:39.299386 0.000000 tcp 10.0.2.109 62501 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:06:45.298786 0.052387 tcp 10.0.2.109 62502 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:06:45.351471 0.052732 tcp 10.0.2.109 62503 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:06:45.404463 0.141901 tcp 10.0.2.109 62504 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:06:45.722090 3.001065 tcp 10.0.2.109 62505 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:06:54.721518 0.000000 tcp 10.0.2.109 62505 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:07:00.720696 0.051722 tcp 10.0.2.109 62506 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:00.772748 0.053714 tcp 10.0.2.109 62507 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:00.826715 0.147427 tcp 10.0.2.109 62508 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:00.852213 3.002562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 21:07:01.172179 0.902823 tcp 10.0.2.109 62509 -> 46.50.226.74 10856 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:01.800100 0.051653 tcp 10.0.2.109 62510 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:01.851954 0.052765 tcp 10.0.2.109 62511 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:01.904992 0.147369 tcp 10.0.2.109 62512 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:02.075215 3.001210 tcp 10.0.2.109 62513 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:07:07.860399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:07:11.075250 0.000000 tcp 10.0.2.109 62513 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:07:15.861681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:07:17.074312 0.050827 tcp 10.0.2.109 62514 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:17.125374 0.052449 tcp 10.0.2.109 62515 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:17.178234 0.140340 tcp 10.0.2.109 62516 -> 195.113.214.211 443 SRPA* 0 0 18 7108 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:07:17.367699 3.000862 tcp 10.0.2.109 62517 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:07:26.366701 0.000000 tcp 10.0.2.109 62517 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:07:31.864773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:07:32.366100 3.003686 tcp 10.0.2.109 62518 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:07:41.368592 0.000000 tcp 10.0.2.109 62518 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:07:47.367685 3.004149 tcp 10.0.2.109 62519 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:07:56.370313 0.000000 tcp 10.0.2.109 62519 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:08:01.317124 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:08:02.368618 3.004186 tcp 10.0.2.109 62520 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:08:03.871076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:08:11.371512 0.000000 tcp 10.0.2.109 62520 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:08:17.370921 2.993776 tcp 10.0.2.109 62521 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:08:26.374862 0.000000 tcp 10.0.2.109 62521 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:08:32.371816 0.693635 tcp 10.0.2.109 62522 -> 46.50.226.74 10856 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:08:33.065664 3.001347 tcp 10.0.2.109 62523 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:08:42.066389 0.000000 tcp 10.0.2.109 62523 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:13:48.066608 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:13:48.066777 3.003264 tcp 10.0.2.109 62524 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:13:57.068795 0.000000 tcp 10.0.2.109 62524 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:14:03.069199 0.052499 tcp 10.0.2.109 62525 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:03.121980 0.052064 tcp 10.0.2.109 62526 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:03.174447 0.145110 tcp 10.0.2.109 62527 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:03.358499 3.003295 tcp 10.0.2.109 62528 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:14:07.876423 3.002681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 21:14:12.360634 0.000000 tcp 10.0.2.109 62528 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:14:14.884495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:14:18.360096 0.052174 tcp 10.0.2.109 62529 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:18.412546 0.053636 tcp 10.0.2.109 62530 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:18.466420 0.146654 tcp 10.0.2.109 62531 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:18.755023 2.998992 tcp 10.0.2.109 62532 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:14:22.885968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:14:27.762898 0.000000 tcp 10.0.2.109 62532 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:14:33.752245 0.052429 tcp 10.0.2.109 62533 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:33.804949 0.054834 tcp 10.0.2.109 62534 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:33.860016 0.136571 tcp 10.0.2.109 62535 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:34.070601 2.995532 tcp 10.0.2.109 62536 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:14:38.888648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:14:43.064882 0.000000 tcp 10.0.2.109 62536 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:14:49.064334 0.052911 tcp 10.0.2.109 62537 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:49.117551 0.052888 tcp 10.0.2.109 62538 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:49.170804 0.142834 tcp 10.0.2.109 62539 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:14:49.496183 3.002047 tcp 10.0.2.109 62540 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:14:58.497461 0.000000 tcp 10.0.2.109 62540 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:15:04.496389 0.051900 tcp 10.0.2.109 62541 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:04.548541 0.055391 tcp 10.0.2.109 62542 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:04.604155 0.142762 tcp 10.0.2.109 62543 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:04.840031 0.954732 tcp 10.0.2.109 62544 -> 46.50.226.74 10856 FSPA* 0 0 14 1705 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:05.526442 0.052263 tcp 10.0.2.109 62545 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:05.578971 0.052453 tcp 10.0.2.109 62546 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:05.631680 0.143983 tcp 10.0.2.109 62547 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:05.795030 3.007358 tcp 10.0.2.109 62548 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:15:10.895275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:15:14.800177 0.000000 tcp 10.0.2.109 62548 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:15:20.790302 0.051704 tcp 10.0.2.109 62549 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:20.842308 0.053149 tcp 10.0.2.109 62550 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:20.895714 0.141351 tcp 10.0.2.109 62551 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:15:21.160357 3.003411 tcp 10.0.2.109 62552 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:15:30.172493 0.000000 tcp 10.0.2.109 62552 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:15:36.161195 2.994123 tcp 10.0.2.109 62553 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:15:45.163850 0.000000 tcp 10.0.2.109 62553 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:15:51.163133 2.993795 tcp 10.0.2.109 62554 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:16:00.155911 0.000000 tcp 10.0.2.109 62554 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:16:06.164394 3.004078 tcp 10.0.2.109 62555 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:16:10.821210 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:16:15.167033 0.000000 tcp 10.0.2.109 62555 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:16:21.165789 3.004231 tcp 10.0.2.109 62556 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:16:30.168882 0.000000 tcp 10.0.2.109 62556 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:16:36.167818 0.656497 tcp 10.0.2.109 62557 -> 46.50.226.74 10856 FSPA* 0 0 14 1705 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:16:36.824563 3.008253 tcp 10.0.2.109 62558 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:16:45.831622 0.000000 tcp 10.0.2.109 62558 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:21:14.901045 3.001678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 21:21:21.908202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:21:29.909577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:21:45.912930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:21:51.822480 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:21:51.822742 2.993051 tcp 10.0.2.109 62559 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:22:00.814253 0.000000 tcp 10.0.2.109 62559 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:22:06.825268 0.053118 tcp 10.0.2.109 62560 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:06.878690 0.052797 tcp 10.0.2.109 62561 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:06.931809 0.142183 tcp 10.0.2.109 62562 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:07.299036 2.999075 tcp 10.0.2.109 62563 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:22:16.296212 0.000000 tcp 10.0.2.109 62563 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:22:17.919248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:22:22.295696 0.051373 tcp 10.0.2.109 62564 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:22.347338 0.052437 tcp 10.0.2.109 62565 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:22.400038 0.146905 tcp 10.0.2.109 62566 -> 195.113.214.211 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:22.577356 3.002784 tcp 10.0.2.109 62567 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:22:31.578412 0.000000 tcp 10.0.2.109 62567 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:22:37.577959 0.052156 tcp 10.0.2.109 62568 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:37.630354 0.052099 tcp 10.0.2.109 62569 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:37.682756 0.147212 tcp 10.0.2.109 62570 -> 195.113.214.211 443 SRPA* 0 0 57 40998 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:37.892272 3.000048 tcp 10.0.2.109 62571 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:22:46.890740 0.000000 tcp 10.0.2.109 62571 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:22:52.889669 0.051690 tcp 10.0.2.109 62572 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:52.941488 0.054411 tcp 10.0.2.109 62573 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:52.996159 0.141662 tcp 10.0.2.109 62574 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:22:53.163108 3.000546 tcp 10.0.2.109 62575 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:23:02.172782 0.000000 tcp 10.0.2.109 62575 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:23:08.161392 0.052347 tcp 10.0.2.109 62576 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:08.214011 0.052573 tcp 10.0.2.109 62577 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:08.266870 0.146878 tcp 10.0.2.109 62578 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:08.431107 0.889992 tcp 10.0.2.109 62579 -> 46.50.226.74 10856 FSPA* 0 0 14 1530 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:09.035594 0.051683 tcp 10.0.2.109 62580 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:09.087554 0.053316 tcp 10.0.2.109 62581 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:09.141119 0.147184 tcp 10.0.2.109 62582 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:09.321256 2.996071 tcp 10.0.2.109 62583 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:23:18.315730 0.000000 tcp 10.0.2.109 62583 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:23:24.314816 0.052543 tcp 10.0.2.109 62584 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:24.367638 0.051861 tcp 10.0.2.109 62585 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:24.419768 0.147415 tcp 10.0.2.109 62586 -> 195.113.214.211 443 SRPA* 0 0 44 40906 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:23:24.601153 2.997876 tcp 10.0.2.109 62587 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:23:33.597753 0.000000 tcp 10.0.2.109 62587 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:23:39.596395 3.004525 tcp 10.0.2.109 62588 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:23:48.599453 0.000000 tcp 10.0.2.109 62588 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:23:54.598056 3.003985 tcp 10.0.2.109 62589 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:24:03.601100 0.000000 tcp 10.0.2.109 62589 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:24:09.599749 3.003910 tcp 10.0.2.109 62590 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:24:14.316835 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:24:18.612236 0.000000 tcp 10.0.2.109 62590 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:24:24.601172 2.994630 tcp 10.0.2.109 62591 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:24:33.593792 0.000000 tcp 10.0.2.109 62591 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:24:39.603144 0.653027 tcp 10.0.2.109 62592 -> 46.50.226.74 10856 FSPA* 0 0 14 1530 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:24:40.256329 3.001390 tcp 10.0.2.109 62593 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:24:49.256393 0.000000 tcp 10.0.2.109 62593 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:28:21.924493 3.002019 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 21:28:27.190500 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:28:27.190688 0.046388 rtp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:27.234570 0.083186 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:27.299056 0.141948 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:27.438905 0.117550 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:27.560988 0.047772 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:27.694713 0.262271 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 5 1912 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:27.955967 0.074025 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:28.041353 0.155825 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:28.191979 0.175481 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:28.343967 0.107879 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:28.521011 0.196552 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:28.710317 0.038166 rtp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:28.800393 0.115490 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:28.870561 0.190590 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:28.932003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:28:29.053611 0.346207 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:29.422087 0.167758 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:29.591480 0.054356 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2570 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:29.656056 0.031906 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:29.686705 0.173605 udp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:29.927017 0.150764 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:30.073712 0.346687 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:30.399999 0.167045 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:30.544669 0.158248 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:30.693540 0.051528 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:30.775166 0.116776 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:30.852639 0.059316 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:30.925530 0.125625 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:31.013783 0.072573 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:31.118697 0.166195 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:28:36.934989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:28:52.937178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:29:24.942917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:29:55.256694 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:29:55.256772 3.004121 tcp 10.0.2.109 62594 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:30:04.259330 0.000000 tcp 10.0.2.109 62594 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:30:10.259344 0.052847 tcp 10.0.2.109 62595 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:10.312416 0.054967 tcp 10.0.2.109 62596 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:10.367617 0.145808 tcp 10.0.2.109 62597 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:10.568278 3.004413 tcp 10.0.2.109 62598 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:30:19.571699 0.000000 tcp 10.0.2.109 62598 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:30:25.560402 0.052198 tcp 10.0.2.109 62599 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:25.612901 0.053016 tcp 10.0.2.109 62600 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:25.666212 0.141308 tcp 10.0.2.109 62601 -> 195.113.214.211 443 SRPA* 0 0 40 32778 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:25.997580 2.997573 tcp 10.0.2.109 62602 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:30:35.003658 0.000000 tcp 10.0.2.109 62602 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:30:40.993251 0.052962 tcp 10.0.2.109 62603 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:41.046572 0.053597 tcp 10.0.2.109 62604 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:41.100569 0.144485 tcp 10.0.2.109 62605 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:41.255257 3.001833 tcp 10.0.2.109 62606 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:30:50.255598 0.000000 tcp 10.0.2.109 62606 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:30:56.254676 0.053763 tcp 10.0.2.109 62607 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:56.308676 0.053896 tcp 10.0.2.109 62608 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:56.362870 0.148126 tcp 10.0.2.109 62609 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:30:56.535690 3.003091 tcp 10.0.2.109 62610 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:31:05.537324 0.000000 tcp 10.0.2.109 62610 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:31:11.536634 0.052491 tcp 10.0.2.109 62611 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:11.589405 0.053101 tcp 10.0.2.109 62612 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:11.642808 0.151121 tcp 10.0.2.109 62613 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:11.899200 1.024249 tcp 10.0.2.109 62614 -> 46.50.226.74 10856 FSPA* 0 0 14 1575 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:12.583348 0.053125 tcp 10.0.2.109 62615 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:12.636730 0.054117 tcp 10.0.2.109 62616 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:12.691163 0.147609 tcp 10.0.2.109 62617 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:12.923670 2.998973 tcp 10.0.2.109 62618 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:31:21.920706 0.000000 tcp 10.0.2.109 62618 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:31:27.920223 0.052286 tcp 10.0.2.109 62619 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:27.972836 0.084766 tcp 10.0.2.109 62620 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:28.057976 0.144721 tcp 10.0.2.109 62621 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:31:28.251373 2.993327 tcp 10.0.2.109 62622 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:31:37.253248 0.000000 tcp 10.0.2.109 62622 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:31:43.251534 2.994218 tcp 10.0.2.109 62623 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:31:52.244751 0.000000 tcp 10.0.2.109 62623 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:31:58.253566 2.994146 tcp 10.0.2.109 62624 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:32:07.245962 0.000000 tcp 10.0.2.109 62624 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:32:13.254927 3.003927 tcp 10.0.2.109 62625 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:32:17.821416 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:32:22.258191 0.000000 tcp 10.0.2.109 62625 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:32:28.256666 3.004227 tcp 10.0.2.109 62626 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:32:37.259076 0.000000 tcp 10.0.2.109 62626 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:32:43.257974 0.659574 tcp 10.0.2.109 62627 -> 46.50.226.74 10856 FSPA* 0 0 14 1575 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:32:43.917751 3.005772 tcp 10.0.2.109 62628 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:32:52.921533 0.000000 tcp 10.0.2.109 62628 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:35:28.948770 3.001730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 21:35:35.956116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:35:43.958215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:35:59.961091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:36:31.966899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:37:58.912201 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:37:58.912402 2.993461 tcp 10.0.2.109 62629 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:38:07.904964 0.000000 tcp 10.0.2.109 62629 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:38:13.915218 0.052632 tcp 10.0.2.109 62630 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:13.968090 0.053451 tcp 10.0.2.109 62631 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:14.021771 0.143586 tcp 10.0.2.109 62632 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:14.174749 3.002986 tcp 10.0.2.109 62633 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:38:23.176690 0.000000 tcp 10.0.2.109 62633 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:38:29.175897 0.052963 tcp 10.0.2.109 62634 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:29.229061 0.054347 tcp 10.0.2.109 62635 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:29.283645 0.148423 tcp 10.0.2.109 62636 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:29.444264 3.006041 tcp 10.0.2.109 62637 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:38:38.448887 0.000000 tcp 10.0.2.109 62637 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:38:44.437642 0.051936 tcp 10.0.2.109 62638 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:44.489834 0.053127 tcp 10.0.2.109 62639 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:44.543210 0.144183 tcp 10.0.2.109 62640 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:44.697420 2.994407 tcp 10.0.2.109 62641 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:38:53.690593 0.000000 tcp 10.0.2.109 62641 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:38:59.700066 0.051684 tcp 10.0.2.109 62642 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:59.751996 0.053834 tcp 10.0.2.109 62643 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:59.806122 0.145721 tcp 10.0.2.109 62644 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:38:59.960965 3.002872 tcp 10.0.2.109 62645 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:39:08.972927 0.000000 tcp 10.0.2.109 62645 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:39:14.961733 0.052191 tcp 10.0.2.109 62646 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:15.014176 0.052976 tcp 10.0.2.109 62647 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:15.067371 0.146408 tcp 10.0.2.109 62648 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:15.230370 0.875116 tcp 10.0.2.109 62649 -> 46.50.226.74 10856 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:15.844023 0.052374 tcp 10.0.2.109 62650 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:15.896627 0.052705 tcp 10.0.2.109 62651 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:15.949569 0.144638 tcp 10.0.2.109 62652 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:16.105618 3.001518 tcp 10.0.2.109 62653 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:39:25.105764 0.000000 tcp 10.0.2.109 62653 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:39:31.104734 0.051836 tcp 10.0.2.109 62654 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:31.156794 0.054000 tcp 10.0.2.109 62655 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:31.210996 0.143837 tcp 10.0.2.109 62656 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:39:31.364564 3.004317 tcp 10.0.2.109 62657 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:39:40.367666 0.000000 tcp 10.0.2.109 62657 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:39:46.366450 3.004461 tcp 10.0.2.109 62658 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:39:55.369696 0.000000 tcp 10.0.2.109 62658 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:40:01.367830 3.004237 tcp 10.0.2.109 62659 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:40:10.370483 0.000000 tcp 10.0.2.109 62659 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:40:15.318280 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:40:16.369592 2.994390 tcp 10.0.2.109 62660 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:40:25.372459 0.000000 tcp 10.0.2.109 62660 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:40:31.371191 2.993947 tcp 10.0.2.109 62661 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:40:40.363624 0.000000 tcp 10.0.2.109 62661 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:40:46.372748 0.671179 tcp 10.0.2.109 62662 -> 46.50.226.74 10856 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:40:47.044102 3.003677 tcp 10.0.2.109 62663 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:40:56.046915 0.000000 tcp 10.0.2.109 62663 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:42:35.972740 3.001512 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 21:42:42.980407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:42:50.981664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:43:06.984485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:43:38.990490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:46:02.047311 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:46:02.047475 3.003438 tcp 10.0.2.109 62664 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:46:11.049202 0.000000 tcp 10.0.2.109 62664 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:46:17.049694 0.053412 tcp 10.0.2.109 62665 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:46:17.103340 0.053151 tcp 10.0.2.109 62666 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:46:17.156679 0.145172 tcp 10.0.2.109 62667 -> 195.113.214.211 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:46:17.311386 3.001341 tcp 10.0.2.109 62668 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:46:26.311193 0.000000 tcp 10.0.2.109 62668 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:46:32.310813 0.052340 tcp 10.0.2.109 62669 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:46:32.363362 0.053781 tcp 10.0.2.109 62670 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:46:32.417348 0.147228 tcp 10.0.2.109 62671 -> 195.113.214.211 443 SRPA* 0 0 20 11520 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:46:32.574333 3.000877 tcp 10.0.2.109 62672 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:46:41.582950 0.000000 tcp 10.0.2.109 62672 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:46:47.572674 0.054024 tcp 10.0.2.109 62673 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:46:47.626923 0.054161 tcp 10.0.2.109 62674 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:46:47.681316 0.143210 tcp 10.0.2.109 62675 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:46:47.834112 3.002146 tcp 10.0.2.109 62676 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:46:56.835439 0.000000 tcp 10.0.2.109 62676 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:47:02.834262 0.053172 tcp 10.0.2.109 62677 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:02.887630 0.053840 tcp 10.0.2.109 62678 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:02.941708 0.143822 tcp 10.0.2.109 62679 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:03.095219 3.003705 tcp 10.0.2.109 62680 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:47:12.097307 0.000000 tcp 10.0.2.109 62680 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:47:18.096713 0.052869 tcp 10.0.2.109 62681 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:18.149799 0.053733 tcp 10.0.2.109 62682 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:18.203721 0.143576 tcp 10.0.2.109 62683 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:18.357673 0.929463 tcp 10.0.2.109 62684 -> 46.50.226.74 10856 FSPA* 0 0 14 1589 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:19.018798 0.052591 tcp 10.0.2.109 62685 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:19.071579 0.052961 tcp 10.0.2.109 62686 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:19.124786 0.147197 tcp 10.0.2.109 62687 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:19.287371 3.004548 tcp 10.0.2.109 62688 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:47:28.290297 0.000000 tcp 10.0.2.109 62688 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:47:34.279489 0.052546 tcp 10.0.2.109 62689 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:34.332222 0.052378 tcp 10.0.2.109 62690 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:34.384804 0.142470 tcp 10.0.2.109 62691 -> 195.113.214.211 443 SRPA* 0 0 52 36646 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:47:34.538038 3.005981 tcp 10.0.2.109 62692 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:47:43.552044 0.000000 tcp 10.0.2.109 62692 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:47:49.531460 2.993697 tcp 10.0.2.109 62693 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:47:58.523912 0.000000 tcp 10.0.2.109 62693 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:48:04.532466 2.994670 tcp 10.0.2.109 62694 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:48:13.525174 0.000000 tcp 10.0.2.109 62694 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:48:19.534033 3.004404 tcp 10.0.2.109 62695 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:48:24.321347 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:48:28.536755 0.000000 tcp 10.0.2.109 62695 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:48:34.535891 3.003920 tcp 10.0.2.109 62696 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:48:43.538282 0.000000 tcp 10.0.2.109 62696 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:48:49.537664 1.120360 tcp 10.0.2.109 62697 -> 46.50.226.74 10856 FSPA* 0 0 14 1589 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:48:50.658339 3.005235 tcp 10.0.2.109 62698 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:48:59.661752 0.000000 tcp 10.0.2.109 62698 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:49:42.996661 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 21:49:50.003951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:49:58.006009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:50:14.008716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:50:46.015027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:54:05.653144 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:54:05.653396 2.992941 tcp 10.0.2.109 62699 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:54:14.644569 0.000000 tcp 10.0.2.109 62699 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:54:20.655592 0.052583 tcp 10.0.2.109 62700 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:54:20.708418 0.052566 tcp 10.0.2.109 62701 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:54:20.761283 0.142891 tcp 10.0.2.109 62702 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:54:20.920868 2.996993 tcp 10.0.2.109 62703 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:54:29.916691 0.000000 tcp 10.0.2.109 62703 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:54:35.915443 0.051540 tcp 10.0.2.109 62704 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:54:35.967187 0.053461 tcp 10.0.2.109 62705 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:54:36.020917 0.145053 tcp 10.0.2.109 62706 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:54:36.180349 2.999288 tcp 10.0.2.109 62707 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:54:45.178947 0.000000 tcp 10.0.2.109 62707 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:54:51.177850 0.052592 tcp 10.0.2.109 62708 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:54:51.230679 0.054338 tcp 10.0.2.109 62709 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:54:51.285316 0.148630 tcp 10.0.2.109 62710 -> 195.113.214.211 443 SRPA* 0 0 41 35412 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:54:51.445258 3.006665 tcp 10.0.2.109 62711 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:55:00.450806 0.000000 tcp 10.0.2.109 62711 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:55:06.439806 0.051082 tcp 10.0.2.109 62712 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:06.491074 0.053269 tcp 10.0.2.109 62713 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:06.544606 0.147684 tcp 10.0.2.109 62714 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:06.701752 2.991861 tcp 10.0.2.109 62715 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:55:15.702976 0.000000 tcp 10.0.2.109 62715 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:55:21.701716 0.052631 tcp 10.0.2.109 62716 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:21.754555 0.054015 tcp 10.0.2.109 62717 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:21.808833 0.146276 tcp 10.0.2.109 62718 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:21.964323 0.926333 tcp 10.0.2.109 62719 -> 46.50.226.74 10856 FSPA* 0 0 14 1756 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:22.618106 0.052533 tcp 10.0.2.109 62720 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:22.670842 0.052069 tcp 10.0.2.109 62721 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:22.723094 0.145188 tcp 10.0.2.109 62722 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:22.890799 2.996646 tcp 10.0.2.109 62723 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:55:31.885612 0.000000 tcp 10.0.2.109 62723 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:55:37.885357 0.051442 tcp 10.0.2.109 62724 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:37.937050 0.054150 tcp 10.0.2.109 62725 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:37.991434 0.146737 tcp 10.0.2.109 62726 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:55:38.156842 3.001971 tcp 10.0.2.109 62727 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:55:47.158025 0.000000 tcp 10.0.2.109 62727 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:55:53.156429 3.004458 tcp 10.0.2.109 62728 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:56:02.159304 0.000000 tcp 10.0.2.109 62728 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:56:08.158332 3.003579 tcp 10.0.2.109 62729 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:56:17.160950 0.000000 tcp 10.0.2.109 62729 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:56:23.159679 3.004391 tcp 10.0.2.109 62730 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:56:27.815863 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:56:32.172470 0.000000 tcp 10.0.2.109 62730 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:56:38.160913 2.994781 tcp 10.0.2.109 62731 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:56:47.163980 0.000000 tcp 10.0.2.109 62731 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:56:50.020350 3.002620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 21:56:53.162418 0.141695 tcp 10.0.2.109 62732 -> 46.50.226.74 10856 SPA_* 0 0 9 1226 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:56:57.028166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:57:03.759149 0.000368 tcp 10.0.2.109 62732 -> 46.50.226.74 10856 FA_F* 0 0 5 786 flow=From-Botnet-V1-TCP-Established 1970/01/22 21:57:03.759715 3.002615 tcp 10.0.2.109 62733 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:57:05.029426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:57:12.760914 0.000000 tcp 10.0.2.109 62733 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 21:57:21.032733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:57:53.039017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 21:58:48.649284 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 21:58:48.649485 0.061172 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2033 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:48.706567 0.122980 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:48.796675 0.047264 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:48.844215 0.295304 rtp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:49.127480 0.054002 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:49.178656 0.084411 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:49.353037 0.070770 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:49.404945 0.157797 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:49.556789 0.176113 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:49.708181 0.109014 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:49.829561 0.197246 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:50.017896 0.040345 udp 10.0.2.109 3683 <-> 77.23.25.127 9684 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:50.051226 0.109710 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:50.116785 0.186564 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:50.295487 0.377183 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:50.671974 0.158229 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:50.838658 0.056522 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:50.911898 0.033363 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:50.943996 0.278225 rtp 10.0.2.109 3683 <-> 70.113.215.93 3192 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:51.221165 0.144248 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:51.392352 0.344852 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:51.751553 0.170884 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:51.896880 0.153360 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:52.042614 0.052023 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:52.090881 0.183900 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:52.238042 0.063718 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:52.287137 0.130087 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:52.376118 0.073993 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/01/22 21:58:52.434284 0.167600 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2602 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:02:18.761307 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:02:18.761476 2.993346 tcp 10.0.2.109 62734 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:02:27.763726 0.000000 tcp 10.0.2.109 62734 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:02:33.763880 0.051842 tcp 10.0.2.109 62735 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:02:33.815933 0.053333 tcp 10.0.2.109 62736 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:02:33.869482 0.145820 tcp 10.0.2.109 62737 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:02:34.027657 2.999651 tcp 10.0.2.109 62738 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:02:43.025900 0.000000 tcp 10.0.2.109 62738 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:02:49.024912 0.053048 tcp 10.0.2.109 62739 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:02:49.078214 0.054364 tcp 10.0.2.109 62740 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:02:49.132875 0.146309 tcp 10.0.2.109 62741 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:02:49.289572 2.999715 tcp 10.0.2.109 62742 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:02:58.287675 0.000000 tcp 10.0.2.109 62742 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:03:04.286448 0.052370 tcp 10.0.2.109 62743 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:04.339060 0.052325 tcp 10.0.2.109 62744 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:04.391659 0.148376 tcp 10.0.2.109 62745 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:04.558581 3.002426 tcp 10.0.2.109 62746 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:03:13.559188 0.000000 tcp 10.0.2.109 62746 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:03:19.559110 0.051158 tcp 10.0.2.109 62747 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:19.610536 0.053113 tcp 10.0.2.109 62748 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:19.663953 0.148012 tcp 10.0.2.109 62749 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:19.836246 3.006909 tcp 10.0.2.109 62750 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:03:28.841905 0.000000 tcp 10.0.2.109 62750 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:03:34.830826 0.053580 tcp 10.0.2.109 62751 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:34.884601 0.053237 tcp 10.0.2.109 62752 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:34.938326 0.143273 tcp 10.0.2.109 62753 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:35.090694 2.025710 tcp 10.0.2.109 62754 -> 46.50.226.74 10856 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:36.800092 0.052602 tcp 10.0.2.109 62755 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:36.852997 0.052403 tcp 10.0.2.109 62756 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:36.905675 0.147344 tcp 10.0.2.109 62757 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:37.116587 3.001010 tcp 10.0.2.109 62758 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:03:46.116395 0.000000 tcp 10.0.2.109 62758 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:03:52.115243 0.051598 tcp 10.0.2.109 62759 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:52.167128 0.052738 tcp 10.0.2.109 62760 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:52.220125 0.144780 tcp 10.0.2.109 62761 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:03:52.420745 2.999382 tcp 10.0.2.109 62762 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:03:57.044543 3.001698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 22:04:01.418181 0.000000 tcp 10.0.2.109 62762 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:04:04.052631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:04:07.417280 3.004062 tcp 10.0.2.109 62763 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:04:12.053535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:04:16.419563 0.000000 tcp 10.0.2.109 62763 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:04:22.418496 3.004770 tcp 10.0.2.109 62764 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:04:28.056385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:04:31.421163 0.000000 tcp 10.0.2.109 62764 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:04:36.319014 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:04:37.419928 2.994187 tcp 10.0.2.109 62765 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:04:46.423390 0.000000 tcp 10.0.2.109 62765 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:04:52.421743 2.993904 tcp 10.0.2.109 62766 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:05:00.062919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:05:01.414825 0.000000 tcp 10.0.2.109 62766 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:05:07.423628 0.637364 tcp 10.0.2.109 62767 -> 46.50.226.74 10856 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:05:08.061169 2.997570 tcp 10.0.2.109 62768 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:05:17.057145 0.000000 tcp 10.0.2.109 62768 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:10:23.057592 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:10:23.057725 3.003480 tcp 10.0.2.109 62769 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:10:32.060232 0.000000 tcp 10.0.2.109 62769 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:10:38.060832 0.052835 tcp 10.0.2.109 62770 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:10:38.113896 0.054307 tcp 10.0.2.109 62771 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:10:38.168507 0.138477 tcp 10.0.2.109 62772 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:10:38.352330 3.000690 tcp 10.0.2.109 62773 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:10:47.351797 0.000000 tcp 10.0.2.109 62773 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:10:53.351381 0.053000 tcp 10.0.2.109 62774 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:10:53.404589 0.056909 tcp 10.0.2.109 62775 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:10:53.461738 0.147435 tcp 10.0.2.109 62776 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:10:53.667078 2.998601 tcp 10.0.2.109 62777 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:11:02.663674 0.000000 tcp 10.0.2.109 62777 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:11:04.068387 3.001735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 22:11:08.663396 0.053155 tcp 10.0.2.109 62778 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:08.716805 0.063230 tcp 10.0.2.109 62779 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:08.780233 0.147359 tcp 10.0.2.109 62780 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:09.031823 2.995768 tcp 10.0.2.109 62781 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:11:11.076427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:11:18.026004 0.000000 tcp 10.0.2.109 62781 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:11:19.077583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:11:24.024920 0.051552 tcp 10.0.2.109 62782 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:24.076775 0.052590 tcp 10.0.2.109 62783 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:24.129669 0.148193 tcp 10.0.2.109 62784 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:24.379452 3.000353 tcp 10.0.2.109 62785 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:11:33.378200 0.000000 tcp 10.0.2.109 62785 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:11:35.080614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:11:39.377639 0.053299 tcp 10.0.2.109 62786 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:39.431193 0.053359 tcp 10.0.2.109 62787 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:39.484810 0.143475 tcp 10.0.2.109 62788 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:39.693537 0.932106 tcp 10.0.2.109 62789 -> 46.50.226.74 10856 FSPA* 0 0 14 1684 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:40.334704 0.053470 tcp 10.0.2.109 62790 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:40.388390 0.052402 tcp 10.0.2.109 62791 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:40.440969 0.147892 tcp 10.0.2.109 62792 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:40.625810 3.006923 tcp 10.0.2.109 62793 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:11:49.631507 0.000000 tcp 10.0.2.109 62793 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:11:55.621074 0.051401 tcp 10.0.2.109 62794 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:55.672888 0.052504 tcp 10.0.2.109 62795 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:55.725726 0.148361 tcp 10.0.2.109 62796 -> 195.113.214.211 443 SRPA* 0 0 41 22670 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:11:56.076410 2.998603 tcp 10.0.2.109 62797 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:12:05.073856 0.000000 tcp 10.0.2.109 62797 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:12:07.086676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:12:11.072459 2.994545 tcp 10.0.2.109 62798 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:12:20.065628 0.000000 tcp 10.0.2.109 62798 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:12:26.073815 3.004315 tcp 10.0.2.109 62799 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:12:35.077025 0.000000 tcp 10.0.2.109 62799 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:12:39.823646 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:12:41.075346 3.004196 tcp 10.0.2.109 62800 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:12:50.078287 0.000000 tcp 10.0.2.109 62800 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:12:56.077158 3.004421 tcp 10.0.2.109 62801 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:13:05.079656 0.000000 tcp 10.0.2.109 62801 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:13:11.078980 0.653416 tcp 10.0.2.109 62802 -> 46.50.226.74 10856 FSPA* 0 0 14 1684 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:13:11.732601 2.991503 tcp 10.0.2.109 62803 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:13:20.732830 0.000000 tcp 10.0.2.109 62803 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:18:11.092692 3.001685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 22:18:18.099800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:18:26.101672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:18:26.733314 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:18:26.733523 2.993563 tcp 10.0.2.109 62804 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:18:35.725655 0.000000 tcp 10.0.2.109 62804 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:18:41.736159 0.056580 tcp 10.0.2.109 62805 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:18:41.793038 0.052230 tcp 10.0.2.109 62806 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:18:41.845597 0.148221 tcp 10.0.2.109 62807 -> 195.113.214.211 443 SRPA* 0 0 51 33094 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:18:42.034612 3.004318 tcp 10.0.2.109 62808 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:18:42.104678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:18:51.037377 0.000000 tcp 10.0.2.109 62808 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:18:57.036828 0.052793 tcp 10.0.2.109 62809 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:18:57.089888 0.054009 tcp 10.0.2.109 62810 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:18:57.144228 0.147660 tcp 10.0.2.109 62811 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:18:57.301726 2.998950 tcp 10.0.2.109 62812 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:19:06.299594 0.000000 tcp 10.0.2.109 62812 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:19:12.298291 0.052657 tcp 10.0.2.109 62813 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:12.351188 0.053800 tcp 10.0.2.109 62814 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:12.405243 0.147923 tcp 10.0.2.109 62815 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:12.562308 3.000730 tcp 10.0.2.109 62816 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:19:14.110396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:19:21.561539 0.000000 tcp 10.0.2.109 62816 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:19:27.560645 0.101105 tcp 10.0.2.109 62817 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:27.662012 0.052318 tcp 10.0.2.109 62818 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:27.714596 0.151637 tcp 10.0.2.109 62819 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:27.882805 2.991968 tcp 10.0.2.109 62820 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:19:36.883301 0.000000 tcp 10.0.2.109 62820 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:19:42.882595 0.051917 tcp 10.0.2.109 62821 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:42.934757 0.052485 tcp 10.0.2.109 62822 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:42.987515 0.145970 tcp 10.0.2.109 62823 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:43.150118 0.954600 tcp 10.0.2.109 62824 -> 46.50.226.74 10856 FSPA* 0 0 14 1697 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:43.844011 0.052478 tcp 10.0.2.109 62825 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:43.896742 0.051511 tcp 10.0.2.109 62826 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:43.948508 0.141200 tcp 10.0.2.109 62827 -> 195.113.214.211 443 SRPA* 0 0 24 14812 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:44.104917 3.002991 tcp 10.0.2.109 62828 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:19:53.106583 0.000000 tcp 10.0.2.109 62828 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:19:59.105810 0.052770 tcp 10.0.2.109 62829 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:59.158822 0.053914 tcp 10.0.2.109 62830 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:59.213016 0.148892 tcp 10.0.2.109 62831 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:19:59.372954 2.997486 tcp 10.0.2.109 62832 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:20:08.368576 0.000000 tcp 10.0.2.109 62832 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:20:14.367362 3.004259 tcp 10.0.2.109 62833 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:20:23.370374 0.000000 tcp 10.0.2.109 62833 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:20:29.369191 3.004054 tcp 10.0.2.109 62834 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:20:38.372052 0.000000 tcp 10.0.2.109 62834 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:20:43.318831 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:20:44.370611 2.993741 tcp 10.0.2.109 62835 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:20:53.373131 0.000000 tcp 10.0.2.109 62835 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:20:59.371957 2.994648 tcp 10.0.2.109 62836 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:21:08.365181 0.000000 tcp 10.0.2.109 62836 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:21:14.373700 0.676846 tcp 10.0.2.109 62837 -> 46.50.226.74 10856 FSPA* 0 0 14 1697 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:21:15.050741 2.998125 tcp 10.0.2.109 62838 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:21:24.047820 0.000000 tcp 10.0.2.109 62838 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:25:18.116653 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 22:25:25.124299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:25:33.125494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:25:49.128956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:26:21.134737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:26:30.047992 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:26:30.048162 3.003801 tcp 10.0.2.109 62839 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:26:39.050020 0.000000 tcp 10.0.2.109 62839 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:26:45.050185 0.052841 tcp 10.0.2.109 62840 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:26:45.103265 0.051954 tcp 10.0.2.109 62841 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:26:45.155468 0.142515 tcp 10.0.2.109 62842 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:26:45.348484 3.005016 tcp 10.0.2.109 62843 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:26:54.362730 0.000000 tcp 10.0.2.109 62843 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:27:00.341495 0.052384 tcp 10.0.2.109 62844 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:00.394131 0.051663 tcp 10.0.2.109 62845 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:00.446042 0.146607 tcp 10.0.2.109 62846 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:00.647198 2.998548 tcp 10.0.2.109 62847 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:27:09.644699 0.000000 tcp 10.0.2.109 62847 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:27:15.643362 0.052504 tcp 10.0.2.109 62848 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:15.696139 0.055072 tcp 10.0.2.109 62849 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:15.751453 0.144913 tcp 10.0.2.109 62850 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:15.911802 2.995897 tcp 10.0.2.109 62851 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:27:24.906662 0.000000 tcp 10.0.2.109 62851 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:27:30.905348 0.053476 tcp 10.0.2.109 62852 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:30.959135 0.053952 tcp 10.0.2.109 62853 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:31.013302 0.147108 tcp 10.0.2.109 62854 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:31.259667 3.000117 tcp 10.0.2.109 62855 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:27:40.258451 0.000000 tcp 10.0.2.109 62855 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:27:46.257593 0.052812 tcp 10.0.2.109 62856 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:46.310633 0.052711 tcp 10.0.2.109 62857 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:46.363629 0.143086 tcp 10.0.2.109 62858 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:46.556423 1.029909 tcp 10.0.2.109 62859 -> 46.50.226.74 10856 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:47.241960 0.051798 tcp 10.0.2.109 62860 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:47.293984 0.054374 tcp 10.0.2.109 62861 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:47.348575 0.180922 tcp 10.0.2.109 62862 -> 195.113.214.211 443 SRPA* 0 0 39 21770 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:27:47.586539 3.006703 tcp 10.0.2.109 62863 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:27:56.591960 0.000000 tcp 10.0.2.109 62863 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:28:02.581125 0.051024 tcp 10.0.2.109 62864 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:28:02.632465 0.052347 tcp 10.0.2.109 62865 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:28:02.685040 0.148852 tcp 10.0.2.109 62866 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:28:02.941074 2.984446 tcp 10.0.2.109 62867 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:28:11.924130 0.000000 tcp 10.0.2.109 62867 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:28:17.942671 2.994526 tcp 10.0.2.109 62868 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:28:26.935212 0.000000 tcp 10.0.2.109 62868 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:28:32.944497 3.003809 tcp 10.0.2.109 62869 -> 79.191.178.157 4683 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:28:41.946785 0.000000 tcp 10.0.2.109 62869 -> 79.191.178.157 4683 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:28:46.824106 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:28:47.945667 3.003982 tcp 10.0.2.109 62870 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:28:56.948455 0.000000 tcp 10.0.2.109 62870 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:29:02.947707 3.003531 tcp 10.0.2.109 62871 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:29:05.150947 0.047829 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:05.197265 0.112430 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:05.306965 0.125617 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:05.404273 0.265203 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:05.668073 0.049658 rtp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:05.728151 0.087245 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:05.794098 0.075811 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:05.852266 0.153632 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:05.999935 0.177454 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:06.154429 0.108032 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:06.281571 0.197965 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:06.470689 0.000000 udp 10.0.2.109 3683 -> 77.23.25.127 9684 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 22:29:11.949934 0.000000 tcp 10.0.2.109 62871 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:29:17.949328 0.722902 tcp 10.0.2.109 62872 -> 46.50.226.74 10856 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:29:18.672440 2.991592 tcp 10.0.2.109 62873 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:29:22.535689 0.051294 tcp 10.0.2.109 62874 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:29:22.587176 0.054744 tcp 10.0.2.109 62875 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:29:22.642197 0.144712 tcp 10.0.2.109 62876 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:29:22.787439 0.175613 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:22.916580 0.190744 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:23.099924 0.371141 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:23.478819 0.169651 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:23.661161 0.057480 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:23.720077 0.048670 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:23.767639 0.369721 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:24.123302 0.174895 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:24.274615 0.000000 udp 10.0.2.109 3683 -> 70.113.215.93 3192 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 22:29:27.672877 0.000000 tcp 10.0.2.109 62873 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:29:40.331652 0.052747 tcp 10.0.2.109 62877 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:29:40.384658 0.053775 tcp 10.0.2.109 62878 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:29:40.438700 0.144295 tcp 10.0.2.109 62879 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:29:40.583476 0.143317 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:40.722866 0.154163 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:40.869223 0.046168 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:40.946632 0.113292 rtp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:41.022276 0.066028 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:41.072498 0.143688 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:41.179812 0.075699 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:29:41.241641 0.165756 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/22 22:32:25.140972 3.001073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 22:32:32.148317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:32:40.149397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:32:56.152215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:33:28.158778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:34:33.673327 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:34:33.673594 2.993357 tcp 10.0.2.109 62880 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:34:42.665975 0.000000 tcp 10.0.2.109 62880 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:34:48.676146 0.052663 tcp 10.0.2.109 62881 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:34:48.728989 0.053300 tcp 10.0.2.109 62882 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:34:48.782537 0.144340 tcp 10.0.2.109 62883 -> 195.113.214.211 443 SRPA* 0 0 41 23260 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:34:48.936395 3.002249 tcp 10.0.2.109 62884 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:34:57.937985 0.000000 tcp 10.0.2.109 62884 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:35:03.936848 0.051241 tcp 10.0.2.109 62885 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:03.988278 0.052570 tcp 10.0.2.109 62886 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:04.041025 0.145170 tcp 10.0.2.109 62887 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:04.197812 3.003021 tcp 10.0.2.109 62888 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:35:13.199741 0.000000 tcp 10.0.2.109 62888 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:35:19.199034 0.052870 tcp 10.0.2.109 62889 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:19.252111 0.053063 tcp 10.0.2.109 62890 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:19.305410 0.147626 tcp 10.0.2.109 62891 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:19.485928 3.007036 tcp 10.0.2.109 62892 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:35:28.491445 0.000000 tcp 10.0.2.109 62892 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:35:34.480386 0.074055 tcp 10.0.2.109 62893 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:34.554653 0.052116 tcp 10.0.2.109 62894 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:34.606982 0.145408 tcp 10.0.2.109 62895 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:34.782911 2.992246 tcp 10.0.2.109 62896 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:35:43.783444 0.000000 tcp 10.0.2.109 62896 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:35:49.782802 0.052595 tcp 10.0.2.109 62897 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:49.835637 0.053730 tcp 10.0.2.109 62898 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:49.889653 0.148857 tcp 10.0.2.109 62899 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:50.048574 0.915441 tcp 10.0.2.109 62900 -> 46.50.226.74 10856 FSPA* 0 0 14 1527 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:50.699957 0.052107 tcp 10.0.2.109 62901 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:50.752312 0.053254 tcp 10.0.2.109 62902 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:50.805858 0.148928 tcp 10.0.2.109 62903 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:35:50.964188 3.003908 tcp 10.0.2.109 62904 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:35:59.966867 0.000000 tcp 10.0.2.109 62904 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:36:05.966118 0.053615 tcp 10.0.2.109 62905 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:36:06.020023 0.054716 tcp 10.0.2.109 62906 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:36:06.075021 0.146478 tcp 10.0.2.109 62907 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:36:06.232285 2.997599 tcp 10.0.2.109 62908 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:36:15.229060 0.000000 tcp 10.0.2.109 62908 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:36:21.227226 3.004104 tcp 10.0.2.109 62909 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:36:30.230487 0.000000 tcp 10.0.2.109 62909 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:36:36.229109 3.003810 tcp 10.0.2.109 62910 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:36:45.231522 0.000000 tcp 10.0.2.109 62910 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:36:51.230477 2.994252 tcp 10.0.2.109 62911 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:36:55.816956 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:37:00.233379 0.000000 tcp 10.0.2.109 62911 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:37:06.232247 2.994208 tcp 10.0.2.109 62912 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:37:15.224800 0.000000 tcp 10.0.2.109 62912 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:37:21.233479 0.702764 tcp 10.0.2.109 62913 -> 46.50.226.74 10856 FSPA* 0 0 14 1527 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:37:21.936445 3.002179 tcp 10.0.2.109 62914 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:37:30.937261 0.000000 tcp 10.0.2.109 62914 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:39:32.164084 3.001988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 22:39:39.171734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:39:47.173579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:40:03.176567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:40:35.182245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:42:36.938280 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:42:36.938447 3.003583 tcp 10.0.2.109 62915 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:42:45.940716 0.000000 tcp 10.0.2.109 62915 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:42:51.941255 0.095313 tcp 10.0.2.109 62916 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:42:52.036817 0.052419 tcp 10.0.2.109 62917 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:42:52.089425 0.148154 tcp 10.0.2.109 62918 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:42:52.265084 2.998950 tcp 10.0.2.109 62919 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:43:01.272861 0.000000 tcp 10.0.2.109 62919 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:43:07.261763 0.051862 tcp 10.0.2.109 62920 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:07.313827 0.053284 tcp 10.0.2.109 62921 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:07.367325 0.155466 tcp 10.0.2.109 62922 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:07.540115 2.996004 tcp 10.0.2.109 62923 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:43:16.534685 0.000000 tcp 10.0.2.109 62923 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:43:22.534025 0.052313 tcp 10.0.2.109 62924 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:22.586640 0.054312 tcp 10.0.2.109 62925 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:22.641160 0.144576 tcp 10.0.2.109 62926 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:22.797139 3.000867 tcp 10.0.2.109 62927 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:43:31.796352 0.000000 tcp 10.0.2.109 62927 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:43:37.795946 0.053132 tcp 10.0.2.109 62928 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:37.849257 0.054943 tcp 10.0.2.109 62929 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:37.904418 0.147439 tcp 10.0.2.109 62930 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:38.068451 3.001613 tcp 10.0.2.109 62931 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:43:47.068419 0.000000 tcp 10.0.2.109 62931 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:43:53.067493 0.052184 tcp 10.0.2.109 62932 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:53.119901 0.053228 tcp 10.0.2.109 62933 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:53.173381 0.154243 tcp 10.0.2.109 62934 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:53.337855 0.964476 tcp 10.0.2.109 62935 -> 46.50.226.74 10856 FSPA* 0 0 14 1756 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:54.033555 0.056103 tcp 10.0.2.109 62936 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:54.089897 0.052885 tcp 10.0.2.109 62937 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:54.142960 0.150782 tcp 10.0.2.109 62938 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:43:54.302410 3.000967 tcp 10.0.2.109 62939 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:44:03.301910 0.000000 tcp 10.0.2.109 62939 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:44:09.301241 0.052141 tcp 10.0.2.109 62940 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:44:09.353667 0.053315 tcp 10.0.2.109 62941 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:44:09.407152 0.148956 tcp 10.0.2.109 62942 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:44:09.565974 2.999062 tcp 10.0.2.109 62943 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:44:18.573780 0.000000 tcp 10.0.2.109 62943 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:44:24.562622 2.994198 tcp 10.0.2.109 62944 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:44:33.555019 0.000000 tcp 10.0.2.109 62944 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:44:39.564068 3.004387 tcp 10.0.2.109 62945 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:44:48.566468 0.000000 tcp 10.0.2.109 62945 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:44:54.565330 3.004602 tcp 10.0.2.109 62946 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:44:59.322748 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:45:03.568454 0.000000 tcp 10.0.2.109 62946 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:45:09.567533 3.003984 tcp 10.0.2.109 62947 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:45:18.569942 0.000000 tcp 10.0.2.109 62947 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:45:24.568620 0.628632 tcp 10.0.2.109 62948 -> 46.50.226.74 10856 FSPA* 0 0 14 1756 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:45:25.197430 3.006049 tcp 10.0.2.109 62949 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:45:34.212773 0.000000 tcp 10.0.2.109 62949 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:46:39.188657 3.001487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 22:46:46.195831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:46:54.197822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:47:10.200513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:47:42.206881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:50:40.193096 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:50:40.193256 2.993273 tcp 10.0.2.109 62950 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:50:49.185645 0.000000 tcp 10.0.2.109 62950 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:50:55.195775 0.053168 tcp 10.0.2.109 62951 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:50:55.249128 0.053342 tcp 10.0.2.109 62952 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:50:55.302704 0.140296 tcp 10.0.2.109 62953 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:50:55.453308 2.995740 tcp 10.0.2.109 62954 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:51:04.447527 0.000000 tcp 10.0.2.109 62954 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:51:10.446366 0.052020 tcp 10.0.2.109 62955 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:10.498574 0.053808 tcp 10.0.2.109 62956 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:10.552584 0.159357 tcp 10.0.2.109 62957 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:10.721725 2.998492 tcp 10.0.2.109 62958 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:51:19.719378 0.000000 tcp 10.0.2.109 62958 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:51:25.718394 0.051371 tcp 10.0.2.109 62959 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:25.769955 0.053717 tcp 10.0.2.109 62960 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:25.823895 0.148257 tcp 10.0.2.109 62961 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:25.980974 3.001283 tcp 10.0.2.109 62962 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:51:34.981230 0.000000 tcp 10.0.2.109 62962 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:51:40.980506 0.052856 tcp 10.0.2.109 62963 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:41.033586 0.052367 tcp 10.0.2.109 62964 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:41.086207 0.144140 tcp 10.0.2.109 62965 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:41.245880 2.998679 tcp 10.0.2.109 62966 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:51:50.253064 0.000000 tcp 10.0.2.109 62966 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:51:56.242604 0.052154 tcp 10.0.2.109 62967 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:56.294975 0.052182 tcp 10.0.2.109 62968 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:56.347374 0.143435 tcp 10.0.2.109 62969 -> 195.113.214.211 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:56.501274 0.926922 tcp 10.0.2.109 62970 -> 46.50.226.74 10856 FSPA* 0 0 14 1767 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:57.162715 0.052711 tcp 10.0.2.109 62971 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:57.215726 0.052928 tcp 10.0.2.109 62972 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:57.268891 0.144277 tcp 10.0.2.109 62973 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:51:57.428389 2.999329 tcp 10.0.2.109 62974 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:52:06.426669 0.000000 tcp 10.0.2.109 62974 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:52:12.425910 0.052519 tcp 10.0.2.109 62975 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:52:12.478641 0.057862 tcp 10.0.2.109 62976 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:52:12.536718 0.146970 tcp 10.0.2.109 62977 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:52:12.695508 3.004475 tcp 10.0.2.109 62978 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:52:21.698520 0.000000 tcp 10.0.2.109 62978 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:52:27.696772 3.004721 tcp 10.0.2.109 62979 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:52:36.699960 0.000000 tcp 10.0.2.109 62979 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:52:42.698549 3.004754 tcp 10.0.2.109 62980 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:52:51.711383 0.000000 tcp 10.0.2.109 62980 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:52:57.700272 2.994308 tcp 10.0.2.109 62981 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:53:02.316708 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:53:06.703299 0.000000 tcp 10.0.2.109 62981 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:53:12.701428 2.994344 tcp 10.0.2.109 62982 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:53:21.694513 0.000000 tcp 10.0.2.109 62982 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:53:27.703313 0.691700 tcp 10.0.2.109 62983 -> 46.50.226.74 10856 FSPA* 0 0 14 1767 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:53:28.395380 3.003364 tcp 10.0.2.109 62984 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:53:37.397553 0.000000 tcp 10.0.2.109 62984 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:53:46.212078 3.001801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 22:53:53.219594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:54:01.221786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:54:17.224072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:54:49.230338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 22:58:43.397980 0.000302 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 22:58:43.398372 3.002829 tcp 10.0.2.109 62985 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:58:52.400217 0.000000 tcp 10.0.2.109 62985 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:58:58.400502 1.397249 tcp 10.0.2.109 62986 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:58:59.797953 1.159223 tcp 10.0.2.109 62987 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:59:00.957439 2.967595 tcp 10.0.2.109 62988 -> 195.113.214.211 443 SRPA* 0 0 42 27071 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:59:03.941121 3.000189 tcp 10.0.2.109 62989 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:59:12.939829 0.000000 tcp 10.0.2.109 62989 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:59:18.938973 1.427498 tcp 10.0.2.109 62990 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:59:20.366657 1.202136 tcp 10.0.2.109 62991 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:59:21.569024 2.397339 tcp 10.0.2.109 62992 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:59:23.976879 3.002601 tcp 10.0.2.109 62993 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:59:32.978106 0.000000 tcp 10.0.2.109 62993 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:59:38.977651 1.408728 tcp 10.0.2.109 62994 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:59:40.386608 1.211100 tcp 10.0.2.109 62995 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:59:41.597984 2.377297 tcp 10.0.2.109 62996 -> 195.113.214.211 443 SRPA* 0 0 26 13952 flow=From-Botnet-V1-TCP-Established 1970/01/22 22:59:43.985459 3.003306 tcp 10.0.2.109 62997 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:59:49.672388 0.000000 udp 10.0.2.109 3683 -> 77.23.25.127 9684 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 22:59:52.987053 0.000000 tcp 10.0.2.109 62997 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 22:59:58.986471 1.340855 tcp 10.0.2.109 62998 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:00.327700 1.184733 tcp 10.0.2.109 62999 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:01.512791 2.392368 tcp 10.0.2.109 63000 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:03.920254 2.986678 tcp 10.0.2.109 63001 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:00:07.889240 1.245023 tcp 10.0.2.109 63002 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:09.134514 1.202796 tcp 10.0.2.109 63003 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:10.337619 2.354123 tcp 10.0.2.109 63004 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:12.692241 0.000000 udp 10.0.2.109 3683 -> 70.113.215.93 3192 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 23:00:12.906244 0.000000 tcp 10.0.2.109 63001 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:00:18.914684 1.393585 tcp 10.0.2.109 63005 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:20.308626 1.185694 tcp 10.0.2.109 63006 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:21.494574 2.416111 tcp 10.0.2.109 63007 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:23.927201 2.903714 tcp 10.0.2.109 63008 -> 46.50.226.74 10856 SPA_* 0 0 12 1592 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:26.831557 1.415883 tcp 10.0.2.109 63009 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:28.247786 1.190602 tcp 10.0.2.109 63010 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:28.578960 1.164396 tcp 10.0.2.109 63011 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:29.438628 2.404935 tcp 10.0.2.109 63012 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:29.743615 1.166422 tcp 10.0.2.109 63013 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:30.910381 2.415718 tcp 10.0.2.109 63014 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:31.858819 0.000080 tcp 10.0.2.109 63008 -> 46.50.226.74 10856 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:31.859094 2.998069 tcp 10.0.2.109 63015 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:00:33.326585 0.758361 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:34.085309 0.804654 udp 10.0.2.109 3683 <-> 46.233.34.99 8343 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:34.890505 0.799445 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:35.690342 0.557071 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:36.247809 0.709519 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:36.957665 0.760005 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:37.718028 0.640002 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:38.358559 0.547801 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:38.906738 0.690254 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:39.597393 0.812968 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:40.410745 0.938039 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:40.855933 0.000000 tcp 10.0.2.109 63015 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:00:41.349164 0.764180 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:42.113694 0.714908 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:42.828931 0.764634 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:43.593969 0.558760 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:44.153103 0.929265 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:45.082727 0.684509 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:45.767604 0.831545 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:46.599523 1.088446 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:46.855215 1.411291 tcp 10.0.2.109 63016 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:47.688307 0.578041 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:48.266740 1.182436 tcp 10.0.2.109 63017 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:48.266987 0.681973 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:48.949412 0.896929 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:49.449425 2.434355 tcp 10.0.2.109 63018 -> 195.113.214.211 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:00:49.846687 0.799100 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:50.646276 0.590531 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:51.237195 0.645062 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:51.882622 0.557275 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:51.893733 2.992460 tcp 10.0.2.109 63019 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:00:52.440286 0.711742 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:00:53.236474 3.001785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 23:01:00.244141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:01:00.884876 0.000000 tcp 10.0.2.109 63019 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:01:06.893229 2.994509 tcp 10.0.2.109 63020 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:01:08.245130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:01:15.886600 0.000000 tcp 10.0.2.109 63020 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:01:21.894999 3.004067 tcp 10.0.2.109 63021 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:01:24.248109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:01:30.897948 0.000000 tcp 10.0.2.109 63021 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:01:35.824707 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 23:01:36.896662 3.004025 tcp 10.0.2.109 63022 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:01:45.899580 0.000000 tcp 10.0.2.109 63022 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:01:51.898291 3.003847 tcp 10.0.2.109 63023 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:01:56.254306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:02:00.901057 0.000000 tcp 10.0.2.109 63023 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:02:06.899501 2.798860 tcp 10.0.2.109 63024 -> 46.50.226.74 10856 FSPA* 0 0 14 1700 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:02:09.698603 2.999088 tcp 10.0.2.109 63025 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:02:18.696562 0.000000 tcp 10.0.2.109 63025 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:08:00.261080 3.000976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 23:08:07.267815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:08:15.269616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:08:31.272035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:09:03.278155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:15:07.283781 3.022120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 23:15:14.312085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:15:22.313008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:15:38.316288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:16:10.322133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:22:14.328274 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 23:22:21.335579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:22:29.337531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:22:45.340166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:23:17.346575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:29:21.352970 3.000750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 23:29:28.360004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:29:36.361622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:29:52.364393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:30:24.370560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:31:10.907745 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 23:31:10.907932 0.876670 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:12.125054 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 8343 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/22 23:31:24.847705 3.004106 tcp 10.0.2.109 63026 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:31:28.153341 1.178845 tcp 10.0.2.109 63027 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:31:29.332435 1.183928 tcp 10.0.2.109 63028 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:31:30.516623 2.433918 tcp 10.0.2.109 63029 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:31:32.951017 0.859446 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:33.792439 0.606257 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:33.849998 0.000000 tcp 10.0.2.109 63026 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:31:34.382223 0.697532 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:35.120046 0.733149 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:35.846042 0.675812 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:36.490559 0.553092 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:37.042445 0.712192 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:37.732245 0.854101 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:38.607956 0.982100 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:39.580501 0.801222 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 6 1982 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:39.849240 1.382567 tcp 10.0.2.109 63030 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:31:40.338709 0.708174 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:41.054583 0.759325 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:41.232059 1.162506 tcp 10.0.2.109 63031 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:31:41.834323 0.545732 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:42.378700 0.921940 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:42.394905 2.448715 tcp 10.0.2.109 63032 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:31:43.315082 0.717996 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:44.025299 0.898455 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 6 2611 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:44.898856 1.085346 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:44.947456 3.002955 tcp 10.0.2.109 63033 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:31:45.965188 0.638675 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:46.600147 0.664716 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:47.260609 0.942019 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:48.194356 0.842811 rtp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:49.002604 0.598538 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:49.585828 0.676840 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:50.224206 0.586400 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:50.797024 0.689529 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/01/22 23:31:53.949304 0.000000 tcp 10.0.2.109 63033 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:36:28.376465 3.001814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 23:36:35.384141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:36:43.385322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:36:59.388043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:36:59.949593 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 23:36:59.949791 3.003220 tcp 10.0.2.109 63034 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:37:08.951888 0.000000 tcp 10.0.2.109 63034 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:37:14.951982 1.436648 tcp 10.0.2.109 63035 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:37:16.388878 1.197525 tcp 10.0.2.109 63036 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:37:17.586627 2.457111 tcp 10.0.2.109 63037 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:37:20.644582 3.008908 tcp 10.0.2.109 63038 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:37:29.651755 0.000000 tcp 10.0.2.109 63038 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:37:31.394000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:37:35.640915 1.309379 tcp 10.0.2.109 63039 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:37:36.950553 1.203030 tcp 10.0.2.109 63040 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:37:38.153860 2.439293 tcp 10.0.2.109 63041 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:37:40.701124 3.000657 tcp 10.0.2.109 63042 -> 24.126.254.250 9945 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:37:49.700541 0.000000 tcp 10.0.2.109 63042 -> 24.126.254.250 9945 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:37:55.700103 1.225944 tcp 10.0.2.109 63043 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:37:56.926337 1.187475 tcp 10.0.2.109 63044 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:37:58.114022 2.406319 tcp 10.0.2.109 63045 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:38:00.529709 3.000631 tcp 10.0.2.109 63046 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:38:09.529350 0.000000 tcp 10.0.2.109 63046 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:38:15.527880 1.323246 tcp 10.0.2.109 63047 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:38:16.851353 1.158639 tcp 10.0.2.109 63048 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:38:18.010296 2.467085 tcp 10.0.2.109 63049 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:38:20.607893 3.001226 tcp 10.0.2.109 63050 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:38:29.607609 0.000000 tcp 10.0.2.109 63050 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:38:35.607297 1.165970 tcp 10.0.2.109 63051 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:38:36.773496 1.225594 tcp 10.0.2.109 63052 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:38:37.999393 2.417989 tcp 10.0.2.109 63053 -> 195.113.214.211 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:38:40.430475 2.997336 tcp 10.0.2.109 63054 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:38:49.426549 0.000000 tcp 10.0.2.109 63054 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:38:55.426015 1.256915 tcp 10.0.2.109 63055 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:38:56.683230 1.185965 tcp 10.0.2.109 63056 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:38:57.869457 2.415026 tcp 10.0.2.109 63057 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:39:00.295702 2.990810 tcp 10.0.2.109 63058 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:39:09.285481 0.000000 tcp 10.0.2.109 63058 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:39:15.293857 1.271345 tcp 10.0.2.109 63059 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:39:16.565432 1.190177 tcp 10.0.2.109 63060 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:39:17.755818 2.413700 tcp 10.0.2.109 63061 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:39:20.179059 2.985552 tcp 10.0.2.109 63062 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:39:29.173742 0.000000 tcp 10.0.2.109 63062 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:39:35.172367 2.994649 tcp 10.0.2.109 63063 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:39:44.165108 0.000000 tcp 10.0.2.109 63063 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:39:50.173977 3.003777 tcp 10.0.2.109 63064 -> 24.126.254.250 9945 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:39:59.177017 0.000000 tcp 10.0.2.109 63064 -> 24.126.254.250 9945 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:40:03.823343 0.000124 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 23:40:05.175190 3.004555 tcp 10.0.2.109 63065 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:40:14.178238 0.000000 tcp 10.0.2.109 63065 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:40:20.177261 3.003989 tcp 10.0.2.109 63066 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:40:29.180354 0.000000 tcp 10.0.2.109 63066 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:40:35.178481 3.004616 tcp 10.0.2.109 63067 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:40:44.181516 0.000000 tcp 10.0.2.109 63067 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:40:48.818461 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 23:40:50.180002 2.994139 tcp 10.0.2.109 63068 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:40:59.182695 0.000000 tcp 10.0.2.109 63068 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:43:35.400373 3.001223 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/22 23:43:42.407512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:43:50.409264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:44:06.412422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:44:38.418393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:46:05.183376 0.000161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/22 23:46:05.183633 3.003738 tcp 10.0.2.109 63069 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:46:14.186205 0.000000 tcp 10.0.2.109 63069 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/22 23:46:20.186247 1.319216 tcp 10.0.2.109 63070 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:46:21.505718 1.212490 tcp 10.0.2.109 63071 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:46:22.718455 2.361347 tcp 10.0.2.109 63072 -> 195.113.214.211 443 SRPA* 0 0 23 13768 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:46:25.093517 2.513869 tcp 10.0.2.109 63073 -> 176.73.169.112 1959 FSPA* 0 0 14 1729 flow=From-Botnet-V1-TCP-Established 1970/01/22 23:50:42.424170 3.001413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 23:50:49.431936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:50:57.433114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:51:13.436626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:51:45.442231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:57:49.447753 3.002479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/22 23:57:56.456047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:58:04.456922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:58:20.460577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/22 23:58:52.465918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:02:07.016498 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 00:02:07.016662 0.000000 udp 10.0.2.109 3683 -> 46.233.34.99 8343 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 00:02:22.038921 0.053986 tcp 10.0.2.109 63074 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 00:02:22.093159 0.053096 tcp 10.0.2.109 63075 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 00:02:22.146527 0.178980 tcp 10.0.2.109 63076 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/23 00:02:22.326004 0.240715 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:22.567170 0.064719 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:22.632293 0.054135 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:22.686784 0.147983 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:22.835092 0.040595 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:22.876009 0.083320 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:22.959666 0.044044 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:23.004049 0.145440 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:23.149877 0.106883 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:23.257158 0.186411 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:23.443935 0.067471 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:23.511738 0.183916 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:23.696058 0.052550 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:23.748966 0.031390 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:23.780686 0.364534 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:24.145601 0.180841 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:24.326848 0.145610 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:24.472863 0.347793 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:24.821058 0.046660 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:24.868106 0.142168 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:25.010705 0.137174 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:25.148253 0.077310 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:25.225910 0.048111 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:25.274357 0.080484 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:25.355197 0.056259 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:02:25.411774 0.146092 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:04:56.472248 3.001789 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 00:05:03.479803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:05:11.480975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:05:27.484440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:05:59.490205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:12:03.496366 3.001430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 00:12:10.503532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:12:18.505390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:12:34.508218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:13:06.513825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:16:27.613864 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 00:16:27.614086 0.462653 tcp 10.0.2.109 63077 -> 176.73.169.112 1959 FSPA* 0 0 14 1622 flow=From-Botnet-V1-TCP-Established 1970/01/23 00:19:10.519927 3.001931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 00:19:17.527545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:19:25.528674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:19:41.531987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:20:13.537832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:26:17.544377 3.001328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 00:26:24.551784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:26:32.553120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:26:48.556134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:27:20.562229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:32:36.336207 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 00:32:36.336427 0.056833 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:36.393653 0.147351 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:36.541416 0.046305 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:36.588105 0.082270 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:36.670724 0.045543 udp 10.0.2.109 3683 <-> 81.134.11.64 6241 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:36.716655 0.369327 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:37.086496 0.063128 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:37.149956 0.146250 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:37.296616 0.107086 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:37.404126 0.187018 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:37.591583 0.064244 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:37.656167 0.160668 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:37.817187 0.051610 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:37.869195 0.031289 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:37.900897 0.142695 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:38.044004 0.323201 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:38.367598 0.046489 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:38.414457 0.137574 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:38.552421 0.378952 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:38.931737 0.181182 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:39.113282 0.142545 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:39.256151 0.076506 udp 10.0.2.109 3683 <-> 86.144.101.229 5187 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:32:39.333040 0.000000 udp 10.0.2.109 3683 -> 87.153.113.98 4545 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 00:32:57.840686 0.000000 tcp 10.0.2.109 63078 -> 195.113.214.219 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/23 00:33:31.475333 0.050901 tcp 10.0.2.109 63078 -> 195.113.214.219 80 FPA_* 0 0 9 1824 flow=From-Botnet-V1-TCP-Established 1970/01/23 00:33:31.526535 0.869287 tcp 10.0.2.109 63079 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/23 00:33:32.396079 0.148232 tcp 10.0.2.109 63080 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/23 00:33:32.544863 0.089877 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:33:32.635125 0.059610 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:33:32.695138 0.143649 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/23 00:33:57.802499 2.959844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 00:34:04.705534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:34:12.590917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:34:28.352841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:34:59.856997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:40:58.359547 2.953992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 00:41:05.261324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:41:13.141110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:41:28.905170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:42:00.431400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:46:49.458437 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 00:46:49.458544 0.499670 tcp 10.0.2.109 63081 -> 176.73.169.112 1959 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/01/23 00:47:58.900072 2.960273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 00:48:05.794906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:48:13.679672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:48:29.445318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:49:25.179911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:55:23.808715 2.994080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 00:55:30.932097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:55:38.871161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:55:54.645933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 00:56:26.170366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:02:24.677024 2.959243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 01:02:31.579744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:02:39.459033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:02:55.222949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:03:26.733517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:03:58.063231 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:03:58.063390 0.042792 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:03:58.106582 0.045091 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:03:58.152138 0.085094 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:03:58.237682 0.000000 udp 10.0.2.109 3683 -> 81.134.11.64 6241 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:04:13.541473 0.054480 tcp 10.0.2.109 63082 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:04:13.596195 0.054364 tcp 10.0.2.109 63083 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:04:13.650862 0.155089 tcp 10.0.2.109 63084 -> 195.113.214.211 443 SRPA* 0 0 51 33910 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:04:13.806650 0.052959 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:13.859997 0.146042 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:14.006445 0.062973 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:14.069807 0.246274 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:14.316451 0.107070 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:14.423891 0.186809 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:14.611094 0.062688 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:14.674192 0.160893 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:14.835559 0.052861 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:14.888794 0.029390 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:14.918513 0.149246 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:15.068162 0.139464 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:15.208005 0.359288 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:15.567697 0.143112 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:15.711157 0.325700 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:16.037254 0.040840 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:16.078439 0.000000 udp 10.0.2.109 3683 -> 86.144.101.229 5187 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:04:34.215443 0.052486 tcp 10.0.2.109 63085 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:04:34.268182 0.053822 tcp 10.0.2.109 63086 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:04:34.322320 0.156429 tcp 10.0.2.109 63087 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:04:34.479296 0.136783 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:34.616459 0.181514 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:34.798434 0.144317 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:34.943150 0.087281 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:04:35.030850 0.059118 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:09:25.284599 2.957165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 01:09:32.188948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:09:40.077958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:09:55.848064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:10:27.387140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:16:25.916823 2.991731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 01:16:32.857920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:16:40.732791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:16:47.475186 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:16:47.475334 0.535820 tcp 10.0.2.109 63088 -> 176.73.169.112 1959 FSPA* 0 0 14 1593 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:16:56.518586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:17:29.035867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:23:27.623374 2.955641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 01:23:34.523429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:23:42.407607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:23:58.160855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:24:29.682696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:30:28.291879 2.995277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 01:30:35.233908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:30:43.110539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:30:58.868820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:31:30.382302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:34:14.804483 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:34:14.804676 0.000000 udp 10.0.2.109 3683 -> 81.134.11.64 6241 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:34:31.869598 0.057295 tcp 10.0.2.109 63089 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:34:31.927150 0.052478 tcp 10.0.2.109 63090 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:34:31.979961 0.151589 tcp 10.0.2.109 63091 -> 195.113.214.211 443 SRPA* 0 0 36 28468 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:34:32.132036 0.000000 udp 10.0.2.109 3683 -> 86.144.101.229 5187 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:34:48.131810 0.054126 tcp 10.0.2.109 63092 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:34:48.186340 0.052887 tcp 10.0.2.109 63093 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:34:48.239489 0.158366 tcp 10.0.2.109 63094 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:34:48.398362 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:35:06.237742 0.052852 tcp 10.0.2.109 63095 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:35:06.290891 0.056566 tcp 10.0.2.109 63096 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:35:06.347744 0.149026 tcp 10.0.2.109 63097 -> 195.113.214.211 443 SRPA* 0 0 39 33888 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:35:06.497381 3.122558 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 4 1103 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:06.540146 3.178641 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 4 1311 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:06.630374 3.133902 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1226 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:06.679338 3.353646 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 4 1140 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:06.919688 3.234716 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 4 1128 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:07.027113 3.184786 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 4 1353 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:07.093761 3.733595 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1293 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:07.242790 3.032714 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 4 1192 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:07.311806 3.124096 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 4 1116 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:07.480843 3.008124 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1321 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:07.538301 3.138310 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 4 1190 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:07.725964 3.447799 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 4 1174 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:08.061336 3.255893 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 4 1238 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:08.204608 3.260420 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 4 1200 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:08.353203 3.144410 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 4 1207 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:08.385574 3.251609 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 4 1197 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:08.525994 3.934837 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1119 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:08.851710 2.833410 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 4 1286 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:08.898387 2.924982 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1071 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:09.035164 2.870940 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 4 1147 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:09.121122 2.838421 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 4 985 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:09.177725 2.957878 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1198 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:09.358916 3.248674 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 4 1089 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:09.534019 0.042494 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 790 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:12.608146 0.000000 udp 10.0.2.109 3683 -> 109.155.246.38 4764 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:35:20.197500 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:35:25.866272 0.000000 udp 10.0.2.109 3683 -> 108.231.24.99 6183 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:35:32.955984 0.000000 udp 10.0.2.109 3683 -> 123.176.11.207 2271 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:35:39.525560 0.000000 udp 10.0.2.109 3683 -> 93.157.223.210 4463 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:35:46.485258 0.059783 udp 10.0.2.109 3683 -> 151.84.152.237 4073 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:35:46.545041 0.000000 icmp 151.84.152.237 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 196 flow=Background 1970/01/23 01:35:51.091805 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:35:53.926039 0.052267 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 851 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:35:54.154202 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:36:00.956070 0.000000 udp 10.0.2.109 3683 -> 122.176.95.235 7656 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:36:09.518845 0.000000 udp 10.0.2.109 3683 -> 172.6.250.142 9694 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:36:17.129772 0.000000 udp 10.0.2.109 3683 -> 87.17.109.182 2338 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:36:23.488934 0.000000 udp 10.0.2.109 3683 -> 69.196.165.214 1321 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:36:29.768231 0.000000 udp 10.0.2.109 3683 -> 109.221.174.142 2659 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:36:38.029788 3.134188 udp 10.0.2.109 3683 -> 199.189.242.40 3540 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:36:41.163976 0.000000 icmp 199.189.242.40 0x0103 -> 10.0.2.109 0xc7bd URH 192 1 236 flow=Background 1970/01/23 01:36:42.595899 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:36:46.031293 0.000000 udp 10.0.2.109 3683 -> 186.6.219.29 2209 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:36:53.812162 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:36:59.430696 0.000000 udp 10.0.2.109 3683 -> 82.41.217.110 9403 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:37:05.559374 0.084560 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 728 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:37:05.667632 0.079129 udp 10.0.2.109 3683 <-> 217.83.153.228 5333 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:37:05.793953 0.000000 udp 10.0.2.109 3683 -> 24.98.64.134 4880 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:37:12.829395 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:37:20.029771 0.000000 udp 10.0.2.109 3683 -> 84.35.129.200 5553 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:37:28.562199 0.000000 udp 10.0.2.109 3683 -> 178.208.108.51 1165 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:37:32.231101 3.000850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 01:37:33.098558 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:37:34.100213 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:37:39.237876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:37:39.899190 0.000000 udp 10.0.2.109 3683 -> 196.216.69.30 3489 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:37:46.037427 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:37:47.239152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:37:54.339490 0.000000 udp 10.0.2.109 3683 -> 59.92.250.99 2980 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:38:03.072030 0.000000 udp 10.0.2.109 3683 -> 115.78.225.171 9440 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:38:03.242434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:38:11.674203 0.000000 udp 10.0.2.109 3683 -> 80.18.170.11 1253 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:38:16.972126 0.046891 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:38:17.019017 0.000000 icmp 87.138.128.192 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 119 flow=Background 1970/01/23 01:38:21.598679 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:38:24.312839 0.347250 udp 10.0.2.109 3683 <-> 111.250.25.28 5460 CON 0 0 2 808 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:38:24.686335 0.000000 udp 10.0.2.109 3683 -> 203.186.138.74 5946 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:38:29.730681 0.000000 udp 10.0.2.109 3683 -> 79.210.66.202 2613 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:38:35.247778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:38:37.791745 0.000000 udp 10.0.2.109 3683 -> 88.73.53.36 9779 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:38:46.674891 0.000000 udp 10.0.2.109 3683 -> 95.97.246.106 8768 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:38:52.473043 0.000000 udp 10.0.2.109 3683 -> 41.132.21.250 9627 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:00.594603 0.000000 udp 10.0.2.109 3683 -> 196.210.238.180 1015 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:08.756699 0.000000 udp 10.0.2.109 3683 -> 95.240.87.247 4794 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:13.592877 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:39:16.157256 0.000000 udp 10.0.2.109 3683 -> 62.219.143.195 9366 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:21.624567 0.000000 udp 10.0.2.109 3683 -> 95.236.171.59 3946 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:29.476159 0.000000 udp 10.0.2.109 3683 -> 195.53.174.49 8284 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:35.995439 0.000000 udp 10.0.2.109 3683 -> 118.167.113.15 1339 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:41.143318 0.056667 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 706 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:39:41.209694 0.206541 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 691 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:39:41.446383 0.000000 udp 10.0.2.109 3683 -> 202.128.21.92 8080 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:47.301821 0.000000 udp 10.0.2.109 3683 -> 94.171.254.46 7317 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:54.122305 0.000000 udp 10.0.2.109 3683 -> 83.110.203.146 4825 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:39:59.098507 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:39:59.719513 0.055772 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 664 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:39:59.790355 0.055469 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 730 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:39:59.871305 0.000000 udp 10.0.2.109 3683 -> 87.22.193.31 2101 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:40:06.909725 0.000000 udp 10.0.2.109 3683 -> 5.178.177.20 7491 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:40:13.760045 0.000000 udp 10.0.2.109 3683 -> 115.119.156.2 7750 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:40:20.879833 0.000000 udp 10.0.2.109 3683 -> 151.84.80.40 6801 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:40:29.562525 0.000000 udp 10.0.2.109 3683 -> 81.246.13.226 3642 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:40:36.613013 0.000000 udp 10.0.2.109 3683 -> 125.205.220.126 2192 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:40:42.721463 0.070520 udp 10.0.2.109 3683 -> 176.110.122.126 5759 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:40:42.791983 0.000000 icmp 176.110.122.126 0x0303 -> 10.0.2.109 0x7f16 URP 192 1 267 flow=Background 1970/01/23 01:40:47.598578 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:40:48.168992 0.000000 udp 10.0.2.109 3683 -> 151.56.75.191 1340 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:40:53.958425 0.000000 udp 10.0.2.109 3683 -> 41.191.98.41 5404 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:40:59.946060 0.000000 udp 10.0.2.109 3683 -> 213.165.33.47 3713 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:41:08.118355 0.000000 udp 10.0.2.109 3683 -> 118.233.129.68 4924 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:41:15.769335 0.000000 udp 10.0.2.109 3683 -> 46.47.117.33 5808 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:41:20.866743 0.000000 udp 10.0.2.109 3683 -> 79.59.213.11 6266 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:41:28.537377 0.035383 udp 10.0.2.109 3683 -> 83.149.154.20 9909 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:41:28.572760 0.000000 icmp 83.149.154.20 0x0303 -> 10.0.2.109 0xb526 URP 192 1 239 flow=Background 1970/01/23 01:41:33.093558 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:41:36.579261 0.351183 udp 10.0.2.109 3683 <-> 117.196.62.142 7859 CON 0 0 2 825 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:41:36.939035 0.000000 udp 10.0.2.109 3683 -> 151.66.161.149 5338 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:41:42.937944 0.000000 udp 10.0.2.109 3683 -> 105.228.71.79 3616 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:41:48.495711 0.000000 udp 10.0.2.109 3683 -> 79.38.216.210 8412 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:41:56.648290 0.000000 udp 10.0.2.109 3683 -> 81.19.32.10 5102 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:42:05.590386 0.000000 udp 10.0.2.109 3683 -> 82.54.189.240 5204 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:42:10.968041 0.000000 udp 10.0.2.109 3683 -> 93.196.191.119 4201 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:42:16.767014 0.145640 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:42:16.923087 0.063530 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:42:17.030269 0.000000 udp 10.0.2.109 3683 -> 94.129.32.239 9416 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:42:21.593658 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:42:24.447938 0.000000 udp 10.0.2.109 3683 -> 84.135.78.181 2881 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:42:32.509185 0.053672 udp 10.0.2.109 3683 <-> 85.176.65.252 1229 CON 0 0 2 784 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:42:32.631536 0.000000 udp 10.0.2.109 3683 -> 197.255.192.12 8045 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:42:38.608249 0.000000 udp 10.0.2.109 3683 -> 67.136.45.42 8774 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:42:45.527753 0.163245 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 723 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:42:45.699572 0.000000 udp 10.0.2.109 3683 -> 151.26.206.239 2543 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:42:51.216306 0.000000 udp 10.0.2.109 3683 -> 87.25.56.218 8783 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:42:56.594224 0.000000 udp 10.0.2.109 3683 -> 80.11.181.195 6761 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:43:03.974319 0.000000 udp 10.0.2.109 3683 -> 186.47.87.233 2825 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:43:08.591221 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:43:11.034960 0.000000 udp 10.0.2.109 3683 -> 211.13.32.34 7115 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:43:17.193541 0.000000 udp 10.0.2.109 3683 -> 125.20.82.101 7920 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:43:22.370803 0.084942 udp 10.0.2.109 3683 <-> 86.157.1.225 9940 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:43:22.489957 0.000000 udp 10.0.2.109 3683 -> 46.236.14.130 5307 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:43:28.790664 0.000000 udp 10.0.2.109 3683 -> 93.192.53.168 7335 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:43:35.740549 0.148812 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 702 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:43:35.898320 0.000000 udp 10.0.2.109 3683 -> 78.14.127.22 7760 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:43:41.288313 0.000000 udp 10.0.2.109 3683 -> 217.125.117.62 2384 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:43:50.051100 0.130241 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 782 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:43:50.190457 0.080820 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 702 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:43:50.357888 0.138494 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:43:50.496382 0.000000 icmp 64.79.228.174 0x0303 -> 10.0.2.109 0xed26 URP 192 1 274 flow=Background 1970/01/23 01:43:54.597200 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:43:58.312592 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:44:03.590508 0.000000 udp 10.0.2.109 3683 -> 79.5.150.126 9996 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:44:09.588793 0.000000 udp 10.0.2.109 3683 -> 176.221.10.118 1106 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:44:18.031050 0.000000 udp 10.0.2.109 3683 -> 208.90.195.170 7614 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:44:24.180086 0.000000 udp 10.0.2.109 3683 -> 68.179.37.137 6670 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:44:31.380629 0.234573 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:44:31.650235 0.202653 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 802 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:44:31.862741 0.214794 udp 10.0.2.109 3683 <-> 95.70.49.137 5747 CON 0 0 2 698 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:44:32.085634 0.000000 udp 10.0.2.109 3683 -> 80.168.178.150 4651 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:44:40.403292 0.000000 udp 10.0.2.109 3683 -> 189.231.125.92 4831 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:44:43.259761 3.001556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 01:44:45.099891 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:44:48.975793 0.000000 udp 10.0.2.109 3683 -> 80.148.10.226 9339 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:44:50.267273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:44:57.167614 0.000000 udp 10.0.2.109 3683 -> 89.184.49.209 9581 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:44:58.268769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:45:04.177318 0.000000 udp 10.0.2.109 3683 -> 182.55.248.11 3087 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:45:10.616745 0.000000 udp 10.0.2.109 3683 -> 210.19.153.18 2702 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:45:14.301921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:45:16.695307 0.068111 udp 10.0.2.109 3683 <-> 176.240.227.214 3636 CON 0 0 2 714 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:45:16.779222 0.000000 udp 10.0.2.109 3683 -> 80.177.161.100 2654 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:45:21.902746 0.000000 udp 10.0.2.109 3683 -> 93.172.170.100 8463 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:45:28.371950 0.000000 udp 10.0.2.109 3683 -> 94.212.51.230 3662 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:45:33.128599 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:45:35.372118 0.000000 udp 10.0.2.109 3683 -> 79.31.160.54 5940 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:45:43.594264 0.207467 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 815 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:45:43.964577 0.000000 udp 10.0.2.109 3683 -> 85.124.198.201 8825 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:45:46.307629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:45:52.647235 0.000000 udp 10.0.2.109 3683 -> 80.153.9.135 6445 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:45:58.626281 0.000000 udp 10.0.2.109 3683 -> 78.186.202.67 5995 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:46:05.225182 0.000000 udp 10.0.2.109 3683 -> 109.156.216.231 5349 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:46:14.008034 0.037806 udp 10.0.2.109 3683 -> 46.14.15.23 4614 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:46:14.045840 0.000000 icmp 46.14.15.23 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 183 flow=Background 1970/01/23 01:46:18.624366 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 01:46:20.537273 0.266029 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 740 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:46:20.820807 0.000000 udp 10.0.2.109 3683 -> 117.200.95.21 5757 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:46:29.009375 0.000000 udp 10.0.2.109 3683 -> 93.67.157.121 5418 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:46:33.445693 0.475939 tcp 10.0.2.109 63098 -> 176.73.169.112 1959 FSPA* 0 0 15 1652 flow=From-Botnet-V1-TCP-Established 1970/01/23 01:46:34.937925 0.000000 udp 10.0.2.109 3683 -> 59.90.254.130 2211 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:46:41.677910 0.000000 udp 10.0.2.109 3683 -> 70.48.14.5 9615 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:46:49.909383 0.340612 udp 10.0.2.109 3683 <-> 119.157.197.156 7738 CON 0 0 2 786 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:46:50.258519 0.066749 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/01/23 01:46:50.345667 0.000000 udp 10.0.2.109 3683 -> 62.98.160.90 7793 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 01:51:50.313265 3.002136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 01:51:57.321041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:52:05.322903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:52:21.325446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:52:53.331858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:58:57.337541 3.001921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 01:59:04.345558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:59:12.346829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 01:59:28.349977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:00:00.355511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:06:04.362658 3.001062 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 02:06:11.369144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:06:19.371008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:06:35.373536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:07:07.380127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:13:11.385637 3.002222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 02:13:18.393262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:13:26.394935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:13:42.397777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:14:14.403715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:16:33.924575 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 02:16:33.924780 0.520172 tcp 10.0.2.109 63099 -> 176.73.169.112 1959 FSPA* 0 0 15 1795 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:17:12.780412 0.000000 udp 10.0.2.109 3683 -> 87.153.113.98 4545 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:17:29.225945 0.053150 tcp 10.0.2.109 63100 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:17:29.279398 0.052817 tcp 10.0.2.109 63101 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:17:29.332540 0.159897 tcp 10.0.2.109 63102 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:17:29.493081 0.095276 udp 10.0.2.109 3683 <-> 2.85.47.118 2179 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:29.588783 0.049430 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:29.638616 0.239518 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:29.878577 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:17:45.347820 0.052391 tcp 10.0.2.109 63103 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:17:45.400518 0.052463 tcp 10.0.2.109 63104 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:17:45.453221 0.150404 tcp 10.0.2.109 63105 -> 195.113.214.211 443 SRPA* 0 0 41 21414 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:17:45.603818 0.135364 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:45.739562 0.065284 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:45.820821 0.070166 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:45.821152 3.000631 tcp 10.0.2.109 63106 -> 86.167.165.238 2422 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/23 02:17:45.891346 0.183948 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:46.075656 0.052359 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:46.128393 0.193350 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:46.322150 0.153328 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:46.475897 0.164490 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:46.640770 0.361095 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:47.002230 0.143499 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:47.146066 0.146992 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:47.293430 0.029291 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:47.323036 0.135535 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:47.458925 0.087354 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:47.546659 0.057975 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:47.604962 0.180229 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:47.785562 0.040113 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:47.825995 0.333885 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:48.160232 0.140810 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:48.301436 0.047874 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:48.349649 0.072695 udp 10.0.2.109 3683 <-> 217.83.153.228 5333 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:48.422677 0.079322 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:17:48.502390 0.000000 udp 10.0.2.109 3683 -> 111.250.25.28 5460 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:17:54.820809 0.000000 tcp 10.0.2.109 63106 -> 86.167.165.238 2422 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/23 02:18:03.513767 0.057767 tcp 10.0.2.109 63107 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:03.571808 0.056999 tcp 10.0.2.109 63108 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:03.629073 0.146729 tcp 10.0.2.109 63109 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:03.776294 0.206470 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:03.983108 0.056713 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:04.040162 0.059585 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:04.100112 0.054412 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:04.154864 0.408932 udp 10.0.2.109 3683 <-> 117.196.62.142 7859 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:04.564207 0.182234 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:04.746832 0.055111 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:04.802319 0.051188 udp 10.0.2.109 3683 <-> 85.176.65.252 1229 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:04.853871 0.181402 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:05.035631 0.000000 udp 10.0.2.109 3683 -> 86.157.1.225 9940 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:18:21.229003 0.053647 tcp 10.0.2.109 63110 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:21.282955 0.053318 tcp 10.0.2.109 63111 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:21.336510 0.154453 tcp 10.0.2.109 63112 -> 195.113.214.211 443 SRPA* 0 0 70 49914 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:21.491318 0.160418 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:21.652093 0.379703 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:22.032187 0.076064 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:22.108639 0.219811 udp 10.0.2.109 3683 <-> 95.70.49.137 5747 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:22.328874 0.199731 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:22.329190 4.993129 tcp 10.0.2.109 63113 -> 95.70.49.137 7486 SPA_* 0 0 335 186279 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:22.528936 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:18:27.337563 4.994481 tcp 10.0.2.109 63113 -> 95.70.49.137 7486 A_PA 0 0 368 208288 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:32.352243 3.837100 tcp 10.0.2.109 63113 -> 95.70.49.137 7486 FPA_* 0 0 264 145984 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:40.887300 0.053514 tcp 10.0.2.109 63114 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:40.941112 0.055405 tcp 10.0.2.109 63115 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:40.996795 0.152417 tcp 10.0.2.109 63116 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:41.149847 0.000000 udp 10.0.2.109 3683 -> 176.240.227.214 3636 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:18:58.472504 0.051516 tcp 10.0.2.109 63117 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:58.524245 0.057449 tcp 10.0.2.109 63118 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:58.581943 0.144571 tcp 10.0.2.109 63119 -> 195.113.214.211 443 SRPA* 0 0 40 22580 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:18:58.726976 0.381646 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:59.109049 0.230108 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:59.339580 0.335809 udp 10.0.2.109 3683 <-> 119.157.197.156 7738 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:18:59.675770 0.068666 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:20:18.409073 3.002627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 02:20:25.416920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:20:33.418511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:20:49.421502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:21:21.427804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:27:25.433085 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 02:27:32.441409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:27:40.442976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:27:56.445725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:28:28.451764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:34:32.457254 3.002149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 02:34:39.465323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:34:47.466734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:35:03.469641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:35:35.475759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:41:39.481044 3.002640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 02:41:46.489466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:41:54.490448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:42:10.493840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:42:42.499364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:46:34.443699 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 02:46:34.443792 0.432226 tcp 10.0.2.109 63120 -> 176.73.169.112 1959 FSPA* 0 0 15 1571 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:48:46.505015 3.001939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 02:48:53.513195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:49:01.514832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:49:17.517927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:49:17.778402 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 02:49:17.778640 0.040594 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:49:17.819594 0.000000 udp 10.0.2.109 3683 -> 111.250.25.28 5460 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:49:34.042801 0.053193 tcp 10.0.2.109 63121 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:49:34.096198 0.056383 tcp 10.0.2.109 63122 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:49:34.152754 0.156852 tcp 10.0.2.109 63123 -> 195.113.214.211 443 SRPA* 0 0 41 23492 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:49:34.310069 0.000000 udp 10.0.2.109 3683 -> 86.157.1.225 9940 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:49:49.523255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:49:50.095155 0.053220 tcp 10.0.2.109 63124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:49:50.148541 0.052747 tcp 10.0.2.109 63125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:49:50.201515 0.145386 tcp 10.0.2.109 63126 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:49:50.347385 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:50:08.241183 0.053469 tcp 10.0.2.109 63127 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:50:08.294889 0.053251 tcp 10.0.2.109 63128 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:50:08.348337 0.155364 tcp 10.0.2.109 63129 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:50:08.504177 0.000000 udp 10.0.2.109 3683 -> 176.240.227.214 3636 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:50:23.803251 0.053412 tcp 10.0.2.109 63130 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:50:23.856915 0.056512 tcp 10.0.2.109 63131 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:50:23.913654 0.153835 tcp 10.0.2.109 63132 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:50:24.067667 0.048827 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:24.116889 0.000000 udp 10.0.2.109 3683 -> 2.85.47.118 2179 INT 0 1 90 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:50:40.757388 0.054563 tcp 10.0.2.109 63133 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:50:40.812182 0.063281 tcp 10.0.2.109 63134 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:50:40.875704 0.155373 tcp 10.0.2.109 63135 -> 195.113.214.211 443 SRPA* 0 0 33 14346 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:50:41.031586 0.260200 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:41.292185 0.069791 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:41.362357 0.064195 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:41.426913 0.135039 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:41.562455 0.352300 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:41.915305 0.189875 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:42.105572 0.187219 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:42.293166 0.159080 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:42.452600 0.052507 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:42.505426 0.165258 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:42.671078 0.058432 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:42.730085 0.186336 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:42.916784 0.040292 udp 10.0.2.109 3683 <-> 93.198.196.214 8279 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:42.957431 0.147951 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:43.105758 0.085486 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:43.191611 0.137289 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:43.329271 0.144055 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:43.473749 0.029299 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:43.503382 0.144135 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:43.647836 0.327171 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:43.975571 0.075842 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:50:44.051804 0.000000 udp 10.0.2.109 3683 -> 217.83.153.228 5333 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:51:00.496282 0.055584 tcp 10.0.2.109 63136 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:51:00.552093 0.058075 tcp 10.0.2.109 63137 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:51:00.610495 0.142927 tcp 10.0.2.109 63138 -> 195.113.214.211 443 SRPA* 0 0 40 21398 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:51:00.753649 0.046916 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:00.800945 0.069831 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:00.871164 0.214037 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:01.085589 0.056770 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:01.142708 0.394345 udp 10.0.2.109 3683 <-> 117.196.62.142 7859 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:01.537396 0.180989 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:01.718737 0.054542 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:01.773615 0.060840 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:01.834773 0.000000 udp 10.0.2.109 3683 -> 85.176.65.252 1229 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 02:51:19.413732 0.053266 tcp 10.0.2.109 63139 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:51:19.467223 0.054243 tcp 10.0.2.109 63140 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:51:19.521701 0.147516 tcp 10.0.2.109 63141 -> 195.113.214.211 443 SRPA* 0 0 24 13857 flow=From-Botnet-V1-TCP-Established 1970/01/23 02:51:19.669802 0.145559 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:19.815745 0.158481 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:19.974586 0.075450 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:20.050442 0.197282 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:20.248125 0.211508 udp 10.0.2.109 3683 <-> 95.70.49.137 5747 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:20.459995 0.077732 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:20.538252 0.337155 udp 10.0.2.109 3683 <-> 119.157.197.156 7738 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:20.875790 0.066637 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:20.942752 0.203687 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:51:21.146834 0.184948 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/23 02:55:53.529687 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 02:56:00.537435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:56:08.538568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:56:24.541771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 02:56:56.547682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:03:00.553086 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 03:03:07.561320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:03:15.562099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:03:31.565490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:04:03.571490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:10:07.577323 3.002020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 03:10:14.584776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:10:22.586346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:10:38.589634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:11:10.595706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:16:34.882026 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 03:16:34.882277 0.572271 tcp 10.0.2.109 63142 -> 176.73.169.112 1959 FSPA* 0 0 14 1564 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:17:14.601835 3.001275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 03:17:21.608643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:17:29.610369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:17:45.613649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:18:17.619339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:21:39.189323 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 03:21:39.189479 0.000000 udp 10.0.2.109 3683 -> 2.85.47.118 2179 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 03:21:55.013471 0.053157 tcp 10.0.2.109 63143 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:21:55.066889 0.054930 tcp 10.0.2.109 63144 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:21:55.122313 0.151274 tcp 10.0.2.109 63145 -> 195.113.214.211 443 SRPA* 0 0 48 37348 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:21:55.274337 0.000000 udp 10.0.2.109 3683 -> 217.83.153.228 5333 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 03:22:11.967030 0.054173 tcp 10.0.2.109 63146 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:22:12.021486 0.053446 tcp 10.0.2.109 63147 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:22:12.075324 0.146221 tcp 10.0.2.109 63148 -> 195.113.214.211 443 SRPA* 0 0 23 13768 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:22:12.222248 0.000000 udp 10.0.2.109 3683 -> 85.176.65.252 1229 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 03:22:30.623456 0.053593 tcp 10.0.2.109 63149 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:22:30.677434 0.053016 tcp 10.0.2.109 63150 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:22:30.730756 0.155632 tcp 10.0.2.109 63151 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:22:30.886883 0.047626 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:30.934914 0.049113 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:30.984374 0.066196 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:31.050997 0.141693 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:31.193031 0.363854 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:31.557283 0.278725 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:31.939555 0.066181 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:32.006062 0.165986 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:32.172452 0.160981 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:32.391353 0.181899 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:32.573612 0.000000 udp 10.0.2.109 3683 -> 93.198.196.214 8279 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 03:22:49.400679 0.057803 tcp 10.0.2.109 63152 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:22:49.458810 0.054236 tcp 10.0.2.109 63153 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:22:49.513325 0.182032 tcp 10.0.2.109 63154 -> 195.113.214.211 443 SRPA* 0 0 43 25544 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:22:49.696062 0.152176 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:49.848596 0.192866 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:50.041866 0.070568 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:50.112773 0.051897 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:50.165014 0.143958 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:50.309347 0.142773 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:50.452451 0.029098 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:50.481907 0.143946 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:50.626244 0.335880 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:50.962492 0.074695 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:51.037573 0.149021 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:51.186972 0.089927 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:51.277468 0.054588 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:51.332477 0.044082 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:51.376978 0.178359 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:51.555762 0.057135 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:51.613241 0.054366 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:51.679458 0.055939 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:22:51.735873 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 03:23:09.169325 0.051960 tcp 10.0.2.109 63155 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:23:09.221559 0.054371 tcp 10.0.2.109 63156 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:23:09.276207 0.150880 tcp 10.0.2.109 63157 -> 195.113.214.211 443 SRPA* 0 0 24 14656 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:23:09.427557 0.296553 udp 10.0.2.109 3683 <-> 117.196.62.142 7859 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:09.724480 0.146952 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:09.871783 0.160249 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:10.032393 0.078214 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:10.111010 0.077367 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:10.188743 0.361164 udp 10.0.2.109 3683 <-> 119.157.197.156 7738 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:10.550348 0.066939 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:10.617727 0.213600 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:10.831675 0.213754 udp 10.0.2.109 3683 <-> 95.70.49.137 5747 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:11.045806 0.204489 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:23:11.250671 0.188342 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:24:21.625007 3.072499 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 03:24:28.703067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:24:36.704837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:24:52.707646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:25:24.713620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:31:28.719354 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 03:31:35.726865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:31:43.728068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:31:59.731519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:32:31.737607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:38:35.743499 3.001727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 03:38:42.751295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:38:50.752317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:39:06.755052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:39:38.761394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:45:42.766995 3.002078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 03:45:49.775090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:45:57.776340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:46:13.779297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:46:35.491144 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 03:46:35.491256 0.564453 tcp 10.0.2.109 63158 -> 176.73.169.112 1959 FSPA* 0 0 14 1660 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:46:45.785534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:52:49.791036 3.002339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 03:52:56.799041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:53:04.800544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:53:18.770491 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 03:53:18.770726 0.000000 udp 10.0.2.109 3683 -> 93.198.196.214 8279 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 03:53:20.803112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:53:37.278615 0.055159 tcp 10.0.2.109 63159 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:53:37.334082 0.060014 tcp 10.0.2.109 63160 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:53:37.394532 0.157865 tcp 10.0.2.109 63161 -> 195.113.214.211 443 SRPA* 0 0 45 40654 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:53:37.553216 0.207790 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:37.761400 0.065963 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:37.827683 0.052762 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:37.880761 0.042541 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:37.923589 0.073882 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:37.997793 0.142086 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:38.140273 0.365187 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:38.505923 0.239830 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:38.746089 0.185581 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:38.932163 0.154738 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:39.087160 0.182240 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:39.269763 0.158693 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:39.429067 0.187391 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:39.616859 0.137594 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:39.754852 0.141702 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:39.896940 0.030780 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:39.928037 0.143478 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:40.071906 0.319668 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:40.392016 0.212504 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:40.604898 0.061356 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:40.666607 0.054797 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:40.721698 0.048647 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:40.770666 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 03:53:52.809635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 03:53:59.119265 0.054932 tcp 10.0.2.109 63162 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:53:59.174513 0.052543 tcp 10.0.2.109 63163 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:53:59.227340 0.148628 tcp 10.0.2.109 63164 -> 195.113.214.211 443 SRPA* 0 0 53 30596 flow=From-Botnet-V1-TCP-Established 1970/01/23 03:53:59.376614 0.054504 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:59.431514 0.059695 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:59.491576 0.054184 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:59.546083 0.147907 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:59.694498 0.183041 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:59.877917 0.054537 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:53:59.932818 0.370818 udp 10.0.2.109 3683 <-> 117.196.62.142 7859 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:00.304032 0.145405 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:00.449798 0.158235 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:00.608439 0.344503 udp 10.0.2.109 3683 <-> 119.157.197.156 7738 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:00.953310 0.063818 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:01.017509 0.209480 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:01.227435 0.217748 udp 10.0.2.109 3683 <-> 95.70.49.137 5747 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:01.445623 0.113940 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:01.559940 0.079074 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:01.639370 0.202901 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:54:01.842662 0.181703 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/23 03:59:56.814685 3.002570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 04:00:03.822678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:00:11.824105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:00:27.827473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:00:59.833035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:07:03.839279 3.001928 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 04:07:10.846497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:07:18.848312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:07:34.851057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:08:06.857215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:14:10.863202 3.002128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 04:14:17.870612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:14:25.872110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:14:41.875403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:15:13.883223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:16:36.059759 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 04:16:36.059869 0.458650 tcp 10.0.2.109 63165 -> 176.73.169.112 1959 FSPA* 0 0 14 1618 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:21:17.887219 3.001930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 04:21:24.894585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:21:32.895977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:21:48.899324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:22:20.905330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:24:07.308263 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 04:24:07.308365 0.179482 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:07.488281 0.052594 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:07.541286 0.048138 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:07.589788 0.061200 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:07.651342 0.213689 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:07.865388 0.066184 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:07.931938 0.324443 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:08.256761 0.157189 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:08.414316 0.164505 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:08.579211 0.135615 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:08.715222 0.362054 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:09.077671 0.186345 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:09.264362 0.138327 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:09.403236 0.146079 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:09.403748 3.001431 tcp 10.0.2.109 63166 -> 68.195.125.143 4009 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/23 04:24:09.549718 0.031127 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:09.581212 0.144344 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:09.725946 0.159405 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:09.885691 0.181846 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:10.067908 0.061088 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:10.129339 0.053366 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:10.183057 0.049490 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:10.232888 0.081611 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:10.314798 0.342175 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:10.657342 0.057160 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:10.714900 0.147359 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:10.862703 0.084211 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:10.947281 0.055777 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:11.003454 0.061621 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:11.065436 0.055445 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:11.121311 0.000000 udp 10.0.2.109 3683 -> 117.196.62.142 7859 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 04:24:18.404042 0.000000 tcp 10.0.2.109 63166 -> 68.195.125.143 4009 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/23 04:24:29.412118 0.054355 tcp 10.0.2.109 63167 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:29.466752 0.054555 tcp 10.0.2.109 63168 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:29.521549 0.159856 tcp 10.0.2.109 63169 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:29.681622 0.147835 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:29.829858 0.160137 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:29.990373 0.343102 udp 10.0.2.109 3683 <-> 119.157.197.156 7738 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:30.334059 0.063899 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:30.398349 0.085122 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:30.483861 0.080506 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:30.564732 0.378239 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:30.943396 0.180645 udp 10.0.2.109 3683 <-> 66.115.90.55 3922 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:30.943717 4.995610 tcp 10.0.2.109 63170 -> 68.235.141.45 3202 SPA_* 0 0 144 73604 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:31.124398 0.197927 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:24:31.322712 0.000000 udp 10.0.2.109 3683 -> 95.70.49.137 5747 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 04:24:36.049825 4.930563 tcp 10.0.2.109 63170 -> 68.235.141.45 3202 A_PA 0 0 186 100156 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:41.176597 4.992285 tcp 10.0.2.109 63170 -> 68.235.141.45 3202 A_PA 0 0 215 115438 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:46.177452 4.934458 tcp 10.0.2.109 63170 -> 68.235.141.45 3202 A_PA 0 0 208 112204 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:47.967289 0.051660 tcp 10.0.2.109 63171 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:48.019201 0.070450 tcp 10.0.2.109 63172 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:48.089908 0.155988 tcp 10.0.2.109 63173 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:51.234013 4.839751 tcp 10.0.2.109 63170 -> 68.235.141.45 3202 FPA_* 0 0 254 141701 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:24:56.298614 0.000132 tcp 10.0.2.109 63170 -> 68.235.141.45 3202 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:28:24.930812 3.002100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 04:28:31.939087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:28:39.940102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:28:55.943284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:29:27.949444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:35:31.954965 3.002209 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 04:35:38.962554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:35:46.963779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:36:02.967451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:36:34.973021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:42:38.978449 3.002011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 04:42:45.986512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:42:53.988330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:43:09.991512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:43:41.997232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:46:36.538901 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 04:46:36.539154 0.472947 tcp 10.0.2.109 63174 -> 176.73.169.112 1959 FSPA* 0 0 15 1790 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:49:46.012093 3.002817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 04:49:53.020605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:50:01.021869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:50:17.025286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:50:49.030796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:55:12.049446 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 04:55:12.049549 0.000000 udp 10.0.2.109 3683 -> 117.196.62.142 7859 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 04:55:28.905931 0.054018 tcp 10.0.2.109 63175 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:55:28.960200 0.056385 tcp 10.0.2.109 63176 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:55:29.016766 0.149664 tcp 10.0.2.109 63177 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:55:29.166924 0.000000 udp 10.0.2.109 3683 -> 95.70.49.137 5747 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 04:55:47.981650 0.053901 tcp 10.0.2.109 63178 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:55:48.035747 0.055487 tcp 10.0.2.109 63179 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:55:48.091484 0.148240 tcp 10.0.2.109 63180 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:55:48.240186 0.206927 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:48.447495 0.064016 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:48.511889 0.047395 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:48.559633 0.052002 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:48.612045 0.179499 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:48.791951 0.068424 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:48.860767 0.165018 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:49.026349 0.134920 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:49.161676 0.366088 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:49.528160 0.204923 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:49.733496 0.239488 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:49.973315 0.143814 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:50.117747 0.155684 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:50.273808 0.174612 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:50.448803 0.135745 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:50.584904 0.186839 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:50.772115 0.142408 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:50.914902 0.031681 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:50.946968 0.049829 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:50.997089 0.072988 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.070463 0.354808 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.425622 0.055982 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.481924 0.143773 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.626038 0.086993 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.713361 0.055620 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.769354 0.057634 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.827318 0.058859 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.886479 0.049440 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.936203 0.058056 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:51.994580 0.162916 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:52.157910 0.147923 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:52.306206 0.069635 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:52.376201 0.297089 udp 10.0.2.109 3683 <-> 119.157.197.156 7738 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:52.673701 0.079668 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:52.753706 0.203773 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:52.957917 0.076474 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:55:53.034749 0.000000 udp 10.0.2.109 3683 -> 66.115.90.55 3922 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 04:56:11.195194 0.062150 tcp 10.0.2.109 63181 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:56:11.257592 0.053935 tcp 10.0.2.109 63182 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:56:11.311756 0.155234 tcp 10.0.2.109 63183 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/23 04:56:11.467207 0.212748 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/23 04:56:53.037395 3.001921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 04:57:00.045257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:57:08.045958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:57:24.049036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 04:57:56.054954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:04:00.060341 3.002734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 05:04:07.068735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:04:15.070140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:04:31.073158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:05:03.079556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:11:07.085345 3.001168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 05:11:14.092434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:11:22.094116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:11:38.096667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:12:10.103295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:16:37.017265 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 05:16:37.017475 0.457216 tcp 10.0.2.109 63184 -> 176.73.169.112 1959 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/01/23 05:18:14.109115 3.001939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 05:18:21.116325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:18:29.118375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:18:45.120932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:19:17.127294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:25:21.133021 3.001548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 05:25:28.140047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:25:36.141661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:25:52.144713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:26:24.150774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:26:33.234632 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 05:26:33.234724 1.847187 udp 10.0.2.109 3683 -> 66.115.90.55 3922 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 05:26:35.081911 0.000000 icmp 66.115.90.55 0x0303 -> 10.0.2.109 0x520f URP 192 1 197 flow=Background 1970/01/23 05:26:50.980929 0.054143 tcp 10.0.2.109 63185 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 05:26:51.035381 0.051571 tcp 10.0.2.109 63186 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 05:26:51.087228 0.142711 tcp 10.0.2.109 63187 -> 195.113.214.211 443 SRPA* 0 0 41 23282 flow=From-Botnet-V1-TCP-Established 1970/01/23 05:26:51.230449 0.063182 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:51.293987 0.047754 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:51.342246 0.055382 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:51.398027 0.179829 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:51.578251 0.068901 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:51.647490 0.214798 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:51.862710 0.382143 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:52.245177 0.158122 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:52.403718 0.266720 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:52.670856 0.164788 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:52.836097 0.128000 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:52.964511 0.174938 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:53.139856 0.147437 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:53.287691 0.143637 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:53.431768 0.160111 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:53.592261 0.142840 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:53.735501 0.029260 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:53.765102 0.050618 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:53.816101 0.194854 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.011360 0.359703 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.371487 0.055374 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.427242 0.148451 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.576057 0.088303 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.664725 0.056634 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.721744 0.054485 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.776580 0.060858 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.837804 0.044950 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.883091 0.061078 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:54.944553 0.076710 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:55.021619 0.286138 rtcp 10.0.2.109 3683 <-> 119.157.197.156 7738 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:55.308149 0.080321 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:55.388842 0.218879 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:55.608125 0.166739 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:55.775247 0.146393 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:55.922047 0.066729 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:55.989157 0.079190 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:26:56.068699 0.210831 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:32:28.157111 3.021525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 05:32:35.184545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:32:43.186044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:32:59.188821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:33:31.194869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:39:35.200438 3.002095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 05:39:42.208417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:39:50.209698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:40:06.212820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:40:38.218609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:46:37.475779 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 05:46:37.475925 0.478781 tcp 10.0.2.109 63188 -> 176.73.169.112 1959 FSPA* 0 0 15 1731 flow=From-Botnet-V1-TCP-Established 1970/01/23 05:46:42.224438 3.001830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 05:46:49.232566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:46:57.233692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:47:13.237022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:47:45.242934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:53:49.248167 3.002600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 05:53:56.255929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:54:04.257792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:54:20.261085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:54:52.266975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 05:57:20.089888 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 05:57:20.089990 0.063990 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:20.154445 0.042380 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:20.197164 0.048880 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:20.246380 0.179046 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:20.425820 0.067957 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:20.494181 0.218326 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:20.712887 0.255803 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:20.969074 0.166141 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:21.135550 0.128439 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:21.264366 0.363427 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:21.628179 0.171600 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:21.800109 0.180060 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:21.980535 0.157099 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:22.137985 0.142894 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:22.281244 0.158162 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:22.439755 0.143694 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:22.583890 0.029242 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:22.613435 0.050209 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:22.663953 0.193976 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:22.858306 0.335113 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.194039 0.056885 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.251286 0.145155 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.396799 0.081178 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.478507 0.057080 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.535933 0.055612 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.591897 0.059700 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.651964 0.044797 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.697072 0.054169 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.751663 0.078371 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:23.830400 0.000000 udp 10.0.2.109 3683 -> 119.157.197.156 7738 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 05:57:40.069381 0.056440 tcp 10.0.2.109 63189 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 05:57:40.126016 0.054715 tcp 10.0.2.109 63190 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 05:57:40.181009 0.208013 tcp 10.0.2.109 63191 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/23 05:57:40.389189 0.080220 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:40.469765 0.211330 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:40.681459 0.159226 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:40.841125 0.146115 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:40.987593 0.067633 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:41.055586 0.132185 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/23 05:57:41.188167 0.198773 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:00:56.273086 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 06:01:03.280437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:01:11.281800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:01:27.284909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:01:59.290488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:08:03.296494 3.001622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 06:08:10.304058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:08:18.306035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:08:34.308974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:09:06.314713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:15:10.340730 3.081835 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 06:15:17.428404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:15:25.429928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:15:41.432792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:16:13.438534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:16:37.984476 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 06:16:37.984621 0.438629 tcp 10.0.2.109 63192 -> 176.73.169.112 1959 FSPA* 0 0 14 1539 flow=From-Botnet-V1-TCP-Established 1970/01/23 06:22:17.445064 3.001364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 06:22:24.452617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:22:32.453661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:22:48.456469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:23:20.462949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:27:46.035220 0.000036 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 06:27:46.035300 0.403268 udp 10.0.2.109 3683 -> 119.157.197.156 7738 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 06:27:46.438568 0.000000 icmp 119.157.197.156 0x0303 -> 10.0.2.109 0x3a1e URP 192 1 192 flow=Background 1970/01/23 06:28:01.258468 0.053668 tcp 10.0.2.109 63193 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 06:28:01.312373 0.069763 tcp 10.0.2.109 63194 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 06:28:01.382395 0.156426 tcp 10.0.2.109 63195 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/23 06:28:01.539517 0.000000 udp 10.0.2.109 3683 -> 87.153.113.98 4545 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 06:28:20.394749 0.052125 tcp 10.0.2.109 63196 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 06:28:20.447134 0.054880 tcp 10.0.2.109 63197 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 06:28:20.502445 0.153174 tcp 10.0.2.109 63198 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/23 06:28:20.656113 0.054049 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:20.710492 0.178378 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:20.889255 0.376985 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:21.266569 0.215331 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:21.482267 0.278768 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:21.761373 0.066860 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:21.828588 0.335746 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:22.164716 0.156294 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:22.321411 0.173934 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:22.495686 0.163570 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:22.659598 0.128021 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:22.787949 0.142445 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:22.930771 0.142908 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.074040 0.031015 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.105388 0.049159 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.154909 0.188675 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.343974 0.158853 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.503211 0.144919 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.648563 0.056688 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.705638 0.146871 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.852867 0.086594 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.939841 0.056344 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:23.996561 0.057060 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:24.054028 0.059719 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:24.114289 0.048927 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:24.163554 0.056267 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:24.220161 0.072808 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:24.293316 0.352695 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:24.646400 0.174743 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:24.821537 0.146148 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:24.968070 0.078711 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:25.047168 0.234728 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:25.282308 0.227145 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:25.509800 0.066959 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:28:25.577131 0.082909 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:29:24.468626 3.001833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 06:29:31.475996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:29:39.478080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:29:55.480550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:30:27.486762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:36:31.492608 3.002043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 06:36:38.499952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:36:46.501391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:37:02.504521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:37:34.510615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:43:38.516208 3.001973 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 06:43:45.523947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:43:53.525679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:44:09.528405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:44:41.534821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:46:38.423387 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 06:46:38.423536 0.505751 tcp 10.0.2.109 63199 -> 176.73.169.112 1959 FSPA* 0 0 14 1642 flow=From-Botnet-V1-TCP-Established 1970/01/23 06:50:45.540383 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 06:50:52.548000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:51:00.549373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:51:16.552320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:51:48.558606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:57:52.564190 3.002090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 06:57:59.572187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:58:07.573671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:58:23.576897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:58:53.570011 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 06:58:53.570214 0.041569 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:53.612200 0.052637 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:53.665216 0.180079 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:53.845678 0.836322 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:54.682457 0.213540 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:54.896333 0.240418 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:55.137112 0.062155 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:55.199606 0.182722 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:55.382767 0.159130 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:55.542474 0.135551 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:55.582562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 06:58:55.678412 0.232527 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:55.911274 0.359113 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:56.270748 0.156480 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:56.427579 0.145277 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:56.573207 0.032135 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:56.605673 0.049889 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:56.655941 0.192557 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:56.848864 0.161107 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.010389 0.142075 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.152882 0.055004 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.208276 0.153834 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.362434 0.086687 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.449499 0.056578 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.506448 0.055834 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.562666 0.059243 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.622310 0.044852 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.667535 0.055795 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.723655 0.076654 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:57.800730 0.327638 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:58.128733 0.179462 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:58.308559 0.168390 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:58.477398 0.078653 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:58.556397 0.079366 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:58.636110 0.079727 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:58.716194 0.249706 udp 10.0.2.109 3683 <-> 68.235.141.45 4848 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/23 06:58:58.966315 0.226263 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:04:59.588836 3.001339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 07:05:06.596322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:05:14.597903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:05:30.600751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:06:02.606978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:12:06.612403 3.001772 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 07:12:13.619707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:12:21.621773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:12:37.624842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:13:09.631017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:16:38.931977 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 07:16:38.932223 0.617955 tcp 10.0.2.109 63200 -> 176.73.169.112 1959 FSPA* 0 0 15 1691 flow=From-Botnet-V1-TCP-Established 1970/01/23 07:19:13.636317 3.001592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 07:19:20.643859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:19:28.645204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:19:44.648203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:20:16.654814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:26:20.661568 3.000512 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 07:26:27.667798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:26:35.669608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:26:51.672218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:27:23.678506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:29:15.489889 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 07:29:15.490061 0.180780 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:15.671227 0.043638 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:15.715221 0.053154 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:15.768809 0.071625 udp 10.0.2.109 3683 <-> 81.149.113.6 6268 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:15.840822 0.207275 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:16.048554 0.243462 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:16.292435 0.064263 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:16.357047 0.188032 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:16.545437 0.182764 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:16.728615 0.135838 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:16.864804 0.137493 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:17.002623 0.140031 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:17.143029 0.031080 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:17.174448 0.049509 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:17.224286 0.193910 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:17.418574 0.158020 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:17.576959 0.368406 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:17.945743 0.164303 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.110405 0.145802 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.256547 0.056702 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.313690 0.145734 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.459815 0.086685 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.546906 0.056503 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.603849 0.058144 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.662406 0.060482 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.723292 0.045760 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.769468 0.059550 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.829399 0.111392 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:18.941201 0.146003 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:19.087571 0.080658 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:19.168579 0.066967 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:19.235910 0.098291 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:19.334620 0.000000 udp 10.0.2.109 3683 -> 68.235.141.45 4848 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 07:29:35.419390 0.053458 tcp 10.0.2.109 63201 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 07:29:35.473103 0.052750 tcp 10.0.2.109 63202 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 07:29:35.526276 0.148364 tcp 10.0.2.109 63203 -> 195.113.214.211 443 SRPA* 0 0 38 33834 flow=From-Botnet-V1-TCP-Established 1970/01/23 07:29:35.675238 0.322888 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:35.998466 0.173572 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:29:36.172425 0.201608 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/23 07:33:27.684221 3.001824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 07:33:34.691866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:33:42.693799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:33:58.696554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:34:30.702580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:40:34.708965 3.001438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 07:40:41.715734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:40:49.717513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:41:05.720410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:41:37.726800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:46:39.550929 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 07:46:39.551087 0.434474 tcp 10.0.2.109 63204 -> 176.73.169.112 1959 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/01/23 07:47:41.732238 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 07:47:48.739783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:47:56.741601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:48:12.744463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:48:44.750068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:54:48.756073 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 07:54:55.764079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:55:03.765263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:55:19.768366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 07:55:51.774488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:00:03.737329 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 08:00:03.737481 0.000000 udp 10.0.2.109 3683 -> 68.235.141.45 4848 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 08:00:21.264099 0.054622 tcp 10.0.2.109 63205 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:00:21.319019 0.053749 tcp 10.0.2.109 63206 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:00:21.373012 0.158908 tcp 10.0.2.109 63207 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:00:21.532108 0.053089 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:21.585554 0.000000 udp 10.0.2.109 3683 -> 81.149.113.6 6268 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 08:00:37.165695 0.053145 tcp 10.0.2.109 63208 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:00:37.219085 0.051631 tcp 10.0.2.109 63209 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:00:37.271009 0.145548 tcp 10.0.2.109 63210 -> 195.113.214.211 443 SRPA* 0 0 33 21646 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:00:37.417115 0.206227 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:37.623679 0.180468 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:37.804520 0.042774 udp 10.0.2.109 3683 <-> 87.153.113.98 4545 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:37.847679 0.066817 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:37.914885 0.188317 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:38.103596 0.160344 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:38.264360 0.134811 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:38.399586 0.184050 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:38.584030 0.243335 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:38.827808 0.029161 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:38.857321 0.138883 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:38.996547 0.161389 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:39.158320 0.364580 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:39.523266 0.193687 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:39.717323 0.049776 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:39.767488 0.142474 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:39.910329 0.056191 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:39.966889 0.148016 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:40.115336 0.084231 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:40.199958 0.066010 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:40.266528 0.056807 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:40.323662 0.058425 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:40.382482 0.048187 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:40.431037 0.054771 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:40.486245 0.066497 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:40.553129 0.167867 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:40.721381 0.000000 udp 10.0.2.109 3683 -> 86.139.122.162 2713 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 08:00:57.204128 0.051947 tcp 10.0.2.109 63211 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:00:57.256328 0.052662 tcp 10.0.2.109 63212 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:00:57.309346 0.145954 tcp 10.0.2.109 63213 -> 195.113.214.211 443 SRPA* 0 0 42 23046 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:00:57.455793 0.148868 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:57.605022 0.095599 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:57.700959 0.065459 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:57.766782 0.320174 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:58.087322 0.239755 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:00:58.327459 0.212305 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:01:55.781467 3.000330 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 08:02:02.787508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:02:10.789389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:02:26.792192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:02:58.798521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:09:02.804297 3.001631 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 08:09:09.811875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:09:17.813469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:09:33.815982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:10:05.822010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:16:09.828365 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 08:16:16.835766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:16:24.837494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:16:39.990008 0.000191 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 08:16:39.990254 0.727241 tcp 10.0.2.109 63214 -> 176.73.169.112 1959 FSPA* 0 0 15 1800 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:16:40.840333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:17:12.846339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:23:16.852161 3.002218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 08:23:23.859865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:23:31.861124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:23:47.863942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:24:19.870121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:30:23.877872 4.011443 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 08:30:31.895063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:30:39.896510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:30:55.899351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:31:06.876075 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 08:31:06.876237 0.000000 udp 10.0.2.109 3683 -> 81.149.113.6 6268 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 08:31:22.229086 0.076816 tcp 10.0.2.109 63215 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:31:22.306183 0.113889 tcp 10.0.2.109 63216 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:31:22.420377 0.153657 tcp 10.0.2.109 63217 -> 195.113.214.211 443 SRPA* 0 0 23 13768 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:31:22.574536 0.000000 udp 10.0.2.109 3683 -> 86.139.122.162 2713 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 08:31:27.905623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:31:39.272594 0.054397 tcp 10.0.2.109 63218 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:31:39.326934 0.057292 tcp 10.0.2.109 63219 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:31:39.384550 0.144785 tcp 10.0.2.109 63220 -> 195.113.214.211 443 SRPA* 0 0 22 13124 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:31:39.529869 0.051716 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:39.582200 0.631010 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:40.213577 0.206321 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:40.420338 0.180408 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:40.746916 0.000000 udp 10.0.2.109 3683 -> 87.153.113.98 4545 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 08:31:56.086988 0.053195 tcp 10.0.2.109 63221 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:31:56.140488 0.054928 tcp 10.0.2.109 63222 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:31:56.195701 0.162495 tcp 10.0.2.109 63223 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:31:56.358753 0.128621 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:56.487732 0.205976 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:56.694259 0.201509 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:56.896189 0.183037 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:57.079579 0.029454 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:57.109458 0.142878 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:57.252704 0.240229 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:57.493315 0.195066 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:57.688730 0.050682 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:57.739770 0.147934 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:57.888096 0.055450 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:57.943894 0.356050 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:58.300280 0.151686 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:58.452313 0.089646 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:58.542561 0.074228 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:58.617179 0.065765 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:58.683325 0.061183 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:58.744887 0.046737 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:58.791958 0.066425 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:58.858838 0.076821 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:58.936050 0.164537 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:59.100989 0.146890 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:31:59.248246 0.000000 udp 10.0.2.109 3683 -> 81.130.42.60 4828 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 08:32:15.985537 0.057941 tcp 10.0.2.109 63224 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:32:16.043751 0.056989 tcp 10.0.2.109 63225 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:32:16.101074 0.145884 tcp 10.0.2.109 63226 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:32:16.247444 0.145948 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:32:16.393799 0.092929 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:32:16.487151 0.199609 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:32:16.687110 0.328401 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:32:17.015878 0.181718 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/23 08:37:31.911315 3.001934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 08:37:38.919390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:37:46.920433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:38:02.923560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:38:34.929560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:44:50.942424 3.002027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 08:44:57.950511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:45:05.951591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:45:21.955067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:45:53.960991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:46:41.209126 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 08:46:41.209261 0.593876 tcp 10.0.2.109 63227 -> 176.73.169.112 1959 FSPA* 0 0 15 1695 flow=From-Botnet-V1-TCP-Established 1970/01/23 08:52:12.968489 3.001362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 08:52:19.976103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:52:27.977435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:52:43.980479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:53:15.986078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:59:19.992491 3.001212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 08:59:27.000068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:59:35.001424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 08:59:51.003986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:00:23.009995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:02:43.993321 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 09:02:43.993412 0.000000 udp 10.0.2.109 3683 -> 87.153.113.98 4545 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 09:02:59.267206 0.049608 tcp 10.0.2.109 63228 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 09:02:59.317102 0.051285 tcp 10.0.2.109 63229 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 09:02:59.368607 0.131463 tcp 10.0.2.109 63230 -> 195.113.214.211 443 SRPA* 0 0 68 59314 flow=From-Botnet-V1-TCP-Established 1970/01/23 09:02:59.500731 0.067194 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:02:59.568275 0.056533 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:02:59.625136 0.063050 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:02:59.688534 0.207852 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:02:59.896725 0.178617 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:00.075697 0.175556 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:00.251601 0.182296 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:00.434267 0.198566 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:00.633217 0.143027 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:00.776628 0.145091 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:00.922122 0.029146 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:00.951606 0.049712 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:01.001625 0.140452 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:01.142438 0.052708 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:01.195504 0.332143 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:01.528047 0.160628 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:01.689031 0.241226 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:01.930635 0.187147 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.118243 0.075226 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.193792 0.063482 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.257639 0.059857 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.317887 0.046945 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.365176 0.061236 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.426802 0.082074 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.509214 0.164940 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.674512 0.148879 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.823793 0.089138 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:02.913307 0.214493 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:03.128149 0.148004 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:03.276528 0.080177 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:03.357063 0.393257 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:03:03.750683 0.185638 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:06:27.016840 3.001201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 09:06:34.023562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:06:42.025041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:06:58.028035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:07:30.034498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:13:34.040985 3.000775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 09:13:41.047807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:13:49.049523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:14:05.052289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:14:37.058535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:16:41.808340 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 09:16:41.808487 0.619578 tcp 10.0.2.109 63231 -> 176.73.169.112 1959 FSPA* 0 0 15 1755 flow=From-Botnet-V1-TCP-Established 1970/01/23 09:20:41.064596 3.001314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 09:20:48.071629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:20:56.073530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:21:12.076166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:21:44.082795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:27:48.088017 3.001779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 09:27:55.095713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:28:03.097376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:28:19.100567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:28:51.106146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:33:05.812488 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 09:33:05.812580 0.073689 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:05.886621 0.207088 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:06.094048 0.180007 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:06.274431 0.067511 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:06.342405 0.054920 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:06.397682 0.164009 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:06.562086 0.182420 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:06.744903 0.217141 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:06.962427 0.129647 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:07.092487 0.154622 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:07.247476 0.032306 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:07.280097 0.049933 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:07.330410 0.140758 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:07.471562 0.054590 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:07.526469 0.346450 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:07.873270 0.159178 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:08.032817 0.240438 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:08.273601 0.192244 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:08.466369 0.107312 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:08.574005 0.066421 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:08.640848 0.063334 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:08.704523 0.047596 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:08.752484 0.065940 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:08.818805 0.074234 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:08.893384 0.167314 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:09.061131 0.144230 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:09.205762 0.087047 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:09.293185 0.215490 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:09.509019 0.356335 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:09.865750 0.185713 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:10.051837 0.145852 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:33:10.198112 0.080102 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/23 09:34:55.111902 3.001805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 09:35:02.119432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:35:10.121331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:35:26.124054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:35:58.130019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:42:02.136125 3.001779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 09:42:09.143764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:42:17.145145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:42:33.148125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:43:05.154528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:46:42.427258 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 09:46:42.427448 0.760127 tcp 10.0.2.109 63232 -> 176.73.169.112 1959 FSPA* 0 0 15 1717 flow=From-Botnet-V1-TCP-Established 1970/01/23 09:49:09.160218 3.001471 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 09:49:16.167387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:49:24.168951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:49:40.172094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:50:12.178517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:56:16.183565 3.002119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 09:56:23.191801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:56:31.193004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:56:47.195778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 09:57:19.201929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:03:23.207848 3.001606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 10:03:23.519356 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 10:03:23.519474 0.062288 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:23.582120 0.066693 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:23.649185 0.055485 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:23.705043 0.163698 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:23.869160 0.200054 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:24.069623 0.213588 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:24.283639 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 10:03:30.215577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:03:38.217095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:03:40.391984 0.054729 tcp 10.0.2.109 63233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:03:40.447020 0.054962 tcp 10.0.2.109 63234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:03:40.502283 0.143773 tcp 10.0.2.109 63235 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:03:40.646682 0.141375 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:40.788484 0.134138 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:40.923004 0.141120 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:41.064500 0.033062 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:41.097939 0.048717 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:41.147035 0.144595 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:41.291982 0.053519 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:41.345879 0.340294 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:41.686504 0.159909 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:41.846785 0.275053 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:42.122270 0.193558 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:42.316170 0.114102 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:42.430626 0.067366 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:42.498475 0.059468 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:42.558455 0.047297 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:03:42.606280 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 10:03:54.219755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:04:00.719585 0.055565 tcp 10.0.2.109 63236 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:04:00.775369 0.059609 tcp 10.0.2.109 63237 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:04:00.835197 0.148482 tcp 10.0.2.109 63238 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:04:00.984282 0.074089 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:04:01.058766 0.086931 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:04:01.146210 0.217620 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:04:01.364207 0.387129 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:04:01.751720 0.164143 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:04:01.916252 0.148201 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:04:02.064817 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 10:04:17.584279 0.053160 tcp 10.0.2.109 63239 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:04:17.637697 0.053661 tcp 10.0.2.109 63240 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:04:17.691589 0.220628 tcp 10.0.2.109 63241 -> 195.113.214.211 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:04:17.912679 0.165893 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:04:18.078974 0.147262 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:04:26.226216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:10:30.231972 3.001573 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 10:10:37.239295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:10:45.241069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:11:01.243813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:11:33.250066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:16:43.196612 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 10:16:43.196751 0.689413 tcp 10.0.2.109 63242 -> 176.73.169.112 1959 FSPA* 0 0 13 1611 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:17:37.255445 3.002378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 10:17:44.263802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:17:52.264897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:18:08.267644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:18:40.274000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:24:44.280380 3.001282 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 10:24:51.287428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:24:59.289401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:25:15.292056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:25:47.298440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:31:51.303710 3.001860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 10:31:58.311179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:32:06.312604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:32:22.316076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:32:54.321717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:34:45.261689 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 10:34:45.262001 0.178441 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:34:45.440812 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 10:35:00.925622 0.054699 tcp 10.0.2.109 63243 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:35:00.980579 0.052318 tcp 10.0.2.109 63244 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:35:01.033113 0.145221 tcp 10.0.2.109 63245 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:35:01.178854 0.142372 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:01.321587 0.206369 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:01.528340 0.064942 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:01.593701 0.055432 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:01.649429 0.000000 udp 10.0.2.109 3683 -> 81.130.42.60 4828 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 10:35:20.021856 0.050065 tcp 10.0.2.109 63246 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:35:20.072144 0.051617 tcp 10.0.2.109 63247 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:35:20.124021 0.147531 tcp 10.0.2.109 63248 -> 195.113.214.211 443 SRPA* 0 0 23 13178 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:35:20.272063 0.181425 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:20.453886 0.212360 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:20.666544 0.146608 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:20.813524 0.047306 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:20.861145 0.170599 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:21.032135 0.056630 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:21.089154 0.342366 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:21.431900 0.160285 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:21.592510 0.031459 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:21.624320 0.157440 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:21.782186 0.160220 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:21.942762 0.058865 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:22.001988 0.049714 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:22.052069 0.263905 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:22.316360 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 10:35:38.868967 0.049075 tcp 10.0.2.109 63249 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:35:38.918296 0.051975 tcp 10.0.2.109 63250 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:35:38.970506 0.148338 tcp 10.0.2.109 63251 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:35:39.119234 0.185427 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:39.305011 0.066963 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:39.372324 0.222299 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:39.595017 0.356115 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:39.951510 0.155395 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:40.107302 0.074682 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:40.182487 0.089025 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:40.271887 0.158838 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:40.431128 0.183106 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:35:40.614595 0.157247 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/23 10:38:58.328107 3.001721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 10:39:05.335759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:39:13.337155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:39:29.340185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:40:01.345637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:46:05.351260 3.002362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 10:46:12.359095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:46:20.361154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:46:36.363750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:46:43.884968 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 10:46:43.885191 0.669592 tcp 10.0.2.109 63252 -> 176.73.169.112 1959 FSPA* 0 0 14 1585 flow=From-Botnet-V1-TCP-Established 1970/01/23 10:47:08.369886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:53:12.376647 3.001010 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 10:53:19.383177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:53:27.384729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:53:43.387901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 10:54:15.393881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:00:19.399209 3.002248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 11:00:26.407205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:00:34.409023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:00:50.411540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:01:22.417530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:05:42.081502 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 11:05:42.081657 0.064230 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:05:42.146279 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 11:06:00.980373 0.053681 tcp 10.0.2.109 63253 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:06:01.034326 0.053834 tcp 10.0.2.109 63254 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:06:01.088506 0.191993 tcp 10.0.2.109 63255 -> 195.113.214.211 443 SRPA* 0 0 35 27400 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:06:01.281148 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 11:06:17.202554 0.070730 tcp 10.0.2.109 63256 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:06:17.273553 0.052969 tcp 10.0.2.109 63257 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:06:17.326762 0.158394 tcp 10.0.2.109 63258 -> 195.113.214.211 443 SRPA* 0 0 42 22918 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:06:17.485758 0.055671 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:17.541820 0.166626 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:17.708845 0.114233 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:17.823475 0.062911 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:17.886766 0.176108 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:18.063258 0.047092 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:18.110724 0.138390 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:18.249464 0.213840 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:18.463698 0.360696 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:18.824783 0.153050 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:18.978345 0.031380 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:19.010094 0.156698 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:19.167125 0.163291 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:19.330763 0.057477 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:19.388588 0.255728 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:19.644724 0.161595 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:19.806717 0.058411 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:19.865491 0.048301 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:19.914376 0.228581 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:20.143340 0.193080 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:20.336805 0.065398 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:20.402601 0.318232 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:20.721206 0.163443 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:20.885040 0.078266 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:20.963645 0.086814 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:21.050863 0.166952 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:21.218209 0.304165 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:06:21.522741 0.150655 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:07:26.423970 3.001351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 11:07:33.431269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:07:41.432945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:07:57.435951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:08:29.441620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:14:33.447089 3.002122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 11:14:40.454854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:14:48.456944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:15:04.459414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:15:36.465882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:16:44.555023 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 11:16:44.555252 0.539562 tcp 10.0.2.109 63259 -> 176.73.169.112 1959 FSPA* 0 0 16 1684 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:21:40.471872 3.001479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 11:21:47.479386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:21:55.480398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:22:11.483805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:22:43.489665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:28:47.495359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:29:05.986562 1.979495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/23 11:29:11.914031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:29:20.195010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:29:35.973166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:30:09.049296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:36:35.014324 2.956960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 11:36:41.916343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:36:49.798436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:37:05.553428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:38:00.249442 0.000000 arp 10.0.2.109 who 10.0.2.2 INT 1 42 flow=Background-ARP 1970/01/23 11:38:10.411087 0.000000 arp 10.0.2.109 who 10.0.2.2 RSP 1 42 flow=Background-ARP 1970/01/23 11:38:10.411199 0.180119 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:10.591717 0.067604 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:10.659694 0.054161 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:10.714267 0.171918 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:10.886574 0.129211 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:11.016268 0.061402 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:11.078282 0.159531 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:11.238424 0.213504 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:11.452269 0.352051 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:11.804700 0.182619 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:11.987733 0.047191 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:12.035321 0.158306 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:12.194028 0.029345 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:12.223756 0.154746 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:12.378922 0.156930 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:12.536279 0.056440 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:12.593137 0.260686 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:12.854263 0.157696 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:13.012336 0.060239 rtcp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:13.072966 0.046448 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:13.119839 0.068776 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:13.188957 0.321848 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:13.511245 0.167813 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:13.679472 0.213915 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:13.893742 0.193682 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:14.087852 0.071201 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:14.159415 0.087823 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:14.247614 0.159968 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:14.407980 0.197785 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/23 11:38:14.606170 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 11:38:23.281060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:38:31.249144 0.031005 tcp 10.0.2.109 63260 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:38:31.280406 0.032117 tcp 10.0.2.109 63261 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:38:31.312872 0.130195 tcp 10.0.2.109 63262 -> 195.113.214.211 443 SRPA* 0 0 42 23546 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:44:22.256076 3.117769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 11:44:29.680939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:44:37.570711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:44:53.746764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:45:27.606730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:48:06.314873 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 11:48:06.315118 0.539991 tcp 10.0.2.109 63263 -> 176.73.169.112 1959 FSPA* 0 0 15 1616 flow=From-Botnet-V1-TCP-Established 1970/01/23 11:51:59.589343 2.967031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 11:52:06.501022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:52:14.395082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:52:30.180572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:53:01.732976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:59:04.429549 3.004270 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 11:59:11.436879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:59:19.438428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 11:59:35.441295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:00:07.447405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:06:11.453003 3.002600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 12:06:18.460974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:06:26.462557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:06:42.465035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:07:14.470977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:08:31.773030 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 12:08:31.773112 0.150945 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:31.924441 0.068524 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:31.993316 0.055127 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:32.048892 0.171439 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:32.220757 0.122306 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:32.343447 0.064222 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:32.408051 0.233325 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:32.641726 0.180567 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:32.822665 0.048715 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:32.871738 0.208195 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:33.080343 0.371515 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:33.452218 0.188140 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:33.640747 0.156277 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:33.797434 0.165692 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:33.963578 0.031375 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:33.995312 0.160569 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:34.156320 0.255455 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:34.412144 0.061811 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:34.474368 0.158333 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:34.633098 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 12:08:52.860320 0.031866 tcp 10.0.2.109 63264 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 12:08:52.892471 0.033022 tcp 10.0.2.109 63265 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 12:08:52.925780 0.131445 tcp 10.0.2.109 63266 -> 195.113.214.211 443 SRPA* 0 0 38 21716 flow=From-Botnet-V1-TCP-Established 1970/01/23 12:08:53.057757 0.327691 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:53.385862 0.159037 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:53.545321 0.048116 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:53.593803 0.059271 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:53.653558 0.077463 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:53.731356 0.092857 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:53.824613 0.160073 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:53.985132 0.193315 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:54.178866 0.213710 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:08:54.392965 0.160014 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:13:18.479650 3.001021 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 12:13:25.484999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:13:33.489256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:13:49.489142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:14:21.495183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:18:01.391732 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 12:18:01.391930 0.457599 tcp 10.0.2.109 63267 -> 176.73.169.112 1959 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/01/23 12:20:25.501772 3.001013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 12:20:32.508526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:20:40.510525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:20:56.513339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:21:28.518796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:27:32.524696 3.002382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 12:27:39.532578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:27:47.534000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:28:03.537373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:28:35.542809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:34:39.549841 3.001513 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 12:34:46.558369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:34:54.557905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:35:10.561327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:35:42.567723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:39:09.535306 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 12:39:09.535455 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 12:39:25.880100 0.031941 tcp 10.0.2.109 63268 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/23 12:39:25.912308 0.031983 tcp 10.0.2.109 63269 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/23 12:39:25.944503 0.126211 tcp 10.0.2.109 63270 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/23 12:39:26.071264 0.064475 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:26.136160 0.051812 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:26.188335 0.182614 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:26.371298 0.118727 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:26.490554 0.063862 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:26.554815 0.137607 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:26.692817 0.179296 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:26.872518 0.151558 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:27.024436 0.046482 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:27.071301 0.175938 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:27.247634 0.157797 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:27.405866 0.371185 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:27.777465 0.213755 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:27.991567 0.157371 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:28.149328 0.237120 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:28.386850 0.057042 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:28.444284 0.157581 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:28.602488 0.031408 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:28.634254 0.170816 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:28.805451 0.337237 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:29.143033 0.170805 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:29.314303 0.047271 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:29.361986 0.066363 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:29.428703 0.076708 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:29.505817 0.085221 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:29.591446 0.300027 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:29.891845 0.175978 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:30.068263 0.163662 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:39:30.232286 0.186749 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/23 12:41:46.572798 3.002373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 12:41:53.585583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:42:01.582216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:42:17.585668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:42:49.592899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:48:01.850833 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 12:48:01.851044 0.529196 tcp 10.0.2.109 63271 -> 176.73.169.112 1959 FSPA* 0 0 15 1558 flow=From-Botnet-V1-TCP-Established 1970/01/23 12:48:53.597277 3.001406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 12:49:00.605358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:49:08.605871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:49:24.608973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:49:56.617160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:56:00.622077 3.000714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 12:56:07.628933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:56:15.629728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:56:31.633057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 12:57:03.639379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:03:07.644185 3.003074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 13:03:14.652067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:03:22.653752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:03:38.657826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:04:10.663076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:09:59.684927 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 13:09:59.685083 0.158250 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:09:59.843772 0.122257 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:09:59.966478 0.059330 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:00.026238 0.192925 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:00.219569 0.064918 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:00.284896 0.053474 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:00.338763 0.178517 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:00.517685 0.151818 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:00.669935 0.048049 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:00.718415 0.180914 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:00.899803 0.155423 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:01.055663 0.342693 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:01.398757 0.206918 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:01.606109 0.159112 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:01.765626 0.237419 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:02.003434 0.058093 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:02.061886 0.161245 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:02.223601 0.029592 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:02.253655 0.156761 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:02.410864 0.321976 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:02.733276 0.173983 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:02.907651 0.047430 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:02.955473 0.057415 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:03.013270 0.078091 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:03.091815 0.085056 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:03.177248 0.154171 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:03.331894 0.193378 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:03.525721 0.238289 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:03.764420 0.229025 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:10:14.669678 3.001145 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 13:10:21.676555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:10:29.677895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:10:45.681071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:11:17.687150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:17:21.692802 3.002060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 13:17:28.700186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:17:36.701393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:17:52.704963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:18:02.379191 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 13:18:02.379341 3.003688 tcp 10.0.2.109 63272 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/23 13:18:11.381491 0.000000 tcp 10.0.2.109 63272 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/23 13:18:17.381950 0.031626 tcp 10.0.2.109 63273 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 13:18:17.413796 0.033478 tcp 10.0.2.109 63274 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 13:18:17.447575 0.132217 tcp 10.0.2.109 63275 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/23 13:18:17.596778 0.992270 tcp 10.0.2.109 63276 -> 24.126.254.250 9945 FSPA* 0 0 15 1653 flow=From-Botnet-V1-TCP-Established 1970/01/23 13:18:24.710966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:24:28.723393 2.995365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 13:24:35.724635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:24:43.726067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:24:59.728802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:25:31.747531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:31:35.740911 3.001668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 13:31:42.747736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:31:50.749711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:32:06.759190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:32:38.759001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:38:42.766232 3.000467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 13:38:49.773019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:38:57.773932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:39:13.779517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:39:45.783630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:40:22.639137 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 13:40:22.639309 0.159531 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:22.799206 0.114284 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:22.913896 0.062127 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:22.976306 0.169224 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:23.145932 0.064620 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:23.210955 0.054046 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:23.265307 0.176994 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:23.442668 0.151424 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:23.594503 0.047650 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:23.642487 0.373919 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:24.016763 0.213661 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:24.230851 0.152902 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:24.384172 0.187464 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:24.571998 0.162497 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:24.734898 0.237522 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:24.972783 0.057003 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:25.030123 0.156754 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:25.187268 0.031400 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:25.218996 0.163731 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:25.383103 0.337618 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:25.721110 0.166726 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:25.888272 0.048975 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:25.937611 0.058024 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:25.995989 0.000000 udp 10.0.2.109 3683 -> 94.66.204.217 6063 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 13:40:44.118961 0.031797 tcp 10.0.2.109 63277 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 13:40:44.150981 0.032429 tcp 10.0.2.109 63278 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 13:40:44.183695 0.126919 tcp 10.0.2.109 63279 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/23 13:40:44.311103 0.094523 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:44.406059 0.162073 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:44.568513 0.193377 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:44.762311 0.229415 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:40:44.992147 0.180824 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/23 13:45:49.789002 3.001549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 13:45:56.796035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:46:04.797983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:46:20.801358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:46:52.807521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:48:18.590609 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 13:48:18.590836 0.995863 tcp 10.0.2.109 63280 -> 24.126.254.250 9945 FSPA* 0 0 15 1671 flow=From-Botnet-V1-TCP-Established 1970/01/23 13:52:56.813605 3.000984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 13:53:03.819960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:53:11.821835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:53:27.824899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 13:53:59.831067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:00:03.836818 3.001953 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 14:00:10.844282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:00:18.845773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:00:34.848899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:01:06.854726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:07:10.861041 3.001380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 14:07:17.868516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:07:25.869840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:07:41.872683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:08:13.878798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:11:05.555892 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 14:11:05.556049 0.070602 udp 10.0.2.109 3683 <-> 94.66.204.217 6063 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:05.627081 0.158431 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:05.786069 0.071592 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:05.858068 0.136631 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:05.995067 0.065898 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:06.061327 0.053923 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:06.115618 0.179991 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:06.295972 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 14:11:24.285525 0.031423 tcp 10.0.2.109 63281 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 14:11:24.317242 0.032007 tcp 10.0.2.109 63282 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 14:11:24.349601 0.124126 tcp 10.0.2.109 63283 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/01/23 14:11:24.474512 0.047278 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:24.522376 0.115285 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:24.638059 0.359088 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:24.997586 0.160925 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:25.158930 0.174880 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:25.334279 0.155933 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:25.490570 0.210228 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:25.701177 0.030808 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:25.732300 0.189519 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:25.922229 0.379406 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:26.302061 0.055392 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:26.357882 0.238507 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:26.596793 0.160309 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:26.757542 0.055604 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:26.813541 0.155714 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:26.969599 0.050004 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:27.019988 0.185808 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:27.206225 0.082523 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:27.289175 0.163362 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:27.452951 0.215333 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:11:27.668689 0.161688 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:14:17.885022 3.001563 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 14:14:24.891926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:14:32.893757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:14:48.896654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:15:20.902327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:18:19.589594 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 14:18:19.589756 0.973820 tcp 10.0.2.109 63284 -> 24.126.254.250 9945 FSPA* 0 0 15 1581 flow=From-Botnet-V1-TCP-Established 1970/01/23 14:21:24.909768 3.001945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 14:21:31.916066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:21:39.917433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:21:55.920773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:22:27.926938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:28:31.932367 3.002225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 14:28:38.940025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:28:46.941474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:29:02.944796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:29:34.950632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:35:38.956744 3.002157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 14:35:45.963924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:35:53.965727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:36:09.968419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:36:41.975150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:41:49.507313 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 14:41:49.507500 0.151780 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:41:49.659710 0.160896 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:41:49.821003 0.000000 udp 10.0.2.109 3683 -> 94.66.204.217 6063 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 14:42:07.004081 0.052917 tcp 10.0.2.109 63285 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 14:42:07.057213 0.053282 tcp 10.0.2.109 63286 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 14:42:07.110697 0.141420 tcp 10.0.2.109 63287 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/23 14:42:07.252671 0.063225 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:07.316290 0.053122 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:07.369769 0.178944 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:07.549141 0.064390 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:07.613894 0.147827 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:07.762081 0.047332 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:07.809735 0.113039 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:07.923177 0.345019 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:08.268611 0.160014 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:08.429019 0.187200 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:08.616641 0.155867 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:08.772941 0.213933 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:08.987248 0.029073 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:09.016657 0.057366 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:09.074452 0.237179 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:09.312025 0.157702 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:09.470213 0.058115 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:09.528673 0.243596 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:09.772684 0.400592 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:10.173722 0.165543 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:10.339635 0.045812 udp 10.0.2.109 3683 <-> 86.152.236.179 9583 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:10.385772 0.194240 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:10.580416 0.083770 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:10.664621 0.154137 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:10.819142 0.226188 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:11.045745 0.160764 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/23 14:42:45.980704 3.001483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 14:42:52.988634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:43:00.990208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:43:16.992615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:43:48.998685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:48:20.569501 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 14:48:20.569714 1.247709 tcp 10.0.2.109 63288 -> 24.126.254.250 9945 FSPA* 0 0 15 1768 flow=From-Botnet-V1-TCP-Established 1970/01/23 14:49:53.005186 3.000690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 14:50:00.018354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:50:08.013795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:50:24.018646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:50:56.022774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:57:00.028455 3.001894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 14:57:07.035946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:57:15.041122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:57:31.040587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 14:58:03.046186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:04:07.052169 3.001889 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 15:04:14.059654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:04:22.064952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:04:38.064651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:05:10.070649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:11:14.076207 3.030765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 15:11:21.096576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:11:29.095871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:11:45.098972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:12:17.105008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:12:37.593932 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 15:12:37.594094 0.000000 udp 10.0.2.109 3683 -> 94.66.204.217 6063 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 15:12:56.492721 0.052665 tcp 10.0.2.109 63289 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:12:56.545652 0.053964 tcp 10.0.2.109 63290 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:12:56.599898 0.144576 tcp 10.0.2.109 63291 -> 195.113.214.211 443 SRPA* 0 0 35 18596 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:12:56.745132 0.151239 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:56.896731 0.192518 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:57.089660 0.064187 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:57.154289 0.052082 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:57.206771 0.178246 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:57.385465 0.065692 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:57.451550 0.260087 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:57.712014 0.047565 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:57.759949 0.158843 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:57.919167 0.182328 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:58.101951 0.158036 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:58.260385 0.119662 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:58.380426 0.347777 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:58.728591 0.214270 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:58.943298 0.029299 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:58.972942 0.056588 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:59.029917 0.262295 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:59.292569 0.157354 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:59.450417 0.054952 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:59.505786 0.163645 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:12:59.669814 0.000000 udp 10.0.2.109 3683 -> 86.152.236.179 9583 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 15:13:15.579051 0.053030 tcp 10.0.2.109 63292 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:13:15.632432 0.053540 tcp 10.0.2.109 63293 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:13:15.686270 0.143101 tcp 10.0.2.109 63294 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:13:15.829944 0.191352 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:13:16.021712 0.084649 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:13:16.106755 0.164892 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:13:16.272093 0.353495 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:13:16.625966 0.178829 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:13:16.805177 0.212387 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:13:17.017946 0.160309 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:18:21.110286 3.004933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 15:18:21.819385 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 15:18:21.819466 1.089242 tcp 10.0.2.109 63295 -> 24.126.254.250 9945 FSPA* 0 0 14 1714 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:18:28.117691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:18:36.119201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:18:52.122671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:19:24.128645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:25:28.134546 3.001295 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 15:25:35.141590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:25:43.143513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:25:59.146670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:26:31.152193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:32:35.158271 3.001521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 15:32:42.165895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:32:50.167289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:33:06.170519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:33:38.176699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:39:42.182654 3.001167 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 15:39:49.189600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:39:57.191368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:40:13.194299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:40:45.203393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:43:38.270009 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 15:43:38.270200 0.000000 udp 10.0.2.109 3683 -> 86.152.236.179 9583 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 15:43:56.156499 0.053097 tcp 10.0.2.109 63296 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:43:56.209843 0.053875 tcp 10.0.2.109 63297 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:43:56.264055 0.147436 tcp 10.0.2.109 63298 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:43:56.412028 0.186268 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:56.598699 0.062481 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:56.661560 0.053274 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:56.715224 0.179838 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:56.895439 0.066081 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:56.961985 0.137129 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:57.099548 0.048299 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:57.148211 0.150580 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:57.299173 0.152631 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:57.452192 0.117620 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:57.570408 0.363359 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:57.934131 0.155575 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:58.090087 0.187013 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:58.277510 0.205812 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:58.483731 0.261285 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:58.745450 0.166202 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:58.912051 0.063352 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:58.975755 0.164224 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:59.140370 0.057287 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:59.198039 0.031375 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:59.229793 0.163301 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:59.393546 0.350148 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:59.744086 0.171382 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:43:59.915908 0.184560 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:44:00.100919 0.085760 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:44:00.187141 0.263990 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:44:00.451523 0.158677 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/23 15:46:49.210620 2.999923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 15:46:56.213780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:47:04.214998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:47:20.218348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:47:52.223962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:48:22.908618 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 15:48:22.908815 1.032264 tcp 10.0.2.109 63299 -> 24.126.254.250 9945 FSPA* 0 0 15 1675 flow=From-Botnet-V1-TCP-Established 1970/01/23 15:53:56.230080 3.002719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 15:54:03.237707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:54:11.239447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:54:27.242598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 15:54:59.248477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:01:03.254145 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 16:01:10.261623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:01:18.263404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:01:34.265976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:02:06.272236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:08:10.278277 3.001354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 16:08:17.285775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:08:25.287388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:08:41.290300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:09:13.310451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:14:13.788448 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 16:14:13.788638 0.053823 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:13.842915 0.157826 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:14.001204 0.056499 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:14.058270 0.177595 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:14.236328 0.069130 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:14.305893 0.138937 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:14.445240 0.047390 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:14.493025 0.151569 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:14.644986 0.159345 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:14.804754 0.118951 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:14.924102 0.342259 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:15.266754 0.157368 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:15.424509 0.184291 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:15.609182 0.215382 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:15.824975 0.261069 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:16.086624 0.160564 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:16.247577 0.056352 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:16.304323 0.171391 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:16.476105 0.057568 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:16.534029 0.028873 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:16.563228 0.156486 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:16.720112 0.328406 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:17.048926 0.086224 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:17.135554 0.282331 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:17.418490 0.172405 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:17.591400 0.182322 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:14:17.774078 0.194866 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:15:17.301708 3.001990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 16:15:24.309451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:15:32.312961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:15:48.316452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:16:20.320010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:18:23.948606 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 16:18:23.948717 1.009081 tcp 10.0.2.109 63300 -> 24.126.254.250 9945 FSPA* 0 0 15 1705 flow=From-Botnet-V1-TCP-Established 1970/01/23 16:22:24.325137 3.002479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 16:22:31.333195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:22:39.345567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:22:55.347843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:23:27.353899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:29:31.359444 3.001812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 16:29:38.367536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:29:46.369488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:30:02.371790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:30:34.380699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:36:38.384106 3.001596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 16:36:45.391539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:36:53.393185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:37:09.396585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:37:41.401674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:43:45.409875 2.999584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 16:43:52.416452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:44:00.423072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:44:16.419852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:44:45.612383 0.000159 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 16:44:45.612647 0.053732 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:45.666770 0.197645 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:45.864856 0.062906 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:45.928135 0.177872 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:46.106461 0.065977 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:46.172924 0.221292 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:46.394617 0.048283 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:46.443290 0.808066 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:47.251813 0.159625 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:47.411843 0.145281 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:47.557491 0.412260 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:47.970110 0.151267 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:48.121740 0.186318 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:48.308483 0.213086 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:48.426503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:44:48.521966 0.261790 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:48.784114 0.161704 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:48.946197 0.059321 udp 10.0.2.109 3683 <-> 86.178.149.181 5838 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:49.005888 0.170084 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:49.176345 0.056725 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:49.233442 0.031325 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:49.265089 0.161860 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:49.427545 0.212593 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:49.640745 0.161924 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:49.803029 0.177685 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:49.981163 0.316506 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:50.298229 0.085061 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:44:50.383635 0.184971 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/23 16:48:24.958117 0.000255 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 16:48:24.958458 1.016301 tcp 10.0.2.109 63301 -> 24.126.254.250 9945 FSPA* 0 0 15 1683 flow=From-Botnet-V1-TCP-Established 1970/01/23 16:51:49.435628 3.000299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 16:51:56.441199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:52:04.442677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:52:20.446608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:52:52.451853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:58:56.458677 3.000147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 16:59:03.467080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:59:11.467224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:59:27.469870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 16:59:59.475745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:06:03.483426 2.999804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 17:06:10.489252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:06:18.490889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:06:34.493201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:07:06.504552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:13:10.505787 3.001560 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 17:13:17.513159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:13:25.525809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:13:41.517276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:14:13.523470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:15:20.319709 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 17:15:20.319899 0.064191 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:20.384494 0.168635 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:20.553500 0.064399 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:20.618278 0.177798 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:20.796450 0.067598 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:20.864449 0.204967 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:21.069790 0.046510 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:21.116661 0.109416 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:21.226473 0.156267 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:21.383081 0.160012 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:21.543453 0.379547 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:21.923403 0.152671 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:22.076449 0.196790 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:22.273648 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 17:15:38.948463 0.053220 tcp 10.0.2.109 63302 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:15:39.001999 0.053077 tcp 10.0.2.109 63303 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:15:39.055345 0.139998 tcp 10.0.2.109 63304 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:15:39.195878 0.261443 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:39.457726 0.156194 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:39.614350 0.000000 udp 10.0.2.109 3683 -> 86.178.149.181 5838 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 17:15:58.349296 0.052189 tcp 10.0.2.109 63305 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:15:58.401753 0.052763 tcp 10.0.2.109 63306 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:15:58.454838 0.141008 tcp 10.0.2.109 63307 -> 195.113.214.211 443 SRPA* 0 0 42 37006 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:15:58.596484 0.162835 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:58.759710 0.055769 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:58.815942 0.029327 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:58.845686 0.165255 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 591 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:59.011326 0.214210 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:59.225975 0.160220 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:59.386628 0.081470 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:59.468502 0.204406 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:59.673312 0.182669 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:15:59.856376 0.388704 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:18:25.977419 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 17:18:25.977503 1.044671 tcp 10.0.2.109 63308 -> 24.126.254.250 9945 FSPA* 0 0 15 1615 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:20:17.530023 3.000897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 17:20:24.537288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:20:32.539141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:20:48.541602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:21:20.547351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:27:24.554124 3.001239 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 17:27:31.561330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:27:39.562655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:27:55.566259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:28:27.571681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:34:31.578940 3.000392 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 17:34:38.591499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:34:46.587417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:35:02.590426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:35:34.595963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:41:38.602638 3.000687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 17:41:45.609253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:41:53.610780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:42:09.613591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:42:41.619660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:46:06.985090 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 17:46:06.985257 0.213731 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:07.199369 0.000000 udp 10.0.2.109 3683 -> 86.178.149.181 5838 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 17:46:25.626743 0.052441 tcp 10.0.2.109 63309 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:46:25.679407 0.053388 tcp 10.0.2.109 63310 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:46:25.733057 0.140271 tcp 10.0.2.109 63311 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:46:25.873960 0.178542 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:26.052890 0.066978 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:26.120226 0.062141 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:26.182770 0.158999 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:26.342175 0.050624 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:26.393173 0.152009 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:26.545599 0.160292 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:26.706484 0.046816 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:26.753680 0.136235 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:26.890386 0.120669 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:27.011458 0.346082 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:27.357919 0.186751 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:27.545090 0.156305 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:27.701765 0.261140 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:27.963300 0.163669 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:28.127299 0.056357 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:28.184037 0.031418 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:28.215810 0.163024 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:28.379270 0.199644 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:28.579308 0.162457 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:28.742252 0.083782 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:28.826452 0.192266 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:29.019092 0.179265 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:29.198727 0.159943 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:46:29.359034 0.335870 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 17:48:27.027153 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 17:48:27.027307 1.015079 tcp 10.0.2.109 63312 -> 24.126.254.250 9945 FSPA* 0 0 15 1744 flow=From-Botnet-V1-TCP-Established 1970/01/23 17:48:45.629060 2.999448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 17:48:52.632854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:49:00.634359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:49:16.637563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:49:48.643621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:55:52.650393 3.000708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 17:55:59.656845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:56:07.659517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:56:23.661832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 17:56:55.668053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:02:59.674762 3.000492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 18:03:06.680997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:03:14.682004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:03:30.686082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:04:02.691513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:10:06.700527 2.998519 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 18:10:13.712180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:10:21.706282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:10:37.709550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:11:09.715752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:16:46.860451 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 18:16:46.860639 0.212669 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:47.073668 0.179542 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:47.253676 0.063782 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:47.317892 0.061233 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:47.379572 0.174906 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:47.554904 0.057937 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:47.613262 0.152410 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:47.766049 0.153645 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:47.920106 0.048215 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:47.968697 0.136805 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:48.105912 0.115660 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:48.222010 0.350702 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:48.573032 0.180954 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:48.754500 0.156105 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:48.911022 0.261265 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:49.172703 0.159177 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:49.332313 0.058909 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:49.391588 0.029306 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:49.421332 0.156019 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:49.577779 0.198840 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:49.777106 0.158496 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:49.936015 0.081912 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:50.018299 0.159251 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:50.177979 0.315442 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:50.493790 0.192211 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:16:50.686440 0.187287 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:17:13.721334 3.001986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 18:17:20.728643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:17:28.730529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:17:44.733215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:18:16.739276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:18:28.046465 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 18:18:28.046563 1.048913 tcp 10.0.2.109 63313 -> 24.126.254.250 9945 FSPA* 0 0 15 1642 flow=From-Botnet-V1-TCP-Established 1970/01/23 18:24:20.745966 3.001392 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 18:24:27.753277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:24:35.754380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:24:51.757444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:25:23.763355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:31:27.769721 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 18:31:34.776939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:31:42.778617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:31:58.781578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:32:30.787392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:38:34.793380 3.001669 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 18:38:41.802280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:38:49.802477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:39:05.805437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:39:37.811518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:45:41.817413 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 18:45:48.824589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:45:56.827721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:46:12.829542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:46:44.836005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:47:03.541833 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 18:47:03.541954 0.208328 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:03.750689 0.178811 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:03.929924 0.065390 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:03.995685 0.059372 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:04.055430 0.166937 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:04.222750 0.049097 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:04.272256 0.884649 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:05.157316 0.140996 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:05.298746 0.123908 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:05.423058 0.330793 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:05.754396 0.193191 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:05.947899 0.160782 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:06.109059 0.047220 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:06.156663 0.154784 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:06.311871 0.262068 rtcp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:06.574392 0.156733 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:06.731516 0.056425 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:06.788289 0.031256 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:06.819883 0.163008 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:06.983272 0.212594 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:07.196285 0.155763 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:07.352467 0.322429 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:07.675285 0.193780 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:07.869480 0.180049 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:08.049950 0.162830 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:47:08.213182 0.087460 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 18:48:29.095940 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 18:48:29.096119 1.002900 tcp 10.0.2.109 63314 -> 24.126.254.250 9945 FSPA* 0 0 15 1555 flow=From-Botnet-V1-TCP-Established 1970/01/23 18:52:48.840198 3.002889 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 18:52:55.848662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:53:03.850013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:53:19.853873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:53:51.859797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 18:59:55.864353 3.002427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 19:00:02.877536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:00:10.873987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:00:26.877185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:00:58.883536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:07:02.888893 3.002084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 19:07:09.896718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:07:17.897778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:07:33.901266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:08:05.907312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:14:09.913672 3.001081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 19:14:16.920616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:14:24.922177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:14:40.925838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:15:12.930896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:17:10.562333 0.000168 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 19:17:10.562590 0.216210 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:10.779214 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 19:17:27.878320 0.032881 tcp 10.0.2.109 63315 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 19:17:27.911537 0.032363 tcp 10.0.2.109 63316 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 19:17:27.944202 0.106098 tcp 10.0.2.109 63317 -> 195.113.214.211 443 SRPA* 0 0 57 35360 flow=From-Botnet-V1-TCP-Established 1970/01/23 19:17:28.050803 0.067283 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:28.118546 0.062705 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:28.181697 0.164416 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:28.346554 0.053659 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:28.400590 0.122073 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:28.523089 0.361562 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:28.885049 0.154834 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:29.040331 0.143297 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:29.184031 0.180687 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:29.365129 0.161857 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:29.527426 0.047454 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:29.575308 0.156063 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:29.731782 0.261444 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:29.993681 0.156356 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:30.150581 0.056406 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:30.207450 0.029115 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:30.236941 0.157766 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:30.395110 0.315085 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:30.710633 0.184793 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:30.895855 0.163119 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:31.059378 0.211660 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:31.271433 0.084763 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:31.359042 0.172278 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:17:31.531710 0.168257 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:18:30.105072 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 19:18:30.105237 1.121577 tcp 10.0.2.109 63318 -> 24.126.254.250 9945 FSPA* 0 0 15 1793 flow=From-Botnet-V1-TCP-Established 1970/01/23 19:21:16.936644 3.002246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 19:21:23.944903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:21:31.946149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:21:47.949155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:22:19.955066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:28:23.961253 3.001903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 19:28:30.968664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:28:38.970314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:28:54.973024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:29:26.978827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:35:30.985922 3.000996 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 19:35:37.992992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:35:45.993861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:36:01.996957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:36:34.003245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:42:38.009270 3.001339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 19:42:45.017021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:42:53.018559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:43:09.021977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:43:41.027038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:47:59.078822 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 19:47:59.079054 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 19:48:17.897025 0.032013 tcp 10.0.2.109 63319 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 19:48:17.929267 0.031756 tcp 10.0.2.109 63320 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 19:48:17.961286 0.123805 tcp 10.0.2.109 63321 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/23 19:48:18.085885 0.207366 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:18.293668 0.175661 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:18.469702 0.054523 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:18.524615 0.119154 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:18.644201 0.347184 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:18.991800 0.071013 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:19.063215 0.063702 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:19.127324 0.213558 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:19.341298 0.182036 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:19.523745 0.175414 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:19.699564 0.160521 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:19.860467 0.047361 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:19.908184 0.158138 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:20.066719 0.262463 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:20.329541 0.159839 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:20.489774 0.060924 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:20.551066 0.029291 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:20.580677 0.161316 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:20.742504 0.329006 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:21.071892 0.185820 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:21.258294 0.084596 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:21.343233 0.170060 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:21.513652 0.161372 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:21.675403 0.163026 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:21.838832 0.216035 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/23 19:48:31.236411 0.991373 tcp 10.0.2.109 63322 -> 24.126.254.250 9945 FSPA* 0 0 15 1600 flow=From-Botnet-V1-TCP-Established 1970/01/23 19:49:45.033244 3.002145 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 19:49:52.040959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:50:00.041888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:50:16.046635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:50:48.051198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:56:52.056711 3.002508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 19:56:59.064413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:57:07.066309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:57:23.068818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 19:57:55.075481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:03:59.080910 3.002264 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 20:04:06.087863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:04:14.089839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:04:30.093536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:05:02.098780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:11:06.105924 3.000661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 20:11:13.112649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:11:21.113757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:11:37.116794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:12:09.123229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:18:13.128514 3.002207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 20:18:20.136117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:18:28.137725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:18:31.322720 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 20:18:31.322869 0.055572 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:31.378881 0.117025 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:31.496334 0.223236 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:31.719971 0.163120 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:31.883911 0.353114 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:32.234205 0.982095 tcp 10.0.2.109 63323 -> 24.126.254.250 9945 FSPA* 0 0 15 1790 flow=From-Botnet-V1-TCP-Established 1970/01/23 20:18:32.237325 0.066135 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:32.303916 0.062377 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:32.366709 0.156323 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:32.523441 0.144160 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:32.668020 0.179697 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:32.848124 0.158591 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:33.007112 0.046316 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:33.053817 0.160353 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:33.214573 0.273948 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:33.488906 0.155695 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:33.645000 0.057011 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:33.702556 0.031051 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:33.733979 0.160335 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:33.894761 0.086630 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:33.981799 0.171160 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:34.153362 0.168721 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:34.322451 0.156117 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:34.478989 0.320822 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:34.800187 0.185436 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:34.985955 0.226686 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:18:44.141242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:19:16.147028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:25:20.153581 3.001179 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 20:25:27.160595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:25:35.162734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:25:51.166493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:26:23.170675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:32:27.177723 3.020665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 20:32:34.194402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:32:42.203632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:32:58.207790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:33:30.207237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:39:34.211588 3.001746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 20:39:41.218744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:39:49.219521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:40:05.223162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:40:37.235828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:46:41.235030 3.003296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 20:46:48.242108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:46:56.243650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:47:12.246462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:47:44.252927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:48:33.223807 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 20:48:33.224011 0.974415 tcp 10.0.2.109 63324 -> 24.126.254.250 9945 FSPA* 0 0 15 1598 flow=From-Botnet-V1-TCP-Established 1970/01/23 20:48:41.575446 0.214934 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:41.790803 0.159251 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:41.950501 0.059366 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:42.010263 0.116899 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:42.127563 0.354168 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:42.482192 0.068335 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:42.550900 0.062830 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:42.614274 0.159031 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:42.773703 0.136020 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:42.910082 0.180630 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:43.091106 0.153080 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:43.244534 0.046552 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:43.291478 0.160341 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:43.452181 0.390623 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:43.843224 0.157923 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:44.001506 0.057508 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:44.059369 0.029241 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:44.088944 0.158991 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:44.248324 0.158967 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:44.407693 0.156478 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:44.564562 0.353364 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:44.918321 0.086132 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:45.004832 0.171744 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:45.176971 0.187151 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:48:45.364534 0.213370 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/23 20:53:48.260264 3.000318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 20:53:55.266753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:54:03.267404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:54:19.270867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 20:54:51.277163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:00:55.283279 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 21:01:02.289909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:01:10.291567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:01:26.295274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:01:58.300729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:08:02.306495 3.027834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 21:08:09.314317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:08:17.315461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:08:33.318850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:09:05.333610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:15:09.330849 3.001151 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 21:15:16.338306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:15:24.339945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:15:40.342280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:16:12.348073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:18:34.203184 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 21:18:34.203309 0.967261 tcp 10.0.2.109 63325 -> 24.126.254.250 9945 FSPA* 0 0 15 1589 flow=From-Botnet-V1-TCP-Established 1970/01/23 21:19:00.210248 0.213425 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:00.424080 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 21:19:17.536813 0.053294 tcp 10.0.2.109 63326 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 21:19:17.590382 0.052746 tcp 10.0.2.109 63327 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 21:19:17.643385 0.122533 tcp 10.0.2.109 63328 -> 195.113.214.211 443 SRPA* 0 0 25 13288 flow=From-Botnet-V1-TCP-Established 1970/01/23 21:19:17.766712 0.343008 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:18.110089 0.071202 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:18.181700 0.063195 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:18.245341 0.152811 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:18.398563 0.162906 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:18.561875 0.057201 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:18.619460 0.150894 rtcp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:18.770748 0.179780 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:18.950911 0.159979 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:19.111278 0.046959 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:19.158675 0.159696 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:19.318791 0.366642 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:19.685826 0.162221 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:19.848516 0.056092 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:19.905042 0.031115 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:19.936593 0.156844 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:20.093807 0.160569 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:20.254797 0.170232 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:20.425405 0.155298 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:20.581089 0.186501 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:20.767977 0.211963 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:20.980323 0.388198 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:19:21.368907 0.084262 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:22:16.354110 3.002407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 21:22:23.361751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:22:31.364545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:22:47.369322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:23:19.374654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:29:23.379749 3.000450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 21:29:30.385867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:29:38.387881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:29:54.390579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:30:26.396656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:36:30.402632 3.001555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 21:36:37.409786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:36:45.411410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:37:01.414850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:37:33.420745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:43:37.428830 2.999760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 21:43:44.434128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:43:52.435303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:44:08.438576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:44:40.445266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:48:35.173322 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 21:48:35.173467 0.978705 tcp 10.0.2.109 63329 -> 24.126.254.250 9945 FSPA* 0 0 15 1740 flow=From-Botnet-V1-TCP-Established 1970/01/23 21:49:22.069738 0.122331 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:22.192469 0.213579 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:22.406424 0.342610 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:22.749464 0.069304 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:22.819124 0.063349 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:22.882895 0.156262 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:23.039542 0.161320 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:23.201309 0.057868 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:23.259549 0.198330 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:23.458309 0.180721 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:23.639428 0.153193 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:23.793044 0.047489 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:23.840902 0.156718 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:23.997986 0.383987 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:24.382529 0.160530 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:24.543428 0.056738 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:24.600556 0.031494 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:24.632404 0.162171 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:24.795031 0.158679 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:24.954247 0.163293 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:25.117962 0.162850 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:25.281221 0.193954 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:25.475582 0.097530 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:25.573472 0.198527 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:25.772428 0.356365 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/23 21:49:26.916043 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 21:51:49.453705 3.003421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 21:51:56.461337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:52:04.462858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:52:20.465933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:52:52.471381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:58:56.477996 3.001408 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 21:59:03.485329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:59:11.487193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:59:27.490074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 21:59:59.495955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:06:03.502742 3.000158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 22:06:10.509086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:06:18.517251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:06:34.513614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:07:06.519523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:13:10.524836 3.002773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 22:13:17.587234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:13:25.544869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:13:41.549212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:14:13.553970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:18:36.152015 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 22:18:36.152230 0.981484 tcp 10.0.2.109 63330 -> 24.126.254.250 9945 FSPA* 0 0 14 1683 flow=From-Botnet-V1-TCP-Established 1970/01/23 22:19:29.327818 0.364876 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:29.693074 0.068086 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:29.761555 0.063051 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:29.825056 0.114374 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:29.939861 0.208062 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:30.148344 0.151542 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:30.300287 0.181591 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:30.482297 0.057765 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:30.540494 0.246765 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:30.787626 0.174884 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:30.962952 0.159535 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:31.122919 0.047364 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:31.170624 0.151700 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:31.322704 0.361569 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:31.684657 0.161322 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:31.846386 0.056565 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:31.903304 0.029220 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:31.932876 0.163305 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 594 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:32.096596 0.164557 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:32.261530 0.186537 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:32.448467 0.088073 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:32.536900 0.213638 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:32.750911 0.161155 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:32.912479 0.163456 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:33.076341 0.323840 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:19:33.914633 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 22:20:17.559429 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 22:20:24.567151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:20:32.568750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:20:48.571761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:21:20.577595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:27:24.585068 3.010485 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 22:27:31.601183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:27:39.604097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:27:55.608904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:28:27.611824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:34:31.617649 3.001685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 22:34:38.625174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:34:46.626757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:35:02.629575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:35:34.635863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:41:38.641693 3.001944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 22:41:45.648920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:41:53.650789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:42:09.653845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:42:41.659765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:48:37.141507 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 22:48:37.141664 0.982771 tcp 10.0.2.109 63331 -> 24.126.254.250 9945 FSPA* 0 0 15 1610 flow=From-Botnet-V1-TCP-Established 1970/01/23 22:48:45.665850 3.002143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 22:48:52.673529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:49:00.674716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:49:16.677695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:49:48.683536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:49:56.725805 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 22:49:56.726068 0.063107 udp 10.0.2.109 3683 <-> 86.167.165.238 1084 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:56.789569 0.350206 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:57.140236 0.064501 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:57.205058 0.110594 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:57.316097 0.206801 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:57.523307 0.151350 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:57.675076 0.158535 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:57.833993 0.054635 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:57.888957 0.225424 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:58.114781 0.179138 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:58.294344 0.159901 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:58.454689 0.048260 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:58.503347 0.159917 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:58.663659 0.367724 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:59.031869 0.162029 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:59.194382 0.057463 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:59.252198 0.033575 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:59.286304 0.164302 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:59.451014 0.158300 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:59.609660 0.187383 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:59.797393 0.085307 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:49:59.883121 0.199683 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:50:00.083225 0.168683 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:50:00.252357 0.163361 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:50:00.416097 0.324514 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/23 22:55:52.690695 3.000589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 22:55:59.698160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:56:07.699031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:56:23.704428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 22:56:55.707750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:02:59.713865 3.001425 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 23:03:06.720915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:03:14.722898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:03:30.725580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:04:02.731675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:10:06.737673 3.001398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 23:10:13.744969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:10:21.746951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:10:37.749817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:11:09.755749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:17:13.762054 3.020283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 23:17:20.778943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:17:28.780944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:17:44.782889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:18:16.789541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:18:38.130717 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:18:38.130878 0.962629 tcp 10.0.2.109 63332 -> 24.126.254.250 9945 FSPA* 0 0 15 1764 flow=From-Botnet-V1-TCP-Established 1970/01/23 23:20:21.799495 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:20:21.799654 0.000000 udp 10.0.2.109 3683 -> 86.167.165.238 1084 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:20:36.813122 0.054551 tcp 10.0.2.109 63333 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 23:20:36.867983 0.053989 tcp 10.0.2.109 63334 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 23:20:36.922384 0.136034 tcp 10.0.2.109 63335 -> 195.113.214.211 443 SRPA* 0 0 56 37361 flow=From-Botnet-V1-TCP-Established 1970/01/23 23:20:37.059021 0.076484 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:37.136003 0.207326 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:37.343755 0.151000 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:37.495179 0.163984 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:37.659628 0.348869 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.008943 0.066456 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.075769 0.058096 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.134276 0.188629 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.323258 0.180657 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.504306 0.156629 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.661383 0.049719 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.711495 0.143194 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.855074 0.058948 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.914462 0.037668 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:38.952562 0.150032 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:39.102938 0.160891 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:39.264209 0.347634 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:39.612263 0.147773 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:39.760399 0.193529 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:39.954467 0.086131 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:40.041029 0.215441 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:40.256880 0.157743 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:40.415000 0.127740 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:20:40.543187 0.359777 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:24:20.795439 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 23:24:27.806555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:24:35.804278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:24:51.812799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:25:23.813228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:31:27.820310 3.062004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 23:31:34.865851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:31:42.838195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:31:58.841316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:32:30.847459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:38:34.853832 3.001374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 23:38:41.861172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:38:49.863488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:39:05.865689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:39:37.871188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:45:41.877395 3.001861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/23 23:45:48.886966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:45:56.886603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:46:12.889635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:46:49.022744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:48:41.632803 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:48:41.632909 0.972268 tcp 10.0.2.109 63336 -> 24.126.254.250 9945 FSPA* 0 0 15 1786 flow=From-Botnet-V1-TCP-Established 1970/01/23 23:50:55.662276 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:50:55.662419 0.000000 udp 10.0.2.109 3683 -> 86.167.165.238 1084 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:51:10.553070 0.053360 tcp 10.0.2.109 63337 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/23 23:51:10.606695 0.052553 tcp 10.0.2.109 63338 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/23 23:51:10.659505 0.207386 tcp 10.0.2.109 63339 -> 195.113.214.211 443 SRPA* 0 0 51 33094 flow=From-Botnet-V1-TCP-Established 1970/01/23 23:51:10.867452 3.975402 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 4 1058 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:11.013053 4.296182 udp 10.0.2.109 3683 <-> 76.72.39.28 3825 CON 0 0 4 1198 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:11.173019 3.760701 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 4 1345 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:11.261327 3.881499 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 4 1054 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:11.470397 4.206544 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 4 1307 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:11.838470 3.897826 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 4 1282 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:11.907034 3.871629 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1196 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:11.957712 3.973304 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1319 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:12.112909 3.993301 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1060 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:12.287260 3.980130 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1097 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:12.447527 3.864508 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1104 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:12.492489 3.963768 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 4 1158 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:12.637293 3.870097 udp 10.0.2.109 3683 <-> 109.155.171.208 3137 CON 0 0 4 1016 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:12.694381 3.971521 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 4 1241 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:12.859601 4.495850 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 4 1017 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:13.230018 3.583699 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 4 1190 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:13.379483 3.464674 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 4 1174 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:13.409105 3.583939 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 4 1032 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:13.559159 3.988383 udp 10.0.2.109 3683 <-> 75.1.103.226 6739 CON 0 0 4 1089 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:13.753600 3.875023 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 4 1304 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:13.837483 4.004811 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 4 1008 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:14.052135 3.950484 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 4 1046 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:14.212092 4.254808 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 4 1084 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:14.347167 3.984192 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1122 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:51:18.467522 0.000000 udp 10.0.2.109 3683 -> 58.185.247.70 4377 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:51:24.851170 0.000000 udp 10.0.2.109 3683 -> 123.201.136.114 3663 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:51:32.671633 0.000000 udp 10.0.2.109 3683 -> 220.255.250.101 8110 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:51:40.267510 0.000000 udp 10.0.2.109 3683 -> 121.161.91.53 1149 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:51:47.190430 0.000000 udp 10.0.2.109 3683 -> 79.3.218.85 5193 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:51:54.089944 0.000000 udp 10.0.2.109 3683 -> 175.139.226.160 5377 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:51:58.916787 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:52:00.599377 0.000000 udp 10.0.2.109 3683 -> 94.201.151.56 5974 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:52:09.021434 0.000000 udp 10.0.2.109 3683 -> 117.197.230.56 7805 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:52:17.824131 0.000000 udp 10.0.2.109 3683 -> 203.80.246.166 7383 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:52:26.757106 0.000000 udp 10.0.2.109 3683 -> 173.209.148.186 8105 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:52:34.027395 0.000000 udp 10.0.2.109 3683 -> 82.91.65.248 5027 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:52:39.044604 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:52:43.911569 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:52:46.655440 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:52:48.911181 3.001847 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/23 23:52:52.844367 0.000000 udp 10.0.2.109 3683 -> 118.97.24.243 5036 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:52:55.918652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:52:59.934857 0.000000 udp 10.0.2.109 3683 -> 173.175.238.174 2747 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:53:03.920257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:53:08.146595 0.074483 udp 10.0.2.109 3683 <-> 86.138.17.73 7345 CON 0 0 2 721 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:53:08.237914 0.078408 udp 10.0.2.109 3683 <-> 91.6.4.94 5333 CON 0 0 2 834 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:53:08.331086 0.000000 udp 10.0.2.109 3683 -> 213.131.55.226 6890 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:53:16.318009 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:53:19.923116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:53:22.346926 0.000000 udp 10.0.2.109 3683 -> 122.177.224.108 8471 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:53:31.280433 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:53:35.916406 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:53:36.927835 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:53:44.548915 0.000000 udp 10.0.2.109 3683 -> 69.121.226.191 5560 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:53:51.929095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/23 23:53:52.359951 0.000000 udp 10.0.2.109 3683 -> 199.115.92.66 8276 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:53:59.079861 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:54:06.720840 0.268744 udp 10.0.2.109 3683 <-> 110.169.143.41 2414 CON 0 0 2 817 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:54:07.048651 0.000000 udp 10.0.2.109 3683 -> 220.241.218.121 8055 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:54:14.962334 0.000000 udp 10.0.2.109 3683 -> 75.146.165.1 4161 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:54:22.653526 0.000000 udp 10.0.2.109 3683 -> 5.54.144.17 2295 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:54:27.410344 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:54:30.014290 0.000000 udp 10.0.2.109 3683 -> 81.107.0.17 7096 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:54:37.524772 0.000000 udp 10.0.2.109 3683 -> 188.9.163.175 9349 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:54:43.874204 0.000000 udp 10.0.2.109 3683 -> 120.151.77.208 7160 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:54:51.915790 0.000000 udp 10.0.2.109 3683 -> 98.197.147.174 9579 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:54:58.605169 0.000000 udp 10.0.2.109 3683 -> 151.84.80.40 6801 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:55:07.197775 0.045228 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 664 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:55:07.252682 0.000000 udp 10.0.2.109 3683 -> 115.249.184.180 3408 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:55:11.914101 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:55:12.996076 0.000000 udp 10.0.2.109 3683 -> 212.217.71.185 4545 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:55:21.798852 0.000000 udp 10.0.2.109 3683 -> 217.165.101.166 8338 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:55:28.037834 0.000000 udp 10.0.2.109 3683 -> 79.5.50.198 6806 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:55:34.586923 0.000000 udp 10.0.2.109 3683 -> 220.255.131.221 3364 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:55:40.476035 0.000000 udp 10.0.2.109 3683 -> 103.30.141.143 9452 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:55:48.156954 0.360696 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 697 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:55:48.537430 0.133347 udp 10.0.2.109 3683 <-> 89.182.239.109 7507 CON 0 0 2 836 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:55:48.689545 0.000000 udp 10.0.2.109 3683 -> 103.21.54.34 7884 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:55:57.249493 0.000000 udp 10.0.2.109 3683 -> 59.90.160.138 8375 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:56:01.916636 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:56:03.077863 0.036685 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:56:03.123532 0.000000 udp 10.0.2.109 3683 -> 111.248.173.241 4212 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:56:11.840614 0.000000 udp 10.0.2.109 3683 -> 94.171.254.46 7317 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:56:18.259805 0.180812 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:56:18.484504 0.054867 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:56:18.599540 0.000000 udp 10.0.2.109 3683 -> 87.167.252.75 8279 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:56:26.411765 0.000000 udp 10.0.2.109 3683 -> 83.110.110.10 1119 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:56:32.510389 0.000000 udp 10.0.2.109 3683 -> 91.39.88.153 9714 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:56:39.540323 0.000000 udp 10.0.2.109 3683 -> 62.219.143.195 9366 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:57:00.131693 0.000000 udp 10.0.2.109 3683 -> 64.121.244.119 9808 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:57:05.046386 4.348535 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:57:10.184965 0.249901 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 735 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:57:22.976104 0.061288 udp 10.0.2.109 3683 <-> 86.129.42.90 5838 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:57:23.323846 0.000000 udp 10.0.2.109 3683 -> 109.251.94.26 8919 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:57:31.004761 0.044801 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:57:31.058801 0.305792 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 759 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:57:31.373480 0.287674 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 797 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:57:31.670937 0.000000 udp 10.0.2.109 3683 -> 162.227.216.55 2294 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:57:37.627888 0.326553 udp 10.0.2.109 3683 <-> 111.250.34.124 5460 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:57:37.972380 0.000000 udp 10.0.2.109 3683 -> 103.29.117.244 2628 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:57:43.029232 0.000000 udp 10.0.2.109 3683 -> 95.90.117.118 9335 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:57:50.581167 2.960959 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:57:53.542126 0.000000 icmp 217.91.147.140 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 186 flow=Background 1970/01/23 23:57:58.134801 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:58:01.291101 0.000000 udp 10.0.2.109 3683 -> 217.220.17.180 1327 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:58:10.035637 0.000000 udp 10.0.2.109 3683 -> 135.196.126.137 7205 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:58:16.047195 0.000000 udp 10.0.2.109 3683 -> 117.217.15.177 9809 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:58:21.625350 0.000000 udp 10.0.2.109 3683 -> 76.31.200.32 3930 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:58:28.944819 0.000000 udp 10.0.2.109 3683 -> 79.5.63.35 9200 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:58:35.949180 0.000000 udp 10.0.2.109 3683 -> 31.146.93.190 7837 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:58:41.895244 0.301367 udp 10.0.2.109 3683 -> 36.2.243.65 7478 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:58:42.196611 0.000000 icmp 36.2.243.65 0x0303 -> 10.0.2.109 0x361d URP 192 1 124 flow=Background 1970/01/23 23:58:46.454066 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:58:47.701981 0.000000 udp 10.0.2.109 3683 -> 109.148.222.16 5704 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:58:52.734383 0.333467 udp 10.0.2.109 3683 <-> 115.241.87.231 1966 CON 0 0 2 677 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:58:53.078713 0.000000 udp 10.0.2.109 3683 -> 115.242.168.25 6794 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:58:59.529863 0.391210 udp 10.0.2.109 3683 <-> 59.115.51.14 2346 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:58:59.930242 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 8574 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:59:05.230753 0.000000 udp 10.0.2.109 3683 -> 115.242.102.212 9186 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:59:13.911903 0.088487 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 773 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:59:14.681407 0.087392 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 819 flow=From-Botnet-V1-UDP-Established 1970/01/23 23:59:14.834690 0.000000 udp 10.0.2.109 3683 -> 87.20.148.210 1133 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:59:16.207205 0.000000 udp 10.0.2.109 3683 <- 115.242.102.212 9186 RSP 0 0 1 546 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:59:20.449554 0.000000 udp 10.0.2.109 3683 -> 188.92.214.214 2651 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:59:26.765448 0.000000 udp 10.0.2.109 3683 -> 93.41.184.233 3197 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:59:31.329530 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/23 23:59:33.858881 0.000000 udp 10.0.2.109 3683 -> 113.32.109.10 7262 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:59:38.850813 0.000000 udp 10.0.2.109 3683 -> 79.31.160.54 5940 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:59:45.052626 0.000000 udp 10.0.2.109 3683 -> 82.77.85.139 2098 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/23 23:59:53.039233 0.000000 udp 10.0.2.109 3683 -> 174.60.168.39 5024 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:00:00.041478 0.000000 udp 10.0.2.109 3683 -> 68.224.220.228 8351 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:00:05.321175 0.000000 udp 10.0.2.109 3683 -> 173.2.193.207 5461 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:00:12.355381 0.000000 udp 10.0.2.109 3683 -> 217.37.138.100 2886 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:00:14.735747 2.960773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 00:00:17.180902 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 00:00:20.123138 0.000000 udp 10.0.2.109 3683 -> 195.91.157.11 1954 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:00:21.643344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:00:26.553188 0.000000 udp 10.0.2.109 3683 -> 222.127.250.200 1711 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:00:29.527896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:00:32.624714 0.000000 udp 10.0.2.109 3683 -> 117.201.19.166 6405 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:00:43.048425 0.000000 udp 10.0.2.109 3683 -> 114.160.218.135 8000 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:00:47.335640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:00:49.280926 0.000000 udp 10.0.2.109 3683 -> 71.161.85.34 3958 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:00:57.655712 0.224739 udp 10.0.2.109 3683 <-> 99.90.72.54 5214 CON 0 0 2 670 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:00:57.953292 0.000000 udp 10.0.2.109 3683 -> 64.203.223.120 8688 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:01:02.959891 0.024632 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:01:03.007688 0.000000 udp 10.0.2.109 3683 -> 82.12.227.233 1781 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:01:07.524815 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 00:01:09.336908 0.193555 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:01:09.566496 0.354190 udp 10.0.2.109 3683 <-> 115.132.174.255 7222 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:01:09.935865 0.000000 udp 10.0.2.109 3683 -> 88.250.108.97 1024 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:01:17.403190 0.000000 udp 10.0.2.109 3683 -> 64.181.118.91 2396 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:01:19.258993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:01:23.720379 0.000000 udp 10.0.2.109 3683 -> 164.82.16.34 5748 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:01:29.896057 0.000000 udp 10.0.2.109 3683 -> 75.109.176.145 7977 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:01:38.143836 0.000000 udp 10.0.2.109 3683 -> 74.211.54.7 5055 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:01:46.621844 0.000000 udp 10.0.2.109 3683 -> 125.0.93.13 5547 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:01:55.219161 0.000000 udp 10.0.2.109 3683 -> 50.78.129.238 3209 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:01:59.663700 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 00:02:02.351267 0.262270 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 725 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:02:02.630356 0.000000 udp 10.0.2.109 3683 -> 62.150.117.161 7691 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:02:10.708524 0.000000 udp 10.0.2.109 3683 -> 92.232.97.70 2073 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:02:17.590713 0.000000 udp 10.0.2.109 3683 -> 177.37.130.39 7052 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:02:24.195520 0.000000 udp 10.0.2.109 3683 -> 95.240.245.119 2595 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:02:31.898640 0.000000 udp 10.0.2.109 3683 -> 216.115.141.73 8045 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:02:36.844539 0.163983 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 724 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:02:37.026729 0.000000 udp 10.0.2.109 3683 -> 193.248.160.37 8162 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:02:44.083076 0.069411 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 766 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:02:44.196443 0.189640 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 697 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:02:44.443646 0.000000 udp 10.0.2.109 3683 -> 66.0.176.57 6081 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:02:48.964195 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 00:02:50.232362 0.000000 udp 10.0.2.109 3683 -> 125.164.76.207 1984 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:02:57.063525 0.145275 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 688 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:02:57.291025 0.176434 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 859 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:02:57.499201 0.098694 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:02:57.619632 0.000000 udp 10.0.2.109 3683 -> 165.100.159.165 1761 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:03:04.795638 0.000000 udp 10.0.2.109 3683 -> 87.23.212.46 2811 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:07:18.227518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 1 146 flow=Background 1970/01/24 00:07:33.966358 1.970808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/24 00:07:39.882827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:07:47.764359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:08:06.607293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:08:38.118370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:14:36.718789 2.955490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 00:14:43.622804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:14:51.501222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:15:07.263492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:15:38.788637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:19:02.695948 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 00:19:02.696153 1.075529 tcp 10.0.2.109 63340 -> 24.126.254.250 9945 FSPA* 0 0 15 1665 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:21:37.343865 2.962120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 00:21:44.252451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:21:52.140760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:22:07.917106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:22:39.448938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:28:37.957080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:28:46.285476 1.968257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/24 00:28:52.204248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:29:00.083227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:29:15.846321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:29:47.389601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:33:34.674995 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 00:33:34.675116 0.079554 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:34.755060 0.165152 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:34.920644 0.212863 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:35.133997 0.175032 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:35.134431 2.953591 tcp 10.0.2.109 63341 -> 50.137.135.198 6430 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/24 00:33:35.309420 0.344853 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:35.654692 0.065559 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:35.720693 0.055321 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:35.776385 0.137235 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:35.914064 0.163233 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:36.077724 0.028940 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:36.107089 0.046029 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:36.153507 0.140227 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:36.294290 0.152853 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:36.447523 0.381624 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:36.829872 0.147873 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:36.978506 0.165798 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:37.144688 0.086189 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:37.231267 0.201576 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:37.433311 0.127883 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:37.561661 0.390743 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:37.952791 0.063385 udp 10.0.2.109 3683 <-> 86.138.17.73 7345 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:38.016569 0.066742 udp 10.0.2.109 3683 <-> 91.6.4.94 5333 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:38.083701 0.000000 udp 10.0.2.109 3683 -> 110.169.143.41 2414 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:33:43.996896 0.000000 tcp 10.0.2.109 63341 -> 50.137.135.198 6430 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/24 00:33:54.596602 0.053950 tcp 10.0.2.109 63342 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:33:54.650866 0.052283 tcp 10.0.2.109 63343 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:33:54.703434 0.149841 tcp 10.0.2.109 63344 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:33:54.853808 0.047696 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:33:54.901931 0.000000 udp 10.0.2.109 3683 -> 89.182.239.109 7507 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 00:34:12.191342 0.053442 tcp 10.0.2.109 63345 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:34:12.245066 0.052674 tcp 10.0.2.109 63346 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:34:12.298086 0.148491 tcp 10.0.2.109 63347 -> 195.113.214.211 443 SRPA* 0 0 31 22074 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:34:12.447171 0.357040 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:12.804616 0.035068 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:12.840040 0.056319 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:12.896741 0.180974 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:13.078088 0.144172 udp 10.0.2.109 3683 <-> 70.50.203.154 6552 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:13.222656 0.060336 udp 10.0.2.109 3683 <-> 86.129.42.90 5838 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:13.283410 0.043663 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:13.327449 0.288815 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:13.616647 0.295740 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:13.912873 0.335206 udp 10.0.2.109 3683 <-> 111.250.34.124 5460 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:13.913233 4.966376 tcp 10.0.2.109 63348 -> 117.203.249.98 9621 SPA_* 0 0 148 105954 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:34:14.248445 0.349237 udp 10.0.2.109 3683 <-> 115.241.87.231 1966 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:14.598209 0.374289 udp 10.0.2.109 3683 <-> 59.115.51.14 2346 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:14.972852 0.079467 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:15.052697 0.090267 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:15.143305 0.210528 udp 10.0.2.109 3683 <-> 99.90.72.54 5214 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:15.354357 0.025221 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:15.379912 0.193892 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:15.574137 0.390422 udp 10.0.2.109 3683 <-> 115.132.174.255 7222 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:15.964916 0.402168 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:16.367464 0.197514 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:16.565414 0.178769 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:16.744525 0.068705 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:16.813701 0.172870 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:16.986902 0.149303 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:17.136586 0.110287 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/24 00:34:18.932413 4.945132 tcp 10.0.2.109 63348 -> 117.203.249.98 9621 A_PA 0 0 170 124508 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:34:23.957691 4.995800 tcp 10.0.2.109 63348 -> 117.203.249.98 9621 A_PA 0 0 175 129642 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:34:28.965508 4.983588 tcp 10.0.2.109 63348 -> 117.203.249.98 9621 A_PA 0 0 170 124508 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:34:33.976443 4.920724 tcp 10.0.2.109 63348 -> 117.203.249.98 9621 A_PA 0 0 148 108858 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:34:39.093758 0.833232 tcp 10.0.2.109 63348 -> 117.203.249.98 9621 FPA_* 0 0 7 382 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:35:45.967679 2.957888 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 00:35:52.869548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:36:00.747439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:36:16.510903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:36:48.191673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:42:46.753890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:42:58.374910 1.973320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/24 00:43:04.294433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:43:12.177771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:43:46.889114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:44:18.407517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:49:13.889005 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 00:49:13.889113 0.982676 tcp 10.0.2.109 63349 -> 24.126.254.250 9945 FSPA* 0 0 15 1675 flow=From-Botnet-V1-TCP-Established 1970/01/24 00:50:16.860521 2.959683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 00:50:23.768788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:50:31.650963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:50:47.425081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:51:18.959242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:57:17.496493 2.961992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 00:57:24.404508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:57:32.292853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:57:48.064671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 00:58:19.606184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:04:18.278540 2.952545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 01:04:25.179102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:04:33.058417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:04:46.210009 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 01:04:46.210178 0.000000 udp 10.0.2.109 3683 -> 110.169.143.41 2414 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 01:04:48.822204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:05:02.069562 0.109400 tcp 10.0.2.109 63350 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:02.179364 0.055035 tcp 10.0.2.109 63351 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:02.234708 0.151193 tcp 10.0.2.109 63352 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:02.386644 0.000000 udp 10.0.2.109 3683 -> 89.182.239.109 7507 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 01:05:18.372554 0.053349 tcp 10.0.2.109 63353 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:18.426342 0.075144 tcp 10.0.2.109 63354 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:18.501787 0.145175 tcp 10.0.2.109 63355 -> 195.113.214.211 443 SRPA* 0 0 21 13034 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:18.647488 0.088166 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:18.736016 0.185685 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:18.922084 0.351182 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:19.273670 0.000000 udp 10.0.2.109 3683 -> 81.130.42.60 4828 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 01:05:20.426792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:05:34.246322 0.054486 tcp 10.0.2.109 63356 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:34.301088 0.053080 tcp 10.0.2.109 63357 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:34.354524 0.144259 tcp 10.0.2.109 63358 -> 195.113.214.211 443 SRPA* 0 0 40 22580 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:34.499289 0.050744 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:34.550423 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 01:05:49.407210 0.054951 tcp 10.0.2.109 63359 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:49.462432 0.054442 tcp 10.0.2.109 63360 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:49.517154 0.143758 tcp 10.0.2.109 63361 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:05:49.661591 0.146323 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:49.808328 0.044111 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:49.852758 0.143970 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:49.997169 0.145907 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:50.143452 0.151367 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:50.295252 0.029329 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:50.324956 0.142604 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:50.468004 0.159498 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:50.627959 0.090252 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:50.718602 0.218433 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:50.937420 0.127883 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:51.065680 0.359778 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:51.425894 0.146809 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:51.573070 0.065747 udp 10.0.2.109 3683 <-> 86.138.17.73 7345 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:51.639248 0.071890 udp 10.0.2.109 3683 <-> 91.6.4.94 5333 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:51.711513 0.356724 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:52.068624 0.042932 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:52.111881 0.351956 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:52.464194 0.036282 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:52.500831 0.055538 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:52.556732 0.178936 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:52.736000 0.046199 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:52.782558 0.286996 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:53.069978 0.298210 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:05:53.368570 0.000000 udp 10.0.2.109 3683 -> 70.50.203.154 6552 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 01:06:11.090921 0.052532 tcp 10.0.2.109 63362 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:06:11.143708 0.051894 tcp 10.0.2.109 63363 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:06:11.195878 0.150474 tcp 10.0.2.109 63364 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:06:11.346895 0.062564 udp 10.0.2.109 3683 <-> 86.129.42.90 5838 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:11.409844 0.332857 udp 10.0.2.109 3683 <-> 111.250.34.124 5460 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:11.743099 0.363291 udp 10.0.2.109 3683 <-> 115.241.87.231 1966 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:12.106768 0.381771 udp 10.0.2.109 3683 <-> 59.115.51.14 2346 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:12.488956 0.070936 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:12.560306 0.086869 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:12.647563 0.223449 udp 10.0.2.109 3683 <-> 99.90.72.54 5214 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:12.871394 0.024662 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:12.896364 0.189974 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:13.086737 0.000000 udp 10.0.2.109 3683 -> 115.132.174.255 7222 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 01:06:30.358113 0.053203 tcp 10.0.2.109 63365 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:06:30.411598 0.056780 tcp 10.0.2.109 63366 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:06:30.468667 0.151404 tcp 10.0.2.109 63367 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:06:30.620609 0.181348 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:30.802361 0.060518 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:30.863286 0.171142 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:31.034842 0.142442 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:31.177646 0.249681 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:31.427739 0.161552 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:06:31.589676 0.110684 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:11:19.192170 2.961720 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 01:11:26.097730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:11:33.976567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:11:49.748954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:12:21.281108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:18:20.094505 2.958525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 01:18:27.000482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:18:34.887710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:18:48.607918 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 01:18:48.608052 0.987839 tcp 10.0.2.109 63368 -> 24.126.254.250 9945 FSPA* 0 0 15 1599 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:18:50.659328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:19:22.193075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:25:20.861707 2.955736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 01:25:27.762674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:25:35.645612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:25:51.424038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:26:23.330810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:32:27.336756 3.002113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 01:32:34.344767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:32:42.348385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:32:58.348822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:33:30.361422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:36:43.453121 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 01:36:43.453286 0.065252 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:36:43.518924 0.214866 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:36:43.734296 0.000000 udp 10.0.2.109 3683 -> 70.50.203.154 6552 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 01:37:01.313456 0.053042 tcp 10.0.2.109 63369 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:37:01.366709 0.053951 tcp 10.0.2.109 63370 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:37:01.420912 0.146987 tcp 10.0.2.109 63371 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:37:01.568432 0.000000 udp 10.0.2.109 3683 -> 115.132.174.255 7222 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 01:37:19.525230 0.055529 tcp 10.0.2.109 63372 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:37:19.581007 0.068767 tcp 10.0.2.109 63373 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:37:19.650229 0.150639 tcp 10.0.2.109 63374 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:37:19.801384 0.174818 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:19.976583 0.092736 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:20.069726 0.378168 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:20.448292 0.056118 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:20.504815 0.144085 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:20.649298 0.045356 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:20.695021 0.031451 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:20.726858 0.146116 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:20.873383 0.162151 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:21.035976 0.159031 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:21.195389 0.145412 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:21.341389 0.152587 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:21.494403 0.163552 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:21.658335 0.000000 udp 10.0.2.109 3683 -> 86.138.17.73 7345 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 01:37:38.793021 0.052903 tcp 10.0.2.109 63375 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:37:38.846156 0.055929 tcp 10.0.2.109 63376 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:37:38.902383 0.147944 tcp 10.0.2.109 63377 -> 195.113.214.211 443 SRPA* 0 0 52 32536 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:37:39.050831 0.128205 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:39.179425 0.234795 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:39.414573 0.084367 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:39.499305 0.357929 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:39.857658 0.346640 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:40.204730 0.036579 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:40.241709 0.054435 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:40.296614 0.067216 udp 10.0.2.109 3683 <-> 91.6.4.94 5333 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:40.364222 0.047534 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:40.412153 0.367230 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:40.779783 0.281802 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:41.062032 0.046929 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:41.109375 0.181884 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:41.109715 3.000153 tcp 10.0.2.109 63378 -> 80.1.220.176 8279 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/24 01:37:41.291646 0.280988 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:41.573006 0.058525 udp 10.0.2.109 3683 <-> 86.129.42.90 5838 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:41.631862 0.324882 udp 10.0.2.109 3683 <-> 111.250.34.124 5460 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:41.957140 0.328209 udp 10.0.2.109 3683 <-> 115.241.87.231 1966 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:42.285739 0.073336 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:42.359455 0.134704 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:42.494554 0.237861 udp 10.0.2.109 3683 <-> 99.90.72.54 5214 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:42.732774 0.024814 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:42.757876 0.191534 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:42.949772 0.379446 udp 10.0.2.109 3683 <-> 59.115.51.14 2346 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:43.329566 0.173344 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:43.503285 0.176454 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:43.680094 0.060839 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:43.741349 0.161148 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:43.902863 0.110545 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:44.013767 0.146047 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:44.160134 0.252867 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 01:37:50.108690 0.000000 tcp 10.0.2.109 63378 -> 80.1.220.176 8279 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/24 01:39:34.360791 3.001765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 01:39:41.368307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:39:49.369907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:40:05.373011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:40:37.379550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:46:41.385279 3.001924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 01:46:48.392233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:46:56.395026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:47:12.398898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:47:44.405258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:48:43.229236 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 01:48:43.229348 1.001574 tcp 10.0.2.109 63379 -> 24.126.254.250 9945 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/01/24 01:53:48.409102 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 01:53:55.417477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:54:03.417571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:54:19.420161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 01:54:51.426931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:00:55.434307 3.000491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 02:01:02.440403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:01:10.441575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:01:26.444674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:01:58.450261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:08:02.456986 3.001395 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 02:08:09.465421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:08:11.467715 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 02:08:11.467911 0.069824 udp 10.0.2.109 3683 <-> 86.138.17.73 7345 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:11.538324 0.064628 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:11.603396 0.214594 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:11.818425 0.076919 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:11.895733 0.356348 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:12.252511 0.054669 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:12.307562 0.171251 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:12.479181 0.046442 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:12.526055 0.195691 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:12.722243 0.145715 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:12.868311 0.031471 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:12.900108 0.142681 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:13.043216 0.145140 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:13.188736 0.145503 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:13.334583 0.161101 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:13.496095 0.161041 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:13.657534 0.084931 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:13.742886 0.351502 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:14.094754 0.141694 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:14.236863 0.218291 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:14.455487 0.341958 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:14.797922 0.036611 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:14.798429 4.907192 tcp 10.0.2.109 63380 -> 114.38.0.175 8019 SPA_* 0 0 205 107591 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:14.834917 0.060740 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:14.896012 0.071912 udp 10.0.2.109 3683 <-> 91.6.4.94 5333 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:14.968318 0.042543 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:15.011281 0.323100 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:15.334812 0.180495 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:15.515680 0.283252 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:15.799321 0.000000 udp 10.0.2.109 3683 -> 86.129.42.90 5838 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 02:08:17.465789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:08:19.909542 4.886867 tcp 10.0.2.109 63380 -> 114.38.0.175 8019 A_PA 0 0 239 127594 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:24.936206 4.916393 tcp 10.0.2.109 63380 -> 114.38.0.175 8019 A_PA 0 0 254 136596 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:30.053783 4.897133 tcp 10.0.2.109 63380 -> 114.38.0.175 8019 A_PA 0 0 239 127594 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:32.289147 0.056113 tcp 10.0.2.109 63381 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:32.345533 0.054275 tcp 10.0.2.109 63382 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:32.400131 0.198484 tcp 10.0.2.109 63383 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:32.599166 0.338511 udp 10.0.2.109 3683 <-> 111.250.34.124 5460 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:32.938037 0.295385 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:33.233772 0.046648 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:33.280770 0.712123 udp 10.0.2.109 3683 <-> 115.241.87.231 1966 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:33.468776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:08:33.993307 0.081316 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:34.075007 0.093412 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:34.168777 0.236912 udp 10.0.2.109 3683 <-> 99.90.72.54 5214 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:34.406070 0.024724 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:34.431134 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 02:08:35.076765 4.880822 tcp 10.0.2.109 63380 -> 114.38.0.175 8019 FPA_* 0 0 216 113108 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:49.983411 0.053506 tcp 10.0.2.109 63384 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:50.037278 0.053022 tcp 10.0.2.109 63385 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:50.090598 0.144656 tcp 10.0.2.109 63386 -> 195.113.214.211 443 SRPA* 0 0 44 37134 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:08:50.236433 0.175447 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:50.412276 0.304317 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:50.717027 0.161426 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:50.878837 4.553209 udp 10.0.2.109 3683 <-> 59.115.51.14 2346 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:55.432435 0.173119 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:55.605929 0.251712 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:55.858038 0.098047 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:08:55.956486 0.142546 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:09:05.474697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:15:09.482867 2.999616 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 02:15:16.487978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:15:24.489636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:15:40.494618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:16:12.502564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:18:44.237372 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 02:18:44.237543 0.994119 tcp 10.0.2.109 63387 -> 24.126.254.250 9945 FSPA* 0 0 14 1658 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:22:16.504178 3.004001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 02:22:23.512361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:22:31.513750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:22:47.516713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:23:19.522883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:29:23.529881 3.000096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 02:29:30.536518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:29:38.537622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:29:54.540302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:30:26.546866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:36:30.552499 3.002150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 02:36:37.560178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:36:45.562046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:37:01.564856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:37:33.570806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:38:58.673462 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 02:38:58.673750 0.000000 udp 10.0.2.109 3683 -> 86.129.42.90 5838 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 02:39:17.572116 0.055533 tcp 10.0.2.109 63388 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:39:17.628000 0.053753 tcp 10.0.2.109 63389 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:39:17.682389 0.147822 tcp 10.0.2.109 63390 -> 195.113.214.211 443 SRPA* 0 0 43 37080 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:39:17.830982 0.188806 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:18.020174 0.214389 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:18.234963 0.071691 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:18.307074 0.000000 udp 10.0.2.109 3683 -> 86.138.17.73 7345 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 02:39:35.733045 0.052630 tcp 10.0.2.109 63391 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:39:35.785905 0.053453 tcp 10.0.2.109 63392 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:39:35.839649 0.143969 tcp 10.0.2.109 63393 -> 195.113.214.211 443 SRPA* 0 0 51 32502 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:39:35.984446 0.078938 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:36.063742 0.138158 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:36.202374 0.045129 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:36.247833 0.181183 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:36.429445 0.148987 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:36.578866 0.031402 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:36.610684 0.056541 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:36.667587 0.347051 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:37.015019 0.158366 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:37.173789 0.088233 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:37.262379 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 02:39:56.176349 0.052758 tcp 10.0.2.109 63394 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:39:56.229387 0.053962 tcp 10.0.2.109 63395 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:39:56.283586 0.154395 tcp 10.0.2.109 63396 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:39:56.438514 0.145546 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:56.584490 0.145410 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:56.730466 0.160620 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:56.891499 0.350850 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:57.242751 0.343416 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:57.586537 0.054281 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:57.641152 0.071227 udp 10.0.2.109 3683 <-> 91.6.4.94 5333 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:57.712748 0.352156 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:58.065365 0.214918 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:58.280742 0.142048 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:58.423177 0.288740 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:58.712288 0.326923 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:59.039596 0.048348 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:59.088269 0.179872 udp 10.0.2.109 3683 <-> 99.140.86.184 2221 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:39:59.268541 0.000000 udp 10.0.2.109 3683 -> 111.250.34.124 5460 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 02:40:16.806852 0.053850 tcp 10.0.2.109 63397 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:40:16.860965 0.053493 tcp 10.0.2.109 63398 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:40:16.914715 0.145716 tcp 10.0.2.109 63399 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:40:17.061067 0.000000 udp 10.0.2.109 3683 -> 117.203.249.98 8817 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 02:40:35.683616 0.054389 tcp 10.0.2.109 63400 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:40:35.738288 0.053711 tcp 10.0.2.109 63401 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:40:35.792272 0.153555 tcp 10.0.2.109 63402 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:40:35.946527 0.045771 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:35.992704 0.076623 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:36.069661 0.223249 udp 10.0.2.109 3683 <-> 99.90.72.54 5214 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:36.293282 0.025820 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:36.319377 0.536361 udp 10.0.2.109 3683 <-> 115.241.87.231 1966 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:36.856100 0.076390 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:36.932875 0.159761 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:37.093036 0.181823 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:37.275247 0.062025 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:37.337657 0.254758 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:37.592838 0.110414 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:37.703669 0.000000 udp 10.0.2.109 3683 -> 59.115.51.14 2346 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 02:40:54.339960 0.054145 tcp 10.0.2.109 63403 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:40:54.394393 0.053159 tcp 10.0.2.109 63404 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:40:54.447841 0.157333 tcp 10.0.2.109 63405 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:40:54.605793 0.173609 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:40:54.779785 0.145949 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/24 02:43:37.576593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 1 146 flow=Background 1970/01/24 02:43:51.967332 1.975985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/24 02:43:57.891747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:44:05.786953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:44:21.571910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:44:53.132976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:48:54.473757 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 02:48:54.473924 0.967528 tcp 10.0.2.109 63406 -> 24.126.254.250 9945 FSPA* 0 0 15 1550 flow=From-Botnet-V1-TCP-Established 1970/01/24 02:51:55.358786 2.961989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 02:52:02.273451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:52:10.163011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:52:25.945779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:52:57.507483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:58:56.585172 2.965191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 02:59:03.504547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:59:11.402177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:59:27.190544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 02:59:58.755461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:06:02.661075 3.000970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 03:06:09.668162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:06:17.669458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:06:33.671849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:07:05.781479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:11:04.116051 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 03:11:04.116206 0.000000 udp 10.0.2.109 3683 -> 86.138.17.73 7345 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:11:21.821009 0.053541 tcp 10.0.2.109 63407 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:11:21.874900 0.053836 tcp 10.0.2.109 63408 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:11:21.929033 0.154757 tcp 10.0.2.109 63409 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:11:22.084512 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:11:38.881745 0.053722 tcp 10.0.2.109 63410 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:11:38.935716 0.051561 tcp 10.0.2.109 63411 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:11:38.987619 0.156394 tcp 10.0.2.109 63412 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:11:39.144676 0.000000 udp 10.0.2.109 3683 -> 111.250.34.124 5460 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:11:56.697594 0.059993 tcp 10.0.2.109 63413 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:11:56.757844 0.062475 tcp 10.0.2.109 63414 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:11:56.820578 0.144173 tcp 10.0.2.109 63415 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:11:56.964964 0.296145 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:11:57.261510 0.000000 udp 10.0.2.109 3683 -> 59.115.51.14 2346 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:12:16.215515 0.055921 tcp 10.0.2.109 63416 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:12:16.271720 0.052218 tcp 10.0.2.109 63417 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:12:16.324201 0.145716 tcp 10.0.2.109 63418 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:12:16.470611 0.188217 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:16.659269 0.206283 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:16.865927 0.068438 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:16.934744 0.147458 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:17.082658 0.029207 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:17.112244 0.051169 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:17.163791 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:12:22.762460 0.000000 udp 10.0.2.109 3683 <- 81.191.29.195 1978 RSP 0 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:12:22.762895 0.044293 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:22.807559 0.179183 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:22.987130 0.144326 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:23.131882 0.364930 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:23.497254 0.085259 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:23.582909 0.166724 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:23.749989 0.159369 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:23.909719 0.142915 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:24.053019 0.146794 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:24.200208 0.342884 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:24.543431 0.036043 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:24.579830 0.058161 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:24.638396 0.000000 udp 10.0.2.109 3683 -> 91.6.4.94 5333 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:12:40.040160 0.057226 tcp 10.0.2.109 63419 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:12:40.097667 0.053449 tcp 10.0.2.109 63420 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:12:40.151371 0.191960 tcp 10.0.2.109 63421 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:12:40.343822 0.134868 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:40.479040 0.227969 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:40.707560 0.378417 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:41.086374 0.287863 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:12:41.374634 0.000000 udp 10.0.2.109 3683 -> 87.153.122.130 4545 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:12:59.588345 0.052727 tcp 10.0.2.109 63422 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:12:59.641433 0.053985 tcp 10.0.2.109 63423 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:12:59.695661 0.146644 tcp 10.0.2.109 63424 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:12:59.842798 0.327385 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:00.170594 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:13:09.694426 3.002031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 03:13:16.701966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:13:17.964267 0.052871 tcp 10.0.2.109 63425 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:13:18.017374 0.055269 tcp 10.0.2.109 63426 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:13:18.073043 0.155837 tcp 10.0.2.109 63427 -> 195.113.214.211 443 SRPA* 0 0 33 17460 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:13:18.229347 0.081323 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:18.311063 0.000000 udp 10.0.2.109 3683 -> 99.90.72.54 5214 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:13:24.703430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:13:35.128938 0.051873 tcp 10.0.2.109 63428 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:13:35.181066 0.066619 tcp 10.0.2.109 63429 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:13:35.247894 0.146544 tcp 10.0.2.109 63430 -> 195.113.214.211 443 SRPA* 0 0 41 21646 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:13:35.394909 0.024324 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:35.419727 0.440403 udp 10.0.2.109 3683 <-> 115.241.87.231 1966 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:35.860532 0.046739 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:35.907633 0.097639 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:36.005715 0.247852 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:36.253906 0.110456 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:36.364698 0.161459 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:36.526554 0.172044 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:36.698962 0.061035 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:36.760351 0.174620 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:36.935388 0.146675 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:13:40.706050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:14:12.712890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:18:46.216334 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 03:18:46.216565 1.097475 tcp 10.0.2.109 63431 -> 24.126.254.250 9945 FSPA* 0 0 14 1684 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:20:16.717975 3.002542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 03:20:23.725857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:20:31.727635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:20:47.734810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:21:19.736756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:27:23.744413 2.999750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 03:27:30.749747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:27:38.750898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:27:54.754789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:28:26.760190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:34:30.766928 3.001477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 03:34:37.781070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:34:45.776997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:35:01.783317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:35:33.795441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:41:37.803336 2.998907 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 03:41:44.809485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:41:52.809188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:42:08.814884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:42:40.818718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:43:54.145460 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 03:43:54.145617 0.000000 udp 10.0.2.109 3683 -> 91.6.4.94 5333 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:44:11.921556 0.053285 tcp 10.0.2.109 63432 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:44:11.975133 0.052848 tcp 10.0.2.109 63433 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:44:12.028285 0.147642 tcp 10.0.2.109 63434 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:44:12.176224 0.043033 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:44:12.219611 0.000000 udp 10.0.2.109 3683 -> 99.140.86.184 2221 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:44:28.413460 0.054691 tcp 10.0.2.109 63435 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:44:28.468423 0.054722 tcp 10.0.2.109 63436 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:44:28.523364 0.140553 tcp 10.0.2.109 63437 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:44:28.664448 0.000000 udp 10.0.2.109 3683 -> 99.90.72.54 5214 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:44:44.717649 0.052752 tcp 10.0.2.109 63438 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:44:44.770754 0.054938 tcp 10.0.2.109 63439 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:44:44.825900 0.162351 tcp 10.0.2.109 63440 -> 195.113.214.211 443 SRPA* 0 0 21 13034 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:44:44.988758 0.309513 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:44:45.298636 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:45:02.502752 0.053168 tcp 10.0.2.109 63441 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:45:02.556147 0.058223 tcp 10.0.2.109 63442 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:45:02.614875 0.148406 tcp 10.0.2.109 63443 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:45:02.763838 0.212906 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:02.977164 0.068490 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:03.046348 0.047883 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:03.094577 0.144341 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:03.239564 0.031614 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:03.271531 0.045245 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:03.317156 0.077118 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:03.394682 0.158622 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:03.553764 0.091177 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:03.645545 0.143649 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:03.789570 0.336983 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:04.126989 0.175265 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:04.302668 0.159948 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:04.463248 0.036368 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:04.500005 0.139070 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:04.639450 0.361903 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:05.002048 0.054266 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:05.056729 0.149092 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:05.206383 0.134960 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:05.343657 0.217638 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:05.561710 0.501654 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:06.063758 0.285299 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:06.349472 0.385126 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:06.735203 0.083968 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:06.819674 0.000000 udp 10.0.2.109 3683 -> 115.241.87.231 1966 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 03:45:24.855068 0.052921 tcp 10.0.2.109 63444 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:45:24.908233 0.055900 tcp 10.0.2.109 63445 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:45:24.964493 0.152124 tcp 10.0.2.109 63446 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:45:25.117209 0.046268 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:25.163862 0.024089 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:25.188250 0.251209 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:25.439839 0.098273 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:25.538499 0.159740 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:25.698588 0.184502 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:25.883491 0.061533 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:25.945393 0.171856 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:26.117648 0.073016 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:45:26.191030 0.140641 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/24 03:48:44.824048 3.001978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 03:48:47.315590 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 03:48:47.315793 1.011072 tcp 10.0.2.109 63447 -> 24.126.254.250 9945 FSPA* 0 0 15 1768 flow=From-Botnet-V1-TCP-Established 1970/01/24 03:48:51.831699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:48:59.833866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:49:15.843182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:49:47.842184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:55:51.849713 3.000192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 03:55:58.855599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:56:06.857376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:56:22.860597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 03:56:54.866710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:02:58.871923 3.002797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 04:03:05.879545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:03:13.881493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:03:29.884421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:04:01.890542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:10:05.896264 3.002002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 04:10:12.903859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:10:20.905895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:10:36.908041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:11:08.914516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:15:55.176392 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 04:15:55.176505 0.190681 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:15:55.367597 0.000000 udp 10.0.2.109 3683 -> 115.241.87.231 1966 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 04:16:11.336905 0.053882 tcp 10.0.2.109 63448 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 04:16:11.391045 0.054455 tcp 10.0.2.109 63449 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 04:16:11.445769 0.150959 tcp 10.0.2.109 63450 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/24 04:16:11.597317 0.049180 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:11.646981 0.295768 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:11.943172 0.215384 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:12.158961 0.147437 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:12.306848 0.031405 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:12.338626 0.067956 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:12.406985 0.084150 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:12.491520 0.160459 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:12.652393 0.088139 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:12.740932 0.045858 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:12.787326 0.054295 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:12.841995 0.220716 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:13.063113 0.161195 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:13.224705 0.036175 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:13.261311 0.145708 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:13.407481 0.348111 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:13.755984 0.181156 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:13.937504 0.149136 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:14.087024 0.128005 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:14.215461 0.201475 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:14.417347 0.057592 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:14.475354 0.360606 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:14.836320 0.081649 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:14.918346 0.445960 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:15.364734 0.286644 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:15.651770 0.319114 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:15.971232 0.046170 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:16.017820 0.023532 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:16.041716 0.251412 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:16.293499 0.110234 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:16.404098 0.159380 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:16.563834 0.177471 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:16.741732 0.066919 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:16.809057 0.145597 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:16.955046 0.167246 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:16:17.122662 0.073968 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:17:12.921333 3.000716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 04:17:19.927631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:17:27.929091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:17:43.932427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:18:15.938454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:18:48.325031 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 04:18:48.325194 1.195610 tcp 10.0.2.109 63451 -> 24.126.254.250 9945 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/01/24 04:24:19.944399 3.003556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 04:24:26.953163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:24:34.953932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:24:50.955993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:25:22.962343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:31:26.968239 3.012469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 04:31:33.978572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:31:41.981064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:31:57.980163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:32:29.986083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:38:33.992029 3.002587 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 04:38:40.999574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:38:49.001661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:39:05.004466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:39:37.010099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:45:41.016504 3.001160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 04:45:48.023404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:45:56.025078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:46:12.028161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:46:18.407676 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 04:46:18.407783 0.190173 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:18.598394 0.048650 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:18.647357 0.292080 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:18.939790 0.217010 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.157202 0.150491 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.308091 0.029048 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.337533 0.067439 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.405350 0.087200 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.492880 0.164073 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.657383 0.087623 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.745404 0.045042 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.790798 0.048816 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.839978 0.036853 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:19.877117 0.140669 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:20.018210 0.352880 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:20.371555 0.186154 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:20.558116 0.261817 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:20.820326 0.158989 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:20.979662 0.151101 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:21.131194 0.142112 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:21.273709 0.228046 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:21.502166 0.055529 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:21.558249 0.000000 udp 10.0.2.109 3683 -> 114.38.0.175 1995 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 04:46:39.629641 0.055569 tcp 10.0.2.109 63452 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 04:46:39.685461 0.053673 tcp 10.0.2.109 63453 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 04:46:39.739456 0.151976 tcp 10.0.2.109 63454 -> 195.113.214.211 443 SRPA* 0 0 41 22032 flow=From-Botnet-V1-TCP-Established 1970/01/24 04:46:39.891883 0.079768 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:39.972014 0.319772 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:40.292159 0.544846 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:40.837363 0.289736 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:41.127479 0.044827 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:41.172689 0.024846 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:41.197846 0.254308 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:41.452556 0.110504 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:41.563512 0.160179 udp 10.0.2.109 3683 <-> 122.169.96.62 7155 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:41.724075 0.191511 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:41.915992 0.067462 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:41.983857 0.139255 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:42.123542 0.171603 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:42.295557 0.071028 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/24 04:46:44.038557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:48:49.525213 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 04:48:49.525393 0.997585 tcp 10.0.2.109 63455 -> 24.126.254.250 9945 FSPA* 0 0 15 1735 flow=From-Botnet-V1-TCP-Established 1970/01/24 04:52:48.039796 3.002097 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 04:52:55.047739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:53:03.048798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:53:19.052745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:53:51.058091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 04:59:55.064200 3.001393 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 05:00:02.071366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:00:10.072927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:00:26.076095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:00:58.082008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:07:02.088636 3.000991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 05:07:09.099630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:07:17.100967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:07:33.099888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:08:05.105972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:14:09.112055 3.001359 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 05:14:16.119237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:14:24.120931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:14:40.123816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:15:12.130000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:17:00.536113 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 05:17:00.536278 0.366781 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:00.903471 0.285622 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:01.189514 0.192252 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:01.382211 0.042905 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:01.425536 0.147197 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:01.573199 0.029260 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:01.602773 0.067629 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:01.670816 0.095826 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:01.767015 0.161970 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:01.929372 0.087152 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:02.016907 0.045373 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:02.062671 0.215299 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:02.278365 0.036562 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:02.315374 0.056545 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:02.372311 0.350352 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:02.723011 0.175870 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:02.899221 0.137918 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:03.037478 0.160256 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:03.198300 0.139338 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:03.338044 0.056391 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:03.394781 0.147014 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:03.542172 0.134908 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:03.677449 0.217985 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:03.895879 0.086451 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:03.982728 0.387982 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:04.371160 0.392371 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:04.763941 0.289056 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:05.053367 0.054171 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:05.108041 0.025100 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:05.133490 0.248793 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:05.382714 0.110144 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:05.493244 0.000000 udp 10.0.2.109 3683 -> 122.169.96.62 7155 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 05:17:23.380518 0.052660 tcp 10.0.2.109 63456 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:17:23.433447 0.054758 tcp 10.0.2.109 63457 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:17:23.488478 0.144027 tcp 10.0.2.109 63458 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:17:23.632684 0.195578 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:23.828701 0.170754 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:23.999901 0.070810 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:24.071081 0.067325 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:17:24.138762 0.142874 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:18:50.524302 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 05:18:50.524388 1.010570 tcp 10.0.2.109 63459 -> 24.126.254.250 9945 FSPA* 0 0 15 1730 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:21:16.136813 3.000834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 05:21:23.143450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:21:31.145055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:21:47.147746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:22:19.154656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:28:23.160097 3.001721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 05:28:30.171551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:28:38.168838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:28:54.171829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:29:26.177809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:35:30.184463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:35:54.252151 1.974989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/24 05:36:00.179732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:36:08.069531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:36:23.847208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:36:55.402973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:42:54.359865 2.963797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 05:43:01.271334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:43:09.164938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:43:24.948387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:43:56.516068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:48:05.740940 0.000170 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 05:48:05.741198 0.000000 udp 10.0.2.109 3683 -> 122.169.96.62 7155 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 05:48:21.057755 0.053530 tcp 10.0.2.109 63460 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:48:21.111569 0.053868 tcp 10.0.2.109 63461 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:48:21.165692 0.158699 tcp 10.0.2.109 63462 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:48:21.324932 0.399513 udp 10.0.2.109 3683 <-> 114.38.0.175 1995 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:21.724812 0.190691 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:21.915898 0.043143 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:21.959392 0.148429 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:22.108236 0.029136 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:22.137734 0.063834 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:22.201978 0.078361 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:22.280729 0.164593 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:22.445694 0.292316 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:22.738436 0.045241 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:22.784009 0.084989 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:22.869404 0.058722 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:22.928453 0.367402 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:23.296297 0.186756 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:23.483436 0.034951 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:23.518698 0.214278 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:23.733432 0.159972 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:23.893770 0.143082 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:24.037212 0.055500 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:24.093060 0.145695 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:24.239112 0.135336 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:24.374819 0.203825 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:24.579025 0.096932 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:24.676316 0.141409 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:24.818139 0.327761 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:25.146465 0.519240 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:25.666140 0.025020 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:25.691527 0.252765 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:25.944727 0.110458 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:26.055600 0.288477 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:26.344473 0.044693 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:26.389499 0.000000 udp 10.0.2.109 3683 -> 99.33.17.126 9919 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 05:48:44.638957 0.052042 tcp 10.0.2.109 63463 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:48:44.691271 0.053990 tcp 10.0.2.109 63464 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:48:44.745516 0.159568 tcp 10.0.2.109 63465 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:48:44.905585 0.065714 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:44.971638 0.160293 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:45.132294 0.176214 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:48:45.308887 0.078616 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/24 05:49:03.513584 0.989310 tcp 10.0.2.109 63466 -> 24.126.254.250 9945 FSPA* 0 0 15 1702 flow=From-Botnet-V1-TCP-Established 1970/01/24 05:49:55.485906 2.955403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 05:50:02.399566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:50:10.292189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:50:26.075685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:50:57.649142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:56:56.610543 2.960693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 05:57:03.517700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:57:11.402222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:57:27.182729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 05:57:58.744975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:03:58.290212 3.001564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 06:04:05.297169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:04:13.298885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:04:29.301768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:05:01.308421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:11:05.314545 3.000772 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 06:11:12.321082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:11:20.322570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:11:36.325370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:12:08.331453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:18:12.337112 3.002211 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 06:18:19.344922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:18:27.346588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:18:43.349627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:18:46.133976 0.000236 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 06:18:46.134308 0.188420 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:18:46.323109 0.190320 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:18:46.513830 0.042720 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:18:46.556907 0.143436 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:18:46.700746 0.031331 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:18:46.732464 0.070473 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:18:46.803375 0.083513 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:18:46.887323 0.167635 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:18:47.055337 0.000000 udp 10.0.2.109 3683 -> 114.38.0.175 1995 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 06:18:52.533002 0.998759 tcp 10.0.2.109 63467 -> 24.126.254.250 9945 FSPA* 0 0 15 1591 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:19:05.543231 0.055339 tcp 10.0.2.109 63468 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:19:05.598800 0.052610 tcp 10.0.2.109 63469 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:19:05.651698 0.136455 tcp 10.0.2.109 63470 -> 195.113.214.211 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:19:05.788771 0.087784 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:05.876976 0.283213 udp 10.0.2.109 3683 <-> 117.203.249.98 8817 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:06.160584 0.370843 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:06.531836 0.186900 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:06.719112 0.037204 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:06.756689 0.049706 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:06.806790 0.045237 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:06.852399 0.142915 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:06.995704 0.055592 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:07.051891 0.147072 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:07.199339 0.128158 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:07.327880 0.208446 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:07.536683 0.152975 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:07.690029 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 06:19:15.355819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:19:23.678150 0.053730 tcp 10.0.2.109 63471 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:19:23.732170 0.054655 tcp 10.0.2.109 63472 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:19:23.787143 0.150393 tcp 10.0.2.109 63473 -> 195.113.214.211 443 SRPA* 0 0 41 21414 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:19:23.938265 0.354416 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:24.293155 0.208238 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:24.501746 0.091715 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:24.593811 0.377859 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:24.972035 0.110986 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:25.083384 0.284308 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:25.368092 0.106594 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:25.475083 0.254345 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:25.729803 0.040463 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:25.770688 0.063788 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:25.834850 0.144242 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:25.979542 0.170891 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:19:26.150811 0.077307 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:25:19.360968 3.002105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 06:25:26.368932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:25:34.370588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:25:50.373561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:26:22.379495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:32:26.386395 3.000694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 06:32:33.392921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:32:41.394658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:32:57.397478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:33:29.403328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:39:33.409452 3.001925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 06:39:40.416962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:39:48.418977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:40:04.421540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:40:36.427401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:46:40.434675 3.001186 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 06:46:47.440958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:46:55.444195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:47:11.446115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:47:43.451487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:48:53.532684 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 06:48:53.532822 0.986506 tcp 10.0.2.109 63474 -> 24.126.254.250 9945 FSPA* 0 0 15 1575 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:49:38.707614 0.000000 udp 10.0.2.109 3683 -> 114.38.0.175 1995 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 06:49:43.444614 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 06:49:57.558299 0.053612 tcp 10.0.2.109 63475 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:49:57.612152 0.052103 tcp 10.0.2.109 63476 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:49:57.664559 0.187784 tcp 10.0.2.109 63477 -> 195.113.214.211 443 SRPA* 0 0 38 21716 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:49:57.852859 0.138871 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:49:57.992178 0.146802 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:49:58.139382 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 06:50:13.958631 0.051303 tcp 10.0.2.109 63478 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:50:14.010352 0.052572 tcp 10.0.2.109 63479 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:50:14.063189 0.150360 tcp 10.0.2.109 63480 -> 195.113.214.211 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:50:14.214225 0.066310 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:14.280933 0.087802 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:14.369136 0.307705 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:14.677249 0.029533 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:14.707148 0.048595 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:14.756132 0.169626 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:14.926100 0.084151 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:15.010685 0.186834 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:15.197920 0.035680 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:15.233969 0.054585 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:15.288979 0.044389 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:15.333737 0.346299 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:15.680432 0.000000 udp 10.0.2.109 3683 -> 117.203.249.98 8817 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 06:50:31.333353 0.052094 tcp 10.0.2.109 63481 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:50:31.385769 0.056073 tcp 10.0.2.109 63482 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:50:31.442122 0.148736 tcp 10.0.2.109 63483 -> 195.113.214.211 443 SRPA* 0 0 39 22526 flow=From-Botnet-V1-TCP-Established 1970/01/24 06:50:31.591284 0.144116 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:31.735804 0.128311 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:31.864518 0.214560 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:32.079526 0.153094 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:32.233029 0.143102 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:32.376520 0.062825 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:32.439756 0.079713 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:32.519877 0.369749 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:32.890064 0.336735 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:33.227200 0.217455 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:33.445083 0.110222 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:33.555704 0.285765 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:33.841877 0.045975 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:33.888177 0.252666 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:34.141235 0.025952 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:34.167512 0.070026 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:34.237879 0.136081 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:34.374487 0.170148 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:50:34.545048 0.078016 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/24 06:53:47.457979 3.000626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 06:53:54.465413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:54:02.466928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:54:18.468916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 06:54:50.478231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:00:54.481413 3.001513 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 07:01:01.489030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:01:09.490236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:01:25.492948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:01:57.499436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:08:01.505180 3.002206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 07:08:08.513002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:08:16.514699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:08:32.517466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:09:04.522920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:15:08.529472 3.001539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 07:15:15.536860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:15:23.538671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:15:39.541374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:16:11.547323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:18:54.521640 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 07:18:54.521812 0.964791 tcp 10.0.2.109 63484 -> 24.126.254.250 9945 FSPA* 0 0 15 1800 flow=From-Botnet-V1-TCP-Established 1970/01/24 07:20:34.807733 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 07:20:34.807902 0.190746 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:34.999059 0.000000 udp 10.0.2.109 3683 -> 117.203.249.98 8817 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 07:20:51.561927 0.188283 tcp 10.0.2.109 63485 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 07:20:51.750466 0.052501 tcp 10.0.2.109 63486 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 07:20:51.803223 0.148749 tcp 10.0.2.109 63487 -> 195.113.214.211 443 SRPA* 0 0 44 27156 flow=From-Botnet-V1-TCP-Established 1970/01/24 07:20:51.952534 0.137283 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:52.090295 0.144505 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:52.235205 0.216374 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:52.451944 0.031403 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:52.483717 0.042227 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:52.526308 1.527282 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:54.053976 0.067879 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:54.122294 0.186620 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:54.309252 0.037643 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:54.347213 0.066309 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:54.413943 0.045501 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:54.459837 0.168886 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:54.629128 0.088905 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:54.718467 0.339370 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:55.058232 0.144318 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:55.202921 0.141618 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:55.344932 0.213040 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:55.558430 0.056557 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:55.615344 0.083264 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:55.699037 0.160111 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:55.859616 0.141597 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:56.001644 0.229212 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:56.231288 0.387444 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:56.619120 0.367127 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:56.986699 0.110856 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:57.097893 0.281874 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:57.380149 0.044636 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:57.425164 0.250546 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:57.676134 0.024532 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:57.701001 0.168706 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:57.870255 0.074493 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:57.945151 0.063864 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:20:58.009361 0.145748 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:22:15.552680 3.002571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 07:22:22.560815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:22:30.562536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:22:46.565406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:23:18.570914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:29:22.578412 3.000624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 07:29:29.585309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:29:37.586624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:29:53.589322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:30:25.595384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:36:29.601306 3.001936 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 07:36:36.608819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:36:44.610361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:37:00.613421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:37:32.619106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:43:36.626299 3.000525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 07:43:43.632616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:43:51.634831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:44:07.637401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:44:39.643421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:48:55.490856 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 07:48:55.491061 0.983271 tcp 10.0.2.109 63488 -> 24.126.254.250 9945 FSPA* 0 0 15 1685 flow=From-Botnet-V1-TCP-Established 1970/01/24 07:51:07.571654 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 07:51:07.571877 0.190985 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:07.763233 0.183094 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:07.946723 0.035122 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:07.982255 0.046465 udp 10.0.2.109 3683 <-> 87.153.122.130 4545 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.029108 0.137722 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.167176 0.147727 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.315261 0.093696 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.409320 0.065180 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.474886 0.181506 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.656748 0.037586 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.694686 0.056004 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.751108 0.046081 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.797562 0.170921 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:08.968883 0.086916 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:09.056144 0.368738 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:09.425248 0.221390 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:09.647068 0.143194 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:09.790683 0.213377 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:10.004436 0.056430 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:10.061252 0.079087 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:10.140736 0.152634 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:10.293763 0.138145 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:10.432303 0.359568 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:10.792289 0.201119 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:10.993777 0.272084 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:11.266256 0.098093 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:11.364692 0.289810 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:11.654929 0.047403 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:11.702653 0.251623 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:11.954701 0.025515 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:11.980543 0.171189 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:12.152137 0.076839 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:12.229326 0.068344 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:12.298043 0.143900 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/24 07:51:46.650959 3.000346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 07:51:53.657369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:52:01.658950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:52:17.661691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:52:49.667849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:58:53.673906 3.002204 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 07:59:00.681486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:59:08.682557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:59:24.685603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 07:59:56.691248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:06:00.697836 3.001646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 08:06:07.705227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:06:15.706735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:06:31.709698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:07:03.718949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:13:07.721303 3.002341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 08:13:14.731255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:13:22.730967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:13:38.733503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:14:10.739797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:18:56.480984 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 08:18:56.481174 0.964143 tcp 10.0.2.109 63489 -> 24.126.254.250 9945 FSPA* 0 0 15 1629 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:20:14.745747 3.001444 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 08:20:21.753174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:20:29.754729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:20:45.757329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:21:17.763651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:21:35.208970 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 08:21:35.209089 0.068226 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:35.277761 0.000000 udp 10.0.2.109 3683 -> 87.153.122.130 4545 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 08:21:53.597085 0.053566 tcp 10.0.2.109 63490 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:21:53.650930 0.054575 tcp 10.0.2.109 63491 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:21:53.705769 0.152595 tcp 10.0.2.109 63492 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:21:53.858895 0.137160 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:53.996481 0.192508 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:54.189456 0.188286 udp 10.0.2.109 3683 <-> 99.33.17.126 9919 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:54.378301 0.146409 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:54.525115 0.498110 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:55.023654 0.069195 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:55.093291 0.174473 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:55.268179 0.035527 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:55.304063 0.053223 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:55.357909 0.046970 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:55.405300 0.337629 udp 10.0.2.109 3683 <-> 223.17.68.245 8575 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:55.743307 0.161684 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:55.905390 0.085594 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:55.991679 0.147483 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:56.139633 0.136016 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:56.275985 0.214706 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:56.491086 0.059269 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:56.550831 0.081743 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:56.632979 0.372528 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:57.005846 0.153786 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:57.160072 0.147198 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:57.307658 0.111384 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:57.419407 0.215380 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:57.635243 0.262665 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:57.898335 0.289900 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:58.188649 0.047672 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:58.236708 0.245535 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:58.482602 0.023883 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:58.506809 0.172099 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:58.679320 0.142283 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:58.822018 0.070156 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:21:58.892554 0.067907 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:27:21.769586 3.011883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 08:27:28.787411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:27:36.788670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:27:52.791420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:28:24.797674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:34:28.803623 3.011831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 08:34:35.821144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:34:43.822830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:34:59.825587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:35:31.832027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:41:35.837932 3.001340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 08:41:42.845435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:41:50.846672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:42:06.849572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:42:38.856063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:48:42.861850 3.001464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 08:48:49.869487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:48:57.449685 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 08:48:57.449763 0.972819 tcp 10.0.2.109 63493 -> 24.126.254.250 9945 FSPA* 0 0 15 1804 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:48:57.870460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:49:13.880415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:49:45.879493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:52:22.735268 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 08:52:22.735496 0.000000 udp 10.0.2.109 3683 -> 87.153.122.130 4545 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 08:52:39.971223 0.054687 tcp 10.0.2.109 63494 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:52:40.026469 0.054833 tcp 10.0.2.109 63495 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:52:40.081558 0.150407 tcp 10.0.2.109 63496 -> 195.113.214.211 443 SRPA* 0 0 43 34706 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:52:40.232768 0.030025 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:40.263186 0.136569 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:40.400140 0.149065 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:40.549614 0.189468 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:40.739522 0.000000 udp 10.0.2.109 3683 -> 99.33.17.126 9919 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 08:52:57.855997 0.053566 tcp 10.0.2.109 63497 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:52:57.909827 0.052497 tcp 10.0.2.109 63498 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:52:57.962591 0.152777 tcp 10.0.2.109 63499 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:52:58.115859 0.094853 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:58.211070 0.070957 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:58.282466 0.180367 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:58.463265 0.037957 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:58.501599 0.055274 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:58.557233 0.045282 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:52:58.602905 0.000000 udp 10.0.2.109 3683 -> 223.17.68.245 8575 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 08:53:15.681821 0.054619 tcp 10.0.2.109 63500 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:53:15.736693 0.053594 tcp 10.0.2.109 63501 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:53:15.790545 0.148024 tcp 10.0.2.109 63502 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/24 08:53:15.939067 0.166195 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:16.105660 0.089365 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:16.195400 0.145897 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:16.341722 0.135379 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:16.477530 0.213264 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:16.691166 0.072642 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:16.764169 0.089570 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:16.854222 0.326792 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:17.181451 0.122835 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:17.304663 0.213635 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:17.518677 0.253126 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:17.772208 0.158610 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:17.931251 0.206345 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:18.137938 0.290449 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:18.428788 0.044342 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:18.473447 0.250850 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:18.724679 0.023575 rtcp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:18.748621 0.167784 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:18.916808 0.143515 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:19.060717 0.080829 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:53:19.141972 0.067600 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 08:55:49.885687 3.001620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 08:55:56.893151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:56:04.894776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:56:20.897437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 08:56:52.903895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:02:56.910234 3.001125 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 09:03:03.917000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:03:11.918503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:03:27.921486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:03:59.927401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:10:03.936251 3.000685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 09:10:10.941366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:10:18.942638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:10:34.945403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:11:06.951656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:17:10.959404 3.002225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 09:17:17.964943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:17:25.966483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:17:41.969202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:18:13.975528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:18:58.429245 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 09:18:58.429503 0.982835 tcp 10.0.2.109 63503 -> 24.126.254.250 9945 FSPA* 0 0 15 1624 flow=From-Botnet-V1-TCP-Established 1970/01/24 09:23:30.040348 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 09:23:30.040550 0.000000 udp 10.0.2.109 3683 -> 99.33.17.126 9919 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 09:23:46.224860 0.049015 tcp 10.0.2.109 63504 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 09:23:46.274163 0.050098 tcp 10.0.2.109 63505 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 09:23:46.324553 0.125909 tcp 10.0.2.109 63506 -> 195.113.214.211 443 SRPA* 0 0 34 24748 flow=From-Botnet-V1-TCP-Established 1970/01/24 09:23:46.451024 0.000000 udp 10.0.2.109 3683 -> 223.17.68.245 8575 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 09:24:01.946132 0.048562 tcp 10.0.2.109 63507 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 09:24:01.995001 0.049446 tcp 10.0.2.109 63508 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 09:24:02.044785 0.146995 tcp 10.0.2.109 63509 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/24 09:24:02.192376 0.144695 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:02.337550 0.150595 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:02.488516 0.031256 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:02.520113 0.189933 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:02.710484 0.180929 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:02.891791 0.042797 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:02.934936 0.058779 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:02.994242 0.044224 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:03.038895 0.070153 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:03.109491 0.088349 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:03.198402 0.184179 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:03.382988 0.087023 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:03.470416 0.146257 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:03.617020 0.135327 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:03.752767 0.219020 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:03.972233 0.084172 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:04.056770 0.087134 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:04.144331 0.213393 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:04.358117 0.264163 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:04.622664 0.159954 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:04.783014 0.356562 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:05.139980 0.110583 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:05.251067 0.144400 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:05.395851 0.283436 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:05.679654 0.044377 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:05.724435 0.255315 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:05.980100 0.086110 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:06.066608 0.170021 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:06.236993 0.065079 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:06.302705 0.681773 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:06.984963 0.075299 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:24:17.982236 3.000766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/24 09:24:24.989555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:24:32.991824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:24:48.997615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:25:20.999636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:31:25.008666 3.000613 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 09:31:32.019216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:31:40.017512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:31:56.017428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:32:28.023206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:38:32.029306 3.001737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 09:38:39.036921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:38:47.038286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:39:03.041680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:39:35.047367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:45:39.053074 3.004612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 09:45:46.060858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:45:54.062661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:46:10.067127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:46:42.071539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:48:59.419436 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 09:48:59.419520 0.965712 tcp 10.0.2.109 63510 -> 24.126.254.250 9945 FSPA* 0 0 15 1786 flow=From-Botnet-V1-TCP-Established 1970/01/24 09:52:50.086573 3.000875 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 09:52:57.090584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:53:05.091697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:53:21.094875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:53:53.101520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 09:54:20.151447 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 09:54:20.151585 0.031365 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:20.183332 0.191262 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:20.374985 0.185506 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:20.560885 0.035553 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:20.596800 0.055095 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:20.652243 0.145321 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:20.798030 0.136543 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:20.935001 0.046600 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:20.981979 0.069463 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:21.051817 0.089783 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:21.141961 0.179528 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:21.321869 0.089615 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:21.411856 0.152574 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:21.564770 0.128958 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:21.694121 0.208485 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:21.903059 0.055688 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:21.959106 0.087335 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:22.046877 0.200934 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:22.248259 0.260163 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:22.508757 0.160023 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:22.669130 0.355452 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:23.024987 0.097964 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:23.123332 0.277110 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:23.400845 0.287200 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:23.688413 0.045224 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:23.733994 0.251289 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:23.985795 0.066136 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:24.052277 0.143535 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:24.196175 0.024688 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:24.221226 0.173558 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:54:24.395171 0.073049 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/24 09:59:57.106932 3.001927 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 10:00:04.114662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:00:12.115996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:00:28.118844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:01:00.124861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:07:04.131221 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 10:07:11.138789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:07:19.139870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:07:35.142990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:08:07.148722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:14:11.155148 3.004312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 10:14:18.165391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:14:26.163980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:14:42.179894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:15:14.173008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:19:00.388532 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 10:19:00.388622 0.993494 tcp 10.0.2.109 63511 -> 24.126.254.250 9945 FSPA* 0 0 15 1663 flow=From-Botnet-V1-TCP-Established 1970/01/24 10:21:18.179168 3.001567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 10:21:25.186522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:21:33.188001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:21:49.191345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:22:21.196749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:24:53.257657 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 10:24:53.257816 0.181400 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:53.439613 0.036112 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:53.476094 0.060550 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:53.537091 0.150014 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:53.687540 0.147436 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:53.835395 0.046064 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:53.881902 0.029252 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:53.911561 0.190017 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:54.101998 0.066395 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:54.168777 0.088142 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:54.257489 0.170343 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:54.428244 0.088426 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:54.517093 0.148002 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:54.665459 0.129073 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:54.794909 0.213634 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:55.008935 0.056764 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:55.066076 0.256631 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:55.323106 0.160122 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:55.483682 0.075305 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:55.559414 0.198577 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:55.758538 0.400591 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:56.159541 0.098864 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:56.258778 0.144223 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:56.403405 0.286240 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:56.690027 0.043019 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:56.733516 0.252857 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:56.986808 0.025742 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:57.012941 0.173752 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:57.187083 0.070809 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:57.258407 0.067931 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:24:57.326712 0.140770 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:28:25.202612 3.004500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 10:28:32.210337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:28:40.211988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:28:56.215147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:29:28.221314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:35:32.227035 3.001526 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 10:35:39.234337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:35:47.235876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:36:03.238561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:36:35.244647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:42:39.251520 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 10:42:46.258457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:42:54.259690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:43:10.262607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:43:42.268968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:49:01.388340 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 10:49:01.388513 0.998411 tcp 10.0.2.109 63512 -> 24.126.254.250 9945 FSPA* 0 0 15 1763 flow=From-Botnet-V1-TCP-Established 1970/01/24 10:49:46.275426 3.001006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 10:49:53.282219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:50:01.283561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:50:17.287166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:50:49.292954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:55:08.579855 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 10:55:08.580111 0.054242 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:08.634728 0.148036 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:08.783185 0.143097 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:08.926738 0.045425 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:08.972539 0.029007 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:09.001964 0.258054 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:09.260435 0.146840 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:09.407642 0.190660 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:09.598679 0.070677 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:09.669760 0.086943 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:09.757098 0.176064 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:09.933545 0.086816 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:10.020846 0.148262 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:10.169525 0.128741 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:10.298640 0.213692 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:10.512756 0.058822 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:10.571958 0.259695 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:10.832038 0.159113 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:10.991514 0.078681 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:11.070585 0.215701 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:11.286673 0.322251 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:11.609356 0.111151 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:11.720904 0.142045 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:11.863344 0.285087 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:12.148829 0.045784 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:12.194987 0.250798 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:12.446274 0.030580 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:12.477246 0.066803 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:12.544453 0.141621 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:12.686527 0.176012 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:55:12.862925 0.075375 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/24 10:56:53.300381 3.001142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 10:57:00.307284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:57:08.308091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:57:24.311156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 10:57:56.316748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:04:00.322383 3.002117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 11:04:07.330244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:04:15.331169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:04:31.334656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:05:03.340957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:11:07.347479 3.001006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 11:11:14.354214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:11:22.355470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:11:38.358493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:12:10.364693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:18:14.370731 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 11:18:21.378236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:18:29.379378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:18:45.382487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:19:02.387513 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 11:19:02.387674 0.984201 tcp 10.0.2.109 63513 -> 24.126.254.250 9945 FSPA* 0 0 15 1765 flow=From-Botnet-V1-TCP-Established 1970/01/24 11:19:17.388568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:25:18.929132 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 11:25:18.929245 0.137952 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:19.067645 0.046131 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:19.114204 0.029051 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:19.143590 0.055348 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:19.199370 0.145923 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:19.345705 0.181062 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:19.527188 0.040053 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:19.567694 0.191558 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:19.759685 0.068926 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:19.829013 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 11:25:21.393965 3.001982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 11:25:28.401904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:25:36.403507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:25:37.937614 0.050581 tcp 10.0.2.109 63514 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 11:25:37.988416 0.050377 tcp 10.0.2.109 63515 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 11:25:38.039075 0.132037 tcp 10.0.2.109 63516 -> 195.113.214.211 443 SRPA* 0 0 40 28035 flow=From-Botnet-V1-TCP-Established 1970/01/24 11:25:38.171654 0.170130 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:38.342208 0.087284 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:38.429880 0.147123 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:38.577503 0.128069 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:38.705963 0.206777 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:38.913116 0.055196 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:38.968647 0.240642 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:39.209682 0.153415 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:39.363533 0.325305 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:39.689212 0.110860 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:39.800475 0.144615 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:39.945516 0.074241 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:40.020154 0.211944 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:40.232461 0.283148 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:40.516002 0.048979 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:40.565340 0.250097 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:40.815803 0.025369 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:40.841543 0.065002 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:40.906955 0.142062 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:41.049384 0.170072 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:41.219826 0.079063 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:25:52.406575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:26:24.411852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:32:28.419469 3.000056 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 11:32:35.427046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:32:43.427502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:32:59.434960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:33:31.439084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:39:35.442426 3.001731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 11:39:42.449848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:39:50.451247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:40:06.455238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:40:38.460463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:46:42.467123 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 11:46:49.473797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:46:57.475634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:47:13.478438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:47:45.484573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:49:03.377230 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 11:49:03.377357 1.001534 tcp 10.0.2.109 63517 -> 24.126.254.250 9945 FSPA* 0 0 14 1517 flow=From-Botnet-V1-TCP-Established 1970/01/24 11:53:49.489981 3.002085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 11:53:56.498576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:54:04.499394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:54:20.502502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:54:52.508636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 11:55:56.861914 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 11:55:56.862260 0.094149 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:56.956816 0.046025 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:57.003204 0.029264 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:57.032799 0.056255 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:57.089411 0.145456 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:57.235257 0.174574 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:57.410204 0.039421 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:57.449968 0.190991 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:57.641364 0.066441 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:57.708209 0.135970 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:57.844633 0.200294 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:58.045366 0.088829 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:58.134605 0.147214 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:58.282232 0.135076 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:58.417668 0.210083 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:58.628157 0.055204 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:58.683703 0.388629 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:59.072728 0.119340 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:59.192438 0.139538 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:59.332343 0.072887 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:59.405619 0.239728 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:59.645755 0.161304 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:55:59.807433 0.213478 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:56:00.021270 0.285250 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:56:00.306888 0.049388 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:56:00.356622 0.253977 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:56:00.611018 0.024064 udp 10.0.2.109 3683 <-> 95.208.177.238 9927 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:56:00.635373 0.065311 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:56:00.701079 0.081111 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:56:00.782542 0.141827 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/24 11:56:00.924787 0.174246 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:00:56.513481 3.002431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 12:01:03.521580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:01:11.523165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:01:27.526783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:01:59.532617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:08:03.538475 3.001470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 12:08:10.545633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:08:18.547432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:08:34.549847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:09:06.556141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:15:10.561911 3.002213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 12:15:17.569605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:15:25.571543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:15:41.574622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:16:13.587868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:19:04.386429 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 12:19:04.386531 0.989339 tcp 10.0.2.109 63518 -> 24.126.254.250 9945 FSPA* 0 0 14 1523 flow=From-Botnet-V1-TCP-Established 1970/01/24 12:22:17.587594 3.000527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 12:22:24.593622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:22:32.595314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:22:48.598196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:23:20.604268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:26:01.185768 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 12:26:01.185889 0.077834 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:01.264101 0.046096 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:01.310549 0.031408 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:01.342340 0.056878 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:01.399661 0.147357 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:01.547466 0.174775 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:01.722631 0.034814 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:01.757828 0.190541 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:01.948808 0.067926 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:02.017152 0.144811 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:02.162430 0.173885 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:02.336658 0.087118 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:02.424212 0.145601 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:02.570220 0.141946 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:02.712597 0.213504 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:02.926476 0.054323 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:02.981135 0.142684 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:03.124213 0.076340 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:03.201008 0.251041 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:03.452424 0.160487 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:03.613275 0.214826 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:03.828492 0.324718 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:04.153625 0.110611 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:04.264622 0.284373 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:04.549401 0.054073 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:04.603869 0.253857 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:04.858173 0.000000 udp 10.0.2.109 3683 -> 95.208.177.238 9927 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 12:26:20.635053 0.054609 tcp 10.0.2.109 63519 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 12:26:20.689956 0.055607 tcp 10.0.2.109 63520 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 12:26:20.745833 0.168565 tcp 10.0.2.109 63521 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/01/24 12:26:20.914918 0.066329 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:20.981687 0.074147 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:21.056268 0.144095 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:26:21.200799 0.174461 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:29:24.610790 3.000721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 12:29:31.617613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:29:39.622711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:29:55.622396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:30:27.627782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:36:31.634457 3.006274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 12:36:38.644580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:36:46.643333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:37:02.646310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:37:34.656167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:43:38.660142 2.999953 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 12:43:45.666305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:43:53.666927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:44:09.670583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:44:41.675943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:49:05.376330 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 12:49:05.376424 0.986729 tcp 10.0.2.109 63522 -> 24.126.254.250 9945 FSPA* 0 0 15 1752 flow=From-Botnet-V1-TCP-Established 1970/01/24 12:51:46.689593 3.002366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 12:51:53.702916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:52:01.698772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:52:17.702017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:52:49.707878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:56:37.357608 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 12:56:37.357768 0.000000 udp 10.0.2.109 3683 -> 95.208.177.238 9927 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 12:56:55.313045 0.052684 tcp 10.0.2.109 63523 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 12:56:55.365967 0.052990 tcp 10.0.2.109 63524 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 12:56:55.419198 0.145711 tcp 10.0.2.109 63525 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/24 12:56:55.565421 0.045216 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:55.610999 0.029232 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:55.640572 0.052489 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:55.693438 0.144047 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:55.837880 0.180965 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:56.019240 0.036028 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:56.055647 0.190649 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:56.246692 0.072176 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:56.319197 0.090266 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:56.409880 0.090897 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:56.501171 0.147174 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:56.648774 0.128622 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:56.777787 0.207228 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:56.985437 0.059729 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:57.045498 0.172973 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:57.218825 0.140966 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:57.360152 0.247228 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:57.607751 0.153259 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:57.761404 0.212839 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:57.974595 0.146110 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:58.121076 0.084426 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:58.205868 0.284568 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:58.490803 0.054009 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:58.545144 0.254761 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:58.800315 0.098636 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:58.899382 0.362105 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:59.261849 0.066382 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:59.328657 0.170078 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:59.499132 0.069989 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:56:59.569514 0.140431 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/24 12:58:53.714116 3.001664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 12:59:00.723025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:59:08.723148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:59:24.725773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 12:59:56.731677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:06:00.738487 3.001084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 13:06:07.745610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:06:15.746960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:06:31.754714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:07:03.755754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:13:07.761773 3.003319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 13:13:14.768974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:13:22.770876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:13:38.773932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:14:10.779632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:19:06.365236 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 13:19:06.365396 1.004677 tcp 10.0.2.109 63526 -> 24.126.254.250 9945 FSPA* 0 0 14 1660 flow=From-Botnet-V1-TCP-Established 1970/01/24 13:20:14.785932 3.001494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 13:20:21.793113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:20:29.794763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:20:45.797610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:21:17.803799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:27:16.440953 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 13:27:16.441101 0.053799 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:16.495268 0.146260 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:16.641953 0.182450 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:16.824862 0.045497 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:16.870817 0.029266 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:16.900491 0.035705 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:16.936632 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 13:27:21.809869 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 13:27:28.817315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:27:35.018474 0.054188 tcp 10.0.2.109 63527 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 13:27:35.072923 0.054442 tcp 10.0.2.109 63528 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 13:27:35.127614 0.153020 tcp 10.0.2.109 63529 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/24 13:27:35.281876 0.071127 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:35.353427 0.080245 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:35.434104 0.090063 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:35.524602 0.148152 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:35.673141 0.135631 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:35.809161 0.214505 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:36.024014 0.056461 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:36.080863 0.169352 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:36.250615 0.144529 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:36.395556 0.239878 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:36.635822 0.159262 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:36.795535 0.212875 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:36.818803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:27:37.008885 0.142451 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:37.151738 0.079530 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:37.231663 0.288732 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:37.520817 0.046493 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:37.567715 0.244135 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:37.812276 0.098278 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:37.910966 0.175863 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:38.087214 0.069596 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:38.157214 0.143142 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:38.300741 0.354195 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:38.655339 0.063883 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:27:52.821803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:28:24.827535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:34:28.834649 3.000577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 13:34:35.841131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:34:43.842487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:34:59.845361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:35:31.851886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:41:35.863455 3.000575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 13:41:42.866578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:41:50.867203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:42:06.869484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:42:38.876042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:48:42.881370 3.002457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 13:48:49.889564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:48:57.890776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:49:07.364792 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 13:49:07.364960 0.982100 tcp 10.0.2.109 63530 -> 24.126.254.250 9945 FSPA* 0 0 15 1788 flow=From-Botnet-V1-TCP-Established 1970/01/24 13:49:13.893753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:49:45.899845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:55:49.905704 3.001959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 13:55:56.913110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:56:04.916349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:56:20.917413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:56:52.923865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 13:57:58.327707 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 13:57:58.327869 0.189743 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:58.517970 0.142439 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:58.660826 0.184307 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:58.845517 0.044280 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:58.890397 0.030226 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:58.920941 0.035065 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:58.956309 0.054387 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:59.011056 0.084940 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:59.096411 0.147936 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:59.244749 0.141583 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:59.386714 0.212947 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:59.600139 0.076702 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:59.677214 0.086487 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:59.764063 0.056144 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:57:59.820632 0.198676 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:00.019723 0.144123 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:00.164223 0.239950 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:00.404564 0.160665 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:00.565605 0.212025 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:00.778056 0.142166 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:00.920614 0.079474 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:01.000460 0.282688 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:01.283568 0.054284 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:01.338357 0.250044 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:01.588745 0.098216 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:01.687394 0.142527 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:01.830456 0.354119 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:02.184999 0.062147 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:02.247537 0.174848 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/24 13:58:02.422766 0.076584 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:02:56.929360 3.001741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 14:03:03.937148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:03:11.938375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:03:27.941862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:03:59.947441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:10:03.954650 3.009866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 14:10:10.965566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:10:18.967086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:10:34.965369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:11:06.971535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:17:10.977376 3.001704 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 14:17:17.985654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:17:25.989373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:17:41.989376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:18:13.995564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:19:08.353973 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 14:19:08.354122 1.094761 tcp 10.0.2.109 63531 -> 24.126.254.250 9945 FSPA* 0 0 15 1787 flow=From-Botnet-V1-TCP-Established 1970/01/24 14:24:18.001674 3.007770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 14:24:25.008622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:24:33.013702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:24:49.014805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:25:21.019319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:28:27.381151 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 14:28:27.381326 0.182375 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:27.564077 0.045151 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:27.609608 0.029028 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:27.639002 0.036214 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:27.675589 0.052547 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:27.728509 0.190466 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:27.919330 0.141887 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:28.061586 0.088773 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:28.150777 0.148271 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:28.299453 0.142515 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:28.442376 0.213235 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:28.655987 0.068858 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:28.725209 0.085607 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:28.811244 0.056949 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:28.868540 0.157722 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:29.026615 0.136913 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:29.163962 0.240952 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:29.405311 0.161505 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:29.567170 0.212224 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:29.779838 0.143550 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:29.923823 0.106764 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:30.031015 0.310753 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:30.342334 0.043186 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:30.385901 0.247494 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:30.633827 0.110274 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:30.744535 0.139740 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:30.884678 0.174115 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:31.059243 0.079393 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:31.139008 0.315841 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:28:31.455214 0.066227 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:31:25.025348 3.002016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 14:31:32.032567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:31:40.039717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:31:56.043022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:32:28.043498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:38:32.050348 3.000690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 14:38:39.056844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:38:47.058657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:39:03.061660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:39:35.067348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:45:39.073196 3.001807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 14:45:46.080995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:45:54.082554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:46:10.085947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:46:42.091957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:49:09.453796 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 14:49:09.453886 0.969340 tcp 10.0.2.109 63532 -> 24.126.254.250 9945 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/01/24 14:52:49.102459 3.000926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 14:52:56.108988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:53:04.110675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:53:20.117262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:53:52.119574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 14:58:40.124144 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 14:58:40.124400 0.030607 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:40.155290 0.035498 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:40.191121 0.045777 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:40.237198 0.188645 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:40.426492 0.176593 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:40.603485 0.044241 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:40.648075 0.144891 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:40.793369 0.084992 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:40.878746 0.142992 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:41.022322 0.128952 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:41.151716 0.215393 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:41.367487 0.071980 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:41.440062 0.095833 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:41.536271 0.059659 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:41.596303 0.158377 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:41.755279 0.144579 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:41.900248 0.239673 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:42.140321 0.159783 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:42.300491 0.202773 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:42.503684 0.143684 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:42.647791 0.082196 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:42.730369 0.284979 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:43.015726 0.045132 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:43.061206 0.256001 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:43.317637 0.110509 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:43.428503 0.141503 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:43.570424 0.360393 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:43.931151 0.064403 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:43.995962 0.181809 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:58:44.178371 0.082062 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 14:59:56.125422 3.001667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 15:00:03.133109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:00:11.134671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:00:27.137617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:00:59.143869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:07:03.150252 3.000939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 15:07:10.157101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:07:18.158576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:07:34.161441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:08:06.167385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:14:10.183381 3.001882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 15:14:17.190807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:14:25.192577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:14:41.195273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:15:13.201273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:19:10.422851 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 15:19:10.423018 1.109098 tcp 10.0.2.109 63533 -> 24.126.254.250 9945 FSPA* 0 0 15 1733 flow=From-Botnet-V1-TCP-Established 1970/01/24 15:21:17.208252 3.000664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 15:21:24.214836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:21:32.216502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:21:48.219444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:22:20.225276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:28:24.231505 3.001555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 15:28:31.243666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:28:39.245169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:28:55.250512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:28:57.597088 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 15:28:57.597229 0.031148 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:57.628741 0.037518 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:57.666628 0.049312 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:57.716327 0.190673 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:57.907583 0.175882 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:58.083843 0.045248 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:58.129431 0.143997 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:58.273825 0.080805 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:58.354976 0.145455 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:58.500861 0.136064 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:58.637255 0.208071 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:58.845772 0.068429 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:58.914599 0.080258 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:58.995247 0.054360 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:59.049990 0.161295 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:59.211704 0.136946 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:59.349045 0.198042 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:59.547462 0.137629 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:59.685445 0.086785 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:28:59.772562 0.310844 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:00.083839 0.240133 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:00.324341 0.155290 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:00.480037 0.046538 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:00.526963 0.248363 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:00.775788 0.110702 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:00.886876 0.143002 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:01.030241 0.351343 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:01.381978 0.066348 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:01.448764 0.170495 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:01.619666 0.071946 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:29:27.249388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:35:31.256491 3.000505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 15:35:38.262962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:35:46.264563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:36:02.267372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:36:34.273617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:42:38.280064 3.001102 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 15:42:45.286907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:42:53.288623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:43:09.291498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:43:41.297663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:49:11.532768 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 15:49:11.532855 0.992919 tcp 10.0.2.109 63534 -> 24.126.254.250 9945 FSPA* 0 0 15 1624 flow=From-Botnet-V1-TCP-Established 1970/01/24 15:49:45.303547 3.002438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 15:49:52.310616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:50:00.312139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:50:16.315995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:50:48.321055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:56:52.328127 3.001036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 15:56:59.334746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:57:07.336496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:57:23.339228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:57:55.345780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 15:59:27.088008 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 15:59:27.088206 0.055065 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:27.143691 0.190143 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:27.334223 0.029227 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:27.363780 0.035625 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:27.399741 0.176393 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:27.576494 0.045152 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:27.622005 0.140196 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:27.762618 0.081526 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:27.844528 0.143553 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:27.988557 0.135834 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:28.124837 0.206949 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:28.332220 0.068544 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:28.401122 0.079891 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:28.481370 0.054470 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:28.536212 0.160318 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:28.696945 0.136838 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:28.834206 0.199496 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:29.034099 0.138796 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:29.173246 0.087509 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:29.261151 0.287155 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:29.548719 0.239885 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:29.789059 0.159953 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:29.949371 0.046073 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:29.995809 0.250113 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:30.246473 0.110529 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:30.357362 0.141120 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:30.498894 0.183340 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:30.682596 0.067386 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:30.750495 0.380562 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/24 15:59:31.131499 0.061828 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:03:59.351127 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 16:04:06.358754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:04:14.360158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:04:30.362967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:05:02.369019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:11:06.374801 3.002058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 16:11:13.390270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:11:21.384053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:11:37.387436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:12:09.393372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:18:13.399704 3.001224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 16:18:20.406635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:18:28.407442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:18:44.411076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:19:12.532048 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 16:19:12.532125 1.017534 tcp 10.0.2.109 63535 -> 24.126.254.250 9945 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/01/24 16:19:16.417003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:25:20.423616 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 16:25:27.432401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:25:35.431975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:25:51.435015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:26:23.441222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:29:39.953981 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 16:29:39.954296 0.055570 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:40.010295 0.189946 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:40.200639 0.029170 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:40.230380 0.036441 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:40.267216 0.182541 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:40.450158 0.045349 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:40.495963 0.143930 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:40.640306 0.084902 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:40.725574 0.148153 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:40.874118 0.142554 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:41.017111 0.208776 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:41.226461 0.073274 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:41.300094 0.079845 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:41.380366 0.056282 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:41.437039 0.158836 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:41.596264 0.143040 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:41.739691 0.218596 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:41.958662 0.285478 udp 10.0.2.109 3683 <-> 219.110.36.115 3782 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:42.244510 0.239342 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:42.484271 0.159930 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:42.644528 0.060166 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:42.705134 0.144002 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:42.849532 0.091792 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:42.941749 0.246492 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:43.188608 0.099179 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:43.288182 0.146242 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:43.434822 0.196666 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:43.631919 0.073488 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:43.705764 0.316653 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:29:44.022818 0.086747 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:32:27.446894 3.002049 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 16:32:34.454719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:32:42.455989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:32:58.459099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:33:30.464855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:39:34.471593 3.001832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 16:39:41.478573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:39:49.479335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:40:05.483379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:40:37.489146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:46:41.495088 3.001773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 16:46:48.502093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:46:56.504038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:47:12.509652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:47:44.513409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:49:13.551499 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 16:49:13.551660 1.039079 tcp 10.0.2.109 63536 -> 24.126.254.250 9945 FSPA* 0 0 15 1661 flow=From-Botnet-V1-TCP-Established 1970/01/24 16:53:48.519617 3.001479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 16:53:55.527036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:54:03.527851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:54:19.531128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:54:51.537098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 16:59:59.690330 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 16:59:59.690489 0.053880 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:59:59.744746 0.189467 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:59:59.934627 0.029445 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/24 16:59:59.964434 0.035818 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:00.000592 0.175984 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:00.177014 0.046612 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:00.224194 0.145081 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:00.369640 0.086417 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:00.456444 0.148112 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:00.604937 0.127935 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:00.733287 0.213602 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:00.947275 0.067453 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:01.015135 0.085867 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:01.101418 0.054123 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:01.155967 0.167186 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:01.323516 0.138245 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:01.462147 0.222873 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:01.685429 0.153032 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:01.838862 0.045997 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:01.885290 0.144777 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:02.030445 0.083947 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:02.114795 0.000000 udp 10.0.2.109 3683 -> 219.110.36.115 3782 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 17:00:18.147957 0.053087 tcp 10.0.2.109 63537 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 17:00:18.201328 0.053455 tcp 10.0.2.109 63538 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 17:00:18.255040 0.125452 tcp 10.0.2.109 63539 -> 195.113.214.211 443 SRPA* 0 0 33 23887 flow=From-Botnet-V1-TCP-Established 1970/01/24 17:00:18.381022 0.241091 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:18.622526 0.254678 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:18.877620 0.098073 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:18.976070 0.145547 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:19.121980 0.206627 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:19.328961 0.071061 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:19.400422 0.325645 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:19.726520 0.061328 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:00:55.543657 3.001204 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 17:01:02.550532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:01:10.552376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:01:26.554921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:01:58.560839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:08:02.567067 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 17:08:09.574587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:08:17.575836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:08:33.578817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:09:05.585341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:15:09.590793 3.002092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 17:15:16.598158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:15:24.599617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:15:40.603033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:16:12.608970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:19:14.591069 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 17:19:14.591230 1.044052 tcp 10.0.2.109 63540 -> 24.126.254.250 9945 FSPA* 0 0 15 1622 flow=From-Botnet-V1-TCP-Established 1970/01/24 17:22:16.615973 3.000743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 17:22:23.622306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:22:31.623660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:22:47.627048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:23:19.632889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:29:23.638876 3.049363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 17:29:30.668289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:29:38.657635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:29:54.660939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:30:26.666634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:30:48.038008 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 17:30:48.038162 0.000000 udp 10.0.2.109 3683 -> 219.110.36.115 3782 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 17:31:04.923884 0.052275 tcp 10.0.2.109 63541 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 17:31:04.976402 0.054083 tcp 10.0.2.109 63542 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 17:31:05.030819 0.144025 tcp 10.0.2.109 63543 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/24 17:31:05.175362 0.031185 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:05.206954 0.036255 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:05.243530 0.052387 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:05.296287 0.190468 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:05.487163 0.046118 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:05.533638 0.150641 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:05.684645 0.086901 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:05.771981 0.145606 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:05.917941 0.141823 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:06.060141 0.183201 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:06.243775 0.071417 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:06.315612 0.207869 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:06.523843 0.161980 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:06.686223 0.136505 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:06.823144 0.214494 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:07.038242 0.159948 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:07.198563 0.046973 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:07.245934 0.146246 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:07.392587 0.056237 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:07.449558 0.079990 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:07.529942 0.075759 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:07.606156 0.098176 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:07.704743 0.241247 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:07.946489 0.254359 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:08.201266 0.144429 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:08.346323 0.175387 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:08.522157 0.074214 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:08.596761 0.337770 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:31:08.934988 0.063822 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/24 17:36:30.672693 3.012013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 17:36:37.690090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:36:45.692047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:37:01.694849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:37:33.700820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:43:37.707108 3.001622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 17:43:44.714503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:43:52.715563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:44:08.718851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:44:40.725274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:49:15.640458 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 17:49:15.640614 0.980592 tcp 10.0.2.109 63544 -> 24.126.254.250 9945 FSPA* 0 0 15 1584 flow=From-Botnet-V1-TCP-Established 1970/01/24 17:51:45.738793 3.001387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 17:51:52.745984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:52:00.747807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:52:16.750621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:52:48.756510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:58:52.762352 3.001822 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 17:58:59.769792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:59:07.772485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:59:23.774959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 17:59:55.780838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:01:35.885102 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 18:01:35.885207 0.029339 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:35.914864 0.036097 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:35.951337 0.053234 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:36.004942 0.190669 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:36.196025 0.046337 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:36.242733 0.147579 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:36.390769 0.083793 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:36.474973 0.149188 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:36.624535 0.142524 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:36.767405 0.183905 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:36.951699 0.070488 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:37.022546 0.214059 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:37.237052 0.160537 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:37.398008 0.144282 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:37.542709 0.211308 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:37.754459 0.159813 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:37.914637 0.044854 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:37.959853 0.144383 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:38.104580 0.058701 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:38.163657 0.075866 rtcp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:38.239929 0.098040 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:38.338459 0.122620 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:38.461509 0.239941 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:38.701820 0.175076 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:38.877300 0.075141 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:38.952835 0.322291 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:39.275509 0.067759 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:39.343660 0.251605 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:01:39.595596 0.137714 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:05:59.786512 3.001903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 18:06:06.793963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:06:14.795269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:06:30.798423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:07:02.804375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:13:06.811446 3.000971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 18:13:13.817689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:13:21.819329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:13:37.822592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:14:09.828007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:19:16.619993 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 18:19:16.620092 1.000476 tcp 10.0.2.109 63545 -> 24.126.254.250 9945 FSPA* 0 0 15 1742 flow=From-Botnet-V1-TCP-Established 1970/01/24 18:20:13.833671 3.005989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 18:20:20.841947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:20:28.843572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:20:44.846359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:21:16.852460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:27:20.863853 3.001944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 18:27:27.866586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:27:35.867152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:27:51.870428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:28:23.877017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:31:54.890243 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 18:31:54.890443 0.051117 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:54.941971 0.029212 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:54.971549 0.490713 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:55.462635 0.191993 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:55.654992 0.046210 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:55.701603 0.147572 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:55.849641 0.084230 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:55.934341 0.163164 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:56.097942 0.134960 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:56.233291 0.184117 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:56.417833 0.066922 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:56.485122 0.216877 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:56.702361 0.160170 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:56.862960 0.138753 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:57.002165 0.213562 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:57.216123 0.160806 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:57.377297 0.043370 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:57.421006 0.144663 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:57.566107 0.055368 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:57.621843 0.095236 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:57.717504 0.076311 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:57.794247 0.098150 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:57.892765 0.239368 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:58.132504 0.170024 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:58.302912 0.072381 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:58.375724 0.247822 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:58.623968 0.148473 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:58.772842 0.360346 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:31:59.133569 0.074193 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/24 18:34:27.884195 2.999719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 18:34:34.893570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:34:42.891150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:34:58.898125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:35:30.900558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:41:34.906566 3.004707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 18:41:41.913797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:41:49.915405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:42:05.918735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:42:37.924546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:48:41.933700 2.998091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 18:48:48.937789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:48:56.940991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:49:12.942535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:49:17.629563 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 18:49:17.629700 1.009979 tcp 10.0.2.109 63546 -> 24.126.254.250 9945 FSPA* 0 0 15 1590 flow=From-Botnet-V1-TCP-Established 1970/01/24 18:49:44.948901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:55:48.954605 3.001537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 18:55:55.961581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:56:03.963414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:56:19.966071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 18:56:51.972408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:02:22.307162 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 19:02:22.307337 0.053411 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:22.361095 0.029314 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:22.390845 0.045553 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:22.436741 0.145804 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:22.582927 0.085423 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:22.668800 0.035100 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:22.704292 0.190660 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:22.895420 0.146206 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:23.042054 0.134928 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:23.177375 0.182090 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:23.359891 0.075535 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:23.435820 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 19:02:39.383331 0.030958 tcp 10.0.2.109 63547 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/24 19:02:39.414561 0.053808 tcp 10.0.2.109 63548 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/24 19:02:39.468603 0.144114 tcp 10.0.2.109 63549 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/24 19:02:39.613377 0.167631 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:39.781416 0.143764 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:39.925552 0.210198 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:40.136145 0.160193 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:40.296718 0.047116 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:40.344189 0.138026 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:40.482629 0.056169 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:40.539187 0.078009 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:40.617628 0.077827 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:40.695862 0.098024 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:40.794430 0.065627 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:40.860479 0.253754 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:41.114640 0.143979 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:41.259025 0.240478 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:41.499887 0.212087 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:41.712369 0.323899 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:42.036699 0.066767 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:02:55.979225 3.000647 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 19:03:02.988934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:03:10.988461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:03:26.990761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:03:58.995908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:10:03.002265 3.004352 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 19:10:10.009402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:10:18.010875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:10:34.013822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:11:06.020043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:17:10.026213 3.001300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 19:17:17.033701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:17:25.037212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:17:41.038112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:18:13.048418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:19:18.639101 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 19:19:18.639222 1.056853 tcp 10.0.2.109 63550 -> 24.126.254.250 9945 FSPA* 0 0 15 1577 flow=From-Botnet-V1-TCP-Established 1970/01/24 19:24:17.050034 3.001797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 19:24:24.057248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:24:32.059255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:24:48.062004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:25:20.067915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:31:24.074551 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 19:31:31.081382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:31:39.082944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:31:55.086355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:32:27.092127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:32:51.107368 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 19:32:51.107556 0.207471 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:51.315414 0.031428 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:51.347295 0.045414 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:51.393122 0.141372 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:51.534866 0.081686 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:51.616938 0.035937 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:51.653236 0.188975 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:51.842597 0.144194 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:51.987233 0.056821 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:52.044421 0.141709 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:52.186545 0.175315 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:52.362391 0.072712 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:52.435500 0.167547 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:52.603453 0.151457 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:52.755316 0.214110 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:52.969867 0.164769 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:53.135008 0.046417 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:53.181841 0.142703 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:53.324977 0.057297 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:53.382686 0.088314 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:53.471361 0.073665 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:53.545431 0.110380 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:53.656190 0.076584 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:53.733190 0.239799 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:53.973370 0.174780 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:54.148535 0.350393 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:54.499340 0.249116 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:54.748879 0.144028 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:32:54.893299 0.065869 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 19:38:31.097997 3.001867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 19:38:38.105440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:38:46.107113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:39:02.109784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:39:34.115893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:45:38.122190 3.004472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 19:45:45.129751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:45:53.131333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:46:09.133955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:46:41.142592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:49:19.698817 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 19:49:19.699014 1.050574 tcp 10.0.2.109 63551 -> 24.126.254.250 9945 FSPA* 0 0 14 1599 flow=From-Botnet-V1-TCP-Established 1970/01/24 19:52:48.151048 3.000962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 19:52:55.159062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:53:03.159091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:53:19.162293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:53:51.168350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 19:59:55.174070 3.002045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 20:00:02.181768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:00:10.183155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:00:26.186462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:00:58.192594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:03:06.256352 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 20:03:06.256521 0.207640 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:06.464516 0.031260 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:06.496183 0.046268 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:06.542827 0.146744 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:06.689976 0.086634 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:06.777006 0.035444 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:06.812790 0.193783 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:07.006957 0.150162 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:07.157513 0.055649 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:07.213546 0.135362 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:07.349311 0.175789 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:07.525536 0.068562 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:07.594466 0.159966 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:07.754809 0.149940 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:07.905140 0.212734 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:08.118411 0.160978 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:08.279802 0.045012 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:08.325187 0.143997 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:08.469543 0.059840 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:08.529784 0.087289 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:08.617469 0.082278 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:08.700099 0.098184 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:08.798691 0.073921 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:08.873115 0.245284 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:09.118842 0.250453 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:09.369680 0.145447 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:09.515549 0.068375 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:09.584313 0.167862 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:03:09.752548 0.324922 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:07:02.198317 3.001253 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 20:07:09.205742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:07:17.207302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:07:33.210250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:08:05.216153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:14:09.221993 3.001877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 20:14:16.229326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:14:24.232646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:14:40.236782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:15:12.240082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:19:20.757825 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 20:19:20.757987 1.048216 tcp 10.0.2.109 63552 -> 24.126.254.250 9945 FSPA* 0 0 15 1614 flow=From-Botnet-V1-TCP-Established 1970/01/24 20:21:16.246700 3.001149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 20:21:23.253730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:21:31.255094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:21:47.258208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:22:19.263819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:28:23.270970 3.001030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 20:28:30.277552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:28:38.278784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:28:54.287602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:29:26.287954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:33:14.148449 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 20:33:14.148603 0.045675 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:14.194673 0.146569 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:14.341578 0.092771 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:14.434755 0.035106 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:14.470342 0.192052 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:14.662780 0.208607 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:14.871778 0.029232 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:14.901315 0.159294 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:15.061040 0.054781 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:15.116168 0.148878 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:15.265425 0.181669 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:15.447541 0.067938 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:15.515861 0.161648 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:15.677946 0.145004 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:15.823382 0.230300 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.054111 0.173861 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.228385 0.046929 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.275740 0.143114 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.419250 0.055153 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.474762 0.083387 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.558503 0.082193 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.641077 0.110611 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.752048 0.072128 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.824546 0.151307 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:16.976198 0.064823 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:17.041379 0.175902 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:17.217673 0.320115 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:17.538394 0.246155 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:33:17.784947 0.405583 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/24 20:35:30.294371 3.001910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 20:35:37.301987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:35:45.303675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:36:01.306745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:36:33.312155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:42:37.317481 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 20:42:44.325422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:42:52.327534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:43:08.329745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:43:40.335761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:49:21.807816 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 20:49:21.807903 1.021067 tcp 10.0.2.109 63553 -> 24.126.254.250 9945 FSPA* 0 0 15 1740 flow=From-Botnet-V1-TCP-Established 1970/01/24 20:49:44.341356 3.002346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 20:49:51.349364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:49:59.350518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:50:15.354576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:50:47.359639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:56:51.368425 3.000315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 20:56:58.373022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:57:06.375159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:57:22.377733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 20:57:54.386609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:03:21.414687 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 21:03:21.414773 0.086532 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:21.501746 0.039686 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:21.541743 0.190477 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:21.732640 0.214852 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:21.947866 0.031423 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:21.979650 0.152719 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:22.132763 0.045983 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:22.179114 0.146122 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:22.325662 0.052093 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:22.378137 0.135701 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:22.514301 0.189932 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:22.704592 0.073463 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:22.778457 0.160163 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:22.939063 0.136011 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:23.075484 0.213922 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:23.289858 0.159860 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:23.450112 0.044381 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:23.494841 0.142588 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:23.637852 0.056123 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:23.694532 0.087776 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:23.782692 0.085688 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:23.868799 0.110747 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:23.979922 0.076611 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:24.056924 0.154556 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:24.211892 0.066163 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:24.278401 0.239388 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:24.518243 0.168690 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:24.687315 0.321544 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:25.009296 0.400195 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:03:58.389875 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 21:04:05.397190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:04:13.398953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:04:29.401462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:05:01.407701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:11:05.413621 3.001991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 21:11:12.421031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:11:20.423054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:11:36.425869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:12:08.431658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:18:12.437470 3.001852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 21:18:19.445164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:18:27.446620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:18:43.449800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:19:15.455858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:19:22.837152 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 21:19:22.837279 1.094135 tcp 10.0.2.109 63554 -> 24.126.254.250 9945 FSPA* 0 0 15 1742 flow=From-Botnet-V1-TCP-Established 1970/01/24 21:25:19.472757 2.998058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 21:25:26.469045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:25:34.470254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:25:50.473081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:26:22.479360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:32:26.485512 3.001823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 21:32:33.493016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:32:41.495029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:32:57.497766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:33:29.503249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:33:47.559984 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 21:33:47.560166 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 21:34:02.984875 0.054211 tcp 10.0.2.109 63555 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 21:34:03.039388 0.051404 tcp 10.0.2.109 63556 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 21:34:03.091070 0.142796 tcp 10.0.2.109 63557 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/24 21:34:03.234542 0.207215 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:03.442205 0.029230 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:03.471788 0.089778 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:03.561959 0.036659 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:03.599040 0.156001 udp 10.0.2.109 3683 <-> 50.100.232.30 3644 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:03.755517 0.044398 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:03.800367 0.146264 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:03.947031 0.054695 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:04.002267 0.141817 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:04.144544 0.177743 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:04.322690 0.069133 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:04.392215 0.160507 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:04.731577 0.143929 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:04.875938 0.212362 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:05.088775 0.160848 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:05.250008 0.044797 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:05.295815 0.142836 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:05.439167 0.055433 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:05.494982 0.083797 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:05.579156 0.100400 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:05.679939 0.110351 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:05.790671 0.083862 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:05.874900 0.240231 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:06.115511 0.171214 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:06.287170 0.333026 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:06.620557 0.156550 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:06.777533 0.070050 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:34:06.848016 0.243420 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/24 21:39:33.509532 3.001752 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 21:39:40.517427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:39:48.518899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:40:04.521636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:40:36.527819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:46:40.533980 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 21:46:47.541502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:46:55.542657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:47:11.545607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:47:43.552017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:49:23.936826 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 21:49:23.937011 1.010113 tcp 10.0.2.109 63558 -> 24.126.254.250 9945 FSPA* 0 0 14 1535 flow=From-Botnet-V1-TCP-Established 1970/01/24 21:53:47.560647 2.998574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 21:53:54.565115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:54:02.567052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:54:18.569694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 21:54:50.575683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:00:54.581409 3.001893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 22:01:01.591084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:01:09.590821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:01:25.593616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:01:57.599313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:04:36.738493 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 22:04:36.738576 0.188306 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:36.927331 0.209297 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:37.137070 0.028762 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:37.166231 0.087447 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:37.253987 0.036455 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:37.290813 0.000000 udp 10.0.2.109 3683 -> 50.100.232.30 3644 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 22:04:53.104048 0.053661 tcp 10.0.2.109 63559 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 22:04:53.157992 0.052288 tcp 10.0.2.109 63560 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 22:04:53.210602 0.148852 tcp 10.0.2.109 63561 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/24 22:04:53.359939 0.045761 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:53.406254 0.141107 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:53.547730 0.052827 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:53.600913 0.070744 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:53.672017 0.168200 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:53.840605 0.137203 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:53.978212 0.134846 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:54.113513 0.182953 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:54.296882 0.210348 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:54.507652 0.152138 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:54.660204 0.046515 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:54.707074 0.143695 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:54.851222 0.056267 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:54.907840 0.079677 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:54.987869 0.092962 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:55.081259 0.098091 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:55.179800 0.068338 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:55.248571 0.322127 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:55.571104 0.153176 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:55.724669 0.064002 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:55.789012 0.264222 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:56.053583 0.170657 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:04:56.224628 0.249570 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:08:01.605184 3.008301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 22:08:08.613119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:08:16.617412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:08:32.617495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:09:04.622852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:15:08.630122 3.011697 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 22:15:15.650618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:15:23.650693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:15:39.651148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:16:11.657434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:19:24.946103 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 22:19:24.946262 1.154017 tcp 10.0.2.109 63562 -> 24.126.254.250 9945 FSPA* 0 0 14 1638 flow=From-Botnet-V1-TCP-Established 1970/01/24 22:22:15.663937 3.001114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 22:22:22.671112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:22:30.672264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:22:46.675423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:23:18.681621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:29:22.687974 3.001121 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 22:29:29.694812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:29:37.696558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:29:53.699599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:30:25.705512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:35:18.446967 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 22:35:18.447057 0.000000 udp 10.0.2.109 3683 -> 50.100.232.30 3644 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 22:35:36.965026 0.053471 tcp 10.0.2.109 63563 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 22:35:37.018753 0.053547 tcp 10.0.2.109 63564 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 22:35:37.072599 0.150484 tcp 10.0.2.109 63565 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/24 22:35:37.223646 0.190922 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:37.414921 0.036986 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:37.452258 0.029243 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:37.481840 0.203038 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:37.685277 0.084041 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:37.769719 0.045285 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:37.815354 0.145455 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:37.961233 0.051291 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:38.012917 0.065582 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:38.078876 0.163419 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:38.242645 0.137267 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:38.380320 0.127837 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:38.508518 0.188153 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:38.697074 0.203265 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:38.900746 0.160451 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:39.061615 0.043954 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:39.105901 0.145939 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:39.252250 0.060766 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:39.313516 0.095673 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:39.409568 0.091896 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:39.501908 0.358313 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:39.860673 0.140817 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:40.001879 0.066386 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:40.068635 0.246158 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:40.315158 0.122712 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:40.438295 0.072120 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:40.510784 0.584955 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:35:41.096114 0.279992 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/24 22:36:29.712037 3.000767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 22:36:36.718959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:36:44.720480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:37:00.723299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:37:32.729637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:43:36.735555 3.001557 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 22:43:43.742977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:43:51.744763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:44:07.747906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:44:39.753928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:49:26.105445 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 22:49:26.106252 1.024658 tcp 10.0.2.109 63566 -> 24.126.254.250 9945 FSPA* 0 0 15 1655 flow=From-Botnet-V1-TCP-Established 1970/01/24 22:51:48.763383 3.001237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 22:51:55.770635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:52:03.771655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:52:19.775620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:52:51.781305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:58:55.787738 3.001126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 22:59:02.794103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:59:10.795978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:59:26.798953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 22:59:58.804749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:06:02.811449 3.001114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 23:06:09.698501 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 23:06:09.698647 0.190540 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:09.818497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:06:09.889635 0.035693 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:09.925780 0.029585 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:09.955802 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/24 23:06:17.819350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:06:26.754617 0.052912 tcp 10.0.2.109 63567 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/24 23:06:26.807783 0.052322 tcp 10.0.2.109 63568 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/24 23:06:26.860375 0.145648 tcp 10.0.2.109 63569 -> 195.113.214.211 443 SRPA* 0 0 56 36294 flow=From-Botnet-V1-TCP-Established 1970/01/24 23:06:27.006721 0.083040 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:27.090432 0.049873 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:27.140741 0.144778 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:27.285928 0.053902 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:27.340214 0.119484 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:27.460099 0.160632 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:27.621136 0.138148 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:27.759652 0.127826 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:27.887893 0.180471 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:28.068819 0.218287 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:28.287499 0.175400 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:28.463273 0.046380 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:28.510083 0.144578 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:28.655128 0.055214 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:28.710798 0.087788 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:28.799012 0.082775 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:28.882200 0.390065 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:29.272720 0.144150 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:29.417233 0.063957 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:29.481547 0.081163 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:29.563059 0.240719 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:29.804168 0.110212 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:29.914783 0.169592 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:30.084777 0.251266 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:06:33.827551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:07:05.828873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:13:09.834798 3.001851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 23:13:16.842266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:13:24.843444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:13:40.846798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:14:12.867723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:19:27.135546 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 23:19:27.135659 1.012531 tcp 10.0.2.109 63570 -> 24.126.254.250 9945 FSPA* 0 0 14 1690 flow=From-Botnet-V1-TCP-Established 1970/01/24 23:20:16.868839 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 23:20:23.876222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:20:31.878973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:20:47.880636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:21:19.886689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:27:23.893524 3.095754 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 23:27:30.964873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:27:38.921433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:27:54.924813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:28:26.930711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:34:30.941303 2.998199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 23:34:37.944496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:34:45.949131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:35:01.949060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:35:33.954848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:36:33.009783 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 23:36:33.009901 0.202217 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:33.212578 0.035863 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:33.248804 0.195136 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:33.444295 0.031148 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:33.475737 0.086365 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:33.562494 0.050224 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:33.613126 0.147761 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:33.761331 0.050794 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:33.812497 0.068704 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:33.881603 0.165812 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:34.047815 0.136372 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:34.184575 0.127886 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:34.312886 0.183278 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:34.496595 0.203129 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:34.700096 0.160797 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:34.861296 0.045598 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:34.907258 0.142593 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:35.050267 0.058653 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:35.109308 0.096398 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:35.206160 0.073652 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:35.280231 0.067004 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:35.347707 0.078253 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:35.426340 0.277548 udp 10.0.2.109 3683 <-> 27.251.231.18 4323 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:35.704404 0.110530 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:35.815357 0.170798 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:35.986591 0.355795 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:36.342837 0.143706 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:36:36.486960 0.254759 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/24 23:41:37.960677 3.001865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 23:41:44.967897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:41:52.969583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:42:08.973133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:42:40.979265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:48:44.984591 3.001979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 23:48:51.993897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:48:59.995467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:49:15.996940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:49:28.155127 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/24 23:49:28.155263 1.039379 tcp 10.0.2.109 63571 -> 24.126.254.250 9945 FSPA* 0 0 15 1581 flow=From-Botnet-V1-TCP-Established 1970/01/24 23:49:48.002831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:55:52.008527 3.005377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/24 23:55:59.015983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:56:07.017517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:56:23.020936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/24 23:56:55.026990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:02:59.033347 3.000984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 00:03:06.039889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:03:14.041852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:03:30.044470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:04:02.050479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:07:05.394713 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 00:07:05.394919 0.210226 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:05.605561 0.034811 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:05.640734 0.191014 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:05.832188 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 00:07:15.587205 0.000000 udp 10.0.2.109 3683 <- 94.155.230.34 9189 RSP 0 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 00:07:15.587640 0.083819 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:15.671914 0.051037 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:15.723357 0.144299 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:15.868102 0.054020 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:15.922514 0.067155 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:15.990066 0.162118 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:16.152523 0.136639 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:16.289667 0.127832 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:16.417854 0.187981 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:16.606317 0.228248 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:16.835002 0.158073 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:16.993507 0.046418 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:17.040337 0.139232 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:17.179961 0.056190 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:17.236528 0.077091 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:17.314031 0.098082 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:17.412577 0.066136 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:17.479081 0.074193 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:17.553654 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 00:07:33.907386 0.054690 tcp 10.0.2.109 63572 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 00:07:33.962353 0.052133 tcp 10.0.2.109 63573 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 00:07:34.014727 0.161422 tcp 10.0.2.109 63574 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/25 00:07:34.176782 0.110364 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:34.287535 0.171489 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:34.459473 0.254675 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:34.714555 0.334185 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:07:35.049105 0.145535 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:10:06.059409 3.013572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 00:10:13.070422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:10:21.065403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:10:37.068585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:11:09.074486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:17:13.080782 3.004081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 00:17:20.089923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:17:28.095696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:17:44.092341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:18:16.098675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:19:29.194086 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 00:19:29.194208 1.206814 tcp 10.0.2.109 63575 -> 24.126.254.250 9945 FSPA* 0 0 14 1703 flow=From-Botnet-V1-TCP-Established 1970/01/25 00:24:20.104576 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 00:24:27.112408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:24:35.113420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:24:51.116655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:25:23.128394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:31:27.128014 3.001790 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 00:31:34.136015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:31:42.137165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:31:58.140588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:32:30.151662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:37:39.972331 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 00:37:39.972490 0.000000 udp 10.0.2.109 3683 -> 27.251.231.18 4323 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 00:37:58.840759 0.052696 tcp 10.0.2.109 63576 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 00:37:58.893700 0.054041 tcp 10.0.2.109 63577 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 00:37:58.948086 0.152816 tcp 10.0.2.109 63578 -> 195.113.214.211 443 SRPA* 0 0 92 71146 flow=From-Botnet-V1-TCP-Established 1970/01/25 00:37:59.101664 0.208036 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:37:59.310277 0.045367 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:37:59.355981 0.190738 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:37:59.547076 0.031313 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:37:59.578738 0.093368 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:37:59.672480 0.054317 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:37:59.727187 0.146818 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:37:59.874511 0.052174 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:37:59.927076 0.159353 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:00.086792 0.143951 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:00.231162 0.135160 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:00.366709 0.176491 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:00.543600 0.202819 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:00.746832 0.159195 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:00.906508 0.045633 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:00.952474 0.066115 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:01.018953 0.058926 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:01.078262 0.086016 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:01.164632 0.084700 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:01.249687 0.069391 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:01.319423 0.076696 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:01.396477 0.143997 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:01.540846 0.110563 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:01.651817 0.168885 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:01.821104 0.658050 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:02.479540 0.251697 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:02.731597 0.319267 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/25 00:38:34.152722 3.001336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 00:38:41.159493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:38:49.163321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:39:05.164407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:39:37.170336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:45:41.176236 3.001628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 00:45:48.184795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:45:56.185409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:46:12.189376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:46:44.194774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:49:30.403654 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 00:49:30.403827 1.031811 tcp 10.0.2.109 63579 -> 24.126.254.250 9945 FSPA* 0 0 15 1565 flow=From-Botnet-V1-TCP-Established 1970/01/25 00:52:48.200146 3.002065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 00:52:55.207650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:53:03.211543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:53:19.212719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:53:51.218649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 00:59:55.224035 3.001995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 01:00:02.231667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:00:10.233584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:00:26.236176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:00:58.242445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:07:02.248283 3.001621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 01:07:09.255765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:07:17.259321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:07:33.260444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:08:05.266121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:08:15.451289 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 01:08:15.451440 0.208549 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:15.660414 0.046673 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:15.707525 0.190209 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:15.938848 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 01:08:32.347397 0.061718 tcp 10.0.2.109 63580 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 01:08:32.409397 0.061854 tcp 10.0.2.109 63581 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 01:08:32.471558 0.153912 tcp 10.0.2.109 63582 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/25 01:08:32.626009 0.080653 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:32.706994 0.050073 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:32.757678 0.145196 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:32.903251 0.050899 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:32.954516 0.159230 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:33.114459 0.136426 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:33.251302 0.135018 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:33.386675 0.182809 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:33.569899 0.215486 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:33.785810 0.161611 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:33.947808 0.046149 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:33.994355 0.068665 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:34.063424 0.059695 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:34.123524 0.083879 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:34.207832 0.076775 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:34.285018 0.061374 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:34.346803 0.078295 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:34.425677 0.141407 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:34.567506 0.098155 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:34.666126 0.187567 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:34.854286 0.388191 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:35.242846 0.141592 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:08:35.384848 0.249834 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:14:12.277721 3.027836 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 01:14:19.294540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:14:27.295847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:14:43.300747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:15:15.304837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:19:31.442788 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 01:19:31.442971 1.033639 tcp 10.0.2.109 63583 -> 24.126.254.250 9945 FSPA* 0 0 15 1696 flow=From-Botnet-V1-TCP-Established 1970/01/25 01:21:19.310312 3.002105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 01:21:26.317812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:21:34.319538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:21:50.321942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:22:22.328204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:28:26.333784 3.002258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 01:28:33.344204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:28:41.342914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:28:57.351475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:29:29.351796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:35:33.359217 3.000456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 01:35:40.365856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:35:48.367267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:36:04.370442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:36:36.376452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:39:00.343512 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 01:39:00.343666 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 01:39:18.972297 0.063075 tcp 10.0.2.109 63584 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 01:39:19.035602 0.063115 tcp 10.0.2.109 63585 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 01:39:19.098988 0.154195 tcp 10.0.2.109 63586 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/01/25 01:39:19.253719 0.037978 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:19.292066 0.200906 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:19.493504 0.190344 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:19.493855 2.991156 tcp 10.0.2.109 63587 -> 50.137.135.198 6430 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 01:39:19.684207 0.090154 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:19.774754 0.050996 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:19.826144 0.148321 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:19.974854 0.050731 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:20.025919 0.141734 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:20.168057 0.175377 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:20.343897 0.231007 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:20.575284 0.159202 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:20.734952 0.144554 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:20.879869 0.161821 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.042043 0.047183 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.089516 0.067083 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.157001 0.055226 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.212621 0.086391 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.299407 0.076992 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.376764 0.062300 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.439467 0.079656 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.519485 0.140856 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.660718 0.122694 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.783808 0.142307 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:21.926511 0.251940 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:22.178823 0.175310 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:22.354569 0.392555 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/25 01:39:28.493839 0.000000 tcp 10.0.2.109 63587 -> 50.137.135.198 6430 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 01:42:40.382629 3.003201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 01:42:47.389868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:42:55.391460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:43:11.394731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:43:43.400488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:49:32.482304 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 01:49:32.482518 1.058723 tcp 10.0.2.109 63588 -> 24.126.254.250 9945 FSPA* 0 0 14 1674 flow=From-Botnet-V1-TCP-Established 1970/01/25 01:49:47.410127 2.997561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 01:49:54.414305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:50:02.415311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:50:18.418512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:50:50.424566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:56:54.430736 3.000539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 01:57:01.437399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:57:09.439198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:57:25.441649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 01:57:57.448592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:04:01.454357 3.001976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 02:04:08.461766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:04:16.462610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:04:32.466472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:05:04.472430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:09:39.938572 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 02:09:39.938667 0.190036 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:40.129054 0.085547 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:40.214992 0.053597 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:40.269040 0.148180 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:40.269464 3.003713 tcp 10.0.2.109 63589 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 02:09:40.417587 0.051112 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:40.469067 0.036174 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:40.505567 0.204067 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:40.709995 0.141654 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:40.852052 0.182264 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:41.034666 0.204053 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:41.239099 0.158671 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:41.398171 0.144939 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:41.543508 0.159095 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:41.703022 0.045299 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:41.748666 0.065908 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:41.814966 0.055178 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:41.870537 0.095034 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:41.965979 0.087220 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:42.053597 0.058985 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:42.112978 0.106419 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:42.219846 0.145041 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:42.365268 0.098148 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:42.463793 0.142153 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:42.606497 0.349159 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:42.956097 0.255352 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:43.211850 0.170718 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:09:49.271535 0.000000 tcp 10.0.2.109 63589 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 02:11:08.480468 2.999577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 02:11:15.554548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:11:23.496839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:11:39.500272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:12:11.506357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:18:16.515127 3.003452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 02:18:23.520765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:18:31.522092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:18:47.525741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:19:19.531428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:19:33.542327 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 02:19:33.542440 1.043160 tcp 10.0.2.109 63590 -> 24.126.254.250 9945 FSPA* 0 0 14 1729 flow=From-Botnet-V1-TCP-Established 1970/01/25 02:25:23.537870 3.007238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 02:25:30.544942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:25:38.546091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:25:54.556849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:26:26.555663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:32:30.561264 3.021974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 02:32:37.579144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:32:45.584954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:33:01.583095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:33:33.589392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:39:37.597287 2.999832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 02:39:44.602474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:39:52.604714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:39:58.923921 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 02:39:58.924137 0.053723 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:39:58.978447 0.189248 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:39:58.978892 3.001879 tcp 10.0.2.109 63591 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 02:39:59.168095 0.087392 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:39:59.255883 0.150878 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:39:59.407153 0.049985 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:39:59.457592 0.035420 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:39:59.493406 0.208794 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:39:59.702585 0.134815 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:39:59.837806 0.181772 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:00.020084 0.230901 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:00.251374 0.159303 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:00.411095 0.143272 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:00.554752 0.160245 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:00.715469 0.046770 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:00.762642 0.074527 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:01.140090 0.054339 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:01.194926 0.087654 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:01.282966 0.393213 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:01.879514 0.059519 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:01.939459 3.472823 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:05.412774 0.145515 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:05.558766 0.098371 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:05.657629 0.144776 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:05.802904 0.168706 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:05.972037 0.347288 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:06.319721 0.246494 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/25 02:40:07.977800 0.000000 tcp 10.0.2.109 63591 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 02:40:42.235231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:41:13.740543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:47:12.230286 2.954602 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 02:47:19.136188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:47:27.018336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:47:42.781558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:48:14.316602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:49:59.635919 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 02:49:59.636126 1.036309 tcp 10.0.2.109 63592 -> 24.126.254.250 9945 FSPA* 0 0 14 1739 flow=From-Botnet-V1-TCP-Established 1970/01/25 02:54:12.800065 2.952734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 02:54:19.698657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:54:27.571859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:54:43.325494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 02:55:14.860957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:01:13.375432 2.957590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 03:01:20.274314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:01:28.161095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:01:43.920156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:02:15.430955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:08:25.786640 2.957028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 03:08:32.688485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:08:40.659654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:08:56.429426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:09:27.955324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:10:44.759387 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 03:10:44.759482 0.052689 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:44.812618 0.189368 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:44.813038 2.947995 tcp 10.0.2.109 63593 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 03:10:45.002463 0.084808 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:45.087647 0.146879 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:45.234944 0.049771 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:45.285091 0.035729 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:45.321205 0.210187 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:45.531805 0.141793 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:45.673985 0.181811 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:45.856172 0.206105 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.062769 0.157639 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.220773 0.136804 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.358034 0.159254 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.517683 0.044580 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.562600 0.093361 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.656356 0.093276 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.750052 0.062063 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.812494 0.068985 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.881872 0.057374 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:46.939658 0.145842 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:47.085899 0.143517 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:47.229802 0.098335 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:47.328540 0.146490 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:47.475397 0.182071 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:47.657939 0.358737 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:48.017055 0.252557 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:10:53.674660 0.000000 tcp 10.0.2.109 63593 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 03:15:26.504392 2.955486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 03:15:33.409129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:15:41.289715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:15:57.056218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:16:28.585865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:19:35.651236 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 03:19:35.651437 1.141689 tcp 10.0.2.109 63594 -> 24.126.254.250 9945 FSPA* 0 0 13 1625 flow=From-Botnet-V1-TCP-Established 1970/01/25 03:22:31.756778 3.001683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 03:22:38.764131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:22:46.765538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:23:02.768117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:23:34.774684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:29:38.780520 3.002613 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 03:29:45.802241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:29:53.799673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:30:09.803715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:30:41.814614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:36:45.814819 3.001598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 03:36:52.822027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:37:00.823425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:37:16.835303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:37:48.833839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:40:58.117043 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 03:40:58.117204 0.084611 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:58.202339 0.057382 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:58.202765 3.000381 tcp 10.0.2.109 63595 -> 86.137.162.190 3829 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 03:40:58.260108 0.190729 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:58.451200 0.145665 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:58.597264 0.050317 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:58.647919 0.072397 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:58.720705 0.202136 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:58.923249 0.134764 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:59.058558 0.181347 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:59.240306 0.217390 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:59.458090 0.165101 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:59.623586 0.280767 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:40:59.904716 0.152645 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.057739 0.046839 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.104936 0.086854 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.192189 0.100834 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.293460 0.061459 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.355300 0.065681 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.421335 0.055305 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.476979 0.098201 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.575513 0.143383 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.719291 0.173756 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.893466 0.073814 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:00.967634 0.142673 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:01.110687 0.361597 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:01.472730 0.248867 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/25 03:41:07.197755 0.000000 tcp 10.0.2.109 63595 -> 86.137.162.190 3829 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 03:43:52.840343 2.999712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 03:43:59.846474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:44:07.847269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:44:23.850674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:44:55.856690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:49:36.801167 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 03:49:36.801266 1.294843 tcp 10.0.2.109 63596 -> 24.126.254.250 9945 FSPA* 0 0 15 1747 flow=From-Botnet-V1-TCP-Established 1970/01/25 03:51:55.863362 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 03:52:02.870348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:52:10.873020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:52:26.875750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:52:58.881151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:59:22.895997 3.001520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 03:59:29.903730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:59:37.904709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 03:59:53.908017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:00:25.913988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:06:29.919768 3.001773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 04:06:36.926969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:06:44.928876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:07:00.931807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:07:32.937771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:11:21.125972 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 04:11:21.126269 0.188990 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:21.315632 0.149439 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:21.465578 0.049057 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:21.465999 3.004905 tcp 10.0.2.109 63597 -> 65.94.151.44 1440 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 04:11:21.515010 0.038961 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:21.554377 0.116928 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:21.671684 0.051432 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:21.723532 0.202938 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:21.926854 0.127973 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:22.055301 0.181215 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:22.236967 0.204701 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:22.442155 0.158191 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:22.600778 0.137659 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:22.738846 0.158107 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:22.897365 0.043896 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:22.941715 0.086855 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:23.028952 0.088718 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:23.118217 0.063665 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:23.182278 0.073735 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:23.256391 0.054457 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:23.311219 0.098362 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:23.409926 0.140311 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:23.554478 0.170867 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:23.725763 0.328623 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:24.054742 0.254310 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:24.309422 0.079373 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:24.389179 0.143207 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:11:30.470599 0.000000 tcp 10.0.2.109 63597 -> 65.94.151.44 1440 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 04:13:36.943850 3.001937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 04:13:43.951036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:13:51.952817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:14:07.955732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:14:39.961697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:19:38.101409 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 04:19:38.101580 4.723371 tcp 10.0.2.109 63598 -> 24.126.254.250 9945 FSPA* 0 0 16 1612 flow=From-Botnet-V1-TCP-Established 1970/01/25 04:20:45.970601 3.001868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 04:20:52.978089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:21:00.979617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:21:16.982798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:21:48.988688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:27:52.994637 3.001386 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 04:28:00.007031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:28:08.003553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:28:24.006600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:28:56.012416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:35:00.028191 3.002156 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 04:35:07.025838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:35:15.030495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:35:31.030461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:36:03.036575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:41:38.569441 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 04:41:38.569611 0.190490 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:38.760491 0.146406 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:38.907509 0.049844 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:38.907925 3.006293 tcp 10.0.2.109 63599 -> 65.94.151.44 1440 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 04:41:38.957731 0.035755 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:38.993835 0.099875 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:39.094125 0.048767 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:39.143331 0.210628 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:39.354531 0.203830 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:39.558750 0.160933 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:39.720125 0.143812 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:39.864339 0.159167 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.023959 0.135623 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.160011 0.180968 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.341379 0.046552 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.388306 0.093478 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.482349 0.072630 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.555354 0.066536 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.622301 0.069570 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.692258 0.057364 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.750007 0.110260 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:40.860666 0.143219 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:41.004327 0.169359 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:41.174148 0.068359 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:41.242943 0.142851 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:41.386215 0.322670 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:41.709246 0.252420 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 04:41:47.912534 0.000000 tcp 10.0.2.109 63599 -> 65.94.151.44 1440 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 04:42:07.042400 3.002103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 04:42:14.049935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:42:22.051544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:42:38.054424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:43:10.060953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:49:14.066511 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 04:49:21.073898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:49:29.075501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:49:42.825779 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 04:49:42.825950 1.037546 tcp 10.0.2.109 63600 -> 24.126.254.250 9945 FSPA* 0 0 14 1688 flow=From-Botnet-V1-TCP-Established 1970/01/25 04:49:45.078455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:50:17.084600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:56:21.090396 3.001435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 04:56:28.098367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:56:36.099107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:56:52.102682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 04:57:24.108650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:03:28.115253 3.000890 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 05:03:35.121916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:03:43.123228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:03:59.126772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:04:31.132530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:10:35.139791 3.000272 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 05:10:42.154733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:10:50.147059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:11:06.150379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:11:38.160610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:11:49.753395 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 05:11:49.753543 0.191203 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:49.945156 0.147441 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:50.093099 0.048845 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:50.093654 2.993871 tcp 10.0.2.109 63601 -> 65.94.151.44 1440 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 05:11:50.142474 0.036452 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:50.179354 0.088414 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:50.268149 0.055347 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:50.323868 0.207576 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:50.531851 0.218755 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:50.751013 0.160544 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:50.911965 0.135233 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.047598 0.160058 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.208087 0.142029 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.350526 0.180465 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.531406 0.046346 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.578141 0.083938 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.662480 0.084345 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.747219 0.068764 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.816365 0.068476 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.885232 0.056155 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:51.941763 0.110478 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:52.052660 0.079675 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:52.132700 0.143571 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:52.276774 0.353717 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:52.630880 0.143314 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:52.774622 0.169794 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:52.944814 0.251812 udp 10.0.2.109 3683 <-> 75.45.8.237 4457 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:11:59.086115 0.000000 tcp 10.0.2.109 63601 -> 65.94.151.44 1440 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 05:17:45.166758 3.001680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 05:17:52.173836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:18:00.175337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:18:16.178654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:18:48.186351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:19:43.865472 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 05:19:43.865569 0.998494 tcp 10.0.2.109 63602 -> 24.126.254.250 9945 FSPA* 0 0 15 1662 flow=From-Botnet-V1-TCP-Established 1970/01/25 05:24:52.191056 3.001350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 05:24:59.198070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:25:07.199601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:25:23.214786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:25:55.208446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:31:59.214662 3.001832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 05:32:06.222003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:32:14.266179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:32:30.236479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:33:02.242795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:39:06.249580 3.000957 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 05:39:13.256700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:39:21.257294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:39:37.260972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:40:09.266675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:41:59.565897 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 05:41:59.565994 0.051005 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:41:59.617804 0.036217 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:41:59.618558 3.000828 tcp 10.0.2.109 63603 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 05:41:59.654402 0.191914 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:41:59.846691 0.150952 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:41:59.998037 0.084749 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:00.083174 0.059596 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:00.143144 0.216242 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:00.359772 0.214677 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:00.574795 0.164134 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:00.739614 0.144405 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:00.884394 0.152765 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.037566 0.135190 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.173134 0.174922 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.348471 0.045063 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.393885 0.086843 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.481139 0.096824 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.578488 0.067385 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.646246 0.067925 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.714504 0.056556 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.771650 0.110696 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.882760 0.075960 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:01.959068 0.146139 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:02.105620 0.358602 rtcp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:02.464640 0.142904 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:02.607935 0.174484 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/25 05:42:02.782790 0.000000 udp 10.0.2.109 3683 -> 75.45.8.237 4457 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 05:42:08.618142 0.000000 tcp 10.0.2.109 63603 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 05:42:19.255183 0.056066 tcp 10.0.2.109 63604 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 05:42:19.311477 0.056018 tcp 10.0.2.109 63605 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 05:42:19.367724 0.128079 tcp 10.0.2.109 63606 -> 195.113.214.211 443 SRPA* 0 0 34 25568 flow=From-Botnet-V1-TCP-Established 1970/01/25 05:46:13.272391 3.001853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 05:46:20.279979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:46:28.281420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:46:44.284703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:47:16.291297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:49:44.864643 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 05:49:44.864820 0.994621 tcp 10.0.2.109 63607 -> 24.126.254.250 9945 FSPA* 0 0 14 1711 flow=From-Botnet-V1-TCP-Established 1970/01/25 05:53:20.297745 3.000978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 05:53:27.303778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:53:35.306794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:53:51.308433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 05:54:23.314931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:00:27.320678 3.001277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 06:00:34.327798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:00:42.329367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:00:58.332352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:01:30.338616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:07:34.343794 3.002155 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 06:07:41.351718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:07:49.353281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:08:05.356817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:08:37.362420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:12:46.460851 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 06:12:46.461020 0.000000 udp 10.0.2.109 3683 -> 75.45.8.237 4457 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 06:13:03.619685 0.053817 tcp 10.0.2.109 63608 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 06:13:03.673774 0.055107 tcp 10.0.2.109 63609 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 06:13:03.729124 0.151805 tcp 10.0.2.109 63610 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/25 06:13:03.881459 0.191232 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:04.073089 0.050278 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:04.123831 0.035556 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:04.124169 3.001339 tcp 10.0.2.109 63611 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 06:13:04.159772 0.000000 udp 10.0.2.109 3683 -> 86.137.162.190 2689 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 06:13:13.118595 0.000000 tcp 10.0.2.109 63611 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 06:13:20.469233 0.058059 tcp 10.0.2.109 63612 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 06:13:20.527580 0.055699 tcp 10.0.2.109 63613 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 06:13:20.583554 0.162085 tcp 10.0.2.109 63614 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/25 06:13:20.746031 0.055869 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:20.802475 0.213868 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:21.016737 0.215582 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:21.232698 0.159334 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:21.392444 0.143531 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:21.536377 0.147249 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:21.684040 0.181155 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:21.865614 0.134881 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.000835 0.153601 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.154842 0.118851 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.274115 0.081034 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.355696 0.064673 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.420776 0.075181 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.496362 0.055772 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.552468 0.110543 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.663444 0.046047 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.709935 0.141979 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:22.852323 0.172594 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:23.025325 0.142915 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:23.168685 0.070580 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:13:23.239649 0.318749 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:14:47.376966 3.001659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 06:14:54.384856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:15:02.385673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:15:18.388975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:15:50.394876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:19:45.864232 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 06:19:45.864344 1.474291 tcp 10.0.2.109 63615 -> 24.126.254.250 9945 FSPA* 0 0 14 1586 flow=From-Botnet-V1-TCP-Established 1970/01/25 06:21:55.401983 3.002080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 06:22:02.409735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:22:10.411430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:22:26.414691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:22:58.420484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:29:02.426114 3.012086 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 06:29:09.443524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:29:17.445303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:29:33.451402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:30:05.454936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:36:09.460408 3.001556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 06:36:16.467718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:36:24.469136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:36:40.472042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:37:12.478595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:43:16.484358 3.001564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 06:43:23.491515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:43:31.493307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:43:47.496228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:43:48.187650 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 06:43:48.187834 0.089890 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:48.278342 0.050584 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:48.278945 3.003567 tcp 10.0.2.109 63616 -> 86.137.162.190 3829 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 06:43:48.329302 0.192763 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:48.522600 0.037781 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:48.560755 0.204956 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:48.766132 0.055618 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:48.822263 0.207363 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:49.030038 0.161379 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:49.191775 0.144163 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:49.336299 0.146414 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:49.483191 0.181566 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:49.665165 0.135601 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:49.801244 0.153424 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:49.955081 0.080540 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:50.036006 0.091428 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:50.127824 0.065576 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:50.193772 0.069589 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:50.263778 0.047021 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:50.311151 0.143365 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:50.454884 0.174727 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:50.629999 0.146096 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:50.776537 0.081742 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:50.858694 0.358364 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:51.217451 0.056411 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:51.274221 0.098193 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/25 06:43:57.280538 0.000000 tcp 10.0.2.109 63616 -> 86.137.162.190 3829 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 06:44:19.502964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:49:47.343752 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 06:49:47.343893 0.988160 tcp 10.0.2.109 63617 -> 24.126.254.250 9945 FSPA* 0 0 15 1643 flow=From-Botnet-V1-TCP-Established 1970/01/25 06:51:34.510396 3.000976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 06:51:41.518117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:51:49.524064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:52:05.522334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:52:37.528712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:59:06.540064 3.003724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 06:59:13.547665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:59:21.549227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 06:59:37.551824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:00:09.558381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:06:13.564344 3.002791 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 07:06:20.571517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:06:28.574666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:06:44.576563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:07:16.581653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:13:20.588496 3.001159 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 07:13:27.595469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:13:35.597083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:13:51.540782 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 07:13:51.540992 0.190773 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:51.600384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:13:51.732171 0.036907 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:51.769510 0.200916 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:51.970965 0.055307 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:51.971385 2.993726 tcp 10.0.2.109 63618 -> 108.199.165.214 5163 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 07:13:52.026636 0.086628 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:52.113694 0.049625 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:52.163722 0.212046 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:52.376156 0.173139 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:52.549705 0.143198 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:52.693326 0.147618 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:52.841374 0.186389 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.028163 0.142002 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.170585 0.159175 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.330165 0.092221 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.422776 0.088636 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.511838 0.060749 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.573034 0.066421 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.639876 0.045452 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.685711 0.140238 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.826484 0.172482 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:53.999367 0.138385 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:54.138366 0.073339 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:54.212059 0.110750 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:54.323200 0.440184 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:13:54.763787 0.054607 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:14:00.973578 0.000000 tcp 10.0.2.109 63618 -> 108.199.165.214 5163 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 07:14:23.606137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:19:48.333593 0.088234 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 07:19:48.421976 1.041360 tcp 10.0.2.109 63619 -> 24.126.254.250 9945 FSPA* 0 0 14 1639 flow=From-Botnet-V1-TCP-Established 1970/01/25 07:20:28.613583 3.001798 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 07:20:35.620805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:20:43.622350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:20:59.625473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:21:31.631398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:27:35.651950 2.995909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 07:27:42.644908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:27:50.651975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:28:06.656370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:28:38.655635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:34:42.661716 3.005861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 07:34:49.672586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:34:57.670005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:35:13.678995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:35:45.679984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:41:49.685588 3.002269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 07:41:56.692781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:42:04.697855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:42:20.697085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:42:52.703258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:44:23.875339 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 07:44:23.875531 0.206664 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:24.082686 0.055629 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:24.083114 2.996239 tcp 10.0.2.109 63620 -> 108.199.165.214 5163 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 07:44:24.138682 0.088959 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:24.228024 0.046068 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:24.274444 0.213699 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:24.488606 0.191610 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:24.680595 0.035617 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:24.716569 0.158510 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:24.875486 0.136007 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:25.011961 0.144626 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:25.157016 0.180503 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:25.337941 0.135393 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:25.473746 0.159750 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:25.633921 0.091758 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:25.726086 0.089027 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:25.815513 0.067738 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:25.883644 0.070986 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:25.954967 0.047786 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:26.003158 0.142794 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:26.146407 0.170298 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:26.317064 0.140473 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:26.457897 0.077606 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:26.535920 0.057845 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:26.594198 0.110506 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:26.705069 0.386842 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/25 07:44:33.077744 0.000000 tcp 10.0.2.109 63620 -> 108.199.165.214 5163 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 07:48:56.710063 3.000868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 07:49:03.717451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:49:11.718743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:49:27.721546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:49:49.392946 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 07:49:49.393109 0.971586 tcp 10.0.2.109 63621 -> 24.126.254.250 9945 FSPA* 0 0 14 1627 flow=From-Botnet-V1-TCP-Established 1970/01/25 07:49:59.727714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:56:03.732909 3.002100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 07:56:10.741237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:56:18.742634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:56:34.745694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 07:57:06.751407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:03:10.757705 3.001573 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 08:03:17.764832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:03:25.766479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:03:41.769105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:04:13.775546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:10:17.782286 3.000675 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 08:10:24.788569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:10:32.796578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:10:48.796972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:11:20.799175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:14:35.458987 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 08:14:35.459109 0.087677 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:35.547268 0.046079 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:35.547666 3.005442 tcp 10.0.2.109 63622 -> 86.137.162.190 3829 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 08:14:35.593687 0.212558 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:35.806670 0.190826 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:35.997935 0.037471 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:36.035797 0.170805 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:36.207067 0.215797 udp 10.0.2.109 3683 <-> 108.199.165.214 9919 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:36.423272 0.054298 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:36.477969 0.142777 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:36.621258 0.145022 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:36.766676 0.183005 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:36.950097 0.135224 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:37.085718 0.152316 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:37.238415 0.088240 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:37.327047 0.076474 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:37.403879 0.069421 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:37.473656 0.068622 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:37.542633 0.046948 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:37.589949 0.141478 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:37.731837 0.171259 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:37.903542 0.141473 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:38.045403 0.078134 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:38.123898 0.061181 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:38.185443 0.110428 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:38.296220 0.350498 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:14:44.551657 0.000000 tcp 10.0.2.109 63622 -> 86.137.162.190 3829 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 08:17:24.807637 2.999592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 08:17:31.815161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:17:39.814141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:17:55.827730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:18:27.823496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:19:50.372433 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 08:19:50.372587 1.002360 tcp 10.0.2.109 63623 -> 24.126.254.250 9945 FSPA* 0 0 15 1552 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:24:31.835180 2.999276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 08:24:38.837061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:24:46.841228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:25:02.841106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:25:34.847459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:31:38.853255 3.001965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 08:31:45.860943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:31:53.862286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:32:09.865361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:32:41.871406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:38:45.878759 2.999974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 08:38:52.884613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:39:00.886056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:39:16.895457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:39:48.895999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:44:57.981691 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 08:44:57.981855 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 08:45:15.005736 0.058801 tcp 10.0.2.109 63624 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:45:15.064847 0.056523 tcp 10.0.2.109 63625 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:45:15.121648 0.134141 tcp 10.0.2.109 63626 -> 195.113.214.211 443 SRPA* 0 0 32 24078 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:45:15.256317 0.191287 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:15.448075 0.036497 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:15.448411 3.000768 tcp 10.0.2.109 63627 -> 108.206.10.122 2995 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 08:45:15.484945 0.087296 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:15.572579 0.045032 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:15.617961 0.165252 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:15.783589 0.000000 udp 10.0.2.109 3683 -> 108.199.165.214 9919 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 08:45:24.447514 0.000000 tcp 10.0.2.109 63627 -> 108.206.10.122 2995 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 08:45:34.522388 0.054166 tcp 10.0.2.109 63628 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:45:34.576734 0.056115 tcp 10.0.2.109 63629 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:45:34.633042 0.153078 tcp 10.0.2.109 63630 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:45:34.786634 0.068162 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:34.855210 0.136872 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:34.992434 0.148808 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:35.141623 0.175571 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:35.317577 0.129183 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:35.447161 0.159436 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:35.606996 0.095583 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:35.703030 0.083909 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:35.787391 0.068011 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:35.855773 0.068974 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:35.925093 0.047076 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:35.972540 0.146646 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:36.119575 0.168851 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:36.288800 0.140630 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:36.429846 0.079617 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:36.509968 0.062805 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:36.510444 4.998441 tcp 10.0.2.109 63631 -> 2.85.54.109 6858 SPA_* 0 0 380 276652 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:45:36.573109 0.097804 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:36.671294 0.323251 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/25 08:45:41.535164 4.988236 tcp 10.0.2.109 63631 -> 2.85.54.109 6858 A_PA 0 0 388 286552 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:45:46.536103 0.869576 tcp 10.0.2.109 63631 -> 2.85.54.109 6858 FPA_* 0 0 53 33639 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:45:52.901931 3.001106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 08:45:59.908554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:46:07.910521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:46:23.913357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:46:55.918932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:49:51.381610 0.000124 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 08:49:51.381826 1.046759 tcp 10.0.2.109 63632 -> 24.126.254.250 9945 FSPA* 0 0 15 1700 flow=From-Botnet-V1-TCP-Established 1970/01/25 08:52:59.925684 3.001168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 08:53:06.932494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:53:14.934007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:53:30.937499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 08:54:02.943090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:00:06.949947 3.001286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 09:00:13.956940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:00:21.958475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:00:37.961170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:01:09.967390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:07:13.973261 3.001762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 09:07:20.980863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:07:28.982043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:07:44.984954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:08:16.991077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:14:24.001941 3.000972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 09:14:31.008746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:14:39.010701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:14:55.013135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:15:27.019241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:15:51.825313 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:15:51.825417 0.213242 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:15:52.039076 0.000000 udp 10.0.2.109 3683 -> 108.199.165.214 9919 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:16:09.939177 0.055397 tcp 10.0.2.109 63633 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:16:09.994808 0.054317 tcp 10.0.2.109 63634 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:16:10.049471 0.155383 tcp 10.0.2.109 63635 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:16:10.205339 3.143147 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1261 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:10.252157 3.280605 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 4 1038 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:10.252479 2.997358 tcp 10.0.2.109 63636 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 09:16:10.460361 3.127850 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 4 1278 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:10.513653 3.262895 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 4 1118 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:10.702443 3.155745 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 4 1159 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:10.792244 3.106965 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1296 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:10.845450 3.191703 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1118 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:10.984771 3.197827 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 4 1084 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:11.132063 3.232244 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1071 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:11.313240 3.187577 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 4 1210 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:11.448616 3.213291 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1300 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:11.608175 3.144605 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 4 1276 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:11.700086 3.129665 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 4 1211 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:11.777547 3.109260 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 4 1166 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:11.845372 3.100149 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 4 1144 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:11.919770 3.201448 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 4 1192 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:12.090712 3.175356 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 4 1254 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:12.237443 3.132572 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 4 1250 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:12.315805 3.121882 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 4 1381 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:12.381374 3.155177 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 4 1061 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:12.479474 3.105627 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 4 1095 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:12.525153 3.608543 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 4 1238 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:12.669074 3.315412 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1033 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:13.088146 0.213584 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 776 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:16:16.134423 0.000000 udp 10.0.2.109 3683 -> 37.114.240.233 1609 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:16:19.244177 0.000000 tcp 10.0.2.109 63636 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 09:16:24.331543 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:16:32.113216 0.000000 udp 10.0.2.109 3683 -> 5.87.29.255 8188 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:16:39.223239 0.000000 udp 10.0.2.109 3683 -> 124.178.254.24 5780 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:16:46.944314 0.000000 udp 10.0.2.109 3683 -> 83.52.127.211 1605 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:16:53.183282 0.000000 udp 10.0.2.109 3683 -> 212.95.252.147 6485 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:16:57.929947 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:16:59.752568 0.000000 udp 10.0.2.109 3683 -> 81.136.211.210 1862 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:17:05.090803 0.000000 udp 10.0.2.109 3683 -> 199.255.216.240 8376 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:17:12.060653 0.000000 udp 10.0.2.109 3683 -> 77.10.168.132 3056 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:17:17.980053 0.000000 udp 10.0.2.109 3683 -> 86.156.248.116 2506 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:17:23.429404 0.000000 udp 10.0.2.109 3683 -> 79.23.229.46 5955 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:17:29.515880 0.000000 udp 10.0.2.109 3683 -> 76.187.242.4 2030 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:17:37.557091 0.183866 udp 10.0.2.109 3683 -> 186.6.206.219 2209 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:17:37.740957 0.000000 icmp 186.6.206.219 0x0303 -> 10.0.2.109 0xa108 URP 192 1 281 flow=Background 1970/01/25 09:17:42.432135 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:17:44.683104 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:17:50.324599 0.000000 udp 10.0.2.109 3683 -> 201.140.198.162 7741 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:17:55.422249 0.000000 udp 10.0.2.109 3683 -> 180.34.176.205 9749 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:18:03.515011 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:18:12.036879 0.000000 udp 10.0.2.109 3683 -> 84.35.129.200 5553 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:18:17.494759 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:18:24.274246 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:18:28.920929 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:18:31.013981 0.000000 udp 10.0.2.109 3683 -> 86.46.124.134 1555 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:18:40.016932 0.000000 udp 10.0.2.109 3683 -> 50.44.146.251 1368 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:18:47.778018 0.000000 udp 10.0.2.109 3683 -> 79.195.19.108 5652 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:18:55.902706 0.000000 udp 10.0.2.109 3683 -> 80.18.170.11 1253 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:19:02.118879 0.052386 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:19:02.494182 0.000000 udp 10.0.2.109 3683 -> 175.139.170.252 1775 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:19:11.091375 0.000000 udp 10.0.2.109 3683 -> 93.150.178.67 5036 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:19:15.928510 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:19:18.051515 0.000000 udp 10.0.2.109 3683 -> 200.193.122.42 4992 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:19:24.932659 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:19:31.500666 0.000000 udp 10.0.2.109 3683 -> 64.62.17.220 1422 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:19:38.852036 0.000000 udp 10.0.2.109 3683 -> 213.96.82.97 9337 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:19:46.793125 0.000000 udp 10.0.2.109 3683 -> 120.151.77.208 7160 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:19:52.390678 0.142788 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 761 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:19:52.431092 1.013288 tcp 10.0.2.109 63637 -> 24.126.254.250 9945 FSPA* 0 0 14 1717 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:19:52.547426 0.000000 udp 10.0.2.109 3683 -> 64.22.214.50 1378 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:19:59.881833 0.049574 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:19:59.952164 0.000000 udp 10.0.2.109 3683 -> 79.17.222.94 3946 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:20:05.339639 0.000000 udp 10.0.2.109 3683 -> 89.120.110.18 1684 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:20:11.207786 0.000000 udp 10.0.2.109 3683 -> 176.27.204.195 2560 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:20:19.099302 0.084179 udp 10.0.2.109 3683 <-> 2.40.112.121 6895 CON 0 0 2 724 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:20:19.194482 0.000000 udp 10.0.2.109 3683 -> 151.77.44.221 9345 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:20:27.261559 0.000000 udp 10.0.2.109 3683 -> 186.90.246.161 8695 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:20:33.389826 0.079370 udp 10.0.2.109 3683 <-> 91.6.15.116 5333 CON 0 0 2 851 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:20:33.480130 0.029814 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:20:33.519620 0.000000 udp 10.0.2.109 3683 -> 210.184.71.81 6529 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:20:37.926377 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:20:40.760903 0.000000 udp 10.0.2.109 3683 -> 95.97.246.106 8768 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:20:46.708951 0.000000 udp 10.0.2.109 3683 -> 98.110.22.118 2062 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:20:54.229846 0.000000 udp 10.0.2.109 3683 -> 109.149.163.11 8536 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:21:01.129641 0.000000 udp 10.0.2.109 3683 -> 86.180.83.50 9460 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:21:08.049807 0.000000 udp 10.0.2.109 3683 -> 71.166.245.104 7615 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:21:16.371492 0.151438 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 861 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:21:16.533287 0.413367 udp 10.0.2.109 3683 <-> 151.77.79.11 6789 CON 0 0 2 753 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:21:16.962899 0.243768 udp 10.0.2.109 3683 <-> 99.115.5.58 7013 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:21:17.224522 0.000000 udp 10.0.2.109 3683 -> 79.53.197.58 8944 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:21:25.595274 0.064825 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 805 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:21:25.671029 0.194207 udp 10.0.2.109 3683 -> 187.174.144.86 1299 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:21:25.865236 0.000000 icmp 201.96.17.29 0x0303 -> 10.0.2.109 0x1305 URP 192 1 121 flow=Background 1970/01/25 09:21:30.421507 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:21:31.026267 3.000795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 09:21:33.396095 0.000000 udp 10.0.2.109 3683 -> 2.126.125.112 9732 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:21:38.032898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:21:40.536805 0.000000 udp 10.0.2.109 3683 -> 216.54.174.26 6306 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:21:46.034598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:21:49.489331 0.000000 udp 10.0.2.109 3683 -> 86.144.151.175 4550 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:21:58.432201 0.000000 udp 10.0.2.109 3683 -> 80.162.210.9 9183 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:22:02.037183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:22:07.084885 0.174232 udp 10.0.2.109 3683 <-> 99.8.121.25 4727 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:22:07.283263 0.000000 udp 10.0.2.109 3683 -> 198.0.244.10 6156 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:22:14.545441 0.000000 udp 10.0.2.109 3683 -> 78.94.16.96 3243 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:22:19.422406 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:22:22.406685 0.000000 udp 10.0.2.109 3683 -> 108.20.54.46 7824 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:22:29.326459 0.000000 udp 10.0.2.109 3683 -> 2.86.84.21 2015 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:22:34.043232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:22:34.363774 0.000000 udp 10.0.2.109 3683 -> 2.35.133.251 4481 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:22:40.873187 0.000000 udp 10.0.2.109 3683 -> 79.15.14.142 1661 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:22:48.604737 0.171950 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 789 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:22:48.788831 0.147206 udp 10.0.2.109 3683 <-> 176.201.200.67 4198 CON 0 0 2 684 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:22:48.955138 0.069651 udp 10.0.2.109 3683 <-> 46.49.120.62 4557 CON 0 0 2 838 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:22:49.046691 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:22:57.787716 0.171214 udp 10.0.2.109 3683 <-> 108.91.54.74 1212 CON 0 0 2 702 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:22:57.968771 0.000000 udp 10.0.2.109 3683 -> 105.229.74.161 7002 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:23:03.055043 0.000000 udp 10.0.2.109 3683 -> 176.33.248.220 2292 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:23:07.921764 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:23:11.126977 0.000000 udp 10.0.2.109 3683 -> 86.8.173.209 8928 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:23:18.497359 0.194363 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:23:18.702452 0.141184 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 841 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:23:18.854273 0.047645 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:23:18.914326 0.061448 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 697 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:23:18.987369 0.161737 udp 10.0.2.109 3683 <-> 71.196.31.133 8881 CON 0 0 2 856 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:23:19.158760 0.000000 udp 10.0.2.109 3683 -> 99.228.230.225 8319 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:23:25.207122 0.000000 udp 10.0.2.109 3683 -> 84.82.18.31 8583 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:23:31.536049 0.000000 udp 10.0.2.109 3683 -> 46.47.236.43 9441 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:23:36.964671 0.000000 udp 10.0.2.109 3683 -> 86.135.82.58 2234 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:23:43.863695 0.000000 udp 10.0.2.109 3683 -> 76.25.223.228 7525 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:23:49.031727 0.000000 udp 10.0.2.109 3683 -> 109.149.136.16 9166 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:23:53.928322 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:23:57.653611 0.000000 udp 10.0.2.109 3683 -> 213.97.83.100 7153 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:24:05.585228 0.000000 udp 10.0.2.109 3683 -> 204.213.227.165 3707 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:24:12.895845 0.000000 udp 10.0.2.109 3683 -> 75.109.189.157 7538 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:24:21.308001 0.132023 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:24:21.497530 0.000000 udp 10.0.2.109 3683 -> 82.61.39.210 8562 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:24:27.997718 0.000000 udp 10.0.2.109 3683 -> 80.58.221.36 2250 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:24:34.456832 0.099015 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:24:34.670315 0.000000 udp 10.0.2.109 3683 -> 79.29.161.24 8876 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:24:39.423462 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:24:42.467816 0.000000 udp 10.0.2.109 3683 -> 93.145.70.72 4411 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:24:51.070535 0.000000 udp 10.0.2.109 3683 -> 162.201.91.41 1339 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:24:58.761635 0.000000 udp 10.0.2.109 3683 -> 209.151.54.137 1567 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:25:04.529179 0.000000 udp 10.0.2.109 3683 -> 82.53.81.214 4739 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:25:13.512168 0.272535 udp 10.0.2.109 3683 <-> 190.18.45.148 8784 CON 0 0 2 774 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:25:13.815771 0.000000 udp 10.0.2.109 3683 -> 184.69.27.214 2558 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:25:21.544044 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:25:26.421064 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:25:28.554487 0.000000 udp 10.0.2.109 3683 -> 217.226.203.110 1251 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:25:36.205444 0.000000 udp 10.0.2.109 3683 -> 88.73.135.213 9774 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:25:42.871343 0.000000 udp 10.0.2.109 3683 -> 2.26.180.111 3930 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:25:48.352763 0.000000 udp 10.0.2.109 3683 -> 89.183.6.83 3565 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:25:54.637819 0.060095 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 698 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:25:54.896380 0.000000 udp 10.0.2.109 3683 -> 200.97.254.153 3350 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:25:59.959436 0.000000 udp 10.0.2.109 3683 -> 79.15.62.57 4010 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:26:06.232356 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9986 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:26:10.924903 0.046487 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:26:14.116280 0.064250 udp 10.0.2.109 3683 <-> 88.104.139.169 8182 CON 0 0 2 811 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:26:14.212857 0.000000 udp 10.0.2.109 3683 -> 189.202.191.234 3418 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:26:21.660543 0.071825 udp 10.0.2.109 3683 <-> 93.199.173.196 5277 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:26:21.764404 0.000000 udp 10.0.2.109 3683 -> 173.21.248.92 2913 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:26:30.332923 0.048033 udp 10.0.2.109 3683 <-> 92.109.108.220 6315 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:26:30.436278 0.000000 udp 10.0.2.109 3683 -> 70.45.165.17 6961 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:26:36.181557 0.062465 udp 10.0.2.109 3683 <-> 79.132.8.181 2921 CON 0 0 2 735 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:26:36.303618 0.000000 udp 10.0.2.109 3683 -> 79.36.55.131 3545 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:26:41.639429 0.000000 udp 10.0.2.109 3683 -> 159.146.43.116 3827 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:26:48.178901 0.000000 udp 10.0.2.109 3683 -> 62.77.180.233 4057 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:26:54.267724 0.000000 udp 10.0.2.109 3683 -> 86.29.3.91 4575 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:26:58.924060 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:27:01.227995 0.000000 udp 10.0.2.109 3683 -> 64.199.148.58 3652 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:27:08.889032 0.000000 udp 10.0.2.109 3683 -> 86.30.242.182 1686 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:27:14.346516 0.000000 udp 10.0.2.109 3683 -> 78.150.106.197 2700 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:27:23.338952 0.000000 udp 10.0.2.109 3683 -> 94.134.179.211 9470 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:27:30.769999 0.082700 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:27:30.863648 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:27:38.721437 0.000000 udp 10.0.2.109 3683 -> 121.138.93.128 8841 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:27:43.428392 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:28:38.049247 3.001477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 09:28:45.056648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:28:53.058432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:29:09.061026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:29:41.067258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:35:45.078805 2.997310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 09:35:52.083604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:36:00.082259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:36:16.085057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:36:48.091366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:42:52.097639 3.001636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 09:42:59.107904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:43:07.107776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:43:23.109074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:43:55.115544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:49:53.451197 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:49:53.451399 1.111570 tcp 10.0.2.109 63638 -> 24.126.254.250 9945 FSPA* 0 0 15 1676 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:51:16.122629 3.001065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 09:51:23.129055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:51:31.131445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:51:47.133722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:52:19.139875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:58:08.563288 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 09:58:08.563387 0.045285 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:08.609130 0.087036 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:08.609541 2.997502 tcp 10.0.2.109 63639 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 09:58:08.696544 0.157860 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:08.854781 0.079649 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:08.934821 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:58:17.605221 0.000000 tcp 10.0.2.109 63639 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 09:58:27.591653 0.050621 tcp 10.0.2.109 63640 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:58:27.642512 0.049221 tcp 10.0.2.109 63641 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:58:27.692010 0.155074 tcp 10.0.2.109 63642 -> 195.113.214.211 443 SRPA* 0 0 46 40086 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:58:27.847675 0.142613 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:27.990626 0.054497 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:28.045456 0.137530 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:28.183374 0.145181 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:28.328999 0.181242 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:28.510611 0.122967 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:28.634005 0.144181 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:28.778540 0.076299 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:28.855197 0.071440 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:28.926998 0.066062 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:28.993418 0.069124 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:29.062905 0.166106 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:29.229379 0.047138 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:29.276883 0.073808 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:29.351068 0.321981 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:29.673532 0.144623 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:29.673859 2.992967 tcp 10.0.2.109 63643 -> 122.57.203.170 8388 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 09:58:29.818543 0.048552 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:29.867460 0.137115 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:30.004969 0.040318 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:30.045676 0.090776 udp 10.0.2.109 3683 <-> 2.40.112.121 6895 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:30.136851 0.029198 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:30.166432 0.068145 udp 10.0.2.109 3683 <-> 91.6.15.116 5333 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:30.234947 0.000000 udp 10.0.2.109 3683 -> 151.77.79.11 6789 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:58:38.666507 0.000000 tcp 10.0.2.109 63643 -> 122.57.203.170 8388 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/25 09:58:45.656025 0.049712 tcp 10.0.2.109 63644 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:58:45.706006 0.049112 tcp 10.0.2.109 63645 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:58:45.755301 0.148865 tcp 10.0.2.109 63646 -> 195.113.214.211 443 SRPA* 0 0 22 12874 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:58:45.904785 0.144996 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:46.050377 0.169669 udp 10.0.2.109 3683 <-> 99.115.5.58 7013 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:46.220410 0.054549 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:46.275357 0.167728 udp 10.0.2.109 3683 <-> 99.8.121.25 4727 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:46.443487 0.170757 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:46.614677 0.267638 udp 10.0.2.109 3683 <-> 176.201.200.67 4198 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:46.882723 0.076391 udp 10.0.2.109 3683 <-> 46.49.120.62 4557 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:46.959512 0.169437 udp 10.0.2.109 3683 <-> 108.91.54.74 1212 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:47.129318 0.147930 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:47.149619 3.001929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 09:58:47.277685 0.046936 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:47.324977 0.192478 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:47.517873 0.057135 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:47.575349 0.158763 udp 10.0.2.109 3683 <-> 71.196.31.133 8881 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:47.734530 0.143888 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:47.878828 0.097410 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:58:47.976650 0.000000 udp 10.0.2.109 3683 -> 190.18.45.148 8784 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:58:54.158666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:59:02.159671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:59:05.244106 0.048960 tcp 10.0.2.109 63647 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:59:05.293331 0.049577 tcp 10.0.2.109 63648 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:59:05.343141 0.153302 tcp 10.0.2.109 63649 -> 195.113.214.211 443 SRPA* 0 0 38 21716 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:59:05.496974 0.080411 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:59:05.577858 0.075848 udp 10.0.2.109 3683 <-> 88.104.139.169 8182 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:59:05.578195 4.966451 tcp 10.0.2.109 63650 -> 176.73.169.112 1959 SPA_* 0 0 717 528319 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:59:05.654072 0.000000 udp 10.0.2.109 3683 -> 93.199.173.196 5277 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 09:59:10.626378 0.896041 tcp 10.0.2.109 63650 -> 176.73.169.112 1959 FPA_* 0 0 100 68298 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:59:18.162684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 09:59:23.981204 0.060295 tcp 10.0.2.109 63651 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:59:24.041768 0.081391 tcp 10.0.2.109 63652 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:59:24.123377 0.145284 tcp 10.0.2.109 63653 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/25 09:59:24.269335 0.049885 udp 10.0.2.109 3683 <-> 92.109.108.220 6315 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:59:24.319601 0.061085 udp 10.0.2.109 3683 <-> 79.132.8.181 2921 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:59:24.381035 0.090829 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/25 09:59:50.168611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:06:07.184339 3.000822 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 10:06:14.190452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:06:22.192443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:06:38.195245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:07:10.201356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:13:14.207406 3.001647 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 10:13:21.214499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:13:29.217468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:13:45.218957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:14:17.225018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:19:54.570821 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 10:19:54.571026 0.995863 tcp 10.0.2.109 63654 -> 24.126.254.250 9945 FSPA* 0 0 15 1777 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:20:21.231093 3.001726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 10:20:28.238588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:20:36.239912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:20:52.243067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:21:24.248725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:27:28.255159 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 10:27:35.262626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:27:43.263794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:27:59.275415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:28:31.272998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:29:29.216778 0.000182 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 10:29:29.217193 0.190241 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:29:29.407865 0.000000 udp 10.0.2.109 3683 -> 151.77.79.11 6789 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 10:29:45.892470 0.054707 tcp 10.0.2.109 63655 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:29:45.947453 0.054358 tcp 10.0.2.109 63656 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:29:46.002252 0.147865 tcp 10.0.2.109 63657 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:29:46.150717 0.275230 udp 10.0.2.109 3683 <-> 190.18.45.148 8784 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:29:46.426387 0.000000 udp 10.0.2.109 3683 -> 93.199.173.196 5277 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 10:30:02.264224 0.054752 tcp 10.0.2.109 63658 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:30:02.319297 0.053904 tcp 10.0.2.109 63659 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:30:02.373470 0.199665 tcp 10.0.2.109 63660 -> 195.113.214.211 443 SRPA* 0 0 72 76950 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:30:02.574314 0.044391 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:02.619109 0.088509 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:02.707996 0.159468 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:02.867969 0.162596 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:03.031001 0.147681 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:03.179085 0.180029 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:03.359532 0.098131 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:03.458036 0.142176 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:03.600568 0.075251 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:03.676233 0.054993 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:03.731663 0.142588 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:03.874699 0.147332 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:04.022464 0.083218 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:04.106044 0.046694 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:04.153102 0.076483 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:04.229958 0.330875 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:04.561235 0.143842 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:04.705491 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 10:30:21.021294 0.054556 tcp 10.0.2.109 63661 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:30:21.076111 0.097697 tcp 10.0.2.109 63662 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:30:21.174258 0.152828 tcp 10.0.2.109 63663 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:30:21.327545 0.233215 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:21.561201 0.087284 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:21.648910 0.165982 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:21.815254 0.067773 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:21.883401 0.047456 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:21.931226 0.067435 udp 10.0.2.109 3683 <-> 91.6.15.116 5333 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:21.999049 0.029141 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:22.028600 0.000000 udp 10.0.2.109 3683 -> 2.40.112.121 6895 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 10:30:40.189039 0.054186 tcp 10.0.2.109 63664 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:30:40.243547 0.054436 tcp 10.0.2.109 63665 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:30:40.298411 0.147034 tcp 10.0.2.109 63666 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:30:40.446028 0.057351 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:40.503837 0.171567 udp 10.0.2.109 3683 <-> 99.8.121.25 4727 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:40.675802 0.162118 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:40.838355 0.143777 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:40.982514 0.169781 udp 10.0.2.109 3683 <-> 99.115.5.58 7013 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:41.152675 0.068973 udp 10.0.2.109 3683 <-> 46.49.120.62 4557 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:41.222102 0.047055 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:41.269546 0.190797 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:41.460709 0.057510 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:41.518580 0.159830 udp 10.0.2.109 3683 <-> 71.196.31.133 8881 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:41.678745 1.592180 udp 10.0.2.109 3683 <-> 176.201.200.67 4198 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:43.271313 0.155182 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:43.426867 0.169474 udp 10.0.2.109 3683 <-> 108.91.54.74 1212 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:43.596702 0.097429 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:43.694520 0.115215 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:43.810122 0.062439 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:30:43.872932 0.000000 udp 10.0.2.109 3683 -> 88.104.139.169 8182 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 10:31:02.120573 0.053314 tcp 10.0.2.109 63667 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:31:02.174266 0.057360 tcp 10.0.2.109 63668 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:31:02.231948 0.157883 tcp 10.0.2.109 63669 -> 195.113.214.211 443 SRPA* 0 0 35 18790 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:31:02.390282 0.073210 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:31:02.463918 0.046798 udp 10.0.2.109 3683 <-> 92.109.108.220 6315 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/25 10:31:02.511106 0.000000 udp 10.0.2.109 3683 -> 79.132.8.181 2921 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 10:31:20.516615 0.054300 tcp 10.0.2.109 63670 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:31:20.571170 0.053932 tcp 10.0.2.109 63671 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:31:20.625375 0.145545 tcp 10.0.2.109 63672 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:34:35.278813 3.001772 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 10:34:42.286380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:34:50.288178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:35:06.295545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:35:38.302553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:41:42.302942 3.001965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 10:41:49.310726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:41:57.311665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:42:13.315625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:42:45.321087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:48:49.326876 3.001848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 10:48:56.334609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:49:04.337091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:49:20.338406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:49:52.345458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:49:55.570153 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 10:49:55.570307 0.981546 tcp 10.0.2.109 63673 -> 24.126.254.250 9945 FSPA* 0 0 15 1804 flow=From-Botnet-V1-TCP-Established 1970/01/25 10:55:56.350817 3.001678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 10:56:03.358430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:56:11.359470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:56:27.362397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 10:56:59.368740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:01:27.735468 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 11:01:27.735581 0.054803 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:27.790771 0.080598 udp 10.0.2.109 3683 <-> 2.40.112.121 6895 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:27.871785 0.000000 udp 10.0.2.109 3683 -> 88.104.139.169 8182 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:01:43.038737 0.055432 tcp 10.0.2.109 63674 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:01:43.094472 0.054690 tcp 10.0.2.109 63675 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:01:43.149416 0.158572 tcp 10.0.2.109 63676 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:01:43.308521 0.000000 udp 10.0.2.109 3683 -> 79.132.8.181 2921 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:01:58.559572 0.053975 tcp 10.0.2.109 63677 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:01:58.613919 0.056162 tcp 10.0.2.109 63678 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:01:58.670465 0.151818 tcp 10.0.2.109 63679 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:01:58.822814 0.188445 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:59.011650 0.263560 udp 10.0.2.109 3683 <-> 190.18.45.148 8784 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:59.275557 0.044197 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:59.320058 0.166306 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:59.486781 0.090529 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:59.577711 0.098045 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:59.676167 0.053094 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:59.729647 0.128388 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:01:59.858480 0.183106 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:00.041984 0.144815 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:00.187240 0.065815 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:00.253433 0.143378 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:00.397210 0.101253 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:00.498820 0.141743 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:00.640948 0.044562 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:00.685908 0.378337 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:01.064614 0.068223 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:01.133260 0.076999 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:01.210614 0.336411 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:01.547409 0.078902 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:01.626674 0.137222 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:01.764318 0.046683 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:01.811320 0.165416 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:01.977162 0.071597 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:02.049121 0.029072 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:02.078527 0.072678 udp 10.0.2.109 3683 <-> 91.6.15.116 5333 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:02.151588 0.171663 udp 10.0.2.109 3683 <-> 99.8.121.25 4727 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:02.323685 0.060040 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:02.384145 0.169544 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:02.554066 0.000000 udp 10.0.2.109 3683 -> 46.49.120.62 4557 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:02:17.977260 0.055070 tcp 10.0.2.109 63680 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:02:18.032613 0.058125 tcp 10.0.2.109 63681 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:02:18.091051 0.155242 tcp 10.0.2.109 63682 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:02:18.246946 0.041574 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:18.288860 0.192533 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:18.481817 0.057830 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:18.539988 0.157723 udp 10.0.2.109 3683 <-> 71.196.31.133 8881 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:18.698172 0.168534 udp 10.0.2.109 3683 <-> 99.115.5.58 7013 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:18.867082 0.143757 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:19.011202 0.132548 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:19.144174 0.062031 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:19.206589 0.140610 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:19.347522 0.168918 udp 10.0.2.109 3683 <-> 108.91.54.74 1212 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:19.516788 0.000000 udp 10.0.2.109 3683 -> 176.201.200.67 4198 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:02:37.245213 0.053750 tcp 10.0.2.109 63683 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:02:37.299236 0.058209 tcp 10.0.2.109 63684 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:02:37.357712 0.182301 tcp 10.0.2.109 63685 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:02:37.540513 0.096745 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:37.637667 0.074951 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:02:37.713006 0.000000 udp 10.0.2.109 3683 -> 92.109.108.220 6315 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:02:52.807449 0.054244 tcp 10.0.2.109 63686 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:02:52.861959 0.056239 tcp 10.0.2.109 63687 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:02:52.918461 0.161702 tcp 10.0.2.109 63688 -> 195.113.214.211 443 SRPA* 0 0 33 18096 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:03:03.374819 3.001682 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 11:03:10.381775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:03:18.383726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:03:34.386877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:04:06.392706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:10:10.398858 3.001693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 11:10:17.409484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:10:25.409481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:10:41.410491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:11:13.416544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:17:17.422167 3.002678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 11:17:24.430242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:17:32.431569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:17:48.441811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:18:20.440672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:19:56.561719 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 11:19:56.561832 0.990989 tcp 10.0.2.109 63689 -> 24.126.254.250 9945 FSPA* 0 0 15 1619 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:24:24.449660 2.998475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 11:24:31.454524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:24:39.455691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:24:55.458667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:25:27.464429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:31:31.473248 2.998885 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 11:31:38.478005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:31:46.479507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:32:02.482567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:32:34.488790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:33:15.908377 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 11:33:15.908471 0.000000 udp 10.0.2.109 3683 -> 46.49.120.62 4557 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:33:33.855466 0.053879 tcp 10.0.2.109 63690 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:33:33.909594 0.056788 tcp 10.0.2.109 63691 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:33:33.966685 0.148452 tcp 10.0.2.109 63692 -> 195.113.214.211 443 SRPA* 0 0 38 21716 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:33:34.115647 0.000000 udp 10.0.2.109 3683 -> 176.201.200.67 4198 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:33:50.047902 0.054161 tcp 10.0.2.109 63693 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:33:50.102335 0.055045 tcp 10.0.2.109 63694 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:33:50.157731 0.156406 tcp 10.0.2.109 63695 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:33:50.314870 0.000000 udp 10.0.2.109 3683 -> 92.109.108.220 6315 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:34:05.961135 0.054789 tcp 10.0.2.109 63696 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:34:06.016206 0.056205 tcp 10.0.2.109 63697 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:34:06.072702 0.157216 tcp 10.0.2.109 63698 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:34:06.230476 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:34:22.033633 0.053573 tcp 10.0.2.109 63699 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:34:22.087561 0.054570 tcp 10.0.2.109 63700 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:34:22.142422 0.149704 tcp 10.0.2.109 63701 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:34:22.292792 0.080793 udp 10.0.2.109 3683 <-> 2.40.112.121 6895 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:22.373993 0.188370 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:22.562746 0.110630 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:22.673819 0.053635 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:22.727857 0.135632 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:22.863941 0.187057 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:23.051377 0.150435 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:23.202413 0.087399 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:23.290248 0.158983 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:23.449610 0.045446 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:23.495408 0.000000 udp 10.0.2.109 3683 -> 190.18.45.148 8784 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:34:41.702272 0.054221 tcp 10.0.2.109 63702 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:34:41.756783 0.054159 tcp 10.0.2.109 63703 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:34:41.811230 0.148562 tcp 10.0.2.109 63704 -> 195.113.214.211 443 SRPA* 0 0 35 22290 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:34:41.960383 0.044948 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.005741 0.138054 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.144125 0.084615 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.229124 0.074638 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.304155 0.056474 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.361001 0.141823 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.503216 0.066052 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.569704 0.144040 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.714299 0.076746 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.791449 0.168073 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:42.960016 0.067390 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:43.027884 0.036487 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:43.064679 0.067207 udp 10.0.2.109 3683 <-> 91.6.15.116 5333 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:43.132264 0.172359 udp 10.0.2.109 3683 <-> 99.8.121.25 4727 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:43.304971 0.449767 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:43.755188 0.132397 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:43.887968 0.047318 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:43.935683 0.161931 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:44.097963 0.056363 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:44.154701 0.045257 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:44.200323 0.169987 udp 10.0.2.109 3683 <-> 99.115.5.58 7013 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:44.370688 0.152167 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:44.523308 0.191569 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:44.715231 0.067189 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:44.782833 0.166022 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:44.949264 0.158649 udp 10.0.2.109 3683 <-> 71.196.31.133 8881 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:45.108351 0.060180 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:34:45.168943 0.000000 udp 10.0.2.109 3683 -> 108.91.54.74 1212 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 11:35:02.922973 0.054191 tcp 10.0.2.109 63705 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:35:02.977434 0.056892 tcp 10.0.2.109 63706 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:35:03.034599 0.169650 tcp 10.0.2.109 63707 -> 195.113.214.211 443 SRPA* 0 0 41 22612 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:35:03.204743 0.147913 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:35:03.353077 0.096733 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:35:03.450444 0.065038 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/25 11:38:38.493885 3.002978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 11:38:45.501970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:38:53.503200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:39:09.506599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:39:41.512967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:45:45.517885 3.002630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 11:45:52.525837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:46:00.527561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:46:16.530850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:46:48.537084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:49:57.558234 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 11:49:57.558418 1.010087 tcp 10.0.2.109 63708 -> 24.126.254.250 9945 FSPA* 0 0 15 1622 flow=From-Botnet-V1-TCP-Established 1970/01/25 11:52:53.543989 3.001741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 11:53:00.551546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:53:08.553220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:53:24.555851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 11:53:56.561875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:00:00.573634 2.997726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 12:00:07.575248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:00:15.576749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:00:31.579762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:01:03.585797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:05:06.935800 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 12:05:06.936011 0.041475 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:06.977838 0.000000 udp 10.0.2.109 3683 -> 190.18.45.148 8784 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:05:22.760551 0.053175 tcp 10.0.2.109 63709 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:05:22.813973 0.054861 tcp 10.0.2.109 63710 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:05:22.869114 0.151596 tcp 10.0.2.109 63711 -> 195.113.214.211 443 SRPA* 0 0 41 22634 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:05:23.021236 0.000000 udp 10.0.2.109 3683 -> 108.91.54.74 1212 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:05:41.045581 0.055481 tcp 10.0.2.109 63712 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:05:41.101354 0.054439 tcp 10.0.2.109 63713 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:05:41.156169 0.170068 tcp 10.0.2.109 63714 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:05:41.326845 0.110935 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:41.438165 0.055193 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:41.493753 0.142158 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:41.636318 0.188889 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:41.825618 0.000000 udp 10.0.2.109 3683 -> 2.40.112.121 6895 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:05:57.041477 0.054956 tcp 10.0.2.109 63715 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:05:57.096775 0.054908 tcp 10.0.2.109 63716 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:05:57.152065 0.151396 tcp 10.0.2.109 63717 -> 195.113.214.211 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:05:57.304046 0.045113 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:57.349597 0.147829 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:57.497844 0.187031 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:57.685280 0.087266 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:57.772926 0.160401 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:57.933721 0.276875 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:58.211041 0.127214 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:58.338625 0.161654 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:58.500646 0.070884 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:58.571911 0.149359 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:58.721715 0.097271 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:58.819374 0.146579 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:58.966332 0.089769 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:59.056477 0.170693 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:59.227511 0.045945 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:05:59.273840 0.000000 udp 10.0.2.109 3683 -> 91.6.15.116 5333 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:06:18.218897 0.053509 tcp 10.0.2.109 63718 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:06:18.272746 0.054239 tcp 10.0.2.109 63719 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:06:18.327245 0.150049 tcp 10.0.2.109 63720 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:06:18.477863 0.172127 udp 10.0.2.109 3683 <-> 99.8.121.25 4727 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:18.650360 0.383429 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:19.034212 0.136034 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:19.170606 0.045571 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:19.216554 0.068865 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:19.285822 0.029362 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:19.315551 0.047278 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:19.363207 0.000000 udp 10.0.2.109 3683 -> 99.115.5.58 7013 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:06:36.815524 0.102010 tcp 10.0.2.109 63721 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:06:36.917791 0.055072 tcp 10.0.2.109 63722 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:06:36.973160 0.154462 tcp 10.0.2.109 63723 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:06:37.128124 0.145385 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:37.273938 0.192059 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:37.466457 0.052983 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:37.519842 0.113180 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:37.633383 0.060777 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:37.694593 0.167314 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:37.862372 0.061460 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:37.924248 0.157696 udp 10.0.2.109 3683 <-> 71.196.31.133 8881 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:38.082487 0.058290 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:38.141194 0.348791 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:06:38.490536 0.096871 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:07:07.593264 3.000792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 12:07:14.599247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:07:22.600720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:07:38.603503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:08:10.613494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:14:15.617793 3.001004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 12:14:22.626419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:14:30.626591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:14:46.629131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:15:18.635279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:19:58.567964 0.000206 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 12:19:58.568270 0.976397 tcp 10.0.2.109 63724 -> 24.126.254.250 9945 FSPA* 0 0 15 1550 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:21:22.642114 3.000851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 12:21:29.648980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:21:37.650351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:21:53.653146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:22:25.659298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:28:29.665120 3.001816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 12:28:36.672921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:28:44.674056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:29:00.677358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:29:32.683232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:35:36.689412 3.004604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 12:35:43.696563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:35:51.699277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:36:07.701478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:36:39.707185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:36:40.638978 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 12:36:40.639154 0.000000 udp 10.0.2.109 3683 -> 2.40.112.121 6895 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:36:56.202960 0.053918 tcp 10.0.2.109 63725 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:36:56.257128 0.056404 tcp 10.0.2.109 63726 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:36:56.313787 0.146948 tcp 10.0.2.109 63727 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:36:56.461252 0.000000 udp 10.0.2.109 3683 -> 91.6.15.116 5333 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:37:13.486115 0.055053 tcp 10.0.2.109 63728 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:37:13.541408 0.054965 tcp 10.0.2.109 63729 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:37:13.596658 0.148466 tcp 10.0.2.109 63730 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:37:13.745641 0.000000 udp 10.0.2.109 3683 -> 99.115.5.58 7013 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:37:30.320743 0.053534 tcp 10.0.2.109 63731 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:37:30.374557 0.054302 tcp 10.0.2.109 63732 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:37:30.429101 0.177877 tcp 10.0.2.109 63733 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:37:30.607476 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:37:47.215559 0.053789 tcp 10.0.2.109 63734 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:37:47.269644 0.054043 tcp 10.0.2.109 63735 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:37:47.323963 0.147319 tcp 10.0.2.109 63736 -> 195.113.214.211 443 SRPA* 0 0 48 42464 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:37:47.471833 0.049109 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:47.521333 0.110314 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:47.632038 0.134973 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:47.767453 0.190457 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:47.958529 0.144736 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:48.103653 0.087678 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:48.191770 0.045412 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:48.237611 0.180659 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:48.418768 0.092385 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:48.511530 0.160645 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:48.672597 0.136031 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:48.809761 0.071021 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:48.881216 0.143752 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:49.025373 0.086179 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:49.111913 0.166090 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:49.278553 0.047268 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:49.326415 0.059508 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:49.386538 0.069281 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:49.456205 0.142105 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:49.598757 0.326107 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:49.925277 0.172430 udp 10.0.2.109 3683 <-> 99.8.121.25 4727 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:50.098121 0.030952 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:50.129511 0.040658 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:50.170585 0.047015 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:50.217959 0.243772 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:37:50.462144 0.000000 udp 10.0.2.109 3683 -> 81.130.42.60 4828 INT 0 1 90 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 12:38:06.675979 0.054261 tcp 10.0.2.109 63737 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:38:06.730589 0.054231 tcp 10.0.2.109 63738 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:38:06.785139 0.151207 tcp 10.0.2.109 63739 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:38:06.936848 0.144651 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:07.081931 0.191301 udp 10.0.2.109 3683 <-> 187.191.25.14 4408 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:07.273692 0.053078 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:07.327141 0.156520 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:07.484103 0.055948 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:07.540499 0.163850 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:07.704762 0.057477 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:07.762599 0.148102 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:07.911095 0.097090 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:08.008540 0.158217 udp 10.0.2.109 3683 <-> 71.196.31.133 8881 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:38:08.167129 0.056416 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/25 12:42:43.713402 3.001710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 12:42:50.720868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:42:58.722434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:43:14.725648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:43:46.731573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:49:50.737746 3.000989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 12:49:57.744644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:49:59.547812 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 12:49:59.547896 0.978616 tcp 10.0.2.109 63740 -> 24.126.254.250 9945 FSPA* 0 0 15 1602 flow=From-Botnet-V1-TCP-Established 1970/01/25 12:50:05.746180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:50:21.749084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:50:53.755398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:56:57.761172 3.001861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 12:57:04.771577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:57:12.770551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:57:28.773145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 12:58:00.779131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:04:04.785027 3.001837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 13:04:11.792475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:04:19.793919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:04:35.797187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:05:07.803250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:08:11.857974 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 13:08:11.858165 0.040913 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:11.899458 0.074657 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:11.974444 0.128324 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:12.103169 0.189321 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:12.292929 0.050133 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:12.343446 0.110129 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:12.453967 0.143065 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:12.597397 0.175384 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:12.773198 0.080770 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:12.854366 0.158240 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.012955 0.046091 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.059444 0.085850 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.145777 0.077220 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.223417 0.153294 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.377108 0.083083 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.460555 0.163033 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.623978 0.046565 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.670925 0.055150 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.726515 0.064359 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.791301 0.142237 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:13.933961 0.353874 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:14.288231 0.144175 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:14.432790 0.042550 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:14.475733 0.353593 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:14.829746 0.000000 udp 10.0.2.109 3683 -> 99.8.121.25 4727 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 13:08:31.768731 0.054492 tcp 10.0.2.109 63741 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:08:31.823518 0.055007 tcp 10.0.2.109 63742 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:08:31.878830 0.148881 tcp 10.0.2.109 63743 -> 195.113.214.211 443 SRPA* 0 0 23 14000 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:08:32.028228 0.031207 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:32.059791 0.042703 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:32.102893 0.149654 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:32.253005 0.000000 udp 10.0.2.109 3683 -> 187.191.25.14 4408 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 13:08:47.589379 0.054912 tcp 10.0.2.109 63744 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:08:47.644625 0.054677 tcp 10.0.2.109 63745 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:08:47.699639 0.152160 tcp 10.0.2.109 63746 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:08:47.852308 0.053671 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:47.906376 0.164814 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:48.071559 0.058295 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:48.130238 0.167705 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:48.298321 0.058549 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:48.357264 0.141756 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:48.499388 0.055734 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:48.555514 0.096943 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:08:48.652856 0.000000 udp 10.0.2.109 3683 -> 71.196.31.133 8881 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 13:09:05.665639 0.053334 tcp 10.0.2.109 63747 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:09:05.719280 0.056201 tcp 10.0.2.109 63748 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:09:05.775801 0.150359 tcp 10.0.2.109 63749 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:11:11.811016 2.999813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 13:11:18.824403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:11:26.817809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:11:42.821620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:12:14.827038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:18:18.838559 3.000323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 13:18:25.850432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:18:33.843640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:18:49.844865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:19:21.851139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:20:00.527103 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 13:20:00.527207 0.985613 tcp 10.0.2.109 63750 -> 24.126.254.250 9945 FSPA* 0 0 15 1652 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:25:25.857409 3.001227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 13:25:32.864576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:25:40.865932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:25:56.868954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:26:28.874940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:32:32.881244 3.001418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 13:32:39.888933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:32:47.890213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:33:03.893287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:33:35.898876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:39:14.135536 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 13:39:14.135799 0.000000 udp 10.0.2.109 3683 -> 99.8.121.25 4727 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 13:39:29.829429 0.054314 tcp 10.0.2.109 63751 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:39:29.883960 0.054348 tcp 10.0.2.109 63752 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:39:29.938559 0.145711 tcp 10.0.2.109 63753 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:39:30.084826 0.000000 udp 10.0.2.109 3683 -> 187.191.25.14 4408 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 13:39:39.905043 3.001624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 13:39:45.681254 0.054890 tcp 10.0.2.109 63754 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:39:45.736398 0.055649 tcp 10.0.2.109 63755 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:39:45.792306 0.146997 tcp 10.0.2.109 63756 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:39:45.939889 0.000000 udp 10.0.2.109 3683 -> 71.196.31.133 8881 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 13:39:46.912927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:39:54.913722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:40:01.794652 0.076814 tcp 10.0.2.109 63757 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:40:01.871735 0.054874 tcp 10.0.2.109 63758 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:40:01.926835 0.145287 tcp 10.0.2.109 63759 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:40:02.072625 0.047514 udp 10.0.2.109 3683 <-> 84.190.85.113 5834 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:02.120564 0.071146 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:02.192099 0.098224 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:02.290743 0.147176 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:02.438411 0.182219 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:02.621084 0.082791 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:02.704315 0.153298 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:02.858057 0.045154 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:02.903587 0.135177 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.039211 0.056381 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.095993 0.189758 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.286782 0.143014 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.430210 0.169346 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.599943 0.043708 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.644044 0.055337 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.699759 0.063102 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.763255 0.071454 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.835083 0.084956 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:03.920420 0.143931 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:04.064766 0.100906 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:04.166080 0.041493 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:04.208001 0.146121 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:04.354589 0.333155 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:04.688195 0.136036 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:04.824629 0.031171 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:04.856121 0.040730 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:04.897217 0.144669 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:05.042318 0.053224 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:05.095939 0.053887 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:05.150195 0.000000 udp 10.0.2.109 3683 -> 62.90.85.111 8996 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 13:40:10.918108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:40:20.312139 0.053085 tcp 10.0.2.109 63760 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:40:20.365436 0.054427 tcp 10.0.2.109 63761 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:40:20.420123 0.146273 tcp 10.0.2.109 63762 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:40:20.566853 0.056289 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:20.623526 0.097000 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:20.720934 0.164037 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:20.885377 0.058969 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:20.944752 0.167601 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/25 13:40:42.923332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:46:46.929615 3.001460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 13:46:53.937038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:47:01.938407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:47:17.940545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:47:49.953213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:50:01.517310 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 13:50:01.517504 0.980673 tcp 10.0.2.109 63763 -> 24.126.254.250 9945 FSPA* 0 0 14 1615 flow=From-Botnet-V1-TCP-Established 1970/01/25 13:53:53.952197 3.005267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 13:54:00.960386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:54:08.961587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:54:24.964822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 13:54:56.970882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:01:00.976938 3.001701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 14:01:07.984626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:01:15.986700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:01:31.988591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:02:03.995198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:08:22.011238 3.001589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 14:08:29.021570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:08:37.025616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:08:53.022915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:09:25.028901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:10:45.446277 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 14:10:45.446391 0.000000 udp 10.0.2.109 3683 -> 62.90.85.111 8996 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 14:11:01.431778 0.054046 tcp 10.0.2.109 63764 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:01.486092 0.054370 tcp 10.0.2.109 63765 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:01.540701 0.149972 tcp 10.0.2.109 63766 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:01.691224 0.077557 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:01.769147 0.122955 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:01.892491 0.145269 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:02.038161 0.182303 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:02.220921 0.088281 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:02.309640 0.160246 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:02.470331 0.046509 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:02.517201 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 14:11:21.066430 0.054298 tcp 10.0.2.109 63767 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:21.121006 0.055283 tcp 10.0.2.109 63768 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:21.176607 0.147043 tcp 10.0.2.109 63769 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:21.324197 0.142015 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:21.466600 0.188958 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:21.655979 0.137391 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:21.793791 0.178870 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:21.973077 0.054112 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:22.027593 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 14:11:37.479356 0.054468 tcp 10.0.2.109 63770 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:37.534079 0.054044 tcp 10.0.2.109 63771 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:37.588426 0.146410 tcp 10.0.2.109 63772 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:37.735332 0.062902 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:37.798689 0.091698 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:37.944398 0.084969 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:38.029807 0.048605 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:38.078848 0.047599 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:38.126867 0.138803 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:38.266106 0.357118 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:38.623615 0.178162 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:38.802343 0.029162 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:38.831919 0.045807 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:38.878130 0.213108 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:39.091630 0.072629 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:39.164667 0.056729 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:39.221856 0.053748 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:39.276028 0.158316 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:39.434689 0.166684 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:39.601771 0.057095 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:39.659201 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 14:11:54.965156 0.054452 tcp 10.0.2.109 63773 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:55.019858 0.054924 tcp 10.0.2.109 63774 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:55.075081 0.150734 tcp 10.0.2.109 63775 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:11:55.226343 0.096918 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:11:55.323687 0.148286 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:15:29.037549 2.999101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 14:15:36.042547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:15:44.043799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:16:00.046889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:16:32.053005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:20:02.505669 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 14:20:02.505898 0.987903 tcp 10.0.2.109 63776 -> 24.126.254.250 9945 FSPA* 0 0 15 1577 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:22:36.059122 3.001775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 14:22:43.066151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:22:51.067622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:23:07.070876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:23:39.076942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:29:43.085534 2.999201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 14:29:50.090476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:29:58.091453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:30:14.094848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:30:46.100513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:36:50.106547 3.002324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 14:36:57.114618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:37:05.115599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:37:21.118901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:37:53.127014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:42:22.472271 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 14:42:22.472451 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 14:42:41.431543 0.054109 tcp 10.0.2.109 63777 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:42:41.485926 0.053928 tcp 10.0.2.109 63778 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:42:41.540124 0.144134 tcp 10.0.2.109 63779 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:42:41.684838 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 14:42:57.923829 0.053505 tcp 10.0.2.109 63780 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:42:57.977579 0.055813 tcp 10.0.2.109 63781 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:42:58.033618 0.145284 tcp 10.0.2.109 63782 -> 195.113.214.211 443 SRPA* 0 0 37 19528 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:42:58.179398 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 14:43:17.161437 0.054617 tcp 10.0.2.109 63783 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:43:17.216305 0.054187 tcp 10.0.2.109 63784 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:43:17.270807 0.140873 tcp 10.0.2.109 63785 -> 195.113.214.211 443 SRPA* 0 0 34 15574 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:43:17.412237 0.077039 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:17.489678 0.159039 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:17.649097 0.175356 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:17.824849 0.143110 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:17.968352 0.124004 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:18.092776 0.069650 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:18.162802 0.044168 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:18.207333 0.128037 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:18.335776 0.241604 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:18.577779 0.189233 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:18.767407 0.045379 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 197 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:18.813197 0.165328 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:18.978953 0.064515 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:19.043842 0.084214 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:19.128454 0.069097 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:19.197903 0.040922 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:19.239184 0.139956 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:19.379547 0.364911 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:19.744835 0.136519 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:19.881796 0.028938 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:19.911146 0.040925 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:19.952454 0.052392 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:20.005275 0.070902 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:20.076583 0.054706 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:20.131680 0.053905 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:20.185992 0.153804 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:20.340170 0.163734 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:20.504358 0.058145 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:20.562877 0.141162 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:20.704436 0.096849 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:20.801736 0.141234 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/25 14:43:57.131022 3.001316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 14:44:04.138322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:44:12.139375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:44:28.142657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:45:00.149188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:50:03.495660 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 14:50:03.495777 0.993325 tcp 10.0.2.109 63786 -> 24.126.254.250 9945 FSPA* 0 0 15 1685 flow=From-Botnet-V1-TCP-Established 1970/01/25 14:51:57.161082 3.005653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 14:52:04.168440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:52:12.169851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:52:28.173206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:53:00.179169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:59:22.190693 3.001894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 14:59:29.198859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:59:37.199582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 14:59:53.202697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:00:25.208753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:06:29.215202 3.001727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 15:06:36.222232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:06:44.223776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:07:00.226822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:07:32.235147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:13:36.238788 3.001340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 15:13:43.246460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:13:50.387062 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 15:13:50.387207 0.175943 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:50.563542 0.144157 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:50.708087 0.099009 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:50.807544 0.170276 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:50.978276 0.097986 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:51.076598 0.066431 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:51.143397 0.045249 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:51.189055 0.127962 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:51.247588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:13:51.317420 0.137786 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:51.455626 0.188845 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:51.644907 0.046695 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:51.692005 0.165219 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:51.857629 0.061937 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:51.919989 0.082699 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:52.003077 0.081081 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:52.084608 0.041664 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:52.126669 0.163369 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:52.290657 0.383618 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:52.674644 0.198808 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:52.873832 0.032277 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:52.906667 0.037980 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:52.945077 0.050249 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:52.995711 0.071442 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:53.067601 0.056345 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:53.124371 0.053521 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:53.178533 0.149937 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:53.328905 0.168887 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:53.498198 0.059045 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:53.557630 0.145172 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:13:53.703178 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 15:14:07.250783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:14:09.949740 0.112187 tcp 10.0.2.109 63787 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:14:10.062638 0.068135 tcp 10.0.2.109 63788 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:14:10.131041 0.136088 tcp 10.0.2.109 63789 -> 195.113.214.211 443 SRPA* 0 0 63 41207 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:14:10.267671 0.140766 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:14:39.266717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:20:04.501810 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 15:20:04.501903 1.186261 tcp 10.0.2.109 63790 -> 24.126.254.250 9945 FSPA* 0 0 15 1647 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:20:45.276114 3.001210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 15:20:52.286314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:21:00.284285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:21:16.287759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:21:48.293905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:27:52.301147 3.000301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 15:27:59.306933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:28:07.308523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:28:23.311556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:28:55.317453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:34:59.323185 3.001876 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 15:35:06.333348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:35:14.332202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:35:30.335540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:36:02.341201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:42:06.347348 3.001674 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 15:42:13.354853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:42:21.356334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:42:37.359328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:43:09.365633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:44:15.039861 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 15:44:15.040130 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 15:44:30.093314 0.067338 tcp 10.0.2.109 63791 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:44:30.160880 0.068061 tcp 10.0.2.109 63792 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:44:30.229195 0.148114 tcp 10.0.2.109 63793 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:44:30.377789 0.140561 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:30.519041 0.083027 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:30.602431 0.159208 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:30.762048 0.110636 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:30.873205 0.065359 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:30.938925 0.046122 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:30.985413 0.128631 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:31.114481 0.174985 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:31.289847 0.044977 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:31.335206 0.164072 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:31.499684 0.062533 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:31.562598 0.083502 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:31.646756 0.083049 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:31.730223 0.048101 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:31.778766 0.137030 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:31.916170 0.189414 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:32.105942 0.311199 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:32.417570 0.031251 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:32.449283 0.040961 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:32.490641 0.051169 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:32.542191 0.144104 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:32.686671 0.333511 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:33.020583 0.052914 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:33.073892 0.145164 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:33.219428 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 15:44:48.570984 0.067243 tcp 10.0.2.109 63794 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:44:48.638452 0.066777 tcp 10.0.2.109 63795 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:44:48.705474 0.152375 tcp 10.0.2.109 63796 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:44:48.858562 0.057683 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:48.916693 0.141654 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:49.058782 0.054398 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:49.113630 0.084348 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:44:49.198436 0.141271 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/25 15:49:13.371229 3.003207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 15:49:20.384206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:49:28.380395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:49:44.383413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:50:05.684306 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 15:50:05.684479 1.048697 tcp 10.0.2.109 63797 -> 24.126.254.250 9945 FSPA* 0 0 14 1701 flow=From-Botnet-V1-TCP-Established 1970/01/25 15:50:16.389299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:56:20.396247 3.000747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 15:56:27.402842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:56:35.404744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:56:51.407374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 15:57:23.413131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:03:27.419552 3.001319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 16:03:34.426761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:03:42.428035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:03:58.430635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:04:30.436849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:10:34.447087 2.998060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 16:10:41.450611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:10:49.452238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:11:05.463431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:11:37.463952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:15:03.638008 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 16:15:03.638137 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 16:15:21.604928 0.067321 tcp 10.0.2.109 63798 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:15:21.672488 0.064891 tcp 10.0.2.109 63799 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:15:21.737669 0.151963 tcp 10.0.2.109 63800 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:15:21.890147 0.161546 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.052128 0.098302 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.150806 0.073098 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.224300 0.045332 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.269988 0.147752 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.418175 0.080426 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.499007 0.183203 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.682661 0.045412 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.728472 0.168312 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.897206 0.061851 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:22.959500 0.135138 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:23.095002 0.071880 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:23.167296 0.046151 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:23.213832 0.145287 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:23.359536 0.084851 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:23.444778 0.041049 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:23.486241 0.049724 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:23.536341 0.140234 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:23.676932 0.252088 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:23.929489 0.189984 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:24.119857 0.031218 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:24.151449 0.153209 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:24.305006 0.319352 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:24.624702 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 16:15:42.684973 0.063948 tcp 10.0.2.109 63801 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:15:42.749285 0.065591 tcp 10.0.2.109 63802 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:15:42.815207 0.175208 tcp 10.0.2.109 63803 -> 195.113.214.211 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:15:42.991056 0.057830 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:43.049308 0.078927 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:43.128676 0.141228 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:43.270361 0.151048 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:15:43.421754 0.060092 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:17:44.471923 3.002586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 16:17:51.478826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:17:59.480794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:18:15.483557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:18:47.497838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:20:06.734131 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 16:20:06.734266 1.029673 tcp 10.0.2.109 63804 -> 24.126.254.250 9945 FSPA* 0 0 14 1510 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:24:51.494776 3.002570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 16:24:58.502991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:25:06.504507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:25:22.507666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:25:54.513008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:31:58.520649 3.000668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 16:32:05.527052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:32:13.528721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:32:29.531103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:33:01.537600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:39:05.555734 3.009648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 16:39:12.571153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:39:20.572642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:39:36.575411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:40:08.581405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:46:06.406585 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 16:46:06.406742 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 16:46:12.587839 3.001296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 16:46:19.595466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:46:22.260869 0.065638 tcp 10.0.2.109 63805 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:46:22.326726 0.065640 tcp 10.0.2.109 63806 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:46:22.392618 0.158461 tcp 10.0.2.109 63807 -> 195.113.214.211 443 SRPA* 0 0 32 16806 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:46:22.551606 0.070480 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:22.622455 0.044357 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:22.667150 0.158328 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:22.825888 0.084375 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:22.910623 0.177056 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:23.088070 0.160158 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:23.248582 0.111215 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:23.360170 0.060451 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:23.420982 0.135776 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:23.557172 0.076702 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:23.634423 0.047268 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:23.682045 0.145610 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:23.828022 0.083484 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:23.911901 0.169575 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:24.081876 0.044845 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:24.127101 0.352196 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:24.479751 0.189389 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:24.669591 0.031072 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:24.701047 0.041029 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:24.742450 0.047865 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:24.790732 0.138603 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:24.929780 0.319144 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:25.249315 0.147244 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:25.396943 0.148439 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:25.545715 0.141574 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:25.687658 0.055003 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:25.743023 0.057592 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:25.800966 0.087685 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/25 16:46:27.596526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:46:43.599399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:47:15.605896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:50:07.763360 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 16:50:07.763564 0.999656 tcp 10.0.2.109 63808 -> 24.126.254.250 9945 FSPA* 0 0 15 1756 flow=From-Botnet-V1-TCP-Established 1970/01/25 16:53:19.613962 2.999287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 16:53:26.619065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:53:34.620164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:53:50.624517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 16:54:22.629573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:00:26.635573 3.001707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 17:00:33.643156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:00:41.644746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:00:57.647380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:01:29.653368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:07:33.659759 3.001313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 17:07:40.666740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:07:48.668353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:08:04.671252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:08:36.684669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:14:46.691806 3.001904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 17:14:53.698868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:15:01.701048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:15:17.711319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:15:49.709822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:16:38.169746 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 17:16:38.169898 0.144642 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:38.314971 0.088459 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:38.403793 0.065930 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:38.470165 0.045481 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:38.516039 0.184250 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:38.700708 0.161648 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:38.862728 0.098119 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:38.961226 0.060560 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:39.022270 0.135170 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:39.157876 0.071640 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:39.229947 0.047008 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:39.277390 0.142492 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:39.420259 0.081999 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:39.502697 0.165825 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:39.668892 0.046985 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:39.716278 0.212741 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:39.929459 0.188989 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.118837 0.029072 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.148275 0.041265 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.189926 0.050012 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.240286 0.150400 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.391064 0.141195 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.532675 0.142705 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.675997 0.061484 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.737875 0.058558 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.796810 0.074689 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:40.871932 0.381508 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:16:41.253868 0.145108 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:20:08.762649 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 17:20:08.762755 1.037262 tcp 10.0.2.109 63809 -> 24.126.254.250 9945 FSPA* 0 0 15 1624 flow=From-Botnet-V1-TCP-Established 1970/01/25 17:21:55.719634 3.000845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 17:22:02.726718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:22:10.727658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:22:26.730708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:22:58.737043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:29:02.746761 2.997858 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 17:29:09.752017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:29:17.752974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:29:33.754903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:30:05.760695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:36:09.769312 2.999358 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 17:36:16.774153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:36:24.776564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:36:40.778970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:37:12.784957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:43:16.790943 3.001556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 17:43:23.798558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:43:31.799665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:43:47.802754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:44:19.808760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:46:42.534670 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 17:46:42.534755 0.067961 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:42.603099 0.045915 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:42.649371 0.182747 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:42.832542 0.150556 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:42.983509 0.077369 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:43.061273 0.153610 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:43.215303 0.110547 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:43.326451 0.060935 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:43.387732 0.127854 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:43.516009 0.077971 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:43.594364 0.040924 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:43.635711 0.143446 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:43.779539 0.081867 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:43.861795 0.182190 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:44.044405 0.045961 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:44.090728 0.345824 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:44.436976 0.189378 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:44.626766 0.028808 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:44.655924 0.046263 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:44.702545 0.049681 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:44.752632 0.142628 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:44.895661 0.140972 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:45.037051 0.058381 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:45.095826 0.085115 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:45.181317 0.327649 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:45.509441 0.149268 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:45.659063 0.142855 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:46:45.802422 0.059367 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/25 17:50:09.802893 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 17:50:09.803093 0.987012 tcp 10.0.2.109 63810 -> 24.126.254.250 9945 FSPA* 0 0 15 1692 flow=From-Botnet-V1-TCP-Established 1970/01/25 17:51:36.820318 3.001289 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 17:51:43.827297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:51:51.828910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:52:07.831706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:52:39.837432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:59:09.855420 3.000206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 17:59:16.858408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:59:24.863769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 17:59:40.862852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:00:12.869037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:06:16.875156 3.001619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 18:06:23.882608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:06:31.884435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:06:47.887361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:07:19.893333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:13:23.899436 3.001331 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 18:13:30.906656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:13:38.907725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:13:54.910856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:14:26.917119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:16:54.519675 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 18:16:54.519835 0.183878 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:54.704123 0.140041 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:54.844546 0.070285 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:54.915253 0.044624 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:54.960275 0.096703 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:55.057378 0.151835 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:55.209601 0.111212 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:55.321216 0.061988 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:55.383640 0.135145 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:55.519208 0.070455 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:55.590252 0.046033 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:55.636690 0.135931 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:55.773025 0.082193 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:55.855559 0.166137 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:56.022207 0.047282 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:56.069887 0.174573 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:56.244912 0.189046 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:56.434333 0.030793 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:56.465453 0.040647 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:56.506442 0.048386 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:56.555198 0.139998 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:56.695582 0.077785 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:56.773783 0.352478 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:57.126615 0.145039 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:57.272069 0.149468 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:57.421923 0.060644 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:57.482922 0.154966 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:16:57.638283 0.058328 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:20:10.791751 0.000190 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 18:20:10.792041 1.064244 tcp 10.0.2.109 63811 -> 24.126.254.250 9945 FSPA* 0 0 15 1552 flow=From-Botnet-V1-TCP-Established 1970/01/25 18:20:30.922793 3.001544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 18:20:37.930136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:20:45.931922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:21:01.934800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:21:33.940873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:27:37.947215 3.001254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 18:27:44.954408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:27:52.955537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:28:08.959077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:28:40.964907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:34:44.971582 3.000817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 18:34:51.978453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:34:59.979871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:35:15.982757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:35:47.989238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:41:51.995596 3.001572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 18:41:59.002513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:42:07.003984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:42:23.007345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:42:55.012749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:47:23.949576 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 18:47:23.949726 0.069711 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:24.019812 0.046046 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:24.066405 0.094199 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:24.161003 0.158766 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:24.320186 0.181870 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:24.502494 0.144069 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:24.646996 0.110496 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:24.757906 0.061283 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:24.819605 0.128101 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:24.948108 0.074008 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:25.022546 0.046931 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:25.069790 0.144142 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:25.214393 0.083611 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:25.298435 0.188014 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:25.486881 0.044875 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:25.532143 0.309109 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:25.841621 0.190306 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.032350 0.030997 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.063709 0.041185 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.105268 0.050357 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.155983 0.140881 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.297246 0.085462 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.383056 0.141083 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.524486 0.060701 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.585622 0.148324 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.734349 0.057572 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:26.792307 0.354959 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:47:27.147684 0.157786 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/25 18:48:59.019903 3.000911 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 18:49:06.025940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:49:14.028411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:49:30.030641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:50:02.036994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:50:11.861351 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 18:50:11.861447 1.007518 tcp 10.0.2.109 63812 -> 24.126.254.250 9945 FSPA* 0 0 14 1680 flow=From-Botnet-V1-TCP-Established 1970/01/25 18:56:06.043066 3.001415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 18:56:13.052557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:56:21.052030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:56:37.055728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 18:57:09.060585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:03:13.067799 3.000852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 19:03:20.074397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:03:28.075765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:03:44.078810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:04:16.084650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:10:20.091511 3.001049 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 19:10:27.097926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:10:35.099430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:10:51.102335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:11:23.108844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:17:27.116235 3.000952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 19:17:34.124404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:17:42.123347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:17:56.033888 0.000329 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 19:17:56.034335 0.070798 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:56.105554 0.045370 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:56.151314 0.095084 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:56.246780 0.162071 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:56.409241 0.175168 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:56.584825 0.143474 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:56.728820 0.110525 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:56.839806 0.063080 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:56.903341 0.135329 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:57.039108 0.069999 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:57.109475 0.040495 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:57.150542 0.134999 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:57.286071 0.083095 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:57.369559 0.170677 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:57.540657 0.045338 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:57.586378 0.194369 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:57.781167 0.188542 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:57.970162 0.030831 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:58.001371 0.041593 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:58.043355 0.049799 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:58.093471 0.143466 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:58.126568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:17:58.237356 0.084910 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:58.322648 0.142778 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:58.465885 0.059723 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:58.526044 0.141079 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:58.667491 0.057231 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:58.725098 0.336380 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:17:59.061923 0.150474 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:18:30.132825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:20:12.871054 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 19:20:12.871221 1.077865 tcp 10.0.2.109 63813 -> 24.126.254.250 9945 FSPA* 0 0 14 1639 flow=From-Botnet-V1-TCP-Established 1970/01/25 19:24:34.138561 3.001643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 19:24:41.145911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:24:49.147510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:25:05.150655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:25:37.156660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:31:41.162286 3.002227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 19:31:48.169724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:31:56.171653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:32:12.174598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:32:44.180468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:38:48.186711 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 19:38:55.194886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:39:03.195364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:39:19.198814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:39:51.206806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:45:55.211487 3.000561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 19:46:02.218390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:46:10.219389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:46:26.222465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:46:58.228585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:48:28.909395 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 19:48:28.909563 0.084688 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:28.994633 0.161454 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:29.156486 0.175546 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:29.332412 0.143191 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:29.476015 0.069055 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:29.545431 0.045101 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:29.590843 0.110588 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:29.701819 0.063839 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:29.766204 0.135516 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:29.902077 0.082549 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:29.985015 0.042134 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.027549 0.136598 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.164500 0.081806 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.246676 0.166257 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.413294 0.047343 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.460920 0.138167 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.599490 0.189366 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.789306 0.028068 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.817651 0.047668 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.865675 0.050095 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:30.916205 0.144736 udp 10.0.2.109 3683 <-> 76.71.254.157 9602 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:31.061342 0.081875 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:31.143629 0.140173 udp 10.0.2.109 3683 <-> 174.91.197.106 6066 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:31.284213 0.054933 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:31.339503 0.148429 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:31.488362 0.056500 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:31.545188 0.316134 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:48:31.861959 0.146820 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/25 19:50:13.950576 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 19:50:13.950778 0.999543 tcp 10.0.2.109 63814 -> 24.126.254.250 9945 FSPA* 0 0 15 1760 flow=From-Botnet-V1-TCP-Established 1970/01/25 19:53:02.234316 3.002166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 19:53:09.241731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:53:17.243384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:53:33.247237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 19:54:05.252554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:00:09.258790 3.001291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 20:00:16.265605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:00:24.267335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:00:40.270407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:01:12.276277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:07:16.282105 3.002304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 20:07:23.290258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:07:31.291956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:07:47.294383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:08:19.304145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:14:23.305968 3.001892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 20:14:30.313748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:14:38.315061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:14:54.318428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:15:26.324488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:18:46.522445 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 20:18:46.522529 0.183547 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:46.706501 0.143800 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:46.850716 0.073177 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:46.924341 0.046478 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:46.971260 0.110439 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:47.082248 0.063216 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:47.145905 0.080529 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:47.226803 0.160830 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:47.388017 0.134917 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:47.523312 0.073505 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:47.597246 0.041047 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:47.638644 0.143974 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:47.783039 0.080533 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:47.863966 0.165260 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:48.029571 0.045643 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:48.075605 0.132290 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:48.208317 0.189039 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:48.398190 0.029274 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:48.427831 0.047116 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:48.475349 0.049025 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:18:48.524737 0.000000 udp 10.0.2.109 3683 -> 76.71.254.157 9602 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 20:19:06.192876 0.067245 tcp 10.0.2.109 63815 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:19:06.260490 0.066984 tcp 10.0.2.109 63816 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:19:06.327738 0.157784 tcp 10.0.2.109 63817 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:19:06.486027 0.080405 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:19:06.566770 0.000000 udp 10.0.2.109 3683 -> 174.91.197.106 6066 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 20:19:24.667630 0.063751 tcp 10.0.2.109 63818 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:19:24.731611 0.065282 tcp 10.0.2.109 63819 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:19:24.797192 0.160265 tcp 10.0.2.109 63820 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:19:24.958120 0.058146 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:19:25.016631 0.148605 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:19:25.165599 0.055992 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:19:25.221968 0.336943 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:19:25.559278 0.146008 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:20:14.949457 1.005765 tcp 10.0.2.109 63821 -> 24.126.254.250 9945 FSPA* 0 0 15 1804 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:21:30.329987 3.002060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 20:21:37.337732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:21:45.339057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:22:01.342122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:22:33.348487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:28:37.354355 3.001802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 20:28:44.361424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:28:52.363133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:29:08.366530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:29:40.372068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:35:44.387923 2.991982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 20:35:51.388985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:35:59.388669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:36:15.390231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:36:47.396436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:42:51.401486 3.002250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 20:42:58.409504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:43:06.411414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:43:22.414664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:43:54.420423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:49:46.897082 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 20:49:46.897391 0.000000 udp 10.0.2.109 3683 -> 174.91.197.106 6066 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 20:50:05.184947 0.064244 tcp 10.0.2.109 63822 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:50:05.249396 0.061240 tcp 10.0.2.109 63823 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:50:05.310900 0.158798 tcp 10.0.2.109 63824 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:50:05.470322 0.000000 udp 10.0.2.109 3683 -> 76.71.254.157 9602 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 20:50:15.959418 0.983091 tcp 10.0.2.109 63825 -> 24.126.254.250 9945 FSPA* 0 0 15 1641 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:50:22.809650 0.064365 tcp 10.0.2.109 63826 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:50:22.874309 0.068506 tcp 10.0.2.109 63827 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:50:22.943081 0.159019 tcp 10.0.2.109 63828 -> 195.113.214.211 443 SRPA* 0 0 32 16642 flow=From-Botnet-V1-TCP-Established 1970/01/25 20:50:23.102601 0.176750 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:23.279726 0.044287 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:23.324363 0.110588 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:23.435349 0.062943 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:23.498655 0.094466 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:23.593535 0.153309 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:23.747262 0.128719 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:23.876364 0.076933 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:23.953669 0.041586 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:23.995605 0.068767 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:24.064799 0.137903 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:24.203055 0.145056 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:24.348555 0.218622 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:24.567566 0.187873 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:24.755870 0.029246 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:24.785434 0.045241 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:24.831028 0.048194 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:24.879551 0.167529 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:25.047508 0.082063 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:25.129930 0.046219 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:25.176513 0.078836 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:25.255767 0.058946 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:25.315088 0.333963 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:25.649461 0.150493 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:25.800387 0.059530 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:50:25.860302 0.141029 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/25 20:51:14.436239 3.000807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 20:51:21.442294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:51:29.444992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:51:45.447181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:52:17.453375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:58:46.465052 3.002340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 20:58:53.473263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:59:01.474407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:59:17.477165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 20:59:49.483195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:05:56.493691 3.001639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 21:06:03.500792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:06:11.502596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:06:27.505681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:06:59.511669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:13:03.517776 3.001426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 21:13:10.525150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:13:18.526940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:13:34.529450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:14:06.535569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:20:10.541510 3.001837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 21:20:16.949113 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 21:20:16.949224 0.979620 tcp 10.0.2.109 63829 -> 24.126.254.250 9945 FSPA* 0 0 15 1785 flow=From-Botnet-V1-TCP-Established 1970/01/25 21:20:17.549179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:20:25.550430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:20:35.665349 0.098863 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:35.764625 0.063939 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:35.828952 0.076313 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:35.905693 0.175356 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:36.081465 0.045192 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:36.127036 0.158518 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:36.286008 0.135160 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:36.421576 0.068431 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:36.490469 0.041912 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:36.532771 0.070112 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:36.603270 0.142918 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:36.746589 0.145863 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:36.892880 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 21:20:41.553425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:20:55.275147 0.061877 tcp 10.0.2.109 63830 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 21:20:55.337292 0.063024 tcp 10.0.2.109 63831 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 21:20:55.400599 0.153307 tcp 10.0.2.109 63832 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/25 21:20:55.554854 0.190174 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:55.745372 0.031364 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:55.777066 0.040355 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:55.817788 0.050682 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:55.868835 0.164319 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:56.033554 0.083947 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:56.117938 0.057891 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:56.176181 0.388050 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:56.564621 0.149920 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:56.714990 0.053976 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:56.769338 0.046688 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:56.816420 0.082193 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:20:56.898991 0.141074 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:21:13.559283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:27:17.565714 3.001626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 21:27:24.572621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:27:32.574744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:27:48.577431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:28:20.582901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:34:24.589437 3.001716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 21:34:31.597017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:34:39.598606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:34:55.601453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:35:27.611457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:41:31.613247 3.005195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 21:41:38.620962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:41:46.622395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:42:02.625561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:42:34.631643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:48:38.640496 2.998580 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 21:48:45.645042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:48:53.646522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:49:09.649475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:49:41.655892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:50:17.928095 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 21:50:17.928189 0.978007 tcp 10.0.2.109 63833 -> 24.126.254.250 9945 FSPA* 0 0 15 1604 flow=From-Botnet-V1-TCP-Established 1970/01/25 21:50:57.999434 0.136104 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.135993 0.110709 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.247113 0.086390 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.333906 0.182810 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.517140 0.044213 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.561760 0.152680 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.714886 0.062342 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.777572 0.077042 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.855016 0.046199 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.901577 0.068234 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:58.970217 0.144497 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:59.115134 0.135289 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:59.250868 0.144311 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:59.395573 0.189485 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:50:59.585459 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 21:51:02.922575 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 21:51:14.731433 0.044005 tcp 10.0.2.109 63834 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 21:51:14.775740 0.044455 tcp 10.0.2.109 63835 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 21:51:14.820456 0.158401 tcp 10.0.2.109 63836 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/25 21:51:14.979400 0.040473 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:15.020322 0.052448 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:15.073146 0.163998 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:15.237555 0.082963 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:15.320826 0.057206 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:15.378498 0.319169 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:15.698105 0.149268 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:15.847781 0.054464 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:15.902596 0.141648 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:16.044657 0.043698 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:51:16.088690 0.078687 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/25 21:55:45.662487 3.000486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 21:55:52.674881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:56:00.670192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:56:16.673333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 21:56:48.679550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:02:52.686432 3.002636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 22:02:59.692479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:03:07.694330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:03:23.697377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:03:55.703406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:09:59.709262 3.001896 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 22:10:06.717289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:10:14.718526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:10:30.721259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:11:02.728160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:17:06.733529 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 22:17:13.740898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:17:21.742124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:17:37.745166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:18:09.754484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:20:18.907889 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 22:20:18.908096 1.004815 tcp 10.0.2.109 63837 -> 24.126.254.250 9945 FSPA* 0 0 14 1627 flow=From-Botnet-V1-TCP-Established 1970/01/25 22:21:18.492456 0.031386 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:18.524255 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 22:21:23.419727 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 22:21:35.378546 0.044616 tcp 10.0.2.109 63838 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 22:21:35.423491 0.066940 tcp 10.0.2.109 63839 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 22:21:35.490704 0.158535 tcp 10.0.2.109 63840 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/25 22:21:35.649934 0.122971 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:35.773288 0.183617 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:35.957271 0.045090 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:36.002712 0.160015 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:36.163089 0.070216 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:36.233681 0.111965 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:36.346058 0.047409 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:36.393824 0.068142 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:36.462469 0.068418 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:36.531274 0.146091 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:36.677723 0.188139 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:36.866317 0.135007 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:37.001746 0.135683 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:37.137874 0.167233 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:37.305479 0.087346 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:37.393206 0.061495 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:37.455059 0.040864 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:37.496253 0.054379 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:37.550984 0.355726 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:37.907102 0.150804 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:38.058422 0.063233 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:38.122088 0.141640 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:38.264160 0.044772 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:21:38.309347 0.091146 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:24:13.757743 3.001191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 22:24:20.765156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:24:28.766538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:24:44.769475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:25:16.775398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:31:20.780753 3.002177 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 22:31:27.788527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:31:35.790323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:31:51.793289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:32:23.799330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:38:27.805116 3.001891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 22:38:34.812572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:38:42.813709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:38:58.817230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:39:30.823045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:45:34.831704 2.999460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 22:45:41.836684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:45:49.838025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:46:05.840879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:46:37.847070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:50:19.917405 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 22:50:19.917501 1.002286 tcp 10.0.2.109 63841 -> 24.126.254.250 9945 FSPA* 0 0 15 1717 flow=From-Botnet-V1-TCP-Established 1970/01/25 22:51:47.623093 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 22:51:47.623294 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 22:52:06.391186 0.066914 tcp 10.0.2.109 63842 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 22:52:06.458348 0.066986 tcp 10.0.2.109 63843 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 22:52:06.525564 0.155284 tcp 10.0.2.109 63844 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/25 22:52:06.681800 0.031079 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:06.713171 0.110959 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:06.824533 0.176259 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.001219 0.045858 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.047395 0.153549 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.201397 0.064464 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.266422 0.092564 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.359348 0.041848 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.401535 0.068092 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.469977 0.069339 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.539683 0.144926 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.684964 0.188569 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:07.873952 0.134652 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.008946 0.149665 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 200 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.159024 0.176056 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.335527 0.086945 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.422890 0.061281 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.484500 0.040551 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.525432 0.052240 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.578039 0.059954 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.638473 0.155686 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.794600 0.046916 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.841922 0.086467 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:08.928799 0.385128 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:09.314304 0.145642 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/25 22:52:47.863470 3.000014 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/25 22:52:54.869456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:53:02.870634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:53:18.873974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:53:50.879539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 22:59:54.886298 3.001527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 23:00:01.893141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:00:09.894759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:00:25.897791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:00:57.903639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:07:01.909673 3.001526 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 23:07:08.917159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:07:16.918479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:07:32.921750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:08:04.928182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:14:08.933589 3.001986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 23:14:15.941367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:14:23.942593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:14:39.945741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:15:11.951569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:20:20.926377 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 23:20:20.926544 1.022190 tcp 10.0.2.109 63845 -> 24.126.254.250 9945 FSPA* 0 0 13 1605 flow=From-Botnet-V1-TCP-Established 1970/01/25 23:21:15.958169 3.000967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 23:21:22.965035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:21:30.966432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:21:46.969532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:22:18.975301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:22:19.957213 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 23:22:19.957320 0.030849 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:19.988587 0.110293 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.099333 0.182956 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.282684 0.045158 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.328184 0.159526 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.488045 0.068179 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.556614 0.096907 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.653924 0.046266 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.700552 0.069581 udp 10.0.2.109 3683 <-> 81.130.42.60 4828 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.770538 0.071555 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.842474 0.143427 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:20.986281 0.190837 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:21.177528 0.142001 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:21.319934 0.150672 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:21.471023 0.165265 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:21.636724 0.088704 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:21.725763 0.062977 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:21.789095 0.040070 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:21.829591 0.056308 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:21.886303 0.061489 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:21.948181 0.148004 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:22.096554 0.045992 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:22.142934 0.154734 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:22.298148 0.080795 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:22:22.379400 0.326445 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:28:22.981854 3.001460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 23:28:29.988893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:28:37.990809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:28:53.993886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:29:26.001188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:35:30.005895 3.001654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 23:35:37.013087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:35:45.014567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:36:01.018622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:36:33.025544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:42:37.029445 3.001859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 23:42:44.037626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:42:52.039156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:43:08.044653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:43:40.047656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:49:44.053447 3.001844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 23:49:51.060932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:49:59.062416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:50:15.065625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:50:21.956317 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 23:50:21.956481 0.979463 tcp 10.0.2.109 63846 -> 24.126.254.250 9945 FSPA* 0 0 15 1713 flow=From-Botnet-V1-TCP-Established 1970/01/25 23:50:47.071496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:52:37.700876 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/25 23:52:37.701036 0.040257 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:37.741629 0.099122 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:37.841196 0.176468 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:38.018084 0.046304 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:38.064748 0.159689 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:38.224843 0.066043 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:38.291301 0.086714 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:38.378442 0.047019 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:38.425836 0.000000 udp 10.0.2.109 3683 -> 81.130.42.60 4828 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/25 23:52:55.809463 0.066673 tcp 10.0.2.109 63847 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/25 23:52:55.876409 0.066919 tcp 10.0.2.109 63848 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/25 23:52:55.943593 0.157820 tcp 10.0.2.109 63849 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/25 23:52:56.101946 0.077267 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:56.179566 0.147064 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:56.327056 0.191207 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:56.518607 0.135034 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:56.654023 0.135610 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:56.790026 0.165691 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:56.956141 0.088434 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:57.045006 0.061273 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:57.106891 0.054474 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:57.161800 0.155058 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:57.317257 0.043829 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:57.361524 0.144592 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:57.506534 0.092530 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:57.599450 0.323444 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:57.923315 0.047150 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:52:57.970827 0.054521 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/25 23:56:51.077310 3.002104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/25 23:56:58.085086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:57:06.086743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:57:22.089647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/25 23:57:54.096619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:03:58.101219 3.001935 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 00:04:05.108902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:04:13.110698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:04:29.113528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:05:01.119365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:11:05.127561 3.008806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 00:11:12.133925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:11:20.138433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:11:36.137409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:12:08.143277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:18:12.155792 2.996446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 00:18:19.163551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:18:27.158879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:18:43.161199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:19:15.169079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:20:22.935443 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:20:22.935617 1.138233 tcp 10.0.2.109 63850 -> 24.126.254.250 9945 FSPA* 0 0 15 1686 flow=From-Botnet-V1-TCP-Established 1970/01/26 00:23:02.294464 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:23:02.294654 0.000000 udp 10.0.2.109 3683 -> 81.130.42.60 4828 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:23:18.028153 0.067732 tcp 10.0.2.109 63851 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 00:23:18.096147 0.068255 tcp 10.0.2.109 63852 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 00:23:18.164755 0.156987 tcp 10.0.2.109 63853 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 00:23:18.322376 3.143129 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1202 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:18.504822 2.499269 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 4 1311 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:18.536767 2.566166 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 4 1224 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:18.635361 2.522638 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 4 1188 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:18.705833 2.533511 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 4 1211 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:18.781697 2.501239 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 4 1208 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:18.823977 2.800906 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1214 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:18.983502 2.688201 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1102 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:19.029821 2.724265 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 4 1157 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:19.109261 2.793630 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 4 1206 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:19.257870 2.833254 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 4 1241 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:19.447832 2.778529 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 4 1246 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:19.582886 2.782191 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1207 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:19.719327 2.816407 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 4 1220 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:19.888512 2.729059 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 4 1060 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:19.980157 2.692701 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 4 1219 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:20.041717 2.687938 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 4 1129 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:20.099164 2.779302 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 4 1223 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:20.247732 2.676332 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 4 1147 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:20.292133 2.959698 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1213 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:20.621926 2.676267 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 4 997 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:20.664685 2.675392 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1096 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:20.721478 2.874530 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 4 1366 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:20.872279 2.562777 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 4 1185 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:23.596775 0.000000 udp 10.0.2.109 3683 -> 151.62.75.182 3793 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:23:28.912239 0.000000 udp 10.0.2.109 3683 -> 60.163.27.0 9348 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:23:36.813780 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:23:42.762387 0.000000 udp 10.0.2.109 3683 -> 151.77.207.158 5384 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:23:50.163078 0.423455 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:50.597844 0.070398 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 756 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:23:50.685598 0.000000 udp 10.0.2.109 3683 -> 122.163.38.79 5440 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:23:58.034048 0.000000 udp 10.0.2.109 3683 -> 86.135.82.58 2234 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:24:02.921025 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:24:04.143014 0.000000 udp 10.0.2.109 3683 -> 101.50.190.59 4747 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:24:11.112867 0.000000 udp 10.0.2.109 3683 -> 115.96.112.248 2995 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:24:19.044427 0.000000 udp 10.0.2.109 3683 -> 202.78.239.131 2122 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:24:24.833033 0.000000 udp 10.0.2.109 3683 -> 131.191.38.85 5603 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:24:30.370450 0.000000 udp 10.0.2.109 3683 -> 86.28.229.107 5030 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:24:36.078713 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:24:41.799028 0.000000 udp 10.0.2.109 3683 -> 84.228.75.144 9285 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:24:50.498940 0.000000 udp 10.0.2.109 3683 -> 80.116.182.220 9616 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:24:55.416823 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:24:57.379434 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:25:03.084089 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:25:09.757710 0.000000 udp 10.0.2.109 3683 -> 86.168.85.182 3822 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:25:15.315349 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:25:19.173312 3.001693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 00:25:21.304132 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:25:26.180848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:25:28.444068 0.000000 udp 10.0.2.109 3683 -> 174.0.55.32 7269 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:25:34.182459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:25:35.424582 0.053052 udp 10.0.2.109 3683 -> 80.18.170.11 1253 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:25:35.477634 0.000000 icmp 217.141.66.194 0x0303 -> 10.0.2.109 0xe504 URP 192 1 190 flow=Background 1970/01/26 00:25:40.421270 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:25:42.524362 0.000000 udp 10.0.2.109 3683 -> 58.11.55.130 5202 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:25:48.192795 0.000000 udp 10.0.2.109 3683 -> 82.118.97.180 8195 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:25:50.185082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:25:56.965317 0.000000 udp 10.0.2.109 3683 -> 95.97.246.106 8768 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:26:02.973756 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:26:11.656718 0.000000 udp 10.0.2.109 3683 -> 94.66.193.98 8316 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:26:19.237280 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:26:22.191175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:26:25.899041 0.000000 udp 10.0.2.109 3683 -> 124.253.238.160 2912 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:26:30.412758 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:26:33.421830 0.000000 udp 10.0.2.109 3683 -> 86.98.87.41 6163 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:26:40.147113 0.000000 udp 10.0.2.109 3683 -> 86.26.191.17 6075 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:26:46.068831 0.000000 udp 10.0.2.109 3683 -> 80.250.237.236 9600 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:26:54.169120 0.000000 udp 10.0.2.109 3683 -> 122.175.129.221 1225 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:27:02.383155 0.000000 udp 10.0.2.109 3683 -> 151.65.230.36 7898 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:27:08.450267 0.000000 udp 10.0.2.109 3683 -> 72.78.75.33 3374 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:27:15.818583 0.133665 udp 10.0.2.109 3683 -> 198.254.92.88 9784 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:27:15.952248 0.000000 icmp 198.254.92.88 0x0303 -> 10.0.2.109 0x3826 URP 192 1 146 flow=Background 1970/01/26 00:27:20.414492 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:27:22.598758 0.000000 udp 10.0.2.109 3683 -> 62.219.143.195 9366 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:27:30.689832 0.000000 udp 10.0.2.109 3683 -> 81.213.212.70 9154 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:27:38.500449 0.000000 udp 10.0.2.109 3683 -> 116.203.162.197 8866 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:27:44.019176 0.000000 udp 10.0.2.109 3683 -> 47.23.18.66 7975 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:27:50.939149 0.000000 udp 10.0.2.109 3683 -> 90.199.151.187 7954 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:27:57.117917 0.000000 udp 10.0.2.109 3683 -> 2.40.112.121 6895 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:28:03.246923 0.000000 udp 10.0.2.109 3683 -> 117.204.209.236 6887 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:28:07.913262 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:28:08.904701 0.000000 udp 10.0.2.109 3683 -> 95.90.117.118 9335 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:28:15.915072 0.313216 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 756 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:28:16.260962 0.000000 udp 10.0.2.109 3683 -> 120.60.163.180 8252 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:28:23.716213 0.000000 udp 10.0.2.109 3683 -> 67.11.214.101 2975 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:28:31.868023 0.000000 udp 10.0.2.109 3683 -> 98.203.97.224 9568 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:28:38.989120 0.350858 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 834 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:28:39.350765 0.321909 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 769 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:28:39.714545 0.000000 udp 10.0.2.109 3683 -> 122.168.152.46 6234 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:28:46.158722 0.000000 udp 10.0.2.109 3683 -> 119.143.67.99 8608 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:28:53.794528 0.000000 udp 10.0.2.109 3683 -> 123.63.10.74 1856 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:28:58.416176 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:28:58.897026 0.366457 udp 10.0.2.109 3683 <-> 116.49.137.250 5164 CON 0 0 2 675 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:28:59.294796 0.000000 udp 10.0.2.109 3683 -> 119.18.144.221 7283 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:29:06.949010 0.039766 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:29:07.264073 0.000000 udp 10.0.2.109 3683 -> 182.160.113.75 2454 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:29:15.209048 0.210085 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:29:15.637057 0.000000 udp 10.0.2.109 3683 -> 81.136.211.210 1862 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:29:21.392729 0.000000 udp 10.0.2.109 3683 -> 101.58.166.245 5529 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:29:28.141568 0.000000 udp 10.0.2.109 3683 -> 86.129.3.36 5649 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:29:33.297182 0.000000 udp 10.0.2.109 3683 -> 93.67.216.198 6257 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:29:39.264981 0.000000 udp 10.0.2.109 3683 -> 79.21.171.127 5391 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:29:43.921288 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:29:46.968910 0.000000 udp 10.0.2.109 3683 -> 70.74.172.140 9049 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:29:52.033260 0.000000 udp 10.0.2.109 3683 -> 91.39.86.114 9714 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:29:59.012923 0.000000 udp 10.0.2.109 3683 -> 220.246.36.52 5815 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:30:05.622539 0.000000 udp 10.0.2.109 3683 -> 27.96.86.6 7537 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:30:12.933103 0.058332 udp 10.0.2.109 3683 <-> 94.240.238.172 6204 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:30:13.123855 0.000000 udp 10.0.2.109 3683 -> 217.165.111.158 3861 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:30:20.353956 0.000000 udp 10.0.2.109 3683 -> 122.170.65.253 6454 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:30:25.932618 0.000000 udp 10.0.2.109 3683 -> 195.24.211.146 7072 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:30:30.918927 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:30:31.780111 0.160726 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 681 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:30:32.095636 0.373900 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:30:32.523420 0.000000 udp 10.0.2.109 3683 -> 186.6.206.219 2209 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:30:39.961888 0.093154 udp 10.0.2.109 3683 <-> 81.131.244.240 2145 CON 0 0 2 723 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:30:40.206327 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:30:47.873492 0.033265 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 663 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:30:48.074045 0.000000 udp 10.0.2.109 3683 -> 80.8.121.13 9450 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:30:54.763490 0.000000 udp 10.0.2.109 3683 -> 217.43.213.70 4453 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:31:02.344548 0.000000 udp 10.0.2.109 3683 -> 122.176.45.75 9573 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:31:08.164859 0.000000 udp 10.0.2.109 3683 -> 213.165.33.47 3713 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:31:14.091829 0.000000 udp 10.0.2.109 3683 -> 123.238.17.136 7629 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:31:18.928666 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:31:22.083022 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:31:30.735161 0.000000 udp 10.0.2.109 3683 -> 94.55.196.182 4849 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:31:37.455103 0.000000 udp 10.0.2.109 3683 -> 176.92.127.134 4885 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:31:45.776637 0.072386 udp 10.0.2.109 3683 <-> 62.158.64.181 4036 CON 0 0 2 779 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:31:45.905377 0.000000 udp 10.0.2.109 3683 -> 59.99.238.95 7292 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:31:54.509521 0.000000 udp 10.0.2.109 3683 -> 95.232.153.187 4532 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:31:59.867120 0.327455 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:32:00.256204 0.248910 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 758 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:32:00.518230 0.059895 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 714 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:32:00.594029 0.000000 udp 10.0.2.109 3683 -> 94.1.66.169 1378 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:32:04.413423 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:32:06.737080 0.000000 udp 10.0.2.109 3683 -> 72.51.209.160 2986 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:32:13.566850 0.000000 udp 10.0.2.109 3683 -> 195.158.109.174 5867 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:32:21.307584 0.450465 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 800 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:32:21.820981 0.000000 udp 10.0.2.109 3683 -> 151.66.161.149 5338 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:32:26.197418 3.001620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 00:32:27.126317 0.000000 udp 10.0.2.109 3683 -> 182.64.159.127 8104 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:32:33.174735 0.000000 udp 10.0.2.109 3683 -> 88.57.245.126 4739 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:32:33.204482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:32:39.423790 0.000000 udp 10.0.2.109 3683 -> 59.97.97.89 4572 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:32:41.206446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:32:46.183626 0.000000 udp 10.0.2.109 3683 -> 216.114.111.176 8872 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:32:50.920041 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:32:54.515694 0.000000 udp 10.0.2.109 3683 -> 119.74.35.65 5546 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:32:57.209135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:33:00.634049 0.360314 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:33:01.019709 0.000000 udp 10.0.2.109 3683 -> 31.54.23.121 2297 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:33:07.584739 0.000000 udp 10.0.2.109 3683 -> 14.43.246.153 7342 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:33:14.204572 0.000000 udp 10.0.2.109 3683 -> 86.65.149.54 9353 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:33:19.942388 0.000000 udp 10.0.2.109 3683 -> 49.248.98.39 5406 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:33:25.329766 0.166459 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 712 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:33:25.516495 0.000000 udp 10.0.2.109 3683 -> 87.29.77.35 1077 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:33:29.215164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:33:34.383342 0.000000 udp 10.0.2.109 3683 -> 192.251.46.124 8707 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:33:38.919135 0.000037 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:33:43.235566 0.000000 udp 10.0.2.109 3683 -> 115.249.163.100 5753 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:33:48.783475 0.000000 udp 10.0.2.109 3683 -> 86.129.89.197 2142 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:33:56.755155 0.000000 udp 10.0.2.109 3683 -> 46.103.143.192 4894 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:34:03.485399 0.000000 udp 10.0.2.109 3683 -> 118.69.124.134 4662 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:34:09.858527 0.000000 udp 10.0.2.109 3683 -> 86.171.93.234 8315 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:34:18.417250 1.188056 udp 10.0.2.109 3683 <-> 14.99.206.38 5629 CON 0 0 2 833 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:34:19.676335 0.000000 udp 10.0.2.109 3683 -> 90.216.202.18 2250 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:34:23.413719 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:34:26.353249 0.155835 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 737 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:34:26.657395 0.141956 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 790 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:34:26.868015 0.000000 udp 10.0.2.109 3683 -> 92.19.249.153 7923 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:34:35.575468 0.000000 udp 10.0.2.109 3683 -> 213.120.115.215 9742 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:34:43.181681 0.194527 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 782 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:34:43.414247 0.000000 udp 10.0.2.109 3683 -> 106.0.202.120 1024 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:34:49.040144 0.000000 udp 10.0.2.109 3683 -> 86.181.173.158 3457 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:34:54.610664 0.151844 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/01/26 00:34:54.776175 0.000000 udp 10.0.2.109 3683 -> 83.110.192.191 4415 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 00:39:33.221439 3.001749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 00:39:40.228671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:39:48.229910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:40:04.233121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:40:36.239133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:46:40.245701 3.001347 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 00:46:47.256089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:46:55.254373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:47:11.257351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:47:43.263233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:50:24.075130 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 00:50:24.075259 1.016184 tcp 10.0.2.109 63854 -> 24.126.254.250 9945 FSPA* 0 0 15 1676 flow=From-Botnet-V1-TCP-Established 1970/01/26 00:53:47.269842 3.001105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 00:53:54.277137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:54:02.278290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:54:18.282595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 00:54:50.287739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:00:54.479679 2.995239 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 01:01:01.482523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:01:09.481864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:01:25.485448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:01:57.491335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:05:13.213223 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 01:05:13.213357 0.029311 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:13.243067 0.122880 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:13.366414 0.064160 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:13.430895 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 01:05:28.799225 0.067231 tcp 10.0.2.109 63855 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:05:28.866688 0.067260 tcp 10.0.2.109 63856 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:05:28.934229 0.161315 tcp 10.0.2.109 63857 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:05:29.096159 0.000000 udp 10.0.2.109 3683 -> 87.153.112.47 4545 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 01:05:45.814213 0.065649 tcp 10.0.2.109 63858 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:05:45.880150 0.068162 tcp 10.0.2.109 63859 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:05:45.948627 0.157786 tcp 10.0.2.109 63860 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:05:46.106945 0.182524 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:46.289902 0.160487 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:46.450801 0.045028 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:46.496216 0.077357 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:46.573967 0.058694 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:46.633199 0.058474 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:46.692065 0.147354 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:46.839863 0.190815 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:47.031029 0.135557 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:47.167038 0.135812 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:47.303307 0.161042 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:47.464750 0.087980 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:47.553148 0.141111 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:47.694706 0.046491 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:47.741561 0.351053 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:48.093018 0.047271 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:48.140673 0.051525 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:48.192591 0.079419 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:48.272394 0.144876 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:48.417650 0.066496 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:48.484536 0.380544 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:48.865498 0.312790 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:49.178655 0.356067 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:49.535115 0.321564 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:49.857067 0.354881 udp 10.0.2.109 3683 <-> 116.49.137.250 5164 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:50.212314 0.036507 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:50.249240 0.213954 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:50.463580 0.055615 udp 10.0.2.109 3683 <-> 94.240.238.172 6204 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:50.519546 0.162830 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:50.682791 0.321654 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:05:51.004821 0.000000 udp 10.0.2.109 3683 -> 81.131.244.240 2145 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 01:06:06.469798 0.065831 tcp 10.0.2.109 63861 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:06:06.536013 0.067132 tcp 10.0.2.109 63862 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:06:06.603401 0.163026 tcp 10.0.2.109 63863 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:06:06.766931 0.033143 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:06.800444 0.071149 udp 10.0.2.109 3683 <-> 62.158.64.181 4036 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:06.872002 0.059154 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:06.931507 0.146669 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:07.078514 0.339525 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:07.418422 1.049907 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:08.468670 0.336540 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:08.805631 0.165993 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:08.972054 0.000000 udp 10.0.2.109 3683 -> 14.99.206.38 5629 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 01:06:25.897901 0.066636 tcp 10.0.2.109 63864 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:06:25.964809 0.067919 tcp 10.0.2.109 63865 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:06:26.033029 0.199320 tcp 10.0.2.109 63866 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:06:26.232847 0.151603 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:26.384854 0.138983 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:26.524301 0.193239 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:06:26.717898 0.150290 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:08:02.499197 3.001469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 01:08:09.505570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:08:17.507730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:08:33.510848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:09:05.516707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:15:09.698416 2.996346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 01:15:16.700450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:15:24.709435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:15:40.705135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:16:12.711088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:20:25.237890 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 01:20:25.237996 1.133521 tcp 10.0.2.109 63867 -> 24.126.254.250 9945 FSPA* 0 0 14 1740 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:22:16.716816 3.002075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 01:22:23.724452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:22:31.726022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:22:47.728677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:23:19.735378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:29:23.851980 3.000626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 01:29:30.858840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:29:38.860092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:29:54.862977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:30:26.869241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:36:30.875189 3.001770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 01:36:32.745561 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 01:36:32.745671 0.047281 udp 10.0.2.109 3683 <-> 87.153.112.47 4545 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:36:32.793419 0.088485 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:36:32.882328 0.000000 udp 10.0.2.109 3683 -> 81.131.244.240 2145 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 01:36:37.882798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:36:45.883972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:36:51.593621 0.092683 tcp 10.0.2.109 63868 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:36:51.686562 0.067810 tcp 10.0.2.109 63869 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:36:51.754643 0.139103 tcp 10.0.2.109 63870 -> 195.113.214.211 443 SRPA* 0 0 32 24640 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:36:51.894563 0.000000 udp 10.0.2.109 3683 -> 14.99.206.38 5629 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 01:37:01.887302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:37:07.716023 0.065984 tcp 10.0.2.109 63871 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:37:07.782398 0.066471 tcp 10.0.2.109 63872 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:37:07.849149 0.153559 tcp 10.0.2.109 63873 -> 195.113.214.211 443 SRPA* 0 0 46 32232 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:37:08.003447 0.097900 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.101709 0.032015 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.134078 0.072611 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.207107 0.045065 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.252570 0.072527 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.325488 0.058884 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.384736 0.064030 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.449239 0.148122 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.597853 0.158036 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.756289 0.175628 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:08.932297 0.087401 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:09.020118 0.155382 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:09.175889 0.044352 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:09.220609 0.142040 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:09.362982 0.188465 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:09.551840 0.144629 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:09.696844 0.165909 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:09.863170 0.089070 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:09.952603 0.153248 udp 10.0.2.109 3683 <-> 24.126.254.250 7636 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:10.106266 0.065147 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:10.171849 0.465967 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:10.638384 0.320690 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:10.959470 0.055461 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:11.015351 0.046931 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:11.062656 0.343868 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:11.406913 0.304499 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:11.711786 0.338667 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:12.050837 0.208389 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:12.259624 0.055324 udp 10.0.2.109 3683 <-> 94.240.238.172 6204 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:12.315343 0.167950 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:12.483672 0.035908 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:12.519978 0.357004 udp 10.0.2.109 3683 <-> 116.49.137.250 5164 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:12.877329 0.265928 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:13.143683 0.058961 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:13.202985 0.073802 udp 10.0.2.109 3683 <-> 62.158.64.181 4036 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:13.277183 0.033197 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:13.310718 0.143957 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:13.455033 0.349035 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:13.804570 0.164279 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:13.969311 0.438860 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:14.408579 0.341808 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:14.750755 0.201395 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:14.952538 0.920262 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:15.873214 0.155095 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:16.028721 0.136965 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/26 01:37:33.893084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:43:37.909799 3.001108 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 01:43:44.916809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:43:52.918521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:44:08.921558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:44:40.927408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:50:26.374086 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 01:50:26.374184 1.054655 tcp 10.0.2.109 63874 -> 24.126.254.250 9945 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/01/26 01:51:45.941063 3.001308 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 01:51:52.948441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:52:00.949494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:52:16.952512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:52:48.958585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:59:14.966228 3.002430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 01:59:21.975355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:59:29.975342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 01:59:45.978613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:00:17.984659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:06:21.990434 3.001463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 02:06:28.997852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:06:36.999273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:06:53.002251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:07:25.008488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:07:39.159322 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 02:07:39.159432 0.000000 udp 10.0.2.109 3683 -> 87.153.112.47 4545 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 02:07:55.667011 0.066672 tcp 10.0.2.109 63875 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:07:55.734006 0.066894 tcp 10.0.2.109 63876 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:07:55.801209 0.146413 tcp 10.0.2.109 63877 -> 195.113.214.211 443 SRPA* 0 0 59 39819 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:07:55.948240 0.087980 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.036652 0.110191 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.147265 0.029458 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.177099 0.068677 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.246252 0.045041 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.291738 0.080152 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.372327 0.056930 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.429683 0.057095 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.487204 0.147055 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.634688 0.158309 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.793393 0.176074 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:56.969846 0.047648 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:57.017858 0.134936 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:57.153214 0.189905 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:57.343464 0.137282 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:57.481152 0.168927 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:57.650482 0.083431 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:57.734319 0.094355 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:57.829073 0.155121 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:07:57.984598 0.000000 udp 10.0.2.109 3683 -> 24.126.254.250 7636 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 02:08:16.364112 0.066441 tcp 10.0.2.109 63878 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:08:16.430812 0.068548 tcp 10.0.2.109 63879 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:08:16.499720 0.304162 tcp 10.0.2.109 63880 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:08:16.804416 0.066415 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:16.871349 0.411716 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:17.283473 0.318511 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:17.602415 0.348427 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:17.951273 0.304689 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:18.256329 0.054272 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:18.311092 0.040424 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:18.351893 0.320336 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:18.672677 0.213216 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:18.886279 0.058341 udp 10.0.2.109 3683 <-> 94.240.238.172 6204 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:18.945032 0.167249 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:19.112687 0.041044 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:19.154157 0.000000 udp 10.0.2.109 3683 -> 116.49.137.250 5164 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 02:08:35.747923 0.067669 tcp 10.0.2.109 63881 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:08:35.815861 0.067952 tcp 10.0.2.109 63882 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:08:35.884098 0.166434 tcp 10.0.2.109 63883 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:08:36.051101 0.000000 udp 10.0.2.109 3683 -> 113.78.51.41 6624 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 02:08:52.469995 0.065637 tcp 10.0.2.109 63884 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:08:52.535976 0.067062 tcp 10.0.2.109 63885 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:08:52.603328 0.167790 tcp 10.0.2.109 63886 -> 195.113.214.211 443 SRPA* 0 0 46 41316 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:08:52.771841 0.059379 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:52.831603 0.065938 udp 10.0.2.109 3683 <-> 62.158.64.181 4036 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:52.897978 0.032687 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:52.931162 0.141645 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:53.073196 0.338140 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:53.411705 0.164447 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:53.576579 0.265797 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:53.842827 0.475507 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:54.318782 0.351796 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:54.670953 0.150073 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:54.821406 0.153108 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:08:54.974870 0.139441 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:13:29.015166 3.000834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 02:13:36.021998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:13:44.023619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:14:00.026264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:14:32.032062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:20:27.433596 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 02:20:27.433822 2.993148 tcp 10.0.2.109 63887 -> 24.126.254.250 9945 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:20:36.039088 3.000700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 02:20:36.426725 0.000000 tcp 10.0.2.109 63887 -> 24.126.254.250 9945 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:20:42.436444 0.181334 tcp 10.0.2.109 63888 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:20:42.618018 0.067922 tcp 10.0.2.109 63889 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:20:42.686275 0.189011 tcp 10.0.2.109 63890 -> 195.113.214.211 443 SRPA* 0 0 57 42116 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:20:43.045574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:20:43.143030 2.998051 tcp 10.0.2.109 63891 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:20:51.047208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:20:52.138832 0.000000 tcp 10.0.2.109 63891 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:20:58.138423 0.066537 tcp 10.0.2.109 63892 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:20:58.205212 0.067999 tcp 10.0.2.109 63893 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:20:58.273466 0.168319 tcp 10.0.2.109 63894 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:20:58.549449 3.002225 tcp 10.0.2.109 63895 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:21:07.050414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:21:07.550754 0.000000 tcp 10.0.2.109 63895 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:21:13.550116 0.067485 tcp 10.0.2.109 63896 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:13.617848 0.066031 tcp 10.0.2.109 63897 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:13.684157 0.169116 tcp 10.0.2.109 63898 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:13.883577 3.005508 tcp 10.0.2.109 63899 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:21:22.894771 0.000000 tcp 10.0.2.109 63899 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:21:28.882337 0.065277 tcp 10.0.2.109 63900 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:28.947966 0.068165 tcp 10.0.2.109 63901 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:29.016388 0.169861 tcp 10.0.2.109 63902 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:29.198069 2.998323 tcp 10.0.2.109 63903 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:21:38.194834 0.000000 tcp 10.0.2.109 63903 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:21:39.056285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:21:44.195926 0.065819 tcp 10.0.2.109 63904 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:44.262259 0.086450 tcp 10.0.2.109 63905 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:44.349069 0.165986 tcp 10.0.2.109 63906 -> 195.113.214.211 443 SRPA* 0 0 40 34544 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:44.525645 3.002313 tcp 10.0.2.109 63907 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:21:53.527371 0.000000 tcp 10.0.2.109 63907 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 02:21:59.526625 0.066357 tcp 10.0.2.109 63908 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:59.593272 0.067600 tcp 10.0.2.109 63909 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:59.661233 0.172623 tcp 10.0.2.109 63910 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:21:59.864264 0.518909 tcp 10.0.2.109 63911 -> 176.73.169.112 1959 FSPA* 0 0 15 1626 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:27:43.062205 3.001672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 02:27:50.069385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:27:58.071153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:28:14.074399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:28:46.088984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:34:50.086102 3.001866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 02:34:57.093349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:35:05.095227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:35:21.098385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:35:53.103982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:39:07.343054 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 02:39:07.343290 0.000000 udp 10.0.2.109 3683 -> 87.153.112.47 4545 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 02:39:24.620017 0.068610 tcp 10.0.2.109 63912 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:39:24.688918 0.067153 tcp 10.0.2.109 63913 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:39:24.756343 0.164233 tcp 10.0.2.109 63914 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:39:24.921176 0.000000 udp 10.0.2.109 3683 -> 24.126.254.250 7636 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 02:39:40.051282 0.066947 tcp 10.0.2.109 63915 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:39:40.118554 0.069959 tcp 10.0.2.109 63916 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:39:40.188870 0.168001 tcp 10.0.2.109 63917 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:39:40.357366 0.000000 udp 10.0.2.109 3683 -> 116.49.137.250 5164 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 02:39:56.153934 0.066108 tcp 10.0.2.109 63918 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:39:56.220303 0.066753 tcp 10.0.2.109 63919 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:39:56.287263 0.164799 tcp 10.0.2.109 63920 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:39:56.452579 0.354100 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:56.807121 0.066561 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:56.874265 0.045207 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:56.919832 0.068185 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:56.988415 0.061317 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.050170 0.063563 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.114300 0.144887 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.259634 0.152408 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.412487 0.182736 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.595640 0.029288 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.625237 0.110241 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.735913 0.087404 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.823724 0.080302 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.904426 0.086678 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:57.991470 0.141223 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:58.133120 0.188464 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:58.321988 0.043515 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:58.365883 0.143358 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:58.509657 0.127847 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:58.637943 0.166794 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:58.805190 0.066859 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:58.872479 0.367792 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:59.240671 0.347882 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:59.588967 0.359864 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:39:59.949260 0.321775 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:00.271526 0.213757 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:00.485719 0.000000 udp 10.0.2.109 3683 -> 94.240.238.172 6204 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 02:40:17.204421 0.065732 tcp 10.0.2.109 63921 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:40:17.270432 0.067695 tcp 10.0.2.109 63922 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:40:17.338411 0.163314 tcp 10.0.2.109 63923 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:40:17.502420 0.305343 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:17.808154 0.052693 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:17.861229 0.047069 udp 10.0.2.109 3683 <-> 87.167.240.153 8279 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:17.908681 0.170096 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:18.079146 0.036392 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:18.115889 0.055226 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:18.171537 0.064797 udp 10.0.2.109 3683 <-> 62.158.64.181 4036 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:18.236722 0.031842 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:18.268933 0.165139 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:18.434450 0.184847 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:18.619695 0.145143 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:18.765275 0.328094 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:19.093748 0.434120 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:19.528301 0.354251 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:19.882990 0.217318 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:20.100734 0.153570 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:40:20.254703 0.140391 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/26 02:41:57.109891 3.002181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 02:42:04.118160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:42:12.118906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:42:28.122378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:43:00.128575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:49:04.133909 3.001867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 02:49:11.141780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:49:19.142848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:49:35.146693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:50:07.152518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:52:00.385812 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 02:52:00.385922 0.450697 tcp 10.0.2.109 63924 -> 176.73.169.112 1959 FSPA* 0 0 14 1644 flow=From-Botnet-V1-TCP-Established 1970/01/26 02:56:11.157930 3.001750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 02:56:18.166449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:56:26.167127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:56:42.170509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 02:57:14.175927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:03:18.182041 3.001744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 03:03:25.189379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:03:33.190978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:03:49.193894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:04:21.200057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:10:25.205712 3.002039 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 03:10:32.213326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:10:40.215043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:10:44.661561 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 03:10:44.661799 0.000000 udp 10.0.2.109 3683 -> 94.240.238.172 6204 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 03:10:56.217811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:11:00.667125 0.069188 tcp 10.0.2.109 63925 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:11:00.736638 0.068189 tcp 10.0.2.109 63926 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:11:00.805176 0.165422 tcp 10.0.2.109 63927 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:11:00.971215 0.044355 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:01.015958 0.431848 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:01.448188 0.067988 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:01.516561 0.111524 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:01.628492 0.096533 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:01.725363 0.145194 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:01.870965 0.158921 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.030281 0.182458 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.213148 0.029759 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.243287 0.110229 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.353942 0.084600 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.438911 0.078221 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.517552 0.088578 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.606492 0.189432 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.796342 0.044085 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.840797 0.143068 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:02.984320 0.134807 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:03.119541 0.165867 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:03.285835 0.063922 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:03.350149 0.148231 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:03.498771 0.089573 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:03.588722 0.367403 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:03.956562 0.380504 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:04.337460 0.362385 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:04.700262 0.214309 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:04.914951 0.342302 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:05.257630 0.000000 udp 10.0.2.109 3683 -> 87.167.240.153 8279 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 03:11:22.686697 0.066899 tcp 10.0.2.109 63928 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:11:22.753869 0.067850 tcp 10.0.2.109 63929 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:11:22.821969 0.169749 tcp 10.0.2.109 63930 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:11:22.992334 0.392067 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:23.384855 0.059049 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:23.444262 0.167175 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:23.611859 0.036661 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:23.648858 0.059961 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:23.709219 0.073053 udp 10.0.2.109 3683 <-> 62.158.64.181 4036 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:23.782689 0.036886 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:23.819951 0.166444 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:23.986782 0.199665 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:24.186844 0.145963 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:24.333181 0.341332 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:24.674824 0.333157 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:25.008394 0.863587 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:25.872413 0.136916 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:26.009721 0.149593 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:26.159687 0.154302 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:11:28.223942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:17:32.230658 3.000959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 03:17:39.240693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:17:47.238947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:18:03.245263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:18:35.247777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:22:00.844076 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 03:22:00.844196 0.496260 tcp 10.0.2.109 63931 -> 176.73.169.112 1959 FSPA* 0 0 14 1594 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:24:39.254595 3.000976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 03:24:46.261091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:24:54.262740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:25:10.265921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:25:42.271874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:31:46.277530 3.001968 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 03:31:53.285210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:32:01.286692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:32:17.289707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:32:49.305825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:38:53.311917 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 03:39:00.320915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:39:08.320500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:39:24.323633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:39:56.329655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:41:40.049037 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 03:41:40.049281 0.000000 udp 10.0.2.109 3683 -> 87.167.240.153 8279 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 03:41:56.634034 0.066898 tcp 10.0.2.109 63932 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:41:56.701163 0.067225 tcp 10.0.2.109 63933 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:41:56.768653 0.166201 tcp 10.0.2.109 63934 -> 195.113.214.211 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:41:56.935377 0.067878 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:57.003614 0.058819 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:57.062861 0.060815 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:57.124058 0.146890 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:57.271356 0.045240 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:57.316948 0.444489 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:57.761841 0.182928 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:57.945187 0.031320 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:57.976872 0.110430 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:58.087713 0.084376 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:58.172517 0.158833 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:58.331761 0.085244 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:58.417437 0.190746 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:58.608619 0.044221 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:58.653238 0.151020 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:58.804704 0.110552 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:58.915692 0.067417 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:58.983488 0.141346 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:59.125237 0.087081 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:59.212777 0.351826 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:59.564971 0.164532 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:59.729910 0.128437 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:41:59.858783 0.390070 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:00.249296 0.382793 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:00.632493 0.207169 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:00.840003 0.371179 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:01.211602 0.356103 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:01.568061 0.054708 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:01.623099 0.169530 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:01.792990 0.037379 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:01.830804 0.056201 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:01.887313 0.000000 udp 10.0.2.109 3683 -> 62.158.64.181 4036 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 03:42:19.427694 0.066821 tcp 10.0.2.109 63935 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:42:19.494784 0.067335 tcp 10.0.2.109 63936 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:42:19.562384 0.160639 tcp 10.0.2.109 63937 -> 195.113.214.211 443 SRPA* 0 0 44 28264 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:42:19.723743 0.043302 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:19.767467 0.165824 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:19.933722 0.366414 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:20.300529 0.196646 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:20.497528 0.143948 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:20.641850 0.333674 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:20.975988 0.586334 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:21.562745 0.150339 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:21.713496 0.139166 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:42:21.853130 0.150055 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/26 03:46:00.335185 3.002549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 03:46:07.342984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:46:15.349166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:46:31.348871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:47:03.353884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:52:01.342183 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 03:52:01.342490 0.516618 tcp 10.0.2.109 63938 -> 176.73.169.112 1959 FSPA* 0 0 15 1614 flow=From-Botnet-V1-TCP-Established 1970/01/26 03:53:07.360644 3.000277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 03:53:14.367259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:53:22.368659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:53:38.371601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 03:54:10.377777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:00:14.383161 3.002277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 04:00:21.390991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:00:29.392724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:00:45.395942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:01:17.401302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:07:21.407413 3.001848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 04:07:28.415078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:07:36.416616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:07:52.420268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:08:24.426264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:12:41.946480 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 04:12:41.946600 0.000000 udp 10.0.2.109 3683 -> 62.158.64.181 4036 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 04:12:59.282822 0.067389 tcp 10.0.2.109 63939 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 04:12:59.350475 0.067917 tcp 10.0.2.109 63940 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 04:12:59.418680 0.164532 tcp 10.0.2.109 63941 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 04:12:59.583783 0.063639 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:12:59.647817 0.065261 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:12:59.713458 0.145618 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:12:59.859468 0.047071 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:12:59.906914 0.452373 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:00.359630 0.175930 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:00.535904 0.029070 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:00.565306 0.068384 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:00.634053 0.080262 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:00.714669 0.159114 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:00.874191 0.098173 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:00.972736 0.189129 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:01.162323 0.046524 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:01.209218 0.136768 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:01.346416 0.070286 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:01.417076 0.067972 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:01.485512 0.083740 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:01.569613 0.376070 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:01.946193 0.166343 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:02.112915 0.134963 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:02.248339 0.089857 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:02.338610 0.148145 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:02.487152 0.212466 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:02.699962 0.365959 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:03.066431 0.396458 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:03.463329 0.337965 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:03.801713 0.167430 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:03.969534 0.043486 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:04.013377 0.060131 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:04.073912 0.053258 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:04.127595 0.375535 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:04.503496 0.032753 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:04.536628 0.164727 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:04.701783 0.144328 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:04.846485 0.336822 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:05.183699 0.341748 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:05.525814 0.223451 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:05.749626 0.139365 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:05.889351 0.982889 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:06.872669 0.182398 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:13:07.055472 0.416959 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:14:28.431890 3.001613 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 04:14:35.438477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:14:43.440685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:14:59.443550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:15:31.449550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:21:35.456193 3.001089 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 04:21:42.462651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:21:50.465659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:22:01.861354 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 04:22:01.861466 0.533430 tcp 10.0.2.109 63942 -> 176.73.169.112 1959 FSPA* 0 0 15 1725 flow=From-Botnet-V1-TCP-Established 1970/01/26 04:22:06.467393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:22:38.473608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:28:42.479443 3.012144 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 04:28:49.497132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:28:57.502894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:29:13.506665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:29:45.513696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:35:49.513823 3.001341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 04:35:56.520633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:36:04.522399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:36:20.527264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:36:52.542547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:42:56.537966 3.001230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 04:43:03.544950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:43:11.547028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:43:27.549360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:43:31.946882 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 04:43:31.947058 0.147913 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:32.095388 0.045142 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:32.140901 0.061412 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:32.202641 0.063149 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:32.266268 0.470957 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:32.737604 0.175814 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:32.913799 0.031392 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:32.945507 0.069220 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:33.015117 0.085000 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:33.100495 0.158675 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:33.259580 0.123052 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:33.383036 0.151725 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:33.535506 0.072440 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:33.608333 0.067513 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:33.676254 0.075607 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:33.752229 0.378902 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:34.131520 0.191258 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:34.323220 0.046010 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:34.369672 0.170292 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:34.542544 0.134414 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:34.677354 0.088506 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:34.766453 0.148148 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:34.914989 0.206477 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:35.121871 0.338569 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:35.460825 0.170966 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:35.632179 0.356112 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:35.988691 0.371773 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:36.360838 0.036359 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:36.397567 0.058035 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:36.455997 0.055276 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:36.511647 0.416361 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:36.928401 0.033201 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:36.961936 0.165979 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:37.128330 0.242115 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:37.370804 0.185813 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:37.557031 0.139846 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:37.697269 0.328087 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:38.025749 0.370003 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:38.396142 1.786654 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:40.183215 0.150693 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:40.334356 0.512857 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/26 04:43:59.555684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:51:19.571252 3.000775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 04:51:26.577919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:51:34.579823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:51:50.582347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:52:02.399983 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 04:52:02.400161 0.434282 tcp 10.0.2.109 63943 -> 176.73.169.112 1959 FSPA* 0 0 14 1687 flow=From-Botnet-V1-TCP-Established 1970/01/26 04:52:22.589278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:58:51.600369 3.002193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 04:58:58.607931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:59:06.609570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:59:22.612647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 04:59:54.618575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:06:00.627845 3.001463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 05:06:07.634923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:06:15.636106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:06:31.639484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:07:03.645702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:13:07.652109 3.004773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 05:13:14.658962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:13:22.660658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:13:38.663291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:14:05.893887 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 05:14:05.894120 0.062784 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:05.957300 0.061461 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:06.019147 0.419213 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:06.438743 0.183333 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:06.622498 0.031345 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:06.654354 0.149977 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:06.804717 0.045332 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:06.850383 0.068673 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:06.919444 0.090833 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:07.010710 0.158307 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:07.169448 0.110625 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:07.280536 0.138041 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:07.418994 0.074327 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:07.493772 0.067337 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:07.561500 0.100457 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:07.662514 0.390015 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:08.052920 0.190170 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:08.243494 0.045980 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:08.289881 0.167987 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:08.458354 0.142174 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:08.600966 0.085119 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:08.686507 0.147864 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:08.834819 0.169998 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:09.005170 0.344087 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:09.349634 0.214589 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:09.564573 0.343573 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:09.908611 0.385984 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:10.295158 0.035760 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:10.331258 0.061133 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:10.392797 0.055694 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:10.448943 0.391557 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:10.669582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:14:10.840857 0.032838 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:10.874008 0.198170 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:11.072576 0.138489 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:11.211475 0.164413 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:11.376295 0.144481 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:11.521138 0.343165 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:11.864693 0.338371 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:12.203516 1.071742 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:13.275679 0.499897 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:14:13.775969 0.153536 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:20:14.675022 3.005660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 05:20:21.682812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:20:29.684898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:20:45.687344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:21:17.693351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:22:02.839116 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 05:22:02.839232 0.505863 tcp 10.0.2.109 63944 -> 176.73.169.112 1959 FSPA* 0 0 14 1526 flow=From-Botnet-V1-TCP-Established 1970/01/26 05:27:21.700276 3.000943 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 05:27:28.706848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:27:36.708554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:27:52.711410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:28:24.717510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:34:28.724979 3.000053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 05:34:35.730900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:34:43.731800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:34:59.735490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:35:31.741034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:41:35.747593 3.001308 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 05:41:42.755739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:41:50.756879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:42:06.759276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:42:38.765879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:44:40.791088 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 05:44:40.791248 0.061350 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:40.852993 0.061250 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:40.914596 0.453389 udp 10.0.2.109 3683 <-> 113.78.51.41 6624 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:41.368361 0.182572 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:41.551379 0.031621 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:41.583368 0.143726 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:41.727493 0.046055 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:41.773959 0.068858 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:41.843239 0.110148 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:41.953829 0.144372 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:42.098633 0.072059 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:42.171108 0.066370 udp 10.0.2.109 3683 <-> 86.147.253.228 9773 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:42.237814 0.095898 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:42.334193 0.095045 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:42.429624 0.152031 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:42.582210 0.381322 udp 10.0.2.109 3683 <-> 114.38.22.181 1995 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:44:42.963946 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 05:45:00.761136 0.067485 tcp 10.0.2.109 63945 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 05:45:00.828854 0.067522 tcp 10.0.2.109 63946 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 05:45:00.896956 0.164166 tcp 10.0.2.109 63947 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/26 05:45:01.061668 0.043827 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:01.105881 0.173602 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:01.279877 0.127744 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:01.407996 0.088957 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:01.497284 0.148138 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:01.645804 0.218457 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:01.864610 0.365393 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:02.230417 0.167473 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:02.398304 0.348255 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:02.746913 0.363429 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:03.110809 0.052254 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:03.163404 0.058000 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:03.221777 0.073601 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:03.295750 0.397432 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:03.693591 0.033176 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:03.727152 0.185259 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:03.912777 0.141505 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:04.054733 0.166376 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:04.221509 0.144418 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:04.366431 0.331853 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:04.698673 0.357912 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:05.056992 0.153220 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:45:05.210620 0.000000 udp 10.0.2.109 3683 -> 24.208.145.212 9983 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 05:45:22.561471 0.067518 tcp 10.0.2.109 63948 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 05:45:22.629248 0.069344 tcp 10.0.2.109 63949 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 05:45:22.698825 0.170209 tcp 10.0.2.109 63950 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 05:45:22.869553 1.337627 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 05:48:42.772053 3.001122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 05:48:49.778696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:48:57.780244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:49:13.783195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:49:45.789919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:52:03.347945 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 05:52:03.348100 0.489799 tcp 10.0.2.109 63951 -> 176.73.169.112 1959 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/01/26 05:55:49.795033 3.002237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 05:55:56.803775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:56:04.803967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:56:20.808038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 05:56:52.813318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:02:56.820686 3.000202 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 06:03:03.826585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:03:11.828076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:03:27.831364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:03:59.837241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:10:03.844554 3.000456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 06:10:10.850809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:10:18.852137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:10:34.855337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:11:06.862988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:15:38.681788 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 06:15:38.681945 0.190576 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:38.872953 0.150052 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:39.023367 0.061467 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:39.128212 0.061537 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:39.190127 0.029317 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:39.219869 0.148061 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:39.368305 0.045062 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:39.413708 0.066273 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:39.480351 0.110240 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:39.591028 0.182902 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:39.774529 0.000000 udp 10.0.2.109 3683 -> 113.78.51.41 6624 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 06:15:57.741388 0.066667 tcp 10.0.2.109 63952 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:15:57.808285 0.068020 tcp 10.0.2.109 63953 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:15:57.876603 0.165997 tcp 10.0.2.109 63954 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:15:58.043119 0.096087 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:58.139622 0.158297 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:15:58.298470 0.000000 udp 10.0.2.109 3683 -> 114.38.22.181 1995 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 06:16:14.654757 0.066482 tcp 10.0.2.109 63955 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:16:14.721482 0.066324 tcp 10.0.2.109 63956 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:16:14.788091 0.165837 tcp 10.0.2.109 63957 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:16:14.954586 0.078093 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:15.033069 0.000000 udp 10.0.2.109 3683 -> 86.147.253.228 9773 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 06:16:31.148278 0.093651 tcp 10.0.2.109 63958 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:16:31.242358 0.068392 tcp 10.0.2.109 63959 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:16:31.311171 0.164337 tcp 10.0.2.109 63960 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:16:31.476049 0.099676 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:31.576078 0.151346 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:31.727827 0.135086 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:31.863336 0.086245 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:31.950014 0.155635 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:32.106246 0.222191 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:32.328840 0.168243 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:32.497552 0.045125 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:32.543146 0.347240 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:32.890864 0.351334 udp 10.0.2.109 3683 <-> 218.145.118.6 6830 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:33.242639 0.162388 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:33.405446 0.055743 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:33.461537 0.385808 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:33.847705 0.323420 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:34.171487 0.038571 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:34.210414 0.189565 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:34.400364 0.054717 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:34.455436 0.039984 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:34.495768 0.335311 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:34.831443 0.139247 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:34.971103 0.165216 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:35.136713 0.141470 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:35.278587 0.368608 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:35.647607 0.155048 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:16:35.803246 1.091174 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:17:10.867293 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 06:17:17.874774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:17:25.877239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:17:41.879151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:18:13.885432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:22:03.836294 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 06:22:03.836436 0.624027 tcp 10.0.2.109 63961 -> 176.73.169.112 1959 FSPA* 0 0 14 1624 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:24:17.891527 3.001490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 06:24:24.898874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:24:32.900132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:24:48.903209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:25:20.909136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:31:24.914771 3.002184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 06:31:31.922052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:31:39.923470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:31:55.927323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:32:27.933147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:38:31.939558 3.001418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 06:38:38.946450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:38:46.948342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:39:02.950736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:39:34.957879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:45:38.963211 3.001827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 06:45:45.970521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:45:53.972013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:46:09.975403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:46:41.981405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:46:43.563448 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 06:46:43.563636 0.000000 udp 10.0.2.109 3683 -> 113.78.51.41 6624 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 06:47:01.292248 0.067028 tcp 10.0.2.109 63962 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:47:01.359558 0.068037 tcp 10.0.2.109 63963 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:47:01.427930 0.210518 tcp 10.0.2.109 63964 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:47:01.638956 0.000000 udp 10.0.2.109 3683 -> 86.147.253.228 9773 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 06:47:20.467363 0.065968 tcp 10.0.2.109 63965 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:47:20.533595 0.067089 tcp 10.0.2.109 63966 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:47:20.600999 0.167990 tcp 10.0.2.109 63967 -> 195.113.214.211 443 SRPA* 0 0 70 69958 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:47:20.769959 0.000000 udp 10.0.2.109 3683 -> 114.38.22.181 1995 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 06:47:39.373661 0.066758 tcp 10.0.2.109 63968 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:47:39.440642 0.067552 tcp 10.0.2.109 63969 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:47:39.508390 0.163137 tcp 10.0.2.109 63970 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:47:39.672032 0.189143 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:39.861545 0.028941 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:39.890820 0.146248 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.037485 0.045353 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.083187 0.067338 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.150919 0.110123 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.261438 0.182987 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.444828 0.059596 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.504783 0.060593 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.565854 0.150079 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.716345 0.151830 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.868592 0.085198 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:40.954206 0.077974 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:41.032569 0.135144 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:41.168096 0.087992 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:41.256446 0.088851 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:41.345699 0.136304 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:41.482463 0.155054 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:41.637922 0.216842 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:41.855166 0.176163 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:42.031713 0.044783 rtcp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:42.076823 0.351985 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:42.429209 0.058764 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:42.488264 0.322294 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:47:42.810996 0.000000 udp 10.0.2.109 3683 -> 218.145.118.6 6830 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 06:48:01.666742 0.068044 tcp 10.0.2.109 63971 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:48:01.735070 0.067587 tcp 10.0.2.109 63972 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:48:01.802928 0.168254 tcp 10.0.2.109 63973 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:48:01.971717 0.170238 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:02.142505 0.315453 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:02.458417 0.033100 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:02.491888 0.276480 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:02.768763 0.054885 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:02.824066 0.035500 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:02.859951 0.349263 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:03.209619 0.137646 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:03.347654 0.330339 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:03.678550 0.154347 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:03.833265 0.165713 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:03.999443 0.147226 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:48:04.147062 1.596913 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/26 06:52:04.465099 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 06:52:04.465258 0.459998 tcp 10.0.2.109 63974 -> 176.73.169.112 1959 FSPA* 0 0 14 1532 flow=From-Botnet-V1-TCP-Established 1970/01/26 06:52:49.992718 3.001853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 06:52:57.000461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:53:05.007309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:53:21.005127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:53:53.011055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 06:59:57.017021 3.001913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 07:00:04.024709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:00:12.025797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:00:28.030586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:01:00.034894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:07:04.040752 3.001602 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 07:07:11.048055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:07:19.049791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:07:35.052561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:08:07.058643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:14:11.065575 3.000897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 07:14:18.072009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:14:26.073738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:14:42.076724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:15:14.082765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:18:35.332297 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 07:18:35.332443 0.000000 udp 10.0.2.109 3683 -> 218.145.118.6 6830 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 07:18:50.816020 0.067625 tcp 10.0.2.109 63975 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:18:50.883933 0.066608 tcp 10.0.2.109 63976 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:18:50.950927 0.218711 tcp 10.0.2.109 63977 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:18:51.170183 0.190328 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:51.360944 0.034750 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:51.396125 0.046870 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:51.443360 0.065994 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:51.509772 0.098168 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:51.608593 0.185530 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:51.794508 0.059617 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:51.854557 0.061709 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:51.916723 0.151132 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:52.068297 0.153078 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:52.221778 0.079876 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:52.302024 0.145122 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:52.447578 0.127956 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:52.575974 0.087661 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:52.664059 0.086519 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:52.751018 0.137927 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:52.889411 0.141022 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:53.030970 0.207381 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:53.238762 0.077809 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:53.316959 0.060814 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:18:53.378114 0.000000 udp 10.0.2.109 3683 -> 122.57.203.170 2182 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 07:19:10.243059 0.066402 tcp 10.0.2.109 63978 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:19:10.309824 0.067977 tcp 10.0.2.109 63979 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:19:10.378058 0.170950 tcp 10.0.2.109 63980 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:19:10.549518 0.044400 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:10.594365 0.167969 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:10.762733 0.367036 udp 10.0.2.109 3683 <-> 117.203.216.12 8817 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:11.130322 0.314604 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:11.445329 0.038426 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:11.484125 0.207055 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:11.691614 0.066392 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:11.758429 0.044305 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:11.803178 0.168792 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:11.972347 0.138926 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:12.111618 0.337601 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:12.449623 0.154075 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:12.604069 0.165011 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:12.769466 0.346155 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:13.116050 0.143108 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:19:13.259521 1.146249 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:21:18.088554 3.002326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 07:21:25.096169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:21:33.099858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:21:49.100568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:22:04.933776 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 07:22:04.933931 0.448016 tcp 10.0.2.109 63981 -> 176.73.169.112 1959 FSPA* 0 0 14 1631 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:22:21.106901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:28:25.113118 3.001328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 07:28:32.120088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:28:40.121446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:28:56.125835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:29:28.130613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:35:32.137080 3.001006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 07:35:39.144511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:35:47.158798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:36:03.148524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:36:35.154762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:42:39.161279 3.000743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 07:42:46.168021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:42:54.169645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:43:10.172667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:43:42.178998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:49:35.818142 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 07:49:35.818271 0.318917 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:36.137570 0.029216 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:36.167116 0.044031 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:36.211536 0.061544 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:36.273519 0.098036 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:36.371965 0.176199 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:36.548588 0.056862 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:36.605842 0.060163 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:36.666529 0.189850 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:36.856782 0.150187 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:37.007343 0.145744 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:37.153467 0.134987 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:37.289260 0.085309 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:37.374990 0.083598 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:37.458981 0.142300 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:37.601672 0.212404 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:37.814523 0.160401 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:37.975349 0.071660 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:38.047381 0.053817 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:38.101581 0.221417 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:38.323381 0.148118 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:38.471874 0.044605 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:38.517196 0.163045 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:38.680632 0.000000 udp 10.0.2.109 3683 -> 117.203.216.12 8817 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 07:49:46.184434 3.001951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 07:49:53.191848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:49:54.716217 0.067549 tcp 10.0.2.109 63982 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:49:54.784002 0.067778 tcp 10.0.2.109 63983 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:49:54.852018 0.163790 tcp 10.0.2.109 63984 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:49:55.016380 0.313499 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:55.330302 0.032103 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:55.362809 0.198639 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:55.561897 0.051645 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:55.613939 0.036919 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:55.651157 0.165987 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:55.817535 0.155544 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:55.973486 0.165816 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:56.139741 0.365049 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:56.505211 0.349411 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:56.854996 0.333020 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:57.188384 0.144791 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:49:57.333608 0.675730 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/26 07:50:01.196080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:50:17.196729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:50:49.202445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:52:05.382400 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 07:52:05.382546 0.550187 tcp 10.0.2.109 63985 -> 176.73.169.112 1959 FSPA* 0 0 14 1592 flow=From-Botnet-V1-TCP-Established 1970/01/26 07:56:53.208731 3.002101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 07:57:00.216036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:57:08.217804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:57:24.220824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 07:57:56.227236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:04:00.231829 3.002773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 08:04:07.239560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:04:15.241323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:04:31.244821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:05:03.250740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:11:07.259643 3.024619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 08:11:14.282077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:11:22.280396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:11:38.279681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:12:10.284438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:18:14.296169 3.012528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 08:18:21.316498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:18:29.305210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:18:45.302115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:19:17.308549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:20:17.568834 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 08:20:17.568976 0.000000 udp 10.0.2.109 3683 -> 117.203.216.12 8817 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 08:20:35.152282 0.067650 tcp 10.0.2.109 63986 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 08:20:35.220298 0.068124 tcp 10.0.2.109 63987 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 08:20:35.288816 0.163911 tcp 10.0.2.109 63988 -> 195.113.214.211 443 SRPA* 0 0 33 19398 flow=From-Botnet-V1-TCP-Established 1970/01/26 08:20:35.453359 0.165348 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:35.619350 0.138379 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:35.758121 0.145656 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:35.904157 0.367565 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:36.272168 0.331607 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:36.604149 0.000000 udp 10.0.2.109 3683 -> 59.115.36.113 2346 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 08:20:52.145460 0.066097 tcp 10.0.2.109 63989 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 08:20:52.211787 0.067868 tcp 10.0.2.109 63990 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 08:20:52.279891 0.158527 tcp 10.0.2.109 63991 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/26 08:20:52.438988 0.066087 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:52.505502 0.065380 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:52.571254 0.149576 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:52.721299 0.178296 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:52.899973 0.110401 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:53.010815 0.069535 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:53.080683 0.046385 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:53.127456 0.034228 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:53.162093 0.189215 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:53.351721 0.323730 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:53.675893 0.148390 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:53.824705 0.158604 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:53.983711 0.076436 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:54.060550 0.088786 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:54.149744 0.128161 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:54.278303 0.144631 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:54.423267 0.151030 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:54.574668 0.141391 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:54.716502 0.056628 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:54.773528 0.207768 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:54.981754 0.079373 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:55.061512 0.164935 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:55.226841 0.047045 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:55.274318 0.162045 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:55.436721 0.036058 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:55.473155 0.185163 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:55.658699 0.033293 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:55.692378 0.312659 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:56.005500 0.054901 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:20:56.060875 0.153541 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:22:05.931151 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 08:22:05.931243 0.444163 tcp 10.0.2.109 63992 -> 176.73.169.112 1959 FSPA* 0 0 14 1676 flow=From-Botnet-V1-TCP-Established 1970/01/26 08:25:21.314394 3.002040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 08:25:28.321328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:25:36.323171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:25:52.326537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:26:24.332174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:32:28.338855 3.001021 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 08:32:35.345814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:32:43.347228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:32:59.350211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:33:31.363610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:39:35.362308 3.001574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 08:39:42.369946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:39:50.371346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:40:06.374464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:40:38.380434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:46:42.386538 3.011304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 08:46:49.403426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:46:57.405015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:47:13.408623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:47:45.414298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:51:01.237108 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 08:51:01.237290 1.259583 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:02.497321 0.139300 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:02.637056 0.164516 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:02.801970 0.247922 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:03.050427 0.376567 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:03.427351 0.333697 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:03.761475 0.057654 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:03.819607 0.062304 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:03.882812 0.149388 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:04.032609 0.176378 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:04.209393 0.098506 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:04.308305 0.031482 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:04.340107 0.188449 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:04.528957 0.329133 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:04.858499 0.084756 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:04.943659 0.161209 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:05.105478 0.066758 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:05.172650 0.045223 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:05.218277 0.084258 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:05.302919 0.092895 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:05.396198 0.128054 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:05.524652 0.146832 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:05.671860 0.137213 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:05.809496 0.148293 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:05.958408 0.057418 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:06.016158 0.208991 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:06.225679 0.074196 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:06.300261 0.172658 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:06.473256 0.043916 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:06.517522 0.163658 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:06.681603 0.036360 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:06.718274 0.182147 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:06.900801 0.032792 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:06.933935 0.311927 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:07.246534 0.053395 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:51:07.300292 0.158069 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/26 08:52:06.379735 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 08:52:06.379898 0.475971 tcp 10.0.2.109 63993 -> 176.73.169.112 1959 FSPA* 0 0 15 1560 flow=From-Botnet-V1-TCP-Established 1970/01/26 08:53:49.420847 3.001831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 08:53:56.427532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:54:04.429506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:54:20.431507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 08:54:52.438653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:00:56.444270 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 09:01:03.451781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:01:11.452885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:01:27.456513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:01:59.462025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:08:08.474806 3.002127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 09:08:15.482621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:08:23.484656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:08:39.487475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:09:11.493464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:15:15.500043 3.000690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 09:15:22.506353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:15:30.508573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:15:46.511429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:16:18.517638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:21:29.625093 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 09:21:29.625281 0.162751 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:29.788441 0.439095 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:30.227905 0.139154 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:30.367504 0.146901 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:30.514805 0.335526 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:30.850720 0.339925 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:31.191035 0.061896 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:31.253346 0.061614 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:31.315352 0.194921 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:31.510701 0.232485 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:31.743574 0.190504 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:31.934468 0.361041 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:32.295995 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 09:21:49.184746 0.066582 tcp 10.0.2.109 63994 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 09:21:49.251598 0.066472 tcp 10.0.2.109 63995 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 09:21:49.318376 0.166710 tcp 10.0.2.109 63996 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 09:21:49.485622 0.123314 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:49.609345 0.029531 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:49.639147 0.159079 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:49.798624 0.068076 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:49.867156 0.045431 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:49.912979 0.090809 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:50.004321 0.084040 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:50.088694 0.142391 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:50.231477 0.154896 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:50.386810 0.059898 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:50.447485 0.214243 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:50.662127 0.145859 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:50.808419 0.137001 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:50.945811 0.075688 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:51.021898 0.166517 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:51.188801 0.045763 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:51.234968 0.162285 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:51.397657 0.036052 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:51.434078 0.202257 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:51.636688 0.033146 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:51.670258 0.155322 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:51.826011 0.304989 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:21:52.131412 0.056282 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:22:06.859582 0.556009 tcp 10.0.2.109 63997 -> 176.73.169.112 1959 FSPA* 0 0 15 1797 flow=From-Botnet-V1-TCP-Established 1970/01/26 09:22:22.523572 3.001171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 09:22:29.530828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:22:37.532037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:22:53.535356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:23:25.541409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:29:29.548737 3.004511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 09:29:36.554861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:29:44.559244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:30:00.559106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:30:32.565324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:36:36.571732 3.001200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 09:36:43.578541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:36:51.580413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:37:07.583170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:37:39.589222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:43:43.595410 3.001587 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 09:43:50.602189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:43:58.604453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:44:14.607146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:44:46.613145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:51:50.624877 3.002225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 09:51:57.633037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:52:05.636565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:52:07.418898 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 09:52:07.419123 0.573518 tcp 10.0.2.109 63998 -> 176.73.169.112 1959 FSPA* 0 0 14 1676 flow=From-Botnet-V1-TCP-Established 1970/01/26 09:52:21.407474 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 09:52:21.637783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:52:36.682570 0.066663 tcp 10.0.2.109 63999 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 09:52:36.749481 0.069175 tcp 10.0.2.109 64000 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 09:52:36.818923 0.167002 tcp 10.0.2.109 64001 -> 195.113.214.211 443 SRPA* 0 0 70 69958 flow=From-Botnet-V1-TCP-Established 1970/01/26 09:52:36.986917 0.165245 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:37.152549 0.366068 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:37.519013 0.412312 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:37.931715 0.140939 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:38.073008 0.143926 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:38.217591 0.328648 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:38.546607 0.059587 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:38.606558 0.150952 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:38.757875 0.188543 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:38.946803 0.190338 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:39.137816 0.064251 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:39.202484 0.370239 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:39.573180 0.098376 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:39.671923 0.029096 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:39.701402 0.159366 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:39.861423 0.069016 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:39.930824 0.043982 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:39.975130 0.095503 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:40.071081 0.141372 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:40.212850 0.057537 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:40.270834 0.215405 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:40.486635 0.144335 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:40.631377 0.144187 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:40.775941 0.077098 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:40.853395 0.089239 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:40.942992 0.128284 rtcp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:41.071634 0.167839 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:41.239835 0.047589 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:41.287994 0.167992 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:41.456388 0.037923 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:41.494661 0.182862 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:41.677847 0.033139 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:41.711348 0.154761 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:41.866487 0.314137 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:42.180961 0.054082 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/26 09:52:53.643547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:59:18.649198 3.002158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 09:59:25.657483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:59:33.658312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 09:59:49.661543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:00:21.667748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:06:25.673220 3.002207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 10:06:32.680894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:06:40.682348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:06:56.685571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:07:28.691747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:13:32.698667 3.000987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 10:13:39.704778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:13:47.706600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:14:03.709691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:14:35.716595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:20:39.720840 3.002312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 10:20:46.731921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:20:54.729803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:21:10.733120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:21:42.739351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:22:07.999229 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 10:22:07.999359 0.489193 tcp 10.0.2.109 64002 -> 176.73.169.112 1959 FSPA* 0 0 15 1602 flow=From-Botnet-V1-TCP-Established 1970/01/26 10:22:55.965602 0.166806 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:56.132864 0.139894 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:56.273214 0.361886 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:56.635507 0.861293 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:57.497213 0.146812 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:57.644457 0.341287 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:57.986243 0.059110 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:58.045801 0.151197 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:58.197450 0.059668 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:58.257562 0.184022 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:58.441952 0.190390 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:58.632732 0.324556 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:58.957673 0.098234 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:59.056288 0.029188 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:59.085935 0.162486 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:59.249113 0.065196 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:59.314769 0.046139 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:59.361314 0.095355 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:59.457050 0.214390 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:59.671860 0.145289 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:59.817562 0.143546 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:22:59.961538 0.147668 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:00.109599 0.057351 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:00.167368 0.076974 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:00.244799 0.084464 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:00.329584 0.135181 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:00.465107 0.167863 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:00.550793 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 10:23:00.633341 0.054234 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:00.687989 0.170003 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:00.858531 0.031890 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:00.890820 0.156315 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:01.047520 0.044935 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:01.092798 0.188193 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:01.281402 0.304786 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:23:01.586632 0.055776 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:27:46.746406 3.000678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 10:27:53.754707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:28:01.754515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:28:17.762444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:28:49.763247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:34:53.769429 3.001549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 10:35:00.777234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:35:08.778512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:35:24.783983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:35:56.787505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:42:00.793408 3.001570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 10:42:07.800965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:42:15.801953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:42:31.805371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:43:03.814827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:49:07.817667 3.001407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 10:49:14.824963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:49:22.826559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:49:38.833849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:50:10.835328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:52:08.484930 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 10:52:08.485040 0.496042 tcp 10.0.2.109 64003 -> 176.73.169.112 1959 FSPA* 0 0 15 1609 flow=From-Botnet-V1-TCP-Established 1970/01/26 10:53:12.000877 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 10:53:12.001042 0.346221 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:12.347704 0.164005 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:12.512177 0.138987 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:12.651592 0.331174 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:12.983162 1.210210 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:14.193749 0.145033 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:14.339259 0.063415 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:14.403128 0.153033 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:14.556588 0.059241 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:14.616262 0.176052 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:14.792725 0.189702 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:14.982875 0.319604 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:15.302947 0.122656 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:15.426053 0.029629 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:15.456067 0.159451 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:15.615946 0.065988 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:15.682342 0.046523 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:15.729253 0.089624 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:15.819285 0.207758 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:16.027481 0.149009 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:16.176890 0.144095 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:16.321407 0.148139 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:16.470213 0.052045 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:16.522668 0.074305 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:16.597387 0.089023 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:16.686847 0.134799 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:16.822075 0.176721 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:16.999238 0.045691 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:17.045350 0.162974 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:17.208755 0.032139 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:17.241325 0.186110 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:17.427793 0.313877 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:17.742201 0.053742 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:17.796337 0.154721 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:53:17.951411 0.036093 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/26 10:56:14.846743 2.996000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 10:56:21.848932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:56:29.850558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:56:45.853740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 10:57:17.859456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:03:21.866163 3.000772 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 11:03:28.872729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:03:36.874110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:03:52.877248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:04:24.883154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:10:28.890377 3.000364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 11:10:35.896672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:10:43.898159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:10:59.903712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:11:31.909210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:17:35.913557 3.001253 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 11:17:42.920725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:17:50.921533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:18:06.925069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:18:38.931230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:22:08.983555 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 11:22:08.983644 0.542680 tcp 10.0.2.109 64004 -> 176.73.169.112 1959 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/01/26 11:23:31.873127 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 11:23:31.873262 0.337085 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:32.210758 0.164585 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:32.375732 0.139283 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:32.515408 0.339708 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:32.855480 0.516961 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:33.372807 0.145481 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:33.518677 0.059000 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:33.578059 0.164405 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:33.742852 0.057901 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:33.801099 0.182217 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:33.983731 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 11:23:51.813189 0.067560 tcp 10.0.2.109 64005 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 11:23:51.881086 0.067437 tcp 10.0.2.109 64006 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 11:23:51.948841 0.167067 tcp 10.0.2.109 64007 -> 195.113.214.211 443 SRPA* 0 0 37 31144 flow=From-Botnet-V1-TCP-Established 1970/01/26 11:23:52.116509 0.321546 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:52.438480 0.097958 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:52.536849 0.028875 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:52.566285 0.161922 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:52.728613 0.065652 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:52.794714 0.044264 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:52.839363 0.077695 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:52.917476 0.135586 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:53.053555 0.155855 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:53.209914 0.060199 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:53.270458 0.077083 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:53.348001 0.084952 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:53.433303 0.216030 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:53.649692 0.146021 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:53.796154 0.134835 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:53.931396 0.167182 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:54.099011 0.046075 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:54.145466 0.162186 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:54.307999 0.043936 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:54.352341 0.242227 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:54.595051 0.153682 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:23:54.749218 0.000000 udp 10.0.2.109 3683 -> 77.21.49.222 9684 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 11:24:10.998774 0.066293 tcp 10.0.2.109 64008 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 11:24:11.065335 0.067312 tcp 10.0.2.109 64009 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 11:24:11.132912 0.164105 tcp 10.0.2.109 64010 -> 195.113.214.211 443 SRPA* 0 0 63 42540 flow=From-Botnet-V1-TCP-Established 1970/01/26 11:24:11.297656 0.312968 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:24:11.611015 0.054022 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:24:42.938161 3.000678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 11:24:49.944739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:24:57.946176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:25:13.949207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:25:45.955015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:31:49.961886 3.000799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 11:31:56.968610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:32:05.077981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:32:20.982993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:32:52.989436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:38:56.995207 3.001584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 11:39:04.002597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:39:12.004057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:39:28.006821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:40:00.013240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:46:04.019564 3.011122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 11:46:11.040491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:46:19.038223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:46:35.041488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:47:07.047340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:52:09.491771 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 11:52:09.491862 0.441955 tcp 10.0.2.109 64011 -> 176.73.169.112 1959 FSPA* 0 0 15 1555 flow=From-Botnet-V1-TCP-Established 1970/01/26 11:53:11.055745 3.000060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 11:53:18.060569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:53:26.066467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:53:42.065049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:54:14.071450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 11:54:29.703659 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 11:54:29.703821 0.188683 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:29.892932 0.048792 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:29.942176 0.141112 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:30.083745 0.164851 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:30.249012 0.345363 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:30.594775 0.325922 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:30.921114 0.065601 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:30.987060 0.153838 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:31.141331 0.060160 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:31.201880 0.147126 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:31.349404 0.834129 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:32.183980 0.183485 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:32.367897 0.031405 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:32.399710 0.159513 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:32.559593 0.063676 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:32.623754 0.045004 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:32.669147 0.090868 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:32.760446 0.110316 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:32.871185 0.352586 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:33.224103 0.055952 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:33.280428 0.083094 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:33.363934 0.084981 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:33.449355 0.214311 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:33.664109 0.143211 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:33.807715 0.128144 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:33.936262 0.136170 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:34.072872 0.140768 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:34.214012 0.168159 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:34.382577 0.038623 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:34.421606 0.186274 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:34.608283 0.155064 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:34.763769 0.168159 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:34.932288 0.044504 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:34.977215 0.303301 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/26 11:54:35.280975 0.051307 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:00:18.077507 3.001110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 12:00:25.084671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:00:33.085974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:00:49.089026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:01:21.095141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:07:25.101328 3.007169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 12:07:32.108470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:07:40.110002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:07:56.113198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:08:28.119339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:14:32.125919 3.000707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 12:14:39.132425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:14:47.133888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:15:03.137201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:15:35.143060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:21:39.149542 3.001114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 12:21:46.156483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:21:54.157701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:22:09.931130 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 12:22:09.931262 0.494356 tcp 10.0.2.109 64012 -> 176.73.169.112 1959 FSPA* 0 0 16 1750 flow=From-Botnet-V1-TCP-Established 1970/01/26 12:22:10.160982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:22:42.166765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:24:57.121407 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 12:24:57.121512 0.139289 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:57.261212 0.167823 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:57.429465 0.347422 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:57.777287 0.332361 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:58.110255 0.057898 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:58.168546 0.195176 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:58.364131 0.035059 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:58.399570 0.149597 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:58.549566 0.056705 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:58.606671 0.144690 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:58.751773 0.397500 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:59.149725 0.182043 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:59.332211 0.029303 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:59.361954 0.159726 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:59.522058 0.063897 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:59.586466 0.043880 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:59.630768 0.078944 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:59.710112 0.110944 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:24:59.821456 0.368045 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:00.189876 0.058805 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:00.249079 0.074959 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:00.324427 0.090476 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:00.415277 0.209344 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:00.624971 0.147609 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:00.772932 0.135244 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:00.908577 0.137543 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:01.046525 0.148207 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:01.195128 0.182975 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:01.378520 0.150813 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:01.529725 0.166670 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:01.696798 0.044047 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:01.741226 0.313750 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:02.055422 0.054862 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:02.110685 0.167512 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:25:02.278637 0.032943 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:28:46.180801 2.993916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 12:28:53.180371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:29:01.181761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:29:17.184801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:29:49.190774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:35:53.196789 3.002047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 12:36:00.204519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:36:08.205841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:36:24.210978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:36:56.214939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:43:00.221020 3.001511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 12:43:07.228119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:43:15.229713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:43:31.233115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:44:03.238602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:51:24.249708 3.000131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 12:51:31.253217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:51:39.255227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:51:55.257643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:52:10.431071 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 12:52:10.431239 0.504611 tcp 10.0.2.109 64013 -> 176.73.169.112 1959 FSPA* 0 0 14 1497 flow=From-Botnet-V1-TCP-Established 1970/01/26 12:52:27.263550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:55:07.193802 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 12:55:07.194004 0.340634 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:07.535030 0.139906 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:07.675398 0.164000 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:07.839789 0.327632 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:08.167823 0.060464 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:08.228660 0.189842 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:08.418897 0.036444 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:08.455740 0.343150 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:08.799237 0.059739 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:08.859357 0.244407 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:09.104192 0.398115 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:09.502672 0.174273 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:09.677405 0.029098 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:09.706885 0.158197 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:09.865490 0.063493 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:09.929445 0.045257 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:09.975098 0.076111 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:10.051616 0.098292 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:10.150336 0.073701 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:10.224461 0.084278 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:10.309168 0.214439 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:10.523970 0.145182 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:10.669559 0.134858 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:10.804813 0.350897 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:11.156101 0.056896 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:11.213401 0.143205 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:11.357081 0.219148 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:11.576646 0.172670 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:11.749766 0.156684 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:11.906868 0.165117 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:12.072360 0.050191 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:12.122917 0.164007 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:12.287327 0.032147 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:12.319857 0.311767 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:55:12.632034 0.053336 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/26 12:58:56.275416 3.002097 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 12:59:03.283322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:59:11.284394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:59:27.289593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 12:59:59.293499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:06:04.301092 3.001389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 13:06:11.308122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:06:19.309742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:06:35.315912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:07:07.318612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:13:11.325434 3.001129 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 13:13:18.332144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:13:26.333732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:13:42.336640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:14:14.342775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:20:18.349802 3.006230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 13:20:25.356765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:20:33.357781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:20:49.360643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:21:21.366678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:22:10.938337 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 13:22:10.938492 0.572533 tcp 10.0.2.109 64014 -> 176.73.169.112 1959 FSPA* 0 0 14 1622 flow=From-Botnet-V1-TCP-Established 1970/01/26 13:25:28.833433 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 13:25:28.833548 0.163768 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:28.997792 0.337283 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:29.335490 0.373812 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:29.709716 0.138935 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:29.849099 0.061380 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:29.910901 0.189763 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:30.101060 0.036486 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:30.137877 0.260735 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:30.399050 0.061835 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:30.461327 0.148401 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:30.610081 0.393144 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.003630 0.181003 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.185059 0.030907 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.216410 0.159089 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.375884 0.063897 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.440182 0.044235 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.484862 0.087339 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.572619 0.122834 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.695874 0.134916 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.831259 0.085398 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:31.917130 0.215846 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:32.133425 0.351438 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:32.485282 0.058806 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:32.544492 0.136981 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:32.681897 0.154833 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:32.837142 0.146818 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:32.984446 0.134889 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:33.119774 0.190884 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:33.311039 0.151327 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:33.462692 0.164050 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:33.627145 0.047450 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:33.675010 0.169347 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:33.844799 0.032699 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:33.877932 0.311519 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:25:34.189887 0.049760 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:27:25.372807 3.006658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 13:27:32.380156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:27:40.381462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:27:56.387687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:28:28.390953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:34:32.396848 3.106622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 13:34:39.474948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:34:47.416319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:35:03.419382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:35:35.424565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:41:39.430292 3.001438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 13:41:46.437782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:41:54.439418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:42:10.442516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:42:42.448235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:48:46.454288 3.005254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 13:48:53.461846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:49:01.463522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:49:17.466477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:49:49.472054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:52:11.517448 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 13:52:11.517614 0.518346 tcp 10.0.2.109 64015 -> 176.73.169.112 1959 FSPA* 0 0 14 1524 flow=From-Botnet-V1-TCP-Established 1970/01/26 13:55:53.478710 3.001657 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 13:56:00.485989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:56:02.639194 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 13:56:02.639341 0.169012 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:02.808765 0.139429 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:02.948615 0.060800 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:03.009786 0.337507 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:03.347723 0.334343 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:03.682529 0.189006 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:03.872001 0.036565 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:03.908971 0.214404 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:04.123858 0.062530 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:04.186850 0.141153 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:04.328443 0.395855 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:04.724709 0.175825 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:04.900942 0.029122 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:04.930476 0.158717 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.089615 0.060903 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.150928 0.044098 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.195408 0.077535 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.273354 0.111674 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.385431 0.078725 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.464499 0.084574 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.549479 0.053979 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.603836 0.135502 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.739696 0.148352 rtcp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:05.888439 0.147309 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:06.036134 0.212890 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:06.249465 0.364193 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:06.614025 0.135233 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:06.749642 0.182922 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:06.932964 0.154192 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:07.087585 0.166201 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:07.254404 0.048671 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:07.303515 0.162772 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:07.466717 0.038953 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:07.506211 0.306122 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:07.812736 0.048541 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/26 13:56:08.487613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:56:24.493424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 13:56:56.496630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:03:00.502623 3.001513 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 14:03:07.509907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:03:15.511652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:03:31.514665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:04:03.520556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:10:07.527413 3.000550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 14:10:14.533820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:10:22.535482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:10:38.538211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:11:10.544302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:17:14.549811 3.002016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 14:17:21.560629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:17:29.558739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:17:45.562439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:18:17.568523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:22:12.036011 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 14:22:12.036229 0.522444 tcp 10.0.2.109 64016 -> 176.73.169.112 1959 FSPA* 0 0 14 1611 flow=From-Botnet-V1-TCP-Established 1970/01/26 14:24:21.573799 3.001667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 14:24:28.581737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:24:36.583399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:24:52.586629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:25:24.591806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:26:35.865175 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 14:26:35.865333 0.057174 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:35.923007 0.163389 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:36.086759 0.141059 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:36.228260 0.339003 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:36.567650 0.369856 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:36.937900 0.187940 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:37.126264 0.035344 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:37.161975 0.533073 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:37.695478 0.057205 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:37.753097 0.141726 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:37.895212 0.029166 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:37.924709 0.161213 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:38.086354 0.060841 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:38.147578 0.046531 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:38.194487 0.453858 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:38.648789 0.183231 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:38.832421 0.081402 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:38.914353 0.110278 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:39.024990 0.070059 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:39.095449 0.082123 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:39.177913 0.052884 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:39.231139 0.145608 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:39.377118 0.154755 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:39.532237 0.326568 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:39.859231 0.144484 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:40.004111 0.213313 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:40.217795 0.134989 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:40.353215 0.169633 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:40.523255 0.154529 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:40.698691 0.165287 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:40.864393 0.033320 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:40.898080 0.305813 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:41.204266 0.048225 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:41.252919 0.048441 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:26:41.301800 0.161943 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:31:28.601955 3.014850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 14:31:35.615514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:31:43.623263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:31:59.627520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:32:31.636474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:38:35.641379 3.002726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 14:38:42.649807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:38:50.651224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:39:06.656913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:39:38.660819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:45:42.668023 3.001470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 14:45:49.673588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:45:57.679101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:46:13.679029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:46:45.684701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:52:12.564948 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 14:52:12.565106 0.636403 tcp 10.0.2.109 64017 -> 176.73.169.112 1959 FSPA* 0 0 14 1595 flow=From-Botnet-V1-TCP-Established 1970/01/26 14:52:49.690809 3.001629 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 14:52:56.699910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:53:04.699364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:53:20.702053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:53:52.708655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 14:57:05.135646 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 14:57:05.135821 0.060441 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:05.196659 0.326753 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:05.523843 0.370947 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:05.895188 0.167330 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:06.062879 0.139246 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:06.202555 0.188416 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:06.391416 0.036156 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:06.427954 0.646356 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:07.074709 0.059706 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:07.134811 0.143872 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:07.279084 0.031333 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:07.310798 0.160843 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:07.472033 0.063535 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:07.536151 0.044475 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:07.580976 0.448474 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:08.029954 0.175112 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:08.205463 0.081189 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:08.287049 0.110524 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:08.397966 0.057728 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:08.456077 0.145737 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:08.602199 0.141387 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:08.743955 0.319405 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:09.063788 0.138678 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:09.202869 0.070920 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:09.274240 0.086958 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:09.361765 0.213084 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:09.575260 0.135273 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:09.710931 0.183292 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:09.894629 0.156036 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:10.051126 0.170781 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:10.222334 0.031288 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:10.253992 0.044309 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:10.298627 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 14:57:27.739592 0.066997 tcp 10.0.2.109 64018 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 14:57:27.806859 0.067100 tcp 10.0.2.109 64019 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 14:57:27.874268 0.135081 tcp 10.0.2.109 64020 -> 195.113.214.211 443 SRPA* 0 0 35 26872 flow=From-Botnet-V1-TCP-Established 1970/01/26 14:57:28.009938 0.312581 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:57:28.322938 0.049512 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/26 14:59:56.714015 3.003593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 15:00:03.721500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:00:11.723367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:00:27.725944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:00:59.733516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:07:03.738532 3.001256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 15:07:10.745765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:07:19.759967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:07:35.571830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:08:07.686313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:14:10.782895 3.000987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 15:14:17.789660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:14:25.791086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:14:41.794010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:15:13.800142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:21:17.806232 3.001354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 15:21:24.813776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:21:32.815084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:21:48.818068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:22:13.203967 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 15:22:13.204070 0.443081 tcp 10.0.2.109 64021 -> 176.73.169.112 1959 FSPA* 0 0 14 1592 flow=From-Botnet-V1-TCP-Established 1970/01/26 15:22:20.823820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:27:29.598555 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 15:27:29.598743 0.172580 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:29.771765 0.057581 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:29.829789 0.370655 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:30.200810 0.165074 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:30.366457 0.138880 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:30.505766 0.189819 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:30.695998 0.041469 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:30.737890 0.344130 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.082426 0.029408 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.112248 0.191135 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.303843 0.057129 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.361381 0.060458 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.422412 0.044348 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.467126 0.162040 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.629581 0.143796 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.773754 0.082691 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.856891 0.110294 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:31.967572 0.054869 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:32.022859 0.136373 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:32.159668 0.147821 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:32.307901 0.182608 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:32.490943 0.617662 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:33.108989 0.144126 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:33.253505 0.077894 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:33.331824 0.080067 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:33.414312 0.214064 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:33.628798 0.134963 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:33.764146 0.185175 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:33.949751 0.154378 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:34.104535 0.168949 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:34.274110 0.350894 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:34.625384 0.046872 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:34.672622 0.033353 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:34.706354 0.314351 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:27:35.021095 0.052469 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:28:24.830935 3.000904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 15:28:31.837494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:28:39.838955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:28:55.842600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:29:27.848096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:35:31.854719 3.001026 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 15:35:38.861480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:35:46.863214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:36:02.865821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:36:34.871883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:42:38.878234 3.004814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 15:42:45.885459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:42:53.887051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:43:09.890158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:43:41.896086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:49:45.901405 3.002291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 15:49:52.909339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:50:00.911196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:50:16.914327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:50:48.920170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:52:13.652539 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 15:52:13.652631 0.434962 tcp 10.0.2.109 64022 -> 176.73.169.112 1959 FSPA* 0 0 14 1680 flow=From-Botnet-V1-TCP-Established 1970/01/26 15:56:52.925851 3.002968 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 15:56:59.937652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:57:07.935133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:57:23.937843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 15:57:41.313291 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 15:57:41.313403 0.168914 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:41.482732 0.057594 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:41.540671 0.135277 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:41.676314 0.188371 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:41.865061 0.040664 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:41.906154 0.342686 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:42.249219 0.181238 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:42.430839 0.328377 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:42.759610 0.028894 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:42.788902 0.293531 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.082861 0.059572 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.142825 0.062182 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.205403 0.043958 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.249801 0.158606 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.408913 0.144973 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.554437 0.073614 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.628462 0.110222 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.739129 0.052504 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.792013 0.183426 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:43.975820 0.143099 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:44.119321 0.148112 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:44.267837 0.688093 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:44.956342 0.143671 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:45.100386 0.070821 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:45.171603 0.080326 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:45.252380 0.218487 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:45.471259 0.135109 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:45.606746 0.180138 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:45.787263 0.359048 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:46.146697 0.045958 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:46.192996 0.033397 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:46.226737 0.307365 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:46.534493 0.159085 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:46.693960 0.168118 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:46.862464 0.051823 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/26 15:57:55.944978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:03:59.950754 3.002065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 16:04:06.957323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:04:14.959086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:04:30.961825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:05:02.967831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:11:06.973892 3.001814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 16:11:13.981489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:11:21.982930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:11:37.985821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:12:09.999312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:18:13.998381 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 16:18:21.005470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:18:29.006728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:18:45.009907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:19:17.018743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:22:14.090913 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 16:22:14.091033 2.994113 tcp 10.0.2.109 64023 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:22:23.093399 0.000000 tcp 10.0.2.109 64023 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:22:29.094022 0.175179 tcp 10.0.2.109 64024 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:22:29.269545 0.067306 tcp 10.0.2.109 64025 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:22:29.337223 0.152290 tcp 10.0.2.109 64026 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:22:29.607582 2.977557 tcp 10.0.2.109 64027 -> 24.126.254.250 9945 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:22:38.534248 0.000000 tcp 10.0.2.109 64027 -> 24.126.254.250 9945 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:22:44.504799 0.064044 tcp 10.0.2.109 64028 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:22:44.569184 0.062553 tcp 10.0.2.109 64029 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:22:44.632028 0.154574 tcp 10.0.2.109 64030 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:22:44.796455 3.002313 tcp 10.0.2.109 64031 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:22:53.797567 0.000000 tcp 10.0.2.109 64031 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:22:59.797288 0.065012 tcp 10.0.2.109 64032 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:22:59.862551 0.061969 tcp 10.0.2.109 64033 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:22:59.924812 0.158130 tcp 10.0.2.109 64034 -> 195.113.214.211 443 SRPA* 0 0 49 42076 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:00.094337 3.006506 tcp 10.0.2.109 64035 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:23:09.099481 0.000000 tcp 10.0.2.109 64035 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:23:15.088996 0.062488 tcp 10.0.2.109 64036 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:15.151768 0.062860 tcp 10.0.2.109 64037 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:15.214959 0.152456 tcp 10.0.2.109 64038 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:15.439085 3.003692 tcp 10.0.2.109 64039 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:23:24.444022 0.000000 tcp 10.0.2.109 64039 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:23:30.440941 0.064510 tcp 10.0.2.109 64040 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:30.505873 0.064822 tcp 10.0.2.109 64041 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:30.571186 0.152573 tcp 10.0.2.109 64042 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:30.762914 2.991973 tcp 10.0.2.109 64043 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:23:39.763821 0.000000 tcp 10.0.2.109 64043 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:23:45.762778 0.065568 tcp 10.0.2.109 64044 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:45.828649 0.065133 tcp 10.0.2.109 64045 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:45.894015 0.156699 tcp 10.0.2.109 64046 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:23:46.104821 3.002376 tcp 10.0.2.109 64047 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:23:55.105460 0.000000 tcp 10.0.2.109 64047 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:24:01.105168 0.062700 tcp 10.0.2.109 64048 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:24:01.168127 0.065122 tcp 10.0.2.109 64049 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:24:01.233588 0.157878 tcp 10.0.2.109 64050 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:24:01.426745 3.002383 tcp 10.0.2.109 64051 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:24:10.427607 0.000000 tcp 10.0.2.109 64051 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:24:16.426629 3.003698 tcp 10.0.2.109 64052 -> 24.126.254.250 9945 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:24:25.429159 0.000000 tcp 10.0.2.109 64052 -> 24.126.254.250 9945 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:24:31.428158 3.003935 tcp 10.0.2.109 64053 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:24:40.430880 0.000000 tcp 10.0.2.109 64053 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:24:46.429632 3.004093 tcp 10.0.2.109 64054 -> 119.75.180.21 4993 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:24:51.045883 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 16:24:55.442419 0.000000 tcp 10.0.2.109 64054 -> 119.75.180.21 4993 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:25:01.431279 2.994035 tcp 10.0.2.109 64055 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:25:10.433830 0.000000 tcp 10.0.2.109 64055 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:25:16.432608 2.994412 tcp 10.0.2.109 64056 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:25:21.022054 3.001674 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 16:25:25.425954 0.000000 tcp 10.0.2.109 64056 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:25:28.029260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:25:31.434513 3.004158 tcp 10.0.2.109 64057 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:25:36.030764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:25:36.050732 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 16:25:40.436962 0.000000 tcp 10.0.2.109 64057 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:25:52.033606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:26:24.039747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:28:06.309761 0.000172 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 16:28:06.310038 0.138534 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:06.448982 0.189471 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:06.638807 0.036798 udp 10.0.2.109 3683 <-> 77.21.49.222 9684 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:06.676020 0.337640 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:07.014237 0.166493 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:07.181104 0.169582 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:07.351049 0.057790 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:07.409247 0.335243 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:07.744903 0.029275 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:07.774550 0.413881 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:08.188781 0.058161 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:08.247324 0.061079 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:08.308779 0.044317 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:08.353579 0.153243 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:08.507214 0.142779 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:08.650441 0.077737 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:08.728574 0.098114 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:08.827079 0.054241 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:08.881703 0.183819 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:09.065980 0.137526 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:09.203933 0.147656 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:09.352027 0.440237 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:09.792624 0.142464 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:09.935459 0.076633 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:10.012817 0.087189 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:10.100466 0.215372 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:10.316300 0.134900 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:10.451628 0.181375 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:10.633418 0.038225 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:10.672104 0.306134 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:10.978695 0.158997 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:11.138017 0.173737 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:11.312171 0.049402 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:11.361994 0.351503 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:28:11.713900 0.055083 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:30:46.709304 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 16:30:46.709489 3.005181 tcp 10.0.2.109 64058 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:30:55.710300 0.000000 tcp 10.0.2.109 64058 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:31:01.714524 0.068357 tcp 10.0.2.109 64059 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:01.783185 0.061615 tcp 10.0.2.109 64060 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:01.845069 0.155420 tcp 10.0.2.109 64061 -> 195.113.214.211 443 SRPA* 0 0 20 11286 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:02.223914 2.995771 tcp 10.0.2.109 64062 -> 24.126.254.250 9945 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:31:11.224680 0.000000 tcp 10.0.2.109 64062 -> 24.126.254.250 9945 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:31:17.217655 0.064491 tcp 10.0.2.109 64063 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:17.282506 0.064325 tcp 10.0.2.109 64064 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:17.347200 0.155192 tcp 10.0.2.109 64065 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:17.536896 2.993425 tcp 10.0.2.109 64066 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:31:26.524803 0.000000 tcp 10.0.2.109 64066 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:31:32.534207 0.060833 tcp 10.0.2.109 64067 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:32.595380 0.067184 tcp 10.0.2.109 64068 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:32.662895 0.152531 tcp 10.0.2.109 64069 -> 195.113.214.211 443 SRPA* 0 0 23 11450 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:33.085339 3.003285 tcp 10.0.2.109 64070 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:31:42.087176 0.000000 tcp 10.0.2.109 64070 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:31:48.086755 0.065353 tcp 10.0.2.109 64071 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:48.152385 0.065478 tcp 10.0.2.109 64072 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:48.218137 0.155415 tcp 10.0.2.109 64073 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:31:48.433070 2.997471 tcp 10.0.2.109 64074 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:31:57.428994 0.000000 tcp 10.0.2.109 64074 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:32:03.428295 0.064154 tcp 10.0.2.109 64075 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:32:03.492745 0.068823 tcp 10.0.2.109 64076 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:32:03.561849 0.150037 tcp 10.0.2.109 64077 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:32:03.864329 3.008655 tcp 10.0.2.109 64078 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:32:12.871349 0.000000 tcp 10.0.2.109 64078 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:32:18.860294 2.994010 tcp 10.0.2.109 64079 -> 24.126.254.250 9945 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:32:27.862570 0.000000 tcp 10.0.2.109 64079 -> 24.126.254.250 9945 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:32:28.046078 3.001324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 16:32:33.861674 2.994718 tcp 10.0.2.109 64080 -> 70.113.215.93 3558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:32:35.053464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:32:42.854616 0.000000 tcp 10.0.2.109 64080 -> 70.113.215.93 3558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:32:43.054771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:32:48.864176 2.993226 tcp 10.0.2.109 64081 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:32:53.549838 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 16:32:57.856102 0.000000 tcp 10.0.2.109 64081 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:32:59.057775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:33:03.865080 3.003818 tcp 10.0.2.109 64082 -> 176.73.148.5 3964 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:33:12.867654 0.000000 tcp 10.0.2.109 64082 -> 176.73.148.5 3964 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:33:31.063743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:38:18.868001 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 16:38:18.868202 3.003531 tcp 10.0.2.109 64083 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:38:27.870796 0.000000 tcp 10.0.2.109 64083 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:38:33.870924 0.063885 tcp 10.0.2.109 64084 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:38:33.935062 0.066594 tcp 10.0.2.109 64085 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:38:34.001947 0.156007 tcp 10.0.2.109 64086 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:38:34.423981 3.002930 tcp 10.0.2.109 64087 -> 24.126.254.250 9945 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:38:43.432854 0.000000 tcp 10.0.2.109 64087 -> 24.126.254.250 9945 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:38:49.424045 0.066191 tcp 10.0.2.109 64088 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:38:49.490529 0.064566 tcp 10.0.2.109 64089 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:38:49.555390 0.156319 tcp 10.0.2.109 64090 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:38:49.944691 2.992310 tcp 10.0.2.109 64091 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:38:58.936991 0.000000 tcp 10.0.2.109 64091 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:39:04.948219 3.000095 tcp 10.0.2.109 64092 -> 24.126.254.250 9945 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:39:13.946777 0.000000 tcp 10.0.2.109 64092 -> 24.126.254.250 9945 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:39:35.069995 3.001383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 16:39:42.077332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:39:50.079869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:40:06.081692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:40:38.087706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:44:19.947698 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 16:44:19.947856 3.003414 tcp 10.0.2.109 64093 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:44:28.950410 0.000000 tcp 10.0.2.109 64093 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:44:34.950635 0.065626 tcp 10.0.2.109 64094 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:44:35.016575 0.062487 tcp 10.0.2.109 64095 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:44:35.079428 0.153868 tcp 10.0.2.109 64096 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:44:35.244476 3.008728 tcp 10.0.2.109 64097 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:44:44.251550 0.000000 tcp 10.0.2.109 64097 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:46:42.097958 2.997322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 16:46:49.101415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:46:57.102846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:47:13.106504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:47:45.111584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:53:49.119905 2.999872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 16:53:56.124988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:54:04.131709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:54:20.129572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:54:52.135664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 16:58:15.298228 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 16:58:15.298377 0.000000 udp 10.0.2.109 3683 -> 77.21.49.222 9684 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 16:58:32.174721 0.061684 tcp 10.0.2.109 64098 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:58:32.236677 0.065348 tcp 10.0.2.109 64099 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:58:32.302329 0.157505 tcp 10.0.2.109 64100 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:58:32.460347 0.365573 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:32.837010 0.176425 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:32.990528 0.201538 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:33.184265 0.168226 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:33.362381 0.174445 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:33.532328 0.090804 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:33.588681 0.334192 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:33.924533 0.034297 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:33.957500 1.056116 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:35.006234 0.072242 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:35.064110 0.078292 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:35.126352 0.048109 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:35.200125 0.168146 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:35.296886 3.006134 tcp 10.0.2.109 64101 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:58:35.362021 0.276049 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:35.614057 0.103369 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:35.695299 0.111350 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:35.844390 0.086314 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:35.902274 0.156361 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:36.071933 0.437784 rtp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:36.469810 0.180356 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:36.629128 0.114493 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:36.706953 0.191828 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:36.891415 0.158493 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:37.045509 0.128597 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:37.131705 0.213585 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:37.346636 0.143140 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:37.549343 0.200826 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:37.734530 0.000000 udp 10.0.2.109 3683 -> 143.225.166.230 6500 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 16:58:44.299360 0.000000 tcp 10.0.2.109 64101 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:58:50.300728 0.067027 tcp 10.0.2.109 64102 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:58:50.368114 0.063054 tcp 10.0.2.109 64103 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:58:50.431523 0.157336 tcp 10.0.2.109 64104 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:58:50.674225 2.998966 tcp 10.0.2.109 64105 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 16:58:55.576790 0.060987 tcp 10.0.2.109 64106 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:58:55.638064 0.062671 tcp 10.0.2.109 64107 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:58:55.701020 0.157332 tcp 10.0.2.109 64108 -> 195.113.214.211 443 SRPA* 0 0 40 31058 flow=From-Botnet-V1-TCP-Established 1970/01/26 16:58:55.859033 0.314207 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:56.182809 0.068862 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:56.233892 0.386094 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:56.601494 0.048944 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:56.659719 0.200771 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:56.876457 0.206414 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/26 16:58:59.673090 0.000000 tcp 10.0.2.109 64105 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:00:56.141793 3.001605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 17:01:03.149252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:01:11.150890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:01:27.153729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:01:59.159952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:04:05.672098 0.000157 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 17:04:05.672366 2.993467 tcp 10.0.2.109 64109 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:04:14.664522 0.000000 tcp 10.0.2.109 64109 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:04:20.675050 0.065445 tcp 10.0.2.109 64110 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:04:20.740786 0.061823 tcp 10.0.2.109 64111 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:04:20.802872 0.155573 tcp 10.0.2.109 64112 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:04:20.968524 2.999144 tcp 10.0.2.109 64113 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:04:29.966335 0.000000 tcp 10.0.2.109 64113 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:04:35.965978 0.064287 tcp 10.0.2.109 64114 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:04:36.030548 0.061895 tcp 10.0.2.109 64115 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:04:36.092700 0.153673 tcp 10.0.2.109 64116 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:04:36.262947 2.996908 tcp 10.0.2.109 64117 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:04:45.258706 0.000000 tcp 10.0.2.109 64117 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:04:51.257382 3.004094 tcp 10.0.2.109 64118 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:05:00.259904 0.000000 tcp 10.0.2.109 64118 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:08:07.172495 3.000895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 17:08:14.184918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:08:22.180671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:08:38.183276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:09:10.189337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:10:06.263143 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 17:10:06.263345 2.991070 tcp 10.0.2.109 64119 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:10:15.263081 0.000000 tcp 10.0.2.109 64119 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:10:21.263271 0.065123 tcp 10.0.2.109 64120 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:10:21.328682 0.062176 tcp 10.0.2.109 64121 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:10:21.391130 0.157665 tcp 10.0.2.109 64122 -> 195.113.214.211 443 SRPA* 0 0 48 33538 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:10:21.818283 2.998358 tcp 10.0.2.109 64123 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:10:30.815691 0.000000 tcp 10.0.2.109 64123 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:10:36.814535 0.061992 tcp 10.0.2.109 64124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:10:36.876806 0.062314 tcp 10.0.2.109 64125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:10:36.939399 0.156989 tcp 10.0.2.109 64126 -> 195.113.214.211 443 SRPA* 0 0 44 39444 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:10:37.267158 3.001978 tcp 10.0.2.109 64127 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:10:46.267526 0.000000 tcp 10.0.2.109 64127 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:10:52.266634 3.003828 tcp 10.0.2.109 64128 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:11:01.269095 0.000000 tcp 10.0.2.109 64128 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:15:14.195588 3.001617 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 17:15:21.203666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:15:29.204578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:15:45.212564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:16:07.269520 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 17:16:07.269629 3.003639 tcp 10.0.2.109 64129 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:16:16.272067 0.000000 tcp 10.0.2.109 64129 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:16:17.213354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:16:22.272213 0.065260 tcp 10.0.2.109 64130 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:16:22.337726 0.063256 tcp 10.0.2.109 64131 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:16:22.401288 0.150193 tcp 10.0.2.109 64132 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:16:23.020031 2.995809 tcp 10.0.2.109 64133 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:16:32.014637 0.000000 tcp 10.0.2.109 64133 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:16:38.014480 0.063776 tcp 10.0.2.109 64134 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:16:38.078538 0.064291 tcp 10.0.2.109 64135 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:16:38.143112 0.158722 tcp 10.0.2.109 64136 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:16:38.311555 2.996488 tcp 10.0.2.109 64137 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:16:47.306620 0.000000 tcp 10.0.2.109 64137 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:16:53.305486 3.004184 tcp 10.0.2.109 64138 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:17:02.308064 0.000000 tcp 10.0.2.109 64138 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:22:08.308953 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 17:22:08.309150 3.003191 tcp 10.0.2.109 64139 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:22:17.311150 0.000000 tcp 10.0.2.109 64139 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:22:21.219267 3.001757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 17:22:23.311489 0.064824 tcp 10.0.2.109 64140 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:22:23.376577 0.066075 tcp 10.0.2.109 64141 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:22:23.442456 0.159283 tcp 10.0.2.109 64142 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:22:23.619389 2.995289 tcp 10.0.2.109 64143 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:22:28.226811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:22:32.622870 0.000000 tcp 10.0.2.109 64143 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:22:36.228133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:22:38.611637 0.064114 tcp 10.0.2.109 64144 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:22:38.675989 0.065142 tcp 10.0.2.109 64145 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:22:38.741510 0.156473 tcp 10.0.2.109 64146 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:22:38.911272 2.995120 tcp 10.0.2.109 64147 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:22:47.905113 0.000000 tcp 10.0.2.109 64147 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:22:52.231212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:22:53.904049 3.003776 tcp 10.0.2.109 64148 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:23:02.906614 0.000000 tcp 10.0.2.109 64148 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:23:24.237374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:29:11.346903 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 17:29:11.347010 0.000000 udp 10.0.2.109 3683 -> 77.21.49.222 9684 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 17:29:28.243628 3.006599 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 17:29:29.338673 0.065853 tcp 10.0.2.109 64149 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:29:29.404879 0.066598 tcp 10.0.2.109 64150 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:29:29.471728 0.151958 tcp 10.0.2.109 64151 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:29:29.624240 0.000000 udp 10.0.2.109 3683 -> 143.225.166.230 6500 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 17:29:35.252812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:29:43.252799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:29:45.889541 0.066456 tcp 10.0.2.109 64152 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:29:45.956342 0.064352 tcp 10.0.2.109 64153 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:29:46.021038 0.158862 tcp 10.0.2.109 64154 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:29:46.180407 0.197454 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:29:46.370651 0.211035 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:29:47.040970 0.217980 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:29:47.275803 0.098799 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:29:47.339163 0.310589 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:29:47.674013 0.163207 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:29:47.814519 0.345602 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:29:48.176047 0.031994 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:29:48.206843 0.074996 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:29:48.308141 0.000000 udp 10.0.2.109 3683 -> 86.166.144.242 6232 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 17:29:53.921072 3.004071 tcp 10.0.2.109 64155 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:29:59.258557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:30:02.920656 0.000000 tcp 10.0.2.109 64155 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:30:04.974453 0.063780 tcp 10.0.2.109 64156 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:30:05.038586 0.065723 tcp 10.0.2.109 64157 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:30:05.104624 0.154185 tcp 10.0.2.109 64158 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:30:05.259209 0.047787 rtcp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:05.342358 0.161536 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:05.496951 0.167005 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:05.641722 0.111955 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:05.862367 0.099257 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:06.147268 0.081913 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:06.201743 0.461577 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:06.920452 0.175615 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:07.199609 0.114323 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:07.296096 0.194304 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:07.483060 0.149559 rtp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:07.679469 0.465592 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:08.109030 0.220645 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:08.467541 0.142999 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:08.732605 0.202239 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:08.919350 0.063827 tcp 10.0.2.109 64159 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:30:08.983502 0.062475 tcp 10.0.2.109 64160 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:30:09.028087 0.126760 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:09.046260 0.160080 tcp 10.0.2.109 64161 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:30:09.115689 0.146453 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:09.222721 3.001301 tcp 10.0.2.109 64162 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:30:09.253685 0.345298 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:09.681252 0.069081 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:09.733849 0.203968 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:09.997713 0.207143 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:10.166366 0.374088 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:10.520024 0.047173 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/26 17:30:18.232778 0.000000 tcp 10.0.2.109 64162 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:30:31.261581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:35:24.223464 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 17:35:24.223637 2.993294 tcp 10.0.2.109 64163 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:35:33.215329 0.000000 tcp 10.0.2.109 64163 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:35:39.226495 0.065796 tcp 10.0.2.109 64164 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:35:39.292636 0.064973 tcp 10.0.2.109 64165 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:35:39.357874 0.154778 tcp 10.0.2.109 64166 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:35:39.724439 3.004527 tcp 10.0.2.109 64167 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:35:48.728107 0.000000 tcp 10.0.2.109 64167 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:35:54.717281 0.065042 tcp 10.0.2.109 64168 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:35:54.782577 0.065874 tcp 10.0.2.109 64169 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:35:54.848703 0.708163 tcp 10.0.2.109 64170 -> 195.113.214.211 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:35:55.567419 2.994406 tcp 10.0.2.109 64171 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:36:04.560472 0.000000 tcp 10.0.2.109 64171 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:36:10.569434 3.004414 tcp 10.0.2.109 64172 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:36:19.571580 0.000000 tcp 10.0.2.109 64172 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:36:35.267700 3.001084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 17:36:42.275312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:36:50.276451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:37:06.279316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:37:38.290255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:41:25.571989 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 17:41:25.572201 2.994207 tcp 10.0.2.109 64173 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:41:34.590267 0.000000 tcp 10.0.2.109 64173 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:41:40.574491 0.062174 tcp 10.0.2.109 64174 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:41:40.636886 0.062766 tcp 10.0.2.109 64175 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:41:40.699901 0.156194 tcp 10.0.2.109 64176 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:41:41.062584 2.996265 tcp 10.0.2.109 64177 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:41:50.058414 0.000000 tcp 10.0.2.109 64177 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:41:56.059149 0.066712 tcp 10.0.2.109 64178 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:41:56.126119 0.068134 tcp 10.0.2.109 64179 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:41:56.194537 0.166950 tcp 10.0.2.109 64180 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:41:56.611122 2.999946 tcp 10.0.2.109 64181 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:42:05.609188 0.000000 tcp 10.0.2.109 64181 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:42:11.608183 3.004419 tcp 10.0.2.109 64182 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:42:20.611099 0.000000 tcp 10.0.2.109 64182 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:43:42.291536 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 17:43:49.299096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:43:57.301265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:44:13.303230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:44:45.309596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:47:26.611821 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 17:47:26.611986 2.993532 tcp 10.0.2.109 64183 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:47:35.614034 0.000000 tcp 10.0.2.109 64183 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:47:41.614031 0.068482 tcp 10.0.2.109 64184 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:47:41.682775 0.066443 tcp 10.0.2.109 64185 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:47:41.749514 0.162781 tcp 10.0.2.109 64186 -> 195.113.214.211 443 SRPA* 0 0 68 69850 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:47:41.988515 2.999154 tcp 10.0.2.109 64187 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:47:50.986516 0.000000 tcp 10.0.2.109 64187 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:47:56.985533 0.065276 tcp 10.0.2.109 64188 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:47:57.051055 0.060893 tcp 10.0.2.109 64189 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:47:57.112297 0.157046 tcp 10.0.2.109 64190 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:47:57.281375 2.997985 tcp 10.0.2.109 64191 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:48:06.278408 0.000000 tcp 10.0.2.109 64191 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:48:12.277270 3.009753 tcp 10.0.2.109 64192 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:48:21.279519 0.000000 tcp 10.0.2.109 64192 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:51:51.324161 3.004217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 17:51:58.331467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:52:06.332883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:52:22.336677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:52:54.342026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:53:27.280360 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 17:53:27.280555 2.993467 tcp 10.0.2.109 64193 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:53:36.282728 0.000000 tcp 10.0.2.109 64193 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:53:42.289828 0.069717 tcp 10.0.2.109 64194 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:53:42.359764 0.068263 tcp 10.0.2.109 64195 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:53:42.428329 0.151641 tcp 10.0.2.109 64196 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:53:42.600032 2.998354 tcp 10.0.2.109 64197 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:53:51.597496 0.000000 tcp 10.0.2.109 64197 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:53:57.593911 0.064711 tcp 10.0.2.109 64198 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:53:57.658892 0.066082 tcp 10.0.2.109 64199 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:53:57.725238 0.154586 tcp 10.0.2.109 64200 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/26 17:53:57.891956 2.996173 tcp 10.0.2.109 64201 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:54:06.886901 0.000000 tcp 10.0.2.109 64201 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:54:12.888708 3.000982 tcp 10.0.2.109 64202 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:54:21.888439 0.000000 tcp 10.0.2.109 64202 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 17:59:19.349952 3.000368 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 17:59:26.356028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:59:34.357305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 17:59:50.360521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:00:11.250788 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 18:00:11.250948 0.078531 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:11.312294 0.199015 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:11.503251 0.180796 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:11.683386 0.225457 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:11.917214 0.163375 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:12.058077 0.090481 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:12.114938 0.301600 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:12.431173 0.072229 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:12.489435 0.032138 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:12.520161 0.336863 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:12.864299 0.168884 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:12.893110 2.994901 tcp 10.0.2.109 64203 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:00:13.012253 0.109458 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:13.101479 0.099490 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:13.207480 0.047798 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:13.278471 0.167551 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:13.440477 0.085440 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:13.497572 0.196101 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:13.679238 0.190985 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:13.862411 0.142551 rtp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:14.060007 0.179252 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:14.217732 0.111952 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:14.295622 0.129611 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:14.524631 0.196608 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:14.705439 0.446679 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:15.103374 0.221284 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:15.343354 0.123816 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:15.425766 0.144614 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:15.566221 0.314589 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:15.889641 0.065420 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:15.940329 0.206401 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:16.156101 0.046642 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:16.204069 0.202709 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:16.371584 0.341307 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:00:21.885882 0.000000 tcp 10.0.2.109 64203 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:00:22.366790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:00:27.896330 0.065327 tcp 10.0.2.109 64204 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:00:27.961922 0.066390 tcp 10.0.2.109 64205 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:00:28.028589 0.154851 tcp 10.0.2.109 64206 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:00:28.205761 3.003241 tcp 10.0.2.109 64207 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:00:37.208014 0.000000 tcp 10.0.2.109 64207 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:05:43.208482 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 18:05:43.208588 3.003536 tcp 10.0.2.109 64208 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:05:52.210924 0.000000 tcp 10.0.2.109 64208 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:05:58.210958 0.064923 tcp 10.0.2.109 64209 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:05:58.276090 0.065239 tcp 10.0.2.109 64210 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:05:58.341566 0.154174 tcp 10.0.2.109 64211 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:05:58.504933 2.999059 tcp 10.0.2.109 64212 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:06:07.512511 0.000000 tcp 10.0.2.109 64212 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:06:13.501667 0.061732 tcp 10.0.2.109 64213 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:06:13.563653 0.065746 tcp 10.0.2.109 64214 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:06:13.629761 0.153911 tcp 10.0.2.109 64215 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:06:13.867612 2.998664 tcp 10.0.2.109 64216 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:06:22.864872 0.000000 tcp 10.0.2.109 64216 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:06:26.372546 3.001671 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 18:06:28.863755 2.994266 tcp 10.0.2.109 64217 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:06:33.380162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:06:37.856768 0.000000 tcp 10.0.2.109 64217 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:06:41.381170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:06:57.384741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:07:29.390410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:11:43.867299 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 18:11:43.867452 3.005335 tcp 10.0.2.109 64218 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:11:52.869314 0.000000 tcp 10.0.2.109 64218 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:11:58.869854 0.062855 tcp 10.0.2.109 64219 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:11:58.932944 0.068529 tcp 10.0.2.109 64220 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:11:59.001826 0.158822 tcp 10.0.2.109 64221 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:11:59.189360 3.003287 tcp 10.0.2.109 64222 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:12:08.191503 0.000000 tcp 10.0.2.109 64222 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:12:14.190925 0.066219 tcp 10.0.2.109 64223 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:12:14.257418 0.067329 tcp 10.0.2.109 64224 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:12:14.325005 0.160020 tcp 10.0.2.109 64225 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:12:14.561703 2.993266 tcp 10.0.2.109 64226 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:12:23.563079 0.000000 tcp 10.0.2.109 64226 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:12:29.561533 2.995067 tcp 10.0.2.109 64227 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:12:38.555138 0.000000 tcp 10.0.2.109 64227 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:13:33.396818 3.001155 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 18:13:40.403887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:13:48.405215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:14:04.408523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:14:36.417828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:17:44.565861 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 18:17:44.566035 3.003290 tcp 10.0.2.109 64228 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:17:53.567691 0.000000 tcp 10.0.2.109 64228 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:17:59.568271 0.061251 tcp 10.0.2.109 64229 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:17:59.629762 0.062013 tcp 10.0.2.109 64230 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:17:59.692017 0.156225 tcp 10.0.2.109 64231 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:17:59.858145 3.002925 tcp 10.0.2.109 64232 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:18:08.859896 0.000000 tcp 10.0.2.109 64232 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:18:14.859551 0.062003 tcp 10.0.2.109 64233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:18:14.921814 0.065655 tcp 10.0.2.109 64234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:18:14.987708 0.155989 tcp 10.0.2.109 64235 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:18:15.260517 3.008065 tcp 10.0.2.109 64236 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:18:24.270892 0.000000 tcp 10.0.2.109 64236 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:18:30.261249 2.993801 tcp 10.0.2.109 64237 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:18:39.268370 0.000000 tcp 10.0.2.109 64237 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:20:40.427278 2.994919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 18:20:47.427908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:20:55.428863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:21:11.432157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:21:43.438612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:23:45.264126 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 18:23:45.264210 3.003552 tcp 10.0.2.109 64238 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:23:54.266413 0.000000 tcp 10.0.2.109 64238 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:24:00.267317 0.064802 tcp 10.0.2.109 64239 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:24:00.332390 0.067884 tcp 10.0.2.109 64240 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:24:00.400540 0.157825 tcp 10.0.2.109 64241 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:24:00.568153 3.002144 tcp 10.0.2.109 64242 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:24:09.568758 0.000000 tcp 10.0.2.109 64242 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:27:47.444526 3.002137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 18:27:54.452219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:28:02.453283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:28:18.456680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:28:50.462564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:30:39.539474 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 18:30:39.539566 0.219447 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:39.758967 0.260553 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:40.015187 0.077842 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:40.077827 0.198533 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:40.268698 0.168037 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:40.413509 0.092374 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:40.497012 0.303559 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:40.890889 0.073731 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:40.950383 0.032487 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:41.033162 0.335842 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:41.389367 0.172348 rtp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:41.537543 0.097711 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:41.610385 0.099876 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:41.769722 0.047683 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:41.904077 0.162635 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:42.116629 0.082361 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:42.172904 0.288168 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:42.452908 0.185102 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:42.630332 0.116096 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:42.712280 0.136292 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:42.938443 0.185466 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:43.116996 0.156962 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:43.284106 0.168870 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:43.431015 0.543692 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:43.906738 0.218047 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:44.130843 0.127840 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:44.215437 0.153917 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:44.361454 0.305317 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:44.690649 0.067582 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:44.740852 0.240187 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:44.949402 0.402815 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:45.332912 0.206524 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:45.578253 3.004363 tcp 10.0.2.109 64243 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:30:45.584793 0.047088 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/26 18:30:54.580783 0.000000 tcp 10.0.2.109 64243 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:31:00.580944 0.064443 tcp 10.0.2.109 64244 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:31:00.645675 0.065412 tcp 10.0.2.109 64245 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:31:00.711443 0.150423 tcp 10.0.2.109 64246 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:31:00.883008 3.001820 tcp 10.0.2.109 64247 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:31:09.892753 0.000000 tcp 10.0.2.109 64247 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:31:15.882020 0.066213 tcp 10.0.2.109 64248 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:31:15.948549 0.066672 tcp 10.0.2.109 64249 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:31:16.015517 0.155074 tcp 10.0.2.109 64250 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:31:16.258295 2.997920 tcp 10.0.2.109 64251 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:31:25.254949 0.000000 tcp 10.0.2.109 64251 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:31:31.253733 2.994408 tcp 10.0.2.109 64252 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:31:40.246571 0.000000 tcp 10.0.2.109 64252 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:34:54.468185 3.001928 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 18:35:01.487993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:35:09.477355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:35:25.480304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:35:57.486434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:36:46.257263 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 18:36:46.257365 3.005325 tcp 10.0.2.109 64253 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:36:55.276995 0.000000 tcp 10.0.2.109 64253 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:37:01.272097 0.065046 tcp 10.0.2.109 64254 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:37:01.337400 0.061583 tcp 10.0.2.109 64255 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:37:01.399351 0.154639 tcp 10.0.2.109 64256 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:37:01.909477 2.990972 tcp 10.0.2.109 64257 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:37:10.899205 0.000000 tcp 10.0.2.109 64257 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:37:16.891182 0.061544 tcp 10.0.2.109 64258 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:37:16.953099 0.062518 tcp 10.0.2.109 64259 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:37:17.015931 0.161198 tcp 10.0.2.109 64260 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:37:17.230025 2.997381 tcp 10.0.2.109 64261 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:37:26.233989 0.000000 tcp 10.0.2.109 64261 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:37:32.222901 2.994141 tcp 10.0.2.109 64262 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:37:41.215420 0.000000 tcp 10.0.2.109 64262 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:42:01.492118 3.001874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 18:42:08.499300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:42:16.500972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:42:32.504410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:42:47.225848 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 18:42:47.226027 3.003750 tcp 10.0.2.109 64263 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:42:56.228661 0.000000 tcp 10.0.2.109 64263 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:43:02.228446 0.064053 tcp 10.0.2.109 64264 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:43:02.292880 0.065650 tcp 10.0.2.109 64265 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:43:02.359069 0.154308 tcp 10.0.2.109 64266 -> 195.113.214.211 443 SRPA* 0 0 39 20506 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:43:02.523194 3.000033 tcp 10.0.2.109 64267 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:43:04.513851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:43:11.520610 0.000000 tcp 10.0.2.109 64267 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:43:17.519453 0.063961 tcp 10.0.2.109 64268 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:43:17.583683 0.066033 tcp 10.0.2.109 64269 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:43:17.649985 0.161624 tcp 10.0.2.109 64270 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:43:17.822279 3.001353 tcp 10.0.2.109 64271 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:43:26.822717 0.000000 tcp 10.0.2.109 64271 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:43:32.821457 2.994111 tcp 10.0.2.109 64272 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:43:41.823772 0.000000 tcp 10.0.2.109 64272 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:48:47.825191 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 18:48:47.825361 3.003096 tcp 10.0.2.109 64273 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:48:56.826850 0.000000 tcp 10.0.2.109 64273 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:49:02.829976 0.067471 tcp 10.0.2.109 64274 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:49:02.897706 0.064473 tcp 10.0.2.109 64275 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:49:02.962463 0.154041 tcp 10.0.2.109 64276 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:49:03.126749 3.003450 tcp 10.0.2.109 64277 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:49:08.515558 3.005891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 18:49:12.131982 0.000000 tcp 10.0.2.109 64277 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:49:15.523736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:49:18.118412 0.064180 tcp 10.0.2.109 64278 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:49:18.182850 0.065211 tcp 10.0.2.109 64279 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:49:18.248340 0.159505 tcp 10.0.2.109 64280 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 18:49:18.427818 3.004324 tcp 10.0.2.109 64281 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:49:23.525449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:49:27.432410 0.000000 tcp 10.0.2.109 64281 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:49:33.420102 3.003856 tcp 10.0.2.109 64282 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:49:39.528841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:49:42.422524 0.000000 tcp 10.0.2.109 64282 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 18:50:11.534453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:56:15.540613 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 18:56:22.548204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:56:30.549053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:56:46.552058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 18:57:18.558110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:01:10.722724 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 19:01:10.722876 0.077840 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:10.784278 0.182082 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:11.426236 0.220418 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:11.674754 0.197925 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:11.864737 0.165517 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:12.008932 0.089941 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:12.067453 0.302361 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:12.371448 0.073440 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:12.429824 0.034218 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:12.505990 0.101319 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:12.584174 0.099449 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:12.685227 0.049190 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:12.761148 0.164569 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:12.935450 0.334763 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:13.279827 0.173315 udp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:13.429348 0.081524 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:13.485626 0.520982 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:13.998438 0.191856 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:14.182923 0.106421 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:14.256592 0.136280 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:14.425494 0.165877 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:14.572292 0.461936 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:14.996909 0.191244 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:15.202029 0.149637 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:15.351334 0.211918 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:15.559124 0.124188 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:15.644103 0.200804 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:15.819598 0.312991 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:16.134733 0.067270 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:16.186529 0.241057 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:16.388845 0.047221 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:16.446238 0.343844 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:16.770896 0.202061 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:01:18.463630 2.994374 tcp 10.0.2.109 64283 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:01:27.456608 0.000000 tcp 10.0.2.109 64283 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:01:33.466438 0.065780 tcp 10.0.2.109 64284 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:01:33.532483 0.066051 tcp 10.0.2.109 64285 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:01:33.598907 0.156248 tcp 10.0.2.109 64286 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:01:33.766662 3.002754 tcp 10.0.2.109 64287 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:01:42.768088 0.000000 tcp 10.0.2.109 64287 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:01:48.767433 0.066974 tcp 10.0.2.109 64288 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:01:48.834718 0.065026 tcp 10.0.2.109 64289 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:01:48.900031 0.152194 tcp 10.0.2.109 64290 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:01:49.113277 2.998443 tcp 10.0.2.109 64291 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:01:58.110228 0.000000 tcp 10.0.2.109 64291 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:02:04.108926 3.004230 tcp 10.0.2.109 64292 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:02:13.111547 0.000000 tcp 10.0.2.109 64292 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:03:22.564059 3.001782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 19:03:29.571035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:03:37.572682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:03:53.576363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:04:25.586525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:07:19.112590 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 19:07:19.112779 2.993133 tcp 10.0.2.109 64293 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:07:28.104681 0.000000 tcp 10.0.2.109 64293 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:07:34.114905 0.065764 tcp 10.0.2.109 64294 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:07:34.180904 0.068486 tcp 10.0.2.109 64295 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:07:34.249680 0.153595 tcp 10.0.2.109 64296 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:07:34.424295 3.004077 tcp 10.0.2.109 64297 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:07:43.428494 0.000000 tcp 10.0.2.109 64297 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:07:49.427887 0.063513 tcp 10.0.2.109 64298 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:07:49.491800 0.063981 tcp 10.0.2.109 64299 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:07:49.556061 0.152246 tcp 10.0.2.109 64300 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:07:49.735347 3.004677 tcp 10.0.2.109 64301 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:07:58.738948 0.000000 tcp 10.0.2.109 64301 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:08:04.727483 3.003766 tcp 10.0.2.109 64302 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:08:13.730360 0.000000 tcp 10.0.2.109 64302 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:10:29.589519 3.000479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 19:10:36.595690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:10:44.599677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:11:00.601678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:11:32.606370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:13:19.730230 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 19:13:19.730402 2.994113 tcp 10.0.2.109 64303 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:13:28.733238 0.000000 tcp 10.0.2.109 64303 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:13:34.733829 0.064219 tcp 10.0.2.109 64304 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:13:34.798336 0.067059 tcp 10.0.2.109 64305 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:13:34.865655 0.154169 tcp 10.0.2.109 64306 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:13:35.087648 2.988981 tcp 10.0.2.109 64307 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:13:44.075046 0.000000 tcp 10.0.2.109 64307 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:13:50.084489 0.065081 tcp 10.0.2.109 64308 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:13:50.149840 0.064964 tcp 10.0.2.109 64309 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:13:50.215148 0.158128 tcp 10.0.2.109 64310 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:13:50.609202 3.057892 tcp 10.0.2.109 64311 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:13:59.618253 0.000000 tcp 10.0.2.109 64311 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:14:05.616258 3.003795 tcp 10.0.2.109 64312 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:14:14.618743 0.000000 tcp 10.0.2.109 64312 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:17:36.612213 3.001676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 19:17:43.619098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:17:51.620935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:18:07.624112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:18:39.635479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:19:20.619579 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 19:19:20.619796 3.003818 tcp 10.0.2.109 64313 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:19:29.622029 0.000000 tcp 10.0.2.109 64313 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:19:35.621687 0.065795 tcp 10.0.2.109 64314 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:19:35.687678 0.066067 tcp 10.0.2.109 64315 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:19:35.753996 0.160423 tcp 10.0.2.109 64316 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:19:35.938819 2.996573 tcp 10.0.2.109 64317 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:19:44.944050 0.000000 tcp 10.0.2.109 64317 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:19:50.933467 0.064356 tcp 10.0.2.109 64318 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:19:50.998127 0.068434 tcp 10.0.2.109 64319 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:19:51.066839 0.158795 tcp 10.0.2.109 64320 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:19:51.291547 2.995774 tcp 10.0.2.109 64321 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:20:00.287410 0.000000 tcp 10.0.2.109 64321 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:20:06.287724 3.008437 tcp 10.0.2.109 64322 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:20:15.287601 0.000000 tcp 10.0.2.109 64322 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:24:43.635825 3.001621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 19:24:50.643459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:24:58.645540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:25:14.648175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:25:46.654534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:31:31.365480 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 19:31:31.365646 0.166210 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:31.568195 0.198296 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:31.759363 0.079150 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:31.821196 0.178998 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:32.018863 0.161983 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:32.159635 0.098748 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:32.468938 0.309677 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:32.810818 0.074685 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 1923 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:32.871155 0.033588 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:32.953215 0.104064 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:33.034171 0.112004 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:33.223476 0.049291 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:33.351830 0.163310 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:33.553636 0.331406 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:33.925559 0.168839 rtp 10.0.2.109 3683 <-> 70.50.200.248 6552 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:34.071353 0.085174 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:34.175162 0.200508 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:34.431061 0.191354 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:34.614746 0.108952 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:34.689545 0.129100 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:34.834930 0.168007 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:34.981683 0.484694 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:35.422929 0.206506 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:35.627076 0.149718 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:35.812534 0.220913 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:36.047027 0.126120 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:36.133803 0.146867 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:36.274716 0.308684 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:36.339217 3.002332 tcp 10.0.2.109 64323 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:31:36.662784 0.065197 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:36.711053 0.207690 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:36.880612 0.049427 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:36.968969 0.373561 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:37.323298 0.201772 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/01/26 19:31:45.345732 0.000000 tcp 10.0.2.109 64323 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:31:50.661088 3.000313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 19:31:51.340089 0.069115 tcp 10.0.2.109 64324 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:31:51.409487 0.064374 tcp 10.0.2.109 64325 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:31:51.474298 0.157095 tcp 10.0.2.109 64326 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:31:51.668709 2.994433 tcp 10.0.2.109 64327 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:31:57.671529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:32:00.664641 0.000000 tcp 10.0.2.109 64327 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:32:05.670719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:32:06.671671 0.063595 tcp 10.0.2.109 64328 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:32:06.735560 0.067283 tcp 10.0.2.109 64329 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:32:06.803248 0.148233 tcp 10.0.2.109 64330 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:32:07.017709 3.000643 tcp 10.0.2.109 64331 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:32:16.023845 0.000000 tcp 10.0.2.109 64331 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:32:21.672129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:32:22.013158 2.993609 tcp 10.0.2.109 64332 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:32:31.005593 0.000000 tcp 10.0.2.109 64332 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:32:53.678167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:37:37.016473 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 19:37:37.016624 3.003236 tcp 10.0.2.109 64333 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:37:46.021036 0.000000 tcp 10.0.2.109 64333 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:37:52.019466 0.061614 tcp 10.0.2.109 64334 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:37:52.081344 0.062477 tcp 10.0.2.109 64335 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:37:52.144105 0.152046 tcp 10.0.2.109 64336 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:37:52.315415 3.006053 tcp 10.0.2.109 64337 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:38:01.320456 0.000000 tcp 10.0.2.109 64337 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:38:07.314220 0.067801 tcp 10.0.2.109 64338 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:38:07.382394 0.066667 tcp 10.0.2.109 64339 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:38:07.449387 0.153576 tcp 10.0.2.109 64340 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:38:07.615412 2.997734 tcp 10.0.2.109 64341 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:38:16.612725 0.000000 tcp 10.0.2.109 64341 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:38:22.615011 2.995837 tcp 10.0.2.109 64342 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:38:31.619322 0.000000 tcp 10.0.2.109 64342 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:38:57.685405 3.003507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 19:39:04.692605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:39:12.692921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:39:28.696013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:40:00.702002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:43:37.614680 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 19:43:37.614906 3.003192 tcp 10.0.2.109 64343 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:43:46.616836 0.000000 tcp 10.0.2.109 64343 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:43:52.618450 0.066716 tcp 10.0.2.109 64344 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:43:52.685414 0.065427 tcp 10.0.2.109 64345 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:43:52.751097 0.154400 tcp 10.0.2.109 64346 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:43:52.914784 3.005324 tcp 10.0.2.109 64347 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:44:01.919933 0.000000 tcp 10.0.2.109 64347 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:44:07.907896 0.063929 tcp 10.0.2.109 64348 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:44:07.972061 0.065554 tcp 10.0.2.109 64349 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:44:08.037877 0.156134 tcp 10.0.2.109 64350 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:44:08.203908 2.998347 tcp 10.0.2.109 64351 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:44:17.204799 0.000000 tcp 10.0.2.109 64351 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:44:23.199586 3.004244 tcp 10.0.2.109 64352 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:44:32.202688 0.000000 tcp 10.0.2.109 64352 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:46:04.708806 3.001434 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 19:46:11.715918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:46:19.717058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:46:35.719931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:47:07.726014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:49:38.203318 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 19:49:38.203517 2.993077 tcp 10.0.2.109 64353 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:49:47.195515 0.000000 tcp 10.0.2.109 64353 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:49:53.206617 0.062577 tcp 10.0.2.109 64354 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:49:53.269403 0.066377 tcp 10.0.2.109 64355 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:49:53.336062 0.151994 tcp 10.0.2.109 64356 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:49:53.497905 3.000762 tcp 10.0.2.109 64357 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:50:02.497243 0.000000 tcp 10.0.2.109 64357 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:50:08.496482 0.064528 tcp 10.0.2.109 64358 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:50:08.561276 0.065988 tcp 10.0.2.109 64359 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:50:08.627543 0.157632 tcp 10.0.2.109 64360 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 19:50:08.806301 3.004701 tcp 10.0.2.109 64361 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:50:17.809394 0.000000 tcp 10.0.2.109 64361 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:50:23.808027 3.004128 tcp 10.0.2.109 64362 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:50:32.811191 0.000000 tcp 10.0.2.109 64362 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 19:53:11.732455 3.001231 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 19:53:18.739950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:53:26.740929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:53:42.748950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 19:54:14.749934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:00:18.756136 3.001444 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 20:00:25.763595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:00:33.765429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:00:49.768032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:01:21.774324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:01:54.420496 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 20:01:54.420675 0.077861 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:54.484348 0.170652 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:54.665984 0.170082 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:54.837573 0.198433 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:55.026866 0.165508 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:55.171998 0.094202 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:55.233162 0.308475 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:55.543645 0.073824 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:55.602265 0.033706 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:55.654076 0.103113 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:55.735422 0.159012 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:55.888351 0.333425 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:01:56.230523 0.000000 udp 10.0.2.109 3683 -> 70.50.200.248 6552 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 20:02:08.852257 2.993582 tcp 10.0.2.109 64363 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:02:13.399924 0.064049 tcp 10.0.2.109 64364 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:02:13.464232 0.066460 tcp 10.0.2.109 64365 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:02:13.530970 0.153528 tcp 10.0.2.109 64366 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:02:13.685122 0.124358 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:13.818654 0.047588 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:13.867732 0.081087 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:13.925551 0.685024 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:14.602221 0.193557 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:14.787163 0.107828 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:14.861726 0.135862 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:15.033067 0.170937 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2612 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:15.179550 0.149425 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:15.328234 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 20:02:17.844757 0.000000 tcp 10.0.2.109 64363 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:02:23.853571 0.067996 tcp 10.0.2.109 64367 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:02:23.921861 0.062933 tcp 10.0.2.109 64368 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:02:23.985087 0.154218 tcp 10.0.2.109 64369 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:02:24.149670 2.998730 tcp 10.0.2.109 64370 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:02:31.935409 0.064159 tcp 10.0.2.109 64371 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:02:31.999831 0.062590 tcp 10.0.2.109 64372 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:02:32.062700 0.161163 tcp 10.0.2.109 64373 -> 195.113.214.211 443 SRPA* 0 0 40 22580 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:02:32.224030 0.855108 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:33.041765 0.190679 rtp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:33.146779 0.000000 tcp 10.0.2.109 64370 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:02:33.232744 0.120614 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:33.316965 0.147087 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:33.456423 0.312692 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:33.781751 0.067012 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:33.830958 0.202261 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:33.999565 0.049035 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:34.053114 0.353622 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:02:34.389493 0.206225 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:07:25.779876 3.002587 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 20:07:32.788492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:07:39.149513 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 20:07:39.149648 3.001218 tcp 10.0.2.109 64374 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:07:40.789263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:07:48.149541 0.000000 tcp 10.0.2.109 64374 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:07:54.150553 0.064662 tcp 10.0.2.109 64375 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:07:54.215494 0.065676 tcp 10.0.2.109 64376 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:07:54.281437 0.161189 tcp 10.0.2.109 64377 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:07:54.532554 0.597070 tcp 10.0.2.109 64378 -> 92.115.182.80 4268 FSPA* 0 0 14 1625 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:07:56.791768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:08:28.797859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:14:32.805084 3.000451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 20:14:39.811551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:14:47.812841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:15:03.815848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:15:35.821794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:21:39.827860 3.001648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 20:21:46.835342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:21:54.836800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:22:10.839578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:22:42.845812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:28:46.854347 3.006281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 20:28:53.877221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:29:01.868787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:29:17.863847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:29:49.869782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:32:45.793121 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 20:32:45.793234 0.000000 udp 10.0.2.109 3683 -> 70.50.200.248 6552 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 20:33:01.367181 0.067687 tcp 10.0.2.109 64379 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:33:01.435199 0.067773 tcp 10.0.2.109 64380 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:33:01.503311 0.160075 tcp 10.0.2.109 64381 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:33:01.663924 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 20:33:20.463075 0.067151 tcp 10.0.2.109 64382 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:33:20.530487 0.068565 tcp 10.0.2.109 64383 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:33:20.599273 0.161093 tcp 10.0.2.109 64384 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:33:20.761332 0.174065 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:20.930857 0.166623 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:21.126630 0.075171 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:21.190403 0.198283 rtp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:21.381730 0.076207 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:21.443606 0.031742 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:21.474022 0.113233 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:21.563655 0.166449 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:21.724983 0.094814 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:21.785366 0.198687 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:21.925682 0.309598 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:22.242679 0.337109 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:22.707804 0.099618 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:22.830814 0.080709 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:22.884105 0.047894 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2602 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:22.950603 0.136116 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:23.098641 0.171713 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:23.247880 0.150254 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:23.418438 0.102444 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:23.487006 0.190918 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:23.670017 0.182066 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:23.843741 1.229708 rtp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:25.032058 0.189773 rtp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:25.245898 0.122780 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:25.331865 0.154198 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:25.478209 0.314096 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:25.838441 0.066963 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:25.888171 0.206486 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:26.062050 0.049397 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:26.122491 0.391921 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:33:26.494898 0.204498 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/26 20:35:53.877339 3.000022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 20:36:00.883296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:36:08.891520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:36:24.888510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:36:56.893909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:37:55.137975 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 20:37:55.138127 3.003458 tcp 10.0.2.109 64385 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:38:04.140538 0.000000 tcp 10.0.2.109 64385 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:38:10.141287 0.068117 tcp 10.0.2.109 64386 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:38:10.209690 0.069304 tcp 10.0.2.109 64387 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:38:10.279271 0.156644 tcp 10.0.2.109 64388 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:38:10.503481 3.000674 tcp 10.0.2.109 64389 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:38:19.511967 0.000000 tcp 10.0.2.109 64389 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:38:25.501682 0.063942 tcp 10.0.2.109 64390 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:38:25.565900 0.063470 tcp 10.0.2.109 64391 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:38:25.629656 0.159844 tcp 10.0.2.109 64392 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:38:25.900843 2.985015 tcp 10.0.2.109 64393 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:38:34.884577 0.000000 tcp 10.0.2.109 64393 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:38:40.893528 2.994026 tcp 10.0.2.109 64394 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:38:49.886078 0.000000 tcp 10.0.2.109 64394 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:43:00.899974 3.002247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 20:43:07.907096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:43:15.914979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:43:31.911856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:43:55.896576 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 20:43:55.896790 3.003840 tcp 10.0.2.109 64395 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:44:03.917801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:44:04.899206 0.000000 tcp 10.0.2.109 64395 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:44:10.899805 0.065669 tcp 10.0.2.109 64396 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:44:10.965690 0.065435 tcp 10.0.2.109 64397 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:44:11.031398 0.158914 tcp 10.0.2.109 64398 -> 195.113.214.211 443 SRPA* 0 0 36 18316 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:44:11.199327 3.003532 tcp 10.0.2.109 64399 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:44:20.201946 0.000000 tcp 10.0.2.109 64399 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:44:26.202004 0.064039 tcp 10.0.2.109 64400 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:44:26.266335 0.062058 tcp 10.0.2.109 64401 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:44:26.328742 0.160571 tcp 10.0.2.109 64402 -> 195.113.214.211 443 SRPA* 0 0 19 10006 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:44:26.500441 2.999304 tcp 10.0.2.109 64403 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:44:35.504891 0.000000 tcp 10.0.2.109 64403 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:44:41.491322 2.994600 tcp 10.0.2.109 64404 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:44:50.484883 0.000000 tcp 10.0.2.109 64404 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:49:56.495355 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 20:49:56.495451 3.003717 tcp 10.0.2.109 64405 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:50:05.497610 0.000000 tcp 10.0.2.109 64405 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:50:11.497894 0.062799 tcp 10.0.2.109 64406 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:50:11.560893 0.067807 tcp 10.0.2.109 64407 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:50:11.628984 0.158150 tcp 10.0.2.109 64408 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:50:11.806357 3.004759 tcp 10.0.2.109 64409 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:50:20.809750 0.000000 tcp 10.0.2.109 64409 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:50:26.799067 0.068046 tcp 10.0.2.109 64410 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:50:26.867379 0.068612 tcp 10.0.2.109 64411 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:50:26.936236 0.152475 tcp 10.0.2.109 64412 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:50:27.098565 3.004796 tcp 10.0.2.109 64413 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:50:36.101720 0.000000 tcp 10.0.2.109 64413 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:50:42.090489 2.994119 tcp 10.0.2.109 64414 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:50:51.093200 0.000000 tcp 10.0.2.109 64414 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:51:22.934149 2.999038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 20:51:29.943549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:51:37.940497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:51:53.943595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:52:25.949852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:55:57.094248 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 20:55:57.094454 3.002944 tcp 10.0.2.109 64415 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:56:06.095890 0.000000 tcp 10.0.2.109 64415 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:56:12.096528 0.060848 tcp 10.0.2.109 64416 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:56:12.157619 0.061692 tcp 10.0.2.109 64417 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:56:12.219538 0.153823 tcp 10.0.2.109 64418 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:56:12.385958 3.003405 tcp 10.0.2.109 64419 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:56:21.391449 0.000000 tcp 10.0.2.109 64419 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:56:27.387589 0.067260 tcp 10.0.2.109 64420 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:56:27.455187 0.063858 tcp 10.0.2.109 64421 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:56:27.519325 0.160149 tcp 10.0.2.109 64422 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/26 20:56:27.690834 3.000462 tcp 10.0.2.109 64423 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:56:36.694892 0.000000 tcp 10.0.2.109 64423 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:56:42.689046 3.004232 tcp 10.0.2.109 64424 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:56:51.691709 0.000000 tcp 10.0.2.109 64424 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 20:58:53.959925 3.001846 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 20:59:00.967342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:59:08.969523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:59:24.972188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 20:59:56.978501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:03:29.453710 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 21:03:29.453908 0.164340 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:29.638970 0.176648 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:29.857945 0.080092 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:29.922425 0.198702 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.113836 0.071253 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.171912 0.031530 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.202256 0.105559 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.285052 0.167676 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.447718 0.098833 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.511935 0.161619 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.649547 0.099305 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.810591 0.081636 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.866461 0.046636 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:30.970816 0.309045 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:31.290703 0.331947 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:31.630655 0.136947 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:31.810613 0.173654 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:31.961308 0.142860 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:32.103544 0.107871 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:32.174157 0.192609 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:32.358855 0.166406 rtp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:32.510456 0.485463 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:32.946892 0.192449 rtp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:33.138236 0.122440 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:33.222430 0.146925 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:33.361092 0.306959 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:33.669234 0.066138 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:33.720128 0.205767 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:33.891584 0.207076 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:34.105409 0.054944 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:34.175042 0.354846 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:03:42.703163 2.993742 tcp 10.0.2.109 64425 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:03:51.695544 0.000000 tcp 10.0.2.109 64425 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:03:57.706447 0.065545 tcp 10.0.2.109 64426 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:03:57.772246 0.066495 tcp 10.0.2.109 64427 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:03:57.839116 0.157310 tcp 10.0.2.109 64428 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:03:58.040569 2.998391 tcp 10.0.2.109 64429 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:04:07.037609 0.000000 tcp 10.0.2.109 64429 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:04:13.036610 0.064008 tcp 10.0.2.109 64430 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:04:13.100921 0.062074 tcp 10.0.2.109 64431 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:04:13.163274 0.162688 tcp 10.0.2.109 64432 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:04:13.348792 3.002145 tcp 10.0.2.109 64433 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:04:22.349372 0.000000 tcp 10.0.2.109 64433 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:04:28.348605 3.003636 tcp 10.0.2.109 64434 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:04:37.351021 0.000000 tcp 10.0.2.109 64434 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:06:00.984267 3.001350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 21:06:07.994959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:06:15.993264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:06:31.995790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:07:04.001816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:09:43.353095 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 21:09:43.353193 2.992154 tcp 10.0.2.109 64435 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:09:52.353774 0.000000 tcp 10.0.2.109 64435 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:09:58.354040 0.063355 tcp 10.0.2.109 64436 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:09:58.417632 0.065746 tcp 10.0.2.109 64437 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:09:58.483613 0.156876 tcp 10.0.2.109 64438 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:09:58.710826 2.986608 tcp 10.0.2.109 64439 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:10:07.697737 0.000000 tcp 10.0.2.109 64439 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:10:13.705543 0.062887 tcp 10.0.2.109 64440 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:10:13.768765 0.065634 tcp 10.0.2.109 64441 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:10:13.834639 0.156538 tcp 10.0.2.109 64442 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:10:14.108882 3.000720 tcp 10.0.2.109 64443 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:10:23.108593 0.000000 tcp 10.0.2.109 64443 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:10:29.107256 3.003741 tcp 10.0.2.109 64444 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:10:38.109587 0.000000 tcp 10.0.2.109 64444 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:13:08.008643 3.001362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 21:13:15.015511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:13:23.017262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:13:39.019972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:14:11.025742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:15:44.110437 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 21:15:44.110606 2.993252 tcp 10.0.2.109 64445 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:15:53.112753 0.000000 tcp 10.0.2.109 64445 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:15:59.119910 0.062504 tcp 10.0.2.109 64446 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:15:59.182675 0.062417 tcp 10.0.2.109 64447 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:15:59.245410 0.155995 tcp 10.0.2.109 64448 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:15:59.453093 2.996735 tcp 10.0.2.109 64449 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:16:08.444062 0.000000 tcp 10.0.2.109 64449 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:16:14.443880 0.063503 tcp 10.0.2.109 64450 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:16:14.507644 0.063946 tcp 10.0.2.109 64451 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:16:14.571909 0.158662 tcp 10.0.2.109 64452 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:16:14.816053 3.002208 tcp 10.0.2.109 64453 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:16:23.816871 0.000000 tcp 10.0.2.109 64453 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:16:29.816705 3.002639 tcp 10.0.2.109 64454 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:16:38.817871 0.000000 tcp 10.0.2.109 64454 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:20:15.032792 3.000818 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 21:20:22.039374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:20:30.041143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:20:46.043705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:21:18.051686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:21:44.819250 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 21:21:44.819348 3.003329 tcp 10.0.2.109 64455 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:21:53.821087 0.000000 tcp 10.0.2.109 64455 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:21:59.827941 0.062264 tcp 10.0.2.109 64456 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:21:59.890501 0.064214 tcp 10.0.2.109 64457 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:21:59.955019 0.153954 tcp 10.0.2.109 64458 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:22:00.191888 2.993036 tcp 10.0.2.109 64459 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:22:09.193466 0.000000 tcp 10.0.2.109 64459 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:22:15.183063 0.062200 tcp 10.0.2.109 64460 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:22:15.245531 0.064116 tcp 10.0.2.109 64461 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:22:15.309901 0.156623 tcp 10.0.2.109 64462 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:22:15.477617 2.999211 tcp 10.0.2.109 64463 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:22:24.475325 0.000000 tcp 10.0.2.109 64463 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:22:30.474348 3.004067 tcp 10.0.2.109 64464 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:22:39.476789 0.000000 tcp 10.0.2.109 64464 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:27:22.057171 3.000292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 21:27:29.063308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:27:37.065306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:27:53.067957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:28:25.073724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:33:40.818261 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 21:33:40.818492 0.171564 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.003959 0.168488 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.182665 0.077679 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.246300 0.198500 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.437428 0.075502 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.513018 0.034024 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.546106 0.101739 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2026 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.627428 0.167451 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.789827 0.112004 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.930647 0.083149 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:41.989578 0.047965 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:42.089626 0.294702 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:42.442755 0.099083 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:42.503303 0.164912 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:42.646674 0.339491 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:42.997119 0.142738 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:43.158683 0.168026 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:43.303958 0.156667 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:43.478672 0.104915 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:43.548731 0.184432 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:43.725942 0.195963 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:43.919072 0.124722 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:44.003518 0.159827 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:44.156134 0.159468 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:44.309590 0.484166 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:44.747330 0.313199 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:45.144539 0.070309 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:45.195097 0.205226 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:45.366820 0.196194 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:45.514983 3.006372 tcp 10.0.2.109 64465 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:33:45.554956 0.047700 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:45.665885 0.378609 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/01/26 21:33:54.517493 0.000000 tcp 10.0.2.109 64465 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:34:00.518029 0.065932 tcp 10.0.2.109 64466 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:34:00.584258 0.065227 tcp 10.0.2.109 64467 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:34:00.649771 0.157772 tcp 10.0.2.109 64468 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:34:00.905437 3.005412 tcp 10.0.2.109 64469 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:34:09.909618 0.000000 tcp 10.0.2.109 64469 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:34:15.900203 0.063935 tcp 10.0.2.109 64470 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:34:15.964489 0.064085 tcp 10.0.2.109 64471 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:34:16.028920 0.157452 tcp 10.0.2.109 64472 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:34:16.288943 3.008019 tcp 10.0.2.109 64473 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:34:25.291697 0.000000 tcp 10.0.2.109 64473 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:34:29.080220 3.004625 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 21:34:31.285016 2.994432 tcp 10.0.2.109 64474 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:34:36.090204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:34:40.283049 0.000000 tcp 10.0.2.109 64474 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:34:44.089418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:35:00.092026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:35:32.098007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:39:46.283929 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 21:39:46.284117 3.003703 tcp 10.0.2.109 64475 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:39:55.286203 0.000000 tcp 10.0.2.109 64475 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:40:01.286839 0.063431 tcp 10.0.2.109 64476 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:40:01.350524 0.060877 tcp 10.0.2.109 64477 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:40:01.411671 0.147077 tcp 10.0.2.109 64478 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:40:01.569762 2.999639 tcp 10.0.2.109 64479 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:40:10.568009 0.000000 tcp 10.0.2.109 64479 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:40:16.567549 0.063958 tcp 10.0.2.109 64480 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:40:16.631711 0.064566 tcp 10.0.2.109 64481 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:40:16.696561 0.152573 tcp 10.0.2.109 64482 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:40:16.859057 3.002779 tcp 10.0.2.109 64483 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:40:25.860412 0.000000 tcp 10.0.2.109 64483 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:40:31.858763 3.004599 tcp 10.0.2.109 64484 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:40:40.862123 0.000000 tcp 10.0.2.109 64484 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:41:36.104052 3.001770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 21:41:43.112162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:41:51.113079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:42:07.115689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:42:39.121884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:45:46.862548 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 21:45:46.862719 2.993196 tcp 10.0.2.109 64485 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:45:55.854905 0.000000 tcp 10.0.2.109 64485 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:46:01.865210 0.112306 tcp 10.0.2.109 64486 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:46:01.977959 0.062761 tcp 10.0.2.109 64487 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:46:02.040942 0.154274 tcp 10.0.2.109 64488 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:46:02.211856 2.996147 tcp 10.0.2.109 64489 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:46:11.206716 0.000000 tcp 10.0.2.109 64489 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:46:17.206107 0.064322 tcp 10.0.2.109 64490 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:46:17.270694 0.060748 tcp 10.0.2.109 64491 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:46:17.331690 0.151730 tcp 10.0.2.109 64492 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:46:17.499790 2.999863 tcp 10.0.2.109 64493 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:46:26.500667 0.000000 tcp 10.0.2.109 64493 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:46:32.497622 3.003840 tcp 10.0.2.109 64494 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:46:41.499740 0.000000 tcp 10.0.2.109 64494 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:48:43.128103 3.001403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 21:48:50.135412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:48:58.136540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:49:14.139626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:49:46.145903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:51:47.501246 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 21:51:47.501350 2.993444 tcp 10.0.2.109 64495 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:51:56.504705 0.000000 tcp 10.0.2.109 64495 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:52:02.503648 0.062510 tcp 10.0.2.109 64496 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:52:02.566606 0.063013 tcp 10.0.2.109 64497 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:52:02.629894 0.154028 tcp 10.0.2.109 64498 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:52:02.793567 2.993078 tcp 10.0.2.109 64499 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:52:11.785481 0.000000 tcp 10.0.2.109 64499 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:52:17.794631 0.064311 tcp 10.0.2.109 64500 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:52:17.859207 0.061206 tcp 10.0.2.109 64501 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:52:17.920662 0.155298 tcp 10.0.2.109 64502 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/26 21:52:18.091907 2.997142 tcp 10.0.2.109 64503 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:52:27.087304 0.000000 tcp 10.0.2.109 64503 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:52:33.086084 3.004576 tcp 10.0.2.109 64504 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:52:42.092758 0.000000 tcp 10.0.2.109 64504 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 21:55:50.152307 3.001387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 21:55:57.160579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:56:05.161218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:56:21.163756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 21:56:53.171799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:02:57.177120 3.000297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 22:03:04.183256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:03:12.184929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:03:28.187503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:03:46.925103 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 22:03:46.925255 0.163945 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:47.105335 0.167299 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:47.273933 0.078940 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:47.337591 0.200625 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:47.531055 0.077760 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:47.595147 0.031888 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:47.659024 0.102901 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:47.739316 0.160606 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:47.893877 0.099303 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:48.002473 0.085328 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:48.060658 0.046634 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:48.122139 0.163741 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:48.126839 3.004248 tcp 10.0.2.109 64505 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:03:48.262186 0.338992 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:48.610661 0.301554 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:48.922638 0.089438 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:48.978609 0.146584 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:49.199578 0.166680 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2019 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:49.347759 0.142717 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:49.489770 0.099874 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:49.556437 0.185272 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:49.734605 0.190475 rtcp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:49.915635 0.129633 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:50.005734 0.484622 rtp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:50.448557 0.306740 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:50.756666 0.153068 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:50.901968 0.441509 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:51.337130 0.069257 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:51.386560 0.207112 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:51.555604 0.204979 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:51.770971 0.046098 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:51.822315 0.353663 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:03:57.129272 0.000000 tcp 10.0.2.109 64505 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:04:00.193716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:04:03.129443 0.044533 tcp 10.0.2.109 64506 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:04:03.174375 0.044254 tcp 10.0.2.109 64507 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:04:03.218867 0.157025 tcp 10.0.2.109 64508 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:04:03.385736 3.006773 tcp 10.0.2.109 64509 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:04:12.391204 0.000000 tcp 10.0.2.109 64509 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:09:18.381791 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 22:09:18.381920 2.993633 tcp 10.0.2.109 64510 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:09:27.374762 0.000000 tcp 10.0.2.109 64510 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:09:33.384623 0.045091 tcp 10.0.2.109 64511 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:09:33.429967 0.042079 tcp 10.0.2.109 64512 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:09:33.474517 0.154278 tcp 10.0.2.109 64513 -> 195.113.214.211 443 SRPA* 0 0 48 42022 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:09:33.921799 2.998749 tcp 10.0.2.109 64514 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:09:42.916532 0.000000 tcp 10.0.2.109 64514 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:09:48.915388 0.043463 tcp 10.0.2.109 64515 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:09:48.959155 0.045968 tcp 10.0.2.109 64516 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:09:49.005409 0.156859 tcp 10.0.2.109 64517 -> 195.113.214.211 443 SRPA* 0 0 32 17636 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:09:49.325680 3.004931 tcp 10.0.2.109 64518 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:09:58.328432 0.000000 tcp 10.0.2.109 64518 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:10:04.200702 3.002383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 22:10:04.317547 3.004581 tcp 10.0.2.109 64519 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:10:11.213941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:10:13.320041 0.000000 tcp 10.0.2.109 64519 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:10:19.208651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:10:35.211628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:11:07.220846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:15:19.320378 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 22:15:19.320519 2.994124 tcp 10.0.2.109 64520 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:15:28.322700 0.000000 tcp 10.0.2.109 64520 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:15:34.323283 0.044593 tcp 10.0.2.109 64521 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:15:34.368147 0.044387 tcp 10.0.2.109 64522 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:15:34.412823 0.162187 tcp 10.0.2.109 64523 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:15:34.653028 2.993647 tcp 10.0.2.109 64524 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:15:43.645360 0.000000 tcp 10.0.2.109 64524 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:15:49.654176 0.043427 tcp 10.0.2.109 64525 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:15:49.697862 0.044677 tcp 10.0.2.109 64526 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:15:49.742395 0.158537 tcp 10.0.2.109 64527 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:15:49.928161 3.000368 tcp 10.0.2.109 64528 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:15:58.927034 0.000000 tcp 10.0.2.109 64528 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:16:04.925725 3.008874 tcp 10.0.2.109 64529 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:16:13.928758 0.000000 tcp 10.0.2.109 64529 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:17:11.223947 3.001365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 22:17:18.231118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:17:26.232435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:17:42.235775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:18:14.241659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:21:19.929181 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 22:21:19.929313 3.003509 tcp 10.0.2.109 64530 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:21:28.931510 0.000000 tcp 10.0.2.109 64530 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:21:34.936379 0.046157 tcp 10.0.2.109 64531 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:21:34.982787 0.045463 tcp 10.0.2.109 64532 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:21:35.028574 0.158138 tcp 10.0.2.109 64533 -> 195.113.214.211 443 SRPA* 0 0 23 13802 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:21:35.202855 2.991917 tcp 10.0.2.109 64534 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:21:44.203404 0.000000 tcp 10.0.2.109 64534 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:21:50.192624 0.043731 tcp 10.0.2.109 64535 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:21:50.236660 0.044199 tcp 10.0.2.109 64536 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:21:50.281096 0.159541 tcp 10.0.2.109 64537 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:21:50.640548 2.996563 tcp 10.0.2.109 64538 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:21:59.635530 0.000000 tcp 10.0.2.109 64538 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:22:05.634816 3.004073 tcp 10.0.2.109 64539 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:22:14.637208 0.000000 tcp 10.0.2.109 64539 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:24:18.247833 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 22:24:25.254872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:24:33.256517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:24:49.259689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:25:21.265756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:27:20.637807 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 22:27:20.637908 3.003555 tcp 10.0.2.109 64540 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:27:29.640032 0.000000 tcp 10.0.2.109 64540 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:27:35.640156 0.049505 tcp 10.0.2.109 64541 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:27:35.689827 0.044139 tcp 10.0.2.109 64542 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:27:35.734272 0.162180 tcp 10.0.2.109 64543 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:27:36.153869 3.001309 tcp 10.0.2.109 64544 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:27:45.176274 0.000000 tcp 10.0.2.109 64544 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:31:25.271649 3.001505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 22:31:32.279337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:31:40.280625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:31:56.283481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:32:28.289579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:34:08.934793 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 22:34:08.934905 0.079799 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:08.999825 0.201723 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:09.194826 0.164656 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:09.382670 0.169555 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:09.562110 0.074726 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:09.622103 0.033913 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:09.668832 0.106106 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:09.751986 0.158353 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:09.946662 0.099123 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:10.120307 0.083586 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:10.176869 0.048976 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:10.313500 0.162096 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:10.454027 0.334498 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:10.802646 0.294649 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:11.150085 0.095538 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:11.212784 0.137043 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:11.406920 0.174021 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:11.558193 0.150098 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:11.707453 0.105206 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:11.810420 0.193346 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:11.995468 0.237948 rtp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:12.299083 0.306018 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:12.634680 0.153542 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:12.780752 0.126317 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:12.882615 0.488950 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:13.322470 0.161740 rtp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:13.478380 0.072416 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:13.532774 0.205712 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:13.702116 0.202644 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:13.905133 0.047252 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:13.959811 0.368190 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/01/26 22:34:21.162432 2.993494 tcp 10.0.2.109 64545 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:34:30.154770 0.000000 tcp 10.0.2.109 64545 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:34:36.165420 0.044209 tcp 10.0.2.109 64546 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:34:36.209908 0.044073 tcp 10.0.2.109 64547 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:34:36.254353 0.155083 tcp 10.0.2.109 64548 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:34:36.492591 2.995524 tcp 10.0.2.109 64549 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:34:45.486871 0.000000 tcp 10.0.2.109 64549 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:34:51.489167 0.043485 tcp 10.0.2.109 64550 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:34:51.532890 0.044117 tcp 10.0.2.109 64551 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:34:51.577333 0.160146 tcp 10.0.2.109 64552 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:34:51.830073 2.999907 tcp 10.0.2.109 64553 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:35:00.829028 0.000000 tcp 10.0.2.109 64553 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:35:06.834485 2.997710 tcp 10.0.2.109 64554 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:35:15.830762 0.000000 tcp 10.0.2.109 64554 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:38:32.295472 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 22:38:39.302974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:38:47.304566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:39:03.307520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:39:35.313667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:40:21.831399 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 22:40:21.831544 2.993338 tcp 10.0.2.109 64555 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:40:30.833431 0.000000 tcp 10.0.2.109 64555 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:40:36.836008 0.066880 tcp 10.0.2.109 64556 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:40:36.903209 0.067364 tcp 10.0.2.109 64557 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:40:36.970826 0.154082 tcp 10.0.2.109 64558 -> 195.113.214.211 443 SRPA* 0 0 41 23260 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:40:37.142722 2.994072 tcp 10.0.2.109 64559 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:40:46.135669 0.000000 tcp 10.0.2.109 64559 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:40:52.134684 0.044056 tcp 10.0.2.109 64560 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:40:52.178958 0.067508 tcp 10.0.2.109 64561 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:40:52.246716 0.160804 tcp 10.0.2.109 64562 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:40:52.416758 3.001887 tcp 10.0.2.109 64563 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:41:01.417449 0.000000 tcp 10.0.2.109 64563 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:41:07.416919 3.003491 tcp 10.0.2.109 64564 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:41:16.419007 0.000000 tcp 10.0.2.109 64564 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:45:39.319439 3.002094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 22:45:46.327096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:45:54.328611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:46:10.332459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:46:22.419727 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 22:46:22.419884 3.003311 tcp 10.0.2.109 64565 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:46:31.421426 0.000000 tcp 10.0.2.109 64565 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:46:37.421768 0.067051 tcp 10.0.2.109 64566 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:46:37.489067 0.044548 tcp 10.0.2.109 64567 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:46:37.533826 0.158698 tcp 10.0.2.109 64568 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:46:37.702200 2.993257 tcp 10.0.2.109 64569 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:46:42.337754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:46:46.703837 0.000000 tcp 10.0.2.109 64569 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:46:52.703512 0.066988 tcp 10.0.2.109 64570 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:46:52.770740 0.067252 tcp 10.0.2.109 64571 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:46:52.838292 0.158962 tcp 10.0.2.109 64572 -> 195.113.214.211 443 SRPA* 0 0 40 31908 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:46:53.006779 3.000524 tcp 10.0.2.109 64573 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:47:02.005842 0.000000 tcp 10.0.2.109 64573 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:47:08.004887 3.003762 tcp 10.0.2.109 64574 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:47:17.007360 0.000000 tcp 10.0.2.109 64574 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:52:23.007724 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 22:52:23.007819 3.004098 tcp 10.0.2.109 64575 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:52:32.010286 0.000000 tcp 10.0.2.109 64575 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:52:38.010999 0.067495 tcp 10.0.2.109 64576 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:52:38.078763 0.068238 tcp 10.0.2.109 64577 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:52:38.147237 0.155906 tcp 10.0.2.109 64578 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:52:38.313624 3.000916 tcp 10.0.2.109 64579 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:52:47.312498 0.000000 tcp 10.0.2.109 64579 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:52:49.348977 3.000333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 22:52:53.311640 0.043628 tcp 10.0.2.109 64580 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:52:53.355547 0.044547 tcp 10.0.2.109 64581 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:52:53.400334 0.159952 tcp 10.0.2.109 64582 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 22:52:53.570453 2.998331 tcp 10.0.2.109 64583 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:52:56.358679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:53:02.564686 0.000000 tcp 10.0.2.109 64583 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:53:04.356799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:53:08.563207 2.993888 tcp 10.0.2.109 64584 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:53:17.556016 0.000000 tcp 10.0.2.109 64584 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 22:53:20.359818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:53:52.365919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 22:59:56.371972 3.001168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 23:00:03.379043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:00:11.380652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:00:27.384809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:00:59.389754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:04:38.165063 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 23:04:38.165170 0.078001 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:38.228820 0.197695 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:38.419396 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/26 23:04:38.605724 3.003672 tcp 10.0.2.109 64585 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:04:47.608089 0.000000 tcp 10.0.2.109 64585 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:04:53.608232 0.067325 tcp 10.0.2.109 64586 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:04:53.675835 0.067413 tcp 10.0.2.109 64587 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:04:53.743471 0.153583 tcp 10.0.2.109 64588 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:04:53.906939 2.994294 tcp 10.0.2.109 64589 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:04:54.047514 0.066432 tcp 10.0.2.109 64590 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:04:54.114382 0.067586 tcp 10.0.2.109 64591 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:04:54.182273 0.155333 tcp 10.0.2.109 64592 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:04:54.338284 0.169178 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:54.515785 0.078695 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:54.579617 0.033619 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:54.631867 0.109389 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:54.717440 0.166271 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:54.880132 0.048345 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 1989 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:54.929956 0.165011 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:55.071677 0.328305 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:55.422807 0.111805 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:55.544258 0.085215 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:55.602808 0.296564 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:55.900039 0.092544 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:55.959014 0.135868 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:56.172276 0.170127 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:56.320395 0.142796 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:56.463858 0.105304 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:56.537769 0.185197 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:56.715031 0.146073 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:56.853551 0.126588 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:56.941968 0.192678 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:57.133517 0.313127 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:57.459547 0.485982 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:57.900780 0.885127 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:58.794409 0.066962 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:58.845680 0.204068 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:59.016991 0.208868 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:59.226373 0.046614 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:04:59.274452 0.367872 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:05:02.900035 0.000000 tcp 10.0.2.109 64589 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:07:03.395859 3.001623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 23:07:10.402784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:07:18.404902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:07:34.408428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:08:06.414314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:10:08.903229 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 23:10:08.903428 2.991041 tcp 10.0.2.109 64593 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:10:17.902860 0.000000 tcp 10.0.2.109 64593 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:10:23.902853 0.066818 tcp 10.0.2.109 64594 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:10:23.969894 0.043773 tcp 10.0.2.109 64595 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:10:24.013909 0.162348 tcp 10.0.2.109 64596 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:10:24.194374 2.991888 tcp 10.0.2.109 64597 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:10:33.184891 0.000000 tcp 10.0.2.109 64597 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:10:39.183880 0.043645 tcp 10.0.2.109 64598 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:10:39.227776 0.068788 tcp 10.0.2.109 64599 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:10:39.296828 0.158770 tcp 10.0.2.109 64600 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:10:39.474486 3.004087 tcp 10.0.2.109 64601 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:10:48.476784 0.000000 tcp 10.0.2.109 64601 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:10:54.475474 3.004205 tcp 10.0.2.109 64602 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:11:03.478776 0.000000 tcp 10.0.2.109 64602 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:14:10.420189 3.001061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 23:14:17.427400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:14:25.428931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:14:41.431467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:15:13.437884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:16:09.478987 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 23:16:09.479091 3.003371 tcp 10.0.2.109 64603 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:16:18.488408 0.000000 tcp 10.0.2.109 64603 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:16:24.481306 0.044528 tcp 10.0.2.109 64604 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:16:24.526174 0.067633 tcp 10.0.2.109 64605 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:16:24.594280 0.152714 tcp 10.0.2.109 64606 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:16:24.862828 2.999423 tcp 10.0.2.109 64607 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:16:33.863344 0.000000 tcp 10.0.2.109 64607 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:16:39.862435 0.043817 tcp 10.0.2.109 64608 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:16:39.906528 0.067396 tcp 10.0.2.109 64609 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:16:39.974202 0.155970 tcp 10.0.2.109 64610 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:16:40.241834 2.984852 tcp 10.0.2.109 64611 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:16:49.225545 0.000000 tcp 10.0.2.109 64611 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:16:55.234300 3.003829 tcp 10.0.2.109 64612 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:17:04.237014 0.000000 tcp 10.0.2.109 64612 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:21:17.444169 3.001291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 23:21:24.450551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:21:32.452762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:21:48.455811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:22:10.237437 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 23:22:10.237536 3.003759 tcp 10.0.2.109 64613 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:22:19.239652 0.000000 tcp 10.0.2.109 64613 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:22:20.461739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:22:25.240800 0.069057 tcp 10.0.2.109 64614 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:22:25.310200 0.066884 tcp 10.0.2.109 64615 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:22:25.377374 0.156093 tcp 10.0.2.109 64616 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:22:25.542356 3.000445 tcp 10.0.2.109 64617 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:22:34.541386 0.000000 tcp 10.0.2.109 64617 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:22:40.541081 0.067103 tcp 10.0.2.109 64618 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:22:40.608537 0.067657 tcp 10.0.2.109 64619 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:22:40.676426 0.199047 tcp 10.0.2.109 64620 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:22:40.885442 2.999952 tcp 10.0.2.109 64621 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:22:49.893660 0.000000 tcp 10.0.2.109 64621 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:22:55.888801 2.991100 tcp 10.0.2.109 64622 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:23:04.875572 0.000000 tcp 10.0.2.109 64622 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:28:10.891306 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 23:28:10.891475 3.000354 tcp 10.0.2.109 64623 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:28:19.888569 0.000000 tcp 10.0.2.109 64623 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:28:24.471687 2.997296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 23:28:25.890587 0.067746 tcp 10.0.2.109 64624 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:28:25.958582 0.066157 tcp 10.0.2.109 64625 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:28:26.025027 0.158690 tcp 10.0.2.109 64626 -> 195.113.214.211 443 SRPA* 0 0 46 40404 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:28:26.212858 2.998910 tcp 10.0.2.109 64627 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:28:31.474939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:28:35.210637 0.000000 tcp 10.0.2.109 64627 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:28:39.476377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:28:41.210126 0.066166 tcp 10.0.2.109 64628 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:28:41.276537 0.067800 tcp 10.0.2.109 64629 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:28:41.344620 0.156532 tcp 10.0.2.109 64630 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:28:41.559035 3.004783 tcp 10.0.2.109 64631 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:28:50.572912 0.000000 tcp 10.0.2.109 64631 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:28:55.479379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:28:56.551415 2.993852 tcp 10.0.2.109 64632 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:29:05.544328 0.000000 tcp 10.0.2.109 64632 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:29:27.491596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:35:18.640916 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 23:35:18.641009 0.172045 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:18.808535 0.079467 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:18.871625 0.198578 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:19.063292 0.031687 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:19.118628 0.114940 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:19.211856 0.170486 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:19.377744 0.075506 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:19.492048 0.166869 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:19.653876 0.048371 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:19.717334 0.162716 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:19.859664 0.337101 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2024 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:20.214273 0.099607 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:20.338534 0.085073 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:20.396510 0.305737 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:20.703546 0.096062 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:20.763289 0.136208 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:20.954504 0.167426 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:21.098578 0.143464 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:21.240816 0.106368 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:21.314484 0.184949 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:21.492609 0.152046 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:21.636613 0.125928 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:21.721861 0.486250 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:22.163348 0.198132 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 1973 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:22.357162 0.312583 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:22.690795 0.160015 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:22.842638 0.068812 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1933 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:22.894639 0.203743 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:23.061975 0.364712 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:23.407082 0.808210 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:24.164893 0.046186 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/26 23:35:26.561829 2.994223 tcp 10.0.2.109 64633 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:35:31.491347 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/26 23:35:35.554883 0.000000 tcp 10.0.2.109 64633 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:35:38.499253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:35:41.564915 0.067001 tcp 10.0.2.109 64634 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:35:41.632193 0.066746 tcp 10.0.2.109 64635 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:35:41.699251 0.156029 tcp 10.0.2.109 64636 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:35:41.874704 3.003700 tcp 10.0.2.109 64637 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:35:46.500636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:35:50.876815 0.000000 tcp 10.0.2.109 64637 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:35:56.876158 0.067227 tcp 10.0.2.109 64638 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:35:56.943647 0.067525 tcp 10.0.2.109 64639 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:35:57.011443 0.156680 tcp 10.0.2.109 64640 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:35:57.220176 3.000195 tcp 10.0.2.109 64641 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:36:02.503632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:36:06.219061 0.000000 tcp 10.0.2.109 64641 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:36:12.217703 3.004268 tcp 10.0.2.109 64642 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:36:21.220494 0.000000 tcp 10.0.2.109 64642 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:36:34.509593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:41:27.221523 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 23:41:27.221751 2.993096 tcp 10.0.2.109 64643 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:41:36.223504 0.000000 tcp 10.0.2.109 64643 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:41:42.224400 0.067396 tcp 10.0.2.109 64644 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:41:42.292053 0.066893 tcp 10.0.2.109 64645 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:41:42.359172 0.152114 tcp 10.0.2.109 64646 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:41:42.530485 2.996234 tcp 10.0.2.109 64647 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:41:51.525384 0.000000 tcp 10.0.2.109 64647 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:41:57.524879 0.066624 tcp 10.0.2.109 64648 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:41:57.591758 0.066834 tcp 10.0.2.109 64649 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:41:57.658906 0.153125 tcp 10.0.2.109 64650 -> 195.113.214.211 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:41:57.833901 2.994782 tcp 10.0.2.109 64651 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:42:06.827698 0.000000 tcp 10.0.2.109 64651 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:42:12.826083 3.004701 tcp 10.0.2.109 64652 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:42:21.828874 0.000000 tcp 10.0.2.109 64652 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:42:38.516667 3.001882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 23:42:45.523380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:42:53.524951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:43:09.527349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:43:41.537113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:47:27.829620 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 23:47:27.829792 3.003309 tcp 10.0.2.109 64653 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:47:36.831824 0.000000 tcp 10.0.2.109 64653 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:47:42.833219 0.066986 tcp 10.0.2.109 64654 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:47:42.900419 0.066357 tcp 10.0.2.109 64655 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:47:42.967046 0.171898 tcp 10.0.2.109 64656 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:47:43.158335 2.997485 tcp 10.0.2.109 64657 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:47:52.168532 0.000000 tcp 10.0.2.109 64657 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:47:58.154645 0.066193 tcp 10.0.2.109 64658 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:47:58.221076 0.065977 tcp 10.0.2.109 64659 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:47:58.287327 0.161879 tcp 10.0.2.109 64660 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:47:58.463618 2.993254 tcp 10.0.2.109 64661 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:48:07.456533 0.000000 tcp 10.0.2.109 64661 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:48:13.465487 3.005727 tcp 10.0.2.109 64662 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:48:22.467429 0.000000 tcp 10.0.2.109 64662 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:49:45.539495 3.002240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 23:49:52.546851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:50:00.549136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:50:16.551610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:50:48.559855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:53:28.469110 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/26 23:53:28.469269 3.002496 tcp 10.0.2.109 64663 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:53:37.470803 0.000000 tcp 10.0.2.109 64663 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:53:43.470835 0.067814 tcp 10.0.2.109 64664 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:53:43.538878 0.066240 tcp 10.0.2.109 64665 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:53:43.605347 0.155943 tcp 10.0.2.109 64666 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:53:43.771510 3.002235 tcp 10.0.2.109 64667 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:53:52.772418 0.000000 tcp 10.0.2.109 64667 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:53:58.771572 0.066353 tcp 10.0.2.109 64668 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:53:58.838269 0.067554 tcp 10.0.2.109 64669 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:53:58.906106 0.157753 tcp 10.0.2.109 64670 -> 195.113.214.211 443 SRPA* 0 0 27 13112 flow=From-Botnet-V1-TCP-Established 1970/01/26 23:53:59.073835 2.991885 tcp 10.0.2.109 64671 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:54:08.074528 0.000000 tcp 10.0.2.109 64671 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:54:14.073452 2.993592 tcp 10.0.2.109 64672 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:54:23.065972 0.000000 tcp 10.0.2.109 64672 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/26 23:56:52.563986 3.001085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/26 23:56:59.571166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:57:07.572523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:57:23.575431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/26 23:57:55.581912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:03:59.617838 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 00:04:06.624845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:04:14.626126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:04:30.629392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:05:02.635534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:05:28.855086 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 00:05:28.855251 0.167407 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:29.046799 0.080341 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:29.111853 0.197411 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:29.152277 2.995673 tcp 10.0.2.109 64673 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:05:29.302401 0.032844 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:29.347957 0.107432 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:29.432480 0.168095 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:29.608941 0.075744 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:29.668693 0.167499 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:29.830335 0.046552 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:29.879001 0.164444 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:30.019887 0.334579 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:30.356197 0.099329 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:30.456849 0.083586 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:30.513008 0.303773 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:30.824232 0.096139 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:30.884434 0.142886 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:31.035164 0.102865 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:31.104368 0.185231 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:31.282783 0.145552 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:31.420272 0.127064 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:31.508589 0.170587 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:31.657676 0.150048 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:31.806777 0.487480 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:32.248244 0.190239 rtp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:32.436438 0.305872 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:32.763824 0.330415 rtp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:33.088368 0.067189 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:33.139219 0.201760 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:33.307599 0.374802 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:33.660374 0.201860 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:33.872295 0.046048 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:05:38.146382 0.000000 tcp 10.0.2.109 64673 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:05:44.146887 0.066341 tcp 10.0.2.109 64674 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:05:44.213456 0.066363 tcp 10.0.2.109 64675 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:05:44.280089 0.161206 tcp 10.0.2.109 64676 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:05:44.451515 2.998241 tcp 10.0.2.109 64677 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:05:53.448524 0.000000 tcp 10.0.2.109 64677 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:10:59.455270 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 00:10:59.455415 2.998831 tcp 10.0.2.109 64678 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:11:08.450730 0.000000 tcp 10.0.2.109 64678 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:11:11.648177 3.002466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 00:11:14.451993 0.067795 tcp 10.0.2.109 64679 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:11:14.520027 0.067019 tcp 10.0.2.109 64680 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:11:14.587292 0.157935 tcp 10.0.2.109 64681 -> 195.113.214.211 443 SRPA* 0 0 35 19218 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:11:14.775160 2.999750 tcp 10.0.2.109 64682 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:11:18.655991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:11:23.783442 0.000000 tcp 10.0.2.109 64682 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:11:26.657602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:11:29.773401 0.065694 tcp 10.0.2.109 64683 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:11:29.839337 0.067001 tcp 10.0.2.109 64684 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:11:29.906579 0.161988 tcp 10.0.2.109 64685 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:11:30.096131 3.001035 tcp 10.0.2.109 64686 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:11:39.095493 0.000000 tcp 10.0.2.109 64686 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:11:42.660672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:11:45.095050 3.003858 tcp 10.0.2.109 64687 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:11:54.098077 0.000000 tcp 10.0.2.109 64687 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 00:12:02.616669 0.000168 tcp 10.0.2.109 64678 -> 176.73.169.112 1959 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:12:14.671007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:17:00.097714 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 00:17:00.097898 0.595168 tcp 10.0.2.109 64688 -> 176.73.169.112 1959 FSPA* 0 0 14 1672 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:18:18.672276 3.002095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 00:18:25.680215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:18:33.681207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:18:49.688356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:19:21.690920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:25:25.696569 3.001874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 00:25:32.704480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:25:40.705735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:25:56.708906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:26:28.714823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:32:32.721192 3.001537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 00:32:39.728682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:32:47.729777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:33:03.732652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:33:35.738866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:35:46.481157 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 00:35:46.481351 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 00:36:04.705207 0.067356 tcp 10.0.2.109 64689 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:36:04.772806 0.067659 tcp 10.0.2.109 64690 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:36:04.840808 0.185673 tcp 10.0.2.109 64691 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:36:05.027023 0.031889 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:05.057819 0.173044 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:05.226545 0.084211 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:05.291917 0.114030 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:05.383273 0.167793 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:05.576817 0.076666 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2003 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:05.639160 0.159644 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:05.793948 0.048310 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:05.846626 0.160805 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:05.985219 0.081744 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:06.041202 0.315300 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:06.398666 0.096041 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:06.458922 0.328499 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:06.790614 0.099608 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:06.958678 0.136013 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:07.130718 0.114477 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:07.210365 0.191375 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:07.394796 0.154391 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:07.541393 0.126140 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:07.627053 0.166105 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:07.771732 0.156906 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:07.946469 0.483008 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:08.385950 0.194184 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:08.577499 0.304887 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:08.894767 0.326301 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:09.215290 0.067102 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:09.265451 0.203361 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:09.484850 0.048982 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:09.534902 0.202711 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:36:09.700559 0.348967 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/27 00:39:39.744456 3.001861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 00:39:46.751905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:39:54.753549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:40:10.756440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:40:42.762459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:46:46.768559 3.001761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 00:46:53.775791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:47:00.696382 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 00:47:00.696539 0.531461 tcp 10.0.2.109 64692 -> 176.73.169.112 1959 FSPA* 0 0 15 1602 flow=From-Botnet-V1-TCP-Established 1970/01/27 00:47:01.777956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:47:17.780593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:47:49.786617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:53:53.794465 3.000273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 00:54:00.800088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:54:08.801702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:54:24.804996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 00:54:56.810483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:01:00.817554 3.000517 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 01:01:07.823883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:01:15.825338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:01:31.828511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:02:03.834561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:06:21.705434 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 01:06:21.705616 0.199456 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:21.896796 0.039209 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:21.934869 0.171259 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:22.177824 0.081600 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:22.242890 0.106602 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:22.326701 0.165888 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:22.502240 0.077779 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:22.564621 0.166610 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:22.725546 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 01:06:41.334304 0.067420 tcp 10.0.2.109 64693 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 01:06:41.401988 0.068004 tcp 10.0.2.109 64694 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 01:06:41.470255 0.210161 tcp 10.0.2.109 64695 -> 195.113.214.211 443 SRPA* 0 0 33 24408 flow=From-Botnet-V1-TCP-Established 1970/01/27 01:06:41.680949 0.161439 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 1951 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:41.821318 0.081652 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:41.877219 0.332983 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:42.218597 0.099228 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:42.334795 0.321476 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:42.666717 0.090088 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:42.725758 0.129113 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:42.862899 0.113814 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:42.943549 0.184378 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2012 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:43.121043 0.145657 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:43.258649 0.126363 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:43.346417 0.169392 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:43.492252 0.150307 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:43.695146 0.313854 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2544 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:44.007793 2.228338 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:46.200046 0.195189 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:46.394333 0.214618 rtp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:46.642476 0.070154 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:46.697408 0.251849 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:46.937089 0.048566 rtcp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:46.999499 0.202163 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:06:47.166689 0.358301 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:08:08.841626 3.002000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 01:08:15.849062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:08:23.850920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:08:39.853934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:09:11.860027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:15:15.865661 3.001820 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 01:15:22.873427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:15:30.874706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:15:46.877684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:16:18.883858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:17:01.238774 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 01:17:01.238865 0.440164 tcp 10.0.2.109 64696 -> 176.73.169.112 1959 FSPA* 0 0 14 1564 flow=From-Botnet-V1-TCP-Established 1970/01/27 01:22:22.889845 3.001504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 01:22:29.897307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:22:37.898660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:22:53.901701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:23:25.907667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:29:29.914092 3.007281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 01:29:36.921182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:29:44.926985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:30:00.925642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:30:32.932023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:36:36.937454 3.001705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 01:36:43.945112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:36:51.946917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:36:52.587710 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 01:36:52.587853 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 01:37:07.949540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:37:10.184702 0.066882 tcp 10.0.2.109 64697 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 01:37:10.251825 0.067475 tcp 10.0.2.109 64698 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 01:37:10.319560 0.175745 tcp 10.0.2.109 64699 -> 195.113.214.211 443 SRPA* 0 0 42 34064 flow=From-Botnet-V1-TCP-Established 1970/01/27 01:37:10.495936 0.199360 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:10.688148 0.081161 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:10.753460 0.032306 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:10.784293 0.166243 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:10.951922 0.074835 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:11.013320 0.159848 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:11.168033 0.106812 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:11.252816 0.170521 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:11.454544 0.164319 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:11.596865 0.081254 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:11.755053 0.329107 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:12.108371 0.099400 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:12.214614 0.374440 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:12.661528 0.095973 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:12.722619 0.142920 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2538 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:12.890424 0.105362 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:12.962283 0.183185 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:13.138122 0.152794 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:13.282869 0.122761 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:13.369846 0.171004 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:13.516062 0.149638 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:13.665116 0.313913 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:13.977875 0.865839 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:14.807520 0.204593 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:15.030504 0.169251 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:15.184267 0.071901 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:15.237290 0.210875 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2571 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:15.480866 0.046852 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:15.573402 0.203564 rtp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:15.741199 0.341404 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/01/27 01:37:39.955585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:43:43.961814 3.001585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 01:43:50.969303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:43:58.970869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:44:14.973631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:44:46.979759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:47:01.673790 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 01:47:01.673931 0.495042 tcp 10.0.2.109 64700 -> 176.73.169.112 1959 FSPA* 0 0 14 1524 flow=From-Botnet-V1-TCP-Established 1970/01/27 01:51:52.995023 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 01:52:00.002458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:52:08.004141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:52:24.012415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:52:56.012817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:59:22.020352 3.001912 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 01:59:29.027757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:59:37.029360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 01:59:53.032519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:00:25.039063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:06:29.044690 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 02:06:36.052048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:06:44.053132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:07:00.056331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:07:32.062432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:07:41.506066 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 02:07:41.506271 0.031690 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:41.536653 0.167090 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:41.762087 0.076564 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:41.825138 0.199472 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:42.016933 0.083216 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:42.090410 0.165147 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:42.250560 0.098024 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:42.330421 0.171440 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2035 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:42.567150 0.163975 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:42.707987 0.088977 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:42.769466 0.338025 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:43.130961 0.124059 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:43.286713 0.294316 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:43.614743 0.096172 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:43.675737 0.142678 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:43.892162 0.108405 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:43.967155 0.125971 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:44.056678 0.174833 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:44.210819 0.156579 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:44.366878 0.337483 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:44.744463 0.182507 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:44.920057 0.143887 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:45.059927 1.128811 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:46.152704 0.200952 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:46.346621 0.196263 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2031 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:46.679155 0.049410 rtp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:46.745209 0.206317 rtp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:46.914874 0.400752 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:47.294456 0.702599 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:07:47.991044 0.070835 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:13:36.069175 3.000619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 02:13:43.075956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:13:51.077582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:14:07.080468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:14:39.086486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:17:02.172801 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 02:17:02.172906 0.505157 tcp 10.0.2.109 64701 -> 176.73.169.112 1959 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/01/27 02:20:43.092042 3.002173 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 02:20:50.099762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:20:58.101019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:21:14.104457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:21:46.110509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:27:50.115922 3.001946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 02:27:57.123503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:28:05.125191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:28:21.128246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:28:53.134625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:34:57.140738 3.001876 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 02:35:04.147649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:35:12.149187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:35:28.152123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:36:00.157993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:38:16.754954 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 02:38:16.755055 0.077943 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:16.818355 0.197998 rtp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:17.311216 0.033846 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:17.343800 0.165897 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:17.567085 0.083365 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:17.632224 0.160353 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:17.787402 0.105604 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:17.894431 0.170521 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:18.139084 0.161757 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:18.279012 0.088281 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:18.341120 0.301533 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:18.691532 0.334461 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:19.048796 0.099722 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:19.180078 0.098558 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:19.241491 0.129040 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:19.437875 0.104479 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:19.510346 0.130526 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:19.600628 0.170737 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:19.747363 0.150074 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:19.896576 0.183704 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:20.072099 0.305674 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:20.376548 0.190618 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:20.580603 0.487676 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:21.021832 0.202339 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:21.207266 0.203766 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:21.362448 0.050552 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:21.482451 0.204099 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:21.652126 0.349442 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:21.981830 0.159775 rtp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:38:22.133280 0.068586 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/27 02:42:04.164483 3.001274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 02:42:11.172470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:42:19.173086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:42:35.176722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:43:07.185357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:47:02.681482 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 02:47:02.681620 0.493300 tcp 10.0.2.109 64702 -> 176.73.169.112 1959 FSPA* 0 0 14 1734 flow=From-Botnet-V1-TCP-Established 1970/01/27 02:49:11.188416 3.001416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 02:49:18.195502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:49:26.197277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:49:42.200043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:50:14.205981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:56:18.215302 2.998550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 02:56:25.219630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:56:33.224716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:56:49.224230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 02:57:21.230682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:03:25.235969 3.001832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 03:03:32.243802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:03:40.244926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:03:57.552946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:04:29.166346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:08:45.203803 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 03:08:45.203897 0.078782 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:45.267484 0.198764 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:45.458280 0.032474 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:45.562643 0.167698 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:45.757882 0.078726 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:45.822412 0.158503 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:45.978552 0.097127 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:46.102662 0.084190 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:46.161964 0.295853 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:46.567094 0.166342 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:46.788139 0.164285 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:46.929710 0.339754 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:47.286794 0.099526 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:47.386339 0.099426 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:47.457339 0.142706 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:47.638020 0.113845 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:47.718660 0.125057 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:47.807248 0.168872 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:47.955922 0.149757 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:48.134369 0.189280 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:48.316310 0.153261 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:48.461853 0.452284 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:48.932379 0.484309 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:49.370387 0.191581 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:49.559072 0.205961 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:49.714707 0.047939 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:49.790610 0.208862 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:49.960743 0.351593 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:50.291433 0.390160 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:08:50.668571 0.068961 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:10:32.273049 2.998701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 03:10:39.277448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:10:47.279048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:11:03.282237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:11:35.288251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:17:03.179723 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 03:17:03.179860 0.553142 tcp 10.0.2.109 64703 -> 176.73.169.112 1959 FSPA* 0 0 14 1701 flow=From-Botnet-V1-TCP-Established 1970/01/27 03:17:39.295443 3.000109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 03:17:46.301366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:17:54.302936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:18:10.306024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:18:42.311914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:24:46.320040 2.999238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 03:24:53.326930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:25:01.326890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:25:17.329857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:25:49.336246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:31:53.341775 3.003377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 03:32:00.349170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:32:08.352981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:32:24.353969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:32:56.363045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:39:00.365319 3.002252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 03:39:07.374202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:39:14.053102 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 03:39:14.053284 0.080022 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:14.118275 0.200944 rtp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:14.311731 0.033813 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:14.373178 0.167979 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:14.546623 0.094811 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:14.622778 0.166160 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:14.782985 0.109492 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:14.870130 0.089012 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:14.965342 0.162498 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:15.104736 0.337487 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:15.375297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:39:15.445522 0.296269 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:15.786749 0.171977 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:15.954451 0.099409 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:16.066665 0.099842 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:16.131473 0.135904 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:16.270658 0.107616 rtcp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:16.346447 0.129163 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:16.433502 0.169718 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:16.582672 0.149884 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:16.746023 0.457950 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:17.252795 0.184377 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:17.429428 0.148284 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:17.569074 0.484638 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:18.005425 0.196700 rtp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:18.210454 0.205286 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:18.418730 0.050797 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:18.480959 0.202422 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:18.648216 0.068957 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:18.717789 0.379951 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:19.088259 0.460789 rtp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/27 03:39:31.377794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:40:03.384018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:46:07.390246 3.001229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 03:46:14.397717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:46:22.398945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:46:38.401712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:47:03.739571 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 03:47:03.739665 0.514252 tcp 10.0.2.109 64704 -> 176.73.169.112 1959 FSPA* 0 0 14 1724 flow=From-Botnet-V1-TCP-Established 1970/01/27 03:47:10.407730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:53:14.413307 3.002590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 03:53:21.421234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:53:29.423299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:53:45.425713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 03:54:17.431936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:00:21.438466 3.004848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 04:00:28.445756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:00:36.446885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:00:52.449601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:01:24.455691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:07:28.462400 3.001011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 04:07:35.469123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:07:43.470429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:07:59.473338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:08:31.479836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:09:44.505026 0.000172 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 04:09:44.505306 0.078224 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:44.569594 0.201135 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:44.972581 0.033447 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:45.005384 0.167581 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:45.258577 0.082129 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:45.322862 0.165949 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:45.483591 0.097584 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:45.559464 0.085910 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:45.682276 0.316870 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:46.014898 0.168745 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:46.179122 0.111598 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:46.292069 0.163481 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:46.433563 0.334893 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:46.849234 0.092794 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:46.905976 0.135867 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:47.051847 0.108224 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:47.122880 0.125685 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:47.209299 0.174127 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:47.360570 0.149463 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:47.562802 0.146234 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:47.701257 1.055750 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:48.716877 0.455833 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:49.194838 0.189647 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:49.377225 0.188180 rtp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:49.666759 0.200155 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:49.941271 0.049299 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:50.064071 0.204679 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:50.231716 0.065870 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:50.323879 0.377853 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:09:50.683431 0.211827 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:14:38.490566 3.010505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 04:14:45.507425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:14:53.508531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:15:09.511807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:15:41.518192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:17:04.257645 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 04:17:04.257736 0.617594 tcp 10.0.2.109 64705 -> 176.73.169.112 1959 FSPA* 0 0 14 1624 flow=From-Botnet-V1-TCP-Established 1970/01/27 04:21:45.524262 3.049652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 04:21:52.554518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:22:00.543097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:22:16.546016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:22:48.551519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:28:52.558000 3.001520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 04:28:59.565482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:29:07.570086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:29:23.573195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:29:55.576818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:35:59.581766 3.001578 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 04:36:06.589409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:36:14.591184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:36:30.593753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:37:02.599959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:39:52.124051 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 04:39:52.124293 0.074910 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:52.186155 0.200548 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:52.379494 0.032377 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:52.410669 0.168751 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:52.580096 0.081406 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:52.644850 0.168265 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:52.808125 0.108388 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:52.894188 0.087190 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:52.953606 0.111878 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:53.066965 0.163967 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:53.207191 0.336945 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:53.553772 0.097754 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:53.617050 0.129102 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:53.747503 0.297992 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:54.046933 0.172157 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:54.220532 0.113054 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:54.297058 0.124222 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:54.382811 0.168316 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 1970 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:54.526828 0.142707 rtp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:54.697865 0.154215 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:54.844389 0.183751 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:55.019529 0.486444 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:55.460486 0.437526 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:55.906692 0.184765 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:56.100397 0.203499 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:56.308962 0.048130 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:56.358469 0.200439 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:56.526391 0.071662 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:56.579558 0.340967 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:39:56.899764 0.161706 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/01/27 04:43:06.615578 3.002288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 04:43:13.623425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:43:21.625322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:43:37.627876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:44:09.634253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:47:04.876417 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 04:47:04.876629 0.455200 tcp 10.0.2.109 64706 -> 176.73.169.112 1959 FSPA* 0 0 14 1717 flow=From-Botnet-V1-TCP-Established 1970/01/27 04:51:28.648051 3.000874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 04:51:35.655238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:51:43.659103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:51:59.659809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:52:31.665765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:59:00.678422 3.001087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 04:59:07.685384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:59:15.686626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 04:59:31.689627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:00:03.695642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:06:07.701565 3.001453 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 05:06:14.709092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:06:22.710634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:06:38.713764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:07:10.719437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:09:57.980388 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 05:09:57.980537 0.078841 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:58.044402 0.217927 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:58.254442 0.031752 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:58.333601 0.169626 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:58.498620 0.074785 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:58.603659 0.161015 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:58.794370 0.110125 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:58.881557 0.086430 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:58.941432 0.111787 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:59.074703 0.092625 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:59.134578 0.136159 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:59.272407 0.314354 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:59.587434 0.165034 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:09:59.728722 0.338189 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:00.143589 0.168852 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:00.308060 0.101115 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:00.387436 0.126996 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:00.477964 0.169701 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:00.623732 0.142444 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:00.765846 0.156029 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:00.917840 0.190614 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:01.101228 0.482913 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:01.542521 0.424469 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:01.997832 0.186422 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:02.222798 0.205240 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:02.439456 0.049662 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:02.499510 0.209667 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:02.677162 0.071970 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:02.751323 0.384058 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:10:03.208769 0.241285 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:13:17.730967 3.000688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 05:13:24.737358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:13:32.739269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:13:48.742252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:14:20.747674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:17:05.335226 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 05:17:05.335421 0.529035 tcp 10.0.2.109 64707 -> 176.73.169.112 1959 FSPA* 0 0 14 1509 flow=From-Botnet-V1-TCP-Established 1970/01/27 05:20:24.754168 3.001287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 05:20:31.761442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:20:39.762907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:20:55.766145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:21:27.772143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:27:31.778830 3.001634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 05:27:38.786714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:27:46.791765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:28:02.789896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:28:34.795844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:34:38.808660 2.995605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 05:34:45.812973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:34:53.814885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:35:09.813911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:35:41.819725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:40:22.056153 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 05:40:22.056441 0.031647 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:22.086882 0.166676 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:22.262569 0.083131 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:22.328017 0.165676 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:22.488640 0.078063 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:22.551904 0.217487 rtp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:22.761431 0.096817 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:22.835561 0.085165 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:22.892910 0.112814 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:23.015953 0.093919 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:23.074079 0.142716 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:23.233679 0.310399 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:23.553972 0.163558 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:23.696079 0.331181 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:24.034032 0.165193 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:24.209598 0.100390 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:24.276968 0.130083 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:24.365788 0.174190 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:24.517577 0.156550 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:24.682831 0.145983 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:24.821037 0.447149 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:25.266740 0.191205 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:25.450704 0.480575 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:25.887354 0.195004 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:26.076310 0.212410 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:26.289050 0.047609 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:26.338000 0.202440 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:26.505256 0.070211 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:26.557770 0.350975 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2629 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:40:26.886768 0.158603 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/01/27 05:41:45.825936 3.001556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 05:41:52.833560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:42:00.834666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:42:16.839175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:42:48.843833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:47:05.864158 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 05:47:05.864348 0.486853 tcp 10.0.2.109 64708 -> 176.73.169.112 1959 FSPA* 0 0 15 1644 flow=From-Botnet-V1-TCP-Established 1970/01/27 05:48:52.849522 3.002237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 05:48:59.857369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:49:07.858788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:49:23.862272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:49:55.867774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:55:59.874008 3.001836 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 05:56:06.881255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:56:14.882787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:56:30.885984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 05:57:02.891806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:03:06.897528 3.001816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 06:03:13.904937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:03:21.906768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:03:37.909664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:04:09.915726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:10:13.922610 3.002342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 06:10:20.930970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:10:28.930595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:10:44.933722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:10:45.003858 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 06:10:45.004135 0.033907 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:45.036645 0.167185 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:45.203117 0.083103 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:45.269847 0.160298 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:45.424124 0.077425 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:45.495105 0.217971 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:45.705057 0.102096 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:45.844848 0.085833 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:46.063986 0.111623 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:46.183115 0.097667 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:46.246346 0.164001 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:46.389501 0.346403 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:46.737250 0.136216 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:46.899687 0.306989 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:47.221990 0.172459 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:47.406751 0.113472 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:47.485386 0.125227 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:47.570325 0.167145 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:47.717237 0.142397 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:47.920582 0.153857 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:48.066734 0.485274 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:48.504052 0.190739 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:48.713987 0.418713 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:49.201845 0.185602 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:49.379300 0.204953 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:49.575743 0.049370 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:49.642474 0.200706 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2016 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:49.809482 0.065569 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:49.899564 0.380655 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:10:50.373950 0.280801 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:11:16.939546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:17:06.352842 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 06:17:06.352976 0.760613 tcp 10.0.2.109 64709 -> 176.73.169.112 1959 FSPA* 0 0 14 1554 flow=From-Botnet-V1-TCP-Established 1970/01/27 06:17:20.945553 3.003969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 06:17:27.953493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:17:35.954934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:17:51.957568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:18:23.963878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:24:27.970270 3.000961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 06:24:34.976922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:24:42.978559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:24:58.981437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:25:30.987463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:31:34.993498 3.011698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 06:31:42.010875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:31:50.012658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:32:06.015645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:32:38.021469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:38:42.027943 3.001305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 06:38:49.035198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:38:57.036883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:39:13.039962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:39:45.045668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:41:19.131156 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 06:41:19.131391 0.032178 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:19.162191 0.168747 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:19.347558 0.084449 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:19.413200 0.167014 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:19.584504 0.079174 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:19.648760 0.216352 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:19.858946 0.111700 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:19.964560 0.083824 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:20.022960 0.164919 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:20.164878 0.338624 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:20.560178 0.135684 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2008 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:20.849009 0.112028 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:21.164854 0.094456 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:21.465789 0.307236 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:21.789516 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 06:41:39.512350 0.069225 tcp 10.0.2.109 64710 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/27 06:41:39.581801 0.066408 tcp 10.0.2.109 64711 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/27 06:41:39.648534 0.170618 tcp 10.0.2.109 64712 -> 195.113.214.211 443 SRPA* 0 0 35 25035 flow=From-Botnet-V1-TCP-Established 1970/01/27 06:41:39.819691 0.110940 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:39.898041 0.132108 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:39.989548 0.167728 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:40.135551 0.254418 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:40.390829 0.146972 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:40.530308 0.000000 udp 10.0.2.109 3683 -> 59.115.36.113 2346 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 06:41:59.049446 0.066561 tcp 10.0.2.109 64713 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 06:41:59.116341 0.068076 tcp 10.0.2.109 64714 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 06:41:59.184708 0.162311 tcp 10.0.2.109 64715 -> 195.113.214.211 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/01/27 06:41:59.347516 0.206155 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:59.545122 0.407507 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:41:59.961394 0.197013 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:42:00.151030 0.205538 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:42:00.356896 0.048223 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:42:00.406488 0.205179 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:42:00.576352 0.078705 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:42:00.637574 0.344103 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 1980 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:42:00.962187 0.529875 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/01/27 06:45:49.051551 3.001968 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 06:45:56.059279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:46:04.060487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:46:20.063688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:46:52.069474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:47:07.121692 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 06:47:07.121838 0.539940 tcp 10.0.2.109 64716 -> 176.73.169.112 1959 FSPA* 0 0 15 1800 flow=From-Botnet-V1-TCP-Established 1970/01/27 06:52:56.075354 3.002266 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 06:53:03.083317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:53:11.084627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:53:27.087592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 06:53:59.093505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:00:03.099779 3.001484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 07:00:10.108728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:00:18.109008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:00:34.111285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:01:06.117589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:07:10.123860 3.001072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 07:07:17.130962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:07:25.132726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:07:41.135576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:08:13.141513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:12:08.019295 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 07:12:08.019463 0.197225 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:08.306618 1.576600 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:09.849421 0.157399 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:10.031392 0.169829 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:10.266810 0.216788 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:10.476448 0.146592 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:10.805852 0.082331 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:10.862621 0.079381 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:10.957897 0.081858 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:11.023455 0.031988 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:11.120422 0.165353 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:11.263434 0.135915 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2549 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:11.499511 0.341587 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:11.839827 0.299786 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:12.148852 0.093881 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:12.242857 0.099468 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:12.359017 0.112246 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:12.434730 0.126950 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:12.520219 0.173628 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:12.702776 0.142981 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:12.845222 0.149269 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:12.990627 0.195054 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:13.230779 0.313063 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:13.592176 0.192548 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:13.777428 0.200797 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:13.932849 0.048872 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:14.052070 0.204338 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:14.220379 0.070899 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:14.344515 0.377011 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:12:14.703491 0.853889 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:14:17.148112 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 07:14:24.155049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:14:32.158198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:14:48.159457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:15:20.165535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:17:07.661430 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 07:17:07.661533 0.509072 tcp 10.0.2.109 64717 -> 176.73.169.112 1959 FSPA* 0 0 15 1764 flow=From-Botnet-V1-TCP-Established 1970/01/27 07:21:24.173350 3.001725 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 07:21:31.178952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:21:39.180351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:21:55.183328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:22:27.189168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:28:31.196578 3.000716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 07:28:38.202913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:28:46.204720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:29:02.207207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:29:34.213205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:35:38.219640 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 07:35:45.226618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:35:53.228886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:36:09.231770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:36:41.237319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:42:43.859385 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 07:42:43.859479 0.169694 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:44.024890 0.482911 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:44.466517 0.166209 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:44.627296 0.170354 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:44.799038 0.209991 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:45.001189 0.113391 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:45.092944 0.085457 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:45.152396 0.076124 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:45.214413 0.084189 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2591 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:45.252409 2.993451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 07:42:45.279494 0.136100 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:45.417300 0.332389 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:45.751166 0.034801 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:45.784534 0.165359 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:45.925880 0.302809 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:46.230064 0.102696 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:46.297609 0.099746 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:46.413679 0.108129 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:46.487742 0.130463 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:46.580628 0.171499 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:46.728700 0.149749 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:46.879305 0.145922 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:47.022469 0.214612 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:47.228127 0.313148 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:47.550783 0.192352 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:47.735799 0.204307 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:47.905028 0.046906 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:47.961084 0.369855 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:48.310331 0.207424 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:48.482269 0.072207 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:48.538438 0.167633 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/01/27 07:42:52.250609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:43:00.252234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:43:16.255468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:43:48.261268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:47:08.169429 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 07:47:08.169575 0.463849 tcp 10.0.2.109 64718 -> 176.73.169.112 1959 FSPA* 0 0 14 1574 flow=From-Botnet-V1-TCP-Established 1970/01/27 07:49:52.267580 3.001635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 07:49:59.274884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:50:07.276619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:50:23.279490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:50:55.285691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:56:59.292199 3.000847 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 07:57:06.299003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:57:14.300015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:57:30.303262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 07:58:02.309127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:04:06.315223 3.001548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 08:04:13.322392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:04:21.324299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:04:37.327648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:05:09.332840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:11:18.346209 3.001803 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 08:11:25.353633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:11:33.358755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:11:49.362047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:12:21.364961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:13:07.550931 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 08:13:07.551091 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 08:13:25.068128 0.067990 tcp 10.0.2.109 64719 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:13:25.136343 0.067850 tcp 10.0.2.109 64720 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:13:25.204547 0.174454 tcp 10.0.2.109 64721 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:13:25.379507 0.170198 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:25.547789 0.217703 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:25.756880 0.109656 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:25.843255 0.000000 udp 10.0.2.109 3683 -> 59.115.36.113 2346 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 08:13:41.710346 0.066634 tcp 10.0.2.109 64722 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:13:41.777263 0.067572 tcp 10.0.2.109 64723 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:13:41.845177 0.165658 tcp 10.0.2.109 64724 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:13:42.011303 0.166992 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:42.187581 0.087655 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:42.247884 0.097840 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:42.331989 0.083903 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:42.397855 0.135724 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:42.538642 0.346326 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 5 1976 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:57.602791 0.067335 tcp 10.0.2.109 64725 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:13:57.670417 0.068968 tcp 10.0.2.109 64726 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:13:57.739659 0.164106 tcp 10.0.2.109 64727 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:13:57.904431 0.037426 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:57.940673 0.165835 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:58.084423 0.297606 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:58.383516 0.097249 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:58.445326 0.111819 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:58.578486 0.110586 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:58.652769 0.126408 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:58.760333 0.172041 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:58.912274 0.156747 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:59.081777 0.144581 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:59.221928 0.192375 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:59.403457 0.305730 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:59.710661 0.199586 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:13:59.902905 0.203329 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:14:00.155053 0.057703 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:14:00.242069 0.069762 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:14:00.294451 0.164787 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:14:00.486456 0.407476 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:14:00.897296 0.202392 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:17:08.637516 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 08:17:08.637619 0.494280 tcp 10.0.2.109 64728 -> 176.73.169.112 1959 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:18:25.370206 3.001382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 08:18:32.377663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:18:40.384338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:18:56.384537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:19:28.388418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:25:32.393753 3.002011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 08:25:39.402806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:25:47.403217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:26:03.406127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:26:35.412532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:32:39.418114 3.001662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 08:32:46.426655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:32:54.427068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:33:10.430244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:33:42.436917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:39:46.443148 3.000574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 08:39:53.455292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:40:01.451312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:40:17.454617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:40:49.460045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:44:20.233403 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 08:44:20.233559 0.172663 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:20.415327 0.937972 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 1997 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:21.311011 0.340869 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:21.653264 0.167791 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:21.831705 0.107403 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:21.915803 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 08:44:36.949027 0.068421 tcp 10.0.2.109 64729 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:44:37.017716 0.067785 tcp 10.0.2.109 64730 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:44:37.085860 0.164143 tcp 10.0.2.109 64731 -> 195.113.214.211 443 SRPA* 0 0 60 36420 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:44:37.250563 0.081386 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:37.317368 0.086275 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:37.385820 0.135982 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:37.531733 0.167777 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:37.693561 0.085179 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:37.755190 0.034194 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:37.804787 0.165687 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:37.948441 0.290705 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:38.240778 0.095670 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:38.303376 0.099704 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:38.404552 0.109247 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:38.475470 0.130262 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:38.566366 0.169552 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:38.715052 0.156906 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:38.871441 0.144051 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:39.011521 0.191250 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:39.199686 0.304749 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:39.513675 0.188815 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:39.695077 0.205370 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:39.853259 0.050183 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:39.975882 0.368669 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:40.334940 0.208766 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:40.504285 0.069959 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:44:40.558230 0.157604 rtp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/01/27 08:46:53.465230 3.002505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 08:47:00.472990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:47:08.475091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:47:09.136376 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 08:47:09.136622 0.465306 tcp 10.0.2.109 64732 -> 176.73.169.112 1959 FSPA* 0 0 14 1519 flow=From-Botnet-V1-TCP-Established 1970/01/27 08:47:24.478517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:47:56.485204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:54:00.489543 3.002179 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 08:54:07.497785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:54:15.499209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:54:31.501897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 08:55:03.508513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:01:07.513835 3.002058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 09:01:14.521496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:01:22.525325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:01:38.526206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:02:10.532194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:08:16.541829 3.000207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 09:08:23.548337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:08:31.549585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:08:47.552981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:09:19.559151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:14:53.839560 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 09:14:53.839724 0.208974 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:54.041119 0.163171 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:54.251973 0.106777 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:54.336420 0.337412 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 5 1736 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:54.728626 1.131356 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:55.823047 0.169411 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:56.056674 0.079158 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:56.120684 0.082821 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:56.186441 0.136024 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:56.326658 0.167228 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:56.488696 0.087512 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:56.553716 0.032994 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:56.651963 0.163346 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:56.793333 0.295442 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:57.106831 0.103610 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:57.174562 0.099494 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:57.300292 0.105099 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:57.373766 0.130355 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:57.643840 0.169411 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:57.789021 0.149467 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:58.012197 0.313661 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:58.324589 0.198215 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:58.514183 0.210539 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:58.726512 0.154407 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:58.873243 0.189902 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:59.060900 0.048663 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:59.109259 0.342581 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:59.473533 0.200247 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:59.639079 0.066871 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:14:59.708522 0.163117 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:15:23.564453 3.002280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 09:15:30.572239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:15:38.573792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:15:54.576976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:16:26.582410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:17:09.605206 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 09:17:09.605344 0.577921 tcp 10.0.2.109 64733 -> 176.73.169.112 1959 FSPA* 0 0 14 1741 flow=From-Botnet-V1-TCP-Established 1970/01/27 09:22:30.593148 2.997600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 09:22:37.600384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:22:45.597668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:23:01.600889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:23:33.606814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:29:37.612395 3.002242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 09:29:44.620167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:29:52.626955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:30:08.624769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:30:40.630692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:36:44.637203 3.001524 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 09:36:51.644490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:36:59.645566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:37:15.653149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:37:47.655241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:43:51.660587 3.002405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 09:43:58.668276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:44:06.669869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:44:22.672696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:44:54.679108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:45:15.809534 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 09:45:15.809713 0.103975 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:15.889505 0.216431 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:16.097834 0.161756 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:16.260924 0.350495 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:16.612644 0.444339 rtp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:17.010442 0.178008 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:17.185940 0.078622 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:17.249482 0.084342 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:17.316199 0.130072 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:17.446533 0.034599 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:17.480078 0.164036 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:17.621955 0.306492 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:17.937340 0.095875 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:17.997729 0.167425 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:18.159644 0.087093 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:18.219291 0.099724 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:18.332704 0.106375 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:18.407189 0.128521 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:18.500134 0.166076 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:18.643410 0.149438 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:18.803722 0.204342 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:18.970703 0.314166 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1936 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:19.293642 0.186618 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:19.472345 0.154681 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:19.619485 0.233897 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:19.860415 0.048757 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:19.913975 0.344481 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:20.239770 0.161381 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:20.393009 0.203295 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:45:20.561163 0.078307 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/01/27 09:47:10.184462 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 09:47:10.184646 0.518055 tcp 10.0.2.109 64734 -> 176.73.169.112 1959 FSPA* 0 0 14 1508 flow=From-Botnet-V1-TCP-Established 1970/01/27 09:51:53.693940 3.001528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 09:52:00.705333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:52:08.702804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:52:24.706199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:52:56.711786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:59:19.725372 3.001660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 09:59:26.732694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:59:34.734194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 09:59:50.737017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:00:22.742992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:06:26.748886 3.001719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 10:06:33.756708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:06:41.757795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:06:57.761258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:07:29.767104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:13:33.775610 2.999093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 10:13:40.780079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:13:48.782575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:14:04.784884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:14:36.791158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:15:41.484123 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 10:15:41.484271 0.096694 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:41.559736 0.334158 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:41.899093 0.216831 rtp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:42.108315 0.173321 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:42.386693 0.442287 rtp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:42.779878 0.165850 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:42.976000 0.080291 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:43.039965 0.083760 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:43.149754 0.135749 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:43.317651 0.031672 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:43.348260 0.170505 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:43.493327 0.289693 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:43.838662 0.099244 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:43.902547 0.167812 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:44.064539 0.086945 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:44.127314 0.111673 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:44.262719 0.107852 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:44.337848 0.126709 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:44.427714 0.168760 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:44.573622 0.156636 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:44.738670 0.208330 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:44.944308 0.314945 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:45.270761 0.185240 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:45.448793 0.154487 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:45.595868 0.198806 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:45.778640 0.048790 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:45.871927 0.203347 rtp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:46.040082 0.068927 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2555 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:46.142178 0.406784 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:15:46.553994 1.076561 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:17:10.702308 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 10:17:10.702443 0.478620 tcp 10.0.2.109 64735 -> 176.73.169.112 1959 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/01/27 10:20:42.800269 3.001200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 10:20:49.807261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:20:57.808771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:21:13.811773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:21:45.817719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:27:49.829112 2.996727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 10:27:56.834774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:28:04.832592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:28:20.835773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:28:52.842227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:34:56.851746 2.997597 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 10:35:03.855431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:35:11.857181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:35:27.864640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:35:59.865759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:42:03.872164 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 10:42:10.879314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:42:18.880889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:42:34.883549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:43:06.889643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:45:48.315933 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 10:45:48.316212 0.098971 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:48.391524 0.327932 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:48.728724 0.202180 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:48.922867 0.170956 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:49.095375 0.444935 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:49.491592 0.169878 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:49.671449 0.079604 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:49.734945 0.078793 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:49.798059 0.144071 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:49.955821 0.732838 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:50.687490 0.168794 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:50.832599 0.299726 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:51.142460 0.097839 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:51.205950 0.168230 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:51.367935 0.085174 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:51.427029 0.111935 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:51.540643 0.114340 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:51.618834 0.129382 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:51.705997 0.171981 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:51.856966 0.156671 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:52.014810 0.209343 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:52.176603 0.305745 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:52.497489 0.192158 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:52.682682 0.145611 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:52.820806 0.237799 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:53.056561 0.048494 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:53.121933 0.259899 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:53.344071 0.070688 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1987 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:53.397734 0.361582 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:45:53.741330 0.347052 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/27 10:47:11.181269 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 10:47:11.181474 0.598287 tcp 10.0.2.109 64736 -> 176.73.169.112 1959 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/01/27 10:49:10.896159 3.002644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 10:49:17.903138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:49:25.905151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:49:41.907738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:50:13.913586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:56:17.919671 3.001679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 10:56:24.927544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:56:32.929044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:56:48.931836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 10:57:20.937747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:03:24.943790 3.001334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 11:03:31.951514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:03:39.952772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:03:55.955406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:04:27.961904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:10:31.968059 3.001137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 11:10:38.974878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:10:46.977127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:11:02.979540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:11:34.990431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:16:15.750762 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 11:16:15.750952 0.199429 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:15.942807 0.111093 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:16.244092 0.333061 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:16.576049 0.172097 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:16.743714 0.449658 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:17.143423 0.173383 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:17.313251 0.079187 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:17.383641 0.082024 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:17.448905 0.161929 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:17.589219 0.136253 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:17.770967 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 11:16:35.559692 0.068207 tcp 10.0.2.109 64737 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:16:35.628150 0.066553 tcp 10.0.2.109 64738 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:16:35.694994 0.149903 tcp 10.0.2.109 64739 -> 195.113.214.211 443 SRPA* 0 0 35 27163 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:16:35.845479 0.294209 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:36.243784 0.097793 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:36.304177 0.169494 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:36.466337 0.085955 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:36.526463 0.099522 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:36.638173 0.103704 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:36.711441 0.126698 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:36.798818 0.164195 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:36.943917 0.309300 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:37.251991 0.194602 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:37.437089 0.153479 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:37.583390 0.149554 rtp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:37.732089 0.210958 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:37.955380 0.202380 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:38.150619 0.050375 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:38.277172 0.208113 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:38.447336 0.071402 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:38.595493 0.381653 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:16:38.996498 0.168464 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:17:11.780204 0.497213 tcp 10.0.2.109 64740 -> 176.73.169.112 1959 FSPA* 0 0 15 1588 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:17:39.993732 3.000971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 11:17:47.000396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:17:55.001725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:18:11.004908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:18:43.011372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:24:47.016102 3.002430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 11:24:54.024340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:25:02.026418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:25:18.029138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:25:50.035241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:31:54.041179 3.002252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 11:32:01.048407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:32:09.049728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:32:25.052761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:32:57.059023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:39:01.065061 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 11:39:08.072479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:39:16.073623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:39:32.076987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:40:04.087075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:46:08.090047 3.000885 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 11:46:15.096949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:46:23.098455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:46:39.101205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:46:42.736257 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 11:46:42.736402 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 11:46:59.331375 0.067566 tcp 10.0.2.109 64741 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:46:59.399147 0.066632 tcp 10.0.2.109 64742 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:46:59.466012 0.295340 tcp 10.0.2.109 64743 -> 195.113.214.211 443 SRPA* 0 0 56 52767 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:46:59.789801 0.198175 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:46:59.979871 0.106145 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:00.064025 0.327743 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:00.393222 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 11:47:11.107432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:47:12.278742 0.476664 tcp 10.0.2.109 64744 -> 176.73.169.112 1959 FSPA* 0 0 15 1558 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:47:16.285121 0.066452 tcp 10.0.2.109 64745 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:47:16.351802 0.067331 tcp 10.0.2.109 64746 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:47:16.419472 0.182447 tcp 10.0.2.109 64747 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/27 11:47:16.602593 0.440159 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:17.002531 0.074998 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:17.062963 0.080897 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 1929 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:17.129315 0.161000 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:17.268035 0.136311 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:17.416888 0.174741 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:17.588797 0.157571 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:17.763500 0.088091 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:17.826883 0.314939 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:18.143265 0.095375 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2554 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:18.202787 0.099724 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:18.304057 0.113556 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:18.383407 0.122436 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:18.469182 0.171315 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:18.617932 0.311778 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:19.061159 0.150008 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:19.210675 0.208586 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:19.398373 0.226793 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:19.613030 0.193261 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:19.799047 0.148600 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:19.938710 0.047529 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:19.987563 0.209902 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:20.161988 0.068323 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:20.213386 0.341640 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:47:20.546632 0.761733 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/01/27 11:53:15.113160 3.001911 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 11:53:22.120213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:53:30.121772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:53:46.125423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 11:54:18.131257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:00:22.137115 3.001580 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 12:00:29.144428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:00:37.145964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:00:53.148868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:01:25.154669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:07:29.161008 3.001710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 12:07:36.168118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:07:44.169489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:08:00.172732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:08:32.178852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:14:41.191980 3.003397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 12:14:48.199394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:14:56.200961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:15:12.203892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:15:44.209819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:17:12.757987 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 12:17:12.758149 0.524737 tcp 10.0.2.109 64748 -> 176.73.169.112 1959 FSPA* 0 0 15 1631 flow=From-Botnet-V1-TCP-Established 1970/01/27 12:17:31.374346 0.164313 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:31.565503 0.112751 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:31.653897 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 12:17:47.268782 0.070743 tcp 10.0.2.109 64749 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 12:17:47.339738 0.067101 tcp 10.0.2.109 64750 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 12:17:47.407113 0.167116 tcp 10.0.2.109 64751 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/27 12:17:47.574782 0.335039 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:47.931614 0.443133 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:48.331044 0.080114 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:48.440298 0.083369 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:48.504749 0.163987 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:48.646406 0.129160 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:48.787188 0.169915 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:48.981569 0.158765 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:49.135322 0.083847 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:49.193253 0.294445 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:49.494752 0.100839 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:49.560367 0.099245 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:49.667877 0.100707 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:49.735727 0.127277 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:49.822578 0.176841 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:49.978401 0.307395 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1998 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:50.294593 0.211330 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:50.506618 0.195795 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:50.695628 0.149612 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:50.858713 0.201346 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:51.011727 0.151768 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:51.159224 0.048688 rtp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:51.216269 0.203084 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:51.381519 0.070788 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:51.433738 0.349080 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:17:51.770728 0.669060 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 1963 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:21:48.216546 3.000948 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 12:21:55.223417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:22:03.229106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:22:19.227848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:22:51.233747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:28:55.239796 3.001986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 12:29:02.248737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:29:10.248804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:29:26.251611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:29:58.257845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:36:02.265440 3.001975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 12:36:09.271324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:36:17.272913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:36:33.275885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:37:05.291968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:43:09.296020 2.996430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 12:43:16.297092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:43:24.297062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:43:40.299700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:44:12.305682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:47:13.286585 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 12:47:13.286728 0.505837 tcp 10.0.2.109 64752 -> 176.73.169.112 1959 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/01/27 12:47:59.854661 0.199333 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:00.046614 0.173472 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:00.215726 0.114663 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:00.306851 0.335605 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:00.642509 0.443006 udp 10.0.2.109 3683 <-> 59.115.36.113 2346 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:01.044257 0.079015 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:01.124043 0.079477 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:01.186540 0.172476 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:01.337063 0.143262 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:01.481966 0.166625 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2576 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:01.650902 0.166963 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:01.811276 0.083235 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:01.870749 0.297582 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:02.183459 0.096536 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:02.245122 0.111752 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:02.358329 0.115079 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:02.440540 0.127904 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:02.528952 0.183550 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:02.711987 0.198010 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:02.902757 0.150731 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:03.061892 0.166502 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:03.205935 0.313259 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:03.527484 0.208675 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:03.698394 0.151214 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:03.845248 0.056299 rtp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:03.919646 0.205311 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:04.090529 0.065450 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:04.139102 0.347168 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:04.466469 0.240156 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/01/27 12:48:04.568981 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 12:51:31.319551 3.001487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 12:51:38.326724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:51:46.329070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:52:02.331560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:52:34.337674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:59:03.352280 3.004045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 12:59:10.358538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:59:18.358776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 12:59:34.362529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:00:06.367464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:06:10.372716 3.002403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 13:06:17.380852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:06:25.382159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:06:41.384880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:07:13.392343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:13:21.404051 3.000706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 13:13:28.410771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:13:36.412116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:13:52.415487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:14:24.420522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:17:13.795097 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 13:17:13.795243 0.624504 tcp 10.0.2.109 64753 -> 176.73.169.112 1959 FSPA* 0 0 15 1613 flow=From-Botnet-V1-TCP-Established 1970/01/27 13:18:27.420232 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 13:18:27.420436 0.102472 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:27.499847 0.329286 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:27.833670 0.199356 rtp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:28.025736 0.164392 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:28.349298 0.000000 udp 10.0.2.109 3683 -> 59.115.36.113 2346 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 13:18:46.469882 0.067215 tcp 10.0.2.109 64754 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 13:18:46.537420 0.066294 tcp 10.0.2.109 64755 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 13:18:46.603996 0.236323 tcp 10.0.2.109 64756 -> 195.113.214.211 443 SRPA* 0 0 81 88683 flow=From-Botnet-V1-TCP-Established 1970/01/27 13:18:46.840804 0.075883 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:46.902884 0.082552 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:46.967930 0.175625 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:47.192393 0.142639 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 1957 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:47.362831 0.166817 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:47.598799 0.166485 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:47.884613 0.083591 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:47.941208 0.305397 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:48.602123 0.092448 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:48.662846 0.124112 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:48.827302 0.109173 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:48.904096 0.124395 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:49.113161 0.184126 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:49.296734 0.187050 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2595 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:49.475885 0.156579 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:49.779088 0.179091 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:49.937784 0.305595 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:50.269986 0.201624 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:50.499840 0.144154 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:50.639864 0.047056 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:50.838504 0.344379 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:51.162658 0.162517 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:51.315444 0.208578 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:18:51.510781 0.071486 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:20:32.444299 2.993951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 13:20:39.447740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:20:47.441884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:21:03.444904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:21:35.450253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:27:39.456812 3.001937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 13:27:46.464577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:27:54.469224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:28:10.469318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:28:42.475010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:34:46.481634 3.000349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 13:34:53.488429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:35:01.492956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:35:17.492728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:35:49.498248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:41:53.505630 3.004770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 13:42:00.511712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:42:08.513667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:42:24.516862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:42:56.522710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:47:14.424017 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 13:47:14.424251 0.454009 tcp 10.0.2.109 64757 -> 176.73.169.112 1959 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/01/27 13:49:00.529720 3.001024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 13:49:07.536268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:49:15.537437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:49:19.054725 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 13:49:19.054910 0.366202 udp 10.0.2.109 3683 -> 59.115.36.113 2346 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 13:49:19.421112 0.000000 icmp 59.115.36.113 0x0303 -> 10.0.2.109 0x2a09 URP 192 1 302 flow=Background 1970/01/27 13:49:31.540891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:49:35.960862 0.067897 tcp 10.0.2.109 64758 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 13:49:36.029183 0.066537 tcp 10.0.2.109 64759 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 13:49:36.096080 0.164161 tcp 10.0.2.109 64760 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/27 13:49:36.260743 0.109309 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:36.349455 0.334191 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:36.699722 0.200228 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:36.892716 0.165109 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:37.082403 0.072747 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:37.140901 0.077834 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:37.204381 0.164405 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:37.346110 0.135783 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:37.501606 0.198010 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:37.702636 0.167269 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:37.864692 0.083871 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:37.921033 0.312756 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 1996 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:38.234356 0.097926 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:38.296325 0.111861 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:38.450647 0.115114 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:38.529294 0.192459 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:38.713655 0.157022 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:38.917657 0.181138 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:39.077817 0.125989 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:39.162958 0.181008 rtp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:39.344579 0.312951 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:39.656177 0.199402 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:39.861048 0.155953 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:40.007683 0.050795 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:40.080620 0.224968 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:40.271195 0.071497 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:40.327763 0.376283 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:49:40.685824 0.158902 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/27 13:50:03.549207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:56:07.552293 3.002466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 13:56:14.560436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:56:22.564637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:56:38.564846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 13:57:10.570655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:03:14.576616 3.001410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 14:03:21.584238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:03:29.585642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:03:45.588905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:04:17.594602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:10:21.600502 3.002077 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 14:10:28.608795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:10:36.613673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:10:52.612798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:11:24.618787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:17:14.882782 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 14:17:14.882880 0.532470 tcp 10.0.2.109 64761 -> 176.73.169.112 1959 FSPA* 0 0 14 1629 flow=From-Botnet-V1-TCP-Established 1970/01/27 14:17:30.627336 3.001840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 14:17:37.635332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:17:45.640366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:18:01.639391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:18:33.649208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:19:55.203169 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 14:19:55.203371 0.199002 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:55.394702 0.108742 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:55.629880 0.327750 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:56.090807 0.170332 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:56.342589 0.080327 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:56.407053 0.079919 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:56.567110 0.172408 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:56.716024 0.142875 rtp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:56.978772 0.178203 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:57.178264 0.167416 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:57.339927 0.086650 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:57.590282 0.301583 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:58.010832 0.096385 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:58.073710 0.111703 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:58.228880 0.106900 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:58.302901 0.191809 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:58.565800 0.150642 rtp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:58.715976 0.183839 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:59.025874 0.314742 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:59.413486 0.207377 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:59.753480 0.165562 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:59.899680 0.123358 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:19:59.985638 0.143856 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:20:00.289033 0.048694 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:20:00.369844 0.205422 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:20:00.701896 0.066504 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:20:00.895838 0.342479 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:20:01.219324 0.165593 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:24:37.651782 3.001176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 14:24:44.659026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:24:52.660499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:25:08.664790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:25:40.669374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:31:44.674913 3.002375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 14:31:51.700464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:31:59.694532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:32:15.697154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:32:47.703151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:38:51.709462 3.003118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 14:38:58.716750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:39:06.718413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:39:22.721238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:39:54.727477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:45:58.733196 3.004082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 14:46:05.740987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:46:13.745266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:46:29.745408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:47:01.755063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:47:15.421487 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 14:47:15.421575 0.437748 tcp 10.0.2.109 64762 -> 176.73.169.112 1959 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/01/27 14:50:08.863379 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 14:50:08.863598 0.200629 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:09.056561 0.114264 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:09.148200 0.341287 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:09.522740 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 14:50:26.517770 0.066823 tcp 10.0.2.109 64763 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 14:50:26.584869 0.067941 tcp 10.0.2.109 64764 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 14:50:26.653056 0.159292 tcp 10.0.2.109 64765 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/27 14:50:26.812849 0.070372 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:26.870820 0.077840 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:26.933376 0.177888 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:27.086635 0.129446 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:27.235444 0.082877 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:27.290509 0.303941 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:27.604216 0.170176 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:27.775735 0.211054 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:27.982940 0.095901 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:28.044562 0.111664 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:28.165990 0.109818 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:28.243845 0.184633 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:28.421648 0.142600 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:28.576975 0.214483 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:28.754267 0.182249 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:28.916109 0.314571 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:29.229254 0.200425 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:29.380521 0.125386 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:29.467455 0.153613 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:29.613433 0.049176 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:29.674444 0.227136 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:29.866306 0.069267 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:29.918646 0.340272 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:50:30.239967 0.192442 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/01/27 14:53:05.758530 3.000388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 14:53:12.765430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:53:20.771440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:53:36.769274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 14:54:08.775579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:00:12.781273 3.001814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 15:00:19.788852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:00:27.790463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:00:43.793183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:01:15.799261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:07:19.805587 3.001696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 15:07:26.812505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:07:34.814059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:07:50.817167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:08:22.823246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:14:30.835202 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 15:14:37.846896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:14:45.843847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:15:01.851596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:15:33.853205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:17:15.860320 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 15:17:15.860465 0.442348 tcp 10.0.2.109 64766 -> 176.73.169.112 1959 FSPA* 0 0 14 1704 flow=From-Botnet-V1-TCP-Established 1970/01/27 15:20:32.542687 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 15:20:32.542875 0.164223 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:32.730831 0.201803 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:32.924051 0.108774 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:33.012096 0.337335 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:33.413497 0.072804 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:33.473192 0.081373 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:33.675723 0.084957 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:33.734380 0.303931 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:34.051820 0.198060 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:34.276164 0.162462 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:34.415639 0.137295 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:34.624160 0.169767 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:34.786030 0.090663 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:34.904871 0.111753 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:35.018140 0.105707 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:35.088756 0.185948 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:35.266824 0.179713 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:35.425557 0.304971 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:35.729382 0.143720 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:35.871368 0.186293 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:36.098267 0.196436 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:36.357927 0.126084 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:36.444637 0.145590 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:36.582280 0.048806 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:36.735481 0.224648 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:36.924795 0.069926 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:36.979194 0.399272 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:20:37.358768 0.194358 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:21:37.859427 3.001384 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 15:21:44.866647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:21:52.872906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:22:08.884788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:22:40.880028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:28:44.883952 3.001018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 15:28:51.891467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:28:59.891881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:29:15.895007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:29:47.900942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:35:51.907912 3.000507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 15:35:58.914260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:36:06.915978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:36:22.918744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:36:54.925078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:42:58.931863 3.000651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 15:43:05.938656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:43:13.939861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:43:29.946727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:44:01.949008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:47:16.308786 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 15:47:16.308971 0.443556 tcp 10.0.2.109 64767 -> 176.73.169.112 1959 FSPA* 0 0 15 1627 flow=From-Botnet-V1-TCP-Established 1970/01/27 15:50:54.362107 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 15:50:54.362226 0.164710 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:54.539018 0.197725 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:54.729243 0.096189 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:54.801304 0.335195 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:55.145046 0.075393 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:55.205783 0.079074 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:55.269926 0.083874 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:55.326664 0.160942 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:55.464777 0.135640 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2012 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:55.601834 0.164863 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:55.761875 0.098908 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:55.826445 0.316988 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:56.152566 0.201467 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:56.355504 0.111767 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:56.468658 0.110274 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:56.545319 0.185604 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:56.723818 0.168544 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:56.870622 0.306531 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:57.205669 0.143162 rtp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:57.405773 0.182671 rtp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:57.583417 0.200644 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:57.788613 0.124525 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:57.875478 0.155826 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:58.027290 0.049073 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:58.078521 0.221049 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:58.262503 0.192315 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:58.447181 0.068295 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:50:58.495479 0.341572 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/01/27 15:51:20.962532 3.003649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 15:51:27.973085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:51:35.971604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:51:51.974613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:52:23.981242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:58:51.992088 3.001193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 15:58:58.998757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:59:07.000542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:59:23.003076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 15:59:55.009036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:05:59.015403 3.001315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 16:06:06.022816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:06:14.024075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:06:30.027173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:07:02.033445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:13:11.046268 3.012151 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 16:13:18.060199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:13:26.055074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:13:42.058600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:14:14.064177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:17:16.759780 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 16:17:16.759927 3.005868 tcp 10.0.2.109 64768 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:17:25.759957 0.000000 tcp 10.0.2.109 64768 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:17:31.763980 0.066009 tcp 10.0.2.109 64769 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:17:31.830428 0.064556 tcp 10.0.2.109 64770 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:17:31.895219 0.156501 tcp 10.0.2.109 64771 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:17:32.102044 3.001126 tcp 10.0.2.109 64772 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:17:41.101682 0.000000 tcp 10.0.2.109 64772 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:17:47.105101 0.064171 tcp 10.0.2.109 64773 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:17:47.169556 0.063117 tcp 10.0.2.109 64774 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:17:47.232991 0.154822 tcp 10.0.2.109 64775 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:17:47.672476 2.986464 tcp 10.0.2.109 64776 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:17:56.654622 0.000000 tcp 10.0.2.109 64776 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:18:02.653589 2.993247 tcp 10.0.2.109 64777 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:18:11.646020 0.000000 tcp 10.0.2.109 64777 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:20:22.076108 3.001713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 16:20:29.083368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:20:37.084921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:20:53.088048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:21:07.569142 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 16:21:07.569302 0.163382 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:07.772039 0.199909 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2597 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:07.964173 0.099820 rtp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:08.041546 0.353334 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:08.402935 0.072074 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:08.459327 0.080075 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:08.537880 0.081550 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:08.594275 0.166428 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:08.755645 0.091911 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:08.851527 0.172447 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:09.001835 0.135817 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:09.235857 0.303656 rtp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:09.566888 0.198113 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:09.764225 0.099417 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:09.937813 0.115450 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:10.017412 0.197954 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:10.207349 0.149459 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:10.356151 0.182722 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:10.517667 0.306444 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:10.830896 0.184210 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:11.074003 0.201373 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:11.304541 0.125937 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2588 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:11.389294 0.145991 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:11.527379 0.046591 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:11.639550 0.066339 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:11.689974 0.204016 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:11.859545 0.191691 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:12.042970 0.367393 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:21:25.094088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:23:17.656288 0.000202 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 16:23:17.656594 3.003446 tcp 10.0.2.109 64778 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:23:26.659035 0.000000 tcp 10.0.2.109 64778 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:23:32.664008 0.068267 tcp 10.0.2.109 64779 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:23:32.732527 0.062614 tcp 10.0.2.109 64780 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:23:32.795379 0.156633 tcp 10.0.2.109 64781 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:23:32.975127 2.997292 tcp 10.0.2.109 64782 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:23:41.970876 0.000000 tcp 10.0.2.109 64782 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:23:47.959939 0.061918 tcp 10.0.2.109 64783 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:23:48.022112 0.062513 tcp 10.0.2.109 64784 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:23:48.084895 0.153927 tcp 10.0.2.109 64785 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:23:48.249645 3.004418 tcp 10.0.2.109 64786 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:23:57.262799 0.000000 tcp 10.0.2.109 64786 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:24:03.251408 2.994938 tcp 10.0.2.109 64787 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:24:12.244436 0.000000 tcp 10.0.2.109 64787 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:27:29.100181 3.001801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 16:27:36.107352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:27:44.108959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:28:00.111836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:28:32.118208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:29:18.254926 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 16:29:18.255073 3.003613 tcp 10.0.2.109 64788 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:29:27.257419 0.000000 tcp 10.0.2.109 64788 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:29:33.257725 0.065187 tcp 10.0.2.109 64789 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:29:33.323226 0.065658 tcp 10.0.2.109 64790 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:29:33.389190 0.160404 tcp 10.0.2.109 64791 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:29:33.600261 3.000223 tcp 10.0.2.109 64792 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:29:42.599413 0.000000 tcp 10.0.2.109 64792 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:29:48.598584 0.063789 tcp 10.0.2.109 64793 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:29:48.662628 0.063820 tcp 10.0.2.109 64794 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:29:48.726718 0.153489 tcp 10.0.2.109 64795 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:29:48.902237 3.000393 tcp 10.0.2.109 64796 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:29:57.901145 0.000000 tcp 10.0.2.109 64796 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:30:03.899984 3.004324 tcp 10.0.2.109 64797 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:30:12.915018 0.000000 tcp 10.0.2.109 64797 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:34:36.124522 3.001436 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 16:34:43.131372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:34:51.133151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:35:07.139387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:35:18.903158 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 16:35:18.903245 2.993684 tcp 10.0.2.109 64798 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:35:27.895617 0.000000 tcp 10.0.2.109 64798 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:35:33.905874 0.068456 tcp 10.0.2.109 64799 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:35:33.974594 0.063345 tcp 10.0.2.109 64800 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:35:34.038428 0.152605 tcp 10.0.2.109 64801 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:35:34.242945 2.996223 tcp 10.0.2.109 64802 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:35:39.141912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:35:43.237690 0.000000 tcp 10.0.2.109 64802 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:35:49.238029 0.061632 tcp 10.0.2.109 64803 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:35:49.299941 0.064467 tcp 10.0.2.109 64804 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:35:49.364720 0.150355 tcp 10.0.2.109 64805 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:35:49.678005 3.003538 tcp 10.0.2.109 64806 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:35:58.688415 0.000000 tcp 10.0.2.109 64806 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:36:04.678898 3.005978 tcp 10.0.2.109 64807 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:36:13.681308 0.000000 tcp 10.0.2.109 64807 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:41:19.682480 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 16:41:19.682670 2.993804 tcp 10.0.2.109 64808 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:41:28.674417 0.000000 tcp 10.0.2.109 64808 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:41:34.685128 0.063651 tcp 10.0.2.109 64809 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:41:34.749042 0.062656 tcp 10.0.2.109 64810 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:41:34.811971 0.156608 tcp 10.0.2.109 64811 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:41:34.977855 2.999814 tcp 10.0.2.109 64812 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:41:43.148306 3.001225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 16:41:43.976643 0.000000 tcp 10.0.2.109 64812 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:41:49.975706 0.063119 tcp 10.0.2.109 64813 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:41:50.039054 0.066111 tcp 10.0.2.109 64814 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:41:50.105424 0.158328 tcp 10.0.2.109 64815 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:41:50.155677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:41:50.274368 3.008519 tcp 10.0.2.109 64816 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:41:58.156993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:41:59.278671 0.000000 tcp 10.0.2.109 64816 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:42:05.267500 3.005526 tcp 10.0.2.109 64817 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:42:14.160121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:42:14.270532 0.000000 tcp 10.0.2.109 64817 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:42:46.166151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:48:50.174293 3.002923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 16:48:57.179217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:49:05.180843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:49:21.183741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:49:53.191016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:51:30.179462 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 16:51:30.179645 0.166376 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:30.341540 0.200241 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:30.534727 0.095555 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:30.607557 0.334821 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:30.950381 0.074468 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:31.010281 0.077889 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:31.071332 0.083191 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:31.128789 0.166703 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:31.289677 0.095435 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:31.350571 0.302103 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:31.654230 0.204735 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:31.866429 0.111638 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:31.990381 0.190370 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:32.156292 0.128724 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:32.322679 0.103108 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:32.392925 0.195896 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:32.581504 0.152483 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:32.733568 0.178648 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:32.891972 0.307294 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:33.200598 0.192351 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:33.393428 0.212414 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2617 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:33.610416 0.125555 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:33.699252 0.143482 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:33.838746 0.048135 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:33.888297 0.067870 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:33.937472 0.228685 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:34.128511 0.189919 udp 10.0.2.109 3683 <-> 24.208.145.212 9983 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:34.311922 0.344670 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/01/27 16:51:35.297599 3.003664 tcp 10.0.2.109 64818 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:51:44.299545 0.000000 tcp 10.0.2.109 64818 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/27 16:51:50.304702 0.068687 tcp 10.0.2.109 64819 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:51:50.373635 0.064061 tcp 10.0.2.109 64820 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:51:50.437952 0.155541 tcp 10.0.2.109 64821 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:51:50.617772 0.548516 tcp 10.0.2.109 64822 -> 176.73.175.35 3123 FSPA* 0 0 14 1582 flow=From-Botnet-V1-TCP-Established 1970/01/27 16:55:57.196248 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 16:56:04.203322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:56:12.204833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:56:28.208445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 16:57:00.213874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:03:04.219944 3.002004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 17:03:11.227622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:03:19.229075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:03:35.231575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:04:07.238037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:10:11.243914 3.001990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 17:10:18.251282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:10:26.252846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:10:42.256028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:11:14.261773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:17:20.269998 3.002370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 17:17:27.278088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:17:35.284901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:17:51.282899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:18:23.288632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:21:44.017441 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 17:21:44.017596 0.108362 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:44.103155 0.397411 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:44.502012 0.204299 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:44.698783 0.326520 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:45.059087 0.076629 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:45.119658 0.078660 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:45.182597 0.084563 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:45.285201 0.300402 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:45.597236 0.202316 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:45.806359 0.163022 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:45.961927 0.100949 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:46.025901 0.099935 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:46.167116 0.191288 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:46.335294 0.129734 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:46.474760 0.111452 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:46.552681 0.185852 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:46.731655 0.312265 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:47.045511 0.145414 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:47.190498 0.180563 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:47.347280 0.201900 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:47.574448 0.199734 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:47.778270 0.126875 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:47.868136 0.146329 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:48.006690 0.046798 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:21:48.062323 0.000000 udp 10.0.2.109 3683 -> 24.208.145.212 9983 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 17:21:51.167918 0.457254 tcp 10.0.2.109 64823 -> 176.73.175.35 3123 FSPA* 0 0 14 1655 flow=From-Botnet-V1-TCP-Established 1970/01/27 17:22:06.952263 0.064277 tcp 10.0.2.109 64824 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 17:22:07.016897 0.068465 tcp 10.0.2.109 64825 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 17:22:07.085618 0.155061 tcp 10.0.2.109 64826 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/27 17:22:07.241217 0.067658 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:22:07.291114 0.203508 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:22:07.460149 0.340456 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:24:27.294970 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 17:24:34.302232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:24:42.303531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:24:58.306822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:25:30.312347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:31:34.320298 2.999567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 17:31:41.325863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:31:49.328019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:32:05.330828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:32:37.336640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:38:41.342466 3.001646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 17:38:48.349750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:38:56.351306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:39:12.354392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:39:44.360426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:45:48.366447 3.001811 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 17:45:55.373925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:46:03.375337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:46:19.378587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:46:51.384415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:51:51.627314 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 17:51:51.627481 0.450281 tcp 10.0.2.109 64827 -> 176.73.175.35 3123 FSPA* 0 0 14 1727 flow=From-Botnet-V1-TCP-Established 1970/01/27 17:52:16.702716 0.000000 udp 10.0.2.109 3683 -> 24.208.145.212 9983 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 17:52:32.228908 0.071958 tcp 10.0.2.109 64828 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 17:52:32.301128 0.065232 tcp 10.0.2.109 64829 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 17:52:32.366607 0.151248 tcp 10.0.2.109 64830 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/27 17:52:32.518359 0.199387 rtp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:32.709978 0.096322 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:32.784116 0.322606 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:33.134643 0.075065 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:33.195587 0.078408 rtp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:33.259648 0.082141 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:33.317677 0.308276 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:33.627375 0.337581 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:33.974435 0.171106 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:34.147624 0.204005 rtp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:34.347714 0.175282 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:34.501055 0.136808 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:34.639403 0.110287 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:34.716015 0.198472 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:34.906284 0.097664 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2611 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:34.964604 0.111789 rtp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:35.085458 0.181427 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:35.245918 0.187655 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:35.449818 0.206595 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:35.661274 0.127511 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:35.749240 0.313388 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:36.061218 0.143792 rtp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:36.204724 0.153017 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:36.350261 0.048720 rtp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:36.409283 0.360323 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:36.748208 0.068885 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:36.800950 0.203128 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/01/27 17:52:55.390039 3.001981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 17:53:02.397965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:53:10.402451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:53:26.405147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 17:53:58.408729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:00:02.413722 3.003223 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 18:00:09.421798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:00:17.423304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:00:33.427797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:01:05.432413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:07:09.438985 3.001177 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 18:07:16.446213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:07:24.447252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:07:40.450205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:08:12.456215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:14:18.464703 3.002114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 18:14:25.472740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:14:33.474306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:14:49.477431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:15:21.483148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:21:25.491808 2.999011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 18:21:32.503120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:21:40.498398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:21:52.085285 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 18:21:52.085544 0.452836 tcp 10.0.2.109 64831 -> 176.73.175.35 3123 FSPA* 0 0 14 1518 flow=From-Botnet-V1-TCP-Established 1970/01/27 18:21:56.500684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:22:28.507373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:22:50.749620 0.378208 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:51.128249 0.189001 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:51.317666 0.095290 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:51.413355 0.058256 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:51.471959 0.062924 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:51.535254 0.058596 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:51.594383 0.315832 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:51.910618 0.197503 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:52.108506 0.333308 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:52.442257 0.158129 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:52.600846 0.149475 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:52.750686 0.135311 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:52.886387 0.069788 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:52.956587 0.176267 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:53.133234 0.061351 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:53.195009 0.098124 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:53.293545 0.154446 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:53.448402 0.085896 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:53.534680 0.154466 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:53.689523 0.187655 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:53.877566 0.311500 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:54.189452 0.141029 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:54.330871 0.142542 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:54.473855 0.046535 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:54.520845 0.166362 udp 10.0.2.109 3683 <-> 184.43.123.80 7362 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:54.687649 0.346115 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:55.034211 0.049124 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:22:55.566245 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 18:28:32.518871 2.996095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 18:28:39.522789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:28:47.522413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:29:03.525141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:29:35.530949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:35:39.537753 3.000844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 18:35:46.544885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:35:54.546644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:36:10.556859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:36:42.554992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:42:46.562733 2.999890 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 18:42:53.568447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:43:01.571962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:43:17.573292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:43:49.579270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:49:53.586057 3.000973 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 18:50:00.592856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:50:08.594031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:50:24.601726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:50:56.603322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:51:52.546107 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 18:51:52.546312 0.559905 tcp 10.0.2.109 64832 -> 176.73.175.35 3123 FSPA* 0 0 15 1749 flow=From-Botnet-V1-TCP-Established 1970/01/27 18:53:01.272836 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 18:53:01.273060 0.170274 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:01.443692 0.191564 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:01.635680 0.088733 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:01.724796 0.059543 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:01.784720 0.063183 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:01.848268 0.057837 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:01.906521 0.302649 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:02.209540 0.152105 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:02.362062 0.140375 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:02.502838 0.128036 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:02.631239 0.076087 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:02.707672 0.198686 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:02.906728 0.352426 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:03.259542 0.181622 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:03.441599 0.061315 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:03.503322 0.098058 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:03.601770 0.153114 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:03.755270 0.083999 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:03.839655 0.147523 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:03.987573 0.182970 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:04.170946 0.136608 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:04.307951 0.045181 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:04.353537 0.000000 udp 10.0.2.109 3683 -> 184.43.123.80 7362 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 18:53:20.551425 0.067309 tcp 10.0.2.109 64833 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 18:53:20.618943 0.067831 tcp 10.0.2.109 64834 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 18:53:20.686943 0.156659 tcp 10.0.2.109 64835 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/27 18:53:20.844124 0.304203 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:21.148703 0.148187 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:21.297361 0.321614 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:53:21.619508 0.047552 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/27 18:57:00.610336 3.000123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 18:57:07.616923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:57:15.617734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:57:31.621162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 18:58:03.626731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:04:07.633260 3.001591 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 19:04:14.640581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:04:22.641503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:04:38.644956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:05:10.651108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:11:20.664925 3.002262 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 19:11:27.672586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:11:35.674595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:11:51.677603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:12:23.683225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:18:28.690023 3.002155 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 19:18:35.703894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:18:43.699701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:18:59.702566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:19:31.709016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:21:53.113163 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 19:21:53.113248 0.462887 tcp 10.0.2.109 64836 -> 176.73.175.35 3123 FSPA* 0 0 14 1657 flow=From-Botnet-V1-TCP-Established 1970/01/27 19:23:48.879113 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 19:23:48.879319 0.000000 udp 10.0.2.109 3683 -> 184.43.123.80 7362 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 19:24:04.202486 0.064605 tcp 10.0.2.109 64837 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 19:24:04.267407 0.063543 tcp 10.0.2.109 64838 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 19:24:04.331237 0.152273 tcp 10.0.2.109 64839 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/01/27 19:24:04.484003 0.170233 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:04.654636 0.189873 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:04.844901 0.062700 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:04.907984 0.055123 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:04.963485 0.320199 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:05.284079 0.161666 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:05.446166 0.078727 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:05.525307 0.058108 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:05.583783 0.072009 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:05.656252 0.164420 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:05.821082 0.134776 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:05.956269 0.138738 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:06.095380 0.056536 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:06.152288 0.098110 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:06.250773 0.154919 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:06.406113 0.081402 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:06.487892 0.176403 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:06.664787 0.325787 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:06.990928 0.046882 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:07.038344 0.145388 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:07.184095 0.182670 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:07.367151 0.135182 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:07.502754 0.329592 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:07.832802 0.050090 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:07.883281 0.305727 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:24:08.189424 0.148101 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:25:35.714345 3.002897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/27 19:25:42.722173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:25:50.723213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:26:06.726861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:26:38.735251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:32:42.742178 2.998526 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 19:32:49.746883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:32:57.748374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:33:13.750659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:33:45.756712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:39:49.763754 3.000764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 19:39:56.770486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:40:04.781763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:40:20.784996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:40:52.791094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:46:56.796864 3.001979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 19:47:03.805413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:47:11.815875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:47:27.821581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:47:59.824868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:51:53.581039 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 19:51:53.581256 0.541083 tcp 10.0.2.109 64840 -> 176.73.175.35 3123 FSPA* 0 0 15 1746 flow=From-Botnet-V1-TCP-Established 1970/01/27 19:54:03.831413 3.001074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 19:54:10.839107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:54:18.839576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:54:34.842831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 19:54:36.876412 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 19:54:36.876561 0.061111 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:36.938115 0.056766 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:36.995286 0.167748 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:37.163431 0.189162 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:37.352972 0.298192 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:37.651600 0.160444 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:37.812455 0.075134 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:37.887961 0.061523 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:37.949871 0.077165 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:38.027407 0.164954 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:38.192775 0.142309 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:38.335479 0.140322 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:38.476223 0.060565 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:38.537177 0.110257 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:38.647856 0.155179 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:38.803406 0.084884 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:38.888678 0.188359 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:39.077419 0.335284 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:39.413116 0.046839 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:39.460357 0.146910 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:39.607621 0.191347 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:39.799355 0.151294 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:39.951034 0.333359 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:40.284840 0.053221 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:40.338521 0.311880 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:54:40.650802 0.148186 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/27 19:55:06.849186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:01:11.855780 3.002364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 20:01:18.863482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:01:26.865048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:01:42.868434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:02:14.874246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:08:24.889480 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 20:08:31.896621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:08:39.897575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:08:55.901057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:09:27.907143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:15:31.913619 3.005980 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 20:15:38.921633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:15:46.921848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:16:02.925031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:16:34.930608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:21:54.130335 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 20:21:54.130460 0.507763 tcp 10.0.2.109 64841 -> 176.73.175.35 3123 FSPA* 0 0 14 1577 flow=From-Botnet-V1-TCP-Established 1970/01/27 20:22:38.936625 3.005057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 20:22:45.949541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:22:53.945520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:23:09.948834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:23:41.954669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:25:09.951694 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 20:25:09.951837 0.173208 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:10.125416 0.187580 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:10.313399 0.061393 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:10.375162 0.058101 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:10.433605 0.289900 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:10.723904 0.160849 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:10.885110 0.084110 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:10.969619 0.059578 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:11.029527 0.078320 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:11.108251 0.163313 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:11.272019 0.134968 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:11.407372 0.139133 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:11.546817 0.060931 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:11.608171 0.110679 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:11.719245 0.151601 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:11.871235 0.081799 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:11.953457 0.181929 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:12.135793 0.353212 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:12.489373 0.043013 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:12.532719 0.143100 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:12.676230 0.182858 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:12.859546 0.136508 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:12.996429 0.392253 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:13.389063 0.048762 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:13.438235 0.313987 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:25:13.752623 0.147826 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:29:45.963516 3.053130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 20:29:53.003690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:30:00.986161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:30:16.984738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:30:48.988894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:36:52.995035 3.001343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 20:37:00.005704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:37:08.003767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:37:24.010753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:37:56.013002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:44:00.018409 3.008651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 20:44:07.028079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:44:15.028265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:44:31.033256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:45:03.037274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:51:54.639415 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 20:51:54.639506 0.511083 tcp 10.0.2.109 64842 -> 176.73.175.35 3123 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/01/27 20:52:02.052782 3.001004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 20:52:09.059080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:52:17.061169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:52:33.063987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:53:05.069904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:55:30.669385 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 20:55:30.669554 0.062366 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:30.732294 0.058911 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:30.791514 0.305020 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:31.096944 0.160492 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:31.257862 0.081549 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:31.339782 0.160843 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:31.500984 0.188931 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:31.690336 0.059067 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:31.749765 0.067986 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:31.818308 0.169196 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:31.987931 0.128157 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:32.116498 0.137713 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:32.254545 0.059207 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:32.314170 0.098022 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:32.412566 0.157903 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:32.570880 0.084015 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:32.655322 0.044898 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:32.700579 0.145171 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:32.846175 0.181616 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:33.028185 0.188524 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:33.217113 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 20:55:49.077093 0.068138 tcp 10.0.2.109 64843 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 20:55:49.145577 0.062058 tcp 10.0.2.109 64844 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 20:55:49.207868 0.157400 tcp 10.0.2.109 64845 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/27 20:55:49.365796 0.137437 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:49.503621 0.347622 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:49.851694 0.052578 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:49.904678 0.303568 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:55:50.208656 0.148434 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/27 20:59:27.083690 2.999568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 20:59:34.089068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:59:42.090604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 20:59:58.093747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:00:30.099731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:06:34.106339 3.001011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 21:06:41.113134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:06:49.114651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:07:05.117435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:07:37.123481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:13:41.130982 3.000877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 21:13:48.137343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:13:56.138853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:14:12.141844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:14:44.147638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:20:49.155356 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 21:20:56.162740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:21:04.163858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:21:20.166981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:21:52.172912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:21:55.157889 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 21:21:55.157970 0.440167 tcp 10.0.2.109 64846 -> 176.73.175.35 3123 FSPA* 0 0 14 1681 flow=From-Botnet-V1-TCP-Established 1970/01/27 21:26:14.420353 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 21:26:14.420446 0.332898 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:14.753770 0.064479 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:14.818696 0.159286 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:14.978447 0.082571 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:15.061427 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 21:26:32.207175 0.044971 tcp 10.0.2.109 64847 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 21:26:32.252390 0.044243 tcp 10.0.2.109 64848 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 21:26:32.296911 0.156475 tcp 10.0.2.109 64849 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/27 21:26:32.453922 0.189660 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:32.644013 0.063628 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:32.708067 0.056425 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:32.764892 0.305548 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:33.070885 0.077322 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:33.148655 0.135116 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:33.284217 0.138521 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:33.423233 0.058848 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:33.482506 0.110450 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:33.593340 0.156864 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:33.750593 0.091997 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:33.842959 0.044931 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:33.888475 0.167108 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:34.056028 0.144425 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:34.200856 0.183049 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:34.384316 0.183324 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:34.568030 0.051361 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:34.619797 0.137159 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:34.757360 0.390992 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:35.148799 0.313236 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:26:35.462435 0.150469 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:27:56.183770 3.002667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 21:28:03.186600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:28:11.188064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:28:27.191090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:28:59.197090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:35:03.202368 3.004473 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 21:35:10.210356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:35:18.218537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:35:34.214933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:36:06.220903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:42:10.226877 3.001970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 21:42:17.234240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:42:25.236009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:42:41.239884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:43:13.245492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:49:17.252094 3.000900 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 21:49:24.258842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:49:32.259704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:49:48.263078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:50:20.268860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:51:55.608049 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 21:51:55.608213 0.454778 tcp 10.0.2.109 64850 -> 176.73.175.35 3123 FSPA* 0 0 15 1726 flow=From-Botnet-V1-TCP-Established 1970/01/27 21:56:24.275103 3.001886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 21:56:31.282500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:56:39.284055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:56:44.652065 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 21:56:44.652174 0.162825 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:44.815428 0.066241 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:44.882024 0.351750 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:45.234412 0.160148 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:45.394996 0.072575 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:45.467985 0.061197 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:45.529566 0.188430 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:45.718398 0.063710 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:45.782480 0.291717 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:46.074621 0.078790 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:46.153817 0.142007 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:46.296188 0.141944 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:46.438538 0.064057 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:46.502977 0.110298 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:46.613713 0.158808 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:46.772934 0.088372 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:46.861740 0.045290 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:46.907420 0.175270 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:47.083174 0.144864 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:47.228447 0.187494 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:47.416308 0.187744 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:47.604450 0.051311 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:47.656038 0.142988 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:47.799454 0.154987 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:47.954809 0.338561 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:48.293792 0.303810 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/27 21:56:55.286976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 21:57:27.292919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:03:31.299998 3.000376 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 22:03:38.306113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:03:46.307647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:04:02.310737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:04:34.317495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:10:38.327562 2.997776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 22:10:45.332992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:10:53.331401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:11:09.334685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:11:41.340512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:17:45.347431 3.001042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 22:17:52.354066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:18:00.355657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:18:16.358633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:18:48.364721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:21:56.064697 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 22:21:56.064824 0.717371 tcp 10.0.2.109 64851 -> 176.73.175.35 3123 FSPA* 0 0 14 1565 flow=From-Botnet-V1-TCP-Established 1970/01/27 22:24:52.371073 3.001392 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 22:24:59.378063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:25:07.379442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:25:23.382476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:25:55.388909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:27:15.794715 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 22:27:15.794883 0.328359 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:16.123641 0.158459 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:16.282556 0.081253 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:16.364172 0.057889 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:16.422552 0.171481 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:16.594386 0.066883 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:16.661653 0.190546 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:16.852667 0.063586 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:16.916682 0.311075 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:17.228145 0.075198 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:17.303714 0.134763 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:17.438916 0.142332 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:17.581654 0.062512 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:17.644531 0.110103 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:17.755136 0.156616 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:17.912170 0.087314 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:17.999839 0.046726 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:18.046986 0.163834 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:18.211228 0.147456 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:18.359195 0.200268 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:18.559869 0.194596 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:18.754855 0.156094 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:18.911360 0.385603 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:19.297343 0.312175 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:19.609896 0.056809 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:27:19.667027 0.138302 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:31:59.394034 3.050175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 22:32:06.424389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:32:14.425164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:32:30.563372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:33:02.442685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:39:06.448725 3.001742 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 22:39:13.456611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:39:21.457503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:39:37.460594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:40:09.466759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:46:13.473574 3.001496 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 22:46:20.479968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:46:28.481593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:46:44.484772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:47:16.490728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:51:56.768962 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 22:51:56.769219 0.532052 tcp 10.0.2.109 64852 -> 176.73.175.35 3123 FSPA* 0 0 14 1568 flow=From-Botnet-V1-TCP-Established 1970/01/27 22:53:20.496983 3.001130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 22:53:27.503922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:53:35.506239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:53:51.509693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:54:23.515273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 22:57:25.707127 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 22:57:25.707223 0.586973 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:26.294613 0.055153 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:26.350177 0.169956 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:26.520506 0.066287 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:26.587207 0.188987 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:26.776555 0.055101 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:26.832013 0.334245 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:27.166686 0.152820 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:27.319929 0.301056 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:27.621420 0.069769 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:27.691549 0.127916 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:27.819885 0.141240 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:27.961543 0.060662 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:28.022638 0.110574 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:28.133572 0.157681 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:28.291663 0.087883 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:28.379985 0.045811 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:28.426179 0.351852 udp 10.0.2.109 3683 <-> 173.174.91.111 3192 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:28.778447 0.147571 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:28.926569 0.275040 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:29.202020 0.185387 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:29.387824 0.148198 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:29.536409 0.055017 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:29.591771 0.135682 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:29.727844 0.323402 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/01/27 22:57:30.051594 0.313063 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:00:27.520537 3.001500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 23:00:34.528398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:00:42.528929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:00:58.532596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:01:30.538878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:07:34.545377 3.001072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 23:07:41.551647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:07:49.552958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:08:05.556726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:08:37.562725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:14:45.574486 3.001340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 23:14:52.581652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:15:00.583191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:15:16.586618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:15:48.592140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:21:52.598687 3.000886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 23:21:57.304517 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 23:21:57.304663 0.466987 tcp 10.0.2.109 64853 -> 176.73.175.35 3123 FSPA* 0 0 14 1594 flow=From-Botnet-V1-TCP-Established 1970/01/27 23:21:59.605530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:22:07.607883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:22:23.610745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:22:55.616520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:27:37.541836 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 23:27:37.542016 0.074279 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:37.616703 0.062394 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:37.679478 0.168521 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:37.848431 0.068152 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:37.916986 0.191021 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:38.108448 0.065465 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:38.174384 0.337528 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:38.512338 0.160027 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:38.672758 0.309882 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:38.983088 0.071361 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:39.054789 0.135077 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:39.190297 0.141206 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:39.331895 0.060857 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:39.393298 0.098257 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:39.491999 0.158527 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:39.650911 0.085883 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:39.737233 0.044880 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:39.782563 0.000000 udp 10.0.2.109 3683 -> 173.174.91.111 3192 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 23:27:56.631336 0.067290 tcp 10.0.2.109 64854 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 23:27:56.698859 0.082800 tcp 10.0.2.109 64855 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 23:27:56.781942 0.147120 tcp 10.0.2.109 64856 -> 195.113.214.211 443 SRPA* 0 0 52 33042 flow=From-Botnet-V1-TCP-Established 1970/01/27 23:27:56.929530 0.145999 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:57.075922 0.141687 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:57.217973 0.053901 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:57.272230 0.137724 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:57.410399 0.323509 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:57.734344 0.313044 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:58.047756 0.190916 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:27:58.239054 0.182314 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:28:59.621968 3.002041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 23:29:06.629734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:29:14.630983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:29:30.634220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:30:02.640465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:36:06.652402 2.998592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 23:36:13.653270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:36:21.655112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:36:37.658227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:37:09.664127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:43:13.670382 3.001553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 23:43:20.677548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:43:28.679243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:43:44.682256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:44:16.687817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:51:33.699738 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 23:51:40.706652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:51:48.707864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:51:57.771515 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 23:51:57.771618 0.442473 tcp 10.0.2.109 64857 -> 176.73.175.35 3123 FSPA* 0 0 14 1498 flow=From-Botnet-V1-TCP-Established 1970/01/27 23:52:04.711122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:52:36.717198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:58:05.079616 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/27 23:58:05.079823 0.000000 udp 10.0.2.109 3683 -> 173.174.91.111 3192 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/27 23:58:22.316022 0.066716 tcp 10.0.2.109 64858 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/27 23:58:22.383005 0.067311 tcp 10.0.2.109 64859 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/27 23:58:22.450671 0.154396 tcp 10.0.2.109 64860 -> 195.113.214.211 443 SRPA* 0 0 56 38839 flow=From-Botnet-V1-TCP-Established 1970/01/27 23:58:22.624134 0.164026 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:22.788579 0.062281 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:22.851244 0.096548 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:22.948272 0.055534 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:23.004200 0.331779 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:23.336363 0.160563 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:23.497314 0.292642 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:23.790513 0.191364 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:23.982476 0.061596 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.044484 0.135471 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.180399 0.141216 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.322002 0.062215 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.384609 0.097779 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.482829 0.156303 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.639517 0.090272 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.730203 0.046374 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.776941 0.090479 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.867837 0.046050 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:24.914266 0.136860 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:25.051522 0.355353 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:25.407276 0.147721 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:25.555399 0.147941 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:25.703738 0.189385 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:25.893575 0.310325 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:58:26.204320 0.176802 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/27 23:59:05.731254 2.999501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/27 23:59:12.736896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:59:20.738408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/27 23:59:36.740826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:00:08.748103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:06:12.752566 3.002448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 00:06:19.760170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:06:27.761805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:06:43.764832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:07:15.771310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:13:19.776411 3.002250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 00:13:26.783933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:13:34.792833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:13:50.788696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:14:22.795720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:20:26.800371 3.002234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 00:20:33.810892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:20:41.809962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:20:57.812776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:21:29.818927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:21:58.220176 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 00:21:58.220326 0.451184 tcp 10.0.2.109 64861 -> 176.73.175.35 3123 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/01/28 00:27:33.825836 3.000951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 00:27:40.832388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:27:48.833864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:28:04.836840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:28:36.842981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:28:49.060676 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 00:28:49.060860 0.164682 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:49.225959 0.062683 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:49.289056 0.336782 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:49.626408 0.153041 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:49.779848 0.319962 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:50.100150 0.189242 udp 10.0.2.109 3683 <-> 108.206.10.122 7846 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:50.289782 0.067483 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:50.357626 0.073151 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:50.431194 0.065700 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:50.497306 0.134843 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:50.632528 0.138222 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:50.771227 0.062547 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:50.834259 0.110367 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:50.944987 0.738712 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:51.684071 0.087703 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:51.772192 0.045531 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:51.818182 0.071796 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:51.890452 0.053911 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:51.944858 0.136903 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:52.082222 0.148420 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:52.230968 0.180205 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:52.411565 0.312270 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:52.724243 0.354085 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:53.078722 0.149813 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:28:53.228982 0.281008 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:34:40.848621 3.015380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 00:34:47.866149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:34:55.867727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:35:11.871037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:35:43.882646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:41:47.883414 3.001345 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 00:41:54.894338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:42:02.891874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:42:18.895113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:42:50.901129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:48:54.907300 3.001339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 00:49:01.914503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:49:09.916867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:49:25.918638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:49:57.925194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:51:58.678352 0.000134 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 00:51:58.678588 0.443426 tcp 10.0.2.109 64862 -> 176.73.175.35 3123 FSPA* 0 0 14 1607 flow=From-Botnet-V1-TCP-Established 1970/01/28 00:56:01.930863 3.004933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 00:56:08.937791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:56:16.939539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:56:32.946320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:57:04.948505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 00:59:00.685536 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 00:59:00.685700 0.326557 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:01.012660 0.158602 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:01.171683 0.171215 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:01.343306 0.062139 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:01.405849 0.309386 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:01.715649 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 00:59:17.996059 0.067416 tcp 10.0.2.109 64863 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 00:59:18.063718 0.068920 tcp 10.0.2.109 64864 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 00:59:18.132900 0.175228 tcp 10.0.2.109 64865 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/01/28 00:59:18.308676 0.064037 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:18.373123 0.088074 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:18.461581 0.059904 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:18.521888 0.127873 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:18.650211 0.141008 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:18.791586 0.073462 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:18.865508 0.110439 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:18.976320 0.045777 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:19.022491 0.080091 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:19.102984 0.051484 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:19.154891 0.157993 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:19.313290 0.085896 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:19.399561 0.136369 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:19.536357 0.167609 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:19.704420 0.186077 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:19.890929 0.310883 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:20.202311 0.189004 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:20.391729 0.352436 rtcp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/28 00:59:20.744568 0.144320 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:03:08.954316 3.002064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 01:03:15.962120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:03:23.963620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:03:39.966748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:04:11.972391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:10:15.980713 2.999503 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 01:10:22.987642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:10:30.987633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:10:46.990740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:11:18.996489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:17:23.002675 3.001856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 01:17:30.009867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:17:38.011662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:17:54.015320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:18:26.020513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:21:59.127516 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:21:59.127624 0.493745 tcp 10.0.2.109 64866 -> 176.73.175.35 3123 FSPA* 0 0 14 1665 flow=From-Botnet-V1-TCP-Established 1970/01/28 01:24:30.027088 3.001774 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 01:24:37.033776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:24:45.035390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:25:01.038982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:25:33.044587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:29:43.955835 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:29:43.955980 0.000000 udp 10.0.2.109 3683 -> 108.206.10.122 7846 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:29:59.589220 0.067101 tcp 10.0.2.109 64867 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 01:29:59.656552 0.067806 tcp 10.0.2.109 64868 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 01:29:59.724668 0.219983 tcp 10.0.2.109 64869 -> 195.113.214.211 443 SRPA* 0 0 86 80649 flow=From-Botnet-V1-TCP-Established 1970/01/28 01:29:59.945527 4.308681 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1260 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:00.106304 3.582723 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 4 1122 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:00.271601 3.527005 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 4 991 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:00.332540 3.761558 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 4 1164 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:00.628630 3.954517 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 4 1107 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:00.957525 3.680480 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 4 1084 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.015885 3.757767 udp 10.0.2.109 3683 <-> 131.123.194.186 6028 CON 0 0 4 1326 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.151245 3.677264 udp 10.0.2.109 3683 <-> 86.166.144.242 6232 CON 0 0 4 1082 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.218771 3.700185 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 4 1244 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.301670 3.761375 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 4 1075 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.444852 3.678696 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 4 1087 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.513114 3.733544 udp 10.0.2.109 3683 <-> 132.177.247.107 7374 CON 0 0 4 1151 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.636080 3.658690 udp 10.0.2.109 3683 <-> 80.1.220.176 1844 CON 0 0 4 1156 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.683068 3.692719 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 4 1019 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.757228 3.659699 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1107 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.803237 3.776777 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 4 1123 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:01.959839 3.761784 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 4 1189 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:02.101766 3.803416 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1060 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:02.291778 3.694245 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 4 1096 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:02.375589 3.753892 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1130 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:02.519805 4.631229 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1239 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:02.845862 3.589430 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 4 1048 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:03.149536 3.487556 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 4 1070 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:03.362005 3.424807 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 4 1154 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:07.151795 0.000000 udp 10.0.2.109 3683 -> 62.110.3.74 5178 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:30:14.288899 0.000000 udp 10.0.2.109 3683 -> 123.201.136.114 3666 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:30:21.029089 0.000000 udp 10.0.2.109 3683 -> 2.50.41.212 7783 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:30:29.025720 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:30:34.361845 0.000000 udp 10.0.2.109 3683 -> 81.138.18.119 5149 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:30:42.161183 0.060336 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 846 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:42.293257 0.041849 udp 10.0.2.109 3683 <-> 84.130.201.7 8279 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:42.469720 0.000000 udp 10.0.2.109 3683 -> 175.145.231.57 4497 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:30:47.055977 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:30:50.945185 0.065786 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 769 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:30:51.061049 0.000000 udp 10.0.2.109 3683 -> 223.207.19.101 1034 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:30:57.303527 0.000000 udp 10.0.2.109 3683 -> 92.80.83.28 7305 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:31:03.309433 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:31:11.401183 0.000000 udp 10.0.2.109 3683 -> 61.195.130.230 3327 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:31:16.589006 0.000000 udp 10.0.2.109 3683 -> 77.10.229.221 3056 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:31:21.705995 0.000000 udp 10.0.2.109 3683 -> 86.155.56.116 7533 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:31:28.485721 0.113644 udp 10.0.2.109 3683 -> 78.14.195.79 7760 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:31:28.599365 0.000000 icmp 78.14.195.79 0x0303 -> 10.0.2.109 0x501e URP 192 1 260 flow=Background 1970/01/28 01:31:33.061988 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:31:34.794918 0.074256 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 758 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:31:34.887940 0.000000 udp 10.0.2.109 3683 -> 109.155.245.250 4764 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:31:37.050819 3.001699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 01:31:43.539053 0.000000 udp 10.0.2.109 3683 -> 77.92.231.157 4539 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:31:44.059165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:31:49.355922 0.460857 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 768 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:31:49.838745 0.000000 udp 10.0.2.109 3683 -> 172.6.250.142 9694 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:31:52.059501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:31:56.746162 0.000000 udp 10.0.2.109 3683 -> 81.149.203.14 4912 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:32:04.337510 0.107636 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:32:04.497343 0.000000 udp 10.0.2.109 3683 -> 92.27.97.176 4458 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:32:08.062624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:32:13.139863 0.000000 udp 10.0.2.109 3683 -> 94.26.56.13 2274 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:32:18.057918 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:32:19.138947 0.000000 udp 10.0.2.109 3683 -> 89.97.18.48 7366 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:32:24.646233 0.332944 udp 10.0.2.109 3683 <-> 111.250.38.53 5460 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:32:25.116739 0.000000 udp 10.0.2.109 3683 -> 223.205.185.194 4018 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:32:30.715189 0.050438 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:32:30.875507 0.384955 udp 10.0.2.109 3683 <-> 219.76.159.222 3498 CON 0 0 2 676 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:32:31.282092 0.000000 udp 10.0.2.109 3683 -> 108.225.68.92 1854 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:32:39.517907 0.000000 udp 10.0.2.109 3683 -> 92.6.46.84 9722 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:32:40.068768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:32:45.436135 0.000000 udp 10.0.2.109 3683 -> 78.141.13.60 6081 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:32:54.259411 0.000000 udp 10.0.2.109 3683 -> 182.52.93.203 9763 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:33:01.399251 0.369029 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:33:01.797593 0.000000 udp 10.0.2.109 3683 -> 84.190.85.113 5834 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:33:06.055821 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:33:09.400820 0.000000 udp 10.0.2.109 3683 -> 125.2.83.168 4368 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:33:15.119119 0.000000 udp 10.0.2.109 3683 -> 111.235.148.26 4413 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:33:21.488274 0.000000 udp 10.0.2.109 3683 -> 27.110.220.134 1024 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:33:29.790217 0.000000 udp 10.0.2.109 3683 -> 90.198.97.245 8657 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:33:37.431538 0.035655 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 815 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:33:37.491592 0.055278 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 833 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:33:37.559137 0.149576 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 714 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:33:37.748999 0.104850 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:33:37.876418 0.000000 udp 10.0.2.109 3683 -> 94.68.245.130 2306 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:33:43.820537 0.053045 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 860 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:33:43.933140 0.050470 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 754 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:33:44.022222 0.000000 udp 10.0.2.109 3683 -> 151.84.152.237 4073 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:33:49.489318 0.000000 udp 10.0.2.109 3683 -> 41.135.24.243 4364 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:33:54.065011 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:33:55.427494 0.308718 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 840 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:33:55.859945 0.000000 udp 10.0.2.109 3683 -> 91.39.93.66 9714 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:34:03.496464 0.000000 udp 10.0.2.109 3683 -> 62.31.75.6 3684 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:34:08.621342 0.000000 udp 10.0.2.109 3683 -> 80.81.0.120 9503 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:34:16.026954 0.000000 udp 10.0.2.109 3683 -> 2.157.111.104 6960 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:34:21.895059 0.000000 udp 10.0.2.109 3683 -> 81.27.123.106 4604 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:34:29.856587 0.317929 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 776 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:34:30.306813 0.061588 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 698 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:34:30.436031 0.308463 udp 10.0.2.109 3683 <-> 119.18.144.221 7283 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:34:30.814648 0.000000 udp 10.0.2.109 3683 -> 76.205.155.101 1882 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:34:36.832432 0.000000 udp 10.0.2.109 3683 -> 87.29.16.183 8761 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:34:41.577270 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:34:43.020323 0.242716 udp 10.0.2.109 3683 <-> 14.96.176.246 1405 CON 0 0 2 740 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:34:43.347137 0.000000 udp 10.0.2.109 3683 -> 87.79.156.168 4253 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:34:50.746062 0.000000 udp 10.0.2.109 3683 -> 41.72.201.86 7723 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:34:59.068783 0.000000 udp 10.0.2.109 3683 -> 67.176.212.131 7101 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:35:06.388977 0.000000 udp 10.0.2.109 3683 -> 111.250.172.209 4272 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:35:13.429603 0.215074 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 755 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:35:13.751535 0.373365 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:35:14.164693 0.300819 udp 10.0.2.109 3683 <-> 86.149.144.160 5570 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:35:14.535795 0.000000 udp 10.0.2.109 3683 -> 62.150.25.123 1527 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:35:22.242392 0.000000 udp 10.0.2.109 3683 -> 218.222.66.125 5857 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:35:27.064551 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:35:31.144819 0.000000 udp 10.0.2.109 3683 -> 95.254.205.218 6381 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:35:37.203325 0.000000 udp 10.0.2.109 3683 -> 86.144.151.175 4550 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:35:44.894824 0.000000 udp 10.0.2.109 3683 -> 115.247.213.24 1812 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:35:52.285078 0.000000 udp 10.0.2.109 3683 -> 49.248.98.39 5406 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:35:58.512702 0.000000 udp 10.0.2.109 3683 -> 95.227.147.49 3412 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:36:04.194589 0.000000 udp 10.0.2.109 3683 -> 221.188.79.38 5735 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:36:12.965043 0.074673 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:36:13.190162 0.232836 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:36:13.462282 0.000000 udp 10.0.2.109 3683 -> 81.109.147.18 3206 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:36:17.560674 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:36:21.921633 0.000000 udp 10.0.2.109 3683 -> 91.144.246.122 9079 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:36:30.900534 0.149274 udp 10.0.2.109 3683 <-> 184.144.174.128 6642 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:36:31.128179 0.000000 udp 10.0.2.109 3683 -> 85.124.198.201 8825 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:36:39.432587 0.000000 udp 10.0.2.109 3683 -> 14.97.75.151 5352 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:36:47.784929 0.000000 udp 10.0.2.109 3683 -> 153.136.176.189 8644 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:36:55.475911 0.855565 udp 10.0.2.109 3683 <-> 81.130.120.32 5196 CON 0 0 2 827 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:36:56.360293 0.000000 udp 10.0.2.109 3683 -> 113.193.10.62 8612 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:37:01.664922 0.000000 udp 10.0.2.109 3683 -> 95.235.209.180 1024 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:37:06.561080 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:37:09.255539 0.000000 udp 10.0.2.109 3683 -> 24.158.24.214 4048 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:37:18.218741 0.126934 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 735 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:37:18.356125 0.000000 udp 10.0.2.109 3683 -> 80.148.10.226 9339 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:37:25.719356 0.087075 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 668 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:37:25.831270 0.000000 udp 10.0.2.109 3683 -> 217.7.190.114 2921 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:37:34.191601 0.000000 udp 10.0.2.109 3683 -> 80.152.134.114 5897 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:37:42.043192 0.000000 udp 10.0.2.109 3683 -> 27.54.176.2 8800 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:37:48.882901 0.023783 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 800 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:37:48.919533 0.000000 udp 10.0.2.109 3683 -> 93.150.12.107 1628 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:37:53.559356 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:37:55.366136 0.000000 udp 10.0.2.109 3683 -> 117.253.203.163 2182 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:03.748499 0.142768 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 778 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:38:04.077173 0.000000 udp 10.0.2.109 3683 -> 182.52.249.196 3980 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:10.997822 0.000000 udp 10.0.2.109 3683 -> 2.121.68.59 6502 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:16.802682 0.000000 udp 10.0.2.109 3683 -> 213.165.33.47 3713 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:24.369934 0.040527 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 653 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:38:24.660866 0.000000 udp 10.0.2.109 3683 -> 71.141.85.222 2233 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:29.853068 0.000000 udp 10.0.2.109 3683 -> 116.14.190.200 8187 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:35.281029 0.115393 udp 10.0.2.109 3683 -> 176.92.23.102 4890 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:35.396422 0.000000 icmp 176.92.23.102 0x0303 -> 10.0.2.109 0x1a13 URP 192 1 158 flow=Background 1970/01/28 01:38:40.057885 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:38:42.149125 0.000000 udp 10.0.2.109 3683 -> 41.130.94.92 7871 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:44.074409 3.001950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 01:38:48.658649 0.000000 udp 10.0.2.109 3683 -> 112.149.208.212 2701 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:51.084105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:38:54.559439 0.305255 udp 10.0.2.109 3683 <-> 117.194.244.169 6423 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:38:54.905184 0.512711 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 670 flow=From-Botnet-V1-UDP-Established 1970/01/28 01:38:55.434912 0.000000 udp 10.0.2.109 3683 -> 108.90.104.87 5412 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:38:59.083562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:39:00.755892 0.000000 udp 10.0.2.109 3683 -> 151.50.124.11 7149 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:39:08.366749 0.000000 udp 10.0.2.109 3683 -> 209.163.164.194 9886 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:39:15.086581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:39:15.937748 0.000000 udp 10.0.2.109 3683 -> 79.210.1.71 5459 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:39:23.699438 0.000000 udp 10.0.2.109 3683 -> 94.89.214.74 5451 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:39:28.555649 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:39:30.679585 0.000000 udp 10.0.2.109 3683 -> 24.182.84.106 4253 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:39:37.759312 0.000000 udp 10.0.2.109 3683 -> 217.71.243.180 9165 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:39:46.031795 0.000000 udp 10.0.2.109 3683 -> 122.53.69.19 9219 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:39:47.092762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:39:55.004057 0.000000 udp 10.0.2.109 3683 -> 75.252.103.180 9384 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:40:03.025636 0.000000 udp 10.0.2.109 3683 -> 83.161.65.132 4509 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:40:09.564888 0.000000 udp 10.0.2.109 3683 -> 2.229.113.197 2554 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 01:40:14.561803 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:45:51.098244 3.001931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 01:45:58.105720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:46:06.107405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:46:22.110380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:46:54.116688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:51:59.626043 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 01:51:59.626171 0.474444 tcp 10.0.2.109 64870 -> 176.73.175.35 3123 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/01/28 01:52:58.123746 3.000229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 01:53:05.129865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:53:13.131506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:53:29.134957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 01:54:01.140665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:00:05.146970 3.001128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 02:00:12.153904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:00:20.155297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:00:36.158394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:01:08.164720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:07:12.170148 3.002412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 02:07:19.177556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:07:27.179465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:07:43.182737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:08:15.188501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:10:18.405212 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 02:10:18.405341 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:10:36.393276 0.067547 tcp 10.0.2.109 64871 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:10:36.461051 0.068075 tcp 10.0.2.109 64872 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:10:36.529455 0.147492 tcp 10.0.2.109 64873 -> 195.113.214.211 443 SRPA* 0 0 53 39567 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:10:36.677470 0.057164 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:36.734996 0.062511 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:36.797920 0.158805 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:36.957142 0.141489 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:37.099106 0.140586 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:37.240107 0.049519 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:37.290034 0.068272 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:37.358714 0.115720 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:37.474794 0.135327 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:37.610552 0.306812 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:37.917829 0.180825 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:38.099088 0.186321 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:38.285770 0.342125 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:38.628291 0.144991 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:38.773678 0.046012 udp 10.0.2.109 3683 <-> 84.130.201.7 8279 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:38.820095 0.058642 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:38.879148 0.056526 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:38.936094 0.074570 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:39.011059 0.480725 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:39.492191 0.176621 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:39.669189 0.343461 udp 10.0.2.109 3683 <-> 111.250.38.53 5460 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:40.013052 0.051873 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:40.065304 0.380962 udp 10.0.2.109 3683 <-> 219.76.159.222 3498 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:40.446677 0.373430 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:40.820489 0.129478 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:40.950511 0.055734 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:41.006626 0.044046 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:41.051060 0.116994 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:41.168534 0.047311 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:41.216260 0.053588 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:41.270512 0.185464 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:41.456391 0.195564 udp 10.0.2.109 3683 <-> 119.18.144.221 7283 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:41.652379 0.186759 udp 10.0.2.109 3683 <-> 27.96.86.6 7537 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:41.839612 0.058878 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:41.898938 0.229348 udp 10.0.2.109 3683 <-> 14.96.176.246 1405 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:42.128759 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:10:58.155332 0.069436 tcp 10.0.2.109 64874 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:10:58.225064 0.068945 tcp 10.0.2.109 64875 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:10:58.294323 0.171165 tcp 10.0.2.109 64876 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:10:58.466131 0.359101 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:58.825609 0.172797 udp 10.0.2.109 3683 <-> 86.149.144.160 5570 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:58.998787 0.077538 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:10:59.076691 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:11:14.947396 0.066513 tcp 10.0.2.109 64877 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:11:15.014254 0.068730 tcp 10.0.2.109 64878 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:11:15.083279 0.170200 tcp 10.0.2.109 64879 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:11:15.253695 0.137046 udp 10.0.2.109 3683 <-> 184.144.174.128 6642 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:11:15.391169 0.000000 udp 10.0.2.109 3683 -> 81.130.120.32 5196 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:11:32.242801 0.066489 tcp 10.0.2.109 64880 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:11:32.309571 0.067099 tcp 10.0.2.109 64881 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:11:32.376927 0.169492 tcp 10.0.2.109 64882 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:11:32.547345 0.073677 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:11:32.621403 0.086572 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:11:32.708372 0.023139 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:11:32.731860 0.080019 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:11:32.812252 0.040132 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:11:32.852770 0.000000 udp 10.0.2.109 3683 -> 117.194.244.169 6423 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:11:48.126519 0.071718 tcp 10.0.2.109 64883 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:11:48.198617 0.068503 tcp 10.0.2.109 64884 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:11:48.267397 0.170538 tcp 10.0.2.109 64885 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:11:48.438602 0.545459 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:14:19.194808 3.001147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 02:14:26.201923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:14:34.203075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:14:50.206072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:15:22.212505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:21:26.218166 3.001654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 02:21:33.225860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:21:41.227122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:21:57.230079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:22:00.104964 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 02:22:00.105088 0.596287 tcp 10.0.2.109 64886 -> 176.73.175.35 3123 FSPA* 0 0 14 1639 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:22:29.236187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:28:33.242272 3.003176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 02:28:40.249898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:28:48.251434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:29:04.259283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:29:36.260540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:35:40.266348 3.043908 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 02:35:47.287900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:35:55.285135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:36:11.288796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:36:43.303266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:42:18.917204 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 02:42:18.917321 0.160809 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:42:19.078477 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:42:36.964464 0.067968 tcp 10.0.2.109 64887 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:42:37.032727 0.068868 tcp 10.0.2.109 64888 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:42:37.101928 0.169929 tcp 10.0.2.109 64889 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:42:37.272034 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:42:47.302592 2.999295 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 02:42:52.898702 0.069931 tcp 10.0.2.109 64890 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:42:52.968982 0.067835 tcp 10.0.2.109 64891 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:42:53.037085 0.161525 tcp 10.0.2.109 64892 -> 195.113.214.211 443 SRPA* 0 0 41 32834 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:42:53.199326 0.000000 udp 10.0.2.109 3683 -> 81.130.120.32 5196 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:42:54.308114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:43:02.309025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:43:12.023701 0.067378 tcp 10.0.2.109 64893 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:43:12.091410 0.068706 tcp 10.0.2.109 64894 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:43:12.160340 0.169863 tcp 10.0.2.109 64895 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:43:12.330664 0.000000 udp 10.0.2.109 3683 -> 117.194.244.169 6423 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:43:18.312658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:43:29.829735 0.066384 tcp 10.0.2.109 64896 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:43:29.896377 0.068036 tcp 10.0.2.109 64897 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:43:29.964799 0.165131 tcp 10.0.2.109 64898 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:43:30.130499 0.064608 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:30.195452 0.058271 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:30.254092 0.070109 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:30.324593 0.088237 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:30.413210 0.137427 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:30.551005 0.141757 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:30.693203 0.160008 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:30.853682 0.050924 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:30.905018 0.141889 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:31.047268 0.186863 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:31.234529 0.307734 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:31.542683 0.147976 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:31.691071 0.185859 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:31.877372 0.375279 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:32.253061 0.000000 udp 10.0.2.109 3683 -> 81.149.254.99 3135 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:43:48.947174 0.066853 tcp 10.0.2.109 64899 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:43:49.014422 0.068991 tcp 10.0.2.109 64900 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:43:49.083688 0.170133 tcp 10.0.2.109 64901 -> 195.113.214.211 443 SRPA* 0 0 38 31800 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:43:49.254691 0.058444 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:49.313495 0.058286 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:49.372195 0.040603 udp 10.0.2.109 3683 <-> 84.130.201.7 8279 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:49.413156 0.471678 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:49.885287 0.072490 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:49.958206 0.050295 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:43:50.008935 0.000000 udp 10.0.2.109 3683 -> 219.76.159.222 3498 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:43:50.318136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:44:08.605367 0.068382 tcp 10.0.2.109 64902 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:44:08.674007 0.067360 tcp 10.0.2.109 64903 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:44:08.741671 0.172141 tcp 10.0.2.109 64904 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:44:08.914369 0.000000 udp 10.0.2.109 3683 -> 111.250.38.53 5460 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:44:25.429598 0.066652 tcp 10.0.2.109 64905 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:44:25.496493 0.068126 tcp 10.0.2.109 64906 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:44:25.564915 0.166777 tcp 10.0.2.109 64907 -> 195.113.214.211 443 SRPA* 0 0 34 17906 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:44:25.732217 0.042181 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:25.774799 0.035383 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:25.810482 0.183326 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:25.994294 0.199354 udp 10.0.2.109 3683 <-> 119.18.144.221 7283 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:26.194019 0.092306 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:26.286698 0.128613 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:26.415694 0.052918 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:26.468997 0.106169 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:26.575550 0.370248 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:26.946387 0.056447 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:27.003254 0.000000 udp 10.0.2.109 3683 -> 27.96.86.6 7537 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 02:44:45.019507 0.066503 tcp 10.0.2.109 64908 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:44:45.086299 0.066763 tcp 10.0.2.109 64909 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:44:45.153315 0.172476 tcp 10.0.2.109 64910 -> 195.113.214.211 443 SRPA* 0 0 40 31908 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:44:45.326321 0.212744 udp 10.0.2.109 3683 <-> 14.96.176.246 1405 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:45.539550 0.171938 udp 10.0.2.109 3683 <-> 86.149.144.160 5570 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:45.711910 0.072158 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:45.784442 0.355893 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:46.140726 0.147562 udp 10.0.2.109 3683 <-> 184.144.174.128 6642 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:46.288679 0.024805 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:46.313811 0.138890 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:46.453065 0.086863 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:46.540343 0.076957 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:46.617732 0.040126 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:44:46.658315 0.959217 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/28 02:49:54.323429 3.002564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 02:50:01.331387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:50:09.332749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:50:25.336420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:50:57.344206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:52:00.704275 0.000203 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 02:52:00.704660 0.570325 tcp 10.0.2.109 64911 -> 176.73.175.35 3123 FSPA* 0 0 16 1785 flow=From-Botnet-V1-TCP-Established 1970/01/28 02:57:01.348664 3.001129 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 02:57:08.355450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:57:16.357797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:57:32.359821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 02:58:04.365975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:04:08.371195 3.002494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 03:04:15.379398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:04:23.380932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:04:39.383869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:05:11.390080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:11:15.395635 3.002203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 03:11:22.403530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:11:30.404993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:11:46.408087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:12:18.429870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:15:14.929397 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 03:15:14.929526 0.061466 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:15:14.991444 0.000000 udp 10.0.2.109 3683 -> 111.250.38.53 5460 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:15:33.226460 0.102353 tcp 10.0.2.109 64912 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:15:33.329109 0.068011 tcp 10.0.2.109 64913 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:15:33.397368 0.193893 tcp 10.0.2.109 64914 -> 195.113.214.211 443 SRPA* 0 0 50 41208 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:15:33.591957 0.000000 udp 10.0.2.109 3683 -> 219.76.159.222 3498 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:15:51.651350 0.065905 tcp 10.0.2.109 64915 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:15:51.717534 0.096762 tcp 10.0.2.109 64916 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:15:51.814598 0.165787 tcp 10.0.2.109 64917 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:15:51.980901 0.000000 udp 10.0.2.109 3683 -> 27.96.86.6 7537 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:16:08.825803 0.067663 tcp 10.0.2.109 64918 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:16:08.893738 0.067499 tcp 10.0.2.109 64919 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:16:08.961523 0.151250 tcp 10.0.2.109 64920 -> 195.113.214.211 443 SRPA* 0 0 36 27215 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:16:09.113291 0.168466 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:09.282381 0.145040 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:09.427802 0.134208 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:09.562452 0.063480 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:09.626312 0.062951 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:09.689678 0.062125 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:09.752252 0.090581 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:09.843237 0.313639 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:10.157276 0.145898 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:10.303591 0.156454 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:10.460438 0.050189 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:10.510979 0.252214 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:10.763582 0.141891 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:10.905934 0.347719 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:11.254049 0.183415 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:11.437884 0.000000 udp 10.0.2.109 3683 -> 84.130.201.7 8279 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:16:29.295250 0.065590 tcp 10.0.2.109 64921 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:16:29.361111 0.066800 tcp 10.0.2.109 64922 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:16:29.428203 0.164055 tcp 10.0.2.109 64923 -> 195.113.214.211 443 SRPA* 0 0 40 22346 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:16:29.592770 0.059771 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:29.652929 0.054351 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:29.707642 0.050143 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:29.758176 0.066147 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:29.824708 0.460203 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:30.285303 0.046866 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:30.332618 0.000000 udp 10.0.2.109 3683 -> 119.18.144.221 7283 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:16:46.920854 0.067687 tcp 10.0.2.109 64924 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:16:46.988797 0.066359 tcp 10.0.2.109 64925 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:16:47.055416 0.176680 tcp 10.0.2.109 64926 -> 195.113.214.211 443 SRPA* 0 0 45 36020 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:16:47.232610 0.056157 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:47.289173 0.137444 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:47.427048 0.053855 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:47.481260 0.107075 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:47.588736 0.045106 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:47.634364 0.187637 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:47.822402 0.054824 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:47.877626 0.371563 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:16:48.249623 0.000000 udp 10.0.2.109 3683 -> 86.149.144.160 5570 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:17:04.025857 0.067546 tcp 10.0.2.109 64927 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:17:04.093663 0.067707 tcp 10.0.2.109 64928 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:17:04.161739 0.203211 tcp 10.0.2.109 64929 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:17:04.365498 0.000000 udp 10.0.2.109 3683 -> 81.134.105.115 4828 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:17:20.799603 0.065863 tcp 10.0.2.109 64930 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:17:20.865752 0.067024 tcp 10.0.2.109 64931 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:17:20.933101 0.178925 tcp 10.0.2.109 64932 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:17:21.112505 0.221459 udp 10.0.2.109 3683 <-> 14.96.176.246 1405 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:17:21.334361 0.139327 udp 10.0.2.109 3683 <-> 184.144.174.128 6642 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:17:21.474299 0.022679 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:17:21.497286 0.176469 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:17:21.674226 0.077870 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:17:21.752534 0.076893 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:17:21.829827 0.044327 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:17:21.874496 0.355271 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:17:22.230345 0.589172 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:18:22.430410 3.003090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 03:18:29.440824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:18:37.442522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:18:53.442002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:19:25.447765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:22:01.282190 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 03:22:01.282357 0.580859 tcp 10.0.2.109 64933 -> 176.73.175.35 3123 FSPA* 0 0 14 1750 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:25:29.454387 3.001195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 03:25:36.461365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:25:44.462861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:26:00.466000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:26:32.471552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:32:36.489856 3.002702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 03:32:43.485355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:32:51.487020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:33:07.489893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:33:39.496031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:39:43.508409 2.996183 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 03:39:50.509238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:39:58.519491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:40:14.514841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:40:46.519325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:46:50.525860 3.001761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 03:46:57.533025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:47:05.534839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:47:21.541523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:47:50.249411 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 03:47:50.249513 0.000000 udp 10.0.2.109 3683 -> 84.130.201.7 8279 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:47:53.543794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:48:05.943612 0.068083 tcp 10.0.2.109 64934 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:06.011933 0.067299 tcp 10.0.2.109 64935 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:06.079476 0.173102 tcp 10.0.2.109 64936 -> 195.113.214.211 443 SRPA* 0 0 36 18850 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:06.253289 0.000000 udp 10.0.2.109 3683 -> 119.18.144.221 7283 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:48:22.937136 0.066346 tcp 10.0.2.109 64937 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:23.003674 0.067158 tcp 10.0.2.109 64938 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:23.071095 0.171858 tcp 10.0.2.109 64939 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:23.243471 0.000000 udp 10.0.2.109 3683 -> 86.149.144.160 5570 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:48:41.553216 0.066341 tcp 10.0.2.109 64940 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:41.619807 0.068168 tcp 10.0.2.109 64941 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:41.688184 0.160783 tcp 10.0.2.109 64942 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:41.849505 0.068501 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:41.918446 0.000000 udp 10.0.2.109 3683 -> 81.149.254.99 3135 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 03:48:58.041006 0.066276 tcp 10.0.2.109 64943 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:58.107627 0.068013 tcp 10.0.2.109 64944 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:58.176019 0.170368 tcp 10.0.2.109 64945 -> 195.113.214.211 443 SRPA* 0 0 71 41754 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:48:58.346931 0.067821 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:58.415173 0.065482 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:58.481026 0.171863 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:58.653307 0.155210 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:58.808897 0.059452 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:58.868720 0.146384 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:59.015464 0.158743 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:59.174669 0.148403 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:59.323478 0.191973 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:59.515866 0.091348 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:59.607638 0.310364 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:59.918473 0.053126 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:48:59.971972 0.351151 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:00.323488 0.142933 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:00.466782 0.183093 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:00.650321 0.058820 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:00.709543 0.056104 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:00.766035 0.051553 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:00.817943 0.454617 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:01.272940 0.066811 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:01.340175 0.045765 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:01.386487 0.036049 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:01.422869 0.060890 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:01.484214 0.135434 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:01.620040 0.057468 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:01.677906 0.107932 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:01.786273 0.363757 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:02.150447 0.055954 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:02.206809 0.185708 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:02.392972 0.205318 udp 10.0.2.109 3683 <-> 14.96.176.246 1405 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:02.598671 0.140080 udp 10.0.2.109 3683 <-> 184.144.174.128 6642 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:02.739212 0.023067 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:02.762643 0.078621 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:02.841650 0.087160 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:02.929200 0.355731 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:03.285316 0.075955 udp 10.0.2.109 3683 <-> 86.139.122.162 2713 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:03.361601 0.040065 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:49:03.402013 0.475240 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/28 03:52:01.871682 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 03:52:01.871892 0.438493 tcp 10.0.2.109 64946 -> 176.73.175.35 3123 FSPA* 0 0 15 1761 flow=From-Botnet-V1-TCP-Established 1970/01/28 03:53:57.549896 3.001673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 03:54:04.557879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:54:12.558851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:54:28.561607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 03:55:00.567763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:01:04.574060 3.001435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 04:01:11.581445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:01:19.582863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:01:35.585616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:02:07.591926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:08:11.597861 3.001487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 04:08:18.605046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:08:26.606734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:08:42.609619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:09:14.615623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:15:18.622409 3.000694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 04:15:25.633247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:15:33.631291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:15:49.633544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:16:21.639445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:19:32.304212 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 04:19:32.304426 0.066050 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:32.370938 0.069770 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:32.441146 0.181746 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:32.623328 0.155061 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:32.778807 0.060654 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:32.839870 0.062507 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:32.902773 0.060801 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:32.963982 0.146638 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:33.240296 0.156090 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:33.396774 0.147998 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:33.545203 0.188110 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:33.733667 0.217969 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:33.951997 0.333440 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:34.285830 0.138234 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:34.424485 0.188923 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:34.613869 0.057696 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:34.671948 0.059389 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:34.731704 0.320978 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:35.053131 0.053958 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:35.107455 0.050273 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:35.158162 0.447507 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:35.606062 0.073889 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:35.680364 0.048469 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:35.729315 0.038477 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:35.768171 0.087894 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:35.856499 0.128553 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:35.985468 0.054730 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:36.040594 0.106707 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:36.147663 0.188465 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:36.336582 0.218651 udp 10.0.2.109 3683 <-> 14.96.176.246 1405 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:36.555665 0.137217 udp 10.0.2.109 3683 <-> 184.144.174.128 6642 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:36.693266 0.024089 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:36.717710 0.368639 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:37.086784 0.054549 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:37.141764 0.302187 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:37.444356 0.085840 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:37.530612 0.862352 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:38.393441 0.000000 udp 10.0.2.109 3683 -> 86.139.122.162 2713 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 04:19:56.377164 0.067983 tcp 10.0.2.109 64947 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:19:56.445425 0.066865 tcp 10.0.2.109 64948 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:19:56.512658 0.175476 tcp 10.0.2.109 64949 -> 195.113.214.211 443 SRPA* 0 0 64 41016 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:19:56.688724 0.039775 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:19:56.728880 1.218062 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:22:02.309993 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 04:22:02.310248 0.467357 tcp 10.0.2.109 64950 -> 176.73.175.35 3123 FSPA* 0 0 14 1673 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:22:25.646594 3.000987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 04:22:32.653133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:22:40.654730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:22:56.657808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:23:28.663768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:29:32.670037 3.001404 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 04:29:39.677105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:29:47.678018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:30:03.681464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:30:35.687675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:36:39.696073 2.999270 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 04:36:46.701117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:36:54.702686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:37:10.705335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:37:42.711680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:43:46.717657 3.001917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 04:43:53.725932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:44:01.728405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:44:17.729571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:44:49.735491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:50:18.029272 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 04:50:18.029503 0.000000 udp 10.0.2.109 3683 -> 86.139.122.162 2713 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 04:50:33.470717 0.067295 tcp 10.0.2.109 64951 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:50:33.538246 0.067052 tcp 10.0.2.109 64952 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:50:33.605581 0.164559 tcp 10.0.2.109 64953 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:50:33.770847 0.180776 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:33.952096 0.155063 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:34.107627 0.063918 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:34.171990 0.069910 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:34.242482 0.064455 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:34.307376 0.147577 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:34.455376 0.155217 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:34.611020 0.146305 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:34.757746 0.188906 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:34.947040 0.064180 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:35.011664 0.063068 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:35.075066 0.141230 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:35.216723 0.181224 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:35.398375 0.054568 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:35.453218 0.063862 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:35.517465 0.321332 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:35.839191 0.085514 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:35.925081 0.051298 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:35.976769 0.462027 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:36.439173 0.071043 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:36.510581 0.000000 udp 10.0.2.109 3683 -> 87.153.127.9 4545 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 04:50:53.909602 0.066137 tcp 10.0.2.109 64954 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:50:53.976027 0.070478 tcp 10.0.2.109 64955 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:50:54.046786 0.168802 tcp 10.0.2.109 64956 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:50:54.216117 0.052318 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:54.268812 0.054475 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:54.323587 0.351356 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:54.675315 0.130995 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:54.806956 0.055073 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:54.862541 0.105063 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:54.968008 0.182091 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:55.150510 0.212841 udp 10.0.2.109 3683 <-> 14.96.176.246 1405 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:55.363772 0.142050 udp 10.0.2.109 3683 <-> 184.144.174.128 6642 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:55.506450 0.022793 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:55.529804 0.056172 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:55.586361 0.074325 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:55.661108 0.054334 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:55.715911 0.468284 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:56.184560 0.233411 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:56.418460 0.358120 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:56.777014 0.044511 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:50:56.821899 0.428965 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/28 04:51:49.742183 3.001469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 04:51:56.749322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:52:02.778749 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 04:52:02.779030 0.519002 tcp 10.0.2.109 64957 -> 176.73.175.35 3123 FSPA* 0 0 15 1653 flow=From-Botnet-V1-TCP-Established 1970/01/28 04:52:04.751339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:52:20.754371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:52:52.760055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:58:56.766729 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 04:59:03.773846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:59:11.775170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:59:27.779868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 04:59:59.784061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:06:03.789826 3.002668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 05:06:10.797235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:06:18.799078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:06:34.801877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:07:06.807838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:13:11.815613 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 05:13:18.822877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:13:26.824628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:13:42.827224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:14:14.833585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:20:18.839950 3.007101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 05:20:25.847074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:20:33.850353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:20:49.851224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:21:21.857304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:21:25.682943 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 05:21:25.683041 0.047026 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:25.730464 0.066502 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:25.797353 0.182597 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:25.980345 0.126957 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:26.107695 0.144035 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:26.252156 0.156784 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:26.409422 0.145186 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:26.555014 0.072044 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:26.627804 0.056091 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:26.684331 0.061637 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:26.746387 0.186386 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:26.933205 0.141943 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:27.075532 0.177968 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:27.253974 0.055665 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:27.310101 0.063576 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:27.374079 0.055346 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:27.429860 0.084986 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:27.515350 0.391445 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:27.907188 0.050949 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:27.958605 0.074928 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:28.033991 0.469340 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:28.503843 0.037837 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:28.542018 0.130562 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:28.672995 0.053029 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:28.726431 0.052347 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:28.779161 0.373192 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:29.152751 0.113383 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:29.266585 0.187405 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:29.454563 0.000000 udp 10.0.2.109 3683 -> 14.96.176.246 1405 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 05:21:44.612315 0.068417 tcp 10.0.2.109 64958 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 05:21:44.681023 0.068542 tcp 10.0.2.109 64959 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 05:21:44.749938 0.165742 tcp 10.0.2.109 64960 -> 195.113.214.211 443 SRPA* 0 0 23 13298 flow=From-Botnet-V1-TCP-Established 1970/01/28 05:21:44.916225 0.138053 udp 10.0.2.109 3683 <-> 184.144.174.128 6642 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:45.054667 0.045908 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:45.101007 0.059658 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:45.161171 0.429114 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:45.590676 0.087272 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:45.678492 0.059094 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:45.738222 0.039909 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:45.778614 0.073022 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:45.852032 0.382560 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:21:46.235015 1.439636 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:22:03.299722 0.654611 tcp 10.0.2.109 64961 -> 176.73.175.35 3123 FSPA* 0 0 14 1602 flow=From-Botnet-V1-TCP-Established 1970/01/28 05:27:25.864279 3.000808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 05:27:32.870394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:27:40.872177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:27:56.875346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:28:28.881685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:34:32.887364 3.188256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 05:34:40.041392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:34:47.967472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:35:03.909225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:35:36.085693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:41:39.932316 3.000499 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 05:41:46.938834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:41:54.940450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:42:10.943112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:42:42.949271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:48:46.955349 3.002069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 05:48:53.962589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:49:01.964532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:49:17.967271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:49:49.973780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:52:03.956308 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 05:52:03.956500 0.518782 tcp 10.0.2.109 64962 -> 176.73.175.35 3123 FSPA* 0 0 14 1647 flow=From-Botnet-V1-TCP-Established 1970/01/28 05:52:17.545953 0.000000 udp 10.0.2.109 3683 -> 14.96.176.246 1405 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 05:52:34.914367 0.067606 tcp 10.0.2.109 64963 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 05:52:34.982218 0.068842 tcp 10.0.2.109 64964 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 05:52:35.051352 0.176338 tcp 10.0.2.109 64965 -> 195.113.214.211 443 SRPA* 0 0 41 34598 flow=From-Botnet-V1-TCP-Established 1970/01/28 05:52:35.228366 0.041808 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:35.270640 0.066658 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:35.337724 0.141146 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:35.479327 0.145906 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:35.625669 0.155211 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:35.781410 0.145007 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:35.926830 0.071442 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:35.998662 0.057834 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:36.056902 0.062367 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:36.119626 0.189123 udp 10.0.2.109 3683 <-> 223.239.158.252 7457 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:36.309160 0.181239 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:36.490850 0.139870 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:36.631153 0.055540 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:36.687036 0.065675 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:36.753068 0.124270 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:36.877714 0.336248 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:37.214395 0.054580 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:37.269397 0.189629 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:37.459385 0.451792 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:37.911639 0.036815 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:37.948837 0.131643 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:38.080875 0.055803 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:38.137071 0.049171 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:38.186559 0.069063 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:38.256002 0.050075 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:38.306453 0.327379 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:38.634496 0.110846 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:38.745733 0.187869 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:38.933940 0.135549 udp 10.0.2.109 3683 <-> 184.144.174.128 6642 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:39.069901 0.023114 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:39.093337 0.056340 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:39.150046 0.690984 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:39.841505 0.092116 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:39.934030 0.056865 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:39.991321 0.044525 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:40.036250 0.084128 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:40.120793 0.357443 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:52:40.478613 0.554676 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/28 05:55:53.979615 3.001162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 05:56:00.987024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:56:08.988573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:56:24.991187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 05:56:56.997582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:03:01.003538 3.001446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 06:03:08.010614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:03:16.012521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:03:32.015012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:04:04.021673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:10:08.028276 3.001248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 06:10:15.039592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:10:23.035947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:10:39.039017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:11:11.045742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:17:15.051413 3.001364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 06:17:22.058842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:17:30.060106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:17:46.064170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:18:18.069108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:22:04.475476 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 06:22:04.475622 0.684718 tcp 10.0.2.109 64966 -> 176.73.175.35 3123 FSPA* 0 0 14 1676 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:22:42.820015 0.126953 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:22:42.947314 0.000000 udp 10.0.2.109 3683 -> 87.153.127.9 4545 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 06:23:01.578211 0.066665 tcp 10.0.2.109 64967 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:01.645202 0.069853 tcp 10.0.2.109 64968 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:01.715331 0.163735 tcp 10.0.2.109 64969 -> 195.113.214.211 443 SRPA* 0 0 47 40458 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:01.879729 0.063975 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:01.944160 0.139309 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:02.083920 0.161467 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:02.245817 0.146349 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:02.392619 0.071687 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:02.464747 0.062532 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:02.527715 0.064720 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:02.592883 0.000000 udp 10.0.2.109 3683 -> 223.239.158.252 7457 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 06:23:19.866034 0.068218 tcp 10.0.2.109 64970 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:19.934518 0.068946 tcp 10.0.2.109 64971 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:20.003744 0.167562 tcp 10.0.2.109 64972 -> 195.113.214.211 443 SRPA* 0 0 41 24094 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:20.171942 0.177772 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:20.350124 0.144886 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:20.495457 0.060610 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:20.556465 0.066145 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:20.623056 0.056116 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:20.679654 0.185465 rtcp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:20.865518 0.110089 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:20.976075 0.347272 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:21.323744 0.437313 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:21.761507 0.057270 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:21.819130 0.135904 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:21.955453 0.058443 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:22.014449 0.050763 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:22.065584 0.325733 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:22.391719 0.107433 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:22.499530 0.049475 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:22.549425 0.075227 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:22.625032 0.180832 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:22.806427 0.000000 udp 10.0.2.109 3683 -> 184.144.174.128 6642 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 06:23:41.304666 0.069205 tcp 10.0.2.109 64973 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:41.374245 0.066343 tcp 10.0.2.109 64974 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:41.440930 0.174405 tcp 10.0.2.109 64975 -> 195.113.214.211 443 SRPA* 0 0 40 22580 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:41.615507 0.022470 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:41.638306 0.000000 udp 10.0.2.109 3683 -> 46.49.11.252 6051 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 06:23:56.746329 0.065640 tcp 10.0.2.109 64976 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:56.812299 0.067533 tcp 10.0.2.109 64977 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:56.880131 0.160452 tcp 10.0.2.109 64978 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:23:57.041092 0.055903 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:57.097368 0.044443 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:23:57.142264 0.000000 udp 10.0.2.109 3683 -> 81.149.70.189 3670 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 06:24:14.252322 0.069051 tcp 10.0.2.109 64979 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:24:14.321701 0.069099 tcp 10.0.2.109 64980 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:24:14.391148 0.170065 tcp 10.0.2.109 64981 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:24:14.561781 0.684619 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:24:15.246876 0.087943 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:24:15.335194 0.360019 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:24:15.695592 0.439487 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:24:22.076156 3.002027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 06:24:29.082627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:24:37.083819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:24:53.086892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:25:25.093157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:31:29.099190 3.001560 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 06:31:36.106763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:31:44.107925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:32:00.111043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:32:32.117216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:38:36.123334 3.001585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 06:38:43.129945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:38:51.132140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:39:07.134901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:39:39.144673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:45:43.147613 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 06:45:50.155097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:45:58.156598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:46:14.159323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:46:46.165046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:52:05.164081 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 06:52:05.164221 0.499757 tcp 10.0.2.109 64982 -> 176.73.175.35 3123 FSPA* 0 0 14 1516 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:52:50.171196 3.001660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 06:52:57.179179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:53:05.179749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:53:21.183010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:53:53.189018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 06:54:42.821007 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 06:54:42.821242 0.042512 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:54:42.864168 0.000000 udp 10.0.2.109 3683 -> 223.239.158.252 7457 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 06:55:01.379530 0.067524 tcp 10.0.2.109 64983 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:55:01.447330 0.070227 tcp 10.0.2.109 64984 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:55:01.517805 0.175997 tcp 10.0.2.109 64985 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:55:01.694385 0.000000 udp 10.0.2.109 3683 -> 184.144.174.128 6642 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 06:55:17.641022 0.070331 tcp 10.0.2.109 64986 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:55:17.711639 0.068281 tcp 10.0.2.109 64987 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:55:17.780399 0.170627 tcp 10.0.2.109 64988 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:55:17.951664 0.000000 udp 10.0.2.109 3683 -> 46.49.11.252 6051 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 06:55:36.107691 0.066771 tcp 10.0.2.109 64989 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:55:36.174718 0.067675 tcp 10.0.2.109 64990 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:55:36.242658 0.169513 tcp 10.0.2.109 64991 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/28 06:55:36.412759 0.073697 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:36.486812 0.146728 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:36.634024 0.066480 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:36.700864 0.065081 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:36.766342 0.159796 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:36.926579 0.061522 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:36.988479 0.066531 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:37.055366 0.176098 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:37.231896 0.136902 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:37.369238 0.183981 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:37.553751 0.180007 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:37.734356 0.067872 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:37.802617 0.155279 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:37.958556 0.058206 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:38.017146 0.055836 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:38.073321 0.133145 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:38.206880 0.339254 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:38.546502 0.083581 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:38.630480 0.037194 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:38.668074 0.374913 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.043400 0.057959 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.101801 0.073098 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.175305 0.185774 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.361498 0.321243 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.683138 0.052732 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.736272 0.050271 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.786970 0.111275 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.898671 0.035721 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.934785 0.056869 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:39.992086 0.059771 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:40.052281 0.358156 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:40.411170 0.669452 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:41.081051 0.105362 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:55:41.186795 0.463389 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/28 06:59:57.195079 3.001730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 07:00:04.202365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:00:12.204030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:00:28.206773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:01:00.212817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:07:07.223493 3.001468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 07:07:14.231029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:07:22.232470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:07:38.235417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:08:10.241270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:14:14.247160 3.002085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 07:14:21.254550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:14:29.256041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:14:45.259130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:15:17.275126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:21:21.280896 3.001845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 07:21:28.288506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:21:36.290017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:21:52.293378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:22:05.662618 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 07:22:05.662808 0.692585 tcp 10.0.2.109 64992 -> 176.73.175.35 3123 FSPA* 0 0 14 1570 flow=From-Botnet-V1-TCP-Established 1970/01/28 07:22:24.298863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:26:07.540275 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 07:26:07.540386 0.046478 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:07.587250 0.075321 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:07.662976 0.134015 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:07.797466 0.065009 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:07.862895 0.068761 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:07.932099 0.148786 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:08.081274 0.060093 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:08.141809 0.071041 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:08.213243 0.166520 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:08.380142 0.186434 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:08.567012 0.066665 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:08.567392 2.998392 tcp 10.0.2.109 64993 -> 142.161.36.205 3707 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 07:26:08.634320 0.142328 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:08.777059 0.154979 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:08.932439 0.190395 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:09.123243 0.058228 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:09.181883 0.063397 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:09.245711 0.132600 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:09.378667 0.386237 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:09.765309 0.087522 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:09.853275 0.053340 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:09.906969 0.067006 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:09.974418 0.035116 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:10.009897 0.445118 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:10.455435 0.201414 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:10.657275 0.321148 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:10.978834 0.059415 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:11.038591 0.048879 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:11.087770 0.614319 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:11.702504 0.022906 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:11.725828 0.357783 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:12.084034 0.056794 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:12.141194 0.044389 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:12.185945 0.678666 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:12.865047 0.097336 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:12.962765 1.099019 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:26:17.564750 0.000000 tcp 10.0.2.109 64993 -> 142.161.36.205 3707 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 07:28:28.305346 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 07:28:35.312769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:28:43.314090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:28:59.324716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:29:31.323071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:35:35.329151 3.001327 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 07:35:42.336554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:35:50.337844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:36:06.340836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:36:38.349392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:42:42.353236 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 07:42:49.360526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:42:57.361794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:43:13.365012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:43:45.371233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:49:49.377725 3.000826 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 07:49:56.384342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:50:04.385742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:50:20.389100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:50:52.394757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:52:06.361566 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 07:52:06.361675 0.548765 tcp 10.0.2.109 64994 -> 176.73.175.35 3123 FSPA* 0 0 14 1518 flow=From-Botnet-V1-TCP-Established 1970/01/28 07:56:31.915102 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 07:56:31.915268 0.134066 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:32.049781 0.067252 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:32.117440 0.060591 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:32.178580 0.000000 udp 10.0.2.109 3683 -> 87.153.127.9 4545 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 07:56:47.267450 0.068060 tcp 10.0.2.109 64995 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 07:56:47.335774 0.067733 tcp 10.0.2.109 64996 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 07:56:47.403792 0.175829 tcp 10.0.2.109 64997 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/28 07:56:47.580170 0.074253 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:47.654833 0.148486 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:47.803753 0.061238 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:47.865486 0.065832 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:47.865855 3.004617 tcp 10.0.2.109 64998 -> 86.151.165.203 1721 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 07:56:47.931704 0.160666 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:48.092757 0.180226 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:48.273350 0.063889 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:48.337629 0.140222 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:48.478291 0.145679 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:48.624398 0.186651 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:48.811424 0.058460 udp 10.0.2.109 3683 <-> 86.163.243.16 1084 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:48.870421 0.057562 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:48.928403 0.598458 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:49.527257 0.373022 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:49.900739 0.086895 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:49.987982 0.052099 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:50.040439 0.441941 udp 10.0.2.109 3683 <-> 117.203.216.216 8817 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:50.482794 0.182949 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:50.666143 0.065997 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:50.732535 0.053013 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:50.785954 0.321652 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:51.107991 0.059417 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:51.167776 0.050818 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:51.218972 0.103906 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:51.323262 0.023112 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:51.346744 0.045370 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:51.392500 0.612124 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:52.005076 0.405952 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:52.411404 0.055462 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:52.467242 0.966201 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:53.433886 0.443379 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/28 07:56:56.400461 3.001931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 07:56:56.868951 0.000000 tcp 10.0.2.109 64998 -> 86.151.165.203 1721 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 07:57:03.408576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:57:11.409622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:57:27.412945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 07:57:59.421319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:04:03.424875 3.002188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 08:04:10.432310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:04:18.433593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:04:34.436887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:05:06.442267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:11:10.449065 3.002499 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 08:11:17.455669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:11:25.457741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:11:41.460771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:12:13.471872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:18:17.473162 3.001491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 08:18:24.479627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:18:32.481655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:18:48.484906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:19:20.490940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:22:06.910496 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 08:22:06.910577 0.653603 tcp 10.0.2.109 64999 -> 176.73.175.35 3123 FSPA* 0 0 14 1699 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:25:24.497195 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 08:25:31.504647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:25:39.505745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:25:55.508824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:26:27.514800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:27:12.530029 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 08:27:12.530144 0.041452 udp 10.0.2.109 3683 <-> 87.153.127.9 4545 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:12.572067 0.064632 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:12.572509 3.000874 tcp 10.0.2.109 65000 -> 87.153.127.9 5250 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 08:27:12.637115 0.134721 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:12.772193 0.068667 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:12.841210 0.064107 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:12.905640 0.069048 udp 10.0.2.109 3683 <-> 81.134.105.115 4828 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:12.975054 0.076562 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:13.052042 0.147735 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:13.200187 0.158389 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:13.358984 0.181820 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:13.541190 0.060055 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:13.601581 0.142372 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:13.744342 0.141404 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:13.886173 0.185523 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:14.072148 0.000000 udp 10.0.2.109 3683 -> 86.163.243.16 1084 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 08:27:21.582620 0.000000 tcp 10.0.2.109 65000 -> 87.153.127.9 5250 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 08:27:32.660604 0.068931 tcp 10.0.2.109 65001 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:27:32.729830 0.070991 tcp 10.0.2.109 65002 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:27:32.801109 0.168141 tcp 10.0.2.109 65003 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:27:32.969941 0.055885 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:33.026255 0.195286 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:33.221923 0.355715 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:33.578073 0.085513 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:33.663996 0.054676 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:33.719113 0.000000 udp 10.0.2.109 3683 -> 117.203.216.216 8817 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 08:27:49.703747 0.068907 tcp 10.0.2.109 65004 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:27:49.772869 0.066913 tcp 10.0.2.109 65005 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:27:49.840057 0.167059 tcp 10.0.2.109 65006 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:27:50.007619 0.186790 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:50.194898 0.067031 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:50.195283 3.002816 tcp 10.0.2.109 65007 -> 99.146.161.155 4078 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 08:27:50.262474 0.050580 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:50.313448 0.324006 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:50.637876 0.057641 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:50.695952 0.049848 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:50.746165 0.150625 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:50.897179 0.022210 udp 10.0.2.109 3683 <-> 213.61.177.98 5943 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:50.919697 0.045288 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:50.965335 0.701894 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:51.667640 1.077405 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:52.745441 0.464360 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:53.210203 0.059440 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:53.270026 0.597385 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:27:59.196639 0.000000 tcp 10.0.2.109 65007 -> 99.146.161.155 4078 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 08:32:31.521158 3.001710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 08:32:38.529096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:32:46.530376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:33:02.532808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:33:34.538582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:39:38.543978 3.002517 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 08:39:45.552453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:39:53.553242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:40:09.556975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:40:41.562935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:46:45.568623 3.002118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 08:46:52.576590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:47:00.577582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:47:16.581202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:47:48.587109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:52:07.569535 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 08:52:07.569715 0.505061 tcp 10.0.2.109 65008 -> 176.73.175.35 3123 FSPA* 0 0 14 1634 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:53:52.592002 3.002713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 08:53:59.600104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:54:07.604942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:54:23.604777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:54:55.610723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 08:58:21.517020 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 08:58:21.517127 0.000000 udp 10.0.2.109 3683 -> 86.163.243.16 1084 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 08:58:40.255538 0.071027 tcp 10.0.2.109 65009 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:58:40.326818 0.066556 tcp 10.0.2.109 65010 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:58:40.393644 0.148847 tcp 10.0.2.109 65011 -> 195.113.214.211 443 SRPA* 0 0 32 24681 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:58:40.543035 0.000000 udp 10.0.2.109 3683 -> 117.203.216.216 8817 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 08:58:57.841407 0.068585 tcp 10.0.2.109 65012 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:58:57.910253 0.068987 tcp 10.0.2.109 65013 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:58:57.979583 0.161565 tcp 10.0.2.109 65014 -> 195.113.214.211 443 SRPA* 0 0 23 12930 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:58:58.141649 0.062723 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:58:58.204892 0.148292 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:58:58.205210 2.998365 tcp 10.0.2.109 65015 -> 86.151.165.203 1721 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 08:58:58.353601 0.068388 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:58:58.422637 0.000000 udp 10.0.2.109 3683 -> 87.153.127.9 4545 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 08:59:07.202755 0.000000 tcp 10.0.2.109 65015 -> 86.151.165.203 1721 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 08:59:15.445295 0.066830 tcp 10.0.2.109 65016 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:15.512409 0.076087 tcp 10.0.2.109 65017 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:15.588767 0.169530 tcp 10.0.2.109 65018 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:15.758964 0.065008 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:15.824336 0.140738 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:15.965480 0.156305 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:16.122348 0.183847 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:16.306633 0.077528 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:16.384597 0.145670 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:16.530660 0.136948 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:16.667985 0.000000 udp 10.0.2.109 3683 -> 81.134.105.115 4828 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 08:59:33.591206 0.066036 tcp 10.0.2.109 65019 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:33.657593 0.067953 tcp 10.0.2.109 65020 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:33.725776 0.169993 tcp 10.0.2.109 65021 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:33.896278 0.063278 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:33.960018 0.186929 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:33.960402 2.984599 tcp 10.0.2.109 65022 -> 81.149.140.243 1095 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 08:59:34.147358 0.333677 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:34.481396 0.085480 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:34.567266 0.055429 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:34.623107 0.133884 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:34.757377 0.054824 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:34.812596 0.185721 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:34.998691 0.073931 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:35.072983 0.038100 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:35.111513 0.318273 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:35.430342 0.057360 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:35.488115 0.050384 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:35.538862 0.103355 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:35.651447 0.000000 udp 10.0.2.109 3683 -> 213.61.177.98 5943 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 08:59:42.953735 0.000000 tcp 10.0.2.109 65022 -> 81.149.140.243 1095 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 08:59:50.707687 0.010884 udp 10.0.2.109 59624 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/28 08:59:50.718948 0.010068 udp 10.0.2.109 63621 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/28 08:59:53.059471 0.067628 tcp 10.0.2.109 65023 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:53.127395 0.068012 tcp 10.0.2.109 65024 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:53.195674 0.159456 tcp 10.0.2.109 65025 -> 195.113.214.211 443 SRPA* 0 0 38 21088 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:53.355352 0.040176 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:53.395923 0.381563 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:53.777884 1.138872 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:54.917180 0.467815 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:55.385447 0.367642 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/28 08:59:55.385768 4.960746 tcp 10.0.2.109 65026 -> 119.234.157.197 1911 SPA_* 0 0 96 66823 flow=From-Botnet-V1-TCP-Established 1970/01/28 08:59:55.798980 0.061051 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:00:00.426491 4.950231 tcp 10.0.2.109 65026 -> 119.234.157.197 1911 A_PA 0 0 123 90610 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:00:05.606375 4.951092 tcp 10.0.2.109 65026 -> 119.234.157.197 1911 A_PA 0 0 123 90610 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:00:10.636640 4.990260 tcp 10.0.2.109 65026 -> 119.234.157.197 1911 A_PA 0 0 123 90610 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:00:15.766707 4.969298 tcp 10.0.2.109 65026 -> 119.234.157.197 1911 A_PA 0 0 126 92820 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:00:20.976784 4.989952 tcp 10.0.2.109 65026 -> 119.234.157.197 1911 A_PA 0 0 123 90610 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:00:25.995680 4.990229 tcp 10.0.2.109 65026 -> 119.234.157.197 1911 A_PA 0 0 123 90610 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:00:31.096482 1.130129 tcp 10.0.2.109 65026 -> 119.234.157.197 1911 FPA_* 0 0 14 6176 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:01:14.618152 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 09:01:21.625504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:01:29.627204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:01:45.630375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:02:17.636109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:08:21.641832 3.001990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 09:08:28.649753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:08:36.651360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:08:52.654286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:09:24.660183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:15:28.666503 3.001891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 09:15:35.673361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:15:43.675115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:15:59.678150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:16:31.684510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:22:08.078302 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 09:22:08.078402 0.543135 tcp 10.0.2.109 65027 -> 176.73.175.35 3123 FSPA* 0 0 15 1779 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:22:35.692340 2.999393 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 09:22:42.697765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:22:50.698891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:23:06.702016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:23:38.707812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:29:42.714593 3.001113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 09:29:49.721443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:29:57.723062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:30:13.725894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:30:20.726341 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 09:30:20.726481 0.000000 udp 10.0.2.109 3683 -> 87.153.127.9 4545 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 09:30:36.751372 0.069015 tcp 10.0.2.109 65028 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:30:36.821037 0.067265 tcp 10.0.2.109 65029 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:30:36.888591 0.286946 tcp 10.0.2.109 65030 -> 195.113.214.211 443 SRPA* 0 0 57 34987 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:30:37.176240 0.000000 udp 10.0.2.109 3683 -> 81.134.105.115 4828 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 09:30:45.732443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:30:53.984344 0.065998 tcp 10.0.2.109 65031 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:30:54.050603 0.068064 tcp 10.0.2.109 65032 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:30:54.118906 0.163747 tcp 10.0.2.109 65033 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:30:54.283156 0.000000 udp 10.0.2.109 3683 -> 213.61.177.98 5943 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 09:31:09.539954 0.066698 tcp 10.0.2.109 65034 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:31:09.606876 0.067588 tcp 10.0.2.109 65035 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:31:09.674715 0.165864 tcp 10.0.2.109 65036 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:31:09.841291 0.070647 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:09.912373 0.141246 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:10.053999 0.059168 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:10.113616 0.064048 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:10.178059 0.147053 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:10.325519 0.156326 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:10.482442 0.141043 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:10.623901 0.076332 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:10.700617 0.181959 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:10.883031 0.143176 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:11.026651 0.355588 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:11.386413 0.179202 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:11.566110 0.062281 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:11.628834 0.086555 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:11.715841 0.130982 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:11.847227 0.056578 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:11.904281 0.188336 udp 10.0.2.109 3683 <-> 99.146.161.155 6042 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:12.093073 0.067092 udp 10.0.2.109 3683 <-> 91.6.24.154 5333 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:12.160594 0.036556 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:12.197552 0.323627 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:12.521572 0.054212 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:12.576200 0.051390 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:12.627956 0.050989 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:12.679469 0.107912 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:12.787777 0.044584 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:12.832774 0.374846 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:13.208011 0.095301 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:13.303726 0.060661 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:13.364905 0.461623 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:31:13.826936 0.352838 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/28 09:36:49.737605 3.003527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 09:36:56.748469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:37:04.746850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:37:20.750056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:37:52.755908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:43:56.762726 3.000824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 09:44:03.769446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:44:11.774933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:44:27.773415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:44:59.779811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:51:58.795219 3.001493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 09:52:05.802724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:52:08.627059 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 09:52:08.627183 0.844983 tcp 10.0.2.109 65037 -> 176.73.175.35 3123 FSPA* 0 0 14 1605 flow=From-Botnet-V1-TCP-Established 1970/01/28 09:52:13.803927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:52:29.807160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:53:01.813044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:59:05.819280 3.001700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 09:59:12.830153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:59:20.827967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 09:59:36.831080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:00:08.837054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:01:35.301474 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 10:01:35.301672 0.069546 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:35.371612 0.156070 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:35.528088 0.059003 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:35.587512 0.063151 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:35.651076 0.147068 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:35.798538 0.160821 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:35.959723 0.137110 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:36.097227 0.071214 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:36.168847 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 10:01:55.121468 0.068299 tcp 10.0.2.109 65038 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:01:55.190013 0.069089 tcp 10.0.2.109 65039 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:01:55.259374 0.154050 tcp 10.0.2.109 65040 -> 195.113.214.211 443 SRPA* 0 0 32 24081 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:01:55.413981 0.141520 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:55.555937 0.361286 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:55.917545 0.187691 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:56.105608 0.065295 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:56.171268 0.088401 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:56.260104 0.556299 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:56.816830 0.055690 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:01:56.872958 0.000000 udp 10.0.2.109 3683 -> 99.146.161.155 6042 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 10:02:15.810424 0.066445 tcp 10.0.2.109 65041 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:02:15.877156 0.068231 tcp 10.0.2.109 65042 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:02:15.945636 0.164828 tcp 10.0.2.109 65043 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:02:16.111101 0.000000 udp 10.0.2.109 3683 -> 91.6.24.154 5333 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 10:02:32.824714 0.067956 tcp 10.0.2.109 65044 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:02:32.892980 0.069343 tcp 10.0.2.109 65045 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:02:32.962593 0.173829 tcp 10.0.2.109 65046 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:02:33.136922 0.036843 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:33.174320 0.322144 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:33.496858 0.053403 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:33.550621 0.049900 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:33.600899 0.057293 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:33.658604 0.109815 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:33.768804 0.044505 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:33.813721 0.057506 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:33.871601 0.462652 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:34.334672 0.370946 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:34.706014 0.075823 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:02:34.782419 0.353505 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:06:12.842306 3.002447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 10:06:19.850473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:06:27.851856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:06:43.854933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:07:15.861139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:13:21.869912 3.001540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 10:13:28.877321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:13:36.881032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:13:52.881650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:14:24.892150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:20:28.894241 3.001265 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 10:20:35.901185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:20:43.902658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:20:59.905640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:21:31.911673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:22:09.476329 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 10:22:09.476540 0.536993 tcp 10.0.2.109 65047 -> 176.73.175.35 3123 FSPA* 0 0 14 1589 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:27:35.917257 3.002287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 10:27:42.925325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:27:50.926512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:28:06.929803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:28:38.935890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:33:03.776830 0.000188 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 10:33:03.777116 0.190447 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:03.967961 0.000000 udp 10.0.2.109 3683 -> 91.6.24.154 5333 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 10:33:21.153970 0.067662 tcp 10.0.2.109 65048 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:33:21.221985 0.069136 tcp 10.0.2.109 65049 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:33:21.291409 0.152259 tcp 10.0.2.109 65050 -> 195.113.214.211 443 SRPA* 0 0 34 24791 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:33:21.444173 0.000000 udp 10.0.2.109 3683 -> 99.146.161.155 6042 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 10:33:36.814486 0.141600 tcp 10.0.2.109 65051 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:33:36.956372 0.069386 tcp 10.0.2.109 65052 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:33:37.026223 0.273005 tcp 10.0.2.109 65053 -> 195.113.214.211 443 SRPA* 0 0 58 38891 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:33:37.299831 0.065320 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:37.365604 0.066304 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:37.432373 0.060676 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:37.493543 0.156454 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:37.650632 0.159291 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:37.810356 0.147048 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:37.957793 0.080328 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:38.038601 0.142437 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:38.181550 0.143404 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:38.325400 0.085712 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:38.411543 0.063479 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:38.475415 0.363207 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:38.839058 0.190740 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.030365 0.134683 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.165541 0.060458 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.226466 0.052981 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.279853 0.050774 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.331061 0.052225 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.383720 0.035656 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.419826 0.340320 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.760605 0.105142 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.866402 0.044444 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.911316 0.056057 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:39.967803 0.426102 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:40.394325 0.367021 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:40.761793 0.093767 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:33:40.856033 0.359033 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/28 10:34:42.941624 3.001780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 10:34:49.949248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:34:57.950440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:35:13.953833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:35:45.959578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:41:49.965659 3.001765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 10:41:56.973168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:42:04.974630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:42:20.977559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:42:52.983512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:48:56.989755 3.001850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 10:49:03.999299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:49:11.998463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:49:28.001967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:50:00.007627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:52:10.015401 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 10:52:10.015562 0.493553 tcp 10.0.2.109 65054 -> 176.73.175.35 3123 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/01/28 10:56:04.013914 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 10:56:11.021591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:56:19.022840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:56:35.025848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 10:57:07.031716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:03:11.037847 3.001408 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 11:03:18.044954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:03:26.046594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:03:42.049513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:03:45.144232 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 11:03:45.144331 0.193115 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:45.337979 0.062899 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:45.401324 0.067037 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:45.468873 0.060815 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:45.530189 0.134142 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:45.664871 0.152265 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:45.817495 0.149120 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:45.967100 0.144714 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:46.112216 0.085470 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:46.198156 0.064435 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:46.263033 0.349586 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:46.613066 0.074596 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:46.688125 0.138993 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:46.827598 0.186143 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.014198 0.146132 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.160774 0.057235 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.218525 0.057660 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.276619 0.049996 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.327041 0.047462 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.374977 0.051803 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.427874 0.335556 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.763871 0.103812 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.868115 0.040217 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:03:47.908828 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 11:04:03.261980 0.069160 tcp 10.0.2.109 65055 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 11:04:03.331469 0.069467 tcp 10.0.2.109 65056 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 11:04:03.401313 0.158646 tcp 10.0.2.109 65057 -> 195.113.214.211 443 SRPA* 0 0 57 37393 flow=From-Botnet-V1-TCP-Established 1970/01/28 11:04:03.560676 0.086391 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:04:03.647655 0.451451 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:04:04.099523 0.361893 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:04:04.461929 0.354437 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:04:14.055763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:10:22.067725 3.001185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 11:10:29.074573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:10:37.076412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:10:53.079430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:11:25.085216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:17:29.090388 3.002687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 11:17:36.098750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:17:44.100412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:18:00.103320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:18:32.109116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:22:10.513607 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 11:22:10.513708 0.672991 tcp 10.0.2.109 65058 -> 176.73.175.35 3123 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/01/28 11:24:36.115542 3.001436 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 11:24:43.122788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:24:51.123985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:25:07.127401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:25:39.133271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:31:43.140298 3.000652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 11:31:50.146673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:31:58.148093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:32:14.151084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:32:46.157217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:34:21.294546 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 11:34:21.294678 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 11:34:37.458774 0.067583 tcp 10.0.2.109 65059 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 11:34:37.526684 0.067920 tcp 10.0.2.109 65060 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 11:34:37.594911 0.168649 tcp 10.0.2.109 65061 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/28 11:34:37.764112 0.087226 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:37.851852 0.065338 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:37.917671 0.057832 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:37.975930 0.127205 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:38.103651 0.177601 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:38.281665 0.087525 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:38.369621 0.062932 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:38.433015 0.155126 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:38.588627 0.148831 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:38.737947 0.145301 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:38.883754 0.082184 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:38.966463 0.143423 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:39.110323 0.193382 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:39.304197 0.131838 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:39.436473 0.055782 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:39.492709 0.055798 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:39.548939 0.048759 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:39.598163 0.051600 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:39.650256 0.035480 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:39.686214 0.351522 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:40.038449 0.322658 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:40.361565 0.122515 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:40.484492 0.040519 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:40.525493 0.092588 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:40.618550 0.468116 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:41.087122 0.362315 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:34:41.449985 0.359632 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/28 11:38:50.164452 3.000417 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 11:38:57.170766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:39:05.172128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:39:21.175314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:39:53.181192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:45:57.188764 3.000067 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 11:46:04.194548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:46:12.196208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:46:28.199017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:47:00.205152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:52:11.192982 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 11:52:11.193134 0.489266 tcp 10.0.2.109 65062 -> 176.73.175.35 3123 FSPA* 0 0 14 1496 flow=From-Botnet-V1-TCP-Established 1970/01/28 11:53:04.211055 3.001557 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 11:53:11.218805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:53:19.219916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:53:35.222986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 11:54:07.229307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:00:11.235812 3.001110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 12:00:18.242739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:00:26.243959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:00:42.247031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:01:14.253006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:05:08.240087 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 12:05:08.240293 0.058849 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:08.299621 0.060573 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:08.360572 0.067575 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:08.428576 0.140928 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:08.569989 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 12:05:27.479220 0.067857 tcp 10.0.2.109 65063 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 12:05:27.547385 0.067170 tcp 10.0.2.109 65064 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 12:05:27.614878 0.150386 tcp 10.0.2.109 65065 -> 195.113.214.211 443 SRPA* 0 0 35 24843 flow=From-Botnet-V1-TCP-Established 1970/01/28 12:05:27.765809 0.088423 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:27.854649 0.063265 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:27.918462 0.156095 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:28.074948 0.144269 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:28.219676 0.154320 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:28.374580 0.082991 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:28.458023 0.138304 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:28.596756 0.184746 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:28.781930 0.000000 udp 10.0.2.109 3683 -> 41.38.1.59 8699 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 12:05:45.743898 0.077694 tcp 10.0.2.109 65066 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 12:05:45.821879 0.067604 tcp 10.0.2.109 65067 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 12:05:45.889768 0.165780 tcp 10.0.2.109 65068 -> 195.113.214.211 443 SRPA* 0 0 50 27778 flow=From-Botnet-V1-TCP-Established 1970/01/28 12:05:46.056052 0.055371 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:46.111811 0.055086 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:46.167274 0.050220 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:46.217907 0.052594 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:46.270910 0.042451 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:46.313795 0.175947 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:46.490172 0.044743 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:46.535319 0.096715 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:46.632412 0.363210 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:46.996092 0.317858 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:47.314375 0.352406 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:47.667210 0.464965 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:05:48.132587 0.368589 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:07:25.269027 3.001753 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 12:07:32.276671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:07:40.278200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:07:56.281049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:08:28.287075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:14:34.296357 3.001364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 12:14:41.303223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:14:49.304794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:15:05.307862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:15:37.314422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:21:41.321249 2.999909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 12:21:48.327114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:21:56.338815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:22:11.681424 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 12:22:11.681609 0.601149 tcp 10.0.2.109 65069 -> 176.73.175.35 3123 FSPA* 0 0 14 1743 flow=From-Botnet-V1-TCP-Established 1970/01/28 12:22:12.341625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:22:44.347787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:28:48.354606 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 12:28:55.361309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:29:03.362528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:29:19.365647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:29:51.371824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:35:55.377442 3.002040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 12:36:00.993625 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 12:36:00.993713 0.180219 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:01.174386 0.481923 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:01.656759 0.140865 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:01.798209 0.066051 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:01.864757 0.065021 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:01.930264 0.059659 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:01.990407 0.149198 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:02.140070 0.148125 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:02.288711 0.088626 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:02.377786 0.059409 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:02.385171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:36:02.437575 0.152827 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:02.590812 0.191368 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:02.782615 0.142215 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:02.925281 0.075702 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.001388 0.055997 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.057815 0.055522 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.113762 0.050782 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.164956 0.055774 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.221165 0.035036 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.256678 0.113880 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.370996 0.039976 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.411345 0.086642 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.498543 0.336529 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:03.835468 0.491896 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:04.327878 0.318812 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:04.647130 0.354433 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:05.001978 0.374938 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/28 12:36:10.386902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:36:26.389619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:36:58.396203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:43:02.402502 3.000902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 12:43:09.409467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:43:17.410650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:43:33.413762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:44:05.420115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:51:24.432646 3.003122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 12:51:31.440970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:51:39.442862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:51:55.445599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:52:12.290484 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 12:52:12.290661 0.514122 tcp 10.0.2.109 65070 -> 176.73.175.35 3123 FSPA* 0 0 14 1550 flow=From-Botnet-V1-TCP-Established 1970/01/28 12:52:27.451679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:58:47.460146 3.002185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 12:58:54.467775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:59:02.468971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:59:18.472746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 12:59:50.478765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:05:54.484284 3.003260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 13:06:01.492066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:06:09.493368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:06:18.266723 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 13:06:18.266944 0.147853 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:18.415292 0.078975 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:18.494667 0.064029 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:18.559093 0.186679 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:18.746241 0.000000 udp 10.0.2.109 3683 -> 41.38.1.59 8699 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 13:06:25.496745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:06:34.291692 0.069019 tcp 10.0.2.109 65071 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:06:34.361019 0.067119 tcp 10.0.2.109 65072 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:06:34.428426 0.145484 tcp 10.0.2.109 65073 -> 195.113.214.211 443 SRPA* 0 0 56 36221 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:06:34.574641 0.057805 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:34.632868 0.146441 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:34.779666 0.137336 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:34.917496 0.087225 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:35.005145 0.062155 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:35.067780 0.160369 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:35.228610 0.187224 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:35.416257 0.142386 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:35.559071 0.092898 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:35.652427 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 13:06:54.148447 0.066679 tcp 10.0.2.109 65074 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:06:54.215410 0.068013 tcp 10.0.2.109 65075 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:06:54.283796 0.155849 tcp 10.0.2.109 65076 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:06:54.440180 0.053758 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:54.494348 0.049808 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:54.544552 0.051543 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:54.596483 0.042317 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:54.639224 0.121567 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:54.761197 0.040491 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:06:54.802191 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 13:06:57.502741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:07:12.935537 0.065871 tcp 10.0.2.109 65077 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:07:13.001664 0.068291 tcp 10.0.2.109 65078 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:07:13.070241 0.164078 tcp 10.0.2.109 65079 -> 195.113.214.211 443 SRPA* 0 0 34 16698 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:07:13.234935 0.386087 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:07:13.621455 0.510075 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:07:14.131970 0.317182 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:07:14.449598 0.361787 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:07:14.811779 0.365345 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:13:01.508384 3.002164 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 13:13:08.515951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:13:16.517602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:13:32.520781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:14:04.526578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:20:08.532934 3.001476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 13:20:15.540570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:20:23.541548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:20:39.544393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:21:11.560650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:22:12.808980 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 13:22:12.809097 0.563210 tcp 10.0.2.109 65080 -> 176.73.175.35 3123 FSPA* 0 0 14 1589 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:27:15.567479 3.001054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 13:27:22.573725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:27:30.575776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:27:46.578555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:28:18.584476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:34:22.590590 3.000945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 13:34:29.597824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:34:37.599052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:34:53.602708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:35:25.608816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:37:33.993553 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 13:37:33.993661 3.131896 udp 10.0.2.109 3683 -> 41.38.1.59 8699 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 13:37:37.125557 0.000000 icmp 41.38.1.57 0x0103 -> 10.0.2.109 0x2926 URH 192 1 170 flow=Background 1970/01/28 13:37:50.689194 0.101870 tcp 10.0.2.109 65081 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:37:50.791396 0.067681 tcp 10.0.2.109 65082 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:37:50.859355 0.155427 tcp 10.0.2.109 65083 -> 195.113.214.211 443 SRPA* 0 0 70 52474 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:37:51.015414 0.084041 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:37:51.099829 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 13:38:08.322991 0.067241 tcp 10.0.2.109 65084 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:38:08.390606 0.068785 tcp 10.0.2.109 65085 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:38:08.459683 0.150967 tcp 10.0.2.109 65086 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:38:08.611333 0.059130 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:08.670925 0.067279 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:08.738631 0.127466 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:08.866588 0.179255 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:09.046287 0.059049 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:09.105754 0.059367 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:09.165554 0.158741 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:09.324715 0.185993 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:09.511119 0.142259 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:09.653846 0.141104 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:09.795377 0.137560 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:09.933395 0.087215 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:10.021041 0.462946 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:10.484410 0.050867 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:10.535773 0.052049 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:10.588191 0.039359 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:10.627966 0.106759 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:10.735219 0.044468 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:10.780069 0.053053 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:10.833668 0.317809 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:11.151865 0.352403 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:11.504692 0.504380 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:12.009539 0.397593 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:38:12.407549 0.363470 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/28 13:41:29.614517 3.001562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 13:41:36.621876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:41:44.623299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:42:00.626611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:42:32.632516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:48:36.638100 3.001862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 13:48:43.645816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:48:51.647260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:49:07.650764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:49:39.656752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:52:13.378302 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 13:52:13.378472 0.477627 tcp 10.0.2.109 65087 -> 176.73.175.35 3123 FSPA* 0 0 14 1507 flow=From-Botnet-V1-TCP-Established 1970/01/28 13:55:43.663595 3.000892 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 13:55:50.670010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:55:58.671318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:56:14.674196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 13:56:46.680534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:02:50.688801 2.999355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 14:02:57.693706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:03:05.695342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:03:21.698315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:03:53.704223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:08:14.038873 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 14:08:14.038970 0.093556 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:14.132888 0.149439 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:14.282815 0.061071 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:14.344335 0.067353 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:14.412094 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 14:08:30.403573 0.066783 tcp 10.0.2.109 65088 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:08:30.470623 0.068022 tcp 10.0.2.109 65089 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:08:30.538892 0.173534 tcp 10.0.2.109 65090 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:08:30.712960 0.055727 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:30.769168 0.059804 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:30.829393 0.187487 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.017371 0.179095 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.196884 0.143709 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.340999 0.139071 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.480524 0.137396 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.618397 0.082083 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.700851 0.076424 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.777696 0.049916 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.828026 0.048882 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.877333 0.036878 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:31.914719 0.104667 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:32.019825 0.044579 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:32.064817 0.055076 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:32.120299 0.321488 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:32.442383 0.400662 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:32.843497 0.365998 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:33.209947 0.557652 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:08:33.783127 0.353176 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:09:57.710367 3.001594 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 14:10:04.717714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:10:12.719123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:10:28.722421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:11:00.728287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:17:04.734540 3.001601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 14:17:11.741518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:17:19.742996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:17:35.746592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:18:07.752469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:22:13.857337 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 14:22:13.857518 3.002514 tcp 10.0.2.109 65091 -> 176.73.175.35 3123 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 14:22:22.858891 0.000000 tcp 10.0.2.109 65091 -> 176.73.175.35 3123 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 14:22:28.859259 0.067301 tcp 10.0.2.109 65092 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:22:28.926792 0.067107 tcp 10.0.2.109 65093 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:22:28.994225 0.160654 tcp 10.0.2.109 65094 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:22:29.185885 3.006631 tcp 10.0.2.109 65095 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 14:22:38.190967 0.000000 tcp 10.0.2.109 65095 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 14:22:44.180630 0.065870 tcp 10.0.2.109 65096 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:22:44.246843 0.068148 tcp 10.0.2.109 65097 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:22:44.315250 0.157015 tcp 10.0.2.109 65098 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:22:44.518805 0.523526 tcp 10.0.2.109 65099 -> 176.73.169.112 1959 FSPA* 0 0 15 1575 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:24:11.757805 3.002234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 14:24:18.765846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:24:26.767094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:24:42.769606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:25:14.776458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:31:18.782276 3.011620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 14:31:25.799768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:31:33.801144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:31:49.804011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:32:21.810476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:38:25.817259 3.000529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 14:38:32.823587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:38:40.824928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:38:45.892976 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 14:38:45.893138 0.181825 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:46.075368 0.065546 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:46.141352 0.147742 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:46.289512 0.079998 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:46.369914 0.056703 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:46.427036 0.057557 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:46.484970 0.058296 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:46.543658 0.156456 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:46.700580 0.185616 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:46.886585 0.141774 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.028813 0.140094 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.169301 0.144913 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.314618 0.083431 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.398518 0.077299 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.476195 0.051023 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.527649 0.051120 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.579146 0.044222 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.623777 0.111158 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.735319 0.040038 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.775830 0.053071 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:47.829242 0.323725 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:48.153441 0.334330 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:48.488184 0.377883 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:48.866516 0.482991 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:49.349916 0.362588 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/28 14:38:56.827814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:39:28.833536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:45:32.840366 3.001343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 14:45:39.847945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:45:47.849250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:46:03.852073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:46:35.857654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:52:45.049618 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 14:52:45.049712 0.494272 tcp 10.0.2.109 65100 -> 176.73.169.112 1959 FSPA* 0 0 14 1676 flow=From-Botnet-V1-TCP-Established 1970/01/28 14:52:45.872863 3.001770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 14:52:52.880711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:53:00.881625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:53:16.884822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:53:48.890763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 14:59:52.896594 3.001806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 14:59:59.904034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:00:07.905586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:00:23.908678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:00:55.914830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:07:02.925079 3.001811 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 15:07:09.932648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:07:17.934015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:07:33.936916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:08:05.943221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:08:51.759416 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 15:08:51.759533 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 15:09:07.683469 0.067008 tcp 10.0.2.109 65101 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:09:07.750756 0.066347 tcp 10.0.2.109 65102 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:09:07.817387 0.156881 tcp 10.0.2.109 65103 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:09:07.974456 0.065668 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:08.040567 0.147651 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:08.188656 0.086369 udp 10.0.2.109 3683 <-> 81.191.29.195 1978 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:08.275529 0.061146 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:08.337216 0.059222 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:08.337635 2.999280 tcp 10.0.2.109 65104 -> 86.161.161.197 4544 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 15:09:08.396846 0.060307 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:08.457550 0.159310 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:08.617327 0.188595 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:08.806440 0.140958 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:08.947843 0.147020 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.095279 0.151826 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.247459 0.084029 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.331927 0.076152 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.408557 0.049999 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.458968 0.051039 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.510559 0.035714 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.546684 0.145112 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.692260 0.040201 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.732921 0.059254 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:09.792690 0.369569 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:10.162636 0.318812 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:10.481889 0.370078 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:10.852422 0.481927 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:11.334788 0.360083 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:09:17.335614 0.000000 tcp 10.0.2.109 65104 -> 86.161.161.197 4544 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 15:14:09.949382 3.000686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 15:14:16.956705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:14:24.958073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:14:40.961115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:15:12.967131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:21:16.972044 3.002664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 15:21:23.980100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:21:31.982093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:21:47.985014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:22:19.991031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:22:45.548000 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 15:22:45.548084 0.616763 tcp 10.0.2.109 65105 -> 176.73.169.112 1959 FSPA* 0 0 14 1534 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:28:23.997522 3.000521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 15:28:31.004256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:28:39.005881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:28:55.008965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:29:27.014873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:35:31.020778 3.002181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 15:35:38.028167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:35:46.029932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:36:02.032749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:36:34.039125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:39:16.552911 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 15:39:16.553086 0.182522 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:16.736033 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 15:39:32.266766 0.068897 tcp 10.0.2.109 65106 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:39:32.335958 0.062605 tcp 10.0.2.109 65107 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:39:32.398750 0.160783 tcp 10.0.2.109 65108 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:39:32.559779 0.063656 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:32.623855 0.064924 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:32.624225 2.995383 tcp 10.0.2.109 65109 -> 86.161.161.197 4544 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 15:39:32.689222 0.140874 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:32.830552 0.057435 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:32.888391 0.059023 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:32.947858 0.157039 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:33.105300 0.188018 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:33.293750 0.140013 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:33.434292 0.146486 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:33.581231 0.143551 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:33.725179 0.086060 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:33.811663 0.076778 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:33.888875 0.048966 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:33.938268 0.051753 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:33.990596 0.034403 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:34.025426 0.234388 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:34.260227 0.045422 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:34.306092 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 15:39:41.617826 0.000000 tcp 10.0.2.109 65109 -> 86.161.161.197 4544 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 15:39:52.314674 0.062304 tcp 10.0.2.109 65110 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:39:52.377269 0.067949 tcp 10.0.2.109 65111 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:39:52.445498 0.154438 tcp 10.0.2.109 65112 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:39:52.600567 0.359487 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:52.960554 0.469750 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:53.430762 0.320886 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:53.752153 0.401053 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:39:53.752507 2.998185 tcp 10.0.2.109 65113 -> 175.195.224.65 4091 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 15:39:54.153693 0.360330 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/28 15:40:02.748977 0.000000 tcp 10.0.2.109 65113 -> 175.195.224.65 4091 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 15:40:10.703611 0.009786 udp 10.0.2.109 56668 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/28 15:40:10.713875 0.009499 udp 10.0.2.109 63519 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/28 15:42:38.045176 3.001252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 15:42:45.052388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:42:53.053723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:43:09.056776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:43:41.062942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:49:45.068614 3.002089 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 15:49:52.076258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:50:00.077784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:50:16.080675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:50:48.086685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:52:46.167362 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 15:52:46.167519 3.003395 tcp 10.0.2.109 65114 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 15:52:55.169292 0.000000 tcp 10.0.2.109 65114 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 15:53:01.170278 0.068106 tcp 10.0.2.109 65115 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:53:01.238665 0.068306 tcp 10.0.2.109 65116 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:53:01.307237 0.157629 tcp 10.0.2.109 65117 -> 195.113.214.211 443 SRPA* 0 0 35 22360 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:53:01.484704 0.934100 tcp 10.0.2.109 65118 -> 65.36.117.251 3453 FSPA* 0 0 14 1650 flow=From-Botnet-V1-TCP-Established 1970/01/28 15:56:52.094432 3.000122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 15:56:59.100153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:57:07.101665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:57:23.104960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 15:57:55.110705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:03:59.117042 3.001288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 16:04:06.124142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:04:14.125621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:04:30.128809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:05:02.134522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:09:56.748247 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:09:56.748354 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 1978 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:10:13.884710 0.068195 tcp 10.0.2.109 65119 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:10:13.953200 0.068179 tcp 10.0.2.109 65120 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:10:14.021682 0.154480 tcp 10.0.2.109 65121 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:10:14.176695 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:10:32.089802 0.068089 tcp 10.0.2.109 65122 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:10:32.158571 0.069070 tcp 10.0.2.109 65123 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:10:32.227969 0.156300 tcp 10.0.2.109 65124 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:10:32.384792 4.096957 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 4 1189 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:32.566306 3.626361 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 4 1113 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:32.566621 2.997325 tcp 10.0.2.109 65125 -> 142.161.36.205 3707 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:10:32.625790 3.621783 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 4 1196 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:32.688002 3.616685 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 4 1131 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:32.749402 3.792163 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 4 1146 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:32.816436 3.859491 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 4 1093 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:32.950950 3.886487 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1074 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:33.111206 3.869882 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 4 1210 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:33.252563 3.874403 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 4 1035 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:33.397127 3.868085 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1252 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:33.535975 3.810218 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 4 1045 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:33.623355 3.796514 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 4 1253 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:33.699741 3.769481 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 999 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:33.749452 3.761898 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1264 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:33.803309 3.894270 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1329 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:33.995145 3.739078 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 4 1143 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:34.032155 3.816353 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 4 1290 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:34.143721 3.746585 rtcp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 4 1328 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:34.196836 4.061705 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 4 1124 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:34.570317 4.803877 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 4 1217 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:35.054189 3.526037 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 4 1034 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:35.374616 3.526808 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1112 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:35.695422 4.045779 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 4 1130 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:10:39.741836 0.000000 udp 10.0.2.109 3683 -> 2.50.41.212 7783 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:10:41.572364 0.000000 tcp 10.0.2.109 65125 -> 142.161.36.205 3707 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:10:45.137870 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:10:51.957650 0.000000 udp 10.0.2.109 3683 -> 202.6.154.220 9022 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:11:00.220001 0.000000 udp 10.0.2.109 3683 -> 60.52.100.187 1024 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:11:06.140367 3.002148 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 16:11:07.089569 0.000000 udp 10.0.2.109 3683 -> 173.247.172.2 2524 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:11:13.148504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:11:14.610529 0.000000 udp 10.0.2.109 3683 -> 209.34.25.227 1056 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:11:19.557120 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:11:21.149530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:11:22.261488 0.000000 udp 10.0.2.109 3683 -> 66.186.162.202 8414 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:11:29.331407 0.000000 udp 10.0.2.109 3683 -> 201.230.55.25 1044 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:11:37.152666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:11:38.194125 0.000000 udp 10.0.2.109 3683 -> 209.89.10.73 9456 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:11:46.536790 0.000000 udp 10.0.2.109 3683 -> 84.82.18.31 8583 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:11:52.194460 0.466645 udp 10.0.2.109 3683 <-> 190.118.138.83 5253 CON 0 0 2 769 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:11:52.775529 0.194141 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 2 664 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:11:53.017765 0.224912 udp 10.0.2.109 3683 <-> 187.205.138.212 3188 CON 0 0 2 770 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:11:53.334999 0.000000 udp 10.0.2.109 3683 -> 186.112.11.80 5843 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:12:02.049198 0.000000 udp 10.0.2.109 3683 -> 173.21.248.92 2913 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:12:07.055613 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:12:07.947322 0.000000 udp 10.0.2.109 3683 -> 210.3.224.213 2650 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:12:09.158615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:12:15.771026 0.000000 udp 10.0.2.109 3683 -> 66.232.197.101 1277 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:12:24.150566 0.000000 udp 10.0.2.109 3683 -> 50.141.138.115 8279 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:12:31.761360 0.000000 udp 10.0.2.109 3683 -> 46.246.168.114 7056 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:12:36.808736 0.000000 udp 10.0.2.109 3683 -> 186.6.206.219 2209 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:12:44.059012 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:12:52.821507 0.000000 udp 10.0.2.109 3683 -> 67.60.33.239 4872 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:12:57.548108 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:12:59.731445 0.000000 udp 10.0.2.109 3683 -> 67.173.51.56 7093 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:13:05.509773 0.000000 udp 10.0.2.109 3683 -> 84.228.75.144 9285 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:13:12.239571 0.000000 udp 10.0.2.109 3683 -> 78.14.195.188 7760 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:13:19.369727 0.000000 udp 10.0.2.109 3683 -> 78.141.13.60 1027 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:13:25.027736 0.386141 udp 10.0.2.109 3683 <-> 84.152.204.64 1251 CON 0 0 2 841 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:13:25.439792 0.000000 udp 10.0.2.109 3683 -> 31.53.178.108 1084 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:13:33.199699 0.000000 udp 10.0.2.109 3683 -> 90.217.153.204 6080 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:13:41.611439 0.151136 udp 10.0.2.109 3683 -> 90.148.114.51 1869 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:13:41.762575 0.000000 icmp 90.148.114.51 0x0303 -> 10.0.2.109 0x4d07 URP 192 1 320 flow=Background 1970/01/28 16:13:46.548696 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:13:46.618965 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:13:54.129529 0.031735 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 684 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:13:54.248167 0.377238 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 672 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:13:54.672741 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:13:59.677787 0.000000 udp 10.0.2.109 3683 -> 81.107.0.17 7096 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:14:07.619191 0.136295 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 693 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:14:07.857858 0.192650 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 730 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:14:08.145363 0.000000 udp 10.0.2.109 3683 -> 115.85.46.146 6453 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:14:14.769177 0.000000 udp 10.0.2.109 3683 -> 187.174.144.86 1299 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:14:23.331263 0.074239 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:14:23.569784 0.000000 udp 10.0.2.109 3683 -> 119.161.93.18 6481 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:14:28.889825 0.045392 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 769 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:14:29.044169 0.000000 udp 10.0.2.109 3683 -> 203.14.171.216 6712 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:14:33.556472 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:14:37.932767 0.000000 udp 10.0.2.109 3683 -> 190.6.152.234 6799 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:14:43.791557 0.215652 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:14:44.114165 0.180861 udp 10.0.2.109 3683 <-> 108.214.152.10 6765 CON 0 0 2 773 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:14:44.354828 0.046957 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 821 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:14:44.691221 0.000000 udp 10.0.2.109 3683 -> 76.108.25.138 3664 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:14:52.263369 0.000000 udp 10.0.2.109 3683 -> 117.195.107.151 2296 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:14:57.311049 0.000000 udp 10.0.2.109 3683 -> 151.42.8.185 4723 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:15:03.589540 0.000000 udp 10.0.2.109 3683 -> 75.109.189.157 7538 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:15:10.760079 0.000000 udp 10.0.2.109 3683 -> 2.50.61.118 9551 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:15:19.222095 0.000000 udp 10.0.2.109 3683 -> 84.113.113.103 2357 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:15:24.048990 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:15:27.103499 0.035381 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:15:27.160758 0.170715 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 857 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:15:27.419158 0.208010 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 763 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:15:27.650445 0.000000 udp 10.0.2.109 3683 -> 50.74.217.30 2453 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:15:34.604115 0.000000 udp 10.0.2.109 3683 -> 58.165.207.134 3271 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:15:42.525502 0.000000 udp 10.0.2.109 3683 -> 67.165.237.116 1720 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:15:50.116636 0.000000 udp 10.0.2.109 3683 -> 108.20.76.120 5423 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:15:58.477935 0.000000 udp 10.0.2.109 3683 -> 103.4.238.11 8882 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:16:05.138217 0.000000 udp 10.0.2.109 3683 -> 86.146.84.101 9486 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:16:10.054789 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:16:11.607502 0.000000 udp 10.0.2.109 3683 -> 195.158.109.174 5924 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:16:20.490322 0.000000 udp 10.0.2.109 3683 -> 106.188.238.18 6053 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:16:28.071313 0.000000 udp 10.0.2.109 3683 -> 199.189.247.233 3984 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:16:37.074217 0.000000 udp 10.0.2.109 3683 -> 60.225.96.182 7994 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:16:43.453198 0.000000 udp 10.0.2.109 3683 -> 213.104.149.139 3407 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:16:51.664939 0.330337 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 819 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:16:52.021617 0.156087 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 675 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:16:52.187610 0.353680 udp 10.0.2.109 3683 -> 202.76.168.51 9106 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:16:52.541290 0.000000 icmp 202.76.168.51 0x0303 -> 10.0.2.109 0x9223 URP 192 1 304 flow=Background 1970/01/28 16:16:56.551717 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:17:00.838204 0.000000 udp 10.0.2.109 3683 -> 92.238.84.117 8398 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:17:06.565905 0.230097 udp 10.0.2.109 3683 <-> 162.202.134.145 3979 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:17:06.805618 0.000000 udp 10.0.2.109 3683 -> 174.0.55.32 7269 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:17:13.907221 0.000000 udp 10.0.2.109 3683 -> 95.240.184.129 2287 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:17:21.177276 0.000000 udp 10.0.2.109 3683 -> 86.65.149.54 9353 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:17:28.227432 0.000000 udp 10.0.2.109 3683 -> 201.100.33.120 6242 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:17:36.930224 0.000000 udp 10.0.2.109 3683 -> 95.227.140.10 8998 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:17:41.556616 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:17:43.299359 0.000000 udp 10.0.2.109 3683 -> 78.148.57.83 6991 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:17:51.481359 0.000000 udp 10.0.2.109 3683 -> 64.89.210.200 6797 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:17:56.638363 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:18:03.989376 0.057796 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:18:04.124860 0.000000 udp 10.0.2.109 3683 -> 67.250.62.148 9529 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:18:10.168002 0.000000 udp 10.0.2.109 3683 -> 95.224.76.121 2921 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:18:13.165574 3.001124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 16:18:18.149346 0.000000 udp 10.0.2.109 3683 -> 201.42.67.182 7181 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:18:20.172234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:18:25.239544 0.068954 udp 10.0.2.109 3683 -> 85.74.177.70 4082 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:18:25.308498 0.000000 icmp 85.74.177.70 0x0303 -> 10.0.2.109 0xf20f URP 192 1 154 flow=Background 1970/01/28 16:18:28.173906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:18:30.056245 0.000148 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:18:33.711600 0.085224 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 706 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:18:33.962274 0.376009 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:18:34.420312 0.149798 udp 10.0.2.109 3683 <-> 99.45.44.111 8496 CON 0 0 2 740 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:18:34.602519 0.072900 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 684 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:18:34.718401 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:18:42.884793 0.000000 udp 10.0.2.109 3683 -> 91.39.93.66 9714 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:18:44.176761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:18:49.023966 0.000000 udp 10.0.2.109 3683 -> 67.176.212.131 7101 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:18:54.942513 0.000000 udp 10.0.2.109 3683 -> 69.62.208.150 5044 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:19:02.883870 0.142294 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 857 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:19:03.100346 0.000000 udp 10.0.2.109 3683 -> 118.69.124.134 4662 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:19:09.372671 0.000000 udp 10.0.2.109 3683 -> 211.121.79.147 9433 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:19:16.182853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:19:16.913664 0.000000 udp 10.0.2.109 3683 -> 82.107.80.169 7820 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:19:21.550158 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:19:24.314612 0.000000 udp 10.0.2.109 3683 -> 119.225.6.254 3426 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:19:32.996950 0.000000 udp 10.0.2.109 3683 -> 125.60.195.230 3766 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:19:40.868641 0.097626 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:19:41.004843 0.000000 udp 10.0.2.109 3683 -> 75.131.170.130 7512 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:19:46.386501 0.000000 udp 10.0.2.109 3683 -> 72.219.179.47 3132 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:19:52.645263 0.000000 udp 10.0.2.109 3683 -> 58.96.26.31 5204 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:19:58.133290 0.434132 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 701 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:19:58.827175 0.000000 udp 10.0.2.109 3683 -> 149.135.51.3 7073 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:20:05.393548 0.187302 udp 10.0.2.109 3683 <-> 74.134.234.187 8814 CON 0 0 2 660 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:20:05.638618 0.000000 udp 10.0.2.109 3683 -> 97.102.56.201 9953 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:20:10.049836 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:20:14.425906 0.275142 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:20:14.724399 0.000000 udp 10.0.2.109 3683 -> 108.12.242.155 1628 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:20:20.725602 0.000000 udp 10.0.2.109 3683 -> 76.4.37.43 5812 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:20:27.214960 0.000000 udp 10.0.2.109 3683 -> 203.122.232.182 4630 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:20:32.332125 0.000000 udp 10.0.2.109 3683 -> 150.101.230.30 7401 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:20:39.652850 0.000000 udp 10.0.2.109 3683 -> 78.5.12.18 5337 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:20:46.212025 0.445866 udp 10.0.2.109 3683 <-> 186.110.227.65 7774 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:20:46.676735 0.161715 udp 10.0.2.109 3683 <-> 99.26.224.9 5585 CON 0 0 2 674 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:20:46.865174 0.000000 udp 10.0.2.109 3683 -> 79.51.180.254 1111 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:20:55.104966 0.000000 udp 10.0.2.109 3683 -> 95.177.51.186 9158 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:21:00.051916 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:21:00.763215 0.000000 udp 10.0.2.109 3683 -> 125.236.206.19 8728 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:21:08.254025 0.000000 udp 10.0.2.109 3683 -> 70.79.1.136 6679 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:21:15.103723 0.000000 udp 10.0.2.109 3683 -> 66.49.56.148 4961 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:21:21.843405 0.000000 udp 10.0.2.109 3683 -> 98.175.165.173 8272 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:21:30.185715 0.000000 udp 10.0.2.109 3683 -> 119.225.85.242 1029 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:21:36.684772 0.000000 udp 10.0.2.109 3683 -> 60.242.83.47 5488 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:21:41.992270 0.076375 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:21:46.548180 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:23:02.418843 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:23:02.419057 1.042341 tcp 10.0.2.109 65126 -> 65.36.117.251 3453 FSPA* 0 0 14 1599 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:25:20.189563 3.001021 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 16:25:27.196020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:25:35.197496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:25:51.200733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:26:23.207100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:32:27.212258 3.001940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 16:32:34.219962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:32:42.221287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:32:58.224788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:33:30.230729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:39:34.236518 3.001898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 16:39:41.243903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:39:49.245482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:40:05.248504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:40:37.254625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:46:41.260062 3.002500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 16:46:48.268122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:46:56.269545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:47:12.272629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:47:44.278518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:51:51.253704 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:51:51.253826 0.175632 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:51.429995 0.066458 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:51.430460 2.998013 tcp 10.0.2.109 65127 -> 142.161.36.205 3707 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:51:51.496871 0.134583 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:51.631914 0.060492 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:51.692835 0.061989 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:51.755263 0.065225 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:51.820941 0.157910 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:51.979296 0.143360 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:52.123104 0.034131 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:52.157703 0.185778 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:52.343945 0.087989 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:52.432288 0.074514 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:52.507246 0.049929 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:51:52.557624 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:52:00.426869 0.000000 tcp 10.0.2.109 65127 -> 142.161.36.205 3707 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:52:08.099717 0.064883 tcp 10.0.2.109 65128 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:52:08.164812 0.062616 tcp 10.0.2.109 65129 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:52:08.227697 0.157965 tcp 10.0.2.109 65130 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:52:08.386190 0.319863 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:08.706592 0.109524 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:08.816539 0.040226 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:08.857193 0.368235 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:09.225862 0.473908 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:09.700213 0.317124 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:10.017766 0.353333 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:10.371535 1.036481 udp 10.0.2.109 3683 <-> 190.118.138.83 5253 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:11.408414 0.193560 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:11.602401 0.000000 udp 10.0.2.109 3683 -> 187.205.138.212 3188 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:52:29.099137 0.068007 tcp 10.0.2.109 65131 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:52:29.167426 0.064812 tcp 10.0.2.109 65132 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:52:29.232531 0.157220 tcp 10.0.2.109 65133 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:52:29.390297 0.980846 udp 10.0.2.109 3683 <-> 84.152.204.64 1251 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:30.371625 0.372612 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:30.371946 3.002419 tcp 10.0.2.109 65134 -> 84.152.204.64 7497 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:52:30.744657 0.035199 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:30.780306 0.557449 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:31.338353 0.190053 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:31.528833 0.073076 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:31.602445 0.049821 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:31.652650 0.040678 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:31.693715 0.000000 udp 10.0.2.109 3683 -> 108.214.152.10 6765 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 16:52:39.382265 0.000000 tcp 10.0.2.109 65134 -> 84.152.204.64 7497 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:52:46.783931 0.067431 tcp 10.0.2.109 65135 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:52:46.851609 0.067860 tcp 10.0.2.109 65136 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:52:46.919775 0.157498 tcp 10.0.2.109 65137 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:52:47.077789 0.209413 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:47.287578 0.173002 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:47.461054 0.406496 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:47.868007 0.035662 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:47.904186 0.147980 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:48.052555 0.325233 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:48.378333 0.052142 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:48.430868 0.073650 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:48.504980 0.072276 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:48.577677 0.355527 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:48.933618 0.138588 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:49.072672 0.098448 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:49.171598 0.434667 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:49.606732 0.180497 udp 10.0.2.109 3683 <-> 74.134.234.187 8814 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:49.787694 0.145070 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:49.933173 0.460299 udp 10.0.2.109 3683 <-> 186.110.227.65 7774 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:52:50.393856 0.068990 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/28 16:53:03.467192 3.004106 tcp 10.0.2.109 65138 -> 65.36.117.251 3453 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:53:12.470258 0.000000 tcp 10.0.2.109 65138 -> 65.36.117.251 3453 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:53:18.469647 0.067721 tcp 10.0.2.109 65139 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:53:18.537701 0.068728 tcp 10.0.2.109 65140 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:53:18.606705 0.162663 tcp 10.0.2.109 65141 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:53:18.803416 3.000246 tcp 10.0.2.109 65142 -> 176.73.175.35 3123 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:53:27.802471 0.000000 tcp 10.0.2.109 65142 -> 176.73.175.35 3123 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:53:33.801604 0.068803 tcp 10.0.2.109 65143 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:53:33.870705 0.068506 tcp 10.0.2.109 65144 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:53:33.939527 0.151662 tcp 10.0.2.109 65145 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:53:34.101159 2.994580 tcp 10.0.2.109 65146 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:53:43.094382 0.000000 tcp 10.0.2.109 65146 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:53:48.285108 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 16:53:49.093772 0.066900 tcp 10.0.2.109 65147 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:53:49.161035 0.060752 tcp 10.0.2.109 65148 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:53:49.222073 0.160203 tcp 10.0.2.109 65149 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:53:49.393713 3.003919 tcp 10.0.2.109 65150 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:53:55.291863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:53:58.396710 0.000000 tcp 10.0.2.109 65150 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:54:03.293364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:54:04.395426 0.064764 tcp 10.0.2.109 65151 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:54:04.460051 0.065131 tcp 10.0.2.109 65152 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:54:04.525492 0.156179 tcp 10.0.2.109 65153 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/28 16:54:04.847296 3.002525 tcp 10.0.2.109 65154 -> 65.36.117.251 3453 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:54:13.848409 0.000000 tcp 10.0.2.109 65154 -> 65.36.117.251 3453 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:54:19.296522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:54:19.847640 3.003884 tcp 10.0.2.109 65155 -> 176.73.175.35 3123 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:54:28.850455 0.000000 tcp 10.0.2.109 65155 -> 176.73.175.35 3123 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:54:34.849151 3.004004 tcp 10.0.2.109 65156 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:54:43.851715 0.000000 tcp 10.0.2.109 65156 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:54:48.548623 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 16:54:49.850591 2.994018 tcp 10.0.2.109 65157 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 16:54:51.302950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 16:54:58.853158 0.000000 tcp 10.0.2.109 65157 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:00:04.853867 0.000340 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 17:00:04.854321 3.003144 tcp 10.0.2.109 65158 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:00:13.856107 0.000000 tcp 10.0.2.109 65158 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:00:19.856347 0.066128 tcp 10.0.2.109 65159 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:00:19.922807 0.065490 tcp 10.0.2.109 65160 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:00:19.988578 0.158944 tcp 10.0.2.109 65161 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:00:20.244757 3.004821 tcp 10.0.2.109 65162 -> 65.36.117.251 3453 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:00:29.248652 0.000000 tcp 10.0.2.109 65162 -> 65.36.117.251 3453 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:00:35.237653 0.073395 tcp 10.0.2.109 65163 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:00:35.311319 0.069419 tcp 10.0.2.109 65164 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:00:35.381026 0.152668 tcp 10.0.2.109 65165 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:00:35.613517 2.998329 tcp 10.0.2.109 65166 -> 176.73.175.35 3123 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:00:44.610550 0.000000 tcp 10.0.2.109 65166 -> 176.73.175.35 3123 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:00:50.609777 0.064563 tcp 10.0.2.109 65167 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:00:50.674638 0.061601 tcp 10.0.2.109 65168 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:00:50.736484 0.164243 tcp 10.0.2.109 65169 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:00:50.939298 3.004450 tcp 10.0.2.109 65170 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:00:55.308305 3.001639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 17:00:59.942434 0.000000 tcp 10.0.2.109 65170 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:01:02.315853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:01:05.941699 0.064050 tcp 10.0.2.109 65171 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:01:06.005578 0.069812 tcp 10.0.2.109 65172 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:01:06.075673 0.158742 tcp 10.0.2.109 65173 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:01:06.275105 3.001015 tcp 10.0.2.109 65174 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:01:10.317915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:01:15.274610 0.000000 tcp 10.0.2.109 65174 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:01:21.273298 2.994263 tcp 10.0.2.109 65175 -> 65.36.117.251 3453 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:01:26.320520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:01:30.266520 0.000000 tcp 10.0.2.109 65175 -> 65.36.117.251 3453 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:01:36.274902 3.003984 tcp 10.0.2.109 65176 -> 176.73.175.35 3123 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:01:45.277743 0.000000 tcp 10.0.2.109 65176 -> 176.73.175.35 3123 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:01:51.276924 3.003988 tcp 10.0.2.109 65177 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:01:56.053114 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 17:01:58.326589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:02:00.279183 0.000000 tcp 10.0.2.109 65177 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:07:06.279942 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 17:07:06.280038 3.003384 tcp 10.0.2.109 65178 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:07:15.282207 0.000000 tcp 10.0.2.109 65178 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:07:21.282595 0.065243 tcp 10.0.2.109 65179 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:07:21.348083 0.062341 tcp 10.0.2.109 65180 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:07:21.410781 0.157397 tcp 10.0.2.109 65181 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:07:21.614295 3.001425 tcp 10.0.2.109 65182 -> 65.36.117.251 3453 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:07:30.623952 0.000000 tcp 10.0.2.109 65182 -> 65.36.117.251 3453 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:07:36.612813 0.065583 tcp 10.0.2.109 65183 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:07:36.678663 0.066699 tcp 10.0.2.109 65184 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:07:36.745710 0.156655 tcp 10.0.2.109 65185 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:07:36.948432 2.999123 tcp 10.0.2.109 65186 -> 176.73.175.35 3123 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:07:45.946471 0.000000 tcp 10.0.2.109 65186 -> 176.73.175.35 3123 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:07:51.945463 0.061831 tcp 10.0.2.109 65187 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:07:52.007592 0.061515 tcp 10.0.2.109 65188 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:07:52.069388 0.157613 tcp 10.0.2.109 65189 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:07:52.250899 2.998457 tcp 10.0.2.109 65190 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:08:01.248057 0.000000 tcp 10.0.2.109 65190 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:08:02.331916 3.002363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 17:08:07.247596 0.064336 tcp 10.0.2.109 65191 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:08:07.312228 0.067723 tcp 10.0.2.109 65192 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:08:07.380217 0.154730 tcp 10.0.2.109 65193 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:08:07.583188 2.998195 tcp 10.0.2.109 65194 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:08:09.339759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:08:16.580452 0.000000 tcp 10.0.2.109 65194 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:08:17.341165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:08:22.578733 3.004456 tcp 10.0.2.109 65195 -> 65.36.117.251 3453 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:08:31.581675 0.000000 tcp 10.0.2.109 65195 -> 65.36.117.251 3453 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:08:33.344550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:08:37.580564 2.994385 tcp 10.0.2.109 65196 -> 176.73.175.35 3123 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:08:46.582954 0.000000 tcp 10.0.2.109 65196 -> 176.73.175.35 3123 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:08:51.550536 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 17:08:52.581972 2.994889 tcp 10.0.2.109 65197 -> 92.115.182.80 4268 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:09:01.574979 0.000000 tcp 10.0.2.109 65197 -> 92.115.182.80 4268 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:09:05.350163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:14:07.585617 0.095152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 17:14:07.680942 2.974354 tcp 10.0.2.109 65198 -> 65.36.117.251 3453 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:14:16.602325 0.000000 tcp 10.0.2.109 65198 -> 65.36.117.251 3453 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:14:22.598738 0.064484 tcp 10.0.2.109 65199 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:14:22.663526 0.062333 tcp 10.0.2.109 65200 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:14:22.726151 0.157331 tcp 10.0.2.109 65201 -> 195.113.214.211 443 SRPA* 0 0 38 18404 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:14:23.044943 3.006240 tcp 10.0.2.109 65202 -> 65.36.117.251 3453 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:14:32.050387 0.000000 tcp 10.0.2.109 65202 -> 65.36.117.251 3453 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:15:09.356832 3.000903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 17:15:16.363904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:15:24.365192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:15:40.368555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:16:12.374636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:22:16.380039 3.001889 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 17:22:23.387477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:22:31.389093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:22:47.392148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:23:12.278484 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 17:23:12.278650 0.074642 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:12.336573 0.000000 udp 10.0.2.109 3683 -> 187.205.138.212 3188 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 17:23:12.337004 3.005539 tcp 10.0.2.109 65203 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:23:19.398331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:23:21.340932 0.000000 tcp 10.0.2.109 65203 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:23:23.063804 1.006709 tcp 10.0.2.109 65204 -> 128.46.109.109 9893 FSPA* 0 0 14 1664 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:23:29.054208 0.069188 tcp 10.0.2.109 65205 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:23:29.123757 0.065543 tcp 10.0.2.109 65206 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:23:29.189572 0.161297 tcp 10.0.2.109 65207 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:23:29.351441 0.000000 udp 10.0.2.109 3683 -> 108.214.152.10 6765 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 17:23:47.419433 0.066965 tcp 10.0.2.109 65208 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:23:47.486745 0.067441 tcp 10.0.2.109 65209 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:23:47.554508 0.149864 tcp 10.0.2.109 65210 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:23:47.704902 0.076370 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:47.766958 0.128947 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:47.767359 3.005754 tcp 10.0.2.109 65211 -> 81.149.140.243 1095 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:23:47.904350 0.165008 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.063125 0.085357 rtp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.132953 0.197261 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.346810 0.098907 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.410953 0.091631 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.475473 0.131608 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.566400 0.117889 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.646828 0.053175 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.704180 0.195036 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.891891 0.044286 rtp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:48.928017 0.165425 rtp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:49.071278 0.047085 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:49.130516 0.128852 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:49.254566 0.324035 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2580 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:49.594725 0.366763 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:49.958731 0.707674 rtp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:50.426452 0.484358 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:50.878032 0.349663 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:51.273626 0.254241 udp 10.0.2.109 3683 <-> 190.118.138.83 5253 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:23:51.512137 0.000000 udp 10.0.2.109 3683 -> 71.17.42.83 7965 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 17:23:56.771821 0.000000 tcp 10.0.2.109 65211 -> 81.149.140.243 1095 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:24:09.551313 0.063256 tcp 10.0.2.109 65212 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:24:09.614938 0.068097 tcp 10.0.2.109 65213 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:24:09.683432 0.155239 tcp 10.0.2.109 65214 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:24:09.839186 0.000000 udp 10.0.2.109 3683 -> 84.152.204.64 1251 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 17:24:25.874367 0.060954 tcp 10.0.2.109 65215 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:24:25.935610 0.064511 tcp 10.0.2.109 65216 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:24:26.000410 0.155308 tcp 10.0.2.109 65217 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:24:26.156269 0.408181 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:26.526813 0.031864 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:26.527250 3.001907 tcp 10.0.2.109 65218 -> 203.206.187.11 2239 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:24:26.567697 0.197309 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:26.762455 0.105342 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:26.833365 0.055404 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:26.957677 0.052409 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:27.005860 0.170709 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:27.154010 0.213582 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:27.381594 0.034047 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:27.449036 0.173716 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:27.627374 0.151360 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:27.777439 0.193473 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:27.971442 0.343646 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:28.415486 0.089306 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:28.465771 0.114646 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:28.566966 0.110026 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:28.684223 0.098434 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:28.815315 0.351876 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:29.227053 0.164630 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:29.373091 0.173287 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:29.528647 0.470147 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:29.954956 0.198955 udp 10.0.2.109 3683 <-> 74.134.234.187 8814 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:24:30.263530 0.000000 udp 10.0.2.109 3683 -> 186.110.227.65 7774 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 17:24:35.528010 0.000000 tcp 10.0.2.109 65218 -> 203.206.187.11 2239 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:24:46.834758 0.067135 tcp 10.0.2.109 65219 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:24:46.902344 0.068420 tcp 10.0.2.109 65220 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:24:46.971093 0.154985 tcp 10.0.2.109 65221 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:24:47.126736 0.090703 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 6 2010 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:29:23.403396 3.002415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 17:29:30.411789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:29:38.413056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:29:54.416990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:30:26.422495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:36:30.428123 3.001515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 17:36:37.435698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:36:45.437243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:37:01.440125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:37:33.446468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:43:37.452416 3.001475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 17:43:44.459767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:43:52.461240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:44:08.464036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:44:40.469566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:51:46.484934 3.002062 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 17:51:53.492622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:52:01.494407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:52:17.496987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:52:49.502772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:53:24.073629 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 17:53:24.073845 0.914277 tcp 10.0.2.109 65222 -> 128.46.109.109 9893 FSPA* 0 0 15 1614 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:54:53.731895 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 17:54:53.732044 0.214233 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:54:53.927377 0.000000 udp 10.0.2.109 3683 -> 84.152.204.64 1251 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 17:54:53.927729 2.998903 tcp 10.0.2.109 65223 -> 71.17.42.83 4025 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:55:02.925006 0.000000 tcp 10.0.2.109 65223 -> 71.17.42.83 4025 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:55:09.686543 0.068311 tcp 10.0.2.109 65224 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:55:09.755140 0.068963 tcp 10.0.2.109 65225 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:55:09.824460 0.154680 tcp 10.0.2.109 65226 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:55:09.979326 0.000000 udp 10.0.2.109 3683 -> 186.110.227.65 7774 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 17:55:25.007479 0.068796 tcp 10.0.2.109 65227 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:55:25.076602 0.066755 tcp 10.0.2.109 65228 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:55:25.143636 0.159262 tcp 10.0.2.109 65229 -> 195.113.214.211 443 SRPA* 0 0 32 17636 flow=From-Botnet-V1-TCP-Established 1970/01/28 17:55:25.303407 0.069764 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:25.356898 0.078204 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:25.357250 3.003820 tcp 10.0.2.109 65230 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:55:25.420712 0.183907 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:25.599961 0.099840 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:25.664834 0.085773 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:25.724271 0.129259 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:25.814018 0.121694 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:25.895345 0.052187 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2037 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:25.951084 0.142513 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:26.093171 0.086490 rtp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:26.162787 0.159051 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:26.341463 0.325843 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:26.669370 0.045173 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:26.706542 0.194132 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:26.893273 0.172142 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:27.044746 0.081103 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:27.136116 0.120830 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:27.264154 0.740161 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:27.744728 0.370265 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:28.112522 0.380747 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:28.484424 0.402888 rtp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:28.838114 0.469296 udp 10.0.2.109 3683 <-> 190.118.138.83 5253 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:29.299800 0.034109 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:29.342209 0.414907 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:29.715028 0.199466 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 1945 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:29.912188 0.053337 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:29.963961 0.051636 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:30.011747 0.172163 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:30.161079 0.213609 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:30.386292 0.036127 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:30.423918 0.169101 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:30.594709 0.310728 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:30.905920 0.109804 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:30.979637 0.093970 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:31.032598 0.142353 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:31.140195 0.111414 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:31.213207 0.098466 rtp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:31.313068 0.727361 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:32.006568 0.331801 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:32.351264 0.358031 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:32.718327 0.163241 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:32.859022 0.176902 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:33.019057 0.474756 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:33.472573 0.202848 udp 10.0.2.109 3683 <-> 74.134.234.187 8814 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:33.669778 0.095612 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/01/28 17:55:34.360121 0.000000 tcp 10.0.2.109 65230 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 17:58:53.509154 3.001184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 17:59:00.517131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:59:08.517871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:59:24.520890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 17:59:56.527325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:06:00.533311 3.001575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 18:06:07.540400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:06:15.542239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:06:31.545283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:07:03.551135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:13:07.557168 3.001714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 18:13:14.565068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:13:22.566319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:13:38.568847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:14:10.575159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:20:14.581404 3.001517 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 18:20:21.588785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:20:29.589547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:20:45.592535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:21:17.609003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:23:24.993071 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 18:23:24.993176 0.957541 tcp 10.0.2.109 65231 -> 128.46.109.109 9893 FSPA* 0 0 14 1631 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:25:58.032737 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 18:25:58.032901 0.000000 udp 10.0.2.109 3683 -> 71.17.42.83 7965 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 18:26:15.328858 0.067137 tcp 10.0.2.109 65232 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:26:15.396350 0.067772 tcp 10.0.2.109 65233 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:26:15.464367 0.151832 tcp 10.0.2.109 65234 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:26:15.617393 0.167007 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:15.779998 0.099522 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:15.780349 3.002147 tcp 10.0.2.109 65235 -> 142.161.36.205 3707 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 18:26:15.845953 0.087413 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:15.906740 0.128752 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:15.993805 0.070881 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:16.066006 0.076782 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:16.128676 0.119223 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:16.204653 0.052901 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:16.264323 0.142701 rtp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:16.406598 0.083404 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:16.474424 0.171358 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:16.638382 0.306954 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:16.945152 0.044104 rtp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:16.981178 0.046846 rtp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:17.029932 0.115341 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:17.153192 0.697567 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:17.630704 0.196194 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:17.819420 0.165832 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:17.962199 0.368578 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:18.327924 0.405181 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:18.715508 0.399140 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:19.071963 0.000000 udp 10.0.2.109 3683 -> 190.118.138.83 5253 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 18:26:24.780728 0.000000 tcp 10.0.2.109 65235 -> 142.161.36.205 3707 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 18:26:38.010761 0.068471 tcp 10.0.2.109 65236 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:26:38.079584 0.067837 tcp 10.0.2.109 65237 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:26:38.147800 0.157895 tcp 10.0.2.109 65238 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:26:38.306212 0.034162 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:38.339351 0.415386 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:38.718039 0.051969 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:38.718609 2.996950 tcp 10.0.2.109 65239 -> 203.206.187.11 2239 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 18:26:38.766039 0.165095 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:38.907075 0.216660 rtp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:39.129489 0.035549 rtp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:39.217059 0.157962 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:39.376410 0.195757 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:39.569334 0.063615 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:39.628512 0.176979 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:39.779999 0.115163 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:39.858369 0.102777 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:39.922347 0.106274 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:40.008056 0.113359 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:40.080201 0.098529 rtp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:40.195467 0.359307 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:40.570163 0.199104 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:40.746540 0.329965 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:41.085748 0.438530 rtp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:41.503613 0.193162 rtp 10.0.2.109 3683 <-> 74.134.234.187 8814 CON 0 0 6 2589 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:41.688194 0.096634 rtp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:41.762496 0.157327 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:41.900563 0.177264 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 6 1900 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:26:47.723258 0.000000 tcp 10.0.2.109 65239 -> 203.206.187.11 2239 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 18:27:21.615246 3.001726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 18:27:28.621969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:27:36.624034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:27:52.627135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:28:24.633211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:34:28.639650 3.001135 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 18:34:35.646815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:34:43.648032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:34:59.651060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:35:31.657094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:41:35.672597 3.024550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 18:41:42.690486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:41:50.691621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:42:06.695026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:42:38.701033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:48:42.707137 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 18:48:49.714764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:48:57.715969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:49:13.719270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:49:45.725123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:53:25.952248 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 18:53:25.952439 1.023736 tcp 10.0.2.109 65240 -> 128.46.109.109 9893 FSPA* 0 0 15 1666 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:55:49.731395 3.001480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 18:55:56.738852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:56:04.740190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:56:20.743072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:56:52.749117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 18:57:06.408869 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 18:57:06.409040 0.198671 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:06.608281 0.000000 udp 10.0.2.109 3683 -> 190.118.138.83 5253 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 18:57:06.608660 3.004289 tcp 10.0.2.109 65241 -> 71.17.42.83 4025 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 18:57:15.611939 0.000000 tcp 10.0.2.109 65241 -> 71.17.42.83 4025 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 18:57:25.277572 0.062868 tcp 10.0.2.109 65242 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:57:25.340769 0.063924 tcp 10.0.2.109 65243 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:57:25.405179 0.153367 tcp 10.0.2.109 65244 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:57:25.559248 0.184615 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:25.744347 0.062403 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:25.807245 0.087546 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:25.895283 0.054674 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:25.950599 0.058895 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:26.009981 0.077025 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:26.087464 0.049504 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:26.137388 0.141484 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:26.279353 0.096754 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:26.376541 0.060270 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:26.437238 0.155829 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:26.593535 0.053379 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:26.647324 0.130608 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:26.778507 0.459447 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:27.238378 0.315566 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:27.554438 0.055102 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:27.609986 0.367121 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:27.610323 4.984296 tcp 10.0.2.109 65245 -> 77.23.25.163 5353 SPA_* 0 0 407 220948 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:57:27.977417 0.341011 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:28.318875 0.139953 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:28.459215 0.190429 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:28.650248 0.361563 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:29.012154 0.031199 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:29.043796 0.378184 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:29.422596 0.040693 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:29.463712 0.037380 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:29.501697 0.167522 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:29.669552 0.189685 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:29.859655 0.054293 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:29.914420 0.146412 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:57:30.061215 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 18:57:32.645263 3.170464 tcp 10.0.2.109 65245 -> 77.23.25.163 5353 FPA_* 0 0 254 140708 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:57:36.462591 0.064328 tcp 10.0.2.109 65246 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:57:36.527226 0.065953 tcp 10.0.2.109 65247 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:57:36.593448 0.152942 tcp 10.0.2.109 65248 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:57:52.463532 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 REQ 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 18:58:08.448804 0.064805 tcp 10.0.2.109 65249 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:58:08.513856 0.065186 tcp 10.0.2.109 65250 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:58:08.579336 0.157229 tcp 10.0.2.109 65251 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/28 18:58:08.737129 0.210419 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:08.947969 0.075856 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:09.024264 0.051334 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:09.076000 0.078278 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:09.154732 0.067183 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:09.222509 0.146178 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:09.369109 0.355598 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:09.725123 0.098043 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:09.823612 0.073741 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:09.897756 0.334393 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:10.232596 0.418012 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:10.651124 0.178681 udp 10.0.2.109 3683 <-> 74.134.234.187 8814 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:10.830534 0.135978 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:10.966919 0.150987 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.118471 0.189520 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.308462 0.056670 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.365579 0.187698 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.553675 0.049701 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.603786 0.074751 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.678929 0.042930 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.722298 0.056016 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.778746 0.067447 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.846593 0.066859 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:11.913867 0.105686 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:12.019996 0.140971 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:12.161420 0.056315 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:12.218219 0.052322 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:12.271016 0.156566 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:12.428085 0.035219 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:12.463748 0.315449 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:12.779612 0.478080 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:13.258160 0.360247 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:13.618843 0.338110 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:13.957395 0.183321 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:14.141200 0.139321 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:14.280902 0.039277 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:14.320612 0.031479 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:14.352503 0.355503 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:14.708462 0.037186 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:14.746175 0.153403 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:14.899941 0.378325 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:15.278683 0.146734 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:15.425807 0.186616 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:15.612897 0.039696 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/28 18:58:37.429707 0.923180 tcp 10.0.2.109 65252 -> 128.46.109.109 9893 FSPA* 0 0 14 1605 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:02:56.786193 3.000518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 19:03:03.792702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:03:11.793485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:03:27.797251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:03:59.803260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:10:03.810767 2.999979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 19:10:10.816639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:10:18.818035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:10:34.820960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:11:06.827020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:17:10.833302 3.001673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 19:17:17.840627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:17:25.841724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:17:41.845003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:18:13.850818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:24:17.857872 3.000810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 19:24:24.864447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:24:32.866083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:24:48.868872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:25:20.875116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:28:23.738340 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 19:28:23.738437 0.059379 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:23.798226 0.082730 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:23.881405 0.066061 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:23.947864 0.149739 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:24.097980 0.340942 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:24.439332 0.097640 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:24.537398 0.210758 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:24.748549 0.069960 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:24.818945 0.071963 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:24.891261 0.329923 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:25.221590 0.415704 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:25.637781 0.000000 udp 10.0.2.109 3683 -> 74.134.234.187 8814 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 19:28:38.359319 0.951355 tcp 10.0.2.109 65253 -> 128.46.109.109 9893 FSPA* 0 0 14 1714 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:28:42.477202 0.061557 tcp 10.0.2.109 65254 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:28:42.539014 0.064888 tcp 10.0.2.109 65255 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:28:42.604367 0.150492 tcp 10.0.2.109 65256 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:28:42.755550 0.136314 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:42.892309 0.151235 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:43.043962 0.362012 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:43.406415 0.058617 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:28:43.465512 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 19:29:00.131234 0.064023 tcp 10.0.2.109 65257 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:29:00.195551 0.068443 tcp 10.0.2.109 65258 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:29:00.264294 0.152583 tcp 10.0.2.109 65259 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:29:00.417471 0.048970 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:00.466901 0.090261 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:00.557554 0.052653 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:00.610650 0.062901 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:00.673975 0.079891 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:00.754353 0.077016 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:00.831753 0.115457 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:00.947761 0.133854 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:01.082059 0.063230 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:01.145694 0.059557 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:01.205637 0.156798 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:01.362852 0.035190 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:01.398564 0.306910 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:01.705936 0.566419 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:02.272829 0.362174 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:02.635367 0.382883 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:03.018731 0.185709 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:03.204879 0.146576 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:03.351909 0.040661 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:03.392994 0.031052 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:03.424582 0.355110 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:03.780112 0.037080 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:03.817567 0.159545 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:03.977561 0.193750 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:04.171795 0.063252 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:04.235530 0.164009 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:29:04.400000 0.379462 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:31:24.882575 2.999742 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 19:31:31.888612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:31:39.889970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:31:55.892866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:32:27.898755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:38:31.904904 3.001934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 19:38:38.912395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:38:46.913823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:39:02.917048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:39:34.923053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:45:38.928745 3.001966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 19:45:45.936842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:45:53.937638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:46:09.941014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:46:41.947143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:52:48.958089 3.000619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 19:52:55.965166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:53:03.966801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:53:19.968939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:53:51.975155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 19:58:39.318811 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 19:58:39.318961 0.957430 tcp 10.0.2.109 65260 -> 128.46.109.109 9893 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:59:11.054110 0.000000 udp 10.0.2.109 3683 -> 74.134.234.187 8814 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 19:59:29.742826 0.061074 tcp 10.0.2.109 65261 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:59:29.804185 0.061159 tcp 10.0.2.109 65262 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:59:29.865609 0.157620 tcp 10.0.2.109 65263 -> 195.113.214.211 443 SRPA* 0 0 40 22016 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:59:30.023762 0.163899 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:30.188058 0.052267 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:30.240825 0.149779 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:30.391016 0.368672 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:30.760121 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 19:59:45.975072 0.067967 tcp 10.0.2.109 65264 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:59:46.043350 0.064312 tcp 10.0.2.109 65265 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:59:46.107960 0.151604 tcp 10.0.2.109 65266 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/28 19:59:46.260099 0.212450 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:46.472934 0.072196 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:46.545563 0.074369 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:46.620363 0.080948 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:46.701762 0.332655 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:47.034845 0.074707 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/28 19:59:47.109924 0.000000 udp 10.0.2.109 3683 -> 203.45.157.34 1089 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 19:59:55.981148 3.001752 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 20:00:02.988517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:00:04.921994 0.065057 tcp 10.0.2.109 65267 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 20:00:04.987418 0.062372 tcp 10.0.2.109 65268 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 20:00:05.050193 0.155516 tcp 10.0.2.109 65269 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/28 20:00:05.206415 0.058371 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:05.265231 0.159098 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:05.424826 0.154147 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:05.579358 0.187318 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:05.767114 0.049995 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:05.817562 0.086613 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:05.904562 0.048080 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:05.953070 0.066341 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:06.019807 0.044274 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:06.064488 0.079320 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:06.144230 0.108117 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:06.252769 0.147927 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:06.401140 0.064689 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:06.466259 0.063372 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:06.530071 0.161944 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:06.692410 0.036304 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:06.729117 0.306667 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:07.036202 0.446115 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:07.482704 0.367543 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:07.850618 0.327239 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:08.178461 0.191407 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:08.370472 0.140682 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:08.511655 0.041848 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:08.553940 0.029207 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:08.583565 0.358523 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:08.942501 0.048363 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:08.991388 0.048967 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:09.040757 0.155761 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:09.196972 0.371578 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:09.568978 0.182778 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:09.752158 0.194569 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:00:10.990049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:00:26.993111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:00:58.999064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:07:03.007069 2.999812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 20:07:10.012464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:07:18.014128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:07:34.017138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:08:06.023154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:14:10.030163 3.000641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 20:14:17.036822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:14:25.037925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:14:41.041003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:15:13.047182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:21:17.052743 3.001857 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 20:21:24.060162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:21:32.062032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:21:48.065093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:22:20.071108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:28:24.078708 3.000119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 20:28:31.084644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:28:39.086004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:28:40.278259 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 20:28:40.278394 0.968848 tcp 10.0.2.109 65270 -> 128.46.109.109 9893 FSPA* 0 0 14 1499 flow=From-Botnet-V1-TCP-Established 1970/01/28 20:28:55.089118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:29:27.094993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:30:28.893906 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 20:30:28.894063 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 20:30:44.738274 0.065788 tcp 10.0.2.109 65271 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 20:30:44.804390 0.062498 tcp 10.0.2.109 65272 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 20:30:44.867203 0.203741 tcp 10.0.2.109 65273 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/28 20:30:45.071501 0.416756 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:45.488691 0.149666 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:45.638765 0.050748 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:45.689978 0.159890 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:45.850400 0.373824 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:46.224679 0.068742 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:46.294080 0.086634 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:46.381256 0.211603 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:46.593284 0.071517 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:46.665221 0.073753 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:46.739453 0.325507 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.065354 0.156903 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.222707 0.214306 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.437422 0.049957 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.487782 0.056662 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.544908 0.174229 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.719643 0.084940 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.805070 0.054634 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.860120 0.063036 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.923584 0.040973 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:47.965009 0.078437 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:48.043900 0.113390 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:48.157737 0.133732 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:48.292000 0.065551 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:48.357937 0.091802 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:48.450356 0.160381 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:48.611123 0.034355 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:48.645986 0.372172 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:49.018586 0.305149 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:49.324139 0.465894 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:49.790421 0.317023 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:50.107862 0.182999 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:50.291283 0.150959 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:50.442738 0.045287 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:50.488483 0.029182 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:50.518160 0.047954 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:50.566515 0.152435 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:50.719453 0.410595 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:51.130478 0.146671 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:51.277507 0.363012 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:51.640899 0.036486 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:30:51.677858 0.194129 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/28 20:35:31.100441 3.001881 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 20:35:38.108942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:35:46.109870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:36:02.112957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:36:34.118921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:42:38.125257 3.001314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 20:42:45.132619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:42:53.133803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:43:09.137034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:43:41.143150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:49:45.150578 3.000007 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 20:49:52.156125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:50:00.157921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:50:16.161016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:50:48.166922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:56:52.172942 3.001738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 20:56:59.180621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:57:07.182265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:57:23.184919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:57:55.190875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 20:58:41.227576 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 20:58:41.227731 0.921655 tcp 10.0.2.109 65274 -> 128.46.109.109 9893 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:00:53.407335 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 21:00:53.407438 0.049914 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:53.457738 0.162422 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:53.620587 0.457711 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:54.078673 0.147367 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:54.226528 0.368869 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:54.595747 0.065758 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:54.661883 0.090509 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:54.752916 0.212400 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:54.965734 0.074289 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:55.040418 0.073892 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:00:55.114707 0.000000 udp 10.0.2.109 3683 -> 71.17.42.83 7965 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 21:01:11.134170 0.067659 tcp 10.0.2.109 65275 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:01:11.202338 0.068298 tcp 10.0.2.109 65276 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:01:11.271011 0.158625 tcp 10.0.2.109 65277 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:01:11.430446 0.051977 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:11.482927 0.061251 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:11.544586 0.167125 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:11.712129 0.086438 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:11.798954 0.055380 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:11.854772 0.329331 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:12.184569 0.156703 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:12.341705 0.061479 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:12.403643 0.044545 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:12.448599 0.080652 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:12.529707 0.103086 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:12.633259 0.134315 udp 10.0.2.109 3683 <-> 128.46.109.109 1396 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:12.768020 0.065073 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:12.833559 0.060072 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:12.894251 0.154784 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:13.049503 0.034761 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:13.084689 0.481596 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:13.566750 0.370637 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:13.937798 0.312400 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:14.250722 0.348326 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:14.599514 0.181576 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:14.781446 0.141943 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:14.923772 0.040917 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:14.965159 0.029196 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:14.994782 0.046529 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:15.041685 0.154345 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:15.196442 0.354274 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:15.551126 0.098061 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:15.649560 0.381654 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:16.031660 0.155885 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:01:16.188016 0.189808 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:03:59.196944 3.001559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 21:04:06.203992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:04:14.205722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:04:30.208794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:05:02.214507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:11:06.221349 3.001294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 21:11:13.228440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:11:21.229651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:11:37.232650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:12:09.238756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:18:13.246012 3.000634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 21:18:20.252302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:18:28.253590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:18:44.256654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:19:16.262713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:25:20.269107 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 21:25:27.276117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:25:35.277549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:25:51.280637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:26:23.286803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:28:42.157056 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 21:28:42.157285 3.003604 tcp 10.0.2.109 65278 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 21:28:51.159093 0.000000 tcp 10.0.2.109 65278 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 21:28:55.729361 0.009592 udp 10.0.2.109 49750 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/01/28 21:28:55.739525 0.009566 udp 10.0.2.109 64263 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/01/28 21:28:57.159429 0.044413 tcp 10.0.2.109 65279 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:28:57.204168 0.044294 tcp 10.0.2.109 65280 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:28:57.248758 0.149422 tcp 10.0.2.109 65281 -> 195.113.214.211 443 SRPA* 0 0 38 33208 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:28:57.456524 3.005453 tcp 10.0.2.109 65282 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 21:29:06.460600 0.000000 tcp 10.0.2.109 65282 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/28 21:29:12.450841 0.043163 tcp 10.0.2.109 65283 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:29:12.494284 0.044350 tcp 10.0.2.109 65284 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:29:12.538926 0.157296 tcp 10.0.2.109 65285 -> 195.113.214.211 443 SRPA* 0 0 41 34598 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:29:12.777882 1.943476 tcp 10.0.2.109 65286 -> 27.251.231.18 9791 FSPA* 0 0 14 1719 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:31:20.584500 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 21:31:20.584611 0.000000 udp 10.0.2.109 3683 -> 71.17.42.83 7965 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 21:31:37.048644 0.044441 tcp 10.0.2.109 65287 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:31:37.093331 0.044427 tcp 10.0.2.109 65288 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:31:37.138129 0.158371 tcp 10.0.2.109 65289 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:31:37.296990 0.050352 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:37.347788 0.165573 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:37.513811 0.443796 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:37.958062 0.085121 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:38.043651 0.075031 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:38.119065 0.149344 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:38.268757 0.344642 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:38.613786 0.075605 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:38.689871 0.083379 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:38.773615 0.211048 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:38.985086 0.174121 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:39.159610 0.088149 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:39.248158 0.054470 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:39.303023 0.051185 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:39.354612 0.057954 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:39.412929 0.339259 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:39.752603 0.000000 udp 10.0.2.109 3683 -> 67.237.9.201 4174 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 21:31:58.530397 0.043550 tcp 10.0.2.109 65290 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:31:58.574341 0.045003 tcp 10.0.2.109 65291 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:31:58.619671 0.165983 tcp 10.0.2.109 65292 -> 195.113.214.211 443 SRPA* 0 0 40 30214 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:31:58.786398 0.065080 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:58.851928 0.045662 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:58.898018 0.083000 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:58.981424 0.109389 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:31:59.091190 0.000000 udp 10.0.2.109 3683 -> 128.46.109.109 1396 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 21:32:17.947770 0.043986 tcp 10.0.2.109 65293 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:32:17.992013 0.044282 tcp 10.0.2.109 65294 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:32:18.036595 0.152367 tcp 10.0.2.109 65295 -> 195.113.214.211 443 SRPA* 0 0 33 17852 flow=From-Botnet-V1-TCP-Established 1970/01/28 21:32:18.189561 0.066389 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:18.256361 0.034425 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:18.291268 0.440719 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:18.732390 0.065647 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:18.798557 0.155346 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:18.954565 0.322092 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:19.277121 0.189527 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:19.467014 0.369424 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:19.836860 0.313255 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:20.150510 0.142939 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:20.293874 0.046270 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:20.340563 0.031096 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:20.372042 0.155239 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:20.527646 0.153369 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:20.681416 0.360077 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:21.041979 0.033169 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:21.075626 0.193058 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:21.269109 0.373564 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:21.643157 0.161954 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/28 21:32:27.293138 3.001329 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 21:32:34.300424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:32:42.303053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:32:58.304199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:33:30.310957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:39:34.316499 3.001860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 21:39:41.324126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:39:49.325536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:40:05.328400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:40:37.334803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:46:41.340957 3.001486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 21:46:48.347971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:46:56.349320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:47:12.352795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:47:44.359012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:53:48.364003 3.002206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 21:53:55.372121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:54:03.373539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:54:19.376627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:54:51.383131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 21:59:14.721574 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 21:59:14.721808 1.849344 tcp 10.0.2.109 65296 -> 27.251.231.18 9791 FSPA* 0 0 15 1656 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:00:55.388892 3.000959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 22:01:02.396082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:01:10.397346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:01:26.400362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:01:58.406779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:02:28.600008 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 22:02:28.600121 0.127108 udp 10.0.2.109 3683 -> 128.46.109.109 1396 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 22:02:28.727229 0.000000 icmp 128.46.109.109 0x0303 -> 10.0.2.109 0x7405 URP 192 1 286 flow=Background 1970/01/28 22:02:45.135521 0.044816 tcp 10.0.2.109 65297 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:02:45.180619 0.045022 tcp 10.0.2.109 65298 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:02:45.226016 0.159597 tcp 10.0.2.109 65299 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:02:45.386208 0.136336 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:45.523028 0.052044 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:45.575478 0.165762 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:45.741704 0.072722 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:45.814839 0.148928 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:45.964289 0.353623 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:46.318357 0.073008 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:46.391756 0.070565 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:46.462696 0.106322 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:46.569443 0.533528 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:47.103342 0.049829 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:47.153677 0.061185 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:47.215283 0.326729 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:47.542444 0.297899 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:47.840729 0.219093 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:48.060228 0.083841 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:48.144490 0.053391 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:48.198524 0.064324 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:48.263310 0.110170 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:48.373845 0.086154 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:48.460377 0.059610 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:48.520372 0.435642 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:48.956425 0.066483 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:49.023345 0.065991 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:49.089758 0.035829 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:49.126040 0.184227 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:49.310714 0.365423 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:49.676572 0.157687 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:49.834626 0.324043 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:50.159068 0.303969 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:50.463408 0.152849 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:50.616669 0.040216 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:50.657300 0.029189 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:50.686854 0.050603 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:50.737846 0.152265 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:50.890606 0.189026 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:51.080086 0.380218 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:02:51.460672 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 22:03:08.297588 0.043507 tcp 10.0.2.109 65300 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:03:08.341429 0.044422 tcp 10.0.2.109 65301 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:03:08.386118 0.151209 tcp 10.0.2.109 65302 -> 195.113.214.211 443 SRPA* 0 0 41 33160 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:03:08.537885 0.361890 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:03:08.900180 0.035361 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:08:02.412999 3.001082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 22:08:09.419801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:08:17.421409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:08:33.424785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:09:05.430476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:15:09.436152 3.002230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 22:15:16.444528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:15:24.445816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:15:40.449121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:16:12.454096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:22:16.461339 3.000785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 22:22:23.467773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:22:31.490428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:22:47.482865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:23:19.488571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:29:16.572127 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 22:29:16.572316 1.921137 tcp 10.0.2.109 65303 -> 27.251.231.18 9791 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:29:23.494550 3.001344 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 22:29:30.501207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:29:38.503373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:29:54.506654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:30:26.511824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:33:36.145475 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 22:33:36.145658 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/28 22:33:52.841126 0.044224 tcp 10.0.2.109 65304 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:33:52.885636 0.096965 tcp 10.0.2.109 65305 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:33:52.982887 0.155359 tcp 10.0.2.109 65306 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:33:53.138902 0.165021 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:53.304378 0.068201 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:53.372995 0.136194 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:53.509634 0.050341 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:53.560404 0.075524 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:53.636366 0.074714 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:53.711504 0.080672 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:53.792564 0.152336 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:53.945307 0.342272 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:54.288041 0.420692 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:54.709094 0.346189 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.055673 0.150650 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.206770 0.060178 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.267402 0.049719 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.326501 0.058615 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.385564 0.062564 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.448480 0.110389 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.559314 0.080240 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.639974 0.063167 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.703516 0.082564 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:55.786541 0.214696 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:56.001675 0.063958 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:56.066028 0.035831 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:56.102295 0.184621 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:56.287320 0.361023 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:56.648736 0.162190 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:56.811376 0.450503 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:57.262307 0.067344 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:57.330228 0.150366 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:57.481008 0.045975 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:57.527461 0.029467 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:57.557356 0.052954 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:57.610735 0.363549 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:57.974676 0.307715 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:58.282794 0.152915 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:58.436156 0.194823 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:58.631365 0.375786 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:59.007625 0.354762 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:33:59.362778 0.043856 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/28 22:36:30.518370 3.001638 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 22:36:37.525890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:36:45.527025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:37:01.530485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:37:33.536256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:43:37.543310 3.000525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 22:43:44.550019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:43:52.551338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:44:08.554461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:44:41.317808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:51:49.580024 3.000838 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 22:51:56.589150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:52:04.588834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:52:20.591633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:52:52.597571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:58:56.603708 3.001648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 22:59:03.611143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:59:11.612798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:59:18.493025 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 22:59:18.493246 1.920437 tcp 10.0.2.109 65307 -> 27.251.231.18 9791 FSPA* 0 0 15 1734 flow=From-Botnet-V1-TCP-Established 1970/01/28 22:59:27.615766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 22:59:59.621474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:04:01.549949 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 23:04:01.550168 0.171691 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:01.722599 0.068629 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:01.791739 0.136863 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:01.929012 0.047645 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:01.977083 0.074277 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:02.051732 0.069161 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:02.121328 0.123545 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:02.245387 0.418967 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:02.664801 0.150724 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:02.815980 0.358777 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:03.175186 0.342049 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:03.517667 0.171645 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:03.689784 0.062759 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:03.752939 0.050039 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:03.803380 0.052473 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:03.856230 0.070759 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:03.927384 0.106849 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:04.034682 0.084726 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:04.119823 0.044992 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:04.165279 0.086260 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:04.251966 0.034929 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:04.287300 0.192076 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:04.479855 0.363398 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:04.843679 0.155325 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:04.999797 0.209779 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:05.210070 0.064506 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:05.275065 0.462426 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:05.737945 0.068660 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:05.807025 0.146333 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:05.953769 0.040436 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:05.994566 0.029139 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:06.024117 0.042565 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:06.067073 0.158026 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:06.225573 0.190533 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:06.416603 0.350956 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:06.767976 0.305051 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:07.073451 0.034349 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:07.108189 0.374660 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:04:07.483266 0.357138 rtcp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:06:03.632500 2.997128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 23:06:10.635177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:06:18.636805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:06:34.639622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:07:06.645633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:13:10.652123 3.001377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 23:13:17.659154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:13:25.660431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:13:41.663752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:14:13.669844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:20:17.675611 3.001708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 23:20:24.683156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:20:32.684642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:20:48.687737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:21:20.693254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:27:24.699582 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 23:27:31.707365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:27:39.709274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:27:55.711570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:28:27.717768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:29:20.413728 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 23:29:20.413921 1.868470 tcp 10.0.2.109 65308 -> 27.251.231.18 9791 FSPA* 0 0 15 1670 flow=From-Botnet-V1-TCP-Established 1970/01/28 23:34:26.263532 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 23:34:26.263641 0.164926 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:26.429011 0.064770 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:26.494192 0.136830 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:26.631438 0.049092 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:26.680950 0.071437 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:26.752826 0.099056 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:26.852274 0.087025 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:26.939751 0.417079 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:27.357248 0.147354 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:27.505040 0.312614 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:27.818065 0.063966 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:27.882562 0.049710 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:27.932649 0.052113 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:27.985217 0.351307 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:28.336941 0.334684 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:28.672093 0.066259 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:28.738798 0.111466 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:28.850756 0.077140 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:28.928289 0.044053 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:28.972734 0.088691 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:29.061788 0.039193 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:29.101398 0.180651 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:29.282516 0.374712 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:29.657744 0.123251 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:29.781414 0.455384 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:30.237164 0.068775 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:30.306486 0.161000 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:30.467959 0.210356 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:30.678708 0.145097 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:30.824286 0.041968 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:30.866670 0.031435 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:30.898573 0.049250 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:30.948272 0.155720 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:31.104451 0.193632 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:31.298527 0.336458 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:31.635439 0.396452 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:31.724753 3.000312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/28 23:34:32.032279 0.353428 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:32.386067 0.306047 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:32.692541 0.048801 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/28 23:34:38.731113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:34:46.732686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:35:02.735471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:35:34.741580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:41:38.757228 3.002008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 23:41:45.765014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:41:53.766780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:42:09.769445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:42:41.775649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:48:45.781206 3.002259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 23:48:52.789177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:49:00.790776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:49:16.793554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:49:48.799543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:55:52.805712 3.001817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/28 23:55:59.812960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:56:07.815301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:56:23.817921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:56:55.823483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/28 23:59:22.295129 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/28 23:59:22.295279 3.842753 tcp 10.0.2.109 65309 -> 27.251.231.18 9791 FSPA* 0 0 14 1675 flow=From-Botnet-V1-TCP-Established 1970/01/29 00:02:59.829558 3.001398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 00:03:06.837004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:03:14.837798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:03:30.841607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:04:02.847626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:05:02.132905 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 00:05:02.133059 0.136484 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:02.269931 0.047703 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:02.317991 0.117489 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:02.435887 0.071041 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:02.507291 0.165740 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:02.673480 0.068876 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:02.742735 0.077159 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:02.820294 0.731163 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:03.551875 0.151171 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:03.703726 0.156267 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:03.860392 0.048356 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:03.909143 0.353919 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:04.263534 0.324053 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:04.587941 0.072257 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:04.660600 0.109641 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:04.770688 0.058361 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:04.829490 0.050161 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:04.880069 0.076021 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:04.956637 0.067052 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:05.024125 0.086250 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:05.110857 0.041015 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:05.152297 0.190629 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:05.343314 0.373492 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:05.717246 0.066215 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:05.783899 0.160778 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:05.945113 0.209626 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:06.155137 0.143266 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:06.298849 0.045966 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:06.345222 0.477134 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:06.822738 0.065451 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:06.888578 0.029222 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:06.918377 0.046887 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:06.965658 0.153157 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:07.119310 0.193668 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:07.313401 0.394669 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:07.708491 0.310092 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:08.019060 0.036940 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:08.056423 0.388166 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:05:08.445018 0.355895 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:10:06.854800 3.000536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 00:10:13.860645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:10:21.862013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:10:37.865271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:11:09.871512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:17:13.876981 3.012192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 00:17:20.895130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:17:28.896587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:17:44.899422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:18:16.905342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:24:20.911458 3.001616 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 00:24:27.919028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:24:35.920610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:24:51.923192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:25:23.929351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:29:26.138002 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 00:29:26.138178 2.955341 tcp 10.0.2.109 65310 -> 27.251.231.18 9791 FSPA* 0 0 15 1738 flow=From-Botnet-V1-TCP-Established 1970/01/29 00:31:27.935242 3.001821 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 00:31:34.943340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:31:44.540361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:32:00.341051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:32:31.966044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:35:19.556031 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 00:35:19.556140 0.085098 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:19.747028 0.072231 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:19.819642 0.165196 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:19.985248 0.071354 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:20.056989 0.076886 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:20.134360 0.137169 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:20.271982 0.054646 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:20.327122 0.614992 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:20.942503 0.153315 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:21.096203 0.165956 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:21.262596 0.329289 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:21.592315 0.065550 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:21.658356 0.123367 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:21.782195 0.063447 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:21.846207 0.051173 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:21.897764 0.052916 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:21.951074 0.372227 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:22.323664 0.211023 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:22.535182 0.064914 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:22.600577 0.086574 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:22.687614 0.036255 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:22.724337 0.180406 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:22.905117 0.370388 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:23.275930 0.068634 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:23.344988 0.152966 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:23.498474 0.040838 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:23.539741 0.460892 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:24.001066 0.061159 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:24.062744 0.155018 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:24.218304 0.215732 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:24.434477 0.029443 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:24.464357 0.051184 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:24.515982 0.153425 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:24.669869 0.194373 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:24.864736 0.328993 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:25.194395 0.400669 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:25.595578 0.357374 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:25.953406 0.308911 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:35:26.262697 0.035511 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 00:38:34.969910 3.001055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 00:38:41.976763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:38:49.977850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:39:05.981263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:39:37.987288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:45:41.994385 3.000637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 00:45:49.000680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:45:57.002438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:46:13.005202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:46:45.011122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:52:49.017016 3.001457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 00:52:56.024749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:53:04.026212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:53:20.028833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:53:52.035292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 00:59:29.150264 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 00:59:29.150457 0.243283 tcp 10.0.2.109 65311 -> 27.251.231.18 9791 SPA_* 0 0 9 1086 flow=From-Botnet-V1-TCP-Established 1970/01/29 00:59:35.376962 0.362777 tcp 10.0.2.109 65311 -> 27.251.231.18 9791 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/29 00:59:56.113534 2.999332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 01:00:03.118777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:00:11.120699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:00:27.123630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:00:59.129522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:05:44.099350 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 01:05:44.099533 0.071021 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:44.170993 0.078333 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:44.249781 0.083511 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:44.333677 0.136976 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:44.471099 0.051428 udp 10.0.2.109 3683 <-> 86.174.109.243 9030 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:44.522956 0.173305 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:44.696682 0.073176 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:44.770316 0.420402 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:45.191121 0.151581 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:45.343114 0.112430 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:45.455980 0.327159 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:45.783537 0.058262 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:45.842224 0.126624 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:45.969321 0.059742 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.029554 0.050005 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.080054 0.053498 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.134028 0.364993 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.499452 0.074363 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.574206 0.044863 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.619477 0.085666 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.705536 0.035575 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.741505 0.063707 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.805649 0.142900 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.949072 0.041063 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:46.990548 0.187022 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:47.177963 0.376044 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:47.554449 0.481462 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:48.036341 0.064300 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:48.101128 0.156098 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:48.257689 0.214534 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:48.472702 0.031493 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:48.504578 0.054497 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:48.559493 0.156927 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:48.716872 0.194547 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:48.911808 0.360966 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:49.273291 0.370559 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:49.644221 0.043663 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:49.688320 0.371686 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:05:50.060396 0.305733 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:07:03.157949 2.998967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 01:07:10.162766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:07:18.164202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:07:34.167147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:08:06.173542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:14:10.179193 3.031556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 01:14:17.196674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:14:25.198189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:14:41.201334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:15:13.207337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:21:17.213419 3.001562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 01:21:24.220677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:21:32.222222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:21:48.225077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:22:20.241174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:28:24.247592 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 01:28:31.254587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:28:39.256449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:28:55.259111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:29:27.265047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:29:35.747639 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 01:29:35.747739 1.998993 tcp 10.0.2.109 65312 -> 27.251.231.18 9791 FSPA* 0 0 15 1601 flow=From-Botnet-V1-TCP-Established 1970/01/29 01:35:31.272353 3.193086 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 01:35:38.434233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:35:46.357131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:35:56.324462 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 01:35:56.324659 0.075241 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:35:56.400326 0.068708 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:35:56.469458 0.073657 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:35:56.543562 0.136508 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:35:56.680516 0.000000 udp 10.0.2.109 3683 -> 86.174.109.243 9030 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 01:36:02.293244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:36:15.274509 0.114895 tcp 10.0.2.109 65313 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 01:36:15.389723 0.068848 tcp 10.0.2.109 65314 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 01:36:15.458934 0.383844 tcp 10.0.2.109 65315 -> 195.113.214.211 443 SRPA* 0 0 86 87706 flow=From-Botnet-V1-TCP-Established 1970/01/29 01:36:15.843418 0.168068 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:16.011885 0.072250 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:16.084535 0.172085 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:16.256984 0.340036 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:16.597411 0.066148 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:16.663890 0.420666 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:17.084927 0.150660 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:17.235991 0.104727 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:17.341206 0.184992 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:17.526660 0.049855 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:17.576909 0.053260 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:17.630614 0.375936 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:18.007004 0.078693 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:18.086371 0.058644 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:18.145419 0.086256 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:18.232104 0.035171 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:18.267670 0.065686 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:18.333775 0.179160 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:18.513397 0.366412 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:18.880226 0.149431 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:19.030016 0.040907 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:19.071367 0.464536 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:19.536319 0.057484 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:19.594268 0.156565 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:19.751291 0.210387 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:19.962327 0.029035 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:19.991744 0.044554 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:20.036707 0.152592 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:20.195920 0.194438 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:20.390765 0.036765 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:20.427959 0.390936 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:20.819340 0.372951 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:21.192702 0.365222 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:21.558439 0.313089 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/29 01:36:34.299247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:42:38.306188 3.069789 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 01:42:45.344475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:42:53.324367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:43:09.327154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:43:41.332882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:49:45.340046 3.001218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 01:49:52.346625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:50:00.348243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:50:16.351038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:50:48.357069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:56:52.364592 3.000407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 01:56:59.370704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:57:07.371849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:57:23.375133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:57:55.380846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 01:59:37.748692 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 01:59:37.748808 2.952025 tcp 10.0.2.109 65316 -> 27.251.231.18 9791 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/01/29 02:03:59.387837 3.000701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 02:04:06.394626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:04:14.395885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:04:30.398956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:05:02.404417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:06:48.648052 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 02:06:48.648284 0.000000 udp 10.0.2.109 3683 -> 86.174.109.243 9030 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 02:07:06.745460 0.067845 tcp 10.0.2.109 65317 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 02:07:06.813570 0.067203 tcp 10.0.2.109 65318 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 02:07:06.880613 0.225482 tcp 10.0.2.109 65319 -> 195.113.214.211 443 SRPA* 0 0 34 24791 flow=From-Botnet-V1-TCP-Established 1970/01/29 02:07:07.106630 0.135943 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:07.242993 0.072763 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:07.316196 0.072763 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:07.389488 0.082239 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:07.472165 0.172931 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:07.645543 0.069265 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:07.715245 0.155491 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:07.871135 0.334509 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:08.206114 0.068514 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:08.275019 0.110896 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:08.386328 0.061885 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:08.448605 0.050057 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:08.499084 0.053383 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:08.552839 0.440480 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:08.993800 0.151757 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:09.146019 0.367198 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:09.513568 0.076643 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:09.590584 0.047234 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:09.638285 0.089322 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:09.728003 0.035866 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:09.764328 0.064338 udp 10.0.2.109 3683 <-> 81.149.254.99 3135 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:09.829061 0.178447 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:10.007923 0.369853 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:10.378217 0.459528 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:10.838185 0.060919 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:10.899516 0.155446 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:11.055412 0.144332 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:11.200249 0.046092 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:11.246820 0.215189 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:11.462393 0.029256 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:11.491990 0.043937 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:11.536391 0.151092 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:11.687903 0.192952 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:11.881196 0.035508 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:11.917079 0.362468 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:12.279948 0.313796 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:12.594367 0.378419 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:07:12.973298 0.405217 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:11:06.411135 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 02:11:13.417982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:11:21.419797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:11:37.423092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:12:09.428378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:18:13.434546 3.002060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 02:18:20.442514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:18:28.443794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:18:44.446928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:19:16.452452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:25:20.459194 3.001505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 02:25:27.466165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:25:35.467761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:25:51.470817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:26:23.477057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:29:40.701265 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 02:29:40.701431 1.860884 tcp 10.0.2.109 65320 -> 27.251.231.18 9791 FSPA* 0 0 14 1628 flow=From-Botnet-V1-TCP-Established 1970/01/29 02:32:27.482821 3.001897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 02:32:34.490247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:32:42.492198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:32:58.495084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:33:30.501547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:37:36.765226 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 02:37:36.765323 0.135655 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:36.901390 0.073210 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:36.974963 0.071539 udp 10.0.2.109 3683 <-> 86.145.114.252 8841 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:37.046889 0.084806 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:37.132168 0.168553 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:37.301121 0.068267 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:37.369812 0.167669 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:37.537833 0.105259 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:37.643519 0.060002 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:37.703945 0.050084 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:37.754470 0.050794 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:37.805705 0.334609 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:38.140728 0.062112 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:38.203363 0.419714 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:38.623562 0.149975 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:38.773952 0.366263 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:39.140643 0.078160 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:39.219250 0.045419 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:39.265117 0.086832 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:39.352342 0.034501 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:39.387245 0.000000 udp 10.0.2.109 3683 -> 81.149.254.99 3135 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 02:37:56.855909 0.068421 tcp 10.0.2.109 65321 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 02:37:56.924609 0.046646 tcp 10.0.2.109 65322 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 02:37:56.971511 0.158501 tcp 10.0.2.109 65323 -> 195.113.214.211 443 SRPA* 0 0 46 40992 flow=From-Botnet-V1-TCP-Established 1970/01/29 02:37:57.130675 0.466865 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:57.598065 0.061790 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:57.660253 0.183316 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:57.843981 0.374589 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:58.218970 0.155420 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:58.374803 0.141869 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:58.517064 0.041029 udp 10.0.2.109 3683 <-> 87.167.248.53 8279 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:58.558501 0.213858 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:58.772820 0.029326 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:58.802585 0.044359 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:58.847353 0.154912 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:59.002648 0.189329 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:59.192387 0.041932 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:59.234699 0.334074 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:59.569188 0.403079 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:37:59.972726 0.372628 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:38:00.345777 0.364824 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/29 02:39:34.507378 3.001620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 02:39:41.514339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:39:49.515774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:40:05.518205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:40:37.524946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:46:41.530631 3.011291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 02:46:48.548606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:46:56.549634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:47:12.552531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:47:44.558953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:53:48.564545 3.002231 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 02:53:55.572270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:54:03.573304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:54:19.577086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:54:51.583069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 02:59:42.561599 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 02:59:42.561708 2.741568 tcp 10.0.2.109 65324 -> 27.251.231.18 9791 FSPA* 0 0 14 1745 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:00:55.588476 3.001475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 03:01:02.595805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:01:10.597587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:01:26.600509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:01:58.606630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:08:02.612779 3.001897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 03:08:09.620170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:08:17.621781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:08:28.197256 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 03:08:28.197401 0.000000 udp 10.0.2.109 3683 -> 81.149.254.99 3135 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 03:08:33.624762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:08:46.795919 0.067335 tcp 10.0.2.109 65325 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:08:46.863541 0.066456 tcp 10.0.2.109 65326 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:08:46.930285 0.168184 tcp 10.0.2.109 65327 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:08:47.099572 0.137782 udp 10.0.2.109 3683 <-> 67.237.9.201 4174 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:08:47.237748 0.000000 udp 10.0.2.109 3683 -> 86.145.114.252 8841 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 03:09:05.630627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:09:05.751709 0.067108 tcp 10.0.2.109 65328 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:09:05.819102 0.068562 tcp 10.0.2.109 65329 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:09:05.888005 0.146007 tcp 10.0.2.109 65330 -> 195.113.214.211 443 SRPA* 0 0 55 34365 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:09:06.034593 0.084551 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:06.122920 0.168964 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:06.292294 0.068098 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:06.360797 0.232502 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:06.593661 0.124042 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:06.718203 0.056268 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:06.774855 0.054090 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:06.829361 0.070644 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:06.900510 0.054658 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:06.955578 0.441883 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:07.397893 0.151477 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:07.549785 0.333954 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:07.884166 0.068892 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:07.953442 0.039984 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:07.993842 0.089544 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:08.083819 0.038777 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:08.123030 0.076950 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:08.200351 0.359139 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:08.559887 0.190008 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:08.750307 0.488183 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:09.238960 0.062481 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:09.301912 0.428457 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:09.730807 0.169282 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:09.900527 0.144363 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:10.045297 0.000000 udp 10.0.2.109 3683 -> 87.167.248.53 8279 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 03:09:27.803208 0.043893 tcp 10.0.2.109 65331 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:09:27.847440 0.069479 tcp 10.0.2.109 65332 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:09:27.917232 0.166094 tcp 10.0.2.109 65333 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:09:28.083974 0.208061 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:28.292435 0.029396 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:28.322359 0.043622 rtcp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:28.366400 0.032965 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:28.399776 0.354412 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:28.754671 0.153204 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:28.908273 0.194806 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:29.103500 0.352108 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:29.456065 0.442257 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:09:29.898686 0.370950 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:15:09.636548 3.002233 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 03:15:16.644708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:15:24.645859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:15:40.648653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:16:12.654925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:22:16.660437 3.002291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 03:22:23.667934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:22:31.669684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:22:47.672701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:23:19.678765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:29:23.685967 3.000467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 03:29:30.691834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:29:38.693632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:29:45.303621 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 03:29:45.303728 1.945447 tcp 10.0.2.109 65334 -> 27.251.231.18 9791 FSPA* 0 0 15 1573 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:29:54.696546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:30:26.702758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:36:30.708732 3.001894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 03:36:37.715931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:36:45.717836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:37:01.720915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:37:33.726724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:39:43.763774 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 03:39:43.763938 0.000000 udp 10.0.2.109 3683 -> 86.145.114.252 8841 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 03:39:59.528099 0.068510 tcp 10.0.2.109 65335 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:39:59.596899 0.044985 tcp 10.0.2.109 65336 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:39:59.642188 0.162237 tcp 10.0.2.109 65337 -> 195.113.214.211 443 SRPA* 0 0 55 33590 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:39:59.804975 0.000000 udp 10.0.2.109 3683 -> 87.167.248.53 8279 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 03:40:16.070616 0.066962 tcp 10.0.2.109 65338 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:40:16.138093 0.058057 tcp 10.0.2.109 65339 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:40:16.196424 0.161618 tcp 10.0.2.109 65340 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:40:16.358665 0.000000 udp 10.0.2.109 3683 -> 67.237.9.201 4174 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 03:40:34.497289 0.065915 tcp 10.0.2.109 65341 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:40:34.563574 0.067633 tcp 10.0.2.109 65342 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:40:34.631425 0.175690 tcp 10.0.2.109 65343 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:40:34.807765 0.163063 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:34.971262 0.073290 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:35.044961 0.155998 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:35.201388 0.114156 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:35.316018 0.061976 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:35.378419 0.050275 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:35.429115 0.070173 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:35.499703 0.054031 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:35.554142 0.111308 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:35.665882 0.324713 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:35.991066 0.059291 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:36.050792 0.418836 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:36.469993 0.150666 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:36.621093 0.036540 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:36.658072 0.079147 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:36.737683 0.346893 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:37.084962 0.183674 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:37.269016 0.088134 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:37.357580 0.055568 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:37.413514 0.156371 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:37.570363 0.492609 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:38.063441 0.059534 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:38.123457 0.641469 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:38.765340 0.152710 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:38.918485 0.208323 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:39.127284 0.029026 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:39.156807 0.040899 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:39.198330 0.040640 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:39.239418 0.355451 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:39.595285 0.155738 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:39.751478 0.411028 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:40.162973 0.193697 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:40.357198 0.357464 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:40:40.715072 0.373462 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/29 03:43:37.732890 3.001648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 03:43:44.739986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:43:52.741437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:44:08.744678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:44:40.750532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:51:48.759372 3.000983 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 03:51:55.766683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:52:03.767846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:52:19.770936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:52:51.777044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:58:55.783040 3.001273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 03:59:02.790360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:59:10.791493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:59:26.794921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 03:59:47.254356 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 03:59:47.254489 1.820486 tcp 10.0.2.109 65344 -> 27.251.231.18 9791 FSPA* 0 0 15 1734 flow=From-Botnet-V1-TCP-Established 1970/01/29 03:59:58.800990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:06:02.806639 3.001441 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 04:06:09.813949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:06:17.815614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:06:33.818359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:07:05.824640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:10:50.508219 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 04:10:50.508419 0.000000 udp 10.0.2.109 3683 -> 67.237.9.201 4174 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 04:11:06.752547 0.067261 tcp 10.0.2.109 65345 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:11:06.820075 0.067814 tcp 10.0.2.109 65346 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:11:06.888155 0.205174 tcp 10.0.2.109 65347 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:11:07.093979 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 04:11:24.257233 0.048336 tcp 10.0.2.109 65348 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:11:24.305925 0.091099 tcp 10.0.2.109 65349 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:11:24.397349 0.144324 tcp 10.0.2.109 65350 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:11:24.542228 0.073577 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:24.616235 0.420467 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:25.037159 0.105865 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:25.143402 0.060345 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:25.204148 0.050140 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:25.254697 0.071887 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:25.327048 0.055917 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:25.407239 0.112110 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:25.519801 0.422040 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:25.942228 0.147067 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:26.089733 0.036912 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:26.127177 0.076381 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:26.203968 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 04:11:43.134606 0.055940 tcp 10.0.2.109 65351 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:11:43.190828 0.046217 tcp 10.0.2.109 65352 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:11:43.237361 0.161642 tcp 10.0.2.109 65353 -> 195.113.214.211 443 SRPA* 0 0 40 21958 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:11:43.399190 0.066413 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:43.466037 0.338897 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:43.805316 0.184389 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:43.990079 0.086636 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:44.077116 0.039949 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:44.117514 0.160595 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:44.278537 0.689487 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:44.968487 0.142843 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:45.111765 0.507270 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:45.619455 0.069146 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:45.689011 0.210679 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:45.900063 0.029449 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:45.929922 0.047092 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:45.977468 0.055317 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:46.033189 0.321743 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:46.355358 0.151922 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:46.508260 0.362403 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:11:46.871108 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 04:12:05.405604 0.066425 tcp 10.0.2.109 65354 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:12:05.472318 0.070832 tcp 10.0.2.109 65355 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:12:05.543475 0.152837 tcp 10.0.2.109 65356 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:12:05.696882 0.195294 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:12:05.892570 0.369815 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:13:09.830891 3.001572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 04:13:16.837925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:13:24.839484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:13:40.842619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:14:12.848503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:20:16.854876 3.001586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 04:20:23.861750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:20:31.863227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:20:47.866638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:21:19.872480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:27:23.878509 3.001708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 04:27:30.886010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:27:38.887411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:27:54.890587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:28:26.896362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:29:49.074954 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 04:29:49.075102 3.485671 tcp 10.0.2.109 65357 -> 27.251.231.18 9791 FSPA* 0 0 12 1479 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:29:57.565457 0.000183 tcp 10.0.2.109 65357 -> 27.251.231.18 9791 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:34:30.902407 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 04:34:38.051519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:34:45.983058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:35:01.924167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:35:33.930344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:41:37.936681 3.000994 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 04:41:44.943721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:41:52.945523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:42:08.947778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:42:21.446838 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 04:42:21.446928 0.170113 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:21.617451 0.360093 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:21.977940 0.449402 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:22.427820 0.068233 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:22.496495 0.063131 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:22.560131 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 04:42:39.413848 0.045302 tcp 10.0.2.109 65358 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:42:39.459474 0.045375 tcp 10.0.2.109 65359 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:42:39.505140 0.182811 tcp 10.0.2.109 65360 -> 195.113.214.211 443 SRPA* 0 0 25 13040 flow=From-Botnet-V1-TCP-Established 1970/01/29 04:42:39.688578 0.068448 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:39.757448 0.056438 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:39.814334 0.083224 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:39.897961 0.422914 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:40.321269 0.131394 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:40.453061 0.106436 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:40.559898 0.039896 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:40.600215 0.153099 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:40.753702 0.076838 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:40.830951 0.058470 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:40.889920 0.346022 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:40.954766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:42:41.236390 0.040230 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:41.277076 0.161249 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:41.438814 0.087471 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:41.526765 0.183803 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:41.711012 0.468479 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:42.179979 0.064595 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:42.245012 0.213320 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:42.458815 0.029460 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:42.488684 0.540117 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:43.029225 0.143693 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:43.173394 0.350671 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:43.524442 0.170020 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:43.694918 0.360312 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:44.055684 0.046360 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:44.102397 0.043464 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:44.146245 0.189912 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:42:44.336516 0.413339 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/29 04:48:44.960041 3.002479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 04:48:51.967561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:48:59.969218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:49:15.972330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:49:47.978470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:55:51.985233 3.000851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 04:55:58.991627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:56:06.993517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:56:22.996509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:56:55.002326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 04:59:52.568112 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 04:59:52.568206 3.927056 tcp 10.0.2.109 65361 -> 27.251.231.18 9791 FSPA* 0 0 14 1572 flow=From-Botnet-V1-TCP-Established 1970/01/29 05:02:59.008246 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 05:03:06.015711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:03:14.017422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:03:30.020368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:04:02.026234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:10:06.033242 3.000767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 05:10:13.039881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:10:21.041261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:10:37.043743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:11:09.050661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:12:52.589287 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 05:12:52.589456 0.051119 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:52.641023 0.167999 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:52.809482 0.062615 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:52.872464 0.422422 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:53.295261 0.357250 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:53.652961 0.069091 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:53.722470 0.075297 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:53.798142 0.052733 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 198 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:53.851256 0.084012 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:53.935652 0.106021 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:54.042277 0.036039 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:54.078799 0.148579 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:54.227810 0.079204 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:54.307425 0.063407 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:54.371286 0.438669 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:54.810515 0.304415 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:55.115301 0.361073 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:55.476803 0.044774 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:55.521961 0.156333 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:55.678696 0.116793 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:55.795952 0.177569 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:55.973918 0.211188 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:56.185482 0.028829 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:56.214798 0.490711 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:56.705956 0.069725 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:56.776074 0.425051 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:57.201514 0.140994 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:57.342955 0.369187 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:57.712572 0.159142 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:57.872113 0.035383 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:57.908023 0.189476 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:58.097918 0.378630 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:58.476950 0.351964 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:12:58.829310 0.041938 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:17:13.056483 3.001478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 05:17:20.063414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:17:28.065190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:17:44.067760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:18:16.074399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:24:20.080691 3.001251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 05:24:27.087605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:24:35.089016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:24:51.095358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:25:23.098347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:29:56.502297 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 05:29:56.502479 2.232180 tcp 10.0.2.109 65362 -> 27.251.231.18 9791 FSPA* 0 0 14 1499 flow=From-Botnet-V1-TCP-Established 1970/01/29 05:31:27.104804 3.001254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 05:31:34.111511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:31:42.113348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:31:58.116171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:32:30.122031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:38:34.128517 3.001142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 05:38:41.135473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:38:49.137046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:39:05.140091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:39:37.145906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:43:19.976868 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 05:43:19.977023 0.059321 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:20.036793 0.049935 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:20.087136 0.165177 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:20.252752 0.432891 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:20.686090 0.346558 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:21.033052 0.070590 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:21.104134 0.068430 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:21.173043 0.052471 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:21.225977 0.076939 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:21.303375 0.151500 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:21.455370 0.079863 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:21.535697 0.064587 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:21.600734 0.611593 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:22.212730 0.112823 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:22.325984 0.035610 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:22.362214 0.173498 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:22.536158 0.353612 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:22.890406 0.040077 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:22.931032 0.157586 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:23.088999 0.083042 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:23.172414 0.184370 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:23.357168 0.854256 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:24.211922 0.068184 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:24.280501 0.211880 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:24.492819 0.031348 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:24.524555 0.381097 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:24.906048 0.145208 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:25.051691 0.356335 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:25.408442 0.153006 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:25.561976 0.033149 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:25.595532 0.372579 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:25.968530 0.049767 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:26.018701 0.191881 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:43:26.210975 0.379925 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/29 05:45:41.151994 3.002336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 05:45:48.159512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:45:56.161229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:46:12.164239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:46:44.169938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:52:48.176132 3.001618 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 05:52:55.183574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:53:03.185006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:53:19.187874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:53:51.195821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 05:59:55.200065 3.001801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 05:59:58.743145 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 05:59:58.743320 1.827220 tcp 10.0.2.109 65363 -> 27.251.231.18 9791 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/01/29 06:00:02.207459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:00:10.208876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:00:26.211800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:00:58.217797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:07:02.223595 3.002176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 06:07:09.231150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:07:17.232886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:07:33.236081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:08:05.242213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:13:37.981017 0.006906 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 06:13:37.987992 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 06:13:54.706861 0.120032 tcp 10.0.2.109 65364 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 06:13:54.827177 0.067119 tcp 10.0.2.109 65365 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 06:13:54.894570 0.138184 tcp 10.0.2.109 65366 -> 195.113.214.211 443 SRPA* 0 0 63 40597 flow=From-Botnet-V1-TCP-Established 1970/01/29 06:13:55.033377 0.441067 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:55.474947 0.067896 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:55.543322 0.049950 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:55.593709 0.357811 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:55.952017 0.065913 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:56.018357 0.074621 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:56.093368 0.047251 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:56.141060 0.078680 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:56.220167 0.151032 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:56.371679 0.078766 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:56.450891 0.064327 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:56.515669 0.421045 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:56.937141 0.126189 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:57.063805 0.035857 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:57.100091 0.168836 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:57.269351 0.355293 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:57.625080 0.046170 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:57.671628 0.184971 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:57.857010 0.156118 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:58.013535 0.081181 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:58.095162 0.214310 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:58.309857 0.031126 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:58.341405 0.411772 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:58.753578 0.492693 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:59.246779 0.065207 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:59.312374 0.142854 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:59.455640 0.335221 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:59.791268 0.153005 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:59.944804 0.034477 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:13:59.979721 0.402162 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:14:00.382315 0.368574 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:14:00.751318 0.047737 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:14:00.799509 0.190133 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:14:09.249063 3.000419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 06:14:16.255341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:14:24.256935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:14:40.259715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:15:12.265845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:21:16.272407 3.001278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 06:21:23.279413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:21:31.280819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:21:47.283995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:22:19.289980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:28:23.296019 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 06:28:30.303244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:28:38.304775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:28:54.307598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:29:26.313778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:30:00.573128 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 06:30:00.573314 1.993395 tcp 10.0.2.109 65367 -> 27.251.231.18 9791 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/01/29 06:35:30.320203 3.001114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 06:35:37.327124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:35:45.328889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:36:01.331779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:36:33.337406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:42:37.343220 3.002213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 06:42:44.350972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:42:52.352574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:43:08.355681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:43:40.361514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:44:18.116192 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 06:44:18.116389 0.216038 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:18.332933 0.050077 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:18.383505 0.346033 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:18.729993 0.070142 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:18.800691 0.412546 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:19.213647 0.061780 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:19.275847 0.079147 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:19.355471 0.055953 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:19.411818 0.082010 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:19.494470 0.151805 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:19.712097 0.073448 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:19.785995 0.065422 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:19.851876 0.423966 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:20.276277 0.166516 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:20.443292 0.037324 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:20.480995 0.284948 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:20.766511 0.344000 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:21.110922 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 06:44:36.824853 0.068793 tcp 10.0.2.109 65368 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 06:44:36.893950 0.068296 tcp 10.0.2.109 65369 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 06:44:36.962548 0.156865 tcp 10.0.2.109 65370 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/29 06:44:37.120039 0.184705 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:37.305207 0.154906 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:37.460575 0.029143 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:37.490274 0.407286 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:37.898017 0.084034 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:37.982487 0.209111 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:38.192016 0.474304 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:38.666684 0.065177 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:38.732314 0.143320 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:38.876016 0.354604 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:39.231082 0.152078 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:39.383632 0.048529 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:39.432545 0.041888 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:39.474869 0.189337 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:39.664781 0.397517 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:44:40.062679 0.367522 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 06:49:44.367576 3.001760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 06:49:51.375394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:49:59.376638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:50:15.379805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:50:47.385623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:56:51.391815 3.001535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 06:56:58.399108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:57:06.400620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:57:22.403687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 06:57:54.409982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:00:02.574652 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 07:00:02.574767 1.946785 tcp 10.0.2.109 65371 -> 27.251.231.18 9791 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/01/29 07:03:58.415463 3.002224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 07:04:05.422955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:04:13.424776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:04:29.427059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:05:01.433747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:11:05.440454 3.000799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 07:11:12.447211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:11:20.448667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:11:36.451752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:12:08.457492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:15:10.319337 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 07:15:10.319446 0.040486 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:10.360358 0.353971 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:10.714744 0.067478 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:10.782602 0.167405 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:10.950582 0.049753 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:11.000738 0.189872 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:11.190987 0.073887 udp 10.0.2.109 3683 <-> 94.66.250.134 6063 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:11.265265 0.054919 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:11.320680 0.123763 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:11.444901 0.151757 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:11.597175 0.076385 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:11.673975 0.066706 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:11.741150 0.308362 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:12.049969 0.158757 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:12.209098 0.151110 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:12.360591 0.419866 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:12.780827 0.035975 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:12.817179 0.351841 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:13.169409 0.161503 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:13.331385 0.029400 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:13.361216 0.383319 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:13.744964 0.177711 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:13.923131 0.209015 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:14.132542 0.481584 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:14.614606 0.066995 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:14.682040 0.140860 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:14.823327 0.085397 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:14.909093 0.158772 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:15.068304 0.035149 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:15.103821 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 07:15:32.462612 0.050083 tcp 10.0.2.109 65372 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 07:15:32.513064 0.045167 tcp 10.0.2.109 65373 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 07:15:32.558514 0.165855 tcp 10.0.2.109 65374 -> 195.113.214.211 443 SRPA* 0 0 40 32780 flow=From-Botnet-V1-TCP-Established 1970/01/29 07:15:32.724952 0.193987 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:32.919361 0.354513 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:33.274349 0.819829 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:15:34.094576 0.371885 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:18:12.463674 3.001648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 07:18:19.470598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:18:27.472504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:18:43.475434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:19:15.481425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:25:19.487985 3.001477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 07:25:26.494681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:25:34.496420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:25:50.500126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:26:22.506215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:30:04.525255 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 07:30:04.525407 1.750632 tcp 10.0.2.109 65375 -> 27.251.231.18 9791 FSPA* 0 0 15 1690 flow=From-Botnet-V1-TCP-Established 1970/01/29 07:32:26.511886 3.000910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 07:32:33.518444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:32:41.520488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:32:57.523219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:33:29.528905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:39:33.535765 3.001005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 07:39:40.542744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:39:48.554738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:40:04.556828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:40:36.563110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:45:57.205757 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 07:45:57.205967 0.055418 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:45:57.261898 0.065778 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:45:57.328149 0.167587 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:45:57.496205 1.005306 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:45:58.501927 0.350222 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:45:58.852599 0.072499 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:45:58.925526 0.000000 udp 10.0.2.109 3683 -> 94.66.250.134 6063 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 07:46:14.551189 0.067200 tcp 10.0.2.109 65376 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 07:46:14.618638 0.067416 tcp 10.0.2.109 65377 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 07:46:14.686377 0.169413 tcp 10.0.2.109 65378 -> 195.113.214.211 443 SRPA* 0 0 40 22580 flow=From-Botnet-V1-TCP-Established 1970/01/29 07:46:14.856349 0.051784 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:14.908565 0.075149 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:14.984119 0.150724 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:15.135279 0.079447 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:15.215150 0.049896 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:15.265405 0.069581 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:15.335450 0.152083 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:15.487963 0.311558 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:15.800015 0.433868 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:16.234363 0.051184 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:16.285978 0.104531 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:16.390952 0.373573 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:16.765000 0.189778 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:16.955215 0.156522 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:17.112145 0.346042 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:17.458587 0.031367 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:17.490538 0.057536 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:17.548525 0.230916 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:17.779941 0.079816 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:17.860185 0.211270 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:18.071943 0.514617 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:18.586980 0.156731 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:18.744147 0.037987 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:18.782556 0.191937 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:18.974919 0.340746 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:19.316094 0.352227 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:19.668776 0.371239 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/29 07:46:40.569553 3.001672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 07:46:47.576832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:46:55.579034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:47:11.581372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:47:43.587502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:53:47.592990 3.002205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 07:53:54.600773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:54:02.602263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:54:18.605281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 07:54:50.611532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:00:06.275813 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 08:00:06.275993 1.935270 tcp 10.0.2.109 65379 -> 27.251.231.18 9791 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:00:54.618457 3.000588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 08:01:01.624896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:01:09.626422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:01:25.628907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:01:57.635449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:08:01.642389 3.000410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 08:08:08.648817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:08:16.650444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:08:32.652884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:09:04.659460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:15:08.664909 3.025082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 08:15:15.693003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:15:23.694300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:15:39.697414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:16:11.703329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:16:36.749790 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 08:16:36.749988 0.000000 udp 10.0.2.109 3683 -> 94.66.250.134 6063 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 08:16:53.936167 0.044396 tcp 10.0.2.109 65380 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:16:53.980824 0.046449 tcp 10.0.2.109 65381 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:16:54.027509 0.164310 tcp 10.0.2.109 65382 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:16:54.192420 0.072355 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:16:54.265903 0.067619 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:16:54.334004 0.170134 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:16:54.505581 0.358595 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:16:54.864570 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 08:17:12.781811 0.043614 tcp 10.0.2.109 65383 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:17:12.825735 0.073312 tcp 10.0.2.109 65384 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:17:12.899345 0.166121 tcp 10.0.2.109 65385 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:17:13.065994 0.061640 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:13.128068 0.059802 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:13.188318 0.080236 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:13.268986 0.051664 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:13.321274 0.058025 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:13.379702 0.172264 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:13.552411 0.308434 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:13.861281 0.084721 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:13.946425 0.150442 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:14.097321 0.422092 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:14.519806 0.041929 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:14.562320 0.111190 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:14.673904 0.407602 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:15.081911 0.178052 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:15.260420 0.031121 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:15.292018 0.066801 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:15.359206 0.141893 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:15.501491 0.085016 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:15.586926 0.218394 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:15.805741 0.352868 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:16.159035 0.214224 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:16.373709 0.440204 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:16.814391 0.161035 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:16.975881 0.037302 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:17.013606 0.193185 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:17.207195 0.362198 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:17.569749 0.352841 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:17:17.922993 0.569291 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:22:15.709743 3.001136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 08:22:22.716600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:22:30.718460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:22:46.720999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:23:18.727490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:29:22.733198 3.001735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 08:29:29.740564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:29:37.742007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:29:53.745033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:30:08.216686 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 08:30:08.216911 2.029841 tcp 10.0.2.109 65386 -> 27.251.231.18 9791 FSPA* 0 0 15 1703 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:30:25.751478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:36:29.757577 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 08:36:36.764745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:36:44.766601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:37:00.769009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:37:32.775141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:43:36.781468 3.005178 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 08:43:43.788421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:43:51.790321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:44:07.793093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:44:39.799138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:47:39.708354 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 08:47:39.708492 0.054460 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:47:39.763407 0.348121 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:47:40.111984 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 08:47:58.046319 0.049493 tcp 10.0.2.109 65387 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:47:58.096126 0.068608 tcp 10.0.2.109 65388 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:47:58.165053 0.168893 tcp 10.0.2.109 65389 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:47:58.334524 0.064208 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:47:58.399177 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 08:48:13.637268 0.048390 tcp 10.0.2.109 65390 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:48:13.685914 0.070439 tcp 10.0.2.109 65391 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:48:13.756596 0.161987 tcp 10.0.2.109 65392 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:48:13.919117 0.059437 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:13.978985 0.053489 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:14.032896 0.088107 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:14.121504 0.050173 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:14.172083 0.062269 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:14.234765 0.133434 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:14.368609 0.311099 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:14.680134 0.464683 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:15.145323 0.251615 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:15.397412 0.429139 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:15.826950 0.038538 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:15.865941 0.105764 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:15.972116 0.031420 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:16.003983 0.064579 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:16.068978 0.152900 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:16.222322 0.087347 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:16.310173 0.154775 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:16.465348 0.370963 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:16.836708 0.179502 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:17.016598 0.358874 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:17.375922 0.214630 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:17.590987 0.908786 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:18.500181 0.155930 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:18.656522 0.318307 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:18.975221 0.964081 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:19.939784 0.037032 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:48:19.977258 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 08:48:36.860594 0.045096 tcp 10.0.2.109 65393 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:48:36.906015 0.100915 tcp 10.0.2.109 65394 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:48:37.007223 1.185583 tcp 10.0.2.109 65395 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/01/29 08:48:38.193398 0.379931 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/29 08:51:47.807039 3.001708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 08:51:54.814658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:52:02.817343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:52:18.818993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:52:50.825449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:58:54.831543 3.001426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 08:59:01.839030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:59:09.840395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:59:25.843215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 08:59:57.849114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:00:10.247333 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 09:00:10.247559 1.729701 tcp 10.0.2.109 65396 -> 27.251.231.18 9791 FSPA* 0 0 14 1544 flow=From-Botnet-V1-TCP-Established 1970/01/29 09:06:01.855294 3.003210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 09:06:08.862565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:06:16.864022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:06:32.867683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:07:04.873090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:13:08.881903 2.998816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 09:13:15.886468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:13:23.887961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:13:39.890947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:14:11.897150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:18:40.954335 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 09:18:40.954439 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 09:18:59.783057 0.057741 tcp 10.0.2.109 65397 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 09:18:59.841148 0.070224 tcp 10.0.2.109 65398 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 09:18:59.911670 0.221766 tcp 10.0.2.109 65399 -> 195.113.214.211 443 SRPA* 0 0 57 37393 flow=From-Botnet-V1-TCP-Established 1970/01/29 09:19:00.134140 0.167383 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:00.302036 0.194018 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:00.496473 0.040403 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:00.537348 0.349024 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:00.886850 0.074261 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:00.961553 0.058251 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:01.020282 0.087188 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:01.107883 0.055694 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:01.163997 0.061632 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:01.226156 0.309323 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:01.535917 0.063661 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:01.600058 0.049978 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:01.650560 0.502952 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:02.153888 0.035874 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:02.190349 0.120963 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:02.311748 0.149377 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:02.461519 0.074692 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:02.536588 0.143270 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:02.680234 0.092751 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:02.773490 0.156379 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:02.930312 0.362775 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:03.293543 0.029233 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:03.323196 0.064767 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:03.388462 0.212852 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:03.601784 0.368818 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:03.971010 0.178040 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:04.149516 0.446515 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:04.596439 0.152229 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:04.749108 0.353050 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:05.102623 0.570874 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:05.673939 0.035616 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:19:05.709924 0.382529 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:20:15.903435 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 09:20:22.910709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:20:30.912121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:20:46.915009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:21:18.921093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:27:22.927175 3.001693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 09:27:29.934821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:27:37.936004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:27:53.939240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:28:25.944767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:30:11.977954 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 09:30:11.978070 2.104760 tcp 10.0.2.109 65400 -> 27.251.231.18 9791 FSPA* 0 0 14 1576 flow=From-Botnet-V1-TCP-Established 1970/01/29 09:34:29.950805 3.002010 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 09:34:36.958719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:34:44.960101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:35:00.963065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:35:32.968931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:41:36.976335 3.000387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 09:41:43.982738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:41:51.983726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:42:07.987004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:42:39.993119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:48:43.999792 3.000859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 09:48:51.006405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:48:59.007823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:49:15.010911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:49:23.303272 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 09:49:23.303444 0.040098 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:23.343951 0.361193 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:23.705566 0.066926 udp 10.0.2.109 3683 <-> 217.83.135.88 5333 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:23.772936 0.164418 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:23.937771 0.193123 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:24.131334 0.159618 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:24.291382 0.078983 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:24.370875 0.053835 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:24.371282 2.997595 tcp 10.0.2.109 65401 -> 81.149.70.189 4846 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/29 09:49:24.425104 0.284964 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:24.710558 0.312556 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:25.023549 0.065943 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:25.089918 0.050175 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:25.140538 0.430676 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:25.571678 0.053308 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:25.625444 0.104246 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:25.730079 0.149758 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:25.880295 0.088750 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:25.969497 0.152695 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:26.122659 0.086249 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:26.209346 0.158753 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:26.368484 0.066410 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:26.435311 0.212973 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:26.648672 0.347290 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:26.996359 0.362599 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:27.359403 0.029214 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:27.389064 0.179327 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:27.568790 0.480619 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:28.049817 0.157838 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:28.208099 0.035639 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:28.244111 0.332366 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:28.576920 0.354978 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:28.932362 0.381417 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 09:49:33.367158 0.000000 tcp 10.0.2.109 65401 -> 81.149.70.189 4846 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/29 09:49:47.016851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:55:51.022416 3.002350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 09:55:58.030786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:56:06.031891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:56:22.034797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 09:56:54.041023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:00:14.089286 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 10:00:14.089389 1.985215 tcp 10.0.2.109 65402 -> 27.251.231.18 9791 FSPA* 0 0 14 1523 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:02:58.047096 3.001819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 10:03:05.054343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:03:13.055909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:03:29.058790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:04:01.064861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:10:05.070715 3.001741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 10:10:12.078366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:10:20.079797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:10:36.082870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:11:08.088980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:17:12.095315 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 10:17:19.102919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:17:27.103843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:17:43.106814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:18:15.112820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:19:55.868077 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 10:19:55.868173 0.000000 udp 10.0.2.109 3683 -> 217.83.135.88 5333 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 10:20:13.515456 0.067814 tcp 10.0.2.109 65403 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:20:13.583556 0.068661 tcp 10.0.2.109 65404 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:20:13.652478 0.134845 tcp 10.0.2.109 65405 -> 195.113.214.211 443 SRPA* 0 0 32 24705 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:20:13.787860 0.167089 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:13.955348 0.044829 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:14.000576 0.346156 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:14.347346 0.195644 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:14.347715 4.648157 tcp 10.0.2.109 65406 -> 27.54.121.253 8878 SPA_* 0 0 123 88775 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:20:14.543389 0.058274 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:14.602067 0.084302 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:14.686810 0.055238 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:14.742622 0.246872 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:14.989901 0.308608 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:15.298889 0.066095 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:15.365399 0.050149 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:15.416021 0.438641 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:15.855070 0.056175 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:15.911655 0.112438 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:16.024513 0.149325 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:16.174378 0.078715 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:16.253466 0.162182 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:16.416053 0.066877 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:16.483349 0.215068 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:16.698840 0.344668 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:17.043934 0.143092 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:17.187448 0.085345 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:17.273261 0.371330 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:17.644977 0.031538 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:17.676925 0.177253 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:17.854636 0.034665 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:17.889755 0.343672 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:18.233815 4.905595 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:19.353729 4.678592 tcp 10.0.2.109 65406 -> 27.54.121.253 8878 A_PA 0 0 157 123166 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:20:23.139832 0.439869 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:23.580118 0.150559 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:23.731118 0.373637 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:20:24.388144 4.694356 tcp 10.0.2.109 65406 -> 27.54.121.253 8878 A_PA 0 0 159 123274 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:20:29.426527 4.650324 tcp 10.0.2.109 65406 -> 27.54.121.253 8878 A_PA 0 0 162 123436 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:20:34.431565 4.995498 tcp 10.0.2.109 65406 -> 27.54.121.253 8878 A_PA 0 0 181 132654 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:20:39.766393 3.321291 tcp 10.0.2.109 65406 -> 27.54.121.253 8878 FPA_* 0 0 76 54853 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:24:19.119611 3.000917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 10:24:26.126407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:24:34.127652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:24:50.130806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:25:22.136820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:30:16.079770 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 10:30:16.079973 1.863244 tcp 10.0.2.109 65407 -> 27.251.231.18 9791 FSPA* 0 0 14 1682 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:31:26.143097 3.001480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 10:31:33.150375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:31:41.151815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:31:57.154784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:32:29.160905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:38:33.166864 3.001085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 10:38:40.174128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:38:48.175783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:39:04.178498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:39:36.184767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:45:40.190263 3.002255 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 10:45:47.198897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:45:55.199755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:46:11.202693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:46:43.208973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:50:52.587578 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 10:50:52.587764 0.000000 udp 10.0.2.109 3683 -> 217.83.135.88 5333 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 10:51:09.684161 0.067695 tcp 10.0.2.109 65408 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:51:09.752118 0.079952 tcp 10.0.2.109 65409 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:51:09.832398 0.164288 tcp 10.0.2.109 65410 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:51:09.997309 0.169764 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:10.167496 0.044992 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:10.213025 0.350568 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:10.564039 0.196492 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:10.760983 0.060314 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:10.821751 0.075082 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:10.897253 0.047500 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:10.945142 0.304693 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:11.250490 0.051389 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:11.302337 0.447611 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:11.750359 0.037406 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:11.788197 0.312349 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:12.100949 0.068008 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:12.169392 0.109769 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:12.279567 0.148223 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:12.428262 0.000000 udp 10.0.2.109 3683 -> 2.85.54.109 2179 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 10:51:27.848579 0.066801 tcp 10.0.2.109 65411 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:51:27.915698 0.067072 tcp 10.0.2.109 65412 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:51:27.983067 0.155221 tcp 10.0.2.109 65413 -> 195.113.214.211 443 SRPA* 0 0 40 34544 flow=From-Botnet-V1-TCP-Established 1970/01/29 10:51:28.138969 0.156751 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:28.296105 0.063689 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:28.360207 0.211370 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:28.572043 0.344484 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:28.916949 0.144735 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:29.062145 0.087084 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:29.149667 0.356553 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:29.506648 0.031344 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:29.538538 0.185360 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:29.724320 0.036965 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:29.761736 0.321713 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:30.083934 0.152188 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:30.236530 0.352989 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:30.589958 0.456450 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:51:31.046833 0.378651 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/29 10:52:51.221019 3.001567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 10:52:58.227981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:53:06.229437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:53:22.232883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:53:54.238869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 10:59:58.244654 3.001590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 11:00:05.251816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:00:13.253585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:00:17.950400 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 11:00:17.950703 2.818788 tcp 10.0.2.109 65414 -> 27.251.231.18 9791 FSPA* 0 0 14 1524 flow=From-Botnet-V1-TCP-Established 1970/01/29 11:00:29.256271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:01:01.262693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:07:05.269207 3.000663 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 11:07:12.275709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:07:20.277139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:07:36.280618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:08:08.286561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:14:12.293361 3.000562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 11:14:19.299864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:14:27.301267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:14:43.304233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:15:15.310192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:21:19.316542 3.001219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 11:21:26.323555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:21:34.325118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:21:46.433037 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 11:21:46.433203 3.152466 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:49.586092 0.168170 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:49.754674 0.046245 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:49.801364 0.190582 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:49.992439 0.069279 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:50.062194 0.082103 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:50.144708 0.055576 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:50.200775 0.330938 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:50.327739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:21:50.532076 0.051484 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:50.583943 0.292181 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:50.876510 0.068276 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:50.945235 0.113441 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:51.059113 0.418577 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:51.478071 0.036480 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:51.514968 0.314783 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:51.830214 0.152497 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:51.983130 0.067207 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:52.050798 0.212687 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:52.264010 0.331906 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:52.596397 0.158372 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:52.755137 0.089455 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:52.845041 0.371341 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:53.216885 0.031515 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:53.248858 0.142717 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:53.391937 0.034440 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:53.426773 0.320592 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:53.747872 0.157632 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:53.905927 0.187898 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:54.094247 0.355609 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:54.450439 0.461382 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:21:54.912303 0.369932 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:22:22.334379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:28:26.339895 3.001597 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 11:28:33.347424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:28:41.349215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:28:57.352185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:29:29.358389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:30:20.772180 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 11:30:20.772324 2.562755 tcp 10.0.2.109 65415 -> 27.251.231.18 9791 FSPA* 0 0 14 1590 flow=From-Botnet-V1-TCP-Established 1970/01/29 11:35:33.363595 3.002194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 11:35:40.371478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:35:48.372959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:36:04.376061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:36:36.381764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:42:40.389350 3.000359 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 11:42:47.396971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:42:55.397156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:43:11.400070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:43:43.406539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:49:47.411874 3.002047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 11:49:54.419537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:50:02.420996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:50:18.423864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:50:50.429815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:52:06.109417 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 11:52:06.109572 0.046823 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:06.156813 0.194515 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:06.351830 0.083239 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:06.435510 0.166291 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:06.602245 0.059652 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:06.662384 0.072533 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:06.735311 0.053096 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:06.788870 0.339294 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:07.128632 0.049989 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:07.179125 0.290346 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:07.469898 0.065035 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:07.535383 0.215372 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:07.751179 0.420977 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:08.172634 0.037191 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:08.210349 0.308093 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:08.518848 0.151926 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:08.671152 0.362400 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:09.034042 0.155284 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:09.189714 0.088764 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:09.278981 0.063995 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:09.343431 0.208502 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:09.552310 0.366226 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:09.918955 0.029317 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:09.948679 0.144530 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:10.093651 0.034652 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:10.128732 0.338016 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:10.467159 0.156192 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:10.623764 0.456203 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:11.080417 0.177478 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:11.258367 0.352584 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:52:11.611319 0.413321 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/29 11:56:54.435460 3.002333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 11:57:01.443553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:57:09.445076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:57:25.448296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 11:57:57.453985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:00:23.334341 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 12:00:23.334517 1.824172 tcp 10.0.2.109 65416 -> 27.251.231.18 9791 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/01/29 12:04:01.460035 3.001608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 12:04:08.467040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:04:16.468517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:04:32.471953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:05:04.477772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:11:08.483632 3.002105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 12:11:15.491503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:11:23.492975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:11:39.496418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:12:11.502870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:18:15.508070 3.001588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 12:18:22.515297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:18:30.517123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:18:46.519514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:19:18.525936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:22:29.631022 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 12:22:29.631271 0.040602 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:29.672367 0.190332 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:29.946587 0.076786 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:30.023833 0.170505 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:30.194799 0.060685 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:30.255963 0.078865 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:30.335269 0.057641 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:30.393334 0.315748 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:30.709483 0.348061 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:31.058015 0.050643 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:31.109132 0.065549 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:31.175150 0.111946 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:31.287521 0.456171 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:31.744130 0.042307 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:31.786962 0.310179 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:32.097598 0.152383 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:32.250569 0.087929 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:32.338943 0.067950 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:32.407306 0.357625 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:32.765409 0.161014 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:32.926832 0.209252 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:33.136477 0.367408 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:33.504280 0.032240 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:33.536953 0.142255 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:33.679699 0.035877 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:33.715942 0.391535 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:34.107974 0.159090 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:34.267477 0.472319 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:34.740273 0.177621 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:34.918349 0.354935 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:22:35.273746 0.371049 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:25:22.531536 3.002053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 12:25:29.539448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:25:37.540647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:25:53.543360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:26:25.549929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:30:25.165243 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 12:30:25.165362 1.916022 tcp 10.0.2.109 65417 -> 27.251.231.18 9791 FSPA* 0 0 14 1530 flow=From-Botnet-V1-TCP-Established 1970/01/29 12:32:29.555776 3.001757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 12:32:36.563404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:32:44.564879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:33:00.567875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:33:32.573670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:39:36.579883 3.001483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 12:39:43.587227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:39:51.588743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:40:07.591405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:40:39.597519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:46:43.603726 3.001811 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 12:46:50.611344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:46:58.613070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:47:14.615901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:47:46.621828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:52:44.650701 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 12:52:44.650880 0.041988 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:52:44.693309 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 12:53:02.938720 0.066206 tcp 10.0.2.109 65418 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 12:53:03.005239 0.068179 tcp 10.0.2.109 65419 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 12:53:03.073702 0.154854 tcp 10.0.2.109 65420 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/29 12:53:03.229120 0.074624 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:03.304121 0.167239 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:03.471787 0.063247 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:03.535486 0.076002 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:03.611935 0.055044 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:03.667458 0.293990 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:03.961889 0.063654 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:04.025949 0.106072 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:04.132431 0.424647 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:04.557502 0.035468 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:04.593368 0.340368 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:04.934142 0.048963 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:04.983531 0.307670 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:05.291649 0.151071 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:05.443212 0.088174 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:05.531808 0.062724 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:05.594930 0.345658 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:05.941051 0.159308 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:06.100759 0.034159 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:06.135327 0.143786 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:06.279537 0.035363 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:06.315327 0.209925 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:06.525686 0.372848 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:06.899025 0.329126 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:07.228624 0.156933 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:07.385952 0.461255 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:07.847612 0.183572 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:08.031594 0.349327 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:08.381340 0.384119 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/29 12:53:50.627954 3.001437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 12:53:57.635100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:54:05.636455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:54:21.639827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 12:54:53.646305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:00:27.085482 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 13:00:27.085639 1.716342 tcp 10.0.2.109 65421 -> 27.251.231.18 9791 FSPA* 0 0 15 1784 flow=From-Botnet-V1-TCP-Established 1970/01/29 13:00:57.651330 3.001921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 13:01:04.659123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:01:12.660869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:01:28.663518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:02:00.669349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:08:04.676438 3.001027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 13:08:11.682917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:08:19.684715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:08:35.687598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:09:07.693630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:15:11.699404 3.001993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 13:15:18.707154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:15:26.708600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:15:42.711646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:16:14.717642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:22:18.724479 3.000702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 13:22:25.731237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:22:33.732484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:22:49.735659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:23:21.741490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:23:35.411389 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 13:23:35.411529 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 13:23:52.308608 0.067535 tcp 10.0.2.109 65422 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 13:23:52.376475 0.066002 tcp 10.0.2.109 65423 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 13:23:52.442757 0.165999 tcp 10.0.2.109 65424 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/29 13:23:52.609319 0.044463 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:52.654229 0.102537 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:52.757180 0.168221 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:52.925856 0.059095 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:52.985372 0.079353 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:53.065135 0.054549 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:53.120054 0.299894 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:53.420349 0.431943 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:53.852691 0.035774 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:53.888917 0.334435 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:54.223787 0.049973 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:54.274160 0.063123 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:54.337769 0.226824 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:54.565110 0.311642 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:54.877104 0.151959 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:55.029489 0.089344 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:55.119286 0.064721 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:55.184400 0.362739 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:55.547597 0.149094 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:55.697162 0.046790 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:55.744363 0.214095 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:55.958846 0.364987 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:56.324231 0.160301 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:56.484893 0.034367 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:56.519661 0.332928 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:56.852999 0.158704 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:57.012098 0.485107 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:57.497632 0.382607 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:57.880663 0.177119 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:23:58.058248 0.360081 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:29:25.748279 3.000969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 13:29:32.755222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:29:40.756489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:29:56.759696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:30:28.765925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:30:28.806601 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 13:30:28.806839 1.805683 tcp 10.0.2.109 65425 -> 27.251.231.18 9791 FSPA* 0 0 14 1670 flow=From-Botnet-V1-TCP-Established 1970/01/29 13:36:32.772405 3.000710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 13:36:39.779252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:36:47.780691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:37:03.783351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:37:35.789479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:43:39.795207 3.015385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 13:43:46.812937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:43:54.814476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:44:10.817597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:44:42.823658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:51:47.837514 3.001539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 13:51:54.844780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:52:02.846557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:52:18.849134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:52:50.855273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:54:22.848109 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 13:54:22.848216 0.173705 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:23.022472 0.057506 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:23.080413 0.045625 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:23.126474 0.077375 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:23.204329 0.072676 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:23.277431 0.052625 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:23.330449 0.287941 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:23.618825 0.429436 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:24.048690 0.035992 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:24.085091 0.062839 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:24.148376 0.132070 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:24.280861 0.305820 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:24.587063 0.346085 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:24.933583 0.050336 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:24.984371 0.149381 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:25.134368 0.087671 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:25.222501 0.065415 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:25.288389 0.349455 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:25.638416 0.142223 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:25.781021 0.034622 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:25.816034 0.216955 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:26.033358 0.371273 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:26.405116 0.161858 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:26.567398 0.034323 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:26.602214 0.352850 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:26.955555 0.160154 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:27.116149 0.497702 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:27.614292 0.372713 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:27.987449 0.180995 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:54:28.168867 0.353585 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/29 13:58:54.862253 3.000851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 13:59:01.868765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:59:09.870474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:59:25.873093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 13:59:57.879158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:00:30.618276 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 14:00:30.618383 1.749835 tcp 10.0.2.109 65426 -> 27.251.231.18 9791 FSPA* 0 0 14 1526 flow=From-Botnet-V1-TCP-Established 1970/01/29 14:06:01.885343 3.001620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 14:06:08.892644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:06:16.894067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:06:32.897234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:07:04.903098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:13:08.910843 3.000018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 14:13:15.916752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:13:23.918377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:13:39.921110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:14:11.926930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:20:15.933283 3.001355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 14:20:22.940654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:20:30.941978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:20:46.945236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:21:18.951038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:24:51.427159 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 14:24:51.427260 0.164938 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:51.592662 0.082066 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:51.675132 0.078858 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:51.754502 0.048340 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:51.803247 0.302438 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:52.106117 0.061069 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:52.167624 0.044483 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:52.212535 0.441062 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:52.654036 0.039028 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:52.693545 0.062998 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:52.756945 0.136228 udp 10.0.2.109 3683 <-> 62.90.85.111 8996 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:52.893594 0.314621 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:53.208627 0.344926 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:53.554012 0.048981 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:53.603472 0.147615 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:53.751474 0.087943 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:53.839878 0.061075 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:53.901357 0.363160 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:54.264960 0.140547 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:54.405917 0.040388 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:54.446686 0.160848 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:54.607965 0.032203 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:54.640582 0.318663 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:54.959737 0.210616 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:55.170789 0.362322 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:55.533525 0.159451 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:55.693369 0.450855 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:56.144612 0.381950 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:56.526969 0.184898 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:24:56.712292 0.427085 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:27:22.957710 3.001336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 14:27:29.964530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:27:37.966046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:27:53.969181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:28:25.975210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:30:32.366978 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 14:30:32.367148 1.882223 tcp 10.0.2.109 65427 -> 27.251.231.18 9791 FSPA* 0 0 14 1544 flow=From-Botnet-V1-TCP-Established 1970/01/29 14:34:29.982378 3.000326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 14:34:36.988693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:34:44.990874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:35:00.992943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:35:32.999080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:41:37.005097 3.001815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 14:41:44.012403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:41:52.014011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:42:08.016880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:42:40.022881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:48:44.029995 3.000723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 14:48:51.037279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:48:59.038358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:49:15.040857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:49:47.047054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:55:06.116130 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 14:55:06.116368 0.073681 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:06.190517 0.054946 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:06.245971 0.162578 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:06.408974 0.082537 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:06.491936 0.248490 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:06.740867 0.061402 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:06.802721 0.074295 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:06.877473 0.470205 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:07.348062 0.035388 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:07.383876 0.067298 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:07.451586 0.000000 udp 10.0.2.109 3683 -> 62.90.85.111 8996 INT 0 1 90 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 14:55:23.893128 0.073357 tcp 10.0.2.109 65428 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 14:55:23.966801 0.067134 tcp 10.0.2.109 65429 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 14:55:24.034349 0.157774 tcp 10.0.2.109 65430 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/29 14:55:24.192803 0.312342 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:24.505559 0.334345 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:24.840310 0.050995 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:24.891712 0.145693 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:25.037796 0.085040 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:25.123324 0.061213 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:25.184962 0.041263 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:25.226622 0.156945 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:25.383993 0.032226 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:25.416702 0.355577 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:25.772657 0.345959 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:26.119023 0.150521 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:26.269973 0.208061 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:26.478612 0.368969 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:26.848029 0.154950 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:27.003412 0.178337 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:27.182184 1.056788 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:28.239358 0.523352 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:28.763144 0.360705 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/29 14:55:51.053249 3.001458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 14:55:58.060511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:56:06.062045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:56:22.064989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 14:56:54.071074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:00:34.257684 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 15:00:34.257788 1.708368 tcp 10.0.2.109 65431 -> 27.251.231.18 9791 FSPA* 0 0 14 1498 flow=From-Botnet-V1-TCP-Established 1970/01/29 15:02:58.078124 3.000532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 15:03:05.084204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:03:13.086194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:03:29.088833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:04:01.095173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:10:05.100465 3.001992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 15:10:12.108526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:10:20.109734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:10:36.112756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:11:08.118662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:17:12.124542 3.002080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 15:17:19.132501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:17:27.133807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:17:43.137224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:18:15.143076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:24:19.149018 3.001792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 15:24:26.156429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:24:34.157752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:24:50.160866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:25:22.167057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:25:41.775314 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 15:25:41.775482 0.381495 udp 10.0.2.109 3683 -> 62.90.85.111 8996 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 15:25:42.156977 0.000000 icmp 62.90.85.111 0x0103 -> 10.0.2.109 0x3e5a URH 192 1 198 flow=Background 1970/01/29 15:25:57.590032 0.062467 tcp 10.0.2.109 65432 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/29 15:25:57.652789 0.064312 tcp 10.0.2.109 65433 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/29 15:25:57.717363 0.158436 tcp 10.0.2.109 65434 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/29 15:25:57.876288 0.048086 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:57.924843 0.170244 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:58.095547 0.074746 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:58.170778 0.264005 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:58.435230 0.055326 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:58.491026 0.040490 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:58.532000 0.238998 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:58.784431 0.055612 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:58.840427 0.420386 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:59.261237 0.060212 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:59.321855 0.050767 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:59.373190 0.309874 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:25:59.683457 0.346545 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:00.030634 0.148201 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:00.179262 0.084858 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:00.264529 0.059803 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:00.324736 0.034607 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:00.359796 0.159531 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:00.519812 0.032194 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:00.552435 0.322287 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:00.875170 0.346425 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:01.222035 0.147305 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:01.369705 0.210270 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:01.580444 0.364276 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:01.945128 0.156770 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:02.102402 0.182818 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:02.285599 0.480426 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:02.766571 0.435922 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:26:03.202913 0.359122 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:30:35.968475 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 15:30:35.968670 1.706006 tcp 10.0.2.109 65435 -> 27.251.231.18 9791 FSPA* 0 0 14 1558 flow=From-Botnet-V1-TCP-Established 1970/01/29 15:31:26.172347 3.002253 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 15:31:33.180424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:31:41.181814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:31:57.184735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:32:29.190677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:38:33.196604 3.001790 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 15:38:40.204550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:38:48.205773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:39:04.208159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:39:36.214699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:45:40.221069 3.001305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 15:45:47.228100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:45:55.229783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:46:11.233607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:46:43.238884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:52:50.249336 3.001725 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 15:52:57.256915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:53:05.258646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:53:21.261286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:53:53.267408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 15:56:05.538256 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 15:56:05.538451 0.049595 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:05.588450 0.170306 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:05.759199 0.075852 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:05.835494 0.201585 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:06.037509 0.058371 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:06.096324 0.044875 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:06.141653 0.072330 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:06.214397 0.034599 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:06.249403 0.049401 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:06.299237 0.337840 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:06.637527 0.333730 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:06.971710 0.419881 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:07.392015 0.060369 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:07.452812 0.144433 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:07.597704 0.083992 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:07.682229 0.061152 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:07.743837 0.035486 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:07.779801 0.160792 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:07.941036 0.034316 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:07.975806 0.331002 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:08.307204 0.208429 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:08.516039 0.365443 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:08.881874 0.370867 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:09.253197 0.140613 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:09.394231 0.159551 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:09.554231 0.178366 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:09.733121 0.473245 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:10.206804 0.553955 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:56:10.761161 0.378567 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/29 15:59:57.273396 3.001143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 16:00:04.280817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:00:12.281910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:00:28.284779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:00:37.679066 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 16:00:37.679181 1.733293 tcp 10.0.2.109 65436 -> 27.251.231.18 9791 FSPA* 0 0 15 1768 flow=From-Botnet-V1-TCP-Established 1970/01/29 16:01:00.290900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:07:04.298312 3.000423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 16:07:11.304340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:07:19.305922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:07:35.308791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:08:07.314953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:14:11.320682 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 16:14:18.328424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:14:26.329601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:14:42.332479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:15:14.338527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:21:18.345210 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 16:21:25.352343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:21:33.353717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:21:49.357130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:22:21.362516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:26:17.262865 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 16:26:17.263001 0.075558 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:17.339037 0.315232 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:17.654732 0.066222 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:17.721403 0.166685 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:17.888562 0.075001 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:17.963986 0.044637 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:18.009123 0.092518 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:18.102232 0.035403 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:18.138244 0.050926 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:18.189651 0.403790 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:18.593858 0.338658 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:18.933058 0.558643 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:19.492145 0.078632 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:19.571163 0.146782 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:19.718365 0.100330 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:19.819104 0.079840 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:19.899465 0.035822 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:19.935776 0.160255 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:20.096574 0.034180 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:20.131203 0.365155 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:20.497277 0.318182 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:20.815906 0.208930 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:21.025344 0.357410 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:21.383119 0.139626 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:21.523123 0.163183 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:21.686730 0.189722 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:21.876888 0.466262 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:22.343584 0.491215 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:26:22.835224 0.360451 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:28:25.369173 3.001245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 16:28:32.377125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:28:40.377659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:28:56.380708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:29:28.386736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:30:39.419460 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 16:30:39.419586 1.801766 tcp 10.0.2.109 65437 -> 27.251.231.18 9791 FSPA* 0 0 14 1630 flow=From-Botnet-V1-TCP-Established 1970/01/29 16:35:32.392441 3.015060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 16:35:39.410518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:35:47.411645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:36:03.414778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:36:35.420965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:42:39.427381 3.001049 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 16:42:46.434390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:42:54.435606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:43:10.438183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:43:42.444791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:49:46.450940 3.001476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 16:49:53.458007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:50:01.459586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:50:17.462678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:50:49.468034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:56:41.485344 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 16:56:41.485570 0.074391 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:41.560402 0.236918 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:41.797815 0.055874 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:41.854131 0.165987 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:42.020585 0.057411 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:42.078552 0.048629 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:42.127614 0.050976 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:42.179086 0.373872 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:42.553350 0.344649 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:42.898402 0.336387 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:43.235243 0.036991 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:43.272675 0.592901 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:43.866029 0.062530 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:43.928948 0.149634 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:44.078995 0.084548 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:44.163976 0.058752 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:44.223104 0.046740 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:44.270284 0.364707 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:44.635386 0.375035 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:45.010859 0.208158 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:45.219494 0.159489 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:45.379370 0.032025 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:45.411894 0.365003 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:45.777355 0.142091 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:45.919890 0.156835 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:46.077165 0.177926 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:46.255584 0.458870 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:46.714902 0.412872 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:47.128195 0.352905 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/29 16:56:53.474694 3.002343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 16:57:00.481899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:57:08.483085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:57:24.486497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 16:57:56.493733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:00:41.229979 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 17:00:41.230082 1.662553 tcp 10.0.2.109 65438 -> 27.251.231.18 9791 FSPA* 0 0 14 1611 flow=From-Botnet-V1-TCP-Established 1970/01/29 17:04:00.499523 3.001203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 17:04:07.505837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:04:15.506919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:04:31.510127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:05:03.516624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:11:07.523606 3.000782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 17:11:14.529760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:11:22.531501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:11:38.534374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:12:10.540533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:18:14.546955 3.001447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 17:18:21.554168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:18:29.555728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:18:45.558452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:19:17.564549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:25:21.570903 3.001240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 17:25:28.578299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:25:36.579472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:25:52.582087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:26:24.588706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:27:14.380344 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 17:27:14.380516 0.063737 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:14.444707 0.170813 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:14.615979 0.084878 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:14.701278 0.323100 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:15.024846 0.071895 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:15.097212 0.044338 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:15.141993 0.049661 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:15.192147 0.408982 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:15.601603 0.343961 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:15.945980 0.418389 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:16.364749 0.072874 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:16.437993 0.092998 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:16.531430 0.035726 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:16.567550 0.219263 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:16.787213 0.101121 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:16.888814 0.074237 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:16.963431 0.034554 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:16.998589 0.363703 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:17.362766 0.334086 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:17.697293 0.032060 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:17.729807 0.355373 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:18.085748 0.150838 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:18.236984 0.212359 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:18.449820 0.174575 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:18.624853 0.158196 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:18.783524 0.182999 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:18.966915 0.504559 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:19.471886 0.371489 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:27:19.843769 0.393261 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:30:42.900236 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 17:30:42.900412 1.775282 tcp 10.0.2.109 65439 -> 27.251.231.18 9791 FSPA* 0 0 14 1608 flow=From-Botnet-V1-TCP-Established 1970/01/29 17:32:28.594799 3.004141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 17:32:35.601861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:32:43.603016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:32:59.606793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:33:31.611846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:39:35.618327 3.001371 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 17:39:42.625884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:39:50.627395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:40:06.630815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:40:38.636661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:46:42.643139 3.001025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 17:46:49.649840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:46:57.651377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:47:13.654385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:47:45.660514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:53:49.666333 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 17:53:56.673880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:54:04.675331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:54:20.679050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:54:52.684520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 17:57:29.149764 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 17:57:29.149903 0.078965 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:29.229333 0.244934 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:29.474678 0.055995 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:29.531101 0.295736 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:29.827287 0.057235 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:29.884966 0.044591 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:29.930016 0.050571 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:29.981031 0.390866 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:30.372317 0.344646 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:30.717431 0.592233 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:31.310121 0.062563 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:31.373090 0.080552 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:31.453991 0.035810 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:31.490198 0.148472 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:31.639050 0.086284 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:31.725714 0.062327 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:31.788476 0.000000 udp 10.0.2.109 3683 -> 143.225.166.230 6500 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 17:57:47.667955 0.066040 tcp 10.0.2.109 65440 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 17:57:47.734273 0.068149 tcp 10.0.2.109 65441 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 17:57:47.802726 0.168870 tcp 10.0.2.109 65442 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/01/29 17:57:47.972366 0.031994 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:48.004762 0.373588 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:48.378787 0.321898 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:48.701094 0.343246 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:49.044739 0.136595 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:49.181775 0.223987 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:49.406261 0.189675 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 587 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:49.596335 0.176777 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:49.773509 0.183659 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:49.957592 0.908509 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:50.866589 0.379611 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/29 17:57:51.246651 0.477336 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:00:44.680943 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 18:00:44.681048 1.752155 tcp 10.0.2.109 65443 -> 27.251.231.18 9791 FSPA* 0 0 14 1498 flow=From-Botnet-V1-TCP-Established 1970/01/29 18:00:56.690224 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 18:01:03.697475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:01:11.699151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:01:27.702196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:01:59.708697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:08:03.713987 3.002351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 18:08:10.721481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:08:18.723152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:08:34.726317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:09:06.731937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:15:10.737822 3.002058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 18:15:17.745780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:15:25.747360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:15:41.750654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:16:13.756294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:22:17.762508 3.067311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 18:22:24.804789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:22:32.781359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:22:48.784099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:23:20.790631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:28:11.047967 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 18:28:11.048120 0.035202 udp 10.0.2.109 3683 -> 143.225.166.230 6500 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 18:28:11.083322 0.000000 icmp 143.225.166.230 0x0303 -> 10.0.2.109 0x6419 URP 192 1 228 flow=Background 1970/01/29 18:28:28.544167 0.064894 tcp 10.0.2.109 65444 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 18:28:28.609382 0.065427 tcp 10.0.2.109 65445 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 18:28:28.675109 0.165086 tcp 10.0.2.109 65446 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/29 18:28:28.840754 0.291592 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:29.132751 0.050012 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:29.183166 0.184304 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:29.367976 0.058527 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:29.426962 0.044501 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:29.471901 0.050866 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:29.523218 0.085723 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:29.609388 0.342082 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:29.951971 0.404511 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:30.356944 0.282409 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:30.639716 0.417664 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:31.057750 0.148177 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:31.206581 0.090512 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:31.297484 0.064508 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:31.362536 0.035724 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:31.398691 0.062323 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:31.461441 0.034088 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:31.496037 0.332070 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:31.828491 0.358794 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:32.187697 0.356371 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:32.544483 0.140408 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:32.685292 0.223632 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:32.909392 0.160926 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:33.070723 0.159762 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:33.230867 0.186308 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:33.417561 0.413169 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:33.831133 0.370690 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:28:34.202252 0.488786 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:29:24.795964 3.001743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 18:29:31.803479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:29:39.805309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:29:55.808529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:30:27.814352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:30:46.441236 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 18:30:46.441404 1.874767 tcp 10.0.2.109 65447 -> 27.251.231.18 9791 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/01/29 18:36:31.821497 3.000276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 18:36:38.827685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:36:46.829299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:37:02.831675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:37:34.838024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:43:38.844856 3.001064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 18:43:45.851660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:43:53.853065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:44:09.856157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:44:41.862300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:51:45.874462 3.001679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 18:51:52.882445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:52:00.883246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:52:16.886577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:52:48.892891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:58:52.898377 3.001726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 18:58:59.905661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:59:04.162539 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 18:59:04.162693 0.301459 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:04.464567 0.049598 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:04.514596 0.207185 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:04.722435 0.060073 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:04.782902 0.041082 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:04.824432 0.049805 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:04.874610 0.077756 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:04.952841 0.347199 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:05.300462 0.403364 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:05.704266 0.401286 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:06.105954 0.444814 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:06.551238 0.140611 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:06.692262 0.085101 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:06.777787 0.064181 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:06.842488 0.034597 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:06.877540 0.062420 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:06.940392 0.032122 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:06.972991 0.353640 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:07.327052 0.140063 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:07.467563 0.213938 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:07.681960 0.376703 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:07.907411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:59:08.059089 0.353334 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:08.412865 0.156172 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:08.569491 0.152978 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:08.722883 0.178185 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:08.901513 0.457247 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:09.359147 0.370862 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:09.730457 0.354195 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 18:59:23.910787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 18:59:55.916583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:00:48.322116 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 19:00:48.322332 1.700036 tcp 10.0.2.109 65448 -> 27.251.231.18 9791 FSPA* 0 0 14 1664 flow=From-Botnet-V1-TCP-Established 1970/01/29 19:05:59.922004 3.002543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 19:06:06.929897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:06:14.931436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:06:30.933659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:07:02.940649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:13:06.946361 3.001886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 19:13:13.954721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:13:21.960766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:13:37.958537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:14:09.964074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:20:13.970805 3.000993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 19:20:20.977900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:20:28.979141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:20:44.982658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:21:16.988390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:27:20.994579 3.001251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 19:27:28.001722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:27:36.003412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:27:52.006021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:28:24.012371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:29:37.207717 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 19:29:37.207813 0.291548 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:37.499824 0.051062 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:37.551243 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 19:29:56.316586 0.065375 tcp 10.0.2.109 65449 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 19:29:56.382513 0.063515 tcp 10.0.2.109 65450 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 19:29:56.446365 0.160442 tcp 10.0.2.109 65451 -> 195.113.214.211 443 SRPA* 0 0 41 33160 flow=From-Botnet-V1-TCP-Established 1970/01/29 19:29:56.607532 0.056956 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:56.664994 0.048054 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:56.713478 0.049670 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:56.763700 0.084632 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:56.848698 0.345813 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:57.195013 0.385373 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:57.580780 0.319935 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:57.901128 0.418456 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:58.320093 0.146211 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:58.466710 0.085822 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:58.552942 0.063666 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:58.617024 0.034568 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:58.652011 0.063848 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:58.716281 0.032469 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:58.749128 0.211090 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:58.960640 0.355097 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:59.316188 0.136172 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:59.452820 0.368116 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:29:59.821371 0.321638 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:30:00.143475 0.160262 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:30:00.304159 0.160170 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:30:00.464788 0.177598 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:30:00.642789 0.498227 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:30:01.141445 0.573403 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:30:01.715274 0.494427 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/29 19:30:50.023064 1.713800 tcp 10.0.2.109 65452 -> 27.251.231.18 9791 FSPA* 0 0 14 1574 flow=From-Botnet-V1-TCP-Established 1970/01/29 19:34:28.018512 3.001373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 19:34:35.025531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:34:43.027017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:34:59.030260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:35:31.036032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:41:35.043008 3.000709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 19:41:42.049732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:41:50.051384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:42:06.054245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:42:38.060242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:48:42.066639 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 19:48:49.073593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:48:57.075169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:49:13.078611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:49:45.084301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:55:49.090504 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 19:55:56.097787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:56:04.099324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:56:20.102239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 19:56:52.108807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:00:04.014705 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 20:00:04.014913 0.170138 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:04.185432 0.294242 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:04.480147 0.048457 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:04.529060 0.059557 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:04.589004 0.040402 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:04.629869 0.050234 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:04.680534 0.111039 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:04.792045 0.475804 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:05.268329 0.348577 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:05.617381 0.402336 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:06.020110 0.421018 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:06.441551 0.148932 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:06.590916 0.087500 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:06.678848 0.061422 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:06.740704 0.035763 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:06.776890 0.062744 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:06.840025 0.032075 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:06.872562 0.208793 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:07.081792 0.376206 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:07.458542 0.341650 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:07.800539 0.140583 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:07.941509 0.337994 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:08.279960 0.158264 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:08.438690 0.158358 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:08.597543 0.183321 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:08.781244 0.475718 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:09.257415 0.373080 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:09.630856 0.423457 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:00:51.743080 1.837022 tcp 10.0.2.109 65453 -> 27.251.231.18 9791 FSPA* 0 0 15 1717 flow=From-Botnet-V1-TCP-Established 1970/01/29 20:02:56.115121 3.000530 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 20:03:03.121387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:03:11.122865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:03:27.126026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:03:59.132091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:10:03.138352 3.001349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 20:10:10.145526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:10:18.146779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:10:34.150093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:11:06.156010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:17:10.165089 2.998377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 20:17:17.169606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:17:25.171059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:17:41.173729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:18:13.180031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:24:17.185946 3.001765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 20:24:24.193560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:24:32.194689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:24:48.198285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:25:20.203861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:30:17.952240 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 20:30:17.952436 0.171750 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:18.124613 0.408576 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:18.533565 0.059658 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:18.593606 0.065354 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:18.659430 0.040292 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:18.700135 0.050806 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:18.751328 0.083898 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:18.835675 0.392235 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:19.228368 0.439765 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:19.668601 0.339120 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:20.008121 0.421801 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:20.430522 0.148369 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:20.579286 0.087997 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:20.667685 0.060727 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:20.728765 0.034356 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:20.763491 0.067144 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:20.831022 0.032135 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:20.863553 0.342584 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:21.206577 0.140727 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:21.347712 0.221020 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:21.587244 0.366585 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:21.954470 0.320980 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:22.275900 0.156899 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:22.433227 0.153546 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:22.587192 0.181040 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:22.768723 0.480597 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:23.249730 0.444586 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:23.694795 0.383052 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/29 20:30:53.583516 1.904775 tcp 10.0.2.109 65454 -> 27.251.231.18 9791 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/29 20:31:24.210025 3.001641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 20:31:31.217473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:31:39.218789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:31:55.221974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:32:27.227853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:38:31.233623 3.001782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 20:38:38.241439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:38:46.242840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:39:02.245684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:39:34.252048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:45:38.258013 3.001676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 20:45:45.265513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:45:53.266587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:46:09.269812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:46:41.275818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:52:48.286133 3.001501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 20:52:55.293601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:53:03.295341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:53:19.298680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:53:51.304432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 20:59:55.309721 3.001938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 21:00:02.317492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:00:10.318934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:00:26.322039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:00:30.328192 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 21:00:30.328367 0.172857 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:30.501719 0.249675 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:30.751806 0.053230 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:30.805558 0.060752 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:30.866709 0.046009 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:30.913116 0.049914 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:30.963435 0.088771 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:31.052609 0.344093 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:31.397084 0.425568 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:31.823062 0.628384 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:32.451885 0.455105 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:32.907439 0.147867 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:33.055741 0.087675 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:33.143874 0.064361 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:33.208714 0.035129 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:33.244245 0.063287 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:33.308007 0.031833 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:33.340244 0.210394 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:33.550990 0.367767 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:33.919243 0.359598 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:34.279335 0.148834 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:34.428626 0.386874 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:34.815880 0.156252 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:34.972516 0.157502 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:35.130575 0.187053 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:35.318021 1.575629 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:36.894290 0.453943 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:37.348662 0.688579 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:00:55.494987 1.743444 tcp 10.0.2.109 65455 -> 27.251.231.18 9791 FSPA* 0 0 15 1780 flow=From-Botnet-V1-TCP-Established 1970/01/29 21:00:58.328143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:07:02.333691 3.002128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 21:07:09.341363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:07:17.342721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:07:33.345921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:08:05.351810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:14:09.357844 3.045345 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 21:14:16.384518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:14:24.376991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:14:40.379701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:15:12.386046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:21:16.391616 3.002330 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 21:21:23.399217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:21:31.400967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:21:47.404073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:22:19.409832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:28:23.416073 3.001421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 21:28:30.423702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:28:38.424710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:28:54.428085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:29:26.434564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:30:47.500822 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 21:30:47.500926 0.163548 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:47.664925 0.302634 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:47.967972 0.063392 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:48.031813 0.059813 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:48.092161 0.071928 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:48.164526 0.048878 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:48.213785 0.340692 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:48.554885 0.337245 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:48.892583 0.384951 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:49.277973 0.152358 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:49.430753 0.225735 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:49.656946 0.431027 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:50.088438 0.088151 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:50.177106 0.062935 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:50.240514 0.034073 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:50.275036 0.063234 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:50.338660 0.034285 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:50.373439 0.213760 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:50.587644 0.370198 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:50.958409 0.359863 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:51.318669 0.155404 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:51.474626 0.371822 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:51.846842 0.151028 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:51.998278 0.152417 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:52.151109 0.182965 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:52.334454 0.355830 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:52.690687 0.447471 udp 10.0.2.109 3683 <-> 119.234.157.197 5726 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:53.138622 0.381991 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/29 21:30:57.245094 1.906728 tcp 10.0.2.109 65456 -> 27.251.231.18 9791 FSPA* 0 0 14 1714 flow=From-Botnet-V1-TCP-Established 1970/01/29 21:35:30.450597 3.000929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 21:35:37.456999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:35:45.459022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:36:01.461686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:36:33.467690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:42:37.474564 3.000969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 21:42:44.481346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:42:52.482364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:43:08.485888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:43:40.491761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:49:44.498734 3.000882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 21:49:51.505503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:49:59.506728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:50:15.509521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:50:47.516067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:56:51.522378 3.001246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 21:56:58.529211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:57:06.530862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:57:22.533278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 21:57:54.539685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:00:59.155630 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 22:00:59.155733 1.828417 tcp 10.0.2.109 65457 -> 27.251.231.18 9791 FSPA* 0 0 14 1656 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:01:01.368882 0.052703 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:01.421998 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 22:01:18.795283 0.045151 tcp 10.0.2.109 65458 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:01:18.840684 0.044622 tcp 10.0.2.109 65459 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:01:18.885626 0.142447 tcp 10.0.2.109 65460 -> 195.113.214.211 443 SRPA* 0 0 56 37318 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:01:19.028553 0.313186 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:19.342149 0.058128 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:19.400681 0.044273 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:19.445434 0.049212 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:19.495605 0.083468 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:19.579518 0.338031 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:19.918055 0.521485 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:20.439985 0.313190 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:20.753603 0.148487 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:20.902530 0.422085 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:21.325008 0.088088 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:21.413515 0.067356 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:21.481262 0.034461 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:21.516169 0.061824 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:21.578405 0.031269 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:21.610074 0.210284 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:21.820827 0.368227 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:22.189469 0.359755 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:22.549644 0.142025 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:22.692113 0.320230 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:23.012720 0.158649 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:23.171797 0.158339 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:23.330574 0.182320 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:23.513288 0.753891 udp 10.0.2.109 3683 <-> 1.163.254.236 2346 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:01:24.267565 0.000000 udp 10.0.2.109 3683 -> 119.234.157.197 5726 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 22:01:41.857391 0.043869 tcp 10.0.2.109 65461 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:01:41.901511 0.043791 tcp 10.0.2.109 65462 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:01:41.945552 0.162161 tcp 10.0.2.109 65463 -> 195.113.214.211 443 SRPA* 0 0 35 18596 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:01:42.107944 0.379660 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:03:58.546368 3.001224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 22:04:05.553352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:04:13.555012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:04:29.557926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:05:01.563775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:11:05.569505 3.001502 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 22:11:12.577284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:11:20.578770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:11:36.582255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:12:08.587465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:18:12.593410 3.002103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 22:18:19.601189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:18:27.602505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:18:43.605727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:19:15.611457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:25:19.618284 3.001002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 22:25:26.625151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:25:34.626719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:25:50.629730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:26:22.635595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:31:00.986226 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 22:31:00.986376 4.225403 tcp 10.0.2.109 65464 -> 27.251.231.18 9791 FSPA* 0 0 14 1599 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:31:44.939440 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 22:31:49.625881 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 22:32:02.415740 0.044984 tcp 10.0.2.109 65465 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:32:02.461017 0.044292 tcp 10.0.2.109 65466 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:32:02.505590 0.170131 tcp 10.0.2.109 65467 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:32:02.676331 0.000000 udp 10.0.2.109 3683 -> 119.234.157.197 5726 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 22:32:19.539484 0.043407 tcp 10.0.2.109 65468 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:32:19.583181 0.044773 tcp 10.0.2.109 65469 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:32:19.628265 0.152463 tcp 10.0.2.109 65470 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:32:19.781236 0.055134 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:19.836865 0.040402 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:19.877749 0.049976 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:19.928154 0.125812 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:20.054409 0.337444 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:20.392220 0.336784 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:20.729404 0.057454 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:20.787372 0.150442 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:20.938270 0.314210 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:21.252895 0.342567 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:21.595877 0.063383 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:21.659672 0.677889 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:22.337925 0.064471 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:22.402772 0.029328 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:22.432525 0.210992 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:22.643894 0.420749 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:23.065046 0.087002 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:23.152508 0.318440 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:23.471333 0.361066 udp 10.0.2.109 3683 <-> 114.24.148.141 7096 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:23.832772 0.359821 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:24.193025 0.144189 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:24.337640 0.182650 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:24.520709 0.153738 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:24.674879 0.160021 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:24.835326 0.000000 udp 10.0.2.109 3683 -> 1.163.254.236 2346 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 22:32:26.641122 3.002188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 22:32:33.649192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:32:40.539689 0.044877 tcp 10.0.2.109 65471 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:32:40.584868 0.044221 tcp 10.0.2.109 65472 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:32:40.629413 0.165629 tcp 10.0.2.109 65473 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/29 22:32:40.795601 0.370298 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 22:32:41.651009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:32:57.653643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:33:29.659744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:39:33.665435 3.027922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 22:39:40.683362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:39:48.684769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:40:04.687577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:40:36.693559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:46:40.699958 3.001351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 22:46:47.707231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:46:55.708450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:47:11.711735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:47:43.717933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:53:47.723425 3.001923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 22:53:54.730892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:54:02.733032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:54:18.735794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 22:54:50.741732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:00:54.747743 3.001748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 23:01:01.755008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:01:05.220262 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:01:05.220401 1.990395 tcp 10.0.2.109 65474 -> 27.251.231.18 9791 FSPA* 0 0 15 1757 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:01:09.756311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:01:25.759671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:01:57.765643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:02:46.606067 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:02:46.606177 0.335575 udp 10.0.2.109 3683 -> 1.163.254.236 2346 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:02:46.941752 0.000000 icmp 1.163.254.236 0x0303 -> 10.0.2.109 0x2a09 URP 192 1 164 flow=Background 1970/01/29 23:03:04.612961 0.067144 tcp 10.0.2.109 65475 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:03:04.680390 0.066180 tcp 10.0.2.109 65476 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:03:04.746842 0.163151 tcp 10.0.2.109 65477 -> 195.113.214.211 443 SRPA* 0 0 49 42076 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:03:04.910517 0.045598 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:04.956507 0.084781 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:05.041669 0.055233 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:05.097313 0.060123 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:05.157881 0.057773 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:05.216119 0.147889 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:05.364460 0.335190 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:05.700016 0.299454 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:05.999919 0.062407 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:06.062784 0.309752 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:06.372978 0.074335 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:06.447758 0.029301 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:06.477490 0.212301 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:06.690323 0.419542 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:07.110498 0.034708 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:07.145671 0.062105 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:07.208226 0.086081 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:07.294729 0.368384 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:07.663667 0.000000 udp 10.0.2.109 3683 -> 114.24.148.141 7096 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:03:26.403490 0.066688 tcp 10.0.2.109 65478 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:03:26.470435 0.066826 tcp 10.0.2.109 65479 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:03:26.537526 0.171594 tcp 10.0.2.109 65480 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:03:26.709709 0.187251 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:26.897354 0.154106 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:27.051860 0.156535 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:27.208788 0.142237 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:27.351427 0.369391 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:03:27.721236 0.381850 udp 10.0.2.109 3683 <-> 203.206.187.11 6867 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:08:01.771991 3.001085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 23:08:08.778996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:08:16.780494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:08:32.783636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:09:04.789180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:15:08.795448 3.001743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 23:15:15.803078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:15:23.804474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:15:39.807653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:16:11.813577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:22:15.819563 3.001848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 23:22:22.826987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:22:30.828505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:22:46.831513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:23:18.837247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:29:22.844166 3.000809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 23:29:29.850981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:29:37.852354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:29:53.855486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:30:25.871529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:31:07.211292 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:31:07.211423 1.949288 tcp 10.0.2.109 65481 -> 27.251.231.18 9791 FSPA* 0 0 14 1745 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:33:51.998112 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:33:51.998209 0.000000 udp 10.0.2.109 3683 -> 114.24.148.141 7096 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:34:10.556651 0.067390 tcp 10.0.2.109 65482 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:34:10.624305 0.127584 tcp 10.0.2.109 65483 -> 195.113.214.211 80 SRPA* 0 0 18 13409 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:34:10.752280 0.049859 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:10.802587 0.079934 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:10.882934 0.044658 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:10.928049 0.055501 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:10.983950 0.151462 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:11.135849 0.336604 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:11.472802 0.054047 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:11.527249 0.061467 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:11.589138 0.235820 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:11.825428 0.029332 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:11.855233 0.212574 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:12.068284 0.081127 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:12.149903 0.330238 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:12.480593 0.085316 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:12.566398 0.356460 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:12.923292 0.783081 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:13.706843 0.040701 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:13.747995 0.065265 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:13.813682 0.397103 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:14.211216 0.155495 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:14.367094 0.354006 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:14.721578 0.161041 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:14.883176 0.145459 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:15.029167 0.000000 udp 10.0.2.109 3683 -> 203.206.187.11 6867 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:34:32.967801 0.066214 tcp 10.0.2.109 65484 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:34:33.034342 0.044566 tcp 10.0.2.109 65485 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:34:33.079257 0.159997 tcp 10.0.2.109 65486 -> 195.113.214.211 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/01/29 23:34:33.281952 0.000000 udp 10.0.2.109 3683 -> 203.206.187.11 6867 REQ 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:34:41.588948 0.087738 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 783 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:41.677186 0.045112 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:41.722778 0.051735 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 707 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:41.774957 0.050333 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 709 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:41.825808 0.042502 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 773 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:41.868920 0.059730 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 819 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:41.929259 0.280206 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 668 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:42.209895 0.029995 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:42.240435 0.223587 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:42.464489 0.155060 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 712 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:42.620057 0.337780 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 811 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:42.958325 0.428100 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 664 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:43.386925 0.084152 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 752 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:43.471622 0.353767 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:43.825972 0.311334 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 725 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:44.137852 0.035202 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:44.173470 0.055584 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 727 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:44.229570 0.419825 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 718 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:44.667034 0.354803 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 730 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:45.022304 0.154098 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 802 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:45.176894 0.143304 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:45.320741 0.158538 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:45.479747 0.178797 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 770 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:34:45.659109 0.000000 udp 10.0.2.109 3683 -> 203.32.220.31 5516 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:34:54.627936 0.000000 udp 10.0.2.109 3683 -> 83.52.123.30 1605 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:35:01.748228 0.000000 udp 10.0.2.109 3683 -> 95.226.160.37 6037 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:35:08.528055 1.032149 udp 10.0.2.109 3683 <-> 59.161.22.169 6035 CON 0 0 2 756 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:35:09.656726 0.000000 udp 10.0.2.109 3683 -> 119.160.180.250 1482 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:35:15.577848 0.056164 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 795 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:35:15.682556 0.000000 udp 10.0.2.109 3683 -> 69.158.43.50 5362 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:35:20.124685 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:35:21.857087 0.000000 udp 10.0.2.109 3683 -> 90.148.114.51 1870 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:35:29.497862 0.000000 udp 10.0.2.109 3683 -> 2.126.209.151 3129 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:35:37.048999 0.000000 udp 10.0.2.109 3683 -> 177.124.4.25 3252 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:35:45.391249 0.228913 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:35:45.735425 0.000000 udp 10.0.2.109 3683 -> 109.224.204.52 9767 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:35:54.114668 0.000000 udp 10.0.2.109 3683 -> 113.71.104.211 9496 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:36:02.605891 0.186155 udp 10.0.2.109 3683 -> 186.6.32.65 2209 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:36:02.792046 0.000000 icmp 186.6.32.65 0x0303 -> 10.0.2.109 0xa108 URP 192 1 236 flow=Background 1970/01/29 23:36:07.122291 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:36:09.755884 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:36:18.628338 0.000000 udp 10.0.2.109 3683 -> 82.41.217.110 5559 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:36:26.399783 0.000000 udp 10.0.2.109 3683 -> 82.107.59.118 5881 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:36:29.878743 3.000516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 23:36:33.730357 0.000000 udp 10.0.2.109 3683 -> 84.228.75.144 9285 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:36:36.885127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:36:41.752205 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:36:44.886638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:36:50.194482 0.000000 udp 10.0.2.109 3683 -> 112.78.150.138 4841 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:36:55.120906 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:36:55.922191 0.000000 udp 10.0.2.109 3683 -> 84.35.129.200 5553 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:37:00.889015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:37:02.922969 0.000000 udp 10.0.2.109 3683 -> 109.155.169.160 3307 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:37:08.961355 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:37:13.998479 0.000000 udp 10.0.2.109 3683 -> 58.62.237.114 7877 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:37:22.180176 0.000000 udp 10.0.2.109 3683 -> 174.0.55.32 7269 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:37:28.629226 0.000000 udp 10.0.2.109 3683 -> 119.42.83.161 8466 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:37:32.895351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:37:37.632392 0.000000 udp 10.0.2.109 3683 -> 82.118.97.180 8195 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:37:42.629541 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:37:46.374974 0.000000 udp 10.0.2.109 3683 -> 217.228.45.3 9522 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:37:54.075863 0.000000 udp 10.0.2.109 3683 -> 125.2.83.168 4368 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:38:01.556917 0.000000 udp 10.0.2.109 3683 -> 95.97.246.106 8768 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:38:09.498433 1.059277 udp 10.0.2.109 3683 <-> 14.98.79.129 1391 CON 0 0 2 795 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:38:10.796501 0.000000 udp 10.0.2.109 3683 -> 123.201.136.114 3618 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:38:18.771387 0.061788 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:38:18.846675 0.046589 udp 10.0.2.109 3683 <-> 93.198.203.115 8279 CON 0 0 2 846 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:38:18.960391 0.000000 udp 10.0.2.109 3683 -> 78.172.113.239 8659 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:38:24.059286 0.276269 udp 10.0.2.109 3683 <-> 78.100.112.93 7749 CON 0 0 2 848 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:38:24.480207 0.043907 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:38:24.548051 0.000000 udp 10.0.2.109 3683 -> 122.165.216.127 5373 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:38:28.625328 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:38:31.850151 0.000000 udp 10.0.2.109 3683 -> 46.49.69.148 1742 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:38:39.100975 0.000000 udp 10.0.2.109 3683 -> 79.210.27.154 2613 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:38:44.869153 0.386096 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 842 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:38:45.325616 0.000000 udp 10.0.2.109 3683 -> 31.6.182.58 8466 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:38:51.578727 0.000000 udp 10.0.2.109 3683 -> 196.216.69.30 3489 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:39:00.501347 0.000000 udp 10.0.2.109 3683 -> 81.27.123.106 4604 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:39:07.972930 0.000000 udp 10.0.2.109 3683 -> 217.92.79.27 8842 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:39:13.700431 0.000000 udp 10.0.2.109 3683 -> 82.39.189.140 9039 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:39:18.627468 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:39:21.121049 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:39:26.328603 0.079221 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 723 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:39:26.562647 0.000000 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:39:33.338818 0.150960 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 724 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:39:33.674275 0.000000 udp 10.0.2.109 3683 -> 41.133.181.76 6976 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:39:39.577838 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:39:46.367487 0.202163 udp 10.0.2.109 3683 <-> 94.66.120.225 2306 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:39:46.890790 0.000000 udp 10.0.2.109 3683 -> 173.218.242.88 5256 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:39:55.590274 0.000000 udp 10.0.2.109 3683 -> 50.201.166.203 3557 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:40:04.002783 0.141562 udp 10.0.2.109 3683 -> 209.31.119.130 4843 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:40:04.144345 0.000000 icmp 209.31.119.130 0x0303 -> 10.0.2.109 0xeb12 URP 192 1 150 flow=Background 1970/01/29 23:40:08.629304 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:40:10.331388 0.000000 udp 10.0.2.109 3683 -> 173.174.91.111 3192 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:40:15.789799 0.000000 udp 10.0.2.109 3683 -> 24.185.165.103 6461 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:40:20.967162 0.000000 udp 10.0.2.109 3683 -> 66.189.88.238 9162 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:40:26.956051 0.000000 udp 10.0.2.109 3683 -> 72.54.178.173 4516 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:40:35.097844 0.000000 udp 10.0.2.109 3683 -> 82.127.22.93 1308 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:40:41.887420 0.000000 udp 10.0.2.109 3683 -> 123.243.244.215 3396 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:40:49.427897 0.359560 udp 10.0.2.109 3683 -> 59.115.36.113 2346 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:40:49.787457 0.000000 icmp 59.115.36.113 0x0303 -> 10.0.2.109 0x2a09 URP 192 1 325 flow=Background 1970/01/29 23:40:54.124664 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:40:54.876030 0.259528 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:40:55.155705 0.000000 udp 10.0.2.109 3683 -> 176.92.23.102 4873 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:41:03.047731 0.000000 udp 10.0.2.109 3683 -> 66.27.161.41 4791 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:41:08.946198 0.000000 udp 10.0.2.109 3683 -> 91.81.49.136 9565 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:41:15.655648 0.000000 udp 10.0.2.109 3683 -> 99.244.119.87 8806 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:41:24.528806 0.000000 udp 10.0.2.109 3683 -> 195.91.157.11 1954 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:41:29.776107 0.126928 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 744 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:41:29.956125 0.000000 udp 10.0.2.109 3683 -> 84.62.0.137 8698 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:41:38.899167 0.000000 udp 10.0.2.109 3683 -> 95.230.45.91 7384 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:41:43.625820 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:41:43.956612 0.000000 udp 10.0.2.109 3683 -> 117.241.209.80 6164 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:41:50.546196 0.000000 udp 10.0.2.109 3683 -> 125.236.206.19 8728 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:41:58.227328 0.000000 udp 10.0.2.109 3683 -> 171.98.1.50 1366 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:42:06.959690 0.293427 udp 10.0.2.109 3683 <-> 182.188.151.174 6941 CON 0 0 2 830 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:42:07.344812 0.136873 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 668 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:42:07.567041 1.101806 udp 10.0.2.109 3683 <-> 125.113.183.154 7687 CON 0 0 2 834 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:42:08.706310 0.000000 udp 10.0.2.109 3683 -> 98.175.165.173 8272 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:42:14.670508 0.078783 udp 10.0.2.109 3683 <-> 109.182.78.232 1381 CON 0 0 2 848 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:42:14.945325 0.000000 udp 10.0.2.109 3683 -> 79.15.14.142 1661 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:42:23.593175 0.191011 udp 10.0.2.109 3683 -> 182.72.212.195 8563 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:42:23.784186 0.000000 icmp 182.72.212.195 0x0303 -> 10.0.2.109 0x7321 URP 192 1 206 flow=Background 1970/01/29 23:42:28.129776 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:42:30.683511 0.245405 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 797 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:42:30.979046 0.000000 udp 10.0.2.109 3683 -> 82.90.0.77 1484 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:42:36.071404 0.000000 udp 10.0.2.109 3683 -> 195.158.109.174 5909 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:42:41.490953 0.357268 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 692 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:42:41.876157 0.000000 udp 10.0.2.109 3683 -> 97.102.56.201 9953 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:42:50.591770 0.000000 udp 10.0.2.109 3683 -> 94.212.51.230 3662 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:42:57.331890 0.000000 udp 10.0.2.109 3683 -> 2.121.143.42 3057 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:04.171955 0.000000 udp 10.0.2.109 3683 -> 90.208.179.61 5088 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:09.850122 0.064690 udp 10.0.2.109 3683 -> 77.6.111.213 9906 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:09.914812 0.000000 icmp 77.6.111.213 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 253 flow=Background 1970/01/29 23:43:14.626919 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:43:15.407875 0.000000 udp 10.0.2.109 3683 -> 162.201.91.41 1339 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:20.865872 0.000000 udp 10.0.2.109 3683 -> 95.227.147.49 3412 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:29.627794 0.000000 udp 10.0.2.109 3683 -> 85.189.141.67 2894 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:34.745677 0.000000 udp 10.0.2.109 3683 -> 81.45.235.160 4564 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:36.900629 3.002475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/29 23:43:42.516989 0.000000 udp 10.0.2.109 3683 -> 202.142.110.67 2211 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:43.908786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:43:48.195277 0.000000 udp 10.0.2.109 3683 -> 117.217.26.228 4976 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:51.910295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:43:54.264054 0.000000 udp 10.0.2.109 3683 -> 82.57.85.58 5295 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:43:59.120648 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:44:00.142451 0.000000 udp 10.0.2.109 3683 -> 86.129.89.197 2142 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:44:05.369925 0.469672 udp 10.0.2.109 3683 <-> 117.194.247.177 6423 CON 0 0 2 821 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:44:06.111075 0.041684 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:44:06.345221 0.000000 udp 10.0.2.109 3683 -> 105.226.97.233 4073 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:44:07.913426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:44:12.730370 0.000000 udp 10.0.2.109 3683 -> 208.90.195.170 7614 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:44:19.970829 0.057032 udp 10.0.2.109 3683 <-> 78.139.151.38 7528 CON 0 0 2 771 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:44:20.210059 0.000000 udp 10.0.2.109 3683 -> 178.134.232.118 1085 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:44:26.840892 0.000000 udp 10.0.2.109 3683 -> 36.2.107.42 1947 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:44:35.633233 0.062060 udp 10.0.2.109 3683 <-> 81.130.58.195 5196 CON 0 0 2 672 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:44:35.729243 0.056130 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:44:35.806218 0.321045 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 859 flow=From-Botnet-V1-UDP-Established 1970/01/29 23:44:36.240458 0.000000 udp 10.0.2.109 3683 -> 110.78.168.57 2385 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:44:39.919450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:44:41.852473 0.000000 udp 10.0.2.109 3683 -> 120.151.242.47 9872 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:44:46.628982 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/29 23:44:47.199803 0.000000 udp 10.0.2.109 3683 -> 125.99.113.230 3458 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:44:54.340333 0.000000 udp 10.0.2.109 3683 -> 85.33.211.129 9896 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:45:01.330042 0.000000 udp 10.0.2.109 3683 -> 113.11.21.250 9444 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/01/29 23:51:48.929475 3.000939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 23:51:55.936323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:52:03.938350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:52:19.940705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:52:51.947024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:58:55.953201 3.001492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/29 23:59:02.960060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:59:10.961728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:59:26.964789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/29 23:59:58.970874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:01:09.162291 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 00:01:09.162478 1.724700 tcp 10.0.2.109 65487 -> 27.251.231.18 9791 FSPA* 0 0 15 1600 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:06:02.976102 3.002351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 00:06:09.984403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:06:17.985524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:06:33.988821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:07:05.994797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:13:10.000969 3.034867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 00:13:17.018079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:13:25.019744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:13:41.022893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:14:13.028706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:15:12.955253 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 00:15:12.955350 0.267617 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:13.223475 0.041659 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:13.265662 0.068779 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:13.334863 0.050005 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:13.385285 0.049803 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:13.435500 0.065490 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:13.501415 0.338270 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:13.840070 0.291204 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:14.131691 0.031320 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:14.163499 0.214031 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:14.377993 0.150998 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:14.529374 0.236198 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:14.765969 0.087659 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:14.854100 0.348651 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:15.203291 0.352583 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:15.556304 0.035724 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:15.592430 0.000000 udp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 00:15:34.207872 0.066821 tcp 10.0.2.109 65488 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:15:34.274932 0.067673 tcp 10.0.2.109 65489 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:15:34.342880 0.152476 tcp 10.0.2.109 65490 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:15:34.496490 0.423114 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:34.920081 0.382225 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:35.302720 0.157317 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:35.460402 0.147163 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:35.607996 0.152296 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:35.760741 0.182847 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:35.944013 0.822434 udp 10.0.2.109 3683 <-> 59.161.22.169 6035 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:36.766835 0.055739 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:36.822954 0.216647 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:37.040041 0.000000 udp 10.0.2.109 3683 -> 14.98.79.129 1391 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 00:15:54.845709 0.066103 tcp 10.0.2.109 65491 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:15:54.912131 0.069040 tcp 10.0.2.109 65492 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:15:54.981457 0.176102 tcp 10.0.2.109 65493 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:15:55.158412 0.056254 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:55.215099 0.040404 udp 10.0.2.109 3683 <-> 93.198.203.115 8279 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:55.255915 0.218136 udp 10.0.2.109 3683 <-> 78.100.112.93 7749 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:55.474467 0.042630 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:55.517495 0.382774 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:55.900766 0.076441 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:55.977624 0.146294 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:56.124360 0.292964 udp 10.0.2.109 3683 <-> 94.66.120.225 2306 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:56.417765 0.259409 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:56.677709 0.114318 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:15:56.792484 0.000000 udp 10.0.2.109 3683 -> 182.188.151.174 6941 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 00:16:13.182319 0.066000 tcp 10.0.2.109 65494 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:16:13.248642 0.065820 tcp 10.0.2.109 65495 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:16:13.314845 0.165902 tcp 10.0.2.109 65496 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:16:13.481271 0.138470 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:16:13.620130 0.623554 udp 10.0.2.109 3683 <-> 125.113.183.154 7687 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:16:14.244081 0.065583 udp 10.0.2.109 3683 <-> 109.182.78.232 1381 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:16:14.310345 0.166437 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:16:14.477196 0.348370 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:16:14.826025 0.356616 udp 10.0.2.109 3683 <-> 117.194.247.177 6423 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:16:15.183059 0.043207 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:16:15.226720 0.058636 udp 10.0.2.109 3683 <-> 78.139.151.38 7528 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:16:15.285734 0.057116 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:16:15.343319 0.000000 udp 10.0.2.109 3683 -> 81.130.58.195 5196 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 00:16:31.919136 0.066663 tcp 10.0.2.109 65497 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:16:31.986306 0.067410 tcp 10.0.2.109 65498 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:16:32.054000 0.161514 tcp 10.0.2.109 65499 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:16:32.216027 0.332246 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:20:17.034208 3.002586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 00:20:24.042421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:20:32.043724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:20:48.046751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:21:20.052823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:27:24.059895 3.000274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 00:27:31.066130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:27:39.067689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:27:55.070878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:28:27.076656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:31:10.892555 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 00:31:10.892706 1.918859 tcp 10.0.2.109 65500 -> 27.251.231.18 9791 FSPA* 0 0 14 1737 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:34:31.082441 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 00:34:38.090398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:34:46.091894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:35:02.095163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:35:34.224656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:41:38.389856 2.998808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 00:41:45.394415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:41:53.395975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:42:09.398932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:42:41.405000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:46:57.713535 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 00:46:57.713744 0.063408 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:46:57.777498 0.000000 udp 10.0.2.109 3683 -> 14.98.79.129 1391 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 00:47:13.859018 0.067989 tcp 10.0.2.109 65501 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:47:13.927348 0.067296 tcp 10.0.2.109 65502 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:47:13.995020 0.162918 tcp 10.0.2.109 65503 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:47:14.158517 0.000000 udp 10.0.2.109 3683 -> 182.188.151.174 6941 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 00:47:29.379515 0.065851 tcp 10.0.2.109 65504 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:47:29.445649 0.067207 tcp 10.0.2.109 65505 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:47:29.513110 0.171221 tcp 10.0.2.109 65506 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:47:29.684833 0.000000 udp 10.0.2.109 3683 -> 81.130.58.195 5196 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 00:47:44.771863 0.066683 tcp 10.0.2.109 65507 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:47:44.838859 0.069441 tcp 10.0.2.109 65508 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:47:44.908701 0.165714 tcp 10.0.2.109 65509 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:47:45.075042 0.060477 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:45.135994 0.361965 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:45.498544 0.054642 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:45.553645 0.044698 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:45.598800 0.065672 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:45.664948 0.048775 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:45.714427 0.080019 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:45.794900 0.090292 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:45.885699 0.031225 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:45.917401 0.147050 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:46.064866 0.248553 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:46.313779 0.215750 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:46.529934 0.552739 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:47.083193 0.335967 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:47.419652 0.390177 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:47.810345 0.035773 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:47.846556 0.425212 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:48.272236 0.185814 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:48.458497 0.152896 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:48.611853 0.161214 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:48.773501 0.138930 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:48.912923 0.356831 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:49.270267 0.057429 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:49.328080 0.236037 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:49.564533 3.663837 udp 10.0.2.109 3683 <-> 59.161.22.169 6035 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:47:53.228838 0.000000 udp 10.0.2.109 3683 -> 78.100.112.93 7749 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 00:48:10.418594 0.067440 tcp 10.0.2.109 65510 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:48:10.486345 0.074805 tcp 10.0.2.109 65511 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:48:10.561436 0.158766 tcp 10.0.2.109 65512 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:48:10.720887 0.050154 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:10.771539 0.383844 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:11.155855 0.077960 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:11.234333 0.041500 udp 10.0.2.109 3683 <-> 93.198.203.115 8279 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:11.276244 0.061988 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:11.338680 0.287093 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:11.626136 0.206301 udp 10.0.2.109 3683 <-> 94.66.120.225 2306 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:11.832873 0.146124 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:11.979445 0.114231 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:12.094090 0.138912 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:12.233439 0.353727 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:12.587557 0.518198 udp 10.0.2.109 3683 <-> 125.113.183.154 7687 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:13.106144 0.063456 udp 10.0.2.109 3683 <-> 109.182.78.232 1381 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:13.170044 0.229018 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:13.399487 0.000000 udp 10.0.2.109 3683 -> 78.139.151.38 7528 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 00:48:29.125628 0.068081 tcp 10.0.2.109 65513 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:48:29.193979 0.067350 tcp 10.0.2.109 65514 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:48:29.261690 0.164004 tcp 10.0.2.109 65515 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/30 00:48:29.426255 0.053451 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:29.480131 0.396221 udp 10.0.2.109 3683 <-> 117.194.247.177 6423 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:29.876745 0.047545 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:29.924675 0.280185 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/30 00:48:45.411793 3.000785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 00:48:52.418591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:49:00.419895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:49:16.422870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:49:48.428877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:55:52.435304 3.001914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 00:55:59.442387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:56:07.447321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:56:23.447210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 00:56:55.452231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:01:13.063635 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 01:01:13.063830 1.744002 tcp 10.0.2.109 65516 -> 27.251.231.18 9791 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:02:59.477101 3.003405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 01:03:06.486503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:03:14.488121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:03:30.490909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:04:02.496879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:10:06.503642 3.000954 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 01:10:13.510717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:10:21.512077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:10:37.514780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:11:09.520898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:17:13.527099 3.001355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 01:17:20.544499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:17:28.545701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:17:44.548549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:18:16.554915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:18:48.140734 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 01:18:48.140900 0.000000 udp 10.0.2.109 3683 -> 78.100.112.93 7749 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 01:19:05.907903 0.068817 tcp 10.0.2.109 65517 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:05.977064 0.067088 tcp 10.0.2.109 65518 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:06.044561 0.166689 tcp 10.0.2.109 65519 -> 195.113.214.211 443 SRPA* 0 0 51 33094 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:06.211926 0.000000 udp 10.0.2.109 3683 -> 78.139.151.38 7528 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 01:19:21.398592 0.068709 tcp 10.0.2.109 65520 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:21.467576 0.173876 tcp 10.0.2.109 65521 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:21.641738 0.179122 tcp 10.0.2.109 65522 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:21.821388 0.067465 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:21.889352 0.050817 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:21.940611 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 01:19:38.032553 0.066716 tcp 10.0.2.109 65523 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:38.099662 0.068118 tcp 10.0.2.109 65524 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:38.168162 0.162136 tcp 10.0.2.109 65525 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:38.330909 0.065607 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:38.396984 0.049578 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:38.446977 0.076846 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:38.524243 0.181097 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:38.705893 0.031135 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:38.737513 0.062180 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:38.800152 0.349534 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:39.150418 0.146935 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:39.297785 0.213575 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:39.511757 0.331992 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:39.844198 0.408698 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 591 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:40.253346 0.329417 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:40.583306 0.074595 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:40.658378 0.034529 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:40.693425 0.157337 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:40.851120 0.159421 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:41.010993 0.154080 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:41.165478 0.177743 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:41.343711 0.425426 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:41.769616 0.356737 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:42.126803 0.253387 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:42.380622 0.057266 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:42.438486 0.747176 udp 10.0.2.109 3683 <-> 59.161.22.169 6035 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:19:43.186054 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 01:19:59.573258 0.069035 tcp 10.0.2.109 65526 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:59.642590 0.066586 tcp 10.0.2.109 65527 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:59.709510 0.217789 tcp 10.0.2.109 65528 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:19:59.926488 0.087285 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:00.014162 0.040137 udp 10.0.2.109 3683 <-> 93.198.203.115 8279 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:00.054680 0.056045 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:00.111126 0.300356 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:00.411895 0.668325 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:01.080624 0.099745 udp 10.0.2.109 3683 <-> 94.66.120.225 2306 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:01.180764 0.136648 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:01.317838 0.354093 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:01.672348 0.148249 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:01.821047 0.126366 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:01.947870 0.325365 udp 10.0.2.109 3683 <-> 125.113.183.154 7687 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:02.273723 0.064939 udp 10.0.2.109 3683 <-> 109.182.78.232 1381 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:02.339059 0.168834 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:02.508304 0.050486 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:02.559195 0.058550 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:02.618247 0.383695 udp 10.0.2.109 3683 <-> 117.194.247.177 6423 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:20:03.002369 0.299930 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:24:20.561276 3.001549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 01:24:27.568608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:24:35.569595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:24:51.572804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:25:23.578533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:31:14.814516 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 01:31:14.814721 1.890139 tcp 10.0.2.109 65529 -> 27.251.231.18 9791 FSPA* 0 0 15 1590 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:31:27.585370 3.001126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 01:31:34.592304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:31:42.593628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:31:58.596908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:32:30.602920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:38:34.609314 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 01:38:41.616005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:38:49.617726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:39:05.620750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:39:37.626712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:45:41.633136 3.001407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 01:45:48.640213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:45:56.641262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:46:12.644689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:46:44.651302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:50:17.206966 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 01:50:17.207160 0.040132 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:17.247795 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 01:50:32.790738 0.069051 tcp 10.0.2.109 65530 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:50:32.860075 0.066435 tcp 10.0.2.109 65531 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:50:32.926799 0.168773 tcp 10.0.2.109 65532 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:50:33.096255 0.065702 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.162448 0.100212 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.263174 0.049783 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.313491 0.083327 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.397234 0.084128 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.481807 0.031477 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.513690 0.057940 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.572080 0.060350 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.632844 0.064151 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.697363 0.142922 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:33.840712 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 01:50:52.417363 0.065419 tcp 10.0.2.109 65533 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:50:52.483086 0.045193 tcp 10.0.2.109 65534 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:50:52.528580 0.164280 tcp 10.0.2.109 49157 -> 195.113.214.211 443 SRPA* 0 0 23 12930 flow=From-Botnet-V1-TCP-Established 1970/01/30 01:50:52.693393 0.207948 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:52.901785 0.324125 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:53.226493 0.487323 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:53.714309 0.035398 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:53.750074 0.155281 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:53.905876 0.413229 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:54.319602 0.178250 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:54.498477 0.425905 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:54.924740 0.142304 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:55.067516 0.156689 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:55.224618 0.237960 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:55.462962 0.376813 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:55.840202 0.058185 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:55.898803 2.667583 udp 10.0.2.109 3683 <-> 59.161.22.169 6035 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:58.566760 0.056344 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:58.623528 0.361129 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:58.985135 0.085521 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:59.071144 0.046231 udp 10.0.2.109 3683 <-> 93.198.203.115 8279 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:59.117819 0.382214 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:59.500452 0.364303 udp 10.0.2.109 3683 <-> 94.66.120.225 2306 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:50:59.865147 0.138354 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:00.003944 0.352422 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:00.356797 0.148291 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:00.505535 0.064745 udp 10.0.2.109 3683 <-> 109.182.78.232 1381 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:00.570702 0.166450 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:00.737626 0.041335 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:00.779461 0.335448 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:01.115384 0.114320 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:01.230300 0.399738 udp 10.0.2.109 3683 <-> 125.113.183.154 7687 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:01.630486 0.366733 udp 10.0.2.109 3683 <-> 117.194.247.177 6423 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:51:01.997722 0.214098 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/30 01:52:48.657341 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 01:52:55.664395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:53:03.665637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:53:19.669129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:53:51.674480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 01:59:55.680264 3.002416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 02:00:02.688122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:00:10.689432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:00:26.691950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:00:58.698885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:01:16.704980 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 02:01:16.705198 1.826269 tcp 10.0.2.109 49158 -> 27.251.231.18 9791 FSPA* 0 0 15 1552 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:07:02.704975 3.001600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 02:07:09.712012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:07:17.712905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:07:33.716538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:08:05.722766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:14:09.729876 3.000248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 02:14:16.735897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:14:24.738496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:14:40.740813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:15:12.747160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:21:16.319335 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 02:21:16.319477 0.351144 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:16.671078 0.044651 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:16.719174 0.043581 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:16.752869 3.001179 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 02:21:16.763222 0.048995 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:16.812638 0.087038 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:16.900081 0.086199 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:16.986704 0.068052 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:17.055173 0.062058 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:17.117669 0.065972 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:17.184028 0.065063 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:17.249525 0.031570 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:17.281481 0.148825 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:17.430771 0.209695 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:17.640836 0.039250 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:17.680559 0.342780 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:18.023795 0.317902 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:18.342481 0.150791 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:18.493667 0.435409 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:18.929546 0.149889 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:19.079871 0.184910 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:19.265162 0.424104 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:19.689616 0.159924 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:19.849988 0.210363 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:20.060830 0.365248 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:20.426437 0.055048 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:20.481871 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 02:21:23.759904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:21:31.761791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:21:37.782471 0.045657 tcp 10.0.2.109 49159 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:21:37.828363 0.046262 tcp 10.0.2.109 49160 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:21:37.874947 0.163186 tcp 10.0.2.109 49161 -> 195.113.214.211 443 SRPA* 0 0 43 34706 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:21:38.038771 0.086143 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:38.125309 0.041522 udp 10.0.2.109 3683 <-> 93.198.203.115 8279 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:38.167416 0.000000 udp 10.0.2.109 3683 -> 59.161.22.169 6035 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 02:21:47.764424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:21:53.473375 0.068144 tcp 10.0.2.109 49162 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:21:53.541821 0.066762 tcp 10.0.2.109 49163 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:21:53.608854 0.162841 tcp 10.0.2.109 49164 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:21:53.772179 0.056325 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:53.828999 0.383585 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:54.213055 0.101976 udp 10.0.2.109 3683 <-> 94.66.120.225 2306 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:54.315444 0.144954 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:54.460791 0.353941 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:54.815174 0.148270 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:54.963862 0.065760 udp 10.0.2.109 3683 <-> 109.182.78.232 1381 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:55.030042 0.164390 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:55.194826 0.046646 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:55.241877 0.048477 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:55.290774 0.126327 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:55.417601 0.475373 udp 10.0.2.109 3683 <-> 125.113.183.154 7687 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:55.893368 0.344044 udp 10.0.2.109 3683 <-> 117.194.247.177 6423 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:21:56.237827 0.318081 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:22:19.770879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:28:23.776501 3.001521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 02:28:30.783910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:28:38.785573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:28:54.788343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:29:26.794460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:31:18.535452 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 02:31:18.535660 1.755800 tcp 10.0.2.109 49165 -> 27.251.231.18 9791 FSPA* 0 0 15 1677 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:35:30.801183 3.000946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 02:35:37.808551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:35:45.809388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:36:01.812694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:36:33.818055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:42:37.826192 2.999809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 02:42:44.841763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:42:52.843467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:43:08.846783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:43:40.852626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:49:44.858121 3.002299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 02:49:51.865844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:49:59.867516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:50:15.870786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:50:47.876760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:52:22.062526 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 02:52:22.062626 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 02:52:41.011392 0.046069 tcp 10.0.2.109 49166 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:52:41.057686 0.068356 tcp 10.0.2.109 49167 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:52:41.126417 0.161050 tcp 10.0.2.109 49168 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:52:41.288059 0.000000 udp 10.0.2.109 3683 -> 59.161.22.169 6035 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 02:52:59.265800 0.066952 tcp 10.0.2.109 49169 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:52:59.333051 0.068879 tcp 10.0.2.109 49170 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:52:59.402214 0.178619 tcp 10.0.2.109 49171 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:52:59.581314 0.085011 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:52:59.666665 0.055053 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:52:59.722125 0.044615 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:52:59.767184 0.347045 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:00.114673 0.050594 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:00.165735 0.063807 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:00.229950 0.062500 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:00.292873 0.065826 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:00.359115 0.029186 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:00.388692 0.149065 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:00.538180 0.356859 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:00.895445 0.036106 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:00.932022 0.105381 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:01.037792 0.212081 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:01.250356 0.265191 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:01.516033 0.323438 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:01.839856 0.157800 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:01.998263 0.424958 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:02.423673 0.159558 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:02.583669 0.423338 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:03.007419 0.175665 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:03.183530 0.139403 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:03.323348 0.274335 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:03.598091 0.052649 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:03.651206 0.298654 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:03.950351 0.077763 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:04.028565 0.046516 udp 10.0.2.109 3683 <-> 93.198.203.115 8279 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:04.075539 0.059764 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:04.135759 0.381313 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:04.517526 0.000000 udp 10.0.2.109 3683 -> 94.66.120.225 2306 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 02:53:20.456275 0.068133 tcp 10.0.2.109 49172 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:53:20.524679 0.075626 tcp 10.0.2.109 49173 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:53:20.600565 0.165766 tcp 10.0.2.109 49174 -> 195.113.214.211 443 SRPA* 0 0 39 21770 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:53:20.766849 0.152597 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:20.919836 0.354281 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:21.274545 0.149032 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:21.423985 0.063091 udp 10.0.2.109 3683 <-> 109.182.78.232 1381 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:21.487476 0.180078 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:21.667942 0.042660 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:21.711068 0.068298 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:21.779794 0.114020 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:21.894406 0.379232 udp 10.0.2.109 3683 <-> 125.113.183.154 7687 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:53:22.274066 0.000000 udp 10.0.2.109 3683 -> 117.194.247.177 6423 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 02:53:37.921690 0.067117 tcp 10.0.2.109 49175 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:53:37.989109 0.070076 tcp 10.0.2.109 49176 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:53:38.059456 0.166416 tcp 10.0.2.109 49177 -> 195.113.214.211 443 SRPA* 0 0 51 33776 flow=From-Botnet-V1-TCP-Established 1970/01/30 02:53:38.227163 0.307564 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/30 02:56:51.882619 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 02:56:58.889972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:57:06.891136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:57:22.894493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 02:57:54.900560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:01:20.295973 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 03:01:20.296075 1.849899 tcp 10.0.2.109 49178 -> 27.251.231.18 9791 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:03:58.905525 3.002525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 03:04:05.913388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:04:13.915268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:04:29.918196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:05:01.924053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:11:05.930919 3.001227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 03:11:12.937865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:11:20.939196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:11:36.942388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:12:08.948144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:18:12.955587 3.000370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 03:18:19.961989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:18:27.963184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:18:43.965922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:19:15.972331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:24:08.622207 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 03:24:08.622321 0.198183 udp 10.0.2.109 3683 <-> 94.66.120.225 2306 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:08.820982 0.000000 udp 10.0.2.109 3683 -> 117.194.247.177 6423 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 03:24:26.380751 0.068964 tcp 10.0.2.109 49179 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:24:26.450004 0.068284 tcp 10.0.2.109 49180 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:24:26.518567 0.172734 tcp 10.0.2.109 49181 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:24:26.691884 0.102907 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:26.795295 0.345464 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.141194 0.049857 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.191464 0.061733 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.253668 0.068937 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.322975 0.040072 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.363448 0.048144 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.412020 0.062742 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.475165 0.065605 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.541198 0.090400 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.632084 0.036985 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.669530 0.147983 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.817983 0.029470 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:27.847944 0.237009 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:28.085357 0.213633 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:28.299409 0.155854 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:28.455712 0.354219 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:28.810323 0.409057 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:29.219880 0.174647 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:29.394926 0.425999 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:29.821294 0.162123 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:29.983803 0.300437 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:30.284709 0.087241 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:30.372421 0.249877 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:30.622704 0.141109 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:30.764228 0.055066 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:30.819700 0.383852 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:31.204019 0.065216 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:31.269636 0.000000 udp 10.0.2.109 3683 -> 93.198.203.115 8279 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 03:24:48.170449 0.070184 tcp 10.0.2.109 49182 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:24:48.240969 0.065912 tcp 10.0.2.109 49183 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:24:48.307197 0.160320 tcp 10.0.2.109 49184 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:24:48.468070 0.148317 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:24:48.616802 0.000000 udp 10.0.2.109 3683 -> 109.182.78.232 1381 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 03:25:06.867266 0.066491 tcp 10.0.2.109 49185 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:25:06.933648 0.068691 tcp 10.0.2.109 49186 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:25:07.002594 0.203415 tcp 10.0.2.109 49187 -> 195.113.214.211 443 SRPA* 0 0 46 40992 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:25:07.206852 0.357985 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:25:07.565258 0.143015 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:25:07.708699 0.114029 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:25:07.823177 0.000000 udp 10.0.2.109 3683 -> 125.113.183.154 7687 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 03:25:19.978200 3.002337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 03:25:25.063736 0.067071 tcp 10.0.2.109 49188 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:25:25.132000 0.068699 tcp 10.0.2.109 49189 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:25:25.201064 0.169613 tcp 10.0.2.109 49190 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:25:25.371198 0.171812 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:25:25.543392 0.046998 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:25:25.590782 0.045714 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:25:25.636902 0.313507 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:25:26.985580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:25:34.987176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:25:50.990055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:26:22.996735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:31:22.146791 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 03:31:22.146903 2.370826 tcp 10.0.2.109 49191 -> 27.251.231.18 9791 FSPA* 0 0 14 1606 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:32:27.002119 3.001538 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 03:32:34.009678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:32:42.011146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:32:58.014021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:33:30.019845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:39:34.026281 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 03:39:41.033494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:39:49.035251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:40:05.038021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:40:37.044010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:46:41.050676 3.001093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 03:46:48.057492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:46:56.059079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:47:12.061983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:47:44.068492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:53:48.073792 3.001799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 03:53:55.081349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:54:03.083183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:54:19.086373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:54:51.092442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 03:55:30.879701 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 03:55:30.879896 0.000000 udp 10.0.2.109 3683 -> 93.198.203.115 8279 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 03:55:49.628339 0.070680 tcp 10.0.2.109 49192 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:55:49.699281 0.065996 tcp 10.0.2.109 49193 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:55:49.765579 0.161024 tcp 10.0.2.109 49194 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:55:49.927244 0.000000 udp 10.0.2.109 3683 -> 109.182.78.232 1381 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 03:56:08.794491 0.066917 tcp 10.0.2.109 49195 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:56:08.861684 0.069373 tcp 10.0.2.109 49196 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:56:08.931271 0.165075 tcp 10.0.2.109 49197 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:56:09.096866 0.000000 udp 10.0.2.109 3683 -> 125.113.183.154 7687 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 03:56:26.309583 0.066879 tcp 10.0.2.109 49198 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:56:26.376748 0.069222 tcp 10.0.2.109 49199 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:56:26.446249 0.164162 tcp 10.0.2.109 49200 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:56:26.610901 0.328192 udp 10.0.2.109 3683 <-> 94.66.120.225 2306 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:26.939548 0.087379 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:27.027328 0.066330 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:27.094132 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 03:56:43.623957 0.066844 tcp 10.0.2.109 49201 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:56:43.691072 0.068753 tcp 10.0.2.109 49202 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:56:43.760103 0.163403 tcp 10.0.2.109 49203 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/30 03:56:43.924196 0.047835 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:43.972488 0.062146 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.035124 0.064105 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.099641 0.087386 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.187482 0.034773 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.222661 0.050626 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.273690 0.029151 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.303320 0.146198 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.449952 0.059107 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.509477 0.340874 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.850841 0.071196 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:44.922570 0.209006 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:45.132005 0.155263 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:45.287699 0.323907 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:45.612029 0.186481 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:45.798918 0.425154 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:46.224517 0.425086 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:46.650019 0.279753 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:46.930229 0.144306 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:47.075068 0.057725 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:47.133221 0.348630 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:47.482390 0.158791 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:47.641664 0.085139 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:47.727232 0.379261 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:48.106920 0.054473 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:48.161827 0.147216 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:48.309508 0.163420 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:48.473385 0.376173 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:48.849979 0.126342 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:48.976778 0.046022 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:49.023316 0.241736 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:49.265497 0.046328 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/30 03:56:49.312262 0.310122 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:00:55.098536 3.001321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 04:01:02.105697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:01:10.107042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:01:24.518007 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 04:01:24.518105 2.121268 tcp 10.0.2.109 49204 -> 27.251.231.18 9791 FSPA* 0 0 15 1624 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:01:26.110110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:01:58.115980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:08:12.139022 2.998890 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 04:08:19.143834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:08:27.577890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:08:43.386254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:09:15.164932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:15:19.238728 3.003612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 04:15:26.247831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:15:34.249438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:15:50.252251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:16:22.258693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:22:26.264740 3.011937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 04:22:33.281752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:22:41.283269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:22:57.286463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:23:29.292402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:27:11.621971 0.000275 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 04:27:11.622349 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 04:27:27.116417 0.066929 tcp 10.0.2.109 49205 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:27:27.183642 0.068079 tcp 10.0.2.109 49206 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:27:27.252045 0.163252 tcp 10.0.2.109 49207 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:27:27.415963 0.000000 udp 10.0.2.109 3683 -> 94.66.120.225 2306 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 04:27:44.019477 0.065849 tcp 10.0.2.109 49208 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:27:44.085655 0.067664 tcp 10.0.2.109 49209 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:27:44.153639 0.163871 tcp 10.0.2.109 49210 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:27:44.318053 0.074007 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.392478 0.065095 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.458001 0.048904 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.507401 0.057783 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.565647 0.063033 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.629181 0.086608 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.716168 0.036023 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.752640 0.051249 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.804279 0.029159 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.833871 0.147645 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:44.981893 0.060354 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:45.042714 0.339282 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:45.382411 0.280447 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:45.663348 0.211074 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:45.663710 3.001560 tcp 10.0.2.109 49211 -> 81.149.70.189 4846 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 04:27:45.874782 0.156406 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:46.031661 0.349210 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:46.381267 0.179005 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:46.560666 0.431738 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:46.992923 0.422726 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:47.416053 0.053245 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:47.469727 0.356818 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:47.827028 0.158885 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:47.986386 0.221232 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:48.208001 0.139548 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:48.347903 0.095474 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:48.443768 0.378041 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:48.822397 0.056053 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:48.878913 0.145926 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:49.025256 0.151452 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:49.177109 0.050241 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:49.227809 0.166251 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:49.394498 0.041104 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:27:49.436102 0.000000 udp 10.0.2.109 3683 -> 1.170.170.56 3786 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 04:27:54.674120 0.000000 tcp 10.0.2.109 49211 -> 81.149.70.189 4846 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 04:28:05.109695 0.067062 tcp 10.0.2.109 49212 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:28:05.177073 0.067352 tcp 10.0.2.109 49213 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:28:05.244739 0.167212 tcp 10.0.2.109 49214 -> 195.113.214.211 443 SRPA* 0 0 48 37350 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:28:05.412569 0.114303 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:28:05.527296 0.272967 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:29:33.299615 3.000390 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 04:29:40.306163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:29:48.307212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:30:04.310166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:30:36.316429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:31:26.639184 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 04:31:26.639297 1.990721 tcp 10.0.2.109 49215 -> 27.251.231.18 9791 FSPA* 0 0 14 1614 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:36:40.322773 3.001176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 04:36:47.329560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:36:55.331172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:37:11.334635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:37:43.340519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:43:47.347806 3.000057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 04:43:54.353695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:44:02.355396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:44:18.358501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:44:50.364575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:51:54.377085 3.001316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 04:52:01.384141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:52:09.385773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:52:25.388620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:52:57.394617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:58:34.409361 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 04:58:34.409578 0.000000 udp 10.0.2.109 3683 -> 94.66.120.225 2306 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 04:58:50.323647 0.045195 tcp 10.0.2.109 49216 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:58:50.369097 0.056898 tcp 10.0.2.109 49217 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:58:50.426286 0.168731 tcp 10.0.2.109 49218 -> 195.113.214.211 443 SRPA* 0 0 24 14016 flow=From-Botnet-V1-TCP-Established 1970/01/30 04:58:50.595533 0.402310 udp 10.0.2.109 3683 <-> 1.170.170.56 3786 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:50.998294 0.066013 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.064840 0.052542 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.065234 3.002177 tcp 10.0.2.109 49219 -> 86.161.161.197 4544 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 04:58:51.117824 0.063985 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.182325 0.065636 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.248415 0.091771 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.340639 0.038939 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.380025 0.050024 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.430471 0.032497 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.463439 0.077716 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.541527 0.351033 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.893033 0.076693 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:51.970111 0.213743 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:52.184352 0.065806 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:52.250536 0.149526 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:52.400462 0.178681 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:52.579592 0.368306 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:52.948330 0.152918 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:53.101705 0.347339 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:53.449403 0.424478 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:53.874494 0.452979 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:54.327891 0.059216 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:54.387533 0.196149 udp 10.0.2.109 3683 <-> 14.96.186.174 1405 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:54.584054 0.144132 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:54.728691 0.835913 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:55.565021 0.381703 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:55.947147 0.056475 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:56.004096 0.171528 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:56.176075 0.172027 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:56.348547 0.040569 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:56.389505 0.158379 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:56.548334 0.136982 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:56.685780 0.048004 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:56.734162 0.126329 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:58:56.860931 0.252433 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/30 04:59:00.066445 0.000000 tcp 10.0.2.109 49219 -> 86.161.161.197 4544 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 04:59:22.401390 3.001107 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 04:59:29.408561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:59:37.409536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 04:59:53.412742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:00:25.418932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:01:28.630019 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 05:01:28.630323 1.786254 tcp 10.0.2.109 49220 -> 27.251.231.18 9791 FSPA* 0 0 14 1552 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:06:29.425035 3.001637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 05:06:36.431982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:06:44.433391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:07:00.436594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:07:32.446701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:13:36.449376 3.001013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 05:13:43.466119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:13:51.467613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:14:07.470014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:14:39.476844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:20:43.482526 3.002041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 05:20:50.489959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:20:58.491015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:21:14.494400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:21:46.500791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:27:50.506006 3.002540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 05:27:57.513936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:28:05.515533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:28:21.518633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:28:53.524690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:29:18.030213 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 05:29:18.030415 0.000000 udp 10.0.2.109 3683 -> 1.170.170.56 3786 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 05:29:36.648960 0.067762 tcp 10.0.2.109 49221 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:29:36.716992 0.046288 tcp 10.0.2.109 49222 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:29:36.763632 0.155411 tcp 10.0.2.109 49223 -> 195.113.214.211 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:29:36.919704 0.067285 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:36.987534 0.051722 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:36.987894 3.003098 tcp 10.0.2.109 49224 -> 86.161.161.197 4544 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 05:29:37.039687 0.000000 udp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 05:29:45.990229 0.000000 tcp 10.0.2.109 49224 -> 86.161.161.197 4544 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 05:29:55.043789 0.066997 tcp 10.0.2.109 49225 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:29:55.111121 0.045229 tcp 10.0.2.109 49226 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:29:55.156704 0.166547 tcp 10.0.2.109 49227 -> 195.113.214.211 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:29:55.323818 0.066988 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:55.391242 0.109555 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:55.501245 0.034469 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:55.536091 0.049942 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:55.586488 0.029573 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:55.616500 0.084009 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:55.700926 0.220989 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:55.922353 0.057712 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:55.980582 0.144398 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:56.125409 0.184264 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:56.310270 0.347071 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:56.657840 0.076451 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:56.734693 0.352851 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:57.087914 0.152672 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:57.241004 0.342009 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:57.583399 0.058193 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:29:57.642251 0.000000 udp 10.0.2.109 3683 -> 14.96.186.174 1405 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 05:30:15.273139 0.068094 tcp 10.0.2.109 49228 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:30:15.341605 0.067995 tcp 10.0.2.109 49229 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:30:15.409890 0.171947 tcp 10.0.2.109 49230 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:30:15.582511 0.421733 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:16.004716 0.459485 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:16.005042 3.002576 tcp 10.0.2.109 49231 -> 203.45.157.34 8724 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 05:30:16.464621 0.143345 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:16.608404 0.085266 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:16.694094 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 05:30:25.006434 0.000000 tcp 10.0.2.109 49231 -> 203.45.157.34 8724 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 05:30:32.016845 0.065460 tcp 10.0.2.109 49232 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:30:32.082598 0.068580 tcp 10.0.2.109 49233 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:30:32.151458 0.159492 tcp 10.0.2.109 49234 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:30:32.311669 0.059771 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:32.371811 0.161310 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:32.533579 0.192820 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:32.726784 0.043734 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:32.770875 0.047740 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:32.819053 0.114304 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:32.933791 0.333751 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:33.267921 0.157139 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:30:33.425547 0.140224 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/30 05:31:30.420681 2.040833 tcp 10.0.2.109 49235 -> 27.251.231.18 9791 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/01/30 05:34:57.530426 3.002005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 05:35:04.538015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:35:12.539440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:35:28.541947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:36:00.548681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:42:04.555341 3.001264 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 05:42:11.561804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:42:19.563507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:42:35.566598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:43:07.572046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:49:11.578657 3.001355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 05:49:18.585473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:49:26.587325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:49:42.590617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:50:14.597052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:56:18.601976 3.002804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 05:56:25.609771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:56:33.611447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:56:49.614501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 05:57:21.620695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:01:01.527031 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 06:01:01.527153 0.000000 udp 10.0.2.109 3683 -> 1.170.170.56 3786 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 06:01:17.872147 0.068602 tcp 10.0.2.109 49236 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:17.941029 0.067160 tcp 10.0.2.109 49237 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:18.008481 0.164552 tcp 10.0.2.109 49238 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:18.173558 0.091389 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:18.265460 0.000000 udp 10.0.2.109 3683 -> 14.96.186.174 1405 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 06:01:18.266000 2.998939 tcp 10.0.2.109 49239 -> 81.149.140.243 1095 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 06:01:27.273530 0.000000 tcp 10.0.2.109 49239 -> 81.149.140.243 1095 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 06:01:32.461450 2.053624 tcp 10.0.2.109 49240 -> 27.251.231.18 9791 FSPA* 0 0 14 1511 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:34.214625 0.068849 tcp 10.0.2.109 49241 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:34.283333 0.066982 tcp 10.0.2.109 49242 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:34.350634 0.176552 tcp 10.0.2.109 49243 -> 195.113.214.211 443 SRPA* 0 0 51 42184 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:34.527761 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 06:01:50.287439 0.066721 tcp 10.0.2.109 49244 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:50.354467 0.068289 tcp 10.0.2.109 49245 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:50.423155 0.161020 tcp 10.0.2.109 49246 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:01:50.584727 0.062312 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:50.647645 0.055315 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:50.648175 3.003268 tcp 10.0.2.109 49247 -> 86.161.161.197 4544 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 06:01:50.703351 0.049774 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:50.753586 0.029231 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:50.783259 0.087568 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:50.871234 0.216889 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:51.088547 0.036580 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:51.125568 0.104392 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:51.230433 0.063877 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:51.294718 0.356749 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:51.651846 0.075400 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:51.727632 0.182848 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:51.910910 0.147649 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:52.059115 0.061567 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:52.121086 0.355188 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:52.476719 0.352802 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:52.829885 0.155845 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:52.986335 0.058615 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:53.045302 0.083724 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:53.129446 0.565965 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:01:53.695827 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 06:01:59.650078 0.000000 tcp 10.0.2.109 49247 -> 86.161.161.197 4544 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 06:02:09.045487 0.044809 tcp 10.0.2.109 49248 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:02:09.090633 0.068114 tcp 10.0.2.109 49249 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:02:09.159088 0.153604 tcp 10.0.2.109 49250 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:02:09.313373 0.144236 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:02:09.457962 0.056164 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:02:09.514556 0.161033 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:02:09.676021 0.168839 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:02:09.845329 0.041544 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:02:09.887256 0.048104 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:02:09.935753 0.114064 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:02:10.050386 0.139158 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:02:10.190015 0.246343 udp 10.0.2.109 3683 <-> 99.186.18.66 4605 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:02:10.436746 0.147197 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:03:25.626598 3.001826 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 06:03:32.633970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:03:40.635512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:03:56.637855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:04:28.644575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:10:32.650449 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 06:10:39.657327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:10:47.659364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:11:03.662547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:11:35.668778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:17:39.673493 3.002940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 06:17:46.681772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:17:54.683243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:18:10.686241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:18:42.692235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:24:46.699676 3.000344 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 06:24:53.705752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:25:01.707686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:25:17.710092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:25:49.716631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:31:34.522438 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 06:31:34.522655 2.131869 tcp 10.0.2.109 49251 -> 27.251.231.18 9791 FSPA* 0 0 14 1702 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:31:53.723815 3.000030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 06:32:00.729774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:32:08.731240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:32:24.735000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:32:26.565846 0.452068 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.018654 0.097568 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.019276 3.002650 tcp 10.0.2.109 49252 -> 175.195.224.65 4091 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 06:32:27.116675 0.052834 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.169964 0.051606 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.221941 0.031372 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.253748 0.077739 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.331850 0.212670 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.545008 0.035245 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.692916 0.090726 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.784028 0.065041 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.849476 0.071683 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:27.921598 0.345327 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:28.267361 0.183057 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:28.450782 0.147244 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:28.598431 0.059947 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:28.658840 0.363881 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:29.023187 0.318591 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:29.342236 0.086507 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:29.429218 0.423693 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:29.853264 0.158041 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:30.011733 0.347404 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:30.359542 0.058641 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:30.418630 0.140648 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:30.559726 0.057385 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:30.617564 0.159160 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:30.777122 0.171220 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:30.948707 0.046256 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:30.995418 0.048623 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:31.044488 0.130691 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:31.175571 0.155426 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:31.331444 0.000000 udp 10.0.2.109 3683 -> 99.186.18.66 4605 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 06:32:31.373811 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 06:32:36.019878 0.000000 tcp 10.0.2.109 49252 -> 175.195.224.65 4091 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 06:32:50.252433 0.045275 tcp 10.0.2.109 49253 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:32:50.298279 0.070355 tcp 10.0.2.109 49254 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:32:50.368926 0.189777 tcp 10.0.2.109 49255 -> 195.113.214.211 443 SRPA* 0 0 40 35154 flow=From-Botnet-V1-TCP-Established 1970/01/30 06:32:50.559754 0.147847 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/30 06:32:50.708992 2.986757 tcp 10.0.2.109 49256 -> 65.94.151.44 1440 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 06:32:56.740760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:32:59.694838 0.000000 tcp 10.0.2.109 49256 -> 65.94.151.44 1440 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/30 06:39:00.746414 3.001410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 06:39:07.753509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:39:15.755286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:39:31.757728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:40:03.764525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:46:07.770662 3.000946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 06:46:14.777960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:46:22.779210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:46:38.782405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:47:10.788469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:53:14.795213 3.000735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 06:53:21.801869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:53:29.803103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:53:45.806053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 06:54:17.812299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:00:21.818292 3.001598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 07:00:28.825578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:00:36.827328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:00:52.830325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:01:24.836684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:01:36.653659 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 07:01:36.653761 1.777052 tcp 10.0.2.109 49257 -> 27.251.231.18 9791 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:02:59.703032 0.000126 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 07:02:59.703261 0.000000 udp 10.0.2.109 3683 -> 99.186.18.66 4605 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 07:03:16.488372 0.046021 tcp 10.0.2.109 49258 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:03:16.534672 0.067330 tcp 10.0.2.109 49259 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:03:16.602455 0.164199 tcp 10.0.2.109 49260 -> 195.113.214.211 443 SRPA* 0 0 60 39380 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:03:16.767503 0.000000 rtcp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 07:03:32.680339 0.068224 tcp 10.0.2.109 49261 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:03:32.748847 0.071428 tcp 10.0.2.109 49262 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:03:32.820533 0.167689 tcp 10.0.2.109 49263 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:03:32.988725 0.052521 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:33.041630 0.050217 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:33.092250 0.032102 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:33.124824 0.080600 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:33.125172 3.528241 tcp 10.0.2.109 49264 -> 94.155.230.34 3712 FSPA* 0 0 1183 663752 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:03:33.205862 0.210112 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:33.416390 1.341077 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:34.757865 0.087724 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:34.846036 0.063600 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:34.910075 0.068787 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:34.979305 0.370968 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:35.350739 0.149503 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:35.500706 0.063432 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:35.564533 0.339422 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:35.904401 0.184725 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:36.620087 0.079394 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:36.699900 0.616693 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:37.317061 0.323962 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:37.641414 0.491898 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:38.133752 0.357760 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:38.491924 0.060905 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:38.553289 0.144051 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:38.697753 0.057457 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:38.755683 0.160951 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:38.917038 0.168559 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 591 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:39.101896 0.156902 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:39.259246 0.145025 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:39.404684 0.000000 udp 10.0.2.109 3683 -> 85.238.114.228 8515 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 07:03:45.895376 0.000000 udp 10.0.2.109 3683 <- 85.238.114.228 8515 RSP 0 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 07:03:45.895816 0.047017 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:45.943252 0.126435 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:03:46.070154 0.148394 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:07:28.842355 3.001087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 07:07:35.849402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:07:43.851140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:07:59.854145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:08:31.860130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:14:35.867032 3.000655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 07:14:42.873584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:14:50.875068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:15:06.878585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:15:38.883963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:21:42.890092 3.001704 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 07:21:49.897548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:21:57.899020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:22:13.901828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:22:45.907969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:28:49.915575 3.000171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 07:28:56.921586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:29:04.923174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:29:20.926132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:29:52.932547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:31:38.434286 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 07:31:38.434527 1.872161 tcp 10.0.2.109 49265 -> 27.251.231.18 9791 FSPA* 0 0 14 1540 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:33:47.409356 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 07:33:47.409476 0.000000 udp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 07:34:03.844895 0.068172 tcp 10.0.2.109 49266 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:34:03.913324 0.071005 tcp 10.0.2.109 49267 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:34:03.984638 0.161723 tcp 10.0.2.109 49268 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:34:04.146878 0.029062 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:04.176355 0.079922 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:04.256724 0.212070 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:04.469159 0.055572 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:04.525126 0.051901 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:04.577393 2.280581 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:06.858511 0.085301 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:06.944255 0.064962 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:07.009687 0.068127 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:07.078249 0.309536 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:07.388241 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 07:34:23.151062 0.067370 tcp 10.0.2.109 49269 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:34:23.218719 0.068589 tcp 10.0.2.109 49270 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:34:23.287608 0.160398 tcp 10.0.2.109 49271 -> 195.113.214.211 443 SRPA* 0 0 39 19020 flow=From-Botnet-V1-TCP-Established 1970/01/30 07:34:23.448547 0.147492 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:23.596469 0.058625 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:23.655476 0.183495 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:23.839383 0.079190 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:23.918956 0.074074 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:23.993493 0.422150 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:24.416085 0.335245 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:24.751749 0.343165 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:25.095367 0.060244 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:25.156165 0.145308 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:25.301859 0.058343 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:25.360578 0.159964 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:25.520998 0.167955 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:25.689369 0.155253 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:25.845001 0.561660 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:26.407115 0.114027 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:26.521540 0.147979 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:26.669904 0.048836 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:34:26.719303 0.047254 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/30 07:35:56.938018 3.001739 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 07:36:03.945655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:36:11.947259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:36:27.949884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:36:59.956107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:43:03.962602 3.026107 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 07:43:10.980359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:43:18.980428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:43:34.983933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:44:06.990021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:51:26.003287 3.002623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 07:51:33.011531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:51:41.012986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:51:57.016594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:52:29.021729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:58:58.033213 3.002434 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 07:59:05.041146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:59:13.042631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 07:59:29.045515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:00:01.051568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:01:40.315187 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 08:01:40.315299 1.833228 tcp 10.0.2.109 49272 -> 27.251.231.18 9791 FSPA* 0 0 14 1630 flow=From-Botnet-V1-TCP-Established 1970/01/30 08:04:50.498137 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 08:04:50.498306 0.337642 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:50.836327 0.212580 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.049335 0.058119 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.107844 0.048709 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.156952 0.031442 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.188856 0.082908 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.279844 0.036103 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.316385 0.086587 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.403394 0.067446 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.471287 0.063720 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.535373 0.306975 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:51.842704 0.177773 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:52.020911 0.087175 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:52.108508 0.152373 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:52.261272 0.062023 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:52.323758 0.081276 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:52.405397 0.422746 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:52.828547 0.354581 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:53.183550 0.335931 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:53.519852 0.054683 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:53.574938 0.145738 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:53.721047 0.057463 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:53.778934 0.155605 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:53.934996 0.231016 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:54.166449 0.155955 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:54.322860 0.141650 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:54.465000 2.555550 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:57.021045 0.048935 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:57.070434 0.196707 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:04:57.267556 0.138838 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:06:05.057322 3.002116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 08:06:12.065205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:06:20.066885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:06:36.069532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:07:08.075906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:13:12.082616 3.000387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 08:13:19.088909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:13:27.090303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:13:43.093626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:14:15.099390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:20:19.115864 3.001668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 08:20:26.123271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:20:34.124811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:20:50.127802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:21:22.133543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:27:26.140086 3.001180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 08:27:33.147041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:27:41.148859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:27:57.151547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:28:29.157587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:31:42.155828 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 08:31:42.155947 1.787596 tcp 10.0.2.109 49273 -> 27.251.231.18 9791 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/01/30 08:34:33.164291 3.000862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 08:34:40.171253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:34:48.172793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:35:04.175611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:35:17.475255 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 08:35:17.475428 0.342307 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:17.818168 0.209847 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.028413 0.053221 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.082098 0.050800 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.133336 0.029524 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.163290 0.101126 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.264930 0.035609 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.300964 0.082098 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.383507 0.069493 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.453406 0.064620 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.518543 0.311799 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:18.830835 0.177911 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:19.009145 0.077820 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:19.087388 0.150050 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:19.237921 0.059914 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:19.298297 0.075007 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:19.373797 0.424920 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:19.799145 0.054530 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:19.854301 0.138714 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:19.993462 0.066337 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:20.060192 0.159959 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:20.220567 0.323325 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:20.544396 0.338730 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:20.883617 0.169180 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:21.053192 0.155780 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:21.209440 0.145540 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:21.355480 0.138225 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:21.494236 0.126252 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:21.620903 0.067592 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:21.688919 0.045010 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/30 08:35:36.181772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:41:40.187848 3.001419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 08:41:47.194692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:41:55.196581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:42:11.199601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:42:43.205646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:48:47.211886 3.001452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 08:48:54.219013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:49:02.220801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:49:18.223576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:49:50.229296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:55:54.236451 3.000801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 08:56:01.242792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:56:09.244866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:56:25.247991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 08:56:57.253400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:01:43.946326 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 09:01:43.946441 1.889097 tcp 10.0.2.109 49274 -> 27.251.231.18 9791 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/01/30 09:03:01.259004 3.001932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 09:03:08.266888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:03:16.268212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:03:32.271480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:04:04.277370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:05:27.747619 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 09:05:27.747719 0.347573 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.095736 0.212364 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.308511 0.055718 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.364659 0.050130 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.415213 0.028981 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.444594 0.082678 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.527733 0.036770 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.564955 0.086923 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.652352 0.065991 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.718727 0.064148 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:28.783308 0.312602 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:29.096287 0.183754 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:29.280442 0.094064 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:29.374965 0.152088 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:29.527447 0.062648 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:29.590528 0.086657 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:29.678970 0.422823 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:30.102413 0.057382 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:30.160242 0.156806 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:30.317521 0.400125 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:30.718115 0.364417 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:31.082932 0.143309 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:31.226730 0.068614 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:31.295722 0.169065 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:31.465176 0.154792 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:31.620372 0.146558 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:31.767354 0.143171 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:31.910937 0.114552 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:32.025937 0.047878 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:05:32.074252 0.046444 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:10:08.283873 3.001262 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 09:10:15.291111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:10:23.292716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:10:39.295704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:11:11.301277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:17:15.307728 3.001366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 09:17:22.314816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:17:30.316308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:17:46.319249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:18:18.325211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:24:22.331572 3.001256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 09:24:29.338836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:24:37.340778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:24:53.343311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:25:25.349263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:31:29.356597 3.000447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 09:31:36.362627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:31:44.363944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:31:45.836996 0.025687 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 09:31:45.862798 1.892289 tcp 10.0.2.109 49275 -> 27.251.231.18 9791 FSPA* 0 0 14 1622 flow=From-Botnet-V1-TCP-Established 1970/01/30 09:32:00.367151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:32:32.373214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:35:54.624370 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 09:35:54.624526 0.347519 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:54.972428 0.217059 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.189972 0.055435 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.245808 0.049869 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.296074 0.029341 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.325835 0.079530 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.405759 0.052920 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.459063 0.085606 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.545086 0.067975 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.613509 0.065104 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.679026 0.313867 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:55.993351 0.178843 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:56.172596 0.084865 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:56.257896 0.148325 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:56.406602 0.062320 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:56.469323 0.073268 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:56.543079 0.156874 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:56.700347 0.330622 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:57.031370 0.420942 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:57.493281 0.060667 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:57.554435 0.368311 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:57.923143 0.144629 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:58.068130 0.067775 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:58.136316 0.170058 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:58.306792 0.152146 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:58.459360 0.140651 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:58.600368 0.141671 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:58.742536 0.040714 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:58.783670 0.126361 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:35:58.910460 0.047557 udp 10.0.2.109 3683 <-> 85.238.114.228 8515 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/30 09:38:36.379806 3.000973 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 09:38:43.386902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:38:51.388146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:39:07.390989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:39:39.396981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:45:43.402993 3.001965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 09:45:50.410842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:45:58.412020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:46:14.415295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:46:46.421332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:52:51.428496 3.002021 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 09:52:58.436059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:53:06.437558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:53:22.440817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:53:54.447038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 09:59:58.452393 3.002071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 10:00:05.459905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:00:13.460911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:00:29.464485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:01:01.470751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:01:47.747737 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 10:01:47.747857 1.839152 tcp 10.0.2.109 49276 -> 27.251.231.18 9791 FSPA* 0 0 14 1708 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:06:15.482411 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 10:06:15.482504 0.359951 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:15.842936 0.209798 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.053194 0.052841 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.106460 0.050778 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.157683 0.029343 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.187411 0.179899 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.367758 0.052674 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.420921 0.089044 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.510404 0.065839 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.576664 0.064978 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.642043 0.307392 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:16.949832 0.181321 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:17.131572 0.092257 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:17.224288 0.147949 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:17.372695 0.061970 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:17.435096 0.080678 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:17.516151 0.155832 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:17.672460 0.052116 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:17.724999 0.353796 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:18.079249 0.323106 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:18.402827 0.425346 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:18.828558 0.140562 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:18.969551 0.142729 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:19.112679 0.169243 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:19.282363 0.154486 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:19.437233 0.145698 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:19.583356 0.138598 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:19.722452 0.046460 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:19.769325 0.114584 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:06:19.884378 0.000000 udp 10.0.2.109 3683 -> 85.238.114.228 8515 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 10:06:37.555956 0.069819 tcp 10.0.2.109 49277 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:06:37.626038 0.070753 tcp 10.0.2.109 49278 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:06:37.697130 0.143236 tcp 10.0.2.109 49279 -> 195.113.214.211 443 SRPA* 0 0 65 53232 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:07:05.476776 3.000817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 10:07:12.484628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:07:20.485531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:07:36.488738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:08:08.494803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:14:12.500485 3.002012 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 10:14:19.507909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:14:27.509534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:14:43.512089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:15:15.518502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:21:19.524400 3.001975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 10:21:26.531907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:21:34.533408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:21:50.536712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:22:22.542340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:28:26.548654 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 10:28:33.555795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:28:41.557451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:28:57.560501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:29:29.566375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:31:49.588067 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 10:31:49.588271 1.895997 tcp 10.0.2.109 49280 -> 27.251.231.18 9791 FSPA* 0 0 15 1711 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:35:33.573222 3.000849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 10:35:40.579310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:35:48.581282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:36:04.584714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:36:36.590906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:36:51.151790 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 10:36:51.151979 0.000000 udp 10.0.2.109 3683 -> 85.238.114.228 8515 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 10:37:07.456637 0.067783 tcp 10.0.2.109 49281 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:37:07.524719 0.068080 tcp 10.0.2.109 49282 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:37:07.593113 0.160610 tcp 10.0.2.109 49283 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:37:07.754368 0.341006 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.095820 0.053866 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.150181 0.049652 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.200221 0.029188 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.229829 0.076240 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.306493 0.038125 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.345063 0.089415 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.434923 0.063502 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.498877 0.062991 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.562477 0.312956 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:08.875913 0.217686 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:09.094015 0.145625 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:09.240092 0.061832 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:09.302392 0.086338 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:09.389178 0.189813 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:09.579430 0.160716 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:09.740548 0.059427 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:09.800488 0.075136 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:09.876097 0.423712 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:10.300268 0.142979 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:10.443662 0.350603 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:10.794645 0.325665 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:11.120744 0.073831 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:11.194962 0.138477 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:11.333825 0.139694 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:11.473976 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 10:37:26.652879 0.068429 tcp 10.0.2.109 49284 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:37:26.721600 0.067295 tcp 10.0.2.109 49285 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:37:26.789167 0.167350 tcp 10.0.2.109 49286 -> 195.113.214.211 443 SRPA* 0 0 38 21716 flow=From-Botnet-V1-TCP-Established 1970/01/30 10:37:26.956995 0.126624 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:27.084068 0.155713 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:37:27.240189 0.171265 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/30 10:42:40.595605 3.002228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 10:42:47.603880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:42:55.605716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:43:11.608224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:43:43.614786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:49:47.620413 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 10:49:54.627677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:50:02.629240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:50:18.632696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:50:50.638611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:56:54.644551 3.001476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 10:57:01.651707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:57:09.653311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:57:25.656180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 10:57:57.662614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:01:51.489077 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 11:01:51.489226 1.807797 tcp 10.0.2.109 49287 -> 27.251.231.18 9791 FSPA* 0 0 14 1599 flow=From-Botnet-V1-TCP-Established 1970/01/30 11:04:01.668612 3.001269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 11:04:08.675782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:04:16.677300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:04:32.680914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:05:04.685862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:07:48.181772 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 11:07:48.181967 0.046653 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:48.229022 0.052789 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:48.282411 0.050786 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:48.333698 0.031396 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:48.365498 0.072813 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:48.438734 0.054983 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:48.494183 0.086185 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:48.580754 0.062191 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:48.643372 0.066185 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:48.709962 0.313539 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:49.023925 0.339341 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:49.363656 0.147068 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:49.511120 0.061190 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:49.572692 0.099784 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:49.672872 0.177852 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:49.851117 0.159956 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:50.011507 0.059536 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:50.071426 0.073593 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:50.145444 0.215550 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:50.361467 0.425200 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:50.787129 0.144843 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:50.932326 0.364262 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:51.297004 0.142957 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:51.440381 0.246724 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:51.687549 0.073071 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:51.761004 0.366385 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:52.127916 0.165225 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:52.293634 0.126402 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:07:52.420468 0.166625 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:11:08.692377 3.001432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 11:11:15.699613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:11:23.701363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:11:39.704504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:12:11.709625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:18:15.717350 3.000435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 11:18:22.723792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:18:30.725043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:18:46.728253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:19:18.734805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:25:22.740906 3.000922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 11:25:29.747828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:25:37.749015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:25:53.752417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:26:25.758695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:31:53.299581 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 11:31:53.299757 2.199902 tcp 10.0.2.109 49288 -> 27.251.231.18 9791 FSPA* 0 0 15 1724 flow=From-Botnet-V1-TCP-Established 1970/01/30 11:32:29.763766 3.001989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 11:32:36.771767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:32:44.773289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:33:00.776251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:33:32.781928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:38:10.742091 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 11:38:10.742266 0.040810 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:10.783498 0.053976 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:10.837886 0.050899 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:11.044125 0.031321 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:11.075850 0.075408 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:11.151726 0.036610 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:11.188732 0.089296 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:11.278488 0.065070 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:11.343962 0.065833 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:11.410211 0.311496 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:11.722136 0.336511 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:12.059066 0.148941 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:12.208412 0.059063 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:12.267890 0.077628 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:12.345935 0.178320 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:12.524694 0.078234 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:12.603363 0.222390 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:12.826133 0.422397 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:13.248898 0.143879 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:13.393141 0.158222 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:13.551774 0.056359 udp 10.0.2.109 3683 <-> 86.139.4.192 1084 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:13.608532 0.348968 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:13.957951 0.148538 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:14.106860 0.161854 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:14.269157 0.066875 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:14.336490 0.126603 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:14.463478 0.154193 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:14.618051 0.335904 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:38:14.954368 0.166102 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/30 11:39:36.789376 3.000527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 11:39:43.795443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:39:51.797133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:40:07.800087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:40:39.806278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:46:43.811687 3.002053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 11:46:50.819392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:46:58.821107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:47:14.823921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:47:46.830307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:53:50.836385 3.001367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 11:53:57.843511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:54:05.845257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:54:21.848129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 11:54:53.853967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:00:57.859790 3.001940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 12:01:04.867373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:01:12.868877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:01:28.871735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:01:55.440390 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:01:55.440534 1.715565 tcp 10.0.2.109 49289 -> 27.251.231.18 9791 FSPA* 0 0 14 1515 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:02:00.877715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:08:08.889800 3.001640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 12:08:15.897083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:08:20.393872 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:08:20.394037 0.045967 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:20.440377 0.054300 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:20.495075 0.049015 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:20.544521 0.029248 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:20.574389 0.073460 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:20.648248 3.423105 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:23.898492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:08:24.071963 0.087668 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:24.072474 0.033429 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 SPA_* 0 0 5 333 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:08:24.160067 0.068646 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:24.229230 0.062887 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:24.292531 0.313436 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:24.606544 0.354540 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:24.961519 0.146638 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:25.108608 0.060031 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:25.168998 0.077658 udp 10.0.2.109 3683 <-> 81.191.29.195 3454 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:25.247217 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 12:08:30.526868 4.007006 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:08:39.901772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:08:43.589195 0.067406 tcp 10.0.2.109 49291 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:08:43.656903 0.069278 tcp 10.0.2.109 49292 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:08:43.726536 0.174210 tcp 10.0.2.109 49293 -> 195.113.214.211 443 SRPA* 0 0 33 24737 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:08:43.901274 0.084959 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:43.986724 0.208377 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:44.195526 0.154691 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:08:44.270809 0.197298 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 1312 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:08:44.350649 0.000000 udp 10.0.2.109 3683 -> 86.139.4.192 1084 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 12:08:56.660929 0.195443 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 5 3410 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:09:00.551489 0.078038 tcp 10.0.2.109 49294 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:09:00.629878 0.068181 tcp 10.0.2.109 49295 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:09:00.698405 0.182372 tcp 10.0.2.109 49296 -> 195.113.214.211 443 SRPA* 0 0 21 13032 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:09:00.881344 0.357242 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:01.239028 0.422221 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:01.661702 0.142522 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:01.804641 0.143142 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:01.948196 0.136546 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:02.085197 0.060656 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:02.146325 0.126382 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:02.273165 0.156778 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:02.430537 0.326940 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:02.757921 0.236371 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:09:09.348890 3.430137 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4854 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:09:11.907966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:09:15.850533 0.203358 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:09:28.068484 0.203144 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:09:39.816453 3.476613 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:09:44.865193 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:09:46.342456 0.195062 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:09:56.246206 3.460120 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:10:09.079442 3.595627 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:10:14.719652 0.398755 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:10:23.794060 3.542442 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:10:30.624534 4.042324 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:10:31.872610 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:10:37.723876 0.407863 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 7 4722 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:10:49.193857 3.849381 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 18 14004 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:11:00.309928 3.989289 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:11:14.329848 0.194490 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 8 6224 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:11:30.073684 3.988348 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 8 3340 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:11:38.368035 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:11:41.175793 3.641972 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:11:48.165702 0.407380 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:12:06.599724 3.484510 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 16 12448 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:12:13.185543 3.558120 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:12:26.581480 3.320787 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 14 10892 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:12:31.364474 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:12:37.224019 3.643429 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:12:47.861435 3.812065 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:12:58.495410 3.533182 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:13:08.931266 3.893209 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:13:22.758574 0.200303 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 1428 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:13:38.907027 3.569554 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4958 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:13:49.788541 3.413986 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:13:54.864834 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:13:55.212938 4.540283 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 15 8050 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:14:01.703012 0.191965 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:14:08.122297 0.201658 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 788 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:14:14.546130 0.207696 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 8678 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:14:29.452801 3.826928 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 8 4592 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:14:40.402766 3.362365 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:14:45.367050 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:14:46.648771 0.400581 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:14:53.148072 0.200217 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 996 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:15:11.828626 3.481974 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 18 14564 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:15:15.914793 3.010755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 12:15:18.412480 3.797590 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:15:22.931075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:15:28.978484 3.846746 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:15:30.932815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:15:35.658438 0.201403 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:15:42.458336 3.376087 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:15:46.935828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:15:48.954602 3.479273 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:15:59.123531 0.199445 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 812 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:16:03.869917 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:16:08.639674 3.552664 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 13 10134 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:16:15.364271 3.817751 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:16:18.951690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:16:26.208284 3.529064 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:16:39.629986 3.746620 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:16:46.390245 0.201593 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:16:48.364162 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:17:05.255848 0.202564 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 1124 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:17:20.002069 3.492723 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 5262 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:17:26.721840 3.933036 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:17:37.084480 3.664525 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 13 10838 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:17:43.381966 3.625715 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:17:53.244447 0.194398 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 236 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:18:03.897779 3.509809 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 18 15324 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:18:13.883052 3.629107 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:18:18.863746 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:18:26.951061 0.194992 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 1044 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:18:34.181967 4.019878 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 5342 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:18:48.423283 0.193461 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 1396 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:19:05.547700 3.628943 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6492 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:19:10.368007 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:19:12.573357 0.398430 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:19:19.327116 0.203769 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 900 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:19:26.913278 3.594063 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 13 10046 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:19:33.899199 0.403436 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:19:41.639195 3.898957 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:19:52.899180 4.036092 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:20:04.219145 3.662051 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:20:11.169125 3.742149 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:20:16.372725 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:20:21.619756 0.201055 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 364 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:20:29.095087 0.406568 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 7 5914 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:20:44.729264 3.639826 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:20:51.794854 0.399783 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:20:59.490899 3.659707 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 9 4830 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:21:04.372062 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:21:06.424813 3.855877 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:21:13.235242 3.915313 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 15 10946 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:21:23.629437 3.726573 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 15 11370 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:21:34.446828 3.483853 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 8912 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:21:45.226912 3.889704 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 11 6386 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:21:56.230599 3.641223 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:22:03.170410 0.196606 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:22:18.596429 3.834289 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 14 6548 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:22:22.958436 3.000917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 12:22:23.365685 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:22:25.342392 3.730162 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 23 11378 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:22:29.965143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:22:31.912275 0.396196 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:22:37.966413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:22:38.941807 4.382504 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 6 3212 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:22:49.096319 4.020255 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 24 17232 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:22:53.969637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:22:55.966318 3.916029 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 23 11378 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:23:05.967196 3.585173 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 7236 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:23:16.027324 3.649733 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 16 12992 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:23:25.975667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:23:26.628854 3.232927 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:23:32.998363 0.398012 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:23:34.367656 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:23:40.374273 0.202727 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 5 3166 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:23:47.563972 3.377740 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6332 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:23:58.023885 0.408241 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 7 4722 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:24:13.423801 0.400737 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1676 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:24:21.058051 3.391795 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 10 6320 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:24:25.871849 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:24:27.648091 3.661522 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:24:34.244278 3.864800 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 12 7888 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:24:41.279376 0.195468 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 2 1284 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:24:48.268408 4.001195 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 23 20338 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:24:55.293606 3.375476 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 17 13950 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:25:01.723600 3.774487 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 20 17008 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:25:08.575638 0.208183 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 11 9282 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:25:14.788551 3.358919 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 11 9386 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:25:24.165479 0.401059 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 A_PA 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:25:31.875366 0.915878 tcp 10.0.2.109 49290 -> 77.23.25.163 5353 FPA_* 0 0 21 15716 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:29:29.982279 3.001793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 12:29:36.989218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:29:44.991086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:30:00.993579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:30:32.999523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:31:57.151081 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:31:57.151245 2.237425 tcp 10.0.2.109 49297 -> 27.251.231.18 9791 FSPA* 0 0 13 1627 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:36:37.006778 3.000438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 12:36:44.013145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:36:52.014746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:37:08.017957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:37:40.023805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:39:13.088005 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 12:39:13.088108 0.183373 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:13.271901 0.000000 udp 10.0.2.109 3683 -> 86.139.4.192 1084 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 12:39:29.222645 0.045075 tcp 10.0.2.109 49298 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:39:29.267955 0.092520 tcp 10.0.2.109 49299 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:39:29.360745 0.223629 tcp 10.0.2.109 49300 -> 195.113.214.211 443 SRPA* 0 0 34 23746 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:39:29.584949 0.029442 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:29.614883 0.076453 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:29.691723 0.049076 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:29.741312 0.054312 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:29.796031 0.046159 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:29.842610 0.207676 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:30.050784 0.306360 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:30.357576 0.335874 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:30.693865 0.000000 udp 10.0.2.109 3683 -> 77.23.25.163 9684 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 12:39:48.078293 0.070167 tcp 10.0.2.109 49301 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:39:48.148771 0.050400 tcp 10.0.2.109 49302 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:39:48.199541 0.169503 tcp 10.0.2.109 49303 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:39:48.369583 0.087089 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:48.457104 0.068389 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:48.526037 0.061450 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:48.587919 0.142469 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:39:48.730843 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 3454 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 12:40:05.102522 0.044340 tcp 10.0.2.109 49304 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:40:05.146766 0.047820 tcp 10.0.2.109 49305 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:40:05.194918 0.152539 tcp 10.0.2.109 49306 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/30 12:40:05.347944 0.081439 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:05.429759 0.212449 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:05.642614 0.160396 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:05.803408 0.354050 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:06.157895 0.423166 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:06.581540 0.143064 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:06.725079 0.147088 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:06.872590 0.126484 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:07.019126 0.157294 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:07.176833 0.322537 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:07.499815 0.327996 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:07.828259 0.054692 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:40:07.883387 0.170321 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 12:43:44.029596 3.002198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 12:43:51.037159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:43:59.038521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:44:15.041486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:44:47.047550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:51:54.053950 3.002042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 12:52:01.061846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:52:09.063168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:52:25.066169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:52:57.071938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:59:23.079434 3.001785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 12:59:30.087403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:59:38.088723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 12:59:54.091829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:00:26.097671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:01:59.392010 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 13:01:59.392207 1.773370 tcp 10.0.2.109 49307 -> 27.251.231.18 9791 FSPA* 0 0 15 1623 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:06:30.103659 3.001810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 13:06:37.111059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:06:45.112625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:07:01.115463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:07:33.121835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:10:36.275107 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 13:10:36.275205 3.236230 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:39.511879 0.000000 udp 10.0.2.109 3683 -> 81.191.29.195 3454 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 13:10:57.536824 0.045021 tcp 10.0.2.109 49308 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:10:57.582323 0.046346 tcp 10.0.2.109 49309 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:10:57.628684 0.141930 tcp 10.0.2.109 49310 -> 195.113.214.211 443 SRPA* 0 0 67 43193 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:10:57.770823 0.180524 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:57.951734 0.049603 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:58.001735 0.054669 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:58.056861 0.040976 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:58.098440 0.079226 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:58.178064 0.031526 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:58.210036 0.349584 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:58.560007 0.307954 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:58.868369 0.063418 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:58.932216 0.056826 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:58.989469 0.145917 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:59.135867 0.060862 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:59.197118 0.090723 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:59.288237 0.209662 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:59.498340 0.156493 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:59.655286 0.081449 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:10:59.737191 0.000000 udp 10.0.2.109 3683 -> 203.45.157.34 1089 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 13:11:17.614959 0.053644 tcp 10.0.2.109 49311 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:11:17.668950 0.045535 tcp 10.0.2.109 49312 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:11:17.714741 0.140677 tcp 10.0.2.109 49313 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:11:17.856085 0.141959 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:11:17.998502 0.143817 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:11:18.142815 0.349728 udp 10.0.2.109 3683 <-> 223.17.71.244 8575 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:11:18.492948 0.153078 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:11:18.646432 0.401891 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:11:19.048729 0.170589 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:11:19.219719 0.056363 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:11:19.276516 0.114595 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:11:19.391600 0.164802 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:13:37.127370 3.001978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 13:13:44.135080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:13:52.136593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:14:08.139588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:14:40.145790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:20:44.151158 3.002083 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 13:20:51.159115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:20:59.160642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:21:15.163437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:21:47.169588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:27:51.176996 3.000349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 13:27:58.182945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:28:06.184782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:28:22.187716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:28:54.193459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:32:01.173005 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 13:32:01.173180 1.742006 tcp 10.0.2.109 49314 -> 27.251.231.18 9791 FSPA* 0 0 14 1582 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:34:58.199737 3.001569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 13:35:05.207163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:35:13.208619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:35:29.211736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:36:01.217509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:41:25.994970 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 13:41:25.995090 0.424269 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:26.419792 3.358918 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:29.779122 0.185190 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:29.964693 0.046323 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:30.011411 0.175690 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:30.187537 0.030952 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:30.218946 0.337089 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:30.556491 0.309879 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:30.866737 0.053143 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:30.920287 0.049968 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:30.970654 0.059993 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:31.031070 0.065434 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:31.097052 0.091239 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:31.188788 0.210823 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:31.400035 0.156062 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:31.556508 0.077096 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:31.633976 0.065099 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:31.699558 0.144755 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:31.844763 0.000000 udp 10.0.2.109 3683 -> 223.17.71.244 8575 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 13:41:49.219575 0.050225 tcp 10.0.2.109 49315 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:41:49.270039 0.046819 tcp 10.0.2.109 49316 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:41:49.317191 0.149845 tcp 10.0.2.109 49317 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/30 13:41:49.467472 0.157119 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:49.625058 0.142082 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:49.767581 0.147327 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:49.915350 0.332159 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:50.247937 0.139100 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:50.387483 0.056158 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:50.444051 0.114179 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:41:50.558732 0.169142 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/30 13:42:05.223348 3.001872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 13:42:12.230879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:42:20.233421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:42:36.235577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:43:08.241342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:49:12.248590 3.000549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 13:49:19.255253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:49:27.256670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:49:43.259236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:50:15.265385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:56:19.270909 3.002375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 13:56:26.278901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:56:34.280672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:56:50.283303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 13:57:22.289561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:02:02.923039 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 14:02:02.923148 1.752169 tcp 10.0.2.109 49318 -> 27.251.231.18 9791 FSPA* 0 0 15 1630 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:03:26.296583 3.000441 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 14:03:33.302916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:03:41.304675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:03:57.307612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:04:29.313403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:10:33.320236 3.000415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 14:10:40.326828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:10:48.327819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:11:04.331318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:11:36.337599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:12:03.987515 0.000161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 14:12:03.987770 0.000000 udp 10.0.2.109 3683 -> 223.17.71.244 8575 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 14:12:22.726197 0.044443 tcp 10.0.2.109 49319 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:12:22.770986 0.045014 tcp 10.0.2.109 49320 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:12:22.816299 0.142390 tcp 10.0.2.109 49321 -> 195.113.214.211 443 SRPA* 0 0 42 35262 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:12:22.959496 0.000000 udp 10.0.2.109 3683 -> 203.45.157.34 1089 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 14:12:40.089568 0.043172 tcp 10.0.2.109 49322 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:12:40.132997 0.044870 tcp 10.0.2.109 49323 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:12:40.178172 0.140873 tcp 10.0.2.109 49324 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:12:40.319576 0.182696 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:12:40.502777 1.213277 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:12:41.716514 0.031381 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:12:41.748323 0.354193 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:12:42.102916 0.306160 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:12:42.409482 0.053988 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:12:42.463902 0.073023 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:12:42.537326 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 14:12:59.707927 0.043406 tcp 10.0.2.109 49325 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:12:59.751619 0.045678 tcp 10.0.2.109 49326 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:12:59.797638 0.142719 tcp 10.0.2.109 49327 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:12:59.941008 0.050109 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:12:59.991526 0.092348 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:00.084333 0.212771 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:00.297529 0.156927 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:00.454913 0.079340 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:00.534714 0.063335 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:00.598507 0.147414 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:00.746352 0.055634 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:00.802395 0.065107 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:00.867951 0.146597 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:01.014943 0.159451 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:01.174762 0.141757 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:01.316920 0.055548 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:01.372825 0.114132 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:01.487368 0.165618 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:01.653366 0.318985 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:13:01.972842 0.137684 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:17:40.343710 3.013153 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 14:17:47.360618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:17:55.362216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:18:11.365374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:18:43.371371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:24:47.377398 3.001498 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 14:24:54.384792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:25:02.386536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:25:18.389142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:25:50.395456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:31:54.401675 3.001333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 14:32:01.408646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:32:04.683609 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 14:32:04.683713 1.719753 tcp 10.0.2.109 49328 -> 27.251.231.18 9791 FSPA* 0 0 15 1739 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:32:09.410429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:32:25.413169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:32:57.419344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:39:01.425217 3.001684 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 14:39:08.432646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:39:16.434368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:39:32.437184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:40:04.443331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:43:26.243533 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 14:43:26.243704 0.418345 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:26.662494 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 14:43:41.717672 0.044954 tcp 10.0.2.109 49329 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:43:41.762914 0.044696 tcp 10.0.2.109 49330 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:43:41.808016 0.136705 tcp 10.0.2.109 49331 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/01/30 14:43:41.945532 0.178899 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:42.124814 0.039883 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:42.165124 0.031323 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:42.196888 0.054702 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:42.252095 0.088565 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:42.341089 0.337235 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:42.678722 0.404025 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:43.083161 0.050108 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:43.133733 0.084717 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:43.218806 0.221323 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:43.440559 0.155472 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:43.596460 0.080804 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:43.677658 0.062925 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:43.741081 0.145647 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:43.887134 0.058697 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:43.946303 0.063642 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:44.010473 0.140912 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:44.151778 0.054543 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:44.206753 0.126737 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:44.333914 0.164096 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:44.498447 0.342350 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:44.841187 0.143748 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:44.985309 0.160215 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:43:45.145936 0.145370 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/30 14:46:08.449349 3.001627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 14:46:15.456705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:46:23.457713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:46:39.461210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:47:11.467238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:53:15.473245 3.001971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 14:53:22.480755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:53:30.482066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:53:46.485209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 14:54:18.491031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:00:22.497860 3.000937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 15:00:29.504718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:00:37.506272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:00:53.508696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:01:25.515280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:02:06.404535 0.000182 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:02:06.404814 1.743091 tcp 10.0.2.109 49332 -> 27.251.231.18 9791 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/01/30 15:07:29.521158 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 15:07:36.528569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:07:44.529974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:08:00.532708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:08:32.538850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:14:11.066332 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:14:11.066516 0.413121 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:11.480094 0.031160 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:11.511732 0.047430 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:11.559549 0.080324 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:11.640344 0.353854 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:11.994618 0.179805 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:12.174791 0.036636 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:12.211814 0.408704 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:12.620939 0.049596 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:12.670954 0.093290 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:12.764677 0.210207 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:12.975342 0.159649 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:13.135500 0.073437 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:13.209346 0.061165 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:13.270933 0.147795 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:13.419098 0.057517 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:13.477063 0.064348 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:13.541830 0.142614 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:13.684814 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:14:30.105082 0.041769 tcp 10.0.2.109 49333 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/30 15:14:30.147143 0.042116 tcp 10.0.2.109 49334 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/30 15:14:30.189564 0.158489 tcp 10.0.2.109 49335 -> 195.113.214.211 443 SRPA* 0 0 80 78034 flow=From-Botnet-V1-TCP-Established 1970/01/30 15:14:30.349410 0.126630 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:30.476440 0.165904 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:30.642731 0.316363 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:30.959512 0.141863 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:31.101763 0.157737 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:31.259924 0.136321 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:14:36.545141 3.001815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 15:14:43.552818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:14:51.554160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:15:07.556999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:15:39.563265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:21:43.569191 3.001299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 15:21:50.576613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:21:58.577353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:22:14.580932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:22:46.587061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:28:50.592124 3.002793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 15:28:57.600523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:29:05.601612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:29:21.605060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:29:53.610659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:32:08.155112 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:32:08.155263 2.317197 tcp 10.0.2.109 49336 -> 27.251.231.18 9791 FSPA* 0 0 14 1557 flow=From-Botnet-V1-TCP-Established 1970/01/30 15:35:57.617423 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 15:36:04.624989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:36:12.625956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:36:28.628889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:37:00.635093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:43:04.641230 3.001641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 15:43:11.648279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:43:19.649254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:43:35.652921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:44:07.658896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:44:33.055919 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:44:33.056121 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:44:49.220813 0.062105 tcp 10.0.2.109 49337 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 15:44:49.283162 0.059154 tcp 10.0.2.109 49338 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 15:44:49.342616 0.163063 tcp 10.0.2.109 49339 -> 195.113.214.211 443 SRPA* 0 0 51 33778 flow=From-Botnet-V1-TCP-Established 1970/01/30 15:44:49.506544 4.289822 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1182 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:49.556922 3.856285 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 4 1076 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:49.639446 4.115888 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 4 1189 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:49.981048 4.800656 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 4 1165 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:50.508874 3.317799 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 4 1099 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:50.538740 3.325751 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 4 1156 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:50.574445 3.695106 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 4 1035 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:50.979079 3.853468 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1235 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:51.029469 3.982958 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1264 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:51.209781 4.023364 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 4 1179 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:51.425400 3.888363 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 4 1245 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:51.511475 3.858763 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 4 1047 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:51.572775 3.948597 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 4 1199 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:51.719414 3.859288 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 4 1144 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:51.778596 3.861993 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 4 1265 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:51.841831 3.940909 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 4 897 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:51.983102 4.852392 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 4 1139 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:52.059130 3.879764 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 4 1122 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:52.218658 4.069979 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 1309 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:52.567083 3.836064 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 4 1088 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:52.681679 3.893314 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 4 1117 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:52.846343 3.917430 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1119 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:52.992527 4.143489 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 4 986 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:53.136162 3.854118 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 4 1209 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:44:57.136623 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:45:02.457808 0.000000 udp 10.0.2.109 3683 -> 216.165.250.100 1730 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:45:11.420681 0.000000 udp 10.0.2.109 3683 -> 212.95.252.147 6485 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:45:19.342011 0.000000 udp 10.0.2.109 3683 -> 173.35.64.38 6733 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:45:26.011772 0.060704 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:45:26.086716 0.000000 udp 10.0.2.109 3683 -> 183.77.154.236 1611 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:45:33.071862 0.000000 udp 10.0.2.109 3683 -> 2.126.209.151 3129 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:45:37.868595 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:45:39.350845 0.000000 udp 10.0.2.109 3683 -> 81.134.103.32 2522 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:45:48.163646 0.000000 udp 10.0.2.109 3683 -> 79.210.1.68 5459 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:45:54.112051 0.000000 udp 10.0.2.109 3683 -> 99.229.198.110 5681 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:46:00.271036 0.000000 udp 10.0.2.109 3683 -> 186.6.32.65 2209 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:46:07.901905 0.000000 udp 10.0.2.109 3683 -> 82.41.217.110 5559 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:46:13.940849 0.000000 udp 10.0.2.109 3683 -> 87.69.26.136 9285 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:46:21.211044 0.000000 udp 10.0.2.109 3683 -> 186.178.100.101 1257 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:46:25.867423 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:46:28.381164 0.000000 udp 10.0.2.109 3683 -> 46.40.121.209 9833 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:46:34.330208 0.000000 udp 10.0.2.109 3683 -> 174.0.55.32 7269 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:46:41.230164 0.000000 udp 10.0.2.109 3683 -> 203.23.154.175 4370 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:46:46.598039 0.000000 udp 10.0.2.109 3683 -> 98.228.154.5 6748 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:46:55.119995 0.000000 udp 10.0.2.109 3683 -> 41.133.181.76 6976 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:47:03.131459 0.000000 udp 10.0.2.109 3683 -> 95.97.246.106 8768 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:47:11.413031 0.049982 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:47:11.463013 0.000000 icmp 87.138.128.192 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 311 flow=Background 1970/01/30 15:47:16.370007 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:47:20.215908 0.000000 udp 10.0.2.109 3683 -> 93.148.114.141 5036 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:47:29.048683 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:47:35.628287 0.000000 udp 10.0.2.109 3683 -> 24.218.244.74 9884 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:47:42.257725 0.000000 udp 10.0.2.109 3683 -> 92.54.159.72 4560 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:47:48.847091 0.000000 udp 10.0.2.109 3683 -> 198.254.92.88 9578 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:47:54.825569 0.000000 udp 10.0.2.109 3683 -> 24.103.120.69 3559 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:00.904099 0.078206 udp 10.0.2.109 3683 -> 62.219.143.195 9366 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:00.982305 0.000000 icmp 62.219.143.195 0x0303 -> 10.0.2.109 0x9624 URP 192 1 245 flow=Background 1970/01/30 15:48:05.871456 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:48:09.366641 0.000000 udp 10.0.2.109 3683 -> 151.84.80.40 6801 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:15.966308 0.000000 udp 10.0.2.109 3683 -> 172.129.52.12 3980 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:23.099853 0.000000 udp 10.0.2.109 3683 <- 172.129.52.12 3980 RSP 0 0 1 543 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:23.141294 0.000000 udp 10.0.2.109 3683 -> 41.104.144.242 1386 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:31.409160 0.000000 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:37.687274 0.000000 udp 10.0.2.109 3683 -> 90.217.177.223 7107 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:45.147929 0.000000 udp 10.0.2.109 3683 -> 68.188.6.110 8737 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:51.006725 0.000000 udp 10.0.2.109 3683 -> 98.203.97.224 9568 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:48:55.863262 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:48:56.373832 0.000000 udp 10.0.2.109 3683 -> 190.15.174.168 5509 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:49:04.635978 0.000000 udp 10.0.2.109 3683 -> 120.151.223.139 6680 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:49:13.038727 0.000000 udp 10.0.2.109 3683 -> 92.108.194.250 4330 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:49:21.319849 0.654730 udp 10.0.2.109 3683 <-> 172.129.107.149 3573 CON 0 0 2 735 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:49:22.215634 0.000000 udp 10.0.2.109 3683 -> 203.45.183.46 6330 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:49:29.732443 0.000000 udp 10.0.2.109 3683 -> 5.29.129.197 2090 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:49:36.131284 0.000000 udp 10.0.2.109 3683 -> 2.221.203.34 4796 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:49:40.868007 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:49:41.378772 0.000000 udp 10.0.2.109 3683 -> 97.100.49.217 6844 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:49:47.538622 0.000000 udp 10.0.2.109 3683 -> 5.99.208.97 8835 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:49:53.877079 0.000000 udp 10.0.2.109 3683 -> 66.76.12.254 7189 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:50:01.568246 0.000000 udp 10.0.2.109 3683 -> 83.27.181.173 8949 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:50:06.835479 0.000000 udp 10.0.2.109 3683 -> 202.128.21.92 8080 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:50:15.327521 0.000000 udp 10.0.2.109 3683 -> 103.4.238.11 8882 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:50:21.797084 0.000000 udp 10.0.2.109 3683 -> 2.171.72.241 7357 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:50:26.363396 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:50:30.119182 0.385976 udp 10.0.2.109 3683 <-> 70.50.200.57 6552 CON 0 0 2 758 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:50:30.557032 0.000000 udp 10.0.2.109 3683 -> 209.222.61.244 9231 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:50:36.227789 0.000000 udp 10.0.2.109 3683 -> 82.13.41.34 2627 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:50:41.905913 0.000000 udp 10.0.2.109 3683 -> 212.144.240.130 8994 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:50:48.545420 0.049998 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 657 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:50:48.722297 0.000000 udp 10.0.2.109 3683 -> 95.63.62.105 8747 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:50:55.845812 0.000000 udp 10.0.2.109 3683 -> 131.180.38.92 3114 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:51:03.126838 0.000000 udp 10.0.2.109 3683 -> 149.135.51.3 7073 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:51:10.857462 0.050050 udp 10.0.2.109 3683 <-> 87.153.122.151 4545 CON 0 0 2 847 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:51:11.058548 0.000000 udp 10.0.2.109 3683 -> 71.166.245.104 7615 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:51:15.363769 0.000156 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:51:18.739499 0.171898 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 745 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:51:19.278504 0.612605 udp 10.0.2.109 3683 <-> 190.246.43.69 1117 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:51:19.919834 0.000000 udp 10.0.2.109 3683 -> 209.34.25.227 1079 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:51:26.169732 0.000000 udp 10.0.2.109 3683 -> 86.156.248.116 2506 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:51:26.672414 3.001967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 15:51:33.680387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:51:34.891912 0.389549 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 710 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:51:35.368137 0.000000 udp 10.0.2.109 3683 -> 174.141.42.248 1355 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:51:41.181171 0.000000 udp 10.0.2.109 3683 -> 180.12.106.72 6930 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:51:41.681511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:51:47.279830 0.000000 udp 10.0.2.109 3683 -> 91.39.92.150 9714 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:51:55.732335 0.000000 udp 10.0.2.109 3683 -> 84.113.113.103 2357 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:51:57.684855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:52:00.368303 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:52:04.485072 0.000000 udp 10.0.2.109 3683 -> 111.235.148.26 4413 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:52:11.885475 0.000000 udp 10.0.2.109 3683 -> 81.27.123.106 4604 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:52:20.517605 0.000000 udp 10.0.2.109 3683 -> 94.10.81.136 6341 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:52:26.676818 0.048642 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 781 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:52:26.738067 0.166372 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 837 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:52:26.913099 0.000000 udp 10.0.2.109 3683 -> 220.255.226.46 3470 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:52:29.691197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:52:33.486818 0.040853 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 761 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:52:33.543210 0.041714 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:52:33.598164 0.046842 udp 10.0.2.109 3683 <-> 84.152.204.64 1251 CON 0 0 2 729 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:52:33.668182 0.000000 udp 10.0.2.109 3683 -> 24.230.57.160 9408 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:52:41.237632 0.000000 udp 10.0.2.109 3683 -> 68.58.168.52 8967 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:52:45.863652 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:52:47.085971 0.243148 udp 10.0.2.109 3683 <-> 189.153.144.45 5157 CON 0 0 2 747 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:52:47.340159 0.000000 udp 10.0.2.109 3683 -> 85.103.178.74 7167 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:52:54.045902 0.000000 udp 10.0.2.109 3683 -> 95.240.184.129 2287 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:52:59.453843 0.000000 udp 10.0.2.109 3683 -> 79.167.59.155 7566 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:53:07.395380 0.095184 udp 10.0.2.109 3683 <-> 188.29.127.51 9542 CON 0 0 2 710 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:53:07.500998 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:53:15.116089 0.000000 udp 10.0.2.109 3683 -> 125.2.83.168 4368 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:53:21.175320 0.000000 udp 10.0.2.109 3683 -> 86.155.122.65 8839 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:53:29.897520 0.000000 udp 10.0.2.109 3683 -> 112.170.171.174 1003 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:53:34.864641 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:53:35.285328 0.000000 udp 10.0.2.109 3683 -> 186.47.133.204 2696 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:53:43.697453 0.000000 udp 10.0.2.109 3683 -> 80.153.161.180 5887 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:53:51.508662 0.060033 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:53:51.590717 0.000000 udp 10.0.2.109 3683 -> 92.19.249.153 3009 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:53:57.407400 0.000000 udp 10.0.2.109 3683 -> 82.147.66.13 3871 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:54:04.887881 0.050044 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:54:04.952146 0.000000 udp 10.0.2.109 3683 -> 95.224.40.185 8276 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:54:13.300007 0.000000 udp 10.0.2.109 3683 -> 61.247.170.97 6830 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:54:19.037984 0.000000 udp 10.0.2.109 3683 -> 98.195.107.32 1189 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:54:23.864871 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:54:27.830930 0.000000 udp 10.0.2.109 3683 -> 136.204.224.170 6557 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:54:33.388894 0.175279 udp 10.0.2.109 3683 <-> 12.169.109.98 8406 CON 0 0 2 713 flow=From-Botnet-V1-UDP-Established 1970/01/30 15:54:33.574851 0.000000 udp 10.0.2.109 3683 -> 184.147.173.230 8865 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:54:41.509968 0.000000 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:54:49.983149 0.000000 udp 10.0.2.109 3683 -> 81.109.147.18 3206 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:54:56.992864 0.000000 udp 10.0.2.109 3683 -> 37.254.242.141 6549 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:55:05.245181 0.689607 udp 10.0.2.109 3683 -> 85.189.141.67 2894 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:55:05.934788 0.000000 icmp 85.189.141.67 0x0303 -> 10.0.2.109 0x4e0b URP 192 1 162 flow=Background 1970/01/30 15:55:09.871202 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 15:55:13.696806 0.000000 udp 10.0.2.109 3683 -> 186.137.144.130 7672 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:55:21.958567 0.000000 udp 10.0.2.109 3683 -> 184.98.27.249 9813 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:55:28.558170 0.000000 udp 10.0.2.109 3683 -> 94.212.51.230 3662 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:55:34.576868 0.000000 udp 10.0.2.109 3683 -> 93.42.161.244 5952 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 15:58:58.702962 3.001333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 15:59:05.709910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:59:13.711827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 15:59:29.715196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:00:01.720610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:02:10.475639 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 16:02:10.475821 1.726516 tcp 10.0.2.109 49340 -> 27.251.231.18 9791 FSPA* 0 0 14 1592 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:06:05.727027 3.000915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 16:06:12.734231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:06:20.735880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:06:36.738677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:07:08.744757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:13:12.751941 3.000070 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 16:13:19.767851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:13:27.769456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:13:43.772386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:14:15.778470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:20:19.784757 3.001307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 16:20:26.791582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:20:34.793182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:20:50.796596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:21:22.802661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:25:57.087394 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 16:25:57.087501 0.083110 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:25:57.171078 0.340803 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:25:57.512253 0.051652 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:25:57.564478 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 16:26:13.822717 0.045178 tcp 10.0.2.109 49341 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:26:13.868260 0.044757 tcp 10.0.2.109 49342 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:26:13.913301 0.136409 tcp 10.0.2.109 49343 -> 195.113.214.211 443 SRPA* 0 0 35 27044 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:26:14.050653 0.038414 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:14.089452 0.049690 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:14.139557 0.411889 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:14.551857 0.415655 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:14.967986 0.184839 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:15.153265 0.215205 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:15.368874 0.084040 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:15.453343 0.062451 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:15.516236 0.148152 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:15.664736 0.055530 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:15.720633 0.063991 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:15.785026 0.142579 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:15.928061 0.156746 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:16.099723 0.323576 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:16.423709 0.138761 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:16.562888 0.229077 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:16.792391 0.143248 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:16.936033 0.079419 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:17.015856 0.152830 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:17.169126 0.146094 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:17.315646 0.060635 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:17.376680 2.768721 udp 10.0.2.109 3683 <-> 172.129.52.12 3980 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:20.145838 0.145300 udp 10.0.2.109 3683 <-> 70.50.200.57 6552 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:20.291542 2.241632 udp 10.0.2.109 3683 <-> 172.129.107.149 3573 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:22.533694 0.041677 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:22.575775 0.040609 udp 10.0.2.109 3683 <-> 87.153.122.151 4545 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:22.616739 0.174608 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:22.791738 0.000000 udp 10.0.2.109 3683 -> 190.246.43.69 1117 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 16:26:41.271321 0.043944 tcp 10.0.2.109 49344 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:26:41.315513 0.042943 tcp 10.0.2.109 49345 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:26:41.358761 0.135802 tcp 10.0.2.109 49346 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:26:41.495201 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 16:26:58.185512 0.044823 tcp 10.0.2.109 49347 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:26:58.230662 0.041649 tcp 10.0.2.109 49348 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:26:58.272639 0.133151 tcp 10.0.2.109 49349 -> 195.113.214.211 443 SRPA* 0 0 41 34598 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:26:58.406590 0.036991 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:58.443964 0.166617 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:58.610939 0.041792 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:58.653112 0.042567 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:58.696117 0.223730 udp 10.0.2.109 3683 <-> 84.152.204.64 1251 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:26:58.920310 0.000000 udp 10.0.2.109 3683 -> 189.153.144.45 5157 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 16:27:17.032615 0.041004 tcp 10.0.2.109 49350 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:27:17.073960 0.041809 tcp 10.0.2.109 49351 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:27:17.116072 0.253085 tcp 10.0.2.109 49352 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:27:17.369889 0.099155 udp 10.0.2.109 3683 <-> 188.29.127.51 9542 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:27:17.469531 0.058227 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:27:17.528173 0.049644 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:27:17.578308 0.173010 udp 10.0.2.109 3683 <-> 12.169.109.98 8406 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:27:26.809715 3.000150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 16:27:33.815850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:27:41.817925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:27:57.820684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:28:29.826765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:32:12.206335 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 16:32:12.206543 2.655320 tcp 10.0.2.109 49353 -> 27.251.231.18 9791 FSPA* 0 0 14 1531 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:34:33.833542 3.000817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 16:34:40.840082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:34:48.841439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:35:04.844565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:35:36.850443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:41:40.856463 3.001266 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 16:41:47.864065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:41:55.865587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:42:11.868500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:42:43.874678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:48:47.880574 3.002355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 16:48:54.888011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:49:02.889227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:49:18.892642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:49:50.897898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:55:54.904385 3.001898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 16:56:01.912054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:56:09.913643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:56:25.916563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:56:57.922698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 16:57:38.291204 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 16:57:38.291402 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 16:57:57.200377 0.042246 tcp 10.0.2.109 49354 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:57:57.242968 0.042174 tcp 10.0.2.109 49355 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:57:57.285432 0.134398 tcp 10.0.2.109 49356 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:57:57.420059 0.000000 udp 10.0.2.109 3683 -> 190.246.43.69 1117 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 16:58:14.363413 0.041200 tcp 10.0.2.109 49357 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:58:14.404997 0.041908 tcp 10.0.2.109 49358 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:58:14.447203 0.136564 tcp 10.0.2.109 49359 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:58:14.584287 0.390914 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:14.975696 0.000000 udp 10.0.2.109 3683 -> 189.153.144.45 5157 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 16:58:30.065512 0.041241 tcp 10.0.2.109 49360 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:58:30.107031 0.045477 tcp 10.0.2.109 49361 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:58:30.152829 0.134854 tcp 10.0.2.109 49362 -> 195.113.214.211 443 SRPA* 0 0 32 17492 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:58:30.288412 0.343052 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:30.631890 0.085609 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:30.717947 0.076809 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:30.795148 0.415956 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:31.211526 0.035776 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:31.247762 0.400086 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:31.648258 0.050062 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:31.698767 0.085948 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:31.785178 0.214116 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:31.999793 0.142969 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:32.143218 0.183166 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:32.326825 0.064689 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:32.391926 0.063631 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:32.455967 0.060461 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:32.516857 0.145271 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:32.662540 0.170512 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:32.833501 0.166838 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:33.000777 0.162875 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:33.164035 0.114115 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:33.278536 0.318609 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:33.597542 0.075717 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:33.673660 0.145298 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:33.819421 0.059806 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:33.879616 0.159942 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:34.039981 0.455264 udp 10.0.2.109 3683 <-> 172.129.52.12 3980 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:34.495714 0.000000 udp 10.0.2.109 3683 -> 70.50.200.57 6552 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 16:58:49.804074 0.042127 tcp 10.0.2.109 49363 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:58:49.846572 0.040848 tcp 10.0.2.109 49364 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:58:49.887706 0.134275 tcp 10.0.2.109 49365 -> 195.113.214.211 443 SRPA* 0 0 42 35858 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:58:50.022829 4.350614 udp 10.0.2.109 3683 <-> 172.129.107.149 3573 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:54.373861 0.174714 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:54.548982 0.041834 udp 10.0.2.109 3683 <-> 87.153.122.151 4545 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:58:54.591211 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 16:59:09.663416 0.044807 tcp 10.0.2.109 49366 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:59:09.708491 0.041707 tcp 10.0.2.109 49367 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:59:09.750515 0.131459 tcp 10.0.2.109 49368 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/01/30 16:59:09.882657 0.041334 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:59:09.924393 0.040421 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:59:09.965198 0.045903 udp 10.0.2.109 3683 <-> 84.152.204.64 1251 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:59:10.011514 0.034406 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:59:10.046351 0.200907 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:59:10.247698 0.049207 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:59:10.297289 0.172723 udp 10.0.2.109 3683 <-> 12.169.109.98 8406 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:59:10.470553 0.205672 udp 10.0.2.109 3683 <-> 188.29.127.51 9542 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/30 16:59:10.676662 0.057361 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:02:14.868542 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 17:02:14.868646 1.752262 tcp 10.0.2.109 49369 -> 27.251.231.18 9791 FSPA* 0 0 14 1674 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:03:01.928620 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 17:03:08.935828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:03:16.937387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:03:32.940536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:04:04.946708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:10:08.952641 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 17:10:15.959751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:10:23.961257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:10:39.964076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:11:11.970221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:17:15.976694 3.001535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 17:17:22.983684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:17:30.985249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:17:46.988537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:18:18.994540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:24:23.000400 3.001439 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 17:24:30.008020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:24:38.009317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:24:54.012215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:25:26.018428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:29:12.414210 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 17:29:12.414345 0.000000 udp 10.0.2.109 3683 -> 70.50.200.57 6552 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 17:29:29.160527 0.041777 tcp 10.0.2.109 49370 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:29:29.202658 0.044946 tcp 10.0.2.109 49371 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:29:29.247913 0.132621 tcp 10.0.2.109 49372 -> 195.113.214.211 443 SRPA* 0 0 41 34010 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:29:29.381214 0.052559 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:29.434223 0.377601 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:29.812190 0.553002 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:30.365631 0.036214 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:30.402503 0.079441 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:30.482396 0.340521 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:30.823300 0.055199 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:30.879223 0.049669 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:30.929278 0.141840 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:31.071547 0.408523 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:31.480447 0.067738 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:31.548571 0.057975 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:31.606991 0.062348 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:31.669745 0.213664 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:31.883825 0.089156 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:31.973426 0.191726 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:32.165563 0.162275 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:32.328254 0.138797 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:32.467475 0.356661 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:32.824516 0.146851 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:32.971713 0.138498 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:33.110560 0.200110 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:33.311057 0.000000 udp 10.0.2.109 3683 -> 172.129.52.12 3980 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 17:29:51.250097 0.044537 tcp 10.0.2.109 49373 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:29:51.294898 0.041315 tcp 10.0.2.109 49374 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:29:51.336511 0.137205 tcp 10.0.2.109 49375 -> 195.113.214.211 443 SRPA* 0 0 33 19148 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:29:51.474444 0.147288 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:51.622110 0.316128 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:51.938715 0.056981 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:51.996106 0.159319 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:52.155824 0.173729 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:29:52.329980 0.000000 udp 10.0.2.109 3683 -> 172.129.107.149 3573 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 17:30:02.330558 0.000000 udp 10.0.2.109 3683 <- 172.129.107.149 3573 RSP 0 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 17:30:02.330955 0.000000 udp 10.0.2.109 3683 -> 87.153.122.151 4545 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 17:30:19.380633 0.042253 tcp 10.0.2.109 49376 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:30:19.423180 0.042403 tcp 10.0.2.109 49377 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:30:19.465886 0.134421 tcp 10.0.2.109 49378 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:30:19.600868 0.047105 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:30:19.648390 0.044128 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:30:19.692943 0.824152 udp 10.0.2.109 3683 <-> 84.152.204.64 1251 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:30:20.517511 0.040477 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:30:20.558466 0.168155 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:30:20.726987 0.049104 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:30:20.776473 0.173195 udp 10.0.2.109 3683 <-> 12.169.109.98 8406 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:30:20.950071 0.000000 udp 10.0.2.109 3683 -> 188.29.127.51 9542 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 17:30:36.265236 0.041259 tcp 10.0.2.109 49379 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:30:36.306857 0.041751 tcp 10.0.2.109 49380 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:30:36.349030 0.181321 tcp 10.0.2.109 49381 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:30:36.530900 0.056099 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 17:31:30.024706 3.001386 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 17:31:37.031615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:31:45.033177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:32:01.036661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:32:16.629065 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 17:32:16.629169 1.763559 tcp 10.0.2.109 49382 -> 27.251.231.18 9791 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/01/30 17:32:33.042525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:38:37.049094 3.000871 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 17:38:44.055808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:38:52.057337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:39:08.060153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:39:40.065961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:45:44.072493 3.001158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 17:45:51.079730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:45:59.081398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:46:15.084211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:46:47.090152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:52:53.099333 3.001478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 17:53:00.106720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:53:08.107824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:53:24.111289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 17:53:56.117314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:00:00.123123 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 18:00:07.130935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:00:15.131776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:00:31.135075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:00:58.654973 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 18:00:58.655151 0.000000 udp 10.0.2.109 3683 -> 172.129.52.12 3980 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 18:01:03.140973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:01:15.660654 0.042450 tcp 10.0.2.109 49383 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:01:15.703388 0.047722 tcp 10.0.2.109 49384 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:01:15.751385 0.132234 tcp 10.0.2.109 49385 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:01:15.884121 0.000000 udp 10.0.2.109 3683 -> 87.153.122.151 4545 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 18:01:32.984340 0.041043 tcp 10.0.2.109 49386 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:01:33.025645 0.044910 tcp 10.0.2.109 49387 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:01:33.070828 0.137963 tcp 10.0.2.109 49388 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:01:33.209439 0.000000 udp 10.0.2.109 3683 -> 188.29.127.51 9542 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 18:01:50.769982 0.041535 tcp 10.0.2.109 49389 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:01:50.811878 0.041651 tcp 10.0.2.109 49390 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:01:50.853916 0.134552 tcp 10.0.2.109 49391 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:01:50.989063 0.053800 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:51.043266 0.377840 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:51.421514 0.333628 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:51.755564 0.172392 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:51.928404 0.049616 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:51.978572 0.423198 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:52.402227 0.082515 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:52.485111 0.034627 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:52.520101 0.214528 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:52.735052 0.085953 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:52.821406 0.139766 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:52.961523 0.399825 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:53.361764 0.063695 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:53.425913 0.056358 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:53.482706 0.062423 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:53.545539 0.146969 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:53.692888 0.158516 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:53.851866 0.179714 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:54.032037 0.424958 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:54.457508 0.126564 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:54.584524 0.284435 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:54.869384 0.165666 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:55.035429 0.078333 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:55.114212 0.146634 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:55.261330 0.058885 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:55.320627 0.174225 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:55.495283 0.153386 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:01:55.649122 0.000000 udp 10.0.2.109 3683 -> 172.129.107.149 3573 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 18:02:07.789267 0.000000 udp 10.0.2.109 3683 <- 172.129.107.149 3573 RSP 0 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 18:02:07.789686 0.045928 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:02:07.836026 0.046272 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:02:07.882715 0.049334 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:02:07.932479 0.172663 udp 10.0.2.109 3683 <-> 12.169.109.98 8406 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:02:08.105574 0.636651 udp 10.0.2.109 3683 <-> 84.152.204.64 1251 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:02:08.742646 0.034517 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:02:08.777591 0.172356 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:02:08.950389 0.057251 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:02:18.399629 1.746443 tcp 10.0.2.109 49392 -> 27.251.231.18 9791 FSPA* 0 0 15 1577 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:07:07.148273 3.000294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 18:07:14.154823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:07:22.156065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:07:38.158792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:08:10.164996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:14:14.171236 3.001389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 18:14:21.178524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:14:29.179893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:14:45.183092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:15:17.190275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:21:21.195240 3.001327 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 18:21:28.202243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:21:36.203977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:21:52.207156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:22:24.212990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:28:28.220192 3.064841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 18:28:35.265407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:28:43.237611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:28:59.240816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:29:31.247160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:32:20.150319 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 18:32:20.150417 1.731037 tcp 10.0.2.109 49393 -> 27.251.231.18 9791 FSPA* 0 0 15 1593 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:32:32.898917 0.043914 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:32.943323 0.417962 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:33.361705 0.346798 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:33.708953 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 18:32:51.947225 0.061492 tcp 10.0.2.109 49394 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:32:52.008999 0.064351 tcp 10.0.2.109 49395 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:32:52.073622 0.153775 tcp 10.0.2.109 49396 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:32:52.227683 0.049704 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:52.277808 0.419194 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:52.697425 0.143530 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:52.841413 0.035579 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:52.877434 0.208407 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:53.086286 0.084745 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:53.171472 0.063727 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:53.235726 0.059097 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:53.295236 0.066100 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:53.361727 0.145222 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:53.507353 0.155660 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:53.663414 0.183173 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:53.846988 0.139303 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:53.986702 0.398079 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:54.385308 0.325472 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:54.711159 0.114121 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:54.825728 0.148187 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:54.974443 0.170959 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:55.145831 0.080391 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:55.226625 0.172480 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:55.399523 0.152966 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:55.552896 0.147995 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:55.701282 0.060332 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:32:55.762024 0.000000 udp 10.0.2.109 3683 -> 172.129.107.149 3573 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 18:33:01.253193 0.000000 udp 10.0.2.109 3683 <- 172.129.107.149 3573 RSP 0 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 18:33:01.253605 0.040133 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:33:01.294194 0.040947 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:33:01.335607 0.049256 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:33:01.385274 0.172688 udp 10.0.2.109 3683 <-> 12.169.109.98 8406 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:33:01.558359 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 18:33:18.895232 0.059466 tcp 10.0.2.109 49397 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:33:18.954964 0.064247 tcp 10.0.2.109 49398 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:33:19.019526 0.156157 tcp 10.0.2.109 49399 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/01/30 18:33:19.176224 0.058683 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:33:19.235289 0.863183 udp 10.0.2.109 3683 <-> 84.152.204.64 1251 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:33:20.098902 0.033197 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/30 18:35:35.253963 3.000825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 18:35:42.260413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:35:50.261669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:36:06.264504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:36:38.270896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:42:42.277772 3.001255 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 18:42:49.284388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:42:57.285589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:43:13.288594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:43:45.294881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:49:49.301425 3.000938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 18:49:56.308529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:50:04.309503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:50:20.312671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:50:52.318690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:56:56.324125 3.002278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 18:57:03.332408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:57:11.333923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:57:27.337264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 18:57:59.342754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:02:21.881293 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 19:02:21.881399 1.778262 tcp 10.0.2.109 49400 -> 27.251.231.18 9791 FSPA* 0 0 15 1578 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:03:33.943721 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 19:03:33.943976 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 19:03:51.391203 0.064667 tcp 10.0.2.109 49401 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:03:51.456170 0.063128 tcp 10.0.2.109 49402 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:03:51.519586 0.160771 tcp 10.0.2.109 49403 -> 195.113.214.211 443 SRPA* 0 0 20 10060 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:03:51.680986 0.223294 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:51.904971 0.046931 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:51.952339 0.340789 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:52.293589 0.376755 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:52.670851 0.049927 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:52.721185 0.037267 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:52.758854 0.419115 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:53.178519 0.086379 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:53.265357 0.064112 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:53.329944 0.085315 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:53.415693 0.208760 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:53.624930 0.066683 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:53.692055 0.140895 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:53.833531 0.160857 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:53.994771 0.184471 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:54.179652 0.140871 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:54.320914 0.055063 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:54.376472 0.126579 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:54.503528 0.200997 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:54.704929 0.343180 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:55.048583 0.353661 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:55.402636 0.172891 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:55.576012 0.160170 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:55.736638 0.147757 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:55.884862 0.060252 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:55.945571 0.167307 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:56.113278 0.076242 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:56.189930 0.041416 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:56.231736 0.049005 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:56.281128 0.172228 udp 10.0.2.109 3683 <-> 12.169.109.98 8406 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:56.453787 3.205534 udp 10.0.2.109 3683 <-> 172.129.107.149 3573 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:59.659859 0.044218 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:59.704655 0.055624 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:03:59.760752 0.465676 udp 10.0.2.109 3683 <-> 84.152.204.64 1251 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:04:00.226842 0.041054 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:04:03.350219 3.137938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 19:04:10.465062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:04:18.408366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:04:34.372113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:05:06.376661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:11:10.383163 3.001247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 19:11:17.390387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:11:25.391834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:11:41.394448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:12:13.400308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:18:17.427169 3.023216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 19:18:24.444403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:18:32.445518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:18:48.448662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:19:20.454848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:25:24.460485 3.001874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 19:25:31.468087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:25:39.469622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:25:55.472798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:26:27.478007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:32:23.661226 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 19:32:23.661375 0.241865 tcp 10.0.2.109 49404 -> 27.251.231.18 9791 SPA_* 0 0 9 1037 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:32:29.095965 0.011647 tcp 10.0.2.109 49404 -> 27.251.231.18 9791 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:32:31.484809 3.001131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 19:32:38.492167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:32:46.493527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:33:02.496497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:33:34.501945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:34:09.162833 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 19:34:09.163015 0.165878 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:09.329284 0.047193 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:09.376940 0.343028 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:09.720327 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 19:34:24.926876 0.066326 tcp 10.0.2.109 49405 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:34:24.993452 0.061348 tcp 10.0.2.109 49406 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:34:25.055238 0.149803 tcp 10.0.2.109 49407 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:34:25.205707 0.049173 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:25.255342 0.036407 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:25.292190 0.419420 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:25.712064 0.075168 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:25.787625 0.064886 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:25.852883 0.064377 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:25.917670 0.146578 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:26.064725 0.156488 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:26.221642 0.184903 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:26.406970 0.140081 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:26.547521 0.056253 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:26.604168 0.084522 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:26.689135 0.213698 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:26.903216 0.126473 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:27.030251 0.136712 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:27.167453 0.343325 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:27.511303 0.316474 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:27.828212 0.175965 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.006851 0.166478 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.173774 0.147400 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.321580 0.061359 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.383334 0.168301 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.552047 0.078378 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.630865 0.040960 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.672251 0.049021 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.721736 0.173890 udp 10.0.2.109 3683 <-> 12.169.109.98 8406 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.896052 0.057810 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:28.954314 0.000000 udp 10.0.2.109 3683 -> 84.152.204.64 1251 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 19:34:45.215062 0.063436 tcp 10.0.2.109 49408 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:34:45.278831 0.067862 tcp 10.0.2.109 49409 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:34:45.347024 0.158190 tcp 10.0.2.109 49410 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:34:45.505797 0.036258 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:34:45.542572 0.000000 udp 10.0.2.109 3683 -> 172.129.107.149 3573 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 19:35:03.641822 0.111534 tcp 10.0.2.109 49411 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:35:03.753670 0.063550 tcp 10.0.2.109 49412 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:35:03.817471 0.151579 tcp 10.0.2.109 49413 -> 195.113.214.211 443 SRPA* 0 0 31 22144 flow=From-Botnet-V1-TCP-Established 1970/01/30 19:35:03.969644 0.044328 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/01/30 19:39:38.508510 3.068334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 19:39:45.549010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:39:53.527435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:40:09.530558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:40:41.536663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:46:45.541769 3.002946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 19:46:52.549899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:47:00.551387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:47:16.554516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:47:48.560849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:53:52.566838 3.001191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 19:53:59.573884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:54:07.575499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:54:23.578472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 19:54:55.584814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:00:59.590948 3.001148 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 20:01:06.597788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:01:14.599374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:01:30.602706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:02:02.608566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:02:29.107236 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 20:02:29.107452 1.691405 tcp 10.0.2.109 49414 -> 27.251.231.18 9791 FSPA* 0 0 14 1729 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:05:06.993789 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 20:05:06.993902 0.385774 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:07.380126 0.000000 udp 10.0.2.109 3683 -> 84.152.204.64 1251 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 20:05:24.169560 0.062269 tcp 10.0.2.109 49415 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:05:24.232185 0.062136 tcp 10.0.2.109 49416 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:05:24.294662 0.160136 tcp 10.0.2.109 49417 -> 195.113.214.211 443 SRPA* 0 0 40 33106 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:05:24.455691 0.000000 udp 10.0.2.109 3683 -> 172.129.107.149 3573 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 20:05:40.772597 0.059222 tcp 10.0.2.109 49418 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:05:40.832115 0.063144 tcp 10.0.2.109 49419 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:05:40.895561 0.150908 tcp 10.0.2.109 49420 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:05:41.047155 0.042688 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:41.090328 0.167756 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:41.258636 0.346750 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:41.605809 0.417832 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.024093 0.079301 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.103777 0.064820 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.169045 0.065169 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.234626 0.036790 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.271872 0.050863 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.323222 0.140565 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.464254 0.063207 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.527924 0.084968 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.613316 0.209646 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.823420 0.146250 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:42.970057 0.156355 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:43.126824 0.183223 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:43.310498 0.186924 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:43.497816 0.138919 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:43.637114 0.318515 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:43.956093 0.137431 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:44.093957 0.385904 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:44.480269 0.062444 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:44.543091 0.167678 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:44.711226 0.076802 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:05:44.788498 0.000000 udp 10.0.2.109 3683 -> 93.198.205.216 8279 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 20:06:02.964908 0.060542 tcp 10.0.2.109 49421 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:06:03.025706 0.060937 tcp 10.0.2.109 49422 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:06:03.087008 0.164316 tcp 10.0.2.109 49423 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:06:03.251977 0.049055 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:06:03.301485 0.000000 udp 10.0.2.109 3683 -> 12.169.109.98 8406 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 20:06:19.948361 0.060858 tcp 10.0.2.109 49424 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:06:20.009526 0.062271 tcp 10.0.2.109 49425 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:06:20.072028 0.154874 tcp 10.0.2.109 49426 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:06:20.227517 0.056603 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:06:20.284529 0.143470 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:06:20.428370 0.159991 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:06:20.588810 0.034577 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:06:20.623889 0.065291 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:08:12.623440 3.001965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 20:08:19.630734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:08:27.631628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:08:43.635126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:09:15.640986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:15:19.647706 3.000934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 20:15:26.654662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:15:34.656028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:15:50.658994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:16:22.665220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:22:26.671593 3.001328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 20:22:33.677831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:22:41.680059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:22:57.683000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:23:29.689139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:29:33.695040 3.001738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 20:29:40.702185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:29:48.703538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:30:04.707109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:30:36.713139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:32:30.807688 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 20:32:30.807867 1.895903 tcp 10.0.2.109 49427 -> 27.251.231.18 9791 FSPA* 0 0 14 1599 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:36:36.029812 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 20:36:36.029952 0.046590 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:36:36.076954 0.000000 udp 10.0.2.109 3683 -> 12.169.109.98 8406 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 20:36:40.719508 3.001045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 20:36:47.725984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:36:54.367673 0.062656 tcp 10.0.2.109 49428 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:36:54.430620 0.063226 tcp 10.0.2.109 49429 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:36:54.494165 0.156944 tcp 10.0.2.109 49430 -> 195.113.214.211 443 SRPA* 0 0 39 31854 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:36:54.651764 0.387630 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:36:55.039846 0.415024 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:36:55.455267 0.168505 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:36:55.624201 0.044116 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:36:55.668764 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 20:36:55.738065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:37:11.740959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:37:13.884542 0.060674 tcp 10.0.2.109 49431 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:37:13.945078 0.064631 tcp 10.0.2.109 49432 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:37:14.009982 0.150680 tcp 10.0.2.109 49433 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/30 20:37:14.161278 0.065403 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:14.227182 0.036480 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:14.264095 0.065196 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:14.329711 0.137918 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:14.468095 0.202590 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:14.671174 0.088225 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:14.759822 0.209378 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:14.969608 0.148324 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:15.118417 0.049971 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:15.168890 0.060703 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:15.230012 0.337639 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:15.568115 0.156927 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:15.725426 0.162571 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:15.888453 0.185418 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:16.074445 0.126572 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:16.201436 0.063474 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:16.265320 0.227122 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:16.492861 0.081250 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:16.574549 0.404101 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:16.979037 0.136496 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:17.115955 0.049303 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:17.165741 0.160076 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:17.326242 0.035595 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:17.362291 0.049731 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:17.412528 0.057207 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:17.470082 0.150612 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/30 20:37:43.747128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:43:47.752390 3.002082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 20:43:54.760674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:44:02.761567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:44:18.764786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:44:50.770953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:51:51.779158 3.001687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 20:51:58.786586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:52:06.787810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:52:22.790868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:52:54.797315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:59:18.812756 3.000328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 20:59:25.819073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:59:33.820728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 20:59:49.823733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:00:21.829487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:02:32.708212 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 21:02:32.708384 1.748402 tcp 10.0.2.109 49434 -> 27.251.231.18 9791 FSPA* 0 0 15 1625 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:06:25.835851 3.001405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 21:06:32.843095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:06:40.844296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:06:56.847633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:07:28.853564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:07:46.088472 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 21:07:46.088736 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 21:08:02.643416 0.044296 tcp 10.0.2.109 49435 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:08:02.687924 0.044470 tcp 10.0.2.109 49436 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:08:02.732695 0.158688 tcp 10.0.2.109 49437 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:08:02.891936 0.046592 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:02.939043 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 21:08:20.457652 0.043850 tcp 10.0.2.109 49438 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:08:20.501816 0.044227 tcp 10.0.2.109 49439 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:08:20.546353 0.156148 tcp 10.0.2.109 49440 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:08:20.703033 0.413786 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:21.117237 0.396952 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:21.514621 0.164732 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:21.679815 0.067010 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:21.747230 0.034767 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:21.782383 0.063562 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:21.846540 0.144296 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:21.991301 0.084071 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:22.075798 0.087743 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:22.163989 0.209972 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:22.374561 0.148817 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:22.523749 0.050000 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:22.574152 0.059352 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:22.633882 0.326405 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:22.960734 0.156218 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:23.117442 0.157139 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:23.275034 0.064082 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:23.339495 0.166812 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:23.506732 0.500119 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:24.007276 0.394626 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:24.402500 0.182169 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:24.585085 0.126498 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:24.712006 0.140922 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:24.853324 0.049276 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:24.903016 0.155608 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:25.059089 0.033064 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:25.092558 0.046378 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:25.139318 0.055795 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:08:25.195586 0.148608 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:13:32.859686 3.001539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 21:13:39.867065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:13:47.868396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:14:03.871784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:14:35.878018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:20:39.883703 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 21:20:46.890914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:20:54.892563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:21:10.895652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:21:42.901529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:27:46.908165 3.000780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 21:27:53.915083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:28:01.916512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:28:17.919507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:28:49.925398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:32:34.458590 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 21:32:34.458835 1.820801 tcp 10.0.2.109 49441 -> 27.251.231.18 9791 FSPA* 0 0 14 1524 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:34:53.931775 3.001294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 21:35:00.938696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:35:08.940506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:35:24.943439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:35:56.949279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:38:33.074284 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 21:38:33.074438 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 21:38:48.548089 0.051612 tcp 10.0.2.109 49442 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:38:48.599947 0.051956 tcp 10.0.2.109 49443 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:38:48.652180 0.152077 tcp 10.0.2.109 49444 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:38:48.805009 0.046175 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:38:48.851669 0.414401 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:38:49.266676 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 21:39:05.601104 0.050820 tcp 10.0.2.109 49445 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:39:05.652185 0.054983 tcp 10.0.2.109 49446 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:39:05.707436 0.156341 tcp 10.0.2.109 49447 -> 195.113.214.211 443 SRPA* 0 0 38 21678 flow=From-Botnet-V1-TCP-Established 1970/01/30 21:39:05.864322 0.168592 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.033381 0.064045 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.097899 0.036141 rtcp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.134450 0.065282 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.200161 0.143724 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.344347 0.082107 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.426807 0.090201 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.517399 0.210024 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.727857 0.144067 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.872388 0.048987 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.921756 0.064459 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:06.986642 0.475950 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:07.462978 0.061590 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:07.524924 0.165955 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:07.691264 0.080647 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:07.772379 0.156441 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:07.929289 0.154171 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:08.083882 0.309160 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:08.393470 0.183284 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:08.577189 0.114189 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:08.691840 0.139858 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:08.832101 0.050498 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:08.882984 0.044794 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:08.928235 0.059316 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:08.988014 0.147969 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:09.136397 0.160027 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:39:09.296881 0.042757 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/30 21:42:00.955912 3.001384 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/30 21:42:07.962872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:42:15.964477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:42:31.967475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:43:03.973387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:49:07.979368 3.001630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 21:49:14.986891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:49:22.988646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:49:38.991456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:50:10.997442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:56:15.003831 3.001178 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 21:56:22.010701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:56:30.012170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:56:46.015474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 21:57:18.021526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:02:36.279552 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 22:02:36.279653 1.741367 tcp 10.0.2.109 49448 -> 27.251.231.18 9791 FSPA* 0 0 14 1711 flow=From-Botnet-V1-TCP-Established 1970/01/30 22:03:22.027988 3.000983 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 22:03:29.035125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:03:37.036128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:03:53.039309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:04:25.045174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:09:28.802292 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 22:09:28.802451 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 22:09:46.869852 0.053104 tcp 10.0.2.109 49449 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 22:09:46.923311 0.052007 tcp 10.0.2.109 49450 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 22:09:46.975598 0.153103 tcp 10.0.2.109 49451 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/01/30 22:09:47.129423 0.040704 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:47.170542 0.417697 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:47.588675 0.165037 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:47.754234 0.062401 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:47.817079 0.034637 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:47.852209 0.063888 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:47.916536 0.144019 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:48.060967 0.926080 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:48.987435 0.088826 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:49.076628 0.210356 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:49.287460 0.147956 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:49.435843 0.049603 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:49.485824 0.060851 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:49.547070 0.358243 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:49.905730 0.061275 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:49.967353 0.184523 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:50.152275 0.081652 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:50.234449 0.156558 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:50.391443 0.153948 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:50.545810 0.306426 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:50.852610 0.392818 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:51.245880 0.127300 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:51.373614 0.299565 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:51.673634 0.049138 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:51.723191 0.044971 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:51.768579 0.057160 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:51.826150 0.042751 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:51.869388 0.147628 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:09:52.017447 0.153150 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:10:29.052217 3.000749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 22:10:36.058707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:10:44.060696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:11:00.063123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:11:32.069302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:17:36.075159 3.001906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 22:17:43.082568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:17:51.084501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:18:07.087409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:18:39.093205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:24:43.100310 3.000560 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 22:24:50.106703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:24:58.108170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:25:14.110850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:25:46.117317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:31:50.123224 3.001791 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 22:31:57.130858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:32:05.132210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:32:21.135248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:32:38.019964 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 22:32:38.020134 1.947428 tcp 10.0.2.109 49452 -> 27.251.231.18 9791 FSPA* 0 0 14 1708 flow=From-Botnet-V1-TCP-Established 1970/01/30 22:32:53.141087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:38:57.147423 3.001504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 22:39:04.154621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:39:12.156182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:39:28.158957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:40:00.165028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:40:06.915072 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 22:40:06.915229 0.166939 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:07.082700 0.064944 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:07.148080 0.655568 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:07.804112 0.064983 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:07.869631 0.040747 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:07.910805 0.420125 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:08.331333 0.144145 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:08.475870 0.075635 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:08.551997 0.083625 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:08.636028 0.210204 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:08.846719 0.149154 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:08.996283 0.050911 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:09.047634 0.060506 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:09.108554 0.320449 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:09.429425 0.063589 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:09.493533 0.157130 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:09.651203 0.155380 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:09.807105 0.307581 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:10.115087 0.172543 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:10.288103 0.082033 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:10.370556 0.184834 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:10.555810 0.126456 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:10.682701 0.136974 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:10.820190 0.049143 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:10.869766 0.049006 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:10.919208 0.058866 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:10.978570 0.035564 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:11.014526 0.147712 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:40:11.162759 0.152932 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/30 22:46:04.172022 3.030535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 22:46:11.188022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:46:19.189803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:46:35.192844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:47:07.198878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:53:11.205190 3.001566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 22:53:18.212476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:53:26.213969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:53:42.216846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 22:54:14.223074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:00:18.229451 3.001142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 23:00:25.236874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:00:33.237987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:00:49.240918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:01:21.247142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:02:39.970347 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 23:02:39.970609 2.469314 tcp 10.0.2.109 49453 -> 27.251.231.18 9791 FSPA* 0 0 15 1605 flow=From-Botnet-V1-TCP-Established 1970/01/30 23:07:25.253104 3.001688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 23:07:32.260741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:07:40.261927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:07:56.264850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:08:28.270902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:10:34.552839 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 23:10:34.552994 0.037258 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:34.590763 0.067063 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:34.658208 0.041039 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:34.699627 0.164847 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:34.864915 0.062956 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:34.928265 0.417127 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:35.345785 0.143438 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:35.489652 0.083931 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:35.574195 0.087335 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:35.661924 0.210433 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:35.872760 0.147067 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:36.020262 0.049638 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:36.070342 0.063986 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:36.134808 0.326857 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:36.462299 0.062212 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:36.524945 0.157317 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:36.682642 0.157394 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:36.840448 0.309220 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:37.150083 0.167859 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:37.318345 0.111795 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:37.430638 0.188323 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:37.619371 0.113974 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:37.733774 0.137775 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:37.871961 0.049273 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:37.921718 0.040326 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:37.962585 0.061163 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:38.024163 0.034591 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:38.059230 0.140528 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:10:38.200148 0.155340 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:14:32.277743 3.033029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 23:14:39.294334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:14:47.296051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:15:03.298909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:15:35.304996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:21:39.310383 3.002379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 23:21:46.318280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:21:54.319847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:22:10.322917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:22:42.328953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:28:46.335420 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 23:28:53.342009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:29:01.343750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:29:17.346772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:29:49.352820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:32:42.442184 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 23:32:42.442282 3.068502 tcp 10.0.2.109 49454 -> 27.251.231.18 9791 FSPA* 0 0 15 1714 flow=From-Botnet-V1-TCP-Established 1970/01/30 23:35:53.358983 3.001662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 23:36:00.366495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:36:08.367585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:36:24.370833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:36:56.376857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:40:40.059016 0.026733 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/30 23:40:40.085937 0.000000 udp 10.0.2.109 3683 -> 93.198.205.216 8279 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/30 23:40:56.152963 0.052199 tcp 10.0.2.109 49455 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/30 23:40:56.205436 0.053292 tcp 10.0.2.109 49456 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/30 23:40:56.259156 0.133146 tcp 10.0.2.109 49457 -> 195.113.214.211 443 SRPA* 0 0 63 42014 flow=From-Botnet-V1-TCP-Established 1970/01/30 23:40:56.392867 0.169529 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:56.562872 0.062904 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:56.626192 0.035836 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:56.662438 0.069469 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:56.732668 0.414849 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:57.147897 0.142847 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:57.291177 0.126405 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:57.418011 0.114861 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:57.533231 0.210737 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:57.744379 0.148384 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:57.893237 0.050054 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:57.943702 0.062393 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:58.006500 0.338346 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:58.345228 0.068005 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:58.413663 0.157796 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:58.571931 0.154906 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:58.727243 0.308268 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:59.035969 0.165981 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:59.202567 0.078848 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:59.281776 0.183835 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:59.466013 0.126426 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:59.592882 0.136830 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:59.730322 0.049351 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:59.780076 0.042573 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:59.823119 0.056814 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:40:59.880385 0.152668 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:41:00.033611 0.040941 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:41:00.074956 0.147692 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/30 23:43:00.382792 3.001920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 23:43:07.390527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:43:15.391310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:43:31.394874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:44:03.400733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:51:23.415820 3.001873 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 23:51:30.422871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:51:38.426080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:51:54.428034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:52:26.434281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:58:55.445098 3.002602 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/30 23:59:02.452762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:59:10.455059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:59:26.458453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/30 23:59:58.463981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:02:45.514721 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 00:02:45.514888 4.129397 tcp 10.0.2.109 49458 -> 27.251.231.18 9791 FSPA* 0 0 15 1660 flow=From-Botnet-V1-TCP-Established 1970/01/31 00:06:03.471527 3.001090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 00:06:10.478263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:06:18.480377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:06:34.483131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:07:06.489352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:11:02.789386 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 00:11:02.789536 0.046591 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:02.836557 0.035874 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:02.872913 0.069664 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:02.943096 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 00:11:20.666560 0.086540 tcp 10.0.2.109 49459 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 00:11:20.753449 0.053668 tcp 10.0.2.109 49460 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 00:11:20.807449 0.142500 tcp 10.0.2.109 49461 -> 195.113.214.211 443 SRPA* 0 0 93 66429 flow=From-Botnet-V1-TCP-Established 1970/01/31 00:11:20.950695 0.063215 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:21.014384 0.413192 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:21.428022 0.142519 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:21.571010 0.074433 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:21.645896 0.085775 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:21.732124 0.206629 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:21.939233 0.151607 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:22.091275 0.050519 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:22.142209 0.058766 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:22.201336 0.328994 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:22.530754 0.065128 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:22.596290 0.154882 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:22.751643 0.163338 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:22.915420 0.309134 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:23.224966 0.168117 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:23.393456 0.081095 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:23.474951 0.188886 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:23.664255 0.126663 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:23.791328 0.136873 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:23.928692 0.049073 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:23.978248 0.040443 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:24.019140 0.058561 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:24.078298 0.153903 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:24.243138 0.050266 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:11:24.293897 0.148320 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:13:10.495825 3.000969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 00:13:17.502973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:13:25.504597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:13:41.507479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:14:13.513395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:20:17.519638 3.000707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 00:20:24.526690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:20:32.528094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:20:48.530626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:21:20.537312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:27:24.544415 3.000734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 00:27:31.550081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:27:39.552237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:27:55.555331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:28:27.561061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:32:49.648699 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 00:32:49.648841 1.964848 tcp 10.0.2.109 49462 -> 27.251.231.18 9791 FSPA* 0 0 15 1720 flow=From-Botnet-V1-TCP-Established 1970/01/31 00:34:31.568086 3.000805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 00:34:38.574895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:34:46.576360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:35:02.579330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:35:34.585430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:41:38.591454 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 00:41:45.598155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:41:47.571630 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 00:41:47.571786 0.169568 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:47.741822 0.034512 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:47.776765 0.046436 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:47.823590 0.065496 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:47.889499 0.058314 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:47.948235 0.415124 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:48.363753 0.143350 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:48.507542 0.075706 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:48.583628 0.086390 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:48.670479 0.208581 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:48.879525 0.149918 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:49.029860 0.050733 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:49.080987 0.063299 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:49.144683 0.354566 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:49.499756 0.061347 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:49.561559 0.157208 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:49.719152 0.167936 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:49.887494 0.307950 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:50.195834 0.232868 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:50.429074 0.084624 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:50.514261 0.184005 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:50.698703 0.126389 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:50.825485 0.167266 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:50.993133 0.049231 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:51.042784 0.044342 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:51.087531 0.034579 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:51.122526 0.150632 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:51.273848 0.062350 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:51.336723 0.152686 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/31 00:41:53.600221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:42:09.602841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:42:41.609333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:48:45.614903 3.002187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 00:48:52.622972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:49:00.624610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:49:16.627342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:49:48.633052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:55:52.639522 3.001435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 00:55:59.646926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:56:07.647944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:56:23.651064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 00:56:55.657293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:02:51.619588 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 01:02:51.619730 1.753100 tcp 10.0.2.109 49463 -> 27.251.231.18 9791 FSPA* 0 0 14 1683 flow=From-Botnet-V1-TCP-Established 1970/01/31 01:02:59.662527 3.002219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 01:03:06.670629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:03:14.672094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:03:30.674990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:04:02.681222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:10:06.688237 3.000458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 01:10:13.694889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:10:21.696102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:10:37.699078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:11:09.705136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:12:14.308486 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 01:12:14.308755 0.000000 udp 10.0.2.109 3683 -> 93.198.205.216 8279 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 01:12:30.143326 0.053279 tcp 10.0.2.109 49464 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 01:12:30.196905 0.052966 tcp 10.0.2.109 49465 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 01:12:30.250236 0.173302 tcp 10.0.2.109 49466 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/31 01:12:30.424223 0.066545 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:30.491210 0.064337 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:30.556255 0.168468 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:30.725180 0.035067 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:30.760671 0.414933 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:31.176099 0.143250 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:31.319777 0.075118 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:31.395398 0.087539 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:31.483354 0.212215 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:31.696047 0.149104 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:31.845553 0.050835 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:31.896855 0.063639 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:31.960932 0.358315 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:32.319616 0.067112 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:32.387146 0.156313 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:32.543877 0.155873 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:32.700237 0.321851 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:33.022509 0.168684 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:33.191661 0.147549 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:33.339636 0.182610 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:33.522630 0.126263 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:33.649329 0.146707 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:33.796511 0.049364 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:33.846502 0.146024 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:33.992991 0.060601 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:34.054038 0.154066 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:34.208549 0.047294 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:12:34.256294 0.036943 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:17:13.712251 3.013303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 01:17:20.729265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:17:28.730504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:17:44.733652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:18:16.739284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:24:20.745741 3.001136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 01:24:27.752614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:24:35.753432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:24:51.756876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:25:23.763004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:31:27.768345 3.001670 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 01:31:34.776617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:31:42.778115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:31:58.780985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:32:30.787063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:32:53.379883 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 01:32:53.379960 2.104725 tcp 10.0.2.109 49467 -> 27.251.231.18 9791 FSPA* 0 0 14 1646 flow=From-Botnet-V1-TCP-Established 1970/01/31 01:38:34.793308 3.032715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 01:38:41.810409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:38:49.811404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:39:05.814882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:39:37.821077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:42:59.140979 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 01:42:59.141116 0.040915 udp 10.0.2.109 3683 <-> 93.198.205.216 8279 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:42:59.182448 0.166508 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:42:59.349394 0.034648 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:42:59.384460 0.073554 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:42:59.458461 0.063388 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:42:59.522324 0.415375 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:42:59.938188 0.144982 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:00.083581 0.084865 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:00.168870 0.083827 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:00.253082 0.211801 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:00.465282 0.146880 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:00.612582 0.048835 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:00.661889 0.064593 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:00.727016 0.326788 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:01.054210 0.000000 udp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 01:43:17.528812 0.053005 tcp 10.0.2.109 49468 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 01:43:17.582066 0.055891 tcp 10.0.2.109 49469 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 01:43:17.638256 0.165177 tcp 10.0.2.109 49470 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/31 01:43:17.804077 0.155884 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:17.960345 0.162780 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:18.123549 0.326671 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:18.450655 0.165821 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:18.616925 0.082622 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:18.699955 0.178485 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:18.878920 0.138879 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:19.018196 0.136893 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:19.155492 0.049371 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:19.205267 0.148337 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:19.354117 0.068955 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:19.423463 0.048435 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:19.472281 0.160335 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:43:19.632994 0.044678 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/31 01:45:41.828119 3.000465 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 01:45:48.834359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:45:56.835870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:46:12.838928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:46:44.844888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:52:52.856363 3.002141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 01:52:59.863836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:53:07.865453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:53:23.868143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:53:55.874824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 01:59:59.880877 3.001425 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 02:00:06.888041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:00:14.889485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:00:30.892595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:01:02.898325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:02:55.491036 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 02:02:55.491154 2.473104 tcp 10.0.2.109 49471 -> 27.251.231.18 9791 FSPA* 0 0 15 1633 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:07:06.905834 3.000389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 02:07:13.912000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:07:21.913288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:07:37.916706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:08:09.922619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:13:26.658312 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 02:13:26.658474 0.060059 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:26.718915 0.034854 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:26.754363 0.067778 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:26.822548 0.068118 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:26.891106 0.418053 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:27.309632 0.000000 udp 10.0.2.109 3683 -> 93.198.205.216 8279 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 02:13:44.555736 0.055991 tcp 10.0.2.109 49472 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:13:44.612017 0.051841 tcp 10.0.2.109 49473 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:13:44.664129 0.155512 tcp 10.0.2.109 49474 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:13:44.820239 0.165911 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:44.986607 0.079619 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:45.066627 0.085665 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:45.152711 0.208391 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:45.361556 0.146049 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:45.508036 0.049041 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:45.557440 0.059685 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:45.617535 0.334814 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:45.952827 0.141730 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:46.095015 0.155518 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:46.250967 0.357882 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:46.609284 0.166565 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:46.776277 0.081309 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:46.858020 0.181430 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:47.039895 0.126381 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:47.166718 0.156501 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:47.323701 0.049001 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:47.373182 0.145276 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:47.518855 0.058637 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:47.577902 0.046690 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:47.625051 0.152633 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:47.778291 0.044511 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:13:47.823209 0.194729 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:14:13.928571 3.001828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 02:14:20.935929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:14:28.947686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:14:44.950962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:15:16.956723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:21:20.962756 3.001606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 02:21:27.969948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:21:35.971333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:21:51.974462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:22:23.980913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:28:27.987327 3.001314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 02:28:34.993939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:28:42.995209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:28:58.999014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:29:31.004443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:32:57.972305 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 02:32:57.972495 1.774755 tcp 10.0.2.109 49475 -> 27.251.231.18 9791 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:35:35.010616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:36:08.950170 1.968617 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/01/31 02:36:14.866761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:36:22.744350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:36:38.493573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:37:10.000501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:43:08.349232 2.957600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 02:43:15.249946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:43:23.124951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:43:38.891843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:44:10.406742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:44:20.591641 0.000000 arp 10.0.2.109 who 10.0.2.2 INT 1 42 flow=Background-ARP 1970/01/31 02:45:00.640125 0.000000 arp 10.0.2.109 who 10.0.2.2 RSP 1 42 flow=Background-ARP 1970/01/31 02:45:00.996176 0.000000 udp 10.0.2.109 3683 -> 93.198.205.216 8279 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 02:45:17.004038 0.053408 tcp 10.0.2.109 49476 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:45:17.057691 0.054507 tcp 10.0.2.109 49477 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:45:17.112484 0.154435 tcp 10.0.2.109 49478 -> 195.113.214.211 443 SRPA* 0 0 46 39552 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:45:17.267515 0.068455 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:17.336466 0.035207 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:17.372133 0.063001 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:17.435535 0.067103 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:17.503082 0.420553 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:17.924098 0.167262 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:18.091798 0.077972 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:18.170263 0.148876 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:18.319551 0.049497 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:18.369429 0.060858 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:18.430685 0.323424 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:18.754530 0.088826 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:18.843735 0.209618 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:19.053779 0.141212 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:19.195395 0.156561 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:19.352341 0.400248 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:19.753084 0.166932 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:19.920510 0.083928 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:20.004825 0.177756 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:20.183020 0.126368 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:20.309823 0.154410 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:20.464668 0.049120 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:20.514414 0.144672 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:20.659567 0.055766 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:20.715762 0.036298 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:20.752471 0.151152 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:45:20.904077 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 02:45:38.946832 0.962864 tcp 10.0.2.109 49479 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:45:39.909996 0.053532 tcp 10.0.2.109 49480 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:45:39.963837 0.154745 tcp 10.0.2.109 49481 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/31 02:45:40.119107 0.139364 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/31 02:50:54.291749 3.028764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/31 02:51:01.309316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:51:09.311215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:51:25.314222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:51:57.319881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:58:01.326291 3.001446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 02:58:08.333250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:58:16.334835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:58:32.337744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 02:59:04.343820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:04:04.976684 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 03:04:04.976779 1.889585 tcp 10.0.2.109 49482 -> 27.251.231.18 9791 FSPA* 0 0 14 1619 flow=From-Botnet-V1-TCP-Established 1970/01/31 03:05:13.357720 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 03:05:20.364681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:05:28.366099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:05:44.369059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:06:16.375153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:12:20.382519 3.000137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 03:12:27.388091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:12:35.390057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:12:51.392922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:13:23.399110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:16:08.937555 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 03:16:08.937750 0.039950 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:08.978243 0.061631 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:09.040338 0.067445 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:09.108277 0.069499 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:09.178206 0.036035 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:09.214634 0.078781 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:09.293873 0.147524 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:09.441856 0.049782 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:09.492080 0.415883 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:09.908319 0.169090 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:10.077844 0.354686 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:10.432980 0.086324 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:10.519772 0.209125 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:10.729328 0.145316 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:10.875076 0.058013 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:10.933509 0.084087 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 593 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:11.018127 0.405862 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:11.424456 0.156466 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:11.581399 0.168111 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:11.750018 0.126301 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:11.876800 0.155028 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:12.032200 0.049164 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:12.081710 0.146926 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:12.229146 0.058438 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:12.287996 0.038010 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:12.326460 0.178728 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:12.505559 0.157740 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:16:12.663706 0.184087 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:19:27.405569 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 03:19:34.412565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:19:42.413946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:19:58.416913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:20:30.423003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:26:34.428915 3.001594 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 03:26:41.436564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:26:49.437721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:27:05.441283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:27:37.446912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:33:41.454658 3.000061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 03:33:48.460771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:33:56.461704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:34:06.867329 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 03:34:06.867454 2.395396 tcp 10.0.2.109 49483 -> 27.251.231.18 9791 FSPA* 0 0 15 1652 flow=From-Botnet-V1-TCP-Established 1970/01/31 03:34:12.464790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:34:44.470839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:40:48.477289 3.001299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 03:40:55.484226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:41:03.485863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:41:19.489181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:41:51.495021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:46:13.642091 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 03:46:13.642305 0.039738 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:13.682436 0.061131 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:13.743948 0.067412 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:13.811760 0.065806 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:13.878225 0.039408 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:13.918137 0.073294 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:13.991858 0.144176 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:14.136504 0.049827 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:14.186753 0.412424 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:14.599556 0.086532 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:14.686590 0.208848 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:14.895855 0.144040 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:15.040290 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 03:46:30.257533 0.052969 tcp 10.0.2.109 49484 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/31 03:46:30.310788 0.053951 tcp 10.0.2.109 49485 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/31 03:46:30.364987 0.158422 tcp 10.0.2.109 49486 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/01/31 03:46:30.524073 0.329997 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:30.854529 0.059014 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:30.919009 0.080941 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:31.000380 0.406326 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:31.407175 0.156521 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:31.564155 0.166619 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:31.731258 0.114272 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:31.845961 0.146362 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:31.992689 0.058059 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:32.051130 0.032981 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:32.084497 0.184919 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:32.269875 0.156543 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:32.426804 0.141868 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:32.569250 0.173234 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:46:32.742937 0.049140 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/31 03:47:55.500342 3.002408 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 03:48:02.508661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:48:10.509655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:48:26.512955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:48:58.519110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:55:34.530578 3.002024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 03:55:41.538603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:55:49.539843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:56:05.542510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 03:56:37.549622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:02:43.558331 3.000923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 04:02:50.564619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:02:58.566466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:03:14.569542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:03:46.575825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:04:09.268511 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 04:04:09.268623 1.977186 tcp 10.0.2.109 49487 -> 27.251.231.18 9791 FSPA* 0 0 15 1657 flow=From-Botnet-V1-TCP-Established 1970/01/31 04:09:50.581940 3.001491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 04:09:57.589164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:10:05.590745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:10:21.593579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:10:53.599610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:16:52.005260 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 04:16:52.005369 0.166215 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:52.171995 0.088745 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:52.261247 0.055880 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:52.317575 0.039944 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:52.357967 0.065610 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:52.424089 0.035080 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:52.459659 0.049095 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:52.509257 0.420603 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:52.930369 0.088270 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:53.019087 0.209852 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:53.229422 0.141423 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:53.371284 0.083684 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:53.455435 0.143092 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:53.599005 0.334166 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:53.933614 0.062038 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:53.996145 0.082328 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:54.078887 0.451328 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:54.530621 0.156388 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:54.687442 0.170166 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:54.858346 0.138622 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:54.997412 0.040476 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:55.038434 0.181685 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:55.220513 0.153069 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:55.374231 0.137158 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:55.511920 0.156032 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:55.668338 0.049307 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:55.718150 0.149726 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:55.868301 0.058897 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:16:57.604789 3.002440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 04:17:04.612950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:17:12.614500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:17:28.617669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:18:00.623332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:24:04.629625 3.001643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 04:24:11.636709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:24:19.638501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:24:35.641773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:25:07.647695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:31:11.653803 3.000897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 04:31:18.660706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:31:26.662648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:31:42.665313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:32:14.671614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:34:11.249797 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 04:34:11.249907 1.811019 tcp 10.0.2.109 49488 -> 27.251.231.18 9791 FSPA* 0 0 12 1431 flow=From-Botnet-V1-TCP-Established 1970/01/31 04:38:18.677232 3.001921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 04:38:25.685110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:38:33.686886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:38:49.689376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:39:27.674996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:45:26.567885 2.961187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 04:45:39.633129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:45:47.527638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:46:03.309752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:46:37.693146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:47:34.028734 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 04:47:34.028860 0.169097 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.198471 0.065828 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.264730 0.065587 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.330749 0.044366 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.375555 0.059518 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.435482 0.042594 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.478551 0.048901 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.527878 0.209306 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.737625 0.148602 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.886648 0.081530 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:34.968607 0.143108 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:35.112171 0.421409 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:35.534028 0.087247 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:35.621740 0.397471 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:36.019677 0.064920 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:36.085002 0.076575 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:36.162045 0.449901 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:36.612366 0.156852 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:36.769622 0.232290 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:37.002563 0.126532 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:37.129471 0.034640 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:37.164595 0.182431 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:37.347439 0.154812 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:37.502707 0.049210 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:37.552320 0.144911 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:37.697657 0.058167 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:37.756208 0.137097 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:47:37.893734 0.163639 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/31 04:54:22.185232 2.966137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 04:54:29.097056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:54:37.097283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:54:52.879897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 04:55:24.424358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:01:48.805544 3.000428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 05:01:55.812624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:02:03.813800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:02:19.816771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:02:51.822704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:04:13.060196 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 05:04:13.060316 1.837261 tcp 10.0.2.109 49489 -> 27.251.231.18 9791 FSPA* 0 0 15 1637 flow=From-Botnet-V1-TCP-Established 1970/01/31 05:09:01.838472 3.000546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 05:09:08.845220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:09:16.846259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:09:32.849527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:10:04.855660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:16:13.868254 3.002456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 05:16:20.876080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:16:28.887758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:16:44.890930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:17:16.898488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:17:55.312435 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 05:17:55.312561 0.163722 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:55.476679 0.065699 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:55.542746 0.064687 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:55.607945 0.039997 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:55.648294 0.059578 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:55.708340 0.035116 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:55.743821 0.049762 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:55.793985 0.208856 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:56.003228 0.148208 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:56.151869 0.075229 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:56.227514 0.145427 udp 10.0.2.109 3683 <-> 65.93.169.77 6066 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:56.373427 0.468136 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:56.841972 0.089037 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:56.967201 0.355819 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:57.323446 0.062598 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:57.386454 0.159129 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:57.545925 0.168055 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:57.714508 0.082994 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:57.797838 0.409165 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:58.207487 0.126634 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:58.334517 0.034441 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:58.369336 0.178788 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:58.548480 0.155180 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:58.704086 0.049042 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:58.753524 0.146513 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:58.900461 0.060339 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:58.961169 0.146025 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:17:59.107600 0.158061 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:23:23.906668 3.011802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 05:23:30.924086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:23:38.925708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:23:54.928942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:24:26.935185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:30:30.942594 3.000280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 05:30:37.948944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:30:45.950413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:31:01.953514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:31:33.958919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:34:14.901023 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 05:34:14.901199 1.921071 tcp 10.0.2.109 49490 -> 27.251.231.18 9791 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/01/31 05:37:37.970589 2.995807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 05:37:44.973665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:37:52.974753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:38:08.976922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:38:40.982959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:44:44.989869 3.001038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 05:44:51.996092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:44:59.997939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:45:16.004006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:45:48.008092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:48:06.847070 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 05:48:06.847157 0.167597 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:07.015114 0.067799 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:07.083311 0.068180 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:07.151861 0.044262 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:07.196496 0.059790 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:07.256667 0.042838 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:07.299906 0.049877 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:07.350327 0.210282 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:07.561034 0.000000 udp 10.0.2.109 3683 -> 65.93.169.77 6066 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 05:48:23.783396 0.053092 tcp 10.0.2.109 49491 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 05:48:23.836760 0.066291 tcp 10.0.2.109 49492 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 05:48:23.903405 0.138457 tcp 10.0.2.109 49493 -> 195.113.214.211 443 SRPA* 0 0 35 27163 flow=From-Botnet-V1-TCP-Established 1970/01/31 05:48:24.042538 0.418029 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:24.460973 0.088568 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:24.549928 0.144288 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:24.694594 0.073066 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:24.768050 0.351207 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:25.119704 0.057379 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:25.177446 0.155464 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:25.333448 0.166880 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:25.500732 0.082916 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:25.584000 0.408192 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:25.992565 0.114298 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:26.107236 0.048817 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:26.156435 0.179275 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:26.336137 0.156011 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:26.492535 0.049391 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:26.542322 0.194881 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:26.737586 0.154714 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:26.892685 0.146804 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:48:27.039845 0.058876 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/31 05:54:01.017822 3.005410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 05:54:08.027436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:54:16.027478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:54:32.030516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 05:55:04.036931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:01:12.049235 3.000388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 06:01:19.055754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:01:27.057270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:01:43.060467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:02:15.066404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:04:16.821740 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 06:04:16.821910 2.057770 tcp 10.0.2.109 49494 -> 27.251.231.18 9791 FSPA* 0 0 15 1567 flow=From-Botnet-V1-TCP-Established 1970/01/31 06:08:28.078553 2.998765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 06:08:35.082572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:08:43.084190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:08:59.087079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:09:31.093267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:15:35.098515 3.004525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 06:15:42.106566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:15:50.107800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:16:06.111116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:16:38.116977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:18:31.029602 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 06:18:31.029754 0.000000 udp 10.0.2.109 3683 -> 65.93.169.77 6066 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 06:18:49.127515 0.083504 tcp 10.0.2.109 49495 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 06:18:49.211354 0.052307 tcp 10.0.2.109 49496 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 06:18:49.264015 0.132326 tcp 10.0.2.109 49497 -> 195.113.214.211 443 SRPA* 0 0 33 24931 flow=From-Botnet-V1-TCP-Established 1970/01/31 06:18:49.396887 0.067271 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:49.464562 0.064920 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:49.529870 0.044339 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:49.574612 0.061529 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:49.636547 0.036592 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:49.673522 0.050052 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:49.724003 0.211366 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:49.935756 0.166006 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:50.102168 0.143878 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:50.246433 0.079516 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:50.326361 0.489603 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:50.816397 0.085334 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:50.902078 0.323149 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:51.225591 0.057896 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:51.283868 0.156823 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:51.441102 0.167083 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:51.608587 0.081468 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:51.690543 0.424049 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:52.114997 0.114891 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:52.230416 0.041280 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:52.272078 0.187795 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:52.460234 0.154005 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:52.614323 0.049860 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:52.664662 0.307305 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:52.972324 0.155483 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:53.128178 0.149628 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:18:53.278311 0.060297 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:22:42.124166 3.002970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 06:22:49.138444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:22:57.132756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:23:13.135069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:23:45.140803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:29:49.150350 2.998330 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 06:29:56.155335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:30:04.155853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:30:20.158911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:30:52.164942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:34:18.883631 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 06:34:18.883777 1.994282 tcp 10.0.2.109 49498 -> 27.251.231.18 9791 FSPA* 0 0 14 1650 flow=From-Botnet-V1-TCP-Established 1970/01/31 06:36:56.170962 3.002007 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 06:37:03.178514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:37:11.179901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:37:27.182686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:37:59.189029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:44:03.195157 3.001760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 06:44:10.202650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:44:18.218304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:44:34.216886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:45:06.223018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:48:58.877820 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 06:48:58.878270 0.069718 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:58.948380 0.067858 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:59.016607 0.040041 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:59.057024 0.059190 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:59.116589 0.034400 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:59.151360 0.048833 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:59.200532 0.149395 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:59.350403 0.074964 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:59.425784 0.213208 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:59.639346 0.165623 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:48:59.805601 0.542032 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:00.348005 0.083242 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:00.431650 0.356796 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:00.788821 0.065362 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:00.854541 0.155924 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:01.010807 0.165596 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:01.176805 0.079516 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:01.256702 0.404238 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:01.661349 0.114143 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:01.775935 0.040968 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:01.817278 0.182216 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:01.999847 0.152924 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:02.153376 0.049242 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:02.203007 0.147385 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:02.350797 0.056920 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:02.408066 0.143558 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:49:02.552051 0.154454 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/31 06:53:32.235570 2.999569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 06:53:39.240642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:53:47.241829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:54:03.244925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 06:54:35.251199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:00:39.257494 3.001520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 07:00:46.264636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:00:54.266006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:01:10.269232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:01:42.275056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:04:20.883497 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 07:04:20.883642 1.990540 tcp 10.0.2.109 49499 -> 27.251.231.18 9791 FSPA* 0 0 14 1616 flow=From-Botnet-V1-TCP-Established 1970/01/31 07:07:46.281616 3.000882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 07:07:53.288605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:08:01.289949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:08:17.292674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:08:49.298835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:14:53.304864 3.001671 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 07:15:00.312617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:15:08.314943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:15:24.326708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:15:56.325788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:19:08.439367 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 07:19:08.439482 0.068230 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:08.508105 0.075082 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:08.583588 0.040190 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:08.624202 0.061002 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:08.685641 0.035451 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:08.721498 0.049623 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:08.771513 0.142976 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:08.914894 0.083202 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:08.998482 0.208777 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:09.207662 0.085561 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:09.293638 0.357846 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:09.651945 0.170389 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:09.822697 0.419944 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:10.243072 0.145194 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:10.388671 0.157271 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:10.546343 0.165530 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:10.712249 0.080463 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:10.793104 0.405680 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:11.199166 0.114458 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:11.314032 0.151830 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:11.466375 0.049154 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:11.515909 0.144765 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:11.661047 0.059435 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:11.720837 0.136138 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:11.857329 0.170321 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:12.028006 0.035191 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:19:12.063585 0.187395 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:22:00.328932 3.002761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 07:22:07.339230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:22:15.337899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:22:31.340707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:23:03.347107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:29:07.353264 3.001442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 07:29:14.360156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:29:22.361713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:29:38.364794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:30:10.371193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:34:22.875487 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 07:34:22.875633 2.254509 tcp 10.0.2.109 49500 -> 27.251.231.18 9791 FSPA* 0 0 14 1637 flow=From-Botnet-V1-TCP-Established 1970/01/31 07:36:14.376731 3.002821 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 07:36:21.393187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:36:29.385893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:36:45.388907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:37:17.394771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:43:21.401946 3.003317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 07:43:28.407779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:43:36.409667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:43:52.412838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:44:24.418965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:49:34.364705 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 07:49:34.364805 0.066788 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:34.432028 0.058392 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:34.490805 0.040192 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:34.531403 0.061493 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:34.593312 0.037897 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:34.631672 0.050686 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:34.682715 0.209670 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:34.892831 0.086119 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:34.979350 0.391804 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:35.371516 0.148994 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:35.520887 0.074559 rtcp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:35.595821 0.171721 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:35.767923 0.421689 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:36.190079 0.055653 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:36.246241 0.158278 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:36.404933 0.167416 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:36.572713 0.084114 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:36.657203 0.318969 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:36.976522 0.126644 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:37.103527 0.152370 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:37.256299 0.048936 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:37.305632 0.147225 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:37.453280 0.056997 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:37.510617 0.035669 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:37.546661 0.182333 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:37.729515 0.137454 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:49:37.867357 0.156443 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/31 07:50:28.424415 3.002269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 07:50:35.439385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:50:43.435363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:50:59.436786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:51:31.448466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:57:35.448789 3.001684 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 07:57:42.456646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:57:50.457655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:58:06.461012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 07:58:38.466937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:04:25.135550 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 08:04:25.135726 2.088096 tcp 10.0.2.109 49501 -> 27.251.231.18 9791 FSPA* 0 0 15 1710 flow=From-Botnet-V1-TCP-Established 1970/01/31 08:04:46.477980 3.002851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 08:04:53.485847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:05:01.487575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:05:17.490549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:05:49.496778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:11:53.508852 2.999563 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 08:12:00.509679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:12:08.511492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:12:24.514672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:12:56.520397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:19:00.528431 3.099828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 08:19:07.607358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:19:15.545581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:19:31.549453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:19:50.045301 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 08:19:50.045390 0.040175 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:50.085985 0.061082 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:50.147419 0.053562 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:50.201370 0.050945 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:50.252689 0.067250 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:50.320600 0.066213 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:50.387262 0.209833 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:50.597513 0.089934 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:50.688402 0.327621 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:51.016474 0.240718 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:51.257556 0.150666 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:51.408651 0.167077 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:51.595107 0.418650 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:52.014250 0.057336 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:52.071952 0.157417 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:52.229714 0.167546 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:52.397676 0.079333 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:52.477459 0.310248 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:52.788083 0.145060 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:52.933534 0.150685 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:53.084631 0.049055 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:53.134073 0.144836 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:53.279345 0.060932 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:53.340649 0.035816 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:53.376956 0.183531 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:53.560957 0.146738 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:19:53.708052 0.154312 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:20:03.553800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:26:07.561177 3.000761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 08:26:14.567663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:26:22.569332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:26:38.572364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:27:10.578380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:33:14.584614 3.001103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 08:33:21.591653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:33:29.593008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:33:45.596182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:34:17.602520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:34:27.226463 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 08:34:27.226720 2.000633 tcp 10.0.2.109 49502 -> 27.251.231.18 9791 FSPA* 0 0 15 1597 flow=From-Botnet-V1-TCP-Established 1970/01/31 08:40:21.608637 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 08:40:28.615597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:40:36.617269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:40:52.620146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:41:24.627270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:47:28.632941 3.000994 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 08:47:35.639615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:47:43.641031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:47:59.644379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:48:31.650475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:50:13.487424 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 08:50:13.487602 0.044517 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:13.532467 0.062538 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:13.595447 0.052787 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:13.648626 0.050119 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:13.699110 0.066215 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:13.765733 0.064046 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:13.830625 0.215695 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:14.046870 0.087381 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:14.134658 0.078631 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:14.213705 0.164655 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:14.378816 0.349084 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:14.728341 0.151298 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:14.880039 0.420376 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:15.300813 0.059848 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:15.361085 0.157502 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:15.518957 0.230697 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:15.750306 0.077872 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:15.828573 0.309013 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:16.138057 0.114044 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:16.252511 0.153922 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:16.406839 0.048861 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:16.456110 0.145526 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:16.602252 0.052415 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:16.655114 0.036969 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:16.692485 0.179753 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:16.872698 0.136489 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:50:17.009556 0.155747 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/31 08:55:19.659626 3.001696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 08:55:26.666853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:55:34.668480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:55:50.671550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 08:56:22.677359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:02:39.692315 3.001314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 09:02:46.699571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:02:54.700963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:03:10.703888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:03:42.710142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:04:29.227402 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 09:04:29.227541 2.103955 tcp 10.0.2.109 49503 -> 27.251.231.18 9791 FSPA* 0 0 15 1559 flow=From-Botnet-V1-TCP-Established 1970/01/31 09:09:46.716196 3.001626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 09:09:53.723512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:10:01.725134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:10:17.728128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:10:49.734435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:16:53.740409 3.001296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 09:17:00.747449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:17:08.748863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:17:24.752121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:17:56.777801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:20:19.323465 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 09:20:19.323625 0.054537 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:19.378586 0.049623 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:19.428595 0.065924 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:19.494960 0.044262 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:19.539681 0.064718 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:19.604835 0.061855 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:19.667096 0.210641 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:19.878333 0.086970 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:19.965753 0.073969 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:20.040137 0.166491 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:20.207010 0.323683 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:20.531105 0.149279 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:20.680730 0.414735 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:21.095877 0.059479 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:21.155841 0.157380 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:21.313614 0.167470 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:21.481460 0.080010 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:21.561817 0.307213 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:21.869373 0.127136 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:21.996887 0.155053 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:22.152332 0.050164 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:22.202951 0.144095 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:22.347457 0.054990 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:22.402876 0.042055 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:22.445350 0.153862 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:22.599672 0.179854 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:20:22.779942 0.144439 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:24:00.784090 3.001644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 09:24:07.791255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:24:15.792968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:24:31.795877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:25:03.802703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:31:07.808901 3.000688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 09:31:14.814917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:31:22.817065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:31:38.819667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:32:10.826006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:34:31.338245 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 09:34:31.338392 1.989737 tcp 10.0.2.109 49504 -> 27.251.231.18 9791 FSPA* 0 0 15 1784 flow=From-Botnet-V1-TCP-Established 1970/01/31 09:38:14.831896 3.001599 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 09:38:21.839369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:38:29.841049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:38:45.843486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:39:17.849934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:45:21.855576 3.002172 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 09:45:28.863064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:45:36.864660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:45:52.867840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:46:24.874006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:50:43.065405 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 09:50:43.065541 0.067648 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.133576 0.044785 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.178733 0.057831 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.236990 0.066220 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.303660 0.051076 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.355201 0.049739 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.405393 0.209339 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.615145 0.087887 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.703469 0.079746 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.783616 0.162847 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:43.947320 0.328762 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:44.276476 0.148297 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:44.425191 0.412535 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:44.838352 0.061141 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:44.899865 0.157982 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:45.058334 0.166271 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:45.225021 0.078496 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:45.303967 0.308005 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:45.612359 0.126562 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:45.739332 0.153502 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:45.893243 0.049323 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:45.942979 0.142069 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:46.085451 0.058541 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:46.144391 0.046744 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:46.191558 0.154586 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:46.346557 0.183164 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:50:46.530359 0.139710 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/01/31 09:54:17.885869 3.002597 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 09:54:24.894273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:54:32.895069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:54:48.898854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 09:55:20.904835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:01:46.921837 3.001559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 10:01:53.929712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:02:01.931365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:02:17.934657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:02:49.940320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:04:33.329433 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 10:04:33.329541 1.833108 tcp 10.0.2.109 49505 -> 27.251.231.18 9791 FSPA* 0 0 14 1646 flow=From-Botnet-V1-TCP-Established 1970/01/31 10:08:59.956185 3.000503 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 10:09:06.962228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:09:14.963698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:09:30.966823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:10:02.973004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:16:06.978581 3.001943 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 10:16:13.986523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:16:21.987842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:16:37.991026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:17:09.996551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:21:02.711657 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 10:21:02.711771 0.068921 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:02.781096 0.040239 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:02.821753 0.062863 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:02.885060 0.063400 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:02.948907 0.052545 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:03.001881 0.048639 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:03.050993 0.210126 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:03.261526 0.086901 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:03.348867 0.085826 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:03.435077 0.144316 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:03.579801 0.167442 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:03.747663 0.345399 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:04.093473 0.445020 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:04.538868 0.069189 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:04.608436 0.157089 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:04.765879 0.166900 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:04.933170 0.081085 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:05.014767 0.307291 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:05.322606 0.126492 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:05.449498 0.146471 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:05.596310 0.064432 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:05.661148 0.034256 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:05.695842 0.157403 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:05.853649 0.179524 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:06.033538 0.137315 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:06.171242 0.152133 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:21:06.323823 0.049105 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:23:14.005892 3.002497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 10:23:21.010810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:23:29.011754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:23:45.014861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:24:17.020903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:30:21.026064 3.002534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 10:30:28.033975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:30:36.035746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:30:52.038855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:31:24.044909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:34:35.170032 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 10:34:35.170206 1.804516 tcp 10.0.2.109 49506 -> 27.251.231.18 9791 FSPA* 0 0 14 1663 flow=From-Botnet-V1-TCP-Established 1970/01/31 10:37:28.050020 3.002169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 10:37:35.058390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:37:43.059617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:37:59.062849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:38:31.068700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:44:35.081609 2.994979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 10:44:42.082584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:44:50.084918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:45:06.086355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:45:38.092857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:51:21.056086 0.000134 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 10:51:21.056347 0.066434 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.123216 0.040411 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.164057 0.062980 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.227418 0.071422 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.299298 0.041593 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.341333 0.050836 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.392540 0.212796 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.605806 0.086570 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.692721 0.112648 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.805774 0.140791 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:21.946978 0.168118 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:22.115500 0.391912 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:22.507887 0.416548 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:22.924846 0.060742 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:22.985971 0.157674 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:23.144039 0.165309 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:23.309749 0.573082 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:23.883261 0.306177 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:24.189826 0.114932 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:24.305146 0.148202 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:24.453724 0.062007 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:24.516130 0.038039 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:24.554596 0.136619 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:24.691602 0.154141 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:24.846263 0.049176 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:24.895830 0.156503 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:51:25.052727 0.182354 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/31 10:53:55.100533 3.001159 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 10:54:02.107328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:54:10.108850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:54:26.111961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 10:54:58.117703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:01:02.124028 3.001454 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 11:01:09.131208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:01:17.132640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:01:33.135633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:02:05.141924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:04:36.980540 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 11:04:36.980647 1.841035 tcp 10.0.2.109 49507 -> 27.251.231.18 9791 FSPA* 0 0 15 1644 flow=From-Botnet-V1-TCP-Established 1970/01/31 11:08:16.149291 3.000309 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 11:08:23.155448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:08:31.156934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:08:47.159949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:09:19.165957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:15:23.172284 3.001140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 11:15:30.179217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:15:38.181016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:15:54.183701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:16:26.192798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:21:34.623575 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 11:21:34.623736 0.066710 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:34.690893 0.051785 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:34.743036 0.062839 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:34.806438 0.066583 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:34.873413 0.035680 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:34.909522 0.048914 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:34.958814 0.209348 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:35.168543 0.549910 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:35.718917 0.166322 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:35.885621 0.088601 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:35.974631 0.073059 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:36.048131 0.334908 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:36.383464 0.417523 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:36.801440 0.062391 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:36.864254 0.155331 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:37.019981 0.165657 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:37.186035 0.085631 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:37.272050 0.308516 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:37.580918 0.138681 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:37.719975 0.147606 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:37.867995 0.054667 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:37.923037 0.043509 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:37.966907 0.139974 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:38.107245 0.151087 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:38.258807 0.049833 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:38.309083 0.155084 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:21:38.464547 0.180463 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:22:30.195856 3.004882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 11:22:37.211387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:22:45.204795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:23:01.207850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:23:33.213711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:29:37.220506 3.000955 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 11:29:44.227093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:29:52.228968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:30:08.231962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:30:40.237671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:34:38.821333 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 11:34:38.821441 1.734739 tcp 10.0.2.109 49508 -> 27.251.231.18 9791 FSPA* 0 0 15 1773 flow=From-Botnet-V1-TCP-Established 1970/01/31 11:36:44.244567 3.001051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 11:36:51.251015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:36:59.252736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:37:15.255817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:37:47.261619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:43:51.271862 2.997464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 11:43:58.278594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:44:06.276306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:44:22.279665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:44:54.285798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:50:58.292668 3.000662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 11:51:05.299035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:51:13.300636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:51:29.303618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:51:57.774956 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 11:51:57.775156 0.062713 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:57.838353 0.065452 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:57.904179 0.044393 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:57.948958 0.073097 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:58.022484 0.053322 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:58.076217 0.050647 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:58.127303 0.212067 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:58.339742 0.148332 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:58.488506 0.098977 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:58.587920 0.317693 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:51:58.906004 0.000000 udp 10.0.2.109 3683 -> 203.45.157.34 1089 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 11:52:01.309676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:52:17.094331 0.070284 tcp 10.0.2.109 49509 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 11:52:17.164904 0.070711 tcp 10.0.2.109 49510 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 11:52:17.235958 0.166192 tcp 10.0.2.109 49511 -> 195.113.214.211 443 SRPA* 0 0 56 37339 flow=From-Botnet-V1-TCP-Established 1970/01/31 11:52:17.402893 0.165816 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:17.569087 0.089277 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:17.658789 0.060388 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:17.719640 0.157195 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:17.877256 0.166739 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:18.044443 0.081000 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:18.125909 0.308588 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:18.434895 0.114001 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:18.549293 0.047137 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:18.596878 0.149378 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:18.746723 0.153810 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:18.900962 0.049431 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:18.950772 0.156258 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:19.107381 0.182266 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:19.290247 0.144664 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:52:19.435326 0.060552 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/01/31 11:58:05.315617 3.002093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 11:58:12.323345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:58:20.324570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:58:36.327449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 11:59:08.333802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:04:40.561750 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 12:04:40.562000 1.773012 tcp 10.0.2.109 49512 -> 27.251.231.18 9791 FSPA* 0 0 15 1755 flow=From-Botnet-V1-TCP-Established 1970/01/31 12:05:22.344168 3.001434 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 12:05:29.351307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:05:37.352992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:05:53.356371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:06:25.362300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:12:29.371547 2.998129 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 12:12:36.376668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:12:44.376996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:13:00.379742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:13:32.387617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:19:36.393923 2.999929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 12:19:43.399518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:19:51.401168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:20:07.406923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:20:39.410062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:22:26.375563 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 12:22:26.375773 0.488674 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:26.864970 0.065782 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:26.931229 0.040306 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:26.971977 0.064508 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:27.036907 0.040932 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:27.078407 0.048636 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:27.127433 0.211122 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:27.339001 0.061557 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:27.400911 0.083988 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:27.485362 0.149465 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:27.635226 0.321609 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:27.957212 0.164253 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:28.121813 0.084839 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:28.207032 0.066430 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 587 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:28.273843 0.081956 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:28.356232 0.157743 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:28.514419 0.166444 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:28.681236 0.311500 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:28.993122 0.140766 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:29.134386 0.046792 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:29.181560 0.136717 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:29.318677 0.165417 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:29.484467 0.048957 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:29.533818 0.460015 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:29.994436 0.059850 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:30.054360 0.158946 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:22:30.213746 0.182912 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:26:43.415837 3.001809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 12:26:50.423407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:26:58.424650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:27:14.428077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:27:46.433949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:33:50.440241 3.001162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 12:33:57.447699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:34:05.448789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:34:21.451874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:34:42.342387 0.076331 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 12:34:42.419077 1.532120 tcp 10.0.2.109 49513 -> 27.251.231.18 9791 FSPA* 0 0 14 1625 flow=From-Botnet-V1-TCP-Established 1970/01/31 12:34:53.457696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:40:57.464028 3.001648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 12:41:04.471158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:41:12.472514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:41:28.475529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:42:00.484710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:48:04.488237 3.001285 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 12:48:11.495876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:48:19.497030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:48:35.499819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:49:07.505937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:52:56.615175 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 12:52:56.615396 0.412607 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.028384 0.066027 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.094816 0.042175 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.137345 0.063407 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.201130 0.036214 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.237731 0.049022 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.287122 0.210669 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.498339 0.064641 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.563378 0.084288 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.648002 0.143704 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:57.792066 0.378759 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:52:58.171204 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 12:53:16.255302 0.068092 tcp 10.0.2.109 49514 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 12:53:16.323682 0.068420 tcp 10.0.2.109 49515 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 12:53:16.392424 0.163509 tcp 10.0.2.109 49516 -> 195.113.214.211 443 SRPA* 0 0 42 22726 flow=From-Botnet-V1-TCP-Established 1970/01/31 12:53:16.556552 0.086681 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:16.643654 0.062836 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:16.706858 0.079002 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:16.786328 0.156379 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:16.943153 0.231586 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:17.175177 0.309105 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:17.484649 0.139058 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:17.624079 0.036638 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:17.661010 0.143736 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:17.805137 0.154072 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:17.959689 0.048905 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:18.009001 0.157858 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:18.167264 0.182635 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:18.350387 0.145669 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/01/31 12:53:18.496480 0.000000 udp 10.0.2.109 3683 -> 31.54.106.160 5838 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 12:53:35.143980 0.067744 tcp 10.0.2.109 49517 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 12:53:35.211997 0.068392 tcp 10.0.2.109 49518 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 12:53:35.280685 0.174205 tcp 10.0.2.109 49519 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/31 12:55:41.515472 3.000906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/31 12:55:48.522535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:55:56.523636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:56:12.526966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 12:56:44.533023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:02:48.539184 3.001296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 13:02:55.546136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:03:03.548197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:03:19.550770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:03:51.556585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:04:43.902854 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 13:04:43.903042 1.719116 tcp 10.0.2.109 49520 -> 27.251.231.18 9791 FSPA* 0 0 15 1781 flow=From-Botnet-V1-TCP-Established 1970/01/31 13:09:55.562942 3.001784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 13:10:02.570047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:10:10.571387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:10:26.574333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:10:58.580582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:17:02.587133 3.001515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 13:17:09.594232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:17:17.595832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:17:33.598558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:18:05.604930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:23:40.727028 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 13:23:40.727193 0.165650 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:40.893285 0.000000 udp 10.0.2.109 3683 -> 31.54.106.160 5838 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 13:23:58.264078 0.045935 tcp 10.0.2.109 49521 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 13:23:58.310381 0.045016 tcp 10.0.2.109 49522 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 13:23:58.355718 0.129839 tcp 10.0.2.109 49523 -> 195.113.214.211 443 SRPA* 0 0 34 26251 flow=From-Botnet-V1-TCP-Established 1970/01/31 13:23:58.486185 0.062549 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:58.549219 0.034845 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:58.584456 0.064978 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:58.649854 0.212399 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:58.862728 0.062403 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:58.925598 0.417931 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:59.343949 0.050908 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:59.395247 0.039994 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:59.435638 0.077951 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:59.513947 0.353811 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:23:59.868201 0.146698 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:00.015351 0.088039 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:00.103794 0.235650 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:00.339853 0.056426 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:00.396679 0.157072 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:00.554151 0.167182 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:00.721732 0.311737 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:01.033923 0.048599 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:01.082870 0.143572 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:01.226788 0.156041 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:01.383248 0.049011 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:01.432653 0.156013 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:01.589076 0.114335 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:01.703789 0.179686 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:01.883871 0.144694 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:24:09.611273 3.002669 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 13:24:16.618329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:24:24.622975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:24:40.622612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:25:12.628528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:31:16.634696 3.001658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 13:31:23.642091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:31:31.644408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:31:47.646392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:32:19.652525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:34:45.623031 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 13:34:45.623161 1.721536 tcp 10.0.2.109 49524 -> 27.251.231.18 9791 FSPA* 0 0 14 1557 flow=From-Botnet-V1-TCP-Established 1970/01/31 13:38:23.658389 3.001860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 13:38:30.665967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:38:38.667554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:38:54.669989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:39:26.676462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:45:30.681721 3.002461 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 13:45:37.689989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:45:45.692828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:46:01.694622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:46:33.700788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:54:09.436013 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 13:54:09.436179 0.169079 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:09.605675 0.064699 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:09.670816 0.061898 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:09.733131 0.670020 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:10.403564 0.209570 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:10.613542 0.059465 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:10.673424 0.417369 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:11.091152 0.049610 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:11.141180 0.045144 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:11.186737 0.080194 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:11.267368 0.319725 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:11.587467 0.146168 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:11.734039 0.088800 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:11.823211 0.077157 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:11.900779 0.060881 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:11.962059 0.156869 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:12.119308 0.168036 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:12.287785 0.309756 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:12.598115 0.033208 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:12.598669 3.005361 tcp 10.0.2.109 49525 -> 175.195.224.65 4091 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 13:54:12.631793 0.144385 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:12.776652 0.154510 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:12.931589 0.048699 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:12.980733 0.161925 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:13.143090 0.114194 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:13.257668 0.185247 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:13.443361 0.144641 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/31 13:54:21.603076 0.000000 tcp 10.0.2.109 49525 -> 175.195.224.65 4091 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 13:54:24.710549 3.000978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 13:54:31.717792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:54:39.719705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:54:55.722801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 13:55:27.728814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:01:53.747081 3.007423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 14:02:00.754150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:02:08.755213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:02:24.758062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:02:56.763455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:04:47.343436 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 14:04:47.343612 1.513175 tcp 10.0.2.109 49526 -> 27.251.231.18 9791 FSPA* 0 0 14 1531 flow=From-Botnet-V1-TCP-Established 1970/01/31 14:09:07.770276 3.001666 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 14:09:14.776876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:09:22.779100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:09:38.781923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:10:10.788026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:16:14.793450 3.002278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 14:16:21.801349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:16:29.802605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:16:45.805852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:17:17.812139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:23:21.822720 3.005609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 14:23:28.825404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:23:36.833146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:23:52.829982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:24:19.208093 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 14:24:19.208323 0.062786 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:19.271518 0.163822 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:19.435739 0.070961 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:19.507148 0.035258 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:19.507521 3.005151 tcp 10.0.2.109 49527 -> 81.151.175.204 7327 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 14:24:19.542761 0.211510 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:19.754706 0.059939 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:19.815015 0.042895 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:19.858293 0.078474 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:19.937189 0.417109 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:20.354722 0.049276 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:20.404414 0.330534 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:20.735374 0.146754 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:20.882586 0.086674 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:20.969708 0.078839 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:21.048961 0.056705 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:21.106100 0.154462 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:21.260887 0.047932 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:21.309169 0.134915 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:21.444466 0.166461 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:21.611315 0.308845 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:21.920527 0.153130 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:22.074213 0.049318 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:22.123959 0.174514 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:22.298927 0.114447 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:22.413834 0.183034 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:22.597211 0.145530 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:24:24.835820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:24:28.511322 0.000000 tcp 10.0.2.109 49527 -> 81.151.175.204 7327 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 14:30:28.842287 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 14:30:35.849523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:30:43.850957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:30:59.853418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:31:31.859806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:34:48.863162 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 14:34:48.863437 1.498700 tcp 10.0.2.109 49528 -> 27.251.231.18 9791 FSPA* 0 0 14 1701 flow=From-Botnet-V1-TCP-Established 1970/01/31 14:37:35.866280 3.001630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 14:37:42.873278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:37:50.874759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:38:06.878274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:38:38.883759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:44:42.890157 3.001629 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 14:44:49.899469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:44:57.898719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:45:13.901635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:45:45.907882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:54:02.915057 3.001749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 14:54:09.922563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:54:17.924040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:54:33.927013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 14:54:37.833010 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 14:54:37.833089 0.062262 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:37.895798 0.164803 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:38.061065 0.063361 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:38.124968 0.036167 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:38.125475 3.002193 tcp 10.0.2.109 49529 -> 81.151.175.204 7327 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 14:54:38.161569 0.209880 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:38.371889 0.065881 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:38.438181 0.433760 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:38.872373 0.048754 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:38.921549 0.357435 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:39.279386 0.045261 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:39.325109 0.112306 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:39.437822 0.143610 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:39.581813 0.085321 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:39.667502 0.075048 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:39.742889 0.059727 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:39.803028 0.156981 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:39.960432 0.043451 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:40.004279 0.136074 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:40.140782 0.166888 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:40.308093 0.049012 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:40.357510 0.167865 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:40.525776 0.126481 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:40.652613 0.182622 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:40.835613 0.147614 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:40.983603 0.307285 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:41.291271 0.153275 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/01/31 14:54:47.135889 0.000000 tcp 10.0.2.109 49529 -> 81.151.175.204 7327 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 14:55:05.933306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:01:09.938059 3.002930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 15:01:16.946904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:01:24.948354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:01:40.951091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:02:12.956982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:04:50.363989 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 15:04:50.364172 1.717297 tcp 10.0.2.109 49530 -> 27.251.231.18 9791 FSPA* 0 0 14 1506 flow=From-Botnet-V1-TCP-Established 1970/01/31 15:08:23.964011 3.000939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 15:08:30.970471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:08:38.972538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:08:54.975296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:09:26.981239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:15:30.991686 2.997493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 15:15:37.999435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:15:45.995573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:16:01.999036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:16:34.005143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:22:38.011129 3.005437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 15:22:45.018657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:22:53.020154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:23:09.023063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:23:41.029041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:25:09.266176 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 15:25:09.266330 0.058800 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:09.325557 0.169615 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:09.495691 0.063850 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:09.496205 2.994278 tcp 10.0.2.109 49531 -> 142.161.36.205 3707 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 15:25:09.559908 0.036039 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:09.596316 0.210737 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:09.807514 0.058941 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:09.866864 0.322760 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:10.190048 0.416393 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:10.606876 0.219296 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:10.826514 0.452123 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:11.279079 0.180827 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:11.460278 0.144650 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:11.605349 0.083773 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:11.689598 0.076755 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:11.766725 0.061391 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:11.828567 0.156775 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:11.985737 0.198301 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:12.184394 0.049339 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:12.234194 0.169775 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:12.404382 0.047733 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:12.452515 0.144979 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:12.597951 0.126504 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:12.724874 0.179077 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:12.904343 0.144556 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:13.049289 0.400630 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:13.450407 0.154509 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:25:18.493711 0.000000 tcp 10.0.2.109 49531 -> 142.161.36.205 3707 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 15:29:45.045108 3.001618 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 15:29:52.052504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:30:00.053845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:30:16.057019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:30:48.062897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:34:52.084176 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 15:34:52.084362 1.697388 tcp 10.0.2.109 49532 -> 27.251.231.18 9791 FSPA* 0 0 14 1677 flow=From-Botnet-V1-TCP-Established 1970/01/31 15:36:52.069517 3.001080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 15:36:59.075852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:37:07.077811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:37:23.080988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:37:55.086918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:43:59.093453 3.001051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 15:44:06.100708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:44:14.101663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:44:30.104438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:45:02.115969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:53:28.121706 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 15:53:35.129141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:53:43.130698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:53:59.133009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:54:31.140564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 15:55:15.443019 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 15:55:15.443172 0.058563 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:15.502183 0.162497 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:15.665127 0.063690 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:15.665513 3.002205 tcp 10.0.2.109 49533 -> 142.161.36.205 3707 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 15:55:15.729268 0.036149 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:15.765807 0.211124 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:15.977343 0.428296 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:16.406041 0.049746 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:16.456203 0.060226 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:16.516822 0.328750 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:16.845987 0.040378 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:16.886768 0.096179 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:16.983319 0.148668 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:17.132332 0.087461 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:17.220192 0.073549 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:17.294147 0.058826 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:17.353354 0.157342 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:17.511101 0.168220 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:17.679692 0.048935 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:17.729001 0.185089 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:17.914475 0.048006 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:17.963002 0.145089 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:18.108548 0.115724 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:18.224685 0.401223 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:18.626335 0.155369 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:18.782139 0.180164 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:18.962764 0.147470 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/01/31 15:55:24.676110 0.000000 tcp 10.0.2.109 49533 -> 142.161.36.205 3707 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 16:00:35.146531 3.000505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 16:00:42.152729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:00:50.153505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:01:06.157086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:01:38.163094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:04:53.784982 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 16:04:53.785149 1.785521 tcp 10.0.2.109 49534 -> 27.251.231.18 9791 FSPA* 0 0 14 1501 flow=From-Botnet-V1-TCP-Established 1970/01/31 16:07:42.169132 3.002176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 16:07:49.176587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:07:57.177853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:08:13.180985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:08:45.186947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:14:49.199222 2.997110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 16:14:56.206365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:15:04.201809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:15:20.210618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:15:52.210873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:21:56.216985 3.001637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 16:22:03.224474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:22:11.226318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:22:27.228927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:22:59.239515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:25:31.994275 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 16:25:31.994460 0.062864 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:32.057765 0.376916 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:32.058294 3.000601 tcp 10.0.2.109 49535 -> 81.151.175.204 7327 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 16:25:32.435130 0.059126 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:32.494741 0.168265 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:32.663379 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 16:25:41.057566 0.000000 tcp 10.0.2.109 49535 -> 81.151.175.204 7327 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 16:25:49.291236 0.062582 tcp 10.0.2.109 49536 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 16:25:49.354161 0.059911 tcp 10.0.2.109 49537 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 16:25:49.414457 0.150833 tcp 10.0.2.109 49538 -> 195.113.214.211 443 SRPA* 0 0 40 32780 flow=From-Botnet-V1-TCP-Established 1970/01/31 16:25:49.565821 0.410161 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:49.976365 0.050695 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:50.027465 0.040271 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:50.068120 0.076549 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:50.145048 0.144292 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:50.289712 0.062049 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:50.352208 0.321367 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:50.673978 0.079623 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:50.754022 0.078413 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:50.832798 0.055379 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:50.888626 0.155457 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:51.044488 0.166950 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:51.211795 0.049073 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:51.261229 0.138183 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:51.399784 0.114366 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:51.514537 0.175835 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:51.690760 0.036674 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:51.727801 0.191564 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:51.919717 0.144121 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:52.064179 0.396557 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:25:52.461106 0.153224 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:29:03.241164 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 16:29:10.247837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:29:18.249637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:29:34.252852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:30:06.259011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:34:55.575176 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 16:34:55.575341 1.805362 tcp 10.0.2.109 49539 -> 27.251.231.18 9791 FSPA* 0 0 14 1668 flow=From-Botnet-V1-TCP-Established 1970/01/31 16:36:10.265610 3.000871 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 16:36:17.275145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:36:25.273829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:36:41.277006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:37:13.283081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:43:17.290298 3.020585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 16:43:24.305872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:43:32.308197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:43:48.310942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:44:20.322564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:50:24.322702 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 16:50:31.330806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:50:39.332214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:50:55.334683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:51:27.340649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:55:57.219469 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 16:55:57.219567 0.209146 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:57.429210 0.173036 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:57.429609 3.004172 tcp 10.0.2.109 49540 -> 50.137.135.198 6430 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 16:55:57.602676 0.078485 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:57.681568 0.065780 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:57.747781 0.063128 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:57.811352 0.412169 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:58.223916 0.049871 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:58.274201 0.049606 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:58.324152 0.141356 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:58.465939 0.146240 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:58.612597 0.059073 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:58.672060 0.318652 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:58.991128 0.089905 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:59.081447 0.080211 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:59.162059 0.055769 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:59.218261 0.154907 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:59.373580 0.234823 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:59.608819 0.049566 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:59.658743 0.144955 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:59.804089 0.114305 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:55:59.918787 0.168223 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:56:00.087430 0.032786 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:56:00.120647 0.340507 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:56:00.461561 0.154590 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:56:00.616568 0.188531 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:56:00.805530 0.145253 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/31 16:56:06.432994 0.000000 tcp 10.0.2.109 49540 -> 50.137.135.198 6430 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 16:57:31.346464 3.002142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 16:57:38.354523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:57:46.355464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:58:02.360649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 16:58:34.365060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:04:43.378477 3.001114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 17:04:50.385233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:04:57.385758 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 17:04:57.385913 1.740765 tcp 10.0.2.109 49541 -> 27.251.231.18 9791 FSPA* 0 0 14 1652 flow=From-Botnet-V1-TCP-Established 1970/01/31 17:04:58.386941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:05:14.389751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:05:46.395773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:11:50.401839 3.001829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 17:11:57.409448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:12:05.410992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:12:21.415108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:12:53.419854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:18:57.426034 3.001502 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 17:19:04.433302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:19:12.434750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:19:28.438071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:20:00.443655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:26:01.513346 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 17:26:01.513534 0.034513 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:01.548559 0.211306 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:01.549056 4.995868 tcp 10.0.2.109 49542 -> 77.23.25.163 5353 SPA_* 0 0 611 336205 flow=From-Botnet-V1-TCP-Established 1970/01/31 17:26:01.760248 0.177728 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:01.938589 0.065711 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:02.005069 0.064627 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:02.070244 0.412437 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:02.483082 0.049752 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:02.533193 0.045275 rtcp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:02.578793 0.060495 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:02.639685 0.370994 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:03.011105 0.085557 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 197 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:03.097062 0.146041 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:03.243482 0.089881 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:03.333758 0.079308 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:03.413440 0.058209 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:03.472036 0.154822 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:03.627272 0.167631 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:03.795286 0.049078 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:03.844766 0.224489 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:04.069680 0.041362 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:04.111488 0.137142 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:04.249012 0.114272 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:04.363718 0.179589 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:04.450348 3.001343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 17:26:04.543717 0.146373 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:04.690548 0.311346 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:05.002349 0.161370 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:26:06.565920 4.995023 tcp 10.0.2.109 49542 -> 77.23.25.163 5353 A_PA 0 0 576 326016 flow=From-Botnet-V1-TCP-Established 1970/01/31 17:26:11.457281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:26:11.583870 0.340468 tcp 10.0.2.109 49542 -> 77.23.25.163 5353 FPA_* 0 0 11 2304 flow=From-Botnet-V1-TCP-Established 1970/01/31 17:26:19.458924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:26:35.461626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:27:07.467864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:33:11.474378 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 17:33:18.481277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:33:26.482841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:33:42.493921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:34:14.491627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:34:59.126384 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 17:34:59.126583 1.816945 tcp 10.0.2.109 49543 -> 27.251.231.18 9791 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/01/31 17:40:18.497383 3.002147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 17:40:25.505085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:40:33.506879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:40:49.509858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:41:21.515981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:47:25.522527 3.000693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 17:47:32.528977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:47:40.530860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:47:56.533646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:48:28.540026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:55:20.555009 3.001740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 17:55:27.562251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:55:35.563543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:55:51.566263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:56:23.572721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 17:56:31.814760 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 17:56:31.814951 0.035963 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:31.851336 0.210505 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:32.062322 0.190782 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:32.253512 0.064390 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:32.318362 0.065808 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:32.384573 0.418617 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:32.803626 0.049246 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:32.853344 0.048794 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:32.902561 0.061078 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:32.964037 0.325117 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:33.289599 0.074653 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:33.364677 0.146428 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:33.511549 0.086863 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:33.598821 0.073455 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:33.672706 0.056710 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:33.729827 0.157250 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:33.887508 0.166323 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:34.054274 0.049100 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:34.103763 0.136775 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:34.240929 0.114404 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:34.355788 0.182962 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:34.539129 0.150133 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:34.689669 0.170467 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:34.860553 0.047168 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:34.908160 0.308776 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/31 17:56:35.217296 0.153215 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:02:42.580064 3.001961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 18:02:49.587648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:02:57.589075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:03:13.591990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:03:45.598495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:05:00.947501 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 18:05:00.947594 1.661779 tcp 10.0.2.109 49544 -> 27.251.231.18 9791 FSPA* 0 0 14 1655 flow=From-Botnet-V1-TCP-Established 1970/01/31 18:09:49.604204 3.001808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 18:09:56.611651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:10:04.613009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:10:20.616164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:10:52.621982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:16:56.627532 3.002160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 18:17:03.635597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:17:11.636973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:17:27.640374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:17:59.646353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:24:03.654431 3.000306 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 18:24:10.659501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:24:18.661024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:24:34.663915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:25:06.670127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:26:49.958966 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 18:26:49.959072 0.034866 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:49.994384 0.209751 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:50.204589 0.166057 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:50.371040 0.063787 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:50.435261 0.065411 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:50.501089 0.413495 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:50.914959 0.050531 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:50.965823 0.046484 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:51.012725 0.061566 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:51.074750 0.329156 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:51.404278 0.073556 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:51.478256 0.145457 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:51.624157 0.087144 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:51.711717 0.080512 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:51.792648 0.060071 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:51.853154 0.155310 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:52.008878 0.165548 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:52.174841 0.049287 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:52.224502 0.136577 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:52.361530 0.126507 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:52.488399 0.185221 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:52.674236 0.037619 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:52.712319 0.307419 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:53.020175 0.154573 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:53.175217 0.146815 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:26:53.322558 0.168853 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:31:10.676584 3.001082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 18:31:17.683504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:31:25.685108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:31:41.687754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:32:13.694059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:35:02.617083 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 18:35:02.617187 1.726940 tcp 10.0.2.109 49545 -> 27.251.231.18 9791 FSPA* 0 0 14 1654 flow=From-Botnet-V1-TCP-Established 1970/01/31 18:38:17.700205 3.001518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 18:38:24.707471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:38:32.708901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:38:48.712071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:39:20.718469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:45:24.725108 3.000519 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 18:45:31.731454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:45:39.732345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:45:55.736100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:46:27.741965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:54:20.755195 3.001110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 18:54:27.762371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:54:35.763890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:54:51.766053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:55:23.773035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 18:57:03.747048 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 18:57:03.747259 0.164600 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:03.912294 0.063396 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:03.976149 0.061269 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:04.037870 0.034930 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:04.073202 0.236682 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:04.310318 0.412800 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:04.723527 0.050138 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:04.774132 0.044896 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:04.819467 0.059044 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:04.878938 0.339438 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:05.218780 0.085517 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:05.304714 0.146929 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:05.452062 0.086519 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:05.539340 0.077740 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:05.617527 0.053267 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:05.671190 0.157003 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:05.828611 0.166401 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:05.995422 0.048818 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:06.044623 0.139168 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:06.184205 0.126364 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:06.310998 0.183327 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:06.494781 0.034663 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:06.529897 0.141711 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:06.672004 0.169873 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:06.842293 0.306673 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/31 18:57:07.149382 0.153639 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:01:49.793350 2.998593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 19:01:56.797916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:02:04.799372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:02:20.802735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:02:52.808560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:05:04.347922 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 19:05:04.348018 1.610462 tcp 10.0.2.109 49546 -> 27.251.231.18 9791 FSPA* 0 0 14 1736 flow=From-Botnet-V1-TCP-Established 1970/01/31 19:09:03.814639 3.001182 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 19:09:10.821863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:09:18.823121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:09:34.826481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:10:06.832508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:16:10.837261 3.002880 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 19:16:17.846056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:16:25.846974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:16:41.850459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:17:13.856549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:23:17.865568 3.005409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 19:23:24.872353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:23:32.871275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:23:48.880463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:24:20.880597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:27:27.659075 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 19:27:27.659235 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 19:27:44.334684 0.064280 tcp 10.0.2.109 49547 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 19:27:44.399223 0.060739 tcp 10.0.2.109 49548 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 19:27:44.460375 0.154778 tcp 10.0.2.109 49549 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/31 19:27:44.615660 0.063464 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:44.679489 0.061385 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:44.741270 0.034412 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:44.776074 0.210214 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:44.986645 0.416038 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:45.403127 0.050368 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:45.453942 0.066077 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:45.520397 0.060910 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:45.581758 0.322897 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:45.905046 0.082306 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:45.987738 0.147898 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:46.136018 0.087198 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:46.223625 0.081863 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:46.305910 0.057218 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:46.363496 0.157460 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:46.521397 0.167066 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:46.688908 0.049285 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:46.738682 0.144967 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:46.884034 0.035558 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:46.920001 0.148165 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:47.068518 0.169026 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:47.237988 0.306853 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:47.545256 0.154918 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:47.700569 0.126504 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:27:47.827465 0.188130 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:30:24.886100 3.001972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 19:30:31.893773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:30:39.895287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:30:55.898137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:31:27.903597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:35:05.958352 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 19:35:05.958495 1.560265 tcp 10.0.2.109 49550 -> 27.251.231.18 9791 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/01/31 19:37:31.910830 3.000626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 19:37:38.917473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:37:46.919091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:38:02.922364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:38:34.928164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:44:38.933812 3.002041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 19:44:45.946283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:44:53.943589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:45:09.946414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:45:41.952430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:53:58.958603 3.002453 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 19:54:05.966749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:54:13.968948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:54:29.972272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:55:01.977298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 19:58:06.944432 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 19:58:06.944625 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 19:58:22.587326 0.064272 tcp 10.0.2.109 49551 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 19:58:22.651794 0.060381 tcp 10.0.2.109 49552 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 19:58:22.712412 0.151508 tcp 10.0.2.109 49553 -> 195.113.214.211 443 SRPA* 0 0 39 20232 flow=From-Botnet-V1-TCP-Established 1970/01/31 19:58:22.864261 0.034065 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:22.898714 0.065153 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:22.964303 0.061058 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:23.025759 0.213374 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:23.239519 0.437055 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:23.676957 0.049940 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:23.727328 0.044808 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:23.772551 0.060181 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:23.833146 0.331556 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:24.165151 0.083671 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:24.249268 0.144048 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:24.393711 0.080889 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:24.474981 0.078447 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:24.553795 0.061141 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:24.615304 0.154143 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:24.769880 0.168414 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:24.938700 0.049198 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:24.988337 0.144231 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:25.132950 0.166456 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:25.299829 0.310552 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:25.610766 0.156172 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:25.767349 0.126552 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:25.894367 0.137220 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:26.031963 0.054578 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/01/31 19:58:26.086911 0.179714 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:01:05.984527 3.000382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 20:01:12.990859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:01:20.992364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:01:36.995194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:02:09.001257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:05:07.518678 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 20:05:07.518772 1.490216 tcp 10.0.2.109 49554 -> 27.251.231.18 9791 FSPA* 0 0 14 1711 flow=From-Botnet-V1-TCP-Established 1970/01/31 20:08:20.007748 3.001214 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 20:08:27.014872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:08:35.015831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:08:51.019291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:09:23.025260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:15:27.031666 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 20:15:34.039034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:15:42.040859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:15:58.043339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:16:30.049398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:22:34.057283 3.001672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 20:22:41.062711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:22:49.069996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:23:05.067635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:23:37.073411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:28:40.081872 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 20:28:40.082035 0.063881 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:40.146540 0.210355 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:40.357364 0.034221 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:40.392031 0.063052 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:40.455472 0.419781 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:40.875650 0.049051 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:40.925122 0.044588 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:40.970096 0.060853 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:41.031369 0.324667 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:41.356480 0.082585 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:41.439473 0.150565 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:41.590439 0.085837 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:41.676680 0.081357 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:41.758499 0.057636 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:41.816510 0.154549 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:41.971487 0.173249 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:42.145150 0.048923 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:42.194478 0.142172 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:42.337089 0.169039 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:42.506574 0.307312 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:42.814330 0.139878 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:42.954664 0.054279 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:43.009410 0.181424 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:43.191293 0.156914 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:28:43.348599 0.114256 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:29:41.079306 3.001773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 20:29:48.086368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:29:56.088261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:30:12.091207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:30:44.097470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:35:09.008846 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 20:35:09.009009 1.539510 tcp 10.0.2.109 49555 -> 27.251.231.18 9791 FSPA* 0 0 15 1724 flow=From-Botnet-V1-TCP-Established 1970/01/31 20:36:48.104489 3.000483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 20:36:55.111002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:37:03.112499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:37:19.115128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:37:51.121234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:43:55.129695 2.999137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 20:44:02.134540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:44:10.136230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:44:26.140694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:44:58.144828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:51:02.151672 3.001254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 20:51:09.159297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:51:17.160615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:51:33.163232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:52:05.169399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:58:09.176032 3.000766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 20:58:16.183072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:58:24.184079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:58:40.187325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 20:58:50.181780 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 20:58:50.181939 0.034796 udp 10.0.2.109 3683 <-> 77.23.25.163 9684 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:50.217188 0.064804 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:50.282426 0.420859 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:50.703706 0.065596 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:50.769674 0.210417 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:50.980607 0.048958 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:51.029995 0.045347 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:51.075762 0.064118 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:51.140291 0.317085 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:51.457807 0.085081 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:51.543237 0.147366 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:51.691026 0.088762 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:51.780184 0.079272 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:51.859846 0.063127 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:51.923366 0.154267 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:52.078020 0.230341 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:52.308701 0.049218 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:52.358306 0.142426 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:52.501092 0.154243 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:52.655746 0.307520 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:52.963858 0.178641 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:53.142848 0.154866 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:53.298265 0.115108 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:53.413773 0.139918 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:58:53.554108 0.034296 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/01/31 20:59:12.193180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:05:10.548700 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 21:05:10.548807 1.017333 tcp 10.0.2.109 49556 -> 27.251.231.18 9791 FSPA* 0 0 13 1255 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:11.064371 0.106492 tcp 10.0.2.109 49557 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:11.171135 0.059492 tcp 10.0.2.109 49558 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:11.230871 0.162725 tcp 10.0.2.109 49559 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:11.566386 2.997595 tcp 10.0.2.109 49560 -> 81.182.251.82 2897 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:05:20.562629 0.000000 tcp 10.0.2.109 49560 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:05:26.203648 3.001804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 21:05:26.562249 0.062859 tcp 10.0.2.109 49561 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:26.625421 0.059226 tcp 10.0.2.109 49562 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:26.684963 0.157771 tcp 10.0.2.109 49563 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:26.891262 3.004402 tcp 10.0.2.109 49564 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:05:33.211019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:05:35.894720 0.000000 tcp 10.0.2.109 49564 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:05:41.212501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:05:41.884026 0.059402 tcp 10.0.2.109 49565 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:41.944496 0.060283 tcp 10.0.2.109 49566 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:42.005057 0.156724 tcp 10.0.2.109 49567 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:42.212118 2.995893 tcp 10.0.2.109 49568 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:05:51.216675 0.000000 tcp 10.0.2.109 49568 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:05:57.206294 0.059607 tcp 10.0.2.109 49569 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:57.215698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:05:57.266200 0.060286 tcp 10.0.2.109 49570 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:57.326744 0.160127 tcp 10.0.2.109 49571 -> 195.113.214.211 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:57.668287 0.487405 tcp 10.0.2.109 49572 -> 27.251.231.18 9791 FSPA* 0 0 13 1255 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:05:58.155895 2.995308 tcp 10.0.2.109 49573 -> 81.182.251.82 2897 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:06:07.149524 0.000000 tcp 10.0.2.109 49573 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:06:13.148343 3.007428 tcp 10.0.2.109 49574 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:06:22.151101 0.000000 tcp 10.0.2.109 49574 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:06:28.149953 3.004440 tcp 10.0.2.109 49575 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:06:29.221525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:06:37.152858 0.000000 tcp 10.0.2.109 49575 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:11:43.153584 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 21:11:43.153678 3.003480 tcp 10.0.2.109 49576 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:11:52.155435 0.000000 tcp 10.0.2.109 49576 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:11:58.155294 0.045436 tcp 10.0.2.109 49577 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:11:58.201057 0.044175 tcp 10.0.2.109 49578 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:11:58.245498 0.153673 tcp 10.0.2.109 49579 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:11:58.411820 2.997259 tcp 10.0.2.109 49580 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:12:07.407660 0.000000 tcp 10.0.2.109 49580 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 21:12:13.411769 0.043507 tcp 10.0.2.109 49581 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:12:13.455637 0.044830 tcp 10.0.2.109 49582 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:12:13.500810 0.151056 tcp 10.0.2.109 49583 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:12:13.759642 1.575167 tcp 10.0.2.109 49584 -> 27.251.231.18 9791 FSPA* 0 0 14 1627 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:12:33.227655 3.001455 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/31 21:12:40.234884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:12:48.236267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:13:04.239306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:13:36.245551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:19:40.251519 3.001498 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 21:19:47.259032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:19:55.260932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:20:11.263466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:20:43.269607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:26:47.276408 3.000598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 21:26:54.285276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:27:02.283849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:27:18.289354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:27:50.293400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:28:59.613224 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 21:28:59.613372 0.413695 udp 10.0.2.109 3683 <-> 203.45.157.34 1089 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:00.027431 0.064296 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:00.092179 0.000000 udp 10.0.2.109 3683 -> 77.23.25.163 9684 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 21:29:16.308462 0.044351 tcp 10.0.2.109 49585 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:29:16.353051 0.044144 tcp 10.0.2.109 49586 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:29:16.397475 0.156063 tcp 10.0.2.109 49587 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:29:16.554331 0.065149 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:16.619949 0.210874 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:16.831265 0.049723 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:16.881400 0.065094 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:16.946911 0.062389 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:17.009710 0.338123 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:17.348241 0.078489 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:17.427124 0.149195 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:17.576704 0.086393 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:17.663553 0.085727 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:17.749680 0.062578 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:17.812720 0.156287 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:17.969480 0.240735 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:18.210653 0.049102 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:18.260136 0.154843 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:18.415329 0.153660 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:18.569445 0.156000 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:18.725914 0.114323 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:18.840704 0.144771 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:18.985930 0.305716 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:19.291997 0.188977 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:29:19.481353 0.048952 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/01/31 21:33:54.304340 3.007983 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 21:34:01.318611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:34:09.318387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:34:25.321450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:34:57.327592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:41:01.333807 3.001241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 21:41:08.340857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:41:16.342150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:41:32.345233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:42:04.351721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:42:15.337754 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 21:42:15.337850 1.542395 tcp 10.0.2.109 49588 -> 27.251.231.18 9791 FSPA* 0 0 15 1726 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:48:08.357782 3.001478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 21:48:15.365024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:48:23.366111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:48:39.369133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:49:11.375187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:55:40.387146 3.002132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 21:55:47.394585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:55:55.396202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:56:11.399129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:56:43.405295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 21:59:26.199606 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 21:59:26.199763 0.000000 udp 10.0.2.109 3683 -> 77.23.25.163 9684 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 21:59:42.594797 0.044229 tcp 10.0.2.109 49589 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:59:42.639278 0.043904 tcp 10.0.2.109 49590 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:59:42.683450 0.137991 tcp 10.0.2.109 49591 -> 195.113.214.211 443 SRPA* 0 0 32 24079 flow=From-Botnet-V1-TCP-Established 1970/01/31 21:59:42.821931 0.000000 udp 10.0.2.109 3683 -> 203.45.157.34 1089 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 21:59:58.075426 2.746550 tcp 10.0.2.109 49592 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:00:00.822362 0.043601 tcp 10.0.2.109 49593 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:00:00.866304 0.155700 tcp 10.0.2.109 49594 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:00:01.022525 0.064632 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:01.087579 0.049746 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:01.137714 0.067395 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:01.205517 0.211199 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:01.417002 0.045640 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:01.463076 0.062594 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:01.526046 0.390634 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:01.917125 1.151082 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:03.068592 0.148251 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:03.217250 0.088037 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:03.305693 0.085931 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:03.392011 0.062197 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:03.454703 0.155809 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:03.610959 0.166540 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:03.777918 0.049159 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:03.827431 0.145796 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:03.973528 0.157552 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:04.131519 0.152915 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:04.284817 0.139538 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:04.424719 0.188025 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:04.613169 0.035171 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:04.648673 0.145059 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:04.794310 0.309331 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:06.832597 0.000000 udp 10.0.2.109 3683 -> 203.45.157.34 1089 REQ 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:00:14.722840 0.050062 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:14.773382 0.058622 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 781 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:14.832405 0.217352 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:15.050285 0.064508 udp 10.0.2.109 3683 <-> 83.233.245.167 7967 CON 0 0 2 807 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:15.115218 0.055777 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 772 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:15.171466 0.057038 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 741 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:15.228943 0.390291 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:15.619678 0.723877 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:16.343990 0.149323 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 685 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:16.493834 0.079450 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 799 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:16.573751 0.072250 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 823 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:16.646550 0.055094 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 834 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:16.702106 0.156669 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 663 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:16.859380 0.162455 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:17.022452 0.050013 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 666 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:17.073044 0.146033 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 835 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:17.219526 0.154938 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:17.374927 0.153635 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 851 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:17.529010 0.138557 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 777 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:17.668003 0.034867 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 832 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:17.703372 0.144349 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 753 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:17.848159 0.308701 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 689 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:18.157298 0.182284 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 685 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:18.340126 0.071134 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:18.434954 0.318644 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 759 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:18.768702 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:00:26.084134 0.372290 udp 10.0.2.109 3683 <-> 124.106.223.192 5519 CON 0 0 2 654 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:26.579524 0.046709 udp 10.0.2.109 3683 <-> 93.198.215.137 8279 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:00:26.794349 0.000000 udp 10.0.2.109 3683 -> 218.214.97.132 9455 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:00:35.344463 0.000000 udp 10.0.2.109 3683 -> 81.186.166.30 7277 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:00:41.698200 0.000000 udp 10.0.2.109 3683 -> 79.46.251.70 8944 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:00:46.217503 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:00:47.306377 0.000000 udp 10.0.2.109 3683 -> 124.66.159.106 2996 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:00:54.171065 0.000000 udp 10.0.2.109 3683 -> 212.230.173.145 8614 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:01:01.806526 0.080948 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 819 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:01:01.903726 0.079358 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 779 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:01:01.999046 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:01:08.669600 0.000000 udp 10.0.2.109 3683 -> 80.18.170.11 1253 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:01:14.211219 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:01:21.330263 0.000000 udp 10.0.2.109 3683 -> 92.54.159.72 4560 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:01:29.330275 0.221023 udp 10.0.2.109 3683 -> 122.174.165.19 8166 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:01:29.551298 0.000000 icmp 122.174.165.19 0x0303 -> 10.0.2.109 0xe61f URP 192 1 311 flow=Background 1970/01/31 22:01:34.117365 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:01:37.617970 0.000000 udp 10.0.2.109 3683 -> 149.135.51.3 7073 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:01:44.800443 0.000000 udp 10.0.2.109 3683 -> 173.81.209.196 8380 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:01:50.046678 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:01:56.800508 0.000000 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:02:03.093982 0.084397 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:02:03.201869 0.000000 udp 10.0.2.109 3683 -> 109.220.168.62 1798 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:02:10.558512 0.059995 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:02:10.636383 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:02:16.119135 0.000000 udp 10.0.2.109 3683 -> 2.126.209.151 3129 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:02:21.054992 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:02:24.440947 0.000000 udp 10.0.2.109 3683 -> 108.219.61.9 9906 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:02:30.463173 0.000000 udp 10.0.2.109 3683 -> 78.14.195.188 7760 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:02:38.283107 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:02:43.615320 0.000000 udp 10.0.2.109 3683 -> 94.243.137.182 3566 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:02:48.068934 2.968387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/31 22:02:50.184070 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:02:54.991503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:02:57.257015 0.316251 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 768 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:02:57.583000 0.000000 udp 10.0.2.109 3683 -> 84.113.113.103 2357 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:03:02.896238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:03:04.906027 0.000000 udp 10.0.2.109 3683 -> 188.9.72.35 3175 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:03:09.465074 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:03:11.128164 0.342461 udp 10.0.2.109 3683 <-> 175.98.90.46 3821 CON 0 0 2 706 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:03:11.493937 0.467301 udp 10.0.2.109 3683 <-> 114.48.163.211 1236 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:03:11.974836 0.000000 udp 10.0.2.109 3683 -> 80.153.161.180 5887 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:03:17.549620 0.000000 udp 10.0.2.109 3683 -> 188.107.114.27 5938 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:03:18.707440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:03:24.512571 0.000000 udp 10.0.2.109 3683 -> 87.28.15.10 5315 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:03:32.690181 0.000000 udp 10.0.2.109 3683 -> 186.82.210.68 7607 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:03:39.440230 0.000000 udp 10.0.2.109 3683 -> 50.155.216.17 7733 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:03:45.291905 0.000000 udp 10.0.2.109 3683 -> 119.93.91.46 9183 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:03:50.429196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:03:50.449326 0.158667 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 792 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:03:50.629911 0.450153 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 825 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:03:51.088954 0.382524 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 821 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:03:51.480498 0.064054 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 700 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:03:51.560962 0.029965 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 751 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:03:51.611553 0.000000 udp 10.0.2.109 3683 -> 124.178.43.152 4395 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:03:55.075671 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:03:57.619798 0.000000 udp 10.0.2.109 3683 -> 78.172.73.132 1024 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:04:04.009202 0.000000 udp 10.0.2.109 3683 -> 200.88.99.25 5151 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:04:11.699769 0.000000 udp 10.0.2.109 3683 -> 186.6.32.65 2209 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:04:20.632626 0.000000 udp 10.0.2.109 3683 -> 68.37.102.76 4911 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:04:29.004220 0.000000 udp 10.0.2.109 3683 -> 88.234.86.123 2454 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:04:35.784400 0.000000 udp 10.0.2.109 3683 -> 193.140.144.9 8091 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:04:40.571213 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:04:43.025198 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:04:51.066040 0.054618 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:04:51.155693 0.000000 udp 10.0.2.109 3683 -> 75.109.189.157 7538 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:04:56.684834 0.000000 udp 10.0.2.109 3683 -> 129.24.5.200 7744 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:05:01.812413 0.000000 udp 10.0.2.109 3683 -> 67.165.237.116 1720 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:05:07.910714 0.000000 udp 10.0.2.109 3683 -> 59.164.82.176 1720 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:05:16.242812 0.000000 udp 10.0.2.109 3683 -> 176.27.204.195 3554 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:05:24.534650 0.000000 udp 10.0.2.109 3683 -> 195.145.172.186 5419 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:05:29.071154 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:05:31.955330 0.000000 udp 10.0.2.109 3683 -> 187.184.130.200 1330 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:05:40.127132 0.000000 udp 10.0.2.109 3683 -> 186.104.160.130 1024 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:05:47.778307 0.000000 udp 10.0.2.109 3683 -> 82.147.66.13 3871 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:05:55.779542 0.000000 udp 10.0.2.109 3683 -> 81.67.141.232 1233 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:06:04.462048 0.000000 udp 10.0.2.109 3683 -> 82.12.179.36 5755 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:06:12.513660 0.000000 udp 10.0.2.109 3683 -> 68.115.61.12 1571 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:06:17.069885 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:06:18.292081 0.141362 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 707 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:06:18.442982 0.000000 udp 10.0.2.109 3683 -> 98.203.97.224 9568 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:06:25.151796 0.000000 udp 10.0.2.109 3683 -> 190.92.84.66 1063 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:06:31.951423 0.000000 udp 10.0.2.109 3683 -> 87.193.194.242 4425 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:06:39.772747 0.000000 udp 10.0.2.109 3683 -> 81.136.201.53 5695 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:06:45.220682 0.000000 udp 10.0.2.109 3683 -> 220.255.131.221 3364 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:06:53.602840 0.000000 udp 10.0.2.109 3683 -> 183.63.216.199 7673 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:09:54.435078 3.001710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/31 22:10:01.442663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:10:09.446989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:10:25.447188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:10:57.453090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:12:16.887827 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:12:16.888010 0.846552 tcp 10.0.2.109 49595 -> 27.251.231.18 9791 FSPA* 0 0 13 1248 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:17.388888 0.044626 tcp 10.0.2.109 49596 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:17.433804 0.044830 tcp 10.0.2.109 49597 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:17.478952 0.156625 tcp 10.0.2.109 49598 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:17.734822 2.997911 tcp 10.0.2.109 49599 -> 81.182.251.82 2897 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:12:26.731739 0.000000 tcp 10.0.2.109 49599 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:12:32.730942 0.043077 tcp 10.0.2.109 49600 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:32.774312 0.045663 tcp 10.0.2.109 49601 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:32.820274 0.152768 tcp 10.0.2.109 49602 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:33.049925 3.004571 tcp 10.0.2.109 49603 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:12:42.053313 0.000000 tcp 10.0.2.109 49603 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:12:48.043258 0.043614 tcp 10.0.2.109 49604 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:48.087161 0.044079 tcp 10.0.2.109 49605 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:48.131583 0.155920 tcp 10.0.2.109 49606 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:12:48.521391 3.005887 tcp 10.0.2.109 49607 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:12:57.525487 0.000000 tcp 10.0.2.109 49607 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:13:03.515344 0.043545 tcp 10.0.2.109 49608 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:13:03.559183 0.045107 tcp 10.0.2.109 49609 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:13:03.604664 0.190496 tcp 10.0.2.109 49610 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:13:03.851197 0.582068 tcp 10.0.2.109 49611 -> 27.251.231.18 9791 FSPA* 0 0 13 1248 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:13:04.433490 3.001762 tcp 10.0.2.109 49612 -> 81.182.251.82 2897 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:13:13.428466 0.000000 tcp 10.0.2.109 49612 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:13:19.427351 3.004285 tcp 10.0.2.109 49613 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:13:28.430039 0.000000 tcp 10.0.2.109 49613 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:13:34.428952 3.003945 tcp 10.0.2.109 49614 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:13:43.432035 0.000000 tcp 10.0.2.109 49614 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/01/31 22:17:01.461832 2.998907 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/31 22:17:08.466589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:17:16.468185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:17:32.471418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:18:04.477152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:18:49.432683 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:18:49.432823 0.240780 tcp 10.0.2.109 49615 -> 27.251.231.18 9791 SPA_* 0 0 9 1197 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:19:00.776541 0.110910 tcp 10.0.2.109 49615 -> 27.251.231.18 9791 FA_F* 0 0 5 507 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:24:08.482786 3.001953 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 22:24:15.490611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:24:23.491805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:24:39.495060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:25:11.501365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:31:15.507177 3.001543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 22:31:22.514435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:31:30.515911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:31:46.519079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:32:18.525093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:37:23.313545 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:37:23.313644 0.085542 rtp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:23.381177 0.211154 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:23.631566 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:37:42.582767 0.044523 tcp 10.0.2.109 49616 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:37:42.627571 0.045050 tcp 10.0.2.109 49617 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:37:42.672900 0.165338 tcp 10.0.2.109 49618 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:37:42.839147 0.083069 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:42.905085 0.104354 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:42.975220 0.053292 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:43.050029 0.404211 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:43.420621 0.379486 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:43.780805 0.180066 rtp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:43.927436 0.125643 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:44.032682 0.122394 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:44.119454 0.092879 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:44.182155 0.163230 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:44.364066 0.170983 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:44.531709 0.050933 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:44.622618 0.174286 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:44.775306 0.165219 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:44.930405 0.154348 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:45.086693 0.310451 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:45.474469 0.188650 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:45.655799 0.085925 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:45.724106 0.116167 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:45.839742 0.049104 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:45.890433 0.145144 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:46.031775 0.319117 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:46.376459 0.452028 udp 10.0.2.109 3683 <-> 124.106.223.192 5519 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:37:46.808616 0.000000 udp 10.0.2.109 3683 -> 93.198.215.137 8279 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:38:05.754920 0.043699 tcp 10.0.2.109 49619 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:38:05.798919 0.045242 tcp 10.0.2.109 49620 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:38:05.844435 0.157911 tcp 10.0.2.109 49621 -> 195.113.214.211 443 SRPA* 0 0 23 13768 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:38:06.002828 0.115850 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:06.080748 0.111955 rtp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:06.375008 0.114058 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:06.448985 0.057287 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:06.538314 0.302511 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:06.840448 0.351616 udp 10.0.2.109 3683 <-> 175.98.90.46 3821 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:07.211198 0.000000 udp 10.0.2.109 3683 -> 114.48.163.211 1236 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 22:38:22.531378 3.001492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/31 22:38:25.793811 0.044553 tcp 10.0.2.109 49622 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:38:25.838692 0.045067 tcp 10.0.2.109 49623 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:38:25.884052 0.153922 tcp 10.0.2.109 49624 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:38:26.038498 0.161291 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:26.265652 0.391443 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:26.637943 0.109752 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:26.735319 0.401315 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2502 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:27.117110 0.034268 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:27.203679 0.066602 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:27.254089 0.160239 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/01/31 22:38:29.539033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:38:37.540240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:38:53.542963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:39:25.549201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:45:29.554883 3.001320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 22:45:36.562498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:45:44.563809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:46:00.566827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:46:32.572906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:49:00.886402 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 22:49:00.886541 1.809112 tcp 10.0.2.109 49625 -> 27.251.231.18 9791 FSPA* 0 0 15 1675 flow=From-Botnet-V1-TCP-Established 1970/01/31 22:54:21.580841 3.000692 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 22:54:28.587210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:54:36.588776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:54:52.591968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 22:55:24.598011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:01:51.616675 3.002316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 23:01:58.623991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:02:06.625527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:02:22.628910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:02:54.634809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:08:28.014426 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 23:08:28.014515 0.000000 udp 10.0.2.109 3683 -> 83.233.245.167 7967 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 23:08:44.339278 0.045410 tcp 10.0.2.109 49626 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:08:44.385001 0.044330 tcp 10.0.2.109 49627 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:08:44.429604 0.159189 tcp 10.0.2.109 49628 -> 195.113.214.211 443 SRPA* 0 0 51 32930 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:08:44.589528 0.045684 udp 10.0.2.109 3683 <-> 93.198.215.137 8279 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:08:44.635643 0.000000 udp 10.0.2.109 3683 -> 114.48.163.211 1236 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 23:09:00.331326 0.044596 tcp 10.0.2.109 49629 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:09:00.376169 0.045068 tcp 10.0.2.109 49630 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:09:00.421223 0.151321 tcp 10.0.2.109 49631 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:09:00.573032 0.067630 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:00.641032 0.209700 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:00.851149 0.051008 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:00.902602 0.144243 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:01.047304 0.333686 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:01.381394 0.069297 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:01.451146 0.069470 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:01.521063 0.148387 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:01.669850 0.168757 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:01.839039 0.049236 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:01.888658 0.148463 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:02.037504 0.064538 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:02.102425 0.080849 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:02.183652 0.158764 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:02.342878 0.091274 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:02.434574 0.182398 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:02.617390 0.066379 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:02.684196 0.114150 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:02.798759 0.053993 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:02.879159 0.154500 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:03.034037 0.308504 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:03.343214 0.153345 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:03.496967 0.318319 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:03.815667 0.137349 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:03.953418 0.341247 udp 10.0.2.109 3683 <-> 124.106.223.192 5519 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:04.295077 0.056199 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:04.351662 0.318781 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:04.649425 3.002022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/31 23:09:04.670942 0.074948 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:04.746433 0.066122 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:04.812922 0.071883 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:04.885214 0.527323 udp 10.0.2.109 3683 <-> 175.98.90.46 3821 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:05.412988 0.371719 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:05.785144 0.052000 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:05.837538 0.156259 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:05.994379 0.049298 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:06.044073 0.191170 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:06.235620 0.379325 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:06.615306 0.029403 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:09:11.657088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:09:19.658459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:09:35.661562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:10:07.667462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:16:11.673957 3.000695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 23:16:18.681179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:16:26.682825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:16:42.685682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:17:14.690955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:19:02.697207 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 23:19:02.697443 1.848241 tcp 10.0.2.109 49632 -> 27.251.231.18 9791 FSPA* 0 0 14 1511 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:23:18.852196 3.018224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 23:23:25.866438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:23:33.866445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:23:49.870618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:24:21.877732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:30:25.881552 3.001760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 23:30:32.889133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:30:40.890689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:30:56.893999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:31:28.899532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:37:32.905192 3.002299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 23:37:39.912983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:37:47.914427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:38:03.917420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:38:35.923690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:39:11.414977 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 23:39:11.415159 0.041157 udp 10.0.2.109 3683 <-> 93.198.215.137 8279 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:11.456813 0.078523 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:11.535732 0.210688 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:11.746870 0.048788 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:11.796135 1.037365 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:12.833917 0.364928 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:13.199287 0.109616 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:13.309295 0.064205 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:13.373875 0.148275 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:13.522603 0.167187 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:13.690155 0.048764 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:13.739373 0.147275 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:13.887024 0.062319 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:13.949727 0.499212 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:14.449297 0.156783 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:14.606480 0.083844 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:14.690669 0.184562 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:14.875644 0.067468 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:14.943528 0.126439 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:15.070353 0.036383 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:15.107143 0.154362 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:15.261892 0.317614 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:15.579899 0.000000 udp 10.0.2.109 3683 -> 76.97.18.4 7636 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 23:39:33.919209 0.044972 tcp 10.0.2.109 49633 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:39:33.964471 0.045358 tcp 10.0.2.109 49634 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:39:34.010140 0.153444 tcp 10.0.2.109 49635 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:39:34.164123 0.308828 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:34.473376 0.136233 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:34.610006 0.331580 udp 10.0.2.109 3683 <-> 124.106.223.192 5519 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:34.942052 0.055938 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:34.998634 0.315105 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:35.314137 0.098275 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:35.412843 0.066555 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:35.479786 0.068736 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:35.548935 0.054373 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:35.603694 0.343196 udp 10.0.2.109 3683 <-> 175.98.90.46 3821 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:35.947297 0.371770 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:36.319468 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/01/31 23:39:51.983506 0.043786 tcp 10.0.2.109 49636 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:39:52.027558 0.045578 tcp 10.0.2.109 49637 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:39:52.073455 0.152362 tcp 10.0.2.109 49638 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:39:52.226345 0.378625 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:52.605403 0.029633 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:52.635397 0.156248 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:39:52.792001 0.051067 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/01/31 23:44:39.935882 2.995374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/01/31 23:44:46.937197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:44:54.938734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:45:10.945146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:45:42.947577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:49:04.698331 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/01/31 23:49:04.698485 1.553379 tcp 10.0.2.109 49639 -> 27.251.231.18 9791 FSPA* 0 0 15 1731 flow=From-Botnet-V1-TCP-Established 1970/01/31 23:53:55.959022 3.002025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/01/31 23:54:02.966952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:54:10.967490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:54:26.971077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/01/31 23:54:58.977365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:01:02.983016 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 00:01:09.990715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:01:17.992130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:01:33.995413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:02:06.001159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:08:10.007186 3.001851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 00:08:17.014517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:08:25.015933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:08:41.018926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:09:13.024934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:10:10.538020 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 00:10:10.538232 0.000000 udp 10.0.2.109 3683 -> 76.97.18.4 7636 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 00:10:28.095235 0.067714 tcp 10.0.2.109 49640 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:10:28.163353 0.045181 tcp 10.0.2.109 49641 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:10:28.208932 0.184487 tcp 10.0.2.109 49642 -> 195.113.214.211 443 SRPA* 0 0 37 27021 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:10:28.393990 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 00:10:45.989227 0.043188 tcp 10.0.2.109 49643 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:10:46.032751 0.044827 tcp 10.0.2.109 49644 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:10:46.077902 0.145821 tcp 10.0.2.109 49645 -> 195.113.214.211 443 SRPA* 0 0 24 13822 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:10:46.224297 0.209715 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:46.434576 0.078552 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:46.513550 0.040279 udp 10.0.2.109 3683 <-> 93.198.215.137 8279 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:46.554406 0.050325 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:46.605100 0.072518 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:46.678073 0.147405 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:46.825842 0.167169 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:46.993445 0.049006 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:47.042981 0.146763 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:47.190304 0.335414 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:47.526279 0.063033 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:47.589697 0.066580 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:47.656641 0.062960 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:47.720048 0.156444 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:47.876885 0.185447 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:48.062780 0.071222 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:48.134362 0.321650 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:48.456406 0.087355 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:48.544143 0.139477 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:48.684055 0.035259 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:48.719775 0.154158 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:48.874323 0.317711 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:49.192488 0.531791 udp 10.0.2.109 3683 <-> 124.106.223.192 5519 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:49.724715 0.054068 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:49.779125 0.308855 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:50.088401 0.144966 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:50.233781 0.289053 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:50.523244 0.074435 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:50.598104 0.055397 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:50.653881 0.341098 udp 10.0.2.109 3683 <-> 175.98.90.46 3821 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:50.995317 0.067199 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:51.062870 0.075173 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:51.138552 0.373876 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:51.512795 0.156482 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:51.669682 0.225487 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:51.895627 0.378016 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:10:52.273993 0.034263 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:15:17.031460 3.006091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 00:15:24.042635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:15:32.039736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:15:48.042998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:16:20.048931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:19:06.258636 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 00:19:06.258727 1.768424 tcp 10.0.2.109 49646 -> 27.251.231.18 9791 FSPA* 0 0 15 1769 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:22:24.055303 3.001355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 00:22:31.062243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:22:39.063963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:22:55.066902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:23:27.079023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:29:31.079028 3.001623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 00:29:38.086763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:29:46.088570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:30:02.091335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:30:34.096493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:36:38.103139 3.001506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 00:36:45.110560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:36:53.119063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:37:09.118402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:37:41.121094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:41:10.422432 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 00:41:10.422578 0.047209 udp 10.0.2.109 3683 <-> 93.198.215.137 8279 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:10.470384 0.050147 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:10.520958 0.080854 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:10.602384 0.147700 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:10.750482 0.209405 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:10.960279 0.075767 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:11.036452 0.169224 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:11.206124 0.049365 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:11.255892 0.147593 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:11.403921 0.334904 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:11.739302 0.065598 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:11.805304 0.069144 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:11.874872 0.059498 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:11.934833 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 00:41:30.823505 0.067391 tcp 10.0.2.109 49647 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:41:30.891126 0.046389 tcp 10.0.2.109 49648 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:41:30.937802 0.147702 tcp 10.0.2.109 49649 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:41:31.085965 0.184080 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:31.270473 0.103452 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:31.374581 0.338497 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:31.713475 0.088482 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:31.805559 0.000000 udp 10.0.2.109 3683 -> 165.124.44.208 6870 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 00:41:47.665315 0.045906 tcp 10.0.2.109 49650 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:41:47.711538 0.045759 tcp 10.0.2.109 49651 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:41:47.757559 0.178719 tcp 10.0.2.109 49652 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:41:47.936917 0.034587 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:47.971939 0.151586 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:48.123914 0.057269 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:41:48.181555 0.000000 udp 10.0.2.109 3683 -> 210.223.5.134 7099 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 00:42:03.278836 0.044378 tcp 10.0.2.109 49653 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:42:03.323518 0.044658 tcp 10.0.2.109 49654 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:42:03.368453 0.165553 tcp 10.0.2.109 49655 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:42:03.534781 0.333311 udp 10.0.2.109 3683 <-> 124.106.223.192 5519 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:03.868542 0.308308 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:04.177252 0.070636 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:04.248298 0.059600 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:04.308277 0.309213 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:04.617929 0.137195 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:04.755501 0.340969 udp 10.0.2.109 3683 <-> 175.98.90.46 3821 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:05.096858 0.064838 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:05.162075 0.074365 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:05.236818 0.375378 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:05.612624 0.155917 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:05.768947 0.051899 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:05.821250 0.550248 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:42:06.371871 0.031273 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/01 00:43:45.127766 3.001020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 00:43:52.136985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:44:00.135762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:44:16.138969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:44:48.144862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:49:08.029381 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 00:49:08.029534 1.561702 tcp 10.0.2.109 49656 -> 27.251.231.18 9791 FSPA* 0 0 14 1652 flow=From-Botnet-V1-TCP-Established 1970/02/01 00:50:52.150832 3.002199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 00:50:59.158531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:51:07.159938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:51:23.163336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:51:55.169010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:57:59.346348 3.000481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 00:58:06.352785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:58:14.354187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:58:30.356872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 00:59:02.363038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:05:06.368975 3.001769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 01:05:13.376190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:05:21.377941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:05:37.380860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:06:09.386846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:12:13.393715 3.001221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 01:12:20.400970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:12:22.223350 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 01:12:22.223440 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 01:12:28.401884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:12:37.276701 0.067618 tcp 10.0.2.109 49657 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:12:37.344732 0.067804 tcp 10.0.2.109 49658 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:12:37.412874 0.155303 tcp 10.0.2.109 49659 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:12:37.568871 0.000000 udp 10.0.2.109 3683 -> 165.124.44.208 6870 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 01:12:44.408499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:12:52.587045 0.044039 tcp 10.0.2.109 49660 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:12:52.631365 0.044385 tcp 10.0.2.109 49661 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:12:52.676077 0.165126 tcp 10.0.2.109 49662 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:12:52.841793 0.000000 udp 10.0.2.109 3683 -> 210.223.5.134 7099 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 01:13:07.879195 0.066105 tcp 10.0.2.109 49663 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:13:07.945606 0.066901 tcp 10.0.2.109 49664 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:13:08.012762 0.147606 tcp 10.0.2.109 49665 -> 195.113.214.211 443 SRPA* 0 0 47 42216 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:13:08.160990 0.146705 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:08.308149 0.000000 udp 10.0.2.109 3683 -> 93.198.215.137 8279 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 01:13:16.411066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:13:23.935286 0.043797 tcp 10.0.2.109 49666 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:13:23.979430 0.048635 tcp 10.0.2.109 49667 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:13:24.028323 0.144723 tcp 10.0.2.109 49668 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:13:24.173682 0.074847 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:24.248897 0.049664 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:24.298966 0.208945 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:24.508312 0.146378 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:24.655058 0.362909 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.018437 0.067215 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.086262 0.062839 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.149519 0.064067 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.214009 0.049686 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.264144 0.074866 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.339469 0.168869 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.508793 0.085467 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.594711 0.069155 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.664215 0.183139 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:25.847875 0.365585 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:26.213916 0.153214 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:26.367586 0.047789 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:26.415828 0.055351 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:26.471664 0.000000 udp 10.0.2.109 3683 -> 124.106.223.192 5519 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 01:13:44.873508 0.065338 tcp 10.0.2.109 49669 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:13:44.939188 0.046559 tcp 10.0.2.109 49670 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:13:44.986085 0.159360 tcp 10.0.2.109 49671 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:13:45.145967 0.310748 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:45.457128 0.072041 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:45.529570 0.059730 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:45.589649 0.309237 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:45.899258 0.136954 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:46.036629 0.080573 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:46.117631 0.384108 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:46.502128 0.155012 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:46.657546 0.054909 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:46.712859 0.341639 udp 10.0.2.109 3683 <-> 175.98.90.46 3821 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:47.055010 0.084398 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:47.139845 0.377663 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:13:47.517896 0.029161 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:19:09.749491 0.011756 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 01:19:09.761333 1.549975 tcp 10.0.2.109 49672 -> 27.251.231.18 9791 FSPA* 0 0 14 1592 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:19:20.417128 3.001361 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 01:19:27.424636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:19:35.425681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:19:51.428798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:20:23.434901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:26:27.441906 3.000829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 01:26:34.448158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:26:42.449797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:26:58.452651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:27:30.458932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:33:34.464988 3.001586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 01:33:41.472048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:33:49.473716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:34:05.476873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:34:37.482987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:40:41.488907 3.001530 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 01:40:48.497486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:40:56.497764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:41:12.500793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:41:44.506869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:44:08.823904 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 01:44:08.824047 0.039992 udp 10.0.2.109 3683 <-> 93.198.215.137 8279 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:08.864415 0.000000 udp 10.0.2.109 3683 -> 124.106.223.192 5519 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 01:44:27.362889 0.044838 tcp 10.0.2.109 49673 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:44:27.408006 0.045481 tcp 10.0.2.109 49674 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:44:27.453752 0.146025 tcp 10.0.2.109 49675 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:44:27.600307 0.147382 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:27.748149 0.149001 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:27.897556 0.325025 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:28.222960 0.075080 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:28.298441 0.051956 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:28.350789 0.210411 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:28.561657 0.058949 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:28.621044 0.064829 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:28.686411 0.060655 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:28.747516 0.072113 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:28.820108 0.165414 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:28.985932 0.088973 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:29.075353 0.066109 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:29.142264 0.182116 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:29.324878 0.049362 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:29.374640 0.034620 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:29.409680 0.055905 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:29.465968 0.150719 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:29.617067 0.235842 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:29.853311 0.060311 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:29.914089 0.439726 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:30.354428 0.315836 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:30.670642 0.068993 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:30.740095 0.138556 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:30.878993 0.076253 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:30.955687 0.371643 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:31.327764 0.156837 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:31.484995 0.051683 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:31.537122 0.380198 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:31.917732 0.029419 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:44:31.947502 0.000000 udp 10.0.2.109 3683 -> 175.98.90.46 3821 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 01:44:48.041428 0.044261 tcp 10.0.2.109 49676 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:44:48.085877 0.045241 tcp 10.0.2.109 49677 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:44:48.131446 0.146398 tcp 10.0.2.109 49678 -> 195.113.214.211 443 SRPA* 0 0 21 13070 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:44:48.278379 0.072661 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/01 01:47:48.515245 2.999402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 01:47:55.520261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:48:03.527645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:48:19.525089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:48:51.530855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:49:11.319656 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 01:49:11.319763 1.859099 tcp 10.0.2.109 49679 -> 27.251.231.18 9791 FSPA* 0 0 15 1759 flow=From-Botnet-V1-TCP-Established 1970/02/01 01:55:32.540760 3.000613 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 01:55:39.547960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:55:47.548921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:56:03.551780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 01:56:35.558173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:02:47.565065 3.001671 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 02:02:54.572958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:03:02.574232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:03:18.577423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:03:50.583308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:09:54.588616 3.002407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 02:10:01.596735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:10:09.598499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:10:25.601156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:10:57.607558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:14:52.009364 0.000193 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 02:14:52.009668 0.000000 udp 10.0.2.109 3683 -> 175.98.90.46 3821 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 02:15:10.333173 0.047141 tcp 10.0.2.109 49680 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 02:15:10.380589 0.045951 tcp 10.0.2.109 49681 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 02:15:10.426877 0.168819 tcp 10.0.2.109 49682 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/01 02:15:10.596632 0.040269 udp 10.0.2.109 3683 <-> 93.198.215.137 8279 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:10.637375 0.145548 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:10.783328 0.146349 rtcp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:10.930141 0.049009 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:10.979611 0.210940 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:11.191012 0.359728 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:11.551218 0.064558 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:11.616162 0.057823 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:11.674410 0.067511 udp 10.0.2.109 3683 <-> 81.151.175.204 5570 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:11.742486 0.066169 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:11.809072 0.082313 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:11.891843 0.166742 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.058927 0.065996 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.125288 0.182818 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.308579 0.048936 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.357928 0.036491 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.394862 0.057169 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.452423 0.156013 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.608774 0.186356 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.795576 0.055002 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.850975 0.090067 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:12.941504 0.070996 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:13.012915 0.136454 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:13.149785 0.074455 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:13.224698 0.309771 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:13.534870 0.324388 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:13.859774 0.045165 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:13.905363 0.381300 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:14.287066 0.031176 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:14.318709 0.156311 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:14.475475 0.380169 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:15:14.856108 0.071081 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:17:01.613683 3.000956 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 02:17:08.620703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:17:16.621971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:17:32.625210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:18:04.631147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:19:13.180355 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 02:19:13.180503 1.542268 tcp 10.0.2.109 49683 -> 27.251.231.18 9791 FSPA* 0 0 14 1569 flow=From-Botnet-V1-TCP-Established 1970/02/01 02:24:10.640595 3.001134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 02:24:17.649401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:24:25.649061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:24:41.653129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:25:13.658182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:31:17.663883 3.001996 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 02:31:24.671497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:31:32.673056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:31:48.676129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:32:20.682327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:38:24.688547 3.001200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 02:38:31.694932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:38:39.697005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:38:55.700012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:39:27.705907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:45:31.712018 3.001763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 02:45:38.719712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:45:40.802270 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 02:45:40.802366 0.149139 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:40.951935 0.049659 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:41.001956 0.220101 udp 10.0.2.109 3683 <-> 50.137.135.198 4594 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:41.222437 0.047276 udp 10.0.2.109 3683 <-> 93.198.215.137 8279 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:41.270152 0.148176 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:41.418717 0.358242 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:41.777385 0.067988 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:41.845756 0.067922 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:41.914093 0.000000 udp 10.0.2.109 3683 -> 81.151.175.204 5570 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 02:45:46.720923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:45:58.600191 0.045157 tcp 10.0.2.109 49684 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 02:45:58.645608 0.045620 tcp 10.0.2.109 49685 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 02:45:58.691535 0.191393 tcp 10.0.2.109 49686 -> 195.113.214.211 443 SRPA* 0 0 42 36106 flow=From-Botnet-V1-TCP-Established 1970/02/01 02:45:58.883603 0.062261 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:58.946265 0.090798 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.037477 0.168249 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.206128 0.072700 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.279337 0.183232 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.462976 0.048942 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.512343 0.042813 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.555612 0.062580 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.618651 0.153908 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.773009 0.078384 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.851809 0.072879 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:45:59.925083 0.086956 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:00.012423 0.071787 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:00.084634 0.144702 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:00.229782 0.074592 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:00.304867 0.345028 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:00.650296 0.382283 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:01.032978 0.029429 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:01.062774 0.160168 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:01.223322 0.314028 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:01.537748 0.050606 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:01.588728 0.361822 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:01.950919 0.068662 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 02:46:02.724011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:46:34.730231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:49:14.730874 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 02:49:14.731096 1.783543 tcp 10.0.2.109 49687 -> 27.251.231.18 9791 FSPA* 0 0 14 1610 flow=From-Botnet-V1-TCP-Established 1970/02/01 02:54:24.738415 3.002426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 02:54:31.745901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:54:39.747296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:54:55.750832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 02:55:27.756597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:01:53.774414 3.001360 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 03:02:00.781377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:02:08.782527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:02:24.785845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:02:56.792115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:09:21.798461 3.001480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 03:09:28.805163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:09:36.807030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:09:52.810042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:10:24.816643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:16:25.592651 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 03:16:25.592816 0.000000 udp 10.0.2.109 3683 -> 81.151.175.204 5570 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 03:16:28.823570 3.000470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 03:16:35.829502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:16:43.812667 0.047079 tcp 10.0.2.109 49688 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:16:43.831016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:16:43.860077 0.045303 tcp 10.0.2.109 49689 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:16:43.905668 0.241745 tcp 10.0.2.109 49690 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:16:44.147966 0.049943 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:16:44.198336 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 03:16:59.834152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:17:02.679048 0.046195 tcp 10.0.2.109 49691 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:17:02.725521 0.044817 tcp 10.0.2.109 49692 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:17:02.770637 0.157969 tcp 10.0.2.109 49693 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:17:02.929101 0.000000 udp 10.0.2.109 3683 -> 93.198.215.137 8279 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 03:17:20.224004 0.067813 tcp 10.0.2.109 49694 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:17:20.292189 0.046201 tcp 10.0.2.109 49695 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:17:20.338662 0.141825 tcp 10.0.2.109 49696 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:17:20.481030 0.336036 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:20.817456 0.364005 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:21.181901 0.069260 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:21.251604 0.059056 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:21.311073 0.147842 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:21.459304 0.075196 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:21.534873 0.075492 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:21.610752 0.168775 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:21.779904 0.067493 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:21.847797 0.181921 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:22.030132 0.049054 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:22.079559 0.035959 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:22.115963 0.055339 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:22.171705 0.152519 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:22.324666 0.074779 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:22.399858 0.057284 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:22.457606 0.137472 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:22.595463 0.109818 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:22.705717 0.360574 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:23.066685 0.085211 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:23.152293 0.070474 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:23.223210 0.379057 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:23.602646 0.029040 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:23.632061 0.154774 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:23.787209 0.299953 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:24.087631 0.051101 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:24.139181 0.372956 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:24.512605 0.071188 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:17:31.840246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:19:16.521385 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 03:19:16.521586 1.512395 tcp 10.0.2.109 49697 -> 27.251.231.18 9791 FSPA* 0 0 14 1647 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:23:35.846456 3.003503 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 03:23:42.853439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:23:50.854988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:24:06.858470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:24:38.864439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:30:42.870482 3.001157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 03:30:49.877386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:30:57.878967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:31:13.882337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:31:46.055202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:37:49.903886 3.001898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 03:37:56.911616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:38:04.913168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:38:20.915874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:38:52.922158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:44:56.928976 3.000623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 03:45:03.935010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:45:11.937058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:45:27.939917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:45:59.946229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:47:25.379486 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 03:47:25.379601 0.000000 udp 10.0.2.109 3683 -> 93.198.215.137 8279 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 03:47:42.555778 0.045382 tcp 10.0.2.109 49698 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:47:42.601461 0.044643 tcp 10.0.2.109 49699 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:47:42.646534 0.143224 tcp 10.0.2.109 49700 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:47:42.790373 0.000000 udp 10.0.2.109 3683 -> 50.137.135.198 4594 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 03:47:58.477263 0.072409 tcp 10.0.2.109 49701 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:47:58.549981 0.046262 tcp 10.0.2.109 49702 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:47:58.596552 0.155689 tcp 10.0.2.109 49703 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:47:58.752925 0.049024 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:58.802387 0.148310 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:58.951060 0.331784 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:59.283293 0.060049 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:59.343761 0.060458 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:59.404664 0.148559 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:59.553636 0.061474 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:59.615510 0.132369 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:59.748329 0.166253 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:59.914968 0.066492 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:47:59.981868 0.183086 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:00.195362 0.066394 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:00.262140 0.047299 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:00.309859 0.059438 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:00.369727 0.154939 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:00.525113 0.117182 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:00.642742 0.057319 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:00.700527 0.351497 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:01.052478 0.086611 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:01.139581 0.075029 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:01.215012 0.605069 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:01.820479 0.077949 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:01.898802 0.382015 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:02.281196 0.029428 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:02.311011 0.156576 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:02.467997 0.303082 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:02.771551 0.049712 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:02.821716 0.372034 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:48:03.194185 0.068810 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/01 03:49:18.041170 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 03:49:18.041419 1.519138 tcp 10.0.2.109 49704 -> 27.251.231.18 9791 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/02/01 03:54:03.955531 3.000850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 03:54:10.962304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:54:18.963532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:54:34.966410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 03:55:06.972756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:01:23.987070 3.001841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 04:01:30.994607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:01:38.996014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:01:54.999101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:02:27.005376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:08:56.018311 3.000590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 04:09:03.024391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:09:11.025730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:09:27.029284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:09:59.035289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:16:03.041032 3.001950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 04:16:10.051089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:16:18.050004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:16:34.053189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:17:06.059040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:18:06.248570 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 04:18:06.248659 0.048781 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:06.297923 0.149630 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:06.447905 0.349882 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:06.798368 0.065791 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:06.864574 0.064233 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:06.929267 0.148664 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.078358 0.062686 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.141400 0.083191 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.224991 0.166289 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.391677 0.068113 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.460302 0.186105 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.460706 3.000749 tcp 10.0.2.109 49705 -> 109.153.254.98 7558 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/01 04:18:07.646913 0.049333 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.696673 0.033158 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.730279 0.055358 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.786017 0.153534 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:07.939943 0.082344 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:08.022623 0.056093 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:08.079109 0.073251 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:08.152727 0.350271 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:08.503409 0.075969 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:08.579825 0.358511 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:08.938746 0.083209 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:09.022413 2.102158 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:11.124988 0.031395 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:11.156841 0.155499 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:11.312738 0.327137 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:11.640270 0.051528 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:11.692167 0.363770 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:12.056339 0.072318 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:18:16.463318 0.000000 tcp 10.0.2.109 49705 -> 109.153.254.98 7558 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/01 04:19:19.561194 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 04:19:19.561430 1.613309 tcp 10.0.2.109 49706 -> 27.251.231.18 9791 FSPA* 0 0 15 1626 flow=From-Botnet-V1-TCP-Established 1970/02/01 04:23:10.071278 2.997682 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 04:23:17.072209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:23:25.077057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:23:41.078740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:24:13.083034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:30:17.089601 3.001046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 04:30:24.096396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:30:32.097860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:30:48.100873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:31:20.107236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:37:24.113079 3.002339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 04:37:31.121330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:37:39.122165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:37:55.125312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:38:27.131086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:44:31.137872 3.001173 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 04:44:38.146471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:44:46.163675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:45:02.159127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:45:34.165047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:48:24.871022 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 04:48:24.871126 0.051110 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:24.922675 0.065448 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:24.988560 0.063315 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:25.052267 0.161410 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:25.214266 0.059307 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:25.214799 3.000409 tcp 10.0.2.109 49707 -> 65.94.151.44 1440 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/01 04:48:25.273929 0.143677 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:25.418072 0.147064 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:25.565480 0.320083 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:25.885988 0.166252 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.052567 0.068540 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.121521 0.185122 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.307089 0.048913 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.356437 0.040968 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.397754 0.055926 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.454201 0.152663 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.607210 0.082078 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.689678 0.055392 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.745445 0.071248 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:26.817143 0.356020 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:27.173610 0.094327 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:27.268285 0.526197 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:27.794880 1.266510 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:29.061747 0.382314 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:29.444499 0.029516 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:29.474454 0.156359 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:29.631239 0.371022 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:30.002681 0.066122 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:30.069203 0.317194 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:30.386817 0.052891 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/01 04:48:34.213785 0.000000 tcp 10.0.2.109 49707 -> 65.94.151.44 1440 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/01 04:49:21.181773 1.482242 tcp 10.0.2.109 49708 -> 27.251.231.18 9791 FSPA* 0 0 15 1616 flow=From-Botnet-V1-TCP-Established 1970/02/01 04:53:52.173762 3.001983 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 04:53:59.181504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:54:07.182687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:54:23.185776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 04:54:55.191502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:00:59.198587 3.000554 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 05:01:06.205042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:01:14.206809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:01:30.209658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:02:02.219691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:08:28.233231 3.002058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 05:08:35.241501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:08:43.242911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:08:59.245138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:09:31.251128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:15:43.258736 3.001657 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 05:15:50.266131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:15:58.267741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:16:14.270929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:16:46.276724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:18:46.389526 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 05:18:46.389632 0.049366 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:46.439403 0.145520 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:46.585453 0.062526 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:46.585950 2.997923 tcp 10.0.2.109 49709 -> 65.94.151.44 1440 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/01 05:18:46.648333 0.132254 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:46.780988 0.147475 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:46.928856 0.335456 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:47.264708 0.061643 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:47.326781 0.059067 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:47.386249 0.167491 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:47.554109 0.065159 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:47.619633 0.199837 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:47.819901 0.049277 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:47.869603 0.034172 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:47.904176 0.056498 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:47.961036 0.163295 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:48.124738 0.083070 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:48.208180 0.056993 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:48.265515 0.072010 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:48.337945 0.138784 rtcp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:48.477163 0.353649 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:48.831188 0.084079 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:48.915708 1.307860 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:50.223968 0.379751 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:50.604171 0.029340 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:50.633914 0.157047 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:50.791418 0.297906 udp 10.0.2.109 3683 <-> 123.218.208.164 3402 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:51.089805 0.051665 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:51.141834 0.361301 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:51.503620 0.068184 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:18:55.582396 0.000000 tcp 10.0.2.109 49709 -> 65.94.151.44 1440 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/01 05:19:22.671870 1.923053 tcp 10.0.2.109 49710 -> 27.251.231.18 9791 FSPA* 0 0 14 1656 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:22:52.286216 3.001206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 05:22:59.292841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:23:07.294972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:23:23.297495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:23:55.303559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:29:59.309289 3.001792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 05:30:06.317213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:30:14.318831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:30:30.321521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:31:02.327754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:37:06.336045 3.000929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 05:37:13.345893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:37:21.342561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:37:37.345470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:38:09.351339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:44:13.358376 3.000667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 05:44:20.364998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:44:28.366720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:44:44.369434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:45:16.375545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:49:14.898860 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 05:49:14.898953 0.082375 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:14.981952 0.209212 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:14.982626 3.007733 tcp 10.0.2.109 49711 -> 86.151.165.203 1721 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/01 05:49:15.191618 0.147304 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:15.339301 0.078259 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:15.417995 0.147290 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:15.565736 0.324464 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:15.890650 0.062470 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:15.953528 0.062538 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:16.016460 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 05:49:23.981419 0.000000 tcp 10.0.2.109 49711 -> 86.151.165.203 1721 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/01 05:49:24.602481 1.861832 tcp 10.0.2.109 49712 -> 27.251.231.18 9791 FSPA* 0 0 15 1662 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:34.267776 0.067635 tcp 10.0.2.109 49713 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:34.335636 0.067248 tcp 10.0.2.109 49714 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:34.403179 0.194534 tcp 10.0.2.109 49715 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:34.598119 0.065483 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:34.663979 0.182972 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:34.847325 0.049195 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:34.896886 0.036560 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:34.933863 0.055793 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:34.990073 0.152714 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:35.143198 0.079706 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:35.223335 0.057864 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:35.281615 0.070092 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:35.352132 0.265814 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:35.618378 0.356492 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:35.975321 0.089073 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:36.064881 0.031292 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:36.096587 0.973464 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:37.070562 0.380261 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:37.070884 1.901955 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 SPA_* 0 0 7 644 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:37.451215 0.156273 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:37.607855 0.000000 udp 10.0.2.109 3683 -> 123.218.208.164 3402 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 05:49:42.224026 4.059347 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 15 9002 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:48.537619 3.726621 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 24 15012 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:53.495748 0.066242 tcp 10.0.2.109 49717 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:53.562392 0.044650 tcp 10.0.2.109 49718 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:53.607425 0.176018 tcp 10.0.2.109 49719 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:53.673613 4.135864 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 16 13772 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:49:53.784052 0.050550 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:53.835398 0.371964 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:54.207791 0.068555 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/01 05:49:58.908894 3.860999 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 24 15388 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:04.948324 2.340930 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 28 17520 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:09.983681 2.025241 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 11 6738 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:17.441712 4.944018 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 27 21938 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:23.418355 3.787316 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 17 11778 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:29.462199 3.678375 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 46 27060 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:35.065286 3.573493 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 44 26952 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:40.987209 3.257844 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 19 15362 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:46.408902 3.556379 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 26 19836 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:52.716764 4.952632 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 23 15578 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:50:58.587512 4.957068 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 13 7646 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:03.744138 4.907785 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 28 19144 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:09.569265 3.813884 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 22 13232 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:15.766974 2.264433 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 13 8518 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:20.929537 2.525865 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 23 15578 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:25.929881 3.450984 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 23 11482 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:31.362249 4.856443 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 37 22478 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:38.242376 4.259473 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 18 12020 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:43.651128 3.656788 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 20 12560 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:49.588796 4.238136 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 19 11886 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:54.766248 4.861645 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 25 17734 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:51:59.835021 4.687180 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 25 15686 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:05.720968 4.904633 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 14 14464 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:10.821526 4.456139 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 16 10492 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:17.614384 3.292514 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 8 3288 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:23.307589 2.589623 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 18 11832 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:28.705622 4.898264 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 18 9784 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:33.803985 2.704402 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 5 1698 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:38.904923 4.142628 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 12 6792 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:44.018230 4.941483 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 27 19702 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:49.166345 4.793525 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 17 11966 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:52:56.927421 4.230262 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:07.373360 2.652966 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 18 10404 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:12.412534 1.176996 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 11 8166 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:19.339753 4.126201 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 15 7950 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:24.358302 4.670014 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 22 14528 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:30.092434 2.785765 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 24 14204 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:35.358468 4.935680 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 33 23070 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:40.382708 3.001584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 05:53:42.700465 2.608303 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 8 5148 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:47.390141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:53:48.136468 4.421301 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 14 9612 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:53.144175 4.498657 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 31 19442 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:53:55.391575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:53:58.874264 3.754365 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 29 18578 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:54:05.041723 4.629606 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 38 28048 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:54:11.394704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 05:54:12.418018 3.943575 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 A_PA 0 0 26 12264 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:54:18.903033 1.089714 tcp 10.0.2.109 49716 -> 94.66.208.181 2226 FPA_* 0 0 8 718 flow=From-Botnet-V1-TCP-Established 1970/02/01 05:54:43.400802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:00:47.406360 3.002054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 06:00:54.414230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:01:02.415646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:01:18.418588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:01:50.424815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:08:08.440891 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 06:08:15.447962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:08:23.449976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:08:39.452746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:09:11.458892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:15:26.471628 3.000949 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 06:15:33.478038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:15:41.479713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:15:57.482556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:16:29.488579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:19:26.463346 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 06:19:26.463446 1.830257 tcp 10.0.2.109 49720 -> 27.251.231.18 9791 FSPA* 0 0 14 1523 flow=From-Botnet-V1-TCP-Established 1970/02/01 06:20:05.409366 0.169239 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:05.579062 0.000000 udp 10.0.2.109 3683 -> 123.218.208.164 3402 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 06:20:23.056566 0.066763 tcp 10.0.2.109 49721 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 06:20:23.123624 0.070939 tcp 10.0.2.109 49722 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 06:20:23.194938 0.220191 tcp 10.0.2.109 49723 -> 195.113.214.211 443 SRPA* 0 0 33 24704 flow=From-Botnet-V1-TCP-Established 1970/02/01 06:20:23.415733 0.049988 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:23.466309 0.080723 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:23.547439 0.370311 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:23.918172 0.066636 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:23.985224 0.059261 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:24.044874 0.145660 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:24.190965 0.148467 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:24.339844 0.061657 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:24.401855 0.048875 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:24.451113 0.033249 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:24.484788 0.199865 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:24.685076 0.065215 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:24.750708 0.481394 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:25.232550 0.139159 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:25.372112 0.074270 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:25.446821 0.137183 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:25.584371 0.154550 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:25.739361 0.055918 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:25.795655 0.355947 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:26.151995 0.125850 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:26.278264 0.029124 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:26.307827 0.154621 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:26.462885 0.382205 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:26.845499 0.120503 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:26.966446 0.047897 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:27.014733 0.362212 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:20:27.377367 0.068252 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:22:37.500156 3.001715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 06:22:44.507763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:22:52.509065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:23:08.512587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:23:40.518551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:29:44.524549 3.067964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 06:29:51.564608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:29:59.547811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:30:15.546354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:30:47.552592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:36:51.558241 3.001507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 06:36:58.565897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:37:06.567222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:37:22.570132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:37:54.576167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:43:58.582614 3.000998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 06:44:05.589384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:44:13.597870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:44:29.595299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:45:01.600527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:49:28.294153 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 06:49:28.294311 1.756147 tcp 10.0.2.109 49724 -> 27.251.231.18 9791 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/02/01 06:50:35.751269 0.000158 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 06:50:35.751536 0.325430 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:36.077398 0.050385 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:36.128200 0.183747 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:36.312352 0.335970 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:36.648724 0.062549 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:36.711666 0.062383 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:36.774608 0.146341 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:36.921353 0.146244 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.068022 0.062538 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.130925 0.049170 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.180505 0.041056 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.221966 0.179109 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.401514 0.069084 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.470992 0.078809 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.550180 0.060231 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.610770 0.073236 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.684396 0.136577 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.821382 0.152172 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:37.973956 0.054281 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:38.028674 0.357794 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:38.386880 0.089116 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:38.476394 0.031618 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:38.508466 0.157566 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:38.666454 0.052224 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:38.719065 0.361590 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:39.081049 0.073232 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:39.154769 0.378435 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:50:39.533639 0.091467 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/01 06:53:26.608973 3.001508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 06:53:33.616592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:53:41.617862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:53:57.620707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 06:54:29.626897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:00:33.632725 3.001247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 07:00:40.640186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:00:48.641716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:01:04.644805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:01:36.650932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:07:40.657016 3.001890 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 07:07:47.664414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:07:55.665815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:08:11.669055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:08:43.674932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:14:49.683930 3.018477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 07:14:56.700444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:15:04.702488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:15:20.705896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:15:52.711683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:19:30.045421 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 07:19:30.045611 1.793470 tcp 10.0.2.109 49725 -> 27.251.231.18 9791 FSPA* 0 0 14 1570 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:20:53.023873 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 07:20:53.024115 0.081448 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:53.105977 0.397393 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:53.503798 0.063816 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:53.568085 0.059572 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:53.628101 0.148348 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:53.776925 0.166618 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:53.943946 0.050888 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:53.995211 0.147275 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.142961 0.061116 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.204448 0.049514 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.254441 0.046865 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.301751 0.183893 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.486204 0.070827 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.557426 0.087857 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.645691 0.054689 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.700789 0.069830 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.770979 0.137520 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:54.908895 0.154190 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:55.063438 0.054216 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:55.118078 0.354328 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:55.472860 0.089585 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:55.562893 0.029398 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:55.592655 0.157842 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:55.750893 0.055672 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:20:55.806931 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 07:21:13.416647 0.074772 tcp 10.0.2.109 49726 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:21:13.491709 0.074317 tcp 10.0.2.109 49727 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:21:13.566519 0.156219 tcp 10.0.2.109 49728 -> 195.113.214.211 443 SRPA* 0 0 57 36359 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:21:13.723441 0.070249 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:21:13.794318 0.370710 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:21:14.165421 0.072540 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:21:56.717372 3.001867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 07:22:03.725313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:22:11.726586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:22:27.729629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:22:59.735646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:29:03.741650 3.010983 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 07:29:10.759166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:29:18.759967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:29:34.773417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:30:06.779383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:36:10.785641 3.001503 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 07:36:17.793068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:36:25.794762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:36:41.797736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:37:13.802925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:43:17.808593 3.002579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 07:43:24.817743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:43:32.818447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:43:48.827437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:44:20.827610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:49:31.845204 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 07:49:31.845341 1.853432 tcp 10.0.2.109 49729 -> 27.251.231.18 9791 FSPA* 0 0 14 1629 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:50:24.834694 3.001046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 07:50:31.841377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:50:39.842556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:50:55.845586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:51:25.648876 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 07:51:25.648983 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 07:51:27.851498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:51:42.443928 0.074050 tcp 10.0.2.109 49730 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:51:42.518254 0.077354 tcp 10.0.2.109 49731 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:51:42.595902 0.172247 tcp 10.0.2.109 49732 -> 195.113.214.211 443 SRPA* 0 0 23 14000 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:51:42.768720 0.477118 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:51:43.246271 0.382892 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:51:43.629639 0.065819 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:51:43.695832 0.212398 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:51:43.908613 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 07:52:02.731876 0.068578 tcp 10.0.2.109 49733 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:52:02.800725 0.068966 tcp 10.0.2.109 49734 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:52:02.869968 0.168846 tcp 10.0.2.109 49735 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/01 07:52:03.039475 0.051689 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.091582 0.147938 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.239983 0.066507 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.306924 0.049178 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.356540 0.047040 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.404021 0.182592 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.587062 0.065542 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.653091 0.083614 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.737122 0.066502 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.803988 0.072574 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:03.876947 0.149488 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:04.026832 0.156516 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:04.183765 0.058094 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:04.242380 0.352010 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:04.594794 0.092384 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:04.687571 0.032470 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:04.720470 0.157845 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:04.878712 0.055838 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:04.934988 0.058172 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:04.993607 0.071684 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:05.065744 0.074215 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:52:05.140403 0.362667 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/01 07:57:31.858461 3.000818 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 07:57:38.864910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:57:46.866588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:58:02.869708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 07:58:34.875897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:04:52.892676 3.000711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 08:04:59.899135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:05:07.900791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:05:23.903507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:05:55.909633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:12:14.917276 3.001505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 08:12:21.924504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:12:29.925738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:12:45.928958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:13:17.938365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:19:23.944325 3.001338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 08:19:30.951244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:19:33.665767 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 08:19:33.665867 1.791893 tcp 10.0.2.109 49736 -> 27.251.231.18 9791 FSPA* 0 0 14 1658 flow=From-Botnet-V1-TCP-Established 1970/02/01 08:19:38.953073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:19:54.956083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:20:26.962022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:22:16.871092 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 08:22:16.871250 0.167379 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:17.039004 0.352166 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:17.391581 0.157688 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:17.549685 0.058484 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:17.608611 0.575309 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.184323 0.050072 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.234855 0.147323 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.382528 0.066398 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.449302 0.049224 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.498910 0.036626 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.535922 0.178056 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.714522 0.066424 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.781363 0.081365 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.863101 0.076713 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:18.940228 0.075219 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:19.015848 0.056749 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:19.073032 0.309337 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:19.382786 0.219092 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:19.602414 0.154549 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:19.757396 0.526107 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:20.283966 0.042008 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:20.326462 0.156768 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:20.483671 0.052508 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:20.536604 0.060036 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:20.596981 0.074432 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:20.671813 0.080671 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:22:20.752878 0.373447 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:26:30.967860 3.012915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 08:26:37.985428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:26:45.986803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:27:01.989813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:27:33.995709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:33:38.002665 3.000942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 08:33:45.012779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:33:53.011035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:34:09.013940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:34:41.027577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:40:45.026277 3.001075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 08:40:52.033106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:41:00.034982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:41:16.037770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:41:48.044014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:47:52.051070 3.000313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 08:47:59.057164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:48:07.058779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:48:23.065101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:48:55.067659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:49:35.466541 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 08:49:35.466774 1.719110 tcp 10.0.2.109 49737 -> 27.251.231.18 9791 FSPA* 0 0 13 1602 flow=From-Botnet-V1-TCP-Established 1970/02/01 08:52:50.736787 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 08:52:50.736960 0.085205 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:50.822578 0.062483 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:50.885479 0.170459 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:51.056311 0.359518 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:51.416285 0.196435 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:51.613135 0.049240 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:51.662770 0.148088 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:51.811268 0.066258 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:51.877897 0.049021 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:51.927349 0.035559 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:51.963284 0.182915 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:52.146626 0.067993 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:52.215050 0.135593 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:52.351025 0.066249 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:52.417695 0.073659 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:52.491751 0.055512 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:52.547680 0.308796 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:52.856852 0.147712 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:53.004989 0.152292 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:53.157688 0.156700 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:53.314772 0.054126 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:53.369286 0.111325 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:53.481079 0.073149 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:53.554693 0.080775 udp 10.0.2.109 3683 <-> 94.66.208.181 6063 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:53.635873 0.363461 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:53.999731 0.087012 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:52:54.087190 0.029581 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 08:55:36.077316 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 08:55:43.084544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:55:51.086121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:56:07.088947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 08:56:39.094940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:02:49.109864 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 09:02:56.117105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:03:04.118738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:03:20.121429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:03:52.127758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:09:56.133622 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 09:10:03.140856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:10:11.142687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:10:27.145483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:10:59.151414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:17:03.160537 2.998416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 09:17:10.164933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:17:18.166310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:17:34.169435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:18:06.175587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:19:37.186753 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 09:19:37.186982 1.769204 tcp 10.0.2.109 49738 -> 27.251.231.18 9791 FSPA* 0 0 14 1665 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:23:05.025319 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 09:23:05.025417 0.230216 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:05.256062 0.109838 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:05.366269 0.106441 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:05.473100 0.049094 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:05.522612 0.148459 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:05.671457 0.326867 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:05.998748 0.300236 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:06.299475 0.000000 udp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 09:23:21.871154 0.074908 tcp 10.0.2.109 49739 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:23:21.946384 0.071452 tcp 10.0.2.109 49740 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:23:22.018097 0.163253 tcp 10.0.2.109 49741 -> 195.113.214.211 443 SRPA* 0 0 57 37625 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:23:22.182237 0.049316 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:22.231975 0.047099 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:22.279561 0.179645 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:22.459579 0.065648 rtcp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:22.525623 0.644484 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:23.170551 0.072137 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:23.243080 0.309424 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:23.552918 0.137953 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:23.691309 0.072952 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:23.764664 0.054414 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:23.819544 0.153140 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:23.973110 0.158506 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:24.132060 0.055820 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:24.188338 0.055281 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:24.244017 0.074274 udp 10.0.2.109 3683 <-> 91.6.33.86 5333 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:24.318673 0.000000 udp 10.0.2.109 3683 -> 94.66.208.181 6063 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 09:23:39.367869 0.074309 tcp 10.0.2.109 49742 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:23:39.442439 0.074019 tcp 10.0.2.109 49743 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:23:39.516762 0.176112 tcp 10.0.2.109 49744 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:23:39.693380 0.029268 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:39.723114 0.370846 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:23:40.094389 0.090084 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:24:12.185435 3.000480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 09:24:19.191740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:24:27.193459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:24:43.196240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:25:15.202316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:31:19.208213 3.001697 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 09:31:26.216018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:31:34.217302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:31:50.219966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:32:22.226575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:38:26.232868 3.001513 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 09:38:33.244110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:38:41.263239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:38:57.254032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:39:29.260418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:45:33.267430 3.000636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 09:45:40.273653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:45:48.275310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:46:04.278449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:46:36.284417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:49:38.957499 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 09:49:38.957608 1.727318 tcp 10.0.2.109 49745 -> 27.251.231.18 9791 FSPA* 0 0 15 1770 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:53:49.507551 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 09:53:49.507658 0.055948 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:53:49.564102 0.000000 udp 10.0.2.109 3683 -> 94.66.208.181 6063 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 09:54:06.904038 0.068095 tcp 10.0.2.109 49746 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:54:06.972399 0.075425 tcp 10.0.2.109 49747 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:54:07.048095 0.175918 tcp 10.0.2.109 49748 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:54:07.224556 0.049138 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:07.274057 0.149289 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:07.423781 0.166028 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:07.590362 0.062046 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:07.652847 0.154486 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:07.807765 0.148778 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:07.957012 0.348467 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:08.305902 0.182155 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:08.488472 0.068368 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:08.557237 0.043251 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:08.600884 0.049301 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:08.650577 0.310257 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:08.961201 0.143473 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:09.105043 0.072404 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:09.177908 0.055792 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:09.234078 0.065701 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:09.300186 0.080078 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:09.380687 0.058941 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:09.440074 0.000000 udp 10.0.2.109 3683 -> 91.6.33.86 5333 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 09:54:24.888660 0.070554 tcp 10.0.2.109 49749 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:54:24.959583 0.076363 tcp 10.0.2.109 49750 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:54:25.036218 0.173618 tcp 10.0.2.109 49751 -> 195.113.214.211 443 SRPA* 0 0 40 34544 flow=From-Botnet-V1-TCP-Established 1970/02/01 09:54:25.210490 0.151742 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:25.362598 0.156305 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:25.519302 0.052576 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:25.572313 0.029429 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:25.602267 0.373376 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:25.976019 0.086306 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/01 09:54:27.294684 3.001126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 09:54:34.301489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:54:42.303286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:54:58.306330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 09:55:30.312271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:01:56.330507 3.001206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 10:02:03.337208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:02:11.338612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:02:27.341680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:02:59.347627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:09:23.362521 3.001647 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 10:09:30.369818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:09:38.371538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:09:54.374878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:10:26.380806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:16:30.386839 3.001282 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 10:16:37.394072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:16:45.395528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:17:01.398663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:17:33.404600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:19:40.687908 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 10:19:40.688104 1.841205 tcp 10.0.2.109 49752 -> 27.251.231.18 9791 FSPA* 0 0 15 1741 flow=From-Botnet-V1-TCP-Established 1970/02/01 10:23:37.413775 3.003424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 10:23:44.417833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:23:52.419407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:24:08.422198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:24:35.031104 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 10:24:35.031205 0.000000 udp 10.0.2.109 3683 -> 91.6.33.86 5333 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 10:24:40.428438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:24:52.286978 0.070965 tcp 10.0.2.109 49753 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 10:24:52.358186 0.074444 tcp 10.0.2.109 49754 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 10:24:52.432897 0.194036 tcp 10.0.2.109 49755 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/01 10:24:52.627357 0.063895 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:52.691651 0.150386 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:52.842529 0.165129 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:53.008048 0.062555 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:53.071007 0.050878 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:53.122360 0.147777 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:53.270532 0.079369 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:53.350327 0.318665 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:53.669378 0.068969 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:53.738736 0.178915 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:53.918065 0.049560 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:53.968057 0.307389 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:54.275856 0.041110 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:54.317374 0.066737 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:54.384514 0.201227 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:54.586171 0.058359 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:54.644938 0.071955 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:54.717312 0.153587 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:54.871283 0.057231 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:54.928948 0.156775 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:55.086246 0.054974 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:55.141591 0.029459 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:55.171403 0.152928 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:55.324728 0.360628 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:24:55.685764 0.087955 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:30:44.436166 2.999992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 10:30:51.441695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:30:59.443383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:31:15.446593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:31:47.452427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:37:51.458811 3.001318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 10:37:58.465821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:38:06.467436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:38:22.470911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:38:54.476274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:44:58.482662 3.001375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 10:45:05.489816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:45:13.491093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:45:29.499394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:46:01.507222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:49:42.528439 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 10:49:42.528665 1.759009 tcp 10.0.2.109 49756 -> 27.251.231.18 9791 FSPA* 0 0 14 1688 flow=From-Botnet-V1-TCP-Established 1970/02/01 10:54:05.509135 3.001657 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 10:54:12.516374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:54:20.517451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:54:36.520794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 10:55:01.226514 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 10:55:01.226621 0.064784 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:01.291854 0.146116 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:01.438393 0.168267 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:01.607039 0.061991 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:01.669395 0.049754 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:01.719580 0.147465 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:01.867402 0.077296 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:01.945122 0.347857 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:02.293348 0.064954 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:02.358721 0.180212 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:02.539434 0.049158 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:02.588956 0.308523 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:02.897928 0.034734 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:02.933105 0.070164 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:03.003732 0.439919 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:03.444030 0.059734 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:03.504168 0.075495 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:03.580044 0.142191 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:03.722666 0.081431 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:03.804497 0.029213 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:03.834225 0.152133 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:03.986819 0.366066 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:04.353326 0.087061 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:04.440772 0.158170 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:04.599362 0.052740 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/01 10:55:08.527254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:01:26.543561 3.003295 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 11:01:33.550235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:01:41.551769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:01:57.554392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:02:29.560834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:08:58.573870 3.000693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 11:09:05.580552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:09:13.581735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:09:29.584628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:10:01.590795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:16:05.596428 3.002036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 11:16:12.604321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:16:20.605355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:16:36.608698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:17:08.614671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:19:44.289001 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 11:19:44.289083 1.863815 tcp 10.0.2.109 49757 -> 27.251.231.18 9791 FSPA* 0 0 14 1671 flow=From-Botnet-V1-TCP-Established 1970/02/01 11:23:12.620745 3.001691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 11:23:19.628173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:23:27.629643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:23:43.633216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:24:15.643820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:25:28.053209 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 11:25:28.053403 0.064824 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:28.118723 0.148114 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:28.267248 0.167133 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:28.434823 0.058023 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:28.493269 0.051291 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:28.544955 0.145340 rtcp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:28.690707 0.079839 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:28.771006 0.181928 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:28.953376 0.048979 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:29.016685 0.317127 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:29.334368 0.063285 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:29.398089 0.306383 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:29.704893 0.034691 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:29.739954 0.071592 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:29.811958 0.405993 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:30.218388 0.058425 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:30.277177 0.073289 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:30.350834 0.137877 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:30.489153 0.055990 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:30.545498 0.031482 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:30.577320 0.154444 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:30.732215 0.155332 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:30.887990 0.056201 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:30.944639 0.365281 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:25:31.310342 0.085853 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:30:19.644100 3.001825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 11:30:26.652126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:30:34.653744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:30:50.656640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:31:22.662944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:37:26.669447 3.007420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 11:37:33.676197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:37:41.677508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:37:57.681135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:38:29.686639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:44:33.693577 3.000701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 11:44:40.700011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:44:48.701567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:45:04.704549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:45:36.710791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:49:46.139649 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 11:49:46.139806 1.761238 tcp 10.0.2.109 49758 -> 27.251.231.18 9791 FSPA* 0 0 15 1678 flow=From-Botnet-V1-TCP-Established 1970/02/01 11:53:52.726335 3.002341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 11:53:59.733333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:54:07.734929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:54:23.738286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:54:55.744422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 11:55:50.973925 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 11:55:50.974120 0.168030 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:51.142535 0.061570 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:51.204553 0.049231 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:51.254244 0.149239 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:51.403905 0.080401 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:51.484815 0.181667 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:51.666919 0.066795 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:51.734115 0.147706 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:51.882395 0.049169 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:51.932002 0.338278 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:52.270713 0.064402 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:52.335489 0.310177 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:52.646094 0.037534 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:52.684063 0.067960 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:52.752402 0.372902 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:53.125688 0.056659 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:53.182767 0.071895 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:53.255129 0.147568 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:53.403134 0.055658 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:53.459186 0.029200 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:53.488804 0.151450 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:53.640662 0.159746 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:53.800861 0.053258 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:53.854578 0.363853 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/01 11:55:54.218823 0.089758 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:00:59.751525 2.999879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 12:01:06.757507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:01:14.759257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:01:30.762605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:02:02.768494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:08:28.785904 3.001708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 12:08:35.793450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:08:43.795081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:08:59.798061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:09:31.803843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:15:44.813095 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 12:15:51.822684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:15:59.824594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:16:15.824793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:16:47.831139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:19:47.899921 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 12:19:47.900115 1.772266 tcp 10.0.2.109 49759 -> 27.251.231.18 9791 FSPA* 0 0 14 1680 flow=From-Botnet-V1-TCP-Established 1970/02/01 12:22:54.842168 3.000708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 12:23:01.850861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:23:09.852749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:23:25.865014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:23:57.859132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:26:03.169633 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 12:26:03.169734 0.049821 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:03.219981 0.000000 udp 10.0.2.109 3683 -> 65.94.151.44 5215 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:26:21.597860 0.115301 tcp 10.0.2.109 49760 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 12:26:21.713454 0.074193 tcp 10.0.2.109 49761 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 12:26:21.787940 0.133291 tcp 10.0.2.109 49762 -> 195.113.214.211 443 SRPA* 0 0 69 43279 flow=From-Botnet-V1-TCP-Established 1970/02/01 12:26:21.921406 0.167431 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:22.089191 0.068517 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:22.158257 0.169700 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:22.328361 0.178587 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:22.507379 0.066447 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:22.647095 0.147587 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:22.795136 0.048775 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:22.844329 0.351071 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:23.195834 0.068910 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:23.265193 0.309157 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:23.574746 0.034203 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:23.609394 0.056259 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:23.666083 0.074975 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:23.741487 0.137500 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:23.879407 0.069934 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:23.949719 0.343698 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:24.293911 0.057998 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:24.352319 0.029366 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:24.382069 0.154286 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:24.536795 0.157059 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:24.694342 0.053222 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:24.747951 0.373684 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:26:25.122037 0.089230 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:30:01.866574 2.999953 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 12:30:08.872520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:30:16.873929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:30:32.876905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:31:04.882979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:37:08.890434 3.000636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 12:37:15.896658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:37:23.897987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:37:39.901242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:38:11.906749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:44:15.913174 3.001596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 12:44:22.920646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:44:30.921963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:44:46.925193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:45:18.931260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:49:49.681151 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 12:49:49.681339 1.778371 tcp 10.0.2.109 49763 -> 27.251.231.18 9791 FSPA* 0 0 15 1755 flow=From-Botnet-V1-TCP-Established 1970/02/01 12:53:41.947880 3.000942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 12:53:48.954397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:53:56.955497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:54:12.959079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:54:44.964875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 12:56:49.524244 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 12:56:49.524452 0.000000 udp 10.0.2.109 3683 -> 65.94.151.44 5215 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:57:06.049760 0.089234 tcp 10.0.2.109 49764 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 12:57:06.139321 0.075533 tcp 10.0.2.109 49765 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 12:57:06.215124 0.150492 tcp 10.0.2.109 49766 -> 195.113.214.211 443 SRPA* 0 0 58 38057 flow=From-Botnet-V1-TCP-Established 1970/02/01 12:57:06.366350 3.485147 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1139 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:06.415900 3.089836 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 4 1198 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:06.582036 3.102333 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 4 1211 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:06.735160 3.040681 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 4 1107 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:06.817093 3.213603 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 970 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:07.004863 3.096077 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 4 1239 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:07.068735 3.193147 udp 10.0.2.109 3683 <-> 67.70.207.14 1365 CON 0 0 4 1048 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:07.215216 3.097123 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 4 1245 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:07.264894 3.372869 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 4 953 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:07.589241 3.107671 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 4 1128 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:07.655158 3.351013 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 4 1258 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:07.963987 3.079366 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 4 1051 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.000828 3.107513 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 4 1207 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.059877 3.130548 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 4 1368 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.136797 3.204582 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1355 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.275827 3.124611 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 4 1195 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.346690 3.083944 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 4 1014 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.376237 3.208683 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 4 1162 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.530981 3.211360 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 4 990 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.687353 3.098009 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1068 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.738577 3.123162 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 4 1197 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.823029 3.094079 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 4 1212 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:08.877774 3.403615 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 4 1296 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:09.242035 3.122900 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 4 1198 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:12.365468 0.000000 udp 10.0.2.109 3683 -> 115.239.31.229 9348 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:57:19.237494 0.057296 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 669 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:19.312798 0.000000 udp 10.0.2.109 3683 -> 99.228.230.225 8319 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:57:26.307171 0.056755 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:26.380103 0.000000 udp 10.0.2.109 3683 -> 81.136.211.210 1862 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:57:33.206793 0.146253 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:57:33.364416 0.000000 udp 10.0.2.109 3683 -> 120.151.184.91 7254 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:57:41.749317 0.000000 udp 10.0.2.109 3683 -> 105.228.52.24 7002 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:57:46.936665 0.000000 udp 10.0.2.109 3683 -> 2.126.209.151 3129 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:57:51.863420 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 12:57:55.639197 0.000000 udp 10.0.2.109 3683 -> 77.10.254.53 3056 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:58:02.348790 0.000000 udp 10.0.2.109 3683 -> 24.125.55.99 3774 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:58:07.456298 0.000000 udp 10.0.2.109 3683 -> 72.27.203.129 4928 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:58:15.477667 0.000000 udp 10.0.2.109 3683 -> 108.219.61.9 9906 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:58:20.684871 0.000000 udp 10.0.2.109 3683 -> 213.97.83.100 8510 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:58:28.606421 0.382581 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:58:28.999031 0.000000 udp 10.0.2.109 3683 -> 212.95.252.147 6485 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:58:34.114821 0.000000 udp 10.0.2.109 3683 -> 81.135.90.194 2867 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:58:38.861122 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 12:58:42.907263 0.059121 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 826 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:58:42.975388 0.000000 udp 10.0.2.109 3683 -> 92.237.166.199 1458 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:58:48.084773 0.000000 udp 10.0.2.109 3683 -> 209.222.61.244 9231 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:58:53.532851 0.000000 udp 10.0.2.109 3683 -> 46.49.36.87 2545 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:01.854445 0.000000 udp 10.0.2.109 3683 -> 174.141.42.248 1194 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:08.263752 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:16.505578 0.000000 udp 10.0.2.109 3683 -> 188.3.125.125 7288 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:22.353735 0.076846 udp 10.0.2.109 3683 -> 62.219.143.195 9366 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:22.430581 0.000000 icmp 62.219.143.195 0x0303 -> 10.0.2.109 0x9624 URP 192 1 295 flow=Background 1970/02/01 12:59:26.870176 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 12:59:28.682937 0.050882 udp 10.0.2.109 3683 <-> 87.153.125.14 4545 CON 0 0 2 840 flow=From-Botnet-V1-UDP-Established 1970/02/01 12:59:28.744089 0.000000 udp 10.0.2.109 3683 -> 216.110.103.68 7346 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:34.311091 0.000000 udp 10.0.2.109 3683 -> 216.57.201.40 2682 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:42.152434 0.000000 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:47.219402 0.000000 udp 10.0.2.109 3683 -> 98.203.97.224 9568 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:52.457129 0.000000 udp 10.0.2.109 3683 -> 86.98.89.56 4997 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 12:59:59.026726 0.000000 udp 10.0.2.109 3683 -> 78.87.155.166 6561 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:00:06.607597 0.188842 udp 10.0.2.109 3683 -> 186.6.32.65 2209 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:00:06.796439 0.000000 icmp 186.6.32.65 0x0303 -> 10.0.2.109 0xa108 URP 192 1 250 flow=Background 1970/02/01 13:00:11.363985 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:00:12.465758 0.000000 udp 10.0.2.109 3683 -> 64.180.226.146 7224 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:00:21.318784 0.042487 udp 10.0.2.109 3683 <-> 79.218.203.119 5658 CON 0 0 2 836 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:00:21.448782 0.000000 udp 10.0.2.109 3683 -> 94.171.254.46 7317 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:00:28.118371 0.000000 udp 10.0.2.109 3683 -> 46.197.51.226 1319 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:00:33.726410 0.193366 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 736 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:00:33.942844 0.065301 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 744 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:00:34.020162 0.180178 udp 10.0.2.109 3683 <-> 92.25.109.183 6768 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:00:34.225915 0.000000 udp 10.0.2.109 3683 -> 69.199.30.121 6717 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:00:40.916928 0.000000 udp 10.0.2.109 3683 -> 82.37.165.222 7545 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:00:47.035672 0.000000 udp 10.0.2.109 3683 -> 66.49.127.38 7089 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:00:48.971033 3.001868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 13:00:53.404898 0.000000 udp 10.0.2.109 3683 -> 108.20.54.46 7824 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:00:55.978350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:00:58.361680 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:01:01.276254 0.000000 udp 10.0.2.109 3683 -> 201.164.174.114 1115 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:01:03.979931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:01:08.256220 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9986 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:01:15.217662 0.000000 udp 10.0.2.109 3683 -> 74.218.32.44 1243 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:01:19.982873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:01:23.238063 0.000000 udp 10.0.2.109 3683 -> 211.3.248.168 1444 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:01:30.768827 0.000000 udp 10.0.2.109 3683 -> 76.29.212.13 5378 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:01:38.930032 0.000000 udp 10.0.2.109 3683 -> 89.76.100.152 3136 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:01:43.866884 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:01:45.129125 0.084503 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 774 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:01:45.279159 0.000000 udp 10.0.2.109 3683 -> 95.248.239.87 7049 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:01:51.988840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:01:52.569706 0.047309 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:01:52.647497 0.000000 udp 10.0.2.109 3683 -> 201.167.224.196 7361 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:01:59.459770 0.379614 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:01:59.880914 0.059490 udp 10.0.2.109 3683 <-> 92.20.249.40 2036 CON 0 0 2 776 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:01:59.978556 0.000000 udp 10.0.2.109 3683 -> 82.39.204.23 5448 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:02:07.581514 0.000000 udp 10.0.2.109 3683 -> 87.1.43.63 1084 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:02:14.761973 0.000000 udp 10.0.2.109 3683 -> 176.221.10.118 1106 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:02:22.513178 0.000000 udp 10.0.2.109 3683 -> 78.172.82.74 6440 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:02:31.365745 0.407884 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 842 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:02:31.798797 0.102213 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 793 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:02:31.934509 0.077699 udp 10.0.2.109 3683 <-> 79.129.109.44 6903 CON 0 0 2 736 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:02:32.054759 0.060832 udp 10.0.2.109 3683 -> 91.40.61.15 7013 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:02:32.115591 0.000000 icmp 91.40.61.15 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 225 flow=Background 1970/02/01 13:02:36.362604 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:02:38.405802 0.000000 udp 10.0.2.109 3683 -> 212.54.184.25 3664 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:02:47.078143 0.000000 udp 10.0.2.109 3683 -> 83.195.38.129 8843 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:02:54.939534 0.000000 udp 10.0.2.109 3683 -> 72.248.241.26 4951 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:03:00.737825 4.149632 udp 10.0.2.109 3683 <-> 70.50.202.219 6552 CON 0 0 2 664 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:03:04.935255 0.000000 udp 10.0.2.109 3683 -> 80.153.161.180 5887 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:03:10.892604 0.000000 udp 10.0.2.109 3683 -> 94.15.76.10 3101 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:03:18.903870 0.000000 udp 10.0.2.109 3683 -> 217.249.197.132 6956 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:03:23.871217 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:03:27.876675 0.167274 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 780 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:03:28.184949 0.214688 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 655 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:03:28.451011 0.000000 udp 10.0.2.109 3683 -> 79.13.28.83 6831 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:03:33.995225 0.000000 udp 10.0.2.109 3683 -> 72.129.159.132 7469 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:03:41.025652 0.000000 udp 10.0.2.109 3683 -> 70.48.13.60 9615 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:03:46.984754 0.000000 udp 10.0.2.109 3683 -> 79.46.54.10 8156 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:03:52.111638 0.000000 udp 10.0.2.109 3683 -> 176.35.215.154 8769 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:03:59.402338 0.000000 udp 10.0.2.109 3683 -> 87.172.38.144 4488 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:04:06.482584 0.000000 udp 10.0.2.109 3683 -> 83.248.120.197 2772 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:04:11.369231 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:04:14.493965 0.000000 udp 10.0.2.109 3683 -> 69.117.75.206 2235 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:04:19.751053 0.097554 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:04:19.874822 0.057332 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 2 680 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:04:19.946912 0.000000 udp 10.0.2.109 3683 -> 172.5.132.131 1928 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:04:27.122036 0.000000 udp 10.0.2.109 3683 -> 78.1.232.116 9976 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:04:35.273893 0.000000 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:04:42.723842 0.000000 udp 10.0.2.109 3683 -> 95.9.211.245 1024 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:04:48.923318 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 8574 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:04:56.564440 0.000000 udp 10.0.2.109 3683 -> 193.188.47.36 1472 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:05:01.360988 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:05:04.485769 0.063142 udp 10.0.2.109 3683 <-> 86.164.34.191 5570 CON 0 0 2 685 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:05:04.603349 0.000000 udp 10.0.2.109 3683 -> 66.49.56.148 4961 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:05:13.371833 0.055583 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 681 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:05:13.559106 0.000000 udp 10.0.2.109 3683 -> 94.171.222.7 7509 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:05:22.211208 0.000000 udp 10.0.2.109 3683 -> 95.145.210.193 2501 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:05:28.079953 0.000000 udp 10.0.2.109 3683 -> 120.151.242.47 9872 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:05:35.370310 0.000000 udp 10.0.2.109 3683 -> 46.14.107.134 4614 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:05:41.238875 0.000000 udp 10.0.2.109 3683 -> 85.107.181.225 7255 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:05:45.865101 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:05:48.258823 0.000000 udp 10.0.2.109 3683 -> 151.95.2.7 6257 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:05:53.716829 0.000000 udp 10.0.2.109 3683 -> 77.252.52.132 5438 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:05:59.655086 0.056811 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:05:59.728502 0.000000 udp 10.0.2.109 3683 -> 31.146.138.193 4072 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:06:05.343531 0.000000 udp 10.0.2.109 3683 -> 86.154.10.217 6929 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:06:12.703647 0.070657 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:06:12.783625 0.207658 udp 10.0.2.109 3683 <-> 188.29.69.233 8520 CON 0 0 2 835 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:06:13.000521 0.348952 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 733 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:06:13.373266 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:06:21.536759 0.000000 udp 10.0.2.109 3683 -> 81.143.64.185 2128 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:06:28.947263 0.000000 udp 10.0.2.109 3683 -> 98.66.55.57 1355 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:06:33.864225 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:06:36.808787 0.000000 udp 10.0.2.109 3683 -> 176.74.90.155 1029 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:06:42.817201 0.000000 udp 10.0.2.109 3683 -> 92.2.76.63 3734 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:06:49.576801 0.000000 udp 10.0.2.109 3683 -> 66.27.161.41 4791 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:06:55.717857 0.000000 udp 10.0.2.109 3683 -> 181.29.130.155 9919 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:07:04.137820 0.000000 udp 10.0.2.109 3683 -> 178.9.80.49 4555 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:07:11.488310 0.151060 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:07:11.698850 0.000000 udp 10.0.2.109 3683 -> 91.39.94.223 9714 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:07:19.640061 0.015419 udp 10.0.2.109 3683 -> 85.124.198.201 8825 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:07:19.655480 0.000000 icmp 85.124.198.201 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 169 flow=Background 1970/02/01 13:07:24.366654 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:07:27.201044 0.000000 udp 10.0.2.109 3683 -> 72.238.124.191 3238 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:07:35.082454 0.000000 udp 10.0.2.109 3683 -> 85.74.177.70 4082 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:07:42.623012 0.000000 udp 10.0.2.109 3683 -> 176.221.237.209 7484 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:08:11.006384 3.002031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 13:08:18.014012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:08:26.015266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:08:42.018415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:09:14.024724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:15:30.041994 2.998776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 13:15:37.048544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:15:45.046506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:16:01.049578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:16:33.055698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:19:51.461362 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:19:51.461522 1.948311 tcp 10.0.2.109 49767 -> 27.251.231.18 9791 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:22:41.067368 3.001985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 13:22:48.075474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:22:56.076244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:23:12.079607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:23:44.085356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:29:48.092208 3.001143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 13:29:55.098956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:30:03.100468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:30:19.103164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:30:51.109390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:36:55.115215 3.001596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 13:37:02.122754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:37:10.124257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:37:26.127412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:37:52.776084 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:37:52.776187 0.062750 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:52.839322 0.048746 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 203 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:52.888528 0.167306 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:53.056205 0.051147 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:53.107718 0.187308 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:53.295448 0.062483 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:53.358547 0.051860 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:53.410856 0.058720 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:53.470052 0.346479 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:53.816938 0.065669 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:53.882958 0.307172 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:54.190527 0.034639 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:54.225592 0.153544 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:54.379547 0.072684 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:54.452625 0.151620 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:54.604619 0.068248 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:54.673241 0.031515 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:54.705180 0.362961 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:55.068545 0.087431 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:55.156365 0.086308 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:55.243051 0.057420 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:37:55.300880 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:37:58.133484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:38:13.356741 1.145823 tcp 10.0.2.109 49768 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:38:14.502804 0.142783 tcp 10.0.2.109 49769 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:38:14.645894 0.239109 tcp 10.0.2.109 49770 -> 195.113.214.211 443 SRPA* 0 0 30 17777 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:38:14.885509 0.057170 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:14.943092 0.141434 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:15.084881 0.381647 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:15.466939 0.054556 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:15.521966 0.043053 udp 10.0.2.109 3683 <-> 87.153.125.14 4545 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:15.565429 0.000000 udp 10.0.2.109 3683 -> 79.218.203.119 5658 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:38:31.762370 0.323706 tcp 10.0.2.109 49771 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:38:32.086443 0.438725 tcp 10.0.2.109 49772 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:38:32.525485 0.156445 tcp 10.0.2.109 49773 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:38:32.682704 0.000000 udp 10.0.2.109 3683 -> 92.25.109.183 6768 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:38:51.055664 0.072234 tcp 10.0.2.109 49774 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:38:51.128166 0.072545 tcp 10.0.2.109 49775 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:38:51.201028 0.154024 tcp 10.0.2.109 49776 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:38:51.355674 0.046845 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:51.402915 0.213114 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:51.616484 0.086595 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:51.703547 0.045900 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:51.749863 0.347747 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:38:52.098027 0.000000 udp 10.0.2.109 3683 -> 92.20.249.40 2036 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:39:07.283272 0.070426 tcp 10.0.2.109 49777 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:39:07.354031 0.075195 tcp 10.0.2.109 49778 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:39:07.429543 0.159859 tcp 10.0.2.109 49779 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:39:07.589903 0.091127 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:39:07.681454 0.374412 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:39:08.056216 0.000000 udp 10.0.2.109 3683 -> 79.129.109.44 6903 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:39:24.167661 0.068538 tcp 10.0.2.109 49780 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:39:24.236443 0.067824 tcp 10.0.2.109 49781 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:39:24.304571 0.160455 tcp 10.0.2.109 49782 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:39:24.465302 0.203044 udp 10.0.2.109 3683 <-> 70.50.202.219 6552 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:39:24.668781 0.165765 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:39:24.834971 0.231440 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:39:25.066854 0.000000 udp 10.0.2.109 3683 -> 46.49.11.252 6051 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:39:43.675129 0.052289 tcp 10.0.2.109 49783 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:39:43.727635 0.053559 tcp 10.0.2.109 49784 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:39:43.781555 0.158074 tcp 10.0.2.109 49785 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:39:43.940161 0.097764 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:39:44.038301 0.057852 udp 10.0.2.109 3683 <-> 86.164.34.191 5570 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:39:44.096551 0.053638 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:39:44.150651 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 13:40:01.591374 0.051657 tcp 10.0.2.109 49786 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:40:01.643287 0.055437 tcp 10.0.2.109 49787 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:40:01.699013 0.154665 tcp 10.0.2.109 49788 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:40:01.854339 0.067290 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:40:01.922026 0.102999 udp 10.0.2.109 3683 <-> 188.29.69.233 8520 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:40:02.025419 0.352857 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:40:02.378722 0.151469 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 13:44:02.140987 3.000085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 13:44:09.146216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:44:17.148394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:44:33.151453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:45:05.286777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:49:53.412378 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 13:49:53.412562 1.890798 tcp 10.0.2.109 49789 -> 27.251.231.18 9791 FSPA* 0 0 15 1759 flow=From-Botnet-V1-TCP-Established 1970/02/01 13:53:31.177504 3.001413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 13:53:38.185068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:53:46.189327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:54:02.189317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 13:54:34.195279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:00:38.202311 3.000745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 14:00:45.208934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:00:53.210354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:01:09.213594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:01:41.219343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:07:45.225279 3.001851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 14:07:52.233475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:08:00.234998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:08:16.237476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:08:48.243464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:10:26.344841 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 14:10:26.345000 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:10:42.769487 0.072110 tcp 10.0.2.109 49790 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:10:42.841946 0.071613 tcp 10.0.2.109 49791 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:10:42.913886 0.155919 tcp 10.0.2.109 49792 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:10:43.070428 0.000000 udp 10.0.2.109 3683 -> 79.218.203.119 5658 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:11:00.905095 0.075616 tcp 10.0.2.109 49793 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:00.981130 0.074134 tcp 10.0.2.109 49794 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:01.055659 0.153627 tcp 10.0.2.109 49795 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:01.209982 0.062749 udp 10.0.2.109 3683 <-> 92.25.109.183 6768 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:11:01.273203 0.000000 udp 10.0.2.109 3683 -> 92.20.249.40 2036 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:11:17.247995 0.074831 tcp 10.0.2.109 49796 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:17.323122 0.075668 tcp 10.0.2.109 49797 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:17.399057 0.153023 tcp 10.0.2.109 49798 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:17.552759 0.000000 udp 10.0.2.109 3683 -> 79.129.109.44 6903 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:11:36.185490 0.070314 tcp 10.0.2.109 49799 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:36.256089 0.075303 tcp 10.0.2.109 49800 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:36.331696 0.157749 tcp 10.0.2.109 49801 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:36.490063 0.000000 udp 10.0.2.109 3683 -> 46.49.11.252 6051 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:11:53.780765 0.070295 tcp 10.0.2.109 49802 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:53.851425 0.070978 tcp 10.0.2.109 49803 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:53.922675 0.150981 tcp 10.0.2.109 49804 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:11:54.074404 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:12:11.886347 0.073329 tcp 10.0.2.109 49805 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:12:11.959936 0.072711 tcp 10.0.2.109 49806 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:12:12.032893 0.159699 tcp 10.0.2.109 49807 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:12:12.193192 0.060609 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:12.254262 0.049455 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:12.304084 0.064240 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:12.368722 0.165782 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:12.534933 0.048853 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:12.584171 0.179361 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:12.763921 0.061573 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:12.825942 0.050849 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:12.877151 0.053901 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:12.931432 0.343819 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:13.275597 0.071228 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:13.347191 0.154172 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:13.501808 0.035121 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:13.537425 0.066486 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:13.604311 0.308313 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:13.913070 0.139489 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:14.052962 0.029446 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:14.082809 0.363175 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:14.446389 0.087287 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:14.534088 0.524415 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:15.058881 0.055873 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:15.115190 0.054441 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:15.170076 0.382359 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:15.552758 0.057220 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:15.610458 0.000000 udp 10.0.2.109 3683 -> 87.153.125.14 4545 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:12:30.753991 0.070620 tcp 10.0.2.109 49808 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:12:30.824921 0.070380 tcp 10.0.2.109 49809 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:12:30.895629 0.154945 tcp 10.0.2.109 49810 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:12:31.051074 0.139998 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:31.191477 0.046971 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 591 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:31.238858 0.046535 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:31.285807 0.107540 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:31.393788 0.190467 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:31.584732 0.361051 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:31.946257 0.092485 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:32.039184 0.372817 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:32.412456 0.144579 udp 10.0.2.109 3683 <-> 70.50.202.219 6552 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:32.557453 0.165732 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:32.723595 0.217315 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:32.941287 0.053135 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:32.994785 0.106681 udp 10.0.2.109 3683 <-> 86.164.34.191 5570 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:33.101872 0.098334 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:33.200576 0.069651 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:33.270634 0.150721 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:33.421750 0.192604 udp 10.0.2.109 3683 <-> 188.29.69.233 8520 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:12:33.614767 0.338576 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:14:57.257288 3.001376 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 14:15:04.264080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:15:12.265823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:15:28.268616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:16:00.280164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:19:55.302921 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 14:19:55.303033 1.762034 tcp 10.0.2.109 49811 -> 27.251.231.18 9791 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:22:04.280583 3.001465 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 14:22:11.287894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:22:19.289381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:22:35.292466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:23:07.298633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:29:11.304488 3.002027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 14:29:18.311818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:29:26.314584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:29:42.316555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:30:14.322474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:36:18.329430 3.004302 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 14:36:25.336464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:36:33.337425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:36:49.341388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:37:21.346346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:42:52.733152 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 14:42:52.733244 0.000000 udp 10.0.2.109 3683 -> 87.153.125.14 4545 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:43:10.811069 0.071392 tcp 10.0.2.109 49812 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:43:10.882722 0.074054 tcp 10.0.2.109 49813 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:43:10.957058 0.149313 tcp 10.0.2.109 49814 -> 195.113.214.211 443 SRPA* 0 0 40 32780 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:43:11.107065 0.000000 udp 10.0.2.109 3683 -> 92.25.109.183 6768 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:43:25.352354 3.002272 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 14:43:27.913947 0.066928 tcp 10.0.2.109 49815 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:43:27.981164 0.074819 tcp 10.0.2.109 49816 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:43:28.056260 0.156692 tcp 10.0.2.109 49817 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:43:28.213624 0.064666 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:28.278724 0.164343 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:28.443471 0.049626 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:28.493555 0.067503 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:28.561452 0.048863 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:28.610706 0.049608 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:28.660686 0.057098 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:28.718273 0.330052 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:29.048779 0.074789 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:29.124035 0.062081 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:29.186592 0.184503 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:29.371499 0.063568 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:29.435509 0.307865 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:29.743754 0.136562 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:29.880715 0.029178 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:29.910417 0.155545 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:30.066519 0.046957 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:30.113893 0.373144 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:30.487454 0.085390 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:30.573250 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:43:32.359891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:43:40.361404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:43:47.952868 0.074390 tcp 10.0.2.109 49818 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:43:48.027579 0.075100 tcp 10.0.2.109 49819 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:43:48.102987 0.160725 tcp 10.0.2.109 49820 -> 195.113.214.211 443 SRPA* 0 0 43 38236 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:43:48.264543 0.056383 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:48.321391 0.080445 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:48.402448 0.056135 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:48.459007 0.381521 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:48.841014 0.139245 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:48.980766 0.041638 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:49.022817 0.047298 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:49.070485 0.349737 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:49.420702 0.095961 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:49.517098 0.089753 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:49.607210 0.190572 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:49.798117 0.370276 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:50.168808 0.142264 udp 10.0.2.109 3683 <-> 70.50.202.219 6552 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:50.311466 0.167757 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:50.479602 0.229786 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:50.709743 0.056170 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:50.766456 0.058196 udp 10.0.2.109 3683 <-> 86.164.34.191 5570 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:50.825093 0.148058 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:50.973595 0.606330 udp 10.0.2.109 3683 <-> 188.29.69.233 8520 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:51.580305 0.337915 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:43:51.918612 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 14:43:56.364718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:44:07.210421 0.073470 tcp 10.0.2.109 49821 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:44:07.284153 0.071224 tcp 10.0.2.109 49822 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:44:07.355642 0.153118 tcp 10.0.2.109 49823 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:44:07.509383 0.069520 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/01 14:44:28.370467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:49:57.073454 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 14:49:57.073604 1.896712 tcp 10.0.2.109 49824 -> 27.251.231.18 9791 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/02/01 14:50:32.377021 3.001151 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 14:50:39.383935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:50:47.385214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:51:03.388449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:51:35.394627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:57:39.400978 3.000865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 14:57:46.408359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:57:54.409228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:58:10.412451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 14:58:42.418795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:05:05.432104 3.001176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 15:05:12.439157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:05:20.440564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:05:36.443979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:06:08.449655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:12:22.460394 3.001883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 15:12:29.467326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:12:37.468701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:12:53.471963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:13:25.477888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:14:22.710531 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 15:14:22.710630 0.000000 udp 10.0.2.109 3683 -> 92.25.109.183 6768 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 15:14:40.902930 0.071682 tcp 10.0.2.109 49825 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:14:40.974873 0.068267 tcp 10.0.2.109 49826 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:14:41.043435 0.154613 tcp 10.0.2.109 49827 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:14:41.198746 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 15:14:56.949974 0.073479 tcp 10.0.2.109 49828 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:14:57.023803 0.070843 tcp 10.0.2.109 49829 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:14:57.094912 0.156157 tcp 10.0.2.109 49830 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:14:57.251554 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 15:15:12.322050 0.066070 tcp 10.0.2.109 49831 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:15:12.388321 0.068764 tcp 10.0.2.109 49832 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:15:12.457388 0.156532 tcp 10.0.2.109 49833 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:15:12.614454 0.049686 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:12.664530 0.062928 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:12.727843 0.049047 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:12.777320 0.051586 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:12.829354 0.053467 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:12.883209 0.306407 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:13.189994 0.062752 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:13.253221 0.067012 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:13.320720 0.318063 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:13.639185 0.135828 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:13.775409 0.031379 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:13.807142 0.059485 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:13.867019 0.074020 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:13.941403 0.307369 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:14.249165 0.184520 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:14.434157 0.360963 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:14.795495 0.085568 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:14.881491 0.154592 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:15.036494 0.033141 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:15.070021 0.382029 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:15.452396 0.138097 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:15.590911 0.077059 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:15.668424 0.056109 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:15.724921 0.058025 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:15.783346 0.042876 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:15.826638 0.350880 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:16.177929 0.093189 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:16.271586 0.087074 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:16.359057 0.191155 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:16.550648 0.041021 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:16.592129 0.165464 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:16.758202 0.219540 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:16.978194 0.053725 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:17.032329 0.060397 udp 10.0.2.109 3683 <-> 86.164.34.191 5570 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:17.093138 0.152157 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:17.245752 0.143432 udp 10.0.2.109 3683 <-> 70.50.202.219 6552 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:17.389632 3.207442 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:20.597442 0.346830 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:20.944684 0.794428 udp 10.0.2.109 3683 <-> 188.29.69.233 8520 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:15:21.739500 0.068785 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:19:33.489919 3.011478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 15:19:40.507129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:19:48.508740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:19:58.974371 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 15:19:58.974547 1.791174 tcp 10.0.2.109 49834 -> 27.251.231.18 9791 FSPA* 0 0 14 1574 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:20:04.511599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:20:36.517617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:26:42.526509 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 15:26:49.533892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:26:57.535502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:27:13.538757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:27:45.544125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:33:49.550391 3.001593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 15:33:56.557849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:34:04.559212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:34:20.562393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:34:52.568348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:40:56.574245 3.001929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 15:41:03.581994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:41:11.582971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:41:27.585977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:41:59.594137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:45:25.608434 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 15:45:25.608591 0.049065 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:25.658116 0.054269 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:25.712758 0.049121 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:25.762377 0.049856 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:25.812626 0.058935 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:25.871982 0.190093 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:26.062498 0.060991 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:26.123895 0.067723 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:26.191976 0.029024 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:26.221406 0.058687 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:26.280539 0.074974 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:26.355889 0.307937 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:26.664224 0.184397 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:26.849041 0.324206 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:27.173637 0.137539 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:27.311525 0.360519 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:27.672452 0.081752 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:27.754564 0.153659 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:27.908674 0.035307 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:27.944363 0.381598 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:28.326474 0.139845 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:28.466684 0.073940 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:28.541067 0.054345 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:28.595808 0.056694 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:28.652873 0.041426 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:28.694769 0.339929 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:29.035077 0.089099 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:29.124603 0.087529 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:29.212521 0.194071 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:29.407058 0.046207 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:29.453638 0.164718 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:29.618774 0.216690 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:29.835795 0.052434 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:29.888607 0.060256 udp 10.0.2.109 3683 <-> 86.164.34.191 5570 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:29.949282 0.152030 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:30.101684 0.146376 udp 10.0.2.109 3683 <-> 70.50.202.219 6552 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:30.248488 0.369088 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:30.617943 0.068484 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:30.686827 0.331827 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:45:31.019036 0.096018 udp 10.0.2.109 3683 <-> 188.29.69.233 8520 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/01 15:48:03.599701 3.000513 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 15:48:10.607148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:48:18.607436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:48:34.610220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:49:06.616358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:50:00.766961 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 15:50:00.767169 1.861547 tcp 10.0.2.109 49835 -> 27.251.231.18 9791 FSPA* 0 0 14 1614 flow=From-Botnet-V1-TCP-Established 1970/02/01 15:55:41.626850 3.001753 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 15:55:48.634554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:55:56.635963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:56:12.638812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 15:56:44.644952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:02:50.654695 3.000575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 16:02:57.661235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:03:05.662098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:03:21.665629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:03:53.671798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:09:57.678277 3.001322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 16:10:04.685187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:10:12.686161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:10:28.689734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:11:00.695757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:15:46.687966 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 16:15:46.688063 0.049255 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:46.737753 0.050220 rtcp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:46.788362 0.058902 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:46.847708 0.049581 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:46.897737 0.062621 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:46.960756 0.170364 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:47.131516 0.060885 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:47.192789 0.071124 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:47.264285 0.029180 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:47.293889 0.058505 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:47.352807 0.073324 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:47.426558 0.308835 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:47.735859 0.184780 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:47.921063 0.363434 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:48.284987 0.094215 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:48.379719 0.155388 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:48.535738 0.034222 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:48.570511 0.329597 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:48.900601 0.137834 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:49.038810 0.379425 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:49.418693 0.138485 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:49.557554 0.175657 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:49.733582 0.054388 udp 10.0.2.109 3683 <-> 176.73.17.82 7548 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:49.788392 0.057049 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:49.845827 0.047694 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:49.893943 0.341457 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:50.235860 0.091236 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:50.327533 0.085904 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:50.413863 0.190292 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:50.604548 0.046243 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:50.651244 0.164715 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:50.816382 0.218988 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:51.035813 0.055477 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:51.091759 0.059783 udp 10.0.2.109 3683 <-> 86.164.34.191 5570 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:51.151926 0.377731 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:51.530028 0.066467 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:51.596895 0.150685 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:15:51.748025 0.000000 udp 10.0.2.109 3683 -> 70.50.202.219 6552 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 16:16:09.273108 0.061914 tcp 10.0.2.109 49836 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:16:09.335322 0.061205 tcp 10.0.2.109 49837 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:16:09.396785 0.155277 tcp 10.0.2.109 49838 -> 195.113.214.211 443 SRPA* 0 0 40 34544 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:16:09.552722 0.346509 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:16:09.899630 0.081491 udp 10.0.2.109 3683 <-> 188.29.69.233 8520 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:17:04.702504 3.001109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 16:17:11.709147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:17:19.710757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:17:35.713729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:18:07.719976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:20:02.634945 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 16:20:02.635085 1.792947 tcp 10.0.2.109 49839 -> 27.251.231.18 9791 FSPA* 0 0 14 1560 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:24:13.731174 3.007950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 16:24:20.736877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:24:28.737907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:24:44.740574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:25:16.745983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:31:20.751995 3.001907 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 16:31:27.759846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:31:35.760969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:31:51.764811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:32:23.770645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:38:27.776330 3.002146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 16:38:34.784097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:38:42.785383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:38:58.788736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:39:30.794040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:45:34.811022 3.000535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 16:45:41.817971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:45:49.819367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:46:05.822638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:46:26.452388 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 16:46:26.452530 0.000000 udp 10.0.2.109 3683 -> 70.50.202.219 6552 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 16:46:37.828749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:46:43.930205 0.059902 tcp 10.0.2.109 49840 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:46:43.990466 0.062550 tcp 10.0.2.109 49841 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:46:44.053259 0.155937 tcp 10.0.2.109 49842 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:46:44.209864 0.051733 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.262040 0.056275 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.318756 0.046525 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.365782 0.060200 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.426388 0.167530 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.594355 0.063984 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.658711 0.066466 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.725581 0.029092 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.755086 0.060867 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.816368 0.071539 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.888291 0.049474 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:44.938215 0.307386 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:45.246379 0.086693 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:45.333445 0.359709 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:45.693555 0.188254 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:45.882444 0.138103 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:46.020945 0.155242 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:46.176624 0.042967 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:46.220050 0.349718 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:46.570238 0.139234 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:46.709880 0.074378 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:46:46.784629 0.000000 udp 10.0.2.109 3683 -> 176.73.17.82 7548 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 16:47:03.846609 0.061473 tcp 10.0.2.109 49843 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:03.908454 0.063227 tcp 10.0.2.109 49844 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:03.971960 0.159997 tcp 10.0.2.109 49845 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:04.132590 0.056614 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:04.189614 0.049804 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:04.239786 0.367363 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:04.607514 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 16:47:22.263331 0.060803 tcp 10.0.2.109 49846 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:22.324457 0.060430 tcp 10.0.2.109 49847 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:22.385212 0.154436 tcp 10.0.2.109 49848 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:22.540291 0.091951 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:22.632629 0.194463 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:22.827477 0.046137 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:22.874006 0.165624 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:23.040020 0.232610 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:23.273060 0.052670 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:23.326149 0.090904 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:23.417449 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 16:47:39.588132 0.060235 tcp 10.0.2.109 49849 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:39.648663 0.062575 tcp 10.0.2.109 49850 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:39.711604 0.160224 tcp 10.0.2.109 49851 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:39.872465 0.448295 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:40.321189 0.000000 udp 10.0.2.109 3683 -> 86.164.34.191 5570 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 16:47:55.681335 0.063128 tcp 10.0.2.109 49852 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:55.744826 0.060604 tcp 10.0.2.109 49853 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:55.805789 0.159389 tcp 10.0.2.109 49854 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:47:55.965835 0.070754 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:56.036996 0.348740 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/01 16:47:56.386188 0.000000 udp 10.0.2.109 3683 -> 188.29.69.233 8520 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 16:48:14.297801 0.063151 tcp 10.0.2.109 49855 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:48:14.361353 0.061358 tcp 10.0.2.109 49856 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:48:14.422985 0.151494 tcp 10.0.2.109 49857 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:50:04.435793 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 16:50:04.435936 1.804186 tcp 10.0.2.109 49858 -> 27.251.231.18 9791 FSPA* 0 0 15 1696 flow=From-Botnet-V1-TCP-Established 1970/02/01 16:54:22.840142 3.001487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 16:54:29.848017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:54:37.848777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:54:53.851621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 16:55:25.857502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:01:53.867546 3.002400 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 17:02:00.875650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:02:08.877001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:02:24.880519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:02:56.886282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:09:04.897365 3.002034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 17:09:11.905279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:09:19.906770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:09:35.909791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:10:07.915858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:16:11.921930 3.006586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 17:16:18.929409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:16:26.930801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:16:42.934044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:17:14.939837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:18:34.894952 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 17:18:34.895041 0.000000 udp 10.0.2.109 3683 -> 176.73.17.82 7548 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 17:18:53.684308 0.067775 tcp 10.0.2.109 49859 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:18:53.752396 0.064013 tcp 10.0.2.109 49860 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:18:53.816668 0.159980 tcp 10.0.2.109 49861 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:18:53.977211 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 17:19:09.525260 0.060295 tcp 10.0.2.109 49862 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:19:09.585804 0.059723 tcp 10.0.2.109 49863 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:19:09.645793 0.153723 tcp 10.0.2.109 49864 -> 195.113.214.211 443 SRPA* 0 0 21 10972 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:19:09.799984 0.148706 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:09.949075 0.000000 udp 10.0.2.109 3683 -> 86.164.34.191 5570 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 17:19:25.177521 0.060667 tcp 10.0.2.109 49865 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:19:25.238100 0.061784 tcp 10.0.2.109 49866 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:19:25.300196 0.155388 tcp 10.0.2.109 49867 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:19:25.456167 0.000000 udp 10.0.2.109 3683 -> 188.29.69.233 8520 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 17:19:40.479793 0.063386 tcp 10.0.2.109 49868 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:19:40.543469 0.061109 tcp 10.0.2.109 49869 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:19:40.604869 0.156149 tcp 10.0.2.109 49870 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:19:40.761568 0.063399 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:40.825337 0.065417 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:40.891166 0.167624 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.059217 0.062849 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.122463 0.069837 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.192710 0.049441 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.242558 0.099110 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.342084 0.050566 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.393042 0.057324 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.450799 0.031418 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.482651 0.047668 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.530803 0.187992 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.719256 0.084824 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:41.804501 0.307945 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:42.112859 0.360410 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:42.473632 0.138680 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:42.612735 0.321990 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:42.935185 0.043792 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:42.979435 0.141224 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:43.121077 0.154126 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:43.275697 0.078480 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:43.354543 0.057279 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:43.412206 0.205363 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:43.617915 0.352290 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:43.970668 0.046114 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:44.017262 0.094505 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:44.112193 0.193657 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:44.306265 0.093624 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:44.400284 0.163846 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:44.564540 0.052695 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:44.617601 0.216105 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:44.834129 0.460814 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:45.295312 0.071753 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:19:45.367404 0.357826 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:20:06.246602 1.670179 tcp 10.0.2.109 49871 -> 27.251.231.18 9791 FSPA* 0 0 14 1674 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:23:18.945617 3.001896 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 17:23:25.953237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:23:33.954749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:23:49.958732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:24:21.963778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:30:25.969521 3.002073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 17:30:32.977114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:30:40.979036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:30:56.981917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:31:28.987905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:37:32.994656 3.000842 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 17:37:40.001505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:37:48.007165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:38:04.005548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:38:36.014215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:44:40.020542 2.999043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 17:44:47.031820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:44:55.026600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:45:11.030830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:45:43.035814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:50:07.917090 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 17:50:07.917303 1.865073 tcp 10.0.2.109 49872 -> 27.251.231.18 9791 FSPA* 0 0 14 1731 flow=From-Botnet-V1-TCP-Established 1970/02/01 17:50:14.065565 0.155539 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.221481 0.062883 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.284779 0.063895 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.349046 0.166435 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.515888 0.059272 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.575617 0.072478 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.648524 0.049163 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.698138 0.057132 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.755674 0.050014 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.806093 0.054940 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.861505 0.031442 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.893417 0.050442 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:14.944236 0.185376 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:15.129979 0.369645 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:15.500048 0.138191 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:15.638653 0.085382 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:15.724482 0.309646 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:16.034540 0.328935 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:16.363913 0.036378 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:16.400777 0.139155 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:16.540299 0.154519 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:16.695227 0.077874 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:16.773506 0.057064 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:16.830996 0.049378 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:16.880815 0.341431 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:17.222615 0.046115 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:17.269138 0.084868 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:17.354394 0.194876 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:17.549682 0.092909 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:17.643035 0.164363 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:17.807869 0.056283 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:17.864608 0.070016 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:17.935064 0.332771 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:18.268188 0.219604 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:50:18.488222 0.364465 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/01 17:53:57.049033 3.001101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 17:54:04.055864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:54:12.057361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:54:28.060695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 17:55:00.066664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:01:07.077163 3.001546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 18:01:14.084629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:01:22.085963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:01:38.088930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:02:10.094842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:08:23.104195 3.001202 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 18:08:30.110981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:08:38.112900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:08:54.115426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:09:26.121838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:15:30.128240 3.041367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 18:15:37.151752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:15:45.148084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:16:01.154587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:16:33.155928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:20:09.787919 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 18:20:09.788031 1.879803 tcp 10.0.2.109 49873 -> 27.251.231.18 9791 FSPA* 0 0 15 1711 flow=From-Botnet-V1-TCP-Established 1970/02/01 18:20:47.341589 0.149553 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:47.491489 0.066392 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:47.558287 0.065506 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:47.624171 0.183529 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:47.808154 0.063627 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:47.872138 0.069553 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:47.942117 0.049683 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:47.992192 0.059619 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:48.052201 0.050871 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:48.103442 0.050405 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:48.154233 0.185435 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:48.340043 0.369698 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:48.710253 0.136712 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:48.847380 0.085771 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:48.933599 0.056378 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:48.990610 0.029070 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:49.020064 0.307263 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:49.327763 0.347517 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:49.675681 0.034199 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:49.710504 0.138570 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:49.849443 0.156318 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:50.006155 0.076140 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:50.082695 0.055400 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:50.138474 0.041151 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:50.180006 0.341765 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:50.522163 0.046143 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:50.568724 0.084052 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:50.653188 0.195430 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:50.849085 0.095325 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:50.944819 0.066735 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:51.012036 0.332251 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:51.344732 0.214407 udp 10.0.2.109 3683 <-> 177.225.128.112 9092 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:51.559614 0.170888 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:51.730888 0.055749 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:51.787091 0.379595 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:20:55.863129 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 18:22:37.161393 3.002086 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 18:22:44.169144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:22:52.170682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:23:08.173831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:23:40.179612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:29:44.186107 3.001302 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 18:29:51.193104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:29:59.194874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:30:15.197712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:30:47.203621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:36:51.210892 3.000545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 18:36:58.217439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:37:06.218720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:37:22.221639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:37:54.228187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:43:58.235004 3.000174 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 18:44:05.240989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:44:13.242532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:44:29.248480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:45:01.251568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:50:11.668245 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 18:50:11.668347 1.907309 tcp 10.0.2.109 49874 -> 27.251.231.18 9791 FSPA* 0 0 14 1672 flow=From-Botnet-V1-TCP-Established 1970/02/01 18:50:54.109260 0.070468 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.180162 0.166563 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.347134 0.148096 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.495644 0.066842 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.562916 0.060226 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.623602 0.074176 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.698186 0.049026 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.747565 0.058965 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.806938 0.050801 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.858314 0.051038 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:54.909738 0.183899 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:55.094042 0.400462 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:55.494900 0.136709 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:55.632012 0.085906 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:55.718330 0.052963 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:55.771739 0.028989 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:55.801168 0.311236 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:56.112860 0.358505 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:56.471792 0.034526 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:56.506685 0.080489 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:56.587554 0.057108 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:56.645109 0.047828 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:56.693333 0.339059 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:57.032767 0.040324 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:57.073519 0.085110 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:57.159034 0.139549 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:57.299018 0.154904 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:57.454321 0.190089 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:57.644823 0.094211 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:57.739476 0.068410 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:57.808341 0.335092 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:50:58.143827 0.000000 udp 10.0.2.109 3683 -> 177.225.128.112 9092 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 18:50:58.865915 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 18:51:15.871768 0.063144 tcp 10.0.2.109 49875 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 18:51:15.935198 0.061335 tcp 10.0.2.109 49876 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 18:51:15.996808 0.154259 tcp 10.0.2.109 49877 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/01 18:51:16.151531 0.169808 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:51:16.321697 0.054918 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:51:16.377019 0.386870 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/01 18:53:27.261762 3.001950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 18:53:34.269130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:53:42.271026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:53:58.273653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 18:54:30.279805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:00:34.286223 3.000930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 19:00:41.293132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:00:49.294121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:01:05.297589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:01:37.303921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:07:41.309385 3.005576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 19:07:48.316983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:07:56.318720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:08:12.321628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:08:44.327738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:14:48.334202 3.001241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 19:14:55.341225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:15:03.342745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:15:19.345869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:15:51.351610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:20:13.579413 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 19:20:13.579565 1.710203 tcp 10.0.2.109 49878 -> 27.251.231.18 9791 FSPA* 0 0 14 1729 flow=From-Botnet-V1-TCP-Established 1970/02/01 19:21:20.935766 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 19:21:20.935966 0.000000 udp 10.0.2.109 3683 -> 177.225.128.112 9092 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 19:21:38.942932 0.060279 tcp 10.0.2.109 49879 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 19:21:39.003522 0.063927 tcp 10.0.2.109 49880 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 19:21:39.067719 0.156535 tcp 10.0.2.109 49881 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/01 19:21:39.224894 0.168629 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:39.393954 0.055021 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:39.449379 0.378331 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:39.828157 0.064000 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:39.892591 0.048880 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:39.941859 0.057992 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.000271 0.149018 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.149762 0.167548 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.317769 0.074093 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.392256 0.060047 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.452739 0.068298 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.521464 0.138847 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.660674 0.086427 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.747522 0.060114 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.808063 0.029141 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.837621 0.050747 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:40.888785 0.371710 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:41.260889 0.050113 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:41.311386 0.184952 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:41.496792 0.043923 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:41.541088 0.329705 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:41.871198 0.308949 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:42.180541 0.081454 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:42.262390 0.057059 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:42.319867 0.047341 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:42.367620 0.153011 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:42.521024 0.193828 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:42.715288 0.097745 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:42.813428 0.350625 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:43.164413 0.046238 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:43.211057 0.138200 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:43.349650 0.085647 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:43.435694 0.067208 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:43.503308 0.344940 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:21:55.357344 3.001888 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 19:22:02.365526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:22:10.366505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:22:26.369681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:22:58.375492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:29:02.382543 3.000800 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 19:29:09.388998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:29:17.390566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:29:33.393686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:30:05.399759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:36:09.406265 3.000816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 19:36:16.412859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:36:24.414673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:36:40.417751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:37:12.423506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:43:16.429409 3.055909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 19:43:23.462327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:43:31.448707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:43:47.451258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:44:19.457679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:50:15.289604 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 19:50:15.289709 1.692879 tcp 10.0.2.109 49882 -> 27.251.231.18 9791 FSPA* 0 0 14 1575 flow=From-Botnet-V1-TCP-Established 1970/02/01 19:50:23.464294 3.000915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 19:50:30.471286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:50:38.472373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:50:54.475449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:51:26.481223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:52:08.161645 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 19:52:08.161774 0.164803 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:08.326995 0.056351 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:08.383758 0.379589 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:08.763708 0.064080 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:08.828229 0.048771 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:08.877445 0.089561 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:08.967390 0.148985 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.116741 0.166913 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.284111 0.072808 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.357297 0.062816 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.420575 0.065455 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.486604 0.143864 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.630852 0.086876 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.718102 0.058975 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.777535 0.031191 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.809182 0.047555 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:09.857177 0.371434 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:10.229004 0.052025 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:10.281422 0.178997 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:10.460855 0.041257 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:10.502573 0.327315 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:10.830431 0.306278 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:11.137072 0.078453 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:11.215950 0.053910 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:11.270291 0.047601 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:11.318282 0.153998 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:11.472650 0.194820 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:11.667848 0.092233 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:11.760472 0.140192 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:11.901053 0.092086 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:11.993528 0.069355 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:12.063280 0.360601 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:12.424247 0.040251 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:52:12.464907 0.333000 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/01 19:57:30.487376 3.001833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 19:57:37.495189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:57:45.496503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:58:01.499303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 19:58:33.505553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:04:52.524147 3.000387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 20:04:59.530558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:05:07.531960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:05:23.535003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:05:55.540746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:12:09.551857 3.006620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 20:12:16.558791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:12:24.560518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:12:40.563276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:13:12.569322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:19:16.575377 3.001566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 20:19:23.582915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:19:31.584335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:19:47.587441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:20:16.989782 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 20:20:16.989865 1.749207 tcp 10.0.2.109 49883 -> 27.251.231.18 9791 FSPA* 0 0 14 1595 flow=From-Botnet-V1-TCP-Established 1970/02/01 20:20:19.593232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:22:17.843725 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 20:22:17.843846 0.371078 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:18.215409 0.060021 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:18.275845 0.048870 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:18.325166 0.059653 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:18.385268 0.169539 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:18.555230 0.054020 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:18.609636 0.149793 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:18.759907 0.169145 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:18.929514 0.076231 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.006172 0.058948 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.065555 0.065080 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.131037 0.146594 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.278202 0.086305 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.364890 0.062337 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.427635 0.029232 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.457323 0.049268 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.506987 0.369339 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.876684 0.048862 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:19.925972 0.356210 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:20.282577 0.183035 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:20.465997 0.033222 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:20.499618 0.053220 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:20.553225 0.048603 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:20.602250 0.155888 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:20.758507 0.307368 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:21.066378 0.077068 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:21.143878 0.190694 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:21.334949 0.091102 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:21.426636 0.140352 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:21.567390 0.000000 udp 10.0.2.109 3683 -> 46.197.167.75 3636 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 20:22:39.097648 0.060673 tcp 10.0.2.109 49884 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 20:22:39.158579 0.065563 tcp 10.0.2.109 49885 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 20:22:39.224412 0.154660 tcp 10.0.2.109 49886 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/01 20:22:39.379774 0.065582 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:39.445802 0.343622 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:39.789907 0.360348 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:22:40.150702 0.040673 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:26:23.599359 3.033445 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 20:26:30.626579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:26:38.628207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:26:54.631287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:27:26.637167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:33:30.643510 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 20:33:37.650710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:33:45.652376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:34:01.655223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:34:33.661129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:40:37.667968 3.001033 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 20:40:44.674785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:40:52.676193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:41:08.679306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:41:40.684842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:47:44.692535 3.000307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 20:47:51.699022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:47:59.700117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:48:15.702793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:48:47.709212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:50:18.740657 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 20:50:18.740755 1.721810 tcp 10.0.2.109 49887 -> 27.251.231.18 9791 FSPA* 0 0 14 1571 flow=From-Botnet-V1-TCP-Established 1970/02/01 20:53:00.863575 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 20:53:00.863772 0.000000 udp 10.0.2.109 3683 -> 46.197.167.75 3636 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 20:53:17.579285 0.054337 tcp 10.0.2.109 49888 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 20:53:17.633913 0.053294 tcp 10.0.2.109 49889 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 20:53:17.687526 0.132248 tcp 10.0.2.109 49890 -> 195.113.214.211 443 SRPA* 0 0 60 38125 flow=From-Botnet-V1-TCP-Established 1970/02/01 20:53:17.820437 0.049193 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:17.870072 0.058702 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:17.929167 0.166989 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:18.096550 0.054483 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:18.151469 0.155458 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:18.307368 0.391642 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:18.699425 0.062220 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:18.762282 0.071083 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:18.833766 0.067865 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:18.902144 0.066002 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:18.968567 0.146363 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:19.115316 0.167978 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:19.283706 0.061551 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:19.345740 0.031522 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:19.377710 0.051368 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:19.429500 0.086180 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:19.516440 0.357485 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:19.874320 0.183443 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:20.058347 0.037666 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:20.096410 0.056081 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:20.152866 0.049928 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:20.203171 0.152941 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:20.356474 0.361434 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:20.718415 0.049144 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:20.767945 0.078169 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:20.846513 0.194209 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:21.041140 0.096211 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:21.137709 0.140021 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:21.278098 0.311027 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:21.589595 0.067689 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:21.657730 0.334285 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:21.992445 0.362760 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:53:22.355646 0.041226 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/01 20:55:30.721229 3.001780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 20:55:37.728531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:55:45.730556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:56:01.733209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 20:56:33.739438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:02:47.748697 3.002310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 21:02:54.756708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:03:02.758792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:03:18.761673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:03:50.767455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:09:54.773540 3.001605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 21:10:01.781135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:10:09.782722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:10:25.785172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:10:57.791491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:17:01.798719 3.000486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 21:17:08.804810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:17:16.806286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:17:32.809374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:18:04.815142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:20:20.471237 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 21:20:20.471342 1.832619 tcp 10.0.2.109 49891 -> 27.251.231.18 9791 FSPA* 0 0 14 1638 flow=From-Botnet-V1-TCP-Established 1970/02/01 21:23:28.291084 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 21:23:28.291194 0.163044 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:28.454638 0.056319 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:28.511268 0.048485 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:28.560209 0.060438 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:28.621112 0.151116 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:28.772619 0.412430 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.185477 0.062008 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.247914 0.072243 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.320620 0.136041 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.457046 0.167247 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.624673 0.058257 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.683327 0.033938 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.717675 0.051036 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.769193 0.065177 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.834738 0.070948 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:29.906167 0.096004 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:30.002601 0.377774 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:30.380918 0.178969 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:30.560246 0.034627 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:30.595344 0.055297 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:30.651092 0.361750 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:31.013208 0.048629 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:31.062384 0.043244 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:31.106018 0.153151 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:31.259560 0.076367 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:31.336418 0.191190 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:31.528005 0.100575 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:31.628962 0.140720 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:31.770242 0.335441 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:32.106210 0.306768 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:32.413344 0.069947 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:32.483696 0.358402 udp 10.0.2.109 3683 <-> 223.17.70.123 8575 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:23:32.842516 0.046108 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:24:08.824172 3.001021 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 21:24:15.833998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:24:23.837022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:24:39.833364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:25:11.839527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:31:15.846255 3.000934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 21:31:22.852593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:31:30.853828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:31:46.857331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:32:18.863020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:38:22.869362 3.001804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 21:38:29.877624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:38:37.878490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:38:53.882804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:39:25.887001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:45:29.893726 3.001174 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 21:45:36.901018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:45:44.901842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:46:00.905378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:46:32.911539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:50:22.311908 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 21:50:22.312128 1.819461 tcp 10.0.2.109 49892 -> 27.251.231.18 9791 FSPA* 0 0 13 1696 flow=From-Botnet-V1-TCP-Established 1970/02/01 21:53:42.239446 0.000124 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 21:53:42.239659 0.049209 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:42.289359 0.061869 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:42.351652 0.149086 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:42.501123 0.170087 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:42.671594 0.055278 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:42.727330 0.406392 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.134329 0.067036 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.201778 0.073779 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.276068 0.144226 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.420678 0.169883 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.590985 0.057411 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.648767 0.041672 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.690903 0.051118 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.742462 0.061492 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.804356 0.065417 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.870155 0.089727 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:43.960308 0.352959 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:44.313718 0.179168 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:44.493346 0.040826 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:44.534551 0.056230 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:44.591230 0.369157 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:44.960788 0.052560 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:45.013742 0.044443 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:45.058595 0.154608 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:45.213559 0.470782 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:45.684708 0.250863 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:45.936103 0.090126 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:46.026606 0.139443 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:46.166477 0.068831 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:46.235762 0.347956 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:46.584044 0.305599 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:53:46.890034 0.000000 udp 10.0.2.109 3683 -> 223.17.70.123 8575 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 21:54:02.409220 0.053311 tcp 10.0.2.109 49893 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 21:54:02.462793 0.054511 tcp 10.0.2.109 49894 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 21:54:02.517560 0.147137 tcp 10.0.2.109 49895 -> 195.113.214.211 443 SRPA* 0 0 35 26152 flow=From-Botnet-V1-TCP-Established 1970/02/01 21:54:02.665278 0.041807 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/01 21:54:24.922632 3.001829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/01 21:54:31.929988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:54:39.931810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:54:55.934809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 21:55:27.940759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:01:53.958517 3.001392 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 22:02:00.965722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:02:08.967312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:02:24.970395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:02:56.975837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:09:07.982526 3.001088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 22:09:14.989744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:09:22.991107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:09:38.993796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:10:11.000434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:16:15.007145 3.003057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 22:16:22.015786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:16:30.018395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:16:46.025229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:17:18.024377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:20:24.132177 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 22:20:24.132374 1.778295 tcp 10.0.2.109 49896 -> 27.251.231.18 9791 FSPA* 0 0 14 1737 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:23:22.030975 3.001200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 22:23:29.037455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:23:37.039167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:23:53.041578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:24:16.546087 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 22:24:16.546290 0.366736 udp 10.0.2.109 3683 -> 223.17.70.123 8575 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 22:24:16.913026 0.000000 icmp 223.17.70.123 0x0303 -> 10.0.2.109 0x7f21 URP 192 1 228 flow=Background 1970/02/01 22:24:25.048439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:24:34.777021 0.052835 tcp 10.0.2.109 49897 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:24:34.830272 0.051092 tcp 10.0.2.109 49898 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:24:34.881623 0.150012 tcp 10.0.2.109 49899 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:24:35.032157 0.061739 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:35.094509 0.150000 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:35.245037 0.164302 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:35.409802 0.049215 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:35.459464 0.070684 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:35.530529 0.056161 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:35.587111 0.392401 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:35.979949 0.063677 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:36.044070 0.167694 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:36.212195 0.151003 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:36.363578 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 22:24:52.648328 0.051195 tcp 10.0.2.109 49900 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:24:52.699774 0.052545 tcp 10.0.2.109 49901 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:24:52.752571 0.146467 tcp 10.0.2.109 49902 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:24:52.899621 0.052461 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:52.952478 0.064203 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:53.017077 0.066216 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:53.083691 0.086280 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:53.170399 0.058153 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:53.228926 0.055523 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:53.284926 0.182771 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:53.468109 0.330304 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:53.798828 0.042547 udp 10.0.2.109 3683 <-> 143.225.166.230 6500 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:53.841798 0.047188 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:53.889400 0.155090 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:54.044900 0.363238 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:54.408596 0.049203 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:54.458268 0.370539 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:54.829259 0.095993 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:54.925624 0.191395 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:55.117477 0.071019 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:55.188905 0.143894 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:55.333201 0.341079 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:55.674658 0.307067 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:24:55.982119 0.046210 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:30:29.054626 3.001240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 22:30:36.066460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:30:44.063118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:31:00.066251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:31:32.072014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:37:36.079442 3.000506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 22:37:43.085784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:37:51.087155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:38:07.100112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:38:39.108190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:44:43.112900 3.000996 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 22:44:50.119619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:44:58.121112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:45:14.124193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:45:46.130483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:50:25.913236 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 22:50:25.913441 1.729357 tcp 10.0.2.109 49903 -> 27.251.231.18 9791 FSPA* 0 0 15 1747 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:53:57.139678 3.001035 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 22:54:04.146251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:54:12.147729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:54:28.150741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:55:00.156966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 22:55:02.279839 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 22:55:02.279981 0.028789 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:02.309169 0.188911 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:02.498469 0.167373 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:02.666267 0.048661 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:02.715339 0.075822 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:02.791523 0.053801 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:02.845753 0.166254 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:03.012402 0.135740 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:03.148598 0.066188 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:03.215196 0.518678 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:03.734309 0.169267 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:03.903940 0.048363 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:03.952683 0.063389 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:04.016506 0.069233 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:04.086302 0.088002 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:04.174726 0.056316 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:04.231416 0.053642 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:04.285515 0.179327 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:04.465272 0.319019 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 197 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:04.784687 0.154866 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:04.939932 0.371835 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:05.312166 0.050395 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:05.362915 0.405831 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:05.769162 0.000000 udp 10.0.2.109 3683 -> 143.225.166.230 6500 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 22:55:23.341567 0.053752 tcp 10.0.2.109 49904 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:55:23.395621 0.052764 tcp 10.0.2.109 49905 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:55:23.448600 0.141656 tcp 10.0.2.109 49906 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/01 22:55:23.590827 0.041718 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:23.632948 0.093016 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:23.726392 0.189691 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:23.916470 0.065068 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:23.981914 0.141414 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:24.123781 0.355293 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:24.479485 0.308562 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/01 22:55:24.788419 0.040512 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:01:09.169617 3.001880 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 23:01:16.176721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:01:24.178666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:01:40.183102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:02:12.187835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:08:25.196346 3.002418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 23:08:32.204501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:08:40.205731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:08:56.209031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:09:28.214783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:15:32.221232 3.001239 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 23:15:39.228544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:15:47.230188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:16:03.232872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:16:35.238915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:20:27.643200 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 23:20:27.643355 1.905428 tcp 10.0.2.109 49907 -> 27.251.231.18 9791 FSPA* 0 0 15 1588 flow=From-Botnet-V1-TCP-Established 1970/02/01 23:22:39.245029 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 23:22:46.252164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:22:54.253843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:23:10.256627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:23:42.263064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:25:41.835246 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 23:25:41.835353 0.000000 udp 10.0.2.109 3683 -> 143.225.166.230 6500 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/01 23:26:00.593274 0.054415 tcp 10.0.2.109 49908 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/01 23:26:00.647960 0.052017 tcp 10.0.2.109 49909 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/01 23:26:00.700234 0.146062 tcp 10.0.2.109 49910 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/01 23:26:00.846654 0.029271 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:00.876321 0.147731 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:01.024450 0.069231 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:01.094053 0.054862 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:01.149275 0.070770 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:01.220413 0.145983 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:01.366878 0.067425 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:01.434679 0.166383 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:01.601447 0.049265 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:01.651094 0.410658 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.062204 0.065048 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.127686 0.065244 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.193353 0.091041 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.284771 0.061682 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.346891 0.057188 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.404579 0.184984 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.589920 0.050178 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.640534 0.166514 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.807517 0.153106 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:02.961012 0.318233 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:03.279590 0.052021 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:03.331974 0.363241 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:03.695598 0.081667 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:03.777629 0.041862 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:03.819847 0.092485 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:03.912708 0.141692 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:04.054757 0.345301 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:04.400440 0.190606 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:04.591476 0.073434 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:04.665282 0.308377 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:26:04.974026 0.044187 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:29:46.269620 3.000834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 23:29:53.279003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:30:01.277539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:30:17.280879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:30:49.286778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:36:53.292116 3.002059 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 23:37:00.300763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:37:08.301576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:37:24.304614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:37:56.310731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:44:00.317415 3.001061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 23:44:07.323939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:44:15.325705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:44:31.328526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:45:03.334922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:50:29.554268 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 23:50:29.554508 2.085783 tcp 10.0.2.109 49911 -> 27.251.231.18 9791 FSPA* 0 0 14 1740 flow=From-Botnet-V1-TCP-Established 1970/02/01 23:53:28.343917 3.000872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/01 23:53:35.350931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:53:43.355595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:53:59.356609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:54:31.364183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/01 23:56:20.889248 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/01 23:56:20.889435 0.028949 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:20.918797 0.149738 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:21.068951 0.073853 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:21.143223 0.057059 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:21.200750 0.141637 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:21.342783 0.143709 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:21.486860 0.063303 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:21.550568 0.170317 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:21.721288 0.048728 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:21.770409 0.456363 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:22.227192 0.061868 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:22.289473 0.073418 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:22.363243 0.088065 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:22.451766 0.058134 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:22.510404 0.055985 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:22.566799 0.179462 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:22.746670 0.048982 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:22.796033 0.171134 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:22.967548 0.049888 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:23.017814 0.362619 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:23.380809 0.083518 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:23.464672 0.043923 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:23.509007 0.152602 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:23.662021 0.332733 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:23.995204 0.097175 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:24.092786 0.140842 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:24.234035 0.363584 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:24.597979 0.189860 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:24.788236 0.072612 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:24.861200 0.310360 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/01 23:56:25.171963 0.040375 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:00:35.368135 3.000776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 00:00:42.374894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:00:50.376417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:01:06.379295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:01:38.389850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:07:42.391471 3.001603 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 00:07:49.398830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:07:57.400427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:08:13.403628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:08:45.409398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:14:49.415193 3.023017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 00:14:56.433106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:15:04.434341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:15:20.437362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:15:52.443207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:20:31.645120 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 00:20:31.645278 1.931194 tcp 10.0.2.109 49912 -> 27.251.231.18 9791 FSPA* 0 0 15 1628 flow=From-Botnet-V1-TCP-Established 1970/02/02 00:21:56.450483 3.000411 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 00:22:03.456574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:22:11.458338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:22:27.461137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:22:59.467169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:26:44.402370 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 00:26:44.402567 0.029312 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:44.432335 0.149582 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:44.582294 0.075102 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:44.657784 0.055126 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:44.713294 0.162845 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:44.876579 0.135209 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:45.012215 0.067517 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:45.080127 0.164509 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:45.245066 0.049647 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:45.295133 0.070231 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:45.365817 0.100564 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:45.466809 0.059284 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:45.526585 0.384636 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:45.911673 0.065029 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:45.977099 0.060588 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:46.038268 0.179616 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:46.218462 0.050172 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:46.269022 0.176531 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:46.445940 0.049941 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:46.496281 0.042186 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:46.538916 0.159861 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:46.699173 0.356530 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:47.056082 0.361370 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:47.417862 0.083913 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:47.502342 0.094011 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:47.596731 0.140689 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:47.737833 0.346422 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:48.084717 0.310180 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:48.395307 0.046499 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:48.442262 0.191065 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:26:48.633777 0.073241 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:29:03.473237 3.001593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 00:29:10.480787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:29:18.482262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:29:34.485298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:30:06.491125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:36:10.498713 3.000656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 00:36:17.504760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:36:25.505908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:36:41.513586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:37:13.515107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:43:17.520208 3.002889 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 00:43:24.533347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:43:32.530202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:43:48.533239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:44:20.539211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:50:24.544770 3.001905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 00:50:31.552633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:50:33.575348 0.000205 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 00:50:33.575660 1.747520 tcp 10.0.2.109 49913 -> 27.251.231.18 9791 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/02/02 00:50:39.554200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:50:55.556760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:51:27.562867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:57:12.048767 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 00:57:12.048980 0.072762 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.122231 0.055488 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.178086 0.029370 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.207893 0.148494 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.356798 0.071666 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.428855 0.137077 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.566369 0.064331 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.631101 0.166367 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.797840 0.049123 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.847334 0.067041 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:12.914775 0.087115 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:13.002420 0.055348 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:13.058183 0.397930 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:13.456479 0.063222 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:13.520120 0.060690 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:13.581192 0.188179 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:13.769715 0.049152 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:13.819280 0.171378 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:13.991149 0.050635 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:14.042182 0.041144 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:14.083806 0.150954 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:14.235147 0.760727 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:14.996271 0.094488 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:15.091182 0.141382 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:15.232976 0.320122 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:15.553489 0.372558 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:15.926448 0.343377 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:16.270218 0.308345 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:16.578970 0.049881 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:16.629241 0.191167 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:16.820776 0.073377 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 00:57:31.569752 3.000991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 00:57:38.576267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:57:46.578269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:58:02.580984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 00:58:34.587093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:04:55.606980 3.002147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 01:05:02.614723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:05:10.616131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:05:26.619431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:05:58.625439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:12:11.635096 3.000875 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 01:12:18.641985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:12:26.643426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:12:42.646205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:13:14.652656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:19:18.658474 3.021700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 01:19:25.685852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:19:33.687095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:19:49.690129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:20:21.696490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:20:35.326918 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 01:20:35.327111 1.838960 tcp 10.0.2.109 49914 -> 27.251.231.18 9791 FSPA* 0 0 14 1590 flow=From-Botnet-V1-TCP-Established 1970/02/02 01:26:25.701439 3.001922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 01:26:32.709872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:26:40.711251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:26:56.714396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:27:28.720432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:27:28.970882 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 01:27:28.971071 0.075522 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.047039 0.056192 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.103602 0.029377 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.133418 0.150756 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.295033 0.139628 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.435045 0.138237 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.573689 0.065642 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.639717 0.164985 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.805076 0.049218 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.854704 0.065046 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:29.920184 0.087936 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:30.008547 0.060027 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:30.068954 0.389439 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:30.458843 0.061788 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:30.521013 0.061776 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:30.583119 0.187946 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:30.771495 0.052586 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:30.824456 0.168907 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:30.993763 0.049027 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:31.043206 0.041646 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:31.085272 0.151010 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:31.236743 0.143018 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:31.380194 0.350238 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:31.730795 0.080931 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:31.812095 0.096028 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:31.908571 0.372064 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:32.281097 0.365437 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:32.646926 0.309139 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:32.956495 0.058695 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:33.015649 0.193673 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:27:33.209696 0.065040 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:33:32.729507 2.998137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 01:33:39.733944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:33:47.735034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:34:03.738482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:34:35.744523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:40:39.750732 3.001314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 01:40:46.757551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:40:54.759193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:41:10.762069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:41:42.768244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:47:46.774262 3.001545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 01:47:53.781633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:48:01.783236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:48:17.786259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:48:49.792483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:50:37.167049 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 01:50:37.167223 1.799910 tcp 10.0.2.109 49915 -> 27.251.231.18 9791 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/02/02 01:55:30.802166 3.000879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 01:55:37.808812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:55:45.810334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:56:01.813530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:56:33.819303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 01:57:50.570321 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 01:57:50.570480 0.029170 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:50.600092 0.150547 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:50.751001 0.095791 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:50.847224 0.138298 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:50.985929 0.065402 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:51.051753 0.165047 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:51.217165 0.077168 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:51.294779 0.055678 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:51.350828 0.049406 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:51.400632 0.069051 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:51.470075 0.092714 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:51.563231 0.059900 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:51.623544 0.386683 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:52.010680 0.065856 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:52.076981 0.056503 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:52.133917 0.184883 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:52.319218 0.056214 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:52.375822 0.048433 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:52.424620 0.151203 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:52.576264 0.142696 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:52.719331 0.318042 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:53.037790 0.088973 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:53.127203 0.166868 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:53.294510 0.050104 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:53.345023 0.099849 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:53.445287 0.371776 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:53.817461 0.349504 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:54.167369 0.189836 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:54.357654 0.071227 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:54.429293 0.309592 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/02 01:57:54.739282 0.040770 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:02:45.827478 3.001322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 02:02:52.834421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:03:00.836005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:03:16.838823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:03:48.844781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:09:52.851268 3.001304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 02:09:59.858078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:10:07.860021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:10:23.862891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:10:55.868777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:16:59.875312 3.000942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 02:17:06.882493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:17:14.883824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:17:30.886504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:18:02.892673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:20:38.967343 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 02:20:38.967542 1.779743 tcp 10.0.2.109 49916 -> 27.251.231.18 9791 FSPA* 0 0 14 1728 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:24:06.902140 3.004433 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 02:24:13.907875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:24:21.911580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:24:37.910756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:25:09.916939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:28:08.193229 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 02:28:08.193374 0.031360 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:08.225067 0.155953 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:08.381482 0.362408 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:08.744315 0.152626 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:08.897358 0.064753 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:08.962562 0.165330 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:09.128277 0.074637 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:09.203303 0.056370 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:09.260067 0.049479 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:09.309941 0.071281 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:09.381634 0.089755 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:09.471791 0.059419 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:09.531658 0.382623 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:09.914727 0.064144 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:09.979316 0.058056 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:10.037783 0.181885 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:10.220053 0.054711 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:10.275162 0.051192 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:10.326760 0.153449 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:10.480657 0.140422 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:10.621461 0.325752 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:10.947632 0.243899 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:11.191943 0.166631 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:11.359019 0.049852 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:11.409298 0.094947 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:11.504620 0.193239 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:11.698293 0.073750 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:11.772478 0.310242 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:12.083109 0.041376 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:12.124867 0.367630 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:28:12.492869 0.348571 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:31:13.923661 3.000397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 02:31:20.930117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:31:28.931344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:31:44.934634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:32:16.940530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:38:20.947710 3.000620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 02:38:27.953604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:38:35.955600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:38:51.958416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:39:23.964759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:45:27.971091 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 02:45:34.978011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:45:42.979660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:45:58.982499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:46:30.988889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:50:40.748189 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 02:50:40.748345 3.003903 tcp 10.0.2.109 49917 -> 27.251.231.18 9791 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 02:50:49.750804 0.000000 tcp 10.0.2.109 49917 -> 27.251.231.18 9791 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 02:50:55.750962 0.067441 tcp 10.0.2.109 49918 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:50:55.818724 0.053166 tcp 10.0.2.109 49919 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:50:55.872133 0.170894 tcp 10.0.2.109 49920 -> 195.113.214.211 443 SRPA* 0 0 63 41455 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:50:56.095202 2.999140 tcp 10.0.2.109 49921 -> 81.182.251.82 2897 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 02:51:05.093082 0.000000 tcp 10.0.2.109 49921 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 02:51:11.092224 0.051084 tcp 10.0.2.109 49922 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:51:11.143593 0.054725 tcp 10.0.2.109 49923 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:51:11.198577 0.158528 tcp 10.0.2.109 49924 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:51:11.372058 3.003829 tcp 10.0.2.109 49925 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 02:51:20.374515 0.000000 tcp 10.0.2.109 49925 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 02:51:26.373869 0.052590 tcp 10.0.2.109 49926 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:51:26.426723 0.057732 tcp 10.0.2.109 49927 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:51:26.484758 0.236906 tcp 10.0.2.109 49928 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:51:26.739250 0.521622 tcp 10.0.2.109 49929 -> 176.73.169.112 1959 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/02/02 02:54:22.999920 3.004695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 02:54:30.007290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:54:38.008959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:54:54.011651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:55:26.017746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 02:58:15.602837 0.000160 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 02:58:15.603136 0.059849 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:15.663424 0.031244 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:15.695069 0.149598 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:15.845102 0.144356 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:15.989887 0.067068 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:16.057391 0.164575 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:16.222556 0.074340 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:16.297363 0.054766 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:16.352581 0.048874 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:16.401897 0.067665 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:16.469983 0.084382 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:16.554762 0.058470 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:16.613603 0.382025 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:16.995993 0.066025 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:17.062425 0.060316 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:17.123131 0.187168 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:17.310666 0.055226 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:17.366332 0.041980 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:17.408710 0.152466 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:17.561624 0.141810 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:17.703854 0.323171 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:18.027481 0.177518 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:18.205421 0.166720 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:18.372561 0.050106 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:18.423060 0.097213 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:18.520660 0.190151 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:18.711222 0.072802 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:18.784435 0.370763 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:19.155599 0.349358 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:19.505408 0.308276 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/02 02:58:19.814107 0.046939 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:01:52.035846 3.000780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 03:01:59.042812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:02:07.044315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:02:23.047370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:02:55.053463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:09:06.060124 3.001043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 03:09:13.067042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:09:21.068519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:09:37.071433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:10:09.077097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:16:13.085209 3.000184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 03:16:20.090835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:16:28.094428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:16:44.095444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:17:16.106823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:21:27.263138 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 03:21:27.263240 0.664864 tcp 10.0.2.109 49930 -> 176.73.169.112 1959 FSPA* 0 0 15 1695 flow=From-Botnet-V1-TCP-Established 1970/02/02 03:23:20.117527 3.001588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 03:23:27.124845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:23:35.126620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:23:51.129441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:24:23.135612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:28:28.899187 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 03:28:28.899345 0.062424 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:28.962328 0.032326 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:28.995080 0.148462 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.144001 0.145068 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.289476 0.063642 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.353526 0.166725 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.520665 0.071868 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.593060 0.055939 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.649468 0.049066 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.698921 0.070811 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.770077 0.088172 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.858625 0.056198 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:29.915281 0.402062 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:30.317741 0.064756 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:30.382897 0.056480 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:30.439812 0.187381 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:30.627538 0.049210 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:30.677124 0.044266 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:30.721815 0.153965 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:30.876116 0.142412 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:31.018909 0.369070 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:31.388365 0.078649 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:31.467408 0.189322 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:31.657121 0.049875 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:31.707403 0.096587 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:31.804355 0.192807 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:31.997626 0.072397 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:32.070585 0.371330 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:32.442486 0.046567 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:32.489463 0.336850 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:28:32.826742 0.309432 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:30:27.141821 3.001307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 03:30:34.149040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:30:42.150411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:30:58.153240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:31:30.159641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:37:34.165415 3.001573 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 03:37:41.172776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:37:49.174436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:38:05.177391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:38:37.183369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:44:41.189567 3.011753 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 03:44:48.206895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:44:56.208182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:45:12.211303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:45:44.217365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:51:27.934499 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 03:51:27.934641 0.637819 tcp 10.0.2.109 49931 -> 176.73.169.112 1959 FSPA* 0 0 14 1621 flow=From-Botnet-V1-TCP-Established 1970/02/02 03:54:00.234506 3.000759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 03:54:07.241058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:54:15.241950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:54:31.245162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:55:03.251105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 03:59:01.784403 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 03:59:01.784700 0.057556 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:01.842672 0.032197 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:01.875283 0.148918 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.024644 0.136029 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.161085 0.062129 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.223725 0.165510 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.389639 0.072379 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.462511 0.054148 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.517055 0.054467 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.571935 0.071630 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.643908 0.088947 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.733246 0.058619 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:02.792257 0.384833 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:03.177434 0.062450 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:03.240248 0.054877 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:03.295528 0.179194 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:03.475184 0.053513 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:03.529144 0.043568 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:03.573070 0.152042 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:03.725509 0.141721 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:03.867648 0.365836 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:04.233880 0.080863 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:04.315147 0.164662 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:04.480245 0.048749 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:04.529411 0.102539 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:04.632364 0.373017 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:05.005807 0.041182 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:05.047377 0.344216 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:05.392055 0.193614 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:05.586304 0.071946 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/02 03:59:05.658694 0.309043 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:01:07.257129 3.001814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 04:01:14.264759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:01:22.266438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:01:38.268866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:02:10.274911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:08:22.284002 3.000353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 04:08:29.289899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:08:37.291416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:08:53.294618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:09:25.300844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:15:29.306754 3.002124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 04:15:36.313994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:15:44.315554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:16:00.318711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:16:32.325921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:21:28.570996 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 04:21:28.571097 0.628881 tcp 10.0.2.109 49932 -> 176.73.169.112 1959 FSPA* 0 0 14 1502 flow=From-Botnet-V1-TCP-Established 1970/02/02 04:22:36.330275 3.005604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 04:22:43.338283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:22:51.339668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:23:07.342712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:23:39.348922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:29:16.523957 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 04:29:16.524148 0.062298 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:16.586872 0.034176 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:16.621463 0.149846 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:16.771675 0.135225 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:16.907304 0.077631 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:16.985297 0.165583 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:17.151293 0.072483 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:17.224202 0.060477 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:17.285098 0.049230 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:17.334800 0.058517 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:17.393764 0.397377 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:17.791538 0.058820 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:17.850789 0.057475 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:17.908670 0.070306 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:17.979380 0.086878 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:18.066660 0.237098 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:18.304217 0.053445 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:18.358108 0.049260 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:18.407762 0.152648 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:18.560788 0.141788 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:18.702949 0.166621 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:18.869982 0.049738 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:18.920075 0.092460 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:19.012978 0.351279 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:19.364697 0.086598 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:19.451721 0.372758 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:19.824832 0.049029 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:19.874250 0.335458 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:20.210169 0.193424 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:20.403958 0.072612 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:20.476909 0.305773 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:29:43.354985 3.000998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 04:29:50.361980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:29:58.363481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:30:14.368647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:30:46.372748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:36:50.378690 3.001888 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 04:36:57.385834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:37:05.387501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:37:21.390446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:37:53.396739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:43:57.403052 3.001127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 04:44:04.409962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:44:12.411393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:44:28.414368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:45:00.420658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:51:29.199698 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 04:51:29.199877 0.531186 tcp 10.0.2.109 49933 -> 176.73.169.112 1959 FSPA* 0 0 13 1588 flow=From-Botnet-V1-TCP-Established 1970/02/02 04:53:25.429188 3.002104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 04:53:32.436801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:53:40.437929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:53:56.441034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:54:28.447471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 04:59:50.069953 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 04:59:50.070042 0.149345 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.220270 0.063941 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.284618 0.032454 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.317485 0.144105 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.461934 0.071635 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.533920 0.166586 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.700918 0.072712 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.773995 0.055195 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.829568 0.050053 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.880004 0.062412 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:50.942828 1.801379 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:52.744582 0.063777 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:52.808772 0.056345 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:52.865535 0.064315 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:52.930284 0.088220 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:53.018912 0.179091 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:53.198402 0.049849 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:53.248665 0.044196 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:53.293261 0.152216 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:53.445862 0.142474 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:53.588721 0.166241 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:53.755402 0.049677 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:53.805523 0.096524 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:53.902451 0.335431 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:54.238335 0.083228 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:54.321941 0.371385 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:54.693727 0.250662 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:54.944801 0.070940 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:55.016205 0.309367 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/02 04:59:55.325963 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 05:00:11.381745 0.053147 tcp 10.0.2.109 49934 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 05:00:11.435170 0.053908 tcp 10.0.2.109 49935 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 05:00:11.489402 0.130255 tcp 10.0.2.109 49936 -> 195.113.214.211 443 SRPA* 0 0 56 51281 flow=From-Botnet-V1-TCP-Established 1970/02/02 05:00:11.620303 0.336745 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:00:32.452724 3.002204 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 05:00:39.460688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:00:47.461977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:01:03.464886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:01:35.471218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:07:39.477682 3.001012 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 05:07:46.484369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:07:54.486346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:08:10.489142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:08:42.495097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:14:46.501566 3.001535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 05:14:53.508468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:15:01.509946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:15:17.513905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:15:49.519517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:21:29.738776 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 05:21:29.739013 0.559757 tcp 10.0.2.109 49937 -> 176.73.169.112 1959 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/02/02 05:21:53.525333 3.001805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 05:22:00.538597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:22:08.533844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:22:24.536694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:22:56.542845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:29:00.548759 3.001607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 05:29:07.556154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:29:15.557806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:29:31.560954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:30:03.577021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:30:33.760848 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 05:30:33.760983 0.046533 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:33.807941 0.173190 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:33.981593 0.032038 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.014018 0.137057 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.151527 0.069082 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.221021 0.168298 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.389725 0.073879 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.463985 0.055052 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.519418 0.049031 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.568818 0.158553 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.727850 0.058369 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.786645 0.061386 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:34.848388 0.000000 udp 10.0.2.109 3683 -> 1.169.254.247 2346 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 05:30:51.007586 0.054553 tcp 10.0.2.109 49938 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 05:30:51.062433 0.055332 tcp 10.0.2.109 49939 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 05:30:51.117600 0.149556 tcp 10.0.2.109 49940 -> 195.113.214.211 443 SRPA* 0 0 42 35262 flow=From-Botnet-V1-TCP-Established 1970/02/02 05:30:51.267815 0.074598 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:51.342771 0.086415 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:51.429596 0.061879 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:51.491908 0.187328 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:51.679627 0.153353 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:51.833438 0.139584 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:51.973397 0.168651 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:52.142458 0.050076 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:52.192916 0.096856 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:52.290316 0.040716 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:52.331462 0.050987 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:52.382862 0.333180 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:52.716454 0.080392 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:52.797291 0.362154 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:53.159935 0.077031 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:53.237359 0.190138 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:53.427946 0.334040 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:30:53.762365 0.337597 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/02 05:36:07.582753 3.001627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 05:36:14.590450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:36:22.591913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:36:38.595851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:37:10.600831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:43:14.607014 3.001481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 05:43:21.614036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:43:29.615786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:43:45.618882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:44:17.624867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:50:21.632276 3.000321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 05:50:28.638453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:50:36.639837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:50:52.643006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:51:24.648875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:51:30.307620 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 05:51:30.307762 0.523323 tcp 10.0.2.109 49941 -> 176.73.169.112 1959 FSPA* 0 0 16 1844 flow=From-Botnet-V1-TCP-Established 1970/02/02 05:57:28.656118 3.000565 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 05:57:35.662215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:57:43.663702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:57:59.666169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 05:58:31.672906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:01:17.621784 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 06:01:17.621952 0.544678 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:18.167052 0.047217 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:18.214620 0.034425 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:18.249465 0.136812 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:18.386707 0.066585 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:18.453691 0.164753 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:18.618787 0.212316 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:18.831492 0.053237 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:18.885113 0.049321 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:18.934820 0.148732 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.083998 0.058619 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.143021 0.061919 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.205374 0.074246 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.280030 0.065238 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.345625 0.088748 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.434860 0.057661 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.492947 0.179161 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.672523 0.155969 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 206 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.828908 0.140314 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:19.969636 0.171342 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:20.141356 0.049852 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:20.191659 0.094859 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:20.286899 0.043153 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:20.330454 0.051233 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:20.382308 0.330986 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:20.713684 0.084276 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:20.880907 0.210664 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:21.091994 0.307140 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:21.399549 0.361442 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:21.761352 0.067635 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:01:21.829398 0.336769 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:04:52.693441 3.001471 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 06:04:59.700647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:05:07.702064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:05:23.704568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:05:55.711287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:12:08.720116 3.001746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 06:12:15.727677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:12:23.729169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:12:39.732144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:13:11.738138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:19:15.750376 2.995465 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 06:19:22.751481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:19:30.752967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:19:46.755445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:20:18.761582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:21:30.836244 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 06:21:30.836462 0.611723 tcp 10.0.2.109 49942 -> 176.73.169.112 1959 FSPA* 0 0 14 1652 flow=From-Botnet-V1-TCP-Established 1970/02/02 06:26:22.767940 3.055859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 06:26:29.801614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:26:37.796429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:26:53.800094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:27:25.805985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:31:22.856859 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 06:31:22.856958 0.412270 udp 10.0.2.109 3683 <-> 1.169.254.247 2346 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:23.269705 0.047126 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:23.317265 0.031742 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:23.349367 0.145144 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:23.494893 0.067989 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:23.563270 0.164581 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:23.728251 0.058727 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:23.787415 0.054222 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:23.842140 0.049026 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:23.891618 0.151551 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.043625 0.057682 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.101944 0.065264 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.167632 0.075336 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.243428 0.076854 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.320680 0.085125 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.406298 0.057327 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.464021 0.179443 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.643869 0.151566 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.795857 0.142576 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:24.938841 0.224194 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:25.163398 0.048754 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:25.212596 0.091297 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:25.304317 0.043555 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:25.348295 0.066003 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:25.414708 0.192890 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:25.627046 0.311212 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:25.938657 0.362780 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:26.301977 0.069902 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:26.372296 0.349576 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:26.722341 0.081671 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:31:26.804435 0.355645 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/02 06:33:29.811949 3.001158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 06:33:36.819781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:33:44.821130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:34:00.824037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:34:32.830200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:40:36.835872 3.001928 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 06:40:43.843625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:40:51.844898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:41:07.848420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:41:39.853501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:47:43.859393 3.002421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 06:47:50.867320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:47:58.868813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:48:14.871847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:48:46.879608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:51:31.455205 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 06:51:31.455344 0.512485 tcp 10.0.2.109 49943 -> 176.73.169.112 1959 FSPA* 0 0 14 1573 flow=From-Botnet-V1-TCP-Established 1970/02/02 06:55:28.888413 3.002599 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 06:55:35.896276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:55:43.897520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:55:59.900700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 06:56:31.906120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:01:36.415137 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 07:01:36.415299 0.031153 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:01:36.446937 0.137134 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:01:36.584466 0.087390 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:01:36.672260 0.168473 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:01:36.841127 0.056159 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:01:36.897713 0.055425 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:01:36.953552 0.000000 udp 10.0.2.109 3683 -> 1.169.254.247 2346 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 07:01:55.604147 0.052987 tcp 10.0.2.109 49944 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:01:55.657412 0.054028 tcp 10.0.2.109 49945 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:01:55.711648 0.145484 tcp 10.0.2.109 49946 -> 195.113.214.211 443 SRPA* 0 0 66 42929 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:01:55.857694 0.046569 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:01:55.904698 0.049293 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:01:55.954383 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 07:02:13.338355 0.052877 tcp 10.0.2.109 49947 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:02:13.391539 0.052852 tcp 10.0.2.109 49948 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:02:13.444701 0.162206 tcp 10.0.2.109 49949 -> 195.113.214.211 443 SRPA* 0 0 56 38916 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:02:13.607499 0.062136 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:13.670043 0.065660 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:13.736101 0.073223 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:13.809695 0.072024 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:13.882078 0.089975 rtcp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:13.972386 0.060773 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:14.033519 0.183952 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:14.217842 0.156607 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:14.374802 0.142373 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:14.517542 0.169424 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:14.687370 0.049731 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:14.737459 0.093861 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:14.831726 0.041966 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:14.874204 0.051249 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:14.925830 0.218423 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:15.144625 0.070671 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:15.215724 0.326632 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:15.542729 0.080402 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:15.623572 0.308509 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:15.932465 0.365452 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:16.298315 0.336069 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:02:43.914826 3.000514 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 07:02:50.921722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:02:58.923252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:03:14.925778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:03:46.931754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:09:50.938229 3.001486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 07:09:57.945469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:10:05.947213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:10:21.949389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:10:53.955950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:16:57.962877 3.000953 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 07:17:04.981862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:17:12.980970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:17:28.983904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:18:00.990418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:21:31.973999 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 07:21:31.974238 0.552928 tcp 10.0.2.109 49950 -> 176.73.169.112 1959 FSPA* 0 0 14 1644 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:24:04.996150 3.002564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 07:24:12.003576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:24:20.008029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:24:36.007961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:25:08.025191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:31:12.030311 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 07:31:19.037570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:31:27.038704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:31:43.042064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:32:15.048224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:32:25.303143 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 07:32:25.303314 0.000000 udp 10.0.2.109 3683 -> 1.169.254.247 2346 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 07:32:43.270220 0.054592 tcp 10.0.2.109 49951 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:32:43.325097 0.071796 tcp 10.0.2.109 49952 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:32:43.397226 0.164467 tcp 10.0.2.109 49953 -> 195.113.214.211 443 SRPA* 0 0 42 24342 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:32:43.561917 0.148285 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:43.710579 0.166284 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:43.877253 0.059540 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:43.937220 0.056231 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:43.993818 0.031533 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.025765 0.066327 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.092483 0.143822 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.236741 0.049131 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.286392 0.040884 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.327699 0.060971 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.389027 0.068540 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.457961 0.070281 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.528638 0.068916 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.597942 0.090096 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.688451 0.060774 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.749607 0.184836 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:44.934918 0.152224 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:45.087519 0.141658 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:45.229662 0.172740 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:45.402816 0.048843 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:45.452092 0.096591 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:45.549081 0.065375 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:45.614875 0.055215 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:45.670461 0.190978 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:45.861798 0.072132 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:45.934358 0.311172 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:46.245992 0.371518 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:46.617854 0.338378 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:46.956665 0.080853 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:32:47.037911 0.358281 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/02 07:38:19.054486 3.061370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 07:38:26.099746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:38:34.073047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:38:50.075868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:39:22.081971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:45:26.089309 3.000187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 07:45:33.094992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:45:41.096235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:45:57.100097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:46:29.105725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:51:32.532650 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 07:51:32.532785 0.502760 tcp 10.0.2.109 49954 -> 176.73.169.112 1959 FSPA* 0 0 14 1515 flow=From-Botnet-V1-TCP-Established 1970/02/02 07:54:21.118078 3.000945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 07:54:28.124509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:54:36.126421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:54:52.129182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 07:55:24.135240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:01:50.153386 3.001378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 08:01:57.160653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:02:05.162042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:02:21.164615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:02:53.170553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:03:12.028191 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 08:03:12.028279 0.165072 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:12.193797 0.166429 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:12.360621 0.059158 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:12.420170 0.057412 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:12.477965 0.031483 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:12.509802 0.068307 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:12.578519 0.136653 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:12.715575 0.052546 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:12.768522 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 08:03:30.055711 0.054476 tcp 10.0.2.109 49955 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 08:03:30.110488 0.057105 tcp 10.0.2.109 49956 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 08:03:30.167896 0.139055 tcp 10.0.2.109 49957 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/02 08:03:30.307688 0.057375 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:30.365497 0.062064 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:30.427912 0.072410 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:30.500790 0.067252 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:30.568424 0.085498 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:30.654516 0.055610 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:30.710541 0.179244 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:30.890304 0.151912 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:31.042606 0.141653 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:31.184664 0.170227 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:31.355349 0.050914 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:31.406636 0.091599 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:31.498618 0.048169 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:31.547199 0.050673 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:31.598248 0.192678 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:31.791322 0.363096 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:32.154851 0.068813 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:32.224033 0.307261 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:32.531744 0.347842 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:32.879937 0.355331 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:03:33.235620 0.085063 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:09:04.177323 3.001500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 08:09:11.184561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:09:19.185514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:09:35.188912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:10:07.194903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:16:11.201465 3.007061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 08:16:18.208512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:16:26.209550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:16:42.212880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:17:14.219963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:21:33.041414 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 08:21:33.041510 0.533200 tcp 10.0.2.109 49958 -> 176.73.169.112 1959 FSPA* 0 0 14 1578 flow=From-Botnet-V1-TCP-Established 1970/02/02 08:23:18.225109 3.001323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 08:23:25.232522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:23:33.233572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:23:49.236678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:24:21.244744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:30:25.248237 3.002242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 08:30:32.255693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:30:40.257539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:30:56.260938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:31:28.266716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:33:47.116482 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 08:33:47.116635 0.041131 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:47.158220 0.126359 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:47.285012 0.059120 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:47.344521 0.029204 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:47.374162 0.068038 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:47.442547 0.151971 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:47.595015 0.164578 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:47.760059 0.049450 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:47.809963 0.145575 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:47.955978 0.073993 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:48.030522 0.070050 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:48.100918 0.094856 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:48.196142 0.057219 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:48.253731 0.057027 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:48.311136 0.061071 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:48.372601 0.186681 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:48.559677 0.153903 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:48.713947 0.148431 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:48.862819 0.167415 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:49.030646 0.049884 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:49.080945 0.092458 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:33:49.173796 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 08:34:06.206170 0.053513 tcp 10.0.2.109 49959 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 08:34:06.259973 0.054796 tcp 10.0.2.109 49960 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 08:34:06.315119 0.151516 tcp 10.0.2.109 49961 -> 195.113.214.211 443 SRPA* 0 0 71 70012 flow=From-Botnet-V1-TCP-Established 1970/02/02 08:34:06.467361 0.046981 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:34:06.514776 0.071252 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:34:06.586440 0.307560 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:34:06.894536 0.195634 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:34:07.090576 0.362724 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:34:07.453689 0.084535 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:34:07.538603 0.353475 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:34:07.892472 0.328009 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/02 08:37:32.273076 3.001506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 08:37:39.280183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:37:47.281705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:38:03.284846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:38:35.290577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:44:39.296490 3.001983 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 08:44:46.304145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:44:54.307083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:45:10.308794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:45:42.314600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:51:33.580182 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 08:51:33.580280 0.559263 tcp 10.0.2.109 49962 -> 176.73.169.112 1959 FSPA* 0 0 16 1645 flow=From-Botnet-V1-TCP-Established 1970/02/02 08:53:58.330675 3.001800 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 08:54:05.337892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:54:13.340025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:54:29.343147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 08:55:01.348673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:01:05.355651 3.000355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 09:01:12.361907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:01:20.363481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:01:36.366512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:02:08.372462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:04:08.435231 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 09:04:08.435417 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 09:04:25.621137 0.055519 tcp 10.0.2.109 49963 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:04:25.676912 0.056589 tcp 10.0.2.109 49964 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:04:25.733801 0.152861 tcp 10.0.2.109 49965 -> 195.113.214.211 443 SRPA* 0 0 60 37998 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:04:25.885980 0.060728 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:25.947117 0.055351 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.003017 0.031362 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.034714 0.066302 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.101442 0.149399 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.251288 0.168722 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.420491 0.049188 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.470112 0.053346 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.523898 0.144804 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.669136 0.071309 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.740896 0.094853 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.836102 0.056834 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.893329 0.061255 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:26.954968 0.064766 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:27.020172 0.182090 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:27.202660 0.152820 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:27.355844 0.141931 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:27.498302 0.074979 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:27.573657 0.189037 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:27.763129 0.051044 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:27.814542 0.000000 udp 10.0.2.109 3683 -> 86.137.124.209 5857 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 09:04:45.739091 0.056140 tcp 10.0.2.109 49966 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:04:45.795552 0.054173 tcp 10.0.2.109 49967 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:04:45.850021 0.149365 tcp 10.0.2.109 49968 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:04:45.999881 0.053474 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:46.053768 0.072328 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:46.126512 0.307218 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:46.434329 0.081981 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:46.516725 0.352981 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:46.870133 0.192487 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:47.063036 0.370888 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:04:47.434319 0.358999 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:08:20.379244 3.002481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 09:08:27.387282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:08:35.388777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:08:51.392255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:09:23.397652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:15:27.405669 2.999750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 09:15:34.411199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:15:42.417751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:15:58.415632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:16:30.421867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:21:34.138868 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 09:21:34.139049 0.588044 tcp 10.0.2.109 49969 -> 176.73.169.112 1959 FSPA* 0 0 15 1662 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:22:34.427331 3.002377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 09:22:41.435425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:22:49.436541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:23:05.446691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:23:37.445617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:29:41.451833 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 09:29:48.459177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:29:56.460640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:30:12.463669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:30:44.469753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:34:48.822207 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 09:34:48.822416 0.095452 udp 10.0.2.109 3683 <-> 86.137.124.209 5857 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:34:48.918407 0.029395 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:34:48.948192 0.067238 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:34:49.026942 0.149524 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:34:49.176914 0.167099 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:34:49.344402 0.127867 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:34:49.472682 0.055296 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:34:49.528398 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 09:35:06.488545 0.058240 tcp 10.0.2.109 49970 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:35:06.547133 0.052881 tcp 10.0.2.109 49971 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:35:06.600260 0.143106 tcp 10.0.2.109 49972 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:35:06.743866 0.144573 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:06.888815 0.066877 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:06.956175 0.048973 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.005559 0.058589 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.064538 0.055536 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.120473 0.066830 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.187725 0.182527 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.370618 0.154147 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.525236 0.143747 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.669426 0.074002 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.743858 0.168026 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.912302 0.050048 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:07.962826 0.088864 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:08.052094 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 09:35:25.624511 0.052648 tcp 10.0.2.109 49973 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:35:25.677476 0.054322 tcp 10.0.2.109 49974 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:35:25.732062 0.161566 tcp 10.0.2.109 49975 -> 195.113.214.211 443 SRPA* 0 0 56 38290 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:35:25.894292 0.071445 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:25.966188 0.365876 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:26.332484 0.195626 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:26.528547 0.363215 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:26.892193 0.308487 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:27.201085 0.083343 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:35:27.284849 0.369507 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/02 09:36:48.477764 3.118931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 09:36:55.575821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:37:03.516845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:37:19.497826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:37:51.503983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:43:55.510288 3.001004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 09:44:02.517217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:44:10.518960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:44:26.521611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:44:58.527762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:51:02.534179 3.001214 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 09:51:09.547745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:51:17.542395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:51:33.545308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:51:34.727100 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 09:51:34.727255 0.791911 tcp 10.0.2.109 49976 -> 176.73.169.112 1959 FSPA* 0 0 14 1678 flow=From-Botnet-V1-TCP-Established 1970/02/02 09:52:05.551744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:58:09.558422 3.000868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 09:58:16.565164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:58:24.566785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:58:40.569728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 09:59:12.575101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:05:29.468028 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 10:05:29.468143 0.041544 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:29.510144 0.049391 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:29.559971 0.152631 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:29.713075 0.166042 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:29.879483 0.057561 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:29.937450 0.057824 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:29.995720 0.064922 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:30.061028 0.058635 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:30.120063 0.000000 udp 10.0.2.109 3683 -> 86.137.124.209 5857 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 10:05:41.587177 3.002099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 10:05:45.692927 0.053556 tcp 10.0.2.109 49977 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:05:45.746757 0.053272 tcp 10.0.2.109 49978 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:05:45.800312 0.148009 tcp 10.0.2.109 49979 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:05:45.949019 0.142636 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.092068 0.049250 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.141677 0.060572 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.202593 0.055302 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.258383 0.063566 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.322349 0.182578 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.505282 0.152983 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.658696 0.140924 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.800030 0.074093 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.874457 0.064969 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:05:46.939806 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 10:05:48.594983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:05:56.596055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:06:02.545218 0.051872 tcp 10.0.2.109 49980 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:06:02.597406 0.052720 tcp 10.0.2.109 49981 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:06:02.650429 0.155550 tcp 10.0.2.109 49982 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:06:02.806264 0.050899 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:06:02.857564 0.086256 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:06:02.944224 0.072387 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:06:03.016990 0.345579 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:06:03.362969 0.197307 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:06:03.560668 0.384585 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:06:03.945696 0.355219 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:06:04.301365 0.310446 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:06:04.612281 0.084953 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:06:12.599575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:06:44.605455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:12:48.611984 3.008981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 10:12:55.618969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:13:03.620337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:13:19.623598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:13:51.629453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:19:55.635706 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 10:20:02.642261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:20:10.644327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:20:26.647292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:20:58.653534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:21:35.507231 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 10:21:35.507345 0.447776 tcp 10.0.2.109 49983 -> 176.73.169.112 1959 FSPA* 0 0 15 1739 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:27:02.658551 3.002628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 10:27:09.667026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:27:17.668721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:27:33.670775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:28:05.677293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:34:09.683372 3.001644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 10:34:16.690786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:34:24.692376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:34:40.695410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:35:12.701449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:36:20.919836 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 10:36:20.920028 0.000000 udp 10.0.2.109 3683 -> 86.137.124.209 5857 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 10:36:37.076348 0.053567 tcp 10.0.2.109 49984 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:36:37.130173 0.052345 tcp 10.0.2.109 49985 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:36:37.182830 0.166933 tcp 10.0.2.109 49986 -> 195.113.214.211 443 SRPA* 0 0 42 36438 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:36:37.350568 0.171264 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:37.522305 0.152077 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:37.674755 0.168157 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:37.843375 0.057773 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:37.901559 0.054014 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:37.956004 0.064490 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.020898 0.031680 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.052988 0.051157 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.104606 0.041124 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.146221 0.059457 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.206077 0.061673 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.268115 0.065051 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.333615 0.178680 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.512684 0.137145 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.650291 0.049625 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.700335 0.071799 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.772568 0.152301 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:38.925257 0.142043 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:39.067723 0.075341 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:39.143446 0.049973 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:39.193852 0.089380 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:39.283607 0.073598 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:39.357637 0.346797 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:39.704852 0.197180 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:39.902450 0.422427 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:40.325349 0.083687 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:40.409452 0.327395 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:36:40.737230 0.308142 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/02 10:41:16.707384 3.001669 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 10:41:23.714750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:41:31.716094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:41:47.719364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:42:19.725303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:48:23.736179 2.998185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 10:48:30.738822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:48:38.740151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:48:54.742675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:49:26.749306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:51:35.955796 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 10:51:35.955913 0.547278 tcp 10.0.2.109 49987 -> 176.73.169.112 1959 FSPA* 0 0 14 1499 flow=From-Botnet-V1-TCP-Established 1970/02/02 10:55:51.755622 3.002778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 10:55:58.762724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:56:06.764382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:56:22.767422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 10:56:54.773804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:02:58.778682 3.002686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 11:03:05.786442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:03:13.788846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:03:29.791297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:04:01.796984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:06:58.251654 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 11:06:58.251875 0.165126 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:06:58.417428 0.174787 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:06:58.592554 0.169018 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:06:58.761945 0.149940 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:06:58.912277 0.061074 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:06:58.973728 0.065469 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:06:59.039558 0.029103 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:06:59.069067 0.047739 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:06:59.117212 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 11:07:16.499132 0.056753 tcp 10.0.2.109 49988 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 11:07:16.556203 0.054594 tcp 10.0.2.109 49989 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 11:07:16.611090 0.151026 tcp 10.0.2.109 49990 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/02/02 11:07:16.762810 0.060831 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:16.824024 0.058334 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:16.882780 0.075380 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:16.958551 0.184322 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.143246 0.143021 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.286657 0.048978 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.336059 0.067431 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.403875 0.151075 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.555380 0.140632 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.696403 0.075288 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.780666 0.049140 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.830208 0.087453 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.918087 0.071090 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:17.989629 0.334597 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:18.324607 0.191772 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:18.516836 0.328990 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:18.846366 0.362463 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:19.209287 0.079743 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:07:19.289458 0.309967 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:10:05.804526 3.000427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 11:10:12.810986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:10:20.812580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:10:36.815377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:11:08.821724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:17:12.826937 3.002060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 11:17:19.834843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:17:27.836321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:17:43.839393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:18:15.844900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:21:36.504368 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 11:21:36.504521 0.908400 tcp 10.0.2.109 49991 -> 176.73.169.112 1959 FSPA* 0 0 15 1622 flow=From-Botnet-V1-TCP-Established 1970/02/02 11:24:19.864278 3.000101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 11:24:26.877392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:24:34.870264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:24:50.873128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:25:22.879370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:31:26.885358 3.001631 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 11:31:33.892795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:31:41.894485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:31:57.896863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:32:29.903350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:37:47.269976 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 11:37:47.270137 0.040792 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:47.311384 0.063431 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:47.375200 0.178425 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:47.554074 0.148401 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:47.702934 0.057256 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:47.760611 0.067478 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:47.828525 0.029081 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:47.858003 0.049984 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:47.908371 0.164197 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.073005 0.061201 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.134621 0.058423 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.193453 0.060895 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.254793 0.182730 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.437934 0.137540 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.575888 0.049194 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.625467 0.068798 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.694639 0.153235 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.848248 0.141691 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:48.990429 0.077504 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:49.068293 0.050676 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:49.119360 0.086509 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:49.206473 0.072496 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:49.279432 0.341563 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:49.621391 0.192061 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:49.813813 0.079378 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:49.893627 0.307293 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:50.201378 0.332996 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:37:50.534791 0.470003 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/02 11:38:33.908580 3.009036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 11:38:40.916904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:38:48.918647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:39:04.922695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:39:36.927333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:45:40.933379 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 11:45:47.940701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:45:55.942618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:46:11.944726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:46:43.951456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:51:37.414065 0.000197 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 11:51:37.414396 0.527039 tcp 10.0.2.109 49992 -> 176.73.169.112 1959 FSPA* 0 0 14 1653 flow=From-Botnet-V1-TCP-Established 1970/02/02 11:54:26.961519 2.999634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 11:54:33.967117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:54:41.969069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:54:57.973119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 11:55:29.977752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:01:58.990711 3.000467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 12:02:05.996793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:02:13.998574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:02:30.001412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:03:02.007681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:08:19.284030 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 12:08:19.284228 0.167112 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:19.451751 0.148837 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:19.600978 0.058370 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:19.659709 0.069099 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:19.729149 0.029519 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:19.759014 0.050733 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:19.810078 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 12:08:37.241866 0.054645 tcp 10.0.2.109 49993 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 12:08:37.296862 0.058190 tcp 10.0.2.109 49994 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 12:08:37.355390 0.153875 tcp 10.0.2.109 49995 -> 195.113.214.211 443 SRPA* 0 0 35 27162 flow=From-Botnet-V1-TCP-Established 1970/02/02 12:08:37.509979 0.182301 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:37.692698 0.163613 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:37.856709 0.057612 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:37.914747 0.055697 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:37.970843 0.064159 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.035395 0.178929 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.214747 0.135431 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.350613 0.049009 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.400073 0.065680 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.466411 0.152687 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.619504 0.141087 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.760966 0.073617 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.834963 0.048682 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.884043 0.088621 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:38.973052 0.072313 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:39.045791 0.343453 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:39.389668 0.192051 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:39.582237 0.231816 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:39.814513 0.308974 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:40.123849 0.360627 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:08:40.484861 0.371043 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:09:09.017525 3.002066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 12:09:16.025142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:09:24.026734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:09:40.029573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:10:12.035862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:16:16.043869 3.002540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 12:16:23.056480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:16:31.050744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:16:47.054337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:17:19.059528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:21:37.941986 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 12:21:37.942220 0.476572 tcp 10.0.2.109 49996 -> 176.73.169.112 1959 FSPA* 0 0 14 1662 flow=From-Botnet-V1-TCP-Established 1970/02/02 12:23:23.065878 3.001558 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 12:23:30.073311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:23:38.074726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:23:54.077710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:24:26.083905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:30:30.089912 3.001462 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 12:30:37.097173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:30:45.099677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:31:01.101512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:31:33.107675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:37:37.114138 3.001230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 12:37:44.120926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:37:52.122808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:38:08.125507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:38:40.131555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:39:08.552690 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 12:39:08.552896 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 12:39:26.750827 0.052377 tcp 10.0.2.109 49997 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 12:39:26.803473 0.056123 tcp 10.0.2.109 49998 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 12:39:26.859901 0.153254 tcp 10.0.2.109 49999 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 12:39:27.013756 0.057358 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:27.071537 0.063111 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:27.135020 0.031502 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:27.166936 0.051173 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:27.218496 0.148444 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:27.367336 0.196930 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:27.564675 0.054354 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:27.619440 0.523065 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:28.142982 0.167238 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:28.310607 0.065545 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:28.376591 0.067956 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:28.444929 0.178061 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:28.623396 0.143993 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:28.767909 0.049028 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:28.817374 0.078312 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:28.896142 0.155672 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:29.052228 0.141566 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:29.194215 0.072324 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:29.267021 0.050036 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:29.317439 0.340892 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:29.658699 0.194790 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:29.853866 0.079202 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:29.933513 0.088033 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:30.022067 0.074795 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:30.097250 0.400948 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:30.498630 0.310443 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:39:30.809580 0.315814 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/02 12:44:44.137964 3.001340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 12:44:51.144969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:44:59.147396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:45:15.149411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:45:47.155677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:51:38.351066 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 12:51:38.351153 0.444145 tcp 10.0.2.109 50000 -> 176.73.169.112 1959 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/02/02 12:53:59.166569 3.000856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 12:54:06.173064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:54:14.174816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:54:30.177590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 12:55:02.183598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:01:12.198392 3.001521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 13:01:19.205836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:01:27.207217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:01:43.210079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:02:15.218373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:08:28.225128 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 13:08:35.232397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:08:43.233771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:08:59.237050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:09:31.243002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:09:53.685932 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 13:09:53.686114 0.031304 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:53.717843 0.050154 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:53.768423 0.151886 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:53.920716 0.167701 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:54.088841 0.052681 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:54.141873 0.121064 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:54.263384 0.062036 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:54.325887 0.148843 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:54.475180 0.165541 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:54.641131 0.059743 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:54.701224 0.062904 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:54.764458 0.178735 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:54.943560 0.136117 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:55.080090 0.049357 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:55.129810 0.069768 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:55.199975 0.075658 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:55.276003 0.048680 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:55.325098 0.336756 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:55.662447 0.195617 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:55.858576 0.155735 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:56.014729 0.142303 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:56.157449 0.076869 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:56.234800 0.086766 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:56.321997 0.070553 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:56.392935 0.377577 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:56.770905 0.308595 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:09:57.079913 0.322286 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:15:35.249455 3.011326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 13:15:42.266747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:15:50.268040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:16:06.271192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:16:38.277139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:21:38.799725 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 13:21:38.799833 0.491873 tcp 10.0.2.109 50001 -> 176.73.169.112 1959 FSPA* 0 0 15 1667 flow=From-Botnet-V1-TCP-Established 1970/02/02 13:22:42.283574 3.001133 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 13:22:49.290651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:22:57.291999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:23:13.294976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:23:45.301003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:29:49.307847 3.000944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 13:29:56.314663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:30:04.315947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:30:20.319089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:30:52.325068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:36:56.330103 3.039730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 13:37:03.348819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:37:11.350100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:37:27.353200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:37:59.359014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:40:18.158479 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 13:40:18.158616 0.184242 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:18.343285 0.031076 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:18.374768 0.048872 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:18.424034 0.169592 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:18.594199 0.060628 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:18.655242 0.055498 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:18.711117 0.063224 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:18.774767 0.149290 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:18.924394 0.174750 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:19.099563 0.059440 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:19.159400 0.092689 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:19.252493 0.178873 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:19.431749 0.144535 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:19.576709 0.050002 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:19.627105 0.066964 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:19.694493 0.073572 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:19.768431 0.049541 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:19.818562 0.339561 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:20.158536 0.190271 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:20.349200 0.076104 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:20.425696 0.090700 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:20.516787 0.072482 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:20.589618 0.362513 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:20.952628 0.153144 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:21.106185 0.140698 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:21.247275 0.307566 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:40:21.555199 0.350508 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/02 13:44:03.364970 3.001913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 13:44:10.372634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:44:18.373868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:44:34.377072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:45:06.382925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:51:39.298155 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 13:51:39.298315 0.474082 tcp 10.0.2.109 50002 -> 176.73.169.112 1959 FSPA* 0 0 15 1772 flow=From-Botnet-V1-TCP-Established 1970/02/02 13:53:31.391692 3.001993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 13:53:38.399206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:53:46.400909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:54:02.403715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 13:54:34.409586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:00:38.415835 3.001590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 14:00:45.422986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:00:53.424838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:01:09.427570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:01:41.433877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:07:45.439669 3.001843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 14:07:52.447190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:08:00.448451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:08:16.451624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:08:48.457640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:10:25.006596 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 14:10:25.006742 0.049658 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.056787 0.171662 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.228863 0.056366 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.285643 0.055590 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.341703 0.064460 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.406617 0.148358 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.555378 0.029271 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.585070 0.062013 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.647517 0.169513 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.817478 0.056338 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.874243 0.061389 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:25.936053 0.181570 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:26.118020 0.144620 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:26.263024 0.048958 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:26.312379 0.066012 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:26.378794 0.073060 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:26.452318 0.049082 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:26.501827 0.080706 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:26.582913 0.083815 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:26.667181 0.072611 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:26.740185 0.333556 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:27.074179 0.194931 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:27.269513 0.364554 rtcp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:27.634495 0.154454 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:27.789383 0.141805 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:27.931665 0.306355 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:10:28.238531 0.323576 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:14:52.463552 3.001623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 14:14:59.471852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:15:07.472368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:15:23.475359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:15:55.481494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:21:39.777341 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 14:21:39.777543 0.535593 tcp 10.0.2.109 50003 -> 176.73.169.112 1959 FSPA* 0 0 15 1649 flow=From-Botnet-V1-TCP-Established 1970/02/02 14:21:59.488639 3.000614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 14:22:06.495049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:22:14.496521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:22:30.502565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:23:02.505334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:29:06.511876 3.001231 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 14:29:13.519085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:29:21.520522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:29:37.527337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:30:09.534751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:36:13.536588 3.000974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 14:36:20.542862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:36:28.544283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:36:44.547512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:37:16.553186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:40:53.585675 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 14:40:53.585865 0.050682 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:53.636942 0.167168 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:53.804536 0.057193 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:53.862296 0.058832 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:53.921472 0.061308 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:53.983223 0.149173 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:54.132777 0.029052 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:54.162356 0.148559 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:54.311291 0.171621 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:54.483355 0.052613 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:54.536424 0.061348 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:54.598175 0.179213 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:54.777797 0.143655 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:54.921894 0.048772 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:54.971041 0.069325 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:55.040800 0.072526 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:55.113686 0.048996 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:55.163062 0.077098 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:55.240532 0.084586 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:55.325546 0.072792 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:55.398740 0.369659 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:55.768901 0.153166 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:55.922482 0.335481 rtcp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:56.258344 0.192447 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:56.451158 0.331076 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:56.782634 0.139565 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:40:56.922560 0.308157 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/02 14:43:20.559478 3.001747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 14:43:27.566568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:43:35.567960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:43:51.571213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:44:23.577405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:50:27.583661 3.001297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 14:50:34.590973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:50:42.592160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:50:58.595379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:51:30.601235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:51:40.316026 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 14:51:40.316112 0.508863 tcp 10.0.2.109 50004 -> 176.73.169.112 1959 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/02/02 14:57:34.607558 3.001582 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 14:57:41.614815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:57:49.616292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:58:05.619275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 14:58:37.627063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:04:58.645782 3.001729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 15:05:05.652592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:05:13.654697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:05:29.658320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:06:01.663928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:10:58.851232 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 15:10:58.851367 0.058072 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:58.909797 0.055486 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:58.965679 0.052356 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:59.018488 0.166137 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:59.185041 0.063050 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:59.248571 0.149265 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:59.398212 0.029088 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:59.427699 0.156211 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:59.584315 0.173751 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:59.758548 0.060559 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:59.819598 0.062955 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:10:59.883034 0.178772 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:00.062201 0.144196 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:00.206832 0.049044 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:00.256292 0.065799 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:00.322508 0.074575 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:00.397447 0.050810 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:00.448600 0.080063 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:00.529068 0.085244 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:00.614685 0.067293 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:00.682409 0.371183 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:01.054037 0.152351 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:01.206779 0.331097 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:01.538315 0.141379 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:01.680074 0.342584 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:02.023029 0.232693 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:11:02.256134 0.309909 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:12:14.673085 3.001380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 15:12:21.679970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:12:29.681690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:12:45.684675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:13:17.690058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:19:21.696914 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 15:19:28.704364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:19:36.705636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:19:52.708682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:20:24.714915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:21:40.824479 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 15:21:40.824675 0.532275 tcp 10.0.2.109 50005 -> 176.73.169.112 1959 FSPA* 0 0 14 1651 flow=From-Botnet-V1-TCP-Established 1970/02/02 15:26:28.720935 3.001502 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 15:26:35.728175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:26:43.729490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:26:59.732442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:27:31.738644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:33:35.745582 3.000856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 15:33:42.752065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:33:50.752895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:34:06.756027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:34:38.762542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:40:42.771152 2.999325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 15:40:49.775965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:40:57.777492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:41:13.782901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:41:30.224309 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 15:41:30.224404 0.059120 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:30.283992 0.054278 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:30.338683 0.048441 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:30.387495 0.172746 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:30.560637 0.066104 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:30.627153 0.150590 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:30.778128 0.029146 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:30.807719 0.067697 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:30.875827 0.179076 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.055384 0.056256 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.112088 0.062211 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.174713 0.178391 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.353518 0.144783 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.498721 0.049244 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.548349 0.070940 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.619665 0.070834 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.690876 0.049123 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.740372 0.082112 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.822852 0.083925 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.907166 0.067566 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:31.975100 0.363737 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:32.339240 0.140534 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:32.480188 0.363280 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:32.843832 0.153975 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:32.998242 0.307677 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:33.306460 0.334303 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:33.641207 0.191386 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/02 15:41:45.786345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:47:49.792899 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 15:47:56.799824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:48:04.806684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:48:20.804616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:48:52.810600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:51:41.363490 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 15:51:41.363634 0.523925 tcp 10.0.2.109 50006 -> 176.73.169.112 1959 FSPA* 0 0 14 1551 flow=From-Botnet-V1-TCP-Established 1970/02/02 15:55:33.819719 3.002001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 15:55:40.826902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:55:48.828793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:56:04.831638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 15:56:36.837596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:02:48.846673 3.000186 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 16:02:55.852650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:03:03.853815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:03:19.856888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:03:51.863312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:09:55.869162 3.001842 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 16:10:02.876614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:10:10.878271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:10:26.881122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:10:58.887339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:11:38.374347 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 16:11:38.374480 0.049623 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:38.424505 0.172777 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:38.597725 0.063524 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:38.661606 0.150183 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:38.812175 0.029350 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:38.841917 0.061528 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:38.903827 0.055075 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:38.959334 0.053859 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.013581 0.167396 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.181367 0.062192 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.243968 0.061029 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.305414 0.181333 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.487100 0.151647 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.639109 0.049741 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.689249 0.066569 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.756230 0.069787 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.826440 0.049871 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.876705 0.079569 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:39.956649 0.084754 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:40.041800 0.138648 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:40.180850 0.371018 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:40.552272 0.068799 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:40.621521 0.334041 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:40.955968 0.344748 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:41.301174 0.227470 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:41.529022 0.159820 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:11:41.689253 0.309560 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:17:02.895485 3.004942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 16:17:09.906239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:17:17.902117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:17:33.905000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:18:05.911135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:21:41.892180 0.000222 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 16:21:41.892506 0.544679 tcp 10.0.2.109 50007 -> 176.73.169.112 1959 FSPA* 0 0 14 1565 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:24:09.917389 3.001434 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 16:24:16.924368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:24:24.926144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:24:40.928870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:25:12.935224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:31:16.941931 3.004713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 16:31:23.948442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:31:31.950287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:31:47.953097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:32:19.959401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:38:23.965010 3.001784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 16:38:30.972682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:38:38.973689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:38:54.976959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:39:26.982945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:42:11.900268 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 16:42:11.900443 0.068042 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:11.968845 0.150661 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:12.119897 0.029241 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:12.149550 0.614467 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:12.764453 0.049850 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:12.814713 0.257516 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.072690 0.060735 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.133828 0.055856 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.190188 0.167033 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.357612 0.055479 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.413560 0.060855 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.474865 0.187127 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.662511 0.136815 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.799797 0.049596 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.849838 0.066314 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.916621 0.074603 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:13.991665 0.049846 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:14.041972 0.142993 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:14.185388 0.372366 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:14.558215 0.073072 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:14.631720 0.075823 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:14.708003 0.085458 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:14.793904 0.359358 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:15.153703 0.343078 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:15.497220 0.191618 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:15.689292 0.154607 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:42:15.844358 0.310743 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/02 16:45:30.989753 3.000858 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 16:45:37.996338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:45:45.997869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:46:02.000991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:46:34.006973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:51:42.441047 0.000220 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 16:51:42.441371 3.005645 tcp 10.0.2.109 50008 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:51:51.443191 0.000000 tcp 10.0.2.109 50008 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:51:57.443747 0.052427 tcp 10.0.2.109 50009 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:51:57.496442 0.051622 tcp 10.0.2.109 50010 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:51:57.548364 0.127129 tcp 10.0.2.109 50011 -> 195.113.214.211 443 SRPA* 0 0 56 37989 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:51:57.753253 3.003382 tcp 10.0.2.109 50012 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:52:06.755505 0.000000 tcp 10.0.2.109 50012 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:52:12.754875 0.052738 tcp 10.0.2.109 50013 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:12.807891 0.052576 tcp 10.0.2.109 50014 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:12.860698 0.146696 tcp 10.0.2.109 50015 -> 195.113.214.211 443 SRPA* 0 0 35 18790 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:13.083854 2.984860 tcp 10.0.2.109 50016 -> 27.251.231.18 9791 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:52:22.077510 0.000000 tcp 10.0.2.109 50016 -> 27.251.231.18 9791 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:52:28.076654 0.052910 tcp 10.0.2.109 50017 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:28.129894 0.051509 tcp 10.0.2.109 50018 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:28.181755 0.153873 tcp 10.0.2.109 50019 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:28.351680 2.999361 tcp 10.0.2.109 50020 -> 81.182.251.82 2897 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:52:37.349483 0.000000 tcp 10.0.2.109 50020 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:52:43.348621 0.052186 tcp 10.0.2.109 50021 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:43.401069 0.053786 tcp 10.0.2.109 50022 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:43.455135 0.143271 tcp 10.0.2.109 50023 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:43.614518 2.998191 tcp 10.0.2.109 50024 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:52:52.611432 0.000000 tcp 10.0.2.109 50024 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:52:58.610492 0.051718 tcp 10.0.2.109 50025 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:58.662490 0.054102 tcp 10.0.2.109 50026 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:58.716799 0.141124 tcp 10.0.2.109 50027 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:52:58.867597 3.006756 tcp 10.0.2.109 50028 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:53:07.873358 0.000000 tcp 10.0.2.109 50028 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:53:13.862241 3.004043 tcp 10.0.2.109 50029 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:53:22.864668 0.000000 tcp 10.0.2.109 50029 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:53:28.863414 3.004455 tcp 10.0.2.109 50030 -> 27.251.231.18 9791 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:53:37.875934 0.000000 tcp 10.0.2.109 50030 -> 27.251.231.18 9791 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:53:42.853406 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 16:53:43.865040 2.994103 tcp 10.0.2.109 50031 -> 81.182.251.82 2897 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:53:52.857935 0.000000 tcp 10.0.2.109 50031 -> 81.182.251.82 2897 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:53:58.866596 2.994580 tcp 10.0.2.109 50032 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:54:07.859359 0.000000 tcp 10.0.2.109 50032 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:54:26.019204 3.000598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 16:54:33.025657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:54:41.027214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:54:57.030578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:55:29.036088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 16:59:13.870099 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 16:59:13.870279 3.003599 tcp 10.0.2.109 50033 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:59:22.871921 0.000000 tcp 10.0.2.109 50033 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:59:28.872654 0.053685 tcp 10.0.2.109 50034 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:59:28.926609 0.052770 tcp 10.0.2.109 50035 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:59:28.979629 0.145294 tcp 10.0.2.109 50036 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:59:29.299567 3.006449 tcp 10.0.2.109 50037 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:59:38.304605 0.000000 tcp 10.0.2.109 50037 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:59:44.293813 0.051194 tcp 10.0.2.109 50038 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:59:44.345347 0.052520 tcp 10.0.2.109 50039 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:59:44.398223 0.143791 tcp 10.0.2.109 50040 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:59:44.627178 2.990796 tcp 10.0.2.109 50041 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:59:53.626062 0.000000 tcp 10.0.2.109 50041 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 16:59:59.625476 0.052119 tcp 10.0.2.109 50042 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:59:59.677835 0.051791 tcp 10.0.2.109 50043 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:59:59.729884 0.146067 tcp 10.0.2.109 50044 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 16:59:59.885395 2.984291 tcp 10.0.2.109 50045 -> 27.251.231.18 9791 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:00:08.868827 0.000000 tcp 10.0.2.109 50045 -> 27.251.231.18 9791 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:00:14.877744 0.051642 tcp 10.0.2.109 50046 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:00:14.929690 0.051067 tcp 10.0.2.109 50047 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:00:14.980992 0.146824 tcp 10.0.2.109 50048 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:00:15.140139 3.001635 tcp 10.0.2.109 50049 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:00:24.140678 0.000000 tcp 10.0.2.109 50049 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:00:30.139518 3.003922 tcp 10.0.2.109 50050 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:00:39.142105 0.000000 tcp 10.0.2.109 50050 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:00:45.141048 3.003735 tcp 10.0.2.109 50051 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:00:54.143595 0.000000 tcp 10.0.2.109 50051 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:01:00.142503 3.003364 tcp 10.0.2.109 50052 -> 27.251.231.18 9791 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:01:04.849701 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:01:09.145181 0.000000 tcp 10.0.2.109 50052 -> 27.251.231.18 9791 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:01:55.055220 3.000423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 17:02:02.061424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:02:10.062833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:02:26.065672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:02:58.071732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:06:15.145800 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:06:15.145989 2.999170 tcp 10.0.2.109 50053 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:06:24.138244 0.000000 tcp 10.0.2.109 50053 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:06:30.148139 0.053463 tcp 10.0.2.109 50054 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:06:30.201882 0.053553 tcp 10.0.2.109 50055 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:06:30.255761 0.144735 tcp 10.0.2.109 50056 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:06:30.415193 2.996304 tcp 10.0.2.109 50057 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:06:39.410023 0.000000 tcp 10.0.2.109 50057 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:06:45.409073 0.052411 tcp 10.0.2.109 50058 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:06:45.461920 0.053255 tcp 10.0.2.109 50059 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:06:45.515562 0.146036 tcp 10.0.2.109 50060 -> 195.113.214.211 443 SRPA* 0 0 42 34652 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:06:45.680173 3.003058 tcp 10.0.2.109 50061 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:06:54.681978 0.000000 tcp 10.0.2.109 50061 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:07:00.681202 0.051602 tcp 10.0.2.109 50062 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:07:00.733106 0.053299 tcp 10.0.2.109 50063 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:07:00.786757 0.147183 tcp 10.0.2.109 50064 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:07:00.965331 2.999892 tcp 10.0.2.109 50065 -> 27.251.231.18 9791 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:07:09.963632 0.000000 tcp 10.0.2.109 50065 -> 27.251.231.18 9791 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:07:15.963665 0.051408 tcp 10.0.2.109 50066 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:07:16.015400 0.053074 tcp 10.0.2.109 50067 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:07:16.068782 0.140072 tcp 10.0.2.109 50068 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:07:16.222240 3.004826 tcp 10.0.2.109 50069 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:07:25.225334 0.000000 tcp 10.0.2.109 50069 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:07:31.215355 2.993348 tcp 10.0.2.109 50070 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:07:40.207387 0.000000 tcp 10.0.2.109 50070 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:07:46.216559 2.993421 tcp 10.0.2.109 50071 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:07:55.208875 0.000000 tcp 10.0.2.109 50071 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:08:01.218660 3.003167 tcp 10.0.2.109 50072 -> 27.251.231.18 9791 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:08:05.854455 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:08:10.220425 0.000000 tcp 10.0.2.109 50072 -> 27.251.231.18 9791 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:09:08.086984 3.000917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 17:09:15.093968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:09:23.095173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:09:39.098428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:10:11.104400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:12:31.907241 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:12:31.907429 0.032078 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:31.938498 0.092924 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:32.004073 0.065634 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:32.092247 0.104607 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:32.158471 0.154231 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:32.321625 0.177609 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:32.496753 0.077807 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:32.555607 0.072209 rtp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:32.651133 0.170628 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:32.867876 0.110738 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:32.925842 0.076142 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:33.070003 0.193788 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:33.255273 0.154082 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:33.401376 0.051587 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:33.471122 0.088824 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:33.539448 0.113441 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:33.613555 0.052915 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:33.688312 0.162524 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:33.830436 0.386970 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:34.200861 0.085944 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:34.272095 0.117334 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:34.349233 0.122523 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:34.434347 0.202211 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:34.633912 0.160001 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:34.789466 0.334456 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:35.105954 0.340174 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:12:35.457051 0.308672 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:13:16.221539 3.003234 tcp 10.0.2.109 50073 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:13:20.847310 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:13:25.223533 0.000000 tcp 10.0.2.109 50073 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:13:31.224145 0.053265 tcp 10.0.2.109 50074 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:13:31.277705 0.051997 tcp 10.0.2.109 50075 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:13:31.329962 0.147782 tcp 10.0.2.109 50076 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:13:31.619351 3.007457 tcp 10.0.2.109 50077 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:13:40.629231 0.000000 tcp 10.0.2.109 50077 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:13:46.615367 0.051557 tcp 10.0.2.109 50078 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:13:46.667308 0.053064 tcp 10.0.2.109 50079 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:13:46.720698 0.147442 tcp 10.0.2.109 50080 -> 195.113.214.211 443 SRPA* 0 0 20 10684 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:13:46.888484 2.990457 tcp 10.0.2.109 50081 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:13:55.887426 0.000000 tcp 10.0.2.109 50081 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:14:01.886806 0.051443 tcp 10.0.2.109 50082 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:14:01.938591 0.053071 tcp 10.0.2.109 50083 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:14:01.991943 0.150341 tcp 10.0.2.109 50084 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:14:02.339898 3.001255 tcp 10.0.2.109 50085 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:14:11.339721 0.000000 tcp 10.0.2.109 50085 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:14:17.338843 3.003824 tcp 10.0.2.109 50086 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:14:26.342834 0.000000 tcp 10.0.2.109 50086 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:14:32.340027 3.004488 tcp 10.0.2.109 50087 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:14:41.342910 0.000000 tcp 10.0.2.109 50087 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:16:15.109870 3.006480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 17:16:22.118568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:16:30.122612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:16:46.122532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:17:18.128602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:19:47.343452 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:19:47.343597 3.003566 tcp 10.0.2.109 50088 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:19:56.345787 0.000000 tcp 10.0.2.109 50088 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:20:02.346348 0.053239 tcp 10.0.2.109 50089 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:20:02.399898 0.053396 tcp 10.0.2.109 50090 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:20:02.453591 0.149890 tcp 10.0.2.109 50091 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:20:02.620384 2.998800 tcp 10.0.2.109 50092 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:20:11.627747 0.000000 tcp 10.0.2.109 50092 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:20:17.616660 0.052054 tcp 10.0.2.109 50093 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:20:17.668932 0.054095 tcp 10.0.2.109 50094 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:20:17.723341 0.144194 tcp 10.0.2.109 50095 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:20:17.927851 3.003429 tcp 10.0.2.109 50096 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:20:26.929846 0.000000 tcp 10.0.2.109 50096 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:20:32.928757 3.004411 tcp 10.0.2.109 50097 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:20:41.933453 0.000000 tcp 10.0.2.109 50097 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:23:22.135428 3.000599 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 17:23:29.141925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:23:37.143321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:23:53.146013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:24:25.152596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:25:47.932137 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:25:47.932253 3.003253 tcp 10.0.2.109 50098 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:25:56.934419 0.000000 tcp 10.0.2.109 50098 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:26:02.935478 0.052741 tcp 10.0.2.109 50099 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:26:02.988559 0.052903 tcp 10.0.2.109 50100 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:26:03.041737 0.148383 tcp 10.0.2.109 50101 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:26:03.273437 2.994216 tcp 10.0.2.109 50102 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:26:12.277516 0.000000 tcp 10.0.2.109 50102 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:26:18.275413 0.052595 tcp 10.0.2.109 50103 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:26:18.328279 0.052364 tcp 10.0.2.109 50104 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:26:18.380888 0.202317 tcp 10.0.2.109 50105 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:26:18.817870 3.001828 tcp 10.0.2.109 50106 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:26:27.818591 0.000000 tcp 10.0.2.109 50106 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:26:33.817333 3.004258 tcp 10.0.2.109 50107 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:26:42.820718 0.000000 tcp 10.0.2.109 50107 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:30:29.158414 3.001420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 17:30:36.165829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:30:44.167268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:31:00.170693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:31:32.175696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:31:48.820952 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:31:48.821141 3.006328 tcp 10.0.2.109 50108 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:31:57.823496 0.000000 tcp 10.0.2.109 50108 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:32:03.824016 0.053711 tcp 10.0.2.109 50109 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:32:03.878028 0.053663 tcp 10.0.2.109 50110 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:32:03.931948 0.147173 tcp 10.0.2.109 50111 -> 195.113.214.211 443 SRPA* 0 0 46 40992 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:32:04.091285 3.005026 tcp 10.0.2.109 50112 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:32:13.095241 0.000000 tcp 10.0.2.109 50112 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:32:19.084258 0.053395 tcp 10.0.2.109 50113 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:32:19.137938 0.052053 tcp 10.0.2.109 50114 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:32:19.190314 0.148554 tcp 10.0.2.109 50115 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:32:19.348900 2.999524 tcp 10.0.2.109 50116 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:32:28.357106 0.000000 tcp 10.0.2.109 50116 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:32:34.345773 2.994019 tcp 10.0.2.109 50117 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:32:43.338720 0.000000 tcp 10.0.2.109 50117 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:37:36.182111 3.002246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 17:37:43.189537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:37:51.191388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:38:07.194649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:38:39.200627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:42:54.517768 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:42:54.517892 0.032009 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:54.548702 0.184582 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:54.707462 0.067846 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:54.760184 0.095044 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:54.889971 0.155212 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:55.043774 0.183453 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:55.223646 0.075901 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:55.281068 0.074879 rtp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:55.393846 0.167925 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:55.628031 0.112696 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:55.684090 0.077463 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:55.746539 0.190801 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:55.930121 0.148748 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:56.070261 0.051048 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:56.147946 0.089725 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:56.220589 0.109516 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:56.293112 0.051954 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:57.763110 0.166690 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:57.907287 0.381576 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:58.622884 0.090659 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:58.697626 0.122891 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:58.779756 0.123408 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:58.868528 0.199330 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:59.064439 0.157589 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2570 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:59.270551 0.310162 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:59.587939 0.405214 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:42:59.973905 0.343317 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/02 17:43:04.385057 3.000707 tcp 10.0.2.109 50118 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:43:13.384654 0.000000 tcp 10.0.2.109 50118 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:43:19.384718 0.053781 tcp 10.0.2.109 50119 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:43:19.438736 0.053776 tcp 10.0.2.109 50120 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:43:19.492789 0.147110 tcp 10.0.2.109 50121 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:43:19.727655 3.000353 tcp 10.0.2.109 50122 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:43:28.736137 0.000000 tcp 10.0.2.109 50122 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:43:34.725921 0.052632 tcp 10.0.2.109 50123 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:43:34.778852 0.053432 tcp 10.0.2.109 50124 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:43:34.832637 0.147455 tcp 10.0.2.109 50125 -> 195.113.214.211 443 SRPA* 0 0 44 35370 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:43:35.089921 2.990100 tcp 10.0.2.109 50126 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:43:44.078534 0.000000 tcp 10.0.2.109 50126 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:43:50.087563 3.003972 tcp 10.0.2.109 50127 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:43:59.090370 0.000000 tcp 10.0.2.109 50127 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:44:43.207834 3.000120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 17:44:50.214483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:44:58.215830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:45:14.218554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:45:46.224197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:49:05.090541 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:49:05.090643 3.003297 tcp 10.0.2.109 50128 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:49:14.092974 0.000000 tcp 10.0.2.109 50128 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:49:20.093404 0.054752 tcp 10.0.2.109 50129 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:49:20.148524 0.053439 tcp 10.0.2.109 50130 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:49:20.202405 0.146804 tcp 10.0.2.109 50131 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:49:20.405823 3.000789 tcp 10.0.2.109 50132 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:49:29.405309 0.000000 tcp 10.0.2.109 50132 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:49:35.404372 0.053606 tcp 10.0.2.109 50133 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:49:35.458251 0.053352 tcp 10.0.2.109 50134 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:49:35.511900 0.149566 tcp 10.0.2.109 50135 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:49:35.712140 2.996324 tcp 10.0.2.109 50136 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:49:44.716808 0.000000 tcp 10.0.2.109 50136 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:49:50.705829 2.994062 tcp 10.0.2.109 50137 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:49:59.698612 0.000000 tcp 10.0.2.109 50137 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:53:57.232373 3.002191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 17:54:04.240160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:54:12.242071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:54:28.244699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:55:00.251326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 17:55:05.709383 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 17:55:05.709570 3.003076 tcp 10.0.2.109 50138 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:55:14.711798 0.000000 tcp 10.0.2.109 50138 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:55:20.711598 0.054913 tcp 10.0.2.109 50139 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:55:20.766734 0.052699 tcp 10.0.2.109 50140 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:55:20.819731 0.151562 tcp 10.0.2.109 50141 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:55:20.981299 3.003422 tcp 10.0.2.109 50142 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:55:29.983843 0.000000 tcp 10.0.2.109 50142 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:55:35.983039 0.052071 tcp 10.0.2.109 50143 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:55:36.035415 0.053327 tcp 10.0.2.109 50144 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:55:36.089051 0.152271 tcp 10.0.2.109 50145 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/02 17:55:36.251599 3.005211 tcp 10.0.2.109 50146 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:55:45.255536 0.000000 tcp 10.0.2.109 50146 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:55:51.244338 2.993750 tcp 10.0.2.109 50147 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 17:56:00.247282 0.000000 tcp 10.0.2.109 50147 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:01:06.247540 0.000158 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 18:01:06.247785 3.003459 tcp 10.0.2.109 50148 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:01:10.265989 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 18:01:15.249984 0.000000 tcp 10.0.2.109 50148 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:01:17.272798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:01:21.250410 0.052712 tcp 10.0.2.109 50149 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:01:21.303375 0.051921 tcp 10.0.2.109 50150 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:01:21.355576 0.151665 tcp 10.0.2.109 50151 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:01:21.528504 3.004618 tcp 10.0.2.109 50152 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:01:25.274630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:01:30.532120 0.000000 tcp 10.0.2.109 50152 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:01:36.521526 0.052324 tcp 10.0.2.109 50153 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:01:36.574151 0.053301 tcp 10.0.2.109 50154 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:01:36.627772 0.146948 tcp 10.0.2.109 50155 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:01:36.786615 2.998312 tcp 10.0.2.109 50156 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:01:41.277064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:01:45.783285 0.000000 tcp 10.0.2.109 50156 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:01:51.783356 3.003412 tcp 10.0.2.109 50157 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:02:00.785588 0.000000 tcp 10.0.2.109 50157 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:02:13.283848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:08:26.293244 3.001321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 18:08:33.299767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:08:41.301365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:08:57.304479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:09:29.310558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:13:13.893843 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 18:13:13.894026 0.066786 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:13.945109 0.098891 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:14.114038 0.031809 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:14.144640 0.087632 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:14.204231 0.153047 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:14.356004 0.182530 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:14.534523 0.078167 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:14.595166 0.073937 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:14.719658 0.176059 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:15.073316 0.114316 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:15.301744 0.077156 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:15.365420 0.190633 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:15.548832 0.152129 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:15.695040 0.051101 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:15.788469 0.088793 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:15.859296 0.109498 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:15.931949 0.052708 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:16.094933 0.165357 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:16.238648 0.375719 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:16.598175 0.087522 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:16.671673 0.119782 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:16.759557 0.129584 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:16.848529 0.308136 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:17.162664 0.197256 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:17.356875 0.158375 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:17.534658 0.379642 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:17.897541 0.335871 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:13:21.825103 2.993781 tcp 10.0.2.109 50158 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:13:30.817562 0.000000 tcp 10.0.2.109 50158 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:13:36.828031 0.053544 tcp 10.0.2.109 50159 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:13:36.881847 0.053882 tcp 10.0.2.109 50160 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:13:36.936020 0.152737 tcp 10.0.2.109 50161 -> 195.113.214.211 443 SRPA* 0 0 67 69796 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:13:37.149562 3.001257 tcp 10.0.2.109 50162 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:13:46.149527 0.000000 tcp 10.0.2.109 50162 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:13:52.148907 0.051206 tcp 10.0.2.109 50163 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:13:52.200419 0.052624 tcp 10.0.2.109 50164 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:13:52.253353 0.148838 tcp 10.0.2.109 50165 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:13:52.547043 2.995864 tcp 10.0.2.109 50166 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:14:01.541402 0.000000 tcp 10.0.2.109 50166 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:14:07.544447 2.999908 tcp 10.0.2.109 50167 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:14:16.543163 0.000000 tcp 10.0.2.109 50167 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:15:33.316634 3.001145 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 18:15:40.324025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:15:48.325270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:16:04.328676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:16:36.334210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:19:22.543692 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 18:19:22.543781 3.003783 tcp 10.0.2.109 50168 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:19:31.556099 0.000000 tcp 10.0.2.109 50168 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:19:37.545988 0.052539 tcp 10.0.2.109 50169 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:19:37.598796 0.053348 tcp 10.0.2.109 50170 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:19:37.652416 0.150224 tcp 10.0.2.109 50171 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:19:37.813377 2.996108 tcp 10.0.2.109 50172 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:19:46.807950 0.000000 tcp 10.0.2.109 50172 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:19:52.807444 0.052567 tcp 10.0.2.109 50173 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:19:52.860301 0.052609 tcp 10.0.2.109 50174 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:19:52.913253 0.148604 tcp 10.0.2.109 50175 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:19:53.082992 2.998523 tcp 10.0.2.109 50176 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:20:02.079961 0.000000 tcp 10.0.2.109 50176 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:20:08.079012 3.003956 tcp 10.0.2.109 50177 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:20:17.081704 0.000000 tcp 10.0.2.109 50177 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:22:40.339923 3.005234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 18:22:47.347619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:22:55.349313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:23:11.352424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:23:43.357927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:25:23.082322 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 18:25:23.082420 3.003471 tcp 10.0.2.109 50178 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:25:32.084080 0.000000 tcp 10.0.2.109 50178 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:25:38.084665 0.052759 tcp 10.0.2.109 50179 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:25:38.137707 0.053718 tcp 10.0.2.109 50180 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:25:38.191719 0.146650 tcp 10.0.2.109 50181 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:25:38.353244 2.994666 tcp 10.0.2.109 50182 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:25:47.356204 0.000000 tcp 10.0.2.109 50182 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:25:53.346289 0.051766 tcp 10.0.2.109 50183 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:25:53.398390 0.052883 tcp 10.0.2.109 50184 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:25:53.451523 0.153000 tcp 10.0.2.109 50185 -> 195.113.214.211 443 SRPA* 0 0 43 35912 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:25:53.636692 2.992992 tcp 10.0.2.109 50186 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:26:02.628487 0.000000 tcp 10.0.2.109 50186 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:26:08.636989 2.995508 tcp 10.0.2.109 50187 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:26:17.630100 0.000000 tcp 10.0.2.109 50187 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:29:47.364048 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 18:29:54.371477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:30:02.373069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:30:18.375591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:30:50.382316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:31:23.640724 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 18:31:23.640824 3.003568 tcp 10.0.2.109 50188 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:31:32.643057 0.000000 tcp 10.0.2.109 50188 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:31:38.644341 0.053307 tcp 10.0.2.109 50189 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:31:38.697924 0.053785 tcp 10.0.2.109 50190 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:31:38.752049 0.153826 tcp 10.0.2.109 50191 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:31:38.929977 3.006628 tcp 10.0.2.109 50192 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:31:47.934826 0.000000 tcp 10.0.2.109 50192 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:31:53.924042 0.052416 tcp 10.0.2.109 50193 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:31:53.976749 0.052731 tcp 10.0.2.109 50194 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:31:54.029749 0.145715 tcp 10.0.2.109 50195 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:31:54.186591 2.991880 tcp 10.0.2.109 50196 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:32:03.186762 0.000000 tcp 10.0.2.109 50196 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:32:09.185815 2.994028 tcp 10.0.2.109 50197 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:32:18.177984 0.000000 tcp 10.0.2.109 50197 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:36:54.387773 3.003271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 18:37:01.402324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:37:09.396943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:37:25.400136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:37:57.407740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:43:36.984275 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 18:43:36.984383 0.068524 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:37.037314 0.101608 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:37.170965 0.031392 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:37.201242 0.084707 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:37.260201 0.363985 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:37.620660 0.172060 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:37.789313 0.078360 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:37.848997 0.071008 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:37.903398 0.168034 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:38.070953 0.112350 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:38.216504 0.078413 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:38.279809 0.192823 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:38.465240 0.147359 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:38.604841 0.050890 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:38.673918 0.087195 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:38.740961 0.114441 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:38.816467 0.051683 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:38.896999 0.164135 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:39.040044 0.382589 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2597 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:39.228044 3.003687 tcp 10.0.2.109 50198 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:43:39.404136 0.087191 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:39.475673 0.117733 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:39.554678 0.126885 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:39.672237 0.157919 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:39.847197 0.380080 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:40.208412 0.309517 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:40.538677 0.280755 udp 10.0.2.109 3683 <-> 99.11.249.247 4413 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:40.816149 0.340284 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/02 18:43:48.231005 0.000000 tcp 10.0.2.109 50198 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:43:54.231004 0.052542 tcp 10.0.2.109 50199 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:43:54.283873 0.053539 tcp 10.0.2.109 50200 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:43:54.337681 0.150010 tcp 10.0.2.109 50201 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:43:54.511053 3.002716 tcp 10.0.2.109 50202 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:44:01.413469 3.000639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 18:44:03.512956 0.000000 tcp 10.0.2.109 50202 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:44:08.419659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:44:09.512052 0.052564 tcp 10.0.2.109 50203 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:44:09.564899 0.054018 tcp 10.0.2.109 50204 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:44:09.619163 0.145707 tcp 10.0.2.109 50205 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:44:09.782528 3.003243 tcp 10.0.2.109 50206 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:44:16.421189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:44:18.787190 0.000000 tcp 10.0.2.109 50206 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:44:24.783371 3.004015 tcp 10.0.2.109 50207 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:44:32.424512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:44:33.796216 0.000000 tcp 10.0.2.109 50207 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:45:04.437126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:49:39.786673 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 18:49:39.786806 2.993067 tcp 10.0.2.109 50208 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:49:48.778833 0.000000 tcp 10.0.2.109 50208 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:49:54.793052 0.052733 tcp 10.0.2.109 50209 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:49:54.846201 0.053210 tcp 10.0.2.109 50210 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:49:54.899743 0.148481 tcp 10.0.2.109 50211 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:49:55.339666 2.993035 tcp 10.0.2.109 50212 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:50:04.331116 0.000000 tcp 10.0.2.109 50212 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:50:10.330836 0.053112 tcp 10.0.2.109 50213 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:50:10.383790 0.053732 tcp 10.0.2.109 50214 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:50:10.437905 0.145793 tcp 10.0.2.109 50215 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:50:10.609104 3.005122 tcp 10.0.2.109 50216 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:50:19.613344 0.000000 tcp 10.0.2.109 50216 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:50:25.602437 3.003451 tcp 10.0.2.109 50217 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:50:34.605942 0.000000 tcp 10.0.2.109 50217 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:53:29.438564 3.002170 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 18:53:36.446457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:53:44.447935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:54:00.450748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:54:32.456721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 18:55:40.605268 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 18:55:40.605407 2.993550 tcp 10.0.2.109 50218 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:55:49.597566 0.000000 tcp 10.0.2.109 50218 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:55:55.608465 0.053514 tcp 10.0.2.109 50219 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:55:55.662479 0.053434 tcp 10.0.2.109 50220 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:55:55.716231 0.148344 tcp 10.0.2.109 50221 -> 195.113.214.211 443 SRPA* 0 0 36 19484 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:55:55.881162 3.000262 tcp 10.0.2.109 50222 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:56:04.879838 0.000000 tcp 10.0.2.109 50222 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:56:10.879438 0.052698 tcp 10.0.2.109 50223 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:56:10.932482 0.053770 tcp 10.0.2.109 50224 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:56:10.986568 0.148425 tcp 10.0.2.109 50225 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/02 18:56:11.145691 2.997533 tcp 10.0.2.109 50226 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:56:20.141426 0.000000 tcp 10.0.2.109 50226 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:56:26.140329 3.004240 tcp 10.0.2.109 50227 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 18:56:35.143222 0.000000 tcp 10.0.2.109 50227 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:00:36.465153 3.001755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 19:00:43.470906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:00:51.471943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:01:07.474788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:01:39.480910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:01:41.147148 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 19:01:41.147246 3.000027 tcp 10.0.2.109 50228 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:01:50.155586 0.000000 tcp 10.0.2.109 50228 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:01:56.146548 0.055066 tcp 10.0.2.109 50229 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:01:56.201925 0.054652 tcp 10.0.2.109 50230 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:01:56.256893 0.153105 tcp 10.0.2.109 50231 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:01:56.550779 2.998598 tcp 10.0.2.109 50232 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:02:05.553366 0.000000 tcp 10.0.2.109 50232 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:02:11.547373 0.052044 tcp 10.0.2.109 50233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:02:11.599777 0.053391 tcp 10.0.2.109 50234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:02:11.653546 0.147974 tcp 10.0.2.109 50235 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:02:11.844304 2.997296 tcp 10.0.2.109 50236 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:02:20.840492 0.000000 tcp 10.0.2.109 50236 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:02:26.839407 3.007579 tcp 10.0.2.109 50237 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:02:35.841361 0.000000 tcp 10.0.2.109 50237 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:07:43.487773 3.000659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 19:07:50.496780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:07:58.495677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:08:14.498643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:08:46.504763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:14:11.084977 0.000202 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 19:14:11.085295 0.033839 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:11.117709 0.086043 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:11.489924 0.155028 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:11.641249 0.171723 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:11.809500 0.078312 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:11.870496 0.074761 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:11.886927 3.000049 tcp 10.0.2.109 50238 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:14:11.961709 0.068629 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:12.013213 0.094834 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:12.075000 0.173313 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:12.240779 0.118952 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:12.319061 0.086001 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:12.448388 0.192956 rtcp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:12.633713 0.152578 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:12.845606 0.050911 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:13.027775 0.086489 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:13.358740 0.110564 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:13.623863 0.053477 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:13.692533 0.164650 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:13.835978 0.380147 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:14.196003 0.090838 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:14.272839 0.116559 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:14.361254 0.128127 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:14.446282 0.158914 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:14.604819 0.000000 udp 10.0.2.109 3683 -> 99.11.249.247 4413 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 19:14:20.895292 0.000000 tcp 10.0.2.109 50238 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:14:26.885575 0.055257 tcp 10.0.2.109 50239 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:14:26.941163 0.054131 tcp 10.0.2.109 50240 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:14:26.995600 0.179119 tcp 10.0.2.109 50241 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:14:27.252597 2.996233 tcp 10.0.2.109 50242 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:14:31.952308 0.051889 tcp 10.0.2.109 50243 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:14:32.004480 0.052915 tcp 10.0.2.109 50244 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:14:32.057684 0.148108 tcp 10.0.2.109 50245 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:14:32.206464 0.339160 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:32.528189 0.311068 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:32.971427 0.344121 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:14:36.257157 0.000000 tcp 10.0.2.109 50242 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:14:50.512407 3.002413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 19:14:57.521339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:15:05.519480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:15:21.522815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:15:53.529384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:19:42.248056 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 19:19:42.248209 3.003671 tcp 10.0.2.109 50246 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:19:51.251392 0.000000 tcp 10.0.2.109 50246 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:19:57.251132 0.054087 tcp 10.0.2.109 50247 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:19:57.305460 0.054945 tcp 10.0.2.109 50248 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:19:57.360741 0.148184 tcp 10.0.2.109 50249 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:19:57.633557 3.000158 tcp 10.0.2.109 50250 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:20:06.632640 0.000000 tcp 10.0.2.109 50250 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:20:12.632003 0.052593 tcp 10.0.2.109 50251 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:20:12.684844 0.054284 tcp 10.0.2.109 50252 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:20:12.739405 0.146869 tcp 10.0.2.109 50253 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:20:12.947896 3.007867 tcp 10.0.2.109 50254 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:20:21.954740 0.000000 tcp 10.0.2.109 50254 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:20:27.943267 3.004116 tcp 10.0.2.109 50255 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:20:36.956152 0.000000 tcp 10.0.2.109 50255 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:21:57.534346 3.002000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 19:22:04.542370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:22:12.543505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:22:28.546562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:23:00.557697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:25:42.947734 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 19:25:42.947849 2.992616 tcp 10.0.2.109 50256 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:25:51.939027 0.000000 tcp 10.0.2.109 50256 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:25:57.949694 0.053274 tcp 10.0.2.109 50257 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:25:58.003314 0.053235 tcp 10.0.2.109 50258 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:25:58.056841 0.148701 tcp 10.0.2.109 50259 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:25:58.369962 2.993547 tcp 10.0.2.109 50260 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:26:07.362240 0.000000 tcp 10.0.2.109 50260 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:26:13.369102 0.052538 tcp 10.0.2.109 50261 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:26:13.421982 0.053894 tcp 10.0.2.109 50262 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:26:13.476173 0.142490 tcp 10.0.2.109 50263 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:26:13.797700 2.997340 tcp 10.0.2.109 50264 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:26:22.793443 0.000000 tcp 10.0.2.109 50264 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:26:28.791916 3.004259 tcp 10.0.2.109 50265 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:26:37.794955 0.000000 tcp 10.0.2.109 50265 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:29:04.558497 3.001759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 19:29:11.565992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:29:19.567619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:29:35.570930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:30:07.576585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:31:43.795360 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 19:31:43.795543 2.993471 tcp 10.0.2.109 50266 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:31:52.787719 0.000000 tcp 10.0.2.109 50266 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:31:58.798101 0.052973 tcp 10.0.2.109 50267 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:31:58.851414 0.053291 tcp 10.0.2.109 50268 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:31:58.905013 0.146145 tcp 10.0.2.109 50269 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:31:59.117087 2.994141 tcp 10.0.2.109 50270 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:32:08.110020 0.000000 tcp 10.0.2.109 50270 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:32:14.119191 0.053049 tcp 10.0.2.109 50271 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:32:14.172532 0.054405 tcp 10.0.2.109 50272 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:32:14.227215 0.145099 tcp 10.0.2.109 50273 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:32:15.063515 3.000507 tcp 10.0.2.109 50274 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:32:24.062779 0.000000 tcp 10.0.2.109 50274 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:32:30.062171 3.003589 tcp 10.0.2.109 50275 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:32:39.064463 0.000000 tcp 10.0.2.109 50275 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:36:11.582724 3.001827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 19:36:18.589992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:36:26.591479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:36:42.594303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:37:14.600887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:37:45.065226 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 19:37:45.065391 2.993496 tcp 10.0.2.109 50276 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:37:54.067440 0.000000 tcp 10.0.2.109 50276 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:38:00.068251 0.031413 tcp 10.0.2.109 50277 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:38:00.099924 0.032328 tcp 10.0.2.109 50278 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:38:00.132568 0.131248 tcp 10.0.2.109 50279 -> 195.113.214.211 443 SRPA* 0 0 68 69850 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:38:00.556804 2.998496 tcp 10.0.2.109 50280 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:38:09.552569 0.000000 tcp 10.0.2.109 50280 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:38:15.559195 0.030800 tcp 10.0.2.109 50281 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:38:15.590349 0.031530 tcp 10.0.2.109 50282 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:38:15.622246 0.125038 tcp 10.0.2.109 50283 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:38:15.759412 3.003121 tcp 10.0.2.109 50284 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:38:24.767036 0.000000 tcp 10.0.2.109 50284 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:38:30.765716 2.998707 tcp 10.0.2.109 50285 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:38:39.764662 0.000000 tcp 10.0.2.109 50285 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:43:18.606434 3.002053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 19:43:25.614205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:43:33.615208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:43:49.618714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:44:21.624679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:44:52.158960 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 19:44:52.159106 0.000000 udp 10.0.2.109 3683 -> 99.11.249.247 4413 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 19:45:07.182891 0.031862 tcp 10.0.2.109 50286 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:45:07.215006 0.053557 tcp 10.0.2.109 50287 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:45:07.268857 0.144699 tcp 10.0.2.109 50288 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:45:07.414109 0.153907 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:07.580353 0.173883 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:07.750944 0.078604 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:07.810163 0.075499 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:07.887856 0.031933 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:07.918631 0.091407 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:08.027168 0.111125 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:08.104566 0.175747 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:08.320260 0.068528 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:08.371376 0.076621 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:08.434066 0.193187 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:08.620159 0.147391 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:08.759810 0.113585 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:08.817947 0.050958 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:08.870024 0.164825 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:09.013864 0.050911 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:09.065933 0.089332 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:09.136660 0.113492 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:09.238161 0.114108 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:09.314676 0.129985 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:09.401944 0.158650 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:09.575159 0.384421 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:09.941429 0.087710 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:10.029917 0.340631 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:10.353074 0.310130 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:10.670680 0.344473 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/02 19:45:15.773059 3.003503 tcp 10.0.2.109 50289 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:45:24.775432 0.000000 tcp 10.0.2.109 50289 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:45:30.774943 0.052751 tcp 10.0.2.109 50290 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:45:30.827976 0.054323 tcp 10.0.2.109 50291 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:45:30.882566 0.148572 tcp 10.0.2.109 50292 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:45:31.090919 2.997729 tcp 10.0.2.109 50293 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:45:40.097316 0.000000 tcp 10.0.2.109 50293 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:45:46.086822 0.052080 tcp 10.0.2.109 50294 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:45:46.139274 0.053597 tcp 10.0.2.109 50295 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:45:46.193167 0.149550 tcp 10.0.2.109 50296 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:45:46.380856 3.000083 tcp 10.0.2.109 50297 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:45:55.379191 0.000000 tcp 10.0.2.109 50297 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:46:01.378134 3.004528 tcp 10.0.2.109 50298 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:46:10.381031 0.000000 tcp 10.0.2.109 50298 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:50:25.630846 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 19:50:32.638078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:50:40.639661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:50:56.642462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:51:16.381464 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 19:51:16.381618 3.003620 tcp 10.0.2.109 50299 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:51:25.383630 0.000000 tcp 10.0.2.109 50299 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:51:28.652554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:51:31.384179 0.031511 tcp 10.0.2.109 50300 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:51:31.415977 0.031019 tcp 10.0.2.109 50301 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:51:31.447258 0.124066 tcp 10.0.2.109 50302 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:51:31.581216 3.006413 tcp 10.0.2.109 50303 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:51:40.585723 0.000000 tcp 10.0.2.109 50303 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:51:46.575175 0.052475 tcp 10.0.2.109 50304 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:51:46.628044 0.031464 tcp 10.0.2.109 50305 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:51:46.659806 0.141727 tcp 10.0.2.109 50306 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:51:46.859477 3.001990 tcp 10.0.2.109 50307 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:51:55.857744 0.000000 tcp 10.0.2.109 50307 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:52:01.856327 2.994236 tcp 10.0.2.109 50308 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:52:10.849331 0.000000 tcp 10.0.2.109 50308 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:57:16.859552 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 19:57:16.859702 3.003832 tcp 10.0.2.109 50309 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:57:25.861925 0.000000 tcp 10.0.2.109 50309 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:57:31.862612 0.053831 tcp 10.0.2.109 50310 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:57:31.916671 0.030687 tcp 10.0.2.109 50311 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:57:31.947608 0.124115 tcp 10.0.2.109 50312 -> 195.113.214.211 443 SRPA* 0 0 25 13912 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:57:32.086112 2.999160 tcp 10.0.2.109 50313 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:57:32.655202 3.000810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 19:57:39.661847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:57:41.084024 0.000000 tcp 10.0.2.109 50313 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:57:47.083393 0.053127 tcp 10.0.2.109 50314 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:57:47.136811 0.052865 tcp 10.0.2.109 50315 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:57:47.189978 0.144076 tcp 10.0.2.109 50316 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/02 19:57:47.347659 3.010029 tcp 10.0.2.109 50317 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:57:47.663391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:57:56.365923 0.000000 tcp 10.0.2.109 50317 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:58:02.344920 2.994126 tcp 10.0.2.109 50318 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:58:03.666469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 19:58:11.337667 0.000000 tcp 10.0.2.109 50318 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 19:58:35.672748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:03:17.347847 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 20:03:17.348010 3.003873 tcp 10.0.2.109 50319 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:03:26.350613 0.000000 tcp 10.0.2.109 50319 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:03:32.350689 0.031023 tcp 10.0.2.109 50320 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:03:32.381966 0.030974 tcp 10.0.2.109 50321 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:03:32.413241 0.127021 tcp 10.0.2.109 50322 -> 195.113.214.211 443 SRPA* 0 0 21 11362 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:03:32.550022 3.003216 tcp 10.0.2.109 50323 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:03:41.552115 0.000000 tcp 10.0.2.109 50323 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:03:47.551347 0.030170 tcp 10.0.2.109 50324 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:03:47.581816 0.030880 tcp 10.0.2.109 50325 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:03:47.612959 0.147057 tcp 10.0.2.109 50326 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:03:47.771402 3.004177 tcp 10.0.2.109 50327 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:03:56.773511 0.000000 tcp 10.0.2.109 50327 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:04:02.773151 3.003985 tcp 10.0.2.109 50328 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:04:11.775605 0.000000 tcp 10.0.2.109 50328 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:04:56.693131 3.001714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 20:05:03.700595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:05:11.701963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:05:27.705004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:05:59.710960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:12:12.719359 3.001844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 20:12:19.727542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:12:27.728811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:12:43.731317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:13:15.737813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:15:28.489252 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 20:15:28.489354 0.078872 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:28.551196 0.074352 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:28.609359 0.031993 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:28.685035 0.152528 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:28.835523 0.170722 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:29.002411 0.082725 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:29.060235 0.098411 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:29.150843 0.175056 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:29.325427 0.066507 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:29.440643 0.077338 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:29.505310 0.194042 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:29.691365 0.152886 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:29.834614 0.110285 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:30.010577 0.052343 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:30.083501 0.166987 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:30.226477 0.051733 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:30.315380 0.090533 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:30.387651 0.112853 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:30.508387 0.117051 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:30.586576 0.120429 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 1994 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:30.672565 0.155120 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:30.854387 0.387058 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:31.225419 0.309174 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:31.550732 0.089633 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:31.626481 0.347862 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:31.953457 0.338881 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:15:32.815523 2.993573 tcp 10.0.2.109 50329 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:15:41.807741 0.000000 tcp 10.0.2.109 50329 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:15:47.818286 0.031125 tcp 10.0.2.109 50330 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:15:47.849712 0.030551 tcp 10.0.2.109 50331 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:15:47.880521 0.124332 tcp 10.0.2.109 50332 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:15:48.028877 3.002307 tcp 10.0.2.109 50333 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:15:57.029650 0.000000 tcp 10.0.2.109 50333 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:16:03.029000 0.044935 tcp 10.0.2.109 50334 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:16:03.074344 0.031850 tcp 10.0.2.109 50335 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:16:03.106504 0.124056 tcp 10.0.2.109 50336 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:16:03.822433 3.006083 tcp 10.0.2.109 50337 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:16:12.823625 0.000000 tcp 10.0.2.109 50337 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:16:18.811420 3.003853 tcp 10.0.2.109 50338 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:16:27.818361 0.000000 tcp 10.0.2.109 50338 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:19:19.744032 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 20:19:26.751328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:19:34.752663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:19:50.755635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:20:22.762242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:21:33.814741 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 20:21:33.814934 2.993341 tcp 10.0.2.109 50339 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:21:42.816997 0.000000 tcp 10.0.2.109 50339 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:21:48.817432 0.052877 tcp 10.0.2.109 50340 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:21:48.870550 0.031180 tcp 10.0.2.109 50341 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:21:48.901991 0.151600 tcp 10.0.2.109 50342 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:21:49.065259 2.994719 tcp 10.0.2.109 50343 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:21:58.058871 0.000000 tcp 10.0.2.109 50343 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:22:04.058332 0.030481 tcp 10.0.2.109 50344 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:22:04.089112 0.032532 tcp 10.0.2.109 50345 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:22:04.121885 0.145315 tcp 10.0.2.109 50346 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:22:04.421699 3.000699 tcp 10.0.2.109 50347 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:22:13.420985 0.000000 tcp 10.0.2.109 50347 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:22:19.419706 3.004835 tcp 10.0.2.109 50348 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:22:28.422748 0.000000 tcp 10.0.2.109 50348 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:26:26.768024 3.001349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 20:26:33.775331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:26:41.776127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:26:57.779628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:27:29.785776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:27:34.423770 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 20:27:34.423880 3.002610 tcp 10.0.2.109 50349 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:27:43.425504 0.000000 tcp 10.0.2.109 50349 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:27:49.425446 0.054068 tcp 10.0.2.109 50350 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:27:49.479778 0.053552 tcp 10.0.2.109 50351 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:27:49.533596 0.126475 tcp 10.0.2.109 50352 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:27:49.670897 2.997696 tcp 10.0.2.109 50353 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:27:58.677408 0.000000 tcp 10.0.2.109 50353 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:28:04.667076 0.052600 tcp 10.0.2.109 50354 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:28:04.719931 0.031642 tcp 10.0.2.109 50355 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:28:04.751934 0.125400 tcp 10.0.2.109 50356 -> 195.113.214.211 443 SRPA* 0 0 36 29998 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:28:05.123907 2.996905 tcp 10.0.2.109 50357 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:28:14.119557 0.000000 tcp 10.0.2.109 50357 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:28:20.118307 3.004287 tcp 10.0.2.109 50358 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:28:29.121206 0.000000 tcp 10.0.2.109 50358 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:33:33.792284 3.000651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 20:33:35.121693 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 20:33:35.121853 3.003475 tcp 10.0.2.109 50359 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:33:40.799086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:33:44.124077 0.000000 tcp 10.0.2.109 50359 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:33:48.800868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:33:50.124605 0.052780 tcp 10.0.2.109 50360 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:33:50.177700 0.031518 tcp 10.0.2.109 50361 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:33:50.209494 0.147004 tcp 10.0.2.109 50362 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:33:50.372158 3.005097 tcp 10.0.2.109 50363 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:33:59.375854 0.000000 tcp 10.0.2.109 50363 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:34:04.803973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:34:05.365195 0.054460 tcp 10.0.2.109 50364 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:34:05.419965 0.051995 tcp 10.0.2.109 50365 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:34:05.472268 0.129486 tcp 10.0.2.109 50366 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:34:05.629533 2.999503 tcp 10.0.2.109 50367 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:34:14.627940 0.000000 tcp 10.0.2.109 50367 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:34:20.626294 2.994516 tcp 10.0.2.109 50368 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:34:29.619458 0.000000 tcp 10.0.2.109 50368 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:34:36.809849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:40:40.816320 3.001293 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 20:40:47.824590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:40:55.824862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:41:11.827781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:41:43.833674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:45:51.570574 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 20:45:51.570723 0.032229 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:51.797604 0.157879 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:51.947711 0.076878 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:52.066402 0.073802 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:52.121972 0.174622 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:52.293902 0.088588 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:52.357029 0.097454 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:52.463338 0.168196 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:52.705999 0.064023 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:52.755385 0.076445 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:52.994816 0.194321 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:53.181751 0.149400 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:53.484189 0.107291 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:53.541510 0.052323 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:53.629015 0.164469 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:53.772056 0.050908 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:53.858745 0.087038 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:53.924955 0.115056 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:54.003797 0.291656 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 1927 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:54.260749 0.131145 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:54.350570 0.172487 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:54.614494 0.086977 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:54.683932 0.507759 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:55.174368 0.379597 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:55.536114 0.310629 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1936 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:45:55.862064 0.346661 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/02 20:46:05.670856 3.002981 tcp 10.0.2.109 50369 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:46:14.672460 0.000000 tcp 10.0.2.109 50369 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:46:20.676194 0.031582 tcp 10.0.2.109 50370 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:46:20.708023 0.053464 tcp 10.0.2.109 50371 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:46:20.761852 0.147779 tcp 10.0.2.109 50372 -> 195.113.214.211 443 SRPA* 0 0 35 19218 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:46:20.948944 2.997352 tcp 10.0.2.109 50373 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:46:29.945143 0.000000 tcp 10.0.2.109 50373 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:46:35.944545 0.053144 tcp 10.0.2.109 50374 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:46:35.997965 0.031316 tcp 10.0.2.109 50375 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:46:36.029565 0.141337 tcp 10.0.2.109 50376 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:46:36.181931 2.996388 tcp 10.0.2.109 50377 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:46:45.187176 0.000000 tcp 10.0.2.109 50377 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:46:51.175785 2.994056 tcp 10.0.2.109 50378 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:47:00.168376 0.000000 tcp 10.0.2.109 50378 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:47:47.839059 3.002320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 20:47:54.847101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:48:02.849046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:48:18.855092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:48:50.858041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:52:06.179366 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 20:52:06.179511 3.003462 tcp 10.0.2.109 50379 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:52:15.181345 0.000000 tcp 10.0.2.109 50379 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:52:21.181963 0.032332 tcp 10.0.2.109 50380 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:52:21.214574 0.052829 tcp 10.0.2.109 50381 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:52:21.267660 0.126512 tcp 10.0.2.109 50382 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:52:21.404965 2.999644 tcp 10.0.2.109 50383 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:52:30.403407 0.000000 tcp 10.0.2.109 50383 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:52:36.405281 0.030863 tcp 10.0.2.109 50384 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:52:36.436396 0.030593 tcp 10.0.2.109 50385 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:52:36.467255 0.124983 tcp 10.0.2.109 50386 -> 195.113.214.211 443 SRPA* 0 0 46 41914 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:52:36.604621 3.002063 tcp 10.0.2.109 50387 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:52:45.604730 0.000000 tcp 10.0.2.109 50387 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:52:51.603982 2.994018 tcp 10.0.2.109 50388 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:53:00.606741 0.000000 tcp 10.0.2.109 50388 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:55:31.871287 2.997291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 20:55:38.874551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:55:46.876038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:56:02.878685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:56:34.885111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 20:58:06.606886 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 20:58:06.607125 3.003930 tcp 10.0.2.109 50389 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:58:15.609428 0.000000 tcp 10.0.2.109 50389 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:58:21.609900 0.053247 tcp 10.0.2.109 50390 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:58:21.663419 0.032145 tcp 10.0.2.109 50391 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:58:21.695871 0.127145 tcp 10.0.2.109 50392 -> 195.113.214.211 443 SRPA* 0 0 21 11340 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:58:21.838760 3.003936 tcp 10.0.2.109 50393 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:58:30.841950 0.000000 tcp 10.0.2.109 50393 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:58:36.831397 0.030468 tcp 10.0.2.109 50394 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:58:36.862137 0.053427 tcp 10.0.2.109 50395 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:58:36.915845 0.147105 tcp 10.0.2.109 50396 -> 195.113.214.211 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/02/02 20:58:37.075396 2.999765 tcp 10.0.2.109 50397 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:58:46.073456 0.000000 tcp 10.0.2.109 50397 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:58:52.072318 3.004005 tcp 10.0.2.109 50398 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 20:59:01.075064 0.000000 tcp 10.0.2.109 50398 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:02:45.890930 3.001541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 21:02:52.898411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:03:00.899952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:03:16.902910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:03:48.908943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:04:07.075523 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 21:04:07.075749 2.993395 tcp 10.0.2.109 50399 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:04:16.068014 0.000000 tcp 10.0.2.109 50399 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:04:22.078514 0.032281 tcp 10.0.2.109 50400 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:04:22.111064 0.030750 tcp 10.0.2.109 50401 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:04:22.142152 0.123876 tcp 10.0.2.109 50402 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:04:22.282249 2.998780 tcp 10.0.2.109 50403 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:04:31.279662 0.000000 tcp 10.0.2.109 50403 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:04:37.279285 0.050606 tcp 10.0.2.109 50404 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:04:37.330211 0.049281 tcp 10.0.2.109 50405 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:04:37.379767 0.125496 tcp 10.0.2.109 50406 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:04:37.536809 2.996331 tcp 10.0.2.109 50407 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:04:46.531749 0.000000 tcp 10.0.2.109 50407 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:04:52.530744 3.003988 tcp 10.0.2.109 50408 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:05:01.533485 0.000000 tcp 10.0.2.109 50408 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:09:52.915266 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 21:09:59.922492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:10:07.923158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:10:23.926408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:10:55.932992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:16:21.551507 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 21:16:21.551686 0.103477 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:21.788275 0.151857 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:21.938667 0.080934 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:22.039333 0.073961 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:22.096434 0.174508 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:22.266648 0.088330 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:22.356779 0.098256 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:22.422737 0.171593 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:22.572786 3.004005 tcp 10.0.2.109 50409 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:16:22.631873 0.067397 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:22.681741 0.076595 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:22.764616 0.189331 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:22.946325 0.148780 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:23.087500 0.115840 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:23.171665 0.051938 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:23.399486 0.167078 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:23.543471 0.050445 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2549 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:24.165026 0.085182 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:24.229792 0.111874 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:24.303286 0.247186 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:24.718968 0.127849 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:24.808543 0.156982 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:24.970804 0.084696 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:25.041032 0.310342 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:25.415456 0.371535 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:25.795487 0.390967 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:26.169064 0.343521 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:16:31.575354 0.000000 tcp 10.0.2.109 50409 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:16:37.575694 0.052585 tcp 10.0.2.109 50410 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:16:37.628559 0.030832 tcp 10.0.2.109 50411 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:16:37.659664 0.154327 tcp 10.0.2.109 50412 -> 195.113.214.211 443 SRPA* 0 0 31 22142 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:16:37.863877 2.994884 tcp 10.0.2.109 50413 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:16:46.867601 0.000000 tcp 10.0.2.109 50413 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:16:59.939210 3.001609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 21:17:06.946410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:17:14.948214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:17:30.951011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:18:02.958606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:21:52.857582 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 21:21:52.857676 3.003688 tcp 10.0.2.109 50414 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:22:01.860639 0.000000 tcp 10.0.2.109 50414 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:22:07.860683 0.031004 tcp 10.0.2.109 50415 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:22:07.891937 0.054819 tcp 10.0.2.109 50416 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:22:07.947062 0.146014 tcp 10.0.2.109 50417 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:22:08.168172 2.995489 tcp 10.0.2.109 50418 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:22:17.162352 0.000000 tcp 10.0.2.109 50418 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:22:23.161529 0.030766 tcp 10.0.2.109 50419 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:22:23.192619 0.053354 tcp 10.0.2.109 50420 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:22:23.246290 0.127515 tcp 10.0.2.109 50421 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:22:23.485384 3.000316 tcp 10.0.2.109 50422 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:22:32.484558 0.000000 tcp 10.0.2.109 50422 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:22:38.483165 3.003970 tcp 10.0.2.109 50423 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:22:47.485684 0.000000 tcp 10.0.2.109 50423 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:24:06.963171 3.001212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 21:24:13.970422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:24:21.977188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:24:37.974857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:25:09.980890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:27:53.486173 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 21:27:53.486339 2.994146 tcp 10.0.2.109 50424 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:28:02.478916 0.000000 tcp 10.0.2.109 50424 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:28:08.489172 0.052721 tcp 10.0.2.109 50425 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:28:08.542235 0.053714 tcp 10.0.2.109 50426 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:28:08.596268 0.148922 tcp 10.0.2.109 50427 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:28:08.893032 2.999427 tcp 10.0.2.109 50428 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:28:17.891525 0.000000 tcp 10.0.2.109 50428 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:28:23.891552 0.030328 tcp 10.0.2.109 50429 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:28:23.922415 0.031093 tcp 10.0.2.109 50430 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:28:23.953822 0.150635 tcp 10.0.2.109 50431 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:28:24.305459 2.998988 tcp 10.0.2.109 50432 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:28:33.303273 0.000000 tcp 10.0.2.109 50432 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:28:39.301834 3.003616 tcp 10.0.2.109 50433 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:28:48.304655 0.000000 tcp 10.0.2.109 50433 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:31:13.986912 3.001578 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 21:31:20.994217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:31:28.995677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:31:44.998758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:32:17.004705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:33:54.305170 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 21:33:54.305262 2.993604 tcp 10.0.2.109 50434 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:34:03.307646 0.000000 tcp 10.0.2.109 50434 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:34:09.307681 0.054047 tcp 10.0.2.109 50435 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:34:09.362025 0.118081 tcp 10.0.2.109 50436 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:34:09.480413 0.146312 tcp 10.0.2.109 50437 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:34:09.642271 2.998257 tcp 10.0.2.109 50438 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:34:18.639698 0.000000 tcp 10.0.2.109 50438 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:34:24.638482 0.051143 tcp 10.0.2.109 50439 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:34:24.689989 0.052501 tcp 10.0.2.109 50440 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:34:24.742788 0.149574 tcp 10.0.2.109 50441 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:34:24.903602 2.999460 tcp 10.0.2.109 50442 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:34:33.901791 0.000000 tcp 10.0.2.109 50442 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:34:39.900173 3.003863 tcp 10.0.2.109 50443 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:34:48.903239 0.000000 tcp 10.0.2.109 50443 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:38:21.010620 3.004729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 21:38:28.017752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:38:36.019813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:38:52.022494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:39:24.028776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:39:54.903665 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 21:39:54.903767 3.003737 tcp 10.0.2.109 50444 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:40:03.915935 0.000000 tcp 10.0.2.109 50444 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:40:09.906502 0.052664 tcp 10.0.2.109 50445 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:40:09.959433 0.053766 tcp 10.0.2.109 50446 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:40:10.013496 0.145473 tcp 10.0.2.109 50447 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:40:10.183855 2.995421 tcp 10.0.2.109 50448 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:40:19.177875 0.000000 tcp 10.0.2.109 50448 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:45:28.034177 3.002278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 21:45:35.042420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:45:43.043283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:45:59.046312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:46:31.052790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:46:50.070703 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 21:46:50.070863 0.034141 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:50.137940 0.155324 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:50.292122 0.090670 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 1964 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:50.366861 0.073837 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:50.424012 0.175124 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:50.595290 0.082930 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:50.654581 0.102033 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:50.750356 0.174937 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:51.048175 0.086343 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:51.117813 0.080379 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:51.184540 0.193696 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:51.368602 0.161452 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:51.522322 0.113810 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:51.716649 0.053127 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:51.835337 0.164885 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:51.978754 0.050474 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:52.061170 0.088068 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:52.295079 0.114121 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:52.398750 0.573478 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:52.934619 0.126411 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:53.021593 0.156401 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2035 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:53.219822 0.403853 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:53.605609 0.091774 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:53.681269 0.312471 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:54.012189 0.394273 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:54.387618 0.385682 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/02 21:46:55.187489 3.004111 tcp 10.0.2.109 50449 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:47:04.190399 0.000000 tcp 10.0.2.109 50449 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:47:10.190620 0.052464 tcp 10.0.2.109 50450 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:47:10.243328 0.031713 tcp 10.0.2.109 50451 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:47:10.275318 0.148105 tcp 10.0.2.109 50452 -> 195.113.214.211 443 SRPA* 0 0 42 37004 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:47:10.537588 3.006035 tcp 10.0.2.109 50453 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:47:19.544180 0.000000 tcp 10.0.2.109 50453 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:47:25.531779 0.051555 tcp 10.0.2.109 50454 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:47:25.583627 0.052979 tcp 10.0.2.109 50455 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:47:25.636856 0.125966 tcp 10.0.2.109 50456 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:47:25.789305 3.013117 tcp 10.0.2.109 50457 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:47:34.794454 0.000000 tcp 10.0.2.109 50457 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:47:40.783813 3.003183 tcp 10.0.2.109 50458 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:47:49.785712 0.000000 tcp 10.0.2.109 50458 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:52:55.786314 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 21:52:55.786488 2.993574 tcp 10.0.2.109 50459 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:53:04.778685 0.000000 tcp 10.0.2.109 50459 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:53:10.788763 0.081883 tcp 10.0.2.109 50460 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:53:10.870896 0.054647 tcp 10.0.2.109 50461 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:53:10.925844 0.154715 tcp 10.0.2.109 50462 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:53:11.092140 2.999907 tcp 10.0.2.109 50463 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:53:20.090857 0.000000 tcp 10.0.2.109 50463 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:53:26.090039 0.051254 tcp 10.0.2.109 50464 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:53:26.141633 0.053031 tcp 10.0.2.109 50465 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:53:26.194998 0.150437 tcp 10.0.2.109 50466 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:53:26.356274 2.998593 tcp 10.0.2.109 50467 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:53:35.352772 0.000000 tcp 10.0.2.109 50467 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:53:41.351692 3.006199 tcp 10.0.2.109 50468 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:53:50.354702 0.000000 tcp 10.0.2.109 50468 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:54:23.063983 3.001480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 21:54:30.071797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:54:38.073058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:54:54.075909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:55:26.082022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 21:58:56.355149 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 21:58:56.355295 2.993439 tcp 10.0.2.109 50469 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:59:05.357279 0.000000 tcp 10.0.2.109 50469 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:59:11.357638 0.054669 tcp 10.0.2.109 50470 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:59:11.412546 0.053416 tcp 10.0.2.109 50471 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:59:11.466419 0.148586 tcp 10.0.2.109 50472 -> 195.113.214.211 443 SRPA* 0 0 35 18594 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:59:11.653333 2.996592 tcp 10.0.2.109 50473 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:59:20.649342 0.000000 tcp 10.0.2.109 50473 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:59:26.648855 0.051940 tcp 10.0.2.109 50474 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:59:26.701065 0.052381 tcp 10.0.2.109 50475 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:59:26.753656 0.141901 tcp 10.0.2.109 50476 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/02 21:59:26.928283 3.004034 tcp 10.0.2.109 50477 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:59:35.930964 0.000000 tcp 10.0.2.109 50477 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:59:41.919824 3.004680 tcp 10.0.2.109 50478 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 21:59:50.922676 0.000000 tcp 10.0.2.109 50478 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:01:52.099794 3.001549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 22:01:59.107030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:02:07.108432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:02:23.111652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:02:55.117514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:04:56.923356 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 22:04:56.923448 3.002942 tcp 10.0.2.109 50479 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:05:05.925448 0.000000 tcp 10.0.2.109 50479 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:05:11.925797 0.051199 tcp 10.0.2.109 50480 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:05:11.977255 0.055417 tcp 10.0.2.109 50481 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:05:12.032984 0.145711 tcp 10.0.2.109 50482 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:05:12.207806 3.001298 tcp 10.0.2.109 50483 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:05:21.207613 0.000000 tcp 10.0.2.109 50483 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:05:27.206733 0.053098 tcp 10.0.2.109 50484 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:05:27.260108 0.051965 tcp 10.0.2.109 50485 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:05:27.311956 0.151688 tcp 10.0.2.109 50486 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:05:27.475753 2.995388 tcp 10.0.2.109 50487 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:05:36.469546 0.000000 tcp 10.0.2.109 50487 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:05:42.468350 3.004152 tcp 10.0.2.109 50488 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:05:51.471025 0.000000 tcp 10.0.2.109 50488 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:09:06.123815 3.001478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 22:09:13.131099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:09:21.132502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:09:37.135462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:10:09.141656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:16:13.147267 3.011958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 22:16:20.165050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:16:28.166600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:16:44.169590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:17:16.177550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:17:20.762872 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 22:17:20.763022 0.078181 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:20.822453 0.073149 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:20.887948 0.175022 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:21.058771 0.088783 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:21.294460 0.096759 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:21.356227 0.169402 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:21.521289 0.032161 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:21.784919 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 22:17:27.514923 3.003167 tcp 10.0.2.109 50489 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:17:36.515042 0.000000 tcp 10.0.2.109 50489 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:17:37.047004 0.816674 tcp 10.0.2.109 50490 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:17:37.863960 0.052737 tcp 10.0.2.109 50491 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:17:37.916995 0.147085 tcp 10.0.2.109 50492 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:17:38.064739 0.066493 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:38.115792 0.078177 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:38.197235 0.193871 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:38.383957 0.153160 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:38.528984 0.113264 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:38.690030 0.053725 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:38.902763 0.085999 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:38.968652 0.107463 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:39.049904 0.184335 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:39.190641 0.164503 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:39.332506 0.050993 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:39.433527 0.127346 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:39.523288 0.158678 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:39.687099 0.362271 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:40.029670 0.087303 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:40.099300 0.414002 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:40.558917 0.327727 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:40.929620 0.389245 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:17:42.513994 0.054784 tcp 10.0.2.109 50493 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:17:42.569057 0.053534 tcp 10.0.2.109 50494 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:17:42.622896 0.153640 tcp 10.0.2.109 50495 -> 195.113.214.211 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:17:42.876875 2.991680 tcp 10.0.2.109 50496 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:17:51.906461 0.000000 tcp 10.0.2.109 50496 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:17:57.876041 0.053574 tcp 10.0.2.109 50497 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:17:57.929862 0.052486 tcp 10.0.2.109 50498 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:17:57.982677 0.141404 tcp 10.0.2.109 50499 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:17:58.257520 3.003097 tcp 10.0.2.109 50500 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:18:07.258984 0.000000 tcp 10.0.2.109 50500 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:18:13.257918 3.004635 tcp 10.0.2.109 50501 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:18:22.260641 0.000000 tcp 10.0.2.109 50501 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:23:20.181629 3.001860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 22:23:27.189010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:23:28.261488 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 22:23:28.261598 3.003106 tcp 10.0.2.109 50502 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:23:35.191210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:23:37.264665 0.000000 tcp 10.0.2.109 50502 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:23:43.264202 0.054510 tcp 10.0.2.109 50503 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:23:43.318988 0.053701 tcp 10.0.2.109 50504 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:23:43.372979 0.147570 tcp 10.0.2.109 50505 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:23:43.709158 3.007743 tcp 10.0.2.109 50506 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:23:51.193640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:23:52.715015 0.000000 tcp 10.0.2.109 50506 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:23:58.705361 0.051976 tcp 10.0.2.109 50507 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:23:58.757599 0.060639 tcp 10.0.2.109 50508 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:23:58.818238 0.145205 tcp 10.0.2.109 50509 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:23:59.006839 2.995813 tcp 10.0.2.109 50510 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:24:08.007561 0.000000 tcp 10.0.2.109 50510 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:24:13.996305 2.993878 tcp 10.0.2.109 50511 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:24:22.989167 0.000000 tcp 10.0.2.109 50511 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:24:23.199605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:29:28.999731 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 22:29:28.999813 3.003541 tcp 10.0.2.109 50512 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:29:38.002428 0.000000 tcp 10.0.2.109 50512 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:29:44.002408 0.052899 tcp 10.0.2.109 50513 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:29:44.055637 0.051977 tcp 10.0.2.109 50514 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:29:44.107888 0.151175 tcp 10.0.2.109 50515 -> 195.113.214.211 443 SRPA* 0 0 32 17014 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:29:44.283581 3.001933 tcp 10.0.2.109 50516 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:29:53.283902 0.000000 tcp 10.0.2.109 50516 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:29:59.283512 0.052806 tcp 10.0.2.109 50517 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:29:59.336168 0.053632 tcp 10.0.2.109 50518 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:29:59.390176 0.146307 tcp 10.0.2.109 50519 -> 195.113.214.211 443 SRPA* 0 0 43 34118 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:29:59.661348 3.006284 tcp 10.0.2.109 50520 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:30:08.675943 0.000000 tcp 10.0.2.109 50520 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:30:14.654897 2.994028 tcp 10.0.2.109 50521 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:30:23.657871 0.000000 tcp 10.0.2.109 50521 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:30:27.206397 3.000757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 22:30:34.213857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:30:42.214924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:30:58.217898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:31:30.223984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:35:29.658438 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 22:35:29.658630 3.003173 tcp 10.0.2.109 50522 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:35:38.660693 0.000000 tcp 10.0.2.109 50522 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:35:44.661057 0.053963 tcp 10.0.2.109 50523 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:35:44.715244 0.053535 tcp 10.0.2.109 50524 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:35:44.769102 0.148230 tcp 10.0.2.109 50525 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:35:44.935285 2.998652 tcp 10.0.2.109 50526 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:35:53.932334 0.000000 tcp 10.0.2.109 50526 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:35:59.931863 0.051872 tcp 10.0.2.109 50527 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:35:59.984030 0.054314 tcp 10.0.2.109 50528 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:36:00.038657 0.128381 tcp 10.0.2.109 50529 -> 195.113.214.211 443 SRPA* 0 0 32 17636 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:36:00.323241 3.003105 tcp 10.0.2.109 50530 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:36:09.324853 0.000000 tcp 10.0.2.109 50530 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:36:15.323934 2.993861 tcp 10.0.2.109 50531 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:36:24.326120 0.000000 tcp 10.0.2.109 50531 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:37:34.232230 3.000669 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 22:37:41.237169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:37:49.248437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:38:05.251678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:38:37.257483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:44:41.263720 3.001319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 22:44:48.271130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:44:56.272624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:45:12.275936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:45:44.281374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:47:45.555474 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 22:47:45.555579 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 22:48:03.133119 0.053137 tcp 10.0.2.109 50532 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:48:03.186548 0.052844 tcp 10.0.2.109 50533 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:48:03.239644 0.151127 tcp 10.0.2.109 50534 -> 195.113.214.211 443 SRPA* 0 0 46 40404 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:48:03.391321 0.076657 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:03.450332 0.074396 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:03.507693 0.167207 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:03.694286 0.032101 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:03.772677 0.100878 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:03.846033 0.173464 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.016946 0.095536 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.081551 0.067791 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.132449 0.077621 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.193948 0.200056 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.385994 0.146763 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.524647 0.110188 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.773104 0.054721 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.829512 0.088382 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.898104 0.108296 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:04.976708 0.127519 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:05.061906 0.165057 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:05.205982 0.050901 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:05.287506 0.137415 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:05.385738 0.162897 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:05.561915 0.410671 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:05.991876 0.310463 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2597 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:06.306671 0.351034 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:06.639057 0.085314 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:06.709430 0.380249 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/02 22:48:15.369024 3.003935 tcp 10.0.2.109 50535 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:48:24.373890 0.000000 tcp 10.0.2.109 50535 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:48:30.371226 0.053877 tcp 10.0.2.109 50536 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:48:30.425012 0.052346 tcp 10.0.2.109 50537 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:48:30.477678 0.149644 tcp 10.0.2.109 50538 -> 195.113.214.211 443 SRPA* 0 0 27 11686 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:48:30.948131 3.007243 tcp 10.0.2.109 50539 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:48:39.953576 0.000000 tcp 10.0.2.109 50539 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:48:45.948211 0.053127 tcp 10.0.2.109 50540 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:48:46.001601 0.054734 tcp 10.0.2.109 50541 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:48:46.056663 0.145382 tcp 10.0.2.109 50542 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:48:46.377534 2.990005 tcp 10.0.2.109 50543 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:48:55.377485 0.000000 tcp 10.0.2.109 50543 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:49:01.370599 2.988590 tcp 10.0.2.109 50544 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:49:10.367712 0.000000 tcp 10.0.2.109 50544 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:54:00.297270 3.001715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 22:54:07.304699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:54:15.306343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:54:16.368238 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 22:54:16.368379 3.003769 tcp 10.0.2.109 50545 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:54:25.370746 0.000000 tcp 10.0.2.109 50545 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:54:31.309284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:54:31.370969 0.053590 tcp 10.0.2.109 50546 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:54:31.424826 0.054058 tcp 10.0.2.109 50547 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:54:31.479139 0.146194 tcp 10.0.2.109 50548 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:54:31.642563 3.001882 tcp 10.0.2.109 50549 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:54:40.642567 0.000000 tcp 10.0.2.109 50549 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:54:46.641952 0.054972 tcp 10.0.2.109 50550 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:54:46.697221 0.054752 tcp 10.0.2.109 50551 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:54:46.752313 0.150556 tcp 10.0.2.109 50552 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/02 22:54:46.912870 3.002908 tcp 10.0.2.109 50553 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:54:55.913997 0.000000 tcp 10.0.2.109 50553 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:55:01.913323 2.994148 tcp 10.0.2.109 50554 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 22:55:03.315217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 22:55:10.916060 0.000000 tcp 10.0.2.109 50554 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:00:16.916817 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 23:00:16.916904 2.993701 tcp 10.0.2.109 50555 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:00:25.909066 0.000000 tcp 10.0.2.109 50555 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:00:31.919881 0.052816 tcp 10.0.2.109 50556 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:00:31.972980 0.052677 tcp 10.0.2.109 50557 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:00:32.025920 0.151457 tcp 10.0.2.109 50558 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:00:32.192457 2.999904 tcp 10.0.2.109 50559 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:00:41.191029 0.000000 tcp 10.0.2.109 50559 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:00:47.190640 0.055739 tcp 10.0.2.109 50560 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:00:47.246639 0.052640 tcp 10.0.2.109 50561 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:00:47.299598 0.146231 tcp 10.0.2.109 50562 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:00:47.456249 2.998117 tcp 10.0.2.109 50563 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:00:56.452958 0.000000 tcp 10.0.2.109 50563 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:01:02.451720 3.004080 tcp 10.0.2.109 50564 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:01:07.320892 3.002236 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 23:01:11.454516 0.000000 tcp 10.0.2.109 50564 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:01:14.328572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:01:22.329981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:01:38.333540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:02:10.339271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:06:17.455097 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 23:06:17.455305 2.993448 tcp 10.0.2.109 50565 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:06:26.457422 0.000000 tcp 10.0.2.109 50565 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:06:32.457838 0.053832 tcp 10.0.2.109 50566 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:06:32.511949 0.054213 tcp 10.0.2.109 50567 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:06:32.566514 0.156502 tcp 10.0.2.109 50568 -> 195.113.214.211 443 SRPA* 0 0 22 13124 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:06:32.733725 2.996988 tcp 10.0.2.109 50569 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:06:41.729247 0.000000 tcp 10.0.2.109 50569 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:06:47.728498 0.051523 tcp 10.0.2.109 50570 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:06:47.780360 0.053918 tcp 10.0.2.109 50571 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:06:47.834570 0.143375 tcp 10.0.2.109 50572 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:06:48.081572 3.001017 tcp 10.0.2.109 50573 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:06:57.081572 0.000000 tcp 10.0.2.109 50573 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:07:03.080164 3.003748 tcp 10.0.2.109 50574 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:07:12.082709 0.000000 tcp 10.0.2.109 50574 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:08:22.347028 3.001399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 23:08:29.354360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:08:37.355624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:08:53.358882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:09:25.364726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:15:29.370676 3.001905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 23:15:36.378235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:15:44.379654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:16:00.382726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:16:32.388902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:18:23.418482 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 23:18:23.418639 0.169097 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:23.749914 0.032037 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:23.901583 0.086012 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:23.960308 0.080410 udp 10.0.2.109 3683 <-> 86.139.168.58 1084 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:24.068372 0.076760 rtp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:24.128375 0.173736 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:24.299306 0.098118 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:24.423096 0.067391 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:24.472239 0.080113 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:24.580222 0.194056 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:24.766181 0.145575 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:24.904185 0.110244 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:25.006781 0.051775 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:25.099083 0.086038 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:25.166934 0.118851 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:25.244423 0.117488 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:25.327406 0.166552 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:25.472209 0.050473 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:25.619305 0.132076 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:25.711264 0.156699 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:25.935309 0.404490 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:26.353453 0.090757 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:26.427575 0.308357 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:26.755286 0.370924 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:27.108880 0.388613 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:18:33.123180 3.003263 tcp 10.0.2.109 50575 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:18:42.125165 0.000000 tcp 10.0.2.109 50575 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:18:48.128054 0.054268 tcp 10.0.2.109 50576 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:18:48.182584 0.052562 tcp 10.0.2.109 50577 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:18:48.235413 0.149903 tcp 10.0.2.109 50578 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:18:48.486808 2.991666 tcp 10.0.2.109 50579 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:18:57.487302 0.000000 tcp 10.0.2.109 50579 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:19:03.486808 0.051127 tcp 10.0.2.109 50580 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:19:03.538268 0.054072 tcp 10.0.2.109 50581 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:19:03.592584 0.143388 tcp 10.0.2.109 50582 -> 195.113.214.211 443 SRPA* 0 0 50 32686 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:19:03.780824 3.005511 tcp 10.0.2.109 50583 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:19:12.779234 0.000000 tcp 10.0.2.109 50583 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:19:18.777916 3.004417 tcp 10.0.2.109 50584 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:19:27.780416 0.000000 tcp 10.0.2.109 50584 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:22:36.394511 3.002171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 23:22:43.401972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:22:51.403571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:23:07.406804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:23:39.412596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:24:33.780715 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 23:24:33.780864 3.003835 tcp 10.0.2.109 50585 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:24:42.783668 0.000000 tcp 10.0.2.109 50585 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:24:48.788371 0.052633 tcp 10.0.2.109 50586 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:24:48.841252 0.051631 tcp 10.0.2.109 50587 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:24:48.893205 0.156446 tcp 10.0.2.109 50588 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:24:49.166878 3.004297 tcp 10.0.2.109 50589 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:24:58.165627 0.000000 tcp 10.0.2.109 50589 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:25:04.165111 0.051296 tcp 10.0.2.109 50590 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:25:04.216748 0.057426 tcp 10.0.2.109 50591 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:25:04.274448 0.148179 tcp 10.0.2.109 50592 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:25:04.520033 2.999657 tcp 10.0.2.109 50593 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:25:13.530884 0.000000 tcp 10.0.2.109 50593 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:25:19.516942 2.993936 tcp 10.0.2.109 50594 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:25:28.509326 0.000000 tcp 10.0.2.109 50594 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:29:43.419121 3.000955 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 23:29:50.425851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:29:58.427780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:30:14.430598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:30:34.520097 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 23:30:34.520250 3.003287 tcp 10.0.2.109 50595 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:30:43.521995 0.000000 tcp 10.0.2.109 50595 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:30:46.436796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:30:49.522636 0.054184 tcp 10.0.2.109 50596 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:30:49.577060 0.052772 tcp 10.0.2.109 50597 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:30:49.630111 0.146485 tcp 10.0.2.109 50598 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:30:49.794448 3.001205 tcp 10.0.2.109 50599 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:30:58.794403 0.000000 tcp 10.0.2.109 50599 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:31:04.793522 0.051621 tcp 10.0.2.109 50600 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:31:04.845417 0.053043 tcp 10.0.2.109 50601 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:31:04.898744 0.149359 tcp 10.0.2.109 50602 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:31:05.082871 2.994677 tcp 10.0.2.109 50603 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:31:14.086145 0.000000 tcp 10.0.2.109 50603 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:31:20.074820 2.994276 tcp 10.0.2.109 50604 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:31:29.067689 0.000000 tcp 10.0.2.109 50604 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:36:35.078417 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 23:36:35.078582 3.003633 tcp 10.0.2.109 50605 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:36:44.080791 0.000000 tcp 10.0.2.109 50605 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:36:50.081228 0.053143 tcp 10.0.2.109 50606 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:36:50.134649 0.054448 tcp 10.0.2.109 50607 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:36:50.189474 0.148110 tcp 10.0.2.109 50608 -> 195.113.214.211 443 SRPA* 0 0 20 10684 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:36:50.441996 3.002350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 23:36:50.451038 3.003340 tcp 10.0.2.109 50609 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:36:57.456410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:36:59.454034 0.000000 tcp 10.0.2.109 50609 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:37:05.453534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:37:05.454409 0.052272 tcp 10.0.2.109 50610 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:37:05.506997 0.052832 tcp 10.0.2.109 50611 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:37:05.560115 0.147311 tcp 10.0.2.109 50612 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:37:05.821077 3.005253 tcp 10.0.2.109 50613 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:37:14.825234 0.000000 tcp 10.0.2.109 50613 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:37:20.814923 2.994512 tcp 10.0.2.109 50614 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:37:21.459156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:37:29.816016 0.000000 tcp 10.0.2.109 50614 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:37:53.460730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:43:57.467356 3.000759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/02 23:44:04.473792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:44:12.475595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:44:28.478585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:45:00.484520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:48:53.639841 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 23:48:53.639929 0.085943 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:48:53.698604 0.167227 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:48:53.934256 0.033936 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:48:53.967249 0.000000 udp 10.0.2.109 3683 -> 86.139.168.58 1084 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/02 23:49:05.856931 3.003948 tcp 10.0.2.109 50615 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:49:09.884841 0.053195 tcp 10.0.2.109 50616 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:49:09.938360 0.053648 tcp 10.0.2.109 50617 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:49:09.992296 0.155663 tcp 10.0.2.109 50618 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:49:10.148474 0.074689 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:10.205425 0.171930 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:10.373309 0.100888 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:10.440246 0.066588 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:10.531125 0.077355 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:10.593767 0.195952 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:10.780117 0.151396 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:10.927301 0.113299 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:11.001658 0.052197 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:11.134891 0.084073 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:11.200550 0.110805 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:11.271425 0.121494 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:11.352586 0.166454 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:11.496712 0.058114 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:11.652547 0.128948 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:11.738241 0.157495 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:11.906585 0.309753 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:12.282694 0.357746 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:12.657826 0.094178 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:12.735593 0.368968 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2609 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:13.085196 0.393039 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/02 23:49:14.860326 0.000000 tcp 10.0.2.109 50615 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:49:20.859402 0.052281 tcp 10.0.2.109 50619 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:49:20.911925 0.053457 tcp 10.0.2.109 50620 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:49:20.965647 0.152940 tcp 10.0.2.109 50621 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:49:21.140017 3.003417 tcp 10.0.2.109 50622 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:49:30.142051 0.000000 tcp 10.0.2.109 50622 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:49:36.141266 0.055588 tcp 10.0.2.109 50623 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:49:36.197101 0.053961 tcp 10.0.2.109 50624 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:49:36.251362 0.148565 tcp 10.0.2.109 50625 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:49:36.443841 3.001570 tcp 10.0.2.109 50626 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:49:45.444403 0.000000 tcp 10.0.2.109 50626 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:49:51.443577 3.004934 tcp 10.0.2.109 50627 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:50:00.445806 0.000000 tcp 10.0.2.109 50627 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:53:26.494467 3.002251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/02 23:53:33.501865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:53:41.503832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:53:57.506693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:54:29.512805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/02 23:55:06.446316 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/02 23:55:06.446475 2.993586 tcp 10.0.2.109 50628 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:55:15.438821 0.000000 tcp 10.0.2.109 50628 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:55:21.448614 0.054699 tcp 10.0.2.109 50629 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:55:21.503570 0.055384 tcp 10.0.2.109 50630 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:55:21.559216 0.149817 tcp 10.0.2.109 50631 -> 195.113.214.211 443 SRPA* 0 0 41 34010 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:55:21.718733 3.003151 tcp 10.0.2.109 50632 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:55:30.720790 0.000000 tcp 10.0.2.109 50632 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:55:36.719851 0.052554 tcp 10.0.2.109 50633 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:55:36.772673 0.053399 tcp 10.0.2.109 50634 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:55:36.826448 0.150889 tcp 10.0.2.109 50635 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/02/02 23:55:37.005192 2.998757 tcp 10.0.2.109 50636 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:55:46.002766 0.000000 tcp 10.0.2.109 50636 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:55:52.001510 3.003910 tcp 10.0.2.109 50637 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/02 23:56:01.004440 0.000000 tcp 10.0.2.109 50637 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:00:33.519533 3.001021 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 00:00:40.525870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:00:48.527487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:01:04.530858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:01:07.858817 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:01:07.859016 2.953861 tcp 10.0.2.109 50638 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:01:16.745943 0.000000 tcp 10.0.2.109 50638 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:01:22.675820 0.053017 tcp 10.0.2.109 50639 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:01:22.729130 0.051605 tcp 10.0.2.109 50640 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:01:22.781035 0.150593 tcp 10.0.2.109 50641 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:01:23.055707 2.964419 tcp 10.0.2.109 50642 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:01:31.940869 0.000000 tcp 10.0.2.109 50642 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:01:37.025512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:01:37.863160 0.052355 tcp 10.0.2.109 50643 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:01:37.915823 0.054955 tcp 10.0.2.109 50644 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:01:37.971089 0.165402 tcp 10.0.2.109 50645 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:01:38.291121 2.970817 tcp 10.0.2.109 50646 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:01:47.185268 0.000000 tcp 10.0.2.109 50646 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:01:53.108741 2.972658 tcp 10.0.2.109 50647 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:02:01.959543 0.000000 tcp 10.0.2.109 50647 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:07:07.983676 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:07:07.983866 3.003420 tcp 10.0.2.109 50648 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:07:16.995799 0.000000 tcp 10.0.2.109 50648 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:07:22.986679 0.052782 tcp 10.0.2.109 50649 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:07:23.039764 0.059282 tcp 10.0.2.109 50650 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:07:23.099332 0.159842 tcp 10.0.2.109 50651 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:07:23.278701 3.000655 tcp 10.0.2.109 50652 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:07:32.277812 0.000000 tcp 10.0.2.109 50652 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:07:38.277569 0.053059 tcp 10.0.2.109 50653 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:07:38.330901 0.053607 tcp 10.0.2.109 50654 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:07:38.384759 0.149789 tcp 10.0.2.109 50655 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:07:38.545943 2.995485 tcp 10.0.2.109 50656 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:07:40.702714 3.001672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 00:07:47.539712 0.000000 tcp 10.0.2.109 50656 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:07:47.710250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:07:53.538831 3.003791 tcp 10.0.2.109 50657 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:07:55.711214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:08:02.541456 0.000000 tcp 10.0.2.109 50657 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:08:11.714627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:08:43.720476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:14:50.731552 3.001210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 00:14:57.738729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:15:05.740157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:15:21.746211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:15:53.749016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:19:42.027715 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:19:42.027818 0.000000 udp 10.0.2.109 3683 -> 86.139.168.58 1084 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:19:57.912133 0.052158 tcp 10.0.2.109 50658 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:19:57.964522 0.051790 tcp 10.0.2.109 50659 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:19:58.016614 0.156037 tcp 10.0.2.109 50660 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:19:58.173283 0.167052 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:58.473850 4.274052 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 14 4982 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:58.533853 4.287930 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 14 5781 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:58.840258 4.169208 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 14 5044 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:58.900069 4.429589 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 14 5498 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:59.068778 4.789095 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 14 5472 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:59.133625 4.824783 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 14 5377 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:59.252334 4.911220 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 14 5239 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:59.317601 4.831945 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 7 2354 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:59.498169 0.143435 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:59.637429 0.110138 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:59.693898 0.052683 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:59.913111 0.083110 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:19:59.977993 0.111931 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:00.051989 0.276195 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:00.290065 0.167416 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:00.434557 0.050562 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:00.562567 0.129605 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:00.652908 0.154995 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:00.825849 0.087986 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:00.897078 0.311786 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:01.208059 0.426266 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:01.733521 0.415742 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:02.130421 0.383283 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:03.326795 0.335562 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 8 2978 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:04.328964 0.187860 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 7 2822 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:04.509352 0.282643 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3164 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:04.784549 0.288271 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 8 3376 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:05.012434 0.112034 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 2863 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:05.186776 0.132276 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 8 3034 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:05.300293 0.263760 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 7 2429 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:05.534349 0.178259 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 8 2779 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:05.676854 0.308316 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 2973 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:05.962205 0.138386 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 8 2953 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:06.157201 0.192969 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 8 3072 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:06.310675 0.307754 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 8 2806 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:06.716552 0.140889 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 8 3067 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:06.842825 0.867765 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 3242 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:07.783517 0.623345 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 2957 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:08.428753 0.744524 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 8 3088 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:08.585679 2.996768 tcp 10.0.2.109 50661 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:20:09.156713 0.803761 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 8 3066 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:09.943319 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:20:16.356946 0.000000 udp 10.0.2.109 3683 -> 95.242.41.12 9745 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:20:17.578597 0.000000 tcp 10.0.2.109 50661 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 00:20:23.587384 0.052289 tcp 10.0.2.109 50662 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:20:23.640006 0.055217 tcp 10.0.2.109 50663 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:20:23.695522 0.153043 tcp 10.0.2.109 50664 -> 195.113.214.211 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:20:23.857467 0.752461 udp 10.0.2.109 3683 <-> 202.64.173.161 5000 CON 0 0 8 3052 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:20:23.898640 0.460246 tcp 10.0.2.109 50665 -> 176.73.169.112 1959 FSPA* 0 0 14 1517 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:20:24.675601 0.000000 udp 10.0.2.109 3683 -> 176.221.166.164 3056 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:20:33.600311 0.000000 udp 10.0.2.109 3683 -> 61.195.130.230 3327 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:20:40.591535 0.000000 udp 10.0.2.109 3683 -> 2.126.209.151 3129 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:20:48.913532 0.000000 udp 10.0.2.109 3683 -> 77.10.254.53 3056 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:20:54.070705 0.000000 udp 10.0.2.109 3683 -> 65.255.83.112 6599 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:00.430102 0.000000 udp 10.0.2.109 3683 -> 109.224.204.52 9767 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:07.810733 0.000000 udp 10.0.2.109 3683 -> 108.219.61.9 9906 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:12.507379 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:21:16.503323 0.000000 udp 10.0.2.109 3683 -> 68.225.87.81 6523 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:24.024292 0.000000 udp 10.0.2.109 3683 -> 113.161.162.136 7350 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:32.456155 0.000000 udp 10.0.2.109 3683 -> 78.14.195.188 7760 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:38.774711 0.000000 udp 10.0.2.109 3683 -> 74.38.168.28 5879 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:46.065468 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:52.675395 0.000000 udp 10.0.2.109 3683 -> 95.250.42.70 5104 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:57.501779 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:21:57.692645 0.000000 udp 10.0.2.109 3683 -> 79.78.244.35 4087 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:21:57.755501 3.001596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 00:22:04.761847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:22:05.183366 0.000000 udp 10.0.2.109 3683 -> 66.49.127.38 7089 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:22:10.630934 0.000000 udp 10.0.2.109 3683 -> 123.243.146.122 6529 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:22:12.768882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:22:16.519632 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:22:21.686373 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:22:26.944144 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:22:28.766950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:22:34.415451 0.000000 udp 10.0.2.109 3683 -> 81.107.0.17 7096 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:22:43.217869 0.000000 udp 10.0.2.109 3683 -> 95.89.46.153 7023 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:22:48.004480 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:22:49.826990 0.000000 udp 10.0.2.109 3683 -> 180.149.97.1 5414 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:22:57.688277 0.000000 udp 10.0.2.109 3683 -> 82.189.216.74 5286 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:23:00.773088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:23:04.668747 0.000000 udp 10.0.2.109 3683 -> 90.213.66.3 1770 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:23:13.311136 0.000000 udp 10.0.2.109 3683 -> 94.0.230.93 7954 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:23:21.493330 0.624587 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 8 3215 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:23:22.193201 0.000000 udp 10.0.2.109 3683 -> 217.91.147.140 8231 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:23:31.136428 0.000000 udp 10.0.2.109 3683 -> 90.217.177.223 7107 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:23:36.003655 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:23:37.105625 0.000000 udp 10.0.2.109 3683 -> 88.242.135.3 7337 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:23:43.244416 0.000000 udp 10.0.2.109 3683 -> 178.191.185.9 4752 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:23:49.433060 0.287667 udp 10.0.2.109 3683 <-> 82.57.5.159 9110 CON 0 0 8 3109 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:23:49.896672 0.000000 udp 10.0.2.109 3683 -> 109.220.168.62 1798 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:23:57.514989 0.000000 udp 10.0.2.109 3683 -> 165.166.218.89 6611 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:24:03.656198 0.000000 udp 10.0.2.109 3683 -> 91.13.94.67 1814 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:24:09.742380 0.000000 udp 10.0.2.109 3683 -> 41.182.192.38 8739 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:24:18.003858 0.000000 udp 10.0.2.109 3683 -> 95.240.184.129 2287 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:24:23.011573 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:24:23.562046 0.000000 udp 10.0.2.109 3683 -> 190.3.86.143 9751 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:24:28.579595 0.703124 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3183 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:24:29.562014 0.100476 udp 10.0.2.109 3683 <-> 84.130.208.29 8279 CON 0 0 8 3274 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:24:29.750577 0.410019 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 8 3110 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:24:30.266877 0.000000 udp 10.0.2.109 3683 -> 80.183.28.239 1024 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:24:38.213156 0.211952 udp 10.0.2.109 3683 <-> 5.245.82.24 5195 CON 0 0 8 3050 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:24:38.811874 0.000000 udp 10.0.2.109 3683 -> 85.189.141.67 2894 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:24:46.054584 0.000000 udp 10.0.2.109 3683 -> 181.25.228.12 4258 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:24:53.685598 0.000000 udp 10.0.2.109 3683 -> 2.50.4.76 6505 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:01.967502 0.199499 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 8 2917 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:25:02.185736 0.000000 udp 10.0.2.109 3683 -> 186.6.54.226 2209 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:09.418039 0.000000 udp 10.0.2.109 3683 -> 79.29.222.51 2653 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:14.008072 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:25:14.777090 0.000000 udp 10.0.2.109 3683 -> 97.68.87.33 2033 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:21.815974 0.000000 udp 10.0.2.109 3683 -> 81.208.40.125 3900 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:29.527239 0.000000 udp 10.0.2.109 3683 -> 81.111.70.4 6601 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:34.534158 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9986 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:39.821486 0.000000 udp 10.0.2.109 3683 -> 80.153.161.180 5887 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:46.201142 0.000000 udp 10.0.2.109 3683 -> 87.24.4.46 8263 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:54.242814 0.000000 udp 10.0.2.109 3683 -> 79.49.240.197 8149 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:25:59.009099 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:25:59.940975 0.000000 udp 10.0.2.109 3683 -> 84.120.162.93 6999 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:26:06.109566 0.000000 udp 10.0.2.109 3683 -> 94.175.43.209 1447 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:26:12.810902 0.000000 udp 10.0.2.109 3683 -> 79.98.161.54 8177 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:26:20.360258 0.000000 udp 10.0.2.109 3683 -> 195.91.157.11 1954 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:26:26.841683 0.000000 udp 10.0.2.109 3683 -> 31.53.214.225 5751 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:29:04.780231 3.000596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 00:29:11.786035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:29:19.788264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:29:35.790818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:30:07.796696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:36:11.804019 3.000847 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 00:36:18.810404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:36:26.811763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:36:42.814702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:37:14.820893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:43:18.826635 3.001907 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 00:43:25.834789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:43:33.835593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:43:49.838919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:44:21.844826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:50:24.366700 0.026523 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:50:24.393409 0.542451 tcp 10.0.2.109 50666 -> 176.73.169.112 1959 FSPA* 0 0 15 1557 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:50:25.861764 2.991052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 00:50:32.858567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:50:40.859964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:50:56.863049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:51:28.869205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:56:37.152821 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 00:56:37.153022 0.090090 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:37.215352 0.032163 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:37.360096 0.078764 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:37.420118 0.101321 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:37.486389 0.072129 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2502 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:37.539719 0.174209 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:37.710735 0.177890 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:37.898457 0.113338 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:37.981110 0.080846 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.045993 0.193248 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.230889 0.144126 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.371582 0.115581 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.447924 0.133457 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.542146 0.168461 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.685948 0.051282 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.748252 0.088882 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.817867 0.089638 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.890981 0.051172 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:38.947930 0.132183 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:39.040450 0.156001 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:39.197897 0.443170 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:39.642460 0.309820 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:39.950501 0.343136 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:40.275602 0.383963 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:40.641841 0.000000 udp 10.0.2.109 3683 -> 202.64.173.161 5000 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:56:58.114814 0.052463 tcp 10.0.2.109 50667 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:56:58.167583 0.055965 tcp 10.0.2.109 50668 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:56:58.223844 0.148649 tcp 10.0.2.109 50669 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:56:58.373492 0.317602 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 1921 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:58.700886 0.155534 udp 10.0.2.109 3683 <-> 82.57.5.159 9110 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:58.802694 0.051293 udp 10.0.2.109 3683 <-> 84.130.208.29 8279 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:58.850535 0.353803 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:59.200355 0.164921 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:56:59.360718 0.000000 udp 10.0.2.109 3683 -> 5.245.82.24 5195 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 00:57:18.222272 0.055073 tcp 10.0.2.109 50670 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:57:18.277651 0.054479 tcp 10.0.2.109 50671 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:57:18.332504 0.151151 tcp 10.0.2.109 50672 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 00:57:18.484225 0.117634 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/03 00:57:32.875202 3.000837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 00:57:39.882019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:57:47.883820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:58:03.888341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 00:58:35.892895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:04:58.905898 3.001780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 01:05:05.913513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:05:13.915134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:05:29.918416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:06:01.924220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:12:13.931849 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 01:12:20.939076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:12:28.940600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:12:44.943583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:13:16.949590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:19:20.956419 3.000877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 01:19:27.966615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:19:35.968511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:19:51.967448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:20:24.230968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:20:25.975201 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 01:20:25.975291 0.562436 tcp 10.0.2.109 50673 -> 176.73.169.112 1959 FSPA* 0 0 14 1601 flow=From-Botnet-V1-TCP-Established 1970/02/03 01:26:27.999657 3.018830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 01:26:35.017068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:26:43.018503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:26:59.021520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:27:24.237986 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 01:27:24.238149 0.383674 udp 10.0.2.109 3683 <-> 202.64.173.161 5000 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:24.592368 0.000000 udp 10.0.2.109 3683 -> 5.245.82.24 5195 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 01:27:31.027656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:27:40.462888 0.054438 tcp 10.0.2.109 50674 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 01:27:40.517575 0.056202 tcp 10.0.2.109 50675 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 01:27:40.574119 0.148903 tcp 10.0.2.109 50676 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 01:27:40.723250 0.066529 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:40.772072 0.077654 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:40.886492 0.032129 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:40.917439 0.089381 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:41.003138 0.099871 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:41.070614 0.112492 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:41.140812 0.082321 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:41.279660 0.192278 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:41.464455 0.147969 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:41.604045 0.172629 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:41.778780 0.173910 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:41.949034 0.123497 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:42.033135 0.089325 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:42.103895 0.091321 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:42.176846 0.050875 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:42.302673 0.129633 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:42.395167 0.153856 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2566 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:42.571272 0.120690 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:42.651076 0.053872 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:42.746856 0.167235 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:42.890032 0.454404 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:43.392523 0.310188 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:43.727201 0.351757 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:44.062917 0.394701 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:44.438728 0.045701 rtp 10.0.2.109 3683 <-> 84.130.208.29 8279 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:44.550519 0.353296 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:44.900025 0.164405 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:45.059369 0.171343 udp 10.0.2.109 3683 <-> 82.57.5.159 9110 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:45.180259 0.313046 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:27:45.492563 0.113729 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:33:35.033784 3.013562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 01:33:42.050968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:33:50.052211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:34:06.055740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:34:38.061644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:40:42.071395 2.999837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 01:40:49.074959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:40:57.079187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:41:13.079273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:41:45.085322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:47:49.091924 3.001221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 01:47:56.099081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:48:04.099918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:48:20.103699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:48:52.109489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:50:25.494334 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 01:50:25.494424 0.524836 tcp 10.0.2.109 50677 -> 176.73.169.112 1959 FSPA* 0 0 14 1744 flow=From-Botnet-V1-TCP-Established 1970/02/03 01:55:32.117486 3.001640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 01:55:39.124671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:55:47.126103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:56:03.129201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:56:35.135154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 01:57:50.353574 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 01:57:50.353721 0.000000 udp 10.0.2.109 3683 -> 202.64.173.161 5000 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 01:58:09.082667 0.052377 tcp 10.0.2.109 50678 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 01:58:09.135326 0.053362 tcp 10.0.2.109 50679 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 01:58:09.188977 0.150502 tcp 10.0.2.109 50680 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 01:58:09.340014 0.032219 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:09.492972 0.089226 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:09.558454 0.101032 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:09.630320 0.069920 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:09.683541 0.078048 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:09.839788 0.117793 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:10.066777 0.078145 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:10.128584 0.189494 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:10.310712 0.147254 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:10.514659 0.166834 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:10.805185 0.245835 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:11.047204 0.113788 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:11.122775 0.088204 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:11.232785 0.091192 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:11.309050 0.051093 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:11.373120 0.129940 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:11.463801 0.153507 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:11.619183 0.272184 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:11.849893 0.053058 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:11.908573 0.169114 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:12.054398 0.339304 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:12.395973 0.393510 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:12.865470 0.308408 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:13.175352 0.386074 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:13.544698 0.052071 udp 10.0.2.109 3683 <-> 84.130.208.29 8279 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:13.603162 0.354201 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:13.953568 0.163096 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:14.111631 0.106459 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:14.183888 0.168334 udp 10.0.2.109 3683 <-> 82.57.5.159 9110 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/03 01:58:14.300448 0.310782 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:02:44.148945 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 02:02:51.155832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:02:59.157359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:03:15.160236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:03:47.166302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:09:51.172776 3.001543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 02:09:58.179955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:10:06.181218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:10:22.184623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:10:54.190811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:16:58.198178 3.002477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 02:17:05.236388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:17:13.215396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:17:29.218605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:18:01.224148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:20:26.022859 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 02:20:26.022965 0.600999 tcp 10.0.2.109 50681 -> 176.73.169.112 1959 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:24:05.230132 3.002082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 02:24:12.238964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:24:20.239323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:24:36.242202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:25:08.251697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:28:17.641040 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 02:28:17.641152 0.000000 udp 10.0.2.109 3683 -> 202.64.173.161 5000 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 02:28:34.246015 0.053144 tcp 10.0.2.109 50682 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:28:34.299464 0.053007 tcp 10.0.2.109 50683 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:28:34.352918 0.146714 tcp 10.0.2.109 50684 -> 195.113.214.211 443 SRPA* 0 0 46 33430 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:28:34.500250 0.032185 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:34.531273 0.187988 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:34.693475 0.104529 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:34.765212 0.068582 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:34.835330 0.076118 rtp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:34.895047 0.117685 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:35.020032 0.109145 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:35.111874 0.189817 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:35.293357 0.169154 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:35.457586 0.169250 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:35.625004 0.172110 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:35.793399 0.112702 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:35.868642 0.090859 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:35.940460 0.091159 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:36.015389 0.050871 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:36.075673 0.128432 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:36.164965 0.154266 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:36.320869 0.168964 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:36.467177 0.350401 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:36.839501 0.346877 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:37.185351 0.119998 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:37.264593 0.053320 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:37.331193 0.308050 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:37.637872 0.383458 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:38.002451 0.045679 udp 10.0.2.109 3683 <-> 84.130.208.29 8279 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:39.070867 0.354405 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:39.421718 0.162841 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:39.579516 0.150711 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:28:39.694602 0.000000 udp 10.0.2.109 3683 -> 82.57.5.159 9110 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 02:28:55.165020 0.106539 tcp 10.0.2.109 50685 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:28:55.271819 0.053548 tcp 10.0.2.109 50686 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:28:55.325686 0.153467 tcp 10.0.2.109 50687 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:28:55.479828 0.302775 rtp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:31:12.254754 3.001211 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 02:31:19.261943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:31:27.263262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:31:43.266360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:32:15.272478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:38:19.279154 3.000725 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 02:38:26.285596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:38:34.287184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:38:50.290123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:39:22.296108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:45:26.301681 3.002143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 02:45:33.309848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:45:41.311234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:45:57.317064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:46:29.320075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:50:26.631874 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 02:50:26.631979 0.599167 tcp 10.0.2.109 50688 -> 176.73.169.112 1959 FSPA* 0 0 15 1745 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:54:21.332139 3.001294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 02:54:28.338990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:54:36.340330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:54:52.343444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:55:24.349394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 02:59:13.259339 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 02:59:13.259494 0.000000 udp 10.0.2.109 3683 -> 82.57.5.159 9110 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 02:59:31.086672 0.053734 tcp 10.0.2.109 50689 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:59:31.140749 0.066926 tcp 10.0.2.109 50690 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:59:31.208048 0.141937 tcp 10.0.2.109 50691 -> 195.113.214.211 443 SRPA* 0 0 61 38986 flow=From-Botnet-V1-TCP-Established 1970/02/03 02:59:31.350684 0.102136 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:31.415946 0.068493 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:31.466190 0.079220 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:31.525327 0.111094 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:31.650260 0.033584 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:31.682667 0.512007 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:32.167734 0.191875 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:32.351910 0.147070 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:32.491097 0.173585 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:32.666333 0.094421 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:32.741725 0.108727 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:32.814898 0.089694 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:32.881656 0.090681 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:32.955522 0.050769 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:33.459172 0.175545 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:33.632102 0.400367 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:34.014955 0.156392 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:34.181172 0.134079 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:34.272558 0.167067 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:34.417090 0.120706 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:34.498159 0.051828 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:34.551253 0.310087 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:34.876121 0.383116 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:35.241345 0.340055 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:35.659645 0.048905 udp 10.0.2.109 3683 <-> 84.130.208.29 8279 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:35.704560 0.163342 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:35.950636 0.353266 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:36.326520 0.114079 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/03 02:59:36.407968 0.308036 rtp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:01:50.367466 3.002005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 03:01:57.375249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:02:05.376387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:02:21.379189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:02:53.384909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:09:03.399978 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 03:09:10.407352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:09:18.408850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:09:34.411530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:10:06.418046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:16:14.431314 2.999662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 03:16:21.444063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:16:29.438834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:16:45.441394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:17:17.447431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:20:27.230942 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 03:20:27.231099 0.591674 tcp 10.0.2.109 50692 -> 176.73.169.112 1959 FSPA* 0 0 15 1773 flow=From-Botnet-V1-TCP-Established 1970/02/03 03:23:21.453928 3.001232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 03:23:28.460961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:23:36.462456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:23:52.465388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:24:24.471559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:29:38.082858 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 03:29:38.082986 0.076545 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:38.142036 0.112841 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:38.203606 0.032425 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:38.278097 0.100933 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:38.365608 0.067176 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:38.417290 0.092975 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:38.484314 0.192756 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:38.668877 0.345802 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:38.866269 0.112261 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:38.939757 0.088440 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:39.007499 0.089330 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2026 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:39.083466 0.051797 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:39.187859 0.166742 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:39.604382 0.086670 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:39.673547 0.175635 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:39.845877 0.134834 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:39.937327 0.165767 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:40.081356 0.291138 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:40.335340 0.053660 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:40.408197 0.374296 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:40.764540 0.155232 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:40.921120 0.309506 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:41.232304 0.380893 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2024 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:41.598365 0.342230 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:41.941912 0.000000 udp 10.0.2.109 3683 -> 84.130.208.29 8279 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 03:29:58.503492 0.136894 tcp 10.0.2.109 50693 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 03:29:58.640619 0.052713 tcp 10.0.2.109 50694 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 03:29:58.693612 0.146665 tcp 10.0.2.109 50695 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 03:29:58.840947 0.120564 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:58.927397 0.162460 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:59.231537 0.349413 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:29:59.577447 0.314872 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/03 03:30:28.477480 3.001671 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 03:30:35.485016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:30:43.486158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:30:59.489032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:31:31.495583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:37:35.503609 2.999505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 03:37:42.508827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:37:50.510064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:38:06.513065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:38:38.519288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:44:42.525203 3.001544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 03:44:49.532942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:44:57.534432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:45:13.537118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:45:45.553084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:50:27.829594 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 03:50:27.829712 0.601410 tcp 10.0.2.109 50696 -> 176.73.169.112 1959 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/02/03 03:53:59.565653 3.002228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 03:54:06.573614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:54:14.575186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:54:30.578192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 03:55:02.584431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:00:26.409873 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 04:00:26.410055 0.000000 udp 10.0.2.109 3683 -> 84.130.208.29 8279 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 04:00:42.404814 0.053723 tcp 10.0.2.109 50697 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 04:00:42.458880 0.053659 tcp 10.0.2.109 50698 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 04:00:42.512924 0.156252 tcp 10.0.2.109 50699 -> 195.113.214.211 443 SRPA* 0 0 42 23046 flow=From-Botnet-V1-TCP-Established 1970/02/03 04:00:42.669481 0.114908 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:42.726987 0.032060 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:42.780517 0.099947 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:42.848015 0.069818 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:42.966288 0.083927 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:43.025239 0.188535 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:43.205916 0.147489 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:43.345218 0.111688 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:43.419355 0.089439 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 5 1799 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:43.490714 0.096938 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:43.573991 0.077235 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:43.633190 0.082654 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:43.779922 0.176027 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:43.953437 0.131864 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:44.044046 0.166393 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:44.237024 0.050938 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:44.385233 0.340628 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:44.707721 0.155989 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:44.883721 0.166252 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:45.024272 0.125923 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:45.112607 0.053117 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:45.203646 0.340366 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:45.603210 0.392127 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:45.977335 0.313744 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:46.334712 0.113556 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:46.414730 0.302639 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:46.746865 0.163040 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:00:46.905088 0.354196 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:01:06.590032 3.001689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 04:01:13.597571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:01:21.598912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:01:37.601947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:02:09.608365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:08:28.616736 3.000467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 04:08:35.623283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:08:43.624500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:08:59.627489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:09:31.633617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:15:35.639678 3.001491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 04:15:42.647210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:15:50.648691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:16:06.651532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:16:38.658239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:20:28.438275 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 04:20:28.438463 0.448586 tcp 10.0.2.109 50700 -> 176.73.169.112 1959 FSPA* 0 0 14 1554 flow=From-Botnet-V1-TCP-Established 1970/02/03 04:22:42.663678 3.000934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 04:22:49.670389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:22:57.672339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:23:13.675514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:23:45.683543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:29:49.686861 3.002299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 04:29:56.694618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:30:04.696003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:30:20.699507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:30:52.705690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:31:06.486790 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 04:31:06.486884 0.105291 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:06.557061 0.111761 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:06.640991 0.034188 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:06.789581 0.065407 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:06.902922 0.086826 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:06.982836 0.193516 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:07.169019 0.147008 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:07.308244 0.114331 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:07.384132 0.085823 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:07.505392 0.089954 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:07.577628 0.078428 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:07.637076 0.081794 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:07.739474 0.174471 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:07.911405 0.127188 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:08.018982 0.170837 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:08.210962 0.050814 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:08.334784 0.337062 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:08.716897 0.157645 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:08.874028 0.167897 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:09.018972 0.115053 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:09.224561 0.052728 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:09.470834 0.347977 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:09.845093 0.146268 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:09.960008 0.313117 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:10.290953 0.164620 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:10.449446 0.380973 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:10.814350 0.330768 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:31:11.146621 0.353051 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/03 04:36:56.712741 3.000044 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 04:37:03.718975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:37:11.720845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:37:27.726975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:37:59.729760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:44:03.735314 3.001979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 04:44:10.743095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:44:18.744830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:44:34.747352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:45:06.753178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:50:28.886926 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 04:50:28.887017 0.528286 tcp 10.0.2.109 50701 -> 176.73.169.112 1959 FSPA* 0 0 14 1501 flow=From-Botnet-V1-TCP-Established 1970/02/03 04:53:31.762965 3.000834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 04:53:38.769527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:53:46.771216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:54:02.774692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 04:54:34.780448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:00:38.786646 3.000999 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 05:00:45.793316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:00:53.795130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:01:09.798198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:01:21.525061 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 05:01:21.525250 0.034332 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:21.583228 0.067977 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:21.632910 0.083855 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:21.759736 0.102257 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:21.825371 0.111374 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:21.944333 0.187610 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:22.124032 0.153800 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:22.270532 0.116205 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:22.354394 0.091912 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:22.425836 0.091678 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:22.500667 0.079531 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:22.564205 0.078793 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:22.628282 0.173456 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:22.799019 0.128383 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:22.890291 0.183923 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:23.073375 0.050972 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:23.194983 0.372474 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:23.550904 0.157277 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:23.724928 0.166785 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:23.867395 0.348167 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:24.234945 0.109964 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:24.309416 0.122393 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:24.470412 0.052461 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:24.535874 0.304016 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:24.839064 0.164715 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:24.998513 0.381228 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:25.359855 0.329935 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:25.688494 0.358716 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:01:41.804211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:07:45.810414 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 05:07:52.817545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:08:00.818901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:08:16.822101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:08:48.827999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:14:54.837187 3.005827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 05:15:01.844472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:15:09.845387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:15:25.849117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:15:57.854843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:20:29.415708 0.000196 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 05:20:29.415995 0.466054 tcp 10.0.2.109 50702 -> 176.73.169.112 1959 FSPA* 0 0 14 1750 flow=From-Botnet-V1-TCP-Established 1970/02/03 05:22:01.861643 3.000961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 05:22:08.868768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:22:16.869947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:22:32.872883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:23:04.878862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:29:08.884948 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 05:29:15.892632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:29:23.894168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:29:39.896558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:30:11.902466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:31:46.320426 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 05:31:46.320623 0.031927 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:46.351262 0.069911 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:46.419394 0.085751 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:46.567053 0.102154 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:46.634143 0.123439 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:46.757945 0.191039 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:46.942279 0.152251 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:47.090271 0.113526 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:47.187916 0.089730 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:47.261111 0.088921 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:47.396391 0.080482 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2562 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:47.458363 0.081944 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:47.684306 0.173255 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:47.854085 0.132680 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:47.944699 0.171176 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:48.115114 0.050736 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:48.193355 0.372676 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:48.548129 0.155997 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:48.717880 0.166267 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:48.860329 0.340846 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:49.300688 0.115029 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:49.381297 0.114113 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:49.459810 0.051083 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:49.538571 0.301836 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:49.841520 0.163307 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:49.999378 0.365547 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:50.361134 0.383036 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:31:50.725684 0.309485 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/03 05:36:15.909678 3.000773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 05:36:22.915994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:36:30.917788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:36:46.920886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:37:18.926706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:43:22.933808 3.010612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 05:43:29.950599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:43:37.951713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:43:53.954442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:44:25.960836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:50:29.883941 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 05:50:29.884090 0.407996 tcp 10.0.2.109 50703 -> 176.73.169.112 1959 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/02/03 05:50:29.966663 3.001999 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 05:50:36.975729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:50:44.976012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:51:00.978753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:51:32.984683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:57:36.991446 3.001063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 05:57:43.998372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:57:51.999785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:58:08.003156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 05:58:40.009177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:02:07.477424 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 06:02:07.477542 0.301437 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:07.754170 0.102617 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:07.821661 0.114501 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2016 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:07.951121 0.197913 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:08.141716 0.154673 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:08.288460 0.033829 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:08.326478 0.066238 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:08.376070 0.113605 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:08.451660 0.085509 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:08.518319 0.091403 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:08.683137 0.075466 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:08.741656 0.082319 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:08.806427 0.267935 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:09.071322 0.130472 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:09.163253 0.166647 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:09.338932 0.050822 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:09.391186 0.366265 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:09.740000 0.158550 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:09.894387 0.165471 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:10.037340 0.339405 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:10.376505 0.120281 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:10.464535 0.127263 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:10.600260 0.059724 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:10.662628 0.307525 udp 10.0.2.109 3683 <-> 118.9.46.26 3402 CON 0 0 6 1915 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:10.970902 0.164372 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:11.128943 0.309994 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:11.457087 0.365323 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:02:11.819047 0.391481 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:05:01.029279 3.001575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 06:05:08.036427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:05:16.038356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:05:32.041292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:06:04.047191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:12:19.058868 3.006271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 06:12:26.066519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:12:34.067876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:12:50.070993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:13:22.077074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:19:26.083649 3.023660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 06:19:33.100552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:19:41.101871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:19:57.104949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:20:29.110921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:20:30.293178 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 06:20:30.293287 0.557057 tcp 10.0.2.109 50704 -> 176.73.169.112 1959 FSPA* 0 0 15 1790 flow=From-Botnet-V1-TCP-Established 1970/02/03 06:26:33.116933 3.001855 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 06:26:40.124124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:26:48.125710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:27:04.128926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:27:36.135153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:32:23.578367 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 06:32:23.578477 0.118480 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:23.639106 0.197696 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:23.829200 0.091144 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:23.943423 0.107778 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:24.017675 0.153609 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:24.163654 0.034157 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:24.239320 0.066347 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:24.287844 0.113022 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:24.502773 0.089698 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:24.573077 0.087632 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:24.648741 0.186044 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:24.817797 0.078832 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:24.880733 0.175209 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:25.053505 0.131191 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:25.143235 0.169008 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:25.904447 0.051333 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:26.128015 0.342272 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:26.542325 0.160990 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:26.755135 0.166502 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:26.899984 0.431394 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:27.330034 0.114150 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:27.439143 0.122480 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:27.522265 0.052351 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:27.601462 0.000000 udp 10.0.2.109 3683 -> 118.9.46.26 3402 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 06:32:44.510933 0.059588 tcp 10.0.2.109 50705 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 06:32:44.570771 0.053553 tcp 10.0.2.109 50706 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 06:32:44.624619 0.190974 tcp 10.0.2.109 50707 -> 195.113.214.211 443 SRPA* 0 0 37 27233 flow=From-Botnet-V1-TCP-Established 1970/02/03 06:32:44.816170 0.372547 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:45.184884 0.162949 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:45.341712 0.311217 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:32:45.673026 0.383974 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/03 06:33:40.141059 3.001683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 06:33:47.148572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:33:55.149658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:34:11.153044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:34:43.158825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:40:47.168063 2.998615 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 06:40:54.172527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:41:02.175495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:41:18.182701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:41:50.182970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:47:54.189370 3.001280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 06:48:01.196251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:48:09.197671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:48:25.200998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:48:57.206957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:50:30.851269 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 06:50:30.851359 0.475425 tcp 10.0.2.109 50708 -> 176.73.169.112 1959 FSPA* 0 0 15 1779 flow=From-Botnet-V1-TCP-Established 1970/02/03 06:55:33.219013 3.001693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 06:55:40.226578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:55:48.227603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:56:04.230888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 06:56:36.236793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:02:42.246791 3.000467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 07:02:49.253030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:02:57.254562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:03:11.154923 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 07:03:11.155012 0.000000 udp 10.0.2.109 3683 -> 118.9.46.26 3402 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 07:03:13.257441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:03:27.229802 0.057763 tcp 10.0.2.109 50709 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 07:03:27.287835 0.052275 tcp 10.0.2.109 50710 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 07:03:27.340387 0.161152 tcp 10.0.2.109 50711 -> 195.113.214.211 443 SRPA* 0 0 41 22612 flow=From-Botnet-V1-TCP-Established 1970/02/03 07:03:27.502218 0.087802 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:27.561222 0.110301 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2648 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:27.632962 0.118173 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:27.735264 0.188983 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:27.916722 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 07:03:45.263463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:03:46.225633 0.053393 tcp 10.0.2.109 50712 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 07:03:46.279316 0.062405 tcp 10.0.2.109 50713 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 07:03:46.342027 0.159321 tcp 10.0.2.109 50714 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 07:03:46.501842 0.069385 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2575 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:46.555081 0.113882 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:46.633492 0.161749 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:46.787611 0.090344 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:46.861965 0.078802 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:46.920328 0.082560 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:47.011515 0.173181 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:47.180191 0.088228 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:47.251893 0.050765 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:47.304010 0.167317 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:47.485097 0.126965 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:47.574024 0.380482 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:47.936613 0.158092 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:48.097112 0.166601 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:48.240359 0.637606 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:48.837552 0.053511 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:48.892463 0.108275 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:48.966645 0.432893 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:49.406196 0.311196 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:49.736908 0.383060 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:50.103051 0.379204 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:03:50.478790 0.164804 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:09:49.270116 3.001320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 07:09:56.277079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:10:04.278522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:10:20.281366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:10:52.287587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:16:56.294150 3.001098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 07:17:03.301033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:17:11.302611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:17:27.305491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:17:59.312791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:20:31.330407 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 07:20:31.330589 0.412962 tcp 10.0.2.109 50715 -> 176.73.169.112 1959 FSPA* 0 0 15 1604 flow=From-Botnet-V1-TCP-Established 1970/02/03 07:24:03.317630 3.001723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 07:24:10.325161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:24:18.326730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:24:34.332961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:25:06.335656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:31:10.341714 3.001480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 07:31:17.349021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:31:25.350716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:31:41.353676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:32:13.359641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:34:06.963251 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 07:34:06.963444 0.032175 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:06.994550 0.102718 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.059336 0.114720 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.157083 0.193565 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.343238 0.091258 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.404870 0.154674 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.552280 0.105804 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.640286 0.068360 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.698546 0.113941 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.773188 0.076409 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.832793 0.083578 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:07.898297 0.172085 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:08.065432 0.094998 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:08.142953 0.051125 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:08.195318 0.176017 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:08.381358 0.127736 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:08.468686 0.366754 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:08.842053 0.157774 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:09.000898 0.052811 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:09.055290 0.113250 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:09.133788 0.167600 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:09.279589 0.113598 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:09.353831 0.442447 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:09.816592 0.309124 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:10.144511 0.391921 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:10.518918 0.436923 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:34:10.952052 0.164030 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/03 07:38:17.366038 3.015976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 07:38:24.382735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:38:32.384767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:38:48.387577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:39:20.393755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:45:24.399270 3.001827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 07:45:31.406732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:45:39.408372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:45:55.411441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:46:27.417272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:50:31.749300 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 07:50:31.749480 0.483075 tcp 10.0.2.109 50716 -> 176.73.169.112 1959 FSPA* 0 0 14 1627 flow=From-Botnet-V1-TCP-Established 1970/02/03 07:54:19.429150 3.001300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 07:54:26.437369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:54:34.437670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:54:50.440912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 07:55:22.446828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:01:48.464817 3.001444 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 08:01:55.471831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:02:03.473375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:02:19.476430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:02:51.482181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:04:27.320849 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 08:04:27.321047 0.031643 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:27.355112 0.102437 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:27.423069 0.114144 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:27.479311 0.187398 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:27.659621 0.096207 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:27.729743 0.150109 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:27.870220 0.333826 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:28.190138 0.065611 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:28.240460 0.115375 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:28.319506 0.075071 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:28.378524 0.083558 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:28.443624 0.174494 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:28.615467 0.092146 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:28.687569 0.051333 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:28.752760 0.174106 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:28.925934 0.123543 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:29.012893 0.382741 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:29.374728 0.157856 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:29.534170 0.051464 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:29.587465 0.531254 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:30.083872 0.170603 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:30.231778 0.376904 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:30.569292 0.438715 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:31.009199 0.310989 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:31.321355 0.392718 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:31.695425 0.351902 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 1985 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:04:32.043819 0.179396 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:09:01.498555 3.000081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 08:09:08.504521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:09:16.506017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:09:32.508744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:10:04.515008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:16:13.528413 3.001266 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 08:16:20.538722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:16:28.536989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:16:44.540878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:17:16.545882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:20:32.238205 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 08:20:32.238328 0.492557 tcp 10.0.2.109 50717 -> 176.73.169.112 1959 FSPA* 0 0 14 1728 flow=From-Botnet-V1-TCP-Established 1970/02/03 08:23:23.556702 3.001178 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 08:23:30.563671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:23:38.565227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:23:54.568164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:24:26.574383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:30:30.580713 3.001198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 08:30:37.587696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:30:45.589218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:31:01.592247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:31:33.598427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:34:43.962615 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 08:34:43.962709 0.112620 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.090732 0.031948 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.121372 0.107256 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.190950 0.191329 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.374278 0.095546 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.444207 0.148027 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.584586 0.094190 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.663015 0.067759 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.714332 0.110951 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.786916 0.078784 rtp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.846518 0.082853 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:44.910487 0.175050 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:45.083099 0.090221 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:45.153426 0.050625 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 1957 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:45.216175 0.171730 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:45.387214 0.130557 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:45.476855 0.337482 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:45.794434 0.158319 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:45.948594 0.052848 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:46.003179 0.112359 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:46.079356 0.167871 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:46.222633 0.110164 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:46.297087 0.389674 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:46.667733 0.369878 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:47.033378 0.166214 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:47.191555 0.436684 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:34:47.628546 0.310487 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/03 08:37:37.604807 3.001082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 08:37:44.611701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:37:52.613303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:38:08.621605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:38:40.622249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:44:44.628410 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 08:44:51.635287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:44:59.637247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:45:15.640187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:45:47.646601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:50:32.736332 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 08:50:32.736489 0.535547 tcp 10.0.2.109 50718 -> 176.73.169.112 1959 FSPA* 0 0 14 1721 flow=From-Botnet-V1-TCP-Established 1970/02/03 08:53:59.659438 2.998883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 08:54:06.663899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:54:14.665046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:54:30.668122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 08:55:02.673662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:01:09.684986 3.001095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 09:01:16.691877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:01:24.693341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:01:40.696507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:02:12.702507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:04:54.405219 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 09:04:54.405446 0.105980 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:54.461076 0.033635 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:54.493456 0.104149 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:54.570561 0.187354 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:54.749900 0.085535 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:54.810004 0.145481 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:54.949779 0.094991 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.026668 0.070667 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.079989 0.116156 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.155616 0.076846 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.215607 0.086587 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.283979 0.174002 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.452078 0.088593 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.522808 0.050601 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.574998 0.168468 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.739700 0.127915 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:55.829213 0.412501 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:56.223171 0.157502 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:56.381998 0.052604 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:56.435984 0.107715 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:56.531928 0.166474 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:56.677193 0.638439 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:57.281066 0.395070 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:57.655095 0.442223 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:58.107619 0.353619 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:58.457451 0.162803 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:04:58.615027 0.309574 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:08:32.711473 3.001121 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 09:08:39.719244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:08:47.720627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:09:03.723330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:09:35.729746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:15:39.736422 3.000794 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 09:15:46.742973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:15:54.744381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:16:10.747389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:16:42.759701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:20:33.275278 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 09:20:33.275457 0.467173 tcp 10.0.2.109 50719 -> 176.73.169.112 1959 FSPA* 0 0 15 1569 flow=From-Botnet-V1-TCP-Established 1970/02/03 09:22:46.760099 3.000945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 09:22:53.766890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:23:01.768431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:23:17.771342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:23:49.777405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:29:53.783823 3.000646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 09:30:00.791064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:30:08.792506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:30:24.795419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:30:56.801463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:35:04.357733 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 09:35:04.357871 0.106635 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:04.414728 0.034540 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:04.464527 0.103850 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:04.534986 0.194589 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:04.722361 0.082025 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:04.780390 0.147507 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:04.919813 0.090021 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:04.994907 0.071939 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:05.049335 0.112596 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:05.124777 0.080435 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2644 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:05.186840 0.083520 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:05.288112 0.177002 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:05.461813 0.083769 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:05.526574 0.050989 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:05.592339 0.168253 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:05.818748 0.124571 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:05.938962 0.349546 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 1968 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:06.271088 0.157159 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:06.434779 0.052389 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:06.521999 0.115946 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:06.603090 0.382865 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2576 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:06.968158 0.169292 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:07.114606 0.690807 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:07.766810 0.164426 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:07.925883 0.310621 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:08.242640 0.435068 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:35:08.678919 0.354726 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/03 09:37:00.808445 3.000827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 09:37:07.814762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:37:15.816502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:37:31.819330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:38:03.825411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:44:07.832380 3.000760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 09:44:14.838904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:44:22.840669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:44:38.843295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:45:10.849296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:50:33.743738 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 09:50:33.743979 0.530616 tcp 10.0.2.109 50720 -> 176.73.169.112 1959 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/02/03 09:53:35.858053 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 09:53:42.865345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:53:50.866703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:54:06.869794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 09:54:38.876683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:00:42.881789 3.001780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 10:00:49.889486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:00:57.890941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:01:13.894528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:01:45.899842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:05:32.656388 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 10:05:32.656581 0.103305 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:32.722794 0.188778 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:32.903552 0.095099 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:32.987901 0.147516 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.127568 0.114765 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.185529 0.034001 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.218336 0.091378 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.294619 0.071807 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.365070 0.112946 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.437749 0.077971 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.500221 0.084687 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.568519 0.241459 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.807176 0.085420 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.876153 0.051073 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:33.937408 0.169385 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:34.103162 0.157781 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:34.283157 0.053858 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:34.347717 0.134025 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:34.448766 0.127117 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:34.536779 0.340769 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:34.861725 0.381156 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:35.226491 0.164895 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:35.370877 0.397370 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:35.729666 0.436880 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:36.177982 0.163321 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:36.336062 0.311407 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:05:36.646230 0.353944 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:07:51.908795 3.001812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 10:07:58.916320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:08:06.917895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:08:22.921169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:08:54.926699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:15:01.937520 3.001485 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 10:15:08.944663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:15:16.945759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:15:32.949185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:16:04.955191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:20:34.283045 0.020139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 10:20:34.303293 0.496022 tcp 10.0.2.109 50721 -> 176.73.169.112 1959 FSPA* 0 0 15 1792 flow=From-Botnet-V1-TCP-Established 1970/02/03 10:22:10.964716 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 10:22:17.971704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:22:25.973491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:22:41.977505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:23:13.981894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:29:17.987883 3.001943 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 10:29:24.995387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:29:32.996894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:29:48.999516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:30:21.005835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:35:39.354000 0.000217 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 10:35:39.354276 0.166444 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:39.492365 0.101169 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:39.641681 0.191823 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:39.826316 0.144566 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:40.000293 0.113415 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:40.056799 0.033990 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:40.172067 0.092164 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:40.248836 0.069208 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1443 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:57.942428 0.051310 tcp 10.0.2.109 50722 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 10:35:57.994107 0.139865 tcp 10.0.2.109 50723 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 10:35:58.134492 0.197256 tcp 10.0.2.109 50724 -> 195.113.214.211 443 SRPA* 0 0 53 34577 flow=From-Botnet-V1-TCP-Established 1970/02/03 10:35:58.332453 0.112320 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:58.404521 0.079098 rtp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:58.495685 0.084812 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:58.561253 0.174353 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:58.732807 0.089668 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:58.803368 0.051071 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:58.880519 0.169749 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:59.045494 0.155723 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2021 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:59.294645 0.052709 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:59.496476 0.112324 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:59.577104 0.130405 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:59.668042 0.165046 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:35:59.810518 0.348358 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:36:00.140381 0.381232 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:36:00.502009 0.167763 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:36:00.664311 0.284115 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:36:00.913085 0.422845 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:36:01.386816 0.308679 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:36:01.694437 0.351780 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2566 flow=From-Botnet-V1-UDP-Established 1970/02/03 10:36:25.012019 3.001563 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 10:36:32.020134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:36:40.020826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:36:56.023429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:37:28.034610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:43:32.037257 3.000139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 10:43:39.043220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:43:47.044846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:44:03.047737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:44:35.054020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:50:34.791739 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 10:50:34.791878 0.584256 tcp 10.0.2.109 50725 -> 176.73.169.112 1959 FSPA* 0 0 14 1647 flow=From-Botnet-V1-TCP-Established 1970/02/03 10:50:39.059981 3.001555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 10:50:46.067373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:50:54.071002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:51:10.071785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:51:42.077833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:57:46.084648 3.000831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 10:57:53.091538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:58:01.092793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:58:17.095743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 10:58:49.101940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:05:16.120846 3.002004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 11:05:23.128592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:05:31.129958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:05:47.132905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:06:06.170420 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 11:06:06.170573 0.065717 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:06.219262 0.102980 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:06.331259 0.084329 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:06.389723 0.190377 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:06.572277 0.089957 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:06.643390 0.115502 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:06.809077 0.148858 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:06.949253 0.034055 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.080290 0.114851 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.156864 0.076480 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.216621 0.080889 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.279885 0.176336 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.453254 0.090597 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.523159 0.050760 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.582708 0.052487 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.724412 0.110609 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.801916 0.128873 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:07.893200 0.169622 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:08.039259 0.165589 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:08.214693 0.156935 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:08.374666 0.379060 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:08.737472 0.384260 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:09.103151 0.179950 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:09.288637 0.441156 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:09.691686 0.370942 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:10.061132 0.308826 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:10.368387 0.354496 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:06:19.138659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:12:30.145976 3.000707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 11:12:37.152491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:12:45.153941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:13:01.156749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:13:33.162975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:19:39.172277 3.001730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 11:19:46.179461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:19:54.180733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:20:10.183976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:20:35.380241 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 11:20:35.380345 0.530833 tcp 10.0.2.109 50726 -> 176.73.169.112 1959 FSPA* 0 0 15 1740 flow=From-Botnet-V1-TCP-Established 1970/02/03 11:20:42.189747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:26:46.196036 3.001194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 11:26:53.203122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:27:01.207116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:27:17.207707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:27:49.213755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:33:53.220643 3.000516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 11:34:00.227083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:34:08.228715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:34:24.231637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:34:56.237709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:36:33.237454 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 11:36:33.237561 0.232587 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:33.443376 0.198564 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:33.635106 0.089458 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:33.719219 0.114617 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:33.774355 0.069389 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:33.964917 0.099207 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:34.032513 0.155518 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:34.181107 0.032188 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:34.376460 0.108348 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:34.446955 0.078223 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:34.506947 0.081814 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:34.608008 0.174007 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:34.779281 0.088467 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:34.848534 0.051920 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:35.033026 0.051381 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:35.086708 0.168121 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:35.221901 0.128750 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:35.314257 0.167185 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:35.515633 0.367855 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:35.867039 0.168694 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:36.034814 0.158202 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:36.261271 0.380247 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:36.624132 0.165107 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:36.786733 0.192791 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:36.940231 0.354325 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:37.333309 0.308667 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:36:37.640610 0.352967 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/03 11:41:00.248424 2.999913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 11:41:07.251226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:41:15.252796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:41:31.255497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:42:03.261769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:48:07.268091 3.001243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 11:48:14.275224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:48:22.282883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:48:38.285421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:49:10.285642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:50:35.919082 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 11:50:35.919262 0.579890 tcp 10.0.2.109 50727 -> 176.73.169.112 1959 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/02/03 11:55:44.295156 3.001358 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 11:55:51.302436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:55:59.303591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:56:15.309942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 11:56:47.312823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:02:51.318848 3.001736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 12:02:58.326398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:03:06.327549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:03:22.330689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:03:54.336739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:06:56.739111 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 12:06:56.739258 0.089790 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:56.814016 0.114313 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:57.061992 0.070193 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:57.113068 0.259249 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:57.344766 0.196834 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:57.534385 0.101647 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:57.606001 0.153805 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:57.755241 0.033760 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 1941 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:57.827209 0.112219 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:57.901230 0.079122 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:57.998805 0.080818 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:58.064488 0.173143 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:58.233351 0.090594 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:58.305816 0.051837 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:58.391951 0.052208 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:58.453179 0.115067 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2016 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:58.536781 0.125966 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:58.626010 0.167136 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:58.769940 0.380999 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:59.135060 0.385467 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:59.504338 0.162657 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:59.661713 0.307978 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:06:59.932343 0.167380 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:07:00.128067 0.155539 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:07:00.322349 0.346625 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:07:00.670533 0.310509 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:07:00.979768 0.354030 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:09:58.343178 3.001612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 12:10:05.350067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:10:13.351603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:10:29.354777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:11:01.361067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:17:05.366784 3.001941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 12:17:12.374058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:17:20.375706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:17:36.378726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:18:08.384615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:20:36.498324 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 12:20:36.498475 3.003175 tcp 10.0.2.109 50728 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:20:45.500505 0.000000 tcp 10.0.2.109 50728 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:20:51.501398 0.053565 tcp 10.0.2.109 50729 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:20:51.555198 0.056301 tcp 10.0.2.109 50730 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:20:51.611788 0.132712 tcp 10.0.2.109 50731 -> 195.113.214.211 443 SRPA* 0 0 59 47771 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:20:51.765784 2.998113 tcp 10.0.2.109 50732 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:21:00.761944 0.000000 tcp 10.0.2.109 50732 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:21:06.760955 0.052941 tcp 10.0.2.109 50733 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:21:06.814273 0.054579 tcp 10.0.2.109 50734 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:21:06.868726 0.150150 tcp 10.0.2.109 50735 -> 195.113.214.211 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:21:07.039365 3.006238 tcp 10.0.2.109 50736 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:21:16.044284 0.000000 tcp 10.0.2.109 50736 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:21:22.033285 3.003938 tcp 10.0.2.109 50737 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:21:31.035804 0.000000 tcp 10.0.2.109 50737 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:24:12.389976 3.002608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 12:24:19.397806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:24:27.399645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:24:43.412981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:25:15.410823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:26:37.036480 0.000174 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 12:26:37.036751 2.993549 tcp 10.0.2.109 50738 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:26:46.028799 0.000000 tcp 10.0.2.109 50738 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:26:52.039602 0.114082 tcp 10.0.2.109 50739 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:26:52.154024 0.051888 tcp 10.0.2.109 50740 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:26:52.206380 0.157868 tcp 10.0.2.109 50741 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:26:52.468132 3.004258 tcp 10.0.2.109 50742 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:27:01.471439 0.000000 tcp 10.0.2.109 50742 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:27:07.470947 0.052672 tcp 10.0.2.109 50743 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:27:07.523977 0.053855 tcp 10.0.2.109 50744 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:27:07.578359 0.168786 tcp 10.0.2.109 50745 -> 195.113.214.211 443 SRPA* 0 0 28 14076 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:27:07.804940 2.999444 tcp 10.0.2.109 50746 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:27:16.803151 0.000000 tcp 10.0.2.109 50746 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:27:22.801292 3.004648 tcp 10.0.2.109 50747 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:27:31.804101 0.000000 tcp 10.0.2.109 50747 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:31:19.414971 3.001570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 12:31:26.422051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:31:34.423335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:31:50.426664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:32:22.432936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:32:37.805100 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 12:32:37.805282 2.993470 tcp 10.0.2.109 50748 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:32:46.807485 0.000000 tcp 10.0.2.109 50748 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:32:52.808194 0.057239 tcp 10.0.2.109 50749 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:32:52.865752 0.057708 tcp 10.0.2.109 50750 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:32:52.923735 0.152667 tcp 10.0.2.109 50751 -> 195.113.214.211 443 SRPA* 0 0 23 13298 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:32:53.086941 2.983865 tcp 10.0.2.109 50752 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:33:02.069543 0.000000 tcp 10.0.2.109 50752 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:33:08.078881 0.054350 tcp 10.0.2.109 50753 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:33:08.133506 0.052309 tcp 10.0.2.109 50754 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:33:08.186117 0.167661 tcp 10.0.2.109 50755 -> 195.113.214.211 443 SRPA* 0 0 24 14051 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:33:08.365293 2.997598 tcp 10.0.2.109 50756 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:33:17.361594 0.000000 tcp 10.0.2.109 50756 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:33:23.360371 3.004098 tcp 10.0.2.109 50757 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:33:32.363257 0.000000 tcp 10.0.2.109 50757 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:37:15.148699 0.010652 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 12:37:15.159445 0.068491 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:15.210974 0.128136 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:15.316825 0.192140 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:15.500645 0.101202 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:15.570416 0.090550 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:15.682442 0.113737 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:15.816150 0.146116 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:15.958061 0.031982 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:16.145605 0.115186 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:16.220148 0.077530 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:16.291656 0.078330 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:16.354442 0.174549 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:16.526420 0.084564 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:16.669212 0.054455 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:16.791033 0.053122 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:16.929145 0.119658 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:17.013214 0.339608 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:17.335917 0.390617 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:17.709715 0.129319 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:17.801494 0.166201 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:17.950833 0.162778 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:18.107748 0.536574 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:18.608488 0.167006 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:19.056771 0.156423 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:19.319303 0.350409 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:19.766445 0.337999 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:20.105388 4.952832 tcp 10.0.2.109 50758 -> 27.54.121.253 8878 SPA_* 0 0 143 104129 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:37:20.114710 0.309576 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/03 12:37:25.409134 4.986435 tcp 10.0.2.109 50758 -> 27.54.121.253 8878 A_PA 0 0 184 132816 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:37:30.745182 4.960234 tcp 10.0.2.109 50758 -> 27.54.121.253 8878 A_PA 0 0 175 132330 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:37:36.051655 4.993345 tcp 10.0.2.109 50758 -> 27.54.121.253 8878 A_PA 0 0 183 132762 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:37:41.390242 4.973237 tcp 10.0.2.109 50758 -> 27.54.121.253 8878 A_PA 0 0 183 132762 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:37:46.707209 1.386711 tcp 10.0.2.109 50758 -> 27.54.121.253 8878 FPA_* 0 0 26 14169 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:38:26.438599 3.001983 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 12:38:33.445977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:38:38.363909 3.003501 tcp 10.0.2.109 50759 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:38:41.447458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:38:42.999764 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 12:38:47.376088 0.000000 tcp 10.0.2.109 50759 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:38:53.366963 0.055571 tcp 10.0.2.109 50760 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:38:53.422818 0.054060 tcp 10.0.2.109 50761 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:38:53.477187 0.163806 tcp 10.0.2.109 50762 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:38:53.662566 2.996822 tcp 10.0.2.109 50763 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:38:57.450793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:39:02.657783 0.000000 tcp 10.0.2.109 50763 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:39:08.656441 0.053002 tcp 10.0.2.109 50764 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:39:08.709743 0.054796 tcp 10.0.2.109 50765 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:39:08.764807 0.165984 tcp 10.0.2.109 50766 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:39:09.063249 3.003246 tcp 10.0.2.109 50767 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:39:18.061003 0.000000 tcp 10.0.2.109 50767 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:39:24.058881 3.003988 tcp 10.0.2.109 50768 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:39:29.457214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:39:33.066765 0.000000 tcp 10.0.2.109 50768 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:44:39.062319 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 12:44:39.062520 3.003518 tcp 10.0.2.109 50769 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:44:48.064570 0.000000 tcp 10.0.2.109 50769 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:44:54.065248 0.052747 tcp 10.0.2.109 50770 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:44:54.118327 0.054114 tcp 10.0.2.109 50771 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:44:54.172710 0.147502 tcp 10.0.2.109 50772 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:44:54.422827 2.995101 tcp 10.0.2.109 50773 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:45:03.426873 0.000000 tcp 10.0.2.109 50773 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:45:09.416067 0.053137 tcp 10.0.2.109 50774 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:45:09.469551 0.053326 tcp 10.0.2.109 50775 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:45:09.523171 0.155686 tcp 10.0.2.109 50776 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:45:09.706832 2.993181 tcp 10.0.2.109 50777 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:45:18.698750 0.000000 tcp 10.0.2.109 50777 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:45:24.710544 3.006224 tcp 10.0.2.109 50778 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:45:33.463020 3.004334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 12:45:33.710080 0.000000 tcp 10.0.2.109 50778 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:45:40.469753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:45:48.478338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:46:04.474354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:46:36.480676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:50:39.711134 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 12:50:39.711336 3.003030 tcp 10.0.2.109 50779 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:50:48.712861 0.000000 tcp 10.0.2.109 50779 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:50:54.713980 0.055837 tcp 10.0.2.109 50780 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:50:54.770166 0.053258 tcp 10.0.2.109 50781 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:50:54.823688 0.144765 tcp 10.0.2.109 50782 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:50:55.024753 3.001786 tcp 10.0.2.109 50783 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:51:04.025096 0.000000 tcp 10.0.2.109 50783 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:51:10.024411 0.056494 tcp 10.0.2.109 50784 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:51:10.081195 0.055169 tcp 10.0.2.109 50785 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:51:10.136624 0.146144 tcp 10.0.2.109 50786 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:51:10.307890 3.000562 tcp 10.0.2.109 50787 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:51:19.317078 0.000000 tcp 10.0.2.109 50787 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:51:25.305677 2.994146 tcp 10.0.2.109 50788 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:51:34.298555 0.000000 tcp 10.0.2.109 50788 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:54:27.493984 2.997986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 12:54:34.497843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:54:42.499121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:54:58.502432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:55:30.508194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 12:56:40.308973 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 12:56:40.309057 3.003840 tcp 10.0.2.109 50789 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:56:49.311686 0.000000 tcp 10.0.2.109 50789 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:56:55.311721 0.053073 tcp 10.0.2.109 50790 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:56:55.365042 0.059203 tcp 10.0.2.109 50791 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:56:55.424517 0.173219 tcp 10.0.2.109 50792 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:56:55.617198 2.997811 tcp 10.0.2.109 50793 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:57:04.613552 0.000000 tcp 10.0.2.109 50793 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:57:10.612791 0.051753 tcp 10.0.2.109 50794 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:57:10.664826 0.075795 tcp 10.0.2.109 50795 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:57:10.740925 0.152299 tcp 10.0.2.109 50796 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 12:57:10.910113 3.006866 tcp 10.0.2.109 50797 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:57:19.915632 0.000000 tcp 10.0.2.109 50797 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:57:25.903784 2.995014 tcp 10.0.2.109 50798 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 12:57:34.907529 0.000000 tcp 10.0.2.109 50798 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:01:56.525681 3.002043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 13:02:03.533267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:02:11.534927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:02:27.537751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:02:59.543829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:07:20.479425 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 13:07:20.479531 0.194163 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:20.666160 0.099680 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:20.730668 0.091994 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:20.806402 0.112595 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:20.889308 0.066536 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:20.938013 0.092033 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.003400 0.156527 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.152354 0.033936 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.185059 0.132281 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.278005 0.080620 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.341971 0.083055 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2544 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.406247 0.173813 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.576279 0.089592 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.648234 0.050867 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.700728 0.052781 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:21.942961 0.387951 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:22.315534 0.127763 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:22.406656 0.127989 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:22.498004 0.366256 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:22.846885 0.166126 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:22.991014 0.167413 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:23.152506 0.615448 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:23.728190 0.171518 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:23.901040 0.155524 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:24.057794 0.353888 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:24.407984 0.345098 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:24.774298 0.308667 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:07:25.937489 2.993635 tcp 10.0.2.109 50799 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:07:34.929875 0.000000 tcp 10.0.2.109 50799 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:07:40.940406 0.054932 tcp 10.0.2.109 50800 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:07:40.995587 0.054334 tcp 10.0.2.109 50801 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:07:41.050201 0.149659 tcp 10.0.2.109 50802 -> 195.113.214.211 443 SRPA* 0 0 40 31268 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:07:41.236552 2.996394 tcp 10.0.2.109 50803 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:07:50.231809 0.000000 tcp 10.0.2.109 50803 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:07:56.231289 0.053133 tcp 10.0.2.109 50804 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:07:56.284668 0.055213 tcp 10.0.2.109 50805 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:07:56.340191 0.155459 tcp 10.0.2.109 50806 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:07:56.506584 2.998557 tcp 10.0.2.109 50807 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:08:05.503736 0.000000 tcp 10.0.2.109 50807 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:08:11.502755 3.004294 tcp 10.0.2.109 50808 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:08:20.505221 0.000000 tcp 10.0.2.109 50808 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:09:09.557765 3.002408 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 13:09:16.565822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:09:24.567280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:09:40.570397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:10:12.576514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:13:26.505682 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 13:13:26.505791 2.993728 tcp 10.0.2.109 50809 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:13:35.498477 0.000000 tcp 10.0.2.109 50809 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:13:41.508679 0.053331 tcp 10.0.2.109 50810 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:13:41.562466 0.054750 tcp 10.0.2.109 50811 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:13:41.617569 0.154078 tcp 10.0.2.109 50812 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:13:41.794005 2.997394 tcp 10.0.2.109 50813 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:13:50.790377 0.000000 tcp 10.0.2.109 50813 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:13:56.789569 0.053520 tcp 10.0.2.109 50814 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:13:56.843396 0.052871 tcp 10.0.2.109 50815 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:13:56.896523 0.150971 tcp 10.0.2.109 50816 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:13:57.119426 3.004193 tcp 10.0.2.109 50817 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:14:06.122165 0.000000 tcp 10.0.2.109 50817 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:14:12.121162 3.004063 tcp 10.0.2.109 50818 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:14:21.123809 0.000000 tcp 10.0.2.109 50818 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:16:21.589868 3.001437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 13:16:28.596786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:16:36.598713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:16:52.601637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:17:24.613533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:19:27.127354 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 13:19:27.127466 2.990397 tcp 10.0.2.109 50819 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:19:36.126652 0.000000 tcp 10.0.2.109 50819 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:19:42.130555 0.053162 tcp 10.0.2.109 50820 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:19:42.183960 0.053427 tcp 10.0.2.109 50821 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:19:42.237779 0.222147 tcp 10.0.2.109 50822 -> 195.113.214.211 443 SRPA* 0 0 46 40390 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:19:42.604925 2.995461 tcp 10.0.2.109 50823 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:19:51.598772 0.000000 tcp 10.0.2.109 50823 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:19:57.598434 0.052913 tcp 10.0.2.109 50824 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:19:57.651601 0.053206 tcp 10.0.2.109 50825 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:19:57.705182 0.153038 tcp 10.0.2.109 50826 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:19:57.920812 3.001372 tcp 10.0.2.109 50827 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:20:06.920877 0.000000 tcp 10.0.2.109 50827 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:20:12.919664 3.004256 tcp 10.0.2.109 50828 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:20:21.922840 0.000000 tcp 10.0.2.109 50828 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:23:31.617420 3.001922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 13:23:38.625148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:23:46.630190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:24:02.629819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:24:34.635991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:25:27.923464 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 13:25:27.923575 3.003314 tcp 10.0.2.109 50829 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:25:36.925264 0.000000 tcp 10.0.2.109 50829 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:25:42.926276 0.053073 tcp 10.0.2.109 50830 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:25:42.979663 0.052183 tcp 10.0.2.109 50831 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:25:43.032094 0.148777 tcp 10.0.2.109 50832 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:25:43.520160 2.988900 tcp 10.0.2.109 50833 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:25:52.519741 0.000000 tcp 10.0.2.109 50833 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:25:58.510155 0.052106 tcp 10.0.2.109 50834 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:25:58.562573 0.053405 tcp 10.0.2.109 50835 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:25:58.616258 0.149012 tcp 10.0.2.109 50836 -> 195.113.214.211 443 SRPA* 0 0 40 34544 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:25:58.961007 3.000693 tcp 10.0.2.109 50837 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:26:07.963755 0.000000 tcp 10.0.2.109 50837 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:26:13.970822 3.011963 tcp 10.0.2.109 50838 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:26:22.961742 0.000000 tcp 10.0.2.109 50838 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:30:38.642360 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 13:30:45.649430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:30:53.650729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:31:09.653807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:31:41.660044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:37:25.564303 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 13:37:25.564536 0.193801 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:25.751500 0.099667 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:25.815480 0.099248 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:25.897037 0.114000 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.006394 0.068057 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.057063 0.086123 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.118595 0.156597 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.264046 0.033667 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.336649 0.110454 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.409652 0.078317 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.494705 0.078586 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.558134 0.184697 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.736358 0.089931 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.806622 0.050693 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:26.922229 0.052300 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:27.071687 0.381206 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:27.434483 0.130207 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:27.524435 0.129873 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:27.625982 0.343314 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:27.949968 0.168094 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:28.096330 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 13:37:28.999832 3.003603 tcp 10.0.2.109 50839 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:37:38.002135 0.000000 tcp 10.0.2.109 50839 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:37:44.002585 0.053117 tcp 10.0.2.109 50840 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:37:44.056035 0.052799 tcp 10.0.2.109 50841 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:37:44.109241 0.149919 tcp 10.0.2.109 50842 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:37:44.296910 2.998921 tcp 10.0.2.109 50843 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:37:45.253067 0.055558 tcp 10.0.2.109 50844 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:37:45.308923 0.051587 tcp 10.0.2.109 50845 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:37:45.360790 0.153690 tcp 10.0.2.109 50846 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:37:45.511951 0.516492 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:45.666486 3.001101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 13:37:45.991920 0.165809 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:46.171178 0.348782 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:46.551332 0.308920 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:46.882807 0.155506 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:47.062756 0.350076 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/03 13:37:52.673228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:37:53.294191 0.000000 tcp 10.0.2.109 50843 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:37:59.293329 0.053060 tcp 10.0.2.109 50847 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:37:59.346792 0.052299 tcp 10.0.2.109 50848 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:37:59.399399 0.161151 tcp 10.0.2.109 50849 -> 195.113.214.211 443 SRPA* 0 0 68 69850 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:37:59.573773 3.003864 tcp 10.0.2.109 50850 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:38:00.674811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:38:08.585819 0.000000 tcp 10.0.2.109 50850 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:38:14.574798 2.994148 tcp 10.0.2.109 50851 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:38:16.677740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:38:23.577871 0.000000 tcp 10.0.2.109 50851 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:38:48.683785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:43:29.578163 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 13:43:29.578307 3.003675 tcp 10.0.2.109 50852 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:43:38.580695 0.000000 tcp 10.0.2.109 50852 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:43:44.581497 0.052527 tcp 10.0.2.109 50853 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:43:44.634466 0.053514 tcp 10.0.2.109 50854 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:43:44.688260 0.153256 tcp 10.0.2.109 50855 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:43:44.900093 3.003898 tcp 10.0.2.109 50856 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:43:53.902679 0.000000 tcp 10.0.2.109 50856 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:43:59.902239 0.051498 tcp 10.0.2.109 50857 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:43:59.954047 0.052764 tcp 10.0.2.109 50858 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:44:00.007073 0.155185 tcp 10.0.2.109 50859 -> 195.113.214.211 443 SRPA* 0 0 46 26502 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:44:00.210987 3.005026 tcp 10.0.2.109 50860 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:44:09.214808 0.000000 tcp 10.0.2.109 50860 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:44:15.203737 2.993859 tcp 10.0.2.109 50861 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:44:24.205658 0.000000 tcp 10.0.2.109 50861 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:44:52.691554 3.000040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 13:44:59.697001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:45:07.698940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:45:23.701636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:45:55.708066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:49:30.206965 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 13:49:30.207047 2.993592 tcp 10.0.2.109 50862 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:49:39.199058 0.000000 tcp 10.0.2.109 50862 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:49:45.209305 0.052339 tcp 10.0.2.109 50863 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:49:45.261946 0.052442 tcp 10.0.2.109 50864 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:49:45.314762 0.149340 tcp 10.0.2.109 50865 -> 195.113.214.211 443 SRPA* 0 0 50 35084 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:49:45.563410 2.999189 tcp 10.0.2.109 50866 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:49:54.561096 0.000000 tcp 10.0.2.109 50866 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:50:00.560258 0.052402 tcp 10.0.2.109 50867 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:50:00.613027 0.053859 tcp 10.0.2.109 50868 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:50:00.667136 0.156191 tcp 10.0.2.109 50869 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:50:00.846291 2.998464 tcp 10.0.2.109 50870 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:50:09.843078 0.000000 tcp 10.0.2.109 50870 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:50:15.842047 3.003842 tcp 10.0.2.109 50871 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:50:24.844729 0.000000 tcp 10.0.2.109 50871 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:54:02.720704 3.001071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 13:54:09.727978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:54:17.729461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:54:33.732679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:55:05.738938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 13:55:30.845433 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 13:55:30.845595 2.993323 tcp 10.0.2.109 50872 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:55:39.837399 0.000000 tcp 10.0.2.109 50872 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:55:45.847780 0.052870 tcp 10.0.2.109 50873 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:55:45.900919 0.055143 tcp 10.0.2.109 50874 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:55:45.956311 0.150809 tcp 10.0.2.109 50875 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:55:46.133121 2.998039 tcp 10.0.2.109 50876 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:55:55.129608 0.000000 tcp 10.0.2.109 50876 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:56:01.128836 0.055806 tcp 10.0.2.109 50877 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:56:01.184909 0.051852 tcp 10.0.2.109 50878 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:56:01.237061 0.156771 tcp 10.0.2.109 50879 -> 195.113.214.211 443 SRPA* 0 0 44 27874 flow=From-Botnet-V1-TCP-Established 1970/02/03 13:56:01.404518 2.998446 tcp 10.0.2.109 50880 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:56:10.401742 0.000000 tcp 10.0.2.109 50880 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:56:16.400591 3.004237 tcp 10.0.2.109 50881 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 13:56:25.403604 0.000000 tcp 10.0.2.109 50881 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:01:19.748488 3.002098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 14:01:26.755983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:01:31.403384 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 14:01:31.403527 3.003982 tcp 10.0.2.109 50882 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:01:34.757758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:01:40.416404 0.000000 tcp 10.0.2.109 50882 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:01:46.406672 0.054431 tcp 10.0.2.109 50883 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:01:46.461467 0.053102 tcp 10.0.2.109 50884 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:01:46.514911 0.154055 tcp 10.0.2.109 50885 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:01:46.685554 2.993789 tcp 10.0.2.109 50886 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:01:50.761115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:01:55.677879 0.000000 tcp 10.0.2.109 50886 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:02:22.766825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:07:59.611743 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 14:07:59.611881 0.162847 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:07:59.769072 0.092339 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:07:59.845408 0.195362 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.034591 0.097503 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.099419 0.066651 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.148682 0.085903 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.235271 0.146078 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.373118 0.109713 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.484866 0.110446 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.556941 0.074734 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2000 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.615243 0.078888 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.678656 0.233376 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.908739 0.092695 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:00.983040 0.051160 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:01.044294 0.031827 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:01.074937 0.115671 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:01.155806 0.052346 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:01.231915 0.379282 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:01.594191 0.123977 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:01.680520 0.378167 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:01.700939 2.997529 tcp 10.0.2.109 50887 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:08:02.038753 0.169017 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:02.185721 0.536151 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:02.682622 0.172388 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:02.872924 0.337573 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:03.229494 0.311243 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:03.539756 0.155369 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:03.705233 0.350617 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:08:10.707125 0.000000 tcp 10.0.2.109 50887 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:08:16.697739 0.052941 tcp 10.0.2.109 50888 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:08:16.750967 0.053820 tcp 10.0.2.109 50889 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:08:16.805050 0.146568 tcp 10.0.2.109 50890 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:08:17.040593 2.999889 tcp 10.0.2.109 50891 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:08:26.039401 0.000000 tcp 10.0.2.109 50891 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:08:32.038723 0.051771 tcp 10.0.2.109 50892 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:08:32.090781 0.054415 tcp 10.0.2.109 50893 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:08:32.145059 0.150203 tcp 10.0.2.109 50894 -> 195.113.214.211 443 SRPA* 0 0 41 22030 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:08:32.521643 3.001228 tcp 10.0.2.109 50895 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:08:41.521613 0.000000 tcp 10.0.2.109 50895 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:08:42.776134 3.001612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 14:08:47.520306 3.004167 tcp 10.0.2.109 50896 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:08:49.783287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:08:56.522960 0.000000 tcp 10.0.2.109 50896 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:08:57.784628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:09:13.787326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:09:45.794168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:14:02.523806 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 14:14:02.523956 3.003448 tcp 10.0.2.109 50897 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:14:11.535988 0.000000 tcp 10.0.2.109 50897 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:14:17.526855 0.053759 tcp 10.0.2.109 50898 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:14:17.580959 0.053876 tcp 10.0.2.109 50899 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:14:17.635155 0.148484 tcp 10.0.2.109 50900 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:14:17.875706 2.993893 tcp 10.0.2.109 50901 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:14:26.867913 0.000000 tcp 10.0.2.109 50901 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:14:32.877303 0.053482 tcp 10.0.2.109 50902 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:14:32.931090 0.054066 tcp 10.0.2.109 50903 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:14:32.985461 0.149491 tcp 10.0.2.109 50904 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:14:33.144665 2.996601 tcp 10.0.2.109 50905 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:14:42.139995 0.000000 tcp 10.0.2.109 50905 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:14:48.139059 3.003894 tcp 10.0.2.109 50906 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:14:57.141541 0.000000 tcp 10.0.2.109 50906 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:15:49.799388 3.002227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 14:15:56.809510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:16:04.809002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:16:20.812453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:16:52.818384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:20:03.142048 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 14:20:03.142248 3.004357 tcp 10.0.2.109 50907 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:20:12.144461 0.000000 tcp 10.0.2.109 50907 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:20:18.145282 0.053168 tcp 10.0.2.109 50908 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:20:18.198764 0.053600 tcp 10.0.2.109 50909 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:20:18.252676 0.145783 tcp 10.0.2.109 50910 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:20:18.491455 2.996654 tcp 10.0.2.109 50911 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:20:27.496577 0.000000 tcp 10.0.2.109 50911 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:20:33.485770 0.052295 tcp 10.0.2.109 50912 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:20:33.538363 0.054242 tcp 10.0.2.109 50913 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:20:33.592883 0.142076 tcp 10.0.2.109 50914 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:20:33.767833 3.001940 tcp 10.0.2.109 50915 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:20:42.768819 0.000000 tcp 10.0.2.109 50915 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:20:48.766854 3.004763 tcp 10.0.2.109 50916 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:20:57.770306 0.000000 tcp 10.0.2.109 50916 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:22:56.823216 3.001760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 14:23:03.831572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:23:11.835395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:23:27.835861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:23:59.841979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:26:03.770141 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 14:26:03.770239 3.004749 tcp 10.0.2.109 50917 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:26:12.777288 0.000000 tcp 10.0.2.109 50917 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:26:18.773786 0.053693 tcp 10.0.2.109 50918 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:26:18.827749 0.051838 tcp 10.0.2.109 50919 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:26:18.879883 0.151054 tcp 10.0.2.109 50920 -> 195.113.214.211 443 SRPA* 0 0 51 32502 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:26:19.183186 3.005264 tcp 10.0.2.109 50921 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:26:28.185272 0.000000 tcp 10.0.2.109 50921 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:26:34.191182 0.052295 tcp 10.0.2.109 50922 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:26:34.243739 0.051582 tcp 10.0.2.109 50923 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:26:34.295644 0.150431 tcp 10.0.2.109 50924 -> 195.113.214.211 443 SRPA* 0 0 23 13802 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:26:34.788929 2.989922 tcp 10.0.2.109 50925 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:26:43.787637 0.000000 tcp 10.0.2.109 50925 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:26:49.786449 2.998221 tcp 10.0.2.109 50926 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:26:58.779221 0.000000 tcp 10.0.2.109 50926 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:30:03.849636 2.999891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 14:30:10.855091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:30:18.856735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:30:34.859847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:31:06.865396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:37:10.871898 3.001213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 14:37:17.879305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:37:25.880733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:37:41.883244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:38:13.890023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:38:18.516909 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 14:38:18.517123 0.166173 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:18.698528 0.091362 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:18.772851 0.187517 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:18.952745 0.097249 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.016549 0.062893 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.107673 0.082659 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.164321 0.147198 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.303932 0.112439 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.363643 0.115906 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.490319 0.078130 rtp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.551361 0.080101 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.687867 0.184974 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.829304 3.003154 tcp 10.0.2.109 50927 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:38:19.870252 0.083676 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:19.935431 0.050470 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:20.026890 0.031749 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:20.057320 0.309432 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:20.330327 0.123961 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:20.416839 0.387406 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2544 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:20.800951 0.167660 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:20.944335 0.052939 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:21.035111 0.412858 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:21.430196 0.118149 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:21.558380 0.173211 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:21.727594 0.342262 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:22.221256 0.349416 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:22.567149 0.309808 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:22.894742 0.162638 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/03 14:38:28.831488 0.000000 tcp 10.0.2.109 50927 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:38:34.832009 0.053577 tcp 10.0.2.109 50928 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:38:34.885923 0.053946 tcp 10.0.2.109 50929 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:38:34.940154 0.145542 tcp 10.0.2.109 50930 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:38:35.146075 2.998696 tcp 10.0.2.109 50931 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:38:44.143666 0.000000 tcp 10.0.2.109 50931 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:38:50.143145 0.053297 tcp 10.0.2.109 50932 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:38:50.196773 0.052567 tcp 10.0.2.109 50933 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:38:50.249605 0.157672 tcp 10.0.2.109 50934 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:38:50.452450 3.016137 tcp 10.0.2.109 50935 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:38:59.459315 0.000000 tcp 10.0.2.109 50935 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:39:05.455668 2.992242 tcp 10.0.2.109 50936 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:39:14.458699 0.000000 tcp 10.0.2.109 50936 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:44:17.896313 3.027486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 14:44:20.477036 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 14:44:20.477214 2.991164 tcp 10.0.2.109 50937 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:44:24.913865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:44:29.459875 0.000000 tcp 10.0.2.109 50937 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:44:32.914594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:44:35.460294 0.054912 tcp 10.0.2.109 50938 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:44:35.515549 0.052872 tcp 10.0.2.109 50939 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:44:35.568744 0.147182 tcp 10.0.2.109 50940 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:44:35.726691 2.995760 tcp 10.0.2.109 50941 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:44:44.721748 0.000000 tcp 10.0.2.109 50941 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:44:48.917770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:44:50.721563 0.051618 tcp 10.0.2.109 50942 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:44:50.773475 0.053758 tcp 10.0.2.109 50943 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:44:50.827557 0.148752 tcp 10.0.2.109 50944 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:44:51.087942 3.007388 tcp 10.0.2.109 50945 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:45:00.093589 0.000000 tcp 10.0.2.109 50945 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:45:06.082607 3.003576 tcp 10.0.2.109 50946 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:45:15.085656 0.000000 tcp 10.0.2.109 50946 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:45:20.923964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:50:21.088185 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 14:50:21.088382 2.994424 tcp 10.0.2.109 50947 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:50:30.078427 0.000000 tcp 10.0.2.109 50947 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:50:36.088721 0.055944 tcp 10.0.2.109 50948 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:50:36.145113 0.051888 tcp 10.0.2.109 50949 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:50:36.197347 0.145686 tcp 10.0.2.109 50950 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:50:36.402207 2.989623 tcp 10.0.2.109 50951 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:50:45.390347 0.000000 tcp 10.0.2.109 50951 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:50:51.391990 0.052399 tcp 10.0.2.109 50952 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:50:51.444653 0.051660 tcp 10.0.2.109 50953 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:50:51.496572 0.152420 tcp 10.0.2.109 50954 -> 195.113.214.211 443 SRPA* 0 0 69 69904 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:50:52.167864 3.034508 tcp 10.0.2.109 50955 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:51:01.162990 0.000000 tcp 10.0.2.109 50955 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:51:07.171735 3.004617 tcp 10.0.2.109 50956 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:51:16.174512 0.000000 tcp 10.0.2.109 50956 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:53:43.939139 3.002384 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 14:53:50.947284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:53:58.949106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:54:14.951565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:54:46.957718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 14:56:22.175181 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 14:56:22.175290 2.993702 tcp 10.0.2.109 50957 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:56:31.177459 0.000000 tcp 10.0.2.109 50957 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:56:37.179933 0.053605 tcp 10.0.2.109 50958 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:56:37.233816 0.054092 tcp 10.0.2.109 50959 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:56:37.288251 0.149414 tcp 10.0.2.109 50960 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:56:37.453630 2.997184 tcp 10.0.2.109 50961 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:56:46.449197 0.000000 tcp 10.0.2.109 50961 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:56:52.448538 0.054957 tcp 10.0.2.109 50962 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:56:52.503711 0.054678 tcp 10.0.2.109 50963 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:56:52.558713 0.144460 tcp 10.0.2.109 50964 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 14:56:52.713244 2.999030 tcp 10.0.2.109 50965 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:57:01.711390 0.000000 tcp 10.0.2.109 50965 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:57:07.709645 3.004218 tcp 10.0.2.109 50966 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 14:57:16.712962 0.000000 tcp 10.0.2.109 50966 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:00:50.963964 3.001845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 15:00:57.971353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:01:05.972155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:01:21.975256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:01:53.981712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:08:07.992148 3.001405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 15:08:14.999468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:08:23.001105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:08:39.003843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:08:50.200577 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 15:08:50.200699 0.221897 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:50.390993 0.193792 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:50.603585 0.091203 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2559 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:50.677283 0.099965 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:50.743141 0.069949 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:50.814945 0.087082 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2535 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:50.874730 0.154393 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.021001 0.116852 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.081437 0.113111 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.208020 0.076735 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.266596 0.087381 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.337628 0.173738 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.507738 0.087596 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.577658 0.051002 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.645992 0.032810 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.694737 0.120476 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.781391 0.125268 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:51.868041 0.348845 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:52.196043 0.165957 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:52.339065 0.117943 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:52.416525 0.169305 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:52.658789 0.053848 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:52.726704 0.383188 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:52.767685 2.981668 tcp 10.0.2.109 50967 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:08:53.088491 0.310734 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:53.398285 0.344645 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:53.758013 0.354569 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:08:54.108943 0.160961 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:09:01.756622 0.000000 tcp 10.0.2.109 50967 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:09:07.757361 0.052610 tcp 10.0.2.109 50968 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:09:07.810236 0.052718 tcp 10.0.2.109 50969 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:09:07.863228 0.149617 tcp 10.0.2.109 50970 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:09:08.023052 2.996840 tcp 10.0.2.109 50971 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:09:11.009940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:09:17.018393 0.000000 tcp 10.0.2.109 50971 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:09:23.017761 0.051992 tcp 10.0.2.109 50972 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:09:23.070011 0.053324 tcp 10.0.2.109 50973 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:09:23.123720 0.144545 tcp 10.0.2.109 50974 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:09:23.284345 2.997646 tcp 10.0.2.109 50975 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:09:32.280426 0.000000 tcp 10.0.2.109 50975 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:09:38.279189 3.004305 tcp 10.0.2.109 50976 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:09:47.281985 0.000000 tcp 10.0.2.109 50976 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:14:53.282729 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 15:14:53.282841 3.003758 tcp 10.0.2.109 50977 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:15:02.284959 0.000000 tcp 10.0.2.109 50977 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:15:08.285349 0.053018 tcp 10.0.2.109 50978 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:15:08.338616 0.053295 tcp 10.0.2.109 50979 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:15:08.392162 0.150429 tcp 10.0.2.109 50980 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:15:08.649240 2.989188 tcp 10.0.2.109 50981 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:15:15.016736 3.000854 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 15:15:17.647677 0.000000 tcp 10.0.2.109 50981 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:15:22.023540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:15:23.645633 0.053984 tcp 10.0.2.109 50982 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:15:23.699880 0.053569 tcp 10.0.2.109 50983 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:15:23.753747 0.144109 tcp 10.0.2.109 50984 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:15:24.014197 2.996420 tcp 10.0.2.109 50985 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:15:30.025106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:15:33.009124 0.000000 tcp 10.0.2.109 50985 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:15:39.008060 3.007619 tcp 10.0.2.109 50986 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:15:46.027973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:15:48.010879 0.000000 tcp 10.0.2.109 50986 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:16:18.033566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:20:54.011178 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 15:20:54.011306 3.003856 tcp 10.0.2.109 50987 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:21:03.013441 0.000000 tcp 10.0.2.109 50987 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:21:09.014245 0.052581 tcp 10.0.2.109 50988 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:21:09.067092 0.053287 tcp 10.0.2.109 50989 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:21:09.120671 0.154169 tcp 10.0.2.109 50990 -> 195.113.214.211 443 SRPA* 0 0 46 27964 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:21:09.301164 3.005861 tcp 10.0.2.109 50991 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:21:18.305553 0.000000 tcp 10.0.2.109 50991 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:21:24.294984 0.051547 tcp 10.0.2.109 50992 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:21:24.346800 0.053174 tcp 10.0.2.109 50993 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:21:24.400236 0.149662 tcp 10.0.2.109 50994 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:21:24.580654 2.998184 tcp 10.0.2.109 50995 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:21:33.577544 0.000000 tcp 10.0.2.109 50995 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:21:39.575861 2.994560 tcp 10.0.2.109 50996 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:21:48.569067 0.000000 tcp 10.0.2.109 50996 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:22:22.040234 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 15:22:29.047437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:22:37.048800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:22:53.051953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:23:25.058096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:26:54.580033 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 15:26:54.580142 3.005926 tcp 10.0.2.109 50997 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:27:03.584074 0.000000 tcp 10.0.2.109 50997 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:27:09.582594 0.052697 tcp 10.0.2.109 50998 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:27:09.635533 0.052949 tcp 10.0.2.109 50999 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:27:09.688746 0.144845 tcp 10.0.2.109 51000 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:27:09.872517 3.005829 tcp 10.0.2.109 51001 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:27:18.873942 0.000000 tcp 10.0.2.109 51001 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:27:24.873476 0.051610 tcp 10.0.2.109 51002 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:27:24.925386 0.052523 tcp 10.0.2.109 51003 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:27:24.978341 0.155367 tcp 10.0.2.109 51004 -> 195.113.214.211 443 SRPA* 0 0 67 69794 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:27:25.286611 3.001029 tcp 10.0.2.109 51005 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:27:34.296532 0.000000 tcp 10.0.2.109 51005 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:27:40.285082 2.993855 tcp 10.0.2.109 51006 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:27:49.277825 0.000000 tcp 10.0.2.109 51006 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:29:29.063538 3.007052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 15:29:36.072622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:29:44.072722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:30:00.075908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:30:32.085479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:36:36.088781 3.000601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 15:36:43.095308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:36:51.096826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:37:07.099774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:37:39.105848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:39:01.554933 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 15:39:01.555038 0.193695 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:01.740989 0.100986 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:01.922009 0.066367 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:01.972869 0.080823 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:02.077083 0.146932 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:02.216516 0.116183 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:02.468853 0.163046 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:02.626695 0.090026 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:02.717728 0.112258 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:02.791501 0.074594 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:02.883149 0.077466 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:02.944825 0.174815 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2616 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:03.117039 0.087512 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:03.185006 0.050929 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:03.290843 0.033890 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:03.418634 0.117522 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:03.506094 0.122291 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:03.589693 0.743363 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2538 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:04.290942 0.165473 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:04.474623 0.344261 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:04.800346 0.165929 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:04.943665 0.052937 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:05.018140 0.391993 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:05.392593 0.399932 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:05.791412 0.341121 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:06.163027 0.354618 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:06.513683 0.157671 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/03 15:39:10.327587 3.005758 tcp 10.0.2.109 51007 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:39:19.330723 0.000000 tcp 10.0.2.109 51007 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:39:25.333113 0.052061 tcp 10.0.2.109 51008 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:39:25.385435 0.053015 tcp 10.0.2.109 51009 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:39:25.438797 0.153155 tcp 10.0.2.109 51010 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:39:25.624917 2.997849 tcp 10.0.2.109 51011 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:39:34.621873 0.000000 tcp 10.0.2.109 51011 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:39:40.621014 0.052315 tcp 10.0.2.109 51012 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:39:40.673620 0.053072 tcp 10.0.2.109 51013 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:39:40.726977 0.144797 tcp 10.0.2.109 51014 -> 195.113.214.211 443 SRPA* 0 0 21 13070 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:39:40.917980 3.007502 tcp 10.0.2.109 51015 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:39:49.923481 0.000000 tcp 10.0.2.109 51015 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:39:55.912781 3.004040 tcp 10.0.2.109 51016 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:40:04.915329 0.000000 tcp 10.0.2.109 51016 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:43:43.111835 3.004813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 15:43:50.119309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:43:58.120869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:44:14.123796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:44:46.129594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:45:10.916147 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 15:45:10.916236 2.993467 tcp 10.0.2.109 51017 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:45:19.908492 0.000000 tcp 10.0.2.109 51017 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:45:25.918522 0.052378 tcp 10.0.2.109 51018 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:45:25.971098 0.052798 tcp 10.0.2.109 51019 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:45:26.024203 0.146820 tcp 10.0.2.109 51020 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:45:26.190395 3.001273 tcp 10.0.2.109 51021 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:45:35.189857 0.000000 tcp 10.0.2.109 51021 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:45:41.189527 0.052375 tcp 10.0.2.109 51022 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:45:41.242192 0.054536 tcp 10.0.2.109 51023 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:45:41.297009 0.149746 tcp 10.0.2.109 51024 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:45:41.513218 3.000486 tcp 10.0.2.109 51025 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:45:50.512567 0.000000 tcp 10.0.2.109 51025 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:45:56.511140 3.004168 tcp 10.0.2.109 51026 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:46:05.513952 0.000000 tcp 10.0.2.109 51026 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:50:50.136650 3.000969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 15:50:57.143214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:51:05.144653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:51:11.514475 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 15:51:11.514552 2.993551 tcp 10.0.2.109 51027 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:51:20.516777 0.000000 tcp 10.0.2.109 51027 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:51:21.148054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:51:26.516992 0.054146 tcp 10.0.2.109 51028 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:51:26.571376 0.051397 tcp 10.0.2.109 51029 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:51:26.623017 0.142870 tcp 10.0.2.109 51030 -> 195.113.214.211 443 SRPA* 0 0 41 23492 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:51:26.806650 2.993672 tcp 10.0.2.109 51031 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:51:35.798914 0.000000 tcp 10.0.2.109 51031 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:51:41.807916 0.052659 tcp 10.0.2.109 51032 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:51:41.860965 0.052735 tcp 10.0.2.109 51033 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:51:41.914089 0.151847 tcp 10.0.2.109 51034 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:51:42.161896 3.000448 tcp 10.0.2.109 51035 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:51:51.160944 0.000000 tcp 10.0.2.109 51035 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:51:53.153780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:51:57.159633 3.004230 tcp 10.0.2.109 51036 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:52:06.162629 0.000000 tcp 10.0.2.109 51036 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:57:12.163151 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 15:57:12.163292 3.003743 tcp 10.0.2.109 51037 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:57:21.165213 0.000000 tcp 10.0.2.109 51037 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:57:27.165732 0.053699 tcp 10.0.2.109 51038 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:57:27.219720 0.053452 tcp 10.0.2.109 51039 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:57:27.273454 0.148824 tcp 10.0.2.109 51040 -> 195.113.214.211 443 SRPA* 0 0 38 21716 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:57:27.439253 2.999362 tcp 10.0.2.109 51041 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:57:36.447657 0.000000 tcp 10.0.2.109 51041 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:57:42.436934 0.052815 tcp 10.0.2.109 51042 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:57:42.489969 0.053984 tcp 10.0.2.109 51043 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:57:42.544286 0.148509 tcp 10.0.2.109 51044 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 15:57:42.703172 2.997520 tcp 10.0.2.109 51045 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:57:51.699354 0.000000 tcp 10.0.2.109 51045 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:57:57.160095 3.001176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 15:57:57.698216 3.003821 tcp 10.0.2.109 51046 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:58:04.167254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:58:06.700631 0.000000 tcp 10.0.2.109 51046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 15:58:12.168652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:58:28.171622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 15:59:00.177547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:05:29.190646 3.000667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 16:05:36.197130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:05:44.198834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:06:00.201560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:06:32.207861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:09:22.503136 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 16:09:22.503280 0.196468 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:22.692683 0.099112 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:22.754685 0.063084 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 5 1760 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:22.806654 0.086844 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:22.866973 0.144845 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.007532 0.112276 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.092778 0.164744 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.251739 0.089939 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.324271 0.113769 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.399780 0.079133 rtp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.461829 0.077426 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.523847 0.176561 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.696923 0.088131 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.767234 0.050692 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.832348 0.034295 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.876881 0.113177 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:23.956017 0.127136 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:24.043770 0.336819 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:24.361334 0.167419 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:24.504475 0.567886 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:25.033063 0.172548 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2650 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:25.214378 0.053342 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:25.269140 0.382598 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:25.631384 0.398001 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:26.028053 0.156181 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:26.185469 0.333437 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:26.520017 0.350568 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:09:27.740623 3.003605 tcp 10.0.2.109 51047 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:09:36.742569 0.000000 tcp 10.0.2.109 51047 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:09:42.743750 0.052655 tcp 10.0.2.109 51048 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:09:42.796671 0.075945 tcp 10.0.2.109 51049 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:09:42.873035 0.146033 tcp 10.0.2.109 51050 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:09:43.034619 3.001312 tcp 10.0.2.109 51051 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:09:52.034750 0.000000 tcp 10.0.2.109 51051 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:09:58.034191 0.051601 tcp 10.0.2.109 51052 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:09:58.086242 0.053344 tcp 10.0.2.109 51053 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:09:58.139874 0.152588 tcp 10.0.2.109 51054 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:09:58.303007 2.995044 tcp 10.0.2.109 51055 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:10:07.306941 0.000000 tcp 10.0.2.109 51055 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:10:13.295911 2.993990 tcp 10.0.2.109 51056 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:10:22.288592 0.000000 tcp 10.0.2.109 51056 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:12:36.213561 3.002047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 16:12:43.221183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:12:51.222647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:13:07.225688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:13:39.231729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:15:28.299178 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 16:15:28.299288 3.003464 tcp 10.0.2.109 51057 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:15:37.301216 0.000000 tcp 10.0.2.109 51057 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:15:43.302003 0.054355 tcp 10.0.2.109 51058 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:15:43.356679 0.054398 tcp 10.0.2.109 51059 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:15:43.411382 0.147169 tcp 10.0.2.109 51060 -> 195.113.214.211 443 SRPA* 0 0 37 30896 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:15:43.571936 3.002247 tcp 10.0.2.109 51061 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:15:52.573103 0.000000 tcp 10.0.2.109 51061 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:15:58.572290 0.052145 tcp 10.0.2.109 51062 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:15:58.624705 0.053628 tcp 10.0.2.109 51063 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:15:58.678612 0.143727 tcp 10.0.2.109 51064 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:15:58.851800 3.004983 tcp 10.0.2.109 51065 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:16:07.855070 0.000000 tcp 10.0.2.109 51065 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:16:13.844013 2.994365 tcp 10.0.2.109 51066 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:16:22.846968 0.000000 tcp 10.0.2.109 51066 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:19:43.237982 3.002858 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 16:19:50.245070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:19:58.246630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:20:14.249624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:20:46.255621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:21:28.847454 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 16:21:28.847595 2.993583 tcp 10.0.2.109 51067 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:21:37.839713 0.000000 tcp 10.0.2.109 51067 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:21:43.850121 0.053086 tcp 10.0.2.109 51068 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:21:43.903482 0.054417 tcp 10.0.2.109 51069 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:21:43.958275 0.144103 tcp 10.0.2.109 51070 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:21:44.131399 3.001748 tcp 10.0.2.109 51071 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:21:53.132014 0.000000 tcp 10.0.2.109 51071 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:21:59.136183 0.053068 tcp 10.0.2.109 51072 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:21:59.189629 0.053630 tcp 10.0.2.109 51073 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:21:59.243619 0.145308 tcp 10.0.2.109 51074 -> 195.113.214.211 443 SRPA* 0 0 48 42022 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:21:59.424764 3.000423 tcp 10.0.2.109 51075 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:22:08.423604 0.000000 tcp 10.0.2.109 51075 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:22:14.412921 3.003843 tcp 10.0.2.109 51076 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:22:23.415375 0.000000 tcp 10.0.2.109 51076 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:26:50.261652 3.001701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 16:26:57.268955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:27:05.271001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:27:21.273454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:27:29.417161 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 16:27:29.417279 2.992223 tcp 10.0.2.109 51077 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:27:38.408012 0.000000 tcp 10.0.2.109 51077 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:27:44.418707 0.052663 tcp 10.0.2.109 51078 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:27:44.471697 0.052714 tcp 10.0.2.109 51079 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:27:44.524669 0.147721 tcp 10.0.2.109 51080 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:27:45.073049 2.998966 tcp 10.0.2.109 51081 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:27:53.279479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:27:54.071010 0.000000 tcp 10.0.2.109 51081 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:28:00.069720 0.052366 tcp 10.0.2.109 51082 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:28:00.122358 0.052897 tcp 10.0.2.109 51083 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:28:00.175610 0.145431 tcp 10.0.2.109 51084 -> 195.113.214.211 443 SRPA* 0 0 36 28232 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:28:00.501118 3.003145 tcp 10.0.2.109 51085 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:28:09.502922 0.000000 tcp 10.0.2.109 51085 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:28:15.501470 3.004170 tcp 10.0.2.109 51086 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:28:24.504333 0.000000 tcp 10.0.2.109 51086 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:33:57.285311 3.001803 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 16:34:04.292931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:34:12.294312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:34:28.297446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:35:00.303581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:39:35.669948 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 16:39:35.670209 0.067677 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:35.719462 0.230684 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:35.923580 0.153262 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:36.072522 0.111251 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:36.129787 0.163406 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:36.287841 0.197324 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:36.477899 0.098080 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:36.541426 0.091750 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:36.614506 0.112792 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:36.767024 0.082518 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:36.830470 0.076603 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:36.902029 0.175288 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:37.074434 0.085797 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:37.139167 0.050670 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:37.189758 0.031900 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:37.253873 0.136754 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:37.356690 0.126132 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:37.445230 0.122894 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:37.528756 0.170635 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:37.700823 0.051282 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:37.786047 0.350048 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:38.117636 0.164501 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:38.259824 0.390100 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:38.631272 0.405785 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:39.035655 0.165471 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:39.291733 0.349636 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:39.659474 0.353277 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/03 16:39:45.543559 2.994140 tcp 10.0.2.109 51087 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:39:54.546423 0.000000 tcp 10.0.2.109 51087 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:40:00.546975 0.053282 tcp 10.0.2.109 51088 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:40:00.600508 0.052562 tcp 10.0.2.109 51089 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:40:00.653363 0.150841 tcp 10.0.2.109 51090 -> 195.113.214.211 443 SRPA* 0 0 68 69850 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:40:00.867792 3.002122 tcp 10.0.2.109 51091 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:40:09.877516 0.000000 tcp 10.0.2.109 51091 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:40:15.867482 0.093078 tcp 10.0.2.109 51092 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:40:15.960935 0.051115 tcp 10.0.2.109 51093 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:40:16.012366 0.152103 tcp 10.0.2.109 51094 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:40:16.266815 3.001089 tcp 10.0.2.109 51095 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:40:25.263061 0.000000 tcp 10.0.2.109 51095 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:40:31.259621 3.003790 tcp 10.0.2.109 51096 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:40:40.268551 0.000000 tcp 10.0.2.109 51096 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:41:04.308911 3.002076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 16:41:11.317002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:41:19.318563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:41:35.321577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:42:07.327399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:45:46.262610 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 16:45:46.262788 3.003861 tcp 10.0.2.109 51097 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:45:55.265174 0.000000 tcp 10.0.2.109 51097 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:46:01.265931 0.053360 tcp 10.0.2.109 51098 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:46:01.319624 0.052250 tcp 10.0.2.109 51099 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:46:01.372193 0.146126 tcp 10.0.2.109 51100 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:46:01.546663 2.991669 tcp 10.0.2.109 51101 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:46:10.547156 0.000000 tcp 10.0.2.109 51101 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:46:16.546125 0.051578 tcp 10.0.2.109 51102 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:46:16.597966 0.051342 tcp 10.0.2.109 51103 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:46:16.649608 0.144230 tcp 10.0.2.109 51104 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:46:16.927571 3.010982 tcp 10.0.2.109 51105 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:46:25.929215 0.000000 tcp 10.0.2.109 51105 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:46:31.933413 2.999688 tcp 10.0.2.109 51106 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:46:40.930659 0.000000 tcp 10.0.2.109 51106 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:48:11.334615 3.000573 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 16:48:18.340855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:48:26.342424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:48:42.345450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:49:14.351218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:51:46.930977 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 16:51:46.931199 3.003969 tcp 10.0.2.109 51107 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:51:55.933822 0.000000 tcp 10.0.2.109 51107 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:52:01.933627 0.052907 tcp 10.0.2.109 51108 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:52:01.986782 0.053270 tcp 10.0.2.109 51109 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:52:02.040383 0.142120 tcp 10.0.2.109 51110 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:52:02.279122 3.008283 tcp 10.0.2.109 51111 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:52:11.285746 0.000000 tcp 10.0.2.109 51111 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:52:17.275333 0.052110 tcp 10.0.2.109 51112 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:52:17.327745 0.052574 tcp 10.0.2.109 51113 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:52:17.380573 0.148343 tcp 10.0.2.109 51114 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:52:17.538645 3.000528 tcp 10.0.2.109 51115 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:52:26.537680 0.000000 tcp 10.0.2.109 51115 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:52:32.536316 2.994375 tcp 10.0.2.109 51116 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:52:41.529174 0.000000 tcp 10.0.2.109 51116 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:55:44.365284 3.002019 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 16:55:51.372489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:55:59.373742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:56:15.376801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:56:47.382700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 16:57:47.539934 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 16:57:47.540090 3.003051 tcp 10.0.2.109 51117 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:57:56.542384 0.000000 tcp 10.0.2.109 51117 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:58:02.542798 0.052601 tcp 10.0.2.109 51118 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:58:02.595645 0.053413 tcp 10.0.2.109 51119 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:58:02.649327 0.142632 tcp 10.0.2.109 51120 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:58:02.801042 2.994438 tcp 10.0.2.109 51121 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:58:11.793670 0.000000 tcp 10.0.2.109 51121 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:58:17.803429 0.052882 tcp 10.0.2.109 51122 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:58:17.856582 0.052091 tcp 10.0.2.109 51123 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:58:17.908930 0.144858 tcp 10.0.2.109 51124 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 16:58:18.065801 3.001858 tcp 10.0.2.109 51125 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:58:27.076131 0.000000 tcp 10.0.2.109 51125 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:58:33.065145 2.993826 tcp 10.0.2.109 51126 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 16:58:42.057552 0.000000 tcp 10.0.2.109 51126 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:02:51.388795 3.002331 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 17:02:58.395984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:03:06.397672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:03:22.400659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:03:54.406710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:09:58.413807 3.000501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 17:10:05.420212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:10:09.125856 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 17:10:09.126220 0.068724 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2682 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:09.176190 0.087217 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:09.238046 0.147873 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 1961 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:09.378601 0.113440 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:09.437849 0.167410 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:09.596284 0.204247 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:09.793389 0.101319 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:09.858952 0.091141 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:09.930954 0.113080 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.005700 0.080751 udp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.069215 0.077827 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.131577 0.179803 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.307694 0.088204 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.379001 0.050537 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.439049 0.031997 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.482353 0.114229 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.563256 0.130503 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.653506 0.117657 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.733735 0.175628 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:10.936425 0.053718 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:11.004830 0.390489 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:11.379167 0.349512 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:11.711576 0.164515 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:11.853770 0.350700 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:12.212680 0.386078 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:12.597582 0.155823 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:12.754758 0.354241 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:10:13.421777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:10:18.108825 3.003848 tcp 10.0.2.109 51127 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:10:27.111323 0.000000 tcp 10.0.2.109 51127 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:10:29.424957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:10:33.111594 0.053725 tcp 10.0.2.109 51128 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:10:33.165650 0.053712 tcp 10.0.2.109 51129 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:10:33.219733 0.145058 tcp 10.0.2.109 51130 -> 195.113.214.211 443 SRPA* 0 0 42 35858 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:10:33.376181 2.998567 tcp 10.0.2.109 51131 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:10:42.373290 0.000000 tcp 10.0.2.109 51131 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:10:48.372528 0.051704 tcp 10.0.2.109 51132 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:10:48.424500 0.052147 tcp 10.0.2.109 51133 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:10:48.476983 0.148326 tcp 10.0.2.109 51134 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:10:48.639803 3.006412 tcp 10.0.2.109 51135 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:10:57.645322 0.000000 tcp 10.0.2.109 51135 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:11:01.430871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:11:03.633839 2.994330 tcp 10.0.2.109 51136 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:11:12.636956 0.000000 tcp 10.0.2.109 51136 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:16:18.637234 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 17:16:18.637342 3.003664 tcp 10.0.2.109 51137 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:16:27.639619 0.000000 tcp 10.0.2.109 51137 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:16:33.640412 0.054781 tcp 10.0.2.109 51138 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:16:33.695460 0.052714 tcp 10.0.2.109 51139 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:16:33.748442 0.148105 tcp 10.0.2.109 51140 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:16:33.946617 2.996577 tcp 10.0.2.109 51141 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:16:42.941608 0.000000 tcp 10.0.2.109 51141 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:16:48.941487 0.052908 tcp 10.0.2.109 51142 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:16:48.994705 0.053263 tcp 10.0.2.109 51143 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:16:49.048250 0.151608 tcp 10.0.2.109 51144 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:16:49.293043 3.002034 tcp 10.0.2.109 51145 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:16:58.293699 0.000000 tcp 10.0.2.109 51145 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:17:04.299762 3.001635 tcp 10.0.2.109 51146 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:17:05.438819 3.004465 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 17:17:12.444021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:17:13.295496 0.000000 tcp 10.0.2.109 51146 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:17:20.445806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:17:36.448755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:18:08.454798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:22:19.295908 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 17:22:19.296127 2.993772 tcp 10.0.2.109 51147 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:22:28.288578 0.000000 tcp 10.0.2.109 51147 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:22:34.299756 0.053944 tcp 10.0.2.109 51148 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:22:34.353999 0.052556 tcp 10.0.2.109 51149 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:22:34.406823 0.144249 tcp 10.0.2.109 51150 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:22:34.680090 3.001739 tcp 10.0.2.109 51151 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:22:43.680543 0.000000 tcp 10.0.2.109 51151 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:22:49.679614 0.052590 tcp 10.0.2.109 51152 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:22:49.732492 0.054851 tcp 10.0.2.109 51153 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:22:49.787638 0.179205 tcp 10.0.2.109 51154 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:22:50.049043 3.007644 tcp 10.0.2.109 51155 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:22:59.052644 0.000000 tcp 10.0.2.109 51155 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:23:05.041174 3.004237 tcp 10.0.2.109 51156 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:23:14.047691 0.000000 tcp 10.0.2.109 51156 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:24:12.460804 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 17:24:19.468142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:24:27.469578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:24:43.472571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:25:15.482536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:28:20.044531 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 17:28:20.044727 2.993515 tcp 10.0.2.109 51157 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:28:29.046903 0.000000 tcp 10.0.2.109 51157 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:28:35.047923 0.054461 tcp 10.0.2.109 51158 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:28:35.102734 0.052534 tcp 10.0.2.109 51159 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:28:35.155518 0.141790 tcp 10.0.2.109 51160 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:28:35.366815 2.993320 tcp 10.0.2.109 51161 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:28:44.358972 0.000000 tcp 10.0.2.109 51161 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:28:50.369395 0.052528 tcp 10.0.2.109 51162 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:28:50.422228 0.053460 tcp 10.0.2.109 51163 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:28:50.476008 0.147230 tcp 10.0.2.109 51164 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:28:50.634376 2.997243 tcp 10.0.2.109 51165 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:28:59.630736 0.000000 tcp 10.0.2.109 51165 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:29:05.629805 3.004077 tcp 10.0.2.109 51166 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:29:14.632397 0.000000 tcp 10.0.2.109 51166 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:31:19.485113 3.001396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 17:31:26.492459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:31:34.493499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:31:50.496366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:32:22.502756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:38:26.510835 2.999572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 17:38:33.516768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:38:41.519274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:38:57.521063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:39:29.526519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:40:34.384933 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 17:40:34.385045 0.155313 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:34.531745 0.113823 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:34.762361 0.067654 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:34.997484 0.085662 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:35.059606 0.166039 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:35.218386 0.189502 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:35.400122 0.099531 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:35.467199 0.088859 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:35.576880 0.000000 udp 10.0.2.109 3683 -> 81.149.180.182 1629 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 17:40:35.677961 3.004554 tcp 10.0.2.109 51167 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:40:44.674327 0.000000 tcp 10.0.2.109 51167 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:40:50.674991 0.054612 tcp 10.0.2.109 51168 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:40:50.729940 0.054316 tcp 10.0.2.109 51169 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:40:50.753612 0.053150 tcp 10.0.2.109 51170 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:40:50.784670 0.154788 tcp 10.0.2.109 51171 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:40:50.807103 0.053309 tcp 10.0.2.109 51172 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:40:50.860749 0.256650 tcp 10.0.2.109 51173 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:40:51.049201 3.008275 tcp 10.0.2.109 51174 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:40:51.118029 0.077558 rtp 10.0.2.109 3683 <-> 217.36.228.124 7403 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:51.179871 0.076511 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:51.303618 0.212915 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:51.513623 0.087319 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:51.580066 0.051511 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:51.713649 0.031917 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:51.757591 0.124160 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:51.848696 0.124588 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:52.030782 0.114294 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:52.108425 0.169473 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:52.396026 0.052692 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:52.523254 0.449831 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:52.948769 0.334140 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:53.292944 0.309614 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:53.601461 0.154903 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:53.791179 0.168579 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:53.937919 0.343978 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:40:54.372999 0.355027 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/03 17:41:00.056940 0.000000 tcp 10.0.2.109 51174 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:41:06.046125 0.041258 tcp 10.0.2.109 51175 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:41:06.087567 0.053769 tcp 10.0.2.109 51176 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:41:06.141631 0.124793 tcp 10.0.2.109 51177 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:41:06.579844 3.006924 tcp 10.0.2.109 51178 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:41:15.578932 0.000000 tcp 10.0.2.109 51178 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:41:21.577984 3.003827 tcp 10.0.2.109 51179 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:41:30.580580 0.000000 tcp 10.0.2.109 51179 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:45:33.535834 2.998511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 17:45:40.539800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:45:48.541353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:46:04.544428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:46:36.550654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:46:36.581220 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 17:46:36.581321 3.003186 tcp 10.0.2.109 51180 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:46:45.583273 0.000000 tcp 10.0.2.109 51180 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:46:51.586375 0.053932 tcp 10.0.2.109 51181 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:46:51.640606 0.054868 tcp 10.0.2.109 51182 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:46:51.695784 0.146098 tcp 10.0.2.109 51183 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:46:52.120260 3.000502 tcp 10.0.2.109 51184 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:47:01.122341 0.000000 tcp 10.0.2.109 51184 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:47:07.104641 0.053379 tcp 10.0.2.109 51185 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:47:07.158507 0.052525 tcp 10.0.2.109 51186 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:47:07.211327 0.127485 tcp 10.0.2.109 51187 -> 195.113.214.211 443 SRPA* 0 0 38 30106 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:47:07.375540 2.993751 tcp 10.0.2.109 51188 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:47:16.377902 0.000000 tcp 10.0.2.109 51188 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:47:22.376802 2.993802 tcp 10.0.2.109 51189 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:47:31.369604 0.000000 tcp 10.0.2.109 51189 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:52:37.379692 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 17:52:37.379798 3.003740 tcp 10.0.2.109 51190 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:52:46.382523 0.000000 tcp 10.0.2.109 51190 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:52:52.383560 0.054387 tcp 10.0.2.109 51191 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:52:52.438224 0.053133 tcp 10.0.2.109 51192 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:52:52.491649 0.148710 tcp 10.0.2.109 51193 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:52:52.656619 2.998876 tcp 10.0.2.109 51194 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:53:01.654227 0.000000 tcp 10.0.2.109 51194 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:53:07.653674 0.053401 tcp 10.0.2.109 51195 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:53:07.707351 0.051776 tcp 10.0.2.109 51196 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:53:07.759416 0.147773 tcp 10.0.2.109 51197 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:53:07.920245 3.007343 tcp 10.0.2.109 51198 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:53:16.936432 0.000000 tcp 10.0.2.109 51198 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:53:22.915188 2.993733 tcp 10.0.2.109 51199 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:53:31.917600 0.000000 tcp 10.0.2.109 51199 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:54:26.558881 3.001960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 17:54:33.566449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:54:41.567876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:54:57.570835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:55:29.576698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 17:58:37.918442 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 17:58:37.918593 3.003319 tcp 10.0.2.109 51200 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:58:46.920721 0.000000 tcp 10.0.2.109 51200 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:58:52.920942 0.052730 tcp 10.0.2.109 51201 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:58:52.973944 0.054117 tcp 10.0.2.109 51202 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:58:53.028307 0.142515 tcp 10.0.2.109 51203 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:58:53.181291 3.002733 tcp 10.0.2.109 51204 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:59:02.182693 0.000000 tcp 10.0.2.109 51204 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:59:08.171964 0.052995 tcp 10.0.2.109 51205 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:59:08.225245 0.053543 tcp 10.0.2.109 51206 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:59:08.279081 0.124755 tcp 10.0.2.109 51207 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 17:59:08.418714 3.007272 tcp 10.0.2.109 51208 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:59:17.424724 0.000000 tcp 10.0.2.109 51208 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:59:23.413480 3.004041 tcp 10.0.2.109 51209 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 17:59:32.426074 0.000000 tcp 10.0.2.109 51209 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:01:55.594746 3.001439 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 18:02:02.601849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:02:10.603220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:02:26.606441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:02:58.612459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:04:38.416460 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 18:04:38.416560 2.994153 tcp 10.0.2.109 51210 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:04:47.408837 0.000000 tcp 10.0.2.109 51210 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:04:53.419562 0.052703 tcp 10.0.2.109 51211 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:04:53.472593 0.053682 tcp 10.0.2.109 51212 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:04:53.526536 0.142604 tcp 10.0.2.109 51213 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:04:53.679578 3.003086 tcp 10.0.2.109 51214 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:05:02.680246 0.000000 tcp 10.0.2.109 51214 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:09:07.627044 3.000277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 18:09:14.633228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:09:22.634033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:09:38.637681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:10:10.643584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:11:01.477175 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 18:11:01.477368 0.114603 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:01.551919 0.147795 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:01.695650 0.116519 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:01.754350 0.067290 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:01.816989 0.197321 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:02.007521 0.097707 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:02.071149 0.088100 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:02.143250 0.163122 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:02.366757 0.087200 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:02.427772 0.000000 udp 10.0.2.109 3683 -> 217.36.228.124 7403 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 18:11:08.687726 3.003749 tcp 10.0.2.109 51215 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:11:17.690057 0.000000 tcp 10.0.2.109 51215 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:11:19.424786 0.055628 tcp 10.0.2.109 51216 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:11:19.480680 0.052991 tcp 10.0.2.109 51217 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:11:19.534059 0.153094 tcp 10.0.2.109 51218 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:11:19.687763 0.079119 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:19.751413 0.242643 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:19.990289 0.087445 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:20.101910 0.050844 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:20.242008 0.031752 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:20.272433 0.112818 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:20.353532 0.167378 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:20.554236 0.052350 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:20.622748 0.380811 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:20.986563 0.128174 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:21.098808 0.121116 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:21.179813 0.349232 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:21.510629 0.313023 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:21.822287 0.158152 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:21.998952 0.168777 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:22.145795 0.345013 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:22.503045 0.350764 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:11:23.689056 0.053381 tcp 10.0.2.109 51219 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:11:23.742804 0.054567 tcp 10.0.2.109 51220 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:11:23.797659 0.142052 tcp 10.0.2.109 51221 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:11:24.008329 3.005063 tcp 10.0.2.109 51222 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:11:33.012138 0.000000 tcp 10.0.2.109 51222 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:11:39.001221 0.051130 tcp 10.0.2.109 51223 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:11:39.052642 0.053932 tcp 10.0.2.109 51224 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:11:39.106862 0.124125 tcp 10.0.2.109 51225 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:11:39.275008 3.000318 tcp 10.0.2.109 51226 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:11:48.274073 0.000000 tcp 10.0.2.109 51226 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:11:54.272920 3.004257 tcp 10.0.2.109 51227 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:12:03.275693 0.000000 tcp 10.0.2.109 51227 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:16:19.657389 3.001450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 18:16:26.664484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:16:34.669462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:16:50.677769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:17:09.276175 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 18:17:09.276371 2.996412 tcp 10.0.2.109 51228 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:17:18.268140 0.000000 tcp 10.0.2.109 51228 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:17:22.675049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:17:24.279045 0.053581 tcp 10.0.2.109 51229 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:17:24.332902 0.051883 tcp 10.0.2.109 51230 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:17:24.385087 0.145313 tcp 10.0.2.109 51231 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:17:24.563780 2.998032 tcp 10.0.2.109 51232 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:17:33.560371 0.000000 tcp 10.0.2.109 51232 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:17:39.559985 0.053557 tcp 10.0.2.109 51233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:17:39.613820 0.052829 tcp 10.0.2.109 51234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:17:39.667000 0.144253 tcp 10.0.2.109 51235 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:17:39.936779 2.997014 tcp 10.0.2.109 51236 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:17:48.932489 0.000000 tcp 10.0.2.109 51236 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:17:54.931382 3.004135 tcp 10.0.2.109 51237 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:18:03.934055 0.000000 tcp 10.0.2.109 51237 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:23:09.934561 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 18:23:09.934664 2.993818 tcp 10.0.2.109 51238 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:23:18.939037 0.000000 tcp 10.0.2.109 51238 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:23:24.937482 0.053402 tcp 10.0.2.109 51239 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:23:24.991170 0.053269 tcp 10.0.2.109 51240 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:23:25.044697 0.144397 tcp 10.0.2.109 51241 -> 195.113.214.211 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:23:25.358527 3.002307 tcp 10.0.2.109 51242 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:23:29.685342 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 18:23:34.359253 0.000000 tcp 10.0.2.109 51242 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:23:36.695301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:23:40.358562 0.053336 tcp 10.0.2.109 51243 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:23:40.412154 0.053504 tcp 10.0.2.109 51244 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:23:40.465909 0.145612 tcp 10.0.2.109 51245 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:23:40.736106 2.996673 tcp 10.0.2.109 51246 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:23:44.694037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:23:49.730678 0.000000 tcp 10.0.2.109 51246 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:23:55.729989 3.004471 tcp 10.0.2.109 51247 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:24:00.697183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:24:04.732730 0.000000 tcp 10.0.2.109 51247 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:24:32.703133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:29:10.733476 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 18:29:10.733583 3.003734 tcp 10.0.2.109 51248 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:29:19.746521 0.000000 tcp 10.0.2.109 51248 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:29:25.736475 0.052879 tcp 10.0.2.109 51249 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:29:25.789627 0.053519 tcp 10.0.2.109 51250 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:29:25.843446 0.137291 tcp 10.0.2.109 51251 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:29:26.310898 2.998557 tcp 10.0.2.109 51252 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:29:35.308337 0.000000 tcp 10.0.2.109 51252 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:29:41.307489 0.052748 tcp 10.0.2.109 51253 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:29:41.360598 0.053149 tcp 10.0.2.109 51254 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:29:41.414048 0.144697 tcp 10.0.2.109 51255 -> 195.113.214.211 443 SRPA* 0 0 42 35858 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:29:41.709426 3.002178 tcp 10.0.2.109 51256 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:29:50.710782 0.000000 tcp 10.0.2.109 51256 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:29:56.709115 3.004070 tcp 10.0.2.109 51257 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:30:05.712130 0.000000 tcp 10.0.2.109 51257 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:30:36.710313 3.000351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 18:30:43.716354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:30:51.718014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:31:07.721181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:31:39.727192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:37:43.743845 3.001187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 18:37:50.750728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:37:58.751965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:38:14.758597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:38:46.761154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:41:31.357811 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 18:41:31.357903 0.000000 udp 10.0.2.109 3683 -> 217.36.228.124 7403 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 18:41:47.893349 0.053199 tcp 10.0.2.109 51258 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:41:47.946785 0.053843 tcp 10.0.2.109 51259 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:41:48.000896 0.145630 tcp 10.0.2.109 51260 -> 195.113.214.211 443 SRPA* 0 0 32 22198 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:41:48.147873 0.154258 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:48.294323 0.116642 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:48.471555 0.066501 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:48.520415 0.194186 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:48.707504 0.093720 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:48.770454 0.111494 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:48.844842 0.164486 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.002876 0.090121 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.075333 0.085717 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.161643 0.078888 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.225323 0.173836 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.396476 0.089980 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.465915 0.051454 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.537358 0.034386 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.628686 0.109603 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.707406 0.168704 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:49.942634 0.051885 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2568 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:50.042689 0.391446 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:50.414852 0.126871 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:50.501164 0.281281 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:50.744071 0.379900 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:51.106507 0.309779 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:51.414635 0.337797 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:51.770811 0.350661 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:52.138192 0.158424 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:52.310758 0.164607 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/03 18:41:56.755006 2.993162 tcp 10.0.2.109 51261 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:42:05.757242 0.000000 tcp 10.0.2.109 51261 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:42:11.756270 0.030341 tcp 10.0.2.109 51262 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:42:11.786864 0.031828 tcp 10.0.2.109 51263 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:42:11.818962 0.150735 tcp 10.0.2.109 51264 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:42:12.171979 2.998893 tcp 10.0.2.109 51265 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:42:21.169392 0.000000 tcp 10.0.2.109 51265 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:42:27.168377 0.052273 tcp 10.0.2.109 51266 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:42:27.220983 0.032880 tcp 10.0.2.109 51267 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:42:27.254230 0.147372 tcp 10.0.2.109 51268 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:42:27.732290 3.000988 tcp 10.0.2.109 51269 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:42:36.731694 0.000000 tcp 10.0.2.109 51269 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:42:42.730793 3.003297 tcp 10.0.2.109 51270 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:42:51.733158 0.000000 tcp 10.0.2.109 51270 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:44:50.768792 2.999822 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 18:44:57.776418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:45:05.776187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:45:21.778866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:45:53.784430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:47:57.734037 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 18:47:57.734191 2.993387 tcp 10.0.2.109 51271 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:48:06.736329 0.000000 tcp 10.0.2.109 51271 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:48:12.736200 0.031435 tcp 10.0.2.109 51272 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:48:12.767880 0.031413 tcp 10.0.2.109 51273 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:48:12.799547 0.129337 tcp 10.0.2.109 51274 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:48:12.944100 2.995147 tcp 10.0.2.109 51275 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:48:21.937682 0.000000 tcp 10.0.2.109 51275 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:48:27.937385 0.051852 tcp 10.0.2.109 51276 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:48:27.989560 0.031569 tcp 10.0.2.109 51277 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:48:28.021404 0.123866 tcp 10.0.2.109 51278 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:48:28.173784 2.998166 tcp 10.0.2.109 51279 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:48:37.170024 0.000000 tcp 10.0.2.109 51279 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:48:43.168948 3.003931 tcp 10.0.2.109 51280 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:48:52.171541 0.000000 tcp 10.0.2.109 51280 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:53:58.172157 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 18:53:58.172386 3.003565 tcp 10.0.2.109 51281 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:54:05.794591 3.001769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 18:54:07.174956 0.000000 tcp 10.0.2.109 51281 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:54:12.802221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:54:13.174884 0.031413 tcp 10.0.2.109 51282 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:54:13.206600 0.031239 tcp 10.0.2.109 51283 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:54:13.238154 0.146170 tcp 10.0.2.109 51284 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:54:13.400724 2.996880 tcp 10.0.2.109 51285 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:54:20.804325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:54:22.406691 0.000000 tcp 10.0.2.109 51285 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:54:28.397327 0.053303 tcp 10.0.2.109 51286 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:54:28.450894 0.054226 tcp 10.0.2.109 51287 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:54:28.505433 0.145577 tcp 10.0.2.109 51288 -> 195.113.214.211 443 SRPA* 0 0 20 11286 flow=From-Botnet-V1-TCP-Established 1970/02/03 18:54:28.830831 2.998707 tcp 10.0.2.109 51289 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:54:36.806658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:54:37.828663 0.000000 tcp 10.0.2.109 51289 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:54:43.827222 2.993920 tcp 10.0.2.109 51290 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:54:52.820256 0.000000 tcp 10.0.2.109 51290 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 18:55:08.813116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 18:59:58.830873 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 18:59:58.831022 3.004807 tcp 10.0.2.109 51291 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:00:07.832933 0.000000 tcp 10.0.2.109 51291 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:00:13.839920 0.041501 tcp 10.0.2.109 51292 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:00:13.881729 0.031361 tcp 10.0.2.109 51293 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:00:13.913459 0.127583 tcp 10.0.2.109 51294 -> 195.113.214.211 443 SRPA* 0 0 35 19216 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:00:14.295769 3.000569 tcp 10.0.2.109 51295 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:00:23.295210 0.000000 tcp 10.0.2.109 51295 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:00:29.284371 0.052941 tcp 10.0.2.109 51296 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:00:29.337624 0.052775 tcp 10.0.2.109 51297 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:00:29.390684 0.150614 tcp 10.0.2.109 51298 -> 195.113.214.211 443 SRPA* 0 0 32 17636 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:00:29.869622 2.999275 tcp 10.0.2.109 51299 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:00:38.867376 0.000000 tcp 10.0.2.109 51299 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:00:44.866069 2.997397 tcp 10.0.2.109 51300 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:00:53.859011 0.000000 tcp 10.0.2.109 51300 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:01:17.828042 2.999738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 19:01:24.918287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:01:32.854241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:01:48.848350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:02:20.854126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:08:41.865507 3.000793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 19:08:48.872339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:08:56.873813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:09:12.876809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:09:44.882712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:12:14.928948 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 19:12:14.929073 0.066202 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1981 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:14.978616 0.192064 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:15.163370 0.096751 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:15.228436 0.110422 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:15.303326 0.146915 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:15.452135 0.111118 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:15.507726 0.165060 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:15.667652 0.093919 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:15.744678 0.092795 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:15.808381 0.080381 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:15.889595 0.210905 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:16.086672 0.087651 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:16.157458 0.051140 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:16.264241 0.032036 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:16.296773 0.115644 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:16.377918 0.170118 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:16.570729 0.126768 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2017 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:16.659243 0.340684 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:16.961746 0.052611 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:17.074706 0.394889 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:17.451594 0.374841 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:17.892949 0.309467 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:18.200853 0.346272 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:18.582012 0.163782 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:18.724762 0.353010 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:19.073647 0.154442 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:12:29.910406 3.003711 tcp 10.0.2.109 51301 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:12:38.912739 0.000000 tcp 10.0.2.109 51301 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:12:44.913277 0.031295 tcp 10.0.2.109 51302 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:12:44.945022 0.053448 tcp 10.0.2.109 51303 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:12:44.998879 0.145659 tcp 10.0.2.109 51304 -> 195.113.214.211 443 SRPA* 0 0 20 11286 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:12:45.154610 3.001233 tcp 10.0.2.109 51305 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:12:54.154862 0.000000 tcp 10.0.2.109 51305 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:13:00.153986 0.030542 tcp 10.0.2.109 51306 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:13:00.184855 0.030954 tcp 10.0.2.109 51307 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:13:00.216073 0.125790 tcp 10.0.2.109 51308 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:13:00.532682 2.995884 tcp 10.0.2.109 51309 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:13:09.536904 0.000000 tcp 10.0.2.109 51309 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:13:15.525608 2.994129 tcp 10.0.2.109 51310 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:13:24.518465 0.000000 tcp 10.0.2.109 51310 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:15:48.889265 3.001369 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 19:15:55.895749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:16:03.897958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:16:19.903103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:16:51.905971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:18:30.528955 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 19:18:30.529052 3.003748 tcp 10.0.2.109 51311 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:18:39.531354 0.000000 tcp 10.0.2.109 51311 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:18:45.532486 0.053973 tcp 10.0.2.109 51312 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:18:45.586746 0.052189 tcp 10.0.2.109 51313 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:18:45.639298 0.196732 tcp 10.0.2.109 51314 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:18:46.037058 3.006184 tcp 10.0.2.109 51315 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:18:55.036355 0.000000 tcp 10.0.2.109 51315 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:19:01.032800 0.052854 tcp 10.0.2.109 51316 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:19:01.085971 0.053988 tcp 10.0.2.109 51317 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:19:01.140290 0.123712 tcp 10.0.2.109 51318 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:19:01.320487 3.010082 tcp 10.0.2.109 51319 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:19:10.325661 0.000000 tcp 10.0.2.109 51319 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:19:16.314623 2.994016 tcp 10.0.2.109 51320 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:19:25.317223 0.000000 tcp 10.0.2.109 51320 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:22:55.913313 3.000968 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 19:23:02.919834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:23:10.921500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:23:26.924643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:23:58.930071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:24:31.318844 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 19:24:31.318948 3.002539 tcp 10.0.2.109 51321 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:24:40.320015 0.000000 tcp 10.0.2.109 51321 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:24:46.321022 0.031197 tcp 10.0.2.109 51322 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:24:46.352499 0.052865 tcp 10.0.2.109 51323 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:24:46.405668 0.123260 tcp 10.0.2.109 51324 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:24:46.583727 2.999405 tcp 10.0.2.109 51325 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:24:55.581882 0.000000 tcp 10.0.2.109 51325 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:25:01.581393 0.030721 tcp 10.0.2.109 51326 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:25:01.612415 0.032726 tcp 10.0.2.109 51327 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:25:01.645442 0.123742 tcp 10.0.2.109 51328 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:25:02.034556 3.002099 tcp 10.0.2.109 51329 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:25:11.037828 0.000000 tcp 10.0.2.109 51329 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:25:17.035977 3.003529 tcp 10.0.2.109 51330 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:25:26.035654 0.000000 tcp 10.0.2.109 51330 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:30:02.936368 3.001904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 19:30:09.944281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:30:17.945594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:30:32.036057 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 19:30:32.036158 2.993679 tcp 10.0.2.109 51331 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:30:33.948500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:30:41.028516 0.000000 tcp 10.0.2.109 51331 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:30:47.038984 0.031769 tcp 10.0.2.109 51332 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:30:47.071068 0.030619 tcp 10.0.2.109 51333 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:30:47.101948 0.126452 tcp 10.0.2.109 51334 -> 195.113.214.211 443 SRPA* 0 0 33 19090 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:30:47.238829 3.002952 tcp 10.0.2.109 51335 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:30:56.248861 0.000000 tcp 10.0.2.109 51335 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:31:02.239659 0.029954 tcp 10.0.2.109 51336 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:31:02.270013 0.030820 tcp 10.0.2.109 51337 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:31:02.301134 0.124889 tcp 10.0.2.109 51338 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:31:02.656278 2.997817 tcp 10.0.2.109 51339 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:31:05.954184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:31:11.652924 0.000000 tcp 10.0.2.109 51339 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:31:17.653274 3.003531 tcp 10.0.2.109 51340 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:31:26.654418 0.000000 tcp 10.0.2.109 51340 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:37:09.960990 3.001698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 19:37:16.968402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:37:24.969306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:37:40.972502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:38:12.978679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:42:43.497692 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 19:42:43.497956 0.097493 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:43.561621 0.114132 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:43.635369 0.065648 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:43.684711 0.197157 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:43.873337 0.151385 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.020415 0.108304 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.078733 0.163646 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.236737 0.090039 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.310708 0.088272 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.420116 0.077276 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.482293 0.182456 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.661643 0.088050 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.732369 0.050659 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.804319 0.032302 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.835453 0.132246 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:44.924698 0.164605 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:45.053609 0.052602 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:45.154740 0.108174 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 1987 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:45.231921 0.174225 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:45.415180 0.384130 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:45.781732 0.342928 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:46.203915 0.309449 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:46.512102 0.349205 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:46.857380 0.153668 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:47.023993 0.402695 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:47.452435 0.166618 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/03 19:42:47.695062 2.992402 tcp 10.0.2.109 51341 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:42:56.696355 0.000000 tcp 10.0.2.109 51341 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:43:02.696728 0.031429 tcp 10.0.2.109 51342 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:43:02.728465 0.054309 tcp 10.0.2.109 51343 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:43:02.783085 0.124802 tcp 10.0.2.109 51344 -> 195.113.214.211 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:43:02.923915 2.995785 tcp 10.0.2.109 51345 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:43:11.919636 0.000000 tcp 10.0.2.109 51345 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:43:17.917857 0.030763 tcp 10.0.2.109 51346 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:43:17.948908 0.031566 tcp 10.0.2.109 51347 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:43:17.980742 0.133926 tcp 10.0.2.109 51348 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:43:18.145838 2.995988 tcp 10.0.2.109 51349 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:43:27.144580 0.000000 tcp 10.0.2.109 51349 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:43:33.139073 3.004020 tcp 10.0.2.109 51350 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:43:42.144393 0.000000 tcp 10.0.2.109 51350 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:44:16.985270 3.000524 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 19:44:23.991731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:44:31.993635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:44:47.996606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:45:20.002641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:48:48.142405 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 19:48:48.142495 3.006426 tcp 10.0.2.109 51351 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:48:57.144428 0.000000 tcp 10.0.2.109 51351 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:49:03.145546 0.032523 tcp 10.0.2.109 51352 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:49:03.178387 0.053047 tcp 10.0.2.109 51353 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:49:03.231727 0.149945 tcp 10.0.2.109 51354 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:49:03.409056 3.009490 tcp 10.0.2.109 51355 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:49:12.426602 0.000000 tcp 10.0.2.109 51355 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:49:18.405946 0.031367 tcp 10.0.2.109 51356 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:49:18.437644 0.053375 tcp 10.0.2.109 51357 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:49:18.491390 0.124103 tcp 10.0.2.109 51358 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:49:18.715795 2.994399 tcp 10.0.2.109 51359 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:49:27.708572 0.000000 tcp 10.0.2.109 51359 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:49:33.707161 3.004290 tcp 10.0.2.109 51360 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:49:42.710477 0.000000 tcp 10.0.2.109 51360 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:53:43.017914 3.002132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 19:53:50.025711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:53:58.027431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:54:14.030541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:54:46.036110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 19:54:48.710982 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 19:54:48.711126 3.002756 tcp 10.0.2.109 51361 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:54:57.713111 0.000000 tcp 10.0.2.109 51361 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:55:03.713957 0.031652 tcp 10.0.2.109 51362 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:55:03.745878 0.032554 tcp 10.0.2.109 51363 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:55:03.778714 0.127146 tcp 10.0.2.109 51364 -> 195.113.214.211 443 SRPA* 0 0 42 33214 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:55:03.927615 3.008666 tcp 10.0.2.109 51365 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:55:12.939696 0.000000 tcp 10.0.2.109 51365 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:55:18.927315 0.030366 tcp 10.0.2.109 51366 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:55:18.957933 0.030873 tcp 10.0.2.109 51367 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:55:18.989082 0.125643 tcp 10.0.2.109 51368 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 19:55:19.130804 2.987679 tcp 10.0.2.109 51369 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:55:28.126860 0.000000 tcp 10.0.2.109 51369 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:55:34.125415 2.994398 tcp 10.0.2.109 51370 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 19:55:43.118867 0.000000 tcp 10.0.2.109 51370 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:00:49.132352 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 20:00:49.132497 3.000088 tcp 10.0.2.109 51371 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:00:50.043967 3.000661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 20:00:57.049807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:00:58.131189 0.000000 tcp 10.0.2.109 51371 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:01:04.131877 0.030935 tcp 10.0.2.109 51372 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:01:04.163080 0.030872 tcp 10.0.2.109 51373 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:01:04.194345 0.125010 tcp 10.0.2.109 51374 -> 195.113.214.211 443 SRPA* 0 0 39 19878 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:01:04.368872 3.005650 tcp 10.0.2.109 51375 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:01:05.051556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:01:13.373346 0.000000 tcp 10.0.2.109 51375 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:01:19.363372 0.030985 tcp 10.0.2.109 51376 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:01:19.394670 0.030938 tcp 10.0.2.109 51377 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:01:19.425980 0.124233 tcp 10.0.2.109 51378 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:01:19.563719 3.003572 tcp 10.0.2.109 51379 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:01:21.054427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:01:28.564781 0.000000 tcp 10.0.2.109 51379 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:01:34.566611 2.991169 tcp 10.0.2.109 51380 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:01:43.566268 0.000000 tcp 10.0.2.109 51380 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:01:53.060139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:08:08.072095 3.001630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 20:08:15.079533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:08:23.081045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:08:39.084198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:09:11.090114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:12:58.897883 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 20:12:58.898005 0.066435 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:12:58.946754 0.189567 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:12:59.128776 0.099612 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:12:59.195343 0.109815 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:12:59.267940 0.146686 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:12:59.668112 0.111678 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:12:59.726977 0.164090 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:12:59.885633 0.089884 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:12:59.957889 0.083976 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:00.083791 0.080484 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:00.149412 0.172265 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:00.317528 0.089963 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:00.388747 0.050463 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:00.505559 0.034232 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:00.538783 0.128762 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:00.631820 0.111353 rtp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:00.712524 0.166893 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:00.880551 0.386090 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:01.246514 0.123751 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:01.398291 0.052520 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:01.536054 0.348647 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:01.863347 0.309068 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:02.188703 0.350413 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:02.535487 0.166082 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:02.678056 0.158312 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:02.837491 0.348246 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:13:04.606320 2.994014 tcp 10.0.2.109 51381 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:13:13.598538 0.000000 tcp 10.0.2.109 51381 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:13:19.609071 0.031582 tcp 10.0.2.109 51382 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:13:19.640998 0.030624 tcp 10.0.2.109 51383 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:13:19.671904 0.126471 tcp 10.0.2.109 51384 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:13:19.888152 3.003550 tcp 10.0.2.109 51385 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:13:28.890832 0.000000 tcp 10.0.2.109 51385 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:13:34.890295 0.031157 tcp 10.0.2.109 51386 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:13:34.921791 0.031281 tcp 10.0.2.109 51387 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:13:34.953382 0.147144 tcp 10.0.2.109 51388 -> 195.113.214.211 443 SRPA* 0 0 49 30828 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:13:35.171151 3.003392 tcp 10.0.2.109 51389 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:13:44.172721 0.000000 tcp 10.0.2.109 51389 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:13:50.171455 3.004010 tcp 10.0.2.109 51390 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:13:59.173996 0.000000 tcp 10.0.2.109 51390 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:15:15.096178 3.001910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 20:15:22.103728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:15:30.105086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:15:46.108159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:16:18.114364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:19:05.174580 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 20:19:05.174711 2.993804 tcp 10.0.2.109 51391 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:19:14.177053 0.000000 tcp 10.0.2.109 51391 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:19:20.177659 0.031821 tcp 10.0.2.109 51392 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:19:20.209759 0.030868 tcp 10.0.2.109 51393 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:19:20.240931 0.128484 tcp 10.0.2.109 51394 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:19:20.621116 2.999800 tcp 10.0.2.109 51395 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:19:29.619541 0.000000 tcp 10.0.2.109 51395 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:19:35.619406 0.031053 tcp 10.0.2.109 51396 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:19:35.650702 0.031343 tcp 10.0.2.109 51397 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:19:35.682461 0.125666 tcp 10.0.2.109 51398 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:19:36.099287 3.003736 tcp 10.0.2.109 51399 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:19:45.101567 0.000000 tcp 10.0.2.109 51399 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:19:51.100555 3.004013 tcp 10.0.2.109 51400 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:20:00.103202 0.000000 tcp 10.0.2.109 51400 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:22:22.119991 3.001928 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 20:22:29.127694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:22:37.129004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:22:53.132155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:23:25.138077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:25:06.103760 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 20:25:06.103868 2.993702 tcp 10.0.2.109 51401 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:25:15.105818 0.000000 tcp 10.0.2.109 51401 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:25:21.110600 0.031559 tcp 10.0.2.109 51402 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:25:21.142425 0.030904 tcp 10.0.2.109 51403 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:25:21.173649 0.143286 tcp 10.0.2.109 51404 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:25:21.417463 2.997341 tcp 10.0.2.109 51405 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:25:30.409520 0.000000 tcp 10.0.2.109 51405 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:25:36.407399 0.052424 tcp 10.0.2.109 51406 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:25:36.460138 0.053335 tcp 10.0.2.109 51407 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:25:36.513762 0.130808 tcp 10.0.2.109 51408 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:25:36.911240 3.003213 tcp 10.0.2.109 51409 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:25:45.910546 0.000000 tcp 10.0.2.109 51409 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:25:51.908961 3.003872 tcp 10.0.2.109 51410 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:26:00.912576 0.000000 tcp 10.0.2.109 51410 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:29:29.144124 3.001539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 20:29:36.151431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:29:44.154439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:30:00.155958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:30:32.161904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:31:06.913792 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 20:31:06.913896 3.001683 tcp 10.0.2.109 51411 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:31:15.914796 0.000000 tcp 10.0.2.109 51411 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:31:21.915283 0.053659 tcp 10.0.2.109 51412 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:31:21.969290 0.031472 tcp 10.0.2.109 51413 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:31:22.001040 0.141721 tcp 10.0.2.109 51414 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:31:22.192373 2.995855 tcp 10.0.2.109 51415 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:31:31.196986 0.000000 tcp 10.0.2.109 51415 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:31:37.189007 0.030829 tcp 10.0.2.109 51416 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:31:37.220125 0.053705 tcp 10.0.2.109 51417 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:31:37.274131 0.125606 tcp 10.0.2.109 51418 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:31:37.476413 2.994025 tcp 10.0.2.109 51419 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:31:46.468908 0.000000 tcp 10.0.2.109 51419 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:31:52.467540 3.004203 tcp 10.0.2.109 51420 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:32:01.470328 0.000000 tcp 10.0.2.109 51420 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:36:36.168730 3.000917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 20:36:43.175462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:36:51.177091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:37:07.179897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:37:39.185873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:43:32.703989 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 20:43:32.704165 0.103046 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:32.773002 0.115179 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:32.849578 0.147897 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:33.096804 0.112217 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:33.155201 0.071299 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:33.301668 0.194629 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:33.496917 0.164575 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:33.656253 0.089251 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:33.771355 0.083934 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:33.831586 0.076966 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:33.919384 0.171907 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:34.087396 0.090715 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:34.157917 0.051105 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:34.292151 0.032054 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:34.322856 0.136054 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2597 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:34.416616 0.110243 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:34.494277 0.169196 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:34.666553 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 20:43:37.511412 3.003850 tcp 10.0.2.109 51421 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:43:43.191507 3.001800 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 20:43:46.514163 0.000000 tcp 10.0.2.109 51421 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:43:50.199396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:43:51.242785 0.054675 tcp 10.0.2.109 51422 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:43:51.297739 0.030894 tcp 10.0.2.109 51423 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:43:51.328906 0.127896 tcp 10.0.2.109 51424 -> 195.113.214.211 443 SRPA* 0 0 68 69850 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:43:51.457548 0.359400 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:51.797597 0.392128 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:52.169860 0.126298 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:52.256677 0.308776 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:52.513008 0.030657 tcp 10.0.2.109 51425 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:43:52.543963 0.034396 tcp 10.0.2.109 51426 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:43:52.564109 0.350717 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:52.578754 0.125805 tcp 10.0.2.109 51427 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:43:52.779043 3.008399 tcp 10.0.2.109 51428 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:43:52.911200 0.168458 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:53.056358 0.161009 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:53.267081 0.338772 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/03 20:43:58.200956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:44:01.796076 0.000000 tcp 10.0.2.109 51428 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:44:07.775292 0.051589 tcp 10.0.2.109 51429 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:44:07.827240 0.053678 tcp 10.0.2.109 51430 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:44:07.881255 0.146466 tcp 10.0.2.109 51431 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:44:08.066387 2.992829 tcp 10.0.2.109 51432 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:44:14.203970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:44:17.058291 0.000000 tcp 10.0.2.109 51432 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:44:23.066863 2.994222 tcp 10.0.2.109 51433 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:44:32.059587 0.000000 tcp 10.0.2.109 51433 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:44:46.209902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:49:38.074031 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 20:49:38.074229 3.004144 tcp 10.0.2.109 51434 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:49:47.072496 0.000000 tcp 10.0.2.109 51434 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:49:53.073076 0.053927 tcp 10.0.2.109 51435 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:49:53.127313 0.053828 tcp 10.0.2.109 51436 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:49:53.181444 0.127427 tcp 10.0.2.109 51437 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:49:53.468866 3.009633 tcp 10.0.2.109 51438 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:50:02.474538 0.000000 tcp 10.0.2.109 51438 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:50:08.464960 0.052526 tcp 10.0.2.109 51439 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:50:08.517763 0.052646 tcp 10.0.2.109 51440 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:50:08.570713 0.126278 tcp 10.0.2.109 51441 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:50:08.751849 2.996089 tcp 10.0.2.109 51442 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:50:17.756100 0.000000 tcp 10.0.2.109 51442 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:50:23.745179 2.994355 tcp 10.0.2.109 51443 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:50:32.738564 0.000000 tcp 10.0.2.109 51443 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:50:50.217140 3.000545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 20:50:57.223381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:51:05.224996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:51:21.228960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:51:53.234005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:55:38.749093 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 20:55:38.749278 3.002878 tcp 10.0.2.109 51444 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:55:47.751161 0.000000 tcp 10.0.2.109 51444 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:55:53.751421 0.054555 tcp 10.0.2.109 51445 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:55:53.806292 0.031051 tcp 10.0.2.109 51446 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:55:53.837641 0.125536 tcp 10.0.2.109 51447 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:55:53.973405 3.001290 tcp 10.0.2.109 51448 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:56:02.973125 0.000000 tcp 10.0.2.109 51448 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:56:08.972266 0.052043 tcp 10.0.2.109 51449 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:56:09.024686 0.064243 tcp 10.0.2.109 51450 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:56:09.089191 0.154930 tcp 10.0.2.109 51451 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/03 20:56:09.261185 3.004870 tcp 10.0.2.109 51452 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:56:18.265173 0.000000 tcp 10.0.2.109 51452 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:56:24.253521 2.994247 tcp 10.0.2.109 51453 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:56:33.256433 0.000000 tcp 10.0.2.109 51453 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 20:57:57.240831 3.000869 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 20:58:04.247419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:58:12.248738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:58:28.251689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 20:59:00.258008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:01:39.257141 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 21:01:39.257369 2.993301 tcp 10.0.2.109 51454 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:01:48.249114 0.000000 tcp 10.0.2.109 51454 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:01:54.259676 0.030932 tcp 10.0.2.109 51455 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:01:54.290896 0.051736 tcp 10.0.2.109 51456 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:01:54.342891 0.124306 tcp 10.0.2.109 51457 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:01:54.518951 3.004002 tcp 10.0.2.109 51458 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:02:03.521175 0.000000 tcp 10.0.2.109 51458 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:02:09.520786 0.052621 tcp 10.0.2.109 51459 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:02:09.573760 0.031151 tcp 10.0.2.109 51460 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:02:09.605181 0.145965 tcp 10.0.2.109 51461 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:02:09.774980 2.999656 tcp 10.0.2.109 51462 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:02:18.773166 0.000000 tcp 10.0.2.109 51462 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:02:24.772301 3.003823 tcp 10.0.2.109 51463 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:02:33.774518 0.000000 tcp 10.0.2.109 51463 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:05:29.270309 3.004630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 21:05:36.277184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:05:44.278853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:06:00.281650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:06:32.288012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:07:39.774920 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 21:07:39.775139 2.994004 tcp 10.0.2.109 51464 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:07:48.767691 0.000000 tcp 10.0.2.109 51464 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:07:54.778117 0.052847 tcp 10.0.2.109 51465 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:07:54.831239 0.053682 tcp 10.0.2.109 51466 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:07:54.885271 0.143113 tcp 10.0.2.109 51467 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:07:55.077119 3.003981 tcp 10.0.2.109 51468 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:08:04.079765 0.000000 tcp 10.0.2.109 51468 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:12:36.293904 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 21:12:43.301091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:12:51.302842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:13:07.305493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:13:39.311695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:13:53.752847 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 21:13:53.753099 0.126736 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:53.927585 0.106313 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:53.998076 0.120166 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:54.080488 0.116485 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:54.161963 0.070087 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:54.413608 0.193287 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:54.598767 0.164104 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:54.757630 0.094200 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:54.836649 0.088310 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:54.991910 0.147450 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:55.085242 2.993597 tcp 10.0.2.109 51469 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:13:55.130847 0.094053 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:55.247126 0.051151 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:55.368391 0.032406 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:55.399378 0.129570 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:55.524625 0.172658 udp 10.0.2.109 3683 <-> 2.85.54.109 2179 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:55.662644 0.173147 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:55.853886 0.172223 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:56.023089 0.089709 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:56.095657 0.392021 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:56.518368 0.310077 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:56.846689 0.350408 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:57.249832 0.391819 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:57.620902 0.115037 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:57.697665 0.346603 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:58.094630 0.165987 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:13:58.237522 0.155122 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:14:04.087254 0.000000 tcp 10.0.2.109 51469 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:14:10.087758 0.053456 tcp 10.0.2.109 51470 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:14:10.141517 0.053708 tcp 10.0.2.109 51471 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:14:10.195497 0.141406 tcp 10.0.2.109 51472 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:14:10.452467 2.998489 tcp 10.0.2.109 51473 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:14:19.449465 0.000000 tcp 10.0.2.109 51473 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:14:25.448994 0.052154 tcp 10.0.2.109 51474 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:14:25.501459 0.031914 tcp 10.0.2.109 51475 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:14:25.533726 0.150615 tcp 10.0.2.109 51476 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:14:25.779486 3.006982 tcp 10.0.2.109 51477 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:14:34.783231 0.000000 tcp 10.0.2.109 51477 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:14:40.780022 3.003812 tcp 10.0.2.109 51478 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:14:49.787018 0.000000 tcp 10.0.2.109 51478 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:19:43.318593 3.000610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 21:19:50.328509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:19:55.783648 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 21:19:55.783766 3.003533 tcp 10.0.2.109 51479 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:19:58.326564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:20:04.785770 0.000000 tcp 10.0.2.109 51479 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:20:10.786364 0.053125 tcp 10.0.2.109 51480 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:20:10.839781 0.054516 tcp 10.0.2.109 51481 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:20:10.894510 0.129591 tcp 10.0.2.109 51482 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:20:11.033236 2.995925 tcp 10.0.2.109 51483 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:20:14.329879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:20:20.027902 0.000000 tcp 10.0.2.109 51483 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:20:26.026738 0.052987 tcp 10.0.2.109 51484 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:20:26.080003 0.052980 tcp 10.0.2.109 51485 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:20:26.133269 0.125545 tcp 10.0.2.109 51486 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:20:26.278506 3.002703 tcp 10.0.2.109 51487 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:20:35.279710 0.000000 tcp 10.0.2.109 51487 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:20:41.278846 3.003976 tcp 10.0.2.109 51488 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:20:46.335712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:20:50.281353 0.000000 tcp 10.0.2.109 51488 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:25:56.288701 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 21:25:56.288858 2.996700 tcp 10.0.2.109 51489 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:26:05.284831 0.000000 tcp 10.0.2.109 51489 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:26:11.288884 0.033419 tcp 10.0.2.109 51490 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:26:11.322594 0.053515 tcp 10.0.2.109 51491 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:26:11.376406 0.130634 tcp 10.0.2.109 51492 -> 195.113.214.211 443 SRPA* 0 0 42 37006 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:26:11.579777 3.000704 tcp 10.0.2.109 51493 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:26:20.586040 0.000000 tcp 10.0.2.109 51493 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:26:26.575553 0.052401 tcp 10.0.2.109 51494 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:26:26.628311 0.031168 tcp 10.0.2.109 51495 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:26:26.659729 0.143228 tcp 10.0.2.109 51496 -> 195.113.214.211 443 SRPA* 0 0 41 35208 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:26:27.172536 2.999009 tcp 10.0.2.109 51497 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:26:36.171038 0.000000 tcp 10.0.2.109 51497 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:26:42.167531 3.004170 tcp 10.0.2.109 51498 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:26:50.342421 3.000784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 21:26:51.170433 0.000000 tcp 10.0.2.109 51498 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:26:57.349134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:27:05.350520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:27:21.353684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:27:53.360513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:31:57.170985 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 21:31:57.171084 3.003270 tcp 10.0.2.109 51499 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:32:06.173133 0.000000 tcp 10.0.2.109 51499 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:32:12.173156 0.053610 tcp 10.0.2.109 51500 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:32:12.227070 0.054273 tcp 10.0.2.109 51501 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:32:12.281585 0.145921 tcp 10.0.2.109 51502 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:32:12.493743 3.002946 tcp 10.0.2.109 51503 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:32:21.495134 0.000000 tcp 10.0.2.109 51503 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:32:27.494635 0.052844 tcp 10.0.2.109 51504 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:32:27.547788 0.052950 tcp 10.0.2.109 51505 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:32:27.601076 0.144399 tcp 10.0.2.109 51506 -> 195.113.214.211 443 SRPA* 0 0 21 11766 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:32:27.986887 3.001959 tcp 10.0.2.109 51507 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:32:36.997404 0.000000 tcp 10.0.2.109 51507 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:32:42.988859 2.996096 tcp 10.0.2.109 51508 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:32:51.979145 0.000000 tcp 10.0.2.109 51508 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:33:57.367255 3.000899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 21:34:04.373108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:34:12.374629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:34:28.377824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:35:00.383619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:41:04.389681 3.057793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 21:41:11.438404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:41:19.409386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:41:35.411673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:42:07.417698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:44:15.551741 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 21:44:15.551949 0.114063 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:15.624394 0.079694 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:15.712064 0.099025 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:15.787940 0.188222 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:15.969208 0.165426 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.129506 0.094975 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.207092 0.120415 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.324762 0.068022 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1924 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.376128 0.191470 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.540040 0.154939 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.687117 0.084748 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.754438 0.050897 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.841195 0.032299 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.872309 0.130013 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:16.969026 0.000000 udp 10.0.2.109 3683 -> 2.85.54.109 2179 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 21:44:28.030067 3.004015 tcp 10.0.2.109 51509 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:44:32.287622 0.053252 tcp 10.0.2.109 51510 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:44:32.341133 0.053865 tcp 10.0.2.109 51511 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:44:32.395347 0.143600 tcp 10.0.2.109 51512 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:44:32.540115 0.088378 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:32.610091 0.351587 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:32.957530 0.185780 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:33.447906 0.192864 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:33.680635 0.310200 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:34.012093 0.349912 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:34.358333 0.343475 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:34.714817 0.165369 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:34.857696 0.157025 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:35.026535 0.384026 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:35.392737 0.204815 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/03 21:44:37.032740 0.000000 tcp 10.0.2.109 51509 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:44:43.035721 0.053128 tcp 10.0.2.109 51513 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:44:43.089152 0.053484 tcp 10.0.2.109 51514 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:44:43.142934 0.263424 tcp 10.0.2.109 51515 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:44:43.604425 3.001937 tcp 10.0.2.109 51516 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:44:52.605231 0.000000 tcp 10.0.2.109 51516 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:44:58.594011 0.030055 tcp 10.0.2.109 51517 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:44:58.624356 0.051724 tcp 10.0.2.109 51518 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:44:58.676392 0.128464 tcp 10.0.2.109 51519 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:44:58.829430 2.999042 tcp 10.0.2.109 51520 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:45:07.836559 0.000000 tcp 10.0.2.109 51520 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:45:13.825725 2.994176 tcp 10.0.2.109 51521 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:45:22.818475 0.000000 tcp 10.0.2.109 51521 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:48:11.423887 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 21:48:18.431164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:48:26.432715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:48:42.435439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:49:14.441567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:50:28.829135 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 21:50:28.829319 3.003629 tcp 10.0.2.109 51522 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:50:37.831505 0.000000 tcp 10.0.2.109 51522 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:50:43.832393 0.052310 tcp 10.0.2.109 51523 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:50:43.884970 0.053484 tcp 10.0.2.109 51524 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:50:43.938849 0.144443 tcp 10.0.2.109 51525 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:50:44.127534 3.007359 tcp 10.0.2.109 51526 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:50:53.133432 0.000000 tcp 10.0.2.109 51526 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:50:59.122635 0.051580 tcp 10.0.2.109 51527 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:50:59.174528 0.053146 tcp 10.0.2.109 51528 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:50:59.228032 0.150045 tcp 10.0.2.109 51529 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:50:59.452113 2.994496 tcp 10.0.2.109 51530 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:51:08.445919 0.000000 tcp 10.0.2.109 51530 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:51:14.444266 2.994090 tcp 10.0.2.109 51531 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:51:23.447007 0.000000 tcp 10.0.2.109 51531 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:55:43.454603 3.000509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 21:55:50.461356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:55:58.462751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:56:14.465779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:56:29.447838 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 21:56:29.447928 3.003491 tcp 10.0.2.109 51532 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:56:38.449961 0.000000 tcp 10.0.2.109 51532 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:56:44.450117 0.052624 tcp 10.0.2.109 51533 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:56:44.502955 0.052833 tcp 10.0.2.109 51534 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:56:44.556052 0.145091 tcp 10.0.2.109 51535 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:56:44.723849 2.999490 tcp 10.0.2.109 51536 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:56:46.471590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 21:56:53.722032 0.000000 tcp 10.0.2.109 51536 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:56:59.721046 0.052290 tcp 10.0.2.109 51537 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:56:59.773618 0.052955 tcp 10.0.2.109 51538 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:56:59.826853 0.149019 tcp 10.0.2.109 51539 -> 195.113.214.211 443 SRPA* 0 0 40 33078 flow=From-Botnet-V1-TCP-Established 1970/02/03 21:56:59.991937 3.003444 tcp 10.0.2.109 51540 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:57:08.993846 0.000000 tcp 10.0.2.109 51540 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:57:14.992879 3.003747 tcp 10.0.2.109 51541 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 21:57:23.995517 0.000000 tcp 10.0.2.109 51541 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:02:29.995796 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 22:02:29.995904 2.993918 tcp 10.0.2.109 51542 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:02:38.988097 0.000000 tcp 10.0.2.109 51542 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:02:44.998529 0.052878 tcp 10.0.2.109 51543 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:02:45.051703 0.052282 tcp 10.0.2.109 51544 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:02:45.104249 0.146844 tcp 10.0.2.109 51545 -> 195.113.214.211 443 SRPA* 0 0 23 12930 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:02:45.336498 2.995171 tcp 10.0.2.109 51546 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:02:50.477453 3.001619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 22:02:54.330475 0.000000 tcp 10.0.2.109 51546 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:02:57.484971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:03:00.329723 0.051103 tcp 10.0.2.109 51547 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:03:00.381110 0.051991 tcp 10.0.2.109 51548 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:03:00.433364 0.146803 tcp 10.0.2.109 51549 -> 195.113.214.211 443 SRPA* 0 0 30 10792 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:03:00.735553 2.998544 tcp 10.0.2.109 51550 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:03:05.486418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:03:09.732667 0.000000 tcp 10.0.2.109 51550 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:03:15.731512 3.003811 tcp 10.0.2.109 51551 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:03:21.489400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:03:24.734028 0.000000 tcp 10.0.2.109 51551 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:03:53.495360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:09:57.501660 3.001400 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 22:10:04.509196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:10:12.511057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:10:28.513345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:11:00.519473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:14:46.666881 0.031621 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 22:14:46.698622 0.000000 udp 10.0.2.109 3683 -> 2.85.54.109 2179 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 22:15:03.371405 0.031898 tcp 10.0.2.109 51552 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:15:03.403587 0.052937 tcp 10.0.2.109 51553 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:15:03.456823 0.146970 tcp 10.0.2.109 51554 -> 195.113.214.211 443 SRPA* 0 0 40 33106 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:15:03.604470 0.103093 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:03.672726 0.189515 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:03.855022 0.119139 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:03.935649 0.053267 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:04.315610 0.094829 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:04.393357 0.119567 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:04.595750 0.164481 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:04.754292 0.085393 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:04.815131 0.160575 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:04.967774 0.084931 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:05.036088 0.050793 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:05.096100 0.031998 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:05.126868 0.127036 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:05.258091 0.072325 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:05.312625 0.086778 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 1938 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:05.435512 0.353582 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:05.768720 0.309571 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:06.083438 0.168391 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:06.322253 0.242263 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:06.561967 0.353494 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:06.911795 0.348865 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:07.274235 0.267965 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:07.518786 0.446751 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:07.924972 0.157918 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:08.125934 0.394101 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:15:15.776531 2.994271 tcp 10.0.2.109 51555 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:15:24.769199 0.000000 tcp 10.0.2.109 51555 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:15:30.778528 0.051288 tcp 10.0.2.109 51556 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:15:30.830062 0.052372 tcp 10.0.2.109 51557 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:15:30.882748 0.146424 tcp 10.0.2.109 51558 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:15:31.063370 2.999034 tcp 10.0.2.109 51559 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:15:40.061246 0.000000 tcp 10.0.2.109 51559 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:15:46.060660 0.052432 tcp 10.0.2.109 51560 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:15:46.113398 0.053585 tcp 10.0.2.109 51561 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:15:46.167257 0.147480 tcp 10.0.2.109 51562 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:15:46.331301 3.003468 tcp 10.0.2.109 51563 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:15:55.333184 0.000000 tcp 10.0.2.109 51563 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:16:01.332001 3.004404 tcp 10.0.2.109 51564 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:16:10.335086 0.000000 tcp 10.0.2.109 51564 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:17:04.526494 3.011090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 22:17:11.541368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:17:19.534562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:17:35.544501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:18:07.543135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:21:16.335312 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 22:21:16.335418 2.993607 tcp 10.0.2.109 51565 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:21:25.337504 0.000000 tcp 10.0.2.109 51565 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:21:31.338666 0.085532 tcp 10.0.2.109 51566 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:21:31.424501 0.053069 tcp 10.0.2.109 51567 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:21:31.477850 0.134560 tcp 10.0.2.109 51568 -> 195.113.214.211 443 SRPA* 0 0 64 40570 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:21:31.705143 2.985890 tcp 10.0.2.109 51569 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:21:40.689665 0.000000 tcp 10.0.2.109 51569 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:21:46.699267 0.051872 tcp 10.0.2.109 51570 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:21:46.751446 0.051652 tcp 10.0.2.109 51571 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:21:46.803380 0.151391 tcp 10.0.2.109 51572 -> 195.113.214.211 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:21:47.097471 3.005854 tcp 10.0.2.109 51573 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:21:56.101835 0.000000 tcp 10.0.2.109 51573 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:22:02.091007 3.003998 tcp 10.0.2.109 51574 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:22:11.093449 0.000000 tcp 10.0.2.109 51574 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:24:11.549698 3.001293 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 22:24:18.556686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:24:26.558363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:24:42.561406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:25:14.567375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:27:17.093750 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 22:27:17.093953 2.993490 tcp 10.0.2.109 51575 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:27:26.096561 0.000000 tcp 10.0.2.109 51575 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:27:32.096889 0.053193 tcp 10.0.2.109 51576 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:27:32.150433 0.052387 tcp 10.0.2.109 51577 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:27:32.203168 0.147798 tcp 10.0.2.109 51578 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:27:32.432431 2.991230 tcp 10.0.2.109 51579 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:27:41.418416 0.000000 tcp 10.0.2.109 51579 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:27:47.427567 0.081472 tcp 10.0.2.109 51580 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:27:47.509339 0.052878 tcp 10.0.2.109 51581 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:27:47.562577 0.153805 tcp 10.0.2.109 51582 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:27:47.856036 2.995805 tcp 10.0.2.109 51583 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:27:56.850544 0.000000 tcp 10.0.2.109 51583 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:28:02.851448 3.001489 tcp 10.0.2.109 51584 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:28:11.852065 0.000000 tcp 10.0.2.109 51584 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:31:18.573017 3.001580 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 22:31:25.580633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:31:33.582389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:31:49.585838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:32:21.591078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:33:17.852340 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 22:33:17.852561 3.003992 tcp 10.0.2.109 51585 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:33:26.854971 0.000000 tcp 10.0.2.109 51585 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:33:32.855619 0.052318 tcp 10.0.2.109 51586 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:33:32.908183 0.052922 tcp 10.0.2.109 51587 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:33:32.961401 0.149778 tcp 10.0.2.109 51588 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:33:33.127285 2.991065 tcp 10.0.2.109 51589 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:33:42.127017 0.000000 tcp 10.0.2.109 51589 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:33:48.126599 0.052685 tcp 10.0.2.109 51590 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:33:48.179612 0.053072 tcp 10.0.2.109 51591 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:33:48.233010 0.146031 tcp 10.0.2.109 51592 -> 195.113.214.211 443 SRPA* 0 0 48 37046 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:33:48.404961 2.995513 tcp 10.0.2.109 51593 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:33:57.398866 0.000000 tcp 10.0.2.109 51593 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:34:03.397572 3.004629 tcp 10.0.2.109 51594 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:34:12.400492 0.000000 tcp 10.0.2.109 51594 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:38:25.599868 2.999265 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 22:38:32.608915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:38:40.610386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:38:56.609512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:39:28.615241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:45:31.086336 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 22:45:31.086630 0.117375 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:31.161458 0.052597 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:31.253336 0.093565 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:31.330546 0.101819 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:31.396478 0.199213 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:31.586087 0.113707 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:31.729099 0.164184 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:31.887884 0.088195 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:31.978955 0.146569 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:32.117896 0.078575 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:32.199491 0.051259 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:32.266741 0.031734 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:32.312827 0.118306 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:32.395711 0.067408 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:32.445752 0.086644 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:32.515667 0.173214 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:32.621640 3.001407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 22:45:32.684437 0.344900 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:33.008168 0.308832 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:33.315793 0.180305 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:33.440482 3.003433 tcp 10.0.2.109 51595 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:45:33.491453 0.350575 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:33.838420 0.340920 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:34.186691 0.155212 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:34.412547 0.168233 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:34.557517 0.432284 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2004 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:34.954302 0.382650 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/03 22:45:39.628795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:45:42.442741 0.000000 tcp 10.0.2.109 51595 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:45:47.630539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:45:48.443091 0.052777 tcp 10.0.2.109 51596 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:45:48.496114 0.057142 tcp 10.0.2.109 51597 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:45:48.553599 0.144656 tcp 10.0.2.109 51598 -> 195.113.214.211 443 SRPA* 0 0 32 16574 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:45:48.779952 2.996198 tcp 10.0.2.109 51599 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:45:57.774741 0.000000 tcp 10.0.2.109 51599 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:46:03.633233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:46:03.773608 0.052420 tcp 10.0.2.109 51600 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:46:03.826337 0.052344 tcp 10.0.2.109 51601 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:46:03.878983 0.152332 tcp 10.0.2.109 51602 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:46:04.075625 2.992443 tcp 10.0.2.109 51603 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:46:13.076611 0.000000 tcp 10.0.2.109 51603 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:46:19.075716 2.993741 tcp 10.0.2.109 51604 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:46:28.068095 0.000000 tcp 10.0.2.109 51604 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:46:35.639599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:51:34.078766 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 22:51:34.078978 3.003505 tcp 10.0.2.109 51605 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:51:43.081239 0.000000 tcp 10.0.2.109 51605 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:51:49.081763 0.052095 tcp 10.0.2.109 51606 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:51:49.134320 0.051810 tcp 10.0.2.109 51607 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:51:49.186439 0.158809 tcp 10.0.2.109 51608 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:51:49.398567 3.006214 tcp 10.0.2.109 51609 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:51:58.403474 0.000000 tcp 10.0.2.109 51609 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:52:04.392569 0.086423 tcp 10.0.2.109 51610 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:52:04.479271 0.054669 tcp 10.0.2.109 51611 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:52:04.534275 0.149442 tcp 10.0.2.109 51612 -> 195.113.214.211 443 SRPA* 0 0 44 33322 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:52:04.712252 3.003850 tcp 10.0.2.109 51613 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:52:13.714621 0.000000 tcp 10.0.2.109 51613 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:52:19.714209 2.993927 tcp 10.0.2.109 51614 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:52:28.716198 0.000000 tcp 10.0.2.109 51614 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:54:24.646439 3.001488 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 22:54:31.653467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:54:39.655119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:54:55.657942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:55:27.664356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 22:57:34.716747 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 22:57:34.716844 3.008253 tcp 10.0.2.109 51615 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:57:43.719683 0.000000 tcp 10.0.2.109 51615 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:57:49.720590 0.053570 tcp 10.0.2.109 51616 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:57:49.774405 0.053984 tcp 10.0.2.109 51617 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:57:49.828659 0.151417 tcp 10.0.2.109 51618 -> 195.113.214.211 443 SRPA* 0 0 39 21770 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:57:49.999761 3.003367 tcp 10.0.2.109 51619 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:57:59.001738 0.000000 tcp 10.0.2.109 51619 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:58:05.000847 0.051591 tcp 10.0.2.109 51620 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:58:05.052707 0.052476 tcp 10.0.2.109 51621 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:58:05.105455 0.148596 tcp 10.0.2.109 51622 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 22:58:05.277740 3.007278 tcp 10.0.2.109 51623 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:58:14.283708 0.000000 tcp 10.0.2.109 51623 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:58:20.272544 3.003928 tcp 10.0.2.109 51624 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 22:58:29.275363 0.000000 tcp 10.0.2.109 51624 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:01:54.683638 3.001403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 23:02:01.690757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:02:09.692082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:02:25.695204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:02:57.701212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:03:35.275568 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 23:03:35.275674 2.993865 tcp 10.0.2.109 51625 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:03:44.268143 0.000000 tcp 10.0.2.109 51625 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:03:50.278477 0.052581 tcp 10.0.2.109 51626 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:03:50.331375 0.053879 tcp 10.0.2.109 51627 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:03:50.385512 0.149741 tcp 10.0.2.109 51628 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:03:50.545902 2.995453 tcp 10.0.2.109 51629 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:03:59.540021 0.000000 tcp 10.0.2.109 51629 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:04:05.539512 0.055505 tcp 10.0.2.109 51630 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:04:05.595300 0.054290 tcp 10.0.2.109 51631 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:04:05.649844 0.147753 tcp 10.0.2.109 51632 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:04:05.809650 3.003799 tcp 10.0.2.109 51633 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:04:14.812434 0.000000 tcp 10.0.2.109 51633 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:04:20.811021 3.003742 tcp 10.0.2.109 51634 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:04:29.813478 0.000000 tcp 10.0.2.109 51634 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:09:05.713638 3.000837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 23:09:12.720458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:09:20.722003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:09:36.724601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:10:08.730974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:15:48.419466 0.021103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 23:15:48.440688 0.101332 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:15:48.518626 0.102672 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:15:48.586383 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/03 23:15:50.856850 3.000096 tcp 10.0.2.109 51635 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:15:59.855918 0.000000 tcp 10.0.2.109 51635 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:16:05.856365 0.056088 tcp 10.0.2.109 51636 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:16:05.912732 0.051350 tcp 10.0.2.109 51637 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:16:05.964350 0.151966 tcp 10.0.2.109 51638 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:16:06.220685 2.988387 tcp 10.0.2.109 51639 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:16:06.775509 0.051473 tcp 10.0.2.109 51640 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:16:06.827215 0.053875 tcp 10.0.2.109 51641 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:16:06.881446 0.148139 tcp 10.0.2.109 51642 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:16:07.030038 0.114396 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:07.090379 0.163630 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:08.127906 0.087627 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:08.488548 0.108796 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:10.256684 0.051625 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:10.354710 0.155817 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:10.502786 0.088804 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:10.583892 0.051168 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:10.694446 0.031782 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:10.725019 0.124813 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:10.812209 0.064536 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:10.894979 0.088608 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:10.963084 0.176973 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:11.154231 0.387708 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:11.519375 0.354481 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:11.869909 0.309118 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2021 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:12.177391 0.175725 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:12.349369 0.171751 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:12.497536 0.217615 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:12.680474 0.337143 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:13.016306 0.157804 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:13.194751 0.383584 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:16:15.207611 0.000000 tcp 10.0.2.109 51639 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:16:17.743540 3.002068 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 23:16:21.216772 0.051497 tcp 10.0.2.109 51643 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:16:21.268564 0.054070 tcp 10.0.2.109 51644 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:16:21.322873 0.149048 tcp 10.0.2.109 51645 -> 195.113.214.211 443 SRPA* 0 0 43 22722 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:16:21.518516 3.002865 tcp 10.0.2.109 51646 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:16:24.754706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:16:30.519788 0.000000 tcp 10.0.2.109 51646 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:16:32.753323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:16:36.518740 3.004282 tcp 10.0.2.109 51647 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:16:45.524484 0.000000 tcp 10.0.2.109 51647 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:16:48.755794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:17:20.769494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:21:51.521847 0.000189 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 23:21:51.522301 3.003481 tcp 10.0.2.109 51648 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:22:00.524501 0.000000 tcp 10.0.2.109 51648 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:22:06.524531 0.052329 tcp 10.0.2.109 51649 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:22:06.577125 0.053714 tcp 10.0.2.109 51650 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:22:06.631187 0.148301 tcp 10.0.2.109 51651 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:22:06.880428 2.997222 tcp 10.0.2.109 51652 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:22:15.886612 0.000000 tcp 10.0.2.109 51652 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:22:21.875308 0.051835 tcp 10.0.2.109 51653 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:22:21.927444 0.123515 tcp 10.0.2.109 51654 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:22:22.051292 0.155196 tcp 10.0.2.109 51655 -> 195.113.214.211 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:22:22.313006 2.987025 tcp 10.0.2.109 51656 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:22:31.298503 0.000000 tcp 10.0.2.109 51656 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:22:37.307475 3.003949 tcp 10.0.2.109 51657 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:22:46.310041 0.000000 tcp 10.0.2.109 51657 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:23:27.772179 3.001390 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 23:23:34.779849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:23:42.783211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:23:58.784206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:24:30.790608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:27:52.311138 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 23:27:52.311278 3.003264 tcp 10.0.2.109 51658 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:28:01.313183 0.000000 tcp 10.0.2.109 51658 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:28:07.320381 0.054744 tcp 10.0.2.109 51659 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:28:07.375418 0.053332 tcp 10.0.2.109 51660 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:28:07.429044 0.164965 tcp 10.0.2.109 51661 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:28:07.650888 2.995496 tcp 10.0.2.109 51662 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:28:16.644851 0.000000 tcp 10.0.2.109 51662 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:28:22.644218 0.052285 tcp 10.0.2.109 51663 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:28:22.696760 0.053602 tcp 10.0.2.109 51664 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:28:22.750622 0.161655 tcp 10.0.2.109 51665 -> 195.113.214.211 443 SRPA* 0 0 47 40620 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:28:23.084422 2.994182 tcp 10.0.2.109 51666 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:28:32.087263 0.000000 tcp 10.0.2.109 51666 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:28:38.086046 2.994440 tcp 10.0.2.109 51667 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:28:47.078797 0.000000 tcp 10.0.2.109 51667 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:30:34.796361 3.001500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/03 23:30:41.804630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:30:49.804675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:31:05.808365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:31:37.814580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:33:53.088948 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 23:33:53.089180 3.004003 tcp 10.0.2.109 51668 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:34:02.091715 0.000000 tcp 10.0.2.109 51668 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/03 23:34:08.092434 0.053660 tcp 10.0.2.109 51669 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:34:08.146413 0.056199 tcp 10.0.2.109 51670 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:34:08.202959 0.153548 tcp 10.0.2.109 51671 -> 195.113.214.211 443 SRPA* 0 0 39 33844 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:34:08.374867 0.576576 tcp 10.0.2.109 51672 -> 176.73.169.112 1959 FSPA* 0 0 14 1700 flow=From-Botnet-V1-TCP-Established 1970/02/03 23:37:41.821095 3.115938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 23:37:48.906925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:37:56.845238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:38:12.842188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:38:44.848133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:44:48.854306 3.001762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 23:44:55.861806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:45:03.862629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:45:19.866461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:45:51.877336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:46:18.130345 0.010960 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/03 23:46:18.141396 0.197616 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:18.331704 0.095905 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:18.505837 0.107265 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:18.575716 0.119281 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:18.695382 0.164031 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:18.854150 0.084133 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:18.911854 0.147662 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.051869 0.115309 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.127378 0.052630 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.217171 0.076182 rtp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.278582 0.050125 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.418962 0.034482 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.452307 0.131094 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.559647 0.073463 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.618978 0.094517 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.692025 0.171404 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:19.883118 0.335540 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:20.328605 0.177628 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:20.503409 0.171237 rtcp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:20.651637 0.396373 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:21.008736 0.351334 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:21.606803 0.310215 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:21.914856 0.384459 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:22.281591 0.348750 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:46:22.646710 0.154364 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/03 23:54:03.882945 3.010974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/03 23:54:10.899800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:54:18.901441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:54:34.904085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/03 23:55:06.910105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:01:15.923074 3.002072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 00:01:22.930856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:01:30.932382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:01:46.935462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:02:18.941606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:04:08.949892 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 00:04:08.950109 0.497354 tcp 10.0.2.109 51673 -> 176.73.169.112 1959 FSPA* 0 0 14 1672 flow=From-Botnet-V1-TCP-Established 1970/02/04 00:08:31.949946 3.002472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 00:08:38.958353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:08:46.959664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:09:02.962202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:09:34.968402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:15:38.974087 3.001727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 00:15:45.981755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:15:53.983350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:16:09.986156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:16:41.992616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:16:47.490873 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 00:16:47.490979 0.102795 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:47.557762 0.176202 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:47.678448 0.162142 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:47.835865 0.085832 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:47.896204 0.194580 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.083083 0.098806 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.166797 0.146419 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.305549 0.221603 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.458706 0.052241 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.545470 0.079041 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.609581 0.050714 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.690048 0.032369 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.721357 0.128122 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.813195 0.068204 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.896179 0.087791 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:48.964144 0.167305 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:49.138730 0.174833 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:49.289597 0.120935 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:49.369331 0.352474 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:49.702559 0.171217 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:49.870102 0.352123 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:50.218991 0.309916 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:50.558728 0.156568 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:50.774980 0.385370 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:16:51.142196 0.344178 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:22:45.997869 3.002042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 00:22:53.005459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:23:01.007290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:23:17.014773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:23:49.016317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:29:53.021766 3.002140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 00:30:00.029626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:30:08.031079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:30:24.034538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:30:56.039811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:34:09.448448 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 00:34:09.448554 0.471415 tcp 10.0.2.109 51674 -> 176.73.169.112 1959 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/02/04 00:37:00.046330 3.091271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 00:37:07.111173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:37:15.065197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:37:31.068262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:38:03.074466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:44:07.080662 3.001330 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 00:44:14.087614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:44:22.089216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:44:38.092611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:45:10.097997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:46:52.325524 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 00:46:52.325745 0.101633 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:52.395306 0.115908 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:52.531145 0.163224 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:52.703948 0.087289 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:52.764407 0.194619 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:52.951665 0.099363 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.033086 0.147874 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.173469 0.113580 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.248443 0.053312 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.390537 0.084652 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.457734 0.051005 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.574509 0.031896 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.624600 0.123365 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.713457 0.070386 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2662 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.790661 0.089558 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:53.863029 0.166775 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:54.095649 0.170688 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:54.245581 0.118181 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:55.727508 0.341401 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:56.235092 0.311330 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1884 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:56.573365 0.155494 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:56.732024 0.182013 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:56.911435 0.354332 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:57.261906 0.387755 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:46:57.628059 0.349062 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/04 00:53:36.109854 3.018521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 00:53:43.125988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:53:51.127432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:54:07.131023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 00:54:39.136729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:00:43.423600 3.000965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 01:00:50.430474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:00:58.431861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:01:14.434819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:01:46.440940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:04:10.177930 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 01:04:10.178055 0.533800 tcp 10.0.2.109 51675 -> 176.73.169.112 1959 FSPA* 0 0 15 1677 flow=From-Botnet-V1-TCP-Established 1970/02/04 01:07:50.447660 3.000859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 01:07:57.453995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:08:05.455865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:08:21.458704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:08:53.464812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:14:57.479205 2.993609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 01:15:04.480995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:15:12.479570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:15:28.482748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:16:00.488500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:17:17.459757 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 01:17:17.459864 0.162441 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:17.617398 0.089852 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:17.680612 0.102693 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:17.812157 0.353167 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:18.169926 0.197685 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:18.360666 0.099934 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:18.443578 0.147468 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:18.582813 0.117250 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:18.792571 0.052641 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:19.019451 0.084440 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:19.086772 0.050974 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:19.199347 0.032365 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:19.230476 0.131156 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:19.343655 0.066118 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:19.394904 0.169228 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:19.539986 0.084099 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:19.694776 0.169545 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:19.954465 0.122731 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:20.040053 0.380197 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:20.402269 0.309754 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:20.782897 0.154038 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:21.024352 0.394252 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:21.399533 0.170817 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:21.680177 0.348997 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:17:22.024999 0.364938 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:22:04.908136 3.008792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 01:22:11.922969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:22:19.923965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:22:35.927001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:23:07.933543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:29:11.940307 3.000570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 01:29:18.946698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:29:26.948520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:29:42.951369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:30:14.957395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:34:10.716408 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 01:34:10.716505 0.528015 tcp 10.0.2.109 51676 -> 176.73.169.112 1959 FSPA* 0 0 13 1638 flow=From-Botnet-V1-TCP-Established 1970/02/04 01:36:18.964242 3.000627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 01:36:25.970763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:36:33.972220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:36:49.975393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:37:21.981277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:43:25.986796 3.002073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 01:43:32.994700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:43:40.995869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:43:56.999151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:44:29.005220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:47:25.692538 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 01:47:25.692695 0.106384 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:25.760500 0.163007 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:26.099424 0.087839 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:26.160486 0.118066 rtp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:26.539202 0.188964 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:26.720925 0.096286 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:27.201371 0.147352 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:28.026420 0.119960 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2589 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:28.104447 0.053051 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:28.568420 0.084479 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:28.639055 0.050997 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:28.863325 0.031891 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:29.524796 0.125235 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:29.623496 0.069023 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:29.913140 0.172938 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:30.455654 0.088673 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:30.521932 0.167321 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:30.854910 0.125808 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:30.939446 0.155181 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:31.292657 0.375627 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:31.645850 0.346566 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:32.698089 0.349072 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:33.242735 0.388476 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:47:33.609331 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 01:47:52.380042 0.059710 tcp 10.0.2.109 51677 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 01:47:52.440084 0.053080 tcp 10.0.2.109 51678 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 01:47:52.493465 0.217956 tcp 10.0.2.109 51679 -> 195.113.214.211 443 SRPA* 0 0 39 27131 flow=From-Botnet-V1-TCP-Established 1970/02/04 01:47:52.712145 0.345506 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/04 01:50:33.011398 3.002152 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 01:50:40.018681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:50:48.020661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:51:04.027112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:51:36.029007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:57:40.035440 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 01:57:47.042617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:57:55.044080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:58:11.047008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 01:58:43.053090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:04:11.245179 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:04:11.245396 0.499902 tcp 10.0.2.109 51680 -> 176.73.169.112 1959 FSPA* 0 0 12 1626 flow=From-Botnet-V1-TCP-Established 1970/02/04 02:04:47.058876 3.001761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 02:04:54.066687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:05:02.068034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:05:18.071154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:05:50.077214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:11:54.083391 3.001178 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 02:12:01.090695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:12:09.092268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:12:25.094874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:12:57.101078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:18:00.961136 0.000190 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:18:00.961443 0.236166 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:01.194046 0.095682 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:01.407084 0.188871 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:01.588388 0.165770 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:01.746654 0.089285 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:01.836348 0.123247 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:01.901675 0.101373 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:01.986004 0.146855 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:02.160388 0.053938 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:02.257666 0.000000 udp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:18:21.078870 0.052360 tcp 10.0.2.109 51681 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 02:18:21.131538 0.052534 tcp 10.0.2.109 51682 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 02:18:21.184337 0.163379 tcp 10.0.2.109 51683 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/04 02:18:21.348120 0.051017 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:21.521002 0.047349 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:21.594434 0.117653 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:21.671668 0.125593 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:21.799520 0.068632 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:21.851806 0.121631 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:21.942065 0.173740 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:22.093315 0.089462 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:22.200342 0.170936 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:22.463366 0.380248 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:22.937020 0.154504 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:23.175860 0.358781 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:23.632194 0.388557 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:24.003078 0.359637 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:18:24.351825 0.358070 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:19:01.106674 3.001948 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 02:19:08.114387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:19:16.116123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:19:32.119005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:20:04.125373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:26:08.130477 3.002177 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 02:26:15.138454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:26:23.139827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:26:39.142835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:27:11.148926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:33:15.155396 3.001150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 02:33:22.162460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:33:30.164074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:33:46.166861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:34:11.744229 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:34:11.744430 0.453953 tcp 10.0.2.109 51684 -> 176.73.169.112 1959 FSPA* 0 0 14 1655 flow=From-Botnet-V1-TCP-Established 1970/02/04 02:34:18.172968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:40:22.185545 2.995199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 02:40:29.188733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:40:37.189022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:40:53.190840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:41:25.196984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:47:29.203250 3.001258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 02:47:36.210586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:47:44.211809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:48:00.215124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:48:31.730448 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:48:31.730629 0.000000 udp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:48:32.220890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:48:50.168526 0.062704 tcp 10.0.2.109 51685 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 02:48:50.231522 0.054213 tcp 10.0.2.109 51686 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 02:48:50.286384 0.174014 tcp 10.0.2.109 51687 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/02/04 02:48:50.460951 4.990182 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 10 3410 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:50.527239 4.397444 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 14 5153 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:50.711469 4.524538 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 14 5316 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:50.872445 4.496593 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 14 5368 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:50.967910 4.665619 udp 10.0.2.109 3683 <-> 81.129.69.157 6148 CON 0 0 14 5120 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:51.123859 4.788890 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 14 5304 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:51.290578 4.901474 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 14 5344 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:51.430108 4.900712 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 13 4956 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:51.518289 4.899162 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 14 5488 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:51.571909 4.979980 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 14 5566 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:51.623206 4.988947 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 8 3002 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:51.894534 4.966723 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 14 5100 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:51.966837 4.938798 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 9 3142 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:52.054974 4.968995 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 9 3317 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:52.111506 4.951680 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 7 2373 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:52.203725 0.166114 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:52.369143 0.359141 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:52.709218 0.167543 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:52.854614 0.084477 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:52.922074 0.155190 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:53.087056 0.311379 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:53.399667 0.363111 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:53.782723 0.386212 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 1927 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:54.151104 0.354086 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:55.460972 0.024033 udp 10.0.2.109 3683 <- 86.161.161.197 7979 RSP 0 0 4 1779 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:48:56.641629 0.032192 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:56.977052 0.040919 udp 10.0.2.109 3683 <- 86.137.162.190 2689 RSP 0 0 5 2074 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:48:57.062749 0.017314 udp 10.0.2.109 3683 <- 217.41.6.243 7642 RSP 0 0 5 2116 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:48:57.135221 0.105454 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 7 2899 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:57.203836 0.359480 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 8 2837 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:57.578652 0.691825 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 8 3273 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:58.252625 0.308031 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3072 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:58.538207 0.136199 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 8 3377 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:58.654798 0.623131 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 2945 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:48:59.288657 0.736428 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 2870 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:49:00.084640 0.309737 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 8 3037 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:49:00.415214 0.703771 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3053 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:49:01.116000 0.761883 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 8 3253 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:49:01.860777 0.000000 udp 10.0.2.109 3683 -> 62.30.59.186 9743 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:49:09.404371 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:49:16.355299 0.000000 udp 10.0.2.109 3683 -> 95.137.227.141 1031 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:49:23.254481 0.087602 udp 10.0.2.109 3683 <-> 93.198.222.119 8279 CON 0 0 8 3003 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:49:23.689368 0.000000 udp 10.0.2.109 3683 -> 95.91.126.89 3616 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:49:29.833307 0.000000 udp 10.0.2.109 3683 -> 69.158.43.50 5362 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:49:34.740808 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:49:37.916011 0.000000 udp 10.0.2.109 3683 -> 66.227.158.64 1719 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:49:43.508786 0.000000 udp 10.0.2.109 3683 -> 77.10.254.53 3056 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:49:48.530901 0.000000 udp 10.0.2.109 3683 -> 109.155.69.175 7533 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:49:55.700954 0.000000 udp 10.0.2.109 3683 -> 108.219.61.9 9906 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:50:04.653878 0.000000 udp 10.0.2.109 3683 -> 68.225.87.81 6523 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:50:13.346752 0.000000 udp 10.0.2.109 3683 -> 186.6.63.60 2209 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:50:21.287656 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:50:26.244896 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:50:28.548373 0.000000 udp 10.0.2.109 3683 -> 78.14.195.188 7760 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:50:36.820287 0.000000 udp 10.0.2.109 3683 -> 109.100.38.73 2279 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:50:45.111896 0.194100 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 8 3176 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:50:45.305018 0.000000 udp 10.0.2.109 3683 -> 217.224.250.132 9423 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:50:53.864633 0.000000 udp 10.0.2.109 3683 -> 92.241.71.34 4962 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:00.293987 0.000000 udp 10.0.2.109 3683 -> 95.250.42.70 5104 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:05.871921 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:10.740683 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:51:11.851068 0.000000 udp 10.0.2.109 3683 -> 79.78.244.35 4087 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:16.887640 0.000000 udp 10.0.2.109 3683 -> 66.49.127.38 7089 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:22.786192 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:30.737809 0.000000 udp 10.0.2.109 3683 -> 94.66.138.234 7159 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:36.015248 0.000000 udp 10.0.2.109 3683 -> 176.45.10.56 5148 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:41.333175 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:50.336099 0.054231 udp 10.0.2.109 3683 -> 188.219.175.50 2628 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:51:50.390330 0.000000 icmp 188.219.175.50 0x0303 -> 10.0.2.109 0x440a URP 192 1 140 flow=Background 1970/02/04 02:51:55.242899 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:51:57.876223 0.000000 udp 10.0.2.109 3683 -> 93.207.124.234 1615 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:52:05.998027 0.000000 udp 10.0.2.109 3683 -> 59.164.41.187 2041 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:52:13.118612 0.000000 udp 10.0.2.109 3683 -> 69.168.43.9 1066 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:52:21.861067 0.127606 rtp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 8 3060 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:52:22.017340 0.717988 rtp 10.0.2.109 3683 <-> 115.240.7.71 6649 CON 0 0 8 3227 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:52:22.711153 0.000000 udp 10.0.2.109 3683 -> 194.78.28.234 1718 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:52:28.120208 0.000000 udp 10.0.2.109 3683 -> 80.131.191.226 2022 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:52:33.157388 0.133419 udp 10.0.2.109 3683 <-> 81.151.176.105 1084 CON 0 0 8 3102 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:52:33.423347 0.000000 udp 10.0.2.109 3683 -> 83.47.191.113 3793 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:52:40.407723 0.060124 udp 10.0.2.109 3683 -> 79.210.69.125 2613 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:52:40.467847 0.000000 icmp 79.210.69.125 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 228 flow=Background 1970/02/04 02:52:45.244594 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:52:47.668534 0.000000 udp 10.0.2.109 3683 -> 188.106.216.174 7606 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:52:53.366647 0.000000 udp 10.0.2.109 3683 -> 61.91.26.50 3465 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:52:59.104570 0.347246 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 8 3184 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:52:59.439415 0.192418 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3091 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:52:59.708457 0.000000 udp 10.0.2.109 3683 -> 95.254.205.218 6381 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:53:05.614514 0.000000 udp 10.0.2.109 3683 -> 5.54.10.218 2337 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:53:12.093687 0.000000 udp 10.0.2.109 3683 -> 85.165.96.92 1718 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:53:19.453919 0.000000 udp 10.0.2.109 3683 -> 80.81.0.120 9503 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:53:25.071934 0.729893 rtp 10.0.2.109 3683 <-> 219.78.38.186 8414 CON 0 0 8 3058 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:53:25.826167 0.000000 udp 10.0.2.109 3683 -> 95.225.70.12 3998 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:53:29.739089 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:53:33.453965 0.188813 udp 10.0.2.109 3683 <-> 86.35.201.199 6591 CON 0 0 8 2828 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:53:33.650655 0.000000 udp 10.0.2.109 3683 -> 95.240.184.129 2287 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:53:40.584529 0.129029 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 8 2992 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:53:40.719524 0.673124 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 8 3037 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:53:41.456988 0.125562 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 8 3128 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:53:41.593992 0.000000 udp 10.0.2.109 3683 -> 85.99.2.207 6526 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:53:50.278345 0.000000 udp 10.0.2.109 3683 -> 94.156.9.242 5252 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:53:58.470259 0.000000 udp 10.0.2.109 3683 -> 88.250.90.136 4198 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:54:07.353071 0.000000 udp 10.0.2.109 3683 -> 85.189.141.67 2894 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:54:15.164144 0.000000 udp 10.0.2.109 3683 -> 88.228.12.22 8882 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:54:19.740656 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:54:22.955402 0.144895 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 8 2950 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:54:23.138828 0.000000 udp 10.0.2.109 3683 -> 93.186.217.108 1056 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:54:29.364665 0.000000 udp 10.0.2.109 3683 -> 93.82.199.194 2628 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:54:37.705991 0.802901 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 8 3061 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:54:38.503170 0.710895 rtp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 8 3117 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:54:39.308206 0.188446 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 8 3165 flow=From-Botnet-V1-UDP-Established 1970/02/04 02:54:39.502474 0.000000 udp 10.0.2.109 3683 -> 81.136.169.145 1024 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:54:47.690986 0.000000 udp 10.0.2.109 3683 -> 176.27.204.195 3554 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:54:53.179496 0.000000 udp 10.0.2.109 3683 -> 2.35.133.251 8254 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:54:59.718843 0.098207 udp 10.0.2.109 3683 -> 94.86.169.242 4073 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:54:59.817050 0.000000 icmp 94.86.255.2 0x0303 -> 10.0.2.109 0xe90f URP 192 1 194 flow=Background 1970/02/04 02:55:04.244541 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:55:04.824992 0.000000 udp 10.0.2.109 3683 -> 82.147.66.13 3871 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:55:10.633673 0.000000 udp 10.0.2.109 3683 -> 37.6.168.228 2379 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:55:18.405085 0.000000 udp 10.0.2.109 3683 -> 4.30.99.22 9656 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:55:21.232513 3.000676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 02:55:25.695655 0.000000 udp 10.0.2.109 3683 -> 37.232.50.126 4810 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:55:28.239240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:55:33.676584 0.000000 udp 10.0.2.109 3683 -> 178.3.248.69 2209 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:55:36.240901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:55:39.685656 0.000000 udp 10.0.2.109 3683 -> 79.81.64.63 5374 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:55:48.277878 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:55:52.243764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:55:53.244970 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:55:55.879102 0.000000 udp 10.0.2.109 3683 -> 74.94.246.181 6133 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:56:02.088042 0.000000 udp 10.0.2.109 3683 -> 116.246.37.19 5760 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:56:08.587115 0.000000 udp 10.0.2.109 3683 -> 105.224.29.66 3616 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:56:13.874788 0.000000 udp 10.0.2.109 3683 -> 190.167.194.206 3550 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:56:19.843120 0.000000 udp 10.0.2.109 3683 -> 46.236.14.130 3209 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:56:24.249557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 02:56:25.171532 0.000000 udp 10.0.2.109 3683 -> 46.14.97.231 4614 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:56:31.679706 0.000000 udp 10.0.2.109 3683 -> 186.45.156.133 5528 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:56:38.199738 0.000000 udp 10.0.2.109 3683 -> 24.107.135.112 2326 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 02:56:42.745408 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 02:56:44.479133 0.000000 udp 10.0.2.109 3683 -> 204.112.206.176 2548 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 03:02:28.256693 3.000324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 03:02:35.262949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:02:43.264537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:02:59.267339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:03:31.273527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:04:12.202902 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 03:04:12.203085 0.504606 tcp 10.0.2.109 51688 -> 176.73.169.112 1959 FSPA* 0 0 14 1623 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:09:35.279229 3.003257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 03:09:42.286936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:09:50.288433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:10:06.291188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:10:38.297469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:16:42.303716 3.001426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 03:16:49.310813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:16:57.316753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:17:13.317556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:17:45.321378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:23:49.327441 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 03:23:56.335093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:24:04.337102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:24:20.339476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:24:52.345266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:27:10.624867 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 03:27:10.624976 0.254116 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:10.810320 0.167999 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:11.084045 0.000000 udp 10.0.2.109 3683 -> 81.129.69.157 6148 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 03:27:26.839536 0.053960 tcp 10.0.2.109 51689 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:27:26.893760 0.061000 tcp 10.0.2.109 51690 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:27:26.955046 0.156813 tcp 10.0.2.109 51691 -> 195.113.214.211 443 SRPA* 0 0 43 35010 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:27:27.112416 0.172106 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:27.280113 0.163110 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:27.438037 0.079280 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2010 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:27.608144 0.143872 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:27.747695 0.094452 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:27.826986 0.053825 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:27.923363 0.051862 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:27.975171 0.032020 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:28.082488 0.140487 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:28.184467 0.113857 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:28.339041 0.167292 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:28.607167 0.122307 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:28.695818 0.069434 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:28.771858 0.092979 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:28.847209 0.355315 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:29.182064 0.168819 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:29.326539 0.310798 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:29.734761 0.335917 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:30.180741 0.157455 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:30.411702 0.350074 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:30.763375 0.396938 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:31.139031 0.000000 udp 10.0.2.109 3683 -> 93.198.222.119 8279 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 03:27:46.366204 0.052329 tcp 10.0.2.109 51692 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:27:46.418841 0.055239 tcp 10.0.2.109 51693 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:27:46.474349 0.156575 tcp 10.0.2.109 51694 -> 195.113.214.211 443 SRPA* 0 0 33 19398 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:27:46.631546 0.066036 udp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:46.681034 0.559695 udp 10.0.2.109 3683 <-> 115.240.7.71 6649 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:47.108471 0.115101 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:47.198240 0.076895 udp 10.0.2.109 3683 <-> 81.151.176.105 1084 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:47.336116 0.051852 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:47.384798 0.199291 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:27:47.513212 0.000000 udp 10.0.2.109 3683 -> 219.78.38.186 8414 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 03:28:04.201653 0.051927 tcp 10.0.2.109 51695 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:28:04.253891 0.053284 tcp 10.0.2.109 51696 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:28:04.307461 0.154212 tcp 10.0.2.109 51697 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:28:04.462377 0.250850 udp 10.0.2.109 3683 <-> 86.35.201.199 6591 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:28:04.693825 0.074410 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:28:04.830255 0.337223 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:28:05.247746 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 03:28:23.663234 0.053413 tcp 10.0.2.109 51698 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:28:23.716931 0.053809 tcp 10.0.2.109 51699 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:28:23.770991 0.260076 tcp 10.0.2.109 51700 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:28:24.031749 0.056678 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:28:24.182382 0.414631 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:28:24.576735 0.363816 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:28:25.066457 0.115167 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:30:56.352273 3.000899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 03:31:03.362238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:31:11.360583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:31:27.363355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:31:59.369304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:34:12.711036 0.000200 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 03:34:12.711350 0.474177 tcp 10.0.2.109 51701 -> 176.73.169.112 1959 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:38:03.375502 3.001546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 03:38:10.382943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:38:18.384495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:38:34.387160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:39:06.393313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:45:10.399607 3.001325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 03:45:17.406938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:45:25.408187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:45:41.411400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:46:13.417308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:54:12.429055 3.001273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 03:54:19.435927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:54:27.437881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:54:43.440662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:55:15.448754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 03:58:27.453143 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 03:58:27.453324 0.000000 udp 10.0.2.109 3683 -> 81.129.69.157 6148 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 03:58:46.221570 0.063508 tcp 10.0.2.109 51702 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:58:46.285390 0.060575 tcp 10.0.2.109 51703 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:58:46.346245 0.143821 tcp 10.0.2.109 51704 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:58:46.490640 0.000000 udp 10.0.2.109 3683 -> 93.198.222.119 8279 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 03:59:01.582295 0.051241 tcp 10.0.2.109 51705 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:59:01.633779 0.062740 tcp 10.0.2.109 51706 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:59:01.696726 0.157728 tcp 10.0.2.109 51707 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:59:01.855066 0.000000 udp 10.0.2.109 3683 -> 219.78.38.186 8414 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 03:59:18.576319 0.055455 tcp 10.0.2.109 51708 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:59:18.632066 0.058196 tcp 10.0.2.109 51709 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:59:18.690592 0.180439 tcp 10.0.2.109 51710 -> 195.113.214.211 443 SRPA* 0 0 43 34894 flow=From-Botnet-V1-TCP-Established 1970/02/04 03:59:18.871847 0.071254 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:18.926466 0.189311 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:19.107788 0.099733 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:19.203469 0.094264 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:19.283647 0.051335 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2542 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:19.359037 0.050699 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:19.420920 0.152512 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:19.565238 0.091193 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:19.630012 0.163533 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:19.788180 0.177314 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:19.961295 0.073751 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:20.018209 0.086804 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:20.085802 0.032006 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:20.116255 0.120598 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:20.198726 0.111647 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:20.273946 0.166100 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:20.449583 0.131736 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:20.540871 0.376871 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:20.896806 0.172722 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:21.047553 0.312752 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:21.361691 0.156095 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:21.528015 0.334885 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:21.873192 0.353549 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:22.223357 0.386015 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:22.590295 0.072615 udp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:22.645242 0.051020 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:22.694548 0.205602 rtp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:22.827601 0.074402 udp 10.0.2.109 3683 <-> 81.151.176.105 1084 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:22.886477 0.108475 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:22.955159 0.400307 udp 10.0.2.109 3683 <-> 115.240.7.71 6649 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:23.243687 0.093331 udp 10.0.2.109 3683 <-> 86.35.201.199 6591 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:23.320146 0.080018 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:23.383381 0.340178 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:23.725151 0.354733 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:24.081335 0.054941 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:24.176951 0.408626 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/04 03:59:24.562619 0.114356 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:01:19.453744 3.000561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 04:01:26.460055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:01:34.461606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:01:50.464771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:02:22.470632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:04:13.190024 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 04:04:13.190218 0.541919 tcp 10.0.2.109 51711 -> 176.73.169.112 1959 FSPA* 0 0 15 1750 flow=From-Botnet-V1-TCP-Established 1970/02/04 04:08:26.476814 3.001782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 04:08:33.483945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:08:41.485416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:08:57.488881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:09:29.494663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:15:33.500682 3.001434 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 04:15:40.507798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:15:48.509737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:16:04.512601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:16:36.518497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:22:40.524748 3.003783 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 04:22:47.534591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:22:55.533446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:23:11.536576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:23:43.542700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:29:38.333046 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 04:29:38.333210 0.083101 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:38.402570 0.194513 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:38.589237 0.095392 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 1965 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:38.653661 0.096505 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:38.733402 0.054521 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:38.787354 0.051126 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:38.858167 0.161952 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:39.004194 0.213798 rtp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:39.191192 0.163568 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:39.348676 0.178308 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:39.523451 0.031899 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:39.554115 0.114561 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:39.634214 0.124222 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:39.720635 0.166669 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:39.888774 0.125736 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:39.976512 0.370417 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:40.325860 0.065381 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:40.409112 0.090496 rtcp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:40.478751 0.167901 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:40.624762 0.344447 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:40.985292 0.153869 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:41.140938 0.352244 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:41.494398 0.073188 udp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:41.550811 0.049298 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:41.593327 0.202403 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:41.726422 0.073150 udp 10.0.2.109 3683 <-> 81.151.176.105 1084 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:41.782226 0.112387 rtp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:41.850736 0.354341 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:42.201225 0.394069 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:42.575994 0.384768 udp 10.0.2.109 3683 <-> 115.240.7.71 6649 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:42.830899 0.094485 udp 10.0.2.109 3683 <-> 86.35.201.199 6591 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:42.907395 0.074459 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2024 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:42.966956 0.345457 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:43.313889 0.417096 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:43.708146 0.106660 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:43.792320 0.342801 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:44.134623 0.055786 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:29:47.548154 3.002146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 04:29:54.555548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:30:02.557592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:30:18.560185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:30:50.566197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:34:13.738842 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 04:34:13.738944 0.450857 tcp 10.0.2.109 51712 -> 176.73.169.112 1959 FSPA* 0 0 15 1592 flow=From-Botnet-V1-TCP-Established 1970/02/04 04:36:54.573027 3.000891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 04:37:01.579753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:37:09.581315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:37:25.584276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:37:57.590213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:44:01.595856 3.023807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 04:44:08.614038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:44:16.615353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:44:32.618468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:45:04.624462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:53:29.632621 3.002043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 04:53:36.640679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:53:44.642415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:54:00.644865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:54:32.650461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 04:59:45.781396 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 04:59:45.781582 0.105993 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:45.850620 0.103939 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:45.937967 0.063606 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:46.113617 0.050964 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:46.190011 0.174542 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:46.349051 0.194679 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:46.535746 0.153070 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:46.684654 0.164288 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 1981 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:46.824742 0.163444 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:46.982937 0.172610 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:47.150815 0.031933 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:47.213747 0.122368 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:47.294874 0.113675 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:47.370006 0.169600 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:47.534966 0.130611 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:47.626459 0.343834 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:47.947969 0.070594 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:48.002802 0.086701 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:48.070032 0.171482 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/04 04:59:48.217899 0.350208 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 637 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:03.368714 0.055972 tcp 10.0.2.109 51713 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:00:03.424956 0.186538 tcp 10.0.2.109 51714 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:00:03.611773 0.161809 tcp 10.0.2.109 51715 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:00:03.773998 0.065141 udp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:03.823845 0.050513 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:03.920626 0.208647 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:04.057826 0.078006 udp 10.0.2.109 3683 <-> 81.151.176.105 1084 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:04.119030 0.115812 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:04.194593 0.158835 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:04.390819 0.335934 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:04.790457 0.358442 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:05.185325 0.395089 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:05.563139 0.000000 udp 10.0.2.109 3683 -> 115.240.7.71 6649 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 05:00:23.015461 0.051450 tcp 10.0.2.109 51716 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:00:23.067215 0.073203 tcp 10.0.2.109 51717 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:00:23.140692 0.169585 tcp 10.0.2.109 51718 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:00:23.310807 0.093712 udp 10.0.2.109 3683 <-> 86.35.201.199 6591 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:23.387725 0.074283 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:23.615919 0.107716 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:23.934704 0.336243 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:24.274313 0.415513 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:24.666931 0.348183 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:25.014843 0.056712 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:00:36.656714 3.002034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 05:00:43.664644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:00:52.577460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:01:08.393821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:01:40.008169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:04:14.197682 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 05:04:14.197827 0.490411 tcp 10.0.2.109 51719 -> 176.73.169.112 1959 FSPA* 0 0 15 1660 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:07:43.691569 3.001080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 05:07:50.697949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:07:58.700035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:08:14.702619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:08:46.709101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:14:50.715054 3.001545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 05:14:57.722600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:15:05.725064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:15:21.726860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:15:53.733022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:21:57.738852 3.001871 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 05:22:04.746476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:22:12.747900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:22:28.751033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:23:00.756339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:29:04.762487 3.002105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 05:29:11.770624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:29:19.771997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:29:35.774914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:30:07.780857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:30:26.708302 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 05:30:26.708405 0.355619 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:27.063670 0.000000 udp 10.0.2.109 3683 -> 115.240.7.71 6649 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 05:30:44.495968 0.053171 tcp 10.0.2.109 51720 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:30:44.549468 0.053696 tcp 10.0.2.109 51721 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:30:44.603458 0.160211 tcp 10.0.2.109 51722 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:30:44.764243 0.103199 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:44.832945 0.098194 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:44.938017 0.069980 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:44.991132 0.196770 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:45.179438 0.146883 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:45.318473 0.183871 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:45.474518 0.177234 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:45.645835 0.051042 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:45.698826 0.054924 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:45.779016 0.166058 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:45.994978 0.125904 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:46.082633 0.341542 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2648 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:46.404086 0.120822 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:46.501405 0.172603 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:46.670689 0.031962 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:46.797628 0.113527 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:46.873310 0.071981 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:46.952000 0.168818 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:47.157825 0.087901 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:47.268080 0.071721 udp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:47.322831 0.046729 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:47.366492 0.162745 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:47.570812 0.346788 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:48.006473 0.193492 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 6 2002 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:48.135211 0.076347 udp 10.0.2.109 3683 <-> 81.151.176.105 1084 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:48.216448 0.115940 rtp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:48.290729 0.395570 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:48.666277 0.368945 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:49.031505 0.077258 rtp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:49.090573 0.108885 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:30:49.177894 0.000000 udp 10.0.2.109 3683 -> 86.35.201.199 6591 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 05:31:06.085295 0.052394 tcp 10.0.2.109 51723 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:31:06.138009 0.053430 tcp 10.0.2.109 51724 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:31:06.191728 0.158795 tcp 10.0.2.109 51725 -> 195.113.214.211 443 SRPA* 0 0 33 17892 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:31:06.351039 0.351175 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:31:06.702010 0.416061 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:31:07.096393 0.347113 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:31:07.453275 0.058552 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/04 05:34:14.697719 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 05:34:14.697822 0.711913 tcp 10.0.2.109 51726 -> 176.73.169.112 1959 FSPA* 0 0 14 1664 flow=From-Botnet-V1-TCP-Established 1970/02/04 05:36:11.786086 3.002448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 05:36:18.794218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:36:26.795647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:36:42.798895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:37:14.805541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:43:18.812405 3.000247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 05:43:25.818681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:43:33.819916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:43:49.822407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:44:21.828883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:50:25.835440 3.012349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 05:50:32.852660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:50:40.853835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:50:56.856633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:51:28.863047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:57:32.868373 3.002170 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 05:57:39.876517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:57:47.877769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:58:03.880680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 05:58:35.887078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:01:21.635277 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 06:01:21.635388 0.095529 udp 10.0.2.109 3683 <-> 86.35.201.199 6591 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:21.711888 0.355380 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:22.136786 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 06:01:39.892960 0.054943 tcp 10.0.2.109 51727 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 06:01:39.948199 0.054522 tcp 10.0.2.109 51728 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 06:01:40.003100 0.152308 tcp 10.0.2.109 51729 -> 195.113.214.211 443 SRPA* 0 0 39 32158 flow=From-Botnet-V1-TCP-Established 1970/02/04 06:01:40.156113 0.129467 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:40.253887 0.098446 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:40.978314 0.194969 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:41.145734 0.191115 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:41.386513 0.050982 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:41.458695 0.051389 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:41.540173 0.171856 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:41.704858 0.163375 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:41.863353 1.516145 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:42.753582 0.123444 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:42.841492 0.112704 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:42.918632 0.190337 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:43.149474 0.034041 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:43.182548 0.115220 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:43.259296 0.066545 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:43.328308 0.350885 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:43.659490 0.052606 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:43.709421 0.155236 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:43.899976 0.386237 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:44.306038 0.085659 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:44.371456 0.168720 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:44.515999 0.070025 udp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:44.571168 0.115524 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:44.647023 0.388444 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:45.016886 0.199840 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:45.183810 0.087474 rtp 10.0.2.109 3683 <-> 81.151.176.105 1084 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:45.253178 0.078395 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:45.314165 0.462864 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:45.822523 0.104339 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:45.905162 0.336060 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:46.271227 0.055654 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:46.442810 0.409107 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:01:46.831866 0.376517 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:04:15.415386 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 06:04:15.415479 0.472789 tcp 10.0.2.109 51730 -> 176.73.169.112 1959 FSPA* 0 0 15 1730 flow=From-Botnet-V1-TCP-Established 1970/02/04 06:04:39.893072 3.001696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 06:04:46.900331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:04:54.901817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:05:10.904760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:05:42.910908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:11:46.917289 3.001203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 06:11:53.923702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:12:01.925520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:12:17.928750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:12:49.934600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:18:53.940928 3.001084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 06:19:00.951293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:19:08.949477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:19:24.963742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:19:56.968748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:26:00.973890 3.002442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 06:26:07.988418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:26:15.990825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:26:31.992705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:27:03.996886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:31:54.190289 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 06:31:54.190492 0.190092 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:54.364942 0.103824 udp 10.0.2.109 3683 <-> 86.35.201.199 6591 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:54.986975 0.359629 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:55.357543 0.100442 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:55.504000 0.095951 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:56.042882 0.315589 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:56.353349 0.194739 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:56.540370 0.050715 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:56.784728 0.053692 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:56.972704 0.166757 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:57.385532 0.162430 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:57.542473 0.123996 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:57.710994 0.147378 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:57.850619 0.125783 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:57.937931 0.176397 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:58.110938 0.033642 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:58.289508 0.148134 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:58.397201 0.076544 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:58.586978 0.344360 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:58.911367 0.047245 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:58.978299 0.156873 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:59.206169 0.169377 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:59.353356 0.071909 udp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:59.437565 0.109246 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:59.506691 0.428462 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:31:59.955091 0.090195 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:32:00.024252 0.386340 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:32:00.389774 0.203112 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:32:00.518011 0.072375 udp 10.0.2.109 3683 <-> 81.151.176.105 1084 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:32:00.572124 0.072963 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:32:00.628406 0.367966 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:32:00.992401 0.104037 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:32:01.072606 0.412174 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:32:01.461887 0.340975 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:32:01.869209 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 06:32:19.768756 0.053840 tcp 10.0.2.109 51731 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 06:32:19.822901 0.053191 tcp 10.0.2.109 51732 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 06:32:19.876406 0.221853 tcp 10.0.2.109 51733 -> 195.113.214.211 443 SRPA* 0 0 35 28434 flow=From-Botnet-V1-TCP-Established 1970/02/04 06:32:20.098833 0.352547 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/04 06:33:07.999131 3.001162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 06:33:15.005890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:33:23.007515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:33:39.010566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:34:11.016351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:34:15.893594 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 06:34:15.893764 0.453634 tcp 10.0.2.109 51734 -> 176.73.169.112 1959 FSPA* 0 0 15 1742 flow=From-Botnet-V1-TCP-Established 1970/02/04 06:40:15.022252 3.012090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 06:40:22.040161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:40:30.041673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:40:46.044500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:41:18.051008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:47:22.056515 3.011724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 06:47:29.074238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:47:37.075719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:47:53.080748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:48:25.088084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:55:21.095260 3.001879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 06:55:28.102925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:55:36.104520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:55:52.107392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 06:56:24.113335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:02:28.120675 3.000477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 07:02:35.126879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:02:43.128242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:02:50.078449 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 07:02:50.078586 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 07:02:59.131108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:03:08.997852 0.109158 tcp 10.0.2.109 51735 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:03:09.107303 0.053208 tcp 10.0.2.109 51736 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:03:09.160827 0.150116 tcp 10.0.2.109 51737 -> 195.113.214.211 443 SRPA* 0 0 43 22186 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:03:09.311225 0.704325 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:09.972822 0.094138 udp 10.0.2.109 3683 <-> 86.35.201.199 6591 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:10.049699 0.100453 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:10.116227 0.359584 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 5 2006 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:10.477199 0.188321 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:10.657940 0.051359 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:10.725424 0.051718 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:10.778592 0.164580 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:10.916980 0.099653 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:10.998525 0.116628 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:11.076058 0.169150 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:11.232160 0.131177 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:11.320880 0.163085 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:11.478836 0.169568 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:11.657116 0.116630 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:11.736368 0.071570 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1952 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:11.791188 0.345075 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:12.114353 0.055029 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:12.204819 0.032003 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:12.235656 0.173738 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:12.405554 0.066878 rtp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:12.454895 0.111655 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:12.528060 0.436243 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:12.965843 0.159170 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:13.123463 0.170342 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:13.268635 0.209121 udp 10.0.2.109 3683 <-> 41.38.1.59 8699 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:13.400868 0.000000 udp 10.0.2.109 3683 -> 81.151.176.105 1084 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 07:03:29.956137 0.052195 tcp 10.0.2.109 51738 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:03:30.008627 0.055175 tcp 10.0.2.109 51739 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:03:30.064101 0.157945 tcp 10.0.2.109 51740 -> 195.113.214.211 443 SRPA* 0 0 60 43800 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:03:30.222929 0.076191 rtp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:30.279922 0.383257 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:30.672815 0.395810 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:31.048864 0.089142 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:31.119769 0.104167 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:31.137192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:03:31.202345 0.413224 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:31.596115 0.342790 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:03:31.940767 0.341806 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:04:16.352834 2.949461 tcp 10.0.2.109 51741 -> 176.73.169.112 1959 FSPA* 0 0 14 1690 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:09:35.143515 3.006073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 07:09:42.150899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:09:50.152412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:10:06.155300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:10:38.161178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:16:42.169218 2.999866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 07:16:49.174804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:16:57.176228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:17:13.179177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:17:45.186322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:23:49.191734 3.006710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 07:23:56.198898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:24:04.200101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:24:20.203687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:24:52.209486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:30:56.219538 2.997256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 07:31:03.222750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:31:11.224600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:31:27.226884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:31:59.233086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:33:38.206314 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 07:33:38.206481 0.000000 udp 10.0.2.109 3683 -> 81.151.176.105 1084 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 07:33:56.863891 0.054070 tcp 10.0.2.109 51742 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:33:56.918287 0.053166 tcp 10.0.2.109 51743 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:33:56.971752 0.162110 tcp 10.0.2.109 51744 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:33:57.134568 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 07:34:14.578424 0.052637 tcp 10.0.2.109 51745 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:14.631384 0.057220 tcp 10.0.2.109 51746 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:14.688913 0.153190 tcp 10.0.2.109 51747 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:14.842701 0.103591 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:14.912617 0.310307 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:15.222658 0.190002 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:15.404859 0.051109 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:15.464801 0.051254 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:15.517516 0.205178 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:15.696698 0.101730 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:15.812557 0.000000 udp 10.0.2.109 3683 -> 86.35.201.199 6591 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 07:34:19.304853 0.520939 tcp 10.0.2.109 51748 -> 176.73.169.112 1959 FSPA* 0 0 15 1774 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:31.923363 0.051949 tcp 10.0.2.109 51749 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:31.975613 0.051300 tcp 10.0.2.109 51750 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:32.027169 0.150306 tcp 10.0.2.109 51751 -> 195.113.214.211 443 SRPA* 0 0 46 40750 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:32.177975 0.147631 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:32.317474 0.119638 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:32.396882 0.166221 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:32.572930 0.114794 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:32.650225 0.069642 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:32.703135 0.164357 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:32.861836 0.133128 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:32.952683 0.031631 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:33.349934 0.175883 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:33.653591 0.069952 udp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:33.708245 0.114517 rtp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:33.788799 0.443792 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:34.242658 0.161266 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:34.396922 0.408546 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:34.784495 0.153782 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:34.947915 0.169488 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:35.093941 0.000000 udp 10.0.2.109 3683 -> 41.38.1.59 8699 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 07:34:50.159445 0.052997 tcp 10.0.2.109 51752 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:50.212747 0.061876 tcp 10.0.2.109 51753 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:50.274890 0.158380 tcp 10.0.2.109 51754 -> 195.113.214.211 443 SRPA* 0 0 41 23492 flow=From-Botnet-V1-TCP-Established 1970/02/04 07:34:50.433134 0.078405 rtp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:50.495291 0.360568 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:50.852141 0.393436 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:51.228884 0.095210 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:51.303712 0.103224 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:51.384536 0.411748 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:51.776529 0.336543 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:34:52.114486 0.341238 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/04 07:38:03.238604 3.017865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 07:38:10.256199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:38:18.257762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:38:34.261111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:39:06.267180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:45:10.273960 3.004470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 07:45:17.280579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:45:25.282014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:45:41.285206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:46:13.291423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:54:15.317604 3.020906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 07:54:22.334435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:54:30.335817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:54:46.338746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 07:55:18.344660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:01:22.350737 3.001795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 08:01:29.358436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:01:37.359691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:01:53.363894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:02:25.368682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:04:19.833965 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 08:04:19.834215 0.470374 tcp 10.0.2.109 51755 -> 176.73.169.112 1959 FSPA* 0 0 14 1696 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:04:52.680801 0.072653 rtp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:04:52.735798 0.000000 udp 10.0.2.109 3683 -> 86.35.201.199 6591 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 08:05:09.806184 0.053178 tcp 10.0.2.109 51756 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:05:09.859697 0.052615 tcp 10.0.2.109 51757 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:05:09.912595 0.227380 tcp 10.0.2.109 51758 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:05:10.140489 0.000000 udp 10.0.2.109 3683 -> 41.38.1.59 8699 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 08:05:25.538348 0.052144 tcp 10.0.2.109 51759 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:05:25.590789 0.053417 tcp 10.0.2.109 51760 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:05:25.644483 0.160233 tcp 10.0.2.109 51761 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:05:25.805697 0.100890 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:25.873008 0.052732 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:25.947871 0.199880 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:26.123299 0.097987 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:26.205526 0.311794 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:26.535435 0.052408 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:26.604775 0.191324 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:26.789060 0.166784 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:26.957509 0.113583 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.035532 0.070975 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.090411 0.165032 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.249546 0.127060 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.338338 0.120605 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.422506 0.147500 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.564498 0.072554 udp 10.0.2.109 3683 <-> 87.153.127.64 4545 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.618508 0.105867 rtp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.684337 0.170699 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.852126 0.031828 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:27.890202 0.161809 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:28.053531 0.441381 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:28.518969 0.053089 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:28.568988 0.369737 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:28.948517 0.167721 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:29.094937 0.075712 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:29.152429 0.354409 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:29.503292 0.105401 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:29.583811 0.409040 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:29.974265 0.385913 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:30.339619 0.083982 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:30.404868 0.335477 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:05:30.741729 0.339313 rtp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:08:29.375074 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 08:08:36.382140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:08:44.383629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:09:00.386488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:09:32.392744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:15:36.399087 3.071002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 08:15:43.440985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:15:51.417640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:16:07.420104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:16:39.426814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:22:43.433037 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 08:22:50.440059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:22:58.441507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:23:14.444673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:23:46.450732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:29:50.457144 3.001092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 08:29:57.464001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:30:05.465657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:30:21.468821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:30:53.474871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:34:20.312556 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 08:34:20.312735 0.706017 tcp 10.0.2.109 51762 -> 176.73.169.112 1959 FSPA* 0 0 14 1555 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:35:31.454656 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 08:35:31.454761 0.073386 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:31.511783 0.101508 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:31.580025 0.056381 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:31.647172 0.082947 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:31.702486 0.101744 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:31.789803 0.311137 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:32.124508 0.051295 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:32.177040 0.197517 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:32.367386 0.166136 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:32.535497 0.116510 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:32.610938 0.065647 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:32.660606 0.162779 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:32.818229 0.129780 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:32.908577 0.121687 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:32.990575 0.146493 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:33.129054 0.000000 udp 10.0.2.109 3683 -> 87.153.127.64 4545 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 08:35:50.493311 0.052260 tcp 10.0.2.109 51763 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:35:50.545816 0.053253 tcp 10.0.2.109 51764 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:35:50.599372 0.154451 tcp 10.0.2.109 51765 -> 195.113.214.211 443 SRPA* 0 0 41 21646 flow=From-Botnet-V1-TCP-Established 1970/02/04 08:35:50.754591 0.113129 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:50.826814 0.175492 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:50.999494 0.033950 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:51.038381 0.048079 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:51.114906 0.389334 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:51.530645 0.158665 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:51.702598 0.428391 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:52.132632 0.168058 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:52.279604 0.074149 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:52.336278 0.351153 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:52.683641 0.531233 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:53.193335 0.401346 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:53.574511 0.337673 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:53.921058 0.394061 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:54.296032 0.091136 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:35:54.368719 0.386834 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/02/04 08:36:57.480670 3.001845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 08:37:04.487724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:37:12.489286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:37:28.492651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:38:00.498891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:44:04.504850 3.001496 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 08:44:11.512161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:44:19.513586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:44:35.516628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:45:07.524793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:53:31.530951 3.000407 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 08:53:38.537188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:53:46.538972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:54:02.541749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 08:54:34.548784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:00:38.553849 3.001305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 09:00:45.561284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:00:53.562757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:01:09.565624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:01:41.571605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:04:20.740774 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 09:04:20.740881 0.497298 tcp 10.0.2.109 51766 -> 176.73.169.112 1959 FSPA* 0 0 15 1758 flow=From-Botnet-V1-TCP-Established 1970/02/04 09:06:23.867856 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 09:06:23.868006 0.000000 udp 10.0.2.109 3683 -> 87.153.127.64 4545 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 09:06:41.935740 0.049871 tcp 10.0.2.109 51767 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 09:06:41.986003 0.052996 tcp 10.0.2.109 51768 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 09:06:42.039330 0.147613 tcp 10.0.2.109 51769 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/04 09:06:42.187419 0.052829 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:42.252298 0.143891 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:42.371184 0.097351 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:42.452415 0.074911 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:42.529096 0.102892 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:42.597293 0.051293 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:42.755366 0.198394 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:42.945934 0.309012 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:43.275127 0.113722 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:43.350362 0.068163 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:43.432289 0.163510 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:43.590672 0.128647 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:43.677866 0.123236 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:43.762776 0.166100 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:43.958012 0.151068 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:44.101243 0.111513 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:44.174024 0.189825 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:44.360967 0.384905 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:44.727852 0.154810 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:44.886674 0.034099 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:44.919664 0.046225 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:45.017903 0.427963 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:45.471104 0.174518 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:45.622392 0.075129 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:45.681952 0.352358 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:46.030309 0.345257 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:46.418632 0.824262 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:47.220605 0.416425 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:47.614026 0.363774 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:47.994714 0.386014 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:06:48.361939 0.087832 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:07:45.577135 3.002332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 09:07:52.585155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:08:00.586255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:08:16.589736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:08:48.595539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:14:52.601788 3.002131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 09:14:59.610950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:15:07.615773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:15:23.613438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:15:55.619570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:21:59.626201 3.000933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 09:22:06.633103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:22:14.692641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:22:30.657474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:23:02.663690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:29:06.669192 3.002024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 09:29:13.686504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:29:21.688902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:29:37.691702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:30:09.697791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:34:21.239805 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 09:34:21.240007 0.518764 tcp 10.0.2.109 51770 -> 176.73.169.112 1959 FSPA* 0 0 15 1782 flow=From-Botnet-V1-TCP-Established 1970/02/04 09:36:13.703731 3.001384 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 09:36:20.711069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:36:28.712367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:36:44.715562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:37:14.108053 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 09:37:14.108195 0.097612 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:14.187508 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 09:37:16.721439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:37:32.997090 0.050226 tcp 10.0.2.109 51771 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 09:37:33.047587 0.050183 tcp 10.0.2.109 51772 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 09:37:33.098080 0.162309 tcp 10.0.2.109 51773 -> 195.113.214.211 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/02/04 09:37:33.260908 0.107199 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:33.326972 0.050951 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:33.408284 0.196865 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:33.597725 0.052868 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:33.659492 0.089137 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:33.722628 0.309397 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:34.050738 0.118789 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:34.128341 0.075528 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:34.239829 0.163965 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:34.400240 0.139933 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2593 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:34.496144 0.127610 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2627 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:34.581382 0.166100 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:34.771085 0.152883 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:34.916355 0.114300 udp 10.0.2.109 3683 <-> 91.6.2.174 5333 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:34.992073 0.175689 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:35.178751 0.342839 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:35.501945 0.158426 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:35.662605 0.033514 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:35.694880 0.045931 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:35.763433 0.077390 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:35.823826 0.433854 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:36.286750 0.170541 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:36.432159 0.349767 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:36.778258 0.337384 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:37.142289 0.103793 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:37.221900 0.423875 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:37.619761 0.347846 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:37.968917 0.391862 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:37:38.342474 0.092399 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2581 flow=From-Botnet-V1-UDP-Established 1970/02/04 09:43:20.726986 3.012779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 09:43:27.745084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:43:35.746818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:43:51.749532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:44:23.765480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:50:27.772339 3.005550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 09:50:34.783130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:50:42.782675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:50:58.783662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:51:30.789612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:57:34.795885 3.000691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 09:57:41.803116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:57:49.804428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:58:05.807189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 09:58:37.813125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:04:21.759017 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 10:04:21.759125 0.531650 tcp 10.0.2.109 51774 -> 176.73.169.112 1959 FSPA* 0 0 14 1526 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:04:41.828112 3.003243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 10:04:48.836603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:04:56.838894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:05:12.841568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:05:44.847546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:07:56.287002 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 10:07:56.287196 0.166368 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:56.435819 0.101317 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:56.520186 0.189715 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:56.702307 0.052409 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:56.798043 0.087016 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:56.856945 0.100794 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:56.921313 0.050637 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:56.985666 0.309528 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:57.296543 0.114230 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:57.370184 0.068129 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:57.423973 0.163492 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:57.581208 0.128665 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:57.670539 0.118295 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:57.752179 0.168020 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:57.921341 0.153302 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:07:58.062511 0.000000 udp 10.0.2.109 3683 -> 91.6.2.174 5333 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 10:08:14.765087 0.051359 tcp 10.0.2.109 51775 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:08:14.816716 0.050147 tcp 10.0.2.109 51776 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:08:14.867270 0.150158 tcp 10.0.2.109 51777 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:08:15.017943 0.157074 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:15.187475 0.035825 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:15.251250 0.050459 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:15.387725 0.000000 udp 10.0.2.109 3683 -> 86.173.68.47 8833 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 10:08:34.341952 0.049900 tcp 10.0.2.109 51778 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:08:34.392112 0.053096 tcp 10.0.2.109 51779 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:08:34.445053 0.161602 tcp 10.0.2.109 51780 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:08:34.606886 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 10:08:49.713885 0.051732 tcp 10.0.2.109 51781 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:08:49.765888 0.050610 tcp 10.0.2.109 51782 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:08:49.816852 0.162545 tcp 10.0.2.109 51783 -> 195.113.214.211 443 SRPA* 0 0 41 24094 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:08:49.979935 0.350040 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:50.311960 0.427643 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:50.748233 0.170140 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:50.895098 0.351345 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:51.285242 0.412234 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:51.675607 0.388514 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:52.082243 0.353760 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:52.444261 0.109413 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:52.531001 0.384848 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:08:52.897345 0.092846 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:11:48.853438 3.001662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 10:11:55.860867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:12:03.862282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:12:19.865172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:12:51.871383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:18:55.877522 3.025636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 10:19:02.894668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:19:10.896557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:19:26.899432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:19:58.905490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:26:02.922610 3.091370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 10:26:09.985750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:26:17.940391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:26:33.943312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:27:05.949173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:33:09.955755 3.001277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 10:33:16.962824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:33:24.963990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:33:40.967589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:34:12.973460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:34:22.297265 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 10:34:22.297495 0.452510 tcp 10.0.2.109 51784 -> 176.73.169.112 1959 FSPA* 0 0 14 1592 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:39:05.624525 0.014554 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 10:39:05.639219 0.000000 udp 10.0.2.109 3683 -> 91.6.2.174 5333 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 10:39:24.073227 0.054827 tcp 10.0.2.109 51785 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:39:24.128363 0.053057 tcp 10.0.2.109 51786 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:39:24.181740 0.158650 tcp 10.0.2.109 51787 -> 195.113.214.211 443 SRPA* 0 0 41 21414 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:39:24.341041 0.000000 udp 10.0.2.109 3683 -> 86.173.68.47 8833 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 10:39:42.978534 0.052993 tcp 10.0.2.109 51788 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:39:43.031800 0.056720 tcp 10.0.2.109 51789 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:39:43.088860 0.170406 tcp 10.0.2.109 51790 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 10:39:43.259804 0.181602 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:43.436186 0.191678 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:43.621037 0.100885 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:43.732891 0.051430 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:43.806782 0.098440 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:43.885452 0.089972 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:43.949016 0.053953 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:44.007616 0.070070 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2015 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:44.061840 0.166140 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:44.294239 0.122469 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:44.382022 0.116582 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:44.459265 0.168388 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:44.638730 0.308379 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:44.958760 0.079846 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:45.021551 0.115783 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:45.098244 0.156224 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:45.241684 0.051672 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:45.285209 0.034062 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:45.429675 0.157811 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:45.589019 0.169893 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:45.735064 0.371487 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:46.087194 0.425261 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:46.558805 0.349068 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:46.903755 0.433591 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:47.308660 0.139830 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:47.427350 0.391952 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:47.801261 0.089609 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:47.872163 0.369344 rtp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:39:48.254855 0.347476 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/04 10:40:16.979067 3.001770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 10:40:23.986728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:40:31.988477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:40:47.991404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:41:19.999438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:47:24.003764 3.001285 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 10:47:31.010807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:47:39.012425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:47:55.019574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:48:27.021425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:55:20.028619 3.000883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 10:55:27.035491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:55:35.036533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:55:51.039933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 10:56:23.045838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:02:27.052087 3.001485 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 11:02:34.059340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:02:42.060861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:02:58.063785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:03:30.069741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:04:22.755904 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 11:04:22.756048 0.540766 tcp 10.0.2.109 51791 -> 176.73.169.112 1959 FSPA* 0 0 16 1810 flow=From-Botnet-V1-TCP-Established 1970/02/04 11:09:34.077081 3.000457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 11:09:41.083312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:09:49.084648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:10:01.562843 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 11:10:01.563006 0.102289 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:01.631846 0.050658 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:01.700145 0.096905 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:01.778625 0.091543 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:01.841861 0.052397 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:01.903367 0.177284 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:02.076429 0.195770 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:02.264626 0.207158 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:02.455028 0.165653 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:02.614826 0.133491 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:02.706866 0.115938 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:02.783325 0.167821 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:02.953770 0.311598 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:03.263823 0.072514 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:03.319645 0.118325 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:03.395729 0.168198 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:03.559461 0.053927 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:03.609549 0.034523 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:03.679733 0.155715 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:03.836915 0.166722 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:03.981768 0.353933 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:04.332065 0.385578 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:04.698398 0.366168 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:05.087748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:10:05.088126 0.409617 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:05.480817 0.109062 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:05.567572 0.391974 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:05.943800 0.091278 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:06.013103 0.354495 rtp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2538 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:06.368989 0.349076 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:10:37.093596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:16:41.100487 3.000857 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 11:16:48.107042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:16:56.108786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:17:12.111724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:17:44.121651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:23:48.124538 3.000792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 11:23:55.192162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:24:03.142880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:24:19.145557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:24:51.151711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:30:55.157837 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 11:31:02.165153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:31:10.168711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:31:26.169536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:31:58.175399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:34:23.304608 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 11:34:23.304706 0.484079 tcp 10.0.2.109 51792 -> 176.73.169.112 1959 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/02/04 11:38:02.182374 3.001007 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 11:38:09.188990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:38:17.190574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:38:33.194380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:39:05.199777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:40:27.828853 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 11:40:27.828954 0.098274 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:27.909893 0.145792 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:28.028062 0.049313 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:28.080454 0.097671 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:28.145480 0.050601 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:28.225683 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 11:40:47.187886 0.069292 tcp 10.0.2.109 51793 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 11:40:47.257471 0.052766 tcp 10.0.2.109 51794 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 11:40:47.310507 0.151642 tcp 10.0.2.109 51795 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/04 11:40:47.462807 0.190028 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:47.645058 0.073164 rtp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:47.700403 0.166599 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:47.878667 0.137803 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:47.976501 0.121794 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:48.056106 0.170564 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:48.270757 0.307536 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:48.577194 0.069911 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:48.645836 0.119382 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:48.725816 0.148350 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:48.866807 0.048116 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:40:48.933024 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 11:41:04.782481 0.051957 tcp 10.0.2.109 51796 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 11:41:04.834726 0.056165 tcp 10.0.2.109 51797 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 11:41:04.891261 0.178386 tcp 10.0.2.109 51798 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/04 11:41:05.070360 0.154678 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:05.236290 0.168682 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:05.380995 0.352582 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:05.729866 0.387234 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:06.098395 0.338566 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:06.527237 0.405132 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:06.910669 0.110446 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:07.019974 0.383640 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:07.387679 0.089813 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:07.659453 0.365697 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:41:08.070732 0.341898 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/04 11:45:09.206220 3.001529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 11:45:16.212955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:45:24.214526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:45:40.217694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:46:12.223501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:54:13.237820 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 11:54:20.245127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:54:28.246802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:54:44.249587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 11:55:16.255788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:01:20.261270 3.001973 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 12:01:27.269075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:01:35.270709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:01:51.273495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:02:23.279934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:04:23.792824 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 12:04:23.792924 0.543785 tcp 10.0.2.109 51799 -> 176.73.169.112 1959 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/02/04 12:08:27.287013 3.000241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 12:08:34.293259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:08:42.294744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:08:58.297564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:09:30.303792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:11:14.884037 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 12:11:14.884230 0.170808 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:15.051667 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 12:11:32.851510 0.059773 tcp 10.0.2.109 51800 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 12:11:32.911543 0.053464 tcp 10.0.2.109 51801 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 12:11:32.965328 0.156264 tcp 10.0.2.109 51802 -> 195.113.214.211 443 SRPA* 0 0 49 43560 flow=From-Botnet-V1-TCP-Established 1970/02/04 12:11:33.122268 0.087094 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:33.182439 0.097986 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:33.258833 0.102775 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:33.323882 0.048877 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:33.374037 0.050849 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:33.449351 0.073096 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:33.505560 0.188837 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:33.685916 0.137740 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:33.785836 0.163915 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:33.944110 0.309619 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:34.252551 0.067089 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:34.305111 0.112580 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:34.380477 0.146904 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:34.519575 0.044975 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:34.562373 0.167799 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 1975 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:34.730867 0.122417 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:34.813274 0.349900 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:35.193743 0.153405 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:35.348786 0.164692 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:35.491139 0.350241 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:35.821354 0.347526 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:36.169173 0.451980 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:36.605109 0.107822 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:36.828648 0.383220 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:37.192391 0.087116 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:37.257664 0.342959 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:11:37.610077 0.336262 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:15:34.309984 3.122072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 12:15:41.401191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:15:49.339711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:16:05.331457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:16:37.337743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:22:41.343456 3.001793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 12:22:48.350997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:22:56.352687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:23:12.355721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:23:44.361521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:29:48.368484 3.000830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 12:29:55.375285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:30:03.376563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:30:19.382703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:30:51.385476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:34:24.342335 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 12:34:24.342494 0.474595 tcp 10.0.2.109 51803 -> 176.73.169.112 1959 FSPA* 0 0 15 1636 flow=From-Botnet-V1-TCP-Established 1970/02/04 12:36:55.393340 3.012943 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 12:37:02.408966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:37:10.410878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:37:26.413342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:37:58.419619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:42:01.429296 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 12:42:01.429491 0.170648 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:01.596088 0.087490 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:01.698413 0.090857 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:01.772828 0.100832 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:01.845093 0.048661 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:01.972424 0.050997 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:02.064998 0.070021 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:02.120161 0.188155 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:02.300763 0.128808 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:02.391020 0.164942 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:02.550590 0.310333 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:02.859619 0.070812 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:02.912483 0.111937 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:02.988937 0.148072 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:03.127602 0.053893 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:03.172470 0.168465 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 1937 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:03.340274 0.112910 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:03.414819 0.169304 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:03.559315 0.383655 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:03.924028 0.349934 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:04.299457 0.156512 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:04.490647 0.344821 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:04.846881 0.413073 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:05.238448 0.107518 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:05.322862 0.356316 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:05.682740 0.341650 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:06.034958 0.385366 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:42:06.400799 0.092139 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/04 12:44:02.425932 3.001251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 12:44:09.433040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:44:17.434579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:44:33.437301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:45:05.443477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:53:30.452497 3.001271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 12:53:37.459824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:53:45.461209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:54:01.464632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 12:54:33.470412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:00:37.475774 3.002227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 13:00:44.483693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:00:52.485193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:01:08.488073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:01:40.493994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:04:24.820988 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 13:04:24.821093 0.392452 tcp 10.0.2.109 51804 -> 176.73.169.112 1959 FSPA* 0 0 13 1341 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:04:24.933258 0.053750 tcp 10.0.2.109 51805 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:04:24.987304 0.053310 tcp 10.0.2.109 51806 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:04:25.040920 0.147795 tcp 10.0.2.109 51807 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:04:25.213766 3.001809 tcp 10.0.2.109 51808 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:04:34.213994 0.000000 tcp 10.0.2.109 51808 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:04:40.213533 0.051645 tcp 10.0.2.109 51809 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:04:40.265503 0.051491 tcp 10.0.2.109 51810 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:04:40.317298 0.254700 tcp 10.0.2.109 51811 -> 195.113.214.211 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:04:40.584915 0.109854 tcp 10.0.2.109 51812 -> 176.73.169.112 1959 FSPA* 0 0 13 1341 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:04:40.695025 2.992413 tcp 10.0.2.109 51813 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:04:49.696071 0.000000 tcp 10.0.2.109 51813 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:07:44.499874 3.001920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 13:07:51.507471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:07:59.509104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:08:15.512098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:08:47.518230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:09:55.697185 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 13:09:55.697372 2.993508 tcp 10.0.2.109 51814 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:10:04.688959 0.000000 tcp 10.0.2.109 51814 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:10:10.699555 0.057099 tcp 10.0.2.109 51815 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:10:10.756876 0.052314 tcp 10.0.2.109 51816 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:10:10.809508 0.143248 tcp 10.0.2.109 51817 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:10:10.965017 0.385540 tcp 10.0.2.109 51818 -> 176.73.169.112 1959 FSPA* 0 0 13 1288 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:10:11.075101 0.052270 tcp 10.0.2.109 51819 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:10:11.127718 0.053143 tcp 10.0.2.109 51820 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:10:11.181178 0.158048 tcp 10.0.2.109 51821 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:10:11.350809 3.002134 tcp 10.0.2.109 51822 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:10:20.351771 0.000000 tcp 10.0.2.109 51822 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:10:26.350798 0.111818 tcp 10.0.2.109 51823 -> 176.73.169.112 1959 FSPA* 0 0 13 1288 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:12:20.094399 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 13:12:20.094564 0.091208 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:20.168188 0.100526 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:20.339511 0.049264 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:20.392743 0.051648 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:20.528403 0.178856 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:20.703479 0.082581 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:20.760321 0.070106 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:20.868951 0.194843 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:21.056119 0.129606 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:21.146357 0.161084 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:21.347013 0.310952 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:21.715376 0.067053 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:21.765959 0.115471 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:21.841347 0.146748 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:21.980271 0.050311 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:22.023637 0.167394 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:22.219111 0.107832 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:22.289919 0.169380 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:22.434873 0.380855 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:22.830047 0.349351 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:23.177881 0.353457 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:23.527627 0.158303 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:23.714712 0.410242 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:24.107168 0.104643 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:24.187109 0.369222 rtcp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:24.647233 0.334959 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:24.986725 0.581128 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:12:25.550549 0.088343 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:14:51.524481 3.001229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 13:14:58.531677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:15:06.535699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:15:22.539192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:15:26.462499 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 13:15:26.462587 3.003732 tcp 10.0.2.109 51824 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:15:35.464799 0.000000 tcp 10.0.2.109 51824 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:15:41.464628 0.059914 tcp 10.0.2.109 51825 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:15:41.524809 0.055657 tcp 10.0.2.109 51826 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:15:41.580830 0.157853 tcp 10.0.2.109 51827 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:15:41.937703 0.441672 tcp 10.0.2.109 51828 -> 176.73.169.112 1959 FSPA* 0 0 13 1241 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:15:42.048581 0.069773 tcp 10.0.2.109 51829 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:15:42.118686 0.055993 tcp 10.0.2.109 51830 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:15:42.175040 0.148667 tcp 10.0.2.109 51831 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:15:42.379614 3.003397 tcp 10.0.2.109 51832 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:15:51.377622 0.000000 tcp 10.0.2.109 51832 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:15:54.541862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:15:57.376461 0.109834 tcp 10.0.2.109 51833 -> 176.73.169.112 1959 FSPA* 0 0 11 1133 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:20:57.488175 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 13:20:57.488314 3.003877 tcp 10.0.2.109 51834 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:21:06.490739 0.000000 tcp 10.0.2.109 51834 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 13:21:12.490786 0.052617 tcp 10.0.2.109 51835 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:21:12.543684 0.053443 tcp 10.0.2.109 51836 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:21:12.597444 0.147432 tcp 10.0.2.109 51837 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:21:12.771378 0.614550 tcp 10.0.2.109 51838 -> 176.73.169.112 1959 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:21:58.547770 3.001890 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 13:22:05.555199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:22:13.556675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:22:29.560026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:23:01.566437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:29:05.572189 3.087598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 13:29:12.631629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:29:20.590874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:29:36.593856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:30:08.600491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:36:12.606268 3.001959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 13:36:19.613475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:36:27.614759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:36:43.617802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:37:15.624257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:42:46.279740 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 13:42:46.279832 0.048559 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:46.407623 0.050997 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:46.508952 0.172149 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:46.677923 0.088450 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:46.756713 0.075151 rtp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:46.889601 0.099026 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:46.972676 0.096418 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:47.076291 0.189063 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:47.257643 0.130561 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:47.346612 0.165478 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:47.506532 0.309777 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:47.815203 0.068124 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:47.866509 0.116822 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:47.945076 0.150516 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:48.087813 0.055700 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:48.141852 0.168253 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:48.287367 0.353160 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:48.620032 0.169400 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:48.812326 0.117625 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:48.892221 0.338845 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:49.246814 0.353527 rtcp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2616 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:49.596362 0.156167 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:49.754216 0.369162 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:50.162549 0.337782 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:50.501808 0.404887 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:50.887333 0.110614 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:50.974664 0.384388 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:42:51.342544 0.087691 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 1989 flow=From-Botnet-V1-UDP-Established 1970/02/04 13:43:19.630915 3.000862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 13:43:26.637491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:43:34.638902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:43:50.641759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:44:22.648213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:50:26.653919 3.001555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 13:50:33.661526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:50:41.662792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:50:57.665744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:51:13.389189 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 13:51:13.389291 0.525987 tcp 10.0.2.109 51839 -> 176.73.169.112 1959 FSPA* 0 0 14 1580 flow=From-Botnet-V1-TCP-Established 1970/02/04 13:51:29.672018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:57:33.677829 3.001763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 13:57:40.684729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:57:48.690724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:58:04.689970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 13:58:36.695366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:04:40.702283 3.001216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 14:04:47.709144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:04:55.710472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:05:11.713823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:05:43.719926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:11:47.726488 3.001208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 14:11:54.733338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:12:02.734761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:12:18.737910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:12:50.744075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:12:58.915902 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 14:12:58.916084 0.176500 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.088413 0.090274 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.151439 0.074262 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.210103 0.090687 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.282275 0.048312 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.340582 0.051301 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.414771 0.097184 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.479538 0.191129 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.663646 0.126831 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.750625 0.155829 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:12:59.906894 0.310276 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:00.215992 0.067265 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:00.267833 0.120769 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:00.348580 0.149991 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:00.489697 0.045680 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:00.547558 0.168000 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:00.693178 0.351378 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:01.022212 0.188430 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:01.252243 0.113600 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 1927 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:01.329867 0.157254 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:01.499390 0.335568 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:01.838554 0.355044 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2582 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:02.207316 0.354629 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:02.576961 0.337914 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:02.926001 0.409979 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:03.316853 0.104689 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:03.398467 0.392233 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:13:03.773393 0.089204 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:18:54.749522 3.025251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 14:19:01.767315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:19:09.788926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:19:25.791185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:19:57.798212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:21:13.917872 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 14:21:13.918094 3.008491 tcp 10.0.2.109 51840 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:21:22.920543 0.000000 tcp 10.0.2.109 51840 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:21:28.925583 0.052377 tcp 10.0.2.109 51841 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:21:28.978264 0.053230 tcp 10.0.2.109 51842 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:21:29.031806 0.147872 tcp 10.0.2.109 51843 -> 195.113.214.211 443 SRPA* 0 0 40 34544 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:21:29.217408 2.997298 tcp 10.0.2.109 51844 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:21:38.212165 0.000000 tcp 10.0.2.109 51844 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:21:44.211488 0.051856 tcp 10.0.2.109 51845 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:21:44.263559 0.052939 tcp 10.0.2.109 51846 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:21:44.316792 0.152275 tcp 10.0.2.109 51847 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:21:44.485501 2.999957 tcp 10.0.2.109 51848 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:21:53.483974 0.000000 tcp 10.0.2.109 51848 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:21:59.483249 3.003765 tcp 10.0.2.109 51849 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:22:08.485575 0.000000 tcp 10.0.2.109 51849 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:26:01.803534 3.001860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 14:26:08.811193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:26:16.813083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:26:32.815308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:27:04.821767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:27:14.491098 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 14:27:14.491258 2.993851 tcp 10.0.2.109 51850 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:27:23.478605 0.000000 tcp 10.0.2.109 51850 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:27:29.488964 0.052890 tcp 10.0.2.109 51851 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:27:29.542129 0.053614 tcp 10.0.2.109 51852 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:27:29.596036 0.147541 tcp 10.0.2.109 51853 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:27:29.786547 2.995232 tcp 10.0.2.109 51854 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:27:38.780750 0.000000 tcp 10.0.2.109 51854 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:27:44.779789 0.053623 tcp 10.0.2.109 51855 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:27:44.833719 0.053042 tcp 10.0.2.109 51856 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:27:44.887111 0.149541 tcp 10.0.2.109 51857 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:27:45.203817 3.000143 tcp 10.0.2.109 51858 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:27:54.202857 0.000000 tcp 10.0.2.109 51858 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:28:00.202246 3.005448 tcp 10.0.2.109 51859 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:28:09.204374 0.000000 tcp 10.0.2.109 51859 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:33:08.827011 3.002462 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 14:33:15.205107 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 14:33:15.205295 2.993281 tcp 10.0.2.109 51860 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:33:15.834726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:33:23.838320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:33:24.208434 0.000000 tcp 10.0.2.109 51860 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:33:30.208195 0.053361 tcp 10.0.2.109 51861 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:33:30.262220 0.053307 tcp 10.0.2.109 51862 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:33:30.315783 0.151909 tcp 10.0.2.109 51863 -> 195.113.214.211 443 SRPA* 0 0 46 41914 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:33:30.731142 2.999819 tcp 10.0.2.109 51864 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:33:39.729541 0.000000 tcp 10.0.2.109 51864 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:33:39.839603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:33:45.728782 0.053084 tcp 10.0.2.109 51865 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:33:45.782143 0.053230 tcp 10.0.2.109 51866 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:33:45.835692 0.169109 tcp 10.0.2.109 51867 -> 195.113.214.211 443 SRPA* 0 0 68 69850 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:33:46.043689 2.999298 tcp 10.0.2.109 51868 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:33:55.041501 0.000000 tcp 10.0.2.109 51868 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:34:01.040293 3.004364 tcp 10.0.2.109 51869 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:34:10.043334 0.000000 tcp 10.0.2.109 51869 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:34:11.845615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:39:16.043572 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 14:39:16.043670 3.003848 tcp 10.0.2.109 51870 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:39:25.056111 0.000000 tcp 10.0.2.109 51870 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:39:31.046359 0.054815 tcp 10.0.2.109 51871 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:39:31.101537 0.053057 tcp 10.0.2.109 51872 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:39:31.154861 0.151864 tcp 10.0.2.109 51873 -> 195.113.214.211 443 SRPA* 0 0 69 51244 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:39:31.415663 2.993704 tcp 10.0.2.109 51874 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:39:40.408421 0.000000 tcp 10.0.2.109 51874 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:39:46.419032 0.054050 tcp 10.0.2.109 51875 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:39:46.473555 0.053390 tcp 10.0.2.109 51876 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:39:46.527304 0.150757 tcp 10.0.2.109 51877 -> 195.113.214.211 443 SRPA* 0 0 33 19398 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:39:47.067228 3.000290 tcp 10.0.2.109 51878 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:39:56.063857 0.000000 tcp 10.0.2.109 51878 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:40:02.059503 3.004325 tcp 10.0.2.109 51879 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:40:11.068614 0.000000 tcp 10.0.2.109 51879 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:40:15.851505 3.002139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 14:40:22.859033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:40:30.860939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:40:46.863892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:41:18.869614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:43:30.619604 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 14:43:30.619738 0.247217 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 5 2049 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:45.652238 0.052414 tcp 10.0.2.109 51880 -> 195.113.214.219 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:43:45.704953 0.051109 tcp 10.0.2.109 51881 -> 195.113.214.211 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:43:45.756361 0.147259 tcp 10.0.2.109 51882 -> 195.113.214.211 443 SRPA* 0 0 24 13856 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:43:45.904211 0.087768 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:45.965063 0.072304 rtp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:46.055205 0.093769 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:46.290049 0.048602 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:46.426003 0.051258 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:46.563285 0.096964 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:46.624214 0.200341 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:46.814094 0.128630 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:46.903439 0.162841 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:47.228827 0.311216 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:47.538960 0.070171 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:47.596461 0.193478 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:47.750329 0.148652 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:47.890463 0.045823 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:47.989559 0.241874 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:48.208540 0.349013 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 1981 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:48.562110 0.161104 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:48.768138 0.337865 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:49.182828 0.167636 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:49.427993 0.119044 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:49.509324 0.350478 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:49.854983 0.352020 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:50.345518 0.335243 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:50.712227 0.383379 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:51.075262 0.090425 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:51.186045 0.405171 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:43:51.571423 0.107326 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/04 14:45:17.062428 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 14:45:17.062649 3.003721 tcp 10.0.2.109 51883 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:45:26.065300 0.000000 tcp 10.0.2.109 51883 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:45:32.064356 0.053399 tcp 10.0.2.109 51884 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:45:32.117612 0.053535 tcp 10.0.2.109 51885 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:45:32.171497 0.147547 tcp 10.0.2.109 51886 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:45:32.338504 3.000032 tcp 10.0.2.109 51887 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:45:41.347064 0.000000 tcp 10.0.2.109 51887 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:45:47.336486 0.051811 tcp 10.0.2.109 51888 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:45:47.388603 0.052685 tcp 10.0.2.109 51889 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:45:47.441566 0.145164 tcp 10.0.2.109 51890 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:45:47.595872 2.984714 tcp 10.0.2.109 51891 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:45:56.578919 0.000000 tcp 10.0.2.109 51891 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:46:02.587951 3.003745 tcp 10.0.2.109 51892 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:46:11.591531 0.000000 tcp 10.0.2.109 51892 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:47:22.876470 3.000553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 14:47:29.883041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:47:37.884739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:47:53.887697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:48:25.898567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:51:17.590785 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 14:51:17.590934 3.003776 tcp 10.0.2.109 51893 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:51:26.593104 0.000000 tcp 10.0.2.109 51893 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:51:32.593555 0.056184 tcp 10.0.2.109 51894 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:51:32.650022 0.053203 tcp 10.0.2.109 51895 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:51:32.703556 0.157116 tcp 10.0.2.109 51896 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:51:32.919562 3.006915 tcp 10.0.2.109 51897 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:51:41.925426 0.000000 tcp 10.0.2.109 51897 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:51:47.915188 0.051765 tcp 10.0.2.109 51898 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:51:47.967329 0.053838 tcp 10.0.2.109 51899 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:51:48.021466 0.191743 tcp 10.0.2.109 51900 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:51:48.226685 2.992317 tcp 10.0.2.109 51901 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:51:57.217793 0.000000 tcp 10.0.2.109 51901 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:52:03.226115 2.994401 tcp 10.0.2.109 51902 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:52:12.219567 0.000000 tcp 10.0.2.109 51902 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:55:16.907019 3.002115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 14:55:23.914837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:55:31.916333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:55:47.919081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:56:19.925562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 14:57:18.229883 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 14:57:18.230051 3.003494 tcp 10.0.2.109 51903 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:57:27.231892 0.000000 tcp 10.0.2.109 51903 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:57:33.232392 0.054941 tcp 10.0.2.109 51904 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:57:33.287695 0.054030 tcp 10.0.2.109 51905 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:57:33.342233 0.147723 tcp 10.0.2.109 51906 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:57:33.509627 3.005733 tcp 10.0.2.109 51907 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:57:42.513971 0.000000 tcp 10.0.2.109 51907 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:57:48.503585 0.052298 tcp 10.0.2.109 51908 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:57:48.556159 0.053526 tcp 10.0.2.109 51909 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:57:48.609960 0.144813 tcp 10.0.2.109 51910 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/04 14:57:48.780158 3.006910 tcp 10.0.2.109 51911 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:57:57.785340 0.000000 tcp 10.0.2.109 51911 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:58:03.774841 2.994434 tcp 10.0.2.109 51912 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 14:58:12.767677 0.000000 tcp 10.0.2.109 51912 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:02:23.931471 3.001461 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 15:02:30.938836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:02:38.940447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:02:54.943448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:03:18.778185 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 15:03:18.778347 3.002809 tcp 10.0.2.109 51913 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:03:26.949356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:03:27.780415 0.000000 tcp 10.0.2.109 51913 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:03:33.780605 0.051936 tcp 10.0.2.109 51914 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:03:33.832827 0.052700 tcp 10.0.2.109 51915 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:03:33.885815 0.141306 tcp 10.0.2.109 51916 -> 195.113.214.211 443 SRPA* 0 0 41 34010 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:03:34.060898 3.004215 tcp 10.0.2.109 51917 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:03:43.062388 0.000000 tcp 10.0.2.109 51917 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:03:49.061821 0.051387 tcp 10.0.2.109 51918 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:03:49.113566 0.053156 tcp 10.0.2.109 51919 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:03:49.167059 0.146950 tcp 10.0.2.109 51920 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:03:49.451872 3.003992 tcp 10.0.2.109 51921 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:03:58.455121 0.000000 tcp 10.0.2.109 51921 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:04:04.453782 3.003667 tcp 10.0.2.109 51922 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:04:13.467967 0.000000 tcp 10.0.2.109 51922 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:09:30.955918 3.001062 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 15:09:37.962415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:09:45.964449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:10:01.967450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:10:33.973287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:14:00.290377 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 15:14:00.290483 0.180023 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:00.467275 0.090025 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:00.529465 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 15:14:04.486110 2.994442 tcp 10.0.2.109 51923 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:14:13.478899 0.000000 tcp 10.0.2.109 51923 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:14:18.887982 0.052475 tcp 10.0.2.109 51924 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:14:18.940693 0.052896 tcp 10.0.2.109 51925 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:14:18.993867 0.151566 tcp 10.0.2.109 51926 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:14:19.145965 0.093588 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:19.222195 0.048530 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:19.487811 0.052237 tcp 10.0.2.109 51927 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:14:19.540311 0.053241 tcp 10.0.2.109 51928 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:14:19.593862 0.148007 tcp 10.0.2.109 51929 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:14:19.618562 0.051772 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:19.682783 0.097173 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:19.772184 2.999562 tcp 10.0.2.109 51930 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:14:19.772328 0.192635 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:19.958070 0.124943 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:20.046516 0.164961 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:20.205346 0.310918 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:20.515266 0.064862 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:20.587901 0.115696 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:20.664237 0.186791 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:20.827043 0.050608 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:20.885393 0.162583 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:21.070828 0.167825 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:21.214654 0.371672 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:21.568785 0.339615 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:21.938378 0.169954 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:22.146840 0.121254 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:22.226801 0.349691 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:22.572893 0.000000 udp 10.0.2.109 3683 -> 223.17.70.8 8575 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 15:14:28.770919 0.000000 tcp 10.0.2.109 51930 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:14:40.107793 0.053484 tcp 10.0.2.109 51931 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:14:40.161547 0.053405 tcp 10.0.2.109 51932 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:14:40.215293 0.144491 tcp 10.0.2.109 51933 -> 195.113.214.211 443 SRPA* 0 0 44 28476 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:14:40.360471 0.339495 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:40.704004 0.405772 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:41.092090 0.100681 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:41.171672 0.387382 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:14:41.542550 0.091193 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:16:37.979550 3.001411 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 15:16:44.986793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:16:52.988219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:17:08.991213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:17:40.997410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:19:34.771201 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 15:19:34.771395 3.002969 tcp 10.0.2.109 51934 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:19:43.773479 0.000000 tcp 10.0.2.109 51934 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:19:49.773964 0.053118 tcp 10.0.2.109 51935 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:19:49.827341 0.052797 tcp 10.0.2.109 51936 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:19:49.880473 0.147233 tcp 10.0.2.109 51937 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:19:50.128697 2.998571 tcp 10.0.2.109 51938 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:19:59.125642 0.000000 tcp 10.0.2.109 51938 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:20:05.125483 0.053513 tcp 10.0.2.109 51939 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:20:05.179344 0.052829 tcp 10.0.2.109 51940 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:20:05.232484 0.148665 tcp 10.0.2.109 51941 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:20:05.420974 2.998163 tcp 10.0.2.109 51942 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:20:14.428913 0.000000 tcp 10.0.2.109 51942 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:20:20.428729 2.983926 tcp 10.0.2.109 51943 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:20:29.415218 0.000000 tcp 10.0.2.109 51943 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:23:45.003098 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 15:23:52.010506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:24:00.011926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:24:16.015223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:24:48.021184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:25:35.419757 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 15:25:35.419943 3.003478 tcp 10.0.2.109 51944 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:25:44.422397 0.000000 tcp 10.0.2.109 51944 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:25:50.423004 0.053809 tcp 10.0.2.109 51945 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:25:50.477085 0.052806 tcp 10.0.2.109 51946 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:25:50.530213 0.144427 tcp 10.0.2.109 51947 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:25:50.701965 3.003635 tcp 10.0.2.109 51948 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:25:59.703500 0.000000 tcp 10.0.2.109 51948 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:26:05.703682 0.051964 tcp 10.0.2.109 51949 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:26:05.755926 0.052217 tcp 10.0.2.109 51950 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:26:05.808450 0.149143 tcp 10.0.2.109 51951 -> 195.113.214.211 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:26:06.006611 3.000867 tcp 10.0.2.109 51952 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:26:15.016071 0.000000 tcp 10.0.2.109 51952 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:26:21.005062 2.994068 tcp 10.0.2.109 51953 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:26:30.007748 0.000000 tcp 10.0.2.109 51953 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:30:52.027336 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 15:30:59.034041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:31:07.036055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:31:23.039299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:31:36.008388 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 15:31:36.008613 3.003226 tcp 10.0.2.109 51954 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:31:45.010441 0.000000 tcp 10.0.2.109 51954 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:31:51.011174 0.052980 tcp 10.0.2.109 51955 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:31:51.064448 0.052025 tcp 10.0.2.109 51956 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:31:51.116724 0.151586 tcp 10.0.2.109 51957 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:31:51.471686 3.002714 tcp 10.0.2.109 51958 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:31:55.044794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:32:00.472818 0.000000 tcp 10.0.2.109 51958 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:32:06.472152 0.052907 tcp 10.0.2.109 51959 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:32:06.525339 0.052746 tcp 10.0.2.109 51960 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:32:06.578451 0.154000 tcp 10.0.2.109 51961 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:32:06.792158 3.003927 tcp 10.0.2.109 51962 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:32:15.794528 0.000000 tcp 10.0.2.109 51962 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:32:21.793943 2.994020 tcp 10.0.2.109 51963 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:32:30.795816 0.000000 tcp 10.0.2.109 51963 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:37:36.796830 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 15:37:36.797005 2.993817 tcp 10.0.2.109 51964 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:37:45.789318 0.000000 tcp 10.0.2.109 51964 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:37:51.799612 0.052956 tcp 10.0.2.109 51965 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:37:51.852854 0.052667 tcp 10.0.2.109 51966 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:37:51.905783 0.147424 tcp 10.0.2.109 51967 -> 195.113.214.211 443 SRPA* 0 0 44 28514 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:37:52.064450 2.998129 tcp 10.0.2.109 51968 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:37:59.051639 3.001240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 15:38:01.061362 0.000000 tcp 10.0.2.109 51968 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:38:06.058572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:38:07.060845 0.053078 tcp 10.0.2.109 51969 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:38:07.113766 0.053742 tcp 10.0.2.109 51970 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:38:07.167827 0.143923 tcp 10.0.2.109 51971 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:38:07.323704 3.000920 tcp 10.0.2.109 51972 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:38:14.059844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:38:16.323057 0.000000 tcp 10.0.2.109 51972 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:38:22.322175 3.004108 tcp 10.0.2.109 51973 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:38:30.062850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:38:31.324774 0.000000 tcp 10.0.2.109 51973 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:39:02.068942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:44:49.358637 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 15:44:49.358836 0.078094 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:49.421603 0.344246 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:49.916040 0.175552 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.088751 0.089514 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.184368 0.048577 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.293484 0.051096 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.346382 0.097197 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.413376 0.190290 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.595733 0.094970 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.675124 0.134210 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2553 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.767371 0.065619 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.840083 0.172472 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:50.976087 0.154511 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:51.122882 0.046343 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:51.166407 0.170809 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:51.342720 0.325815 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:51.667164 0.165392 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:51.825110 0.350703 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:52.333020 3.003952 tcp 10.0.2.109 51974 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:44:52.337519 0.167422 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:52.482287 0.356396 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:52.855192 0.350736 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:53.202039 0.169659 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:53.382762 0.119050 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:53.464192 0.341003 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:53.818723 0.392959 rtcp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:54.193889 0.088867 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:54.262744 0.406245 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:44:54.650561 0.110508 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/04 15:45:01.335572 0.000000 tcp 10.0.2.109 51974 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:45:06.077259 2.999750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 15:45:07.336717 0.067211 tcp 10.0.2.109 51975 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:45:07.404244 0.051098 tcp 10.0.2.109 51976 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:45:07.455597 0.149151 tcp 10.0.2.109 51977 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:45:07.772057 2.987137 tcp 10.0.2.109 51978 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:45:13.085105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:45:16.757787 0.000000 tcp 10.0.2.109 51978 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:45:21.084138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:45:22.767045 0.055642 tcp 10.0.2.109 51979 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:45:22.823062 0.053348 tcp 10.0.2.109 51980 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:45:22.876790 0.145916 tcp 10.0.2.109 51981 -> 195.113.214.211 443 SRPA* 0 0 23 12502 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:45:23.097544 2.997040 tcp 10.0.2.109 51982 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:45:32.089702 0.000000 tcp 10.0.2.109 51982 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:45:37.088484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:45:38.099092 3.003630 tcp 10.0.2.109 51983 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:45:47.101818 0.000000 tcp 10.0.2.109 51983 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:46:09.093166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:50:53.101993 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 15:50:53.102154 3.003650 tcp 10.0.2.109 51984 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:51:02.104407 0.000000 tcp 10.0.2.109 51984 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:51:08.104768 0.053858 tcp 10.0.2.109 51985 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:51:08.158961 0.053262 tcp 10.0.2.109 51986 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:51:08.212530 0.146992 tcp 10.0.2.109 51987 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:51:08.415857 3.001983 tcp 10.0.2.109 51988 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:51:17.426306 0.000000 tcp 10.0.2.109 51988 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:51:23.415326 0.053382 tcp 10.0.2.109 51989 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:51:23.469026 0.052735 tcp 10.0.2.109 51990 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:51:23.522042 0.145261 tcp 10.0.2.109 51991 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:51:23.828451 3.001362 tcp 10.0.2.109 51992 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:51:32.828632 0.000000 tcp 10.0.2.109 51992 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:51:38.827438 2.994108 tcp 10.0.2.109 51993 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:51:47.822410 0.000000 tcp 10.0.2.109 51993 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:54:10.109619 2.999332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 15:54:17.114706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:54:25.117074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:54:41.122890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:55:13.125310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 15:56:53.830503 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 15:56:53.830698 3.003737 tcp 10.0.2.109 51994 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:57:02.833042 0.000000 tcp 10.0.2.109 51994 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:57:08.833219 0.053482 tcp 10.0.2.109 51995 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:57:08.886988 0.054007 tcp 10.0.2.109 51996 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:57:08.941263 0.146899 tcp 10.0.2.109 51997 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:57:09.155519 3.000794 tcp 10.0.2.109 51998 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:57:18.154859 0.000000 tcp 10.0.2.109 51998 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:57:24.154139 0.052327 tcp 10.0.2.109 51999 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:57:24.206814 0.052790 tcp 10.0.2.109 52000 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:57:24.259903 0.147974 tcp 10.0.2.109 52001 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 15:57:24.476412 2.991390 tcp 10.0.2.109 52002 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:57:33.476799 0.000000 tcp 10.0.2.109 52002 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:57:39.475733 2.994077 tcp 10.0.2.109 52003 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 15:57:48.468436 0.000000 tcp 10.0.2.109 52003 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:01:17.131530 3.001187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 16:01:24.138656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:01:32.140154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:01:48.143243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:02:20.149145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:02:54.479311 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 16:02:54.479431 3.003333 tcp 10.0.2.109 52004 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:03:03.481519 0.000000 tcp 10.0.2.109 52004 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:03:09.482524 0.052364 tcp 10.0.2.109 52005 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:03:09.535168 0.054259 tcp 10.0.2.109 52006 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:03:09.589716 0.145460 tcp 10.0.2.109 52007 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:03:09.849031 3.005965 tcp 10.0.2.109 52008 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:03:18.853227 0.000000 tcp 10.0.2.109 52008 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:03:24.842934 0.052583 tcp 10.0.2.109 52009 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:03:24.895853 0.053541 tcp 10.0.2.109 52010 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:03:24.949649 0.148346 tcp 10.0.2.109 52011 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:03:25.109393 3.007192 tcp 10.0.2.109 52012 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:03:34.115398 0.000000 tcp 10.0.2.109 52012 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:03:40.104366 2.994484 tcp 10.0.2.109 52013 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:03:49.106899 0.000000 tcp 10.0.2.109 52013 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:08:24.155816 3.001295 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 16:08:31.162575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:08:39.164414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:08:55.166979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:09:27.173327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:14:55.075112 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 16:14:55.075303 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 16:15:12.882360 0.052819 tcp 10.0.2.109 52014 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:15:12.935533 0.055110 tcp 10.0.2.109 52015 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:15:12.990506 0.152058 tcp 10.0.2.109 52016 -> 195.113.214.211 443 SRPA* 0 0 32 24224 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:15:13.143130 0.353481 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:13.511914 0.175237 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:13.684356 0.183626 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:13.842678 0.049300 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:13.936332 0.050642 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:14.047745 0.099844 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:14.111765 0.199257 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:14.303648 0.094630 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:14.378455 0.129146 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:14.467959 0.067623 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:14.522371 0.112338 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:14.597298 0.156151 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:14.745938 0.051444 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:14.793922 0.158469 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:15.023189 0.372350 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:15.394445 0.158829 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:15.566669 0.398468 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:16.007613 0.349051 rtcp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:16.453317 0.168794 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:16.599177 0.353100 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:16.948193 0.169572 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:17.174934 0.115986 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:17.253262 0.335982 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:17.617027 0.403927 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:18.001019 0.102677 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:18.091017 0.390493 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:18.462927 0.113195 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:15:25.150177 3.001714 tcp 10.0.2.109 52017 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:15:31.178554 3.002295 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 16:15:34.150792 0.000000 tcp 10.0.2.109 52017 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:15:38.190569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:15:40.152145 0.052832 tcp 10.0.2.109 52018 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:15:40.205289 0.052952 tcp 10.0.2.109 52019 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:15:40.258516 0.147336 tcp 10.0.2.109 52020 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:15:40.424953 2.999159 tcp 10.0.2.109 52021 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:15:46.188086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:15:49.425097 0.000000 tcp 10.0.2.109 52021 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:15:55.423731 0.053282 tcp 10.0.2.109 52022 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:15:55.477256 0.053219 tcp 10.0.2.109 52023 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:15:55.530814 0.144771 tcp 10.0.2.109 52024 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:15:55.729965 3.006008 tcp 10.0.2.109 52025 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:16:02.192637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:16:04.734907 0.000000 tcp 10.0.2.109 52025 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:16:10.723662 3.003884 tcp 10.0.2.109 52026 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:16:19.736304 0.000000 tcp 10.0.2.109 52026 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:16:34.197303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:21:25.726794 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 16:21:25.726941 2.993813 tcp 10.0.2.109 52027 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:21:34.719062 0.000000 tcp 10.0.2.109 52027 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:21:40.729265 0.054152 tcp 10.0.2.109 52028 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:21:40.783681 0.053508 tcp 10.0.2.109 52029 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:21:40.837494 0.148469 tcp 10.0.2.109 52030 -> 195.113.214.211 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:21:41.029210 3.003278 tcp 10.0.2.109 52031 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:21:50.031089 0.000000 tcp 10.0.2.109 52031 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:21:56.030558 0.052640 tcp 10.0.2.109 52032 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:21:56.083508 0.053576 tcp 10.0.2.109 52033 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:21:56.137336 0.145033 tcp 10.0.2.109 52034 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:21:56.386485 2.998185 tcp 10.0.2.109 52035 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:22:05.416604 0.000000 tcp 10.0.2.109 52035 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:22:11.382274 3.004103 tcp 10.0.2.109 52036 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:22:20.385121 0.000000 tcp 10.0.2.109 52036 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:22:38.204593 3.000531 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 16:22:45.210663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:22:53.211890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:23:09.215092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:23:41.221257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:27:26.385318 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 16:27:26.385422 2.993744 tcp 10.0.2.109 52037 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:27:35.377667 0.000000 tcp 10.0.2.109 52037 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:27:41.388027 0.052841 tcp 10.0.2.109 52038 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:27:41.441179 0.053462 tcp 10.0.2.109 52039 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:27:41.494901 0.148928 tcp 10.0.2.109 52040 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:27:41.688808 3.003787 tcp 10.0.2.109 52041 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:27:50.689526 0.000000 tcp 10.0.2.109 52041 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:27:56.689107 0.051569 tcp 10.0.2.109 52042 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:27:56.740966 0.052644 tcp 10.0.2.109 52043 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:27:56.793911 0.150657 tcp 10.0.2.109 52044 -> 195.113.214.211 443 SRPA* 0 0 71 54534 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:27:56.982864 3.000374 tcp 10.0.2.109 52045 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:28:05.981779 0.000000 tcp 10.0.2.109 52045 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:28:11.980632 3.003420 tcp 10.0.2.109 52046 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:28:20.986531 0.000000 tcp 10.0.2.109 52046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:29:45.226885 3.001973 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 16:29:52.234874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:30:00.236131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:30:16.239048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:30:48.245103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:33:26.983651 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 16:33:26.983800 3.003581 tcp 10.0.2.109 52047 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:33:35.995995 0.000000 tcp 10.0.2.109 52047 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:33:41.987145 0.053218 tcp 10.0.2.109 52048 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:33:42.040637 0.053012 tcp 10.0.2.109 52049 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:33:42.093965 0.148532 tcp 10.0.2.109 52050 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:33:42.388637 3.000991 tcp 10.0.2.109 52051 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:33:51.388599 0.000000 tcp 10.0.2.109 52051 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:33:57.387573 0.052894 tcp 10.0.2.109 52052 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:33:57.440748 0.054981 tcp 10.0.2.109 52053 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:33:57.496061 0.147628 tcp 10.0.2.109 52054 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:33:57.705631 2.995436 tcp 10.0.2.109 52055 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:34:06.700642 0.000000 tcp 10.0.2.109 52055 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:34:12.699447 3.003444 tcp 10.0.2.109 52056 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:34:21.701760 0.000000 tcp 10.0.2.109 52056 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:36:52.251193 3.001501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 16:36:59.258415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:37:07.259950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:37:23.263075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:37:55.268903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:43:59.275814 3.000691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 16:44:06.282573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:44:14.283901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:44:30.292350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:45:02.293019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:45:30.053244 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 16:45:30.053351 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 16:45:46.147969 0.054424 tcp 10.0.2.109 52057 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:45:46.202707 0.101085 tcp 10.0.2.109 52058 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:45:46.304069 0.148937 tcp 10.0.2.109 52059 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:45:46.453828 0.198700 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:46.624203 0.048336 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:46.738767 0.050729 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:46.892423 0.388351 rtp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:47.297781 0.173415 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:47.468451 0.102241 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:47.536197 0.200318 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:47.729400 0.091677 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:47.806204 0.129755 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:47.896381 0.067045 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:48.010768 0.112999 rtp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:48.085892 0.162347 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 1889 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:48.239733 0.048012 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:48.290903 0.158973 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:48.466774 0.344891 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:48.791116 0.310148 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:49.114767 0.165393 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:49.274579 0.351070 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:49.689352 0.349513 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:50.037298 0.164660 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:50.180280 0.169455 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:50.382738 0.120807 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:50.464490 0.373456 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:50.849867 0.414720 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:51.240812 0.086271 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:51.307019 0.104012 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:51.387051 0.385278 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/04 16:45:57.744379 3.002643 tcp 10.0.2.109 52060 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:46:06.745615 0.000000 tcp 10.0.2.109 52060 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:46:12.744806 0.053460 tcp 10.0.2.109 52061 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:46:12.798537 0.054138 tcp 10.0.2.109 52062 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:46:12.852941 0.152448 tcp 10.0.2.109 52063 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:46:13.021028 2.997820 tcp 10.0.2.109 52064 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:46:22.017091 0.000000 tcp 10.0.2.109 52064 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:46:28.016778 0.052401 tcp 10.0.2.109 52065 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:46:28.069499 0.053318 tcp 10.0.2.109 52066 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:46:28.123162 0.145566 tcp 10.0.2.109 52067 -> 195.113.214.211 443 SRPA* 0 0 46 41600 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:46:28.329199 3.001278 tcp 10.0.2.109 52068 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:46:37.329411 0.000000 tcp 10.0.2.109 52068 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:46:43.328063 3.004727 tcp 10.0.2.109 52069 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:46:52.330956 0.000000 tcp 10.0.2.109 52069 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:51:58.331566 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 16:51:58.331720 3.003738 tcp 10.0.2.109 52070 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:52:07.334186 0.000000 tcp 10.0.2.109 52070 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:52:13.334409 0.053501 tcp 10.0.2.109 52071 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:52:13.388176 0.053700 tcp 10.0.2.109 52072 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:52:13.442212 0.146575 tcp 10.0.2.109 52073 -> 195.113.214.211 443 SRPA* 0 0 47 28426 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:52:13.621660 3.005652 tcp 10.0.2.109 52074 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:52:22.635886 0.000000 tcp 10.0.2.109 52074 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:52:28.615266 0.052912 tcp 10.0.2.109 52075 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:52:28.668497 0.053495 tcp 10.0.2.109 52076 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:52:28.722430 0.145417 tcp 10.0.2.109 52077 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:52:28.887104 2.992138 tcp 10.0.2.109 52078 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:52:37.888023 0.000000 tcp 10.0.2.109 52078 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:52:43.886950 2.994006 tcp 10.0.2.109 52079 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:52:52.879696 0.000000 tcp 10.0.2.109 52079 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:53:27.302227 3.001138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 16:53:34.309107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:53:42.310497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:53:58.313763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:54:30.319698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 16:57:58.890267 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 16:57:58.890430 3.003406 tcp 10.0.2.109 52080 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:58:07.891980 0.000000 tcp 10.0.2.109 52080 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:58:13.893105 0.054075 tcp 10.0.2.109 52081 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:58:13.947439 0.054776 tcp 10.0.2.109 52082 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:58:14.002581 0.145464 tcp 10.0.2.109 52083 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:58:14.157649 3.007970 tcp 10.0.2.109 52084 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:58:23.164891 0.000000 tcp 10.0.2.109 52084 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:58:29.153995 0.053605 tcp 10.0.2.109 52085 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:58:29.207938 0.054700 tcp 10.0.2.109 52086 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:58:29.262913 0.144070 tcp 10.0.2.109 52087 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/04 16:58:29.418612 2.999220 tcp 10.0.2.109 52088 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:58:38.426715 0.000000 tcp 10.0.2.109 52088 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:58:44.417380 2.991975 tcp 10.0.2.109 52089 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 16:58:53.418246 0.000000 tcp 10.0.2.109 52089 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:00:34.326673 3.000837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 17:00:41.333132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:00:49.334577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:01:05.337697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:01:37.474296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:03:59.418726 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 17:03:59.418853 3.003177 tcp 10.0.2.109 52090 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:04:08.420796 0.000000 tcp 10.0.2.109 52090 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:04:14.420858 0.052666 tcp 10.0.2.109 52091 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:04:14.473871 0.052636 tcp 10.0.2.109 52092 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:04:14.526811 0.145036 tcp 10.0.2.109 52093 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:04:14.698021 3.005510 tcp 10.0.2.109 52094 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:04:23.702196 0.000000 tcp 10.0.2.109 52094 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:04:29.692341 0.051754 tcp 10.0.2.109 52095 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:04:29.744411 0.053049 tcp 10.0.2.109 52096 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:04:29.797787 0.149409 tcp 10.0.2.109 52097 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:04:29.957674 3.007781 tcp 10.0.2.109 52098 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:04:38.964847 0.000000 tcp 10.0.2.109 52098 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:04:44.953556 2.993873 tcp 10.0.2.109 52099 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:04:53.956095 0.000000 tcp 10.0.2.109 52099 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:07:41.359551 3.001626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 17:07:48.366968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:07:56.368612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:08:12.371635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:08:44.378049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:14:48.384900 3.000698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 17:14:55.395716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:15:03.392479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:15:19.395387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:15:51.401580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:16:01.306267 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 17:16:01.306451 0.050863 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:01.409174 0.192137 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:01.574758 0.048141 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:01.672289 0.318743 rtp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:02.084602 0.176261 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:02.258316 0.098355 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:02.330379 0.194194 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:02.516367 0.094150 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:02.594001 0.125903 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:02.680323 0.063933 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:02.798945 0.115562 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:02.875305 0.157797 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:03.025951 0.053027 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:03.074656 0.161095 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:03.246301 0.343402 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:03.572331 0.350450 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:03.919051 0.338040 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:04.343399 0.309564 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:04.651736 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 17:16:14.997956 2.991662 tcp 10.0.2.109 52100 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:16:21.347141 0.053146 tcp 10.0.2.109 52101 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:16:21.400575 0.053901 tcp 10.0.2.109 52102 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:16:21.454753 0.147947 tcp 10.0.2.109 52103 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:16:21.603336 0.166455 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:21.747773 0.169844 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:22.023424 0.440963 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:22.426242 0.457082 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:22.943046 0.103353 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:23.023802 0.386145 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2570 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:23.391592 0.620542 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:23.988521 0.000000 tcp 10.0.2.109 52100 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:16:23.995055 0.085542 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:16:29.997489 0.030118 tcp 10.0.2.109 52104 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:16:30.027903 0.053216 tcp 10.0.2.109 52105 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:16:30.081486 0.150577 tcp 10.0.2.109 52106 -> 195.113.214.211 443 SRPA* 0 0 33 17670 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:16:30.253435 2.998485 tcp 10.0.2.109 52107 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:16:39.250297 0.000000 tcp 10.0.2.109 52107 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:16:45.249634 0.053156 tcp 10.0.2.109 52108 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:16:45.303051 0.052493 tcp 10.0.2.109 52109 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:16:45.355869 0.145531 tcp 10.0.2.109 52110 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:16:45.535590 2.998028 tcp 10.0.2.109 52111 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:16:54.532546 0.000000 tcp 10.0.2.109 52111 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:17:00.531108 3.004387 tcp 10.0.2.109 52112 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:17:09.533943 0.000000 tcp 10.0.2.109 52112 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:21:55.407831 3.012555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 17:22:02.424931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:22:10.426691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:22:15.534323 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 17:22:15.534509 2.993721 tcp 10.0.2.109 52113 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:22:24.536592 0.000000 tcp 10.0.2.109 52113 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:22:26.429500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:22:30.537151 0.052684 tcp 10.0.2.109 52114 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:22:30.590115 0.053244 tcp 10.0.2.109 52115 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:22:30.643723 0.150139 tcp 10.0.2.109 52116 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:22:30.859496 3.001009 tcp 10.0.2.109 52117 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:22:39.859074 0.000000 tcp 10.0.2.109 52117 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:22:45.857733 0.052691 tcp 10.0.2.109 52118 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:22:45.910775 0.054189 tcp 10.0.2.109 52119 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:22:45.965298 0.144611 tcp 10.0.2.109 52120 -> 195.113.214.211 443 SRPA* 0 0 39 20854 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:22:46.168785 3.003388 tcp 10.0.2.109 52121 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:22:55.170945 0.000000 tcp 10.0.2.109 52121 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:22:58.435664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:23:01.169653 3.004332 tcp 10.0.2.109 52122 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:23:10.172515 0.000000 tcp 10.0.2.109 52122 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:28:16.173112 0.000214 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 17:28:16.173429 3.003236 tcp 10.0.2.109 52123 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:28:25.175239 0.000000 tcp 10.0.2.109 52123 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:28:31.175680 0.063020 tcp 10.0.2.109 52124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:28:31.239049 0.061459 tcp 10.0.2.109 52125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:28:31.300815 0.152875 tcp 10.0.2.109 52126 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:28:31.551875 2.997117 tcp 10.0.2.109 52127 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:28:40.547385 0.000000 tcp 10.0.2.109 52127 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:28:46.548658 0.061303 tcp 10.0.2.109 52128 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:28:46.610292 0.061250 tcp 10.0.2.109 52129 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:28:46.671787 0.155565 tcp 10.0.2.109 52130 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:28:47.044368 2.996833 tcp 10.0.2.109 52131 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:28:56.039549 0.000000 tcp 10.0.2.109 52131 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:29:02.038312 3.004266 tcp 10.0.2.109 52132 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:29:02.442046 3.001117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 17:29:09.449107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:29:11.044979 0.000000 tcp 10.0.2.109 52132 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:29:17.450685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:29:33.453534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:30:05.459566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:34:17.041803 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 17:34:17.041918 3.003688 tcp 10.0.2.109 52133 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:34:26.044301 0.000000 tcp 10.0.2.109 52133 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:34:32.044745 0.063756 tcp 10.0.2.109 52134 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:34:32.108856 0.062075 tcp 10.0.2.109 52135 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:34:32.171219 0.156542 tcp 10.0.2.109 52136 -> 195.113.214.211 443 SRPA* 0 0 77 57788 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:34:32.337241 3.000086 tcp 10.0.2.109 52137 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:34:41.346486 0.000000 tcp 10.0.2.109 52137 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:34:47.335528 0.061386 tcp 10.0.2.109 52138 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:34:47.397230 0.062404 tcp 10.0.2.109 52139 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:34:47.459997 0.155517 tcp 10.0.2.109 52140 -> 195.113.214.211 443 SRPA* 0 0 42 37898 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:34:47.626945 2.993633 tcp 10.0.2.109 52141 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:34:56.618475 0.000000 tcp 10.0.2.109 52141 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:35:02.636576 2.994576 tcp 10.0.2.109 52142 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:35:11.629523 0.000000 tcp 10.0.2.109 52142 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:36:09.465757 3.001415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 17:36:16.472820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:36:24.474430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:36:40.477751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:37:12.483436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:43:16.490353 3.001062 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 17:43:23.496953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:43:31.498540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:43:47.501491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:44:19.507421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:46:45.698219 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 17:46:45.698317 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 17:47:02.593581 0.063019 tcp 10.0.2.109 52143 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:47:02.656877 0.062195 tcp 10.0.2.109 52144 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:47:02.719415 0.152327 tcp 10.0.2.109 52145 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:47:02.872320 0.048497 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:02.939132 0.352513 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:03.323173 0.051128 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:03.431513 0.084531 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:03.491515 0.096814 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:03.556451 0.188317 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:03.737171 0.092165 rtp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:03.812650 0.176789 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:03.986576 0.066157 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:04.034937 0.115344 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:04.109531 0.153693 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:04.255568 0.127411 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:04.346411 0.338751 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:04.668493 0.352388 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2017 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:05.017485 0.155650 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:05.196233 0.061194 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:05.249609 0.311622 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:05.558744 0.344631 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:05.926269 0.166593 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:06.071877 0.175537 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:06.262415 0.121347 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:06.344578 0.444484 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:06.798413 0.105003 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:06.880165 0.090568 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:06.949447 0.384837 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:07.318034 0.410644 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/04 17:47:17.684049 2.993804 tcp 10.0.2.109 52146 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:47:26.685904 0.000000 tcp 10.0.2.109 52146 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:47:32.685675 0.062112 tcp 10.0.2.109 52147 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:47:32.748100 0.062620 tcp 10.0.2.109 52148 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:47:32.811020 0.158300 tcp 10.0.2.109 52149 -> 195.113.214.211 443 SRPA* 0 0 49 38826 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:47:33.078948 2.991270 tcp 10.0.2.109 52150 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:47:42.068807 0.000000 tcp 10.0.2.109 52150 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:47:48.078406 0.061239 tcp 10.0.2.109 52151 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:47:48.139987 0.062847 tcp 10.0.2.109 52152 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:47:48.203072 0.154334 tcp 10.0.2.109 52153 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:47:48.404526 2.997442 tcp 10.0.2.109 52154 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:47:57.400838 0.000000 tcp 10.0.2.109 52154 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:48:03.399495 3.005891 tcp 10.0.2.109 52155 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:48:12.405378 0.000000 tcp 10.0.2.109 52155 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:50:23.514554 3.000543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 17:50:30.520990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:50:38.522177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:50:54.525245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:51:26.534548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:53:18.402939 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 17:53:18.403088 3.003471 tcp 10.0.2.109 52156 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:53:27.407854 0.000000 tcp 10.0.2.109 52156 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:53:33.405987 0.062199 tcp 10.0.2.109 52157 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:53:33.468451 0.061831 tcp 10.0.2.109 52158 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:53:33.530550 0.161751 tcp 10.0.2.109 52159 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:53:33.760063 2.988348 tcp 10.0.2.109 52160 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:53:42.757168 0.000000 tcp 10.0.2.109 52160 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:53:48.756428 0.060643 tcp 10.0.2.109 52161 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:53:48.817266 0.062606 tcp 10.0.2.109 52162 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:53:48.880164 0.154094 tcp 10.0.2.109 52163 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:53:49.051373 2.999306 tcp 10.0.2.109 52164 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:53:58.049250 0.000000 tcp 10.0.2.109 52164 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:54:04.047998 3.003911 tcp 10.0.2.109 52165 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:54:13.052433 0.000000 tcp 10.0.2.109 52165 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:57:30.541567 2.998945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 17:57:37.545090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:57:45.546224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:58:01.549140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:58:33.555133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 17:59:19.051979 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 17:59:19.052139 3.003169 tcp 10.0.2.109 52166 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:59:28.053887 0.000000 tcp 10.0.2.109 52166 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:59:34.055028 0.062671 tcp 10.0.2.109 52167 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:59:34.117968 0.062383 tcp 10.0.2.109 52168 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:59:34.180601 0.157865 tcp 10.0.2.109 52169 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:59:34.579538 3.007685 tcp 10.0.2.109 52170 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:59:43.595700 0.000000 tcp 10.0.2.109 52170 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:59:49.574729 0.062477 tcp 10.0.2.109 52171 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:59:49.637559 0.061864 tcp 10.0.2.109 52172 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:59:49.699749 0.159177 tcp 10.0.2.109 52173 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/04 17:59:49.869589 2.999624 tcp 10.0.2.109 52174 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 17:59:58.867958 0.000000 tcp 10.0.2.109 52174 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:00:04.867373 2.993640 tcp 10.0.2.109 52175 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:00:13.859622 0.000000 tcp 10.0.2.109 52175 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:04:37.561109 3.002052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 18:04:44.568854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:04:52.570305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:05:08.573117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:05:19.870181 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 18:05:19.870285 3.003425 tcp 10.0.2.109 52176 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:05:28.872120 0.000000 tcp 10.0.2.109 52176 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:05:34.873144 0.062474 tcp 10.0.2.109 52177 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:05:34.935911 0.062641 tcp 10.0.2.109 52178 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:05:34.998864 0.153667 tcp 10.0.2.109 52179 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:05:35.429887 3.006092 tcp 10.0.2.109 52180 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:05:40.579284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:05:44.434918 0.000000 tcp 10.0.2.109 52180 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:05:50.423967 0.061988 tcp 10.0.2.109 52181 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:05:50.486336 0.061666 tcp 10.0.2.109 52182 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:05:50.548279 0.154946 tcp 10.0.2.109 52183 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:05:50.715703 2.992451 tcp 10.0.2.109 52184 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:05:59.755041 0.000000 tcp 10.0.2.109 52184 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:06:05.715725 2.994044 tcp 10.0.2.109 52185 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:06:14.708440 0.000000 tcp 10.0.2.109 52185 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:11:44.585262 3.001931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 18:11:51.592979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:11:59.593885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:12:15.597766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:12:47.603853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:17:16.770330 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 18:17:16.770432 0.048682 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:17.067848 0.343146 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:17.491367 0.050831 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:17.614714 0.083244 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:17.859482 0.124957 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:17.951198 0.196514 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:18.139255 0.090729 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:18.262808 0.178795 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:18.437950 0.062640 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:18.948423 0.113614 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:19.023816 0.152341 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:19.172155 0.120440 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:19.268830 0.352752 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:19.600876 0.350356 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:20.067204 0.310562 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2581 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:20.387816 0.339263 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:20.761030 2.989513 tcp 10.0.2.109 52186 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:17:20.835034 0.164119 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:21.062985 0.050034 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:21.111205 0.166374 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:21.255192 0.168693 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 1943 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:21.471067 0.151860 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:21.583852 0.462517 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:22.090724 0.105155 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:22.174735 0.089959 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:22.264348 0.391432 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:22.639756 0.407943 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:17:29.756658 0.000000 tcp 10.0.2.109 52186 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:17:35.760363 0.061707 tcp 10.0.2.109 52187 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:17:35.822343 0.062705 tcp 10.0.2.109 52188 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:17:35.885397 0.158541 tcp 10.0.2.109 52189 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:17:36.165461 2.997171 tcp 10.0.2.109 52190 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:17:45.164449 0.000000 tcp 10.0.2.109 52190 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:17:51.166073 0.060258 tcp 10.0.2.109 52191 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:17:51.226727 0.062002 tcp 10.0.2.109 52192 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:17:51.288968 0.154034 tcp 10.0.2.109 52193 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:17:51.521872 2.996570 tcp 10.0.2.109 52194 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:18:00.513160 0.000000 tcp 10.0.2.109 52194 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:18:06.511959 3.003930 tcp 10.0.2.109 52195 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:18:15.514637 0.000000 tcp 10.0.2.109 52195 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:18:51.609354 3.001642 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 18:18:58.616520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:19:06.618228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:19:22.621037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:19:54.627180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:23:21.515203 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 18:23:21.515304 2.993862 tcp 10.0.2.109 52196 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:23:30.518033 0.000000 tcp 10.0.2.109 52196 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:23:36.518600 0.062936 tcp 10.0.2.109 52197 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:23:36.581880 0.062137 tcp 10.0.2.109 52198 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:23:36.644333 0.159231 tcp 10.0.2.109 52199 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:23:36.923458 2.997630 tcp 10.0.2.109 52200 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:23:45.919964 0.000000 tcp 10.0.2.109 52200 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:23:51.921209 0.060026 tcp 10.0.2.109 52201 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:23:51.981534 0.031455 tcp 10.0.2.109 52202 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:23:52.013248 0.159821 tcp 10.0.2.109 52203 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:23:52.402947 3.000358 tcp 10.0.2.109 52204 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:24:01.402344 0.000000 tcp 10.0.2.109 52204 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:24:07.401054 3.003813 tcp 10.0.2.109 52205 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:24:16.403899 0.000000 tcp 10.0.2.109 52205 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:25:58.635333 3.001141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 18:26:05.640629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:26:13.643010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:26:29.646041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:27:01.651232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:29:22.404217 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 18:29:22.404385 2.993885 tcp 10.0.2.109 52206 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:29:31.406737 0.000000 tcp 10.0.2.109 52206 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:29:37.406874 0.062241 tcp 10.0.2.109 52207 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:29:37.469363 0.062049 tcp 10.0.2.109 52208 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:29:37.531778 0.153354 tcp 10.0.2.109 52209 -> 195.113.214.211 443 SRPA* 0 0 37 30052 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:29:37.705454 2.994468 tcp 10.0.2.109 52210 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:29:46.698640 0.000000 tcp 10.0.2.109 52210 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:29:52.697813 0.030701 tcp 10.0.2.109 52211 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:29:52.728788 0.030696 tcp 10.0.2.109 52212 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:29:52.759768 0.159610 tcp 10.0.2.109 52213 -> 195.113.214.211 443 SRPA* 0 0 24 12114 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:29:52.929695 3.002093 tcp 10.0.2.109 52214 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:30:01.930441 0.000000 tcp 10.0.2.109 52214 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:30:07.929150 3.004458 tcp 10.0.2.109 52215 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:30:16.931956 0.000000 tcp 10.0.2.109 52215 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:33:05.658025 3.000905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 18:33:12.664103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:33:20.666357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:33:36.669323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:34:08.675061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:35:22.932291 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 18:35:22.932475 3.003136 tcp 10.0.2.109 52216 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:35:31.934753 0.000000 tcp 10.0.2.109 52216 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:35:37.935124 0.063575 tcp 10.0.2.109 52217 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:35:37.999021 0.031921 tcp 10.0.2.109 52218 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:35:38.031285 0.123767 tcp 10.0.2.109 52219 -> 195.113.214.211 443 SRPA* 0 0 27 14324 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:35:38.163640 2.984730 tcp 10.0.2.109 52220 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:35:47.157020 0.000000 tcp 10.0.2.109 52220 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:35:53.156322 0.029933 tcp 10.0.2.109 52221 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:35:53.186548 0.062027 tcp 10.0.2.109 52222 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:35:53.248860 0.154759 tcp 10.0.2.109 52223 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:35:53.419453 3.000850 tcp 10.0.2.109 52224 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:36:02.419054 0.000000 tcp 10.0.2.109 52224 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:36:08.417449 3.004045 tcp 10.0.2.109 52225 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:36:17.420648 0.000000 tcp 10.0.2.109 52225 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:40:12.681537 3.000701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 18:40:19.688643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:40:27.690508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:40:43.692528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:41:15.704658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:47:19.705288 3.001054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 18:47:26.714805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:47:34.714029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:47:39.377477 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 18:47:39.377584 0.065801 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:39.589533 0.089526 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:39.653232 0.102618 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:39.722724 0.366966 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:40.170881 0.051267 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:40.536523 0.195074 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:40.723870 0.098124 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:40.805930 0.235389 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:41.038404 0.068910 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:41.090707 0.114293 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:41.165698 0.147147 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:41.304860 0.136128 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:41.399617 0.340958 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:41.832380 0.355663 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:42.183871 0.157583 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:42.395069 0.311134 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:42.732047 0.348051 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:43.188245 0.049946 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:43.281274 0.170305 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:43.519446 0.167091 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:43.747555 0.119015 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:43.824158 0.403309 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:44.287354 0.383418 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:44.654589 0.406118 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:45.041253 0.105055 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2008 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:45.125338 0.092280 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/04 18:47:50.717129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:47:53.461559 3.008325 tcp 10.0.2.109 52226 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:48:02.466500 0.000000 tcp 10.0.2.109 52226 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:48:08.466953 0.062299 tcp 10.0.2.109 52227 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:48:08.529493 0.061277 tcp 10.0.2.109 52228 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:48:08.591070 0.156290 tcp 10.0.2.109 52229 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:48:08.773212 3.003705 tcp 10.0.2.109 52230 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:48:17.785545 0.000000 tcp 10.0.2.109 52230 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:48:22.723360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:48:23.765234 0.064461 tcp 10.0.2.109 52231 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:48:23.829997 0.061815 tcp 10.0.2.109 52232 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:48:23.892184 0.154293 tcp 10.0.2.109 52233 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:48:24.082271 2.997095 tcp 10.0.2.109 52234 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:48:33.078004 0.000000 tcp 10.0.2.109 52234 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:48:39.076958 2.993817 tcp 10.0.2.109 52235 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:48:48.069418 0.000000 tcp 10.0.2.109 52235 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:53:54.079909 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 18:53:54.080065 3.003765 tcp 10.0.2.109 52236 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:54:03.082499 0.000000 tcp 10.0.2.109 52236 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:54:09.082776 0.062403 tcp 10.0.2.109 52237 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:54:09.145446 0.062824 tcp 10.0.2.109 52238 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:54:09.208604 0.155834 tcp 10.0.2.109 52239 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:54:09.375948 2.999946 tcp 10.0.2.109 52240 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:54:18.374845 0.000000 tcp 10.0.2.109 52240 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:54:24.373867 0.061718 tcp 10.0.2.109 52241 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:54:24.435854 0.061586 tcp 10.0.2.109 52242 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:54:24.497813 0.154979 tcp 10.0.2.109 52243 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 18:54:24.662009 2.995718 tcp 10.0.2.109 52244 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:54:33.666304 0.000000 tcp 10.0.2.109 52244 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:54:39.655134 2.994136 tcp 10.0.2.109 52245 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:54:48.648116 0.000000 tcp 10.0.2.109 52245 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 18:55:18.733743 3.001861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 18:55:25.741409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:55:33.742387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:55:49.746244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:56:21.751939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 18:59:54.667035 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 18:59:54.667222 2.995227 tcp 10.0.2.109 52246 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:00:03.660952 0.000000 tcp 10.0.2.109 52246 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:00:09.661776 0.062297 tcp 10.0.2.109 52247 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:00:09.724364 0.062353 tcp 10.0.2.109 52248 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:00:09.787009 0.160184 tcp 10.0.2.109 52249 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:00:09.960553 3.003277 tcp 10.0.2.109 52250 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:00:18.964381 0.000000 tcp 10.0.2.109 52250 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:00:24.962050 0.060566 tcp 10.0.2.109 52251 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:00:25.022896 0.061954 tcp 10.0.2.109 52252 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:00:25.085163 0.158352 tcp 10.0.2.109 52253 -> 195.113.214.211 443 SRPA* 0 0 41 33512 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:00:25.267761 3.008680 tcp 10.0.2.109 52254 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:00:34.275046 0.000000 tcp 10.0.2.109 52254 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:00:40.264033 3.004009 tcp 10.0.2.109 52255 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:00:49.276433 0.000000 tcp 10.0.2.109 52255 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:02:25.758912 3.000673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 19:02:32.764812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:02:40.766382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:02:56.769334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:03:28.775952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:05:55.267309 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 19:05:55.267501 2.993262 tcp 10.0.2.109 52256 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:06:04.259301 0.000000 tcp 10.0.2.109 52256 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:06:10.271443 0.032021 tcp 10.0.2.109 52257 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:06:10.303781 0.062059 tcp 10.0.2.109 52258 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:06:10.366105 0.158503 tcp 10.0.2.109 52259 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:06:10.546637 2.995830 tcp 10.0.2.109 52260 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:06:19.541222 0.000000 tcp 10.0.2.109 52260 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:06:25.540518 0.060862 tcp 10.0.2.109 52261 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:06:25.601693 0.062571 tcp 10.0.2.109 52262 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:06:25.664506 0.154564 tcp 10.0.2.109 52263 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:06:25.831987 3.002700 tcp 10.0.2.109 52264 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:06:34.833005 0.000000 tcp 10.0.2.109 52264 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:06:40.832045 3.003799 tcp 10.0.2.109 52265 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:06:49.834790 0.000000 tcp 10.0.2.109 52265 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:09:32.783124 3.002467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 19:09:39.789380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:09:47.790973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:10:03.793225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:10:35.799828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:16:39.806371 3.001106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 19:16:46.814642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:16:54.814246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:17:10.820337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:17:42.823840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:18:03.283564 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 19:18:03.283678 0.100406 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:03.349348 0.049494 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:03.454419 0.086545 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:03.515923 0.365531 udp 10.0.2.109 3683 <-> 223.17.70.8 8575 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:03.891297 0.050641 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:03.988240 0.197880 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:04.179142 0.092775 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:04.256226 0.173146 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:04.425894 0.151134 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:04.569198 0.132991 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:04.663626 0.347764 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:04.991516 0.066171 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:05.139657 0.112609 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:05.215599 0.349550 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:05.561304 0.158911 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:05.721918 0.312421 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:06.130718 0.167880 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:06.275069 0.169609 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:06.454726 0.113252 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:06.531976 0.342773 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:06.878625 0.054480 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:06.931458 0.423393 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:07.374794 0.398056 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:07.756225 0.403859 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:08.140950 0.107355 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:08.223599 0.094704 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:18:10.874124 2.994260 tcp 10.0.2.109 52266 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:18:19.876864 0.000000 tcp 10.0.2.109 52266 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:18:25.877252 0.031365 tcp 10.0.2.109 52267 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:18:25.908918 0.067002 tcp 10.0.2.109 52268 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:18:25.976234 0.153099 tcp 10.0.2.109 52269 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:18:26.147129 3.007236 tcp 10.0.2.109 52270 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:18:35.149024 0.000000 tcp 10.0.2.109 52270 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:18:41.149348 0.164497 tcp 10.0.2.109 52271 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:18:41.314157 0.031030 tcp 10.0.2.109 52272 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:18:41.345453 0.123357 tcp 10.0.2.109 52273 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:18:41.532574 2.982939 tcp 10.0.2.109 52274 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:18:50.463424 0.000000 tcp 10.0.2.109 52274 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:18:56.411041 3.006104 tcp 10.0.2.109 52275 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:19:05.413129 0.000000 tcp 10.0.2.109 52275 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:23:46.829721 3.001672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 19:23:53.837057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:24:01.838720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:24:11.413372 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 19:24:11.413484 3.003174 tcp 10.0.2.109 52276 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:24:17.841887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:24:20.415587 0.000000 tcp 10.0.2.109 52276 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:24:26.415609 0.032011 tcp 10.0.2.109 52277 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:24:26.447851 0.031428 tcp 10.0.2.109 52278 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:24:26.479530 0.127614 tcp 10.0.2.109 52279 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:24:26.855262 2.993565 tcp 10.0.2.109 52280 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:24:35.857506 0.000000 tcp 10.0.2.109 52280 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:24:41.856272 0.030493 tcp 10.0.2.109 52281 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:24:41.887030 0.031421 tcp 10.0.2.109 52282 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:24:41.918736 0.125001 tcp 10.0.2.109 52283 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:24:42.071444 2.999400 tcp 10.0.2.109 52284 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:24:49.847698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:24:51.069345 0.000000 tcp 10.0.2.109 52284 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:24:57.068116 3.008562 tcp 10.0.2.109 52285 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:25:06.071041 0.000000 tcp 10.0.2.109 52285 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:30:12.071430 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 19:30:12.071624 3.003637 tcp 10.0.2.109 52286 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:30:21.073931 0.000000 tcp 10.0.2.109 52286 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:30:27.074433 0.031320 tcp 10.0.2.109 52287 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:30:27.106038 0.031157 tcp 10.0.2.109 52288 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:30:27.137468 0.126367 tcp 10.0.2.109 52289 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:30:27.326396 3.000782 tcp 10.0.2.109 52290 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:30:36.325763 0.000000 tcp 10.0.2.109 52290 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:30:42.325219 0.061208 tcp 10.0.2.109 52291 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:30:42.386717 0.062511 tcp 10.0.2.109 52292 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:30:42.449494 0.126760 tcp 10.0.2.109 52293 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:30:42.587172 2.991928 tcp 10.0.2.109 52294 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:30:51.577632 0.000000 tcp 10.0.2.109 52294 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:30:53.853991 3.000787 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 19:30:57.586069 2.994809 tcp 10.0.2.109 52295 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:31:00.861249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:31:06.579153 0.000000 tcp 10.0.2.109 52295 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:31:08.862831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:31:24.865031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:31:56.871866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:36:12.589815 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 19:36:12.589956 3.003525 tcp 10.0.2.109 52296 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:36:21.592439 0.000000 tcp 10.0.2.109 52296 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:36:27.592580 0.062013 tcp 10.0.2.109 52297 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:36:27.654849 0.062055 tcp 10.0.2.109 52298 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:36:27.717155 0.152008 tcp 10.0.2.109 52299 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:36:27.896081 2.999559 tcp 10.0.2.109 52300 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:36:36.894374 0.000000 tcp 10.0.2.109 52300 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:36:42.893483 0.060354 tcp 10.0.2.109 52301 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:36:42.954284 0.062335 tcp 10.0.2.109 52302 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:36:43.016965 0.157654 tcp 10.0.2.109 52303 -> 195.113.214.211 443 SRPA* 0 0 20 11307 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:36:43.198476 3.009232 tcp 10.0.2.109 52304 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:36:52.216020 0.000000 tcp 10.0.2.109 52304 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:36:58.195191 2.994018 tcp 10.0.2.109 52305 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:37:07.187937 0.000000 tcp 10.0.2.109 52305 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:38:00.877399 3.001819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 19:38:07.885280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:38:15.886790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:38:31.889745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:39:03.898594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:45:07.901800 3.001538 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 19:45:14.909088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:45:22.910858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:45:38.985404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:46:10.929776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:48:29.489179 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 19:48:29.489352 0.205913 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:29.669675 0.000000 udp 10.0.2.109 3683 -> 223.17.70.8 8575 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 19:48:43.239117 3.003809 tcp 10.0.2.109 52306 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:48:45.563258 0.031965 tcp 10.0.2.109 52307 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:48:45.595558 0.033065 tcp 10.0.2.109 52308 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:48:45.628913 0.123523 tcp 10.0.2.109 52309 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:48:45.752849 0.050403 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:45.874915 0.106627 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:45.945718 0.048371 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:46.023029 0.188553 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:46.204598 0.099553 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:46.300279 0.172416 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:46.469711 0.145607 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:46.610742 0.130661 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:46.699996 0.413209 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:47.092388 0.069617 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:47.153635 0.112628 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:47.228719 0.361928 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:47.648568 0.156145 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:47.810598 0.310961 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:48.166761 0.120609 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:48.248813 0.348378 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:48.744518 0.050842 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:48.793712 0.166515 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:48.937447 0.168882 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:49.138742 0.405918 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:49.558199 0.389607 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:49.927865 0.090139 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:49.997821 0.409051 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:50.387381 0.103967 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/04 19:48:52.241360 0.000000 tcp 10.0.2.109 52306 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:48:58.240967 0.074388 tcp 10.0.2.109 52310 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:48:58.315224 0.031836 tcp 10.0.2.109 52311 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:48:58.347338 0.155440 tcp 10.0.2.109 52312 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:48:58.578250 3.006424 tcp 10.0.2.109 52313 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:49:07.583426 0.000000 tcp 10.0.2.109 52313 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:54:12.945611 3.001410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 19:54:13.573970 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 19:54:13.574176 2.993579 tcp 10.0.2.109 52314 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:54:19.952682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:54:22.576447 0.000000 tcp 10.0.2.109 52314 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:54:27.953926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:54:28.576536 0.031475 tcp 10.0.2.109 52315 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:54:28.608371 0.031771 tcp 10.0.2.109 52316 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:54:28.640389 0.126249 tcp 10.0.2.109 52317 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:54:29.024020 2.996024 tcp 10.0.2.109 52318 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:54:38.018681 0.000000 tcp 10.0.2.109 52318 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:54:43.957077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 19:54:44.017848 0.031117 tcp 10.0.2.109 52319 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:54:44.049223 0.062217 tcp 10.0.2.109 52320 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:54:44.111731 0.125322 tcp 10.0.2.109 52321 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 19:54:44.298342 3.003683 tcp 10.0.2.109 52322 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:54:53.300814 0.000000 tcp 10.0.2.109 52322 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:54:59.299522 3.004022 tcp 10.0.2.109 52323 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:55:08.302248 0.000000 tcp 10.0.2.109 52323 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 19:55:15.963326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:00:14.302802 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 20:00:14.302915 3.003419 tcp 10.0.2.109 52324 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:00:23.305073 0.000000 tcp 10.0.2.109 52324 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:00:29.305528 0.031786 tcp 10.0.2.109 52325 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:00:29.337619 0.030992 tcp 10.0.2.109 52326 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:00:29.368893 0.159720 tcp 10.0.2.109 52327 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:00:29.544235 2.994112 tcp 10.0.2.109 52328 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:00:38.547241 0.000000 tcp 10.0.2.109 52328 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:00:44.546033 0.030761 tcp 10.0.2.109 52329 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:00:44.577077 0.032325 tcp 10.0.2.109 52330 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:00:44.609670 0.157723 tcp 10.0.2.109 52331 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:00:44.838402 3.002507 tcp 10.0.2.109 52332 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:00:53.839260 0.000000 tcp 10.0.2.109 52332 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:00:59.838671 3.003296 tcp 10.0.2.109 52333 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:01:08.840653 0.000000 tcp 10.0.2.109 52333 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:01:19.969445 3.001584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 20:01:26.978353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:01:34.978398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:01:50.981234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:02:22.987365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:06:14.841023 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 20:06:14.841161 3.003687 tcp 10.0.2.109 52334 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:06:23.846034 0.000000 tcp 10.0.2.109 52334 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:06:29.844327 0.184035 tcp 10.0.2.109 52335 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:06:30.028716 0.185134 tcp 10.0.2.109 52336 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:06:30.214199 0.127435 tcp 10.0.2.109 52337 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:06:30.383062 3.004304 tcp 10.0.2.109 52338 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:06:39.385841 0.000000 tcp 10.0.2.109 52338 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:06:45.385251 0.031746 tcp 10.0.2.109 52339 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:06:45.417363 0.185091 tcp 10.0.2.109 52340 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:06:45.602724 0.123935 tcp 10.0.2.109 52341 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:06:45.736320 2.992763 tcp 10.0.2.109 52342 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:06:54.727756 0.000000 tcp 10.0.2.109 52342 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:07:00.736973 2.993921 tcp 10.0.2.109 52343 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:07:09.729293 0.000000 tcp 10.0.2.109 52343 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:08:26.993005 3.001968 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 20:08:34.000671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:08:42.002163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:08:58.005161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:09:30.011443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:12:15.739876 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 20:12:15.740058 3.003835 tcp 10.0.2.109 52344 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:12:24.742508 0.000000 tcp 10.0.2.109 52344 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:12:30.743449 0.062274 tcp 10.0.2.109 52345 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:12:30.805993 0.030940 tcp 10.0.2.109 52346 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:12:30.837215 0.150412 tcp 10.0.2.109 52347 -> 195.113.214.211 443 SRPA* 0 0 19 10006 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:12:31.035073 3.000316 tcp 10.0.2.109 52348 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:12:40.034235 0.000000 tcp 10.0.2.109 52348 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:15:34.018044 3.000878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 20:15:41.024226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:15:49.026254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:16:05.029235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:16:37.035182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:19:10.567149 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 20:19:10.567293 0.000000 udp 10.0.2.109 3683 -> 223.17.70.8 8575 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 20:19:27.421723 0.155482 tcp 10.0.2.109 52349 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:19:27.577508 0.061270 tcp 10.0.2.109 52350 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:19:27.639063 0.157073 tcp 10.0.2.109 52351 -> 195.113.214.211 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:19:27.796862 0.152315 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:27.925055 0.048689 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:28.138701 0.050846 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:28.286769 0.101713 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:28.354328 0.193159 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:28.539515 0.094025 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:28.646567 0.172629 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:28.816182 0.149307 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:28.957712 0.125127 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:29.047236 0.353310 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:29.425528 0.065155 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:29.475102 0.114555 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:29.570851 0.353819 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:29.920613 0.156012 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:30.167875 0.346667 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:30.527140 0.047709 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:30.573122 0.167286 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:30.763500 0.310171 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:31.089881 2.999953 tcp 10.0.2.109 52352 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:19:31.135029 0.252152 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:31.347731 0.172474 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:31.563043 0.454160 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:32.082791 0.384069 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:32.445762 0.100833 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:32.758058 0.409343 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:33.148839 0.112081 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:19:40.088413 0.000000 tcp 10.0.2.109 52352 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:19:46.087611 0.030029 tcp 10.0.2.109 52353 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:19:46.117879 0.031590 tcp 10.0.2.109 52354 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:19:46.149831 0.157391 tcp 10.0.2.109 52355 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:19:46.471488 3.000285 tcp 10.0.2.109 52356 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:19:55.470707 0.000000 tcp 10.0.2.109 52356 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:20:01.469893 0.030945 tcp 10.0.2.109 52357 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:20:01.501170 0.030956 tcp 10.0.2.109 52358 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:20:01.532354 0.125687 tcp 10.0.2.109 52359 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:20:01.737741 3.008157 tcp 10.0.2.109 52360 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:20:10.742661 0.000000 tcp 10.0.2.109 52360 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:20:16.731177 3.004012 tcp 10.0.2.109 52361 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:20:25.734548 0.000000 tcp 10.0.2.109 52361 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:22:41.042087 3.000782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 20:22:48.048873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:22:56.050444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:23:12.053301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:23:44.059266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:25:31.734900 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 20:25:31.734985 2.993485 tcp 10.0.2.109 52362 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:25:40.736377 0.000000 tcp 10.0.2.109 52362 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:25:46.737399 0.030981 tcp 10.0.2.109 52363 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:25:46.768700 0.061648 tcp 10.0.2.109 52364 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:25:46.830637 0.128131 tcp 10.0.2.109 52365 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:25:46.996710 2.993344 tcp 10.0.2.109 52366 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:25:55.988808 0.000000 tcp 10.0.2.109 52366 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:26:01.998410 0.060497 tcp 10.0.2.109 52367 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:26:02.059165 0.062212 tcp 10.0.2.109 52368 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:26:02.121675 0.157697 tcp 10.0.2.109 52369 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:26:02.296640 2.999757 tcp 10.0.2.109 52370 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:26:11.290765 0.000000 tcp 10.0.2.109 52370 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:26:17.290508 3.006429 tcp 10.0.2.109 52371 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:26:26.298625 0.000000 tcp 10.0.2.109 52371 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:29:48.065645 3.001487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 20:29:55.072694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:30:03.073790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:30:19.077490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:30:51.083134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:31:32.293505 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 20:31:32.293599 3.003081 tcp 10.0.2.109 52372 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:31:41.295271 0.000000 tcp 10.0.2.109 52372 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:31:47.296671 0.031570 tcp 10.0.2.109 52373 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:31:47.328537 0.031171 tcp 10.0.2.109 52374 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:31:47.360026 0.126714 tcp 10.0.2.109 52375 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:31:47.725952 2.992873 tcp 10.0.2.109 52376 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:31:56.717559 0.000000 tcp 10.0.2.109 52376 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:32:02.727036 0.030147 tcp 10.0.2.109 52377 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:32:02.757512 0.031961 tcp 10.0.2.109 52378 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:32:02.789313 0.129491 tcp 10.0.2.109 52379 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:32:02.928504 3.003273 tcp 10.0.2.109 52380 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:32:11.929347 0.000000 tcp 10.0.2.109 52380 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:32:17.928189 3.004381 tcp 10.0.2.109 52381 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:32:26.930973 0.000000 tcp 10.0.2.109 52381 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:36:55.088402 3.002476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 20:37:02.096603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:37:10.097998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:37:26.101070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:37:32.931646 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 20:37:32.931755 3.003422 tcp 10.0.2.109 52382 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:37:41.933774 0.000000 tcp 10.0.2.109 52382 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:37:47.934804 0.062331 tcp 10.0.2.109 52383 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:37:47.997408 0.062615 tcp 10.0.2.109 52384 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:37:48.060284 0.126386 tcp 10.0.2.109 52385 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:37:48.260237 3.007171 tcp 10.0.2.109 52386 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:37:57.265745 0.000000 tcp 10.0.2.109 52386 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:37:58.107371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:38:03.255525 0.032922 tcp 10.0.2.109 52387 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:38:03.288709 0.030949 tcp 10.0.2.109 52388 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:38:03.319954 0.127584 tcp 10.0.2.109 52389 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:38:03.459295 2.999643 tcp 10.0.2.109 52390 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:38:12.467638 0.000000 tcp 10.0.2.109 52390 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:38:18.456353 3.046266 tcp 10.0.2.109 52391 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:38:27.449147 0.000000 tcp 10.0.2.109 52391 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:44:02.114449 3.001519 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 20:44:09.121303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:44:17.122104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:44:33.125047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:45:05.131077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:49:46.376011 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 20:49:46.376154 0.199352 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:46.537241 0.048154 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:46.590707 0.050974 rtp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:46.744525 0.102398 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:46.812879 0.189675 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:46.995221 0.126533 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:47.104243 0.173770 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:47.273618 0.172949 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:47.434797 0.125009 rtp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:47.523184 0.404838 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:47.908630 0.067707 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:47.959751 0.141981 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:48.062211 0.363820 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:48.422318 0.158889 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:48.508932 3.003955 tcp 10.0.2.109 52392 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:49:48.609213 0.169129 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:48.753109 0.343530 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:49.114772 0.050470 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:49.159022 0.309962 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:49.474777 0.122567 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:49.556951 0.174215 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:49.745975 0.404740 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2525 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:50.178414 0.384770 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:50.544860 0.091949 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:50.617400 0.406468 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:51.005376 0.106382 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/04 20:49:57.511445 0.000000 tcp 10.0.2.109 52392 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:50:03.511673 0.033045 tcp 10.0.2.109 52393 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:50:03.545007 0.062577 tcp 10.0.2.109 52394 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:50:03.607929 0.161658 tcp 10.0.2.109 52395 -> 195.113.214.211 443 SRPA* 0 0 69 54224 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:50:03.948206 3.006899 tcp 10.0.2.109 52396 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:50:12.953461 0.000000 tcp 10.0.2.109 52396 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:50:18.942385 0.075121 tcp 10.0.2.109 52397 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:50:19.017787 0.061555 tcp 10.0.2.109 52398 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:50:19.079665 0.157197 tcp 10.0.2.109 52399 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:50:19.284740 3.002411 tcp 10.0.2.109 52400 -> 94.240.245.133 4316 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:50:28.285441 0.000000 tcp 10.0.2.109 52400 -> 94.240.245.133 4316 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:50:34.274860 0.075056 tcp 10.0.2.109 52401 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:50:34.349886 0.062454 tcp 10.0.2.109 52402 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:50:34.412681 0.151767 tcp 10.0.2.109 52403 -> 195.113.214.211 443 SRPA* 0 0 32 16806 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:50:34.671997 2.987010 tcp 10.0.2.109 52404 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:50:43.668526 0.000000 tcp 10.0.2.109 52404 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:50:49.666312 2.996280 tcp 10.0.2.109 52405 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:50:58.662551 0.000000 tcp 10.0.2.109 52405 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:51:04.667864 3.004147 tcp 10.0.2.109 52406 -> 94.240.245.133 4316 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:51:13.671040 0.000000 tcp 10.0.2.109 52406 -> 94.240.245.133 4316 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:53:30.141323 3.000394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 20:53:37.147174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:53:45.148753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:54:01.151580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:54:33.157750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 20:56:19.670742 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 20:56:19.670890 3.004448 tcp 10.0.2.109 52407 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:56:28.673791 0.000000 tcp 10.0.2.109 52407 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:56:34.673950 0.062783 tcp 10.0.2.109 52408 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:56:34.736991 0.061810 tcp 10.0.2.109 52409 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:56:34.799080 0.153585 tcp 10.0.2.109 52410 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:56:34.962468 2.994680 tcp 10.0.2.109 52411 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:56:43.955659 0.000000 tcp 10.0.2.109 52411 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:56:49.954990 0.061117 tcp 10.0.2.109 52412 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:56:50.016393 0.061928 tcp 10.0.2.109 52413 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:56:50.078593 0.151321 tcp 10.0.2.109 52414 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:56:50.246900 2.992226 tcp 10.0.2.109 52415 -> 94.240.245.133 4316 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:56:59.247943 0.000000 tcp 10.0.2.109 52415 -> 94.240.245.133 4316 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:57:05.247149 0.030624 tcp 10.0.2.109 52416 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:57:05.278076 0.061526 tcp 10.0.2.109 52417 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:57:05.339909 0.128644 tcp 10.0.2.109 52418 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/04 20:57:05.487696 3.003451 tcp 10.0.2.109 52419 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:57:14.489616 0.000000 tcp 10.0.2.109 52419 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:57:20.488683 3.004090 tcp 10.0.2.109 52420 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:57:29.491290 0.000000 tcp 10.0.2.109 52420 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:57:35.490001 3.004383 tcp 10.0.2.109 52421 -> 94.240.245.133 4316 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 20:57:44.492907 0.000000 tcp 10.0.2.109 52421 -> 94.240.245.133 4316 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:00:37.164005 3.001267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 21:00:44.171178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:00:52.172707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:01:08.175704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:01:40.181742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:02:50.493576 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 21:02:50.493682 3.003427 tcp 10.0.2.109 52422 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:02:59.495951 0.000000 tcp 10.0.2.109 52422 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:03:05.496104 0.062462 tcp 10.0.2.109 52423 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:03:05.558835 0.062446 tcp 10.0.2.109 52424 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:03:05.621619 0.155105 tcp 10.0.2.109 52425 -> 195.113.214.211 443 SRPA* 0 0 32 22198 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:03:05.799152 3.000239 tcp 10.0.2.109 52426 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:03:14.807749 0.000000 tcp 10.0.2.109 52426 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:03:20.796732 0.061026 tcp 10.0.2.109 52427 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:03:20.858058 0.031625 tcp 10.0.2.109 52428 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:03:20.890064 0.159215 tcp 10.0.2.109 52429 -> 195.113.214.211 443 SRPA* 0 0 46 41906 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:03:21.088355 3.002657 tcp 10.0.2.109 52430 -> 94.240.245.133 4316 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:03:30.089569 0.000000 tcp 10.0.2.109 52430 -> 94.240.245.133 4316 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:03:36.089070 0.031232 tcp 10.0.2.109 52431 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:03:36.120633 0.061962 tcp 10.0.2.109 52432 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:03:36.183014 0.124974 tcp 10.0.2.109 52433 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:03:36.317702 3.005303 tcp 10.0.2.109 52434 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:03:45.321514 0.000000 tcp 10.0.2.109 52434 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:03:51.310306 3.004193 tcp 10.0.2.109 52435 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:04:00.313243 0.000000 tcp 10.0.2.109 52435 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:04:06.311990 3.004633 tcp 10.0.2.109 52436 -> 94.240.245.133 4316 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:04:15.314831 0.000000 tcp 10.0.2.109 52436 -> 94.240.245.133 4316 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:04:20.231729 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 21:07:44.187996 3.001315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 21:07:51.195742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:07:59.197285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:08:15.199978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:08:47.205845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:09:21.315535 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 21:09:21.315650 2.993125 tcp 10.0.2.109 52437 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:09:30.317991 0.000000 tcp 10.0.2.109 52437 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:09:36.318785 0.061792 tcp 10.0.2.109 52438 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:09:36.380950 0.061413 tcp 10.0.2.109 52439 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:09:36.442690 0.150805 tcp 10.0.2.109 52440 -> 195.113.214.211 443 SRPA* 0 0 46 41014 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:09:36.604363 2.996465 tcp 10.0.2.109 52441 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:09:45.599591 0.000000 tcp 10.0.2.109 52441 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:09:51.598741 0.061098 tcp 10.0.2.109 52442 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:09:51.660075 0.031861 tcp 10.0.2.109 52443 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:09:51.692270 0.159190 tcp 10.0.2.109 52444 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:09:51.863112 2.999598 tcp 10.0.2.109 52445 -> 94.240.245.133 4316 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:10:00.861116 0.000000 tcp 10.0.2.109 52445 -> 94.240.245.133 4316 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:10:06.860257 0.062252 tcp 10.0.2.109 52446 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:10:06.922848 0.061911 tcp 10.0.2.109 52447 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:10:06.985057 0.150739 tcp 10.0.2.109 52448 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:10:07.198820 3.006125 tcp 10.0.2.109 52449 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:10:16.203615 0.000000 tcp 10.0.2.109 52449 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:10:22.192604 3.003971 tcp 10.0.2.109 52450 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:10:31.195142 0.000000 tcp 10.0.2.109 52450 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:10:37.193994 2.994331 tcp 10.0.2.109 52451 -> 94.240.245.133 4316 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:10:46.196368 0.000000 tcp 10.0.2.109 52451 -> 94.240.245.133 4316 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:14:51.211710 3.001578 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 21:14:58.218973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:15:06.220599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:15:22.223596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:15:54.229593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:20:12.591364 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 21:20:12.591471 0.158093 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:12.749511 0.098389 rtp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:13.518339 0.187808 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:13.802249 0.084437 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:14.121656 0.048723 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:14.361020 0.091510 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:14.540227 0.172788 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:14.709751 0.148623 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:14.849032 0.129659 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:14.968615 0.412061 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:15.361930 0.066147 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:15.452286 0.123867 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:15.692675 0.349707 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:16.038644 0.157310 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:16.320960 0.168974 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2578 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:16.465065 0.310123 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:16.846660 0.122824 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:16.931060 0.171484 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:17.212761 0.342672 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:17.606773 0.058603 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:17.662072 0.366304 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:18.047756 0.391686 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:18.422655 0.093056 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:18.580744 0.407104 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:18.970432 0.113146 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:20:22.240141 2.979141 tcp 10.0.2.109 52452 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:20:31.228476 0.000000 tcp 10.0.2.109 52452 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:20:37.228439 0.061946 tcp 10.0.2.109 52453 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:20:37.290714 0.061306 tcp 10.0.2.109 52454 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:20:37.352357 0.152337 tcp 10.0.2.109 52455 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:20:37.621164 3.000259 tcp 10.0.2.109 52456 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:20:46.619798 0.000000 tcp 10.0.2.109 52456 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/04 21:20:52.619257 0.060894 tcp 10.0.2.109 52457 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:20:52.680451 0.062235 tcp 10.0.2.109 52458 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:20:52.743000 0.160889 tcp 10.0.2.109 52459 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:20:52.963481 0.534162 tcp 10.0.2.109 52460 -> 188.129.248.221 6410 FSPA* 0 0 14 1704 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:21:58.236474 3.000840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 21:22:05.243105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:22:13.244457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:22:29.247599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:23:01.253903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:29:05.259248 3.004348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 21:29:12.267039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:29:20.268498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:29:36.271546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:30:08.277657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:36:12.283792 3.001768 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 21:36:19.291051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:36:27.292502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:36:43.295675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:37:15.301420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:43:19.308550 3.001011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 21:43:26.314858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:43:34.316596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:43:50.319545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:44:22.335478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:50:22.818936 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 21:50:22.819048 0.050790 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:22.908664 0.102957 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:22.977750 0.188296 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:23.159276 0.085896 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:23.217434 0.049122 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:23.309960 0.146811 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:23.448972 0.131179 udp 10.0.2.109 3683 <-> 86.137.162.190 2689 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:23.540853 0.099700 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:23.623718 0.180679 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:23.801065 0.349637 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:24.160378 0.065612 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:24.209883 0.113157 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:24.283923 0.358699 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:24.676545 0.307838 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:25.006760 0.118840 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:25.089436 0.156786 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:25.274877 0.168950 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:25.421805 0.167351 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:25.620244 0.347720 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:25.970685 0.050765 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:26.038697 0.371651 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:26.342773 3.000447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 21:50:26.458941 0.402487 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:26.841546 0.107410 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:26.925306 0.394197 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:27.301968 0.083955 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/04 21:50:33.348900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:50:41.350586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:50:53.498092 0.526860 tcp 10.0.2.109 52461 -> 188.129.248.221 6410 FSPA* 0 0 14 1747 flow=From-Botnet-V1-TCP-Established 1970/02/04 21:50:57.353533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:51:29.359497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:57:33.365494 3.001951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 21:57:40.372884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:57:48.374916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:58:04.377466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 21:58:36.383440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:04:40.390164 3.001077 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 22:04:47.396740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:04:55.398586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:05:11.401347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:05:43.407620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:11:47.413439 3.001586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 22:11:54.421101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:12:02.422192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:12:18.425376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:12:50.431505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:18:54.437838 3.073685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 22:19:01.486327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:19:09.456523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:19:25.459379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:19:57.465315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:20:39.446109 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 22:20:39.446256 0.151592 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:39.622302 0.100059 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:39.769814 0.190101 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:39.952436 0.091737 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:40.023461 0.049540 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:40.264470 0.148828 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:40.405681 0.000000 udp 10.0.2.109 3683 -> 86.137.162.190 2689 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:20:54.027220 0.516356 tcp 10.0.2.109 52462 -> 188.129.248.221 6410 FSPA* 0 0 14 1507 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:20:58.305139 0.053105 tcp 10.0.2.109 52463 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:20:58.358535 0.052289 tcp 10.0.2.109 52464 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:20:58.411099 0.131717 tcp 10.0.2.109 52465 -> 195.113.214.211 443 SRPA* 0 0 61 59752 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:20:58.543640 0.102369 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:58.628026 0.182548 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:58.806898 0.398961 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:59.183618 0.071074 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:59.234871 0.116857 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:59.313368 0.350068 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:59.659630 0.323375 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:20:59.998931 0.126410 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:00.085821 0.158804 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:00.263867 0.171663 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:00.411722 0.167252 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:00.590714 0.382268 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:01.004367 0.047132 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:01.047972 0.116531 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:01.139654 0.343764 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:01.484859 0.407263 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:01.875446 0.395084 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:21:02.250955 0.091326 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:26:01.472285 3.000808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 22:26:08.478969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:26:16.480623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:26:32.483790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:27:04.490673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:33:08.496084 3.001058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 22:33:15.502595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:33:23.506094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:33:39.507127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:34:11.513344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:40:15.519661 3.006844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 22:40:22.526854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:40:30.529259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:40:46.531332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:41:18.537349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:47:22.544323 3.000259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 22:47:29.550788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:47:37.552328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:47:53.555144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:48:25.561262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:50:54.545562 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 22:50:54.545665 0.605606 tcp 10.0.2.109 52466 -> 188.129.248.221 6410 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:51:14.604456 0.000000 udp 10.0.2.109 3683 -> 86.137.162.190 2689 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:51:32.542303 0.053940 tcp 10.0.2.109 52467 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:51:32.596510 0.053218 tcp 10.0.2.109 52468 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:51:32.650022 0.147553 tcp 10.0.2.109 52469 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:51:32.798247 0.186554 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:32.977438 0.089468 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:33.121760 0.098189 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:33.186858 0.050973 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:33.283355 0.049693 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:33.418720 0.144173 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:33.558811 0.097868 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:33.664298 0.233981 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:33.895052 0.359001 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:34.235021 0.066837 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:34.488867 0.115700 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:34.564085 0.358722 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2556 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:35.008001 0.310673 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:35.350959 0.118247 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2033 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:35.433599 0.171466 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:35.616872 0.420661 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:36.083982 0.045380 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:36.127384 0.157162 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:36.323135 0.167536 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:36.468966 0.109344 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:36.576374 0.434486 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:37.026076 0.417174 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:37.419563 0.385341 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:51:37.786448 0.000000 udp 10.0.2.109 3683 -> 109.153.254.98 4764 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:51:54.464244 0.052810 tcp 10.0.2.109 52470 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:51:54.517307 0.052604 tcp 10.0.2.109 52471 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:51:54.570355 0.150951 tcp 10.0.2.109 52472 -> 195.113.214.211 443 SRPA* 0 0 47 41066 flow=From-Botnet-V1-TCP-Established 1970/02/04 22:51:54.740082 0.000000 udp 10.0.2.109 3683 -> 109.153.254.98 4764 REQ 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:52:01.802074 0.362444 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 7 2410 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:02.159510 0.183096 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 8 3115 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:02.307624 0.133898 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 8 3196 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:02.495488 0.094108 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 2840 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:02.630607 0.284309 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3141 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:02.907152 0.172623 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 8 3023 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:03.063736 0.163236 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 8 2975 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:03.201991 0.110389 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 2830 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:03.298269 0.284073 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 8 2983 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:03.545635 0.331873 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 2988 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:03.874959 0.692497 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 8 3062 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:04.548794 0.752055 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3066 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:05.296886 0.619596 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 2879 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:06.012574 0.331588 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 8 2740 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:06.441687 0.831687 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 2713 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:07.271604 0.394919 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 8 3025 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:07.629731 0.309634 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3250 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:07.916609 0.175704 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3134 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:08.089013 0.197549 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 8 3046 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:08.265989 0.314543 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 8 3035 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:08.577061 0.802301 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 8 2922 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:09.363235 0.800797 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 8 3172 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:10.166647 0.749422 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 8 2980 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:10.898389 0.632928 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 8 2895 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:11.777273 0.224619 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:12.022303 0.000000 udp 10.0.2.109 3683 -> 69.43.36.190 8623 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:52:20.580787 0.000000 udp 10.0.2.109 3683 -> 24.97.23.202 5191 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:52:28.240364 0.000000 udp 10.0.2.109 3683 -> 94.81.94.161 2747 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:52:35.430887 0.000000 udp 10.0.2.109 3683 -> 212.95.252.147 6485 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:52:40.227489 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 22:52:41.659417 0.000000 udp 10.0.2.109 3683 -> 64.72.187.96 5454 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:52:47.958912 0.000000 udp 10.0.2.109 3683 -> 46.218.179.146 1594 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:52:53.045989 0.194642 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 2 840 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:52:53.251549 0.000000 udp 10.0.2.109 3683 -> 77.10.247.45 3056 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:53:01.548350 0.000000 udp 10.0.2.109 3683 -> 200.88.99.25 5151 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:53:07.887194 0.000000 udp 10.0.2.109 3683 -> 113.161.162.136 7350 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:53:16.760007 0.000000 udp 10.0.2.109 3683 -> 109.100.38.73 2279 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:53:24.581307 0.000000 udp 10.0.2.109 3683 -> 69.193.191.126 1944 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:53:29.227692 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 22:53:31.050841 0.000000 udp 10.0.2.109 3683 -> 110.142.128.245 3517 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:53:38.243834 0.073727 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 672 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:53:38.453135 0.000000 udp 10.0.2.109 3683 -> 77.92.231.157 4539 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:53:46.442931 0.055694 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 834 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:53:46.675688 0.047764 udp 10.0.2.109 3683 <-> 93.198.223.200 8279 CON 0 0 2 854 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:53:46.791367 0.062849 udp 10.0.2.109 3683 <-> 81.149.140.243 2579 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:53:46.906999 0.000000 udp 10.0.2.109 3683 -> 109.255.143.38 1551 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:53:54.644906 0.000000 udp 10.0.2.109 3683 -> 217.121.133.111 3456 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:02.746191 0.000000 udp 10.0.2.109 3683 -> 180.1.94.120 6930 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:08.634839 0.000000 udp 10.0.2.109 3683 -> 113.28.171.193 2813 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:15.925047 0.265220 udp 10.0.2.109 3683 -> 182.52.108.145 3980 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:16.190267 0.000000 icmp 182.52.108.145 0x0303 -> 10.0.2.109 0x8c0f URP 192 1 130 flow=Background 1970/02/04 22:54:20.731837 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 22:54:22.354457 0.000000 udp 10.0.2.109 3683 -> 95.240.184.129 2287 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:27.792070 0.000000 udp 10.0.2.109 3683 -> 94.86.169.242 4073 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:33.530538 0.000000 udp 10.0.2.109 3683 -> 79.45.175.227 1111 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:42.323011 0.049492 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 744 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:54:42.403889 0.000000 udp 10.0.2.109 3683 -> 2.182.171.221 1609 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:47.720596 0.000000 udp 10.0.2.109 3683 -> 218.107.210.2 5315 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:53.128873 0.060349 udp 10.0.2.109 3683 <-> 86.130.13.177 1084 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:54:53.256869 0.000000 udp 10.0.2.109 3683 -> 176.221.252.20 6733 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:54:59.157293 0.056515 udp 10.0.2.109 3683 <-> 109.152.24.108 6148 CON 0 0 2 775 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:54:59.299976 0.000000 udp 10.0.2.109 3683 -> 87.193.194.242 4425 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:55:06.209192 0.000000 udp 10.0.2.109 3683 -> 87.153.126.115 4545 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:55:10.733535 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 22:55:13.267600 0.000000 udp 10.0.2.109 3683 -> 203.69.23.7 5337 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:55:18.567669 3.054380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 22:55:20.647977 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9986 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:55:25.599601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:55:27.470237 0.000000 udp 10.0.2.109 3683 -> 59.148.253.83 6246 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:55:33.576832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:55:34.938885 0.000000 udp 10.0.2.109 3683 -> 114.42.121.191 4357 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:55:42.079363 0.000000 udp 10.0.2.109 3683 -> 2.96.249.106 4473 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:55:49.019229 0.335233 udp 10.0.2.109 3683 <-> 125.113.177.73 5828 CON 0 0 2 703 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:55:49.368901 0.000000 udp 10.0.2.109 3683 -> 98.175.165.173 8272 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:55:49.579641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:55:55.908956 0.041505 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 665 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:55:55.959311 0.000000 udp 10.0.2.109 3683 -> 69.158.43.50 5362 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:56:00.735462 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 22:56:02.368179 0.000000 udp 10.0.2.109 3683 -> 61.91.26.50 3465 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:56:09.849772 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:56:15.697188 0.000000 udp 10.0.2.109 3683 -> 124.121.85.133 2414 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:56:20.925106 0.000000 udp 10.0.2.109 3683 -> 81.107.0.17 7096 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:56:21.585526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 22:56:28.425678 0.157846 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 2 841 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:56:28.593866 0.078710 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 669 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:56:28.696579 0.049249 udp 10.0.2.109 3683 <-> 92.226.64.65 4643 CON 0 0 2 834 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:56:28.760761 0.000000 udp 10.0.2.109 3683 -> 82.147.66.13 3871 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:56:34.003630 0.000000 udp 10.0.2.109 3683 -> 176.251.222.31 6685 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:56:39.992342 0.000000 udp 10.0.2.109 3683 -> 183.62.200.114 9510 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:56:46.992715 0.000000 udp 10.0.2.109 3683 -> 79.5.150.126 9996 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:56:51.728748 0.000157 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 22:56:55.354340 0.000000 udp 10.0.2.109 3683 -> 82.69.94.9 7612 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:57:00.682239 0.000000 udp 10.0.2.109 3683 -> 113.161.77.149 4666 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:57:06.400166 0.000000 udp 10.0.2.109 3683 -> 70.12.170.103 4364 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:57:13.570619 0.000000 udp 10.0.2.109 3683 -> 105.229.25.83 3516 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:57:20.891270 0.000000 udp 10.0.2.109 3683 -> 220.246.75.127 7950 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:57:27.079913 0.000000 udp 10.0.2.109 3683 -> 220.241.218.121 8055 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:57:34.370690 0.000000 udp 10.0.2.109 3683 -> 94.179.123.27 2920 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:57:39.227230 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 22:57:43.183088 0.000000 udp 10.0.2.109 3683 -> 116.226.232.4 3821 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:57:50.814399 0.303429 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/02/04 22:57:51.127601 0.000000 udp 10.0.2.109 3683 -> 110.172.130.228 4134 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:57:59.967253 0.000000 udp 10.0.2.109 3683 -> 98.66.55.57 1355 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:58:06.606977 0.000000 udp 10.0.2.109 3683 -> 194.78.30.141 7496 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 22:58:13.116166 0.000000 udp 10.0.2.109 3683 -> 195.91.157.11 1954 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 23:02:41.595577 3.001325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 23:02:48.602439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:02:56.603826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:03:12.606653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:03:44.612654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:09:48.618739 3.001367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 23:09:55.626250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:10:03.627566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:10:19.630616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:10:51.636799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:16:55.642261 3.002122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 23:17:02.650718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:17:10.651452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:17:26.658543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:17:58.662424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:20:55.155139 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 23:20:55.155329 0.510620 tcp 10.0.2.109 52473 -> 188.129.248.221 6410 FSPA* 0 0 12 1459 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:24:02.666556 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 23:24:09.673709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:24:17.675415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:24:33.678863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:25:05.684409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:28:43.297795 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 23:28:43.297925 0.049220 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:43.347547 0.180958 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:43.528971 0.065704 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:43.595046 0.073902 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:43.669371 0.046074 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:43.715888 0.137207 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:43.853508 0.056434 udp 10.0.2.109 3683 <-> 86.151.165.203 7828 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:43.910395 0.054082 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:43.964924 0.076548 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:44.041887 0.173407 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:44.215764 0.315910 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:44.532105 0.353221 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:44.885737 0.166239 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:45.052348 0.309234 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:45.361966 0.385600 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:45.747978 0.428118 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:46.176507 0.086124 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:46.263008 0.144530 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:28:46.407905 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 23:29:01.575868 0.052075 tcp 10.0.2.109 52474 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:01.628228 0.054141 tcp 10.0.2.109 52475 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:01.682666 0.149087 tcp 10.0.2.109 52476 -> 195.113.214.211 443 SRPA* 0 0 36 30800 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:01.832287 0.163153 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:29:01.995871 0.394560 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:29:02.390823 0.389165 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:29:02.780368 0.363744 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:29:03.144496 0.317481 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:29:03.462512 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 23:29:19.770500 0.051890 tcp 10.0.2.109 52477 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:19.822752 0.051941 tcp 10.0.2.109 52478 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:19.874992 0.165513 tcp 10.0.2.109 52479 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:20.040686 0.000000 udp 10.0.2.109 3683 -> 71.17.42.83 7965 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 23:29:35.142931 0.052097 tcp 10.0.2.109 52480 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:35.195291 0.053488 tcp 10.0.2.109 52481 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:35.249069 0.149718 tcp 10.0.2.109 52482 -> 195.113.214.211 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:35.400091 0.066957 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:29:35.467496 0.000000 udp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 23:29:52.097152 0.052387 tcp 10.0.2.109 52483 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:52.149865 0.054033 tcp 10.0.2.109 52484 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:52.204192 0.147988 tcp 10.0.2.109 52485 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:29:52.351041 0.041663 udp 10.0.2.109 3683 <-> 93.198.223.200 8279 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:29:52.393167 0.056605 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:29:52.450322 0.046225 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:29:52.496962 0.000000 udp 10.0.2.109 3683 -> 86.130.13.177 1084 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 23:30:10.803745 0.052864 tcp 10.0.2.109 52486 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:30:10.856920 0.054360 tcp 10.0.2.109 52487 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:30:10.911548 0.152006 tcp 10.0.2.109 52488 -> 195.113.214.211 443 SRPA* 0 0 44 37134 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:30:11.064271 0.000000 udp 10.0.2.109 3683 -> 109.152.24.108 6148 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 23:30:26.196246 0.053517 tcp 10.0.2.109 52489 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:30:26.250203 0.053141 tcp 10.0.2.109 52490 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:30:26.303620 0.153073 tcp 10.0.2.109 52491 -> 195.113.214.211 443 SRPA* 0 0 47 25042 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:30:26.457107 0.546276 udp 10.0.2.109 3683 <-> 125.113.177.73 5828 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:30:27.003807 0.045975 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:30:27.050273 0.079382 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:30:27.130062 0.000000 udp 10.0.2.109 3683 -> 76.97.18.4 7636 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/04 23:30:44.031695 0.054577 tcp 10.0.2.109 52492 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:30:44.086624 0.053499 tcp 10.0.2.109 52493 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:30:44.140395 0.149527 tcp 10.0.2.109 52494 -> 195.113.214.211 443 SRPA* 0 0 42 37026 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:30:44.290606 0.045764 udp 10.0.2.109 3683 <-> 92.226.64.65 4643 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:30:44.336824 0.302568 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/04 23:31:09.690472 3.001284 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/04 23:31:16.697940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:31:24.699472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:31:40.701813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:32:12.708448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:38:16.714619 3.001463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 23:38:23.721703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:38:31.723563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:38:47.726154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:39:19.735012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:45:23.738920 3.001206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 23:45:30.745798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:45:38.747131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:45:54.750579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:46:26.756068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:50:55.653462 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/04 23:50:55.653575 0.823599 tcp 10.0.2.109 52495 -> 188.129.248.221 6410 FSPA* 0 0 14 1733 flow=From-Botnet-V1-TCP-Established 1970/02/04 23:54:19.769935 3.000748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/04 23:54:26.776804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:54:34.778387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:54:50.781247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/04 23:55:22.786996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:00:52.681763 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 00:00:52.681950 0.043409 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:00:52.725754 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:01:10.398933 0.053874 tcp 10.0.2.109 52496 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:01:10.453108 0.051585 tcp 10.0.2.109 52497 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:01:10.505047 0.168271 tcp 10.0.2.109 52498 -> 195.113.214.211 443 SRPA* 0 0 82 58418 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:01:10.674022 0.000000 udp 10.0.2.109 3683 -> 71.17.42.83 7965 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:01:27.592226 0.052002 tcp 10.0.2.109 52499 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:01:27.644542 0.052475 tcp 10.0.2.109 52500 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:01:27.697307 0.152802 tcp 10.0.2.109 52501 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:01:27.850830 0.000000 udp 10.0.2.109 3683 -> 81.149.140.243 2579 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:01:43.925879 0.054108 tcp 10.0.2.109 52502 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:01:43.980295 0.054720 tcp 10.0.2.109 52503 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:01:44.035306 0.149652 tcp 10.0.2.109 52504 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:01:44.185639 0.000000 udp 10.0.2.109 3683 -> 86.130.13.177 1084 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:01:47.804270 3.000677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 00:01:54.810956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:01:59.979141 0.054664 tcp 10.0.2.109 52505 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:00.034096 0.054286 tcp 10.0.2.109 52506 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:00.088295 0.149005 tcp 10.0.2.109 52507 -> 195.113.214.211 443 SRPA* 0 0 46 25746 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:00.237791 0.000000 udp 10.0.2.109 3683 -> 109.152.24.108 6148 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:02:02.811655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:02:17.984780 0.052163 tcp 10.0.2.109 52508 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:18.037198 0.053544 tcp 10.0.2.109 52509 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:18.091058 0.152271 tcp 10.0.2.109 52510 -> 195.113.214.211 443 SRPA* 0 0 41 22634 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:18.243850 0.000000 udp 10.0.2.109 3683 -> 76.97.18.4 7636 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:02:18.814670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:02:35.179232 0.053052 tcp 10.0.2.109 52511 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:35.232587 0.055946 tcp 10.0.2.109 52512 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:35.288832 0.147345 tcp 10.0.2.109 52513 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:35.436987 0.000000 udp 10.0.2.109 3683 -> 86.151.165.203 7828 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:02:50.821429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:02:51.483056 0.052523 tcp 10.0.2.109 52514 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:51.535913 0.057427 tcp 10.0.2.109 52515 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:51.593635 0.152308 tcp 10.0.2.109 52516 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:02:51.746709 0.180971 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:51.928175 0.146171 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:52.074804 0.046181 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:52.121428 0.063309 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:52.185110 0.048947 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:52.234589 0.049550 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:52.284610 0.080310 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:52.365305 0.072318 udp 10.0.2.109 3683 <-> 81.149.180.182 1629 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:52.438048 0.168547 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:52.607033 0.356555 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:52.963970 0.348562 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:53.312990 0.166851 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:53.480295 0.308131 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:53.788808 0.350911 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:54.140183 0.142946 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:54.283517 0.086538 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:54.370499 0.079991 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:54.450862 0.150480 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:54.601719 0.527321 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:55.129505 0.394509 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:55.524377 0.372201 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:55.897064 0.316510 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:56.214023 0.076081 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:56.290499 0.041061 udp 10.0.2.109 3683 <-> 93.198.223.200 8279 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:56.331943 0.050647 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:56.383015 0.055320 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:02:56.438750 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:03:14.675806 0.052275 tcp 10.0.2.109 52517 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:03:14.728380 0.055291 tcp 10.0.2.109 52518 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:03:14.783939 0.157260 tcp 10.0.2.109 52519 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:03:14.941825 0.326980 udp 10.0.2.109 3683 <-> 125.113.177.73 5828 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:03:15.269176 0.072595 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:03:15.342299 0.046935 udp 10.0.2.109 3683 <-> 92.226.64.65 4643 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:03:15.389657 0.314085 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:09:15.828137 3.000902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 00:09:22.834542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:09:30.836737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:09:46.839305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:10:18.845426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:16:22.852057 3.001092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 00:16:29.858672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:16:37.863509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:16:53.874802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:17:25.879217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:20:56.483161 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 00:20:56.483357 0.527319 tcp 10.0.2.109 52520 -> 188.129.248.221 6410 FSPA* 0 0 14 1506 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:23:29.886573 3.000736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 00:23:36.894561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:23:44.893955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:24:00.903584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:24:32.903342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:30:36.909554 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 00:30:43.916999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:30:51.918567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:31:07.925331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:31:39.927558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:33:23.987220 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 00:33:23.987428 0.000000 udp 10.0.2.109 3683 -> 86.151.165.203 7828 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:33:42.757590 0.054170 tcp 10.0.2.109 52521 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:33:42.812070 0.053775 tcp 10.0.2.109 52522 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:33:42.866207 0.152080 tcp 10.0.2.109 52523 -> 195.113.214.211 443 SRPA* 0 0 43 36392 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:33:43.018994 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:33:59.839541 0.053872 tcp 10.0.2.109 52524 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:33:59.893808 0.053453 tcp 10.0.2.109 52525 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:33:59.947519 0.163023 tcp 10.0.2.109 52526 -> 195.113.214.211 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:34:00.111058 0.046699 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:00.158160 0.046731 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:00.205303 0.081696 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:00.287497 0.048534 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:00.336507 0.048964 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:00.385910 0.095026 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:00.481353 0.179674 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:00.661400 0.136287 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:00.798230 0.333069 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:01.131701 0.000000 udp 10.0.2.109 3683 -> 81.149.180.182 1629 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:34:18.726477 0.053803 tcp 10.0.2.109 52527 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:34:18.780563 0.057393 tcp 10.0.2.109 52528 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:34:18.838249 0.151055 tcp 10.0.2.109 52529 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:34:18.989813 0.169312 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:19.159528 0.345143 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:19.505125 0.165498 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:19.671031 0.143799 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:19.815265 0.355978 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:20.171662 0.307118 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:20.479166 0.167383 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:20.646950 0.088872 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:20.736207 0.082158 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:20.818776 0.395441 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:21.214655 0.568388 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:21.783423 0.072188 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:21.856071 0.044036 udp 10.0.2.109 3683 <-> 93.198.223.200 8279 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:21.900592 0.376120 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:22.277167 0.317433 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:22.595074 0.056447 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:22.651891 0.000000 udp 10.0.2.109 3683 -> 217.36.212.73 6627 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 00:34:40.397625 0.052966 tcp 10.0.2.109 52530 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:34:40.450880 0.053525 tcp 10.0.2.109 52531 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:34:40.504722 0.158476 tcp 10.0.2.109 52532 -> 195.113.214.211 443 SRPA* 0 0 58 39024 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:34:40.663849 0.045234 udp 10.0.2.109 3683 <-> 92.226.64.65 4643 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:40.709530 0.319788 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:41.029760 0.693624 udp 10.0.2.109 3683 <-> 125.113.177.73 5828 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:34:41.723806 0.073203 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/05 00:37:43.933990 3.000992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 00:37:50.940880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:37:58.942821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:38:14.945361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:38:46.951261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:44:50.957597 3.059358 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 00:44:57.989355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:45:05.975896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:45:21.979225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:45:53.985118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:50:57.011526 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 00:50:57.011726 0.584617 tcp 10.0.2.109 52533 -> 188.129.248.221 6410 FSPA* 0 0 14 1508 flow=From-Botnet-V1-TCP-Established 1970/02/05 00:54:03.993613 3.000105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 00:54:11.000070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:54:19.000783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:54:35.004415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 00:55:07.010258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:01:16.024219 3.001139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 01:01:23.030861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:01:31.032882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:01:47.035564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:02:19.041557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:05:00.915071 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 01:05:00.915193 0.000000 udp 10.0.2.109 3683 -> 81.149.180.182 1629 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 01:05:18.028710 0.054221 tcp 10.0.2.109 52534 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:05:18.083210 0.053722 tcp 10.0.2.109 52535 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:05:18.137280 0.159763 tcp 10.0.2.109 52536 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:05:18.297707 0.045055 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:18.343202 0.054113 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:18.397765 0.049132 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:18.447340 0.046134 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:18.493857 0.180515 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:18.674821 0.137656 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:18.812836 0.047227 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:18.860465 0.081232 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:18.942045 0.064147 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:19.006540 0.326166 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:19.333096 0.164692 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:19.498186 0.142875 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:19.641477 0.181976 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:19.823781 0.347565 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:20.171768 0.154187 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:20.326374 0.081346 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:20.408104 0.327831 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:20.736397 0.308811 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:21.045596 0.345832 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:21.391803 0.040873 udp 10.0.2.109 3683 <-> 93.198.223.200 8279 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:21.433048 0.390844 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:21.824267 0.416682 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:22.241357 0.068924 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:22.310721 0.055452 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:22.366518 0.318176 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:22.685076 0.364173 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:23.049653 0.046099 udp 10.0.2.109 3683 <-> 92.226.64.65 4643 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:23.096172 0.291511 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:23.388033 0.416707 udp 10.0.2.109 3683 <-> 125.113.177.73 5828 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:05:23.805166 0.071117 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:08:47.052438 3.001005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 01:08:54.059560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:09:02.061030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:09:18.063671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:09:50.070036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:15:56.080290 3.000427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 01:16:03.086013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:16:11.087855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:16:27.094951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:16:59.097173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:20:57.600902 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 01:20:57.601069 0.558977 tcp 10.0.2.109 52537 -> 188.129.248.221 6410 FSPA* 0 0 14 1584 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:23:03.102535 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 01:23:10.110353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:23:18.111738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:23:34.115667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:24:06.120859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:30:10.126922 3.001750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 01:30:17.134061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:30:25.136060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:30:41.138929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:31:13.147707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:35:30.465164 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 01:35:30.465328 0.046213 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:30.511924 0.048472 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:30.560771 0.049047 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:30.610315 0.046113 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:30.656815 0.178154 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:30.835364 0.138830 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:30.974563 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 01:35:49.113021 0.057563 tcp 10.0.2.109 52538 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:35:49.170859 0.054918 tcp 10.0.2.109 52539 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:35:49.226075 0.152445 tcp 10.0.2.109 52540 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:35:49.379054 0.085332 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:49.464791 0.065508 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:49.530754 0.145187 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:49.676342 0.167520 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:49.844259 0.349508 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:50.194155 0.151221 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:50.345817 0.350994 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:50.697234 0.166028 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:50.863697 0.093480 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:50.957633 0.136339 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:51.094393 0.310777 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:51.405564 0.388928 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:51.794910 0.401567 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:52.196876 0.071785 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:52.269126 0.393678 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:52.663236 0.046375 udp 10.0.2.109 3683 <-> 93.198.223.200 8279 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:52.710022 0.055346 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:35:52.765731 0.000000 udp 10.0.2.109 3683 -> 210.223.5.134 7099 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 01:36:08.990953 0.052075 tcp 10.0.2.109 52541 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:36:09.043393 0.053470 tcp 10.0.2.109 52542 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:36:09.097231 0.151695 tcp 10.0.2.109 52543 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:36:09.249401 0.365778 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:36:09.615567 0.045733 udp 10.0.2.109 3683 <-> 92.226.64.65 4643 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:36:09.661675 0.074110 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:36:09.736177 0.290631 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:36:10.027175 0.481674 udp 10.0.2.109 3683 <-> 125.113.177.73 5828 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/05 01:37:17.151868 3.000537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 01:37:24.160502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:37:32.159697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:37:48.162912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:38:20.168727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:44:24.181136 2.995778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 01:44:31.182008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:44:39.183832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:44:55.186959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:45:27.193354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:50:58.159406 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 01:50:58.159592 0.523170 tcp 10.0.2.109 52544 -> 188.129.248.221 6410 FSPA* 0 0 14 1690 flow=From-Botnet-V1-TCP-Established 1970/02/05 01:53:50.208603 3.001998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 01:53:57.216489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:54:05.219464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:54:21.220716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 01:54:53.226749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:00:57.237332 2.999589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 02:01:04.240105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:01:12.241405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:01:28.244775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:02:00.250808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:06:31.360513 0.000155 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 02:06:31.360768 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 02:06:49.528260 0.053711 tcp 10.0.2.109 52545 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:06:49.582344 0.053098 tcp 10.0.2.109 52546 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:06:49.635714 0.153904 tcp 10.0.2.109 52547 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:06:49.790346 0.000000 udp 10.0.2.109 3683 -> 210.223.5.134 7099 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 02:07:06.971657 0.052870 tcp 10.0.2.109 52548 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:07:07.024806 0.052932 tcp 10.0.2.109 52549 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:07:07.078037 0.244204 tcp 10.0.2.109 52550 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:07:07.322744 0.049149 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:07.372345 0.180432 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:07.553239 0.144678 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:07.698461 0.049136 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:07.747992 0.049836 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:07.798233 0.051290 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:07.849987 0.083394 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:07.933781 0.167251 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:08.101453 0.142929 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:08.244824 0.060522 udp 10.0.2.109 3683 <-> 86.161.161.197 7979 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:08.305804 0.349211 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:08.655434 0.166725 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:08.822538 0.095294 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:08.918223 0.081257 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:08.999883 0.335610 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:09.335967 0.153526 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:09.489940 0.309886 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:09.800231 0.393383 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:10.193974 0.382576 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:10.576959 0.040548 udp 10.0.2.109 3683 <-> 93.198.223.200 8279 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:10.658030 0.056200 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:10.714716 0.386256 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:11.101342 0.074971 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:11.176733 0.000000 udp 10.0.2.109 3683 -> 92.226.64.65 4643 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 02:07:29.043557 0.055144 tcp 10.0.2.109 52551 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:07:29.098961 0.054342 tcp 10.0.2.109 52552 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:07:29.153591 0.150735 tcp 10.0.2.109 52553 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:07:29.304835 0.070987 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:29.376213 0.327319 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:29.703912 0.380553 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:07:30.084873 0.000000 udp 10.0.2.109 3683 -> 125.113.177.73 5828 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 02:07:48.201941 0.052611 tcp 10.0.2.109 52554 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:07:48.254924 0.053592 tcp 10.0.2.109 52555 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:07:48.308842 0.149943 tcp 10.0.2.109 52556 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:08:21.271187 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 02:08:28.278830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:08:36.280052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:08:52.283310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:09:24.289185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:15:38.299867 3.001050 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 02:15:45.307227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:15:53.308474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:16:09.311399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:16:41.317547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:20:58.690903 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 02:20:58.691050 0.822336 tcp 10.0.2.109 52557 -> 188.129.248.221 6410 FSPA* 0 0 14 1507 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:22:49.329398 3.001408 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 02:22:56.336708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:23:04.337822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:23:20.340904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:23:52.357194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:29:56.362852 3.003726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 02:30:03.371249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:30:11.372002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:30:27.374817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:30:59.381116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:37:03.391090 2.997556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 02:37:10.394428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:37:18.395911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:37:34.398945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:38:06.405039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:38:16.580050 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 02:38:16.580240 0.000000 udp 10.0.2.109 3683 -> 92.226.64.65 4643 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 02:38:35.017687 0.053857 tcp 10.0.2.109 52558 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:38:35.071882 0.053563 tcp 10.0.2.109 52559 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:38:35.125676 0.143115 tcp 10.0.2.109 52560 -> 195.113.214.211 443 SRPA* 0 0 45 37188 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:38:35.269347 0.000000 udp 10.0.2.109 3683 -> 125.113.177.73 5828 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 02:38:51.470158 0.053593 tcp 10.0.2.109 52561 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:38:51.523985 0.058444 tcp 10.0.2.109 52562 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:38:51.582752 0.153212 tcp 10.0.2.109 52563 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:38:51.736548 0.137863 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:38:51.874814 0.186542 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:38:52.061805 0.046494 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:38:52.108756 0.049289 udp 10.0.2.109 3683 <-> 78.96.45.170 8005 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:38:52.158643 0.081358 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:38:52.240429 0.169299 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:38:52.410231 0.142593 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:38:52.553243 0.000000 udp 10.0.2.109 3683 -> 86.161.161.197 7979 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 02:39:07.814151 0.052756 tcp 10.0.2.109 52564 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:39:07.867268 0.053656 tcp 10.0.2.109 52565 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:39:07.921269 0.157986 tcp 10.0.2.109 52566 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:39:08.079964 0.346539 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:08.426921 0.164782 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:08.592123 0.093375 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:08.685905 0.044387 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:08.730699 0.048424 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:08.779593 0.360831 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:09.140835 0.151988 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:09.293197 0.078509 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:09.372146 0.309154 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:09.681661 0.041428 udp 10.0.2.109 3683 <-> 93.198.223.200 8279 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:09.723441 0.055382 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:09.779266 0.416334 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:10.196060 0.068831 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:10.265305 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 02:39:26.971610 0.053123 tcp 10.0.2.109 52567 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:39:27.025071 0.055076 tcp 10.0.2.109 52568 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:39:27.080422 0.159232 tcp 10.0.2.109 52569 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:39:27.240177 0.394103 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:27.634750 0.301107 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:27.936241 0.076164 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:39:28.012881 0.362782 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/05 02:44:10.412080 3.014317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 02:44:17.431802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:44:25.429856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:44:41.432972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:45:13.438870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:50:59.507188 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 02:50:59.507349 0.476027 tcp 10.0.2.109 52570 -> 188.129.248.221 6410 FSPA* 0 0 14 1685 flow=From-Botnet-V1-TCP-Established 1970/02/05 02:53:38.447620 3.001605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 02:53:45.455356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:53:53.456783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:54:09.459627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 02:54:41.465573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:00:45.471625 3.001655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 03:00:52.479047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:01:00.480482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:01:16.483799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:01:48.492825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:07:54.498621 3.001929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 03:08:01.505802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:08:09.507669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:08:25.510810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:08:57.516783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:09:40.559014 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:09:40.559136 0.000000 udp 10.0.2.109 3683 -> 86.161.161.197 7979 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:09:56.993654 0.031629 tcp 10.0.2.109 52571 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:09:57.025634 0.056433 tcp 10.0.2.109 52572 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:09:57.082356 0.136022 tcp 10.0.2.109 52573 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:09:57.219026 0.352824 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:09:57.572308 0.136406 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:09:57.709143 0.078917 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:09:57.788461 0.165792 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:09:57.954655 0.142623 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:09:58.097687 0.046232 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:09:58.144342 0.186702 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:09:58.331462 0.000000 udp 10.0.2.109 3683 -> 78.96.45.170 8005 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:10:15.158378 0.031720 tcp 10.0.2.109 52574 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:10:15.190397 0.034545 tcp 10.0.2.109 52575 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:10:15.225203 0.134631 tcp 10.0.2.109 52576 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:10:15.360330 0.163824 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:15.524583 0.346927 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:15.871944 0.044363 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:15.916671 0.054541 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:15.971628 0.087262 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:16.059299 0.311184 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:16.370872 0.000000 udp 10.0.2.109 3683 -> 93.198.223.200 8279 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:10:33.565439 0.032173 tcp 10.0.2.109 52577 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:10:33.597925 0.033113 tcp 10.0.2.109 52578 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:10:33.631402 0.154519 tcp 10.0.2.109 52579 -> 195.113.214.211 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:10:33.786604 0.055668 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:33.842677 0.152187 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:33.995328 0.388162 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:34.383832 0.130145 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:34.514371 0.343871 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:34.858675 0.070767 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:34.929831 0.391750 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:35.321944 0.377610 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:35.699921 0.303996 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:10:36.004313 0.076999 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:15:08.532586 3.001898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 03:15:15.539919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:15:23.541457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:15:39.544308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:16:11.550606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:20:59.985704 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:20:59.985821 0.577019 tcp 10.0.2.109 52580 -> 188.129.248.221 6410 FSPA* 0 0 14 1616 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:22:15.556524 3.001224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 03:22:22.563764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:22:30.582914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:22:46.579054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:23:18.584466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:29:22.591176 3.001307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 03:29:29.598802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:29:37.599951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:29:53.604596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:30:25.608718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:36:29.613823 3.002619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 03:36:36.621775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:36:44.623367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:37:00.626329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:37:32.632526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:41:02.955461 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:41:02.955583 0.000000 udp 10.0.2.109 3683 -> 78.96.45.170 8005 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:41:21.713971 0.032677 tcp 10.0.2.109 52581 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:41:21.746964 0.035385 tcp 10.0.2.109 52582 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:41:21.782827 0.264287 tcp 10.0.2.109 52583 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:41:22.047712 0.000000 udp 10.0.2.109 3683 -> 93.198.223.200 8279 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:41:40.224890 0.029334 tcp 10.0.2.109 52584 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:41:40.254012 0.032230 tcp 10.0.2.109 52585 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:41:40.286508 0.136249 tcp 10.0.2.109 52586 -> 195.113.214.211 443 SRPA* 0 0 43 37080 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:41:40.423280 4.952666 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 4 1237 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:40.770378 4.255686 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1325 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:40.909569 4.513036 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1020 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:40.955763 4.649295 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1242 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:41.136490 4.612271 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 4 1194 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:41.280921 4.639049 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 4 998 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:41.455641 4.529996 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 4 1183 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:41.533123 4.492437 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 4 1220 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:41.584596 4.488338 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1185 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:41.631913 4.519894 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 4 1009 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:41.720965 4.740930 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 4 1024 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:42.030896 4.597059 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 4 1100 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:42.197512 4.780446 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 4 1383 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:42.546844 4.488335 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 4 1181 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:42.610956 4.593634 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 4 1416 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:42.766305 0.330912 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:43.097603 4.514599 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 4 1046 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:43.315012 4.647576 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 4 1126 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:43.656944 4.385532 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 4 1203 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:43.728787 0.299195 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:44.028364 4.420262 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 4 1275 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:44.102926 4.736763 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 4 1107 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:44.507516 4.696258 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 4 1063 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:48.042949 0.332434 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:49.204271 0.301509 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 824 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:49.506549 0.075898 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 852 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:41:49.701559 0.000000 udp 10.0.2.109 3683 -> 77.92.231.157 4539 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:41:57.263340 0.000000 udp 10.0.2.109 3683 -> 99.228.230.225 8319 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:42:03.241683 0.057783 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:42:03.317282 0.000000 udp 10.0.2.109 3683 -> 79.38.212.8 1959 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:42:10.862668 0.000000 udp 10.0.2.109 3683 -> 69.158.43.50 5362 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:42:18.914205 0.000000 udp 10.0.2.109 3683 -> 5.146.171.52 7876 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:42:26.074719 0.000000 udp 10.0.2.109 3683 -> 115.85.46.146 6453 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:42:30.730860 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:42:32.103350 0.000000 udp 10.0.2.109 3683 -> 151.250.199.143 3690 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:42:38.272614 0.190186 udp 10.0.2.109 3683 <-> 71.17.42.83 7965 CON 0 0 2 756 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:42:38.488726 0.000000 udp 10.0.2.109 3683 -> 77.10.247.45 3056 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:42:47.345075 0.000000 udp 10.0.2.109 3683 -> 200.88.99.25 5151 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:42:52.803551 0.000000 udp 10.0.2.109 3683 -> 203.80.246.166 7383 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:42:58.320849 0.000000 udp 10.0.2.109 3683 -> 79.38.30.118 7292 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:43:05.361145 0.000000 udp 10.0.2.109 3683 -> 46.197.185.32 2950 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:43:11.980448 0.000000 udp 10.0.2.109 3683 -> 69.193.191.126 1944 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:43:16.727016 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:43:19.401036 0.000000 udp 10.0.2.109 3683 -> 219.92.87.114 3897 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:43:24.498449 0.000000 udp 10.0.2.109 3683 -> 80.57.26.245 2909 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:43:31.989288 0.000000 udp 10.0.2.109 3683 -> 213.137.23.83 2376 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:43:36.638668 3.010687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 03:43:38.104969 0.000000 udp 10.0.2.109 3683 -> 81.159.39.241 5649 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:43:43.645612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:43:43.776059 0.000000 udp 10.0.2.109 3683 -> 95.250.42.70 5104 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:43:50.036979 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:43:51.647530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:43:58.959593 0.000000 udp 10.0.2.109 3683 -> 2.232.116.128 6126 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:44:03.724481 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:44:07.189704 0.042732 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 836 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:44:07.448877 0.000000 udp 10.0.2.109 3683 -> 81.86.1.154 7878 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:44:07.650942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:44:13.178420 0.000000 udp 10.0.2.109 3683 -> 195.212.29.163 4504 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:44:21.253336 0.000000 udp 10.0.2.109 3683 -> 79.210.38.227 2613 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:44:29.752456 0.326778 udp 10.0.2.109 3683 <-> 116.203.239.246 8602 CON 0 0 2 808 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:44:30.105435 0.000000 udp 10.0.2.109 3683 -> 123.237.166.131 5802 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:44:35.300767 0.000000 udp 10.0.2.109 3683 -> 79.78.244.35 4087 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:44:39.655992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:44:43.622214 0.000000 udp 10.0.2.109 3683 -> 66.49.127.38 7089 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:44:48.229168 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:44:49.931414 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:44:56.811205 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:45:05.744918 0.000000 udp 10.0.2.109 3683 -> 116.72.249.58 8195 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:45:13.744922 0.000000 udp 10.0.2.109 3683 -> 79.5.50.198 6806 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:45:19.984908 0.000000 udp 10.0.2.109 3683 -> 188.95.23.140 7168 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:45:27.345009 0.000000 udp 10.0.2.109 3683 -> 82.189.216.74 5286 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:45:33.525247 0.000000 udp 10.0.2.109 3683 -> 84.113.113.103 2357 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:45:38.231354 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:45:41.365215 0.000000 udp 10.0.2.109 3683 -> 157.122.144.90 3414 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:45:46.442964 0.000000 udp 10.0.2.109 3683 -> 79.39.156.129 1216 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:45:54.123580 0.000000 udp 10.0.2.109 3683 -> 212.54.184.25 3664 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:46:02.996063 0.000000 udp 10.0.2.109 3683 -> 212.18.43.213 4375 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:46:08.794630 0.000000 udp 10.0.2.109 3683 -> 78.96.45.170 8005 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:46:17.166587 0.000000 udp 10.0.2.109 3683 -> 65.75.17.94 7203 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:46:25.248842 0.000000 udp 10.0.2.109 3683 -> 86.169.177.193 5570 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:46:30.225250 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:46:32.308913 0.000000 udp 10.0.2.109 3683 -> 82.69.94.9 7612 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:46:37.605892 0.252796 udp 10.0.2.109 3683 <-> 14.97.244.67 1405 CON 0 0 2 792 flow=From-Botnet-V1-UDP-Established 1970/02/05 03:46:37.928802 0.000000 udp 10.0.2.109 3683 -> 122.168.156.110 6576 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:46:44.606543 0.000000 udp 10.0.2.109 3683 -> 95.254.205.218 6381 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:46:49.853258 0.000000 udp 10.0.2.109 3683 -> 151.84.80.40 6801 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:46:57.895395 0.000000 udp 10.0.2.109 3683 -> 86.156.144.174 1440 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:47:04.199534 0.000000 udp 10.0.2.109 3683 -> 72.67.117.12 9902 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 03:50:43.664881 3.003085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 03:50:50.669672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:50:58.671344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:51:00.564130 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 03:51:00.564215 0.571131 tcp 10.0.2.109 52587 -> 188.129.248.221 6410 FSPA* 0 0 14 1597 flow=From-Botnet-V1-TCP-Established 1970/02/05 03:51:14.674270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:51:46.680660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:57:50.685779 3.002201 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 03:57:57.693161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:58:05.695092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:58:21.697873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 03:58:53.703904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:05:21.715089 3.001591 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 04:05:28.722322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:05:36.723857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:05:52.726196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:06:24.732816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:12:28.739132 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 04:12:35.745659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:12:43.747777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:12:59.750685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:13:31.757139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:17:23.289960 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 04:17:23.290182 0.046654 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:23.337275 0.181320 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:23.518972 0.145055 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:23.664507 0.145501 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:23.810471 0.347962 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:24.158899 0.167655 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:24.326942 0.075400 udp 10.0.2.109 3683 <-> 109.145.168.22 8602 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:24.402719 0.046462 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:24.449580 0.052149 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:24.502242 0.088172 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:24.590792 0.310169 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:24.901389 0.164158 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:25.065970 0.353293 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:25.419681 0.056200 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:25.476285 0.155122 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:25.631806 0.080491 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:25.712671 0.066986 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:25.780055 0.329464 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:26.109944 0.074225 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:26.184568 0.388729 rtcp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:26.573692 0.347417 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:26.921530 0.072736 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:26.994680 0.365554 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:27.360668 0.304088 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:27.665109 0.055543 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:27.721024 0.000000 udp 10.0.2.109 3683 -> 71.17.42.83 7965 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 04:17:45.878452 0.052865 tcp 10.0.2.109 52588 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:17:45.931610 0.053134 tcp 10.0.2.109 52589 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:17:45.985059 0.225422 tcp 10.0.2.109 52590 -> 195.113.214.211 443 SRPA* 0 0 49 29981 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:17:46.211166 0.041598 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:46.253230 0.256517 udp 10.0.2.109 3683 <-> 116.203.239.246 8602 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:17:46.510125 0.238478 udp 10.0.2.109 3683 <-> 14.97.244.67 1405 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:19:40.769365 3.002252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 04:19:47.777610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:19:55.779049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:20:11.781991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:20:43.788699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:21:01.143411 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 04:21:01.143511 0.479165 tcp 10.0.2.109 52591 -> 188.129.248.221 6410 FSPA* 0 0 14 1522 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:26:51.803056 3.067305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 04:26:58.850256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:27:06.820566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:27:22.827761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:27:54.827685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:33:58.833256 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 04:34:05.842665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:34:13.842538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:34:29.845580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:35:01.851610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:41:05.857831 3.001586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 04:41:12.865239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:41:20.866726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:41:36.869514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:42:08.875439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:48:06.219867 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 04:48:06.219975 0.000000 udp 10.0.2.109 3683 -> 71.17.42.83 7965 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 04:48:12.882767 3.000625 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 04:48:19.888978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:48:22.094200 0.053513 tcp 10.0.2.109 52592 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:48:22.147958 0.053415 tcp 10.0.2.109 52593 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:48:22.201726 0.181419 tcp 10.0.2.109 52594 -> 195.113.214.211 443 SRPA* 0 0 50 34438 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:48:22.383876 0.143238 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:22.527523 0.144331 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:22.672220 0.046682 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:22.719248 0.181135 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:22.900807 0.166031 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:23.067286 0.000000 udp 10.0.2.109 3683 -> 109.145.168.22 8602 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 04:48:27.890460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:48:41.971560 0.091551 tcp 10.0.2.109 52595 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:48:42.063374 0.058345 tcp 10.0.2.109 52596 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:48:42.122055 0.153495 tcp 10.0.2.109 52597 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:48:42.276105 0.050966 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:42.327480 0.048596 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:42.376475 0.340532 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:42.717471 0.310377 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:43.028218 0.083428 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:43.112099 0.055330 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:43.167847 0.152187 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:43.320435 0.081885 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:43.402801 0.068161 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:43.471360 0.163711 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:43.635454 0.350212 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:43.893308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:48:43.986058 0.344031 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:44.330452 0.320111 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:44.650992 0.073997 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:44.725400 0.388358 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:45.114258 0.321105 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:45.435842 0.055950 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:45.492212 0.366159 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:45.858745 0.070671 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:45.929833 0.256223 udp 10.0.2.109 3683 <-> 14.97.244.67 1405 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:48:46.186476 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 04:49:03.041618 0.053412 tcp 10.0.2.109 52598 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:49:03.095335 0.057274 tcp 10.0.2.109 52599 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:49:03.152895 0.146591 tcp 10.0.2.109 52600 -> 195.113.214.211 443 SRPA* 0 0 21 13032 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:49:03.300081 0.307069 udp 10.0.2.109 3683 <-> 116.203.239.246 8602 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/05 04:49:15.899734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:51:01.621762 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 04:51:01.621925 0.429262 tcp 10.0.2.109 52601 -> 188.129.248.221 6410 FSPA* 0 0 14 1705 flow=From-Botnet-V1-TCP-Established 1970/02/05 04:55:42.908757 3.001869 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 04:55:49.916112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:55:57.917330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:56:13.920777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 04:56:45.926715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:02:49.932214 3.002199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 05:02:56.940088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:03:05.051256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:03:20.954793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:03:52.960510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:09:56.968233 2.999839 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 05:10:03.973687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:10:11.975372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:10:27.978815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:10:59.984186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:17:03.991826 2.999905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 05:17:10.998247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:17:18.999678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:17:35.002626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:18:07.008786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:19:32.501883 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 05:19:32.502034 0.000000 udp 10.0.2.109 3683 -> 109.145.168.22 8602 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 05:19:50.495586 0.055801 tcp 10.0.2.109 52602 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:19:50.551612 0.055694 tcp 10.0.2.109 52603 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:19:50.607618 0.152096 tcp 10.0.2.109 52604 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:19:50.760412 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 05:20:08.263548 0.053484 tcp 10.0.2.109 52605 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:20:08.317333 0.052107 tcp 10.0.2.109 52606 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:20:08.369721 0.179474 tcp 10.0.2.109 52607 -> 195.113.214.211 443 SRPA* 0 0 41 31962 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:20:08.549704 0.180796 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:08.730854 0.143684 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:08.874871 0.045815 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:08.921040 0.143223 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:09.064632 0.174862 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:09.239900 0.050989 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:09.291367 0.349922 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:09.641713 0.046963 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:09.689139 0.351201 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:10.040762 0.153087 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:10.194396 0.084967 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:10.279746 0.071493 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:10.351603 0.166191 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:10.518339 0.055362 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:10.574047 0.087830 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:10.662428 0.073359 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:10.736177 0.378750 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:11.115329 0.341737 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:11.457474 0.316419 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:11.774310 0.055615 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:11.830336 0.367147 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:12.197875 0.307312 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:12.505598 0.387121 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:12.893137 0.000000 udp 10.0.2.109 3683 -> 14.97.244.67 1405 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 05:20:29.243792 0.064274 tcp 10.0.2.109 52608 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:20:29.308387 0.054340 tcp 10.0.2.109 52609 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:20:29.363054 0.213568 tcp 10.0.2.109 52610 -> 195.113.214.211 443 SRPA* 0 0 35 18208 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:20:29.577124 0.069093 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:20:29.646628 0.284340 udp 10.0.2.109 3683 <-> 116.203.239.246 8602 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:21:02.050569 0.691075 tcp 10.0.2.109 52611 -> 188.129.248.221 6410 FSPA* 0 0 14 1628 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:24:12.015966 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 05:24:19.023245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:24:27.025024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:24:43.027737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:25:15.033799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:31:19.041600 3.000219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 05:31:26.047648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:31:34.049072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:31:50.051846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:32:22.057909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:38:26.063996 3.001724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 05:38:33.071616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:38:41.072894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:38:57.075983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:39:29.085459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:45:33.087886 3.001506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 05:45:40.095322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:45:48.096867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:46:04.099708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:46:36.107276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:50:46.085699 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 05:50:46.085815 0.222920 udp 10.0.2.109 3683 -> 14.97.244.67 1405 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 05:50:46.308735 0.000000 icmp 14.97.244.67 0x0303 -> 10.0.2.109 0x7d05 URP 192 1 260 flow=Background 1970/02/05 05:51:02.749624 0.599636 tcp 10.0.2.109 52612 -> 188.129.248.221 6410 FSPA* 0 0 14 1643 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:03.728079 0.049819 tcp 10.0.2.109 52613 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:03.778157 0.050643 tcp 10.0.2.109 52614 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:03.829127 0.153013 tcp 10.0.2.109 52615 -> 195.113.214.211 443 SRPA* 0 0 56 40072 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:03.982975 0.143479 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:04.126858 0.045846 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:04.173124 0.156762 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:04.330317 0.181003 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:04.511746 0.049396 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:04.561547 0.167849 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:04.729821 0.052530 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:04.782788 0.350462 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:05.133684 0.155855 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:05.289941 0.072737 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:05.363067 0.073184 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:05.436632 0.167883 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:05.604900 0.055361 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:05.660616 0.088671 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:05.749675 0.000000 udp 10.0.2.109 3683 -> 217.35.89.25 3889 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 05:51:21.379278 0.049551 tcp 10.0.2.109 52616 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:21.429073 0.051239 tcp 10.0.2.109 52617 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:21.480662 0.260079 tcp 10.0.2.109 52618 -> 195.113.214.211 443 SRPA* 0 0 27 11858 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:21.739234 0.332795 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:22.072438 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 05:51:40.183705 0.049143 tcp 10.0.2.109 52619 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:40.233151 0.051466 tcp 10.0.2.109 52620 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:40.284862 0.161116 tcp 10.0.2.109 52621 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:40.446680 0.347983 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:40.795035 0.370927 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:41.166568 0.329330 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:41.496266 0.324607 udp 10.0.2.109 3683 <-> 118.9.122.42 3402 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:41.821296 0.364116 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:42.185896 0.391513 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:42.577812 0.071817 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:42.650022 0.994876 udp 10.0.2.109 3683 <-> 116.203.239.246 8602 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/05 05:51:43.646167 4.423095 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 SPA_* 0 0 20 11401 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:49.260798 4.492320 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 11 8786 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:51:54.605585 3.303300 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 19 15362 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:00.188689 3.999445 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 14 13044 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:05.308351 4.616797 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 12 10888 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:12.588590 4.427507 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 23 18870 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:19.182438 4.359505 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 25 20586 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:26.222198 4.483282 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 22 19620 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:31.441872 3.299025 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 22 18920 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:36.781280 4.949774 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 17 13206 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:42.261444 4.867185 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 6 4492 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:47.329583 4.526132 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 15 11626 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:52.694438 4.333930 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 11 10030 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:52:57.974726 3.585098 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 19 16866 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:53:03.434449 4.713574 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 12 9488 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:53:09.169500 3.158785 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 31 22906 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:53:15.768429 4.399038 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 16 13152 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:53:21.787778 4.312882 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 17 15150 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:53:28.507983 4.566975 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 13 11486 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:53:34.068243 4.906461 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 6 5400 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:53:39.173933 4.352480 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 14 9576 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:53:46.248533 4.246800 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 17 14502 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:03.307837 4.626483 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 15 6950 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:08.687554 4.645569 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 35 14466 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:14.813587 3.420205 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 19 11830 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:20.794101 4.336286 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 18 7784 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:23.227504 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 05:54:25.113924 3.000616 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 05:54:27.039943 3.463301 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 11 6358 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:32.120051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:54:32.933470 3.372758 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 10 4732 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:40.121769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:54:41.960348 0.204246 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 2 1156 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:47.588097 3.052438 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 9 5202 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:53.106688 4.479953 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 17 8254 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:54:56.124744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:54:58.393366 2.478282 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 8 3236 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:55:04.286897 4.976804 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 12 7276 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:55:10.147291 4.907973 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 9 4678 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:55:14.735632 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 05:55:15.959787 4.199809 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 19 9410 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:55:23.747177 4.733659 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 25 14914 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:55:28.130701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 05:55:30.827979 3.481662 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 7 3094 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:55:40.132859 4.471479 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 17 8254 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:55:47.025975 4.328299 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 9 2722 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:55:53.747057 2.394009 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 7 3906 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:55:59.687132 4.165051 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 14 5420 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:56:07.026937 4.193833 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 21 13238 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:56:12.365266 4.475467 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 19 12554 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:56:17.647396 4.701490 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 13 6990 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:56:23.227336 4.759118 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 12 5364 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:56:29.153453 4.819814 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 8 5148 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:56:31.732461 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 05:56:34.175806 4.336170 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 23 10674 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:56:39.352692 1.432539 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 8 5148 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:56:52.812406 4.946706 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 10 6316 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:56:57.959858 1.872943 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 7 4046 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:03.280234 4.605389 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 20 9452 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:10.325392 4.894073 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 7 3010 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:15.424906 4.236174 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 15 6574 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:20.505888 4.133532 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 22 10096 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:30.272795 4.359893 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 12 5364 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:36.925987 4.596689 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 17 8254 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:37.226462 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 05:57:42.359130 2.479606 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 12 6412 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:47.766212 4.598675 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 9 5202 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:53.432367 3.462252 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 24 10728 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:57:58.864550 4.860086 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 18 9936 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:04.558374 4.524254 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 30 18388 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:09.818155 3.514472 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 18 9880 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:15.379089 4.992556 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 11 7930 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:20.568832 4.576348 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 8 3576 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:26.051466 3.490261 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 13 6466 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:31.805700 4.899749 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 10 4732 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:36.902092 4.202780 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 12 5212 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:39.726384 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 05:58:44.379037 2.246181 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 11 6510 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:50.185137 0.396596 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 4 2312 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:58:56.004700 4.601350 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 18 7260 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:59:01.425112 2.986665 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 8 3576 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:59:07.490663 3.348242 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 14 5996 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:59:14.545271 4.797746 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 A_PA 0 0 14 8616 flow=From-Botnet-V1-TCP-Established 1970/02/05 05:59:19.911086 1.535166 tcp 10.0.2.109 52622 -> 116.203.239.246 1467 FPA_* 0 0 8 1180 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:01:55.150481 3.001040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 06:02:02.157446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:02:10.159072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:02:26.161735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:02:58.167829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:09:21.182066 3.000868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 06:09:28.188524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:09:36.190401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:09:52.193255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:10:24.199693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:16:28.205304 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 06:16:35.215597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:16:43.214094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:16:59.217150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:17:31.227036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:21:03.349951 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:21:03.350098 0.613503 tcp 10.0.2.109 52623 -> 188.129.248.221 6410 FSPA* 0 0 14 1628 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:21:44.257058 0.000000 udp 10.0.2.109 3683 -> 217.35.89.25 3889 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:21:49.223946 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:22:01.974423 0.126214 tcp 10.0.2.109 52624 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:22:02.100917 0.054018 tcp 10.0.2.109 52625 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:22:02.155191 0.251110 tcp 10.0.2.109 52626 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:22:02.406938 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:22:20.549723 0.053334 tcp 10.0.2.109 52627 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:22:20.603326 0.052658 tcp 10.0.2.109 52628 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:22:20.656374 0.168715 tcp 10.0.2.109 52629 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:22:20.825369 0.143642 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:20.969446 0.046453 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:21.016327 0.051403 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:21.068178 0.170938 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:21.239521 0.045509 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:21.285484 0.342776 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:21.628643 0.177900 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:21.806955 0.138662 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:21.946042 0.163762 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:22.110371 0.054617 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:22.165448 0.085155 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:22.250996 0.160572 rtcp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:22.411905 0.068275 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:22.480597 0.152466 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:22.633437 0.310953 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:22.944830 0.349615 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:23.294896 0.343094 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:23.638411 0.354995 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:23.993768 0.000000 udp 10.0.2.109 3683 -> 118.9.122.42 3402 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:22:42.471446 0.058066 tcp 10.0.2.109 52630 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:22:42.529809 0.055001 tcp 10.0.2.109 52631 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:22:42.585149 0.160695 tcp 10.0.2.109 52632 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:22:42.746407 0.063859 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:42.810646 0.366524 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:43.177617 0.381383 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:22:43.559359 0.000000 udp 10.0.2.109 3683 -> 116.203.239.246 8602 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:23:02.279864 0.051980 tcp 10.0.2.109 52633 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:23:02.332108 0.086847 tcp 10.0.2.109 52634 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:23:02.419359 0.166613 tcp 10.0.2.109 52635 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:23:02.633669 0.000000 udp 10.0.2.109 3683 -> 118.9.122.42 3402 REQ 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:23:11.122241 0.000000 udp 10.0.2.109 3683 -> 116.203.239.246 8602 REQ 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:23:17.771429 0.164464 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 680 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:17.936361 0.044767 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 786 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:17.981695 0.342768 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 681 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:18.325030 0.178357 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 685 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:18.503832 0.042468 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 698 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:18.546737 0.047190 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 747 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:18.594486 0.144205 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 720 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:18.739133 0.054746 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 775 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:18.794381 0.077161 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 845 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:18.872063 0.170194 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:19.042768 0.072870 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 730 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:19.116089 0.152756 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:19.269408 0.310489 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 697 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:19.580434 0.183518 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 849 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:19.764459 0.860612 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 852 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:20.625548 0.354049 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 753 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:20.980049 0.339649 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 663 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:21.320242 0.355347 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 807 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:21.676023 0.385810 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:22.062428 0.365458 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:22.428514 0.058614 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 764 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:23:22.487808 0.000000 udp 10.0.2.109 3683 -> 83.52.123.30 1605 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:23:27.485553 0.000000 udp 10.0.2.109 3683 -> 99.228.230.225 8319 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:23:34.385391 0.000000 udp 10.0.2.109 3683 -> 64.72.187.96 5454 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:23:35.230021 3.000808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 06:23:39.472631 0.000000 udp 10.0.2.109 3683 -> 84.82.18.31 8583 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:23:42.236496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:23:47.334213 0.000000 udp 10.0.2.109 3683 -> 199.255.216.240 8376 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:23:50.238302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:23:52.231067 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:23:53.092357 0.000000 udp 10.0.2.109 3683 -> 24.189.223.150 6075 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:24:00.562746 0.000000 udp 10.0.2.109 3683 -> 77.103.187.236 2591 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:24:06.241389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:24:06.381371 0.000000 udp 10.0.2.109 3683 -> 77.10.247.45 3056 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:24:12.900844 0.000000 udp 10.0.2.109 3683 -> 200.88.99.25 5151 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:24:18.819327 0.000000 udp 10.0.2.109 3683 -> 109.155.69.175 7533 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:24:24.036160 0.000000 udp 10.0.2.109 3683 -> 92.98.54.189 1540 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:24:31.757892 0.107532 udp 10.0.2.109 3683 -> 78.14.195.188 7760 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:24:31.865424 0.000000 icmp 78.14.195.188 0x0303 -> 10.0.2.109 0x501e URP 192 1 264 flow=Background 1970/02/05 06:24:36.724908 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:24:38.246906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:24:40.490534 0.000000 udp 10.0.2.109 3683 -> 110.142.128.245 3517 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:24:49.172759 0.000000 udp 10.0.2.109 3683 -> 222.167.170.91 8540 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:24:55.952323 0.000000 udp 10.0.2.109 3683 -> 81.159.39.241 5649 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:25:03.393266 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:25:10.243362 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:25:16.212067 0.048961 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 770 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:25:16.271217 0.049579 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:25:16.320796 0.000000 icmp 87.138.128.192 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 290 flow=Background 1970/02/05 06:25:21.228826 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:25:22.360854 0.000000 udp 10.0.2.109 3683 -> 95.254.205.218 6381 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:25:30.433792 0.000000 udp 10.0.2.109 3683 -> 75.109.189.157 7538 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:25:36.361126 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:25:43.140892 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:25:50.581166 0.000000 udp 10.0.2.109 3683 -> 59.90.170.53 2693 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:25:55.908722 0.056746 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 848 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:25:56.226951 0.000000 udp 10.0.2.109 3683 -> 79.5.50.198 6806 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:26:03.189264 0.000000 udp 10.0.2.109 3683 -> 173.183.147.91 3806 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:26:07.725307 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:26:08.857535 0.000000 udp 10.0.2.109 3683 -> 91.39.97.181 9714 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:26:16.398733 0.000000 udp 10.0.2.109 3683 -> 188.216.124.128 5191 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:26:24.199887 0.000000 udp 10.0.2.109 3683 -> 108.223.202.160 3023 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:26:30.608148 0.054038 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:26:30.682263 0.000000 udp 10.0.2.109 3683 -> 78.174.67.81 3851 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:26:36.497190 0.054499 udp 10.0.2.109 3683 <-> 87.153.127.41 4545 CON 0 0 2 775 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:26:36.594020 0.000000 udp 10.0.2.109 3683 -> 77.92.231.157 4539 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:26:43.837722 0.000000 udp 10.0.2.109 3683 -> 81.136.211.210 1862 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:26:51.759295 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:26:56.725547 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:27:00.551728 0.000000 udp 10.0.2.109 3683 -> 79.38.212.8 1959 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:27:06.850826 0.000000 udp 10.0.2.109 3683 -> 82.80.253.232 3340 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:27:14.952615 0.100264 udp 10.0.2.109 3683 <-> 2.40.150.222 6895 CON 0 0 2 768 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:27:15.139960 0.000000 udp 10.0.2.109 3683 -> 93.144.87.129 6895 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:27:22.012783 0.055777 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 664 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:27:22.093126 0.000000 udp 10.0.2.109 3683 -> 95.224.235.105 1816 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:27:30.765224 0.000000 udp 10.0.2.109 3683 -> 74.218.32.44 1243 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:27:36.723759 0.000000 udp 10.0.2.109 3683 -> 93.199.177.50 5277 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:27:41.730684 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:27:43.193649 0.000000 udp 10.0.2.109 3683 -> 90.222.14.53 4256 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:27:50.703552 0.000000 udp 10.0.2.109 3683 -> 85.18.36.49 7658 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:27:57.944294 0.000000 udp 10.0.2.109 3683 -> 196.41.234.130 4795 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:28:04.686809 0.000000 udp 10.0.2.109 3683 -> 46.47.117.33 5808 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:28:10.041877 0.000000 udp 10.0.2.109 3683 -> 65.75.17.94 7203 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:28:16.284431 0.000000 udp 10.0.2.109 3683 -> 83.66.45.40 2322 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:28:24.162302 0.048812 udp 10.0.2.109 3683 -> 89.233.95.253 2531 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:28:24.211114 0.000000 icmp 89.233.95.253 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 257 flow=Background 1970/02/05 06:28:28.732998 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:28:30.443119 0.042135 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 820 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:28:30.553417 0.000000 udp 10.0.2.109 3683 -> 109.255.143.38 1551 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:28:36.961130 0.000000 udp 10.0.2.109 3683 -> 88.207.224.30 1012 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:28:44.791662 0.044746 udp 10.0.2.109 3683 <-> 62.194.180.63 5891 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:28:45.010052 0.073018 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 697 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:28:45.125839 0.000000 udp 10.0.2.109 3683 -> 79.211.201.104 5832 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:28:50.279466 0.000000 udp 10.0.2.109 3683 -> 131.191.38.85 5603 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:28:55.306933 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:29:02.036586 0.000000 udp 10.0.2.109 3683 -> 80.123.180.22 2706 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:29:08.675987 0.000000 udp 10.0.2.109 3683 -> 98.66.55.57 1355 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:29:13.232337 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:29:16.307790 0.000000 udp 10.0.2.109 3683 -> 41.182.200.56 8739 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:29:23.377205 0.000000 udp 10.0.2.109 3683 -> 93.192.178.76 6589 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:29:30.136767 0.000000 udp 10.0.2.109 3683 -> 2.40.175.47 5298 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:29:37.006953 0.000000 udp 10.0.2.109 3683 -> 94.86.169.242 4073 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:29:44.447296 0.000000 udp 10.0.2.109 3683 -> 46.49.11.252 6051 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:29:50.906133 0.047250 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:29:51.087599 0.056521 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:29:51.177171 0.184681 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:29:51.385369 0.000000 udp 10.0.2.109 3683 -> 95.232.71.66 8998 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:29:57.636375 0.000000 udp 10.0.2.109 3683 -> 79.33.144.191 1133 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:30:02.222928 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:30:03.424898 0.000000 udp 10.0.2.109 3683 -> 176.221.10.118 1106 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:30:12.097666 0.000000 udp 10.0.2.109 3683 -> 83.149.162.215 9909 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:30:18.566042 0.000000 udp 10.0.2.109 3683 -> 90.80.103.153 2437 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:30:24.354849 0.000000 udp 10.0.2.109 3683 -> 88.244.139.99 4553 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:30:31.815959 0.000000 udp 10.0.2.109 3683 -> 84.142.106.107 5459 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:30:36.947713 0.000000 udp 10.0.2.109 3683 -> 213.123.168.215 5418 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:30:42.254018 3.002828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 06:30:45.646079 0.000000 udp 10.0.2.109 3683 -> 82.89.51.212 5501 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:30:49.266395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:30:50.235037 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:30:51.794073 0.000000 udp 10.0.2.109 3683 -> 2.50.4.76 6505 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:30:57.262006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:30:59.188779 0.000000 udp 10.0.2.109 3683 -> 177.131.145.92 2622 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:31:07.276046 0.000000 udp 10.0.2.109 3683 -> 93.36.128.162 4904 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:31:12.764324 0.071629 udp 10.0.2.109 3683 <-> 94.66.51.9 2798 CON 0 0 2 839 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:31:12.872555 0.065401 udp 10.0.2.109 3683 <-> 95.104.11.11 3537 CON 0 0 2 771 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:31:12.968907 0.000000 udp 10.0.2.109 3683 -> 173.44.81.220 4085 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:31:13.265037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:31:21.647241 0.216674 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:31:22.033407 0.000000 udp 10.0.2.109 3683 -> 71.70.171.156 9727 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:31:29.237994 0.149880 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:31:29.408395 0.000000 udp 10.0.2.109 3683 -> 115.87.110.27 9385 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:31:37.580228 0.000000 udp 10.0.2.109 3683 -> 81.109.147.18 3206 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:31:42.226408 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:31:43.147759 0.000000 udp 10.0.2.109 3683 -> 81.96.11.251 3277 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:31:45.271375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:31:49.306740 0.000000 udp 10.0.2.109 3683 -> 81.166.169.201 2562 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:31:57.739204 0.000000 udp 10.0.2.109 3683 -> 2.39.216.161 8589 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:32:06.511957 0.000000 udp 10.0.2.109 3683 -> 108.90.104.87 5412 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:32:13.611667 0.000000 udp 10.0.2.109 3683 -> 203.122.224.55 7639 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:32:20.782314 0.000000 udp 10.0.2.109 3683 -> 91.177.7.3 9438 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:32:28.483253 2.655699 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 827 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:32:31.160304 0.000000 udp 10.0.2.109 3683 -> 72.213.223.145 4255 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:32:33.229832 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:32:38.577804 0.000000 udp 10.0.2.109 3683 -> 79.5.189.193 9556 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:32:47.010013 0.000000 udp 10.0.2.109 3683 -> 79.4.136.148 7000 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:32:52.708730 0.000000 udp 10.0.2.109 3683 -> 186.104.34.231 4165 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:33:01.661085 0.145741 udp 10.0.2.109 3683 <-> 184.74.92.132 3561 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:33:01.913273 0.000000 udp 10.0.2.109 3683 -> 92.237.154.26 3778 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:33:10.063220 0.000000 udp 10.0.2.109 3683 -> 75.66.184.240 1711 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:33:17.343584 0.000000 udp 10.0.2.109 3683 -> 69.249.107.81 8891 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:33:22.230574 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:33:23.524274 0.000000 udp 10.0.2.109 3683 -> 70.66.73.233 7402 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:33:32.065113 0.000000 udp 10.0.2.109 3683 -> 94.127.208.81 6008 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:33:37.762283 0.000000 udp 10.0.2.109 3683 -> 85.75.4.62 3162 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:33:43.150796 0.000000 udp 10.0.2.109 3683 -> 79.29.236.41 1096 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:33:50.601441 0.000000 udp 10.0.2.109 3683 -> 162.201.34.32 4031 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:33:57.651485 0.000000 udp 10.0.2.109 3683 -> 2.231.206.2 7726 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:34:06.634346 0.000000 udp 10.0.2.109 3683 -> 24.123.217.17 5385 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:34:11.230641 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:34:12.483130 0.000000 udp 10.0.2.109 3683 -> 194.228.209.133 3728 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:34:17.840656 0.000000 udp 10.0.2.109 3683 -> 79.5.198.85 6688 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:34:23.508989 0.000000 udp 10.0.2.109 3683 -> 85.189.92.183 4145 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:34:29.647757 0.000000 udp 10.0.2.109 3683 -> 66.49.56.148 4961 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:34:38.560230 0.000000 udp 10.0.2.109 3683 -> 79.46.54.10 8156 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:34:47.072515 0.198605 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 830 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:34:47.329540 0.000000 udp 10.0.2.109 3683 -> 24.107.135.112 2326 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:34:52.680804 0.320221 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:34:53.111739 0.000000 udp 10.0.2.109 3683 -> 124.97.221.201 2610 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:34:57.226847 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:34:59.290324 0.205393 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 745 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:34:59.736708 0.000000 udp 10.0.2.109 3683 -> 130.25.151.79 2362 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:35:06.941044 0.159668 udp 10.0.2.109 3683 <-> 71.13.33.63 1717 CON 0 0 2 750 flow=From-Botnet-V1-UDP-Established 1970/02/05 06:35:07.348844 0.000000 udp 10.0.2.109 3683 -> 97.68.43.71 6850 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:35:14.922290 0.000000 udp 10.0.2.109 3683 -> 85.124.198.201 8825 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:35:21.121410 0.000000 udp 10.0.2.109 3683 -> 71.76.242.49 4122 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 06:37:49.277551 3.001166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 06:37:56.284624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:38:04.285972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:38:20.288937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:38:52.295197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:44:56.300818 3.001853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 06:45:03.308430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:45:11.318753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:45:27.314610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:45:59.318979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:51:03.967760 0.000236 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 06:51:03.968106 0.661277 tcp 10.0.2.109 52636 -> 188.129.248.221 6410 FSPA* 0 0 14 1584 flow=From-Botnet-V1-TCP-Established 1970/02/05 06:54:07.338312 3.000007 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 06:54:14.340931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:54:22.370868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:54:38.355074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 06:55:10.361310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:01:24.371698 3.001427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 07:01:31.379002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:01:39.380832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:01:55.383638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:02:27.389611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:05:30.823591 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 07:05:30.823687 0.044829 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:30.868927 0.242716 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:31.112080 0.384825 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:31.497316 0.178520 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:31.676288 0.055332 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:31.732035 0.046395 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:31.778864 0.142881 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:31.922278 0.055754 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:31.978444 0.088675 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:32.067519 0.309691 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:32.377586 0.138444 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:32.516474 0.163431 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:32.680271 0.074688 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:32.755409 0.153814 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:32.909612 0.481307 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:33.391352 0.323134 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:33.714926 0.350075 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:34.065459 0.336848 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:34.402735 0.390930 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:34.794031 0.367932 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:35.162358 0.086563 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:05:35.249359 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 07:05:52.045985 0.054495 tcp 10.0.2.109 52637 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:05:52.100740 0.054219 tcp 10.0.2.109 52638 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:05:52.155240 0.154024 tcp 10.0.2.109 52639 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:05:52.309751 0.000000 udp 10.0.2.109 3683 -> 5.178.177.20 7491 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 07:06:07.727372 0.051640 tcp 10.0.2.109 52640 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:06:07.779363 0.054214 tcp 10.0.2.109 52641 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:06:07.833835 0.149356 tcp 10.0.2.109 52642 -> 195.113.214.211 443 SRPA* 0 0 15 5508 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:06:07.983992 0.054913 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:08.039343 0.000000 udp 10.0.2.109 3683 -> 87.153.127.41 4545 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 07:06:26.333664 0.052065 tcp 10.0.2.109 52643 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:06:26.386121 0.055424 tcp 10.0.2.109 52644 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:06:26.442225 0.188507 tcp 10.0.2.109 52645 -> 195.113.214.211 443 SRPA* 0 0 40 21958 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:06:26.631244 0.094282 udp 10.0.2.109 3683 <-> 2.40.150.222 6895 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:26.726004 0.055439 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:26.781913 0.612014 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:27.394315 0.044631 udp 10.0.2.109 3683 <-> 62.194.180.63 5891 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:27.439399 0.058818 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:27.498579 0.054599 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:27.553593 0.041619 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:27.595610 0.176259 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:27.772289 0.000000 udp 10.0.2.109 3683 -> 94.66.51.9 2798 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 07:06:43.238286 0.052792 tcp 10.0.2.109 52646 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:06:43.291328 0.057858 tcp 10.0.2.109 52647 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:06:43.349549 0.149680 tcp 10.0.2.109 52648 -> 195.113.214.211 443 SRPA* 0 0 42 22454 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:06:43.499832 0.055679 udp 10.0.2.109 3683 <-> 95.104.11.11 3537 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:43.555919 0.206964 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:43.763262 0.145934 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:43.909604 0.444044 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:44.354092 0.146566 udp 10.0.2.109 3683 <-> 184.74.92.132 3561 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:44.501057 0.194499 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:44.696035 0.319740 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:45.016187 0.199885 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:06:45.216467 0.159075 udp 10.0.2.109 3683 <-> 71.13.33.63 1717 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:08:55.401226 3.000416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 07:09:02.407427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:09:10.409169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:09:26.412127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:09:58.417966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:16:02.425146 3.024644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 07:16:09.441607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:16:17.442813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:16:33.445959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:17:05.451933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:21:04.636750 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 07:21:04.637006 0.655960 tcp 10.0.2.109 52649 -> 188.129.248.221 6410 FSPA* 0 0 14 1563 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:23:09.458450 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 07:23:16.465514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:23:24.466749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:23:40.469866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:24:12.475897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:30:16.482569 3.001080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 07:30:23.489597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:30:31.490963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:30:47.493995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:31:19.500001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:36:54.221497 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 07:36:54.221659 0.048094 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:36:54.270287 0.055290 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:36:54.326060 0.000000 udp 10.0.2.109 3683 -> 87.153.127.41 4545 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 07:37:10.897624 0.053646 tcp 10.0.2.109 52650 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:37:10.951609 0.058070 tcp 10.0.2.109 52651 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:37:11.009936 0.198226 tcp 10.0.2.109 52652 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:37:11.208733 0.000000 udp 10.0.2.109 3683 -> 94.66.51.9 2798 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 07:37:23.505989 3.001570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 07:37:27.910097 0.053319 tcp 10.0.2.109 52653 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:37:27.963757 0.056360 tcp 10.0.2.109 52654 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:37:28.020494 0.157429 tcp 10.0.2.109 52655 -> 195.113.214.211 443 SRPA* 0 0 41 35374 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:37:28.178673 0.053100 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:28.232190 0.044938 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:28.277561 0.171184 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:28.449134 0.445222 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:28.894814 0.177424 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:29.072670 0.051888 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:29.124940 0.138491 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:29.263852 0.168422 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:29.432720 0.072853 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:29.505968 0.056391 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:29.562719 0.091105 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:29.654237 0.310542 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:29.965208 0.144098 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:30.109739 0.081433 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:30.191628 0.153200 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:30.345242 0.363447 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:30.513411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:37:30.709053 0.338894 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:31.048357 0.352554 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:31.401351 0.456271 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:31.858027 0.072503 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:31.930975 0.366195 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:32.297520 0.053970 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:32.351887 0.000000 udp 10.0.2.109 3683 -> 2.40.150.222 6895 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 07:37:38.514903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:37:47.888785 0.053015 tcp 10.0.2.109 52656 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:37:47.942159 0.108728 tcp 10.0.2.109 52657 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:37:48.051229 0.153164 tcp 10.0.2.109 52658 -> 195.113.214.211 443 SRPA* 0 0 52 41946 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:37:48.204983 0.055800 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:48.261187 0.060059 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:48.321698 0.054777 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:48.376871 0.040452 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:48.417809 0.000000 udp 10.0.2.109 3683 -> 76.242.179.0 5757 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 07:37:54.517969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:37:54.648064 0.000000 udp 10.0.2.109 3683 <- 76.242.179.0 5757 RSP 0 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 07:37:54.648450 0.999753 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:55.648608 0.045395 udp 10.0.2.109 3683 <-> 62.194.180.63 5891 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:55.694392 0.056311 udp 10.0.2.109 3683 <-> 95.104.11.11 3537 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:55.751033 0.529602 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:56.281056 0.154544 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:56.436144 0.072907 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:56.509460 0.148333 udp 10.0.2.109 3683 <-> 184.74.92.132 3561 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:56.658374 0.198266 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:56.857058 0.170588 udp 10.0.2.109 3683 <-> 71.13.33.63 1717 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:57.028063 0.199830 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:37:57.228266 0.325849 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/05 07:38:26.524062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:44:30.530528 3.001075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 07:44:37.537322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:44:45.538874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:45:01.541807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:45:33.547793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:51:05.295735 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 07:51:05.295911 0.725389 tcp 10.0.2.109 52659 -> 188.129.248.221 6410 FSPA* 0 0 14 1512 flow=From-Botnet-V1-TCP-Established 1970/02/05 07:53:53.558825 3.001995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 07:54:00.566818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:54:08.568517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:54:24.571537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 07:54:56.576791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:01:00.583860 3.000739 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 08:01:07.591270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:01:15.592457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:01:31.595654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:02:03.601256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:07:58.872099 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 08:07:58.872309 0.091783 udp 10.0.2.109 3683 <-> 2.40.150.222 6895 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:07:58.964525 0.052685 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:07:59.017622 0.056176 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:07:59.074205 0.172152 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:07:59.246743 0.418895 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:07:59.666156 0.046321 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:07:59.712859 0.045201 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:07:59.758492 0.137575 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:07:59.896554 0.163859 rtcp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:00.060852 0.068149 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:00.129401 0.051679 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:00.181438 0.181864 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:00.363761 0.091876 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:00.456067 0.066831 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:00.523290 0.267666 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:00.791338 0.155403 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:00.947168 0.351589 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:01.299174 0.309224 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:01.608828 0.143775 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:01.753025 0.387807 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:02.141219 0.070625 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:02.212211 0.342966 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:02.555554 0.352817 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:02.908732 0.054952 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:02.964077 0.372570 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:03.337008 0.064059 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:03.401557 0.040775 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:03.442757 0.055957 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:03.499080 0.059842 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:03.559348 0.178106 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:03.737844 0.297494 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:04.035690 0.046734 udp 10.0.2.109 3683 <-> 62.194.180.63 5891 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:04.082803 0.066005 udp 10.0.2.109 3683 <-> 95.104.11.11 3537 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:04.149158 0.083727 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:04.233247 0.000000 udp 10.0.2.109 3683 -> 184.74.92.132 3561 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 08:08:20.144555 0.053988 tcp 10.0.2.109 52660 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:08:20.198785 0.127012 tcp 10.0.2.109 52661 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:08:20.326163 0.165751 tcp 10.0.2.109 52662 -> 195.113.214.211 443 SRPA* 0 0 50 33668 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:08:20.492601 0.198272 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:20.723164 0.213672 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:20.937240 0.149395 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:21.087068 0.340738 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:21.428255 0.000000 udp 10.0.2.109 3683 -> 71.13.33.63 1717 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 08:08:26.615215 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 08:08:33.621934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:08:40.101825 0.049448 tcp 10.0.2.109 52663 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:08:40.151614 0.049732 tcp 10.0.2.109 52664 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:08:40.201607 0.146277 tcp 10.0.2.109 52665 -> 195.113.214.211 443 SRPA* 0 0 23 14562 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:08:40.348399 0.194603 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:08:41.623808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:08:57.626657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:09:29.632554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:15:43.645578 2.999042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 08:15:50.650661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:15:58.651801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:16:14.654988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:16:46.661180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:21:06.024274 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 08:21:06.024373 0.531061 tcp 10.0.2.109 52666 -> 188.129.248.221 6410 FSPA* 0 0 14 1656 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:22:54.673619 3.000542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 08:23:01.700194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:23:09.701748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:23:25.704661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:23:57.710755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:30:01.716850 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 08:30:08.723625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:30:16.725712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:30:32.728992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:31:04.734234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:37:08.740690 3.002073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 08:37:15.748244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:37:23.749671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:37:39.752431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:38:11.758832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:39:02.329240 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 08:39:02.329362 0.000000 udp 10.0.2.109 3683 -> 184.74.92.132 3561 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 08:39:19.907926 0.053579 tcp 10.0.2.109 52667 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:39:19.961782 0.075940 tcp 10.0.2.109 52668 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:39:20.038063 0.153705 tcp 10.0.2.109 52669 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:39:20.192302 0.158270 udp 10.0.2.109 3683 <-> 71.13.33.63 1717 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:20.350988 0.165295 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:20.516660 0.459739 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:20.976815 0.044995 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:21.022264 0.045370 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:21.068073 0.079908 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:21.148366 0.046572 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:21.195317 0.000000 udp 10.0.2.109 3683 -> 2.40.150.222 6895 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 08:39:39.314956 0.052538 tcp 10.0.2.109 52670 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:39:39.367752 0.054000 tcp 10.0.2.109 52671 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:39:39.422018 0.166177 tcp 10.0.2.109 52672 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:39:39.588401 0.069264 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:39.658023 0.053058 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:39.711453 0.179663 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:39.891472 0.171231 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:40.063116 0.077476 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:40.141017 0.530713 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:40.672130 0.156087 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:40.828595 0.347285 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:41.176269 0.143050 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:41.319754 0.860466 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:42.180640 0.065804 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:42.246836 0.335182 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:42.582510 0.309158 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:42.892065 0.385867 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:43.278593 0.144069 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:43.423049 0.364162 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:43.787633 0.084593 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:43.872611 0.040893 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:43.913935 0.077499 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:43.991818 0.058762 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:44.051063 0.179782 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:39:44.231294 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 08:40:00.655849 0.053770 tcp 10.0.2.109 52673 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:40:00.709945 0.055360 tcp 10.0.2.109 52674 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:40:00.765627 0.152113 tcp 10.0.2.109 52675 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:40:00.918558 0.043209 udp 10.0.2.109 3683 <-> 62.194.180.63 5891 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:40:00.962211 0.082731 udp 10.0.2.109 3683 <-> 95.104.11.11 3537 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:40:01.045348 0.082565 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:40:01.128321 0.070089 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:40:01.198741 0.355904 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:40:01.555068 0.332454 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:40:01.887927 0.199052 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:40:02.087400 0.213607 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:40:02.301394 0.140550 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:40:02.442532 0.193385 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/05 08:44:15.765802 3.014269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 08:44:22.781957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:44:30.783012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:44:46.786134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:45:18.792279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:51:06.563297 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 08:51:06.563397 0.641102 tcp 10.0.2.109 52676 -> 188.129.248.221 6410 FSPA* 0 0 14 1528 flow=From-Botnet-V1-TCP-Established 1970/02/05 08:53:42.800112 3.000872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 08:53:49.807274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:53:57.808815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:54:13.811856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 08:54:45.818058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:00:49.823031 3.002511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 09:00:56.831395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:01:04.832632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:01:20.836272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:01:52.841953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:08:05.860448 3.002211 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 09:08:12.868413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:08:20.869580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:08:36.872748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:09:08.878395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:10:31.437779 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 09:10:31.437870 0.000000 udp 10.0.2.109 3683 -> 2.40.150.222 6895 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 09:10:49.235306 0.052384 tcp 10.0.2.109 52677 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:10:49.288041 0.052679 tcp 10.0.2.109 52678 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:10:49.341055 0.155722 tcp 10.0.2.109 52679 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:10:49.497354 0.043414 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:49.541195 0.166195 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:49.707745 0.157804 udp 10.0.2.109 3683 <-> 71.13.33.63 1717 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:49.865953 0.059252 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:49.925603 0.042405 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:49.968378 0.045871 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:50.014644 0.357505 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:50.372533 0.045303 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:50.418337 0.178417 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:50.597184 0.064467 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:50.662022 0.068988 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:50.731430 0.079830 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:50.811703 0.163227 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:50.975390 0.163579 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:51.139333 0.067699 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:51.207401 0.345434 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:51.553232 0.137432 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:51.691069 0.333137 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:52.024572 0.308629 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:52.333573 0.083880 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:52.417864 0.624382 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:53.042685 0.069063 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:53.112198 1.498850 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:54.611465 0.387099 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:54.999015 0.141936 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:55.141407 0.366124 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:55.507877 0.060634 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:55.568957 0.066977 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:55.636379 0.177870 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:55.814665 0.043885 udp 10.0.2.109 3683 <-> 62.194.180.63 5891 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:55.858961 0.066246 udp 10.0.2.109 3683 <-> 95.104.11.11 3537 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:55.925620 0.082671 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:56.008682 0.054104 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:56.063203 0.362647 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:56.426262 0.327176 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:56.753898 0.154687 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:56.909027 0.194651 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:57.104066 0.199912 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:10:57.304412 0.214727 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:15:23.890867 3.001253 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 09:15:30.897728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:15:38.899443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:15:54.902699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:16:26.909524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:21:07.212543 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 09:21:07.212661 1.020594 tcp 10.0.2.109 52680 -> 188.129.248.221 6410 FSPA* 0 0 14 1610 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:22:32.917543 3.001496 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 09:22:39.981313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:22:47.936117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:23:03.939258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:23:35.945293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:29:39.952478 3.000558 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 09:29:46.958680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:29:54.960564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:30:10.963383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:30:42.969382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:36:46.976220 3.000870 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 09:36:53.982970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:37:01.984437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:37:17.987210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:37:49.993246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:41:10.772460 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 09:41:10.772570 0.718113 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:11.491078 0.168164 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:11.659675 0.000000 udp 10.0.2.109 3683 -> 71.13.33.63 1717 INT 0 1 94 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 09:41:29.030168 0.053966 tcp 10.0.2.109 52681 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:41:29.084445 0.053568 tcp 10.0.2.109 52682 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:41:29.138259 0.269542 tcp 10.0.2.109 52683 -> 195.113.214.211 443 SRPA* 0 0 42 37026 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:41:29.408491 0.090777 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:29.499626 0.047482 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:29.547527 0.045074 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:29.593011 0.429569 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:30.023013 0.045450 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:30.068871 0.182142 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:30.251460 0.054295 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:30.306324 0.068179 udp 10.0.2.109 3683 <-> 217.83.151.140 5333 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:30.374877 0.074380 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:30.449700 0.152525 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:30.602624 0.166738 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:30.769735 0.107328 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:30.877501 0.345358 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:31.223224 0.136722 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:31.360292 0.338972 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:31.699623 0.307599 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:32.007600 0.071332 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:32.079347 0.857426 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:32.937189 0.125467 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:33.063029 0.144517 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:33.207970 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 09:41:51.535260 0.056290 tcp 10.0.2.109 52684 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:41:51.591927 0.052862 tcp 10.0.2.109 52685 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:41:51.645100 0.153236 tcp 10.0.2.109 52686 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:41:51.798871 0.393913 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:52.193252 0.704154 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:52.897805 0.056703 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:52.954962 0.099046 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:53.054471 0.180078 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:53.234987 0.044183 udp 10.0.2.109 3683 <-> 62.194.180.63 5891 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:53.279626 0.116006 udp 10.0.2.109 3683 <-> 95.104.11.11 3537 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:53.396049 0.084764 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:53.481266 0.088801 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:53.570547 0.324449 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:53.895371 0.325903 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:54.221702 0.141234 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:54.363300 0.207845 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:54.571543 0.193968 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:41:54.765921 0.197733 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/05 09:43:53.999415 3.001750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 09:44:01.006878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:44:09.008333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:44:25.016605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:44:57.017261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:51:01.022923 3.002254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 09:51:08.030813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:51:08.241643 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 09:51:08.241744 0.612389 tcp 10.0.2.109 52687 -> 188.129.248.221 6410 FSPA* 0 0 14 1564 flow=From-Botnet-V1-TCP-Established 1970/02/05 09:51:16.032320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:51:32.035394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:52:04.041700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:58:08.048597 3.000646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 09:58:15.054847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:58:23.056554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:58:39.059244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 09:59:11.065278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:05:40.077840 3.001171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 10:05:47.084921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:05:55.086006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:06:11.089249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:06:43.095830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:12:07.561949 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 10:12:07.562123 0.160500 udp 10.0.2.109 3683 <-> 71.13.33.63 1717 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:07.723080 0.041094 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:07.764614 0.041072 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:07.806228 0.165175 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:07.971882 0.000000 udp 10.0.2.109 3683 -> 5.178.177.20 7491 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 10:12:25.749855 0.050032 tcp 10.0.2.109 52688 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:12:25.800178 0.050161 tcp 10.0.2.109 52689 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:12:25.850593 0.151166 tcp 10.0.2.109 52690 -> 195.113.214.211 443 SRPA* 0 0 40 34544 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:12:26.002356 0.124484 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:26.127238 0.046216 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:26.173831 0.183482 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:26.357717 0.056584 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:26.414691 0.000000 udp 10.0.2.109 3683 -> 217.83.151.140 5333 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 10:12:43.964725 0.050045 tcp 10.0.2.109 52691 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:12:44.015015 0.052893 tcp 10.0.2.109 52692 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:12:44.068180 0.167554 tcp 10.0.2.109 52693 -> 195.113.214.211 443 SRPA* 0 0 50 33812 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:12:44.236019 0.045520 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:44.281921 0.418574 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:44.700885 0.153763 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:44.855091 0.170224 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:45.025746 0.068512 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:45.094683 0.074379 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:45.169486 0.152315 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:45.322237 0.348082 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:45.670722 0.343552 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:46.014670 0.087935 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:46.103025 0.070116 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:46.173537 0.306848 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:46.480811 0.143852 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:46.625037 0.072983 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:46.698616 0.386849 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:47.085900 0.371252 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:47.101600 3.000759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 10:12:47.457553 0.058063 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:47.516065 0.069505 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:47.585957 0.181531 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:47.767920 0.042804 udp 10.0.2.109 3683 <-> 62.194.180.63 5891 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:12:47.811132 0.000000 udp 10.0.2.109 3683 -> 95.104.11.11 3537 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 10:12:54.108937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:13:02.110011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:13:03.392878 0.048937 tcp 10.0.2.109 52694 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:13:03.442252 0.065588 tcp 10.0.2.109 52695 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:13:03.508157 0.151173 tcp 10.0.2.109 52696 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:13:03.659850 0.083291 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:13:03.743524 0.054514 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:13:03.798618 0.332164 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:13:04.131211 0.217176 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:13:04.348799 0.193504 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:13:04.542740 0.318712 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:13:04.861820 0.143420 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:13:05.005655 0.201344 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:13:18.113330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:13:50.119294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:19:57.129317 3.027520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 10:20:04.147036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:20:12.148732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:20:28.151431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:21:00.157568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:21:08.860566 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 10:21:08.860768 0.698035 tcp 10.0.2.109 52697 -> 188.129.248.221 6410 FSPA* 0 0 14 1532 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:27:07.167653 3.108415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 10:27:14.246798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:27:22.186920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:27:38.190294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:28:10.196217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:34:14.201916 3.001670 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 10:34:21.209254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:34:29.210618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:34:45.213825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:35:17.219625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:41:21.225848 3.001864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 10:41:28.233225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:41:36.234668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:41:52.237609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:42:24.243883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:43:33.183340 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 10:43:33.183497 0.000000 udp 10.0.2.109 3683 -> 5.178.177.20 7491 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 10:43:52.002039 0.054121 tcp 10.0.2.109 52698 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:43:52.056482 0.053131 tcp 10.0.2.109 52699 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:43:52.109924 0.147352 tcp 10.0.2.109 52700 -> 195.113.214.211 443 SRPA* 0 0 42 33424 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:43:52.258037 0.000000 udp 10.0.2.109 3683 -> 217.83.151.140 5333 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 10:44:08.925804 0.056220 tcp 10.0.2.109 52701 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:44:08.982464 0.053557 tcp 10.0.2.109 52702 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:44:09.036296 0.161444 tcp 10.0.2.109 52703 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:44:09.199134 0.000000 udp 10.0.2.109 3683 -> 95.104.11.11 3537 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 10:44:24.850106 0.052202 tcp 10.0.2.109 52704 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:44:24.902666 0.053057 tcp 10.0.2.109 52705 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:44:24.956039 0.140269 tcp 10.0.2.109 52706 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:44:25.096821 0.041015 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:25.138255 0.157599 udp 10.0.2.109 3683 <-> 71.13.33.63 1717 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:25.296269 0.166731 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:25.463479 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 10:44:40.793499 0.051996 tcp 10.0.2.109 52707 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:44:40.845840 0.054636 tcp 10.0.2.109 52708 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:44:40.900846 0.161649 tcp 10.0.2.109 52709 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:44:41.063143 0.183543 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:41.247076 0.050555 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:41.298252 0.042274 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:41.341052 0.055382 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:41.396828 0.152297 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:41.549540 0.162782 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:41.712780 0.068019 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:41.781194 0.626461 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:42.408071 0.392013 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:42.800472 0.046031 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:42.846936 0.355325 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:43.202653 0.084671 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:43.287772 0.066585 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:43.354740 0.344405 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:43.699505 0.136132 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:43.836059 0.088009 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:43.924478 0.389758 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:44.314645 0.374997 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:44.690093 0.308624 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:44.999060 0.143026 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:45.142486 0.181383 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:44:45.324307 0.000000 udp 10.0.2.109 3683 -> 62.194.180.63 5891 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 10:45:00.979836 0.053358 tcp 10.0.2.109 52710 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:45:01.033042 0.057308 tcp 10.0.2.109 52711 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:45:01.090642 0.146682 tcp 10.0.2.109 52712 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:45:01.237806 0.057086 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:45:01.295263 0.064609 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:45:01.360322 0.080517 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:45:01.441258 0.356478 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:45:01.798084 0.213522 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:45:02.012056 0.193543 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:45:02.206014 0.326450 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:45:02.532903 0.057118 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:45:02.590432 0.645653 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:45:03.236548 0.200432 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/05 10:48:28.249952 3.001312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 10:48:35.256970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:48:43.258743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:48:59.261729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:49:31.267548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:51:09.479246 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 10:51:09.479464 0.576137 tcp 10.0.2.109 52713 -> 188.129.248.221 6410 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/02/05 10:55:51.282284 2.996693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 10:55:58.284212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:56:06.285536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:56:22.288399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 10:56:54.294650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:02:58.301155 3.001101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 11:03:05.308008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:03:13.309537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:03:29.312531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:04:01.318601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:10:05.324822 3.001389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 11:10:12.332169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:10:20.333813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:10:36.336991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:11:08.342548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:15:25.442534 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 11:15:25.442649 0.062287 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:15:25.505300 0.000000 udp 10.0.2.109 3683 -> 62.194.180.63 5891 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 11:15:41.536972 0.057845 tcp 10.0.2.109 52714 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 11:15:41.595136 0.053768 tcp 10.0.2.109 52715 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 11:15:41.649292 0.160453 tcp 10.0.2.109 52716 -> 195.113.214.211 443 SRPA* 0 0 48 26086 flow=From-Botnet-V1-TCP-Established 1970/02/05 11:15:41.810304 0.161523 udp 10.0.2.109 3683 <-> 71.13.33.63 1717 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:15:41.972237 0.040587 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:15:42.013316 0.230675 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:15:42.244437 0.047621 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:15:42.292510 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 11:15:59.123586 0.052910 tcp 10.0.2.109 52717 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 11:15:59.176789 0.083553 tcp 10.0.2.109 52718 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 11:15:59.260685 0.146620 tcp 10.0.2.109 52719 -> 195.113.214.211 443 SRPA* 0 0 41 21608 flow=From-Botnet-V1-TCP-Established 1970/02/05 11:15:59.407890 0.056479 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:15:59.464797 0.155951 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:15:59.621226 0.165065 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:15:59.786726 0.179700 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:15:59.966960 0.068614 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:00.035999 0.082536 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:00.118998 0.045322 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:00.164703 0.351205 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:00.516284 0.340260 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:00.856965 0.348131 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:01.205511 0.136146 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:01.342095 0.067025 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:01.409543 0.065335 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:01.475335 0.090092 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:01.565842 0.363418 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:01.929717 0.391889 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:02.322042 0.145375 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:02.467803 0.308782 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:02.776956 1.262600 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:04.039919 0.062192 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:04.102557 0.067690 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:04.170645 0.086100 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:04.257161 0.363980 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:04.621593 0.319613 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:04.941635 0.053889 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:04.995943 0.214420 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:05.210731 0.193647 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:05.404803 0.225185 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:16:05.630479 0.196653 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:17:12.352275 2.998245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 11:17:19.356553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:17:27.357597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:17:43.360745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:18:15.368615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:21:10.058349 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 11:21:10.058466 0.584657 tcp 10.0.2.109 52720 -> 188.129.248.221 6410 FSPA* 0 0 14 1739 flow=From-Botnet-V1-TCP-Established 1970/02/05 11:24:20.374744 3.000970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 11:24:27.381332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:24:35.383104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:24:51.386293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:25:23.392044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:31:27.398331 3.001218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 11:31:34.405474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:31:42.406996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:31:58.409653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:32:30.415755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:38:34.422675 3.001183 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 11:38:41.429210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:38:49.430816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:39:05.434168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:39:37.440004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:45:41.476381 3.001292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 11:45:48.485820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:45:56.485007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:46:12.487818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:46:28.315922 1.686740 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 11:46:30.002772 0.043690 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:30.046870 0.044931 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:30.092205 0.048081 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:30.140671 0.046355 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:30.187438 0.158225 udp 10.0.2.109 3683 <-> 71.13.33.63 1717 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:30.346117 0.166599 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:30.513153 0.053192 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:30.566743 0.151561 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:30.897690 0.163951 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:31.062214 0.183189 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:31.245790 0.069185 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:31.315353 0.339315 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:31.655099 0.343840 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:31.999381 0.082380 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:32.082329 0.045281 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:32.128048 0.347618 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:32.476090 0.136411 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:32.612927 0.067553 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:32.681057 0.061428 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:32.742884 0.086617 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:32.830012 0.144681 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:32.975110 0.310907 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:33.286408 0.378413 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:33.665228 0.391263 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:34.056858 0.181533 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:34.238774 0.056493 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:34.295695 0.055933 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:34.352038 0.074499 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:34.426891 0.053926 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:34.481248 0.210265 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:34.691919 0.194170 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:34.886533 0.319748 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:35.206682 0.326678 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:35.533746 0.141291 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:35.675384 0.199168 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/05 11:46:45.974907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:51:10.677394 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 11:51:10.677505 0.648434 tcp 10.0.2.109 52721 -> 188.129.248.221 6410 FSPA* 0 0 14 1607 flow=From-Botnet-V1-TCP-Established 1970/02/05 11:54:28.503569 3.001672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 11:54:35.511147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:54:43.512613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:54:59.515584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 11:55:31.521699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:01:59.532125 3.001577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 12:02:06.539500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:02:14.541104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:02:30.543815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:03:02.550470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:09:22.558725 3.001813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 12:09:29.566093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:09:37.568149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:09:53.570969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:10:25.577155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:16:29.583174 3.159449 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 12:16:36.717554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:16:41.394008 0.000187 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 12:16:41.394260 0.048079 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:41.442821 0.048219 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:41.491511 0.000000 udp 10.0.2.109 3683 -> 71.13.33.63 1717 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 12:16:44.653819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:16:58.253865 0.054001 tcp 10.0.2.109 52722 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:16:58.308193 0.054295 tcp 10.0.2.109 52723 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:16:58.362778 0.157441 tcp 10.0.2.109 52724 -> 195.113.214.211 443 SRPA* 0 0 40 34544 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:16:58.520806 0.164753 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:58.685953 0.055109 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:58.741448 0.042757 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:58.784603 0.042025 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:58.827101 0.152601 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:58.980114 0.166494 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:59.147128 0.178121 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:59.325634 0.082833 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:59.408852 0.082088 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:59.491392 0.046012 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:59.537791 0.346443 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:16:59.884655 0.145941 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:00.030946 0.342756 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:00.374159 0.339886 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:00.605114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:17:00.714609 0.055342 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:00.770331 0.073837 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:00.844645 0.087136 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:00.932249 0.141542 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:01.147364 0.308365 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:01.456217 0.373787 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:01.830580 0.386596 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:02.218123 0.182616 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:02.401152 0.063473 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:02.464976 0.055636 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:02.521041 0.074163 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:02.595612 0.054122 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:02.650156 0.358995 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:03.009643 0.334164 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:03.344278 0.208742 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:03.553445 0.193421 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:03.747280 0.140781 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:03.888476 0.197146 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:17:32.611060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:21:11.328031 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 12:21:11.328235 0.911959 tcp 10.0.2.109 52725 -> 188.129.248.221 6410 FSPA* 0 0 14 1503 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:23:36.617557 3.072079 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 12:23:43.662029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:23:51.645825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:24:07.648929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:24:39.655018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:30:43.661257 3.001380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 12:30:50.668429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:30:58.669739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:31:14.673081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:31:46.678955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:37:50.696000 3.080900 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 12:37:57.752608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:38:05.724055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:38:21.727162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:38:53.733020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:44:57.739698 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 12:45:04.746325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:45:12.747807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:45:28.750792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:46:00.756369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:47:10.377434 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 12:47:10.377531 0.000000 udp 10.0.2.109 3683 -> 71.13.33.63 1717 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 12:47:28.445485 0.052879 tcp 10.0.2.109 52726 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:47:28.498654 0.052996 tcp 10.0.2.109 52727 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:47:28.551966 0.145439 tcp 10.0.2.109 52728 -> 195.113.214.211 443 SRPA* 0 0 42 22726 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:47:28.698318 0.047613 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:28.746456 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 12:47:45.818847 0.055396 tcp 10.0.2.109 52729 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:47:45.874533 0.055426 tcp 10.0.2.109 52730 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:47:45.930412 0.147187 tcp 10.0.2.109 52731 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:47:46.078135 0.182582 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:46.261226 0.055871 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:46.317503 0.050032 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:46.367966 0.511271 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:46.879673 0.158143 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:47.038235 0.164235 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:47.202876 0.081283 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:47.284599 0.044452 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:47.329533 0.345090 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:47.675099 0.136765 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:47.812258 0.179846 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:47.992451 0.055531 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:48.048420 0.346898 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:48.395784 0.339286 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:48.735487 0.054348 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:48.790267 0.072495 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:48.863137 0.087927 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:48.951419 0.143405 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:49.095237 0.306706 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:49.402420 0.375153 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:49.777986 0.393826 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:50.172245 0.176386 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:50.349014 0.059200 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:50.408670 0.056711 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:50.465857 0.073431 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:50.539695 0.054376 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:50.594519 0.355123 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:50.950110 0.194157 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:51.144719 0.145675 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:51.290778 0.333147 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:51.624390 0.210602 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:47:51.835421 0.199133 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/05 12:51:12.245354 0.042932 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 12:51:12.288504 0.570328 tcp 10.0.2.109 52732 -> 188.129.248.221 6410 FSPA* 0 0 14 1530 flow=From-Botnet-V1-TCP-Established 1970/02/05 12:54:06.768735 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 12:54:13.775922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:54:21.777292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:54:37.780344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 12:55:09.786401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:01:22.805353 3.001076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 13:01:29.812375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:01:37.814433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:01:53.817331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:02:25.865576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:08:54.845505 3.001106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 13:09:01.852329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:09:09.854038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:09:25.856773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:09:57.863262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:16:01.869316 3.019017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 13:16:08.886711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:16:16.888251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:16:32.891256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:17:04.897351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:17:56.271424 0.073310 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 13:17:56.344897 0.046696 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:56.391992 0.046898 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:56.439397 0.047038 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:56.486937 0.042537 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:56.529954 0.166393 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:56.696763 0.052677 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:56.749866 0.153071 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:56.903392 0.163511 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:57.067361 0.081388 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:57.149144 0.044244 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:57.193808 0.344747 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:57.539053 0.135584 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:57.675063 0.181361 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:57.856889 0.056398 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:57.913814 0.336529 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:58.250800 0.361953 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:58.613108 0.056243 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:58.669846 0.067625 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:58.737848 0.087022 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:58.825312 0.381419 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:59.207192 0.144031 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:59.351703 0.307965 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:17:59.660135 0.390136 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:00.050654 0.175137 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:00.226281 0.058775 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:00.285500 0.059903 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:00.345896 0.075216 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:00.421576 0.053249 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:00.475315 0.327393 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:00.803166 0.326534 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:01.130208 0.210926 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:01.341633 0.193087 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:01.555183 0.142288 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:18:01.697925 0.197104 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:21:12.834465 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 13:21:12.834567 0.493280 tcp 10.0.2.109 52733 -> 188.129.248.221 6410 FSPA* 0 0 14 1590 flow=From-Botnet-V1-TCP-Established 1970/02/05 13:23:10.696307 3.045174 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 13:23:17.702167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:23:25.610475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:23:41.419105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:24:13.196558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:30:16.720825 3.067281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 13:30:23.754866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:30:31.638409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:30:47.562319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:31:20.904432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:37:23.030978 3.098601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 13:37:30.111024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:37:38.059982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:38:05.154453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:38:36.691603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:44:35.746420 3.011560 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 13:44:42.713868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:44:50.605340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:45:06.382750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:45:37.946674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:48:31.046354 0.039451 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 13:48:31.085908 0.046226 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.132578 0.044782 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.177785 0.049828 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.228000 0.042169 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.315000 0.172416 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.487848 0.055556 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.543821 0.155056 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.699300 0.165306 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.865008 0.084495 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.949942 0.045304 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:31.995686 0.179743 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:32.175945 0.055585 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:32.231987 0.338564 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:32.570977 0.345757 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:32.917119 0.143642 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:33.061143 0.358181 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:33.419721 0.067672 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:33.487811 0.071103 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:33.559345 0.083369 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:33.643127 0.370021 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:34.013583 0.142628 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:34.156658 0.307760 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:34.464826 0.384227 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:34.849469 0.174269 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:35.024177 0.054380 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:35.078939 0.054650 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:35.133971 0.081234 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:35.215582 0.053847 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:35.269880 0.330507 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:35.600874 0.201088 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:35.802492 0.144984 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:35.947924 0.198956 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:36.147334 0.326297 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:48:36.474231 0.220223 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/05 13:51:13.508414 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 13:51:13.508548 0.705467 tcp 10.0.2.109 52734 -> 188.129.248.221 6410 FSPA* 0 0 14 1597 flow=From-Botnet-V1-TCP-Established 1970/02/05 13:53:54.126406 3.022336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 13:54:01.143745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:54:09.145105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:54:25.148006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 13:54:57.154197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:01:01.160581 3.011677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 14:01:08.177586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:01:16.178996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:01:32.184933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:02:04.198201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:08:14.213188 3.001537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 14:08:21.220498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:08:29.249136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:08:45.234544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:09:17.241633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:15:21.246658 3.005926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 14:15:28.254281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:15:36.255632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:15:52.258681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:16:24.264178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:18:50.555460 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 14:18:50.555658 0.048355 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:50.604383 0.381291 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:50.986082 0.046065 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.032575 0.043441 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.076426 0.168512 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.245332 0.051029 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.296808 0.154884 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.452157 0.171245 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.623786 0.087608 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.711884 0.045564 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.757830 0.184779 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.942981 0.055274 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:51.998643 0.136483 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:52.135496 0.335556 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:52.471488 0.349075 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:52.820973 0.334426 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:53.155804 0.055193 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:53.251075 0.065766 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:53.317274 0.077314 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:53.395016 0.371601 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:53.767013 0.140947 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:53.908386 0.307330 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:54.216161 0.383906 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:54.600475 0.174543 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:54.775407 0.059449 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:54.835237 0.056246 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:54.891894 0.078038 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:54.970304 0.053702 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:55.024360 0.143477 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:55.168199 0.196341 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:55.364902 0.332536 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:55.697809 0.194625 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:55.892828 0.319335 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:18:56.212603 0.208762 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:21:14.051927 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 14:21:14.052036 0.781041 tcp 10.0.2.109 52735 -> 188.129.248.221 6410 FSPA* 0 0 12 1557 flow=From-Botnet-V1-TCP-Established 1970/02/05 14:22:28.270235 3.049361 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 14:22:35.298421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:22:43.289513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:22:59.292729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:23:31.298700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:29:35.304383 3.002006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 14:29:42.480280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:29:50.409691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:30:06.316861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:30:38.322745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:36:42.328232 3.002303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 14:36:49.335764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:36:57.360337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:37:13.344638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:37:45.347507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:43:49.353357 3.001256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 14:43:56.360270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:44:04.361650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:44:20.364796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:44:52.370562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:49:05.905679 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 14:49:05.905786 0.079787 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:05.986029 0.505958 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:06.492446 0.040902 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:06.533740 0.046656 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:06.580813 0.165754 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:06.746958 0.048186 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:06.795506 0.155471 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:06.951320 0.170467 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:07.122329 0.082779 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:07.205519 0.045990 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:07.251903 0.152817 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:07.405193 0.339101 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:07.744643 0.183178 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:07.928321 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 14:49:25.034443 0.052660 tcp 10.0.2.109 52736 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 14:49:25.087388 0.054280 tcp 10.0.2.109 52737 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 14:49:25.141935 0.162759 tcp 10.0.2.109 52738 -> 195.113.214.211 443 SRPA* 0 0 42 25180 flow=From-Botnet-V1-TCP-Established 1970/02/05 14:49:25.263709 0.388208 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:25.652308 0.334608 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:25.987358 0.000000 udp 10.0.2.109 3683 -> 93.177.176.251 7216 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 14:49:42.936650 0.052236 tcp 10.0.2.109 52739 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 14:49:42.989176 0.052806 tcp 10.0.2.109 52740 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 14:49:43.042358 0.142701 tcp 10.0.2.109 52741 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 14:49:43.185644 0.072180 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:43.258245 0.085067 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:43.343752 0.372099 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:43.716307 0.384017 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:44.100730 0.176997 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:44.278129 0.140342 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:44.418924 0.309923 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:44.729339 0.058010 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:44.787751 0.056652 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:44.844800 0.075563 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:44.920811 0.053752 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:44.974941 0.141341 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:45.116702 0.199196 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:45.316362 0.366165 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:45.682963 0.206505 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:45.889872 0.194550 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:49:46.084828 0.319465 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/05 14:50:56.377742 3.000661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 14:51:03.384105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:51:11.385643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:51:14.843496 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 14:51:14.843593 0.538460 tcp 10.0.2.109 52742 -> 188.129.248.221 6410 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/02/05 14:51:27.388512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:51:59.394487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:58:03.402493 2.999891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 14:58:10.408021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:58:18.409533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:58:34.412612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 14:59:06.418747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:05:35.431158 3.080175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 15:05:45.141109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:05:53.044899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:06:08.861439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:06:40.474043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:12:42.475759 3.000714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 15:12:49.482236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:12:57.493605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:13:13.496448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:13:45.502636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:19:49.508315 3.113746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 15:19:58.068921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:20:05.972290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:20:12.374234 0.000160 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 15:20:12.374504 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 15:20:21.927102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:20:30.576109 0.055660 tcp 10.0.2.109 52743 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:20:30.632128 0.052781 tcp 10.0.2.109 52744 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:20:30.685250 0.142138 tcp 10.0.2.109 52745 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:20:30.828495 0.000000 udp 10.0.2.109 3683 -> 93.177.176.251 7216 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 15:20:47.434251 0.052076 tcp 10.0.2.109 52746 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:20:47.486644 0.052662 tcp 10.0.2.109 52747 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:20:47.539620 0.141829 tcp 10.0.2.109 52748 -> 195.113.214.211 443 SRPA* 0 0 40 21958 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:20:47.682029 0.272873 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:47.955337 0.052110 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:48.007877 0.046043 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:48.054474 1.029223 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:49.084092 0.049423 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:49.133898 0.046551 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:49.180855 0.164191 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:49.345500 0.045174 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:49.391143 0.148398 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:49.539932 0.351626 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:49.891962 0.075397 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:49.967774 0.161418 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:50.129625 0.179293 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:50.309320 0.349193 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:50.658870 0.343002 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:51.002328 0.066015 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:51.068835 0.085042 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:51.154272 0.370883 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:51.525614 0.143598 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:51.669630 0.308003 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:51.978022 0.059658 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:52.038276 0.388949 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:52.427633 0.180073 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:52.608080 0.056338 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:52.664775 0.084521 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:20:52.749719 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 15:20:53.921868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:21:09.968769 0.051991 tcp 10.0.2.109 52749 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:21:10.021091 0.053570 tcp 10.0.2.109 52750 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:21:10.074923 0.144063 tcp 10.0.2.109 52751 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:21:10.219670 0.142673 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:21:10.362815 0.200292 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:21:10.563575 0.391828 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:21:10.955857 0.319276 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:21:11.292729 0.215184 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:21:11.508284 0.193355 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:21:16.476650 1.296567 tcp 10.0.2.109 52752 -> 188.129.248.221 6410 FSPA* 0 0 14 1685 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:26:56.552023 3.001702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 15:27:03.559935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:27:11.561884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:27:27.567043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:27:59.570605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:34:03.576943 3.001157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 15:34:10.583668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:34:18.588961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:34:34.588634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:35:06.594429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:41:10.620449 3.002592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 15:41:17.627896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:41:25.629281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:41:41.632492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:42:13.638679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:48:17.643969 3.002003 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 15:48:24.651214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:48:32.653001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:48:48.656503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:49:20.662773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:51:16.699638 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 15:51:16.699739 0.674175 tcp 10.0.2.109 52753 -> 188.129.248.221 6410 FSPA* 0 0 14 1653 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:51:24.581208 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 15:51:43.579538 0.054298 tcp 10.0.2.109 52754 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:51:43.634214 0.052877 tcp 10.0.2.109 52755 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:51:43.687434 0.143437 tcp 10.0.2.109 52756 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/05 15:51:43.831408 0.045784 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:43.877550 0.166767 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:44.044691 0.050021 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:44.095173 0.046379 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:44.141955 0.435355 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:44.577676 0.044268 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:44.622485 0.044142 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:44.667025 0.165055 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:44.832429 0.080133 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:44.913008 0.152763 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 203 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:45.066279 0.351361 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:45.418039 0.146573 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:45.565013 0.338913 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:45.904376 0.070461 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:45.975215 0.082635 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:46.058225 0.348965 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:46.407586 0.184686 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:46.592703 0.306568 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:46.899662 0.062179 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:46.962402 0.361930 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:47.324779 0.141207 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:47.466574 0.055956 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:47.522903 0.081240 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:47.604493 0.393994 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:47.998861 0.181915 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:48.181195 0.198010 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:48.379606 0.356520 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:48.736500 0.143905 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:48.880830 0.202940 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:49.084181 0.326064 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:51:49.410578 0.213764 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/05 15:55:44.676966 3.002000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 15:55:51.684654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:55:59.686171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:56:15.689093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 15:56:47.696672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:02:51.702358 3.234886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 16:02:58.904051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:03:06.830294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:03:22.723234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:03:54.728767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:09:58.736282 3.000584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 16:10:05.855549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:10:13.788354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:10:29.746992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:11:01.753246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:17:05.760177 3.000641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 16:17:12.766414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:17:20.768095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:17:36.771149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:18:08.777578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:21:17.378499 0.163735 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 16:21:17.542401 0.675578 tcp 10.0.2.109 52757 -> 188.129.248.221 6410 FSPA* 0 0 14 1549 flow=From-Botnet-V1-TCP-Established 1970/02/05 16:22:11.046024 0.051284 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:11.097766 0.046883 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:11.145036 0.040427 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:11.185974 0.166363 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:11.352792 0.041692 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:11.394968 0.056021 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:11.451466 0.044907 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:11.496826 0.163957 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:11.661199 0.350470 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:12.012132 0.076439 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:12.089047 0.161033 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:12.250432 0.066518 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:12.317318 0.081865 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:12.399526 0.145557 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:12.545473 0.339822 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:12.885769 0.349228 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:13.235388 0.180087 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:13.415951 0.363618 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:13.780076 0.142464 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:13.923031 0.311604 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:14.235040 0.055277 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:14.290695 0.387366 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:14.678518 0.056676 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:14.735633 0.076156 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:14.812268 0.178056 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:14.990715 0.197427 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:15.188541 0.382461 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:15.571419 0.333054 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:15.754765 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 16:22:15.904834 0.141308 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:16.046518 0.192906 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:22:16.239869 0.211290 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:24:12.793631 3.000770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 16:24:19.800694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:24:27.802670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:24:43.807291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:25:15.811206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:31:19.817813 3.001198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 16:31:26.824627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:31:34.825953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:31:50.828705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:32:22.835275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:38:26.841815 3.002655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 16:38:33.848631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:38:41.852815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:38:57.852581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:39:29.859029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:45:33.865076 3.000893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 16:45:40.872546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:45:48.873674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:46:04.876328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:46:36.883218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:51:18.067830 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 16:51:18.067992 0.603210 tcp 10.0.2.109 52758 -> 188.129.248.221 6410 FSPA* 0 0 12 1572 flow=From-Botnet-V1-TCP-Established 1970/02/05 16:52:20.096321 0.094416 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 16:52:20.190849 0.050943 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:20.242279 0.047588 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:20.290264 0.046217 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:20.336936 0.165037 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:20.502486 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 16:52:35.530916 0.055023 tcp 10.0.2.109 52759 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 16:52:35.586487 0.054266 tcp 10.0.2.109 52760 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 16:52:35.641084 0.144646 tcp 10.0.2.109 52761 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/05 16:52:35.786284 0.058259 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:35.845012 0.045328 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:35.890709 0.167182 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:36.058354 0.155576 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:36.214400 0.067853 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:36.282694 0.085514 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:36.368672 0.151362 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:36.520560 0.342369 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:36.863372 0.079502 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:36.943277 0.352246 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:37.295960 0.348460 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:37.644832 0.182934 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:37.828143 0.365161 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:38.193759 0.060167 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:38.254402 0.388573 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:38.643378 0.055604 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:38.699424 0.082859 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:38.782654 0.141535 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:38.924593 0.307989 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:39.232985 0.178088 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:39.411528 0.202704 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:39.614999 0.388905 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:40.004342 0.197240 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:40.201954 0.213506 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:40.415912 0.319275 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:52:40.735579 0.143786 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/05 16:54:23.896231 3.012565 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 16:54:30.913829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:54:38.915909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:54:54.918949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 16:55:26.925095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:01:53.943805 3.108543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 17:02:01.026516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:02:08.962778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:02:24.965968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:02:56.971890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:09:05.986404 3.112075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 17:09:13.073775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:09:21.011159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:09:37.007432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:10:09.036083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:16:13.030854 3.000736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 17:16:20.036258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:16:28.038306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:16:44.041229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:17:16.047205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:21:18.676359 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 17:21:18.676459 0.683123 tcp 10.0.2.109 52762 -> 188.129.248.221 6410 FSPA* 0 0 14 1586 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:22:50.107805 0.008552 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 17:22:50.116429 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 17:23:08.716173 0.052360 tcp 10.0.2.109 52763 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:23:08.768803 0.053788 tcp 10.0.2.109 52764 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:23:08.822841 0.144456 tcp 10.0.2.109 52765 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:23:08.967845 0.168588 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.136898 0.047734 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.185155 0.051777 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.237438 0.046977 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.284884 0.053536 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.338876 0.045067 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.384395 0.166579 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.551405 0.168273 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.720079 0.068665 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.789173 0.079341 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:09.868909 0.143070 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:10.012884 0.505459 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:10.518779 0.344511 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:10.863716 0.079465 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:10.943592 0.350934 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:11.294969 0.185500 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:11.481058 0.386543 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:11.867985 0.054609 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:11.923012 0.372710 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:12.296174 0.057414 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:12.353969 0.307213 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:12.661547 0.071865 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:12.733750 0.143203 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:12.877435 0.177472 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:13.055369 0.199755 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:13.255510 0.326843 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:13.582800 0.194630 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:13.777884 0.283490 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:14.061812 0.340254 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:14.402457 0.142382 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:23:20.055413 2.999389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 17:23:27.059999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:23:35.062096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:23:51.065116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:24:23.071085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:30:27.081954 2.996929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 17:30:34.084126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:30:42.095939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:30:58.099023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:31:30.105188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:37:34.111803 3.004475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 17:37:41.118696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:37:49.120048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:38:05.123159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:38:37.129109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:44:41.135491 3.081380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 17:44:48.193415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:44:56.154299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:45:12.157180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:45:44.164749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:51:19.365805 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 17:51:19.365917 2.993311 tcp 10.0.2.109 52766 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:51:28.357670 0.000000 tcp 10.0.2.109 52766 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:51:34.368524 0.053008 tcp 10.0.2.109 52767 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:51:34.421822 0.053798 tcp 10.0.2.109 52768 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:51:34.475975 0.143748 tcp 10.0.2.109 52769 -> 195.113.214.211 443 SRPA* 0 0 39 20232 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:51:34.659981 3.001388 tcp 10.0.2.109 52770 -> 94.156.200.83 6984 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:51:43.659895 0.000000 tcp 10.0.2.109 52770 -> 94.156.200.83 6984 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:51:49.659336 0.053469 tcp 10.0.2.109 52771 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:51:49.713046 0.054283 tcp 10.0.2.109 52772 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:51:49.767655 0.153014 tcp 10.0.2.109 52773 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:51:49.953425 2.999701 tcp 10.0.2.109 52774 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:51:58.951935 0.000000 tcp 10.0.2.109 52774 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:52:04.950937 0.052772 tcp 10.0.2.109 52775 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:52:05.003989 0.054821 tcp 10.0.2.109 52776 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:52:05.059087 0.146110 tcp 10.0.2.109 52777 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:52:05.239918 3.005119 tcp 10.0.2.109 52778 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:52:14.243844 0.000000 tcp 10.0.2.109 52778 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:52:20.233195 0.052812 tcp 10.0.2.109 52779 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:52:20.286420 0.053923 tcp 10.0.2.109 52780 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:52:20.340643 0.148036 tcp 10.0.2.109 52781 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:52:20.652130 3.005224 tcp 10.0.2.109 52782 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:52:29.665934 0.000000 tcp 10.0.2.109 52782 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:52:35.644834 2.994290 tcp 10.0.2.109 52783 -> 94.156.200.83 6984 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:52:44.637499 0.000000 tcp 10.0.2.109 52783 -> 94.156.200.83 6984 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:52:50.646562 2.993913 tcp 10.0.2.109 52784 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:52:59.645843 0.000000 tcp 10.0.2.109 52784 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:53:05.647922 3.007139 tcp 10.0.2.109 52785 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:53:10.258472 0.005685 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 17:53:14.651133 0.000000 tcp 10.0.2.109 52785 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:53:34.879943 0.167276 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:35.047652 0.047241 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:35.095251 0.052112 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:35.147775 0.040553 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:35.188701 0.056252 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:35.245307 0.045387 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:35.291116 0.170661 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:35.462212 0.157676 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:35.620256 0.079068 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:35.699718 0.470650 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:36.170805 0.079493 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:36.250758 0.145481 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:36.396608 0.346189 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:36.743158 0.082445 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:36.826039 0.345659 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:37.172043 0.179756 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:37.352339 0.371605 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:37.724347 0.061415 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:37.786101 0.306968 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:38.093445 0.074600 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:38.168417 0.388629 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:38.557393 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 17:53:56.141632 0.068043 tcp 10.0.2.109 52786 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:53:56.209957 0.055501 tcp 10.0.2.109 52787 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:53:56.265779 0.144601 tcp 10.0.2.109 52788 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:53:56.410929 0.144037 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:56.555349 0.180694 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:56.736424 0.197968 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:56.934781 0.326516 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:57.261698 0.194933 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:57.457029 0.143120 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:57.600548 0.210521 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:57.811590 0.326502 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/05 17:53:58.180391 2.997254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 17:54:05.183254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:54:13.184954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:54:29.188374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:55:01.194018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 17:58:20.651470 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 17:58:20.651661 3.003291 tcp 10.0.2.109 52789 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:58:29.653686 0.000000 tcp 10.0.2.109 52789 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:58:35.654040 0.052532 tcp 10.0.2.109 52790 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:58:35.706826 0.053402 tcp 10.0.2.109 52791 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:58:35.760482 0.147253 tcp 10.0.2.109 52792 -> 195.113.214.211 443 SRPA* 0 0 40 32238 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:58:35.977571 2.999529 tcp 10.0.2.109 52793 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:58:44.975293 0.000000 tcp 10.0.2.109 52793 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:58:50.975142 0.052292 tcp 10.0.2.109 52794 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:58:51.027757 0.053239 tcp 10.0.2.109 52795 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:58:51.081309 0.147890 tcp 10.0.2.109 52796 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:58:51.275548 2.983693 tcp 10.0.2.109 52797 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:59:00.257965 0.000000 tcp 10.0.2.109 52797 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:59:06.267275 0.052234 tcp 10.0.2.109 52798 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:59:06.319787 0.076745 tcp 10.0.2.109 52799 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:59:06.396895 0.143352 tcp 10.0.2.109 52800 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:59:07.185794 2.977652 tcp 10.0.2.109 52801 -> 94.156.200.83 6984 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:59:16.120872 0.000000 tcp 10.0.2.109 52801 -> 94.156.200.83 6984 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:59:22.109736 0.054175 tcp 10.0.2.109 52802 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:59:22.163779 0.052790 tcp 10.0.2.109 52803 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:59:22.216819 0.144306 tcp 10.0.2.109 52804 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/05 17:59:22.519284 3.005075 tcp 10.0.2.109 52805 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:59:31.522641 0.000000 tcp 10.0.2.109 52805 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:59:37.511317 3.004272 tcp 10.0.2.109 52806 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:59:46.513836 0.000000 tcp 10.0.2.109 52806 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 17:59:52.680572 2.971784 tcp 10.0.2.109 52807 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:00:01.610263 0.000000 tcp 10.0.2.109 52807 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:00:06.303178 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:00:07.553218 2.966269 tcp 10.0.2.109 52808 -> 94.156.200.83 6984 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:00:16.599715 0.000000 tcp 10.0.2.109 52808 -> 94.156.200.83 6984 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:01:05.200581 3.001367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 18:01:12.207377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:01:20.208879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:01:36.211871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:02:08.218317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:05:22.517904 0.234864 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:05:22.752937 2.970079 tcp 10.0.2.109 52809 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:05:31.664351 0.000000 tcp 10.0.2.109 52809 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:05:37.616420 0.189852 tcp 10.0.2.109 52810 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:05:37.806615 0.054089 tcp 10.0.2.109 52811 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:05:37.861007 0.124411 tcp 10.0.2.109 52812 -> 195.113.214.211 443 SRPA* 0 0 32 16642 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:05:38.070893 2.975912 tcp 10.0.2.109 52813 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:05:46.992600 0.000000 tcp 10.0.2.109 52813 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:05:52.991966 0.053008 tcp 10.0.2.109 52814 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:05:53.044803 0.053657 tcp 10.0.2.109 52815 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:05:53.098746 0.148140 tcp 10.0.2.109 52816 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:05:53.367101 2.999570 tcp 10.0.2.109 52817 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:06:02.364344 0.000000 tcp 10.0.2.109 52817 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:06:08.363874 0.052487 tcp 10.0.2.109 52818 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:06:08.416637 0.054721 tcp 10.0.2.109 52819 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:06:08.471741 0.141342 tcp 10.0.2.109 52820 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:06:08.771689 2.996048 tcp 10.0.2.109 52821 -> 94.156.200.83 6984 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:06:17.776317 0.000000 tcp 10.0.2.109 52821 -> 94.156.200.83 6984 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:06:23.765773 0.030093 tcp 10.0.2.109 52822 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:06:23.796221 0.053695 tcp 10.0.2.109 52823 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:06:23.850352 0.122006 tcp 10.0.2.109 52824 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:06:24.035538 2.994375 tcp 10.0.2.109 52825 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:06:33.028663 0.000000 tcp 10.0.2.109 52825 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:06:39.037713 3.003930 tcp 10.0.2.109 52826 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:06:48.040486 0.000000 tcp 10.0.2.109 52826 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:06:54.039304 3.006311 tcp 10.0.2.109 52827 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:07:03.041743 0.000000 tcp 10.0.2.109 52827 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:07:09.041437 3.003240 tcp 10.0.2.109 52828 -> 94.156.200.83 6984 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:07:13.747233 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:07:18.043089 0.000000 tcp 10.0.2.109 52828 -> 94.156.200.83 6984 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:08:20.229837 3.103244 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 18:08:27.309207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:08:35.251258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:08:51.247521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:09:23.254312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:12:24.043984 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:12:24.044202 3.003205 tcp 10.0.2.109 52829 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:12:33.056479 0.000000 tcp 10.0.2.109 52829 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:12:39.047319 0.053561 tcp 10.0.2.109 52830 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:12:39.101146 0.052930 tcp 10.0.2.109 52831 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:12:39.154386 0.132935 tcp 10.0.2.109 52832 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:12:39.361551 2.998051 tcp 10.0.2.109 52833 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:12:48.357959 0.000000 tcp 10.0.2.109 52833 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:12:54.357953 0.052312 tcp 10.0.2.109 52834 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:12:54.410566 0.031666 tcp 10.0.2.109 52835 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:12:54.442506 0.122055 tcp 10.0.2.109 52836 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:12:54.843823 2.998354 tcp 10.0.2.109 52837 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:13:03.840326 0.000000 tcp 10.0.2.109 52837 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:13:09.839725 0.052353 tcp 10.0.2.109 52838 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:13:09.892347 0.053989 tcp 10.0.2.109 52839 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:13:09.946648 0.147652 tcp 10.0.2.109 52840 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:13:10.335734 2.998666 tcp 10.0.2.109 52841 -> 94.156.200.83 6984 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:13:19.332729 0.000000 tcp 10.0.2.109 52841 -> 94.156.200.83 6984 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:13:25.332149 0.053252 tcp 10.0.2.109 52842 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:13:25.385310 0.052162 tcp 10.0.2.109 52843 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:13:25.437797 0.144543 tcp 10.0.2.109 52844 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:13:25.700605 3.006104 tcp 10.0.2.109 52845 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:13:34.705217 0.000000 tcp 10.0.2.109 52845 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:13:40.693122 2.994846 tcp 10.0.2.109 52846 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:13:49.696311 0.000000 tcp 10.0.2.109 52846 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:13:55.695346 2.993898 tcp 10.0.2.109 52847 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:14:04.687537 0.000000 tcp 10.0.2.109 52847 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:14:10.696536 2.994607 tcp 10.0.2.109 52848 -> 94.156.200.83 6984 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:14:15.253601 0.000194 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:14:19.689524 0.000000 tcp 10.0.2.109 52848 -> 94.156.200.83 6984 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:15:27.259973 3.001330 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 18:15:34.267117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:15:42.268539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:15:58.271490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:16:30.277279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:22:34.283710 3.001540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 18:22:41.290783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:22:49.292398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:23:05.297307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:23:37.301341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:24:06.623855 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:24:06.624055 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 18:24:22.187676 0.031640 tcp 10.0.2.109 52849 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:24:22.219605 0.032600 tcp 10.0.2.109 52850 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:24:22.252495 0.123276 tcp 10.0.2.109 52851 -> 195.113.214.211 443 SRPA* 0 0 35 22360 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:24:22.376380 0.066860 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:22.427220 0.049666 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:22.518524 0.177907 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:22.693621 0.067459 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:22.746526 0.181544 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:22.923911 0.156023 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:23.262357 0.094267 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:23.338579 0.054316 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:23.441758 0.046577 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:23.490854 0.151638 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:23.638732 0.412138 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:24.076696 0.148555 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:24.202413 0.349052 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:24.547583 0.335153 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:24.890588 0.200826 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:25.052297 0.384651 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:25.416357 0.192449 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:25.601960 0.080617 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:25.667874 0.311135 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:25.809108 2.977801 tcp 10.0.2.109 52852 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:24:26.010746 0.113607 rtp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:26.088829 0.413035 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:26.481078 0.170166 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:26.628899 0.210619 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:26.815077 0.239961 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:27.013985 0.169818 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:27.162208 0.259650 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2571 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:27.380642 0.352315 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:27.711991 0.216251 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:27.909212 0.336433 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:24:34.734906 0.000000 tcp 10.0.2.109 52852 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:24:40.733445 0.030379 tcp 10.0.2.109 52853 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:24:40.764137 0.054513 tcp 10.0.2.109 52854 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:24:40.819019 0.121848 tcp 10.0.2.109 52855 -> 195.113.214.211 443 SRPA* 0 0 37 22468 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:24:40.959320 3.007863 tcp 10.0.2.109 52856 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:24:49.966022 0.000000 tcp 10.0.2.109 52856 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:24:55.955044 0.030459 tcp 10.0.2.109 52857 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:24:55.985838 0.054323 tcp 10.0.2.109 52858 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:24:56.040414 0.122664 tcp 10.0.2.109 52859 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:24:56.179899 2.999270 tcp 10.0.2.109 52860 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:25:05.187502 0.000000 tcp 10.0.2.109 52860 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:25:11.176656 3.009174 tcp 10.0.2.109 52861 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:25:20.169157 0.000000 tcp 10.0.2.109 52861 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:29:41.307895 3.001041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 18:29:48.314893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:29:56.316705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:30:12.319270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:30:26.180019 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:30:26.180193 3.003210 tcp 10.0.2.109 52862 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:30:35.181951 0.000000 tcp 10.0.2.109 52862 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:30:41.182454 0.032212 tcp 10.0.2.109 52863 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:30:41.215006 0.054293 tcp 10.0.2.109 52864 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:30:41.269631 0.146642 tcp 10.0.2.109 52865 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:30:41.513300 3.003653 tcp 10.0.2.109 52866 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:30:44.326929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:30:50.514328 0.000000 tcp 10.0.2.109 52866 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:30:56.513622 0.053386 tcp 10.0.2.109 52867 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:30:56.567248 0.041622 tcp 10.0.2.109 52868 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:30:56.609177 0.140764 tcp 10.0.2.109 52869 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:30:56.994288 2.993394 tcp 10.0.2.109 52870 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:31:05.996479 0.000000 tcp 10.0.2.109 52870 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:31:11.995451 2.994003 tcp 10.0.2.109 52871 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:31:20.987660 0.000000 tcp 10.0.2.109 52871 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:36:26.998426 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:36:26.998532 3.003944 tcp 10.0.2.109 52872 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:36:36.000955 0.000000 tcp 10.0.2.109 52872 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:36:42.001398 0.054215 tcp 10.0.2.109 52873 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:36:42.055977 0.053504 tcp 10.0.2.109 52874 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:36:42.109866 0.121412 tcp 10.0.2.109 52875 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:36:42.522011 3.002582 tcp 10.0.2.109 52876 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:36:48.347710 2.990053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 18:36:51.527012 0.000000 tcp 10.0.2.109 52876 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:36:55.338923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:36:57.522561 0.053203 tcp 10.0.2.109 52877 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:36:57.576062 0.053931 tcp 10.0.2.109 52878 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:36:57.630456 0.147020 tcp 10.0.2.109 52879 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:36:57.844694 3.001883 tcp 10.0.2.109 52880 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:37:03.340405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:37:06.845013 0.000000 tcp 10.0.2.109 52880 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:37:12.843869 2.995614 tcp 10.0.2.109 52881 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:37:19.343567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:37:21.846430 0.000000 tcp 10.0.2.109 52881 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:37:51.349327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:42:27.847490 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:42:27.847601 3.003686 tcp 10.0.2.109 52882 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:42:36.849656 0.000000 tcp 10.0.2.109 52882 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:42:42.850430 0.055010 tcp 10.0.2.109 52883 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:42:42.905786 0.031234 tcp 10.0.2.109 52884 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:42:42.937351 0.124943 tcp 10.0.2.109 52885 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:42:43.169958 3.003124 tcp 10.0.2.109 52886 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:42:52.171659 0.000000 tcp 10.0.2.109 52886 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:42:58.171093 0.030922 tcp 10.0.2.109 52887 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:42:58.202393 0.032095 tcp 10.0.2.109 52888 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:42:58.234788 0.123070 tcp 10.0.2.109 52889 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:42:58.462756 3.002338 tcp 10.0.2.109 52890 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:43:07.577408 0.000000 tcp 10.0.2.109 52890 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:43:13.526169 2.976119 tcp 10.0.2.109 52891 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:43:22.531723 0.000000 tcp 10.0.2.109 52891 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:43:55.355187 3.001971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 18:44:02.363515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:44:10.364558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:44:26.367145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:44:58.373232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:51:02.380269 3.022219 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 18:51:09.396736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:51:17.397971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:51:33.401303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:52:05.407214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:54:53.208804 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 18:54:53.208896 0.176032 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:53.381968 0.066458 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:53.432229 0.070813 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:53.486579 0.049178 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:53.534220 0.168133 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:53.717669 0.157252 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:53.885521 0.090826 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:53.998548 0.076292 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:54.071579 0.047880 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:54.247152 0.147417 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:54.387203 0.354148 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:54.737398 0.338689 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:55.106012 0.366803 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:55.482819 0.107187 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:55.567006 0.117845 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:55.648659 0.381979 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:56.012538 0.193299 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:56.198479 0.073254 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:56.265928 0.408886 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:56.654908 0.168236 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:56.799902 0.207011 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:56.984104 0.310986 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:57.326664 0.111747 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:57.402324 0.241736 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:57.605139 0.166216 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:57.749471 0.495534 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:58.199918 0.349009 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:58.524687 2.981215 tcp 10.0.2.109 52892 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:54:58.531074 0.217499 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:54:58.728194 0.336548 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/05 18:55:07.498831 0.000000 tcp 10.0.2.109 52892 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:55:13.509473 0.052522 tcp 10.0.2.109 52893 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:55:13.562323 0.031311 tcp 10.0.2.109 52894 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:55:13.593941 0.121791 tcp 10.0.2.109 52895 -> 195.113.214.211 443 SRPA* 0 0 36 18904 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:55:13.832772 2.999721 tcp 10.0.2.109 52896 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:55:22.831047 0.000000 tcp 10.0.2.109 52896 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:55:28.830425 0.030854 tcp 10.0.2.109 52897 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:55:28.861584 0.031398 tcp 10.0.2.109 52898 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:55:28.893238 0.146070 tcp 10.0.2.109 52899 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/05 18:55:29.087794 3.006631 tcp 10.0.2.109 52900 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:55:38.092839 0.000000 tcp 10.0.2.109 52900 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:55:44.081868 3.004111 tcp 10.0.2.109 52901 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:55:53.084751 0.000000 tcp 10.0.2.109 52901 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 18:58:09.413807 3.001344 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 18:58:16.420943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:58:24.422392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:58:40.425264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 18:59:12.433525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:00:59.087166 0.278663 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 19:00:59.365932 2.953459 tcp 10.0.2.109 52902 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:01:08.267223 0.000000 tcp 10.0.2.109 52902 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:01:14.226559 0.146069 tcp 10.0.2.109 52903 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:01:14.372918 0.032234 tcp 10.0.2.109 52904 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:01:14.405401 0.146929 tcp 10.0.2.109 52905 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:01:14.589525 2.973949 tcp 10.0.2.109 52906 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:01:23.505213 0.000000 tcp 10.0.2.109 52906 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:01:29.443253 0.030760 tcp 10.0.2.109 52907 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:01:29.474289 0.031399 tcp 10.0.2.109 52908 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:01:29.505999 0.121557 tcp 10.0.2.109 52909 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:01:29.962894 2.975752 tcp 10.0.2.109 52910 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:01:38.881625 0.000000 tcp 10.0.2.109 52910 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:01:44.881049 3.003742 tcp 10.0.2.109 52911 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:01:53.883363 0.000000 tcp 10.0.2.109 52911 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:05:41.443651 3.001357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 19:05:48.453513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:05:56.452778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:06:12.455522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:06:44.461158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:06:59.883491 0.000147 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 19:06:59.883735 3.003836 tcp 10.0.2.109 52912 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:07:08.896048 0.000000 tcp 10.0.2.109 52912 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:07:14.886970 0.030838 tcp 10.0.2.109 52913 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:07:14.918046 0.044516 tcp 10.0.2.109 52914 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:07:14.962891 0.123169 tcp 10.0.2.109 52915 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:07:15.552746 2.997172 tcp 10.0.2.109 52916 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:07:24.548918 0.000000 tcp 10.0.2.109 52916 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:07:31.422947 0.030864 tcp 10.0.2.109 52917 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:07:31.454060 0.032451 tcp 10.0.2.109 52918 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:07:31.486815 0.122996 tcp 10.0.2.109 52919 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:07:32.116754 2.971969 tcp 10.0.2.109 52920 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:07:41.017346 0.000000 tcp 10.0.2.109 52920 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:07:46.933876 2.968884 tcp 10.0.2.109 52921 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:07:55.832075 0.000000 tcp 10.0.2.109 52921 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:12:48.467797 3.051190 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 19:12:55.500184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:13:01.243418 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 19:13:01.243500 3.003642 tcp 10.0.2.109 52922 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:13:03.486236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:13:10.245605 0.000000 tcp 10.0.2.109 52922 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:13:16.246406 0.031571 tcp 10.0.2.109 52923 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:13:16.278482 0.052892 tcp 10.0.2.109 52924 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:13:16.331679 0.145725 tcp 10.0.2.109 52925 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:13:16.522350 2.996841 tcp 10.0.2.109 52926 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:13:19.489133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:13:25.517698 0.000000 tcp 10.0.2.109 52926 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:13:31.516996 0.030857 tcp 10.0.2.109 52927 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:13:31.548143 0.031186 tcp 10.0.2.109 52928 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:13:31.579622 0.121950 tcp 10.0.2.109 52929 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:13:31.724716 2.995625 tcp 10.0.2.109 52930 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:13:40.719792 0.000000 tcp 10.0.2.109 52930 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:13:46.718779 3.003951 tcp 10.0.2.109 52931 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:13:51.495046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:13:55.722715 0.000000 tcp 10.0.2.109 52931 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:19:55.502010 3.000721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 19:20:02.508940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:20:10.510005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:20:26.513003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:20:58.519274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:25:01.903576 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 19:25:01.903759 0.065769 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:01.952687 0.050593 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:02.047808 0.171357 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:02.290558 0.237057 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:02.523780 0.066918 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:02.597434 0.158461 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:03.201769 0.087620 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:03.272151 0.059481 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:03.330556 0.047981 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:03.479013 0.153739 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:03.624815 0.350331 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2558 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:03.971067 0.345026 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:04.340921 0.469042 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:04.885138 0.110045 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:04.970828 0.116575 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:05.053199 0.077228 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:05.116722 0.392381 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:05.492134 0.198520 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:05.682669 0.206271 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:05.865786 0.409381 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:06.254996 0.165962 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:06.399281 0.311365 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:06.709113 0.118052 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:06.792932 0.238884 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:07.028770 0.170976 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:07.175905 0.250088 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:07.391851 0.329626 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:07.721026 0.364931 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:08.068538 0.217974 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:25:16.761104 3.005829 tcp 10.0.2.109 52932 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:25:25.767535 0.000000 tcp 10.0.2.109 52932 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:25:31.763879 0.031385 tcp 10.0.2.109 52933 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:25:31.795546 0.030957 tcp 10.0.2.109 52934 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:25:31.826773 0.123678 tcp 10.0.2.109 52935 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:25:32.517757 3.009481 tcp 10.0.2.109 52936 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:25:41.535955 0.000000 tcp 10.0.2.109 52936 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:25:47.518813 0.030399 tcp 10.0.2.109 52937 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:25:47.549469 0.053823 tcp 10.0.2.109 52938 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:25:47.603556 0.145557 tcp 10.0.2.109 52939 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:25:47.759200 2.991941 tcp 10.0.2.109 52940 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:25:56.747918 0.000000 tcp 10.0.2.109 52940 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:26:02.756684 2.994557 tcp 10.0.2.109 52941 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:26:11.749405 0.000000 tcp 10.0.2.109 52941 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:27:02.525000 3.001816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 19:27:09.535163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:27:17.534531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:27:33.537564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:28:05.542773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:31:17.760023 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 19:31:17.760176 3.003766 tcp 10.0.2.109 52942 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:31:26.762414 0.000000 tcp 10.0.2.109 52942 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:31:32.762554 0.053662 tcp 10.0.2.109 52943 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:31:32.816561 0.053946 tcp 10.0.2.109 52944 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:31:32.870846 0.145109 tcp 10.0.2.109 52945 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:31:33.038787 3.006876 tcp 10.0.2.109 52946 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:31:42.044578 0.000000 tcp 10.0.2.109 52946 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:31:48.033810 0.030799 tcp 10.0.2.109 52947 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:31:48.064883 0.032386 tcp 10.0.2.109 52948 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:31:48.097549 0.122708 tcp 10.0.2.109 52949 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:31:48.255803 3.001657 tcp 10.0.2.109 52950 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:31:57.265946 0.000000 tcp 10.0.2.109 52950 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:32:03.254968 2.993978 tcp 10.0.2.109 52951 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:32:12.247647 0.000000 tcp 10.0.2.109 52951 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:34:09.549764 3.000888 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 19:34:16.556335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:34:24.558276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:34:40.560904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:35:12.566809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:37:18.258652 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 19:37:18.258851 3.003021 tcp 10.0.2.109 52952 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:37:27.261042 0.000000 tcp 10.0.2.109 52952 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:37:33.260782 0.032101 tcp 10.0.2.109 52953 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:37:33.293139 0.053649 tcp 10.0.2.109 52954 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:37:33.347089 0.121604 tcp 10.0.2.109 52955 -> 195.113.214.211 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:37:33.571974 3.001952 tcp 10.0.2.109 52956 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:37:42.572429 0.000000 tcp 10.0.2.109 52956 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:37:48.574307 0.053327 tcp 10.0.2.109 52957 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:37:48.627891 0.031052 tcp 10.0.2.109 52958 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:37:48.659199 0.412247 tcp 10.0.2.109 52959 -> 195.113.214.211 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:37:49.087976 2.998644 tcp 10.0.2.109 52960 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:37:58.085783 0.000000 tcp 10.0.2.109 52960 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:38:04.083956 2.994109 tcp 10.0.2.109 52961 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:38:13.086341 0.000000 tcp 10.0.2.109 52961 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:41:16.573290 3.001199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 19:41:23.580261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:41:31.581847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:41:47.585290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:42:19.590965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:43:19.087325 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 19:43:19.087485 2.993709 tcp 10.0.2.109 52962 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:43:28.079367 0.000000 tcp 10.0.2.109 52962 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:43:34.090293 0.030934 tcp 10.0.2.109 52963 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:43:34.121522 0.031297 tcp 10.0.2.109 52964 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:43:34.153155 0.129353 tcp 10.0.2.109 52965 -> 195.113.214.211 443 SRPA* 0 0 33 26934 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:43:34.311671 3.001041 tcp 10.0.2.109 52966 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:43:43.311435 0.000000 tcp 10.0.2.109 52966 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:43:49.310758 0.031470 tcp 10.0.2.109 52967 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:43:49.342569 0.032058 tcp 10.0.2.109 52968 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:43:49.375020 0.120588 tcp 10.0.2.109 52969 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:43:49.540003 3.004408 tcp 10.0.2.109 52970 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:43:58.543485 0.000000 tcp 10.0.2.109 52970 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:44:04.531827 3.004087 tcp 10.0.2.109 52971 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:44:13.534648 0.000000 tcp 10.0.2.109 52971 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:48:23.596306 3.002331 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 19:48:30.604383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:48:38.606048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:48:54.608804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:49:26.615182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:55:16.147898 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 19:55:16.148111 0.173234 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:16.316322 0.175272 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:16.488157 0.068832 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:16.639918 0.159634 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:16.960533 0.071134 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:17.015598 0.044382 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:17.188491 0.091587 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:17.280681 0.052423 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:17.576828 0.048386 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:18.044968 0.154856 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:18.201197 0.426375 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:18.632644 0.349365 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:18.978363 0.340539 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:19.335195 0.116730 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2670 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:19.828925 3.008443 tcp 10.0.2.109 52972 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:55:19.829242 0.122349 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:20.184485 0.079874 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:20.457150 0.384681 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:20.823800 0.188675 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:21.006456 0.169610 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:21.152786 0.309744 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:21.460924 0.107331 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:21.747615 0.204005 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:21.929758 0.411205 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:22.322635 0.238687 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:22.521520 0.167367 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:22.666454 0.251375 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:22.881655 0.350343 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:23.363560 0.338390 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:23.681256 0.218014 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/05 19:55:28.842840 0.000000 tcp 10.0.2.109 52972 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:55:34.826058 0.031342 tcp 10.0.2.109 52973 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:55:34.857671 0.032052 tcp 10.0.2.109 52974 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:55:34.890007 0.120570 tcp 10.0.2.109 52975 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:55:35.047055 2.992005 tcp 10.0.2.109 52976 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:55:44.047716 0.000000 tcp 10.0.2.109 52976 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:55:50.051945 0.031753 tcp 10.0.2.109 52977 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:55:50.084029 0.030795 tcp 10.0.2.109 52978 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:55:50.115099 0.144939 tcp 10.0.2.109 52979 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 19:55:50.395549 3.185212 tcp 10.0.2.109 52980 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:55:50.840407 2.976884 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 19:55:57.779077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:55:59.520274 0.000000 tcp 10.0.2.109 52980 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:56:05.476025 2.979429 tcp 10.0.2.109 52981 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:56:05.713750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:56:14.401350 0.000000 tcp 10.0.2.109 52981 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 19:56:21.641810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 19:56:53.647778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:01:20.401598 0.203255 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 20:01:20.604990 2.964408 tcp 10.0.2.109 52982 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:01:29.520071 0.000000 tcp 10.0.2.109 52982 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:01:35.476316 0.031233 tcp 10.0.2.109 52983 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:01:35.507848 0.032029 tcp 10.0.2.109 52984 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:01:35.540205 0.123123 tcp 10.0.2.109 52985 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:01:36.015622 2.979021 tcp 10.0.2.109 52986 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:01:44.976524 0.000000 tcp 10.0.2.109 52986 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:01:50.955814 0.030313 tcp 10.0.2.109 52987 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:01:50.986455 0.031188 tcp 10.0.2.109 52988 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:01:51.017893 0.121434 tcp 10.0.2.109 52989 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:01:51.205525 2.994333 tcp 10.0.2.109 52990 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:02:00.198496 0.000000 tcp 10.0.2.109 52990 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:02:06.207122 2.994207 tcp 10.0.2.109 52991 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:02:15.200139 0.000000 tcp 10.0.2.109 52991 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:02:57.653664 3.001776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 20:03:04.661301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:03:12.662616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:03:28.665596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:04:00.671699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:07:21.210778 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 20:07:21.210883 3.003066 tcp 10.0.2.109 52992 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:07:30.212844 0.000000 tcp 10.0.2.109 52992 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:07:36.213043 0.356589 tcp 10.0.2.109 52993 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:07:36.569930 0.032139 tcp 10.0.2.109 52994 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:07:36.602406 0.140085 tcp 10.0.2.109 52995 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:07:36.826749 2.973217 tcp 10.0.2.109 52996 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:07:45.741373 0.000000 tcp 10.0.2.109 52996 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:07:51.681946 0.030073 tcp 10.0.2.109 52997 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:07:51.712354 0.031817 tcp 10.0.2.109 52998 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:07:51.744530 0.124522 tcp 10.0.2.109 52999 -> 195.113.214.211 443 SRPA* 0 0 35 19198 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:07:53.048150 2.964571 tcp 10.0.2.109 53000 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:08:01.953007 0.000000 tcp 10.0.2.109 53000 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:08:07.903151 2.998308 tcp 10.0.2.109 53001 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:08:17.268603 0.000000 tcp 10.0.2.109 53001 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:10:04.678000 3.071199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 20:10:11.726824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:10:19.696389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:10:35.699868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:11:07.705036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:13:22.900554 0.214342 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 20:13:23.115011 2.964932 tcp 10.0.2.109 53002 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:13:32.025463 0.000000 tcp 10.0.2.109 53002 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:13:37.976436 0.031845 tcp 10.0.2.109 53003 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:13:38.008639 0.053790 tcp 10.0.2.109 53004 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:13:38.062760 0.122387 tcp 10.0.2.109 53005 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:13:38.381096 2.974169 tcp 10.0.2.109 53006 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:13:47.325106 0.000000 tcp 10.0.2.109 53006 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:13:53.314366 0.029920 tcp 10.0.2.109 53007 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:13:53.344566 0.031100 tcp 10.0.2.109 53008 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:13:53.375949 0.120877 tcp 10.0.2.109 53009 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:13:53.868805 3.000102 tcp 10.0.2.109 53010 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:14:02.877567 0.000000 tcp 10.0.2.109 53010 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:14:08.865679 2.994986 tcp 10.0.2.109 53011 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:14:17.858986 0.000000 tcp 10.0.2.109 53011 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:17:11.722457 3.010367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 20:17:18.739236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:17:26.740744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:17:42.764456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:18:14.749586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:24:18.754738 3.002319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 20:24:25.763203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:24:33.764723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:24:49.768657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:25:21.773220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:25:33.272863 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 20:25:33.273089 0.066157 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:33.324046 0.159380 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:33.644643 0.182254 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:33.828254 0.176017 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:33.999074 0.078034 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:34.064509 0.046217 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:34.130657 0.089116 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:34.244873 0.052512 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:34.294483 0.048013 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:34.365846 0.147942 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:34.506442 0.373048 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:34.887916 0.353964 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:35.237815 0.345040 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:35.590645 0.107745 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:35.677634 0.118409 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:35.757872 0.076192 rtp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:35.818330 0.387223 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:36.185541 0.310749 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:36.502686 0.197747 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:36.693074 0.169469 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:36.839230 0.118127 rtp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:36.922476 0.210589 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:37.109924 0.689193 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:37.784201 0.241295 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:37.985376 0.169672 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:38.133218 0.242472 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:38.341669 0.320374 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:38.660920 0.350752 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:38.908790 3.007914 tcp 10.0.2.109 53012 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:25:38.989994 0.223342 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:25:47.911333 0.000000 tcp 10.0.2.109 53012 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:25:53.913149 0.060911 tcp 10.0.2.109 53013 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:25:53.974418 0.036563 tcp 10.0.2.109 53014 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:25:54.011257 0.146094 tcp 10.0.2.109 53015 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:25:55.042395 3.006158 tcp 10.0.2.109 53016 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:26:04.048557 0.000000 tcp 10.0.2.109 53016 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:26:10.045393 0.030778 tcp 10.0.2.109 53017 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:26:10.076409 0.031082 tcp 10.0.2.109 53018 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:26:10.107739 0.123770 tcp 10.0.2.109 53019 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:26:10.323741 3.002139 tcp 10.0.2.109 53020 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:26:19.326477 0.000000 tcp 10.0.2.109 53020 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:26:25.316761 2.992436 tcp 10.0.2.109 53021 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:26:34.307879 0.000000 tcp 10.0.2.109 53021 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:31:25.780044 3.001365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 20:31:32.786934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:31:40.319317 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 20:31:40.319420 3.002969 tcp 10.0.2.109 53022 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:31:40.790753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:31:49.320886 0.000000 tcp 10.0.2.109 53022 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:31:55.321606 0.053878 tcp 10.0.2.109 53023 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:31:55.375852 0.031719 tcp 10.0.2.109 53024 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:31:55.407855 0.123486 tcp 10.0.2.109 53025 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:31:55.610095 3.004289 tcp 10.0.2.109 53026 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:31:56.791472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:32:04.612685 0.000000 tcp 10.0.2.109 53026 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:32:10.612192 0.031146 tcp 10.0.2.109 53027 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:32:10.643606 0.031220 tcp 10.0.2.109 53028 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:32:10.675186 0.133662 tcp 10.0.2.109 53029 -> 195.113.214.211 443 SRPA* 0 0 74 78692 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:32:10.927446 3.014340 tcp 10.0.2.109 53030 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:32:19.934831 0.000000 tcp 10.0.2.109 53030 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:32:25.923398 2.994300 tcp 10.0.2.109 53031 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:32:28.797386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:32:34.925823 0.000000 tcp 10.0.2.109 53031 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:37:40.926659 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 20:37:40.926893 2.994140 tcp 10.0.2.109 53032 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:37:49.919195 0.000000 tcp 10.0.2.109 53032 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:37:55.929946 0.031486 tcp 10.0.2.109 53033 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:37:55.961761 0.031044 tcp 10.0.2.109 53034 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:37:55.993170 0.122547 tcp 10.0.2.109 53035 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:37:56.256462 2.996223 tcp 10.0.2.109 53036 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:38:05.251357 0.000000 tcp 10.0.2.109 53036 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:38:11.250710 0.029954 tcp 10.0.2.109 53037 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:38:11.280949 0.057327 tcp 10.0.2.109 53038 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:38:11.338548 0.124183 tcp 10.0.2.109 53039 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:38:11.496814 2.997846 tcp 10.0.2.109 53040 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:38:20.493234 0.000000 tcp 10.0.2.109 53040 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:38:26.492043 3.004399 tcp 10.0.2.109 53041 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:38:32.804103 3.000858 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 20:38:35.494759 0.000000 tcp 10.0.2.109 53041 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:38:39.811227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:38:47.812820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:39:03.815585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:39:35.821615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:43:41.495153 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 20:43:41.495354 2.993760 tcp 10.0.2.109 53042 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:43:50.497652 0.000000 tcp 10.0.2.109 53042 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:43:56.498611 0.052612 tcp 10.0.2.109 53043 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:43:56.551518 0.053811 tcp 10.0.2.109 53044 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:43:56.605622 0.142643 tcp 10.0.2.109 53045 -> 195.113.214.211 443 SRPA* 0 0 42 37006 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:43:56.874368 2.996777 tcp 10.0.2.109 53046 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:44:05.869801 0.000000 tcp 10.0.2.109 53046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:44:11.869900 0.030619 tcp 10.0.2.109 53047 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:44:11.900843 0.054183 tcp 10.0.2.109 53048 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:44:11.955329 0.122071 tcp 10.0.2.109 53049 -> 195.113.214.211 443 SRPA* 0 0 35 19218 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:44:12.248221 3.005169 tcp 10.0.2.109 53050 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:44:21.256586 0.000000 tcp 10.0.2.109 53050 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:44:27.240638 3.004183 tcp 10.0.2.109 53051 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:44:36.243436 0.000000 tcp 10.0.2.109 53051 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:45:39.827511 3.001646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 20:45:46.837671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:45:54.836579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:46:10.839462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:46:42.845738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:54:29.860441 3.000982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 20:54:36.866791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:54:44.868821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:55:00.871674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:55:32.877065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 20:55:42.361443 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 20:55:42.361603 0.171533 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:55:42.593065 0.068488 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:55:42.645536 0.158972 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:55:43.077039 0.173997 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:55:43.255330 0.073904 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:55:43.407326 0.043926 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:55:43.449584 0.091789 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:55:43.522416 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 20:55:57.283056 3.004001 tcp 10.0.2.109 53052 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:56:00.068238 0.031135 tcp 10.0.2.109 53053 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:56:00.099705 0.054018 tcp 10.0.2.109 53054 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:56:00.154064 0.142349 tcp 10.0.2.109 53055 -> 195.113.214.211 443 SRPA* 0 0 42 36416 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:56:00.297090 0.047661 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:00.366835 0.155963 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:00.514919 0.572643 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:01.111242 0.379315 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:01.531217 0.339938 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:01.902455 0.112601 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:01.990471 0.120272 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:02.072348 0.074726 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:02.138319 0.191494 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:02.321759 0.385172 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:02.689191 0.309121 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:03.003239 0.170672 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:03.151685 0.115809 rtp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:03.232500 0.207970 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:03.414030 0.410305 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:03.806527 0.254226 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:04.023105 0.337310 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:04.412754 0.236362 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:04.610364 0.181200 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:04.770356 0.352424 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:05.103152 0.216991 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/05 20:56:06.285467 0.000000 tcp 10.0.2.109 53052 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:56:12.285016 0.052931 tcp 10.0.2.109 53056 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:56:12.338222 0.030932 tcp 10.0.2.109 53057 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:56:12.369391 0.146897 tcp 10.0.2.109 53058 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:56:12.603229 2.995743 tcp 10.0.2.109 53059 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:56:21.607416 0.000000 tcp 10.0.2.109 53059 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:56:27.596363 0.031251 tcp 10.0.2.109 53060 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:56:27.627946 0.031574 tcp 10.0.2.109 53061 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:56:27.659844 0.124116 tcp 10.0.2.109 53062 -> 195.113.214.211 443 SRPA* 0 0 41 23296 flow=From-Botnet-V1-TCP-Established 1970/02/05 20:56:27.823788 2.997192 tcp 10.0.2.109 53063 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:56:36.818852 0.000000 tcp 10.0.2.109 53063 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:56:42.818108 3.004396 tcp 10.0.2.109 53064 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 20:56:51.820808 0.000000 tcp 10.0.2.109 53064 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:01:57.821335 0.124622 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 21:01:57.946131 2.966996 tcp 10.0.2.109 53065 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:01:59.994000 2.975435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 21:02:06.863547 0.000000 tcp 10.0.2.109 53065 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:02:06.943147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:02:12.834507 0.030959 tcp 10.0.2.109 53066 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:02:12.865716 0.032036 tcp 10.0.2.109 53067 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:02:12.898050 0.122613 tcp 10.0.2.109 53068 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:02:13.210056 3.007204 tcp 10.0.2.109 53069 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:02:14.905273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:02:22.225971 0.000000 tcp 10.0.2.109 53069 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:02:28.205393 0.051323 tcp 10.0.2.109 53070 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:02:28.257047 0.031167 tcp 10.0.2.109 53071 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:02:28.288520 0.140973 tcp 10.0.2.109 53072 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:02:28.849397 2.990375 tcp 10.0.2.109 53073 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:02:30.908588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:02:37.838648 0.000000 tcp 10.0.2.109 53073 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:02:43.847383 3.004095 tcp 10.0.2.109 53074 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:02:52.849971 0.000000 tcp 10.0.2.109 53074 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:03:02.914732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:07:58.850936 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 21:07:58.851041 3.002822 tcp 10.0.2.109 53075 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:08:07.853210 0.000000 tcp 10.0.2.109 53075 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:08:13.853420 0.031292 tcp 10.0.2.109 53076 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:08:13.884947 0.052860 tcp 10.0.2.109 53077 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:08:13.938247 0.140318 tcp 10.0.2.109 53078 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:08:15.013139 3.004354 tcp 10.0.2.109 53079 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:08:24.026047 0.000000 tcp 10.0.2.109 53079 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:08:30.005720 0.221676 tcp 10.0.2.109 53080 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:08:30.227701 0.055457 tcp 10.0.2.109 53081 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:08:30.283482 0.145563 tcp 10.0.2.109 53082 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:08:30.556695 2.979052 tcp 10.0.2.109 53083 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:08:39.483198 0.000000 tcp 10.0.2.109 53083 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:08:45.430378 2.972587 tcp 10.0.2.109 53084 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:08:54.389896 0.000000 tcp 10.0.2.109 53084 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:09:11.927980 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 21:09:18.934955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:09:26.936568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:09:42.939658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:10:14.945378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:14:00.400342 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 21:14:00.400447 3.003751 tcp 10.0.2.109 53085 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:14:09.402902 0.000000 tcp 10.0.2.109 53085 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:14:15.403213 0.053767 tcp 10.0.2.109 53086 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:14:15.457260 0.052965 tcp 10.0.2.109 53087 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:14:15.510540 0.144166 tcp 10.0.2.109 53088 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:14:15.812867 3.003649 tcp 10.0.2.109 53089 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:14:24.814875 0.000000 tcp 10.0.2.109 53089 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:14:30.814090 0.051470 tcp 10.0.2.109 53090 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:14:30.865812 0.054251 tcp 10.0.2.109 53091 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:14:30.920357 0.122470 tcp 10.0.2.109 53092 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:14:31.105677 2.993154 tcp 10.0.2.109 53093 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:14:40.107000 0.000000 tcp 10.0.2.109 53093 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:14:46.105675 2.994129 tcp 10.0.2.109 53094 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:14:55.099040 0.000000 tcp 10.0.2.109 53094 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:16:18.951798 3.004634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 21:16:25.959231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:16:33.960688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:16:49.963692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:17:21.970951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:23:25.977643 2.999840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 21:23:32.983167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:23:40.984586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:23:56.987548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:24:28.994669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:26:12.322564 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 21:26:12.322722 0.048304 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:12.368169 0.175050 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:12.562365 0.060605 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:12.687999 0.072359 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:12.742610 0.048993 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:12.833168 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 21:26:16.150041 3.002048 tcp 10.0.2.109 53095 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:26:25.150269 0.000000 tcp 10.0.2.109 53095 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:26:29.909128 0.055336 tcp 10.0.2.109 53096 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:26:29.964820 0.052905 tcp 10.0.2.109 53097 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:26:30.018037 0.143400 tcp 10.0.2.109 53098 -> 195.113.214.211 443 SRPA* 0 0 40 33106 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:26:30.162406 0.155998 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:30.664346 0.101243 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:30.766361 0.049100 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:30.912149 0.154886 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:31.059374 0.829127 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:31.185056 0.052894 tcp 10.0.2.109 53099 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:26:31.238290 0.053490 tcp 10.0.2.109 53100 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:26:31.292123 0.147558 tcp 10.0.2.109 53101 -> 195.113.214.211 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:26:31.507325 2.981068 tcp 10.0.2.109 53102 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:26:31.948322 0.350844 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:32.294823 0.347333 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:32.651354 0.114362 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:32.738929 0.124753 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:33.096210 0.075046 rtp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:33.157644 0.194602 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:33.511387 0.395529 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:33.887604 0.114795 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:33.988162 0.200374 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:34.165995 0.309197 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:34.474182 0.170578 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:34.621683 0.403763 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:35.006867 0.257651 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:35.227060 0.174278 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:35.762944 0.338417 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:36.136297 0.241112 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:36.333981 0.390471 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2502 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:36.703730 0.217446 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:26:40.472641 0.000000 tcp 10.0.2.109 53102 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:30:33.000786 3.000899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 21:30:40.007121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:30:48.008527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:31:04.011460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:31:36.017571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:31:46.473536 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 21:31:46.473641 3.003599 tcp 10.0.2.109 53103 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:31:55.475733 0.000000 tcp 10.0.2.109 53103 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:32:01.476228 0.054050 tcp 10.0.2.109 53104 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:32:01.530521 0.053075 tcp 10.0.2.109 53105 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:32:01.583953 0.152184 tcp 10.0.2.109 53106 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:32:01.908865 3.000469 tcp 10.0.2.109 53107 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:32:10.907917 0.000000 tcp 10.0.2.109 53107 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:32:16.906401 0.052716 tcp 10.0.2.109 53108 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:32:16.959415 0.052259 tcp 10.0.2.109 53109 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:32:17.011979 0.142410 tcp 10.0.2.109 53110 -> 195.113.214.211 443 SRPA* 0 0 50 29546 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:32:17.173258 2.997806 tcp 10.0.2.109 53111 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:32:26.169781 0.000000 tcp 10.0.2.109 53111 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:32:32.168646 3.003770 tcp 10.0.2.109 53112 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:32:41.172045 0.000000 tcp 10.0.2.109 53112 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:37:40.023530 3.002185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 21:37:47.031088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:37:47.171687 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 21:37:47.171833 3.003640 tcp 10.0.2.109 53113 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:37:55.036906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:37:56.177142 0.000000 tcp 10.0.2.109 53113 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:38:02.174912 0.055385 tcp 10.0.2.109 53114 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:38:02.230569 0.055490 tcp 10.0.2.109 53115 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:38:02.286502 0.147705 tcp 10.0.2.109 53116 -> 195.113.214.211 443 SRPA* 0 0 39 21770 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:38:02.452321 2.995045 tcp 10.0.2.109 53117 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:38:11.035596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:38:11.456177 0.000000 tcp 10.0.2.109 53117 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:38:17.445269 0.040369 tcp 10.0.2.109 53118 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:38:17.485966 0.055253 tcp 10.0.2.109 53119 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:38:17.541537 0.143000 tcp 10.0.2.109 53120 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:38:17.693047 2.996342 tcp 10.0.2.109 53121 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:38:26.688323 0.000000 tcp 10.0.2.109 53121 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:38:32.686687 2.994287 tcp 10.0.2.109 53122 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:38:41.679635 0.000000 tcp 10.0.2.109 53122 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:38:43.042139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:43:47.690280 0.038042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 21:43:47.728475 2.983732 tcp 10.0.2.109 53123 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:43:56.691996 0.000000 tcp 10.0.2.109 53123 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:44:02.703101 0.053548 tcp 10.0.2.109 53124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:44:02.756940 0.053223 tcp 10.0.2.109 53125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:44:02.810483 0.145315 tcp 10.0.2.109 53126 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:44:03.086824 2.999333 tcp 10.0.2.109 53127 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:44:12.084055 0.000000 tcp 10.0.2.109 53127 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:44:18.083882 0.053303 tcp 10.0.2.109 53128 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:44:18.137407 0.053048 tcp 10.0.2.109 53129 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:44:18.190712 0.141926 tcp 10.0.2.109 53130 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:44:19.371531 2.987813 tcp 10.0.2.109 53131 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:44:28.368534 0.000000 tcp 10.0.2.109 53131 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:44:34.366727 2.994255 tcp 10.0.2.109 53132 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:44:43.359733 0.000000 tcp 10.0.2.109 53132 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:44:47.047853 3.005762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 21:44:54.055413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:45:02.056659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:45:18.059657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:45:50.065703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:49:49.376593 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 21:49:49.376759 2.998090 tcp 10.0.2.109 53133 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:49:58.376886 0.000000 tcp 10.0.2.109 53133 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:50:04.372863 0.053628 tcp 10.0.2.109 53134 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:50:04.426803 0.053634 tcp 10.0.2.109 53135 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:50:04.480735 0.145570 tcp 10.0.2.109 53136 -> 195.113.214.211 443 SRPA* 0 0 33 18096 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:50:04.704138 3.001741 tcp 10.0.2.109 53137 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:50:13.704617 0.000000 tcp 10.0.2.109 53137 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:50:19.703666 0.053261 tcp 10.0.2.109 53138 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:50:19.757186 0.053217 tcp 10.0.2.109 53139 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:50:19.810720 0.145516 tcp 10.0.2.109 53140 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:50:20.239673 2.998949 tcp 10.0.2.109 53141 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:50:29.246702 0.000000 tcp 10.0.2.109 53141 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:50:35.235866 2.994058 tcp 10.0.2.109 53142 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:50:44.228643 0.000000 tcp 10.0.2.109 53142 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:54:04.081448 2.998705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 21:54:11.085913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:54:19.087757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:54:35.089862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:55:07.096711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 21:56:49.664375 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 21:56:49.664465 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 21:57:08.603052 0.053469 tcp 10.0.2.109 53143 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:08.656764 0.054839 tcp 10.0.2.109 53144 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:08.711898 0.145722 tcp 10.0.2.109 53145 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:08.857726 0.072462 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:08.913896 0.043598 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:08.969961 0.167715 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:09.182847 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 21:57:20.248244 3.004168 tcp 10.0.2.109 53146 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:57:25.776518 0.052009 tcp 10.0.2.109 53147 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:25.828836 0.053675 tcp 10.0.2.109 53148 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:25.882876 0.151888 tcp 10.0.2.109 53149 -> 195.113.214.211 443 SRPA* 0 0 42 22666 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:26.035443 0.066427 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:26.084112 0.154996 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:26.257285 0.087589 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:26.326747 0.047436 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:26.383669 0.150702 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:26.523916 0.347227 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:26.902445 0.109242 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:26.990033 0.367061 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:27.378812 0.350209 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:27.724931 0.122929 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:27.806411 0.076304 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:27.866993 0.200645 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:28.060169 0.203985 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:28.239972 0.310135 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:28.586927 0.171397 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:28.736012 0.399128 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:29.113238 0.110904 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:29.189370 0.410225 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:29.258422 0.000000 tcp 10.0.2.109 53146 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:57:29.581682 0.250344 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:29.795779 0.178235 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 5 2142 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:35.249828 0.053423 tcp 10.0.2.109 53150 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:35.303612 0.052471 tcp 10.0.2.109 53151 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:35.356317 0.148700 tcp 10.0.2.109 53152 -> 195.113.214.211 443 SRPA* 0 0 38 31800 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:35.533395 3.000888 tcp 10.0.2.109 53153 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:57:44.532874 0.000000 tcp 10.0.2.109 53153 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 21:57:48.008496 0.052744 tcp 10.0.2.109 53154 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:48.061494 0.053926 tcp 10.0.2.109 53155 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:48.115716 0.151277 tcp 10.0.2.109 53156 -> 195.113.214.211 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/05 21:57:48.267508 0.340321 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:48.590839 0.350387 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:48.940498 0.237925 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/05 21:57:49.141662 0.240132 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:01:11.103683 3.054327 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 22:01:18.185253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:01:26.131699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:01:42.137368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:02:14.140750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:02:50.537114 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 22:02:50.537360 2.999858 tcp 10.0.2.109 53157 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:02:59.535602 0.000000 tcp 10.0.2.109 53157 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:03:05.536036 0.054462 tcp 10.0.2.109 53158 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:03:05.590842 0.104579 tcp 10.0.2.109 53159 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:03:05.695697 0.141980 tcp 10.0.2.109 53160 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:03:06.005872 2.993293 tcp 10.0.2.109 53161 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:03:15.003472 0.000000 tcp 10.0.2.109 53161 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:03:21.007219 0.052578 tcp 10.0.2.109 53162 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:03:21.060072 0.052701 tcp 10.0.2.109 53163 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:03:21.113037 0.144978 tcp 10.0.2.109 53164 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:03:21.295919 2.995198 tcp 10.0.2.109 53165 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:03:30.289986 0.000000 tcp 10.0.2.109 53165 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:03:36.289901 3.002944 tcp 10.0.2.109 53166 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:03:45.292511 0.000000 tcp 10.0.2.109 53166 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:08:26.147573 3.002008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 22:08:33.155455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:08:41.156908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:08:51.293539 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 22:08:51.293641 3.002165 tcp 10.0.2.109 53167 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:08:57.159996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:09:00.296550 0.000000 tcp 10.0.2.109 53167 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:09:06.294808 0.053101 tcp 10.0.2.109 53168 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:09:06.348197 0.091790 tcp 10.0.2.109 53169 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:09:06.440301 0.143721 tcp 10.0.2.109 53170 -> 195.113.214.211 443 SRPA* 0 0 35 17960 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:09:06.786270 2.991655 tcp 10.0.2.109 53171 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:09:15.786871 0.000000 tcp 10.0.2.109 53171 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:09:21.786543 0.053055 tcp 10.0.2.109 53172 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:09:21.839912 0.053060 tcp 10.0.2.109 53173 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:09:21.893337 0.157219 tcp 10.0.2.109 53174 -> 195.113.214.211 443 SRPA* 0 0 40 21978 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:09:22.224313 2.996409 tcp 10.0.2.109 53175 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:09:29.175933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:09:31.218855 0.000000 tcp 10.0.2.109 53175 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:09:37.218421 3.003344 tcp 10.0.2.109 53176 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:09:46.220602 0.000000 tcp 10.0.2.109 53176 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:14:52.221388 0.018164 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 22:14:52.239703 2.984403 tcp 10.0.2.109 53177 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:15:01.223154 0.000000 tcp 10.0.2.109 53177 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:15:07.233560 0.052829 tcp 10.0.2.109 53178 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:15:07.286697 0.052762 tcp 10.0.2.109 53179 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:15:07.339748 0.146453 tcp 10.0.2.109 53180 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:15:07.610948 3.005844 tcp 10.0.2.109 53181 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:15:16.615355 0.000000 tcp 10.0.2.109 53181 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:15:22.604228 0.051878 tcp 10.0.2.109 53182 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:15:22.656368 0.054059 tcp 10.0.2.109 53183 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:15:22.710697 0.144739 tcp 10.0.2.109 53184 -> 195.113.214.211 443 SRPA* 0 0 40 31908 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:15:23.078582 3.000601 tcp 10.0.2.109 53185 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:15:32.077391 0.000000 tcp 10.0.2.109 53185 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:15:33.182214 3.001457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 22:15:38.076864 2.993787 tcp 10.0.2.109 53186 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:15:40.189315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:15:47.069134 0.000000 tcp 10.0.2.109 53186 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:15:48.191032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:16:04.193728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:16:36.200433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:20:53.080576 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 22:20:53.080721 3.002902 tcp 10.0.2.109 53187 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:21:02.082260 0.000000 tcp 10.0.2.109 53187 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:21:08.082543 0.053238 tcp 10.0.2.109 53188 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:21:08.136062 0.051836 tcp 10.0.2.109 53189 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:21:08.188266 0.154829 tcp 10.0.2.109 53190 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:21:08.457618 3.008041 tcp 10.0.2.109 53191 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:21:17.464373 0.000000 tcp 10.0.2.109 53191 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:21:23.453492 0.054591 tcp 10.0.2.109 53192 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:21:23.508351 0.052632 tcp 10.0.2.109 53193 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:21:23.561276 0.144047 tcp 10.0.2.109 53194 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:21:23.760836 2.996630 tcp 10.0.2.109 53195 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:21:32.765904 0.000000 tcp 10.0.2.109 53195 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:21:38.754947 2.994358 tcp 10.0.2.109 53196 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:21:47.749125 0.000000 tcp 10.0.2.109 53196 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:22:40.206807 3.000507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 22:22:47.213793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:22:55.215104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:23:11.218251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:23:43.224126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:28:05.171035 0.000165 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 22:28:05.171307 0.054075 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:05.222187 0.181705 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:05.380436 0.051229 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:05.461497 0.072825 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:05.517165 0.167937 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:05.748077 0.153023 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:06.129451 0.094832 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:06.256373 0.047492 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:06.523867 0.145902 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:06.661664 0.071173 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:06.798545 0.345129 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:07.159505 0.350616 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:07.524439 0.121297 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:07.609171 0.072805 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:07.673985 0.193007 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:07.859384 0.211286 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:08.045076 0.377307 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:08.457413 0.119424 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:08.549295 0.385944 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:08.766545 2.993292 tcp 10.0.2.109 53197 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:28:08.916842 0.113142 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:08.995936 0.434121 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:09.411552 0.307743 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:09.730777 0.170603 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:09.876357 0.250407 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:10.090242 0.239530 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:10.289866 0.215825 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:10.485173 0.384259 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:10.849385 0.313073 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:28:17.758616 0.000000 tcp 10.0.2.109 53197 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:28:23.769373 0.082821 tcp 10.0.2.109 53198 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:28:23.852514 0.053123 tcp 10.0.2.109 53199 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:28:23.905929 0.142906 tcp 10.0.2.109 53200 -> 195.113.214.211 443 SRPA* 0 0 32 12940 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:28:24.082105 2.999835 tcp 10.0.2.109 53201 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:28:33.081078 0.000000 tcp 10.0.2.109 53201 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:28:39.080175 0.054322 tcp 10.0.2.109 53202 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:28:39.134796 0.054367 tcp 10.0.2.109 53203 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:28:39.189503 0.146233 tcp 10.0.2.109 53204 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:28:39.359919 3.004099 tcp 10.0.2.109 53205 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:28:48.362476 0.000000 tcp 10.0.2.109 53205 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:28:54.361669 3.003721 tcp 10.0.2.109 53206 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:29:03.363640 0.000000 tcp 10.0.2.109 53206 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:29:47.230735 3.000775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 22:29:54.237189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:30:02.238791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:30:18.241647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:30:50.247908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:34:09.365164 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 22:34:09.365269 2.993220 tcp 10.0.2.109 53207 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:34:18.367481 0.000000 tcp 10.0.2.109 53207 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:34:24.367491 0.053986 tcp 10.0.2.109 53208 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:34:24.421789 0.053754 tcp 10.0.2.109 53209 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:34:24.475875 0.141766 tcp 10.0.2.109 53210 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:34:24.908789 3.001885 tcp 10.0.2.109 53211 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:34:33.914549 0.000000 tcp 10.0.2.109 53211 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:34:39.908768 0.138632 tcp 10.0.2.109 53212 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:34:40.047675 0.053149 tcp 10.0.2.109 53213 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:34:40.101105 0.147379 tcp 10.0.2.109 53214 -> 195.113.214.211 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:34:40.308769 2.976300 tcp 10.0.2.109 53215 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:34:49.233471 0.000000 tcp 10.0.2.109 53215 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:34:55.230617 3.003773 tcp 10.0.2.109 53216 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:35:04.232847 0.000000 tcp 10.0.2.109 53216 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:36:54.254168 3.001881 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 22:37:01.261434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:37:09.262753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:37:25.266007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:37:57.271669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:40:10.233392 0.029790 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 22:40:10.263324 2.980959 tcp 10.0.2.109 53217 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:40:19.237652 0.000000 tcp 10.0.2.109 53217 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:40:25.246353 0.084734 tcp 10.0.2.109 53218 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:40:25.331373 0.058552 tcp 10.0.2.109 53219 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:40:25.390269 0.143671 tcp 10.0.2.109 53220 -> 195.113.214.211 443 SRPA* 0 0 34 26616 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:40:25.679649 2.981462 tcp 10.0.2.109 53221 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:40:34.648537 0.000000 tcp 10.0.2.109 53221 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:40:40.657068 0.052098 tcp 10.0.2.109 53222 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:40:40.709399 0.054770 tcp 10.0.2.109 53223 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:40:40.764461 0.146634 tcp 10.0.2.109 53224 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:40:41.139216 3.005454 tcp 10.0.2.109 53225 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:40:50.140116 0.000000 tcp 10.0.2.109 53225 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:40:56.139198 3.003979 tcp 10.0.2.109 53226 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:41:05.141663 0.000000 tcp 10.0.2.109 53226 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:44:01.277876 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 22:44:08.285145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:44:16.287671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:44:32.289815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:45:04.295861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:46:11.142562 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 22:46:11.142694 3.003359 tcp 10.0.2.109 53227 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:46:20.144654 0.000000 tcp 10.0.2.109 53227 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:46:26.150916 0.053400 tcp 10.0.2.109 53228 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:46:26.204672 0.051858 tcp 10.0.2.109 53229 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:46:26.256800 0.145128 tcp 10.0.2.109 53230 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:46:26.497276 2.991297 tcp 10.0.2.109 53231 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:46:35.496735 0.000000 tcp 10.0.2.109 53231 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:46:41.486460 0.052754 tcp 10.0.2.109 53232 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:46:41.539537 0.054120 tcp 10.0.2.109 53233 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:46:41.593934 0.145168 tcp 10.0.2.109 53234 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:46:41.806818 2.993719 tcp 10.0.2.109 53235 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:46:50.798701 0.000000 tcp 10.0.2.109 53235 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:46:56.807958 3.003685 tcp 10.0.2.109 53236 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:47:05.810333 0.000000 tcp 10.0.2.109 53236 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:53:29.304773 3.001142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 22:53:36.313474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:53:44.316920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:54:00.316615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:54:32.322832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 22:58:31.717612 0.035514 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 22:58:31.753214 0.049329 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:31.801464 0.077026 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:31.986901 0.171824 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:32.153781 0.052885 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:32.260471 0.175684 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:32.413985 0.153826 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:32.606565 0.092275 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:32.848699 0.048191 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:33.178915 0.147488 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:33.318573 0.067297 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:33.440841 0.119850 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:33.522233 0.078738 rtp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:33.610274 0.350990 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:33.960557 0.352730 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:34.309649 0.192163 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:34.956351 0.206924 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:35.138071 0.436997 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:35.659527 0.114677 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:35.889985 0.408528 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:36.278640 0.310032 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:36.587409 0.394830 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:36.964562 0.115742 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:37.046810 0.170198 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:37.192084 0.246497 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:37.402980 0.237242 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:37.601951 0.236578 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:37.817860 0.372952 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:38.170834 0.343693 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/05 22:58:41.854089 3.001279 tcp 10.0.2.109 53237 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:58:50.854060 0.000000 tcp 10.0.2.109 53237 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:58:56.854466 0.053190 tcp 10.0.2.109 53238 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:58:56.907927 0.054058 tcp 10.0.2.109 53239 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:58:56.962328 0.147238 tcp 10.0.2.109 53240 -> 195.113.214.211 443 SRPA* 0 0 47 41046 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:58:57.177825 3.013026 tcp 10.0.2.109 53241 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:59:06.196364 0.000000 tcp 10.0.2.109 53241 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:59:12.175596 0.053358 tcp 10.0.2.109 53242 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:59:12.229302 0.053931 tcp 10.0.2.109 53243 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:59:12.283622 0.148628 tcp 10.0.2.109 53244 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 22:59:12.467641 2.991882 tcp 10.0.2.109 53245 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:59:21.458114 0.000000 tcp 10.0.2.109 53245 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:59:27.467044 2.994169 tcp 10.0.2.109 53246 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 22:59:36.459853 0.000000 tcp 10.0.2.109 53246 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:00:36.328179 3.032659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 23:00:43.346216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:00:51.347445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:01:07.350454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:01:39.356608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:04:42.470263 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 23:04:42.470496 3.006091 tcp 10.0.2.109 53247 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:04:51.472669 0.000000 tcp 10.0.2.109 53247 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:04:57.472762 0.228440 tcp 10.0.2.109 53248 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:04:57.701480 0.052392 tcp 10.0.2.109 53249 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:04:57.754143 0.153285 tcp 10.0.2.109 53250 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:04:57.956870 2.977005 tcp 10.0.2.109 53251 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:05:06.883487 0.000000 tcp 10.0.2.109 53251 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:05:12.824750 1.464125 tcp 10.0.2.109 53252 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:05:14.289162 0.052797 tcp 10.0.2.109 53253 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:05:14.342261 0.149074 tcp 10.0.2.109 53254 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:05:14.747029 2.964206 tcp 10.0.2.109 53255 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:05:23.645482 0.000000 tcp 10.0.2.109 53255 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:05:29.565690 2.959398 tcp 10.0.2.109 53256 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:05:38.450425 0.000000 tcp 10.0.2.109 53256 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:07:43.363240 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 23:07:50.370204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:07:58.371493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:08:14.375408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:08:46.380651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:10:43.319285 0.000233 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 23:10:43.319634 3.003160 tcp 10.0.2.109 53257 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:10:52.321446 0.000000 tcp 10.0.2.109 53257 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:10:58.321810 0.053473 tcp 10.0.2.109 53258 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:10:58.375605 0.052559 tcp 10.0.2.109 53259 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:10:58.428466 0.148198 tcp 10.0.2.109 53260 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:10:58.629651 3.005029 tcp 10.0.2.109 53261 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:11:07.633459 0.000000 tcp 10.0.2.109 53261 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:11:13.622608 0.053277 tcp 10.0.2.109 53262 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:11:13.676151 0.051993 tcp 10.0.2.109 53263 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:11:13.728391 0.149560 tcp 10.0.2.109 53264 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:11:13.927437 3.009482 tcp 10.0.2.109 53265 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:11:22.935276 0.000000 tcp 10.0.2.109 53265 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:11:28.924190 2.993914 tcp 10.0.2.109 53266 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:11:37.927193 0.000000 tcp 10.0.2.109 53266 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:14:50.386607 3.001496 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 23:14:57.393993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:15:05.395758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:15:21.398492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:15:53.408640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:16:43.927542 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 23:16:43.927629 3.006920 tcp 10.0.2.109 53267 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:16:52.929763 0.000000 tcp 10.0.2.109 53267 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:16:58.930164 0.063611 tcp 10.0.2.109 53268 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:16:58.994075 0.053678 tcp 10.0.2.109 53269 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:16:59.048074 0.146400 tcp 10.0.2.109 53270 -> 195.113.214.211 443 SRPA* 0 0 32 22198 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:16:59.216383 2.997033 tcp 10.0.2.109 53271 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:17:08.212095 0.000000 tcp 10.0.2.109 53271 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:17:14.211525 0.052190 tcp 10.0.2.109 53272 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:17:14.264009 0.054394 tcp 10.0.2.109 53273 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:17:14.318393 0.218459 tcp 10.0.2.109 53274 -> 195.113.214.211 443 SRPA* 0 0 48 27908 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:17:14.560515 3.004772 tcp 10.0.2.109 53275 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:17:23.563745 0.000000 tcp 10.0.2.109 53275 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:17:29.552852 3.005460 tcp 10.0.2.109 53276 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:17:38.555277 0.000000 tcp 10.0.2.109 53276 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:21:57.410840 3.001160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 23:22:04.417704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:22:12.421683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:22:28.422618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:23:00.428024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:29:04.201644 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 23:29:04.201753 0.166672 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:04.434445 3.002351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 23:29:04.462730 0.051692 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:04.511552 0.043815 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:05.114449 0.065317 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1967 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:05.686536 0.171330 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:05.833885 0.161584 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:06.074328 0.086555 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:06.141950 0.049602 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:06.192925 0.146268 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:06.331226 0.066434 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:06.382492 0.364969 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:06.841832 0.350237 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:07.188479 0.118803 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:07.267761 0.067426 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:07.356707 0.193375 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:07.542518 0.207662 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:07.724124 0.408181 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:08.112312 0.394960 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:08.591698 0.104263 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:08.674508 0.310666 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:08.984298 0.388800 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:09.355214 0.109408 udp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:09.429089 0.168843 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:09.575274 0.245191 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:09.882687 0.342141 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:10.205337 0.241827 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:10.405409 0.217433 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:10.602942 0.335449 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:29:11.441713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:29:14.596557 2.994339 tcp 10.0.2.109 53277 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:29:19.443238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:29:23.589049 0.000000 tcp 10.0.2.109 53277 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:29:29.599887 0.060071 tcp 10.0.2.109 53278 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:29:29.660236 0.055278 tcp 10.0.2.109 53279 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:29:29.715809 0.146722 tcp 10.0.2.109 53280 -> 195.113.214.211 443 SRPA* 0 0 42 37026 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:29:29.919497 3.003287 tcp 10.0.2.109 53281 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:29:35.447408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:29:38.921532 0.000000 tcp 10.0.2.109 53281 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:29:44.920647 0.053740 tcp 10.0.2.109 53282 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:29:44.974656 0.054111 tcp 10.0.2.109 53283 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:29:45.029041 0.150070 tcp 10.0.2.109 53284 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:29:45.283673 3.001463 tcp 10.0.2.109 53285 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:29:54.283397 0.000000 tcp 10.0.2.109 53285 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:30:00.282379 3.004054 tcp 10.0.2.109 53286 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:30:07.456945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:30:09.285958 0.000000 tcp 10.0.2.109 53286 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:35:15.285622 0.050438 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 23:35:15.336190 2.962735 tcp 10.0.2.109 53287 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:35:24.287653 0.000000 tcp 10.0.2.109 53287 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:35:30.298689 0.118452 tcp 10.0.2.109 53288 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:35:30.417422 0.054650 tcp 10.0.2.109 53289 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:35:30.472318 0.147161 tcp 10.0.2.109 53290 -> 195.113.214.211 443 SRPA* 0 0 34 23746 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:35:30.803460 2.997673 tcp 10.0.2.109 53291 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:35:39.800562 0.000000 tcp 10.0.2.109 53291 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:35:45.799445 0.053397 tcp 10.0.2.109 53292 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:35:45.853180 0.053706 tcp 10.0.2.109 53293 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:35:45.907202 0.150500 tcp 10.0.2.109 53294 -> 195.113.214.211 443 SRPA* 0 0 39 21732 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:35:46.297616 3.006111 tcp 10.0.2.109 53295 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:35:55.302648 0.000000 tcp 10.0.2.109 53295 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:36:01.291050 3.004513 tcp 10.0.2.109 53296 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:36:10.293894 0.000000 tcp 10.0.2.109 53296 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:36:11.458289 3.001758 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 23:36:18.465776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:36:26.467342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:36:42.914835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:37:14.640330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:41:16.294616 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 23:41:16.294732 2.993331 tcp 10.0.2.109 53297 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:41:25.296681 0.000000 tcp 10.0.2.109 53297 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:41:31.297427 0.054382 tcp 10.0.2.109 53298 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:41:31.352043 0.056949 tcp 10.0.2.109 53299 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:41:31.409352 0.152494 tcp 10.0.2.109 53300 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:41:31.579513 3.000563 tcp 10.0.2.109 53301 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:41:40.578887 0.000000 tcp 10.0.2.109 53301 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:41:46.578264 0.052922 tcp 10.0.2.109 53302 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:41:46.631460 0.052826 tcp 10.0.2.109 53303 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:41:46.684584 0.357547 tcp 10.0.2.109 53304 -> 195.113.214.211 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:41:47.053248 2.975192 tcp 10.0.2.109 53305 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:41:55.973687 0.000000 tcp 10.0.2.109 53305 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:42:01.913499 2.975675 tcp 10.0.2.109 53306 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:42:10.852353 0.000000 tcp 10.0.2.109 53306 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:43:18.481967 3.002042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 23:43:25.489507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:43:33.491335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:43:49.494548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:44:21.500354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:47:16.852972 0.213763 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 23:47:17.066929 2.961021 tcp 10.0.2.109 53307 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:47:25.971100 0.000000 tcp 10.0.2.109 53307 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:47:31.927401 0.054499 tcp 10.0.2.109 53308 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:47:31.982257 0.057005 tcp 10.0.2.109 53309 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:47:32.039650 0.147185 tcp 10.0.2.109 53310 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:47:32.552292 2.965834 tcp 10.0.2.109 53311 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:47:41.487670 0.000000 tcp 10.0.2.109 53311 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:47:47.497333 0.053126 tcp 10.0.2.109 53312 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:47:47.550723 0.053465 tcp 10.0.2.109 53313 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:47:47.604499 0.149258 tcp 10.0.2.109 53314 -> 195.113.214.211 443 SRPA* 0 0 36 19474 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:47:48.049226 3.002012 tcp 10.0.2.109 53315 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:47:57.050163 0.000000 tcp 10.0.2.109 53315 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:48:03.049087 3.004169 tcp 10.0.2.109 53316 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:48:12.052681 0.000000 tcp 10.0.2.109 53316 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:50:25.506456 3.001504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/05 23:50:32.513561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:50:40.515052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:50:56.517983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:51:28.524552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:57:32.530619 3.001278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/05 23:57:39.537585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:57:47.539240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:58:03.545478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:58:35.548384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/05 23:59:29.325798 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/05 23:59:29.325949 0.179252 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:29.521225 0.052086 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:29.565186 0.167009 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:29.817645 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/02/05 23:59:33.091408 3.003830 tcp 10.0.2.109 53317 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:59:42.093855 0.000000 tcp 10.0.2.109 53317 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:59:48.093831 0.055913 tcp 10.0.2.109 53318 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:59:48.149567 0.053062 tcp 10.0.2.109 53319 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:59:48.202910 0.152506 tcp 10.0.2.109 53320 -> 195.113.214.211 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:59:48.603371 0.055808 tcp 10.0.2.109 53321 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:59:48.615479 2.992024 tcp 10.0.2.109 53322 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/05 23:59:48.659479 0.053911 tcp 10.0.2.109 53323 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:59:48.713716 0.187650 tcp 10.0.2.109 53324 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/05 23:59:48.901887 0.071769 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:48.955267 0.156617 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:49.212863 0.085660 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:49.502307 0.047958 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:49.924493 0.148440 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:50.150960 0.065872 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:50.231092 0.383340 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:50.726665 0.352775 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:51.075301 0.111493 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:51.149375 0.074591 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:51.274667 0.193735 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:51.459934 0.207651 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:51.643696 0.105581 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:51.822758 0.418091 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:52.220680 0.376613 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:52.760304 0.308792 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:53.068052 0.389672 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:53.436247 0.105386 rtp 10.0.2.109 3683 <-> 2.85.52.253 2179 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:53.855652 0.169846 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:54.000539 0.236539 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:54.206640 0.216294 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:54.434019 0.241135 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:54.642368 0.380955 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:55.206691 0.329603 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/05 23:59:57.622443 0.000000 tcp 10.0.2.109 53322 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:04:56.568301 3.012093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 00:05:03.585842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:05:03.617048 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 00:05:03.617215 2.993241 tcp 10.0.2.109 53325 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:05:11.587667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:05:12.609040 0.000000 tcp 10.0.2.109 53325 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:05:18.619620 0.059192 tcp 10.0.2.109 53326 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:05:18.679075 0.188187 tcp 10.0.2.109 53327 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:05:18.867519 0.153967 tcp 10.0.2.109 53328 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:05:19.106278 2.996151 tcp 10.0.2.109 53329 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:05:27.590633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:05:28.101297 0.000000 tcp 10.0.2.109 53329 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:05:34.100645 0.054728 tcp 10.0.2.109 53330 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:05:34.155682 0.055413 tcp 10.0.2.109 53331 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:05:34.211373 0.151325 tcp 10.0.2.109 53332 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:05:34.885474 2.999521 tcp 10.0.2.109 53333 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:05:43.883667 0.000000 tcp 10.0.2.109 53333 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:05:49.883021 3.004016 tcp 10.0.2.109 53334 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:05:59.534421 0.000000 tcp 10.0.2.109 53334 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:06:00.233340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:11:04.886645 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 00:11:04.886826 2.992945 tcp 10.0.2.109 53335 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:11:13.878540 0.000000 tcp 10.0.2.109 53335 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:11:19.888548 0.053098 tcp 10.0.2.109 53336 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:11:19.941923 0.056371 tcp 10.0.2.109 53337 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:11:19.997978 0.152500 tcp 10.0.2.109 53338 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:11:20.275632 2.996356 tcp 10.0.2.109 53339 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:11:29.270675 0.000000 tcp 10.0.2.109 53339 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:11:35.270194 0.052460 tcp 10.0.2.109 53340 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:11:35.323048 0.053904 tcp 10.0.2.109 53341 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:11:35.377296 0.160276 tcp 10.0.2.109 53342 -> 195.113.214.211 443 SRPA* 0 0 24 13314 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:11:36.219354 3.005579 tcp 10.0.2.109 53343 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:11:45.247088 0.000000 tcp 10.0.2.109 53343 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:11:51.212924 3.003101 tcp 10.0.2.109 53344 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:12:00.215181 0.000000 tcp 10.0.2.109 53344 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:12:12.605271 3.002246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 00:12:19.613434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:12:27.619079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:12:43.618063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:13:15.623379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:17:06.216371 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 00:17:06.216574 2.992784 tcp 10.0.2.109 53345 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:17:15.207741 0.000000 tcp 10.0.2.109 53345 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:17:21.218777 0.056138 tcp 10.0.2.109 53346 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:17:21.275209 0.059128 tcp 10.0.2.109 53347 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:17:21.334628 0.150970 tcp 10.0.2.109 53348 -> 195.113.214.211 443 SRPA* 0 0 42 22260 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:17:21.498810 3.002739 tcp 10.0.2.109 53349 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:17:30.500117 0.000000 tcp 10.0.2.109 53349 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:17:36.499574 0.053668 tcp 10.0.2.109 53350 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:17:36.553478 0.052820 tcp 10.0.2.109 53351 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:17:36.606551 0.164039 tcp 10.0.2.109 53352 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:17:36.823852 2.999191 tcp 10.0.2.109 53353 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:17:45.821996 0.000000 tcp 10.0.2.109 53353 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:17:51.820801 3.004112 tcp 10.0.2.109 53354 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:18:00.823317 0.000000 tcp 10.0.2.109 53354 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:18:54.966792 0.000308 tcp 10.0.2.109 53354 -> 176.73.169.112 1959 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:18:54.967005 0.000034 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 00:19:19.630328 3.000874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 00:19:26.637201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:19:34.638546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:19:50.641632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:20:22.647520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:23:06.824012 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 00:23:06.824242 2.993421 tcp 10.0.2.109 53355 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:23:15.826394 0.000000 tcp 10.0.2.109 53355 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 00:23:21.826684 0.052709 tcp 10.0.2.109 53356 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:23:21.879713 0.053604 tcp 10.0.2.109 53357 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:23:21.933666 0.146721 tcp 10.0.2.109 53358 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:23:22.132540 0.542246 tcp 10.0.2.109 53359 -> 176.73.169.112 1959 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:26:26.654460 3.001462 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 00:26:33.660928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:26:41.662647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:26:57.665237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:27:29.671451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:30:25.795155 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 00:30:25.795303 0.075476 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:25.879356 0.052139 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:26.004158 0.170473 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:26.243349 0.168622 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:26.389337 0.083920 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:26.498782 0.072063 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:26.550728 0.154866 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:26.756071 0.048863 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:26.866883 0.153410 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:27.015609 0.066083 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:27.118333 0.118534 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:27.202458 0.071762 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:27.279884 0.353711 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:27.711357 0.353327 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:28.060571 0.196936 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:28.249560 0.203627 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:28.433127 0.105114 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:28.567164 0.410833 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:28.958836 0.404649 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:29.404504 0.312868 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:29.716153 0.394150 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:30.093410 0.000000 udp 10.0.2.109 3683 -> 2.85.52.253 2179 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 00:30:46.656458 0.054870 tcp 10.0.2.109 53360 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:30:46.711575 0.054421 tcp 10.0.2.109 53361 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:30:46.766301 0.158473 tcp 10.0.2.109 53362 -> 195.113.214.211 443 SRPA* 0 0 47 39606 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:30:46.925489 0.170604 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:47.071811 0.241683 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:47.271272 0.217620 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:47.468500 0.250634 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:47.682944 0.374044 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:30:48.038040 0.336458 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/06 00:33:33.677970 3.029901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 00:33:40.705210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:33:48.706409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:34:04.709348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:34:36.715444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:40:40.722404 3.000515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 00:40:47.728900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:40:55.730550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:41:11.733530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:41:43.739572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:47:47.747251 2.999961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 00:47:54.752845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:48:02.754318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:48:18.756760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:48:50.763511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:53:22.674576 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 00:53:22.674761 1.051995 tcp 10.0.2.109 53363 -> 176.73.169.112 1959 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/02/06 00:55:31.773721 3.000400 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 00:55:38.780037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:55:46.781608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:56:02.784436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 00:56:34.790579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:00:53.302721 0.097011 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 01:00:53.399931 0.000000 udp 10.0.2.109 3683 -> 2.85.52.253 2179 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 01:01:11.119962 0.056607 tcp 10.0.2.109 53364 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:01:11.176867 0.053536 tcp 10.0.2.109 53365 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:01:11.230768 0.141376 tcp 10.0.2.109 53366 -> 195.113.214.211 443 SRPA* 0 0 70 46742 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:01:11.372368 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 01:01:29.284744 0.224019 tcp 10.0.2.109 53367 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:01:29.509071 0.057607 tcp 10.0.2.109 53368 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:01:29.566999 0.145583 tcp 10.0.2.109 53369 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:01:29.713267 0.168093 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:30.291431 0.167043 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:30.435492 0.088668 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:30.504915 0.078216 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:30.750560 0.154761 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:30.959385 0.047334 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:31.171011 0.051085 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:31.219600 0.116914 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:31.516144 0.076479 rtp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:31.577808 0.340246 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2024 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:31.963179 0.065398 rtp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:32.011839 0.147778 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:32.152362 0.209533 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:32.337279 0.107624 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:32.566065 0.353016 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:32.915720 0.188583 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:33.097508 0.407151 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:33.484977 0.372523 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:33.878813 0.310080 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:34.614390 0.396174 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:34.989508 0.170669 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:35.135760 0.243584 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:35.339008 0.216527 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:35.548392 0.249180 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:35.761715 0.384314 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:01:36.259244 0.323839 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:02:46.798698 3.166959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 01:02:53.930797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:03:01.851727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:03:17.820025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:03:49.825998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:09:53.831744 3.002037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 01:10:00.892488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:10:08.873955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:10:24.887935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:10:56.869979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:17:00.876244 3.001371 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 01:17:07.884723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:17:15.885575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:17:31.887709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:18:03.893393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:23:23.724313 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 01:23:23.724468 0.729481 tcp 10.0.2.109 53370 -> 176.73.169.112 1959 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:24:07.900346 3.002755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 01:24:14.908476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:24:22.908963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:24:38.911889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:25:10.917912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:31:14.923680 3.001718 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 01:31:21.932737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:31:29.935942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:31:45.935727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:31:58.103809 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 01:31:58.104014 0.128801 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:31:58.153198 0.172234 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:31:58.421303 0.070901 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:31:58.475027 0.154790 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:31:58.763258 0.048551 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:31:58.911559 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 01:32:16.181038 0.055542 tcp 10.0.2.109 53371 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:32:16.236491 0.055002 tcp 10.0.2.109 53372 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:32:16.291796 0.144644 tcp 10.0.2.109 53373 -> 195.113.214.211 443 SRPA* 0 0 70 69958 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:32:16.437103 0.166876 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:16.581703 0.086315 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:16.708647 0.125310 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:16.796636 0.081621 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:16.879716 0.362761 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:17.282303 0.065012 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:17.332527 0.153704 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:17.478283 0.207035 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:17.659984 0.108306 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:17.809764 0.414290 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:17.941898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:32:18.202300 0.373714 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:18.626877 0.352285 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:18.975756 0.188720 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:19.297119 0.312127 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:19.608014 0.396630 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:19.985005 0.169920 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:20.133169 0.247259 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:20.646245 0.349870 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:20.976770 0.237175 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:21.178114 0.217164 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:32:21.375215 0.315919 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/06 01:38:23.120280 2.972659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 01:38:30.043401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:38:37.931664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:38:53.716631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:39:25.422517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:45:29.422662 3.001841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 01:45:36.430100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:45:44.431571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:46:00.434540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:46:32.440760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:53:24.833324 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 01:53:24.833536 0.666334 tcp 10.0.2.109 53374 -> 176.73.169.112 1959 FSPA* 0 0 15 1635 flow=From-Botnet-V1-TCP-Established 1970/02/06 01:54:24.452534 3.093507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 01:54:31.515383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:54:39.470646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:54:55.473792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 01:55:27.479678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:01:53.498236 3.172233 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 02:02:00.639111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:02:08.566704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:02:24.519393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:02:48.844974 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 02:02:48.845087 0.094817 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:48.939800 0.068873 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:49.199902 0.157706 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:49.357516 0.048021 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:49.902909 0.166237 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:50.204099 0.044434 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:50.246870 0.116858 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:50.507760 0.167771 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:50.650718 0.086608 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:50.808290 0.083316 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:50.875005 0.344211 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:51.326721 0.071654 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:51.383495 0.147561 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:51.544630 0.204730 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:51.725036 0.103557 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:51.842678 0.409538 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:52.233097 0.449956 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:52.834121 0.309315 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:53.374559 0.349643 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:53.720759 0.189533 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:53.903440 0.382202 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:54.269558 0.169161 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:54.417615 0.251106 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:54.633429 0.219693 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:54.831637 0.335954 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:55.289914 0.376117 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:55.649067 0.246508 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:02:56.535544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:09:06.540433 3.001137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 02:09:13.547358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:09:21.549136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:09:37.551789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:10:09.558251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:16:18.571655 3.001141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 02:16:25.578624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:16:33.582690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:16:49.583001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:17:21.589171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:23:25.502955 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 02:23:25.503061 0.785155 tcp 10.0.2.109 53375 -> 176.73.169.112 1959 FSPA* 0 0 14 1739 flow=From-Botnet-V1-TCP-Established 1970/02/06 02:23:28.599169 3.002009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 02:23:35.606514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:23:43.608963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:23:59.612366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:24:31.617515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:30:35.634869 3.000464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 02:30:42.647673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:30:50.641934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:31:06.645946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:31:38.652785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:33:04.114705 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 02:33:04.114869 0.049910 rtp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:04.163249 0.065544 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:04.456937 0.155365 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:04.725919 0.053089 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:04.854355 0.167458 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:05.071712 0.044909 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:05.372067 0.118631 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:05.449628 0.077229 udp 10.0.2.109 3683 <-> 31.54.106.160 5838 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:05.512032 0.348447 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:05.942717 0.168949 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:06.087368 0.087601 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:06.407884 0.071713 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:06.463988 0.153758 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:06.753356 0.207086 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:06.937494 0.104784 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:07.017638 0.410718 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:07.409882 0.365426 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:07.832462 0.311393 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:08.204671 0.354410 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:08.555452 0.192447 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:08.740480 0.386792 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:09.108390 0.170850 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:09.253954 0.344275 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:09.597737 0.249945 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:09.814673 0.216909 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:10.010571 0.383897 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:33:10.477222 0.243802 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/06 02:37:42.657195 3.073581 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 02:37:49.701603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:37:57.686644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:38:13.689320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:38:45.695611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:44:49.700751 3.002902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 02:44:56.708838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:45:04.710587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:45:20.713545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:45:52.719499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:53:26.291738 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 02:53:26.291939 0.536013 tcp 10.0.2.109 53376 -> 176.73.169.112 1959 FSPA* 0 0 15 1591 flow=From-Botnet-V1-TCP-Established 1970/02/06 02:54:04.728507 3.002621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 02:54:11.736310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:54:19.738805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:54:35.741556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 02:55:07.747404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:01:16.760279 3.171945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 03:01:23.901155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:01:31.826790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:01:47.782573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:02:19.798606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:03:15.108450 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 03:03:15.108578 0.331259 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:03:15.600430 0.049148 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:03:15.782726 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 03:03:34.427551 0.124105 tcp 10.0.2.109 53377 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:03:34.551982 0.053174 tcp 10.0.2.109 53378 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:03:34.605488 0.235692 tcp 10.0.2.109 53379 -> 195.113.214.211 443 SRPA* 0 0 72 53631 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:03:34.841764 0.069718 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:03:34.891894 0.170072 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:03:35.149149 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 03:03:51.511412 0.053181 tcp 10.0.2.109 53380 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:03:51.564916 0.056094 tcp 10.0.2.109 53381 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:03:51.621379 0.171649 tcp 10.0.2.109 53382 -> 195.113.214.211 443 SRPA* 0 0 49 34528 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:03:51.793558 0.127925 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:03:51.876728 0.000000 udp 10.0.2.109 3683 -> 31.54.106.160 5838 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 03:04:09.867312 0.060961 tcp 10.0.2.109 53383 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:04:09.928542 0.053518 tcp 10.0.2.109 53384 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:04:09.982436 0.155853 tcp 10.0.2.109 53385 -> 195.113.214.211 443 SRPA* 0 0 38 27514 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:04:10.138864 0.338910 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:10.612988 0.169326 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:10.759967 0.088614 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:10.881403 0.065338 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:10.932123 0.148883 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:11.142664 0.204259 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:11.323834 0.341440 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:11.869563 0.118691 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:11.964756 0.545974 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:12.493952 0.190936 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 1908 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:12.678367 0.309242 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:13.171298 0.349401 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:13.516521 0.389929 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:13.888053 0.170157 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:14.098046 0.336844 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 1984 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:14.434527 0.251126 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:14.949314 0.240094 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:15.148688 0.216699 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:04:15.532993 0.371580 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:08:39.807742 3.002775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 03:08:46.814764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:08:54.815910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:09:10.819547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:09:42.825435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:15:46.841968 3.001069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 03:15:53.849071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:16:01.850535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:16:17.854485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:16:49.859370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:22:53.865876 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 03:23:00.872751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:23:08.874215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:23:24.877545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:23:26.830817 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 03:23:26.830982 0.485020 tcp 10.0.2.109 53386 -> 176.73.169.112 1959 FSPA* 0 0 14 1558 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:23:56.883382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:30:00.889799 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 03:30:07.896788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:30:15.897995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:30:31.901500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:31:03.907639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:34:41.660676 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 03:34:41.660786 0.043950 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2553 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:41.703177 0.053601 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:41.754613 0.000000 udp 10.0.2.109 3683 -> 31.54.106.160 5838 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 03:34:57.585324 0.053106 tcp 10.0.2.109 53387 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:34:57.638683 0.055119 tcp 10.0.2.109 53388 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:34:57.694097 0.148931 tcp 10.0.2.109 53389 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:34:57.919665 0.155255 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:58.152279 0.047493 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:58.234933 0.071534 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:58.297288 0.167637 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:58.511864 0.122687 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:58.594148 0.092234 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:58.732153 0.335802 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:59.126706 0.192063 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:59.297200 0.065842 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:59.448163 0.152328 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:59.592649 0.411822 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:34:59.954074 0.348326 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:00.320316 0.105999 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:00.403490 0.310055 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:00.828786 0.352852 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:01.177994 0.385796 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:01.544936 0.411236 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:01.932065 0.191508 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:02.115419 0.169263 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:02.260524 0.336854 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:02.603348 0.249711 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:02.814777 0.236191 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:03.014564 0.216707 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:35:03.210475 0.338898 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/06 03:37:07.913389 3.011879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 03:37:14.931025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:37:22.932184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:37:38.935383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:38:10.941258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:44:14.948759 3.000339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 03:44:21.955124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:44:29.956517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:44:45.959247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:45:17.966680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:53:27.319446 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 03:53:27.319613 0.484306 tcp 10.0.2.109 53390 -> 176.73.169.112 1959 FSPA* 0 0 14 1633 flow=From-Botnet-V1-TCP-Established 1970/02/06 03:53:41.972981 3.001520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 03:53:48.980607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:53:56.987395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:54:12.987631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 03:54:44.991316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:00:48.997184 3.163135 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 04:00:56.130389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:01:04.053757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:01:20.018851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:01:52.024461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:05:16.949657 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 04:05:16.949774 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 04:05:34.867239 0.099508 tcp 10.0.2.109 53391 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 04:05:34.967048 0.053240 tcp 10.0.2.109 53392 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 04:05:35.020607 0.155821 tcp 10.0.2.109 53393 -> 195.113.214.211 443 SRPA* 0 0 43 32070 flow=From-Botnet-V1-TCP-Established 1970/02/06 04:05:35.177026 0.045832 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:35.220165 0.154116 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:35.438697 0.049373 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:35.637101 0.066150 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:35.739152 0.166283 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:35.960929 0.124773 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:36.043447 0.086849 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:36.231295 0.084591 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:36.300093 0.145215 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:36.467836 0.210601 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:36.655141 0.340637 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:37.184156 0.169353 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:37.331956 0.353427 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:37.737512 0.109288 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:37.823081 0.313408 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:38.349830 0.410461 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:38.739236 0.349622 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:39.085313 0.565726 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:39.668610 0.194330 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:39.855080 0.171950 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:40.087626 0.351562 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:40.447675 0.242856 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:40.658413 0.347690 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:40.986832 0.243400 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:05:41.188614 0.233011 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:08:00.036027 3.298286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 04:08:07.303739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:08:15.229048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:08:31.084386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:09:03.084520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:15:09.093186 3.001851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 04:15:16.100887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:15:24.102281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:15:40.105155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:16:12.111410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:22:18.130193 3.232104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 04:22:25.325868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:22:33.249007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:22:49.151953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:23:21.158110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:23:27.808151 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 04:23:27.808246 0.534473 tcp 10.0.2.109 53394 -> 176.73.169.112 1959 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/02/06 04:29:25.165001 3.001015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 04:29:32.171918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:29:40.183136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:29:56.177104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:30:28.182353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:35:51.056724 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 04:35:51.056923 0.044154 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:51.099522 0.058551 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:51.325152 0.156622 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:51.538783 0.065208 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:51.606730 0.067402 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:51.656911 0.166201 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:51.835599 0.118742 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:51.914689 0.089293 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:52.064037 0.072386 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:52.119218 0.344084 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:52.478771 0.147585 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:52.618899 0.212966 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:52.805461 0.167788 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:52.948254 0.345727 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2035 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:53.394753 0.110214 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:53.480446 0.311760 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:53.842818 0.410734 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:54.234579 0.350454 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:54.581582 0.553410 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:55.117852 0.188955 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:55.299480 0.168786 rtcp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:55.443373 0.330448 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:55.775074 0.252435 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:55.990853 0.217825 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:56.186330 0.373394 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:35:56.542030 0.238436 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/06 04:36:32.194065 2.995640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 04:36:39.195466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:36:47.197025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:37:03.199720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:37:35.206204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:43:39.212228 3.001494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 04:43:46.219582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:43:54.220999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:44:10.224207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:44:42.232585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:50:46.236597 3.001099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 04:50:53.243475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:51:01.245126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:51:17.248175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:51:49.253992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:53:28.347273 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 04:53:28.347369 0.467335 tcp 10.0.2.109 53395 -> 176.73.169.112 1959 FSPA* 0 0 14 1678 flow=From-Botnet-V1-TCP-Established 1970/02/06 04:57:53.260452 3.001481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 04:58:00.267559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:58:08.270674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:58:24.271951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 04:58:56.277788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:05:25.290354 3.001229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 05:05:32.297371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:05:40.299046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:05:56.301811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:06:02.721533 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 05:06:02.721732 0.045732 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:02.763817 0.050030 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 1996 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:03.115489 0.159016 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:03.270256 0.048857 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:03.349007 0.065575 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:03.399859 0.167879 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:03.955809 0.118128 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:04.034692 0.335898 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:04.562561 0.150310 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:04.705169 0.213326 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:05.115676 0.167591 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:05.336075 0.087692 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:05.405256 0.069458 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:05.844353 0.351408 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:06.259248 0.114673 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:06.344589 0.326637 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:06.669074 0.418369 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:07.064502 0.350784 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:07.518988 0.388898 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:07.886936 0.192655 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:08.072164 0.171104 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:08.217459 0.335619 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:08.606826 0.250740 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:08.823845 0.217026 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:09.020575 0.344612 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:09.346884 0.245594 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2584 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:06:28.307765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:12:32.313929 3.001588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 05:12:39.321569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:12:47.322736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:13:03.325904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:13:35.333066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:19:39.341444 2.998341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 05:19:46.345379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:19:54.346775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:20:11.456031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:20:43.098728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:23:28.815165 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 05:23:28.815270 0.576148 tcp 10.0.2.109 53396 -> 176.73.169.112 1959 FSPA* 0 0 15 1782 flow=From-Botnet-V1-TCP-Established 1970/02/06 05:26:46.371786 3.001711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 05:26:53.379404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:27:01.387495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:27:17.383725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:27:49.390111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:33:53.396892 3.000690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 05:34:00.403291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:34:08.405253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:34:24.407972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:34:56.413979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:36:33.683998 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 05:36:33.684180 0.050321 rtp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2592 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:33.732813 0.044598 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:34.175120 0.065985 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:34.226632 0.158483 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:34.380792 0.054538 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:34.611902 0.167363 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:34.817721 0.121757 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:34.899879 0.345476 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:35.291649 0.149275 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:35.433245 0.207727 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:35.615579 0.070456 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:35.769096 0.252956 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:35.998004 0.089550 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:36.070126 0.342097 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:36.426300 0.104644 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:36.508989 0.308642 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:36.816246 0.414465 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:37.211139 0.373888 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:37.581427 0.384433 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:37.947376 0.191673 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:38.131668 0.171210 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2553 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:38.278907 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 05:36:54.900218 0.054844 tcp 10.0.2.109 53397 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 05:36:54.955362 0.054381 tcp 10.0.2.109 53398 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 05:36:55.010028 0.175871 tcp 10.0.2.109 53399 -> 195.113.214.211 443 SRPA* 0 0 101 88343 flow=From-Botnet-V1-TCP-Established 1970/02/06 05:36:55.185047 0.316084 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:55.636460 0.252893 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:55.852476 0.334512 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:36:57.033948 0.242635 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/06 05:41:00.419487 3.001911 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 05:41:07.427349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:41:15.438651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:41:31.441721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:42:03.447722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:48:07.455560 3.000069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 05:48:14.461441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:48:22.462774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:48:38.465650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:49:10.471771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:53:29.394600 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 05:53:29.394842 0.451968 tcp 10.0.2.109 53400 -> 176.73.169.112 1959 FSPA* 0 0 14 1657 flow=From-Botnet-V1-TCP-Established 1970/02/06 05:55:41.487351 3.000997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 05:55:48.495333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:55:56.495509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:56:12.498827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 05:56:44.504711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:02:48.511581 3.001334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 06:02:55.517723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:03:03.519375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:03:19.522038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:03:51.528396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:07:20.849847 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 06:07:20.850008 0.216443 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:21.045590 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 06:07:38.076363 0.057412 tcp 10.0.2.109 53401 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 06:07:38.133630 0.056174 tcp 10.0.2.109 53402 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 06:07:38.190329 0.153416 tcp 10.0.2.109 53403 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 06:07:38.344277 0.156216 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:38.785779 0.048417 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:38.964464 0.167166 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:39.188532 0.132356 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:39.285322 0.049909 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:39.497203 0.067363 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:39.549377 0.212504 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:39.737330 0.066380 udp 10.0.2.109 3683 <-> 217.36.212.73 6627 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:39.935043 0.147752 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:40.074746 2.065163 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:42.298856 0.420227 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:42.744047 0.126718 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:42.846747 0.310584 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:43.315343 0.803868 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:44.101671 0.169736 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:44.275382 0.385248 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:44.642613 0.412918 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:45.034961 0.350039 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:45.380678 0.188692 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:45.561680 0.170402 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:45.710087 0.336976 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:46.230540 0.328764 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:46.520758 0.347150 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:07:47.122610 0.238627 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:09:55.534070 3.003375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 06:10:02.541924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:10:10.543354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:10:26.546164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:10:58.552411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:17:02.558724 3.001289 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 06:17:09.565685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:17:17.567339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:17:33.570310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:18:05.576024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:23:29.853199 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 06:23:29.853315 0.745404 tcp 10.0.2.109 53404 -> 176.73.169.112 1959 FSPA* 0 0 15 1578 flow=From-Botnet-V1-TCP-Established 1970/02/06 06:24:09.581906 3.002344 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 06:24:16.590330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:24:24.591568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:24:40.594340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:25:12.600505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:31:16.608396 3.005158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 06:31:23.613795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:31:31.615485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:31:47.618147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:32:19.624060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:38:01.846063 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 06:38:01.846218 0.049742 rtp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:01.894424 0.219021 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:02.091108 0.159586 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:02.435387 0.048738 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:02.501010 0.167684 rtcp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:02.682242 0.117047 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:02.760711 0.055584 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:02.830346 0.069322 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:02.881173 0.202552 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:03.059627 0.000000 udp 10.0.2.109 3683 -> 217.36.212.73 6627 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 06:38:18.482287 0.053498 tcp 10.0.2.109 53405 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 06:38:18.536072 0.054103 tcp 10.0.2.109 53406 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 06:38:18.590006 0.146789 tcp 10.0.2.109 53407 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 06:38:18.737443 0.168795 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2586 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:18.901376 0.333649 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2567 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:19.243126 0.339688 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:19.889658 0.114634 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2591 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:19.982740 0.170634 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:19.983138 3.003744 tcp 10.0.2.109 53408 -> 109.152.162.107 2875 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 06:38:20.832462 0.309157 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:21.255314 0.085910 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:21.323212 0.391743 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:21.691782 0.405687 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:22.077178 0.351233 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:22.424825 0.191857 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:22.609164 0.170145 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:22.757269 0.383463 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:23.123427 0.331859 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:23.470741 0.250317 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:23.631830 3.000265 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 06:38:23.687024 0.237119 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/06 06:38:28.985361 0.000000 tcp 10.0.2.109 53408 -> 109.152.162.107 2875 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 06:38:30.637848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:38:38.639296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:38:54.642445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:39:26.648242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:45:30.654796 3.000933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 06:45:37.661852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:45:45.663234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:46:01.666542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:46:33.672523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:53:30.605521 0.000249 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 06:53:30.605884 0.509570 tcp 10.0.2.109 53409 -> 176.73.169.112 1959 FSPA* 0 0 15 1696 flow=From-Botnet-V1-TCP-Established 1970/02/06 06:54:23.680656 3.002895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 06:54:30.688760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:54:38.689671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:54:54.692626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 06:55:26.698562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:01:53.719355 3.000031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 07:02:00.725091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:02:08.726045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:02:24.731375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:02:56.737288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:08:29.394457 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:08:29.394566 0.000000 udp 10.0.2.109 3683 -> 217.36.212.73 6627 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:08:45.589814 0.051737 tcp 10.0.2.109 53410 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:08:45.641920 0.052439 tcp 10.0.2.109 53411 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:08:45.694246 0.145034 tcp 10.0.2.109 53412 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:08:45.839047 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:09:02.833696 0.049795 tcp 10.0.2.109 53413 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:09:02.883768 0.051180 tcp 10.0.2.109 53414 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:09:02.935284 0.151236 tcp 10.0.2.109 53415 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:09:03.087521 0.048718 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:03.452573 0.219920 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:03.651177 0.124166 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:03.827925 0.055840 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:03.880995 0.070896 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:04.075488 0.169287 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:04.266985 0.158036 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2558 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:04.506894 0.204751 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:04.688833 0.158469 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:04.748500 3.414825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 07:09:04.914553 3.409239 tcp 10.0.2.109 53416 -> 76.242.179.0 1308 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 07:09:04.937998 0.403496 rtcp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:05.434762 0.342316 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:05.943625 0.567570 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:06.511180 0.170464 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:06.659549 0.386922 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:07.028116 0.407589 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:07.434408 0.092554 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:08.153588 0.413519 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:08.547305 0.349758 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:09.130137 0.195496 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:09.316019 0.170237 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:09.508923 0.246633 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:09.720261 0.242349 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:09.921811 0.341627 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:10.831357 0.315964 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:09:12.145379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:09:14.278822 0.000000 tcp 10.0.2.109 53416 -> 76.242.179.0 1308 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 07:09:20.079192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:09:35.963492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:10:07.764806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:16:16.779550 3.000545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 07:16:23.785972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:16:31.787688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:16:48.450032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:17:20.083600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:23:26.818221 3.000739 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 07:23:31.125040 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:23:31.125144 0.657383 tcp 10.0.2.109 53417 -> 176.73.169.112 1959 FSPA* 0 0 14 1658 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:23:33.824520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:23:41.825852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:23:57.829066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:24:29.924839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:30:33.852121 3.000522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 07:30:40.858319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:30:48.860503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:31:04.862665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:31:36.868972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:37:40.875930 3.000189 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 07:37:47.882030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:37:55.883719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:38:11.886603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:38:43.892821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:39:36.939499 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:39:36.939593 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:39:53.724817 0.126199 tcp 10.0.2.109 53418 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:39:53.851335 0.055308 tcp 10.0.2.109 53419 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:39:53.906486 0.158907 tcp 10.0.2.109 53420 -> 195.113.214.211 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:39:54.065968 0.053583 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:39:54.121157 2.986718 tcp 10.0.2.109 53421 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 07:39:54.122906 0.215817 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:39:54.319441 0.128236 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:39:54.408069 0.046471 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:39:54.469034 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:40:03.116738 0.000000 tcp 10.0.2.109 53421 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 07:40:10.578233 0.055760 tcp 10.0.2.109 53422 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:40:10.634300 0.055188 tcp 10.0.2.109 53423 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:40:10.689776 0.168137 tcp 10.0.2.109 53424 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:40:10.858521 0.167324 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:11.096060 0.156959 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:11.326778 0.406549 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:11.731855 0.213137 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:11.920367 0.149719 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:12.065805 0.344846 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:12.456346 0.115328 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:12.547851 0.168354 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:12.694444 0.385270 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:13.061057 0.328624 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:13.391119 0.089498 rtp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:13.462287 0.409925 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:13.847492 0.361213 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:14.289307 0.187503 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:14.469988 0.171364 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2568 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:14.615923 0.273365 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:14.855786 0.241571 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:15.055547 0.353603 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:15.390548 0.327302 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:15.733848 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 REQ 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:40:22.815182 0.454163 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 8 2997 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:23.249137 0.223226 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 8 2979 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:23.436149 0.089887 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3124 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:23.523715 0.093558 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3095 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:23.622742 0.309933 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 8 3099 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:23.963653 0.846549 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 3138 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:24.880803 0.387178 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 8 2993 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:25.241710 0.336262 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 8 3274 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:25.679179 0.292126 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3183 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:25.961049 0.691924 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 8 3228 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:26.700145 0.169868 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 8 2913 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:26.848452 0.313936 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 8 3012 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:27.140789 0.642375 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 3091 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:27.800915 0.133471 udp 10.0.2.109 3683 <-> 109.153.254.98 4764 CON 0 0 8 3010 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:27.912476 0.791302 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 8 3067 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:28.687236 0.749357 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 8 2943 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:29.420619 0.724012 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3141 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:30.141291 0.364645 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 3092 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:30.498718 0.309113 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3274 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:30.784289 0.463574 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 8 3101 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:31.211759 0.682492 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 8 3024 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:31.877401 0.649128 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 8 2827 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:32.546892 0.443037 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 8 2733 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:40:32.952767 0.000000 udp 10.0.2.109 3683 -> 84.183.44.157 2383 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:40:38.287816 0.000000 rtcp 10.0.2.109 3683 -> 81.137.23.105 1827 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:40:44.966543 0.000000 udp 10.0.2.109 3683 -> 120.151.184.91 7254 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:40:50.745430 0.000000 udp 10.0.2.109 3683 -> 92.3.136.238 8321 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:40:55.623077 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:40:56.254579 0.000000 udp 10.0.2.109 3683 -> 77.10.247.45 3056 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:41:03.083081 0.000000 udp 10.0.2.109 3683 -> 79.5.50.174 1514 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:41:09.422184 0.000000 udp 10.0.2.109 3683 -> 216.68.145.110 1409 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:41:16.181767 0.000000 udp 10.0.2.109 3683 -> 87.21.23.235 2338 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:41:21.509551 0.000000 udp 10.0.2.109 3683 -> 131.191.38.85 5603 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:41:27.297999 0.000000 udp 10.0.2.109 3683 -> 198.245.120.215 9784 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:41:34.237905 0.182597 udp 10.0.2.109 3683 <-> 217.83.152.46 5333 CON 0 0 8 3045 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:41:34.445901 0.000000 udp 10.0.2.109 3683 -> 95.250.42.70 5104 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:41:42.269411 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:41:47.125899 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:41:51.182001 0.122916 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 8 3010 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:41:51.331900 0.000000 udp 10.0.2.109 3683 -> 216.47.241.51 9545 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:41:58.653049 0.000000 udp 10.0.2.109 3683 -> 66.49.127.38 7089 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:42:03.994331 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:42:11.441180 0.000000 udp 10.0.2.109 3683 -> 90.212.21.165 9563 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:42:18.891836 0.000000 udp 10.0.2.109 3683 -> 196.216.51.42 3543 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:42:23.979478 0.000000 udp 10.0.2.109 3683 -> 203.23.218.123 4674 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:42:31.530360 0.000000 udp 10.0.2.109 3683 -> 91.39.97.10 9714 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:42:36.126781 0.000281 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:42:37.098481 0.000000 udp 10.0.2.109 3683 -> 151.84.80.40 6801 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:42:44.729164 0.000000 udp 10.0.2.109 3683 -> 87.193.194.242 4425 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:42:52.320584 0.000000 udp 10.0.2.109 3683 -> 82.189.216.74 5286 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:42:57.407338 0.000000 udp 10.0.2.109 3683 -> 79.29.222.51 2653 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:43:05.859881 0.335277 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 8 3095 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:43:06.255854 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:43:11.627905 0.000000 udp 10.0.2.109 3683 -> 93.145.92.53 4411 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:43:19.409145 0.000000 udp 10.0.2.109 3683 -> 187.184.130.200 1330 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:43:24.126522 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:43:27.130071 0.000000 udp 10.0.2.109 3683 -> 173.210.170.60 3227 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:43:35.191347 0.000000 udp 10.0.2.109 3683 -> 93.151.17.139 5680 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:43:42.231778 0.000000 udp 10.0.2.109 3683 -> 79.55.104.50 6708 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:43:49.872705 0.064723 udp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 8 2882 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:43:50.208579 0.000000 udp 10.0.2.109 3683 -> 37.207.107.90 3260 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:43:58.455855 0.000000 udp 10.0.2.109 3683 -> 78.14.195.188 7760 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:44:06.256160 0.000000 udp 10.0.2.109 3683 -> 80.178.145.152 5927 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:44:11.123950 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:44:12.546501 0.000000 udp 10.0.2.109 3683 -> 69.84.29.250 1141 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:44:20.446836 0.000000 udp 10.0.2.109 3683 -> 82.80.253.232 3340 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:44:27.276261 0.000000 udp 10.0.2.109 3683 -> 86.160.197.216 6394 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:44:35.614459 0.127516 udp 10.0.2.109 3683 <-> 87.153.116.208 4545 CON 0 0 8 2977 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:44:35.849854 0.000000 udp 10.0.2.109 3683 -> 116.15.92.107 8875 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:44:42.548762 0.000000 udp 10.0.2.109 3683 -> 209.171.51.62 7135 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:44:47.899472 3.001148 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 07:44:51.271241 0.000000 udp 10.0.2.109 3683 -> 79.46.117.190 6618 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:44:54.906303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:44:56.127763 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:44:59.483400 0.000000 udp 10.0.2.109 3683 -> 97.68.87.33 2033 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:45:02.914328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:45:05.481690 0.000000 udp 10.0.2.109 3683 -> 195.53.174.49 8284 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:45:12.693660 0.000000 udp 10.0.2.109 3683 -> 79.39.156.129 1216 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:45:18.910714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:45:21.024099 0.000000 udp 10.0.2.109 3683 -> 220.246.36.52 5815 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:45:26.391703 0.000000 udp 10.0.2.109 3683 -> 202.128.21.92 8080 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:45:33.431978 0.163082 udp 10.0.2.109 3683 <-> 88.104.137.77 8182 CON 0 0 8 2849 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:45:33.710875 0.000000 udp 10.0.2.109 3683 -> 80.153.161.180 5887 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:45:41.022936 0.000000 udp 10.0.2.109 3683 -> 94.1.66.169 1378 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:45:45.629131 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:45:49.364559 0.000000 udp 10.0.2.109 3683 -> 74.218.32.44 1243 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:45:50.916471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:45:54.382113 0.000000 udp 10.0.2.109 3683 -> 125.113.187.61 6077 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:45:59.439284 0.113804 udp 10.0.2.109 3683 <-> 80.51.86.140 2934 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:45:59.592958 0.321342 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 8 3209 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:45:59.918624 0.000000 udp 10.0.2.109 3683 -> 94.173.141.138 7522 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:46:06.268876 0.000000 udp 10.0.2.109 3683 -> 162.127.123.100 8427 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:46:12.907952 0.000000 udp 10.0.2.109 3683 -> 151.24.122.60 1089 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:46:21.871607 0.000000 udp 10.0.2.109 3683 -> 189.179.148.230 8822 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:46:29.111565 0.114706 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 8 2996 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:46:29.259431 0.376763 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 8 3194 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:46:30.025897 0.000000 udp 10.0.2.109 3683 -> 85.139.90.25 5903 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:46:33.628384 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:46:37.514340 0.091281 udp 10.0.2.109 3683 <-> 81.133.27.50 9684 CON 0 0 8 3015 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:46:37.660123 0.000000 udp 10.0.2.109 3683 -> 70.31.20.93 5790 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:46:46.366327 0.000000 udp 10.0.2.109 3683 -> 81.99.227.18 2750 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:46:51.995855 0.184298 udp 10.0.2.109 3683 <-> 86.133.187.183 2650 CON 0 0 8 3012 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:46:52.176918 0.000000 udp 10.0.2.109 3683 -> 108.223.202.160 3023 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:46:58.514407 0.108216 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 8 2876 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:46:58.774241 0.000000 udp 10.0.2.109 3683 -> 90.46.34.111 4329 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:47:06.498325 0.000000 udp 10.0.2.109 3683 -> 97.100.49.217 6844 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:47:12.324153 0.371023 udp 10.0.2.109 3683 <-> 108.214.152.10 6765 CON 0 0 8 3248 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:47:12.699145 0.111467 rtp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 8 2887 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:47:12.866443 0.000000 udp 10.0.2.109 3683 -> 173.251.120.42 9546 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:47:21.777818 0.000000 udp 10.0.2.109 3683 -> 69.199.30.121 6717 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:47:26.624129 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:47:27.135241 0.000000 udp 10.0.2.109 3683 -> 68.225.87.81 6523 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:47:33.294955 0.066698 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 8 3057 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:47:33.392188 0.000000 udp 10.0.2.109 3683 -> 212.156.88.102 5749 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:47:41.436949 0.196630 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 8 2903 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:47:41.668856 0.000000 udp 10.0.2.109 3683 -> 86.178.16.14 5397 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:47:46.914356 0.000000 udp 10.0.2.109 3683 -> 182.68.180.98 7000 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:47:53.132903 0.000000 udp 10.0.2.109 3683 -> 216.169.187.165 7794 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:00.302921 0.114076 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 8 3209 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:48:00.438972 0.000000 udp 10.0.2.109 3683 -> 77.97.169.18 7272 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:06.642235 0.000000 udp 10.0.2.109 3683 -> 79.32.221.232 5955 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:11.629065 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:48:12.710951 0.000000 udp 10.0.2.109 3683 -> 79.38.30.118 7292 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:18.149037 0.000000 udp 10.0.2.109 3683 -> 186.6.222.237 2209 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:26.711004 0.000000 udp 10.0.2.109 3683 -> 79.4.230.88 6744 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:32.128611 0.157404 udp 10.0.2.109 3683 <-> 5.13.211.189 7306 CON 0 0 8 3110 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:48:32.704956 0.000000 udp 10.0.2.109 3683 -> 95.241.150.247 2736 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:41.121623 0.000000 udp 10.0.2.109 3683 -> 71.196.1.229 7162 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:46.539480 0.335558 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3057 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:48:46.929523 0.000000 udp 10.0.2.109 3683 -> 95.226.209.45 8521 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:52.117789 1.229780 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 8 3108 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:48:53.128116 0.437776 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 8 3248 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:48:53.612110 0.000000 udp 10.0.2.109 3683 -> 99.228.230.225 8319 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:48:56.623559 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:49:01.362463 0.000000 udp 10.0.2.109 3683 -> 86.152.236.179 9583 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:49:06.468276 0.000000 udp 10.0.2.109 3683 -> 86.181.216.139 6497 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:49:14.229749 0.000000 udp 10.0.2.109 3683 -> 37.115.129.228 7959 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:49:22.971645 0.000000 udp 10.0.2.109 3683 -> 79.5.50.198 6806 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:49:29.491234 0.000000 udp 10.0.2.109 3683 -> 89.243.174.243 9382 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:49:37.714599 0.000000 udp 10.0.2.109 3683 -> 80.137.98.142 3662 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:49:42.624420 0.000188 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:49:43.536182 0.000000 udp 10.0.2.109 3683 -> 94.219.148.86 5938 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:49:51.573263 0.000000 udp 10.0.2.109 3683 -> 186.104.181.140 8811 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:49:58.822888 0.000000 udp 10.0.2.109 3683 -> 189.193.69.191 6762 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:50:07.105350 0.056376 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 8 3087 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:50:07.214642 0.740911 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 8 3027 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:50:07.974020 0.000000 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:50:15.587892 0.000000 udp 10.0.2.109 3683 -> 79.5.150.126 9996 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:50:22.737823 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:50:27.624599 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:50:27.915179 0.315764 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 8 3092 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:50:28.232913 0.000000 udp 10.0.2.109 3683 -> 46.12.233.108 4922 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:50:37.108695 0.056951 rtp 10.0.2.109 3683 <-> 109.95.92.216 2182 CON 0 0 8 3120 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:50:37.204738 0.000000 udp 10.0.2.109 3683 -> 37.77.113.111 1536 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:50:43.627896 0.000000 udp 10.0.2.109 3683 -> 79.45.175.227 1111 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:50:50.317611 0.113948 rtp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 8 2968 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:50:50.456529 0.000000 udp 10.0.2.109 3683 -> 94.46.226.122 1315 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:50:57.117112 0.000000 udp 10.0.2.109 3683 -> 194.83.245.170 6087 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:51:06.099919 0.000000 udp 10.0.2.109 3683 -> 2.191.27.3 4839 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:51:12.008347 1.987422 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 8 2907 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:51:13.978687 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 8574 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:51:16.624794 0.000154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:51:20.240908 0.000000 udp 10.0.2.109 3683 -> 113.212.119.211 9793 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:51:26.940164 0.178814 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 8 3116 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:51:27.128762 0.117439 rtp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 8 2992 flow=From-Botnet-V1-UDP-Established 1970/02/06 07:51:27.243872 0.000000 udp 10.0.2.109 3683 -> 62.30.59.186 9743 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:51:33.780033 0.000000 udp 10.0.2.109 3683 -> 109.251.94.26 8919 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:51:42.092004 0.000000 udp 10.0.2.109 3683 -> 109.158.107.229 5978 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 07:53:31.779821 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 07:53:31.779913 0.512627 tcp 10.0.2.109 53425 -> 176.73.169.112 1959 FSPA* 0 0 14 1501 flow=From-Botnet-V1-TCP-Established 1970/02/06 07:54:02.927248 3.001424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 07:54:09.934453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:54:17.935608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:54:33.938726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 07:55:05.944965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:01:14.957762 3.002169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 08:01:21.965521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:01:29.966872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:01:45.970153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:02:17.976668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:08:30.985445 3.001922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 08:08:37.993436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:08:45.994094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:09:02.000576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:09:34.002880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:15:38.009389 3.001245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 08:15:45.018697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:15:53.017750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:16:09.020984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:16:41.026830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:21:56.721534 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 08:21:56.721639 0.049301 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:21:56.772392 3.002770 tcp 10.0.2.109 53426 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 08:21:57.008889 0.158440 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:21:57.347365 0.053727 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:21:57.532586 0.169081 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:21:57.754807 0.161750 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:21:57.905377 0.210244 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:21:58.092634 0.736620 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:21:58.807695 0.334064 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:21:59.400043 0.000000 udp 10.0.2.109 3683 -> 109.153.254.98 4764 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 08:22:05.773653 0.000000 tcp 10.0.2.109 53426 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 08:22:16.390685 0.049639 tcp 10.0.2.109 53427 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:22:16.440689 0.052030 tcp 10.0.2.109 53428 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:22:16.493042 0.164013 tcp 10.0.2.109 53429 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:22:16.657733 0.166329 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:16.801580 0.311807 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:17.144037 0.415768 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:17.538722 0.384524 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:17.905569 0.194290 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:18.089617 0.165525 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:18.255625 3.000422 tcp 10.0.2.109 53430 -> 174.91.201.209 6016 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 08:22:18.263080 0.349151 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:18.608243 0.247410 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:18.821135 0.355944 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:19.160081 0.240793 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:19.389524 0.349850 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:19.738641 0.114641 udp 10.0.2.109 3683 <-> 217.83.152.46 5333 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:19.983797 0.073058 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:20.187509 0.165148 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:20.342724 0.035027 rtp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:20.515710 0.066418 rtp 10.0.2.109 3683 <-> 87.153.116.208 4545 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:20.566422 0.092711 rtp 10.0.2.109 3683 <-> 88.104.137.77 8182 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:20.823161 0.165226 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:20.982484 0.054992 udp 10.0.2.109 3683 <-> 80.51.86.140 2934 CON 0 0 4 1394 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:21.029610 0.061299 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:21.262735 0.192747 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:21.452320 0.048409 udp 10.0.2.109 3683 <-> 81.133.27.50 9684 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:21.552127 0.111080 udp 10.0.2.109 3683 <-> 86.133.187.183 2650 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:21.626885 0.059663 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:21.800697 0.062700 rtcp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:22.028141 0.000000 udp 10.0.2.109 3683 -> 108.214.152.10 6765 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 08:22:27.254761 0.000000 tcp 10.0.2.109 53430 -> 174.91.201.209 6016 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 08:22:40.864821 0.050292 tcp 10.0.2.109 53431 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:22:40.915385 0.053159 tcp 10.0.2.109 53432 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:22:40.968289 0.142974 tcp 10.0.2.109 53433 -> 195.113.214.211 443 SRPA* 0 0 21 10972 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:22:41.111859 0.032375 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:41.143075 0.098250 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:41.144843 3.855992 tcp 10.0.2.109 53434 -> 94.155.230.34 3712 FSPA* 0 0 1197 670654 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:22:41.466960 0.059457 rtp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:22:41.725599 0.000000 udp 10.0.2.109 3683 -> 5.13.211.189 7306 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 08:22:45.036372 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 08:22:52.041560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:23:00.042296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:23:00.443220 0.050776 tcp 10.0.2.109 53435 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:23:00.494318 0.051714 tcp 10.0.2.109 53436 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:23:00.545903 0.149620 tcp 10.0.2.109 53437 -> 195.113.214.211 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:23:00.696087 0.172284 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2585 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:00.864336 1.099984 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 4 1244 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:01.938300 0.166239 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:02.094812 0.605877 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:02.795075 0.093546 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:03.034356 0.071114 rtp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:03.140684 0.028701 rtp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:03.356105 0.383254 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 5 1735 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:03.734813 0.167015 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:03.879566 0.000000 udp 10.0.2.109 3683 -> 109.95.92.216 2182 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 08:23:16.046016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:23:18.999786 0.049304 tcp 10.0.2.109 53438 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:23:19.049462 0.051053 tcp 10.0.2.109 53439 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:23:19.100778 0.156622 tcp 10.0.2.109 53440 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:23:19.256602 0.061744 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:23:32.299038 0.709621 tcp 10.0.2.109 53441 -> 176.73.169.112 1959 FSPA* 0 0 15 1701 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:23:48.050543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:29:52.057009 3.001488 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 08:29:59.064039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:30:07.065526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:30:23.068742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:30:55.074434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:36:59.080613 3.002045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 08:37:06.088497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:37:14.089494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:37:30.092648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:38:02.098762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:44:06.104822 3.002276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 08:44:13.112445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:44:21.115055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:44:37.116939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:45:09.122618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:53:19.968500 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 08:53:19.968702 0.000000 udp 10.0.2.109 3683 -> 109.153.254.98 4764 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 08:53:33.007766 0.603648 tcp 10.0.2.109 53442 -> 176.73.169.112 1959 FSPA* 0 0 15 1764 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:53:35.132684 3.002260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 08:53:38.647316 0.053015 tcp 10.0.2.109 53443 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:53:38.700630 0.056633 tcp 10.0.2.109 53444 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:53:38.757281 0.160751 tcp 10.0.2.109 53445 -> 195.113.214.211 443 SRPA* 0 0 43 37080 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:53:38.918852 0.189419 udp 10.0.2.109 3683 <-> 108.214.152.10 6765 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:53:39.100564 0.000000 udp 10.0.2.109 3683 -> 5.13.211.189 7306 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 08:53:42.141564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:53:50.141649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:53:56.271368 0.054216 tcp 10.0.2.109 53446 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:53:56.325944 0.061197 tcp 10.0.2.109 53447 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:53:56.387476 0.152448 tcp 10.0.2.109 53448 -> 195.113.214.211 443 SRPA* 0 0 28 11888 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:53:56.540083 0.000000 udp 10.0.2.109 3683 -> 109.95.92.216 2182 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 08:54:06.145008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:54:13.426075 0.054872 tcp 10.0.2.109 53449 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:54:13.480745 0.054964 tcp 10.0.2.109 53450 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:54:13.536002 0.157326 tcp 10.0.2.109 53451 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:54:13.693929 0.046867 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:13.753556 0.158351 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:14.024056 0.165594 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:14.191461 0.045720 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:14.251212 3.001846 tcp 10.0.2.109 53452 -> 93.212.253.238 9588 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 08:54:14.254381 0.202735 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:14.435978 0.157640 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2562 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:14.582920 0.894952 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:15.455405 0.338955 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:15.798899 0.163144 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:15.940491 0.308991 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:16.263517 0.409165 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:16.654513 0.170107 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:16.801331 0.386540 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:17.170221 0.355547 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:17.522152 0.191939 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:17.706702 0.370222 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:18.087057 0.246073 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:18.297990 0.328907 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:18.625894 0.239741 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:18.824805 0.030967 rtp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:18.924348 0.000000 udp 10.0.2.109 3683 -> 87.153.116.208 4545 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 08:54:23.249491 0.000000 tcp 10.0.2.109 53452 -> 93.212.253.238 9588 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 08:54:34.316240 0.051849 tcp 10.0.2.109 53453 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:54:34.368430 0.055421 tcp 10.0.2.109 53454 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:54:34.424212 0.150524 tcp 10.0.2.109 53455 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:54:34.575677 0.071815 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:34.629882 0.169292 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:34.788918 0.159367 udp 10.0.2.109 3683 <-> 217.83.152.46 5333 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:34.906785 0.056478 udp 10.0.2.109 3683 <-> 80.51.86.140 2934 CON 0 0 4 1417 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:34.961850 0.048428 udp 10.0.2.109 3683 <-> 81.133.27.50 9684 CON 0 0 6 2536 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:35.043124 0.000000 udp 10.0.2.109 3683 -> 86.133.187.183 2650 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 08:54:38.151080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 08:54:50.549507 0.054514 tcp 10.0.2.109 53456 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:54:50.602919 0.055322 tcp 10.0.2.109 53457 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:54:50.658560 0.149337 tcp 10.0.2.109 53458 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/02/06 08:54:50.808419 0.054499 rtp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:50.866947 0.180081 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:51.041542 0.091019 udp 10.0.2.109 3683 <-> 88.104.137.77 8182 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:51.102704 0.191924 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:51.291284 0.058317 rtp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:51.291616 3.002581 tcp 10.0.2.109 53459 -> 108.217.170.244 1819 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 08:54:51.398871 0.065459 udp 10.0.2.109 3683 <-> 82.211.185.55 1124 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:51.466907 0.058710 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:51.544493 0.032064 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:51.586122 0.098237 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:51.714591 0.171914 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:51.883174 0.463272 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:52.306259 1.637193 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:53.883650 0.164666 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:54.038861 0.024964 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:54.090942 0.356462 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:54.466399 0.067897 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:54.517326 0.091154 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:54.637426 0.169244 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:54:54.786033 0.058000 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/06 08:55:00.292678 0.000000 tcp 10.0.2.109 53459 -> 108.217.170.244 1819 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 09:00:42.158026 3.000612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 09:00:49.164129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:00:57.165719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:01:13.168696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:01:45.175006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:07:49.180710 3.001761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 09:07:56.188561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:08:04.189610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:08:20.338906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:08:52.199451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:14:56.205654 3.001534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 09:15:03.212997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:15:11.213570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:15:27.216678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:15:59.223163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:22:03.232282 2.998189 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 09:22:10.235989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:22:18.237666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:22:34.240665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:23:06.246429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:23:33.616528 0.000147 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 09:23:33.616769 0.574788 tcp 10.0.2.109 53460 -> 176.73.169.112 1959 FSPA* 0 0 15 1740 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:25:10.475805 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 09:25:10.475920 0.000000 udp 10.0.2.109 3683 -> 87.153.116.208 4545 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:25:28.692986 0.051673 tcp 10.0.2.109 53461 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:25:28.744957 0.051944 tcp 10.0.2.109 53462 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:25:28.797233 0.148375 tcp 10.0.2.109 53463 -> 195.113.214.211 443 SRPA* 0 0 43 24396 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:25:28.944591 0.000000 udp 10.0.2.109 3683 -> 86.133.187.183 2650 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:25:46.337895 0.050245 tcp 10.0.2.109 53464 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:25:46.388479 0.050742 tcp 10.0.2.109 53465 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:25:46.439547 0.144657 tcp 10.0.2.109 53466 -> 195.113.214.211 443 SRPA* 0 0 41 21414 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:25:46.584817 0.189810 udp 10.0.2.109 3683 <-> 108.214.152.10 6765 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:46.767485 0.167961 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:46.987865 0.157898 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:47.160503 0.048209 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:47.235053 1.755987 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:48.966787 0.147881 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:48.967231 2.997747 tcp 10.0.2.109 53467 -> 76.242.179.0 1308 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 09:25:49.110998 0.045932 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:49.153770 0.905732 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:50.036716 0.339501 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:50.375998 0.165809 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:50.517804 0.309112 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:50.825734 0.175614 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:51.004402 0.418324 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:51.402225 0.349891 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:51.748475 0.385914 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:52.114472 0.357695 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:52.453050 0.192529 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:52.638288 0.250910 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:52.853227 0.238644 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:53.053685 0.323022 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:53.409533 0.029216 udp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:53.436481 0.172258 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:53.603376 0.073240 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:53.659912 0.138233 udp 10.0.2.109 3683 <-> 217.83.152.46 5333 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:25:53.755660 0.000000 udp 10.0.2.109 3683 -> 80.51.86.140 2934 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:25:57.963402 0.000000 tcp 10.0.2.109 53467 -> 76.242.179.0 1308 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 09:26:09.310667 0.050273 tcp 10.0.2.109 53468 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:09.360848 0.050024 tcp 10.0.2.109 53469 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:09.411192 0.163081 tcp 10.0.2.109 53470 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:09.573731 0.049151 udp 10.0.2.109 3683 <-> 81.133.27.50 9684 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:26:09.620953 0.054361 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:26:09.743577 0.163052 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:26:09.900580 0.137102 udp 10.0.2.109 3683 <-> 88.104.137.77 8182 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:26:10.003569 0.197530 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:26:10.004003 4.997348 tcp 10.0.2.109 53471 -> 88.104.137.77 2886 SPA_* 0 0 631 353700 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:10.198034 0.059908 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:26:10.271084 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:26:15.032830 0.399985 tcp 10.0.2.109 53471 -> 88.104.137.77 2886 FPA_* 0 0 20 7584 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:15.914478 0.497873 tcp 10.0.2.109 53472 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:16.412757 0.050180 tcp 10.0.2.109 53473 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:16.463177 0.150405 tcp 10.0.2.109 53474 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:33.336325 0.000000 udp 10.0.2.109 3683 -> 80.51.86.140 2934 REQ 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:26:50.847523 0.050345 tcp 10.0.2.109 53475 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:50.898360 0.051240 tcp 10.0.2.109 53476 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:50.949926 0.165402 tcp 10.0.2.109 53477 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:26:51.113561 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 1124 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:27:07.544198 0.052149 tcp 10.0.2.109 53478 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:27:07.596618 0.059416 tcp 10.0.2.109 53479 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:27:07.656330 0.167197 tcp 10.0.2.109 53480 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:27:07.821158 0.061952 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:07.966902 0.032091 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:08.135513 0.098912 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2631 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:08.246744 0.175500 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:08.419612 1.440536 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:09.020097 0.164374 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:09.174589 0.744423 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:09.898629 0.024012 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:09.975331 0.071122 udp 10.0.2.109 3683 <-> 86.173.68.47 8833 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:10.028612 0.126401 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:10.137820 0.169193 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:10.286266 0.057813 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:10.392934 0.383476 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:10.877759 0.190303 rtp 10.0.2.109 3683 <-> 108.214.152.10 6765 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:11.060438 0.153529 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:11.259297 0.047989 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:11.327676 0.167430 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:11.499061 0.203070 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:11.675979 0.146105 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:11.813976 0.044507 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:11.873518 0.867857 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:12.780096 0.340340 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:13.120202 0.168780 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:13.265197 0.309323 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:13.573372 0.353942 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:13.923226 0.163583 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:14.065525 0.461311 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:14.509509 0.349758 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:14.844178 0.413085 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:15.241531 0.190692 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:15.424800 0.238881 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:15.625941 0.323794 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:15.949427 0.037107 udp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:16.000613 0.166407 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:16.156812 0.129105 udp 10.0.2.109 3683 <-> 217.83.152.46 5333 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:16.250612 0.073016 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:16.655016 0.249244 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:16.868904 0.043608 udp 10.0.2.109 3683 <-> 81.133.27.50 9684 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:16.956181 0.057104 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:17.067465 0.105186 udp 10.0.2.109 3683 <-> 88.104.137.77 8182 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:17.152668 0.059149 rtp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:17.225011 0.195783 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:17.412866 0.165947 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:27:18.009252 0.539900 tcp 10.0.2.109 53481 -> 176.73.169.112 1959 FSPA* 0 0 13 1665 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:29:10.392926 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 09:29:17.400133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:29:25.401848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:29:41.405054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:30:13.411143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:36:17.417929 3.000702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 09:36:24.424449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:36:32.425761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:36:48.428409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:37:20.434928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:43:24.440331 3.002718 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 09:43:31.448349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:43:39.449873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:43:55.452774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:44:27.459836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:50:31.466538 3.000181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 09:50:38.473209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:50:46.473789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:51:02.476767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:51:34.483052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:57:18.557996 0.000232 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 09:57:18.558337 0.527575 tcp 10.0.2.109 53482 -> 176.73.169.112 1959 FSPA* 0 0 14 1553 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:57:38.490321 3.001292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 09:57:41.049988 0.075288 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:57:41.145223 0.175215 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:57:41.317571 0.034802 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:57:41.390459 0.098731 rtp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:57:41.490772 1.348884 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:57:42.804293 0.693461 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:57:43.277670 0.167493 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:57:43.435543 0.025155 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:57:43.531400 0.000000 udp 10.0.2.109 3683 -> 86.173.68.47 8833 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:57:45.496132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:57:53.497550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:58:00.019105 0.052736 tcp 10.0.2.109 53483 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:58:00.072230 0.054274 tcp 10.0.2.109 53484 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:58:00.126907 0.150276 tcp 10.0.2.109 53485 -> 195.113.214.211 443 SRPA* 0 0 25 10516 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:58:00.275773 0.104540 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:00.388453 0.166329 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:00.533676 0.060027 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:00.620462 0.379688 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:00.999004 0.048895 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:01.081518 0.179556 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:01.271238 0.205819 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:01.453249 0.149570 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:01.595015 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:58:09.504936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:58:20.207065 0.053094 tcp 10.0.2.109 53486 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:58:20.259960 0.126148 tcp 10.0.2.109 53487 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:58:20.386477 0.159800 tcp 10.0.2.109 53488 -> 195.113.214.211 443 SRPA* 0 0 43 22186 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:58:20.545302 0.193230 rtp 10.0.2.109 3683 <-> 108.214.152.10 6765 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:20.731181 0.159345 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2590 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:20.933600 0.111937 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:21.020179 0.339840 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:21.420968 0.164114 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:21.563835 0.312200 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:21.872421 0.352834 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:22.221961 0.339715 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 1954 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:22.614826 0.170549 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:22.762187 0.415023 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:23.155598 0.241420 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:23.354362 0.383715 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:23.720346 0.193559 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:23.904411 0.347130 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:24.348373 0.044911 udp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:24.381486 0.166845 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:24.538408 0.000000 udp 10.0.2.109 3683 -> 217.83.152.46 5333 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:58:41.506703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 09:58:42.188235 0.052585 tcp 10.0.2.109 53489 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:58:42.241170 0.057157 tcp 10.0.2.109 53490 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:58:42.298226 0.153016 tcp 10.0.2.109 53491 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:58:42.451900 0.069778 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:42.562332 0.249435 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:42.779720 0.097736 udp 10.0.2.109 3683 <-> 88.104.137.77 8182 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:58:42.847163 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:59:00.224157 0.052309 tcp 10.0.2.109 53492 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:59:00.276799 0.057402 tcp 10.0.2.109 53493 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:59:00.334571 0.153130 tcp 10.0.2.109 53494 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:59:00.485305 0.198274 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:59:00.679939 0.161348 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/06 09:59:00.882632 0.000000 udp 10.0.2.109 3683 -> 81.133.27.50 9684 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 09:59:16.557988 0.070992 tcp 10.0.2.109 53495 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:59:16.629288 0.053478 tcp 10.0.2.109 53496 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:59:16.683192 0.144470 tcp 10.0.2.109 53497 -> 195.113.214.211 443 SRPA* 0 0 40 21276 flow=From-Botnet-V1-TCP-Established 1970/02/06 09:59:16.827132 0.068485 rtp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:04:50.522009 3.000478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 10:04:57.527214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:05:05.528871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:05:21.532691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:05:53.538248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:11:57.543966 3.001428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 10:12:04.551257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:12:12.552481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:12:28.555755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:13:00.571791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:19:04.577818 3.001799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 10:19:11.586214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:19:19.586699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:19:35.589638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:20:07.595751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:26:11.602993 3.000522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 10:26:18.609304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:26:26.610639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:26:42.614014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:27:14.619688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:27:19.089123 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 10:27:19.089237 0.558412 tcp 10.0.2.109 53498 -> 176.73.169.112 1959 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:29:20.841701 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 10:29:20.841816 0.000000 udp 10.0.2.109 3683 -> 86.173.68.47 8833 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 10:29:36.995607 0.052493 tcp 10.0.2.109 53499 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:29:37.048387 0.054051 tcp 10.0.2.109 53500 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:29:37.102739 0.160921 tcp 10.0.2.109 53501 -> 195.113.214.211 443 SRPA* 0 0 42 34064 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:29:37.264570 0.049633 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:29:37.593983 0.000000 udp 10.0.2.109 3683 -> 217.83.152.46 5333 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 10:29:52.808020 0.063445 tcp 10.0.2.109 53502 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:29:52.871810 0.055612 tcp 10.0.2.109 53503 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:29:52.927788 0.143173 tcp 10.0.2.109 53504 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:29:53.071599 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 10:30:10.393301 0.058209 tcp 10.0.2.109 53505 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:30:10.452115 0.061423 tcp 10.0.2.109 53506 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:30:10.513798 0.161167 tcp 10.0.2.109 53507 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:30:10.675453 0.000000 udp 10.0.2.109 3683 -> 81.133.27.50 9684 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 10:30:26.225685 0.052127 tcp 10.0.2.109 53508 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:30:26.278137 0.052131 tcp 10.0.2.109 53509 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:30:26.330633 0.169131 tcp 10.0.2.109 53510 -> 195.113.214.211 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:30:26.500324 0.066498 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:26.587374 0.053871 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:26.640089 0.170803 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:26.807842 0.591919 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:27.367068 0.098600 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:27.475309 0.026383 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:27.501020 0.822180 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2525 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:28.066992 0.165586 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:28.223775 0.000000 udp 10.0.2.109 3683 -> 46.197.167.75 3636 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 10:30:46.345474 0.054242 tcp 10.0.2.109 53511 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:30:46.400036 0.053413 tcp 10.0.2.109 53512 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:30:46.453703 0.155893 tcp 10.0.2.109 53513 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:30:46.609093 0.169232 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:46.757951 0.047168 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:46.807731 0.067880 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:46.908705 0.376968 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:47.284534 0.200669 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:47.463699 0.170229 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:47.634752 0.153591 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:47.780537 0.167366 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:47.931713 0.337324 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:48.283923 0.157062 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:48.416808 0.157951 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:30:48.594865 0.000000 udp 10.0.2.109 3683 -> 108.214.152.10 6765 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 10:31:05.816874 0.053644 tcp 10.0.2.109 53514 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:31:05.870697 0.053548 tcp 10.0.2.109 53515 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:31:05.924562 0.168292 tcp 10.0.2.109 53516 -> 195.113.214.211 443 SRPA* 0 0 25 14070 flow=From-Botnet-V1-TCP-Established 1970/02/06 10:31:06.093528 0.309698 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:06.401512 0.354767 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:06.752801 0.352869 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:07.129783 0.170615 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:07.276591 0.235598 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:07.475147 0.411021 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:07.864302 0.392176 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:08.238823 0.189576 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:08.420035 0.031392 udp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:08.458516 0.338730 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:08.822487 0.167071 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:08.979172 0.073150 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:09.050413 0.244358 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:09.257226 0.093071 udp 10.0.2.109 3683 <-> 88.104.137.77 8182 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:09.319545 0.194159 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:09.509859 0.164498 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2547 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:31:09.669245 0.054928 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/06 10:33:18.626258 3.001313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 10:33:25.633217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:33:33.634462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:33:49.637615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:34:21.643816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:40:25.649422 3.002094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 10:40:32.657149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:40:40.658617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:40:56.661619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:41:28.667862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:47:32.673731 3.001733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 10:47:39.681000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:47:47.682818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:48:03.685496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:48:35.691192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:55:27.706424 3.002018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 10:55:34.714132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:55:42.715572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:55:58.718394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:56:30.724793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 10:57:19.655495 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 10:57:19.655605 0.625024 tcp 10.0.2.109 53517 -> 176.73.169.112 1959 FSPA* 0 0 14 1610 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:01:16.575883 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 11:01:16.575983 0.000000 udp 10.0.2.109 3683 -> 46.197.167.75 3636 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 11:01:34.783878 0.052256 tcp 10.0.2.109 53518 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:01:34.836417 0.052290 tcp 10.0.2.109 53519 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:01:34.888978 0.159240 tcp 10.0.2.109 53520 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:01:35.048765 0.189194 rtp 10.0.2.109 3683 <-> 108.214.152.10 6765 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:01:35.230041 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 11:01:53.149366 0.108420 tcp 10.0.2.109 53521 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:01:53.258089 0.051748 tcp 10.0.2.109 53522 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:01:53.310268 0.150594 tcp 10.0.2.109 53523 -> 195.113.214.211 443 SRPA* 0 0 21 13070 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:01:53.461437 0.176041 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:01:53.634894 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 11:02:09.362116 0.050109 tcp 10.0.2.109 53524 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:02:09.412602 0.051670 tcp 10.0.2.109 53525 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:02:09.464626 0.729291 tcp 10.0.2.109 53526 -> 195.113.214.211 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:02:10.192875 0.060748 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:10.460683 0.458223 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:10.882597 0.026954 rtp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:10.948368 0.098731 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 1970 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:11.062157 0.713044 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:11.556109 0.165931 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:11.735653 0.057515 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:11.919841 0.048112 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:12.026030 0.168163 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:12.174555 0.168014 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:12.534784 0.145444 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:12.676120 0.168188 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:13.072834 0.000000 udp 10.0.2.109 3683 -> 183.130.187.40 1424 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 11:02:31.934972 0.050137 tcp 10.0.2.109 53527 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:02:31.985451 0.053483 tcp 10.0.2.109 53528 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:02:32.039216 0.159903 tcp 10.0.2.109 53529 -> 195.113.214.211 443 SRPA* 0 0 42 21258 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:02:32.199779 0.207307 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:32.382483 0.227894 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:32.866434 0.112819 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:32.956895 0.343670 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:33.443140 0.312726 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:33.753766 0.350930 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:34.101236 0.237301 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:34.300085 0.412715 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:34.694059 0.356234 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:35.030830 0.170212 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:35.285239 0.384335 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:36.063181 0.187480 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2027 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:36.417719 0.030814 udp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:36.700213 0.330139 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:37.392632 0.243542 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:37.603286 0.000000 udp 10.0.2.109 3683 -> 88.104.137.77 8182 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 11:02:49.733741 3.000759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 11:02:55.798868 0.050967 tcp 10.0.2.109 53530 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:02:55.850189 0.050115 tcp 10.0.2.109 53531 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:02:55.900623 0.161899 tcp 10.0.2.109 53532 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:02:56.056907 0.193769 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:56.247254 0.167196 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:56.408361 0.056535 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:56.605791 0.168066 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:02:56.739788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:02:56.764083 0.076315 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2612 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:03:04.741146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:03:20.744205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:03:52.750503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:09:56.756989 3.000974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 11:10:03.763663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:10:11.764649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:10:27.767722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:10:59.774100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:17:03.780918 3.000327 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 11:17:10.787762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:17:18.789094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:17:34.792105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:18:06.798545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:24:10.804708 3.001590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 11:24:17.811534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:24:25.813271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:24:41.816157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:25:13.822101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:27:20.290390 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 11:27:20.290501 0.691225 tcp 10.0.2.109 53533 -> 176.73.169.112 1959 FSPA* 0 0 12 1456 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:31:17.829738 2.999903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 11:31:24.834999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:31:32.836450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:31:48.840125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:32:20.846047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:33:17.638041 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 11:33:17.638187 0.045532 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:33:17.680656 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 11:33:35.315303 0.057853 tcp 10.0.2.109 53534 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:33:35.373488 0.054612 tcp 10.0.2.109 53535 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:33:35.428426 0.150973 tcp 10.0.2.109 53536 -> 195.113.214.211 443 SRPA* 0 0 41 21414 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:33:35.579029 0.362392 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:33:35.940242 0.000000 udp 10.0.2.109 3683 -> 88.104.137.77 8182 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 11:33:54.501591 0.053545 tcp 10.0.2.109 53537 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:33:54.555435 0.053405 tcp 10.0.2.109 53538 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:33:54.609227 0.153692 tcp 10.0.2.109 53539 -> 195.113.214.211 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:33:54.762505 0.192670 udp 10.0.2.109 3683 <-> 108.214.152.10 6765 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:33:54.947196 0.172752 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:33:55.116914 0.058456 rtp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:33:55.203262 0.842989 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:33:56.011178 0.000000 udp 10.0.2.109 3683 -> 178.216.41.54 5337 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 11:34:12.877571 0.054913 tcp 10.0.2.109 53540 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:34:12.932785 0.053828 tcp 10.0.2.109 53541 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:34:12.986475 0.155454 tcp 10.0.2.109 53542 -> 195.113.214.211 443 SRPA* 0 0 41 28758 flow=From-Botnet-V1-TCP-Established 1970/02/06 11:34:13.142600 0.136043 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:13.422247 0.169906 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:13.571377 0.169376 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:13.738138 0.159273 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:13.934693 0.706016 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:14.382816 0.056969 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:14.451394 0.046767 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:14.546977 0.167193 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:14.692018 0.155007 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:14.839273 0.108081 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:14.924776 0.154833 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:15.079343 0.207464 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:15.259220 0.341929 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:15.610838 0.311884 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:15.934735 0.242769 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:16.135037 0.350098 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:16.481007 0.170920 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:16.626715 0.405221 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:17.013637 0.348671 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:17.345427 0.036872 udp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:17.406773 0.194868 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:17.594040 0.385838 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:17.961460 0.340003 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:18.300827 0.299496 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:18.563819 0.055280 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:18.636005 0.168662 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:18.792357 0.194721 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:18.982971 0.164508 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:34:19.142169 0.071089 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/06 11:38:24.852767 3.028753 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 11:38:31.869418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:38:39.871158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:38:55.874117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:39:27.880175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:45:31.885517 3.028930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 11:45:38.904875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:45:46.905262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:46:02.907827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:46:34.914032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:54:22.929093 3.002127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 11:54:29.936729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:54:37.938778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:54:53.941489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:55:25.947543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 11:57:20.983518 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 11:57:20.983632 0.535269 tcp 10.0.2.109 53543 -> 176.73.169.112 1959 FSPA* 0 0 15 1729 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:01:52.967212 3.001551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 12:01:59.973993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:02:07.975947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:02:23.978530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:02:55.984782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:04:35.378690 0.000179 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 12:04:35.378981 2.964483 udp 10.0.2.109 3683 -> 178.216.41.54 5337 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 12:04:38.343464 0.000000 icmp 95.215.233.3 0x0103 -> 10.0.2.109 0xb2d8 URH 192 1 305 flow=Background 1970/02/06 12:04:54.146405 0.052286 tcp 10.0.2.109 53544 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:04:54.199076 0.054764 tcp 10.0.2.109 53545 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:04:54.254110 0.156197 tcp 10.0.2.109 53546 -> 195.113.214.211 443 SRPA* 0 0 39 33356 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:04:54.411048 0.053152 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:04:54.457033 0.362341 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 5 2032 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:12.491578 0.052666 tcp 10.0.2.109 53547 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:05:12.544564 0.053421 tcp 10.0.2.109 53548 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:05:12.598303 0.149947 tcp 10.0.2.109 53549 -> 195.113.214.211 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:05:12.748769 0.000000 udp 10.0.2.109 3683 -> 108.214.152.10 6765 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 12:05:29.227182 0.057773 tcp 10.0.2.109 53550 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:05:29.285289 0.053731 tcp 10.0.2.109 53551 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:05:29.339408 0.254370 tcp 10.0.2.109 53552 -> 195.113.214.211 443 SRPA* 0 0 94 78138 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:05:29.593005 0.173501 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:29.763527 0.064214 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:29.917563 0.435985 rtp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:30.305215 0.099437 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:30.558595 0.182314 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:30.718740 0.166177 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:31.018819 0.165712 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:31.176720 0.052451 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:31.301450 0.167423 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:31.446720 0.145446 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:31.587605 0.110620 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:31.724176 0.597175 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:32.994229 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 12:05:51.827612 0.053275 tcp 10.0.2.109 53553 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:05:51.881188 0.057635 tcp 10.0.2.109 53554 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:05:51.939137 0.155680 tcp 10.0.2.109 53555 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:05:52.095322 0.165522 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:52.368728 0.204769 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:52.550020 0.336758 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:53.106811 0.310912 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:53.507389 0.167721 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:53.653233 0.242210 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:53.854132 0.353299 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:54.203164 0.030544 udp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:54.269536 0.198587 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:54.459817 0.407448 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:54.846757 0.343258 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:55.173482 0.388570 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:55.918168 0.346003 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:56.263389 0.696775 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:56.922203 0.056278 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:57.202537 0.174150 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:57.366327 0.070096 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:57.452308 0.192397 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:05:57.708683 0.163164 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:09:04.997514 3.001943 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 12:09:12.005260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:09:20.006866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:09:36.010664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:10:08.160830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:16:12.032557 3.000809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 12:16:19.039568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:16:27.041044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:16:43.043478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:17:15.049829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:23:19.055770 3.001371 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 12:23:26.063362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:23:34.064717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:23:50.067247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:24:22.073559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:27:21.522369 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 12:27:21.522520 0.939398 tcp 10.0.2.109 53556 -> 176.73.169.112 1959 FSPA* 0 0 12 1519 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:30:26.079909 3.001779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 12:30:33.086796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:30:41.088703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:30:57.091515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:31:29.097636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:36:10.322712 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 12:36:10.322813 0.354406 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:36:10.730756 0.000000 udp 10.0.2.109 3683 -> 108.214.152.10 6765 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 12:36:27.588282 0.054170 tcp 10.0.2.109 53557 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:36:27.642787 0.058538 tcp 10.0.2.109 53558 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:36:27.701624 0.151543 tcp 10.0.2.109 53559 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:36:27.853818 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 12:36:45.613387 0.053837 tcp 10.0.2.109 53560 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:36:45.667492 0.055055 tcp 10.0.2.109 53561 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:36:45.722852 0.146705 tcp 10.0.2.109 53562 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:36:45.870243 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 12:37:02.127704 0.053272 tcp 10.0.2.109 53563 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:37:02.181281 0.055250 tcp 10.0.2.109 53564 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:37:02.236816 0.163482 tcp 10.0.2.109 53565 -> 195.113.214.211 443 SRPA* 0 0 75 53738 flow=From-Botnet-V1-TCP-Established 1970/02/06 12:37:02.398668 0.056357 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:02.671006 0.171723 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 1906 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:02.839549 0.168390 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:02.989240 0.098437 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:03.202239 0.417339 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:03.577500 0.167190 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:03.791928 0.152819 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:03.940265 0.114870 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:04.085874 0.047948 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:04.203976 0.166275 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:04.358299 0.167861 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:04.504519 0.692047 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:04.976871 0.162220 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:05.170375 0.205488 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:05.350768 0.342586 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:05.773115 0.237602 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:05.973964 0.310604 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:06.283529 0.169772 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:06.431911 0.190874 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:06.661347 0.410655 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:07.051726 0.349114 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:07.397290 0.035185 udp 10.0.2.109 3683 <-> 83.82.138.65 1024 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:07.430913 0.382032 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:07.796998 0.393907 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:08.173975 0.337627 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:08.556983 0.246688 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:08.770298 0.069827 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:08.819985 0.199140 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:09.016124 0.164598 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:09.174884 0.055666 rtp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:09.395807 0.169948 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/06 12:37:33.103544 3.001832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 12:37:40.111090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:37:48.112581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:38:04.115548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:38:36.121771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:44:40.128746 3.002645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 12:44:47.135002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:44:55.136134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:45:11.139781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:45:43.145704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:53:58.160181 3.001749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 12:54:05.167579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:54:13.168931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:54:29.174908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:55:01.178028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 12:57:22.461634 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 12:57:22.461735 0.571299 tcp 10.0.2.109 53566 -> 176.73.169.112 1959 FSPA* 0 0 12 1449 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:01:06.185782 3.000640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 13:01:13.192843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:01:21.193969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:01:37.197310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:02:09.203562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:07:26.760300 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 13:07:26.760414 0.050882 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:26.809404 0.380465 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:27.722090 0.057850 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:27.830552 0.174842 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:28.002734 0.171571 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:28.167845 0.099552 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:28.350946 0.421891 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:28.723552 0.167588 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:28.935832 0.144102 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:29.075994 0.165180 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:29.233315 0.166212 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:29.567983 0.115358 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:29.655212 0.048043 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:29.814948 1.474626 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:30.369665 0.161853 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:30.798346 0.204507 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:30.980467 0.337151 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:31.674200 0.166031 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:31.819429 0.188048 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:31.999967 0.242838 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:33.079567 0.310226 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1977 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:33.388176 0.000000 udp 10.0.2.109 3683 -> 83.82.138.65 1024 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 13:07:48.613077 0.054331 tcp 10.0.2.109 53567 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:07:48.667720 0.054671 tcp 10.0.2.109 53568 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:07:48.722265 0.157078 tcp 10.0.2.109 53569 -> 195.113.214.211 443 SRPA* 0 0 41 19986 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:07:48.877925 0.377180 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:49.236883 0.535349 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:49.756378 0.354500 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:50.154493 0.391844 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:50.531558 0.337332 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:51.027836 0.393989 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:51.383740 0.073187 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:51.486231 0.054796 rtp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:51.646939 0.167993 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:51.804484 0.195051 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2009 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:07:51.996336 0.165152 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:08:20.208628 3.004101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 13:08:27.216329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:08:35.218831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:08:51.221236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:09:23.227493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:15:27.235099 3.000270 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 13:15:34.242577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:15:42.242643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:15:58.245125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:16:30.251573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:22:34.258039 3.001006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 13:22:41.264671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:22:49.266668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:23:05.269088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:23:37.275431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:27:23.040243 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 13:27:23.040348 0.583996 tcp 10.0.2.109 53570 -> 176.73.169.112 1959 FSPA* 0 0 15 1646 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:29:41.282661 3.000524 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 13:29:48.289388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:29:56.290719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:30:13.199238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:30:44.820177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:36:48.316879 2.999979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 13:36:55.322873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:37:03.324016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:37:19.327207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:37:51.333243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:38:07.907480 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 13:38:07.907631 0.000000 udp 10.0.2.109 3683 -> 83.82.138.65 1024 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 13:38:25.654957 0.054464 tcp 10.0.2.109 53571 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:38:25.709716 0.055103 tcp 10.0.2.109 53572 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:38:25.764724 0.154974 tcp 10.0.2.109 53573 -> 195.113.214.211 443 SRPA* 0 0 56 35238 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:38:25.917853 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 13:38:43.438684 0.052872 tcp 10.0.2.109 53574 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:38:43.491852 0.052980 tcp 10.0.2.109 53575 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:38:43.545107 0.142606 tcp 10.0.2.109 53576 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:38:43.688286 0.058453 rtp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:43.764054 0.375455 udp 10.0.2.109 3683 <-> 183.130.187.40 1424 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:44.161504 0.099120 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:44.301228 0.422861 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:44.674855 0.170955 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2556 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:44.924917 0.168976 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:45.070750 0.173688 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:45.240447 0.171143 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:45.387808 0.110817 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:45.474550 0.046402 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:45.616935 0.165995 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:45.772406 0.157481 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:45.925712 0.718108 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:46.384782 0.164535 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:46.653092 0.169452 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:46.799448 0.336836 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:47.243988 0.205142 rtp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:47.427687 0.190828 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:47.628587 0.239539 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:47.827600 0.310814 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:48.240923 0.382306 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:48.602767 0.408859 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:48.993504 0.353534 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:49.536768 0.395589 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:49.915160 0.339464 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:50.354695 0.054940 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:50.850203 0.169316 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:51.009529 0.248499 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:51.222981 0.071021 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:51.521180 0.196619 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:38:51.714784 0.163729 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 1980 flow=From-Botnet-V1-UDP-Established 1970/02/06 13:43:55.339327 3.019110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 13:44:02.356752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:44:10.357707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:44:26.361075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:44:58.377015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:51:02.383654 3.001493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 13:51:09.390807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:51:17.392621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:51:33.395011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:52:05.401244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:57:23.629391 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 13:57:23.629504 0.483883 tcp 10.0.2.109 53577 -> 176.73.169.112 1959 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/02/06 13:58:09.407729 3.001191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 13:58:16.414742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:58:24.415632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:58:40.419062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 13:59:12.425351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:05:26.436526 3.000668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 14:05:33.443005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:05:41.444573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:05:57.447430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:06:29.453607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:08:54.141973 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 14:08:54.142083 0.347645 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:08:54.185598 0.304194 rtp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:08:54.513855 0.431641 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:08:54.912260 0.170644 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:08:55.154603 0.000000 udp 10.0.2.109 3683 -> 183.130.187.40 1424 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 14:09:12.920992 0.053462 tcp 10.0.2.109 53578 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:09:12.974720 0.055081 tcp 10.0.2.109 53579 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:09:13.029616 0.149561 tcp 10.0.2.109 53580 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:09:13.179764 0.098037 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:14.181508 0.167621 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:14.326933 0.177925 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:14.497956 0.167185 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:14.718822 0.115344 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:14.809329 0.046990 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:14.956393 0.167561 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:15.112599 0.154932 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:15.258951 0.170198 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:15.405609 0.687107 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:15.873703 0.158281 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:16.206956 0.340342 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:16.547478 0.206766 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:16.731700 0.192923 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:16.916762 0.241531 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:17.298654 0.309064 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:17.750934 0.346591 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:18.245991 0.380853 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:18.607523 0.000000 udp 10.0.2.109 3683 -> 165.228.70.22 8079 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 14:09:37.395226 0.056010 tcp 10.0.2.109 53581 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:09:37.451718 0.055959 tcp 10.0.2.109 53582 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:09:37.506969 0.143898 tcp 10.0.2.109 53583 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:09:37.651346 0.352923 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:38.000560 0.329871 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:38.329730 0.055117 rtp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:38.456593 0.073537 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:38.509512 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 14:09:57.393075 0.052433 tcp 10.0.2.109 53584 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:09:57.445813 0.053235 tcp 10.0.2.109 53585 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:09:57.499363 0.150102 tcp 10.0.2.109 53586 -> 195.113.214.211 443 SRPA* 0 0 40 33956 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:09:57.650523 0.179401 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:57.823712 0.167139 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:09:57.980668 0.250201 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:12:33.461661 2.999451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 14:12:40.467088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:12:48.468832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:13:04.472204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:13:36.477310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:19:40.484735 3.000727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 14:19:47.491052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:19:55.492592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:20:11.495367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:20:43.501380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:26:47.510250 2.998776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 14:26:54.514890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:27:02.516547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:27:18.519348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:27:24.117945 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 14:27:24.118059 0.722169 tcp 10.0.2.109 53587 -> 176.73.169.112 1959 FSPA* 0 0 12 1639 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:27:50.525422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:33:54.531383 3.001675 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 14:34:01.538894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:34:09.540256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:34:25.543227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:34:57.549229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:40:12.402905 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 14:40:12.403020 0.000000 udp 10.0.2.109 3683 -> 183.130.187.40 1424 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 14:40:31.401635 0.052976 tcp 10.0.2.109 53588 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:40:31.454899 0.052647 tcp 10.0.2.109 53589 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:40:31.507857 0.148409 tcp 10.0.2.109 53590 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:40:31.656899 0.410551 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:40:32.049171 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 14:40:47.262965 0.052465 tcp 10.0.2.109 53591 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:40:47.315694 0.054269 tcp 10.0.2.109 53592 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:40:47.370461 0.150810 tcp 10.0.2.109 53593 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:40:47.521993 0.057054 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:40:47.582066 0.054340 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:40:47.633763 0.418969 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:40:48.010555 0.169770 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:40:48.179688 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 14:41:01.555224 3.001374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 14:41:05.418500 0.052697 tcp 10.0.2.109 53594 -> 195.113.214.219 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:41:05.471538 0.053245 tcp 10.0.2.109 53595 -> 195.113.214.211 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:41:05.525142 0.147264 tcp 10.0.2.109 53596 -> 195.113.214.211 443 SRPA* 0 0 27 11833 flow=From-Botnet-V1-TCP-Established 1970/02/06 14:41:05.672874 0.167445 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:05.818294 0.185725 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:06.000667 0.168625 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:06.147250 0.047622 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:06.212622 0.110872 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:06.298643 0.710889 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:06.769293 0.242569 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:06.986268 0.165839 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2008 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:07.144054 0.154596 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:07.290874 0.210267 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:07.477482 0.334617 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:07.818741 0.156035 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:07.980078 0.192637 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:08.165386 0.240410 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:08.364956 0.310855 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:08.562880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:41:08.693209 0.380366 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:09.056418 0.346217 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:09.383868 0.068499 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:09.467149 0.335983 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:09.802723 0.352884 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:10.151668 0.054910 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:10.217216 0.166007 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:10.403637 0.172358 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:10.578679 0.249763 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/06 14:41:16.564521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:41:32.567606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:42:04.574420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:48:08.579077 3.001768 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 14:48:15.586433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:48:23.587882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:48:39.591346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:49:11.597154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:55:43.605545 2.999551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 14:55:50.611020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:55:58.612415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:56:14.615487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:56:46.621382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 14:57:24.846726 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 14:57:24.846834 0.453228 tcp 10.0.2.109 53597 -> 176.73.169.112 1959 FSPA* 0 0 15 1699 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:02:50.628804 3.007353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 15:02:57.636646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:03:05.636097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:03:21.639422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:03:53.655437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:09:57.667336 2.996681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 15:10:04.674680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:10:12.672359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:10:28.673901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:11:00.679483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:11:36.901739 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:11:36.901848 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 15:11:51.964871 0.053409 tcp 10.0.2.109 53598 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:11:52.018531 0.052105 tcp 10.0.2.109 53599 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:11:52.070913 0.144628 tcp 10.0.2.109 53600 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:11:52.216216 0.407598 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:11:52.605565 0.000000 udp 10.0.2.109 3683 -> 46.49.11.252 6051 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 15:12:08.387606 0.089104 tcp 10.0.2.109 53601 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:12:08.477023 0.054636 tcp 10.0.2.109 53602 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:12:08.531935 0.139633 tcp 10.0.2.109 53603 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:12:08.672120 0.055374 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:08.725920 0.424435 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:09.101595 0.167614 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:09.991487 0.167373 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:10.135667 0.048228 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:10.313744 0.107817 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:10.398208 0.739348 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:10.898309 0.172699 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:11.215365 0.166976 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:11.594877 0.166535 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:11.739718 0.163719 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:11.957652 0.148627 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:12.098459 0.204614 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:12.413115 0.341575 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:12.788796 0.241998 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:13.029779 0.445409 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:13.778430 0.155505 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:14.079747 0.194197 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:14.266252 0.387912 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:14.633269 0.343076 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:14.958720 0.069299 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:15.172430 0.336552 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:15.508498 0.162595 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:16.325693 0.182032 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:16.502306 0.247925 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:16.770590 0.353944 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:12:17.168777 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 15:12:35.526613 0.051931 tcp 10.0.2.109 53604 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:12:35.578841 0.053240 tcp 10.0.2.109 53605 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:12:35.632357 0.140736 tcp 10.0.2.109 53606 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:17:04.689578 3.008985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 15:17:11.702532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:17:19.704440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:17:35.707520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:18:07.713227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:24:11.720343 3.000915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 15:24:18.726767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:24:26.728572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:24:42.731437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:25:14.737629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:27:25.305637 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:27:25.305746 2.993573 tcp 10.0.2.109 53607 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:27:34.298051 0.000000 tcp 10.0.2.109 53607 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:27:40.308457 0.045385 tcp 10.0.2.109 53608 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:27:40.354117 0.045783 tcp 10.0.2.109 53609 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:27:40.400228 0.223713 tcp 10.0.2.109 53610 -> 195.113.214.211 443 SRPA* 0 0 44 35966 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:27:40.755369 2.996262 tcp 10.0.2.109 53611 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:27:49.750151 0.000000 tcp 10.0.2.109 53611 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:27:55.749452 0.045135 tcp 10.0.2.109 53612 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:27:55.794870 0.046945 tcp 10.0.2.109 53613 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:27:55.842262 0.141905 tcp 10.0.2.109 53614 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:27:56.201371 3.003009 tcp 10.0.2.109 53615 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:28:05.204769 0.000000 tcp 10.0.2.109 53615 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:28:11.201724 0.047735 tcp 10.0.2.109 53616 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:28:11.249741 0.046799 tcp 10.0.2.109 53617 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:28:11.296871 0.141473 tcp 10.0.2.109 53618 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:28:11.449961 3.005784 tcp 10.0.2.109 53619 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:28:20.454360 0.000000 tcp 10.0.2.109 53619 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:28:26.443270 3.005151 tcp 10.0.2.109 53620 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:28:35.455815 0.000000 tcp 10.0.2.109 53620 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:28:41.444773 2.994226 tcp 10.0.2.109 53621 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:28:50.447629 0.000000 tcp 10.0.2.109 53621 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:31:18.742579 3.002493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 15:31:25.751003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:31:33.752608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:31:49.755412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:32:21.761461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:33:56.448034 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:33:56.448129 3.003733 tcp 10.0.2.109 53622 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:34:05.450727 0.000000 tcp 10.0.2.109 53622 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:34:11.450883 0.047582 tcp 10.0.2.109 53623 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:34:11.498758 0.045953 tcp 10.0.2.109 53624 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:34:11.544577 0.136713 tcp 10.0.2.109 53625 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:34:12.240808 3.003679 tcp 10.0.2.109 53626 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:34:21.243116 0.000000 tcp 10.0.2.109 53626 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:34:27.242579 0.045762 tcp 10.0.2.109 53627 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:34:27.288182 0.046228 tcp 10.0.2.109 53628 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:34:27.334822 0.137772 tcp 10.0.2.109 53629 -> 195.113.214.211 443 SRPA* 0 0 32 16642 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:34:27.488384 3.007645 tcp 10.0.2.109 53630 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:34:36.495089 0.000000 tcp 10.0.2.109 53630 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:34:42.484449 0.045295 tcp 10.0.2.109 53631 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:34:42.530030 0.047330 tcp 10.0.2.109 53632 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:34:42.577637 0.150536 tcp 10.0.2.109 53633 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:34:42.905825 2.992852 tcp 10.0.2.109 53634 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:34:51.907094 0.000000 tcp 10.0.2.109 53634 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:34:57.905895 2.994493 tcp 10.0.2.109 53635 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:35:06.899253 0.000000 tcp 10.0.2.109 53635 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:35:12.907981 3.003388 tcp 10.0.2.109 53636 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:35:21.910536 0.000000 tcp 10.0.2.109 53636 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:35:26.757287 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:38:25.771476 2.999193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 15:38:32.814303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:38:40.786202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:38:56.789298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:39:28.795283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:40:27.911814 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:40:27.911975 3.002348 tcp 10.0.2.109 53637 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:40:36.913399 0.000000 tcp 10.0.2.109 53637 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:40:42.913952 0.047967 tcp 10.0.2.109 53638 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:40:42.962200 0.046191 tcp 10.0.2.109 53639 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:40:43.008739 0.202865 tcp 10.0.2.109 53640 -> 195.113.214.211 443 SRPA* 0 0 34 24748 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:40:43.509604 3.007377 tcp 10.0.2.109 53641 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:40:52.515843 0.000000 tcp 10.0.2.109 53641 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:40:58.505065 0.045108 tcp 10.0.2.109 53642 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:40:58.550495 0.046586 tcp 10.0.2.109 53643 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:40:58.597389 0.140721 tcp 10.0.2.109 53644 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:40:58.983026 2.996291 tcp 10.0.2.109 53645 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:41:07.978041 0.000000 tcp 10.0.2.109 53645 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:41:13.977235 0.044810 tcp 10.0.2.109 53646 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:41:14.022588 0.045917 tcp 10.0.2.109 53647 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:41:14.068825 0.143283 tcp 10.0.2.109 53648 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:41:14.265088 2.996130 tcp 10.0.2.109 53649 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:41:23.260105 0.000000 tcp 10.0.2.109 53649 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:41:29.258928 3.003915 tcp 10.0.2.109 53650 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:41:38.261368 0.000000 tcp 10.0.2.109 53650 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:41:44.260910 3.003493 tcp 10.0.2.109 53651 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:41:53.263279 0.000000 tcp 10.0.2.109 53651 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:41:58.259939 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:43:05.076718 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:43:05.076804 0.000000 udp 10.0.2.109 3683 -> 46.49.11.252 6051 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 15:43:22.772484 0.045128 tcp 10.0.2.109 53652 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:43:22.817859 0.046025 tcp 10.0.2.109 53653 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:43:22.864162 0.150577 tcp 10.0.2.109 53654 -> 195.113.214.211 443 SRPA* 0 0 55 33916 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:43:23.015023 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 15:43:40.628042 0.044380 tcp 10.0.2.109 53655 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:43:40.672687 0.046081 tcp 10.0.2.109 53656 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:43:40.719123 0.136306 tcp 10.0.2.109 53657 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:43:40.856105 0.402642 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2027 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:41.240082 0.050036 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:41.304626 0.422951 rtp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:41.683876 0.167970 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:41.858839 0.108957 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:41.942811 0.709439 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:42.412986 0.167479 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:42.573473 0.047648 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:42.638038 0.168490 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:42.783047 0.172133 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:42.939531 0.173230 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:43.108591 0.165938 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:43.254534 0.148446 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:43.395183 0.340096 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:43.735153 0.203196 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:43.916262 0.162302 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:44.199220 0.236607 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:44.396610 0.403012 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:44.797920 0.188719 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:44.979134 0.392899 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:45.352265 0.380766 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:45.716176 0.068660 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:45.777321 0.343572 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:46.122722 0.165374 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:46.282282 0.179248 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:46.451255 0.250823 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:43:46.665463 0.353984 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/06 15:45:32.802707 2.999990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 15:45:39.808822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:45:47.810437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:46:03.812885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:46:35.818763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:46:59.263585 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:46:59.263687 3.003744 tcp 10.0.2.109 53658 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:47:08.275914 0.000000 tcp 10.0.2.109 53658 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:47:14.266892 0.047497 tcp 10.0.2.109 53659 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:47:14.314795 0.047166 tcp 10.0.2.109 53660 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:47:14.362327 0.140116 tcp 10.0.2.109 53661 -> 195.113.214.211 443 SRPA* 0 0 42 34652 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:47:14.577413 3.003228 tcp 10.0.2.109 53662 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:47:23.577953 0.000000 tcp 10.0.2.109 53662 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:47:29.577227 0.045666 tcp 10.0.2.109 53663 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:47:29.622737 0.045248 tcp 10.0.2.109 53664 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:47:29.668344 0.136733 tcp 10.0.2.109 53665 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:47:29.976630 2.995036 tcp 10.0.2.109 53666 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:47:38.970508 0.000000 tcp 10.0.2.109 53666 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:47:44.969306 0.044770 tcp 10.0.2.109 53667 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:47:45.014417 0.046763 tcp 10.0.2.109 53668 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:47:45.061445 0.145610 tcp 10.0.2.109 53669 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:47:45.242012 3.001451 tcp 10.0.2.109 53670 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:47:54.242042 0.000000 tcp 10.0.2.109 53670 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:48:00.240912 3.003877 tcp 10.0.2.109 53671 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:48:09.243542 0.000000 tcp 10.0.2.109 53671 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:48:15.242523 3.003990 tcp 10.0.2.109 53672 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:48:24.245156 0.000000 tcp 10.0.2.109 53672 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:53:30.246011 0.000210 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:53:30.246287 2.993024 tcp 10.0.2.109 53673 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:53:39.238080 0.000000 tcp 10.0.2.109 53673 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:53:45.249199 0.046595 tcp 10.0.2.109 53674 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:53:45.296110 0.044839 tcp 10.0.2.109 53675 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:53:45.341293 0.137400 tcp 10.0.2.109 53676 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:53:45.490520 3.000937 tcp 10.0.2.109 53677 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:53:54.490073 0.000000 tcp 10.0.2.109 53677 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:54:00.490470 0.045765 tcp 10.0.2.109 53678 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:54:00.536055 0.046400 tcp 10.0.2.109 53679 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:54:00.582765 0.142687 tcp 10.0.2.109 53680 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:54:00.792398 3.000487 tcp 10.0.2.109 53681 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:54:10.155859 0.000000 tcp 10.0.2.109 53681 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:54:16.097764 2.974608 tcp 10.0.2.109 53682 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:54:25.015730 0.000000 tcp 10.0.2.109 53682 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:54:27.029750 2.975287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 15:54:33.969283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:54:41.897800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:54:57.840876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:55:29.847134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 15:59:30.793625 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 15:59:30.793787 2.993907 tcp 10.0.2.109 53683 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:59:39.795869 0.000000 tcp 10.0.2.109 53683 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:59:45.796858 0.045314 tcp 10.0.2.109 53684 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:59:45.842514 0.046568 tcp 10.0.2.109 53685 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:59:45.889397 0.146665 tcp 10.0.2.109 53686 -> 195.113.214.211 443 SRPA* 0 0 32 17200 flow=From-Botnet-V1-TCP-Established 1970/02/06 15:59:47.050696 3.000293 tcp 10.0.2.109 53687 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 15:59:56.049867 0.000000 tcp 10.0.2.109 53687 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:00:02.049431 0.045111 tcp 10.0.2.109 53688 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:00:02.094895 0.047637 tcp 10.0.2.109 53689 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:00:02.142388 0.137598 tcp 10.0.2.109 53690 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:00:02.712744 3.000714 tcp 10.0.2.109 53691 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:00:11.712484 0.000000 tcp 10.0.2.109 53691 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:00:17.711380 3.003945 tcp 10.0.2.109 53692 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:00:26.713441 0.000000 tcp 10.0.2.109 53692 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:01:55.864874 3.002225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 16:02:02.872309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:02:10.873434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:02:26.876620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:02:58.882819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:05:32.714488 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 16:05:32.714671 2.993496 tcp 10.0.2.109 53693 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:05:41.716419 0.000000 tcp 10.0.2.109 53693 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:05:47.717295 0.045909 tcp 10.0.2.109 53694 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:05:47.763497 0.045786 tcp 10.0.2.109 53695 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:05:47.809157 0.144660 tcp 10.0.2.109 53696 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:05:48.320565 3.000004 tcp 10.0.2.109 53697 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:05:57.319170 0.000000 tcp 10.0.2.109 53697 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:06:03.319118 0.044971 tcp 10.0.2.109 53698 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:06:03.364401 0.045742 tcp 10.0.2.109 53699 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:06:03.410424 0.136676 tcp 10.0.2.109 53700 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:06:04.008760 3.380712 tcp 10.0.2.109 53701 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:06:13.328514 0.000000 tcp 10.0.2.109 53701 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:06:19.267922 2.975192 tcp 10.0.2.109 53702 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:06:28.182448 0.000000 tcp 10.0.2.109 53702 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:09:09.888941 3.001759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 16:09:16.896174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:09:24.897860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:09:40.901080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:10:12.906886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:14:09.227072 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 16:14:09.227183 0.494429 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:09.688534 0.167622 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 1993 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:10.576970 0.113206 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:10.667290 0.410914 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:11.059448 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 16:14:19.030414 3.004848 tcp 10.0.2.109 53703 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:14:27.233607 0.046099 tcp 10.0.2.109 53704 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:14:27.279939 0.046292 tcp 10.0.2.109 53705 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:14:27.326530 0.140852 tcp 10.0.2.109 53706 -> 195.113.214.211 443 SRPA* 0 0 42 34652 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:14:27.467875 0.796006 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:28.034332 0.000000 tcp 10.0.2.109 53703 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:14:28.044776 0.170772 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:28.516645 0.048620 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:28.694739 0.169448 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:28.843264 0.164393 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:29.317449 0.174028 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:29.488690 0.169823 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:29.871478 0.146443 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:30.010099 0.546935 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:30.557098 0.207833 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:31.040831 0.398058 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:31.437447 0.191140 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:31.646246 0.157410 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:31.951036 0.240053 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:32.150990 0.393591 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:32.527820 0.342893 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:32.853051 0.070990 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:33.346719 0.173604 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:34.037225 0.045247 tcp 10.0.2.109 53707 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:14:34.082743 0.045017 tcp 10.0.2.109 53708 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:14:34.128013 0.136312 tcp 10.0.2.109 53709 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:14:34.215492 0.253508 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:34.594532 3.002702 tcp 10.0.2.109 53710 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:14:35.097866 0.343640 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:35.680159 0.167627 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2636 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:35.984985 0.353615 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:14:43.605555 0.000000 tcp 10.0.2.109 53710 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:16:16.912174 3.002428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 16:16:23.920471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:16:31.921708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:16:47.925698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:17:19.930954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:19:49.586690 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 16:19:49.586799 2.993390 tcp 10.0.2.109 53711 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:19:58.581032 0.000000 tcp 10.0.2.109 53711 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:20:04.589463 0.045749 tcp 10.0.2.109 53712 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:20:04.635600 0.047504 tcp 10.0.2.109 53713 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:20:04.683369 0.147181 tcp 10.0.2.109 53714 -> 195.113.214.211 443 SRPA* 0 0 23 12930 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:20:05.237166 3.005488 tcp 10.0.2.109 53715 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:20:14.241453 0.000000 tcp 10.0.2.109 53715 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:20:20.230769 0.208630 tcp 10.0.2.109 53716 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:20:20.439669 0.046323 tcp 10.0.2.109 53717 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:20:20.486297 0.138719 tcp 10.0.2.109 53718 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:20:20.695311 2.976139 tcp 10.0.2.109 53719 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:20:29.622268 0.000000 tcp 10.0.2.109 53719 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:20:35.572772 2.975427 tcp 10.0.2.109 53720 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:20:44.544475 0.000000 tcp 10.0.2.109 53720 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:23:23.936984 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 16:23:30.943800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:23:38.945776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:23:54.948105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:24:26.954650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:25:50.545433 0.000183 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 16:25:50.545836 2.993166 tcp 10.0.2.109 53721 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:25:59.537774 0.000000 tcp 10.0.2.109 53721 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:26:05.547780 0.046228 tcp 10.0.2.109 53722 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:26:05.594362 0.350863 tcp 10.0.2.109 53723 -> 195.113.214.211 80 SRPA* 0 0 69 77766 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:26:05.972740 2.973177 tcp 10.0.2.109 53724 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:26:14.888075 0.000000 tcp 10.0.2.109 53724 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:26:20.828498 0.045001 tcp 10.0.2.109 53725 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:26:20.873805 0.047089 tcp 10.0.2.109 53726 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:26:20.921208 0.134111 tcp 10.0.2.109 53727 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:26:21.095928 2.979345 tcp 10.0.2.109 53728 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:26:30.015802 0.000000 tcp 10.0.2.109 53728 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:26:35.990632 3.003774 tcp 10.0.2.109 53729 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:26:44.993426 0.000000 tcp 10.0.2.109 53729 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:30:30.961139 3.000762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 16:30:37.967869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:30:45.969768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:31:01.972670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:31:33.978723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:31:50.993918 0.000305 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 16:31:50.994323 2.992792 tcp 10.0.2.109 53730 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:31:59.995836 0.000000 tcp 10.0.2.109 53730 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:32:05.996515 0.045693 tcp 10.0.2.109 53731 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:32:06.042466 0.046367 tcp 10.0.2.109 53732 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:32:06.089138 0.136917 tcp 10.0.2.109 53733 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:32:06.245305 2.993866 tcp 10.0.2.109 53734 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:32:15.237704 0.000000 tcp 10.0.2.109 53734 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:32:21.247369 0.045628 tcp 10.0.2.109 53735 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:32:21.293293 0.045214 tcp 10.0.2.109 53736 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:32:21.338828 0.130115 tcp 10.0.2.109 53737 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:32:21.588626 3.002688 tcp 10.0.2.109 53738 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:32:30.589985 0.000000 tcp 10.0.2.109 53738 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:32:36.589060 3.004083 tcp 10.0.2.109 53739 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:32:45.591626 0.000000 tcp 10.0.2.109 53739 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:37:37.984906 3.000987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 16:37:44.991829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:37:51.592100 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 16:37:51.592236 3.003594 tcp 10.0.2.109 53740 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:37:52.993401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:38:00.594289 0.000000 tcp 10.0.2.109 53740 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:38:06.595057 0.045641 tcp 10.0.2.109 53741 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:38:06.640979 0.045983 tcp 10.0.2.109 53742 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:38:06.687291 0.134713 tcp 10.0.2.109 53743 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:38:06.908589 2.989029 tcp 10.0.2.109 53744 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:38:08.996025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:38:15.906674 0.000000 tcp 10.0.2.109 53744 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:38:21.905886 0.044611 tcp 10.0.2.109 53745 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:38:21.950753 0.048626 tcp 10.0.2.109 53746 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:38:21.999680 0.139758 tcp 10.0.2.109 53747 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:38:22.631347 2.999265 tcp 10.0.2.109 53748 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:38:31.633173 0.000000 tcp 10.0.2.109 53748 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:38:37.627782 3.004142 tcp 10.0.2.109 53749 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:38:41.002863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:38:46.630502 0.000000 tcp 10.0.2.109 53749 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:44:45.008502 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 16:44:50.464095 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 16:44:50.464184 0.045024 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:50.507443 0.418448 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:50.882026 0.166876 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:51.117373 0.113431 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:51.208224 0.410005 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2538 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:51.598876 0.490802 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:52.016073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:44:52.049841 0.171634 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:52.198702 0.046995 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:52.270380 0.174162 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2652 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:52.420165 0.170484 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:52.568165 0.163900 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:52.671661 2.999336 tcp 10.0.2.109 53750 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:44:52.722594 0.173065 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2031 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:52.891336 0.161348 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:53.040901 0.450648 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:53.507019 0.188948 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:53.688529 0.156161 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:53.876985 0.204370 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:54.056397 0.390309 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:54.448387 0.239252 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:54.648055 0.386522 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:55.011450 0.386355 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:55.409396 0.071752 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:55.460659 0.183940 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:55.632510 0.166985 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:55.791845 0.251382 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:56.005520 0.346256 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:44:56.350650 0.350286 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/06 16:45:00.017459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:45:01.669305 0.000000 tcp 10.0.2.109 53750 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:45:07.670701 0.046577 tcp 10.0.2.109 53751 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:45:07.717571 0.046885 tcp 10.0.2.109 53752 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:45:07.764788 0.140364 tcp 10.0.2.109 53753 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:45:07.993020 3.000433 tcp 10.0.2.109 53754 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:45:16.020993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:45:16.992422 0.000000 tcp 10.0.2.109 53754 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:45:22.991414 0.045236 tcp 10.0.2.109 53755 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:45:23.036944 0.046143 tcp 10.0.2.109 53756 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:45:23.083426 0.142339 tcp 10.0.2.109 53757 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:45:23.265614 2.999600 tcp 10.0.2.109 53758 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:45:32.264169 0.000000 tcp 10.0.2.109 53758 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:45:38.262786 3.004270 tcp 10.0.2.109 53759 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:45:47.265608 0.000000 tcp 10.0.2.109 53759 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:45:48.026916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:50:53.266094 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 16:50:53.266202 2.993586 tcp 10.0.2.109 53760 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:51:02.258396 0.000000 tcp 10.0.2.109 53760 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:51:08.269495 0.045687 tcp 10.0.2.109 53761 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:51:08.315467 0.046840 tcp 10.0.2.109 53762 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:51:08.362580 0.135150 tcp 10.0.2.109 53763 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:51:08.645949 2.995918 tcp 10.0.2.109 53764 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:51:17.640540 0.000000 tcp 10.0.2.109 53764 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:51:23.639744 0.045461 tcp 10.0.2.109 53765 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:51:23.685130 0.045219 tcp 10.0.2.109 53766 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:51:23.730633 0.134147 tcp 10.0.2.109 53767 -> 195.113.214.211 443 SRPA* 0 0 40 21958 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:51:24.008015 3.005902 tcp 10.0.2.109 53768 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:51:33.012909 0.000000 tcp 10.0.2.109 53768 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:51:39.001433 3.004258 tcp 10.0.2.109 53769 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:51:48.004001 0.000000 tcp 10.0.2.109 53769 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:54:04.052711 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 16:54:11.059947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:54:19.061304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:54:35.064473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:55:07.070609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 16:56:54.004697 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 16:56:54.004807 2.993738 tcp 10.0.2.109 53770 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:57:03.007101 0.000000 tcp 10.0.2.109 53770 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:57:09.007561 0.046106 tcp 10.0.2.109 53771 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:57:09.053986 0.045882 tcp 10.0.2.109 53772 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:57:09.100170 0.141003 tcp 10.0.2.109 53773 -> 195.113.214.211 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:57:09.252543 2.998194 tcp 10.0.2.109 53774 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:57:18.248829 0.000000 tcp 10.0.2.109 53774 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:57:24.248058 0.045260 tcp 10.0.2.109 53775 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:57:24.293604 0.046203 tcp 10.0.2.109 53776 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:57:24.340130 0.140187 tcp 10.0.2.109 53777 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/06 16:57:24.489309 3.002804 tcp 10.0.2.109 53778 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:57:33.491008 0.000000 tcp 10.0.2.109 53778 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:57:39.489745 3.004108 tcp 10.0.2.109 53779 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 16:57:48.492855 0.000000 tcp 10.0.2.109 53779 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:01:11.076411 3.002115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 17:01:18.083768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:01:26.085368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:01:42.088269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:02:14.095007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:02:54.493073 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 17:02:54.493166 3.003521 tcp 10.0.2.109 53780 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:03:03.495120 0.000000 tcp 10.0.2.109 53780 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:03:09.495750 0.046076 tcp 10.0.2.109 53781 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:03:09.542089 0.046815 tcp 10.0.2.109 53782 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:03:09.589219 0.142511 tcp 10.0.2.109 53783 -> 195.113.214.211 443 SRPA* 0 0 38 27150 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:03:09.935239 2.993678 tcp 10.0.2.109 53784 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:03:18.937534 0.000000 tcp 10.0.2.109 53784 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:03:24.936856 0.044305 tcp 10.0.2.109 53785 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:03:24.981450 0.046111 tcp 10.0.2.109 53786 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:03:25.027954 0.137755 tcp 10.0.2.109 53787 -> 195.113.214.211 443 SRPA* 0 0 38 18386 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:03:25.391095 2.999930 tcp 10.0.2.109 53788 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:03:34.389906 0.000000 tcp 10.0.2.109 53788 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:03:40.388825 3.003850 tcp 10.0.2.109 53789 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:03:49.391431 0.000000 tcp 10.0.2.109 53789 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:08:25.101099 3.001297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 17:08:32.107765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:08:40.109183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:08:56.112008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:09:28.118491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:15:16.130323 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 17:15:16.130470 0.050647 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:16.178914 0.425725 rtp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:16.554822 0.407585 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:16.941865 0.168826 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:17.129991 0.114300 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:17.221922 0.691886 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:17.674429 0.170643 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:18.122687 0.047942 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:18.192672 0.167276 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:18.446787 0.167644 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:18.594349 0.172016 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:19.368243 0.174616 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:19.540363 0.154659 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:19.747245 0.427449 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:20.423173 0.197885 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:20.613357 0.157567 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:21.163258 0.241319 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:21.362113 0.202777 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:21.566602 0.386748 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:21.952171 0.383469 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:22.315570 0.341399 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:22.692916 0.070904 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:22.751164 0.180819 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:22.968952 0.158957 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:23.319791 0.352104 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:23.668434 0.633170 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:24.265400 0.336784 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:15:25.432569 3.003569 tcp 10.0.2.109 53790 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:15:32.124568 3.001422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 17:15:34.435181 0.000000 tcp 10.0.2.109 53790 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:15:39.131733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:15:40.435885 0.045636 tcp 10.0.2.109 53791 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:15:40.481781 0.046218 tcp 10.0.2.109 53792 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:15:40.527835 0.137480 tcp 10.0.2.109 53793 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:15:40.763816 2.994471 tcp 10.0.2.109 53794 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:15:47.133351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:15:49.766781 0.000000 tcp 10.0.2.109 53794 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:15:55.766236 0.045021 tcp 10.0.2.109 53795 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:15:55.811541 0.046253 tcp 10.0.2.109 53796 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:15:55.858084 0.138004 tcp 10.0.2.109 53797 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:15:56.215495 2.995299 tcp 10.0.2.109 53798 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:16:03.135919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:16:05.209267 0.000000 tcp 10.0.2.109 53798 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:16:11.207963 3.005268 tcp 10.0.2.109 53799 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:16:20.210900 0.000000 tcp 10.0.2.109 53799 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:16:35.142546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:21:26.211517 0.000198 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 17:21:26.211819 3.003317 tcp 10.0.2.109 53800 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:21:35.213880 0.000000 tcp 10.0.2.109 53800 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:21:41.214755 0.046252 tcp 10.0.2.109 53801 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:21:41.261302 0.046702 tcp 10.0.2.109 53802 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:21:41.308262 0.139101 tcp 10.0.2.109 53803 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:21:41.549583 2.997414 tcp 10.0.2.109 53804 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:21:50.545752 0.000000 tcp 10.0.2.109 53804 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:21:56.545159 0.045451 tcp 10.0.2.109 53805 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:21:56.590874 0.047186 tcp 10.0.2.109 53806 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:21:56.637910 0.136670 tcp 10.0.2.109 53807 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:21:56.800385 2.999983 tcp 10.0.2.109 53808 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:22:05.797958 0.000000 tcp 10.0.2.109 53808 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:22:11.796551 2.994547 tcp 10.0.2.109 53809 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:22:20.790827 0.000000 tcp 10.0.2.109 53809 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:22:39.151542 2.999680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 17:22:46.155555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:22:54.156870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:23:10.160605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:23:42.166409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:27:26.799915 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 17:27:26.800144 3.003659 tcp 10.0.2.109 53810 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:27:35.802529 0.000000 tcp 10.0.2.109 53810 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:27:41.803315 0.046699 tcp 10.0.2.109 53811 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:27:41.850497 0.046285 tcp 10.0.2.109 53812 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:27:41.897058 0.138391 tcp 10.0.2.109 53813 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:27:42.231875 3.003858 tcp 10.0.2.109 53814 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:27:51.234496 0.000000 tcp 10.0.2.109 53814 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:27:57.233613 0.044817 tcp 10.0.2.109 53815 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:27:57.278588 0.045034 tcp 10.0.2.109 53816 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:27:57.323933 0.135323 tcp 10.0.2.109 53817 -> 195.113.214.211 443 SRPA* 0 0 41 21202 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:27:57.469842 2.997638 tcp 10.0.2.109 53818 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:28:06.476129 0.000000 tcp 10.0.2.109 53818 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:28:12.465017 2.994191 tcp 10.0.2.109 53819 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:28:21.457786 0.000000 tcp 10.0.2.109 53819 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:29:46.173500 3.001169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 17:29:53.179781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:30:01.181476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:30:17.184104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:30:49.190572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:33:27.468247 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 17:33:27.468371 3.003675 tcp 10.0.2.109 53820 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:33:36.470818 0.000000 tcp 10.0.2.109 53820 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:33:42.471483 0.047766 tcp 10.0.2.109 53821 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:33:42.519552 0.046062 tcp 10.0.2.109 53822 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:33:42.566040 0.137641 tcp 10.0.2.109 53823 -> 195.113.214.211 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:33:42.853241 3.000899 tcp 10.0.2.109 53824 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:33:51.852850 0.000000 tcp 10.0.2.109 53824 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:33:57.852574 0.045653 tcp 10.0.2.109 53825 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:33:57.898075 0.046298 tcp 10.0.2.109 53826 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:33:57.944721 0.138208 tcp 10.0.2.109 53827 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:33:58.276153 3.000133 tcp 10.0.2.109 53828 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:34:07.304809 0.000000 tcp 10.0.2.109 53828 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:34:13.274086 2.993916 tcp 10.0.2.109 53829 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:34:22.276561 0.000000 tcp 10.0.2.109 53829 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:36:53.196863 3.001270 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 17:37:00.204132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:37:08.205139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:37:24.208109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:37:56.214293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:44:00.220027 3.002016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 17:44:07.227611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:44:15.229192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:44:31.232358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:45:03.237971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:45:46.620779 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 17:45:46.620940 0.407914 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2003 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:47.009947 0.158765 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:47.205576 0.422102 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:47.578696 0.724936 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:48.063806 0.166714 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:48.268149 0.115326 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:48.436517 0.169693 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:48.584577 0.046870 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:48.859581 0.173859 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:49.006756 0.167912 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:49.154245 0.156457 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:49.802458 0.165305 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:49.960034 0.175115 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:50.132247 0.402306 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:50.583254 0.190101 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:50.765903 0.159086 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:50.954882 0.340193 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:51.375689 0.239620 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:51.576554 0.203835 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:51.757487 0.385124 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:52.124304 0.345573 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:52.451274 0.074494 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:52.520551 0.185455 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:45:52.693902 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 17:45:58.317899 3.003662 tcp 10.0.2.109 53830 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:46:07.320426 0.000000 tcp 10.0.2.109 53830 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:46:08.073083 0.045390 tcp 10.0.2.109 53831 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:46:08.118754 0.047237 tcp 10.0.2.109 53832 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:46:08.166434 0.137370 tcp 10.0.2.109 53833 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:46:08.304718 0.352683 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:46:08.654037 0.252640 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:46:08.868709 0.337378 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/06 17:46:13.319532 0.045251 tcp 10.0.2.109 53834 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:46:13.365074 0.046434 tcp 10.0.2.109 53835 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:46:13.411784 0.136741 tcp 10.0.2.109 53836 -> 195.113.214.211 443 SRPA* 0 0 36 18650 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:46:13.564303 2.999002 tcp 10.0.2.109 53837 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:46:22.562305 0.000000 tcp 10.0.2.109 53837 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:46:28.561337 0.045618 tcp 10.0.2.109 53838 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:46:28.607253 0.046371 tcp 10.0.2.109 53839 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:46:28.653884 0.137841 tcp 10.0.2.109 53840 -> 195.113.214.211 443 SRPA* 0 0 36 18316 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:46:28.976768 2.999135 tcp 10.0.2.109 53841 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:46:37.974232 0.000000 tcp 10.0.2.109 53841 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:46:43.973148 3.003985 tcp 10.0.2.109 53842 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:46:52.985973 0.000000 tcp 10.0.2.109 53842 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:51:58.976372 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 17:51:58.976549 2.993900 tcp 10.0.2.109 53843 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:52:07.969077 0.000000 tcp 10.0.2.109 53843 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:52:13.979638 0.046122 tcp 10.0.2.109 53844 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:52:14.026041 0.047011 tcp 10.0.2.109 53845 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:52:14.073364 0.193527 tcp 10.0.2.109 53846 -> 195.113.214.211 443 SRPA* 0 0 33 17692 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:52:14.418838 3.003637 tcp 10.0.2.109 53847 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:52:23.421174 0.000000 tcp 10.0.2.109 53847 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:52:29.420837 0.045784 tcp 10.0.2.109 53848 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:52:29.466903 0.045504 tcp 10.0.2.109 53849 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:52:29.512657 0.140792 tcp 10.0.2.109 53850 -> 195.113.214.211 443 SRPA* 0 0 41 19176 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:52:29.665663 2.998066 tcp 10.0.2.109 53851 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:52:38.663191 0.000000 tcp 10.0.2.109 53851 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:52:44.661701 3.004338 tcp 10.0.2.109 53852 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:52:53.664642 0.000000 tcp 10.0.2.109 53852 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:53:29.248621 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 17:53:36.255957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:53:44.257247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:54:00.260452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:54:32.266215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 17:57:59.665272 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 17:57:59.665416 2.993641 tcp 10.0.2.109 53853 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:58:08.667597 0.000000 tcp 10.0.2.109 53853 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:58:14.667771 0.091787 tcp 10.0.2.109 53854 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:58:14.759922 0.046381 tcp 10.0.2.109 53855 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:58:14.806627 0.146065 tcp 10.0.2.109 53856 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:58:14.979204 3.001654 tcp 10.0.2.109 53857 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:58:23.979801 0.000000 tcp 10.0.2.109 53857 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:58:29.978246 0.046297 tcp 10.0.2.109 53858 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:58:30.024323 0.048000 tcp 10.0.2.109 53859 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:58:30.072612 0.135766 tcp 10.0.2.109 53860 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/06 17:58:30.227713 3.005355 tcp 10.0.2.109 53861 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:58:39.231211 0.000000 tcp 10.0.2.109 53861 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:58:45.220034 3.004465 tcp 10.0.2.109 53862 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 17:58:54.223459 0.000000 tcp 10.0.2.109 53862 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:00:36.273529 3.001138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 18:00:43.279858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:00:51.281392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:01:07.284661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:01:39.300700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:04:00.223894 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 18:04:00.224038 3.003157 tcp 10.0.2.109 53863 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:04:09.226060 0.000000 tcp 10.0.2.109 53863 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:04:15.226043 0.046987 tcp 10.0.2.109 53864 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:04:15.273334 0.045021 tcp 10.0.2.109 53865 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:04:15.318673 0.145648 tcp 10.0.2.109 53866 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:04:15.908890 3.000900 tcp 10.0.2.109 53867 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:04:24.908364 0.000000 tcp 10.0.2.109 53867 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:04:30.907095 0.044953 tcp 10.0.2.109 53868 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:04:30.952366 0.046761 tcp 10.0.2.109 53869 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:04:30.999439 0.141113 tcp 10.0.2.109 53870 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:04:31.571232 3.000881 tcp 10.0.2.109 53871 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:04:40.570717 0.000000 tcp 10.0.2.109 53871 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:04:46.570573 3.003172 tcp 10.0.2.109 53872 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:04:55.572250 0.000000 tcp 10.0.2.109 53872 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:07:43.306638 3.001063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 18:07:50.313859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:07:58.315250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:08:14.317946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:08:46.324514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:14:50.330942 3.001095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 18:14:57.337663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:15:05.339379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:15:21.342405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:15:53.348432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:16:27.307346 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 18:16:27.307431 0.166327 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:27.465693 0.932868 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:28.645509 0.415749 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:29.040856 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 18:16:31.613714 3.003774 tcp 10.0.2.109 53873 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:16:40.626025 0.000000 tcp 10.0.2.109 53873 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:16:44.294852 0.046838 tcp 10.0.2.109 53874 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:16:44.342042 0.046301 tcp 10.0.2.109 53875 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:16:44.388640 0.141816 tcp 10.0.2.109 53876 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:16:44.531084 0.113357 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:44.622356 0.170800 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:44.770118 0.048227 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:44.879130 2.057400 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:46.615276 0.044759 tcp 10.0.2.109 53877 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:16:46.660375 0.046772 tcp 10.0.2.109 53878 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:16:46.707523 0.150818 tcp 10.0.2.109 53879 -> 195.113.214.211 443 SRPA* 0 0 34 17906 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:16:46.817303 0.166696 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:46.916410 2.993350 tcp 10.0.2.109 53880 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:16:47.152178 0.253796 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:47.548492 0.177243 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:47.714231 0.523207 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:48.216010 0.169171 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:48.403813 0.188458 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:48.584376 0.395477 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:49.062784 0.348088 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:49.623466 0.177460 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:49.798216 0.314878 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:50.178818 0.241407 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:50.377569 0.202651 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:50.687579 0.073036 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:51.162495 0.184275 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:51.390196 0.367900 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:51.739317 0.394147 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:52.114005 0.349920 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:52.460288 0.248354 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:52.673460 0.315915 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:16:55.909053 0.000000 tcp 10.0.2.109 53880 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:17:01.917569 0.046082 tcp 10.0.2.109 53881 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:17:01.963932 0.046639 tcp 10.0.2.109 53882 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:17:02.010899 0.143396 tcp 10.0.2.109 53883 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:17:02.316640 2.995013 tcp 10.0.2.109 53884 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:17:11.310618 0.000000 tcp 10.0.2.109 53884 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:17:17.310012 3.003303 tcp 10.0.2.109 53885 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:17:26.311938 0.000000 tcp 10.0.2.109 53885 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:21:57.354611 3.001230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 18:22:04.361568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:22:12.363366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:22:28.366454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:22:32.380794 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 18:22:32.380915 2.979309 tcp 10.0.2.109 53886 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:22:41.314686 0.000000 tcp 10.0.2.109 53886 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:22:47.314959 0.045990 tcp 10.0.2.109 53887 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:22:47.361230 0.045817 tcp 10.0.2.109 53888 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:22:47.407316 0.141732 tcp 10.0.2.109 53889 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:22:47.621428 2.996906 tcp 10.0.2.109 53890 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:22:56.626720 0.000000 tcp 10.0.2.109 53890 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:23:00.382538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:23:02.615858 0.045358 tcp 10.0.2.109 53891 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:23:02.661503 0.046416 tcp 10.0.2.109 53892 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:23:02.708193 0.141707 tcp 10.0.2.109 53893 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:23:02.920826 2.999578 tcp 10.0.2.109 53894 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:23:11.918817 0.000000 tcp 10.0.2.109 53894 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:23:17.917331 3.004191 tcp 10.0.2.109 53895 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:23:26.920576 0.000000 tcp 10.0.2.109 53895 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:28:32.921159 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 18:28:32.921272 3.003393 tcp 10.0.2.109 53896 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:28:41.923375 0.000000 tcp 10.0.2.109 53896 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:28:47.923344 0.046463 tcp 10.0.2.109 53897 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:28:47.970301 0.046397 tcp 10.0.2.109 53898 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:28:48.016982 0.143531 tcp 10.0.2.109 53899 -> 195.113.214.211 443 SRPA* 0 0 42 24158 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:28:48.267754 2.999091 tcp 10.0.2.109 53900 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:28:57.265265 0.000000 tcp 10.0.2.109 53900 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:29:03.264489 0.045693 tcp 10.0.2.109 53901 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:29:03.310500 0.046749 tcp 10.0.2.109 53902 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:29:03.357553 0.139908 tcp 10.0.2.109 53903 -> 195.113.214.211 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:29:03.822553 2.996585 tcp 10.0.2.109 53904 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:29:04.389411 3.000532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 18:29:11.395666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:29:12.827647 0.000000 tcp 10.0.2.109 53904 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:29:18.816485 2.994153 tcp 10.0.2.109 53905 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:29:19.397127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:29:27.809044 0.000000 tcp 10.0.2.109 53905 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:29:35.400567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:30:07.406056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:34:33.819783 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 18:34:33.819870 3.003445 tcp 10.0.2.109 53906 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:34:42.822473 0.000000 tcp 10.0.2.109 53906 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:34:48.822794 0.046782 tcp 10.0.2.109 53907 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:34:48.869510 0.046223 tcp 10.0.2.109 53908 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:34:48.916116 0.135935 tcp 10.0.2.109 53909 -> 195.113.214.211 443 SRPA* 0 0 33 17670 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:34:49.246477 2.999166 tcp 10.0.2.109 53910 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:34:58.244358 0.000000 tcp 10.0.2.109 53910 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:35:04.244085 0.044950 tcp 10.0.2.109 53911 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:35:04.289449 0.047263 tcp 10.0.2.109 53912 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:35:04.337022 0.156078 tcp 10.0.2.109 53913 -> 195.113.214.211 443 SRPA* 0 0 53 36794 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:35:04.553769 2.984982 tcp 10.0.2.109 53914 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:35:13.546382 0.000000 tcp 10.0.2.109 53914 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:35:19.545233 2.993984 tcp 10.0.2.109 53915 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:35:28.537973 0.000000 tcp 10.0.2.109 53915 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:36:11.413886 2.999826 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 18:36:18.419619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:36:26.421015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:36:42.423969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:37:14.430349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:40:34.548340 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 18:40:34.548440 3.003873 tcp 10.0.2.109 53916 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:40:43.550762 0.000000 tcp 10.0.2.109 53916 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:40:49.551191 0.046505 tcp 10.0.2.109 53917 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:40:49.597960 0.046162 tcp 10.0.2.109 53918 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:40:49.644436 0.136174 tcp 10.0.2.109 53919 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:40:50.050597 3.003362 tcp 10.0.2.109 53920 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:40:59.053014 0.000000 tcp 10.0.2.109 53920 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:43:18.435969 3.002286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 18:43:25.443577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:43:33.445398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:43:49.448292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:44:21.454301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:47:05.079740 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 18:47:05.079852 0.050366 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:05.128590 0.164965 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:05.288181 0.417211 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:05.661348 0.410598 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:06.050966 0.112111 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:06.136739 0.186224 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:06.299510 0.047718 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:06.371558 0.681353 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:06.969653 0.167701 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:07.127400 0.166901 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:07.305311 0.154081 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:07.451647 0.170492 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:07.599882 0.168532 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:07.747566 0.194529 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:07.933983 0.154530 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:08.089765 0.540094 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:08.675694 0.176967 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:08.849697 0.204381 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:09.029457 0.305782 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:09.334207 0.242873 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:09.537087 0.069168 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:09.635690 0.180256 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:09.830695 0.358237 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:10.169992 0.257598 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:10.394088 0.337578 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:10.730835 0.383893 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:11.096007 0.353001 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/06 18:47:20.061388 3.003983 tcp 10.0.2.109 53921 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:47:29.063872 0.000000 tcp 10.0.2.109 53921 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:47:35.064625 0.046461 tcp 10.0.2.109 53922 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:47:35.111455 0.045496 tcp 10.0.2.109 53923 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:47:35.157264 0.135291 tcp 10.0.2.109 53924 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:47:35.308045 3.009194 tcp 10.0.2.109 53925 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:47:44.315739 0.000000 tcp 10.0.2.109 53925 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:47:50.305367 0.044996 tcp 10.0.2.109 53926 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:47:50.350667 0.045971 tcp 10.0.2.109 53927 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:47:50.396958 0.142296 tcp 10.0.2.109 53928 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:47:50.567184 2.991798 tcp 10.0.2.109 53929 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:47:59.567661 0.000000 tcp 10.0.2.109 53929 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:48:05.566572 2.994015 tcp 10.0.2.109 53930 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:48:14.559465 0.000000 tcp 10.0.2.109 53930 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:50:25.460827 3.000938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 18:50:32.467752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:50:40.469008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:50:56.472096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:51:28.478762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:53:20.569699 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 18:53:20.569868 3.003655 tcp 10.0.2.109 53931 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:53:29.572467 0.000000 tcp 10.0.2.109 53931 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:53:35.572988 0.046715 tcp 10.0.2.109 53932 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:53:35.620050 0.045673 tcp 10.0.2.109 53933 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:53:35.665548 0.148762 tcp 10.0.2.109 53934 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:53:35.824791 3.000616 tcp 10.0.2.109 53935 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:53:44.824390 0.000000 tcp 10.0.2.109 53935 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:53:50.823358 0.044458 tcp 10.0.2.109 53936 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:53:50.868091 0.046006 tcp 10.0.2.109 53937 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:53:50.914500 0.140561 tcp 10.0.2.109 53938 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:53:51.066733 3.000646 tcp 10.0.2.109 53939 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:54:00.075857 0.000000 tcp 10.0.2.109 53939 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:54:06.064467 2.994385 tcp 10.0.2.109 53940 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:54:15.067703 0.000000 tcp 10.0.2.109 53940 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:57:32.484059 3.001851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 18:57:39.491769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:57:47.493179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:58:03.496083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:58:35.502345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 18:59:21.068238 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 18:59:21.068424 3.003290 tcp 10.0.2.109 53941 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:59:30.070583 0.000000 tcp 10.0.2.109 53941 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:59:36.070802 0.046370 tcp 10.0.2.109 53942 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:59:36.117508 0.047297 tcp 10.0.2.109 53943 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:59:36.165188 0.139481 tcp 10.0.2.109 53944 -> 195.113.214.211 443 SRPA* 0 0 35 17596 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:59:36.544964 2.999426 tcp 10.0.2.109 53945 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:59:45.542802 0.000000 tcp 10.0.2.109 53945 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 18:59:51.542205 0.045726 tcp 10.0.2.109 53946 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:59:51.588343 0.064088 tcp 10.0.2.109 53947 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:59:51.652822 0.133117 tcp 10.0.2.109 53948 -> 195.113.214.211 443 SRPA* 0 0 23 12058 flow=From-Botnet-V1-TCP-Established 1970/02/06 18:59:52.068057 3.007844 tcp 10.0.2.109 53949 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:00:01.075228 0.000000 tcp 10.0.2.109 53949 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:00:07.064733 2.997780 tcp 10.0.2.109 53950 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:00:16.067955 0.000000 tcp 10.0.2.109 53950 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:04:43.513563 3.001996 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 19:04:50.521954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:04:58.528438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:05:14.525653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:05:22.067863 0.000222 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 19:05:22.068190 2.993259 tcp 10.0.2.109 53951 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:05:31.059573 0.000000 tcp 10.0.2.109 53951 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:05:37.070506 0.045483 tcp 10.0.2.109 53952 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:05:37.116290 0.046637 tcp 10.0.2.109 53953 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:05:37.163363 0.139513 tcp 10.0.2.109 53954 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:05:37.456907 2.997557 tcp 10.0.2.109 53955 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:05:46.451779 0.000000 tcp 10.0.2.109 53955 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:05:46.531901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:05:52.455920 0.046151 tcp 10.0.2.109 53956 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:05:52.502421 0.045697 tcp 10.0.2.109 53957 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:05:52.548398 0.137560 tcp 10.0.2.109 53958 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:05:52.803841 3.001900 tcp 10.0.2.109 53959 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:06:01.803889 0.000000 tcp 10.0.2.109 53959 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:06:07.793936 3.002698 tcp 10.0.2.109 53960 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:06:16.795228 0.000000 tcp 10.0.2.109 53960 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:11:50.538551 3.000702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 19:11:57.547718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:12:05.550558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:12:21.552585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:12:53.555678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:17:26.172273 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 19:17:26.172430 0.423648 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:26.545856 0.049711 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:26.719395 0.163267 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:26.877047 0.167962 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:27.334966 0.047139 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:27.590823 1.505969 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:28.176192 0.411149 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:28.570251 0.113720 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:28.701961 0.164600 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:28.969213 0.166605 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:29.236439 0.156174 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:29.385108 0.171442 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:29.535043 0.169034 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:29.711690 0.188831 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:29.893187 0.185008 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:30.074870 0.156630 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:30.438883 0.354449 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:30.846962 0.213991 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:31.035660 0.310535 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:31.344733 0.244647 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:32.565517 0.074902 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2665 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:32.619844 0.187276 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:32.794707 0.337964 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:33.131640 0.372622 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:33.486274 0.249615 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:33.700680 0.385298 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:34.066672 0.354119 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:17:37.835410 2.993374 tcp 10.0.2.109 53961 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:17:46.836953 0.000000 tcp 10.0.2.109 53961 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:17:52.837482 0.045989 tcp 10.0.2.109 53962 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:17:52.883780 0.045901 tcp 10.0.2.109 53963 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:17:52.930013 0.142357 tcp 10.0.2.109 53964 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:17:53.237097 2.993796 tcp 10.0.2.109 53965 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:18:02.229385 0.000000 tcp 10.0.2.109 53965 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:18:08.239369 0.044675 tcp 10.0.2.109 53966 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:18:08.284299 0.047263 tcp 10.0.2.109 53967 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:18:08.331836 0.204245 tcp 10.0.2.109 53968 -> 195.113.214.211 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:18:09.340517 3.003504 tcp 10.0.2.109 53969 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:18:18.347333 0.000000 tcp 10.0.2.109 53969 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:18:24.343471 3.002146 tcp 10.0.2.109 53970 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:18:33.844383 0.000000 tcp 10.0.2.109 53970 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:18:57.802756 2.965043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 19:19:04.737079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:19:12.662949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:19:28.573533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:20:00.579752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:23:39.344184 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 19:23:39.344305 2.993681 tcp 10.0.2.109 53971 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:23:48.347043 0.000000 tcp 10.0.2.109 53971 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:23:54.347295 0.046468 tcp 10.0.2.109 53972 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:23:54.394102 0.046273 tcp 10.0.2.109 53973 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:23:54.440232 0.144956 tcp 10.0.2.109 53974 -> 195.113.214.211 443 SRPA* 0 0 20 11272 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:23:54.914140 2.996596 tcp 10.0.2.109 53975 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:24:03.909650 0.000000 tcp 10.0.2.109 53975 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:24:09.908648 0.044812 tcp 10.0.2.109 53976 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:24:09.953783 0.046413 tcp 10.0.2.109 53977 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:24:10.000110 0.137739 tcp 10.0.2.109 53978 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:24:10.393258 3.000137 tcp 10.0.2.109 53979 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:24:19.391684 0.000000 tcp 10.0.2.109 53979 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:24:25.390807 3.003872 tcp 10.0.2.109 53980 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:24:34.393301 0.000000 tcp 10.0.2.109 53980 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:26:04.586142 3.001419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 19:26:11.593370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:26:19.594104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:26:35.597798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:27:07.603747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:29:40.393911 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 19:29:40.394009 2.993551 tcp 10.0.2.109 53981 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:29:49.396325 0.000000 tcp 10.0.2.109 53981 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:29:55.396981 0.046079 tcp 10.0.2.109 53982 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:29:55.443344 0.045280 tcp 10.0.2.109 53983 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:29:55.488885 0.133776 tcp 10.0.2.109 53984 -> 195.113.214.211 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:29:55.639209 3.000381 tcp 10.0.2.109 53985 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:30:04.638425 0.000000 tcp 10.0.2.109 53985 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:30:10.637310 0.045828 tcp 10.0.2.109 53986 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:30:10.683499 0.044805 tcp 10.0.2.109 53987 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:30:10.728619 0.138455 tcp 10.0.2.109 53988 -> 195.113.214.211 443 SRPA* 0 0 42 21258 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:30:10.961332 3.000114 tcp 10.0.2.109 53989 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:30:19.960384 0.000000 tcp 10.0.2.109 53989 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:30:25.959003 3.004402 tcp 10.0.2.109 53990 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:30:34.961530 0.000000 tcp 10.0.2.109 53990 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:33:11.609100 3.002309 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 19:33:18.617102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:33:26.618979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:33:42.621562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:34:14.627520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:35:40.962869 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 19:35:40.963063 3.002693 tcp 10.0.2.109 53991 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:35:49.964583 0.000000 tcp 10.0.2.109 53991 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:35:55.965962 0.046905 tcp 10.0.2.109 53992 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:35:56.013235 0.045969 tcp 10.0.2.109 53993 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:35:56.059672 0.135737 tcp 10.0.2.109 53994 -> 195.113.214.211 443 SRPA* 0 0 40 33106 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:35:56.323577 2.994789 tcp 10.0.2.109 53995 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:36:05.328253 0.000000 tcp 10.0.2.109 53995 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:36:11.326579 0.045232 tcp 10.0.2.109 53996 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:36:11.372170 0.046882 tcp 10.0.2.109 53997 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:36:11.419371 0.143933 tcp 10.0.2.109 53998 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:36:11.583451 2.996382 tcp 10.0.2.109 53999 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:36:20.578664 0.000000 tcp 10.0.2.109 53999 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:36:26.577719 3.003813 tcp 10.0.2.109 54000 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:36:35.580048 0.000000 tcp 10.0.2.109 54000 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:40:18.634068 3.001149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 19:40:25.641012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:40:33.642658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:40:49.645699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:41:21.651726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:47:25.657516 3.001637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 19:47:32.664816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:47:40.126692 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 19:47:40.126793 0.163493 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:47:40.284979 0.412917 rtp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 1997 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:47:40.656306 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 19:47:40.666063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:47:41.618387 3.003657 tcp 10.0.2.109 54001 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:47:50.620931 0.000000 tcp 10.0.2.109 54001 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:47:56.621460 0.045491 tcp 10.0.2.109 54002 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:47:56.667204 0.046130 tcp 10.0.2.109 54003 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:47:56.669454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:47:56.713625 0.139510 tcp 10.0.2.109 54004 -> 195.113.214.211 443 SRPA* 0 0 53 37272 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:47:56.867372 3.006564 tcp 10.0.2.109 54005 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:47:58.212078 0.046293 tcp 10.0.2.109 54006 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:47:58.258774 0.046799 tcp 10.0.2.109 54007 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:47:58.305918 0.136887 tcp 10.0.2.109 54008 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:47:58.443427 0.305684 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:47:58.725453 0.048279 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:47:58.775355 0.111804 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:47:58.862907 0.163141 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:47:59.018256 0.682219 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:47:59.460625 0.411469 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:47:59.850486 0.166842 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:00.027004 0.155451 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:00.175099 0.169892 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:00.321885 0.170117 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:00.471073 0.189067 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:00.652147 0.371976 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:01.036073 0.174139 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:01.205981 0.157258 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:01.359922 0.209298 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:01.545417 0.310195 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:01.854270 0.236707 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:02.054914 0.071718 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:02.114852 0.178518 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:02.288186 0.275438 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:02.527475 0.322751 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:02.868850 0.393266 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:03.243841 0.396917 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:03.620580 0.350778 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/06 19:48:05.872934 0.000000 tcp 10.0.2.109 54005 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:48:11.862805 0.044636 tcp 10.0.2.109 54009 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:48:11.907427 0.046303 tcp 10.0.2.109 54010 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:48:11.954083 0.144232 tcp 10.0.2.109 54011 -> 195.113.214.211 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:48:12.249263 3.007644 tcp 10.0.2.109 54012 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:48:21.254869 0.000000 tcp 10.0.2.109 54012 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:48:27.243827 2.994171 tcp 10.0.2.109 54013 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:48:28.675358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:48:36.246296 0.000000 tcp 10.0.2.109 54013 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:53:42.246940 0.000126 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 19:53:42.247197 3.003419 tcp 10.0.2.109 54014 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:53:51.249404 0.000000 tcp 10.0.2.109 54014 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:53:57.249608 0.045870 tcp 10.0.2.109 54015 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:53:57.295755 0.045640 tcp 10.0.2.109 54016 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:53:57.341669 0.141320 tcp 10.0.2.109 54017 -> 195.113.214.211 443 SRPA* 0 0 35 26456 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:53:57.493276 2.999333 tcp 10.0.2.109 54018 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:54:06.492298 0.000000 tcp 10.0.2.109 54018 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:54:12.490499 0.045519 tcp 10.0.2.109 54019 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:54:12.536299 0.045269 tcp 10.0.2.109 54020 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:54:12.581956 0.139881 tcp 10.0.2.109 54021 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:54:12.736051 2.998267 tcp 10.0.2.109 54022 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:54:21.733080 0.000000 tcp 10.0.2.109 54022 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:54:27.731833 3.004242 tcp 10.0.2.109 54023 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:54:36.734960 0.000000 tcp 10.0.2.109 54023 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:55:21.681560 3.002163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 19:55:28.689413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:55:36.690691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:55:52.693690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:56:24.699987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 19:59:42.734965 0.008305 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 19:59:42.743442 2.994864 tcp 10.0.2.109 54024 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:59:51.727933 0.000000 tcp 10.0.2.109 54024 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 19:59:57.737787 0.047162 tcp 10.0.2.109 54025 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:59:57.785331 0.046809 tcp 10.0.2.109 54026 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:59:57.832447 0.135545 tcp 10.0.2.109 54027 -> 195.113.214.211 443 SRPA* 0 0 33 17670 flow=From-Botnet-V1-TCP-Established 1970/02/06 19:59:58.219866 3.001478 tcp 10.0.2.109 54028 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:00:07.224632 0.000000 tcp 10.0.2.109 54028 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:00:13.219162 0.045008 tcp 10.0.2.109 54029 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:00:13.264447 0.045993 tcp 10.0.2.109 54030 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:00:13.310694 0.139798 tcp 10.0.2.109 54031 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:00:13.542608 3.003948 tcp 10.0.2.109 54032 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:00:22.541710 0.000000 tcp 10.0.2.109 54032 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:00:28.540282 3.004322 tcp 10.0.2.109 54033 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:00:37.543272 0.000000 tcp 10.0.2.109 54033 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:02:43.707596 3.001539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 20:02:50.714571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:02:58.715890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:03:14.719600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:03:46.725730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:05:43.544093 0.000190 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 20:05:43.544402 2.993435 tcp 10.0.2.109 54034 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:05:52.546336 0.000000 tcp 10.0.2.109 54034 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:05:58.546817 0.046637 tcp 10.0.2.109 54035 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:05:58.593791 0.046336 tcp 10.0.2.109 54036 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:05:58.640403 0.148090 tcp 10.0.2.109 54037 -> 195.113.214.211 443 SRPA* 0 0 72 57070 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:05:59.052316 2.997516 tcp 10.0.2.109 54038 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:06:08.048691 0.000000 tcp 10.0.2.109 54038 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:06:14.048058 0.047068 tcp 10.0.2.109 54039 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:06:14.095431 0.046061 tcp 10.0.2.109 54040 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:06:14.141867 0.132935 tcp 10.0.2.109 54041 -> 195.113.214.211 443 SRPA* 0 0 35 18778 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:06:14.677975 3.004624 tcp 10.0.2.109 54042 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:06:23.681130 0.000000 tcp 10.0.2.109 54042 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:06:29.669998 3.004332 tcp 10.0.2.109 54043 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:06:38.715104 0.000000 tcp 10.0.2.109 54043 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:09:50.732899 3.000321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 20:09:57.739123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:10:05.740812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:10:21.743560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:10:53.749602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:11:44.673159 0.000166 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 20:11:44.673434 3.003411 tcp 10.0.2.109 54044 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:11:53.675568 0.000000 tcp 10.0.2.109 54044 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:11:59.676121 0.046130 tcp 10.0.2.109 54045 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:11:59.722579 0.045995 tcp 10.0.2.109 54046 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:11:59.768891 0.135224 tcp 10.0.2.109 54047 -> 195.113.214.211 443 SRPA* 0 0 21 11362 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:12:00.072959 2.997041 tcp 10.0.2.109 54048 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:12:09.067701 0.000000 tcp 10.0.2.109 54048 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:16:57.756150 3.000866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 20:17:04.762937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:17:12.764410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:17:28.768048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:18:00.773506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:18:22.695266 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 20:18:22.695495 0.053561 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 1999 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:22.740685 0.162319 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:23.516791 0.478579 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:23.959398 0.167235 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:24.205883 0.047600 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:24.374740 0.141471 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:24.493002 0.407522 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:24.882550 0.167183 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:25.117077 0.502450 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:25.594953 0.166981 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:25.854544 0.153857 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:26.000917 0.167026 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 1975 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:26.144063 0.170607 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:26.294907 0.192242 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:26.479673 0.155639 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:26.731277 0.209029 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:26.914693 0.310210 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:27.223838 0.348561 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:27.627323 0.174582 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:27.799272 0.241395 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:28.002000 0.073785 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:28.149214 0.182108 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:28.321436 0.253590 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:28.540588 0.350755 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:29.019222 0.353349 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:29.368635 0.340006 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:29.690065 0.388998 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:18:30.264722 2.966592 tcp 10.0.2.109 54049 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:18:39.174550 0.000000 tcp 10.0.2.109 54049 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:18:45.129466 0.048765 tcp 10.0.2.109 54050 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:18:45.178570 0.046848 tcp 10.0.2.109 54051 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:18:45.225284 0.141919 tcp 10.0.2.109 54052 -> 195.113.214.211 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:18:45.524050 2.972637 tcp 10.0.2.109 54053 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:18:54.470893 0.000000 tcp 10.0.2.109 54053 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:19:00.469875 0.045545 tcp 10.0.2.109 54054 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:19:00.515679 0.045289 tcp 10.0.2.109 54055 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:19:00.561242 0.142849 tcp 10.0.2.109 54056 -> 195.113.214.211 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:19:00.716810 2.997409 tcp 10.0.2.109 54057 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:19:09.712151 0.000000 tcp 10.0.2.109 54057 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:19:15.711261 3.004416 tcp 10.0.2.109 54058 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:19:24.713928 0.000000 tcp 10.0.2.109 54058 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:24:04.779599 3.001460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 20:24:11.786438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:24:19.788556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:24:30.714830 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 20:24:30.715025 2.993261 tcp 10.0.2.109 54059 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:24:35.791360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:24:39.716858 0.000000 tcp 10.0.2.109 54059 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:24:45.717797 0.045406 tcp 10.0.2.109 54060 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:24:45.763555 0.045165 tcp 10.0.2.109 54061 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:24:45.809055 0.133235 tcp 10.0.2.109 54062 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:24:46.111645 2.998914 tcp 10.0.2.109 54063 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:24:55.108997 0.000000 tcp 10.0.2.109 54063 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:25:01.108256 0.264072 tcp 10.0.2.109 54064 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:25:01.372681 0.046506 tcp 10.0.2.109 54065 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:25:01.419567 0.137331 tcp 10.0.2.109 54066 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:25:01.703922 2.975668 tcp 10.0.2.109 54067 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:25:07.969858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:25:10.622626 0.000000 tcp 10.0.2.109 54067 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:25:16.565839 2.976785 tcp 10.0.2.109 54068 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:25:25.487540 0.000000 tcp 10.0.2.109 54068 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:30:31.473734 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 20:30:31.473840 3.003252 tcp 10.0.2.109 54069 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:30:40.475805 0.000000 tcp 10.0.2.109 54069 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:30:46.476265 0.046794 tcp 10.0.2.109 54070 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:30:46.523395 0.046259 tcp 10.0.2.109 54071 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:30:46.569978 0.137327 tcp 10.0.2.109 54072 -> 195.113.214.211 443 SRPA* 0 0 40 20888 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:30:46.797081 2.992127 tcp 10.0.2.109 54073 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:30:55.797634 0.000000 tcp 10.0.2.109 54073 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:31:01.796792 0.045048 tcp 10.0.2.109 54074 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:31:01.842316 0.047202 tcp 10.0.2.109 54075 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:31:01.889869 0.142343 tcp 10.0.2.109 54076 -> 195.113.214.211 443 SRPA* 0 0 28 11304 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:31:02.067990 3.003005 tcp 10.0.2.109 54077 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:31:11.069683 0.000000 tcp 10.0.2.109 54077 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:31:11.803886 3.000841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 20:31:17.068314 3.004246 tcp 10.0.2.109 54078 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:31:18.810841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:31:26.071345 0.000000 tcp 10.0.2.109 54078 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:31:26.812534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:31:42.815285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:32:14.821638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:36:32.072044 0.000153 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 20:36:32.072297 3.003181 tcp 10.0.2.109 54079 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:36:41.074568 0.000000 tcp 10.0.2.109 54079 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:36:47.074312 0.045826 tcp 10.0.2.109 54080 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:36:47.120415 0.045000 tcp 10.0.2.109 54081 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:36:47.165742 0.138805 tcp 10.0.2.109 54082 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:36:47.324402 3.003294 tcp 10.0.2.109 54083 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:36:56.335966 0.000000 tcp 10.0.2.109 54083 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:37:02.325431 0.045275 tcp 10.0.2.109 54084 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:37:02.371019 0.045738 tcp 10.0.2.109 54085 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:37:02.417025 0.142582 tcp 10.0.2.109 54086 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:37:02.591154 2.987820 tcp 10.0.2.109 54087 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:37:11.577670 0.000000 tcp 10.0.2.109 54087 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:37:17.576674 2.994032 tcp 10.0.2.109 54088 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:37:26.569602 0.000000 tcp 10.0.2.109 54088 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:38:18.827973 3.000998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 20:38:25.834579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:38:33.836234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:38:49.839323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:39:21.845010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:45:25.851744 3.001341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 20:45:32.858769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:45:40.860544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:45:56.862980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:46:28.869579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:48:52.786893 0.000179 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 20:48:52.787179 0.050444 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:52.834670 0.168439 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:52.981426 0.164176 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:53.153520 0.466069 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:53.586891 0.047535 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:53.831679 0.113924 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:53.919377 0.409349 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:54.306330 0.165403 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:54.459991 0.147041 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:54.599621 0.170716 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:54.747475 1.567492 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:55.354684 0.168276 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 1991 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:55.522096 0.172313 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:55.673153 0.192328 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:55.858781 0.157445 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:56.017869 0.210280 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:56.204078 0.310385 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:56.512790 0.240065 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:56.713710 0.070709 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:56.806635 0.351568 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:57.159758 0.175411 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:57.332242 0.171260 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:57.498005 0.252867 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:57.713908 0.339109 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:58.062500 0.388744 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:58.431884 0.353406 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:48:58.781413 0.381876 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/06 20:49:02.620682 3.003818 tcp 10.0.2.109 54089 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:49:11.623230 0.000000 tcp 10.0.2.109 54089 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:49:17.623653 0.046548 tcp 10.0.2.109 54090 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:49:17.670489 0.045675 tcp 10.0.2.109 54091 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:49:17.716508 0.141972 tcp 10.0.2.109 54092 -> 195.113.214.211 443 SRPA* 0 0 32 17012 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:49:17.885199 3.001733 tcp 10.0.2.109 54093 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:49:26.885128 0.000000 tcp 10.0.2.109 54093 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:49:32.884699 0.045056 tcp 10.0.2.109 54094 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:49:32.929549 0.045998 tcp 10.0.2.109 54095 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:49:32.975922 0.134542 tcp 10.0.2.109 54096 -> 195.113.214.211 443 SRPA* 0 0 32 17786 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:49:33.122502 2.995976 tcp 10.0.2.109 54097 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:49:42.127302 0.000000 tcp 10.0.2.109 54097 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:49:48.115988 2.993874 tcp 10.0.2.109 54098 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:49:57.109047 0.000000 tcp 10.0.2.109 54098 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:54:21.881745 3.002039 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 20:54:28.892141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:54:36.890927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:54:52.894016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:55:03.119316 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 20:55:03.119404 3.003452 tcp 10.0.2.109 54099 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:55:12.121737 0.000000 tcp 10.0.2.109 54099 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:55:18.125193 0.046931 tcp 10.0.2.109 54100 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:55:18.172535 0.045587 tcp 10.0.2.109 54101 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:55:18.218406 0.142343 tcp 10.0.2.109 54102 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:55:18.371162 3.003778 tcp 10.0.2.109 54103 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:55:24.899549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 20:55:27.373945 0.000000 tcp 10.0.2.109 54103 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:55:33.362595 0.044897 tcp 10.0.2.109 54104 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:55:33.407758 0.046463 tcp 10.0.2.109 54105 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:55:33.454483 0.136615 tcp 10.0.2.109 54106 -> 195.113.214.211 443 SRPA* 0 0 27 13714 flow=From-Botnet-V1-TCP-Established 1970/02/06 20:55:33.660950 3.006047 tcp 10.0.2.109 54107 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:55:42.665432 0.000000 tcp 10.0.2.109 54107 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:55:48.654671 2.993950 tcp 10.0.2.109 54108 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 20:55:57.657224 0.000000 tcp 10.0.2.109 54108 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:01:03.657916 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 21:01:03.658117 3.003226 tcp 10.0.2.109 54109 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:01:12.660371 0.000000 tcp 10.0.2.109 54109 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:01:18.660840 0.046808 tcp 10.0.2.109 54110 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:01:18.708017 0.046130 tcp 10.0.2.109 54111 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:01:18.754507 0.146267 tcp 10.0.2.109 54112 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:01:18.997826 3.005629 tcp 10.0.2.109 54113 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:01:28.001958 0.000000 tcp 10.0.2.109 54113 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:01:33.991139 0.050880 tcp 10.0.2.109 54114 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:01:34.042352 0.521114 tcp 10.0.2.109 54115 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:01:34.563314 0.137724 tcp 10.0.2.109 54116 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:01:34.851015 3.005391 tcp 10.0.2.109 54117 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:01:43.855033 0.000000 tcp 10.0.2.109 54117 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:01:48.914344 3.001991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 21:01:49.843594 2.994693 tcp 10.0.2.109 54118 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:01:55.921884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:01:58.846855 0.000000 tcp 10.0.2.109 54118 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:02:03.923651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:02:19.926638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:02:51.932652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:07:04.849021 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 21:07:04.849143 2.991715 tcp 10.0.2.109 54119 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:07:13.839103 0.000000 tcp 10.0.2.109 54119 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:07:19.849755 0.530307 tcp 10.0.2.109 54120 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:07:20.380340 0.049404 tcp 10.0.2.109 54121 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:07:20.430046 0.137067 tcp 10.0.2.109 54122 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:07:20.590520 2.970925 tcp 10.0.2.109 54123 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:07:29.503023 0.000000 tcp 10.0.2.109 54123 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:07:35.446661 0.045702 tcp 10.0.2.109 54124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:07:35.492665 0.045195 tcp 10.0.2.109 54125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:07:35.538395 0.145244 tcp 10.0.2.109 54126 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:07:35.721436 2.969719 tcp 10.0.2.109 54127 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:07:44.632260 0.000000 tcp 10.0.2.109 54127 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:07:50.575090 2.972423 tcp 10.0.2.109 54128 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:07:59.491917 0.000000 tcp 10.0.2.109 54128 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:09:03.940461 3.002136 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 21:09:10.947710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:09:18.949576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:09:34.951779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:10:06.958600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:16:10.965353 2.999963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 21:16:17.971636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:16:25.973251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:16:41.976393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:17:13.982187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:19:03.209770 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 21:19:03.209876 0.050990 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:03.253889 0.168560 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:03.400474 0.163526 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:03.905303 0.710005 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:04.580535 0.048576 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:04.994606 0.113501 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:05.082548 0.155971 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:05.258723 0.171315 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:05.408797 0.413435 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:05.423107 3.003895 tcp 10.0.2.109 54129 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:19:05.800959 0.167544 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:05.980512 0.480058 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:06.420628 0.167684 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:06.690809 0.168851 rtp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:06.838040 0.193700 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:07.024944 0.157319 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:07.318761 0.239151 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:07.517315 0.074532 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:07.812887 0.203777 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:07.993918 0.312443 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:08.305361 0.548036 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:08.982869 0.172979 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:09.151551 0.174071 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:09.390844 0.247071 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:09.602817 0.349633 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:09.948798 0.335289 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:10.551121 0.388339 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:10.919406 0.385631 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:19:14.425343 0.000000 tcp 10.0.2.109 54129 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:19:20.425846 0.031958 tcp 10.0.2.109 54130 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:19:20.458088 0.032325 tcp 10.0.2.109 54131 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:19:20.490702 0.125781 tcp 10.0.2.109 54132 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:19:20.913033 2.995762 tcp 10.0.2.109 54133 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:19:29.917464 0.000000 tcp 10.0.2.109 54133 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:19:35.906921 0.030329 tcp 10.0.2.109 54134 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:19:35.937518 0.030964 tcp 10.0.2.109 54135 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:19:35.968797 0.126582 tcp 10.0.2.109 54136 -> 195.113.214.211 443 SRPA* 0 0 31 22144 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:19:36.197879 2.993016 tcp 10.0.2.109 54137 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:19:45.189407 0.000000 tcp 10.0.2.109 54137 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:19:51.197951 3.004716 tcp 10.0.2.109 54138 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:20:00.201141 0.000000 tcp 10.0.2.109 54138 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:23:17.987768 3.002011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 21:23:24.995413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:23:32.996875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:23:49.000173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:24:21.006383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:25:06.201666 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 21:25:06.201770 3.003612 tcp 10.0.2.109 54139 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:25:15.203873 0.000000 tcp 10.0.2.109 54139 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:25:21.204727 0.031183 tcp 10.0.2.109 54140 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:25:21.236176 0.032041 tcp 10.0.2.109 54141 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:25:21.268512 0.124411 tcp 10.0.2.109 54142 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:25:21.410952 3.006262 tcp 10.0.2.109 54143 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:25:30.415728 0.000000 tcp 10.0.2.109 54143 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:25:36.405184 0.031809 tcp 10.0.2.109 54144 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:25:36.436826 0.031853 tcp 10.0.2.109 54145 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:25:36.468988 0.134187 tcp 10.0.2.109 54146 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:25:36.622782 2.996464 tcp 10.0.2.109 54147 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:25:45.617665 0.000000 tcp 10.0.2.109 54147 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:25:51.616732 2.994003 tcp 10.0.2.109 54148 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:26:00.609213 0.000000 tcp 10.0.2.109 54148 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:30:25.023167 3.000457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 21:30:32.029705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:30:40.031270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:30:56.034315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:31:06.619915 0.000178 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 21:31:06.620200 3.003052 tcp 10.0.2.109 54149 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:31:15.622367 0.000000 tcp 10.0.2.109 54149 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:31:21.622645 0.031015 tcp 10.0.2.109 54150 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:31:21.653934 0.031253 tcp 10.0.2.109 54151 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:31:21.685500 0.125643 tcp 10.0.2.109 54152 -> 195.113.214.211 443 SRPA* 0 0 53 35460 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:31:21.984067 3.001669 tcp 10.0.2.109 54153 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:31:28.040496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:31:30.984399 0.000000 tcp 10.0.2.109 54153 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:31:36.983698 0.031096 tcp 10.0.2.109 54154 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:31:37.015091 0.031155 tcp 10.0.2.109 54155 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:31:37.046531 0.126767 tcp 10.0.2.109 54156 -> 195.113.214.211 443 SRPA* 0 0 51 32904 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:31:37.281236 2.986521 tcp 10.0.2.109 54157 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:31:46.276557 0.000000 tcp 10.0.2.109 54157 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:31:52.275057 2.994005 tcp 10.0.2.109 54158 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:32:01.267869 0.000000 tcp 10.0.2.109 54158 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:37:07.278252 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 21:37:07.278351 3.004257 tcp 10.0.2.109 54159 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:37:16.280818 0.000000 tcp 10.0.2.109 54159 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:37:22.281208 0.032324 tcp 10.0.2.109 54160 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:37:22.313863 0.031436 tcp 10.0.2.109 54161 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:37:22.345628 0.129481 tcp 10.0.2.109 54162 -> 195.113.214.211 443 SRPA* 0 0 72 70066 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:37:22.551659 3.002380 tcp 10.0.2.109 54163 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:37:31.552707 0.000000 tcp 10.0.2.109 54163 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:37:32.047098 3.000523 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 21:37:37.551744 0.030369 tcp 10.0.2.109 54164 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:37:37.582360 0.031347 tcp 10.0.2.109 54165 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:37:37.614225 0.128332 tcp 10.0.2.109 54166 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:37:37.763834 3.002313 tcp 10.0.2.109 54167 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:37:39.053422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:37:46.764815 0.000000 tcp 10.0.2.109 54167 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:37:47.055248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:37:52.763444 2.994065 tcp 10.0.2.109 54168 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:38:01.766013 0.000000 tcp 10.0.2.109 54168 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:38:03.057661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:38:35.063585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:44:39.070643 3.001169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 21:44:46.077307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:44:54.079004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:45:10.082171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:45:42.087757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:49:23.906867 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 21:49:23.906968 0.163658 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:24.064456 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 21:49:37.807170 3.003903 tcp 10.0.2.109 54169 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:49:39.872425 0.032590 tcp 10.0.2.109 54170 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:49:39.905359 0.031738 tcp 10.0.2.109 54171 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:49:39.937433 0.125697 tcp 10.0.2.109 54172 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:49:40.063674 0.166646 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:40.208857 0.414344 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:40.579480 0.046926 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:40.657342 0.112138 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:40.744544 0.148693 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:40.889618 0.170051 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:41.036170 0.414160 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:41.430043 0.164443 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:41.586503 0.173172 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:41.738841 1.529950 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:42.329363 0.168280 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:42.622717 0.189373 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:42.804284 0.155809 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:42.966811 0.234723 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:43.163556 0.070329 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:43.315541 0.209202 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:43.501314 0.310218 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:43.810484 0.457929 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:44.340165 0.176565 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:44.514226 0.165500 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:44.674660 0.249621 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:44.888251 0.348925 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:45.233850 0.344461 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:45.590722 0.406752 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:45.976123 0.370452 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 1996 flow=From-Botnet-V1-UDP-Established 1970/02/06 21:49:46.809260 0.000000 tcp 10.0.2.109 54169 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:49:52.808539 0.030560 tcp 10.0.2.109 54173 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:49:52.839370 0.032408 tcp 10.0.2.109 54174 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:49:52.872091 0.128867 tcp 10.0.2.109 54175 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:49:53.010489 3.002930 tcp 10.0.2.109 54176 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:50:02.011696 0.000000 tcp 10.0.2.109 54176 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:53:59.095866 3.000980 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 21:54:06.102931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:54:14.104597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:54:30.107337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:55:02.113535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 21:55:08.012169 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 21:55:08.012363 3.003445 tcp 10.0.2.109 54177 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:55:17.014539 0.000000 tcp 10.0.2.109 54177 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:55:23.014941 0.031997 tcp 10.0.2.109 54178 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:55:23.047226 0.084378 tcp 10.0.2.109 54179 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:55:23.131929 0.125818 tcp 10.0.2.109 54180 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:55:23.269124 2.998599 tcp 10.0.2.109 54181 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:55:32.276746 0.000000 tcp 10.0.2.109 54181 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:55:38.266042 0.031680 tcp 10.0.2.109 54182 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:55:38.297505 0.034023 tcp 10.0.2.109 54183 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:55:38.331448 0.124714 tcp 10.0.2.109 54184 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/02/06 21:55:38.467927 3.002052 tcp 10.0.2.109 54185 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:55:47.468415 0.000000 tcp 10.0.2.109 54185 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:55:53.467486 3.003905 tcp 10.0.2.109 54186 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 21:56:02.469956 0.000000 tcp 10.0.2.109 54186 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:01:06.119566 3.002799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 22:01:08.472800 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 22:01:08.472968 3.001553 tcp 10.0.2.109 54187 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:01:13.126654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:01:17.473146 0.000000 tcp 10.0.2.109 54187 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:01:21.128113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:01:23.473510 0.031966 tcp 10.0.2.109 54188 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:01:23.505764 0.031907 tcp 10.0.2.109 54189 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:01:23.537947 0.130172 tcp 10.0.2.109 54190 -> 195.113.214.211 443 SRPA* 0 0 56 42124 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:01:23.726875 2.999367 tcp 10.0.2.109 54191 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:01:32.724312 0.000000 tcp 10.0.2.109 54191 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:01:37.131121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:01:38.723740 0.031775 tcp 10.0.2.109 54192 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:01:38.755822 0.031840 tcp 10.0.2.109 54193 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:01:38.787516 0.130355 tcp 10.0.2.109 54194 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:01:39.208675 2.999781 tcp 10.0.2.109 54195 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:01:48.217101 0.000000 tcp 10.0.2.109 54195 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:01:54.205586 2.994789 tcp 10.0.2.109 54196 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:02:03.198716 0.000000 tcp 10.0.2.109 54196 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:02:09.137484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:07:09.209283 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 22:07:09.209455 3.004954 tcp 10.0.2.109 54197 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:07:18.211460 0.000000 tcp 10.0.2.109 54197 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:07:24.212508 0.032742 tcp 10.0.2.109 54198 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:07:24.245534 0.032155 tcp 10.0.2.109 54199 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:07:24.277912 0.296785 tcp 10.0.2.109 54200 -> 195.113.214.211 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:07:24.610050 3.004787 tcp 10.0.2.109 54201 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:07:33.613934 0.000000 tcp 10.0.2.109 54201 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:07:39.614888 0.030644 tcp 10.0.2.109 54202 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:07:39.645352 0.033341 tcp 10.0.2.109 54203 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:07:39.678998 0.130237 tcp 10.0.2.109 54204 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:07:40.031539 3.005463 tcp 10.0.2.109 54205 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:07:49.035366 0.000000 tcp 10.0.2.109 54205 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:07:55.024810 2.993829 tcp 10.0.2.109 54206 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:08:04.027477 0.000000 tcp 10.0.2.109 54206 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:08:13.143774 3.001078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 22:08:20.410212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:08:28.333238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:08:44.186114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:09:16.171228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:13:10.027735 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 22:13:10.027833 3.004006 tcp 10.0.2.109 54207 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:13:19.030799 0.000000 tcp 10.0.2.109 54207 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:13:25.030999 0.031819 tcp 10.0.2.109 54208 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:13:25.063136 0.032871 tcp 10.0.2.109 54209 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:13:25.096304 0.138119 tcp 10.0.2.109 54210 -> 195.113.214.211 443 SRPA* 0 0 55 34126 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:13:25.833949 3.000413 tcp 10.0.2.109 54211 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:13:34.833018 0.000000 tcp 10.0.2.109 54211 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:15:20.178233 3.000664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 22:15:27.185846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:15:35.186086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:15:51.189338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:16:23.195311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:20:02.370511 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 22:20:02.370600 0.058796 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:02.450453 0.165194 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:02.609542 0.173583 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2637 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:03.054568 0.413013 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:03.427020 0.047746 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:03.547091 0.117167 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:03.639369 0.146458 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:03.875978 0.160198 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:04.028500 0.168895 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:04.555051 0.822201 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:05.290062 0.423231 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:05.690377 2.324775 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:07.895889 0.169129 rtp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2611 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:08.678631 0.196694 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:08.867601 0.156240 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:09.044230 0.208826 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:09.228434 0.309088 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:09.536259 0.236407 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2007 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:09.737599 0.075767 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2524 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:10.178755 0.393995 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:10.608085 0.175319 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:10.780581 0.169002 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:10.845265 3.000981 tcp 10.0.2.109 54212 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:20:10.939660 0.249422 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:11.154235 0.397048 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:11.529999 0.348964 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 1989 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:11.875453 0.319414 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:12.194125 0.383385 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:20:19.845242 0.000000 tcp 10.0.2.109 54212 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:20:25.845843 0.032100 tcp 10.0.2.109 54213 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:20:25.878346 0.043862 tcp 10.0.2.109 54214 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:20:25.922491 0.151800 tcp 10.0.2.109 54215 -> 195.113.214.211 443 SRPA* 0 0 43 33268 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:20:26.474329 2.994836 tcp 10.0.2.109 54216 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:20:35.468414 0.000000 tcp 10.0.2.109 54216 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:20:41.466952 0.030770 tcp 10.0.2.109 54217 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:20:41.498033 0.033508 tcp 10.0.2.109 54218 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:20:41.531816 0.236775 tcp 10.0.2.109 54219 -> 195.113.214.211 443 SRPA* 0 0 43 34506 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:20:42.780604 3.002087 tcp 10.0.2.109 54220 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:20:51.781410 0.000000 tcp 10.0.2.109 54220 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:20:57.780067 3.003550 tcp 10.0.2.109 54221 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:21:06.782396 0.000000 tcp 10.0.2.109 54221 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:22:27.202303 3.000816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 22:22:34.208915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:22:42.209906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:22:58.213134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:23:30.219188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:26:12.783178 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 22:26:12.783342 3.003396 tcp 10.0.2.109 54222 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:26:21.785350 0.000000 tcp 10.0.2.109 54222 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:26:27.786454 0.055612 tcp 10.0.2.109 54223 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:26:27.842452 0.034042 tcp 10.0.2.109 54224 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:26:27.876863 0.133331 tcp 10.0.2.109 54225 -> 195.113.214.211 443 SRPA* 0 0 24 10254 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:26:28.460727 2.999155 tcp 10.0.2.109 54226 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:26:37.458559 0.000000 tcp 10.0.2.109 54226 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:26:43.457725 0.031760 tcp 10.0.2.109 54227 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:26:43.489797 0.031764 tcp 10.0.2.109 54228 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:26:43.521851 0.139324 tcp 10.0.2.109 54229 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:26:43.672154 2.999377 tcp 10.0.2.109 54230 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:26:52.670012 0.000000 tcp 10.0.2.109 54230 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:26:58.669137 3.003951 tcp 10.0.2.109 54231 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:27:07.671575 0.000000 tcp 10.0.2.109 54231 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:29:34.225363 3.001637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 22:29:41.232319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:29:49.233719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:30:05.237206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:30:37.242994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:32:13.672368 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 22:32:13.672528 3.003358 tcp 10.0.2.109 54232 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:32:22.674964 0.000000 tcp 10.0.2.109 54232 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:32:28.675010 0.053758 tcp 10.0.2.109 54233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:32:28.729113 0.032413 tcp 10.0.2.109 54234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:32:28.761809 0.127178 tcp 10.0.2.109 54235 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:32:28.907697 3.000287 tcp 10.0.2.109 54236 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:32:37.915973 0.000000 tcp 10.0.2.109 54236 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:32:43.905717 0.030427 tcp 10.0.2.109 54237 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:32:43.936446 0.055843 tcp 10.0.2.109 54238 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:32:43.992159 0.130127 tcp 10.0.2.109 54239 -> 195.113.214.211 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:32:44.249697 3.000595 tcp 10.0.2.109 54240 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:32:53.248748 0.000000 tcp 10.0.2.109 54240 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:32:59.247372 3.004329 tcp 10.0.2.109 54241 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:33:08.250303 0.000000 tcp 10.0.2.109 54241 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:36:41.249688 3.000972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 22:36:48.256741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:36:56.258480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:37:12.260960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:37:44.267051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:38:14.250895 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 22:38:14.251079 3.003620 tcp 10.0.2.109 54242 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:38:23.253085 0.000000 tcp 10.0.2.109 54242 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:38:29.253482 0.133019 tcp 10.0.2.109 54243 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:38:29.386834 0.032238 tcp 10.0.2.109 54244 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:38:29.419457 0.225292 tcp 10.0.2.109 54245 -> 195.113.214.211 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:38:29.761322 3.005394 tcp 10.0.2.109 54246 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:38:38.765022 0.000000 tcp 10.0.2.109 54246 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:38:44.754777 0.030446 tcp 10.0.2.109 54247 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:38:44.785475 0.031660 tcp 10.0.2.109 54248 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:38:44.817447 0.132076 tcp 10.0.2.109 54249 -> 195.113.214.211 443 SRPA* 0 0 36 19630 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:38:44.969861 2.998942 tcp 10.0.2.109 54250 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:38:53.976627 0.000000 tcp 10.0.2.109 54250 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:38:59.965569 2.994935 tcp 10.0.2.109 54251 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:39:08.958884 0.000000 tcp 10.0.2.109 54251 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:43:48.273498 3.055106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 22:43:55.307840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:44:03.291849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:44:19.294963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:44:51.301285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:50:14.796790 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 22:50:14.796898 0.050924 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:14.845444 0.163805 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:15.003496 0.164084 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2008 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:15.006946 2.993975 tcp 10.0.2.109 54252 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:50:15.394676 1.013603 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 5 2006 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:16.372207 0.048238 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:16.732012 0.127820 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:16.834163 0.157819 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:16.983967 0.161094 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:17.136980 0.171347 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:17.286442 0.170265 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:17.431355 0.410978 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2016 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:17.822299 2.389694 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:19.310756 0.166945 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:19.487501 0.195892 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:19.675197 0.312245 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1972 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:20.061394 0.237993 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:20.310825 0.158299 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:20.601832 0.206811 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:20.786653 0.073636 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:20.847039 0.336413 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:21.203351 0.171780 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:21.372070 0.391266 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:21.746508 0.348911 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:22.091626 0.162741 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:22.356217 0.251349 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:22.571573 0.323171 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:22.981013 0.389889 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/06 22:50:23.999576 0.000000 tcp 10.0.2.109 54252 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:50:30.009902 0.054147 tcp 10.0.2.109 54253 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:50:30.063843 0.031589 tcp 10.0.2.109 54254 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:50:30.095750 0.135124 tcp 10.0.2.109 54255 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:50:30.305667 2.997091 tcp 10.0.2.109 54256 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:50:39.301274 0.000000 tcp 10.0.2.109 54256 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:50:55.308031 3.000817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 22:51:02.314395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:51:10.316017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:51:26.319001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:51:58.325244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:55:45.301887 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 22:55:45.302195 3.003522 tcp 10.0.2.109 54257 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:55:54.303893 0.000000 tcp 10.0.2.109 54257 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:56:00.304636 0.033045 tcp 10.0.2.109 54258 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:56:00.337921 0.034619 tcp 10.0.2.109 54259 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:56:00.372875 0.135692 tcp 10.0.2.109 54260 -> 195.113.214.211 443 SRPA* 0 0 28 17830 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:56:00.519215 3.008164 tcp 10.0.2.109 54261 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:56:09.536745 0.000000 tcp 10.0.2.109 54261 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:56:15.515445 0.031317 tcp 10.0.2.109 54262 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:56:15.547060 0.031966 tcp 10.0.2.109 54263 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:56:15.579346 0.130737 tcp 10.0.2.109 54264 -> 195.113.214.211 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/06 22:56:15.797718 2.991802 tcp 10.0.2.109 54265 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:56:24.788064 0.000000 tcp 10.0.2.109 54265 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:56:30.796301 2.994812 tcp 10.0.2.109 54266 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:56:39.789314 0.000000 tcp 10.0.2.109 54266 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 22:58:02.331363 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 22:58:09.338568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:58:17.339859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:58:33.343151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 22:59:05.349027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:01:45.800331 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 23:01:45.800530 3.003375 tcp 10.0.2.109 54267 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:01:54.802201 0.000000 tcp 10.0.2.109 54267 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:02:00.802604 0.053166 tcp 10.0.2.109 54268 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:02:00.856055 0.054251 tcp 10.0.2.109 54269 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:02:00.910562 0.128362 tcp 10.0.2.109 54270 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:02:01.283102 3.003443 tcp 10.0.2.109 54271 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:02:10.284585 0.000000 tcp 10.0.2.109 54271 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:02:16.284369 0.052245 tcp 10.0.2.109 54272 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:02:16.337012 0.055123 tcp 10.0.2.109 54273 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:02:16.392391 0.261208 tcp 10.0.2.109 54274 -> 195.113.214.211 443 SRPA* 0 0 74 53548 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:02:16.701034 2.997513 tcp 10.0.2.109 54275 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:02:25.706977 0.000000 tcp 10.0.2.109 54275 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:02:31.695859 2.993866 tcp 10.0.2.109 54276 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:02:40.688669 0.000000 tcp 10.0.2.109 54276 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:05:09.355485 3.001173 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 23:05:16.362425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:05:24.363921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:05:40.367018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:06:12.372875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:07:46.699227 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 23:07:46.699338 3.003579 tcp 10.0.2.109 54277 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:07:55.701631 0.000000 tcp 10.0.2.109 54277 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:08:01.702325 0.454019 tcp 10.0.2.109 54278 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:08:02.156638 0.031474 tcp 10.0.2.109 54279 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:08:02.188439 0.133032 tcp 10.0.2.109 54280 -> 195.113.214.211 443 SRPA* 0 0 41 21646 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:08:03.091133 2.968818 tcp 10.0.2.109 54281 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:08:12.009109 0.000000 tcp 10.0.2.109 54281 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:08:17.954134 0.032447 tcp 10.0.2.109 54282 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:08:17.986302 0.063537 tcp 10.0.2.109 54283 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:08:18.050198 0.128675 tcp 10.0.2.109 54284 -> 195.113.214.211 443 SRPA* 0 0 34 16474 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:08:18.448099 2.968820 tcp 10.0.2.109 54285 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:08:27.366954 0.000000 tcp 10.0.2.109 54285 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:08:33.306861 2.969951 tcp 10.0.2.109 54286 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:08:42.217563 0.000000 tcp 10.0.2.109 54286 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:12:16.379269 3.003242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 23:12:23.386438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:12:31.387806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:12:47.390992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:13:19.396999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:13:48.179139 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 23:13:48.179238 3.003805 tcp 10.0.2.109 54287 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:13:57.181005 0.000000 tcp 10.0.2.109 54287 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:14:03.181528 0.034362 tcp 10.0.2.109 54288 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:14:03.216248 0.054628 tcp 10.0.2.109 54289 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:14:03.271142 0.134657 tcp 10.0.2.109 54290 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:14:03.716900 2.997496 tcp 10.0.2.109 54291 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:14:12.713518 0.000000 tcp 10.0.2.109 54291 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:19:23.403113 3.002092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 23:19:30.410085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:19:38.411847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:19:54.414851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:20:26.420784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:20:39.089627 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 23:20:39.089731 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 23:20:56.396098 0.053996 tcp 10.0.2.109 54292 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:20:56.450422 0.054909 tcp 10.0.2.109 54293 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:20:56.505610 0.131602 tcp 10.0.2.109 54294 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:20:56.637887 0.162772 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:56.795437 0.170359 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:56.942540 0.760053 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:57.702534 0.047112 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:57.872484 0.111327 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:57.955756 0.172586 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:58.105594 0.168777 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:58.315454 0.415889 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:58.709572 0.145598 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:58.884775 0.167916 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:59.041854 0.662757 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:59.505955 0.166904 udp 10.0.2.109 3683 <-> 70.113.214.19 3192 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:20:59.883220 0.191663 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:00.091124 0.155937 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:00.340871 0.214365 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:00.530117 0.079959 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:01.105966 0.310241 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:01.414991 0.238870 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:02.148544 0.561855 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:02.726738 0.177176 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:02.901234 0.394423 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 1975 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:03.273387 0.248626 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:03.489351 0.324123 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 1991 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:03.812332 0.354824 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:03.977936 2.968250 tcp 10.0.2.109 54295 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:21:04.163673 0.165565 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:04.410911 0.396312 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:21:12.900629 0.000000 tcp 10.0.2.109 54295 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:21:18.841031 0.053386 tcp 10.0.2.109 54296 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:21:18.894715 0.054819 tcp 10.0.2.109 54297 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:21:18.949833 0.145057 tcp 10.0.2.109 54298 -> 195.113.214.211 443 SRPA* 0 0 45 27536 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:21:19.106435 2.974047 tcp 10.0.2.109 54299 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:21:28.023950 0.000000 tcp 10.0.2.109 54299 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:21:33.988856 0.052909 tcp 10.0.2.109 54300 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:21:34.042089 0.034675 tcp 10.0.2.109 54301 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:21:34.077073 0.148893 tcp 10.0.2.109 54302 -> 195.113.214.211 443 SRPA* 0 0 50 33812 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:21:34.253962 2.998662 tcp 10.0.2.109 54303 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:21:43.251284 0.000000 tcp 10.0.2.109 54303 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:21:49.250389 3.003925 tcp 10.0.2.109 54304 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:21:58.253045 0.000000 tcp 10.0.2.109 54304 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:26:30.427226 3.001326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 23:26:37.434438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:26:45.435743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:27:01.438875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:27:04.253518 0.000220 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 23:27:04.254718 3.002936 tcp 10.0.2.109 54305 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:27:13.256021 0.000000 tcp 10.0.2.109 54305 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:27:19.256147 0.054747 tcp 10.0.2.109 54306 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:27:19.311155 0.053150 tcp 10.0.2.109 54307 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:27:19.364673 0.127247 tcp 10.0.2.109 54308 -> 195.113.214.211 443 SRPA* 0 0 39 33888 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:27:19.513462 2.995549 tcp 10.0.2.109 54309 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:27:28.517825 0.000000 tcp 10.0.2.109 54309 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:27:33.444964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:27:34.507329 0.034249 tcp 10.0.2.109 54310 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:27:34.541389 0.055940 tcp 10.0.2.109 54311 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:27:34.597735 0.143950 tcp 10.0.2.109 54312 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:27:34.798969 3.002218 tcp 10.0.2.109 54313 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:27:43.800061 0.000000 tcp 10.0.2.109 54313 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:27:49.798326 3.003809 tcp 10.0.2.109 54314 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:27:58.801182 0.000000 tcp 10.0.2.109 54314 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:33:04.882214 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 23:33:04.882311 3.003542 tcp 10.0.2.109 54315 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:33:13.883908 0.000000 tcp 10.0.2.109 54315 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:33:19.885030 0.075338 tcp 10.0.2.109 54316 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:33:19.960620 0.050194 tcp 10.0.2.109 54317 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:33:20.011123 0.275388 tcp 10.0.2.109 54318 -> 195.113.214.211 443 SRPA* 0 0 54 33862 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:33:20.324794 2.993105 tcp 10.0.2.109 54319 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:33:29.326341 0.000000 tcp 10.0.2.109 54319 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:33:35.325882 0.031343 tcp 10.0.2.109 54320 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:33:35.357585 0.052964 tcp 10.0.2.109 54321 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:33:35.410800 0.130551 tcp 10.0.2.109 54322 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:33:35.617092 2.992698 tcp 10.0.2.109 54323 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:33:37.531144 3.001558 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 23:33:44.539469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:33:44.609446 0.000000 tcp 10.0.2.109 54323 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:33:50.617950 2.997412 tcp 10.0.2.109 54324 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:33:52.539818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:33:59.610246 0.000000 tcp 10.0.2.109 54324 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:34:08.549193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:34:40.548949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:39:05.620715 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 23:39:05.620867 3.003352 tcp 10.0.2.109 54325 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:39:14.623079 0.000000 tcp 10.0.2.109 54325 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:39:20.623278 0.091220 tcp 10.0.2.109 54326 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:39:20.714771 0.055231 tcp 10.0.2.109 54327 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:39:20.770295 0.150034 tcp 10.0.2.109 54328 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:39:20.988166 2.998221 tcp 10.0.2.109 54329 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:39:29.985018 0.000000 tcp 10.0.2.109 54329 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:39:35.984090 0.030980 tcp 10.0.2.109 54330 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:39:36.015338 0.057088 tcp 10.0.2.109 54331 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:39:36.072697 0.177602 tcp 10.0.2.109 54332 -> 195.113.214.211 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:39:36.558581 3.000255 tcp 10.0.2.109 54333 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:39:45.567659 0.000000 tcp 10.0.2.109 54333 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:39:51.555704 2.994637 tcp 10.0.2.109 54334 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:40:00.548934 0.000000 tcp 10.0.2.109 54334 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:40:44.555760 3.000639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 23:40:51.562254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:40:59.564256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:41:15.566321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:41:47.572759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:47:51.579774 3.023622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/06 23:47:58.596408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:48:06.598029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:48:22.601017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:48:54.606623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:51:31.572728 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/06 23:51:31.572832 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 23:51:50.103059 0.762862 tcp 10.0.2.109 54335 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:51:50.866244 0.053040 tcp 10.0.2.109 54336 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:51:50.919584 0.152562 tcp 10.0.2.109 54337 -> 195.113.214.211 443 SRPA* 0 0 41 34010 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:51:51.072706 0.164584 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:51.231530 0.182692 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:51.459132 0.415131 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:51.830298 0.047938 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:51.884200 0.115470 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:51.973357 0.171470 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:52.122552 0.147504 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:52.263225 0.170530 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:52.312401 2.959684 tcp 10.0.2.109 54338 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:51:52.421206 0.169300 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:52.568576 0.410986 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:52.958676 0.711819 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:51:53.411560 0.000000 udp 10.0.2.109 3683 -> 70.113.214.19 3192 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/06 23:52:01.195544 0.000000 tcp 10.0.2.109 54338 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:52:07.125068 0.033889 tcp 10.0.2.109 54339 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:52:07.159251 0.033224 tcp 10.0.2.109 54340 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:52:07.192807 0.144026 tcp 10.0.2.109 54341 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:52:07.424971 2.955976 tcp 10.0.2.109 54342 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:52:11.712238 0.031501 tcp 10.0.2.109 54343 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:52:11.743641 0.063174 tcp 10.0.2.109 54344 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:52:11.807083 0.128379 tcp 10.0.2.109 54345 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:52:11.936054 0.196999 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:12.125051 0.078780 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:12.446982 0.154971 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:12.608156 0.209290 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:12.795450 0.310213 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:13.239352 0.242673 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:13.439269 0.344861 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:13.791291 0.172515 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:13.960517 0.330418 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:14.290201 0.349287 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:14.635785 0.389732 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:15.005026 0.243139 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:15.216372 0.165870 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:15.544373 0.344784 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2035 flow=From-Botnet-V1-UDP-Established 1970/02/06 23:52:16.321782 0.000000 tcp 10.0.2.109 54342 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:52:22.258465 0.031252 tcp 10.0.2.109 54346 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:52:22.290015 0.067613 tcp 10.0.2.109 54347 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:52:22.357917 0.150385 tcp 10.0.2.109 54348 -> 195.113.214.211 443 SRPA* 0 0 41 34598 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:52:22.714897 2.960141 tcp 10.0.2.109 54349 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:52:31.599270 0.000000 tcp 10.0.2.109 54349 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/06 23:52:37.537348 0.528787 tcp 10.0.2.109 54350 -> 176.73.169.112 1959 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/02/06 23:55:31.619800 3.002864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/06 23:55:38.627544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:55:46.629278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:56:02.632389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/06 23:56:34.638592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:02:38.643841 3.001986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 00:02:45.651631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:02:53.652575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:03:09.656395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:03:41.662437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:09:45.668074 3.001674 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 00:09:52.677710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:10:00.676884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:10:16.684751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:10:48.696031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:16:52.702486 3.000842 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 00:16:59.710683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:17:07.718628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:17:23.714926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:17:55.721497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:22:28.222269 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 00:22:28.222370 0.000000 udp 10.0.2.109 3683 -> 70.113.214.19 3192 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 00:22:37.930858 0.667661 tcp 10.0.2.109 54351 -> 176.73.169.112 1959 FSPA* 0 0 15 1721 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:22:46.239043 0.031414 tcp 10.0.2.109 54352 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:22:46.270737 0.037166 tcp 10.0.2.109 54353 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:22:46.308208 0.137190 tcp 10.0.2.109 54354 -> 195.113.214.211 443 SRPA* 0 0 24 11930 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:22:46.446348 0.163453 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:46.604484 0.170274 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:46.762673 0.114944 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:46.856093 0.168768 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:47.005001 0.155736 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:47.226339 0.048474 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:47.431877 0.678379 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:48.076090 0.167705 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:48.577091 0.167339 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:48.723663 0.408211 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:49.111896 1.105078 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:49.996740 0.194097 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:50.182030 0.075669 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:50.449205 0.156703 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:50.727251 0.206138 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:50.905965 0.311661 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:51.312003 0.238099 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:51.512496 0.361922 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:51.874241 0.171233 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:52.090036 0.328308 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:52.417974 0.348701 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:52.762973 0.397784 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:53.138717 0.254173 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:53.357203 0.166510 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:22:53.518582 0.568121 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:23:59.727743 4.567944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 00:24:08.268328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:24:16.206540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:24:32.034619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:25:03.753716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:31:06.787762 2.992915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 00:31:13.791814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:31:21.768694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:31:37.775388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:32:09.778896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:38:13.785353 3.000340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 00:38:20.791677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:38:28.793040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:38:44.795639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:39:16.802285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:45:20.811127 3.008534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 00:45:27.825513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:45:35.831868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:45:51.829895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:46:23.836607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:52:38.595419 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 00:52:38.595520 0.528477 tcp 10.0.2.109 54355 -> 176.73.169.112 1959 FSPA* 0 0 14 1603 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:53:02.691525 0.102853 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:02.772573 0.172362 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:03.077334 0.163873 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:03.235999 0.168544 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:03.381555 0.147464 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:03.521266 0.049056 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:03.580784 0.168828 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:03.726663 4.888545 udp 10.0.2.109 3683 <-> 59.115.41.147 2346 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:08.579175 0.167949 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:08.579641 4.544560 tcp 10.0.2.109 54356 -> 59.115.41.147 9876 SPA_* 0 0 6 453 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:53:08.735301 0.409983 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:09.125956 1.388179 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:09.593994 0.189672 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:09.775542 0.075310 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:09.869810 0.157676 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:10.052696 0.207475 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:10.237520 0.341489 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:10.580659 0.309311 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:10.888669 0.236032 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 1984 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:11.085315 0.173842 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:11.256584 0.330660 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:11.588386 0.362755 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:11.947664 0.165615 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:12.114609 0.393282 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:12.487961 0.290225 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:12.743712 0.380644 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/07 00:53:17.657426 0.203671 tcp 10.0.2.109 54356 -> 59.115.41.147 9876 A_PA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:53:37.148911 0.200482 tcp 10.0.2.109 54356 -> 59.115.41.147 9876 A_PA 0 0 2 1524 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:53:51.621035 4.986174 tcp 10.0.2.109 54356 -> 59.115.41.147 9876 A_PA 0 0 10 6264 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:53:56.817432 0.000000 tcp 10.0.2.109 54356 -> 59.115.41.147 9876 A_ 0 0 1 54 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:54:14.367811 0.000401 tcp 10.0.2.109 54356 -> 59.115.41.147 9876 FA_F* 0 0 5 1322 flow=From-Botnet-V1-TCP-Established 1970/02/07 00:54:16.849656 3.001220 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 00:54:23.856612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:54:31.857644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:54:47.863381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 00:55:19.867023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:01:24.180005 2.995257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 01:01:31.180582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:01:39.182032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:01:55.185216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:02:27.194848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:08:31.198128 3.000877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 01:08:38.204677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:08:46.206317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:09:02.210641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:09:34.225815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:15:38.233420 3.001133 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 01:15:45.238485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:15:53.240031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:16:09.243462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:16:41.249818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:22:39.224488 0.000271 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:22:39.224885 0.654718 tcp 10.0.2.109 54357 -> 176.73.169.112 1959 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/02/07 01:22:45.267886 2.999288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 01:22:52.330235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:23:00.292312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:23:16.287027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:23:26.111946 0.108878 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:26.367018 2.998646 tcp 10.0.2.109 54358 -> 109.152.162.107 2875 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 01:23:26.367408 0.172859 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:26.517698 0.163041 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:26.674629 0.170098 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:26.820932 0.144404 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:27.013298 0.048417 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:27.258786 0.170483 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:27.403927 0.000000 udp 10.0.2.109 3683 -> 59.115.41.147 2346 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:23:30.941206 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:23:35.365828 0.000000 tcp 10.0.2.109 54358 -> 109.152.162.107 2875 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 01:23:45.721670 0.034200 tcp 10.0.2.109 54359 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 01:23:45.755618 0.054864 tcp 10.0.2.109 54360 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 01:23:45.810798 0.168336 tcp 10.0.2.109 54361 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/07 01:23:45.977408 0.169040 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:46.134682 0.409542 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:46.521250 0.706886 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2525 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:46.988012 0.194155 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:47.554036 0.070427 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:47.637352 0.156520 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:47.806924 0.205944 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:47.988113 0.342572 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:47.988541 3.008294 tcp 10.0.2.109 54362 -> 76.242.179.0 1308 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 01:23:48.294665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:23:48.479691 0.310852 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:48.789147 0.336855 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:49.169356 0.240198 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:49.369351 0.175138 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:49.541133 0.397333 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:50.102369 0.169460 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:50.360716 0.396623 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:50.736455 0.513744 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:51.215868 0.389724 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:23:57.000344 0.000000 tcp 10.0.2.109 54362 -> 76.242.179.0 1308 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 01:29:52.299520 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 01:29:59.306592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:30:07.307920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:30:23.315496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:30:55.316722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:36:59.399931 2.995672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 01:37:06.400763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:37:14.402080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:37:30.405157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:38:02.411402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:44:06.417482 3.001534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 01:44:13.610320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:44:21.534213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:44:37.439113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:45:09.445248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:52:39.883189 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:52:39.883304 0.513600 tcp 10.0.2.109 54363 -> 176.73.169.112 1959 FSPA* 0 0 15 1733 flow=From-Botnet-V1-TCP-Established 1970/02/07 01:53:34.490731 2.994929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 01:53:41.492140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:53:49.492955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:53:56.913773 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:53:56.913886 0.000000 udp 10.0.2.109 3683 -> 59.115.41.147 2346 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:54:05.495765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:54:15.862254 0.039087 tcp 10.0.2.109 54364 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 01:54:15.901650 0.055892 tcp 10.0.2.109 54365 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 01:54:15.957894 0.351317 tcp 10.0.2.109 54366 -> 195.113.214.211 443 SRPA* 0 0 56 37318 flow=From-Botnet-V1-TCP-Established 1970/02/07 01:54:16.309536 0.164490 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:16.468730 0.175789 rtp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:16.620617 0.151222 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:16.621040 3.004950 tcp 10.0.2.109 54367 -> 67.71.129.118 9603 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 01:54:16.891794 0.173190 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:17.042289 0.111100 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:17.151258 0.049070 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:17.351252 0.169182 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:17.500107 0.502068 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:17.952089 0.163133 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:18.104197 0.412816 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:18.495002 0.198261 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:18.686640 0.074452 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:19.390104 0.157065 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:19.554643 0.208221 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:19.738234 0.364814 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:20.327550 0.311397 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:20.678893 0.173863 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:20.849918 0.329951 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:21.179338 0.237196 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:21.375794 0.444890 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:21.816797 0.164280 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:21.971546 0.396332 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:22.349598 0.252227 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:22.568093 0.338963 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:23.025924 0.312158 udp 10.0.2.109 3683 <-> 67.71.129.118 9602 CON 0 0 8 3041 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:23.315208 0.303800 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3016 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:23.611208 0.318131 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 8 2864 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:23.923783 0.320591 udp 10.0.2.109 3683 <-> 65.94.151.44 5215 CON 0 0 8 3012 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:24.222275 0.183039 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 8 2957 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:24.383373 0.133057 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3278 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:24.582879 0.309435 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3097 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:24.869703 0.311256 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 8 3059 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:25.173217 0.869156 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 8 2852 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:25.625334 0.000000 tcp 10.0.2.109 54367 -> 67.71.129.118 9603 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 01:54:26.003188 0.371760 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 2879 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:26.368882 0.796512 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 8 3092 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:27.148181 0.160090 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 8 2915 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:27.293354 0.314973 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 8 3265 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:27.666978 0.686891 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 8 3228 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:28.424934 0.381370 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 8 3028 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:28.781931 0.329504 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3302 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:29.108777 0.619946 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 3036 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:29.752274 0.764416 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 8 2888 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:30.724352 0.446855 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 8 3099 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:31.128789 0.327576 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 8 2804 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:31.444098 0.698166 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 2978 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:32.138821 0.470039 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 8 3113 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:32.571872 0.764277 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 8 2756 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:33.320841 0.667880 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 8 3290 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:33.969699 0.000000 udp 10.0.2.109 3683 -> 50.199.159.137 2747 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:54:37.501979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 01:54:39.184525 0.115006 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 8 3202 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:39.398372 0.000000 udp 10.0.2.109 3683 -> 85.35.61.138 5057 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:54:46.114755 0.088283 rtp 10.0.2.109 3683 <-> 87.167.244.59 8279 CON 0 0 8 3094 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:54:46.313093 0.000000 udp 10.0.2.109 3683 -> 188.219.195.182 2989 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:54:54.969855 0.000000 udp 10.0.2.109 3683 -> 64.72.187.96 5454 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:55:00.004191 0.066096 udp 10.0.2.109 3683 -> 80.131.179.20 2022 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:55:00.070287 0.000000 icmp 80.131.179.20 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 284 flow=Background 1970/02/07 01:55:04.931235 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:55:07.124687 0.000000 udp 10.0.2.109 3683 -> 105.226.225.254 7002 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:55:15.316638 0.000000 udp 10.0.2.109 3683 -> 2.126.209.151 3129 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:55:23.718678 0.000000 udp 10.0.2.109 3683 -> 77.10.247.45 3056 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:55:29.217801 0.892645 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 8 2885 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:55:30.175594 0.000000 udp 10.0.2.109 3683 -> 78.14.195.188 7760 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:55:37.067380 0.000000 udp 10.0.2.109 3683 -> 109.255.143.38 1551 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:55:44.938996 4.706765 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 8 3011 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:55:49.935531 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:55:50.066357 0.000000 udp 10.0.2.109 3683 -> 182.71.123.230 5390 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:55:58.418288 0.000000 udp 10.0.2.109 3683 -> 217.91.73.172 5533 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:56:05.057735 0.533911 udp 10.0.2.109 3683 <-> 186.247.20.10 4652 CON 0 0 8 3124 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:56:06.071772 0.000000 udp 10.0.2.109 3683 -> 80.12.82.225 9366 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:56:12.258306 0.000000 udp 10.0.2.109 3683 -> 78.228.149.36 2445 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:56:17.525706 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:56:25.247102 0.118159 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3247 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:56:25.417186 0.482977 udp 10.0.2.109 3683 <-> 183.12.197.114 2465 CON 0 0 8 3131 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:56:25.939719 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:56:33.999608 0.000000 udp 10.0.2.109 3683 -> 91.39.99.5 9714 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:56:38.936509 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:56:41.830684 0.000000 udp 10.0.2.109 3683 -> 116.15.76.12 8875 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:56:50.332934 0.118005 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 8 3175 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:56:50.613842 0.000000 udp 10.0.2.109 3683 -> 194.126.9.186 4721 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:56:59.486479 0.000000 udp 10.0.2.109 3683 -> 94.67.213.177 5048 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:57:06.095485 0.000000 udp 10.0.2.109 3683 -> 203.45.119.254 3230 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:57:14.357622 0.000000 udp 10.0.2.109 3683 -> 95.253.224.5 7276 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:57:19.915478 0.000000 udp 10.0.2.109 3683 -> 61.18.97.96 6217 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:57:24.431981 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:57:27.576535 0.000000 udp 10.0.2.109 3683 -> 88.207.224.30 1012 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:57:34.937084 0.301624 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 8 2778 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:57:35.236073 0.000000 udp 10.0.2.109 3683 -> 120.63.245.52 7440 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:57:43.078359 0.000000 udp 10.0.2.109 3683 -> 182.68.119.190 3365 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:57:50.759879 0.000000 udp 10.0.2.109 3683 -> 81.186.0.58 4805 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:57:57.880236 0.000000 udp 10.0.2.109 3683 -> 177.224.254.88 1115 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:58:04.159145 0.000000 udp 10.0.2.109 3683 -> 89.129.226.124 8598 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:58:08.935493 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:58:10.157815 0.000000 udp 10.0.2.109 3683 -> 81.109.147.18 3206 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:58:16.016411 0.305234 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 8 3085 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:58:16.335043 0.415693 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 8 3176 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:58:16.759289 0.124749 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 8 3063 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:58:16.996528 0.000000 udp 10.0.2.109 3683 -> 87.193.194.242 4425 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:58:25.894804 0.000000 udp 10.0.2.109 3683 -> 82.189.216.74 5286 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:58:34.552725 0.000000 udp 10.0.2.109 3683 -> 79.29.222.51 2653 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:58:40.241124 0.000000 udp 10.0.2.109 3683 -> 139.194.47.31 5600 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:58:45.668356 0.000000 udp 10.0.2.109 3683 -> 125.194.232.171 8656 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:58:53.760653 0.066596 udp 10.0.2.109 3683 -> 109.99.230.157 9689 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:58:53.827249 0.000000 icmp 109.99.230.157 0x0303 -> 10.0.2.109 0xd925 URP 192 1 281 flow=Background 1970/02/07 01:58:58.436995 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:58:59.999182 0.117569 udp 10.0.2.109 3683 <-> 94.240.238.172 4017 CON 0 0 8 2859 flow=From-Botnet-V1-UDP-Established 1970/02/07 01:59:00.153326 0.000000 udp 10.0.2.109 3683 -> 95.242.237.205 4596 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:59:09.062553 0.000000 udp 10.0.2.109 3683 -> 79.186.134.113 8949 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:59:16.004152 0.000000 udp 10.0.2.109 3683 -> 196.41.234.130 4795 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:59:24.819839 0.000000 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:59:30.643549 0.000000 udp 10.0.2.109 3683 -> 37.232.50.126 4810 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:59:36.111522 0.000000 udp 10.0.2.109 3683 -> 79.5.150.126 9996 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:59:41.529395 0.000000 udp 10.0.2.109 3683 -> 79.33.245.21 8149 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:59:46.436002 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 01:59:49.783177 0.000000 udp 10.0.2.109 3683 -> 84.12.143.200 4597 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 01:59:56.430843 0.000000 udp 10.0.2.109 3683 -> 176.249.143.138 5088 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:00:02.479690 0.000000 udp 10.0.2.109 3683 -> 82.107.80.169 7820 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:00:09.829760 0.191993 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 8 3022 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:00:10.089881 0.000000 udp 10.0.2.109 3683 -> 182.3.122.218 4477 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:00:16.599577 0.000000 udp 10.0.2.109 3683 -> 213.121.207.90 4392 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:00:23.481831 0.000000 udp 10.0.2.109 3683 -> 194.78.30.141 7496 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:00:28.686742 0.197961 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 8 2961 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:00:28.913454 0.304795 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 8 3050 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:00:29.274243 0.135392 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 8 2941 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:00:29.461777 0.073289 udp 10.0.2.109 3683 -> 89.120.110.18 1974 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:00:29.535066 0.000000 icmp 89.120.110.18 0x0303 -> 10.0.2.109 0xb607 URP 192 1 235 flow=Background 1970/02/07 02:00:33.434739 0.000148 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 02:00:38.301389 0.000000 udp 10.0.2.109 3683 -> 99.90.127.94 2788 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:00:41.553490 2.995867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 02:00:45.421039 0.133220 udp 10.0.2.109 3683 <-> 86.129.43.140 5838 CON 0 0 8 3218 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:00:45.579592 0.000000 udp 10.0.2.109 3683 -> 79.45.175.227 1111 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:00:48.555153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:00:53.152907 0.000000 udp 10.0.2.109 3683 -> 80.177.161.100 2654 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:00:56.556438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:00:58.300295 0.000000 udp 10.0.2.109 3683 -> 182.52.235.31 3206 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:01:06.401377 0.000000 udp 10.0.2.109 3683 -> 176.35.215.154 8769 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:01:12.559953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:01:15.183784 0.000000 udp 10.0.2.109 3683 -> 81.159.163.50 6691 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:01:19.930356 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 02:01:23.045299 0.000000 udp 10.0.2.109 3683 -> 94.53.38.48 2365 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:01:28.334882 0.000000 udp 10.0.2.109 3683 -> 162.39.153.226 6059 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:01:35.003664 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:01:40.500068 0.142780 rtp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 8 3218 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:01:40.678033 0.000000 udp 10.0.2.109 3683 -> 186.45.156.133 5528 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:01:44.570606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:01:47.940925 0.862426 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 3264 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:01:49.188475 0.092597 udp 10.0.2.109 3683 <-> 80.48.154.187 2934 CON 0 0 8 2860 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:01:49.354458 0.000000 udp 10.0.2.109 3683 -> 95.250.42.70 5104 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:01:56.007651 0.000000 udp 10.0.2.109 3683 -> 151.42.55.111 2048 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:02:01.029899 0.353900 udp 10.0.2.109 3683 -> 87.23.140.130 1027 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:02:01.383799 0.000000 icmp 87.23.140.130 0x0303 -> 10.0.2.109 0x0304 URP 192 1 211 flow=Background 1970/02/07 02:02:05.936579 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 02:02:07.709483 0.000000 udp 10.0.2.109 3683 -> 93.70.70.169 6582 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:02:14.408926 0.000000 udp 10.0.2.109 3683 -> 78.110.64.100 5397 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:02:22.507526 0.000000 udp 10.0.2.109 3683 -> 77.69.3.156 5793 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:02:30.140011 0.000000 udp 10.0.2.109 3683 -> 109.101.232.78 7321 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:02:38.418548 0.000000 udp 10.0.2.109 3683 -> 94.86.169.242 4073 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:02:43.481948 0.457844 udp 10.0.2.109 3683 <-> 99.185.6.130 3526 CON 0 0 8 3010 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:02:44.389622 0.000000 udp 10.0.2.109 3683 -> 176.241.186.241 7596 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:02:49.629594 0.320708 udp 10.0.2.109 3683 -> 62.103.174.155 7212 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:02:49.950302 0.000000 icmp 62.103.174.155 0x0303 -> 10.0.2.109 0x2c1c URP 192 1 284 flow=Background 1970/02/07 02:02:54.582715 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 02:02:56.287961 0.000000 udp 10.0.2.109 3683 -> 213.135.242.168 2435 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:03:01.852791 0.447693 udp 10.0.2.109 3683 <-> 117.194.250.110 6423 CON 0 0 3 795 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:03:07.461583 0.000000 udp 10.0.2.109 3683 -> 79.126.231.244 2459 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:03:14.805974 0.000000 udp 10.0.2.109 3683 -> 195.91.157.11 1954 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:03:21.144860 0.326950 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 2931 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:03:21.511662 0.712358 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 8 2905 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:03:22.368934 0.327166 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 8 3008 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:03:22.855617 0.732786 rtp 10.0.2.109 3683 <-> 115.244.234.123 6794 CON 0 0 8 3206 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:03:23.604336 0.781250 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 8 2976 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:03:24.511252 0.000000 udp 10.0.2.109 3683 -> 212.95.252.147 6485 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:03:30.388095 0.000000 udp 10.0.2.109 3683 -> 131.191.38.85 5603 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:03:37.328235 0.000000 udp 10.0.2.109 3683 -> 41.133.246.102 9181 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:03:41.936599 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 02:03:44.739119 0.000000 udp 10.0.2.109 3683 -> 217.92.79.27 8842 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:03:52.390140 0.000000 udp 10.0.2.109 3683 -> 70.116.99.151 3319 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:04:00.030886 0.000000 udp 10.0.2.109 3683 -> 46.44.202.7 8868 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:04:07.391206 0.000000 udp 10.0.2.109 3683 -> 188.192.121.226 4904 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:04:12.909277 0.000000 udp 10.0.2.109 3683 -> 193.188.47.35 1472 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:04:19.570629 0.000000 udp 10.0.2.109 3683 -> 87.25.56.218 8783 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:04:28.141170 0.000000 udp 10.0.2.109 3683 -> 74.7.26.138 2795 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:04:32.937842 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 02:04:35.141295 0.000000 udp 10.0.2.109 3683 -> 212.170.181.111 7837 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:04:43.317853 0.000000 udp 10.0.2.109 3683 -> 188.9.177.206 1320 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:04:50.593647 0.000000 udp 10.0.2.109 3683 -> 70.51.223.23 7503 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:04:56.689951 0.000000 udp 10.0.2.109 3683 -> 79.42.250.26 7590 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:07:52.577864 3.001575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 02:07:59.585296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:08:07.586115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:08:23.589594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:08:55.595493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:15:08.604995 3.000903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 02:15:15.612257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:15:23.613424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:15:39.616161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:16:11.623988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:22:15.627916 3.002545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 02:22:22.636450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:22:30.637424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:22:40.401903 0.000211 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 02:22:40.402236 0.529499 tcp 10.0.2.109 54368 -> 176.73.169.112 1959 FSPA* 0 0 15 1587 flow=From-Botnet-V1-TCP-Established 1970/02/07 02:22:46.641320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:23:18.646132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:29:22.652906 3.000962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 02:29:29.660130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:29:37.662458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:29:53.663819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:30:25.670518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:35:05.863691 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 02:35:05.863794 0.163245 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:06.022092 0.148037 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:06.022465 2.995303 tcp 10.0.2.109 54369 -> 70.88.72.57 7429 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 02:35:06.187786 0.048852 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:06.436519 0.107295 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:07.145571 0.167757 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:07.290553 0.161404 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:07.767424 0.568530 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:08.235089 0.188280 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:08.559837 0.075461 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:08.615616 0.410099 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:09.089702 0.154599 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:09.475871 0.337717 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:09.962422 0.205136 rtp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:10.144161 0.172664 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:10.778273 0.311554 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:11.227227 0.344942 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:11.571061 0.240671 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:11.769139 0.167072 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:12.371134 0.353025 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:12.720410 0.244485 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:12.932709 0.389270 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:13.301850 0.339842 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:13.624341 0.057043 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:13.882774 0.046620 udp 10.0.2.109 3683 <-> 87.167.244.59 8279 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:13.925726 0.173049 rtp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:14.147013 0.226114 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:14.365442 0.280821 udp 10.0.2.109 3683 <-> 186.247.20.10 4652 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:14.617183 0.067568 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:14.921055 0.000000 udp 10.0.2.109 3683 -> 183.12.197.114 2465 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 02:35:15.026741 0.000000 tcp 10.0.2.109 54369 -> 70.88.72.57 7429 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 02:35:30.129501 0.031296 tcp 10.0.2.109 54370 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 02:35:30.161090 0.032770 tcp 10.0.2.109 54371 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 02:35:30.194160 0.146992 tcp 10.0.2.109 54372 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/07 02:35:30.341811 0.063532 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:30.391237 0.161810 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:30.391641 4.995798 tcp 10.0.2.109 54373 -> 78.50.25.10 3674 SPA_* 0 0 839 614768 flow=From-Botnet-V1-TCP-Established 1970/02/07 02:35:30.530094 0.160293 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2035 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:30.682034 0.317293 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:30.982760 0.214342 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 1972 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:31.466890 0.059027 udp 10.0.2.109 3683 <-> 94.240.238.172 4017 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:31.566275 0.120976 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:31.649594 0.099174 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:31.905466 0.151252 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:32.055440 0.059251 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:32.293300 0.073660 udp 10.0.2.109 3683 <-> 86.129.43.140 5838 CON 0 0 6 2546 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:32.350484 0.056588 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:32.470520 0.420792 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:32.889897 0.050080 rtp 10.0.2.109 3683 <-> 80.48.154.187 2934 CON 0 0 6 1955 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:33.044429 0.233485 udp 10.0.2.109 3683 <-> 99.185.6.130 3526 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:33.368540 0.372999 udp 10.0.2.109 3683 <-> 117.194.250.110 6423 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:33.718317 0.176289 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:34.111673 0.117513 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:34.187669 0.166554 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:34.347992 0.402806 udp 10.0.2.109 3683 <-> 115.244.234.123 6794 CON 0 0 6 2616 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:34.661222 0.308191 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/07 02:35:35.399095 2.026574 tcp 10.0.2.109 54373 -> 78.50.25.10 3674 FPA_* 0 0 72 48435 flow=From-Botnet-V1-TCP-Established 1970/02/07 02:36:29.686469 3.001555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 02:36:36.693813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:36:44.695113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:37:00.698525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:37:32.704730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:43:36.710888 3.001061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 02:43:43.717773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:43:51.719106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:44:07.722322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:44:39.728995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:50:43.736938 2.998959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 02:50:50.744802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:50:58.743231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:51:14.746451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:51:46.752146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:52:40.940424 0.000206 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 02:52:40.940732 0.650766 tcp 10.0.2.109 54374 -> 176.73.169.112 1959 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/02/07 02:57:50.760271 2.999560 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 02:57:58.233263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:58:06.137922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:58:21.956059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 02:58:53.786491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:05:21.796711 3.064116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 03:05:28.844320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:05:36.816321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:05:49.213834 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 03:05:49.213991 0.000000 udp 10.0.2.109 3683 -> 183.12.197.114 2465 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 03:05:52.828671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:06:07.027856 0.055112 tcp 10.0.2.109 54375 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:06:07.082783 0.035951 tcp 10.0.2.109 54376 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:06:07.119058 0.142683 tcp 10.0.2.109 54377 -> 195.113.214.211 443 SRPA* 0 0 43 23406 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:06:07.553995 0.047778 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:07.979168 0.162270 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:08.135440 0.150911 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:08.367051 0.171809 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:08.515766 0.168530 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:08.674427 0.111202 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:08.878010 0.595989 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:09.334724 0.190625 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:09.518252 0.083136 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:09.876787 0.344572 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:10.346716 0.418079 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:10.745989 0.154549 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:11.002653 0.210354 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:11.190344 0.172480 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:11.358582 0.241794 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:11.556766 0.316450 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:11.910768 0.321578 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:12.231844 0.348998 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:12.619422 0.250274 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:12.832538 0.171367 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:13.043483 0.389132 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:13.411066 0.000000 udp 10.0.2.109 3683 -> 87.167.244.59 8279 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 03:06:24.834621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:06:31.264746 0.054530 tcp 10.0.2.109 54378 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:06:31.319579 0.038156 tcp 10.0.2.109 54379 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:06:31.358065 0.134544 tcp 10.0.2.109 54380 -> 195.113.214.211 443 SRPA* 0 0 42 35858 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:06:31.493352 0.349273 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:31.822711 0.057153 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:31.984326 0.279970 udp 10.0.2.109 3683 <-> 186.247.20.10 4652 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:32.232316 0.066647 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:32.468891 0.230512 rtp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:32.692074 0.176111 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:32.843434 0.163010 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:33.015661 0.063716 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:33.065322 0.163288 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:33.766029 0.059003 udp 10.0.2.109 3683 <-> 94.240.238.172 4017 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:34.200795 0.115545 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:34.279163 0.098470 rtp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:34.421266 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 03:06:51.533945 0.045244 tcp 10.0.2.109 54381 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:06:51.579508 0.038781 tcp 10.0.2.109 54382 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:06:51.618601 0.144167 tcp 10.0.2.109 54383 -> 195.113.214.211 443 SRPA* 0 0 42 23682 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:06:51.763279 0.218279 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:51.960687 0.198169 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:52.325459 0.063263 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:52.373068 0.070759 udp 10.0.2.109 3683 <-> 86.129.43.140 5838 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:52.554549 0.057288 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:52.734952 0.333404 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:53.114502 0.355593 udp 10.0.2.109 3683 <-> 117.194.250.110 6423 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:53.449730 0.045499 udp 10.0.2.109 3683 <-> 80.48.154.187 2934 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:06:53.602368 0.000000 udp 10.0.2.109 3683 -> 99.185.6.130 3526 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 03:07:08.718934 0.033948 tcp 10.0.2.109 54384 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:07:08.753145 0.040401 tcp 10.0.2.109 54385 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:07:08.793916 0.148116 tcp 10.0.2.109 54386 -> 195.113.214.211 443 SRPA* 0 0 43 23368 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:07:08.941720 0.158416 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:07:09.086668 0.468442 udp 10.0.2.109 3683 <-> 115.244.234.123 6794 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:07:09.581923 0.172668 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 1978 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:07:09.725426 0.110280 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:07:09.927719 0.371815 rtp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:12:30.844500 3.035847 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 03:12:37.865672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:12:45.862721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:13:01.865578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:13:33.871726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:19:42.885401 3.000953 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 03:19:49.892355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:19:57.893655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:20:13.896945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:20:45.902808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:22:41.599815 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 03:22:41.599922 0.763230 tcp 10.0.2.109 54387 -> 176.73.169.112 1959 FSPA* 0 0 14 1504 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:26:53.914434 3.002018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 03:27:00.923164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:27:08.923598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:27:24.936127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:27:56.933013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:34:00.938414 3.002006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 03:34:07.945831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:34:15.947377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:34:31.951837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:35:03.956755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:37:11.791145 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 03:37:11.791274 0.000000 udp 10.0.2.109 3683 -> 87.167.244.59 8279 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 03:37:28.005674 0.054377 tcp 10.0.2.109 54388 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:37:28.060384 0.033502 tcp 10.0.2.109 54389 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:37:28.094249 0.127699 tcp 10.0.2.109 54390 -> 195.113.214.211 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:37:28.222255 0.071603 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:28.277177 0.000000 udp 10.0.2.109 3683 -> 99.185.6.130 3526 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 03:37:46.455692 0.031614 tcp 10.0.2.109 54391 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:37:46.487629 0.053799 tcp 10.0.2.109 54392 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:37:46.541792 0.159803 tcp 10.0.2.109 54393 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:37:46.702186 0.048249 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:46.900062 0.162569 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:47.251859 0.440002 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:47.552589 0.169258 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:47.715008 0.167462 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:47.923337 0.114314 rtp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:48.196204 0.829049 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:48.785995 0.188412 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:49.213967 0.071184 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:49.270993 0.340232 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 1996 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:49.678503 0.406810 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:50.069419 0.154846 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:50.600898 0.173688 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:50.771984 0.210305 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:50.958309 0.240679 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:51.365524 0.383668 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:51.948226 0.345600 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:52.503676 0.351219 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:52.850807 0.249385 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:53.318946 0.166877 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:53.473440 0.391444 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:53.847183 0.092705 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:54.212094 0.280721 udp 10.0.2.109 3683 <-> 186.247.20.10 4652 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:54.463929 0.057470 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:54.709198 0.349868 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:55.353108 0.157267 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:55.502404 0.064720 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:55.757987 0.160609 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:55.895050 0.251048 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:56.137853 0.175167 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:56.315770 0.059197 udp 10.0.2.109 3683 <-> 94.240.238.172 4017 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:56.411269 0.098797 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:56.678589 0.342274 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:56.982668 0.217057 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:57.276794 0.069428 udp 10.0.2.109 3683 <-> 86.129.43.140 5838 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:57.358396 0.058241 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:57.421643 0.365040 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:57.882341 0.056960 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:57.958166 0.152805 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:37:58.109544 0.000000 udp 10.0.2.109 3683 -> 80.48.154.187 2934 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 03:38:14.595276 0.031711 tcp 10.0.2.109 54394 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:38:14.627294 0.053527 tcp 10.0.2.109 54395 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:38:14.681131 0.145116 tcp 10.0.2.109 54396 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:38:14.826755 0.000000 udp 10.0.2.109 3683 -> 117.194.250.110 6423 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 03:38:30.926864 0.052845 tcp 10.0.2.109 54397 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:38:30.980032 0.056825 tcp 10.0.2.109 54398 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:38:31.036733 0.138181 tcp 10.0.2.109 54399 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:38:31.173323 0.173658 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:38:31.323610 0.115070 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:38:32.134551 0.466079 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:38:32.549499 0.000000 udp 10.0.2.109 3683 -> 115.244.234.123 6794 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 03:38:47.769687 0.052438 tcp 10.0.2.109 54400 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:38:47.822426 0.040990 tcp 10.0.2.109 54401 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:38:47.863777 0.126946 tcp 10.0.2.109 54402 -> 195.113.214.211 443 SRPA* 0 0 23 12930 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:38:47.991312 0.174019 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 03:41:07.965295 2.998695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 03:41:14.970275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:41:22.974917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:41:38.974385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:42:10.980682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:48:14.987011 3.000980 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 03:48:21.993980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:48:29.995466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:48:45.998466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:49:18.004450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:52:42.368574 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 03:52:42.368693 0.841459 tcp 10.0.2.109 54403 -> 176.73.169.112 1959 FSPA* 0 0 15 1590 flow=From-Botnet-V1-TCP-Established 1970/02/07 03:55:47.016678 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 03:55:54.023687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:56:02.025219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:56:18.028629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 03:56:50.034417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:02:54.040655 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 04:03:01.048539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:03:09.049459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:03:25.053289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:03:57.059175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:09:15.737160 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 04:09:15.737262 0.000000 udp 10.0.2.109 3683 -> 80.48.154.187 2934 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:09:32.012233 0.032721 tcp 10.0.2.109 54404 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:09:32.045286 0.036499 tcp 10.0.2.109 54405 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:09:32.082240 0.152633 tcp 10.0.2.109 54406 -> 195.113.214.211 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:09:32.234358 0.000000 udp 10.0.2.109 3683 -> 117.194.250.110 6423 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:09:50.397474 0.054118 tcp 10.0.2.109 54407 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:09:50.451978 0.055713 tcp 10.0.2.109 54408 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:09:50.508038 0.170173 tcp 10.0.2.109 54409 -> 195.113.214.211 443 SRPA* 0 0 45 27344 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:09:50.676826 0.000000 udp 10.0.2.109 3683 -> 115.244.234.123 6794 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:10:01.064535 3.001318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 04:10:06.470701 0.053182 tcp 10.0.2.109 54410 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:10:06.524192 0.034865 tcp 10.0.2.109 54411 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:10:06.559426 0.132008 tcp 10.0.2.109 54412 -> 195.113.214.211 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:10:06.691620 0.072010 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:06.745798 0.048787 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:06.975789 0.163918 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:07.231808 0.169772 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:07.378653 0.178084 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:07.533202 0.165771 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:07.721709 0.765328 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:08.071832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:10:08.267914 0.113152 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:08.412846 0.188628 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:08.620616 0.344828 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:09.075228 0.080135 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:09.135462 0.159893 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:09.451840 0.171971 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:09.620978 0.407750 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:10.010447 0.238635 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:10.252576 0.209693 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:10.439304 0.408512 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:10.998917 0.348793 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:11.343936 0.329653 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:11.672638 0.248273 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:11.884060 0.394131 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:12.258457 0.167113 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:12.415530 0.000000 udp 10.0.2.109 3683 -> 186.247.20.10 4652 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:10:16.073262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:10:28.882204 0.034139 tcp 10.0.2.109 54413 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:10:28.916646 0.059690 tcp 10.0.2.109 54414 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:10:28.976123 0.132542 tcp 10.0.2.109 54415 -> 195.113.214.211 443 SRPA* 0 0 70 69958 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:10:29.109376 0.058232 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:29.317387 0.077454 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:29.379768 0.161974 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:29.577111 0.156961 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:29.726495 0.491758 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:30.336684 0.071812 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:30.392832 0.000000 udp 10.0.2.109 3683 -> 94.240.238.172 4017 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:10:32.075803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:10:49.081967 0.035464 tcp 10.0.2.109 54416 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:10:49.117248 0.032785 tcp 10.0.2.109 54417 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:10:49.150323 0.150860 tcp 10.0.2.109 54418 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:10:49.301826 0.175414 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:49.454001 0.098137 udp 10.0.2.109 3683 <-> 31.192.30.72 1715 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:49.644353 0.265093 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:49.901751 0.345609 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:50.520726 0.057389 rtp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:50.692477 0.073905 rtp 10.0.2.109 3683 <-> 86.129.43.140 5838 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:50.754708 0.120540 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:50.926320 0.216442 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:51.122622 0.154742 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2571 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:51.361652 0.064651 rtp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:51.409692 0.190084 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 1981 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:51.564871 0.118064 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:51.832634 0.406675 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:10:52.204388 0.173778 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:11:04.245835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:17:08.088970 3.000897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 04:17:15.096863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:17:23.097479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:17:39.100431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:18:11.106341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:22:43.218382 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 04:22:43.218487 1.132362 tcp 10.0.2.109 54419 -> 176.73.169.112 1959 FSPA* 0 0 14 1637 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:24:17.116512 3.002450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 04:24:24.122610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:24:32.125734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:24:48.127016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:25:20.133248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:31:24.140839 3.000736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 04:31:31.146047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:31:39.149354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:31:55.151087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:32:27.157925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:38:31.164604 3.000095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 04:38:38.170662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:38:46.172996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:39:02.174956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:39:34.181074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:40:58.112073 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 04:40:58.112174 0.000000 udp 10.0.2.109 3683 -> 186.247.20.10 4652 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:41:13.666339 0.037043 tcp 10.0.2.109 54420 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:41:13.703754 0.069337 tcp 10.0.2.109 54421 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:41:13.773405 0.133577 tcp 10.0.2.109 54422 -> 195.113.214.211 443 SRPA* 0 0 25 13482 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:41:13.907535 0.000000 udp 10.0.2.109 3683 -> 94.240.238.172 4017 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:41:30.088050 0.052548 tcp 10.0.2.109 54423 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:41:30.141341 0.053526 tcp 10.0.2.109 54424 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:41:30.195178 0.153884 tcp 10.0.2.109 54425 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:41:30.347952 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:41:45.640789 0.034226 tcp 10.0.2.109 54426 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:41:45.675332 0.053209 tcp 10.0.2.109 54427 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:41:45.728809 0.149539 tcp 10.0.2.109 54428 -> 195.113.214.211 443 SRPA* 0 0 36 28468 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:41:45.879090 0.047139 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:45.992472 0.167137 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:46.152593 0.170714 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:46.299706 0.164133 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:46.470666 0.253762 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:46.626644 0.188582 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:46.821953 0.111097 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2024 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:46.910528 0.681014 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:47.372872 0.174764 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:47.545015 0.336382 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:48.754492 0.157147 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:49.130469 0.076767 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:49.234188 0.239485 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:49.433407 0.407945 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:49.845509 0.207886 rtp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:50.030689 0.450211 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:50.516569 0.404166 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:51.050464 0.166292 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:51.204213 0.413626 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:51.537254 0.329263 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:51.875984 0.390000 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:52.242284 0.064878 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:52.550439 0.062495 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:52.730737 0.159002 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:52.866836 0.064470 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:53.006304 0.157782 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:53.156129 0.349565 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:41:53.486407 0.000000 udp 10.0.2.109 3683 -> 99.137.240.98 4256 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:42:09.685474 0.033953 tcp 10.0.2.109 54429 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:42:09.719242 0.033168 tcp 10.0.2.109 54430 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:42:09.752732 0.155682 tcp 10.0.2.109 54431 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:42:09.996535 0.175231 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:10.149348 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:42:25.558131 0.031487 tcp 10.0.2.109 54432 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:42:25.589397 0.061765 tcp 10.0.2.109 54433 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:42:25.650992 0.187298 tcp 10.0.2.109 54434 -> 195.113.214.211 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:42:25.839041 0.338201 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:26.372397 0.057983 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:26.659901 0.000000 udp 10.0.2.109 3683 -> 86.129.43.140 5838 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 04:42:43.433943 0.032086 tcp 10.0.2.109 54435 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:42:43.465851 0.032335 tcp 10.0.2.109 54436 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:42:43.498439 0.148461 tcp 10.0.2.109 54437 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:42:43.647377 0.584695 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:44.193860 0.218482 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:44.391749 0.154864 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:44.545177 0.065100 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:44.632772 0.191207 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:44.894012 0.107128 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:44.962536 1.145124 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:42:46.032351 0.178809 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/07 04:45:38.187550 3.000594 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 04:45:45.194984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:45:53.195628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:46:09.199173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:46:41.205145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:52:44.357613 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 04:52:44.357812 0.921231 tcp 10.0.2.109 54438 -> 176.73.169.112 1959 FSPA* 0 0 15 1631 flow=From-Botnet-V1-TCP-Established 1970/02/07 04:54:29.221559 3.000528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 04:54:36.228331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:54:44.229794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:55:00.232024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 04:55:32.238538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:01:59.258023 3.001320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 05:02:06.265238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:02:14.272485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:02:30.271657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:03:02.275656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:09:25.289587 3.003014 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 05:09:32.296494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:09:40.300293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:09:56.300841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:10:28.308725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:13:12.413593 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 05:13:12.413708 0.077351 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:13:12.473605 0.000000 udp 10.0.2.109 3683 -> 99.137.240.98 4256 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 05:13:29.569764 0.032731 tcp 10.0.2.109 54439 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:13:29.602852 0.057436 tcp 10.0.2.109 54440 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:13:29.660144 0.161883 tcp 10.0.2.109 54441 -> 195.113.214.211 443 SRPA* 0 0 74 70174 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:13:29.821003 0.000000 udp 10.0.2.109 3683 -> 31.192.30.72 1715 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 05:13:47.526786 0.036680 tcp 10.0.2.109 54442 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:13:47.563246 0.034063 tcp 10.0.2.109 54443 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:13:47.597591 0.130372 tcp 10.0.2.109 54444 -> 195.113.214.211 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:13:47.728818 0.000000 udp 10.0.2.109 3683 -> 86.129.43.140 5838 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 05:14:02.865778 0.065440 tcp 10.0.2.109 54445 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:14:02.931494 0.053886 tcp 10.0.2.109 54446 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:14:02.985796 0.140713 tcp 10.0.2.109 54447 -> 195.113.214.211 443 SRPA* 0 0 83 70660 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:14:03.124925 0.048489 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:03.477334 0.193156 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:03.662465 0.113707 udp 10.0.2.109 3683 <-> 109.152.162.107 4971 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:04.023289 0.146019 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:04.161562 0.164692 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:04.318919 0.160729 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:04.732234 0.170236 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:04.879081 0.172962 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:05.509139 0.667799 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:05.958802 0.156941 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:06.375968 0.341373 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:06.718962 0.410591 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:07.108792 0.237917 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:07.470957 0.074393 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:07.566263 0.379543 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:07.942265 0.207796 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:08.127763 0.407775 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:08.778272 0.336155 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:09.113719 0.307486 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:09.626565 0.161077 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:10.005655 0.396445 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:10.571519 0.057943 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:10.806242 0.162717 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:10.945836 0.069969 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:11.056010 0.158484 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:11.575366 0.345351 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:11.901774 0.067378 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:12.076744 0.176411 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:12.231113 0.059821 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:12.383538 0.385740 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:12.994880 0.218479 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:13.209451 0.154583 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:13.441094 0.063301 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:13.507097 0.204608 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:13.917210 0.840854 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:14.720619 0.118181 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:15.226327 1.230821 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:14:16.414855 0.180050 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:16:32.313967 3.000957 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 05:16:39.320133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:16:47.321783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:17:03.326889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:17:35.341042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:22:45.290225 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 05:22:45.290345 0.744053 tcp 10.0.2.109 54448 -> 176.73.169.112 1959 FSPA* 0 0 15 1734 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:23:39.351700 2.996804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 05:23:46.355621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:23:54.356065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:24:10.358763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:24:42.368339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:30:46.377075 2.995882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 05:30:53.378566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:31:01.380305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:31:17.382836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:31:49.389343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:37:53.394492 3.002088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 05:38:00.402584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:38:08.403775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:38:24.406913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:38:56.412851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:44:41.900214 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 05:44:41.900443 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 05:45:00.420351 3.373569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 05:45:01.212716 0.035067 tcp 10.0.2.109 54449 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:45:01.248208 0.033146 tcp 10.0.2.109 54450 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:45:01.281717 0.150985 tcp 10.0.2.109 54451 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:45:01.431429 0.049504 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:02.040925 0.192569 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:02.225638 0.000000 udp 10.0.2.109 3683 -> 109.152.162.107 4971 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 05:45:07.762296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:45:15.693066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:45:21.066504 0.073935 tcp 10.0.2.109 54452 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:45:21.140737 0.034932 tcp 10.0.2.109 54453 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:45:21.175501 0.149476 tcp 10.0.2.109 54454 -> 195.113.214.211 443 SRPA* 0 0 42 35428 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:45:21.325633 0.456754 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:21.771798 0.164007 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:21.924876 0.164967 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:22.082420 0.170384 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:22.228951 0.172700 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:22.399117 0.705664 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:22.865662 0.157785 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:23.053202 0.342241 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:23.396997 0.408563 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:23.781783 0.350162 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:24.128648 0.207297 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:24.313642 0.240475 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:24.514347 0.070867 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:24.578034 0.402695 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:24.979305 0.337308 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:25.316026 0.257292 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:25.528878 0.166844 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:25.702704 0.387242 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:26.069013 0.059491 rtp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:26.139540 0.161163 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:26.277522 0.066589 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:26.338638 0.162463 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:26.493261 0.177712 rtp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:26.646977 0.056970 rtp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:26.745408 0.344447 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:27.113605 0.065131 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:27.164482 0.438192 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:27.618772 0.218732 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:27.815663 0.188118 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:27.972900 0.153048 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:28.124425 0.057500 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:28.175186 0.259487 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:28.448810 0.109248 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:28.517751 0.446944 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:28.914935 0.179937 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/07 05:45:31.603251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:46:03.446948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:52:46.036166 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 05:52:46.036273 0.680462 tcp 10.0.2.109 54455 -> 176.73.169.112 1959 FSPA* 0 0 14 1630 flow=From-Botnet-V1-TCP-Established 1970/02/07 05:54:11.461270 3.001415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 05:54:18.468418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:54:26.469813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:54:42.473119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 05:55:14.479056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:01:27.498762 3.000875 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 06:01:34.505388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:01:42.507262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:01:58.510814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:02:30.529615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:08:58.542323 2.996366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 06:09:05.543797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:09:13.545249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:09:29.548395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:10:01.553930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:15:49.872638 0.000166 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 06:15:49.872911 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 06:16:05.562276 3.003898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 06:16:06.401272 0.053160 tcp 10.0.2.109 54456 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:16:06.454757 0.053955 tcp 10.0.2.109 54457 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:16:06.508988 0.322841 tcp 10.0.2.109 54458 -> 195.113.214.211 443 SRPA* 0 0 27 11834 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:16:06.831244 0.000000 udp 10.0.2.109 3683 -> 109.152.162.107 4971 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 06:16:12.570257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:16:20.572539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:16:23.257134 0.052575 tcp 10.0.2.109 54459 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:16:23.310039 0.055992 tcp 10.0.2.109 54460 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:16:23.365868 0.152542 tcp 10.0.2.109 54461 -> 195.113.214.211 443 SRPA* 0 0 58 39616 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:16:23.517078 0.050169 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:23.988978 0.192377 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:24.401484 0.189461 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:24.896443 0.374897 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:25.166153 0.206363 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:25.539106 0.170520 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:25.750443 0.176800 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 1985 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:25.924707 1.277592 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:26.383411 0.157535 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:26.670604 0.406662 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:27.677563 0.340747 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:28.130590 0.408593 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:28.517575 0.078400 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:29.313443 0.396507 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:29.763036 0.212066 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:29.947905 0.238635 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:30.628421 0.329999 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:31.147000 0.000000 udp 10.0.2.109 3683 -> 75.48.14.191 8955 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 06:16:36.572790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:16:47.830894 0.056906 tcp 10.0.2.109 54462 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:16:47.887654 0.059816 tcp 10.0.2.109 54463 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:16:47.947821 0.206424 tcp 10.0.2.109 54464 -> 195.113.214.211 443 SRPA* 0 0 59 37944 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:16:48.152473 0.175306 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:48.340524 0.384806 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:48.705757 0.058067 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:48.791282 0.156960 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:48.941032 0.173773 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:16:49.259727 0.000000 udp 10.0.2.109 3683 -> 93.177.176.251 7216 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 06:17:06.436116 0.059476 tcp 10.0.2.109 54465 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:17:06.495942 0.062868 tcp 10.0.2.109 54466 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:17:06.559232 0.147852 tcp 10.0.2.109 54467 -> 195.113.214.211 443 SRPA* 0 0 28 11890 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:17:06.705690 0.359424 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:07.045496 0.426314 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:07.449326 0.064877 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:07.578367 0.068068 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:07.631087 0.378573 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:08.022767 0.215932 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:08.220372 0.204914 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:08.373436 0.151900 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:08.578448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:17:08.853935 0.112710 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:08.924310 0.454059 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2578 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:09.331830 0.177081 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:09.703261 0.059231 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:17:09.745772 0.144041 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:22:46.725162 0.103142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 06:22:46.828542 0.621446 tcp 10.0.2.109 54468 -> 176.73.169.112 1959 FSPA* 0 0 14 1743 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:23:12.584811 3.001037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 06:23:19.591794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:23:27.820157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:23:43.679549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:24:15.612123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:30:19.618749 3.001132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 06:30:26.625308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:30:34.627481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:30:50.640411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:31:22.646475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:37:26.652695 3.001172 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 06:37:33.659632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:37:41.661333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:37:57.664444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:38:29.670501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:44:33.678340 3.000218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 06:44:40.683630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:44:49.044555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:45:04.907581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:45:36.704281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:47:15.857129 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 06:47:15.857307 0.758542 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:16.550260 0.000000 udp 10.0.2.109 3683 -> 93.177.176.251 7216 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 06:47:34.054969 0.055977 tcp 10.0.2.109 54469 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:47:34.111248 0.053208 tcp 10.0.2.109 54470 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:47:34.164292 0.148931 tcp 10.0.2.109 54471 -> 195.113.214.211 443 SRPA* 0 0 56 36622 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:47:34.311949 0.050453 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:34.401687 0.166810 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:34.578856 0.193574 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:34.764104 0.183987 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:34.918094 0.717874 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:35.417767 0.171181 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:35.563253 0.170637 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:35.829969 0.172183 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:35.998949 0.158224 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:36.166704 0.382860 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:36.545543 0.341649 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:36.966366 0.413883 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:37.359095 0.361625 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:37.712179 0.075879 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:37.812649 0.212324 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:38.000862 0.239180 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:38.198454 0.343952 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:38.541819 0.167979 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:38.704454 0.177681 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:38.860461 0.390119 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:39.227045 0.059053 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:39.346085 0.159838 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:39.497058 0.350556 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:39.867104 0.186631 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:40.031330 0.067644 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:40.108835 0.064688 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:40.157575 0.437732 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:40.606784 0.152771 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:40.758811 0.116532 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:40.834979 0.214308 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:41.030898 0.177205 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:41.173602 0.064192 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:41.261802 0.124744 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:41.345539 0.389896 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:47:41.700283 0.174878 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/07 06:52:47.364394 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 06:52:47.364502 0.602784 tcp 10.0.2.109 54472 -> 176.73.169.112 1959 FSPA* 0 0 15 1586 flow=From-Botnet-V1-TCP-Established 1970/02/07 06:53:53.712724 3.000396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 06:54:00.718965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:54:08.720463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:54:24.723587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 06:54:56.739556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:01:00.745675 3.001894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 07:01:07.753064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:01:15.756615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:01:31.757675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:02:03.763607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:08:29.780999 3.001917 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 07:08:36.788477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:08:44.790467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:09:00.792659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:09:32.800717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:15:44.807052 3.001131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 07:15:51.819802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:15:59.815554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:16:15.818564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:16:47.824578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:18:00.168939 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 07:18:00.169049 0.250725 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:00.414832 0.188522 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:00.595999 0.156962 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:00.809236 0.048485 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:00.865011 0.164658 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:01.024371 0.689897 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:01.494759 0.172131 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:01.643300 0.168620 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:01.835556 0.354015 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:02.185846 0.341748 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:02.537057 0.173671 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:02.708240 0.155944 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:03.228290 0.079996 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:03.286414 0.406243 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:03.671834 0.309296 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:04.114303 0.204584 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:04.295471 0.240531 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:04.493259 0.323528 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:04.815998 0.166455 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:04.972340 0.178231 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:05.134217 0.157453 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:05.458796 0.374772 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:05.816264 0.397237 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2021 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:06.190911 0.056842 rtp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:06.258617 0.692844 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 1994 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:06.930977 0.069479 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:07.165782 0.062368 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:07.212559 0.443922 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:07.758811 0.152690 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:07.910493 0.116535 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:08.048838 0.063842 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:08.097587 0.463704 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:08.523989 0.353878 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:08.837383 0.174618 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:08.982638 0.215672 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:18:09.257655 0.197478 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:22:47.975126 0.113739 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 07:22:48.089064 0.483823 tcp 10.0.2.109 54473 -> 176.73.169.112 1959 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/02/07 07:22:54.887108 2.974015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 07:23:01.841994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:23:09.843905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:23:25.846787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:23:57.852946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:30:01.858839 3.002832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 07:30:08.866140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:30:16.868765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:30:32.870729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:31:04.877179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:37:08.883323 3.006261 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 07:37:15.890133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:37:23.894548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:37:39.895123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:38:11.900917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:44:15.908354 3.000502 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 07:44:22.914235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:44:30.915566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:44:46.918348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:45:18.924919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:48:13.035371 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 07:48:13.035481 0.254375 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:13.220121 0.049666 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:13.382565 0.163243 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:13.539698 0.677188 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:14.183149 0.188527 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:14.363340 0.782541 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:14.906067 0.171312 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:15.155815 0.166871 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:15.312569 0.386591 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:15.695224 0.340382 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:16.045350 0.078635 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:16.106675 0.408546 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:16.497999 0.174162 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:16.669507 0.154441 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:16.827144 0.243746 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:17.028038 0.330342 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:17.466857 0.311467 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:17.806756 0.211456 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:17.994585 0.169301 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:18.151630 0.180405 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:18.309065 0.157572 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:18.459150 0.354148 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:18.793970 0.738418 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:19.510369 0.072701 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:19.565929 0.063404 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:19.727010 0.396865 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:20.103835 0.058855 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:20.173322 0.433867 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:20.618471 0.159753 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:20.815790 0.113722 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:20.889002 0.060499 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:20.947826 0.174238 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:21.131342 0.217685 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:21.328743 0.126112 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:21.457965 0.346757 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:48:21.761170 0.214645 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/07 07:52:48.471477 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 07:52:48.471631 0.605415 tcp 10.0.2.109 54474 -> 176.73.169.112 1959 FSPA* 0 0 14 1724 flow=From-Botnet-V1-TCP-Established 1970/02/07 07:53:41.940478 3.001534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 07:53:48.947824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:53:56.949474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:54:12.952788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 07:54:44.958628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:00:48.965185 3.001512 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 08:00:55.971974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:01:03.973164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:01:19.976536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:01:51.981959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:08:08.998292 3.827501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 08:08:16.783098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:08:24.695640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:08:40.531535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:09:12.185360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:15:28.038758 3.002040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 08:15:35.045502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:15:43.047498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:15:59.052475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:16:31.058630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:18:37.248175 0.000155 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 08:18:37.248442 0.163721 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:37.406031 0.160412 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:37.668115 0.048190 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:38.323900 0.486823 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:38.770173 0.255419 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:38.994018 0.188962 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:39.175271 0.171296 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:39.320466 0.171134 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:39.487717 0.353770 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:39.837856 0.410271 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:40.227838 0.171593 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:40.395277 0.156974 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:40.575824 0.339420 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:40.914924 0.078759 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:40.989255 0.310310 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:41.384309 0.240772 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:41.584080 0.323157 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:41.926293 0.205291 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 1948 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:42.108620 0.167646 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:42.266387 0.174100 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:42.494812 0.155302 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:42.643412 0.369096 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2606 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:43.057074 0.063124 rtp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:43.104764 0.161448 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:43.415397 0.071430 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:43.747244 0.393718 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:44.121975 0.062336 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:44.595193 0.443476 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:45.066548 0.154342 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:45.715317 0.117204 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:45.811036 0.056015 rtp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:45.859742 0.360425 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:46.176693 0.306922 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:46.561153 0.209531 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:46.708757 0.176658 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:18:47.138956 0.217911 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2559 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:22:39.071198 2.999508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 08:22:46.075740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:22:49.081469 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 08:22:49.081572 0.719764 tcp 10.0.2.109 54475 -> 176.73.169.112 1959 FSPA* 0 0 14 1703 flow=From-Botnet-V1-TCP-Established 1970/02/07 08:22:54.078903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:23:10.079532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:23:42.085987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:29:46.093561 3.000018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 08:29:53.101988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:30:01.102541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:30:17.108257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:30:49.110412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:36:53.115660 3.002331 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 08:37:00.124550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:37:08.125085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:37:24.128162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:37:56.133958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:44:00.140836 3.000705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 08:44:07.147680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:44:15.149315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:44:31.155234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:45:03.169939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:49:16.162224 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 08:49:16.162331 0.163374 rtp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:16.319440 0.148916 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2524 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:16.459785 0.049213 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:16.574181 0.683214 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:17.037312 0.170011 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:17.182959 0.169380 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:17.342488 0.331586 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:17.638291 0.190185 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:17.821011 0.375615 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:18.192373 0.408840 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:18.584256 0.177411 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:18.758865 0.075515 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:18.979454 0.157185 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:19.203022 0.337042 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:19.594998 0.337410 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:19.987888 0.311235 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:20.328129 0.241963 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:20.529952 0.214277 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:20.716133 0.166787 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:20.872800 0.179143 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:21.120200 0.157354 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:21.270474 0.163132 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:21.411298 0.376886 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:21.856133 0.062748 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:21.904409 0.069951 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:21.996265 0.390697 rtcp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:22.362957 0.070965 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:22.447760 0.449833 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:22.896818 0.171758 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:23.062100 0.108099 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:23.128934 0.062771 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:23.205998 0.215260 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:23.354286 0.181483 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:23.498357 0.352501 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:23.901288 0.173422 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:49:24.049450 0.218161 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/07 08:52:49.798966 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 08:52:49.799067 0.691733 tcp 10.0.2.109 54476 -> 176.73.169.112 1959 FSPA* 0 0 12 1559 flow=From-Botnet-V1-TCP-Established 1970/02/07 08:53:29.178541 3.001513 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 08:53:36.185888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:53:44.187539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:54:00.190169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 08:54:32.196390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:00:36.213372 3.000476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 09:00:43.219642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:00:51.221255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:01:07.223903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:01:39.230473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:07:43.242732 2.996544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 09:07:50.243600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:07:58.245217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:08:14.248476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:08:46.256819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:14:53.264588 3.001377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 09:15:00.272942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:15:08.273292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:15:24.276399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:15:56.282769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:19:50.299397 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 09:19:50.299503 0.048566 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:50.590632 0.166139 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:50.749205 0.147507 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:50.979670 0.707574 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:51.467837 0.168116 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:51.630887 0.168239 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:51.810861 0.521879 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:52.297629 0.189511 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:52.570487 0.174913 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:52.742476 0.404030 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:53.142461 0.416777 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:53.535544 0.340117 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:53.971011 0.336882 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:54.374832 0.079355 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:54.587195 0.155476 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:54.770663 0.310018 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:55.254568 0.244494 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:55.455535 0.206750 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:55.638583 0.164719 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:55.875435 0.160978 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:56.014713 0.343254 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:56.337837 0.063777 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:56.398278 0.174321 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:56.549801 0.155932 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:56.698283 0.069019 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2586 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:56.907623 0.384513 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:19:57.273996 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 8133 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 09:20:14.966172 0.054059 tcp 10.0.2.109 54477 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:20:15.020515 0.061353 tcp 10.0.2.109 54478 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:20:15.082185 0.212242 tcp 10.0.2.109 54479 -> 195.113.214.211 443 SRPA* 0 0 56 37361 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:20:15.293367 0.436434 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:20:15.896724 0.063683 udp 10.0.2.109 3683 <-> 87.153.119.41 4545 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:20:16.213314 0.187412 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 5 1982 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:20:16.359769 0.119948 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:20:16.524882 0.307835 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:20:16.797984 0.154486 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:20:16.951175 0.104675 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:20:17.080542 0.180011 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:20:17.260940 0.223049 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:22:00.288872 3.001523 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 09:22:07.295780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:22:15.297420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:22:31.300536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:22:50.502347 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 09:22:50.502468 0.606243 tcp 10.0.2.109 54480 -> 176.73.169.112 1959 FSPA* 0 0 15 1766 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:23:03.310004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:29:07.313109 3.003396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 09:29:14.322993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:29:22.321182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:29:38.324543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:30:10.334896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:36:14.337523 3.000481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 09:36:21.344543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:36:29.345366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:36:45.348545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:37:17.354077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:43:21.360533 3.001430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 09:43:28.367634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:43:36.369502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:43:52.372547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:44:24.378330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:50:28.385301 3.000532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 09:50:30.734954 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 09:50:30.735140 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 8133 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 09:50:35.391651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:50:43.393215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:50:48.052303 0.063323 tcp 10.0.2.109 54481 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:50:48.116008 0.056054 tcp 10.0.2.109 54482 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:50:48.172318 0.153896 tcp 10.0.2.109 54483 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:50:48.326891 0.159791 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:48.471831 0.049264 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:48.860241 0.164282 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:49.031787 0.162479 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:49.185762 0.913559 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:49.878000 0.171990 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:50.025457 0.247880 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:50.234646 0.173579 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:50.405220 0.189560 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:50.586973 0.411144 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:50.974926 0.348828 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:51.320419 0.338591 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:51.666710 0.158637 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:51.842744 0.330156 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:52.172222 0.076814 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:52.227268 0.237945 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:52.425574 0.207991 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:52.607273 0.311212 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:52.963603 0.064495 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:53.012884 0.176139 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:53.165641 0.158216 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:53.316008 0.348295 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:53.647110 0.162858 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:53.786588 0.167291 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:53.943051 0.389058 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:54.315437 0.072516 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:54.399292 0.440623 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:54.851154 0.225249 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:55.014936 0.274429 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:50:55.269643 0.000000 udp 10.0.2.109 3683 -> 87.153.119.41 4545 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 09:50:59.396571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:51:10.442721 0.056577 tcp 10.0.2.109 54484 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:51:10.499669 0.059852 tcp 10.0.2.109 54485 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:51:10.559359 0.163008 tcp 10.0.2.109 54486 -> 195.113.214.211 443 SRPA* 0 0 69 52336 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:51:10.721465 0.112849 udp 10.0.2.109 3683 <-> 91.6.31.69 5333 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:51:10.792343 0.176889 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:51:10.973216 0.289993 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:51:11.203934 0.651810 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:51:11.640002 0.158720 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/07 09:51:31.403042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:52:51.107398 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 09:52:51.107514 0.522800 tcp 10.0.2.109 54487 -> 176.73.169.112 1959 FSPA* 0 0 15 1585 flow=From-Botnet-V1-TCP-Established 1970/02/07 09:57:35.409257 3.001269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 09:57:42.415588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:57:50.417146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:58:06.420581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 09:58:38.426485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:04:59.447744 3.000608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 10:05:06.454577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:05:14.455735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:05:30.458790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:06:02.464612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:12:19.479320 3.001896 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 10:12:26.488420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:12:34.488428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:12:50.494872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:13:22.497281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:19:29.507456 3.001904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 10:19:36.515252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:19:44.516617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:20:00.519803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:20:32.525562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:21:15.768215 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 10:21:15.768318 0.000000 udp 10.0.2.109 3683 -> 87.153.119.41 4545 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 10:21:31.896882 0.056968 tcp 10.0.2.109 54488 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:21:31.954162 0.055176 tcp 10.0.2.109 54489 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:21:32.009145 0.150173 tcp 10.0.2.109 54490 -> 195.113.214.211 443 SRPA* 0 0 42 21422 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:21:32.159878 0.215548 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:21:32.358033 0.000000 udp 10.0.2.109 3683 -> 91.6.31.69 5333 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 10:21:50.988779 0.055084 tcp 10.0.2.109 54491 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:21:51.043687 0.056222 tcp 10.0.2.109 54492 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:21:51.100229 0.148900 tcp 10.0.2.109 54493 -> 195.113.214.211 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:21:51.249668 0.175465 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:21:51.395650 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 10:22:10.356605 0.052994 tcp 10.0.2.109 54494 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:22:10.409849 0.054801 tcp 10.0.2.109 54495 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:22:10.465009 0.156164 tcp 10.0.2.109 54496 -> 195.113.214.211 443 SRPA* 0 0 42 21258 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:22:10.620073 0.000000 udp 10.0.2.109 3683 -> 125.113.190.240 6577 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 10:22:28.483348 0.054934 tcp 10.0.2.109 54497 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:22:28.538650 0.054555 tcp 10.0.2.109 54498 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:22:28.593583 0.164353 tcp 10.0.2.109 54499 -> 195.113.214.211 443 SRPA* 0 0 69 41646 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:22:28.756909 0.174171 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:28.905432 0.047957 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:28.991491 0.162849 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:29.146432 1.560061 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:30.542867 0.161903 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:30.749466 0.405071 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:31.134727 0.188923 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:31.417161 0.173548 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:31.587882 0.247539 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:31.800924 0.173740 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:31.949942 0.340786 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:32.973134 0.157145 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:33.170758 0.352881 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:33.519790 0.311718 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:34.094833 0.070114 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:34.700935 0.204476 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:34.883216 0.239427 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:35.079676 0.322560 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:35.526789 0.172146 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:35.686546 0.063567 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:36.117328 0.172465 udp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:36.267796 0.157986 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2584 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:36.417661 0.162793 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:36.581854 0.340374 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:37.384177 0.448464 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:38.094845 0.397148 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:38.470457 0.069272 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:38.745339 0.371773 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:39.076976 0.217024 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:22:51.636010 0.552527 tcp 10.0.2.109 54500 -> 176.73.169.112 1959 FSPA* 0 0 16 1604 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:26:37.534011 3.000778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 10:26:44.541831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:26:52.547101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:27:08.544732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:27:40.552382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:33:44.557361 3.001462 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 10:33:51.564438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:33:59.565803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:34:15.568950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:34:47.576403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:40:51.583795 3.174184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 10:40:58.726324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:41:06.664457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:41:22.603055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:41:54.608985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:47:58.615124 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 10:48:05.622556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:48:13.623782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:48:29.626307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:49:01.632942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:52:52.194933 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 10:52:52.195038 0.593530 tcp 10.0.2.109 54501 -> 176.73.169.112 1959 FSPA* 0 0 14 1521 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:53:08.618475 0.000000 udp 10.0.2.109 3683 -> 91.6.31.69 5333 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 10:53:25.363963 0.070482 tcp 10.0.2.109 54502 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:53:25.434738 0.057098 tcp 10.0.2.109 54503 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:53:25.492141 0.821335 tcp 10.0.2.109 54504 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:53:26.314050 0.153984 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:26.466839 0.552007 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 5 1539 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:26.902307 0.218932 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:27.098326 0.174810 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:27.278906 0.524169 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:27.703254 0.049144 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:27.844526 0.168667 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:28.017515 0.722004 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:28.497594 0.163275 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:28.681040 0.405969 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:29.067759 0.222136 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:29.282442 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 10:53:47.644607 0.053216 tcp 10.0.2.109 54505 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:53:47.698115 0.056899 tcp 10.0.2.109 54506 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:53:47.755340 0.162913 tcp 10.0.2.109 54507 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/07 10:53:47.918926 0.339896 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:48.341186 0.176075 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:48.514613 0.246097 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:48.726337 0.163326 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:48.971113 0.450410 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:49.417905 0.310867 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:49.727271 0.244856 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:49.926962 0.073084 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:50.031920 0.206112 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:50.216203 0.459839 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:50.675453 0.168527 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:50.855968 0.064533 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:50.906375 0.175712 rtp 10.0.2.109 3683 <-> 68.255.98.50 7736 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:51.060253 0.159563 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:51.323729 0.159834 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:51.460738 0.354068 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:51.933686 0.070388 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:51.985613 0.417584 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:52.487048 0.396911 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:52.863743 0.127249 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:53:53.015033 0.185864 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/07 10:55:39.648281 3.001205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 10:55:46.655225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:55:54.656882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:56:10.659629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 10:56:42.665749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:02:50.678005 3.001317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 11:02:57.684829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:03:05.686596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:03:21.688991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:03:53.695588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:09:57.702332 3.001012 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 11:10:04.708898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:10:12.710533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:10:28.713458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:11:00.720338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:17:04.726854 3.000019 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 11:17:11.733019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:17:19.734455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:17:35.737507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:18:07.743365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:22:52.794400 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 11:22:52.794513 0.523459 tcp 10.0.2.109 54508 -> 176.73.169.112 1959 FSPA* 0 0 14 1615 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:24:03.465252 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 11:24:03.465348 0.169461 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:03.667812 0.152932 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:03.819579 0.517330 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:04.253660 0.176131 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:04.440557 0.218673 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:04.637774 0.049107 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:04.841755 0.163673 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:04.997620 0.165249 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:05.181681 0.161043 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:05.336701 0.670951 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:05.809532 0.193872 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:06.106893 0.411157 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:06.499403 0.346615 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:06.909643 0.000000 udp 10.0.2.109 3683 -> 97.88.147.221 7504 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 11:24:13.751584 3.002511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 11:24:20.761888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:24:23.886376 0.050612 tcp 10.0.2.109 54509 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:24:23.937405 0.050748 tcp 10.0.2.109 54510 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:24:23.988608 0.148589 tcp 10.0.2.109 54511 -> 195.113.214.211 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:24:24.137901 0.175095 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:24.310730 0.240547 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:24.712464 0.353511 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:25.061797 0.072922 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:25.268307 0.425731 rtp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:25.671047 0.310165 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:26.158759 0.241885 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:26.358009 0.083309 udp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:26.563561 0.322346 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:26.885086 0.163905 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:27.146844 0.000000 udp 10.0.2.109 3683 -> 68.255.98.50 7736 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 11:24:28.760783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:24:44.774569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:24:44.975171 0.049725 tcp 10.0.2.109 54512 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:24:45.025327 0.049769 tcp 10.0.2.109 54513 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:24:45.075534 0.155249 tcp 10.0.2.109 54514 -> 195.113.214.211 443 SRPA* 0 0 27 12038 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:24:45.230336 0.161131 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:45.382262 0.160920 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:45.700686 0.353955 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:46.307399 0.065496 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:46.357815 0.371524 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 4 1381 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:46.958666 0.380561 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:47.321528 0.124537 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:24:47.501092 0.229234 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:25:16.779747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:31:20.785929 3.002762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 11:31:27.793662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:31:35.795324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:31:51.798752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:32:23.803721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:38:27.810472 3.001528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 11:38:34.817708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:38:42.819324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:38:58.822784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:39:30.831074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:45:34.834530 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 11:45:41.841704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:45:49.843417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:46:05.845877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:46:37.852150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:52:53.322614 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 11:52:53.322719 0.574815 tcp 10.0.2.109 54515 -> 176.73.169.112 1959 FSPA* 0 0 15 1735 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:54:27.860682 3.001979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 11:54:34.867908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:54:42.869712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:54:50.480951 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 11:54:50.481146 0.158682 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:54:50.641475 0.000000 udp 10.0.2.109 3683 -> 68.255.98.50 7736 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 11:54:58.873029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 11:55:06.625993 0.054167 tcp 10.0.2.109 54516 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:55:06.680455 0.053654 tcp 10.0.2.109 54517 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:55:06.734468 0.146988 tcp 10.0.2.109 54518 -> 195.113.214.211 443 SRPA* 0 0 37 29318 flow=From-Botnet-V1-TCP-Established 1970/02/07 11:55:06.882579 0.170395 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:07.029536 0.153625 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:07.181614 0.215419 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:07.376652 0.047917 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:07.439178 0.177227 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:07.601983 0.359323 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:07.924551 0.165005 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:08.084628 1.769845 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:08.924398 0.163877 udp 10.0.2.109 3683 <-> 70.88.72.57 3681 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:09.083002 0.161549 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:09.236457 0.422930 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:09.633274 0.195226 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:09.820003 0.337659 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:10.169390 0.255528 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:10.390432 0.170863 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:10.558686 0.310857 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:10.870934 0.072986 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:10.956818 0.346425 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:11.299378 0.206599 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:11.481034 0.241437 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:11.682792 0.065751 rtp 10.0.2.109 3683 <-> 78.50.25.10 4643 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:11.749241 0.321647 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:12.081965 0.165493 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:12.237383 0.163255 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:12.377022 0.157856 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:12.526998 0.076113 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:12.583740 0.418903 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:13.002695 0.350935 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:13.336851 0.210174 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:13.483905 0.388048 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:13.851963 0.119384 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/07 11:55:30.878876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:01:56.898792 2.999029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 12:02:03.903871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:02:11.905418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:02:27.908493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:02:59.914364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:09:24.921740 3.000318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 12:09:31.927919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:09:39.929401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:09:55.932483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:10:27.938424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:16:31.944222 3.001710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 12:16:38.951578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:16:46.953119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:17:02.956329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:17:34.962687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:22:53.901485 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 12:22:53.901588 0.693674 tcp 10.0.2.109 54519 -> 176.73.169.112 1959 FSPA* 0 0 14 1664 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:23:38.967714 3.002774 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 12:23:45.975792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:23:53.977248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:24:09.980167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:24:41.986104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:25:38.277852 0.000189 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 12:25:38.278157 0.159008 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:38.579354 0.221197 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:38.776325 0.047271 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:39.048610 0.171564 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:39.195294 0.153083 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:39.367067 0.157632 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2542 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:39.508828 0.172368 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:39.652677 0.310038 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:39.928113 0.709448 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:40.399030 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 12:25:55.503651 0.053667 tcp 10.0.2.109 54520 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:25:55.557663 0.056770 tcp 10.0.2.109 54521 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:25:55.614790 0.161554 tcp 10.0.2.109 54522 -> 195.113.214.211 443 SRPA* 0 0 48 42022 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:25:55.776921 0.163600 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:55.932750 0.336968 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:56.625279 0.413495 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:57.190447 0.193287 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:57.376720 0.244425 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:58.060359 0.235433 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:58.293013 0.311006 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:58.666021 0.073063 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:58.847808 0.354627 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:59.198423 0.204168 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:25:59.501898 0.315651 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:00.026796 0.240413 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:00.225465 0.000000 udp 10.0.2.109 3683 -> 78.50.25.10 4643 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 12:26:17.053551 0.053559 tcp 10.0.2.109 54523 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:26:17.107462 0.057220 tcp 10.0.2.109 54524 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:26:17.164952 0.154483 tcp 10.0.2.109 54525 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:26:17.320091 0.165630 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:17.576582 0.165699 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2642 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:17.717628 0.157900 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:17.867991 0.066496 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:18.086597 0.215771 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:18.254012 0.411458 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 3 1080 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:33.527171 0.053545 tcp 10.0.2.109 54526 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:26:33.581009 0.056719 tcp 10.0.2.109 54527 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:26:33.638028 0.157611 tcp 10.0.2.109 54528 -> 195.113.214.211 443 SRPA* 0 0 38 32996 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:26:33.796455 0.374136 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:34.153413 0.393047 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:26:34.529853 0.122697 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:30:45.993702 2.999734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 12:30:52.999717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:31:01.001083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:31:17.004122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:31:49.010286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:37:53.015959 3.001813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 12:38:00.023073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:38:08.026806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:38:24.028584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:38:56.034487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:45:00.040168 3.002404 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 12:45:07.122501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:45:15.059004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:45:31.062374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:46:03.068668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:52:54.600204 0.000199 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 12:52:54.600503 0.550182 tcp 10.0.2.109 54529 -> 176.73.169.112 1959 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:54:07.077838 3.000786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 12:54:14.084163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:54:22.085363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:54:38.088794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:55:10.094644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 12:56:40.465301 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 12:56:40.465406 0.000000 udp 10.0.2.109 3683 -> 70.88.72.57 3681 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 12:56:57.070987 0.055569 tcp 10.0.2.109 54530 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:56:57.126914 0.054754 tcp 10.0.2.109 54531 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:56:57.182039 0.155348 tcp 10.0.2.109 54532 -> 195.113.214.211 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:56:57.337908 0.000000 udp 10.0.2.109 3683 -> 78.50.25.10 4643 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 12:57:16.036401 0.052645 tcp 10.0.2.109 54533 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:57:16.089340 0.055129 tcp 10.0.2.109 54534 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:57:16.144349 0.153686 tcp 10.0.2.109 54535 -> 195.113.214.211 443 SRPA* 0 0 21 12430 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:57:16.298648 0.346774 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:16.649012 0.216442 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:16.844721 0.156005 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:17.037990 0.171559 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:17.182727 0.314436 rtp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:17.549143 0.047327 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:17.616841 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 12:57:35.774089 0.053649 tcp 10.0.2.109 54536 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:57:35.828023 0.053478 tcp 10.0.2.109 54537 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:57:35.881770 0.150445 tcp 10.0.2.109 54538 -> 195.113.214.211 443 SRPA* 0 0 57 29622 flow=From-Botnet-V1-TCP-Established 1970/02/07 12:57:36.032364 0.172063 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:36.182682 0.153429 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:36.327874 0.535542 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:36.744303 0.166098 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:36.939975 0.344891 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:37.341451 0.192975 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:37.526634 0.414323 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2547 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:37.920547 0.073220 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:38.041072 0.309217 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:38.348748 0.172970 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:38.518696 0.247139 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:38.728955 0.353869 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:39.078866 0.205656 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:39.316122 0.322909 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:39.638293 0.238055 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:39.917144 0.158284 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:40.067352 0.164055 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:40.209125 0.167985 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:40.364837 0.071977 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:40.639002 0.221752 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:40.818890 0.124773 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:40.912861 0.355864 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/07 12:57:41.315105 0.397090 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:01:28.111175 3.000957 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 13:01:35.117990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:01:43.119710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:01:59.122719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:02:31.138780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:09:00.152072 3.000534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 13:09:07.159181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:09:15.159934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:09:31.162881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:10:03.168866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:16:07.175412 3.000543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 13:16:14.181977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:16:22.183527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:16:38.186204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:17:10.193111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:22:55.159300 0.019943 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 13:22:55.179441 0.879671 tcp 10.0.2.109 54539 -> 176.73.169.112 1959 FSPA* 0 0 15 1744 flow=From-Botnet-V1-TCP-Established 1970/02/07 13:23:14.208725 3.001599 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 13:23:21.216018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:23:29.217706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:23:45.220836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:24:17.226663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:28:07.618107 0.000165 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 13:28:07.618374 0.412461 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:08.028597 0.152470 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:08.294814 0.172516 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:08.438737 0.224535 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:08.643208 0.339446 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:09.114796 0.548861 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 3 766 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:09.521976 0.046898 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2567 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:09.570614 0.166542 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:09.943868 0.156536 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:10.088889 1.560215 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:10.682917 0.167011 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:10.840127 0.332757 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:11.267052 0.191888 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:11.540091 0.401514 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:12.139363 0.073263 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:12.192839 0.310557 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:12.833461 0.354898 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:13.184721 0.207672 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:13.393661 0.338334 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:13.774748 0.242507 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:13.977441 0.157765 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:14.132597 0.175543 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:14.304988 0.251261 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:14.522774 0.222585 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:14.722054 0.207765 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:14.998933 0.063520 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:15.047090 0.192697 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:15.200353 0.124337 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:15.400710 0.365466 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:28:15.808840 0.397900 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:30:21.233360 3.002611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 13:30:28.240228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:30:36.241814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:30:52.244149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:31:24.251790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:37:28.256286 3.002199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 13:37:35.264280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:37:43.265631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:37:59.268537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:38:31.274776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:44:35.280346 3.001952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 13:44:42.288176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:44:50.289655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:45:06.292681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:45:38.298789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:52:56.048240 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 13:52:56.048424 0.473785 tcp 10.0.2.109 54540 -> 176.73.169.112 1959 FSPA* 0 0 14 1645 flow=From-Botnet-V1-TCP-Established 1970/02/07 13:53:55.307386 3.000547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 13:54:02.313172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:54:10.314829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:54:26.317640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:54:58.323893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 13:58:23.649329 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 13:58:23.649435 0.189511 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:23.902961 0.488915 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:24.175395 0.326526 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:24.608736 0.156726 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:24.764524 0.157156 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:24.956261 0.000000 udp 10.0.2.109 3683 -> 125.113.190.240 6577 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 13:58:43.108953 0.060523 tcp 10.0.2.109 54541 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 13:58:43.169741 0.031299 tcp 10.0.2.109 54542 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 13:58:43.201375 0.129820 tcp 10.0.2.109 54543 -> 195.113.214.211 443 SRPA* 0 0 46 38664 flow=From-Botnet-V1-TCP-Established 1970/02/07 13:58:43.331888 0.048293 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:43.406986 0.168439 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:43.554407 0.162640 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:43.707173 0.156777 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:43.860515 0.735349 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:44.339286 0.343284 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:44.683924 0.192794 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:44.869369 0.414183 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:45.263091 0.075547 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:45.320692 0.310222 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:45.628340 0.330788 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:45.957955 0.241558 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:46.158394 0.353762 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2003 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:46.539538 0.204341 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:46.718822 0.161077 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:46.872603 0.175333 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:47.043343 0.257059 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:47.263596 0.165376 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:49.601512 0.163708 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:49.766621 0.130392 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:49.857222 0.419185 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:50.284181 0.067650 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:50.335078 0.216569 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/07 13:58:50.494858 0.408546 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:01:02.339490 2.992885 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 14:01:09.336928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:01:17.338689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:01:33.341815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:02:05.347605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:08:17.356238 3.010734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 14:08:24.372724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:08:32.373708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:08:48.379460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:09:20.383242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:15:24.390367 3.001171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 14:15:31.397171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:15:39.397978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:15:55.401405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:16:27.408301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:22:31.412943 3.003049 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 14:22:38.421137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:22:46.432527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:22:56.527271 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 14:22:56.527377 0.563912 tcp 10.0.2.109 54544 -> 176.73.169.112 1959 FSPA* 0 0 14 1550 flow=From-Botnet-V1-TCP-Established 1970/02/07 14:23:02.435329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:23:34.451087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:29:02.813768 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 14:29:02.813989 0.513666 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:03.145264 0.174225 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:03.355210 0.500654 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:03.835256 0.153853 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:04.104424 0.324392 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:04.430194 0.160300 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:04.826743 0.049064 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:05.046829 0.167904 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:05.193286 0.169189 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:05.482335 0.171557 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:05.649772 0.193881 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:05.835690 0.410547 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:06.225492 0.752962 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:06.718215 0.340265 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:07.279679 0.070624 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:07.334246 0.310013 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:07.642855 0.322925 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:08.102755 0.240102 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:08.304950 0.157830 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:08.455029 0.173701 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:08.654281 0.352779 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:09.003151 0.200447 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2002 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:09.207426 0.241374 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:09.416739 0.162824 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:09.557816 0.173513 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:09.722301 0.123495 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:09.965718 0.244938 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:10.155021 0.378032 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:12.699823 0.065116 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:12.749162 0.410830 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:29:38.456993 3.002400 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 14:29:45.464656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:29:53.466965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:30:09.469047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:30:41.475192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:36:45.482061 3.000974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 14:36:52.488654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:37:00.489756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:37:16.493024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:37:48.499123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:43:52.508444 2.999458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 14:43:59.512514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:44:07.514000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:44:23.516970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:44:55.523138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:50:59.530025 3.000680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 14:51:06.536684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:51:14.537747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:51:30.541137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:52:02.546476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:52:57.095878 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 14:52:57.096114 0.552517 tcp 10.0.2.109 54545 -> 176.73.169.112 1959 FSPA* 0 0 14 1656 flow=From-Botnet-V1-TCP-Established 1970/02/07 14:58:06.553524 3.000963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 14:58:13.560514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:58:21.561836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:58:37.565166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:59:09.571206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 14:59:26.955960 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 14:59:26.956071 0.309573 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:27.227714 0.176138 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:27.682654 0.328068 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:28.095228 0.157973 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2033 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:28.310782 0.225353 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:28.513142 0.165906 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:28.715583 0.048408 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:28.860120 0.169566 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:29.004647 0.162953 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:29.250693 0.166590 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:29.410036 0.715067 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2562 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:29.865252 0.192323 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:30.049705 0.408451 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:30.435878 0.342214 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:30.886131 0.074210 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:31.011758 0.310765 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:31.351623 0.159858 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2536 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:31.503718 0.173613 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:31.674694 0.322033 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:31.998309 0.237629 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:32.196343 0.677430 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:34.177064 0.204705 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:34.358025 0.249657 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:34.627476 0.160322 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:34.814991 0.183521 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:35.302671 0.126206 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:35.454029 0.284822 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:35.680826 0.377974 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:36.489533 0.066019 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/07 14:59:36.614883 0.397642 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:05:38.584300 3.000324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 15:05:45.590577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:05:53.591971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:06:09.594739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:06:41.600980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:12:45.612405 2.998394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 15:12:52.614424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:13:00.615718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:13:16.618897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:13:48.624611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:19:52.630878 3.001228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 15:19:59.637733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:20:07.640194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:20:23.643579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:20:55.648849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:22:57.654985 0.000224 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 15:22:57.655310 2.992781 tcp 10.0.2.109 54546 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:23:06.656795 0.000000 tcp 10.0.2.109 54546 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:23:12.785008 0.032600 tcp 10.0.2.109 54547 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:23:12.817433 0.033815 tcp 10.0.2.109 54548 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:23:12.851603 0.333682 tcp 10.0.2.109 54549 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:23:13.383464 2.977428 tcp 10.0.2.109 54550 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:23:22.303786 0.000000 tcp 10.0.2.109 54550 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:23:28.259142 0.055131 tcp 10.0.2.109 54551 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:23:28.313968 0.031907 tcp 10.0.2.109 54552 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:23:28.346261 0.143658 tcp 10.0.2.109 54553 -> 195.113.214.211 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:23:28.499822 3.003241 tcp 10.0.2.109 54554 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:23:37.502245 0.000000 tcp 10.0.2.109 54554 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:23:43.500305 3.008220 tcp 10.0.2.109 54555 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:23:52.503115 0.000000 tcp 10.0.2.109 54555 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:26:59.656015 3.000492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 15:27:06.662459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:27:14.663708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:27:30.666930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:28:02.672968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:28:58.503610 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 15:28:58.503718 3.003559 tcp 10.0.2.109 54556 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:29:07.516481 0.000000 tcp 10.0.2.109 54556 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:29:13.508794 0.055557 tcp 10.0.2.109 54557 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:29:13.564665 0.032565 tcp 10.0.2.109 54558 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:29:13.597538 0.127948 tcp 10.0.2.109 54559 -> 195.113.214.211 443 SRPA* 0 0 25 14108 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:29:13.918614 3.000642 tcp 10.0.2.109 54560 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:29:22.918180 0.000000 tcp 10.0.2.109 54560 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:29:28.916890 0.030950 tcp 10.0.2.109 54561 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:29:28.948133 0.031743 tcp 10.0.2.109 54562 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:29:28.979957 0.150577 tcp 10.0.2.109 54563 -> 195.113.214.211 443 SRPA* 0 0 30 15924 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:29:29.480396 3.002214 tcp 10.0.2.109 54564 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:29:38.480629 0.000000 tcp 10.0.2.109 54564 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:29:38.781190 0.422234 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:39.169422 0.175249 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:39.585332 0.329905 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:40.050776 0.210002 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:40.259580 0.156110 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:40.600473 0.218277 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:40.797499 0.048199 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:41.041336 0.166231 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:41.184526 0.166986 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:41.613297 0.145128 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:41.754250 0.691956 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:42.207160 0.250490 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:42.493684 0.410205 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:42.886589 0.346714 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:43.440366 0.072164 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:43.640883 0.308567 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:43.948527 0.343193 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:44.423929 0.159864 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:44.544811 2.984497 tcp 10.0.2.109 54565 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:29:44.574458 0.179899 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:44.750149 0.241330 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:45.021319 0.353065 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:45.370248 0.209882 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:45.594044 0.249403 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:45.808678 0.299598 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:46.084295 0.174118 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:46.252858 0.364077 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:46.580308 0.304820 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:46.823341 0.341620 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:47.227646 0.069896 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:47.279664 0.383264 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:29:53.481789 0.000000 tcp 10.0.2.109 54565 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:34:06.678995 3.001329 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 15:34:13.686391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:34:21.687653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:34:37.690858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:34:59.482628 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 15:34:59.482730 3.003697 tcp 10.0.2.109 54566 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:35:08.485521 0.000000 tcp 10.0.2.109 54566 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:35:09.696468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:35:14.485990 0.032089 tcp 10.0.2.109 54567 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:35:14.518366 0.053918 tcp 10.0.2.109 54568 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:35:14.572602 0.125681 tcp 10.0.2.109 54569 -> 195.113.214.211 443 SRPA* 0 0 34 18150 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:35:15.053718 2.995116 tcp 10.0.2.109 54570 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:35:24.057388 0.000000 tcp 10.0.2.109 54570 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:35:30.046627 0.031289 tcp 10.0.2.109 54571 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:35:30.077704 0.054189 tcp 10.0.2.109 54572 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:35:30.131712 0.132035 tcp 10.0.2.109 54573 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:35:30.582600 2.999375 tcp 10.0.2.109 54574 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:35:39.582613 0.000000 tcp 10.0.2.109 54574 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:35:45.578743 3.003734 tcp 10.0.2.109 54575 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:35:54.581100 0.000000 tcp 10.0.2.109 54575 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:41:00.581929 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 15:41:00.582039 3.008310 tcp 10.0.2.109 54576 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:41:09.584026 0.000000 tcp 10.0.2.109 54576 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:41:13.702250 3.001655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 15:41:15.584871 0.031533 tcp 10.0.2.109 54577 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:41:15.616705 0.032251 tcp 10.0.2.109 54578 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:41:15.649310 0.147816 tcp 10.0.2.109 54579 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:41:16.139925 2.998340 tcp 10.0.2.109 54580 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:41:20.709914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:41:25.146256 0.000000 tcp 10.0.2.109 54580 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:41:28.711944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:41:31.135767 0.031291 tcp 10.0.2.109 54581 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:41:31.166864 0.032473 tcp 10.0.2.109 54582 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:41:31.199217 0.129033 tcp 10.0.2.109 54583 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:41:31.657718 3.002644 tcp 10.0.2.109 54584 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:41:40.658440 0.000000 tcp 10.0.2.109 54584 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:41:44.714145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:41:46.657966 3.003367 tcp 10.0.2.109 54585 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:41:55.660582 0.000000 tcp 10.0.2.109 54585 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:42:16.720694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:47:01.661004 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 15:47:01.661098 3.003616 tcp 10.0.2.109 54586 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:47:10.663392 0.000000 tcp 10.0.2.109 54586 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:47:16.664082 0.031598 tcp 10.0.2.109 54587 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:47:16.695991 0.031976 tcp 10.0.2.109 54588 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:47:16.728332 0.145986 tcp 10.0.2.109 54589 -> 195.113.214.211 443 SRPA* 0 0 33 23088 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:47:17.135893 3.001108 tcp 10.0.2.109 54590 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:47:26.135452 0.000000 tcp 10.0.2.109 54590 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:47:32.135004 0.053016 tcp 10.0.2.109 54591 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:47:32.188323 0.031677 tcp 10.0.2.109 54592 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:47:32.219908 0.126570 tcp 10.0.2.109 54593 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:47:32.453267 2.985721 tcp 10.0.2.109 54594 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:47:41.437624 0.000000 tcp 10.0.2.109 54594 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:47:47.446534 2.994167 tcp 10.0.2.109 54595 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:47:56.439098 0.000000 tcp 10.0.2.109 54595 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:48:20.727201 3.000681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 15:48:27.734507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:48:35.735756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:48:51.738250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:49:23.744229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:53:02.449968 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 15:53:02.450194 3.003085 tcp 10.0.2.109 54596 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:53:11.452090 0.000000 tcp 10.0.2.109 54596 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:53:17.452828 0.059906 tcp 10.0.2.109 54597 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:53:17.513057 0.060294 tcp 10.0.2.109 54598 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:53:17.573642 0.144622 tcp 10.0.2.109 54599 -> 195.113.214.211 443 SRPA* 0 0 40 25077 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:53:17.745711 2.999783 tcp 10.0.2.109 54600 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:53:26.744017 0.000000 tcp 10.0.2.109 54600 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:53:32.743179 0.059136 tcp 10.0.2.109 54601 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:53:32.802676 0.060375 tcp 10.0.2.109 54602 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:53:32.863428 0.158327 tcp 10.0.2.109 54603 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/07 15:53:33.192494 3.005356 tcp 10.0.2.109 54604 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:53:42.205967 0.000000 tcp 10.0.2.109 54604 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:53:48.185214 2.994037 tcp 10.0.2.109 54605 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:53:57.177745 0.000000 tcp 10.0.2.109 54605 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 15:55:48.751902 3.000228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 15:55:55.758494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:56:03.759924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:56:19.762636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:56:51.769106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 15:59:50.136057 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 15:59:50.136145 0.308804 rtp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:50.408611 0.175050 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:50.909790 0.157193 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:51.072807 0.257876 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:52.132116 0.338638 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:53.189946 0.153648 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:53.342450 0.048072 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:53.401823 0.167685 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:53.963246 0.164710 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:54.513985 0.152006 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:55.094018 0.703194 udp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:55.556655 0.188979 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:55.781320 0.074458 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2598 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:56.376821 0.408214 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/07 15:59:56.764758 0.341341 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:00.664800 0.314607 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:01.156831 0.350176 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:02.139597 0.157672 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:04.001881 2.977783 tcp 10.0.2.109 54606 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:00:04.456589 0.172329 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:12.977669 0.000000 tcp 10.0.2.109 54606 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:00:15.817278 0.207951 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:16.401988 0.247987 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:17.297302 0.237066 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:17.494544 0.352322 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:20.841726 0.060026 tcp 10.0.2.109 54607 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:00:20.902027 0.060230 tcp 10.0.2.109 54608 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:00:20.962538 0.160283 tcp 10.0.2.109 54609 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:00:23.754904 2.966709 tcp 10.0.2.109 54610 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:00:23.756598 0.160365 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:26.417313 0.176158 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:26.588321 0.122726 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:26.730443 0.394140 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:27.074178 0.391071 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:27.447629 0.371212 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:27.798739 0.070498 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:00:32.650454 0.000000 tcp 10.0.2.109 54610 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:00:38.568237 0.059394 tcp 10.0.2.109 54611 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:00:38.627477 0.058587 tcp 10.0.2.109 54612 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:00:38.686380 0.158690 tcp 10.0.2.109 54613 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:00:40.690601 2.970526 tcp 10.0.2.109 54614 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:00:49.593820 0.000000 tcp 10.0.2.109 54614 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:00:55.519105 2.972165 tcp 10.0.2.109 54615 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:01:04.417272 0.000000 tcp 10.0.2.109 54615 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:02:55.805334 2.971051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 16:03:02.782465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:03:10.783823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:03:26.786594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:03:58.792945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:06:09.061481 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 16:06:09.061567 3.003633 tcp 10.0.2.109 54616 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:06:18.063194 0.000000 tcp 10.0.2.109 54616 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:06:24.063741 0.254919 tcp 10.0.2.109 54617 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:06:24.319018 0.060075 tcp 10.0.2.109 54618 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:06:24.378923 0.156326 tcp 10.0.2.109 54619 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:06:24.637881 2.998928 tcp 10.0.2.109 54620 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:06:33.635216 0.000000 tcp 10.0.2.109 54620 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:06:39.634756 0.059003 tcp 10.0.2.109 54621 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:06:39.693581 0.060220 tcp 10.0.2.109 54622 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:06:39.754135 0.156708 tcp 10.0.2.109 54623 -> 195.113.214.211 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:06:39.933532 2.995355 tcp 10.0.2.109 54624 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:06:48.936819 0.000000 tcp 10.0.2.109 54624 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:06:54.925815 2.995041 tcp 10.0.2.109 54625 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:07:03.918945 0.000000 tcp 10.0.2.109 54625 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:10:02.800252 3.000286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 16:10:09.806556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:10:17.807730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:10:33.811339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:11:05.816648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:12:09.929587 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 16:12:09.929689 3.003618 tcp 10.0.2.109 54626 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:12:18.931926 0.000000 tcp 10.0.2.109 54626 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:12:24.932564 0.058381 tcp 10.0.2.109 54627 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:12:24.991239 0.060755 tcp 10.0.2.109 54628 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:12:25.051841 0.158429 tcp 10.0.2.109 54629 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:12:25.476784 3.000306 tcp 10.0.2.109 54630 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:12:34.506537 0.000000 tcp 10.0.2.109 54630 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:12:40.473819 0.058582 tcp 10.0.2.109 54631 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:12:40.532676 0.060389 tcp 10.0.2.109 54632 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:12:40.593399 0.158525 tcp 10.0.2.109 54633 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:12:41.080563 2.997478 tcp 10.0.2.109 54634 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:12:50.146337 0.000000 tcp 10.0.2.109 54634 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:12:56.091085 2.979510 tcp 10.0.2.109 54635 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:13:05.068790 0.000000 tcp 10.0.2.109 54635 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:17:09.822696 3.001781 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 16:17:16.830361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:17:24.831748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:17:40.834638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:18:11.080241 0.000211 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 16:18:11.080563 3.002140 tcp 10.0.2.109 54636 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:18:12.850382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:18:20.083679 0.000000 tcp 10.0.2.109 54636 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:18:26.081765 0.059994 tcp 10.0.2.109 54637 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:18:26.142016 0.058534 tcp 10.0.2.109 54638 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:18:26.200866 0.158412 tcp 10.0.2.109 54639 -> 195.113.214.211 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:18:26.555300 3.000576 tcp 10.0.2.109 54640 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:18:35.553252 0.000000 tcp 10.0.2.109 54640 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:18:41.553251 0.058032 tcp 10.0.2.109 54641 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:18:41.611563 0.059007 tcp 10.0.2.109 54642 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:18:41.670875 0.156905 tcp 10.0.2.109 54643 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:18:42.048998 3.008041 tcp 10.0.2.109 54644 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:18:51.055894 0.000000 tcp 10.0.2.109 54644 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:18:57.044934 2.993053 tcp 10.0.2.109 54645 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:19:06.481196 0.000000 tcp 10.0.2.109 54645 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:24:12.047533 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 16:24:12.047719 3.004025 tcp 10.0.2.109 54646 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:24:16.858785 2.999664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 16:24:21.050471 0.000000 tcp 10.0.2.109 54646 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:24:23.864078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:24:27.050967 0.060091 tcp 10.0.2.109 54647 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:24:27.111415 0.059514 tcp 10.0.2.109 54648 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:24:27.171156 0.161686 tcp 10.0.2.109 54649 -> 195.113.214.211 443 SRPA* 0 0 23 11450 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:24:27.459779 3.004028 tcp 10.0.2.109 54650 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:24:31.865256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:24:36.462522 0.000000 tcp 10.0.2.109 54650 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:24:47.868581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:25:19.874718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:30:43.911064 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 16:30:43.911268 0.158152 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:44.123816 0.350246 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:44.435885 0.173615 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:44.829593 0.218750 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:45.027465 0.053118 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:45.192780 0.326139 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:45.706759 0.156078 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:45.861274 0.167351 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:46.122965 0.168642 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:46.279701 0.230628 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:46.476680 0.698969 rtp 10.0.2.109 3683 <-> 119.234.177.85 5726 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:46.937040 0.191070 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:47.237836 0.070783 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:47.451301 0.404926 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:30:47.837450 0.000000 udp 10.0.2.109 3683 -> 202.64.92.136 6926 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 16:30:57.470498 3.004023 tcp 10.0.2.109 54651 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:31:05.766623 0.060088 tcp 10.0.2.109 54652 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:31:05.827046 0.059697 tcp 10.0.2.109 54653 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:31:05.887069 0.163319 tcp 10.0.2.109 54654 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:31:06.051093 0.661002 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:06.474837 0.000000 tcp 10.0.2.109 54651 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:31:06.710636 0.329091 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:07.039163 0.159299 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:07.190629 0.234566 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:07.421457 0.204530 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:07.601695 0.254561 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:07.818387 0.241234 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:08.183135 0.349582 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:08.528814 0.217850 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:08.684704 0.312436 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:09.093752 0.393210 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:09.468277 0.183250 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:09.722950 0.121877 rtcp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:09.804830 0.422099 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:10.329064 0.068242 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/07 16:31:12.472124 0.058747 tcp 10.0.2.109 54655 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:31:12.531180 0.060983 tcp 10.0.2.109 54656 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:31:12.592421 0.163706 tcp 10.0.2.109 54657 -> 195.113.214.211 443 SRPA* 0 0 69 69902 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:31:12.823644 2.992253 tcp 10.0.2.109 54658 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:31:22.044204 0.000000 tcp 10.0.2.109 54658 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:31:24.101744 2.975621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 16:31:27.991037 0.060118 tcp 10.0.2.109 54659 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:31:28.051485 0.058146 tcp 10.0.2.109 54660 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:31:28.109967 0.158330 tcp 10.0.2.109 54661 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:31:28.455991 2.968088 tcp 10.0.2.109 54662 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:31:31.046621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:31:37.378898 0.000000 tcp 10.0.2.109 54662 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:31:38.979325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:31:43.317739 2.967180 tcp 10.0.2.109 54663 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:31:52.268635 0.000000 tcp 10.0.2.109 54663 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:31:54.903190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:32:26.908998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:36:58.279770 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 16:36:58.279890 3.003545 tcp 10.0.2.109 54664 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:37:07.282043 0.000000 tcp 10.0.2.109 54664 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:37:13.282674 0.059540 tcp 10.0.2.109 54665 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:37:13.342517 0.058481 tcp 10.0.2.109 54666 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:37:13.401306 0.154155 tcp 10.0.2.109 54667 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:37:13.843222 3.002000 tcp 10.0.2.109 54668 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:37:22.844126 0.000000 tcp 10.0.2.109 54668 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:37:28.843645 0.060100 tcp 10.0.2.109 54669 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:37:28.904131 0.061255 tcp 10.0.2.109 54670 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:37:28.965725 0.158365 tcp 10.0.2.109 54671 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:37:29.296038 2.991629 tcp 10.0.2.109 54672 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:37:38.295969 0.000000 tcp 10.0.2.109 54672 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:37:44.294985 2.994279 tcp 10.0.2.109 54673 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:37:53.287571 0.000000 tcp 10.0.2.109 54673 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:38:30.916208 2.999589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 16:38:37.921800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:38:45.924086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:39:01.926653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:39:33.942665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:42:59.299014 0.287455 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 16:42:59.586758 2.975281 tcp 10.0.2.109 54674 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:43:08.502554 0.000000 tcp 10.0.2.109 54674 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:43:14.458264 0.060189 tcp 10.0.2.109 54675 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:43:14.518741 0.060393 tcp 10.0.2.109 54676 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:43:14.579461 0.158839 tcp 10.0.2.109 54677 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:43:15.052769 2.974415 tcp 10.0.2.109 54678 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:43:23.972346 0.000000 tcp 10.0.2.109 54678 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:43:29.917083 0.060050 tcp 10.0.2.109 54679 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:43:29.977000 0.060029 tcp 10.0.2.109 54680 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:43:30.037361 0.163587 tcp 10.0.2.109 54681 -> 195.113.214.211 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:43:30.399040 2.998122 tcp 10.0.2.109 54682 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:43:39.395729 0.000000 tcp 10.0.2.109 54682 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:43:45.394667 2.993806 tcp 10.0.2.109 54683 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:43:54.397156 0.000000 tcp 10.0.2.109 54683 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:45:37.949280 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 16:45:44.956133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:45:52.957216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:46:08.960586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:46:40.966220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:49:00.397568 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 16:49:00.397807 3.003502 tcp 10.0.2.109 54684 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:49:09.402592 0.000000 tcp 10.0.2.109 54684 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:49:15.401108 0.061322 tcp 10.0.2.109 54685 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:49:15.462712 0.060474 tcp 10.0.2.109 54686 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:49:15.523497 0.163567 tcp 10.0.2.109 54687 -> 195.113.214.211 443 SRPA* 0 0 23 11448 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:49:16.039683 3.003969 tcp 10.0.2.109 54688 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:49:25.042680 0.000000 tcp 10.0.2.109 54688 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:49:31.041747 0.060661 tcp 10.0.2.109 54689 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:49:31.102808 0.061476 tcp 10.0.2.109 54690 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:49:31.163925 0.157820 tcp 10.0.2.109 54691 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/07 16:49:31.413539 3.002511 tcp 10.0.2.109 54692 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:49:40.414773 0.000000 tcp 10.0.2.109 54692 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:49:46.413573 3.003971 tcp 10.0.2.109 54693 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:49:55.426367 0.000000 tcp 10.0.2.109 54693 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 16:54:28.982365 3.001549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 16:54:35.989606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:54:43.991389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:54:59.993883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 16:55:32.000132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:01:21.913073 0.000159 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 17:01:21.913349 0.340550 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:22.313558 0.154234 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:22.706500 0.879283 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 3 859 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:23.312032 0.328441 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:23.698292 0.172394 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:24.166459 0.218993 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:24.363751 0.048505 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:24.456642 0.163454 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:24.618862 0.161007 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:24.771857 0.212290 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:25.272555 0.169275 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:25.420289 0.190416 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 1966 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:25.663447 0.000000 udp 10.0.2.109 3683 -> 119.234.177.85 5726 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 17:01:31.457591 3.003839 tcp 10.0.2.109 54694 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:01:40.460315 0.000000 tcp 10.0.2.109 54694 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:01:41.473160 0.060620 tcp 10.0.2.109 54695 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:01:41.534057 0.061419 tcp 10.0.2.109 54696 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:01:41.595794 0.157419 tcp 10.0.2.109 54697 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:01:41.753811 0.067616 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:41.803806 0.404264 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:42.238152 0.310813 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:42.598097 0.181643 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:42.777471 0.210134 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:42.964281 0.342571 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:43.395614 0.158401 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:43.545951 0.500462 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:44.011165 0.240010 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:44.306486 0.349420 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:44.652145 0.164409 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:44.792619 0.182447 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:44.987921 0.119187 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:45.072410 0.370256 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:45.387145 0.387208 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:45.751941 0.387381 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:46.157260 0.066373 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:01:46.459536 0.059845 tcp 10.0.2.109 54698 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:01:46.519689 0.060793 tcp 10.0.2.109 54699 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:01:46.580834 0.162486 tcp 10.0.2.109 54700 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:01:47.065108 2.998764 tcp 10.0.2.109 54701 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:01:56.061965 0.000000 tcp 10.0.2.109 54701 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:01:59.019138 3.001880 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 17:02:02.061906 0.059590 tcp 10.0.2.109 54702 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:02:02.121845 0.061105 tcp 10.0.2.109 54703 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:02:02.182721 0.157869 tcp 10.0.2.109 54704 -> 195.113.214.211 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:02:02.361567 3.004326 tcp 10.0.2.109 54705 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:02:06.026077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:02:11.366869 0.000000 tcp 10.0.2.109 54705 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:02:14.028343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:02:17.363636 3.003566 tcp 10.0.2.109 54706 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:02:26.365936 0.000000 tcp 10.0.2.109 54706 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:02:30.031280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:03:02.036981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:07:32.366330 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 17:07:32.366479 2.996686 tcp 10.0.2.109 54707 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:07:41.358856 0.000000 tcp 10.0.2.109 54707 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:07:47.369486 0.061761 tcp 10.0.2.109 54708 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:07:47.431608 0.061273 tcp 10.0.2.109 54709 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:07:47.493220 0.157881 tcp 10.0.2.109 54710 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:07:47.671385 3.000749 tcp 10.0.2.109 54711 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:07:56.670776 0.000000 tcp 10.0.2.109 54711 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:08:02.670036 0.058441 tcp 10.0.2.109 54712 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:08:02.728778 0.060180 tcp 10.0.2.109 54713 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:08:02.789336 0.155424 tcp 10.0.2.109 54714 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:08:02.988436 3.006090 tcp 10.0.2.109 54715 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:08:11.992914 0.000000 tcp 10.0.2.109 54715 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:08:17.981717 3.003979 tcp 10.0.2.109 54716 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:08:26.984594 0.000000 tcp 10.0.2.109 54716 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:09:12.052676 3.000919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 17:09:19.059189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:09:27.060732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:09:43.065109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:10:15.069878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:13:32.985236 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 17:13:32.985351 2.993309 tcp 10.0.2.109 54717 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:13:41.987186 0.000000 tcp 10.0.2.109 54717 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:13:47.987572 0.060604 tcp 10.0.2.109 54718 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:13:48.048451 0.059786 tcp 10.0.2.109 54719 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:13:48.108479 0.158233 tcp 10.0.2.109 54720 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:13:48.507532 3.003549 tcp 10.0.2.109 54721 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:13:57.509827 0.000000 tcp 10.0.2.109 54721 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:14:03.508593 0.059129 tcp 10.0.2.109 54722 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:14:03.568023 0.062438 tcp 10.0.2.109 54723 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:14:03.630279 0.165117 tcp 10.0.2.109 54724 -> 195.113.214.211 443 SRPA* 0 0 35 18852 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:14:03.804277 2.999394 tcp 10.0.2.109 54725 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:14:12.801741 0.000000 tcp 10.0.2.109 54725 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:14:18.800395 3.004180 tcp 10.0.2.109 54726 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:14:27.802643 0.000000 tcp 10.0.2.109 54726 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:16:19.076954 3.000511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 17:16:26.083358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:16:34.084402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:16:50.088322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:17:22.093977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:19:33.803699 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 17:19:33.803799 2.993762 tcp 10.0.2.109 54727 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:19:42.805818 0.000000 tcp 10.0.2.109 54727 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:19:48.805699 0.060595 tcp 10.0.2.109 54728 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:19:48.866574 0.059455 tcp 10.0.2.109 54729 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:19:48.926354 0.207674 tcp 10.0.2.109 54730 -> 195.113.214.211 443 SRPA* 0 0 68 51174 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:19:49.438678 3.001982 tcp 10.0.2.109 54731 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:19:58.438521 0.000000 tcp 10.0.2.109 54731 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:20:04.438153 0.059402 tcp 10.0.2.109 54732 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:20:04.497489 0.061319 tcp 10.0.2.109 54733 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:20:04.559113 0.155238 tcp 10.0.2.109 54734 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:20:04.777290 3.004507 tcp 10.0.2.109 54735 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:20:13.780588 0.000000 tcp 10.0.2.109 54735 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:20:19.769159 3.004422 tcp 10.0.2.109 54736 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:20:28.772171 0.000000 tcp 10.0.2.109 54736 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:23:26.101355 2.999948 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 17:23:33.107061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:23:41.108799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:23:57.111788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:24:29.117894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:30:33.124980 3.000402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 17:30:40.131341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:30:48.132551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:31:04.135515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:31:36.141657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:32:02.990897 0.000167 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 17:32:02.991162 0.000000 udp 10.0.2.109 3683 -> 119.234.177.85 5726 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 17:32:19.485947 0.059902 tcp 10.0.2.109 54737 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:19.546116 0.060587 tcp 10.0.2.109 54738 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:19.607004 0.157013 tcp 10.0.2.109 54739 -> 195.113.214.211 443 SRPA* 0 0 40 20096 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:19.764609 0.350401 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:20.125512 0.156141 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:20.534745 0.000000 udp 10.0.2.109 3683 -> 125.113.190.240 6577 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 17:32:34.816314 2.994716 tcp 10.0.2.109 54740 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:32:35.557906 0.059194 tcp 10.0.2.109 54741 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:35.617434 0.060377 tcp 10.0.2.109 54742 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:35.678135 0.155746 tcp 10.0.2.109 54743 -> 195.113.214.211 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:35.834438 0.344599 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:36.419063 0.177316 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:36.575925 0.216420 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:37.498101 0.155247 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:37.693984 0.165379 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:37.848774 0.147417 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:38.488767 0.167099 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:38.638824 0.192640 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:39.090263 0.049080 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:39.184284 0.070876 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:39.236999 0.407785 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:39.620492 0.314452 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:40.035071 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 17:32:43.809152 0.000000 tcp 10.0.2.109 54740 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:32:49.818289 0.059278 tcp 10.0.2.109 54744 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:49.877782 0.059588 tcp 10.0.2.109 54745 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:49.937687 0.156571 tcp 10.0.2.109 54746 -> 195.113.214.211 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:50.187507 2.995273 tcp 10.0.2.109 54747 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:32:58.371347 0.059200 tcp 10.0.2.109 54748 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:58.430968 0.059822 tcp 10.0.2.109 54749 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:58.490776 0.153841 tcp 10.0.2.109 54750 -> 195.113.214.211 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:32:58.644869 0.207822 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:58.827779 0.245651 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:59.064918 0.343422 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2607 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:59.181152 0.000000 tcp 10.0.2.109 54747 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:32:59.407727 0.157769 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:59.557805 0.242844 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:32:59.762514 0.352631 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:33:00.111725 0.344410 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:33:00.434861 0.179719 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:33:00.608431 0.125964 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:33:00.698824 0.408638 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:33:01.088916 0.066237 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:33:01.138755 0.425545 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:33:01.981913 0.397647 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/07 17:33:05.180395 0.058742 tcp 10.0.2.109 54751 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:33:05.238982 0.059822 tcp 10.0.2.109 54752 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:33:05.298647 0.163510 tcp 10.0.2.109 54753 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:33:05.799522 3.005117 tcp 10.0.2.109 54754 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:33:14.803630 0.000000 tcp 10.0.2.109 54754 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:33:20.792142 3.004328 tcp 10.0.2.109 54755 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:33:29.794747 0.000000 tcp 10.0.2.109 54755 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:37:40.148460 3.000840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 17:37:47.155171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:37:55.156302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:38:11.159833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:38:35.795035 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 17:38:35.795181 2.994231 tcp 10.0.2.109 54756 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:38:43.165677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:38:44.787794 0.000000 tcp 10.0.2.109 54756 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:38:50.798311 0.059557 tcp 10.0.2.109 54757 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:38:50.858171 0.060047 tcp 10.0.2.109 54758 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:38:50.918536 0.156880 tcp 10.0.2.109 54759 -> 195.113.214.211 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:38:51.206045 2.995413 tcp 10.0.2.109 54760 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:39:00.200372 0.000000 tcp 10.0.2.109 54760 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:39:06.199644 0.058638 tcp 10.0.2.109 54761 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:39:06.258536 0.058442 tcp 10.0.2.109 54762 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:39:06.317268 0.158725 tcp 10.0.2.109 54763 -> 195.113.214.211 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:39:06.648735 3.005136 tcp 10.0.2.109 54764 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:39:15.652103 0.000000 tcp 10.0.2.109 54764 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:39:21.641171 3.004095 tcp 10.0.2.109 54765 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:39:30.643880 0.000000 tcp 10.0.2.109 54765 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:44:36.644374 0.000185 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 17:44:36.644682 2.993583 tcp 10.0.2.109 54766 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:44:45.647255 0.000000 tcp 10.0.2.109 54766 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:44:47.172732 3.000975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 17:44:51.647496 0.060345 tcp 10.0.2.109 54767 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:44:51.708182 0.060340 tcp 10.0.2.109 54768 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:44:51.768807 0.157953 tcp 10.0.2.109 54769 -> 195.113.214.211 443 SRPA* 0 0 42 33214 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:44:52.313834 2.996884 tcp 10.0.2.109 54770 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:44:54.179601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:45:01.309267 0.000000 tcp 10.0.2.109 54770 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:45:02.180599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:45:07.309364 0.201611 tcp 10.0.2.109 54771 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:45:07.511178 0.059524 tcp 10.0.2.109 54772 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:45:07.571021 0.157551 tcp 10.0.2.109 54773 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:45:07.864245 2.998740 tcp 10.0.2.109 54774 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:45:16.861842 0.000000 tcp 10.0.2.109 54774 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:45:18.183945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:45:22.859888 3.004877 tcp 10.0.2.109 54775 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:45:31.863494 0.000000 tcp 10.0.2.109 54775 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:45:50.189679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:50:37.863542 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 17:50:37.863739 3.003810 tcp 10.0.2.109 54776 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:50:46.876255 0.000000 tcp 10.0.2.109 54776 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:50:52.867504 0.060570 tcp 10.0.2.109 54777 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:50:52.928402 0.060358 tcp 10.0.2.109 54778 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:50:52.989085 0.157198 tcp 10.0.2.109 54779 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:50:53.206779 2.992933 tcp 10.0.2.109 54780 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:51:02.198115 0.000000 tcp 10.0.2.109 54780 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:51:08.207506 0.058937 tcp 10.0.2.109 54781 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:51:08.266747 0.062572 tcp 10.0.2.109 54782 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:51:08.329258 0.158180 tcp 10.0.2.109 54783 -> 195.113.214.211 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:51:08.502776 2.998909 tcp 10.0.2.109 54784 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:51:17.500376 0.000000 tcp 10.0.2.109 54784 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:51:23.499111 3.004022 tcp 10.0.2.109 54785 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:51:32.502293 0.000000 tcp 10.0.2.109 54785 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:54:04.202797 3.001740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 17:54:11.209962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:54:19.211425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:54:35.214457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:55:07.220960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 17:56:38.502480 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 17:56:38.502585 3.003399 tcp 10.0.2.109 54786 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:56:47.504876 0.000000 tcp 10.0.2.109 54786 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:56:53.505337 0.059944 tcp 10.0.2.109 54787 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:56:53.565622 0.061736 tcp 10.0.2.109 54788 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:56:53.627207 0.156391 tcp 10.0.2.109 54789 -> 195.113.214.211 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/07 17:56:53.809305 2.998651 tcp 10.0.2.109 54790 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 17:57:02.816883 0.000000 tcp 10.0.2.109 54790 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:01:11.227327 3.003508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 18:01:18.233975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:01:26.235840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:01:42.238601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:02:14.243998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:03:28.351301 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 18:03:28.351403 0.529545 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:28.828649 0.172098 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:28.996468 0.341773 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:29.566813 0.156126 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:29.976391 0.336898 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:30.428264 0.175655 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:30.819557 0.220438 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:31.018459 0.151224 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:31.168250 0.167469 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:31.319535 0.154341 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:31.465849 0.162597 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:31.656188 0.074679 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:31.712735 0.405773 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:32.099533 0.191516 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:32.282956 0.046779 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:32.983086 0.321449 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:33.413759 0.335571 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:33.748496 0.157265 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:33.986413 0.238813 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:34.187534 0.213792 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:34.824361 0.249513 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:35.039377 0.349774 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:35.411019 0.170482 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:35.555547 0.187252 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:35.741822 0.122232 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:35.825437 0.397598 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:36.278259 0.070189 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2585 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:36.329584 0.385358 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 1970 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:36.698869 0.390548 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:03:38.816734 2.994083 tcp 10.0.2.109 54791 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:03:47.810900 0.000000 tcp 10.0.2.109 54791 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:03:53.819578 0.060394 tcp 10.0.2.109 54792 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:03:53.880254 0.059110 tcp 10.0.2.109 54793 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:03:53.939726 0.160728 tcp 10.0.2.109 54794 -> 195.113.214.211 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:03:54.142803 2.999738 tcp 10.0.2.109 54795 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:04:03.141224 0.000000 tcp 10.0.2.109 54795 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:04:09.146627 0.095837 tcp 10.0.2.109 54796 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:04:09.242281 0.060551 tcp 10.0.2.109 54797 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:04:09.303153 0.159549 tcp 10.0.2.109 54798 -> 195.113.214.211 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:04:09.887547 2.997418 tcp 10.0.2.109 54799 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:04:18.883812 0.000000 tcp 10.0.2.109 54799 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:04:24.882777 3.003797 tcp 10.0.2.109 54800 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:04:33.969672 0.000000 tcp 10.0.2.109 54800 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:08:26.252699 3.001002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 18:08:33.259375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:08:41.261076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:08:57.263996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:09:29.271798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:09:39.886184 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 18:09:39.886296 2.992859 tcp 10.0.2.109 54801 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:09:48.877789 0.000000 tcp 10.0.2.109 54801 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:09:54.889375 0.060462 tcp 10.0.2.109 54802 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:09:54.950154 0.060679 tcp 10.0.2.109 54803 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:09:55.011149 0.156514 tcp 10.0.2.109 54804 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:09:55.189758 3.001768 tcp 10.0.2.109 54805 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:10:04.189966 0.000000 tcp 10.0.2.109 54805 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:10:10.189362 0.059559 tcp 10.0.2.109 54806 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:10:10.249214 0.059667 tcp 10.0.2.109 54807 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:10:10.309204 0.161482 tcp 10.0.2.109 54808 -> 195.113.214.211 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:10:10.662457 3.001567 tcp 10.0.2.109 54809 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:10:19.662203 0.000000 tcp 10.0.2.109 54809 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:10:25.661074 3.005245 tcp 10.0.2.109 54810 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:10:34.664004 0.000000 tcp 10.0.2.109 54810 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:15:33.276304 3.001307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 18:15:40.283122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:15:40.665147 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 18:15:40.665250 2.993047 tcp 10.0.2.109 54811 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:15:48.284962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:15:49.667348 0.000000 tcp 10.0.2.109 54811 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:15:55.666953 0.059940 tcp 10.0.2.109 54812 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:15:55.727142 0.060293 tcp 10.0.2.109 54813 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:15:55.787768 0.159920 tcp 10.0.2.109 54814 -> 195.113.214.211 443 SRPA* 0 0 68 69850 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:15:56.402956 2.997938 tcp 10.0.2.109 54815 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:16:04.287804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:16:05.399386 0.000000 tcp 10.0.2.109 54815 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:16:11.398505 0.059581 tcp 10.0.2.109 54816 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:16:11.458391 0.061901 tcp 10.0.2.109 54817 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:16:11.520659 0.165103 tcp 10.0.2.109 54818 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:16:11.856320 2.996697 tcp 10.0.2.109 54819 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:16:20.851788 0.000000 tcp 10.0.2.109 54819 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:16:26.850658 3.004116 tcp 10.0.2.109 54820 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:16:35.852831 0.000000 tcp 10.0.2.109 54820 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:16:36.293908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:21:41.853998 0.000203 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 18:21:41.854329 3.003003 tcp 10.0.2.109 54821 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:21:50.866014 0.000000 tcp 10.0.2.109 54821 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:21:56.856811 0.060374 tcp 10.0.2.109 54822 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:21:56.917416 0.061017 tcp 10.0.2.109 54823 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:21:56.978722 0.154528 tcp 10.0.2.109 54824 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:21:57.429026 3.000929 tcp 10.0.2.109 54825 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:22:06.428092 0.000000 tcp 10.0.2.109 54825 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:22:12.428686 0.059520 tcp 10.0.2.109 54826 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:22:12.488187 0.090634 tcp 10.0.2.109 54827 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:22:12.579143 0.160714 tcp 10.0.2.109 54828 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:22:12.921840 2.999802 tcp 10.0.2.109 54829 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:22:21.920830 0.000000 tcp 10.0.2.109 54829 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:22:27.919602 3.003982 tcp 10.0.2.109 54830 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:22:36.922007 0.000000 tcp 10.0.2.109 54830 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:22:40.300081 3.002265 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 18:22:47.308036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:22:55.312612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:23:11.311794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:23:43.317967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:29:47.324983 3.000474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 18:29:54.331306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:30:02.332892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:30:18.335651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:30:50.341577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:34:03.980319 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 18:34:03.980428 0.000000 udp 10.0.2.109 3683 -> 125.113.190.240 6577 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 18:34:21.648478 0.059411 tcp 10.0.2.109 54831 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:34:21.708230 0.060588 tcp 10.0.2.109 54832 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:34:21.769161 0.160615 tcp 10.0.2.109 54833 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:34:21.930577 0.174237 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:22.100839 0.410966 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:22.937770 0.157408 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:23.154938 0.327241 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:23.556829 0.194055 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:23.721409 0.218814 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:23.918546 0.195780 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:24.185102 0.175722 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:24.338633 0.249796 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:24.541009 0.165763 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:24.787302 0.077257 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:25.027889 0.412373 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:25.421037 0.191303 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:26.043695 0.047052 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:26.258763 0.326698 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:26.807208 0.238023 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:27.006252 0.337465 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:27.343134 0.157402 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:27.492152 0.207998 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:27.716775 0.242198 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:27.925156 0.350023 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:27.964428 2.994672 tcp 10.0.2.109 54834 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:34:28.271479 0.159331 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:28.449920 0.430845 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:29.008310 0.066151 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:29.062974 0.187939 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:29.449477 0.120402 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:29.531986 0.346633 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:29.856526 0.387671 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/07 18:34:36.967617 0.000000 tcp 10.0.2.109 54834 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:34:42.966972 0.059297 tcp 10.0.2.109 54835 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:34:43.026246 0.061318 tcp 10.0.2.109 54836 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:34:43.087400 0.172168 tcp 10.0.2.109 54837 -> 195.113.214.211 443 SRPA* 0 0 59 39571 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:34:43.404765 2.996672 tcp 10.0.2.109 54838 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:34:52.399819 0.000000 tcp 10.0.2.109 54838 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:34:58.399120 0.059795 tcp 10.0.2.109 54839 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:34:58.459265 0.059180 tcp 10.0.2.109 54840 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:34:58.518739 0.164267 tcp 10.0.2.109 54841 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:34:59.265725 2.998136 tcp 10.0.2.109 54842 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:35:08.262785 0.000000 tcp 10.0.2.109 54842 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:35:14.261330 3.004383 tcp 10.0.2.109 54843 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:35:23.264450 0.000000 tcp 10.0.2.109 54843 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:36:54.348505 3.000870 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 18:37:01.355430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:37:09.356849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:37:25.359810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:37:57.365851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:40:29.264562 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 18:40:29.264671 2.993753 tcp 10.0.2.109 54844 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:40:38.267536 0.000000 tcp 10.0.2.109 54844 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:40:44.268384 0.060986 tcp 10.0.2.109 54845 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:40:44.329352 0.059572 tcp 10.0.2.109 54846 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:40:44.389277 0.302679 tcp 10.0.2.109 54847 -> 195.113.214.211 443 SRPA* 0 0 40 25137 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:40:44.853861 2.997041 tcp 10.0.2.109 54848 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:40:53.849662 0.000000 tcp 10.0.2.109 54848 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:40:59.849464 0.037437 tcp 10.0.2.109 54849 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:40:59.887130 0.061069 tcp 10.0.2.109 54850 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:40:59.948604 0.735679 tcp 10.0.2.109 54851 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:41:00.796785 2.973156 tcp 10.0.2.109 54852 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:41:09.711665 0.000000 tcp 10.0.2.109 54852 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:41:15.656449 2.976403 tcp 10.0.2.109 54853 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:41:24.578399 0.000000 tcp 10.0.2.109 54853 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:44:01.372977 3.001866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 18:44:08.379491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:44:16.380948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:44:32.383618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:45:04.389696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:46:30.304677 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 18:46:30.304785 2.992816 tcp 10.0.2.109 54854 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:46:39.307486 0.000000 tcp 10.0.2.109 54854 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:46:45.307649 0.060664 tcp 10.0.2.109 54855 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:46:45.368614 0.059266 tcp 10.0.2.109 54856 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:46:45.428189 0.159803 tcp 10.0.2.109 54857 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:46:45.613776 2.995752 tcp 10.0.2.109 54858 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:46:54.608347 0.000000 tcp 10.0.2.109 54858 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:47:00.607678 0.031633 tcp 10.0.2.109 54859 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:47:00.639610 0.032718 tcp 10.0.2.109 54860 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:47:00.672626 0.158008 tcp 10.0.2.109 54861 -> 195.113.214.211 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:47:00.881836 2.999707 tcp 10.0.2.109 54862 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:47:09.880110 0.000000 tcp 10.0.2.109 54862 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:47:15.879273 3.003864 tcp 10.0.2.109 54863 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:47:24.881334 0.000000 tcp 10.0.2.109 54863 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:52:30.882489 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 18:52:30.882595 3.005113 tcp 10.0.2.109 54864 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:52:39.884567 0.000000 tcp 10.0.2.109 54864 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:52:45.885257 0.031909 tcp 10.0.2.109 54865 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:52:45.917515 0.031714 tcp 10.0.2.109 54866 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:52:45.949606 0.105398 tcp 10.0.2.109 54867 -> 195.113.214.211 443 SRPA* 0 0 34 24189 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:52:46.106110 2.992491 tcp 10.0.2.109 54868 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:52:55.106825 0.000000 tcp 10.0.2.109 54868 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:53:01.106519 0.031748 tcp 10.0.2.109 54869 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:53:01.138590 0.032309 tcp 10.0.2.109 54870 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:53:01.171199 0.126839 tcp 10.0.2.109 54871 -> 195.113.214.211 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/07 18:53:01.441097 2.998979 tcp 10.0.2.109 54872 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:53:10.438557 0.000000 tcp 10.0.2.109 54872 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:53:16.437583 3.004108 tcp 10.0.2.109 54873 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:53:25.439790 0.000000 tcp 10.0.2.109 54873 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 18:53:29.399477 3.000638 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 18:53:36.406161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:53:44.407598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:54:00.410608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 18:54:32.416911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:00:36.428007 2.996155 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 19:00:43.435824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:00:51.435671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:01:07.434704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:01:39.441600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:04:59.558462 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 19:04:59.558571 1.047012 udp 10.0.2.109 3683 <-> 125.113.190.240 6577 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:00.171240 0.394166 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:00.564952 0.336925 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:01.233839 0.173883 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:01.381048 0.154931 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:01.629909 2.997045 tcp 10.0.2.109 54874 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:05:01.660683 0.343346 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:02.195875 0.219601 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:02.393505 0.173423 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:02.649739 0.170671 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:02.795227 0.238938 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:03.000616 0.160179 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:03.152473 0.077289 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:03.209926 0.417458 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:03.610930 0.192376 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:03.795980 0.047965 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:03.900939 0.310360 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:04.378987 0.158783 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:04.529123 0.203422 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:04.769936 0.243164 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:04.969002 0.314827 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:05.335164 0.247026 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:05.546088 0.357193 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:06.309882 0.161863 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:06.448434 0.177225 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:07.586085 0.121192 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:07.670019 0.404548 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:08.052872 0.065601 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:08.167966 0.330844 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:08.485545 0.385501 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 1984 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:05:10.596863 0.000000 tcp 10.0.2.109 54874 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:05:16.561330 0.032790 tcp 10.0.2.109 54875 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:05:16.594433 0.032581 tcp 10.0.2.109 54876 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:05:16.626850 0.125856 tcp 10.0.2.109 54877 -> 195.113.214.211 443 SRPA* 0 0 38 33008 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:05:17.058526 2.973377 tcp 10.0.2.109 54878 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:05:25.999666 0.000000 tcp 10.0.2.109 54878 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:05:31.984988 0.030824 tcp 10.0.2.109 54879 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:05:32.016138 0.031961 tcp 10.0.2.109 54880 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:05:32.048381 0.126866 tcp 10.0.2.109 54881 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:05:32.568230 2.996427 tcp 10.0.2.109 54882 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:05:41.562628 0.000000 tcp 10.0.2.109 54882 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:05:47.576472 2.997841 tcp 10.0.2.109 54883 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:05:56.571599 0.000000 tcp 10.0.2.109 54883 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:07:43.448509 3.004915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 19:07:50.454650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:07:58.455858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:08:14.462599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:08:46.464876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:11:02.573205 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 19:11:02.573375 3.011454 tcp 10.0.2.109 54884 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:11:11.572805 0.000000 tcp 10.0.2.109 54884 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:11:17.573807 0.032914 tcp 10.0.2.109 54885 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:11:17.607006 0.032481 tcp 10.0.2.109 54886 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:11:17.639795 0.128230 tcp 10.0.2.109 54887 -> 195.113.214.211 443 SRPA* 0 0 41 22422 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:11:18.008824 3.015499 tcp 10.0.2.109 54888 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:11:27.020551 0.000000 tcp 10.0.2.109 54888 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:11:33.010107 0.031485 tcp 10.0.2.109 54889 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:11:33.041999 0.033457 tcp 10.0.2.109 54890 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:11:33.075223 0.130006 tcp 10.0.2.109 54891 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:11:33.460959 2.987864 tcp 10.0.2.109 54892 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:11:42.458273 0.000000 tcp 10.0.2.109 54892 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:11:48.448720 2.992574 tcp 10.0.2.109 54893 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:11:57.439068 0.000000 tcp 10.0.2.109 54893 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:14:50.475154 3.002788 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 19:14:57.525270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:15:05.498048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:15:21.492376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:15:53.499288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:17:03.449597 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 19:17:03.449725 3.007439 tcp 10.0.2.109 54894 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:17:12.452598 0.000000 tcp 10.0.2.109 54894 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:17:18.486616 0.032475 tcp 10.0.2.109 54895 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:17:18.519393 0.032333 tcp 10.0.2.109 54896 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:17:18.551577 0.183584 tcp 10.0.2.109 54897 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:17:19.163306 2.996828 tcp 10.0.2.109 54898 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:17:28.138449 0.000000 tcp 10.0.2.109 54898 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:17:34.136779 0.031125 tcp 10.0.2.109 54899 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:17:34.168309 0.031865 tcp 10.0.2.109 54900 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:17:34.200473 0.129829 tcp 10.0.2.109 54901 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:17:34.417192 2.996040 tcp 10.0.2.109 54902 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:17:43.420500 0.000000 tcp 10.0.2.109 54902 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:17:49.415240 2.997287 tcp 10.0.2.109 54903 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:17:58.410375 0.000000 tcp 10.0.2.109 54903 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:21:57.507316 3.005160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 19:22:04.515567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:22:12.513848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:22:28.525122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:23:00.525956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:23:04.418817 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 19:23:04.418933 3.005732 tcp 10.0.2.109 54904 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:23:13.420754 0.000000 tcp 10.0.2.109 54904 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:23:19.423313 0.032252 tcp 10.0.2.109 54905 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:23:19.455782 0.032179 tcp 10.0.2.109 54906 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:23:19.487834 0.130468 tcp 10.0.2.109 54907 -> 195.113.214.211 443 SRPA* 0 0 44 27394 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:23:19.786483 2.999908 tcp 10.0.2.109 54908 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:23:28.790806 0.000000 tcp 10.0.2.109 54908 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:23:34.784479 0.032079 tcp 10.0.2.109 54909 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:23:34.816516 0.033102 tcp 10.0.2.109 54910 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:23:34.850019 0.128922 tcp 10.0.2.109 54911 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:23:35.357387 2.999926 tcp 10.0.2.109 54912 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:23:44.358363 0.000000 tcp 10.0.2.109 54912 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:23:50.357694 3.003176 tcp 10.0.2.109 54913 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:23:59.357978 0.000000 tcp 10.0.2.109 54913 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:29:04.529002 3.003670 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 19:29:11.542636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:29:19.538355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:29:35.540604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:30:07.545750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:35:20.537223 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 19:35:20.537350 0.340108 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:21.422340 0.178951 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:22.521515 0.000000 udp 10.0.2.109 3683 -> 125.113.190.240 6577 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 19:35:35.398750 3.005559 tcp 10.0.2.109 54914 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:35:39.789095 0.031875 tcp 10.0.2.109 54915 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:35:39.821248 0.033377 tcp 10.0.2.109 54916 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:35:39.854840 0.128524 tcp 10.0.2.109 54917 -> 195.113.214.211 443 SRPA* 0 0 32 22198 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:35:39.984038 0.174605 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:40.155035 0.155626 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:40.468139 0.346755 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:40.962781 0.217234 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:41.159216 0.195980 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:41.347475 0.169204 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:42.151989 0.074864 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:42.206198 0.411003 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:42.596979 0.227149 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 1967 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:42.903423 0.168461 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:43.051217 0.189200 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:43.233257 0.047930 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:43.689727 0.320474 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:44.009240 0.159466 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:44.189232 0.206098 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:44.373341 0.250460 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:44.403430 0.000000 tcp 10.0.2.109 54914 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:35:44.589453 0.235272 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:44.786652 0.344459 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:45.294870 0.346698 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:45.637685 0.162299 rtcp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:45.827138 0.182041 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:45.996529 0.125271 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:46.245917 0.400820 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:46.626936 0.408429 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:47.095957 0.067564 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:47.148415 0.302430 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/07 19:35:50.400820 0.032809 tcp 10.0.2.109 54918 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:35:50.433938 0.031729 tcp 10.0.2.109 54919 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:35:50.466013 0.134773 tcp 10.0.2.109 54920 -> 195.113.214.211 443 SRPA* 0 0 67 69796 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:35:50.783229 3.003179 tcp 10.0.2.109 54921 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:35:59.782580 0.000000 tcp 10.0.2.109 54921 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:36:11.557019 2.997321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 19:36:18.560833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:36:26.561293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:36:42.564076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:37:14.570425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:41:05.783234 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 19:41:05.783349 3.003619 tcp 10.0.2.109 54922 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:41:14.785498 0.000000 tcp 10.0.2.109 54922 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:41:20.785896 0.032539 tcp 10.0.2.109 54923 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:41:20.818777 0.033251 tcp 10.0.2.109 54924 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:41:20.851858 0.125607 tcp 10.0.2.109 54925 -> 195.113.214.211 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:41:21.664043 2.996381 tcp 10.0.2.109 54926 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:41:30.658502 0.000000 tcp 10.0.2.109 54926 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:41:36.658031 0.030665 tcp 10.0.2.109 54927 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:41:36.688993 0.031694 tcp 10.0.2.109 54928 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:41:36.720990 0.133249 tcp 10.0.2.109 54929 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:41:36.871139 3.000581 tcp 10.0.2.109 54930 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:41:45.870509 0.000000 tcp 10.0.2.109 54930 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:41:51.869325 3.003554 tcp 10.0.2.109 54931 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:42:00.872100 0.000000 tcp 10.0.2.109 54931 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:43:18.577576 3.000228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 19:43:25.583720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:43:33.585593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:43:49.588452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:44:21.594423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:47:06.872518 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 19:47:06.872622 3.002981 tcp 10.0.2.109 54932 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:47:15.875009 0.000000 tcp 10.0.2.109 54932 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:47:21.875271 0.032140 tcp 10.0.2.109 54933 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:47:21.907699 0.032311 tcp 10.0.2.109 54934 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:47:21.940371 0.127068 tcp 10.0.2.109 54935 -> 195.113.214.211 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:47:22.645911 2.992880 tcp 10.0.2.109 54936 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:47:31.647520 0.000000 tcp 10.0.2.109 54936 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:47:37.646867 0.030926 tcp 10.0.2.109 54937 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:47:37.678090 0.031731 tcp 10.0.2.109 54938 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:47:37.710358 0.183926 tcp 10.0.2.109 54939 -> 195.113.214.211 443 SRPA* 0 0 35 18386 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:47:37.946573 2.984471 tcp 10.0.2.109 54940 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:47:47.024297 0.000000 tcp 10.0.2.109 54940 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:47:52.984555 2.981013 tcp 10.0.2.109 54941 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:48:01.940935 0.000000 tcp 10.0.2.109 54941 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:50:25.600554 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 19:50:32.607703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:50:40.609069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:50:56.612306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:51:28.619172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:53:07.941659 0.000224 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 19:53:07.942013 3.003553 tcp 10.0.2.109 54942 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:53:16.943859 0.000000 tcp 10.0.2.109 54942 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:53:22.944366 0.032543 tcp 10.0.2.109 54943 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:53:22.976829 0.031799 tcp 10.0.2.109 54944 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:53:23.008990 0.128247 tcp 10.0.2.109 54945 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:53:23.176693 3.000515 tcp 10.0.2.109 54946 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:53:32.175633 0.000000 tcp 10.0.2.109 54946 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:53:38.175346 0.043962 tcp 10.0.2.109 54947 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:53:38.219662 0.032283 tcp 10.0.2.109 54948 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:53:38.252245 0.145462 tcp 10.0.2.109 54949 -> 195.113.214.211 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:53:38.416219 2.992996 tcp 10.0.2.109 54950 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:53:47.418343 0.000000 tcp 10.0.2.109 54950 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:53:53.416856 2.993930 tcp 10.0.2.109 54951 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:54:02.409292 0.000000 tcp 10.0.2.109 54951 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:57:32.624770 3.000940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 19:57:39.631672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:57:47.633399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:58:03.636355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:58:35.642219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 19:59:08.419963 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 19:59:08.420066 3.003512 tcp 10.0.2.109 54952 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:59:17.421979 0.000000 tcp 10.0.2.109 54952 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:59:23.422679 0.031134 tcp 10.0.2.109 54953 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:59:23.454235 0.031235 tcp 10.0.2.109 54954 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:59:23.485780 0.150563 tcp 10.0.2.109 54955 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/07 19:59:23.732314 3.003003 tcp 10.0.2.109 54956 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 19:59:32.734492 0.000000 tcp 10.0.2.109 54956 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:04:56.662410 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 20:05:03.670456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:05:11.682434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:05:27.684627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:05:59.690469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:06:07.442311 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 20:06:07.442430 0.000000 udp 10.0.2.109 3683 -> 125.113.190.240 6577 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 20:06:25.620009 0.033207 tcp 10.0.2.109 54957 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:06:25.653552 0.031483 tcp 10.0.2.109 54958 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:06:25.685298 0.128993 tcp 10.0.2.109 54959 -> 195.113.214.211 443 SRPA* 0 0 44 40906 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:06:25.814989 0.341862 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:26.222676 0.176065 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:26.370671 0.177281 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:26.545310 0.156211 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:26.858636 0.322136 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:27.188071 0.219616 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:27.386546 0.147903 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:27.526771 0.409955 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:27.916457 0.166199 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:28.074649 0.073270 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:28.309877 0.152696 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:28.461344 0.168037 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:28.732413 0.190471 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:28.916230 0.048575 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:29.051064 0.210347 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:29.236541 0.250003 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:29.453010 0.240672 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:29.651333 0.308932 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:29.994836 0.158031 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:30.144737 0.329551 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:30.475473 0.349185 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:30.820538 0.162499 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:30.960164 0.405801 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:31.345833 0.180875 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:31.521251 0.117724 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:31.603413 0.196736 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:31.780627 0.395977 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:32.157195 0.064585 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:06:38.747182 2.997793 tcp 10.0.2.109 54960 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:06:47.739671 0.000000 tcp 10.0.2.109 54960 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:06:53.749135 0.030754 tcp 10.0.2.109 54961 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:06:53.780159 0.031642 tcp 10.0.2.109 54962 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:06:53.812117 0.126798 tcp 10.0.2.109 54963 -> 195.113.214.211 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:06:54.254014 2.999410 tcp 10.0.2.109 54964 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:07:03.251800 0.000000 tcp 10.0.2.109 54964 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:07:09.251206 0.031026 tcp 10.0.2.109 54965 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:07:09.282595 0.033409 tcp 10.0.2.109 54966 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:07:09.316360 0.124502 tcp 10.0.2.109 54967 -> 195.113.214.211 443 SRPA* 0 0 46 39268 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:07:09.568559 3.006616 tcp 10.0.2.109 54968 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:07:18.576573 0.000000 tcp 10.0.2.109 54968 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:07:24.562680 3.003825 tcp 10.0.2.109 54969 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:07:33.565559 0.000000 tcp 10.0.2.109 54969 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:12:12.699909 3.000728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 20:12:19.706880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:12:27.708707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:12:39.565766 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 20:12:39.565879 2.994571 tcp 10.0.2.109 54970 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:12:43.711596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:12:48.559085 0.000000 tcp 10.0.2.109 54970 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:12:54.597776 0.033402 tcp 10.0.2.109 54971 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:12:54.631528 0.031751 tcp 10.0.2.109 54972 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:12:54.663558 0.125980 tcp 10.0.2.109 54973 -> 195.113.214.211 443 SRPA* 0 0 38 32998 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:12:54.912059 2.975191 tcp 10.0.2.109 54974 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:13:03.880496 0.000000 tcp 10.0.2.109 54974 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:13:09.879928 0.031315 tcp 10.0.2.109 54975 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:13:09.911604 0.031844 tcp 10.0.2.109 54976 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:13:09.943813 0.127205 tcp 10.0.2.109 54977 -> 195.113.214.211 443 SRPA* 0 0 41 19176 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:13:10.247434 3.006545 tcp 10.0.2.109 54978 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:13:15.717616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:13:19.252506 0.000000 tcp 10.0.2.109 54978 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:13:25.242678 3.002708 tcp 10.0.2.109 54979 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:13:34.243874 0.000000 tcp 10.0.2.109 54979 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:18:40.244633 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 20:18:40.244732 2.993648 tcp 10.0.2.109 54980 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:18:49.247027 0.000000 tcp 10.0.2.109 54980 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:18:55.247457 0.032860 tcp 10.0.2.109 54981 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:18:55.280660 0.031237 tcp 10.0.2.109 54982 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:18:55.312219 0.125843 tcp 10.0.2.109 54983 -> 195.113.214.211 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:18:55.856177 2.994964 tcp 10.0.2.109 54984 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:19:04.849502 0.000000 tcp 10.0.2.109 54984 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:19:10.849275 0.030881 tcp 10.0.2.109 54985 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:19:10.880025 0.031468 tcp 10.0.2.109 54986 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:19:10.911740 0.128093 tcp 10.0.2.109 54987 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:19:11.069293 3.003178 tcp 10.0.2.109 54988 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:19:19.723946 3.001198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 20:19:20.071327 0.000000 tcp 10.0.2.109 54988 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:19:26.071417 3.002522 tcp 10.0.2.109 54989 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:19:26.731083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:19:34.733410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:19:35.073055 0.000000 tcp 10.0.2.109 54989 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:19:50.735469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:20:22.742335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:24:41.073638 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 20:24:41.073820 3.003265 tcp 10.0.2.109 54990 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:24:50.076044 0.000000 tcp 10.0.2.109 54990 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:24:56.076384 0.036819 tcp 10.0.2.109 54991 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:24:56.113513 0.032096 tcp 10.0.2.109 54992 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:24:56.145927 0.138166 tcp 10.0.2.109 54993 -> 195.113.214.211 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:24:56.932134 2.997749 tcp 10.0.2.109 54994 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:25:05.928039 0.000000 tcp 10.0.2.109 54994 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:25:11.927886 0.132558 tcp 10.0.2.109 54995 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:25:12.060755 0.031453 tcp 10.0.2.109 54996 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:25:12.092560 0.129069 tcp 10.0.2.109 54997 -> 195.113.214.211 443 SRPA* 0 0 40 22368 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:25:12.335963 2.996250 tcp 10.0.2.109 54998 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:25:21.330928 0.000000 tcp 10.0.2.109 54998 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:25:27.329654 3.004216 tcp 10.0.2.109 54999 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:25:36.332365 0.000000 tcp 10.0.2.109 54999 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:26:26.748249 3.001083 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 20:26:33.754349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:26:41.756837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:26:57.759021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:27:29.765760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:33:33.772106 3.000781 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 20:33:40.778879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:33:48.780640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:34:04.783678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:34:36.789602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:36:33.657915 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 20:36:33.658085 0.334505 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:34.151272 0.174357 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:34.420826 0.329534 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:34.918490 0.175801 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:35.089820 0.154993 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:35.700829 0.216759 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:35.896911 0.153854 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:36.051764 0.422679 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:36.455815 0.165770 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:36.620164 0.170098 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:36.820948 0.162264 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:36.974236 0.076992 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:37.164108 0.192966 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:37.347760 0.048740 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:37.719837 0.208707 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:37.904250 0.256243 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:38.316602 0.237288 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:38.656353 0.343858 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:39.227602 0.311641 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1992 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:39.983561 0.164616 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:40.134453 0.353702 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:40.484776 0.159441 rtp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:40.921768 0.417931 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:41.321170 0.175424 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2047 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:41.484157 0.120876 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:41.682323 0.155601 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:41.825804 0.389966 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:42.192701 0.065231 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/07 20:36:42.376104 2.998045 tcp 10.0.2.109 55000 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:36:51.372741 0.000000 tcp 10.0.2.109 55000 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:36:57.373618 0.032256 tcp 10.0.2.109 55001 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:36:57.406176 0.032647 tcp 10.0.2.109 55002 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:36:57.439121 0.127333 tcp 10.0.2.109 55003 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:36:57.714683 3.001487 tcp 10.0.2.109 55004 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:37:06.715015 0.000000 tcp 10.0.2.109 55004 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:37:12.713722 0.033231 tcp 10.0.2.109 55005 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:37:12.747274 0.031557 tcp 10.0.2.109 55006 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:37:12.779119 0.128338 tcp 10.0.2.109 55007 -> 195.113.214.211 443 SRPA* 0 0 43 26752 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:37:13.465103 2.993927 tcp 10.0.2.109 55008 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:37:22.467734 0.000000 tcp 10.0.2.109 55008 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:37:28.608069 2.969551 tcp 10.0.2.109 55009 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:37:37.519127 0.000000 tcp 10.0.2.109 55009 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:40:40.795880 3.001299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 20:40:47.802968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:40:55.804461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:41:11.807581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:41:43.813234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:42:43.469671 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 20:42:43.469778 3.003577 tcp 10.0.2.109 55010 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:42:52.471979 0.000000 tcp 10.0.2.109 55010 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:42:58.472660 0.031931 tcp 10.0.2.109 55011 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:42:58.504909 0.032099 tcp 10.0.2.109 55012 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:42:58.537304 0.124662 tcp 10.0.2.109 55013 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:42:58.980954 3.004366 tcp 10.0.2.109 55014 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:43:07.984401 0.000000 tcp 10.0.2.109 55014 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:43:13.975098 0.031236 tcp 10.0.2.109 55015 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:43:14.006612 0.031893 tcp 10.0.2.109 55016 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:43:14.038886 0.129257 tcp 10.0.2.109 55017 -> 195.113.214.211 443 SRPA* 0 0 34 19454 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:43:15.500924 2.998726 tcp 10.0.2.109 55018 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:43:24.498196 0.000000 tcp 10.0.2.109 55018 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:43:30.497610 2.993604 tcp 10.0.2.109 55019 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:43:39.489884 0.000000 tcp 10.0.2.109 55019 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:47:47.818780 3.002248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 20:47:54.826841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:48:02.828402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:48:18.831328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:48:45.500276 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 20:48:45.500386 3.003283 tcp 10.0.2.109 55020 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:48:50.838051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:48:54.502697 0.000000 tcp 10.0.2.109 55020 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:49:00.504784 0.033379 tcp 10.0.2.109 55021 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:49:00.538449 0.031168 tcp 10.0.2.109 55022 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:49:00.569934 0.134747 tcp 10.0.2.109 55023 -> 195.113.214.211 443 SRPA* 0 0 64 44364 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:49:00.766563 3.002928 tcp 10.0.2.109 55024 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:49:09.764481 0.000000 tcp 10.0.2.109 55024 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:49:15.763757 0.030470 tcp 10.0.2.109 55025 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:49:15.794483 0.032646 tcp 10.0.2.109 55026 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:49:15.827506 0.125476 tcp 10.0.2.109 55027 -> 195.113.214.211 443 SRPA* 0 0 35 16802 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:49:16.208200 2.989977 tcp 10.0.2.109 55028 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:49:25.209039 0.000000 tcp 10.0.2.109 55028 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:49:31.205640 2.994307 tcp 10.0.2.109 55029 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:49:40.198415 0.000000 tcp 10.0.2.109 55029 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:54:46.208273 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 20:54:46.208370 3.004312 tcp 10.0.2.109 55030 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:54:55.211226 0.000000 tcp 10.0.2.109 55030 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:55:01.212218 0.032906 tcp 10.0.2.109 55031 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:55:01.245402 0.031767 tcp 10.0.2.109 55032 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:55:01.277435 0.123214 tcp 10.0.2.109 55033 -> 195.113.214.211 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:55:01.989517 3.005644 tcp 10.0.2.109 55034 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:55:10.993779 0.000000 tcp 10.0.2.109 55034 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:55:16.983523 0.030742 tcp 10.0.2.109 55035 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:55:17.014607 0.030873 tcp 10.0.2.109 55036 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:55:17.045832 0.199333 tcp 10.0.2.109 55037 -> 195.113.214.211 443 SRPA* 0 0 73 77006 flow=From-Botnet-V1-TCP-Established 1970/02/07 20:55:17.363316 3.004225 tcp 10.0.2.109 55038 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:55:26.376033 0.000000 tcp 10.0.2.109 55038 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:55:32.365070 2.993701 tcp 10.0.2.109 55039 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:55:32.849007 3.000679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 20:55:39.855299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:55:41.357692 0.000000 tcp 10.0.2.109 55039 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 20:55:47.856686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:56:03.860073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 20:56:35.865958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:02:45.880394 3.005504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 21:02:52.901745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:03:00.899748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:03:16.903190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:03:48.908654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:07:05.101095 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 21:07:05.101211 0.326931 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:06.551248 0.454561 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:07.278367 0.176674 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:07.842826 0.175139 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:08.015356 0.156660 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 1998 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:09.472909 0.239753 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:09.691448 0.264297 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:10.121547 0.396992 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:10.500723 0.152521 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:10.732783 0.170620 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:10.879133 0.188321 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:11.060159 0.049148 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:11.225543 0.163524 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:11.378800 0.073544 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:11.604002 0.206770 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:11.785311 0.246769 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:11.999541 0.240750 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:12.202285 0.323980 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:12.542772 0.309788 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:12.850790 0.159762 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:13.189563 0.350236 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:13.535821 0.161497 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:13.890832 0.351595 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:14.328863 0.162669 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:14.646709 0.128122 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:14.988124 0.167516 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:15.190328 0.392210 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2017 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:15.566093 0.070339 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:07:17.409598 3.003811 tcp 10.0.2.109 55040 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:07:26.411160 0.000000 tcp 10.0.2.109 55040 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:07:32.412191 0.032235 tcp 10.0.2.109 55041 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:07:32.444832 0.032084 tcp 10.0.2.109 55042 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:07:32.477193 0.127977 tcp 10.0.2.109 55043 -> 195.113.214.211 443 SRPA* 0 0 27 11258 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:07:32.633370 3.002155 tcp 10.0.2.109 55044 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:07:41.633136 0.000000 tcp 10.0.2.109 55044 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:07:47.633286 0.031477 tcp 10.0.2.109 55045 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:07:47.665130 0.032325 tcp 10.0.2.109 55046 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:07:47.697756 0.130346 tcp 10.0.2.109 55047 -> 195.113.214.211 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:07:48.258617 2.998759 tcp 10.0.2.109 55048 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:07:57.255688 0.000000 tcp 10.0.2.109 55048 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:08:03.253901 2.994546 tcp 10.0.2.109 55049 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:08:12.257280 0.000000 tcp 10.0.2.109 55049 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:09:52.916166 3.001152 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 21:09:59.922028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:10:07.923658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:10:23.926739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:10:55.932563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:13:18.257617 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 21:13:18.257707 3.007929 tcp 10.0.2.109 55050 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:13:27.260120 0.000000 tcp 10.0.2.109 55050 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:13:33.260888 0.031822 tcp 10.0.2.109 55051 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:13:33.293125 0.033256 tcp 10.0.2.109 55052 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:13:33.326761 0.208625 tcp 10.0.2.109 55053 -> 195.113.214.211 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:13:33.807088 3.000802 tcp 10.0.2.109 55054 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:13:42.802253 0.000000 tcp 10.0.2.109 55054 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:13:48.801577 0.030730 tcp 10.0.2.109 55055 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:13:48.832598 0.031810 tcp 10.0.2.109 55056 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:13:48.864705 0.128894 tcp 10.0.2.109 55057 -> 195.113.214.211 443 SRPA* 0 0 24 12984 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:13:49.407095 2.999094 tcp 10.0.2.109 55058 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:13:58.405048 0.000000 tcp 10.0.2.109 55058 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:14:04.403582 2.994150 tcp 10.0.2.109 55059 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:14:13.406575 0.000000 tcp 10.0.2.109 55059 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:16:59.939668 3.000470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 21:17:06.946389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:17:14.947558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:17:30.950646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:18:02.956516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:19:19.406490 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 21:19:19.406598 2.994102 tcp 10.0.2.109 55060 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:19:28.399287 0.000000 tcp 10.0.2.109 55060 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:19:34.410246 0.032716 tcp 10.0.2.109 55061 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:19:34.443265 0.032331 tcp 10.0.2.109 55062 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:19:34.475939 0.127485 tcp 10.0.2.109 55063 -> 195.113.214.211 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:19:35.164213 2.999153 tcp 10.0.2.109 55064 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:19:44.161836 0.000000 tcp 10.0.2.109 55064 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:19:50.161345 0.030689 tcp 10.0.2.109 55065 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:19:50.192357 0.034536 tcp 10.0.2.109 55066 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:19:50.227162 0.127958 tcp 10.0.2.109 55067 -> 195.113.214.211 443 SRPA* 0 0 34 19454 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:19:50.892349 3.003560 tcp 10.0.2.109 55068 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:19:59.894700 0.000000 tcp 10.0.2.109 55068 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:20:05.893257 2.994349 tcp 10.0.2.109 55069 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:20:14.896531 0.000000 tcp 10.0.2.109 55069 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:24:06.962717 3.001660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 21:24:13.970014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:24:21.971233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:24:37.974390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:25:09.980614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:25:20.896915 0.000216 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 21:25:20.897237 2.993212 tcp 10.0.2.109 55070 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:25:29.889014 0.000000 tcp 10.0.2.109 55070 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:25:35.899824 0.035292 tcp 10.0.2.109 55071 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:25:35.935430 0.032991 tcp 10.0.2.109 55072 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:25:35.969170 0.128161 tcp 10.0.2.109 55073 -> 195.113.214.211 443 SRPA* 0 0 25 9722 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:25:36.482950 2.999946 tcp 10.0.2.109 55074 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:25:45.481466 0.000000 tcp 10.0.2.109 55074 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:25:51.481398 0.031041 tcp 10.0.2.109 55075 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:25:51.512744 0.032094 tcp 10.0.2.109 55076 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:25:51.545143 0.164073 tcp 10.0.2.109 55077 -> 195.113.214.211 443 SRPA* 0 0 33 17692 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:25:52.480223 3.156589 tcp 10.0.2.109 55078 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:26:01.585231 0.000000 tcp 10.0.2.109 55078 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:26:07.531012 2.960910 tcp 10.0.2.109 55079 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:26:16.486037 0.000000 tcp 10.0.2.109 55079 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:31:13.986618 3.146501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 21:31:21.107497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:31:29.045837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:31:45.009348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:32:17.014472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:37:37.585743 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 21:37:37.585865 0.420875 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:38.015243 0.391907 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:38.421852 0.174165 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:38.567917 0.179895 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:38.920045 0.153398 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:39.284364 0.217649 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:39.481423 0.148347 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:39.638505 0.411832 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:40.031673 0.185923 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:40.370241 0.170679 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:40.516289 0.189849 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:40.697047 0.048409 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:40.871483 0.168314 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:41.030008 0.076819 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:41.180017 0.209166 udp 10.0.2.109 3683 <-> 76.242.179.0 5757 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:41.364589 0.284415 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:41.613869 0.349178 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:42.078966 0.158105 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:42.229045 0.238271 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:42.428066 0.349246 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:43.064383 0.374267 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:43.481303 0.163429 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:43.620210 0.361902 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:43.960575 0.163738 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:44.119232 0.403919 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:44.502018 0.117839 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:44.660575 0.169057 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:44.802758 0.085920 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/07 21:37:52.526957 3.004153 tcp 10.0.2.109 55080 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:38:01.529830 0.000000 tcp 10.0.2.109 55080 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:38:07.530667 0.053854 tcp 10.0.2.109 55081 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:38:07.584847 0.031847 tcp 10.0.2.109 55082 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:38:07.616998 0.130647 tcp 10.0.2.109 55083 -> 195.113.214.211 443 SRPA* 0 0 24 14054 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:38:08.799522 2.994893 tcp 10.0.2.109 55084 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:38:17.793302 0.000000 tcp 10.0.2.109 55084 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:38:21.021827 3.000639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 21:38:23.782896 0.033371 tcp 10.0.2.109 55085 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:38:23.816103 0.036649 tcp 10.0.2.109 55086 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:38:23.852851 0.133930 tcp 10.0.2.109 55087 -> 195.113.214.211 443 SRPA* 0 0 35 18164 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:38:24.468325 3.008789 tcp 10.0.2.109 55088 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:38:28.027749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:38:33.475856 0.000000 tcp 10.0.2.109 55088 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:38:36.029497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:38:39.464633 2.994097 tcp 10.0.2.109 55089 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:38:48.469216 0.000000 tcp 10.0.2.109 55089 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:38:52.032843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:39:24.037994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:43:54.467715 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 21:43:54.467822 3.004103 tcp 10.0.2.109 55090 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:44:03.470126 0.000000 tcp 10.0.2.109 55090 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:44:09.470347 0.032365 tcp 10.0.2.109 55091 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:44:09.503046 0.031961 tcp 10.0.2.109 55092 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:44:09.535388 0.132254 tcp 10.0.2.109 55093 -> 195.113.214.211 443 SRPA* 0 0 35 18778 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:44:10.042960 3.000692 tcp 10.0.2.109 55094 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:44:19.044835 0.000000 tcp 10.0.2.109 55094 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:44:25.041718 0.036096 tcp 10.0.2.109 55095 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:44:25.078109 0.032507 tcp 10.0.2.109 55096 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:44:25.110908 0.127860 tcp 10.0.2.109 55097 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:44:25.473313 3.002652 tcp 10.0.2.109 55098 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:44:34.474665 0.000000 tcp 10.0.2.109 55098 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:44:40.473468 3.004078 tcp 10.0.2.109 55099 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:44:49.485940 0.000000 tcp 10.0.2.109 55099 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:45:28.044950 3.001142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 21:45:35.052788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:45:43.054752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:45:59.056399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:46:31.062849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:49:55.476753 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 21:49:55.476859 2.993912 tcp 10.0.2.109 55100 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:50:04.469278 0.000000 tcp 10.0.2.109 55100 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:50:10.479716 0.037888 tcp 10.0.2.109 55101 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:50:10.517883 0.035248 tcp 10.0.2.109 55102 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:50:10.553441 0.129602 tcp 10.0.2.109 55103 -> 195.113.214.211 443 SRPA* 0 0 39 33888 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:50:10.745442 2.997226 tcp 10.0.2.109 55104 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:50:19.744648 0.000000 tcp 10.0.2.109 55104 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:50:25.740351 0.032203 tcp 10.0.2.109 55105 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:50:25.772861 0.031186 tcp 10.0.2.109 55106 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:50:25.804393 0.129928 tcp 10.0.2.109 55107 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:50:25.951533 3.002364 tcp 10.0.2.109 55108 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:50:34.952935 0.000000 tcp 10.0.2.109 55108 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:50:40.951681 3.004064 tcp 10.0.2.109 55109 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:50:49.954560 0.000000 tcp 10.0.2.109 55109 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:54:23.074883 3.000566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 21:54:30.081058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:54:38.082641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:54:54.086007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:55:26.092273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 21:55:55.954744 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 21:55:55.954848 2.993870 tcp 10.0.2.109 55110 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:56:04.957333 0.000000 tcp 10.0.2.109 55110 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:56:10.957970 0.031593 tcp 10.0.2.109 55111 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:56:10.989869 0.038110 tcp 10.0.2.109 55112 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:56:11.028240 0.129751 tcp 10.0.2.109 55113 -> 195.113.214.211 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:56:11.602339 2.999102 tcp 10.0.2.109 55114 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:56:20.600154 0.000000 tcp 10.0.2.109 55114 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:56:26.599153 0.035107 tcp 10.0.2.109 55115 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:56:26.634026 0.033294 tcp 10.0.2.109 55116 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:56:26.667615 0.125378 tcp 10.0.2.109 55117 -> 195.113.214.211 443 SRPA* 0 0 43 34706 flow=From-Botnet-V1-TCP-Established 1970/02/07 21:56:27.118874 3.004760 tcp 10.0.2.109 55118 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:56:36.123137 0.000000 tcp 10.0.2.109 55118 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:56:42.111140 3.004290 tcp 10.0.2.109 55119 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 21:56:51.113636 0.000000 tcp 10.0.2.109 55119 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:01:52.109359 3.001778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 22:01:59.116961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:02:07.118420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:02:23.121488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:02:55.137879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:08:13.225023 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 22:08:13.225629 0.180953 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:13.696411 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 22:08:27.154918 2.994645 tcp 10.0.2.109 55120 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:08:28.799427 0.044728 tcp 10.0.2.109 55121 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:08:28.844425 0.033582 tcp 10.0.2.109 55122 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:08:28.878040 0.128956 tcp 10.0.2.109 55123 -> 195.113.214.211 443 SRPA* 0 0 72 49884 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:08:29.004822 0.345935 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:29.384107 0.174984 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:29.554861 0.156708 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:29.722160 0.218879 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:29.920014 0.188439 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:30.074645 0.169183 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:30.219423 0.188959 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:30.401549 0.410448 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:30.790605 0.202085 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:30.991332 0.048561 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:31.061740 0.160304 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:31.213728 0.073311 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:31.333564 0.000000 udp 10.0.2.109 3683 -> 76.242.179.0 5757 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 22:08:36.147505 0.000000 tcp 10.0.2.109 55120 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:08:42.156724 0.034292 tcp 10.0.2.109 55124 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:08:42.190896 0.031963 tcp 10.0.2.109 55125 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:08:42.223200 0.128532 tcp 10.0.2.109 55126 -> 195.113.214.211 443 SRPA* 0 0 43 35132 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:08:42.380302 3.000394 tcp 10.0.2.109 55127 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:08:49.958306 0.032293 tcp 10.0.2.109 55128 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:08:49.990948 0.033399 tcp 10.0.2.109 55129 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:08:50.024783 0.131800 tcp 10.0.2.109 55130 -> 195.113.214.211 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:08:50.156402 0.252077 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:50.371623 0.239139 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:50.572744 0.339063 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:50.928059 0.373304 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:51.379585 0.000000 tcp 10.0.2.109 55127 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:08:51.733070 0.155229 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:51.880621 0.346558 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:52.223486 0.167502 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:52.404919 0.400244 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:52.782601 0.161792 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:52.939399 0.397434 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:53.315957 0.120783 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:53.692208 0.162375 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:08:53.842522 0.069942 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:09:06.143981 3.001908 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 22:09:13.150846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:09:21.152494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:09:37.155078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:10:09.162627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:13:57.380110 0.000198 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 22:13:57.380409 3.003201 tcp 10.0.2.109 55131 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:14:06.382664 0.000000 tcp 10.0.2.109 55131 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:14:12.383801 0.036619 tcp 10.0.2.109 55132 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:14:12.420703 0.049544 tcp 10.0.2.109 55133 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:14:12.470604 0.135631 tcp 10.0.2.109 55134 -> 195.113.214.211 443 SRPA* 0 0 77 54250 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:14:12.720297 3.005572 tcp 10.0.2.109 55135 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:14:21.723800 0.000000 tcp 10.0.2.109 55135 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:14:27.713804 0.034017 tcp 10.0.2.109 55136 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:14:27.748141 0.031597 tcp 10.0.2.109 55137 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:14:27.780041 0.131582 tcp 10.0.2.109 55138 -> 195.113.214.211 443 SRPA* 0 0 35 18088 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:14:28.348316 3.153674 tcp 10.0.2.109 55139 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:14:37.457702 0.000000 tcp 10.0.2.109 55139 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:14:43.405981 2.972016 tcp 10.0.2.109 55140 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:14:52.348718 0.000000 tcp 10.0.2.109 55140 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:16:13.168349 3.000588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 22:16:20.174732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:16:28.176118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:16:44.744744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:17:16.375003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:19:58.358935 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 22:19:58.359026 3.004043 tcp 10.0.2.109 55141 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:20:07.361250 0.000000 tcp 10.0.2.109 55141 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:20:13.361766 0.049805 tcp 10.0.2.109 55142 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:20:13.411869 0.050621 tcp 10.0.2.109 55143 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:20:13.462785 0.131179 tcp 10.0.2.109 55144 -> 195.113.214.211 443 SRPA* 0 0 67 48194 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:20:13.864634 3.000288 tcp 10.0.2.109 55145 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:20:22.863522 0.000000 tcp 10.0.2.109 55145 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:20:28.862353 0.050911 tcp 10.0.2.109 55146 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:20:28.913552 0.049323 tcp 10.0.2.109 55147 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:20:28.963173 0.125110 tcp 10.0.2.109 55148 -> 195.113.214.211 443 SRPA* 0 0 25 13912 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:20:29.150730 3.006212 tcp 10.0.2.109 55149 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:20:38.155745 0.000000 tcp 10.0.2.109 55149 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:20:44.144030 2.993951 tcp 10.0.2.109 55150 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:20:53.147013 0.000000 tcp 10.0.2.109 55150 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:23:20.202206 3.002205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 22:23:27.208737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:23:35.210418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:23:51.213422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:24:23.219331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:25:59.147793 0.000177 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 22:25:59.148066 3.003461 tcp 10.0.2.109 55151 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:26:08.150209 0.000000 tcp 10.0.2.109 55151 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:26:14.150877 0.049043 tcp 10.0.2.109 55152 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:26:14.200223 0.049517 tcp 10.0.2.109 55153 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:26:14.250242 0.127587 tcp 10.0.2.109 55154 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:26:14.410659 3.002787 tcp 10.0.2.109 55155 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:26:23.412011 0.000000 tcp 10.0.2.109 55155 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:26:29.995732 0.049640 tcp 10.0.2.109 55156 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:26:30.045243 0.050723 tcp 10.0.2.109 55157 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:26:30.096343 0.129888 tcp 10.0.2.109 55158 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:26:30.415298 2.959551 tcp 10.0.2.109 55159 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:26:39.302432 0.000000 tcp 10.0.2.109 55159 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:26:45.233743 2.962133 tcp 10.0.2.109 55160 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:26:54.126567 0.000000 tcp 10.0.2.109 55160 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:30:27.230659 2.996194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 22:30:34.232872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:30:42.233891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:30:58.237183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:31:30.243472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:31:59.837086 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 22:31:59.837272 2.992892 tcp 10.0.2.109 55161 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:32:08.828577 0.000000 tcp 10.0.2.109 55161 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:32:14.839458 0.049777 tcp 10.0.2.109 55162 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:32:14.889595 0.050527 tcp 10.0.2.109 55163 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:32:14.940430 0.137077 tcp 10.0.2.109 55164 -> 195.113.214.211 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:32:15.655190 2.999300 tcp 10.0.2.109 55165 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:32:24.651571 0.000000 tcp 10.0.2.109 55165 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:32:30.650567 0.049947 tcp 10.0.2.109 55166 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:32:30.700787 0.050302 tcp 10.0.2.109 55167 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:32:30.751402 0.140968 tcp 10.0.2.109 55168 -> 195.113.214.211 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:32:31.136707 2.999203 tcp 10.0.2.109 55169 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:32:40.134460 0.000000 tcp 10.0.2.109 55169 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:32:46.132679 3.004142 tcp 10.0.2.109 55170 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:32:55.135304 0.000000 tcp 10.0.2.109 55170 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:37:34.250233 3.000830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 22:37:41.256741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:37:49.258081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:38:05.261249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:38:37.267160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:39:21.361134 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 22:39:21.361252 0.426328 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:22.057747 0.000000 udp 10.0.2.109 3683 -> 76.242.179.0 5757 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 22:39:31.145330 2.993614 tcp 10.0.2.109 55171 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:39:37.635753 0.050709 tcp 10.0.2.109 55172 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:39:37.686271 0.050816 tcp 10.0.2.109 55173 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:39:37.737411 0.132562 tcp 10.0.2.109 55174 -> 195.113.214.211 443 SRPA* 0 0 24 13196 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:39:37.870551 0.179815 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:38.289810 0.176905 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:38.463762 0.153893 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:38.878323 0.338817 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:39.278266 0.172023 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:39.424995 0.189376 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:39.607543 0.217879 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:39.836698 0.416996 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:40.147757 0.000000 tcp 10.0.2.109 55171 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:39:40.231867 0.218707 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:40.441866 0.177664 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:40.677076 0.076602 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:40.904537 0.155920 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:41.057193 0.047481 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:41.164647 0.240280 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:41.531289 0.254835 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2568 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:41.748503 0.323029 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:42.167710 0.382494 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:42.549054 0.157309 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:42.850517 0.347988 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:43.194790 0.161343 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:43.334600 0.375397 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:43.849445 0.119071 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:43.933124 0.148510 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:44.091600 0.165610 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:44.247363 0.394933 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:44.623398 0.067012 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/07 22:39:46.146858 0.048573 tcp 10.0.2.109 55175 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:39:46.195733 0.051323 tcp 10.0.2.109 55176 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:39:46.247387 0.122932 tcp 10.0.2.109 55177 -> 195.113.214.211 443 SRPA* 0 0 25 14790 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:39:46.661368 3.000050 tcp 10.0.2.109 55178 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:39:55.659888 0.000000 tcp 10.0.2.109 55178 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:44:41.273555 3.002071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 22:44:48.280609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:44:56.281849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:45:01.660298 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 22:45:01.660444 3.004012 tcp 10.0.2.109 55179 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:45:10.662839 0.000000 tcp 10.0.2.109 55179 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:45:12.285141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:45:16.663485 0.050755 tcp 10.0.2.109 55180 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:45:16.714093 0.050730 tcp 10.0.2.109 55181 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:45:16.764701 0.121177 tcp 10.0.2.109 55182 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:45:17.185558 3.001112 tcp 10.0.2.109 55183 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:45:26.185167 0.000000 tcp 10.0.2.109 55183 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:45:32.184434 0.048519 tcp 10.0.2.109 55184 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:45:32.233275 0.050214 tcp 10.0.2.109 55185 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:45:32.283884 0.137420 tcp 10.0.2.109 55186 -> 195.113.214.211 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:45:32.746950 2.992075 tcp 10.0.2.109 55187 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:45:41.737422 0.000000 tcp 10.0.2.109 55187 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:45:44.291913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:45:47.746242 2.995516 tcp 10.0.2.109 55188 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:45:56.738934 0.000000 tcp 10.0.2.109 55188 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:51:02.749553 0.000190 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 22:51:02.749845 3.002905 tcp 10.0.2.109 55189 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:51:11.752732 0.000000 tcp 10.0.2.109 55189 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:51:17.752881 0.051182 tcp 10.0.2.109 55190 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:51:17.804350 0.050582 tcp 10.0.2.109 55191 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:51:17.855285 0.135269 tcp 10.0.2.109 55192 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:51:18.011906 3.003332 tcp 10.0.2.109 55193 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:51:27.014050 0.000000 tcp 10.0.2.109 55193 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:51:33.013249 0.051185 tcp 10.0.2.109 55194 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:51:33.064731 0.051195 tcp 10.0.2.109 55195 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:51:33.116234 0.130432 tcp 10.0.2.109 55196 -> 195.113.214.211 443 SRPA* 0 0 25 13288 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:51:33.292964 3.004210 tcp 10.0.2.109 55197 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:51:42.305780 0.000000 tcp 10.0.2.109 55197 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:51:48.294447 2.994328 tcp 10.0.2.109 55198 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:51:57.287082 0.000000 tcp 10.0.2.109 55198 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:54:00.307223 3.000823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 22:54:07.314791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:54:15.316006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:54:31.319371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:55:03.324886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 22:57:03.298513 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 22:57:03.298602 3.003014 tcp 10.0.2.109 55199 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:57:12.300406 0.000000 tcp 10.0.2.109 55199 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:57:18.301102 0.050847 tcp 10.0.2.109 55200 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:57:18.352238 0.051772 tcp 10.0.2.109 55201 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:57:18.403836 0.138000 tcp 10.0.2.109 55202 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:57:18.596319 2.997275 tcp 10.0.2.109 55203 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:57:27.592270 0.000000 tcp 10.0.2.109 55203 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:57:33.591989 0.098840 tcp 10.0.2.109 55204 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:57:33.691317 0.051783 tcp 10.0.2.109 55205 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:57:33.742845 0.128177 tcp 10.0.2.109 55206 -> 195.113.214.211 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/07 22:57:34.091552 3.004377 tcp 10.0.2.109 55207 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:57:43.094997 0.000000 tcp 10.0.2.109 55207 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:57:49.093772 3.003350 tcp 10.0.2.109 55208 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 22:57:58.105861 0.000000 tcp 10.0.2.109 55208 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:01:07.331572 3.000937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 23:01:14.339192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:01:22.340058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:01:38.344140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:02:10.348805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:03:04.096467 0.476673 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 23:03:04.573274 2.958037 tcp 10.0.2.109 55209 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:03:13.472720 0.000000 tcp 10.0.2.109 55209 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:03:19.437231 0.050529 tcp 10.0.2.109 55210 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:03:19.488064 0.050333 tcp 10.0.2.109 55211 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:03:19.538703 0.129917 tcp 10.0.2.109 55212 -> 195.113.214.211 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:03:19.706436 2.975950 tcp 10.0.2.109 55213 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:03:28.625692 0.000000 tcp 10.0.2.109 55213 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:08:22.356766 3.000936 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 23:08:29.363557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:08:37.365257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:08:53.368716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:09:25.375786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:09:58.131685 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 23:09:58.131784 0.416400 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:09:58.952694 0.680004 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:09:59.786133 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/07 23:10:04.391277 3.003473 tcp 10.0.2.109 55214 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:10:13.393215 0.000000 tcp 10.0.2.109 55214 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:10:16.810164 0.050110 tcp 10.0.2.109 55215 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:10:16.860597 0.049850 tcp 10.0.2.109 55216 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:10:16.910735 0.130942 tcp 10.0.2.109 55217 -> 195.113.214.211 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:10:17.042326 0.155790 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:17.895634 0.337130 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:18.235523 0.172563 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:18.385935 0.189095 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:18.568924 0.216893 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:18.765339 0.164354 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:18.919999 0.406837 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:19.304985 0.189526 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:19.392870 0.050034 tcp 10.0.2.109 55218 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:10:19.442736 0.052750 tcp 10.0.2.109 55219 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:10:19.468713 0.067044 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:19.495413 0.127637 tcp 10.0.2.109 55220 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:10:19.599638 0.166499 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:19.635738 3.000543 tcp 10.0.2.109 55221 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:10:19.764438 0.050342 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:19.858950 0.241247 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:20.060599 0.259673 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:20.280790 0.157926 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:20.431086 0.323894 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:20.770700 0.378627 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:21.148229 0.350894 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:21.495190 0.162724 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:21.866269 0.378532 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:22.228173 0.161183 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:22.383689 0.387522 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:22.751067 0.123665 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:22.867073 0.160707 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:23.014578 0.074781 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:10:28.635434 0.000000 tcp 10.0.2.109 55221 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:15:29.380966 3.001428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/07 23:15:34.636027 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 23:15:34.636133 2.993504 tcp 10.0.2.109 55222 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:15:36.387590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:15:43.628286 0.000000 tcp 10.0.2.109 55222 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:15:44.389202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:15:49.639196 0.050106 tcp 10.0.2.109 55223 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:15:49.689629 0.050422 tcp 10.0.2.109 55224 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:15:49.740345 0.143099 tcp 10.0.2.109 55225 -> 195.113.214.211 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:15:49.918606 3.002902 tcp 10.0.2.109 55226 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:15:58.920535 0.000000 tcp 10.0.2.109 55226 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:16:00.393801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:16:04.919423 0.049214 tcp 10.0.2.109 55227 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:16:04.968990 0.049731 tcp 10.0.2.109 55228 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:16:05.019056 0.136355 tcp 10.0.2.109 55229 -> 195.113.214.211 443 SRPA* 0 0 42 23350 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:16:05.537572 3.006485 tcp 10.0.2.109 55230 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:16:14.542534 0.000000 tcp 10.0.2.109 55230 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:16:20.531594 3.003813 tcp 10.0.2.109 55231 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:16:29.533859 0.000000 tcp 10.0.2.109 55231 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:16:32.398216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:21:35.534440 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 23:21:35.534598 2.993299 tcp 10.0.2.109 55232 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:21:44.537053 0.000000 tcp 10.0.2.109 55232 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/07 23:21:50.537771 0.051653 tcp 10.0.2.109 55233 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:21:50.589774 0.049988 tcp 10.0.2.109 55234 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:21:50.640072 0.136329 tcp 10.0.2.109 55235 -> 195.113.214.211 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:21:50.949870 0.573398 tcp 10.0.2.109 55236 -> 176.73.169.112 1959 FSPA* 0 0 14 1561 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:22:36.404980 3.000860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 23:22:43.411964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:22:51.413200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:23:07.416675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:23:39.422833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:29:43.427816 3.002882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 23:29:50.436015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:29:58.437387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:30:14.440543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:30:46.446430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:36:50.453288 3.000214 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 23:36:57.459573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:37:05.461451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:37:21.465589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:37:53.470109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:40:45.788675 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 23:40:45.788771 0.177903 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:45.964039 0.421955 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:46.595505 0.176993 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:46.743865 0.158092 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:47.168645 0.371305 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:47.586795 0.167773 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:47.732330 0.188668 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:47.945253 0.235652 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:48.160103 0.149529 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:48.888409 0.078079 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:50.619555 0.154852 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:50.772974 0.159910 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:52.275392 0.409535 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:52.665535 0.052161 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:52.783475 0.240271 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:52.981174 0.253379 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:53.360688 0.154401 rtcp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:53.507308 0.352807 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:53.859904 0.406988 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:54.265941 0.353577 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:54.638906 0.160974 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:54.779555 0.351437 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:55.113082 0.166684 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:55.269110 0.399965 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:55.652778 0.071066 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:55.711163 0.121632 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:40:55.793499 0.161401 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/07 23:43:57.478109 2.999938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 23:44:04.483792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:44:12.485125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:44:28.488167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:45:00.493973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:51:04.500854 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 23:51:11.507848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:51:19.519294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:51:35.522418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:51:51.525827 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/07 23:51:51.525936 0.527091 tcp 10.0.2.109 55237 -> 176.73.169.112 1959 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/02/07 23:52:07.528644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:58:11.535340 3.000710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/07 23:58:18.541635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:58:26.542829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:58:42.545880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/07 23:59:14.552454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:05:43.564758 3.000824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 00:05:50.571501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:05:58.573110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:06:14.576105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:06:46.581941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:11:04.223248 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 00:11:04.223370 0.287799 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:04.980288 0.176705 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:05.154007 0.427183 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:05.899677 0.153602 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:06.074797 0.338530 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:06.470829 0.289663 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:06.762400 0.189233 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:06.943891 0.218338 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:07.142033 0.228918 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:07.337454 0.067156 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:07.539807 0.151787 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:07.689937 0.160493 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:07.842845 0.409017 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:08.229620 0.052879 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:08.426378 0.157979 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:08.576333 0.239352 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:08.775525 0.243252 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:09.084139 0.358824 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:09.532958 0.405806 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:09.937513 0.347053 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:10.280422 0.172368 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:10.428691 0.391216 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:10.798951 0.066478 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:11.126298 0.125768 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:11.209506 0.411559 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 5 2068 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:29.090734 0.050123 tcp 10.0.2.109 55238 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 00:11:29.141139 0.050229 tcp 10.0.2.109 55239 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 00:11:29.191789 0.133165 tcp 10.0.2.109 55240 -> 195.113.214.211 443 SRPA* 0 0 23 13372 flow=From-Botnet-V1-TCP-Established 1970/02/08 00:11:29.325510 0.293629 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:11:29.649342 0.182580 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:12:50.587507 3.002338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 00:12:57.595575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:13:05.596709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:13:21.599943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:13:53.605942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:19:57.611913 3.001749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 00:20:04.620553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:20:12.621052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:20:29.078554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:21:00.687841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:21:52.054152 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 00:21:52.054252 0.670207 tcp 10.0.2.109 55241 -> 176.73.169.112 1959 FSPA* 0 0 14 1498 flow=From-Botnet-V1-TCP-Established 1970/02/08 00:27:04.656289 3.001298 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 00:27:11.663026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:27:19.664807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:27:35.667721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:28:07.676797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:34:11.689846 3.001275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 00:34:18.697413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:34:26.699075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:34:42.701949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:35:14.707798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:41:18.714023 3.001269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 00:41:25.721466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:41:33.722918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:41:49.725593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:41:55.905159 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 00:41:55.905360 0.402275 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:56.286494 0.178296 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:56.529752 0.374344 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:56.909612 0.175200 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:57.191473 0.170284 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:57.337147 0.336922 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:57.790820 0.153060 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:58.091836 0.191254 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 1955 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:58.276005 0.066945 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:58.331650 0.154213 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:58.878858 0.162929 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:59.033040 0.188852 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:59.214400 0.217298 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:59.629560 0.158971 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:59.780722 0.246052 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:41:59.982378 0.052897 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:00.172891 0.407935 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:00.561003 0.322196 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:01.034755 0.585945 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2564 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:01.582030 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 00:42:17.277927 0.051573 tcp 10.0.2.109 55242 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 00:42:17.329753 0.111464 tcp 10.0.2.109 55243 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 00:42:17.441568 0.146421 tcp 10.0.2.109 55244 -> 195.113.214.211 443 SRPA* 0 0 39 27212 flow=From-Botnet-V1-TCP-Established 1970/02/08 00:42:17.588548 0.387943 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:17.954522 0.353783 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:18.405016 0.405281 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:18.809058 0.064891 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:18.969756 0.121798 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:19.055994 0.164787 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:19.497085 0.156796 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/08 00:42:21.731759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:48:25.743108 2.996328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 00:48:32.745283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:48:40.746948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:48:56.749734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:49:28.755272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:51:52.723661 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 00:51:52.723848 0.921514 tcp 10.0.2.109 55245 -> 176.73.169.112 1959 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/02/08 00:55:53.761787 3.001350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 00:56:00.769517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:56:08.771267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:56:24.774428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 00:56:56.780049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:03:00.796099 3.001636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 01:03:07.803525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:03:15.804624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:03:31.807899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:04:03.814020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:10:07.819705 3.114024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 01:10:14.904197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:10:22.840592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:10:38.842111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:11:10.848160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:12:27.021893 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 01:12:27.022005 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 01:12:44.844600 0.051320 tcp 10.0.2.109 55246 -> 195.113.214.219 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 01:12:44.896214 0.050865 tcp 10.0.2.109 55247 -> 195.113.214.211 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 01:12:44.947403 0.142365 tcp 10.0.2.109 55248 -> 195.113.214.211 443 SRPA* 0 0 74 70172 flow=From-Botnet-V1-TCP-Established 1970/02/08 01:12:45.090643 0.357689 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:45.430694 0.177770 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:45.739292 0.169478 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:45.884625 0.336211 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:46.230925 0.358967 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:46.774740 0.178390 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:46.950563 0.074409 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:47.071126 0.198904 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:47.262377 0.157089 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:47.610866 0.155166 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:47.756024 0.218106 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:47.953693 0.161587 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:48.107140 0.152835 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:48.330370 0.163507 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:48.482291 0.241080 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:48.683651 0.052645 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:48.820542 0.431492 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:49.228690 0.343715 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:49.571474 0.256839 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:49.959045 0.387952 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:50.326804 0.352857 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2555 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:50.675549 0.407034 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:51.163311 0.162740 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:51.321103 0.152656 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:51.463140 0.069505 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:12:51.619134 0.114545 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:17:14.864837 3.000974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 01:17:21.871117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:17:29.873050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:17:45.875767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:18:17.881485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:21:53.662559 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 01:21:53.662815 0.561581 tcp 10.0.2.109 55249 -> 176.73.169.112 1959 FSPA* 0 0 15 1641 flow=From-Botnet-V1-TCP-Established 1970/02/08 01:24:21.889038 3.000761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 01:24:28.895664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:24:36.896912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:24:52.900507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:25:24.905756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:31:28.913572 3.000320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 01:31:35.919343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:31:43.921078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:31:59.923574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:32:31.930155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:38:35.936303 3.001193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 01:38:42.943299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:38:50.944681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:39:06.948013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:39:38.953932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:43:06.533026 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 01:43:06.533234 0.354025 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:06.866364 0.349221 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:07.352168 0.179228 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:07.577829 0.169599 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:07.787466 0.415919 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:08.212362 0.175985 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:08.385546 0.077959 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:08.506690 0.197551 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:08.696982 0.155046 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:08.922828 0.279069 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:09.193618 0.215610 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:09.389003 0.168341 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:09.549042 0.152213 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:09.741129 0.172974 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:09.903182 0.426832 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:10.310710 0.242246 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:10.510661 0.052695 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:10.579612 0.398217 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:10.957915 0.337591 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:11.315287 0.312702 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:11.592699 0.351060 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:11.939407 0.405683 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:12.346558 0.165360 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:12.501876 0.152937 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:12.659195 0.065716 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:43:12.710512 0.554725 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/08 01:45:42.959597 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 01:45:49.967509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:45:57.968760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:46:13.971710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:46:45.977712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:51:54.231467 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 01:51:54.231618 0.473892 tcp 10.0.2.109 55250 -> 176.73.169.112 1959 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/02/08 01:54:28.987453 3.000303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 01:54:35.993586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:54:43.995269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:54:59.997900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 01:55:32.004033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:02:01.016623 3.001406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 02:02:08.023483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:02:16.025168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:02:32.028062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:03:04.034083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:09:11.045327 3.000569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 02:09:18.051728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:09:26.053394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:09:42.056394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:10:14.076626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:13:13.961668 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 02:13:13.961775 0.373361 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:14.313986 0.172958 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:14.462937 0.339018 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:14.937385 0.178196 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:15.086679 0.424975 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:15.610901 0.178816 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:15.786917 0.077561 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:16.053419 0.194134 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:16.240434 0.156458 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:16.620121 0.188487 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:16.799818 0.151951 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:17.031069 0.266169 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:17.251801 0.218380 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:17.449422 0.187197 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:17.728106 0.421086 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:18.127445 0.238484 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:18.326880 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 02:13:34.742714 0.050945 tcp 10.0.2.109 55251 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 02:13:34.793977 0.050146 tcp 10.0.2.109 55252 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 02:13:34.844356 0.113603 tcp 10.0.2.109 55253 -> 195.113.214.211 443 SRPA* 0 0 37 27271 flow=From-Botnet-V1-TCP-Established 1970/02/08 02:13:34.958465 0.245705 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:35.170665 0.386806 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:35.537073 0.335171 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:35.871619 0.377358 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:36.245224 0.409180 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2037 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:36.718233 0.162171 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:37.009234 0.176359 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:37.159724 0.067730 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:13:37.544065 0.118718 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:16:18.078863 3.000988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 02:16:25.085656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:16:33.087305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:16:49.090398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:17:21.096220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:21:54.713072 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 02:21:54.713220 0.813822 tcp 10.0.2.109 55254 -> 176.73.169.112 1959 FSPA* 0 0 14 1603 flow=From-Botnet-V1-TCP-Established 1970/02/08 02:23:25.103042 3.000607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 02:23:32.109564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:23:40.111306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:23:56.114500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:24:28.120649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:30:32.128573 2.999795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 02:30:39.133702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:30:47.135054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:31:03.138521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:31:35.144436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:37:39.149780 3.002298 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 02:37:46.157560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:37:54.159166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:38:10.162550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:38:42.168199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:43:54.337371 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 02:43:54.337515 0.052504 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:43:54.405938 0.344979 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:43:54.767829 0.344860 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:43:55.095223 0.168446 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:43:55.241695 0.179334 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:43:55.417942 0.179277 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:43:55.606374 0.415650 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:43:56.023304 0.153733 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:43:56.206822 0.187088 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:43:56.386694 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 02:44:14.457761 0.049639 tcp 10.0.2.109 55255 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 02:44:14.507701 0.050326 tcp 10.0.2.109 55256 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 02:44:14.558333 0.140751 tcp 10.0.2.109 55257 -> 195.113.214.211 443 SRPA* 0 0 34 19454 flow=From-Botnet-V1-TCP-Established 1970/02/08 02:44:14.699780 0.073391 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:14.751838 0.217394 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:14.947617 0.191266 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:15.130800 0.219258 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:15.332041 0.151647 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:15.482598 0.236774 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:15.682084 0.406794 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:16.069642 0.343434 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:16.501320 0.253952 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:16.720037 0.389600 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:17.089464 0.350378 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:17.436448 0.408092 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:17.874850 0.162058 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:18.105997 0.122894 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:18.188932 0.151334 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:18.330886 0.066524 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/08 02:44:46.175248 3.000606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 02:44:53.184919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:45:01.183221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:45:17.189676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:45:49.192401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:51:55.529374 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 02:51:55.529472 0.476836 tcp 10.0.2.109 55258 -> 176.73.169.112 1959 FSPA* 0 0 14 1641 flow=From-Botnet-V1-TCP-Established 1970/02/08 02:54:01.203224 3.000613 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 02:54:08.209691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:54:16.211240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:54:32.214316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 02:55:04.220262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:01:13.233750 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 03:01:20.240840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:01:28.243166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:01:44.245372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:02:16.252383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:08:29.260480 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 03:08:36.267307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:08:44.269284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:09:00.272689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:09:32.288492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:14:21.083901 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 03:14:21.083992 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 03:14:38.600828 0.051839 tcp 10.0.2.109 55259 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 03:14:38.652931 0.049464 tcp 10.0.2.109 55260 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 03:14:38.702732 0.134294 tcp 10.0.2.109 55261 -> 195.113.214.211 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/08 03:14:38.837635 0.052177 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:39.097865 0.336609 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:39.631691 0.236020 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:39.887382 0.175957 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:40.035084 0.172309 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:40.184890 0.343111 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:40.605380 0.413055 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:41.146765 0.154856 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:41.383706 0.190068 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:41.565505 0.074439 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:41.824411 0.219708 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:42.021085 0.190486 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:42.335751 0.156549 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:42.484665 0.152032 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:42.694925 0.240300 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:42.892298 0.248470 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:43.110446 0.414075 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:43.505249 0.323795 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:43.980554 0.387410 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:44.348363 0.354018 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:44.698752 0.407278 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:45.230515 0.164804 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:45.379568 0.068731 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:45.535235 0.166316 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:14:45.878850 0.123115 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2549 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:15:36.295407 3.001995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 03:15:43.301791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:15:51.351786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:16:07.316178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:16:39.323905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:21:56.007542 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 03:21:56.007628 0.460996 tcp 10.0.2.109 55262 -> 176.73.169.112 1959 FSPA* 0 0 15 1717 flow=From-Botnet-V1-TCP-Established 1970/02/08 03:22:43.328162 3.001833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 03:22:50.335773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:22:58.337080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:23:14.340100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:23:46.346133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:29:50.352711 3.001323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 03:29:57.359780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:30:05.361126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:30:21.364653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:30:53.370477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:36:57.376489 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 03:37:04.383575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:37:12.385261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:37:28.388150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:38:00.394456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:44:04.400027 3.134852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 03:44:11.502828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:44:19.437277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:44:35.422444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:44:48.842037 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 03:44:48.842164 0.175499 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:49.014994 0.052628 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:49.430331 0.335918 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:49.864017 0.177476 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:50.013368 0.169128 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:50.284452 0.345952 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:50.608541 0.157137 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:50.802884 0.073163 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:50.857539 0.347126 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:51.505311 0.156827 rtp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:51.750986 0.216972 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:51.946795 0.162018 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:52.576486 0.270656 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:44:52.815221 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 03:45:07.428420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:45:08.401150 0.049724 tcp 10.0.2.109 55263 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 03:45:08.451142 0.050482 tcp 10.0.2.109 55264 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 03:45:08.501864 0.126680 tcp 10.0.2.109 55265 -> 195.113.214.211 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/08 03:45:08.629074 0.412043 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:09.021129 0.338304 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:09.370432 0.243030 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:09.570837 0.242651 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:09.777512 0.388952 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:10.143947 0.350926 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:10.491083 0.066332 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:10.623476 0.171229 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:10.781664 0.406399 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:11.319237 0.191169 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:45:11.472394 0.502516 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/08 03:51:56.476497 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 03:51:56.476666 0.446651 tcp 10.0.2.109 55266 -> 176.73.169.112 1959 FSPA* 0 0 13 1581 flow=From-Botnet-V1-TCP-Established 1970/02/08 03:53:32.436549 3.002005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 03:53:39.444146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:53:47.445812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:54:03.448918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 03:54:35.454863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:00:39.461258 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 04:00:46.468539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:00:54.469855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:01:10.472801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:01:42.478697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:07:46.484986 3.001337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 04:07:53.496545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:08:01.493554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:08:17.502548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:08:49.502859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:14:53.508605 3.001991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 04:15:00.516395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:15:08.517644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:15:24.530729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:15:36.778717 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 04:15:36.778814 0.164363 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:36.941616 0.336714 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:37.510843 0.176734 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:37.680599 0.053314 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:37.794929 0.167415 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:37.938882 0.360596 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 1954 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:38.358494 0.157719 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:38.508472 0.175890 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:38.655950 0.080716 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:38.823751 0.331675 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:39.250772 0.169693 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:39.526677 0.298861 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:39.677736 0.162769 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:39.937304 0.216488 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:40.134787 0.237735 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:40.331193 0.250522 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:40.544777 0.408463 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:40.935683 0.322811 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:41.657382 0.387795 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:42.025767 0.353885 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:42.375672 0.064002 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:42.844127 0.167059 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:43.001148 0.407150 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:43.484841 0.195306 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:43.648879 0.579341 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:15:56.537003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:21:56.927534 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 04:21:56.927735 0.457087 tcp 10.0.2.109 55267 -> 176.73.169.112 1959 FSPA* 0 0 15 1593 flow=From-Botnet-V1-TCP-Established 1970/02/08 04:22:00.542491 3.001929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 04:22:07.550171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:22:15.551526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:22:31.555938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:23:03.560885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:29:07.567454 3.000958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 04:29:14.574404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:29:22.575744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:29:38.578965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:30:10.584655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:36:14.590692 3.004409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 04:36:21.598022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:36:29.599772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:36:45.602398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:37:17.608767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:43:21.618610 2.997774 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 04:43:28.621999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:43:36.623655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:43:52.626548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:44:24.632548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:46:09.724127 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 04:46:09.724323 0.176730 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:09.898170 0.052967 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:09.964774 0.152795 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:10.116636 0.341318 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:10.457711 0.169757 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:10.604936 0.378345 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:10.965578 0.157763 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:11.116001 0.608112 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:11.695045 0.087218 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:11.765293 0.203166 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:11.946730 0.331608 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:12.301834 0.155928 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:12.494711 0.160147 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:12.647092 0.220176 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:12.845095 0.241313 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:13.047380 0.251256 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:13.262624 0.409852 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:13.653381 0.343769 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:13.998421 0.390330 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:14.366019 0.418101 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:14.780367 0.080148 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:14.843430 0.194938 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:14.991467 0.171344 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:15.171240 0.407120 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:46:15.579888 0.557950 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/08 04:50:28.639058 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 04:50:35.646227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:50:43.647534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:50:59.650740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:51:31.656643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:51:57.383942 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 04:51:57.384047 0.481929 tcp 10.0.2.109 55268 -> 176.73.169.112 1959 FSPA* 0 0 14 1588 flow=From-Botnet-V1-TCP-Established 1970/02/08 04:57:35.663641 3.000926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 04:57:42.669892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:57:50.678381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:58:06.674830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 04:58:51.762766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:05:07.531984 2.961854 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 05:05:14.442351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:05:22.330477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:05:38.106367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:06:09.675940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:12:17.564961 2.963150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 05:12:24.474981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:12:32.359069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:12:48.144116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:13:19.694674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:16:33.886787 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 05:16:33.886904 0.175140 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:34.059473 0.052099 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:34.720767 0.150959 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:34.934723 0.339757 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:35.318859 0.168709 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:35.465975 0.176373 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:35.615711 0.087742 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:35.756779 0.344895 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:36.081343 0.158969 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:36.391301 0.158063 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:36.538024 0.421470 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:37.019548 0.157175 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:37.212038 0.167076 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2009 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:37.366820 0.218607 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:37.564095 0.413898 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:37.960342 0.239368 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:38.159629 0.245648 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:38.716934 0.336654 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:39.110702 0.400870 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:39.496054 0.398310 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:39.890880 0.077665 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:40.018048 0.409530 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:40.511307 0.216861 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:40.668900 0.166474 rtp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:16:40.884801 0.127179 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:19:22.762476 3.003217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 05:19:29.769362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:19:37.770933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:19:53.773222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:20:25.779344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:21:57.872483 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 05:21:57.872582 0.551811 tcp 10.0.2.109 55269 -> 176.73.169.112 1959 FSPA* 0 0 15 1644 flow=From-Botnet-V1-TCP-Established 1970/02/08 05:26:29.787139 3.001502 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 05:26:36.792686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:26:44.794441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:27:00.797770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:27:32.803394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:33:36.809369 3.002096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 05:33:43.817311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:33:51.818814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:34:08.409149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:34:40.032901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:40:43.843830 3.001809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 05:40:50.850815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:40:58.853064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:41:14.855727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:41:46.861743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:46:59.892032 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 05:46:59.892134 0.161606 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:00.050849 0.173263 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:00.344321 0.052247 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:00.410510 0.336520 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:00.756054 0.169442 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:00.903819 0.173913 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:01.051734 0.082755 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:01.241706 0.224329 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:01.455865 0.373290 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:01.811172 0.158783 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:01.962543 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 05:47:20.343050 0.052085 tcp 10.0.2.109 55270 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 05:47:20.395400 0.051439 tcp 10.0.2.109 55271 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 05:47:20.447218 0.120903 tcp 10.0.2.109 55272 -> 195.113.214.211 443 SRPA* 0 0 55 45349 flow=From-Botnet-V1-TCP-Established 1970/02/08 05:47:20.568632 0.155911 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:20.727075 0.170154 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:20.884780 0.221484 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:21.083480 1.062026 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:22.112054 0.408947 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:22.500877 0.241936 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2544 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:22.698467 0.330047 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:23.341629 0.394840 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:23.717395 0.382650 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:24.096365 0.186973 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:24.250049 0.166703 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:24.422480 0.080552 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:24.487561 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 05:47:41.572435 0.050295 tcp 10.0.2.109 55273 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 05:47:41.623053 0.050284 tcp 10.0.2.109 55274 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 05:47:41.673184 0.130915 tcp 10.0.2.109 55275 -> 195.113.214.211 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 05:47:41.804645 0.136086 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/08 05:47:50.867393 3.001887 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 05:47:57.875111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:48:05.876754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:48:21.879697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:48:53.885660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:51:58.431461 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 05:51:58.431573 0.710422 tcp 10.0.2.109 55276 -> 176.73.169.112 1959 FSPA* 0 0 14 1726 flow=From-Botnet-V1-TCP-Established 1970/02/08 05:55:34.894771 3.001876 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 05:55:41.902831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:55:49.904181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:56:05.906890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 05:56:37.912556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:02:49.920047 3.002444 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 06:02:56.927727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:03:04.929339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:03:20.932788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:03:52.944457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:09:56.944037 3.003263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 06:10:03.954251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:10:11.953181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:10:27.956196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:10:59.961992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:17:03.968169 3.001859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 06:17:10.980711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:17:18.977346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:17:34.980375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:18:00.957866 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 06:18:00.958017 0.426917 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:01.385862 4.842567 tcp 10.0.2.109 55277 -> 27.54.121.253 8878 SPA_* 0 0 111 85962 flow=From-Botnet-V1-TCP-Established 1970/02/08 06:18:01.592637 0.410638 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2585 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:02.217448 0.052433 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:02.370928 0.174001 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:02.540918 0.152725 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:02.692456 0.340973 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:03.123672 0.177087 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:03.488389 0.352949 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:03.818236 0.304063 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:04.088003 0.169514 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:04.315158 0.092445 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:04.385275 0.159498 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:04.555993 0.167118 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:04.710619 0.156151 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:05.185448 0.219698 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:05.384161 0.243759 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:05.753340 0.242253 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:05.964367 0.410276 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:06.354898 0.328518 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:06.636613 4.877845 tcp 10.0.2.109 55277 -> 27.54.121.253 8878 A_PA 0 0 152 114704 flow=From-Botnet-V1-TCP-Established 1970/02/08 06:18:06.682901 0.390815 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:06.986894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:18:07.053054 0.089410 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:07.124194 0.440955 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:07.561794 0.195530 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:07.705572 0.162208 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:07.862475 0.237788 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:11.916308 4.922916 tcp 10.0.2.109 55277 -> 27.54.121.253 8878 A_PA 0 0 144 114272 flow=From-Botnet-V1-TCP-Established 1970/02/08 06:18:17.243442 1.630480 tcp 10.0.2.109 55277 -> 27.54.121.253 8878 FPA_* 0 0 29 15912 flow=From-Botnet-V1-TCP-Established 1970/02/08 06:18:35.328687 0.440119 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:35.832167 0.166345 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:35.995675 0.154254 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:36.188827 0.408691 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2037 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:36.717416 0.052823 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:36.878734 0.347517 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:37.756462 0.341475 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:38.099553 0.176346 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:38.249139 0.149691 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:38.419278 0.164725 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:38.561133 0.084983 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:38.768737 0.162959 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:38.919491 0.167731 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:39.075352 0.157768 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:39.670617 0.216781 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:39.866849 0.237390 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:40.064301 0.000000 udp 10.0.2.109 3683 -> 147.8.183.75 7621 REQ 0 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 06:18:56.439072 0.050380 tcp 10.0.2.109 55278 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 06:18:56.489756 0.051455 tcp 10.0.2.109 55279 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 06:18:56.541527 0.132329 tcp 10.0.2.109 55280 -> 195.113.214.211 443 SRPA* 0 0 61 36696 flow=From-Botnet-V1-TCP-Established 1970/02/08 06:18:56.674411 0.243156 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:56.881367 0.400932 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:57.267624 0.390145 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:57.640317 0.071822 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:58.331949 0.432872 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:58.761028 0.195842 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:58.910406 0.181719 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:18:59.178912 0.124618 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:19:19.941359 0.562952 tcp 10.0.2.109 55281 -> 176.73.169.112 1959 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/02/08 06:24:11.063283 3.000820 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 06:24:18.069649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:24:26.071243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:24:42.074301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:25:14.080567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:31:18.086373 3.001966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 06:31:25.094056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:31:33.096895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:31:49.097773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:32:21.104386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:38:25.109998 3.002081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 06:38:32.117977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:38:40.119098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:38:56.122296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:39:28.128421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:45:32.134474 3.001418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 06:45:39.141738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:45:47.143326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:46:03.146265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:46:35.154934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:49:05.899572 0.000176 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 06:49:05.899868 0.330251 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:06.229508 0.419176 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:06.647393 0.052838 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:06.719913 0.173883 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:06.891439 0.153937 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:07.044436 0.408150 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:07.454013 0.355472 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:07.791131 0.181866 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:07.944899 0.343182 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2665 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:08.289556 0.172165 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:08.439217 0.089397 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:08.536288 0.160213 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:08.687957 0.217132 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:08.861026 0.155357 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2016 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:09.018948 0.164105 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:09.188243 0.218803 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:09.384910 0.238508 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:09.582512 0.248271 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:09.794056 0.387110 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:10.160820 0.403603 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:10.549739 0.375497 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:10.921477 0.224543 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:11.075554 0.085651 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:11.142890 0.167368 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:11.297497 0.132526 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/08 06:49:20.510468 0.510093 tcp 10.0.2.109 55282 -> 176.73.169.112 1959 FSPA* 0 0 14 1576 flow=From-Botnet-V1-TCP-Established 1970/02/08 06:54:27.164585 3.000592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 06:54:34.171142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:54:42.172678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:54:58.175747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 06:55:30.181488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:01:56.199412 3.001584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 07:02:03.212540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:02:11.208053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:02:27.211363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:02:59.217184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:09:10.223780 3.001292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 07:09:17.230639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:09:25.232200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:09:41.235101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:10:13.245301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:16:17.246661 3.002279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 07:16:24.256683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:16:32.256113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:16:48.259403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:17:20.265176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:19:13.337897 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 07:19:13.338240 0.088558 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:13.558295 0.234433 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:13.789552 0.336774 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:14.203078 0.426470 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:14.811696 0.342276 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:15.135563 0.179581 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:15.426571 0.152687 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:15.578097 0.406114 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:15.997051 0.335947 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:16.431028 0.169679 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:16.578431 0.094787 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:16.764355 0.160679 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:16.917678 0.158163 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:17.183302 0.217847 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:17.380919 0.244693 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:17.583108 0.250429 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:17.798969 0.157356 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:18.087473 0.160487 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:18.239982 0.395437 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:18.615615 0.410368 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2524 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:19.006310 0.407056 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:19.409597 0.217560 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:19.614802 0.129805 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:19.776423 0.218904 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:19.932166 0.094187 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:19:21.029745 0.721167 tcp 10.0.2.109 55283 -> 176.73.169.112 1959 FSPA* 0 0 15 1716 flow=From-Botnet-V1-TCP-Established 1970/02/08 07:23:24.271208 3.001856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 07:23:31.282761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:23:39.280684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:23:55.284630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:24:27.289134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:30:31.299623 3.000651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 07:30:38.315032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:30:46.307205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:31:02.306972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:31:34.313036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:37:38.320146 3.000767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 07:37:45.326693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:37:53.328095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:38:09.331273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:38:41.337143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:44:45.343577 3.001305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 07:44:52.350675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:45:00.351816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:45:16.355197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:45:48.361307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:49:21.758333 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 07:49:21.758557 0.530783 tcp 10.0.2.109 55284 -> 176.73.169.112 1959 FSPA* 0 0 14 1571 flow=From-Botnet-V1-TCP-Established 1970/02/08 07:49:30.490809 0.052966 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:30.545512 2.998922 tcp 10.0.2.109 55285 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 07:49:30.553889 0.178980 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:30.730338 0.336849 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:31.066679 0.428052 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:31.503157 0.347252 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:31.828867 0.177999 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:32.020295 0.161955 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 1984 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:32.183445 0.166722 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:32.327474 0.087736 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:32.416758 0.204403 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:32.609962 0.399558 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:33.111538 0.342856 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:33.455959 0.241517 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:33.617842 0.219129 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:33.815823 0.241910 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:34.016075 0.241086 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:34.221200 0.158532 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:34.381043 0.166652 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:34.539349 0.396880 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:34.915535 0.167037 udp 10.0.2.109 3683 <-> 76.97.18.4 7636 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:35.108017 0.135916 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:35.205691 0.208452 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:35.352336 0.406703 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:35.736885 0.410665 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:36.143725 0.086683 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/08 07:49:39.543069 0.000000 tcp 10.0.2.109 55285 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 07:53:59.369925 3.001991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 07:54:06.377725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:54:14.379057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:54:30.381487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 07:55:02.387691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:01:11.400363 3.002278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 08:01:18.408428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:01:26.409715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:01:42.412644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:02:14.418849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:08:27.427827 3.001531 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 08:08:34.435336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:08:42.436926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:08:58.439558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:09:30.447775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:15:34.451697 3.001628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 08:15:41.458975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:15:49.460766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:16:05.463482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:16:37.479679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:19:22.296404 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 08:19:22.296631 0.439185 tcp 10.0.2.109 55286 -> 176.73.169.112 1959 FSPA* 0 0 15 1725 flow=From-Botnet-V1-TCP-Established 1970/02/08 08:19:37.639011 0.052511 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:37.692705 2.999827 tcp 10.0.2.109 55287 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 08:19:37.714852 0.173605 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:37.885827 0.374330 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:38.240187 0.329635 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:38.569223 0.408901 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:38.979306 0.178086 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:39.127996 0.155671 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:39.281034 0.164467 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:39.424196 0.083199 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:39.493148 0.155043 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2652 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:39.640147 0.390076 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:40.039288 0.334024 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:40.419788 0.387499 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:40.624903 0.217433 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:40.825019 0.156158 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:41.022804 0.166395 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:41.179391 0.396331 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:41.554268 0.233404 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2016 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:41.749405 0.253821 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:41.965651 0.000000 udp 10.0.2.109 3683 -> 76.97.18.4 7636 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:19:46.691520 0.000000 tcp 10.0.2.109 55287 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 08:19:57.228492 0.051398 tcp 10.0.2.109 55288 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 08:19:57.280223 0.050920 tcp 10.0.2.109 55289 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 08:19:57.331501 0.113320 tcp 10.0.2.109 55290 -> 195.113.214.211 443 SRPA* 0 0 36 26969 flow=From-Botnet-V1-TCP-Established 1970/02/08 08:19:57.445328 0.140999 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:57.547755 0.204864 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:57.700713 0.408201 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:58.091765 0.385201 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:19:58.536058 0.085323 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:22:41.485232 3.001982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 08:22:48.492913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:22:56.494182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:23:12.497605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:23:44.503663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:29:48.509682 3.001716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 08:29:55.517221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:30:03.521623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:30:19.525425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:30:51.527377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:36:55.538268 2.996867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 08:37:02.540731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:37:10.544285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:37:26.545604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:37:58.551399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:44:02.577480 3.001802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 08:44:09.584783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:44:17.587718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:44:33.589520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:45:05.595520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:49:22.738893 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 08:49:22.739084 0.464095 tcp 10.0.2.109 55291 -> 176.73.169.112 1959 FSPA* 0 0 14 1503 flow=From-Botnet-V1-TCP-Established 1970/02/08 08:50:21.710485 0.000000 udp 10.0.2.109 3683 -> 76.97.18.4 7636 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:50:26.506790 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 08:50:40.098533 0.054542 tcp 10.0.2.109 55292 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 08:50:40.153363 0.051509 tcp 10.0.2.109 55293 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 08:50:40.205137 0.118921 tcp 10.0.2.109 55294 -> 195.113.214.211 443 SRPA* 0 0 69 43801 flow=From-Botnet-V1-TCP-Established 1970/02/08 08:50:40.324622 0.054096 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:40.380603 3.007474 tcp 10.0.2.109 55295 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 08:50:40.423287 0.176532 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:40.597374 0.421066 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:41.114647 0.376678 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:41.470649 0.317086 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:41.787139 0.151167 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:41.937066 0.175045 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:42.085362 0.157346 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:42.234979 0.092821 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:42.306615 0.165940 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:42.450649 0.154980 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:42.597843 0.216565 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:42.794613 0.157155 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:43.038915 0.339729 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:43.439785 0.310681 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:43.762741 0.241475 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:43.968879 0.163813 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2589 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:44.122254 0.386028 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:44.486793 0.239437 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:44.685120 0.139596 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:44.858897 0.206728 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:45.010140 0.087553 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:45.171692 0.407921 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:45.555947 0.375833 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:45.957577 0.331154 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3165 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:46.285659 0.202116 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3245 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:46.558979 0.723505 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 8 3203 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:47.264866 0.633352 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 8 3053 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:48.059400 0.304150 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 8 2914 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:48.361459 0.847535 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 3017 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:49.261808 0.328010 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 3344 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:49.380167 0.000000 tcp 10.0.2.109 55295 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 08:50:49.558889 0.316789 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 8 3144 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:49.867885 0.203529 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 8 3081 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:50.052045 0.308540 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 2913 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:50.337264 0.517646 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 2938 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:50.846789 0.414214 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 8 3048 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:51.239921 0.316957 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 8 2966 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:51.608231 0.620272 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 2970 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:52.259038 0.914728 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 8 2907 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:53.137476 0.680883 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 8 2986 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:53.858915 0.314617 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 8 2779 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:54.165690 0.752323 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 8 3343 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:54.900323 0.530273 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 8 2843 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:55.391101 0.382575 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 8 2948 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:55.734819 0.307227 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 2981 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:56.026714 0.792769 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 8 3275 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:56.801709 0.748518 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3024 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:57.546621 0.363715 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 8 3003 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:50:57.852173 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:51:03.246606 0.000000 udp 10.0.2.109 3683 -> 217.91.73.172 5533 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:51:10.052112 0.000000 udp 10.0.2.109 3683 -> 77.103.187.236 2591 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:51:16.729115 0.000000 udp 10.0.2.109 3683 -> 77.10.247.45 3056 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:51:25.101144 0.000000 udp 10.0.2.109 3683 -> 173.251.120.42 9546 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:51:30.008195 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 08:51:31.120169 0.000000 udp 10.0.2.109 3683 -> 79.38.30.118 7292 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:51:36.908664 0.801054 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 8 3103 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:51:37.850774 0.000000 udp 10.0.2.109 3683 -> 109.255.143.38 1551 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:51:44.078146 0.191853 udp 10.0.2.109 3683 <-> 91.6.25.225 5333 CON 0 0 8 3105 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:51:44.264533 0.000000 udp 10.0.2.109 3683 -> 87.10.8.243 6020 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:51:50.227421 0.000000 udp 10.0.2.109 3683 -> 95.250.42.70 5104 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:51:58.579379 0.000000 udp 10.0.2.109 3683 -> 203.45.119.254 3230 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:52:03.897217 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:52:10.206263 0.212584 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 8 2933 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:52:10.444699 0.000000 udp 10.0.2.109 3683 -> 81.99.227.18 2750 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:52:15.012769 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 08:52:16.195335 0.091364 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3216 flow=From-Botnet-V1-UDP-Established 1970/02/08 08:52:16.312822 0.000000 udp 10.0.2.109 3683 -> 93.34.181.136 6279 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:52:21.973512 0.000000 udp 10.0.2.109 3683 -> 93.64.105.234 2528 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:52:30.765752 0.000000 udp 10.0.2.109 3683 -> 209.222.53.116 9231 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:52:36.593883 0.000000 udp 10.0.2.109 3683 -> 71.229.245.109 7481 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:52:43.413979 0.000000 udp 10.0.2.109 3683 -> 213.97.83.100 8510 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:52:51.916167 0.000000 udp 10.0.2.109 3683 -> 69.193.191.126 1944 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:53:00.086033 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:53:05.005028 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 08:53:07.028296 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:53:14.388898 0.000000 udp 10.0.2.109 3683 -> 82.189.216.74 5286 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:53:21.068654 0.000000 udp 10.0.2.109 3683 -> 71.196.43.226 7410 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:53:29.740784 0.000000 udp 10.0.2.109 3683 -> 2.85.219.94 6731 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:53:30.610410 2.995024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 08:53:37.615027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:53:38.131737 0.000000 udp 10.0.2.109 3683 -> 210.210.116.215 8899 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:53:44.282184 0.000000 udp 10.0.2.109 3683 -> 95.241.211.100 3660 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:53:45.615875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:53:50.982321 0.000000 udp 10.0.2.109 3683 -> 83.254.49.146 1329 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:53:55.507498 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 08:53:56.248972 0.000000 udp 10.0.2.109 3683 -> 109.99.230.157 1035 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:54:01.616079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:54:05.181969 0.000000 udp 10.0.2.109 3683 -> 46.197.156.113 2708 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:54:12.051354 0.000000 udp 10.0.2.109 3683 -> 176.74.96.2 8122 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:54:19.422262 0.000000 udp 10.0.2.109 3683 -> 68.62.215.216 5737 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:54:25.350825 0.000000 udp 10.0.2.109 3683 -> 12.232.31.230 4931 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:54:30.935656 0.000000 udp 10.0.2.109 3683 -> 94.86.169.242 4073 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:54:33.624215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 08:54:35.976035 0.000000 udp 10.0.2.109 3683 -> 212.147.26.21 9645 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:54:40.512303 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 08:54:41.894047 0.000000 udp 10.0.2.109 3683 -> 78.149.65.15 9891 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:54:50.416755 0.000000 udp 10.0.2.109 3683 -> 151.48.19.97 7798 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:54:57.979941 0.000000 udp 10.0.2.109 3683 -> 86.131.252.27 5857 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:55:03.565296 0.000000 udp 10.0.2.109 3683 -> 117.223.164.58 7936 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:55:10.785805 0.000000 udp 10.0.2.109 3683 -> 78.165.181.41 4737 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 08:55:19.689014 0.000000 udp 10.0.2.109 3683 -> 110.142.190.119 4856 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:00:37.628197 3.001539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 09:00:44.635652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:00:52.637278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:01:08.640159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:01:40.646109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:07:44.652634 3.001352 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 09:07:51.659657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:07:59.660958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:08:15.664000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:08:47.670424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:14:51.675104 3.002661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 09:14:58.683544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:15:06.684987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:15:22.688347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:15:54.693960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:19:23.204458 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 09:19:23.204688 0.558467 tcp 10.0.2.109 55296 -> 176.73.169.112 1959 FSPA* 0 0 14 1514 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:21:58.701380 2.999863 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 09:22:05.707606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:22:13.709045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:22:29.711435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:23:01.718167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:25:45.473901 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 09:25:45.473991 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:26:01.343007 0.049875 tcp 10.0.2.109 55297 -> 195.113.214.219 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:26:01.393109 0.051095 tcp 10.0.2.109 55298 -> 195.113.214.211 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:26:01.444475 0.119896 tcp 10.0.2.109 55299 -> 195.113.214.211 443 SRPA* 0 0 62 54551 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:26:01.565037 0.106096 udp 10.0.2.109 3683 <-> 91.6.25.225 5333 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:01.632297 0.105932 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:01.632701 3.005160 tcp 10.0.2.109 55300 -> 91.6.25.225 2689 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:26:01.752341 0.050854 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:02.011300 0.053548 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:02.247848 0.175692 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:02.420658 0.344422 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:02.832940 0.355967 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:03.292008 0.160416 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:03.445426 0.161641 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:03.595399 0.411481 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:04.052745 0.178873 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:04.301730 0.169026 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:04.448318 0.147236 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:04.591319 0.097180 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:04.823025 0.157233 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:05.146782 0.218038 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:05.343437 0.309914 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:05.723414 0.339539 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:06.162541 0.245249 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:06.375007 0.164911 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:06.615598 0.398286 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:06.994382 0.136934 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:07.093659 0.085581 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:07.228066 0.241775 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:07.427320 0.412280 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:07.819244 0.209808 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:07.976317 0.357185 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:26:10.629564 0.000000 tcp 10.0.2.109 55300 -> 91.6.25.225 2689 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:29:05.724555 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 09:29:12.731653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:29:20.734740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:29:36.736395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:30:08.742261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:36:12.748057 3.001634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 09:36:19.755536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:36:27.756949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:36:43.760270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:37:15.765958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:43:19.772235 3.001548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 09:43:26.779420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:43:34.780896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:43:50.783858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:44:22.790178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:49:23.763377 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 09:49:23.763485 3.003655 tcp 10.0.2.109 55301 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:49:32.766947 0.000000 tcp 10.0.2.109 55301 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:49:38.766028 2.992902 tcp 10.0.2.109 55302 -> 195.113.214.219 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:49:47.767257 0.000000 tcp 10.0.2.109 55302 -> 195.113.214.219 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:49:58.135306 0.000153 tcp 10.0.2.109 55301 -> 176.73.169.112 1959 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:49:58.805929 4.002981 udp 10.0.2.109 52481 -> 8.8.8.8 53 INT 0 2 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:49:59.804725 3.004286 udp 10.0.2.109 52481 -> 8.8.4.4 53 INT 0 3 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:50:06.814011 0.000000 udp 10.0.2.109 52481 -> 8.8.8.8 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:50:06.814122 0.000000 udp 10.0.2.109 52481 -> 8.8.4.4 53 REQ 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:50:10.835815 1.711109 udp 10.0.2.109 137 -> 10.0.2.255 137 INT 0 3 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:50:10.875413 1.671511 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 3 360 flow=Background 1970/02/08 09:50:11.511308 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 09:50:13.290035 2.963934 tcp 10.0.2.109 55303 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:50:22.203963 0.000000 tcp 10.0.2.109 55303 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:50:26.862241 2.971709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 09:50:28.149045 0.049127 tcp 10.0.2.109 55304 -> 195.113.214.230 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:50:28.199040 3.721197 udp 10.0.2.109 137 -> 10.0.2.255 137 REQ 0 6 552 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:50:28.199128 3.721109 icmp 10.0.2.2 0x0003 -> 10.0.2.109 0x0a00 URN 192 6 720 flow=Background 1970/02/08 09:50:32.663859 2.991845 tcp 10.0.2.109 55305 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:50:33.804202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:50:41.654622 0.000000 tcp 10.0.2.109 55305 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:50:41.804544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:50:47.654190 0.228555 tcp 10.0.2.109 55306 -> 195.113.214.230 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:50:57.807865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:51:29.815944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:53:39.955198 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 09:53:39.955402 0.000112 tcp 10.0.2.109 55306 195.113.214.230 80 FA_A 0 0 2 108 flow=Background 1970/02/08 09:53:39.959583 0.000000 udp 10.0.2.109 63886 -> 8.8.8.8 53 INT 0 1 72 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:53:40.952629 1.253945 udp 10.0.2.109 63886 <-> 8.8.4.4 53 CON 0 0 3 282 flow=From-Botnet-V1-DNS 1970/02/08 09:53:42.207137 1.255151 tcp 10.0.2.109 55307 -> 77.67.96.198 80 SPA_* 0 0 5 541 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:53:51.696199 0.001119 tcp 10.0.2.109 55307 -> 77.67.96.198 80 FRA_* 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:53:51.882709 2.999902 tcp 10.0.2.109 55308 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:54:00.881035 0.000000 tcp 10.0.2.109 55308 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:54:06.880389 3.003636 tcp 10.0.2.109 55309 -> 195.113.214.230 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:54:15.882642 0.610871 tcp 10.0.2.109 55309 -> 195.113.214.230 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:54:46.997338 0.000111 tcp 10.0.2.109 55309 -> 195.113.214.230 80 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:54:46.998420 3.003223 tcp 10.0.2.109 55310 -> 77.67.96.198 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:54:53.246945 0.000132 tcp 10.0.2.109 55309 -> 195.113.214.230 80 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:54:56.000096 0.000000 tcp 10.0.2.109 55310 -> 77.67.96.198 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:55:39.953746 0.000000 tcp 10.0.2.109 55306 ?> 195.113.214.230 80 RA_ 0 1 54 flow=Background 1970/02/08 09:55:44.509960 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 09:56:34.963244 0.622408 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/08 09:56:35.586203 0.000000 udp 10.0.2.109 3683 -> 91.6.25.225 5333 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:56:39.509297 0.000169 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 09:56:52.339430 4.744501 tcp 10.0.2.109 55311 -> 195.113.214.230 80 SPA_* 0 0 6 605 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:57:33.819326 3.002437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 09:57:36.141047 0.000118 tcp 10.0.2.109 55311 -> 195.113.214.230 80 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:57:36.154587 3.000634 tcp 10.0.2.109 55312 -> 77.67.96.198 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:57:40.827566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:57:45.153593 0.000000 tcp 10.0.2.109 55312 -> 77.67.96.198 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:57:48.828878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:57:55.344066 0.000430 tcp 10.0.2.109 55312 -> 77.67.96.198 80 PA_SA 0 0 4 479 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:58:04.834341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:58:07.998460 0.350754 tcp 10.0.2.109 55312 -> 77.67.96.198 80 FRA_* 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:58:08.349599 0.000000 udp 10.0.2.109 3683 -> 128.91.150.163 9351 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:58:25.853370 1.247318 tcp 10.0.2.109 55313 -> 195.113.214.230 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:58:36.838038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 09:58:57.597955 0.000116 tcp 10.0.2.109 55313 -> 195.113.214.230 80 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:58:57.599030 0.263953 tcp 10.0.2.109 55314 -> 77.67.96.198 80 SPA_* 0 0 5 541 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:59:02.993836 0.001052 tcp 10.0.2.109 55314 -> 77.67.96.198 80 FRA_* 0 0 7 3262 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:59:02.995353 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 09:59:19.619849 0.228453 tcp 10.0.2.109 55315 -> 195.113.214.230 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:59:36.144853 0.000000 tcp 10.0.2.109 55311 ?> 195.113.214.230 80 RA_ 0 1 54 flow=Background 1970/02/08 09:59:50.346778 0.000099 tcp 10.0.2.109 55315 -> 195.113.214.230 80 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 09:59:50.347911 2.999816 tcp 10.0.2.109 55316 -> 77.67.96.198 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 09:59:59.356724 0.000000 tcp 10.0.2.109 55316 -> 77.67.96.198 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:00:07.007959 3.003792 tcp 10.0.2.109 55317 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:00:10.352830 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 10:00:16.010553 0.000000 tcp 10.0.2.109 55317 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:00:22.010539 3.003037 tcp 10.0.2.109 55318 -> 195.113.214.230 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:00:27.998072 3.004178 tcp 10.0.2.109 55319 -> 195.113.214.230 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:00:31.012138 0.000000 tcp 10.0.2.109 55318 -> 195.113.214.230 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:00:33.406610 0.000170 tcp 10.0.2.109 55316 -> 77.67.96.198 80 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:00:35.508383 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 10:00:37.000458 0.000000 tcp 10.0.2.109 55319 -> 195.113.214.230 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:00:42.018680 2.363276 tcp 10.0.2.109 55320 -> 77.67.96.157 80 FSRP* 0 0 9 2205 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:00:43.274069 0.000415 tcp 10.0.2.109 55319 -> 195.113.214.230 80 PA_SA 0 0 4 481 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:00:44.522836 3.003047 tcp 10.0.2.109 55321 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:00:53.528758 0.000000 tcp 10.0.2.109 55321 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:00:57.762710 0.000000 tcp 10.0.2.109 55313 ?> 195.113.214.230 80 RA_ 0 1 54 flow=Background 1970/02/08 10:00:59.672333 0.237952 tcp 10.0.2.109 55322 -> 195.113.214.207 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:01:29.726353 0.000085 tcp 10.0.2.109 55319 -> 195.113.214.230 80 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:01:29.746920 2.993947 tcp 10.0.2.109 55323 -> 77.67.96.157 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:01:38.739376 0.000000 tcp 10.0.2.109 55323 -> 77.67.96.157 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:01:43.520176 0.000075 tcp 10.0.2.109 55322 -> 195.113.214.207 80 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:01:43.520835 2.969393 tcp 10.0.2.109 55324 -> 77.67.96.157 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:01:49.526963 0.000155 tcp 10.0.2.109 55322 -> 195.113.214.207 80 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:01:49.767745 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 10:01:50.396294 0.000000 tcp 10.0.2.109 55315 ?> 195.113.214.230 80 RA_ 0 1 54 flow=Background 1970/02/08 10:01:51.020142 0.000149 tcp 10.0.2.109 55321 -> 176.73.169.112 1959 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:01:52.481382 0.000000 tcp 10.0.2.109 55324 -> 77.67.96.157 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:02:03.465063 3.114823 tcp 10.0.2.109 55325 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:02:07.535269 4.748156 tcp 10.0.2.109 55326 -> 195.113.214.207 80 SPA_* 0 0 6 605 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:02:12.527482 0.000000 tcp 10.0.2.109 55325 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:02:18.497048 2.973730 tcp 10.0.2.109 55327 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:02:27.469448 0.000000 tcp 10.0.2.109 55327 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:02:33.157817 0.000143 tcp 10.0.2.109 55323 -> 77.67.96.157 80 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:02:33.479076 1.245377 tcp 10.0.2.109 55328 -> 195.113.214.207 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:02:42.711499 0.000082 tcp 10.0.2.109 55326 -> 195.113.214.207 80 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:02:42.712184 3.490026 tcp 10.0.2.109 55329 -> 77.67.96.198 80 FSPA* 0 0 10 2259 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:02:46.202642 0.000000 udp 10.0.2.109 3683 -> 147.8.183.75 7621 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 10:03:03.601558 0.000073 tcp 10.0.2.109 55328 -> 195.113.214.207 80 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:03:03.602319 3.003079 tcp 10.0.2.109 55330 -> 77.67.96.198 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:03:03.741810 2.459496 tcp 10.0.2.109 55331 -> 195.113.214.207 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:03:12.265891 1.416602 tcp 10.0.2.109 55330 -> 77.67.96.198 80 FPA_* 0 0 9 2197 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:03:29.718863 0.000000 tcp 10.0.2.109 55319 ?> 195.113.214.230 80 RA_ 0 1 54 flow=Background 1970/02/08 10:03:36.699271 0.227968 tcp 10.0.2.109 55331 -> 195.113.214.207 80 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:03:36.701152 3.265684 tcp 10.0.2.109 55332 -> 77.67.96.198 80 SPA_* 0 0 6 603 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:03:45.379072 0.000867 tcp 10.0.2.109 55332 -> 77.67.96.198 80 FRA_* 0 0 4 1664 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:03:45.380318 0.000000 udp 10.0.2.109 3683 -> 70.80.185.236 5752 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 10:04:01.645417 2.993738 tcp 10.0.2.109 55333 -> 195.113.214.207 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:04:10.637645 0.000000 tcp 10.0.2.109 55333 -> 195.113.214.207 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:04:21.654433 2.993644 tcp 10.0.2.109 55334 -> 77.67.96.198 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:04:29.504827 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 10:04:30.656375 0.000000 tcp 10.0.2.109 55334 -> 77.67.96.198 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:04:32.934019 0.000305 tcp 10.0.2.109 55333 -> 195.113.214.207 80 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:04:41.662737 0.588070 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:04:42.714018 0.000000 tcp 10.0.2.109 55326 ?> 195.113.214.207 80 RA_ 0 1 54 flow=Background 1970/02/08 10:04:46.198888 0.000000 tcp 10.0.2.109 55329 ?> 77.67.96.198 80 RA_ 0 1 54 flow=Background 1970/02/08 10:04:57.858591 3.001395 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 10:04:58.317119 2.993969 tcp 10.0.2.109 55335 -> 195.113.214.222 80 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:05:03.603884 0.000000 tcp 10.0.2.109 55328 ?> 195.113.214.207 80 RA_ 0 1 54 flow=Background 1970/02/08 10:05:04.865990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:05:06.282005 0.000292 tcp 10.0.2.109 55334 -> 77.67.96.198 80 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:07.309099 0.000000 tcp 10.0.2.109 55335 -> 195.113.214.222 80 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:05:12.867524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:05:13.678560 0.000000 tcp 10.0.2.109 55330 ?> 77.67.96.198 80 RA_ 0 1 54 flow=Background 1970/02/08 10:05:18.325721 1.615901 tcp 10.0.2.109 55336 -> 77.67.96.157 80 FSPA* 0 0 10 2259 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:18.505515 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 10:05:19.942017 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 10:05:28.870525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:05:34.029189 0.000137 tcp 10.0.2.109 55335 -> 195.113.214.222 80 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:37.243080 0.050462 tcp 10.0.2.109 55337 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:37.296569 0.010474 udp 10.0.2.109 64747 <-> 8.8.8.8 53 CON 0 0 2 386 flow=From-Botnet-V1-DNS 1970/02/08 10:05:37.307468 0.076787 tcp 10.0.2.109 55338 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:37.384523 0.564820 tcp 10.0.2.109 55339 -> 195.113.214.249 443 SRPA* 0 0 79 87155 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:37.950023 0.418979 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:38.370955 4.745356 tcp 10.0.2.109 55340 -> 27.54.121.253 8878 SPA_* 0 0 108 77781 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:38.621237 0.000172 tcp 10.0.2.109 55336 -> 77.67.96.157 80 RA_A 0 0 2 1528 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:38.923105 0.180037 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:39.069991 0.169890 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:39.214996 0.149664 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:39.407248 0.092889 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:39.479373 0.154717 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:39.797627 0.219432 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:39.995492 0.308914 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:40.484233 0.165342 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:40.638655 0.397526 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:41.016762 0.337906 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:41.519634 0.593081 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:42.073183 0.139207 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:42.198808 0.081685 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:42.264054 0.235909 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:42.461559 0.405200 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:42.849998 0.238444 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:43.101731 0.390865 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:05:43.544634 4.755872 tcp 10.0.2.109 55340 -> 27.54.121.253 8878 A_PA 0 0 137 105702 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:48.712394 4.973494 tcp 10.0.2.109 55340 -> 27.54.121.253 8878 A_PA 0 0 141 105918 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:53.907590 4.765484 tcp 10.0.2.109 55340 -> 27.54.121.253 8878 A_PA 0 0 133 105486 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:05:59.102716 4.703637 tcp 10.0.2.109 55340 -> 27.54.121.253 8878 A_PA 0 0 131 105378 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:06:00.876220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:06:04.235951 4.847608 tcp 10.0.2.109 55340 -> 27.54.121.253 8878 A_PA 0 0 121 104838 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:06:09.435879 3.557357 tcp 10.0.2.109 55340 -> 27.54.121.253 8878 FPA_* 0 0 78 55142 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:08:14.188585 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 10:08:14.188780 3.003177 tcp 10.0.2.109 55341 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:08:23.190918 0.000000 tcp 10.0.2.109 55341 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 10:08:29.191521 0.050675 tcp 10.0.2.109 55342 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:08:29.242500 0.075896 tcp 10.0.2.109 55343 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:08:29.318715 0.171006 tcp 10.0.2.109 55344 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:08:29.589605 0.604601 tcp 10.0.2.109 55345 -> 176.73.169.112 1959 FSPA* 0 0 14 1580 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:12:13.884795 3.001973 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 10:12:20.892651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:12:28.894024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:12:44.896865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:13:16.903185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:19:20.908564 3.002372 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 10:19:27.916465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:19:35.918363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:19:51.921219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:20:23.926853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:26:27.933585 3.011756 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 10:26:34.950919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:26:42.952170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:26:58.955911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:27:30.961231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:33:34.966760 3.006849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 10:33:41.974907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:33:49.976280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:34:05.979769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:34:37.992332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:35:51.341031 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 10:35:51.341191 0.106488 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:35:51.466225 0.000000 udp 10.0.2.109 3683 -> 91.6.25.225 5333 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 10:36:07.455627 0.052364 tcp 10.0.2.109 55346 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:36:07.508334 0.073093 tcp 10.0.2.109 55347 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:36:07.581737 0.195234 tcp 10.0.2.109 55348 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:36:07.777636 0.052747 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:07.893509 0.052841 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:07.998764 0.172179 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:08.167910 0.364058 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:08.563761 0.000000 udp 10.0.2.109 3683 -> 70.80.185.236 5752 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 10:36:24.178619 0.050664 tcp 10.0.2.109 55349 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:36:24.229594 0.076483 tcp 10.0.2.109 55350 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:36:24.306407 0.155236 tcp 10.0.2.109 55351 -> 195.113.214.249 443 SRPA* 0 0 21 13070 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:36:24.462313 0.334356 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:24.777133 0.160309 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:24.936225 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 10:36:41.363171 0.065035 tcp 10.0.2.109 55352 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:36:41.428505 0.074756 tcp 10.0.2.109 55353 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:36:41.503513 0.173037 tcp 10.0.2.109 55354 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:36:41.677210 0.412253 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:42.164089 0.179685 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:42.313212 0.168074 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:42.459396 0.169655 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:42.621259 0.093063 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:42.695147 0.153906 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:42.850383 0.169099 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:43.007731 0.218121 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:43.203343 0.308663 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:43.582335 0.384993 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:43.947479 0.346996 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:36:44.304476 0.000000 udp 10.0.2.109 3683 -> 75.48.14.191 8955 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 10:37:00.881343 0.049635 tcp 10.0.2.109 55355 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:37:00.931304 0.067893 tcp 10.0.2.109 55356 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:37:00.999521 0.158270 tcp 10.0.2.109 55357 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:37:01.158464 0.136845 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:37:01.255389 0.087653 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:37:01.325316 0.241823 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:37:01.527277 0.403907 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:37:01.913891 0.205457 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:37:02.066230 0.349620 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/08 10:38:30.199435 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 10:38:30.199632 0.800137 tcp 10.0.2.109 55358 -> 176.73.169.112 1959 FSPA* 0 0 14 1513 flow=From-Botnet-V1-TCP-Established 1970/02/08 10:40:41.991316 3.001511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 10:40:48.998569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:40:57.000423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:41:13.002834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:41:45.009112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:47:49.021639 2.998095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 10:47:56.026605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:48:04.023957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:48:20.026933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:48:52.033124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:55:34.043967 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 10:55:41.051023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:55:49.052565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:56:05.055915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 10:56:37.061750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:02:49.069149 3.001808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 11:02:56.076956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:03:04.078036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:03:20.080994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:03:52.087214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:07:06.266930 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 11:07:06.267099 0.000000 udp 10.0.2.109 3683 -> 70.80.185.236 5752 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 11:07:24.093529 0.050111 tcp 10.0.2.109 55359 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:07:24.143890 0.073025 tcp 10.0.2.109 55360 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:07:24.217204 0.165715 tcp 10.0.2.109 55361 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:07:24.383451 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 11:07:41.998075 0.049369 tcp 10.0.2.109 55362 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:07:42.047747 0.074105 tcp 10.0.2.109 55363 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:07:42.122117 0.169621 tcp 10.0.2.109 55364 -> 195.113.214.249 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:07:42.292259 0.245797 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:07:42.504152 0.105577 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:07:42.619688 0.053299 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:07:42.686430 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 11:08:01.536349 0.049792 tcp 10.0.2.109 55365 -> 195.113.214.234 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:08:01.586390 0.073483 tcp 10.0.2.109 55366 -> 195.113.214.249 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:08:01.660190 0.157157 tcp 10.0.2.109 55367 -> 195.113.214.249 443 SRPA* 0 0 23 12929 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:08:01.817871 0.336772 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:02.154062 0.172619 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:02.322986 0.151391 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 1947 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:02.473447 0.352033 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:02.802916 0.432408 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:03.236593 0.174479 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:03.383893 0.162649 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:03.540299 0.096474 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:03.614383 0.155259 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:03.793678 0.163935 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:03.947570 0.178226 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:04.096359 0.221323 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2553 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:04.294622 0.310322 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:04.640977 0.395327 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:05.015315 0.341533 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:05.365525 0.313827 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:05.638798 0.086391 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:05.707391 0.237116 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:05.904864 0.410961 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:06.298345 0.198729 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:06.445490 0.351023 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:08:30.998885 0.604357 tcp 10.0.2.109 55368 -> 176.73.169.112 1959 FSPA* 0 0 14 1576 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:09:56.093048 3.001987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 11:10:03.100990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:10:11.105098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:10:27.105231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:10:59.111216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:17:03.117437 3.003383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 11:17:10.124454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:17:18.126497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:17:34.129284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:18:06.135536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:24:10.141742 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 11:24:17.148660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:24:25.150200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:24:41.162993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:25:13.169201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:31:17.179341 2.997727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 11:31:24.182669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:31:32.185246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:31:48.186961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:32:20.193007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:38:10.757437 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 11:38:10.757605 0.047484 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:10.802374 0.118149 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:10.991330 0.247606 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:11.201226 0.052558 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:11.255708 0.153231 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:11.407604 0.384030 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:11.809085 0.335408 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:12.144034 0.235728 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:12.465988 0.327266 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:12.897686 0.167355 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:13.040640 0.398662 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:13.203710 0.094095 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:13.377163 0.156650 udp 10.0.2.109 3683 <-> 97.88.147.221 7504 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:13.544667 0.162529 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:13.695634 0.310048 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:14.018500 0.000000 udp 10.0.2.109 3683 -> 67.70.206.179 1365 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 11:38:24.199766 3.001058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 11:38:31.205990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:38:31.607061 1.445545 tcp 10.0.2.109 55369 -> 176.73.169.112 1959 FSPA* 0 0 12 1590 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:38:31.678482 0.054280 tcp 10.0.2.109 55370 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:38:31.733114 0.077803 tcp 10.0.2.109 55371 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:38:31.811155 0.163827 tcp 10.0.2.109 55372 -> 195.113.214.249 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/08 11:38:31.975516 0.218162 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:32.172255 0.395192 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:33.640770 0.344319 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:34.212562 0.141066 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:34.307558 0.081386 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:34.373131 0.239426 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:34.571655 0.354316 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:34.922210 0.411016 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:35.315557 0.209783 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/08 11:38:39.207909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:38:55.211326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:39:27.217310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:45:31.223547 3.001441 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 11:45:38.230899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:45:46.232066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:46:02.234980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:46:34.243196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:54:26.251940 3.002244 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 11:54:33.259503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:54:41.261330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:54:57.264303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 11:55:29.271029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:01:55.287418 3.002143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 12:02:02.295229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:02:10.299182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:02:26.299999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:02:58.305813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:08:33.057895 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:08:33.058041 0.694072 tcp 10.0.2.109 55373 -> 176.73.169.112 1959 FSPA* 0 0 14 1616 flow=From-Botnet-V1-TCP-Established 1970/02/08 12:09:00.576969 0.178178 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:00.725637 0.050280 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:00.797255 0.105953 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:00.918867 0.159936 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:01.071583 0.387306 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:01.440014 0.538410 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:01.944853 0.054104 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:02.116009 0.322793 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:02.525778 0.339508 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:02.967892 0.179633 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:03.142339 0.093822 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:03.261601 0.000000 udp 10.0.2.109 3683 -> 97.88.147.221 7504 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:09:09.311730 3.001998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 12:09:16.319359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:09:18.854761 0.053131 tcp 10.0.2.109 55374 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 12:09:18.908162 0.075992 tcp 10.0.2.109 55375 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 12:09:18.984482 0.158386 tcp 10.0.2.109 55376 -> 195.113.214.249 443 SRPA* 0 0 46 24950 flow=From-Botnet-V1-TCP-Established 1970/02/08 12:09:19.143532 0.165538 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:19.300038 0.310826 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:19.612124 0.171491 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:19.761139 0.276890 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:19.941904 0.218930 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:20.138408 0.398572 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:20.515523 0.337726 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:20.854965 0.136136 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:20.953044 0.086663 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:21.023509 0.238761 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:21.221401 0.353268 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:21.570913 0.414054 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:21.967804 0.209435 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:09:24.321172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:09:40.323757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:10:12.329826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:16:16.336002 3.001756 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 12:16:23.343424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:16:31.344827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:16:47.348115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:17:19.353914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:23:23.359898 3.001941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 12:23:30.367172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:23:38.369557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:23:54.372191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:24:26.378408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:30:30.384008 3.001319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 12:30:37.391289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:30:45.393005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:31:01.395761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:31:33.403451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:37:37.407915 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 12:37:44.415386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:37:52.416794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:38:08.419549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:38:33.756624 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:38:33.756791 0.653495 tcp 10.0.2.109 55377 -> 176.73.169.112 1959 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/02/08 12:38:40.426660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:39:22.646326 0.000000 udp 10.0.2.109 3683 -> 97.88.147.221 7504 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:39:27.503154 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:39:39.712749 0.052153 tcp 10.0.2.109 55378 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 12:39:39.765221 0.072347 tcp 10.0.2.109 55379 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 12:39:39.837853 0.137694 tcp 10.0.2.109 55380 -> 195.113.214.249 443 SRPA* 0 0 35 27765 flow=From-Botnet-V1-TCP-Established 1970/02/08 12:39:39.976060 0.095762 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:40.172368 0.176085 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:40.734596 0.045389 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:40.777463 0.799186 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:41.541584 0.153578 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:41.886000 0.366392 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:42.232061 0.052551 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:42.299041 0.328324 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:42.634741 0.323532 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:42.957125 0.174833 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:43.129020 0.093565 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:43.274027 0.162230 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:43.428031 0.311215 rtcp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:43.740744 0.170890 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:43.886991 0.146560 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:44.025778 0.337165 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:44.376899 0.136429 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:44.475207 0.219062 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:44.673426 0.392215 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:45.047907 0.085113 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:45.116524 0.241047 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:45.317062 0.354044 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:45.667010 0.407393 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:46.054093 0.211433 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:46.214681 0.329246 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 3256 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:46.514709 0.094767 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3089 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:46.606827 0.186223 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 8 2981 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:46.794901 1.817389 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 8 2833 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:48.581138 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 REQ 0 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:39:53.751508 0.102209 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3067 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:53.862555 0.656487 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 8 2875 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:54.520110 0.644649 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 3002 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:55.166508 0.706156 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 8 2979 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:55.856794 0.637311 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3131 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:56.491577 0.159679 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 8 3264 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:56.632070 0.322046 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 8 2973 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:56.948175 0.623197 rtcp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 3117 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:57.578736 0.309054 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3013 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:57.863856 0.674855 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 8 3102 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:58.570798 0.207289 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 8 3236 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:58.739463 0.436548 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 8 3094 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:59.154608 0.382823 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3274 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:39:59.530329 0.768487 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 8 2800 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:40:00.282742 0.148844 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3071 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:40:00.416642 0.447916 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 8 3214 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:40:00.821805 0.702768 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3097 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:40:01.521039 0.361692 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 8 3199 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:40:01.822156 0.792477 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 8 3219 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:40:02.597990 0.634269 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 8 2917 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:40:03.244882 0.000000 udp 10.0.2.109 3683 -> 95.234.93.54 2953 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:40:09.413697 0.000000 udp 10.0.2.109 3683 -> 187.174.119.158 4826 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:40:16.884731 0.000000 udp 10.0.2.109 3683 -> 217.202.90.177 8339 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:40:23.964841 0.000000 udp 10.0.2.109 3683 -> 92.251.3.111 8911 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:40:28.501247 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:40:29.082010 0.000000 udp 10.0.2.109 3683 -> 46.47.234.194 9441 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:40:36.573095 0.000000 udp 10.0.2.109 3683 -> 77.10.247.45 3056 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:40:44.344122 0.000000 udp 10.0.2.109 3683 -> 78.172.130.83 5944 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:40:52.916756 0.000000 udp 10.0.2.109 3683 -> 173.251.120.42 9546 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:40:59.976269 0.000000 udp 10.0.2.109 3683 -> 72.27.119.193 3756 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:41:08.198204 0.000000 udp 10.0.2.109 3683 -> 151.33.77.31 4522 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:41:13.004847 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:41:13.905992 0.000000 udp 10.0.2.109 3683 -> 77.108.52.51 7448 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:41:19.444468 0.000000 udp 10.0.2.109 3683 -> 120.151.212.206 7401 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:41:27.536118 0.792024 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 8 3105 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:41:28.385537 0.000000 udp 10.0.2.109 3683 -> 186.6.38.143 2209 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:41:36.609496 0.000000 udp 10.0.2.109 3683 -> 90.213.111.43 3532 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:41:42.537888 0.000000 udp 10.0.2.109 3683 -> 95.250.42.70 5104 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:41:48.466591 0.000000 udp 10.0.2.109 3683 -> 203.45.119.254 3230 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:41:53.933574 0.000000 udp 10.0.2.109 3683 -> 62.252.11.112 3060 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:41:58.511000 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:42:02.416640 0.000000 udp 10.0.2.109 3683 -> 86.135.183.208 4140 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:42:07.443432 0.000000 udp 10.0.2.109 3683 -> 5.64.128.64 3086 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:42:15.865016 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:42:24.828747 0.000000 udp 10.0.2.109 3683 -> 83.24.3.56 7616 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:42:33.621038 0.000000 udp 10.0.2.109 3683 -> 95.254.205.218 6381 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:42:39.529904 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:42:44.506709 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:42:46.690053 0.000000 udp 10.0.2.109 3683 -> 79.41.20.220 5731 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:42:52.019860 0.000000 udp 10.0.2.109 3683 -> 78.174.211.175 9084 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:42:59.514642 0.000000 udp 10.0.2.109 3683 -> 91.39.100.229 9714 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:43:06.098060 0.000000 udp 10.0.2.109 3683 -> 68.204.186.48 2741 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:43:11.987788 0.000000 udp 10.0.2.109 3683 -> 108.20.54.46 7824 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:43:20.788994 0.000000 udp 10.0.2.109 3683 -> 88.253.188.142 1755 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:43:27.678853 0.000000 udp 10.0.2.109 3683 -> 123.201.85.249 5872 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:43:32.505812 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:43:34.719274 0.000000 udp 10.0.2.109 3683 -> 69.119.25.96 8047 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:43:40.126525 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:43:45.794842 0.000000 udp 10.0.2.109 3683 -> 83.254.49.146 1329 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:43:52.484523 0.000000 udp 10.0.2.109 3683 -> 94.156.9.242 5252 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:01.367538 0.000000 udp 10.0.2.109 3683 -> 67.176.212.131 7101 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:09.128811 0.000000 udp 10.0.2.109 3683 -> 157.122.144.90 3414 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:15.399006 0.105713 udp 10.0.2.109 3683 -> 79.107.3.12 1024 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:15.504719 0.000000 icmp 79.107.3.12 0x0303 -> 10.0.2.109 0x0004 URP 192 1 192 flow=Background 1970/02/08 12:44:20.006690 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:44:20.676269 0.000000 udp 10.0.2.109 3683 -> 46.1.93.189 7998 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:28.616501 0.000000 udp 10.0.2.109 3683 -> 212.18.43.213 4375 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:36.027075 0.000000 udp 10.0.2.109 3683 -> 97.100.49.217 6844 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:41.775605 0.000000 udp 10.0.2.109 3683 -> 78.7.191.122 4300 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:44.436263 2.997150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 12:44:48.905043 0.000000 udp 10.0.2.109 3683 -> 87.164.47.88 9189 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:51.439079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:44:56.586584 0.000000 udp 10.0.2.109 3683 -> 95.240.184.129 2287 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:44:59.441060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:45:01.754946 0.000000 udp 10.0.2.109 3683 -> 186.95.106.108 6390 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:45:06.510809 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:45:09.004886 0.000000 udp 10.0.2.109 3683 -> 95.137.136.115 4567 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:45:15.444244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:45:15.954554 0.000000 udp 10.0.2.109 3683 -> 78.110.74.80 5397 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:45:24.129824 0.380411 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 8 3200 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:45:24.604926 0.000000 udp 10.0.2.109 3683 -> 94.86.169.242 4073 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:45:30.025477 0.000000 udp 10.0.2.109 3683 -> 74.218.32.44 1243 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:45:37.971710 0.000000 udp 10.0.2.109 3683 -> 89.242.123.226 3578 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:45:46.348649 0.000000 udp 10.0.2.109 3683 -> 80.2.14.110 3225 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:45:47.449761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:45:51.004816 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:45:52.746969 0.000000 udp 10.0.2.109 3683 -> 79.45.175.227 1111 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:46:01.379977 0.000000 udp 10.0.2.109 3683 -> 211.3.248.168 1444 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:46:07.058274 0.717796 udp 10.0.2.109 3683 <-> 1.162.201.11 1190 CON 0 0 8 3159 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:46:07.807869 0.000000 udp 10.0.2.109 3683 -> 67.136.102.211 3182 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:46:14.488628 0.000000 udp 10.0.2.109 3683 -> 93.34.181.136 6279 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:46:21.369201 0.000000 udp 10.0.2.109 3683 -> 79.38.212.8 1959 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:46:28.338738 0.000000 udp 10.0.2.109 3683 -> 213.97.83.100 8510 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:46:33.485987 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:46:38.004999 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:46:42.028912 0.000000 udp 10.0.2.109 3683 -> 187.174.144.86 1299 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:46:49.610353 0.186057 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 8 3205 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:46:49.871481 0.000000 udp 10.0.2.109 3683 -> 66.49.127.38 7089 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:46:57.691145 0.000000 udp 10.0.2.109 3683 -> 94.0.230.93 7954 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:47:03.119258 0.000000 udp 10.0.2.109 3683 -> 210.210.116.215 8899 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:47:11.851170 0.000000 udp 10.0.2.109 3683 -> 95.241.211.100 3660 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:47:17.475194 0.000000 udp 10.0.2.109 3683 -> 81.74.145.38 7067 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:47:25.570740 0.000000 udp 10.0.2.109 3683 -> 177.179.172.159 3350 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:47:30.507913 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:47:33.231956 0.000000 udp 10.0.2.109 3683 -> 93.213.62.140 2833 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:47:38.569482 0.000000 udp 10.0.2.109 3683 -> 93.148.116.50 5298 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:47:47.432534 0.000000 udp 10.0.2.109 3683 -> 79.10.203.206 9650 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:47:53.921648 0.112074 rtp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 8 3105 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:47:54.140903 0.000000 udp 10.0.2.109 3683 -> 87.22.70.97 8091 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:47:59.579897 0.000000 udp 10.0.2.109 3683 -> 151.77.127.89 4539 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:48:06.359338 0.000000 udp 10.0.2.109 3683 -> 46.190.115.87 9452 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:48:13.119382 0.000000 udp 10.0.2.109 3683 -> 84.160.237.165 6050 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:48:18.005937 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:48:18.887212 0.000000 udp 10.0.2.109 3683 -> 210.212.233.100 9504 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:48:24.515580 1.257231 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 8 3131 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:48:25.633640 0.000000 udp 10.0.2.109 3683 -> 88.40.196.86 8649 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:48:33.198508 0.000000 udp 10.0.2.109 3683 -> 83.248.120.197 2772 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:48:40.939722 0.295282 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 8 3064 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:48:41.694673 0.000000 udp 10.0.2.109 3683 -> 79.1.83.20 8022 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:48:46.787785 0.567310 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 8 3020 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:48:47.383513 0.000000 udp 10.0.2.109 3683 -> 93.229.225.133 3320 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:48:55.640336 0.000000 udp 10.0.2.109 3683 -> 186.6.12.157 2502 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:49:02.891715 0.102285 udp 10.0.2.109 3683 -> 82.189.216.74 5286 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:49:02.994000 0.000000 icmp 31.195.110.78 0x0303 -> 10.0.2.109 0xa614 URP 192 1 248 flow=Background 1970/02/08 12:49:07.507325 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:49:08.739440 0.168182 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 8 2749 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:49:08.909406 0.000000 udp 10.0.2.109 3683 -> 78.8.62.222 5622 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:49:17.201491 0.000000 udp 10.0.2.109 3683 -> 87.1.43.63 1084 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:49:25.825553 0.000000 udp 10.0.2.109 3683 -> 173.179.186.217 2076 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:49:32.032957 0.000000 udp 10.0.2.109 3683 -> 46.197.51.226 1319 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:49:39.213392 0.823200 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 8 3300 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:49:40.115999 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 9244 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:49:46.483501 0.000000 udp 10.0.2.109 3683 -> 79.33.245.21 1165 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:49:53.032924 0.000000 udp 10.0.2.109 3683 -> 31.208.21.161 7066 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:49:58.009913 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:49:58.390573 0.000000 udp 10.0.2.109 3683 -> 2.232.190.7 6125 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:50:07.073270 0.151600 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 8 2919 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:50:07.325577 0.000000 udp 10.0.2.109 3683 -> 188.238.34.178 1156 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:50:14.413698 0.000000 udp 10.0.2.109 3683 -> 41.58.199.186 6119 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:50:19.771282 0.000000 udp 10.0.2.109 3683 -> 95.5.66.208 9492 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:50:25.209188 0.000000 udp 10.0.2.109 3683 -> 39.227.25.228 6499 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:50:31.728978 0.113276 rtp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 8 3065 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:50:31.868693 0.000000 udp 10.0.2.109 3683 -> 71.196.43.226 7410 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:50:38.799016 0.000000 udp 10.0.2.109 3683 -> 66.172.160.135 2393 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:50:43.505272 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:50:45.107737 0.000000 udp 10.0.2.109 3683 -> 95.238.61.221 6708 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:50:51.356558 0.000000 udp 10.0.2.109 3683 -> 2.223.19.42 9772 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:50:59.098239 0.112114 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 8 2859 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:50:59.241138 0.000000 udp 10.0.2.109 3683 -> 82.147.66.13 3871 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:51:06.889210 0.703916 udp 10.0.2.109 3683 <-> 115.234.219.8 1774 CON 0 0 8 2869 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:51:07.640657 0.000000 udp 10.0.2.109 3683 -> 70.79.1.136 6679 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:51:16.442795 0.000000 udp 10.0.2.109 3683 -> 79.5.150.126 9996 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:51:24.414503 0.190199 rtp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 8 3130 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:51:24.691992 0.000000 udp 10.0.2.109 3683 -> 108.176.65.152 4615 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:51:29.010981 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:51:32.676446 0.000000 udp 10.0.2.109 3683 -> 94.132.120.17 6266 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:51:39.656295 0.000000 udp 10.0.2.109 3683 -> 125.194.232.171 8656 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:51:45.835168 0.000000 udp 10.0.2.109 3683 -> 92.108.194.250 4330 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:51:54.507911 0.753674 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 8 3004 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:51:55.344657 0.000000 udp 10.0.2.109 3683 -> 82.12.179.36 5755 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:52:04.207622 0.000000 udp 10.0.2.109 3683 -> 212.76.77.154 9349 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:52:13.154974 0.187751 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 8 3059 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:52:13.396689 0.000000 udp 10.0.2.109 3683 -> 83.236.229.230 4977 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:52:18.005227 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 12:52:21.436559 0.000000 udp 10.0.2.109 3683 -> 212.253.26.236 8344 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:52:29.597931 0.000000 udp 10.0.2.109 3683 -> 70.50.227.57 6630 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:52:37.989714 0.000000 udp 10.0.2.109 3683 -> 176.73.222.111 6122 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 12:52:46.592316 0.315040 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 8 2987 flow=From-Botnet-V1-UDP-Established 1970/02/08 12:54:03.469429 3.004904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 12:54:10.472913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:54:18.475613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:54:34.478390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 12:55:06.483455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:01:10.488979 3.002352 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 13:01:17.497115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:01:25.498946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:01:41.511475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:02:13.517906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:08:25.525126 3.001501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 13:08:32.532729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:08:34.415842 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 13:08:34.415946 0.487601 tcp 10.0.2.109 55381 -> 176.73.169.112 1959 FSPA* 0 0 14 1555 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:08:40.533777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:08:56.536864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:09:28.542852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:15:32.548054 3.002878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 13:15:39.555907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:15:47.557887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:16:03.561905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:16:35.568024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:22:39.585558 2.998934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 13:22:46.590645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:22:54.591890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:22:57.106112 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 13:22:57.106330 0.148539 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:57.255310 0.177800 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:57.411710 0.051560 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:57.460170 0.408387 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:57.831582 0.051566 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:58.016626 0.336819 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:58.353109 0.323161 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:58.696405 0.373643 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:59.049302 0.085985 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:59.116210 0.162670 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:59.270712 0.172550 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:59.439770 0.311516 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:59.805240 0.170191 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:22:59.950764 0.341970 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:00.322570 0.134872 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:00.422043 0.227116 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:00.628679 0.153459 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:00.774376 0.386511 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:01.144098 0.080172 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:01.206982 0.243916 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:01.408906 0.193836 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:01.560859 0.352454 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:01.909498 0.407094 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:02.299593 0.318560 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:02.634699 0.402869 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:03.019254 0.192654 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:03.208112 0.360783 udp 10.0.2.109 3683 <-> 1.162.201.11 1190 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:03.565720 0.114340 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:03.643255 0.055696 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:03.722031 0.678277 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:04.159244 0.084301 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:04.240500 0.353492 udp 10.0.2.109 3683 <-> 115.234.219.8 1774 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:04.592684 0.294220 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:04.913830 0.108453 rtp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:05.003137 0.092477 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:05.068671 0.425206 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:05.448805 0.297201 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:05.734401 0.071702 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:05.808638 0.093689 rtp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:05.939799 0.059044 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:06.025881 0.057699 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:06.093938 0.168973 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:23:10.594807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:23:42.600895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:29:46.607325 3.065410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 13:29:53.645184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:30:01.626022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:30:17.628973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:30:49.634954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:36:53.641367 3.001305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 13:37:00.648425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:37:08.649588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:37:24.652844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:37:56.658898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:38:34.904097 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 13:38:34.904289 0.466539 tcp 10.0.2.109 55382 -> 176.73.169.112 1959 FSPA* 0 0 15 1790 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:44:00.670867 2.998554 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 13:44:07.671588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:44:15.673697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:44:31.677006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:45:03.682818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:53:14.781169 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 13:53:14.781389 0.044160 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:14.823692 0.254236 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:15.035675 0.051930 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:15.102857 0.093370 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:15.231684 0.175726 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:15.377093 0.329691 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:15.758582 0.334741 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:16.115287 0.351155 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:16.447671 0.087932 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:16.523149 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 13:53:28.693116 3.000017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 13:53:34.258995 0.052735 tcp 10.0.2.109 55383 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:53:34.312002 0.064486 tcp 10.0.2.109 55384 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:53:34.376769 0.137209 tcp 10.0.2.109 55385 -> 195.113.214.249 443 SRPA* 0 0 36 26969 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:53:34.514529 0.172168 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:34.683798 0.310825 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:35.042762 0.170498 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:35.191256 0.438724 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:35.608083 0.149282 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:35.698940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:53:35.749588 0.336702 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:36.087853 0.137504 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:36.184942 0.386602 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:36.554806 0.082704 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:36.618344 0.241459 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:36.818373 0.183571 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:36.990236 0.354711 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:37.406856 0.411070 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:37.805054 0.317360 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:38.125869 0.356656 udp 10.0.2.109 3683 <-> 1.162.201.11 1190 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:38.479485 0.110273 rtp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:38.551987 0.055784 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:38.653580 0.405456 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:39.039764 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 13:53:43.700753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:53:55.297740 0.052966 tcp 10.0.2.109 55386 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:53:55.350984 0.063408 tcp 10.0.2.109 55387 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:53:55.414679 0.163268 tcp 10.0.2.109 55388 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:53:55.578625 0.718229 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2567 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:56.038569 0.249407 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:56.271226 0.353992 rtp 10.0.2.109 3683 <-> 115.234.219.8 1774 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:53:56.623285 0.000000 udp 10.0.2.109 3683 -> 190.18.51.206 8784 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 13:53:59.703235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 13:54:12.673011 0.052285 tcp 10.0.2.109 55389 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:54:12.725580 0.060641 tcp 10.0.2.109 55390 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:54:12.786528 0.153952 tcp 10.0.2.109 55391 -> 195.113.214.249 443 SRPA* 0 0 41 34598 flow=From-Botnet-V1-TCP-Established 1970/02/08 13:54:12.941113 0.108648 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:54:13.029272 0.479715 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:54:13.496161 0.072082 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:54:13.634669 0.093401 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:54:13.738214 0.057783 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:54:13.818577 0.090331 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:54:13.883485 0.422934 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:54:14.274518 0.056810 rtp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:54:14.362450 0.166864 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/08 13:54:31.709463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:00:35.714591 3.002431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 14:00:42.722802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:00:50.724085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:01:10.178661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:01:41.762275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:07:42.749455 3.001706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 14:07:49.756904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:07:57.758184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:08:13.760787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:08:35.373905 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 14:08:35.374018 0.542132 tcp 10.0.2.109 55392 -> 176.73.169.112 1959 FSPA* 0 0 14 1527 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:08:45.767479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:14:49.773058 3.002009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 14:14:56.781012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:15:04.782374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:15:20.785322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:15:52.791515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:21:56.796821 3.002318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 14:22:03.804405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:22:11.806644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:22:27.809205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:22:59.815029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:24:28.613690 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 14:24:28.613873 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:24:47.542514 0.054343 tcp 10.0.2.109 55393 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:24:47.597174 0.063224 tcp 10.0.2.109 55394 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:24:47.660761 0.152732 tcp 10.0.2.109 55395 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:24:47.814248 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:25:04.197132 0.052718 tcp 10.0.2.109 55396 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:04.250241 0.061362 tcp 10.0.2.109 55397 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:04.311882 0.158183 tcp 10.0.2.109 55398 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:04.470727 0.000000 udp 10.0.2.109 3683 -> 190.18.51.206 8784 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:25:20.257614 0.052340 tcp 10.0.2.109 55399 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:20.310381 0.065189 tcp 10.0.2.109 55400 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:20.375879 0.157624 tcp 10.0.2.109 55401 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:20.534094 0.177062 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:20.880396 0.105462 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:21.021463 0.044537 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2593 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:21.064268 0.051635 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:21.183442 0.246089 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:21.395816 0.350947 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:21.746427 0.325755 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:22.184504 0.388470 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:22.592945 0.087098 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:22.709981 0.172733 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:22.880036 0.168887 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:23.024420 0.330358 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:23.393768 0.148972 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:23.534359 0.219255 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:23.732129 0.387981 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:24.096715 0.339336 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:24.458637 0.233156 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:24.653942 0.084391 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:24.720605 0.240830 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:24.921728 0.204381 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:25.072999 0.350614 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:25.419942 0.401841 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:25.804332 0.317750 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:26.142269 0.000000 udp 10.0.2.109 3683 -> 1.162.201.11 1190 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:25:41.904029 0.052900 tcp 10.0.2.109 55402 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:41.957264 0.065541 tcp 10.0.2.109 55403 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:42.023113 0.152774 tcp 10.0.2.109 55404 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:42.176415 0.107632 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:25:42.248744 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:25:58.205751 0.052956 tcp 10.0.2.109 55405 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:58.258996 0.060407 tcp 10.0.2.109 55406 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:58.319652 0.151301 tcp 10.0.2.109 55407 -> 195.113.214.249 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:25:58.471636 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:26:14.575835 0.055435 tcp 10.0.2.109 55408 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:26:14.631540 0.063379 tcp 10.0.2.109 55409 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:26:14.695254 0.159765 tcp 10.0.2.109 55410 -> 195.113.214.249 443 SRPA* 0 0 23 12308 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:26:14.855511 0.725226 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:15.321471 0.346087 udp 10.0.2.109 3683 <-> 115.234.219.8 1774 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:15.666259 0.250237 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:15.900072 0.095490 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 3 1038 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:33.192626 0.053138 tcp 10.0.2.109 55411 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:26:33.246332 0.065373 tcp 10.0.2.109 55412 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:26:33.311996 0.158172 tcp 10.0.2.109 55413 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:26:33.470686 0.073559 rtcp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:33.656240 0.095433 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:33.954543 0.058601 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:34.052304 0.097042 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:34.123074 0.437324 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:34.549325 0.167176 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:34.742705 0.418779 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:26:35.117723 0.056577 udp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:29:03.820932 3.001993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 14:29:10.828905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:29:18.830439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:29:34.834963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:30:06.846885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:36:10.857158 2.999944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 14:36:17.862940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:36:25.864002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:36:41.867050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:37:13.893190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:38:35.921827 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 14:38:35.921982 0.623253 tcp 10.0.2.109 55414 -> 176.73.169.112 1959 FSPA* 0 0 15 1697 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:43:17.899151 3.001900 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 14:43:24.906990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:43:32.908497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:43:48.911150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:44:20.917702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:50:24.923394 3.001982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 14:50:31.930751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:50:39.932149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:50:55.935189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:51:27.951227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:56:57.535498 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 14:56:57.535705 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:57:15.082226 0.053992 tcp 10.0.2.109 55415 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:57:15.136550 0.078290 tcp 10.0.2.109 55416 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:57:15.215154 0.156097 tcp 10.0.2.109 55417 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:57:15.372589 0.000000 udp 10.0.2.109 3683 -> 1.162.201.11 1190 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:57:31.963408 2.995547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 14:57:32.926907 0.053338 tcp 10.0.2.109 55418 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:57:32.980501 0.061350 tcp 10.0.2.109 55419 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:57:33.042372 0.152461 tcp 10.0.2.109 55420 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:57:33.195361 0.410372 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:33.587440 0.107556 rtp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:33.816948 0.174817 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:34.079823 0.093218 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:34.195518 0.337791 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:34.532620 0.046546 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:34.827785 0.053989 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:34.971790 0.251740 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:35.185184 0.335801 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:35.563009 0.086355 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:35.631685 0.351617 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:35.962293 0.173424 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:36.132108 0.217051 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:36.328596 0.153900 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:36.474932 0.308789 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:36.782494 0.168407 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:36.926420 0.133355 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:37.061285 0.385994 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:37.428593 0.336630 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:37.787274 0.081651 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:37.851784 0.236812 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:38.226770 0.364028 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:38.585617 0.178487 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:38.740951 0.411224 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:38.964550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:57:39.130491 0.319845 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:39.492699 0.110566 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:39.571533 0.000000 udp 10.0.2.109 3683 -> 115.234.219.8 1774 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:57:46.966337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:57:54.748224 0.054813 tcp 10.0.2.109 55421 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:57:54.803264 0.063951 tcp 10.0.2.109 55422 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:57:54.867482 0.158489 tcp 10.0.2.109 55423 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:57:55.026657 0.699308 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:57:55.505163 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 14:58:02.969559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 14:58:13.385012 0.054512 tcp 10.0.2.109 55424 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:58:13.439811 0.061299 tcp 10.0.2.109 55425 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:58:13.501389 0.151897 tcp 10.0.2.109 55426 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 14:58:13.653852 0.075627 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:58:13.756691 0.120925 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:58:13.886624 0.058252 rtp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:58:13.962408 0.167596 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:58:14.107944 0.086831 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:58:14.213968 0.456749 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:58:14.657747 0.419391 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:58:15.033206 0.057360 rtp 10.0.2.109 3683 <-> 46.49.11.252 6051 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/08 14:58:34.975845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:04:55.997847 2.999624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 15:05:03.008924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:05:11.004836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:05:27.007453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:05:59.013954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:08:36.550838 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 15:08:36.550940 0.483944 tcp 10.0.2.109 55427 -> 176.73.169.112 1959 FSPA* 0 0 14 1593 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:12:12.027519 2.997124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 15:12:19.030264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:12:27.031613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:12:43.033948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:13:15.041201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:19:19.045713 3.004138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 15:19:26.054044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:19:34.055325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:19:50.058947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:20:22.064470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:26:26.071104 3.001346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 15:26:33.077822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:26:41.079380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:26:57.082097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:27:29.088493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:28:17.228177 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 15:28:17.228342 0.000000 udp 10.0.2.109 3683 -> 115.234.219.8 1774 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 15:28:33.807689 0.098998 tcp 10.0.2.109 55428 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:28:33.906892 0.061966 tcp 10.0.2.109 55429 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:28:33.969166 0.153137 tcp 10.0.2.109 55430 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:28:34.122889 0.087065 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:34.192351 0.093039 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:34.302238 0.322934 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:34.624693 0.050930 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:34.673769 0.173380 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:34.818868 0.109926 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:34.963111 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 15:28:53.271428 0.051967 tcp 10.0.2.109 55431 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:28:53.323786 0.063934 tcp 10.0.2.109 55432 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:28:53.388071 0.150748 tcp 10.0.2.109 55433 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:28:53.539358 0.087004 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:53.605198 0.353401 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:53.937005 0.500316 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:54.402302 0.215221 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:54.596338 0.052278 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:54.742816 0.172736 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:54.912104 0.337661 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:55.250676 0.136846 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:55.347231 0.383345 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:55.711890 0.336016 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:56.070016 0.077092 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:56.132462 0.283041 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:56.327430 0.167550 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:56.473180 0.307735 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:56.836079 0.316680 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:57.194394 0.115176 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:57.490411 0.408438 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:57.980478 0.243599 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:58.182234 0.188214 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:58.416155 0.406679 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:58.801171 0.712842 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:59.274778 0.075463 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:59.396746 0.102017 udp 10.0.2.109 3683 <-> 46.197.167.75 3636 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:59.534373 0.090877 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:59.600180 0.262298 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:28:59.848710 0.419926 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:29:00.223230 0.000000 udp 10.0.2.109 3683 -> 46.49.11.252 6051 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 15:29:18.716664 0.053320 tcp 10.0.2.109 55434 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:29:18.770300 0.061381 tcp 10.0.2.109 55435 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:29:18.832007 0.149092 tcp 10.0.2.109 55436 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:29:18.981611 0.057693 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:29:19.108221 0.164507 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:33:33.094218 3.011838 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 15:33:40.112244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:33:48.114572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:34:04.116704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:34:36.122520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:38:37.039895 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 15:38:37.039984 0.432557 tcp 10.0.2.109 55437 -> 176.73.169.112 1959 FSPA* 0 0 14 1702 flow=From-Botnet-V1-TCP-Established 1970/02/08 15:40:40.128026 3.001918 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 15:40:47.135896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:40:55.137314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:41:11.140474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:41:43.146681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:47:47.152296 3.008120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 15:47:54.160060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:48:02.170575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:48:18.173939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:48:50.170583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:55:32.181028 3.001903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 15:55:39.188781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:55:47.189940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:56:03.193383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:56:35.198951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 15:59:42.769824 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 15:59:42.769922 0.403236 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/08 15:59:43.156164 0.000000 udp 10.0.2.109 3683 -> 46.49.11.252 6051 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 16:00:02.008027 0.052640 tcp 10.0.2.109 55438 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:00:02.060921 0.062487 tcp 10.0.2.109 55439 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:00:02.123675 0.152685 tcp 10.0.2.109 55440 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:00:02.277090 0.178333 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:02.425894 0.097194 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:02.666369 0.329495 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:03.255649 0.093012 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:03.406978 1.943457 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 2 618 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:20.704096 0.052752 tcp 10.0.2.109 55441 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:00:20.757138 0.069102 tcp 10.0.2.109 55442 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:00:20.826543 0.155109 tcp 10.0.2.109 55443 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:00:20.982459 0.044908 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:21.200963 0.077620 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:21.595548 0.382775 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:21.955363 0.247949 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:22.430893 0.236693 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:22.664682 0.051955 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:22.888735 0.220941 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:23.087346 0.394711 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:23.462043 0.123775 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:23.696822 0.344358 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:24.181476 0.149164 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:24.322536 0.167968 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:24.466540 0.309051 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:24.774433 0.068062 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:24.916308 0.337373 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:25.475503 0.348729 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:25.820606 0.318449 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:26.195063 0.116372 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:26.275023 0.232725 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:26.570343 0.274407 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:26.778281 0.408441 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:27.168114 0.000000 udp 10.0.2.109 3683 -> 46.197.167.75 3636 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 16:00:42.434116 0.052537 tcp 10.0.2.109 55444 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:00:42.486928 0.064013 tcp 10.0.2.109 55445 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:00:42.551192 0.154305 tcp 10.0.2.109 55446 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:00:42.706544 0.091542 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:42.775193 0.165314 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:42.937685 0.677031 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:43.395305 0.076079 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:43.517388 0.410259 rtp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 1976 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:00:43.981375 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 16:01:00.611144 0.054167 tcp 10.0.2.109 55447 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:01:00.665655 0.064357 tcp 10.0.2.109 55448 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:01:00.730294 0.152243 tcp 10.0.2.109 55449 -> 195.113.214.249 443 SRPA* 0 0 22 13124 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:01:00.883193 0.169960 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:02:46.205157 3.002050 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 16:02:53.212662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:03:01.213996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:03:17.217251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:03:49.223275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:08:37.477975 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 16:08:37.478122 3.003566 tcp 10.0.2.109 55450 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:08:46.480629 0.000000 tcp 10.0.2.109 55450 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:08:52.480589 0.053966 tcp 10.0.2.109 55451 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:08:52.534820 0.062135 tcp 10.0.2.109 55452 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:08:52.597222 0.163513 tcp 10.0.2.109 55453 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:08:52.877672 3.005799 tcp 10.0.2.109 55454 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:09:01.889063 0.000000 tcp 10.0.2.109 55454 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:09:07.872801 0.052509 tcp 10.0.2.109 55455 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:09:07.925566 0.061825 tcp 10.0.2.109 55456 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:09:07.987735 0.152686 tcp 10.0.2.109 55457 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:09:08.150218 3.005687 tcp 10.0.2.109 55458 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:09:17.154408 0.000000 tcp 10.0.2.109 55458 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:09:23.143769 0.052777 tcp 10.0.2.109 55459 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:09:23.196801 0.063329 tcp 10.0.2.109 55460 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:09:23.260346 0.151946 tcp 10.0.2.109 55461 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:09:23.426320 2.991341 tcp 10.0.2.109 55462 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:09:32.427063 0.000000 tcp 10.0.2.109 55462 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:09:38.425118 2.994272 tcp 10.0.2.109 55463 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:09:47.418256 0.000000 tcp 10.0.2.109 55463 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:09:53.229637 3.001249 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 16:09:53.426958 2.994163 tcp 10.0.2.109 55464 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:10:00.236783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:10:02.419556 0.000000 tcp 10.0.2.109 55464 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:10:08.237815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:10:24.241255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:10:56.247081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:15:08.430388 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 16:15:08.430564 3.003094 tcp 10.0.2.109 55465 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:15:17.432887 0.000000 tcp 10.0.2.109 55465 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:15:23.433148 0.053533 tcp 10.0.2.109 55466 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:15:23.486943 0.062676 tcp 10.0.2.109 55467 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:15:23.549874 0.155090 tcp 10.0.2.109 55468 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:15:23.725846 3.000052 tcp 10.0.2.109 55469 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:15:32.724580 0.000000 tcp 10.0.2.109 55469 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:15:38.723713 0.052724 tcp 10.0.2.109 55470 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:15:38.776732 0.062938 tcp 10.0.2.109 55471 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:15:38.839926 0.150275 tcp 10.0.2.109 55472 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:15:38.999431 2.998405 tcp 10.0.2.109 55473 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:15:48.006270 0.000000 tcp 10.0.2.109 55473 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:15:53.995644 0.052406 tcp 10.0.2.109 55474 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:15:54.048321 0.062200 tcp 10.0.2.109 55475 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:15:54.110828 0.156458 tcp 10.0.2.109 55476 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:15:54.277341 3.002564 tcp 10.0.2.109 55477 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:16:03.278440 0.000000 tcp 10.0.2.109 55477 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:16:09.277123 2.994484 tcp 10.0.2.109 55478 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:16:18.270449 0.000000 tcp 10.0.2.109 55478 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:16:24.278895 3.004409 tcp 10.0.2.109 55479 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:16:33.281859 0.000000 tcp 10.0.2.109 55479 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:17:00.253387 3.001335 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 16:17:07.260460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:17:15.262351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:17:31.265089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:18:03.271063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:21:39.281818 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 16:21:39.281914 3.003865 tcp 10.0.2.109 55480 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:21:48.287703 0.000000 tcp 10.0.2.109 55480 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:21:54.284760 0.054202 tcp 10.0.2.109 55481 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:21:54.339326 0.061749 tcp 10.0.2.109 55482 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:21:54.401516 0.156194 tcp 10.0.2.109 55483 -> 195.113.214.249 443 SRPA* 0 0 27 11062 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:21:54.601124 2.996608 tcp 10.0.2.109 55484 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:22:03.606382 0.000000 tcp 10.0.2.109 55484 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:22:09.595734 0.052631 tcp 10.0.2.109 55485 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:22:09.648600 0.064925 tcp 10.0.2.109 55486 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:22:09.713767 0.158650 tcp 10.0.2.109 55487 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:22:09.911216 2.998605 tcp 10.0.2.109 55488 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:22:18.908561 0.000000 tcp 10.0.2.109 55488 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:22:24.907613 0.052965 tcp 10.0.2.109 55489 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:22:24.960815 0.061259 tcp 10.0.2.109 55490 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:22:25.022502 0.157592 tcp 10.0.2.109 55491 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:22:25.288547 3.003432 tcp 10.0.2.109 55492 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:22:34.292832 0.000000 tcp 10.0.2.109 55492 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:22:40.289408 3.005162 tcp 10.0.2.109 55493 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:22:49.292469 0.000000 tcp 10.0.2.109 55493 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:22:55.300295 2.996177 tcp 10.0.2.109 55494 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:23:04.298944 0.000000 tcp 10.0.2.109 55494 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:24:07.276440 3.002277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 16:24:14.284358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:24:22.285821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:24:38.288712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:25:10.294914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:28:10.294701 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 16:28:10.294809 2.993188 tcp 10.0.2.109 55495 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:28:19.296916 0.000000 tcp 10.0.2.109 55495 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:28:25.297002 0.053529 tcp 10.0.2.109 55496 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:28:25.350877 0.061405 tcp 10.0.2.109 55497 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:28:25.412603 0.154556 tcp 10.0.2.109 55498 -> 195.113.214.249 443 SRPA* 0 0 39 33052 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:28:26.002684 2.998020 tcp 10.0.2.109 55499 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:28:34.999441 0.000000 tcp 10.0.2.109 55499 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:28:40.998636 0.052654 tcp 10.0.2.109 55500 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:28:41.051631 0.064412 tcp 10.0.2.109 55501 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:28:41.116308 0.156671 tcp 10.0.2.109 55502 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:28:42.043256 3.000552 tcp 10.0.2.109 55503 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:28:51.042357 0.000000 tcp 10.0.2.109 55503 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:28:57.041488 0.052500 tcp 10.0.2.109 55504 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:28:57.094391 0.062040 tcp 10.0.2.109 55505 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:28:57.156846 0.161396 tcp 10.0.2.109 55506 -> 195.113.214.249 443 SRPA* 0 0 33 19150 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:28:57.488268 3.007525 tcp 10.0.2.109 55507 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:29:06.494603 0.000000 tcp 10.0.2.109 55507 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:29:12.483271 2.994290 tcp 10.0.2.109 55508 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:29:21.486043 0.000000 tcp 10.0.2.109 55508 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:29:27.485017 2.994012 tcp 10.0.2.109 55509 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:29:36.478378 0.000000 tcp 10.0.2.109 55509 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:31:14.303701 3.004324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 16:31:19.233656 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 16:31:19.233742 0.075586 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:31:19.292052 0.000000 udp 10.0.2.109 3683 -> 46.197.167.75 3636 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 16:31:21.308540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:31:29.309907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:31:36.421884 0.052035 tcp 10.0.2.109 55510 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:31:36.474350 0.061394 tcp 10.0.2.109 55511 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:31:36.536051 0.152156 tcp 10.0.2.109 55512 -> 195.113.214.249 443 SRPA* 0 0 32 16806 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:31:36.688769 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 16:31:45.313094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:31:54.218965 0.052367 tcp 10.0.2.109 55513 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:31:54.271612 0.067601 tcp 10.0.2.109 55514 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:31:54.339492 0.153789 tcp 10.0.2.109 55515 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:31:54.494197 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 16:32:12.442379 0.052446 tcp 10.0.2.109 55516 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:32:12.495109 0.064700 tcp 10.0.2.109 55517 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:32:12.560104 0.156521 tcp 10.0.2.109 55518 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:32:12.717251 0.174161 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:12.998079 0.080422 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 3 940 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:13.074427 0.343804 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:13.417447 0.106057 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:13.540563 0.071642 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:13.674004 0.068884 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:13.863644 0.342617 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:14.187566 0.251102 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:14.404299 0.051853 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:14.506489 0.172978 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:14.675793 0.123045 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:14.808693 0.332313 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:15.155393 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 16:32:17.318847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:32:30.368660 0.053907 tcp 10.0.2.109 55519 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:32:30.422810 0.065152 tcp 10.0.2.109 55520 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:32:30.488253 0.153087 tcp 10.0.2.109 55521 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:32:30.641963 0.380930 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:31.004184 0.353885 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:31.415233 0.191139 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:31.588551 0.352759 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:31.983497 0.166749 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:32.128842 0.068362 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:32.526464 0.352244 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:32.874991 0.318510 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:33.193240 0.116193 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:33.280507 0.197329 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:33.442082 0.245467 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:33.644607 0.406111 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:34.030695 0.087695 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:34.181529 0.418904 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:34.559922 0.720756 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:35.060891 0.417368 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:35.464457 0.075739 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:32:35.581887 0.165186 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/08 16:34:42.488024 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 16:34:42.488164 3.006431 tcp 10.0.2.109 55522 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:34:51.490896 0.000000 tcp 10.0.2.109 55522 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:34:57.490993 0.053400 tcp 10.0.2.109 55523 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:34:57.544640 0.062936 tcp 10.0.2.109 55524 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:34:57.607851 0.155264 tcp 10.0.2.109 55525 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:34:57.819677 3.004393 tcp 10.0.2.109 55526 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:35:06.822686 0.000000 tcp 10.0.2.109 55526 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:35:12.823865 0.207613 tcp 10.0.2.109 55527 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:35:13.031779 0.061125 tcp 10.0.2.109 55528 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:35:13.093202 0.178892 tcp 10.0.2.109 55529 -> 195.113.214.249 443 SRPA* 0 0 32 13734 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:35:13.396664 2.976964 tcp 10.0.2.109 55530 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:35:22.322616 0.000000 tcp 10.0.2.109 55530 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:35:28.271288 2.986571 tcp 10.0.2.109 55531 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:35:37.266701 0.000000 tcp 10.0.2.109 55531 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:38:21.327171 2.999533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 16:38:28.333514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:38:36.333973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:38:52.336799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:39:24.342937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:40:43.256917 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 16:40:43.257007 2.993766 tcp 10.0.2.109 55532 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:40:52.249267 0.000000 tcp 10.0.2.109 55532 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:40:58.259356 0.052985 tcp 10.0.2.109 55533 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:40:58.312594 0.061977 tcp 10.0.2.109 55534 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:40:58.374881 0.150622 tcp 10.0.2.109 55535 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:40:58.741644 3.001405 tcp 10.0.2.109 55536 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:41:07.741419 0.000000 tcp 10.0.2.109 55536 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:41:13.742373 0.052941 tcp 10.0.2.109 55537 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:41:13.795607 0.062416 tcp 10.0.2.109 55538 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:41:13.858329 0.153154 tcp 10.0.2.109 55539 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:41:14.074538 3.000731 tcp 10.0.2.109 55540 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:41:23.073636 0.000000 tcp 10.0.2.109 55540 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:41:29.072366 3.004478 tcp 10.0.2.109 55541 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:41:38.075364 0.000000 tcp 10.0.2.109 55541 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:45:28.350311 3.000426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 16:45:35.356479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:45:43.357627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:45:59.360723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:46:31.367607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:46:44.075714 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 16:46:44.075880 2.993585 tcp 10.0.2.109 55542 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:46:53.067998 0.000000 tcp 10.0.2.109 55542 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:46:59.078505 0.053441 tcp 10.0.2.109 55543 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:46:59.132234 0.062262 tcp 10.0.2.109 55544 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:46:59.194744 0.148307 tcp 10.0.2.109 55545 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:46:59.599390 3.002277 tcp 10.0.2.109 55546 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:47:08.600345 0.000000 tcp 10.0.2.109 55546 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:47:14.601800 0.052938 tcp 10.0.2.109 55547 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:47:14.655049 0.060597 tcp 10.0.2.109 55548 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:47:14.715944 0.155114 tcp 10.0.2.109 55549 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:47:15.111751 3.001976 tcp 10.0.2.109 55550 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:47:24.121266 0.000000 tcp 10.0.2.109 55550 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:47:30.114921 3.000529 tcp 10.0.2.109 55551 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:47:39.114290 0.000000 tcp 10.0.2.109 55551 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:52:45.114925 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 16:52:45.115074 2.993450 tcp 10.0.2.109 55552 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:52:54.117222 0.000000 tcp 10.0.2.109 55552 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:53:00.117869 0.054065 tcp 10.0.2.109 55553 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:53:00.172182 0.063301 tcp 10.0.2.109 55554 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:53:00.235764 0.151953 tcp 10.0.2.109 55555 -> 195.113.214.249 443 SRPA* 0 0 39 18440 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:53:00.593801 2.996861 tcp 10.0.2.109 55556 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:53:09.589280 0.000000 tcp 10.0.2.109 55556 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:53:15.588832 0.053924 tcp 10.0.2.109 55557 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:53:15.643091 0.062507 tcp 10.0.2.109 55558 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:53:15.705952 0.151498 tcp 10.0.2.109 55559 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/08 16:53:16.917173 2.997318 tcp 10.0.2.109 55560 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:53:25.913008 0.000000 tcp 10.0.2.109 55560 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:53:31.918834 2.996633 tcp 10.0.2.109 55561 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:53:40.914560 0.000000 tcp 10.0.2.109 55561 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 16:54:23.378951 3.000765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 16:54:30.385517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:54:38.387094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:54:54.390321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 16:55:26.396170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:01:52.414931 3.000451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 17:01:59.421455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:02:07.422582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:02:23.425745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:02:55.431848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:03:05.065870 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 17:03:05.065974 0.403894 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:05.451408 0.221646 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:05.972400 0.073821 rtp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:06.030611 0.178398 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:06.265858 0.117872 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:06.439012 0.071883 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:06.492373 0.336357 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:06.859173 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 17:03:16.943109 3.003750 tcp 10.0.2.109 55562 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:03:25.786451 0.054008 tcp 10.0.2.109 55563 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:03:25.840744 0.062350 tcp 10.0.2.109 55564 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:03:25.903372 0.156813 tcp 10.0.2.109 55565 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:03:25.945267 0.000000 tcp 10.0.2.109 55562 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:03:26.060660 0.051173 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:26.109980 0.175237 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:26.669348 0.239490 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:27.097571 0.346549 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:27.423485 0.244562 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:27.826445 0.051499 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:28.147702 0.326108 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:28.559732 0.393039 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:28.934088 0.339818 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:29.386900 0.151649 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:29.527009 0.414999 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:29.934274 0.353000 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:30.328411 0.168579 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:30.471944 0.069562 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:30.562138 0.318307 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:31.062196 0.119104 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:31.146435 0.194066 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:31.310688 0.242173 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:31.652193 0.407583 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:32.027299 0.052755 tcp 10.0.2.109 55566 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:03:32.040609 0.097150 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:32.080367 0.061624 tcp 10.0.2.109 55567 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:03:32.142452 0.154018 tcp 10.0.2.109 55568 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:03:32.240516 0.425625 rtp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:32.623040 0.071798 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:32.924569 2.975151 tcp 10.0.2.109 55569 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:03:33.127403 0.167955 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:33.273502 0.718777 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:33.771594 0.374771 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:03:41.848437 0.000000 tcp 10.0.2.109 55569 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:08:47.849015 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 17:08:47.849132 3.003724 tcp 10.0.2.109 55570 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:08:56.851495 0.000000 tcp 10.0.2.109 55570 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:09:02.851858 0.031335 tcp 10.0.2.109 55571 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:09:02.883450 0.061821 tcp 10.0.2.109 55572 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:09:02.945550 0.157739 tcp 10.0.2.109 55573 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:09:03.114368 3.000573 tcp 10.0.2.109 55574 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:09:06.438359 3.001111 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 17:09:12.113160 0.000000 tcp 10.0.2.109 55574 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:09:13.445163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:09:18.112857 0.030699 tcp 10.0.2.109 55575 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:09:18.143840 0.061975 tcp 10.0.2.109 55576 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:09:18.206097 0.153772 tcp 10.0.2.109 55577 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:09:18.387146 2.999811 tcp 10.0.2.109 55578 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:09:21.447000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:09:27.384910 0.000000 tcp 10.0.2.109 55578 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:09:33.384001 2.994376 tcp 10.0.2.109 55579 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:09:37.449758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:09:42.386974 0.000000 tcp 10.0.2.109 55579 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:10:09.457613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:14:48.387508 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 17:14:48.387636 3.003611 tcp 10.0.2.109 55580 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:14:57.389831 0.000000 tcp 10.0.2.109 55580 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:15:03.389722 0.030924 tcp 10.0.2.109 55581 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:15:03.420884 0.043582 tcp 10.0.2.109 55582 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:15:03.464720 0.134861 tcp 10.0.2.109 55583 -> 195.113.214.249 443 SRPA* 0 0 57 40998 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:15:03.610464 3.002321 tcp 10.0.2.109 55584 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:15:12.611774 0.000000 tcp 10.0.2.109 55584 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:15:18.610609 0.030311 tcp 10.0.2.109 55585 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:15:18.641202 0.045355 tcp 10.0.2.109 55586 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:15:18.686792 0.139058 tcp 10.0.2.109 55587 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:15:18.845712 2.999293 tcp 10.0.2.109 55588 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:15:27.843587 0.000000 tcp 10.0.2.109 55588 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:15:33.842202 3.004152 tcp 10.0.2.109 55589 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:15:42.845055 0.000000 tcp 10.0.2.109 55589 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:16:13.462129 3.001313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 17:16:20.469233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:16:28.470963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:16:44.473909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:17:16.479637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:20:48.845320 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 17:20:48.845461 2.993904 tcp 10.0.2.109 55590 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:20:57.847993 0.000000 tcp 10.0.2.109 55590 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:21:03.848337 0.046455 tcp 10.0.2.109 55591 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:21:03.895153 0.049395 tcp 10.0.2.109 55592 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:21:03.944885 0.140543 tcp 10.0.2.109 55593 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:21:04.111478 2.991899 tcp 10.0.2.109 55594 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:21:13.099884 0.000000 tcp 10.0.2.109 55594 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:21:19.102170 0.032022 tcp 10.0.2.109 55595 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:21:19.134508 0.043493 tcp 10.0.2.109 55596 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:21:19.178314 0.137647 tcp 10.0.2.109 55597 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:21:19.437085 2.997699 tcp 10.0.2.109 55598 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:21:28.431939 0.000000 tcp 10.0.2.109 55598 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:21:34.430826 3.013515 tcp 10.0.2.109 55599 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:21:43.433426 0.000000 tcp 10.0.2.109 55599 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:23:20.485973 3.001357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 17:23:27.493339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:23:35.495238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:23:51.502389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:24:23.503650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:26:49.433763 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 17:26:49.433947 2.993758 tcp 10.0.2.109 55600 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:26:58.436679 0.000000 tcp 10.0.2.109 55600 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:27:04.437630 0.031935 tcp 10.0.2.109 55601 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:27:04.469836 0.043139 tcp 10.0.2.109 55602 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:27:04.513318 0.136575 tcp 10.0.2.109 55603 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:27:04.835235 2.994737 tcp 10.0.2.109 55604 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:27:13.858211 0.000000 tcp 10.0.2.109 55604 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:27:19.828074 0.030765 tcp 10.0.2.109 55605 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:27:19.859129 0.047364 tcp 10.0.2.109 55606 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:27:19.906768 0.143561 tcp 10.0.2.109 55607 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:27:20.063963 2.997796 tcp 10.0.2.109 55608 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:27:29.060687 0.000000 tcp 10.0.2.109 55608 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:27:35.061039 3.002252 tcp 10.0.2.109 55609 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:27:44.061801 0.000000 tcp 10.0.2.109 55609 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:30:27.509552 3.001741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 17:30:34.517015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:30:42.518869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:30:58.521709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:31:30.530027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:33:44.520588 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 17:33:44.520713 0.093451 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:44.594159 0.403978 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:44.979535 0.071749 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:45.142770 0.217689 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2031 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:45.340318 0.176101 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:45.565019 0.074956 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:45.620960 0.105650 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:45.749996 0.344215 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:46.094051 0.051690 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:46.150140 0.172447 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:46.318902 0.125397 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:46.489483 0.051741 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2000 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:46.558747 0.345919 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:46.885880 0.250697 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:47.097915 0.334464 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:47.442959 0.384090 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:47.808101 0.344351 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:48.343884 0.148000 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:48.484336 0.403871 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:48.887001 0.067623 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:48.936630 0.318586 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:49.286461 0.353140 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:49.635610 0.166933 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:49.779523 0.241019 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:49.981528 0.115597 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:50.059343 0.252021 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:50.069822 3.002812 tcp 10.0.2.109 55610 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:33:50.271795 0.402182 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:50.657997 0.094849 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:50.729060 0.419024 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:51.102585 0.746372 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:51.588437 0.075670 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2601 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:51.672028 0.166044 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:51.816442 0.464988 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/08 17:33:59.071032 0.000000 tcp 10.0.2.109 55610 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:34:05.072003 0.032160 tcp 10.0.2.109 55611 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:34:05.104479 0.043207 tcp 10.0.2.109 55612 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:34:05.147986 0.138959 tcp 10.0.2.109 55613 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:34:05.451794 3.002824 tcp 10.0.2.109 55614 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:34:14.453304 0.000000 tcp 10.0.2.109 55614 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:34:20.452589 0.030944 tcp 10.0.2.109 55615 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:34:20.483804 0.042673 tcp 10.0.2.109 55616 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:34:20.526783 0.142914 tcp 10.0.2.109 55617 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:34:20.701156 3.005244 tcp 10.0.2.109 55618 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:34:29.705141 0.000000 tcp 10.0.2.109 55618 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:34:35.694029 2.994413 tcp 10.0.2.109 55619 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:34:44.696364 0.000000 tcp 10.0.2.109 55619 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:37:34.533229 3.002140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 17:37:41.541056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:37:49.542597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:38:05.545513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:38:37.551492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:39:50.697097 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 17:39:50.697243 2.993645 tcp 10.0.2.109 55620 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:39:59.689591 0.000000 tcp 10.0.2.109 55620 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:40:05.699993 0.031808 tcp 10.0.2.109 55621 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:40:05.732076 0.045426 tcp 10.0.2.109 55622 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:40:05.777785 0.140043 tcp 10.0.2.109 55623 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:40:05.946605 2.996322 tcp 10.0.2.109 55624 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:40:14.941498 0.000000 tcp 10.0.2.109 55624 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:40:20.940955 0.030849 tcp 10.0.2.109 55625 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:40:20.972118 0.042399 tcp 10.0.2.109 55626 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:40:21.014858 0.135651 tcp 10.0.2.109 55627 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:40:21.266026 2.998928 tcp 10.0.2.109 55628 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:40:30.263552 0.000000 tcp 10.0.2.109 55628 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:40:36.262394 3.004115 tcp 10.0.2.109 55629 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:40:45.265215 0.000000 tcp 10.0.2.109 55629 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:44:41.556936 3.012369 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 17:44:48.574672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:44:56.576450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:45:12.579601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:45:44.585128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:45:51.265526 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 17:45:51.265696 2.993854 tcp 10.0.2.109 55630 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:46:00.257941 0.000000 tcp 10.0.2.109 55630 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:46:06.268518 0.032014 tcp 10.0.2.109 55631 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:46:06.300841 0.042828 tcp 10.0.2.109 55632 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:46:06.343958 0.144360 tcp 10.0.2.109 55633 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:46:06.512571 2.998745 tcp 10.0.2.109 55634 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:46:15.510328 0.000000 tcp 10.0.2.109 55634 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:46:21.509725 0.030660 tcp 10.0.2.109 55635 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:46:21.540674 0.042602 tcp 10.0.2.109 55636 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:46:21.583554 0.134545 tcp 10.0.2.109 55637 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:46:21.728528 3.004972 tcp 10.0.2.109 55638 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:46:30.731902 0.000000 tcp 10.0.2.109 55638 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:46:36.720901 3.003402 tcp 10.0.2.109 55639 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:46:45.722954 0.000000 tcp 10.0.2.109 55639 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:51:51.723294 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 17:51:51.723475 2.995442 tcp 10.0.2.109 55640 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:52:00.728488 0.000000 tcp 10.0.2.109 55640 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:52:06.726600 0.031753 tcp 10.0.2.109 55641 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:52:06.758594 0.041907 tcp 10.0.2.109 55642 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:52:06.800932 0.134770 tcp 10.0.2.109 55643 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:52:07.056925 2.992749 tcp 10.0.2.109 55644 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:52:16.048343 0.000000 tcp 10.0.2.109 55644 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:52:22.057919 0.030757 tcp 10.0.2.109 55645 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:52:22.088964 0.046224 tcp 10.0.2.109 55646 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:52:22.135487 0.139131 tcp 10.0.2.109 55647 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 17:52:22.309937 3.001828 tcp 10.0.2.109 55648 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:52:31.310425 0.000000 tcp 10.0.2.109 55648 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:52:37.309047 3.004501 tcp 10.0.2.109 55649 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:52:46.311701 0.000000 tcp 10.0.2.109 55649 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 17:54:00.601166 3.001843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 17:54:07.610383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:54:15.610508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:54:31.614847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 17:55:03.619332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:01:07.624352 3.002719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 18:01:14.632383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:01:22.634094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:01:38.637369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:02:10.653257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:03:54.072553 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:03:54.072657 0.095354 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:03:54.150078 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 18:04:07.355892 2.999710 tcp 10.0.2.109 55650 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:04:10.947236 0.031336 tcp 10.0.2.109 55651 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:04:10.978827 0.045256 tcp 10.0.2.109 55652 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:04:11.024402 0.137658 tcp 10.0.2.109 55653 -> 195.113.214.249 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:04:11.162579 0.175218 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:11.308311 0.074352 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:11.458394 0.105532 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:11.591118 0.074704 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:11.649223 0.218041 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:11.845781 0.337567 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:12.182599 0.044653 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:12.243511 0.175595 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:12.415201 0.232752 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:12.936033 0.051408 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:13.014347 0.342905 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:13.334652 0.403940 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:13.778092 0.252867 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2546 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:13.993153 0.328157 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:14.358714 0.340861 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:14.838369 0.191083 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:15.019575 0.407691 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:15.519966 0.065646 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:15.568351 0.170060 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:15.714533 0.240872 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:15.915478 0.331589 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:16.283658 0.350860 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:16.354582 0.000000 tcp 10.0.2.109 55650 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:04:16.631227 0.117152 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:16.748135 0.432822 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:17.170052 0.406961 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:17.559199 0.094822 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:17.682249 0.075636 rtcp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:17.823120 0.169751 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:17.967908 0.000000 udp 10.0.2.109 3683 -> 59.115.44.141 2346 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 18:04:22.353161 0.031438 tcp 10.0.2.109 55654 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:04:22.384845 0.046477 tcp 10.0.2.109 55655 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:04:22.431568 0.136152 tcp 10.0.2.109 55656 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:04:22.691866 3.005363 tcp 10.0.2.109 55657 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:04:31.706058 0.000000 tcp 10.0.2.109 55657 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:04:33.419257 0.031955 tcp 10.0.2.109 55658 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:04:33.451569 0.046404 tcp 10.0.2.109 55659 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:04:33.498445 0.133946 tcp 10.0.2.109 55660 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:04:33.632983 0.933901 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:04:34.347765 0.396605 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:08:22.660557 3.001785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 18:08:29.667611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:08:37.669844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:08:53.672973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:09:25.678829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:09:37.686836 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:09:37.687035 2.993509 tcp 10.0.2.109 55661 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:09:46.678976 0.000000 tcp 10.0.2.109 55661 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:09:52.689204 0.031823 tcp 10.0.2.109 55662 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:09:52.721222 0.042576 tcp 10.0.2.109 55663 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:09:52.764098 0.142570 tcp 10.0.2.109 55664 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:09:52.924438 2.997974 tcp 10.0.2.109 55665 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:10:01.921087 0.000000 tcp 10.0.2.109 55665 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:10:07.920085 0.030926 tcp 10.0.2.109 55666 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:10:07.951216 0.043032 tcp 10.0.2.109 55667 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:10:07.994567 0.134187 tcp 10.0.2.109 55668 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:10:08.147324 3.006880 tcp 10.0.2.109 55669 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:10:17.152898 0.000000 tcp 10.0.2.109 55669 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:10:23.141471 3.004162 tcp 10.0.2.109 55670 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:10:32.144410 0.000000 tcp 10.0.2.109 55670 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:15:29.684624 3.002078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 18:15:36.692384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:15:38.144970 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:15:38.145134 2.993496 tcp 10.0.2.109 55671 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:15:44.693719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:15:47.147299 0.000000 tcp 10.0.2.109 55671 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:15:53.148238 0.031492 tcp 10.0.2.109 55672 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:15:53.179958 0.044747 tcp 10.0.2.109 55673 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:15:53.225128 0.138184 tcp 10.0.2.109 55674 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:15:53.405560 2.995523 tcp 10.0.2.109 55675 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:16:00.696384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:16:02.399016 0.000000 tcp 10.0.2.109 55675 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:16:08.398097 0.031076 tcp 10.0.2.109 55676 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:16:08.429427 0.042170 tcp 10.0.2.109 55677 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:16:08.471858 0.139652 tcp 10.0.2.109 55678 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:16:08.926716 2.996624 tcp 10.0.2.109 55679 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:16:17.921587 0.000000 tcp 10.0.2.109 55679 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:16:23.920295 3.004428 tcp 10.0.2.109 55680 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:16:32.702941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:16:32.922980 0.000000 tcp 10.0.2.109 55680 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:21:38.923628 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:21:38.923712 3.003718 tcp 10.0.2.109 55681 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:21:47.936140 0.000000 tcp 10.0.2.109 55681 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:21:53.926628 0.032391 tcp 10.0.2.109 55682 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:21:53.959288 0.046107 tcp 10.0.2.109 55683 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:21:54.005726 0.169413 tcp 10.0.2.109 55684 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:21:54.216473 2.996519 tcp 10.0.2.109 55685 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:22:03.207791 0.000000 tcp 10.0.2.109 55685 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:22:09.217285 0.030658 tcp 10.0.2.109 55686 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:22:09.248186 0.079530 tcp 10.0.2.109 55687 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:22:09.328037 0.136619 tcp 10.0.2.109 55688 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:22:09.555974 2.985438 tcp 10.0.2.109 55689 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:22:18.539791 0.000000 tcp 10.0.2.109 55689 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:22:24.548809 3.003727 tcp 10.0.2.109 55690 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:22:33.554350 0.000000 tcp 10.0.2.109 55690 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:22:36.708160 3.002455 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 18:22:43.716059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:22:51.717713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:23:07.721087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:23:39.727008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:27:39.552109 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:27:39.552271 3.003354 tcp 10.0.2.109 55691 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:27:48.554343 0.000000 tcp 10.0.2.109 55691 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:27:54.554723 0.031524 tcp 10.0.2.109 55692 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:27:54.586524 0.043009 tcp 10.0.2.109 55693 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:27:54.629816 0.138639 tcp 10.0.2.109 55694 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:27:54.789352 2.998383 tcp 10.0.2.109 55695 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:28:03.795801 0.000000 tcp 10.0.2.109 55695 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:28:09.785673 0.031352 tcp 10.0.2.109 55696 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:28:09.817264 0.042175 tcp 10.0.2.109 55697 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:28:09.859720 0.141190 tcp 10.0.2.109 55698 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:28:10.016906 2.992752 tcp 10.0.2.109 55699 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:28:19.016905 0.000000 tcp 10.0.2.109 55699 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:28:25.017394 2.993632 tcp 10.0.2.109 55700 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:28:34.009681 0.000000 tcp 10.0.2.109 55700 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:29:43.732765 3.003554 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 18:29:50.742694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:29:58.744778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:30:14.744752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:30:46.750711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:34:35.499615 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:34:35.499711 0.405047 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:35.885533 0.428263 rtp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:36.261753 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 18:34:40.025982 2.994466 tcp 10.0.2.109 55701 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:34:49.019021 0.000000 tcp 10.0.2.109 55701 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:34:52.816369 0.033045 tcp 10.0.2.109 55702 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:34:52.849685 0.043791 tcp 10.0.2.109 55703 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:34:52.893748 0.138526 tcp 10.0.2.109 55704 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:34:53.032844 0.093246 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:53.168770 0.070560 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:53.401496 0.220290 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:53.600773 0.175035 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:53.747256 0.075989 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:53.868942 0.316105 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:54.252252 0.275779 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:54.490513 0.053378 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:54.624147 0.353698 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2026 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:54.957896 0.172739 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:55.027851 0.030176 tcp 10.0.2.109 55705 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:34:55.058289 0.046064 tcp 10.0.2.109 55706 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:34:55.105029 0.145316 tcp 10.0.2.109 55707 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:34:55.126421 0.056787 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:55.186909 0.323092 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:55.478707 3.007522 tcp 10.0.2.109 55708 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:34:55.613140 0.335852 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:56.091175 0.214633 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:56.281709 0.968179 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:57.216219 0.384024 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:57.580350 0.165424 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:57.721262 0.247004 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:57.924970 0.318250 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:58.354718 0.352726 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:58.836217 0.121311 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:58.919914 0.403878 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:59.399569 0.069785 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:59.450843 0.088191 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:59.541093 0.075530 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:59.659653 0.166167 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:34:59.804483 0.392163 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:35:00.184546 0.411180 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 1996 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:35:00.577278 0.643330 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:35:01.020215 0.165139 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/08 18:35:04.481150 0.000000 tcp 10.0.2.109 55708 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:36:50.756844 3.001447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 18:36:57.764165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:37:05.765752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:37:21.768539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:37:53.776732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:40:10.481825 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:40:10.482046 3.003414 tcp 10.0.2.109 55709 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:40:19.484438 0.000000 tcp 10.0.2.109 55709 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:40:25.484580 0.031775 tcp 10.0.2.109 55710 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:40:25.516630 0.047962 tcp 10.0.2.109 55711 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:40:25.564903 0.135747 tcp 10.0.2.109 55712 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:40:26.016358 3.001494 tcp 10.0.2.109 55713 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:40:35.029676 0.000000 tcp 10.0.2.109 55713 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:40:41.015940 0.031176 tcp 10.0.2.109 55714 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:40:41.047386 0.041820 tcp 10.0.2.109 55715 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:40:41.089516 0.136282 tcp 10.0.2.109 55716 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:40:41.452166 2.997634 tcp 10.0.2.109 55717 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:40:50.450620 0.000000 tcp 10.0.2.109 55717 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:40:56.447553 3.003974 tcp 10.0.2.109 55718 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:41:05.450175 0.000000 tcp 10.0.2.109 55718 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:43:57.782712 3.002002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 18:44:04.788580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:44:12.790643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:44:28.792868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:45:00.798718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:46:11.451138 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:46:11.451302 3.003105 tcp 10.0.2.109 55719 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:46:20.452974 0.000000 tcp 10.0.2.109 55719 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:46:26.454593 0.031978 tcp 10.0.2.109 55720 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:46:26.486828 0.041909 tcp 10.0.2.109 55721 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:46:26.529000 0.136427 tcp 10.0.2.109 55722 -> 195.113.214.249 443 SRPA* 0 0 27 11246 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:46:26.921441 3.005704 tcp 10.0.2.109 55723 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:46:35.928063 0.000000 tcp 10.0.2.109 55723 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:46:41.914420 0.030232 tcp 10.0.2.109 55724 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:46:41.944921 0.042681 tcp 10.0.2.109 55725 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:46:41.987904 0.136798 tcp 10.0.2.109 55726 -> 195.113.214.249 443 SRPA* 0 0 24 12984 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:46:42.316436 2.992484 tcp 10.0.2.109 55727 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:46:51.308921 0.000000 tcp 10.0.2.109 55727 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:46:57.316759 2.993677 tcp 10.0.2.109 55728 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:47:06.309030 0.000000 tcp 10.0.2.109 55728 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:51:04.804094 3.001706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 18:51:11.811958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:51:19.813567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:51:35.816223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:52:07.822650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:52:12.319871 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:52:12.320053 3.003180 tcp 10.0.2.109 55729 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:52:21.322084 0.000000 tcp 10.0.2.109 55729 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:52:27.322458 0.031538 tcp 10.0.2.109 55730 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:52:27.354402 0.045851 tcp 10.0.2.109 55731 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:52:27.400626 0.138410 tcp 10.0.2.109 55732 -> 195.113.214.249 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:52:27.622417 3.002797 tcp 10.0.2.109 55733 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:52:36.623917 0.000000 tcp 10.0.2.109 55733 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:52:42.623708 0.032522 tcp 10.0.2.109 55734 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:52:42.656592 0.045997 tcp 10.0.2.109 55735 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:52:42.703037 0.136984 tcp 10.0.2.109 55736 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:52:42.988105 3.008830 tcp 10.0.2.109 55737 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:52:52.006026 0.000000 tcp 10.0.2.109 55737 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:52:57.986589 2.994498 tcp 10.0.2.109 55738 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:53:06.987389 0.000000 tcp 10.0.2.109 55738 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:58:11.828368 3.002058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 18:58:12.988019 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 18:58:12.988109 3.003831 tcp 10.0.2.109 55739 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:58:18.835797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:58:21.990665 0.000000 tcp 10.0.2.109 55739 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:58:26.837625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:58:27.991009 0.032086 tcp 10.0.2.109 55740 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:58:28.023366 0.042912 tcp 10.0.2.109 55741 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:58:28.066557 0.135377 tcp 10.0.2.109 55742 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:58:28.243914 2.999909 tcp 10.0.2.109 55743 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:58:37.242711 0.000000 tcp 10.0.2.109 55743 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:58:42.840863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 18:58:43.241840 0.030734 tcp 10.0.2.109 55744 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:58:43.272888 0.045541 tcp 10.0.2.109 55745 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:58:43.318710 0.138219 tcp 10.0.2.109 55746 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 18:58:43.620588 3.004996 tcp 10.0.2.109 55747 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:58:52.624678 0.000000 tcp 10.0.2.109 55747 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:58:58.613245 3.004241 tcp 10.0.2.109 55748 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:59:07.625533 0.000000 tcp 10.0.2.109 55748 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 18:59:14.846485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:05:04.289290 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:05:04.289406 0.088624 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 5 1563 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:04.364592 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 19:05:13.622106 3.004745 tcp 10.0.2.109 55749 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:05:22.625623 0.000000 tcp 10.0.2.109 55749 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:05:22.937346 0.032079 tcp 10.0.2.109 55750 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:05:22.969740 0.045175 tcp 10.0.2.109 55751 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:05:23.015222 0.140592 tcp 10.0.2.109 55752 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:05:23.156391 0.569022 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:23.690087 0.219563 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:23.890550 0.175877 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:24.037814 0.072867 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:24.121061 0.093182 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:24.215640 0.220593 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:24.420511 0.336780 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:24.756757 0.413256 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:25.129699 0.052111 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:25.237467 0.385383 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:25.602653 0.338287 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:26.968127 0.335440 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:27.325813 0.173516 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:27.495188 0.054576 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:27.547011 0.153782 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:27.691924 0.170301 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:27.838082 0.244411 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:28.040016 0.245124 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 1987 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:28.253142 0.382984 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:28.618016 0.116814 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:28.624228 0.030331 tcp 10.0.2.109 55753 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:05:28.654837 0.041785 tcp 10.0.2.109 55754 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:05:28.696920 0.140089 tcp 10.0.2.109 55755 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:05:28.697644 0.317945 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:28.846639 2.991862 tcp 10.0.2.109 55756 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:05:29.033594 0.354605 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:29.384416 0.406399 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:29.792995 0.068489 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:29.848532 0.099042 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:29.920326 0.069128 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:29.991092 0.167143 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:30.135360 2.695208 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:32.692078 0.253355 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2613 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:32.982395 0.412531 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:33.376690 0.165229 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:05:37.848408 0.000000 tcp 10.0.2.109 55756 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:05:43.858872 3.001258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 19:05:50.866650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:05:58.867484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:06:14.870580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:06:46.876541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:10:43.847773 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:10:43.847881 3.003218 tcp 10.0.2.109 55757 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:10:52.849796 0.000000 tcp 10.0.2.109 55757 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:10:58.850610 0.031381 tcp 10.0.2.109 55758 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:10:58.882281 0.041954 tcp 10.0.2.109 55759 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:10:58.924602 0.139240 tcp 10.0.2.109 55760 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:10:59.256513 2.999877 tcp 10.0.2.109 55761 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:11:08.252631 0.000000 tcp 10.0.2.109 55761 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:11:14.251674 0.030772 tcp 10.0.2.109 55762 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:11:14.282678 0.042896 tcp 10.0.2.109 55763 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:11:14.325860 0.134356 tcp 10.0.2.109 55764 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:11:14.476081 2.999291 tcp 10.0.2.109 55765 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:11:23.474260 0.000000 tcp 10.0.2.109 55765 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:11:29.472872 3.004330 tcp 10.0.2.109 55766 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:11:38.475567 0.000000 tcp 10.0.2.109 55766 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:12:50.882383 3.001300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 19:12:57.890181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:13:05.891657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:13:21.894237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:13:53.900530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:16:44.476107 0.093398 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:16:44.569596 2.960659 tcp 10.0.2.109 55767 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:16:53.479116 0.000000 tcp 10.0.2.109 55767 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:16:59.489254 0.124056 tcp 10.0.2.109 55768 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:16:59.613558 0.045693 tcp 10.0.2.109 55769 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:16:59.659514 0.143745 tcp 10.0.2.109 55770 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:16:59.900662 3.001324 tcp 10.0.2.109 55771 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:17:08.900743 0.000000 tcp 10.0.2.109 55771 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:17:14.900944 0.030877 tcp 10.0.2.109 55772 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:17:14.932174 0.046911 tcp 10.0.2.109 55773 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:17:14.979446 0.133070 tcp 10.0.2.109 55774 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:17:15.139357 3.008328 tcp 10.0.2.109 55775 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:17:24.142769 0.000000 tcp 10.0.2.109 55775 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:17:30.131401 3.004368 tcp 10.0.2.109 55776 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:17:39.136313 0.000000 tcp 10.0.2.109 55776 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:19:57.911432 2.997141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 19:20:04.916549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:20:12.926149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:20:28.918668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:21:00.924129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:22:45.139217 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:22:45.139331 2.989522 tcp 10.0.2.109 55777 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:22:54.137284 0.000000 tcp 10.0.2.109 55777 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:23:00.138471 0.031520 tcp 10.0.2.109 55778 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:23:00.170290 0.043286 tcp 10.0.2.109 55779 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:23:00.213898 0.136451 tcp 10.0.2.109 55780 -> 195.113.214.249 443 SRPA* 0 0 23 13768 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:23:00.403460 2.997060 tcp 10.0.2.109 55781 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:23:09.398965 0.000000 tcp 10.0.2.109 55781 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:23:15.398569 0.031610 tcp 10.0.2.109 55782 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:23:15.430456 0.042990 tcp 10.0.2.109 55783 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:23:15.473772 0.134600 tcp 10.0.2.109 55784 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:23:15.633830 2.998608 tcp 10.0.2.109 55785 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:23:24.631016 0.000000 tcp 10.0.2.109 55785 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:23:30.629716 3.003982 tcp 10.0.2.109 55786 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:23:39.632459 0.000000 tcp 10.0.2.109 55786 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:27:04.930303 3.001837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 19:27:11.937737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:27:19.939447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:27:35.944863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:28:07.948643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:28:45.637702 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:28:45.637850 2.998562 tcp 10.0.2.109 55787 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:28:54.635451 0.000000 tcp 10.0.2.109 55787 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:29:00.635463 0.031022 tcp 10.0.2.109 55788 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:29:00.666735 0.060835 tcp 10.0.2.109 55789 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:29:00.727860 0.292504 tcp 10.0.2.109 55790 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:29:01.265778 2.993678 tcp 10.0.2.109 55791 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:29:10.267758 0.000000 tcp 10.0.2.109 55791 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:29:16.266912 1.527291 tcp 10.0.2.109 55792 -> 195.113.214.234 80 FSPA* 0 0 11 1944 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:29:16.297995 0.060286 tcp 10.0.2.109 55793 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:29:16.358660 0.147801 tcp 10.0.2.109 55794 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:29:16.617253 3.004083 tcp 10.0.2.109 55795 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:29:25.619978 0.000000 tcp 10.0.2.109 55795 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:29:31.618779 3.003528 tcp 10.0.2.109 55796 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:29:40.621529 0.000000 tcp 10.0.2.109 55796 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:34:11.954038 3.001705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 19:34:18.961653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:34:26.963159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:34:42.966528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:35:14.973179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:35:48.600818 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:35:48.601051 0.407871 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:35:48.991368 0.097352 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:35:49.147296 0.578868 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:35:49.689838 0.071491 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:35:49.742227 0.093203 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:35:49.861841 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 19:36:01.629728 3.004219 tcp 10.0.2.109 55797 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:36:07.890580 0.053236 tcp 10.0.2.109 55798 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:36:07.944153 0.060525 tcp 10.0.2.109 55799 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:36:08.004974 0.152254 tcp 10.0.2.109 55800 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:36:08.157913 0.221188 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:08.432993 0.176844 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:08.589000 0.315669 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:08.916017 0.119486 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:08.997318 0.052853 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:09.180502 0.354608 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:09.514513 0.172678 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:09.683647 0.053759 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:09.808803 0.334845 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:10.142291 0.338415 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:10.635491 0.000000 tcp 10.0.2.109 55797 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:36:10.664782 0.216045 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:10.808633 0.168607 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:10.951954 0.238394 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:11.188981 0.368527 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:11.523052 0.319592 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:11.902865 0.350893 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:12.446978 0.385028 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:12.812510 0.114958 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:13.177388 0.409300 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:13.583552 0.067855 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:13.753226 0.092508 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:13.820681 0.071882 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:13.896815 0.168140 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:14.041686 0.411560 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:14.434794 0.688958 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:14.884781 0.327656 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:15.201419 0.167829 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/08 19:36:16.631529 0.051972 tcp 10.0.2.109 55801 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:36:16.683789 0.063235 tcp 10.0.2.109 55802 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:36:16.747345 0.147128 tcp 10.0.2.109 55803 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:36:17.147971 3.007942 tcp 10.0.2.109 55804 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:36:26.154788 0.000000 tcp 10.0.2.109 55804 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:41:18.977902 3.002117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 19:41:25.985461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:41:32.145506 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:41:32.145722 2.993245 tcp 10.0.2.109 55805 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:41:33.987293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:41:41.147436 0.000000 tcp 10.0.2.109 55805 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:41:47.148002 0.052672 tcp 10.0.2.109 55806 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:41:47.201033 0.060639 tcp 10.0.2.109 55807 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:41:47.261888 0.147415 tcp 10.0.2.109 55808 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:41:47.427742 3.003352 tcp 10.0.2.109 55809 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:41:49.989997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:41:56.429602 0.000000 tcp 10.0.2.109 55809 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:42:02.429281 0.053250 tcp 10.0.2.109 55810 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:42:02.482844 0.061387 tcp 10.0.2.109 55811 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:42:02.544584 0.148990 tcp 10.0.2.109 55812 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:42:02.827757 3.004998 tcp 10.0.2.109 55813 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:42:11.831665 0.000000 tcp 10.0.2.109 55813 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:42:17.820641 3.004332 tcp 10.0.2.109 55814 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:42:21.995731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:42:26.823614 0.000000 tcp 10.0.2.109 55814 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:47:32.823454 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:47:32.823532 3.005029 tcp 10.0.2.109 55815 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:47:41.836074 0.000000 tcp 10.0.2.109 55815 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:47:47.826829 0.031820 tcp 10.0.2.109 55816 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:47:47.858953 0.061578 tcp 10.0.2.109 55817 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:47:47.920872 0.151107 tcp 10.0.2.109 55818 -> 195.113.214.249 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:47:48.113868 2.995435 tcp 10.0.2.109 55819 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:47:57.108493 0.000000 tcp 10.0.2.109 55819 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:48:03.107334 0.052614 tcp 10.0.2.109 55820 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:48:03.160325 0.062386 tcp 10.0.2.109 55821 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:48:03.222971 0.149831 tcp 10.0.2.109 55822 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:48:03.399082 2.992438 tcp 10.0.2.109 55823 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:48:12.390469 0.000000 tcp 10.0.2.109 55823 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:48:18.399004 3.004094 tcp 10.0.2.109 55824 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:48:26.004583 2.999418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 19:48:27.402696 0.000000 tcp 10.0.2.109 55824 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:48:33.009626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:48:41.011156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:48:57.014157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:49:29.020654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:53:33.403142 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:53:33.403334 3.006657 tcp 10.0.2.109 55825 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:53:42.404614 0.000000 tcp 10.0.2.109 55825 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:53:48.410564 0.031991 tcp 10.0.2.109 55826 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:53:48.442904 0.061985 tcp 10.0.2.109 55827 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:53:48.505143 0.151526 tcp 10.0.2.109 55828 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:53:48.732310 2.995753 tcp 10.0.2.109 55829 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:53:57.736633 0.000000 tcp 10.0.2.109 55829 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:54:03.725233 0.031630 tcp 10.0.2.109 55830 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:54:03.757154 0.062812 tcp 10.0.2.109 55831 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:54:03.820234 0.150825 tcp 10.0.2.109 55832 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:54:04.050625 2.989504 tcp 10.0.2.109 55833 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:54:13.038607 0.000000 tcp 10.0.2.109 55833 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:54:19.047636 3.004062 tcp 10.0.2.109 55834 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:54:28.050265 0.000000 tcp 10.0.2.109 55834 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:55:54.029465 2.999825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 19:56:01.039883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:56:09.035447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:56:25.038606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:56:57.044126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 19:59:34.053840 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 19:59:34.053995 3.000481 tcp 10.0.2.109 55835 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:59:43.053126 0.000000 tcp 10.0.2.109 55835 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:59:49.053505 0.053763 tcp 10.0.2.109 55836 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:59:49.107585 0.061074 tcp 10.0.2.109 55837 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:59:49.168994 0.147819 tcp 10.0.2.109 55838 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/08 19:59:49.495456 3.002815 tcp 10.0.2.109 55839 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 19:59:58.500193 0.000000 tcp 10.0.2.109 55839 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:03:01.050946 3.000744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 20:03:08.058437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:03:16.059338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:03:32.062197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:04:04.068612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:06:42.726564 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 20:06:42.726752 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 20:06:57.829821 0.031584 tcp 10.0.2.109 55840 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:06:57.861707 0.063195 tcp 10.0.2.109 55841 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:06:57.925245 0.152930 tcp 10.0.2.109 55842 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:06:58.078767 0.407340 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:06:58.467439 0.105705 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:06:58.574473 0.454270 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:06:58.985286 0.095157 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:06:59.062078 0.075695 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:06:59.118448 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 20:07:04.498461 3.003510 tcp 10.0.2.109 55843 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:07:13.500679 0.000000 tcp 10.0.2.109 55843 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:07:16.665781 0.052634 tcp 10.0.2.109 55844 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:07:16.718766 0.064985 tcp 10.0.2.109 55845 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:07:16.783977 0.151617 tcp 10.0.2.109 55846 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:07:16.936115 0.176809 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:17.081965 0.323284 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:17.414557 0.119042 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:17.493157 0.174610 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:17.663441 0.049275 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:17.725272 0.052534 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:17.796990 0.371860 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:18.169030 0.327000 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:18.494559 0.333888 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:18.829914 0.154407 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:18.970482 0.172493 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:19.120365 0.316131 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:19.437561 0.237336 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:19.499793 0.030626 tcp 10.0.2.109 55847 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:07:19.530707 0.060598 tcp 10.0.2.109 55848 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:07:19.591498 0.150712 tcp 10.0.2.109 55849 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:07:19.632460 0.243474 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:19.751720 3.002290 tcp 10.0.2.109 55850 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:07:19.838261 0.114300 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:19.918259 0.348189 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:20.301094 0.387453 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:20.668634 0.411880 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:21.072463 0.069839 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:21.123550 0.091495 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:21.189109 0.071794 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:21.262419 0.241256 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:21.480885 0.408297 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:21.870283 0.525144 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:22.356300 0.268880 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:22.600771 0.167501 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:07:28.752066 0.000000 tcp 10.0.2.109 55850 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:10:08.073963 3.002207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 20:10:15.081812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:10:23.083286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:10:39.086728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:11:11.092840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:12:34.753361 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 20:12:34.753445 3.003624 tcp 10.0.2.109 55851 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:12:43.755410 0.000000 tcp 10.0.2.109 55851 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:12:49.756181 0.052892 tcp 10.0.2.109 55852 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:12:49.809422 0.061703 tcp 10.0.2.109 55853 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:12:49.871488 0.151401 tcp 10.0.2.109 55854 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:12:51.530043 2.991110 tcp 10.0.2.109 55855 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:13:00.519713 0.000000 tcp 10.0.2.109 55855 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:13:06.529144 0.031390 tcp 10.0.2.109 55856 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:13:06.560894 0.065461 tcp 10.0.2.109 55857 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:13:06.626676 0.151431 tcp 10.0.2.109 55858 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:13:06.787571 3.005110 tcp 10.0.2.109 55859 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:13:15.791484 0.000000 tcp 10.0.2.109 55859 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:13:21.780760 3.003872 tcp 10.0.2.109 55860 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:13:30.783121 0.000000 tcp 10.0.2.109 55860 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:17:15.101389 3.024174 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 20:17:22.115640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:17:30.117309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:17:46.119795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:18:18.126335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:18:36.783672 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 20:18:36.783857 3.003406 tcp 10.0.2.109 55861 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:18:45.795936 0.000000 tcp 10.0.2.109 55861 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:18:51.786519 0.048602 tcp 10.0.2.109 55862 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:18:51.835412 0.065394 tcp 10.0.2.109 55863 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:18:51.901089 0.146576 tcp 10.0.2.109 55864 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:18:52.066866 2.992724 tcp 10.0.2.109 55865 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:19:01.057913 0.000000 tcp 10.0.2.109 55865 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:19:07.057245 0.030489 tcp 10.0.2.109 55866 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:19:07.087931 0.060786 tcp 10.0.2.109 55867 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:19:07.149032 0.145599 tcp 10.0.2.109 55868 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:19:07.430349 3.000989 tcp 10.0.2.109 55869 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:19:16.430119 0.000000 tcp 10.0.2.109 55869 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:19:22.431794 3.001918 tcp 10.0.2.109 55870 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:19:31.440708 0.000000 tcp 10.0.2.109 55870 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:24:22.132414 3.001560 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 20:24:29.139714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:24:37.141259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:24:37.432211 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 20:24:37.432395 3.003473 tcp 10.0.2.109 55871 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:24:46.434837 0.000000 tcp 10.0.2.109 55871 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:24:52.435222 0.031569 tcp 10.0.2.109 55872 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:24:52.467074 0.061912 tcp 10.0.2.109 55873 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:24:52.529335 0.153724 tcp 10.0.2.109 55874 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:24:52.857786 3.023999 tcp 10.0.2.109 55875 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:24:53.186201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:25:01.866913 0.000000 tcp 10.0.2.109 55875 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:25:07.866602 0.051213 tcp 10.0.2.109 55876 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:25:07.918073 0.063448 tcp 10.0.2.109 55877 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:25:07.981903 0.149022 tcp 10.0.2.109 55878 -> 195.113.214.249 443 SRPA* 0 0 24 10254 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:25:08.341090 2.999616 tcp 10.0.2.109 55879 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:25:17.338861 0.000000 tcp 10.0.2.109 55879 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:25:23.338278 3.003863 tcp 10.0.2.109 55880 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:25:25.150718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:25:32.341033 0.000000 tcp 10.0.2.109 55880 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:30:38.341184 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 20:30:38.341372 3.003603 tcp 10.0.2.109 55881 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:30:47.343399 0.000000 tcp 10.0.2.109 55881 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:30:53.343763 0.031662 tcp 10.0.2.109 55882 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:30:53.375702 0.060980 tcp 10.0.2.109 55883 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:30:53.436992 0.150807 tcp 10.0.2.109 55884 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:30:53.948119 3.009189 tcp 10.0.2.109 55885 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:31:02.965756 0.000000 tcp 10.0.2.109 55885 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:31:08.945214 0.054863 tcp 10.0.2.109 55886 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:31:09.000347 0.061248 tcp 10.0.2.109 55887 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:31:09.061902 0.149350 tcp 10.0.2.109 55888 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:31:09.249087 3.000042 tcp 10.0.2.109 55889 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:31:18.247993 0.000000 tcp 10.0.2.109 55889 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:31:24.246824 2.996284 tcp 10.0.2.109 55890 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:31:29.155998 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 20:31:33.239466 0.000000 tcp 10.0.2.109 55890 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:31:36.163601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:31:44.165248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:32:00.168392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:32:32.174958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:37:37.843998 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 20:37:37.844095 0.219072 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:37:38.042415 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 20:37:39.259134 2.991065 tcp 10.0.2.109 55891 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:37:48.249422 0.000000 tcp 10.0.2.109 55891 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:37:54.259160 0.053035 tcp 10.0.2.109 55892 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:37:54.312473 0.062113 tcp 10.0.2.109 55893 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:37:54.374825 0.149381 tcp 10.0.2.109 55894 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:37:54.650434 3.001912 tcp 10.0.2.109 55895 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:37:56.481255 0.053118 tcp 10.0.2.109 55896 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:37:56.534663 0.062574 tcp 10.0.2.109 55897 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:37:56.597639 0.149040 tcp 10.0.2.109 55898 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:37:56.747185 0.071804 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:37:56.959966 0.093232 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:37:57.075605 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 20:38:03.655111 0.000000 tcp 10.0.2.109 55895 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:38:12.904710 0.030373 tcp 10.0.2.109 55899 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:38:12.935391 0.062410 tcp 10.0.2.109 55900 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:38:12.998164 0.146574 tcp 10.0.2.109 55901 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:38:13.145280 0.462573 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:13.564510 0.174938 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:13.709601 0.323291 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:14.039138 0.119390 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:14.120601 0.171934 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:14.289182 0.051493 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2657 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:14.424255 0.052311 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:14.486947 0.379488 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:14.844343 0.329509 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:15.271062 0.344844 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:15.699037 0.149769 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:15.839688 0.174226 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2631 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:15.989616 0.317553 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:16.328696 0.108781 rtp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:16.402352 0.354574 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:16.753299 0.393934 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:17.125680 0.237807 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:17.323687 0.250543 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:17.539774 0.401382 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:17.939487 0.071295 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:18.051873 0.085767 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:18.115116 0.075427 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:18.303828 0.237525 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:18.644103 0.409951 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:19.033625 0.167366 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:19.197969 0.715124 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:19.674069 0.157749 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/08 20:38:36.180464 3.001543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 20:38:43.187544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:38:51.189255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:39:07.192434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:39:39.198276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:43:09.651091 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 20:43:09.651233 3.003905 tcp 10.0.2.109 55902 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:43:18.653668 0.000000 tcp 10.0.2.109 55902 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:43:24.654607 0.052877 tcp 10.0.2.109 55903 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:43:24.707740 0.061900 tcp 10.0.2.109 55904 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:43:24.769942 0.148553 tcp 10.0.2.109 55905 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:43:24.971442 3.005622 tcp 10.0.2.109 55906 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:43:33.975579 0.000000 tcp 10.0.2.109 55906 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:43:39.965518 0.051656 tcp 10.0.2.109 55907 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:43:40.017498 0.064651 tcp 10.0.2.109 55908 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:43:40.082418 0.146217 tcp 10.0.2.109 55909 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:43:40.246830 2.992353 tcp 10.0.2.109 55910 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:43:49.237728 0.000000 tcp 10.0.2.109 55910 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:43:55.246492 2.994192 tcp 10.0.2.109 55911 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:44:04.239334 0.000000 tcp 10.0.2.109 55911 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:45:43.204181 3.002069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 20:45:50.211508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:45:58.213305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:46:14.216228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:46:46.227274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:49:10.249840 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 20:49:10.249989 3.003455 tcp 10.0.2.109 55912 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:49:19.252575 0.000000 tcp 10.0.2.109 55912 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:49:25.253058 0.031403 tcp 10.0.2.109 55913 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:49:25.284781 0.060441 tcp 10.0.2.109 55914 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:49:25.345499 0.149655 tcp 10.0.2.109 55915 -> 195.113.214.249 443 SRPA* 0 0 21 11362 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:49:25.519251 3.006416 tcp 10.0.2.109 55916 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:49:34.524571 0.000000 tcp 10.0.2.109 55916 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:49:40.513956 0.030537 tcp 10.0.2.109 55917 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:49:40.544775 0.061261 tcp 10.0.2.109 55918 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:49:40.606387 0.151025 tcp 10.0.2.109 55919 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:49:40.863873 3.003884 tcp 10.0.2.109 55920 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:49:49.876586 0.000000 tcp 10.0.2.109 55920 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:49:55.865210 2.993804 tcp 10.0.2.109 55921 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:50:04.863244 0.000000 tcp 10.0.2.109 55921 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:54:29.230516 3.001627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 20:54:36.237588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:54:44.239482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:55:00.242587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:55:10.868340 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 20:55:10.868539 3.006014 tcp 10.0.2.109 55922 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:55:19.870812 0.000000 tcp 10.0.2.109 55922 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:55:25.873985 0.053237 tcp 10.0.2.109 55923 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:55:25.927503 0.061852 tcp 10.0.2.109 55924 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:55:25.989740 0.152677 tcp 10.0.2.109 55925 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:55:26.152217 3.006247 tcp 10.0.2.109 55926 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:55:32.249276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 20:55:35.154556 0.000000 tcp 10.0.2.109 55926 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:55:41.152102 0.030765 tcp 10.0.2.109 55927 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:55:41.183162 0.061654 tcp 10.0.2.109 55928 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:55:41.245109 0.145900 tcp 10.0.2.109 55929 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 20:55:41.448177 3.007865 tcp 10.0.2.109 55930 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:55:50.454741 0.000000 tcp 10.0.2.109 55930 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:55:56.443743 3.003815 tcp 10.0.2.109 55931 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 20:56:05.456266 0.000000 tcp 10.0.2.109 55931 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:01:11.446842 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:01:11.447035 2.993714 tcp 10.0.2.109 55932 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:01:20.439278 0.000000 tcp 10.0.2.109 55932 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:01:26.449499 0.053218 tcp 10.0.2.109 55933 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:01:26.502972 0.060570 tcp 10.0.2.109 55934 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:01:26.563893 0.146764 tcp 10.0.2.109 55935 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:01:26.761374 3.001308 tcp 10.0.2.109 55936 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:01:35.761085 0.000000 tcp 10.0.2.109 55936 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:01:41.760381 0.031070 tcp 10.0.2.109 55937 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:01:41.791708 0.060219 tcp 10.0.2.109 55938 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:01:41.852176 0.152773 tcp 10.0.2.109 55939 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:01:42.021279 3.003295 tcp 10.0.2.109 55940 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:01:51.023125 0.000000 tcp 10.0.2.109 55940 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:01:57.021807 3.004062 tcp 10.0.2.109 55941 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:02:00.259922 3.001139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 21:02:06.024528 0.000000 tcp 10.0.2.109 55941 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:02:07.266476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:02:15.268020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:02:31.271053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:03:03.277469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:08:41.053167 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:08:41.053280 0.408829 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:41.443214 0.091136 rtp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:41.516853 0.218045 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:41.713044 0.076272 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:41.770244 0.094394 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:41.870608 0.470882 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:42.034443 2.994063 tcp 10.0.2.109 55942 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:08:42.293948 0.177838 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:42.449625 0.342119 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2685 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:42.793155 0.044573 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:42.836410 0.052592 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:42.899493 0.340061 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:43.219812 0.129769 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:43.313036 0.173282 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:43.482687 0.325367 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:43.819884 0.408259 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:44.252054 0.156049 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:44.403771 0.172460 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:44.550299 0.346936 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:44.893394 0.319135 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:45.221461 0.109264 rtp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:45.295415 0.386144 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:45.660594 0.242067 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:45.860519 0.698191 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:46.520695 0.405191 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:46.935647 0.068140 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:46.984630 0.167311 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:47.129621 0.414988 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:47.521208 0.092857 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:47.590893 0.075695 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:47.668342 0.149114 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:47.807846 0.165135 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:47.969729 0.690795 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:08:51.036902 0.000000 tcp 10.0.2.109 55942 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:08:57.037873 0.031602 tcp 10.0.2.109 55943 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:08:57.069737 0.065005 tcp 10.0.2.109 55944 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:08:57.135069 0.147359 tcp 10.0.2.109 55945 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:08:57.309002 3.001735 tcp 10.0.2.109 55946 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:09:06.308760 0.000000 tcp 10.0.2.109 55946 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:09:10.287175 3.001624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 21:09:17.295026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:09:25.296679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:09:41.299555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:10:13.305551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:14:12.309337 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:14:12.309494 3.003625 tcp 10.0.2.109 55947 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:14:21.311629 0.000000 tcp 10.0.2.109 55947 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:14:27.312121 0.052855 tcp 10.0.2.109 55948 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:14:27.365232 0.184079 tcp 10.0.2.109 55949 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:14:27.549661 0.145145 tcp 10.0.2.109 55950 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:14:27.711983 3.003387 tcp 10.0.2.109 55951 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:14:36.713296 0.000000 tcp 10.0.2.109 55951 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:14:42.713312 0.031055 tcp 10.0.2.109 55952 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:14:42.744645 0.061019 tcp 10.0.2.109 55953 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:14:42.805932 0.147537 tcp 10.0.2.109 55954 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:14:43.304132 3.003678 tcp 10.0.2.109 55955 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:14:52.316501 0.000000 tcp 10.0.2.109 55955 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:14:58.309471 2.989661 tcp 10.0.2.109 55956 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:15:07.308188 0.000000 tcp 10.0.2.109 55956 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:16:17.312370 3.025472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 21:16:24.328735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:16:32.330451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:16:48.333208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:17:20.339942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:20:13.308598 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:20:13.308691 3.007837 tcp 10.0.2.109 55957 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:20:22.310622 0.000000 tcp 10.0.2.109 55957 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:20:28.311816 0.032925 tcp 10.0.2.109 55958 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:20:28.344985 0.059263 tcp 10.0.2.109 55959 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:20:28.404514 0.147521 tcp 10.0.2.109 55960 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:20:28.748359 3.006054 tcp 10.0.2.109 55961 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:20:37.756944 0.000000 tcp 10.0.2.109 55961 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:20:43.747486 0.052159 tcp 10.0.2.109 55962 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:20:43.799946 0.060228 tcp 10.0.2.109 55963 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:20:43.860463 0.148030 tcp 10.0.2.109 55964 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:20:44.256859 2.999693 tcp 10.0.2.109 55965 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:20:53.255394 0.000000 tcp 10.0.2.109 55965 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:20:59.244098 2.994405 tcp 10.0.2.109 55966 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:21:08.250679 0.000000 tcp 10.0.2.109 55966 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:23:24.346270 3.001246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 21:23:31.353075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:23:39.354044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:23:55.357239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:24:27.363311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:26:14.247543 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:26:14.247637 3.003892 tcp 10.0.2.109 55967 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:26:23.249729 0.000000 tcp 10.0.2.109 55967 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:26:29.250393 0.054078 tcp 10.0.2.109 55968 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:26:29.304809 0.062283 tcp 10.0.2.109 55969 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:26:29.367374 0.154300 tcp 10.0.2.109 55970 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:26:29.562667 3.000490 tcp 10.0.2.109 55971 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:26:38.561787 0.000000 tcp 10.0.2.109 55971 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:26:44.561050 0.052178 tcp 10.0.2.109 55972 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:26:44.613489 0.063139 tcp 10.0.2.109 55973 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:26:44.676936 0.150066 tcp 10.0.2.109 55974 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:26:44.886563 2.998541 tcp 10.0.2.109 55975 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:26:53.883703 0.000000 tcp 10.0.2.109 55975 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:26:59.882558 3.003792 tcp 10.0.2.109 55976 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:27:08.885089 0.000000 tcp 10.0.2.109 55976 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:30:31.372791 2.998718 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 21:30:38.376719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:30:46.381356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:31:02.381280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:31:34.387164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:32:14.885770 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:32:14.885934 2.993493 tcp 10.0.2.109 55977 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:32:23.878235 0.000000 tcp 10.0.2.109 55977 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:32:29.888653 0.052451 tcp 10.0.2.109 55978 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:32:29.941305 0.060355 tcp 10.0.2.109 55979 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:32:30.001948 0.160310 tcp 10.0.2.109 55980 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:32:30.181219 3.000448 tcp 10.0.2.109 55981 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:32:39.180655 0.000000 tcp 10.0.2.109 55981 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:37:38.393766 3.001275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 21:37:45.400468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:37:53.402242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:38:09.405195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:38:41.411475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:39:13.127069 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:39:13.127269 0.218144 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:13.324057 0.075245 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:13.479702 0.105341 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:13.720501 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 21:39:15.190936 3.003080 tcp 10.0.2.109 55982 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:39:24.194595 0.000000 tcp 10.0.2.109 55982 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:39:30.192662 0.053578 tcp 10.0.2.109 55983 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:39:30.246603 0.063148 tcp 10.0.2.109 55984 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:39:30.310034 0.146838 tcp 10.0.2.109 55985 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:39:30.516141 2.999882 tcp 10.0.2.109 55986 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:39:32.294662 0.053445 tcp 10.0.2.109 55987 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:39:32.348412 0.065126 tcp 10.0.2.109 55988 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:39:32.413802 0.147657 tcp 10.0.2.109 55989 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:39:32.561985 0.168626 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:32.710027 0.636802 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:34.338451 0.175020 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:34.943823 0.344023 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:35.287503 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 21:39:39.514540 0.000000 tcp 10.0.2.109 55986 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:39:52.513976 0.051268 tcp 10.0.2.109 55990 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:39:52.565586 0.061779 tcp 10.0.2.109 55991 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:39:52.627694 0.145403 tcp 10.0.2.109 55992 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:39:52.773650 0.051776 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:52.920428 0.175512 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:53.280407 0.339377 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:53.722348 0.380523 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:54.083872 0.120971 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:54.371574 0.337637 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:54.736584 0.147699 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:54.876820 0.168778 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:55.046537 0.349587 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:55.392072 0.400787 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:55.771600 0.244405 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2555 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:55.970764 0.317737 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:56.382988 0.147133 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:56.493828 0.065387 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:56.548968 0.245339 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:56.760827 0.406625 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:57.166559 0.166568 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:57.312082 0.414153 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:57.705358 0.091036 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:57.997199 0.075629 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:58.338456 0.177501 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:58.492715 0.166656 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:39:58.656450 0.687140 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/08 21:44:45.417156 3.001680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 21:44:45.514904 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:44:45.514986 2.997006 tcp 10.0.2.109 55993 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:44:52.424473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:44:54.507668 0.000000 tcp 10.0.2.109 55993 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:45:00.427024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:45:00.518837 0.052321 tcp 10.0.2.109 55994 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:45:00.571467 0.066613 tcp 10.0.2.109 55995 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:45:00.638405 0.148313 tcp 10.0.2.109 55996 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:45:00.852281 2.998706 tcp 10.0.2.109 55997 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:45:09.849659 0.000000 tcp 10.0.2.109 55997 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:45:15.848787 0.030543 tcp 10.0.2.109 55998 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:45:15.879579 0.061791 tcp 10.0.2.109 55999 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:45:15.941713 0.148928 tcp 10.0.2.109 56000 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:45:16.144163 2.998720 tcp 10.0.2.109 56001 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:45:16.428906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:45:25.141686 0.000000 tcp 10.0.2.109 56001 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:45:31.140319 3.004400 tcp 10.0.2.109 56002 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:45:40.143296 0.000000 tcp 10.0.2.109 56002 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:45:48.435460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:50:46.143740 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:50:46.143891 3.007396 tcp 10.0.2.109 56003 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:50:55.156507 0.000000 tcp 10.0.2.109 56003 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:51:01.147034 0.053248 tcp 10.0.2.109 56004 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:51:01.200559 0.065188 tcp 10.0.2.109 56005 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:51:01.266241 0.152329 tcp 10.0.2.109 56006 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:51:01.483853 2.995695 tcp 10.0.2.109 56007 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:51:10.477860 0.000000 tcp 10.0.2.109 56007 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:51:16.477445 0.051642 tcp 10.0.2.109 56008 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:51:16.529418 0.063290 tcp 10.0.2.109 56009 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:51:16.593103 0.147073 tcp 10.0.2.109 56010 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:51:16.773603 2.997872 tcp 10.0.2.109 56011 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:51:25.770210 0.000000 tcp 10.0.2.109 56011 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:51:31.769162 3.003926 tcp 10.0.2.109 56012 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:51:40.771288 0.000000 tcp 10.0.2.109 56012 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:54:00.445903 3.000961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 21:54:07.452756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:54:15.454180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:54:31.457210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:55:03.463376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 21:56:46.772023 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 21:56:46.772199 3.003907 tcp 10.0.2.109 56013 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:56:55.774682 0.000000 tcp 10.0.2.109 56013 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:57:01.774905 0.053184 tcp 10.0.2.109 56014 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:57:01.828397 0.061229 tcp 10.0.2.109 56015 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:57:01.889912 0.149272 tcp 10.0.2.109 56016 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:57:02.497463 2.991048 tcp 10.0.2.109 56017 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:57:11.497231 0.000000 tcp 10.0.2.109 56017 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:57:17.496270 0.052018 tcp 10.0.2.109 56018 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:57:17.548580 0.061729 tcp 10.0.2.109 56019 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:57:17.610607 0.148133 tcp 10.0.2.109 56020 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 21:57:17.768494 3.002100 tcp 10.0.2.109 56021 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:57:26.769096 0.000000 tcp 10.0.2.109 56021 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:57:32.767760 3.004447 tcp 10.0.2.109 56022 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 21:57:41.775421 0.000000 tcp 10.0.2.109 56022 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:01:10.475275 2.999772 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 22:01:17.481100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:01:25.482886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:01:41.485620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:02:13.491216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:02:47.771303 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:02:47.771520 3.003217 tcp 10.0.2.109 56023 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:02:56.776402 0.000000 tcp 10.0.2.109 56023 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:03:02.774511 0.053132 tcp 10.0.2.109 56024 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:03:02.827975 0.060483 tcp 10.0.2.109 56025 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:03:02.888732 0.148570 tcp 10.0.2.109 56026 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:03:03.066993 3.000117 tcp 10.0.2.109 56027 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:03:12.065506 0.000000 tcp 10.0.2.109 56027 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:03:18.064715 0.051758 tcp 10.0.2.109 56028 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:03:18.116840 0.060975 tcp 10.0.2.109 56029 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:03:18.178098 0.149226 tcp 10.0.2.109 56030 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:03:18.402627 2.986291 tcp 10.0.2.109 56031 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:03:27.957054 0.000000 tcp 10.0.2.109 56031 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:03:33.887782 2.958539 tcp 10.0.2.109 56032 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:03:42.768052 0.000000 tcp 10.0.2.109 56032 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:08:26.499911 3.002525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 22:08:33.507779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:08:41.509366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:08:57.512121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:09:29.518562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:09:59.571717 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:09:59.571911 0.406577 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:09:59.958646 0.044801 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:00.001471 0.074078 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:00.103980 0.219048 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:00.301950 0.105548 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:00.415504 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 22:10:03.407953 3.003341 tcp 10.0.2.109 56033 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:10:12.410048 0.000000 tcp 10.0.2.109 56033 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:10:16.567794 0.052694 tcp 10.0.2.109 56034 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:10:16.620705 0.061249 tcp 10.0.2.109 56035 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:10:16.682274 0.146823 tcp 10.0.2.109 56036 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:10:16.829606 0.173939 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:16.977635 0.431653 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:17.361192 0.330239 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:17.690717 0.052159 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:18.406634 0.172750 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:18.409129 0.052739 tcp 10.0.2.109 56037 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:10:18.462352 0.063956 tcp 10.0.2.109 56038 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:10:18.526662 0.152061 tcp 10.0.2.109 56039 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:10:18.576700 0.328731 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:18.781204 3.002455 tcp 10.0.2.109 56040 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:10:18.951784 0.350675 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:19.283928 0.117302 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:19.365028 0.339619 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:19.771593 0.150367 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:19.914436 0.169235 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:20.059086 0.237667 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:20.256954 0.349198 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:20.602377 0.392082 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:20.978235 0.066203 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:21.027377 0.263546 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:21.235583 0.320769 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:21.562715 0.112454 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:21.639927 0.407618 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:22.054569 0.171029 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:22.202192 0.409031 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:22.592050 0.090499 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:22.658225 0.169200 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:22.824850 0.075583 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:22.913057 0.148937 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:23.051036 0.697015 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:10:27.781876 0.000000 tcp 10.0.2.109 56040 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:15:33.524106 3.001808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 22:15:33.782483 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:15:33.782632 3.003820 tcp 10.0.2.109 56041 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:15:40.531823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:15:42.784715 0.000000 tcp 10.0.2.109 56041 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:15:48.533313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:15:48.785081 0.053596 tcp 10.0.2.109 56042 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:15:48.838942 0.059595 tcp 10.0.2.109 56043 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:15:48.898822 0.145575 tcp 10.0.2.109 56044 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:15:49.115086 2.993395 tcp 10.0.2.109 56045 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:15:58.116913 0.000000 tcp 10.0.2.109 56045 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:16:04.116940 0.052451 tcp 10.0.2.109 56046 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:16:04.169722 0.061200 tcp 10.0.2.109 56047 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:16:04.231190 0.153981 tcp 10.0.2.109 56048 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:16:04.441279 2.999597 tcp 10.0.2.109 56049 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:16:04.536181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:16:13.439144 0.000000 tcp 10.0.2.109 56049 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:16:19.438218 3.003975 tcp 10.0.2.109 56050 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:16:28.440652 0.000000 tcp 10.0.2.109 56050 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:16:36.542226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:21:34.441507 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:21:34.441595 3.003102 tcp 10.0.2.109 56051 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:21:43.443410 0.000000 tcp 10.0.2.109 56051 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:21:49.443708 0.052222 tcp 10.0.2.109 56052 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:21:49.496278 0.061093 tcp 10.0.2.109 56053 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:21:49.557681 0.143971 tcp 10.0.2.109 56054 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:21:49.878585 3.008763 tcp 10.0.2.109 56055 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:21:58.885486 0.000000 tcp 10.0.2.109 56055 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:22:04.875166 0.051079 tcp 10.0.2.109 56056 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:22:04.926522 0.061727 tcp 10.0.2.109 56057 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:22:04.988562 0.151750 tcp 10.0.2.109 56058 -> 195.113.214.249 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:22:05.249017 2.990176 tcp 10.0.2.109 56059 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:22:14.238670 0.000000 tcp 10.0.2.109 56059 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:22:20.246381 2.998995 tcp 10.0.2.109 56060 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:22:29.266807 0.000000 tcp 10.0.2.109 56060 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:22:40.547760 3.001988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 22:22:47.555539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:22:55.557197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:23:11.560457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:23:43.566343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:27:35.252930 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:27:35.253110 3.000603 tcp 10.0.2.109 56061 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:27:44.252597 0.000000 tcp 10.0.2.109 56061 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:27:50.253255 0.051974 tcp 10.0.2.109 56062 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:27:50.305586 0.064803 tcp 10.0.2.109 56063 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:27:50.370678 0.149598 tcp 10.0.2.109 56064 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:27:50.629022 2.996464 tcp 10.0.2.109 56065 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:27:59.624448 0.000000 tcp 10.0.2.109 56065 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:28:05.627285 0.051334 tcp 10.0.2.109 56066 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:28:05.678922 0.063768 tcp 10.0.2.109 56067 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:28:05.742971 0.153465 tcp 10.0.2.109 56068 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:28:06.356996 2.994946 tcp 10.0.2.109 56069 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:28:15.356968 0.000000 tcp 10.0.2.109 56069 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:28:21.357545 3.001161 tcp 10.0.2.109 56070 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:28:30.348507 0.000000 tcp 10.0.2.109 56070 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:29:47.572279 3.002945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 22:29:54.579630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:30:02.580862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:30:18.583978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:30:50.590129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:33:36.358888 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:33:36.359126 3.003943 tcp 10.0.2.109 56071 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:33:45.361600 0.000000 tcp 10.0.2.109 56071 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:33:51.361210 0.053985 tcp 10.0.2.109 56072 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:33:51.415505 0.060108 tcp 10.0.2.109 56073 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:33:51.475886 0.146861 tcp 10.0.2.109 56074 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:33:51.639343 3.005569 tcp 10.0.2.109 56075 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:34:00.643345 0.000000 tcp 10.0.2.109 56075 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:34:06.632613 0.051480 tcp 10.0.2.109 56076 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:34:06.684412 0.064937 tcp 10.0.2.109 56077 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:34:06.749627 0.148345 tcp 10.0.2.109 56078 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:34:06.913818 3.002944 tcp 10.0.2.109 56079 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:34:15.915499 0.000000 tcp 10.0.2.109 56079 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:34:21.914017 2.994529 tcp 10.0.2.109 56080 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:34:30.916995 0.000000 tcp 10.0.2.109 56080 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:36:54.597582 3.000520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 22:37:01.603799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:37:09.604948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:37:25.608519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:37:57.614837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:40:28.861940 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:40:28.862150 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 22:40:47.010198 0.052980 tcp 10.0.2.109 56081 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:40:47.063493 0.060377 tcp 10.0.2.109 56082 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:40:47.124174 0.147276 tcp 10.0.2.109 56083 -> 195.113.214.249 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:40:47.272127 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 22:41:04.583545 0.053489 tcp 10.0.2.109 56084 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:41:04.637409 0.061107 tcp 10.0.2.109 56085 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:41:04.698875 0.152197 tcp 10.0.2.109 56086 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:41:04.851675 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 22:41:22.370428 0.052840 tcp 10.0.2.109 56087 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:41:22.423543 0.060006 tcp 10.0.2.109 56088 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:41:22.483782 0.148030 tcp 10.0.2.109 56089 -> 195.113.214.249 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:41:22.632540 0.216352 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:22.830769 0.073088 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:22.919571 0.105911 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:23.041366 0.176245 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:23.189375 0.702072 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:23.859589 0.335050 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:24.214548 0.369132 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:24.630795 0.051426 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:24.739435 0.172811 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:24.909269 0.384600 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:25.271955 0.123258 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:25.355780 0.336887 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:25.724178 0.155313 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:25.872099 0.169297 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:26.017794 0.390325 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:26.388789 0.064698 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:26.437709 0.240014 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:26.635324 0.351466 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2578 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:27.002527 0.258262 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:27.224681 0.319712 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:27.569967 0.116006 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:27.667230 0.408778 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:28.099133 0.090545 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:28.162924 0.168700 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:28.328755 0.075655 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2502 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:28.412818 0.170624 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:28.566547 0.165507 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:28.710039 0.419018 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:29.107059 0.698632 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/08 22:41:36.930321 3.003454 tcp 10.0.2.109 56090 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:41:45.932581 0.000000 tcp 10.0.2.109 56090 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:41:51.931839 0.053241 tcp 10.0.2.109 56091 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:41:51.985325 0.059535 tcp 10.0.2.109 56092 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:41:52.045169 0.145727 tcp 10.0.2.109 56093 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:41:52.223361 3.002382 tcp 10.0.2.109 56094 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:42:01.224819 0.000000 tcp 10.0.2.109 56094 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:42:07.223880 0.053132 tcp 10.0.2.109 56095 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:42:07.277337 0.065411 tcp 10.0.2.109 56096 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:42:07.342996 0.152073 tcp 10.0.2.109 56097 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:42:07.531942 2.996066 tcp 10.0.2.109 56098 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:42:16.536806 0.000000 tcp 10.0.2.109 56098 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:42:22.525104 2.994178 tcp 10.0.2.109 56099 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:42:31.517892 0.000000 tcp 10.0.2.109 56099 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:44:01.620289 3.004315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 22:44:08.627864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:44:16.634874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:44:32.632049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:45:04.638374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:47:37.528916 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:47:37.529060 3.003554 tcp 10.0.2.109 56100 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:47:46.531008 0.000000 tcp 10.0.2.109 56100 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:47:52.531346 0.052253 tcp 10.0.2.109 56101 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:47:52.583833 0.061346 tcp 10.0.2.109 56102 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:47:52.645038 0.144084 tcp 10.0.2.109 56103 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:47:52.872441 3.002149 tcp 10.0.2.109 56104 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:48:01.877857 0.000000 tcp 10.0.2.109 56104 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:48:07.872910 0.051295 tcp 10.0.2.109 56105 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:48:07.924488 0.063441 tcp 10.0.2.109 56106 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:48:07.988311 0.152573 tcp 10.0.2.109 56107 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:48:08.177370 3.009207 tcp 10.0.2.109 56108 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:48:17.184576 0.000000 tcp 10.0.2.109 56108 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:48:23.173656 2.994261 tcp 10.0.2.109 56109 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:48:32.176599 0.000000 tcp 10.0.2.109 56109 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:53:29.646580 3.002074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 22:53:36.654500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:53:38.177065 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:53:38.177250 2.993871 tcp 10.0.2.109 56110 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:53:44.655456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:53:47.169415 0.000000 tcp 10.0.2.109 56110 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:53:53.179919 0.051748 tcp 10.0.2.109 56111 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:53:53.231944 0.062685 tcp 10.0.2.109 56112 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:53:53.294910 0.148067 tcp 10.0.2.109 56113 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:53:53.465607 2.997248 tcp 10.0.2.109 56114 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:54:00.658211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:54:02.461165 0.000000 tcp 10.0.2.109 56114 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:54:08.460317 0.051782 tcp 10.0.2.109 56115 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:54:08.512363 0.061412 tcp 10.0.2.109 56116 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:54:08.574199 0.147087 tcp 10.0.2.109 56117 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:54:08.764231 3.000573 tcp 10.0.2.109 56118 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:54:17.763354 0.000000 tcp 10.0.2.109 56118 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:54:23.762705 3.003609 tcp 10.0.2.109 56119 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:54:32.664854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 22:54:32.764885 0.000000 tcp 10.0.2.109 56119 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:59:38.765052 0.006526 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 22:59:38.771652 2.987404 tcp 10.0.2.109 56120 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:59:47.769722 0.000000 tcp 10.0.2.109 56120 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 22:59:53.770023 0.052415 tcp 10.0.2.109 56121 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:59:53.822694 0.060630 tcp 10.0.2.109 56122 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:59:53.883622 0.151456 tcp 10.0.2.109 56123 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 22:59:54.447572 2.994052 tcp 10.0.2.109 56124 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:00:03.440724 0.000000 tcp 10.0.2.109 56124 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:00:09.444068 0.051180 tcp 10.0.2.109 56125 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:00:09.495521 0.064264 tcp 10.0.2.109 56126 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:00:09.560087 0.147173 tcp 10.0.2.109 56127 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:00:09.717952 2.995718 tcp 10.0.2.109 56128 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:00:18.712154 0.000000 tcp 10.0.2.109 56128 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:00:24.711534 3.008637 tcp 10.0.2.109 56129 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:00:33.713825 0.000000 tcp 10.0.2.109 56129 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:00:36.670518 3.001926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 23:00:43.678212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:00:51.679740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:01:07.682921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:01:39.688956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:07:43.694582 3.002086 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/08 23:07:50.702540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:07:58.703636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:08:14.706250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:08:46.712773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:11:39.621474 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 23:11:39.621614 0.407114 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:40.010439 0.051579 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:40.078216 0.105294 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:40.185079 0.218442 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:40.382696 0.081109 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:40.478470 0.178334 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:40.678853 0.000000 udp 10.0.2.109 3683 -> 59.115.44.141 2346 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/08 23:11:54.753347 2.994103 tcp 10.0.2.109 56130 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:11:57.628735 0.052874 tcp 10.0.2.109 56131 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:11:57.681847 0.064514 tcp 10.0.2.109 56132 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:11:57.746641 0.149984 tcp 10.0.2.109 56133 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:11:57.897218 0.051784 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:58.014568 0.173863 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:58.184379 0.315562 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:58.499208 0.379435 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:58.899669 0.348894 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:59.228800 0.121917 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:59.314222 0.345808 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:59.669028 0.161989 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:59.823301 0.170667 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:11:59.969355 0.243860 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:00.170128 0.345948 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:00.527989 0.386128 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:00.896322 0.071281 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:00.950672 0.243552 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:01.158932 0.343175 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:01.503430 0.108324 rtp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:01.575707 0.414234 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:02.006989 0.075837 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:02.084465 0.160242 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:02.228813 0.167912 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:02.373406 0.090602 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:02.439076 0.167695 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:02.603379 0.413214 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:02.995821 0.707547 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:12:03.755980 0.000000 tcp 10.0.2.109 56130 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:12:09.755226 0.051796 tcp 10.0.2.109 56134 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:12:09.807318 0.060612 tcp 10.0.2.109 56135 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:12:09.868199 0.156714 tcp 10.0.2.109 56136 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:12:10.034072 2.995241 tcp 10.0.2.109 56137 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:12:19.027899 0.000000 tcp 10.0.2.109 56137 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:14:50.719689 3.044867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 23:14:57.743228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:15:05.737597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:15:21.740651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:15:53.746909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:17:25.028285 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 23:17:25.028483 3.003811 tcp 10.0.2.109 56138 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:17:34.030928 0.000000 tcp 10.0.2.109 56138 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:17:40.031158 0.053364 tcp 10.0.2.109 56139 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:17:40.084809 0.061849 tcp 10.0.2.109 56140 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:17:40.146956 0.151939 tcp 10.0.2.109 56141 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:17:40.311653 3.003091 tcp 10.0.2.109 56142 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:17:49.316747 0.000000 tcp 10.0.2.109 56142 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:17:55.312191 0.052142 tcp 10.0.2.109 56143 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:17:55.364612 0.065528 tcp 10.0.2.109 56144 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:17:55.430511 0.151723 tcp 10.0.2.109 56145 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:17:55.604306 3.001441 tcp 10.0.2.109 56146 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:18:04.604861 0.000000 tcp 10.0.2.109 56146 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:18:10.603701 2.993949 tcp 10.0.2.109 56147 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:18:19.606306 0.000000 tcp 10.0.2.109 56147 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:21:57.752884 3.001552 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 23:22:04.760135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:22:12.761699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:22:28.765042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:23:00.770850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:23:25.606626 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 23:23:25.606806 2.993844 tcp 10.0.2.109 56148 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:23:34.599343 0.000000 tcp 10.0.2.109 56148 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:23:40.609323 0.052705 tcp 10.0.2.109 56149 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:23:40.662446 0.060866 tcp 10.0.2.109 56150 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:23:40.723598 0.156731 tcp 10.0.2.109 56151 -> 195.113.214.249 443 SRPA* 0 0 42 35858 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:23:40.988841 3.003835 tcp 10.0.2.109 56152 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:23:49.991530 0.000000 tcp 10.0.2.109 56152 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:23:55.990715 0.051771 tcp 10.0.2.109 56153 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:23:56.042836 0.061206 tcp 10.0.2.109 56154 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:23:56.104391 0.154016 tcp 10.0.2.109 56155 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:23:56.275060 2.999893 tcp 10.0.2.109 56156 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:24:05.273497 0.000000 tcp 10.0.2.109 56156 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:24:11.272550 3.003692 tcp 10.0.2.109 56157 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:24:20.275166 0.000000 tcp 10.0.2.109 56157 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:29:04.775655 3.003057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 23:29:11.783557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:29:19.785885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:29:26.275567 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 23:29:26.275657 2.993574 tcp 10.0.2.109 56158 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:29:35.277853 0.000000 tcp 10.0.2.109 56158 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:29:35.788568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:29:41.278745 0.054234 tcp 10.0.2.109 56159 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:29:41.333250 0.065306 tcp 10.0.2.109 56160 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:29:41.398908 0.169227 tcp 10.0.2.109 56161 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:29:41.586491 2.997201 tcp 10.0.2.109 56162 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:29:50.580027 0.000000 tcp 10.0.2.109 56162 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:29:56.579152 0.051443 tcp 10.0.2.109 56163 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:29:56.630885 0.064225 tcp 10.0.2.109 56164 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:29:56.695359 0.205790 tcp 10.0.2.109 56165 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:29:57.032717 3.000847 tcp 10.0.2.109 56166 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:30:06.031984 0.000000 tcp 10.0.2.109 56166 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:30:07.794864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:30:12.030861 3.004287 tcp 10.0.2.109 56167 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:30:21.036370 0.000000 tcp 10.0.2.109 56167 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:35:27.044411 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 23:35:27.044559 2.993541 tcp 10.0.2.109 56168 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:35:36.046428 0.000000 tcp 10.0.2.109 56168 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:35:42.046804 0.053043 tcp 10.0.2.109 56169 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:35:42.100085 0.063410 tcp 10.0.2.109 56170 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:35:42.163881 0.151779 tcp 10.0.2.109 56171 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:35:42.500073 3.000377 tcp 10.0.2.109 56172 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:35:51.498901 0.000000 tcp 10.0.2.109 56172 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:36:11.810719 3.002141 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 23:36:18.818070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:36:26.819799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:36:42.823855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:37:14.828675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:42:04.205120 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 23:42:04.205231 0.467036 rtp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:04.623211 0.407675 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:05.013014 0.050174 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:05.065751 0.080237 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:05.198453 0.179479 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:05.346675 0.218725 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:05.542718 0.118020 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:05.713596 0.052264 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:05.806695 0.342105 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:06.158978 0.173452 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:06.329373 0.322414 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:06.701056 0.360795 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2004 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:07.041951 0.118123 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:07.121412 0.338500 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:07.469925 0.147393 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:07.608985 0.169938 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:07.755106 0.385207 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:08.121980 0.071539 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:08.202741 0.244924 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:08.404140 0.353526 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:08.753991 0.253524 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:08.971475 0.325144 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2538 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:09.309887 0.118123 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:09.395375 0.406207 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:09.815186 0.167157 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:09.958993 0.085977 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:10.020199 0.166826 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:10.184216 0.408727 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:10.574349 0.069584 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:10.667242 0.162955 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:10.819494 0.663504 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/08 23:42:12.507511 2.993801 tcp 10.0.2.109 56173 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:42:21.499501 0.000000 tcp 10.0.2.109 56173 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:42:27.509909 0.053225 tcp 10.0.2.109 56174 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:42:27.563434 0.064602 tcp 10.0.2.109 56175 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:42:27.628329 0.155804 tcp 10.0.2.109 56176 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:42:27.812181 3.000404 tcp 10.0.2.109 56177 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:42:36.811640 0.000000 tcp 10.0.2.109 56177 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:42:42.811216 0.052136 tcp 10.0.2.109 56178 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:42:42.863587 0.062570 tcp 10.0.2.109 56179 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:42:42.926430 0.146061 tcp 10.0.2.109 56180 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:42:43.108135 3.006760 tcp 10.0.2.109 56181 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:42:52.113529 0.000000 tcp 10.0.2.109 56181 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:42:58.102401 3.004478 tcp 10.0.2.109 56182 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:43:07.105090 0.000000 tcp 10.0.2.109 56182 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:43:18.834722 3.001567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 23:43:25.842330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:43:33.843479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:43:49.846975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:44:21.852752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:48:13.105338 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 23:48:13.105504 2.993729 tcp 10.0.2.109 56183 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:48:22.097937 0.000000 tcp 10.0.2.109 56183 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:48:28.108609 0.054952 tcp 10.0.2.109 56184 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:48:28.163829 0.063216 tcp 10.0.2.109 56185 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:48:28.227335 0.153636 tcp 10.0.2.109 56186 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:48:28.407207 2.994070 tcp 10.0.2.109 56187 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:48:37.400330 0.000000 tcp 10.0.2.109 56187 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:48:43.409214 0.055415 tcp 10.0.2.109 56188 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:48:43.464937 0.061387 tcp 10.0.2.109 56189 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:48:43.526655 0.152762 tcp 10.0.2.109 56190 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:48:43.789083 2.994371 tcp 10.0.2.109 56191 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:48:52.782307 0.000000 tcp 10.0.2.109 56191 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:48:58.791246 3.003379 tcp 10.0.2.109 56192 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:49:07.793824 0.000000 tcp 10.0.2.109 56192 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:50:25.858276 3.002511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 23:50:32.865986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:50:40.867557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:50:56.870731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:51:28.876607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:54:13.794414 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/08 23:54:13.794563 2.996428 tcp 10.0.2.109 56193 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:54:22.802811 0.000000 tcp 10.0.2.109 56193 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:54:28.796618 0.053013 tcp 10.0.2.109 56194 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:54:28.849915 0.066815 tcp 10.0.2.109 56195 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:54:28.917010 0.162169 tcp 10.0.2.109 56196 -> 195.113.214.249 443 SRPA* 0 0 37 26980 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:54:29.196411 2.993903 tcp 10.0.2.109 56197 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:54:38.188864 0.000000 tcp 10.0.2.109 56197 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:54:44.198049 0.056155 tcp 10.0.2.109 56198 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:54:44.254515 0.125466 tcp 10.0.2.109 56199 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:54:44.380242 0.148667 tcp 10.0.2.109 56200 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/08 23:54:44.626454 2.995924 tcp 10.0.2.109 56201 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:54:53.620934 0.000000 tcp 10.0.2.109 56201 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:54:59.619734 3.004184 tcp 10.0.2.109 56202 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:55:08.622488 0.000000 tcp 10.0.2.109 56202 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/08 23:57:32.882368 3.001452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/08 23:57:39.890114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:57:47.891803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:58:03.894708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/08 23:58:35.900719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:00:14.623280 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 00:00:14.623387 3.003345 tcp 10.0.2.109 56203 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:00:23.625360 0.000000 tcp 10.0.2.109 56203 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:00:29.625685 0.078922 tcp 10.0.2.109 56204 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:00:29.704889 0.061444 tcp 10.0.2.109 56205 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:00:29.766628 0.152096 tcp 10.0.2.109 56206 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:00:30.960047 3.000271 tcp 10.0.2.109 56207 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:00:39.958898 0.000000 tcp 10.0.2.109 56207 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:00:45.958062 0.052727 tcp 10.0.2.109 56208 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:00:46.011047 0.061450 tcp 10.0.2.109 56209 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:00:46.072842 0.145790 tcp 10.0.2.109 56210 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:00:46.501426 3.001014 tcp 10.0.2.109 56211 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:00:55.622292 0.000000 tcp 10.0.2.109 56211 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:01:01.566553 2.980156 tcp 10.0.2.109 56212 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:01:10.502836 0.000000 tcp 10.0.2.109 56212 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:04:54.917805 3.002109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 00:05:01.925319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:05:09.927166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:05:25.930259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:05:57.936474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:12:11.945845 3.012398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 00:12:15.008398 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 00:12:15.008553 0.053452 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:15.059917 0.486769 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:15.512816 0.408328 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:15.903053 0.077806 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:15.991411 0.181737 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:16.191311 0.368226 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:16.537318 0.105388 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:16.540579 3.004135 tcp 10.0.2.109 56213 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:12:16.646661 0.053726 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:16.709815 0.343009 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:17.052196 0.358313 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:17.389461 0.428339 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:17.819221 0.234530 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:18.050211 0.126205 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:18.136983 0.346259 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:18.488696 0.157176 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 1988 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:18.636956 0.172211 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:18.787387 0.239757 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:18.963804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:12:18.986438 0.351002 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:19.370961 0.249995 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:19.584873 0.385015 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:19.952230 0.071071 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:20.006222 0.327420 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:20.335655 0.111247 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:20.413277 0.404894 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:20.819580 0.231760 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:21.028592 0.089829 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:21.093853 0.075781 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:21.171005 0.164954 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:21.317548 0.165541 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:21.479932 0.412120 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:21.871221 0.740031 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:12:25.543729 0.000000 tcp 10.0.2.109 56213 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:12:26.965421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:12:31.543345 0.052313 tcp 10.0.2.109 56214 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:12:31.595912 0.062281 tcp 10.0.2.109 56215 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:12:31.658458 0.153669 tcp 10.0.2.109 56216 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:12:31.821403 2.995300 tcp 10.0.2.109 56217 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:12:40.814659 0.000000 tcp 10.0.2.109 56217 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:12:42.968770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:13:14.974733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:17:46.815583 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 00:17:46.815744 2.993677 tcp 10.0.2.109 56218 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:17:55.809141 0.000000 tcp 10.0.2.109 56218 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:18:01.818558 0.055725 tcp 10.0.2.109 56219 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:18:01.874529 0.061662 tcp 10.0.2.109 56220 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:18:01.936393 0.147381 tcp 10.0.2.109 56221 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:18:02.491103 3.001072 tcp 10.0.2.109 56222 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:18:11.490923 0.000000 tcp 10.0.2.109 56222 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:18:17.490307 0.052256 tcp 10.0.2.109 56223 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:18:17.542905 0.061197 tcp 10.0.2.109 56224 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:18:17.604377 0.151678 tcp 10.0.2.109 56225 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:18:18.126496 3.000160 tcp 10.0.2.109 56226 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:18:27.124964 0.000000 tcp 10.0.2.109 56226 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:18:33.122145 3.004254 tcp 10.0.2.109 56227 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:18:42.124736 0.000000 tcp 10.0.2.109 56227 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:19:18.980441 3.002036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 00:19:25.987765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:19:33.989505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:19:49.993023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:20:21.998382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:23:48.125432 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 00:23:48.125534 2.993338 tcp 10.0.2.109 56228 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:23:57.117588 0.000000 tcp 10.0.2.109 56228 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:24:03.128300 0.052061 tcp 10.0.2.109 56229 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:24:03.180597 0.060834 tcp 10.0.2.109 56230 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:24:03.241732 0.146464 tcp 10.0.2.109 56231 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:24:03.427423 3.003658 tcp 10.0.2.109 56232 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:24:12.429717 0.000000 tcp 10.0.2.109 56232 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:24:18.428898 0.052345 tcp 10.0.2.109 56233 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:24:18.481522 0.060862 tcp 10.0.2.109 56234 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:24:18.542716 0.149416 tcp 10.0.2.109 56235 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:24:18.724142 2.998824 tcp 10.0.2.109 56236 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:24:27.721746 0.000000 tcp 10.0.2.109 56236 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:24:33.721443 3.003256 tcp 10.0.2.109 56237 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:24:42.723461 0.000000 tcp 10.0.2.109 56237 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:26:26.004778 3.003622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 00:26:33.011846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:26:41.013285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:26:57.017276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:27:29.022794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:29:48.723045 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 00:29:48.723144 3.004250 tcp 10.0.2.109 56238 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:29:57.736255 0.000000 tcp 10.0.2.109 56238 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:30:03.726467 0.055579 tcp 10.0.2.109 56239 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:30:03.782395 0.059594 tcp 10.0.2.109 56240 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:30:03.842326 0.157721 tcp 10.0.2.109 56241 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:30:04.216239 2.993394 tcp 10.0.2.109 56242 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:30:13.208604 0.000000 tcp 10.0.2.109 56242 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:30:19.217892 0.052841 tcp 10.0.2.109 56243 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:30:19.270988 0.060688 tcp 10.0.2.109 56244 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:30:19.331953 0.151419 tcp 10.0.2.109 56245 -> 195.113.214.249 443 SRPA* 0 0 77 56866 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:30:19.547636 3.004121 tcp 10.0.2.109 56246 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:30:28.550526 0.000000 tcp 10.0.2.109 56246 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:30:34.549327 3.009611 tcp 10.0.2.109 56247 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:30:43.554468 0.000000 tcp 10.0.2.109 56247 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:33:33.028316 3.002125 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 00:33:40.035796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:33:48.037191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:34:04.040358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:34:36.046438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:35:49.552496 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 00:35:49.552633 3.003648 tcp 10.0.2.109 56248 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:35:58.554932 0.000000 tcp 10.0.2.109 56248 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:36:04.555447 0.052544 tcp 10.0.2.109 56249 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:36:04.608261 0.060405 tcp 10.0.2.109 56250 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:36:04.668949 0.156690 tcp 10.0.2.109 56251 -> 195.113.214.249 443 SRPA* 0 0 41 22612 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:36:04.867827 3.000628 tcp 10.0.2.109 56252 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:36:13.877013 0.000000 tcp 10.0.2.109 56252 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 00:40:40.053475 3.070637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 00:40:47.096366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:40:55.071242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:41:11.079312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:41:43.080581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:42:42.295665 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 00:42:42.295805 0.045286 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:42:42.338403 0.080397 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:42:42.396977 0.512538 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:42:42.874732 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 00:42:49.876457 0.607684 tcp 10.0.2.109 56253 -> 176.73.169.112 1959 FSPA* 0 0 14 1668 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:42:59.552209 0.053124 tcp 10.0.2.109 56254 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:42:59.605596 0.059356 tcp 10.0.2.109 56255 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:42:59.665197 0.155868 tcp 10.0.2.109 56256 -> 195.113.214.249 443 SRPA* 0 0 42 21256 flow=From-Botnet-V1-TCP-Established 1970/02/09 00:42:59.821618 0.177818 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:00.038655 0.219075 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:00.236613 0.093182 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:00.393205 0.061762 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:00.466079 0.336515 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:00.858823 0.181687 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:01.034528 0.361412 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:01.376810 0.419257 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:01.806712 0.119528 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:01.890513 0.336719 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:02.257117 0.147470 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:02.396997 0.172361 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:02.542511 0.240403 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:02.741157 0.397603 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:03.120279 0.072141 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:03.174441 0.353210 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:03.524170 0.372725 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:03.862491 0.323324 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:04.206706 0.113594 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:04.281245 0.408276 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:04.718696 0.167847 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:04.863027 0.093880 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:04.966043 0.167412 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:05.130872 0.420610 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:05.528820 0.076077 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:05.663230 0.158953 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:43:05.803986 0.705106 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/09 00:47:47.086781 3.026901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 00:47:54.103613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:48:02.105435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:48:18.108402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:48:50.114464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:55:34.127725 3.001820 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 00:55:41.135121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:55:49.137799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:56:05.143031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 00:56:37.145847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:02:50.154492 3.002266 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 01:02:57.162979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:03:05.163491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:03:21.166723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:03:53.173033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:09:57.178446 3.001739 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 01:10:04.186561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:10:12.187690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:10:28.190574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:11:00.196419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:12:50.485684 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 01:12:50.485790 0.499145 tcp 10.0.2.109 56257 -> 176.73.169.112 1959 FSPA* 0 0 14 1630 flow=From-Botnet-V1-TCP-Established 1970/02/09 01:13:11.025247 0.403453 rtp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:11.410274 0.077930 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:11.501730 0.053895 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:11.553734 0.430300 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:11.940355 0.178314 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:12.086918 0.219070 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:12.285255 0.093463 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:12.388578 0.051514 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 1974 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:12.465290 0.342786 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 1989 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:12.807438 0.172846 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:12.976897 0.123853 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:13.060441 0.372292 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:13.411342 0.438742 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:13.850293 0.339737 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2547 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:14.206265 0.154275 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:14.352425 0.168144 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:14.497959 0.239874 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:14.698930 0.350138 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:15.045779 0.257402 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:15.267102 0.398299 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:15.647018 0.078526 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:15.706596 0.327733 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:16.043223 0.119512 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:16.125924 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 01:13:31.125349 0.052723 tcp 10.0.2.109 56258 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 01:13:31.178419 0.061184 tcp 10.0.2.109 56259 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 01:13:31.239896 0.148252 tcp 10.0.2.109 56260 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 01:13:31.388724 0.168494 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:31.533309 0.084512 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:31.594077 0.075993 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:31.691108 0.161969 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:31.839770 0.168588 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:32.005447 0.404383 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:13:32.393321 0.702193 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:17:04.202241 3.029566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 01:17:11.224650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:17:19.221566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:17:35.224775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:18:07.230970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:24:11.236701 3.001840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 01:24:18.244751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:24:26.245639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:24:42.249464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:25:14.255023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:31:18.262283 3.000131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 01:31:25.267999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:31:33.269769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:31:49.272887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:32:21.278533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:38:25.285412 3.000972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 01:38:32.292059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:38:40.294916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:38:56.296716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:39:28.302487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:42:50.984529 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 01:42:50.984759 0.494697 tcp 10.0.2.109 56261 -> 176.73.169.112 1959 FSPA* 0 0 14 1642 flow=From-Botnet-V1-TCP-Established 1970/02/09 01:43:53.374633 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 01:43:53.374727 0.406840 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:43:53.901507 0.044899 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:43:53.944873 0.430786 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:43:54.332444 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 01:44:09.881428 0.033873 tcp 10.0.2.109 56262 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 01:44:09.915609 0.062226 tcp 10.0.2.109 56263 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 01:44:09.978358 0.202196 tcp 10.0.2.109 56264 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 01:44:10.181092 0.080604 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:10.241414 0.222076 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:10.752196 0.105601 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:10.882903 0.051598 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:11.037114 0.338465 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:11.433031 0.241060 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:11.702779 0.174891 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:11.873506 0.350088 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:12.258946 0.378386 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:12.622653 0.121861 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:12.707052 0.172520 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:12.945920 0.244471 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2554 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:13.145762 0.348954 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:13.491070 0.177977 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:13.643736 0.336555 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2592 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:14.043282 0.325142 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:14.415330 0.252200 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:14.630543 0.395314 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:15.005569 0.073839 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:15.077885 0.109191 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:15.153484 0.167972 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:15.297885 0.088972 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:15.439540 0.075474 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2003 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:15.542404 0.155621 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:15.685799 0.168620 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:15.851399 0.410162 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 1919 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:44:16.244111 0.603865 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/09 01:45:32.308482 3.002325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 01:45:39.316117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:45:47.317468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:46:03.320403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:46:35.327494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:54:27.337450 3.001922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 01:54:34.345710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:54:42.347079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:54:58.349838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 01:55:30.355690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:01:56.374107 3.001574 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 02:02:03.380927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:02:11.383338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:02:27.385550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:02:59.391350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:09:09.406020 3.001679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 02:09:16.413515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:09:24.414917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:09:40.418138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:10:12.424077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:12:51.483133 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 02:12:51.483336 0.558227 tcp 10.0.2.109 56265 -> 176.73.169.112 1959 FSPA* 0 0 15 1783 flow=From-Botnet-V1-TCP-Established 1970/02/09 02:14:27.180516 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 02:14:27.180717 0.400443 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:27.564218 0.404038 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:27.966930 0.045712 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:28.009757 0.458955 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:28.432957 0.076832 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:28.599994 0.219574 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:28.796995 0.093318 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:28.899154 0.051532 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:29.106800 0.174085 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:29.277576 0.329928 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:29.606814 0.180165 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:29.754735 0.120026 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:29.836225 0.169571 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:29.982562 0.330904 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:30.347197 0.387456 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:30.716047 0.238602 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:30.913108 0.354193 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:31.263257 0.155604 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:31.409408 0.341489 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:31.808525 0.388218 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:32.177385 0.324255 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:32.983164 0.257364 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:33.201876 0.070091 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:33.380003 0.112498 rtp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:33.457224 0.169530 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:33.603261 0.088654 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:33.763580 0.072021 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:33.857676 0.152832 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:33.999626 0.165557 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:34.162674 0.411486 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:14:34.555700 0.720178 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:16:20.435665 3.001801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 02:16:27.443122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:16:35.444729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:16:51.447890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:17:23.453606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:23:27.459878 3.001585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 02:23:34.467193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:23:42.473216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:23:58.471716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:24:30.477890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:30:34.484066 3.004809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 02:30:41.493659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:30:49.498505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:31:05.495687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:31:37.501600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:37:41.508500 3.000715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 02:37:48.515350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:37:56.516731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:38:12.519673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:38:44.527298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:42:52.042293 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 02:42:52.042408 0.747511 tcp 10.0.2.109 56266 -> 176.73.169.112 1959 FSPA* 0 0 14 1664 flow=From-Botnet-V1-TCP-Established 1970/02/09 02:44:37.323117 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 02:44:37.323315 0.054596 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:37.372266 0.408744 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:37.762466 0.409359 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:38.198012 0.443141 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:38.598491 0.084914 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:38.716445 0.220540 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:38.913897 0.105433 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:39.031133 0.053437 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:39.146791 0.180166 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2655 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:39.296182 0.121155 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:39.378951 0.173359 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:39.529483 0.174019 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:39.700275 0.335847 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:40.079678 0.455944 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:40.542700 0.363944 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:40.886575 0.243716 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:41.088811 0.340161 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:41.438639 0.349997 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:41.859842 0.204258 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:42.008701 0.396694 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:42.384687 0.326472 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:42.712548 0.251902 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:42.926620 0.072305 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:43.030357 0.108902 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:43.104020 0.167536 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:43.247825 0.085084 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:43.328808 0.076104 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:43.458783 0.150059 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:43.597962 0.709809 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:44.067483 0.167395 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:44.231732 0.406887 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/09 02:44:48.536018 2.997484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 02:44:55.538854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:45:03.540789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:45:19.543638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:45:51.549472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:54:01.557032 3.001445 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 02:54:08.564265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:54:16.565552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:54:32.570360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 02:55:04.574473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:01:16.592284 3.001468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 03:01:23.599828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:01:31.601297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:01:47.604067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:02:19.610020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:08:40.620841 3.001715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 03:08:47.627641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:08:55.629379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:09:11.632625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:09:43.639039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:12:52.790519 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 03:12:52.790651 0.498141 tcp 10.0.2.109 56267 -> 176.73.169.112 1959 FSPA* 0 0 14 1499 flow=From-Botnet-V1-TCP-Established 1970/02/09 03:15:01.485801 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 03:15:01.485980 0.077442 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:01.555590 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 03:15:17.330306 0.069093 tcp 10.0.2.109 56268 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/09 03:15:17.399763 0.111012 tcp 10.0.2.109 56269 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/09 03:15:17.511025 0.129969 tcp 10.0.2.109 56270 -> 195.113.214.249 443 SRPA* 0 0 35 26913 flow=From-Botnet-V1-TCP-Established 1970/02/09 03:15:17.642300 0.080201 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:17.700140 0.218907 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:17.897149 0.105403 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:18.020008 0.408339 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:18.448873 0.462440 rtp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:18.864915 0.052281 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:18.948806 0.176184 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:19.097658 0.122409 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:19.181493 0.169757 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:19.328818 0.171107 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:19.496148 0.340617 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:19.836097 0.396140 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:20.233463 0.351711 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:20.564141 0.239198 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:20.763296 0.342303 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:21.129071 0.405161 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:21.530343 0.297664 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:21.730252 0.310046 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:22.003387 0.069118 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:22.068631 0.384988 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:22.436134 0.326293 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:22.781899 0.118929 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:22.863879 0.166254 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:23.007410 0.096501 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:23.078619 0.075908 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:23.164526 0.163446 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:23.306128 0.408779 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:23.695909 0.806268 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:24.261572 0.166509 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:15:47.644052 3.002296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 03:15:54.652143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:16:02.653475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:16:18.656326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:16:50.662782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:22:54.669446 3.004215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 03:23:01.676083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:23:09.681258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:23:25.680351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:23:57.686543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:30:01.698306 2.998405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 03:30:08.699362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:30:16.716046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:30:32.714135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:31:04.723853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:37:08.726453 3.001965 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 03:37:15.733963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:37:23.734863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:37:39.738605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:38:11.744155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:42:53.289583 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 03:42:53.289668 0.625801 tcp 10.0.2.109 56271 -> 176.73.169.112 1959 FSPA* 0 0 14 1526 flow=From-Botnet-V1-TCP-Established 1970/02/09 03:44:15.750881 3.001705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 03:44:22.757945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:44:30.759141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:44:46.762665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:45:18.768376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:45:51.646901 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 03:45:51.646998 0.406757 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:52.035582 0.051652 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:52.250607 0.117752 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:52.382552 0.083132 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:52.442718 0.219571 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:52.641910 0.409857 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:53.073754 0.467450 rtp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:53.495466 0.053654 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:53.582092 0.169004 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:53.726681 0.175123 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:53.899184 0.316308 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:54.215048 0.178908 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:54.361572 0.122907 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:54.637471 0.331754 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:55.010099 0.340522 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:55.329142 0.232301 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 1961 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:55.526437 0.185151 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:55.703387 0.252563 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:55.920683 0.336148 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:56.289921 0.425733 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:56.711915 0.072285 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:56.767022 0.391132 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:57.136623 0.343184 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:57.586460 0.117728 rtp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:57.772530 0.166723 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:57.915796 0.194104 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:58.067943 0.413055 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:58.461476 0.090986 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:58.528392 0.075560 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:58.631462 0.761475 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:45:59.153112 0.256023 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/09 03:53:41.783819 3.014706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 03:53:48.802008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:53:56.803191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:54:12.805610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 03:54:44.812420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:00:48.818515 3.001587 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 04:00:55.825401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:01:03.827434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:01:19.830356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:01:51.838704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:08:04.845331 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 04:08:11.852695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:08:19.853927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:08:35.856908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:09:07.863147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:12:53.919114 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 04:12:53.919257 0.564477 tcp 10.0.2.109 56272 -> 176.73.169.112 1959 FSPA* 0 0 14 1513 flow=From-Botnet-V1-TCP-Established 1970/02/09 04:15:11.869719 3.001186 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 04:15:18.876876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:15:26.878039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:15:42.881203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:16:12.994703 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 04:16:12.994906 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 04:16:14.887112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:16:31.012278 0.051645 tcp 10.0.2.109 56273 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 04:16:31.064197 0.062697 tcp 10.0.2.109 56274 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 04:16:31.127248 0.183618 tcp 10.0.2.109 56275 -> 195.113.214.249 443 SRPA* 0 0 36 26969 flow=From-Botnet-V1-TCP-Established 1970/02/09 04:16:31.311411 0.080346 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:31.372009 0.218688 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:31.569075 0.408143 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:31.994708 0.054347 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:32.040227 0.093582 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:32.135218 0.462519 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:32.547338 0.053822 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:32.617412 0.169618 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:32.763430 0.232975 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:32.993733 0.252634 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:33.352266 0.329264 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:33.694772 0.330227 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:34.066076 0.176194 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:34.213569 0.358822 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 1969 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:34.554375 0.239186 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:34.752011 0.167464 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:34.905925 0.244770 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:35.111770 0.069836 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:35.165615 0.332243 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:35.502793 0.384309 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:35.882619 0.399309 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:36.259410 0.366955 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:36.627357 0.111475 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:36.704501 0.166836 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:36.850004 0.092609 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:36.956278 0.075901 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:37.084475 0.188921 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:37.239041 0.409525 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:37.626391 0.724076 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:16:38.111578 0.167016 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:22:18.895780 3.040192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 04:22:25.921297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:22:33.914933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:22:49.915108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:23:21.926884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:29:25.926359 3.002428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 04:29:32.937967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:29:40.938683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:29:56.941232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:30:28.944875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:36:32.951467 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 04:36:39.958378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:36:47.962727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:37:03.976864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:37:35.982448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:42:54.487967 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 04:42:54.488152 3.434446 tcp 10.0.2.109 56276 -> 176.73.169.112 1959 FSPA* 0 0 14 1653 flow=From-Botnet-V1-TCP-Established 1970/02/09 04:43:39.984917 3.001820 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 04:43:46.992625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:43:54.993421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:44:10.996345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:44:43.003006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:46:39.090383 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 04:46:39.090531 0.403052 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:39.474739 0.407530 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:39.900684 0.055736 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:39.953966 0.080252 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:40.037714 0.217666 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:40.234301 0.093550 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:40.379913 0.479234 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2524 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:40.823155 0.052443 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:40.892261 0.168260 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:41.037815 0.170422 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:41.205460 0.349600 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:41.553921 0.122922 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:41.638394 0.328182 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:42.002996 0.175533 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:42.241807 0.346545 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:42.568335 0.238130 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:42.767379 0.146986 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:42.906737 0.356915 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:43.289147 0.434988 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:43.720213 0.244492 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:43.929699 0.072705 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:43.983344 0.396931 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:44.358668 0.368659 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:44.756014 0.109186 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:44.832475 0.168983 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:44.979362 0.088700 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:45.043654 0.072115 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:45.118806 0.215954 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:45.271750 0.408615 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:45.662164 0.736213 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:46:46.158608 0.168317 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/09 04:50:47.009099 3.003864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 04:50:54.018453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:51:02.017975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:51:18.020955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:51:50.027189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:57:54.033178 3.001739 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 04:58:01.042636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:58:09.042475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:58:25.044976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 04:58:57.050962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:05:25.061513 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 05:05:32.069052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:05:40.070762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:05:56.073475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:06:28.079560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:12:34.087689 3.002232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 05:12:41.096410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:12:49.097313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:12:57.930489 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 05:12:57.930659 0.451320 tcp 10.0.2.109 56277 -> 176.73.169.112 1959 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/02/09 05:13:05.100619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:13:37.106533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:16:53.418890 0.099263 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 05:16:53.518302 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 05:17:08.614712 0.032837 tcp 10.0.2.109 56278 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 05:17:08.647856 0.061108 tcp 10.0.2.109 56279 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 05:17:08.709301 0.132889 tcp 10.0.2.109 56280 -> 195.113.214.249 443 SRPA* 0 0 68 42897 flow=From-Botnet-V1-TCP-Established 1970/02/09 05:17:08.842924 0.108344 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:09.002446 0.406711 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:09.391022 0.409998 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:09.824827 0.220882 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:10.023278 0.105907 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:10.172267 0.469440 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:10.590724 0.052541 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:10.755641 0.170889 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:10.904613 0.247118 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:11.114196 0.374217 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:11.565940 0.177006 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:11.740179 0.315485 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:12.063955 0.180940 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:12.213796 0.348841 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:12.544267 0.241334 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:12.743444 0.201877 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:12.919491 0.238516 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:13.126101 0.066771 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:13.322193 0.340087 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:13.708062 0.374717 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:14.079054 0.387490 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:14.446297 0.362746 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:14.810872 0.108155 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:14.883029 0.167174 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:15.028488 0.089590 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:15.143451 0.409481 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:15.531635 0.076236 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:15.691559 0.174826 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:15.835679 0.696604 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:17:16.293000 0.167689 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:19:41.111815 3.002292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 05:19:48.119595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:19:56.126864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:20:12.124305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:20:44.130507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:26:48.136847 3.001028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 05:26:55.144917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:27:03.145366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:27:19.148301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:27:51.154502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:33:55.160063 3.001571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 05:34:02.167498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:34:10.169255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:34:26.172505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:34:58.178587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:41:02.184783 3.000899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 05:41:09.191475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:41:17.192990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:41:33.195966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:42:05.202432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:42:58.389423 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 05:42:58.389648 0.555830 tcp 10.0.2.109 56281 -> 176.73.169.112 1959 FSPA* 0 0 14 1592 flow=From-Botnet-V1-TCP-Established 1970/02/09 05:47:34.696284 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 05:47:34.696376 0.051913 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:34.746653 0.079515 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:34.846729 0.217440 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:35.043774 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 05:47:53.905318 0.033669 tcp 10.0.2.109 56282 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 05:47:53.939254 0.061398 tcp 10.0.2.109 56283 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 05:47:54.000926 0.149661 tcp 10.0.2.109 56284 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/09 05:47:54.151145 0.409436 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:54.576790 0.105586 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:54.767706 0.452359 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:55.180447 0.052065 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:55.262470 0.166986 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:55.406996 0.174211 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:55.577546 0.337407 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:55.914347 0.514885 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:56.388738 0.443715 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:56.928051 0.177347 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:57.075420 0.352204 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:57.406109 0.241225 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:57.604152 0.149829 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:57.745100 0.336533 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:58.254876 0.248563 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:58.467876 0.070911 rtcp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:58.520368 0.408652 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:58.925015 0.393713 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:59.299862 0.364536 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:59.850848 0.111524 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:47:59.927927 0.168442 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:48:00.073539 0.075504 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:48:00.219638 0.190165 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:48:00.379451 0.091810 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:48:00.448092 0.404236 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:48:00.832480 0.567473 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:48:01.299925 0.169210 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/09 05:48:09.209518 3.000913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 05:48:16.215458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:48:24.217355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:48:40.220076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:49:12.226331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:55:44.241784 2.992147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 05:55:51.243215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:55:59.241335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:56:15.244195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 05:56:47.250697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:02:51.256324 3.002106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 06:02:58.263674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:03:06.265263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:03:22.268216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:03:54.274792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:09:58.281426 3.000611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 06:10:05.287575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:10:13.289114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:10:29.292639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:11:01.298268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:12:58.947845 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 06:12:58.947974 0.441917 tcp 10.0.2.109 56285 -> 176.73.169.112 1959 FSPA* 0 0 15 1800 flow=From-Botnet-V1-TCP-Established 1970/02/09 06:17:05.304032 3.011984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 06:17:12.321880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:17:20.323125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:17:36.328705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:18:08.342192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:18:29.800681 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 06:18:29.800837 0.402678 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:30.183358 0.073282 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:30.453439 0.051896 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:30.626983 0.216875 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:30.822012 0.407698 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:31.274668 0.094102 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:31.403794 0.596788 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:31.954748 0.053540 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:32.132552 0.170158 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:32.280118 0.177042 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:32.454651 0.330119 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:32.784348 0.496693 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:33.244629 0.434708 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:33.706092 0.179650 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:33.892681 0.349592 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:34.220997 0.235761 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 1998 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:34.420044 0.147753 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2617 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:34.560250 0.069006 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:34.613326 0.446888 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:35.056284 0.342003 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:35.455921 0.244374 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:35.665210 0.115396 udp 10.0.2.109 3683 <-> 94.66.252.112 6063 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:35.742979 0.395399 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:36.119026 0.351384 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:36.503196 0.167207 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:36.647441 0.075517 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:36.751309 0.211111 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:36.901623 0.087867 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:36.997316 0.412895 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:37.389850 0.716958 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:18:37.886298 0.167029 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:24:12.348300 3.014711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 06:24:19.365594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:24:27.367606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:24:43.371030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:25:15.376901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:31:19.384493 3.000176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 06:31:26.389526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:31:34.391095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:31:50.394349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:32:22.399966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:38:26.409120 2.998871 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 06:38:33.413894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:38:41.415249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:38:57.418442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:39:29.424141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:42:59.396622 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 06:42:59.396752 0.486777 tcp 10.0.2.109 56286 -> 176.73.169.112 1959 FSPA* 0 0 15 1655 flow=From-Botnet-V1-TCP-Established 1970/02/09 06:45:33.430173 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 06:45:40.437410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:45:48.439217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:46:04.447310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:46:36.448512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:48:56.870162 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 06:48:56.870244 0.047460 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:56.915956 0.221339 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:57.115992 0.407760 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:57.505338 0.082487 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:57.825695 0.457807 rtp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:58.238567 0.409212 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:58.656561 0.105499 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:58.790294 0.052779 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:58.895288 0.169593 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:59.039431 0.174952 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:59.209938 0.343930 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:59.566721 0.174935 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:59.714529 0.124659 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:48:59.819922 0.439206 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:00.260668 0.356319 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:00.595078 0.239563 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:00.791487 0.160514 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:00.947941 0.070302 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:01.006140 0.432850 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:01.435093 0.000000 udp 10.0.2.109 3683 -> 94.66.252.112 6063 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 06:49:18.883663 0.053267 tcp 10.0.2.109 56287 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 06:49:18.937227 0.061550 tcp 10.0.2.109 56288 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 06:49:18.999049 0.136066 tcp 10.0.2.109 56289 -> 195.113.214.249 443 SRPA* 0 0 39 27981 flow=From-Botnet-V1-TCP-Established 1970/02/09 06:49:19.135595 0.340325 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:19.491530 0.254447 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:19.710797 0.405656 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:20.092595 0.366012 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:20.538837 0.167092 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:20.684241 0.075913 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:20.900723 0.198749 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:21.055178 0.086695 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:21.133663 0.169171 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:21.299774 0.403405 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:49:21.686495 0.488515 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/09 06:54:26.456797 3.028565 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 06:54:33.474021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:54:41.475428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:54:57.478676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 06:55:29.484848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:01:55.501918 3.001823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 07:02:02.509523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:02:10.515211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:02:26.513942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:02:58.520582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:09:08.535104 3.001419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 07:09:15.542396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:09:23.543471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:09:39.546428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:10:11.555050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:12:59.885780 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 07:12:59.885914 0.490012 tcp 10.0.2.109 56290 -> 176.73.169.112 1959 FSPA* 0 0 15 1797 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:16:19.565335 3.039551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 07:16:26.590330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:16:34.583364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:16:50.586505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:17:22.592616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:19:49.544006 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 07:19:49.590453 0.000000 udp 10.0.2.109 3683 -> 94.66.252.112 6063 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 07:20:04.807744 0.032195 tcp 10.0.2.109 56291 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:20:04.840210 0.059636 tcp 10.0.2.109 56292 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:20:04.900190 0.168627 tcp 10.0.2.109 56293 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:20:05.069428 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 07:20:20.919492 0.033943 tcp 10.0.2.109 56294 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:20:20.953742 0.062433 tcp 10.0.2.109 56295 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:20:21.016548 0.151138 tcp 10.0.2.109 56296 -> 195.113.214.249 443 SRPA* 0 0 59 36454 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:20:21.167929 0.219622 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:21.365671 0.406916 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:21.766132 0.075133 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:21.826491 0.105809 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:22.023196 0.053849 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:22.252400 0.169898 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:22.400138 0.408734 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:22.975412 0.629407 rtp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:23.568435 0.299451 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:23.980364 0.624206 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:24.568238 0.176407 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:24.741885 0.350970 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:25.267294 0.239052 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:25.466286 0.283641 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:25.606294 0.072411 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:25.707575 0.379051 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:26.067496 0.379355 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:26.536568 0.419277 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:27.168481 0.342438 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:27.602298 0.543298 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:28.112037 0.386699 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:28.482911 0.352220 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:28.966122 0.168159 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:29.111478 0.075727 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:29.201877 0.218532 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:29.362461 0.420244 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:29.765590 0.094095 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:29.988620 0.360883 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:20:30.335992 0.873200 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:23:26.597881 3.002279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 07:23:33.606785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:23:41.607492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:23:57.610840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:24:29.616427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:30:33.622000 3.002162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 07:30:40.629698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:30:48.631334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:31:04.634604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:31:36.640743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:37:40.647793 3.000322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 07:37:47.660317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:37:55.655263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:38:11.658937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:38:43.664815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:43:00.383981 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 07:43:00.384119 0.471566 tcp 10.0.2.109 56297 -> 176.73.169.112 1959 FSPA* 0 0 15 1725 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:44:47.674959 2.996916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 07:44:54.677916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:45:02.681371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:45:18.683211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:45:50.688599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:50:51.811334 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 07:50:51.811525 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 07:51:10.620203 0.032795 tcp 10.0.2.109 56298 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:51:10.653314 0.062966 tcp 10.0.2.109 56299 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:51:10.716594 0.150970 tcp 10.0.2.109 56300 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 07:51:10.868155 0.077186 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:10.931290 0.106406 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:11.074696 0.052423 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:11.156560 0.216836 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:11.353195 0.402253 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2003 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:11.737694 0.174795 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:11.888716 0.405532 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:12.309777 0.576152 udp 10.0.2.109 3683 <-> 59.115.44.141 2346 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:12.854246 0.176370 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:13.047080 0.596718 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:13.607006 0.173669 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:13.776157 0.329228 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:14.157938 0.239039 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:14.359204 0.232254 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:14.509264 0.071025 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:14.591789 0.355162 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:14.929468 0.432839 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:15.386628 0.393097 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:15.775767 0.343686 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:16.137327 0.325702 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:16.554944 0.250394 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:16.771161 0.393545 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:17.147158 0.169062 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:17.292397 0.075681 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:17.391346 0.212506 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:17.544574 0.409734 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:17.933743 0.087375 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:18.001773 0.170273 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:51:18.168554 0.681247 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/09 07:54:04.701283 3.001640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 07:54:11.708825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:54:19.710535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:54:35.713724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 07:55:07.719265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:01:13.728522 3.001279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 08:01:20.734884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:01:28.736920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:01:44.740354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:02:16.756175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:08:36.764923 3.002138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 08:08:43.772526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:08:51.774240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:09:07.776766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:09:39.783061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:13:00.862530 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 08:13:00.862699 0.469750 tcp 10.0.2.109 56301 -> 176.73.169.112 1959 FSPA* 0 0 15 1800 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:15:43.789357 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 08:15:50.795946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:15:58.798018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:16:14.801030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:16:46.806542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:21:35.373052 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 08:21:35.373161 0.052448 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:21:35.471622 0.218037 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:21:35.667251 0.078970 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:21:35.873849 0.106417 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:21:36.011245 0.331356 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:21:36.340954 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 08:21:51.606776 0.056921 tcp 10.0.2.109 56302 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:21:51.664041 0.064491 tcp 10.0.2.109 56303 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:21:51.728849 0.157448 tcp 10.0.2.109 56304 -> 195.113.214.249 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:21:51.886902 0.169592 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:21:52.033353 0.000000 udp 10.0.2.109 3683 -> 59.115.44.141 2346 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 08:22:09.955302 0.225315 tcp 10.0.2.109 56305 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:22:10.180898 0.060971 tcp 10.0.2.109 56306 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:22:10.242352 0.157464 tcp 10.0.2.109 56307 -> 195.113.214.249 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:22:10.400499 0.175490 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:10.548367 0.155452 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:10.940896 0.237819 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:11.316327 0.154979 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:11.574852 0.238097 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:11.810479 0.337072 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:12.310791 0.069064 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:12.413547 0.359963 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:12.752799 0.424649 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:13.216842 0.394842 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:13.709104 0.343580 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:14.100040 0.386573 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:14.465338 0.167550 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:14.609912 0.327408 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:14.951465 0.657454 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:15.571832 0.075785 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:15.743075 0.216711 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:15.899381 0.403780 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:16.285516 0.092539 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:16.354340 0.167516 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:16.518545 0.590976 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:22:50.813160 3.001755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 08:22:57.820300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:23:05.821848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:23:21.824850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:23:53.830712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:29:57.836443 3.002394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 08:30:04.844209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:30:12.845383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:30:28.848853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:31:00.858893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:37:04.861110 3.001657 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 08:37:11.868803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:37:19.869882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:37:35.876695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:38:07.879861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:43:01.331513 0.040752 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 08:43:01.372452 0.642426 tcp 10.0.2.109 56308 -> 176.73.169.112 1959 FSPA* 0 0 14 1693 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:44:11.885464 3.004346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 08:44:18.895099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:44:26.893753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:44:42.896767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:45:14.902611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:52:41.074512 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 08:52:41.074724 0.407511 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:41.463340 0.000000 udp 10.0.2.109 3683 -> 59.115.44.141 2346 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 08:52:57.860575 0.034045 tcp 10.0.2.109 56309 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:52:57.894965 0.061881 tcp 10.0.2.109 56310 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:52:57.957174 0.162282 tcp 10.0.2.109 56311 -> 195.113.214.249 443 SRPA* 0 0 24 13822 flow=From-Botnet-V1-TCP-Established 1970/02/09 08:52:58.120057 0.053821 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:58.190944 0.079325 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:58.249860 0.233441 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:58.461216 0.106988 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:58.567603 0.310790 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:58.910663 0.169529 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:59.056235 0.175809 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:59.201661 0.192955 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:59.357147 0.177022 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:59.531609 0.336029 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:52:59.867387 0.239465 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:00.066209 0.264603 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:00.212640 0.071188 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:00.268400 0.371588 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:00.656731 0.438779 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 1924 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:01.094780 0.397759 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:01.489082 0.337280 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:01.836537 0.325316 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:02.179072 0.388901 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:02.549809 0.167313 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:02.695077 0.406416 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:03.068093 0.075985 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:03.219143 0.205779 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:03.364360 0.170118 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:03.531580 0.674294 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:03.986222 0.408741 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:04.374809 0.086879 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/09 08:53:39.918234 2.995051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 08:53:46.919420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:53:54.923780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:54:10.923033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 08:54:42.929557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:00:46.935779 3.001419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 09:00:53.943159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:01:01.944756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:01:17.947242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:01:49.953031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:07:53.959878 3.001123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 09:08:00.967432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:08:08.968898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:08:24.971789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:08:56.977593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:13:01.990498 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 09:13:01.990605 0.730910 tcp 10.0.2.109 56312 -> 176.73.169.112 1959 FSPA* 0 0 14 1541 flow=From-Botnet-V1-TCP-Established 1970/02/09 09:15:01.985125 3.000918 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 09:15:08.992760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:15:16.993846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:15:32.996997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:16:05.003078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:22:09.008223 3.046149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 09:22:16.030978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:22:24.027905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:22:40.032917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:23:12.037135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:23:33.878842 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 09:23:33.879014 0.409039 rtp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:34.268679 0.219922 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:34.465983 0.108016 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:34.573042 0.051440 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:34.654741 0.080841 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:34.754719 0.308822 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:35.081036 0.167531 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:35.227527 0.178282 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:35.374946 0.125944 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:35.458676 0.241162 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:35.657851 0.908178 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:36.553504 0.315435 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:36.877970 0.251465 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:37.024465 0.073030 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:37.079802 0.347310 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:37.535404 0.422073 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:37.962678 0.350624 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:38.309371 0.345895 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:38.682726 0.166122 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:38.825845 0.323678 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:39.166028 0.385389 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:39.530071 0.249152 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:39.743831 0.075562 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:39.850459 0.210437 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:40.005403 0.168469 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:40.170463 0.721617 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:40.651888 0.407993 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:23:41.040831 0.088720 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:29:16.042870 3.001813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 09:29:23.050404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:29:31.051897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:29:47.058679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:30:19.060991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:36:23.067067 3.001347 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 09:36:30.074504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:36:38.075633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:36:54.078803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:37:26.084939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:43:02.729426 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 09:43:02.729572 0.686030 tcp 10.0.2.109 56313 -> 176.73.169.112 1959 FSPA* 0 0 14 1664 flow=From-Botnet-V1-TCP-Established 1970/02/09 09:43:30.092197 3.000493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 09:43:37.098727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:43:45.099754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:44:01.102831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:44:33.108905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:50:37.115493 3.001251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 09:50:44.122309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:50:52.123630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:51:08.127082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:51:40.132780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:53:45.074808 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 09:53:45.074917 0.107452 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:53:45.181190 0.052232 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:53:45.282823 0.077590 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:53:45.339859 0.311493 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:53:45.674330 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 09:54:02.759702 0.054139 tcp 10.0.2.109 56314 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 09:54:02.814269 0.063586 tcp 10.0.2.109 56315 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 09:54:02.878241 0.139633 tcp 10.0.2.109 56316 -> 195.113.214.249 443 SRPA* 0 0 35 27765 flow=From-Botnet-V1-TCP-Established 1970/02/09 09:54:03.018743 0.218132 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:03.215490 0.170632 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:03.363359 0.178080 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:03.511279 0.120493 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:03.592048 0.237453 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:03.839291 0.322798 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:04.813906 0.067472 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:04.863437 0.173097 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:05.032688 0.336846 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:05.368738 0.378822 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:05.728994 0.362341 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:06.100238 0.170713 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:06.247101 0.349624 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:06.592698 0.340303 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:06.950573 0.327345 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:07.339799 0.395731 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:07.714471 0.252525 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:07.929931 0.075561 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:08.022855 0.214941 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:08.183622 0.409234 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:08.570020 0.167157 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:08.733721 0.692153 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:54:09.183898 0.085780 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 09:57:44.140921 2.999375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 09:57:51.146359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:57:59.147658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:58:15.150727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 09:58:47.156975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:05:14.176153 3.001179 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 10:05:21.183289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:05:29.184825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:05:45.187697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:06:17.193632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:12:28.199773 3.001807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 10:12:35.207534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:12:43.209259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:12:59.211809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:13:03.418285 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 10:13:03.418476 0.488522 tcp 10.0.2.109 56317 -> 176.73.169.112 1959 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/02/09 10:13:31.217915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:19:35.224226 3.058869 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 10:19:42.265902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:19:50.242937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:20:06.245681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:20:38.254532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:24:35.753556 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 10:24:35.753766 0.504536 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:36.142649 0.115690 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:36.286157 0.096238 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:36.380620 0.079154 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:36.586430 0.313885 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:36.954461 0.219977 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2614 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:37.150097 0.170145 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:37.296507 0.173735 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:37.500012 0.120750 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:37.581385 0.241943 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:37.781248 0.172044 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:37.950505 0.147966 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:38.090862 0.068696 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:38.144772 0.336848 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:38.506180 0.351187 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:38.836378 0.351801 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:39.220558 0.344300 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:39.582758 0.167265 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:39.727800 0.344467 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:40.106741 0.326322 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:40.502705 0.394915 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:40.876826 0.246794 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:41.085596 0.404125 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:41.469232 0.076129 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:41.575003 0.213091 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:41.722613 0.091966 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:41.813402 0.169096 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:24:41.979428 0.766788 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:26:42.259336 3.000210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 10:26:49.265259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:26:57.266296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:27:13.269777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:27:45.275998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:33:49.281801 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 10:33:56.289104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:34:04.290750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:34:20.293760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:34:52.299612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:40:56.305892 3.001714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 10:41:03.315281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:41:11.314662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:41:27.317531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:41:59.323716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:43:03.907154 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 10:43:03.907296 0.582789 tcp 10.0.2.109 56318 -> 176.73.169.112 1959 FSPA* 0 0 14 1531 flow=From-Botnet-V1-TCP-Established 1970/02/09 10:48:03.329710 3.066609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 10:48:10.372611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:48:18.348419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:48:34.351791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:49:06.368378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:55:05.584676 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 10:55:05.584832 0.119966 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:05.702910 0.077422 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:05.772833 0.342543 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:06.114360 0.408061 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:06.504116 0.051843 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:06.577192 0.220386 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:06.776397 0.185610 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:06.938940 0.311757 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:07.298283 0.117065 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:07.378836 0.240583 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:07.577652 0.176932 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:07.748656 0.186191 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:08.411882 0.070246 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:08.462405 0.337193 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:08.799091 0.377996 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:09.157797 0.163848 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2007 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:09.300179 0.353011 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:09.730560 0.332703 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:10.066747 0.396687 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:10.442204 0.341026 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:10.786626 0.332788 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:11.130988 0.248583 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:11.343836 0.411564 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:11.735189 0.075613 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:11.830739 0.230600 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:11.982068 0.092345 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:12.079878 0.195584 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:12.272872 0.678126 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/09 10:55:40.378089 3.001821 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 10:55:47.388601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:55:55.394404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:56:11.388934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 10:56:43.394749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:02:47.400647 3.002234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 11:02:54.408768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:03:02.409632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:03:18.415574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:03:50.418944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:09:54.424260 3.002307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 11:10:01.432012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:10:09.433976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:10:25.436571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:10:57.442633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:13:04.496056 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 11:13:04.496263 0.592745 tcp 10.0.2.109 56319 -> 176.73.169.112 1959 FSPA* 0 0 15 1760 flow=From-Botnet-V1-TCP-Established 1970/02/09 11:17:01.448557 3.045773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 11:17:08.552689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:17:16.485232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:17:32.480860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:18:04.486827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:24:08.492878 3.001786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 11:24:15.500264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:24:23.501864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:24:39.504793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:25:11.514855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:25:14.325056 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 11:25:14.325151 0.094266 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:14.496227 0.073805 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:14.549900 0.310026 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:14.979034 0.406404 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:15.368200 0.052711 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:15.428475 0.217553 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:15.627108 0.171551 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:15.775590 0.239209 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:15.976621 0.170425 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:16.143940 0.174063 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:16.291862 0.124440 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:16.377574 0.147090 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:16.516790 0.071922 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:16.572330 0.335179 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:16.906927 0.343434 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:17.227533 0.167450 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:17.372792 0.350442 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:17.719343 0.332382 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:18.050110 0.386479 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:18.416282 0.347317 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:18.809415 0.327995 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2546 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:19.206990 0.247302 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:19.418028 0.410590 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:19.812338 0.075491 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:19.922359 0.189456 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:20.108871 0.204032 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:20.271796 0.095312 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:25:20.361583 0.793495 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:31:15.516568 3.001784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 11:31:22.524121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:31:30.525587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:31:46.528818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:32:18.538852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:38:22.540652 3.001317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 11:38:29.548564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:38:37.549505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:38:53.552382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:39:25.558629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:43:05.094748 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 11:43:05.094885 0.604092 tcp 10.0.2.109 56320 -> 176.73.169.112 1959 FSPA* 0 0 14 1675 flow=From-Botnet-V1-TCP-Established 1970/02/09 11:45:29.564439 3.001447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 11:45:36.572009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:45:44.573467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:46:00.577398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:46:32.583994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:54:23.591916 3.002012 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 11:54:30.600072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:54:38.601310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:54:54.604394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:55:26.616498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 11:55:41.754914 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 11:55:41.755106 0.314648 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:55:42.098041 0.093959 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:55:42.409894 0.074514 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:55:42.465397 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 11:56:01.302652 0.053099 tcp 10.0.2.109 56321 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 11:56:01.356104 0.065384 tcp 10.0.2.109 56322 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 11:56:01.421833 0.157638 tcp 10.0.2.109 56323 -> 195.113.214.249 443 SRPA* 0 0 36 26969 flow=From-Botnet-V1-TCP-Established 1970/02/09 11:56:01.580070 0.052836 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:01.724249 0.217505 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:01.920301 0.166671 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:02.065731 0.239522 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:02.263594 0.127510 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:02.352399 0.285188 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:02.573151 0.069506 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:02.624215 0.343682 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:02.967420 0.172818 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:03.136623 0.177884 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:03.327691 0.377367 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:03.683763 0.168369 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:03.828147 0.352886 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:04.204899 0.341719 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:04.607734 0.387006 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:04.976930 0.336880 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:05.347026 0.325937 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:05.722764 0.479984 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:06.168266 0.402301 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2546 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:06.552081 0.085856 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:06.657937 0.083763 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:06.716906 0.708221 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:07.184382 0.168339 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/09 11:56:07.373151 0.226976 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:01:52.627777 3.001861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 12:01:59.635560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:02:07.636304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:02:23.640055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:02:55.646035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:09:05.661390 3.001197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 12:09:12.668269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:09:20.669562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:09:36.672459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:10:08.678732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:13:05.702903 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 12:13:05.703094 0.601929 tcp 10.0.2.109 56324 -> 176.73.169.112 1959 FSPA* 0 0 16 1759 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:16:16.690639 3.001184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 12:16:23.697829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:16:31.699467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:16:47.702066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:17:19.708507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:23:23.713982 3.001961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 12:23:30.721171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:23:38.722720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:23:54.726512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:24:26.732206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:26:19.675229 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 12:26:19.675367 0.404228 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:20.062077 0.311531 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:20.415203 0.093366 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:20.536064 0.072206 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:20.588096 0.054120 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:20.689351 0.234203 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:20.901939 0.170150 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:21.050996 0.242084 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:21.252323 0.121766 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:21.460542 0.350206 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:21.854727 0.263539 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:22.102551 0.066404 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:22.291441 0.236479 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:22.525405 0.179095 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:22.784028 0.379939 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:23.141896 0.167431 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:23.287395 0.349149 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:23.633061 0.337455 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:23.982257 0.389087 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:24.350063 0.346223 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:24.698590 0.327981 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:25.148688 0.250741 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:25.363286 0.093402 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:25.431963 0.404644 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:25.817730 0.075760 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:25.903910 0.208525 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:26.050724 0.750510 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:26:26.522725 0.174922 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:30:30.740280 3.076472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 12:30:37.787416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:30:45.756731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:31:01.760165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:31:33.766152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:37:37.773358 3.000593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 12:37:44.779748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:37:52.780748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:38:08.784446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:38:40.790415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:43:06.292501 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 12:43:06.292676 3.003559 tcp 10.0.2.109 56325 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:43:15.294984 0.000000 tcp 10.0.2.109 56325 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:43:21.295707 0.051841 tcp 10.0.2.109 56326 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:43:21.347845 0.064389 tcp 10.0.2.109 56327 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:43:21.412534 0.162931 tcp 10.0.2.109 56328 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:43:21.701334 2.997155 tcp 10.0.2.109 56329 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:43:30.706464 0.000000 tcp 10.0.2.109 56329 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:43:36.695997 0.052154 tcp 10.0.2.109 56330 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:43:36.748404 0.060700 tcp 10.0.2.109 56331 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:43:36.809441 0.153095 tcp 10.0.2.109 56332 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:43:36.988957 3.001444 tcp 10.0.2.109 56333 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:43:45.988957 0.000000 tcp 10.0.2.109 56333 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:43:51.988071 3.004068 tcp 10.0.2.109 56334 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:44:00.990798 0.000000 tcp 10.0.2.109 56334 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:44:44.796124 3.012113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 12:44:51.803716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:44:59.805162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:45:15.808399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:45:47.813769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:49:06.990848 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 12:49:06.991067 3.003859 tcp 10.0.2.109 56335 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:49:15.993772 0.000000 tcp 10.0.2.109 56335 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:49:21.993870 0.053447 tcp 10.0.2.109 56336 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:49:22.047627 0.064371 tcp 10.0.2.109 56337 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:49:22.112282 0.150639 tcp 10.0.2.109 56338 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:49:22.279114 3.007892 tcp 10.0.2.109 56339 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:49:31.285372 0.000000 tcp 10.0.2.109 56339 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:49:37.274722 0.052701 tcp 10.0.2.109 56340 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:49:37.327707 0.061885 tcp 10.0.2.109 56341 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:49:37.389840 0.156672 tcp 10.0.2.109 56342 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:49:37.595371 2.993441 tcp 10.0.2.109 56343 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:49:46.597434 0.000000 tcp 10.0.2.109 56343 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:49:52.595974 2.994515 tcp 10.0.2.109 56344 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:50:01.588955 0.000000 tcp 10.0.2.109 56344 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:54:01.826078 3.002668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 12:54:08.834756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:54:16.835832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:54:32.839281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:55:04.845147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 12:55:07.599465 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 12:55:07.599569 3.006327 tcp 10.0.2.109 56345 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:55:16.601707 0.000000 tcp 10.0.2.109 56345 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:55:22.604627 0.052996 tcp 10.0.2.109 56346 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:55:22.657891 0.061399 tcp 10.0.2.109 56347 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:55:22.719579 0.152258 tcp 10.0.2.109 56348 -> 195.113.214.249 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:55:23.046271 2.999319 tcp 10.0.2.109 56349 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:55:32.045710 0.000000 tcp 10.0.2.109 56349 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:55:38.043184 0.051700 tcp 10.0.2.109 56350 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:55:38.095225 0.061747 tcp 10.0.2.109 56351 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:55:38.157217 0.145764 tcp 10.0.2.109 56352 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/09 12:55:38.472626 2.995290 tcp 10.0.2.109 56353 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:55:47.480234 0.000000 tcp 10.0.2.109 56353 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:55:53.467885 2.991320 tcp 10.0.2.109 56354 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:56:02.458254 0.000000 tcp 10.0.2.109 56354 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 12:56:38.981030 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 12:56:38.981167 0.407417 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:39.370308 0.074936 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:39.450698 0.052493 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:39.544217 0.219333 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2559 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:39.740664 0.170287 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:39.885902 0.312289 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:40.234741 0.093577 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:40.350823 0.239107 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:40.548786 0.125093 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:40.655574 0.343750 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:40.997943 0.173890 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:41.167691 0.174984 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:41.312494 0.211217 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:41.497807 0.067294 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:41.568058 0.341351 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:41.887483 0.168719 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:42.033405 0.347287 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:42.376766 0.479015 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:42.856234 0.326982 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:43.222253 0.395921 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:43.598610 0.336794 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:43.943805 0.243712 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:44.151470 0.091104 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:44.245965 0.407248 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:44.632137 0.069739 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:44.733854 0.201564 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:44.881250 0.702302 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/09 12:56:45.344091 0.219472 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:01:08.468297 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 13:01:08.468523 3.003966 tcp 10.0.2.109 56355 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:01:08.851181 3.001746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 13:01:15.858570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:01:17.471027 0.000000 tcp 10.0.2.109 56355 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:01:23.471015 0.053353 tcp 10.0.2.109 56356 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:01:23.524609 0.063208 tcp 10.0.2.109 56357 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:01:23.588115 0.157034 tcp 10.0.2.109 56358 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:01:23.844624 2.999529 tcp 10.0.2.109 56359 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:01:23.860337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:01:32.842915 0.000000 tcp 10.0.2.109 56359 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:01:38.841960 0.051963 tcp 10.0.2.109 56360 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:01:38.894209 0.062186 tcp 10.0.2.109 56361 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:01:38.956645 0.164394 tcp 10.0.2.109 56362 -> 195.113.214.249 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:01:39.140428 3.005447 tcp 10.0.2.109 56363 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:01:39.862784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:01:48.145129 0.000000 tcp 10.0.2.109 56363 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:01:54.133639 2.994109 tcp 10.0.2.109 56364 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:02:03.136367 0.000000 tcp 10.0.2.109 56364 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:02:11.869141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:07:09.137199 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 13:07:09.137348 2.993387 tcp 10.0.2.109 56365 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:07:18.129283 0.000000 tcp 10.0.2.109 56365 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:07:24.140344 0.053563 tcp 10.0.2.109 56366 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:07:24.194273 0.061046 tcp 10.0.2.109 56367 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:07:24.255574 0.157648 tcp 10.0.2.109 56368 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:07:24.614513 2.998354 tcp 10.0.2.109 56369 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:07:33.611610 0.000000 tcp 10.0.2.109 56369 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:07:39.611025 0.052427 tcp 10.0.2.109 56370 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:07:39.663736 0.059911 tcp 10.0.2.109 56371 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:07:39.723948 0.164707 tcp 10.0.2.109 56372 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:07:40.025019 3.000113 tcp 10.0.2.109 56373 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:07:49.023955 0.000000 tcp 10.0.2.109 56373 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:07:55.022464 3.004123 tcp 10.0.2.109 56374 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:08:04.025348 0.000000 tcp 10.0.2.109 56374 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:08:30.877096 3.000984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 13:08:37.884011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:08:45.885454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:09:01.888657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:09:33.894036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:13:10.025883 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 13:13:10.026017 2.993403 tcp 10.0.2.109 56375 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:13:19.018463 0.000000 tcp 10.0.2.109 56375 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:13:25.032302 0.051659 tcp 10.0.2.109 56376 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:13:25.084195 0.065476 tcp 10.0.2.109 56377 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:13:25.149985 0.154822 tcp 10.0.2.109 56378 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:13:25.319990 2.993887 tcp 10.0.2.109 56379 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:13:34.310811 0.000000 tcp 10.0.2.109 56379 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:13:40.309616 0.054619 tcp 10.0.2.109 56380 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:13:40.364552 0.062065 tcp 10.0.2.109 56381 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:13:40.426556 0.160925 tcp 10.0.2.109 56382 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:13:40.599757 3.003884 tcp 10.0.2.109 56383 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:13:49.602319 0.000000 tcp 10.0.2.109 56383 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:13:55.600894 3.004169 tcp 10.0.2.109 56384 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:14:04.603786 0.000000 tcp 10.0.2.109 56384 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:15:37.900769 3.006990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 13:15:44.907815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:15:52.909554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:16:08.913044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:16:40.918547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:19:10.606340 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 13:19:10.606523 2.991459 tcp 10.0.2.109 56385 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:19:19.606695 0.000000 tcp 10.0.2.109 56385 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:19:25.610447 0.051375 tcp 10.0.2.109 56386 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:19:25.662253 0.061511 tcp 10.0.2.109 56387 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:19:25.724151 0.149515 tcp 10.0.2.109 56388 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:19:25.918857 2.991971 tcp 10.0.2.109 56389 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:19:34.908790 0.000000 tcp 10.0.2.109 56389 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:19:40.907803 0.050436 tcp 10.0.2.109 56390 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:19:40.958519 0.060611 tcp 10.0.2.109 56391 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:19:41.019420 0.158872 tcp 10.0.2.109 56392 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:19:41.252005 2.999910 tcp 10.0.2.109 56393 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:19:50.250690 0.000000 tcp 10.0.2.109 56393 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:19:56.249802 3.007319 tcp 10.0.2.109 56394 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:20:05.262569 0.000000 tcp 10.0.2.109 56394 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:22:44.928774 3.000883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 13:22:51.931987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:22:59.933615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:23:15.935936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:23:47.942680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:26:51.677206 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 13:26:51.677438 0.406843 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:52.066344 0.077430 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:52.325076 0.052617 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:52.455780 0.220049 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:52.652961 0.174528 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:52.810442 0.310516 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:53.279280 0.659624 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:53.900367 0.314661 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:54.217557 0.093301 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:54.318939 0.239736 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:54.520493 0.174818 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:54.692252 0.178960 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:54.967299 0.210582 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2564 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:55.128531 0.068738 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:55.227722 0.354027 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:55.558976 0.170042 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:55.704602 0.350485 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:56.184325 0.384996 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:56.264582 3.002709 tcp 10.0.2.109 56395 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:26:56.549755 0.329017 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:56.932619 0.325985 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:57.351561 0.345118 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:57.750797 0.375939 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:57.963830 0.162992 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:58.191096 0.449705 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:58.623780 0.577602 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:59.081683 0.168917 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:59.373121 0.075549 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:26:59.495960 0.224110 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:27:05.276143 0.000000 tcp 10.0.2.109 56395 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:27:11.266361 0.053067 tcp 10.0.2.109 56396 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:27:11.319667 0.062331 tcp 10.0.2.109 56397 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:27:11.382461 0.147638 tcp 10.0.2.109 56398 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:27:11.773528 2.996254 tcp 10.0.2.109 56399 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:27:20.768330 0.000000 tcp 10.0.2.109 56399 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:27:26.767800 0.052419 tcp 10.0.2.109 56400 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:27:26.820524 0.061600 tcp 10.0.2.109 56401 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:27:26.882363 0.156654 tcp 10.0.2.109 56402 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:27:27.139028 3.008222 tcp 10.0.2.109 56403 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:27:36.140937 0.000000 tcp 10.0.2.109 56403 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:27:42.139493 3.004200 tcp 10.0.2.109 56404 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:27:51.142173 0.000000 tcp 10.0.2.109 56404 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:29:51.949960 3.000919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 13:29:58.955911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:30:06.957479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:30:22.960856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:30:54.967063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:32:57.143078 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 13:32:57.143186 3.002989 tcp 10.0.2.109 56405 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:33:06.145154 0.000000 tcp 10.0.2.109 56405 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:33:12.145978 0.052500 tcp 10.0.2.109 56406 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:33:12.198745 0.062043 tcp 10.0.2.109 56407 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:33:12.261026 0.152892 tcp 10.0.2.109 56408 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:33:12.553187 2.999940 tcp 10.0.2.109 56409 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:33:21.557255 0.000000 tcp 10.0.2.109 56409 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:33:27.546329 0.051702 tcp 10.0.2.109 56410 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:33:27.598327 0.060825 tcp 10.0.2.109 56411 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:33:27.659443 0.154884 tcp 10.0.2.109 56412 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:33:27.918832 2.991805 tcp 10.0.2.109 56413 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:33:36.909207 0.000000 tcp 10.0.2.109 56413 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:33:42.919836 3.002563 tcp 10.0.2.109 56414 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:33:51.920976 0.000000 tcp 10.0.2.109 56414 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:36:58.973508 3.000844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 13:37:05.980112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:37:13.981649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:37:29.984450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:38:01.990054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:38:57.923654 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 13:38:57.923854 3.001402 tcp 10.0.2.109 56415 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:39:06.923507 0.000000 tcp 10.0.2.109 56415 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:39:12.924192 0.055053 tcp 10.0.2.109 56416 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:39:12.979580 0.066049 tcp 10.0.2.109 56417 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:39:13.045908 0.156980 tcp 10.0.2.109 56418 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:39:13.236337 3.004539 tcp 10.0.2.109 56419 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:39:22.235934 0.000000 tcp 10.0.2.109 56419 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:39:28.235191 0.052441 tcp 10.0.2.109 56420 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:39:28.287915 0.061597 tcp 10.0.2.109 56421 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:39:28.349810 0.170922 tcp 10.0.2.109 56422 -> 195.113.214.249 443 SRPA* 0 0 67 69796 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:39:28.559827 2.999479 tcp 10.0.2.109 56423 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:39:37.567937 0.000000 tcp 10.0.2.109 56423 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:39:43.556664 2.994044 tcp 10.0.2.109 56424 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:39:52.549463 0.000000 tcp 10.0.2.109 56424 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:44:05.999612 2.998550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 13:44:13.003659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:44:21.009520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:44:37.008395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:44:58.559854 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 13:44:58.559996 3.003541 tcp 10.0.2.109 56425 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:45:07.563717 0.000000 tcp 10.0.2.109 56425 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:45:09.014500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:45:13.563230 0.053280 tcp 10.0.2.109 56426 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:45:13.616787 0.064077 tcp 10.0.2.109 56427 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:45:13.681149 0.154946 tcp 10.0.2.109 56428 -> 195.113.214.249 443 SRPA* 0 0 68 69850 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:45:13.851281 3.005742 tcp 10.0.2.109 56429 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:45:22.854512 0.000000 tcp 10.0.2.109 56429 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:45:28.853643 0.052531 tcp 10.0.2.109 56430 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:45:28.906497 0.065647 tcp 10.0.2.109 56431 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:45:28.972453 0.150980 tcp 10.0.2.109 56432 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:45:29.163386 2.994346 tcp 10.0.2.109 56433 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:45:38.176281 0.000000 tcp 10.0.2.109 56433 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:45:44.165717 2.993422 tcp 10.0.2.109 56434 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:45:53.157959 0.000000 tcp 10.0.2.109 56434 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:53:34.023496 3.001572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 13:53:41.030872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:53:49.032175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:54:05.034999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:54:37.044970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 13:57:03.542663 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 13:57:03.542855 0.407450 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:03.931487 0.218285 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:04.127747 0.168338 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:04.272469 0.076547 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:04.329275 0.053464 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:04.599518 0.311318 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:04.934216 0.117937 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:05.014634 0.244017 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:05.213332 0.175492 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:05.625961 0.174093 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:05.772093 0.313949 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:06.102961 0.093525 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:06.356079 0.151047 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:06.496371 0.069037 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:06.648370 0.382378 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:07.010414 0.167220 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:07.415369 0.341591 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:07.839020 0.350533 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:08.185878 0.386987 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:08.552834 0.624605 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:09.142542 0.327774 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:09.599401 0.335039 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:09.935852 0.093236 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:10.003071 0.408629 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:10.388770 0.705788 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:10.835957 0.210700 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:10.987506 0.169693 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:11.154329 0.075331 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/09 13:57:14.207673 3.003667 tcp 10.0.2.109 56435 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:57:23.210340 0.000000 tcp 10.0.2.109 56435 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:57:29.210151 0.053038 tcp 10.0.2.109 56436 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:57:29.263450 0.064676 tcp 10.0.2.109 56437 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:57:29.328447 0.155239 tcp 10.0.2.109 56438 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:57:29.495038 2.998263 tcp 10.0.2.109 56439 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:57:38.491871 0.000000 tcp 10.0.2.109 56439 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:57:44.491095 0.056554 tcp 10.0.2.109 56440 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:57:44.547925 0.061401 tcp 10.0.2.109 56441 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:57:44.609615 0.150981 tcp 10.0.2.109 56442 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 13:57:44.795080 3.000067 tcp 10.0.2.109 56443 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:57:53.794058 0.000000 tcp 10.0.2.109 56443 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:57:59.792933 3.003557 tcp 10.0.2.109 56444 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 13:58:08.794900 0.000000 tcp 10.0.2.109 56444 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:00:41.047679 3.001046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 14:00:48.053979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:00:56.055972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:01:12.059141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:01:44.065121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:03:14.796126 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 14:03:14.796277 2.993475 tcp 10.0.2.109 56445 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:03:23.788481 0.000000 tcp 10.0.2.109 56445 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:03:29.798888 0.052587 tcp 10.0.2.109 56446 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:03:29.851719 0.061859 tcp 10.0.2.109 56447 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:03:29.913863 0.152490 tcp 10.0.2.109 56448 -> 195.113.214.249 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:03:30.108526 3.003413 tcp 10.0.2.109 56449 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:03:39.110772 0.000000 tcp 10.0.2.109 56449 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:03:45.109883 0.111930 tcp 10.0.2.109 56450 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:03:45.222321 0.061932 tcp 10.0.2.109 56451 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:03:45.284508 0.150716 tcp 10.0.2.109 56452 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:03:45.450723 2.985580 tcp 10.0.2.109 56453 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:03:54.402368 0.000000 tcp 10.0.2.109 56453 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:04:00.401317 3.004187 tcp 10.0.2.109 56454 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:04:09.404241 0.000000 tcp 10.0.2.109 56454 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:07:48.071292 3.001420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 14:07:55.078910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:08:03.080007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:08:19.083046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:08:51.089417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:09:15.404781 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 14:09:15.404947 2.993219 tcp 10.0.2.109 56455 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:09:24.409784 0.000000 tcp 10.0.2.109 56455 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:09:30.407675 0.052718 tcp 10.0.2.109 56456 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:09:30.460710 0.061800 tcp 10.0.2.109 56457 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:09:30.522808 0.155985 tcp 10.0.2.109 56458 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:09:30.806527 2.994095 tcp 10.0.2.109 56459 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:09:39.798816 0.000000 tcp 10.0.2.109 56459 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:09:45.807954 0.051755 tcp 10.0.2.109 56460 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:09:45.859983 0.064977 tcp 10.0.2.109 56461 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:09:45.925270 0.144892 tcp 10.0.2.109 56462 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:09:46.091355 3.001256 tcp 10.0.2.109 56463 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:09:55.091037 0.000000 tcp 10.0.2.109 56463 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:10:01.089880 3.005186 tcp 10.0.2.109 56464 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:10:10.098491 0.000000 tcp 10.0.2.109 56464 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:14:56.096355 3.001834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 14:15:03.103926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:15:11.105336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:15:16.093029 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 14:15:16.093203 3.003655 tcp 10.0.2.109 56465 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:15:25.095451 0.000000 tcp 10.0.2.109 56465 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:15:27.107817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:15:31.096594 0.055534 tcp 10.0.2.109 56466 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:15:31.152413 0.062152 tcp 10.0.2.109 56467 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:15:31.214856 0.151642 tcp 10.0.2.109 56468 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:15:31.376735 2.992110 tcp 10.0.2.109 56469 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:15:40.377367 0.000000 tcp 10.0.2.109 56469 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:15:46.376764 0.051880 tcp 10.0.2.109 56470 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:15:46.428929 0.061373 tcp 10.0.2.109 56471 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:15:46.490646 0.150979 tcp 10.0.2.109 56472 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:15:46.653112 2.997617 tcp 10.0.2.109 56473 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:15:55.649429 0.000000 tcp 10.0.2.109 56473 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:15:59.114700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:16:01.647874 3.004501 tcp 10.0.2.109 56474 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:16:10.651112 0.000000 tcp 10.0.2.109 56474 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:22:03.122586 3.002273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 14:22:10.139480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:22:18.138556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:22:34.142917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:23:06.148503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:27:25.120918 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 14:27:25.121108 0.259447 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:25.357244 0.402856 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:25.742469 0.219769 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:25.939949 0.073534 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:25.992796 0.052485 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:26.114355 0.310045 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:26.476188 0.122136 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:26.559438 0.237848 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:26.758000 0.330218 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:27.087680 0.093142 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:27.182235 0.228237 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:27.366791 0.181338 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:27.544935 0.174060 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:27.690710 0.067236 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:27.850274 0.372700 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:28.202323 0.167621 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:28.347013 0.394243 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:28.721884 0.330466 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:29.051076 0.354695 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:29.401811 0.342344 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:29.758696 0.250546 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:29.973067 0.325952 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2581 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:30.887605 0.088712 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:31.030512 0.404323 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:31.414878 0.700248 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:31.690543 3.007348 tcp 10.0.2.109 56475 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:27:31.875685 0.208629 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:32.061418 0.164515 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:32.223103 0.071943 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:27:40.693021 0.000000 tcp 10.0.2.109 56475 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:27:46.693229 0.053040 tcp 10.0.2.109 56476 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:27:46.746521 0.065229 tcp 10.0.2.109 56477 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:27:46.812081 0.148869 tcp 10.0.2.109 56478 -> 195.113.214.249 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:27:46.974772 3.001525 tcp 10.0.2.109 56479 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:27:55.975158 0.000000 tcp 10.0.2.109 56479 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:28:01.975993 0.052107 tcp 10.0.2.109 56480 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:28:02.028406 0.060774 tcp 10.0.2.109 56481 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:28:02.089483 0.153276 tcp 10.0.2.109 56482 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:28:02.258630 3.000165 tcp 10.0.2.109 56483 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:28:11.272525 0.000000 tcp 10.0.2.109 56483 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:28:17.256104 2.993835 tcp 10.0.2.109 56484 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:28:26.273173 0.000000 tcp 10.0.2.109 56484 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:29:10.157413 2.998732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 14:29:17.161748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:29:25.169510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:29:41.166976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:30:13.172536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:33:32.259106 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 14:33:32.259323 3.003495 tcp 10.0.2.109 56485 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:33:41.261426 0.000000 tcp 10.0.2.109 56485 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:33:47.263115 0.053433 tcp 10.0.2.109 56486 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:33:47.316784 0.061388 tcp 10.0.2.109 56487 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:33:47.378446 0.149428 tcp 10.0.2.109 56488 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:33:49.613250 2.995493 tcp 10.0.2.109 56489 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:33:58.616624 0.000000 tcp 10.0.2.109 56489 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:34:04.605625 0.053308 tcp 10.0.2.109 56490 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:34:04.659205 0.061652 tcp 10.0.2.109 56491 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:34:04.721119 0.148436 tcp 10.0.2.109 56492 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:34:04.916842 2.996013 tcp 10.0.2.109 56493 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:34:13.908675 0.000000 tcp 10.0.2.109 56493 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:34:19.928953 2.985816 tcp 10.0.2.109 56494 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:34:28.910008 0.000000 tcp 10.0.2.109 56494 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:36:17.179067 3.000848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 14:36:24.185920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:36:32.187235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:36:48.190534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:37:20.196633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:39:34.920670 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 14:39:34.920951 3.003580 tcp 10.0.2.109 56495 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:39:43.923093 0.000000 tcp 10.0.2.109 56495 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:39:49.925615 0.055777 tcp 10.0.2.109 56496 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:39:49.981702 0.061931 tcp 10.0.2.109 56497 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:39:50.043948 0.149095 tcp 10.0.2.109 56498 -> 195.113.214.249 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:39:50.248457 2.998221 tcp 10.0.2.109 56499 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:39:59.247190 0.000000 tcp 10.0.2.109 56499 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:40:05.244321 0.051638 tcp 10.0.2.109 56500 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:40:05.296251 0.068267 tcp 10.0.2.109 56501 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:40:05.365038 0.148211 tcp 10.0.2.109 56502 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:40:05.886021 2.992704 tcp 10.0.2.109 56503 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:40:14.876933 0.000000 tcp 10.0.2.109 56503 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:40:20.876309 2.994510 tcp 10.0.2.109 56504 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:40:29.868903 0.000000 tcp 10.0.2.109 56504 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:43:24.203367 3.000878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 14:43:31.209564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:43:39.211336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:43:55.214594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:44:27.220963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:45:35.879519 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 14:45:35.879693 3.003776 tcp 10.0.2.109 56505 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:45:44.881540 0.000000 tcp 10.0.2.109 56505 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:45:50.882117 0.052536 tcp 10.0.2.109 56506 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:45:50.934920 0.060575 tcp 10.0.2.109 56507 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:45:50.995789 0.152449 tcp 10.0.2.109 56508 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:45:51.263940 3.001447 tcp 10.0.2.109 56509 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:46:00.264575 0.000000 tcp 10.0.2.109 56509 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:46:06.263451 0.052822 tcp 10.0.2.109 56510 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:46:06.316546 0.064232 tcp 10.0.2.109 56511 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:46:06.381149 0.151788 tcp 10.0.2.109 56512 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:46:06.686846 3.000843 tcp 10.0.2.109 56513 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:46:15.696224 0.000000 tcp 10.0.2.109 56513 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:46:21.685201 2.993924 tcp 10.0.2.109 56514 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:46:30.677590 0.000000 tcp 10.0.2.109 56514 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:50:31.226786 3.001731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 14:50:38.239355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:50:46.235324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:51:02.238444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:51:34.249414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:57:38.251243 3.000581 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 14:57:45.257661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:57:53.260794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:57:54.901241 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 14:57:54.901368 0.219120 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:55.098021 0.074448 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:55.208457 0.166815 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:55.353028 0.408424 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:55.742369 0.054018 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:55.802483 0.310321 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:56.111310 0.122811 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:56.192823 0.241075 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:56.394283 0.323202 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:56.742673 0.174109 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:56.912932 0.172519 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:57.214775 0.064210 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:57.264566 0.093890 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:57.366932 0.225336 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:57.538692 0.387751 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:58.050941 0.166430 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:58.196633 0.385682 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:58.562132 0.328464 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:58.914580 0.949036 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:57:59.826953 0.349296 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:58:00.172806 0.440273 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2033 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:58:00.646921 0.324826 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:58:00.980588 0.091380 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:58:01.048872 0.406754 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:58:01.436696 0.572079 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:58:01.889134 0.227584 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:58:02.046228 0.168875 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:58:02.242698 0.076008 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/09 14:58:06.729530 3.013416 tcp 10.0.2.109 56515 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:58:09.264575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:58:15.732605 0.000000 tcp 10.0.2.109 56515 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:58:21.732535 0.052965 tcp 10.0.2.109 56516 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:58:21.785822 0.061146 tcp 10.0.2.109 56517 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:58:21.847215 0.149776 tcp 10.0.2.109 56518 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:58:22.083755 3.002894 tcp 10.0.2.109 56519 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:58:31.083783 0.000000 tcp 10.0.2.109 56519 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:58:37.082959 0.052510 tcp 10.0.2.109 56520 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:58:37.135806 0.065190 tcp 10.0.2.109 56521 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:58:37.201277 0.150102 tcp 10.0.2.109 56522 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 14:58:37.396130 3.001033 tcp 10.0.2.109 56523 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:58:41.268237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 14:58:46.395867 0.000000 tcp 10.0.2.109 56523 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:58:52.394897 2.998048 tcp 10.0.2.109 56524 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 14:59:01.397034 0.000000 tcp 10.0.2.109 56524 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:04:07.397842 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 15:04:07.397992 3.003416 tcp 10.0.2.109 56525 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:04:16.400046 0.000000 tcp 10.0.2.109 56525 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:04:22.407190 0.053048 tcp 10.0.2.109 56526 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:04:22.460516 0.060789 tcp 10.0.2.109 56527 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:04:22.521603 0.151804 tcp 10.0.2.109 56528 -> 195.113.214.249 443 SRPA* 0 0 32 17198 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:04:22.851535 2.992913 tcp 10.0.2.109 56529 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:04:31.842394 0.000000 tcp 10.0.2.109 56529 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:04:37.841442 0.051504 tcp 10.0.2.109 56530 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:04:37.893203 0.060173 tcp 10.0.2.109 56531 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:04:37.953673 0.148732 tcp 10.0.2.109 56532 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:04:38.601082 3.004947 tcp 10.0.2.109 56533 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:04:47.871777 0.000000 tcp 10.0.2.109 56533 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:04:53.804291 2.963812 tcp 10.0.2.109 56534 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:05:01.425550 2.973440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 15:05:02.718851 0.000000 tcp 10.0.2.109 56534 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:05:08.367520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:05:16.296414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:05:32.299313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:06:04.305146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:10:08.596845 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 15:10:08.597039 2.993816 tcp 10.0.2.109 56535 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:10:17.589534 0.000000 tcp 10.0.2.109 56535 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:10:23.599600 0.052139 tcp 10.0.2.109 56536 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:10:23.651971 0.064296 tcp 10.0.2.109 56537 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:10:23.716577 0.153961 tcp 10.0.2.109 56538 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:10:24.395424 2.998060 tcp 10.0.2.109 56539 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:10:33.392127 0.000000 tcp 10.0.2.109 56539 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:10:39.391674 0.050983 tcp 10.0.2.109 56540 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:10:39.442942 0.061823 tcp 10.0.2.109 56541 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:10:39.505132 0.151323 tcp 10.0.2.109 56542 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:10:39.927461 3.008365 tcp 10.0.2.109 56543 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:10:48.934477 0.000000 tcp 10.0.2.109 56543 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:10:54.923272 3.003555 tcp 10.0.2.109 56544 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:11:03.936015 0.000000 tcp 10.0.2.109 56544 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:12:19.321105 2.997594 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 15:12:26.328047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:12:34.326481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:12:50.328939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:13:22.335215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:16:09.926300 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 15:16:09.926513 2.993720 tcp 10.0.2.109 56545 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:16:18.918743 0.000000 tcp 10.0.2.109 56545 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:16:24.931437 0.052000 tcp 10.0.2.109 56546 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:16:24.983683 0.060974 tcp 10.0.2.109 56547 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:16:25.044978 0.146257 tcp 10.0.2.109 56548 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:16:25.355096 2.997241 tcp 10.0.2.109 56549 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:16:34.351013 0.000000 tcp 10.0.2.109 56549 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:16:40.351154 0.052523 tcp 10.0.2.109 56550 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:16:40.403980 0.060717 tcp 10.0.2.109 56551 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:16:40.464975 0.148114 tcp 10.0.2.109 56552 -> 195.113.214.249 443 SRPA* 0 0 40 33316 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:16:40.692986 3.001813 tcp 10.0.2.109 56553 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:16:49.692486 0.000000 tcp 10.0.2.109 56553 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:16:55.691699 3.004285 tcp 10.0.2.109 56554 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:17:04.694596 0.000000 tcp 10.0.2.109 56554 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:19:26.340936 3.002068 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 15:19:33.348342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:19:41.349989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:19:57.352826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:20:29.358930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:26:33.364379 3.003131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 15:26:40.373143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:26:48.374185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:27:04.376922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:27:36.382945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:28:19.324979 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 15:28:19.325090 0.169524 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:19.470671 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 15:28:25.734201 2.994093 tcp 10.0.2.109 56555 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:28:34.753774 0.000000 tcp 10.0.2.109 56555 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:28:36.558953 0.052420 tcp 10.0.2.109 56556 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:28:36.611650 0.063807 tcp 10.0.2.109 56557 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:28:36.675791 0.147201 tcp 10.0.2.109 56558 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:28:36.823518 0.055458 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:36.939695 0.308936 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:37.270997 0.117535 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:37.350881 0.235932 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:37.548240 0.218085 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:38.041695 0.073911 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:38.098332 0.349139 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:38.447003 0.171651 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:38.614858 0.172922 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:38.758496 0.067289 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:38.810585 0.093356 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:38.938596 0.237291 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:39.121882 0.351668 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:39.453617 0.325247 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:39.879141 0.165985 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:40.024305 0.382348 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:40.388501 0.251841 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:40.605095 0.353159 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:40.745157 0.052278 tcp 10.0.2.109 56559 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:28:40.797700 0.062356 tcp 10.0.2.109 56560 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:28:40.860393 0.154598 tcp 10.0.2.109 56561 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:28:40.954555 0.339017 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:41.122613 2.977998 tcp 10.0.2.109 56562 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:28:41.293518 0.326602 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:41.722158 0.087863 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:41.786182 0.175127 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:41.995635 0.165298 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:42.157954 0.075538 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:42.307069 0.411260 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:42.696125 0.736398 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:28:50.099047 0.000000 tcp 10.0.2.109 56562 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:33:40.389322 3.001455 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 15:33:47.396451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:33:55.397987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:33:56.109301 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 15:33:56.109428 3.003786 tcp 10.0.2.109 56563 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:34:05.111547 0.000000 tcp 10.0.2.109 56563 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:34:11.112470 0.053795 tcp 10.0.2.109 56564 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:34:11.166543 0.062941 tcp 10.0.2.109 56565 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:34:11.229772 0.155908 tcp 10.0.2.109 56566 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:34:11.401283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:34:11.426709 2.998553 tcp 10.0.2.109 56567 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:34:20.423861 0.000000 tcp 10.0.2.109 56567 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:34:26.428103 0.051958 tcp 10.0.2.109 56568 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:34:26.480346 0.061162 tcp 10.0.2.109 56569 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:34:26.541764 0.151869 tcp 10.0.2.109 56570 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:34:26.784136 3.002508 tcp 10.0.2.109 56571 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:34:35.785496 0.000000 tcp 10.0.2.109 56571 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:34:41.775077 2.993785 tcp 10.0.2.109 56572 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:34:43.406856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:34:50.777384 0.000000 tcp 10.0.2.109 56572 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:39:56.778322 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 15:39:56.778514 3.004944 tcp 10.0.2.109 56573 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:40:05.780454 0.000000 tcp 10.0.2.109 56573 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:40:11.780783 0.051576 tcp 10.0.2.109 56574 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:40:11.832638 0.060030 tcp 10.0.2.109 56575 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:40:11.892933 0.153365 tcp 10.0.2.109 56576 -> 195.113.214.249 443 SRPA* 0 0 29 12154 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:40:12.242784 3.001217 tcp 10.0.2.109 56577 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:40:21.242903 0.000000 tcp 10.0.2.109 56577 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:40:27.241716 0.125520 tcp 10.0.2.109 56578 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:40:27.367504 0.059872 tcp 10.0.2.109 56579 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:40:27.427702 0.149370 tcp 10.0.2.109 56580 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:40:27.784646 3.001706 tcp 10.0.2.109 56581 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:40:36.784580 0.000000 tcp 10.0.2.109 56581 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:40:42.783987 2.993731 tcp 10.0.2.109 56582 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:40:47.413706 3.001036 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 15:40:51.786459 0.000000 tcp 10.0.2.109 56582 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:40:54.421078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:41:02.421942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:41:18.425133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:41:50.431401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:45:57.786463 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 15:45:57.786558 2.994102 tcp 10.0.2.109 56583 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:46:06.779455 0.000000 tcp 10.0.2.109 56583 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:46:12.790189 0.051680 tcp 10.0.2.109 56584 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:46:12.842217 0.060648 tcp 10.0.2.109 56585 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:46:12.903145 0.149577 tcp 10.0.2.109 56586 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:46:13.087844 3.009480 tcp 10.0.2.109 56587 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:46:22.091192 0.000000 tcp 10.0.2.109 56587 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:46:28.081916 0.051520 tcp 10.0.2.109 56588 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:46:28.133778 0.061938 tcp 10.0.2.109 56589 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:46:28.195986 0.153017 tcp 10.0.2.109 56590 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:46:28.574101 3.000560 tcp 10.0.2.109 56591 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:46:37.573557 0.000000 tcp 10.0.2.109 56591 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:46:43.572042 3.004541 tcp 10.0.2.109 56592 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:46:52.575831 0.000000 tcp 10.0.2.109 56592 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:47:54.436436 3.002287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 15:48:01.444615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:48:09.446242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:48:25.448941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:48:57.454853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:51:58.575713 0.039328 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 15:51:58.615209 2.966604 tcp 10.0.2.109 56593 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:52:07.568776 0.000000 tcp 10.0.2.109 56593 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:52:13.588062 0.103853 tcp 10.0.2.109 56594 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:52:13.692200 0.061477 tcp 10.0.2.109 56595 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:52:13.753940 0.144336 tcp 10.0.2.109 56596 -> 195.113.214.249 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:52:13.986487 2.995292 tcp 10.0.2.109 56597 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:52:22.980402 0.000000 tcp 10.0.2.109 56597 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:52:28.979453 0.051967 tcp 10.0.2.109 56598 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:52:29.031710 0.061170 tcp 10.0.2.109 56599 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:52:29.093171 0.151013 tcp 10.0.2.109 56600 -> 195.113.214.249 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:52:29.267997 3.005625 tcp 10.0.2.109 56601 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:52:38.392844 0.000000 tcp 10.0.2.109 56601 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:52:44.330174 2.977838 tcp 10.0.2.109 56602 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:52:53.263961 0.000000 tcp 10.0.2.109 56602 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:55:34.472146 2.998140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 15:55:41.481629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:55:49.477079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:56:05.485393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:56:37.486933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 15:58:56.636322 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 15:58:56.636474 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 15:59:12.600835 0.051799 tcp 10.0.2.109 56603 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:59:12.652883 0.060490 tcp 10.0.2.109 56604 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:59:12.713677 0.157189 tcp 10.0.2.109 56605 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:59:12.871477 0.167225 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:13.014949 0.051815 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:13.144373 0.309623 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:13.502889 0.232150 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:13.821794 0.242736 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:14.020037 0.220481 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:14.297114 2.998847 tcp 10.0.2.109 56606 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:59:14.316693 0.072504 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:14.368948 0.203945 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:14.544683 0.067807 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:14.596521 0.093109 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:14.763683 0.336681 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:15.099959 0.178700 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:15.275976 0.261821 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:15.502487 0.347985 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:15.831235 0.336874 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:16.255218 0.167540 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:16.399638 0.351070 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:16.816931 0.383468 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:17.179472 0.424313 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:17.567622 0.344225 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:18.071611 0.326044 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:18.528136 0.082694 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:18.644311 0.286238 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:18.883581 0.414493 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:19.278585 0.166980 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:19.442147 0.075381 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:19.557791 0.683277 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 1935 flow=From-Botnet-V1-UDP-Established 1970/02/09 15:59:23.298514 0.000000 tcp 10.0.2.109 56606 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:59:29.293857 0.053158 tcp 10.0.2.109 56607 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:59:29.347318 0.061056 tcp 10.0.2.109 56608 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:59:29.408705 0.150981 tcp 10.0.2.109 56609 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:59:29.688862 2.999072 tcp 10.0.2.109 56610 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:59:38.696210 0.000000 tcp 10.0.2.109 56610 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:59:44.685947 0.051712 tcp 10.0.2.109 56611 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:59:44.737950 0.062077 tcp 10.0.2.109 56612 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:59:44.800367 0.149040 tcp 10.0.2.109 56613 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 15:59:45.147508 2.998195 tcp 10.0.2.109 56614 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 15:59:54.138956 0.000000 tcp 10.0.2.109 56614 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:00:00.148619 3.003699 tcp 10.0.2.109 56615 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:00:09.150693 0.000000 tcp 10.0.2.109 56615 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:02:44.496512 3.002094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 16:02:51.504386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:02:59.507796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:03:15.508528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:03:47.514629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:05:15.161192 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 16:05:15.161293 3.003520 tcp 10.0.2.109 56616 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:05:24.163654 0.000000 tcp 10.0.2.109 56616 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:05:30.163863 0.052693 tcp 10.0.2.109 56617 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:05:30.216870 0.060891 tcp 10.0.2.109 56618 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:05:30.278029 0.147845 tcp 10.0.2.109 56619 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:05:30.449914 3.006905 tcp 10.0.2.109 56620 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:05:39.459528 0.000000 tcp 10.0.2.109 56620 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:05:45.450480 0.051743 tcp 10.0.2.109 56621 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:05:45.502504 0.062183 tcp 10.0.2.109 56622 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:05:45.565006 0.153516 tcp 10.0.2.109 56623 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:05:45.950508 2.988488 tcp 10.0.2.109 56624 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:05:54.937577 0.000000 tcp 10.0.2.109 56624 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:06:00.945882 2.994925 tcp 10.0.2.109 56625 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:06:09.944539 0.000000 tcp 10.0.2.109 56625 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:09:51.520587 3.001816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 16:09:58.527909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:10:06.613492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:10:22.532549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:10:54.543187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:11:15.950027 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 16:11:15.950205 3.003377 tcp 10.0.2.109 56626 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:11:24.951777 0.000000 tcp 10.0.2.109 56626 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:11:31.468836 0.052451 tcp 10.0.2.109 56627 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:11:31.521537 0.063111 tcp 10.0.2.109 56628 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:11:31.584985 0.148896 tcp 10.0.2.109 56629 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:11:31.772791 2.967506 tcp 10.0.2.109 56630 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:11:40.669287 0.000000 tcp 10.0.2.109 56630 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:11:46.588802 0.052672 tcp 10.0.2.109 56631 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:11:46.641738 0.062603 tcp 10.0.2.109 56632 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:11:46.704619 0.152899 tcp 10.0.2.109 56633 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:11:47.152241 2.956964 tcp 10.0.2.109 56634 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:11:56.044197 0.000000 tcp 10.0.2.109 56634 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:12:01.970792 2.965734 tcp 10.0.2.109 56635 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:12:10.859144 0.000000 tcp 10.0.2.109 56635 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:16:58.544888 3.001191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 16:17:05.553083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:17:13.553462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:17:16.828558 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 16:17:16.828651 3.003818 tcp 10.0.2.109 56636 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:17:25.831106 0.000000 tcp 10.0.2.109 56636 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:17:29.556164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:17:31.831995 0.052234 tcp 10.0.2.109 56637 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:17:31.884501 0.062167 tcp 10.0.2.109 56638 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:17:31.946954 0.156965 tcp 10.0.2.109 56639 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:17:32.337545 3.007204 tcp 10.0.2.109 56640 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:17:41.343725 0.000000 tcp 10.0.2.109 56640 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:17:47.332803 0.052037 tcp 10.0.2.109 56641 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:17:47.385112 0.062120 tcp 10.0.2.109 56642 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:17:47.447492 0.153140 tcp 10.0.2.109 56643 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:17:47.973469 3.004929 tcp 10.0.2.109 56644 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:17:56.975648 0.000000 tcp 10.0.2.109 56644 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:18:01.562587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:18:02.974875 2.993991 tcp 10.0.2.109 56645 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:18:11.977016 0.000000 tcp 10.0.2.109 56645 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:24:05.567940 3.002242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 16:24:12.575262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:24:20.577243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:24:36.580415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:25:08.596080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:29:30.242933 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 16:29:30.243134 0.167112 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:30.386905 0.052593 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:30.527147 0.311177 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:30.836501 0.124143 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:30.921527 0.243262 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:31.122986 0.212245 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:31.509454 0.074064 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:31.606577 0.311201 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:32.118376 0.066436 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:32.169724 0.240448 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:32.407535 0.093247 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:32.530755 0.343050 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:32.873527 0.147444 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:33.012757 0.349092 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:33.016910 2.993926 tcp 10.0.2.109 56646 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:29:34.048639 0.328361 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:34.463815 0.166760 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:34.608928 0.353478 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:34.958596 0.394364 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:35.332096 0.257389 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:35.552482 0.344544 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:36.170023 0.324892 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:36.718200 0.092343 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:36.778281 0.166782 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:36.975184 0.298541 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:37.218403 0.406251 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:37.602871 0.075334 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:37.705813 0.735989 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:29:42.009668 0.000000 tcp 10.0.2.109 56646 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:29:48.020145 0.053540 tcp 10.0.2.109 56647 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:29:48.073988 0.060144 tcp 10.0.2.109 56648 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:29:48.134455 0.153645 tcp 10.0.2.109 56649 -> 195.113.214.249 443 SRPA* 0 0 35 18388 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:29:48.356330 2.996663 tcp 10.0.2.109 56650 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:29:57.351977 0.000000 tcp 10.0.2.109 56650 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:30:03.351860 0.051733 tcp 10.0.2.109 56651 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:30:03.403985 0.062213 tcp 10.0.2.109 56652 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:30:03.466490 0.146413 tcp 10.0.2.109 56653 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:30:04.051801 3.003657 tcp 10.0.2.109 56654 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:30:13.054015 0.000000 tcp 10.0.2.109 56654 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:30:19.052907 3.004338 tcp 10.0.2.109 56655 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:30:28.058522 0.000000 tcp 10.0.2.109 56655 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:31:12.602535 3.001289 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 16:31:19.609818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:31:27.611272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:31:43.614546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:32:15.620319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:35:34.056469 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 16:35:34.056628 2.993321 tcp 10.0.2.109 56656 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:35:43.048501 0.000000 tcp 10.0.2.109 56656 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:35:49.059582 0.052652 tcp 10.0.2.109 56657 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:35:49.112504 0.064214 tcp 10.0.2.109 56658 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:35:49.176980 0.152368 tcp 10.0.2.109 56659 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:35:49.411689 3.000423 tcp 10.0.2.109 56660 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:35:58.412249 0.000000 tcp 10.0.2.109 56660 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:36:04.409961 0.052190 tcp 10.0.2.109 56661 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:36:04.462455 0.063335 tcp 10.0.2.109 56662 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:36:04.526083 0.149166 tcp 10.0.2.109 56663 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:36:04.709184 3.008148 tcp 10.0.2.109 56664 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:36:13.718404 0.000000 tcp 10.0.2.109 56664 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:36:19.708993 2.996484 tcp 10.0.2.109 56665 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:36:28.704184 0.000000 tcp 10.0.2.109 56665 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:38:19.627642 3.000906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 16:38:26.633697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:38:34.639111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:38:50.638476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:39:22.644383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:41:34.704079 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 16:41:34.704245 2.994650 tcp 10.0.2.109 56666 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:41:43.706732 0.000000 tcp 10.0.2.109 56666 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:41:49.707213 0.053410 tcp 10.0.2.109 56667 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:41:49.760858 0.059863 tcp 10.0.2.109 56668 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:41:49.821007 0.148750 tcp 10.0.2.109 56669 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:41:49.978441 3.002382 tcp 10.0.2.109 56670 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:41:58.978965 0.000000 tcp 10.0.2.109 56670 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:42:04.978505 0.051841 tcp 10.0.2.109 56671 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:42:05.030624 0.064864 tcp 10.0.2.109 56672 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:42:05.095772 0.152204 tcp 10.0.2.109 56673 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:42:05.288839 3.003709 tcp 10.0.2.109 56674 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:42:14.291665 0.000000 tcp 10.0.2.109 56674 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:42:20.289934 3.004384 tcp 10.0.2.109 56675 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:42:29.292746 0.000000 tcp 10.0.2.109 56675 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:45:26.650063 3.001413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 16:45:33.657896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:45:41.659272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:45:57.662344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:46:29.668792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:47:35.293389 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 16:47:35.293498 3.003690 tcp 10.0.2.109 56676 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:47:44.295846 0.000000 tcp 10.0.2.109 56676 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:47:50.296201 0.052153 tcp 10.0.2.109 56677 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:47:50.348646 0.061976 tcp 10.0.2.109 56678 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:47:50.410904 0.147443 tcp 10.0.2.109 56679 -> 195.113.214.249 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:47:50.574409 2.994426 tcp 10.0.2.109 56680 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:47:59.577818 0.000000 tcp 10.0.2.109 56680 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:48:05.576816 0.051458 tcp 10.0.2.109 56681 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:48:05.628534 0.068346 tcp 10.0.2.109 56682 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:48:05.697179 0.150197 tcp 10.0.2.109 56683 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/09 16:48:05.857536 3.003441 tcp 10.0.2.109 56684 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:48:14.859989 0.000000 tcp 10.0.2.109 56684 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:48:20.858955 3.003598 tcp 10.0.2.109 56685 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:48:29.861426 0.000000 tcp 10.0.2.109 56685 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:54:21.679923 3.028426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 16:54:28.697115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:54:36.698534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:54:52.714933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:55:24.709748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 16:59:45.773377 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 16:59:45.773478 0.310963 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:46.082309 0.167289 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:46.336865 0.053174 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:46.403312 0.127079 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:46.495660 0.242033 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:46.693919 0.216686 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:47.180436 0.074202 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:47.235158 0.173283 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:47.446232 0.105578 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:47.738713 0.344300 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:48.082515 0.477141 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:48.590573 0.063655 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:48.639384 0.148223 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:48.861855 0.348722 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:49.189319 0.330119 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2576 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:49.519066 0.167543 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:49.664481 0.249200 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:49.932695 0.339533 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:50.510219 0.354118 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:50.860381 0.385030 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:50.910617 3.004268 tcp 10.0.2.109 56686 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 16:59:51.225282 0.326993 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:51.598550 0.091076 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:51.669952 0.403595 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:52.057133 0.072023 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:52.437137 0.166205 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:52.600232 0.382279 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:52.950835 0.692563 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/09 16:59:59.914544 0.000000 tcp 10.0.2.109 56686 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:00:05.914668 0.051799 tcp 10.0.2.109 56687 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:00:05.966752 0.059606 tcp 10.0.2.109 56688 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:00:06.026674 0.156510 tcp 10.0.2.109 56689 -> 195.113.214.249 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:00:06.244685 3.001755 tcp 10.0.2.109 56690 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:00:15.245349 0.000000 tcp 10.0.2.109 56690 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:00:21.244500 0.051545 tcp 10.0.2.109 56691 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:00:21.296309 0.060848 tcp 10.0.2.109 56692 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:00:21.357453 0.147966 tcp 10.0.2.109 56693 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:00:21.595632 2.993173 tcp 10.0.2.109 56694 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:00:30.597461 0.000000 tcp 10.0.2.109 56694 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:00:36.595843 2.994630 tcp 10.0.2.109 56695 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:00:45.588852 0.000000 tcp 10.0.2.109 56695 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:01:50.724341 3.002052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 17:01:57.732047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:02:05.733878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:02:21.736576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:02:53.743296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:05:51.599499 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 17:05:51.599598 3.003490 tcp 10.0.2.109 56696 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:06:00.601967 0.000000 tcp 10.0.2.109 56696 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:06:06.602518 0.053527 tcp 10.0.2.109 56697 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:06:06.656287 0.064663 tcp 10.0.2.109 56698 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:06:06.721263 0.149270 tcp 10.0.2.109 56699 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:06:07.071704 3.003746 tcp 10.0.2.109 56700 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:06:16.074293 0.000000 tcp 10.0.2.109 56700 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:06:22.073364 0.051534 tcp 10.0.2.109 56701 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:06:22.125207 0.059952 tcp 10.0.2.109 56702 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:06:22.185418 0.151470 tcp 10.0.2.109 56703 -> 195.113.214.249 443 SRPA* 0 0 70 69958 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:06:22.535791 2.991981 tcp 10.0.2.109 56704 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:06:31.536367 0.000000 tcp 10.0.2.109 56704 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:06:37.535172 2.995647 tcp 10.0.2.109 56705 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:06:46.527765 0.000000 tcp 10.0.2.109 56705 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:09:03.757168 3.001822 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 17:09:10.765066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:09:18.766643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:09:34.770293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:10:06.785708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:11:52.538377 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 17:11:52.538598 3.003723 tcp 10.0.2.109 56706 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:12:01.540730 0.000000 tcp 10.0.2.109 56706 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:12:07.541045 0.053510 tcp 10.0.2.109 56707 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:12:07.594922 0.059863 tcp 10.0.2.109 56708 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:12:07.655076 0.152967 tcp 10.0.2.109 56709 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:12:07.879526 2.994995 tcp 10.0.2.109 56710 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:12:16.873391 0.000000 tcp 10.0.2.109 56710 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:12:22.872643 0.050972 tcp 10.0.2.109 56711 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:12:22.923923 0.060375 tcp 10.0.2.109 56712 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:12:22.984605 0.154325 tcp 10.0.2.109 56713 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:12:23.276116 3.000280 tcp 10.0.2.109 56714 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:12:32.275205 0.000000 tcp 10.0.2.109 56714 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:12:38.273883 2.993966 tcp 10.0.2.109 56715 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:12:47.276691 0.000000 tcp 10.0.2.109 56715 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:16:15.800311 2.999896 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 17:16:22.806852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:16:30.808334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:16:46.815244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:17:18.816407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:17:53.277330 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 17:17:53.277427 2.993413 tcp 10.0.2.109 56716 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:18:02.269460 0.000000 tcp 10.0.2.109 56716 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:18:08.280104 0.053034 tcp 10.0.2.109 56717 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:18:08.333474 0.060123 tcp 10.0.2.109 56718 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:18:08.393886 0.153880 tcp 10.0.2.109 56719 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:18:08.613359 2.999315 tcp 10.0.2.109 56720 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:18:17.611475 0.000000 tcp 10.0.2.109 56720 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:18:23.611119 0.052726 tcp 10.0.2.109 56721 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:18:23.664146 0.061708 tcp 10.0.2.109 56722 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:18:23.726191 0.152801 tcp 10.0.2.109 56723 -> 195.113.214.249 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:18:23.889548 3.005407 tcp 10.0.2.109 56724 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:18:32.893608 0.000000 tcp 10.0.2.109 56724 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:18:38.882685 3.003232 tcp 10.0.2.109 56725 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:18:47.885083 0.000000 tcp 10.0.2.109 56725 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:23:25.827729 3.001218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 17:23:32.834875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:23:40.845988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:23:56.849469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:24:28.854980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:30:12.519739 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 17:30:12.519912 0.311815 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:12.925304 0.117262 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:13.002214 0.244312 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:13.205086 0.166251 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:13.347155 0.052001 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 1913 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:13.537206 0.219118 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:13.735546 0.069923 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:13.806739 0.177345 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:13.981370 0.093109 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:14.094784 0.336375 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:14.462822 0.176522 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:14.610753 0.068187 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:14.764688 0.159911 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:14.910996 0.386300 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:15.276952 0.244381 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:15.489693 0.336146 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:15.856742 0.169974 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:16.003167 0.336144 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:16.363135 0.349547 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:16.708871 0.383831 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:17.072603 0.327752 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:17.453735 0.087201 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:17.516318 0.168826 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:17.681964 0.406277 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:18.066746 0.071147 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:18.172031 0.353373 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:18.476047 0.699299 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/09 17:30:23.926252 2.993809 tcp 10.0.2.109 56726 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:30:32.861590 3.001427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 17:30:32.918762 0.000000 tcp 10.0.2.109 56726 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:30:38.928999 0.052553 tcp 10.0.2.109 56727 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:30:38.981836 0.059973 tcp 10.0.2.109 56728 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:30:39.042264 0.153726 tcp 10.0.2.109 56729 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:30:39.205422 2.996745 tcp 10.0.2.109 56730 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:30:39.869254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:30:47.869642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:30:48.200958 0.000000 tcp 10.0.2.109 56730 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:30:54.200131 0.051266 tcp 10.0.2.109 56731 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:30:54.251668 0.061386 tcp 10.0.2.109 56732 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:30:54.313321 0.151111 tcp 10.0.2.109 56733 -> 195.113.214.249 443 SRPA* 0 0 35 19016 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:30:54.489934 3.003960 tcp 10.0.2.109 56734 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:31:03.492692 0.000000 tcp 10.0.2.109 56734 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:31:03.873124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:31:09.491653 3.003995 tcp 10.0.2.109 56735 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:31:18.494163 0.000000 tcp 10.0.2.109 56735 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:31:35.879307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:36:24.495083 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 17:36:24.495229 2.993876 tcp 10.0.2.109 56736 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:36:33.497063 0.000000 tcp 10.0.2.109 56736 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:36:39.497353 0.052667 tcp 10.0.2.109 56737 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:36:39.550327 0.062606 tcp 10.0.2.109 56738 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:36:39.613300 0.146645 tcp 10.0.2.109 56739 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:36:40.179644 3.001289 tcp 10.0.2.109 56740 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:36:49.179828 0.000000 tcp 10.0.2.109 56740 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:36:55.178954 0.051340 tcp 10.0.2.109 56741 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:36:55.230538 0.063045 tcp 10.0.2.109 56742 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:36:55.293868 0.149375 tcp 10.0.2.109 56743 -> 195.113.214.249 443 SRPA* 0 0 32 17848 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:36:55.505040 2.998081 tcp 10.0.2.109 56744 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:37:04.502623 0.000000 tcp 10.0.2.109 56744 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:37:10.500458 3.004168 tcp 10.0.2.109 56745 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:37:19.503271 0.000000 tcp 10.0.2.109 56745 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:37:39.886002 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 17:37:46.892143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:37:54.894325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:38:10.897274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:38:42.903149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:42:25.504065 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 17:42:25.504168 3.003471 tcp 10.0.2.109 56746 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:42:34.518396 0.000000 tcp 10.0.2.109 56746 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:42:40.506622 0.052089 tcp 10.0.2.109 56747 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:42:40.558953 0.060155 tcp 10.0.2.109 56748 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:42:40.619423 0.149440 tcp 10.0.2.109 56749 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:42:41.020245 2.992561 tcp 10.0.2.109 56750 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:42:50.008974 0.000000 tcp 10.0.2.109 56750 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:42:56.017612 0.051617 tcp 10.0.2.109 56751 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:42:56.069489 0.062959 tcp 10.0.2.109 56752 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:42:56.132765 0.149850 tcp 10.0.2.109 56753 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:42:56.298788 3.006657 tcp 10.0.2.109 56754 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:43:05.302828 0.000000 tcp 10.0.2.109 56754 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:43:11.299265 3.004203 tcp 10.0.2.109 56755 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:43:20.301975 0.000000 tcp 10.0.2.109 56755 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:44:46.909631 3.001497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 17:44:53.916668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:45:01.918321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:45:17.921216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:45:49.927700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:48:26.303186 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 17:48:26.303332 3.003260 tcp 10.0.2.109 56756 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:48:35.305179 0.000000 tcp 10.0.2.109 56756 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:48:41.305438 0.053915 tcp 10.0.2.109 56757 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:48:41.359656 0.061808 tcp 10.0.2.109 56758 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:48:41.421746 0.149060 tcp 10.0.2.109 56759 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:48:41.581936 2.996473 tcp 10.0.2.109 56760 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:48:50.586520 0.000000 tcp 10.0.2.109 56760 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:48:56.578418 0.051315 tcp 10.0.2.109 56761 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:48:56.630054 0.063893 tcp 10.0.2.109 56762 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:48:56.694457 0.152949 tcp 10.0.2.109 56763 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 17:48:56.866318 2.994652 tcp 10.0.2.109 56764 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:49:05.858974 0.000000 tcp 10.0.2.109 56764 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:49:11.857655 3.004202 tcp 10.0.2.109 56765 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:49:20.861294 0.000000 tcp 10.0.2.109 56765 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 17:54:02.939043 3.007195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 17:54:09.951599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:54:17.949564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:54:33.953446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 17:55:05.957113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:00:31.264646 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 18:00:31.264806 0.404056 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:31.667634 0.116773 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:31.907275 0.240621 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:32.107191 0.167935 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:32.830809 0.052398 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:33.027258 0.229671 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:33.233778 0.072612 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:33.287076 0.323358 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:33.649038 0.171033 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:33.793343 0.068592 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:33.845266 0.222864 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:34.060357 0.173593 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:34.230566 0.093248 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:34.379561 0.347730 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:34.708074 0.660003 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:35.333067 0.331389 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:35.798803 0.350570 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:36.145516 0.168545 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:36.291723 0.343067 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:36.713260 0.392572 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:37.088590 0.324517 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:37.586975 0.095879 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:37.656114 0.163639 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:37.861884 0.245773 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:38.054311 0.405821 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:38.442908 0.075556 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:38.696761 0.709522 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:00:41.899941 3.003947 tcp 10.0.2.109 56766 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:00:50.902087 0.000000 tcp 10.0.2.109 56766 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:00:56.903175 0.051740 tcp 10.0.2.109 56767 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:00:56.955188 0.062489 tcp 10.0.2.109 56768 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:00:57.018007 0.152434 tcp 10.0.2.109 56769 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:00:57.287320 3.008884 tcp 10.0.2.109 56770 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:01:06.294849 0.000000 tcp 10.0.2.109 56770 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:01:12.283682 0.051653 tcp 10.0.2.109 56771 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:01:12.335625 0.063252 tcp 10.0.2.109 56772 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:01:12.399145 0.151522 tcp 10.0.2.109 56773 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:01:13.026995 3.001613 tcp 10.0.2.109 56774 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:01:14.969444 3.002447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 18:01:21.977157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:01:22.037262 0.000000 tcp 10.0.2.109 56774 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:01:28.026457 2.993848 tcp 10.0.2.109 56775 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:01:29.979361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:01:37.020463 0.000000 tcp 10.0.2.109 56775 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:01:45.981834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:02:17.987786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:06:43.029553 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 18:06:43.029726 3.003174 tcp 10.0.2.109 56776 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:06:52.035097 0.000000 tcp 10.0.2.109 56776 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:06:58.034734 0.052366 tcp 10.0.2.109 56777 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:06:58.087345 0.064620 tcp 10.0.2.109 56778 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:06:58.152300 0.149605 tcp 10.0.2.109 56779 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:06:58.435396 3.004039 tcp 10.0.2.109 56780 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:07:07.436602 0.000000 tcp 10.0.2.109 56780 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:07:13.436029 0.051963 tcp 10.0.2.109 56781 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:07:13.488286 0.061946 tcp 10.0.2.109 56782 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:07:13.550519 0.148316 tcp 10.0.2.109 56783 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:07:14.029999 2.997928 tcp 10.0.2.109 56784 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:07:23.041819 0.000000 tcp 10.0.2.109 56784 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:07:29.025348 2.993887 tcp 10.0.2.109 56785 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:07:38.017774 0.000000 tcp 10.0.2.109 56785 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:08:38.998278 3.001800 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 18:08:46.005704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:08:54.007737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:09:10.012618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:09:42.015735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:12:44.029042 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 18:12:44.029154 3.006094 tcp 10.0.2.109 56786 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:12:53.031072 0.000000 tcp 10.0.2.109 56786 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:12:59.032069 0.053713 tcp 10.0.2.109 56787 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:12:59.086033 0.062347 tcp 10.0.2.109 56788 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:12:59.148746 0.147168 tcp 10.0.2.109 56789 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:12:59.489524 3.005062 tcp 10.0.2.109 56790 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:13:08.492788 0.000000 tcp 10.0.2.109 56790 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:13:14.483606 0.052793 tcp 10.0.2.109 56791 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:13:14.536699 0.060789 tcp 10.0.2.109 56792 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:13:14.597767 0.154348 tcp 10.0.2.109 56793 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:13:14.853521 3.002378 tcp 10.0.2.109 56794 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:13:23.855014 0.000000 tcp 10.0.2.109 56794 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:13:29.843835 2.994107 tcp 10.0.2.109 56795 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:13:38.846071 0.000000 tcp 10.0.2.109 56795 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:15:46.021854 3.003037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 18:15:53.029778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:16:01.031333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:16:17.034212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:16:49.040405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:18:44.847347 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 18:18:44.847529 2.993510 tcp 10.0.2.109 56796 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:18:53.839499 0.000000 tcp 10.0.2.109 56796 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:18:59.850323 0.053583 tcp 10.0.2.109 56797 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:18:59.904172 0.060614 tcp 10.0.2.109 56798 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:18:59.965048 0.149968 tcp 10.0.2.109 56799 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:19:00.124106 2.998742 tcp 10.0.2.109 56800 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:19:09.121943 0.000000 tcp 10.0.2.109 56800 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:19:15.121107 0.030823 tcp 10.0.2.109 56801 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:19:15.152193 0.061409 tcp 10.0.2.109 56802 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:19:15.213852 0.149710 tcp 10.0.2.109 56803 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:19:15.374640 3.000292 tcp 10.0.2.109 56804 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:19:24.373677 0.000000 tcp 10.0.2.109 56804 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:19:30.372221 3.004320 tcp 10.0.2.109 56805 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:19:39.375294 0.000000 tcp 10.0.2.109 56805 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:22:53.046382 3.001419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 18:23:00.053077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:23:08.059501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:23:24.058384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:23:56.064049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:30:00.072304 2.999718 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 18:30:07.077472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:30:15.078940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:30:31.082182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:30:57.079864 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 18:30:57.080077 0.239094 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:57.278949 0.397653 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:57.735392 0.119209 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:57.815233 0.220984 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:58.014803 0.068994 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:58.066799 0.170388 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:58.210389 0.053350 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:58.279716 0.329711 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:58.682698 0.191331 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:58.899296 0.066715 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:58.949649 0.152853 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:59.094522 0.172159 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:59.264017 0.105357 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:59.404455 0.358690 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:30:59.743458 0.347140 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:00.086684 0.250059 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:00.300300 0.326117 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:00.414998 2.994748 tcp 10.0.2.109 56806 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:31:00.742709 0.393728 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:01.117487 0.168086 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:01.263289 0.337036 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:01.602647 0.324232 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:01.963010 0.089214 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:02.027114 0.165811 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:02.190221 0.246707 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:02.410055 0.405392 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:02.795425 0.072397 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:02.959736 0.875087 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/09 18:31:03.089554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:31:09.416989 0.000000 tcp 10.0.2.109 56806 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:31:15.418042 0.053477 tcp 10.0.2.109 56807 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:31:15.471867 0.062418 tcp 10.0.2.109 56808 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:31:15.534659 0.152779 tcp 10.0.2.109 56809 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:31:15.730447 3.000602 tcp 10.0.2.109 56810 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:31:24.729361 0.000000 tcp 10.0.2.109 56810 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:31:30.728588 0.052495 tcp 10.0.2.109 56811 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:31:30.781368 0.060541 tcp 10.0.2.109 56812 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:31:30.842218 0.147497 tcp 10.0.2.109 56813 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:31:31.044403 2.998035 tcp 10.0.2.109 56814 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:31:40.041489 0.000000 tcp 10.0.2.109 56814 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:31:46.040241 3.004149 tcp 10.0.2.109 56815 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:31:55.042878 0.000000 tcp 10.0.2.109 56815 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:37:01.043305 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 18:37:01.043450 3.003619 tcp 10.0.2.109 56816 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:37:07.095066 3.000612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 18:37:10.045523 0.000000 tcp 10.0.2.109 56816 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:37:14.101630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:37:16.045696 0.052612 tcp 10.0.2.109 56817 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:37:16.098561 0.063670 tcp 10.0.2.109 56818 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:37:16.162542 0.151256 tcp 10.0.2.109 56819 -> 195.113.214.249 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:37:16.531842 2.997368 tcp 10.0.2.109 56820 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:37:22.102957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:37:25.528723 0.000000 tcp 10.0.2.109 56820 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:37:31.527645 0.077875 tcp 10.0.2.109 56821 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:37:31.605811 0.061004 tcp 10.0.2.109 56822 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:37:31.667040 0.151193 tcp 10.0.2.109 56823 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:37:31.928055 2.978311 tcp 10.0.2.109 56824 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:37:38.106210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:37:40.900163 0.000000 tcp 10.0.2.109 56824 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:37:46.908912 3.004038 tcp 10.0.2.109 56825 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:37:55.911742 0.000000 tcp 10.0.2.109 56825 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:38:10.112304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:43:01.912243 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 18:43:01.912421 3.003139 tcp 10.0.2.109 56826 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:43:10.915320 0.000000 tcp 10.0.2.109 56826 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:43:16.917566 0.051887 tcp 10.0.2.109 56827 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:43:16.969731 0.060853 tcp 10.0.2.109 56828 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:43:17.030868 0.150659 tcp 10.0.2.109 56829 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:43:17.417485 2.990973 tcp 10.0.2.109 56830 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:43:26.419179 0.000000 tcp 10.0.2.109 56830 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:43:32.416052 0.051558 tcp 10.0.2.109 56831 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:43:32.467879 0.064171 tcp 10.0.2.109 56832 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:43:32.532294 0.147369 tcp 10.0.2.109 56833 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:43:32.887659 3.002891 tcp 10.0.2.109 56834 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:43:41.889070 0.000000 tcp 10.0.2.109 56834 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:43:47.887840 3.004218 tcp 10.0.2.109 56835 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:43:56.896504 0.000000 tcp 10.0.2.109 56835 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:44:14.117958 3.001722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 18:44:21.125809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:44:29.127127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:44:45.136521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:45:17.136570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:49:02.891239 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 18:49:02.891390 3.003492 tcp 10.0.2.109 56836 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:49:11.893379 0.000000 tcp 10.0.2.109 56836 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:49:17.893606 0.053353 tcp 10.0.2.109 56837 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:49:17.947155 0.063050 tcp 10.0.2.109 56838 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:49:18.010479 0.148030 tcp 10.0.2.109 56839 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:49:18.203112 3.003833 tcp 10.0.2.109 56840 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:49:27.205814 0.000000 tcp 10.0.2.109 56840 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:49:33.205174 0.031514 tcp 10.0.2.109 56841 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:49:33.236975 0.059887 tcp 10.0.2.109 56842 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:49:33.297206 0.151471 tcp 10.0.2.109 56843 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/09 18:49:33.571613 2.997608 tcp 10.0.2.109 56844 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:49:42.577580 0.000000 tcp 10.0.2.109 56844 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:49:48.566476 2.994298 tcp 10.0.2.109 56845 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:49:57.559135 0.000000 tcp 10.0.2.109 56845 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 18:53:42.144349 3.002509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 18:53:49.152167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:53:57.153450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:54:13.159909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 18:54:45.162702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:00:49.168279 3.002236 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 19:00:56.176424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:01:04.178568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:01:20.181418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:01:31.066836 0.000180 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 19:01:31.067149 0.111571 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:31.142451 0.240622 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:31.343659 0.400589 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:31.928891 0.217290 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:32.124301 0.072017 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:32.244665 0.165611 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:32.388396 0.053179 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:32.520812 0.344481 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:32.864271 0.175671 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:33.238589 0.066507 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:33.420019 0.147807 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:33.610387 3.004405 tcp 10.0.2.109 56846 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:01:33.735155 0.174345 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:33.905381 0.106512 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:34.168283 0.348126 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:34.497197 0.325499 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 1994 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:34.946670 0.347264 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:35.290051 0.843330 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:36.096498 0.384130 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:36.462320 0.166790 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:36.606652 0.340128 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:36.986758 0.325731 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:37.410746 0.214732 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:37.613419 0.406797 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:38.143156 0.075440 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:38.717798 0.092955 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:39.103452 0.166264 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:39.265840 0.733167 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:01:42.614777 0.000000 tcp 10.0.2.109 56846 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:01:48.613175 0.053408 tcp 10.0.2.109 56847 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:01:48.666845 0.060579 tcp 10.0.2.109 56848 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:01:48.727265 0.153288 tcp 10.0.2.109 56849 -> 195.113.214.249 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:01:48.943097 3.003621 tcp 10.0.2.109 56850 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:01:52.186825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:01:57.944969 0.000000 tcp 10.0.2.109 56850 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:02:03.947643 0.051506 tcp 10.0.2.109 56851 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:02:03.999493 0.059375 tcp 10.0.2.109 56852 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:02:04.059158 0.151835 tcp 10.0.2.109 56853 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:02:04.343258 2.994636 tcp 10.0.2.109 56854 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:02:13.347222 0.000000 tcp 10.0.2.109 56854 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:02:19.338662 2.994898 tcp 10.0.2.109 56855 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:02:28.328765 0.000000 tcp 10.0.2.109 56855 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:07:34.339435 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 19:07:34.339553 3.003347 tcp 10.0.2.109 56856 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:07:43.341732 0.000000 tcp 10.0.2.109 56856 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:07:49.342159 0.031482 tcp 10.0.2.109 56857 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:07:49.374002 0.060629 tcp 10.0.2.109 56858 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:07:49.434933 0.155391 tcp 10.0.2.109 56859 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:07:49.658770 2.996016 tcp 10.0.2.109 56860 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:07:58.653471 0.000000 tcp 10.0.2.109 56860 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:08:03.202980 3.001352 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 19:08:04.652796 0.052006 tcp 10.0.2.109 56861 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:08:04.705166 0.064160 tcp 10.0.2.109 56862 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:08:04.769627 0.146775 tcp 10.0.2.109 56863 -> 195.113.214.249 443 SRPA* 0 0 23 11450 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:08:05.032291 3.006577 tcp 10.0.2.109 56864 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:08:10.210127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:08:14.037412 0.000000 tcp 10.0.2.109 56864 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:08:18.215359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:08:20.024971 2.993915 tcp 10.0.2.109 56865 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:08:29.152398 0.000000 tcp 10.0.2.109 56865 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:08:34.307557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:09:06.220742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:13:35.028323 0.000198 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 19:13:35.028622 3.002697 tcp 10.0.2.109 56866 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:13:44.029685 0.000000 tcp 10.0.2.109 56866 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:13:50.220549 0.052934 tcp 10.0.2.109 56867 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:13:50.273838 0.061023 tcp 10.0.2.109 56868 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:13:50.335107 0.150474 tcp 10.0.2.109 56869 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:13:50.609226 2.975437 tcp 10.0.2.109 56870 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:13:59.524383 0.000000 tcp 10.0.2.109 56870 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:14:05.463293 0.052313 tcp 10.0.2.109 56871 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:14:05.515845 0.060138 tcp 10.0.2.109 56872 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:14:05.576366 0.155082 tcp 10.0.2.109 56873 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:14:07.373364 2.974412 tcp 10.0.2.109 56874 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:14:16.356549 0.000000 tcp 10.0.2.109 56874 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:14:22.345436 2.994266 tcp 10.0.2.109 56875 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:14:31.337916 0.000000 tcp 10.0.2.109 56875 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:15:11.228464 3.008265 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 19:15:18.235705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:15:26.237304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:15:42.240197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:16:14.246055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:19:37.351418 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 19:19:37.351514 3.001160 tcp 10.0.2.109 56876 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:19:46.351874 0.000000 tcp 10.0.2.109 56876 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:19:52.351654 0.054078 tcp 10.0.2.109 56877 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:19:52.406034 0.061844 tcp 10.0.2.109 56878 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:19:52.468100 0.153244 tcp 10.0.2.109 56879 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:19:52.636647 2.997785 tcp 10.0.2.109 56880 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:20:01.632929 0.000000 tcp 10.0.2.109 56880 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:20:07.632115 0.051998 tcp 10.0.2.109 56881 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:20:07.684347 0.061158 tcp 10.0.2.109 56882 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:20:07.745782 0.155269 tcp 10.0.2.109 56883 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:20:07.911735 3.004063 tcp 10.0.2.109 56884 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:20:16.915245 0.000000 tcp 10.0.2.109 56884 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:20:22.903851 3.003848 tcp 10.0.2.109 56885 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:20:31.916464 0.000000 tcp 10.0.2.109 56885 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:22:19.253877 3.001373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 19:22:26.261084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:22:34.262514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:22:50.265593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:23:22.271803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:29:26.278451 3.000759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 19:29:33.285093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:29:41.286569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:29:57.297314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:30:29.295670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:31:47.948610 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 19:31:47.948853 0.568787 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:48.550311 0.217286 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:48.745849 0.529429 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:49.233104 0.286520 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:49.475476 0.074094 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:49.589334 0.164446 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:49.731975 0.052274 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:49.807175 0.330364 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:50.167267 0.176565 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:50.313123 0.065020 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:50.362051 0.152738 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:50.501985 0.174722 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:50.673918 0.093209 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:50.786651 0.356900 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:51.123427 0.335232 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:51.457141 0.350449 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:51.803574 0.249861 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:52.019215 0.341060 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:52.422836 0.326931 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:52.758761 0.384054 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:52.945837 2.994333 tcp 10.0.2.109 56886 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:31:53.124301 0.168705 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:53.269324 0.164169 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:53.422876 0.402487 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:53.808722 0.168125 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:53.973363 0.753981 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:54.487983 0.075325 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:31:54.602144 0.092343 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/09 19:32:01.938886 0.000000 tcp 10.0.2.109 56886 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:32:07.949448 0.052343 tcp 10.0.2.109 56887 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:32:08.002061 0.060505 tcp 10.0.2.109 56888 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:32:08.062913 0.150435 tcp 10.0.2.109 56889 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:32:08.294979 2.996904 tcp 10.0.2.109 56890 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:32:17.291375 0.000000 tcp 10.0.2.109 56890 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:32:23.290099 0.030728 tcp 10.0.2.109 56891 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:32:23.321124 0.061246 tcp 10.0.2.109 56892 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:32:23.382711 0.147542 tcp 10.0.2.109 56893 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:32:23.541033 3.003238 tcp 10.0.2.109 56894 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:32:32.542579 0.000000 tcp 10.0.2.109 56894 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:32:38.541509 3.004413 tcp 10.0.2.109 56895 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:32:47.544354 0.000000 tcp 10.0.2.109 56895 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:36:33.301517 3.001849 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 19:36:40.308906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:36:48.310418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:37:04.313617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:37:36.326660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:37:53.544765 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 19:37:53.544919 2.994845 tcp 10.0.2.109 56896 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:38:02.552437 0.000000 tcp 10.0.2.109 56896 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:38:08.548421 0.031139 tcp 10.0.2.109 56897 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:38:08.579794 0.060617 tcp 10.0.2.109 56898 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:38:08.641048 0.148261 tcp 10.0.2.109 56899 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:38:09.143854 3.006073 tcp 10.0.2.109 56900 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:38:18.140626 0.000000 tcp 10.0.2.109 56900 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:38:24.138850 0.031336 tcp 10.0.2.109 56901 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:38:24.170449 0.063879 tcp 10.0.2.109 56902 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:38:24.234675 0.164991 tcp 10.0.2.109 56903 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:38:24.518747 3.004454 tcp 10.0.2.109 56904 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:38:33.521653 0.000000 tcp 10.0.2.109 56904 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:38:39.520836 3.003684 tcp 10.0.2.109 56905 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:38:48.524585 0.000000 tcp 10.0.2.109 56905 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:43:40.325346 3.003007 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 19:43:47.333021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:43:54.524167 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 19:43:54.524275 2.993338 tcp 10.0.2.109 56906 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:43:55.334202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:44:03.526435 0.000000 tcp 10.0.2.109 56906 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:44:09.526346 0.031310 tcp 10.0.2.109 56907 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:44:09.558375 0.061420 tcp 10.0.2.109 56908 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:44:09.620054 0.147547 tcp 10.0.2.109 56909 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:44:09.967014 2.992906 tcp 10.0.2.109 56910 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:44:11.337634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:44:18.958603 0.000000 tcp 10.0.2.109 56910 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:44:24.968185 0.051955 tcp 10.0.2.109 56911 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:44:25.020422 0.062485 tcp 10.0.2.109 56912 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:44:25.083207 0.150159 tcp 10.0.2.109 56913 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:44:25.505724 2.996696 tcp 10.0.2.109 56914 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:44:34.500541 0.000000 tcp 10.0.2.109 56914 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:44:40.499521 3.004290 tcp 10.0.2.109 56915 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:44:43.343414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:44:49.504822 0.000000 tcp 10.0.2.109 56915 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:49:55.503032 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 19:49:55.503206 3.003304 tcp 10.0.2.109 56916 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:50:04.505082 0.000000 tcp 10.0.2.109 56916 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:50:10.505671 0.052850 tcp 10.0.2.109 56917 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:50:10.558807 0.064331 tcp 10.0.2.109 56918 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:50:10.623467 0.155822 tcp 10.0.2.109 56919 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:50:11.080878 2.998142 tcp 10.0.2.109 56920 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:50:20.077478 0.000000 tcp 10.0.2.109 56920 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:50:26.076609 0.051986 tcp 10.0.2.109 56921 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:50:26.128945 0.061291 tcp 10.0.2.109 56922 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:50:26.190444 0.154316 tcp 10.0.2.109 56923 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 19:50:26.448666 2.992460 tcp 10.0.2.109 56924 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:50:35.439534 0.000000 tcp 10.0.2.109 56924 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:50:41.448591 3.004136 tcp 10.0.2.109 56925 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:50:47.349722 3.001484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 19:50:50.451194 0.000000 tcp 10.0.2.109 56925 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 19:50:54.357925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:51:02.358663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:51:18.361810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:51:50.368017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:57:54.381703 2.995375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 19:58:01.380818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:58:09.387206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:58:25.385929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 19:58:57.391653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:01:56.392936 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 20:01:56.393043 0.407861 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:57.055345 0.216242 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:57.251561 0.119054 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:57.480164 0.242366 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:57.683976 0.070593 rtcp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:58.020451 0.168580 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:58.167339 0.219606 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:58.494945 0.068824 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:58.545090 0.151202 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:58.688853 0.172874 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:59.053349 0.105629 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:59.187238 0.337093 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:59.523534 0.174349 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:01:59.871898 0.354703 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:00.206015 0.334074 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:00.640729 0.348622 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:01.039021 0.324635 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:01.514846 0.280945 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:01.759031 0.342040 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:02.284418 0.388519 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:02.655047 0.167772 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:02.928660 0.176927 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:03.079799 0.407544 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:03.645140 0.075341 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:03.838747 0.087918 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:03.902145 0.168255 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:04.067621 0.712498 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:02:11.491436 3.003477 tcp 10.0.2.109 56926 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:02:20.493460 0.000000 tcp 10.0.2.109 56926 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:02:26.494043 0.053435 tcp 10.0.2.109 56927 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:02:26.547698 0.063180 tcp 10.0.2.109 56928 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:02:26.611139 0.144852 tcp 10.0.2.109 56929 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:02:26.820431 3.005923 tcp 10.0.2.109 56930 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:02:35.825457 0.000000 tcp 10.0.2.109 56930 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:02:41.814788 0.052961 tcp 10.0.2.109 56931 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:02:41.867997 0.061188 tcp 10.0.2.109 56932 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:02:41.929534 0.148097 tcp 10.0.2.109 56933 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:02:42.164228 2.995342 tcp 10.0.2.109 56934 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:02:51.157364 0.000000 tcp 10.0.2.109 56934 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:02:57.155915 2.994908 tcp 10.0.2.109 56935 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:03:06.149203 0.000000 tcp 10.0.2.109 56935 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:05:25.402676 3.000699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 20:05:32.409267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:05:40.411145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:05:56.420172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:06:28.423932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:08:12.159705 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 20:08:12.159852 3.003376 tcp 10.0.2.109 56936 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:08:21.161924 0.000000 tcp 10.0.2.109 56936 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:08:27.776969 0.032261 tcp 10.0.2.109 56937 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:08:27.809567 0.064265 tcp 10.0.2.109 56938 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:08:27.874108 0.152349 tcp 10.0.2.109 56939 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:08:28.327200 2.964378 tcp 10.0.2.109 56940 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:08:37.220555 0.000000 tcp 10.0.2.109 56940 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:08:43.134885 0.030263 tcp 10.0.2.109 56941 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:08:43.165380 0.061463 tcp 10.0.2.109 56942 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:08:43.227137 0.148351 tcp 10.0.2.109 56943 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:08:43.439204 2.964395 tcp 10.0.2.109 56944 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:08:52.340612 0.000000 tcp 10.0.2.109 56944 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:08:58.251380 2.959768 tcp 10.0.2.109 56945 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:09:07.151473 0.000000 tcp 10.0.2.109 56945 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:12:36.431684 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 20:12:43.439232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:12:51.440625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:13:07.443556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:13:39.449560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:14:13.018981 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 20:14:13.019179 3.002887 tcp 10.0.2.109 56946 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:14:22.022624 0.000000 tcp 10.0.2.109 56946 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:14:28.021008 0.052831 tcp 10.0.2.109 56947 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:14:28.074300 0.062855 tcp 10.0.2.109 56948 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:14:28.137404 0.149585 tcp 10.0.2.109 56949 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:14:28.550195 3.004155 tcp 10.0.2.109 56950 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:14:37.553181 0.000000 tcp 10.0.2.109 56950 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:14:43.552397 0.051805 tcp 10.0.2.109 56951 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:14:43.604466 0.061338 tcp 10.0.2.109 56952 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:14:43.666119 0.152757 tcp 10.0.2.109 56953 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:14:44.040545 3.006382 tcp 10.0.2.109 56954 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:14:53.045367 0.000000 tcp 10.0.2.109 56954 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:14:59.034235 2.994246 tcp 10.0.2.109 56955 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:15:08.036947 0.000000 tcp 10.0.2.109 56955 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:19:44.457197 3.001601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 20:19:51.464622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:19:59.466023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:20:14.037374 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 20:20:14.037467 3.003661 tcp 10.0.2.109 56956 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:20:15.469216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:20:23.039735 0.000000 tcp 10.0.2.109 56956 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:20:29.040521 0.032942 tcp 10.0.2.109 56957 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:20:29.073736 0.059594 tcp 10.0.2.109 56958 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:20:29.133613 0.148850 tcp 10.0.2.109 56959 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:20:29.318173 3.006636 tcp 10.0.2.109 56960 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:20:38.321850 0.000000 tcp 10.0.2.109 56960 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:20:44.311092 0.030244 tcp 10.0.2.109 56961 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:20:44.341600 0.060568 tcp 10.0.2.109 56962 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:20:44.402434 0.151768 tcp 10.0.2.109 56963 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:20:44.576635 2.998501 tcp 10.0.2.109 56964 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:20:47.474857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:20:53.573563 0.000000 tcp 10.0.2.109 56964 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:20:59.572518 3.003950 tcp 10.0.2.109 56965 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:21:08.575187 0.000000 tcp 10.0.2.109 56965 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:26:51.489847 2.999624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 20:26:58.492406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:27:06.494041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:27:22.506968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:27:54.499084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:32:30.575894 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 20:32:30.575980 0.403281 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:31.105701 0.243344 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:31.307715 0.073225 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:31.361451 0.217798 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:31.578790 0.116058 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:31.657590 0.166431 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:31.996509 0.053261 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:32.139119 0.066102 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:32.191155 0.278374 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:32.846251 0.235088 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:33.078481 0.104932 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:33.369938 0.323465 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:33.733780 0.174515 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:33.928384 0.355635 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:34.263668 0.326753 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:34.612338 0.352714 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:35.006314 0.346019 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:35.434117 0.324072 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:35.789543 0.247379 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:36.002599 0.383399 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:36.368907 0.166319 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:36.513918 0.150609 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:36.655101 0.083737 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:36.753705 0.165202 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:36.915435 0.407855 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:37.303193 0.075588 rtcp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:37.380076 0.681352 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/09 20:32:44.616095 2.994286 tcp 10.0.2.109 56966 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:32:53.609228 0.000000 tcp 10.0.2.109 56966 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:32:59.619263 0.032034 tcp 10.0.2.109 56967 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:32:59.651529 0.059810 tcp 10.0.2.109 56968 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:32:59.711692 0.153728 tcp 10.0.2.109 56969 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:32:59.874869 2.997485 tcp 10.0.2.109 56970 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:33:08.871116 0.000000 tcp 10.0.2.109 56970 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:33:14.876304 0.030839 tcp 10.0.2.109 56971 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:33:14.907451 0.065589 tcp 10.0.2.109 56972 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:33:14.973334 0.147370 tcp 10.0.2.109 56973 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:33:15.422249 2.992386 tcp 10.0.2.109 56974 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:33:24.413354 0.000000 tcp 10.0.2.109 56974 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:33:30.415146 3.004474 tcp 10.0.2.109 56975 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:33:39.414902 0.000000 tcp 10.0.2.109 56975 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:33:58.505308 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 20:34:05.513159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:34:13.514019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:34:29.516985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:35:01.523231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:38:45.415505 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 20:38:45.415691 2.993371 tcp 10.0.2.109 56976 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:38:54.407988 0.000000 tcp 10.0.2.109 56976 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:39:00.418536 0.032096 tcp 10.0.2.109 56977 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:39:00.450884 0.063761 tcp 10.0.2.109 56978 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:39:00.514928 0.149671 tcp 10.0.2.109 56979 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:39:00.674803 2.996222 tcp 10.0.2.109 56980 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:39:09.669516 0.000000 tcp 10.0.2.109 56980 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:39:15.669191 0.052021 tcp 10.0.2.109 56981 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:39:15.721502 0.061440 tcp 10.0.2.109 56982 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:39:15.783207 0.150952 tcp 10.0.2.109 56983 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:39:16.057579 3.005537 tcp 10.0.2.109 56984 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:39:25.061845 0.000000 tcp 10.0.2.109 56984 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:39:31.050899 3.005112 tcp 10.0.2.109 56985 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:39:40.053458 0.000000 tcp 10.0.2.109 56985 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:41:05.531078 2.999463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 20:41:12.536150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:41:20.538315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:41:36.540877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:42:08.546472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:44:46.053722 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 20:44:46.053867 3.003833 tcp 10.0.2.109 56986 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:44:55.066078 0.000000 tcp 10.0.2.109 56986 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:45:01.056501 0.052939 tcp 10.0.2.109 56987 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:45:01.109691 0.061480 tcp 10.0.2.109 56988 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:45:01.171501 0.153110 tcp 10.0.2.109 56989 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:45:01.340326 2.999290 tcp 10.0.2.109 56990 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:45:10.338358 0.000000 tcp 10.0.2.109 56990 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:45:16.339347 0.030911 tcp 10.0.2.109 56991 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:45:16.370566 0.063290 tcp 10.0.2.109 56992 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:45:16.434420 0.151444 tcp 10.0.2.109 56993 -> 195.113.214.249 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:45:16.601826 2.999691 tcp 10.0.2.109 56994 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:45:25.599544 0.000000 tcp 10.0.2.109 56994 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:45:31.599141 3.004065 tcp 10.0.2.109 56995 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:45:40.601711 0.000000 tcp 10.0.2.109 56995 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:48:12.552506 3.002226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 20:48:19.560276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:48:27.561984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:48:43.564615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:49:15.570913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:50:46.602523 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 20:50:46.602638 3.003357 tcp 10.0.2.109 56996 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:50:55.604576 0.000000 tcp 10.0.2.109 56996 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:51:01.605151 0.085749 tcp 10.0.2.109 56997 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:51:01.691188 0.061880 tcp 10.0.2.109 56998 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:51:01.753381 0.152081 tcp 10.0.2.109 56999 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:51:01.925980 2.992121 tcp 10.0.2.109 57000 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:51:10.926992 0.000000 tcp 10.0.2.109 57000 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:51:16.926074 0.031930 tcp 10.0.2.109 57001 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:51:16.958341 0.064390 tcp 10.0.2.109 57002 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:51:17.023083 0.148883 tcp 10.0.2.109 57003 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 20:51:17.289825 3.000235 tcp 10.0.2.109 57004 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:51:26.288718 0.000000 tcp 10.0.2.109 57004 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:51:32.292694 2.999123 tcp 10.0.2.109 57005 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:51:41.293697 0.000000 tcp 10.0.2.109 57005 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 20:55:47.580393 2.998421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 20:55:54.587874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:56:02.586210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:56:18.589348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 20:56:50.594945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:02:53.947229 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 21:02:53.947434 0.067150 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:54.355864 0.218656 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:54.553179 0.117078 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:54.600096 3.006817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 21:02:54.752863 0.407355 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:55.198722 0.240067 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:55.401020 0.169848 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:55.574666 0.052836 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:55.858842 0.070018 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2600 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:55.913340 0.151720 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:56.133404 0.322516 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:56.455412 0.176047 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:56.714824 0.175168 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:56.884023 0.105541 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:57.126781 0.338406 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:57.446056 0.328602 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:57.812727 0.328129 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:58.313776 0.353116 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:58.662986 0.341251 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:59.186213 0.425941 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:59.578494 0.381792 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:02:59.941867 0.167286 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:03:00.103913 0.185593 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:03:00.267512 0.091731 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:03:00.378642 0.168668 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:03:00.543744 0.695005 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:03:01.000199 0.409139 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:03:01.387753 0.075534 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:03:01.610643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:03:02.331081 3.002748 tcp 10.0.2.109 57006 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:03:09.610071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:03:11.332524 0.000000 tcp 10.0.2.109 57006 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:03:17.333074 0.052982 tcp 10.0.2.109 57007 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:03:17.386405 0.060836 tcp 10.0.2.109 57008 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:03:17.447578 0.148456 tcp 10.0.2.109 57009 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:03:17.712538 3.003207 tcp 10.0.2.109 57010 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:03:25.612456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:03:26.714029 0.000000 tcp 10.0.2.109 57010 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:03:32.713855 0.052767 tcp 10.0.2.109 57011 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:03:32.766894 0.060796 tcp 10.0.2.109 57012 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:03:32.827963 0.151559 tcp 10.0.2.109 57013 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:03:33.140573 2.997703 tcp 10.0.2.109 57014 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:03:42.146713 0.000000 tcp 10.0.2.109 57014 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:03:48.137075 2.997201 tcp 10.0.2.109 57015 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:03:57.128604 0.000000 tcp 10.0.2.109 57015 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:03:57.619380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:09:03.138892 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 21:09:03.139060 3.003588 tcp 10.0.2.109 57016 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:09:12.141377 0.000000 tcp 10.0.2.109 57016 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:09:18.141598 0.032145 tcp 10.0.2.109 57017 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:09:18.174050 0.061498 tcp 10.0.2.109 57018 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:09:18.235790 0.149863 tcp 10.0.2.109 57019 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:09:18.779937 2.998071 tcp 10.0.2.109 57020 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:09:27.773807 0.000000 tcp 10.0.2.109 57020 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:09:33.773111 0.031186 tcp 10.0.2.109 57021 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:09:33.804674 0.062634 tcp 10.0.2.109 57022 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:09:33.867594 0.150229 tcp 10.0.2.109 57023 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:09:34.284870 3.002273 tcp 10.0.2.109 57024 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:09:43.296143 0.000000 tcp 10.0.2.109 57024 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:09:49.284952 2.994186 tcp 10.0.2.109 57025 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:09:58.287410 0.000000 tcp 10.0.2.109 57025 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:10:01.624219 3.002006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 21:10:08.632487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:10:16.633924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:10:32.637050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:11:04.642952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:15:04.288468 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 21:15:04.288586 3.005047 tcp 10.0.2.109 57026 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:15:13.290637 0.000000 tcp 10.0.2.109 57026 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:15:19.291387 0.055077 tcp 10.0.2.109 57027 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:15:19.346743 0.063898 tcp 10.0.2.109 57028 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:15:19.410924 0.149262 tcp 10.0.2.109 57029 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:15:19.782444 3.001563 tcp 10.0.2.109 57030 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:15:28.782697 0.000000 tcp 10.0.2.109 57030 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:15:34.781321 0.052157 tcp 10.0.2.109 57031 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:15:34.833711 0.064966 tcp 10.0.2.109 57032 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:15:34.898985 0.147459 tcp 10.0.2.109 57033 -> 195.113.214.249 443 SRPA* 0 0 22 11628 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:15:35.107857 2.998036 tcp 10.0.2.109 57034 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:15:44.105006 0.000000 tcp 10.0.2.109 57034 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:15:50.103639 2.994073 tcp 10.0.2.109 57035 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:15:59.106416 0.000000 tcp 10.0.2.109 57035 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:17:08.649188 3.001347 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 21:17:15.656031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:17:23.658269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:17:39.661003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:18:11.667245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:21:05.106861 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 21:21:05.107046 2.993585 tcp 10.0.2.109 57036 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:21:14.099346 0.000000 tcp 10.0.2.109 57036 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:21:20.109865 0.032617 tcp 10.0.2.109 57037 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:21:20.142841 0.060752 tcp 10.0.2.109 57038 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:21:20.203862 0.156757 tcp 10.0.2.109 57039 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:21:20.398792 3.004302 tcp 10.0.2.109 57040 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:21:29.401081 0.000000 tcp 10.0.2.109 57040 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:21:35.400328 0.031197 tcp 10.0.2.109 57041 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:21:35.431777 0.065669 tcp 10.0.2.109 57042 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:21:35.497740 0.152297 tcp 10.0.2.109 57043 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:21:35.668005 3.006612 tcp 10.0.2.109 57044 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:21:44.673212 0.000000 tcp 10.0.2.109 57044 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:21:50.662061 3.004022 tcp 10.0.2.109 57045 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:21:59.664179 0.000000 tcp 10.0.2.109 57045 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:24:15.675963 2.998879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 21:24:22.680447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:24:30.684908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:24:46.684936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:25:18.691210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:31:22.701499 2.997396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 21:31:29.704355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:31:37.706045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:31:53.708965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:32:25.714891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:33:20.634437 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 21:33:20.634621 0.071841 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:20.688615 0.397902 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:20.704275 2.993933 tcp 10.0.2.109 57046 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:33:21.103881 0.215697 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:21.361436 0.117641 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:21.439832 0.244330 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2581 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:21.639282 0.169155 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:21.888327 0.051867 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:22.012397 0.323433 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:22.334381 0.069466 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:22.464311 0.157090 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:22.605385 0.105324 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:22.770453 0.177449 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:23.029266 0.177890 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:23.204613 0.344820 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:23.531271 0.333104 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:23.886804 0.325119 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:25.153704 0.349889 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:25.500017 0.338572 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:25.883359 0.244458 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:26.092349 0.383340 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:26.457069 0.168855 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:26.602337 0.170584 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:26.788454 0.088836 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:26.851362 0.165768 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:27.013945 0.478805 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:27.454046 0.408497 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:27.842654 0.075367 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/09 21:33:29.706887 0.000000 tcp 10.0.2.109 57046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:33:35.706652 0.031619 tcp 10.0.2.109 57047 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:33:35.738495 0.061058 tcp 10.0.2.109 57048 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:33:35.799907 0.147979 tcp 10.0.2.109 57049 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:33:36.014772 2.995565 tcp 10.0.2.109 57050 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:33:45.008943 0.000000 tcp 10.0.2.109 57050 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:38:29.721756 3.000943 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 21:38:36.728314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:38:44.730938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:38:51.009916 0.000157 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 21:38:51.010250 3.002692 tcp 10.0.2.109 57051 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:39:00.018344 0.000000 tcp 10.0.2.109 57051 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:39:00.738237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:39:06.011563 0.032380 tcp 10.0.2.109 57052 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:39:06.044202 0.063137 tcp 10.0.2.109 57053 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:39:06.107582 0.147273 tcp 10.0.2.109 57054 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:39:06.407718 3.007941 tcp 10.0.2.109 57055 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:39:15.413957 0.000000 tcp 10.0.2.109 57055 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:39:21.404066 0.030070 tcp 10.0.2.109 57056 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:39:21.434409 0.063576 tcp 10.0.2.109 57057 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:39:21.498452 0.149580 tcp 10.0.2.109 57058 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:39:21.748321 2.999155 tcp 10.0.2.109 57059 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:39:30.755864 0.000000 tcp 10.0.2.109 57059 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:39:32.739183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:39:36.744327 2.994781 tcp 10.0.2.109 57060 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:39:45.747612 0.000000 tcp 10.0.2.109 57060 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:44:51.748061 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 21:44:51.748154 3.003794 tcp 10.0.2.109 57061 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:45:00.750511 0.000000 tcp 10.0.2.109 57061 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:45:06.751240 0.052275 tcp 10.0.2.109 57062 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:45:06.803862 0.062510 tcp 10.0.2.109 57063 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:45:06.866709 0.148322 tcp 10.0.2.109 57064 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:45:07.133922 3.000010 tcp 10.0.2.109 57065 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:45:16.132621 0.000000 tcp 10.0.2.109 57065 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:45:22.131896 0.052192 tcp 10.0.2.109 57066 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:45:22.184356 0.060461 tcp 10.0.2.109 57067 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:45:22.245170 0.288374 tcp 10.0.2.109 57068 -> 195.113.214.249 443 SRPA* 0 0 73 77004 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:45:22.588176 3.008157 tcp 10.0.2.109 57069 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:45:31.594950 0.000000 tcp 10.0.2.109 57069 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:45:36.744667 3.002115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 21:45:37.583631 2.993935 tcp 10.0.2.109 57070 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:45:43.751739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:45:46.586507 0.000000 tcp 10.0.2.109 57070 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:45:51.753937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:46:07.758641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:46:39.763026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:50:52.587036 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 21:50:52.587186 2.993484 tcp 10.0.2.109 57071 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:51:01.579214 0.000000 tcp 10.0.2.109 57071 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:51:07.590365 0.053513 tcp 10.0.2.109 57072 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:51:07.644198 0.063273 tcp 10.0.2.109 57073 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:51:07.707816 0.149918 tcp 10.0.2.109 57074 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:51:07.898069 3.006682 tcp 10.0.2.109 57075 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:51:16.901557 0.000000 tcp 10.0.2.109 57075 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:51:22.890486 0.054213 tcp 10.0.2.109 57076 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:51:22.944928 0.061658 tcp 10.0.2.109 57077 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:51:23.006906 0.157127 tcp 10.0.2.109 57078 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:51:23.394282 3.000844 tcp 10.0.2.109 57079 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:51:32.393498 0.000000 tcp 10.0.2.109 57079 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:51:38.397446 3.000221 tcp 10.0.2.109 57080 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:51:47.395305 0.000000 tcp 10.0.2.109 57080 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:54:24.776762 2.998529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 21:54:31.780935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:54:39.788882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:54:55.785907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:55:27.792250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 21:56:53.399094 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 21:56:53.399179 2.990187 tcp 10.0.2.109 57081 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:57:02.388127 0.000000 tcp 10.0.2.109 57081 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:57:08.398300 0.052874 tcp 10.0.2.109 57082 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:57:08.451376 0.059772 tcp 10.0.2.109 57083 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:57:08.511470 0.134970 tcp 10.0.2.109 57084 -> 195.113.214.249 443 SRPA* 0 0 34 25900 flow=From-Botnet-V1-TCP-Established 1970/02/09 21:57:08.700575 3.000421 tcp 10.0.2.109 57085 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 21:57:17.700050 0.000000 tcp 10.0.2.109 57085 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:01:54.811052 3.001413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 22:02:01.818604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:02:09.820049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:02:25.823357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:02:57.829182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:03:46.108681 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 22:03:46.108855 0.074126 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:46.777057 0.406686 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:47.200255 0.221656 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2556 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:47.399152 0.190096 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:47.551563 0.239363 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:47.750090 0.168660 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:47.892382 0.053304 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:47.978105 0.225455 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:48.195690 0.093849 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:48.429130 0.336637 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:48.765166 0.069926 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:48.958196 0.200585 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:49.173997 0.173491 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:49.343283 0.366525 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:49.691922 0.347155 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:50.298248 0.324620 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:50.622311 0.349886 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:50.967906 0.337731 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:51.350638 0.276773 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:51.591357 0.392250 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:51.963883 0.167568 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:52.108795 0.150776 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:52.283061 0.093978 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:52.353406 0.410733 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:52.742660 0.164772 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:52.904540 0.715284 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:53.400223 0.075871 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:03:53.710025 3.003470 tcp 10.0.2.109 57086 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:04:02.712502 0.000000 tcp 10.0.2.109 57086 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:04:08.712485 0.052916 tcp 10.0.2.109 57087 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:04:08.765662 0.062816 tcp 10.0.2.109 57088 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:04:08.828831 0.151368 tcp 10.0.2.109 57089 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:04:09.303386 3.003092 tcp 10.0.2.109 57090 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:04:18.304917 0.000000 tcp 10.0.2.109 57090 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:04:24.303845 0.158839 tcp 10.0.2.109 57091 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:04:24.462932 0.063215 tcp 10.0.2.109 57092 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:04:24.526526 0.153474 tcp 10.0.2.109 57093 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:04:24.721277 2.974181 tcp 10.0.2.109 57094 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:04:33.650240 0.000000 tcp 10.0.2.109 57094 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:04:39.625309 3.400400 tcp 10.0.2.109 57095 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:04:48.970227 0.000000 tcp 10.0.2.109 57095 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:09:03.837693 3.002020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 22:09:10.844918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:09:18.847014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:09:34.849667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:09:54.649302 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 22:09:54.649416 3.002615 tcp 10.0.2.109 57096 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:10:03.651174 0.000000 tcp 10.0.2.109 57096 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:10:06.855872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:10:09.651582 0.052634 tcp 10.0.2.109 57097 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:10:09.704488 0.060573 tcp 10.0.2.109 57098 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:10:09.765454 0.148417 tcp 10.0.2.109 57099 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:10:09.964817 3.000070 tcp 10.0.2.109 57100 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:10:18.963188 0.000000 tcp 10.0.2.109 57100 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:10:24.962509 0.051001 tcp 10.0.2.109 57101 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:10:25.013719 0.060769 tcp 10.0.2.109 57102 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:10:25.074756 0.153325 tcp 10.0.2.109 57103 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:10:25.371524 3.005331 tcp 10.0.2.109 57104 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:10:34.375545 0.000000 tcp 10.0.2.109 57104 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:10:40.364554 2.993790 tcp 10.0.2.109 57105 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:10:49.367191 0.000000 tcp 10.0.2.109 57105 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:15:55.368056 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 22:15:55.368241 3.003052 tcp 10.0.2.109 57106 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:16:04.370084 0.000000 tcp 10.0.2.109 57106 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:16:10.370964 0.051871 tcp 10.0.2.109 57107 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:16:10.423079 0.063853 tcp 10.0.2.109 57108 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:16:10.487202 0.154042 tcp 10.0.2.109 57109 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:16:10.716562 2.996747 tcp 10.0.2.109 57110 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:16:15.869777 3.001527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 22:16:19.712423 0.000000 tcp 10.0.2.109 57110 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:16:22.876552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:16:25.710911 0.052564 tcp 10.0.2.109 57111 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:16:25.763742 0.063378 tcp 10.0.2.109 57112 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:16:25.827406 0.149221 tcp 10.0.2.109 57113 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:16:26.030989 3.004305 tcp 10.0.2.109 57114 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:16:30.878606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:16:35.033918 0.000000 tcp 10.0.2.109 57114 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:16:41.022766 3.004175 tcp 10.0.2.109 57115 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:16:46.880907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:16:50.025634 0.000000 tcp 10.0.2.109 57115 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:17:18.887238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:21:56.026492 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 22:21:56.026577 2.993058 tcp 10.0.2.109 57116 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:22:05.018843 0.000000 tcp 10.0.2.109 57116 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:22:11.028683 0.052442 tcp 10.0.2.109 57117 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:22:11.081407 0.060333 tcp 10.0.2.109 57118 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:22:11.141945 0.150873 tcp 10.0.2.109 57119 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:22:11.355544 2.996303 tcp 10.0.2.109 57120 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:22:20.350804 0.000000 tcp 10.0.2.109 57120 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:22:26.349700 0.052772 tcp 10.0.2.109 57121 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:22:26.402725 0.061438 tcp 10.0.2.109 57122 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:22:26.464509 0.153581 tcp 10.0.2.109 57123 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:22:26.728232 2.995287 tcp 10.0.2.109 57124 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:22:35.722817 0.000000 tcp 10.0.2.109 57124 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:22:41.721669 3.004043 tcp 10.0.2.109 57125 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:22:50.724092 0.000000 tcp 10.0.2.109 57125 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:23:26.897833 3.003144 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 22:23:33.907708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:23:41.907985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:23:57.910918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:24:29.916439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:30:33.923142 3.001289 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 22:30:40.935148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:30:48.931761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:31:04.934700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:31:36.940888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:33:59.655990 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 22:33:59.656072 0.219590 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:33:59.854031 0.120173 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:33:59.935821 0.072950 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:00.212184 0.405841 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:00.683500 0.241529 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:00.882660 0.165646 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:01.244044 0.052872 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:01.325321 0.253560 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:01.561381 0.105378 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:01.680612 0.335147 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:02.015202 0.068739 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:02.067345 0.174566 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:02.215201 0.173519 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:02.401408 0.350851 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:02.731039 0.366699 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:03.163071 0.345886 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:03.510723 0.326144 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:03.838688 0.350414 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:04.202547 0.250277 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:04.418184 0.382477 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:04.783692 0.165784 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:04.935949 0.158532 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:05.080811 0.091098 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:05.159255 0.676085 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:05.615550 0.405813 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:06.002274 0.320800 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:06.356045 0.075264 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/09 22:34:11.763762 2.993911 tcp 10.0.2.109 57126 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:34:20.766299 0.000000 tcp 10.0.2.109 57126 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:34:26.766257 0.053348 tcp 10.0.2.109 57127 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:34:26.819868 0.061002 tcp 10.0.2.109 57128 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:34:26.881158 0.154983 tcp 10.0.2.109 57129 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:34:27.046818 2.992822 tcp 10.0.2.109 57130 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:34:36.038206 0.000000 tcp 10.0.2.109 57130 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:34:42.047491 0.052137 tcp 10.0.2.109 57131 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:34:42.099929 0.059564 tcp 10.0.2.109 57132 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:34:42.159758 0.149672 tcp 10.0.2.109 57133 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:34:42.327632 2.994031 tcp 10.0.2.109 57134 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:34:51.320416 0.000000 tcp 10.0.2.109 57134 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:34:57.329156 3.004286 tcp 10.0.2.109 57135 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:35:06.331782 0.000000 tcp 10.0.2.109 57135 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:37:40.947077 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 22:37:47.954367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:37:55.956571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:38:11.958589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:38:43.965054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:40:12.332381 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 22:40:12.332526 3.003741 tcp 10.0.2.109 57136 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:40:21.334834 0.000000 tcp 10.0.2.109 57136 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:40:27.335099 0.053622 tcp 10.0.2.109 57137 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:40:27.388988 0.064330 tcp 10.0.2.109 57138 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:40:27.453682 0.156406 tcp 10.0.2.109 57139 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:40:27.646801 2.991638 tcp 10.0.2.109 57140 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:40:36.646715 0.000000 tcp 10.0.2.109 57140 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:40:42.648774 0.051623 tcp 10.0.2.109 57141 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:40:42.700678 0.062787 tcp 10.0.2.109 57142 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:40:42.763767 0.155614 tcp 10.0.2.109 57143 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:40:42.987272 2.992532 tcp 10.0.2.109 57144 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:40:51.978874 0.000000 tcp 10.0.2.109 57144 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:40:57.977618 3.004259 tcp 10.0.2.109 57145 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:41:06.980395 0.000000 tcp 10.0.2.109 57145 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:44:47.971411 3.000975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 22:44:54.978360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:45:02.979664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:45:18.982793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:45:50.988815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:46:12.981337 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 22:46:12.981552 3.003290 tcp 10.0.2.109 57146 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:46:21.983250 0.000000 tcp 10.0.2.109 57146 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:46:27.984186 0.052718 tcp 10.0.2.109 57147 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:46:28.037223 0.065183 tcp 10.0.2.109 57148 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:46:28.102704 0.148252 tcp 10.0.2.109 57149 -> 195.113.214.249 443 SRPA* 0 0 33 16696 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:46:28.311955 3.004977 tcp 10.0.2.109 57150 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:46:37.317334 0.000000 tcp 10.0.2.109 57150 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:46:43.304743 0.051975 tcp 10.0.2.109 57151 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:46:43.357068 0.106054 tcp 10.0.2.109 57152 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:46:43.463413 0.152225 tcp 10.0.2.109 57153 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:46:43.894041 2.995031 tcp 10.0.2.109 57154 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:46:52.900701 0.000000 tcp 10.0.2.109 57154 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:46:58.886180 2.994583 tcp 10.0.2.109 57155 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:47:07.879359 0.000000 tcp 10.0.2.109 57155 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:52:13.889777 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 22:52:13.890009 3.004962 tcp 10.0.2.109 57156 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:52:22.896331 0.000000 tcp 10.0.2.109 57156 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:52:28.893255 0.058606 tcp 10.0.2.109 57157 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:52:28.952152 0.064418 tcp 10.0.2.109 57158 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:52:29.016838 0.157911 tcp 10.0.2.109 57159 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:52:29.209725 3.011780 tcp 10.0.2.109 57160 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:52:38.214855 0.000000 tcp 10.0.2.109 57160 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:52:44.204939 0.052813 tcp 10.0.2.109 57161 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:52:44.258011 0.060753 tcp 10.0.2.109 57162 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:52:44.319011 0.157123 tcp 10.0.2.109 57163 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/09 22:52:44.559094 3.008777 tcp 10.0.2.109 57164 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:52:53.578072 0.000000 tcp 10.0.2.109 57164 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:52:59.554815 2.994399 tcp 10.0.2.109 57165 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:53:08.557952 0.000000 tcp 10.0.2.109 57165 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 22:54:01.997373 3.001532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 22:54:09.004906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:54:17.006313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:54:33.011567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 22:55:05.015504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:01:16.030666 3.002506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 23:01:23.038706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:01:31.040740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:01:47.046546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:02:19.221412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:04:28.515908 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 23:04:28.516117 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/09 23:04:45.171641 0.057946 tcp 10.0.2.109 57166 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 23:04:45.229916 0.065025 tcp 10.0.2.109 57167 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 23:04:45.295302 0.157918 tcp 10.0.2.109 57168 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 23:04:45.453765 0.116525 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:45.535437 0.072569 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:45.746931 0.402714 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:46.378698 0.234606 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:46.577253 0.148808 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:46.767004 0.105590 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2015 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:47.010890 0.169646 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:47.156742 0.053314 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:47.373735 0.343161 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:47.716206 0.069209 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:47.818924 0.175744 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:47.965943 0.173298 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:48.135275 0.342324 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:48.455785 0.325829 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:48.990348 0.365360 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:49.422764 0.342953 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:49.848913 0.353469 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:50.198522 0.248775 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:50.412562 0.394476 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:50.785008 0.166568 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:50.929367 0.685816 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:51.395151 0.171275 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:51.573508 0.086422 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:51.708298 0.075437 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:51.786342 0.406239 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:52.172380 0.167767 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:04:59.600287 3.007588 tcp 10.0.2.109 57169 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 23:05:08.603114 0.000000 tcp 10.0.2.109 57169 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/09 23:05:14.602520 0.052549 tcp 10.0.2.109 57170 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/09 23:05:14.655342 0.060256 tcp 10.0.2.109 57171 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/09 23:05:14.715906 0.147959 tcp 10.0.2.109 57172 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/09 23:05:15.066196 0.948121 tcp 10.0.2.109 57173 -> 176.73.169.112 1959 FSPA* 0 0 14 1637 flow=From-Botnet-V1-TCP-Established 1970/02/09 23:08:39.070637 2.999336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/09 23:08:46.077593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:08:54.077557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:09:10.079934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:09:42.086429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:15:46.092937 3.001214 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 23:15:53.099634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:16:01.101273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:16:17.104414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:16:49.110576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:22:53.116115 3.001751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 23:23:00.123447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:23:08.125425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:23:24.128771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:23:56.134369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:30:00.141418 3.000689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 23:30:07.147651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:30:15.149208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:30:31.152570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:31:03.158171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:34:55.542757 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/09 23:34:55.542847 0.222037 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:55.741576 0.317961 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:56.020737 0.093568 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:56.162896 0.408614 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:56.582745 0.241732 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:56.783408 0.168054 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:56.943763 0.092994 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2554 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:57.054702 0.168838 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:57.201001 0.052426 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:57.303079 0.331995 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:57.642792 0.064772 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:57.693266 0.177426 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:57.841850 0.169006 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:58.007875 0.376153 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:58.366071 0.326312 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:58.854621 0.418360 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:59.271318 0.337365 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:59.619188 0.392857 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:34:59.994459 0.167309 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:35:00.220670 0.347987 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:35:00.565092 0.246786 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:35:00.773884 0.694748 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:35:01.229051 0.190734 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:35:01.408660 0.083288 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:35:01.533314 0.075444 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:35:01.685692 0.408666 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:35:02.070829 0.165813 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/09 23:35:16.022225 0.612883 tcp 10.0.2.109 57174 -> 176.73.169.112 1959 FSPA* 0 0 14 1517 flow=From-Botnet-V1-TCP-Established 1970/02/09 23:37:07.168363 2.999678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 23:37:14.184837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:37:22.173282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:37:38.182821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:38:10.182311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:44:14.188201 3.001758 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 23:44:21.195673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:44:29.197296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:44:45.200115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:45:17.206542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:53:42.217821 2.999041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/09 23:53:49.225483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:53:57.223864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:54:13.226956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/09 23:54:45.232836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:00:49.238143 3.002593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 00:00:56.246398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:01:04.247788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:01:20.250968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:01:53.146963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:05:06.446293 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 00:05:06.446547 0.218226 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:06.643026 0.405038 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:07.714118 0.241683 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:07.916751 0.250868 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:08.930328 0.119363 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:09.022520 0.074874 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:09.417576 0.092952 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:09.590692 0.171145 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:09.830576 0.052932 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:10.004003 0.330515 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:10.445189 0.067544 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:10.592989 0.172776 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:10.737156 0.174140 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:11.041023 0.352092 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:11.375807 0.326675 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:11.895352 0.385665 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:12.487438 0.340004 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:12.876770 0.349628 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:13.732112 0.248803 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:13.947190 0.389521 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:14.319292 0.168461 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:14.563685 0.683579 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:15.027414 0.172605 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:15.312972 0.088295 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:15.378394 0.075772 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:15.638005 0.410311 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:16.024366 0.166112 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:05:16.761542 0.532497 tcp 10.0.2.109 57175 -> 176.73.169.112 1959 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/02/10 00:07:58.395761 3.001846 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 00:08:05.403309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:08:13.404744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:08:29.407641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:09:01.414836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:15:05.421016 3.000509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 00:15:12.427255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:15:20.428834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:15:36.432599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:16:08.437914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:22:12.444194 3.001453 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 00:22:19.451446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:22:27.452935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:22:43.455966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:23:15.461966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:29:19.467817 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 00:29:26.476690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:29:34.476523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:29:50.480232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:30:22.486422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:35:17.300095 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 00:35:17.300230 0.539200 tcp 10.0.2.109 57176 -> 176.73.169.112 1959 FSPA* 0 0 15 1672 flow=From-Botnet-V1-TCP-Established 1970/02/10 00:35:31.500307 0.216102 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:31.695211 0.407616 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:32.155753 0.240534 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:32.355653 0.154681 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:32.568895 0.128797 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2610 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:32.734162 0.074980 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:32.789122 0.093410 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:32.906821 0.167989 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:33.051394 0.071016 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:33.107350 0.172973 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:33.253481 0.051723 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:33.318577 0.321394 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:33.679523 0.170777 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:33.846375 0.349095 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:34.173892 0.325589 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:34.586722 0.406156 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:34.991570 0.345741 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:35.387442 0.350491 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:35.734185 0.169191 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:35.880155 0.532347 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:36.377835 0.388107 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:36.744496 0.681830 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:37.206921 0.180228 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:37.357530 0.083059 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:37.416665 0.075532 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:37.507822 0.406658 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:35:37.891378 0.164342 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/10 00:36:26.491438 3.001793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 00:36:33.499154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:36:41.501058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:36:57.503905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:37:29.509543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:43:33.516241 3.001246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 00:43:40.523302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:43:48.524568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:44:04.527617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:44:36.533480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:50:40.539870 3.001365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 00:50:47.547283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:50:55.548537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:51:11.551756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:51:43.557660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:57:47.844410 3.025509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 00:57:54.838749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:58:02.758852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:58:18.715451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 00:58:50.724901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:05:02.728697 3.002540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 01:05:09.736575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:05:17.738598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:05:17.969188 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 01:05:17.969294 0.489735 tcp 10.0.2.109 57177 -> 176.73.169.112 1959 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/02/10 01:05:33.741444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:06:05.747374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:06:07.490154 0.218764 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:07.687060 0.250978 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:07.968045 0.120413 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:08.047683 0.077737 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:08.220309 0.393224 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:08.654710 0.241120 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:08.924559 0.117687 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:09.202646 0.173459 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:09.353207 0.067111 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:09.511571 0.179333 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:09.658037 0.052607 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:10.126470 0.323850 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:10.450008 0.170701 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:10.616444 0.379075 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:10.975121 0.328687 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:11.395071 0.353917 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:11.744989 0.355350 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:12.129057 0.408879 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:12.246665 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 01:06:12.598765 0.398247 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:12.975495 0.167472 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:13.119330 0.250421 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:13.343179 0.731101 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:13.834837 0.175193 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:14.100666 0.080939 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 1994 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:14.157424 0.075948 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:14.443277 0.405137 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:06:14.828353 0.168072 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:12:09.752840 3.017571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 01:12:16.770731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:12:24.771804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:12:40.775226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:13:12.781209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:19:16.787618 3.001529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 01:19:23.794467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:19:31.797385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:19:47.799246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:20:19.814992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:26:23.971204 3.002021 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 01:26:30.978928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:26:38.980573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:26:54.983559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:27:26.989322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:33:31.211915 2.995465 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 01:33:38.213485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:33:46.214865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:34:02.217906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:34:34.223888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:35:18.457921 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 01:35:18.458141 0.667502 tcp 10.0.2.109 57178 -> 176.73.169.112 1959 FSPA* 0 0 14 1660 flow=From-Botnet-V1-TCP-Established 1970/02/10 01:36:33.475652 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 01:36:33.475869 0.218278 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:33.671920 0.146706 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:33.811927 0.123786 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:33.894312 0.075387 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:33.951127 0.374380 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:34.358652 0.240845 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:34.557951 0.066547 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:34.607245 0.177445 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:34.754494 0.093294 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:34.852944 0.172497 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2557 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:35.001922 0.052486 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:35.058696 0.344917 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:35.403139 0.175108 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:35.575419 0.345408 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:35.901155 0.326195 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:36.266625 0.354887 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:36.617818 0.397697 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:36.995379 0.416009 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:37.418590 0.345866 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:37.766586 0.168321 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:37.910054 0.244878 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:38.116968 0.704038 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:38.580721 0.069466 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:38.693281 0.411809 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:39.179355 0.168058 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:39.344459 0.150598 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:36:39.484203 0.088282 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/10 01:40:38.230141 3.054699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 01:40:45.261330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:40:53.248750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:41:09.251744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:41:41.257786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:47:45.263832 3.001568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 01:47:52.271138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:48:00.272569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:48:16.275812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:48:48.281642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:55:33.297143 3.000891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 01:55:40.303976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:55:48.305426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:56:04.310580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 01:56:36.314767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:02:50.324834 3.001629 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 02:02:57.332443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:03:05.333799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:03:21.336717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:03:53.342829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:05:19.127049 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 02:05:19.127337 0.560409 tcp 10.0.2.109 57179 -> 176.73.169.112 1959 FSPA* 0 0 14 1512 flow=From-Botnet-V1-TCP-Established 1970/02/10 02:06:42.806187 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 02:06:42.806318 0.120770 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:42.888504 0.075736 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:43.094976 0.217679 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:43.290816 0.267768 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:43.513997 0.394467 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:43.998019 0.238942 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:44.195574 0.066696 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:44.356194 0.173696 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:44.539321 0.093520 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:44.730767 0.170474 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:44.876681 0.052734 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:45.044850 0.344358 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:45.530767 0.172206 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:45.699874 0.368464 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:46.045984 0.400226 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:46.423623 0.326186 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:46.878739 0.354031 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:47.229070 0.166084 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:47.372824 0.427482 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:47.846740 0.356428 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:48.273727 0.244751 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:48.485037 0.448057 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:48.903410 0.071500 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:49.145847 0.170352 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:49.295468 0.096912 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:49.439299 0.404887 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:06:49.824668 0.165520 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:09:57.348943 3.003812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 02:10:04.356471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:10:12.357718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:10:28.360960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:11:00.370438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:17:04.373190 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 02:17:11.380442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:17:19.381686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:17:35.384977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:18:07.391160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:24:11.397560 3.000984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 02:24:18.404541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:24:26.405776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:24:42.408821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:25:14.414753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:31:18.431859 3.011555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 02:31:25.448230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:31:33.449629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:31:49.452992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:32:21.458811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:35:19.695762 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 02:35:19.695870 0.527320 tcp 10.0.2.109 57180 -> 176.73.169.112 1959 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/02/10 02:37:04.135390 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 02:37:04.135553 0.123512 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:04.221934 0.144162 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:04.415857 0.406164 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:04.867083 0.077022 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:05.013034 0.219543 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:05.211403 0.237519 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:05.409340 0.064097 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:05.535935 0.177834 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:05.685132 0.093497 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:05.821097 0.169539 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:05.965602 0.174540 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:06.272198 0.058874 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:06.365947 0.343840 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:06.709229 0.350541 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:07.037782 0.389985 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:07.405559 0.327940 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:07.782795 0.428530 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:08.256073 0.348565 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:08.600876 0.173008 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:08.748662 0.336970 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:09.162664 0.248187 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:09.375485 0.737050 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:09.852884 0.085582 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:09.981262 0.408694 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:10.366210 0.168228 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:10.565299 0.151142 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:37:10.708825 0.087751 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/10 02:38:25.467193 2.999235 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 02:38:32.472511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:38:40.473752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:38:56.476871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:39:28.483044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:45:32.488353 3.002326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 02:45:39.496010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:45:47.497423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:46:03.500892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:46:35.506947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:54:27.521044 2.998757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 02:54:34.525322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:54:42.529983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:54:58.529777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 02:55:30.540130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:01:56.553040 3.001716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 03:02:03.562889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:02:11.562309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:02:27.565323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:02:59.571373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:05:20.224380 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 03:05:20.224526 0.676262 tcp 10.0.2.109 57181 -> 176.73.169.112 1959 FSPA* 0 0 14 1545 flow=From-Botnet-V1-TCP-Established 1970/02/10 03:07:33.666361 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 03:07:33.666504 0.408638 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:34.081341 0.079183 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:34.138727 0.121357 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:34.462773 0.271102 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:34.640354 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 03:07:50.928411 0.235743 tcp 10.0.2.109 57182 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 03:07:51.164493 0.064300 tcp 10.0.2.109 57183 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 03:07:51.229147 0.942527 tcp 10.0.2.109 57184 -> 195.113.214.249 443 SRPA* 0 0 86 88849 flow=From-Botnet-V1-TCP-Established 1970/02/10 03:07:52.172252 0.238489 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:52.372735 0.065402 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:52.679653 0.175793 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:52.827247 0.093169 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:52.947071 0.168534 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:53.091622 0.322839 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:53.413773 0.173048 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:54.081129 0.052827 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:54.379390 0.360889 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:54.719801 0.388424 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:55.086708 0.329388 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:55.445191 0.165547 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:55.588859 0.419511 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:56.282385 0.351481 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:56.630183 0.334998 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:56.965110 0.242376 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:57.236146 0.696523 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:57.692708 0.069338 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:57.875622 0.166651 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:58.097824 0.094395 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:58.165281 0.405535 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:07:58.554879 0.264154 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:09:10.577440 3.001845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 03:09:17.585345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:09:25.585966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:09:41.590077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:10:13.595479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:16:17.601522 3.004969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 03:16:24.609305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:16:32.630640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:16:48.633480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:17:20.639575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:23:24.646270 3.001105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 03:23:31.653155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:23:39.654613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:23:55.663544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:24:27.665308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:30:31.669878 3.004901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 03:30:38.677147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:30:46.678634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:31:02.681402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:31:34.694120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:35:20.903162 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 03:35:20.903341 0.594624 tcp 10.0.2.109 57185 -> 176.73.169.112 1959 FSPA* 0 0 12 1459 flow=From-Botnet-V1-TCP-Established 1970/02/10 03:37:38.693524 3.001641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 03:37:45.700962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:37:53.706721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:38:09.705580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:38:12.530051 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 03:38:12.530178 0.220176 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:12.727513 0.237950 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2573 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:12.943650 0.076101 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:13.048324 0.408495 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:13.474341 0.119309 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:13.554956 0.242448 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:13.756876 0.067467 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:13.870185 0.178518 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:14.056244 0.105487 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:14.190980 0.169836 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:14.337237 0.339726 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:14.676209 0.171629 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:14.844506 0.053006 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:14.998447 0.357781 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:15.407708 0.168969 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:15.553330 0.388075 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:15.962052 0.383999 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 1958 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:16.328461 0.329832 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:16.677944 0.349779 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:17.024000 0.343036 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:17.374693 0.241397 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:17.582567 0.711416 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:18.074904 0.076130 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:18.257852 0.409879 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:18.649234 0.165610 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:18.812142 0.188169 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:18.962115 0.097193 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2578 flow=From-Botnet-V1-UDP-Established 1970/02/10 03:38:41.711589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:44:45.717321 3.001905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 03:44:52.724348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:45:00.726288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:45:16.729390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:45:48.735606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:54:03.749795 3.001689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 03:54:10.756742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:54:18.759075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:54:34.761662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 03:55:07.019766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:01:10.783115 3.001971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 04:01:17.932968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:01:25.866677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:01:41.805777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:02:13.811991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:05:21.502090 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 04:05:21.502226 0.747204 tcp 10.0.2.109 57186 -> 176.73.169.112 1959 FSPA* 0 0 15 1596 flow=From-Botnet-V1-TCP-Established 1970/02/10 04:08:17.820022 2.999309 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 04:08:19.959595 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 04:08:19.959765 0.219899 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:20.156572 0.146845 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2547 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:20.330714 0.077957 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:20.388240 0.409284 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:20.901982 0.119258 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:20.982619 0.238401 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:21.182976 0.066677 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:21.265860 0.170135 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:21.411187 0.329226 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:21.740044 0.173869 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:21.926358 0.051910 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:22.122780 0.177711 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:22.269624 0.105580 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:22.375075 0.385391 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:22.752774 0.168031 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:22.897681 0.336299 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:23.380311 0.387706 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:23.749574 0.359637 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:24.218225 0.440188 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:24.620319 0.353488 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:24.824693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:08:24.969781 0.343758 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:25.465102 0.477034 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2012 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:25.903419 0.075487 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:26.015755 0.408203 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:26.405682 0.162937 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:26.565851 0.203901 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:26.719053 0.087891 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:08:32.826910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:08:48.829445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:09:20.835783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:15:24.841901 3.001418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 04:15:31.848923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:15:39.850746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:15:55.853727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:16:27.859798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:22:31.865060 3.002433 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 04:22:38.879559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:22:46.877212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:23:02.877789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:23:34.883667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:29:38.889733 3.001666 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 04:29:45.897104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:29:53.898730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:30:09.901499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:30:41.907721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:35:22.251219 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 04:35:22.251413 0.740467 tcp 10.0.2.109 57187 -> 176.73.169.112 1959 FSPA* 0 0 15 1566 flow=From-Botnet-V1-TCP-Established 1970/02/10 04:36:45.918353 2.996706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 04:36:52.921235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:37:00.922717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:37:16.925548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:37:48.931711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:38:45.813535 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 04:38:45.813630 0.073103 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:45.866461 0.405019 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:46.279542 0.219163 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:46.477640 0.271333 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:46.687166 0.121991 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:46.771268 0.236476 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:46.968778 0.067015 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:47.020558 0.168877 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:47.165638 0.330117 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:47.495278 0.237710 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:47.729919 0.052746 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:47.791498 0.176890 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:47.940311 0.117704 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:48.059457 0.377297 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:48.450540 0.167701 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:48.595965 0.335845 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:48.932981 0.386384 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:49.299436 0.374065 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:49.675164 0.551087 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:50.189014 0.369572 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2542 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:50.577503 0.335467 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:50.914723 1.519937 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:51.475312 0.168066 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:51.640569 0.175414 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:51.782901 0.091664 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:51.851011 0.075575 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:38:51.944784 0.409747 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/10 04:43:52.937605 3.011749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 04:43:59.955234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:44:07.956613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:44:23.959411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:44:55.965618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:50:59.971394 3.001988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 04:51:06.979186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:51:14.980750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:51:30.983737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:52:02.989564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:58:06.996032 3.002572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 04:58:14.003207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:58:22.004464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:58:38.007656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 04:59:10.014681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:05:14.020328 3.002448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 05:05:21.027072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:05:22.990075 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 05:05:22.990308 0.598430 tcp 10.0.2.109 57188 -> 176.73.169.112 1959 FSPA* 0 0 15 1715 flow=From-Botnet-V1-TCP-Established 1970/02/10 05:05:29.034433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:05:45.031639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:06:17.037561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:09:11.629017 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 05:09:11.629121 0.076124 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:11.915993 0.246735 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:12.087501 0.122352 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:12.212547 0.404400 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:12.847105 0.225326 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:13.050656 0.241143 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:13.251977 0.079347 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:13.425182 0.170131 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:13.570334 0.337974 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:14.077366 0.175432 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:14.249573 0.051753 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:14.529986 0.179723 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:14.679428 0.105587 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:15.198749 0.357648 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:15.533981 0.169852 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:15.717640 0.407654 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:16.326864 0.400224 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:16.706947 0.367872 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:17.235583 0.336811 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:17.756183 0.241689 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:17.959219 0.369589 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:18.324900 0.707103 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:18.790365 0.167784 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:18.955198 0.194125 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:19.216396 0.089062 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:19.282264 0.071844 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:09:19.459193 0.409570 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:12:21.043203 3.002086 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 05:12:28.050941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:12:36.052558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:12:52.055355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:13:24.061764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:19:28.067301 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 05:19:35.074768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:19:43.078184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:19:59.079422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:20:31.085241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:26:35.091294 3.002113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 05:26:42.098741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:26:50.100367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:27:06.103421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:27:38.109501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:33:42.115721 3.001349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 05:33:49.122906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:33:57.124679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:34:13.127609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:34:45.133649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:35:23.589028 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 05:35:23.589216 0.518032 tcp 10.0.2.109 57189 -> 176.73.169.112 1959 FSPA* 0 0 14 1502 flow=From-Botnet-V1-TCP-Established 1970/02/10 05:39:46.907544 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 05:39:46.907711 0.077600 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:47.013226 0.406902 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:47.498413 0.168174 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:47.646541 0.121285 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:47.802444 0.217649 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:47.999535 0.238507 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:48.197135 0.069198 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:48.349639 0.171169 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:48.497325 0.329641 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:48.826100 0.174250 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:49.068845 0.172045 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:49.236889 0.054135 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:49.349366 0.093187 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:49.456445 0.354719 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:49.789001 0.167621 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:49.933480 0.431203 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:50.406012 0.384494 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:50.772085 0.378472 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:51.286783 0.342028 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:51.632197 0.465280 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:52.061400 0.422202 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:52.479556 0.891775 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:53.132844 0.093142 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:53.373301 0.075760 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:53.510182 0.404493 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:53.895698 0.167431 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:39:54.060138 0.208723 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/10 05:40:49.139896 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 05:40:56.147017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:41:04.148750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:41:20.151581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:41:52.157501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:47:56.163314 3.001930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 05:48:03.170831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:48:11.172578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:48:27.175272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:48:59.181415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:55:36.196127 3.032842 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 05:55:43.212795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:55:51.213868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:56:07.216637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 05:56:39.222850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:02:43.229248 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 06:02:50.236058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:02:58.237723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:03:14.240505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:03:46.246397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:05:24.107856 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 06:05:24.107973 0.596118 tcp 10.0.2.109 57190 -> 176.73.169.112 1959 FSPA* 0 0 15 1780 flow=From-Botnet-V1-TCP-Established 1970/02/10 06:09:50.252574 3.012175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 06:09:57.270364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:10:05.271528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:10:20.255364 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 06:10:20.255522 0.156277 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:20.404461 0.122037 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:20.487103 0.076097 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:20.545369 0.407006 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:20.951114 0.217976 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:21.147261 0.237891 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:21.274555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:10:21.345045 0.071282 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:21.473430 0.170957 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:21.619059 0.337381 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:21.964971 0.175691 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:22.151608 0.174227 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:22.323064 0.052001 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:22.384994 0.093326 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:22.482738 0.347696 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:22.808319 0.167026 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:22.952494 0.414936 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:23.402672 0.394327 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:23.777616 0.375409 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:24.157348 0.343694 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:24.536493 0.239925 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:24.741678 0.410851 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:25.195383 0.688081 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 1996 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:25.645859 0.091260 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:25.715206 0.076038 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:25.882717 0.411888 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:26.274508 0.165862 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:26.436746 0.181032 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:10:53.281021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:16:57.287498 3.001284 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 06:17:04.294433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:17:12.295406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:17:28.298637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:18:00.304934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:24:04.311033 3.001939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 06:24:11.319847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:24:19.319520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:24:35.322740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:25:07.333247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:31:11.335016 3.001127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 06:31:18.351230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:31:26.343736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:31:42.350732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:32:14.352861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:35:24.706496 0.000196 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 06:35:24.706848 0.569324 tcp 10.0.2.109 57191 -> 176.73.169.112 1959 FSPA* 0 0 15 1715 flow=From-Botnet-V1-TCP-Established 1970/02/10 06:38:18.358804 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 06:38:25.366000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:38:33.367590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:38:49.371094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:39:21.376789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:40:37.576260 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 06:40:37.576426 0.079737 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:37.634919 0.255097 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:37.939911 0.124650 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:38.024270 0.244758 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:38.225603 0.072154 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:38.313360 0.167558 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:38.460101 0.409835 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:38.868109 0.219473 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:39.065433 0.344048 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:39.418695 0.176340 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:39.567762 0.180024 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:39.744999 0.052969 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:39.835488 0.105439 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:39.974683 0.352067 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:40.305314 0.382701 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:40.671854 0.168589 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:40.818234 0.412905 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:41.339801 0.249170 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:41.551780 0.374339 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:41.957847 0.338735 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:42.306727 0.423775 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:42.726711 0.702456 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:43.208765 0.096134 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:43.314330 0.075619 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:43.437746 0.187476 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:43.582396 0.405363 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:40:43.967260 0.169557 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/10 06:45:25.383032 3.045242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 06:45:32.408194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:45:40.401540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:45:56.404475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:46:28.410577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:54:21.423873 3.015649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 06:54:28.440759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:54:36.442436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:54:52.445295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 06:55:24.451320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:01:28.457660 3.001374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 07:01:35.464789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:01:43.471572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:01:59.468997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:02:31.475161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:05:25.280076 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 07:05:25.280182 0.704562 tcp 10.0.2.109 57192 -> 176.73.169.112 1959 FSPA* 0 0 14 1700 flow=From-Botnet-V1-TCP-Established 1970/02/10 07:08:35.480921 3.002010 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 07:08:42.488554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:08:50.490367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:09:06.493057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:09:38.499330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:11:13.035456 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 07:11:13.035649 0.073705 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:13.092209 0.182468 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:13.244869 0.118380 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:13.324862 0.243240 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:13.527185 0.071079 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:13.582178 0.171326 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:13.728948 0.416125 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2581 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:14.146752 0.178072 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:14.333258 0.180402 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:14.510957 0.053848 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:14.573503 0.118020 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:14.694787 0.217982 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:14.890402 0.344052 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:15.233616 0.387190 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:15.601400 0.388833 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:15.968837 0.168018 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:16.113993 0.327344 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:16.457839 0.436808 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:16.895832 0.248205 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:17.108834 0.351056 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:17.478562 0.403513 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:17.878649 0.702324 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:18.338287 0.087149 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:18.426718 0.075581 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:18.518054 0.186136 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:18.663351 0.418185 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:11:19.061200 0.168337 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:15:42.505655 3.001420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 07:15:49.512690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:15:57.514086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:16:13.517201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:16:45.523061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:22:49.529675 3.002055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 07:22:56.536510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:23:04.537995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:23:20.553639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:23:52.546955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:29:56.553204 3.001564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 07:30:03.560396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:30:11.561938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:30:27.564721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:30:59.571142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:35:25.984874 0.012245 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 07:35:25.997235 0.495358 tcp 10.0.2.109 57193 -> 176.73.169.112 1959 FSPA* 0 0 14 1699 flow=From-Botnet-V1-TCP-Established 1970/02/10 07:37:03.586627 3.002056 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 07:37:10.594466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:37:18.595935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:37:34.598932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:38:06.606850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:41:43.146603 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 07:41:43.146775 0.122531 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:43.227804 0.239198 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:43.428028 0.067640 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:43.477782 0.168496 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:43.622037 0.089376 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:43.737934 0.213185 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:43.905422 0.350121 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:44.268040 0.175190 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:44.414268 0.182249 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:44.592850 0.052099 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:44.668071 0.105731 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2625 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:44.775216 0.220393 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:44.971824 0.335157 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:45.324827 0.349084 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:45.690389 0.324627 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:46.098977 0.434560 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:46.651713 0.384691 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:47.019146 0.167835 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:47.165093 0.457571 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:47.586544 0.336735 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:47.930863 0.379963 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:48.307315 0.086027 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:48.398667 0.196170 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:48.554170 0.691108 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:49.006479 0.083360 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:49.064861 0.404937 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:41:49.452446 0.166798 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/10 07:44:10.611782 3.001269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 07:44:17.618584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:44:25.619793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:44:41.623047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:45:13.629095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:53:37.637346 3.125787 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 07:53:44.736143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:53:52.670260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:54:08.668771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 07:54:40.674515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:00:44.683285 2.998572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 08:00:51.687883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:00:59.689111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:01:15.692452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:01:47.698192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:05:26.493093 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 08:05:26.493183 0.603299 tcp 10.0.2.109 57194 -> 176.73.169.112 1959 FSPA* 0 0 14 1744 flow=From-Botnet-V1-TCP-Established 1970/02/10 08:07:51.704785 3.001162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 08:07:58.711918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:08:06.713312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:08:22.718821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:08:54.722476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:11:57.305161 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 08:11:57.305319 0.116399 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:57.385431 0.242377 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:57.585470 0.074179 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:57.641712 0.169735 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:57.789473 0.076127 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:57.842837 0.165923 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:57.998868 0.177917 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:58.173824 0.050857 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 1995 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:58.413827 0.093114 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:58.582756 0.311526 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:58.947509 0.179916 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:59.106782 0.218580 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:59.303119 0.337749 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:11:59.758893 0.348178 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:00.085457 0.328008 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:00.426744 0.349507 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2594 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:00.854713 0.245565 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:01.067040 0.351105 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:01.426709 0.386952 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:01.792492 0.169067 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:01.938771 0.365220 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:02.300122 0.072445 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:02.384672 0.197936 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:02.536762 0.406941 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:02.924222 0.165340 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:03.086530 0.714749 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:12:03.543229 0.089679 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:14:58.728190 3.001601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 08:15:05.735399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:15:13.737287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:15:29.740353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:16:01.746356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:22:05.751639 3.002146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 08:22:12.759513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:22:20.761143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:22:36.764072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:23:08.771603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:29:12.780505 2.997529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 08:29:19.783181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:29:27.784762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:29:43.787979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:30:15.793669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:35:27.102408 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 08:35:27.102603 0.566018 tcp 10.0.2.109 57195 -> 176.73.169.112 1959 FSPA* 0 0 16 1675 flow=From-Botnet-V1-TCP-Established 1970/02/10 08:36:19.800099 3.001717 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 08:36:26.807466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:36:34.809004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:36:50.811795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:37:22.818579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:42:26.598968 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 08:42:26.599161 0.071056 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:26.651003 0.170239 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:26.797447 0.070814 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:26.869329 0.117732 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:26.950479 0.235488 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:27.360144 0.194163 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:27.524184 0.235503 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:27.756966 0.052053 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:27.832479 0.093334 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:27.959677 0.325679 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:28.315016 0.330033 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:28.644628 0.177063 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:28.793652 0.219314 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:29.264879 0.346208 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:29.679946 0.326033 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:30.130545 0.356998 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:30.586390 0.395976 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:30.963088 0.168239 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:31.107303 0.255551 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:31.325696 0.344393 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:31.811619 0.363893 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:32.171683 0.072257 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:32.245773 0.218512 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:32.407615 0.406599 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:32.815667 0.083148 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:33.009950 0.170076 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:42:33.177600 0.728632 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/10 08:43:26.830498 2.995096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 08:43:33.832750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:43:41.833207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:43:57.835551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:44:29.841882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:50:33.847906 3.003546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 08:50:40.857639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:50:48.857018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:51:04.863351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:51:36.866083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:57:40.889510 2.988763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 08:57:47.901710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:57:55.890872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:58:11.893937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 08:58:43.899934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:04:47.905465 3.002161 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 09:04:54.917048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:05:02.918289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:05:18.918699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:05:27.580956 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 09:05:27.581056 3.451534 tcp 10.0.2.109 57196 -> 176.73.169.112 1959 FSPA* 0 0 14 1669 flow=From-Botnet-V1-TCP-Established 1970/02/10 09:05:50.923908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:11:54.929602 3.001933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 09:12:01.937225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:12:09.938793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:12:25.941934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:12:50.247466 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 09:12:50.247643 0.079761 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:50.305679 0.111997 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:50.381649 0.066699 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:50.433690 0.169531 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:50.581053 0.242174 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:50.782637 0.153665 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:50.924447 0.174303 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:51.094979 0.052386 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:51.161630 0.092994 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:51.255877 0.181728 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:51.467487 0.318319 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:51.787243 0.330061 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:52.116337 0.215202 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:52.311303 0.362253 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:52.691635 0.340085 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:53.040919 0.346986 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:53.387815 0.354940 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:53.708179 0.341084 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:54.058111 0.387732 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:54.426697 0.166897 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:54.570721 0.363254 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:54.930307 0.075760 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:55.025383 0.192980 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:55.169752 0.408011 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:55.557167 0.674397 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:56.015420 0.088343 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:56.083676 0.171088 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:12:57.947742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:19:01.953789 3.001737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 09:19:08.961542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:19:16.962858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:19:32.965740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:20:04.972102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:26:08.977840 3.001611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 09:26:15.985196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:26:23.986968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:26:39.989720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:27:11.995694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:33:16.002944 3.046653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 09:33:23.033043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:33:31.021079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:33:47.023821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:34:19.029634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:35:31.033713 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 09:35:31.033816 0.541244 tcp 10.0.2.109 57197 -> 176.73.169.112 1959 FSPA* 0 0 14 1512 flow=From-Botnet-V1-TCP-Established 1970/02/10 09:40:23.036389 3.001080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 09:40:30.043419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:40:38.044919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:40:54.049494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:41:26.054007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:43:00.560059 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 09:43:00.560202 0.077628 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:00.639016 0.114811 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:00.715561 0.064917 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:00.784193 0.169448 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:00.965153 2.999489 tcp 10.0.2.109 57198 -> 174.91.201.209 9790 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 09:43:00.971374 0.241655 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:01.171615 0.144198 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:01.311503 0.093242 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:01.407149 0.177057 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:01.554858 0.320355 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:01.874344 0.180141 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:02.051788 0.051427 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:02.115075 0.323068 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:02.442918 0.215803 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:02.636517 0.352268 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:02.970731 0.251988 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:03.184325 0.338926 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:03.537869 0.396387 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:03.938606 0.347628 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:04.326846 0.388078 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:04.696012 0.170745 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:04.843494 0.356706 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:05.372443 0.407846 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:05.760783 0.075614 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:05.888166 0.195917 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:06.033304 0.170461 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:06.201040 0.689140 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:06.668539 0.090419 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/10 09:43:09.963284 0.000000 tcp 10.0.2.109 57198 -> 174.91.201.209 9790 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 09:47:30.061270 3.003300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 09:47:37.067431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:47:45.071337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:48:01.073177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:48:33.079607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:55:26.083970 3.001746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 09:55:33.092002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:55:41.093219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:55:57.096613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 09:56:29.102222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:02:33.108250 3.001710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 10:02:40.115447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:02:48.117169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:03:04.120163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:03:36.125762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:05:31.582531 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 10:05:31.582716 0.892191 tcp 10.0.2.109 57199 -> 176.73.169.112 1959 FSPA* 0 0 14 1621 flow=From-Botnet-V1-TCP-Established 1970/02/10 10:09:40.131782 3.001956 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 10:09:47.139507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:09:55.142029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:10:11.149442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:10:43.149948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:13:27.228676 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 10:13:27.228866 0.067003 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:27.279881 0.077019 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:27.280308 3.000419 tcp 10.0.2.109 57200 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 10:13:27.493687 0.113676 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:27.568794 0.171539 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:27.854460 0.242263 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:28.209131 0.147378 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:28.352040 0.093187 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:28.459806 0.273666 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:28.755761 0.316723 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:29.071299 0.349531 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:29.420194 0.220062 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:29.617632 0.178376 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:29.793607 0.051776 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:29.909962 0.349327 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:30.237803 0.695308 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:30.898680 0.334021 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:31.327289 0.328123 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:31.819179 0.168810 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:31.965600 0.347191 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:32.566966 0.388759 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:32.935550 0.348339 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 1975 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:33.278776 0.411159 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:33.669916 0.075492 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:33.816018 0.825091 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:34.420459 0.086488 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:34.548871 0.220430 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:34.728382 0.166767 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:13:36.278866 0.000000 tcp 10.0.2.109 57200 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 10:16:47.157306 3.000422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 10:16:54.163453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:17:02.165531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:17:18.168614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:17:50.174418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:23:54.180183 3.001681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 10:24:01.189176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:24:09.194123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:24:25.195304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:24:57.198278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:31:01.204078 3.001863 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 10:31:08.211733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:31:16.213757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:31:32.216120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:32:04.221789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:35:32.481692 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 10:35:32.481886 0.768877 tcp 10.0.2.109 57201 -> 176.73.169.112 1959 FSPA* 0 0 14 1729 flow=From-Botnet-V1-TCP-Established 1970/02/10 10:38:08.228394 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 10:38:15.235525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:38:23.236948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:38:39.240013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:39:11.246422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:43:55.029596 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 10:43:55.029699 0.111840 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:55.106391 0.171407 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:55.106904 2.997372 tcp 10.0.2.109 57202 -> 81.149.70.189 4846 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 10:43:55.283966 0.069383 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:55.334902 0.077270 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:55.453943 0.240385 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:55.651311 0.152212 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:55.798981 0.105613 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:56.013776 0.181049 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:56.165469 0.219723 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:56.363126 0.175386 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:56.535541 0.052519 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:56.640772 0.319363 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:56.979473 0.343508 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:57.322550 0.342774 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:57.646462 0.247236 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:57.861139 0.170791 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:58.009382 0.329796 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:58.403041 0.342651 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:58.755317 0.346017 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:59.110029 0.395770 rtp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:59.484664 0.353843 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:43:59.834808 0.406247 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:44:00.220322 0.071879 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:44:00.342575 0.227922 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:44:00.506172 0.555196 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 5 1986 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:44:01.050812 0.706564 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:44:01.521485 0.086974 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/10 10:44:04.106932 0.000000 tcp 10.0.2.109 57202 -> 81.149.70.189 4846 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 10:45:15.251940 3.001711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 10:45:22.259334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:45:30.261355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:45:46.264001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:46:18.269976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:54:14.278018 3.000711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 10:54:21.284446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:54:29.286969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:54:45.289006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 10:55:17.298245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:01:21.300976 3.001434 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 11:01:28.308520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:01:36.310028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:01:52.313002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:02:24.318852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:05:33.251203 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 11:05:33.251290 3.459547 tcp 10.0.2.109 57203 -> 176.73.169.112 1959 FSPA* 0 0 14 1504 flow=From-Botnet-V1-TCP-Established 1970/02/10 11:08:28.325074 3.000927 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 11:08:35.337341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:08:43.333713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:08:59.336740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:09:31.343116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:14:06.669279 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 11:14:06.669376 0.068441 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:06.718849 0.082511 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:06.719293 3.003756 tcp 10.0.2.109 57204 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 11:14:06.858410 0.235157 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:07.054621 0.269503 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:07.260214 0.115949 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:07.352173 0.168352 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:07.548971 0.093463 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:07.786811 0.177755 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:07.933647 0.221386 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:08.130743 0.176632 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:08.309241 0.053089 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:08.516384 0.315341 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:08.824893 0.329677 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:09.238629 0.346860 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:09.564947 0.245994 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:09.775650 0.336916 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:10.205898 0.168967 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:10.353448 0.327724 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:10.774333 0.353330 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:11.123856 0.351596 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:11.613735 0.384646 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:11.981449 0.468613 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:12.433422 0.071645 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:12.549326 0.221709 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:12.698039 0.090082 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:12.942606 0.165360 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:13.105154 0.687399 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:14:15.721120 0.000000 tcp 10.0.2.109 57204 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 11:15:35.349269 3.001393 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 11:15:42.356425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:15:50.357935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:16:06.361231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:16:38.366786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:22:42.372524 3.001952 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 11:22:49.380467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:22:57.381659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:23:13.385149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:23:45.398952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:29:49.397210 3.001465 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 11:29:56.404865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:30:04.405502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:30:20.410452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:30:52.414659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:35:36.714418 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 11:35:36.714573 0.732115 tcp 10.0.2.109 57205 -> 176.73.169.112 1959 FSPA* 0 0 14 1540 flow=From-Botnet-V1-TCP-Established 1970/02/10 11:36:56.420835 3.001864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 11:37:03.429491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:37:11.429567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:37:27.432921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:37:59.438799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:44:03.444363 3.002071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 11:44:10.452223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:44:18.463524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:44:24.392698 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 11:44:24.392834 0.066198 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:24.461675 3.005015 tcp 10.0.2.109 57206 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 11:44:24.462272 0.079923 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:24.521303 0.241900 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:24.719472 0.146994 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:24.858471 0.134067 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:24.953172 0.168292 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:25.098600 0.092896 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:25.202695 0.176697 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:25.349873 0.053696 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:25.411932 0.315344 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:25.726316 0.218120 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:25.924404 0.212634 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:26.124271 0.350401 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:26.483248 0.357280 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:26.846463 0.371450 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:27.182800 0.325143 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:27.509043 0.324009 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:27.841807 0.185611 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:28.003548 0.350082 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:28.349436 0.353899 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:28.714297 0.396035 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:29.090049 0.405879 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:29.479707 0.075544 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:29.565466 0.247764 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:29.742813 0.084759 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:29.803576 0.167386 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2019 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:29.968216 0.785211 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/10 11:44:33.465248 0.000000 tcp 10.0.2.109 57206 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 11:44:34.466998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:45:06.472755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:53:31.480973 3.044473 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 11:53:38.503346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:53:46.499900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:54:02.503406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 11:54:34.509249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:00:38.515647 3.001377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 12:00:45.525474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:00:53.528033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:01:09.527189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:01:41.533517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:05:37.453139 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 12:05:37.453245 0.549852 tcp 10.0.2.109 57207 -> 176.73.169.112 1959 FSPA* 0 0 14 1586 flow=From-Botnet-V1-TCP-Established 1970/02/10 12:07:45.539518 3.001327 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 12:07:52.546507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:08:00.548183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:08:16.550987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:08:48.557416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:14:32.402039 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 12:14:32.402250 0.241067 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:32.602707 0.193166 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:33.053627 0.123181 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:33.054670 3.002109 tcp 10.0.2.109 57208 -> 68.195.125.143 1510 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 12:14:33.135165 0.072901 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:33.377962 0.074172 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:33.431120 0.169273 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:33.898273 0.105457 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:34.203762 0.176674 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:34.378428 0.052662 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:34.500982 0.317598 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:34.879723 0.217270 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:35.075967 0.194352 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:35.257701 0.330379 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:35.727513 0.347585 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:36.079885 0.330866 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:36.526282 0.238469 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:36.730940 0.337811 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:37.070364 0.344701 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:37.430608 0.170312 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:37.576521 0.351134 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:37.923777 0.392891 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:38.297367 0.406236 rtp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:38.684118 0.075872 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:38.820379 0.225962 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:38.975894 0.091585 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:39.195826 0.170150 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:39.363404 0.600963 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2596 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:14:42.055908 0.000000 tcp 10.0.2.109 57208 -> 68.195.125.143 1510 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 12:14:52.564746 3.000317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 12:14:59.571130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:15:07.572092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:15:23.575109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:15:55.581146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:21:59.588041 3.001074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 12:22:06.594536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:22:14.597731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:22:30.599059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:23:02.605949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:29:06.612037 3.000862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 12:29:13.618803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:29:21.630454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:29:37.633027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:30:09.639256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:35:38.001977 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 12:35:38.002076 0.486243 tcp 10.0.2.109 57209 -> 176.73.169.112 1959 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/02/10 12:36:13.645392 3.001566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 12:36:20.652669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:36:28.653979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:36:44.657301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:37:16.663635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:43:20.671082 3.181830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 12:43:27.814533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:43:35.742011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:43:51.690805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:44:23.697326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:44:56.628234 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 12:44:56.628380 0.239948 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:56.827707 0.066761 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2026 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:56.962341 0.072268 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:56.963018 2.996293 tcp 10.0.2.109 57210 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 12:44:57.085147 0.172312 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:57.234548 0.147982 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2688 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:57.373759 0.125874 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:57.475775 0.093171 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:57.766232 0.178150 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:58.134920 0.053039 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:58.209522 0.319357 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:58.746819 0.329628 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:59.075927 0.216506 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:59.271692 0.418148 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:44:59.676291 0.343295 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:00.000562 0.335097 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:00.400122 0.253876 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:00.618263 0.168407 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:00.764835 0.354871 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:01.115897 0.329483 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:01.475971 0.343474 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:01.820817 0.394716 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:02.194513 0.406718 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:02.582928 0.075734 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:02.802459 0.204467 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:02.948686 0.695726 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:03.403717 0.089225 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:03.495931 0.662322 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/10 12:45:05.958350 0.000000 tcp 10.0.2.109 57210 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 12:50:27.703283 3.001511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 12:50:34.710535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:50:42.711722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:50:58.715196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:51:30.721189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:57:34.727266 3.001705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 12:57:41.734673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:57:49.736175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:58:05.752665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 12:58:37.745160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:04:41.751718 3.002891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 13:04:48.758722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:04:56.760058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:05:12.762796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:05:38.490610 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 13:05:38.490722 0.755071 tcp 10.0.2.109 57211 -> 176.73.169.112 1959 FSPA* 0 0 15 1713 flow=From-Botnet-V1-TCP-Established 1970/02/10 13:05:44.768989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:11:48.776242 3.000501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 13:11:55.782588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:12:03.789378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:12:19.788582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:12:51.793075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:15:09.992172 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 13:15:09.992256 0.241074 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:10.191271 0.068074 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:10.244337 0.071015 rtp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:10.244798 3.001425 tcp 10.0.2.109 57212 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 13:15:10.326826 0.171064 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:10.471802 0.151325 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:10.618920 0.131843 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:10.711302 0.105344 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:10.846722 0.312643 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:11.157809 0.178099 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:11.309542 0.052322 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:11.391783 0.249698 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:11.638797 0.322859 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:11.962856 0.217675 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:12.160281 0.387495 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:12.529106 0.332723 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:12.863516 0.297745 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:13.128557 0.195308 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:13.301964 0.338175 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:13.641645 0.355826 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:13.991818 0.324238 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:14.325129 0.380667 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:14.689258 0.401312 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:15.073628 0.069372 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:15.144307 0.211359 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:15.297379 0.694177 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:15.752003 0.097567 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:15.824265 0.622642 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:15:19.245004 0.000000 tcp 10.0.2.109 57212 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 13:18:55.799795 3.000905 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 13:19:02.806756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:19:10.807944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:19:26.810962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:19:58.816759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:26:02.824324 3.002966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 13:26:09.830587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:26:17.831899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:26:33.836644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:27:05.841863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:33:09.847252 3.002000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 13:33:16.854408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:33:24.855351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:33:40.859054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:34:12.864441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:35:39.249350 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 13:35:39.249480 0.574278 tcp 10.0.2.109 57213 -> 176.73.169.112 1959 FSPA* 0 0 14 1574 flow=From-Botnet-V1-TCP-Established 1970/02/10 13:40:16.871301 3.001477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 13:40:23.880322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:40:31.879919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:40:47.882975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:41:19.898920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:45:22.958827 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 13:45:22.958964 0.242651 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:23.158409 0.068477 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:23.213541 0.077067 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:23.213981 2.999464 tcp 10.0.2.109 57214 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 13:45:23.315745 0.167805 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:23.459595 0.205952 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:23.627677 0.117858 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:23.707036 0.105638 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:23.814316 0.053347 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:23.870404 0.173170 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:24.039225 0.329289 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:24.367907 0.312539 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:24.679193 0.176028 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:24.825291 0.218685 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:25.022104 0.341183 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:25.343179 0.329191 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:25.673669 0.338186 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:26.020500 0.804157 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:26.790400 0.165844 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:26.934927 0.382938 udp 10.0.2.109 3683 <-> 110.143.97.2 6790 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:27.300145 0.352542 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:27.649003 0.325836 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:28.010961 0.401201 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:28.396204 0.075826 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:28.471955 0.215081 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:28.623890 0.768349 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:29.132718 0.088398 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:29.195277 0.166202 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/10 13:45:32.211683 0.000000 tcp 10.0.2.109 57214 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 13:47:23.905270 3.001496 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 13:47:30.912522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:47:38.913819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:47:54.916862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:48:26.922925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:55:20.930410 3.024470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 13:55:27.948617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:55:35.949565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:55:51.952859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 13:56:23.963517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:02:27.964418 3.004152 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 14:02:34.972085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:02:42.973596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:02:58.976518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:03:30.982704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:05:39.829230 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 14:05:39.829317 0.875190 tcp 10.0.2.109 57215 -> 176.73.169.112 1959 FSPA* 0 0 14 1651 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:09:34.988640 3.001792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 14:09:41.995724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:09:49.997584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:10:06.000708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:10:38.006313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:15:56.224393 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 14:15:56.224528 0.242545 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:56.425990 0.070166 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:56.488306 0.072117 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:56.489108 2.999787 tcp 10.0.2.109 57216 -> 217.41.6.243 9473 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 14:15:56.598722 0.244362 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:56.819395 0.265401 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:57.036854 0.123630 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:57.121905 0.117837 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:57.252657 0.053978 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:57.372747 0.311003 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1997 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:57.699166 0.173384 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:57.844755 0.181210 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:58.023100 0.330270 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:58.358606 0.219923 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:58.557203 0.343029 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:58.881487 0.332312 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:59.376704 0.166751 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:59.521582 0.337109 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:15:59.886547 0.276474 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:16:00.125066 0.326400 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:16:00.504659 0.000000 udp 10.0.2.109 3683 -> 110.143.97.2 6790 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 14:16:05.497662 0.000000 tcp 10.0.2.109 57216 -> 217.41.6.243 9473 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 14:16:16.875748 0.052510 tcp 10.0.2.109 57217 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:16:16.928506 0.063804 tcp 10.0.2.109 57218 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:16:16.992648 0.193670 tcp 10.0.2.109 57219 -> 195.113.214.249 443 SRPA* 0 0 36 26926 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:16:17.186812 0.350734 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:16:17.534074 0.409054 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:16:17.534446 2.994638 tcp 10.0.2.109 57220 -> 113.28.179.100 1942 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 14:16:17.919514 0.075665 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:16:18.009020 0.170010 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:16:18.155617 0.168542 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:16:18.321157 0.718292 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:16:18.779373 0.089237 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:16:26.537661 0.000000 tcp 10.0.2.109 57220 -> 113.28.179.100 1942 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 14:16:42.013657 3.000798 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 14:16:49.020125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:16:57.021658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:17:13.026564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:17:45.030729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:23:49.036219 3.002416 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 14:23:56.044465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:24:04.050665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:24:20.048547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:24:52.054446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:30:56.061081 3.000868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 14:31:03.068543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:31:11.069494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:31:27.073355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:31:59.078914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:35:40.707485 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 14:35:40.707668 0.750761 tcp 10.0.2.109 57221 -> 176.73.169.112 1959 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:38:03.084345 3.002155 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 14:38:10.091893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:38:18.093376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:38:34.096664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:39:06.102758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:45:10.108365 3.008016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 14:45:17.117000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:45:25.122962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:45:41.120484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:46:13.136828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:46:37.371766 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 14:46:37.371975 0.000000 udp 10.0.2.109 3683 -> 110.143.97.2 6790 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 14:46:52.985542 0.128000 tcp 10.0.2.109 57222 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:46:53.113796 0.063415 tcp 10.0.2.109 57223 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:46:53.177523 0.243423 tcp 10.0.2.109 57224 -> 195.113.214.249 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:46:53.421504 0.074978 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:53.475500 0.167811 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:53.475945 2.992716 tcp 10.0.2.109 57225 -> 86.148.218.21 1329 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 14:46:53.743542 0.242150 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:53.944643 0.069773 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:54.017742 0.118196 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:54.095372 0.105527 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2027 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:54.272986 0.153956 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:54.418538 0.308869 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:54.774972 0.173606 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:54.921386 0.052238 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:55.044800 0.219794 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:55.243419 0.358933 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:55.581509 0.245114 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:55.814938 0.336743 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:56.151229 0.332944 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:56.485274 0.166621 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:56.629962 0.343641 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:57.090920 0.253960 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:57.307905 0.328189 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2004 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:57.669113 0.350378 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:46:58.015673 0.000000 udp 10.0.2.109 3683 -> 165.228.70.22 8079 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 14:47:02.477426 0.000000 tcp 10.0.2.109 57225 -> 86.148.218.21 1329 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 14:47:15.947179 0.052707 tcp 10.0.2.109 57226 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:47:16.000252 0.060955 tcp 10.0.2.109 57227 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:47:16.061567 0.151949 tcp 10.0.2.109 57228 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/10 14:47:16.214194 0.165548 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:47:16.376963 0.700498 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:47:16.377379 3.004518 tcp 10.0.2.109 57229 -> 99.163.247.44 1745 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 14:47:16.837265 0.091074 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:47:16.930647 0.072032 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:47:17.135320 0.187912 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/10 14:47:25.380696 0.000000 tcp 10.0.2.109 57229 -> 99.163.247.44 1745 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 14:47:37.895698 0.009677 udp 10.0.2.109 54502 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/02/10 14:47:37.905820 0.009644 udp 10.0.2.109 49806 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/02/10 14:54:15.152763 3.019673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 14:54:22.176377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:54:30.176847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:54:46.174568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 14:55:18.180530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:01:22.187033 3.000562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 15:01:29.197915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:01:37.195071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:01:53.198058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:02:25.204669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:05:41.467235 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 15:05:41.467378 2.993338 tcp 10.0.2.109 57230 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:05:50.459215 0.000000 tcp 10.0.2.109 57230 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:05:56.469614 4.270037 tcp 10.0.2.109 57231 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:06:00.739916 0.059924 tcp 10.0.2.109 57232 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:06:00.800213 0.323669 tcp 10.0.2.109 57233 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:06:01.903607 2.960913 tcp 10.0.2.109 57234 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:06:10.783599 0.000000 tcp 10.0.2.109 57234 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:06:16.696826 0.051671 tcp 10.0.2.109 57235 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:06:16.748807 0.061011 tcp 10.0.2.109 57236 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:06:16.810080 0.159534 tcp 10.0.2.109 57237 -> 195.113.214.249 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:06:17.088453 2.962703 tcp 10.0.2.109 57238 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:06:27.252600 0.000000 tcp 10.0.2.109 57238 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:06:33.158705 2.955811 tcp 10.0.2.109 57239 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:06:42.040893 0.000000 tcp 10.0.2.109 57239 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:08:32.613156 2.969060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 15:08:39.524493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:08:51.170749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:09:06.958544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:09:38.522181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:11:47.618650 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 15:11:47.618757 2.952946 tcp 10.0.2.109 57240 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:11:56.482375 0.000000 tcp 10.0.2.109 57240 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:12:02.402677 0.053147 tcp 10.0.2.109 57241 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:12:02.456114 0.064298 tcp 10.0.2.109 57242 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:12:02.520753 0.152422 tcp 10.0.2.109 57243 -> 195.113.214.249 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:12:02.806737 2.957977 tcp 10.0.2.109 57244 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:12:11.684516 0.000000 tcp 10.0.2.109 57244 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:12:17.604691 0.052107 tcp 10.0.2.109 57245 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:12:17.657121 0.060633 tcp 10.0.2.109 57246 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:12:17.718000 0.152577 tcp 10.0.2.109 57247 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:12:17.916178 2.953973 tcp 10.0.2.109 57248 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:12:26.789266 0.000000 tcp 10.0.2.109 57248 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:12:32.706548 2.957228 tcp 10.0.2.109 57249 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:12:41.583164 0.000000 tcp 10.0.2.109 57249 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:15:37.556633 2.957840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 15:15:44.468379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:15:52.365017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:16:08.147034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:16:39.714254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:17:32.679066 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 15:17:32.679167 0.702389 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:33.365098 0.242491 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:33.365485 2.998320 tcp 10.0.2.109 57250 -> 165.228.70.22 6844 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:17:34.073273 0.075246 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:34.128542 0.166630 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:34.296573 0.093263 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:34.514823 0.220656 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:34.703204 0.309280 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:35.011012 0.176994 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:35.159041 0.069063 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:35.660698 0.113906 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:35.737075 0.218771 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:35.957523 0.386637 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:36.319325 0.176957 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:36.500673 0.051552 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:36.772761 0.342792 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:37.278794 0.337767 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:37.802664 0.336568 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:38.138741 0.166334 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:38.376015 0.327082 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:38.897015 0.241762 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:39.103518 0.353326 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:39.452778 0.092243 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:39.784881 0.168466 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:39.950186 0.678493 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:40.409706 0.085927 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2047 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:40.571470 0.163937 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:17:42.362713 0.000000 tcp 10.0.2.109 57250 -> 165.228.70.22 6844 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:17:43.824777 2.994354 tcp 10.0.2.109 57251 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:17:52.817947 0.000000 tcp 10.0.2.109 57251 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:17:58.828643 0.112532 tcp 10.0.2.109 57252 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:17:58.941458 0.059889 tcp 10.0.2.109 57253 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:17:59.001597 0.148959 tcp 10.0.2.109 57254 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:17:59.350386 3.001256 tcp 10.0.2.109 57255 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:18:08.350015 0.000000 tcp 10.0.2.109 57255 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:18:14.349964 0.052997 tcp 10.0.2.109 57256 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:18:14.403261 0.066327 tcp 10.0.2.109 57257 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:18:14.469903 0.150608 tcp 10.0.2.109 57258 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:18:15.049525 3.004423 tcp 10.0.2.109 57259 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:18:24.058275 0.000000 tcp 10.0.2.109 57259 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:18:30.043141 3.002561 tcp 10.0.2.109 57260 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:18:39.044275 0.000000 tcp 10.0.2.109 57260 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:22:43.268242 3.001541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 15:22:50.276821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:22:58.277137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:23:14.280693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:23:45.045251 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 15:23:45.045447 2.993327 tcp 10.0.2.109 57261 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:23:46.286032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:23:54.047109 0.000000 tcp 10.0.2.109 57261 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:24:00.047682 0.053504 tcp 10.0.2.109 57262 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:24:00.101507 0.062481 tcp 10.0.2.109 57263 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:24:00.164265 0.151389 tcp 10.0.2.109 57264 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:24:00.328143 3.002676 tcp 10.0.2.109 57265 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:24:09.329217 0.000000 tcp 10.0.2.109 57265 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:24:15.328493 0.053319 tcp 10.0.2.109 57266 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:24:15.382114 0.065142 tcp 10.0.2.109 57267 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:24:15.447575 0.149836 tcp 10.0.2.109 57268 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:24:15.607147 2.995441 tcp 10.0.2.109 57269 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:24:24.601012 0.000000 tcp 10.0.2.109 57269 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:24:30.599893 3.004263 tcp 10.0.2.109 57270 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:24:39.602558 0.000000 tcp 10.0.2.109 57270 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:29:45.605949 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 15:29:45.606285 3.000889 tcp 10.0.2.109 57271 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:29:50.292436 3.004906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 15:29:54.606887 0.000000 tcp 10.0.2.109 57271 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:29:57.299281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:30:00.606852 0.052453 tcp 10.0.2.109 57272 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:30:00.659592 0.060079 tcp 10.0.2.109 57273 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:30:00.719960 0.153619 tcp 10.0.2.109 57274 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:30:01.093160 2.996077 tcp 10.0.2.109 57275 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:30:05.301247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:30:10.088069 0.000000 tcp 10.0.2.109 57275 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:30:16.087285 0.051814 tcp 10.0.2.109 57276 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:30:16.139381 0.062921 tcp 10.0.2.109 57277 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:30:16.202567 0.154730 tcp 10.0.2.109 57278 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:30:16.388111 3.003095 tcp 10.0.2.109 57279 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:30:21.309318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:30:25.389737 0.000000 tcp 10.0.2.109 57279 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:30:31.388526 3.004308 tcp 10.0.2.109 57280 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:30:40.391330 0.000000 tcp 10.0.2.109 57280 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:30:53.309923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:35:46.391729 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 15:35:46.391823 3.003592 tcp 10.0.2.109 57281 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:35:55.394405 0.000000 tcp 10.0.2.109 57281 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:36:01.395249 0.051943 tcp 10.0.2.109 57282 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:36:01.447519 0.062917 tcp 10.0.2.109 57283 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:36:01.510681 0.148792 tcp 10.0.2.109 57284 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:36:01.674996 3.002674 tcp 10.0.2.109 57285 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:36:10.686428 0.000000 tcp 10.0.2.109 57285 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:36:16.675713 0.052064 tcp 10.0.2.109 57286 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:36:16.728028 0.061468 tcp 10.0.2.109 57287 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:36:16.789832 0.148536 tcp 10.0.2.109 57288 -> 195.113.214.249 443 SRPA* 0 0 23 11450 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:36:17.000292 2.999427 tcp 10.0.2.109 57289 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:36:25.998710 0.000000 tcp 10.0.2.109 57289 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:36:31.997374 2.993754 tcp 10.0.2.109 57290 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:36:40.989875 0.000000 tcp 10.0.2.109 57290 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:36:57.316453 3.001272 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 15:37:04.323396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:37:12.324996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:37:28.327968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:38:00.333997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:44:04.340257 3.001783 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 15:44:11.347402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:44:19.349100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:44:35.351816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:45:07.358022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:47:49.761234 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 15:47:49.761402 0.406903 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:50.145312 0.241199 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:50.145774 3.003115 tcp 10.0.2.109 57291 -> 165.228.70.22 6844 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:47:50.350090 0.070555 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:50.512236 0.165848 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:50.656058 0.105550 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:50.831425 0.159072 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:50.982270 0.067525 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:51.097648 0.111780 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:51.170583 0.218603 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:51.367987 0.311154 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:51.705979 0.703432 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:52.382169 0.352115 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:52.713906 0.175767 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:52.905125 0.052995 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:53.039666 0.338843 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:53.440512 0.332019 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:53.806304 0.325433 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:54.152767 0.329795 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:54.538407 0.168313 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:54.683992 0.250231 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:54.897338 0.349345 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:55.305497 0.094612 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:55.375947 0.168216 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:55.541089 0.471063 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:55.971530 0.075408 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:56.186474 0.152282 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/10 15:47:59.146985 0.000000 tcp 10.0.2.109 57291 -> 165.228.70.22 6844 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:48:02.039243 3.005926 tcp 10.0.2.109 57292 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:48:11.118270 0.000000 tcp 10.0.2.109 57292 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:48:17.069896 0.054355 tcp 10.0.2.109 57293 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:48:17.124499 0.061313 tcp 10.0.2.109 57294 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:48:17.186095 0.147171 tcp 10.0.2.109 57295 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:48:17.353292 2.981976 tcp 10.0.2.109 57296 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:48:26.333945 0.000000 tcp 10.0.2.109 57296 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:48:32.323079 0.052058 tcp 10.0.2.109 57297 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:48:32.375411 0.064972 tcp 10.0.2.109 57298 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:48:32.440670 0.153817 tcp 10.0.2.109 57299 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:48:32.932926 3.006358 tcp 10.0.2.109 57300 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:48:41.945912 0.000000 tcp 10.0.2.109 57300 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:48:47.927164 2.992340 tcp 10.0.2.109 57301 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:48:56.921064 0.000000 tcp 10.0.2.109 57301 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:53:32.366047 3.002405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 15:53:39.374377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:53:47.375513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:54:02.928299 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 15:54:02.928458 3.003990 tcp 10.0.2.109 57302 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:54:03.378674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:54:11.930962 0.000000 tcp 10.0.2.109 57302 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:54:17.931129 0.052213 tcp 10.0.2.109 57303 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:54:17.983652 0.063885 tcp 10.0.2.109 57304 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:54:18.047365 0.153421 tcp 10.0.2.109 57305 -> 195.113.214.249 443 SRPA* 0 0 33 17670 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:54:18.219595 3.004881 tcp 10.0.2.109 57306 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:54:27.223006 0.000000 tcp 10.0.2.109 57306 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:54:33.211997 0.051406 tcp 10.0.2.109 57307 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:54:33.263654 0.063611 tcp 10.0.2.109 57308 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:54:33.327491 0.151060 tcp 10.0.2.109 57309 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 15:54:33.521646 3.004541 tcp 10.0.2.109 57310 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:54:35.384874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 15:54:42.524942 0.000000 tcp 10.0.2.109 57310 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:54:48.513676 2.994353 tcp 10.0.2.109 57311 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 15:54:57.516484 0.000000 tcp 10.0.2.109 57311 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:00:03.517034 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 16:00:03.517219 2.993978 tcp 10.0.2.109 57312 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:00:12.509375 0.000000 tcp 10.0.2.109 57312 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:00:20.578134 0.031112 tcp 10.0.2.109 57313 -> 195.113.214.234 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:00:20.609513 0.063035 tcp 10.0.2.109 57314 -> 195.113.214.249 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:00:20.672847 0.152379 tcp 10.0.2.109 57315 -> 195.113.214.249 443 SRPA* 0 0 24 13857 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:00:21.008733 2.966616 tcp 10.0.2.109 57316 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:00:29.906202 0.000000 tcp 10.0.2.109 57316 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:00:35.831252 0.031023 tcp 10.0.2.109 57317 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:00:35.862665 0.062025 tcp 10.0.2.109 57318 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:00:35.924985 0.146711 tcp 10.0.2.109 57319 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:00:36.396922 2.965921 tcp 10.0.2.109 57320 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:00:41.200796 2.969100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 16:00:45.287666 0.000000 tcp 10.0.2.109 57320 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:00:48.147887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:00:51.238552 2.963034 tcp 10.0.2.109 57321 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:00:56.050377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:01:00.130310 0.000000 tcp 10.0.2.109 57321 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:01:11.856172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:01:43.484795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:06:04.526056 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 16:06:04.526258 2.993611 tcp 10.0.2.109 57322 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:06:13.518561 0.000000 tcp 10.0.2.109 57322 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:06:19.529382 0.031698 tcp 10.0.2.109 57323 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:06:19.561368 0.061421 tcp 10.0.2.109 57324 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:06:19.623086 0.147619 tcp 10.0.2.109 57325 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:06:19.871847 2.999869 tcp 10.0.2.109 57326 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:06:28.870562 0.000000 tcp 10.0.2.109 57326 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:06:34.869683 0.030623 tcp 10.0.2.109 57327 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:06:34.900574 0.061325 tcp 10.0.2.109 57328 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:06:34.962421 0.153870 tcp 10.0.2.109 57329 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:06:35.283869 3.000677 tcp 10.0.2.109 57330 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:06:44.282725 0.000000 tcp 10.0.2.109 57330 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:06:50.281452 3.004252 tcp 10.0.2.109 57331 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:06:59.284874 0.000000 tcp 10.0.2.109 57331 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:07:46.414101 3.004329 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 16:07:53.422000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:08:01.423752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:08:17.426603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:08:49.436756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:14:53.439728 3.034739 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 16:15:00.456042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:15:08.457678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:15:24.460921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:15:56.466909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:17:59.118046 0.000231 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 16:17:59.118383 0.409697 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:17:59.510421 0.239030 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:17:59.510866 2.986783 tcp 10.0.2.109 57332 -> 165.228.70.22 6844 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:17:59.711123 0.072148 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:00.060879 0.165768 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:00.206166 0.117792 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:00.498975 0.148824 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:00.640003 0.217660 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:00.837902 0.310218 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:01.252668 0.064340 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:01.300773 0.117636 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:01.511641 0.174258 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:01.796973 0.347651 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:02.325849 0.173136 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:02.495797 0.052657 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:02.819188 0.339946 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:03.428533 0.328827 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:03.865650 0.168064 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:04.010101 0.418689 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:04.393486 0.327902 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:04.734226 0.322635 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:05.198934 0.350371 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:05.321964 3.004097 tcp 10.0.2.109 57333 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:18:05.545647 0.085270 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:06.086267 0.167159 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:06.249904 0.710163 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:06.738756 0.075983 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:06.911085 0.161938 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:18:08.506632 0.000000 tcp 10.0.2.109 57332 -> 165.228.70.22 6844 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:18:14.324653 0.000000 tcp 10.0.2.109 57333 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:18:20.325473 0.032198 tcp 10.0.2.109 57334 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:18:20.357947 0.059646 tcp 10.0.2.109 57335 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:18:20.417863 0.151374 tcp 10.0.2.109 57336 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:18:20.664313 2.994166 tcp 10.0.2.109 57337 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:18:29.781526 0.000000 tcp 10.0.2.109 57337 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:18:35.731008 0.031005 tcp 10.0.2.109 57338 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:18:35.762286 0.063512 tcp 10.0.2.109 57339 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:18:35.826215 0.148463 tcp 10.0.2.109 57340 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:18:36.032620 2.976555 tcp 10.0.2.109 57341 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:18:44.968883 0.000000 tcp 10.0.2.109 57341 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:18:50.967414 3.004283 tcp 10.0.2.109 57342 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:18:59.970536 0.000000 tcp 10.0.2.109 57342 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:22:00.472268 3.002183 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 16:22:07.479912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:22:15.481460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:22:31.484733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:23:03.490613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:24:05.971417 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 16:24:05.971505 3.003287 tcp 10.0.2.109 57343 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:24:14.973373 0.000000 tcp 10.0.2.109 57343 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:24:20.973857 0.031765 tcp 10.0.2.109 57344 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:24:21.005917 0.061031 tcp 10.0.2.109 57345 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:24:21.067247 0.149050 tcp 10.0.2.109 57346 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:24:21.225914 3.000932 tcp 10.0.2.109 57347 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:24:30.225218 0.000000 tcp 10.0.2.109 57347 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:24:36.224573 0.031165 tcp 10.0.2.109 57348 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:24:36.256051 0.062201 tcp 10.0.2.109 57349 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:24:36.318561 0.151891 tcp 10.0.2.109 57350 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:24:36.485132 2.993535 tcp 10.0.2.109 57351 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:24:45.487148 0.000000 tcp 10.0.2.109 57351 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:24:51.486242 2.993888 tcp 10.0.2.109 57352 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:25:00.481096 0.000000 tcp 10.0.2.109 57352 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:29:07.496203 3.001978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 16:29:14.504015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:29:22.505439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:29:38.508914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:30:06.492203 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 16:30:06.492374 3.000559 tcp 10.0.2.109 57353 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:30:10.514917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:30:15.494918 0.000000 tcp 10.0.2.109 57353 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:30:21.491810 0.031531 tcp 10.0.2.109 57354 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:30:21.523589 0.065013 tcp 10.0.2.109 57355 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:30:21.588899 0.153614 tcp 10.0.2.109 57356 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:30:21.760021 3.004851 tcp 10.0.2.109 57357 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:30:30.763770 0.000000 tcp 10.0.2.109 57357 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:30:36.752853 0.058893 tcp 10.0.2.109 57358 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:30:36.812113 0.061106 tcp 10.0.2.109 57359 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:30:36.873491 0.147339 tcp 10.0.2.109 57360 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:30:37.047908 3.009188 tcp 10.0.2.109 57361 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:30:46.055612 0.000000 tcp 10.0.2.109 57361 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:30:52.044656 2.997992 tcp 10.0.2.109 57362 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:31:01.047052 0.000000 tcp 10.0.2.109 57362 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:36:07.047802 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 16:36:07.047990 2.993493 tcp 10.0.2.109 57363 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:36:14.520321 3.002095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 16:36:16.039711 0.000000 tcp 10.0.2.109 57363 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:36:21.527967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:36:22.050695 0.031527 tcp 10.0.2.109 57364 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:36:22.082493 0.059959 tcp 10.0.2.109 57365 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:36:22.142709 0.145923 tcp 10.0.2.109 57366 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:36:22.303002 3.000287 tcp 10.0.2.109 57367 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:36:29.529376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:36:31.302254 0.000000 tcp 10.0.2.109 57367 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:36:37.301282 0.031311 tcp 10.0.2.109 57368 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:36:37.332852 0.063090 tcp 10.0.2.109 57369 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:36:37.396233 0.151751 tcp 10.0.2.109 57370 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:36:37.560525 3.004736 tcp 10.0.2.109 57371 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:36:45.532818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:36:46.563503 0.000000 tcp 10.0.2.109 57371 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:36:52.553054 3.003633 tcp 10.0.2.109 57372 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:37:01.555201 0.000000 tcp 10.0.2.109 57372 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:37:17.538511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:43:21.544529 3.001109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 16:43:28.551908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:43:36.553002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:43:52.556542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:44:24.562335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:48:21.373207 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 16:48:21.373357 0.404106 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:21.759251 0.243095 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:21.759682 2.998759 tcp 10.0.2.109 57373 -> 165.228.70.22 6844 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:48:21.959136 0.070389 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:22.087387 0.168196 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:22.231377 0.093252 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:22.334641 0.214164 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:22.485357 0.219391 rtp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:22.594952 2.999452 tcp 10.0.2.109 57374 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:48:22.683773 0.116650 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:22.761148 0.171776 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 1950 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:22.907080 0.310257 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:23.215763 0.071028 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:23.327307 0.342927 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:23.649454 0.173176 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:23.817979 0.052971 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:23.888077 0.339049 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:24.246688 0.324734 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:24.579875 0.325586 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:24.930394 0.167326 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:25.076046 0.244378 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:25.284968 0.316052 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:25.628313 0.350380 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:25.975049 0.740309 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:26.474593 0.075090 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:26.577021 0.092298 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:26.646586 0.168479 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:26.833398 0.166214 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/10 16:48:30.766428 0.000000 tcp 10.0.2.109 57373 -> 165.228.70.22 6844 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:48:31.597555 0.000000 tcp 10.0.2.109 57374 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:48:37.598082 0.031519 tcp 10.0.2.109 57375 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:48:37.629857 0.105684 tcp 10.0.2.109 57376 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:48:37.735937 0.147882 tcp 10.0.2.109 57377 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:48:38.064062 3.001090 tcp 10.0.2.109 57378 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:48:47.060673 0.000000 tcp 10.0.2.109 57378 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:48:53.059390 0.031187 tcp 10.0.2.109 57379 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:48:53.090897 0.060802 tcp 10.0.2.109 57380 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:48:53.152001 0.153453 tcp 10.0.2.109 57381 -> 195.113.214.249 443 SRPA* 0 0 32 17514 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:48:53.435510 2.997700 tcp 10.0.2.109 57382 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:49:02.432797 0.000000 tcp 10.0.2.109 57382 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:49:08.435472 3.001168 tcp 10.0.2.109 57383 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:49:17.437514 0.000000 tcp 10.0.2.109 57383 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:50:28.568974 3.001042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 16:50:35.575685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:50:43.577813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:50:59.585549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:51:31.586544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:54:23.434021 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 16:54:23.434167 3.003483 tcp 10.0.2.109 57384 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:54:32.446517 0.000000 tcp 10.0.2.109 57384 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:54:38.437205 0.032184 tcp 10.0.2.109 57385 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:54:38.469662 0.062712 tcp 10.0.2.109 57386 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:54:38.532710 0.150711 tcp 10.0.2.109 57387 -> 195.113.214.249 443 SRPA* 0 0 23 12930 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:54:38.733868 2.995773 tcp 10.0.2.109 57388 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:54:47.728496 0.000000 tcp 10.0.2.109 57388 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:54:53.738219 0.031033 tcp 10.0.2.109 57389 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:54:53.769540 0.060027 tcp 10.0.2.109 57390 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:54:53.829967 0.153108 tcp 10.0.2.109 57391 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 16:54:54.030627 3.001053 tcp 10.0.2.109 57392 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:55:03.030390 0.000000 tcp 10.0.2.109 57392 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:55:09.029437 3.003862 tcp 10.0.2.109 57393 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:55:18.032186 0.000000 tcp 10.0.2.109 57393 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 16:57:35.595687 2.998188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 16:57:42.600232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:57:50.601781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:58:06.604883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 16:58:38.610336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:00:24.035119 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 17:00:24.035228 3.000856 tcp 10.0.2.109 57394 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:00:33.034851 0.000000 tcp 10.0.2.109 57394 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:00:39.036438 0.032046 tcp 10.0.2.109 57395 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:00:39.068751 0.061176 tcp 10.0.2.109 57396 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:00:39.129762 0.147964 tcp 10.0.2.109 57397 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:00:39.328699 2.999782 tcp 10.0.2.109 57398 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:00:48.336829 0.000000 tcp 10.0.2.109 57398 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:00:54.327812 0.030789 tcp 10.0.2.109 57399 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:00:54.358966 0.063913 tcp 10.0.2.109 57400 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:00:54.423184 0.148943 tcp 10.0.2.109 57401 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:00:54.952399 2.998244 tcp 10.0.2.109 57402 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:01:03.949228 0.000000 tcp 10.0.2.109 57402 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:01:09.948123 3.004267 tcp 10.0.2.109 57403 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:01:18.950881 0.000000 tcp 10.0.2.109 57403 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:04:42.616124 3.002245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 17:04:49.626541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:04:57.624923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:05:13.628551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:05:45.636419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:06:24.951000 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 17:06:24.951239 3.003810 tcp 10.0.2.109 57404 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:06:33.954946 0.000000 tcp 10.0.2.109 57404 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:06:39.954549 0.032267 tcp 10.0.2.109 57405 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:06:39.987079 0.061826 tcp 10.0.2.109 57406 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:06:40.049164 0.153086 tcp 10.0.2.109 57407 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:06:40.255102 3.002053 tcp 10.0.2.109 57408 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:06:49.256662 0.000000 tcp 10.0.2.109 57408 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:06:55.255346 0.030635 tcp 10.0.2.109 57409 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:06:55.286247 0.356896 tcp 10.0.2.109 57410 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:06:55.643426 0.150204 tcp 10.0.2.109 57411 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:06:55.949420 2.999784 tcp 10.0.2.109 57412 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:07:04.948387 0.000000 tcp 10.0.2.109 57412 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:07:10.947275 2.994027 tcp 10.0.2.109 57413 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:07:19.939612 0.000000 tcp 10.0.2.109 57413 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:11:49.640795 3.006165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 17:11:56.647621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:12:04.652408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:12:20.652576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:12:52.658418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:18:56.664703 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 17:18:56.852175 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 17:18:56.852275 0.408434 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:57.243510 0.241106 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:57.244036 3.002699 tcp 10.0.2.109 57414 -> 165.228.70.22 6844 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:18:57.769851 0.075918 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:58.215308 0.167664 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:58.360056 0.093114 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:58.638517 0.309612 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:58.892394 0.214579 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:59.104897 0.116572 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:59.185930 0.173657 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:59.438207 0.316662 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:59.822012 0.066509 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:18:59.872885 0.344120 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:00.200347 0.175897 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:00.401007 0.052362 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:00.593511 0.327612 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:01.009797 0.337091 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:01.474835 0.331394 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:01.808465 0.167866 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:01.953800 0.000000 udp 10.0.2.109 3683 -> 75.48.14.191 8955 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 17:19:03.672447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:19:06.247915 0.000000 tcp 10.0.2.109 57414 -> 165.228.70.22 6844 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:19:10.992906 3.003505 tcp 10.0.2.109 57415 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:19:11.673180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:19:19.995321 0.000000 tcp 10.0.2.109 57415 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:19:20.147246 0.032692 tcp 10.0.2.109 57416 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:20.180189 0.060711 tcp 10.0.2.109 57417 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:20.241193 0.153994 tcp 10.0.2.109 57418 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:20.395774 0.336015 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:20.731287 0.352874 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:20.732894 4.898136 tcp 10.0.2.109 57419 -> 147.8.183.75 9321 SPA_* 0 0 148 112650 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:21.080365 0.095436 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:21.199570 0.166454 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2599 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:21.362938 0.157790 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:21.508570 0.568819 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:21.958346 0.071803 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:19:25.951874 4.892053 tcp 10.0.2.109 57419 -> 147.8.183.75 9321 A_PA 0 0 184 141008 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:25.994563 0.032363 tcp 10.0.2.109 57420 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:26.027178 0.061732 tcp 10.0.2.109 57421 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:26.089129 0.149771 tcp 10.0.2.109 57422 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:26.496977 2.991857 tcp 10.0.2.109 57423 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:19:27.675883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:19:31.164031 4.930642 tcp 10.0.2.109 57419 -> 147.8.183.75 9321 A_PA 0 0 154 133244 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:35.497845 0.000000 tcp 10.0.2.109 57423 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:19:36.419379 4.887007 tcp 10.0.2.109 57419 -> 147.8.183.75 9321 A_PA 0 0 164 139928 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:41.496526 0.031998 tcp 10.0.2.109 57424 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:41.528801 0.061725 tcp 10.0.2.109 57425 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:41.590783 0.157773 tcp 10.0.2.109 57426 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:41.629469 4.890644 tcp 10.0.2.109 57419 -> 147.8.183.75 9321 A_PA 0 0 167 140090 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:41.855293 2.995220 tcp 10.0.2.109 57427 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:19:46.839248 2.191115 tcp 10.0.2.109 57419 -> 147.8.183.75 9321 FPA_* 0 0 21 11522 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:19:50.849556 0.000000 tcp 10.0.2.109 57427 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:19:56.848878 3.003623 tcp 10.0.2.109 57428 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:19:59.682412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:20:05.850886 0.000000 tcp 10.0.2.109 57428 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:25:11.851563 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 17:25:11.851747 3.003400 tcp 10.0.2.109 57429 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:25:20.854156 0.000000 tcp 10.0.2.109 57429 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:25:26.854315 0.032424 tcp 10.0.2.109 57430 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:25:26.886984 0.062733 tcp 10.0.2.109 57431 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:25:26.950033 0.149635 tcp 10.0.2.109 57432 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:25:27.110335 3.006771 tcp 10.0.2.109 57433 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:25:36.115684 0.000000 tcp 10.0.2.109 57433 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:25:42.105247 0.031138 tcp 10.0.2.109 57434 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:25:42.136671 0.060858 tcp 10.0.2.109 57435 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:25:42.197818 0.153091 tcp 10.0.2.109 57436 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:25:42.360523 2.998570 tcp 10.0.2.109 57437 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:25:51.358359 0.000000 tcp 10.0.2.109 57437 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:25:57.356864 2.994100 tcp 10.0.2.109 57438 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:26:03.687890 3.002029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 17:26:06.349446 0.000000 tcp 10.0.2.109 57438 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:26:10.695888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:26:18.696921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:26:34.699918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:27:06.705995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:31:12.369060 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 17:31:12.369144 2.994793 tcp 10.0.2.109 57439 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:31:21.362420 0.000000 tcp 10.0.2.109 57439 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:31:27.364513 0.031741 tcp 10.0.2.109 57440 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:31:27.396496 0.060456 tcp 10.0.2.109 57441 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:31:27.457302 0.149086 tcp 10.0.2.109 57442 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:31:27.715108 3.000138 tcp 10.0.2.109 57443 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:31:36.714399 0.000000 tcp 10.0.2.109 57443 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:31:42.712991 0.032647 tcp 10.0.2.109 57444 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:31:42.745977 0.064723 tcp 10.0.2.109 57445 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:31:42.810932 0.152455 tcp 10.0.2.109 57446 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:31:43.086928 2.990796 tcp 10.0.2.109 57447 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:31:52.086728 0.000000 tcp 10.0.2.109 57447 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:31:58.085370 2.994106 tcp 10.0.2.109 57448 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:32:07.078294 0.000000 tcp 10.0.2.109 57448 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:33:10.714448 2.999437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 17:33:17.725711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:33:25.721059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:33:41.724340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:34:13.730028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:37:13.088598 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 17:37:13.088692 3.004031 tcp 10.0.2.109 57449 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:37:22.090976 0.000000 tcp 10.0.2.109 57449 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:37:28.091538 0.055973 tcp 10.0.2.109 57450 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:37:28.148140 0.061850 tcp 10.0.2.109 57451 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:37:28.210345 0.149301 tcp 10.0.2.109 57452 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:37:28.483480 2.988895 tcp 10.0.2.109 57453 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:37:37.462990 0.000000 tcp 10.0.2.109 57453 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:37:43.463716 0.036896 tcp 10.0.2.109 57454 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:37:43.500906 0.064072 tcp 10.0.2.109 57455 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:37:43.565248 0.146035 tcp 10.0.2.109 57456 -> 195.113.214.249 443 SRPA* 0 0 21 10738 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:37:43.868325 2.997986 tcp 10.0.2.109 57457 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:37:52.865260 0.000000 tcp 10.0.2.109 57457 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:37:58.864198 2.994483 tcp 10.0.2.109 57458 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:38:07.866606 0.000000 tcp 10.0.2.109 57458 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:40:17.738009 3.003168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 17:40:24.748062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:40:32.744980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:40:48.748003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:41:20.757894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:47:24.759997 3.001877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 17:47:31.767735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:47:39.769039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:47:55.772027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:48:27.778269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:49:47.473204 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 17:49:47.473364 0.246921 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:47.689607 0.410853 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:48.083272 0.241335 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:48.284091 0.105216 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:48.390806 0.262656 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:48.591579 0.070656 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:48.674477 0.170149 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:48.823260 0.219392 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:49.022033 0.310464 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:49.341399 0.067565 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:49.392996 0.174045 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:49.539706 0.122993 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:49.621571 0.052904 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:49.685673 0.326460 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:50.028895 0.174743 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:50.200459 0.388175 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:50.569352 0.454098 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:51.032137 0.335670 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:51.377427 0.169366 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:51.524259 0.329556 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:51.853330 0.352866 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:52.202248 0.094072 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:52.271167 0.165967 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:52.433772 0.163037 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:52.580859 0.725906 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:53.067482 0.075491 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/10 17:49:58.909582 3.004013 tcp 10.0.2.109 57459 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:50:07.911996 0.000000 tcp 10.0.2.109 57459 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:50:13.912760 0.031914 tcp 10.0.2.109 57460 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:50:13.944927 0.062038 tcp 10.0.2.109 57461 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:50:14.007272 0.151306 tcp 10.0.2.109 57462 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:50:14.169563 3.006144 tcp 10.0.2.109 57463 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:50:23.174092 0.000000 tcp 10.0.2.109 57463 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:50:29.163532 0.030677 tcp 10.0.2.109 57464 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:50:29.194453 0.060154 tcp 10.0.2.109 57465 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:50:29.254896 0.150923 tcp 10.0.2.109 57466 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:50:29.415997 3.001288 tcp 10.0.2.109 57467 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:50:38.415879 0.000000 tcp 10.0.2.109 57467 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:50:44.415103 2.993700 tcp 10.0.2.109 57468 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:50:53.417455 0.000000 tcp 10.0.2.109 57468 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:55:19.792574 3.002243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 17:55:26.800615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:55:34.803679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:55:50.808082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:55:59.418045 0.000214 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 17:55:59.418383 3.010276 tcp 10.0.2.109 57469 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:56:08.420231 0.000000 tcp 10.0.2.109 57469 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:56:14.421254 0.060706 tcp 10.0.2.109 57470 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:56:14.482260 0.063480 tcp 10.0.2.109 57471 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:56:14.546080 0.152879 tcp 10.0.2.109 57472 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:56:14.749746 3.003571 tcp 10.0.2.109 57473 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:56:22.810773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 17:56:23.751884 0.000000 tcp 10.0.2.109 57473 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:56:29.751766 0.030812 tcp 10.0.2.109 57474 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:56:29.782851 0.061381 tcp 10.0.2.109 57475 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:56:29.844525 0.151396 tcp 10.0.2.109 57476 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/10 17:56:30.021236 3.004700 tcp 10.0.2.109 57477 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:56:39.025122 0.000000 tcp 10.0.2.109 57477 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:56:45.023452 3.003881 tcp 10.0.2.109 57478 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 17:56:54.035916 0.000000 tcp 10.0.2.109 57478 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:02:00.026484 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 18:02:00.026628 2.993581 tcp 10.0.2.109 57479 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:02:09.018843 0.000000 tcp 10.0.2.109 57479 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:02:15.028976 0.032943 tcp 10.0.2.109 57480 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:02:15.061736 0.062197 tcp 10.0.2.109 57481 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:02:15.124210 0.156753 tcp 10.0.2.109 57482 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:02:15.475000 2.998742 tcp 10.0.2.109 57483 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:02:24.471162 0.000000 tcp 10.0.2.109 57483 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:02:26.816926 3.001948 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 18:02:30.470189 0.032525 tcp 10.0.2.109 57484 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:02:30.502971 0.062784 tcp 10.0.2.109 57485 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:02:30.566043 0.149027 tcp 10.0.2.109 57486 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:02:30.831399 3.003263 tcp 10.0.2.109 57487 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:02:33.824770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:02:39.833007 0.000000 tcp 10.0.2.109 57487 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:02:41.826379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:02:45.832018 3.004166 tcp 10.0.2.109 57488 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:02:54.834744 0.000000 tcp 10.0.2.109 57488 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:02:57.829294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:03:29.834941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:08:00.835223 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 18:08:00.835416 2.993670 tcp 10.0.2.109 57489 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:08:09.837631 0.000000 tcp 10.0.2.109 57489 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:08:15.837331 0.031175 tcp 10.0.2.109 57490 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:08:15.868703 0.060717 tcp 10.0.2.109 57491 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:08:15.929719 0.150850 tcp 10.0.2.109 57492 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:08:16.614861 2.996712 tcp 10.0.2.109 57493 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:08:25.610084 0.000000 tcp 10.0.2.109 57493 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:08:31.609973 0.033388 tcp 10.0.2.109 57494 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:08:31.643601 0.063083 tcp 10.0.2.109 57495 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:08:31.706977 0.157008 tcp 10.0.2.109 57496 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:08:31.984084 2.999615 tcp 10.0.2.109 57497 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:08:40.986996 0.000000 tcp 10.0.2.109 57497 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:08:46.981102 3.004381 tcp 10.0.2.109 57498 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:08:55.984085 0.000000 tcp 10.0.2.109 57498 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:09:33.840433 3.002403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 18:09:40.848533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:09:48.849926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:10:04.853247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:10:36.858996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:16:40.864276 3.002612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 18:16:47.872456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:16:55.874087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:17:11.877175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:17:43.883085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:20:20.698738 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 18:20:20.698888 0.245277 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:20.909684 0.411858 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:21.301749 0.234675 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:21.497632 0.105086 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:21.991985 0.211026 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:22.183739 0.071389 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:22.452293 0.171347 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:22.598738 0.063706 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:22.682820 0.176265 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:22.828011 0.123314 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:22.968528 0.053437 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:23.156746 0.216863 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:23.351249 0.308729 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:24.159896 0.328058 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:24.596217 0.171057 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:24.763127 0.351418 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:25.094607 0.169660 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:25.240717 0.333528 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:25.844934 0.388729 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:26.257144 0.330316 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:26.712517 0.350314 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:27.058889 0.092827 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:27.378759 0.169326 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:27.544507 0.166297 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:27.687323 0.699927 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:28.338978 0.075286 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:20:32.024904 2.994047 tcp 10.0.2.109 57499 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:20:41.017418 0.000000 tcp 10.0.2.109 57499 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:20:47.027686 0.032263 tcp 10.0.2.109 57500 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:20:47.060213 0.065212 tcp 10.0.2.109 57501 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:20:47.125690 0.148866 tcp 10.0.2.109 57502 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:20:47.760780 3.000771 tcp 10.0.2.109 57503 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:20:56.760149 0.000000 tcp 10.0.2.109 57503 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:21:02.759470 0.030326 tcp 10.0.2.109 57504 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:21:02.790213 0.061392 tcp 10.0.2.109 57505 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:21:02.851869 0.146154 tcp 10.0.2.109 57506 -> 195.113.214.249 443 SRPA* 0 0 21 11340 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:21:03.046406 2.997285 tcp 10.0.2.109 57507 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:21:12.042470 0.000000 tcp 10.0.2.109 57507 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:21:18.041138 3.004035 tcp 10.0.2.109 57508 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:21:27.043815 0.000000 tcp 10.0.2.109 57508 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:23:47.889006 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 18:23:54.896426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:24:02.898702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:24:18.901039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:24:50.906989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:26:33.045269 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 18:26:33.045435 2.992539 tcp 10.0.2.109 57509 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:26:42.046660 0.000000 tcp 10.0.2.109 57509 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:26:48.047419 0.031803 tcp 10.0.2.109 57510 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:26:48.079458 0.061049 tcp 10.0.2.109 57511 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:26:48.140837 0.154635 tcp 10.0.2.109 57512 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:26:48.366350 2.983640 tcp 10.0.2.109 57513 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:26:57.351861 0.000000 tcp 10.0.2.109 57513 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:27:03.368221 0.031471 tcp 10.0.2.109 57514 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:27:03.400039 0.061052 tcp 10.0.2.109 57515 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:27:03.461457 0.150840 tcp 10.0.2.109 57516 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:27:03.774300 2.998130 tcp 10.0.2.109 57517 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:27:12.770474 0.000000 tcp 10.0.2.109 57517 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:27:18.769605 3.004183 tcp 10.0.2.109 57518 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:27:27.772726 0.000000 tcp 10.0.2.109 57518 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:30:54.913317 3.001998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 18:31:01.920362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:31:09.922163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:31:25.924749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:31:57.930808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:32:33.773452 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 18:32:33.773555 3.003094 tcp 10.0.2.109 57519 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:32:42.775404 0.000000 tcp 10.0.2.109 57519 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:32:48.775465 0.032570 tcp 10.0.2.109 57520 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:32:48.808284 0.060103 tcp 10.0.2.109 57521 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:32:48.868638 0.149772 tcp 10.0.2.109 57522 -> 195.113.214.249 443 SRPA* 0 0 25 13876 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:32:49.045974 2.992835 tcp 10.0.2.109 57523 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:32:58.047320 0.000000 tcp 10.0.2.109 57523 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:33:04.046839 0.030750 tcp 10.0.2.109 57524 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:33:04.077858 0.062301 tcp 10.0.2.109 57525 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:33:04.140413 0.146469 tcp 10.0.2.109 57526 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:33:04.304094 2.996495 tcp 10.0.2.109 57527 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:33:13.299484 0.000000 tcp 10.0.2.109 57527 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:33:19.298040 3.004249 tcp 10.0.2.109 57528 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:33:28.300834 0.000000 tcp 10.0.2.109 57528 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:38:01.940538 3.000576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 18:38:08.947884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:38:16.946258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:38:32.949079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:38:34.302414 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 18:38:34.302496 3.004492 tcp 10.0.2.109 57529 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:38:43.303756 0.000000 tcp 10.0.2.109 57529 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:38:49.303996 0.031648 tcp 10.0.2.109 57530 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:38:49.335932 0.063093 tcp 10.0.2.109 57531 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:38:49.399306 0.149863 tcp 10.0.2.109 57532 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:38:49.559245 3.007568 tcp 10.0.2.109 57533 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:38:58.565804 0.000000 tcp 10.0.2.109 57533 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:39:04.558537 0.030849 tcp 10.0.2.109 57534 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:39:04.589681 0.062022 tcp 10.0.2.109 57535 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:39:04.652021 0.151837 tcp 10.0.2.109 57536 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:39:04.815619 2.997977 tcp 10.0.2.109 57537 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:39:04.957937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:39:13.818754 0.000000 tcp 10.0.2.109 57537 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:39:19.806740 2.994201 tcp 10.0.2.109 57538 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:39:28.799320 0.000000 tcp 10.0.2.109 57538 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:45:08.962085 3.000326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 18:45:15.968548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:45:23.969844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:45:39.972902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:46:11.979303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:50:34.747108 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 18:50:34.747251 0.256291 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:34.964821 0.105991 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:35.072227 0.411569 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:35.463929 0.242364 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:35.663461 0.147807 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:35.803829 0.073668 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:35.859766 0.167935 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:36.004063 0.068535 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:36.053436 0.185588 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:36.228547 0.122517 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:36.311806 0.309812 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:36.623074 0.052997 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:36.687897 0.220125 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:36.885951 0.325470 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:37.212434 0.176531 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:37.386375 0.343793 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:37.739588 0.352232 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:38.094621 0.178273 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:38.251638 0.435352 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:38.690617 0.328020 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:39.019890 0.352467 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:39.368209 0.089346 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:39.434684 0.168634 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:39.600185 0.179590 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:39.753937 0.689206 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:40.223690 0.075258 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/10 18:50:49.849105 3.003395 tcp 10.0.2.109 57539 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:50:58.851216 0.000000 tcp 10.0.2.109 57539 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:51:04.851795 0.032095 tcp 10.0.2.109 57540 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:51:04.884143 0.060254 tcp 10.0.2.109 57541 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:51:04.944673 0.152765 tcp 10.0.2.109 57542 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:51:05.107553 3.006796 tcp 10.0.2.109 57543 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:51:14.113578 0.000000 tcp 10.0.2.109 57543 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:51:20.102380 0.031807 tcp 10.0.2.109 57544 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:51:20.134483 0.062329 tcp 10.0.2.109 57545 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:51:20.197076 0.146901 tcp 10.0.2.109 57546 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:51:20.354565 3.002328 tcp 10.0.2.109 57547 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:51:29.355232 0.000000 tcp 10.0.2.109 57547 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:51:35.353907 2.994152 tcp 10.0.2.109 57548 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:51:44.356708 0.000000 tcp 10.0.2.109 57548 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:54:11.991493 3.007103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 18:54:19.001680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:54:27.000669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:54:43.006817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:55:15.009635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 18:56:50.363740 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 18:56:50.363849 2.997232 tcp 10.0.2.109 57549 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:56:59.364597 0.000000 tcp 10.0.2.109 57549 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:57:05.359830 0.031398 tcp 10.0.2.109 57550 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:57:05.391432 0.066353 tcp 10.0.2.109 57551 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:57:05.458041 0.155750 tcp 10.0.2.109 57552 -> 195.113.214.249 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:57:05.656298 2.996446 tcp 10.0.2.109 57553 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:57:14.651921 0.000000 tcp 10.0.2.109 57553 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:57:20.650668 0.031091 tcp 10.0.2.109 57554 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:57:20.682045 0.061336 tcp 10.0.2.109 57555 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:57:20.743635 0.152124 tcp 10.0.2.109 57556 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 18:57:20.991271 3.003842 tcp 10.0.2.109 57557 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:57:29.993659 0.000000 tcp 10.0.2.109 57557 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:57:35.992642 3.004138 tcp 10.0.2.109 57558 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 18:57:44.995108 0.000000 tcp 10.0.2.109 57558 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:01:19.017099 3.000204 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 19:01:26.024056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:01:34.027402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:01:50.027503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:02:22.199713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:02:50.996056 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 19:02:50.996173 2.993314 tcp 10.0.2.109 57559 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:02:59.995563 0.000000 tcp 10.0.2.109 57559 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:03:05.998950 0.032469 tcp 10.0.2.109 57560 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:03:06.031660 0.063873 tcp 10.0.2.109 57561 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:03:06.095800 0.150440 tcp 10.0.2.109 57562 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:03:06.620997 3.001541 tcp 10.0.2.109 57563 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:03:15.626494 0.000000 tcp 10.0.2.109 57563 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:03:21.619200 0.031531 tcp 10.0.2.109 57564 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:03:21.651059 0.061326 tcp 10.0.2.109 57565 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:03:21.712222 0.153526 tcp 10.0.2.109 57566 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:03:22.007913 2.995970 tcp 10.0.2.109 57567 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:03:31.002651 0.000000 tcp 10.0.2.109 57567 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:03:37.001651 3.003997 tcp 10.0.2.109 57568 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:03:46.004318 0.000000 tcp 10.0.2.109 57568 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:08:26.050049 3.003071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 19:08:33.057106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:08:41.058578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:08:52.005057 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 19:08:52.005175 2.993636 tcp 10.0.2.109 57569 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:08:57.061629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:09:01.275825 0.000000 tcp 10.0.2.109 57569 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:09:07.222441 0.031355 tcp 10.0.2.109 57570 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:09:07.254260 0.060903 tcp 10.0.2.109 57571 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:09:07.315416 0.149195 tcp 10.0.2.109 57572 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:09:08.006921 2.973301 tcp 10.0.2.109 57573 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:09:16.921871 0.000000 tcp 10.0.2.109 57573 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:09:22.862599 0.031482 tcp 10.0.2.109 57574 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:09:22.894354 0.061498 tcp 10.0.2.109 57575 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:09:22.956136 0.151140 tcp 10.0.2.109 57576 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:09:23.158344 2.981238 tcp 10.0.2.109 57577 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:09:29.080078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:09:32.101741 0.000000 tcp 10.0.2.109 57577 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:09:38.182416 2.977949 tcp 10.0.2.109 57578 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:09:47.110922 0.000000 tcp 10.0.2.109 57578 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:15:33.083973 3.003361 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 19:15:40.091180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:15:48.092969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:16:04.095607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:16:36.101725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:20:51.869468 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 19:20:51.869660 0.654145 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:52.486892 0.093028 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:52.628884 0.409000 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:53.019256 0.239659 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:53.131463 3.004096 tcp 10.0.2.109 57579 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:20:53.216906 0.277053 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:53.425383 0.070552 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:53.555419 0.171713 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:53.704594 0.124586 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:53.790861 0.310361 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:54.100070 0.052860 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:54.221861 0.220279 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:54.419851 0.070141 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:54.474523 0.176442 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:54.619923 0.325586 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:55.175460 0.177298 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:55.349658 0.331159 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:55.682561 0.344171 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:56.029106 0.338303 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:56.350350 0.169258 rtcp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:56.493957 0.347828 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:56.882631 0.350718 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 1969 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:57.229805 0.087399 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:57.291621 0.170819 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:57.459585 0.164018 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:57.608773 0.476242 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:20:58.047012 0.075399 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:21:02.133984 0.000000 tcp 10.0.2.109 57579 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:21:08.134294 0.032030 tcp 10.0.2.109 57580 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:21:08.166618 0.061710 tcp 10.0.2.109 57581 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:21:08.228630 0.150161 tcp 10.0.2.109 57582 -> 195.113.214.249 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:21:08.407848 3.009476 tcp 10.0.2.109 57583 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:21:17.426010 0.000000 tcp 10.0.2.109 57583 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:22:40.107091 3.001925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 19:22:47.114858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:22:55.116526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:23:11.119486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:23:43.125386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:26:23.406683 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 19:26:23.406917 2.993679 tcp 10.0.2.109 57584 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:26:32.398919 0.000000 tcp 10.0.2.109 57584 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:26:38.409406 0.032319 tcp 10.0.2.109 57585 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:26:38.442215 0.061282 tcp 10.0.2.109 57586 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:26:38.503773 0.146099 tcp 10.0.2.109 57587 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:26:38.666739 2.995351 tcp 10.0.2.109 57588 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:26:47.660807 0.000000 tcp 10.0.2.109 57588 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:26:53.659988 0.030917 tcp 10.0.2.109 57589 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:26:53.691222 0.061142 tcp 10.0.2.109 57590 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:26:53.752646 0.147590 tcp 10.0.2.109 57591 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:26:53.919263 3.004690 tcp 10.0.2.109 57592 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:27:02.922907 0.000000 tcp 10.0.2.109 57592 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:27:08.917062 3.003371 tcp 10.0.2.109 57593 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:27:17.914441 0.000000 tcp 10.0.2.109 57593 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:29:47.138964 2.994105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 19:29:54.139144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:30:02.140593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:30:18.143578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:30:50.149370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:32:23.915211 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 19:32:23.915317 2.993689 tcp 10.0.2.109 57594 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:32:32.917180 0.000000 tcp 10.0.2.109 57594 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:32:38.917390 0.032046 tcp 10.0.2.109 57595 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:32:38.949712 0.062249 tcp 10.0.2.109 57596 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:32:39.012295 0.154628 tcp 10.0.2.109 57597 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:32:39.204466 2.995965 tcp 10.0.2.109 57598 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:32:48.199220 0.000000 tcp 10.0.2.109 57598 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:32:54.198878 0.031476 tcp 10.0.2.109 57599 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:32:54.230637 0.060711 tcp 10.0.2.109 57600 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:32:54.291649 0.148170 tcp 10.0.2.109 57601 -> 195.113.214.249 443 SRPA* 0 0 22 11394 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:32:54.468175 3.004486 tcp 10.0.2.109 57602 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:33:03.471129 0.000000 tcp 10.0.2.109 57602 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:33:09.459986 3.004014 tcp 10.0.2.109 57603 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:33:18.463073 0.000000 tcp 10.0.2.109 57603 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:36:54.155612 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 19:37:01.165004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:37:09.164538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:37:25.167318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:37:57.174729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:38:24.463422 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 19:38:24.463584 3.003453 tcp 10.0.2.109 57604 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:38:33.466080 0.000000 tcp 10.0.2.109 57604 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:38:39.466892 0.032477 tcp 10.0.2.109 57605 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:38:39.499650 0.059349 tcp 10.0.2.109 57606 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:38:39.559258 0.155981 tcp 10.0.2.109 57607 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:38:39.818630 2.990230 tcp 10.0.2.109 57608 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:38:48.807652 0.000000 tcp 10.0.2.109 57608 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:38:54.816350 0.030657 tcp 10.0.2.109 57609 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:38:54.847250 0.060548 tcp 10.0.2.109 57610 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:38:54.908112 0.149410 tcp 10.0.2.109 57611 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:38:55.147059 2.993771 tcp 10.0.2.109 57612 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:39:04.139820 0.000000 tcp 10.0.2.109 57612 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:39:10.148775 3.004651 tcp 10.0.2.109 57613 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:39:19.151286 0.000000 tcp 10.0.2.109 57613 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:44:01.179069 3.002418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 19:44:08.186823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:44:16.188345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:44:25.151797 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 19:44:25.151899 3.003762 tcp 10.0.2.109 57614 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:44:32.191442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:44:34.154495 0.000000 tcp 10.0.2.109 57614 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:44:40.154714 0.031897 tcp 10.0.2.109 57615 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:44:40.186909 0.060423 tcp 10.0.2.109 57616 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:44:40.247597 0.157162 tcp 10.0.2.109 57617 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:44:40.431858 3.005750 tcp 10.0.2.109 57618 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:44:49.446343 0.000000 tcp 10.0.2.109 57618 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:45:04.199438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:51:25.986812 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 19:51:25.987043 0.406377 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:26.373383 0.254194 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:26.591764 0.105761 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:26.706222 0.075651 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:26.760865 0.176512 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:26.915614 0.120715 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:26.994826 0.237267 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:27.191768 0.217229 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:27.337881 0.308163 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:27.646270 0.053061 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:27.711685 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 19:51:40.437420 3.004054 tcp 10.0.2.109 57619 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:51:46.286939 0.032204 tcp 10.0.2.109 57620 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:51:46.319393 0.060011 tcp 10.0.2.109 57621 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:51:46.379730 0.147869 tcp 10.0.2.109 57622 -> 195.113.214.249 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:51:46.528034 0.066184 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:46.577857 0.174519 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:46.724211 0.326344 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:47.066756 0.172735 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:47.236475 0.329675 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:47.565603 0.167705 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:47.711630 0.330367 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:48.051941 0.388905 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:48.442667 0.381564 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:48.806398 0.350819 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:49.153119 0.087796 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:49.216451 0.168779 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:49.382637 0.170997 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:49.440029 0.000000 tcp 10.0.2.109 57619 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:51:49.533034 0.877875 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:50.170516 0.075418 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/10 19:51:55.439367 0.031556 tcp 10.0.2.109 57623 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:51:55.471207 0.061518 tcp 10.0.2.109 57624 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:51:55.532981 0.147782 tcp 10.0.2.109 57625 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:51:55.738623 3.004776 tcp 10.0.2.109 57626 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:52:04.743257 0.000000 tcp 10.0.2.109 57626 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:52:10.737510 0.031376 tcp 10.0.2.109 57627 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:52:10.769170 0.064447 tcp 10.0.2.109 57628 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:52:10.833890 0.149502 tcp 10.0.2.109 57629 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:52:11.004384 1.780258 tcp 10.0.2.109 57630 -> 77.50.112.98 27555 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:52:12.507392 0.031508 tcp 10.0.2.109 57631 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:52:12.539183 0.061197 tcp 10.0.2.109 57632 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:52:12.600679 0.153806 tcp 10.0.2.109 57633 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:52:12.784899 3.003079 tcp 10.0.2.109 57634 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:52:21.798618 0.000000 tcp 10.0.2.109 57634 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:52:27.774960 2.994612 tcp 10.0.2.109 57635 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:52:36.768345 0.000000 tcp 10.0.2.109 57635 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:52:42.776324 2.401849 tcp 10.0.2.109 57636 -> 77.50.112.98 27555 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:53:29.206993 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 19:53:36.213491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:53:44.215259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:54:00.217962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:54:32.241781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 19:57:45.171947 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 19:57:45.172099 3.003500 tcp 10.0.2.109 57637 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:57:54.174336 0.000000 tcp 10.0.2.109 57637 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:58:00.174964 0.031358 tcp 10.0.2.109 57638 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:00.206574 0.060243 tcp 10.0.2.109 57639 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:00.267099 0.158201 tcp 10.0.2.109 57640 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:00.500607 2.997763 tcp 10.0.2.109 57641 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:58:09.506433 0.000000 tcp 10.0.2.109 57641 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:58:15.497244 0.031571 tcp 10.0.2.109 57642 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:15.529083 0.061945 tcp 10.0.2.109 57643 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:15.591321 0.148582 tcp 10.0.2.109 57644 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:15.814161 1.712463 tcp 10.0.2.109 57645 -> 77.50.112.98 27555 FSPA* 0 0 14 1667 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:17.261638 0.032021 tcp 10.0.2.109 57646 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:17.293934 0.063558 tcp 10.0.2.109 57647 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:17.357796 0.152337 tcp 10.0.2.109 57648 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/10 19:58:17.526849 2.999499 tcp 10.0.2.109 57649 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:58:26.521123 0.000000 tcp 10.0.2.109 57649 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:58:32.519876 3.003967 tcp 10.0.2.109 57650 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:58:41.522475 0.000000 tcp 10.0.2.109 57650 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 19:58:47.521384 1.664339 tcp 10.0.2.109 57651 -> 77.50.112.98 27555 FSPA* 0 0 14 1667 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:00:36.229905 3.001843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 20:00:43.237742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:00:51.239077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:01:07.242537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:01:39.247817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:03:49.185711 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 20:03:49.185912 2.993290 tcp 10.0.2.109 57652 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:03:58.193833 0.000000 tcp 10.0.2.109 57652 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:04:04.187891 0.031323 tcp 10.0.2.109 57653 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:04.219452 0.063107 tcp 10.0.2.109 57654 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:04.282880 0.147659 tcp 10.0.2.109 57655 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:04.554949 2.996218 tcp 10.0.2.109 57656 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:04:13.549589 0.000000 tcp 10.0.2.109 57656 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:04:19.549223 0.031517 tcp 10.0.2.109 57657 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:19.581019 0.065255 tcp 10.0.2.109 57658 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:19.646544 0.144643 tcp 10.0.2.109 57659 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:20.190294 2.409570 tcp 10.0.2.109 57660 -> 77.50.112.98 27555 FSPA* 0 0 14 1637 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:21.981311 0.031002 tcp 10.0.2.109 57661 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:22.012669 0.061916 tcp 10.0.2.109 57662 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:22.074946 0.153535 tcp 10.0.2.109 57663 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:04:22.600105 3.007315 tcp 10.0.2.109 57664 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:04:31.605782 0.000000 tcp 10.0.2.109 57664 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:04:37.594657 2.994103 tcp 10.0.2.109 57665 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:04:46.597528 0.000000 tcp 10.0.2.109 57665 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:04:52.596078 1.545925 tcp 10.0.2.109 57666 -> 77.50.112.98 27555 FSPA* 0 0 14 1637 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:07:43.253499 3.002159 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 20:07:50.261710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:07:58.264654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:08:14.267443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:08:46.271929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:09:54.139951 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 20:09:54.140058 3.003949 tcp 10.0.2.109 57667 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:10:03.142552 0.000000 tcp 10.0.2.109 57667 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:10:09.143012 0.031760 tcp 10.0.2.109 57668 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:09.175096 0.060604 tcp 10.0.2.109 57669 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:09.235978 0.152395 tcp 10.0.2.109 57670 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:09.406837 2.998900 tcp 10.0.2.109 57671 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:10:18.405004 0.000000 tcp 10.0.2.109 57671 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:10:24.403679 0.031383 tcp 10.0.2.109 57672 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:24.435344 0.063535 tcp 10.0.2.109 57673 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:24.499179 0.152423 tcp 10.0.2.109 57674 -> 195.113.214.249 443 SRPA* 0 0 22 11394 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:24.882705 2.392754 tcp 10.0.2.109 57675 -> 77.50.112.98 27555 FSPA* 0 0 14 1745 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:26.947681 0.030938 tcp 10.0.2.109 57676 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:26.978929 0.064956 tcp 10.0.2.109 57677 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:27.044158 0.153500 tcp 10.0.2.109 57678 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:10:27.275750 2.976367 tcp 10.0.2.109 57679 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:10:36.197027 0.000000 tcp 10.0.2.109 57679 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:10:42.139050 2.976775 tcp 10.0.2.109 57680 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:10:51.058458 0.000000 tcp 10.0.2.109 57680 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:10:57.002179 1.680699 tcp 10.0.2.109 57681 -> 77.50.112.98 27555 FSPA* 0 0 14 1745 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:14:50.278285 3.001312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 20:14:57.285450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:15:05.286880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:15:21.289802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:15:53.296024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:21:50.569966 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 20:21:50.570189 0.220033 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:50.766564 0.094003 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:50.861843 0.076399 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:50.919984 0.413773 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:51.314714 0.247699 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:51.525447 0.239204 rtp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:51.725438 0.286662 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:51.942535 0.309869 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2525 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:52.250957 0.329457 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:52.541355 0.172445 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:52.689544 0.052760 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:52.772395 0.074707 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:52.829121 0.175814 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:52.975545 0.327168 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:53.326524 0.170365 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:53.493523 0.328831 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:53.830565 0.330453 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:54.161778 0.165384 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:54.305526 0.335856 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:54.649590 0.348944 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:54.999660 0.349866 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:55.345525 0.087874 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:55.407342 0.169641 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:55.574161 0.153210 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:55.715153 0.714798 rtp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:56.191338 0.075589 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:21:57.302098 3.001570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 20:21:58.691111 3.004866 tcp 10.0.2.109 57682 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:22:04.309351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:22:07.693616 0.000000 tcp 10.0.2.109 57682 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:22:12.310845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:22:13.694952 0.032590 tcp 10.0.2.109 57683 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:13.727859 0.059595 tcp 10.0.2.109 57684 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:13.787730 0.148354 tcp 10.0.2.109 57685 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:13.945488 2.992331 tcp 10.0.2.109 57686 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:22:22.946551 0.000000 tcp 10.0.2.109 57686 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:22:28.314270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:22:28.945350 0.031118 tcp 10.0.2.109 57687 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:28.976794 0.061210 tcp 10.0.2.109 57688 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:29.038370 0.150600 tcp 10.0.2.109 57689 -> 195.113.214.249 443 SRPA* 0 0 23 11450 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:29.199638 1.993996 tcp 10.0.2.109 57690 -> 77.50.112.98 27555 FSPA* 0 0 14 1646 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:30.939895 0.031157 tcp 10.0.2.109 57691 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:30.971347 0.065382 tcp 10.0.2.109 57692 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:31.037058 0.147471 tcp 10.0.2.109 57693 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:22:31.193951 2.998505 tcp 10.0.2.109 57694 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:22:40.190920 0.000000 tcp 10.0.2.109 57694 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:22:46.189627 3.004244 tcp 10.0.2.109 57695 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:22:55.192714 0.000000 tcp 10.0.2.109 57695 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:23:00.320211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:23:01.191839 1.665941 tcp 10.0.2.109 57696 -> 77.50.112.98 27555 FSPA* 0 0 14 1646 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:02.855142 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 20:28:02.855279 2.993833 tcp 10.0.2.109 57697 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:28:11.865047 0.000000 tcp 10.0.2.109 57697 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:28:17.859103 0.031673 tcp 10.0.2.109 57698 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:17.891061 0.062405 tcp 10.0.2.109 57699 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:17.953781 0.150727 tcp 10.0.2.109 57700 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:18.404135 2.997479 tcp 10.0.2.109 57701 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:28:27.400439 0.000000 tcp 10.0.2.109 57701 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:28:33.406612 0.030806 tcp 10.0.2.109 57702 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:33.437722 0.061272 tcp 10.0.2.109 57703 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:33.499266 0.148769 tcp 10.0.2.109 57704 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:33.689551 2.017774 tcp 10.0.2.109 57705 -> 77.50.112.98 27555 FSPA* 0 0 14 1604 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:35.446404 0.031438 tcp 10.0.2.109 57706 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:35.478255 0.061434 tcp 10.0.2.109 57707 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:35.539959 0.148631 tcp 10.0.2.109 57708 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:28:35.707606 2.994921 tcp 10.0.2.109 57709 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:28:44.703456 0.000000 tcp 10.0.2.109 57709 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:28:50.693968 2.994036 tcp 10.0.2.109 57710 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:28:59.695975 0.000000 tcp 10.0.2.109 57710 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:29:04.325965 3.001710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 20:29:05.695649 1.573695 tcp 10.0.2.109 57711 -> 77.50.112.98 27555 FSPA* 0 0 14 1604 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:29:11.333325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:29:19.339943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:29:35.337650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:30:07.343887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:34:07.269320 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 20:34:07.269535 3.007564 tcp 10.0.2.109 57712 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:34:16.271749 0.000000 tcp 10.0.2.109 57712 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:34:22.272241 0.032026 tcp 10.0.2.109 57713 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:22.304546 0.066497 tcp 10.0.2.109 57714 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:22.371370 0.147455 tcp 10.0.2.109 57715 -> 195.113.214.249 443 SRPA* 0 0 44 28266 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:22.536703 2.998486 tcp 10.0.2.109 57716 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:34:31.533844 0.000000 tcp 10.0.2.109 57716 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:34:37.533024 0.031311 tcp 10.0.2.109 57717 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:37.564899 0.061472 tcp 10.0.2.109 57718 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:37.626640 0.148711 tcp 10.0.2.109 57719 -> 195.113.214.249 443 SRPA* 0 0 22 13124 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:37.785712 2.095402 tcp 10.0.2.109 57720 -> 77.50.112.98 27555 FSPA* 0 0 14 1753 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:39.419235 0.030199 tcp 10.0.2.109 57721 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:39.449739 0.062322 tcp 10.0.2.109 57722 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:39.512422 0.154239 tcp 10.0.2.109 57723 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:34:39.881344 2.998805 tcp 10.0.2.109 57724 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:34:48.878870 0.000000 tcp 10.0.2.109 57724 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:34:54.878480 3.002772 tcp 10.0.2.109 57725 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:35:03.880803 0.000000 tcp 10.0.2.109 57725 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:35:09.879339 1.569687 tcp 10.0.2.109 57726 -> 77.50.112.98 27555 FSPA* 0 0 14 1753 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:36:11.349789 3.001823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 20:36:18.359529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:36:26.358939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:36:42.362031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:37:14.372429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:40:11.443324 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 20:40:11.443429 3.003765 tcp 10.0.2.109 57727 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:40:20.445541 0.000000 tcp 10.0.2.109 57727 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:40:26.449384 0.033290 tcp 10.0.2.109 57728 -> 195.113.214.234 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:26.482994 0.060547 tcp 10.0.2.109 57729 -> 195.113.214.249 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:26.543784 0.149882 tcp 10.0.2.109 57730 -> 195.113.214.249 443 SRPA* 0 0 21 12821 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:26.760626 2.998116 tcp 10.0.2.109 57731 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:40:35.767231 0.000000 tcp 10.0.2.109 57731 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:40:41.757163 0.031560 tcp 10.0.2.109 57732 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:41.789100 0.062366 tcp 10.0.2.109 57733 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:41.851768 0.150918 tcp 10.0.2.109 57734 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:42.060591 1.924842 tcp 10.0.2.109 57735 -> 77.50.112.98 27555 FSPA* 0 0 14 1756 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:43.702969 0.031618 tcp 10.0.2.109 57736 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:43.734949 0.060681 tcp 10.0.2.109 57737 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:43.795888 0.153920 tcp 10.0.2.109 57738 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:40:43.985663 2.998020 tcp 10.0.2.109 57739 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:40:52.982106 0.000000 tcp 10.0.2.109 57739 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:40:58.980862 3.004115 tcp 10.0.2.109 57740 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:41:07.983804 0.000000 tcp 10.0.2.109 57740 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:41:13.982753 1.396225 tcp 10.0.2.109 57741 -> 77.50.112.98 27555 FSPA* 0 0 14 1756 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:43:18.374016 3.001692 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 20:43:25.381246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:43:33.383146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:43:49.385921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:44:21.394294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:50:25.398941 3.000569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 20:50:32.405311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:50:40.406737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:50:56.409767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:51:28.415921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:52:14.592412 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 20:52:14.592521 0.076143 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:14.648558 0.217647 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:14.844809 0.105589 rtp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:14.998744 0.410099 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:15.388954 0.250120 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:15.431487 2.996496 tcp 10.0.2.109 57742 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:52:15.604728 0.238937 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:15.806361 0.147499 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:15.946212 0.171147 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:16.094031 0.052907 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:16.151943 0.068634 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:16.205341 0.174699 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:16.351130 0.309453 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:16.659115 0.120446 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:16.740188 0.326370 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:17.192895 0.175723 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:17.365912 0.329570 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:17.714269 0.559762 rtp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:18.290785 0.392220 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:18.773081 0.330187 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:19.102659 0.170175 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:19.248484 0.353062 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:19.597815 0.084741 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:19.658458 0.165978 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:19.826137 0.171006 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:19.973883 0.595899 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:20.449564 0.075398 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/10 20:52:24.436540 0.000000 tcp 10.0.2.109 57742 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/10 20:52:30.426784 0.030847 tcp 10.0.2.109 57743 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:52:30.457868 0.061173 tcp 10.0.2.109 57744 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:52:30.519347 0.153202 tcp 10.0.2.109 57745 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:52:30.807026 0.474323 tcp 10.0.2.109 57746 -> 5.178.194.36 4983 FSPA* 0 0 14 1549 flow=From-Botnet-V1-TCP-Established 1970/02/10 20:57:32.423960 3.040712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 20:57:39.448139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:57:47.441799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:58:03.443630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 20:58:35.450198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:04:39.455808 3.001756 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 21:04:46.463137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:04:54.465144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:05:10.467704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:05:42.478332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:11:46.480519 3.002700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 21:11:53.487284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:12:01.489056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:12:17.491604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:12:49.690746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:18:53.514659 3.000957 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 21:19:00.521120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:19:08.522750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:19:24.525532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:19:56.531768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:22:31.285068 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 21:22:31.285214 0.438633 tcp 10.0.2.109 57747 -> 5.178.194.36 4983 FSPA* 0 0 14 1613 flow=From-Botnet-V1-TCP-Established 1970/02/10 21:22:33.658236 0.083724 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:33.720802 0.404322 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:34.106202 0.218464 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:34.303292 0.092968 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:34.422936 0.251774 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:34.640274 0.236665 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:34.837230 0.161428 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:34.994234 0.167105 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:35.139790 0.179328 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:35.333612 0.319917 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:35.643946 0.120583 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:35.726218 0.052636 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:35.875624 0.072834 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2556 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:35.931969 0.326502 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:36.375801 0.240695 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:36.613930 0.335543 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:36.961913 0.366727 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:37.350036 0.401643 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:37.730413 0.332359 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:38.062006 0.169855 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:38.208604 0.352356 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:38.557016 0.094174 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:38.628331 0.166818 rtp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:38.792222 0.153712 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:38.932312 0.721243 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:22:39.394367 0.075661 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:26:00.542843 3.052590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 21:26:07.572686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:26:15.557121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:26:31.559573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:27:03.565363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:33:07.571729 3.001458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 21:33:14.578942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:33:22.580592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:33:38.583544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:34:10.589683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:40:14.596170 3.001785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 21:40:21.603499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:40:29.604875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:40:45.607561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:41:17.613493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:47:21.620086 3.011315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 21:47:28.636844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:47:36.638640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:47:52.641535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:48:24.647432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:52:31.722976 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 21:52:31.723221 0.442324 tcp 10.0.2.109 57748 -> 5.178.194.36 4983 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/02/10 21:52:46.874781 0.056566 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:46.931701 0.390034 udp 10.0.2.109 3683 <-> 165.228.70.22 8079 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:47.322298 0.198261 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:47.520971 0.117100 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:47.638506 0.216381 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:47.855352 0.194410 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:48.050210 0.137278 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:48.187914 0.308519 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:48.496835 0.077234 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:48.574474 0.049046 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:48.623882 0.058355 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:48.682621 0.142570 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:48.825594 0.150010 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:48.976038 0.324829 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:49.301251 0.166362 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:52:49.468050 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 21:53:05.532852 0.052613 tcp 10.0.2.109 57749 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 21:53:05.585800 0.062917 tcp 10.0.2.109 57750 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 21:53:05.649052 0.153854 tcp 10.0.2.109 57751 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/10 21:53:05.803435 0.570085 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:53:06.373907 0.367199 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:53:06.741478 0.340875 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:53:07.082827 0.143002 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:53:07.226296 0.345543 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:53:07.572316 0.077685 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:53:07.650614 0.167096 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:53:07.818240 0.141966 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:53:07.960636 0.468335 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:53:08.429350 0.069526 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/10 21:55:21.659240 3.002264 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 21:55:28.667425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:55:36.673414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:55:52.677039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 21:56:24.679341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:02:28.683798 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 22:02:35.691355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:02:43.692700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:02:59.695710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:03:31.721201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:09:35.727397 3.002008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 22:09:42.735964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:09:50.736698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:10:06.739823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:10:38.746458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:16:42.751761 3.001634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 22:16:49.759215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:16:57.760627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:17:13.763966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:17:45.769447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:22:32.171826 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:22:32.171988 0.407354 tcp 10.0.2.109 57752 -> 5.178.194.36 4983 FSPA* 0 0 14 1610 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:23:33.549962 0.000151 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:23:33.550239 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:23:48.757026 0.052799 tcp 10.0.2.109 57753 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:23:48.810250 0.060440 tcp 10.0.2.109 57754 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:23:48.870954 0.146454 tcp 10.0.2.109 57755 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:23:49.018081 0.055845 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:23:49.074548 0.000000 udp 10.0.2.109 3683 -> 165.228.70.22 8079 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:23:49.777426 2.999778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 22:23:56.783020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:24:04.784472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:24:06.677996 0.052442 tcp 10.0.2.109 57756 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:24:06.730301 0.061199 tcp 10.0.2.109 57757 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:24:06.791865 0.152662 tcp 10.0.2.109 57758 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:24:06.945029 0.210771 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:07.156146 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:24:20.787681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:24:24.916776 0.051273 tcp 10.0.2.109 57759 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:24:24.967962 0.063763 tcp 10.0.2.109 57760 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:24:25.032049 0.148667 tcp 10.0.2.109 57761 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:24:25.181352 0.092240 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:25.273987 0.199755 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:25.474226 0.085423 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:25.559995 0.050009 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:25.610467 0.305957 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:25.916818 0.151471 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:26.068673 0.146607 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:26.215741 0.324064 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:26.540203 0.142126 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:26.682734 0.054760 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:26.737875 0.166576 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:26.904816 0.380064 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:27.285310 0.141656 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:27.427391 0.324905 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:27.752752 0.312971 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:28.066107 0.347475 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:28.413957 0.058726 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:28.473129 0.165120 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:28.638672 0.144752 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:28.783767 0.481676 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:29.265801 0.074687 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:24:52.793616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:30:56.799135 3.001971 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 22:31:03.807256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:31:11.808859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:31:27.811609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:31:59.817607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:38:03.825333 2.999949 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 22:38:10.831119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:38:18.832488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:38:34.835163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:39:06.841661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:45:10.847270 3.003915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 22:45:17.854788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:45:25.856540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:45:41.860956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:46:13.865789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:52:32.580747 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:52:32.580898 0.558691 tcp 10.0.2.109 57762 -> 5.178.194.36 4983 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:54:15.881761 3.001265 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 22:54:22.889004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:54:30.890349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:54:36.398760 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:54:36.398980 0.000000 udp 10.0.2.109 3683 -> 165.228.70.22 8079 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:54:46.893238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:54:52.222652 0.055598 tcp 10.0.2.109 57763 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:54:52.278528 0.067493 tcp 10.0.2.109 57764 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:54:52.346329 0.148874 tcp 10.0.2.109 57765 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/10 22:54:52.495770 0.194295 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:52.690455 4.650321 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 4 1083 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:52.747429 4.801514 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 4 991 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:52.948265 4.693529 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 4 1060 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:53.040944 4.818321 udp 10.0.2.109 3683 <-> 71.2.203.86 2913 CON 0 0 3 576 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:53.238337 4.951314 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 4 1205 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:53.320684 4.918275 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1297 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:53.370533 4.868822 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 3 677 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:53.678483 4.869773 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 3 507 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:53.816394 4.868901 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 3 745 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:53.967740 4.867152 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 3 563 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:54.293082 4.867904 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 3 603 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:54.435768 4.909892 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1130 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:54.490733 0.166932 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:54.658065 4.688232 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 3 600 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:54.994298 0.414666 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:55.409421 4.593717 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 4 1261 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:55.556458 4.959688 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 3 636 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:55.890465 4.958943 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 3 518 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:56.235134 4.960078 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 3 414 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:56.301088 0.165238 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:56.466692 0.148288 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:56.615339 0.497766 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:57.113518 0.074811 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:57.642394 0.216395 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 721 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:54:58.065263 0.000000 udp 10.0.2.109 3683 <- 71.2.203.86 2913 RSP 0 0 1 544 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:54:58.547837 0.000000 udp 10.0.2.109 3683 <- 175.195.224.65 6553 RSP 0 0 1 549 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:54:58.684832 0.000000 udp 10.0.2.109 3683 <- 68.195.125.143 4222 RSP 0 0 1 539 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:54:58.834349 0.000000 udp 10.0.2.109 3683 <- 67.70.206.179 1365 RSP 0 0 1 547 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:54:59.160520 0.000000 udp 10.0.2.109 3683 <- 210.223.5.134 7099 RSP 0 0 1 545 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:54:59.305364 0.000000 udp 10.0.2.109 3683 <- 174.91.201.209 6066 RSP 0 0 1 543 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:54:59.693463 0.000000 udp 10.0.2.109 3683 <- 122.57.203.170 2182 RSP 0 0 1 539 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:54:59.693841 0.162323 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 701 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:00.003574 0.512144 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 777 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:00.848919 0.000000 udp 10.0.2.109 3683 <- 147.8.183.75 7621 RSP 0 0 1 539 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:55:01.194759 0.000000 udp 10.0.2.109 3683 <- 113.28.179.100 4835 RSP 0 0 1 541 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:55:09.745972 0.163183 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 860 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:09.909669 0.524107 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:10.434412 0.145076 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 718 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:10.579907 0.074734 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 759 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:10.655182 0.063802 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 840 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:10.753397 0.219013 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 793 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:11.000386 0.054650 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 748 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:11.102271 0.000000 udp 10.0.2.109 3683 -> 212.95.252.147 6485 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:55:17.967834 0.000000 udp 10.0.2.109 3683 -> 202.45.122.250 5757 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:55:18.899003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 22:55:23.706260 0.043476 udp 10.0.2.109 3683 <-> 93.198.211.80 8279 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:55:23.771930 0.000000 udp 10.0.2.109 3683 -> 27.254.9.196 3935 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:55:31.357291 0.000000 udp 10.0.2.109 3683 -> 58.211.29.98 8870 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:55:38.798584 0.232075 udp 10.0.2.109 3683 -> 61.142.7.155 4888 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:55:39.030659 0.000000 icmp 61.142.7.155 0x0303 -> 10.0.2.109 0x1813 URP 192 1 308 flow=Background 1970/02/10 22:55:43.734793 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:55:47.731274 0.000000 udp 10.0.2.109 3683 -> 203.198.127.81 3775 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:55:53.089080 0.000000 udp 10.0.2.109 3683 -> 79.34.158.142 1500 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:56:01.885520 0.181381 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:56:02.205148 0.000000 udp 10.0.2.109 3683 -> 95.5.66.208 9492 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:56:10.514182 0.082048 udp 10.0.2.109 3683 <-> 94.66.194.29 6063 CON 0 0 2 684 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:56:10.634756 0.172677 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 855 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:56:10.870860 0.189269 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:56:11.234129 0.000000 udp 10.0.2.109 3683 -> 223.219.45.36 9143 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:56:19.999622 0.301864 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 761 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:56:20.471047 0.000000 udp 10.0.2.109 3683 -> 58.11.17.52 4395 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:56:27.528085 0.000000 udp 10.0.2.109 3683 -> 112.208.151.59 1084 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:56:32.234668 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:56:35.489498 0.085622 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 734 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:56:35.662089 0.000000 udp 10.0.2.109 3683 -> 210.176.161.145 4506 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:56:44.272248 0.000000 udp 10.0.2.109 3683 -> 124.65.108.106 5390 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:56:52.163428 0.111881 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 793 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:56:52.298996 0.000000 udp 10.0.2.109 3683 -> 58.62.237.114 7877 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:56:57.851311 0.000000 udp 10.0.2.109 3683 -> 66.49.127.38 7089 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:57:03.950218 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:57:10.620001 0.000000 udp 10.0.2.109 3683 -> 87.193.194.242 4425 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:57:17.499882 0.000000 udp 10.0.2.109 3683 -> 173.210.170.60 3227 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:57:22.236471 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:57:24.409734 0.153936 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 725 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:57:24.607650 0.000000 udp 10.0.2.109 3683 -> 203.206.220.184 6369 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:57:30.230372 0.039005 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 750 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:57:30.685135 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9161 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:57:36.917794 0.000000 udp 10.0.2.109 3683 -> 182.68.125.134 8528 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:57:41.985141 0.144667 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:57:42.368996 0.000000 udp 10.0.2.109 3683 -> 124.125.244.179 1268 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:57:50.518414 0.000000 udp 10.0.2.109 3683 -> 80.180.68.248 1024 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:57:58.258797 0.000000 udp 10.0.2.109 3683 -> 212.185.19.186 8894 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:58:03.286629 0.000000 udp 10.0.2.109 3683 -> 59.167.237.18 9379 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:58:08.234742 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:58:08.994771 0.000000 udp 10.0.2.109 3683 -> 173.178.5.157 8704 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:58:17.726816 0.170738 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 696 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:58:18.014991 0.445908 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 670 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:58:18.622558 0.000000 udp 10.0.2.109 3683 -> 113.59.222.25 6799 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:58:26.239451 0.000000 udp 10.0.2.109 3683 -> 41.133.229.62 1000 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:58:33.511476 0.000000 udp 10.0.2.109 3683 -> 86.98.22.116 6719 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:58:41.480853 0.048984 udp 10.0.2.109 3683 <-> 87.153.119.173 4545 CON 0 0 2 675 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:58:41.548166 0.173530 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 765 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:58:41.731160 0.000000 udp 10.0.2.109 3683 -> 108.6.15.41 8969 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:58:46.758390 0.000000 udp 10.0.2.109 3683 -> 122.160.94.58 4361 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:58:52.576623 0.000000 udp 10.0.2.109 3683 -> 115.245.107.39 8804 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:58:57.233385 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:59:00.658257 0.000000 udp 10.0.2.109 3683 -> 111.250.174.226 4272 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:59:08.559607 0.000000 udp 10.0.2.109 3683 -> 180.211.121.200 3736 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:59:13.776802 0.000000 udp 10.0.2.109 3683 -> 122.174.96.95 1024 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:59:19.975898 0.000000 udp 10.0.2.109 3683 -> 79.171.176.70 5659 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:59:26.385335 0.000000 udp 10.0.2.109 3683 -> 210.186.151.45 6777 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:59:31.723642 0.183327 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 827 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:59:31.989490 0.166889 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/02/10 22:59:32.370771 0.000000 udp 10.0.2.109 3683 -> 110.143.97.2 6790 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:59:39.927492 0.000000 udp 10.0.2.109 3683 -> 89.211.58.141 9019 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:59:44.734551 0.004066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 22:59:46.094321 0.000000 udp 10.0.2.109 3683 -> 80.193.73.84 8373 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 22:59:52.202391 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:00.053810 0.000000 udp 10.0.2.109 3683 -> 97.68.87.33 2033 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:06.617998 0.000000 udp 10.0.2.109 3683 -> 81.157.163.139 3151 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:13.393626 0.000000 udp 10.0.2.109 3683 -> 88.253.192.18 4383 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:19.501557 0.061964 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 747 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:00:19.616935 0.106536 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 745 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:00:19.732998 0.000000 udp 10.0.2.109 3683 -> 115.234.219.8 1196 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:27.603727 0.147987 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:00:27.849875 0.147449 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 678 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:00:28.385424 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:32.230746 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 23:00:33.721931 0.000000 udp 10.0.2.109 3683 -> 50.193.9.121 2638 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:40.381573 0.000000 udp 10.0.2.109 3683 -> 174.112.16.103 1951 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:45.409088 0.000000 udp 10.0.2.109 3683 -> 85.18.36.49 7658 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:53.340682 0.000000 udp 10.0.2.109 3683 -> 41.224.162.53 9052 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:00:59.098740 0.000000 udp 10.0.2.109 3683 -> 79.27.11.156 3524 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:01:05.036989 0.000000 udp 10.0.2.109 3683 -> 84.135.77.198 2881 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:01:12.708030 0.111496 udp 10.0.2.109 3683 -> 31.195.5.233 1360 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:01:12.819526 0.000000 icmp 94.86.119.22 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 271 flow=Background 1970/02/10 23:01:17.234494 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 23:01:21.583638 0.000000 udp 10.0.2.109 3683 -> 59.115.37.229 2346 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:01:22.906471 3.000559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 23:01:29.512477 0.000000 udp 10.0.2.109 3683 -> 67.81.145.1 6727 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:01:29.912577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:01:36.732874 0.000000 udp 10.0.2.109 3683 -> 87.202.25.230 4685 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:01:37.914361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:01:42.680601 0.000000 udp 10.0.2.109 3683 -> 79.31.160.54 5940 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:01:47.908751 0.000000 udp 10.0.2.109 3683 -> 117.204.187.1 8318 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:01:53.917155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:01:56.350714 0.000000 udp 10.0.2.109 3683 -> 176.249.143.138 5088 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:02:03.801592 0.000000 udp 10.0.2.109 3683 -> 82.107.80.169 7820 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:02:08.739420 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 23:02:12.053379 0.000000 udp 10.0.2.109 3683 -> 80.140.157.220 5911 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:02:18.883418 0.000000 udp 10.0.2.109 3683 -> 79.5.34.131 9263 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:02:24.291146 0.000000 udp 10.0.2.109 3683 -> 181.177.194.3 5823 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:02:25.923125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:02:32.162233 0.000000 udp 10.0.2.109 3683 -> 165.228.70.22 8079 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:02:38.401360 0.238366 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:02:39.096173 0.149285 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 709 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:02:39.379286 0.000000 udp 10.0.2.109 3683 -> 124.154.21.20 6414 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:02:46.262856 0.000000 udp 10.0.2.109 3683 -> 110.171.18.162 4437 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:02:53.332738 0.000000 udp 10.0.2.109 3683 -> 95.226.160.37 6037 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:02:58.229601 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 23:03:01.223933 0.080029 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:03:01.678993 0.000000 udp 10.0.2.109 3683 -> 79.46.8.166 7022 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:03:07.563019 0.000000 udp 10.0.2.109 3683 -> 178.190.96.111 9532 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:03:13.893046 0.000000 udp 10.0.2.109 3683 -> 12.147.26.74 5080 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:03:19.247053 0.000000 udp 10.0.2.109 3683 -> 79.19.137.136 7377 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:03:25.685855 0.000000 udp 10.0.2.109 3683 -> 151.50.95.9 7149 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:03:33.472465 0.000000 udp 10.0.2.109 3683 -> 115.242.32.249 9186 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:03:40.326426 0.081211 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 801 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:03:40.512048 0.054912 udp 10.0.2.109 3683 <-> 86.122.235.137 1918 CON 0 0 2 701 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:03:40.687514 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:03:44.847963 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 23:03:45.683165 0.000000 udp 10.0.2.109 3683 -> 122.181.11.62 9345 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:03:52.317391 0.000000 udp 10.0.2.109 3683 -> 81.86.1.154 7878 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:03:59.107378 0.000000 udp 10.0.2.109 3683 -> 87.10.8.243 6020 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:04:06.097440 0.000000 udp 10.0.2.109 3683 -> 203.45.119.254 3230 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:04:13.237774 0.000000 udp 10.0.2.109 3683 -> 178.11.193.174 8888 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:04:19.466648 0.000000 udp 10.0.2.109 3683 -> 76.97.42.230 6804 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:04:26.025970 0.000000 udp 10.0.2.109 3683 -> 68.147.254.49 4118 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:04:30.732489 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 23:04:31.353626 0.000000 udp 10.0.2.109 3683 -> 219.74.199.137 3470 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:04:39.355333 0.000000 udp 10.0.2.109 3683 -> 118.173.206.10 1822 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:04:45.573812 0.000000 udp 10.0.2.109 3683 -> 121.241.217.108 4229 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:04:53.144891 0.000000 udp 10.0.2.109 3683 -> 69.248.53.198 2234 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:04:59.353897 0.000000 udp 10.0.2.109 3683 -> 207.47.136.240 4985 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:08:29.930428 3.000319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 23:08:36.936499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:08:44.937988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:09:00.941222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:09:32.947156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:15:36.962849 3.001954 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 23:15:43.970616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:15:51.971847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:16:07.977911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:16:39.981184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:22:33.139324 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 23:22:33.139489 0.406761 tcp 10.0.2.109 57766 -> 5.178.194.36 4983 FSPA* 0 0 14 1558 flow=From-Botnet-V1-TCP-Established 1970/02/10 23:22:43.989494 2.999118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 23:22:50.994488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:22:58.996449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:23:14.999352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:23:47.005478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:29:51.011034 3.001951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 23:29:58.018606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:30:06.020167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:30:22.024577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:30:54.029018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:35:08.054117 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 23:35:08.054211 0.104291 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:08.158864 0.059400 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:08.218716 0.194296 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:08.413432 0.078798 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:08.492659 0.049752 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:08.542798 0.312929 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:08.856112 0.307711 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:09.164172 0.172753 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:09.337374 0.148406 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:09.486360 0.346009 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:09.832748 0.144659 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:09.977799 0.053239 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:10.031492 0.143048 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:10.174873 0.168299 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:10.343574 0.379520 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:10.723459 0.339724 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:11.063536 0.348690 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:11.412589 0.163988 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:11.576951 0.428874 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:12.006330 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:35:29.546481 0.054128 tcp 10.0.2.109 57767 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 23:35:29.600888 0.063867 tcp 10.0.2.109 57768 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 23:35:29.665153 0.152299 tcp 10.0.2.109 57769 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/10 23:35:29.817993 0.074752 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:29.893213 0.056327 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:29.949989 0.059734 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:30.010086 0.143553 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:30.154073 0.046420 udp 10.0.2.109 3683 <-> 93.198.211.80 8279 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:30.200904 0.187376 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:30.388701 0.263193 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:30.652296 0.173596 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:30.826446 0.074154 udp 10.0.2.109 3683 <-> 94.66.194.29 6063 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:30.900992 0.304390 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:31.205822 0.085918 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:31.292138 0.088618 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:31.381194 0.155274 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:31.536913 0.045099 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:31.582440 0.075786 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:31.658615 0.189836 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:31.848895 0.935594 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:32.784933 0.168570 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:32.953842 0.050221 udp 10.0.2.109 3683 <-> 87.153.119.173 4545 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:33.004460 0.191376 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:33.196258 0.169386 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:33.366244 0.057321 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:33.423977 0.094691 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:33.519073 0.147283 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:33.666764 0.141700 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:33.808894 0.052700 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:33.861993 0.149814 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:34.012282 0.072962 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:34.085671 0.071016 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/10 23:35:34.157051 0.000000 udp 10.0.2.109 3683 -> 86.122.235.137 1918 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/10 23:35:50.095488 0.051612 tcp 10.0.2.109 57770 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/10 23:35:50.147368 0.067955 tcp 10.0.2.109 57771 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/10 23:35:50.215629 0.170983 tcp 10.0.2.109 57772 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/10 23:36:58.042204 2.995009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/10 23:37:05.042462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:37:13.054815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:37:29.049190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:38:01.053263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:44:05.059932 3.000959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 23:44:12.066212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:44:20.067998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:44:36.070990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:45:08.077182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:52:33.548008 0.023775 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/10 23:52:33.571920 0.456594 tcp 10.0.2.109 57773 -> 5.178.194.36 4983 FSPA* 0 0 14 1568 flow=From-Botnet-V1-TCP-Established 1970/02/10 23:53:33.085595 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/10 23:53:40.103550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:53:48.094586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:54:04.099530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/10 23:54:36.103794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:00:40.340988 3.000514 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 00:00:47.347640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:00:55.350740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:01:11.351901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:01:43.357876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:05:53.309985 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 00:05:53.310234 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 00:06:09.917730 0.416726 tcp 10.0.2.109 57774 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:06:10.334764 0.067751 tcp 10.0.2.109 57775 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:06:10.402835 0.147555 tcp 10.0.2.109 57776 -> 195.113.214.249 443 SRPA* 0 0 46 25574 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:06:10.551006 0.000000 udp 10.0.2.109 3683 -> 86.122.235.137 1918 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 00:06:26.921181 0.052603 tcp 10.0.2.109 57777 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:06:26.974079 0.060315 tcp 10.0.2.109 57778 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:06:27.034688 0.158340 tcp 10.0.2.109 57779 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:06:27.193600 0.050129 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:27.244185 0.325069 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:27.569686 0.116794 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:27.686912 0.195025 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:27.882502 0.048806 udp 10.0.2.109 3683 <-> 86.148.218.21 6148 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:27.931717 0.080001 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:28.012142 0.148594 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:28.161118 0.368680 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:28.530388 0.142505 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:28.673331 0.052545 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:28.726394 0.144875 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:28.871701 0.332400 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:29.204471 0.167559 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:29.372420 0.361274 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:29.734092 0.143904 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:29.878413 0.451345 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:30.330299 0.349779 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:30.680509 0.340167 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:31.021122 0.000000 udp 10.0.2.109 3683 -> 99.163.247.44 8222 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 00:06:46.355821 0.053125 tcp 10.0.2.109 57780 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:06:46.409243 0.062644 tcp 10.0.2.109 57781 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:06:46.472178 0.151112 tcp 10.0.2.109 57782 -> 195.113.214.249 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:06:46.623810 0.075157 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:46.699426 0.056138 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:46.756014 0.055456 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:46.811905 0.040950 udp 10.0.2.109 3683 <-> 93.198.211.80 8279 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:47.108016 0.140594 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:47.248988 0.297228 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:47.546601 0.174871 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:47.721907 0.076746 udp 10.0.2.109 3683 <-> 94.66.194.29 6063 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:47.799030 0.183643 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:47.983064 0.086957 udp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:48.070426 0.102897 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:48.173707 0.150228 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:48.324378 0.049462 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:48.374312 0.075225 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:48.449950 0.189591 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:48.639886 0.254535 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:48.894838 0.654548 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:49.549856 0.161413 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:49.711659 0.044117 udp 10.0.2.109 3683 <-> 87.153.119.173 4545 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:49.756201 0.176920 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:49.933491 0.053997 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:49.987865 0.092680 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:50.080930 0.146987 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:50.228381 0.143940 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:06:50.372741 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 00:07:06.473001 0.052437 tcp 10.0.2.109 57783 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:07:06.525779 0.062175 tcp 10.0.2.109 57784 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:07:06.588263 0.150182 tcp 10.0.2.109 57785 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:07:06.739091 0.149646 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:07:06.889121 0.163256 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:07:07.052805 0.073902 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:07:07.127096 0.070440 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:07:47.363368 3.002450 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 00:07:54.371387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:08:02.374715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:08:18.375908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:08:50.383207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:14:54.388287 4.996451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 00:15:03.341579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:15:11.244362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:15:27.060228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:15:58.688016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:22:01.421681 3.001862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 00:22:08.430308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:22:16.431426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:22:32.434082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:22:34.257167 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 00:22:34.257318 0.407011 tcp 10.0.2.109 57786 -> 5.178.194.36 4983 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:23:04.439827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:29:08.446046 3.007647 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 00:29:15.455238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:29:23.458611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:29:39.457755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:30:11.464017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:36:15.469739 3.001706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 00:36:22.477315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:36:30.478481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:36:46.481834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:37:18.487746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:37:31.035818 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 00:37:31.035987 0.162993 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:37:31.199374 0.055743 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:37:31.255514 0.000000 udp 10.0.2.109 3683 -> 86.148.218.21 6148 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 00:37:47.321351 0.034066 tcp 10.0.2.109 57787 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:37:47.355648 0.065457 tcp 10.0.2.109 57788 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:37:47.421394 0.283975 tcp 10.0.2.109 57789 -> 195.113.214.249 443 SRPA* 0 0 38 27034 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:37:47.705961 0.074372 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:37:47.780677 0.092150 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:37:47.873224 0.342880 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:37:48.216579 0.050838 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:37:48.267825 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 00:38:06.417637 0.031592 tcp 10.0.2.109 57790 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:38:06.449606 0.070332 tcp 10.0.2.109 57791 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:38:06.520240 0.162020 tcp 10.0.2.109 57792 -> 195.113.214.249 443 SRPA* 0 0 34 14400 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:38:06.682814 0.143866 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:06.827079 0.048512 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:06.876022 0.146071 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:07.022473 0.149134 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:07.171987 0.321330 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:07.493703 0.167345 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:07.661444 0.143401 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:07.805326 0.388332 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:08.194120 0.377647 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:08.572137 0.345251 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:08.917919 0.471677 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:09.390017 0.313024 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:09.809660 0.060870 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:09.870909 0.056737 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:09.928012 0.070998 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:09.999375 0.277610 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:10.277370 0.173062 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:10.450852 0.000000 udp 10.0.2.109 3683 -> 94.66.194.29 6063 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 00:38:28.869641 0.051990 tcp 10.0.2.109 57793 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:38:28.921899 0.064498 tcp 10.0.2.109 57794 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:38:28.986679 0.152027 tcp 10.0.2.109 57795 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:38:29.139217 0.041320 udp 10.0.2.109 3683 <-> 93.198.211.80 8279 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:29.180941 0.153061 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:29.334533 0.100597 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:29.435517 0.153962 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:29.589918 0.044639 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:29.634950 0.078104 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:29.713454 0.187704 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:29.901536 0.187588 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:30.089492 0.082980 rtcp 10.0.2.109 3683 <-> 79.236.145.240 8699 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:30.172876 0.673704 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:30.847004 0.236928 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:31.084336 0.045067 udp 10.0.2.109 3683 <-> 87.153.119.173 4545 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:31.129864 0.170106 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:31.300401 0.093208 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:31.394053 0.146467 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:31.540911 0.142618 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:31.683972 0.060603 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:31.744982 0.181525 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:31.926962 0.148519 rtcp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:32.075838 0.066005 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:32.142396 0.165836 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:38:32.360244 0.072589 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/11 00:43:22.494019 3.011627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 00:43:29.511338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:43:37.512678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:43:53.515697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:44:25.522767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:50:29.527476 3.001961 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 00:50:36.535153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:50:44.536805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:51:00.539687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:51:32.545509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:52:34.664983 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 00:52:34.665168 0.576656 tcp 10.0.2.109 57796 -> 5.178.194.36 4983 FSPA* 0 0 14 1605 flow=From-Botnet-V1-TCP-Established 1970/02/11 00:57:36.551835 3.047861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 00:57:43.578618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:57:51.570784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:58:07.573786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 00:58:39.579982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:05:02.603160 3.001353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 01:05:09.610049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:05:17.611884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:05:33.615100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:06:05.749550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:08:55.242494 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 01:08:55.242606 0.000000 udp 10.0.2.109 3683 -> 86.148.218.21 6148 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 01:09:12.369793 0.038102 tcp 10.0.2.109 57797 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:09:12.408164 0.066573 tcp 10.0.2.109 57798 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:09:12.475005 0.158612 tcp 10.0.2.109 57799 -> 195.113.214.249 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:09:12.634370 0.194303 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:12.829073 0.000000 udp 10.0.2.109 3683 -> 94.66.194.29 6063 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 01:09:30.419015 0.032636 tcp 10.0.2.109 57800 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:09:30.451903 0.068375 tcp 10.0.2.109 57801 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:09:30.520567 0.165720 tcp 10.0.2.109 57802 -> 195.113.214.249 443 SRPA* 0 0 47 41676 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:09:30.687019 0.056755 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:30.744279 0.165905 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:30.910557 0.092331 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:31.003335 0.076815 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:31.080626 0.000000 udp 10.0.2.109 3683 -> 210.223.5.134 7099 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 01:09:46.973346 0.031563 tcp 10.0.2.109 57803 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:09:47.005196 0.063885 tcp 10.0.2.109 57804 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:09:47.069370 0.154551 tcp 10.0.2.109 57805 -> 195.113.214.249 443 SRPA* 0 0 23 13140 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:09:47.224630 0.050100 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:47.275165 0.143575 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:47.419101 0.054511 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:47.473994 0.354450 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:47.828839 0.148408 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:47.977688 0.138127 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:48.116264 0.144178 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:48.260906 0.168154 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:48.429442 0.339405 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:48.769288 0.369230 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:49.138967 0.059744 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:49.199111 0.348537 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:49.548066 0.522658 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:50.071087 0.326816 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:50.398334 0.223059 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:50.621806 0.172178 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:50.794413 0.054249 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:50.849214 0.072293 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:50.921957 0.046663 udp 10.0.2.109 3683 <-> 93.198.211.80 8279 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:50.969021 0.146972 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:51.116375 0.100587 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:51.217363 0.153157 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:51.370899 0.047359 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:51.418708 0.077529 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:09:51.496712 0.000000 udp 10.0.2.109 3683 -> 79.236.145.240 8699 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 01:10:09.770851 0.031914 tcp 10.0.2.109 57806 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:10:09.803087 0.064692 tcp 10.0.2.109 57807 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:10:09.868058 0.160130 tcp 10.0.2.109 57808 -> 195.113.214.249 443 SRPA* 0 0 19 9796 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:10:10.028774 0.671887 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:10.701051 0.188009 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:10.889438 0.184085 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:11.073989 0.236227 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:11.310612 0.000000 udp 10.0.2.109 3683 -> 87.153.119.173 4545 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 01:10:29.909128 0.031694 tcp 10.0.2.109 57809 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:10:29.941138 0.064682 tcp 10.0.2.109 57810 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:10:30.006271 0.166549 tcp 10.0.2.109 57811 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:10:30.173348 0.167615 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:30.341337 0.092695 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:30.434423 0.145798 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:30.580624 0.141552 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:30.722610 0.058848 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:30.781923 0.082132 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:30.864422 0.166038 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:31.030904 0.074953 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:31.106273 0.179501 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:10:31.286171 0.148456 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:12:18.650439 3.001382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 01:12:25.657488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:12:33.658858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:12:49.661980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:13:21.667865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:19:25.673995 3.001773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 01:19:32.681367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:19:40.682720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:19:56.686143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:20:28.697117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:22:35.244462 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 01:22:35.244563 0.643263 tcp 10.0.2.109 57812 -> 5.178.194.36 4983 FSPA* 0 0 14 1640 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:26:32.699523 3.000087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 01:26:39.705697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:26:47.706899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:27:03.709879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:27:35.715553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:33:39.721877 3.001615 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 01:33:46.729268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:33:54.730875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:34:10.734501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:34:42.739959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:40:46.746951 3.000511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 01:40:53.753071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:40:57.779607 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 01:40:57.779703 0.319629 udp 10.0.2.109 3683 -> 210.223.5.134 7099 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 01:40:58.099332 0.000000 icmp 210.223.5.134 0x0303 -> 10.0.2.109 0xbb1b URP 192 1 150 flow=Background 1970/02/11 01:41:01.754656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:41:13.844189 0.052523 tcp 10.0.2.109 57813 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:41:13.897010 0.066469 tcp 10.0.2.109 57814 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:41:13.963775 0.520651 tcp 10.0.2.109 57815 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:41:14.484989 0.000000 udp 10.0.2.109 3683 -> 79.236.145.240 8699 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 01:41:17.758081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:41:33.280434 0.187827 tcp 10.0.2.109 57816 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:41:33.468573 0.062718 tcp 10.0.2.109 57817 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:41:33.531658 0.147837 tcp 10.0.2.109 57818 -> 195.113.214.249 443 SRPA* 0 0 25 13288 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:41:33.680124 0.000000 udp 10.0.2.109 3683 -> 87.153.119.173 4545 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 01:41:49.763906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:41:51.656982 0.057244 tcp 10.0.2.109 57819 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:41:51.714542 0.065147 tcp 10.0.2.109 57820 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:41:51.779995 0.156521 tcp 10.0.2.109 57821 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:41:51.937054 0.195136 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:52.132552 0.051840 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:52.184732 0.104402 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:52.289634 0.164294 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:52.454452 0.081371 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:52.536227 0.143516 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:52.680144 0.053378 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:52.733947 0.053307 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:52.787714 0.138157 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:52.926420 0.232552 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:53.159395 0.147946 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:53.307811 0.847928 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:54.156174 0.364056 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:54.520601 0.058181 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:54.579151 0.404793 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:54.984320 0.417142 udp 10.0.2.109 3683 <-> 202.64.92.136 6926 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:55.401861 0.342610 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:55.744894 0.312736 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:56.058033 0.647302 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:56.705741 0.055545 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:56.761651 0.071854 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:56.833955 0.046617 udp 10.0.2.109 3683 <-> 93.198.211.80 8279 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:56.881021 0.171742 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:57.053282 0.100674 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:57.154429 0.154192 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:57.309021 0.049537 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:57.358930 0.204189 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:57.563474 0.145004 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:57.708889 0.285627 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:57.994933 0.287332 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:58.282617 0.739199 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:59.022373 0.191864 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:59.214611 0.183700 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:59.398722 0.166710 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:59.565839 0.095344 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:59.661521 0.147855 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:59.809843 0.141718 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:41:59.952028 0.055924 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:42:00.008321 0.082949 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:42:00.091651 0.169249 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:42:00.261305 0.147604 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:42:00.409351 0.073777 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:42:00.483534 0.176434 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/11 01:47:53.770256 3.001139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 01:48:00.779857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:48:08.778963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:48:24.781788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:48:56.787650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:52:35.893267 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 01:52:35.893367 0.411267 tcp 10.0.2.109 57822 -> 5.178.194.36 4983 FSPA* 0 0 14 1630 flow=From-Botnet-V1-TCP-Established 1970/02/11 01:55:35.794291 3.001045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 01:55:42.801595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:55:50.803057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:56:06.806293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 01:56:38.812162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:02:48.826796 3.002041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 02:02:55.834734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:03:03.835426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:03:19.838834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:03:51.844158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:09:55.850402 3.002066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 02:10:02.857848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:10:10.859257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:10:26.862602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:10:58.868742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:12:04.895194 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 02:12:04.895319 0.104421 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:05.000106 0.165026 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:05.165611 0.077214 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:05.243229 0.141694 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:06.155000 0.049296 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:06.204719 0.050111 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:06.255265 0.196623 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:06.452520 0.426744 udp 10.0.2.109 3683 <-> 213.123.227.57 4865 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:06.879621 0.198820 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:07.078815 0.166682 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:07.245882 0.144758 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:07.391041 0.059052 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:07.450469 0.147635 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:07.598493 0.365043 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:07.963913 0.407192 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:08.371480 0.000000 udp 10.0.2.109 3683 -> 202.64.92.136 6926 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 02:12:26.226804 0.044026 tcp 10.0.2.109 57823 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:12:26.271068 0.065114 tcp 10.0.2.109 57824 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:12:26.336494 0.159198 tcp 10.0.2.109 57825 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:12:26.496238 0.353400 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:26.850035 0.054781 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:26.905163 0.072087 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:26.977638 0.326125 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:27.304137 0.720730 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:31.903296 0.040823 udp 10.0.2.109 3683 <-> 93.198.211.80 8279 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:31.944510 0.219791 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:32.164679 0.093594 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:32.258674 0.152085 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:32.411186 0.047864 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:32.459519 0.321236 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:32.781161 0.148784 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:32.930392 0.279474 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:33.210441 0.291141 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:33.501939 0.274588 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:33.776942 0.190239 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:33.967590 0.184827 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:34.152810 0.163749 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:34.316934 0.097171 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:34.414504 0.148382 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:34.563257 0.091734 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:34.655370 0.164019 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:34.819783 0.150386 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:34.970518 0.075747 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:35.046774 0.178557 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:35.225702 0.141711 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:12:35.367788 0.061435 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:17:02.874681 3.001588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 02:17:09.887244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:17:17.883322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:17:33.886415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:18:05.892686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:22:36.312006 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 02:22:36.312106 0.550828 tcp 10.0.2.109 57826 -> 5.178.194.36 4983 FSPA* 0 0 14 1519 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:24:09.899019 3.001402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 02:24:16.905802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:24:24.907230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:24:40.910525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:25:12.916591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:31:16.925347 2.999074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 02:31:23.929844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:31:31.932742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:31:47.934598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:32:19.940715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:38:23.947673 3.000705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 02:38:30.953970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:38:38.955628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:38:54.962541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:39:26.964750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:42:52.710763 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 02:42:52.710923 0.000000 udp 10.0.2.109 3683 -> 202.64.92.136 6926 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 02:43:09.055716 0.031786 tcp 10.0.2.109 57827 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:43:09.087805 0.065027 tcp 10.0.2.109 57828 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:43:09.153132 0.163838 tcp 10.0.2.109 57829 -> 195.113.214.249 443 SRPA* 0 0 40 21398 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:43:09.317673 0.080825 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:09.398970 0.104425 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:09.503830 0.164825 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:09.669068 0.195062 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:09.864557 0.143755 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:10.008676 0.065074 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:10.074344 0.051523 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:10.126331 0.192573 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:10.319351 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 02:43:27.340509 0.051101 tcp 10.0.2.109 57830 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:43:27.391860 0.066089 tcp 10.0.2.109 57831 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:43:27.458280 0.155033 tcp 10.0.2.109 57832 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:43:27.613834 0.143261 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:27.757469 0.063145 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:27.821066 0.147493 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:27.969002 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 02:43:46.168245 0.053079 tcp 10.0.2.109 57833 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:43:46.221583 0.071228 tcp 10.0.2.109 57834 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:43:46.293109 0.156545 tcp 10.0.2.109 57835 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:43:46.450352 0.406755 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:46.857483 0.332087 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:47.189949 0.343304 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:47.533646 0.347017 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:47.881101 0.054419 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:47.936094 0.071982 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:48.008457 0.453827 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:48.462743 0.046154 udp 10.0.2.109 3683 <-> 93.198.211.80 8279 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:48.509344 0.228680 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:48.738531 0.101349 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:48.840308 0.152996 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:48.993672 0.048955 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:49.043007 0.177704 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:49.221058 0.293536 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:49.514945 0.458585 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:49.973903 0.139550 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:50.113844 0.297140 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:50.411327 0.188189 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:50.599915 0.185534 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:50.785785 0.167803 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:50.953985 0.095014 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:51.049376 0.146359 rtcp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:51.196153 0.084299 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:51.280899 0.169861 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:51.451151 0.181043 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:51.632560 0.142351 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:51.775429 0.057594 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:51.833391 0.151051 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:43:51.984957 0.077474 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/11 02:45:30.970201 3.001692 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 02:45:37.977945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:45:45.979464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:46:01.982530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:46:33.987886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:52:36.870756 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 02:52:36.870987 0.541543 tcp 10.0.2.109 57836 -> 5.178.194.36 4983 FSPA* 0 0 14 1590 flow=From-Botnet-V1-TCP-Established 1970/02/11 02:54:25.999588 3.001884 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 02:54:33.007159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:54:41.008913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:54:57.014932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 02:55:29.017564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:01:55.035319 3.001851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 03:02:02.042771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:02:10.045652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:02:26.047338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:02:58.053402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:09:09.059132 3.002165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 03:09:16.067475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:09:24.067792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:09:40.071409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:10:12.077311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:14:08.127117 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 03:14:08.127212 0.166708 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:08.294337 0.000000 udp 10.0.2.109 3683 -> 213.123.227.57 4865 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 03:14:26.775264 0.032487 tcp 10.0.2.109 57837 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:14:26.808007 0.064699 tcp 10.0.2.109 57838 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:14:26.873021 0.161298 tcp 10.0.2.109 57839 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:14:27.035004 0.162575 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:27.197952 0.092108 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:27.290526 0.076809 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:27.367722 0.213527 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:27.581672 0.145741 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:27.727775 0.056652 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:27.784788 0.143738 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:27.928886 0.049979 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:27.979225 0.144593 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:28.124227 0.060716 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:28.185351 0.243731 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:28.429475 0.407280 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:28.837087 0.329432 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:29.166879 0.000000 udp 10.0.2.109 3683 -> 113.28.179.100 4835 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 03:14:44.209620 0.338044 tcp 10.0.2.109 57840 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:14:44.548001 0.068309 tcp 10.0.2.109 57841 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:14:44.616594 0.160553 tcp 10.0.2.109 57842 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:14:44.777705 0.326966 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:45.105105 0.055412 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:45.160975 0.074196 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:45.235544 0.469720 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:14:45.705642 0.000000 udp 10.0.2.109 3683 -> 93.198.211.80 8279 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 03:15:01.605335 0.092480 tcp 10.0.2.109 57843 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:15:01.698238 0.067299 tcp 10.0.2.109 57844 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:15:01.765896 0.155079 tcp 10.0.2.109 57845 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:15:01.921527 0.173460 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:02.095436 0.102337 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:02.198183 1.369749 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:03.568301 0.295516 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:03.864222 0.153223 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:04.017852 0.048342 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:04.066551 0.276973 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:04.343928 0.146956 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:04.491293 0.325562 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:04.817262 0.187632 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:05.005333 0.184869 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:05.190596 0.165117 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:05.356068 0.095072 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:05.451558 0.145508 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:05.597534 0.090509 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:05.688413 0.165429 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:05.854347 0.175658 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:06.030551 0.142773 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:06.173727 0.059896 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:06.234028 0.149333 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:15:06.383741 0.115725 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:16:16.084266 3.000995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 03:16:23.090821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:16:31.092328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:16:47.095428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:17:19.101292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:22:37.419340 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 03:22:37.419569 0.499437 tcp 10.0.2.109 57846 -> 5.178.194.36 4983 FSPA* 0 0 15 1772 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:23:23.107719 3.001272 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 03:23:30.115043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:23:38.115999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:23:54.119315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:24:26.125449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:30:30.131158 3.001751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 03:30:37.138447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:30:45.140280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:31:01.143663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:31:33.149352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:37:37.155324 3.001584 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 03:37:44.164654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:37:52.165370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:38:08.167240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:38:40.174636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:44:44.179477 3.001689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 03:44:51.186856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:44:59.187650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:45:14.961222 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 03:45:14.961369 0.000000 udp 10.0.2.109 3683 -> 113.28.179.100 4835 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 03:45:15.191294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:45:33.048459 0.034911 tcp 10.0.2.109 57847 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:45:33.083634 0.069311 tcp 10.0.2.109 57848 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:45:33.153208 0.163328 tcp 10.0.2.109 57849 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:45:33.317111 0.000000 udp 10.0.2.109 3683 -> 93.198.211.80 8279 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 03:45:47.196652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:45:50.613079 0.096244 tcp 10.0.2.109 57850 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:45:50.709636 0.063898 tcp 10.0.2.109 57851 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:45:50.773829 0.157438 tcp 10.0.2.109 57852 -> 195.113.214.249 443 FSRP* 0 0 28 9296 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:45:50.931464 0.167169 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:51.099003 0.083657 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:51.183153 0.194882 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:51.378609 0.220368 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:51.599318 0.052756 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 585 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:51.652474 0.104515 udp 10.0.2.109 3683 <-> 128.91.150.163 9351 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:51.757381 0.164653 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:51.922406 0.143088 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:52.065886 0.148408 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:52.214738 0.405259 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:52.620429 0.050613 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:52.671503 0.142548 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:52.814409 0.056921 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:52.871743 0.327328 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:53.199463 0.478006 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:53.677838 0.055968 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:53.734218 0.340958 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:54.075525 0.074293 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:45:54.150433 0.000000 udp 10.0.2.109 3683 -> 99.184.168.69 8341 INT 0 1 91 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 03:46:09.640053 0.038505 tcp 10.0.2.109 57853 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:46:09.678812 0.063621 tcp 10.0.2.109 57854 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:46:09.742805 0.154350 tcp 10.0.2.109 57855 -> 195.113.214.249 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:46:09.897706 0.116293 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:10.014590 0.776091 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:10.791026 0.253763 udp 10.0.2.109 3683 <-> 14.98.95.18 3147 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:11.045260 0.301372 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:11.347033 0.154464 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:11.501875 0.000000 udp 10.0.2.109 3683 -> 99.137.240.98 4256 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 03:46:28.887711 0.036585 tcp 10.0.2.109 57856 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:46:28.924637 0.069246 tcp 10.0.2.109 57857 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:46:28.994288 0.153183 tcp 10.0.2.109 57858 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:46:29.148047 0.154456 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:29.302883 0.047113 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:29.350432 0.188470 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:29.539326 0.184629 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:29.724401 0.166570 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:29.891382 0.095593 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:29.987342 0.147087 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:30.134821 0.085094 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:30.220326 0.166841 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:30.387614 0.062037 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:30.450023 0.148271 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:30.598661 0.072628 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:30.671692 0.640863 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:46:31.313026 0.141703 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/11 03:52:37.918249 0.186220 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 03:52:38.104680 0.697337 tcp 10.0.2.109 57859 -> 5.178.194.36 4983 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/02/11 03:54:03.212889 3.001820 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 03:54:10.220291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:54:18.221866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:54:34.224824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 03:55:06.231015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:01:10.237501 3.001121 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 04:01:17.244064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:01:25.245849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:01:41.248777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:02:13.254813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:08:25.262090 3.194903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 04:08:32.424354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:08:40.350227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:08:56.286445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:09:28.293921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:15:32.296226 3.002034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 04:15:39.304025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:15:47.305426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:16:03.308450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:16:35.329105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:16:52.950039 0.001032 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 04:16:52.951203 0.000000 udp 10.0.2.109 3683 -> 99.184.168.69 8341 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 04:17:10.326694 0.033228 tcp 10.0.2.109 57860 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:17:10.360251 0.068410 tcp 10.0.2.109 57861 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:17:10.429002 0.161221 tcp 10.0.2.109 57862 -> 195.113.214.249 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:17:10.590898 0.000000 udp 10.0.2.109 3683 -> 99.137.240.98 4256 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 04:17:27.545709 0.035060 tcp 10.0.2.109 57863 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:17:27.581060 0.066304 tcp 10.0.2.109 57864 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:17:27.647666 0.165934 tcp 10.0.2.109 57865 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:17:27.814134 0.050459 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:27.865043 0.000000 udp 10.0.2.109 3683 -> 128.91.150.163 9351 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 04:17:45.024948 0.031662 tcp 10.0.2.109 57866 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:17:45.056925 0.065879 tcp 10.0.2.109 57867 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:17:45.123052 0.161666 tcp 10.0.2.109 57868 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:17:45.285223 0.195372 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:45.481043 0.080433 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:45.561860 0.168085 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:45.730396 0.157807 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:45.888604 0.148126 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:46.037103 0.403739 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:46.441273 0.051777 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:46.493398 0.145262 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:46.639016 0.059420 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:46.698799 0.165266 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:46.864551 0.143255 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:47.008168 0.329520 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:47.338083 0.452374 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:47.790846 0.055593 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:47.846912 0.068442 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:47.915739 0.346682 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:48.262815 0.128044 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:48.391271 1.317034 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:49.708647 0.149536 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:17:49.858638 0.000000 udp 10.0.2.109 3683 -> 14.98.95.18 3147 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 04:18:06.686505 0.032204 tcp 10.0.2.109 57869 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:18:06.719010 0.067702 tcp 10.0.2.109 57870 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:18:06.786988 0.195038 tcp 10.0.2.109 57871 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:18:06.982578 0.297348 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:07.280323 0.187918 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:07.468633 0.183804 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:07.652807 0.152853 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:07.806048 0.049381 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:07.855840 0.164785 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:08.020960 0.092793 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:08.114173 0.145945 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:08.260494 0.090484 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:08.351384 0.166805 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:08.518736 0.062946 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:08.582052 0.149763 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:08.732210 0.072100 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:08.804762 0.178400 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:18:08.983548 0.143780 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:22:38.636830 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 04:22:38.636987 0.424936 tcp 10.0.2.109 57872 -> 5.178.194.36 4983 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:22:39.331023 3.001133 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 04:22:46.337849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:22:54.339291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:23:10.342330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:23:42.348669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:29:46.354447 3.001564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 04:29:53.361777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:30:01.363233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:30:17.366337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:30:49.372323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:36:53.377966 3.002088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 04:37:00.385651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:37:08.387461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:37:24.390408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:37:56.406424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:44:00.419952 2.994317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 04:44:07.419908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:44:15.421455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:44:31.424715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:45:03.430767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:48:22.647107 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 04:48:22.647217 0.000000 udp 10.0.2.109 3683 -> 128.91.150.163 9351 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 04:48:41.104898 0.056694 tcp 10.0.2.109 57873 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:48:41.161873 0.067831 tcp 10.0.2.109 57874 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:48:41.230015 0.155403 tcp 10.0.2.109 57875 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:48:41.385961 0.000000 udp 10.0.2.109 3683 -> 14.98.95.18 3147 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 04:48:59.850962 0.031359 tcp 10.0.2.109 57876 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:48:59.882625 0.066032 tcp 10.0.2.109 57877 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:48:59.948973 0.157804 tcp 10.0.2.109 57878 -> 195.113.214.249 443 SRPA* 0 0 47 24812 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:49:00.107460 0.052184 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:00.160058 0.195224 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:00.355741 0.080482 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:00.436620 0.167106 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:00.604131 0.406586 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:01.011074 0.049921 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:01.061448 0.143675 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:01.205581 0.145507 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:01.351503 1.917980 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:03.269942 0.164698 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:03.435055 0.062463 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:03.497909 0.056766 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:03.555052 0.341745 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:03.897146 0.143088 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:04.040591 0.541895 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:04.582924 0.090581 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:04.673911 0.333738 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:05.008098 0.074119 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:05.082594 0.149498 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:05.232475 1.288081 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:06.520901 0.184927 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:06.706237 0.152739 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:06.859418 0.041644 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:06.901471 0.317104 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:07.218982 0.187726 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:07.407098 0.164388 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:07.571838 0.097881 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:07.670090 0.146900 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:07.817348 0.084042 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:07.901760 0.164018 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:08.066222 0.054751 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:08.121311 0.148274 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:08.270058 0.074906 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:49:08.345332 0.000000 udp 10.0.2.109 3683 -> 64.229.176.186 4573 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 04:49:25.918296 0.032513 tcp 10.0.2.109 57879 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:49:25.951070 0.069169 tcp 10.0.2.109 57880 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:49:26.020538 0.156290 tcp 10.0.2.109 57881 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:49:26.177449 0.142699 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/11 04:52:39.065837 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 04:52:39.066017 0.404768 tcp 10.0.2.109 57882 -> 5.178.194.36 4983 FSPA* 0 0 14 1689 flow=From-Botnet-V1-TCP-Established 1970/02/11 04:53:28.439139 3.001397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 04:53:35.446546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:53:43.448403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:53:59.451116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 04:54:31.457047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:00:35.462854 3.001841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 05:00:42.475100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:00:50.472059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:01:06.475138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:01:38.482594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:07:42.488235 3.000127 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 05:07:49.498854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:07:57.496064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:08:13.499120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:08:45.506824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:14:49.510151 3.002660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 05:14:56.518752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:15:04.519782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:15:20.522875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:15:52.539056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:19:49.619942 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 05:19:49.620117 0.178725 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:49.799221 0.081942 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:49.881576 0.169259 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:50.051253 0.054469 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:50.106258 0.241024 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:50.347727 0.144452 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:50.492627 0.148690 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:50.641690 0.406586 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:51.048698 0.048759 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:51.097808 0.145473 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:51.243645 0.053759 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:51.297815 0.059465 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:51.357692 0.163755 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:51.521918 0.103237 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:51.625555 0.327541 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:51.953561 0.143427 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:52.097359 0.982836 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:53.080616 0.148388 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:53.229414 0.074636 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:53.304427 0.313061 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:53.617886 0.157827 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:53.776081 1.861354 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:55.637851 0.182687 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:55.820995 0.043932 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:55.865425 0.160341 udp 10.0.2.109 3683 <-> 107.7.150.66 6122 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:56.026241 0.097006 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:56.123685 0.146276 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:19:56.270427 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 05:20:11.904126 0.034561 tcp 10.0.2.109 57883 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:20:11.939023 0.064782 tcp 10.0.2.109 57884 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:20:12.004131 0.184666 tcp 10.0.2.109 57885 -> 195.113.214.249 443 SRPA* 0 0 38 19830 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:20:12.189359 0.353529 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:20:12.543262 0.148006 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:20:12.691668 0.075421 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:20:12.767496 0.085992 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:20:12.853845 0.164195 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:20:13.018534 0.057406 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:20:13.076386 0.141230 udp 10.0.2.109 3683 <-> 70.53.152.59 5215 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:21:56.544369 3.001955 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 05:22:03.555208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:22:11.553726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:22:27.556776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:22:39.477219 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 05:22:39.477320 0.673152 tcp 10.0.2.109 57886 -> 5.178.194.36 4983 FSPA* 0 0 14 1666 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:22:59.562835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:29:03.568251 3.002338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 05:29:10.576423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:29:18.577823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:29:34.584953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:30:06.586597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:36:10.593171 3.001492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 05:36:17.602538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:36:25.601655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:36:41.605928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:37:13.610724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:43:17.623583 2.997837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 05:43:24.628763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:43:32.628469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:43:48.638681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:44:20.635002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:50:23.416837 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 05:50:23.416934 0.187891 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:23.605187 0.179153 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:23.784759 0.072028 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:23.857211 0.193225 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:24.050803 0.144368 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:24.195565 0.149466 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:24.345419 0.231891 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:24.577694 0.048966 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:24.627089 0.188260 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:24.641090 3.003932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 05:50:24.815738 0.055409 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:24.871574 0.407927 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:25.279933 0.049751 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:25.330109 0.164664 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:25.495228 0.104951 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:25.600549 0.063803 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:25.664710 0.353735 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:26.018840 0.146254 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:26.165497 0.285475 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:26.451367 0.326050 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:26.777882 0.152375 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:26.930733 0.144315 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:27.075493 0.000000 udp 10.0.2.109 3683 -> 119.234.158.112 5726 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 05:50:31.647854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:50:39.649551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:50:44.808729 0.032252 tcp 10.0.2.109 57887 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:50:44.841242 0.070761 tcp 10.0.2.109 57888 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:50:44.912399 0.158329 tcp 10.0.2.109 57889 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:50:45.071281 1.162639 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:46.234356 0.187504 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:46.422385 0.042660 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:46.465386 0.374706 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:50:46.840550 0.000000 udp 10.0.2.109 3683 -> 107.7.150.66 6122 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 05:50:55.652831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:51:03.284409 0.032001 tcp 10.0.2.109 57890 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:51:03.316659 0.066530 tcp 10.0.2.109 57891 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:51:03.383474 0.418470 tcp 10.0.2.109 57892 -> 195.113.214.249 443 SRPA* 0 0 26 13930 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:51:03.802488 0.147292 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:51:03.950200 0.307772 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:51:04.258389 0.149112 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:51:04.407854 0.069874 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:51:04.478113 0.088263 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:51:04.566799 0.000000 udp 10.0.2.109 3683 -> 70.53.152.59 5215 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 05:51:20.949578 0.032812 tcp 10.0.2.109 57893 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:51:20.982655 0.065462 tcp 10.0.2.109 57894 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:51:21.048389 0.215096 tcp 10.0.2.109 57895 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:51:21.264088 0.164652 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:51:21.429151 0.064006 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/11 05:51:27.658683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:52:40.155163 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 05:52:40.155264 0.445074 tcp 10.0.2.109 57896 -> 5.178.194.36 4983 FSPA* 0 0 14 1584 flow=From-Botnet-V1-TCP-Established 1970/02/11 05:57:31.664907 3.001167 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 05:57:38.672318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:57:46.673816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:58:02.676175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 05:58:34.682703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:04:55.705364 2.999312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 06:05:02.710571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:05:10.712036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:05:26.717541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:05:58.720643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:12:11.730718 3.001191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 06:12:18.737434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:12:26.738802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:12:42.741512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:13:14.747887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:19:18.753905 3.001601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 06:19:25.761406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:19:33.763009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:19:49.765970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:20:21.774555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:21:38.378563 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 06:21:38.378677 0.480420 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:21:38.859508 0.000000 udp 10.0.2.109 3683 -> 107.7.150.66 6122 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 06:21:57.081155 0.035528 tcp 10.0.2.109 57897 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:21:57.116997 0.068680 tcp 10.0.2.109 57898 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:21:57.185584 0.154457 tcp 10.0.2.109 57899 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:21:57.340547 0.000000 udp 10.0.2.109 3683 -> 70.53.152.59 5215 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 06:22:14.105178 0.032362 tcp 10.0.2.109 57900 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:14.137801 0.069339 tcp 10.0.2.109 57901 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:14.207453 0.156339 tcp 10.0.2.109 57902 -> 195.113.214.249 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:14.365182 0.252987 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:14.618545 0.164925 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:14.783892 0.486322 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:15.270621 0.182950 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:15.453935 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 06:22:30.539137 0.031639 tcp 10.0.2.109 57903 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:30.571110 0.065124 tcp 10.0.2.109 57904 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:30.636548 0.153514 tcp 10.0.2.109 57905 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:30.790624 0.055659 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:30.846681 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 06:22:40.602275 0.691613 tcp 10.0.2.109 57906 -> 5.178.194.36 4983 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:46.344108 0.032554 tcp 10.0.2.109 57907 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:46.376956 0.067800 tcp 10.0.2.109 57908 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:46.445035 0.155097 tcp 10.0.2.109 57909 -> 195.113.214.249 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:22:46.600702 0.143211 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:46.744287 0.146153 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:46.890876 0.168552 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:47.059882 0.056128 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:47.116400 0.213319 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:47.330074 0.105069 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:47.435570 0.061881 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:47.497887 0.049028 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:47.547333 0.407248 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:47.954975 0.166133 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:48.121582 0.143438 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:48.265422 0.335046 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:48.635084 0.070832 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:48.706324 0.327235 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:49.033993 0.160911 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:49.195324 0.152730 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:49.348445 1.216235 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:50.565040 0.183166 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:50.748616 0.048103 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:50.797125 0.185524 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:50.983123 0.366013 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:51.349797 0.145407 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:51.495605 0.148186 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:51.644194 0.073857 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:22:51.718475 0.087115 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:26:25.778318 3.001403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 06:26:32.784795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:26:40.788659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:26:56.789760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:27:28.805483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:33:32.811456 3.006117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 06:33:39.823337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:33:47.828488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:34:03.827010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:34:35.832257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:40:39.838118 2.999344 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 06:40:46.843277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:40:54.845822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:41:10.847621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:41:42.854165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:47:46.859318 3.002333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 06:47:53.866912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:48:01.868829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:48:17.872027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:48:49.877823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:52:41.303522 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 06:52:41.303636 0.629793 tcp 10.0.2.109 57910 -> 5.178.194.36 4983 FSPA* 0 0 14 1703 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:52:56.422980 0.187101 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:56.610592 0.221597 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:56.832578 0.615529 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:57.448510 0.058220 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:57.507067 0.164343 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:57.671822 0.075767 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:57.747988 0.181555 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:57.929913 0.056746 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:57.987012 0.144170 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:58.131586 0.147993 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:58.280000 0.138612 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:58.418971 0.102051 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:58.521417 0.061423 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:58.583220 0.050169 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:52:58.633823 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 06:53:17.364342 0.032126 tcp 10.0.2.109 57911 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:53:17.396742 0.067111 tcp 10.0.2.109 57912 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:53:17.464213 0.162301 tcp 10.0.2.109 57913 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/11 06:53:17.627093 0.047609 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:17.675079 0.407002 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:18.082487 0.166507 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:18.249423 0.143968 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:18.393828 0.333489 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:18.727703 0.074436 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:18.802556 0.154273 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:18.957197 0.333257 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:19.290849 0.191836 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:19.483040 0.042715 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:19.526211 0.258737 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:19.785416 0.191602 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:19.977379 0.094112 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:20.071951 0.314712 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:20.387153 0.147012 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:20.534768 0.150812 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:20.685997 0.070347 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:53:20.756687 0.080588 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/11 06:55:30.887039 3.001613 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 06:55:37.893946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:55:45.896004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:56:01.898956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 06:56:33.906943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:02:45.911649 3.002839 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 07:02:52.919806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:03:00.921347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:03:16.924418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:03:48.934018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:09:52.936237 3.003117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 07:09:59.944582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:10:07.945196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:10:24.567029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:10:56.196038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:16:59.972312 3.001777 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 07:17:06.978192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:17:14.979381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:17:30.982021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:18:02.988993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:22:41.939890 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 07:22:41.940089 0.422322 tcp 10.0.2.109 57914 -> 5.178.194.36 4983 FSPA* 0 0 14 1508 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:23:22.539659 0.168000 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:22.708078 0.189452 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:22.897980 0.194005 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:23.092410 0.051828 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:23.144659 0.472841 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:23.617932 0.000000 udp 10.0.2.109 3683 -> 64.229.176.186 4573 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 07:23:27.464821 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 07:23:41.146675 0.052017 tcp 10.0.2.109 57915 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:23:41.198930 0.065795 tcp 10.0.2.109 57916 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:23:41.265060 0.157521 tcp 10.0.2.109 57917 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:23:41.423221 0.127435 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:41.551035 0.164394 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:41.715778 0.145502 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:41.861667 0.145887 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:42.007962 0.055946 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:42.064272 0.051016 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:42.115679 0.102189 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:42.218262 1.044366 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:43.263031 0.062139 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:43.325589 0.052941 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:43.378887 0.409045 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:43.788370 0.166937 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:43.955678 0.071114 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:44.027188 0.152279 udp 10.0.2.109 3683 <-> 72.43.233.251 6358 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:44.180064 0.143360 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:44.323866 0.327545 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:44.651839 0.040978 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:44.693194 0.366604 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:45.060195 0.158095 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:45.218707 0.626535 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:45.845594 0.188129 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:46.034200 0.094574 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:46.129178 0.149190 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:46.278722 0.074307 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:46.353396 0.086746 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:46.440513 0.277156 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:23:46.718064 0.146552 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:24:06.995469 3.000564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 07:24:14.001849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:24:22.003614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:24:38.006046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:25:10.037442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:31:14.038577 3.001847 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 07:31:21.055170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:31:29.047503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:31:45.055330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:32:17.056007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:38:21.062259 3.001707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 07:38:28.070066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:38:36.071213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:38:52.074722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:39:24.080816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:45:28.087375 3.010829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 07:45:35.103638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:45:43.105489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:45:59.108584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:46:31.114619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:52:42.369104 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 07:52:42.369213 0.415416 tcp 10.0.2.109 57918 -> 5.178.194.36 4983 FSPA* 0 0 14 1727 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:00.711248 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 07:54:00.711356 0.180661 udp 10.0.2.109 3683 <-> 64.229.176.186 4573 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:00.892428 0.171115 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:01.063983 0.191818 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:01.256208 0.065521 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:01.322126 0.194870 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:01.517391 0.471714 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:01.989539 0.079007 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:02.069038 0.164794 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:02.234326 0.142762 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:02.377473 0.051963 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:02.429818 0.099218 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:02.529414 0.145614 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:02.675429 0.059867 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:02.735650 0.657486 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:03.393531 0.060507 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:03.454513 0.053664 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:03.508646 0.309371 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:03.818375 0.000000 udp 10.0.2.109 3683 -> 72.43.233.251 6358 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 07:54:19.840037 0.033674 tcp 10.0.2.109 57919 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:19.873889 0.071769 tcp 10.0.2.109 57920 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:19.945976 0.157539 tcp 10.0.2.109 57921 -> 195.113.214.249 443 SRPA* 0 0 38 18958 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:20.103991 0.144130 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:20.248512 0.337819 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:20.586653 0.047954 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:20.635014 0.165161 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:20.800589 0.074412 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:20.875359 0.333766 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:21.209669 0.161439 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:21.210020 4.757115 tcp 10.0.2.109 57922 -> 147.8.183.75 9321 SPA_* 0 0 136 87474 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:21.371558 0.229468 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:21.601393 0.148358 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:21.750340 0.075916 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:21.826594 0.079199 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:21.906409 0.297986 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:22.204810 1.212913 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:23.125349 3.002005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 07:54:23.418321 0.185899 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:23.604666 0.147919 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/11 07:54:26.222776 4.861835 tcp 10.0.2.109 57922 -> 147.8.183.75 9321 A_PA 0 0 107 95890 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:30.133166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:54:31.281006 4.775608 tcp 10.0.2.109 57922 -> 147.8.183.75 9321 A_PA 0 0 145 130710 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:36.391768 4.766097 tcp 10.0.2.109 57922 -> 147.8.183.75 9321 A_PA 0 0 160 131520 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:38.134749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:54:41.488813 4.772544 tcp 10.0.2.109 57922 -> 147.8.183.75 9321 A_PA 0 0 172 132168 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:46.586993 4.856928 tcp 10.0.2.109 57922 -> 147.8.183.75 9321 FPA_* 0 0 148 107250 flow=From-Botnet-V1-TCP-Established 1970/02/11 07:54:54.142124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 07:55:26.143940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:01:52.163322 2.999695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 08:01:59.168795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:02:07.169994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:02:23.174789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:02:55.179093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:09:06.187005 3.000106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 08:09:13.192649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:09:21.194744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:09:37.199188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:10:09.203008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:16:13.210813 3.000017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 08:16:20.216873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:16:28.217826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:16:44.221045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:17:16.227050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:22:42.786900 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 08:22:42.787093 0.474885 tcp 10.0.2.109 57923 -> 5.178.194.36 4983 FSPA* 0 0 14 1524 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:23:20.233353 3.001655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 08:23:27.240799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:23:35.241980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:23:51.245237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:24:23.251290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:24:35.078926 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 08:24:35.079142 0.153091 udp 10.0.2.109 3683 -> 72.43.233.251 6358 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 08:24:35.232233 0.000000 icmp 72.43.233.251 0x0303 -> 10.0.2.109 0xd618 URP 192 1 169 flow=Background 1970/02/11 08:24:52.194882 0.056291 tcp 10.0.2.109 57924 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:24:52.251500 0.071013 tcp 10.0.2.109 57925 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:24:52.322741 0.167141 tcp 10.0.2.109 57926 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:24:52.490522 0.187461 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:24:52.678371 0.058831 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:24:52.737557 0.195837 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:24:52.933841 0.000000 udp 10.0.2.109 3683 -> 64.229.176.186 4573 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 08:25:09.087884 0.052459 tcp 10.0.2.109 57927 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:25:09.140625 0.066537 tcp 10.0.2.109 57928 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:25:09.207462 0.159568 tcp 10.0.2.109 57929 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:25:09.367759 0.169192 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:09.537344 0.469191 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.006983 0.074479 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.081911 0.166288 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.248597 0.117384 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.366458 0.147512 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.514344 0.054140 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.568874 0.049672 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.618878 0.143828 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.763174 0.055525 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.819136 0.062511 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:10.882069 0.190907 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:11.073350 0.308923 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:11.382680 0.042470 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:11.425529 0.166100 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:11.592023 0.141847 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:11.734299 0.331629 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:12.066555 0.153141 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:12.220060 0.070990 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:12.291460 0.326429 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:12.618577 0.381797 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:12.619019 4.675668 tcp 10.0.2.109 57930 -> 147.8.183.75 9321 SPA_* 0 0 154 104653 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:25:13.000753 0.149674 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:13.150843 0.077626 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:13.229280 0.080514 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:13.310156 0.280796 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:13.591314 0.171334 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:13.763047 0.187212 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:13.950670 0.120981 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:25:17.625236 4.675984 tcp 10.0.2.109 57930 -> 147.8.183.75 9321 A_PA 0 0 163 131682 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:25:22.630269 4.914832 tcp 10.0.2.109 57930 -> 147.8.183.75 9321 FPA_* 0 0 147 123208 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:25:27.877269 0.000127 tcp 10.0.2.109 57930 -> 147.8.183.75 9321 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:25:45.215172 0.000000 udp 10.0.2.109 3683 -> 64.229.176.186 4573 REQ 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 08:26:00.952418 0.052443 tcp 10.0.2.109 57931 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:26:01.005199 0.069211 tcp 10.0.2.109 57932 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:26:01.074644 0.159046 tcp 10.0.2.109 57933 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:26:01.234181 0.185479 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:01.420045 0.051327 udp 10.0.2.109 3683 <-> 81.133.36.147 3991 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:01.471811 0.193734 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:01.666004 0.165862 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:01.832221 0.597051 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:02.429709 0.070641 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:02.500726 0.165838 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:02.666967 0.115394 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:02.782780 0.143209 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:02.926393 0.055393 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:02.982356 0.049574 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:03.032272 0.140855 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:03.173502 0.038521 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:03.212423 0.047543 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:03.260357 0.154105 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:03.414880 0.308792 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:03.724077 0.133076 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:03.857552 0.000000 udp 10.0.2.109 3683 -> 99.163.247.44 8222 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 08:26:19.349783 0.053410 tcp 10.0.2.109 57934 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:26:19.403451 0.067329 tcp 10.0.2.109 57935 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:26:19.471064 0.168250 tcp 10.0.2.109 57936 -> 195.113.214.249 443 SRPA* 0 0 21 13034 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:26:19.639868 0.142470 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:19.782802 0.070705 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:19.853900 0.326901 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:20.181177 0.326880 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:20.508523 0.144796 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:20.653743 0.496772 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:21.150980 0.148775 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:21.300170 0.067687 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:21.368261 0.087750 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:21.456431 0.273954 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:21.730803 0.220119 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:21.951331 0.187252 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:22.139000 0.286637 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:26:30.123750 0.437494 tcp 10.0.2.109 57937 -> 5.178.194.36 4983 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:30:27.297083 3.001768 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 08:30:34.309459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:30:42.306206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:30:58.309107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:31:30.315090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:37:34.321330 3.001521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 08:37:41.328525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:37:49.330200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:38:05.333158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:38:37.345925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:44:41.345495 3.001357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 08:44:48.353100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:44:56.354067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:45:12.357251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:45:44.366646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:54:00.379528 3.001248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 08:54:07.386595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:54:15.387790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:54:31.391068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:55:03.400349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 08:56:30.562719 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 08:56:30.562885 0.460170 tcp 10.0.2.109 57938 -> 5.178.194.36 4983 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:56:33.176670 0.166942 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:33.344009 0.193860 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:33.538289 0.165251 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:33.703910 0.190412 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:33.894697 0.000000 udp 10.0.2.109 3683 -> 81.133.36.147 3991 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 08:56:50.998455 0.053085 tcp 10.0.2.109 57939 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:56:51.051862 0.068308 tcp 10.0.2.109 57940 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:56:51.120455 0.158824 tcp 10.0.2.109 57941 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:56:51.279814 0.164378 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:51.444612 2.151543 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:53.596554 0.148280 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:53.745296 0.468790 udp 10.0.2.109 3683 <-> 119.234.158.112 5726 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:54.214497 0.087858 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:54.302787 0.049401 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:54.352625 0.142519 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:54.495586 0.051282 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:54.547237 0.063390 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:54.610975 0.140597 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:54.751952 0.316738 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:56:55.069082 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 08:57:12.719328 0.054014 tcp 10.0.2.109 57942 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:57:12.773621 0.068356 tcp 10.0.2.109 57943 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:57:12.842292 0.168231 tcp 10.0.2.109 57944 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/11 08:57:13.011148 0.084433 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:13.095988 0.144087 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:13.240471 0.074516 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:13.315383 0.154825 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:13.470597 0.347741 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:13.818723 0.332081 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:14.151178 0.116607 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:14.268191 0.148836 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:14.417477 0.073192 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:14.491042 0.084342 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:14.575838 0.342390 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:14.918574 0.146157 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:15.065177 0.184421 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/11 08:57:15.250033 0.122578 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:01:07.402276 3.002286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 09:01:14.410654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:01:22.456366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:01:38.424824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:02:10.430992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:08:22.448314 3.051470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 09:08:29.477914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:08:37.467694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:08:53.470516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:09:25.476461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:15:29.483197 3.003598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 09:15:36.489802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:15:44.491459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:16:00.494123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:16:32.510419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:22:36.516351 3.001812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 09:22:43.523922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:22:51.525306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:23:07.528411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:23:39.534842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:26:31.031390 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 09:26:31.031594 0.447711 tcp 10.0.2.109 57945 -> 5.178.194.36 4983 FSPA* 0 0 15 1639 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:27:29.335009 0.000000 udp 10.0.2.109 3683 -> 81.133.36.147 3991 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 09:27:34.001594 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 09:27:47.883578 0.054449 tcp 10.0.2.109 57946 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:27:47.938299 0.067356 tcp 10.0.2.109 57947 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:27:48.005900 0.159660 tcp 10.0.2.109 57948 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:27:48.166083 0.049967 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:27:48.216445 0.194122 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:27:48.411021 0.168350 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:27:48.579750 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 09:28:03.815057 0.052582 tcp 10.0.2.109 57949 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:28:03.867916 0.064483 tcp 10.0.2.109 57950 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:28:03.932685 0.159674 tcp 10.0.2.109 57951 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:28:04.092857 0.186320 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:04.279624 0.165772 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:04.445818 0.110256 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:04.556474 0.148416 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:04.705237 0.071573 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:04.777198 0.051109 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:04.828717 0.142461 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:04.971578 0.054464 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:05.026460 0.062359 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:05.089228 0.135445 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:05.225086 0.000000 udp 10.0.2.109 3683 -> 119.234.158.112 5726 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 09:28:23.803496 0.061264 tcp 10.0.2.109 57952 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:28:23.865033 0.067644 tcp 10.0.2.109 57953 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:28:23.933008 0.163842 tcp 10.0.2.109 57954 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:28:24.097508 0.314739 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:24.412639 0.074497 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:24.487572 0.143569 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:24.631509 0.063578 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:24.695485 0.142442 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:24.838379 0.333245 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:25.172034 0.330117 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:25.502546 0.597311 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:26.100261 0.149779 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:26.250550 0.072013 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:26.322920 0.093291 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:26.416590 0.000000 udp 10.0.2.109 3683 -> 172.0.248.187 6759 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 09:28:42.213094 0.054356 tcp 10.0.2.109 57955 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:28:42.267734 0.064657 tcp 10.0.2.109 57956 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:28:42.332751 0.174085 tcp 10.0.2.109 57957 -> 195.113.214.249 443 SRPA* 0 0 67 69796 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:28:42.507353 0.398311 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:42.906285 0.283777 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:28:43.190384 0.146387 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:29:43.540579 3.001891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 09:29:50.547804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:29:58.551302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:30:14.555551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:30:46.558155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:36:50.565118 3.000620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 09:36:57.574216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:37:05.606614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:37:21.587127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:37:53.591637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:43:57.598561 3.001457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 09:44:04.605554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:44:12.607183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:44:28.610012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:45:00.615927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:51:04.621859 3.002544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 09:51:11.629491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:51:19.631011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:51:35.634519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:52:07.640352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:56:31.479895 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 09:56:31.479989 0.434406 tcp 10.0.2.109 57958 -> 5.178.194.36 4983 FSPA* 0 0 14 1514 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:58:11.645788 3.002242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 09:58:18.653644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:58:26.654516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:58:42.658094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:59:05.661586 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 09:59:05.661784 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 09:59:14.665483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 09:59:22.237891 0.054620 tcp 10.0.2.109 57959 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:59:22.292797 0.066152 tcp 10.0.2.109 57960 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:59:22.359224 0.165527 tcp 10.0.2.109 57961 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:59:22.525402 0.000000 udp 10.0.2.109 3683 -> 119.234.158.112 5726 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 09:59:40.762283 0.053184 tcp 10.0.2.109 57962 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:59:40.815737 0.068746 tcp 10.0.2.109 57963 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:59:40.884747 0.153292 tcp 10.0.2.109 57964 -> 195.113.214.249 443 SRPA* 0 0 21 13034 flow=From-Botnet-V1-TCP-Established 1970/02/11 09:59:41.038565 0.183650 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:41.222666 0.165934 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:41.389030 0.047700 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:41.437126 0.231223 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:41.668733 0.158652 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:41.827755 0.148740 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:41.983771 0.077608 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:42.061739 0.050883 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:42.113009 0.164076 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:42.277551 0.188962 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:42.466880 0.135366 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:42.602632 0.058691 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:42.661731 0.053365 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:42.715473 0.143272 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:42.859163 0.065512 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:42.925083 0.144224 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:43.069724 0.074140 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:43.144379 0.315917 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:43.460659 0.150021 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:43.611030 0.349941 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:43.961311 0.313027 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:44.274710 0.073182 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:44.348289 0.132164 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:44.480895 0.158004 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:44.639352 0.556533 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:45.196251 0.107436 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:45.304045 0.426581 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/11 09:59:45.731075 0.148787 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:05:43.676553 3.001052 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 10:05:50.683478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:05:58.684997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:06:14.687742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:06:46.693933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:12:50.700093 3.001860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 10:12:57.707488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:13:05.708957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:13:21.712099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:13:53.718321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:19:57.723964 3.001676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 10:20:04.730859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:20:12.733139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:20:28.735871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:21:00.742028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:26:31.918771 0.026338 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 10:26:31.945232 0.941486 tcp 10.0.2.109 57965 -> 5.178.194.36 4983 FSPA* 0 0 15 1676 flow=From-Botnet-V1-TCP-Established 1970/02/11 10:27:04.747871 3.001804 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 10:27:11.755221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:27:19.756573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:27:35.760205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:28:07.766010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:29:46.948880 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 10:29:46.948971 0.041311 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:46.990644 0.183786 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:47.174794 0.169375 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:47.344564 0.166534 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:47.511486 0.105678 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:47.617669 0.147087 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:47.765162 0.081423 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:47.847019 0.050641 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:47.898229 0.164356 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:48.062992 0.187931 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:48.251368 0.140117 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:48.391912 0.064865 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:48.457200 0.062979 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:48.520610 0.141784 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:48.662722 0.081374 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:48.744497 0.321514 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:49.066424 0.147000 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:49.213777 0.143763 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:49.357938 0.074290 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:49.432661 0.350097 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:49.783242 0.333078 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:50.116755 0.076086 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:50.193280 0.090554 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:50.284231 0.244550 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:50.529160 0.341093 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:50.870605 0.147890 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:51.018895 0.364767 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:29:51.384058 0.205717 udp 10.0.2.109 3683 <-> 86.154.51.113 6597 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/11 10:34:11.775369 3.001859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 10:34:18.779434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:34:26.781029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:34:42.783967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:35:14.790014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:41:18.797623 2.999828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 10:41:25.802761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:41:33.804253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:41:49.807809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:42:21.813688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:48:25.819271 3.001883 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 10:48:32.827124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:48:40.828749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:48:56.831800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:49:28.837735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:55:53.844656 3.000839 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 10:56:00.851402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:56:08.852958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:56:24.855491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 10:56:32.877950 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 10:56:32.878046 0.729624 tcp 10.0.2.109 57966 -> 5.178.194.36 4983 FSPA* 0 0 14 1499 flow=From-Botnet-V1-TCP-Established 1970/02/11 10:56:56.862534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:00:07.486420 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 11:00:07.486638 0.168095 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:07.655099 0.165424 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:07.820966 0.103897 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:07.925313 0.147662 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:08.073367 0.076911 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:08.150716 0.049724 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:08.200880 0.046672 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:08.248024 0.187778 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:08.436240 0.164173 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:08.600842 0.189678 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:08.790896 0.144730 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:08.936101 0.065015 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:09.001503 0.051520 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:09.053421 0.147999 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:09.201807 0.066614 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:09.268848 0.145622 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:09.414848 0.074146 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:09.489421 0.328203 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:09.817957 0.319107 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:10.137488 0.155405 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:10.293314 0.333486 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:10.627141 0.076064 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:10.703580 0.084078 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:10.788097 0.147825 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:10.936354 0.282712 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:11.219450 0.000000 udp 10.0.2.109 3683 -> 86.154.51.113 6597 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 11:00:28.697733 0.054683 tcp 10.0.2.109 57967 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:00:28.752753 0.066586 tcp 10.0.2.109 57968 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:00:28.819602 0.147252 tcp 10.0.2.109 57969 -> 195.113.214.249 443 SRPA* 0 0 37 27830 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:00:28.967384 0.146228 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:00:29.113958 0.350762 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:03:00.867657 3.002365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 11:03:07.875372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:03:15.876989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:03:31.886508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:04:03.887807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:10:07.892485 3.001144 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 11:10:14.899544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:10:22.901108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:10:38.903782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:11:10.910044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:17:14.916162 3.001399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 11:17:21.923387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:17:29.924860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:17:45.927976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:18:17.933956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:24:21.939993 3.004887 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 11:24:28.947506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:24:36.949281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:24:52.954254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:25:24.958011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:26:33.606763 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 11:26:33.606959 0.451807 tcp 10.0.2.109 57970 -> 5.178.194.36 4983 FSPA* 0 0 14 1637 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:30:38.288881 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 11:30:38.288984 0.000000 udp 10.0.2.109 3683 -> 86.154.51.113 6597 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 11:30:54.813567 0.054246 tcp 10.0.2.109 57971 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:30:54.868015 0.068638 tcp 10.0.2.109 57972 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:30:54.936994 0.164760 tcp 10.0.2.109 57973 -> 195.113.214.249 443 SRPA* 0 0 25 14108 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:30:55.102335 0.107587 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:55.210386 0.163036 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:55.373852 0.168740 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:55.542956 0.080075 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:55.623360 0.049999 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:55.673703 0.041787 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:55.715858 0.183916 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:55.900423 0.167212 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:56.068065 0.147958 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:56.216435 0.188645 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:56.405474 0.054853 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:56.460713 0.142253 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:56.603322 0.065808 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:56.669508 0.143168 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:56.813096 0.074741 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:56.888236 0.067386 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:56.956007 0.145232 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:57.101636 0.340569 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:57.442574 0.326709 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:57.769721 0.318665 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:58.088754 0.144789 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:58.233916 0.156276 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:58.390580 0.326932 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:58.717906 0.089412 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:30:58.807716 0.000000 udp 10.0.2.109 3683 -> 217.35.89.25 3889 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 11:31:15.162531 0.053243 tcp 10.0.2.109 57974 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:31:15.216138 0.066494 tcp 10.0.2.109 57975 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:31:15.282945 0.164903 tcp 10.0.2.109 57976 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 11:31:15.448366 0.149642 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:31:15.598405 0.373482 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/11 11:31:28.964193 3.001465 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 11:31:35.971141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:31:43.972870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:31:59.975790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:32:31.981802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:38:35.987347 3.002233 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 11:38:42.995183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:38:50.997080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:39:06.999907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:39:39.005793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:45:43.011803 3.001672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 11:45:50.019439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:45:58.020885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:46:14.023671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:46:46.029819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:54:29.039504 3.056250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 11:54:36.075432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:54:44.057098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:55:00.060140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:55:32.066501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 11:56:34.066254 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 11:56:34.066359 0.424349 tcp 10.0.2.109 57977 -> 5.178.194.36 4983 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/02/11 12:01:42.569210 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 12:01:42.569403 0.074116 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:42.643960 0.169404 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:42.813737 0.083114 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:42.897300 0.049745 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:42.947413 0.042997 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:42.990748 0.186644 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:43.177835 0.153734 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:43.331960 0.164862 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:43.497189 0.164073 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:43.661654 0.188637 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:43.943627 0.054121 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:43.998172 0.143572 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:44.142285 0.055523 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:44.198242 0.142906 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:44.341534 0.074327 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:44.416236 0.059040 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:44.475652 0.149036 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:44.625124 0.145558 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:44.771138 0.328666 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:45.100292 0.352728 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:45.453390 0.436108 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:45.889869 0.299592 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:46.189823 0.083771 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:46.274098 0.142153 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:46.416599 0.324522 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:46.741501 0.144391 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:01:46.886297 0.428072 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:02:01.077645 3.002247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 12:02:08.086675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:02:16.087082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:02:32.090071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:03:04.095997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:09:11.107025 3.001063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 12:09:18.113728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:09:26.115130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:09:42.118617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:10:14.124534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:16:18.130509 3.001373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 12:16:25.137867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:16:33.139424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:16:49.142035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:17:21.148529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:23:25.154505 3.004037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 12:23:32.167306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:23:40.163419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:23:56.166275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:24:28.172268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:26:34.494996 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 12:26:34.495204 0.406568 tcp 10.0.2.109 57978 -> 5.178.194.36 4983 FSPA* 0 0 14 1641 flow=From-Botnet-V1-TCP-Established 1970/02/11 12:30:32.178442 3.001507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 12:30:39.185662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:30:47.187284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:31:03.190461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:31:35.196450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:32:04.408271 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 12:32:04.408375 0.081251 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:04.489969 0.049695 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:04.540049 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 12:32:22.896449 0.034207 tcp 10.0.2.109 57979 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 12:32:22.930921 0.065468 tcp 10.0.2.109 57980 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 12:32:22.996667 0.343967 tcp 10.0.2.109 57981 -> 195.113.214.249 443 SRPA* 0 0 36 27217 flow=From-Botnet-V1-TCP-Established 1970/02/11 12:32:23.341261 0.077240 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:23.418955 0.167074 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:23.586580 0.187449 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:23.774396 0.100622 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:23.875389 0.164500 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:24.040262 0.165160 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:24.205855 0.186265 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:24.392603 0.054065 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:24.447059 0.143176 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:24.590631 0.054747 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:24.645817 0.144534 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:24.790806 0.074748 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:24.865955 0.062040 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:24.928398 0.149036 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:25.077866 0.137057 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:25.215368 0.332995 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:25.548748 0.275339 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:25.824529 0.089077 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:25.914012 0.140255 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:26.054695 0.338204 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:26.393299 0.185109 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:26.578786 0.266080 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:26.845304 0.310986 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:32:27.156672 0.147090 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/11 12:37:39.201905 3.034596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 12:37:46.219809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:37:54.221166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:38:10.224592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:38:42.230439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:44:46.236540 3.001159 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 12:44:53.244099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:45:01.248624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:45:17.248106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:45:49.254889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:54:01.264277 3.005041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 12:54:08.275623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:54:16.273085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:54:32.282711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:55:04.282173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 12:56:34.902981 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 12:56:34.903094 0.684265 tcp 10.0.2.109 57982 -> 5.178.194.36 4983 FSPA* 0 0 15 1594 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:01:13.295462 3.001493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 13:01:20.302695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:01:28.304341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:01:44.307259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:02:16.313529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:02:55.069552 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 13:02:55.069705 0.049138 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:55.119265 0.076521 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:55.196542 0.050575 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:55.247495 0.187816 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:55.435715 0.125831 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:55.561949 0.076799 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:55.639112 0.166236 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:55.805693 0.165193 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:55.971260 0.165343 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:56.137012 0.188881 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:56.326297 0.053790 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:56.380479 0.144405 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:56.525294 0.053854 udp 10.0.2.109 3683 <-> 82.211.185.55 8133 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:56.579598 0.144093 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:56.724068 0.085107 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:56.809546 0.059110 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:56.869025 0.332948 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:57.202356 0.375322 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:57.578055 0.084871 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:57.663361 0.150573 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:02:57.814352 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 13:03:14.048143 0.053549 tcp 10.0.2.109 57983 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:03:14.102002 0.066275 tcp 10.0.2.109 57984 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:03:14.168572 0.170342 tcp 10.0.2.109 57985 -> 195.113.214.249 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:03:14.339497 0.156080 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:03:14.495974 0.325278 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:03:14.821665 0.164763 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:03:14.986813 0.214477 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:03:15.201691 0.310311 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:03:15.512399 0.147704 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:08:29.322390 3.001477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 13:08:36.329693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:08:44.331147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:09:00.334267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:09:32.340967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:15:36.346836 3.000811 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 13:15:43.353585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:15:51.355111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:16:07.358670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:16:39.368758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:22:43.370519 3.001660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 13:22:50.377759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:22:58.379005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:23:14.382361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:23:46.388418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:26:35.561799 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 13:26:35.561899 0.543097 tcp 10.0.2.109 57986 -> 5.178.194.36 4983 FSPA* 0 0 14 1633 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:29:50.394630 3.001419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 13:29:57.405185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:30:05.403232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:30:21.406886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:30:53.411944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:33:41.334039 0.000206 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 13:33:41.334346 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 13:33:58.280374 0.051924 tcp 10.0.2.109 57987 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:33:58.332595 0.064221 tcp 10.0.2.109 57988 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:33:58.397103 0.158075 tcp 10.0.2.109 57989 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:33:58.555714 0.069693 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:58.625782 0.049006 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:58.675176 0.193478 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:58.869378 0.103852 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:58.973648 0.047954 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:59.021945 0.163230 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:59.185653 0.074289 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:59.260336 0.168503 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:59.429279 0.165149 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:59.594830 0.188474 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:33:59.783715 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 8133 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 13:34:17.826422 0.051710 tcp 10.0.2.109 57990 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:34:17.878388 0.065467 tcp 10.0.2.109 57991 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:34:17.944116 0.159751 tcp 10.0.2.109 57992 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 13:34:18.104449 0.142651 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:18.247462 0.074829 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:18.322650 0.063556 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:18.386648 0.142459 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:18.529498 0.049115 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:18.578994 0.272719 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:18.852071 0.340187 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:19.192596 0.090574 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:19.283583 0.145112 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:19.429063 0.164396 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:19.593865 0.369761 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:19.963991 0.241160 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:20.205537 0.520254 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:20.726206 0.322115 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:34:21.048720 0.146728 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/11 13:36:57.418160 3.001435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 13:37:04.425520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:37:12.427067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:37:28.431483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:38:00.436141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:44:04.441754 3.001855 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 13:44:11.449895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:44:19.450900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:44:35.454784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:45:07.460417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:53:32.469085 3.001702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 13:53:39.476435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:53:47.477718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:54:03.480652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:54:35.488060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 13:56:36.113004 0.102631 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 13:56:36.215764 0.426625 tcp 10.0.2.109 57993 -> 5.178.194.36 4983 FSPA* 0 0 14 1719 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:00:39.494209 3.000979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 14:00:46.499986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:00:54.501605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:01:10.504828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:01:42.510702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:04:28.629825 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 14:04:28.629937 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 8133 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 14:04:45.935914 0.051852 tcp 10.0.2.109 57994 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:04:45.988033 0.065348 tcp 10.0.2.109 57995 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:04:46.053683 0.155420 tcp 10.0.2.109 57996 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:04:46.209749 0.190870 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:46.400967 0.179014 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:46.580327 0.079762 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:46.660486 0.049064 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:46.709888 0.076560 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:46.786839 0.167192 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:46.954420 0.239280 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:47.194126 0.188708 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:47.383192 0.166178 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:47.549736 0.041696 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:47.591858 0.146447 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:47.738692 0.074585 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:47.813715 0.065009 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:47.997453 0.142749 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:48.140557 0.051381 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:48.192344 0.290464 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:48.483174 0.320827 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:48.804411 0.088851 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:48.893703 0.148338 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:49.042440 0.172913 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:49.215729 0.364684 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:49.580742 0.239666 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:49.820813 0.105660 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:49.926861 0.319173 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:04:50.246425 0.130920 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:07:46.517898 3.004423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 14:07:54.301430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:08:02.202622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:08:18.018500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:08:49.635537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:14:53.551671 3.000718 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 14:15:00.558511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:15:08.559567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:15:24.562788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:15:56.568610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:22:00.575892 3.000176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 14:22:07.588331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:22:15.583541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:22:31.586642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:23:03.592700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:26:36.559269 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 14:26:36.559442 0.541158 tcp 10.0.2.109 57997 -> 5.178.194.36 4983 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:29:07.603559 2.999301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 14:29:14.610952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:29:22.607509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:29:38.612825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:30:10.616690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:35:07.403556 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 14:35:07.403653 0.192033 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:07.596040 0.110915 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:07.707304 0.080875 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:07.788620 0.049731 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:07.838705 0.077240 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:07.916284 0.167666 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:08.084418 0.168369 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:08.253222 0.190246 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:08.443875 0.160785 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:08.605100 0.054979 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:08.660479 0.144744 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:08.805623 0.084912 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:08.890919 0.066114 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:08.957416 0.143170 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:09.100987 0.049960 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:09.151336 0.320139 udp 10.0.2.109 3683 <-> 125.113.178.73 6255 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:09.471873 0.339536 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:09.811762 0.089925 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:09.902095 0.145525 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:10.048066 0.202296 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:10.250755 0.411033 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:10.662387 0.309940 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:10.972740 0.130788 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:11.103935 0.173560 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:35:11.277939 0.336115 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/11 14:36:14.622968 3.001211 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 14:36:21.630344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:36:29.631595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:36:45.634404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:37:17.643118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:43:21.646263 3.012547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 14:43:28.663951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:43:36.665300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:43:52.668401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:44:24.674476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:50:28.681186 3.001055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 14:50:35.687829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:50:43.689552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:50:59.692681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:51:31.698583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:56:37.108226 0.040199 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 14:56:37.148560 2.992137 tcp 10.0.2.109 57998 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:56:46.113089 0.000000 tcp 10.0.2.109 57998 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:56:52.120825 0.063276 tcp 10.0.2.109 57999 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:56:52.184373 0.075526 tcp 10.0.2.109 58000 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:56:52.260194 0.155033 tcp 10.0.2.109 58001 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:56:52.452968 3.001057 tcp 10.0.2.109 58002 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:57:01.452685 0.000000 tcp 10.0.2.109 58002 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:57:07.452245 0.052039 tcp 10.0.2.109 58003 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:57:07.504570 0.063864 tcp 10.0.2.109 58004 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:57:07.568730 0.150001 tcp 10.0.2.109 58005 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:57:07.768398 3.007527 tcp 10.0.2.109 58006 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:57:16.776874 0.000000 tcp 10.0.2.109 58006 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:57:22.763738 0.051689 tcp 10.0.2.109 58007 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:57:22.815738 0.064292 tcp 10.0.2.109 58008 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:57:22.880305 0.146189 tcp 10.0.2.109 58009 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:57:23.063500 2.994401 tcp 10.0.2.109 58010 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:57:32.066601 0.000000 tcp 10.0.2.109 58010 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:57:35.705558 3.042727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 14:57:38.059158 0.105880 tcp 10.0.2.109 58011 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:57:38.165279 0.067003 tcp 10.0.2.109 58012 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:57:38.232624 0.148810 tcp 10.0.2.109 58013 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 14:57:38.405313 2.983426 tcp 10.0.2.109 58014 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:57:42.730723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:57:47.358597 0.000000 tcp 10.0.2.109 58014 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:57:50.713124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:57:53.360016 3.002891 tcp 10.0.2.109 58015 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:58:02.360656 0.000000 tcp 10.0.2.109 58015 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:58:06.716502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 14:58:08.358999 3.006293 tcp 10.0.2.109 58016 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:58:17.365247 0.000000 tcp 10.0.2.109 58016 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:58:23.360634 3.004049 tcp 10.0.2.109 58017 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:58:27.997113 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 14:58:32.366359 0.000000 tcp 10.0.2.109 58017 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 14:58:38.722714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:03:38.363643 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:03:38.363825 2.993920 tcp 10.0.2.109 58018 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:03:47.367870 0.000000 tcp 10.0.2.109 58018 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:03:53.366628 0.052693 tcp 10.0.2.109 58019 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:03:53.419590 0.065728 tcp 10.0.2.109 58020 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:03:53.485613 0.153193 tcp 10.0.2.109 58021 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:03:53.717044 3.003692 tcp 10.0.2.109 58022 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:04:02.718319 0.000000 tcp 10.0.2.109 58022 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:04:08.716854 0.051500 tcp 10.0.2.109 58023 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:04:08.768698 0.063756 tcp 10.0.2.109 58024 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:04:08.832705 0.150990 tcp 10.0.2.109 58025 -> 195.113.214.249 443 SRPA* 0 0 41 21608 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:04:09.362682 2.999166 tcp 10.0.2.109 58026 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:04:18.376668 0.000000 tcp 10.0.2.109 58026 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:04:24.359789 0.051954 tcp 10.0.2.109 58027 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:04:24.411953 0.061584 tcp 10.0.2.109 58028 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:04:24.473798 0.153110 tcp 10.0.2.109 58029 -> 195.113.214.249 443 SRPA* 0 0 24 14054 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:04:24.888356 2.996021 tcp 10.0.2.109 58030 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:04:33.882487 0.000000 tcp 10.0.2.109 58030 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:04:39.882489 0.053216 tcp 10.0.2.109 58031 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:04:39.935988 0.064630 tcp 10.0.2.109 58032 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:04:40.000933 0.152264 tcp 10.0.2.109 58033 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:04:40.333445 3.003264 tcp 10.0.2.109 58034 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:04:49.337225 0.000000 tcp 10.0.2.109 58034 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:04:55.333985 2.994516 tcp 10.0.2.109 58035 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:04:59.743227 3.001451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 15:05:04.336956 0.000000 tcp 10.0.2.109 58035 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:05:06.749716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:05:10.335746 2.993971 tcp 10.0.2.109 58036 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:05:14.751215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:05:19.328721 0.000000 tcp 10.0.2.109 58036 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:05:25.338618 2.992872 tcp 10.0.2.109 58037 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:05:29.993806 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:05:30.755066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:05:34.329812 0.000000 tcp 10.0.2.109 58037 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:05:39.117103 0.078792 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:39.196257 0.051086 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:39.247798 0.073991 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:39.322214 0.189999 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:39.512674 0.120287 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:39.633328 0.167673 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:39.801484 0.297690 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:40.099578 0.188859 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:40.288864 0.166546 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:40.455876 0.055474 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:40.511751 0.142550 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:40.654660 0.074315 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:40.729430 0.062732 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:40.792599 0.000000 udp 10.0.2.109 3683 -> 125.113.178.73 6255 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:05:58.415717 0.053163 tcp 10.0.2.109 58038 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:05:58.469146 0.062553 tcp 10.0.2.109 58039 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:05:58.531974 0.150259 tcp 10.0.2.109 58040 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:05:58.682733 0.326300 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:59.009455 0.086240 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:59.096100 0.145586 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:59.242045 0.051362 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:59.293791 0.146384 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:59.440527 0.244932 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:05:59.685918 0.522712 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:06:00.209021 0.309348 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:06:00.518756 0.338133 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:06:00.857301 0.131578 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:06:00.989214 0.173316 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:06:02.760801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:10:40.341976 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:10:40.342122 3.002343 tcp 10.0.2.109 58041 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:10:49.342821 0.000000 tcp 10.0.2.109 58041 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:10:55.344263 0.054208 tcp 10.0.2.109 58042 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:10:55.398750 0.061833 tcp 10.0.2.109 58043 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:10:55.460835 0.149978 tcp 10.0.2.109 58044 -> 195.113.214.249 443 SRPA* 0 0 33 19362 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:10:55.747006 2.999382 tcp 10.0.2.109 58045 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:11:04.745093 0.000000 tcp 10.0.2.109 58045 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:11:10.744296 0.052550 tcp 10.0.2.109 58046 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:11:10.797117 0.064618 tcp 10.0.2.109 58047 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:11:10.861943 0.153806 tcp 10.0.2.109 58048 -> 195.113.214.249 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:11:11.478523 2.990445 tcp 10.0.2.109 58049 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:11:20.477724 0.000000 tcp 10.0.2.109 58049 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:11:26.476956 0.053174 tcp 10.0.2.109 58050 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:11:26.530459 0.064684 tcp 10.0.2.109 58051 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:11:26.595407 0.149154 tcp 10.0.2.109 58052 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:11:26.872205 2.998994 tcp 10.0.2.109 58053 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:11:35.869646 0.000000 tcp 10.0.2.109 58053 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:11:41.868685 0.053845 tcp 10.0.2.109 58054 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:11:41.922816 0.063972 tcp 10.0.2.109 58055 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:11:41.987090 0.153584 tcp 10.0.2.109 58056 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:11:42.390524 3.003045 tcp 10.0.2.109 58057 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:11:51.392095 0.000000 tcp 10.0.2.109 58057 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:11:57.391018 3.003742 tcp 10.0.2.109 58058 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:12:06.393590 0.000000 tcp 10.0.2.109 58058 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:12:12.393072 3.003579 tcp 10.0.2.109 58059 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:12:15.784991 2.998138 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 15:12:21.395296 0.000000 tcp 10.0.2.109 58059 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:12:22.787380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:12:27.394017 2.994443 tcp 10.0.2.109 58060 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:12:30.788703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:12:32.000591 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:12:36.396727 0.000000 tcp 10.0.2.109 58060 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:12:46.791967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:13:18.799713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:17:42.397035 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:17:42.397213 2.993733 tcp 10.0.2.109 58061 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:17:51.389599 0.000000 tcp 10.0.2.109 58061 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:17:57.400641 0.052903 tcp 10.0.2.109 58062 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:17:57.453787 0.063902 tcp 10.0.2.109 58063 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:17:57.517970 0.150483 tcp 10.0.2.109 58064 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:17:58.140287 3.003504 tcp 10.0.2.109 58065 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:18:07.142343 0.000000 tcp 10.0.2.109 58065 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:18:13.141882 0.052806 tcp 10.0.2.109 58066 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:18:13.194985 0.075894 tcp 10.0.2.109 58067 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:18:13.271219 0.148862 tcp 10.0.2.109 58068 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:18:14.023640 3.003047 tcp 10.0.2.109 58069 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:18:23.025420 0.000000 tcp 10.0.2.109 58069 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:18:29.025385 0.052668 tcp 10.0.2.109 58070 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:18:29.078395 0.063333 tcp 10.0.2.109 58071 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:18:29.142239 0.149454 tcp 10.0.2.109 58072 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:18:29.368900 2.989795 tcp 10.0.2.109 58073 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:18:38.367341 0.000000 tcp 10.0.2.109 58073 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:18:44.366968 0.052280 tcp 10.0.2.109 58074 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:18:44.419538 0.062614 tcp 10.0.2.109 58075 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:18:44.482458 0.147322 tcp 10.0.2.109 58076 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:18:44.808113 3.002823 tcp 10.0.2.109 58077 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:18:53.809573 0.000000 tcp 10.0.2.109 58077 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:18:59.808793 3.003577 tcp 10.0.2.109 58078 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:19:08.810980 0.000000 tcp 10.0.2.109 58078 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:19:14.809668 3.004250 tcp 10.0.2.109 58079 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:19:22.805009 3.000502 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 15:19:23.812584 0.000000 tcp 10.0.2.109 58079 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:19:29.811377 3.004526 tcp 10.0.2.109 58080 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:19:29.811544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:19:34.497877 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:19:37.812731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:19:38.814369 0.000000 tcp 10.0.2.109 58080 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:19:53.815990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:20:25.826796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:26:29.827229 3.002218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 15:26:36.835354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:26:44.836374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:27:00.839698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:27:32.845874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:33:36.852353 3.001009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 15:33:43.859769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:33:51.861145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:34:07.863824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:34:39.892432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:36:28.035573 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:36:28.035811 0.000000 udp 10.0.2.109 3683 -> 125.113.178.73 6255 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:36:43.739378 0.052707 tcp 10.0.2.109 58081 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:36:43.792401 0.064116 tcp 10.0.2.109 58082 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:36:43.856808 0.153789 tcp 10.0.2.109 58083 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:36:44.011111 0.129827 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:36:44.100398 0.053347 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:36:44.397681 0.172166 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:36:44.629949 0.178651 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:36:44.805746 0.114033 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:36:45.006363 2.997405 tcp 10.0.2.109 58084 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:36:45.032772 0.199238 rtp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:36:45.296451 0.158151 rtp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:36:45.413254 0.184593 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:36:45.594324 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:36:54.002587 0.000000 tcp 10.0.2.109 58084 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:37:00.005586 0.051772 tcp 10.0.2.109 58085 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:37:00.057620 0.064386 tcp 10.0.2.109 58086 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:37:00.122289 0.154081 tcp 10.0.2.109 58087 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:37:00.380051 3.079626 tcp 10.0.2.109 58088 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:37:04.311743 0.052315 tcp 10.0.2.109 58089 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:37:04.364426 0.064545 tcp 10.0.2.109 58090 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:37:04.429270 0.152732 tcp 10.0.2.109 58091 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:37:04.582661 0.170874 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:04.729492 0.069840 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:04.967635 0.080933 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:05.032378 0.191681 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:05.219929 0.170355 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:05.474015 0.065925 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:05.523729 0.176553 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:05.672257 0.336145 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:06.007863 0.123703 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:06.142917 0.156176 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:06.297788 1.256508 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:07.518912 0.313794 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:07.826290 0.359475 rtp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:08.260696 0.144558 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:08.396359 0.226002 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:08.614832 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 REQ 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:37:09.415713 0.000000 tcp 10.0.2.109 58088 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:37:13.836805 0.105030 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 2844 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:14.119448 0.533284 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 8 2975 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:14.862810 0.332806 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3005 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:15.190989 0.211535 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 8 3211 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:15.360976 0.287923 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 8 3063 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:15.383698 0.051094 tcp 10.0.2.109 58092 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:37:15.435027 0.063994 tcp 10.0.2.109 58093 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:37:15.499282 0.154986 tcp 10.0.2.109 58094 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:37:15.611273 0.329021 udp 10.0.2.109 3683 <-> 99.163.247.44 8222 CON 0 0 8 3160 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:15.703242 2.995377 tcp 10.0.2.109 58095 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:37:15.939413 0.176075 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 8 2798 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:16.077760 0.383377 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 8 2829 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:16.453941 0.139478 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 8 2879 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:16.634719 0.116857 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 8 2949 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:16.736191 0.315429 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 8 3337 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:17.027556 0.393889 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 8 2852 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:17.417844 0.309951 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3384 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:17.704449 0.137849 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 2888 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:17.827631 0.348368 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 3184 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:18.145252 0.669193 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 8 3099 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:18.813952 0.324069 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 8 2942 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:19.311414 0.219169 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 8 2727 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:19.500625 0.616370 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 2953 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:20.115683 2.120847 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 8 2939 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:22.201691 0.276873 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 8 2967 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:22.470928 0.363390 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 8 3008 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:22.794855 0.690847 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 8 2928 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:23.463663 0.463790 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 8 3129 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:37:24.044151 0.000000 udp 10.0.2.109 3683 -> 216.165.250.100 1730 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:37:24.708659 0.000000 tcp 10.0.2.109 58095 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:37:30.695314 2.994277 tcp 10.0.2.109 58096 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:37:31.586604 0.000000 udp 10.0.2.109 3683 -> 78.145.70.177 9501 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:37:39.067475 0.000000 udp 10.0.2.109 3683 -> 50.198.227.218 7646 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:37:39.688161 0.000000 tcp 10.0.2.109 58096 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:37:46.187631 0.000000 udp 10.0.2.109 3683 -> 50.127.15.141 1596 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:37:53.538635 0.000000 udp 10.0.2.109 3683 -> 99.228.230.225 8319 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:37:59.126677 0.000000 udp 10.0.2.109 3683 -> 188.219.195.182 2989 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:38:03.993149 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:38:06.437099 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:38:14.828745 0.000000 udp 10.0.2.109 3683 -> 187.174.119.158 4826 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:38:22.549990 0.000000 udp 10.0.2.109 3683 -> 223.219.45.36 9143 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:38:31.272602 0.513723 udp 10.0.2.109 3683 <-> 190.118.132.22 5253 CON 0 0 8 3149 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:38:31.854498 0.000000 udp 10.0.2.109 3683 -> 139.130.237.178 8942 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:38:40.425814 0.000000 udp 10.0.2.109 3683 -> 210.253.233.29 2650 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:38:47.466019 0.000000 udp 10.0.2.109 3683 -> 173.251.120.42 9546 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:38:51.992356 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:38:55.677781 0.000000 udp 10.0.2.109 3683 -> 80.12.82.225 9366 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:39:04.510139 0.000000 udp 10.0.2.109 3683 -> 93.36.223.65 6413 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:39:10.298857 0.000000 udp 10.0.2.109 3683 -> 66.216.162.18 3851 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:39:17.789541 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:39:24.529161 0.000000 udp 10.0.2.109 3683 -> 190.51.186.132 1794 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:39:33.041423 0.000000 udp 10.0.2.109 3683 -> 173.3.60.198 6109 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:39:37.998354 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:39:40.271940 0.432911 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 8 2916 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:39:40.728934 0.000000 udp 10.0.2.109 3683 -> 110.66.202.85 6291 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:39:49.425006 0.000000 udp 10.0.2.109 3683 -> 203.45.119.254 3230 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:39:54.803020 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:02.794210 0.000000 udp 10.0.2.109 3683 -> 107.0.237.250 2307 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:09.513806 0.000000 udp 10.0.2.109 3683 -> 117.218.16.116 8894 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:14.750725 0.000000 udp 10.0.2.109 3683 -> 82.44.26.117 2612 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:19.818780 0.000000 udp 10.0.2.109 3683 -> 209.173.42.134 2218 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:24.495179 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:40:25.386845 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:34.269481 0.000000 udp 10.0.2.109 3683 -> 62.38.192.120 3845 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:41.720170 0.000000 udp 10.0.2.109 3683 -> 103.7.100.98 9854 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:43.877581 3.000938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 15:40:50.092536 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:50.882871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:40:57.984303 0.000000 udp 10.0.2.109 3683 -> 95.89.46.153 7023 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:40:58.885160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:41:03.070652 0.000000 udp 10.0.2.109 3683 -> 82.189.216.74 5286 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:41:09.720439 0.000000 udp 10.0.2.109 3683 -> 108.20.54.46 7824 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:41:14.497217 0.000153 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:41:14.887709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:41:16.209857 0.000000 udp 10.0.2.109 3683 -> 69.119.25.96 8047 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:41:21.809212 0.000000 udp 10.0.2.109 3683 -> 58.6.124.79 1550 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:41:27.756592 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:41:36.438982 0.000000 udp 10.0.2.109 3683 -> 24.244.158.46 7863 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:41:43.789352 0.000000 udp 10.0.2.109 3683 -> 122.168.22.76 2843 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:41:46.893246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:41:51.870978 0.000000 udp 10.0.2.109 3683 -> 107.200.62.107 4123 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:00.677341 0.169468 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 8 3467 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:42:00.840687 0.000000 udp 10.0.2.109 3683 -> 81.137.23.105 1177 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:05.500365 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:42:07.783883 0.117333 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 8 2820 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:42:07.930344 0.000000 udp 10.0.2.109 3683 -> 110.143.53.233 6118 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:13.211911 0.455287 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 8 3009 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:42:13.694871 0.000000 udp 10.0.2.109 3683 -> 82.2.135.11 2811 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:20.161938 0.000000 udp 10.0.2.109 3683 -> 189.48.197.211 4982 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:25.168936 0.000000 udp 10.0.2.109 3683 -> 151.95.23.238 9438 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:30.336696 0.202617 udp 10.0.2.109 3683 <-> 193.90.62.79 9082 CON 0 0 8 3397 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:42:30.560355 0.098958 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 8 2861 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:42:30.755027 0.097878 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 8 2948 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:42:30.927061 0.000000 udp 10.0.2.109 3683 -> 62.49.31.34 7814 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:37.386554 0.823541 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 8 2845 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:42:38.269730 0.000000 udp 10.0.2.109 3683 -> 176.253.237.122 6651 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:45.699359 3.003252 tcp 10.0.2.109 58097 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:42:46.329303 0.000000 udp 10.0.2.109 3683 -> 78.179.41.110 6035 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:50.495061 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:42:51.470581 0.192913 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 8 3051 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:42:52.070676 0.000000 udp 10.0.2.109 3683 -> 95.251.46.42 9746 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:42:54.701033 0.000000 tcp 10.0.2.109 58097 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:42:57.876757 0.193596 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 8 3085 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:42:58.075261 0.000000 udp 10.0.2.109 3683 -> 186.74.34.202 8150 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:43:00.705261 0.054584 tcp 10.0.2.109 58098 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:43:00.760180 0.065116 tcp 10.0.2.109 58099 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:43:00.825578 0.151323 tcp 10.0.2.109 58100 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:43:01.061718 3.012233 tcp 10.0.2.109 58101 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:43:04.004121 0.000000 udp 10.0.2.109 3683 -> 186.7.240.224 2209 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:43:10.064503 0.000000 tcp 10.0.2.109 58101 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 15:43:11.431307 0.000000 udp 10.0.2.109 3683 -> 41.133.229.62 1000 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:43:16.052543 0.052183 tcp 10.0.2.109 58102 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:43:16.105042 0.064993 tcp 10.0.2.109 58103 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:43:16.170524 0.150240 tcp 10.0.2.109 58104 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:43:16.483454 0.603383 tcp 10.0.2.109 58105 -> 31.192.30.72 6269 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/02/11 15:43:16.753222 0.627985 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 8 2936 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:43:17.414789 0.119897 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 8 3091 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:43:17.704351 0.514362 udp 10.0.2.109 3683 <-> 190.68.209.42 4352 CON 0 0 8 2890 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:43:18.280076 0.000000 udp 10.0.2.109 3683 -> 81.133.199.23 3549 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:43:27.138457 0.130333 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 8 3121 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:43:27.920243 0.000000 udp 10.0.2.109 3683 -> 188.141.85.234 7313 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:43:35.490273 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:43:43.301116 0.000000 udp 10.0.2.109 3683 -> 180.61.2.35 4674 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:43:49.570329 0.000000 udp 10.0.2.109 3683 -> 94.173.141.138 6284 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:43:56.951636 0.745038 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 8 2863 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:43:57.895490 0.000000 udp 10.0.2.109 3683 -> 203.122.229.55 2985 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:44:01.497212 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:44:05.813262 0.000000 udp 10.0.2.109 3683 -> 79.129.31.168 1490 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:44:14.486843 0.000000 udp 10.0.2.109 3683 -> 189.135.170.197 4881 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:44:20.004274 0.391479 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 8 3029 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:44:20.688217 0.000000 udp 10.0.2.109 3683 -> 123.201.85.249 9911 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:44:29.498473 0.000000 udp 10.0.2.109 3683 -> 87.23.140.130 4291 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:44:36.037090 0.000000 udp 10.0.2.109 3683 -> 203.234.85.15 4628 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:44:42.186244 0.000000 udp 10.0.2.109 3683 -> 66.255.245.228 6734 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:44:46.992544 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:44:50.227994 0.000000 udp 10.0.2.109 3683 -> 173.178.5.157 8704 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:44:57.937895 0.000000 udp 10.0.2.109 3683 -> 173.10.232.66 3310 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:45:06.305831 0.387910 udp 10.0.2.109 3683 <-> 70.50.202.162 6552 CON 0 0 8 3204 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:45:06.978260 0.000000 udp 10.0.2.109 3683 -> 80.2.14.110 3225 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:45:15.053162 0.000000 udp 10.0.2.109 3683 -> 187.184.130.200 1330 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:45:20.085574 0.335946 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 8 2947 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:45:20.673076 0.078868 rtp 10.0.2.109 3683 <-> 91.120.152.253 4028 CON 0 0 8 3244 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:45:20.799635 0.204662 rtp 10.0.2.109 3683 <-> 86.154.165.199 7891 CON 0 0 8 2992 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:45:21.075767 0.000000 udp 10.0.2.109 3683 -> 190.79.107.203 6342 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:45:28.134676 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 9244 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:45:32.998513 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:45:33.459870 0.000000 udp 10.0.2.109 3683 -> 186.99.14.253 8413 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:45:42.242348 0.000000 udp 10.0.2.109 3683 -> 72.67.117.12 9902 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:45:50.243978 0.477191 udp 10.0.2.109 3683 <-> 107.199.61.254 8239 CON 0 0 8 2892 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:45:50.795894 0.634609 udp 10.0.2.109 3683 <-> 201.241.4.103 6803 CON 0 0 8 3291 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:45:51.530201 0.191138 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 8 3034 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:45:51.790047 0.000000 udp 10.0.2.109 3683 -> 121.241.197.51 9127 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:45:57.414434 0.000000 udp 10.0.2.109 3683 -> 78.110.79.163 2151 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:46:02.531372 0.000000 udp 10.0.2.109 3683 -> 89.93.161.24 4099 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:46:10.602763 0.370263 udp 10.0.2.109 3683 <-> 99.126.211.146 7782 CON 0 0 8 3120 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:46:11.451650 0.345997 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 8 3231 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:46:11.899937 0.000000 udp 10.0.2.109 3683 -> 84.111.178.118 9246 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:46:18.664618 1.590690 udp 10.0.2.109 3683 <-> 190.199.170.235 3924 CON 0 0 8 3100 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:46:20.288166 0.000000 udp 10.0.2.109 3683 -> 49.248.129.154 8742 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:46:23.492308 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:46:25.354402 0.000000 udp 10.0.2.109 3683 -> 146.145.87.98 8998 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:46:30.992211 0.000000 udp 10.0.2.109 3683 -> 72.16.186.185 9031 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:46:35.999577 0.300107 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 8 3092 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:46:36.321525 0.000000 udp 10.0.2.109 3683 -> 217.133.11.253 1948 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:46:41.527706 0.000000 udp 10.0.2.109 3683 -> 175.145.84.80 6175 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:46:47.275721 0.000000 udp 10.0.2.109 3683 -> 85.83.22.23 8317 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:46:54.407747 0.000000 udp 10.0.2.109 3683 -> 67.216.136.127 8077 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:00.304705 0.000000 udp 10.0.2.109 3683 -> 62.41.136.49 6024 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:07.815115 0.000000 udp 10.0.2.109 3683 -> 94.65.70.36 8393 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:12.491988 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:47:14.525041 0.000000 udp 10.0.2.109 3683 -> 79.24.173.181 3022 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:22.035622 0.000000 udp 10.0.2.109 3683 -> 115.238.94.242 4133 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:29.556061 0.374616 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 8 2819 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:47:29.952464 0.000000 udp 10.0.2.109 3683 -> 65.78.163.43 7183 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:36.506533 0.000000 udp 10.0.2.109 3683 -> 1.220.141.146 9943 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:41.613710 0.651027 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 8 3162 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:47:42.339534 0.000000 udp 10.0.2.109 3683 -> 202.124.109.37 2595 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:48.453817 0.000000 udp 10.0.2.109 3683 -> 82.53.93.25 8012 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:50.900004 3.001467 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 15:47:55.714253 0.115764 udp 10.0.2.109 3683 -> 209.183.149.210 4216 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:47:55.830017 0.000000 icmp 209.183.149.210 0x0303 -> 10.0.2.109 0x7810 URP 192 1 134 flow=Background 1970/02/11 15:47:57.907356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:48:00.490792 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 15:48:00.921552 0.426218 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 8 2936 flow=From-Botnet-V1-UDP-Established 1970/02/11 15:48:01.417200 0.000000 udp 10.0.2.109 3683 -> 79.4.17.149 5906 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:48:05.909146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:48:06.870213 0.000000 udp 10.0.2.109 3683 -> 216.82.214.61 6518 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:48:12.197822 0.000000 udp 10.0.2.109 3683 -> 66.98.87.26 6733 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 15:48:21.911665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:48:53.917947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:55:34.927479 3.001354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 15:55:41.934292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:55:49.935739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:56:05.938882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 15:56:37.947621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:02:49.952447 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 16:02:56.959570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:03:04.961177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:03:20.964112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:03:52.969947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:09:56.975533 3.002412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 16:10:03.983344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:10:11.985473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:10:27.988309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:10:59.994407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:13:17.091878 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 16:13:17.091978 0.609036 tcp 10.0.2.109 58106 -> 31.192.30.72 6269 FSPA* 0 0 14 1549 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:17:04.000436 3.002276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 16:17:11.007598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:17:19.008909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:17:35.012349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:18:07.017769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:18:37.915077 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 16:18:37.915190 0.054283 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2612 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:38.139124 0.170767 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:38.330818 0.175845 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:38.502452 0.117850 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:38.610078 0.151213 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:38.723394 0.000000 udp 10.0.2.109 3683 -> 99.163.247.44 8222 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 16:18:56.591464 0.052708 tcp 10.0.2.109 58107 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:18:56.644486 0.066900 tcp 10.0.2.109 58108 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:18:56.711694 0.153768 tcp 10.0.2.109 58109 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:18:56.866063 0.204190 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:57.062288 0.068994 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:57.213570 0.080022 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:57.278843 0.117088 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:57.635454 0.169070 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:57.783691 0.192769 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2602 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:57.973062 0.169388 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:58.118226 0.067976 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:58.245925 0.327732 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:58.710982 0.176922 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:58.859381 0.121634 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:59.017729 0.252662 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:59.268003 0.334230 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:59.608832 0.235230 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:18:59.780218 1.059350 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:00.803362 0.143156 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:00.987422 0.361759 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:01.327517 0.240002 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:01.558184 0.369139 udp 10.0.2.109 3683 <-> 190.118.132.22 5253 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:01.919403 0.221772 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:02.185345 0.089005 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:02.249706 0.055122 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:02.393720 0.240754 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:02.631840 0.721783 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:03.348446 0.260053 udp 10.0.2.109 3683 <-> 193.90.62.79 9082 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:03.718164 0.051803 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:03.795441 0.420110 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:04.199318 0.106640 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:04.570576 0.118670 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:04.696261 0.220247 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:04.909503 0.068854 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:05.005128 0.474532 udp 10.0.2.109 3683 <-> 190.68.209.42 4352 CON 0 0 6 2016 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:05.451968 0.074939 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:05.538884 0.378537 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:05.903236 0.199814 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:06.095419 0.171606 udp 10.0.2.109 3683 <-> 70.50.202.162 6552 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:06.244606 0.168882 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:06.520951 0.112480 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:06.596878 0.177755 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:06.771544 0.350733 udp 10.0.2.109 3683 <-> 190.199.170.235 3924 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:07.085168 0.153215 rtp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:07.597401 0.179554 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:07.772560 0.329977 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:19:08.099959 0.253703 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:24:11.024144 3.113601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 16:24:18.111177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:24:26.044609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:24:42.046171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:25:14.052834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:31:18.058329 3.002981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 16:31:25.065731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:31:33.070648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:31:49.070315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:32:21.075890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:38:25.081690 3.002349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 16:38:32.089602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:38:40.091211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:38:56.093954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:39:28.100044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:43:17.700615 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 16:43:17.700707 0.748288 tcp 10.0.2.109 58110 -> 31.192.30.72 6269 FSPA* 0 0 14 1558 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:45:32.109455 2.998307 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 16:45:39.114560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:45:47.115040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:46:03.118167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:46:35.124266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:49:15.525293 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 16:49:15.525429 0.000000 udp 10.0.2.109 3683 -> 99.163.247.44 8222 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 16:49:30.848888 0.030953 tcp 10.0.2.109 58111 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:49:30.880429 0.065371 tcp 10.0.2.109 58112 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:49:30.946095 0.151347 tcp 10.0.2.109 58113 -> 195.113.214.249 443 SRPA* 0 0 32 16804 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:49:31.098395 0.049176 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:31.147957 0.112443 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:31.260802 0.169066 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:31.430290 0.177816 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:31.608544 0.083820 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:31.692791 0.187571 udp 10.0.2.109 3683 <-> 172.0.248.187 6759 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:31.880773 0.074216 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:31.955422 0.062028 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:32.017855 0.074252 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:32.092505 0.145855 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:32.238770 0.187385 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:32.426575 0.142248 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:32.569279 0.055522 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:32.625206 0.319797 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:32.945341 0.146004 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:33.091716 0.307104 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:33.399203 0.151743 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:33.551323 0.091498 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:33.643171 0.149691 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:33.793258 0.307590 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:34.101223 0.131840 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:34.233441 0.348697 udp 10.0.2.109 3683 <-> 190.118.132.22 5253 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:34.582488 0.323471 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:34.906323 0.227058 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:35.133817 0.212171 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:35.346534 0.067325 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:35.414274 0.055362 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:35.470034 0.218236 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:35.688665 0.046056 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:35.735090 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 16:49:53.680271 0.030925 tcp 10.0.2.109 58114 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:49:53.711484 0.065079 tcp 10.0.2.109 58115 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:49:53.776921 0.149153 tcp 10.0.2.109 58116 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 16:49:53.926620 0.427702 udp 10.0.2.109 3683 <-> 193.90.62.79 9082 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:54.354694 0.069355 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:54.424473 0.238776 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:54.663665 0.405001 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:55.069125 0.080014 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:55.149489 0.047558 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:55.197440 0.198873 udp 10.0.2.109 3683 <-> 190.68.209.42 4352 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:55.396751 0.053951 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:55.451130 0.390736 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:55.842427 0.165084 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:56.007897 0.078594 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:56.086920 0.169640 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:56.256955 0.175641 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:56.433007 0.143653 udp 10.0.2.109 3683 <-> 70.50.202.162 6552 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:56.577028 0.215102 udp 10.0.2.109 3683 <-> 190.199.170.235 3924 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:56.792527 0.142677 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:56.935632 0.179113 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:57.115185 0.324118 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:49:57.439708 0.183137 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/11 16:54:27.135521 3.001422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 16:54:34.142752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:54:42.144470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:54:58.147535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 16:55:30.153444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:01:56.171859 3.003007 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 17:02:03.182881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:02:11.180007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:02:27.182966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:02:59.189120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:09:10.195612 3.011148 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 17:09:17.212411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:09:25.213719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:09:41.217355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:10:13.222809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:13:18.449874 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 17:13:18.450072 0.566941 tcp 10.0.2.109 58117 -> 31.192.30.72 6269 FSPA* 0 0 14 1615 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:16:17.229188 3.001853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 17:16:24.236463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:16:32.238059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:16:48.241008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:17:20.247192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:20:17.602260 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 17:20:17.602448 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:20:33.387361 0.031919 tcp 10.0.2.109 58118 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:20:33.419599 0.064731 tcp 10.0.2.109 58119 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:20:33.484671 0.150691 tcp 10.0.2.109 58120 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:20:33.635969 0.167611 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:33.803908 0.169230 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:33.973483 0.083572 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:34.057455 0.000000 udp 10.0.2.109 3683 -> 172.0.248.187 6759 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:20:52.392750 0.030800 tcp 10.0.2.109 58121 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:20:52.423881 0.064744 tcp 10.0.2.109 58122 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:20:52.488958 0.148763 tcp 10.0.2.109 58123 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:20:52.638479 0.084957 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:52.723799 0.049810 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:52.774039 0.091862 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:52.866381 0.146143 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:53.012874 0.186207 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:53.199473 0.142679 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:53.342527 0.051083 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:53.394204 0.326822 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:53.721425 0.060651 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:53.782479 0.069799 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:53.852665 0.147617 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:54.000676 0.144992 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:54.146073 0.092941 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:54.239409 0.150024 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:54.389825 0.308001 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:54.698270 0.453817 udp 10.0.2.109 3683 <-> 190.118.132.22 5253 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:55.152435 0.324803 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:55.477628 0.065545 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:55.543652 0.130000 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:55.674038 0.230225 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:55.904664 0.056834 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:20:55.961921 0.000000 udp 10.0.2.109 3683 -> 107.198.157.80 6663 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:21:12.281918 0.030915 tcp 10.0.2.109 58124 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:21:12.313193 0.065164 tcp 10.0.2.109 58125 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:21:12.378707 0.154795 tcp 10.0.2.109 58126 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:21:12.533753 0.040620 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:12.574740 0.070519 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:12.645628 0.215300 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:12.861292 0.231165 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:13.092904 0.306269 udp 10.0.2.109 3683 <-> 193.90.62.79 9082 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:13.399618 0.069003 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:13.469024 0.400869 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:13.870314 0.082042 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:13.952735 0.052358 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:14.005479 0.000000 udp 10.0.2.109 3683 -> 190.68.209.42 4352 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:21:30.336939 0.031070 tcp 10.0.2.109 58127 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:21:30.368222 0.064125 tcp 10.0.2.109 58128 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:21:30.432630 0.153034 tcp 10.0.2.109 58129 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:21:30.586197 0.058003 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:30.644603 0.367255 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:31.012305 0.164008 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:31.176681 0.073513 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:31.250596 0.167550 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:31.418538 0.175052 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:31.594065 0.145181 udp 10.0.2.109 3683 <-> 70.50.202.162 6552 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:31.739676 0.000000 udp 10.0.2.109 3683 -> 190.199.170.235 3924 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:21:50.207596 0.031415 tcp 10.0.2.109 58130 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:21:50.239291 0.064609 tcp 10.0.2.109 58131 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:21:50.304165 0.148110 tcp 10.0.2.109 58132 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:21:50.452802 0.177052 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:50.630307 0.183344 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:50.814228 0.170800 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:21:50.985431 0.321552 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:23:24.253639 3.001070 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 17:23:31.260493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:23:39.261926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:23:55.266368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:24:27.283844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:30:31.287050 3.002304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 17:30:38.294349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:30:46.295989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:31:02.298964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:31:34.305303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:37:38.311263 3.001389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 17:37:45.318590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:37:53.319909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:38:09.322855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:38:41.332835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:43:19.028770 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 17:43:19.028938 0.522636 tcp 10.0.2.109 58133 -> 31.192.30.72 6269 FSPA* 0 0 14 1686 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:44:45.335436 3.001428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 17:44:52.342689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:45:00.343690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:45:16.346826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:45:48.355945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:52:16.411135 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 17:52:16.411255 0.000000 udp 10.0.2.109 3683 -> 172.0.248.187 6759 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:52:31.444402 0.031853 tcp 10.0.2.109 58134 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:52:31.476521 0.063876 tcp 10.0.2.109 58135 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:52:31.540676 0.155479 tcp 10.0.2.109 58136 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:52:31.696707 0.000000 udp 10.0.2.109 3683 -> 107.198.157.80 6663 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:52:47.376151 0.030814 tcp 10.0.2.109 58137 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:52:47.407265 0.065565 tcp 10.0.2.109 58138 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:52:47.473224 0.147437 tcp 10.0.2.109 58139 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:52:47.621178 0.000000 udp 10.0.2.109 3683 -> 190.68.209.42 4352 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:53:05.732460 0.030586 tcp 10.0.2.109 58140 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:53:05.763306 0.066948 tcp 10.0.2.109 58141 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:53:05.830507 0.148472 tcp 10.0.2.109 58142 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:53:05.979507 0.000000 udp 10.0.2.109 3683 -> 190.199.170.235 3924 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:53:21.174674 0.031245 tcp 10.0.2.109 58143 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:53:21.206163 0.063352 tcp 10.0.2.109 58144 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:53:21.269810 0.151316 tcp 10.0.2.109 58145 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:53:21.421636 0.165615 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:21.587680 0.172771 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:21.760815 0.079228 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:21.840449 0.049938 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:21.890823 0.074502 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:21.965750 0.109381 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:22.075567 0.162262 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:22.238256 0.060218 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:22.298806 0.073576 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:22.372771 0.190373 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:22.563570 0.144818 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:22.708752 0.320493 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:23.029645 0.055405 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:23.085437 0.149075 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:23.234913 0.150800 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:23.386110 0.092716 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:23.479205 0.667795 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:24.147389 0.306025 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:24.453835 1.093698 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:25.547960 0.056899 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:25.605305 0.325411 udp 10.0.2.109 3683 <-> 122.57.203.170 2182 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:25.931078 0.000000 udp 10.0.2.109 3683 -> 190.118.132.22 5253 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 17:53:43.577095 0.031182 tcp 10.0.2.109 58146 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:53:43.608594 0.063949 tcp 10.0.2.109 58147 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:53:43.672800 0.152401 tcp 10.0.2.109 58148 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 17:53:43.825877 0.215676 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:44.041943 0.130981 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:44.173270 0.041104 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:44.214746 0.078782 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:44.293907 0.207158 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:44.501512 0.404861 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:44.906750 0.076319 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:44.983470 0.264459 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:45.248352 0.292192 udp 10.0.2.109 3683 <-> 193.90.62.79 9082 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:45.540955 0.072494 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:45.613883 0.050152 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:45.664469 0.059915 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:45.724806 0.075898 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:45.801083 0.171207 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:45.972678 0.173770 udp 10.0.2.109 3683 <-> 108.236.241.21 1867 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:46.146863 0.146011 udp 10.0.2.109 3683 <-> 70.50.202.162 6552 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:46.293269 0.353684 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:46.647391 0.167816 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:46.815575 0.165553 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:46.981538 0.143737 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:47.125603 0.191593 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:53:47.317646 0.327982 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/11 17:54:04.368221 3.002487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 17:54:11.375794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:54:19.377691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:54:35.380695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 17:55:07.386729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:01:11.392956 3.001478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 18:01:18.400643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:01:26.401415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:01:42.404813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:02:14.410731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:08:26.418713 3.001008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 18:08:33.425697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:08:41.426928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:08:57.429835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:09:29.435944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:13:19.547422 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 18:13:19.547515 0.762136 tcp 10.0.2.109 58149 -> 31.192.30.72 6269 FSPA* 0 0 14 1561 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:15:33.442165 3.005193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 18:15:40.454655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:15:48.451007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:16:04.453931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:16:36.460457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:22:40.465977 3.001806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 18:22:47.477450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:22:55.474916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:23:11.477927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:23:43.484008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:23:58.249249 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 18:23:58.249350 0.531522 udp 10.0.2.109 3683 <-> 190.118.132.22 5253 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:58.781266 0.081074 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:58.862710 0.050980 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:58.914285 0.071018 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:58.985704 0.113983 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:59.100136 0.164988 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:59.265476 0.168653 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:59.434502 0.072914 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:59.507850 0.190120 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:59.698408 0.145127 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:59.843928 0.144614 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:23:59.988919 0.061382 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:00.050679 0.150500 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:00.201563 0.136412 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:00.338360 0.081733 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:00.420461 0.339951 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:00.760814 0.053155 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:00.814372 0.433873 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:01.248675 0.309324 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:01.558365 0.057219 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:01.615981 0.588910 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:02.205303 0.000000 udp 10.0.2.109 3683 -> 122.57.203.170 2182 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 18:24:18.976656 0.031445 tcp 10.0.2.109 58150 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:24:19.008369 0.063766 tcp 10.0.2.109 58151 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:24:19.072447 0.153090 tcp 10.0.2.109 58152 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:24:19.226392 0.226408 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:19.453247 0.130383 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:19.584016 0.215702 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:19.800078 0.045974 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:19.846489 0.071617 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:19.918508 0.229845 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:20.148728 0.405406 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:20.554531 0.074274 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:20.629178 0.139344 udp 10.0.2.109 3683 <-> 193.90.62.79 9082 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:20.768885 0.072463 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:20.841724 0.051070 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:20.893128 0.058872 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:20.952412 0.072786 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:21.025571 0.175272 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:24:21.201306 0.000000 udp 10.0.2.109 3683 -> 108.236.241.21 1867 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 18:24:36.711268 0.031492 tcp 10.0.2.109 58153 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:24:36.743061 0.063409 tcp 10.0.2.109 58154 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:24:36.806754 0.150607 tcp 10.0.2.109 58155 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:24:36.957903 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 18:24:53.075599 0.031002 tcp 10.0.2.109 58156 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:24:53.106889 0.063619 tcp 10.0.2.109 58157 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:24:53.170818 0.156948 tcp 10.0.2.109 58158 -> 195.113.214.249 443 SRPA* 0 0 22 11394 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:24:53.328312 0.000000 udp 10.0.2.109 3683 -> 70.50.202.162 6552 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 18:25:10.739874 0.031789 tcp 10.0.2.109 58159 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:25:10.771936 0.063289 tcp 10.0.2.109 58160 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:25:10.835524 0.149520 tcp 10.0.2.109 58161 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:25:10.985563 0.361102 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:25:11.347043 0.185822 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:25:11.533233 0.169298 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:25:11.702953 0.155308 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:25:11.858656 0.416901 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:29:47.490913 3.000896 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 18:29:54.497471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:30:02.505321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:30:18.506463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:30:50.508461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:36:54.514909 3.002246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 18:37:01.522674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:37:09.523024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:37:25.525681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:37:57.531896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:43:20.316551 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 18:43:20.316635 0.592258 tcp 10.0.2.109 58162 -> 31.192.30.72 6269 FSPA* 0 0 14 1705 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:44:01.538669 3.000690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 18:44:08.545233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:44:16.546478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:44:32.549736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:45:04.555706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:53:29.564235 3.003571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 18:53:36.571914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:53:44.573647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:54:00.576309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:54:32.582584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 18:55:25.468958 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 18:55:25.469150 0.000000 udp 10.0.2.109 3683 -> 122.57.203.170 2182 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 18:55:43.245940 0.031231 tcp 10.0.2.109 58163 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:55:43.277437 0.064601 tcp 10.0.2.109 58164 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:55:43.342252 0.154591 tcp 10.0.2.109 58165 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:55:43.497657 0.000000 udp 10.0.2.109 3683 -> 108.236.241.21 1867 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 18:55:59.818616 0.030711 tcp 10.0.2.109 58166 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:55:59.849650 0.064765 tcp 10.0.2.109 58167 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:55:59.914680 0.148668 tcp 10.0.2.109 58168 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:56:00.063862 0.000000 udp 10.0.2.109 3683 -> 70.50.202.162 6552 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 18:56:15.181080 0.031056 tcp 10.0.2.109 58169 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:56:15.212435 0.063155 tcp 10.0.2.109 58170 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:56:15.275875 0.152255 tcp 10.0.2.109 58171 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:56:15.428658 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 18:56:33.567375 0.031481 tcp 10.0.2.109 58172 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:56:33.599121 0.064319 tcp 10.0.2.109 58173 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:56:33.663703 0.156428 tcp 10.0.2.109 58174 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:56:33.820660 0.048551 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:33.869610 0.083360 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:33.953341 0.539155 udp 10.0.2.109 3683 <-> 190.118.132.22 5253 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:34.492873 0.074147 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:34.567419 0.188539 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:34.756328 0.144250 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:34.900951 0.144736 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:35.046065 0.163358 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:35.209851 0.102230 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:35.312495 0.075600 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:35.388568 0.168566 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:35.557547 0.148932 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:35.706869 0.060829 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:35.768089 0.326979 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:36.095432 0.106735 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:36.202541 0.136789 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:36.339692 0.054771 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:36.394841 0.148419 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:36.543624 0.306829 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:36.850850 0.053537 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:36.904826 0.930601 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:37.835884 0.131434 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:37.967691 0.207964 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:38.176086 0.040759 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:38.217261 0.226629 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:38.444274 0.066822 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:38.511537 0.056102 udp 10.0.2.109 3683 <-> 193.90.62.79 9082 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:38.568029 0.072515 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:38.640937 0.053397 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:38.694711 0.051488 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:38.746633 0.251832 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:38.998843 0.402756 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:39.401975 0.073044 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:39.475478 0.169037 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:39.644901 0.072413 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:39.717724 0.169058 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:39.887154 0.148336 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:40.035840 0.355142 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:40.391337 0.183633 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/11 18:56:40.575353 0.000000 udp 10.0.2.109 3683 -> 36.231.212.210 6096 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 18:56:56.840858 0.030776 tcp 10.0.2.109 58175 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:56:56.871948 0.065775 tcp 10.0.2.109 58176 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 18:56:56.938006 0.150006 tcp 10.0.2.109 58177 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:00:36.587777 3.002570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 19:00:43.596141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:00:51.601415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:01:07.600323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:01:39.606310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:07:43.612735 3.001232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 19:07:50.619826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:07:58.621401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:08:14.624208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:08:46.630459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:13:20.915228 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 19:13:20.915393 2.994238 tcp 10.0.2.109 58178 -> 31.192.30.72 6269 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:13:30.240473 0.000000 tcp 10.0.2.109 58178 -> 31.192.30.72 6269 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:13:36.192193 0.032203 tcp 10.0.2.109 58179 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:13:36.224767 0.064127 tcp 10.0.2.109 58180 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:13:36.289236 0.154483 tcp 10.0.2.109 58181 -> 195.113.214.249 443 SRPA* 0 0 22 11394 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:13:36.552853 2.965572 tcp 10.0.2.109 58182 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:13:45.466266 0.000000 tcp 10.0.2.109 58182 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:13:51.427302 0.030578 tcp 10.0.2.109 58183 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:13:51.458205 0.065394 tcp 10.0.2.109 58184 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:13:51.523883 0.155017 tcp 10.0.2.109 58185 -> 195.113.214.249 443 SRPA* 0 0 25 12168 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:13:51.872544 2.977203 tcp 10.0.2.109 58186 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:14:00.799384 0.000000 tcp 10.0.2.109 58186 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:14:06.732624 0.031406 tcp 10.0.2.109 58187 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:14:06.764309 0.065865 tcp 10.0.2.109 58188 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:14:06.830497 0.151009 tcp 10.0.2.109 58189 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:14:06.997922 2.997702 tcp 10.0.2.109 58190 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:14:15.997598 0.000000 tcp 10.0.2.109 58190 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:14:21.985185 0.031147 tcp 10.0.2.109 58191 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:14:22.016654 0.064899 tcp 10.0.2.109 58192 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:14:22.081982 0.150663 tcp 10.0.2.109 58193 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:14:22.567964 2.990731 tcp 10.0.2.109 58194 -> 31.192.30.72 6269 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:14:31.566396 0.000000 tcp 10.0.2.109 58194 -> 31.192.30.72 6269 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:14:37.565380 2.995949 tcp 10.0.2.109 58195 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:14:46.557928 0.000000 tcp 10.0.2.109 58195 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:14:50.640420 2.997583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 19:14:52.566352 3.535894 tcp 10.0.2.109 58196 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:14:58.169270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:15:02.026622 0.000000 tcp 10.0.2.109 58196 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:15:06.069718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:15:06.903358 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 19:15:07.957885 2.969389 tcp 10.0.2.109 58197 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:15:16.854778 0.000000 tcp 10.0.2.109 58197 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:15:21.879815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:15:53.665986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:20:22.571664 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 19:20:22.571779 3.003380 tcp 10.0.2.109 58198 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:20:31.573906 0.000000 tcp 10.0.2.109 58198 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:20:37.574101 0.032332 tcp 10.0.2.109 58199 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:20:37.606691 0.064684 tcp 10.0.2.109 58200 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:20:37.671829 0.154172 tcp 10.0.2.109 58201 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:20:38.464634 2.993197 tcp 10.0.2.109 58202 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:20:47.466773 0.000000 tcp 10.0.2.109 58202 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:20:53.467550 0.030901 tcp 10.0.2.109 58203 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:20:53.498715 0.067368 tcp 10.0.2.109 58204 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:20:53.566453 0.153524 tcp 10.0.2.109 58205 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:20:53.862733 2.997761 tcp 10.0.2.109 58206 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:21:02.859104 0.000000 tcp 10.0.2.109 58206 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:21:08.858761 0.031531 tcp 10.0.2.109 58207 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:21:08.890538 0.064873 tcp 10.0.2.109 58208 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:21:08.955645 0.151818 tcp 10.0.2.109 58209 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:21:09.466116 2.996964 tcp 10.0.2.109 58210 -> 31.192.30.72 6269 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:21:18.461397 0.000000 tcp 10.0.2.109 58210 -> 31.192.30.72 6269 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:21:24.461097 0.031335 tcp 10.0.2.109 58211 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:21:24.492354 0.070112 tcp 10.0.2.109 58212 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:21:24.562740 0.150995 tcp 10.0.2.109 58213 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:21:25.231108 3.004207 tcp 10.0.2.109 58214 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:21:34.234250 0.000000 tcp 10.0.2.109 58214 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:21:40.232983 3.004247 tcp 10.0.2.109 58215 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:21:49.235515 0.000000 tcp 10.0.2.109 58215 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:21:55.234388 3.447644 tcp 10.0.2.109 58216 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:21:58.127757 2.975723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 19:22:04.633993 0.000000 tcp 10.0.2.109 58216 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:22:05.071203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:22:09.483512 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 19:22:10.719093 2.963190 tcp 10.0.2.109 58217 -> 31.192.30.72 6269 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:22:13.136586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:22:19.607841 0.000000 tcp 10.0.2.109 58217 -> 31.192.30.72 6269 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:22:28.948290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:23:00.698277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:27:20.255584 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 19:27:20.255752 0.326118 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:20.582295 0.050011 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:20.632703 0.082798 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:20.715909 0.074131 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:20.790664 0.187958 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:20.979058 0.143755 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:21.123240 0.143619 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:21.267295 0.165190 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:21.432948 0.000000 udp 10.0.2.109 3683 -> 190.118.132.22 5253 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 19:27:25.249208 3.004003 tcp 10.0.2.109 58218 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:27:34.255058 0.000000 tcp 10.0.2.109 58218 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:27:37.157399 0.032639 tcp 10.0.2.109 58219 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:37.190369 0.064750 tcp 10.0.2.109 58220 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:37.255438 0.150122 tcp 10.0.2.109 58221 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:37.406133 0.070578 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:37.477161 0.166385 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:37.643972 0.150978 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:37.795587 0.118262 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:37.914391 0.062325 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:37.977057 0.053984 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:38.031425 0.154092 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:38.185901 0.308723 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:38.495022 0.146951 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:38.642434 0.082097 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:38.724987 0.333415 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:39.058984 0.055964 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:39.115370 0.207686 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:39.323447 0.045049 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:39.368894 0.239937 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:39.609310 0.061109 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:39.670870 0.000000 udp 10.0.2.109 3683 -> 193.90.62.79 9082 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 19:27:40.250983 0.031083 tcp 10.0.2.109 58222 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:40.282354 0.064241 tcp 10.0.2.109 58223 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:40.346889 0.152590 tcp 10.0.2.109 58224 -> 195.113.214.249 443 SRPA* 0 0 37 30052 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:40.511656 3.003387 tcp 10.0.2.109 58225 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:27:49.513804 0.000000 tcp 10.0.2.109 58225 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:27:55.062581 0.030509 tcp 10.0.2.109 58226 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:55.093470 0.063963 tcp 10.0.2.109 58227 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:55.157787 0.148119 tcp 10.0.2.109 58228 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:55.306626 0.068477 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:55.375478 0.559555 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:55.512943 0.030663 tcp 10.0.2.109 58229 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:55.543937 0.067292 tcp 10.0.2.109 58230 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:55.611626 0.151307 tcp 10.0.2.109 58231 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:27:55.899584 3.007491 tcp 10.0.2.109 58232 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:27:55.935475 0.131592 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:56.067507 0.058451 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:56.126337 0.276445 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:56.403163 0.403380 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:56.806933 0.075428 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:56.882736 0.052544 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:56.935656 0.142032 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:57.078322 0.361618 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:57.440358 0.074235 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:57.514991 0.166078 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:57.681455 0.168097 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:27:57.849976 0.183370 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:28:04.905953 0.000000 tcp 10.0.2.109 58232 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:28:10.895964 0.031358 tcp 10.0.2.109 58233 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:28:10.927230 0.065414 tcp 10.0.2.109 58234 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:28:10.992982 0.154201 tcp 10.0.2.109 58235 -> 195.113.214.249 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:28:11.234799 2.994319 tcp 10.0.2.109 58236 -> 31.192.30.72 6269 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:28:20.227935 0.000000 tcp 10.0.2.109 58236 -> 31.192.30.72 6269 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:28:26.228643 0.030748 tcp 10.0.2.109 58237 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:28:26.259671 0.064998 tcp 10.0.2.109 58238 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:28:26.324962 0.151260 tcp 10.0.2.109 58239 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:28:26.798320 3.002876 tcp 10.0.2.109 58240 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:28:35.802894 0.000000 tcp 10.0.2.109 58240 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:28:41.808166 2.994728 tcp 10.0.2.109 58241 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:28:50.801687 0.000000 tcp 10.0.2.109 58241 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:28:56.800723 3.004117 tcp 10.0.2.109 58242 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:29:04.706014 3.155951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 19:29:05.968684 0.000000 tcp 10.0.2.109 58242 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:29:10.619488 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 19:29:11.840346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:29:11.920165 2.976181 tcp 10.0.2.109 58243 -> 31.192.30.72 6269 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:29:19.776919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:29:20.848753 0.000000 tcp 10.0.2.109 58243 -> 31.192.30.72 6269 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:29:35.726821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:30:07.735953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:34:26.804980 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 19:34:26.805069 2.994136 tcp 10.0.2.109 58244 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:34:35.797639 0.000000 tcp 10.0.2.109 58244 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:34:41.808491 0.031782 tcp 10.0.2.109 58245 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:34:41.840556 0.064564 tcp 10.0.2.109 58246 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:34:41.905385 0.147276 tcp 10.0.2.109 58247 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:34:42.087036 2.994060 tcp 10.0.2.109 58248 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:34:51.082891 0.000000 tcp 10.0.2.109 58248 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:34:57.089166 0.031672 tcp 10.0.2.109 58249 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:34:57.121325 0.065614 tcp 10.0.2.109 58250 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:34:57.187205 0.148454 tcp 10.0.2.109 58251 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:34:57.552521 3.000645 tcp 10.0.2.109 58252 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:35:06.551906 0.000000 tcp 10.0.2.109 58252 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:35:12.551219 0.031569 tcp 10.0.2.109 58253 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:35:12.583056 0.067055 tcp 10.0.2.109 58254 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:35:12.650421 0.155681 tcp 10.0.2.109 58255 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:35:12.909421 2.995678 tcp 10.0.2.109 58256 -> 31.192.30.72 6269 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:35:21.903750 0.000000 tcp 10.0.2.109 58256 -> 31.192.30.72 6269 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:35:27.903731 0.031174 tcp 10.0.2.109 58257 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:35:27.935241 0.064054 tcp 10.0.2.109 58258 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:35:27.999593 0.151839 tcp 10.0.2.109 58259 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:35:28.239503 3.008245 tcp 10.0.2.109 58260 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:35:37.256230 0.000000 tcp 10.0.2.109 58260 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:35:43.236084 3.035197 tcp 10.0.2.109 58261 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:35:52.237779 0.000000 tcp 10.0.2.109 58261 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:35:58.246539 2.994172 tcp 10.0.2.109 58262 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:36:07.239349 0.000000 tcp 10.0.2.109 58262 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:36:11.738024 3.002132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 19:36:13.248158 3.004158 tcp 10.0.2.109 58263 -> 31.192.30.72 6269 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:36:17.994925 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 19:36:18.745692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:36:22.250899 0.000000 tcp 10.0.2.109 58263 -> 31.192.30.72 6269 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:36:26.747379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:36:42.750519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:37:14.756732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:43:18.763851 3.000411 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 19:43:25.770251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:43:33.771530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:43:49.774326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:44:21.788480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:50:25.786491 3.001496 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 19:50:32.793357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:50:40.795310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:50:56.798400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:51:28.804458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:57:32.810281 3.001692 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 19:57:39.817588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:57:47.819182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:58:03.836595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:58:25.533723 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 19:58:25.533889 0.517225 udp 10.0.2.109 3683 <-> 190.118.132.22 5253 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:26.041426 0.000000 udp 10.0.2.109 3683 -> 193.90.62.79 9082 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 19:58:28.358015 3.003745 tcp 10.0.2.109 58264 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:58:35.828633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 19:58:37.360586 0.000000 tcp 10.0.2.109 58264 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:58:41.769110 0.031508 tcp 10.0.2.109 58265 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:58:41.800940 0.067924 tcp 10.0.2.109 58266 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:58:41.869161 0.153076 tcp 10.0.2.109 58267 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:58:42.022905 0.085602 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:42.126571 0.191272 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:42.314957 0.329009 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:42.640698 0.121612 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:42.723983 0.054011 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:42.799035 0.168220 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:42.943834 0.167853 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:43.110875 0.170580 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:43.259250 0.178230 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:43.359375 0.032666 tcp 10.0.2.109 58268 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:58:43.392341 0.065227 tcp 10.0.2.109 58269 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:58:43.408514 0.147924 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:43.457948 0.149509 tcp 10.0.2.109 58270 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 19:58:43.517258 0.173721 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:43.677201 2.996820 tcp 10.0.2.109 58271 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 19:58:43.687045 0.115515 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:43.762955 0.079569 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:43.827315 0.074468 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:43.882559 0.167407 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:44.029756 0.125325 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:44.121396 0.309467 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:44.429677 0.179133 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:44.580995 0.229973 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:44.800472 0.046752 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:44.843213 0.221340 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:45.056322 0.082946 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:45.114294 0.057157 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:45.203031 0.350414 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:45.552881 0.116438 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:45.627768 0.942298 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:46.536168 0.141890 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:46.670343 0.076586 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:46.729756 0.255375 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:46.977516 0.424533 rtp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:47.384189 0.116767 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:47.660178 0.072286 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:47.715457 0.113323 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:47.791152 0.175768 rtp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:47.964180 0.179230 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:48.138535 0.146357 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:48.299214 0.386291 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:48.671021 0.188130 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/11 19:58:52.672508 0.000000 tcp 10.0.2.109 58271 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:03:58.672924 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:03:58.673135 3.003609 tcp 10.0.2.109 58272 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:04:07.675434 0.000000 tcp 10.0.2.109 58272 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:04:13.676817 0.032808 tcp 10.0.2.109 58273 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:04:13.709885 0.062962 tcp 10.0.2.109 58274 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:04:13.773178 0.150830 tcp 10.0.2.109 58275 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:04:14.277817 3.001522 tcp 10.0.2.109 58276 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:04:23.277732 0.000000 tcp 10.0.2.109 58276 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:04:29.277336 0.031290 tcp 10.0.2.109 58277 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:04:29.308928 0.064902 tcp 10.0.2.109 58278 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:04:29.374108 0.148869 tcp 10.0.2.109 58279 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:04:29.620194 3.001011 tcp 10.0.2.109 58280 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:04:38.620088 0.000000 tcp 10.0.2.109 58280 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:04:44.619674 0.031956 tcp 10.0.2.109 58281 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:04:44.651880 0.062515 tcp 10.0.2.109 58282 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:04:44.714691 0.150704 tcp 10.0.2.109 58283 -> 195.113.214.249 443 SRPA* 0 0 22 10988 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:04:45.322185 3.001448 tcp 10.0.2.109 58284 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:04:54.322576 0.000000 tcp 10.0.2.109 58284 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:04:55.846795 3.002167 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 20:05:00.326854 2.998952 tcp 10.0.2.109 58285 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:05:02.855794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:05:09.324179 0.000000 tcp 10.0.2.109 58285 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:05:10.856360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:05:15.326785 3.000209 tcp 10.0.2.109 58286 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:05:24.325478 0.000000 tcp 10.0.2.109 58286 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:05:26.859843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:05:28.992016 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:05:58.865234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:10:30.326210 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:10:30.326326 2.993675 tcp 10.0.2.109 58287 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:10:39.318501 0.000000 tcp 10.0.2.109 58287 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:10:45.328828 0.031750 tcp 10.0.2.109 58288 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:10:45.360850 0.063057 tcp 10.0.2.109 58289 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:10:45.424265 0.153868 tcp 10.0.2.109 58290 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:10:45.731102 3.001103 tcp 10.0.2.109 58291 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:10:54.730798 0.000000 tcp 10.0.2.109 58291 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:11:00.729877 0.031204 tcp 10.0.2.109 58292 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:11:00.761397 0.065862 tcp 10.0.2.109 58293 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:11:00.827566 0.151347 tcp 10.0.2.109 58294 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:11:01.463970 3.000697 tcp 10.0.2.109 58295 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:11:10.463099 0.000000 tcp 10.0.2.109 58295 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:11:16.472516 0.030663 tcp 10.0.2.109 58296 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:11:16.503460 0.064446 tcp 10.0.2.109 58297 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:11:16.568223 0.148987 tcp 10.0.2.109 58298 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:11:16.822829 3.003503 tcp 10.0.2.109 58299 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:11:25.824691 0.000000 tcp 10.0.2.109 58299 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:11:31.824321 2.994151 tcp 10.0.2.109 58300 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:11:40.826274 0.000000 tcp 10.0.2.109 58300 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:11:46.825374 2.994591 tcp 10.0.2.109 58301 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:11:55.818766 0.000000 tcp 10.0.2.109 58301 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:12:11.875018 3.000430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 20:12:18.887671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:12:26.883446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:12:42.886213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:13:14.893288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:17:01.829312 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:17:01.829413 3.003391 tcp 10.0.2.109 58302 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:17:10.831424 0.000000 tcp 10.0.2.109 58302 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:17:16.834925 0.032773 tcp 10.0.2.109 58303 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:17:16.868038 0.061850 tcp 10.0.2.109 58304 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:17:16.930231 0.150062 tcp 10.0.2.109 58305 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:17:17.328498 2.997308 tcp 10.0.2.109 58306 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:17:26.323574 0.000000 tcp 10.0.2.109 58306 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:17:32.313321 0.031583 tcp 10.0.2.109 58307 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:17:32.345175 0.065073 tcp 10.0.2.109 58308 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:17:32.410530 0.150732 tcp 10.0.2.109 58309 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:17:32.717177 2.999960 tcp 10.0.2.109 58310 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:17:41.716089 0.000000 tcp 10.0.2.109 58310 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:17:47.714967 0.030683 tcp 10.0.2.109 58311 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:17:47.745886 0.063405 tcp 10.0.2.109 58312 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:17:47.809630 0.152959 tcp 10.0.2.109 58313 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:17:48.011147 2.997998 tcp 10.0.2.109 58314 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:17:57.007670 0.000000 tcp 10.0.2.109 58314 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:18:03.008208 2.992499 tcp 10.0.2.109 58315 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:18:11.999362 0.000000 tcp 10.0.2.109 58315 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:18:18.008126 3.008820 tcp 10.0.2.109 58316 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:18:27.016477 0.000000 tcp 10.0.2.109 58316 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:18:31.997293 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:19:18.897379 3.003653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 20:19:25.905113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:19:33.906722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:19:49.910538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:20:21.916415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:23:33.011375 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:23:33.011472 3.003687 tcp 10.0.2.109 58317 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:23:42.013356 0.000000 tcp 10.0.2.109 58317 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:23:48.014240 0.031721 tcp 10.0.2.109 58318 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:23:48.046255 0.063448 tcp 10.0.2.109 58319 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:23:48.109958 0.154549 tcp 10.0.2.109 58320 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:23:48.276015 3.001114 tcp 10.0.2.109 58321 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:23:57.275884 0.000000 tcp 10.0.2.109 58321 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:24:03.274951 0.030394 tcp 10.0.2.109 58322 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:24:03.305618 0.066688 tcp 10.0.2.109 58323 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:24:03.372559 0.154709 tcp 10.0.2.109 58324 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:24:03.608142 3.000859 tcp 10.0.2.109 58325 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:24:12.607735 0.000000 tcp 10.0.2.109 58325 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:24:18.607020 0.030472 tcp 10.0.2.109 58326 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:24:18.637740 0.064296 tcp 10.0.2.109 58327 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:24:18.702425 0.155952 tcp 10.0.2.109 58328 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:24:19.022638 2.998490 tcp 10.0.2.109 58329 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:24:28.020068 0.000000 tcp 10.0.2.109 58329 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:24:34.018722 3.004146 tcp 10.0.2.109 58330 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:24:43.021678 0.000000 tcp 10.0.2.109 58330 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:24:49.020574 3.004090 tcp 10.0.2.109 58331 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:24:58.330853 0.000000 tcp 10.0.2.109 58331 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:25:03.247513 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:26:25.922247 3.001122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 20:26:32.929671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:26:40.931064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:26:56.934425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:27:28.940519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:29:01.233215 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:29:01.233311 0.446969 udp 10.0.2.109 3683 <-> 190.118.132.22 5253 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:01.668202 0.074853 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:01.780528 0.194015 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:01.971084 0.331350 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:02.297618 0.121523 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:02.378844 0.052642 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:02.457156 0.170922 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:02.603092 0.176203 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:02.880409 0.172264 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:03.026523 0.177970 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 1988 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:03.290282 0.146084 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:03.396759 0.080264 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:03.554167 0.071733 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:03.608674 0.174624 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:03.757503 0.121114 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:03.845068 0.309687 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:04.166723 0.174348 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2578 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:04.335964 0.116669 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:04.416499 0.167803 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:04.578641 0.236354 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:04.805809 0.051455 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:04.888494 0.229391 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:05.110514 0.082677 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:05.169448 0.057283 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:05.291786 0.322725 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:05.643521 0.103341 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:05.710339 0.077857 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:05.810838 0.417169 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:06.219995 0.426764 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:06.630667 1.077347 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:07.674284 0.142973 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2582 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:07.809524 0.122347 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:07.921503 0.073025 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:07.976808 0.114226 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:08.078639 0.179498 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:08.254941 0.203853 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:08.525920 0.144341 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:08.694044 0.412487 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:29:09.092356 0.189108 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:30:04.023878 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:30:04.023982 3.003324 tcp 10.0.2.109 58332 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:30:13.036777 0.000000 tcp 10.0.2.109 58332 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:30:19.026747 0.031780 tcp 10.0.2.109 58333 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:30:19.058841 0.062728 tcp 10.0.2.109 58334 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:30:19.121936 0.150405 tcp 10.0.2.109 58335 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:30:19.305329 2.993931 tcp 10.0.2.109 58336 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:30:28.297986 0.000000 tcp 10.0.2.109 58336 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:30:34.307263 0.030422 tcp 10.0.2.109 58337 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:30:34.337952 0.063766 tcp 10.0.2.109 58338 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:30:34.402052 0.193384 tcp 10.0.2.109 58339 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:30:34.611300 2.999998 tcp 10.0.2.109 58340 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:30:43.609925 0.000000 tcp 10.0.2.109 58340 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:30:49.610272 0.030490 tcp 10.0.2.109 58341 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:30:49.641036 0.078515 tcp 10.0.2.109 58342 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:30:49.719832 0.152628 tcp 10.0.2.109 58343 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:30:49.888046 3.006899 tcp 10.0.2.109 58344 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:30:58.892096 0.000000 tcp 10.0.2.109 58344 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:31:04.880989 3.003636 tcp 10.0.2.109 58345 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:31:13.883596 0.000000 tcp 10.0.2.109 58345 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:31:19.882089 3.007807 tcp 10.0.2.109 58346 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:31:28.885221 0.000000 tcp 10.0.2.109 58346 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:33:32.945449 3.002228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 20:33:39.953357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:33:47.955202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:34:03.958072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:34:35.965058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:36:34.885821 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:36:34.886007 2.993404 tcp 10.0.2.109 58347 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:36:43.878044 0.000000 tcp 10.0.2.109 58347 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:36:49.888312 0.031177 tcp 10.0.2.109 58348 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:36:49.919722 0.064225 tcp 10.0.2.109 58349 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:36:49.984247 0.153154 tcp 10.0.2.109 58350 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:36:50.168742 3.002707 tcp 10.0.2.109 58351 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:36:59.170200 0.000000 tcp 10.0.2.109 58351 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:37:05.169084 0.030870 tcp 10.0.2.109 58352 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:37:05.200217 0.067774 tcp 10.0.2.109 58353 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:37:05.268237 0.152656 tcp 10.0.2.109 58354 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:37:05.481473 3.002064 tcp 10.0.2.109 58355 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:37:14.481953 0.000000 tcp 10.0.2.109 58355 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:37:20.481284 0.031427 tcp 10.0.2.109 58356 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:37:20.512924 0.063122 tcp 10.0.2.109 58357 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:37:20.576349 0.146595 tcp 10.0.2.109 58358 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:37:20.759039 3.006462 tcp 10.0.2.109 58359 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:37:29.763865 0.000000 tcp 10.0.2.109 58359 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:37:35.752293 3.004599 tcp 10.0.2.109 58360 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:37:44.754993 0.000000 tcp 10.0.2.109 58360 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:37:50.754652 2.993748 tcp 10.0.2.109 58361 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:37:59.757157 0.000000 tcp 10.0.2.109 58361 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:40:39.980722 2.997656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 20:40:46.979963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:40:54.981174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:41:10.981947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:41:42.988052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:43:05.759056 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:43:05.759170 3.003278 tcp 10.0.2.109 58362 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:43:14.760045 0.000000 tcp 10.0.2.109 58362 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:43:20.760184 0.031168 tcp 10.0.2.109 58363 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:43:20.791626 0.061193 tcp 10.0.2.109 58364 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:43:20.853186 0.148757 tcp 10.0.2.109 58365 -> 195.113.214.249 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:43:21.071128 3.002362 tcp 10.0.2.109 58366 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:43:30.076743 0.000000 tcp 10.0.2.109 58366 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:43:36.071432 0.030254 tcp 10.0.2.109 58367 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:43:36.101964 0.060546 tcp 10.0.2.109 58368 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:43:36.162825 0.146559 tcp 10.0.2.109 58369 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:43:36.617724 2.997536 tcp 10.0.2.109 58370 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:43:45.613911 0.000000 tcp 10.0.2.109 58370 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:43:51.613413 0.053180 tcp 10.0.2.109 58371 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:43:51.667130 0.067201 tcp 10.0.2.109 58372 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:43:51.734598 0.154541 tcp 10.0.2.109 58373 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:43:52.004300 3.003354 tcp 10.0.2.109 58374 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:44:01.016636 0.000000 tcp 10.0.2.109 58374 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:44:07.005270 2.994105 tcp 10.0.2.109 58375 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:44:15.997865 0.000000 tcp 10.0.2.109 58375 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:44:22.006281 2.994772 tcp 10.0.2.109 58376 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:44:30.999813 0.000000 tcp 10.0.2.109 58376 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:44:35.996629 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:47:46.994318 3.001039 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 20:47:54.001367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:48:02.003147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:48:18.005983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:48:50.013573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:49:37.010429 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:49:37.010616 3.003381 tcp 10.0.2.109 58377 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:49:46.012663 0.000000 tcp 10.0.2.109 58377 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:49:52.016880 0.031027 tcp 10.0.2.109 58378 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:49:52.048173 0.064013 tcp 10.0.2.109 58379 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:49:52.112526 0.150161 tcp 10.0.2.109 58380 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:49:52.277431 2.998315 tcp 10.0.2.109 58381 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:50:01.274448 0.000000 tcp 10.0.2.109 58381 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:50:07.273850 0.052128 tcp 10.0.2.109 58382 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:50:07.326468 0.062341 tcp 10.0.2.109 58383 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:50:07.389155 0.147244 tcp 10.0.2.109 58384 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:50:07.693236 2.994815 tcp 10.0.2.109 58385 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:50:16.696829 0.000000 tcp 10.0.2.109 58385 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:50:22.685855 0.030517 tcp 10.0.2.109 58386 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:50:22.716675 0.065151 tcp 10.0.2.109 58387 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:50:22.782280 0.156217 tcp 10.0.2.109 58388 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:50:23.167894 2.992663 tcp 10.0.2.109 58389 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:50:32.158903 0.000000 tcp 10.0.2.109 58389 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:50:38.167373 3.004328 tcp 10.0.2.109 58390 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:50:47.170675 0.000000 tcp 10.0.2.109 58390 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:50:53.169251 3.004153 tcp 10.0.2.109 58391 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:51:02.171858 0.000000 tcp 10.0.2.109 58391 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:51:06.988946 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:55:32.023209 3.001325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 20:55:39.032078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:55:47.031701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:56:03.034641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:56:35.040579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 20:59:27.108142 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 20:59:27.108226 0.195018 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:27.299765 0.286375 udp 10.0.2.109 3683 <-> 190.118.132.22 5253 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:27.578212 0.075440 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:28.313193 0.352118 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:28.657518 0.125625 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2004 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:28.817927 0.052856 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:28.904666 0.167291 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:29.051492 0.167846 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:29.234392 0.145093 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:29.340532 0.079469 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:29.533569 0.073213 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:29.586443 0.164888 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:29.845792 0.117276 rtp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:29.929681 0.168711 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2010 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:30.078272 0.183072 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:30.314239 0.310835 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:30.623925 0.175345 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:30.794883 0.116218 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:30.878904 0.156381 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:31.032565 0.219950 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:31.243392 0.045651 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:31.284982 0.057354 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:31.346258 0.322930 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:31.786921 0.115332 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:31.861303 0.074749 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:31.950917 0.221099 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:32.182629 0.086335 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:32.244757 0.391660 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:32.627177 0.449236 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:34.422400 0.097869 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:35.195700 0.143072 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:35.739178 0.113996 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:36.231180 0.071304 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:36.326473 0.160106 rtp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:36.571107 0.150867 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:37.018602 0.119172 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:37.180532 0.178136 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/11 20:59:37.612804 0.000000 udp 10.0.2.109 3683 -> 203.173.40.180 7323 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 20:59:38.194238 2.994086 tcp 10.0.2.109 58392 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:59:47.196612 0.000000 tcp 10.0.2.109 58392 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:59:53.198816 0.051692 tcp 10.0.2.109 58393 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:59:53.250781 0.061008 tcp 10.0.2.109 58394 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:59:53.312172 0.153173 tcp 10.0.2.109 58395 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:59:53.680485 3.000044 tcp 10.0.2.109 58396 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 20:59:54.217295 0.051865 tcp 10.0.2.109 58397 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:59:54.269467 0.060553 tcp 10.0.2.109 58398 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:59:54.330453 0.154111 tcp 10.0.2.109 58399 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 20:59:54.485060 0.188793 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:00:02.679071 0.000000 tcp 10.0.2.109 58396 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:00:08.678359 0.030903 tcp 10.0.2.109 58400 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:00:08.709509 0.063625 tcp 10.0.2.109 58401 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:00:08.773428 0.146848 tcp 10.0.2.109 58402 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:00:08.951912 3.000523 tcp 10.0.2.109 58403 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:00:17.950928 0.000000 tcp 10.0.2.109 58403 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:00:23.950600 0.030528 tcp 10.0.2.109 58404 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:00:23.981414 0.061453 tcp 10.0.2.109 58405 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:00:24.043165 0.148334 tcp 10.0.2.109 58406 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:00:24.469008 3.005943 tcp 10.0.2.109 58407 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:00:33.473405 0.000000 tcp 10.0.2.109 58407 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:00:39.463026 3.003473 tcp 10.0.2.109 58408 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:00:48.467953 0.000000 tcp 10.0.2.109 58408 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:00:54.464304 2.993665 tcp 10.0.2.109 58409 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:01:03.466575 0.000000 tcp 10.0.2.109 58409 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:02:47.048339 3.001545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 21:02:54.055538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:03:02.057053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:03:18.060043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:03:50.066438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:06:09.469934 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 21:06:09.470141 2.990941 tcp 10.0.2.109 58410 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:06:18.459339 0.000000 tcp 10.0.2.109 58410 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:06:24.470264 0.052886 tcp 10.0.2.109 58411 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:06:24.523442 0.060676 tcp 10.0.2.109 58412 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:06:24.584379 0.147649 tcp 10.0.2.109 58413 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:06:24.978057 3.005006 tcp 10.0.2.109 58414 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:06:33.981503 0.000000 tcp 10.0.2.109 58414 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:06:39.971243 0.032008 tcp 10.0.2.109 58415 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:06:40.003488 0.061598 tcp 10.0.2.109 58416 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:06:40.065371 0.150929 tcp 10.0.2.109 58417 -> 195.113.214.249 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:06:40.471732 3.003470 tcp 10.0.2.109 58418 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:06:49.473855 0.000000 tcp 10.0.2.109 58418 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:06:55.475913 0.031640 tcp 10.0.2.109 58419 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:06:55.507388 0.062009 tcp 10.0.2.109 58420 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:06:55.569642 0.154451 tcp 10.0.2.109 58421 -> 195.113.214.249 443 SRPA* 0 0 42 34064 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:06:56.097003 3.000908 tcp 10.0.2.109 58422 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:07:05.106664 0.000000 tcp 10.0.2.109 58422 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:07:11.095363 2.994082 tcp 10.0.2.109 58423 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:07:20.088121 0.000000 tcp 10.0.2.109 58423 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:07:26.097051 2.993810 tcp 10.0.2.109 58424 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:07:35.089521 0.000000 tcp 10.0.2.109 58424 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:07:39.996666 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 21:09:54.072552 3.006070 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 21:10:01.079426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:10:09.081365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:10:25.083843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:10:57.091043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:12:41.100093 0.000124 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 21:12:41.100300 3.005338 tcp 10.0.2.109 58425 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:12:50.102604 0.000000 tcp 10.0.2.109 58425 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:12:56.103134 0.031091 tcp 10.0.2.109 58426 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:12:56.134522 0.064777 tcp 10.0.2.109 58427 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:12:56.199606 0.156142 tcp 10.0.2.109 58428 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:12:56.553008 3.003108 tcp 10.0.2.109 58429 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:13:05.554563 0.000000 tcp 10.0.2.109 58429 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:13:11.553835 0.030212 tcp 10.0.2.109 58430 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:13:11.584333 0.064171 tcp 10.0.2.109 58431 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:13:11.648784 0.147982 tcp 10.0.2.109 58432 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:13:11.949155 2.998898 tcp 10.0.2.109 58433 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:13:20.956585 0.000000 tcp 10.0.2.109 58433 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:13:26.946014 0.052761 tcp 10.0.2.109 58434 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:13:26.999048 0.061090 tcp 10.0.2.109 58435 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:13:27.060444 0.147629 tcp 10.0.2.109 58436 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:13:27.534754 2.996038 tcp 10.0.2.109 58437 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:13:36.529186 0.000000 tcp 10.0.2.109 58437 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:13:42.528002 3.004387 tcp 10.0.2.109 58438 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:13:51.531467 0.000000 tcp 10.0.2.109 58438 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:13:57.529678 3.004213 tcp 10.0.2.109 58439 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:14:06.532384 0.000000 tcp 10.0.2.109 58439 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:14:11.489521 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 21:17:01.098796 2.999046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 21:17:08.103616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:17:16.104933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:17:32.108163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:18:04.114118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:19:12.533082 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 21:19:12.533275 3.003299 tcp 10.0.2.109 58440 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:19:21.535521 0.000000 tcp 10.0.2.109 58440 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:19:27.535939 0.052901 tcp 10.0.2.109 58441 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:19:27.589123 0.061978 tcp 10.0.2.109 58442 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:19:27.651359 0.154994 tcp 10.0.2.109 58443 -> 195.113.214.249 443 SRPA* 0 0 43 19282 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:19:28.220856 2.998320 tcp 10.0.2.109 58444 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:19:37.217933 0.000000 tcp 10.0.2.109 58444 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:19:43.217336 0.308623 tcp 10.0.2.109 58445 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:19:43.526237 0.060598 tcp 10.0.2.109 58446 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:19:43.587111 0.154461 tcp 10.0.2.109 58447 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:19:43.789978 2.969332 tcp 10.0.2.109 58448 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:19:52.696993 0.000000 tcp 10.0.2.109 58448 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:19:58.642804 0.083979 tcp 10.0.2.109 58449 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:19:58.727060 0.063315 tcp 10.0.2.109 58450 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:19:58.790664 0.149531 tcp 10.0.2.109 58451 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:19:59.017515 2.971722 tcp 10.0.2.109 58452 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:20:07.932203 0.000000 tcp 10.0.2.109 58452 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:20:13.890706 3.004250 tcp 10.0.2.109 58453 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:20:22.893532 0.000000 tcp 10.0.2.109 58453 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:20:28.892642 3.223008 tcp 10.0.2.109 58454 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:20:38.059074 0.000000 tcp 10.0.2.109 58454 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:24:08.121411 3.000505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 21:24:15.127500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:24:23.128864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:24:39.132042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:25:11.138276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:30:20.343282 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 21:30:20.343459 0.000000 udp 10.0.2.109 3683 -> 203.173.40.180 7323 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 21:30:38.461420 0.032078 tcp 10.0.2.109 58455 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:30:38.493706 0.065273 tcp 10.0.2.109 58456 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:30:38.559293 0.151986 tcp 10.0.2.109 58457 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:30:38.711878 0.207698 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:39.026799 0.000000 udp 10.0.2.109 3683 -> 190.118.132.22 5253 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 21:30:43.939761 2.996144 tcp 10.0.2.109 58458 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:30:52.930676 0.000000 tcp 10.0.2.109 58458 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:30:57.586564 0.030998 tcp 10.0.2.109 58459 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:30:57.617864 0.061352 tcp 10.0.2.109 58460 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:30:57.679498 0.154411 tcp 10.0.2.109 58461 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:30:57.834563 0.078905 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:57.983128 0.342389 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:58.322904 0.175741 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:58.475817 0.119764 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:58.557944 0.182456 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:58.784957 0.168328 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:58.938534 0.038718 tcp 10.0.2.109 58462 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:30:58.977524 0.063775 tcp 10.0.2.109 58463 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:30:59.041743 0.153788 tcp 10.0.2.109 58464 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:30:59.130266 0.051972 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:59.268378 2.995242 tcp 10.0.2.109 58465 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:30:59.268645 0.081055 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:59.332382 0.120450 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:59.547857 0.176329 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:59.700355 0.183296 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:59.853049 0.071645 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:30:59.933384 0.174274 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:00.103082 0.179545 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:00.410239 0.311920 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:00.720523 0.232103 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:00.943116 0.046673 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2613 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:01.091659 0.055168 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:01.385224 0.161070 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:01.554578 0.135271 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:01.652982 0.074204 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:01.819473 0.335006 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:02.153560 0.119129 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:02.229080 0.220387 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:02.574356 0.094050 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:02.643904 0.220550 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:02.853897 0.450106 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:03.287537 0.946652 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:04.200837 0.142797 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:04.473806 0.145545 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 6 2556 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:04.628394 0.106525 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:04.698852 0.070542 rtp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:04.883842 0.162006 rtp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:05.088687 0.113867 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:05.165556 0.176897 rtp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:05.339536 0.186704 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/11 21:31:08.270352 0.000000 tcp 10.0.2.109 58465 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:31:15.149071 2.996780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 21:31:22.151604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:31:30.152815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:31:46.155829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:32:18.161837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:36:14.271935 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 21:36:14.272090 3.003588 tcp 10.0.2.109 58466 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:36:23.274377 0.000000 tcp 10.0.2.109 58466 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:36:29.275125 0.052758 tcp 10.0.2.109 58467 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:36:29.328179 0.062827 tcp 10.0.2.109 58468 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:36:29.391321 0.153139 tcp 10.0.2.109 58469 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:36:29.669163 2.998572 tcp 10.0.2.109 58470 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:36:38.675997 0.000000 tcp 10.0.2.109 58470 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/11 21:36:44.665506 0.051040 tcp 10.0.2.109 58471 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:36:44.716774 0.060101 tcp 10.0.2.109 58472 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:36:44.777174 0.147675 tcp 10.0.2.109 58473 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:36:44.950018 0.723738 tcp 10.0.2.109 58474 -> 188.129.248.221 6410 FSPA* 0 0 14 1577 flow=From-Botnet-V1-TCP-Established 1970/02/11 21:38:22.167860 3.001719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 21:38:29.175489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:38:37.178882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:38:53.181828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:39:25.185780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:45:29.191856 3.002367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 21:45:36.199379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:45:44.200834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:46:00.203827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:46:32.209845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:54:25.223205 3.001602 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 21:54:32.230803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:54:40.231498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:54:56.234615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 21:55:28.240878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:01:16.842512 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 22:01:16.842746 0.000000 udp 10.0.2.109 3683 -> 190.118.132.22 5253 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 22:01:33.898504 0.053704 tcp 10.0.2.109 58475 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:01:33.952471 0.060723 tcp 10.0.2.109 58476 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:01:34.013509 0.148827 tcp 10.0.2.109 58477 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:01:34.162879 0.194404 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:34.354802 0.074924 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:34.449622 0.127038 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:34.534500 0.141908 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:34.679585 0.169187 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:34.862752 0.327479 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:35.186784 0.171832 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:35.393573 0.052541 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:35.658801 0.081866 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:35.725241 0.122802 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:35.876574 0.167638 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:36.022481 0.178971 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:36.181635 0.073261 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:36.353143 0.311588 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:36.662083 0.219914 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:36.871842 0.171734 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:37.039158 0.178724 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:37.256402 0.051334 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:37.303726 0.056729 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:37.530022 0.154244 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:37.683143 0.118058 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:37.951555 0.083510 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:38.015315 0.215756 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:38.395882 0.083111 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:38.455537 0.213133 rtp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:38.660938 0.336950 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:39.094750 0.194827 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:39.161601 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 22:01:54.258434 3.011866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 22:01:56.269101 0.052637 tcp 10.0.2.109 58478 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:01:56.322283 0.065411 tcp 10.0.2.109 58479 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:01:56.388048 0.149529 tcp 10.0.2.109 58480 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:01:56.538265 1.194723 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:57.694890 0.141643 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:58.148352 0.156167 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:58.431868 0.115849 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:58.512658 0.070155 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:58.655364 0.179414 rtp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:58.832093 0.191102 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 1927 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:59.111547 0.188121 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:01:59.332182 0.115351 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:02:01.276680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:02:09.277342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:02:25.280296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:02:57.286407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:06:45.674315 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 22:06:45.674480 0.939249 tcp 10.0.2.109 58481 -> 188.129.248.221 6410 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:09:08.291749 3.003221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 22:09:15.299489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:09:23.301471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:09:39.306525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:10:11.310293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:16:15.316983 3.001255 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 22:16:22.323787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:16:30.325124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:16:46.328288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:17:18.334634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:23:22.340609 3.001278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 22:23:29.347576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:23:37.349133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:23:53.352195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:24:25.358193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:30:29.364411 3.001415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 22:30:36.371634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:30:44.373139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:31:00.377412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:31:32.385345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:32:18.358591 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 22:32:18.358705 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 22:32:34.883716 0.052316 tcp 10.0.2.109 58482 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:32:34.936284 0.061239 tcp 10.0.2.109 58483 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:32:34.997844 0.128320 tcp 10.0.2.109 58484 -> 195.113.214.249 443 SRPA* 0 0 36 27136 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:32:35.127106 0.075421 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:35.217190 0.127189 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:35.302837 0.150529 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:35.414555 0.166805 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:35.670319 0.328937 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:35.995023 0.172713 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:36.145035 0.055000 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:36.246327 0.197633 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:36.441126 0.168808 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:36.587537 0.081913 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:36.689483 0.075056 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:36.745483 0.312665 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:37.056938 0.219715 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:37.267554 0.169250 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:37.477529 0.120358 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:37.563993 0.045866 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:37.634038 0.057067 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:37.768138 0.154625 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:37.921258 0.112607 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:38.114972 0.077515 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:38.368207 0.178351 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:38.517046 0.175855 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:38.690439 0.343595 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:39.032958 0.112778 udp 10.0.2.109 3683 <-> 91.6.31.153 5333 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:39.145515 0.216881 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:39.355669 0.094917 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:39.423799 0.267601 rtp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:39.683282 1.257162 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:40.903667 0.142327 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:41.049235 0.152549 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:41.301792 0.109146 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:41.375540 0.074783 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:41.451767 0.179982 rtp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:41.628934 0.118018 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:41.707598 0.187943 rtp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:32:41.892599 0.157097 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/11 22:36:46.614218 0.044531 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 22:36:46.658865 0.702283 tcp 10.0.2.109 58485 -> 188.129.248.221 6410 FSPA* 0 0 14 1551 flow=From-Botnet-V1-TCP-Established 1970/02/11 22:37:36.392862 2.997004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 22:37:43.395902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:37:51.397215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:38:07.400138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:38:39.406474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:44:43.412113 3.001841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 22:44:50.419588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:44:58.421047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:45:14.424099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:45:46.430171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:54:02.447377 3.000157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 22:54:09.453534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:54:17.455119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:54:33.458007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 22:55:05.463812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:01:09.470532 3.000941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 23:01:16.478317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:01:24.479071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:01:40.481700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:02:12.487895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:02:49.210868 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 23:02:49.211111 0.155296 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:49.327310 0.166514 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:49.552705 0.324428 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2567 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:49.873886 0.075691 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:50.438800 0.127353 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:50.525586 0.173222 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:50.677349 0.053819 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:50.874884 0.193865 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:51.085605 0.170189 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:51.232644 0.074614 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:51.468137 0.071293 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:51.521728 0.166258 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:51.720258 0.119025 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:51.803556 0.054686 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:51.933179 0.057803 rtp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:02:52.142350 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 23:03:09.091159 0.059150 tcp 10.0.2.109 58486 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:03:09.150690 0.061584 tcp 10.0.2.109 58487 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:03:09.212565 0.154107 tcp 10.0.2.109 58488 -> 195.113.214.249 443 SRPA* 0 0 42 23350 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:03:09.367226 0.310436 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:10.037667 0.219477 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:10.247134 0.114362 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:10.456876 0.071836 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:10.510183 0.178721 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:10.670254 0.173433 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:10.904811 0.336002 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:11.239607 0.095829 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:11.387398 0.252517 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:11.631948 0.000000 udp 10.0.2.109 3683 -> 91.6.31.153 5333 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 23:03:29.579151 0.055455 tcp 10.0.2.109 58489 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:03:29.634871 0.062881 tcp 10.0.2.109 58490 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:03:29.698108 0.154474 tcp 10.0.2.109 58491 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:03:29.853058 0.222007 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:30.070886 0.099607 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:30.505048 0.143052 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:30.640153 0.143702 udp 10.0.2.109 3683 <-> 47.17.61.202 5900 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:30.907469 0.119552 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:30.991739 0.073456 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:31.458369 0.180154 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:31.635437 0.120066 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:31.776727 0.188521 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:03:31.962309 0.161968 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:06:47.343479 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 23:06:47.343712 0.597793 tcp 10.0.2.109 58492 -> 188.129.248.221 6410 FSPA* 0 0 14 1682 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:08:24.495338 3.001658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 23:08:31.502866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:08:39.504581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:08:55.507280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:09:27.518605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:15:31.519862 3.001133 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 23:15:38.526698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:15:46.528003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:16:02.531249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:16:34.537297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:22:38.544285 3.000257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 23:22:45.550459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:22:53.552163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:23:09.554686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:23:41.561347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:29:45.576515 2.999268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 23:29:52.576411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:30:00.612222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:30:16.588091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:30:48.584964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:33:45.379622 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 23:33:45.379814 0.187446 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:33:45.543521 0.000000 udp 10.0.2.109 3683 -> 91.6.31.153 5333 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 23:34:03.767274 0.055043 tcp 10.0.2.109 58493 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:03.822882 0.062321 tcp 10.0.2.109 58494 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:03.885500 0.159157 tcp 10.0.2.109 58495 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:04.045236 0.163727 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:04.162754 0.166884 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:04.332810 0.331634 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2535 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:04.661008 0.053208 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:04.800453 0.075111 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:04.909927 0.119006 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:04.991654 0.173764 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:05.141990 0.170012 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:05.288674 0.194939 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:05.480030 0.070884 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:05.534427 0.082102 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:05.598558 0.046482 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:05.739702 0.123137 rtp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:05.827331 0.164893 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:05.968979 0.000000 udp 10.0.2.109 3683 -> 95.104.0.6 5934 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 23:34:21.574083 0.050798 tcp 10.0.2.109 58496 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:21.625178 0.061582 tcp 10.0.2.109 58497 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:21.687014 0.161970 tcp 10.0.2.109 58498 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:21.849492 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 23:34:38.085543 0.052029 tcp 10.0.2.109 58499 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:38.137824 0.062599 tcp 10.0.2.109 58500 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:38.200734 0.151797 tcp 10.0.2.109 58501 -> 195.113.214.249 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:38.353197 0.105477 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:38.442634 0.176416 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:38.603489 0.174087 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:38.773897 0.120093 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:38.853732 0.222459 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:39.066233 0.351222 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:39.416824 0.096986 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:39.488606 0.295841 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:39.777215 0.215961 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:39.984628 0.231001 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:40.179468 0.145250 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:40.335456 0.000000 udp 10.0.2.109 3683 -> 47.17.61.202 5900 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/11 23:34:58.625333 0.056498 tcp 10.0.2.109 58502 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:58.682035 0.062753 tcp 10.0.2.109 58503 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:58.745068 0.150320 tcp 10.0.2.109 58504 -> 195.113.214.249 443 SRPA* 0 0 39 18618 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:34:58.896042 0.112360 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:58.970276 0.121870 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:59.050895 0.188982 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:59.237057 0.078203 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:59.296017 0.175901 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:34:59.468733 0.163389 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/11 23:36:47.942408 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/11 23:36:47.942643 0.692013 tcp 10.0.2.109 58505 -> 188.129.248.221 6410 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/02/11 23:36:52.592136 3.000593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/11 23:36:59.598885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:37:07.600069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:37:23.603048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:37:55.609227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:43:59.614413 3.002130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 23:44:06.622333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:44:14.623994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:44:30.627519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:45:02.633060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:53:27.642015 3.001437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/11 23:53:34.649390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:53:42.650847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:53:58.653634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/11 23:54:30.659989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:00:34.666192 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 00:00:41.673162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:00:49.674972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:01:05.677812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:01:37.683648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:05:22.046417 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 00:05:22.046661 0.000000 udp 10.0.2.109 3683 -> 95.104.0.6 5934 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 00:05:40.254568 0.043257 tcp 10.0.2.109 58506 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:05:40.298119 0.061418 tcp 10.0.2.109 58507 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:05:40.359831 0.163096 tcp 10.0.2.109 58508 -> 195.113.214.249 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:05:40.523675 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 00:05:57.908588 0.034259 tcp 10.0.2.109 58509 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:05:57.943117 0.060921 tcp 10.0.2.109 58510 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:05:58.003976 0.152744 tcp 10.0.2.109 58511 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:05:58.157336 0.000000 udp 10.0.2.109 3683 -> 47.17.61.202 5900 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 00:06:15.203519 0.041553 tcp 10.0.2.109 58512 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:15.245554 0.061732 tcp 10.0.2.109 58513 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:15.307604 0.156832 tcp 10.0.2.109 58514 -> 195.113.214.249 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:15.464981 0.161165 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:15.621287 0.055839 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:16.092509 0.075295 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:16.369030 0.127698 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:16.453639 0.166998 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:16.643006 0.327471 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:17.179771 0.157047 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:17.296286 0.171675 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:17.549238 0.052667 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:17.598247 0.128394 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:17.851982 0.162282 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:17.994704 0.172687 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:18.144397 0.066552 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:18.375263 0.195399 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:18.567732 0.080520 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:18.698581 0.114452 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:18.774404 0.179357 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:19.001057 0.074855 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:19.059427 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 00:06:36.445971 0.031592 tcp 10.0.2.109 58515 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:36.477855 0.060943 tcp 10.0.2.109 58516 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:36.539067 0.274332 tcp 10.0.2.109 58517 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:36.813948 0.323565 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:37.256493 0.084739 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:37.497239 0.250023 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:37.739216 0.215728 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:37.980858 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 00:06:48.641301 0.546461 tcp 10.0.2.109 58518 -> 188.129.248.221 6410 FSPA* 0 0 14 1689 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:54.680321 0.032035 tcp 10.0.2.109 58519 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:54.712636 0.061700 tcp 10.0.2.109 58520 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:54.774679 0.153161 tcp 10.0.2.109 58521 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:06:54.928474 0.141840 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:55.062677 0.246191 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:06:55.506522 0.000000 udp 10.0.2.109 3683 -> 94.66.192.133 6063 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 00:07:12.605668 0.032318 tcp 10.0.2.109 58522 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:07:12.638261 0.061758 tcp 10.0.2.109 58523 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:07:12.700331 0.151321 tcp 10.0.2.109 58524 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:07:12.852324 0.068247 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:07:12.903405 0.176189 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:07:13.076682 0.157865 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:07:13.365808 0.117025 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:07:13.443830 0.188807 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:07:41.690119 3.001257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 00:07:48.696930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:07:56.698505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:08:12.703417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:08:44.707779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:14:48.712955 3.002406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 00:14:55.721122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:15:03.723977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:15:19.725666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:15:51.751766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:21:55.758379 3.000988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 00:22:02.767722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:22:10.766473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:22:26.769655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:22:58.775663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:29:02.782321 3.001018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 00:29:09.789290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:29:17.792074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:29:33.793455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:30:05.799749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:36:09.805845 3.001192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 00:36:16.812930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:36:24.814021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:36:40.818414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:36:49.189818 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 00:36:49.189921 0.649682 tcp 10.0.2.109 58525 -> 188.129.248.221 6410 FSPA* 0 0 14 1738 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:37:12.823843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:37:16.349397 0.174188 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:16.519727 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 00:37:32.473720 0.057011 tcp 10.0.2.109 58526 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:37:32.531065 0.059600 tcp 10.0.2.109 58527 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:37:32.590916 0.153060 tcp 10.0.2.109 58528 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 00:37:32.744793 0.109987 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:32.823601 0.152360 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:33.232949 0.076084 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:33.321328 0.053333 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:33.397892 0.324734 rtp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:33.719441 0.121969 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:33.891964 0.167723 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:34.147476 0.167498 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:34.275732 0.052487 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:34.330067 0.170268 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:34.474868 0.120980 rtp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:34.579134 0.173299 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:34.730505 0.157667 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:34.873657 0.067912 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:35.001053 0.080158 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:35.064638 0.087171 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:35.170695 0.194705 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:35.361942 0.178796 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:35.510757 0.149215 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:35.621904 0.323219 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:35.944939 0.086482 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:36.032961 0.277142 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:36.303296 0.216311 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:36.511457 0.142234 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:36.646231 0.872434 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:37.481707 0.158995 rtp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:37.730261 0.077377 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:37.787110 0.181304 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:37.965457 0.118883 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:37:38.074184 0.189041 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/12 00:43:16.829898 3.001599 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 00:43:23.837139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:43:31.838678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:43:47.841726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:44:19.847449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:50:23.854425 3.001038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 00:50:30.861434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:50:38.862931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:50:54.865193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:51:26.871828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:57:30.876715 3.002662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 00:57:37.884916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:57:45.886177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:58:01.889495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 00:58:33.895005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:04:53.915606 3.000387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 01:05:00.922204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:05:08.923411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:05:24.926478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:05:56.932475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:06:49.839004 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 01:06:49.839102 0.843770 tcp 10.0.2.109 58529 -> 188.129.248.221 6410 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/02/12 01:07:47.882358 0.175548 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:48.055242 0.116719 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:48.471223 0.052143 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:48.870283 0.329056 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:49.194813 0.118009 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:49.275034 0.152292 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:49.453818 0.075621 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:49.626863 0.167234 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:49.909592 0.145658 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:50.016252 0.050656 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:50.284960 0.170055 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:50.430040 0.122497 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:50.517709 0.173191 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:50.691279 0.177910 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:50.843435 0.072371 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:50.990552 0.095196 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:51.060225 0.083932 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:51.207302 0.192036 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:51.395931 0.426320 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:51.793887 0.194555 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:51.953050 0.337498 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:52.289860 0.083220 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:52.433212 0.141910 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:52.488607 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 01:07:52.567612 0.215437 rtp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:52.775201 0.221597 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:53.115452 1.075974 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:54.155234 0.159738 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:54.336824 0.076928 rtp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:07:54.394815 0.000000 udp 10.0.2.109 3683 -> 99.34.137.78 2733 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 01:08:13.018019 0.052132 tcp 10.0.2.109 58530 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 01:08:13.070432 0.063873 tcp 10.0.2.109 58531 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 01:08:13.134726 0.150567 tcp 10.0.2.109 58532 -> 195.113.214.249 443 SRPA* 0 0 35 21754 flow=From-Botnet-V1-TCP-Established 1970/02/12 01:08:13.285963 0.119488 rtp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:08:13.364299 0.189407 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:12:09.941587 3.001544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 01:12:16.948694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:12:24.950411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:12:40.953146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:13:12.959329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:19:16.965819 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 01:19:23.972900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:19:31.974645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:19:47.977476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:20:19.983520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:26:23.989559 3.001504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 01:26:30.996517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:26:38.998483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:26:55.001810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:27:27.007597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:33:31.013475 3.001743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 01:33:38.024742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:33:46.022473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:34:02.025218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:34:34.031484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:36:50.688308 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 01:36:50.688483 0.683435 tcp 10.0.2.109 58533 -> 188.129.248.221 6410 FSPA* 0 0 14 1708 flow=From-Botnet-V1-TCP-Established 1970/02/12 01:38:23.061094 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 01:38:23.061276 0.181952 rtp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:23.240396 0.052011 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:23.349432 0.175675 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:23.522228 0.150366 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:23.638931 0.293177 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:23.938644 0.072009 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:24.060209 0.168693 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:24.277904 0.127896 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:24.368331 0.336431 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:24.700243 0.118900 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:24.793524 0.046494 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:24.836070 0.114731 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:24.917855 0.173425 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:25.067664 0.152914 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:25.208655 0.068423 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:25.260556 0.176532 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:25.413259 0.180965 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:25.564939 0.112000 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:25.687646 0.081599 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:25.751062 0.075340 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:25.861234 0.193176 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:26.050972 0.142103 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:26.185240 0.275792 rtp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:26.453217 0.220846 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:26.666036 0.319583 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:26.984978 0.091572 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:27.051628 0.167181 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:27.213462 0.323331 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:27.501302 0.072178 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:27.580219 0.112458 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 1940 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:38:27.658944 0.188770 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/12 01:40:38.037691 3.001327 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 01:40:45.046774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:40:53.048417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:41:09.049108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:41:41.055253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:47:45.062122 3.000750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 01:47:52.068741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:48:00.075210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:48:16.073210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:48:48.079334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:55:31.091666 3.001541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 01:55:38.098554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:55:46.100308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:56:02.103170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 01:56:34.109447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:02:46.116703 3.001817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 02:02:53.124563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:03:01.125713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:03:17.128813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:03:49.134702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:06:51.377281 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 02:06:51.377471 0.681167 tcp 10.0.2.109 58534 -> 188.129.248.221 6410 FSPA* 0 0 14 1688 flow=From-Botnet-V1-TCP-Established 1970/02/12 02:08:38.010605 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 02:08:38.010712 0.176134 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:38.184208 0.115212 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:38.283181 0.151970 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:38.433996 0.075815 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2666 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:38.576633 0.177671 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:38.751228 0.058517 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:38.911262 0.167665 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:39.090255 0.153363 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:39.204433 0.334901 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:39.535717 0.120572 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:39.856519 0.046639 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:39.939905 0.127354 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:40.033850 0.173696 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:40.184163 0.166343 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:40.328948 0.068668 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:40.517774 0.169894 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:40.665840 0.175658 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:40.995728 0.115163 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:41.071497 0.078722 rtp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:41.155014 0.074785 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:41.212453 0.195404 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:41.404031 0.220295 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:41.726796 0.318390 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:42.305641 0.091305 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:42.370914 0.143352 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:42.604619 0.231262 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:42.828139 0.158656 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:43.034652 1.125872 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:44.122578 0.078064 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:44.373571 0.119069 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:08:44.482756 0.189387 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:09:53.141181 3.001312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 02:10:00.148412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:10:08.149774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:10:24.152834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:10:56.158750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:17:00.165233 3.011427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 02:17:07.182423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:17:15.183470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:17:31.186868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:18:03.192705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:24:07.198785 3.001725 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 02:24:14.206133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:24:22.207798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:24:38.210725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:25:10.216686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:31:14.222926 3.001489 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 02:31:21.230118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:31:29.232028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:31:45.234605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:32:17.240816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:36:52.056254 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 02:36:52.056352 0.530357 tcp 10.0.2.109 58535 -> 188.129.248.221 6410 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/02/12 02:38:21.246780 3.001662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 02:38:28.254253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:38:36.255657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:38:52.258563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:39:02.479618 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 02:39:02.479771 0.155040 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:02.631707 0.075481 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:03.047620 0.178161 rtp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:03.222660 0.053640 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:03.322429 0.173736 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:03.492996 0.119192 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:03.602951 0.167336 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:03.771460 0.149865 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:03.884019 0.331081 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:04.212621 0.121488 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:04.337555 0.046168 udp 10.0.2.109 3683 <-> 84.130.216.137 8279 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:04.416060 0.126358 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:04.511879 0.172496 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:04.697028 0.181755 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:04.849175 0.071035 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:04.936764 0.168803 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:05.084510 0.174436 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:05.230894 0.076805 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:05.781501 0.195263 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:05.972915 0.218363 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:06.183426 0.330054 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:06.512789 0.113383 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:06.628947 0.077397 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 1988 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:06.688555 0.093364 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:06.757620 0.143249 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:06.892642 0.202772 rtp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:07.130865 0.155857 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:07.391755 0.123045 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:07.473533 0.188270 rtp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:07.659102 0.102327 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:07.733916 0.073309 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/12 02:39:24.264800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:45:28.271281 3.001350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 02:45:35.278056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:45:43.279553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:45:59.282855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:46:31.290572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:54:23.299949 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 02:54:30.307248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:54:38.308883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:54:54.311841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 02:55:26.317933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:01:52.338411 2.998852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 03:01:59.342904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:02:07.344540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:02:23.347551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:02:55.353354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:06:52.594667 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 03:06:52.594872 0.798003 tcp 10.0.2.109 58536 -> 188.129.248.221 6410 FSPA* 0 0 14 1715 flow=From-Botnet-V1-TCP-Established 1970/02/12 03:09:06.360427 3.001712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 03:09:11.965116 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 03:09:11.965271 0.154579 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:12.118266 0.076165 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:12.229541 0.178038 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:12.404789 0.052395 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:12.467540 0.175133 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:12.639826 0.118041 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:12.837537 0.168048 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:13.170796 0.133428 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:13.267198 0.000000 udp 10.0.2.109 3683 -> 84.130.216.137 8279 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 03:09:13.367149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:09:21.383202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:09:29.111377 0.033042 tcp 10.0.2.109 58537 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 03:09:29.144730 0.064137 tcp 10.0.2.109 58538 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 03:09:29.209188 0.264892 tcp 10.0.2.109 58539 -> 195.113.214.249 443 SRPA* 0 0 63 39787 flow=From-Botnet-V1-TCP-Established 1970/02/12 03:09:29.474734 0.116392 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:29.559948 0.172757 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:29.830753 0.149806 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:29.971142 0.074094 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:30.153057 0.325831 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:30.475751 0.176967 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:30.654885 0.170023 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:30.800972 0.182318 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:31.041556 0.103586 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:31.125692 0.194096 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:31.315895 0.111377 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:31.579647 0.079673 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:31.667167 0.090876 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:31.755441 0.141721 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:31.889395 0.219657 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:32.101808 0.334597 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:32.554218 0.232650 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:32.779561 0.160417 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:33.524253 0.119196 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:33.603043 0.206319 rtp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:34.258587 0.110591 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:34.333648 0.075861 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:09:37.381591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:10:09.387495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:16:13.393189 3.037105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 03:16:20.410870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:16:28.412473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:16:44.419193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:17:16.421550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:23:20.428372 3.000755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 03:23:27.435070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:23:35.436622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:23:51.439238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:24:23.445477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:30:27.452033 3.001338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 03:30:34.459273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:30:42.461845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:30:58.466687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:31:30.471807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:36:53.394346 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 03:36:53.394457 0.548255 tcp 10.0.2.109 58540 -> 188.129.248.221 6410 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/02/12 03:37:34.474803 3.002339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 03:37:41.482692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:37:49.486952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:38:05.487508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:38:37.493305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:39:52.041114 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 03:39:52.041274 0.000000 udp 10.0.2.109 3683 -> 84.130.216.137 8279 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 03:40:10.799624 0.054012 tcp 10.0.2.109 58541 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 03:40:10.853916 0.062246 tcp 10.0.2.109 58542 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 03:40:10.916507 0.152887 tcp 10.0.2.109 58543 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 03:40:11.069920 0.185376 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:11.252227 0.053030 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:11.330649 0.177453 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:11.504718 0.120854 udp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:11.588503 0.167063 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:11.775995 0.071965 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:11.854686 0.151307 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:12.004722 0.177217 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:12.143556 0.195172 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:12.295701 0.125183 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:12.383229 0.170014 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:12.530875 0.062601 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:12.590630 0.336692 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:12.924552 0.119393 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:13.003251 0.170602 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:13.152332 0.184527 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2595 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:13.346032 0.119034 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:13.427078 0.078249 rtp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:13.579982 0.095338 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:13.648903 0.143118 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:13.784470 0.083140 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:13.863576 0.199866 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:14.060447 0.216461 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:14.268185 0.323092 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2008 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:14.626503 0.237331 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:14.855455 0.158156 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:15.191654 0.118506 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:15.272978 0.075141 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:15.328311 0.188642 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:40:15.600321 1.104121 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/12 03:44:41.499726 3.011362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 03:44:48.516963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:44:56.518573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:45:12.521310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:45:44.527343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:54:00.543427 3.001254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 03:54:07.550508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:54:15.551940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:54:31.554862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 03:55:03.561008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:01:07.567240 3.001497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 04:01:14.576845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:01:22.575785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:01:38.579012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:02:10.584782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:06:53.942899 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 04:06:53.943002 0.992681 tcp 10.0.2.109 58544 -> 188.129.248.221 6410 FSPA* 0 0 14 1614 flow=From-Botnet-V1-TCP-Established 1970/02/12 04:08:22.593103 3.001047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 04:08:29.600206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:08:37.601402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:08:53.604446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:09:25.610501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:10:24.676121 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 04:10:24.676320 0.174867 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:24.848243 0.108201 rtp 10.0.2.109 3683 <-> 94.66.192.133 6063 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:25.064525 0.166765 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:25.290758 0.069676 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:25.470615 0.151355 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:25.620949 0.179950 rtp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:25.798222 0.052823 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:26.048158 0.155941 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:26.160887 0.218219 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:26.311314 0.115766 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:26.531834 0.168144 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:26.676719 0.072437 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:26.801239 0.345877 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:27.143926 0.128269 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:27.315535 0.168421 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:27.462570 0.172557 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:27.682526 0.112676 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:27.755956 0.084234 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:27.953071 0.192983 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:28.118875 0.142249 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:28.407158 0.076019 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:28.467051 0.194627 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:28.658842 0.223561 udp 10.0.2.109 3683 <-> 99.137.240.98 4256 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:28.874141 0.162214 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2570 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:29.031991 0.219499 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:29.320530 0.322993 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:29.643125 0.190375 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:29.830775 0.122440 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:30.021622 0.077100 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:10:30.078424 0.571982 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:15:29.620319 3.237181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 04:15:36.827912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:15:44.753645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:16:00.638599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:16:32.646785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:22:36.650281 3.091886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 04:22:43.711782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:22:51.669624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:23:07.674827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:23:39.678751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:29:43.684941 3.001306 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 04:29:50.691784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:29:58.693461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:30:14.695980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:30:46.701999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:36:50.708020 3.002288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 04:36:54.942515 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 04:36:54.942739 0.726136 tcp 10.0.2.109 58545 -> 188.129.248.221 6410 FSPA* 0 0 14 1584 flow=From-Botnet-V1-TCP-Established 1970/02/12 04:36:57.715968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:37:05.737206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:37:21.740282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:37:53.746436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:40:50.555920 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 04:40:50.556102 0.173272 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:40:50.726241 0.000000 udp 10.0.2.109 3683 -> 94.66.192.133 6063 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 04:41:07.065648 0.053362 tcp 10.0.2.109 58546 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 04:41:07.119350 0.065187 tcp 10.0.2.109 58547 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 04:41:07.184770 0.137047 tcp 10.0.2.109 58548 -> 195.113.214.249 443 SRPA* 0 0 35 26915 flow=From-Botnet-V1-TCP-Established 1970/02/12 04:41:07.322381 0.169273 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:07.551856 0.072111 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:07.679469 0.152281 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:07.830347 0.178980 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:08.006763 0.053279 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2536 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:08.288479 0.121082 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:08.378426 0.173468 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:08.527917 0.061827 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:08.578252 0.145657 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:08.684420 0.190854 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:08.835773 0.342683 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:09.175395 0.118346 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:09.254170 0.171710 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:09.402337 0.176723 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:09.550957 0.116225 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:09.683561 0.082083 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:09.747710 0.078878 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:10.008460 0.194443 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:10.199411 0.000000 udp 10.0.2.109 3683 -> 99.137.240.98 4256 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 04:41:28.965951 0.056315 tcp 10.0.2.109 58549 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 04:41:29.022439 0.063002 tcp 10.0.2.109 58550 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 04:41:29.085754 0.151619 tcp 10.0.2.109 58551 -> 195.113.214.249 443 SRPA* 0 0 27 14022 flow=From-Botnet-V1-TCP-Established 1970/02/12 04:41:29.237965 0.163762 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:29.396973 0.091912 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:29.793468 0.140771 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:29.926529 0.221356 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:30.138990 0.342096 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:30.583709 0.188771 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:30.769700 0.120466 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:30.854038 0.076865 rtp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:41:30.993965 0.314748 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/12 04:43:57.752965 3.001093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 04:44:04.759840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:44:12.761284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:44:28.764734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:45:00.770516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:51:04.776104 3.002317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 04:51:11.783246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:51:19.785292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:51:35.788804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:52:07.794483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:58:11.800551 3.001730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 04:58:18.807806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:58:26.809439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:58:42.814098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 04:59:14.820038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:05:43.830229 3.001735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 05:05:50.837731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:05:58.839188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:06:14.842229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:06:46.848434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:06:55.671271 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 05:06:55.671455 3.003744 tcp 10.0.2.109 58552 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 05:07:04.673791 0.000000 tcp 10.0.2.109 58552 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 05:07:10.674683 0.049862 tcp 10.0.2.109 58553 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:07:10.724823 0.062395 tcp 10.0.2.109 58554 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:07:10.787539 0.194614 tcp 10.0.2.109 58555 -> 195.113.214.249 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:07:11.119396 2.997965 tcp 10.0.2.109 58556 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 05:07:20.126028 0.000000 tcp 10.0.2.109 58556 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 05:07:26.115220 0.049364 tcp 10.0.2.109 58557 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:07:26.164818 0.062880 tcp 10.0.2.109 58558 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:07:26.227986 0.158599 tcp 10.0.2.109 58559 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:07:26.468981 0.583766 tcp 10.0.2.109 58560 -> 176.73.169.112 1959 FSPA* 0 0 14 1618 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:11:34.602296 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 05:11:34.602504 0.000000 udp 10.0.2.109 3683 -> 94.66.192.133 6063 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 05:11:53.270660 0.050994 tcp 10.0.2.109 58561 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:11:53.321925 0.061904 tcp 10.0.2.109 58562 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:11:53.384159 0.159739 tcp 10.0.2.109 58563 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:11:53.544441 0.000000 udp 10.0.2.109 3683 -> 99.137.240.98 4256 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 05:12:11.349870 0.049615 tcp 10.0.2.109 58564 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:12:11.399869 0.061484 tcp 10.0.2.109 58565 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:12:11.461650 0.164940 tcp 10.0.2.109 58566 -> 195.113.214.249 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:12:11.627125 0.173548 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:11.796709 0.154627 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:12.155525 0.180107 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:12.333126 0.169531 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:13.143789 0.076013 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:13.421552 0.070904 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:13.473692 0.115480 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:13.646860 0.052826 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:13.927242 0.201864 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:14.072120 0.142780 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:14.699902 0.166330 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:14.844470 0.169954 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:14.988947 0.176318 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:15.156587 0.117897 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:15.235269 0.080359 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:15.411139 0.298860 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:15.693487 0.120811 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:15.811658 0.395499 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:16.204622 0.193859 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:16.395174 0.142666 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 1979 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:16.529966 0.155809 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:16.708458 0.093557 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:16.777221 0.219669 rtp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:16.988347 0.335000 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:17.422325 0.188321 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 1988 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:17.607496 0.120060 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:17.690238 0.070447 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:17.690552 2.997370 tcp 10.0.2.109 58567 -> 86.138.246.141 1172 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 05:12:17.906751 0.101606 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:12:26.696338 0.000000 tcp 10.0.2.109 58567 -> 86.138.246.141 1172 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 05:12:33.139992 0.010013 udp 10.0.2.109 53123 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/02/12 05:12:33.150657 0.009610 udp 10.0.2.109 54122 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/02/12 05:12:50.856785 2.999168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 05:12:57.865048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:13:05.862915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:13:21.867778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:13:53.872538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:19:57.877635 3.005088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 05:20:04.886013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:20:12.887184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:20:28.889974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:21:00.896219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:27:04.901729 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 05:27:11.909448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:27:19.911153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:27:35.914031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:28:07.920318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:34:11.926346 3.001554 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 05:34:18.933237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:34:26.935109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:34:42.938220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:35:14.943945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:37:27.054927 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 05:37:27.055048 0.536239 tcp 10.0.2.109 58568 -> 176.73.169.112 1959 FSPA* 0 0 14 1512 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:41:18.949309 3.079257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 05:41:25.995629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:41:33.974790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:41:49.971960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:42:21.979262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:42:40.515134 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 05:42:40.515265 0.175542 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:40.688097 0.152374 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:40.839417 0.178017 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:41.094044 0.175618 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:41.264064 0.075759 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:41.264549 4.960096 tcp 10.0.2.109 58569 -> 173.174.73.38 3558 SPA_* 0 0 219 116530 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:42:41.369478 0.070629 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:41.424646 0.106480 rtp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:41.942823 0.051634 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:42.247295 0.215916 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:42.404997 0.168300 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:42.549776 0.149205 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:42.777792 0.171107 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:42.927332 0.179420 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:43.179244 0.114128 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:43.255219 0.080523 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:43.320362 0.073500 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:43.450937 0.121423 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:42:43.536161 0.000000 udp 10.0.2.109 3683 -> 36.231.212.210 6096 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 05:42:46.273489 4.998613 tcp 10.0.2.109 58569 -> 173.174.73.38 3558 A_PA 0 0 210 115188 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:42:51.275323 4.978722 tcp 10.0.2.109 58569 -> 173.174.73.38 3558 A_PA 0 0 179 98330 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:42:56.360739 3.190818 tcp 10.0.2.109 58569 -> 173.174.73.38 3558 FPA_* 0 0 75 37592 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:42:59.785112 0.065171 tcp 10.0.2.109 58570 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:42:59.850609 0.068521 tcp 10.0.2.109 58571 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:42:59.919592 0.158146 tcp 10.0.2.109 58572 -> 195.113.214.249 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:43:16.357006 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 05:43:31.960638 0.054479 tcp 10.0.2.109 58573 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:43:32.015426 0.061297 tcp 10.0.2.109 58574 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:43:32.076991 0.157495 tcp 10.0.2.109 58575 -> 195.113.214.249 443 SRPA* 0 0 49 25094 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:43:32.235036 0.372582 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:32.719931 0.163595 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:32.881603 0.105166 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:33.389512 0.375683 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:33.760771 0.216197 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:34.246823 0.075808 rtp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:34.299983 0.296263 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:34.560143 0.343218 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:34.904418 0.188745 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:35.089509 0.118304 udp 10.0.2.109 3683 <-> 86.138.246.141 7913 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:35.169338 0.169406 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:35.333259 0.152296 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:35.484321 0.173130 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:35.653595 0.250349 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:35.892177 0.077648 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:35.971234 0.239094 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:36.194530 0.051771 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:36.255151 0.115185 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:36.336976 0.165751 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:36.479463 0.155565 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:36.596457 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 05:43:54.231374 0.054563 tcp 10.0.2.109 58576 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:43:54.286317 0.062154 tcp 10.0.2.109 58577 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:43:54.348805 0.159825 tcp 10.0.2.109 58578 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:43:54.509182 0.228611 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:54.669867 0.069256 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:54.820305 0.176249 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:54.967502 0.103459 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:55.115275 0.108078 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:43:55.186655 0.065814 rtp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/12 05:44:00.570345 0.572382 tcp 10.0.2.109 58579 -> 176.73.169.112 1959 FSPA* 0 0 15 1779 flow=From-Botnet-V1-TCP-Established 1970/02/12 05:48:26.085686 3.000179 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 05:48:33.091919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:48:41.093149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:48:57.095993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:49:29.102579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:55:55.110570 3.000801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 05:56:02.117103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:56:10.119329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:56:26.121922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 05:56:58.128507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:03:02.134476 3.001025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 06:03:09.144023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:03:17.142892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:03:33.146006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:04:05.151698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:10:09.157662 3.001789 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 06:10:16.165165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:10:24.166672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:10:40.169945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:11:12.175892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:14:01.149229 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 06:14:01.149411 0.607109 tcp 10.0.2.109 58580 -> 176.73.169.112 1959 FSPA* 0 0 15 1659 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:08.789918 0.194620 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:08.981405 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 06:14:26.617586 0.052947 tcp 10.0.2.109 58581 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:26.670831 0.065681 tcp 10.0.2.109 58582 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:26.736793 0.162412 tcp 10.0.2.109 58583 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:26.899865 1.019692 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:27.912877 4.690971 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 SPA_* 0 0 54 25583 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:27.927687 0.157421 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:28.167196 0.220531 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:28.642879 0.082971 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:28.711785 0.072806 udp 10.0.2.109 3683 <-> 109.153.74.5 6148 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:28.959583 0.459199 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:29.459447 0.332438 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:29.790992 0.305886 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:30.060864 0.175730 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:30.537143 0.000000 udp 10.0.2.109 3683 -> 86.138.246.141 7913 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 06:14:33.414793 4.897243 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 85 45550 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:39.075476 4.844637 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 86 45604 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:44.752238 4.959014 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 85 45550 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:48.096845 0.055412 tcp 10.0.2.109 58585 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:48.152615 0.064538 tcp 10.0.2.109 58586 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:48.217252 0.158529 tcp 10.0.2.109 58587 -> 195.113.214.249 443 SRPA* 0 0 39 29470 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:48.376442 0.188529 rtp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:48.562076 0.166751 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:48.846868 0.076039 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:14:49.129874 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 06:14:50.465042 4.949093 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 86 45604 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:14:56.135948 4.870319 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 65 38326 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:01.204958 4.366214 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 61 31966 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:06.643488 0.068790 tcp 10.0.2.109 58588 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:06.712572 0.065075 tcp 10.0.2.109 58589 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:06.777932 0.158128 tcp 10.0.2.109 58590 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:06.936712 0.053494 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2525 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:07.374276 0.112030 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:07.530020 0.000000 udp 10.0.2.109 3683 -> 99.34.137.78 2733 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 06:15:07.683458 3.784460 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 20 13616 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:12.700233 4.915330 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 35 22122 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:17.808792 4.836784 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 45 27006 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:23.625773 4.924415 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 84 45496 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:25.089900 0.052529 tcp 10.0.2.109 58591 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:25.142678 0.060945 tcp 10.0.2.109 58592 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:25.203898 0.159543 tcp 10.0.2.109 58593 -> 195.113.214.249 443 SRPA* 0 0 24 12986 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:25.364099 0.193391 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:25.556347 0.128325 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:25.650363 0.189009 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:25.877931 0.195638 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:26.027571 0.110387 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:26.225346 0.115882 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:26.500732 0.079089 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:26.564492 0.078516 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:26.775221 0.179736 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:15:28.754598 4.676680 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 45 27006 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:34.455668 3.800263 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 25 17134 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:40.940040 4.328463 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 14 7996 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:46.055777 3.600077 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 53 28390 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:52.452140 3.680200 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 31 16010 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:15:58.520807 4.878671 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 75 43562 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:03.604705 4.786918 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 33 20214 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:09.415642 4.810697 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 40 24688 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:14.421791 4.735768 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 29 21446 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:21.631786 4.934990 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 52 34128 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:27.824721 4.992216 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 32 20160 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:33.016956 4.987125 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 29 17950 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:40.315349 4.871353 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 31 18058 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:45.386595 3.913124 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_PA 0 0 8 3328 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:52.086035 4.948541 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 FPA_* 0 0 35 18613 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:16:57.231940 0.000146 tcp 10.0.2.109 58584 -> 70.80.185.236 4126 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:17:16.181157 3.002234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 06:17:23.189150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:17:31.192585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:17:47.194842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:18:19.199881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:24:23.206703 3.000748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 06:24:30.212937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:24:38.214854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:24:54.217637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:25:26.223829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:31:30.229662 3.001760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 06:31:37.237333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:31:45.239546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:32:01.241802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:32:33.247609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:38:37.254492 3.000653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 06:38:44.261082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:38:52.262679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:39:08.265652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:39:40.271579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:44:01.758065 0.000166 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 06:44:01.758280 0.588944 tcp 10.0.2.109 58594 -> 176.73.169.112 1959 FSPA* 0 0 14 1589 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:45:44.278012 3.001205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 06:45:51.285182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:45:52.556972 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 06:45:52.557163 0.000000 udp 10.0.2.109 3683 -> 86.138.246.141 7913 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 06:45:59.286708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:46:10.674783 0.064884 tcp 10.0.2.109 58595 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:46:10.739952 0.066283 tcp 10.0.2.109 58596 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:46:10.806528 0.156519 tcp 10.0.2.109 58597 -> 195.113.214.249 443 SRPA* 0 0 31 14238 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:46:10.961872 0.182085 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:11.140851 0.071215 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:11.241425 0.202099 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:11.438858 0.159836 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:11.598267 0.233113 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:11.826693 0.000000 udp 10.0.2.109 3683 -> 109.153.74.5 6148 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 06:46:15.289594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:46:29.621667 0.063073 tcp 10.0.2.109 58598 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:46:29.685088 0.065132 tcp 10.0.2.109 58599 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:46:29.750561 0.196996 tcp 10.0.2.109 58600 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 06:46:29.948240 0.085374 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:30.008734 0.216808 rtp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 1998 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:30.222717 0.235879 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:30.422570 0.400772 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:30.820603 0.330305 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:31.151587 0.242826 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:31.388935 0.075924 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:31.475377 0.167566 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:31.644385 0.189791 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:31.831701 0.053451 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:31.897880 0.123107 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2612 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:31.982534 0.152860 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:32.134210 0.146092 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:32.241504 0.166387 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:32.384997 0.219849 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:32.541553 0.082834 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:32.621402 0.083009 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2554 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:32.685650 0.112875 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:32.760931 0.691053 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:33.414701 0.180845 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/12 06:46:47.295607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:54:34.309609 3.001650 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 06:54:41.317025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:54:49.318831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:55:05.321766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 06:55:37.327862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:02:04.346957 3.001538 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 07:02:11.355088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:02:19.355897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:02:35.358924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:03:07.364813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:09:14.375092 3.029463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 07:09:21.392608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:09:29.394832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:09:45.396963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:10:17.402930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:14:02.347300 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 07:14:02.347513 0.591025 tcp 10.0.2.109 58601 -> 176.73.169.112 1959 FSPA* 0 0 15 1747 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:16:26.416033 3.001909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 07:16:33.423527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:16:36.047829 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 07:16:36.048000 0.000000 udp 10.0.2.109 3683 -> 109.153.74.5 6148 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 07:16:41.425055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:16:52.363005 0.076543 tcp 10.0.2.109 58602 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:16:52.439873 0.065214 tcp 10.0.2.109 58603 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:16:52.505369 0.170709 tcp 10.0.2.109 58604 -> 195.113.214.249 443 SRPA* 0 0 43 22186 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:16:52.676707 0.066277 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:52.729034 0.194487 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:53.348847 0.163676 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:53.644740 0.143614 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:53.779454 0.181822 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:54.121760 0.091131 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:54.187417 0.374037 rtp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:54.558043 0.217525 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:54.806592 0.502898 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:55.275815 0.336899 rtp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:55.818731 0.175245 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:55.990921 0.075555 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:56.099338 0.166668 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:56.306697 0.190228 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:56.493570 0.052838 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:56.611567 0.117031 rtp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:56.697436 0.153307 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:56.949689 0.150375 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:57.061384 0.170468 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:57.295294 0.210816 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:57.428172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:16:57.444072 0.079351 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:57.541698 0.074183 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:57.600341 0.112731 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:57.763956 0.112427 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:16:57.837016 0.183143 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:17:29.434143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:23:36.444427 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 07:23:43.451973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:23:51.453619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:24:07.456716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:24:39.462516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:30:43.479480 3.000691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 07:30:50.485730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:30:58.487432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:31:14.490703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:31:46.496718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:37:50.502889 3.001429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 07:37:57.509694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:38:05.511347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:38:21.517445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:38:53.520525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:44:02.945729 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 07:44:02.945895 2.993784 tcp 10.0.2.109 58605 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:44:11.938305 0.000000 tcp 10.0.2.109 58605 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:44:17.949214 0.072613 tcp 10.0.2.109 58606 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:44:18.022105 0.061742 tcp 10.0.2.109 58607 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:44:18.084217 0.150267 tcp 10.0.2.109 58608 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:44:18.403295 3.002070 tcp 10.0.2.109 58609 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:44:27.400286 0.000000 tcp 10.0.2.109 58609 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:44:33.399774 0.053559 tcp 10.0.2.109 58610 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:44:33.453593 0.064395 tcp 10.0.2.109 58611 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:44:33.518252 0.156781 tcp 10.0.2.109 58612 -> 195.113.214.249 443 SRPA* 0 0 25 13912 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:44:33.697622 2.995583 tcp 10.0.2.109 58613 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:44:42.692606 0.000000 tcp 10.0.2.109 58613 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:44:48.691187 0.064025 tcp 10.0.2.109 58614 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:44:48.755506 0.065385 tcp 10.0.2.109 58615 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:44:48.821191 0.158097 tcp 10.0.2.109 58616 -> 195.113.214.249 443 SRPA* 0 0 25 14904 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:44:48.991579 3.004131 tcp 10.0.2.109 58617 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:44:57.526841 3.001137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 07:44:57.994551 0.000000 tcp 10.0.2.109 58617 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:45:03.993185 3.004296 tcp 10.0.2.109 58618 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:45:04.533693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:45:12.535276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:45:13.006004 0.000000 tcp 10.0.2.109 58618 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:45:18.994818 2.994308 tcp 10.0.2.109 58619 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:45:27.997233 0.000000 tcp 10.0.2.109 58619 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:45:28.538706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:46:00.544175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:47:20.649683 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 07:47:20.649848 0.070640 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:20.703012 0.142845 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:20.838307 0.194844 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:21.029722 0.160671 rtp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:21.203861 0.179810 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:21.381271 0.097994 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:21.452440 0.351090 udp 10.0.2.109 3683 <-> 36.231.212.210 6096 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:21.801078 0.216034 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:22.008454 0.162111 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:22.135146 0.330338 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:22.483319 0.172596 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:22.651625 0.075545 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:22.745146 0.169300 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:22.910414 0.118863 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:22.996641 0.152287 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:23.506437 0.164157 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:23.631665 0.188225 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:23.816589 0.052830 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:23.889755 0.164469 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:24.034927 0.212114 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:24.191239 0.080729 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:24.254730 0.133070 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:24.371545 0.115436 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:24.448263 0.148648 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:47:24.561310 0.176674 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/12 07:50:33.997901 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 07:50:33.998058 3.003876 tcp 10.0.2.109 58620 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:50:43.000679 0.000000 tcp 10.0.2.109 58620 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:50:49.001093 0.053915 tcp 10.0.2.109 58621 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:50:49.055269 0.135678 tcp 10.0.2.109 58622 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:50:49.191292 0.156344 tcp 10.0.2.109 58623 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:50:49.398840 3.005230 tcp 10.0.2.109 58624 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:50:58.402971 0.000000 tcp 10.0.2.109 58624 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:51:04.391926 0.055515 tcp 10.0.2.109 58625 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:51:04.447721 0.061636 tcp 10.0.2.109 58626 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:51:04.509685 0.159047 tcp 10.0.2.109 58627 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:51:04.678830 3.007023 tcp 10.0.2.109 58628 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:51:13.684466 0.000000 tcp 10.0.2.109 58628 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:51:19.674007 0.053286 tcp 10.0.2.109 58629 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:51:19.727621 0.085946 tcp 10.0.2.109 58630 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:51:19.813868 0.153366 tcp 10.0.2.109 58631 -> 195.113.214.249 443 SRPA* 0 0 24 13822 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:51:19.981603 2.996358 tcp 10.0.2.109 58632 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:51:28.986910 0.000000 tcp 10.0.2.109 58632 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:51:34.975367 2.994241 tcp 10.0.2.109 58633 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:51:43.968182 0.000000 tcp 10.0.2.109 58633 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:51:49.977037 2.994045 tcp 10.0.2.109 58634 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:51:58.969492 0.000000 tcp 10.0.2.109 58634 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:54:06.556104 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 07:54:13.563053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:54:21.564394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:54:37.567673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:55:09.574952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 07:57:04.980211 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 07:57:04.980392 3.003609 tcp 10.0.2.109 58635 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:57:13.983053 0.000000 tcp 10.0.2.109 58635 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 07:57:19.983057 0.049504 tcp 10.0.2.109 58636 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:57:20.032829 0.060831 tcp 10.0.2.109 58637 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:57:20.093954 0.165675 tcp 10.0.2.109 58638 -> 195.113.214.249 443 SRPA* 0 0 33 19400 flow=From-Botnet-V1-TCP-Established 1970/02/12 07:57:20.378972 0.481723 tcp 10.0.2.109 58639 -> 176.73.169.112 1959 FSPA* 0 0 15 1683 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:01:24.585901 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 08:01:31.592908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:01:39.594331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:01:55.597360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:02:27.603346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:08:47.612588 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 08:08:54.619972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:09:02.621395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:09:18.624484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:09:50.630743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:15:54.636179 3.002203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 08:16:01.643907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:16:09.645536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:16:25.648418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:16:57.654614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:17:41.257572 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:17:41.257697 0.073169 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:17:41.312047 0.143523 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:17:41.447559 0.000000 udp 10.0.2.109 3683 -> 99.34.137.78 2733 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:17:57.502519 0.050245 tcp 10.0.2.109 58640 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:17:57.553034 0.065987 tcp 10.0.2.109 58641 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:17:57.619327 0.161456 tcp 10.0.2.109 58642 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:17:57.781358 0.092557 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:17:57.849050 0.000000 udp 10.0.2.109 3683 -> 36.231.212.210 6096 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:18:13.614530 0.049763 tcp 10.0.2.109 58643 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:18:13.664232 0.065249 tcp 10.0.2.109 58644 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:18:13.729808 0.157957 tcp 10.0.2.109 58645 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:18:13.888287 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:18:32.405318 0.100371 tcp 10.0.2.109 58646 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:18:32.505982 0.064470 tcp 10.0.2.109 58647 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:18:32.570808 0.156189 tcp 10.0.2.109 58648 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:18:32.727515 0.159377 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:33.026324 0.220790 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:33.238701 0.254708 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:33.458136 0.330866 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:33.984784 0.173552 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:34.155712 0.075531 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:34.449533 0.168724 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2564 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:34.794217 0.153307 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:34.907332 0.190588 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2638 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:35.094674 0.053834 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:35.244878 3.231121 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:38.446253 0.153364 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:38.673639 0.167690 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:38.817943 0.221656 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:39.088595 0.081183 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:39.373750 0.079423 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:39.433318 0.115473 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:39.509004 0.119992 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:18:39.713558 0.178293 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:23:01.660841 3.161975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 08:23:08.801048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:23:16.737288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:23:32.682268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:24:04.688681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:27:20.861115 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:27:20.861213 0.689870 tcp 10.0.2.109 58649 -> 176.73.169.112 1959 FSPA* 0 0 14 1515 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:30:08.695226 3.000963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 08:30:15.702530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:30:23.703419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:30:39.706495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:31:11.712042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:37:15.718692 3.001181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 08:37:22.725800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:37:30.727498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:37:46.730499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:38:18.736455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:44:22.743446 3.000709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 08:44:29.750056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:44:37.750958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:44:53.754391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:45:25.760296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:48:56.233323 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:48:56.233547 0.180352 rtp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:48:56.411099 0.195928 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:48:56.725773 0.000000 udp 10.0.2.109 3683 -> 36.231.212.210 6096 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:49:13.709602 0.050916 tcp 10.0.2.109 58650 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:49:13.760797 0.063929 tcp 10.0.2.109 58651 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:49:13.825022 0.162209 tcp 10.0.2.109 58652 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:49:13.987782 0.144282 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:14.123645 0.073188 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:14.316318 0.090591 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:14.384234 0.161244 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:14.540564 0.322030 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:14.861924 0.219567 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:15.171454 0.110894 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:15.248733 0.174670 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:15.420716 0.076279 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:15.497976 0.168665 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:15.748108 0.053662 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:15.896858 0.151708 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:16.010467 0.190916 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:16.282078 3.638028 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:19.887350 0.155413 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:20.040082 0.174179 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:20.191056 0.231280 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:20.360291 0.083328 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:20.446387 0.081517 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:20.509706 0.117384 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:20.587726 0.116576 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:20.665679 0.178384 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:20.888994 0.376729 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 8 3092 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:21.262540 0.340839 udp 10.0.2.109 3683 <-> 99.34.137.78 2733 CON 0 0 8 3186 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:21.600395 0.104269 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3007 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:21.688987 0.306199 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 8 3035 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:21.972615 0.319849 udp 10.0.2.109 3683 <-> 71.63.188.231 2516 CON 0 0 8 3035 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:22.308353 0.632009 udp 10.0.2.109 3683 <-> 147.8.183.75 7621 CON 0 0 8 2931 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:22.949429 0.275010 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 8 2987 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:23.216951 0.558493 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 8 3180 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:23.770829 0.722634 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 8 3201 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:24.455684 0.327338 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3092 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:24.780416 0.150958 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 8 3088 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:25.023090 0.336983 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 8 3053 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:25.361419 0.103131 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 2863 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:25.491350 0.366379 udp 10.0.2.109 3683 <-> 108.254.5.172 4596 CON 0 0 8 3112 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:25.855215 0.257104 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 8 3077 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:26.074923 3.147937 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 3 938 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:34.227830 0.311326 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 8 3315 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:34.538250 0.333970 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 8 3009 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:34.849000 0.361408 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 8 2936 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:35.163512 0.128246 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 8 3132 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:35.272224 0.462614 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 8 2895 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:35.717861 0.178670 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 8 2978 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:35.858062 1.394421 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 8 3081 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:36.248939 0.712155 udp 10.0.2.109 3683 <- 94.67.241.188 2179 RSP 0 0 5 2033 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:49:37.216712 0.324594 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 3108 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:37.513980 0.000000 udp 10.0.2.109 3683 -> 79.9.51.157 9775 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:49:44.141990 0.481983 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 8 2767 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:44.980685 0.000000 udp 10.0.2.109 3683 -> 1.212.107.173 9358 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:49:51.362560 0.315769 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 2991 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:49:51.726948 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:50:00.535762 0.093170 udp 10.0.2.109 3683 -> 79.182.137.37 6445 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:50:00.628932 0.000000 icmp 79.182.137.37 0x0303 -> 10.0.2.109 0x2d19 URP 192 1 151 flow=Background 1970/02/12 08:50:05.081996 0.000255 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:50:07.115280 0.000000 udp 10.0.2.109 3683 -> 86.132.143.1 6622 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:50:15.517121 0.000000 udp 10.0.2.109 3683 -> 99.11.249.247 7253 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:50:23.880084 0.000000 udp 10.0.2.109 3683 -> 173.251.120.42 9546 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:50:31.620208 0.000000 udp 10.0.2.109 3683 -> 93.67.243.131 8552 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:50:40.553494 0.000000 udp 10.0.2.109 3683 -> 79.210.66.153 2613 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:50:46.221373 3.144637 udp 10.0.2.109 3683 -> 199.189.242.40 3540 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:50:49.366010 0.000000 icmp 199.189.242.40 0x0103 -> 10.0.2.109 0xc7bd URH 192 1 278 flow=Background 1970/02/12 08:50:51.088379 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:50:52.981088 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:51:01.262932 0.000000 udp 10.0.2.109 3683 -> 187.174.144.86 1299 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:51:07.752122 0.189266 udp 10.0.2.109 3683 <-> 94.66.204.198 6063 CON 0 0 8 3105 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:51:07.912071 0.000000 udp 10.0.2.109 3683 -> 173.3.60.198 6109 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:51:14.441754 0.000000 udp 10.0.2.109 3683 -> 82.112.199.148 1184 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:51:21.282029 0.000000 udp 10.0.2.109 3683 -> 62.0.111.82 5522 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:51:28.422053 0.912616 udp 10.0.2.109 3683 <-> 58.9.245.158 5202 CON 0 0 8 3112 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:51:29.335783 0.098234 rtp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 8 2883 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:51:29.441110 0.329088 udp 10.0.2.109 3683 <-> 202.179.64.164 7901 CON 0 0 8 2887 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:51:29.780560 0.000000 udp 10.0.2.109 3683 -> 187.174.119.158 4826 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:51:38.766901 0.047006 udp 10.0.2.109 3683 -> 95.113.196.218 9925 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:51:38.813907 0.000000 icmp 95.113.196.218 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 258 flow=Background 1970/02/12 08:51:43.583630 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:51:47.229004 0.000000 udp 10.0.2.109 3683 -> 92.26.132.78 4397 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:51:54.940086 0.183081 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 8 2979 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:51:55.094464 0.098433 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 2958 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:51:55.222639 0.238910 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 8 3079 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:51:55.481911 0.000000 udp 10.0.2.109 3683 -> 95.242.41.12 9745 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:52:03.652777 0.194035 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 8 3195 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:52:03.861075 0.000000 udp 10.0.2.109 3683 -> 92.251.3.111 8911 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:52:09.721453 0.570682 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 8 3070 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:52:10.280839 0.000000 udp 10.0.2.109 3683 -> 95.227.67.150 3581 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:52:18.503839 0.000000 udp 10.0.2.109 3683 -> 188.14.21.142 5805 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:52:23.821557 0.125709 udp 10.0.2.109 3683 -> 46.198.245.197 6500 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:52:23.947266 0.000000 icmp 46.198.245.197 0x0303 -> 10.0.2.109 0x6419 URP 192 1 265 flow=Background 1970/02/12 08:52:28.588447 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:52:30.040872 0.557069 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 8 2747 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:52:30.606606 0.000000 udp 10.0.2.109 3683 -> 58.177.235.242 7399 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:52:35.959021 0.480559 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 8 2767 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:52:36.456441 0.000000 udp 10.0.2.109 3683 -> 178.233.67.192 3774 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:52:43.409791 0.000000 udp 10.0.2.109 3683 -> 93.177.153.25 2928 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:52:52.392724 0.000000 udp 10.0.2.109 3683 -> 79.151.145.247 8796 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:52:59.523059 0.000000 udp 10.0.2.109 3683 -> 69.199.30.121 7858 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:53:07.495776 0.000000 udp 10.0.2.109 3683 -> 181.55.226.193 5858 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:53:13.252746 0.248966 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 8 2860 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:53:13.528373 0.154508 udp 10.0.2.109 3683 -> 69.193.191.126 1944 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:53:13.682881 0.000000 icmp 69.193.191.126 0x0303 -> 10.0.2.109 0x9807 URP 192 1 191 flow=Background 1970/02/12 08:53:18.089216 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:53:21.874732 0.000000 udp 10.0.2.109 3683 -> 74.62.223.82 4338 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:53:30.297313 0.000000 udp 10.0.2.109 3683 -> 12.204.242.98 1184 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:53:37.827864 0.000000 udp 10.0.2.109 3683 -> 62.38.130.230 2790 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:53:43.886287 0.089719 udp 10.0.2.109 3683 <-> 217.253.253.97 5658 CON 0 0 8 2970 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:53:44.045233 0.087556 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:53:44.142934 0.000000 udp 10.0.2.109 3683 -> 64.3.166.150 5053 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:53:47.775658 3.000762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 08:53:51.367566 0.000000 udp 10.0.2.109 3683 -> 46.197.185.32 2950 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:53:54.782331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:53:57.546281 0.342093 udp 10.0.2.109 3683 <-> 123.203.24.77 7236 CON 0 0 2 765 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:53:58.065574 0.039492 udp 10.0.2.109 3683 -> 31.16.179.105 3653 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:53:58.105066 0.000000 icmp 31.16.179.105 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 285 flow=Background 1970/02/12 08:54:02.583141 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:54:02.783426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:54:03.664467 0.354269 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 761 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:54:04.180797 0.000000 udp 10.0.2.109 3683 -> 95.89.46.153 7023 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:54:09.293321 0.093556 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:54:09.576484 0.000000 udp 10.0.2.109 3683 -> 93.150.229.202 9153 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:54:15.692322 0.408590 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 764 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:54:16.154920 0.000000 udp 10.0.2.109 3683 -> 93.56.204.129 5936 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:54:18.786278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:54:23.243387 0.000000 udp 10.0.2.109 3683 -> 87.6.39.235 8398 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:54:29.912955 0.000000 udp 10.0.2.109 3683 -> 87.9.128.77 5391 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:54:36.772908 0.000000 udp 10.0.2.109 3683 -> 95.253.224.5 7276 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:54:44.784210 0.000000 udp 10.0.2.109 3683 -> 71.238.204.251 9777 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:54:49.590946 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:54:50.792541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 08:54:51.343537 0.000000 udp 10.0.2.109 3683 -> 5.68.236.40 6118 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:54:59.255158 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:55:07.026389 0.000000 udp 10.0.2.109 3683 -> 82.89.143.12 2919 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:55:15.548620 0.000000 udp 10.0.2.109 3683 -> 97.68.87.33 2033 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:55:23.502911 0.000000 udp 10.0.2.109 3683 -> 41.254.3.87 6081 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:55:30.049518 0.000000 udp 10.0.2.109 3683 -> 94.71.159.156 6898 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:55:34.588830 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:55:37.239781 0.123477 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 801 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:55:37.375129 0.000000 udp 10.0.2.109 3683 -> 186.90.124.137 3995 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:55:45.111043 0.143424 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 655 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:55:45.317955 0.169203 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 832 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:55:45.510951 0.000000 udp 10.0.2.109 3683 -> 41.133.229.62 1000 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:55:53.032350 0.000000 udp 10.0.2.109 3683 -> 108.223.202.160 3023 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:55:58.149698 0.000000 udp 10.0.2.109 3683 -> 58.108.231.40 9846 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:56:06.151290 0.690660 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:56:07.114701 0.000000 udp 10.0.2.109 3683 -> 46.44.202.7 8868 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:56:13.291650 0.000000 udp 10.0.2.109 3683 -> 109.242.127.11 2379 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:56:20.644780 0.313844 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 810 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:56:21.069094 0.055419 udp 10.0.2.109 3683 -> 88.57.238.145 9931 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:56:21.124513 0.000000 icmp 88.48.149.78 0x0303 -> 10.0.2.109 0xcb26 URP 192 1 163 flow=Background 1970/02/12 08:56:25.594582 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:56:26.113901 0.080415 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 807 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:56:26.291301 0.000000 udp 10.0.2.109 3683 -> 64.190.250.135 9025 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:56:33.732934 0.000000 udp 10.0.2.109 3683 -> 113.161.77.149 4666 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:56:41.852660 0.000000 udp 10.0.2.109 3683 -> 93.58.167.170 2043 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:56:50.355079 0.000000 udp 10.0.2.109 3683 -> 88.244.18.139 4553 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:56:58.796576 0.000000 udp 10.0.2.109 3683 -> 2.40.9.29 4735 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:57:05.927370 0.167698 udp 10.0.2.109 3683 -> 69.248.53.198 2234 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:57:06.095068 0.000000 icmp 69.248.53.198 0x0303 -> 10.0.2.109 0xba08 URP 192 1 258 flow=Background 1970/02/12 08:57:10.583685 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:57:12.736857 0.000000 udp 10.0.2.109 3683 -> 207.148.203.91 3622 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:57:21.509577 0.000000 udp 10.0.2.109 3683 -> 2.35.243.251 8906 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:57:21.550088 0.857590 tcp 10.0.2.109 58653 -> 176.73.169.112 1959 FSPA* 0 0 15 1688 flow=From-Botnet-V1-TCP-Established 1970/02/12 08:57:30.101813 0.198436 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 769 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:57:30.323399 0.000000 udp 10.0.2.109 3683 -> 93.229.225.133 3320 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:57:37.652876 0.000000 udp 10.0.2.109 3683 -> 92.18.162.48 5432 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:57:43.401169 0.000000 udp 10.0.2.109 3683 -> 190.79.107.203 6342 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:57:49.830584 0.000000 udp 10.0.2.109 3683 -> 194.73.71.214 9163 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:57:56.469901 0.000000 udp 10.0.2.109 3683 -> 86.137.217.226 4453 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:58:04.030727 0.142772 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 719 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:58:04.183537 0.360215 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 773 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:58:04.558920 0.201186 udp 10.0.2.109 3683 <-> 217.203.240.170 4412 CON 0 0 2 770 flow=From-Botnet-V1-UDP-Established 1970/02/12 08:58:04.775709 0.000000 udp 10.0.2.109 3683 -> 84.58.209.74 4768 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:58:08.586775 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:58:11.762176 0.000000 udp 10.0.2.109 3683 -> 82.12.179.36 5755 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:58:20.284207 0.000000 udp 10.0.2.109 3683 -> 59.115.37.229 2346 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:58:28.467397 0.000000 udp 10.0.2.109 3683 -> 46.197.167.75 3636 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:58:34.820728 0.000000 udp 10.0.2.109 3683 -> 117.218.139.254 9977 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:58:40.222892 0.000000 udp 10.0.2.109 3683 -> 202.64.92.136 6926 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:58:46.155471 0.000000 udp 10.0.2.109 3683 -> 188.9.177.206 1320 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:58:53.947715 0.000000 udp 10.0.2.109 3683 -> 119.234.158.112 5726 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:58:58.589196 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:59:01.102450 0.000000 udp 10.0.2.109 3683 -> 85.118.101.126 1048 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:59:08.102744 0.000000 udp 10.0.2.109 3683 -> 64.130.191.139 9584 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:59:16.605118 0.000000 udp 10.0.2.109 3683 -> 165.228.70.22 8079 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:59:25.518273 0.000000 udp 10.0.2.109 3683 -> 195.91.157.11 1954 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:59:33.859701 0.000000 udp 10.0.2.109 3683 -> 79.40.163.28 1111 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:59:41.530742 0.090884 udp 10.0.2.109 3683 -> 95.10.153.127 2474 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:59:41.621626 0.000000 icmp 95.10.153.127 0x0303 -> 10.0.2.109 0xaa09 URP 192 1 318 flow=Background 1970/02/12 08:59:46.087720 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 08:59:46.748578 0.000000 udp 10.0.2.109 3683 -> 86.98.95.183 4997 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 08:59:55.511321 0.000000 udp 10.0.2.109 3683 -> 86.19.157.103 7116 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:00:02.591317 0.176271 udp 10.0.2.109 3683 <-> 76.67.121.5 5228 CON 0 0 2 710 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:00:02.787309 0.798532 udp 10.0.2.109 3683 <-> 2.191.249.175 2548 CON 0 0 2 761 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:00:03.615998 0.000000 udp 10.0.2.109 3683 -> 192.251.46.124 8707 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:00:11.934303 0.000000 udp 10.0.2.109 3683 -> 212.76.77.154 9349 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:00:20.707412 0.095494 udp 10.0.2.109 3683 <-> 81.158.186.46 5857 CON 0 0 2 677 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:00:20.964823 0.000000 udp 10.0.2.109 3683 -> 95.226.209.45 8521 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:00:29.436753 0.000000 udp 10.0.2.109 3683 -> 95.104.107.8 8299 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:00:34.089083 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 09:00:35.038982 0.000000 udp 10.0.2.109 3683 -> 94.127.99.5 6166 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:00:41.576792 0.090796 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 860 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:00:41.794615 0.040518 udp 10.0.2.109 3683 <-> 84.133.87.167 8342 CON 0 0 2 694 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:00:42.015853 0.100674 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 793 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:00:54.799885 3.000758 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 09:01:01.805507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:01:09.807740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:01:25.810937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:01:57.816438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:08:11.828160 3.000605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 09:08:18.834612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:08:26.835970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:08:42.839676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:09:14.847016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:15:18.851199 3.001473 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 09:15:25.858796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:15:33.860137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:15:49.862886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:16:21.869006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:22:25.875334 3.001398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 09:22:32.881970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:22:40.884052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:22:56.886593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:23:28.893288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:27:22.409566 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 09:27:22.409676 0.933680 tcp 10.0.2.109 58654 -> 176.73.169.112 1959 FSPA* 0 0 16 1725 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:29:32.900169 3.000461 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 09:29:39.906602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:29:47.907882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:30:03.929394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:30:35.923374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:30:56.807957 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 09:30:56.808108 0.084571 udp 10.0.2.109 3683 <-> 94.66.204.198 6063 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:30:56.893122 0.000000 udp 10.0.2.109 3683 -> 58.9.245.158 5202 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:31:13.873472 0.053770 tcp 10.0.2.109 58655 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:31:13.927545 0.062146 tcp 10.0.2.109 58656 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:31:13.989952 0.138799 tcp 10.0.2.109 58657 -> 195.113.214.249 443 SRPA* 0 0 40 27627 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:31:14.129390 0.040810 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:14.170593 0.163971 udp 10.0.2.109 3683 <-> 202.179.64.164 7901 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:14.335002 0.055579 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:14.390980 0.068754 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:14.460138 0.297257 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:14.757766 0.193833 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:14.952035 0.049808 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.002274 0.101761 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.104423 0.120746 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.225736 0.144603 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.370737 0.070364 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.441464 0.146846 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.588671 0.080881 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.669985 0.074201 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.744541 0.148034 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.892988 0.083651 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:15.977041 0.217964 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:16.195481 0.067901 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:16.263734 0.050863 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:16.314994 0.159656 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:16.475094 0.144089 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:16.619553 0.157429 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:16.777363 0.258481 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:17.036231 0.259107 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:17.295716 0.234222 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:17.530352 0.466230 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:17.996983 0.042187 udp 10.0.2.109 3683 <-> 217.253.253.97 5658 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:18.039550 0.148295 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:18.188329 0.345955 udp 10.0.2.109 3683 <-> 123.203.24.77 7236 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:18.534738 0.330731 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:18.865894 0.149091 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:19.015409 0.392166 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:19.407959 0.125597 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:19.533984 0.135440 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:19.669898 0.087122 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:19.757472 0.000000 udp 10.0.2.109 3683 -> 84.10.6.6 9114 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:31:37.516385 0.054178 tcp 10.0.2.109 58658 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:31:37.570854 0.060603 tcp 10.0.2.109 58659 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:31:37.631756 0.236587 tcp 10.0.2.109 58660 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:31:37.868849 0.233369 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:38.102643 0.076379 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:38.179496 0.191974 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:38.371927 0.000000 udp 10.0.2.109 3683 -> 217.203.240.170 4412 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:31:55.121432 0.055107 tcp 10.0.2.109 58661 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:31:55.176885 0.061252 tcp 10.0.2.109 58662 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:31:55.238489 0.153281 tcp 10.0.2.109 58663 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:31:55.392287 0.359894 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:55.752508 0.147328 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:55.900257 0.143112 udp 10.0.2.109 3683 <-> 76.67.121.5 5228 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:56.043767 0.341218 udp 10.0.2.109 3683 <-> 2.191.249.175 2548 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:31:56.385341 0.000000 udp 10.0.2.109 3683 -> 81.158.186.46 5857 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:32:11.645196 0.052898 tcp 10.0.2.109 58664 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:32:11.698359 0.066197 tcp 10.0.2.109 58665 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:32:11.764832 0.155930 tcp 10.0.2.109 58666 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:32:11.921455 0.000000 udp 10.0.2.109 3683 -> 84.133.87.167 8342 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 09:32:27.758562 0.055124 tcp 10.0.2.109 58667 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:32:27.813949 0.065538 tcp 10.0.2.109 58668 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:32:27.879765 0.161280 tcp 10.0.2.109 58669 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:32:28.041559 1.014779 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:32:29.056746 0.089469 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/12 09:36:39.924315 3.004601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 09:36:46.930205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:36:54.931719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:37:10.934861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:37:42.940991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:43:46.947059 3.002302 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 09:43:53.954931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:44:01.955834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:44:17.958937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:44:49.965304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:50:53.970998 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 09:51:00.978542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:51:08.979852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:51:24.982756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:51:56.988838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:57:23.348865 0.027173 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 09:57:23.376167 0.567085 tcp 10.0.2.109 58670 -> 176.73.169.112 1959 FSPA* 0 0 15 1762 flow=From-Botnet-V1-TCP-Established 1970/02/12 09:58:00.999867 2.996501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 09:58:08.006849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:58:16.003828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:58:32.006370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 09:59:04.012745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:02:46.433351 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 10:02:46.433503 0.000000 udp 10.0.2.109 3683 -> 58.9.245.158 5202 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:03:04.620434 0.050097 tcp 10.0.2.109 58671 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:04.670855 0.061490 tcp 10.0.2.109 58672 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:04.732567 0.155929 tcp 10.0.2.109 58673 -> 195.113.214.249 443 SRPA* 0 0 27 14020 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:04.889028 0.043132 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:03:04.932575 0.000000 udp 10.0.2.109 3683 -> 217.203.240.170 4412 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:03:21.973907 0.050527 tcp 10.0.2.109 58674 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:22.024738 0.067830 tcp 10.0.2.109 58675 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:22.092874 0.160479 tcp 10.0.2.109 58676 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:22.254583 0.000000 udp 10.0.2.109 3683 -> 81.158.186.46 5857 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:03:41.051911 0.049325 tcp 10.0.2.109 58677 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:41.101560 0.061498 tcp 10.0.2.109 58678 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:41.163334 0.152468 tcp 10.0.2.109 58679 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:41.316489 0.000000 udp 10.0.2.109 3683 -> 84.133.87.167 8342 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:03:59.037074 0.050127 tcp 10.0.2.109 58680 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:59.087555 0.065427 tcp 10.0.2.109 58681 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:59.153253 0.188837 tcp 10.0.2.109 58682 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:03:59.342593 0.075422 udp 10.0.2.109 3683 <-> 94.66.204.198 6063 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:03:59.418530 0.281554 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:03:59.700432 0.158161 udp 10.0.2.109 3683 <-> 202.179.64.164 7901 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:03:59.858998 0.042827 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:03:59.902244 0.060286 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:03:59.962896 0.054784 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:00.018019 0.143509 rtcp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:00.161961 0.065041 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:00.227383 0.080406 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:00.308174 0.270156 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:00.578718 0.115243 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:00.694355 0.148267 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:00.843025 0.050209 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:00.893675 0.074080 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:00.968140 0.203580 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:01.172079 0.147985 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:01.320539 0.072411 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:01.393385 0.145002 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:01.538778 0.065581 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:01.604742 0.075376 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:01.680532 0.070826 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:01.751797 0.207368 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:01.959596 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:04:19.537349 0.049380 tcp 10.0.2.109 58683 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:04:19.587009 0.061570 tcp 10.0.2.109 58684 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:04:19.648910 0.151589 tcp 10.0.2.109 58685 -> 195.113.214.249 443 SRPA* 0 0 25 13444 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:04:19.801172 0.188300 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:19.989870 0.318573 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:20.308839 0.265845 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:20.575073 0.043325 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:20.618845 0.055372 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:20.674616 0.000000 udp 10.0.2.109 3683 -> 123.203.24.77 7236 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:04:39.015203 0.048400 tcp 10.0.2.109 58686 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:04:39.063892 0.064630 tcp 10.0.2.109 58687 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:04:39.128780 0.169446 tcp 10.0.2.109 58688 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:04:39.298844 0.047204 udp 10.0.2.109 3683 <-> 217.253.253.97 5658 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:39.346444 0.363335 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:39.710272 0.088090 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:39.798719 0.212447 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:40.011504 0.056924 udp 10.0.2.109 3683 <-> 5.178.177.20 7491 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:40.068841 0.135681 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:40.204934 0.394754 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:40.600032 0.074998 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:40.675433 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:04:58.403865 0.049128 tcp 10.0.2.109 58689 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:04:58.453266 0.062723 tcp 10.0.2.109 58690 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:04:58.516285 0.163892 tcp 10.0.2.109 58691 -> 195.113.214.249 443 SRPA* 0 0 26 13496 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:04:58.680733 0.255650 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:58.936837 0.056752 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:58.993970 0.366492 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:59.360849 0.143676 udp 10.0.2.109 3683 <-> 76.67.121.5 5228 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:59.504948 0.357515 udp 10.0.2.109 3683 <-> 2.191.249.175 2548 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:59.862860 0.086752 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:04:59.950040 0.096106 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:05:33.029906 2.996331 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 10:05:40.032666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:05:48.033328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:06:04.036690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:06:36.042835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:12:40.048352 3.001630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 10:12:47.056352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:12:55.057611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:13:11.060887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:13:43.071981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:19:47.073045 3.001664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 10:19:54.080490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:20:02.081561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:20:18.084706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:20:50.090617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:26:54.096669 3.020261 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 10:27:01.113748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:27:09.115474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:27:23.927256 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 10:27:23.927347 0.592310 tcp 10.0.2.109 58692 -> 176.73.169.112 1959 FSPA* 0 0 15 1635 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:27:25.118819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:27:57.125326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:34:01.130699 3.001418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 10:34:08.137853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:34:16.139521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:34:32.146628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:35:04.148532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:35:17.457966 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 10:35:17.458219 0.047367 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:17.505990 0.000000 udp 10.0.2.109 3683 -> 123.203.24.77 7236 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:35:35.456112 0.051277 tcp 10.0.2.109 58693 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:35:35.507652 0.061198 tcp 10.0.2.109 58694 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:35:35.569123 0.159578 tcp 10.0.2.109 58695 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:35:35.729308 0.195910 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:35.925630 0.246294 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:36.172302 0.046787 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:36.219471 0.061539 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:36.281397 0.056545 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:36.338317 0.078836 udp 10.0.2.109 3683 <-> 94.66.204.198 6063 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:36.417555 0.157752 udp 10.0.2.109 3683 <-> 202.179.64.164 7901 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:36.575707 0.272571 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:36.848662 0.060262 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:36.909267 0.090906 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:37.000529 0.147953 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:37.148839 0.051100 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:37.200347 0.078943 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:37.279667 1.629106 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:38.909216 0.082568 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:38.992183 0.143952 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:39.136555 0.063266 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:39.200266 0.206063 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:39.406708 0.074200 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:39.481279 0.215705 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:39.697437 0.143857 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:39.841736 0.095820 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:39.937944 0.105914 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:40.044242 0.074835 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:40.119447 0.233766 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:40.353592 0.268084 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:40.622181 0.415794 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:41.038431 0.282391 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:41.321234 0.080714 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:41.402431 0.113574 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:41.516401 0.047522 udp 10.0.2.109 3683 <-> 217.253.253.97 5658 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:35:41.564291 0.000000 udp 10.0.2.109 3683 -> 5.178.177.20 7491 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:36:00.520223 0.049518 tcp 10.0.2.109 58696 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:36:00.570202 0.065708 tcp 10.0.2.109 58697 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:36:00.636175 0.153829 tcp 10.0.2.109 58698 -> 195.113.214.249 443 SRPA* 0 0 23 13260 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:36:00.790586 0.123962 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:00.914993 0.353141 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:01.268481 0.073583 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:01.342479 0.392205 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:01.735054 0.169497 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:01.904968 0.229559 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:02.134906 0.077782 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:02.213077 0.506158 udp 10.0.2.109 3683 <-> 2.191.249.175 2548 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:02.719648 1.996582 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:04.716620 0.094081 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:04.811161 0.366253 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/12 10:36:05.177788 0.000000 udp 10.0.2.109 3683 -> 76.67.121.5 5228 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 10:36:21.520301 0.049517 tcp 10.0.2.109 58699 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:36:21.570252 0.064044 tcp 10.0.2.109 58700 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:36:21.634588 0.183387 tcp 10.0.2.109 58701 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 10:41:08.154931 3.011403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 10:41:15.171849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:41:23.173658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:41:39.179915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:42:11.183484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:48:15.189722 3.000802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 10:48:22.195807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:48:30.197588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:48:46.202897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:49:18.206791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:55:48.227845 3.007051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 10:55:55.227267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:56:03.229209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:56:19.232466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:56:51.237804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 10:57:24.526578 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 10:57:24.526686 0.701019 tcp 10.0.2.109 58702 -> 176.73.169.112 1959 FSPA* 0 0 14 1617 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:02:55.244017 3.001425 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 11:03:02.251450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:03:10.252964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:03:26.255764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:03:58.261953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:06:36.199440 0.000147 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 11:06:36.199687 0.000000 udp 10.0.2.109 3683 -> 5.178.177.20 7491 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 11:06:51.663619 0.050245 tcp 10.0.2.109 58703 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:06:51.714274 0.063044 tcp 10.0.2.109 58704 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:06:51.777622 0.154708 tcp 10.0.2.109 58705 -> 195.113.214.249 443 SRPA* 0 0 24 13822 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:06:51.932815 0.000000 udp 10.0.2.109 3683 -> 76.67.121.5 5228 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 11:07:07.574614 0.049630 tcp 10.0.2.109 58706 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:07:07.624497 0.064220 tcp 10.0.2.109 58707 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:07:07.689023 0.153980 tcp 10.0.2.109 58708 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:07:07.843521 0.041573 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:07.885519 0.193114 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:08.079060 0.073011 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:08.152473 0.055797 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:08.208661 0.080015 udp 10.0.2.109 3683 <-> 94.66.204.198 6063 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:08.289096 0.163405 udp 10.0.2.109 3683 <-> 202.179.64.164 7901 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:08.492528 0.376647 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:08.869596 0.056646 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:08.926618 0.043967 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:08.970952 0.041091 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:09.012448 0.077896 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:09.090704 0.106078 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:09.197248 0.155363 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:09.352978 0.050992 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:09.404330 0.738524 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:10.143224 0.163938 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:10.307643 0.068876 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:10.376912 0.225824 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:10.603172 0.144431 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:10.747970 0.065748 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:10.814118 0.145844 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:10.960363 0.078494 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:11.039257 0.262200 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:11.301834 0.074929 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:11.377163 0.068080 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:11.445633 0.068204 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:11.514390 0.270961 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:11.785723 0.055076 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:11.841222 0.090741 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:11.932360 0.042157 udp 10.0.2.109 3683 <-> 217.253.253.97 5658 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:11.974957 0.047470 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:12.022850 0.267438 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:12.290734 0.122457 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:12.413559 0.321761 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:12.735658 0.137739 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:12.873767 0.404505 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:13.278639 0.076704 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:13.355761 0.485934 udp 10.0.2.109 3683 <-> 2.191.249.175 2548 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:13.842240 0.055441 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:13.898081 0.313389 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:14.211905 0.116370 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:14.328707 0.092415 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:07:14.421553 0.360637 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:10:02.268109 3.001440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 11:10:09.275234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:10:17.276683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:10:33.279972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:11:05.285749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:17:09.292924 3.000461 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 11:17:16.299082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:17:24.304647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:17:40.303799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:18:12.309629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:24:16.315805 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 11:24:23.323265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:24:31.324775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:24:47.327571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:25:19.333676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:27:25.236047 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 11:27:25.236150 0.559092 tcp 10.0.2.109 58709 -> 176.73.169.112 1959 FSPA* 0 0 14 1727 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:31:23.341460 3.001507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 11:31:30.347045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:31:38.349868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:31:54.351636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:32:26.357580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:37:42.772911 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 11:37:42.773077 0.065954 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:37:42.839492 0.055604 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:37:42.895506 0.043816 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:37:42.939720 0.263914 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:37:43.204015 0.074644 udp 10.0.2.109 3683 <-> 94.66.204.198 6063 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:37:43.279072 0.000000 udp 10.0.2.109 3683 -> 202.179.64.164 7901 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 11:37:59.027900 0.050863 tcp 10.0.2.109 58710 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:37:59.079051 0.065264 tcp 10.0.2.109 58711 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:37:59.144646 0.155013 tcp 10.0.2.109 58712 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:37:59.300188 0.238321 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:37:59.539017 0.434864 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:37:59.974317 0.042228 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:00.016947 0.042063 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:00.059380 0.076227 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:00.135998 0.125324 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:00.261744 0.375554 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:00.637693 0.051021 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:00.689103 0.065096 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:00.754729 0.318520 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:01.073602 0.155871 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:01.229943 0.228376 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:01.458699 0.143931 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:01.603024 0.065728 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:01.669127 0.139794 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:01.809340 0.081275 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:01.891041 0.286041 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:02.177545 0.075946 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:02.253938 0.097337 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:02.351731 0.097318 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:02.449440 0.088825 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:02.538691 0.047115 udp 10.0.2.109 3683 <-> 217.253.253.97 5658 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:02.586462 0.044359 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:02.631197 0.280553 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:02.912175 0.123861 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:03.036474 0.356856 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:03.393707 0.193697 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:03.587829 0.086723 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:03.675008 0.143326 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:03.818756 0.402484 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:04.221648 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 11:38:21.258594 0.050539 tcp 10.0.2.109 58713 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:38:21.309419 0.063465 tcp 10.0.2.109 58714 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:38:21.373157 0.165474 tcp 10.0.2.109 58715 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:38:21.539202 0.000000 udp 10.0.2.109 3683 -> 2.191.249.175 2548 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 11:38:30.363843 3.005373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 11:38:37.371107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:38:40.469805 0.051164 tcp 10.0.2.109 58716 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:38:40.521238 0.063125 tcp 10.0.2.109 58717 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:38:40.584738 0.155293 tcp 10.0.2.109 58718 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 11:38:40.740716 0.083719 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:40.824863 0.093035 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:40.918328 0.361069 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:41.279822 0.233517 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:41.513790 0.070682 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/12 11:38:45.372805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:39:01.376026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:39:33.381755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:45:37.388119 3.001286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 11:45:44.395217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:45:52.396815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:46:08.399598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:46:40.414933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:54:30.414491 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 11:54:37.421385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:54:45.423244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:55:01.428731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:55:33.432211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 11:57:25.816811 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 11:57:25.816917 0.538879 tcp 10.0.2.109 58719 -> 176.73.169.112 1959 FSPA* 0 0 16 1823 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:01:59.449334 3.002160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 12:02:06.457027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:02:14.458498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:02:30.461627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:03:02.467602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:08:44.019028 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 12:08:44.019221 0.000000 udp 10.0.2.109 3683 -> 202.179.64.164 7901 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 12:09:00.083725 0.032052 tcp 10.0.2.109 58720 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:00.116082 0.062903 tcp 10.0.2.109 58721 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:00.179285 0.154035 tcp 10.0.2.109 58722 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:00.333980 0.074053 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:00.408430 0.000000 udp 10.0.2.109 3683 -> 2.191.249.175 2548 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 12:09:11.481671 3.003628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 12:09:16.157293 0.033199 tcp 10.0.2.109 58723 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:16.190797 0.062249 tcp 10.0.2.109 58724 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:16.253340 0.155143 tcp 10.0.2.109 58725 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:16.409052 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 12:09:18.488205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:09:26.489761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:09:32.118491 0.033237 tcp 10.0.2.109 58726 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:32.151988 0.066394 tcp 10.0.2.109 58727 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:32.218663 0.157541 tcp 10.0.2.109 58728 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:32.376733 0.056751 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:32.433953 0.062332 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:32.496657 0.194896 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:32.691922 0.074318 udp 10.0.2.109 3683 <-> 94.66.204.198 6063 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:32.766587 0.266340 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:33.033350 0.000000 udp 10.0.2.109 3683 -> 84.10.6.6 9114 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 12:09:42.493342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:09:48.862582 0.037168 tcp 10.0.2.109 58729 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:48.900052 0.061160 tcp 10.0.2.109 58730 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:48.961548 0.154925 tcp 10.0.2.109 58731 -> 195.113.214.249 443 SRPA* 0 0 48 41424 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:09:49.117085 0.066356 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:49.183840 0.050808 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:49.259187 0.067143 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:49.326777 0.144421 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:49.471641 0.117167 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:49.589219 0.046636 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:49.636252 0.077320 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:49.713921 0.142615 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:49.856923 0.064419 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:49.921701 0.144281 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:50.066490 0.119962 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:50.186805 0.145847 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:50.333076 0.559972 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:50.893449 0.207905 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:51.101775 0.071487 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:51.173621 0.087550 udp 10.0.2.109 3683 <-> 93.177.176.251 7216 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:09:51.261550 0.000000 udp 10.0.2.109 3683 -> 217.253.253.97 5658 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 12:10:06.948858 0.036857 tcp 10.0.2.109 58732 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:10:06.986008 0.061876 tcp 10.0.2.109 58733 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:10:07.047730 0.157308 tcp 10.0.2.109 58734 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:10:07.205628 0.043026 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:07.249002 0.262995 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:07.512355 0.074346 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:07.587085 0.281198 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:07.868700 0.063010 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:07.932046 0.057672 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:07.990103 0.136326 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:08.126869 0.322622 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:08.449901 0.122937 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:08.573229 0.177768 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:08.751385 0.394308 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:09.146070 0.058745 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:09.205221 0.092396 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:09.297937 0.122115 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:09.420492 0.362140 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:09.783093 0.233723 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:10:14.499031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:16:23.512781 3.001053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 12:16:30.519329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:16:38.525466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:16:54.526190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:17:26.529967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:23:33.539815 3.002065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 12:23:40.547971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:23:48.549341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:24:04.552497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:24:36.558347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:27:26.353672 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 12:27:26.353808 0.617841 tcp 10.0.2.109 58735 -> 176.73.169.112 1959 FSPA* 0 0 14 1601 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:30:40.564698 3.003677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 12:30:47.571626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:30:55.572978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:31:11.575995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:31:43.582333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:37:47.587823 3.004723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 12:37:54.595520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:38:02.600875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:38:18.602923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:38:50.606067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:40:29.282601 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 12:40:29.282867 0.047686 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:40:29.330960 0.000000 udp 10.0.2.109 3683 -> 84.10.6.6 9114 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 12:40:45.734949 0.057643 tcp 10.0.2.109 58736 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:40:45.792840 0.065163 tcp 10.0.2.109 58737 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:40:45.858454 0.215488 tcp 10.0.2.109 58738 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:40:46.074681 0.000000 udp 10.0.2.109 3683 -> 217.253.253.97 5658 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 12:41:02.956727 0.052510 tcp 10.0.2.109 58739 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:41:03.009516 0.066846 tcp 10.0.2.109 58740 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:41:03.076668 0.159030 tcp 10.0.2.109 58741 -> 195.113.214.249 443 SRPA* 0 0 24 12986 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:41:03.236238 0.085625 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:03.322276 0.195911 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:03.518603 0.000000 udp 10.0.2.109 3683 -> 94.66.204.198 6063 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 12:41:18.679956 0.065995 tcp 10.0.2.109 58742 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:41:18.746341 0.061114 tcp 10.0.2.109 58743 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:41:18.807737 0.152411 tcp 10.0.2.109 58744 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:41:18.960627 0.221941 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:19.182948 0.062691 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:19.246076 0.056652 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:19.303127 0.066093 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:19.369594 0.148838 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:19.518817 0.178925 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:19.698256 0.050217 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:19.748835 0.039699 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:19.788885 0.075156 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:19.864449 0.146998 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:20.011795 0.063840 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:20.076031 0.142617 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:20.219027 0.111567 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:20.330952 0.901597 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:21.232945 0.233051 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:21.466500 0.055137 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:21.522045 0.000000 udp 10.0.2.109 3683 -> 93.177.176.251 7216 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 12:41:38.447865 0.070949 tcp 10.0.2.109 58745 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:41:38.519105 0.063312 tcp 10.0.2.109 58746 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:41:38.582730 0.163878 tcp 10.0.2.109 58747 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 12:41:38.747105 0.140973 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:38.888458 0.117100 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:39.005994 0.085721 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:39.092080 0.261189 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:39.353668 0.145607 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:39.499634 0.055475 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:39.555521 0.135873 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:39.691788 0.520371 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:40.212517 0.278549 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:40.491450 0.366258 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:40.858123 0.121181 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:40.979680 0.259325 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:41.239451 0.394922 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:41.634779 0.054341 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:41.689592 0.092881 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:41.782899 0.103533 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:41.886811 0.357565 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:41:42.244776 0.240049 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/12 12:44:54.611671 3.002137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 12:45:01.619632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:45:09.620478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:45:25.624412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:45:57.630493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:54:09.640424 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 12:54:16.647405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:54:24.649198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:54:40.668357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:55:12.658137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 12:57:26.971656 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 12:57:26.971811 0.660540 tcp 10.0.2.109 58748 -> 176.73.169.112 1959 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:01:21.672115 3.000810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 13:01:28.678728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:01:36.680483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:01:52.683156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:02:24.689198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:08:44.697819 3.002267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 13:08:51.705382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:08:59.707068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:09:15.710406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:09:47.716139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:11:57.773913 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 13:11:57.774246 0.000000 udp 10.0.2.109 3683 -> 94.66.204.198 6063 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 13:12:15.501082 0.052749 tcp 10.0.2.109 58749 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:12:15.554147 0.063885 tcp 10.0.2.109 58750 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:12:15.618493 0.157504 tcp 10.0.2.109 58751 -> 195.113.214.249 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:12:15.776657 0.000000 udp 10.0.2.109 3683 -> 93.177.176.251 7216 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 13:12:31.873438 0.066613 tcp 10.0.2.109 58752 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:12:31.940391 0.061901 tcp 10.0.2.109 58753 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:12:32.002621 0.155906 tcp 10.0.2.109 58754 -> 195.113.214.249 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:12:32.159073 0.053930 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:32.213433 0.195615 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:32.409489 0.074390 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:32.484291 0.057434 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:32.542230 0.071867 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:32.614486 0.147108 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:32.761978 0.055398 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:32.817777 0.068190 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:32.886553 0.328333 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:33.215323 0.043502 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:33.259295 0.074621 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:33.367796 0.049256 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:33.417492 0.109853 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:33.527710 0.062464 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:33.590551 0.144096 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:33.735043 0.144114 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:33.879555 0.054292 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:33.934352 0.225720 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:34.160486 0.932964 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:35.093772 0.152012 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:35.246221 0.262683 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:35.509289 0.054811 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:35.564486 0.055813 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:35.620669 0.144684 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:35.765743 0.090316 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:35.856416 0.080113 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:35.936932 0.269025 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:36.206376 0.264264 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:36.471015 0.325928 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:36.797317 0.392163 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:37.189943 0.056381 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:37.246714 0.099279 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:37.346414 0.109051 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:37.455893 0.121672 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:37.577905 0.268344 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:37.846642 0.355696 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:12:38.202727 0.230010 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:15:51.722695 3.001061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 13:15:58.729554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:16:06.731105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:16:22.736822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:16:54.740207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:22:58.746406 3.001658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 13:23:05.753226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:23:13.755416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:23:29.758235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:24:01.764373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:27:27.640819 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 13:27:27.640978 0.754988 tcp 10.0.2.109 58755 -> 176.73.169.112 1959 FSPA* 0 0 14 1629 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:30:05.769652 3.002319 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 13:30:12.777621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:30:20.779309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:30:36.782443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:31:08.788176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:37:12.793694 3.002261 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 13:37:19.801070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:37:27.802601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:37:43.805566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:38:15.812155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:43:10.205710 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 13:43:10.205807 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 13:43:26.280611 0.053040 tcp 10.0.2.109 58756 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:43:26.333969 0.061192 tcp 10.0.2.109 58757 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:43:26.395425 0.152045 tcp 10.0.2.109 58758 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 13:43:26.547987 0.196063 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:26.744495 0.076465 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:26.821365 0.049782 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:26.871572 0.071583 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:26.943544 0.145642 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:27.089581 0.217053 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:27.307010 0.075795 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:27.383141 0.328412 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:27.711949 0.040753 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:27.753076 0.109210 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:27.862669 0.064228 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:27.927327 0.142958 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:28.070683 0.143620 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:28.214702 0.056992 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:28.272049 0.075066 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:28.347513 0.050066 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:28.397961 0.208344 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:28.606706 1.064276 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:29.671343 0.147466 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:29.819214 0.271015 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:30.090642 0.056096 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:30.147148 0.055993 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:30.203567 0.143303 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:30.347253 0.092560 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:30.440204 0.265306 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:30.705878 0.136914 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:30.843136 0.380921 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:31.224488 0.331819 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:31.556712 0.391611 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:31.948700 0.056287 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:32.005371 0.097905 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:32.103689 1.372899 udp 10.0.2.109 3683 <-> 92.40.57.29 5422 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:33.477005 0.359362 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:33.836813 0.123190 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:33.960386 0.177318 udp 10.0.2.109 3683 <-> 107.198.157.80 6663 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:43:34.138111 0.229220 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/12 13:44:19.817842 3.002072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 13:44:26.825468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:44:34.827142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:44:50.830122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:45:22.835951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:53:44.850868 3.001756 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 13:53:51.857829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:53:59.859834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:54:15.862467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:54:47.870589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 13:57:28.412234 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 13:57:28.412383 0.603233 tcp 10.0.2.109 58759 -> 176.73.169.112 1959 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:00:51.873763 3.002161 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 14:00:58.881780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:01:06.883272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:01:22.886084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:01:54.894557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:08:08.903116 3.000853 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 14:08:15.910207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:08:23.913026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:08:39.915090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:09:11.920728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:14:03.671241 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 14:14:03.671431 0.169140 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:03.841176 0.049009 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:03.890630 0.067054 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:03.958122 0.241640 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:04.200187 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 14:14:22.379226 0.053895 tcp 10.0.2.109 58760 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:14:22.433368 0.061033 tcp 10.0.2.109 58761 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:14:22.494784 0.150638 tcp 10.0.2.109 58762 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:14:22.645930 0.146137 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:22.792525 0.062738 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:22.855712 0.065093 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:22.921277 0.319603 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:23.241282 0.041196 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:23.282854 0.100580 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:23.383826 0.067080 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:23.451353 0.057127 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:23.508845 0.075497 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:23.584903 0.050131 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:23.635397 0.218127 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:23.854008 0.141585 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:23.996015 0.144331 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:24.140689 0.740144 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:24.881279 0.155292 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:25.036939 0.056842 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:25.094167 0.137049 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:25.231637 0.090959 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:25.322975 0.275393 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:25.598749 0.084478 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:25.683587 0.270668 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:25.954706 0.056665 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:26.011754 0.572492 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:26.584657 0.327659 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:26.912751 0.092273 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:27.005431 0.389708 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:27.395578 0.057844 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:27.453840 0.000000 udp 10.0.2.109 3683 -> 92.40.57.29 5422 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 14:14:44.810377 0.051887 tcp 10.0.2.109 58763 -> 195.113.214.234 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:14:44.862573 0.064835 tcp 10.0.2.109 58764 -> 195.113.214.249 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:14:44.927716 0.147684 tcp 10.0.2.109 58765 -> 195.113.214.249 443 SRPA* 0 0 23 13802 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:14:45.075931 0.352675 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:45.428945 0.229482 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:45.658820 0.123494 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:14:45.782773 0.000000 udp 10.0.2.109 3683 -> 107.198.157.80 6663 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 14:15:00.842664 0.053493 tcp 10.0.2.109 58766 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:15:00.896453 0.060894 tcp 10.0.2.109 58767 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:15:00.957724 0.160570 tcp 10.0.2.109 58768 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:15:15.929467 2.998941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 14:15:22.934016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:15:30.935120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:15:46.938747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:16:18.946788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:22:23.952777 3.001496 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 14:22:30.959752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:22:38.961081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:22:54.964165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:23:26.970330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:27:29.009245 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 14:27:29.009352 0.603117 tcp 10.0.2.109 58769 -> 176.73.169.112 1959 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:29:30.979642 3.001232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 14:29:37.986899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:29:45.988278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:30:01.988426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:30:33.994400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:36:37.999966 3.001745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 14:36:45.007195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:36:53.009084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:37:09.018345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:37:41.017877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:43:45.024029 3.001817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 14:43:52.034382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:44:00.033170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:44:16.035615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:44:48.042351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:45:12.828039 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 14:45:12.828216 0.073654 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:45:12.902313 0.000000 udp 10.0.2.109 3683 -> 92.40.57.29 5422 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 14:45:31.907804 0.052955 tcp 10.0.2.109 58770 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:45:31.961093 0.062632 tcp 10.0.2.109 58771 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:45:32.024088 0.149855 tcp 10.0.2.109 58772 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:45:32.174474 0.000000 udp 10.0.2.109 3683 -> 107.198.157.80 6663 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 14:45:48.690276 0.052276 tcp 10.0.2.109 58773 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:45:48.742910 0.059311 tcp 10.0.2.109 58774 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:45:48.802476 0.149081 tcp 10.0.2.109 58775 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:45:48.952027 0.068910 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:45:49.021314 0.051828 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:45:49.073557 0.050614 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:45:49.124587 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 14:46:06.866380 0.052039 tcp 10.0.2.109 58776 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:46:06.918736 0.061432 tcp 10.0.2.109 58777 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:46:06.980490 0.146805 tcp 10.0.2.109 58778 -> 195.113.214.249 443 SRPA* 0 0 41 22612 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:46:07.127864 0.148981 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:07.277299 0.138977 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:07.416673 0.068964 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:07.486043 0.111318 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:07.597725 0.087932 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:07.686005 0.056083 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:07.742534 0.072865 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:07.815813 0.041080 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:07.857330 0.228919 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:08.086652 0.140104 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:08.227131 0.206240 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:08.433747 0.049005 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:08.483149 0.144267 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:08.627859 0.147165 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:08.775453 0.146188 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:08.922012 1.428982 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:10.351444 0.056100 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:10.407920 0.084148 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:10.492471 0.259073 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:10.752009 0.055977 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:10.808363 0.080773 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:10.889593 0.359425 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:11.249424 0.057568 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:11.307395 0.042378 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:11.350186 0.391679 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:11.742444 0.089741 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:11.832651 0.326091 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:12.159185 0.229686 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:12.389243 0.361058 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:46:12.750669 0.123020 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/12 14:50:52.048089 3.002051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 14:50:59.055408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:51:07.056976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:51:23.060056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:51:55.066088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:57:29.617140 0.095264 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 14:57:29.712631 0.522298 tcp 10.0.2.109 58779 -> 176.73.169.112 1959 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/02/12 14:57:59.072008 3.001618 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 14:58:06.079395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:58:14.081009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:58:30.083901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 14:59:02.095683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:05:31.101544 3.001908 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 15:05:38.109283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:05:46.110779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:06:02.113673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:06:34.120409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:12:38.126701 3.000902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 15:12:45.133296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:12:53.139449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:13:09.137795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:13:41.144926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:16:40.842976 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 15:16:40.843084 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 15:16:59.491218 0.052819 tcp 10.0.2.109 58780 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:16:59.544330 0.059757 tcp 10.0.2.109 58781 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:16:59.604366 0.271449 tcp 10.0.2.109 58782 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:16:59.876337 0.072880 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:16:59.949641 0.052341 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.002425 0.074420 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.077236 0.067248 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.144922 0.143874 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.289180 0.058333 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.347892 0.080606 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.428889 0.101171 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.530508 0.060376 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.591260 0.056850 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.648472 0.071400 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.720318 0.046101 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.766833 0.215803 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:00.983029 0.143998 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:01.127495 0.221251 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:01.349139 0.050148 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:01.399744 0.144577 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:01.544780 0.140480 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:01.685612 0.144807 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:01.830884 0.080358 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:01.911680 0.272608 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:02.184696 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 15:17:20.509845 0.051491 tcp 10.0.2.109 58783 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:17:20.561587 0.060233 tcp 10.0.2.109 58784 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:17:20.622219 0.148397 tcp 10.0.2.109 58785 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:17:20.771259 0.087514 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:20.859178 1.532201 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:22.391740 0.057475 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:22.449600 0.351388 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:22.801422 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 15:17:41.152002 0.051984 tcp 10.0.2.109 58786 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:17:41.204348 0.066293 tcp 10.0.2.109 58787 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:17:41.270967 0.152788 tcp 10.0.2.109 58788 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:17:41.424287 0.185708 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:41.610582 0.392725 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:42.003660 0.093095 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:42.097151 0.364786 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:42.462530 0.123641 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:42.586576 0.324339 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:17:42.911313 0.229324 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:19:45.150734 3.000791 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 15:19:52.157346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:20:00.158991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:20:16.161787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:20:48.167779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:26:52.173823 3.001718 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 15:26:59.181528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:27:07.182893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:27:23.186150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:27:30.166528 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 15:27:30.166624 2.993870 tcp 10.0.2.109 58789 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:27:39.158655 0.000000 tcp 10.0.2.109 58789 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:27:45.169223 0.053860 tcp 10.0.2.109 58790 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:27:45.223348 0.060872 tcp 10.0.2.109 58791 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:27:45.284558 0.153445 tcp 10.0.2.109 58792 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:27:45.507470 2.994978 tcp 10.0.2.109 58793 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:27:54.500851 0.000000 tcp 10.0.2.109 58793 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:27:55.192193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:28:00.500189 0.051345 tcp 10.0.2.109 58794 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:28:00.551791 0.061290 tcp 10.0.2.109 58795 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:28:00.613424 0.143520 tcp 10.0.2.109 58796 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:28:01.039572 3.004865 tcp 10.0.2.109 58797 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:28:10.042883 0.000000 tcp 10.0.2.109 58797 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:28:16.032318 0.051682 tcp 10.0.2.109 58798 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:28:16.084264 0.063722 tcp 10.0.2.109 58799 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:28:16.148292 0.147534 tcp 10.0.2.109 58800 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:28:16.328367 3.008367 tcp 10.0.2.109 58801 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:28:25.335272 0.000000 tcp 10.0.2.109 58801 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:28:31.324220 0.051622 tcp 10.0.2.109 58802 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:28:31.376141 0.060718 tcp 10.0.2.109 58803 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:28:31.437140 0.156128 tcp 10.0.2.109 58804 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:28:31.682436 2.996425 tcp 10.0.2.109 58805 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:28:40.686912 0.000000 tcp 10.0.2.109 58805 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:28:46.686381 2.993602 tcp 10.0.2.109 58806 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:28:55.678128 0.000000 tcp 10.0.2.109 58806 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:29:01.687046 3.004689 tcp 10.0.2.109 58807 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:29:10.690731 0.000000 tcp 10.0.2.109 58807 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:29:15.587517 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 15:29:16.689086 3.004104 tcp 10.0.2.109 58808 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:29:25.691862 0.000000 tcp 10.0.2.109 58808 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:33:59.197919 3.001563 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 15:34:06.205526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:34:14.206625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:34:30.209952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:34:31.692813 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 15:34:31.692952 3.003089 tcp 10.0.2.109 58809 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:34:40.696565 0.000000 tcp 10.0.2.109 58809 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:34:46.696817 0.053297 tcp 10.0.2.109 58810 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:34:46.750388 0.061819 tcp 10.0.2.109 58811 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:34:46.812537 0.150213 tcp 10.0.2.109 58812 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:34:47.144685 2.998292 tcp 10.0.2.109 58813 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:34:56.154340 0.000000 tcp 10.0.2.109 58813 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:35:02.136547 0.053306 tcp 10.0.2.109 58814 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:35:02.190264 0.062592 tcp 10.0.2.109 58815 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:35:02.216136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:35:02.253232 0.153635 tcp 10.0.2.109 58816 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:35:02.515723 2.987344 tcp 10.0.2.109 58817 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:35:11.505340 0.000000 tcp 10.0.2.109 58817 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:35:17.508521 0.052302 tcp 10.0.2.109 58818 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:35:17.561115 0.061981 tcp 10.0.2.109 58819 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:35:17.623358 0.153709 tcp 10.0.2.109 58820 -> 195.113.214.249 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:35:17.825049 2.997366 tcp 10.0.2.109 58821 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:35:26.821320 0.000000 tcp 10.0.2.109 58821 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:35:32.819836 3.004279 tcp 10.0.2.109 58822 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:35:41.822633 0.000000 tcp 10.0.2.109 58822 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:35:47.821640 3.003902 tcp 10.0.2.109 58823 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:35:56.826345 0.000000 tcp 10.0.2.109 58823 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:41:02.825173 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 15:41:02.825303 2.993329 tcp 10.0.2.109 58824 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:41:06.222208 3.001351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 15:41:11.826579 0.000000 tcp 10.0.2.109 58824 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:41:13.233007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:41:17.835194 0.052367 tcp 10.0.2.109 58825 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:41:17.887816 0.061764 tcp 10.0.2.109 58826 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:41:17.949869 0.151042 tcp 10.0.2.109 58827 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:41:18.183002 2.991871 tcp 10.0.2.109 58828 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:41:21.235025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:41:27.170604 0.000000 tcp 10.0.2.109 58828 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:41:33.168568 0.052176 tcp 10.0.2.109 58829 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:41:33.221078 0.061804 tcp 10.0.2.109 58830 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:41:33.283239 0.150751 tcp 10.0.2.109 58831 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:41:33.473553 2.988407 tcp 10.0.2.109 58832 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:41:37.248764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:41:42.441090 0.000000 tcp 10.0.2.109 58832 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:41:48.440351 0.052162 tcp 10.0.2.109 58833 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:41:48.492834 0.062993 tcp 10.0.2.109 58834 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:41:48.556172 0.149481 tcp 10.0.2.109 58835 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:41:48.803956 3.000514 tcp 10.0.2.109 58836 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:41:57.802667 0.000000 tcp 10.0.2.109 58836 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:42:03.802233 3.004310 tcp 10.0.2.109 58837 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:42:09.242860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:42:12.807626 0.000000 tcp 10.0.2.109 58837 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:42:18.808979 2.998651 tcp 10.0.2.109 58838 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:42:27.815804 0.000000 tcp 10.0.2.109 58838 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:42:32.583294 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 15:47:33.806234 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 15:47:33.806404 2.994313 tcp 10.0.2.109 58839 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:47:42.799250 0.000000 tcp 10.0.2.109 58839 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:47:48.809605 0.053618 tcp 10.0.2.109 58840 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:47:48.863489 0.061136 tcp 10.0.2.109 58841 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:47:48.924874 0.155714 tcp 10.0.2.109 58842 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:47:49.128194 3.004354 tcp 10.0.2.109 58843 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:47:58.131419 0.000000 tcp 10.0.2.109 58843 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:48:04.120838 0.053487 tcp 10.0.2.109 58844 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:04.174691 0.060938 tcp 10.0.2.109 58845 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:04.235941 0.155229 tcp 10.0.2.109 58846 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:04.421727 3.003168 tcp 10.0.2.109 58847 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:48:09.938915 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 15:48:13.246463 3.000998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 15:48:13.423763 0.000000 tcp 10.0.2.109 58847 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:48:19.422885 0.052760 tcp 10.0.2.109 58848 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:19.475941 0.060833 tcp 10.0.2.109 58849 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:19.537083 0.148056 tcp 10.0.2.109 58850 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:19.751764 3.004887 tcp 10.0.2.109 58851 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:48:20.253383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:48:25.181195 0.052293 tcp 10.0.2.109 58852 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:25.233730 0.062246 tcp 10.0.2.109 58853 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:25.296261 0.151807 tcp 10.0.2.109 58854 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:25.448601 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 15:48:28.254908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:48:28.755191 0.000000 tcp 10.0.2.109 58851 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:48:34.744653 2.993681 tcp 10.0.2.109 58855 -> 195.3.228.146 7074 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:48:40.533250 0.052374 tcp 10.0.2.109 58856 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:40.585973 0.063889 tcp 10.0.2.109 58857 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:40.650301 0.151609 tcp 10.0.2.109 58858 -> 195.113.214.249 443 SRPA* 0 0 25 12168 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:48:40.802550 0.095204 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:40.893121 0.174048 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.079333 0.073692 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.135554 0.089244 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.221132 0.115141 rtp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.290661 0.066721 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.378628 0.096980 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.456753 0.057943 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.516909 0.117311 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.595826 0.081281 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.661716 0.227058 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:41.879037 0.168859 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:42.024506 0.221049 udp 10.0.2.109 3683 <-> 65.125.99.226 7708 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:42.430774 0.054621 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:42.561717 0.046498 rtp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:42.604247 0.148051 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:42.711200 0.310323 udp 10.0.2.109 3683 <-> 190.18.51.206 8784 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:43.123464 0.220974 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:43.384252 0.155608 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2593 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:43.532416 0.171612 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:43.680557 0.124864 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:43.751481 0.000000 tcp 10.0.2.109 58855 -> 195.3.228.146 7074 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:48:43.783643 0.120336 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:43.904528 1.258149 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:44.261718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:48:45.128119 0.394507 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:48:45.487666 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 15:48:49.745670 2.994202 tcp 10.0.2.109 58859 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:48:58.738713 0.000000 tcp 10.0.2.109 58859 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:49:02.404670 0.051589 tcp 10.0.2.109 58860 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:49:02.456553 0.062446 tcp 10.0.2.109 58861 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:49:02.519273 0.152923 tcp 10.0.2.109 58862 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:49:02.672728 0.420245 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:49:03.076198 0.137688 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:49:03.177378 0.052680 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:49:03.232235 0.346308 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:49:03.559714 0.624484 rtp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:49:04.192121 0.364162 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:49:04.552301 0.127374 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/12 15:49:16.264742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:54:04.749063 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 15:54:04.749280 3.003511 tcp 10.0.2.109 58863 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:54:13.750925 0.000000 tcp 10.0.2.109 58863 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:54:19.752433 0.053803 tcp 10.0.2.109 58864 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:54:19.806528 0.061474 tcp 10.0.2.109 58865 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:54:19.868342 0.146362 tcp 10.0.2.109 58866 -> 195.113.214.249 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:54:20.030788 3.004027 tcp 10.0.2.109 58867 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:54:29.033461 0.000000 tcp 10.0.2.109 58867 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:54:35.032672 0.055828 tcp 10.0.2.109 58868 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:54:35.088800 0.062131 tcp 10.0.2.109 58869 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:54:35.151223 0.151194 tcp 10.0.2.109 58870 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/12 15:54:35.313087 3.003695 tcp 10.0.2.109 58871 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:54:44.315400 0.000000 tcp 10.0.2.109 58871 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:54:50.314246 2.994125 tcp 10.0.2.109 58872 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:54:59.317076 0.000000 tcp 10.0.2.109 58872 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 15:55:46.277475 3.001702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 15:55:53.284822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:56:01.286121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:56:17.288996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 15:56:49.295209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:00:05.317767 0.000189 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:00:05.318044 3.003256 tcp 10.0.2.109 58873 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:00:14.319753 0.000000 tcp 10.0.2.109 58873 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:00:20.320940 0.053405 tcp 10.0.2.109 58874 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:00:20.374637 0.062564 tcp 10.0.2.109 58875 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:00:20.437539 0.152250 tcp 10.0.2.109 58876 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:00:20.778879 3.004317 tcp 10.0.2.109 58877 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:00:29.782032 0.000000 tcp 10.0.2.109 58877 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:00:35.781411 0.052397 tcp 10.0.2.109 58878 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:00:35.834114 0.061809 tcp 10.0.2.109 58879 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:00:35.896215 0.153810 tcp 10.0.2.109 58880 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:00:36.372114 3.003867 tcp 10.0.2.109 58881 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:00:45.374549 0.000000 tcp 10.0.2.109 58881 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:00:51.380804 2.996602 tcp 10.0.2.109 58882 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:01:00.387894 0.000000 tcp 10.0.2.109 58882 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:02:53.302617 3.000161 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 16:03:00.308665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:03:08.310259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:03:24.313155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:03:56.319279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:06:06.376928 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:06:06.377110 2.995798 tcp 10.0.2.109 58883 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:06:15.369023 0.000000 tcp 10.0.2.109 58883 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:06:21.379378 0.052885 tcp 10.0.2.109 58884 -> 195.113.214.234 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:06:21.432524 0.064161 tcp 10.0.2.109 58885 -> 195.113.214.249 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:06:21.496980 0.151728 tcp 10.0.2.109 58886 -> 195.113.214.249 443 SRPA* 0 0 23 13802 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:06:21.974337 2.998322 tcp 10.0.2.109 58887 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:06:30.972656 0.000000 tcp 10.0.2.109 58887 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:06:36.971078 0.366672 tcp 10.0.2.109 58888 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:06:37.338227 0.064404 tcp 10.0.2.109 58889 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:06:37.402910 0.155493 tcp 10.0.2.109 58890 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:06:37.691331 2.978162 tcp 10.0.2.109 58891 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:06:46.609219 0.000000 tcp 10.0.2.109 58891 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:06:52.539449 2.971973 tcp 10.0.2.109 58892 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:07:01.452175 0.000000 tcp 10.0.2.109 58892 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:10:00.325193 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 16:10:07.332408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:10:15.334098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:10:31.336949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:11:03.343423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:12:07.385713 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:12:07.385806 2.994824 tcp 10.0.2.109 58893 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:12:16.387999 0.000000 tcp 10.0.2.109 58893 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:12:22.388764 0.051681 tcp 10.0.2.109 58894 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:12:22.440702 0.060199 tcp 10.0.2.109 58895 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:12:22.501173 0.157692 tcp 10.0.2.109 58896 -> 195.113.214.249 443 SRPA* 0 0 23 13768 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:12:22.972959 2.998772 tcp 10.0.2.109 58897 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:12:31.970537 0.000000 tcp 10.0.2.109 58897 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:12:37.969945 0.052421 tcp 10.0.2.109 58898 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:12:38.022652 0.059866 tcp 10.0.2.109 58899 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:12:38.082838 0.151058 tcp 10.0.2.109 58900 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:12:38.354956 2.999733 tcp 10.0.2.109 58901 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:12:47.352752 0.000000 tcp 10.0.2.109 58901 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:12:53.351181 3.005713 tcp 10.0.2.109 58902 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:13:02.354430 0.000000 tcp 10.0.2.109 58902 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:17:07.349480 3.001351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 16:17:14.356895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:17:22.501608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:17:38.370992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:18:10.377990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:19:21.399384 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:19:21.399542 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:19:39.246913 0.053561 tcp 10.0.2.109 58903 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:19:39.300763 0.063414 tcp 10.0.2.109 58904 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:19:39.364472 0.343631 tcp 10.0.2.109 58905 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:19:39.708691 0.104739 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:39.811288 0.081173 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:40.053384 0.088305 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:40.118118 0.107580 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:40.249008 0.068626 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:40.300773 0.094955 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:40.514287 0.057226 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:40.718769 0.117527 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:40.796176 0.080374 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:40.917062 0.237467 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:41.145613 0.180885 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:41.478308 0.000000 udp 10.0.2.109 3683 -> 65.125.99.226 7708 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:19:53.369458 2.990140 tcp 10.0.2.109 58906 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:19:58.943794 0.052568 tcp 10.0.2.109 58907 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:19:58.996635 0.063153 tcp 10.0.2.109 58908 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:19:59.060087 0.155473 tcp 10.0.2.109 58909 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:19:59.216221 0.054140 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:59.366593 0.052151 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:59.414586 0.158181 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:59.533910 0.172024 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:59.719005 0.173301 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:19:59.868167 0.120506 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:00.001072 0.118082 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:00.086043 0.226621 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:00.277259 0.000000 udp 10.0.2.109 3683 -> 190.18.51.206 8784 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:20:02.357915 0.000000 tcp 10.0.2.109 58906 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:20:08.367190 0.053516 tcp 10.0.2.109 58910 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:20:08.421068 0.064564 tcp 10.0.2.109 58911 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:20:08.485998 0.153844 tcp 10.0.2.109 58912 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:20:08.851213 3.000646 tcp 10.0.2.109 58913 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:20:17.850463 0.000000 tcp 10.0.2.109 58913 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:20:18.111356 0.052693 tcp 10.0.2.109 58914 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:20:18.164322 0.061385 tcp 10.0.2.109 58915 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:20:18.226000 0.154936 tcp 10.0.2.109 58916 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:20:18.381281 0.154290 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:18.527766 0.000000 udp 10.0.2.109 3683 -> 151.42.37.69 2048 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:20:34.884898 0.050341 tcp 10.0.2.109 58917 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:20:34.935424 0.064269 tcp 10.0.2.109 58918 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:20:35.000044 0.151331 tcp 10.0.2.109 58919 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:20:35.152064 0.383823 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:35.506669 0.134186 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:35.602490 0.112169 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:35.737680 0.355536 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:36.076581 0.411649 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:36.467808 0.129670 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:36.592642 0.627646 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:20:37.310765 0.361995 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:24:14.383422 3.001284 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 16:24:21.390541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:24:29.391721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:24:45.395344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:25:17.400743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:25:23.850573 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:25:23.850653 3.006244 tcp 10.0.2.109 58920 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:25:32.853093 0.000000 tcp 10.0.2.109 58920 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:25:38.853325 0.053685 tcp 10.0.2.109 58921 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:25:38.907311 0.063833 tcp 10.0.2.109 58922 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:25:38.971404 0.153146 tcp 10.0.2.109 58923 -> 195.113.214.249 443 SRPA* 0 0 42 21506 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:25:39.143229 3.002698 tcp 10.0.2.109 58924 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:25:48.145105 0.000000 tcp 10.0.2.109 58924 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:25:54.144463 0.051890 tcp 10.0.2.109 58925 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:25:54.196622 0.059743 tcp 10.0.2.109 58926 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:25:54.256651 0.155408 tcp 10.0.2.109 58927 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:25:54.619197 3.000160 tcp 10.0.2.109 58928 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:26:03.627482 0.000000 tcp 10.0.2.109 58928 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:26:09.616311 2.993720 tcp 10.0.2.109 58929 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:26:18.608714 0.000000 tcp 10.0.2.109 58929 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:31:21.407399 3.001017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 16:31:24.619699 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:31:24.619804 3.003318 tcp 10.0.2.109 58930 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:31:28.414564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:31:33.621755 0.000000 tcp 10.0.2.109 58930 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:31:36.415960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:31:39.622328 0.053384 tcp 10.0.2.109 58931 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:31:39.675971 0.062826 tcp 10.0.2.109 58932 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:31:39.739072 0.152544 tcp 10.0.2.109 58933 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:31:39.901236 3.003318 tcp 10.0.2.109 58934 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:31:48.904026 0.000000 tcp 10.0.2.109 58934 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:31:52.418742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:31:54.903245 0.051506 tcp 10.0.2.109 58935 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:31:54.955018 0.061428 tcp 10.0.2.109 58936 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:31:55.016733 0.151669 tcp 10.0.2.109 58937 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:31:55.196479 3.000479 tcp 10.0.2.109 58938 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:32:04.195685 0.000000 tcp 10.0.2.109 58938 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:32:10.194796 2.993948 tcp 10.0.2.109 58939 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:32:19.197180 0.000000 tcp 10.0.2.109 58939 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:32:24.425142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:37:25.197777 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:37:25.197962 3.003787 tcp 10.0.2.109 58940 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:37:34.200649 0.000000 tcp 10.0.2.109 58940 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:37:40.201281 0.054663 tcp 10.0.2.109 58941 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:37:40.256247 0.062723 tcp 10.0.2.109 58942 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:37:40.319344 0.154251 tcp 10.0.2.109 58943 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:37:40.497832 3.005746 tcp 10.0.2.109 58944 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:37:49.502484 0.000000 tcp 10.0.2.109 58944 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:37:55.491537 0.055027 tcp 10.0.2.109 58945 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:37:55.546805 0.062808 tcp 10.0.2.109 58946 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:37:55.609458 0.146754 tcp 10.0.2.109 58947 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:37:55.770878 3.004811 tcp 10.0.2.109 58948 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:38:04.774832 0.000000 tcp 10.0.2.109 58948 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:38:10.763051 3.003983 tcp 10.0.2.109 58949 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:38:19.765815 0.000000 tcp 10.0.2.109 58949 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:38:28.430522 3.002230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 16:38:35.438190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:38:43.439816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:38:59.443058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:39:31.451608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:43:25.768063 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:43:25.768242 2.993459 tcp 10.0.2.109 58950 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:43:34.758716 0.000000 tcp 10.0.2.109 58950 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:43:40.769358 0.054225 tcp 10.0.2.109 58951 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:43:40.823827 0.060408 tcp 10.0.2.109 58952 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:43:40.884618 0.153052 tcp 10.0.2.109 58953 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:43:41.165264 2.997126 tcp 10.0.2.109 58954 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:43:50.160826 0.000000 tcp 10.0.2.109 58954 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:43:56.160140 0.053455 tcp 10.0.2.109 58955 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:43:56.213851 0.061951 tcp 10.0.2.109 58956 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:43:56.276131 0.148647 tcp 10.0.2.109 58957 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:43:56.563287 3.001000 tcp 10.0.2.109 58958 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:44:05.562744 0.000000 tcp 10.0.2.109 58958 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:44:11.561726 3.006161 tcp 10.0.2.109 58959 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:44:20.564509 0.000000 tcp 10.0.2.109 58959 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:45:35.455214 3.001466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 16:45:42.462546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:45:50.463893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:46:06.466847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:46:38.473072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:50:48.312383 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:50:48.312546 0.000000 udp 10.0.2.109 3683 -> 65.125.99.226 7708 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:51:05.077793 0.055381 tcp 10.0.2.109 58960 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:05.133433 0.062765 tcp 10.0.2.109 58961 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:05.196459 0.151487 tcp 10.0.2.109 58962 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:05.348561 0.000000 udp 10.0.2.109 3683 -> 190.18.51.206 8784 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:51:24.264459 0.054013 tcp 10.0.2.109 58963 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:24.318741 0.062233 tcp 10.0.2.109 58964 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:24.381253 0.153191 tcp 10.0.2.109 58965 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:24.535091 0.000000 udp 10.0.2.109 3683 -> 151.42.37.69 2048 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:51:41.098591 0.053089 tcp 10.0.2.109 58966 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:41.151972 0.061678 tcp 10.0.2.109 58967 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:41.213945 0.155296 tcp 10.0.2.109 58968 -> 195.113.214.249 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:41.369842 0.078568 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:51:41.429916 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:51:41.578853 3.004075 tcp 10.0.2.109 58969 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:51:50.581685 0.000000 tcp 10.0.2.109 58969 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:51:56.581051 0.053011 tcp 10.0.2.109 58970 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:56.634516 0.061480 tcp 10.0.2.109 58971 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:56.696240 0.150616 tcp 10.0.2.109 58972 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:57.130541 3.006263 tcp 10.0.2.109 58973 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:51:57.281531 0.053494 tcp 10.0.2.109 58974 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:57.335297 0.062359 tcp 10.0.2.109 58975 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:57.397955 0.150174 tcp 10.0.2.109 58976 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:51:57.548711 0.081802 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:51:57.607272 0.117180 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:51:57.758446 0.081720 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:51:57.861389 0.229792 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:51:58.080268 0.094636 rtp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:51:58.155417 0.068332 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:51:58.206726 0.111222 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:51:58.276034 0.000000 udp 10.0.2.109 3683 -> 95.104.0.6 5934 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:52:06.134311 0.000000 tcp 10.0.2.109 58973 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:52:14.036015 0.053308 tcp 10.0.2.109 58977 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:52:14.089621 0.060753 tcp 10.0.2.109 58978 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:52:14.150744 0.152529 tcp 10.0.2.109 58979 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:52:14.303878 0.176328 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:14.450168 0.052840 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:14.691598 0.172003 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:14.840540 0.117499 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:14.942047 0.121076 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:15.030992 0.189021 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:15.202865 0.045884 rtp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:15.252909 0.195690 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:15.411262 0.198101 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:15.558852 0.149606 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:15.700307 0.047479 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:15.745295 0.341961 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:16.084315 0.136692 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:16.182528 0.349531 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:16.513348 0.513057 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:17.009620 0.128180 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:52:17.167545 0.000000 udp 10.0.2.109 3683 -> 61.145.162.116 5596 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 16:52:35.737224 0.054359 tcp 10.0.2.109 58980 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:52:35.791883 0.062254 tcp 10.0.2.109 58981 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:52:35.854429 0.151074 tcp 10.0.2.109 58982 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:52:36.005976 0.364367 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/12 16:54:27.479714 3.001707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 16:54:34.487121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:54:42.488854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:54:58.491812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:55:30.497744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 16:57:12.124495 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 16:57:12.124598 2.993461 tcp 10.0.2.109 58983 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:57:21.126929 0.000000 tcp 10.0.2.109 58983 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:57:27.127801 0.055397 tcp 10.0.2.109 58984 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:57:27.183524 0.060632 tcp 10.0.2.109 58985 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:57:27.244471 0.151110 tcp 10.0.2.109 58986 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:57:27.542956 2.997553 tcp 10.0.2.109 58987 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:57:36.539109 0.000000 tcp 10.0.2.109 58987 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:57:42.538220 0.053348 tcp 10.0.2.109 58988 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:57:42.591846 0.065441 tcp 10.0.2.109 58989 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:57:42.657629 0.151170 tcp 10.0.2.109 58990 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/12 16:57:42.841121 3.000706 tcp 10.0.2.109 58991 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:57:51.842845 0.000000 tcp 10.0.2.109 58991 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:57:57.840070 3.003657 tcp 10.0.2.109 58992 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 16:58:06.841994 0.000000 tcp 10.0.2.109 58992 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:01:56.515971 3.000950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 17:02:03.523093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:02:11.524577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:02:27.527163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:02:59.533352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:03:12.842435 0.000131 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 17:03:12.842657 3.004074 tcp 10.0.2.109 58993 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:03:21.844971 0.000000 tcp 10.0.2.109 58993 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:03:27.845758 0.052765 tcp 10.0.2.109 58994 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:03:27.898772 0.060529 tcp 10.0.2.109 58995 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:03:27.959547 0.148335 tcp 10.0.2.109 58996 -> 195.113.214.249 443 SRPA* 0 0 40 30214 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:03:28.573611 2.995762 tcp 10.0.2.109 58997 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:03:37.567737 0.000000 tcp 10.0.2.109 58997 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:03:43.567005 0.105528 tcp 10.0.2.109 58998 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:03:43.672803 0.063047 tcp 10.0.2.109 58999 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:03:43.736143 0.154979 tcp 10.0.2.109 59000 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:03:44.036670 2.999072 tcp 10.0.2.109 59001 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:03:53.030055 0.000000 tcp 10.0.2.109 59001 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:03:59.030055 3.003082 tcp 10.0.2.109 59002 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:04:08.031782 0.000000 tcp 10.0.2.109 59002 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:09:08.548758 2.999588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 17:09:14.032759 0.003021 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 17:09:14.035855 3.000244 tcp 10.0.2.109 59003 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:09:15.553798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:09:23.034387 0.000000 tcp 10.0.2.109 59003 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:09:23.555070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:09:29.035182 0.039445 tcp 10.0.2.109 59004 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:09:29.074909 0.038589 tcp 10.0.2.109 59005 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:09:29.113787 1.211817 tcp 10.0.2.109 59006 -> 195.113.214.249 443 SRPA* 0 0 34 22481 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:09:30.558693 3.001187 tcp 10.0.2.109 59007 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:09:39.558079 0.000000 tcp 10.0.2.109 59007 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:09:39.558405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:09:45.557666 0.039762 tcp 10.0.2.109 59008 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:09:45.597742 0.039267 tcp 10.0.2.109 59009 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:09:45.637324 0.699559 tcp 10.0.2.109 59010 -> 195.113.214.249 443 SRPA* 0 0 19 9796 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:09:46.935509 2.997853 tcp 10.0.2.109 59011 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:09:55.932019 0.000000 tcp 10.0.2.109 59011 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:10:01.931082 3.405881 tcp 10.0.2.109 59012 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:10:11.280739 0.000000 tcp 10.0.2.109 59012 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:10:11.903467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:15:16.943982 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 17:15:16.944112 2.993832 tcp 10.0.2.109 59013 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:15:25.946397 0.000000 tcp 10.0.2.109 59013 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:15:31.947234 0.038495 tcp 10.0.2.109 59014 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:15:31.986278 0.042743 tcp 10.0.2.109 59015 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:15:32.029292 0.114856 tcp 10.0.2.109 59016 -> 195.113.214.249 443 SRPA* 0 0 35 26915 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:15:32.812200 2.998569 tcp 10.0.2.109 59017 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:15:41.809415 0.000000 tcp 10.0.2.109 59017 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:15:48.253912 0.037917 tcp 10.0.2.109 59018 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:15:48.292099 0.039771 tcp 10.0.2.109 59019 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:15:48.332145 0.131942 tcp 10.0.2.109 59020 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:15:48.720875 2.969407 tcp 10.0.2.109 59021 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:15:57.724863 0.000000 tcp 10.0.2.109 59021 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:16:03.648992 2.967035 tcp 10.0.2.109 59022 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:16:12.543576 0.000000 tcp 10.0.2.109 59022 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:16:20.731183 2.965709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 17:16:27.655708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:16:35.588328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:16:51.589639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:17:23.595481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:22:56.644410 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 17:22:56.644519 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 17:23:15.493577 0.039228 tcp 10.0.2.109 59023 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:23:15.533083 0.041891 tcp 10.0.2.109 59024 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:23:15.575252 0.134205 tcp 10.0.2.109 59025 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:23:15.710021 0.000000 udp 10.0.2.109 3683 -> 95.104.0.6 5934 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 17:23:30.606358 3.001499 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 17:23:33.107779 0.038191 tcp 10.0.2.109 59026 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:23:33.146284 0.042013 tcp 10.0.2.109 59027 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:23:33.188608 0.143985 tcp 10.0.2.109 59028 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:23:33.333110 0.697037 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:34.466054 0.077251 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:34.523876 0.086001 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:34.766876 0.110490 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:34.839846 0.063294 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:34.983283 0.095445 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:35.057544 0.228196 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:35.275828 0.084978 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2613 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:35.413557 0.106520 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:35.483290 0.181780 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:35.669987 0.123703 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:35.753388 0.116099 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:35.863106 0.173156 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:36.108386 0.052214 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:36.283048 0.191683 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:36.440114 0.144132 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:36.652526 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 17:23:37.613320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:23:45.614913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:23:48.298958 3.005862 tcp 10.0.2.109 59029 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:23:53.356953 0.037573 tcp 10.0.2.109 59030 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:23:53.394791 0.037903 tcp 10.0.2.109 59031 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:23:53.432996 0.141790 tcp 10.0.2.109 59032 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:23:53.575307 0.166618 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:53.719712 0.046768 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:53.860259 0.192743 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:54.015325 0.136499 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:54.113413 0.298874 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:54.400693 0.419609 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:54.801725 0.339022 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:55.123653 0.128221 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 1995 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:55.347960 0.361843 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:23:57.301652 0.000000 tcp 10.0.2.109 59029 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:24:01.624416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:24:03.302146 0.038927 tcp 10.0.2.109 59033 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:24:03.341378 0.045060 tcp 10.0.2.109 59034 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:24:03.386727 0.142343 tcp 10.0.2.109 59035 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:24:03.813280 3.002061 tcp 10.0.2.109 59036 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:24:12.813432 0.000000 tcp 10.0.2.109 59036 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:24:33.624288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:29:18.815038 0.075737 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 17:29:18.890858 2.963618 tcp 10.0.2.109 59037 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:29:27.822282 0.000000 tcp 10.0.2.109 59037 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:29:33.827553 0.040874 tcp 10.0.2.109 59038 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:29:33.868658 0.042742 tcp 10.0.2.109 59039 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:29:33.911688 0.136827 tcp 10.0.2.109 59040 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:29:34.093945 2.996303 tcp 10.0.2.109 59041 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:29:43.088852 0.000000 tcp 10.0.2.109 59041 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:29:49.088164 0.038318 tcp 10.0.2.109 59042 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:29:49.126740 0.038031 tcp 10.0.2.109 59043 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:29:49.165033 0.135739 tcp 10.0.2.109 59044 -> 195.113.214.249 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:29:49.359711 3.002663 tcp 10.0.2.109 59045 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:29:58.360757 0.000000 tcp 10.0.2.109 59045 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:30:04.359668 3.004248 tcp 10.0.2.109 59046 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:30:13.362497 0.000000 tcp 10.0.2.109 59046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:30:37.630380 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 17:30:44.637416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:30:52.638928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:31:08.642682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:31:40.648135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:35:19.362952 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 17:35:19.363122 3.003981 tcp 10.0.2.109 59047 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:35:28.365796 0.000000 tcp 10.0.2.109 59047 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:35:34.366143 0.039030 tcp 10.0.2.109 59048 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:35:34.405461 0.039170 tcp 10.0.2.109 59049 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:35:34.444898 0.142201 tcp 10.0.2.109 59050 -> 195.113.214.249 443 SRPA* 0 0 21 11340 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:35:34.800216 2.998969 tcp 10.0.2.109 59051 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:35:43.807430 0.000000 tcp 10.0.2.109 59051 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:35:49.796812 0.038444 tcp 10.0.2.109 59052 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:35:49.835526 0.040173 tcp 10.0.2.109 59053 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:35:49.875982 0.136457 tcp 10.0.2.109 59054 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:35:50.268459 3.002760 tcp 10.0.2.109 59055 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:35:59.270360 0.000000 tcp 10.0.2.109 59055 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:36:05.269126 3.003840 tcp 10.0.2.109 59056 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:36:14.271264 0.000000 tcp 10.0.2.109 59056 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:37:44.654840 3.000515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 17:37:51.661352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:37:59.663439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:38:15.665382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:38:47.671838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:41:20.271940 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 17:41:20.272041 3.006496 tcp 10.0.2.109 59057 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:41:29.274494 0.000000 tcp 10.0.2.109 59057 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:41:35.274655 0.031925 tcp 10.0.2.109 59058 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:41:35.306830 0.043683 tcp 10.0.2.109 59059 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:41:35.350812 0.135078 tcp 10.0.2.109 59060 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:41:35.688003 3.000094 tcp 10.0.2.109 59061 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:41:44.697093 0.000000 tcp 10.0.2.109 59061 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:41:50.685723 0.030682 tcp 10.0.2.109 59062 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:41:50.716672 0.042222 tcp 10.0.2.109 59063 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:41:50.759180 0.135618 tcp 10.0.2.109 59064 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:41:50.915916 2.993725 tcp 10.0.2.109 59065 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:41:59.910449 0.000000 tcp 10.0.2.109 59065 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:42:05.916821 2.994427 tcp 10.0.2.109 59066 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:42:14.910004 0.000000 tcp 10.0.2.109 59066 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:44:51.677313 3.002363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 17:44:58.685556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:45:06.687869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:45:22.689675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:45:54.695686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:47:20.920287 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 17:47:20.920425 3.003578 tcp 10.0.2.109 59067 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:47:29.922866 0.000000 tcp 10.0.2.109 59067 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:47:35.923407 0.031266 tcp 10.0.2.109 59068 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:47:35.954900 0.042412 tcp 10.0.2.109 59069 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:47:35.997549 0.135759 tcp 10.0.2.109 59070 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:47:36.144020 3.002258 tcp 10.0.2.109 59071 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:47:45.144805 0.000000 tcp 10.0.2.109 59071 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:54:06.706867 3.000700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 17:54:08.596098 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 17:54:08.596183 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 17:54:13.713519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:54:21.714797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:54:25.422328 0.031683 tcp 10.0.2.109 59072 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:54:25.454293 0.042509 tcp 10.0.2.109 59073 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:54:25.497161 0.134256 tcp 10.0.2.109 59074 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:54:25.631955 0.088425 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:25.695508 0.111682 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:25.771600 0.608005 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:26.379894 0.073952 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:26.438048 0.097344 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:26.515471 0.226997 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:26.731613 0.078821 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:26.792380 0.063957 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:26.883652 0.178157 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:27.067452 0.512541 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:27.540727 0.157237 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:27.664633 0.113338 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:27.738553 0.156227 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:27.882675 0.147892 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:28.020821 0.052616 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:28.083005 0.171783 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:28.231242 0.172055 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:28.378617 0.051326 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:28.426010 0.153319 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:28.542587 0.134940 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:28.637840 0.290934 rtp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:28.896636 0.416042 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:29.295904 0.360286 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:29.654993 0.339597 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:29.976471 0.128270 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/12 17:54:36.156249 2.993681 tcp 10.0.2.109 59075 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:54:37.718383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:54:45.148436 0.000000 tcp 10.0.2.109 59075 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:54:51.158025 0.031321 tcp 10.0.2.109 59076 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:54:51.189625 0.042668 tcp 10.0.2.109 59077 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:54:51.232558 0.138037 tcp 10.0.2.109 59078 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:54:51.381316 3.000398 tcp 10.0.2.109 59079 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:55:00.380695 0.000000 tcp 10.0.2.109 59079 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:55:06.379600 0.031453 tcp 10.0.2.109 59080 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:55:06.411311 0.042382 tcp 10.0.2.109 59081 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:55:06.454027 0.138471 tcp 10.0.2.109 59082 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/12 17:55:06.603391 3.000299 tcp 10.0.2.109 59083 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:55:09.723593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 17:55:15.602354 0.000000 tcp 10.0.2.109 59083 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:55:21.600988 3.004195 tcp 10.0.2.109 59084 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 17:55:30.603877 0.000000 tcp 10.0.2.109 59084 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:00:36.609602 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 18:00:36.609744 2.992320 tcp 10.0.2.109 59085 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:00:45.606594 0.000000 tcp 10.0.2.109 59085 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:00:51.607563 0.031654 tcp 10.0.2.109 59086 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:00:51.639512 0.042627 tcp 10.0.2.109 59087 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:00:51.682398 0.136446 tcp 10.0.2.109 59088 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:00:52.140030 3.000308 tcp 10.0.2.109 59089 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:01:01.139741 0.000000 tcp 10.0.2.109 59089 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:01:07.138363 0.516309 tcp 10.0.2.109 59090 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:01:07.654918 0.042975 tcp 10.0.2.109 59091 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:01:07.698345 0.137495 tcp 10.0.2.109 59092 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:01:08.648098 2.978585 tcp 10.0.2.109 59093 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:01:17.566050 0.000000 tcp 10.0.2.109 59093 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:01:19.103708 2.974719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 18:01:23.508767 2.973594 tcp 10.0.2.109 59094 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:01:26.044804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:01:32.428279 0.000000 tcp 10.0.2.109 59094 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:01:33.971047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:01:49.832857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:02:21.755259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:06:38.184269 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 18:06:38.184431 2.993470 tcp 10.0.2.109 59095 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:06:47.186753 0.000000 tcp 10.0.2.109 59095 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:06:53.187193 0.032354 tcp 10.0.2.109 59096 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:06:53.219828 0.043444 tcp 10.0.2.109 59097 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:06:53.263580 0.135790 tcp 10.0.2.109 59098 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:06:53.569089 3.000987 tcp 10.0.2.109 59099 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:07:02.568772 0.000000 tcp 10.0.2.109 59099 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:07:08.568040 0.031041 tcp 10.0.2.109 59100 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:07:08.599427 0.042962 tcp 10.0.2.109 59101 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:07:08.642660 0.135937 tcp 10.0.2.109 59102 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:07:08.897869 3.004505 tcp 10.0.2.109 59103 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:07:17.900799 0.000000 tcp 10.0.2.109 59103 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:07:23.899595 3.004205 tcp 10.0.2.109 59104 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:07:32.902150 0.000000 tcp 10.0.2.109 59104 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:08:41.764449 3.001391 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 18:08:48.771493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:08:56.773009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:09:12.775715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:09:44.782141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:12:38.902831 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 18:12:38.902986 3.003586 tcp 10.0.2.109 59105 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:12:47.905349 0.000000 tcp 10.0.2.109 59105 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:12:53.905516 0.031316 tcp 10.0.2.109 59106 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:12:53.937122 0.045421 tcp 10.0.2.109 59107 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:12:53.982425 0.135071 tcp 10.0.2.109 59108 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:12:54.671464 2.997806 tcp 10.0.2.109 59109 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:13:03.677949 0.000000 tcp 10.0.2.109 59109 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:13:09.667395 0.030997 tcp 10.0.2.109 59110 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:13:09.698667 0.043431 tcp 10.0.2.109 59111 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:13:09.742388 0.134203 tcp 10.0.2.109 59112 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:13:10.145307 2.996394 tcp 10.0.2.109 59113 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:13:19.140528 0.000000 tcp 10.0.2.109 59113 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:13:25.139072 3.004090 tcp 10.0.2.109 59114 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:13:34.141662 0.000000 tcp 10.0.2.109 59114 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:15:48.787759 3.002060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 18:15:55.795420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:16:03.796600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:16:19.840386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:16:51.815983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:22:55.822434 3.001326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 18:23:02.829532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:23:10.830896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:23:26.833982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:23:58.839757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:24:38.398719 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 18:24:38.398883 0.089487 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:38.464558 0.112338 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:38.674059 0.592130 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:39.458793 0.075523 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:39.515273 0.237378 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:39.750336 0.229957 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:39.969590 0.080946 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:40.077661 0.070633 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:40.132737 0.117771 rtp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:40.179760 3.074687 tcp 10.0.2.109 59115 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:24:40.365294 0.181480 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:40.589390 0.120214 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:40.673518 0.114511 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:40.822928 0.158348 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:40.966667 0.159725 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2000 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:41.121941 0.053784 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:41.288226 0.171354 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:41.435065 0.170430 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:41.581017 0.045927 rtp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:41.807496 0.143190 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:42.104215 0.134190 rtp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:42.202318 0.295150 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:42.581466 0.473312 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:42.974957 0.443516 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:43.418151 0.378643 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:43.778518 0.203391 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:24:49.217407 0.000000 tcp 10.0.2.109 59115 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:24:55.983186 0.031983 tcp 10.0.2.109 59116 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:24:56.015420 0.043339 tcp 10.0.2.109 59117 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:24:56.059056 0.136267 tcp 10.0.2.109 59118 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:24:56.460928 2.966243 tcp 10.0.2.109 59119 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:25:05.356478 0.000000 tcp 10.0.2.109 59119 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:30:02.845297 3.002259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 18:30:09.857386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:30:10.667587 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 18:30:10.667759 2.991096 tcp 10.0.2.109 59120 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:30:17.854889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:30:19.667729 0.000000 tcp 10.0.2.109 59120 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:30:25.667819 0.032050 tcp 10.0.2.109 59121 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:30:25.700141 0.046335 tcp 10.0.2.109 59122 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:30:25.746768 0.134997 tcp 10.0.2.109 59123 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:30:25.926868 2.994098 tcp 10.0.2.109 59124 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:30:33.858004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:30:34.919385 0.000000 tcp 10.0.2.109 59124 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:30:40.928912 0.030858 tcp 10.0.2.109 59125 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:30:40.960099 0.045887 tcp 10.0.2.109 59126 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:30:41.006328 0.136331 tcp 10.0.2.109 59127 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:30:41.389082 3.004156 tcp 10.0.2.109 59128 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:30:50.391641 0.000000 tcp 10.0.2.109 59128 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:30:56.398577 3.000424 tcp 10.0.2.109 59129 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:31:05.397876 0.000000 tcp 10.0.2.109 59129 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:31:05.867569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:36:11.393922 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 18:36:11.394274 3.003106 tcp 10.0.2.109 59130 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:36:20.406333 0.000000 tcp 10.0.2.109 59130 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:36:26.396901 0.032276 tcp 10.0.2.109 59131 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:36:26.429421 0.045856 tcp 10.0.2.109 59132 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:36:26.475641 0.140442 tcp 10.0.2.109 59133 -> 195.113.214.249 443 SRPA* 0 0 71 70012 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:36:26.635993 2.993406 tcp 10.0.2.109 59134 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:36:35.628646 0.000000 tcp 10.0.2.109 59134 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:36:41.636748 0.031473 tcp 10.0.2.109 59135 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:36:41.668468 0.042465 tcp 10.0.2.109 59136 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:36:41.711188 0.135151 tcp 10.0.2.109 59137 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:36:41.874440 2.997145 tcp 10.0.2.109 59138 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:36:50.869902 0.000000 tcp 10.0.2.109 59138 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:36:56.869167 3.004075 tcp 10.0.2.109 59139 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:37:05.871694 0.000000 tcp 10.0.2.109 59139 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:37:09.869893 3.001974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 18:37:16.877361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:37:24.879190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:37:40.881955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:38:12.888498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:42:11.872197 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 18:42:11.872431 3.006198 tcp 10.0.2.109 59140 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:42:20.874800 0.000000 tcp 10.0.2.109 59140 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:42:26.875293 0.033160 tcp 10.0.2.109 59141 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:42:26.908664 0.043461 tcp 10.0.2.109 59142 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:42:26.952349 0.137533 tcp 10.0.2.109 59143 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:42:27.346984 2.991166 tcp 10.0.2.109 59144 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:42:36.346785 0.000000 tcp 10.0.2.109 59144 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:42:42.345848 0.030880 tcp 10.0.2.109 59145 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:42:42.376970 0.043244 tcp 10.0.2.109 59146 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:42:42.420478 0.135478 tcp 10.0.2.109 59147 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:42:42.623201 2.996731 tcp 10.0.2.109 59148 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:42:51.618439 0.000000 tcp 10.0.2.109 59148 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:42:57.619536 3.001923 tcp 10.0.2.109 59149 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:43:06.620218 0.000000 tcp 10.0.2.109 59149 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:44:16.894057 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 18:44:23.901421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:44:31.902881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:44:47.905918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:45:19.912104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:48:12.620569 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 18:48:12.620677 3.003900 tcp 10.0.2.109 59150 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:48:21.623232 0.000000 tcp 10.0.2.109 59150 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:48:27.623273 0.032187 tcp 10.0.2.109 59151 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:48:27.655684 0.045750 tcp 10.0.2.109 59152 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:48:27.701730 0.133307 tcp 10.0.2.109 59153 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:48:27.845059 3.001452 tcp 10.0.2.109 59154 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:48:36.845036 0.000000 tcp 10.0.2.109 59154 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:53:43.918740 3.002140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 18:53:50.926607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:53:58.928549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:54:14.931383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:54:46.937698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 18:54:57.672236 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 18:54:57.672391 0.083928 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:57.732746 0.112843 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:57.808991 0.098665 rtp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:57.855093 3.002049 tcp 10.0.2.109 59155 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:54:57.887791 0.228358 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:58.106456 0.236711 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:58.342495 0.349912 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:58.676220 0.077957 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:58.736828 0.068201 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:58.790027 0.116170 rtp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:58.876208 0.176334 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:59.060567 0.205244 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:59.224660 0.114035 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:59.298472 0.176025 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:59.448941 0.169830 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:59.595931 0.169134 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:59.741009 0.047642 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:59.821258 0.147394 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:54:59.960927 0.052469 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:55:00.014693 0.200367 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:55:00.175030 0.139832 rtp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:55:00.274614 0.295664 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2001 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:55:00.540918 0.420670 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:55:00.943028 0.157405 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:55:01.096011 0.357814 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:55:01.471900 0.345678 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/12 18:55:06.855860 0.000000 tcp 10.0.2.109 59155 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:55:12.856109 0.033476 tcp 10.0.2.109 59156 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:55:12.889871 0.045221 tcp 10.0.2.109 59157 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:55:12.935434 0.132912 tcp 10.0.2.109 59158 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 18:55:13.078601 3.000378 tcp 10.0.2.109 59159 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 18:55:22.087603 0.000000 tcp 10.0.2.109 59159 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:00:28.078330 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 19:00:28.078435 3.003384 tcp 10.0.2.109 59160 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:00:37.080718 0.000000 tcp 10.0.2.109 59160 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:00:43.081351 0.032202 tcp 10.0.2.109 59161 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:00:43.113825 0.045983 tcp 10.0.2.109 59162 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:00:43.160123 0.139119 tcp 10.0.2.109 59163 -> 195.113.214.249 443 SRPA* 0 0 73 50072 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:00:43.422646 3.001287 tcp 10.0.2.109 59164 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:00:50.950135 2.996922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 19:00:52.426971 0.000000 tcp 10.0.2.109 59164 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:00:57.951172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:00:58.422888 0.031189 tcp 10.0.2.109 59165 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:00:58.454389 0.042669 tcp 10.0.2.109 59166 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:00:58.496841 0.138650 tcp 10.0.2.109 59167 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:00:58.673653 3.002256 tcp 10.0.2.109 59168 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:01:05.952449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:01:07.674563 0.000000 tcp 10.0.2.109 59168 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:01:13.674776 3.003800 tcp 10.0.2.109 59169 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:01:21.955139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:01:22.685830 0.000000 tcp 10.0.2.109 59169 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:01:53.961406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:06:28.676830 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 19:06:28.676943 2.993309 tcp 10.0.2.109 59170 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:06:37.668889 0.000000 tcp 10.0.2.109 59170 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:06:43.679433 0.032662 tcp 10.0.2.109 59171 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:06:43.712425 0.041721 tcp 10.0.2.109 59172 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:06:43.754407 0.145704 tcp 10.0.2.109 59173 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:06:44.579435 3.003579 tcp 10.0.2.109 59174 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:06:53.582390 0.000000 tcp 10.0.2.109 59174 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:06:59.581425 0.031428 tcp 10.0.2.109 59175 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:06:59.613164 0.046200 tcp 10.0.2.109 59176 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:06:59.659727 0.133556 tcp 10.0.2.109 59177 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:06:59.989795 3.008727 tcp 10.0.2.109 59178 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:07:08.994273 0.000000 tcp 10.0.2.109 59178 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:07:14.983035 3.003738 tcp 10.0.2.109 59179 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:07:23.985318 0.000000 tcp 10.0.2.109 59179 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:08:01.973232 3.001556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 19:08:08.980389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:08:16.981827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:08:32.984870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:09:04.990840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:12:29.987120 0.000195 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 19:12:29.987417 2.992380 tcp 10.0.2.109 59180 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:12:38.978479 0.000000 tcp 10.0.2.109 59180 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:12:44.990556 0.031769 tcp 10.0.2.109 59181 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:12:45.022582 0.044153 tcp 10.0.2.109 59182 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:12:45.067022 0.133944 tcp 10.0.2.109 59183 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:12:45.350553 3.001422 tcp 10.0.2.109 59184 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:12:54.350811 0.000000 tcp 10.0.2.109 59184 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:13:00.349979 0.031867 tcp 10.0.2.109 59185 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:13:00.382135 0.042912 tcp 10.0.2.109 59186 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:13:00.425335 0.137460 tcp 10.0.2.109 59187 -> 195.113.214.249 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:13:00.760325 3.003727 tcp 10.0.2.109 59188 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:13:09.762790 0.000000 tcp 10.0.2.109 59188 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:13:15.761542 3.004023 tcp 10.0.2.109 59189 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:13:24.764249 0.000000 tcp 10.0.2.109 59189 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:15:11.000496 3.001102 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 19:15:18.006783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:15:26.008922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:15:42.011643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:16:14.017876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:18:30.767261 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 19:18:30.767427 2.991440 tcp 10.0.2.109 59190 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:18:39.767182 0.000000 tcp 10.0.2.109 59190 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:18:45.767617 0.032426 tcp 10.0.2.109 59191 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:18:45.800357 0.039479 tcp 10.0.2.109 59192 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:18:45.840014 0.137305 tcp 10.0.2.109 59193 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:18:46.238785 3.002004 tcp 10.0.2.109 59194 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:18:55.239340 0.000000 tcp 10.0.2.109 59194 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:22:20.026644 3.001635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 19:22:27.034456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:22:35.035380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:22:51.038881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:23:23.044678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:25:08.386674 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 19:25:08.386779 0.095359 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:08.464130 0.219024 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:08.673514 0.090987 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:09.322190 0.121597 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:09.689844 0.081700 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:09.766528 0.072807 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:09.820603 0.232211 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:10.219297 0.081247 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:10.281118 0.120098 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:10.439830 0.179238 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:10.590945 0.123583 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:10.675061 0.116396 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:10.938401 0.153617 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:11.079673 0.051975 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:11.877147 0.154774 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:12.023741 0.051467 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:12.457826 0.149565 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:12.567483 0.169242 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:12.749031 0.167826 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:12.893038 0.131390 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:12.987000 0.295698 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:13.250690 0.364333 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:13.850727 0.418468 rtp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:14.250739 0.126938 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:14.502619 0.384322 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:25:16.247671 3.408973 tcp 10.0.2.109 59195 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:25:25.597076 0.000000 tcp 10.0.2.109 59195 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:25:31.557294 0.032122 tcp 10.0.2.109 59196 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:25:31.589674 0.038538 tcp 10.0.2.109 59197 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:25:31.628582 0.134787 tcp 10.0.2.109 59198 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:25:32.223669 2.972058 tcp 10.0.2.109 59199 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:25:41.138215 0.000000 tcp 10.0.2.109 59199 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:25:47.082878 0.033575 tcp 10.0.2.109 59200 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:25:47.116725 0.042269 tcp 10.0.2.109 59201 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:25:47.159249 0.135651 tcp 10.0.2.109 59202 -> 195.113.214.249 443 SRPA* 0 0 19 10004 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:25:48.195174 2.976384 tcp 10.0.2.109 59203 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:25:57.123471 0.000000 tcp 10.0.2.109 59203 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:26:03.048954 2.989912 tcp 10.0.2.109 59204 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:26:12.047674 0.000000 tcp 10.0.2.109 59204 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:29:27.050085 3.002575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 19:29:34.057892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:29:42.059388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:29:58.062746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:30:30.068555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:31:18.048357 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 19:31:18.048445 3.003123 tcp 10.0.2.109 59205 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:31:27.050595 0.000000 tcp 10.0.2.109 59205 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:31:33.050375 0.032033 tcp 10.0.2.109 59206 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:31:33.082672 0.038478 tcp 10.0.2.109 59207 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:31:33.121429 0.137831 tcp 10.0.2.109 59208 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:31:33.311931 3.001809 tcp 10.0.2.109 59209 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:31:42.312556 0.000000 tcp 10.0.2.109 59209 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:31:48.311636 0.031389 tcp 10.0.2.109 59210 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:31:48.343275 0.042148 tcp 10.0.2.109 59211 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:31:48.385710 0.134034 tcp 10.0.2.109 59212 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:31:48.551444 3.004058 tcp 10.0.2.109 59213 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:31:57.554111 0.000000 tcp 10.0.2.109 59213 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:32:03.552763 3.004231 tcp 10.0.2.109 59214 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:32:12.555501 0.000000 tcp 10.0.2.109 59214 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:36:34.075472 3.000063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 19:36:41.082044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:36:49.083448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:37:05.086390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:37:18.556079 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 19:37:18.556281 2.993752 tcp 10.0.2.109 59215 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:37:27.548694 0.000000 tcp 10.0.2.109 59215 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:37:33.559499 0.031741 tcp 10.0.2.109 59216 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:37:33.591542 0.042328 tcp 10.0.2.109 59217 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:37:33.634129 0.133321 tcp 10.0.2.109 59218 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:37:33.864133 3.000565 tcp 10.0.2.109 59219 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:37:37.094770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:37:42.860828 0.000000 tcp 10.0.2.109 59219 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:37:48.861156 0.030878 tcp 10.0.2.109 59220 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:37:48.892323 0.044418 tcp 10.0.2.109 59221 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:37:48.937083 0.137617 tcp 10.0.2.109 59222 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:37:49.315215 2.999268 tcp 10.0.2.109 59223 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:37:58.314985 0.000000 tcp 10.0.2.109 59223 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:38:04.313631 3.002197 tcp 10.0.2.109 59224 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:38:13.314771 0.000000 tcp 10.0.2.109 59224 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:43:19.315010 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 19:43:19.315165 2.993530 tcp 10.0.2.109 59225 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:43:28.317450 0.000000 tcp 10.0.2.109 59225 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:43:34.317809 0.032141 tcp 10.0.2.109 59226 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:43:34.350390 0.042525 tcp 10.0.2.109 59227 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:43:34.393226 0.136402 tcp 10.0.2.109 59228 -> 195.113.214.249 443 SRPA* 0 0 27 13712 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:43:34.555460 2.995745 tcp 10.0.2.109 59229 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:43:41.098459 3.001951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 19:43:43.549282 0.000000 tcp 10.0.2.109 59229 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:43:48.105925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:43:49.548573 0.031737 tcp 10.0.2.109 59230 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:43:49.580603 0.043192 tcp 10.0.2.109 59231 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:43:49.624090 0.136953 tcp 10.0.2.109 59232 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:43:49.779553 3.003221 tcp 10.0.2.109 59233 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:43:56.107527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:43:58.781212 0.000000 tcp 10.0.2.109 59233 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:44:04.780118 3.004054 tcp 10.0.2.109 59234 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:44:12.110275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:44:13.782757 0.000000 tcp 10.0.2.109 59234 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:44:44.126625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:50:48.122139 3.002391 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 19:50:55.129865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:51:03.131197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:51:19.134620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:51:51.140695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:55:36.925370 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 19:55:36.925522 0.073705 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:36.999631 0.220638 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2535 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:37.209397 0.081063 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:37.861785 0.079008 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:37.922630 0.090268 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:37.985637 0.113945 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:38.165792 0.232954 rtp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:38.405530 0.312059 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:38.698677 0.158059 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:38.819649 0.176632 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:39.007984 0.137135 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:39.105888 0.108300 rtp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:39.175622 0.150114 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:39.316054 0.045988 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:39.358059 0.127986 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:39.448345 0.168796 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:39.594950 0.173977 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:39.744249 0.156841 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:39.896826 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 19:55:49.824111 3.004008 tcp 10.0.2.109 59235 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:55:56.715315 0.032194 tcp 10.0.2.109 59236 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:55:56.747853 0.041929 tcp 10.0.2.109 59237 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:55:56.790239 0.135573 tcp 10.0.2.109 59238 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:55:56.926471 0.138213 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:57.024598 0.300084 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:57.292949 0.363796 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:57.656109 0.372344 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:58.011664 0.420145 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:58.415050 0.130159 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/12 19:55:58.836468 0.000000 tcp 10.0.2.109 59235 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:56:04.825520 0.030982 tcp 10.0.2.109 59239 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:56:04.856427 0.056847 tcp 10.0.2.109 59240 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:56:04.913555 0.135632 tcp 10.0.2.109 59241 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:56:05.058840 3.000780 tcp 10.0.2.109 59242 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:56:07.322684 0.000077 udp 10.0.2.109 3683 <- 147.163.75.36 3026 RSP 0 0 5 1997 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 19:56:14.058612 0.000000 tcp 10.0.2.109 59242 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:56:20.057691 0.031954 tcp 10.0.2.109 59243 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:56:20.089926 0.045259 tcp 10.0.2.109 59244 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:56:20.135426 0.138316 tcp 10.0.2.109 59245 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/12 19:56:20.285996 2.995638 tcp 10.0.2.109 59246 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:56:29.280689 0.000000 tcp 10.0.2.109 59246 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:56:35.279126 3.004177 tcp 10.0.2.109 59247 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:56:44.282446 0.000000 tcp 10.0.2.109 59247 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 19:57:55.146569 3.001655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 19:58:02.153992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:58:10.155596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:58:26.158551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 19:58:58.164367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:01:50.283217 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:01:50.283407 3.005177 tcp 10.0.2.109 59248 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:01:59.284722 0.000000 tcp 10.0.2.109 59248 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:02:05.284616 0.032312 tcp 10.0.2.109 59249 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:02:05.317169 0.043068 tcp 10.0.2.109 59250 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:02:05.360521 0.135610 tcp 10.0.2.109 59251 -> 195.113.214.249 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:02:05.701486 2.996228 tcp 10.0.2.109 59252 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:02:14.707097 0.000000 tcp 10.0.2.109 59252 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:02:20.701979 0.031132 tcp 10.0.2.109 59253 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:02:20.733432 0.042716 tcp 10.0.2.109 59254 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:02:20.776420 0.129534 tcp 10.0.2.109 59255 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:02:22.308690 2.996078 tcp 10.0.2.109 59256 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:02:31.300717 0.000000 tcp 10.0.2.109 59256 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:02:37.299714 3.007718 tcp 10.0.2.109 59257 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:02:46.304262 0.000000 tcp 10.0.2.109 59257 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:05:27.177205 3.000712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 20:05:34.184853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:05:42.189136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:05:58.188437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:06:30.194146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:07:52.303282 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:07:52.303481 3.003231 tcp 10.0.2.109 59258 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:08:01.305252 0.000000 tcp 10.0.2.109 59258 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:08:07.305539 0.032005 tcp 10.0.2.109 59259 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:08:07.337794 0.041282 tcp 10.0.2.109 59260 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:08:07.379355 0.135790 tcp 10.0.2.109 59261 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:08:08.019566 3.005847 tcp 10.0.2.109 59262 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:08:17.017541 0.000000 tcp 10.0.2.109 59262 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:08:23.017282 0.030641 tcp 10.0.2.109 59263 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:08:23.048176 0.038419 tcp 10.0.2.109 59264 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:08:23.086898 0.132034 tcp 10.0.2.109 59265 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:08:23.416815 2.994532 tcp 10.0.2.109 59266 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:08:32.409853 0.000000 tcp 10.0.2.109 59266 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:08:38.408244 3.004986 tcp 10.0.2.109 59267 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:08:47.411526 0.000000 tcp 10.0.2.109 59267 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:12:34.200172 3.002022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 20:12:41.207576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:12:49.211805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:13:05.212424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:13:37.218419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:13:53.412100 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:13:53.412193 3.003536 tcp 10.0.2.109 59268 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:14:02.414453 0.000000 tcp 10.0.2.109 59268 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:14:08.420097 0.031905 tcp 10.0.2.109 59269 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:14:08.452280 0.036790 tcp 10.0.2.109 59270 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:14:08.489359 0.136383 tcp 10.0.2.109 59271 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:14:09.008892 2.988822 tcp 10.0.2.109 59272 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:14:18.007133 0.000000 tcp 10.0.2.109 59272 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:14:24.005992 0.031908 tcp 10.0.2.109 59273 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:14:24.038207 0.043456 tcp 10.0.2.109 59274 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:14:24.081910 0.138791 tcp 10.0.2.109 59275 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:14:24.438790 3.001836 tcp 10.0.2.109 59276 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:14:33.440655 0.000000 tcp 10.0.2.109 59276 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:14:39.437630 3.004201 tcp 10.0.2.109 59277 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:14:48.440545 0.000000 tcp 10.0.2.109 59277 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:19:41.225372 3.002519 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 20:19:48.234709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:19:56.234920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:20:12.236130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:20:44.242488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:26:07.146765 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:26:07.146912 3.622434 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:26:10.769346 0.000000 icmp 147.163.7.134 0x0103 -> 10.0.2.109 0x93a3 URH 192 1 131 flow=Background 1970/02/12 20:26:24.223164 0.032365 tcp 10.0.2.109 59278 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:26:24.255820 0.043295 tcp 10.0.2.109 59279 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:26:24.299417 0.133589 tcp 10.0.2.109 59280 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:26:24.433566 0.103259 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 3 904 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:24.532892 0.226196 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:24.749751 0.099288 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:25.147469 0.078616 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:25.210744 0.071839 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:25.402858 0.119092 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:25.485631 0.081372 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:25.804245 0.337540 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:26.411869 0.121242 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:26.497550 0.114533 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:26.790652 0.163753 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:26.939845 0.045842 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:27.131706 0.185594 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:27.539378 0.119801 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:27.625864 0.143466 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:27.765022 0.196325 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:27.981557 0.171757 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:28.132143 0.171336 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:28.278317 0.130888 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:28.392367 0.298064 rtp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:28.658561 0.362821 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 5 1846 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:39.485538 3.694239 tcp 10.0.2.109 59281 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:26:45.836530 0.030600 tcp 10.0.2.109 59282 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:26:45.867365 0.049458 tcp 10.0.2.109 59283 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:26:45.917123 0.141572 tcp 10.0.2.109 59284 -> 195.113.214.249 443 SRPA* 0 0 34 24332 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:26:46.059368 0.387120 rtp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:46.426159 0.423274 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:46.828723 0.129057 rtp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:47.124291 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 REQ 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:26:48.873536 2.968166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 20:26:49.109099 0.000000 tcp 10.0.2.109 59281 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:26:52.864999 0.717642 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 8 2835 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:53.860810 0.464534 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 8 2936 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:54.315935 0.206641 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 8 3020 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:54.504537 0.212406 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 2911 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:54.701513 0.251702 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 8 3058 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:54.914726 0.173125 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 8 3042 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:55.048768 0.031309 tcp 10.0.2.109 59285 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:26:55.071556 0.296092 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 8 3252 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:55.080426 0.040773 tcp 10.0.2.109 59286 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:26:55.121511 0.135054 tcp 10.0.2.109 59287 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:26:55.272546 2.967457 tcp 10.0.2.109 59288 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:26:55.341945 0.227454 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 8 3213 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:55.553607 0.470909 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 8 3113 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:55.798081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:26:56.155709 0.190259 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 8 2828 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:56.307326 0.294450 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 8 2802 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:56.590974 0.281719 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 8 3064 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:56.832407 0.224072 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 8 2929 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:57.023172 0.287807 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3248 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:57.299205 0.419635 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 8 3325 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:57.677700 0.411917 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 2924 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:58.059904 0.152122 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 8 3209 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:58.208501 0.319486 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 8 3034 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:58.570912 0.571586 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 8 2961 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:59.110714 0.330384 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 8 3199 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:59.418993 0.308932 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3088 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:26:59.705193 0.746486 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 8 2874 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:27:00.435058 0.378508 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 8 3217 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:27:00.808948 0.823349 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 8 2968 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:27:01.613463 0.000000 udp 10.0.2.109 3683 -> 63.133.182.2 7982 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:27:03.712084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:27:04.168230 0.000000 tcp 10.0.2.109 59288 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:27:06.755199 0.000000 udp 10.0.2.109 3683 -> 216.176.64.5 2600 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:27:10.101019 0.030783 tcp 10.0.2.109 59289 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:27:10.132165 0.040544 tcp 10.0.2.109 59290 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:27:10.172978 0.133096 tcp 10.0.2.109 59291 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:27:10.462461 2.958599 tcp 10.0.2.109 59292 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:27:14.787664 0.000000 udp 10.0.2.109 3683 -> 84.82.18.31 8583 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:27:19.744517 0.000000 tcp 10.0.2.109 59292 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:27:19.923118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:27:23.769788 0.000000 udp 10.0.2.109 3683 -> 74.76.214.201 4615 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:27:25.680078 2.969445 tcp 10.0.2.109 59293 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:27:29.310482 0.000000 udp 10.0.2.109 3683 -> 61.195.130.230 3327 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:27:34.574250 0.000000 tcp 10.0.2.109 59293 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:27:35.001635 0.000000 udp 10.0.2.109 3683 -> 72.152.243.219 2998 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:27:43.338197 0.000000 udp 10.0.2.109 3683 -> 188.61.132.20 8640 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:27:49.772542 0.000000 udp 10.0.2.109 3683 -> 42.61.217.176 9844 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:27:51.538880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:27:54.319455 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:27:58.482031 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:28:05.756772 0.000000 udp 10.0.2.109 3683 -> 41.133.111.221 1000 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:28:11.323943 0.000000 rtcp 10.0.2.109 3683 -> 74.138.29.60 5435 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:28:16.837536 0.000000 udp 10.0.2.109 3683 -> 140.161.40.22 6443 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:28:25.105140 0.000000 udp 10.0.2.109 3683 -> 220.255.24.224 5868 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:28:31.874877 0.460217 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 8 2857 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:28:32.491068 0.000000 udp 10.0.2.109 3683 -> 99.230.126.111 5088 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:28:39.856131 0.356570 udp 10.0.2.109 3683 -> 210.176.161.145 4506 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:28:40.212701 0.000000 icmp 210.176.161.145 0x0303 -> 10.0.2.109 0x9a11 URP 192 1 190 flow=Background 1970/02/12 20:28:44.582706 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:28:46.165703 0.000000 udp 10.0.2.109 3683 -> 119.75.202.125 7533 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:28:54.827636 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:29:02.408743 0.115308 rtp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 8 3007 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:29:02.620018 0.000000 udp 10.0.2.109 3683 -> 218.222.66.125 6722 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:29:09.148749 0.000000 udp 10.0.2.109 3683 -> 193.63.226.10 8786 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:29:14.806479 0.000000 udp 10.0.2.109 3683 -> 93.229.225.133 3320 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:29:21.225655 0.000000 udp 10.0.2.109 3683 -> 82.44.26.117 2612 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:29:28.005477 0.000000 udp 10.0.2.109 3683 -> 110.168.54.14 4402 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:29:32.581824 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:29:34.414724 0.000000 udp 10.0.2.109 3683 -> 75.109.189.157 7538 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:29:41.585202 0.000000 udp 10.0.2.109 3683 -> 95.139.233.154 8732 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:29:47.259847 0.000000 udp 10.0.2.109 3683 -> 59.41.101.162 7187 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:29:54.963620 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:30:00.231630 0.807538 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 8 3251 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:30:01.670974 0.000000 udp 10.0.2.109 3683 -> 84.92.91.186 6253 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:30:09.074449 0.000000 udp 10.0.2.109 3683 -> 83.110.99.225 8911 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:30:17.606691 0.128517 udp 10.0.2.109 3683 <-> 87.153.125.8 4545 CON 0 0 8 3358 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:30:18.527915 0.146417 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3057 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:30:19.040649 0.000000 udp 10.0.2.109 3683 -> 92.44.38.83 1066 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:30:22.584342 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:30:26.479765 0.060452 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 8 3133 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:30:26.877363 0.000000 udp 10.0.2.109 3683 -> 78.7.191.122 4300 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:30:34.020595 0.331492 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 8 2944 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:30:34.447257 0.000000 udp 10.0.2.109 3683 -> 80.2.14.110 3225 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:30:42.252331 0.403941 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 2961 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:30:43.534388 0.000000 udp 10.0.2.109 3683 -> 218.79.59.138 6453 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:30:51.105105 0.000000 udp 10.0.2.109 3683 -> 69.119.25.96 8047 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:30:57.023535 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:31:02.090947 0.620707 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 2875 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:31:02.920187 0.154497 udp 10.0.2.109 3683 -> 24.244.158.46 7863 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:31:03.074684 0.000000 icmp 24.244.158.46 0x0303 -> 10.0.2.109 0xb71e URP 192 1 230 flow=Background 1970/02/12 20:31:07.077763 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:31:07.929301 0.000000 udp 10.0.2.109 3683 -> 99.57.180.250 3360 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:31:16.413453 0.000000 udp 10.0.2.109 3683 -> 195.53.174.49 8284 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:31:24.202613 0.000000 udp 10.0.2.109 3683 -> 139.194.47.31 5600 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:31:31.943656 0.296028 udp 10.0.2.109 3683 <-> 88.30.207.158 7063 CON 0 0 8 3098 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:31:32.248105 0.000000 udp 10.0.2.109 3683 -> 173.16.194.248 3054 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:31:40.315594 0.000000 udp 10.0.2.109 3683 -> 184.71.249.114 3449 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:31:45.843037 0.000000 udp 10.0.2.109 3683 -> 80.180.68.248 1024 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:31:52.403158 0.000000 udp 10.0.2.109 3683 -> 124.148.119.122 1986 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:31:57.079590 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:31:58.502058 2.828429 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 8 2945 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:32:01.507214 0.372648 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 3216 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:32:01.938425 0.000000 udp 10.0.2.109 3683 -> 66.58.248.62 5123 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:32:09.737972 0.000000 udp 10.0.2.109 3683 -> 64.127.29.180 4900 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:32:16.423601 0.000000 udp 10.0.2.109 3683 -> 173.165.63.205 6548 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:32:23.788246 0.000000 udp 10.0.2.109 3683 -> 66.60.158.190 6933 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:32:29.907040 0.859133 udp 10.0.2.109 3683 <-> 58.9.245.158 5202 CON 0 0 8 2982 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:32:30.817497 0.000000 udp 10.0.2.109 3683 -> 87.17.209.141 9210 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:32:37.667949 0.000000 udp 10.0.2.109 3683 -> 37.107.147.6 4005 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:32:40.092264 3.003623 tcp 10.0.2.109 59294 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:32:42.574725 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:32:44.327951 0.000000 udp 10.0.2.109 3683 -> 112.208.182.247 8279 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:32:49.094477 0.000000 tcp 10.0.2.109 59294 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:32:53.280491 0.000000 udp 10.0.2.109 3683 -> 24.255.132.13 5127 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:32:55.095190 0.032680 tcp 10.0.2.109 59295 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:32:55.128202 0.042182 tcp 10.0.2.109 59296 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:32:55.170621 0.139888 tcp 10.0.2.109 59297 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:32:55.346211 3.001630 tcp 10.0.2.109 59298 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:32:59.529882 0.000000 udp 10.0.2.109 3683 -> 37.130.118.67 5849 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:33:04.356293 0.000000 tcp 10.0.2.109 59298 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/12 20:33:07.771431 0.000000 udp 10.0.2.109 3683 -> 68.144.74.162 9858 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:33:10.345641 0.030880 tcp 10.0.2.109 59299 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:33:10.376812 0.038558 tcp 10.0.2.109 59300 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:33:10.415617 0.139334 tcp 10.0.2.109 59301 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:33:10.571677 0.645746 tcp 10.0.2.109 59302 -> 176.73.128.116 4768 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/02/12 20:33:16.273799 0.000000 udp 10.0.2.109 3683 -> 173.178.5.157 8704 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:33:23.593806 0.000000 udp 10.0.2.109 3683 -> 110.174.173.249 3749 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:33:30.393821 0.000000 udp 10.0.2.109 3683 -> 46.33.132.196 2657 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:33:39.046331 0.336978 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 8 3143 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:33:39.415355 0.000000 udp 10.0.2.109 3683 -> 190.191.118.230 7084 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:33:44.665975 0.000000 udp 10.0.2.109 3683 -> 49.245.93.6 5136 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:33:51.042679 0.000000 udp 10.0.2.109 3683 -> 213.135.242.168 3334 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:33:52.702080 0.000000 udp 10.0.2.109 3683 <- 49.245.93.6 5136 RSP 0 0 1 540 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:33:55.273155 3.000740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 20:33:55.580648 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:33:57.202911 0.000000 udp 10.0.2.109 3683 -> 122.52.125.167 1711 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:34:02.279529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:34:02.299992 0.307664 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 8 2974 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:34:02.723700 0.000000 udp 10.0.2.109 3683 -> 66.49.127.38 7089 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:34:09.298695 0.000000 udp 10.0.2.109 3683 -> 108.20.54.46 7824 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:34:10.296522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:34:17.559164 0.648678 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 8 3135 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:34:18.496125 0.000000 udp 10.0.2.109 3683 -> 180.211.121.200 3736 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:34:25.729102 0.130451 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:34:25.973385 0.187698 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:34:26.198429 0.000000 udp 10.0.2.109 3683 -> 79.40.163.28 1111 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:34:26.288568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:34:34.477249 0.000000 udp 10.0.2.109 3683 -> 203.67.241.14 7182 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:34:42.158652 0.057674 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:34:42.625081 0.000000 udp 10.0.2.109 3683 -> 95.225.178.218 1380 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:34:47.084000 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:34:49.437778 0.000000 udp 10.0.2.109 3683 -> 173.3.60.198 6109 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:34:55.866464 0.000000 udp 10.0.2.109 3683 -> 122.168.22.76 2843 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:34:58.290240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:35:02.786879 0.000000 udp 10.0.2.109 3683 -> 111.250.174.226 4272 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:35:09.409757 0.000000 udp 10.0.2.109 3683 -> 71.167.148.250 6451 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:35:17.077372 0.000000 udp 10.0.2.109 3683 -> 112.207.138.137 1071 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:35:25.319235 0.351086 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:35:25.849914 0.000000 udp 10.0.2.109 3683 -> 64.229.176.186 4573 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:35:32.440057 0.225479 udp 10.0.2.109 3683 -> 202.63.245.106 7789 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:35:32.665536 0.000000 icmp 202.63.245.106 0x0303 -> 10.0.2.109 0x6d1e URP 192 1 257 flow=Background 1970/02/12 20:35:37.075914 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:35:37.676903 0.000000 udp 10.0.2.109 3683 -> 151.76.204.46 1843 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:35:44.176199 0.000000 udp 10.0.2.109 3683 -> 115.74.250.191 9039 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:35:51.436839 0.000000 udp 10.0.2.109 3683 -> 79.28.203.203 1153 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:35:58.646409 0.498354 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:35:59.186274 0.075585 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 665 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:35:59.331273 0.000000 udp 10.0.2.109 3683 -> 24.251.176.228 3156 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:36:05.987559 0.000000 udp 10.0.2.109 3683 -> 101.109.57.152 2457 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:36:12.857280 0.000000 udp 10.0.2.109 3683 -> 219.76.183.60 8119 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:36:20.838917 0.461810 udp 10.0.2.109 3683 <-> 49.188.31.161 1687 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:36:21.512178 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:36:25.575424 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:36:27.158322 0.000000 udp 10.0.2.109 3683 -> 86.158.43.211 4360 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:36:34.268554 0.000000 udp 10.0.2.109 3683 -> 116.15.76.12 8875 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:36:39.676180 0.000000 udp 10.0.2.109 3683 -> 115.242.31.44 5112 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:36:48.531474 0.000000 udp 10.0.2.109 3683 -> 180.6.45.82 5631 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:36:54.187145 0.375282 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:36:54.655304 0.000000 udp 10.0.2.109 3683 -> 171.98.1.50 1366 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:37:01.138159 0.000000 udp 10.0.2.109 3683 -> 212.76.77.154 9349 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:37:09.018261 0.131188 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 777 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:37:09.253779 0.098321 udp 10.0.2.109 3683 <-> 92.40.50.117 5422 CON 0 0 2 741 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:37:09.368914 0.163726 udp 10.0.2.109 3683 -> 69.248.53.198 2234 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:37:09.532640 0.000000 icmp 69.248.53.198 0x0303 -> 10.0.2.109 0xba08 URP 192 1 129 flow=Background 1970/02/12 20:37:13.584657 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:37:16.378809 0.000000 udp 10.0.2.109 3683 -> 79.5.34.131 9263 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:37:22.397360 0.000000 udp 10.0.2.109 3683 -> 150.101.48.10 7179 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:37:30.048914 0.000000 udp 10.0.2.109 3683 -> 94.43.201.71 2287 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:37:36.568185 0.205835 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 700 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:37:36.835232 0.000000 udp 10.0.2.109 3683 -> 189.193.69.191 6762 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:37:44.729535 0.142134 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 812 flow=From-Botnet-V1-UDP-Established 1970/02/12 20:37:44.960856 0.000000 udp 10.0.2.109 3683 -> 82.160.179.23 3490 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:37:53.572139 0.000000 udp 10.0.2.109 3683 -> 62.38.152.185 2841 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:37:58.078532 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 20:38:01.544172 0.000000 udp 10.0.2.109 3683 -> 180.19.227.21 6851 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:38:08.383675 0.000000 udp 10.0.2.109 3683 -> 46.14.34.211 6505 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:38:16.315123 0.000000 udp 10.0.2.109 3683 -> 122.164.31.66 7529 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:38:21.866596 0.000000 udp 10.0.2.109 3683 -> 93.44.73.143 5334 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:38:28.943775 0.000000 udp 10.0.2.109 3683 -> 2.234.143.141 2115 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:38:35.312370 0.000000 rtcp 10.0.2.109 3683 -> 59.167.214.89 2707 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 20:41:02.296437 3.001848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 20:41:09.303523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:41:17.305144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:41:33.308127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:42:05.314126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:48:09.320372 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 20:48:16.327605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:48:24.328988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:48:40.331925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:49:12.339513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:55:43.353114 3.001460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 20:55:50.360632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:55:58.362252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:56:14.364864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 20:56:46.370991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:02:50.377327 3.002090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 21:02:57.384618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:03:05.387794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:03:11.234510 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 21:03:11.234653 1.333774 tcp 10.0.2.109 59303 -> 176.73.128.116 4768 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:03:21.388947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:03:53.398634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:08:43.345301 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 21:08:43.345484 0.074703 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:43.420645 0.366563 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:43.787624 0.217331 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:44.005400 0.054216 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:44.060043 0.072850 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:44.133312 0.057709 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:44.191407 0.074055 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:44.265867 0.075064 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:44.341316 0.062713 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:44.404438 0.330224 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:44.735102 0.137948 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:44.873449 0.136061 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:45.009933 0.081642 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:45.091986 0.040341 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:45.132726 0.103831 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:45.236955 0.145296 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:45.382638 0.093475 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:45.476483 0.266358 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:45.743292 0.143429 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:45.887104 0.317639 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:46.205190 0.120610 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:46.326447 0.399911 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:46.726703 0.213919 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:46.941016 0.053753 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:08:46.995148 0.000000 udp 10.0.2.109 3683 -> 203.173.40.180 7323 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:09:04.233554 0.032164 tcp 10.0.2.109 59304 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:09:04.266228 0.037436 tcp 10.0.2.109 59305 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:09:04.303964 0.140974 tcp 10.0.2.109 59306 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:09:04.445628 0.054387 udp 10.0.2.109 3683 <-> 87.153.125.8 4545 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:04.500391 0.047258 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:04.548076 0.025684 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:04.574236 0.167307 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:04.742001 0.167697 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:04.910105 0.308831 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:05.219307 0.107182 udp 10.0.2.109 3683 <-> 88.30.207.158 7063 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:05.326923 0.177187 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:05.504540 2.018760 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:07.523692 0.000000 udp 10.0.2.109 3683 -> 58.9.245.158 5202 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:09:25.813466 0.030979 tcp 10.0.2.109 59307 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:09:25.844734 0.036980 tcp 10.0.2.109 59308 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:09:25.882041 0.142062 tcp 10.0.2.109 59309 -> 195.113.214.249 443 SRPA* 0 0 20 11286 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:09:26.024722 0.165958 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:26.191099 0.148939 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:26.340445 0.316936 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:26.657743 0.122998 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:26.781149 0.188016 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:26.969535 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:09:41.986581 0.033382 tcp 10.0.2.109 59310 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:09:42.020174 0.045581 tcp 10.0.2.109 59311 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:09:42.066009 0.136215 tcp 10.0.2.109 59312 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:09:42.202739 0.349125 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:42.552278 0.074642 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:42.627281 0.478938 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:43.106669 0.631241 udp 10.0.2.109 3683 <-> 49.188.31.161 1687 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:43.738356 0.467875 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:44.206612 0.132404 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:44.339499 0.080868 udp 10.0.2.109 3683 <-> 92.40.50.117 5422 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:44.420767 0.193490 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:44.614743 0.145748 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:09:57.401370 3.074497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 21:10:04.443390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:10:12.419949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:10:28.422977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:11:00.428878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:17:04.435976 3.000748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 21:17:11.442601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:17:19.443825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:17:35.446847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:18:07.452702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:24:11.461934 2.998673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 21:24:18.466841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:24:26.467750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:24:42.470727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:25:14.476900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:31:18.482983 3.001492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 21:31:25.490541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:31:33.492204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:31:49.494868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:32:21.500948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:33:12.564418 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 21:33:12.564652 0.528409 tcp 10.0.2.109 59313 -> 176.73.128.116 4768 FSPA* 0 0 14 1549 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:38:25.506851 3.011951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 21:38:32.524409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:38:40.525641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:38:56.528614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:39:28.534553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:40:08.763135 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 21:40:08.763349 0.000000 udp 10.0.2.109 3683 -> 203.173.40.180 7323 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:40:25.628376 0.031659 tcp 10.0.2.109 59314 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:40:25.660249 0.042104 tcp 10.0.2.109 59315 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:40:25.702657 0.143815 tcp 10.0.2.109 59316 -> 195.113.214.249 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:40:25.847239 0.000000 udp 10.0.2.109 3683 -> 58.9.245.158 5202 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:40:42.183825 0.031751 tcp 10.0.2.109 59317 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:40:42.215845 0.046048 tcp 10.0.2.109 59318 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:40:42.262165 0.143559 tcp 10.0.2.109 59319 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:40:42.406274 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:41:00.127093 0.032102 tcp 10.0.2.109 59320 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:00.159419 0.046819 tcp 10.0.2.109 59321 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:00.206575 0.146597 tcp 10.0.2.109 59322 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:00.353715 0.226414 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:00.580484 0.363686 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:00.944535 0.075633 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.020572 0.055811 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.076761 0.071297 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.148450 0.071951 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.220788 0.232918 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.454159 0.143628 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.598203 0.073408 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.671978 0.076133 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.748549 0.056539 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.805526 0.092178 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.898118 0.093450 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:01.991986 0.144306 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:02.136695 0.145469 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:02.282572 0.040562 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:02.323569 0.092941 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:02.416905 0.263382 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:02.680653 0.142828 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:02.823859 0.331626 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:03.155906 0.122834 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:03.279136 0.210541 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:03.490080 0.394888 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:03.885373 0.053804 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:03.939549 0.000000 udp 10.0.2.109 3683 -> 87.153.125.8 4545 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:41:19.006091 0.031948 tcp 10.0.2.109 59323 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:19.038567 0.042876 tcp 10.0.2.109 59324 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:19.081758 0.137443 tcp 10.0.2.109 59325 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:19.219747 0.049180 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:19.269342 0.025745 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:19.295488 0.305131 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:19.601020 0.094233 udp 10.0.2.109 3683 <-> 88.30.207.158 7063 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:19.695667 0.169161 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:19.865232 0.165082 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:20.030729 0.178282 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:20.209437 0.000000 udp 10.0.2.109 3683 -> 201.164.45.130 6822 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:41:37.310803 0.031359 tcp 10.0.2.109 59326 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:37.342500 0.043822 tcp 10.0.2.109 59327 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:37.386661 0.136220 tcp 10.0.2.109 59328 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:37.523368 0.164011 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:37.688523 0.128531 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:37.817431 0.191201 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:38.009069 0.318366 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:38.327871 0.148682 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:38.476920 0.075280 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:38.552591 0.348617 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:38.901605 0.477594 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:39.379618 0.000000 udp 10.0.2.109 3683 -> 49.188.31.161 1687 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:41:54.942759 0.030528 tcp 10.0.2.109 59329 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:54.973543 0.047324 tcp 10.0.2.109 59330 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:55.021158 0.141489 tcp 10.0.2.109 59331 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:41:55.163217 0.132272 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:55.295912 0.075772 udp 10.0.2.109 3683 <-> 92.40.50.117 5422 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:41:55.372206 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 21:42:11.769861 0.032469 tcp 10.0.2.109 59332 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:42:11.802624 0.045645 tcp 10.0.2.109 59333 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:42:11.848553 0.143684 tcp 10.0.2.109 59334 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 21:42:11.992853 0.141229 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:42:12.134452 0.397230 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/12 21:45:32.541164 3.001594 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 21:45:39.548562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:45:47.549819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:46:03.552639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:46:35.559100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:54:25.567550 3.001237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 21:54:32.574239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:54:40.576019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:54:56.578919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 21:55:28.584840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:01:54.610327 2.994031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 22:02:01.611339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:02:09.616530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:02:25.614850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:02:57.622483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:03:13.093424 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 22:03:13.093655 0.663860 tcp 10.0.2.109 59335 -> 176.73.128.116 4768 FSPA* 0 0 15 1744 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:09:06.633869 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 22:09:13.642400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:09:21.642880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:09:37.645378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:10:09.651606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:12:26.839507 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 22:12:26.839685 0.000000 udp 10.0.2.109 3683 -> 87.153.125.8 4545 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 22:12:43.274285 0.032589 tcp 10.0.2.109 59336 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:12:43.307120 0.047813 tcp 10.0.2.109 59337 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:12:43.355235 0.139681 tcp 10.0.2.109 59338 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:12:43.495602 0.000000 udp 10.0.2.109 3683 -> 201.164.45.130 6822 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 22:13:01.652073 0.031610 tcp 10.0.2.109 59339 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:13:01.683959 0.044079 tcp 10.0.2.109 59340 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:13:01.728296 0.138952 tcp 10.0.2.109 59341 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:13:01.867781 0.000000 udp 10.0.2.109 3683 -> 49.188.31.161 1687 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 22:13:19.845685 0.030761 tcp 10.0.2.109 59342 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:13:19.876752 0.048385 tcp 10.0.2.109 59343 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:13:19.925476 0.144379 tcp 10.0.2.109 59344 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:13:20.071277 0.195689 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:20.267381 0.242366 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:20.510114 0.357307 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:20.867853 0.229293 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.097510 0.140419 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.238355 0.073818 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.312598 0.067254 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.380252 0.054290 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.434902 0.088205 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.523580 0.093219 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.617198 0.052616 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.670194 0.064063 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.734619 0.080639 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.815670 0.073552 udp 10.0.2.109 3683 <-> 217.83.151.153 5333 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.889593 0.040744 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:21.930695 0.136602 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:22.067645 0.264753 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:22.332739 0.108600 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:22.441734 0.147848 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:22.589931 0.142290 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:22.732635 0.207555 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:22.940629 0.121767 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:23.062811 0.323679 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:23.386935 0.050440 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:23.437753 0.402863 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:23.841044 0.106261 udp 10.0.2.109 3683 <-> 88.30.207.158 7063 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:23.947693 0.163241 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:24.111361 0.050017 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:24.161775 0.080395 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:24.242649 0.309444 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:24.552503 0.166830 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:24.719701 0.180859 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:24.900932 0.164111 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:25.065447 0.124444 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:25.190283 0.074717 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:25.265386 0.345467 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:25.611224 0.152562 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:25.764232 0.317366 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:26.081954 0.189586 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:26.271956 0.664674 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:26.937026 0.130797 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:27.068246 1.629061 udp 10.0.2.109 3683 <-> 92.40.50.117 5422 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:28.727758 0.139685 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:13:28.867848 0.374892 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:16:18.669576 2.996757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 22:16:25.672597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:16:33.675908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:16:49.677032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:17:21.682892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:23:28.694199 3.000658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 22:23:35.700164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:23:43.702518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:23:59.706355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:24:31.710919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:30:35.718582 3.000546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 22:30:42.727320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:30:50.726440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:31:06.729173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:31:38.734735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:33:13.762092 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 22:33:13.762329 0.722220 tcp 10.0.2.109 59345 -> 176.73.128.116 4768 FSPA* 0 0 15 1562 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:37:42.741104 3.001180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 22:37:49.748562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:37:57.750335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:38:13.753175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:38:45.763968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:43:30.338727 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 22:43:30.338889 0.368870 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:30.708180 0.230157 udp 10.0.2.109 3683 <-> 61.145.162.116 5596 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:30.938706 0.145794 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:31.084939 0.194478 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:31.279845 0.248033 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:31.528328 0.070034 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:31.598733 0.067992 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:31.667102 0.063234 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:31.730717 0.084958 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:31.816078 0.098163 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:31.914605 0.054263 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:31.969297 0.060345 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:32.030028 0.072408 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:32.102851 0.000000 udp 10.0.2.109 3683 -> 217.83.151.153 5333 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 22:43:50.580683 0.042751 tcp 10.0.2.109 59346 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:43:50.623701 0.071916 tcp 10.0.2.109 59347 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:43:50.695914 0.150975 tcp 10.0.2.109 59348 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/12 22:43:50.847430 0.040687 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:50.888558 0.144756 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:51.033766 0.264612 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:51.298832 0.103045 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:51.402471 0.145480 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:51.548404 0.143338 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:51.692186 0.212245 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:51.904820 0.120557 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:52.025757 0.368984 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:52.395123 0.053677 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:52.449170 0.165844 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:52.615392 0.043635 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:52.659464 0.025944 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:52.685782 0.307798 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:53.006831 0.396010 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:53.403269 0.110393 udp 10.0.2.109 3683 <-> 88.30.207.158 7063 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:53.514253 0.167483 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:53.682299 0.180170 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:53.862862 0.166745 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:54.029984 0.127866 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:54.158269 0.074817 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:54.233477 0.347877 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:54.581764 0.186079 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:54.768259 0.150972 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:54.919599 0.317208 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:55.237187 0.648588 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:55.886236 0.131482 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:56.018087 0.078823 udp 10.0.2.109 3683 <-> 92.40.50.117 5422 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:56.097270 0.142740 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:43:56.240392 0.367554 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/12 22:44:49.765283 3.001554 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 22:44:56.772682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:45:04.774267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:45:20.777225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:45:52.783191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:54:04.793256 3.001335 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 22:54:11.800586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:54:19.802230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:54:35.804783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 22:55:07.811132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:01:16.826550 2.999355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 23:01:23.831817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:01:31.846759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:01:47.846093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:02:19.852456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:03:14.491892 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 23:03:14.492082 0.984646 tcp 10.0.2.109 59349 -> 176.73.128.116 4768 FSPA* 0 0 14 1563 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:08:40.862889 3.001625 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 23:08:47.870018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:08:55.871669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:09:11.874736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:09:43.881132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:14:17.864688 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 23:14:17.864825 0.000000 udp 10.0.2.109 3683 -> 217.83.151.153 5333 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 23:14:33.579872 0.235941 tcp 10.0.2.109 59350 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:14:33.816065 0.039446 tcp 10.0.2.109 59351 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:14:33.855805 0.405560 tcp 10.0.2.109 59352 -> 195.113.214.249 443 SRPA* 0 0 72 76746 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:14:34.261972 0.364714 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:34.627047 0.000000 udp 10.0.2.109 3683 -> 61.145.162.116 5596 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 23:14:53.079170 0.040617 tcp 10.0.2.109 59353 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:14:53.120027 0.041286 tcp 10.0.2.109 59354 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:14:53.161564 0.145581 tcp 10.0.2.109 59355 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:14:53.307825 0.194993 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:53.503276 0.218861 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:53.722546 0.072043 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:53.795059 0.143455 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:53.938957 0.055672 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:53.995048 0.087497 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:54.082950 0.103363 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:54.186716 0.057976 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:54.245137 0.067301 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:54.312806 0.090325 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:54.486306 0.063085 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:54.549731 0.046258 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:54.596374 0.136730 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:54.733525 0.263805 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:54.997738 0.127418 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:55.125543 0.147015 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:55.272986 0.145432 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:55.418807 0.224135 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:55.643353 0.120666 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:55.764456 0.330511 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:56.095309 0.051468 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:56.147258 0.167781 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:56.315486 0.042969 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:56.358865 0.024418 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:56.383637 0.158549 udp 10.0.2.109 3683 <-> 88.30.207.158 7063 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:56.542598 0.167090 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:56.710101 0.178610 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:56.889055 0.309387 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:57.198835 0.401525 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:57.600697 0.165720 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:57.766800 0.122754 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:57.889960 0.085157 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:57.975518 0.350375 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:58.326442 0.190826 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:58.517684 0.153440 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:58.671465 0.316464 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:58.988338 0.449711 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:59.455275 0.139423 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:59.595059 0.369011 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:14:59.964421 0.130939 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:15:00.095804 0.000000 udp 10.0.2.109 3683 -> 92.40.50.117 5422 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 23:15:17.982319 0.038507 tcp 10.0.2.109 59356 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:15:18.021101 0.038137 tcp 10.0.2.109 59357 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:15:18.059540 0.139961 tcp 10.0.2.109 59358 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:15:47.886292 3.002312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 23:15:54.894043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:16:02.895108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:16:18.898687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:16:50.904708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:22:54.910314 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 23:23:01.918591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:23:09.919729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:23:25.922766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:23:57.928891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:30:01.936955 2.999649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 23:30:08.943634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:30:16.948356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:30:32.948166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:31:04.952555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:33:15.480989 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 23:33:15.481133 0.576038 tcp 10.0.2.109 59359 -> 176.73.128.116 4768 FSPA* 0 0 15 1796 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:37:08.959574 3.000914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 23:37:15.965452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:37:23.967703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:37:39.971239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:38:11.976241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:44:15.982721 3.002000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/12 23:44:22.990294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:44:30.991559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:44:46.994487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:45:19.000670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:45:40.782458 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/12 23:45:40.782567 0.000000 udp 10.0.2.109 3683 -> 61.145.162.116 5596 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 23:45:57.908208 0.061276 tcp 10.0.2.109 59360 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:45:57.969742 0.064335 tcp 10.0.2.109 59361 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:45:58.034342 0.155357 tcp 10.0.2.109 59362 -> 195.113.214.249 443 SRPA* 0 0 52 40714 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:45:58.190568 0.000000 udp 10.0.2.109 3683 -> 92.40.50.117 5422 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 23:46:16.894625 0.107418 tcp 10.0.2.109 59363 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:46:17.002431 0.061194 tcp 10.0.2.109 59364 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:46:17.063922 0.149823 tcp 10.0.2.109 59365 -> 195.113.214.249 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:46:17.214558 0.361233 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:17.576167 0.227254 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:17.803763 0.081867 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:17.885997 0.138223 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:18.024572 0.056829 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:18.081829 0.092997 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:18.175229 0.095845 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:18.271471 0.053662 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:18.325557 0.000000 udp 10.0.2.109 3683 -> 5.179.75.86 2459 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 23:46:35.351244 0.070124 tcp 10.0.2.109 59366 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:46:35.421714 0.062132 tcp 10.0.2.109 59367 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:46:35.484185 0.159228 tcp 10.0.2.109 59368 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:46:35.643999 0.202072 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:35.846469 0.046361 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:35.893225 0.137202 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:36.030839 0.262734 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:36.294005 0.108510 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:36.402913 0.146149 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:36.549482 0.143230 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:36.693090 0.064939 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:36.758523 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 23:46:55.469955 0.061955 tcp 10.0.2.109 59369 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:46:55.532158 0.060416 tcp 10.0.2.109 59370 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:46:55.592825 0.152843 tcp 10.0.2.109 59371 -> 195.113.214.249 443 SRPA* 0 0 24 13196 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:46:55.746326 0.121303 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:55.867985 0.211138 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:56.079531 0.050783 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:46:56.130716 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/12 23:47:14.457204 0.092712 tcp 10.0.2.109 59372 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:47:14.550319 0.069735 tcp 10.0.2.109 59373 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:47:14.620341 0.157318 tcp 10.0.2.109 59374 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/12 23:47:14.778337 0.047351 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:14.826253 0.028872 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:14.855470 0.368303 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:15.224139 0.181019 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:15.405519 0.309526 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:15.715450 0.503328 udp 10.0.2.109 3683 <-> 88.30.207.158 7063 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:16.219169 0.171738 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:16.391298 0.164301 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:16.555988 0.127816 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:16.684209 0.079207 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:16.763819 0.400179 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:17.164373 0.188529 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:17.353274 0.372360 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:17.726141 0.141922 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:17.868474 0.317124 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:18.185996 0.151885 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:18.338336 0.453578 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:18.792261 0.375424 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:47:19.168136 0.131553 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/12 23:53:43.017737 3.001810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/12 23:53:50.025519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:53:58.026857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:54:14.029947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/12 23:54:46.035349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:00:50.042296 3.001220 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 00:00:57.049217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:01:05.053920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:01:21.053942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:01:53.061495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:03:16.069302 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 00:03:16.069393 0.821033 tcp 10.0.2.109 59375 -> 176.73.128.116 4768 FSPA* 0 0 14 1502 flow=From-Botnet-V1-TCP-Established 1970/02/13 00:07:57.066903 3.148986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 00:08:04.193250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:08:12.124319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:08:28.088009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:09:00.096797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:15:04.100232 3.001254 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 00:15:11.107365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:15:19.108643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:15:35.111700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:16:07.117626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:17:29.045741 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 00:17:29.045870 0.072761 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:29.119031 0.079044 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:29.198488 0.162333 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:29.361277 0.069209 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:29.430922 0.211615 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:29.642981 0.367466 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:30.084515 0.098680 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:30.183634 0.053834 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:30.237837 0.096601 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:30.334806 0.140746 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:30.475974 0.061472 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:30.537866 0.040722 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:30.578954 0.192882 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:30.772229 0.146694 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:30.919357 0.142434 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:31.062348 0.060901 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:31.123654 0.264162 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:31.388253 0.114561 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:31.503220 0.142688 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:31.646426 0.124306 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:31.771231 0.051260 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:31.822884 0.205543 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:32.028888 0.043641 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:32.072973 0.026767 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:32.100073 0.394713 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:32.495144 0.336430 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:32.832027 0.177784 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:33.010269 0.185369 udp 10.0.2.109 3683 <-> 88.30.207.158 7063 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:33.196031 0.165962 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:33.362390 0.361107 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:33.723895 0.123363 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:33.847643 0.074150 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:33.951288 0.349374 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:34.301048 0.141124 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:34.442587 0.397781 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:34.840770 0.189996 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:35.031209 0.317272 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:35.348939 0.149577 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:35.498949 1.473737 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:36.973079 0.369605 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:17:37.343093 0.131488 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:22:11.123797 3.001547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 00:22:18.131914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:22:26.132796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:22:42.135614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:23:14.142753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:29:18.152207 2.997063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 00:29:25.155289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:29:33.156830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:29:49.163186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:30:21.167602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:33:16.889086 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 00:33:16.889226 0.628809 tcp 10.0.2.109 59376 -> 176.73.128.116 4768 FSPA* 0 0 15 1669 flow=From-Botnet-V1-TCP-Established 1970/02/13 00:36:25.171653 3.001643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 00:36:32.179087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:36:40.180478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:36:56.183654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:37:28.189807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:43:32.198945 3.002719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 00:43:39.203022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:43:47.206725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:44:03.207709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:44:35.213627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:48:03.403455 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 00:48:03.403548 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 00:48:20.860317 0.064304 tcp 10.0.2.109 59377 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 00:48:20.924887 0.062910 tcp 10.0.2.109 59378 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 00:48:20.988082 0.160887 tcp 10.0.2.109 59379 -> 195.113.214.249 443 SRPA* 0 0 57 47663 flow=From-Botnet-V1-TCP-Established 1970/02/13 00:48:21.149601 0.076519 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:21.226537 0.218166 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:21.445132 0.073007 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:21.518528 0.084240 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:21.603154 0.359776 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:21.963371 0.094182 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:22.057917 0.052877 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:22.111171 0.085651 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:22.197279 0.155902 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:22.353613 0.062474 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:22.416511 0.046516 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:22.463379 0.194501 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:22.658306 0.065795 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:22.724495 0.262853 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:22.987766 0.102804 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:23.090957 0.140175 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:23.231538 0.122785 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:23.354744 0.146418 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:23.501568 0.143455 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:23.645408 0.050780 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:23.696564 0.208845 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:23.905816 0.052470 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:23.958689 0.025031 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:23.984083 0.391938 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:24.376432 0.000000 udp 10.0.2.109 3683 -> 88.30.207.158 7063 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 00:48:39.986026 0.059893 tcp 10.0.2.109 59380 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 00:48:40.046246 0.063593 tcp 10.0.2.109 59381 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 00:48:40.110216 0.151388 tcp 10.0.2.109 59382 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 00:48:40.262149 0.232480 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:40.495185 0.166372 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:40.661904 0.346746 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:41.009055 0.180936 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:41.190530 0.125826 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:41.316821 0.076729 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:41.394008 0.349121 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:41.743503 0.140315 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:41.884189 0.318759 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:42.203351 0.151396 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:42.355167 0.401289 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:42.756873 0.187577 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:42.944839 0.131249 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:43.076701 0.455459 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:48:43.532633 0.369341 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 00:50:39.219856 3.001341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 00:50:46.227304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:50:54.228878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:51:10.231734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:51:42.237424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:57:46.504060 3.009986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 00:57:53.529843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:58:01.487506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:58:17.365643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 00:58:49.371779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:03:17.537941 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 01:03:17.538264 3.003334 tcp 10.0.2.109 59383 -> 176.73.128.116 4768 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 01:03:26.540321 0.000000 tcp 10.0.2.109 59383 -> 176.73.128.116 4768 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 01:03:32.540648 0.267012 tcp 10.0.2.109 59384 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:03:32.807903 0.064297 tcp 10.0.2.109 59385 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:03:32.872488 0.420364 tcp 10.0.2.109 59386 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:03:33.828745 3.005882 tcp 10.0.2.109 59387 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 01:03:42.833010 0.000000 tcp 10.0.2.109 59387 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 01:03:48.822795 0.060422 tcp 10.0.2.109 59388 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:03:48.883551 0.061548 tcp 10.0.2.109 59389 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:03:48.945446 0.163022 tcp 10.0.2.109 59390 -> 195.113.214.249 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:03:49.256120 3.001317 tcp 10.0.2.109 59391 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 01:03:58.255628 0.000000 tcp 10.0.2.109 59391 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 01:04:04.255138 0.073649 tcp 10.0.2.109 59392 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:04:04.329106 0.065497 tcp 10.0.2.109 59393 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:04:04.394867 0.202300 tcp 10.0.2.109 59394 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:04:04.810031 0.666775 tcp 10.0.2.109 59395 -> 5.178.194.36 4983 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:05:00.377870 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 01:05:07.385147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:05:15.388908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:05:31.389891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:06:03.395819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:12:07.402755 3.000748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 01:12:14.409378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:12:22.411152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:12:38.413779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:13:10.419834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:18:44.674833 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 01:18:44.674928 0.165152 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:18:44.840598 0.000000 udp 10.0.2.109 3683 -> 88.30.207.158 7063 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 01:19:02.047269 0.293174 tcp 10.0.2.109 59396 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:19:02.340740 0.066170 tcp 10.0.2.109 59397 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:19:02.407243 0.225414 tcp 10.0.2.109 59398 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:19:02.633210 0.074076 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:02.707681 0.074522 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:02.782593 0.076740 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:02.859721 0.216820 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:03.077003 0.362686 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:03.440095 0.094427 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:03.534987 0.145034 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:03.680372 0.057553 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:03.738541 0.055493 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:03.794431 0.098380 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:03.893223 0.199682 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:04.093309 0.060095 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:04.153769 0.040607 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:04.194750 0.143919 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:04.339039 0.122824 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:04.462271 0.176711 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:04.639387 0.143931 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:04.783713 0.050843 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:04.834959 0.105693 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:04.941064 0.257523 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:05.198979 0.407148 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:05.606496 0.214930 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:05.821884 0.047529 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:05.869925 0.029292 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:05.899647 0.166215 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:06.066432 0.165325 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:06.232123 0.367321 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:06.599823 0.177869 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:06.778036 0.129972 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:06.908418 0.085017 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:06.993775 0.350724 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:07.344945 0.147989 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:07.493325 0.401788 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:07.895509 0.140722 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:08.036653 0.000000 udp 10.0.2.109 3683 -> 118.38.205.107 8776 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 01:19:14.426536 3.000951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 01:19:21.439585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:19:25.649707 0.060963 tcp 10.0.2.109 59399 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:19:25.711011 0.060553 tcp 10.0.2.109 59400 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:19:25.771865 0.237846 tcp 10.0.2.109 59401 -> 195.113.214.249 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:19:26.010671 0.460125 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:26.471183 0.189225 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:26.660800 0.131144 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:26.792375 0.374486 udp 10.0.2.109 3683 <-> 114.205.180.193 3665 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:19:29.434648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:19:45.437582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:20:17.443716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:26:23.387208 2.997212 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 01:26:30.394423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:26:38.391283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:26:54.394841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:27:26.400467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:33:40.412085 3.007175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 01:33:47.418599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:33:55.419649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:34:06.246047 0.000226 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 01:34:06.246377 0.779380 tcp 10.0.2.109 59402 -> 5.178.194.36 4983 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:34:11.424625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:34:43.429193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:41:11.440379 3.000857 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 01:41:18.448981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:41:26.453261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:41:42.451312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:42:14.457329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:48:18.463480 3.001493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 01:48:25.471143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:48:33.472416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:48:49.475140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:49:21.481045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:49:39.006785 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 01:49:39.006887 3.271359 udp 10.0.2.109 3683 -> 118.38.205.107 8776 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 01:49:42.278246 0.000000 icmp 211.51.143.194 0x0103 -> 10.0.2.109 0x7626 URH 192 1 195 flow=Background 1970/02/13 01:49:55.101556 0.064550 tcp 10.0.2.109 59403 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:49:55.166345 0.062842 tcp 10.0.2.109 59404 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:49:55.229500 0.155446 tcp 10.0.2.109 59405 -> 195.113.214.249 443 SRPA* 0 0 37 31144 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:49:55.385619 0.169846 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:49:55.555873 0.068360 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:49:55.624657 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 01:50:11.343555 0.061769 tcp 10.0.2.109 59406 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:50:11.405589 0.067023 tcp 10.0.2.109 59407 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:50:11.472916 0.164530 tcp 10.0.2.109 59408 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:50:11.638049 0.216705 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:11.855162 0.360579 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:12.216080 0.082599 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:12.299078 0.074806 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:12.374355 0.059864 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:12.434616 0.052923 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:12.487969 0.159645 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:12.648021 0.193149 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:12.841547 0.095038 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:12.936953 0.040360 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:12.977720 0.144679 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:13.122862 0.121799 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:13.245007 0.144331 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:13.389712 0.145032 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:13.535103 0.052351 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:13.587869 0.063216 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:13.651478 0.397916 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:14.049821 0.212813 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:14.262996 0.257384 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:14.520795 0.098895 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:14.620107 0.166150 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:14.786648 0.163838 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:14.950865 0.373614 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:15.324896 0.181625 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:15.506932 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 01:50:32.734488 0.059609 tcp 10.0.2.109 59409 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:50:32.794420 0.061495 tcp 10.0.2.109 59410 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:50:32.856263 0.162658 tcp 10.0.2.109 59411 -> 195.113.214.249 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:50:33.019480 0.062979 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 207 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:33.082843 0.345529 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:33.428762 0.148228 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:33.577339 0.128844 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:33.706566 0.068707 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:33.775680 0.141626 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:33.917703 0.394410 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:34.312535 0.130951 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:34.443853 0.544661 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:34.988925 0.187904 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/13 01:50:35.177203 0.000000 udp 10.0.2.109 3683 -> 114.205.180.193 3665 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 01:50:50.179608 0.060739 tcp 10.0.2.109 59412 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:50:50.240674 0.061208 tcp 10.0.2.109 59413 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:50:50.302192 0.263765 tcp 10.0.2.109 59414 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 01:55:25.488439 3.000438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 01:55:32.495044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:55:40.496251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:55:56.499322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 01:56:28.505258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:02:33.512912 3.001598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 02:02:40.522723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:02:48.521500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:03:04.524784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:03:36.530957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:04:07.024807 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 02:04:07.024951 0.443800 tcp 10.0.2.109 59415 -> 5.178.194.36 4983 FSPA* 0 0 14 1528 flow=From-Botnet-V1-TCP-Established 1970/02/13 02:09:40.536428 3.001746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 02:09:47.544797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:09:55.545304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:10:11.548857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:10:43.554682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:16:47.560101 3.002320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 02:16:54.763946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:17:02.688710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:17:18.582525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:17:50.588613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:20:56.285862 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 02:20:56.286010 0.071984 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:20:56.358574 0.049401 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:20:56.408393 0.000000 udp 10.0.2.109 3683 -> 114.205.180.193 3665 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 02:21:14.824211 0.069050 tcp 10.0.2.109 59416 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 02:21:14.893585 0.060596 tcp 10.0.2.109 59417 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 02:21:14.954485 0.150270 tcp 10.0.2.109 59418 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 02:21:15.105316 0.164027 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:15.269782 0.072528 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:15.342704 0.227958 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:15.571052 0.074313 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:15.645806 0.063948 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:15.710166 0.056086 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:15.766588 0.138871 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:15.905860 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 02:21:30.975977 0.063946 tcp 10.0.2.109 59419 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 02:21:31.040224 0.061386 tcp 10.0.2.109 59420 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 02:21:31.101945 0.167965 tcp 10.0.2.109 59421 -> 195.113.214.249 443 SRPA* 0 0 36 14508 flow=From-Botnet-V1-TCP-Established 1970/02/13 02:21:31.270481 0.095642 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:31.366527 0.046675 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:31.413612 0.092230 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:31.506438 0.362921 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:31.869695 0.141840 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:32.011923 0.048454 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:32.060829 0.064274 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:32.125476 0.123052 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:32.248908 0.143138 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:32.392420 0.146883 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:32.539746 0.404612 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:32.944790 0.166817 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:33.111989 0.167130 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:33.279554 0.116299 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:33.396210 0.213613 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:33.610286 0.266009 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:33.876720 0.179481 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:34.056674 0.365692 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:34.422752 0.348919 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:34.772101 0.024517 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:34.797039 0.122648 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:34.920049 0.068410 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:34.988825 0.149610 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:35.138843 0.140720 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:35.279947 0.395359 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:35.675739 0.132791 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:35.808881 0.447805 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:21:36.257073 0.188780 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:23:54.595632 3.000608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 02:24:01.601924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:24:09.603507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:24:25.605855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:24:57.612555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:31:01.618285 3.002124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 02:31:08.625402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:31:16.627497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:31:32.629868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:32:04.635856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:34:07.475523 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 02:34:07.475672 0.475508 tcp 10.0.2.109 59422 -> 5.178.194.36 4983 FSPA* 0 0 14 1643 flow=From-Botnet-V1-TCP-Established 1970/02/13 02:38:08.642239 3.020112 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 02:38:15.660081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:38:23.660857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:38:39.664408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:39:11.670531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:45:15.679718 2.998749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 02:45:22.683990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:45:30.685196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:45:46.688816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:46:18.694302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:51:50.021263 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 02:51:50.021402 0.195034 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:50.216854 0.097779 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:50.314993 0.047260 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:50.362650 0.212673 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:50.575774 0.167378 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:50.743548 0.060180 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:50.804109 0.082303 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:50.886833 0.139080 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:51.026324 0.073107 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:51.099853 0.068992 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:51.169253 0.082754 rtcp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:51.252434 0.359293 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:51.612160 0.096752 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:51.709316 0.047111 udp 10.0.2.109 3683 <-> 87.167.252.202 8279 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:51.756838 0.145308 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:51.902545 0.051719 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:51.954631 0.066284 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:52.021350 0.120790 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:52.142504 0.137737 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:52.280629 0.149801 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:52.430880 0.405825 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:52.837139 0.113433 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:52.950994 0.212473 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:53.163901 0.265966 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:53.430434 0.167829 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:53.598624 0.165120 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:53.764102 0.182192 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:53.946674 0.328472 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:54.275586 0.344945 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:54.620977 0.025529 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:54.646894 0.128280 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:54.775548 0.074647 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:54.850538 0.420529 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:55.271422 0.131146 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:55.403007 0.149979 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:55.553397 0.139175 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:55.693015 0.442360 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:51:56.135782 0.188900 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/13 02:54:15.703994 3.000451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 02:54:22.710426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:54:30.712049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:54:46.715098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 02:55:18.720822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:01:40.733643 3.001541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 03:01:47.740525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:01:55.741426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:02:11.744245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:02:43.750676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:04:07.952187 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 03:04:07.952333 0.990632 tcp 10.0.2.109 59423 -> 5.178.194.36 4983 FSPA* 0 0 14 1745 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:08:59.763395 3.002232 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 03:09:06.771356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:09:14.772710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:09:30.776050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:10:02.781855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:16:10.794318 3.001247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 03:16:17.801041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:16:25.802624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:16:41.805698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:17:13.811720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:22:21.644796 0.000161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 03:22:21.645078 0.047666 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:21.693155 0.194159 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:21.887708 0.073719 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:21.961802 0.217135 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:22.179385 0.164646 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:22.344426 0.068230 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:22.413104 0.061879 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:22.475406 0.161551 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:22.637343 0.083020 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:22.720752 0.067998 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:22.789105 0.100085 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:22.889578 0.000000 udp 10.0.2.109 3683 -> 87.167.252.202 8279 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 03:22:39.392233 0.061537 tcp 10.0.2.109 59424 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:22:39.454035 0.064138 tcp 10.0.2.109 59425 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:22:39.518472 0.352212 tcp 10.0.2.109 59426 -> 195.113.214.249 443 SRPA* 0 0 70 42795 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:22:39.871242 0.142207 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:40.013810 0.084724 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:40.098933 0.362083 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:40.461340 0.055012 udp 10.0.2.109 3683 <-> 109.155.92.68 6148 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:40.516766 0.061555 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:40.578718 0.123142 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:40.702215 0.136241 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:40.838865 0.144222 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:40.983456 0.209448 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:41.193354 0.407936 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:41.601672 0.110055 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:41.712154 0.166210 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:41.878708 0.265104 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:42.144198 0.166479 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:42.311065 0.181612 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:42.493080 0.364517 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:42.857966 0.000000 udp 10.0.2.109 3683 -> 113.28.179.100 4835 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 03:22:59.098610 0.063291 tcp 10.0.2.109 59427 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:22:59.162250 0.065065 tcp 10.0.2.109 59428 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:22:59.227697 0.160394 tcp 10.0.2.109 59429 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:22:59.389099 0.025766 udp 10.0.2.109 3683 <-> 83.82.138.65 9859 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:59.415296 0.125869 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:59.541744 0.074481 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:59.616620 0.148130 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:59.765148 0.139957 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:22:59.905538 1.034972 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:23:00.940988 0.131355 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:23:01.072705 0.477374 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:23:01.550452 0.185728 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:23:17.817911 3.001441 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 03:23:24.825066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:23:32.826393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:23:48.829451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:24:20.835506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:30:24.841193 3.001711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 03:30:31.850393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:30:39.850417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:30:55.855280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:31:27.862998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:34:08.941471 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 03:34:08.941671 0.406474 tcp 10.0.2.109 59430 -> 5.178.194.36 4983 FSPA* 0 0 14 1580 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:37:31.866522 3.000912 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 03:37:38.873048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:37:46.874772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:38:02.877592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:38:34.883349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:44:38.888973 3.002702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 03:44:45.896634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:44:53.898559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:45:09.901441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:45:41.907442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:53:16.591533 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 03:53:16.591631 0.000000 udp 10.0.2.109 3683 -> 87.167.252.202 8279 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 03:53:33.207065 0.061003 tcp 10.0.2.109 59431 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:53:33.268316 0.065440 tcp 10.0.2.109 59432 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:53:33.334038 0.189220 tcp 10.0.2.109 59433 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:53:33.523925 0.000000 udp 10.0.2.109 3683 -> 113.28.179.100 4835 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 03:53:49.649344 0.062140 tcp 10.0.2.109 59434 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:53:49.711737 0.062679 tcp 10.0.2.109 59435 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:53:49.774724 0.149667 tcp 10.0.2.109 59436 -> 195.113.214.249 443 SRPA* 0 0 24 12986 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:53:49.924911 0.194864 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:50.120180 0.043357 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:50.163962 0.071561 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:50.235921 0.061785 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:50.298333 0.047643 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:50.298727 3.005097 tcp 10.0.2.109 59437 -> 81.133.36.147 1664 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 03:53:50.346526 0.156403 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:50.503274 0.074233 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:50.577868 0.079778 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:50.658042 0.166315 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:50.824730 0.226516 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:51.051686 0.097010 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:51.149141 0.143866 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:53:51.293390 0.000000 udp 10.0.2.109 3683 -> 109.155.92.68 6148 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 03:53:57.923224 3.002031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 03:53:59.302812 0.000000 tcp 10.0.2.109 59437 -> 81.133.36.147 1664 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 03:54:04.930547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:54:06.343705 0.060867 tcp 10.0.2.109 59438 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:06.404922 0.082238 tcp 10.0.2.109 59439 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:06.487441 0.162831 tcp 10.0.2.109 59440 -> 195.113.214.249 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:06.650764 0.066883 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:06.718070 0.122494 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:06.840937 0.147116 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:06.988442 0.142646 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:07.131477 0.081308 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:07.213189 0.365958 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:07.579598 0.164280 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:07.744287 0.210704 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:07.955990 0.407733 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:08.364126 0.104320 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:08.468819 0.322820 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:08.792021 0.165525 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:08.957932 0.267506 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:09.225863 0.178080 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:09.404330 0.000000 udp 10.0.2.109 3683 -> 83.82.138.65 9859 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 03:54:12.932611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:54:26.622759 0.060283 tcp 10.0.2.109 59441 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:26.683326 0.061226 tcp 10.0.2.109 59442 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:26.744851 0.160844 tcp 10.0.2.109 59443 -> 195.113.214.249 443 SRPA* 0 0 24 14054 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:26.906227 0.676073 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:27.582738 0.074778 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:27.591821 4.798227 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 SPA_* 0 0 110 55338 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:27.658311 0.148447 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:27.807091 0.142297 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:27.949792 0.892524 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:28.842683 0.190509 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:28.935304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:54:29.033572 0.131728 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:29.165686 0.491569 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/13 03:54:32.800345 4.882599 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 135 72826 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:37.878312 4.957919 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 141 75198 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:42.888459 4.883925 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 132 70616 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:47.987264 4.832426 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 119 63770 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:53.169993 4.736974 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 102 54660 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:54:58.332687 4.821676 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 103 54714 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:55:00.941296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 03:55:03.457920 4.892515 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 102 54660 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:55:08.552265 4.776815 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 86 45604 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:55:13.891082 4.625411 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 85 45550 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:55:19.111311 4.994130 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 93 50078 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:55:24.146336 4.989189 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 89 47814 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:55:29.247027 4.933948 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 A_PA 0 0 79 40695 flow=From-Botnet-V1-TCP-Established 1970/02/13 03:55:34.293308 0.199808 tcp 10.0.2.109 59444 -> 173.179.165.71 3327 FPA_* 0 0 6 328 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:01:04.947365 3.001518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 04:01:11.954608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:01:19.958602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:01:35.959091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:02:07.965423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:04:09.349885 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 04:04:09.350027 0.728773 tcp 10.0.2.109 59445 -> 5.178.194.36 4983 FSPA* 0 0 14 1635 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:08:25.971381 3.001643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 04:08:32.978987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:08:40.980278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:08:56.983715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:09:28.989295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:15:33.001093 3.001568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 04:15:40.003322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:15:48.004442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:16:04.007412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:16:36.013050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:22:40.018838 3.001936 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 04:22:47.026930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:22:55.028109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:23:11.031170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:23:43.037305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:24:59.076379 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 04:24:59.076561 0.000000 udp 10.0.2.109 3683 -> 109.155.92.68 6148 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 04:25:15.542386 0.064584 tcp 10.0.2.109 59446 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:25:15.607259 0.069399 tcp 10.0.2.109 59447 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:25:15.676954 0.164407 tcp 10.0.2.109 59448 -> 195.113.214.249 443 SRPA* 0 0 41 22612 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:25:15.842052 0.000000 udp 10.0.2.109 3683 -> 83.82.138.65 9859 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 04:25:32.354948 0.061717 tcp 10.0.2.109 59449 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:25:32.416937 0.083071 tcp 10.0.2.109 59450 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:25:32.500287 0.162521 tcp 10.0.2.109 59451 -> 195.113.214.249 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:25:32.663313 0.051217 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:32.714946 0.074608 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:32.789955 0.054310 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:32.844650 0.194732 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:33.047419 0.051879 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:33.099705 0.165699 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:33.367304 0.207851 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:33.575570 0.073006 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:33.648935 0.141854 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:33.791223 0.062830 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:33.898984 0.096451 udp 10.0.2.109 3683 <-> 86.165.128.122 6597 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:33.995854 0.143459 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:34.139681 0.123060 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:34.263192 0.065907 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:34.329542 0.143850 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:34.473795 0.362712 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:34.836904 0.165046 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:35.002348 0.082040 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:35.084830 0.146100 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:35.231374 0.445745 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:35.677584 0.207418 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:35.885433 0.353906 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:36.239782 0.113223 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:36.353360 0.168569 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:36.522435 0.262947 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:36.785804 0.177624 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:36.963790 0.122780 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:37.086984 0.074665 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:37.162036 0.147926 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:37.310361 0.138794 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:37.449519 0.406095 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:37.856074 0.188306 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:38.044790 0.131037 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:25:38.176268 0.489402 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:29:47.042742 3.002256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 04:29:54.050733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:30:02.052052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:30:18.055262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:30:50.061105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:34:10.079181 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 04:34:10.079329 0.423957 tcp 10.0.2.109 59452 -> 5.178.194.36 4983 FSPA* 0 0 14 1707 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:36:54.067694 3.001338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 04:37:01.074834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:37:09.076202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:37:25.079139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:37:57.085170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:44:01.116553 2.983766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 04:44:08.100421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:44:16.104293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:44:32.103325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:45:04.112678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:53:30.119723 3.001207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 04:53:37.126779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:53:45.128438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:54:01.133461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:54:33.137279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 04:55:54.704246 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 04:55:54.704402 0.042920 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:54.747726 0.194695 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:54.942814 0.049728 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:54.992967 0.075747 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:55.069096 0.061871 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:55.131318 0.166808 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:55.298502 0.213425 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:55.512340 0.074594 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:55.587341 0.153785 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:55.741562 0.061639 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:55:55.803619 0.000000 udp 10.0.2.109 3683 -> 86.165.128.122 6597 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 04:56:12.662412 0.075253 tcp 10.0.2.109 59453 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:56:12.738002 0.062593 tcp 10.0.2.109 59454 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:56:12.800920 0.152256 tcp 10.0.2.109 59455 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/13 04:56:12.953895 0.066887 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:13.021143 0.141010 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:13.162602 0.367625 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:13.530655 0.164249 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:13.695302 0.141932 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:13.837651 0.202440 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:14.040505 0.085349 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:14.126315 0.145354 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:14.272052 0.450468 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:14.722936 0.204156 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:14.927535 0.230989 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:15.158868 0.263416 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:15.422637 0.181216 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:15.604203 0.318645 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:15.923251 1.924802 udp 10.0.2.109 3683 <-> 95.232.16.188 5104 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:17.848472 0.126970 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:17.975785 0.074436 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:18.050580 0.149269 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:18.200208 0.140438 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:18.341127 0.394404 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:18.735931 0.190294 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:18.926660 0.131586 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/13 04:56:19.058673 0.483306 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:00:37.144081 3.001031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 05:00:44.150791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:00:52.152459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:01:08.155236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:01:40.165665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:04:10.508020 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 05:04:10.508122 0.406303 tcp 10.0.2.109 59456 -> 5.178.194.36 4983 FSPA* 0 0 14 1741 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:07:44.167645 3.001308 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 05:07:51.176968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:07:59.176484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:08:15.179039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:08:47.185154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:14:53.203844 3.003039 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 05:15:00.211618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:15:08.213132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:15:24.216388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:15:56.222161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:22:00.229131 3.005432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 05:22:07.235286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:22:15.237144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:22:31.240001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:23:03.247408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:26:31.189586 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 05:26:31.189770 0.000000 udp 10.0.2.109 3683 -> 86.165.128.122 6597 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 05:26:49.566404 0.076346 tcp 10.0.2.109 59457 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:26:49.643044 0.066898 tcp 10.0.2.109 59458 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:26:49.710409 0.222676 tcp 10.0.2.109 59459 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:26:49.933632 0.046867 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:49.980939 0.199168 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:50.180908 0.054888 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:50.236220 0.165948 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:50.402656 0.218889 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:50.621922 0.070613 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:50.692965 0.065985 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:50.759352 0.071928 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:50.831658 0.076804 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:50.908943 0.159273 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:51.068632 0.375361 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:51.507906 0.066052 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:51.574362 0.141304 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:51.716025 0.163678 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:51.880055 0.143801 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:52.024224 0.123870 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:52.148452 0.085544 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:52.234461 0.153091 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:52.387966 0.437697 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:52.826021 0.218642 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:53.045047 0.177464 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:53.222903 0.167910 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:53.391260 0.263522 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:53.655152 0.327061 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:26:53.982658 0.000000 udp 10.0.2.109 3683 -> 95.232.16.188 5104 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 05:27:11.624930 0.074479 tcp 10.0.2.109 59460 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:27:11.699672 0.064629 tcp 10.0.2.109 59461 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:27:11.764569 0.154942 tcp 10.0.2.109 59462 -> 195.113.214.249 443 SRPA* 0 0 51 33114 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:27:11.920052 0.123396 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:27:12.043838 0.074640 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:27:12.118850 0.150089 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:27:12.269387 0.187500 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:27:12.457312 0.143742 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:27:12.601461 0.394115 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:27:12.995927 0.130748 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:27:13.127088 0.000000 udp 10.0.2.109 3683 -> 119.234.167.72 5726 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 05:27:18.680028 0.000000 udp 10.0.2.109 3683 <- 119.234.167.72 5726 RSP 0 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 05:29:07.255523 2.998222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 05:29:14.259477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:29:22.261005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:29:38.263906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:30:10.280041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:34:10.916262 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 05:34:10.916437 0.407077 tcp 10.0.2.109 59463 -> 5.178.194.36 4983 FSPA* 0 0 14 1735 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:36:14.288796 2.998830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 05:36:21.293624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:36:29.297096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:36:45.297948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:37:17.303911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:43:21.310300 3.001286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 05:43:28.317511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:43:36.318898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:43:52.323740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:44:24.332546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:50:28.335597 3.000337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 05:50:35.341191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:50:43.342907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:50:59.346223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:51:31.351891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:57:33.072445 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 05:57:33.072611 0.000000 udp 10.0.2.109 3683 -> 95.232.16.188 5104 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 05:57:35.358074 3.001715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 05:57:42.365556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:57:49.377457 0.061728 tcp 10.0.2.109 59464 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:57:49.439492 0.047143 tcp 10.0.2.109 59465 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:57:49.486999 0.159312 tcp 10.0.2.109 59466 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 05:57:49.646851 0.047373 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:49.694658 0.052925 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:49.747983 0.168316 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:49.916725 0.209235 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:50.126394 0.073292 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:50.200077 0.054118 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:50.254612 0.242190 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:50.366826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:57:50.497203 0.060642 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:50.558266 0.194328 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:50.752999 0.062229 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:50.815616 0.137738 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:50.953697 0.164588 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:51.118702 0.143231 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:51.262346 0.359911 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:51.622707 0.160880 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:51.784005 0.146305 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:51.930707 0.426140 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:52.357277 0.210847 udp 10.0.2.109 3683 <-> 108.192.100.186 6291 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:52.568505 0.082627 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:52.651575 0.122030 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:52.774026 0.316301 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:53.090720 0.178577 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:53.269748 0.167131 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:53.437299 0.263205 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:53.700887 0.126564 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:53.827916 0.074537 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:53.902852 0.150922 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:54.054340 0.189293 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:54.244039 0.141122 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:54.385603 0.402875 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:54.788847 0.130701 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:57:54.919911 0.455409 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/13 05:58:06.369931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 05:58:38.375821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:04:11.325374 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 06:04:11.325492 0.541518 tcp 10.0.2.109 59467 -> 5.178.194.36 4983 FSPA* 0 0 14 1648 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:04:56.392697 3.001064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 06:05:03.399419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:05:11.406991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:05:27.404054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:05:59.410300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:12:12.419443 3.001137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 06:12:19.426380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:12:27.427972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:12:43.431371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:13:15.437125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:19:19.443886 3.001091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 06:19:26.450316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:19:34.451822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:19:50.454926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:20:22.460877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:26:26.468704 2.999982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 06:26:33.474344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:26:41.475764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:26:57.478638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:27:29.485097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:28:08.700993 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 06:28:08.701186 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 06:28:24.816484 0.066416 tcp 10.0.2.109 59468 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:28:24.883174 0.068157 tcp 10.0.2.109 59469 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:28:24.951610 0.155061 tcp 10.0.2.109 59470 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:28:25.107340 0.208490 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:25.316270 0.069988 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:25.386653 0.055371 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:25.442402 0.073297 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:25.516080 0.063684 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:25.580125 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 06:28:42.300338 0.065704 tcp 10.0.2.109 59471 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:28:42.366539 0.062853 tcp 10.0.2.109 59472 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:28:42.429689 0.154999 tcp 10.0.2.109 59473 -> 195.113.214.249 443 SRPA* 0 0 42 21700 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:28:42.585405 0.057455 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:42.643254 0.194762 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:42.838441 0.059111 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:42.897950 0.144281 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:43.042629 0.164489 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:43.207530 0.144077 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:43.391528 0.363083 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:43.754977 0.143031 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:43.898411 0.147570 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:44.046511 0.448017 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:28:44.495021 0.000000 udp 10.0.2.109 3683 -> 108.192.100.186 6291 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 06:29:00.246019 0.062171 tcp 10.0.2.109 59474 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:29:00.308530 0.064713 tcp 10.0.2.109 59475 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:29:00.373580 0.155498 tcp 10.0.2.109 59476 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:29:00.529743 0.092809 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:00.622941 0.142595 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:00.765954 0.335381 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:01.101722 0.191058 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:01.293197 0.166424 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:01.460001 0.259482 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:01.719939 0.126783 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:01.847098 0.074525 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:01.922035 0.150229 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:02.072653 0.402282 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:02.475299 0.130586 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:02.606302 0.518092 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:29:03.124807 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 06:29:20.855644 0.064205 tcp 10.0.2.109 59477 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:29:20.920147 0.064029 tcp 10.0.2.109 59478 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:29:20.984467 0.159505 tcp 10.0.2.109 59479 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:29:21.144502 0.139963 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:33:33.490877 3.003824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 06:33:40.498179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:33:48.499865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:34:04.502921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:34:11.873704 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 06:34:11.873892 0.442100 tcp 10.0.2.109 59480 -> 5.178.194.36 4983 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:34:36.509145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:40:40.515001 3.001650 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 06:40:47.522051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:40:55.523847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:41:11.530081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:41:43.535890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:47:47.539058 3.001211 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 06:47:54.545960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:48:02.547514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:48:18.550790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:48:50.556690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:55:35.571613 3.001722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 06:55:42.579193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:55:50.581021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:56:06.584909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:56:38.589466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 06:59:26.609210 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 06:59:26.609384 0.163434 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:59:26.773208 0.053554 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:59:26.827172 0.000000 udp 10.0.2.109 3683 -> 108.192.100.186 6291 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 06:59:43.247345 0.071394 tcp 10.0.2.109 59481 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:59:43.319030 0.046866 tcp 10.0.2.109 59482 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:59:43.365817 0.159449 tcp 10.0.2.109 59483 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/13 06:59:43.525882 0.188366 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:59:43.714615 0.076191 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:59:43.791196 0.073126 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:59:43.864846 0.058108 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:59:43.865260 2.995044 tcp 10.0.2.109 59484 -> 5.179.75.86 5084 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 06:59:43.923322 0.076044 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:59:43.999741 0.226974 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:59:44.227123 0.055834 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/13 06:59:44.283303 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 06:59:52.858883 0.000000 tcp 10.0.2.109 59484 -> 5.179.75.86 5084 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 07:00:00.210293 0.205361 tcp 10.0.2.109 59485 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 07:00:00.415997 0.047305 tcp 10.0.2.109 59486 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 07:00:00.463561 0.157771 tcp 10.0.2.109 59487 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 07:00:00.621901 0.045287 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:00.667612 0.143124 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:00.811135 0.160043 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:00.971643 0.143463 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:01.115482 0.166908 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:01.282790 0.144030 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:01.427257 0.364409 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:01.792141 0.404925 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:02.197519 0.209232 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:02.407208 0.081272 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:02.488886 0.167890 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:02.657207 0.264587 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:02.922343 0.129800 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:03.052537 0.074642 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:03.127617 0.177692 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:03.305756 0.335290 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:03.641529 0.149289 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:03.791234 0.402806 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:04.194584 0.132756 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:04.327810 0.487479 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:00:04.815681 0.140470 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:02:51.598531 3.001744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 07:02:58.606047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:03:06.607609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:03:22.610695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:03:54.616347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:04:12.322401 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 07:04:12.322548 1.014980 tcp 10.0.2.109 59488 -> 5.178.194.36 4983 FSPA* 0 0 14 1733 flow=From-Botnet-V1-TCP-Established 1970/02/13 07:09:58.622986 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 07:10:05.629948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:10:13.631416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:10:29.634010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:11:01.640363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:17:05.646236 3.082508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 07:17:12.702340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:17:20.665621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:17:36.668612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:18:08.676404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:24:12.680727 3.000866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 07:24:19.688110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:24:27.689483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:24:43.691830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:25:15.698971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:30:06.046238 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 07:30:06.046406 0.192606 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:06.239432 0.165084 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:06.404885 0.042353 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:06.447610 0.067462 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:06.515666 0.189401 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:06.516202 2.994778 tcp 10.0.2.109 59489 -> 5.179.75.86 5084 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 07:30:06.705456 0.072850 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:06.778681 0.234859 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:07.013983 0.072835 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:07.087212 0.059493 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:07.147091 0.071775 udp 10.0.2.109 3683 <-> 86.169.176.159 3620 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:07.219222 0.150026 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:07.369635 0.143011 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:07.513037 0.163720 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:07.677147 0.054131 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:07.731748 0.145548 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:07.877646 0.143368 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:08.021416 0.364142 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:08.385955 0.124695 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:08.511096 0.165991 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:08.677487 0.264831 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:08.942691 0.355383 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:09.298541 0.122220 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:09.421192 0.124773 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:09.546537 0.070874 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:09.617776 0.178242 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:09.796440 0.323832 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:10.120665 0.132395 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:10.253449 0.152131 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:10.405989 0.426996 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:10.833382 0.466894 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:11.300650 0.138140 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/13 07:30:15.509501 0.000000 tcp 10.0.2.109 59489 -> 5.179.75.86 5084 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 07:31:19.704248 3.001887 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 07:31:26.712039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:31:34.713818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:31:50.716007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:32:22.724711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:34:13.343209 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 07:34:13.343386 0.688022 tcp 10.0.2.109 59490 -> 5.178.194.36 4983 FSPA* 0 0 14 1503 flow=From-Botnet-V1-TCP-Established 1970/02/13 07:38:26.728805 3.085642 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 07:38:33.784052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:38:41.747450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:38:57.750619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:39:29.756540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:45:33.761532 3.002607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 07:45:40.769756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:45:48.771616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:46:04.774311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:46:36.780633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:54:28.791954 3.001042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 07:54:35.799262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:54:43.800643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:54:59.803287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 07:55:31.809728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:00:14.857144 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 08:00:14.857274 0.053772 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:14.911531 0.074489 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:14.986542 0.189108 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:14.987033 2.994842 tcp 10.0.2.109 59491 -> 5.179.75.86 5084 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 08:00:15.176145 0.389314 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:15.565973 0.216909 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:15.783315 0.194241 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:15.977929 0.162708 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:16.141039 0.061426 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:16.202949 0.053528 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:16.256899 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 08:00:23.979871 0.000000 tcp 10.0.2.109 59491 -> 5.179.75.86 5084 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 08:00:33.335202 0.100930 tcp 10.0.2.109 59492 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:00:33.436461 0.063262 tcp 10.0.2.109 59493 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:00:33.500021 0.136543 tcp 10.0.2.109 59494 -> 195.113.214.249 443 SRPA* 0 0 69 42951 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:00:33.637172 0.168250 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:33.805852 0.146045 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:33.952384 0.165627 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:34.270957 0.054130 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:34.325551 0.136981 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:34.463031 0.141077 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:34.604542 0.170016 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:34.774929 0.266408 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:35.041726 0.361678 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:35.403836 0.092391 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:35.496657 0.351830 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:35.848898 0.122523 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:35.971801 1.351007 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:37.323607 0.074642 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:37.324443 4.840883 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 SPA_* 0 0 9 1991 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:00:37.398763 0.178133 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:37.577359 0.148349 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:37.726073 0.396913 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:38.123445 0.358458 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:38.482334 0.132122 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:38.614824 0.430397 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:39.045665 0.140611 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:00:43.155331 0.008850 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 6 3220 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:00:49.089042 4.232784 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 27 13502 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:00:54.393966 4.130762 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 52 28832 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:00:59.857507 4.270001 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 6 5020 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:06.903985 4.092263 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 27 16890 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:12.313807 4.241575 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 23 13882 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:19.419055 2.746673 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 13 8294 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:24.763658 3.632780 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 24 14432 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:31.488775 4.062776 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 32 18112 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:36.885484 3.043326 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 15 9354 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:42.548512 2.740347 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 14 8596 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:47.990559 4.496247 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 17 11510 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:53.649413 4.147987 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 14 6900 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:01:56.825439 3.300003 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 08:02:00.638106 4.105240 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 27 16042 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:04.094862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:02:06.024454 2.962231 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 17 8862 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:11.460347 4.748958 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 21 15718 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:12.020194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:02:16.947233 4.250374 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 31 15762 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:22.323861 4.250606 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 24 15632 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:27.658791 4.246922 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 36 21824 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:27.872324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:02:34.567746 4.503674 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 17 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:40.406675 2.785140 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 21 11270 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:45.830303 4.535228 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 12 6896 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:51.704000 2.892172 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 25 13638 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:58.686985 2.819048 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 18 11212 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:02:59.853485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:03:03.959690 4.786860 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 17 11158 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:03:09.891676 4.063496 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 29 15302 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:03:16.676567 4.560237 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 13 7446 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:03:22.651151 4.802731 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 11 7586 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:03:28.636339 4.145428 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 44 23456 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:03:34.035053 3.192722 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 14 7500 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:03:39.563723 4.283319 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 36 22424 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:03:44.939754 4.013263 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 31 18058 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:03:52.136517 2.916599 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 13 8894 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:03:58.006989 4.004156 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 21 12222 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:04.687226 4.396209 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 17 12358 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:10.246779 2.710502 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 24 12984 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:14.030910 0.615390 tcp 10.0.2.109 59496 -> 5.178.194.36 4983 FSPA* 0 0 14 1496 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:15.574721 0.198149 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 2 708 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:23.572916 2.716341 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 15 10450 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:29.095496 4.054945 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 27 15442 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:34.484295 2.704526 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 39 20890 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:39.840728 4.864536 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 18 13260 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:44.905186 3.691646 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 21 11270 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:49.952537 4.596039 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 19 9714 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:04:55.909553 2.674320 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 31 17666 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:01.245418 2.887408 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 13 10942 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:07.027561 4.011000 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 25 14134 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:12.368463 2.709798 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 40 22144 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:17.673902 2.942287 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 25 16286 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:23.080931 4.254753 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 35 22370 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:30.244099 4.212517 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 16 12552 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:37.275144 2.683754 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 14 8348 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:42.580486 2.407805 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 16 8104 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:48.496517 3.800769 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 24 13936 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:53.575289 4.114626 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 25 16886 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:05:59.066633 4.742041 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 A_PA 0 0 20 10720 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:06:04.765924 1.085999 tcp 10.0.2.109 59495 -> 173.179.165.71 3327 FPA_* 0 0 8 494 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:09:11.861345 3.001654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 08:09:18.868799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:09:26.870440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:09:42.874591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:10:14.879272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:16:22.890552 3.002934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 08:16:29.898679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:16:37.900310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:16:53.902972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:17:25.909041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:23:29.926070 3.000969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 08:23:36.932609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:23:44.933586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:24:00.936633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:24:32.943066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:30:36.948543 3.267524 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 08:30:44.179290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:30:52.108276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:31:07.980760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:31:09.123175 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 08:31:09.123286 0.000000 udp 10.0.2.109 3683 -> 86.169.176.159 3620 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 08:31:26.261315 0.070325 tcp 10.0.2.109 59497 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:31:26.331946 0.063193 tcp 10.0.2.109 59498 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:31:26.395425 0.173860 tcp 10.0.2.109 59499 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:31:26.570085 0.188882 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:26.759489 0.042703 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:26.802554 0.065630 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:26.868559 0.076275 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:26.945205 0.167055 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:27.112695 0.064880 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:27.178010 0.060122 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:27.238619 0.192515 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:27.431530 0.218531 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:27.650789 0.485619 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:28.136779 0.053619 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:28.190776 0.137477 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:28.328608 0.149159 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:28.478197 0.142731 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:28.621338 0.186361 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:28.808106 0.169859 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:28.978362 0.298671 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:29.277439 0.363739 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:29.641565 0.085355 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:29.727339 0.319807 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:30.047589 0.122462 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:30.170499 0.353274 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:30.524228 0.075191 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:30.599828 0.182208 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:30.782436 0.150937 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:30.933843 0.238541 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:31.172737 0.452597 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:31.625830 0.140129 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:31.766394 0.445601 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:32.212451 0.330734 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/13 08:31:39.987035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:34:14.649697 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 08:34:14.649805 0.746560 tcp 10.0.2.109 59500 -> 5.178.194.36 4983 FSPA* 0 0 14 1685 flow=From-Botnet-V1-TCP-Established 1970/02/13 08:37:43.993158 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 08:37:51.000568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:37:59.002000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:38:15.008601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:38:47.011159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:44:51.016837 3.001960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 08:44:58.024423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:45:06.026000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:45:22.030636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:45:54.034776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:54:03.051172 3.001535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 08:54:10.058497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:54:18.060438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:54:34.062817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 08:55:06.068705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:01:17.085443 3.000541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 09:01:24.091975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:01:32.093490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:01:38.463225 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 09:01:38.463325 0.065143 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:38.528983 0.077038 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:38.606398 0.191018 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:38.797768 0.041898 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:38.840055 0.163961 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:39.004362 0.059225 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:39.063986 0.056840 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:39.121194 0.194733 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:39.316333 0.210146 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:39.749996 0.164945 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:39.915351 0.056811 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:39.972506 0.136925 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:40.109822 0.142983 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:40.253268 0.146820 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:40.400740 0.145120 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:40.546249 0.233301 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:40.779941 3.459338 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:44.239647 0.315259 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:44.555315 0.269401 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:44.825085 0.363345 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:45.188872 0.122200 udp 10.0.2.109 3683 <-> 192.110.145.104 2099 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:45.311539 0.128849 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:45.440833 0.074947 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:45.516123 0.178695 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:45.695237 0.148442 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:45.844086 0.138314 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:45.982752 0.130630 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:46.113793 0.438946 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:46.553119 0.404879 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:46.958353 0.323992 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:01:48.096921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:02:20.103020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:04:15.393268 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 09:04:15.393424 0.478188 tcp 10.0.2.109 59501 -> 5.178.194.36 4983 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/02/13 09:08:40.111242 3.002143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 09:08:47.119291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:08:55.120894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:09:11.144632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:09:43.139775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:15:47.145814 3.001685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 09:15:54.153384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:16:02.154526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:16:18.176169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:16:50.174725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:22:54.180022 3.001627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 09:23:01.187133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:23:09.188576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:23:25.191548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:23:57.197722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:30:01.204486 3.000995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 09:30:08.211086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:30:16.212661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:30:32.217610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:31:04.221690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:31:58.871599 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 09:31:58.871758 0.075320 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:31:58.947564 0.078587 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:31:59.026627 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 09:32:16.016569 0.064381 tcp 10.0.2.109 59502 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 09:32:16.081218 0.046456 tcp 10.0.2.109 59503 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 09:32:16.127534 0.137058 tcp 10.0.2.109 59504 -> 195.113.214.249 443 SRPA* 0 0 60 54443 flow=From-Botnet-V1-TCP-Established 1970/02/13 09:32:16.265300 0.041978 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:16.307752 0.164663 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:16.472894 0.064099 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:16.537398 0.056270 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:16.594066 0.195457 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:16.789932 0.055450 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:16.845831 0.141142 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:16.987387 0.147177 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:17.134960 0.148258 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:17.283675 0.208708 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:17.492782 0.165186 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:17.658562 0.143130 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:17.802259 0.164099 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:17.966710 0.256255 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:18.223367 0.361619 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:18.585376 3.616797 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:22.202614 0.331415 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:22.534448 0.000000 udp 10.0.2.109 3683 -> 192.110.145.104 2099 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 09:32:40.340642 0.062688 tcp 10.0.2.109 59505 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 09:32:40.403572 0.045154 tcp 10.0.2.109 59506 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 09:32:40.449021 0.152510 tcp 10.0.2.109 59507 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/13 09:32:40.602237 0.127278 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:40.729970 0.074756 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:40.805115 0.178536 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:40.984073 0.147770 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:41.132285 0.140466 udp 10.0.2.109 3683 <-> 76.68.247.124 5215 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:41.273172 0.136481 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:41.410014 0.335839 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:41.746254 0.447891 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:32:42.194608 0.397514 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/13 09:34:15.877242 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 09:34:15.877437 0.839069 tcp 10.0.2.109 59508 -> 5.178.194.36 4983 FSPA* 0 0 14 1633 flow=From-Botnet-V1-TCP-Established 1970/02/13 09:37:08.228725 3.002861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 09:37:15.238497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:37:23.236439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:37:39.239851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:38:11.245410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:44:15.251707 3.001421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 09:44:22.258828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:44:30.260988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:44:46.263777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:45:18.276347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:53:42.276879 3.001871 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 09:53:49.284524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:53:57.285893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:54:13.288906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 09:54:45.297961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:00:49.301411 3.001233 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 10:00:56.308615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:01:04.309555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:01:20.312924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:01:52.318586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:03:08.578818 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 10:03:08.579022 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 10:03:26.026017 0.064625 tcp 10.0.2.109 59509 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:03:26.090999 0.046234 tcp 10.0.2.109 59510 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:03:26.137587 0.159080 tcp 10.0.2.109 59511 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:03:26.297244 0.000000 udp 10.0.2.109 3683 -> 192.110.145.104 2099 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 10:03:43.399405 0.061127 tcp 10.0.2.109 59512 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:03:43.460827 0.047120 tcp 10.0.2.109 59513 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:03:43.508320 0.154719 tcp 10.0.2.109 59514 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:03:43.663669 0.071427 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:03:43.735521 0.076706 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:03:43.812706 0.166792 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:03:43.982078 0.060521 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:03:44.042995 0.077769 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:03:44.121162 0.195249 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:03:44.316881 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 10:04:00.313364 0.060399 tcp 10.0.2.109 59515 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:04:00.374060 0.045532 tcp 10.0.2.109 59516 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:04:00.419864 0.153588 tcp 10.0.2.109 59517 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:04:00.573943 0.138664 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:00.712988 0.053677 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:00.767115 0.217765 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:00.985259 0.164678 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:01.150366 0.144845 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:01.295627 0.167254 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:01.463309 0.154466 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:01.618209 0.147157 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:01.765768 0.359920 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:02.126148 0.263485 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:02.390096 3.204327 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:05.594875 0.321023 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:05.916366 0.147901 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:06.064717 0.074689 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:06.139863 0.177697 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:06.317997 0.132597 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:06.450996 0.365871 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:06.817303 0.150713 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:06.968477 0.000000 udp 10.0.2.109 3683 -> 76.68.247.124 5215 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 10:04:16.719140 1.432111 tcp 10.0.2.109 59518 -> 5.178.194.36 4983 FSPA* 0 0 14 1662 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:04:24.870338 0.064410 tcp 10.0.2.109 59519 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:04:24.935060 0.046245 tcp 10.0.2.109 59520 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:04:24.981600 0.171051 tcp 10.0.2.109 59521 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:04:25.153292 0.446013 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:04:25.599764 0.000000 udp 10.0.2.109 3683 -> 203.45.46.184 7507 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 10:04:41.526211 0.060792 tcp 10.0.2.109 59522 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:04:41.587335 0.046393 tcp 10.0.2.109 59523 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:04:41.634050 0.146387 tcp 10.0.2.109 59524 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:08:03.334808 3.002065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 10:08:10.342521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:08:18.349020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:08:34.346834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:09:06.356720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:15:10.359779 3.005464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 10:15:17.366134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:15:25.367668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:15:41.370888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:16:13.376732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:22:17.382659 3.001962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 10:22:24.390281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:22:32.391559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:22:48.394815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:23:20.401097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:29:24.407226 3.001366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 10:29:31.414564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:29:39.415608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:29:55.418875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:30:27.509022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:34:17.647268 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 10:34:17.647489 0.536952 tcp 10.0.2.109 59525 -> 5.178.194.36 4983 FSPA* 0 0 14 1697 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:34:50.232941 0.042529 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:34:50.275878 0.000000 udp 10.0.2.109 3683 -> 76.68.247.124 5215 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 10:35:06.026886 0.075128 tcp 10.0.2.109 59526 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:35:06.102465 0.048148 tcp 10.0.2.109 59527 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:35:06.150876 0.162936 tcp 10.0.2.109 59528 -> 195.113.214.249 443 SRPA* 0 0 38 31800 flow=From-Botnet-V1-TCP-Established 1970/02/13 10:35:06.314566 0.404637 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:06.719612 0.053797 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:06.773805 0.194123 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:06.968300 0.062544 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:07.031247 0.162443 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:07.194239 0.074138 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:07.268724 0.063205 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:07.332320 0.226691 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:07.559468 0.164978 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:07.724872 0.142758 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:07.868003 0.167128 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:08.035544 0.145088 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:08.181054 0.052861 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:08.234344 0.137827 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:08.372542 0.143564 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:08.516533 0.361926 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:08.878844 0.295855 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:09.175178 0.330977 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:09.506551 0.085384 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:09.592342 0.074796 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:09.667487 0.336116 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:10.004003 0.149418 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:10.153803 0.123159 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:10.277363 0.132193 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:10.409959 0.178060 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:35:10.588387 0.480886 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/13 10:36:31.440650 3.002091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 10:36:38.448565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:36:46.449486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:37:02.454983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:37:34.463212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:43:38.464162 3.002332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 10:43:45.472678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:43:53.473600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:44:09.476446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:44:41.494421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:50:45.488765 3.001440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 10:50:52.496118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:51:00.497712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:51:16.500609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:51:48.506711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:57:52.513414 3.001130 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 10:57:59.519900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:58:07.521441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:58:23.524747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 10:58:55.530576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:04:18.185322 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 11:04:18.185464 0.527186 tcp 10.0.2.109 59529 -> 5.178.194.36 4983 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/02/13 11:05:19.603184 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 11:05:19.603404 0.042976 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:19.646804 0.193240 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:19.840395 0.060275 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:19.901084 0.390944 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:20.292418 0.054100 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:20.346879 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 11:05:23.541446 3.025423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 11:05:30.562011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:05:38.560062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:05:39.317964 0.060620 tcp 10.0.2.109 59530 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 11:05:39.378882 0.046525 tcp 10.0.2.109 59531 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 11:05:39.425716 0.332135 tcp 10.0.2.109 59532 -> 195.113.214.249 443 SRPA* 0 0 74 78482 flow=From-Botnet-V1-TCP-Established 1970/02/13 11:05:39.758675 0.078810 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:39.837963 0.062045 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:39.900426 0.218482 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:40.119300 0.164769 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:40.284454 0.145345 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:40.430211 0.166308 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:40.596909 0.159556 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:40.756924 0.054421 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:40.811796 0.138997 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:40.951251 0.146817 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:41.098538 0.353359 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:41.452358 0.090303 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:41.543057 0.074628 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:41.618095 0.329717 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:41.948215 0.268265 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:42.216901 0.331820 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:42.549098 0.151142 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:42.700651 0.126909 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:42.827922 0.130265 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:42.958584 0.182071 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:43.141012 0.483309 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:05:54.562780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:06:26.569224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:12:35.581786 3.001988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 11:12:42.589582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:12:50.591252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:13:06.594261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:13:38.600275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:19:42.605984 3.002018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 11:19:49.615063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:19:57.614997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:20:13.618150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:20:45.624189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:26:49.630863 3.001000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 11:26:56.637501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:27:04.642619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:27:20.641940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:27:52.648442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:33:56.655042 3.000699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 11:34:03.661696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:34:11.662490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:34:18.713741 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 11:34:18.713887 0.437332 tcp 10.0.2.109 59533 -> 5.178.194.36 4983 FSPA* 0 0 14 1653 flow=From-Botnet-V1-TCP-Established 1970/02/13 11:34:27.665463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:34:59.672788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:36:03.553857 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 11:36:03.554035 0.166978 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:03.721409 0.043578 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:03.765386 0.403140 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:04.168896 0.062144 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:04.231434 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 11:36:21.171475 0.070189 tcp 10.0.2.109 59534 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 11:36:21.242031 0.046227 tcp 10.0.2.109 59535 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 11:36:21.288593 0.158088 tcp 10.0.2.109 59536 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/13 11:36:21.447329 0.062578 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:21.510534 0.222771 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:21.733728 0.164734 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:21.898857 0.077359 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:21.976643 0.075716 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:22.052808 0.143473 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:22.196689 0.167177 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:22.364253 0.150559 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:22.515261 0.053829 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:22.569499 0.145942 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:22.715858 0.143413 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:22.859687 0.068518 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:22.928631 0.362202 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:23.291291 0.358927 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:23.650635 0.073919 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:23.724930 0.267028 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:23.992408 0.331195 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:24.324087 0.148592 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:24.473129 0.130861 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:24.604426 0.476537 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:25.081416 0.130624 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:36:25.212507 0.178961 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/13 11:41:03.678812 3.078422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 11:41:10.738323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:41:18.707045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:41:34.710453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:42:06.715577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:48:10.723347 3.000555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 11:48:17.729831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:48:25.731188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:48:41.733645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:49:13.740639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:55:45.746437 3.001239 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 11:55:52.753824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:56:00.754965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:56:16.758409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 11:56:48.764658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:02:52.770488 3.001577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 12:02:59.777641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:03:07.779284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:03:23.782465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:03:55.788144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:04:19.152087 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 12:04:19.152298 0.643076 tcp 10.0.2.109 59537 -> 5.178.194.36 4983 FSPA* 0 0 14 1509 flow=From-Botnet-V1-TCP-Established 1970/02/13 12:06:38.472328 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 12:06:38.472493 0.193291 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:38.666208 0.167421 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:38.833987 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 12:06:57.251103 0.095823 tcp 10.0.2.109 59538 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 12:06:57.347198 0.066511 tcp 10.0.2.109 59539 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 12:06:57.414223 0.156884 tcp 10.0.2.109 59540 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/13 12:06:57.571615 0.394871 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:57.966859 0.085544 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:58.052809 0.065819 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:58.118997 0.223926 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:58.343360 0.165119 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:58.508970 0.074768 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:58.584093 0.067149 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:58.651707 0.141793 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:58.793903 0.166676 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:58.960992 0.152153 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:59.113532 0.052893 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:59.420179 0.136478 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:59.557099 0.146020 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:59.703512 0.074558 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:59.778546 0.070216 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:06:59.849165 0.266485 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:07:00.116088 0.327918 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:07:00.444449 0.358564 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:07:00.803422 0.327209 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:07:01.131101 0.149164 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:07:01.280641 0.125394 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:07:01.406478 0.181413 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:07:01.588246 0.582246 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:07:02.170878 0.132352 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:09:59.793881 3.001696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 12:10:06.801891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:10:14.803142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:10:30.806084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:11:02.812412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:17:06.818570 3.000901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 12:17:13.825734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:17:21.827123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:17:37.830536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:18:09.836029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:24:13.841667 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 12:24:20.849490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:24:28.851145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:24:44.854394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:25:16.860137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:31:20.866063 3.001780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 12:31:27.873063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:31:35.880335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:31:51.883326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:32:23.884100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:34:19.801340 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 12:34:19.801451 0.403950 tcp 10.0.2.109 59541 -> 5.178.194.36 4983 FSPA* 0 0 15 1601 flow=From-Botnet-V1-TCP-Established 1970/02/13 12:37:02.935690 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 12:37:02.935846 0.042519 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:02.978842 0.194852 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:03.174307 0.165978 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:03.340898 0.066632 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:03.407892 0.217889 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:03.626249 0.164136 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:03.790853 0.402522 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:04.193804 0.073066 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:04.267255 0.000000 udp 10.0.2.109 3683 -> 217.35.89.25 3889 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 12:37:22.595341 0.068982 tcp 10.0.2.109 59542 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 12:37:22.664620 0.062229 tcp 10.0.2.109 59543 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 12:37:22.727149 0.166317 tcp 10.0.2.109 59544 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 12:37:22.919839 0.059950 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:22.980171 0.141899 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:23.122479 0.167530 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:23.290477 0.141853 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:23.432716 0.055979 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:23.489144 0.144713 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:23.634380 0.078944 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:23.713734 0.265560 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:23.979689 0.328257 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:24.308341 0.145229 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:24.453989 0.074783 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:24.529178 0.366219 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:24.895799 0.320051 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:25.216282 0.151798 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:25.368473 0.125907 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:25.494764 0.179233 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:25.674488 0.469549 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:37:26.144435 0.130197 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/13 12:38:27.889515 3.002121 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 12:38:34.897689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:38:42.899091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:38:58.901935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:39:30.908503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:45:34.914674 3.000635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 12:45:41.921207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:45:49.923057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:46:05.925850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:46:37.931870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:54:27.940120 3.002094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 12:54:34.947974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:54:42.949377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:54:58.952514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 12:55:30.958540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:01:55.974403 3.001879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 13:02:02.982789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:02:10.987753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:02:26.986647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:02:58.992212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:04:20.209689 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 13:04:20.209791 0.658736 tcp 10.0.2.109 59545 -> 5.178.194.36 4983 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:07:32.125647 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 13:07:32.125813 0.000000 udp 10.0.2.109 3683 -> 217.35.89.25 3889 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 13:07:48.650533 0.065127 tcp 10.0.2.109 59546 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:07:48.715886 0.061506 tcp 10.0.2.109 59547 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:07:48.777672 0.163014 tcp 10.0.2.109 59548 -> 195.113.214.249 443 SRPA* 0 0 43 37060 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:07:48.941359 0.041858 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:48.983622 0.215132 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:49.199109 0.208463 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:49.407963 0.165197 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:49.573558 0.167939 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:49.741871 0.194021 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:49.936263 0.062911 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:49.999684 0.402997 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:50.403052 0.073624 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:50.477085 0.143731 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:50.621202 0.254664 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:50.876251 0.152256 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:51.028909 0.053575 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:51.082884 0.137392 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:51.220665 0.074459 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:51.295556 0.255991 udp 10.0.2.109 3683 <-> 189.48.197.211 9356 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:51.551894 0.074507 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:51.626791 0.356670 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:51.983923 0.394299 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:52.378602 0.143867 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:52.522932 0.331804 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:52.855135 0.315578 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:53.171138 0.128227 rtcp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:53.299791 0.181710 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:53.481878 0.454705 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:07:54.015466 0.130924 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:09:10.001243 2.998942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 13:09:17.006396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:09:25.007718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:09:41.011328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:10:13.026732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:16:21.037765 3.002170 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 13:16:28.060369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:16:36.057286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:16:52.060101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:17:24.066559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:23:28.072310 3.001724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 13:23:35.079862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:23:43.081388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:23:59.084515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:24:31.090583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:30:35.096473 3.001481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 13:30:42.106701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:30:50.105354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:31:06.108392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:31:38.114596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:34:20.869397 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 13:34:20.869529 0.582097 tcp 10.0.2.109 59549 -> 5.178.194.36 4983 FSPA* 0 0 14 1725 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:37:42.120137 3.162227 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 13:37:49.249401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:37:57.183723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:38:01.525765 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 13:38:01.525967 0.218174 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:01.744532 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 13:38:13.142550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:38:19.363124 0.061274 tcp 10.0.2.109 59550 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:38:19.424659 0.060489 tcp 10.0.2.109 59551 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:38:19.485461 0.151513 tcp 10.0.2.109 59552 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:38:19.637562 0.067332 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:19.705281 0.164814 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:19.870481 0.167129 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:20.037956 0.223415 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:20.261722 0.059138 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:20.321253 0.401277 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:20.722884 0.078690 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:20.801999 0.143050 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:20.945444 0.167680 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:21.113517 0.145728 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:21.259646 0.053957 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:21.313970 0.139739 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:21.454131 0.075284 udp 10.0.2.109 3683 <-> 94.67.241.188 2179 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:21.529799 0.000000 udp 10.0.2.109 3683 -> 189.48.197.211 9356 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 13:38:38.910323 0.064331 tcp 10.0.2.109 59553 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:38:38.974917 0.064265 tcp 10.0.2.109 59554 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:38:39.039576 0.151263 tcp 10.0.2.109 59555 -> 195.113.214.249 443 SRPA* 0 0 23 14000 flow=From-Botnet-V1-TCP-Established 1970/02/13 13:38:39.191345 0.084895 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:39.276634 0.364751 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:39.641789 0.327181 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:39.969356 0.376055 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:40.345820 0.130754 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:40.476980 0.181278 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:40.658669 0.144234 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:40.803341 0.317180 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:41.120905 0.470526 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:41.591810 0.131054 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 13:38:45.148427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:44:49.155361 3.000639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 13:44:56.168822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:45:04.163247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:45:20.166004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:45:52.178171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:54:07.186351 3.002107 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 13:54:14.193969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:54:22.195751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:54:38.198682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 13:55:10.204722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:01:15.212212 3.001507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 14:01:22.221000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:01:30.220818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:01:46.223588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:02:18.230038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:04:21.449875 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:04:21.450021 0.445470 tcp 10.0.2.109 59556 -> 5.178.194.36 4983 FSPA* 0 0 14 1503 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:08:37.237533 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 14:08:44.246809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:08:52.246814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:09:02.070694 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:09:02.070847 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:09:08.249377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:09:17.184117 0.060546 tcp 10.0.2.109 59557 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:09:17.244959 0.062503 tcp 10.0.2.109 59558 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:09:17.307753 0.150801 tcp 10.0.2.109 59559 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:09:17.459212 0.000000 udp 10.0.2.109 3683 -> 189.48.197.211 9356 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:09:36.260276 0.062095 tcp 10.0.2.109 59560 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:09:36.322761 0.061602 tcp 10.0.2.109 59561 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:09:36.384728 0.154637 tcp 10.0.2.109 59562 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:09:36.539922 0.208636 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:36.748957 0.165659 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:36.914999 0.064695 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:36.980114 0.163736 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:37.144255 0.060362 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:37.205092 0.192834 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:37.398420 0.143923 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:37.542742 0.066727 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:37.609912 0.392835 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:38.003166 0.049061 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:38.052606 0.144198 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:38.197154 0.000000 udp 10.0.2.109 3683 -> 94.67.241.188 2179 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:09:40.255421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:09:53.515508 0.060995 tcp 10.0.2.109 59563 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:09:53.576805 0.138755 tcp 10.0.2.109 59564 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:09:53.715435 0.156975 tcp 10.0.2.109 59565 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:09:53.872997 0.151253 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:54.024661 0.166360 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:54.191416 0.325370 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:54.517198 0.071478 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:54.589088 0.353592 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:54.943024 0.150545 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:55.093952 0.122403 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:55.216765 0.179687 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:55.396965 0.144515 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:55.541831 0.132497 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:55.674710 0.329201 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:56.004285 0.717550 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:09:57.484396 0.000000 udp 10.0.2.109 3683 -> 94.67.241.188 2179 REQ 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:10:03.959913 0.161623 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 709 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:04.121961 0.052342 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:04.174799 0.167065 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 672 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:04.406701 0.048292 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 681 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:04.455437 0.207707 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 735 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:04.663569 0.071459 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 813 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:04.797539 0.395296 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 855 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:05.193285 0.042945 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 815 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:05.236701 0.145608 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 680 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:05.382839 0.144190 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 825 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:05.527502 0.197081 udp 10.0.2.109 3683 <-> 184.5.104.112 2327 CON 0 0 2 696 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:05.724988 0.163414 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 751 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:05.888827 0.162656 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:06.052058 0.325075 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:06.377679 0.071517 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 675 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:06.449839 0.150340 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 723 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:06.600632 0.123574 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 848 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:06.724682 0.178863 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 850 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:06.903953 0.147347 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 858 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:07.051759 0.133170 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 762 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:07.185341 0.353152 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 710 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:07.539047 0.524515 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 689 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:08.064059 0.314993 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 814 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:08.379767 0.000000 udp 10.0.2.109 3683 -> 95.137.160.148 1033 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:10:15.777176 0.000000 udp 10.0.2.109 3683 -> 202.55.182.114 9686 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:10:23.978723 0.000000 udp 10.0.2.109 3683 -> 50.127.15.141 1596 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:10:32.951257 0.046835 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 2 843 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:10:33.723941 0.000000 udp 10.0.2.109 3683 -> 118.36.207.40 6776 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:10:37.868430 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:10:40.847262 0.000000 udp 10.0.2.109 3683 -> 200.106.3.151 1055 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:10:46.501057 0.000000 udp 10.0.2.109 3683 -> 223.219.45.36 9143 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:10:55.173348 0.000000 udp 10.0.2.109 3683 -> 46.218.179.146 1594 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:11:03.795282 0.000000 udp 10.0.2.109 3683 -> 173.247.172.2 7972 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:11:11.267024 0.000000 udp 10.0.2.109 3683 -> 82.2.135.11 9872 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:11:19.348306 0.000000 udp 10.0.2.109 3683 -> 105.228.54.83 7002 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:11:23.874350 0.024783 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:11:28.150869 0.000000 udp 10.0.2.109 3683 -> 173.227.32.66 2726 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:11:36.081982 0.000000 udp 10.0.2.109 3683 -> 79.50.162.100 4386 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:11:41.280579 0.000000 udp 10.0.2.109 3683 -> 81.111.119.137 4043 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:11:47.588717 0.000000 udp 10.0.2.109 3683 -> 199.189.242.40 3540 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:11:56.045302 0.000000 udp 10.0.2.109 3683 -> 103.17.74.58 3192 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:04.222624 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:08.869056 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:12:09.440006 0.000000 udp 10.0.2.109 3683 -> 173.220.58.250 2489 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:14.657872 0.000000 udp 10.0.2.109 3683 -> 41.133.242.187 1000 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:19.799202 0.000000 udp 10.0.2.109 3683 -> 66.178.22.134 4803 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:26.253989 0.000000 udp 10.0.2.109 3683 -> 86.163.54.47 1799 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:32.243191 0.000000 udp 10.0.2.109 3683 -> 90.213.111.43 3532 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:37.410563 0.000000 udp 10.0.2.109 3683 -> 81.159.96.134 6394 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:44.373815 0.000000 udp 10.0.2.109 3683 -> 58.96.66.15 1522 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:52.371934 0.000000 udp 10.0.2.109 3683 -> 98.228.154.5 6748 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:12:57.369061 0.187750 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:12:59.947982 0.000000 udp 10.0.2.109 3683 -> 62.0.111.82 5522 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:13:08.536820 0.000000 udp 10.0.2.109 3683 -> 66.49.127.38 7089 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:13:14.447994 0.000000 udp 10.0.2.109 3683 -> 86.171.245.80 4140 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:13:21.854376 0.000000 udp 10.0.2.109 3683 -> 207.106.52.99 8533 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:13:29.815843 0.050867 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 817 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:13:30.348480 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9117 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:13:38.479988 0.000000 udp 10.0.2.109 3683 -> 84.133.82.145 8342 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:13:43.375096 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:13:46.389561 0.000000 udp 10.0.2.109 3683 -> 184.70.190.202 6027 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:13:53.651509 0.000000 udp 10.0.2.109 3683 -> 117.241.1.7 6345 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:14:02.112201 0.000000 udp 10.0.2.109 3683 -> 91.39.103.38 9714 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:14:09.913249 0.000000 udp 10.0.2.109 3683 -> 89.182.30.187 3565 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:14:17.424283 0.000000 udp 10.0.2.109 3683 -> 151.84.80.40 6801 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:14:23.442757 0.000000 udp 10.0.2.109 3683 -> 125.168.147.152 7456 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:14:28.369789 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:14:29.411327 0.000000 udp 10.0.2.109 3683 -> 76.119.214.123 8441 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:14:34.438598 0.000000 udp 10.0.2.109 3683 -> 72.194.120.118 7564 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:14:43.011181 0.000000 udp 10.0.2.109 3683 -> 69.119.25.96 8047 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:14:49.780822 0.000000 udp 10.0.2.109 3683 -> 173.60.22.14 3202 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:14:57.621766 0.000000 udp 10.0.2.109 3683 -> 38.125.92.51 9249 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:02.649052 0.000000 udp 10.0.2.109 3683 -> 92.44.131.148 1066 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:08.547276 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:13.374582 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:15:13.725151 0.000000 udp 10.0.2.109 3683 -> 37.19.101.84 9226 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:18.837658 0.000000 udp 10.0.2.109 3683 -> 108.233.100.90 3791 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:27.234679 0.000000 udp 10.0.2.109 3683 -> 24.244.158.46 7863 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:33.475022 0.000000 udp 10.0.2.109 3683 -> 198.49.81.62 5127 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:41.316059 0.000000 udp 10.0.2.109 3683 -> 212.54.184.25 3664 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:44.261633 3.028432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 14:15:49.391644 0.000000 udp 10.0.2.109 3683 -> 173.210.170.60 3227 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:51.278860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:15:54.824229 0.000000 udp 10.0.2.109 3683 -> 31.185.128.254 3676 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:15:59.280645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:15:59.370639 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:16:01.283392 0.000000 udp 10.0.2.109 3683 -> 80.180.68.248 1024 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:16:07.442688 0.000000 udp 10.0.2.109 3683 -> 46.197.156.113 2708 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:16:14.094549 0.000000 udp 10.0.2.109 3683 -> 162.193.137.228 4392 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:16:15.346292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:16:20.279888 0.339946 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 2 737 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:16:20.913094 0.000000 udp 10.0.2.109 3683 -> 70.183.196.169 1107 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:16:27.150867 0.000000 udp 10.0.2.109 3683 -> 2.89.244.190 7324 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:16:33.039347 0.000000 udp 10.0.2.109 3683 -> 76.31.200.32 3930 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:16:40.513943 0.000000 udp 10.0.2.109 3683 -> 72.248.241.26 4951 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:16:45.366863 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:16:47.289410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:16:48.391286 0.000000 udp 10.0.2.109 3683 -> 173.178.5.157 8704 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:16:56.392911 0.000000 udp 10.0.2.109 3683 -> 203.14.171.170 7986 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:17:03.352787 0.254906 udp 10.0.2.109 3683 <-> 189.234.158.192 1051 CON 0 0 2 728 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:17:03.867869 0.000000 udp 10.0.2.109 3683 -> 98.121.93.112 3875 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:17:11.395903 0.024000 udp 10.0.2.109 3683 <-> 87.246.251.13 8842 CON 0 0 2 757 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:17:11.701802 0.000000 udp 10.0.2.109 3683 -> 198.57.13.68 7739 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:17:17.002746 0.000000 udp 10.0.2.109 3683 -> 186.95.1.211 5252 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:17:23.581965 0.079457 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 2 687 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:17:24.509131 0.000000 udp 10.0.2.109 3683 -> 78.240.113.190 7230 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:17:30.614847 0.099743 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:17:30.919055 0.000000 udp 10.0.2.109 3683 -> 88.246.219.12 1533 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:17:35.368995 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:17:39.224226 0.000000 udp 10.0.2.109 3683 -> 151.67.28.192 2505 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:17:45.913760 0.000000 udp 10.0.2.109 3683 -> 186.104.162.183 8811 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:17:51.633410 0.000000 udp 10.0.2.109 3683 -> 70.25.251.20 4983 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:17:57.340440 0.000000 udp 10.0.2.109 3683 -> 187.188.82.13 2296 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:18:02.768801 0.129577 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 803 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:18:02.997364 0.000000 udp 10.0.2.109 3683 -> 99.66.184.55 9464 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:18:11.800947 0.000000 udp 10.0.2.109 3683 -> 95.104.0.6 5934 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:18:17.409032 0.522062 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 690 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:18:18.140160 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:18:22.470471 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:18:24.475988 0.049044 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 2 743 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:18:24.867332 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:18:30.466705 0.000000 udp 10.0.2.109 3683 -> 95.145.68.215 2929 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:18:38.449477 0.000000 udp 10.0.2.109 3683 -> 95.70.171.78 3827 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:18:47.041933 0.843241 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 726 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:18:48.018744 0.000000 udp 10.0.2.109 3683 -> 74.215.223.252 9856 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:18:56.886244 0.298027 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 813 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:18:57.480559 0.072364 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 668 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:18:57.642274 0.000000 udp 10.0.2.109 3683 -> 187.174.119.158 4826 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:19:05.518479 0.346102 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 826 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:19:06.066810 0.000000 udp 10.0.2.109 3683 -> 71.46.85.141 1635 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:19:10.375431 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:19:14.431613 0.000000 udp 10.0.2.109 3683 -> 94.68.234.105 2306 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:19:22.054923 0.209014 udp 10.0.2.109 3683 <-> 190.68.209.43 4352 CON 0 0 2 752 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:19:22.492425 0.000000 udp 10.0.2.109 3683 -> 95.239.42.181 3130 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:19:28.731371 0.000000 udp 10.0.2.109 3683 -> 82.189.216.74 5286 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:19:36.993510 0.000000 udp 10.0.2.109 3683 -> 209.91.231.124 3548 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:19:44.815205 0.000000 udp 10.0.2.109 3683 -> 195.24.211.146 5807 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:19:50.543028 0.000000 udp 10.0.2.109 3683 -> 92.232.219.88 1712 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:19:55.369968 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:19:56.030918 0.322343 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 772 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:19:56.456549 0.000000 udp 10.0.2.109 3683 -> 75.130.82.58 1861 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:20:05.294691 0.453572 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:20:05.873367 0.000000 udp 10.0.2.109 3683 -> 220.255.24.224 5868 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:20:12.494864 0.062166 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 802 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:20:12.788488 0.000000 udp 10.0.2.109 3683 -> 62.31.22.246 2357 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:20:21.227374 0.000000 udp 10.0.2.109 3683 -> 220.244.128.118 8897 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:20:29.759394 0.000000 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:20:38.604856 0.000000 udp 10.0.2.109 3683 -> 173.244.130.10 8640 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:20:43.368961 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:20:44.730952 0.000000 udp 10.0.2.109 3683 -> 67.52.165.46 5904 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:20:51.511103 0.000000 udp 10.0.2.109 3683 -> 202.191.167.35 3907 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:20:59.662407 0.000000 udp 10.0.2.109 3683 -> 62.204.171.175 8944 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:21:07.033052 0.000000 udp 10.0.2.109 3683 -> 67.136.102.211 3182 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:21:15.185050 0.000000 udp 10.0.2.109 3683 -> 69.20.166.34 1452 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:21:20.372115 0.000000 udp 10.0.2.109 3683 -> 166.127.131.236 7468 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:21:29.304987 0.000000 udp 10.0.2.109 3683 -> 82.147.66.13 3871 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:21:33.871431 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:21:36.665502 0.000000 udp 10.0.2.109 3683 -> 216.73.224.248 7429 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:21:44.807465 0.000000 udp 10.0.2.109 3683 -> 64.150.216.11 4034 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:21:50.285353 0.000000 udp 10.0.2.109 3683 -> 89.76.100.152 3136 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:21:55.373346 0.000000 udp 10.0.2.109 3683 -> 92.119.19.131 9236 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:22:03.614693 0.461444 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 787 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:22:04.322415 0.000000 udp 10.0.2.109 3683 -> 63.252.97.130 9018 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:22:09.804997 0.000000 udp 10.0.2.109 3683 -> 83.248.120.197 2772 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:22:18.628641 0.000000 udp 10.0.2.109 3683 -> 199.127.54.236 9425 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:22:23.372630 0.410760 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:22:27.897495 0.146028 udp 10.0.2.109 3683 <-> 76.64.92.16 2920 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:22:28.668653 0.000000 udp 10.0.2.109 3683 -> 77.102.25.252 1467 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:22:37.372501 0.000000 udp 10.0.2.109 3683 -> 69.198.12.61 8235 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:22:44.067335 0.000000 udp 10.0.2.109 3683 -> 177.23.248.70 6798 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:22:51.443606 3.038852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 14:22:58.454866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:23:06.386919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:23:22.317607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:23:54.323491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:29:58.329597 3.218207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 14:30:05.510751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:30:13.439513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:30:29.351509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:31:01.476444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:34:21.909546 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:34:21.909726 0.530799 tcp 10.0.2.109 59566 -> 5.178.194.36 4983 FSPA* 0 0 14 1635 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:37:05.374215 3.000803 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 14:37:12.380901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:37:20.382645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:37:36.385321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:38:08.391468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:44:12.397241 3.002572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 14:44:19.407031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:44:27.408639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:44:43.409392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:45:15.415323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:53:14.604871 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 14:53:14.604961 0.072482 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:14.677863 0.390321 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:15.068668 0.050500 rtcp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:15.119547 0.168901 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:15.288840 0.063387 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:15.352629 0.165762 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:15.518816 0.055478 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:15.574736 0.217060 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:15.792182 0.138258 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:15.930900 0.146727 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:16.078063 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:53:31.691014 0.116482 tcp 10.0.2.109 59567 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:53:31.807785 0.060819 tcp 10.0.2.109 59568 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:53:31.868893 0.155855 tcp 10.0.2.109 59569 -> 195.113.214.249 443 SRPA* 0 0 35 17802 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:53:32.025537 0.149253 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:32.175165 0.165661 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:32.341245 0.322511 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:32.664163 0.074461 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:32.739015 0.164202 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:32.903637 0.139935 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:33.043973 0.177917 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:33.222425 0.145722 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:33.368556 0.145729 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:33.514897 0.358392 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:33.873680 0.620299 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:34.494587 0.315360 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:34.810367 0.040672 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:34.851427 0.048768 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:34.900592 0.320262 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:35.221315 0.235442 udp 10.0.2.109 3683 <-> 189.234.158.192 1051 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:35.457144 0.023556 udp 10.0.2.109 3683 <-> 87.246.251.13 8842 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:35.481096 0.065996 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:35.547545 0.097451 udp 10.0.2.109 3683 <-> 31.192.7.9 9335 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:35.645439 0.146406 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:35.792268 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:53:39.423158 3.001509 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 14:53:46.430138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:53:52.539585 0.060012 tcp 10.0.2.109 59570 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:53:52.599873 0.068023 tcp 10.0.2.109 59571 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:53:52.668179 0.155712 tcp 10.0.2.109 59572 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:53:52.824456 0.050673 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:52.875525 0.087781 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:52.963769 0.298233 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:53.262531 0.067519 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:53.330450 0.268066 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:53:53.598913 0.000000 udp 10.0.2.109 3683 -> 190.68.209.43 4352 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:53:54.431577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:54:10.425475 0.061134 tcp 10.0.2.109 59573 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:54:10.434789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:54:10.486866 0.063217 tcp 10.0.2.109 59574 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:54:10.549999 0.155325 tcp 10.0.2.109 59575 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:54:10.705906 0.332446 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:54:11.038799 1.025703 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:54:12.064908 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:54:28.022719 0.061193 tcp 10.0.2.109 59576 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:54:28.084289 0.061617 tcp 10.0.2.109 59577 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:54:28.146394 0.158505 tcp 10.0.2.109 59578 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:54:28.305407 0.079689 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/13 14:54:28.385535 0.000000 udp 10.0.2.109 3683 -> 76.64.92.16 2920 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 14:54:42.440747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 14:54:46.857801 0.064701 tcp 10.0.2.109 59579 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:54:46.922731 0.064349 tcp 10.0.2.109 59580 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 14:54:46.987485 0.151747 tcp 10.0.2.109 59581 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:00:46.447012 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 15:00:53.457397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:01:01.456424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:01:17.458825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:01:49.464667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:04:22.425145 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:04:22.425320 2.993684 tcp 10.0.2.109 59582 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:04:32.034222 0.000000 tcp 10.0.2.109 59582 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:04:37.963164 0.060038 tcp 10.0.2.109 59583 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:04:38.023539 0.061768 tcp 10.0.2.109 59584 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:04:38.085572 0.149197 tcp 10.0.2.109 59585 -> 195.113.214.249 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:04:38.758811 2.965287 tcp 10.0.2.109 59586 -> 176.73.128.116 4768 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:04:47.649488 0.000000 tcp 10.0.2.109 59586 -> 176.73.128.116 4768 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:04:53.573213 0.100319 tcp 10.0.2.109 59587 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:04:53.673385 0.061361 tcp 10.0.2.109 59588 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:04:53.735036 0.152634 tcp 10.0.2.109 59589 -> 195.113.214.249 443 SRPA* 0 0 48 39660 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:04:54.246569 2.967220 tcp 10.0.2.109 59590 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:05:03.140235 0.000000 tcp 10.0.2.109 59590 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:05:09.305165 0.001640 tcp 10.0.2.109 59591 -> 195.113.214.234 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:05:15.309025 0.000359 tcp 10.0.2.109 59591 -> 195.113.214.234 80 RA_F* 0 0 4 1361 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:05:15.357786 2.969225 tcp 10.0.2.109 59592 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:05:24.251287 0.000000 tcp 10.0.2.109 59592 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:05:30.178785 0.059880 tcp 10.0.2.109 59593 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:05:30.238496 0.061258 tcp 10.0.2.109 59594 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:05:30.300057 0.149844 tcp 10.0.2.109 59595 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:05:31.062857 3.179806 tcp 10.0.2.109 59596 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:05:40.178867 0.000000 tcp 10.0.2.109 59596 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:05:46.103016 2.954905 tcp 10.0.2.109 59597 -> 176.73.128.116 4768 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:05:54.989095 0.000000 tcp 10.0.2.109 59597 -> 176.73.128.116 4768 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:06:00.946849 2.993194 tcp 10.0.2.109 59598 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:06:09.939095 0.000000 tcp 10.0.2.109 59598 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:06:14.866088 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:06:15.947786 3.004026 tcp 10.0.2.109 59599 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:06:24.950704 0.000000 tcp 10.0.2.109 59599 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:08:00.480628 3.002017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 15:08:07.488346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:08:15.489770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:08:31.492687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:09:04.427691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:11:30.950917 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:11:30.951021 3.003844 tcp 10.0.2.109 59600 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:11:39.953292 0.000000 tcp 10.0.2.109 59600 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:11:45.953534 0.060817 tcp 10.0.2.109 59601 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:11:46.014639 0.060211 tcp 10.0.2.109 59602 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:11:46.075207 0.150657 tcp 10.0.2.109 59603 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:11:46.335029 3.001859 tcp 10.0.2.109 59604 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:11:55.335710 0.000000 tcp 10.0.2.109 59604 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:12:01.336382 0.301868 tcp 10.0.2.109 59605 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:12:01.638222 0.061395 tcp 10.0.2.109 59606 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:12:01.699904 0.157584 tcp 10.0.2.109 59607 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:12:02.215675 2.969015 tcp 10.0.2.109 59608 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:12:11.126229 0.000000 tcp 10.0.2.109 59608 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:12:17.065807 0.063392 tcp 10.0.2.109 59609 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:12:17.129489 0.061745 tcp 10.0.2.109 59610 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:12:17.191571 0.149051 tcp 10.0.2.109 59611 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:12:17.743004 2.975820 tcp 10.0.2.109 59612 -> 176.73.128.116 4768 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:12:26.670615 0.000000 tcp 10.0.2.109 59612 -> 176.73.128.116 4768 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:12:32.670412 0.060503 tcp 10.0.2.109 59613 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:12:32.731207 0.063977 tcp 10.0.2.109 59614 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:12:32.795484 0.149003 tcp 10.0.2.109 59615 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:12:33.720570 3.007277 tcp 10.0.2.109 59616 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:12:42.728016 0.000000 tcp 10.0.2.109 59616 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:12:48.722827 3.003447 tcp 10.0.2.109 59617 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:12:57.725404 0.000000 tcp 10.0.2.109 59617 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:13:03.724025 2.994865 tcp 10.0.2.109 59618 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:13:12.727567 0.000000 tcp 10.0.2.109 59618 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:13:17.376754 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:13:18.725755 2.994096 tcp 10.0.2.109 59619 -> 176.73.128.116 4768 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:13:27.720416 0.000000 tcp 10.0.2.109 59619 -> 176.73.128.116 4768 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:15:07.515172 3.001586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 15:15:14.522480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:15:22.523700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:15:38.530138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:16:10.720963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:18:33.729370 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:18:33.729516 3.003398 tcp 10.0.2.109 59620 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:18:42.731036 0.000000 tcp 10.0.2.109 59620 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:18:48.731696 0.061533 tcp 10.0.2.109 59621 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:18:48.793092 0.062012 tcp 10.0.2.109 59622 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:18:48.855378 0.261569 tcp 10.0.2.109 59623 -> 195.113.214.249 443 SRPA* 0 0 72 78370 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:18:49.383242 3.002089 tcp 10.0.2.109 59624 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:18:58.383899 0.000000 tcp 10.0.2.109 59624 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:19:04.383465 0.060085 tcp 10.0.2.109 59625 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:19:04.443867 0.063374 tcp 10.0.2.109 59626 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:19:04.507526 0.149152 tcp 10.0.2.109 59627 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:19:04.717788 3.009664 tcp 10.0.2.109 59628 -> 176.73.128.116 4768 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:19:13.735519 0.000000 tcp 10.0.2.109 59628 -> 176.73.128.116 4768 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:19:19.715431 0.061100 tcp 10.0.2.109 59629 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:19:19.776784 0.061282 tcp 10.0.2.109 59630 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:19:19.838382 0.194764 tcp 10.0.2.109 59631 -> 195.113.214.249 443 SRPA* 0 0 41 21532 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:19:20.253774 2.995915 tcp 10.0.2.109 59632 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:19:29.247750 0.000000 tcp 10.0.2.109 59632 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:19:35.428454 2.969639 tcp 10.0.2.109 59633 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:19:44.338467 0.000000 tcp 10.0.2.109 59633 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:19:50.289099 2.977719 tcp 10.0.2.109 59634 -> 176.73.128.116 4768 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:19:59.251729 0.000000 tcp 10.0.2.109 59634 -> 176.73.128.116 4768 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:20:03.868343 1.284966 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:22:14.558669 3.003677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 15:22:21.565963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:22:29.567387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:22:45.570790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:23:17.576194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:24:55.698450 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:24:55.698544 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 15:25:05.252209 3.003449 tcp 10.0.2.109 59635 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:25:13.988709 0.061743 tcp 10.0.2.109 59636 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:14.050755 0.061564 tcp 10.0.2.109 59637 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:14.112666 0.155713 tcp 10.0.2.109 59638 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:14.256554 0.000000 tcp 10.0.2.109 59635 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:25:14.268965 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 15:25:20.253442 0.059112 tcp 10.0.2.109 59639 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:20.312873 0.063531 tcp 10.0.2.109 59640 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:20.376672 0.146985 tcp 10.0.2.109 59641 -> 195.113.214.249 443 SRPA* 0 0 38 21716 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:20.731830 2.996093 tcp 10.0.2.109 59642 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:25:29.736662 0.000000 tcp 10.0.2.109 59642 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:25:30.419299 0.058250 tcp 10.0.2.109 59643 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:30.477847 0.065475 tcp 10.0.2.109 59644 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:30.543729 0.149485 tcp 10.0.2.109 59645 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:30.693770 0.000000 udp 10.0.2.109 3683 -> 190.68.209.43 4352 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 15:25:48.994798 0.059333 tcp 10.0.2.109 59646 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:49.054450 0.060659 tcp 10.0.2.109 59647 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:49.115367 0.150190 tcp 10.0.2.109 59648 -> 195.113.214.249 443 SRPA* 0 0 41 34010 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:25:49.266505 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 15:26:06.129579 0.061138 tcp 10.0.2.109 59649 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:26:06.190489 0.061693 tcp 10.0.2.109 59650 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:26:06.252481 0.154299 tcp 10.0.2.109 59651 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:26:06.407547 0.000000 udp 10.0.2.109 3683 -> 76.64.92.16 2920 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 15:26:22.283222 0.061005 tcp 10.0.2.109 59652 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:26:22.344512 0.064731 tcp 10.0.2.109 59653 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:26:22.409574 0.161084 tcp 10.0.2.109 59654 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:26:22.568645 0.092675 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:22.636461 0.075987 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:22.909305 0.071513 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2535 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:23.162152 0.696785 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:23.840178 0.077730 rtp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:24.257520 0.167128 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:24.558964 0.169740 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:24.941315 0.230245 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:25.161761 0.147281 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:25.301182 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 15:26:43.107216 0.063423 tcp 10.0.2.109 59655 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:26:43.170990 0.061382 tcp 10.0.2.109 59656 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:26:43.232719 0.152695 tcp 10.0.2.109 59657 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:26:43.385976 0.195289 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:43.534396 0.171512 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:44.074573 0.085894 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:44.163065 0.339394 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:44.481885 0.158217 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:44.730996 0.157040 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:44.880177 0.156242 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:45.210023 0.169223 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:45.357389 0.192771 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:45.542758 0.358006 rtp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 7 2428 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:45.946436 0.316525 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:46.330922 0.052570 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:46.379656 0.053552 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:46.535532 0.687611 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:46.983773 0.267802 udp 10.0.2.109 3683 <-> 189.234.158.192 1051 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:47.440026 0.028400 udp 10.0.2.109 3683 <-> 87.246.251.13 8842 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:47.747628 0.112977 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:47.823090 0.228364 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:48.151126 0.154832 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2576 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:26:48.297809 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 15:27:03.525365 0.059584 tcp 10.0.2.109 59658 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:27:03.585262 0.061979 tcp 10.0.2.109 59659 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:27:03.647483 0.254638 tcp 10.0.2.109 59660 -> 195.113.214.249 443 SRPA* 0 0 72 78374 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:27:03.902817 0.066746 rtp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:27:04.198591 0.093668 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2612 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:27:04.270203 0.298762 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:27:04.603294 0.519970 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:27:05.086025 0.258527 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:27:05.754301 0.323353 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:27:06.394544 0.969664 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:27:07.361028 0.122917 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:29:21.582299 3.003230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 15:29:28.595530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:29:36.591523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:29:52.594118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:30:24.600353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:30:35.726971 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:30:35.727133 2.993666 tcp 10.0.2.109 59661 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:30:44.719432 0.000000 tcp 10.0.2.109 59661 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:30:50.729408 0.062265 tcp 10.0.2.109 59662 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:30:50.791959 0.061956 tcp 10.0.2.109 59663 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:30:50.854277 0.150714 tcp 10.0.2.109 59664 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:30:51.359124 3.004346 tcp 10.0.2.109 59665 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:31:00.363047 0.000000 tcp 10.0.2.109 59665 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:31:06.361599 0.060866 tcp 10.0.2.109 59666 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:31:06.422769 0.063598 tcp 10.0.2.109 59667 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:31:06.486675 0.148508 tcp 10.0.2.109 59668 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:31:06.971322 2.334469 tcp 10.0.2.109 59669 -> 77.50.112.98 27555 FSPA* 0 0 14 1546 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:31:08.699396 0.060250 tcp 10.0.2.109 59670 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:31:08.759884 0.060998 tcp 10.0.2.109 59671 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:31:08.821120 0.152920 tcp 10.0.2.109 59672 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:31:09.306297 2.992912 tcp 10.0.2.109 59673 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:31:18.307667 0.000000 tcp 10.0.2.109 59673 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:31:24.306864 2.994013 tcp 10.0.2.109 59674 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:31:33.299405 0.000000 tcp 10.0.2.109 59674 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:31:39.308091 1.616384 tcp 10.0.2.109 59675 -> 77.50.112.98 27555 FSPA* 0 0 14 1546 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:36:28.606377 3.825580 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 15:36:36.397939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:36:41.620989 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:36:41.621234 2.962557 tcp 10.0.2.109 59676 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:36:44.295901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:36:50.507683 0.000000 tcp 10.0.2.109 59676 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:36:56.432205 0.061719 tcp 10.0.2.109 59677 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:36:56.494265 0.060910 tcp 10.0.2.109 59678 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:36:56.555494 0.152227 tcp 10.0.2.109 59679 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:36:57.038321 2.948155 tcp 10.0.2.109 59680 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:37:00.094671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:37:05.920851 0.000000 tcp 10.0.2.109 59680 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:37:11.851897 0.063179 tcp 10.0.2.109 59681 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:37:11.915364 0.060829 tcp 10.0.2.109 59682 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:37:11.976474 0.151948 tcp 10.0.2.109 59683 -> 195.113.214.249 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:37:12.333988 2.489267 tcp 10.0.2.109 59684 -> 77.50.112.98 27555 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:37:14.050780 0.065581 tcp 10.0.2.109 59685 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:37:14.116747 0.060931 tcp 10.0.2.109 59686 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:37:14.178037 0.485450 tcp 10.0.2.109 59687 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:37:14.823570 2.963702 tcp 10.0.2.109 59688 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:37:23.716320 0.000000 tcp 10.0.2.109 59688 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:37:29.644631 2.964912 tcp 10.0.2.109 59689 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:37:31.726077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:37:38.537191 0.000000 tcp 10.0.2.109 59689 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:37:44.588649 1.740650 tcp 10.0.2.109 59690 -> 77.50.112.98 27555 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:42:46.301059 0.033118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:42:46.334305 2.987516 tcp 10.0.2.109 59691 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:42:55.309868 0.000000 tcp 10.0.2.109 59691 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:43:01.309969 0.062455 tcp 10.0.2.109 59692 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:01.372680 0.059503 tcp 10.0.2.109 59693 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:01.432483 0.149866 tcp 10.0.2.109 59694 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:01.775731 2.998908 tcp 10.0.2.109 59695 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:43:10.884259 0.000000 tcp 10.0.2.109 59695 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:43:16.839000 0.086928 tcp 10.0.2.109 59696 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:16.926451 0.061777 tcp 10.0.2.109 59697 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:16.988539 0.154805 tcp 10.0.2.109 59698 -> 195.113.214.249 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:17.292200 1.882841 tcp 10.0.2.109 59699 -> 77.50.112.98 27555 FSPA* 0 0 14 1553 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:18.737999 0.064143 tcp 10.0.2.109 59700 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:18.802433 0.062822 tcp 10.0.2.109 59701 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:18.865605 0.151443 tcp 10.0.2.109 59702 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:19.175367 2.974063 tcp 10.0.2.109 59703 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:43:28.133210 0.000000 tcp 10.0.2.109 59703 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:43:34.115816 2.994488 tcp 10.0.2.109 59704 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:43:35.650108 3.001974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 15:43:42.658025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:43:43.108641 0.000000 tcp 10.0.2.109 59704 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:43:49.117861 1.734820 tcp 10.0.2.109 59705 -> 77.50.112.98 27555 FSPA* 0 0 14 1553 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:43:50.659628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:44:06.662674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:44:38.668784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:48:50.851554 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:48:50.851662 3.004142 tcp 10.0.2.109 59706 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:48:59.854031 0.000000 tcp 10.0.2.109 59706 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:49:05.854640 0.063564 tcp 10.0.2.109 59707 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:05.918488 0.061909 tcp 10.0.2.109 59708 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:05.980762 0.154346 tcp 10.0.2.109 59709 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:06.417487 2.990136 tcp 10.0.2.109 59710 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:49:15.416431 0.000000 tcp 10.0.2.109 59710 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:49:21.416185 0.061088 tcp 10.0.2.109 59711 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:21.477554 0.065321 tcp 10.0.2.109 59712 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:21.543181 0.153158 tcp 10.0.2.109 59713 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:21.729783 1.921464 tcp 10.0.2.109 59714 -> 77.50.112.98 27555 FSPA* 0 0 14 1568 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:23.362845 0.060074 tcp 10.0.2.109 59715 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:23.423230 0.060943 tcp 10.0.2.109 59716 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:23.484461 0.155034 tcp 10.0.2.109 59717 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:49:23.651510 3.000939 tcp 10.0.2.109 59718 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:49:32.653032 0.000000 tcp 10.0.2.109 59718 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:49:38.649884 3.003628 tcp 10.0.2.109 59719 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:49:47.654024 0.000000 tcp 10.0.2.109 59719 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:49:53.651690 1.672097 tcp 10.0.2.109 59720 -> 77.50.112.98 27555 FSPA* 0 0 14 1568 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:50:42.674484 3.001798 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 15:50:49.681903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:50:57.683534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:51:13.686718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:51:45.696480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:57:29.047078 0.009523 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 15:57:29.056827 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 15:57:47.514743 0.067910 tcp 10.0.2.109 59721 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:57:47.582913 0.065504 tcp 10.0.2.109 59722 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:57:47.648702 0.155406 tcp 10.0.2.109 59723 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:57:47.804711 0.000000 udp 10.0.2.109 3683 -> 31.192.7.9 9335 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 15:57:49.699119 3.000733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 15:57:56.705981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:58:04.707563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:58:05.239276 0.062358 tcp 10.0.2.109 59724 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:58:05.301905 0.060924 tcp 10.0.2.109 59725 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:58:05.363116 0.150907 tcp 10.0.2.109 59726 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:58:05.514743 0.070539 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:05.565856 0.091652 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:05.631529 0.423724 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:06.036323 0.067290 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:06.084423 0.169381 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:06.284944 0.178944 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:06.501068 0.082502 rtp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:06.565006 0.236381 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:06.791450 0.147866 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:06.931879 0.209623 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:07.087228 0.174979 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:07.259438 0.172385 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:07.422527 0.075367 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:07.523908 0.381812 rtp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:07.886689 0.153655 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:08.039129 0.187440 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:08.218665 0.356891 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:08.576820 0.172418 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:08.725783 0.159605 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:08.873871 0.048153 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:08.933819 0.454537 rtp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:09.349453 0.316256 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:09.674933 0.051322 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:09.722257 0.486643 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:10.146919 0.263777 udp 10.0.2.109 3683 <-> 189.234.158.192 1051 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:10.336406 2.993281 tcp 10.0.2.109 59727 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:58:10.393280 0.027545 udp 10.0.2.109 3683 <-> 87.246.251.13 8842 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:10.449225 0.118103 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:10.524947 0.164006 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2547 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:10.678879 0.083784 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:10.742030 0.294622 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:11.037517 0.191879 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:11.192124 0.067865 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:11.244208 0.190156 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:11.431249 0.334749 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:11.775406 0.066985 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:11.838370 0.136717 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/13 15:58:19.328761 0.000000 tcp 10.0.2.109 59727 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:58:20.710532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:58:25.338310 0.059123 tcp 10.0.2.109 59728 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:58:25.397729 0.064513 tcp 10.0.2.109 59729 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:58:25.462543 0.152469 tcp 10.0.2.109 59730 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:58:25.630728 3.001244 tcp 10.0.2.109 59731 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:58:34.630587 0.000000 tcp 10.0.2.109 59731 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:58:40.629741 0.064531 tcp 10.0.2.109 59732 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:58:40.694615 0.061353 tcp 10.0.2.109 59733 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:58:40.756344 0.151774 tcp 10.0.2.109 59734 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/13 15:58:40.919827 3.004149 tcp 10.0.2.109 59735 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:58:49.921964 0.000000 tcp 10.0.2.109 59735 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:58:52.716445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 15:58:55.921468 3.003755 tcp 10.0.2.109 59736 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 15:59:04.923841 0.000000 tcp 10.0.2.109 59736 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:04:10.924505 0.000144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:04:10.924750 2.993926 tcp 10.0.2.109 59737 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:04:19.926780 0.000000 tcp 10.0.2.109 59737 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:04:25.927408 0.061525 tcp 10.0.2.109 59738 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:25.989574 0.061902 tcp 10.0.2.109 59739 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:26.051792 0.150988 tcp 10.0.2.109 59740 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:26.324977 2.995534 tcp 10.0.2.109 59741 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:04:35.320551 0.000000 tcp 10.0.2.109 59741 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:04:41.318090 0.060445 tcp 10.0.2.109 59742 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:41.378818 0.060931 tcp 10.0.2.109 59743 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:41.440021 0.148312 tcp 10.0.2.109 59744 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:41.611250 2.197801 tcp 10.0.2.109 59745 -> 46.48.240.210 29630 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:43.424389 0.063992 tcp 10.0.2.109 59746 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:43.488729 0.066887 tcp 10.0.2.109 59747 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:43.555953 0.156023 tcp 10.0.2.109 59748 -> 195.113.214.249 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:04:43.809321 3.006434 tcp 10.0.2.109 59749 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:04:52.814316 0.000000 tcp 10.0.2.109 59749 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:04:58.802894 3.004402 tcp 10.0.2.109 59750 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:05:07.808834 0.000000 tcp 10.0.2.109 59750 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:05:13.804640 1.865888 tcp 10.0.2.109 59751 -> 46.48.240.210 29630 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:05:20.727566 3.001375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 16:05:27.735062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:05:35.736334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:05:51.739362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:06:23.744354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:10:15.668833 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:10:15.669099 3.003739 tcp 10.0.2.109 59752 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:10:24.674733 0.000000 tcp 10.0.2.109 59752 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:10:30.671659 0.060469 tcp 10.0.2.109 59753 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:30.732404 0.059548 tcp 10.0.2.109 59754 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:30.792284 0.155042 tcp 10.0.2.109 59755 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:30.975584 2.999182 tcp 10.0.2.109 59756 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:10:39.973209 0.000000 tcp 10.0.2.109 59756 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:10:45.972518 0.060665 tcp 10.0.2.109 59757 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:46.033472 0.060163 tcp 10.0.2.109 59758 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:46.093981 0.255893 tcp 10.0.2.109 59759 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:46.533679 3.397044 tcp 10.0.2.109 59760 -> 46.48.240.210 29630 FSPA* 0 0 14 1639 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:49.615146 0.065500 tcp 10.0.2.109 59761 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:49.681019 0.061487 tcp 10.0.2.109 59762 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:49.742805 0.151777 tcp 10.0.2.109 59763 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:10:49.930955 2.991041 tcp 10.0.2.109 59764 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:10:58.920529 0.000000 tcp 10.0.2.109 59764 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:11:04.919486 3.003986 tcp 10.0.2.109 59765 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:11:13.922319 0.000000 tcp 10.0.2.109 59765 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:11:19.920965 0.370954 tcp 10.0.2.109 59766 -> 46.48.240.210 29630 SPA_* 0 0 9 1109 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:11:39.379655 0.000316 tcp 10.0.2.109 59766 -> 46.48.240.210 29630 FA_PA 0 0 3 422 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:11:48.049818 0.000191 tcp 10.0.2.109 59766 -> 46.48.240.210 29630 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:12:32.760613 2.999015 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 16:12:39.765738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:12:47.767404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:13:03.769996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:13:35.776404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:16:39.380822 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:16:39.380948 3.003401 tcp 10.0.2.109 59767 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:16:48.383012 0.000000 tcp 10.0.2.109 59767 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:16:54.383712 0.061646 tcp 10.0.2.109 59768 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:16:54.445663 0.061105 tcp 10.0.2.109 59769 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:16:54.507151 0.151813 tcp 10.0.2.109 59770 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:16:54.916372 3.000368 tcp 10.0.2.109 59771 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:17:03.915040 0.000000 tcp 10.0.2.109 59771 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:17:09.914450 0.063354 tcp 10.0.2.109 59772 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:17:09.978276 0.061969 tcp 10.0.2.109 59773 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:17:10.040520 0.151619 tcp 10.0.2.109 59774 -> 195.113.214.249 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:17:10.432425 0.360152 tcp 10.0.2.109 59775 -> 46.48.240.210 29630 SPA_* 0 0 7 981 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:17:22.120776 0.535003 tcp 10.0.2.109 59775 -> 46.48.240.210 29630 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:17:22.121670 0.064146 tcp 10.0.2.109 59776 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:17:22.186137 0.066809 tcp 10.0.2.109 59777 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:17:22.253236 0.156452 tcp 10.0.2.109 59778 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:17:22.655992 3.000345 tcp 10.0.2.109 59779 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:17:31.655078 0.000000 tcp 10.0.2.109 59779 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:17:37.654054 2.994047 tcp 10.0.2.109 59780 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:17:46.656826 0.000000 tcp 10.0.2.109 59780 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:17:52.655206 0.371300 tcp 10.0.2.109 59781 -> 46.48.240.210 29630 SPA_* 0 0 9 1089 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:18:01.997115 0.000423 tcp 10.0.2.109 59781 -> 46.48.240.210 29630 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:19:41.785164 3.001662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 16:19:48.792684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:19:56.793963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:20:12.796303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:20:44.802967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:23:01.990551 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:23:01.990649 0.356174 tcp 10.0.2.109 59782 -> 46.48.240.210 29630 SPA_* 0 0 9 1028 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:23:10.880932 0.386415 tcp 10.0.2.109 59782 -> 46.48.240.210 29630 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:23:10.883491 0.061949 tcp 10.0.2.109 59783 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:23:10.945779 0.061645 tcp 10.0.2.109 59784 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:23:11.007718 0.157056 tcp 10.0.2.109 59785 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:23:11.267567 0.374126 tcp 10.0.2.109 59786 -> 46.48.240.210 29630 SPA_* 0 0 9 1028 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:23:25.572031 0.000383 tcp 10.0.2.109 59786 -> 46.48.240.210 29630 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:26:48.808020 3.002747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 16:26:55.816413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:27:03.817707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:27:19.820732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:27:51.826345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:28:30.023404 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:28:30.023592 0.423024 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:30.428128 0.065248 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:30.569225 0.165990 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:31.023652 0.168141 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:31.495319 0.080253 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:31.560094 0.078744 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:31.734613 0.090402 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:31.799614 0.226439 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:32.015657 0.148250 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:32.499507 0.177637 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:32.651459 0.173881 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:32.944857 0.160644 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:33.097528 0.075471 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:33.303219 0.359353 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:33.644216 2.167649 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:35.810054 0.194638 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:36.543823 0.365504 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:36.908851 0.169635 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:37.147984 0.147700 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 1964 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:37.287498 0.047147 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:37.579830 0.779454 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:38.044456 0.316558 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:38.470323 0.045303 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:38.511721 0.564319 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:28:39.023142 0.000000 udp 10.0.2.109 3683 -> 189.234.158.192 1051 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 16:28:40.567475 3.003707 tcp 10.0.2.109 59787 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:28:49.569899 0.000000 tcp 10.0.2.109 59787 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:28:55.571077 0.064068 tcp 10.0.2.109 59788 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:28:55.635431 0.064115 tcp 10.0.2.109 59789 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:28:55.699947 0.153017 tcp 10.0.2.109 59790 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:28:55.967091 2.996408 tcp 10.0.2.109 59791 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:28:57.221243 0.061148 tcp 10.0.2.109 59792 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:28:57.282721 0.062081 tcp 10.0.2.109 59793 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:28:57.345042 0.155188 tcp 10.0.2.109 59794 -> 195.113.214.249 443 SRPA* 0 0 35 18782 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:28:57.500640 0.000000 udp 10.0.2.109 3683 -> 87.246.251.13 8842 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 16:29:04.962329 0.000000 tcp 10.0.2.109 59791 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:29:10.961407 0.062876 tcp 10.0.2.109 59795 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:29:11.024589 0.060729 tcp 10.0.2.109 59796 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:29:11.085191 0.153643 tcp 10.0.2.109 59797 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:29:11.586635 2.998739 tcp 10.0.2.109 59798 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:29:14.936777 0.060622 tcp 10.0.2.109 59799 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:29:14.997658 0.064953 tcp 10.0.2.109 59800 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:29:15.062491 0.155045 tcp 10.0.2.109 59801 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:29:15.218051 0.117055 rtp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:29:15.293713 0.161202 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:29:15.619177 0.088351 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:29:15.686027 0.071532 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:29:15.886734 0.190377 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:29:16.074441 0.353995 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:29:16.521567 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 16:29:20.584496 0.000000 tcp 10.0.2.109 59798 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:29:26.583090 3.004437 tcp 10.0.2.109 59802 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:29:32.212211 0.063328 tcp 10.0.2.109 59803 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:29:32.275902 0.063018 tcp 10.0.2.109 59804 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:29:32.339205 0.151421 tcp 10.0.2.109 59805 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:29:32.491298 0.481070 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:29:32.933508 0.341639 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:29:33.944272 0.212650 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/13 16:29:35.595960 0.000000 tcp 10.0.2.109 59802 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:33:55.833338 3.001405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 16:34:02.840377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:34:10.841726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:34:26.844771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:34:41.586839 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:34:41.586950 2.993493 tcp 10.0.2.109 59806 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:34:50.578862 0.000000 tcp 10.0.2.109 59806 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:34:56.589276 0.061891 tcp 10.0.2.109 59807 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:34:56.651427 0.063066 tcp 10.0.2.109 59808 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:34:56.714751 0.153378 tcp 10.0.2.109 59809 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:34:57.535769 3.000102 tcp 10.0.2.109 59810 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:34:58.851038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:35:06.531975 0.000000 tcp 10.0.2.109 59810 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:35:12.540189 0.060918 tcp 10.0.2.109 59811 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:35:12.601410 0.061307 tcp 10.0.2.109 59812 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:35:12.663080 0.155141 tcp 10.0.2.109 59813 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:35:13.189758 2.997539 tcp 10.0.2.109 59814 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:35:22.184336 0.000000 tcp 10.0.2.109 59814 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:35:28.184525 3.002954 tcp 10.0.2.109 59815 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:35:37.196415 0.000000 tcp 10.0.2.109 59815 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:40:43.186991 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:40:43.187085 2.993321 tcp 10.0.2.109 59816 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:40:52.178772 0.000000 tcp 10.0.2.109 59816 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:40:58.324493 0.064871 tcp 10.0.2.109 59817 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:40:58.389638 0.062063 tcp 10.0.2.109 59818 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:40:58.452002 0.172885 tcp 10.0.2.109 59819 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:40:58.820314 2.974905 tcp 10.0.2.109 59820 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:41:02.948523 2.971016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 16:41:07.735419 0.000000 tcp 10.0.2.109 59820 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:41:09.886529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:41:13.690255 0.063510 tcp 10.0.2.109 59821 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:41:13.754018 0.064454 tcp 10.0.2.109 59822 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:41:13.818777 0.157002 tcp 10.0.2.109 59823 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:41:14.101185 3.003540 tcp 10.0.2.109 59824 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:41:17.865308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:41:23.106546 0.000000 tcp 10.0.2.109 59824 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:41:29.102109 3.004177 tcp 10.0.2.109 59825 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:41:33.868784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:41:38.105143 0.000000 tcp 10.0.2.109 59825 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:42:05.874994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:46:44.109232 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:46:44.109432 2.989833 tcp 10.0.2.109 59826 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:46:53.107780 0.000000 tcp 10.0.2.109 59826 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:46:59.108318 0.065613 tcp 10.0.2.109 59827 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:46:59.174233 0.061949 tcp 10.0.2.109 59828 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:46:59.236490 0.152505 tcp 10.0.2.109 59829 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:46:59.486463 2.994855 tcp 10.0.2.109 59830 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:47:08.480215 0.000000 tcp 10.0.2.109 59830 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:47:14.479225 0.060136 tcp 10.0.2.109 59831 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:47:14.539696 0.063583 tcp 10.0.2.109 59832 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:47:14.603613 0.152690 tcp 10.0.2.109 59833 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:47:14.856879 2.996501 tcp 10.0.2.109 59834 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:47:23.852210 0.000000 tcp 10.0.2.109 59834 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:47:29.850781 3.004429 tcp 10.0.2.109 59835 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:47:38.854890 0.000000 tcp 10.0.2.109 59835 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:48:09.881004 3.001742 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 16:48:16.888458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:48:24.889607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:48:40.898598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:49:12.903598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:52:44.853618 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:52:44.853777 2.993964 tcp 10.0.2.109 59836 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:52:53.856616 0.000000 tcp 10.0.2.109 59836 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:52:59.856705 0.060846 tcp 10.0.2.109 59837 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:52:59.917831 0.061072 tcp 10.0.2.109 59838 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:52:59.979214 0.148702 tcp 10.0.2.109 59839 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 16:53:00.213164 2.996661 tcp 10.0.2.109 59840 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:53:09.208590 0.000000 tcp 10.0.2.109 59840 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 16:55:43.913736 3.001500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 16:55:50.921290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:55:58.922697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:56:14.925639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:56:46.931660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 16:59:59.298617 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 16:59:59.298734 0.000000 udp 10.0.2.109 3683 -> 189.234.158.192 1051 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 17:00:14.342073 0.061960 tcp 10.0.2.109 59841 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:00:14.404374 0.061945 tcp 10.0.2.109 59842 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:00:14.466662 0.154525 tcp 10.0.2.109 59843 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:00:14.621730 0.000000 udp 10.0.2.109 3683 -> 87.246.251.13 8842 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 17:00:32.176381 0.059768 tcp 10.0.2.109 59844 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:00:32.236481 0.062174 tcp 10.0.2.109 59845 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:00:32.298908 0.152748 tcp 10.0.2.109 59846 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:00:32.452201 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 17:00:48.189363 0.060426 tcp 10.0.2.109 59847 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:00:48.250160 0.061121 tcp 10.0.2.109 59848 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:00:48.311636 0.159580 tcp 10.0.2.109 59849 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:00:48.471758 0.068416 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:00:48.524325 0.411354 udp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:00:48.917027 1.280997 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:00:48.917402 3.005837 tcp 10.0.2.109 59850 -> 203.45.46.184 3656 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:00:50.332959 0.083801 rtp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:00:50.393647 0.170585 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:00:50.559635 0.000000 udp 10.0.2.109 3683 -> 81.133.36.147 7814 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 17:00:57.921834 0.000000 tcp 10.0.2.109 59850 -> 203.45.46.184 3656 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:01:00.226302 2.993681 tcp 10.0.2.109 59851 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:01:07.737250 0.063276 tcp 10.0.2.109 59852 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:07.800872 0.061012 tcp 10.0.2.109 59853 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:07.862240 0.153929 tcp 10.0.2.109 59854 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:08.016808 0.083309 rtp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:08.081880 0.220889 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:08.293249 0.190238 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:08.450320 0.156245 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:08.598593 0.350039 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:08.930739 0.075864 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:09.028836 0.173875 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:09.200036 1.363853 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 5 1760 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:09.219197 0.000000 tcp 10.0.2.109 59851 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:01:10.561141 4.291825 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 SPA_* 0 0 31 13541 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:10.630988 0.186392 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:10.801761 0.373055 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:11.222609 0.196395 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:11.412202 0.135780 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:11.554600 0.170667 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:11.702940 0.049030 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:11.838873 0.316416 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:12.153978 0.748586 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:12.643386 0.051335 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:12.691050 1.071328 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:13.707751 0.086500 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:13.776087 0.067361 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:13.880909 0.145503 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:14.016306 0.110233 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:14.125481 0.337018 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:14.502786 0.191160 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:14.689809 0.123111 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:14.773742 0.294353 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:15.166717 0.120271 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:01:15.227841 0.060860 tcp 10.0.2.109 59856 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:15.289059 0.061107 tcp 10.0.2.109 59857 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:15.350536 0.241491 tcp 10.0.2.109 59858 -> 195.113.214.249 443 SRPA* 0 0 74 78478 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:15.602159 2.980392 tcp 10.0.2.109 59859 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:01:19.167530 3.984722 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 30 18004 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:24.529517 0.000000 tcp 10.0.2.109 59859 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:01:26.299423 4.831180 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 14 7996 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:30.519898 0.060022 tcp 10.0.2.109 59860 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:30.580269 0.062155 tcp 10.0.2.109 59861 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:30.642693 0.149507 tcp 10.0.2.109 59862 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:30.851797 3.001922 tcp 10.0.2.109 59863 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:01:32.120481 0.000148 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 3 1610 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:39.852941 0.000000 tcp 10.0.2.109 59863 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:01:45.334643 2.645294 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 16 8828 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:45.851608 3.003463 tcp 10.0.2.109 59864 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:01:50.877294 3.999360 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 24 14164 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:01:54.854265 0.000000 tcp 10.0.2.109 59864 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:01:57.482254 2.860138 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 36 22176 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:02.797188 4.695571 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 15 10450 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:10.106322 4.216103 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 35 20922 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:15.407160 2.900570 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 46 25012 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:20.808435 4.060309 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 36 23872 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:27.542045 4.656025 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 14 10396 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:33.124362 4.300257 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 9 4582 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:40.272765 4.623656 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 16 9552 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:45.791960 4.762128 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 14 8700 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:50.937743 3.001637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 17:02:51.410398 3.985743 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 42 25148 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:56.688872 4.059843 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 15 9002 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:02:57.944956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:03:03.668626 1.576904 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 12 7392 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:03:05.946638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:03:10.927026 4.713352 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 14 8348 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:03:16.561309 4.226559 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 20 13968 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:03:21.949808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:03:23.528985 4.311269 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 14 6548 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:03:29.191005 4.383232 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 21 13174 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:03:36.274753 4.280083 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 18 12060 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:03:41.891743 3.949644 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 44 24056 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:03:48.329719 2.922009 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 30 18604 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:03:53.955473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:03:53.961615 2.837902 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 18 9660 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:03:59.216905 4.122243 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 54 33140 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:04.370104 2.781583 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 17 12606 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:10.078773 4.716407 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 14 7996 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:15.733555 4.331258 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 23 12434 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:21.008848 4.081672 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 43 25450 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:27.506189 2.694163 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 27 17242 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:32.769564 4.668457 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 15 10098 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:38.372213 2.911460 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 24 13088 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:43.667403 4.726369 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 15 9850 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:49.375204 3.996271 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 35 18874 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:04:55.921147 4.331410 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 15 10450 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:03.223468 4.219285 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 41 23894 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:08.490233 2.921848 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 20 13368 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:14.163321 4.054888 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 32 20160 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:19.199672 4.415467 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 27 17842 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:24.605942 4.208054 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 17 8758 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:30.126423 4.135113 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 30 20404 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:35.416977 3.048388 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 9 3982 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:41.002126 4.140276 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 31 18658 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:46.173063 4.130305 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 27 17242 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:51.428779 4.141005 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 56 30248 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:05:57.863118 1.297238 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_PA 0 0 12 10288 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:06:04.841799 4.942409 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 FPA_* 0 0 16 5383 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:06:09.993063 0.000154 tcp 10.0.2.109 59855 -> 70.80.185.236 4126 A_FA 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:00.854335 2.994432 tcp 10.0.2.109 59865 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:07:05.370657 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:07:09.857302 0.000000 tcp 10.0.2.109 59865 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:07:15.859681 0.063066 tcp 10.0.2.109 59866 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:15.923014 0.061098 tcp 10.0.2.109 59867 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:15.984494 0.152424 tcp 10.0.2.109 59868 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:16.486327 2.994550 tcp 10.0.2.109 59869 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:07:25.479602 0.000000 tcp 10.0.2.109 59869 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:07:31.480345 0.062043 tcp 10.0.2.109 59870 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:31.542690 0.062716 tcp 10.0.2.109 59871 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:31.606109 0.151586 tcp 10.0.2.109 59872 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:31.892757 3.000594 tcp 10.0.2.109 59873 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:07:40.895542 0.000000 tcp 10.0.2.109 59873 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:07:46.890983 0.059759 tcp 10.0.2.109 59874 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:46.951085 0.064146 tcp 10.0.2.109 59875 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:47.015519 0.147540 tcp 10.0.2.109 59876 -> 195.113.214.249 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:07:47.480712 3.007960 tcp 10.0.2.109 59877 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:07:56.484653 0.000000 tcp 10.0.2.109 59877 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:08:02.473352 3.003991 tcp 10.0.2.109 59878 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:08:11.475824 0.000000 tcp 10.0.2.109 59878 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:08:17.474757 2.996652 tcp 10.0.2.109 59879 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:08:26.478625 0.000000 tcp 10.0.2.109 59879 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:08:31.376726 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:09:57.962277 3.000907 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 17:10:04.969027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:10:12.970783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:10:28.973521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:11:00.979757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:13:32.478586 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:13:32.478706 3.006950 tcp 10.0.2.109 59880 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:13:41.480571 0.000000 tcp 10.0.2.109 59880 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:13:47.487606 0.219921 tcp 10.0.2.109 59881 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:13:47.707837 0.065797 tcp 10.0.2.109 59882 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:13:47.773974 0.150666 tcp 10.0.2.109 59883 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:13:48.051816 2.983080 tcp 10.0.2.109 59884 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:13:56.986259 0.000000 tcp 10.0.2.109 59884 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:14:02.936436 0.062923 tcp 10.0.2.109 59885 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:14:02.999702 0.068872 tcp 10.0.2.109 59886 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:14:03.068831 0.157303 tcp 10.0.2.109 59887 -> 195.113.214.249 443 SRPA* 0 0 27 14324 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:14:03.725704 2.980234 tcp 10.0.2.109 59888 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:14:12.707865 0.000000 tcp 10.0.2.109 59888 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:14:18.881184 0.058959 tcp 10.0.2.109 59889 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:14:18.940444 0.063880 tcp 10.0.2.109 59890 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:14:19.004688 0.148572 tcp 10.0.2.109 59891 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:14:19.402465 2.969199 tcp 10.0.2.109 59892 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:14:28.318785 0.000000 tcp 10.0.2.109 59892 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:14:34.252856 2.966675 tcp 10.0.2.109 59893 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:14:43.208943 0.000000 tcp 10.0.2.109 59893 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:14:49.217930 3.003858 tcp 10.0.2.109 59894 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:14:58.223665 0.000000 tcp 10.0.2.109 59894 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:15:02.869456 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:17:04.985412 3.001679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 17:17:11.994440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:17:19.995008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:17:35.997521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:18:08.003784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:20:04.221194 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:20:04.221367 3.003537 tcp 10.0.2.109 59895 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:20:13.224633 0.000000 tcp 10.0.2.109 59895 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:20:19.224089 0.061398 tcp 10.0.2.109 59896 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:20:19.285749 0.061059 tcp 10.0.2.109 59897 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:20:19.347126 0.155441 tcp 10.0.2.109 59898 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:20:20.320528 2.997124 tcp 10.0.2.109 59899 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:20:29.327022 0.000000 tcp 10.0.2.109 59899 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:20:35.315825 0.060063 tcp 10.0.2.109 59900 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:20:35.376178 0.063739 tcp 10.0.2.109 59901 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:20:35.439788 0.152074 tcp 10.0.2.109 59902 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:20:35.792327 2.997936 tcp 10.0.2.109 59903 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:20:44.788854 0.000000 tcp 10.0.2.109 59903 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:20:50.791435 0.061312 tcp 10.0.2.109 59904 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:20:50.853100 0.064921 tcp 10.0.2.109 59905 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:20:50.918331 0.149176 tcp 10.0.2.109 59906 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:20:51.175191 2.997549 tcp 10.0.2.109 59907 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:21:00.171082 0.000000 tcp 10.0.2.109 59907 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:21:06.169856 3.004380 tcp 10.0.2.109 59908 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:21:15.173071 0.000000 tcp 10.0.2.109 59908 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:21:21.171283 3.004266 tcp 10.0.2.109 59909 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:21:30.174265 0.000000 tcp 10.0.2.109 59909 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:24:12.009129 3.002128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 17:24:19.019281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:24:27.019615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:24:43.021278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:25:15.027590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:26:36.174895 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:26:36.174989 2.993573 tcp 10.0.2.109 59910 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:26:45.176957 0.000000 tcp 10.0.2.109 59910 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:26:51.177640 0.062493 tcp 10.0.2.109 59911 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:26:51.240409 0.060349 tcp 10.0.2.109 59912 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:26:51.301079 0.151057 tcp 10.0.2.109 59913 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:26:52.032562 2.998898 tcp 10.0.2.109 59914 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:27:01.029712 0.000000 tcp 10.0.2.109 59914 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:31:15.367609 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:31:15.367723 0.077200 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:15.426459 0.069395 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:15.801331 0.418775 rtp 10.0.2.109 3683 <-> 203.45.46.184 7507 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:16.201595 0.094127 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:16.427198 1.285007 rtp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:18.018473 0.171788 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:18.291039 0.080907 rtcp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:18.355656 0.221266 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2536 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:18.681804 0.371237 udp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:19.032967 3.003937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 17:31:19.034400 0.075599 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:19.250747 0.242810 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:19.489598 0.197518 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:19.649836 0.198386 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:20.251899 0.143094 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:20.518942 0.160593 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:20.752430 0.362201 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:21.272979 0.188154 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:21.453545 0.137016 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:21.625524 0.313344 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:22.045799 0.592726 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:22.538286 0.046689 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:23.115917 0.171156 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:23.263855 0.048961 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:23.380687 1.350950 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:24.687480 0.091337 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:24.965090 0.067149 rtp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:25.166025 0.138628 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:25.296724 0.118597 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:25.418701 0.327719 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:26.041669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:31:26.052244 0.191594 rtp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:26.258438 0.180111 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:26.400268 0.299726 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:26.698552 0.238009 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/13 17:31:34.042120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:31:50.045277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:32:07.030205 3.003772 tcp 10.0.2.109 59915 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:32:11.869010 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:32:16.032833 0.000000 tcp 10.0.2.109 59915 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:32:22.033170 0.060943 tcp 10.0.2.109 59916 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:32:22.051804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:32:22.094382 0.063372 tcp 10.0.2.109 59917 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:32:22.158043 0.155020 tcp 10.0.2.109 59918 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:32:22.401809 3.004535 tcp 10.0.2.109 59919 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:32:31.404881 0.000000 tcp 10.0.2.109 59919 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:32:37.396888 0.061696 tcp 10.0.2.109 59920 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:32:37.458873 0.063995 tcp 10.0.2.109 59921 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:32:37.523200 0.153262 tcp 10.0.2.109 59922 -> 195.113.214.249 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:32:37.724536 2.998860 tcp 10.0.2.109 59923 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:32:46.726826 0.000000 tcp 10.0.2.109 59923 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:32:52.715494 0.060133 tcp 10.0.2.109 59924 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:32:52.775913 0.060587 tcp 10.0.2.109 59925 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:32:52.836788 0.147036 tcp 10.0.2.109 59926 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:32:53.128388 3.001978 tcp 10.0.2.109 59927 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:33:02.129127 0.000000 tcp 10.0.2.109 59927 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:33:08.128829 3.836336 tcp 10.0.2.109 59928 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:33:17.886545 0.000000 tcp 10.0.2.109 59928 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:33:23.817732 2.968514 tcp 10.0.2.109 59929 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:33:32.716761 0.000000 tcp 10.0.2.109 59929 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:33:37.385089 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:38:26.058395 3.000707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 17:38:33.064908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:38:38.142763 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:38:38.142957 3.003181 tcp 10.0.2.109 59930 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:38:41.066048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:38:47.145162 0.000000 tcp 10.0.2.109 59930 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:38:53.145704 0.065421 tcp 10.0.2.109 59931 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:38:53.211427 0.060682 tcp 10.0.2.109 59932 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:38:53.272354 0.152429 tcp 10.0.2.109 59933 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:38:53.503001 2.985389 tcp 10.0.2.109 59934 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:38:57.069436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:39:02.497118 0.000000 tcp 10.0.2.109 59934 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:39:08.501632 0.066602 tcp 10.0.2.109 59935 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:39:08.568584 0.067627 tcp 10.0.2.109 59936 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:39:08.636506 0.157864 tcp 10.0.2.109 59937 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:39:09.325698 2.995606 tcp 10.0.2.109 59938 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:39:18.320548 0.000000 tcp 10.0.2.109 59938 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:39:24.319101 0.058862 tcp 10.0.2.109 59939 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:39:24.378393 0.060763 tcp 10.0.2.109 59940 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:39:24.439028 0.151683 tcp 10.0.2.109 59941 -> 195.113.214.249 443 SRPA* 0 0 27 14324 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:39:24.773056 3.001535 tcp 10.0.2.109 59942 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:39:29.075450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:39:33.772026 0.000000 tcp 10.0.2.109 59942 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:39:39.770895 3.003793 tcp 10.0.2.109 59943 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:39:48.773590 0.000000 tcp 10.0.2.109 59943 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:39:54.772708 3.003868 tcp 10.0.2.109 59944 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:40:03.774791 0.000000 tcp 10.0.2.109 59944 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:45:09.775751 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:45:09.775869 2.993793 tcp 10.0.2.109 59945 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:45:18.768288 0.000000 tcp 10.0.2.109 59945 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:45:24.778665 0.063764 tcp 10.0.2.109 59946 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:45:24.842719 0.062628 tcp 10.0.2.109 59947 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:45:24.905650 0.153149 tcp 10.0.2.109 59948 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:45:25.071657 3.000131 tcp 10.0.2.109 59949 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:45:33.082969 3.000160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 17:45:34.070512 0.000000 tcp 10.0.2.109 59949 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:45:40.069656 0.062179 tcp 10.0.2.109 59950 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:45:40.089024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:45:40.132183 0.060768 tcp 10.0.2.109 59951 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:45:40.193258 0.151135 tcp 10.0.2.109 59952 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:45:40.366440 2.997136 tcp 10.0.2.109 59953 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:45:48.096438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:45:49.363747 0.000000 tcp 10.0.2.109 59953 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:45:55.361469 0.063140 tcp 10.0.2.109 59954 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:45:55.424926 0.059610 tcp 10.0.2.109 59955 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:45:55.484841 0.155165 tcp 10.0.2.109 59956 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:45:55.950643 3.005522 tcp 10.0.2.109 59957 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:46:04.096485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:46:04.962510 0.000000 tcp 10.0.2.109 59957 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:46:10.948486 2.999245 tcp 10.0.2.109 59958 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:46:19.955938 0.000000 tcp 10.0.2.109 59958 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:46:25.954117 2.989078 tcp 10.0.2.109 59959 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:46:34.937501 0.000000 tcp 10.0.2.109 59959 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:46:36.099406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:46:39.864752 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:51:40.948222 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 17:51:40.948331 3.003614 tcp 10.0.2.109 59960 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:51:49.950677 0.000000 tcp 10.0.2.109 59960 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:51:55.951510 0.061210 tcp 10.0.2.109 59961 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:51:56.013089 0.061986 tcp 10.0.2.109 59962 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:51:56.075399 0.155573 tcp 10.0.2.109 59963 -> 195.113.214.249 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:51:56.241294 3.002633 tcp 10.0.2.109 59964 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:52:05.242727 0.000000 tcp 10.0.2.109 59964 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:52:11.241965 0.070329 tcp 10.0.2.109 59965 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:52:11.312570 0.063299 tcp 10.0.2.109 59966 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:52:11.376168 0.153339 tcp 10.0.2.109 59967 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:52:11.546678 2.999201 tcp 10.0.2.109 59968 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:52:20.544274 0.000000 tcp 10.0.2.109 59968 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:52:26.543728 0.060421 tcp 10.0.2.109 59969 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:52:26.604446 0.060786 tcp 10.0.2.109 59970 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:52:26.665497 0.153259 tcp 10.0.2.109 59971 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/13 17:52:26.834830 2.993132 tcp 10.0.2.109 59972 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:52:35.836718 0.000000 tcp 10.0.2.109 59972 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:52:41.835975 2.993332 tcp 10.0.2.109 59973 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:52:50.828032 0.000000 tcp 10.0.2.109 59973 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:52:56.837070 2.994234 tcp 10.0.2.109 59974 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:53:05.829701 0.000000 tcp 10.0.2.109 59974 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 17:54:27.109285 3.001948 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 17:54:34.116593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:54:42.117836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:54:58.121316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 17:55:30.127411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:01:39.659615 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:01:39.659724 0.078911 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:01:39.721079 0.068501 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:01:39.886866 0.000000 udp 10.0.2.109 3683 -> 203.45.46.184 7507 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 18:01:41.862433 3.003252 tcp 10.0.2.109 59975 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:01:50.864464 0.000000 tcp 10.0.2.109 59975 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:01:56.154375 2.993123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 18:01:56.870356 0.061525 tcp 10.0.2.109 59976 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:01:56.932177 0.062610 tcp 10.0.2.109 59977 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:01:56.995077 0.154499 tcp 10.0.2.109 59978 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:01:57.463590 2.994835 tcp 10.0.2.109 59979 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:01:57.558725 0.060968 tcp 10.0.2.109 59980 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:01:57.619582 0.060814 tcp 10.0.2.109 59981 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:01:57.680717 0.153106 tcp 10.0.2.109 59982 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:01:57.834467 0.095968 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:01:57.906005 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 18:02:03.152490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:02:06.472599 0.000000 tcp 10.0.2.109 59979 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:02:11.153511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:02:14.178902 0.061667 tcp 10.0.2.109 59983 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:02:14.240920 0.063277 tcp 10.0.2.109 59984 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:02:14.304538 0.150820 tcp 10.0.2.109 59985 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:02:14.455854 0.175556 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:15.151950 0.083749 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:15.245138 0.229710 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:15.465656 0.175998 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:15.690829 0.151126 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:15.831066 0.378806 rtp 10.0.2.109 3683 <-> 122.57.203.170 5192 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:16.267065 0.077537 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:16.531509 0.159435 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:16.686638 0.144398 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:16.859083 0.145517 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:17.055816 0.356481 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:17.614869 0.193106 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:17.800350 0.133965 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:18.005885 0.315522 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:18.320189 0.692673 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:18.793369 0.048167 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:18.941104 0.051551 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:19.006121 0.169035 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:19.315100 0.000000 udp 10.0.2.109 3683 -> 201.164.45.130 6822 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 18:02:27.156794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:02:35.549489 0.060757 tcp 10.0.2.109 59986 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:02:35.610561 0.061018 tcp 10.0.2.109 59987 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:02:35.671433 0.148067 tcp 10.0.2.109 59988 -> 195.113.214.249 443 SRPA* 0 0 21 11340 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:02:35.820386 0.089459 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:35.888977 0.069507 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:36.482418 0.149839 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:36.621452 0.109469 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:36.792445 0.328427 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:37.164409 0.299168 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:37.463108 0.222159 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:37.650766 0.197211 rtp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:37.971790 0.401041 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:02:59.163061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:07:12.457291 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:07:12.457415 3.003932 tcp 10.0.2.109 59989 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:07:21.460018 0.000000 tcp 10.0.2.109 59989 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:07:27.460488 0.061422 tcp 10.0.2.109 59990 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:07:27.522446 0.062242 tcp 10.0.2.109 59991 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:07:27.584604 0.149027 tcp 10.0.2.109 59992 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:07:27.750265 3.006482 tcp 10.0.2.109 59993 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:07:36.751733 0.000000 tcp 10.0.2.109 59993 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:07:42.751476 0.061584 tcp 10.0.2.109 59994 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:07:42.813425 0.060979 tcp 10.0.2.109 59995 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:07:42.874709 0.147638 tcp 10.0.2.109 59996 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:07:43.154437 3.000912 tcp 10.0.2.109 59997 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:07:52.154150 0.000000 tcp 10.0.2.109 59997 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:07:58.153493 0.060218 tcp 10.0.2.109 59998 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:07:58.214038 0.061049 tcp 10.0.2.109 59999 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:07:58.275398 0.149226 tcp 10.0.2.109 60000 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:07:58.440851 3.006678 tcp 10.0.2.109 60001 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:08:07.455915 0.000000 tcp 10.0.2.109 60001 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:08:13.435003 2.993968 tcp 10.0.2.109 60002 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:08:22.437399 0.000000 tcp 10.0.2.109 60002 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:08:28.436679 2.993823 tcp 10.0.2.109 60003 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:08:37.428996 0.000000 tcp 10.0.2.109 60003 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:08:42.366345 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:09:08.179368 3.001767 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 18:09:15.184588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:09:23.184973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:09:39.188127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:10:11.194076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:13:43.439676 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:13:43.439813 3.003668 tcp 10.0.2.109 60004 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:13:52.442058 0.000000 tcp 10.0.2.109 60004 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:13:58.443050 0.061765 tcp 10.0.2.109 60005 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:13:58.505115 0.062942 tcp 10.0.2.109 60006 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:13:58.568029 0.149170 tcp 10.0.2.109 60007 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:13:59.774894 3.001987 tcp 10.0.2.109 60008 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:14:08.776619 0.000000 tcp 10.0.2.109 60008 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:14:14.775203 0.063271 tcp 10.0.2.109 60009 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:14:14.838731 0.361005 tcp 10.0.2.109 60010 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:14:15.200048 0.147072 tcp 10.0.2.109 60011 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:14:15.357858 3.001274 tcp 10.0.2.109 60012 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:14:24.357934 0.000000 tcp 10.0.2.109 60012 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:14:30.357311 0.060426 tcp 10.0.2.109 60013 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:14:30.418037 0.061176 tcp 10.0.2.109 60014 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:14:30.479484 0.152159 tcp 10.0.2.109 60015 -> 195.113.214.249 443 SRPA* 0 0 41 33512 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:14:30.932262 2.999616 tcp 10.0.2.109 60016 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:14:39.930303 0.000000 tcp 10.0.2.109 60016 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:14:45.929179 3.004098 tcp 10.0.2.109 60017 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:14:54.964074 0.000000 tcp 10.0.2.109 60017 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:15:00.931087 3.004104 tcp 10.0.2.109 60018 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:15:09.933424 0.000000 tcp 10.0.2.109 60018 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:15:14.870639 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:16:19.205392 3.002103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 18:16:26.214921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:16:34.215257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:16:50.218802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:17:22.233677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:20:15.934023 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:20:15.934239 2.993787 tcp 10.0.2.109 60019 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:20:24.936303 0.000000 tcp 10.0.2.109 60019 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:20:30.936469 0.063247 tcp 10.0.2.109 60020 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:20:30.999978 0.064196 tcp 10.0.2.109 60021 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:20:31.064492 0.148801 tcp 10.0.2.109 60022 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:20:31.484447 2.995589 tcp 10.0.2.109 60023 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:20:40.478545 0.000000 tcp 10.0.2.109 60023 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:20:46.478015 0.087009 tcp 10.0.2.109 60024 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:20:46.565276 0.061706 tcp 10.0.2.109 60025 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:20:46.627250 0.151428 tcp 10.0.2.109 60026 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:20:46.808343 3.004417 tcp 10.0.2.109 60027 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:20:55.810799 0.000000 tcp 10.0.2.109 60027 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:21:01.809828 0.059426 tcp 10.0.2.109 60028 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:21:01.869545 0.061355 tcp 10.0.2.109 60029 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:21:01.931181 0.150801 tcp 10.0.2.109 60030 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:21:02.537171 2.997662 tcp 10.0.2.109 60031 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:21:11.533468 0.000000 tcp 10.0.2.109 60031 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:21:17.532155 3.004220 tcp 10.0.2.109 60032 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:21:26.535054 0.000000 tcp 10.0.2.109 60032 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:21:32.533762 2.994090 tcp 10.0.2.109 60033 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:21:41.536469 0.000000 tcp 10.0.2.109 60033 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:21:46.373322 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:23:29.243899 3.001829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 18:23:36.251474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:23:44.253033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:24:00.256157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:24:32.261975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:26:47.539086 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:26:47.539244 2.995910 tcp 10.0.2.109 60034 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:26:56.529345 0.000000 tcp 10.0.2.109 60034 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:27:02.539739 0.045338 tcp 10.0.2.109 60035 -> 195.113.214.234 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:27:02.585390 0.046249 tcp 10.0.2.109 60036 -> 195.113.214.249 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:27:02.631897 0.136950 tcp 10.0.2.109 60037 -> 195.113.214.249 443 SRPA* 0 0 35 19217 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:27:03.031241 3.001984 tcp 10.0.2.109 60038 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:27:12.032585 0.000000 tcp 10.0.2.109 60038 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:27:18.033149 0.045435 tcp 10.0.2.109 60039 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:27:18.078872 0.046405 tcp 10.0.2.109 60040 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:27:18.125555 0.135796 tcp 10.0.2.109 60041 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:27:18.639193 2.999589 tcp 10.0.2.109 60042 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:27:27.634047 0.000000 tcp 10.0.2.109 60042 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:27:33.633357 0.048297 tcp 10.0.2.109 60043 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:27:33.681943 0.045382 tcp 10.0.2.109 60044 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:27:33.727584 0.139528 tcp 10.0.2.109 60045 -> 195.113.214.249 443 SRPA* 0 0 24 10456 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:27:33.982504 2.996024 tcp 10.0.2.109 60046 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:27:42.985748 0.000000 tcp 10.0.2.109 60046 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:27:48.975025 2.993917 tcp 10.0.2.109 60047 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:27:57.967576 0.000000 tcp 10.0.2.109 60047 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:28:03.976941 2.995476 tcp 10.0.2.109 60048 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:28:12.969415 0.000000 tcp 10.0.2.109 60048 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:28:17.866388 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:30:36.268500 3.001151 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 18:30:43.275392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:30:51.276917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:31:07.280067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:31:39.285883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:32:43.138153 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:32:43.138253 0.000000 udp 10.0.2.109 3683 -> 203.45.46.184 7507 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 18:33:02.117076 0.047063 tcp 10.0.2.109 60049 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:02.164508 0.046109 tcp 10.0.2.109 60050 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:02.210924 0.138909 tcp 10.0.2.109 60051 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:02.350504 0.168050 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:02.548509 1.520318 rtp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:04.409238 0.069628 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:04.718062 0.081921 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:04.781907 0.088117 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:05.144611 0.174410 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:05.556924 0.229513 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:05.775708 0.081344 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:05.843139 0.172851 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:06.141197 0.075607 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:06.236406 0.000000 udp 10.0.2.109 3683 -> 122.57.203.170 5192 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 18:33:18.979665 3.003806 tcp 10.0.2.109 60052 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:33:22.254940 0.044922 tcp 10.0.2.109 60053 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:22.300223 0.046319 tcp 10.0.2.109 60054 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:22.346809 0.137214 tcp 10.0.2.109 60055 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:22.484634 0.162280 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:22.627341 0.142972 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:22.805424 0.359868 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:23.429353 0.157303 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:23.585608 0.152965 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:23.731198 0.134715 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:23.942627 0.193166 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:24.209866 0.316161 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:24.524701 0.841691 rtp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:25.127541 0.048582 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:25.358929 0.046864 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:25.442512 0.170619 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:25.589336 0.090468 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:25.659605 0.071027 rtp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:25.868248 0.143396 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:26.002896 0.486627 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:26.442593 0.114691 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:26.520392 0.334844 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:27.015355 0.176157 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:27.156216 0.192873 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:27.345310 0.185217 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/13 18:33:27.981935 0.000000 tcp 10.0.2.109 60052 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:33:33.981440 0.044392 tcp 10.0.2.109 60056 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:34.026269 0.048223 tcp 10.0.2.109 60057 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:34.074825 0.138713 tcp 10.0.2.109 60058 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:35.048568 3.008024 tcp 10.0.2.109 60059 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:33:44.055795 0.000000 tcp 10.0.2.109 60059 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:33:50.044349 0.552684 tcp 10.0.2.109 60060 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:50.597311 0.051358 tcp 10.0.2.109 60061 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:50.648962 0.135796 tcp 10.0.2.109 60062 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:33:51.109867 2.971981 tcp 10.0.2.109 60063 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:34:00.021734 0.000000 tcp 10.0.2.109 60063 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:34:06.016925 0.047394 tcp 10.0.2.109 60064 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:34:06.064620 0.049088 tcp 10.0.2.109 60065 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:34:06.114006 0.132744 tcp 10.0.2.109 60066 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:34:06.645049 2.978568 tcp 10.0.2.109 60067 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:34:15.566189 0.000000 tcp 10.0.2.109 60067 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:34:21.510322 2.976234 tcp 10.0.2.109 60068 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:34:30.427119 0.000000 tcp 10.0.2.109 60068 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:34:36.370617 2.974336 tcp 10.0.2.109 60069 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:34:45.290748 0.000000 tcp 10.0.2.109 60069 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:34:49.869835 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:37:43.292861 3.000655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 18:37:50.299570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:37:58.302808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:38:14.304758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:38:46.313278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:39:51.253987 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:39:51.254113 3.003321 tcp 10.0.2.109 60070 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:40:00.266531 0.000000 tcp 10.0.2.109 60070 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:40:06.256592 0.060345 tcp 10.0.2.109 60071 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:40:06.316787 0.062694 tcp 10.0.2.109 60072 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:40:06.379800 0.148117 tcp 10.0.2.109 60073 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:40:06.543231 2.996278 tcp 10.0.2.109 60074 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:40:15.538146 0.000000 tcp 10.0.2.109 60074 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:40:21.537400 0.063146 tcp 10.0.2.109 60075 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:40:21.600806 0.063610 tcp 10.0.2.109 60076 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:40:21.664698 0.149057 tcp 10.0.2.109 60077 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:40:21.839585 3.002136 tcp 10.0.2.109 60078 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:40:30.840186 0.000000 tcp 10.0.2.109 60078 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:40:36.839578 0.059725 tcp 10.0.2.109 60079 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:40:36.899613 0.061623 tcp 10.0.2.109 60080 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:40:36.961534 0.155677 tcp 10.0.2.109 60081 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:40:37.154815 2.998950 tcp 10.0.2.109 60082 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:40:46.152198 0.000000 tcp 10.0.2.109 60082 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:40:52.151254 3.003844 tcp 10.0.2.109 60083 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:41:01.153833 0.000000 tcp 10.0.2.109 60083 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:41:07.153242 3.003438 tcp 10.0.2.109 60084 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:41:16.155950 0.000000 tcp 10.0.2.109 60084 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:44:50.321111 2.998635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 18:44:57.326593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:45:05.325227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:45:21.328040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:45:53.334009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:46:22.155927 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:46:22.156154 2.993603 tcp 10.0.2.109 60085 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:46:31.148482 0.000000 tcp 10.0.2.109 60085 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:46:37.159207 0.060786 tcp 10.0.2.109 60086 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:46:37.220270 0.066527 tcp 10.0.2.109 60087 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:46:37.287168 0.149281 tcp 10.0.2.109 60088 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:46:37.471462 3.000336 tcp 10.0.2.109 60089 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:46:46.470441 0.000000 tcp 10.0.2.109 60089 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:46:52.470234 0.060736 tcp 10.0.2.109 60090 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:46:52.531326 0.061525 tcp 10.0.2.109 60091 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:46:52.593276 0.156509 tcp 10.0.2.109 60092 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:46:52.840592 3.004263 tcp 10.0.2.109 60093 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:47:01.842028 0.000000 tcp 10.0.2.109 60093 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:47:07.841629 0.059679 tcp 10.0.2.109 60094 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:47:07.901610 0.061647 tcp 10.0.2.109 60095 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:47:07.963588 0.148978 tcp 10.0.2.109 60096 -> 195.113.214.249 443 SRPA* 0 0 40 20706 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:47:08.279992 3.008420 tcp 10.0.2.109 60097 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:47:17.286837 0.000000 tcp 10.0.2.109 60097 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:47:23.273492 3.003838 tcp 10.0.2.109 60098 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:47:32.286542 0.000000 tcp 10.0.2.109 60098 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:47:38.275030 2.994011 tcp 10.0.2.109 60099 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:47:47.267795 0.000000 tcp 10.0.2.109 60099 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:52:53.278321 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 18:52:53.278454 3.003535 tcp 10.0.2.109 60100 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:53:02.280630 0.000000 tcp 10.0.2.109 60100 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:53:08.280985 0.061176 tcp 10.0.2.109 60101 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:53:08.342469 0.065760 tcp 10.0.2.109 60102 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:53:08.408581 0.151769 tcp 10.0.2.109 60103 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:53:08.573355 3.000379 tcp 10.0.2.109 60104 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:53:17.572725 0.000000 tcp 10.0.2.109 60104 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:53:23.571873 0.060415 tcp 10.0.2.109 60105 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:53:23.632612 0.060887 tcp 10.0.2.109 60106 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:53:23.693791 0.148300 tcp 10.0.2.109 60107 -> 195.113.214.249 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:53:23.871704 3.004064 tcp 10.0.2.109 60108 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:53:32.874694 0.000000 tcp 10.0.2.109 60108 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:53:38.864001 0.059636 tcp 10.0.2.109 60109 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:53:38.923942 0.063164 tcp 10.0.2.109 60110 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:53:38.987469 0.151595 tcp 10.0.2.109 60111 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 18:53:39.149699 2.998112 tcp 10.0.2.109 60112 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:53:48.156521 0.000000 tcp 10.0.2.109 60112 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:53:54.145571 2.994000 tcp 10.0.2.109 60113 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:54:03.137973 0.000000 tcp 10.0.2.109 60113 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:54:06.345777 3.001611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 18:54:09.147281 2.993896 tcp 10.0.2.109 60114 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:54:13.352872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:54:18.142607 0.000000 tcp 10.0.2.109 60114 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 18:54:21.354514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:54:37.357543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 18:55:09.368700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:01:16.386010 2.992157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 19:01:23.381052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:01:31.382680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:01:47.385760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:02:19.391527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:03:52.706915 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 19:03:52.707067 0.000000 udp 10.0.2.109 3683 -> 122.57.203.170 5192 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 19:04:11.424452 0.064965 tcp 10.0.2.109 60115 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:04:11.489779 0.060560 tcp 10.0.2.109 60116 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:04:11.550641 0.146414 tcp 10.0.2.109 60117 -> 195.113.214.249 443 SRPA* 0 0 41 24708 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:04:11.697702 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 19:04:29.639432 0.063973 tcp 10.0.2.109 60118 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:04:29.703711 0.061721 tcp 10.0.2.109 60119 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:04:29.765761 0.153777 tcp 10.0.2.109 60120 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:04:29.920085 0.000000 udp 10.0.2.109 3683 -> 201.164.45.130 6822 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 19:04:45.603252 0.060756 tcp 10.0.2.109 60121 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:04:45.664361 0.064522 tcp 10.0.2.109 60122 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:04:45.729202 0.159470 tcp 10.0.2.109 60123 -> 195.113.214.249 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:04:45.889327 0.072601 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:45.944393 0.075598 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:46.186009 0.086462 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:46.249579 0.227142 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:46.465626 0.081777 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:46.625785 0.175103 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:47.479725 0.174090 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:47.842616 0.069510 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:48.259887 0.166801 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:48.405757 0.144015 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:48.626209 0.149864 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:48.768395 0.360476 rtp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:49.127849 0.158589 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:49.282418 0.140455 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:49.414269 0.187498 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:49.715331 0.323696 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:50.037237 0.047185 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:50.175684 0.171741 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:50.325161 0.090736 rtp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:50.599686 0.070537 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:50.651262 0.868501 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:51.280641 0.048156 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:51.796125 0.144248 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:51.987381 0.298986 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:52.510309 0.138352 rtp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:52.605368 0.332910 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:53.206771 0.136602 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:53.304926 0.138577 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:53.464540 0.190367 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:04:54.184845 2.993872 tcp 10.0.2.109 60124 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:05:03.187824 0.000000 tcp 10.0.2.109 60124 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:05:09.186549 0.063264 tcp 10.0.2.109 60125 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:05:09.249723 0.063701 tcp 10.0.2.109 60126 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:05:09.313799 0.146833 tcp 10.0.2.109 60127 -> 195.113.214.249 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:05:09.740377 3.000528 tcp 10.0.2.109 60128 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:05:18.739422 0.000000 tcp 10.0.2.109 60128 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:05:24.739822 0.061695 tcp 10.0.2.109 60129 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:05:24.801422 0.064133 tcp 10.0.2.109 60130 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:05:24.865892 0.152099 tcp 10.0.2.109 60131 -> 195.113.214.249 443 SRPA* 0 0 32 16806 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:05:25.053307 2.999599 tcp 10.0.2.109 60132 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:05:34.051484 0.000000 tcp 10.0.2.109 60132 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:05:40.050800 0.066787 tcp 10.0.2.109 60133 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:05:40.117948 0.062493 tcp 10.0.2.109 60134 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:05:40.180357 0.149917 tcp 10.0.2.109 60135 -> 195.113.214.249 443 SRPA* 0 0 32 16806 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:05:40.516606 2.998504 tcp 10.0.2.109 60136 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:05:49.513643 0.000000 tcp 10.0.2.109 60136 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:05:55.512689 3.004231 tcp 10.0.2.109 60137 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:06:04.515274 0.000000 tcp 10.0.2.109 60137 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:06:10.514260 2.994882 tcp 10.0.2.109 60138 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:06:19.516770 0.000000 tcp 10.0.2.109 60138 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:06:24.363911 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 19:08:39.400868 3.001701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 19:08:46.407849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:08:54.409609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:09:10.412736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:09:42.423758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:11:25.518000 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 19:11:25.518245 3.002934 tcp 10.0.2.109 60139 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:11:34.519874 0.000000 tcp 10.0.2.109 60139 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:11:40.520469 0.064260 tcp 10.0.2.109 60140 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:11:40.585074 0.060905 tcp 10.0.2.109 60141 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:11:40.646354 0.149995 tcp 10.0.2.109 60142 -> 195.113.214.249 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:11:41.183339 3.000315 tcp 10.0.2.109 60143 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:11:50.182738 0.000000 tcp 10.0.2.109 60143 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:11:56.181618 0.064141 tcp 10.0.2.109 60144 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:11:56.246012 0.063837 tcp 10.0.2.109 60145 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:11:56.310316 0.150353 tcp 10.0.2.109 60146 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:11:56.753043 3.282922 tcp 10.0.2.109 60147 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:12:05.980710 0.000000 tcp 10.0.2.109 60147 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:12:11.945090 0.061206 tcp 10.0.2.109 60148 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:12:12.006492 0.060878 tcp 10.0.2.109 60149 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:12:12.067700 0.157800 tcp 10.0.2.109 60150 -> 195.113.214.249 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:12:12.551824 2.963586 tcp 10.0.2.109 60151 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:12:21.473404 0.000000 tcp 10.0.2.109 60151 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:12:27.417961 2.967068 tcp 10.0.2.109 60152 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:12:36.358697 0.000000 tcp 10.0.2.109 60152 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:12:42.367421 3.004028 tcp 10.0.2.109 60153 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:12:51.370075 0.000000 tcp 10.0.2.109 60153 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:12:56.367748 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 19:15:46.425151 3.001147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 19:15:53.432020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:16:01.435131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:16:17.436771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:16:49.446414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:17:57.370530 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 19:17:57.370628 3.004341 tcp 10.0.2.109 60154 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:18:06.373210 0.000000 tcp 10.0.2.109 60154 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:18:12.373390 0.819097 tcp 10.0.2.109 60155 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:18:13.192776 0.062299 tcp 10.0.2.109 60156 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:18:13.255355 0.152615 tcp 10.0.2.109 60157 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:18:14.001196 2.963178 tcp 10.0.2.109 60158 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:18:22.906212 0.000000 tcp 10.0.2.109 60158 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:18:28.817736 0.060765 tcp 10.0.2.109 60159 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:18:28.878821 0.061579 tcp 10.0.2.109 60160 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:18:28.940672 0.155974 tcp 10.0.2.109 60161 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:18:29.557010 2.966420 tcp 10.0.2.109 60162 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:18:38.445558 0.000000 tcp 10.0.2.109 60162 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:18:44.368884 0.067167 tcp 10.0.2.109 60163 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:18:44.436071 0.060952 tcp 10.0.2.109 60164 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:18:44.497336 0.158026 tcp 10.0.2.109 60165 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:18:44.723320 2.966104 tcp 10.0.2.109 60166 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:18:53.611295 0.000000 tcp 10.0.2.109 60166 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:18:59.536546 2.971255 tcp 10.0.2.109 60167 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:19:08.431649 0.000000 tcp 10.0.2.109 60167 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:19:14.356660 2.998318 tcp 10.0.2.109 60168 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:19:23.353993 0.000000 tcp 10.0.2.109 60168 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:22:53.449519 3.000424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 19:23:00.459160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:23:08.457555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:23:24.460603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:23:56.469452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:24:29.354095 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 19:24:29.354301 2.993696 tcp 10.0.2.109 60169 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:24:38.356807 0.000000 tcp 10.0.2.109 60169 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:24:44.358658 0.065905 tcp 10.0.2.109 60170 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:24:44.424887 0.064702 tcp 10.0.2.109 60171 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:24:44.489891 0.154911 tcp 10.0.2.109 60172 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:24:44.971183 3.001603 tcp 10.0.2.109 60173 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:24:53.969292 0.000000 tcp 10.0.2.109 60173 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:24:59.968697 0.059945 tcp 10.0.2.109 60174 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:25:00.028899 0.059719 tcp 10.0.2.109 60175 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:25:00.088899 0.148417 tcp 10.0.2.109 60176 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:25:00.434524 2.998220 tcp 10.0.2.109 60177 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:25:09.431360 0.000000 tcp 10.0.2.109 60177 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:25:15.430427 0.060285 tcp 10.0.2.109 60178 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:25:15.490998 0.061858 tcp 10.0.2.109 60179 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:25:15.553128 0.155352 tcp 10.0.2.109 60180 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:25:15.872217 3.004232 tcp 10.0.2.109 60181 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:25:24.873213 0.000000 tcp 10.0.2.109 60181 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:25:30.872805 3.003242 tcp 10.0.2.109 60182 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:25:39.878459 0.000000 tcp 10.0.2.109 60182 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:25:45.874045 2.994274 tcp 10.0.2.109 60183 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:25:54.876767 0.000000 tcp 10.0.2.109 60183 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:25:59.863634 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 19:30:00.473841 3.000539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 19:30:07.479819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:30:15.481319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:30:31.489878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:31:03.490317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:35:23.304532 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 19:35:23.304682 0.170192 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:23.470220 0.000000 udp 10.0.2.109 3683 -> 201.164.45.130 6822 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 19:35:30.904982 2.994249 tcp 10.0.2.109 60184 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:35:39.898006 0.000000 tcp 10.0.2.109 60184 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:35:41.071251 0.065099 tcp 10.0.2.109 60185 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:35:41.136629 0.062042 tcp 10.0.2.109 60186 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:35:41.198987 0.130589 tcp 10.0.2.109 60187 -> 195.113.214.249 443 SRPA* 0 0 33 23844 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:35:41.330162 0.069041 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:41.383491 0.082361 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:41.638025 0.091768 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:41.703085 0.239084 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:42.242958 0.086357 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:42.312877 0.167294 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:42.579479 0.163925 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:42.722793 0.143793 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:43.001337 0.153941 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:43.147431 0.173481 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:43.318814 0.085851 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:43.595035 0.365932 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:43.960649 0.151673 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:44.110532 0.138566 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2612 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:44.321601 0.191674 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:44.505422 0.329439 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:44.832794 0.052108 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:44.979781 0.172428 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:45.127668 0.581217 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:45.727352 0.048486 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:45.907210 0.060241 tcp 10.0.2.109 60188 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:35:45.967799 0.061136 tcp 10.0.2.109 60189 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:35:46.029296 0.148979 tcp 10.0.2.109 60190 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:35:46.174552 0.090739 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:46.197985 3.003177 tcp 10.0.2.109 60191 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:35:46.242628 0.069396 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:46.446567 0.139122 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:46.577746 0.294415 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:47.038619 0.115237 rtp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:47.114149 0.340853 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:47.539219 0.260022 rtp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:47.796165 0.119690 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:47.877558 0.114254 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/13 19:35:55.199704 0.000000 tcp 10.0.2.109 60191 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:37:07.496619 3.001388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 19:37:14.503949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:37:22.505538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:37:38.508562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:38:10.514716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:41:01.200292 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 19:41:01.200392 3.004012 tcp 10.0.2.109 60192 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:41:10.202771 0.000000 tcp 10.0.2.109 60192 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:41:16.203520 0.060823 tcp 10.0.2.109 60193 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:41:16.264621 0.063777 tcp 10.0.2.109 60194 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:41:16.328707 0.148887 tcp 10.0.2.109 60195 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:41:16.671384 3.005000 tcp 10.0.2.109 60196 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:41:25.675099 0.000000 tcp 10.0.2.109 60196 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:41:31.664131 0.063006 tcp 10.0.2.109 60197 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:41:31.727468 0.067423 tcp 10.0.2.109 60198 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:41:31.795258 0.151470 tcp 10.0.2.109 60199 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:41:31.971309 2.998521 tcp 10.0.2.109 60200 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:41:40.976851 0.000000 tcp 10.0.2.109 60200 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 19:41:46.971245 0.058927 tcp 10.0.2.109 60201 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:41:47.030539 0.062029 tcp 10.0.2.109 60202 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:41:47.092864 0.157359 tcp 10.0.2.109 60203 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:41:47.447375 0.597548 tcp 10.0.2.109 60204 -> 5.178.194.36 4983 FSPA* 0 0 14 1506 flow=From-Botnet-V1-TCP-Established 1970/02/13 19:44:14.520400 3.001679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 19:44:21.528083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:44:29.529698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:44:45.532381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:45:17.538652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:53:42.547354 3.001544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 19:53:49.554710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:53:57.556403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:54:13.559149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 19:54:45.564786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:00:49.571060 3.001759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 20:00:56.578632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:01:04.579916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:01:20.582903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:01:52.589133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:06:10.930978 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 20:06:10.931080 0.167540 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:11.099049 0.069778 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:11.169234 0.054237 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:11.223885 0.068729 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:11.293042 0.209518 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:11.503027 0.065869 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:11.569307 0.169334 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:11.739058 0.138933 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:11.878412 0.166935 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:12.045742 0.074773 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:12.120929 0.131670 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:12.253040 0.145977 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:12.399490 0.358800 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:12.758660 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 20:06:28.788358 0.060127 tcp 10.0.2.109 60205 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:06:28.848732 0.060049 tcp 10.0.2.109 60206 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:06:28.909151 0.155961 tcp 10.0.2.109 60207 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:06:29.065688 0.128621 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:29.194690 0.179402 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:29.374481 0.313764 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:29.688598 0.484848 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:30.173901 0.047820 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:30.222265 0.143363 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:30.366040 0.046296 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:30.412751 0.067785 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:30.480927 0.049402 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:30.530794 0.128345 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:30.659680 0.299667 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:30.959811 0.183083 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:31.143283 0.081889 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:31.225563 0.071267 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:31.297221 0.332181 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:06:31.629812 0.074092 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:07:59.599305 3.001620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 20:08:06.606835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:08:14.608670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:08:30.611060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:09:02.618996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:11:48.045646 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 20:11:48.045759 0.505015 tcp 10.0.2.109 60208 -> 5.178.194.36 4983 FSPA* 0 0 14 1570 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:15:09.628041 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 20:15:16.635052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:15:24.637926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:15:40.639557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:16:12.808092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:22:18.664491 3.001523 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 20:22:25.672031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:22:33.673240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:22:49.676474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:23:21.682581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:29:25.688449 3.005097 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 20:29:32.696025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:29:40.697510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:29:56.700704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:30:28.706402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:36:32.711923 3.002150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 20:36:39.720710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:36:42.875056 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 20:36:42.875159 0.151940 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:43.027500 0.055031 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:43.082974 0.062248 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:43.145623 0.163315 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:43.309412 0.059802 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:43.369620 0.064625 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:43.434620 0.164312 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:43.599355 0.217634 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:43.817477 0.156359 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:43.974484 0.143090 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:44.117935 0.074924 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:44.193278 0.168273 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:44.362014 0.130612 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:44.493125 0.361956 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:44.855501 0.127017 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:44.982897 0.178988 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:45.162488 0.314921 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:45.477842 0.154552 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:45.632846 0.044816 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:45.678044 0.468837 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:46.147307 0.040864 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:46.188581 0.066104 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:46.255152 0.051205 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:46.306757 0.138921 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:46.446211 0.294100 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:46.740691 0.188947 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:46.930093 0.332726 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:47.263193 0.066003 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:47.329602 0.083574 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:47.413576 0.071282 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/13 20:36:47.721231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:37:03.724506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:37:35.740084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:41:48.554439 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 20:41:48.554540 2.994581 tcp 10.0.2.109 60209 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:41:57.556640 0.000000 tcp 10.0.2.109 60209 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:42:03.556959 0.061265 tcp 10.0.2.109 60210 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:03.618478 0.062820 tcp 10.0.2.109 60211 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:03.681567 0.148130 tcp 10.0.2.109 60212 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:03.876693 2.993288 tcp 10.0.2.109 60213 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:42:12.869026 0.000000 tcp 10.0.2.109 60213 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:42:18.878168 0.060815 tcp 10.0.2.109 60214 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:18.939282 0.061483 tcp 10.0.2.109 60215 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:19.001080 0.148081 tcp 10.0.2.109 60216 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:19.251240 3.001147 tcp 10.0.2.109 60217 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:42:28.250936 0.000000 tcp 10.0.2.109 60217 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:42:34.250032 0.060987 tcp 10.0.2.109 60218 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:34.311293 0.060525 tcp 10.0.2.109 60219 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:34.372159 0.151635 tcp 10.0.2.109 60220 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:34.837048 2.997662 tcp 10.0.2.109 60221 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:42:43.833544 0.000000 tcp 10.0.2.109 60221 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:42:49.833422 0.062520 tcp 10.0.2.109 60222 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:49.896260 0.062673 tcp 10.0.2.109 60223 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:49.959138 0.155467 tcp 10.0.2.109 60224 -> 195.113.214.249 443 SRPA* 0 0 64 41016 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:42:50.175197 3.001850 tcp 10.0.2.109 60225 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:42:59.175595 0.000000 tcp 10.0.2.109 60225 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:43:05.174710 2.993787 tcp 10.0.2.109 60226 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:43:14.177242 0.000000 tcp 10.0.2.109 60226 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:43:20.175718 2.994434 tcp 10.0.2.109 60227 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:43:29.168552 0.000000 tcp 10.0.2.109 60227 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:43:35.177704 3.003945 tcp 10.0.2.109 60228 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:43:39.735818 3.003011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 20:43:39.863706 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 20:43:44.180313 0.000000 tcp 10.0.2.109 60228 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:43:46.750390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:43:54.745705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:44:10.748620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:44:42.757713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:48:50.182215 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 20:48:50.182380 3.004746 tcp 10.0.2.109 60229 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:48:59.183365 0.000000 tcp 10.0.2.109 60229 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:49:05.183182 0.061163 tcp 10.0.2.109 60230 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:05.244628 0.061726 tcp 10.0.2.109 60231 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:05.306628 0.146557 tcp 10.0.2.109 60232 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:05.849372 3.007303 tcp 10.0.2.109 60233 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:49:14.855054 0.000000 tcp 10.0.2.109 60233 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:49:20.845177 0.059334 tcp 10.0.2.109 60234 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:20.904771 0.061863 tcp 10.0.2.109 60235 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:20.967005 0.148297 tcp 10.0.2.109 60236 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:21.419119 2.990685 tcp 10.0.2.109 60237 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:49:30.410548 0.000000 tcp 10.0.2.109 60237 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:49:36.420708 0.059784 tcp 10.0.2.109 60238 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:36.480409 0.061769 tcp 10.0.2.109 60239 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:36.541998 0.147676 tcp 10.0.2.109 60240 -> 195.113.214.249 443 SRPA* 0 0 20 11520 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:37.176826 2.995169 tcp 10.0.2.109 60241 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:49:46.171219 0.000000 tcp 10.0.2.109 60241 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:49:52.169823 0.064248 tcp 10.0.2.109 60242 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:52.233953 0.064421 tcp 10.0.2.109 60243 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:52.298668 0.152090 tcp 10.0.2.109 60244 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:49:52.754321 3.000110 tcp 10.0.2.109 60245 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:50:01.752443 0.000000 tcp 10.0.2.109 60245 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:50:07.754202 3.001760 tcp 10.0.2.109 60246 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:50:16.757076 0.000000 tcp 10.0.2.109 60246 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:50:22.752939 2.994765 tcp 10.0.2.109 60247 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:50:31.756027 0.000000 tcp 10.0.2.109 60247 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:50:36.362824 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 20:50:37.754601 2.994509 tcp 10.0.2.109 60248 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:50:46.747678 0.000000 tcp 10.0.2.109 60248 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:50:46.760784 3.001828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 20:50:53.769990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:51:01.769465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:51:17.771881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:51:49.778558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:55:52.758600 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 20:55:52.758783 3.002710 tcp 10.0.2.109 60249 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:56:01.760698 0.000000 tcp 10.0.2.109 60249 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:56:07.762385 0.061060 tcp 10.0.2.109 60250 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:56:07.823725 0.063423 tcp 10.0.2.109 60251 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:56:07.887436 0.194859 tcp 10.0.2.109 60252 -> 195.113.214.249 443 SRPA* 0 0 75 79160 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:56:08.266364 2.998722 tcp 10.0.2.109 60253 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:56:17.262912 0.000000 tcp 10.0.2.109 60253 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:56:23.262324 0.063337 tcp 10.0.2.109 60254 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:56:23.325973 0.067196 tcp 10.0.2.109 60255 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:56:23.393454 0.150897 tcp 10.0.2.109 60256 -> 195.113.214.249 443 SRPA* 0 0 36 18650 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:56:23.686352 3.000279 tcp 10.0.2.109 60257 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:56:32.685169 0.000000 tcp 10.0.2.109 60257 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:56:38.684071 0.060128 tcp 10.0.2.109 60258 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:56:38.744482 0.064381 tcp 10.0.2.109 60259 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:56:38.809196 0.153041 tcp 10.0.2.109 60260 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 20:56:38.972188 2.996752 tcp 10.0.2.109 60261 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:56:47.977095 0.000000 tcp 10.0.2.109 60261 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:56:53.965997 2.994161 tcp 10.0.2.109 60262 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:57:02.959036 0.000000 tcp 10.0.2.109 60262 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:57:08.967470 3.004281 tcp 10.0.2.109 60263 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:57:17.970349 0.000000 tcp 10.0.2.109 60263 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 20:57:22.867281 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 20:57:53.783652 3.002051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 20:58:00.791404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:58:08.795915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:58:24.795678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 20:58:56.802709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:02:23.975624 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:02:23.975713 2.999030 tcp 10.0.2.109 60264 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:02:32.973293 0.000000 tcp 10.0.2.109 60264 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:02:38.973464 0.061793 tcp 10.0.2.109 60265 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:02:39.035604 0.061657 tcp 10.0.2.109 60266 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:02:39.097533 0.151935 tcp 10.0.2.109 60267 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:02:39.332528 3.004306 tcp 10.0.2.109 60268 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:02:48.335205 0.000000 tcp 10.0.2.109 60268 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:05:22.819789 3.001872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 21:05:29.827226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:05:37.828726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:05:53.831978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:06:25.838227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:07:03.202115 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:07:03.202217 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 21:07:19.016198 0.061231 tcp 10.0.2.109 60269 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:07:19.077714 0.061788 tcp 10.0.2.109 60270 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:07:19.139822 0.151434 tcp 10.0.2.109 60271 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:07:19.291828 0.071847 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:19.345327 0.085483 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:19.629032 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 21:07:38.483028 0.063647 tcp 10.0.2.109 60272 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:07:38.546973 0.064644 tcp 10.0.2.109 60273 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:07:38.611993 0.152717 tcp 10.0.2.109 60274 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:07:38.765212 0.091901 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:38.830537 0.081140 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:39.442979 0.170002 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:40.334409 0.229061 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:40.553742 0.085885 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:41.165173 0.179349 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:41.341343 0.143189 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:41.806952 0.366397 rtp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:42.172631 0.170687 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:42.324937 0.155881 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:42.534318 0.134233 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:42.952345 0.188525 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:43.132854 0.312272 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:43.451373 0.176026 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:43.605361 0.047983 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:43.718797 0.481744 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:44.160985 0.052135 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:44.596568 0.088798 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:44.662857 0.068442 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:44.907343 0.142082 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:45.041223 0.298475 rtp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:45.554679 0.194161 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:45.745632 0.126777 rtp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:45.867253 0.112282 rtp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:45.937124 0.331626 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:46.282078 0.109816 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:07:54.336038 2.993406 tcp 10.0.2.109 60275 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:08:03.328302 0.000000 tcp 10.0.2.109 60275 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:08:09.337971 0.129153 tcp 10.0.2.109 60276 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:09.467498 0.064742 tcp 10.0.2.109 60277 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:09.532532 0.151780 tcp 10.0.2.109 60278 -> 195.113.214.249 443 SRPA* 0 0 20 11286 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:09.928104 3.003865 tcp 10.0.2.109 60279 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:08:18.930662 0.000000 tcp 10.0.2.109 60279 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:08:24.929850 0.063779 tcp 10.0.2.109 60280 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:24.993928 0.061484 tcp 10.0.2.109 60281 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:25.055713 0.152656 tcp 10.0.2.109 60282 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:25.432513 3.001555 tcp 10.0.2.109 60283 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:08:34.432884 0.000000 tcp 10.0.2.109 60283 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:08:40.432318 0.059304 tcp 10.0.2.109 60284 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:40.491910 0.061423 tcp 10.0.2.109 60285 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:40.553734 0.153802 tcp 10.0.2.109 60286 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:40.888041 3.008940 tcp 10.0.2.109 60287 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:08:49.895288 0.000000 tcp 10.0.2.109 60287 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:08:55.884232 0.060058 tcp 10.0.2.109 60288 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:55.944595 0.060498 tcp 10.0.2.109 60289 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:56.005467 0.152891 tcp 10.0.2.109 60290 -> 195.113.214.249 443 SRPA* 0 0 36 18906 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:08:56.417781 3.000923 tcp 10.0.2.109 60291 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:09:05.427304 0.000000 tcp 10.0.2.109 60291 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:09:11.416210 2.993927 tcp 10.0.2.109 60292 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:09:20.408930 0.000000 tcp 10.0.2.109 60292 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:09:26.418015 3.003794 tcp 10.0.2.109 60293 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:09:35.420684 0.000000 tcp 10.0.2.109 60293 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:09:40.367510 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:09:41.419358 3.003976 tcp 10.0.2.109 60294 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:09:50.421975 0.000000 tcp 10.0.2.109 60294 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:12:37.848951 2.998256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 21:12:44.856725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:12:52.853964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:13:08.857321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:13:40.863589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:14:56.422936 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:14:56.423049 3.003654 tcp 10.0.2.109 60295 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:15:05.425071 0.000000 tcp 10.0.2.109 60295 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:15:11.426173 0.061599 tcp 10.0.2.109 60296 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:11.488055 0.061570 tcp 10.0.2.109 60297 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:11.549935 0.149509 tcp 10.0.2.109 60298 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:11.731332 2.997092 tcp 10.0.2.109 60299 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:15:20.736460 0.000000 tcp 10.0.2.109 60299 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:15:26.726230 0.066963 tcp 10.0.2.109 60300 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:26.793537 0.061046 tcp 10.0.2.109 60301 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:26.854910 0.151616 tcp 10.0.2.109 60302 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:27.181129 2.999710 tcp 10.0.2.109 60303 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:15:36.179169 0.000000 tcp 10.0.2.109 60303 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:15:42.178304 0.059263 tcp 10.0.2.109 60304 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:42.237845 0.062268 tcp 10.0.2.109 60305 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:42.300372 0.156126 tcp 10.0.2.109 60306 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:42.908639 3.004393 tcp 10.0.2.109 60307 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:15:51.912174 0.000000 tcp 10.0.2.109 60307 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:15:57.901116 0.061093 tcp 10.0.2.109 60308 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:57.962500 0.062445 tcp 10.0.2.109 60309 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:58.024830 0.154985 tcp 10.0.2.109 60310 -> 195.113.214.249 443 SRPA* 0 0 22 11394 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:15:58.837926 3.008064 tcp 10.0.2.109 60311 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:16:07.848482 0.000000 tcp 10.0.2.109 60311 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:16:13.833526 2.994035 tcp 10.0.2.109 60312 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:16:22.836812 0.000000 tcp 10.0.2.109 60312 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:16:28.838838 2.990518 tcp 10.0.2.109 60313 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:16:37.827857 0.000000 tcp 10.0.2.109 60313 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:16:42.364711 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:16:43.836141 2.994566 tcp 10.0.2.109 60314 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:16:52.829357 0.000000 tcp 10.0.2.109 60314 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:19:46.871886 3.001969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 21:19:53.879632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:20:01.881327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:20:17.884572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:20:49.890582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:21:58.839946 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:21:58.840099 3.003186 tcp 10.0.2.109 60315 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:22:07.842758 0.000000 tcp 10.0.2.109 60315 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:22:13.842581 0.065251 tcp 10.0.2.109 60316 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:22:13.908194 0.067239 tcp 10.0.2.109 60317 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:22:13.975731 0.149980 tcp 10.0.2.109 60318 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:22:14.335953 3.001914 tcp 10.0.2.109 60319 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:22:23.334464 0.000000 tcp 10.0.2.109 60319 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:22:29.334247 0.059580 tcp 10.0.2.109 60320 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:22:29.394270 0.061058 tcp 10.0.2.109 60321 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:22:29.455606 0.156602 tcp 10.0.2.109 60322 -> 195.113.214.249 443 SRPA* 0 0 23 12308 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:22:29.840997 2.997617 tcp 10.0.2.109 60323 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:22:38.847070 0.000000 tcp 10.0.2.109 60323 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:22:44.835943 0.063917 tcp 10.0.2.109 60324 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:22:44.900178 0.065608 tcp 10.0.2.109 60325 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:22:44.966182 0.154919 tcp 10.0.2.109 60326 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:22:45.233516 2.986886 tcp 10.0.2.109 60327 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:22:54.220074 0.000000 tcp 10.0.2.109 60327 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:23:00.228256 0.063258 tcp 10.0.2.109 60328 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:23:00.291865 0.063317 tcp 10.0.2.109 60329 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:23:00.355553 0.148923 tcp 10.0.2.109 60330 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:23:00.782885 2.999864 tcp 10.0.2.109 60331 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:23:09.781252 0.000000 tcp 10.0.2.109 60331 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:23:15.779579 3.004958 tcp 10.0.2.109 60332 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:23:24.782738 0.000000 tcp 10.0.2.109 60332 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:23:30.781601 3.005133 tcp 10.0.2.109 60333 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:23:39.783949 0.000000 tcp 10.0.2.109 60333 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:23:45.783390 3.004299 tcp 10.0.2.109 60334 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:23:50.369579 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:23:54.795960 0.000000 tcp 10.0.2.109 60334 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:26:53.895875 3.002448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 21:27:00.903152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:27:08.905068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:27:24.908536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:27:56.913960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:29:00.786714 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:29:00.786905 2.993744 tcp 10.0.2.109 60335 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:29:09.779091 0.000000 tcp 10.0.2.109 60335 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:29:15.789445 0.067956 tcp 10.0.2.109 60336 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:29:15.857661 0.061360 tcp 10.0.2.109 60337 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:29:15.919299 0.150907 tcp 10.0.2.109 60338 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:29:16.186712 3.000544 tcp 10.0.2.109 60339 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:29:25.181017 0.000000 tcp 10.0.2.109 60339 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:29:31.180555 0.060272 tcp 10.0.2.109 60340 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:29:31.241099 0.062112 tcp 10.0.2.109 60341 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:29:31.303481 0.150576 tcp 10.0.2.109 60342 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:29:31.571290 3.003069 tcp 10.0.2.109 60343 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:29:40.573087 0.000000 tcp 10.0.2.109 60343 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:29:46.577024 0.060896 tcp 10.0.2.109 60344 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:29:46.638406 0.063361 tcp 10.0.2.109 60345 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:29:46.702121 0.154631 tcp 10.0.2.109 60346 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:29:46.954055 3.002859 tcp 10.0.2.109 60347 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:29:55.955454 0.000000 tcp 10.0.2.109 60347 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:30:01.945464 0.060535 tcp 10.0.2.109 60348 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:30:02.006300 0.061883 tcp 10.0.2.109 60349 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:30:02.068451 0.154781 tcp 10.0.2.109 60350 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:30:02.320429 2.998569 tcp 10.0.2.109 60351 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:30:11.327407 0.000000 tcp 10.0.2.109 60351 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:30:17.318967 2.991459 tcp 10.0.2.109 60352 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:30:26.312711 0.000000 tcp 10.0.2.109 60352 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:30:32.317843 3.004133 tcp 10.0.2.109 60353 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:30:41.321242 0.000000 tcp 10.0.2.109 60353 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:30:47.320846 3.003186 tcp 10.0.2.109 60354 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:30:51.865613 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:30:56.325023 0.000000 tcp 10.0.2.109 60354 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:34:00.921529 3.003760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 21:34:07.927563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:34:15.929302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:34:31.932015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:35:04.839428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:37:55.635507 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:37:55.635618 0.158393 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:55.792385 0.171802 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:56.169202 0.074600 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:56.223812 0.082670 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:56.688897 0.085176 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:56.749937 0.085771 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:57.112188 0.168433 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:57.759916 0.220509 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:57.970281 0.209302 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:58.192275 0.355250 rtp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:58.698820 0.177316 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2585 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:58.855559 0.075782 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:59.135099 0.240358 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:59.372100 0.147483 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:59.512154 0.135474 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:59.639763 0.188272 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:37:59.820373 0.320275 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:00.249638 0.173303 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:00.397301 0.047182 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:00.448594 0.476594 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 1994 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:01.427694 0.051626 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 6 1974 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:01.476511 0.089235 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:01.641030 0.072075 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:01.911310 0.138950 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:02.042290 0.300731 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:02.335436 2.993425 tcp 10.0.2.109 60355 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:38:02.713218 0.114182 rtp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:02.790616 0.329475 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:03.238926 0.101050 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:03.304460 0.190776 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:03.626003 0.484682 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/13 21:38:11.327537 0.000000 tcp 10.0.2.109 60355 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:38:17.338607 0.060591 tcp 10.0.2.109 60356 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:38:17.399585 0.059920 tcp 10.0.2.109 60357 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:38:17.459849 0.159955 tcp 10.0.2.109 60358 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:38:17.923133 2.998341 tcp 10.0.2.109 60359 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:38:26.922787 0.000000 tcp 10.0.2.109 60359 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:38:32.947624 0.058759 tcp 10.0.2.109 60360 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:38:33.006705 0.064603 tcp 10.0.2.109 60361 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:38:33.071589 0.152660 tcp 10.0.2.109 60362 -> 195.113.214.249 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:38:33.856940 2.976887 tcp 10.0.2.109 60363 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:38:42.835874 0.000000 tcp 10.0.2.109 60363 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:38:48.832246 0.059162 tcp 10.0.2.109 60364 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:38:48.891717 0.061335 tcp 10.0.2.109 60365 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:38:48.953341 0.150586 tcp 10.0.2.109 60366 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:38:49.147514 3.009526 tcp 10.0.2.109 60367 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:38:58.155004 0.000000 tcp 10.0.2.109 60367 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:39:04.144133 0.059958 tcp 10.0.2.109 60368 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:39:04.204409 0.063652 tcp 10.0.2.109 60369 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:39:04.268307 0.153314 tcp 10.0.2.109 60370 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:39:04.554095 2.994460 tcp 10.0.2.109 60371 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:39:13.558436 0.000000 tcp 10.0.2.109 60371 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:39:19.555578 2.994335 tcp 10.0.2.109 60372 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:39:28.548050 0.000000 tcp 10.0.2.109 60372 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:39:34.557605 3.003657 tcp 10.0.2.109 60373 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:39:43.560200 0.000000 tcp 10.0.2.109 60373 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:39:48.367083 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:39:49.559071 3.004169 tcp 10.0.2.109 60374 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:39:58.561432 0.000000 tcp 10.0.2.109 60374 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:41:07.954624 3.000911 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 21:41:14.961604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:41:22.963294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:41:38.971124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:42:10.976923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:45:04.561888 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:45:04.562049 3.003690 tcp 10.0.2.109 60375 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:45:13.566277 0.000000 tcp 10.0.2.109 60375 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:45:19.565629 0.062607 tcp 10.0.2.109 60376 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:45:19.628518 0.060705 tcp 10.0.2.109 60377 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:45:19.689520 0.153722 tcp 10.0.2.109 60378 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:45:20.032142 3.000593 tcp 10.0.2.109 60379 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:45:29.036835 0.000000 tcp 10.0.2.109 60379 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:45:35.028161 0.066810 tcp 10.0.2.109 60380 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:45:35.095278 0.061066 tcp 10.0.2.109 60381 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:45:35.156696 0.153344 tcp 10.0.2.109 60382 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:45:35.414061 3.005100 tcp 10.0.2.109 60383 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:45:44.409072 0.000000 tcp 10.0.2.109 60383 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:45:50.413262 0.061552 tcp 10.0.2.109 60384 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:45:50.475052 0.063585 tcp 10.0.2.109 60385 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:45:50.538939 0.149072 tcp 10.0.2.109 60386 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:45:50.969053 2.993812 tcp 10.0.2.109 60387 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:45:59.963657 0.000000 tcp 10.0.2.109 60387 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:46:05.960795 0.059620 tcp 10.0.2.109 60388 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:46:06.020783 0.063830 tcp 10.0.2.109 60389 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:46:06.084941 0.156950 tcp 10.0.2.109 60390 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:46:06.304517 3.002296 tcp 10.0.2.109 60391 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:46:15.303552 0.000000 tcp 10.0.2.109 60391 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:46:21.302561 3.007044 tcp 10.0.2.109 60392 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:46:30.304877 0.000000 tcp 10.0.2.109 60392 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:46:36.303908 2.993849 tcp 10.0.2.109 60393 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:46:45.306758 0.000000 tcp 10.0.2.109 60393 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:46:51.305434 2.994082 tcp 10.0.2.109 60394 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:46:55.871546 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:47:00.300460 0.000000 tcp 10.0.2.109 60394 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:48:14.980866 2.999039 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 21:48:21.985419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:48:29.987030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:48:45.990352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:49:18.000771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:52:06.308572 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:52:06.308666 3.004332 tcp 10.0.2.109 60395 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:52:15.311135 0.000000 tcp 10.0.2.109 60395 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:52:21.311334 0.061954 tcp 10.0.2.109 60396 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:52:21.373590 0.063293 tcp 10.0.2.109 60397 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:52:21.437161 0.152838 tcp 10.0.2.109 60398 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:52:21.602566 3.001791 tcp 10.0.2.109 60399 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:52:30.602974 0.000000 tcp 10.0.2.109 60399 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:52:36.602386 0.060768 tcp 10.0.2.109 60400 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:52:36.663423 0.059617 tcp 10.0.2.109 60401 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:52:36.723317 0.151604 tcp 10.0.2.109 60402 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:52:36.885050 3.001618 tcp 10.0.2.109 60403 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:52:45.884986 0.000000 tcp 10.0.2.109 60403 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:52:51.883917 0.059931 tcp 10.0.2.109 60404 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:52:51.944122 0.064630 tcp 10.0.2.109 60405 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:52:52.009086 0.149991 tcp 10.0.2.109 60406 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:52:52.170200 2.998125 tcp 10.0.2.109 60407 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:53:01.177231 0.000000 tcp 10.0.2.109 60407 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:53:07.166516 0.060991 tcp 10.0.2.109 60408 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:53:07.227850 0.066011 tcp 10.0.2.109 60409 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:53:07.294227 0.159074 tcp 10.0.2.109 60410 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:53:07.465815 2.994999 tcp 10.0.2.109 60411 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:53:16.458911 0.000000 tcp 10.0.2.109 60411 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:53:22.458252 3.003816 tcp 10.0.2.109 60412 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:53:31.461096 0.000000 tcp 10.0.2.109 60412 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:53:37.459242 3.004281 tcp 10.0.2.109 60413 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:53:46.462358 0.000000 tcp 10.0.2.109 60413 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:53:51.369084 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:53:52.461249 3.003873 tcp 10.0.2.109 60414 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:54:01.463982 0.000000 tcp 10.0.2.109 60414 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:55:46.006017 3.002561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/13 21:55:53.014037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:56:01.015557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:56:17.018707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:56:49.024467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 21:59:07.464371 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 21:59:07.464476 2.993732 tcp 10.0.2.109 60415 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:59:16.466946 0.000000 tcp 10.0.2.109 60415 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/13 21:59:22.467468 0.059995 tcp 10.0.2.109 60416 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:59:22.527704 0.059775 tcp 10.0.2.109 60417 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:59:22.587721 0.147631 tcp 10.0.2.109 60418 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/13 21:59:22.763779 0.597638 tcp 10.0.2.109 60419 -> 176.73.169.112 1959 FSPA* 0 0 16 1709 flow=From-Botnet-V1-TCP-Established 1970/02/13 22:02:53.030963 3.011950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 22:03:00.047968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:03:08.049645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:03:24.052795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:03:56.058798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:08:06.548949 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 22:08:06.549047 0.171528 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:06.700987 0.081363 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:06.763564 0.086903 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:06.941320 0.170742 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:07.107547 0.073021 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:07.161948 0.082660 rtp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:07.411509 0.168177 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:07.682673 0.368126 rtp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:08.106947 0.179686 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:08.256981 0.075609 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:08.502008 0.221791 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:08.714146 0.144063 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:08.887546 0.177698 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:09.063325 0.146912 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:09.202460 0.135435 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:09.330296 0.192066 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:09.549473 0.047873 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:09.894836 0.687237 rtp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:10.342053 0.314427 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:10.742642 0.170878 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:10.892272 0.067239 rtp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:11.155421 0.000000 udp 10.0.2.109 3683 -> 84.130.217.153 8279 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 22:08:29.263528 0.064335 tcp 10.0.2.109 60420 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 22:08:29.328237 0.064982 tcp 10.0.2.109 60421 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 22:08:29.393508 0.156493 tcp 10.0.2.109 60422 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/13 22:08:29.550836 0.096128 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:29.624575 0.138339 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:29.787777 0.312228 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:30.142789 0.120010 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 6 2549 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:30.412137 0.190659 rtp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:30.600259 0.327677 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:31.012389 0.184003 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:08:31.161071 0.160965 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:10:00.064664 3.001562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 22:10:07.071976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:10:15.073527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:10:31.076396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:11:03.082713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:17:07.088178 3.002437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 22:17:14.095985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:17:22.097676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:17:38.100602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:18:10.106183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:24:14.113599 3.000995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 22:24:21.120299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:24:29.121553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:24:45.124753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:25:17.130680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:29:23.365220 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 22:29:23.365314 0.875956 tcp 10.0.2.109 60423 -> 176.73.169.112 1959 FSPA* 0 0 15 1576 flow=From-Botnet-V1-TCP-Established 1970/02/13 22:31:21.136613 3.002703 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 22:31:28.143882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:31:36.145519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:31:52.148271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:32:25.275401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:38:28.170978 3.001082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 22:38:34.216861 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 22:38:34.217055 0.000000 udp 10.0.2.109 3683 -> 84.130.217.153 8279 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 22:38:35.177951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:38:43.179733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:38:52.384367 0.061918 tcp 10.0.2.109 60424 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 22:38:52.446567 0.066561 tcp 10.0.2.109 60425 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 22:38:52.513402 0.153346 tcp 10.0.2.109 60426 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/13 22:38:52.667681 0.059523 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:52.727626 0.067455 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:52.795449 0.165731 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:52.961586 0.054523 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:53.016508 0.071411 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:53.088287 0.427599 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:53.516259 0.152004 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:53.668678 0.171625 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:53.840739 0.071438 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:53.912545 0.367583 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:54.280524 0.228730 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:54.509683 0.137363 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:54.647460 0.127879 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:54.775729 0.184955 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:54.961096 0.045213 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:55.006683 0.168391 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:55.175555 0.131691 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:55.307684 0.314368 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:55.622437 0.473026 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:56.095854 0.146622 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:56.242901 0.050847 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:56.294224 0.074178 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:56.368820 0.128796 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:56.498068 0.298719 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:56.797187 0.074473 udp 10.0.2.109 3683 <-> 217.83.146.219 5333 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:56.872057 0.199288 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:57.071726 0.072392 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:57.144540 0.325008 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:57.469972 0.125780 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/13 22:38:59.185123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:39:31.188513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:45:35.199217 2.998048 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 22:45:42.201993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:45:50.203301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:46:06.206660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:46:38.212487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:54:27.219297 3.072409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 22:54:34.268474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:54:42.238437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:54:58.241419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:55:30.247331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 22:59:24.244350 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 22:59:24.244533 0.486043 tcp 10.0.2.109 60427 -> 176.73.169.112 1959 FSPA* 0 0 14 1527 flow=From-Botnet-V1-TCP-Established 1970/02/13 23:01:56.265527 3.002875 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 23:02:03.272456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:02:11.273790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:02:27.276978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:02:59.283016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:09:04.519897 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 23:09:04.519990 0.059025 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:04.579420 0.065620 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:04.645489 0.164818 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:04.810764 0.052774 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:04.863979 0.065438 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:04.929824 0.149422 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:05.079650 0.146240 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:05.226500 0.164456 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:05.391396 0.074949 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:05.466784 0.138558 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:05.605804 0.124040 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:05.730539 0.354245 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:06.085198 0.220277 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:06.305850 0.187719 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:06.493960 0.046149 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:06.540472 0.168534 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:06.709429 0.130794 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:06.840655 0.315055 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:07.156100 0.452526 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:07.609084 0.147528 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:07.756996 0.051235 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:07.808693 0.069759 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:07.878935 0.133182 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:08.012558 0.309347 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:08.297201 3.000495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 23:09:08.322531 0.000000 udp 10.0.2.109 3683 -> 217.83.146.219 5333 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 23:09:15.303757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:09:23.304908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:09:23.620825 0.063263 tcp 10.0.2.109 60428 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 23:09:23.684366 0.064577 tcp 10.0.2.109 60429 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 23:09:23.749339 0.156075 tcp 10.0.2.109 60430 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/13 23:09:23.906084 0.323772 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:24.230277 0.076103 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:24.306790 0.186440 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:24.493690 0.078757 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:09:39.308414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:10:11.314394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:16:20.327309 3.002095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 23:16:27.339679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:16:35.336702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:16:51.339277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:17:23.345431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:23:30.355655 3.125678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 23:23:37.457251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:23:45.391811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:24:01.378635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:24:33.383438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:29:24.733691 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 23:29:24.733802 1.022543 tcp 10.0.2.109 60431 -> 176.73.169.112 1959 FSPA* 0 0 14 1738 flow=From-Botnet-V1-TCP-Established 1970/02/13 23:30:37.390461 3.000730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 23:30:44.397202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:30:52.398593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:31:08.401382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:31:40.407389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:37:44.414373 3.000942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 23:37:51.421553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:37:59.427419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:38:15.425303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:38:47.431841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:39:49.311302 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 23:39:49.311473 0.000000 udp 10.0.2.109 3683 -> 217.83.146.219 5333 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/13 23:40:07.939191 0.062525 tcp 10.0.2.109 60432 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/13 23:40:08.002013 0.061482 tcp 10.0.2.109 60433 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/13 23:40:08.063814 0.152669 tcp 10.0.2.109 60434 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/13 23:40:08.216981 0.076539 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:08.293969 0.167751 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:08.462086 0.054810 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:08.517246 0.055843 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:08.573527 0.055672 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:08.629607 0.165675 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:08.795696 0.071114 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:08.867235 0.150148 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:09.017823 0.135845 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:09.154093 0.155192 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:09.309657 0.122016 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:09.432069 0.181688 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:09.614271 0.229253 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:09.843935 0.364953 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:10.209280 0.312478 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:10.522188 0.168725 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:10.691338 0.046699 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:10.738489 0.135663 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:10.874525 0.149478 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:11.024473 0.055682 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:11.080605 0.066405 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:11.147442 0.132492 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:11.280356 0.452016 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:11.732780 0.298762 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:12.031999 0.329063 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:12.361473 0.104538 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:12.466419 0.074490 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:40:12.541265 0.251010 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/13 23:44:51.437577 3.004231 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 23:44:58.446360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:45:06.446801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:45:22.449289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:45:54.455651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:54:05.464400 3.001483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/13 23:54:12.471683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:54:20.472918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:54:36.476039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:55:08.482160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/13 23:59:25.761773 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/13 23:59:25.761960 0.537548 tcp 10.0.2.109 60435 -> 176.73.169.112 1959 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:01:17.495602 3.001157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 00:01:24.509598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:01:32.504484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:01:48.507371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:02:20.718210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:08:40.533376 3.001125 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 00:08:47.544289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:08:55.541146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:09:11.544072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:09:43.550396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:10:25.771513 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 00:10:25.771623 0.066758 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:25.838844 0.164485 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:26.003810 0.051061 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:26.055237 0.064552 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:26.120160 0.058193 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:26.178774 0.165225 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:26.344365 0.074864 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:26.419687 0.144962 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:26.565073 0.125740 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:26.691264 0.188138 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:26.879857 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 00:10:42.397021 0.060451 tcp 10.0.2.109 60436 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:10:42.457740 0.062448 tcp 10.0.2.109 60437 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:10:42.520464 0.161835 tcp 10.0.2.109 60438 -> 195.113.214.249 443 SRPA* 0 0 40 22346 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:10:42.682871 0.151802 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:42.835063 0.136381 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:42.971806 0.359112 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:43.331256 0.315247 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:43.646859 0.167798 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:43.815072 0.045027 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:43.860442 0.130887 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:43.991757 0.064210 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:44.056353 0.136880 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:44.193679 0.449248 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:44.643316 0.146683 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:44.790568 0.053107 udp 10.0.2.109 3683 <-> 86.157.140.29 6148 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:44.844038 0.302297 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:45.146712 0.333575 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:45.480720 0.086451 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:45.567581 0.237829 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:10:45.805838 0.188733 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:15:47.561259 2.999991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 00:15:54.563571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:16:02.565104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:16:18.568350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:16:50.574331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:22:54.580535 3.001124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 00:23:01.591182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:23:09.589089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:23:25.592320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:23:57.598279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:29:26.301556 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 00:29:26.301664 0.708816 tcp 10.0.2.109 60439 -> 176.73.169.112 1959 FSPA* 0 0 14 1734 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:30:01.604783 3.000944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 00:30:08.611550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:30:16.613092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:30:32.615767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:31:04.621988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:37:08.628041 3.002034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 00:37:15.635355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:37:23.637357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:37:39.640055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:38:11.646246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:41:03.123182 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 00:41:03.123294 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 00:41:18.276411 0.062638 tcp 10.0.2.109 60440 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:41:18.339326 0.062893 tcp 10.0.2.109 60441 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:41:18.402547 0.171856 tcp 10.0.2.109 60442 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:41:18.574999 0.168069 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:18.743510 0.052107 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:18.796036 0.070493 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:18.866941 0.072986 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:18.940317 0.164252 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:19.104935 0.074695 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:19.180039 0.143816 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:19.324227 0.122863 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:19.447485 0.067612 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:19.515524 0.183871 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:19.699775 0.149184 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:19.849392 0.144493 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:19.994332 0.359878 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:20.354626 0.314986 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:20.669967 0.301328 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:20.971689 0.077315 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:21.049515 0.129451 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:21.179483 0.167822 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:21.347749 0.046949 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:21.395165 0.441443 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:21.836987 0.146824 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:21.984270 0.000000 udp 10.0.2.109 3683 -> 86.157.140.29 6148 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 00:41:40.008908 0.064248 tcp 10.0.2.109 60443 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:41:40.073470 0.063001 tcp 10.0.2.109 60444 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:41:40.136808 0.161126 tcp 10.0.2.109 60445 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/14 00:41:40.298646 0.298644 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:40.597689 0.066096 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:40.664176 0.185667 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:40.850262 0.334879 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:41:41.185623 0.142682 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/14 00:44:15.654848 2.998827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 00:44:22.659480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:44:30.661018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:44:46.664353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:45:18.671757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:53:43.679021 3.021368 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 00:53:50.706450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:53:58.707611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:54:14.710832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:54:46.716448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 00:59:27.020189 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 00:59:27.020369 0.556264 tcp 10.0.2.109 60446 -> 176.73.169.112 1959 FSPA* 0 0 14 1645 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:00:50.733037 3.001468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 01:00:57.740732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:01:05.742684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:01:21.748172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:01:53.750879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:08:03.765027 3.001403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 01:08:10.773130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:08:18.802933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:08:34.787471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:09:06.793722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:11:43.979595 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 01:11:43.979684 2.989412 udp 10.0.2.109 3683 -> 86.157.140.29 6148 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 01:11:46.969096 0.000000 icmp 86.157.140.29 0x0103 -> 10.0.2.109 0x569d URH 192 1 143 flow=Background 1970/02/14 01:11:59.573457 0.063795 tcp 10.0.2.109 60447 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:11:59.637528 0.079529 tcp 10.0.2.109 60448 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:11:59.717383 0.167223 tcp 10.0.2.109 60449 -> 195.113.214.249 443 SRPA* 0 0 43 21716 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:11:59.885298 0.065154 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:11:59.950916 0.057901 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:00.009291 0.165301 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:00.175042 0.051323 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:00.226783 0.070804 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:00.297963 0.151011 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:00.449400 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 01:12:15.835397 0.235786 tcp 10.0.2.109 60450 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:12:16.071045 0.065065 tcp 10.0.2.109 60451 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:12:16.136424 0.149975 tcp 10.0.2.109 60452 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:12:16.286921 0.061912 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:16.349246 0.185027 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:16.534643 0.181535 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:16.716572 0.123152 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:16.840127 0.315308 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:17.155826 0.358680 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:17.514939 0.137152 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:17.652494 0.130952 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:17.783830 0.168234 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:17.952545 0.044537 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:17.997501 0.562867 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:18.560796 0.136136 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:18.697359 0.065651 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:18.763399 0.147103 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:18.910908 0.183377 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:19.094691 0.302921 udp 10.0.2.109 3683 <-> 219.90.101.124 4944 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:19.397999 0.775175 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:20.173636 0.330057 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:12:20.504109 0.078064 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:15:11.800118 3.002387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 01:15:18.808400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:15:26.809991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:15:42.812208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:16:14.818772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:22:20.832913 2.996251 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 01:22:27.834551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:22:35.836125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:22:51.845105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:23:23.845161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:29:27.578931 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 01:29:27.579113 0.611683 tcp 10.0.2.109 60453 -> 176.73.169.112 1959 FSPA* 0 0 14 1606 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:29:27.851992 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 01:29:34.858871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:29:42.860611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:29:58.864689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:30:30.869468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:36:34.876459 3.000844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 01:36:41.883063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:36:49.886302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:37:05.889168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:37:37.893961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:42:23.875219 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 01:42:23.875414 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 01:42:40.530513 0.070605 tcp 10.0.2.109 60454 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:42:40.601422 0.063298 tcp 10.0.2.109 60455 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:42:40.665042 0.156230 tcp 10.0.2.109 60456 -> 195.113.214.249 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:42:40.821971 0.165204 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:40.987544 0.053820 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:41.041777 0.063625 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:41.105778 0.143908 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:41.250213 0.052453 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:41.303057 0.074779 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:41.378232 0.074412 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:41.453031 0.126737 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:41.580142 0.314001 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:41.894597 0.185104 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:42.080091 0.149526 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:42.230004 0.357323 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:42.587680 0.144357 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:42.732435 0.131000 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:42.863791 0.241290 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:43.105525 0.045500 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:43.151404 0.447393 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:43.599193 0.132924 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:43.732559 0.070644 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:43.803621 0.149670 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:43.953701 0.183567 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:42:44.137659 0.000000 udp 10.0.2.109 3683 -> 219.90.101.124 4944 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 01:43:02.170690 0.065395 tcp 10.0.2.109 60457 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:43:02.236368 0.061879 tcp 10.0.2.109 60458 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:43:02.298543 0.159153 tcp 10.0.2.109 60459 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 01:43:02.458500 0.104050 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:43:02.562949 0.373449 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:43:02.936834 0.087081 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/14 01:43:41.900038 3.001371 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 01:43:48.906885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:43:56.909291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:44:12.915078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:44:44.917058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:50:48.923421 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 01:50:55.930877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:51:03.932513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:51:19.935819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:51:51.941511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:57:55.948420 3.000569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 01:58:02.954804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:58:10.956481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:58:26.959400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:58:58.965375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 01:59:28.198045 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 01:59:28.198183 0.543137 tcp 10.0.2.109 60460 -> 176.73.169.112 1959 FSPA* 0 0 15 1634 flow=From-Botnet-V1-TCP-Established 1970/02/14 02:05:26.976219 3.001354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 02:05:33.985872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:05:41.984932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:05:57.987919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:06:29.994263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:12:39.007493 3.001499 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 02:12:46.014429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:12:54.015875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:13:10.025739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:13:13.584781 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:13:13.585002 0.308043 udp 10.0.2.109 3683 -> 219.90.101.124 4944 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:13:13.893045 0.000000 icmp 219.90.105.131 0x000b -> 10.0.2.109 0x0000 TXD 192 1 188 flow=Background 1970/02/14 02:13:29.088451 0.064489 tcp 10.0.2.109 60461 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 02:13:29.153256 0.063972 tcp 10.0.2.109 60462 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 02:13:29.217489 0.159190 tcp 10.0.2.109 60463 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 02:13:29.377302 4.869347 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 4 1233 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:29.440135 4.756017 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 4 1115 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:29.550403 4.837695 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 4 1159 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:29.705567 4.723797 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 989 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:29.759438 4.742320 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 4 1247 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:29.831412 4.747852 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 4 1094 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:29.894731 4.814170 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 4 1100 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:30.021769 4.687586 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 3 834 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:30.337384 4.688847 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 3 588 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:30.506821 0.361223 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:30.868504 0.136784 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:31.005688 0.133037 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:31.139164 0.150437 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:31.290019 0.183564 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:31.474002 0.471454 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:31.945820 0.131497 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:32.077739 0.072561 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:32.150790 0.147567 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:32.298767 0.165652 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:32.464873 0.045295 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:32.510559 0.185399 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:32.696311 0.165966 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:32.862705 0.331665 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:33.194794 0.082688 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:35.025664 0.000000 udp 10.0.2.109 3683 <- 175.195.224.65 6553 RSP 0 0 1 543 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:13:40.683305 0.362992 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 761 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:41.046832 0.137958 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 858 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:41.185272 0.133254 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 725 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:41.319003 0.149029 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 718 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:41.468515 0.182788 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 738 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:41.651711 0.493345 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 779 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:42.025262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:13:42.145728 0.131266 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 688 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:42.277449 0.068662 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 720 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:42.346582 0.147226 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:42.494398 0.161916 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 830 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:42.656735 0.048237 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 817 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:42.705489 0.182059 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 763 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:42.887997 0.066267 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 808 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:42.954689 0.078586 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 686 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:43.033721 0.332732 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 819 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:13:43.367033 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:13:51.118274 0.000000 udp 10.0.2.109 3683 -> 210.165.15.78 2368 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:13:58.509072 0.000000 udp 10.0.2.109 3683 -> 14.218.4.83 9628 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:14:05.709167 0.000000 udp 10.0.2.109 3683 -> 202.51.149.18 9759 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:14:12.128384 0.317584 udp 10.0.2.109 3683 <-> 218.145.118.7 9278 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:14:12.510402 0.000000 udp 10.0.2.109 3683 -> 95.226.160.37 6037 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:14:16.875112 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:14:19.548975 0.000000 udp 10.0.2.109 3683 -> 81.137.23.105 2689 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:14:26.208882 0.000000 udp 10.0.2.109 3683 -> 82.52.33.200 8711 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:14:35.011919 0.000000 udp 10.0.2.109 3683 -> 92.251.3.111 8911 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:14:43.443733 0.000000 udp 10.0.2.109 3683 -> 84.62.8.101 8800 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:14:48.651072 0.000000 udp 10.0.2.109 3683 -> 188.118.172.63 2531 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:14:57.213247 0.000000 udp 10.0.2.109 3683 -> 87.6.34.41 9881 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:15:02.072938 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:15:06.137801 0.000000 udp 10.0.2.109 3683 -> 24.142.200.82 2903 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:15:12.356947 0.000000 udp 10.0.2.109 3683 -> 2.90.44.175 3720 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:15:17.958880 0.000000 udp 10.0.2.109 3683 -> 110.44.127.165 4984 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:15:23.672960 0.000000 udp 10.0.2.109 3683 -> 97.95.42.2 2763 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:15:31.222203 0.000000 udp 10.0.2.109 3683 -> 58.88.195.236 8490 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:15:38.532804 0.000000 udp 10.0.2.109 3683 -> 94.67.213.177 5048 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:15:45.682957 0.000000 udp 10.0.2.109 3683 -> 182.72.246.121 3623 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:15:50.379558 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:15:54.065252 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:16:01.656094 0.000000 udp 10.0.2.109 3683 -> 95.253.2.192 2382 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:16:09.387310 0.000000 udp 10.0.2.109 3683 -> 90.148.41.111 8122 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:16:16.497275 0.000000 udp 10.0.2.109 3683 -> 80.178.145.152 5927 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:16:23.147104 0.000000 udp 10.0.2.109 3683 -> 79.236.137.62 8699 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:16:31.108557 0.000000 udp 10.0.2.109 3683 -> 95.225.194.16 4325 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:16:35.875166 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:16:39.180021 0.000000 udp 10.0.2.109 3683 -> 74.38.186.125 5879 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:16:44.397422 0.000000 udp 10.0.2.109 3683 -> 87.10.8.243 6020 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:16:50.876869 0.000000 udp 10.0.2.109 3683 -> 119.75.202.125 7533 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:16:57.647966 0.061795 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 800 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:16:57.887509 0.109208 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 800 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:16:58.174037 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:17:04.666103 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:17:13.168976 0.000000 udp 10.0.2.109 3683 -> 82.14.184.43 3165 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:17:21.000033 0.373338 udp 10.0.2.109 3683 -> 150.101.247.136 9233 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:17:21.373371 0.000000 icmp 150.101.247.136 0x0303 -> 10.0.2.109 0x1124 URP 192 1 314 flow=Background 1970/02/14 02:17:25.876386 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:17:29.372414 0.000000 udp 10.0.2.109 3683 -> 118.131.136.180 3963 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:17:36.432546 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:17:45.265114 0.000000 udp 10.0.2.109 3683 -> 175.156.15.199 3387 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:17:54.258375 0.000000 udp 10.0.2.109 3683 -> 217.84.201.188 8342 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:18:00.907592 0.000000 udp 10.0.2.109 3683 -> 122.174.124.102 8166 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:18:07.917734 0.000000 udp 10.0.2.109 3683 -> 86.145.145.228 9460 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:18:12.874076 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:18:15.789173 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:18:22.779055 0.000000 udp 10.0.2.109 3683 -> 151.84.80.40 6801 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:18:29.648747 0.000000 udp 10.0.2.109 3683 -> 78.177.33.39 8933 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:18:35.448923 0.085528 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 809 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:18:35.544781 0.000000 udp 10.0.2.109 3683 -> 85.108.234.255 6756 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:18:41.605727 0.056830 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 713 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:18:42.266631 0.042504 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:18:42.402660 0.098439 udp 10.0.2.109 3683 <-> 84.185.132.153 4448 CON 0 0 2 811 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:18:42.646927 0.000000 udp 10.0.2.109 3683 -> 77.49.183.223 7056 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:18:48.265489 0.059039 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 810 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:18:48.516397 0.000000 udp 10.0.2.109 3683 -> 212.95.252.147 6485 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:18:56.197692 0.000000 udp 10.0.2.109 3683 -> 46.49.69.148 1742 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:19:00.873360 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:19:04.338874 0.000000 udp 10.0.2.109 3683 -> 98.121.93.112 3875 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:19:10.718065 0.000000 udp 10.0.2.109 3683 -> 31.167.168.125 9348 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:19:15.765048 0.000000 udp 10.0.2.109 3683 -> 220.246.75.127 7950 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:19:23.318851 0.000000 udp 10.0.2.109 3683 -> 79.210.95.239 2613 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:19:29.434700 0.000000 udp 10.0.2.109 3683 -> 93.56.47.146 6531 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:19:37.726323 0.000000 udp 10.0.2.109 3683 -> 186.6.209.141 2209 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:19:44.576182 0.000000 udp 10.0.2.109 3683 -> 213.137.23.83 2376 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:19:48.034479 3.001323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 02:19:49.373162 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:19:53.378991 0.000000 udp 10.0.2.109 3683 -> 180.62.106.199 4674 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:19:55.064006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:20:00.439368 0.237786 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 831 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:20:01.036835 0.000000 udp 10.0.2.109 3683 -> 87.182.162.231 3558 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:20:03.042998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:20:06.908701 0.000000 udp 10.0.2.109 3683 -> 95.253.224.5 7276 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:20:15.611126 0.000000 udp 10.0.2.109 3683 -> 88.64.171.210 2740 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:20:19.045625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:20:22.731397 0.000000 udp 10.0.2.109 3683 -> 95.234.69.33 3508 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:20:28.189203 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:20:35.970491 0.000000 udp 10.0.2.109 3683 -> 81.186.0.58 4805 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:20:40.876789 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:20:44.192231 0.000000 udp 10.0.2.109 3683 -> 120.63.180.183 2628 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:20:51.052147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:20:51.973146 0.000000 udp 10.0.2.109 3683 -> 77.69.3.156 5794 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:20:57.090895 1.110394 udp 10.0.2.109 3683 <-> 121.245.58.233 7192 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:20:58.662210 0.000000 udp 10.0.2.109 3683 -> 75.130.82.58 1130 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:21:07.255399 0.317367 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 759 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:21:07.629331 0.316165 udp 10.0.2.109 3683 <-> 122.30.146.99 3402 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:21:08.049534 0.000000 udp 10.0.2.109 3683 -> 82.107.59.118 5881 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:21:16.408575 0.000000 udp 10.0.2.109 3683 -> 116.15.76.12 8875 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:21:21.825711 0.000000 udp 10.0.2.109 3683 -> 82.189.216.74 5286 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:21:26.372819 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:21:27.194241 0.307162 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 698 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:21:27.910275 0.000000 udp 10.0.2.109 3683 -> 94.164.43.206 6960 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:21:34.374638 0.000000 udp 10.0.2.109 3683 -> 81.74.145.38 7067 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:21:42.786353 0.000000 udp 10.0.2.109 3683 -> 182.72.183.170 9582 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:21:50.707983 0.000000 udp 10.0.2.109 3683 -> 58.7.76.253 1986 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:21:56.747278 0.000000 udp 10.0.2.109 3683 -> 165.228.234.25 7172 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:22:03.255945 0.000000 udp 10.0.2.109 3683 -> 94.94.150.193 2874 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:22:10.377312 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:22:15.061827 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:22:15.360399 0.000000 udp 10.0.2.109 3683 -> 82.59.142.56 4724 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:22:21.845464 0.000000 udp 10.0.2.109 3683 -> 67.173.105.190 8545 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:22:28.707846 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:22:37.415053 0.000000 udp 10.0.2.109 3683 -> 105.224.29.94 3616 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:22:45.238734 0.000000 udp 10.0.2.109 3683 -> 86.171.94.177 8315 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:22:52.086240 0.289258 udp 10.0.2.109 3683 <-> 219.64.70.212 6138 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:22:52.501566 0.054315 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 752 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:22:52.699423 0.163169 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 776 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:22:52.891007 0.381200 udp 10.0.2.109 3683 <-> 116.15.201.189 6288 CON 0 0 2 696 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:22:53.472000 0.069544 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 791 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:22:53.746644 0.000000 udp 10.0.2.109 3683 -> 93.69.14.162 8432 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:23:00.889066 0.000000 udp 10.0.2.109 3683 -> 81.174.5.43 5410 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:23:05.875904 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:23:08.650003 0.000000 udp 10.0.2.109 3683 -> 171.5.251.9 8758 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:23:16.841354 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:23:25.724760 0.000000 udp 10.0.2.109 3683 -> 202.62.72.186 1951 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:23:32.444157 0.000000 udp 10.0.2.109 3683 -> 87.3.154.71 3130 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:23:40.936551 0.000000 udp 10.0.2.109 3683 -> 151.24.87.169 7445 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:23:48.577489 0.031473 udp 10.0.2.109 3683 -> 87.193.194.242 4425 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:23:48.608962 0.000000 icmp 87.193.194.242 0x0303 -> 10.0.2.109 0x4911 URP 192 1 289 flow=Background 1970/02/14 02:23:53.373960 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:23:54.185465 0.000000 udp 10.0.2.109 3683 -> 87.164.58.72 9021 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:24:00.464301 0.000000 udp 10.0.2.109 3683 -> 79.4.230.88 6744 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:24:08.135518 0.000000 udp 10.0.2.109 3683 -> 2.35.133.251 8254 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:24:16.317277 0.000000 udp 10.0.2.109 3683 -> 151.45.197.124 9853 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:24:23.828038 0.000000 udp 10.0.2.109 3683 -> 95.240.205.58 3292 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:24:32.129947 0.000000 udp 10.0.2.109 3683 -> 79.34.78.198 2362 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:24:40.501933 0.000000 udp 10.0.2.109 3683 -> 88.45.124.244 1058 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:24:45.379005 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:24:46.009972 0.000000 udp 10.0.2.109 3683 -> 82.142.122.1 3934 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:24:52.529262 0.000000 udp 10.0.2.109 3683 -> 82.188.186.139 3828 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:24:59.949733 0.281086 udp 10.0.2.109 3683 <-> 14.97.57.10 5142 CON 0 0 2 816 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:25:00.315934 0.000000 udp 10.0.2.109 3683 -> 91.38.51.238 7718 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:25:05.768399 0.000000 udp 10.0.2.109 3683 -> 79.6.88.53 3720 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:25:11.486978 0.000000 udp 10.0.2.109 3683 -> 91.177.236.69 6937 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:25:19.127276 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:25:25.556687 0.300692 udp 10.0.2.109 3683 -> 58.137.105.57 2331 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:25:25.857379 0.000000 icmp 58.137.253.62 0x0303 -> 10.0.2.109 0x1b09 URP 192 1 192 flow=Background 1970/02/14 02:25:30.378583 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:25:31.577448 0.186776 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 855 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:25:32.273645 0.000000 udp 10.0.2.109 3683 -> 195.212.29.172 4094 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:25:38.064742 0.000000 udp 10.0.2.109 3683 -> 151.24.65.131 4856 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:25:47.027179 0.000000 udp 10.0.2.109 3683 -> 176.221.10.118 1106 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:25:55.790051 0.000000 udp 10.0.2.109 3683 -> 123.243.244.215 3396 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 02:26:55.057810 3.001800 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 02:27:02.065227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:27:10.067285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:27:26.069768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:27:58.085850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:29:28.748393 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:29:28.748595 0.896618 tcp 10.0.2.109 60464 -> 176.73.169.112 1959 FSPA* 0 0 14 1683 flow=From-Botnet-V1-TCP-Established 1970/02/14 02:34:02.092136 3.004681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 02:34:09.099754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:34:17.100978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:34:33.103813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:35:05.110026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:41:09.115645 3.001823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 02:41:16.123349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:41:24.124965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:41:40.127730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:42:12.133846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:48:16.140784 3.000686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 02:48:23.147355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:48:31.152037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:48:47.151934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:49:19.157844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:55:51.164654 3.001279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 02:55:58.171975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:56:06.173001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:56:15.737169 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:56:15.737393 0.065385 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:15.803231 0.064879 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:15.868483 0.155093 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:16.024022 0.052607 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:16.077094 0.074932 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:16.152472 0.071549 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:16.224432 0.126442 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:16.351271 0.315855 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:16.667516 0.353897 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:17.021835 0.138730 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:17.160964 0.130874 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:17.292216 0.130435 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:17.423070 0.149454 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:17.572908 0.188460 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:17.761783 0.445674 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:18.207829 0.145924 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:18.354319 0.168528 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:18.523223 0.045167 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:18.568814 0.185298 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:18.754520 0.218286 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:18.973219 0.084018 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:19.057587 0.071945 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:19.129940 0.329065 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:19.459420 0.337044 udp 10.0.2.109 3683 <-> 218.145.118.7 9278 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:19.796927 0.115852 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:19.913209 0.061956 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:19.975551 0.072642 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:20.048631 0.056670 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:20.105686 0.084222 udp 10.0.2.109 3683 <-> 84.185.132.153 4448 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:20.190530 0.045983 udp 10.0.2.109 3683 <-> 84.130.217.153 8279 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:20.236934 0.048690 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:20.286026 0.225693 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:20.512081 0.783754 udp 10.0.2.109 3683 <-> 121.245.58.233 7192 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:21.296262 0.318648 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:21.615283 0.303153 udp 10.0.2.109 3683 <-> 122.30.146.99 3402 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:21.918901 0.312108 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:22.176037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:56:22.231356 0.163012 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:22.394802 0.054624 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:22.449888 0.263776 udp 10.0.2.109 3683 <-> 219.64.70.212 6138 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:22.714086 0.385894 udp 10.0.2.109 3683 <-> 116.15.201.189 6288 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:23.100368 0.064738 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:23.165493 0.218923 udp 10.0.2.109 3683 <-> 14.97.57.10 5142 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:23.384803 0.182978 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/14 02:56:54.182214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 02:59:29.646553 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 02:59:29.646720 0.508262 tcp 10.0.2.109 60465 -> 176.73.169.112 1959 FSPA* 0 0 16 1666 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:02:58.188915 3.000691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 03:03:05.195490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:03:13.196947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:03:29.200146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:04:01.205882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:10:05.211948 3.001647 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 03:10:12.219891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:10:20.221110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:10:36.224093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:11:08.229994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:17:12.236381 3.001090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 03:17:19.243499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:17:27.244999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:17:43.248378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:18:15.254017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:24:19.260125 3.001560 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 03:24:26.267413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:24:34.268824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:24:50.271943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:25:22.277918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:26:53.068705 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 03:26:53.068812 0.063771 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:53.132984 0.059416 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:53.192805 0.075190 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:53.268407 0.071907 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:53.340670 0.123614 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:53.464675 0.143404 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:53.608550 0.051973 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:53.660912 0.325048 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:53.986350 0.357624 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:54.344350 0.136019 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:54.480893 0.130703 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:54.611985 0.180295 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:54.792680 0.131876 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:54.924930 0.150538 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:55.075906 0.168572 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:55.244865 0.045120 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:55.290507 0.455990 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:55.746918 0.153079 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:55.900386 0.184452 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:56.085228 0.287770 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:56.373520 0.084058 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:56.457965 0.066745 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:56.525138 0.116527 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:56.642102 0.358038 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:57.000515 0.343337 udp 10.0.2.109 3683 <-> 218.145.118.7 9278 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:57.344297 0.060414 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:57.405105 0.076020 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:57.481500 0.054650 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:57.536521 0.086024 udp 10.0.2.109 3683 <-> 84.185.132.153 4448 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:26:57.623009 0.000000 udp 10.0.2.109 3683 -> 84.130.217.153 8279 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 03:27:15.803612 0.064777 tcp 10.0.2.109 60466 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:27:15.868690 0.110169 tcp 10.0.2.109 60467 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:27:15.979160 0.157189 tcp 10.0.2.109 60468 -> 195.113.214.249 443 SRPA* 0 0 43 27595 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:27:16.136896 0.057035 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:16.194457 0.870835 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:17.065652 0.000000 udp 10.0.2.109 3683 -> 121.245.58.233 7192 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 03:27:35.650193 0.066166 tcp 10.0.2.109 60469 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:27:35.716682 0.060659 tcp 10.0.2.109 60470 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:27:35.777736 0.171792 tcp 10.0.2.109 60471 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:27:35.950073 0.331549 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:36.282026 0.302673 udp 10.0.2.109 3683 <-> 122.30.146.99 3402 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:36.585047 0.055820 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:36.641342 0.314663 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:36.956392 0.162940 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:37.119797 0.268741 udp 10.0.2.109 3683 <-> 219.64.70.212 6138 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:37.388906 0.000000 udp 10.0.2.109 3683 -> 116.15.201.189 6288 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 03:27:54.046717 0.063674 tcp 10.0.2.109 60472 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:27:54.110705 0.074602 tcp 10.0.2.109 60473 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:27:54.185611 0.152461 tcp 10.0.2.109 60474 -> 195.113.214.249 443 SRPA* 0 0 25 14710 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:27:54.338631 0.062371 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:54.401399 0.295780 udp 10.0.2.109 3683 <-> 14.97.57.10 5142 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:27:54.697568 0.184033 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:29:30.154870 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 03:29:30.154986 0.690182 tcp 10.0.2.109 60475 -> 176.73.169.112 1959 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:31:26.283129 3.002569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 03:31:33.291985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:31:41.292742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:31:57.295979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:32:29.446746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:38:33.317707 3.001865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 03:38:40.327692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:38:48.326907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:39:04.329809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:39:36.336013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:45:40.349443 2.996198 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 03:45:47.355318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:45:55.351384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:46:11.353872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:46:43.359883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:54:28.371973 3.000579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 03:54:35.378679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:54:43.379944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:54:59.382964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:55:31.388926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 03:58:09.416850 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 03:58:09.416965 0.000000 udp 10.0.2.109 3683 -> 84.130.217.153 8279 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 03:58:24.540135 0.061547 tcp 10.0.2.109 60476 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:58:24.601971 0.061369 tcp 10.0.2.109 60477 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:58:24.663600 0.157372 tcp 10.0.2.109 60478 -> 195.113.214.249 443 SRPA* 0 0 45 37188 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:58:24.821665 0.000000 udp 10.0.2.109 3683 -> 121.245.58.233 7192 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 03:58:39.970811 0.061496 tcp 10.0.2.109 60479 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:58:40.032636 0.069568 tcp 10.0.2.109 60480 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:58:40.102517 0.174197 tcp 10.0.2.109 60481 -> 195.113.214.249 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:58:40.277227 0.000000 udp 10.0.2.109 3683 -> 116.15.201.189 6288 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 03:58:55.443003 0.062669 tcp 10.0.2.109 60482 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:58:55.506222 0.063052 tcp 10.0.2.109 60483 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:58:55.569565 0.153106 tcp 10.0.2.109 60484 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:58:55.723206 0.126714 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:55.850348 0.071121 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:55.921863 0.045090 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:55.967418 0.336676 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:56.304549 0.064456 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:56.369377 0.147903 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:56.517648 0.067218 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:56.585257 0.061139 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:56.646790 0.130912 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:56.778332 0.132871 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:56.911680 0.365152 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:57.277239 0.152047 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:57.429629 0.187678 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:57.617681 0.156005 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:57.774261 0.149322 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:57.923958 0.174334 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:58.098750 0.442918 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:58.542044 0.047947 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:58.590563 0.106505 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:58.697492 0.088855 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:58.786732 0.276341 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:59.063485 0.249612 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:59.313525 0.073907 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:59.387815 0.056825 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:59.445046 0.082816 udp 10.0.2.109 3683 <-> 84.185.132.153 4448 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:59.528269 0.062532 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:59.591189 0.357987 udp 10.0.2.109 3683 <-> 218.145.118.7 9278 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:58:59.949618 0.333093 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:00.283129 0.078870 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:00.362420 0.051199 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:00.414005 1.273063 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:01.687500 0.054855 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:01.742782 0.311741 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:02.054972 0.323311 udp 10.0.2.109 3683 <-> 122.30.146.99 3402 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:02.378713 0.334307 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:02.713429 0.255857 udp 10.0.2.109 3683 <-> 219.64.70.212 6138 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:02.969645 0.163558 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:03.133669 0.182868 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:03.316998 0.063340 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/14 03:59:03.380726 0.000000 udp 10.0.2.109 3683 -> 14.97.57.10 5142 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 03:59:20.899616 0.063164 tcp 10.0.2.109 60485 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:59:20.963121 0.062289 tcp 10.0.2.109 60486 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:59:21.025773 0.169457 tcp 10.0.2.109 60487 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 03:59:30.853542 0.478585 tcp 10.0.2.109 60488 -> 176.73.169.112 1959 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/02/14 04:01:59.399922 3.001149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 04:02:06.406867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:02:14.408667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:02:30.411423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:03:02.418916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:09:07.424419 3.261258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 04:09:14.658711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:09:22.586376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:09:38.446940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:10:10.453040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:16:19.465727 3.001874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 04:16:26.476951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:16:34.475195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:16:50.477791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:17:22.484241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:23:29.494499 3.001493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 04:23:36.503208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:23:44.503408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:24:00.506311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:24:32.512971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:29:25.063379 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 04:29:25.063492 0.000000 udp 10.0.2.109 3683 -> 14.97.57.10 5142 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 04:29:31.332329 0.494079 tcp 10.0.2.109 60489 -> 176.73.169.112 1959 FSPA* 0 0 15 1647 flow=From-Botnet-V1-TCP-Established 1970/02/14 04:29:42.049752 0.063493 tcp 10.0.2.109 60490 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 04:29:42.113489 0.063136 tcp 10.0.2.109 60491 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 04:29:42.176935 0.162947 tcp 10.0.2.109 60492 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 04:29:42.340468 0.056069 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:42.396995 0.339846 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:42.737214 0.060470 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:42.798295 0.164943 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:42.963622 0.130829 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:43.094941 0.074747 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:43.170344 0.060082 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:43.230823 0.132000 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:43.363284 0.132711 rtcp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:43.496404 0.362998 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:43.859859 0.144506 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:44.004812 0.074122 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:44.337691 0.242792 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:44.580928 0.183310 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:44.764646 0.161148 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:44.926245 0.183141 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:45.109767 0.128108 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:45.238283 0.074572 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:45.313242 0.053576 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:45.367239 0.467278 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:45.834931 0.481619 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:46.316924 0.069970 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:46.387291 0.191113 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:46.578771 0.078391 udp 10.0.2.109 3683 <-> 84.185.132.153 4448 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:46.657588 0.059874 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:46.717830 0.056365 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:46.774616 0.049581 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:46.824611 0.350567 udp 10.0.2.109 3683 <-> 218.145.118.7 9278 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:47.175620 0.319515 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:47.495604 0.082677 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:47.578667 0.865752 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:48.444875 0.314422 udp 10.0.2.109 3683 <-> 210.210.116.215 8899 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:48.759664 0.055932 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:48.816036 0.162907 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:48.979318 0.299882 udp 10.0.2.109 3683 <-> 122.30.146.99 3402 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:49.279590 0.368429 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:49.648458 0.256768 udp 10.0.2.109 3683 <-> 219.64.70.212 6138 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:49.905679 0.185813 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:29:50.091872 0.061877 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/14 04:30:36.518112 3.001926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 04:30:43.525890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:30:51.527419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:31:07.530458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:31:39.536359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:37:43.542301 3.001648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 04:37:50.549761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:37:58.551069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:38:14.553749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:38:46.560219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:44:50.571005 2.997071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 04:44:57.578105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:45:05.580615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:45:21.588420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:45:53.584183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:54:04.594613 2.999919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 04:54:11.600113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:54:19.601773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:54:35.607256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:55:07.610614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 04:59:31.831149 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 04:59:31.831260 0.471652 tcp 10.0.2.109 60493 -> 176.73.169.112 1959 FSPA* 0 0 14 1745 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:00:14.993008 0.074363 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:15.067791 0.155922 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:15.224150 0.052928 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:15.277517 0.330137 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:15.608079 0.132014 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:15.740535 0.074922 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:15.815831 0.055874 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:15.872077 0.131718 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:16.004299 0.130669 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:16.135379 0.362282 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:16.498031 0.167176 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:16.665704 0.148903 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:16.815089 0.160947 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:16.976502 0.141253 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:17.118357 0.073027 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:17.191805 0.179275 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:17.371452 0.109205 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:17.481063 0.084207 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:17.565694 0.050558 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:17.616753 0.483242 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:18.100438 0.184427 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:18.287448 0.083756 udp 10.0.2.109 3683 <-> 84.185.132.153 4448 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:18.371653 0.060209 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:18.432271 0.053762 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:18.486580 0.047967 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:18.534928 0.236011 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:18.771992 0.067018 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:18.839468 0.374027 udp 10.0.2.109 3683 <-> 218.145.118.7 9278 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:19.213865 0.331411 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:19.545679 0.076088 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:19.622203 0.055693 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:19.678314 0.162886 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:19.841570 0.774651 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:19.869467 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 05:00:20.616691 0.000000 udp 10.0.2.109 3683 -> 210.210.116.215 8899 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 05:00:39.119098 0.064997 tcp 10.0.2.109 60494 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:00:39.184404 0.062436 tcp 10.0.2.109 60495 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:00:39.247146 0.166134 tcp 10.0.2.109 60496 -> 195.113.214.249 443 SRPA* 0 0 42 22132 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:00:39.413952 0.302699 udp 10.0.2.109 3683 <-> 122.30.146.99 3402 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:39.717054 0.346891 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:40.064335 0.269692 udp 10.0.2.109 3683 <-> 219.64.70.212 6138 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:40.334421 0.186448 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:00:40.521297 0.063467 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:01:17.625159 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 05:01:24.632966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:01:32.634358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:01:48.637318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:02:20.643419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:08:41.654186 3.001292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 05:08:48.661334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:08:56.662649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:09:12.665447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:09:44.671699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:15:48.679642 3.000042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 05:15:55.685388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:16:03.686735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:16:19.689707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:16:51.695793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:22:55.702133 3.001170 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 05:23:02.709126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:23:10.710761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:23:26.713430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:23:58.719861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:29:32.310003 0.000311 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 05:29:32.310414 0.487748 tcp 10.0.2.109 60497 -> 176.73.169.112 1959 FSPA* 0 0 14 1615 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:30:02.725777 3.001807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 05:30:09.733377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:30:17.745136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:30:33.747847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:30:49.250609 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 05:30:49.250729 3.301582 udp 10.0.2.109 3683 -> 210.210.116.215 8899 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 05:30:52.552311 0.000000 icmp 124.7.176.10 0x0103 -> 10.0.2.109 0xd2d2 URH 192 1 201 flow=Background 1970/02/14 05:31:05.424896 0.062128 tcp 10.0.2.109 60498 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:31:05.487299 0.061738 tcp 10.0.2.109 60499 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:31:05.549304 0.164224 tcp 10.0.2.109 60500 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:31:05.714056 0.055735 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:05.753984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:31:05.770221 0.362826 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:06.133437 0.064217 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:06.198248 0.159983 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:06.358685 0.074820 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:06.433926 0.063689 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:06.497967 0.130729 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:06.629072 0.130797 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:06.760526 0.000000 udp 10.0.2.109 3683 -> 61.250.167.140 8982 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 05:31:23.509798 0.067836 tcp 10.0.2.109 60501 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:31:23.577912 0.065375 tcp 10.0.2.109 60502 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:31:23.643640 0.159722 tcp 10.0.2.109 60503 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:31:23.804240 0.197162 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:24.001779 0.126484 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:24.128671 0.152963 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:24.282015 0.150217 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:24.432668 0.072805 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:24.505820 0.180415 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:24.686619 0.115409 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:24.802529 0.078154 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:24.881055 0.050008 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:24.931575 0.145196 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:25.077221 0.059632 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:25.137301 0.054934 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:25.192636 0.054382 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:25.247387 0.184602 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:25.432399 0.690596 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:26.123413 0.088876 udp 10.0.2.109 3683 <-> 84.185.132.153 4448 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:26.212700 0.401883 udp 10.0.2.109 3683 <-> 218.145.118.7 9278 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:26.614972 0.330448 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:26.945819 0.080108 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:27.026324 0.054147 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:27.080888 0.202065 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:27.283392 0.068414 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:27.352158 0.165007 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:27.517538 0.222165 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:27.740082 0.314039 udp 10.0.2.109 3683 <-> 122.30.146.99 3402 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:28.054577 0.182477 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:28.237456 0.067581 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:28.305454 0.353319 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/14 05:31:28.659253 0.000000 udp 10.0.2.109 3683 -> 219.64.70.212 6138 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 05:31:47.434219 0.064054 tcp 10.0.2.109 60504 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:31:47.498567 0.063648 tcp 10.0.2.109 60505 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:31:47.562530 0.175786 tcp 10.0.2.109 60506 -> 195.113.214.249 443 SRPA* 0 0 28 12100 flow=From-Botnet-V1-TCP-Established 1970/02/14 05:37:09.758777 3.049552 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 05:37:16.789128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:37:24.778729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:37:40.781655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:38:12.787644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:44:16.797827 2.997426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 05:44:23.801169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:44:31.802486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:44:47.805788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:45:19.815897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:53:43.819002 3.001187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 05:53:50.826798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:53:58.827524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:54:14.831172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:54:46.836984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 05:59:32.798541 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 05:59:32.798626 0.546153 tcp 10.0.2.109 60507 -> 176.73.169.112 1959 FSPA* 0 0 14 1541 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:00:50.843246 3.001501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 06:00:57.850444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:01:05.851894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:01:21.854827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:01:53.861084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:02:14.641179 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 06:02:14.641321 0.365564 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:15.007311 0.000000 udp 10.0.2.109 3683 -> 219.64.70.212 6138 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 06:02:32.197929 0.067901 tcp 10.0.2.109 60508 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:02:32.266068 0.098304 tcp 10.0.2.109 60509 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:02:32.364619 0.161025 tcp 10.0.2.109 60510 -> 195.113.214.249 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:02:32.526543 0.051405 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:32.578370 0.239600 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:32.818377 0.074336 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:32.893068 0.059078 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:32.952558 0.132631 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:33.085586 0.132367 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:33.218328 0.063556 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:33.282450 0.341796 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:33.624684 0.126724 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:33.751851 0.303842 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:34.056149 0.150804 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:34.207366 0.075330 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:34.283149 0.184741 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:34.468335 0.108389 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:34.577151 0.080172 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:34.657723 0.051887 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:34.709984 0.157128 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:34.867570 0.150885 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:35.018881 0.053890 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:35.073129 0.055349 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:35.128839 0.184248 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:35.313531 0.059793 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:35.373717 0.350293 udp 10.0.2.109 3683 <-> 218.145.118.7 9278 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:35.724440 0.323405 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:36.048235 0.636099 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:36.684771 0.080227 udp 10.0.2.109 3683 <-> 84.185.132.153 4448 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:36.765349 0.053835 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:36.819575 0.138659 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:36.958615 0.076456 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:37.035414 0.163247 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:37.199132 0.229292 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:37.428791 0.066716 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:37.495984 0.388723 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:37.885074 0.307776 udp 10.0.2.109 3683 <-> 122.30.146.99 3402 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:38.193252 0.185300 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:02:38.378928 0.065378 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:08:04.877503 3.001330 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 06:08:11.883858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:08:19.885729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:08:35.888835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:09:07.894695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:15:12.902815 3.001207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 06:15:19.909823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:15:27.911244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:15:43.914811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:16:15.921256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:22:21.929379 3.001628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 06:22:28.938548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:22:37.014516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:22:52.951148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:23:24.957159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:29:28.963387 3.001840 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 06:29:33.347702 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 06:29:33.347818 0.551705 tcp 10.0.2.109 60511 -> 176.73.169.112 1959 FSPA* 0 0 15 1776 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:29:35.970858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:29:43.972092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:29:59.975195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:30:31.981026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:32:57.350647 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 06:32:57.350814 0.368142 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:57.719397 0.056160 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:57.775920 0.156869 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:57.933240 0.074774 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:58.008398 0.056468 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:58.065399 0.131499 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:58.197265 0.136584 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:58.334327 0.060916 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:58.395621 0.166993 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:58.562973 0.148893 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:58.712322 0.078913 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:58.791630 0.360407 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:59.152525 0.124990 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:59.277844 0.185216 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 588 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:59.463551 0.104400 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:59.568319 0.168668 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:59.737385 0.050048 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:59.787806 0.154252 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:32:59.942519 0.137667 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:00.080552 0.185119 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:00.266090 0.060587 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:00.327106 0.000000 udp 10.0.2.109 3683 -> 218.145.118.7 9278 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 06:33:18.462801 0.071538 tcp 10.0.2.109 60512 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:33:18.534569 0.068990 tcp 10.0.2.109 60513 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:33:18.603904 1.819227 tcp 10.0.2.109 60514 -> 195.113.214.249 443 SRPA* 0 0 41 28087 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:33:20.423791 0.053820 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:20.477990 0.060077 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:20.538607 0.423650 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:20.962676 0.448321 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:21.411393 0.079062 udp 10.0.2.109 3683 <-> 84.185.132.153 4448 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:21.490904 0.055771 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:21.547078 0.112856 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:21.660327 0.076290 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:21.737010 0.164419 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:21.901802 0.340588 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:22.242753 0.222538 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:22.465708 0.072694 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:22.538829 0.064245 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:33:22.603526 0.000000 udp 10.0.2.109 3683 -> 122.30.146.99 3402 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 06:33:41.504421 0.069575 tcp 10.0.2.109 60515 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:33:41.573743 0.046108 tcp 10.0.2.109 60516 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:33:41.620206 0.155609 tcp 10.0.2.109 60517 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/14 06:33:41.776308 0.186395 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/14 06:36:35.986751 3.002562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 06:36:42.996622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:36:50.996126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:37:06.999255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:37:39.005336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:43:43.011025 3.002114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 06:43:50.019072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:43:58.020235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:44:14.023090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:44:46.029309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:50:50.035115 3.001662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 06:50:57.042797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:51:05.044389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:51:21.047304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:51:53.053135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:57:57.059306 3.001553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 06:58:04.066791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:58:12.067964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:58:28.071110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:59:00.076920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 06:59:33.906511 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 06:59:33.906622 0.450684 tcp 10.0.2.109 60518 -> 176.73.169.112 1959 FSPA* 0 0 14 1742 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:03:43.314817 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 07:03:43.315030 0.000000 udp 10.0.2.109 3683 -> 218.145.118.7 9278 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 07:04:00.240408 0.069705 tcp 10.0.2.109 60519 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:04:00.310443 0.063375 tcp 10.0.2.109 60520 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:04:00.374198 0.161271 tcp 10.0.2.109 60521 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:04:00.536023 0.000000 udp 10.0.2.109 3683 -> 122.30.146.99 3402 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 07:04:15.652073 0.066487 tcp 10.0.2.109 60522 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:04:15.718812 0.063044 tcp 10.0.2.109 60523 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:04:15.781661 0.159212 tcp 10.0.2.109 60524 -> 195.113.214.249 443 SRPA* 0 0 20 11520 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:04:15.941437 0.147461 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:16.089321 0.053625 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:16.143335 0.375415 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:16.519145 0.074638 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:16.594134 0.130621 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:16.983472 0.058542 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:17.042439 0.192415 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:17.235249 0.151518 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:17.387206 0.063595 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:17.451176 0.131041 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:17.582621 0.055376 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:17.638430 0.110031 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:17.748846 0.074713 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:17.823907 0.049568 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:17.873824 0.158202 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:18.032404 0.126211 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:18.158972 0.188050 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:18.399646 0.314318 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:18.714500 0.058728 udp 10.0.2.109 3683 <-> 217.220.223.100 5287 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:18.773565 0.185832 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:18.959764 0.139015 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:19.099276 0.373172 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:19.472805 0.053862 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:19.527055 0.056032 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:19.583722 0.462043 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:20.046381 0.473056 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:20.519826 0.071428 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:20.591647 0.164332 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:20.756423 0.055954 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:20.812802 0.000000 udp 10.0.2.109 3683 -> 84.185.132.153 4448 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 07:04:37.152097 0.063233 tcp 10.0.2.109 60525 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:04:37.215631 0.062929 tcp 10.0.2.109 60526 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:04:37.278823 0.159022 tcp 10.0.2.109 60527 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:04:37.438474 0.062441 udp 10.0.2.109 3683 <-> 109.150.83.63 8747 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:37.501362 0.323971 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:37.825743 0.218701 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:38.044882 0.078600 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:04:38.123949 0.183137 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:05:13.085724 3.002004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 07:05:20.093543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:05:28.094976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:05:44.097902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:06:16.104047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:12:20.109934 3.002779 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 07:12:27.117305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:12:35.118851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:12:51.121946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:13:23.128441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:19:27.134645 3.002047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 07:19:34.141362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:19:42.142907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:19:58.145924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:20:30.164980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:26:34.167299 3.006110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 07:26:41.175301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:26:49.177023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:27:05.179930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:27:37.185919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:29:34.364802 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 07:29:34.364966 0.512376 tcp 10.0.2.109 60528 -> 176.73.169.112 1959 FSPA* 0 0 15 1559 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:33:41.191775 3.001815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 07:33:48.201457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:33:56.203790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:34:12.203961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:34:38.451881 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 07:34:38.452090 0.000000 udp 10.0.2.109 3683 -> 84.185.132.153 4448 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 07:34:44.209705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:34:56.499272 0.072979 tcp 10.0.2.109 60529 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:34:56.572610 0.065083 tcp 10.0.2.109 60530 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:34:56.637951 0.161713 tcp 10.0.2.109 60531 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:34:56.800210 0.149227 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:56.949865 0.053471 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.003714 0.075470 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.079608 0.127502 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.207531 0.063081 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.271021 0.168029 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.439437 0.155398 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.595241 0.060739 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.656342 0.134079 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.790856 0.056685 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.847942 0.117291 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:57.965659 0.355653 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:58.321743 0.051186 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:58.373323 0.074616 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:58.448340 0.126423 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:58.575142 0.184554 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:58.760137 0.314706 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:34:59.075299 0.000000 udp 10.0.2.109 3683 -> 217.220.223.100 5287 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 07:35:14.694460 0.072097 tcp 10.0.2.109 60532 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:35:14.766831 0.073525 tcp 10.0.2.109 60533 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:35:14.840673 0.158257 tcp 10.0.2.109 60534 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:35:14.999513 0.203094 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:15.202997 0.142074 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:15.345465 0.327962 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:15.673841 0.054048 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:15.728274 0.154835 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:15.883526 0.458010 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:16.341936 0.215169 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:16.557481 0.081208 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:16.639081 0.165754 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:16.805288 0.056712 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:16.862430 0.053887 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:16.916696 0.000000 udp 10.0.2.109 3683 -> 109.150.83.63 8747 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 07:35:32.653469 0.074191 tcp 10.0.2.109 60535 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:35:32.727947 0.072213 tcp 10.0.2.109 60536 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:35:32.800491 0.170191 tcp 10.0.2.109 60537 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 07:35:32.971210 0.065275 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:33.036935 0.185902 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:33.223265 0.317756 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:35:33.541474 0.247318 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/14 07:40:48.219755 2.997926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 07:40:55.228691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:41:03.224605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:41:19.227930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:41:51.233804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:47:55.239643 3.002024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 07:48:02.253061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:48:10.249067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:48:26.251956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:48:58.257840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:55:39.266388 3.002497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 07:55:46.274531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:55:54.276125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:56:10.279030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:56:42.284823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 07:59:34.883608 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 07:59:34.883753 0.531077 tcp 10.0.2.109 60538 -> 176.73.169.112 1959 FSPA* 0 0 15 1752 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:02:52.299529 3.001819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 08:02:59.306841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:03:07.308549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:03:23.311616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:03:55.318571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:05:52.786717 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 08:05:52.786901 0.000000 udp 10.0.2.109 3683 -> 217.220.223.100 5287 INT 0 1 107 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 08:06:11.585257 0.045891 tcp 10.0.2.109 60539 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:06:11.631370 0.075193 tcp 10.0.2.109 60540 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:06:11.706825 0.164522 tcp 10.0.2.109 60541 -> 195.113.214.249 443 SRPA* 0 0 29 13256 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:06:11.871856 0.000000 udp 10.0.2.109 3683 -> 109.150.83.63 8747 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 08:06:28.678367 0.045612 tcp 10.0.2.109 60542 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:06:28.724221 0.075602 tcp 10.0.2.109 60543 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:06:28.800033 0.161519 tcp 10.0.2.109 60544 -> 195.113.214.249 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:06:28.962249 0.132888 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:29.095592 0.064134 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:29.095927 2.996975 tcp 10.0.2.109 60545 -> 74.56.71.57 7932 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/14 08:06:29.231371 0.060372 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:29.292156 0.151876 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:29.444424 0.064228 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:29.509140 0.130712 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:29.640285 0.168429 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:29.809171 0.074613 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:29.884192 0.148238 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:30.032789 0.360557 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:30.393761 0.050012 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:30.444169 0.077144 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:30.521748 0.122647 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:30.644829 0.179751 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:30.824992 0.053671 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:30.879068 0.108086 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:30.987570 0.326275 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:31.314393 0.357311 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:31.672101 0.059288 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:31.731839 0.152221 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:31.884444 0.253008 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:32.137846 0.117281 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:32.255478 0.071621 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:32.327488 0.158047 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:32.486010 0.485210 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:32.971653 0.164206 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:33.136250 0.054193 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:33.190843 0.000000 udp 10.0.2.109 3683 -> 86.134.204.82 1440 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 08:06:38.091614 0.000000 tcp 10.0.2.109 60545 -> 74.56.71.57 7932 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/14 08:06:49.488403 0.047472 tcp 10.0.2.109 60546 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:06:49.536198 0.128735 tcp 10.0.2.109 60547 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:06:49.665207 0.166396 tcp 10.0.2.109 60548 -> 195.113.214.249 443 SRPA* 0 0 23 13178 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:06:49.832235 0.327639 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:50.160285 0.219475 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:06:50.380169 0.000000 udp 10.0.2.109 3683 -> 86.146.251.178 3180 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 08:07:06.133620 0.046332 tcp 10.0.2.109 60549 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:07:06.180236 0.075223 tcp 10.0.2.109 60550 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:07:06.255810 0.157567 tcp 10.0.2.109 60551 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:07:06.413942 0.185574 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:09:59.325662 3.002927 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 08:10:06.331201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:10:14.332541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:10:30.335723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:11:02.341760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:17:06.347379 3.001833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 08:17:13.369689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:17:21.366684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:17:37.369626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:18:09.375648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:24:13.382076 3.001229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 08:24:20.388763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:24:28.390287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:24:44.393420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:25:16.399408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:29:35.422380 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 08:29:35.422559 0.720757 tcp 10.0.2.109 60552 -> 176.73.169.112 1959 FSPA* 0 0 13 1255 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:29:35.534439 0.060992 tcp 10.0.2.109 60553 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:29:35.595690 0.119338 tcp 10.0.2.109 60554 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:29:35.715313 0.163575 tcp 10.0.2.109 60555 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:29:36.143542 0.677896 tcp 10.0.2.109 60556 -> 188.129.248.221 6410 FSPA* 0 0 14 1546 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:31:20.411828 2.997780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 08:31:27.412884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:31:35.414762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:31:51.417589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:32:23.569478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:37:35.332414 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 08:37:35.332688 0.000000 udp 10.0.2.109 3683 -> 86.134.204.82 1440 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 08:37:50.846399 0.065669 tcp 10.0.2.109 60557 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:37:50.912384 0.067003 tcp 10.0.2.109 60558 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:37:50.979705 0.160921 tcp 10.0.2.109 60559 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:37:51.141165 0.000000 udp 10.0.2.109 3683 -> 86.146.251.178 3180 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 08:38:08.319265 0.060550 tcp 10.0.2.109 60560 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:08.380073 0.061801 tcp 10.0.2.109 60561 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:08.442344 0.159685 tcp 10.0.2.109 60562 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:08.602627 0.148364 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:08.751387 0.059966 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:08.811757 1.325188 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:10.137462 0.166701 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:10.137800 4.186451 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 SPA_* 0 0 27 11635 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:10.304580 0.057034 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:10.361978 0.063508 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:10.425868 0.129746 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:10.556019 0.150928 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:10.707374 0.849321 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:11.557096 0.126606 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:11.684143 0.071079 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:11.755710 0.048895 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:11.805032 0.359735 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:12.165140 0.317940 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:12.483531 0.353326 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:12.837310 0.065294 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:12.902994 0.183573 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:13.086936 0.115363 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:13.202672 0.052800 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:13.255861 0.189728 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:13.459346 0.138164 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:13.597971 0.186633 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:13.785003 0.098924 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:13.884349 0.079664 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:13.964409 0.056879 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:14.021665 0.165556 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:14.187613 0.433557 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:14.621582 0.240427 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:14.862527 0.316515 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:15.179466 0.182408 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/14 08:38:16.912474 1.314442 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 11 8538 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:21.991318 3.917023 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 34 20268 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:27.445999 2.994933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 08:38:28.356638 4.137237 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 55 32242 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:33.596916 4.084680 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 17 15254 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:34.447009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:38:40.431871 4.079737 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 18 9660 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:42.448290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:38:46.899135 2.739472 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 27 17346 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:51.952296 0.400682 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 7 5922 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:57.666329 3.936957 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 38 22532 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:38:58.453016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:39:02.888565 4.629968 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 10 6684 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:08.375523 4.289260 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 11 7586 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:15.661664 4.161563 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 25 17486 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:20.944303 4.185411 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 29 17950 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:26.199010 2.702431 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 49 26622 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:30.457414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:39:31.412800 4.184193 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 26 19836 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:36.755589 4.146344 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 31 20706 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:41.868164 4.212524 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 36 22424 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:47.182985 3.848848 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 18 12660 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:53.976033 4.110938 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 34 16772 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:39:59.178742 4.095645 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 28 17896 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:04.363584 2.686293 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 28 17296 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:09.536424 4.546713 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 15 10450 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:14.957245 4.079711 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 43 21954 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:20.070017 4.034252 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 31 20106 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:25.216306 3.792808 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 18 12660 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:31.864274 4.169609 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 14 6548 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:37.335548 4.034229 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 22 16476 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:44.072884 4.036131 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 30 15956 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:49.111865 4.114835 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 64 34176 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:54.175331 4.319266 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 15 9002 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:40:59.633214 4.077602 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 15 7202 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:05.047915 2.729483 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 31 17810 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:10.190469 4.626398 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 12 8240 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:16.969505 4.237206 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 22 16124 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:22.142240 4.249286 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 17 10558 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:27.609065 3.919894 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 45 24958 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:34.149999 4.631868 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 17 11158 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:39.619593 3.927853 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 40 22640 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:44.701393 4.065358 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 24 14184 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:51.578237 3.854154 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 20 12168 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:41:58.055339 4.267192 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 12 8840 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:42:03.573967 4.079233 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 A_PA 0 0 51 26482 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:42:10.053162 4.453686 tcp 10.0.2.109 60563 -> 70.80.185.236 4126 FPA_* 0 0 62 33891 flow=From-Botnet-V1-TCP-Established 1970/02/14 08:45:34.469436 2.999505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 08:45:41.470876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:45:49.472514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:46:05.475239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:46:37.481373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:54:29.493288 3.000843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 08:54:36.500003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:54:44.501608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:55:00.504836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:55:32.510540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 08:59:36.822673 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 08:59:36.822817 0.582374 tcp 10.0.2.109 60564 -> 188.129.248.221 6410 FSPA* 0 0 14 1614 flow=From-Botnet-V1-TCP-Established 1970/02/14 09:01:58.528601 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 09:02:05.535594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:02:13.538788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:02:29.540338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:03:01.546237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:08:32.532482 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 09:08:32.532570 0.149647 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:32.682608 0.066928 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:32.749952 0.131170 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:32.881485 0.181696 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:33.135297 0.063842 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:33.199494 0.066893 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:33.266766 0.127287 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:33.398842 0.152042 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:33.551274 0.075406 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:33.627031 0.048731 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:33.676107 0.079615 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:33.756143 0.125763 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:33.882450 0.366995 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:34.249795 0.318269 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:34.568509 0.336571 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:34.905486 0.070307 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:34.976150 0.184592 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:35.161147 0.112905 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:35.274506 0.060211 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:35.335060 0.153330 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:35.488846 0.145188 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:35.634584 0.184399 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:35.819408 0.055728 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:35.875521 0.164280 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:36.040200 0.450074 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:36.490651 0.201461 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:36.692583 0.076880 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:36.769837 0.182793 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:36.953007 0.219309 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:08:37.172764 0.319436 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:09:12.552345 3.001171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 09:09:19.559694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:09:27.561185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:09:43.567113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:10:15.570322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:16:19.576381 3.001419 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 09:16:26.584374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:16:34.586036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:16:50.588201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:17:22.594498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:23:26.600511 3.001330 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 09:23:33.607718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:23:41.609143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:23:57.612286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:24:29.617834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:29:37.411282 0.000126 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 09:29:37.411491 0.717168 tcp 10.0.2.109 60565 -> 188.129.248.221 6410 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/02/14 09:30:33.624227 3.003500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 09:30:40.631654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:30:48.633234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:31:04.635975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:31:36.647360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:37:40.647986 3.002024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 09:37:47.655566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:37:55.656511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:38:11.659907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:38:43.665972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:39:00.120396 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 09:39:00.120488 0.148450 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:00.269410 0.080860 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:00.350723 0.132320 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:00.483421 0.167512 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:00.651345 0.055463 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:00.707264 0.062042 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:00.769704 0.129915 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:00.900076 0.152919 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:01.053435 0.074664 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:01.128493 0.050008 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:01.178906 0.126208 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:01.305498 0.329688 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:01.635540 0.126382 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:01.762364 0.361923 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:02.124652 0.340124 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:02.465380 0.063058 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:02.528814 0.184363 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:02.713545 0.115561 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:02.829476 0.057979 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:02.887900 0.158059 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:03.046366 0.158110 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:03.208150 0.184948 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:03.393498 0.056090 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:03.450032 0.169678 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:03.620112 0.485992 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:04.106551 0.164919 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:04.271871 0.079131 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:04.351393 0.327806 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:04.679653 0.185590 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:39:04.865678 0.762781 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/14 09:44:47.673230 3.000704 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 09:44:54.679493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:45:02.681068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:45:18.687226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:45:50.691344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:54:01.698874 3.000995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 09:54:08.705635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:54:16.707819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:54:32.710699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:55:04.716433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 09:59:38.130344 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 09:59:38.130500 0.833188 tcp 10.0.2.109 60566 -> 188.129.248.221 6410 FSPA* 0 0 14 1582 flow=From-Botnet-V1-TCP-Established 1970/02/14 10:01:13.729582 3.002283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 10:01:20.737718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:01:28.739512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:01:44.742373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:02:16.748060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:08:29.756710 3.159762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 10:08:36.884080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:08:44.804310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:09:00.778602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:09:32.004069 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 10:09:32.004172 0.133495 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:32.138085 0.236879 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:32.375383 0.053003 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:32.428786 0.063580 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:32.492791 0.149928 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:32.643193 0.063904 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:32.707568 0.132238 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:32.784770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:09:32.840255 0.147348 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:33.134341 0.074821 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:33.216319 0.049933 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:33.266609 0.095657 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:33.362653 0.322584 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:33.685694 0.124507 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:33.810637 0.360776 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:34.171791 0.323412 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:34.495676 0.090602 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:34.586748 0.183278 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:34.770541 0.429253 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:35.200242 0.063614 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:35.264241 0.155775 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:35.420425 0.259183 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:35.679990 0.185302 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:35.865668 0.072418 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:35.938497 0.166530 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:36.105440 0.072946 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:36.178832 0.326093 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:36.505317 0.470133 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:36.975896 0.423044 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:37.399300 0.182952 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:09:37.582664 0.222609 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:15:36.789970 3.001946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 10:15:43.797730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:15:51.799460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:16:07.802164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:16:39.846629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:22:43.825889 3.004980 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 10:22:50.834719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:22:58.833589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:23:14.837819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:23:46.842777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:29:38.969522 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 10:29:38.969700 0.594478 tcp 10.0.2.109 60567 -> 188.129.248.221 6410 FSPA* 0 0 14 1499 flow=From-Botnet-V1-TCP-Established 1970/02/14 10:29:50.848482 3.002169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 10:29:57.856243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:30:05.857735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:30:21.860915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:30:53.866632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:36:57.873245 3.003861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 10:37:04.880423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:37:12.881230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:37:28.884674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:38:00.890955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:39:50.338626 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 10:39:50.338733 0.052177 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:50.391350 0.064127 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:50.455881 0.170395 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:50.626690 0.082325 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:50.709444 0.132499 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:50.842384 0.166658 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:51.009455 0.132562 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:51.142448 0.150806 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:51.293702 0.074819 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:51.368942 0.050045 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:51.419395 0.851264 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:52.271086 0.324549 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:52.596051 0.126662 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:52.723193 0.357752 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:53.081386 0.325944 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:53.407756 0.069259 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:39:53.477430 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 10:40:10.698814 0.071007 tcp 10.0.2.109 60568 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 10:40:10.770253 0.076491 tcp 10.0.2.109 60569 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 10:40:10.847081 0.164965 tcp 10.0.2.109 60570 -> 195.113.214.249 443 SRPA* 0 0 35 26915 flow=From-Botnet-V1-TCP-Established 1970/02/14 10:40:11.012684 0.155329 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:11.168422 0.137108 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:11.305935 0.116588 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:11.422992 0.057350 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:11.480792 0.186502 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:11.667697 0.056384 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:11.724489 0.164225 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:11.889175 0.076485 udp 10.0.2.109 3683 <-> 91.61.188.182 4874 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:11.966026 0.327848 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:12.294430 0.185393 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:12.480194 0.223423 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:12.703979 0.487005 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:40:13.191371 0.266550 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/14 10:44:04.896030 3.002346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 10:44:11.903494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:44:19.906793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:44:35.908556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:45:07.914419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:53:33.924954 3.001784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 10:53:40.936696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:53:48.933806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:54:04.936788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:54:36.942797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 10:59:39.568208 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 10:59:39.568302 1.554071 tcp 10.0.2.109 60571 -> 188.129.248.221 6410 FSPA* 0 0 14 1544 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:00:40.948233 3.002713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 11:00:47.955973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:00:55.957515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:01:11.961063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:01:43.967167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:07:47.972920 3.001087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 11:07:54.979933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:08:02.981629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:08:18.984466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:08:50.991026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:10:21.560976 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 11:10:21.561074 0.000000 udp 10.0.2.109 3683 -> 99.6.74.153 6911 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 11:10:38.206752 0.064353 tcp 10.0.2.109 60572 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:10:38.271390 0.060921 tcp 10.0.2.109 60573 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:10:38.332581 0.161285 tcp 10.0.2.109 60574 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:10:38.494468 0.151332 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:38.646372 0.076064 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:38.722864 0.052706 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:38.776005 0.058117 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:38.834471 0.166526 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:39.001354 0.133207 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:39.134975 0.152380 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:39.287789 0.132893 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:39.421073 0.050120 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:39.471583 0.068847 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:39.540827 0.319314 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:39.860605 0.703262 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:40.564252 0.123019 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:40.687633 0.070222 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:40.758389 0.325150 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:41.083974 0.361535 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:41.445917 0.105001 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:41.551292 0.060065 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:41.611734 0.184384 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:41.796507 0.063083 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:41.860018 0.158887 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:42.019362 0.228472 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:42.248267 0.163752 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:10:42.412408 0.000000 udp 10.0.2.109 3683 -> 91.61.188.182 4874 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 11:11:00.026753 0.060911 tcp 10.0.2.109 60575 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:11:00.087915 0.074328 tcp 10.0.2.109 60576 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:11:00.162408 0.165994 tcp 10.0.2.109 60577 -> 195.113.214.249 443 SRPA* 0 0 26 14958 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:11:00.328937 0.323694 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:11:00.653088 0.186133 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:11:00.839620 0.217823 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:11:01.057841 0.495099 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:11:01.553433 0.303041 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:14:54.996964 3.001448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 11:15:02.004347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:15:10.005056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:15:26.008013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:15:58.014253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:22:02.025815 3.000814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 11:22:09.028067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:22:17.030928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:22:33.032431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:23:05.038634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:29:09.045056 3.001060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 11:29:16.051985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:29:24.053366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:29:40.056500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:29:41.128835 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 11:29:41.128963 0.931323 tcp 10.0.2.109 60578 -> 188.129.248.221 6410 FSPA* 0 0 14 1704 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:30:12.062621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:36:16.076521 2.997402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 11:36:23.076909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:36:31.079724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:36:47.088403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:37:19.085980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:41:32.671424 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 11:41:32.671578 0.000000 udp 10.0.2.109 3683 -> 91.61.188.182 4874 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 11:41:47.964581 0.063031 tcp 10.0.2.109 60579 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:41:48.027924 0.067261 tcp 10.0.2.109 60580 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:41:48.095472 0.165675 tcp 10.0.2.109 60581 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 11:41:48.261690 0.055312 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:48.317397 0.151284 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:48.469115 0.077880 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:48.547408 0.130509 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:48.678558 0.155942 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:48.834879 0.131095 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:48.966635 0.049715 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:49.016768 0.074753 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:49.091963 0.064055 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:49.156422 0.168442 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:49.325276 0.075489 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:49.401148 0.125632 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:49.527183 0.068403 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:49.595940 0.317313 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:49.913616 0.112182 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:50.026158 0.185548 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:50.212141 0.360947 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:50.573455 0.334598 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:50.908523 0.107315 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:51.016258 0.143826 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:51.160477 0.167000 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:51.327914 0.056122 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:51.384444 0.154657 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:51.539513 0.324941 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:51.864872 0.537194 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:52.402493 0.182537 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:52.585413 0.510341 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:41:53.096132 0.198575 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/14 11:43:23.092614 3.001755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 11:43:30.099936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:43:38.101418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:43:54.104834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:44:26.111072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:50:30.116929 3.001470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 11:50:37.123950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:50:45.125401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:51:01.128581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:51:33.134544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:57:37.140141 3.001934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 11:57:44.147669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:57:52.149486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:58:08.152346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:58:40.158973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 11:59:42.057543 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 11:59:42.057651 0.481930 tcp 10.0.2.109 60582 -> 188.129.248.221 6410 FSPA* 0 0 14 1518 flow=From-Botnet-V1-TCP-Established 1970/02/14 12:04:49.172321 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 12:04:56.179031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:05:04.180799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:05:20.183374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:05:52.189500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:11:56.195533 3.001137 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 12:12:03.202886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:12:04.004499 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 12:12:04.004591 0.072041 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:04.100633 0.127304 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:04.228338 0.054107 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:04.282822 0.150932 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:04.434374 0.172272 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:04.607025 0.131159 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:04.738642 0.050823 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:04.789853 0.074452 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:04.864686 0.074439 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:04.939496 0.167907 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:05.107775 0.083931 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:05.192122 0.125033 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:05.317535 0.057268 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:05.375180 0.326042 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:05.701590 0.060238 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:05.762280 0.251788 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:06.014561 0.355443 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:06.370444 0.327328 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:06.698189 0.108671 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:06.807206 0.165064 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:06.972640 0.164853 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:07.137846 0.055528 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:07.193806 0.155954 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:07.350354 0.189405 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:07.540171 0.321958 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:07.862524 0.465926 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:08.328875 0.220523 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:08.549818 0.122229 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:12:11.204586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:12:27.207428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:12:59.213494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:19:03.220511 3.000516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 12:19:10.226854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:19:18.228454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:19:34.231490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:20:06.237632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:26:10.243739 3.001556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 12:26:17.250948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:26:25.252593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:26:41.255334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:27:13.261593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:29:42.548769 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 12:29:42.548921 0.825801 tcp 10.0.2.109 60583 -> 188.129.248.221 6410 FSPA* 0 0 14 1569 flow=From-Botnet-V1-TCP-Established 1970/02/14 12:33:17.267574 3.001558 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 12:33:24.274664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:33:32.276212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:33:48.279185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:34:20.287564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:40:24.291803 3.001373 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 12:40:31.298847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:40:39.300478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:40:55.303951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:41:27.309214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:42:12.144320 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 12:42:12.144514 0.055108 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:12.200064 0.149017 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:12.349517 0.153564 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:12.503529 0.131490 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:12.635444 0.050963 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:12.686825 0.078562 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:12.765817 0.451309 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:13.217498 0.074830 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:13.292906 0.060745 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:13.354090 0.166058 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:13.520530 0.088496 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:13.609398 0.126631 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:13.736602 0.055441 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:13.792427 0.320582 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:14.113353 0.064660 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:14.178507 0.337570 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:14.516531 0.106707 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:14.623638 0.185670 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:14.809675 0.358425 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:15.168546 0.149756 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:15.318751 0.162889 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:15.482004 0.054054 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:15.536475 0.157115 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:15.694048 0.185920 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:15.880432 0.228665 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:16.109516 0.675620 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:16.785550 0.332059 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:42:17.118003 0.468827 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/14 12:47:31.316225 3.003206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 12:47:38.326869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:47:46.324217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:48:02.334464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:48:34.333661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:55:26.349501 3.000492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 12:55:33.355728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:55:41.357841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:55:57.360476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:56:29.366118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 12:59:43.375856 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 12:59:43.376068 2.993624 tcp 10.0.2.109 60584 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/14 12:59:52.367728 0.000000 tcp 10.0.2.109 60584 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/14 12:59:58.379046 0.064975 tcp 10.0.2.109 60585 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/14 12:59:58.444356 0.064120 tcp 10.0.2.109 60586 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/14 12:59:58.508766 0.135487 tcp 10.0.2.109 60587 -> 195.113.214.249 443 SRPA* 0 0 61 55509 flow=From-Botnet-V1-TCP-Established 1970/02/14 12:59:58.665394 0.416004 tcp 10.0.2.109 60588 -> 5.178.194.36 4983 FSPA* 0 0 14 1559 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:02:47.372596 3.099279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 13:02:54.452869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:03:02.391423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:03:18.394832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:03:50.400409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:09:54.409809 2.998405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 13:10:01.413698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:10:09.416899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:10:25.420644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:10:57.424768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:12:46.441449 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 13:12:46.441610 0.144561 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:12:46.586523 0.131198 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:12:46.718185 0.050334 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:12:46.768967 0.075604 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:12:46.844946 0.052889 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:12:46.898276 0.158681 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:12:47.057350 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 13:13:05.175228 0.059879 tcp 10.0.2.109 60589 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:13:05.235326 0.067027 tcp 10.0.2.109 60590 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:13:05.302624 0.157996 tcp 10.0.2.109 60591 -> 195.113.214.249 443 SRPA* 0 0 42 34632 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:13:05.461202 0.074984 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:05.536578 0.058992 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:05.596030 0.185283 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:05.781759 0.095565 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:05.877745 0.126278 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:06.004384 0.056132 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:06.060913 0.313447 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:06.374770 0.120849 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:06.496020 0.336240 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:06.832707 0.112083 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:06.945174 0.187654 udp 10.0.2.109 3683 <-> 99.35.198.110 6889 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:07.133309 0.164483 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:07.298220 0.057158 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:07.355781 0.160069 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:07.516274 0.362956 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:07.879707 0.168777 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:08.048862 0.183844 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:08.233210 0.814681 udp 10.0.2.109 3683 <-> 5.202.51.239 5675 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:09.048299 0.382777 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:09.431547 0.323841 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:13:09.755795 0.441376 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:17:01.430854 3.001156 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 13:17:08.437805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:17:16.439411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:17:32.442660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:18:04.449019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:24:08.454744 3.048525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 13:24:15.484330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:24:23.473481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:24:39.476449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:25:11.482637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:29:59.086418 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 13:29:59.086655 0.565359 tcp 10.0.2.109 60592 -> 5.178.194.36 4983 FSPA* 0 0 14 1700 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:31:15.488430 3.002031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 13:31:22.495937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:31:30.497357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:31:46.500478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:32:18.506166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:38:22.512418 3.005159 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 13:38:29.520939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:38:37.523922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:38:53.525509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:39:25.530515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:43:39.265385 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 13:43:39.265582 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 13:43:57.333046 0.063298 tcp 10.0.2.109 60593 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:43:57.396632 0.068117 tcp 10.0.2.109 60594 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:43:57.465070 0.159084 tcp 10.0.2.109 60595 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:43:57.624689 0.130686 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:57.755726 0.158795 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:57.914863 0.049100 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:57.964400 0.151492 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:58.116316 0.060764 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:58.177509 0.070415 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:58.248368 0.167519 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:58.416295 0.080813 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:58.497541 0.063170 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:58.561127 0.083080 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:58.644543 0.125795 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:58.770709 0.079514 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:58.850612 0.313579 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:59.164569 0.055291 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:59.220238 0.334049 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:59.554800 0.164807 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:59.720017 0.055675 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:59.776062 0.153316 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:43:59.929754 0.114480 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:44:00.044639 0.000000 udp 10.0.2.109 3683 -> 99.35.198.110 6889 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 13:44:16.359225 0.065100 tcp 10.0.2.109 60596 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:44:16.424572 0.062511 tcp 10.0.2.109 60597 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:44:16.486994 0.164957 tcp 10.0.2.109 60598 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/14 13:44:16.652474 0.361444 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:44:17.014340 0.140303 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:44:17.155028 0.182426 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:44:17.337829 0.315852 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:44:17.654060 0.000000 udp 10.0.2.109 3683 -> 5.202.51.239 5675 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 13:44:27.387118 0.000000 udp 10.0.2.109 3683 <- 5.202.51.239 5675 RSP 0 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 13:44:27.387564 0.449373 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:44:27.837339 0.507728 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/14 13:45:29.541785 2.996029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 13:45:36.545783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:45:44.545287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:46:00.548470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:46:32.553964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:54:25.567081 3.001815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 13:54:32.574617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:54:40.575645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:54:56.579051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:55:28.584756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 13:59:59.655273 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 13:59:59.655382 0.408855 tcp 10.0.2.109 60599 -> 5.178.194.36 4983 FSPA* 0 0 14 1644 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:01:53.602033 3.000850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 14:02:00.608496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:02:08.610305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:02:24.612887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:02:56.620993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:09:07.625426 3.001551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 14:09:14.632628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:09:22.634143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:09:38.637065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:10:10.643432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:14:43.257440 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 14:14:43.257737 0.000000 udp 10.0.2.109 3683 -> 99.35.198.110 6889 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 14:14:59.530943 0.061570 tcp 10.0.2.109 60600 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:14:59.592810 0.062006 tcp 10.0.2.109 60601 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:14:59.655118 0.154228 tcp 10.0.2.109 60602 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:14:59.809901 0.132444 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:14:59.942707 0.049908 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:14:59.992990 0.152578 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:00.145971 0.051397 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:00.197840 0.075533 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:00.273779 0.237208 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:00.511343 0.084829 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:00.596576 0.068959 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:00.665945 0.146344 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:00.812658 0.122890 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:00.935919 0.086246 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:01.022559 0.059367 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:01.082341 0.323075 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:01.405799 0.161682 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:01.567845 0.053939 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:01.622231 0.314668 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:01.937302 0.069698 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:02.007385 0.144818 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:02.152714 0.159414 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:02.312586 0.362039 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:02.675040 0.150184 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:02.825611 0.185939 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:03.011919 0.318033 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:03.347044 0.000000 udp 10.0.2.109 3683 -> 5.202.51.239 5675 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 14:15:18.716610 0.065984 tcp 10.0.2.109 60603 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:15:18.782854 0.066003 tcp 10.0.2.109 60604 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:15:18.849117 0.151530 tcp 10.0.2.109 60605 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:15:19.001178 0.489707 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:15:19.491285 0.483204 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:16:14.649974 3.000252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 14:16:21.656393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:16:29.658343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:16:45.664106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:17:17.667208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:23:21.673236 3.001559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 14:23:28.680538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:23:36.681994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:23:52.684597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:24:24.690970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:30:00.063711 0.228417 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 14:30:00.292253 0.473848 tcp 10.0.2.109 60606 -> 5.178.194.36 4983 FSPA* 0 0 14 1530 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:30:28.696372 3.002489 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 14:30:35.706792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:30:43.708978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:30:59.708800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:31:31.714854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:37:35.721058 3.001149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 14:37:42.728906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:37:50.732410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:38:06.734585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:38:38.739653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:44:42.745318 3.000900 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 14:44:49.752483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:44:57.754062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:45:13.756750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:45:32.313959 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 14:45:32.314061 0.000000 udp 10.0.2.109 3683 -> 5.202.51.239 5675 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 14:45:45.762977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:45:49.450381 0.065264 tcp 10.0.2.109 60607 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:45:49.515958 0.060208 tcp 10.0.2.109 60608 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:45:49.576466 0.160960 tcp 10.0.2.109 60609 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:45:49.738194 0.049995 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:49.788635 0.150386 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:49.939454 0.049339 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:49.989267 0.068673 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:50.058486 0.169052 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:50.227938 0.074715 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:50.303097 0.060261 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:50.363773 0.141050 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:50.505227 0.136877 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:50.642539 0.057755 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:50.700706 0.335393 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:51.036500 0.162201 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:51.199108 0.057265 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:51.256813 0.078786 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:51.336020 0.128561 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:51.464994 0.102233 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:51.567546 0.156227 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:51.724114 0.357267 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:52.081728 0.140831 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:52.222918 0.314270 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:45:52.537543 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 14:46:10.171389 0.060181 tcp 10.0.2.109 60610 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:46:10.231852 0.066331 tcp 10.0.2.109 60611 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:46:10.298475 0.154905 tcp 10.0.2.109 60612 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 14:46:10.453903 0.185695 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:46:10.640042 0.346778 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:46:10.987233 0.052155 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:46:11.039826 0.456548 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/14 14:54:02.770205 3.001702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 14:54:09.777683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:54:17.779330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:54:33.782434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 14:55:05.788436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:00:00.562101 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:00:00.562289 0.411507 tcp 10.0.2.109 60613 -> 5.178.194.36 4983 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:01:09.795263 3.001244 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 15:01:16.802396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:01:24.803178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:01:40.806295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:02:12.811740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:08:23.817410 3.104792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 15:08:30.892779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:08:38.836663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:08:54.840544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:09:26.855572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:15:30.862446 3.000796 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 15:15:37.869432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:15:45.871723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:16:01.874029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:16:33.880383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:16:36.814982 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:16:36.815123 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:16:52.759847 0.079827 tcp 10.0.2.109 60614 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:16:52.839973 0.064169 tcp 10.0.2.109 60615 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:16:52.904415 0.156423 tcp 10.0.2.109 60616 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:16:53.061061 4.756692 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1186 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:53.112369 4.007203 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1014 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:53.163310 4.025296 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 4 1066 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:53.236593 4.114029 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 4 1195 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:53.404945 4.021468 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 4 1172 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:53.480290 3.997830 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 4 1246 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:53.550633 4.078277 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 4 1102 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:53.704773 4.062650 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 4 946 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:53.840978 4.129214 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 4 1257 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:53.992692 4.026211 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 4 990 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:54.049514 4.025105 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 4 1151 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:54.104948 4.045355 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 4 1217 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:54.188966 4.094149 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 4 1223 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:54.321962 4.082296 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 4 1350 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:54.430453 4.132328 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 4 1276 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:54.586820 4.965163 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 4 1231 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:54.912335 3.813883 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 4 1093 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:55.076545 4.011520 udp 10.0.2.109 3683 <-> 61.250.167.140 8982 CON 0 0 4 1306 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:55.438781 3.787929 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 4 1034 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:55.580309 4.287549 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 4 1011 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:55.895412 4.156814 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 4 1191 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:56.079109 4.589939 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 4 1087 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:56.554567 4.753411 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 4 1115 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:16:56.872379 4.117322 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 4 1225 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:17:01.308519 0.222128 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 821 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:17:01.597995 0.000000 udp 10.0.2.109 3683 -> 210.165.15.78 2368 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:17:07.088008 0.000000 udp 10.0.2.109 3683 -> 124.178.254.24 5780 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:17:15.379783 0.000000 udp 10.0.2.109 3683 -> 187.174.119.158 4826 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:17:22.366202 0.000000 udp 10.0.2.109 3683 -> 173.247.172.2 7972 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:17:27.982755 0.000000 udp 10.0.2.109 3683 -> 196.36.153.134 6323 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:17:35.821660 0.000000 udp 10.0.2.109 3683 -> 77.183.121.252 3056 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:17:40.464192 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:17:41.941151 0.354102 udp 10.0.2.109 3683 <-> 189.48.197.211 9277 CON 0 0 2 825 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:17:42.499916 0.000000 udp 10.0.2.109 3683 -> 99.11.249.247 7253 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:17:50.953336 0.000000 udp 10.0.2.109 3683 -> 113.20.89.188 3188 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:17:57.560601 0.051522 udp 10.0.2.109 3683 <-> 193.90.48.88 9082 CON 0 0 2 689 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:17:57.860867 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:18:04.321074 0.816288 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 801 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:18:05.146500 0.046784 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 733 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:18:05.336453 0.143375 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 742 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:18:05.498848 0.000000 udp 10.0.2.109 3683 -> 74.105.47.2 8519 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:18:11.280652 0.406497 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 845 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:18:12.050475 0.000000 udp 10.0.2.109 3683 -> 92.71.16.26 9268 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:18:18.930945 0.000000 udp 10.0.2.109 3683 -> 186.6.53.150 2209 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:18:24.559656 0.079924 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:18:24.840618 0.000000 udp 10.0.2.109 3683 -> 86.146.251.178 3180 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:18:29.366075 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:18:32.811379 0.000000 udp 10.0.2.109 3683 -> 59.167.129.170 2235 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:18:40.702627 0.000000 udp 10.0.2.109 3683 -> 99.35.198.110 6889 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:18:48.874652 0.000000 udp 10.0.2.109 3683 -> 78.38.126.215 3680 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:18:57.516892 0.000000 udp 10.0.2.109 3683 -> 94.3.117.240 2938 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:19:03.475373 0.000000 udp 10.0.2.109 3683 -> 82.112.199.148 6203 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:19:11.128686 0.000000 udp 10.0.2.109 3683 -> 98.228.154.5 6748 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:19:15.862908 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:19:18.557227 0.050121 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:19:18.784301 0.000000 udp 10.0.2.109 3683 -> 150.101.247.136 9233 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:19:27.199512 0.000000 udp 10.0.2.109 3683 -> 31.50.214.10 4360 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:19:35.381263 0.770140 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 831 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:19:36.491629 0.000000 udp 10.0.2.109 3683 -> 83.248.23.42 1329 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:19:44.013553 0.000000 udp 10.0.2.109 3683 -> 84.234.215.223 5655 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:19:52.093702 0.000000 udp 10.0.2.109 3683 -> 114.83.25.33 9276 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:19:57.510518 0.000000 udp 10.0.2.109 3683 -> 61.92.49.199 1627 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:20:02.169023 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:20:02.486800 0.000000 udp 10.0.2.109 3683 -> 97.100.49.217 6844 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:20:11.106472 0.201249 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 813 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:20:11.756251 0.166715 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 762 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:20:12.149057 0.000000 udp 10.0.2.109 3683 -> 201.184.116.95 7531 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:20:17.222448 0.024999 udp 10.0.2.109 3683 <-> 87.246.251.13 8842 CON 0 0 2 755 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:20:17.581414 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:20:24.385527 0.000000 udp 10.0.2.109 3683 -> 105.224.131.76 7002 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:20:31.652268 0.000000 udp 10.0.2.109 3683 -> 108.18.178.118 8449 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:20:38.723249 0.000000 udp 10.0.2.109 3683 -> 121.8.180.252 9858 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:20:45.842737 0.618983 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 739 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:20:46.557142 0.000000 udp 10.0.2.109 3683 -> 93.64.51.136 1475 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:20:50.848500 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:20:52.790679 0.000000 udp 10.0.2.109 3683 -> 190.159.181.116 6927 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:20:59.020222 0.000000 udp 10.0.2.109 3683 -> 95.89.46.153 7023 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:21:07.253173 0.000000 udp 10.0.2.109 3683 -> 184.70.190.202 6027 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:21:13.475870 0.000000 udp 10.0.2.109 3683 -> 89.183.19.38 3565 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:21:19.721343 0.000000 udp 10.0.2.109 3683 -> 184.177.21.61 2469 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:21:26.281551 0.000000 udp 10.0.2.109 3683 -> 187.184.130.200 1330 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:21:32.900659 0.045733 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 813 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:21:33.241619 0.000000 udp 10.0.2.109 3683 -> 84.3.130.125 1020 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:21:37.867652 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:21:39.921379 0.347275 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 781 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:21:40.718959 0.000000 udp 10.0.2.109 3683 -> 121.161.91.53 1149 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:21:49.436907 0.000000 udp 10.0.2.109 3683 -> 201.157.10.142 9187 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:21:57.886135 0.000000 udp 10.0.2.109 3683 -> 93.67.216.198 6257 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:22:05.466984 0.000000 udp 10.0.2.109 3683 -> 187.172.195.6 6294 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:22:13.548767 0.000000 udp 10.0.2.109 3683 -> 190.118.95.232 5529 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:22:20.127956 0.187551 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 711 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:22:20.459525 0.000000 udp 10.0.2.109 3683 -> 74.218.32.44 1243 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:22:24.864117 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:22:27.448524 0.000000 udp 10.0.2.109 3683 -> 80.2.14.110 3225 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:22:33.186966 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:22:37.886500 3.041696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 15:22:40.647653 0.000000 udp 10.0.2.109 3683 -> 81.147.141.37 3769 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:22:44.912693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:22:47.129793 0.000000 udp 10.0.2.109 3683 -> 190.235.186.5 1037 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:22:52.894739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:22:54.237204 0.000000 udp 10.0.2.109 3683 -> 201.68.111.39 3700 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:23:00.456070 0.000000 udp 10.0.2.109 3683 -> 95.14.108.138 8206 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:23:08.898415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:23:09.328961 0.000000 udp 10.0.2.109 3683 -> 186.104.129.54 8811 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:23:13.865309 0.000147 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:23:14.646517 0.000000 udp 10.0.2.109 3683 -> 94.175.43.209 1447 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:23:21.896422 0.000000 udp 10.0.2.109 3683 -> 221.189.254.71 1381 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:23:40.903678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:29:44.919718 3.002182 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 15:29:51.927161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:29:59.928867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:30:00.981068 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:30:00.981165 0.558815 tcp 10.0.2.109 60617 -> 5.178.194.36 4983 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:30:15.932189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:30:47.938214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:36:51.943926 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 15:36:58.951293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:37:06.953093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:37:22.956075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:37:54.966781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:43:58.969419 3.000322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 15:44:05.977695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:44:13.977380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:44:29.979864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:45:01.986307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:51:05.992064 3.065207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 15:51:13.040047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:51:21.012909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:51:37.014484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:52:09.021214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:53:48.146201 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 15:53:48.146390 0.175951 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:48.322823 0.074900 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:48.398183 0.063509 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:48.462243 0.169685 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:48.632431 0.188480 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:48.821287 0.049996 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:48.871745 0.048502 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:48.920676 0.065945 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:48.987061 0.151267 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:49.138702 0.061601 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:49.200690 0.055465 udp 10.0.2.109 3683 <-> 176.73.169.112 4102 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:49.256532 0.085857 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:49.342835 0.129568 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:49.472770 0.106497 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:49.579699 0.158799 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:49.738892 0.164995 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:53:49.904295 0.000000 udp 10.0.2.109 3683 -> 61.250.167.140 8982 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:54:05.128836 0.065529 tcp 10.0.2.109 60618 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:54:05.194654 0.065921 tcp 10.0.2.109 60619 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:54:05.260833 0.158376 tcp 10.0.2.109 60620 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:54:05.419786 0.137652 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:05.557952 0.335905 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:05.894278 0.185719 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:06.080371 0.464254 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:06.545027 0.315909 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:06.861392 0.207151 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:07.068897 0.140411 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:07.209680 0.315257 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:07.525373 0.000000 udp 10.0.2.109 3683 -> 189.48.197.211 9277 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:54:25.728162 0.061111 tcp 10.0.2.109 60621 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:54:25.789540 0.061923 tcp 10.0.2.109 60622 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:54:25.851773 0.150141 tcp 10.0.2.109 60623 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:54:26.002487 0.063869 udp 10.0.2.109 3683 <-> 193.90.48.88 9082 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:26.066813 0.041909 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:26.109132 0.140620 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:26.250415 0.045638 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:26.296429 0.408967 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:26.705784 0.073878 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:26.780111 0.050647 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:26.831174 0.141371 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:26.972980 0.163900 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:27.137304 0.192676 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:27.330514 0.000000 udp 10.0.2.109 3683 -> 87.246.251.13 8842 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 15:54:45.305600 0.061793 tcp 10.0.2.109 60624 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:54:45.367647 0.060849 tcp 10.0.2.109 60625 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:54:45.428771 0.156402 tcp 10.0.2.109 60626 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 15:54:45.585730 0.071526 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:45.657661 0.275261 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:45.933392 0.347501 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:54:46.281266 0.187842 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/14 15:58:13.026498 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 15:58:20.033402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:58:28.034976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:58:44.037909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 15:59:16.044054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:00:01.539691 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 16:00:01.539875 0.766796 tcp 10.0.2.109 60627 -> 5.178.194.36 4983 FSPA* 0 0 14 1502 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:05:30.054590 3.001924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 16:05:37.061786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:05:45.064942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:06:01.066573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:06:33.072630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:12:37.078968 3.001112 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 16:12:44.085759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:12:52.087366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:13:08.090697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:13:40.096575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:19:44.101828 3.005587 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 16:19:51.264315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:19:59.189993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:20:15.126981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:20:47.130369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:25:01.496168 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 16:25:01.496267 0.360784 udp 10.0.2.109 3683 -> 61.250.167.140 8982 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 16:25:01.857051 0.000000 icmp 61.250.167.140 0x0303 -> 10.0.2.109 0x1623 URP 192 1 155 flow=Background 1970/02/14 16:25:18.892893 0.060211 tcp 10.0.2.109 60628 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:25:18.953377 0.060816 tcp 10.0.2.109 60629 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:25:19.014511 0.151029 tcp 10.0.2.109 60630 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:25:19.165829 0.000000 udp 10.0.2.109 3683 -> 189.48.197.211 9277 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 16:25:34.995538 0.060588 tcp 10.0.2.109 60631 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:25:35.056435 0.060513 tcp 10.0.2.109 60632 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:25:35.117260 0.156115 tcp 10.0.2.109 60633 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:25:35.273896 0.000000 udp 10.0.2.109 3683 -> 87.246.251.13 8842 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 16:25:51.128785 0.063236 tcp 10.0.2.109 60634 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:25:51.192251 0.063190 tcp 10.0.2.109 60635 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:25:51.255767 0.152928 tcp 10.0.2.109 60636 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:25:51.409246 0.146105 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:25:51.555768 0.050216 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:25:51.606592 0.147135 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:25:51.754169 0.063787 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:25:51.818324 0.074582 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:25:51.893312 0.170740 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:25:52.064430 0.058322 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:25:52.123203 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 16:26:10.529029 0.064170 tcp 10.0.2.109 60637 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:26:10.593474 0.062775 tcp 10.0.2.109 60638 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:26:10.656541 0.149284 tcp 10.0.2.109 60639 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:26:10.806644 0.154418 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:10.961527 0.139541 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:11.101493 0.050507 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:11.152432 0.072628 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:11.225456 0.081368 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:11.307246 0.154974 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:11.462618 0.162941 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:11.625988 0.106969 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:11.733292 0.185861 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:11.919502 0.328758 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:12.248689 0.186744 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:12.435857 0.482507 udp 10.0.2.109 3683 <-> 119.234.167.72 5726 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:12.918770 0.316461 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:13.235692 0.228464 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:13.464554 0.311905 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:13.776831 0.221658 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:13.998871 0.044348 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:14.043594 0.055778 udp 10.0.2.109 3683 <-> 193.90.48.88 9082 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:14.099795 0.408046 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:14.508251 0.073662 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:14.582313 0.047320 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:14.629990 0.140836 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:14.771252 0.040833 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:14.812478 0.141202 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:14.954046 0.162359 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:15.116783 0.186488 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:15.303674 0.072116 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:15.376160 0.047147 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:15.423726 0.348541 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:15.772656 0.181383 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:26:51.135761 3.002043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 16:26:58.143695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:27:06.145167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:27:22.148154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:27:54.154374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:30:02.309978 0.000259 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 16:30:02.310338 0.498959 tcp 10.0.2.109 60640 -> 5.178.194.36 4983 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:33:58.160822 3.000944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 16:34:05.167220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:34:13.169262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:34:29.184344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:35:01.179336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:41:05.189307 2.996518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 16:41:12.191740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:41:20.193314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:41:36.196554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:42:08.204982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:48:12.209196 3.007442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 16:48:19.222411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:48:27.216837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:48:43.220280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:49:15.226260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:55:45.239624 3.001736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 16:55:52.247148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:56:00.248427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:56:16.251566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:56:20.600073 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 16:56:20.600282 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 16:56:36.813258 0.060425 tcp 10.0.2.109 60641 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:56:36.873978 0.065217 tcp 10.0.2.109 60642 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:56:36.939544 0.153846 tcp 10.0.2.109 60643 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:56:37.093990 0.063915 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:37.158441 0.050496 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:37.209321 0.142681 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:37.352413 0.147206 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:37.499997 0.169172 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:37.669556 0.074865 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:37.744792 0.059303 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:37.804561 0.148695 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:37.953698 0.134734 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:38.088809 0.050869 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:38.140130 0.063836 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:38.204392 0.082930 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:38.287690 0.155381 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:38.443501 0.164058 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:38.607904 0.113974 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:38.722266 0.163209 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:38.885945 0.207878 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:39.094242 0.324644 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:39.419311 0.000000 udp 10.0.2.109 3683 -> 119.234.167.72 5726 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 16:56:48.259211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 16:56:55.530307 0.060270 tcp 10.0.2.109 60644 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:56:55.590914 0.064371 tcp 10.0.2.109 60645 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:56:55.655618 0.407139 tcp 10.0.2.109 60646 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:56:56.063287 0.318758 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:56.382624 0.208167 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:56.591193 0.312921 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:56.904474 0.051687 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:56.956508 0.042512 udp 10.0.2.109 3683 <-> 84.152.210.49 1251 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:56.999416 0.068555 udp 10.0.2.109 3683 <-> 193.90.48.88 9082 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:57.068369 0.398416 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:57.467241 0.074752 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:57.542420 0.049959 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:56:57.592763 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 16:57:16.258407 0.066482 tcp 10.0.2.109 60647 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:57:16.325194 0.065769 tcp 10.0.2.109 60648 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:57:16.391273 0.152393 tcp 10.0.2.109 60649 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:57:16.544173 0.046543 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:57:16.591069 0.187840 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:57:16.779333 0.069589 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:57:16.849349 0.000000 udp 10.0.2.109 3683 -> 84.10.6.6 9114 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 16:57:32.371641 0.063601 tcp 10.0.2.109 60650 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:57:32.435553 0.061107 tcp 10.0.2.109 60651 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:57:32.497002 0.149848 tcp 10.0.2.109 60652 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/14 16:57:32.647360 0.344681 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:57:32.992436 0.142126 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:57:33.134998 0.164693 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/14 16:57:33.300129 0.183060 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:00:02.807394 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 17:00:02.807590 0.408324 tcp 10.0.2.109 60653 -> 5.178.194.36 4983 FSPA* 0 0 14 1642 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:02:52.263666 3.001382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 17:02:59.271118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:03:07.274839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:03:23.275405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:03:55.281380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:09:59.289592 2.999851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 17:10:06.294955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:10:14.296382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:10:30.300715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:11:02.305352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:17:06.311443 3.001422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 17:17:13.318997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:17:21.320943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:17:37.323306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:18:09.329664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:24:13.346046 3.219171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 17:24:20.540151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:24:28.474979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:24:44.359570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:25:16.364588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:27:52.838991 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 17:27:52.839078 0.000000 udp 10.0.2.109 3683 -> 119.234.167.72 5726 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 17:28:11.796752 0.064426 tcp 10.0.2.109 60654 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:28:11.861469 0.063752 tcp 10.0.2.109 60655 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:28:11.925524 0.151004 tcp 10.0.2.109 60656 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:28:12.077353 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 17:28:28.510373 0.064910 tcp 10.0.2.109 60657 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:28:28.575488 0.063407 tcp 10.0.2.109 60658 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:28:28.639174 0.152298 tcp 10.0.2.109 60659 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:28:28.791731 0.196425 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:28.988726 0.049787 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:29.038916 0.065367 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:29.104680 0.135851 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:29.240942 0.052812 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:29.294251 0.149169 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:29.443773 0.128425 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:29.572642 0.055378 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:29.628401 0.150277 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:29.779053 0.071639 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:29.851038 0.167622 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:30.019072 0.103446 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:30.122944 0.141050 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:30.264355 0.154271 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:30.418991 0.074326 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:30.493768 0.081850 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:30.576023 0.162706 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:30.739082 0.183205 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:30.922637 0.336982 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:31.260042 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 17:28:49.740841 0.060242 tcp 10.0.2.109 60660 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:28:49.801387 0.060919 tcp 10.0.2.109 60661 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:28:49.862609 0.155445 tcp 10.0.2.109 60662 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:28:50.018665 0.065712 udp 10.0.2.109 3683 <-> 193.90.48.88 9082 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:50.084840 0.317206 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:50.402535 0.228575 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:50.631602 0.310470 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:50.942474 0.054208 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:50.997071 0.041851 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:28:51.039305 0.000000 udp 10.0.2.109 3683 -> 94.69.101.45 6063 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 17:29:06.755057 0.066131 tcp 10.0.2.109 60663 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:29:06.821469 0.065458 tcp 10.0.2.109 60664 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:29:06.887189 0.159934 tcp 10.0.2.109 60665 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:29:07.047641 0.403112 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:29:07.451211 0.046677 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:29:07.498300 0.187258 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:29:07.685958 0.065139 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:29:07.751471 0.166074 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:29:07.917973 0.178962 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:29:08.097347 0.544190 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:29:08.642018 0.255798 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:30:03.216398 0.931457 tcp 10.0.2.109 60666 -> 5.178.194.36 4983 FSPA* 0 0 14 1588 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:31:20.372884 2.998209 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 17:31:27.376847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:31:35.378498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:31:51.381373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:32:23.661584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:38:27.404658 3.000622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 17:38:34.410856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:38:42.412472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:38:58.415131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:39:30.421272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:45:34.439473 2.992647 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 17:45:41.435196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:45:49.458378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:46:05.439326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:46:37.448535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:54:26.452392 3.001612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 17:54:33.459870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:54:41.461164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:54:57.464695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:55:29.470275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 17:59:18.639989 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 17:59:18.640176 0.000000 udp 10.0.2.109 3683 -> 84.152.210.49 1251 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 17:59:36.947882 0.063977 tcp 10.0.2.109 60667 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:59:37.012109 0.064373 tcp 10.0.2.109 60668 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:59:37.076784 0.148771 tcp 10.0.2.109 60669 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:59:37.226288 0.078820 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:37.305469 0.064515 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:37.370371 0.136202 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:37.507075 0.055521 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:37.562997 0.148812 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:37.712209 0.048804 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:37.761365 0.050691 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:37.812424 0.141957 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:37.954771 0.074531 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:38.029710 0.042049 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:38.072125 0.127253 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:38.199752 0.136423 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:38.336573 0.156143 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:38.493163 0.070895 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:38.564490 0.078090 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:38.642987 0.163129 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:38.806491 0.105286 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:38.912238 0.167279 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:39.079902 0.344300 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:39.424618 0.183549 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:39.608577 0.000000 udp 10.0.2.109 3683 -> 193.90.48.88 9082 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 17:59:55.243081 0.060757 tcp 10.0.2.109 60670 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:59:55.304209 0.062737 tcp 10.0.2.109 60671 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:59:55.367260 0.154624 tcp 10.0.2.109 60672 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/14 17:59:55.522128 0.317178 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:55.839699 0.208045 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:56.048189 0.054926 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:56.103555 0.313710 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:56.417613 0.048935 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:56.466900 0.398812 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:56.866056 0.041091 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:56.907478 0.186700 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:57.094550 0.073236 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:57.168228 0.359434 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:57.528083 0.166996 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:57.695492 0.187680 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/14 17:59:57.883510 0.142687 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:00:04.155869 0.442966 tcp 10.0.2.109 60673 -> 5.178.194.36 4983 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/02/14 18:01:55.487883 3.001867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 18:02:02.495177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:02:10.496979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:02:26.499588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:02:58.505821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:09:08.520051 3.005303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 18:09:15.527940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:09:23.529411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:09:39.533203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:10:11.538675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:16:15.547778 2.997870 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 18:16:22.551816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:16:30.553172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:16:46.556146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:17:18.562230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:23:22.568650 3.001481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 18:23:29.575860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:23:37.577247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:23:53.580560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:24:25.586308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:30:04.604278 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 18:30:04.604445 0.941875 tcp 10.0.2.109 60674 -> 5.178.194.36 4983 FSPA* 0 0 14 1699 flow=From-Botnet-V1-TCP-Established 1970/02/14 18:30:05.255306 0.000000 udp 10.0.2.109 3683 -> 193.90.48.88 9082 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 18:30:22.922126 0.063831 tcp 10.0.2.109 60675 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 18:30:22.986369 0.062815 tcp 10.0.2.109 60676 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 18:30:23.049468 0.153260 tcp 10.0.2.109 60677 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/14 18:30:23.203242 0.131137 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:23.334796 0.056328 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:23.391550 0.069040 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:23.460913 0.060892 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:23.522225 0.048766 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:23.571414 0.052155 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:23.623974 0.147985 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:23.772396 0.074323 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:23.847115 0.047946 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:23.895522 0.172605 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:24.068568 0.125076 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:24.194061 0.154850 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:24.349298 0.137757 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:24.487454 0.100560 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:24.588372 0.161399 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:24.750289 0.108637 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:24.859263 0.072884 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:24.932515 0.322896 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:25.255886 0.235431 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:25.491652 0.186008 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:25.678021 0.089123 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:25.767583 0.312635 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:26.080676 0.318249 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:26.399358 0.225455 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:26.625228 0.041047 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:26.666669 0.397444 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:27.064496 0.040921 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:27.105843 0.187760 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:27.294040 0.066858 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:27.361267 0.183010 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:27.544644 0.141087 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:27.686091 0.437672 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/14 18:30:28.124195 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 18:30:29.591888 3.002421 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 18:30:36.599816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:30:44.601276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:30:46.855232 0.062846 tcp 10.0.2.109 60678 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/14 18:30:46.918385 0.060805 tcp 10.0.2.109 60679 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/14 18:30:46.979484 0.149476 tcp 10.0.2.109 60680 -> 195.113.214.249 443 SRPA* 0 0 21 11340 flow=From-Botnet-V1-TCP-Established 1970/02/14 18:31:00.604033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:31:32.610568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:37:36.616156 3.002239 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 18:37:43.623779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:37:51.625149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:38:07.628440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:38:39.636342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:44:43.641639 3.001676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 18:44:50.654992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:44:58.651080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:45:14.652138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:45:46.658364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:54:01.672393 3.002514 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 18:54:08.685789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:54:16.681638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:54:32.684157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 18:55:04.690648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:00:05.553503 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 19:00:05.553673 0.401751 tcp 10.0.2.109 60681 -> 5.178.194.36 4983 FSPA* 0 0 14 1535 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:00:53.973013 0.165627 udp 10.0.2.109 3683 <-> 142.161.36.205 7485 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.139065 0.098845 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.238427 0.078173 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.316976 0.066336 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.383803 0.050595 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.434881 0.049941 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.485210 0.152821 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.638485 0.074602 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.713541 0.131083 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.845057 0.127122 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:54.972616 0.155166 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:55.128192 0.149078 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 201 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:55.277729 0.091139 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:55.369354 0.163231 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:55.532958 0.112444 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:00:55.645861 0.000000 udp 10.0.2.109 3683 -> 84.10.6.6 9114 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 19:00:58.871683 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 19:01:08.696414 3.002177 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 19:01:13.292687 0.065977 tcp 10.0.2.109 60682 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:01:13.358960 0.062288 tcp 10.0.2.109 60683 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:01:13.421573 0.167824 tcp 10.0.2.109 60684 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:01:13.590460 0.150775 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:13.741681 0.167570 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:13.909778 0.185612 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:14.095785 0.301900 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:14.398048 0.071605 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:14.470052 0.336821 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:14.807327 0.000000 udp 10.0.2.109 3683 -> 118.38.205.107 8776 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 19:01:15.704031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:01:23.706929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:01:29.904817 0.062639 tcp 10.0.2.109 60685 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:01:29.967748 0.066314 tcp 10.0.2.109 60686 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:01:30.034396 0.157403 tcp 10.0.2.109 60687 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:01:30.192541 0.227213 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:30.420153 0.047305 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:30.467930 0.314091 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:30.782394 0.066081 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:30.848837 0.178529 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:31.027746 0.139474 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:31.167611 0.187530 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:31.355528 0.046954 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:01:31.402846 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 19:01:39.708543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:01:47.321565 0.062868 tcp 10.0.2.109 60688 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:01:47.384749 0.065748 tcp 10.0.2.109 60689 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:01:47.450765 0.154984 tcp 10.0.2.109 60690 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:01:47.606460 0.364730 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:02:11.714683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:08:23.722992 3.000933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 19:08:30.729817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:08:38.731670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:08:54.734520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:09:26.742363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:15:30.747605 3.000250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 19:15:37.753505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:15:45.757859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:16:01.758349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:16:33.763950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:22:37.769770 3.001923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 19:22:44.777597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:22:52.956371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:23:08.815701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:23:40.797808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:29:44.804481 3.001150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 19:29:51.811623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:29:59.813733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:30:05.962238 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 19:30:05.962406 1.008432 tcp 10.0.2.109 60691 -> 5.178.194.36 4983 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:30:15.815774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:30:47.821854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:32:05.455096 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 19:32:05.455239 0.043455 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:05.499119 0.000000 udp 10.0.2.109 3683 -> 118.38.205.107 8776 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 19:32:22.630457 0.061393 tcp 10.0.2.109 60692 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:32:22.692139 0.069051 tcp 10.0.2.109 60693 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:32:22.761445 0.156306 tcp 10.0.2.109 60694 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:32:22.918466 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 19:32:40.755232 0.063544 tcp 10.0.2.109 60695 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:32:40.819018 0.062002 tcp 10.0.2.109 60696 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:32:40.881304 0.155163 tcp 10.0.2.109 60697 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:32:41.036936 0.048724 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:41.086000 0.070602 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:41.157041 0.154436 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:41.311846 0.085273 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:41.397519 0.131761 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:41.529746 0.064036 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:41.594233 0.074004 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:41.668592 0.055333 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:41.724286 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 19:32:59.492321 0.060181 tcp 10.0.2.109 60698 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:32:59.552767 0.061828 tcp 10.0.2.109 60699 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:32:59.614881 0.159189 tcp 10.0.2.109 60700 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/14 19:32:59.774665 0.081543 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:32:59.856606 0.164165 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:00.021114 0.102755 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:00.124282 0.156445 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:00.281183 0.128390 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:00.409947 0.136752 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:00.547086 0.071432 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:00.618854 0.152360 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:00.771587 0.169013 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:00.941020 0.182406 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:01.123822 0.053324 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:01.177529 0.328343 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:01.506397 0.041060 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:01.547821 0.315208 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:01.863443 0.216176 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:02.080090 0.186321 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:02.266958 0.046462 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:02.313877 0.184189 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:02.498451 0.073019 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:02.571853 0.213417 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:33:02.785693 0.384779 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/14 19:36:51.827307 3.002531 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 19:36:58.835292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:37:06.836838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:37:22.840059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:37:54.850323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:43:58.852245 3.001406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 19:44:05.859360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:44:13.860841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:44:29.863875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:45:01.869801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:51:05.875553 3.001410 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 19:51:12.883449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:51:20.884885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:51:36.887657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:52:08.893856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:58:12.899163 3.002429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 19:58:19.907331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:58:27.908702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:58:43.911774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 19:59:15.918039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:00:06.971773 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 20:00:06.971942 0.407517 tcp 10.0.2.109 60701 -> 5.178.194.36 4983 FSPA* 0 0 14 1540 flow=From-Botnet-V1-TCP-Established 1970/02/14 20:03:06.791475 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 20:03:06.791613 0.000000 udp 10.0.2.109 3683 -> 142.161.36.205 7485 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 20:03:22.314236 0.064935 tcp 10.0.2.109 60702 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 20:03:22.379665 0.064212 tcp 10.0.2.109 60703 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 20:03:22.444202 0.152696 tcp 10.0.2.109 60704 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/14 20:03:22.597412 0.042636 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:22.640435 0.150552 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:22.791465 0.070428 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:22.862304 0.050567 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:22.913283 0.066087 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:22.979814 0.078049 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:23.058498 0.051211 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:23.110148 0.132730 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:23.243299 0.061735 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:23.305457 0.079974 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:23.385817 0.165881 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:23.552046 0.128583 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:23.681080 0.158181 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:23.839671 0.126231 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:23.966308 0.136500 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:24.103198 0.067979 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:24.171567 0.153626 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:24.325580 1.904497 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:26.230478 0.327572 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:26.558460 0.048050 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:26.606904 0.316413 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:26.923724 0.167731 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:27.091842 0.182929 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:27.275222 0.218269 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:27.493878 0.187664 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:27.681948 0.046466 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:27.729101 0.182034 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:27.911573 0.214456 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:28.126492 0.152012 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:03:28.278878 0.393595 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:05:29.927877 3.001805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 20:05:36.935597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:05:44.936947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:06:00.940394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:06:32.958435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:12:36.962157 3.001460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 20:12:43.969800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:12:51.970971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:13:07.974290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:13:39.980178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:19:43.985888 3.001937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 20:19:50.993639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:19:58.994928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:20:14.998239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:20:47.004139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:26:51.010076 3.001616 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 20:26:58.017654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:27:06.018883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:27:22.021570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:27:54.028003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:30:07.380250 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 20:30:07.380419 0.545342 tcp 10.0.2.109 60705 -> 5.178.194.36 4983 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/02/14 20:33:34.938670 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 20:33:34.938775 0.070530 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:35.009721 0.051178 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:35.061297 0.062974 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:35.124638 0.127022 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:35.252096 0.053619 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:35.306151 0.041955 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:35.348490 0.144732 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:35.493585 0.133692 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:35.627709 0.057245 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:35.685389 0.546395 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:36.232192 0.165239 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:36.397829 0.115824 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:36.514040 0.157525 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:36.671975 0.125639 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:36.797974 0.178933 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:36.977353 0.063809 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:37.041610 0.149275 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:37.191339 0.044064 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:37.235848 0.051843 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:37.288149 0.328319 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:37.616913 0.314427 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:37.931754 0.166539 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:38.098694 0.186514 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:38.285583 0.229874 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:38.515826 0.184839 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:38.701090 0.074075 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:38.775571 0.143052 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:38.919037 0.041457 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:38.960869 0.183454 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:39.144743 0.344157 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/14 20:33:58.034038 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 20:34:05.041304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:34:13.043059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:34:29.045903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:35:01.052044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:41:05.058070 3.001817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 20:41:12.065379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:41:20.066877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:41:36.069861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:42:08.075955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:48:12.081853 3.001802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 20:48:19.089241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:48:27.091010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:48:43.094302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:49:15.100041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:55:48.107274 3.002165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 20:55:55.115021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:56:03.116674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:56:19.119407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 20:56:51.125848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:00:07.928908 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 21:00:07.929047 0.438287 tcp 10.0.2.109 60706 -> 5.178.194.36 4983 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/02/14 21:02:55.131314 3.008222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 21:03:02.139485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:03:10.140605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:03:26.143666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:03:40.584631 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 21:03:40.584766 0.074252 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:40.659382 0.049649 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:40.709405 0.065558 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:40.775418 0.074610 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:40.850478 0.053294 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:40.904208 0.170913 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:41.075957 0.145356 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:41.221713 0.131197 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:41.353298 0.060629 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:41.414345 0.106906 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:41.521655 0.158868 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:41.680898 0.130496 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:41.811874 0.084562 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:41.896874 0.165709 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:42.063016 0.137895 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:42.201291 0.071340 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:42.273018 0.151596 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:42.425015 0.043891 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:42.469461 0.055535 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:42.525405 0.328982 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:42.854827 0.311612 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:43.166876 0.167399 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:43.334719 0.185774 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:43.520882 0.218013 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:43.739233 0.186135 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:43.925721 0.066267 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:43.992342 0.183713 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:44.176389 0.364314 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:44.541114 0.140522 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:44.682206 0.041403 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:03:58.149549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:10:02.155941 3.001229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 21:10:09.162935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:10:17.164455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:10:33.167348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:11:05.174140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:17:09.178989 3.002279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 21:17:16.186872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:17:24.188813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:17:40.193001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:18:12.197451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:24:16.205975 2.999168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 21:24:23.211687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:24:31.212996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:24:47.215537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:25:19.221441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:30:08.367587 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 21:30:08.367681 0.469388 tcp 10.0.2.109 60707 -> 5.178.194.36 4983 FSPA* 0 0 14 1573 flow=From-Botnet-V1-TCP-Established 1970/02/14 21:31:23.228570 3.000506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 21:31:30.235171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:31:38.236502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:31:54.239448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:32:26.245321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:34:10.095023 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 21:34:10.095197 0.067200 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.162839 0.072603 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.235848 0.054809 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.291020 0.042438 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.333837 0.140012 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.474235 0.068503 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.543127 0.053416 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.596909 0.131886 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.729246 0.062879 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.792541 0.108453 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:10.901371 0.157310 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:11.059123 0.127015 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:11.186549 0.087292 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:11.274444 0.168386 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:11.443259 0.153075 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:11.596707 0.069445 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:11.666534 0.119267 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:11.786171 0.351493 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:12.138228 0.312012 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:12.450596 0.150604 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:12.601628 0.047911 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:12.649919 0.167015 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:12.817381 0.182910 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:13.000773 0.216515 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:13.217709 0.187115 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:13.405290 0.071320 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:13.476980 0.178752 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:13.656086 0.041329 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:13.697748 0.387311 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:34:14.085446 0.138786 udp 10.0.2.109 3683 <-> 70.55.245.162 6510 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/14 21:38:30.251765 3.001320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 21:38:37.258809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:38:45.262323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:39:01.263371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:39:33.269374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:45:37.276490 3.009072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 21:45:44.282978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:45:52.293677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:46:08.287449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:46:40.293517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:54:31.305066 2.999910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 21:54:38.310764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:54:46.316827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:55:02.315205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 21:55:34.321218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:00:08.836413 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 22:00:08.836552 0.399569 tcp 10.0.2.109 60708 -> 5.178.194.36 4983 FSPA* 0 0 15 1778 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:02:00.338991 3.001486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 22:02:07.346708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:02:15.347731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:02:31.350924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:03:03.357133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:04:25.335433 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 22:04:25.335521 0.068562 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:25.404493 0.148508 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:25.553366 0.054940 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:25.608711 0.046483 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:25.655617 0.142735 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:25.798747 0.074616 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:25.873772 0.049834 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:25.924042 0.131864 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:26.056376 0.070389 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:26.127172 0.112099 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:26.239671 0.157235 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:26.397307 0.122710 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:26.520395 0.085679 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:26.606421 0.171611 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:26.778501 0.174964 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:26.953940 0.065541 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:27.019944 0.143872 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:27.164212 0.147599 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:27.312250 0.046739 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:27.359402 0.167010 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:27.526804 0.326166 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:27.853445 0.314030 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:28.167884 0.182837 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:28.351155 0.217827 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:28.569438 0.186028 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:28.755881 0.073035 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:28.829407 0.184535 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:29.023303 0.041287 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:29.065003 0.392055 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:04:29.457433 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 22:04:46.149775 0.065618 tcp 10.0.2.109 60709 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:04:46.215700 0.068590 tcp 10.0.2.109 60710 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:04:46.284652 0.147625 tcp 10.0.2.109 60711 -> 195.113.214.249 443 SRPA* 0 0 38 27927 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:09:13.371691 3.018276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 22:09:20.389014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:09:28.390605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:09:44.399985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:10:16.399422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:16:20.409194 2.999472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 22:16:27.413163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:16:35.414370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:16:51.417556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:17:23.423534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:23:27.429336 3.003503 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 22:23:34.436888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:23:42.438574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:23:58.443083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:24:30.447341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:30:09.235157 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 22:30:09.235244 0.593586 tcp 10.0.2.109 60712 -> 5.178.194.36 4983 FSPA* 0 0 14 1725 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:30:34.454074 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 22:30:41.460873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:30:49.462282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:31:05.465505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:31:37.473334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:35:14.664772 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 22:35:14.664878 0.000000 udp 10.0.2.109 3683 -> 70.55.245.162 6510 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 22:35:31.890234 0.061021 tcp 10.0.2.109 60713 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:35:31.951507 0.062538 tcp 10.0.2.109 60714 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:35:32.014407 0.155824 tcp 10.0.2.109 60715 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:35:32.170773 0.061079 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:32.232241 0.052251 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:32.284882 0.042010 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:32.327277 0.140523 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:32.468252 0.074642 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:32.543261 0.049855 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:32.593452 0.132584 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:32.726652 0.061164 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:32.788214 0.113910 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:32.902605 0.156675 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:33.059756 0.125203 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:33.185352 0.476711 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:33.662485 0.170285 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:33.833176 0.077691 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:33.911280 0.136764 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:34.048497 0.152525 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:34.201388 0.150852 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:34.352629 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 22:35:50.705960 0.062362 tcp 10.0.2.109 60716 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:35:50.768591 0.064640 tcp 10.0.2.109 60717 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:35:50.833481 0.162790 tcp 10.0.2.109 60718 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/14 22:35:50.996756 0.233991 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:51.231154 0.327613 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:51.559226 0.078876 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:51.638555 0.234336 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:51.873293 0.186707 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:52.060379 0.068588 udp 10.0.2.109 3683 <-> 91.6.15.35 5333 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:52.129439 0.311809 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:52.441624 0.185826 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:52.627860 0.041765 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:52.669996 0.186518 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:35:52.856942 0.370992 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/14 22:37:41.478004 3.001002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/14 22:37:48.484906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:37:56.486444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:38:12.489260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:38:44.495394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:44:48.501279 3.001540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 22:44:55.508508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:45:03.510377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:45:19.518552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:45:51.519222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:54:02.527815 3.001618 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 22:54:09.536879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:54:17.536992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:54:33.539631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 22:55:05.545543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:00:09.834390 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 23:00:09.834535 0.395826 tcp 10.0.2.109 60719 -> 5.178.194.36 4983 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/02/14 23:01:15.561391 3.000495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 23:01:22.568051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:01:30.569194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:01:46.573961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:02:18.578551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:06:14.688460 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 23:06:14.688626 0.046697 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:14.735689 0.053700 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:14.789769 0.045173 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:14.835328 0.142242 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:14.977964 0.074612 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:15.052992 0.050280 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:15.103659 0.131544 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:15.235605 0.063674 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:15.299659 0.074905 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:15.374949 0.125652 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:15.501010 0.080675 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:15.582024 0.173631 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:15.756085 0.157783 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:15.914258 0.149497 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:16.064099 0.101192 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:16.165687 0.149378 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:16.315443 0.075209 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:16.391056 0.176620 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:16.568139 0.071331 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:16.639865 0.217864 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:16.858115 0.167245 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:17.025787 0.324635 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:17.350822 0.187548 rtcp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:17.538785 0.000000 udp 10.0.2.109 3683 -> 91.6.15.35 5333 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 23:06:36.031120 0.060945 tcp 10.0.2.109 60720 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 23:06:36.092296 0.062498 tcp 10.0.2.109 60721 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 23:06:36.155056 0.150771 tcp 10.0.2.109 60722 -> 195.113.214.249 443 SRPA* 0 0 24 13196 flow=From-Botnet-V1-TCP-Established 1970/02/14 23:06:36.306687 0.311258 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:36.618512 0.184067 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:36.802964 0.041136 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:36.844441 0.179819 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:06:37.024629 0.350967 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:08:31.588500 3.000603 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 23:08:38.597920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:08:46.596035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:09:02.599321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:09:34.604999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:15:38.612120 3.000792 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 23:15:45.618910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:15:53.620416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:16:09.623130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:16:41.629221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:22:45.635287 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 23:22:52.642706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:23:00.644324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:23:16.647257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:23:48.652854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:29:52.661107 2.999745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 23:29:59.666546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:30:07.669525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:30:10.232480 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 23:30:10.232676 0.737366 tcp 10.0.2.109 60723 -> 5.178.194.36 4983 FSPA* 0 0 14 1640 flow=From-Botnet-V1-TCP-Established 1970/02/14 23:30:23.672949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:30:55.677457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:36:50.877825 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/14 23:36:50.878001 0.000000 udp 10.0.2.109 3683 -> 91.6.15.35 5333 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/14 23:36:59.684290 3.000985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 23:37:06.694533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:37:08.441273 0.066711 tcp 10.0.2.109 60724 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/14 23:37:08.508218 0.064481 tcp 10.0.2.109 60725 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/14 23:37:08.573015 0.167661 tcp 10.0.2.109 60726 -> 195.113.214.249 443 SRPA* 0 0 34 21036 flow=From-Botnet-V1-TCP-Established 1970/02/14 23:37:08.741259 0.185239 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:08.926935 0.103581 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.030908 0.048137 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.079461 0.074716 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.154623 0.049642 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.204698 0.131169 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.336287 0.054457 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.391162 0.067746 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.459339 0.125737 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.585521 0.147008 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.732903 0.170540 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:09.903917 0.195026 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:10.099335 0.055283 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:10.155056 0.151196 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:10.306648 0.072313 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:10.379345 0.184877 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:10.564593 0.074122 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:10.639206 0.209951 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:10.849541 0.159207 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:11.009287 0.113629 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:11.123287 0.167429 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:11.291128 0.335807 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:11.627362 0.186345 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:11.814247 0.040819 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:11.855551 0.313915 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:12.169921 0.185796 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:12.356198 0.185813 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:12.542407 0.389443 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/14 23:37:14.694502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:37:30.695206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:38:02.700928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:44:06.706613 3.002279 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 23:44:13.714636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:44:21.716102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:44:37.719101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:45:09.729448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:53:34.733874 3.001988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/14 23:53:41.741211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:53:49.742971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:54:05.745978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/14 23:54:37.754736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:00:10.971586 0.000236 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 00:00:10.971929 0.406686 tcp 10.0.2.109 60727 -> 5.178.194.36 4983 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/02/15 00:00:41.758002 3.001601 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 00:00:48.764883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:00:56.766994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:01:12.769887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:01:44.775401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:07:33.838352 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 00:07:33.838548 0.043363 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:33.882493 0.043308 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:33.939445 0.047138 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:33.986960 0.071145 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:34.058575 0.050587 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:34.109518 0.130990 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:34.240946 0.057224 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:34.298638 0.063273 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:34.362542 0.128723 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:34.491690 0.148563 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:34.640618 0.164350 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:34.805500 0.084706 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:34.890686 0.130569 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:35.021681 0.151948 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:35.174000 0.071292 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:35.245703 0.160522 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:35.406610 0.077641 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:35.484612 0.216721 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:35.701694 0.156749 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:35.858840 0.117611 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:35.976834 0.165361 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:36.142596 0.338550 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:36.481560 0.187214 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:36.669158 0.046289 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:36.715835 0.179264 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:36.895504 0.313944 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:37.209837 0.185570 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:37.395800 0.353106 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:07:48.781913 3.001533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 00:07:55.788603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:08:03.790691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:08:19.793616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:08:51.800030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:14:55.805765 3.001681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 00:15:02.813235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:15:10.814664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:15:26.818015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:15:58.834045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:22:02.839883 3.001688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 00:22:09.847142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:22:17.848743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:22:33.851627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:23:05.857668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:29:09.864105 3.000680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 00:29:16.870966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:29:24.872439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:29:40.875627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:30:11.380217 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 00:30:11.380427 0.684126 tcp 10.0.2.109 60728 -> 5.178.194.36 4983 FSPA* 0 0 15 1787 flow=From-Botnet-V1-TCP-Established 1970/02/15 00:30:12.881169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:36:16.888246 3.066144 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 00:36:23.925236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:36:31.906831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:36:47.909563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:37:19.915714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:37:48.627546 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 00:37:48.627664 0.042684 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:37:48.670771 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 00:38:05.643322 0.061011 tcp 10.0.2.109 60729 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 00:38:05.704614 0.062825 tcp 10.0.2.109 60730 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 00:38:05.767787 0.154880 tcp 10.0.2.109 60731 -> 195.113.214.249 443 SRPA* 0 0 34 23681 flow=From-Botnet-V1-TCP-Established 1970/02/15 00:38:05.923166 0.048698 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:05.972244 0.068505 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:06.041185 0.048704 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:06.090426 0.131143 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:06.221962 0.059544 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:06.281944 0.060845 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:06.343217 0.123439 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:06.467133 0.152772 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:06.620363 0.163685 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:06.784421 0.080463 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:06.865307 0.238770 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:07.104438 0.150603 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:07.255448 0.071097 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:07.326939 0.140493 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:07.467809 0.066159 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:07.534319 0.217428 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:07.752163 0.157432 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:07.909973 0.101110 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:08.011438 0.166060 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:08.177891 0.327145 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:08.505452 0.187789 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:08.693593 0.042019 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:08.771157 0.185206 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:08.956734 0.345983 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:09.303106 0.314168 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:38:09.617660 0.183886 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/15 00:43:23.922205 3.013472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 00:43:30.939250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:43:38.941156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:43:54.943925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:44:26.949775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:50:30.957611 3.000085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 00:50:37.965664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:50:45.964060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:51:01.967679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:51:33.973357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:57:37.999094 3.002196 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 00:57:45.007046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:57:53.008447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:58:09.011413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 00:58:41.018543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:00:12.089127 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 01:00:12.089237 0.405644 tcp 10.0.2.109 60732 -> 5.178.194.36 4983 FSPA* 0 0 14 1742 flow=From-Botnet-V1-TCP-Established 1970/02/15 01:04:49.030277 3.401735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/02/15 01:04:54.416562 3.956415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/02/15 01:05:06.288205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:05:22.098413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:05:53.702255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:08:24.897216 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 01:08:24.897414 0.040794 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:24.938606 0.043608 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:24.982652 0.052983 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:25.036160 0.068259 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:25.104797 0.049966 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:25.155275 0.130742 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:25.286414 0.053361 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:25.340226 0.000000 udp 10.0.2.109 3683 -> 217.44.122.9 4764 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 01:08:40.918723 0.061930 tcp 10.0.2.109 60733 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 01:08:40.980939 0.072140 tcp 10.0.2.109 60734 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 01:08:41.052914 0.172680 tcp 10.0.2.109 60735 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 01:08:41.226415 0.128883 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:41.356332 0.144702 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:41.501472 0.163410 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:41.665262 0.086289 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:41.751969 0.264707 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:42.017115 0.148703 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:42.166273 0.076350 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:42.243082 0.137351 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:42.380865 0.069474 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:42.450787 0.217280 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:42.668475 0.159941 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:42.828824 0.112532 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:42.941740 0.167279 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:43.109484 0.334221 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:44.687038 0.187549 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:44.875066 0.040707 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:44.916239 0.313774 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:45.230476 0.183426 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:45.414463 0.178970 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:08:45.593890 0.379069 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:11:56.063359 3.103721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 01:12:03.147996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:12:11.086156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:12:27.085386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:12:59.091278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:19:03.097020 3.001997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 01:19:10.104956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:19:18.106442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:19:35.875010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:20:07.501595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:26:10.136440 2.996703 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 01:26:17.139000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:26:25.140604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:26:41.143250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:27:13.159623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:30:12.497378 4.372303 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 01:30:16.869940 0.470797 tcp 10.0.2.109 60736 -> 5.178.194.36 4983 FSPA* 0 0 14 1672 flow=From-Botnet-V1-TCP-Established 1970/02/15 01:33:19.007047 2.958237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 01:33:25.930010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:33:33.821568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:33:49.608175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:34:21.182238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:38:48.609420 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 01:38:48.609529 0.065057 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:38:48.674947 0.053013 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:38:48.728429 0.071210 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:38:48.800002 0.048716 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:38:48.849128 0.130889 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:38:48.980404 0.057117 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:38:49.037931 0.000000 udp 10.0.2.109 3683 -> 84.10.6.6 9114 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 01:39:05.836225 0.071732 tcp 10.0.2.109 60737 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 01:39:05.908287 0.063402 tcp 10.0.2.109 60738 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 01:39:05.971541 0.159718 tcp 10.0.2.109 60739 -> 195.113.214.249 443 SRPA* 0 0 40 22618 flow=From-Botnet-V1-TCP-Established 1970/02/15 01:39:06.130633 0.044891 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:06.175965 0.163806 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:06.340140 0.087375 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:06.427951 0.124874 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:06.553203 0.147208 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:06.700767 0.362983 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:07.064161 0.151439 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:07.215987 0.073414 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:07.290415 0.137828 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:07.428640 0.066018 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:07.495026 0.208172 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:07.703599 0.157838 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:07.861903 0.119108 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:07.981454 0.163877 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:08.145722 0.379144 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:08.525314 0.187807 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:08.713547 0.047092 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:08.761067 0.178906 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:08.940374 0.314467 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:09.255303 0.186229 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:39:09.441892 0.379092 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/15 01:40:24.208706 3.002200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 01:40:31.216514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:40:39.225455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:40:55.221203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:41:27.228478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:47:31.233429 3.001169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 01:47:38.240803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:47:46.242600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:48:04.035810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:48:35.664607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:55:26.286532 3.002877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 01:55:33.293583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:55:41.295343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:55:57.297925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 01:56:29.304696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:00:12.986058 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 02:00:12.986167 0.505227 tcp 10.0.2.109 60740 -> 5.178.194.36 4983 FSPA* 0 0 14 1742 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:02:48.311773 3.001664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 02:02:55.319110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:03:03.320794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:03:19.323571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:03:51.329772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:09:25.650947 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 02:09:25.651100 0.045945 udp 10.0.2.109 3683 <-> 84.10.6.6 9114 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:25.697532 0.068734 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:25.766688 0.048779 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:25.815892 0.063389 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:25.879735 0.049005 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:25.929147 0.132006 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:26.061618 0.061359 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:26.123449 0.083110 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:26.207066 0.126242 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:26.333812 0.237457 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:26.571663 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 02:09:43.518236 0.062921 tcp 10.0.2.109 60741 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:09:43.581500 0.063082 tcp 10.0.2.109 60742 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:09:43.644958 0.167558 tcp 10.0.2.109 60743 -> 195.113.214.249 443 SRPA* 0 0 23 13790 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:09:43.813062 0.164565 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:43.978033 0.477544 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:44.456029 0.149800 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:44.606316 0.075678 udp 10.0.2.109 3683 <-> 94.69.101.45 6063 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:44.682535 0.144733 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:44.827654 0.070279 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:44.898517 0.217704 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:45.116643 0.156920 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:45.274032 0.107249 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:45.381630 0.163943 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:45.546000 0.345129 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:45.891495 0.188055 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:46.079933 0.040878 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:46.121157 0.186763 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:46.308274 0.344429 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:46.653105 0.179652 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:46.833171 0.315387 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:09:55.335880 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 02:10:02.343360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:10:10.432109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:10:26.357625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:10:58.363589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:17:02.369778 3.030237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 02:17:09.388449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:17:17.388539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:17:33.391938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:18:05.397894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:24:09.403894 3.472652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 02:24:16.843693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:24:24.771200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:24:40.633239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:25:12.431606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:30:13.494936 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 02:30:13.495045 0.724615 tcp 10.0.2.109 60744 -> 5.178.194.36 4983 FSPA* 0 0 14 1673 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:31:16.437949 4.494582 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 02:31:24.892122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:31:32.795663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:31:48.600148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:32:20.216374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:38:23.471821 3.001300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 02:38:30.890787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:38:38.816169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:38:54.667579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:39:26.499763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:39:51.565461 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 02:39:51.565562 0.043236 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:39:51.609210 0.075019 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:39:51.684621 0.049777 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:39:51.734758 0.061952 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:39:51.797122 0.049365 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:39:51.846824 0.000000 udp 10.0.2.109 3683 -> 84.10.6.6 9114 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 02:40:09.227063 0.066620 tcp 10.0.2.109 60745 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:40:09.293485 0.063829 tcp 10.0.2.109 60746 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:40:09.357178 0.170326 tcp 10.0.2.109 60747 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:40:09.528047 0.125252 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:09.653752 0.141031 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:09.795226 0.132178 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:09.927793 0.055867 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:09.984124 0.082283 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:10.066872 0.162736 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:10.230036 0.270471 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:10.500978 0.216102 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:10.717488 0.000000 udp 10.0.2.109 3683 -> 94.69.101.45 6063 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 02:40:29.491199 0.064448 tcp 10.0.2.109 60748 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:40:29.555924 0.065309 tcp 10.0.2.109 60749 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:40:29.621530 0.158076 tcp 10.0.2.109 60750 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/15 02:40:29.780339 0.140002 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:29.920711 0.072350 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:29.993411 0.110640 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:30.104473 0.250235 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:30.355153 0.327427 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:30.682994 0.207780 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:30.891139 0.156497 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:31.048033 0.187980 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:31.236394 0.041624 udp 10.0.2.109 3683 <-> 93.198.215.125 8279 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:31.278582 0.183180 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:31.462231 0.348006 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:31.810653 0.181438 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:40:31.992449 0.314349 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/15 02:45:30.505879 3.001937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 02:45:37.513083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:45:45.514609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:46:01.517455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:46:33.523974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:54:26.536610 3.001250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 02:54:33.543437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:54:41.544914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:54:57.548269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 02:55:29.554218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:00:14.225705 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 03:00:14.225832 0.541001 tcp 10.0.2.109 60751 -> 5.178.194.36 4983 FSPA* 0 0 14 1535 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:01:54.570010 3.002146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 03:02:04.220095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:02:12.125126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:02:27.934371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:03:02.072555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:09:08.615081 3.000860 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 03:09:15.621962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:09:23.623593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:09:39.626498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:10:11.632641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:10:33.874167 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 03:10:33.874307 0.000000 udp 10.0.2.109 3683 -> 84.10.6.6 9114 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 03:10:51.271988 0.061079 tcp 10.0.2.109 60752 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:10:51.333329 0.070428 tcp 10.0.2.109 60753 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:10:51.404066 0.136115 tcp 10.0.2.109 60754 -> 195.113.214.249 443 SRPA* 0 0 64 41261 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:10:51.540892 0.000000 udp 10.0.2.109 3683 -> 94.69.101.45 6063 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 03:11:09.636291 0.065738 tcp 10.0.2.109 60755 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:11:09.702460 0.089280 tcp 10.0.2.109 60756 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:11:09.792047 0.162688 tcp 10.0.2.109 60757 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:11:09.955360 0.416569 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:10.372288 0.048854 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:10.421505 0.049965 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:10.471873 0.070673 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:10.542895 0.047641 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:10.590920 0.125070 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:10.716394 0.146121 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:10.862914 0.135312 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:10.998606 0.000000 udp 10.0.2.109 3683 -> 99.163.244.168 8222 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 03:11:28.653832 0.138995 tcp 10.0.2.109 60758 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:11:28.793119 0.069350 tcp 10.0.2.109 60759 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:11:28.862370 0.166420 tcp 10.0.2.109 60760 -> 195.113.214.249 443 SRPA* 0 0 24 13858 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:11:29.029275 0.560521 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:29.590171 0.148721 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:29.739293 0.748454 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:30.488181 0.057791 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:30.546548 0.144908 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:30.691877 0.113740 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:30.806121 0.167390 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:30.973975 0.344488 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:31.318946 0.225963 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:31.545260 0.074174 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:31.619842 0.187066 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:31.807286 0.000000 udp 10.0.2.109 3683 -> 93.198.215.125 8279 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 03:11:48.512503 0.061354 tcp 10.0.2.109 60761 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:11:48.574169 0.063875 tcp 10.0.2.109 60762 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:11:48.638383 0.170802 tcp 10.0.2.109 60763 -> 195.113.214.249 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:11:48.809889 0.185886 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:48.996167 0.355275 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:49.351883 0.158743 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:49.511017 0.178692 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:11:49.690110 0.314314 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:16:15.637840 3.012249 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 03:16:22.666151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:16:30.667433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:16:46.670622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:17:18.676101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:23:22.681987 3.002330 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 03:23:29.690739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:23:37.691346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:23:53.694607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:24:25.700717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:30:14.762981 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 03:30:14.763083 0.504727 tcp 10.0.2.109 60764 -> 5.178.194.36 4983 FSPA* 0 0 14 1580 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:30:29.707203 3.000839 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 03:30:36.714298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:30:44.715312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:31:00.718588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:31:32.723867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:37:36.730379 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 03:37:43.737763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:37:51.745020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:38:07.746522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:38:39.748981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:41:52.748365 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 03:41:52.748542 0.164567 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:41:52.913508 0.000000 udp 10.0.2.109 3683 -> 93.198.215.125 8279 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 03:42:11.013632 0.069927 tcp 10.0.2.109 60765 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:42:11.083837 0.063042 tcp 10.0.2.109 60766 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:42:11.147173 0.161781 tcp 10.0.2.109 60767 -> 195.113.214.249 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/15 03:42:11.309679 0.050985 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:11.361038 0.075045 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:11.436503 0.047224 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:11.484092 0.122228 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:11.606826 0.144275 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:11.751563 0.061110 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:11.813098 0.064762 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:11.878384 0.135337 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:12.014182 0.151098 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:12.165743 0.344981 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:12.511201 0.138178 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:12.649786 0.102090 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:12.752298 0.071088 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:12.823802 0.080133 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:12.904334 0.059523 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:12.964287 0.192909 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:13.157566 0.167935 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:13.325901 0.340463 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:13.666753 0.217331 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:13.884441 0.186236 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:14.071044 0.345571 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:14.417020 0.156062 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:14.573533 0.186732 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:42:14.760615 0.316367 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/15 03:44:43.754595 3.001823 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 03:44:50.761949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:44:58.763570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:45:14.766383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:45:46.772582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:54:03.779206 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 03:54:10.790957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:54:18.789015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:54:34.791720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 03:55:06.797679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:00:15.273075 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 04:00:15.273249 0.697943 tcp 10.0.2.109 60768 -> 5.178.194.36 4983 FSPA* 0 0 14 1552 flow=From-Botnet-V1-TCP-Established 1970/02/15 04:01:10.802889 3.002377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 04:01:17.811074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:01:25.812931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:01:41.815463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:02:13.821238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:08:24.827884 3.132470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 04:08:31.932421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:08:39.864794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:08:55.849523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:09:27.855618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:12:27.063378 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 04:12:27.063473 0.163772 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:27.227678 0.042722 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:27.270825 0.131510 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:27.402719 0.238486 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:27.641598 0.065509 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:27.707541 0.062655 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:27.770486 0.051462 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:27.822561 0.071096 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:27.894013 0.131196 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:28.025610 0.161025 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:28.220852 1.106729 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:29.328031 0.227760 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:29.556167 0.134914 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:29.691536 0.060163 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:29.752101 0.078566 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:29.831061 0.166130 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:29.997582 0.328024 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:30.325993 0.218767 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:30.545173 0.072293 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:30.617884 0.187684 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:30.805936 0.183466 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:30.989794 0.360100 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:31.350444 0.157268 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:31.508112 0.183928 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:12:31.692406 0.339204 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:15:31.861642 3.001202 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 04:15:38.868821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:15:46.870560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:16:02.873361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:16:34.889613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:22:38.896484 3.000533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 04:22:45.903067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:22:53.904021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:23:09.907277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:23:41.913564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:29:45.920002 3.002547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 04:29:52.926710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:30:00.928581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:30:15.970915 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 04:30:15.971110 0.512241 tcp 10.0.2.109 60769 -> 5.178.194.36 4983 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/02/15 04:30:16.931494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:30:48.937000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:36:52.943203 3.002245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 04:36:59.951115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:37:07.952128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:37:23.956747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:37:55.962946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:42:54.140979 0.000191 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 04:42:54.141364 0.166016 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:54.307817 0.049065 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:54.357326 0.124929 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:54.482676 0.196697 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:54.679777 0.064150 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:54.744425 0.065403 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:54.810521 0.049782 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:54.860740 0.074581 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:54.935709 0.131174 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:55.067383 0.149156 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:55.216947 0.148373 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:55.365796 0.160981 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:55.527148 0.101875 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:55.629400 0.055685 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:55.685474 0.078643 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:55.764551 0.208221 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:55.973193 0.072297 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:56.045935 0.186662 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:56.232980 0.164360 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:56.397781 0.338794 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:56.736961 0.186599 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:56.923964 0.390397 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:57.314762 0.155787 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:57.470954 0.178893 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:42:57.650286 0.338711 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/15 04:43:59.967609 3.001552 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 04:44:06.974986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:44:14.977879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:44:30.979744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:45:02.998484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:51:07.001458 3.001940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 04:51:14.008839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:51:22.010464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:51:38.014122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:52:10.019268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:58:14.025798 3.001240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 04:58:21.033014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:58:29.034233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:58:45.037531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 04:59:17.043353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:00:16.489294 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:00:16.489489 0.530792 tcp 10.0.2.109 60770 -> 5.178.194.36 4983 FSPA* 0 0 14 1560 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:05:31.053800 3.002008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 05:05:38.061434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:05:46.062860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:06:02.068427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:06:34.071700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:12:38.088425 3.000946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 05:12:45.095333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:12:53.096613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:13:08.809634 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:13:08.809739 0.124112 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:08.934395 0.147136 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:09.081916 0.070928 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:09.099665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:13:09.153360 0.063158 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:09.216921 0.049930 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:09.267212 0.076160 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:09.343787 0.000000 udp 10.0.2.109 3683 -> 99.163.244.168 8222 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:13:26.546174 0.065060 tcp 10.0.2.109 60771 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:13:26.611525 0.066135 tcp 10.0.2.109 60772 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:13:26.677956 0.137622 tcp 10.0.2.109 60773 -> 195.113.214.249 443 SRPA* 0 0 65 42165 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:13:26.816093 0.043158 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:26.859755 0.131156 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:26.991352 0.156546 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:27.148268 0.170265 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:27.318996 0.136760 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:27.456126 0.102811 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:27.559305 0.055089 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 580 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:27.614776 0.082469 udp 10.0.2.109 3683 <-> 81.149.70.189 3670 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:27.697627 0.208689 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:27.906678 0.068604 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:27.975662 0.187174 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:28.163207 0.167171 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:28.330767 0.340070 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:28.671253 0.185458 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:28.857119 0.187109 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:29.044671 0.392941 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:29.438094 0.156822 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:29.595366 0.345294 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:13:41.106040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:19:45.112334 3.110268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 05:19:52.191651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:20:00.130677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:20:16.133870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:20:48.139598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:26:52.145596 3.001752 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 05:26:59.153222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:27:08.441911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:27:24.242036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:27:55.857628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:30:17.027386 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:30:17.027564 0.443647 tcp 10.0.2.109 60774 -> 5.178.194.36 4983 FSPA* 0 0 14 1507 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:33:59.179706 3.001683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 05:34:06.187197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:34:14.188082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:34:30.191627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:35:02.197502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:41:06.203841 3.001663 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 05:41:13.211042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:41:21.212457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:41:37.215585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:42:09.231686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:43:41.023734 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:43:41.023920 0.000000 udp 10.0.2.109 3683 -> 99.163.244.168 8222 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:43:59.301537 0.065405 tcp 10.0.2.109 60775 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:43:59.367274 0.062389 tcp 10.0.2.109 60776 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:43:59.429998 0.162295 tcp 10.0.2.109 60777 -> 195.113.214.249 443 SRPA* 0 0 36 27216 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:43:59.592904 0.124720 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:43:59.718017 0.050275 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:43:59.768706 0.068366 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:43:59.837454 0.064985 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:43:59.902872 0.148734 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:00.052044 0.060693 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:00.113289 0.044125 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:00.157840 0.131276 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:00.289481 0.150277 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:00.440263 0.082342 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:00.522975 0.145722 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:00.669086 0.121159 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:00.790646 0.212430 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:01.003465 0.000000 udp 10.0.2.109 3683 -> 81.149.70.189 3670 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:44:18.741156 0.064163 tcp 10.0.2.109 60778 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:44:18.805638 0.068289 tcp 10.0.2.109 60779 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:44:18.874263 0.156941 tcp 10.0.2.109 60780 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/15 05:44:19.031747 0.212673 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:19.244791 0.074957 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:19.320163 0.188872 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:19.530215 0.165859 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:19.696443 0.330693 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:20.027547 0.185426 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:20.213500 0.153390 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:20.367272 0.356353 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:20.724022 0.183667 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:20.908284 0.415267 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:21.599414 0.000000 udp 10.0.2.109 3683 -> 81.149.70.189 3670 REQ 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:44:27.781869 0.049964 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 809 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:27.832299 0.068704 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 787 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:27.901473 0.051561 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 832 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:27.953520 0.125933 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 841 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:28.079908 0.059067 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:28.139421 0.046414 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 772 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:28.186412 0.161681 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 786 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:28.348580 0.151137 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 822 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:28.500182 0.059263 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:28.559978 0.806926 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 787 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:29.367361 0.132111 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:29.559264 0.132088 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 838 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:29.691821 0.048766 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 705 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:29.741086 0.077891 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 787 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:29.819442 0.184896 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 688 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:30.004849 0.163341 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:30.168697 0.208082 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 684 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:30.377227 0.333027 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:30.710676 0.185919 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 853 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:30.897043 0.156282 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 671 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:31.053796 0.350687 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:31.404929 0.179322 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 704 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:31.584668 0.421559 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 818 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:44:32.006785 0.000000 udp 10.0.2.109 3683 -> 219.74.28.245 6171 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:44:39.307702 0.000000 udp 10.0.2.109 3683 -> 2.232.82.92 3876 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:44:47.339724 0.000000 udp 10.0.2.109 3683 -> 95.226.160.37 6037 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:44:53.117265 0.000000 udp 10.0.2.109 3683 -> 212.95.252.147 6485 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:45:01.461303 0.000000 udp 10.0.2.109 3683 -> 93.69.4.151 8432 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:45:06.376382 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:45:09.050513 0.055860 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 758 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:45:09.315433 0.047491 udp 10.0.2.109 3683 <-> 80.48.154.119 2934 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:45:09.470613 0.055375 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 663 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:45:09.635430 0.000000 udp 10.0.2.109 3683 -> 92.251.3.111 8911 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:45:16.722762 0.000000 udp 10.0.2.109 3683 -> 203.206.220.184 6369 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:45:22.980319 0.000000 udp 10.0.2.109 3683 -> 89.176.150.62 3654 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:45:30.821648 0.000000 udp 10.0.2.109 3683 -> 166.127.131.81 7357 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:45:39.463861 0.000000 udp 10.0.2.109 3683 -> 97.95.42.2 2763 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:45:47.365411 0.000000 udp 10.0.2.109 3683 -> 87.23.172.184 2396 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:45:51.881750 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:45:52.743624 0.055528 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 665 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:45:53.052723 0.000000 udp 10.0.2.109 3683 -> 79.30.205.75 4621 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:46:01.495689 0.000000 udp 10.0.2.109 3683 -> 24.111.66.114 8391 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:46:07.934860 0.087730 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 804 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:46:08.104459 0.076094 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 829 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:46:08.260316 0.000000 udp 10.0.2.109 3683 -> 67.71.178.38 5362 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:46:16.287119 0.000000 udp 10.0.2.109 3683 -> 176.221.19.86 3510 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:46:24.178259 0.000000 udp 10.0.2.109 3683 -> 14.97.158.160 1405 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:46:29.265484 0.390842 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 698 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:46:30.088147 0.000000 udp 10.0.2.109 3683 -> 74.138.29.60 5435 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:46:37.537726 0.000000 udp 10.0.2.109 3683 -> 2.179.237.42 3103 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:46:42.855270 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:46:44.094400 0.000000 udp 10.0.2.109 3683 -> 105.227.250.108 1015 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:46:52.626529 0.000000 udp 10.0.2.109 3683 -> 79.5.50.198 6806 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:46:58.112759 0.000000 udp 10.0.2.109 3683 -> 120.36.177.134 8451 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:47:05.228279 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:47:10.947305 0.000000 udp 10.0.2.109 3683 -> 95.241.150.247 2736 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:47:18.618535 0.000000 udp 10.0.2.109 3683 -> 79.48.248.166 7746 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:47:27.409482 0.142280 udp 10.0.2.109 3683 -> 77.92.231.157 4539 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:47:27.551762 0.000000 icmp 77.92.231.157 0x0303 -> 10.0.2.109 0xbb11 URP 192 1 317 flow=Background 1970/02/15 05:47:32.376373 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:47:35.315680 0.000000 udp 10.0.2.109 3683 -> 89.166.215.187 2531 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:47:42.030074 0.000000 udp 10.0.2.109 3683 -> 72.27.203.129 4928 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:47:50.071467 0.000000 udp 10.0.2.109 3683 -> 114.79.28.60 5351 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:47:57.910437 0.000000 rtcp 10.0.2.109 3683 -> 186.6.53.150 2209 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:48:03.387686 0.000000 udp 10.0.2.109 3683 -> 70.168.1.110 7648 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:48:12.213694 0.000000 udp 10.0.2.109 3683 -> 80.111.142.169 1551 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:48:13.551219 2.962276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 05:48:17.147098 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:48:20.471361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:48:20.843279 0.074191 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:48:21.086991 0.000000 udp 10.0.2.109 3683 -> 213.137.23.83 2376 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:48:28.369675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:48:29.395288 0.000000 udp 10.0.2.109 3683 -> 46.227.89.138 7047 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:48:36.774281 0.055966 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 760 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:48:37.216682 0.261646 udp 10.0.2.109 3683 <-> 59.161.89.245 1391 CON 0 0 2 806 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:48:37.754353 0.000000 udp 10.0.2.109 3683 -> 89.182.3.122 3565 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:48:43.739143 0.000000 rtcp 10.0.2.109 3683 -> 46.63.4.233 6695 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:48:44.249607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:48:51.760751 0.000000 udp 10.0.2.109 3683 -> 91.40.44.26 2747 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:48:59.143928 0.000000 udp 10.0.2.109 3683 -> 81.149.81.205 4907 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:49:03.877737 0.085991 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:49:04.729245 0.000000 udp 10.0.2.109 3683 -> 94.68.251.229 9818 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:49:10.061719 0.000000 udp 10.0.2.109 3683 -> 97.68.87.33 2033 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:49:16.255622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:49:17.827985 0.000000 udp 10.0.2.109 3683 -> 188.36.120.124 3716 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:49:24.241108 0.166731 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 801 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:49:24.504323 0.000000 udp 10.0.2.109 3683 -> 218.145.118.14 9278 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:49:32.388759 0.000000 udp 10.0.2.109 3683 -> 63.133.182.2 7982 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:49:39.939640 0.000000 udp 10.0.2.109 3683 -> 46.197.185.32 2950 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:49:47.310423 0.079772 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 813 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:49:48.252781 0.051064 udp 10.0.2.109 3683 <-> 86.157.141.76 6148 CON 0 0 2 824 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:49:49.063268 0.000000 udp 10.0.2.109 3683 -> 217.174.54.246 2921 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:49:51.876351 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:49:57.034932 0.000000 udp 10.0.2.109 3683 -> 95.247.177.205 4724 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:50:03.915002 0.000000 udp 10.0.2.109 3683 -> 105.226.10.121 9023 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:50:10.297596 0.000000 udp 10.0.2.109 3683 -> 79.9.37.225 7377 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:50:19.216328 0.000000 udp 10.0.2.109 3683 -> 197.255.192.12 8045 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:50:24.934252 0.000000 udp 10.0.2.109 3683 -> 79.36.240.49 3882 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:50:30.973383 0.000000 udp 10.0.2.109 3683 -> 81.19.32.10 5102 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:50:39.655555 0.097783 udp 10.0.2.109 3683 -> 85.18.187.110 9258 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:50:39.753338 0.000000 icmp 85.18.187.110 0x0303 -> 10.0.2.109 0x2a24 URP 192 1 127 flow=Background 1970/02/15 05:50:44.382420 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:50:48.648544 0.192388 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 825 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:50:48.902145 0.173745 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 788 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:50:49.206782 0.173976 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 655 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:50:49.570872 0.000000 udp 10.0.2.109 3683 -> 177.135.179.51 5906 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:50:56.419914 0.046723 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:50:56.789435 0.077397 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 759 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:50:56.991132 0.000000 udp 10.0.2.109 3683 -> 91.143.201.218 7846 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:51:03.109346 0.000000 udp 10.0.2.109 3683 -> 122.106.63.19 5033 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:51:09.839146 0.210556 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 831 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:51:10.082194 0.000000 udp 10.0.2.109 3683 -> 77.103.187.236 2591 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:51:18.050798 0.306531 udp 10.0.2.109 3683 <-> 114.146.244.253 3402 CON 0 0 2 667 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:51:18.619004 0.055359 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 768 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:51:18.974303 0.000000 udp 10.0.2.109 3683 -> 203.161.116.214 7254 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:51:27.114011 0.087570 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 845 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:51:27.385693 0.000000 udp 10.0.2.109 3683 -> 181.160.172.172 4123 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:51:31.880368 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:51:34.985360 0.000000 udp 10.0.2.109 3683 -> 95.225.76.232 6113 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:51:40.032657 0.000000 udp 10.0.2.109 3683 -> 82.18.251.74 1433 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:51:47.282763 0.000000 udp 10.0.2.109 3683 -> 95.228.157.225 7220 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:51:52.640397 0.000000 udp 10.0.2.109 3683 -> 195.43.170.238 6035 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:52:01.393420 0.000000 udp 10.0.2.109 3683 -> 195.91.157.11 1954 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:52:10.256197 0.000000 udp 10.0.2.109 3683 -> 87.23.205.158 3710 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:52:16.174835 0.162660 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 728 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:52:16.408077 0.000000 udp 10.0.2.109 3683 -> 24.103.34.231 6995 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:52:20.880897 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:52:24.005620 0.202131 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 721 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:52:24.325518 0.000000 udp 10.0.2.109 3683 -> 94.11.127.251 3279 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:52:29.553755 0.000000 udp 10.0.2.109 3683 -> 208.234.63.46 3250 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:52:37.565045 0.028364 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 674 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:52:37.927689 0.000000 udp 10.0.2.109 3683 -> 41.138.177.221 7990 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:52:45.558304 0.000000 udp 10.0.2.109 3683 -> 195.171.106.106 1459 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:52:52.286581 0.000000 udp 10.0.2.109 3683 -> 95.254.102.18 1506 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:53:00.227913 0.000000 udp 10.0.2.109 3683 -> 79.59.213.11 6266 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:53:07.520921 0.000000 udp 10.0.2.109 3683 -> 79.31.160.54 5940 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:53:12.375059 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:53:16.200841 0.000000 udp 10.0.2.109 3683 -> 79.42.161.74 5149 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:53:22.760173 0.000000 udp 10.0.2.109 3683 -> 95.104.41.69 3865 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:53:29.910654 1.134174 udp 10.0.2.109 3683 <-> 87.8.137.112 8539 CON 0 0 2 662 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:53:31.160992 0.000000 udp 10.0.2.109 3683 -> 95.239.215.160 8622 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:53:39.874247 0.000000 udp 10.0.2.109 3683 -> 93.64.105.234 2528 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:53:48.561748 0.000000 udp 10.0.2.109 3683 -> 77.70.106.113 7559 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:53:53.612459 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:53:58.066315 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:54:02.062218 0.317709 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 751 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:54:02.444547 0.000000 udp 10.0.2.109 3683 -> 99.163.244.168 8222 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:54:09.869711 0.224297 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:54:10.467820 0.054951 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 810 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:54:10.697130 0.000000 udp 10.0.2.109 3683 -> 95.10.67.29 1024 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:54:19.534654 0.000000 udp 10.0.2.109 3683 -> 1.169.254.138 2346 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:54:27.360707 0.000000 udp 10.0.2.109 3683 -> 41.215.52.146 3343 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:54:33.041049 0.064865 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:54:33.574463 0.000000 udp 10.0.2.109 3683 -> 86.149.221.84 5289 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:54:41.600166 0.000000 udp 10.0.2.109 3683 -> 86.17.159.159 5959 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:54:46.486272 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:54:46.980597 0.000000 udp 10.0.2.109 3683 -> 82.69.17.14 9436 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:54:54.311947 0.000000 udp 10.0.2.109 3683 -> 82.147.66.13 3871 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:55:02.443707 0.000000 udp 10.0.2.109 3683 -> 87.101.230.38 4338 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:55:09.924079 0.000000 udp 10.0.2.109 3683 -> 62.18.88.129 3989 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:55:15.922895 0.000000 udp 10.0.2.109 3683 -> 50.54.37.178 7314 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:55:23.263521 0.346334 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 779 flow=From-Botnet-V1-UDP-Established 1970/02/15 05:55:23.727974 0.000000 udp 10.0.2.109 3683 -> 221.186.93.201 9770 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:55:31.886007 0.000000 udp 10.0.2.109 3683 -> 82.127.221.98 5785 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:55:36.883822 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 05:55:38.805894 0.000000 udp 10.0.2.109 3683 -> 79.28.203.203 8687 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:55:46.076198 0.000000 udp 10.0.2.109 3683 -> 79.15.245.142 6205 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:55:46.268931 3.002404 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 05:55:53.046282 0.000000 udp 10.0.2.109 3683 -> 86.153.42.33 3342 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:55:53.276453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:56:00.437158 0.000000 udp 10.0.2.109 3683 -> 88.40.196.86 8649 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:56:01.277861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:56:07.828850 0.000000 udp 10.0.2.109 3683 -> 42.99.146.30 4646 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 05:56:17.280919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 05:56:49.286916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:00:17.476509 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 06:00:17.476696 0.610154 tcp 10.0.2.109 60781 -> 5.178.194.36 4983 FSPA* 0 0 14 1639 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:02:53.292450 3.003449 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 06:03:00.300509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:03:08.301861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:03:24.307389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:03:56.315714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:10:00.317312 3.010675 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 06:10:07.334451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:10:15.335992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:10:31.338802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:11:03.345182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:17:07.351876 3.000231 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 06:17:14.358451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:17:22.359693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:17:38.362711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:18:10.368917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:24:14.374546 3.002188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 06:24:21.382372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:24:29.383760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:24:45.386729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:25:17.392835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:26:25.531129 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 06:26:25.531285 0.050006 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:25.581741 0.066588 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:25.648769 0.123291 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:25.772481 0.337617 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:26.110625 0.084789 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:26.195835 0.049513 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:26.245724 0.136637 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:26.382714 0.099659 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:26.482761 0.059470 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:26.542617 0.073177 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:26.616272 0.219054 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:26.835681 0.163600 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:26.999646 0.227038 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:27.227059 0.369441 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:27.596937 0.183636 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:27.780975 0.157538 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:27.938914 0.182114 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:28.121436 0.350839 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:28.472738 0.443550 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:28.916687 0.057572 udp 10.0.2.109 3683 <-> 176.73.167.119 9423 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:28.974511 0.055318 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:29.030233 0.049877 udp 10.0.2.109 3683 <-> 80.48.154.119 2934 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:29.080756 0.049483 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:29.134402 0.053492 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:29.190373 0.066651 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:29.257520 0.376978 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:29.634908 0.066976 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:29.702368 0.057396 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:29.760158 0.000000 udp 10.0.2.109 3683 -> 59.161.89.245 1391 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 06:26:45.812053 0.095457 tcp 10.0.2.109 60782 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:26:45.907833 0.076687 tcp 10.0.2.109 60783 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:26:45.984842 0.164702 tcp 10.0.2.109 60784 -> 195.113.214.249 443 SRPA* 0 0 24 10458 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:26:46.149411 0.271139 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:46.421007 0.327298 udp 10.0.2.109 3683 <-> 114.146.244.253 3402 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:46.748961 0.053675 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:46.803022 0.090092 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:46.893472 0.163153 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:26:47.057022 0.000000 udp 10.0.2.109 3683 -> 94.66.220.66 6063 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 06:27:05.048194 0.064209 tcp 10.0.2.109 60785 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:27:05.112700 0.062176 tcp 10.0.2.109 60786 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:27:05.175189 0.163794 tcp 10.0.2.109 60787 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:27:05.339760 0.000000 udp 10.0.2.109 3683 -> 86.157.141.76 6148 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 06:27:22.934030 0.068217 tcp 10.0.2.109 60788 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:27:23.002439 0.062614 tcp 10.0.2.109 60789 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:27:23.065402 0.167655 tcp 10.0.2.109 60790 -> 195.113.214.249 443 SRPA* 0 0 41 22012 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:27:23.233640 0.159613 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:23.393676 0.207881 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:23.604387 0.180623 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:23.785403 0.171855 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:23.957658 0.290129 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:24.248181 0.031334 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:24.279879 0.071849 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:24.352113 0.041061 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:24.393546 0.107343 udp 10.0.2.109 3683 <-> 87.8.137.112 8539 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:24.501324 0.316401 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:24.818066 0.208615 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:25.027092 0.054427 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:25.081959 0.059050 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:27:25.141405 0.359900 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:30:18.085598 0.000157 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 06:30:18.085860 0.684735 tcp 10.0.2.109 60791 -> 5.178.194.36 4983 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:31:21.399004 3.001564 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 06:31:28.406478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:31:36.407539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:31:52.410706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:32:24.417000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:38:28.423214 3.001385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 06:38:35.430368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:38:43.431623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:38:59.434689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:39:31.440885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:45:35.447919 3.001406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 06:45:42.454421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:45:50.455661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:46:06.458910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:46:38.464798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:54:27.471076 3.002370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 06:54:34.479154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:54:42.557687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:54:59.937677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:55:31.546153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 06:57:48.869141 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 06:57:48.869257 0.000000 udp 10.0.2.109 3683 -> 59.161.89.245 1391 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 06:58:03.892544 0.286568 tcp 10.0.2.109 60792 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:58:04.179384 0.066479 tcp 10.0.2.109 60793 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:58:04.246117 0.163505 tcp 10.0.2.109 60794 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:58:04.410327 0.070127 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:04.480886 0.000000 udp 10.0.2.109 3683 -> 86.157.141.76 6148 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 06:58:22.657339 0.060942 tcp 10.0.2.109 60795 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:58:22.718647 0.067209 tcp 10.0.2.109 60796 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:58:22.786189 0.161833 tcp 10.0.2.109 60797 -> 195.113.214.249 443 SRPA* 0 0 24 13234 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:58:22.948614 0.061255 udp 10.0.2.109 3683 <-> 217.44.122.9 4764 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.010447 0.049948 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.060775 0.126492 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.187698 0.139198 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.327248 0.099808 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.427463 0.059949 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.487856 0.068764 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.557044 0.187909 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.745346 0.126703 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.872417 0.056493 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.929357 0.056576 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:23.986340 0.234220 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:24.220996 0.209197 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:24.430588 0.186100 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:24.617091 0.155394 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:24.772875 0.356805 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:25.130061 0.343530 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:25.474027 0.179518 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:25.653998 0.389210 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:26.043594 0.055505 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:58:26.099507 0.000000 udp 10.0.2.109 3683 -> 80.48.154.119 2934 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 06:58:42.205934 0.069109 tcp 10.0.2.109 60798 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:58:42.275323 0.069231 tcp 10.0.2.109 60799 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:58:42.344851 0.154993 tcp 10.0.2.109 60800 -> 195.113.214.249 443 SRPA* 0 0 20 11520 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:58:42.500377 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 06:59:00.933109 0.066581 tcp 10.0.2.109 60801 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:59:00.999966 0.062905 tcp 10.0.2.109 60802 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:59:01.063117 0.157563 tcp 10.0.2.109 60803 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:59:01.221212 0.073768 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:01.295395 0.059048 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:01.354875 0.055346 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:01.410626 0.070001 udp 10.0.2.109 3683 <-> 86.146.251.178 3180 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:01.481015 0.056212 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:01.537586 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 06:59:19.098604 0.064843 tcp 10.0.2.109 60804 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:59:19.163735 0.068672 tcp 10.0.2.109 60805 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:59:19.232694 0.171501 tcp 10.0.2.109 60806 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:59:19.404708 0.322726 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:19.727858 0.000000 udp 10.0.2.109 3683 -> 114.146.244.253 3402 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 06:59:38.506579 0.061807 tcp 10.0.2.109 60807 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:59:38.568640 0.061368 tcp 10.0.2.109 60808 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:59:38.630308 0.176067 tcp 10.0.2.109 60809 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/15 06:59:38.806940 0.053686 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:38.860973 0.095495 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:38.956944 0.160993 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:39.118358 0.175877 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:39.294611 0.158982 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:39.453949 0.202793 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:39.657085 0.173614 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:39.831055 0.221551 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:40.052982 0.027954 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:40.081301 0.079233 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:40.160972 0.040535 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:40.201956 0.114373 udp 10.0.2.109 3683 <-> 87.8.137.112 8539 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:40.316689 0.301578 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:40.618698 0.062757 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:40.681827 0.277926 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:40.960082 0.209153 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/15 06:59:41.169610 0.058442 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:00:18.775956 0.585789 tcp 10.0.2.109 60810 -> 5.178.194.36 4983 FSPA* 0 0 15 1732 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:01:56.529007 3.000057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 07:02:03.534652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:02:11.536421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:02:27.539370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:02:59.545467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:09:09.560787 3.000626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 07:09:16.567315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:09:24.568834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:09:40.571765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:10:12.577758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:16:16.584163 3.001357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 07:16:23.591147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:16:31.592800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:16:47.595653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:17:19.602014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:23:23.607636 3.016005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 07:23:30.632258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:23:38.748366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:23:54.639754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:24:26.645560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:30:10.791157 0.050205 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 07:30:10.841534 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 07:30:19.363907 0.547905 tcp 10.0.2.109 60811 -> 5.178.194.36 4983 FSPA* 0 0 14 1743 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:30:28.740341 0.063638 tcp 10.0.2.109 60812 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:30:28.804240 0.068967 tcp 10.0.2.109 60813 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:30:28.873508 0.166061 tcp 10.0.2.109 60814 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:30:29.040147 0.000000 udp 10.0.2.109 3683 -> 176.73.167.119 9423 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 07:30:30.656236 2.997283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 07:30:37.659401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:30:45.661938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:30:46.662999 0.061580 tcp 10.0.2.109 60815 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:30:46.724861 0.064742 tcp 10.0.2.109 60816 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:30:46.789862 0.165852 tcp 10.0.2.109 60817 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:30:46.956271 0.000000 udp 10.0.2.109 3683 -> 80.48.154.119 2934 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 07:31:01.663782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:31:04.949140 0.062004 tcp 10.0.2.109 60818 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:05.011453 0.060751 tcp 10.0.2.109 60819 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:05.072494 0.162023 tcp 10.0.2.109 60820 -> 195.113.214.249 443 SRPA* 0 0 24 13196 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:05.235313 0.000000 udp 10.0.2.109 3683 -> 114.146.244.253 3402 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 07:31:20.451436 0.064253 tcp 10.0.2.109 60821 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:20.516021 0.064219 tcp 10.0.2.109 60822 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:20.580551 0.170854 tcp 10.0.2.109 60823 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:20.752060 0.080412 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:20.832929 0.102627 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:20.935951 0.050601 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:20.987045 0.000000 udp 10.0.2.109 3683 -> 217.44.122.9 4764 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 07:31:20.987364 3.008378 tcp 10.0.2.109 60824 -> 147.163.75.36 5975 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 07:31:29.994675 0.000000 tcp 10.0.2.109 60824 -> 147.163.75.36 5975 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 07:31:33.669909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:31:36.885951 0.064552 tcp 10.0.2.109 60825 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:36.950782 0.068424 tcp 10.0.2.109 60826 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:37.019536 0.164971 tcp 10.0.2.109 60827 -> 195.113.214.249 443 SRPA* 0 0 42 22844 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:37.185434 0.170134 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:37.355970 0.126312 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:37.482723 0.710571 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:38.193697 0.165795 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:38.359961 0.185694 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:38.546134 0.069402 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:38.615896 0.058355 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:38.674620 0.217691 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:38.892704 0.055660 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:38.948813 0.048733 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:38.997920 0.185963 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:39.184260 0.156972 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:39.341672 0.314650 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:39.656790 0.406718 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:40.063864 0.183944 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:40.248249 0.403782 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:40.652464 0.054972 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:40.707787 0.065573 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:40.773773 0.056936 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:40.831145 0.000000 udp 10.0.2.109 3683 -> 86.146.251.178 3180 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 07:31:58.926253 0.061354 tcp 10.0.2.109 60828 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:58.987886 0.063889 tcp 10.0.2.109 60829 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:59.052054 0.162168 tcp 10.0.2.109 60830 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:59.214829 0.055593 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:59.270762 0.054511 udp 10.0.2.109 3683 <-> 86.134.204.82 1440 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:59.325718 0.207456 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:59.533561 0.162022 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:59.696010 0.055934 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:59.752394 0.133609 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:31:59.752729 4.948407 tcp 10.0.2.109 60831 -> 46.49.103.9 3012 SPA_* 0 0 713 591681 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:31:59.887051 0.175267 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:00.062749 0.160546 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:00.223717 0.207485 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:00.431524 0.173499 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:00.605433 0.076335 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:00.682193 0.048467 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:00.731090 0.097522 udp 10.0.2.109 3683 <-> 87.8.137.112 8539 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:00.829118 0.165869 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:00.995341 0.025037 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:01.020739 0.312576 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:01.333699 0.060700 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:01.394761 0.272645 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:01.667838 0.228627 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:01.896930 0.057901 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/15 07:32:04.753364 1.664176 tcp 10.0.2.109 60831 -> 46.49.103.9 3012 FPA_* 0 0 133 99919 flow=From-Botnet-V1-TCP-Established 1970/02/15 07:37:37.676431 3.001236 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 07:37:44.683200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:37:52.684176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:38:08.687879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:38:40.694035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:44:44.699583 3.002056 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 07:44:51.707459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:44:59.708683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:45:15.711727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:45:47.717888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:54:02.732716 3.000910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 07:54:09.739362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:54:17.741568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:54:33.744544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 07:55:05.750911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:00:19.912388 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 08:00:19.912498 0.534265 tcp 10.0.2.109 60832 -> 5.178.194.36 4983 FSPA* 0 0 14 1662 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:01:09.756049 3.001698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 08:01:16.764629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:01:24.764481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:01:40.767786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:02:12.774379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:02:27.505521 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 08:02:27.505624 0.000000 udp 10.0.2.109 3683 -> 217.44.122.9 4764 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 08:02:42.919030 0.061472 tcp 10.0.2.109 60833 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:02:42.980769 0.069921 tcp 10.0.2.109 60834 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:02:43.050990 0.160116 tcp 10.0.2.109 60835 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:02:43.211663 0.000000 udp 10.0.2.109 3683 -> 86.146.251.178 3180 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 08:02:59.381787 0.062252 tcp 10.0.2.109 60836 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:02:59.443910 0.064346 tcp 10.0.2.109 60837 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:02:59.508530 0.194531 tcp 10.0.2.109 60838 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:02:59.703660 0.103109 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:02:59.807173 0.123858 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:02:59.931483 0.051155 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:02:59.931876 4.944523 tcp 10.0.2.109 60839 -> 94.66.220.66 2226 SPA_* 0 0 294 163429 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:02:59.983005 0.137372 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:00.120722 0.338159 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:00.459262 0.132732 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:00.592402 0.065874 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:00.658661 0.059414 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:00.718466 0.217334 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:00.936141 0.188346 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:01.124874 0.166677 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:01.291940 0.067844 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:01.360132 0.159362 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:01.519862 0.315446 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:01.835649 0.183499 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:02.019514 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 08:03:04.942010 4.981108 tcp 10.0.2.109 60839 -> 94.66.220.66 2226 A_PA 0 0 392 221872 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:03:09.949750 4.997843 tcp 10.0.2.109 60839 -> 94.66.220.66 2226 A_PA 0 0 512 289792 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:03:14.974140 1.051158 tcp 10.0.2.109 60839 -> 94.66.220.66 2226 FPA_* 0 0 40 19716 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:03:17.828257 0.067374 tcp 10.0.2.109 60840 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:03:17.895966 0.064978 tcp 10.0.2.109 60841 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:03:17.961302 0.161663 tcp 10.0.2.109 60842 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:03:18.123454 0.331341 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:18.455266 0.061845 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:18.517491 0.071794 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:18.589650 0.056443 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:18.646561 0.440518 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:19.175082 0.182152 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:19.357712 0.212501 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:19.570642 0.158590 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:19.729658 0.057469 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:19.787564 0.085201 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:19.873133 0.063782 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:19.937313 0.000000 udp 10.0.2.109 3683 -> 86.134.204.82 1440 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 08:03:34.957801 0.062706 tcp 10.0.2.109 60843 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:03:35.020759 0.065279 tcp 10.0.2.109 60844 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:03:35.086353 0.176335 tcp 10.0.2.109 60845 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:03:35.263194 0.181270 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:35.444844 0.158434 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:35.603706 0.292033 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:35.896115 0.172049 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:36.068565 0.080341 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:36.149277 0.047763 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:36.197468 0.105777 udp 10.0.2.109 3683 <-> 87.8.137.112 8539 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:36.303698 0.291060 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:36.595157 1.303475 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:37.899011 0.342430 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:38.241793 0.217979 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:38.475494 0.057638 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:38.533500 0.244800 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:03:38.778744 0.027759 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:08:24.782320 3.000349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 08:08:31.789024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:08:39.790413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:08:55.792983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:09:27.799584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:15:31.806732 3.000497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 08:15:38.812658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:15:46.814620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:16:02.817263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:16:34.823517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:22:38.828935 3.002199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 08:22:45.836843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:22:53.838406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:23:09.841496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:23:41.847321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:29:45.854592 2.999916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 08:29:52.860634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:30:00.862077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:30:16.864923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:30:20.451234 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 08:30:20.451325 0.475677 tcp 10.0.2.109 60846 -> 5.178.194.36 4983 FSPA* 0 0 14 1584 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:30:48.871364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:34:04.443206 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 08:34:04.443296 0.041369 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:04.485063 0.000000 udp 10.0.2.109 3683 -> 86.134.204.82 1440 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 08:34:19.595817 0.073450 tcp 10.0.2.109 60847 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:34:19.669540 0.061940 tcp 10.0.2.109 60848 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:34:19.731841 0.156505 tcp 10.0.2.109 60849 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 08:34:19.888970 0.074758 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:19.964138 0.103220 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:20.067762 0.052096 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:20.120246 1.378407 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:21.499056 0.073039 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:21.572507 0.061041 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:21.633942 0.221270 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:21.855595 0.127592 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:21.983526 0.053447 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:22.037335 0.224662 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:22.262472 0.187177 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:22.450094 0.165558 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:22.616046 0.153937 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:22.770569 0.315434 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:23.086474 0.183024 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:23.269878 0.328382 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:23.598662 0.057073 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:23.656101 0.074972 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:23.731455 0.066815 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:23.798720 0.208654 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:24.007745 0.158641 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:24.166833 0.055379 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:24.222665 0.190435 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:24.413490 0.437613 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:24.851562 0.069471 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:24.921439 0.087738 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:25.009600 0.177105 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:25.187091 0.160293 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:25.347837 0.202076 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:25.550391 0.174281 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:25.725140 0.072147 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:25.797708 0.046151 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:25.844297 0.111966 udp 10.0.2.109 3683 <-> 87.8.137.112 8539 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:25.956685 0.290625 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:26.247725 0.061335 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:26.309465 0.319121 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:26.628963 0.165403 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:26.794725 0.025086 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:26.820166 0.229524 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:34:27.050040 0.055763 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/15 08:36:52.877495 3.001624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 08:36:59.884506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:37:07.886479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:37:23.889377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:37:55.894768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:43:59.901540 3.003891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 08:44:06.909030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:44:15.008045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:44:30.923385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:45:02.929395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:51:06.935517 3.001420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 08:51:13.942646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:51:21.944409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:51:37.947325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:52:09.953168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:58:13.958710 3.009723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 08:58:20.966722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:58:28.968249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:58:44.971437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 08:59:16.977514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:00:21.726229 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 09:00:21.726335 0.921872 tcp 10.0.2.109 60850 -> 5.178.194.36 4983 FSPA* 0 0 14 1643 flow=From-Botnet-V1-TCP-Established 1970/02/15 09:04:44.244758 0.000158 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 09:04:44.245034 0.046398 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:44.291839 0.135630 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:44.427944 0.113606 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:44.541958 0.049555 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:44.591930 0.053507 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:44.645819 0.153905 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:44.800112 0.274712 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:45.075269 0.065304 udp 10.0.2.109 3683 <-> 5.179.75.86 2459 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:45.140964 0.130688 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:45.272115 0.053980 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:45.326453 0.208691 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:45.535577 0.187895 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:45.723893 0.166536 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:45.890842 0.154230 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:46.045457 0.341162 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:46.386990 0.056334 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:46.443707 0.066678 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:46.510800 0.073229 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:46.584398 0.313045 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:46.897902 0.214273 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:47.112571 0.432096 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:47.545117 0.158460 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:47.703939 0.058330 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:47.762667 0.182495 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:47.945606 0.367775 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:48.313826 0.068650 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:48.382858 0.088762 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:48.472059 0.185758 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:48.658322 0.159451 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:48.818174 0.207747 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:49.026479 0.172918 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:49.199760 0.075352 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:49.275639 0.046437 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:49.322510 0.097318 udp 10.0.2.109 3683 <-> 87.8.137.112 8539 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:49.420209 0.369950 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:49.790528 0.403597 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:50.194505 0.024270 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:50.219135 0.290236 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:50.509837 0.059027 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:50.569269 0.227695 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:04:50.797340 0.054507 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:05:30.999058 3.002318 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 09:05:38.008319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:05:46.006593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:06:02.009621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:06:34.015502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:12:38.021255 3.001638 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 09:12:45.029106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:12:53.030348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:13:09.033618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:13:41.042654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:19:45.046066 3.000837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 09:19:52.053094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:20:00.054525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:20:16.057441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:20:48.063423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:26:52.071284 2.999926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 09:26:59.077209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:27:07.078371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:27:23.081348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:27:55.097561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:30:21.871735 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 09:30:21.871835 0.698777 tcp 10.0.2.109 60851 -> 5.178.194.36 4983 FSPA* 0 0 14 1531 flow=From-Botnet-V1-TCP-Established 1970/02/15 09:33:59.103095 3.002047 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 09:34:06.111029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:34:14.112689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:34:30.115550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:34:59.218186 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 09:34:59.218384 0.126560 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:34:59.345398 0.050260 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:34:59.396064 0.055521 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:34:59.451936 0.308814 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:34:59.761202 0.041565 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:34:59.803213 0.069503 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:34:59.873075 0.256881 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:00.130391 0.000000 udp 10.0.2.109 3683 -> 5.179.75.86 2459 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 09:35:02.121502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:35:19.107788 0.045721 tcp 10.0.2.109 60852 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 09:35:19.153804 0.064859 tcp 10.0.2.109 60853 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 09:35:19.218959 0.138603 tcp 10.0.2.109 60854 -> 195.113.214.249 443 SRPA* 0 0 36 26747 flow=From-Botnet-V1-TCP-Established 1970/02/15 09:35:19.358197 0.122290 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:19.480858 0.053680 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:19.534929 0.208093 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:19.743362 0.187446 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:19.931184 0.166443 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:20.098051 0.064967 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:20.163368 0.067343 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:20.231081 0.074785 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:20.306318 0.314591 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:20.621251 0.155952 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:20.777648 0.342519 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:21.120580 0.186313 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:21.307344 0.280692 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:21.588454 0.158227 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:21.747063 0.058851 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:21.806371 0.185467 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:21.992309 0.096927 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:22.089627 0.181886 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:22.271954 0.158528 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:22.430972 0.347950 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:22.779376 0.074932 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:22.854737 0.206797 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:23.061889 0.172370 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:23.234660 0.097134 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:23.332349 0.046815 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:23.379534 0.000000 udp 10.0.2.109 3683 -> 87.8.137.112 8539 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 09:35:42.310182 0.045406 tcp 10.0.2.109 60855 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 09:35:42.355972 0.064840 tcp 10.0.2.109 60856 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 09:35:42.421109 0.157954 tcp 10.0.2.109 60857 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/15 09:35:42.579596 0.390923 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:42.970866 0.307092 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:43.278528 0.164877 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:43.443748 0.219360 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:43.663480 0.056003 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:43.719922 0.164162 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:35:43.884507 0.027485 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/15 09:41:06.127117 3.002082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 09:41:13.134795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:41:21.136821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:41:37.139768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:42:09.145566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:48:13.151208 3.046918 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 09:48:20.174596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:48:28.170581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:48:44.174971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:49:16.179566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:55:49.186810 3.001995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 09:55:56.194661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:56:04.196102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:56:20.199163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 09:56:52.205154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:00:22.568642 0.000235 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 10:00:22.569000 0.434863 tcp 10.0.2.109 60858 -> 5.178.194.36 4983 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:02:56.211325 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 10:03:03.222552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:03:11.222630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:03:27.223106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:03:59.228939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:06:13.382559 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 10:06:13.382712 2.375761 udp 10.0.2.109 3683 -> 5.179.75.86 2459 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 10:06:15.758473 0.000000 icmp 5.179.75.86 0x0103 -> 10.0.2.109 0x05b3 URH 192 1 149 flow=Background 1970/02/15 10:06:30.638476 0.933749 tcp 10.0.2.109 60859 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:06:31.572519 0.074099 tcp 10.0.2.109 60860 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:06:31.646877 0.251216 tcp 10.0.2.109 60861 -> 195.113.214.249 443 SRPA* 0 0 21 13034 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:06:31.898747 0.000000 udp 10.0.2.109 3683 -> 87.8.137.112 8539 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 10:06:50.088238 0.060073 tcp 10.0.2.109 60862 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:06:50.148604 0.069734 tcp 10.0.2.109 60863 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:06:50.218640 0.162751 tcp 10.0.2.109 60864 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:06:50.382229 0.204260 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:50.586888 0.046591 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:50.633849 0.074299 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:50.708558 0.113784 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:50.822725 0.056398 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:50.879498 0.049820 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:50.929736 0.513424 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:51.443558 0.213596 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:51.657553 0.184924 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:51.842852 0.053232 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:51.896484 0.126926 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:52.023800 0.070112 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:52.094346 0.070012 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:52.164791 0.319921 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:52.485113 0.155935 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:52.641426 0.171854 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:52.813753 0.063502 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:06:52.877695 0.000000 udp 10.0.2.109 3683 -> 75.48.14.191 8955 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 10:07:09.849464 0.068062 tcp 10.0.2.109 60865 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:07:09.917802 0.072124 tcp 10.0.2.109 60866 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:07:09.990416 0.154666 tcp 10.0.2.109 60867 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:07:10.145619 0.159442 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:10.305439 0.055582 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:10.361412 0.183715 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:10.545541 0.336534 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:10.882483 0.178871 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:11.061761 0.155749 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:11.217999 0.353073 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:11.571506 0.068412 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:11.640322 0.179249 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:11.820002 0.117332 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:11.937705 0.073360 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:12.011464 0.059302 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:12.071158 0.207546 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:12.279159 0.172958 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:12.452471 0.000000 udp 10.0.2.109 3683 -> 125.113.190.214 7365 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 10:07:28.458846 0.066237 tcp 10.0.2.109 60868 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:07:28.525329 0.075636 tcp 10.0.2.109 60869 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:07:28.601286 0.163318 tcp 10.0.2.109 60870 -> 195.113.214.249 443 SRPA* 0 0 40 21148 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:07:28.765161 0.229530 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:28.995074 0.057282 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:29.052822 0.165790 rtcp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:29.219030 0.026508 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:29.246065 0.302272 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:07:29.571848 0.065254 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:10:03.235872 3.000730 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 10:10:10.242879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:10:18.244333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:10:34.247063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:11:06.256630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:17:10.259098 3.001679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 10:17:17.267124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:17:25.268215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:17:41.271172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:18:13.277018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:24:17.283706 3.001596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 10:24:24.290885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:24:32.292062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:24:48.295108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:25:20.300923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:30:23.006782 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 10:30:23.006948 0.602161 tcp 10.0.2.109 60871 -> 5.178.194.36 4983 FSPA* 0 0 14 1679 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:31:24.307236 3.001548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 10:31:31.314677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:31:39.315819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:31:55.318997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:32:27.324943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:37:56.648835 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 10:37:56.649056 0.211143 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:56.860558 0.382368 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:57.243264 0.169723 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:57.413363 0.119724 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:57.533478 0.054706 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:57.588614 0.048969 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:57.637937 0.449749 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:58.088048 0.078520 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:58.167048 0.051977 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:58.219440 0.126779 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:58.346623 0.069031 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:58.416128 0.216665 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:58.672020 0.314524 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:58.986885 0.071115 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:59.058584 0.053222 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:59.112230 0.186748 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:59.299434 0.166829 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:59.466702 0.161270 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:59.628359 0.060482 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:59.689225 0.158085 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:37:59.847723 0.178775 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:00.026886 0.155601 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:00.182826 0.188206 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:00.371439 0.055023 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:00.426910 0.323471 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:00.750843 0.070634 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:00.821947 0.178960 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:01.001338 0.093028 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:01.094822 0.074084 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:01.169364 0.059429 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:01.229226 0.267689 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:01.497309 0.343549 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:01.841300 0.171990 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:02.013695 0.220281 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:02.234394 0.057925 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:02.292709 0.308476 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:02.601591 0.064139 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:02.666166 0.168164 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/15 10:38:02.834706 0.000000 udp 10.0.2.109 3683 -> 178.216.41.54 5337 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 10:38:20.364386 0.060604 tcp 10.0.2.109 60872 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:38:20.425262 0.064193 tcp 10.0.2.109 60873 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:38:20.489747 0.157725 tcp 10.0.2.109 60874 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 10:38:31.330777 3.001979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 10:38:38.338390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:38:46.340473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:39:02.343363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:39:34.349515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:45:38.355569 3.001213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 10:45:45.363742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:45:53.364054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:46:09.366900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:46:41.374732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:54:32.383018 3.001484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 10:54:39.390293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:54:47.391895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:55:03.394746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 10:55:35.400697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:00:23.615482 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 11:00:23.615600 0.656637 tcp 10.0.2.109 60875 -> 5.178.194.36 4983 FSPA* 0 0 14 1693 flow=From-Botnet-V1-TCP-Established 1970/02/15 11:02:01.417972 3.002199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 11:02:08.425796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:02:16.428379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:02:32.431410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:03:04.436510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:08:22.473870 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 11:08:22.474028 0.023610 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:22.498023 0.213888 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:22.712349 0.157890 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:22.870620 0.106881 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:22.977917 0.111751 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:23.090063 0.049745 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:23.140232 0.379180 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:23.519815 0.040880 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:23.561114 0.130142 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:23.691665 0.074756 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:23.766858 0.382325 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:24.149618 0.208649 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:24.358614 0.074191 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:24.433157 0.053731 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:24.487279 0.188470 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:24.676091 0.232884 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:24.909327 0.154854 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:25.064599 0.105729 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:25.194616 0.115808 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:25.310847 0.322625 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:25.633900 0.156900 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:25.791171 0.186515 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:25.978120 0.107245 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:26.085778 0.334278 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:26.420436 0.121426 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:26.542340 0.176457 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:26.719156 0.158467 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:26.878072 0.087841 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:26.966370 0.081705 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:27.048419 0.040847 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:27.089699 0.186994 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:27.277191 0.348421 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:27.626040 0.235104 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:27.861531 0.302774 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:28.164694 0.053620 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:28.218716 0.212152 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:28.431253 0.219553 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:28.651212 0.171874 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:08:28.823466 0.109098 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:09:14.450960 3.001829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 11:09:21.458573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:09:29.459927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:09:45.463151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:10:17.468921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:16:21.475331 3.001305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 11:16:28.486901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:16:36.488575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:16:52.486871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:17:24.493164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:23:28.500070 3.000738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 11:23:35.506542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:23:43.507927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:23:59.511157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:24:31.517176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:30:24.274606 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 11:30:24.274713 0.545854 tcp 10.0.2.109 60876 -> 5.178.194.36 4983 FSPA* 0 0 14 1516 flow=From-Botnet-V1-TCP-Established 1970/02/15 11:30:35.522237 3.002521 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 11:30:42.530083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:30:50.531967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:31:06.535108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:31:38.540770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:37:42.546937 3.068865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 11:37:49.595335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:37:57.565309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:38:13.568897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:38:44.263277 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 11:38:44.263484 0.206398 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:38:44.470334 0.123890 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:38:44.594597 0.000000 udp 10.0.2.109 3683 -> 178.216.41.54 5337 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 11:38:45.574486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:39:01.059846 0.086555 tcp 10.0.2.109 60877 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 11:39:01.146611 0.069000 tcp 10.0.2.109 60878 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 11:39:01.215868 0.183066 tcp 10.0.2.109 60879 -> 195.113.214.249 443 SRPA* 0 0 59 53881 flow=From-Botnet-V1-TCP-Established 1970/02/15 11:39:01.399653 0.210720 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:01.610742 0.062203 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:01.673383 0.050120 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:01.723878 0.279986 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:02.004245 0.046688 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:02.051364 0.127353 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:02.179198 0.074459 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:02.254099 0.074996 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:02.329549 0.054896 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:02.384885 0.189972 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:02.575296 0.170034 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:02.745717 0.222746 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:02.995111 0.276494 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:03.271996 0.159138 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:03.431595 0.060612 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:03.492680 0.065539 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:03.558616 0.313932 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:03.872919 0.157732 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:04.031078 0.183442 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:04.214919 0.070077 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:04.285346 0.175839 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:04.461574 0.157600 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:04.619566 0.084462 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:04.704394 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 11:39:21.657138 0.124558 tcp 10.0.2.109 60880 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 11:39:21.781968 0.075866 tcp 10.0.2.109 60881 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 11:39:21.858297 0.162598 tcp 10.0.2.109 60882 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 11:39:22.021476 0.334543 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:22.356442 0.075136 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:22.431984 0.045885 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:22.478286 0.188182 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:22.666920 0.344728 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:23.079314 0.204745 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:23.284456 0.161319 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:23.446194 0.218104 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:23.664691 0.172916 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:23.837972 0.055404 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:23.893786 0.307257 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:39:24.201630 0.057660 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/15 11:44:49.581230 3.000918 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 11:44:56.588610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:45:04.589706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:45:20.592595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:45:52.598951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:54:03.607271 3.001662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 11:54:10.614735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:54:18.616497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:54:34.619279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 11:55:06.624924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:00:24.823380 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 12:00:24.823482 0.407636 tcp 10.0.2.109 60883 -> 5.178.194.36 4983 FSPA* 0 0 14 1535 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:01:16.661868 2.999793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 12:01:23.670509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:01:31.668870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:01:47.673174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:02:19.677782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:08:32.686520 3.001906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 12:08:39.694046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:08:47.695776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:09:03.698854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:09:35.704673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:09:38.375580 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 12:09:38.375690 0.026860 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:38.402929 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 12:09:56.076521 0.062859 tcp 10.0.2.109 60884 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:09:56.139719 0.066232 tcp 10.0.2.109 60885 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:09:56.206295 0.170872 tcp 10.0.2.109 60886 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:09:56.377690 0.147653 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:56.525796 0.109711 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:56.635970 0.316312 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:56.952702 0.059100 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:57.012226 0.050932 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:57.063548 0.126253 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:57.190367 0.068947 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:57.259698 0.047639 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:57.307775 0.278027 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:57.586162 0.053007 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:57.639572 1.374299 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:59.014368 0.164145 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:59.179197 0.079978 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:59.259626 0.159550 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:59.419522 0.057839 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:59.477777 0.066397 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:59.544582 0.316220 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:09:59.861247 0.221780 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:00.083436 0.384246 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:00.468047 0.181300 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:00.649714 0.161137 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:00.811253 0.088477 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:00.900180 0.175986 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:01.076603 0.184037 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:01.260988 0.071376 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:01.332745 0.334877 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:01.667965 0.070404 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:01.738734 0.041208 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:01.780324 0.183704 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:01.964360 0.164588 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:02.129321 0.219655 udp 10.0.2.109 3683 <-> 108.210.26.43 6979 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:02.349448 0.173217 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:02.523121 0.056479 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:02.579953 0.345462 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:02.925812 0.379190 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:03.381378 0.307304 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:10:03.689082 0.060802 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:15:39.710000 3.002680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 12:15:46.718452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:15:54.725035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:16:10.724053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:16:42.728902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:22:46.735528 3.000841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 12:22:53.771936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:23:01.753913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:23:17.756142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:23:49.762689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:29:53.768484 3.023145 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 12:30:00.785659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:30:08.788407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:30:24.790817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:30:25.231938 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 12:30:25.232029 0.483358 tcp 10.0.2.109 60887 -> 5.178.194.36 4983 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:30:56.796607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:37:00.803071 3.000776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 12:37:07.810227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:37:15.811542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:37:31.814400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:38:03.820799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:40:11.434547 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 12:40:11.434745 0.024337 udp 10.0.2.109 3683 <-> 178.216.41.54 5337 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:11.459459 0.209303 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:11.669176 0.246633 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:11.916169 0.123175 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:12.039707 0.056092 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:12.096205 0.050768 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:12.147380 0.128232 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:12.275987 0.072619 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:12.349034 0.042359 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:12.391827 0.325406 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:12.717654 0.058147 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:12.776218 0.078950 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:12.855551 0.157264 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:13.013266 0.056881 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:13.070565 0.079835 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:13.150811 0.316982 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:13.468274 0.185852 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:13.654556 0.168948 rtcp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:13.823893 0.210657 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:14.034977 0.264432 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:14.299830 0.183501 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:14.483703 0.158378 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:14.642463 0.087026 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:14.729882 0.057118 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:14.787459 0.322630 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:15.110469 0.073646 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:15.184559 0.041777 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:15.226681 0.179713 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:15.406846 0.158777 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:15.566075 0.184292 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:15.750818 0.313725 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:16.064945 0.000000 udp 10.0.2.109 3683 -> 108.210.26.43 6979 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 12:40:31.596455 0.060652 tcp 10.0.2.109 60888 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:40:31.657409 0.063456 tcp 10.0.2.109 60889 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:40:31.721230 0.158529 tcp 10.0.2.109 60890 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:40:31.880611 0.000000 udp 10.0.2.109 3683 -> 99.184.168.69 8341 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 12:40:47.867010 0.060163 tcp 10.0.2.109 60891 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:40:47.927522 0.065844 tcp 10.0.2.109 60892 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:40:47.993696 0.164854 tcp 10.0.2.109 60893 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 12:40:48.159234 0.057896 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:48.217562 0.348987 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:48.566904 0.067258 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 577 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:48.634503 0.207639 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:40:48.842541 0.299749 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/15 12:44:07.827342 3.106058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 12:44:14.905647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:44:22.845210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:44:38.848750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:45:10.857881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:53:35.864630 3.000315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 12:53:42.871052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:53:50.881811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:54:06.885009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 12:54:38.897693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:00:25.720853 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 13:00:25.720988 0.407817 tcp 10.0.2.109 60894 -> 5.178.194.36 4983 FSPA* 0 0 14 1624 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:00:42.898690 3.000394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 13:00:49.904955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:00:57.906598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:01:13.909540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:01:45.915209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:07:49.922375 3.200338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 13:07:57.087216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:08:05.012987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:08:20.943285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:08:52.949421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:11:07.835620 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 13:11:07.835822 0.000000 udp 10.0.2.109 3683 -> 108.210.26.43 6979 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 13:11:24.359241 0.064574 tcp 10.0.2.109 60895 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:11:24.424158 0.062155 tcp 10.0.2.109 60896 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:11:24.486684 0.161517 tcp 10.0.2.109 60897 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:11:24.648694 0.000000 udp 10.0.2.109 3683 -> 99.184.168.69 8341 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 13:11:39.800138 0.090631 tcp 10.0.2.109 60898 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:11:39.891080 0.061333 tcp 10.0.2.109 60899 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:11:39.952745 0.160512 tcp 10.0.2.109 60900 -> 195.113.214.249 443 SRPA* 0 0 22 13088 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:11:40.113863 0.545485 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:40.659796 0.000000 udp 10.0.2.109 3683 -> 178.216.41.54 5337 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 13:11:57.208349 0.064315 tcp 10.0.2.109 60901 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:11:57.272918 0.064995 tcp 10.0.2.109 60902 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:11:57.338189 0.171140 tcp 10.0.2.109 60903 -> 195.113.214.249 443 SRPA* 0 0 41 22078 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:11:57.509871 0.152610 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:57.662895 0.049795 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:57.713171 0.124759 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:57.838328 0.068669 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:57.907395 0.041599 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:57.949398 0.276050 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:58.225836 0.056210 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:58.282508 0.070246 udp 10.0.2.109 3683 <-> 94.66.220.66 6063 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:58.353133 0.109423 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:58.462919 0.058355 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:58.521645 0.315553 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:58.837655 0.186910 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:59.024957 0.166275 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:59.191725 0.161131 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:59.353283 0.055617 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:59.409286 0.055682 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:59.465338 0.170237 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:59.635993 0.054207 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:59.690583 0.218029 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:11:59.908964 0.174248 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:00.083548 0.260747 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:00.344660 0.159611 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:00.504747 0.046232 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:00.551415 0.184405 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:00.736241 0.163583 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:00.900166 0.183235 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:01.083772 0.349875 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:01.434322 0.076136 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:01.510990 0.167683 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:01.679070 0.055374 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:01.734830 0.233802 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:01.969111 0.055249 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:02.024765 0.349679 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:12:02.374847 0.322311 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:14:56.955770 3.001433 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 13:15:03.965834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:15:11.964392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:15:27.967477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:15:59.977091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:22:03.979419 3.001618 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 13:22:10.987841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:22:18.988489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:22:34.991509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:23:06.997484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:29:11.003069 3.004210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 13:29:18.014484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:29:26.012289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:29:42.015299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:30:14.021283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:30:26.129257 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 13:30:26.129357 0.629452 tcp 10.0.2.109 60904 -> 5.178.194.36 4983 FSPA* 0 0 14 1709 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:36:18.029344 2.999573 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 13:36:25.034662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:36:33.035592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:36:49.039139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:37:21.045313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:42:18.914204 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 13:42:18.914423 0.000000 udp 10.0.2.109 3683 -> 178.216.41.54 5337 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 13:42:37.927362 0.064723 tcp 10.0.2.109 60905 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:42:37.992351 0.068307 tcp 10.0.2.109 60906 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:42:38.061011 0.161187 tcp 10.0.2.109 60907 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:42:38.222845 0.251872 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:38.475161 0.137812 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:38.613437 0.049793 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:38.663681 0.125854 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:38.789989 0.073236 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:38.863625 0.047292 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:38.911367 0.000000 udp 10.0.2.109 3683 -> 94.66.220.66 6063 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 13:42:57.689722 0.061915 tcp 10.0.2.109 60908 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:42:57.751943 0.068839 tcp 10.0.2.109 60909 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:42:57.821060 0.169863 tcp 10.0.2.109 60910 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:42:57.991559 0.102119 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:58.094186 0.062971 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:58.157608 0.314321 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 200 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:58.472368 0.276129 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:58.748966 0.050741 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:58.800132 0.186457 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:58.986991 0.169281 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:59.156672 0.158287 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:59.315345 0.055623 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:59.371359 0.098668 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:59.470440 0.089049 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:59.559867 0.077395 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:59.637652 0.219882 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:42:59.857964 0.158864 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:00.017238 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 13:43:15.775637 0.068704 tcp 10.0.2.109 60911 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:43:15.844646 0.065653 tcp 10.0.2.109 60912 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:43:15.910566 0.166663 tcp 10.0.2.109 60913 -> 195.113.214.249 443 SRPA* 0 0 24 13352 flow=From-Botnet-V1-TCP-Established 1970/02/15 13:43:16.077773 0.181917 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:16.260088 0.157615 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:16.418149 0.181463 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:16.600017 0.286802 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:16.887207 0.182720 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:17.070461 0.329408 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:17.400305 0.074223 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:17.474968 0.164063 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:17.639403 0.061040 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:17.700788 0.310134 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:18.011304 0.316647 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:18.328426 0.058379 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:18.387173 0.345313 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/15 13:43:25.051387 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 13:43:32.058879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:43:40.060131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:43:56.063232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:44:28.069426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:50:32.075431 3.001761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 13:50:39.082726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:50:47.084348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:51:03.087436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:51:35.103354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:57:39.109380 3.001578 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 13:57:46.116773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:57:54.118092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:58:10.121056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 13:58:42.127217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:00:26.757997 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 14:00:26.758214 0.412534 tcp 10.0.2.109 60914 -> 5.178.194.36 4983 FSPA* 0 0 14 1569 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:04:51.140584 3.005941 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 14:04:58.147530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:05:06.149375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:05:22.152362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:05:54.158500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:11:58.164796 3.001271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 14:12:05.176858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:12:13.173181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:12:29.176155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:13:01.192493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:13:46.457918 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 14:13:46.458026 0.000000 udp 10.0.2.109 3683 -> 94.66.220.66 6063 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 14:14:04.055426 0.069257 tcp 10.0.2.109 60915 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:14:04.125037 0.062141 tcp 10.0.2.109 60916 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:14:04.187502 0.152587 tcp 10.0.2.109 60917 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:14:04.340644 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 14:14:20.427119 0.064481 tcp 10.0.2.109 60918 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:14:20.491838 0.060614 tcp 10.0.2.109 60919 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:14:20.552728 0.169612 tcp 10.0.2.109 60920 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:14:20.722859 0.125965 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:20.849227 0.075037 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:20.924616 0.047896 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:20.972868 0.049959 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:21.023231 0.145614 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:21.169227 0.213039 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:21.382638 0.314622 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:21.697627 0.126122 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:21.824167 0.049072 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:21.873611 0.191468 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:22.065451 0.353213 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:22.419044 0.059865 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:22.479404 0.056364 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:22.536150 0.056460 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:22.592968 0.096000 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:22.689345 0.056129 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:22.745872 0.219891 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:22.966229 0.156424 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:23.123031 0.194028 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:23.317433 0.156508 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:23.474329 0.179039 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:23.653835 0.052429 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:23.706737 0.187492 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:23.894640 0.160351 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:24.055397 0.186041 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:24.241819 0.356367 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:24.598656 0.069482 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:24.668596 0.164804 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:24.833781 0.058240 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:24.892423 0.054472 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:24.947329 0.348489 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:25.296184 0.296710 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:14:25.593368 0.320071 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:19:05.198233 3.001950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 14:19:12.205616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:19:20.207025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:19:36.210668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:20:08.216663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:26:12.227667 2.997104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 14:26:19.229627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:26:27.231228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:26:43.234310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:27:15.240431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:30:27.176711 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 14:30:27.176821 0.438319 tcp 10.0.2.109 60921 -> 5.178.194.36 4983 FSPA* 0 0 14 1728 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:33:19.247499 3.000341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 14:33:26.253776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:33:34.255251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:33:50.258106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:34:22.264418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:40:26.270394 3.006106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 14:40:33.277692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:40:41.278937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:40:57.284775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:41:29.288520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:44:49.558915 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 14:44:49.559064 0.041655 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:49.601137 0.121625 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:49.723222 0.065956 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:49.789642 0.048533 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:49.838634 0.214601 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:50.053686 0.206789 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:50.260942 0.315999 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:50.577391 0.102487 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:50.680255 0.054346 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:50.735039 0.188136 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:50.923629 0.277514 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:51.201587 0.060119 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:51.262069 0.054724 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:44:51.317220 0.000000 udp 10.0.2.109 3683 -> 176.73.111.215 5255 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 14:45:06.843193 0.064258 tcp 10.0.2.109 60922 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:45:06.907775 0.065337 tcp 10.0.2.109 60923 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:45:06.973429 0.131507 tcp 10.0.2.109 60924 -> 195.113.214.249 443 SRPA* 0 0 36 26969 flow=From-Botnet-V1-TCP-Established 1970/02/15 14:45:07.105581 0.106480 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:07.212449 0.058383 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:07.271192 0.240502 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:07.512165 0.157467 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:07.670039 0.179824 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:07.850241 1.454995 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:09.305681 0.178747 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:09.484829 0.156440 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:09.641660 0.168726 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:09.810827 0.159729 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:09.970990 0.186174 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:10.157609 0.321708 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:10.479785 0.072638 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:10.552829 0.164530 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:10.717799 0.060636 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:10.778868 0.055603 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:10.834868 0.306831 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:11.142311 0.348918 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:45:11.491660 0.207198 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/15 14:47:33.299309 3.004538 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 14:47:40.301765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:47:48.303270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:48:04.306375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:48:36.312193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:55:28.327755 3.001256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 14:55:35.334706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:55:43.336098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:55:59.339360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 14:56:31.345628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:00:27.620111 0.001388 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 15:00:27.621961 0.441049 tcp 10.0.2.109 60925 -> 5.178.194.36 4983 FSPA* 0 0 14 1708 flow=From-Botnet-V1-TCP-Established 1970/02/15 15:02:49.352344 3.000527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 15:02:56.358566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:03:04.360391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:03:20.363444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:03:52.369214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:09:56.375712 3.079749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 15:10:03.432024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:10:11.394247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:10:27.397284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:10:59.404727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:15:33.647896 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 15:15:33.647996 0.000000 udp 10.0.2.109 3683 -> 176.73.111.215 5255 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 15:15:51.404851 0.061610 tcp 10.0.2.109 60926 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 15:15:51.466833 0.067490 tcp 10.0.2.109 60927 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 15:15:51.534617 0.160929 tcp 10.0.2.109 60928 -> 195.113.214.249 443 SRPA* 0 0 27 13714 flow=From-Botnet-V1-TCP-Established 1970/02/15 15:15:51.696214 0.074368 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:51.770994 0.049170 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:51.820522 0.047028 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:51.867936 0.127190 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:51.995528 0.207048 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:52.202997 0.315984 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:52.519415 0.225918 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:52.745664 0.059672 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:52.855155 0.184679 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:53.040240 0.104165 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:53.144814 0.058857 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:53.204026 0.318380 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:53.522777 0.055519 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:53.578670 0.086156 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:53.665228 0.056860 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:53.722519 0.208475 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:53.931384 0.157616 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:54.089410 0.178875 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:54.268722 0.156972 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:54.426208 0.235725 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:54.662346 0.158191 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:54.820942 1.182712 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:56.004026 0.184011 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:56.188466 0.183379 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:56.372260 0.324766 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:56.697459 0.072640 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:56.770482 0.166011 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:56.936948 0.061596 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:56.998969 0.057072 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:57.056498 0.209147 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:57.266057 0.306425 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:15:57.572876 0.356890 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:17:03.410107 3.000772 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 15:17:10.416851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:17:18.417997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:17:34.421365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:18:06.427150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:24:10.434434 3.000463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 15:24:17.440560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:24:25.442160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:24:41.445014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:25:13.451100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:30:28.053804 0.102154 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 15:30:28.156043 0.403094 tcp 10.0.2.109 60929 -> 5.178.194.36 4983 FSPA* 0 0 14 1625 flow=From-Botnet-V1-TCP-Established 1970/02/15 15:31:17.458915 2.999764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 15:31:24.464645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:31:32.465855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:31:48.469277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:32:20.475255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:38:24.481474 3.007277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 15:38:31.488636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:38:39.489956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:38:55.492988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:39:27.499268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:45:31.505553 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 15:45:38.512682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:45:46.523877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:46:02.527194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:46:14.090296 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 15:46:14.090393 0.041721 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:14.132494 0.125780 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:14.258821 0.068090 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:14.327353 0.050128 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:14.377881 0.135288 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:14.513585 0.048077 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:14.562234 0.206164 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:14.768880 0.315709 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:15.084996 0.186899 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:15.272359 0.104211 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:15.376945 0.062085 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:15.439411 0.329958 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:15.769755 0.055485 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:15.825708 0.000000 udp 10.0.2.109 3683 -> 194.54.45.144 3636 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 15:46:33.718468 0.065971 tcp 10.0.2.109 60930 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 15:46:33.784772 0.067760 tcp 10.0.2.109 60931 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 15:46:33.852820 0.154548 tcp 10.0.2.109 60932 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 15:46:34.008112 0.055176 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:34.063709 0.208625 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:34.272733 0.158192 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:34.431361 0.179663 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:34.611440 0.156679 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:34.768561 0.170693 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:34.939617 0.163570 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:35.103588 1.859733 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:35.258326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:46:36.963736 0.187702 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:37.151877 0.187196 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:37.339456 0.332797 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:37.672616 0.072331 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:37.745359 0.163894 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:37.909624 0.058514 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:37.968521 0.304099 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:38.273111 0.359424 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:38.632941 0.057804 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:46:38.691232 0.221822 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/15 15:54:27.555191 3.048825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 15:54:34.590241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:54:42.584458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:54:58.587754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 15:55:30.593980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:00:28.472653 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:00:28.472768 3.003579 tcp 10.0.2.109 60933 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:00:37.475003 0.000000 tcp 10.0.2.109 60933 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:00:43.475707 0.180445 tcp 10.0.2.109 60934 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:00:43.656443 0.060659 tcp 10.0.2.109 60935 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:00:43.717443 0.153052 tcp 10.0.2.109 60936 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:00:44.453432 2.995761 tcp 10.0.2.109 60937 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:00:53.447952 0.000000 tcp 10.0.2.109 60937 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:00:59.447190 0.066450 tcp 10.0.2.109 60938 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:00:59.513985 0.064771 tcp 10.0.2.109 60939 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:00:59.579129 0.153703 tcp 10.0.2.109 60940 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:01:00.156393 2.997822 tcp 10.0.2.109 60941 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:01:09.150791 0.000000 tcp 10.0.2.109 60941 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:01:15.149759 0.063337 tcp 10.0.2.109 60942 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:01:15.213383 0.062071 tcp 10.0.2.109 60943 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:01:15.275809 0.163631 tcp 10.0.2.109 60944 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:01:16.054400 3.000413 tcp 10.0.2.109 60945 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:01:25.053400 0.000000 tcp 10.0.2.109 60945 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:01:31.052391 0.067763 tcp 10.0.2.109 60946 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:01:31.120434 0.067525 tcp 10.0.2.109 60947 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:01:31.188222 0.158253 tcp 10.0.2.109 60948 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:01:31.758957 3.011335 tcp 10.0.2.109 60949 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:01:40.775858 0.000000 tcp 10.0.2.109 60949 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:01:46.755024 2.993865 tcp 10.0.2.109 60950 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:01:55.757485 0.000000 tcp 10.0.2.109 60950 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:01:56.611837 3.001245 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 16:02:01.756012 2.996691 tcp 10.0.2.109 60951 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:02:03.623338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:02:10.749096 0.000000 tcp 10.0.2.109 60951 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:02:11.620474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:02:15.672486 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:02:17.044174 2.981058 tcp 10.0.2.109 60952 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:02:25.970463 0.000000 tcp 10.0.2.109 60952 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:02:27.824178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:02:59.639461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:07:31.761285 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:07:31.761374 3.003223 tcp 10.0.2.109 60953 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:07:40.763554 0.000000 tcp 10.0.2.109 60953 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:07:46.764523 0.062000 tcp 10.0.2.109 60954 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:07:46.826793 0.061339 tcp 10.0.2.109 60955 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:07:46.888438 0.153522 tcp 10.0.2.109 60956 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:07:47.055181 3.001724 tcp 10.0.2.109 60957 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:07:56.055790 0.000000 tcp 10.0.2.109 60957 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:08:02.054366 0.061469 tcp 10.0.2.109 60958 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:08:02.116130 0.062072 tcp 10.0.2.109 60959 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:08:02.177856 0.151936 tcp 10.0.2.109 60960 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:08:02.344000 2.994958 tcp 10.0.2.109 60961 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:08:11.347386 0.000000 tcp 10.0.2.109 60961 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:08:17.336956 0.061589 tcp 10.0.2.109 60962 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:08:17.398842 0.064500 tcp 10.0.2.109 60963 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:08:17.463223 0.149187 tcp 10.0.2.109 60964 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:08:17.651224 2.999891 tcp 10.0.2.109 60965 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:08:26.649747 0.000000 tcp 10.0.2.109 60965 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:08:32.648692 0.066816 tcp 10.0.2.109 60966 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:08:32.715832 0.065422 tcp 10.0.2.109 60967 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:08:32.781571 0.152361 tcp 10.0.2.109 60968 -> 195.113.214.249 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:08:32.948357 3.004392 tcp 10.0.2.109 60969 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:08:41.951641 0.000000 tcp 10.0.2.109 60969 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:08:47.939823 3.004809 tcp 10.0.2.109 60970 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:08:56.943131 0.000000 tcp 10.0.2.109 60970 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:09:02.942145 3.003588 tcp 10.0.2.109 60971 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:09:10.646043 3.001156 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 16:09:11.944911 0.000000 tcp 10.0.2.109 60971 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:09:16.871980 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:09:17.652265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:09:17.943772 3.003977 tcp 10.0.2.109 60972 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:09:25.654825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:09:26.955728 0.000000 tcp 10.0.2.109 60972 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:09:41.657523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:10:13.663460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:14:32.946986 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:14:32.947163 3.003317 tcp 10.0.2.109 60973 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:14:41.949105 0.000000 tcp 10.0.2.109 60973 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:14:47.949927 0.062655 tcp 10.0.2.109 60974 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:14:48.012864 0.060252 tcp 10.0.2.109 60975 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:14:48.073368 0.156300 tcp 10.0.2.109 60976 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:14:48.813595 3.000017 tcp 10.0.2.109 60977 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:14:57.812243 0.000000 tcp 10.0.2.109 60977 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:15:03.811664 0.060966 tcp 10.0.2.109 60978 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:15:03.872971 0.065162 tcp 10.0.2.109 60979 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:15:03.938426 0.154759 tcp 10.0.2.109 60980 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:15:04.206842 2.998770 tcp 10.0.2.109 60981 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:15:13.204577 0.000000 tcp 10.0.2.109 60981 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:15:19.203500 0.063061 tcp 10.0.2.109 60982 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:15:19.266939 0.062812 tcp 10.0.2.109 60983 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:15:19.330013 0.153302 tcp 10.0.2.109 60984 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:15:19.692787 2.995025 tcp 10.0.2.109 60985 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:15:28.696431 0.000000 tcp 10.0.2.109 60985 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:15:34.684893 0.066684 tcp 10.0.2.109 60986 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:15:34.751853 0.066853 tcp 10.0.2.109 60987 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:15:34.818609 0.152529 tcp 10.0.2.109 60988 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:15:35.266302 2.994081 tcp 10.0.2.109 60989 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:15:44.258660 0.000000 tcp 10.0.2.109 60989 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:15:50.267476 3.004282 tcp 10.0.2.109 60990 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:15:59.270406 0.000000 tcp 10.0.2.109 60990 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:16:05.269161 3.004271 tcp 10.0.2.109 60991 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:16:14.272516 0.000000 tcp 10.0.2.109 60991 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:16:17.669211 3.001927 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 16:16:18.878478 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:16:20.270928 3.003680 tcp 10.0.2.109 60992 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:16:24.677185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:16:29.273484 0.000000 tcp 10.0.2.109 60992 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:16:32.678038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:16:48.511548 0.000000 udp 10.0.2.109 3683 -> 194.54.45.144 3636 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 16:16:48.680739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:17:07.008431 0.061428 tcp 10.0.2.109 60993 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:17:07.070199 0.059999 tcp 10.0.2.109 60994 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:17:07.130504 0.160846 tcp 10.0.2.109 60995 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:17:07.291835 0.136052 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:07.418070 0.116976 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:07.567056 0.052065 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:07.665016 0.271557 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:07.904992 0.069426 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:07.957086 0.246329 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:08.167317 0.045315 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:08.435463 0.075621 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2026 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:08.495320 0.318443 udp 10.0.2.109 3683 <-> 125.113.190.214 7365 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:08.772962 0.059654 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:08.937522 0.315289 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:09.508629 0.192487 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:09.697881 0.149028 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:09.808643 0.058534 udp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:09.876175 0.229217 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:10.095661 0.183434 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:10.255466 0.223596 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:10.470961 0.178676 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:10.639250 0.179318 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:10.795249 0.193650 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:11.523232 0.188076 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:11.708188 0.328937 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:12.065678 1.417135 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:13.445850 0.188405 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:13.626364 0.112343 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:13.704357 0.232215 rtp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:14.006163 0.095238 rtp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:14.077492 0.298058 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:14.479936 0.361202 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:17:14.891169 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 16:17:20.687346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:17:33.646506 0.066333 tcp 10.0.2.109 60996 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:17:33.713151 0.060817 tcp 10.0.2.109 60997 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:17:33.774466 0.153357 tcp 10.0.2.109 60998 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:17:33.928419 0.212252 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:21:35.274264 0.177820 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:21:35.452278 2.954915 tcp 10.0.2.109 60999 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:21:44.372314 0.000000 tcp 10.0.2.109 60999 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:21:50.332990 0.061009 tcp 10.0.2.109 61000 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:21:50.394391 0.067397 tcp 10.0.2.109 61001 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:21:50.461710 0.158638 tcp 10.0.2.109 61002 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:21:51.148757 2.975174 tcp 10.0.2.109 61003 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:22:00.109042 0.000000 tcp 10.0.2.109 61003 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:22:06.108205 0.060121 tcp 10.0.2.109 61004 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:22:06.168607 0.064593 tcp 10.0.2.109 61005 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:22:06.233489 0.164847 tcp 10.0.2.109 61006 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:22:06.550214 3.002180 tcp 10.0.2.109 61007 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:22:15.551171 0.000000 tcp 10.0.2.109 61007 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:22:21.550481 0.062499 tcp 10.0.2.109 61008 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:22:21.613299 0.065345 tcp 10.0.2.109 61009 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:22:21.678942 0.160594 tcp 10.0.2.109 61010 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:22:21.886116 2.998160 tcp 10.0.2.109 61011 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:22:30.882716 0.000000 tcp 10.0.2.109 61011 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:22:36.882198 3.004391 tcp 10.0.2.109 61012 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:22:45.884793 0.000000 tcp 10.0.2.109 61012 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:22:51.883664 2.994116 tcp 10.0.2.109 61013 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:23:00.891522 0.000000 tcp 10.0.2.109 61013 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:23:05.874731 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:23:24.693588 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 16:23:31.700770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:23:39.702523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:23:55.705150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:24:27.711242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:28:06.886902 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:28:06.887058 2.999454 tcp 10.0.2.109 61014 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:28:15.879261 0.000000 tcp 10.0.2.109 61014 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:28:21.889963 0.064266 tcp 10.0.2.109 61015 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:28:21.954473 0.061086 tcp 10.0.2.109 61016 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:28:22.015818 0.162231 tcp 10.0.2.109 61017 -> 195.113.214.249 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:28:22.747338 3.006274 tcp 10.0.2.109 61018 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:28:31.754812 0.000000 tcp 10.0.2.109 61018 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:28:37.741663 0.590702 tcp 10.0.2.109 61019 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:28:38.332636 0.061165 tcp 10.0.2.109 61020 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:28:38.394237 0.156492 tcp 10.0.2.109 61021 -> 195.113.214.249 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:28:38.640179 2.965748 tcp 10.0.2.109 61022 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:28:47.533173 0.000000 tcp 10.0.2.109 61022 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:28:53.459656 2.962381 tcp 10.0.2.109 61023 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:29:02.348646 0.000000 tcp 10.0.2.109 61023 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:30:31.717215 3.001791 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 16:30:38.724203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:30:46.726338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:31:02.736685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:31:35.174312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:34:08.126332 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:34:08.126528 2.993668 tcp 10.0.2.109 61024 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:34:17.118962 0.000000 tcp 10.0.2.109 61024 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:34:23.129473 0.070876 tcp 10.0.2.109 61025 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:34:23.200584 0.068648 tcp 10.0.2.109 61026 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:34:23.269578 0.154229 tcp 10.0.2.109 61027 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:34:23.619015 3.003401 tcp 10.0.2.109 61028 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:34:32.621112 0.000000 tcp 10.0.2.109 61028 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:34:38.620599 0.063611 tcp 10.0.2.109 61029 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:34:38.684047 0.069687 tcp 10.0.2.109 61030 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:34:38.753996 0.154362 tcp 10.0.2.109 61031 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:34:39.370044 3.005061 tcp 10.0.2.109 61032 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:34:48.373785 0.000000 tcp 10.0.2.109 61032 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:34:54.362885 3.003937 tcp 10.0.2.109 61033 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:35:03.365202 0.000000 tcp 10.0.2.109 61033 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:37:38.753798 2.999259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 16:37:45.759318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:37:53.760653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:38:09.763453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:38:41.770602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:40:09.371457 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:40:09.371604 2.987899 tcp 10.0.2.109 61034 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:40:18.358709 0.000000 tcp 10.0.2.109 61034 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:40:24.370012 0.065297 tcp 10.0.2.109 61035 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:40:24.435583 0.062299 tcp 10.0.2.109 61036 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:40:24.498344 0.149945 tcp 10.0.2.109 61037 -> 195.113.214.249 443 SRPA* 0 0 42 22094 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:40:24.855772 2.996173 tcp 10.0.2.109 61038 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:40:33.850696 0.000000 tcp 10.0.2.109 61038 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:40:39.849710 0.064108 tcp 10.0.2.109 61039 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:40:39.914084 0.063601 tcp 10.0.2.109 61040 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:40:39.977947 0.169125 tcp 10.0.2.109 61041 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:40:40.540887 3.003329 tcp 10.0.2.109 61042 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:40:49.543075 0.000000 tcp 10.0.2.109 61042 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:40:55.541668 3.004090 tcp 10.0.2.109 61043 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:41:04.546356 0.000000 tcp 10.0.2.109 61043 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:44:45.774834 3.002087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 16:44:52.782537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:45:00.784092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:45:16.786975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:45:48.795799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:47:44.420878 0.000140 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:47:44.421177 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 16:48:00.224194 0.064224 tcp 10.0.2.109 61044 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:48:00.288711 0.068492 tcp 10.0.2.109 61045 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:48:00.357517 0.153144 tcp 10.0.2.109 61046 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:48:00.511216 0.053464 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:00.645554 0.156654 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:00.793624 0.066584 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:00.875618 0.136722 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:01.004804 0.110740 rtp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:01.083307 0.076820 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:01.320909 0.000000 udp 10.0.2.109 3683 -> 125.113.190.214 7365 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 16:48:10.557380 3.004075 tcp 10.0.2.109 61047 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:48:18.499285 0.772483 tcp 10.0.2.109 61048 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:48:19.272034 0.065695 tcp 10.0.2.109 61049 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:48:19.338105 0.161829 tcp 10.0.2.109 61050 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:48:19.500462 0.056923 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:19.737022 0.250125 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:20.164620 0.050622 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:20.212853 0.142029 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:20.251924 0.000000 tcp 10.0.2.109 61047 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:48:20.372091 0.055360 rtp 10.0.2.109 3683 <-> 95.104.0.6 5934 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:20.546686 0.316408 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:20.861676 0.195563 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:21.052507 0.228294 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:21.230703 0.169962 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:21.402918 0.180006 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:21.559521 0.182940 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:21.717372 0.223524 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:21.957125 0.191581 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:22.234933 0.171836 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:22.403339 0.337959 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:22.870695 0.110373 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:23.000931 0.206210 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:23.168349 0.187755 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:23.370356 0.775938 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:24.107768 0.103224 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:24.432510 0.311291 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:24.745204 0.360737 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:25.102450 0.212728 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/15 16:48:26.190852 0.060500 tcp 10.0.2.109 61051 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:48:26.251634 0.061917 tcp 10.0.2.109 61052 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:48:26.313867 0.161236 tcp 10.0.2.109 61053 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:48:26.690497 2.965263 tcp 10.0.2.109 61054 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:48:35.584189 0.000000 tcp 10.0.2.109 61054 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:53:41.063256 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:53:41.063370 3.003350 tcp 10.0.2.109 61055 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:53:50.086780 0.000000 tcp 10.0.2.109 61055 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:53:56.070547 0.062385 tcp 10.0.2.109 61056 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:53:56.133248 0.062716 tcp 10.0.2.109 61057 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:53:56.196307 0.150934 tcp 10.0.2.109 61058 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:53:56.839288 2.989995 tcp 10.0.2.109 61059 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:54:03.807559 3.001850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 16:54:05.837923 0.000000 tcp 10.0.2.109 61059 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:54:10.814713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:54:11.839417 0.062951 tcp 10.0.2.109 61060 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:54:11.902711 0.062280 tcp 10.0.2.109 61061 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:54:11.965300 0.158925 tcp 10.0.2.109 61062 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:54:12.376625 3.000487 tcp 10.0.2.109 61063 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:54:18.815983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:54:21.370417 0.000000 tcp 10.0.2.109 61063 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:54:27.369004 3.010446 tcp 10.0.2.109 61064 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:54:34.822789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:54:36.373164 0.000000 tcp 10.0.2.109 61064 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:55:06.825744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 16:59:42.372541 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 16:59:42.372647 3.003408 tcp 10.0.2.109 61065 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:59:51.376333 0.000000 tcp 10.0.2.109 61065 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 16:59:57.375130 0.060748 tcp 10.0.2.109 61066 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:59:57.436154 0.066635 tcp 10.0.2.109 61067 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:59:57.503079 0.152311 tcp 10.0.2.109 61068 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/15 16:59:57.698736 3.000335 tcp 10.0.2.109 61069 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:00:06.706749 0.000000 tcp 10.0.2.109 61069 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:00:12.697358 0.063215 tcp 10.0.2.109 61070 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:00:12.760915 0.064542 tcp 10.0.2.109 61071 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:00:12.825779 0.165411 tcp 10.0.2.109 61072 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:00:13.080108 3.000581 tcp 10.0.2.109 61073 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:00:22.079330 0.000000 tcp 10.0.2.109 61073 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:00:28.082259 3.000215 tcp 10.0.2.109 61074 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:00:37.081538 0.000000 tcp 10.0.2.109 61074 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:01:10.831640 3.005329 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 17:01:17.843592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:01:25.840978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:01:41.844533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:02:13.849456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:05:43.081268 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 17:05:43.081377 3.003358 tcp 10.0.2.109 61075 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:05:52.083256 0.000000 tcp 10.0.2.109 61075 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:05:58.083828 0.064893 tcp 10.0.2.109 61076 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:05:58.148960 0.061871 tcp 10.0.2.109 61077 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:05:58.211091 0.167361 tcp 10.0.2.109 61078 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:05:58.426346 3.000513 tcp 10.0.2.109 61079 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:06:07.425366 0.000000 tcp 10.0.2.109 61079 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:06:13.424635 0.061367 tcp 10.0.2.109 61080 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:06:13.486309 0.060553 tcp 10.0.2.109 61081 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:06:13.547189 0.161857 tcp 10.0.2.109 61082 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:06:13.731306 2.997415 tcp 10.0.2.109 61083 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:06:22.738556 0.000000 tcp 10.0.2.109 61083 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:06:28.726286 2.994023 tcp 10.0.2.109 61084 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:06:37.718849 0.000000 tcp 10.0.2.109 61084 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:08:17.865049 3.002004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 17:08:24.873213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:08:32.874249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:08:48.876939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:09:20.883485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:11:43.729438 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 17:11:43.729522 3.003787 tcp 10.0.2.109 61085 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:11:52.731865 0.000000 tcp 10.0.2.109 61085 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:11:58.731931 0.064846 tcp 10.0.2.109 61086 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:11:58.797040 0.068276 tcp 10.0.2.109 61087 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:11:58.865583 0.151932 tcp 10.0.2.109 61088 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:11:59.463810 3.001882 tcp 10.0.2.109 61089 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:12:08.464760 0.000000 tcp 10.0.2.109 61089 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:15:24.888888 3.002310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 17:15:31.896579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:15:39.898517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:15:55.901472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:16:27.907124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:18:31.034899 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 17:18:31.034997 0.000000 udp 10.0.2.109 3683 -> 125.113.190.214 7365 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 17:18:48.180909 0.063479 tcp 10.0.2.109 61090 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:18:48.244638 0.064297 tcp 10.0.2.109 61091 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:18:48.309257 0.163174 tcp 10.0.2.109 61092 -> 195.113.214.249 443 SRPA* 0 0 40 31908 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:18:48.473128 0.066607 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:18:48.522583 0.133042 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:18:48.647045 0.051597 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:18:48.761436 0.278504 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:18:48.980318 0.154595 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:18:49.197478 0.074293 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:18:49.255010 0.057097 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:18:49.494613 0.150085 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:18:49.607171 0.000000 udp 10.0.2.109 3683 -> 95.104.0.6 5934 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 17:18:59.475786 2.993719 tcp 10.0.2.109 61093 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:19:06.967018 0.067359 tcp 10.0.2.109 61094 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:19:07.034743 0.063673 tcp 10.0.2.109 61095 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:19:07.098666 0.154116 tcp 10.0.2.109 61096 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:19:07.253371 0.249966 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:07.466962 0.054315 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:07.655514 0.316304 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:08.015138 0.192235 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:08.204132 0.223581 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:08.384030 0.173842 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:08.468622 0.000000 tcp 10.0.2.109 61093 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:19:08.546405 0.181688 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:08.859783 0.188190 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:09.044867 0.342525 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:09.442664 0.181715 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:09.628906 0.259102 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:09.878420 0.332621 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:10.731229 0.112805 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:10.811469 0.208057 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:11.125419 0.199742 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:11.358271 1.001046 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:12.321506 0.097654 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:12.434186 0.437150 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:12.867192 0.311275 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:13.206833 0.360539 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:19:14.483597 0.063733 tcp 10.0.2.109 61097 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:19:14.547606 0.064899 tcp 10.0.2.109 61098 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:19:14.612771 0.155325 tcp 10.0.2.109 61099 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:19:15.117113 2.999252 tcp 10.0.2.109 61100 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:19:24.110938 0.000000 tcp 10.0.2.109 61100 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:19:30.120111 0.066683 tcp 10.0.2.109 61101 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:19:30.187049 0.061341 tcp 10.0.2.109 61102 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:19:30.248653 0.170312 tcp 10.0.2.109 61103 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:19:30.956478 2.998415 tcp 10.0.2.109 61104 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:19:39.952956 0.000000 tcp 10.0.2.109 61104 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:19:45.952710 3.004059 tcp 10.0.2.109 61105 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:19:54.955193 0.000000 tcp 10.0.2.109 61105 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:22:31.914901 3.000095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 17:22:38.920915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:22:46.922774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:23:02.927953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:23:34.931433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:25:00.955570 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 17:25:00.955750 2.993577 tcp 10.0.2.109 61106 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:25:09.992193 0.000000 tcp 10.0.2.109 61106 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:25:15.958716 0.067647 tcp 10.0.2.109 61107 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:25:16.026664 0.063355 tcp 10.0.2.109 61108 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:25:16.090297 0.153648 tcp 10.0.2.109 61109 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:25:16.546151 2.995645 tcp 10.0.2.109 61110 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:25:25.540428 0.000000 tcp 10.0.2.109 61110 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:25:31.539732 0.063535 tcp 10.0.2.109 61111 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:25:31.603598 0.066698 tcp 10.0.2.109 61112 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:25:31.670591 0.159743 tcp 10.0.2.109 61113 -> 195.113.214.249 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:25:32.103138 3.000922 tcp 10.0.2.109 61114 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:25:41.102927 0.000000 tcp 10.0.2.109 61114 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:25:47.101603 3.004284 tcp 10.0.2.109 61115 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:25:56.104652 0.000000 tcp 10.0.2.109 61115 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:29:38.937790 3.001339 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 17:29:45.944997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:29:53.945826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:30:09.949358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:30:41.955476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:31:02.105052 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 17:31:02.105207 2.993342 tcp 10.0.2.109 61116 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:31:11.107331 0.000000 tcp 10.0.2.109 61116 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:31:17.109702 0.063000 tcp 10.0.2.109 61117 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:31:17.172958 0.061805 tcp 10.0.2.109 61118 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:31:17.235047 0.160975 tcp 10.0.2.109 61119 -> 195.113.214.249 443 SRPA* 0 0 35 18224 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:31:17.506218 2.994496 tcp 10.0.2.109 61120 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:31:26.500737 0.000000 tcp 10.0.2.109 61120 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:31:32.498573 0.061345 tcp 10.0.2.109 61121 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:31:32.560196 0.062222 tcp 10.0.2.109 61122 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:31:32.622680 0.153778 tcp 10.0.2.109 61123 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:31:32.861903 3.000934 tcp 10.0.2.109 61124 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:31:41.861472 0.000000 tcp 10.0.2.109 61124 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:31:47.860710 3.003766 tcp 10.0.2.109 61125 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:31:56.862985 0.000000 tcp 10.0.2.109 61125 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:36:45.961440 3.001624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 17:36:52.968742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:37:00.970568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:37:02.863709 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 17:37:02.863899 3.003497 tcp 10.0.2.109 61126 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:37:11.875932 0.000000 tcp 10.0.2.109 61126 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:37:16.973422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:37:17.866525 0.062432 tcp 10.0.2.109 61127 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:37:17.929206 0.061367 tcp 10.0.2.109 61128 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:37:17.990817 0.162061 tcp 10.0.2.109 61129 -> 195.113.214.249 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:37:18.592662 2.988135 tcp 10.0.2.109 61130 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:37:27.578524 0.000000 tcp 10.0.2.109 61130 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:37:33.589063 0.063675 tcp 10.0.2.109 61131 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:37:33.653027 0.064223 tcp 10.0.2.109 61132 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:37:33.717491 0.155929 tcp 10.0.2.109 61133 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:37:34.259822 3.003460 tcp 10.0.2.109 61134 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:37:43.264822 0.000000 tcp 10.0.2.109 61134 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:37:48.979539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:37:49.259919 3.004490 tcp 10.0.2.109 61135 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:37:58.262701 0.000000 tcp 10.0.2.109 61135 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:43:52.984834 3.002123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 17:43:59.992796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:44:07.996668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:44:23.997554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:44:56.003290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:49:39.882284 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 17:49:39.882386 0.000000 udp 10.0.2.109 3683 -> 95.104.0.6 5934 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 17:49:55.385495 0.061613 tcp 10.0.2.109 61136 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:49:55.447385 0.065951 tcp 10.0.2.109 61137 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:49:55.513690 0.163242 tcp 10.0.2.109 61138 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:49:55.677514 0.051751 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:55.912180 0.067453 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:56.002565 0.135309 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:56.228255 0.076677 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:56.287746 0.056682 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:56.567614 0.147289 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:56.676137 0.107808 rtp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:56.785065 0.147235 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:56.928081 0.246159 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:57.139836 0.044881 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:57.328045 0.316417 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:57.722751 0.194274 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:58.042446 0.230197 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:58.226345 0.175985 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:58.390932 0.183470 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:58.548782 0.270059 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:58.963258 0.220661 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:59.173928 0.188025 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:59.399025 0.175011 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:49:59.569619 0.329188 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:50:00.224582 0.112381 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:50:00.304003 0.209568 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:50:00.484934 0.197739 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:50:00.674837 0.209198 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:50:01.020852 1.635651 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:50:02.620938 0.103594 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:50:02.841859 0.303874 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2015 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:50:03.264451 0.364237 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/15 17:50:04.306617 2.994249 tcp 10.0.2.109 61139 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:50:13.299470 0.000000 tcp 10.0.2.109 61139 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:50:19.308914 0.060700 tcp 10.0.2.109 61140 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:50:19.369952 0.065543 tcp 10.0.2.109 61141 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:50:19.435406 0.149824 tcp 10.0.2.109 61142 -> 195.113.214.249 443 SRPA* 0 0 33 16696 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:50:19.825080 2.988075 tcp 10.0.2.109 61143 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:50:28.811842 0.000000 tcp 10.0.2.109 61143 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:50:34.811225 0.061179 tcp 10.0.2.109 61144 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:50:34.872752 0.065545 tcp 10.0.2.109 61145 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:50:34.938579 0.152084 tcp 10.0.2.109 61146 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:50:35.255559 2.999912 tcp 10.0.2.109 61147 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:50:44.254100 0.000000 tcp 10.0.2.109 61147 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:50:50.252940 3.004154 tcp 10.0.2.109 61148 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:50:59.255814 0.000000 tcp 10.0.2.109 61148 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:51:00.009625 3.026678 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 17:51:07.026733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:51:15.028386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:51:31.034943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:52:03.037346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:56:05.255964 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 17:56:05.256126 2.993594 tcp 10.0.2.109 61149 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:56:14.248455 0.000000 tcp 10.0.2.109 61149 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:56:20.259742 0.067482 tcp 10.0.2.109 61150 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:56:20.327489 0.061240 tcp 10.0.2.109 61151 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:56:20.389000 0.162470 tcp 10.0.2.109 61152 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:56:20.722789 2.999291 tcp 10.0.2.109 61153 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:56:29.720846 0.000000 tcp 10.0.2.109 61153 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:56:35.719924 0.063547 tcp 10.0.2.109 61154 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:56:35.783826 0.064919 tcp 10.0.2.109 61155 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:56:35.849023 0.148076 tcp 10.0.2.109 61156 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/15 17:56:36.033866 3.000286 tcp 10.0.2.109 61157 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:56:45.033109 0.000000 tcp 10.0.2.109 61157 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:56:51.031501 3.003737 tcp 10.0.2.109 61158 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:57:00.034462 0.000000 tcp 10.0.2.109 61158 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 17:58:07.043646 3.001468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 17:58:14.050984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:58:22.052514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:58:38.055478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 17:59:10.061282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:02:06.034643 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 18:02:06.034741 2.993801 tcp 10.0.2.109 61159 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:02:15.037189 0.000000 tcp 10.0.2.109 61159 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:02:21.037484 0.069391 tcp 10.0.2.109 61160 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:02:21.107148 0.061924 tcp 10.0.2.109 61161 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:02:21.169321 0.146056 tcp 10.0.2.109 61162 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:02:21.346216 2.994564 tcp 10.0.2.109 61163 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:02:30.339266 0.000000 tcp 10.0.2.109 61163 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:02:36.339025 0.061011 tcp 10.0.2.109 61164 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:02:36.400294 0.064348 tcp 10.0.2.109 61165 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:02:36.464928 0.159599 tcp 10.0.2.109 61166 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:02:36.710533 3.001833 tcp 10.0.2.109 61167 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:02:45.710739 0.000000 tcp 10.0.2.109 61167 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:02:51.710783 3.002868 tcp 10.0.2.109 61168 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:03:00.713038 0.000000 tcp 10.0.2.109 61168 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:05:14.067670 3.001558 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 18:05:21.074722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:05:29.076403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:05:45.080490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:06:17.088729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:08:06.719035 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 18:08:06.719159 2.998593 tcp 10.0.2.109 61169 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:08:15.715662 0.000000 tcp 10.0.2.109 61169 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:08:21.716323 0.060808 tcp 10.0.2.109 61170 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:08:21.777437 0.064185 tcp 10.0.2.109 61171 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:08:21.841945 0.160875 tcp 10.0.2.109 61172 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:08:22.065377 2.993886 tcp 10.0.2.109 61173 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:08:31.057680 0.000000 tcp 10.0.2.109 61173 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:08:37.067034 0.408574 tcp 10.0.2.109 61174 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:08:37.475871 0.063866 tcp 10.0.2.109 61175 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:08:37.540010 0.151840 tcp 10.0.2.109 61176 -> 195.113.214.249 443 SRPA* 0 0 33 17692 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:08:37.911207 2.976436 tcp 10.0.2.109 61177 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:08:46.829760 0.000000 tcp 10.0.2.109 61177 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:08:52.770879 2.974958 tcp 10.0.2.109 61178 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:09:01.692892 0.000000 tcp 10.0.2.109 61178 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:12:21.091356 3.001706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 18:12:28.098724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:12:36.100443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:12:52.105823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:13:24.306512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:19:28.126295 3.000567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 18:19:35.132484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:19:43.134904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:19:59.137172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:20:11.064439 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 18:20:11.064651 0.052570 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:11.488151 0.066803 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:11.536901 0.000000 udp 10.0.2.109 3683 -> 173.179.165.71 5329 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 18:20:22.621456 3.004007 tcp 10.0.2.109 61179 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:20:27.179831 0.062680 tcp 10.0.2.109 61180 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:20:27.242844 0.063393 tcp 10.0.2.109 61181 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:20:27.305948 0.152714 tcp 10.0.2.109 61182 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:20:27.459263 0.074749 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:27.517840 0.058654 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:27.787789 0.154705 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:28.407929 0.111717 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:28.478031 0.277548 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:28.683974 0.315792 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:29.001025 0.248692 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:29.216543 0.049849 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:29.306672 0.194038 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:29.496662 0.226387 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:29.674942 0.176149 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:29.905728 0.181919 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:30.063087 0.187230 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:30.247779 0.176974 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:30.421994 0.341198 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:30.926367 0.182079 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:31.084888 0.219930 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:31.143216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:20:31.295446 0.107415 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:31.429305 0.206118 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:31.595244 0.193452 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:31.623996 0.000000 tcp 10.0.2.109 61179 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:20:31.803884 0.210406 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:32.273147 0.277555 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:32.514523 0.095019 rtp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:32.678317 0.321787 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:33.133959 0.348554 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:20:37.623224 0.064657 tcp 10.0.2.109 61183 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:20:37.688144 0.062497 tcp 10.0.2.109 61184 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:20:37.750934 0.160858 tcp 10.0.2.109 61185 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:20:38.055575 3.001667 tcp 10.0.2.109 61186 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:20:47.066092 0.000000 tcp 10.0.2.109 61186 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:25:53.056436 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 18:25:53.056666 2.993854 tcp 10.0.2.109 61187 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:26:02.048807 0.000000 tcp 10.0.2.109 61187 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:26:08.059712 0.060240 tcp 10.0.2.109 61188 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:26:08.120261 0.064410 tcp 10.0.2.109 61189 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:26:08.185032 0.151387 tcp 10.0.2.109 61190 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:26:08.514878 2.997852 tcp 10.0.2.109 61191 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:26:17.511104 0.000000 tcp 10.0.2.109 61191 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:26:23.510650 0.060600 tcp 10.0.2.109 61192 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:26:23.571518 0.064888 tcp 10.0.2.109 61193 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:26:23.636700 0.224197 tcp 10.0.2.109 61194 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:26:24.154680 3.000212 tcp 10.0.2.109 61195 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:26:33.369897 0.000000 tcp 10.0.2.109 61195 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:26:35.344403 2.977978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 18:26:39.314857 2.975052 tcp 10.0.2.109 61196 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:26:42.290087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:26:48.233271 0.000000 tcp 10.0.2.109 61196 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:26:50.219889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:27:06.161239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:27:38.167204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:31:54.156184 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 18:31:54.156357 2.993204 tcp 10.0.2.109 61197 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:32:03.148110 0.000000 tcp 10.0.2.109 61197 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:32:09.158451 0.063338 tcp 10.0.2.109 61198 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:32:09.222019 0.063719 tcp 10.0.2.109 61199 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:32:09.286000 0.153863 tcp 10.0.2.109 61200 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:32:09.705545 2.996389 tcp 10.0.2.109 61201 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:32:18.700725 0.000000 tcp 10.0.2.109 61201 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:32:24.699776 0.061850 tcp 10.0.2.109 61202 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:32:24.761936 0.068921 tcp 10.0.2.109 61203 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:32:24.831218 0.157588 tcp 10.0.2.109 61204 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:32:25.312628 3.001842 tcp 10.0.2.109 61205 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:32:34.312960 0.000000 tcp 10.0.2.109 61205 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:32:40.312027 3.003941 tcp 10.0.2.109 61206 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:32:49.314573 0.000000 tcp 10.0.2.109 61206 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:33:42.173492 3.001695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 18:33:49.180954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:33:57.182105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:34:13.185151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:34:45.191293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:37:55.315361 0.000139 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 18:37:55.315595 2.993092 tcp 10.0.2.109 61207 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:38:04.308872 0.000000 tcp 10.0.2.109 61207 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:38:10.318750 0.061064 tcp 10.0.2.109 61208 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:38:10.380078 0.067512 tcp 10.0.2.109 61209 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:38:10.447887 0.170746 tcp 10.0.2.109 61210 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:38:10.852276 3.000786 tcp 10.0.2.109 61211 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:38:19.850861 0.000000 tcp 10.0.2.109 61211 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:38:25.849096 0.063442 tcp 10.0.2.109 61212 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:38:25.912824 0.062910 tcp 10.0.2.109 61213 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:38:25.976236 0.154406 tcp 10.0.2.109 61214 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:38:26.680779 3.002751 tcp 10.0.2.109 61215 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:38:35.682667 0.000000 tcp 10.0.2.109 61215 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:38:41.681536 3.003846 tcp 10.0.2.109 61216 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:38:50.688371 0.000000 tcp 10.0.2.109 61216 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:40:49.197968 3.002158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 18:40:56.204631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:41:04.206342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:41:20.209045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:41:52.215239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:43:56.684987 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 18:43:56.685097 2.994367 tcp 10.0.2.109 61217 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:44:05.686362 0.000000 tcp 10.0.2.109 61217 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:44:11.687395 0.068837 tcp 10.0.2.109 61218 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:44:11.756472 0.065010 tcp 10.0.2.109 61219 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:44:11.821776 0.161705 tcp 10.0.2.109 61220 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:44:11.995698 2.994865 tcp 10.0.2.109 61221 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:44:20.988961 0.000000 tcp 10.0.2.109 61221 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:47:56.221371 3.001788 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 18:48:03.228755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:48:11.231109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:48:27.236233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:48:59.240953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:50:49.417616 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 18:50:49.417802 0.136440 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:49.544953 0.053015 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:49.862307 0.067566 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:49.913054 0.076031 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:50.219153 0.058282 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:50.845352 0.148548 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:50.956475 0.104802 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:51.420494 0.225086 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:51.591723 0.054630 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:51.786233 0.194607 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:52.203805 0.222411 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:52.381649 0.170336 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:52.541547 0.314906 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:52.911679 0.249675 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:53.125935 0.178344 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:53.283215 0.190710 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:53.497818 0.173542 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2623 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:53.667081 0.326696 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:53.995251 0.103813 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:54.067838 0.206446 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:54.708044 0.188317 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:54.888918 0.181698 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:55.177460 0.228447 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:55.396017 0.213243 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:55.848824 0.250458 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:56.064101 0.103849 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:56.247139 0.292716 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:56.693913 0.353870 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/15 18:50:57.005957 2.996102 tcp 10.0.2.109 61222 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:51:06.002809 0.000000 tcp 10.0.2.109 61222 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:51:12.001434 0.062976 tcp 10.0.2.109 61223 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:51:12.064766 0.068465 tcp 10.0.2.109 61224 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:51:12.133547 0.152353 tcp 10.0.2.109 61225 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:51:13.075494 3.000052 tcp 10.0.2.109 61226 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:51:22.074015 0.000000 tcp 10.0.2.109 61226 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:51:28.073869 0.061176 tcp 10.0.2.109 61227 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:51:28.135401 0.062519 tcp 10.0.2.109 61228 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:51:28.198214 0.160882 tcp 10.0.2.109 61229 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:51:28.646195 2.991516 tcp 10.0.2.109 61230 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:51:37.646199 0.000000 tcp 10.0.2.109 61230 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:51:43.647999 2.991752 tcp 10.0.2.109 61231 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:51:52.638544 0.000000 tcp 10.0.2.109 61231 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:55:36.252689 3.001442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 18:55:43.260123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:55:51.261579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:56:07.264676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:56:39.270646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 18:56:58.653984 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 18:56:58.654094 3.004206 tcp 10.0.2.109 61232 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:57:07.651289 0.000000 tcp 10.0.2.109 61232 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:57:13.652110 0.063961 tcp 10.0.2.109 61233 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:57:13.716327 0.065120 tcp 10.0.2.109 61234 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:57:13.781771 0.154848 tcp 10.0.2.109 61235 -> 195.113.214.249 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:57:14.040938 3.004039 tcp 10.0.2.109 61236 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:57:23.043679 0.000000 tcp 10.0.2.109 61236 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:57:29.042636 0.061066 tcp 10.0.2.109 61237 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:57:29.103978 0.061614 tcp 10.0.2.109 61238 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:57:29.165937 0.154303 tcp 10.0.2.109 61239 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 18:57:29.340493 3.006529 tcp 10.0.2.109 61240 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:57:38.345262 0.000000 tcp 10.0.2.109 61240 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:57:44.334477 2.994064 tcp 10.0.2.109 61241 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 18:57:53.338254 0.000000 tcp 10.0.2.109 61241 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:02:43.276985 3.001498 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 19:02:50.286753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:02:58.285370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:02:59.347652 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 19:02:59.347758 3.003745 tcp 10.0.2.109 61242 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:03:08.349752 0.000000 tcp 10.0.2.109 61242 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:03:14.288442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:03:14.350265 0.062328 tcp 10.0.2.109 61243 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:03:14.412905 0.068392 tcp 10.0.2.109 61244 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:03:14.481642 0.157645 tcp 10.0.2.109 61245 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:03:14.684856 2.998599 tcp 10.0.2.109 61246 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:03:23.682337 0.000000 tcp 10.0.2.109 61246 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:03:29.680683 0.060758 tcp 10.0.2.109 61247 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:03:29.741711 0.062985 tcp 10.0.2.109 61248 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:03:29.804967 0.157300 tcp 10.0.2.109 61249 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:03:30.012569 3.002651 tcp 10.0.2.109 61250 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:03:39.013911 0.000000 tcp 10.0.2.109 61250 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:03:45.015514 3.001288 tcp 10.0.2.109 61251 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:03:46.294925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:03:54.015569 0.000000 tcp 10.0.2.109 61251 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:09:00.016068 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 19:09:00.016170 2.994019 tcp 10.0.2.109 61252 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:09:09.009051 0.000000 tcp 10.0.2.109 61252 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:09:15.019826 0.062417 tcp 10.0.2.109 61253 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:09:15.082072 0.062103 tcp 10.0.2.109 61254 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:09:15.144775 0.161254 tcp 10.0.2.109 61255 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:09:15.551702 3.000371 tcp 10.0.2.109 61256 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:09:24.550582 0.000000 tcp 10.0.2.109 61256 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:09:30.549989 0.071127 tcp 10.0.2.109 61257 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:09:30.621388 0.069127 tcp 10.0.2.109 61258 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:09:30.690380 0.158032 tcp 10.0.2.109 61259 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:09:31.427508 3.007690 tcp 10.0.2.109 61260 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:09:40.439724 0.000000 tcp 10.0.2.109 61260 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:09:46.422798 3.004799 tcp 10.0.2.109 61261 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:09:50.300331 3.002453 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 19:09:55.425281 0.000000 tcp 10.0.2.109 61261 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:09:57.308019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:10:05.309276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:10:21.312355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:10:53.319029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:16:57.324669 3.056350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 19:17:04.360962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:17:12.343898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:17:28.348971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:18:00.352680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:21:25.167060 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 19:21:25.167197 0.068403 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:25.216996 0.133260 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:25.395084 0.053904 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:25.450342 0.077568 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:25.511663 0.057516 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:25.986376 0.138953 rtp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:26.331570 0.108075 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:26.400082 0.150540 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:26.542973 0.050202 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:26.733464 0.171619 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:26.892482 0.315018 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:27.262784 0.196214 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:27.455824 0.228671 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:27.638314 0.244521 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:27.850237 0.180434 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:28.008410 0.191287 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:28.197472 0.263319 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:28.458245 0.204735 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:29.035709 0.188225 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:29.216065 0.331010 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:30.962822 0.103541 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:31.034520 0.181094 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:31.252804 0.231411 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:31.466829 2.993392 tcp 10.0.2.109 61262 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:21:31.474137 0.259821 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:31.732554 0.310017 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:32.168290 0.254612 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:32.387508 0.094723 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:32.475339 0.353683 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:21:40.458939 0.000000 tcp 10.0.2.109 61262 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:21:46.470203 0.063298 tcp 10.0.2.109 61263 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:21:46.533813 0.063705 tcp 10.0.2.109 61264 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:21:46.597854 0.149714 tcp 10.0.2.109 61265 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:21:46.760068 3.001760 tcp 10.0.2.109 61266 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:21:55.760377 0.000000 tcp 10.0.2.109 61266 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:22:01.760545 0.067909 tcp 10.0.2.109 61267 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:22:01.828726 0.066642 tcp 10.0.2.109 61268 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:22:01.895620 0.153616 tcp 10.0.2.109 61269 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:22:02.060847 3.002957 tcp 10.0.2.109 61270 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:22:11.062790 0.000000 tcp 10.0.2.109 61270 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:22:17.061619 3.004212 tcp 10.0.2.109 61271 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:22:26.064603 0.000000 tcp 10.0.2.109 61271 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:24:04.367170 2.993173 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 19:24:11.365938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:24:19.367499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:24:35.370426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:25:07.376721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:27:32.065404 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 19:27:32.065604 2.993742 tcp 10.0.2.109 61272 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:27:41.057375 0.000000 tcp 10.0.2.109 61272 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:27:47.068967 0.065826 tcp 10.0.2.109 61273 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:27:47.135080 0.061749 tcp 10.0.2.109 61274 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:27:47.196683 0.167655 tcp 10.0.2.109 61275 -> 195.113.214.249 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:27:47.507382 2.993621 tcp 10.0.2.109 61276 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:27:56.499553 0.000000 tcp 10.0.2.109 61276 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:28:02.511189 0.065412 tcp 10.0.2.109 61277 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:28:02.577012 0.060601 tcp 10.0.2.109 61278 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:28:02.637871 0.154552 tcp 10.0.2.109 61279 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:28:03.092394 3.001206 tcp 10.0.2.109 61280 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:28:12.092551 0.000000 tcp 10.0.2.109 61280 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:28:18.091183 3.003906 tcp 10.0.2.109 61281 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:28:27.093394 0.000000 tcp 10.0.2.109 61281 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:31:11.382498 3.002074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 19:31:18.389705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:31:26.391305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:31:42.394592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:32:14.403210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:33:33.094037 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 19:33:33.094194 2.993575 tcp 10.0.2.109 61282 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:33:42.096640 0.000000 tcp 10.0.2.109 61282 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:33:48.099896 0.088646 tcp 10.0.2.109 61283 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:33:48.188898 0.065575 tcp 10.0.2.109 61284 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:33:48.254763 0.252436 tcp 10.0.2.109 61285 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:33:48.896455 2.994128 tcp 10.0.2.109 61286 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:33:57.889152 0.000000 tcp 10.0.2.109 61286 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:34:03.888202 0.064363 tcp 10.0.2.109 61287 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:34:03.952918 0.063109 tcp 10.0.2.109 61288 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:34:04.016362 0.157955 tcp 10.0.2.109 61289 -> 195.113.214.249 443 SRPA* 0 0 33 17670 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:34:04.533206 2.999721 tcp 10.0.2.109 61290 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:34:13.531664 0.000000 tcp 10.0.2.109 61290 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:34:19.530487 3.004184 tcp 10.0.2.109 61291 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:34:28.533145 0.000000 tcp 10.0.2.109 61291 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:38:18.407286 3.000934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 19:38:25.413809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:38:33.415313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:38:49.418377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:39:21.424657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:39:34.533683 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 19:39:34.533794 3.003590 tcp 10.0.2.109 61292 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:39:43.546155 0.000000 tcp 10.0.2.109 61292 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:39:49.538207 0.060799 tcp 10.0.2.109 61293 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:39:49.599287 0.067945 tcp 10.0.2.109 61294 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:39:49.667511 0.152431 tcp 10.0.2.109 61295 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:39:49.923153 2.996358 tcp 10.0.2.109 61296 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:39:58.919470 0.000000 tcp 10.0.2.109 61296 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:40:04.917662 0.062183 tcp 10.0.2.109 61297 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:40:04.980179 0.064770 tcp 10.0.2.109 61298 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:40:05.045217 0.161222 tcp 10.0.2.109 61299 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:40:05.239187 3.002561 tcp 10.0.2.109 61300 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:40:14.246522 0.000000 tcp 10.0.2.109 61300 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:40:20.238852 3.008436 tcp 10.0.2.109 61301 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:40:29.246169 0.000000 tcp 10.0.2.109 61301 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:45:25.430571 3.001544 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 19:45:32.437695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:45:40.438954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:45:56.442263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:46:28.448283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:52:01.598439 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 19:52:01.598593 0.051892 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:02.138507 0.075938 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:02.195555 0.066321 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:02.535382 0.137450 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:02.664525 0.057922 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:02.776050 0.138446 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:03.226426 0.116248 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:03.299128 0.246270 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:03.443993 0.061329 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:03.624853 0.173153 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:03.786893 0.230687 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:03.970439 0.245063 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:04.179593 0.316673 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:04.763557 0.200190 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:04.960653 0.179028 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 1998 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:05.119668 0.195832 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:05.283430 3.003399 tcp 10.0.2.109 61302 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:52:05.312973 0.171794 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:05.502402 0.328341 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:06.152755 0.209466 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:06.319015 0.192455 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:06.761914 0.109211 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:06.837706 0.185819 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:07.087642 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 19:52:14.285678 0.000000 tcp 10.0.2.109 61302 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:52:20.286348 0.064918 tcp 10.0.2.109 61303 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:52:20.351517 0.067147 tcp 10.0.2.109 61304 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:52:20.418955 0.156214 tcp 10.0.2.109 61305 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:52:20.724209 2.997183 tcp 10.0.2.109 61306 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:52:23.248854 0.060797 tcp 10.0.2.109 61307 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:52:23.309930 0.065337 tcp 10.0.2.109 61308 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:52:23.375547 0.151777 tcp 10.0.2.109 61309 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:52:23.527857 0.301865 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:23.828763 0.107042 rtp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:24.114565 0.313154 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:24.479810 0.205874 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:24.650115 0.352672 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/15 19:52:29.723656 0.000000 tcp 10.0.2.109 61306 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:52:35.716808 0.061590 tcp 10.0.2.109 61310 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:52:35.778698 0.062248 tcp 10.0.2.109 61311 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:52:35.840783 0.151724 tcp 10.0.2.109 61312 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:52:36.318377 3.003139 tcp 10.0.2.109 61313 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:52:45.320047 0.000000 tcp 10.0.2.109 61313 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:52:51.318825 3.004293 tcp 10.0.2.109 61314 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:53:00.321756 0.000000 tcp 10.0.2.109 61314 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:54:21.461077 3.001815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 19:54:28.468299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:54:36.470012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:54:52.473018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:55:24.479056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 19:58:06.325200 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 19:58:06.325348 3.000738 tcp 10.0.2.109 61315 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:58:15.324687 0.000000 tcp 10.0.2.109 61315 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:58:21.330703 0.064979 tcp 10.0.2.109 61316 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:58:21.396030 0.065807 tcp 10.0.2.109 61317 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:58:21.462227 0.164268 tcp 10.0.2.109 61318 -> 195.113.214.249 443 SRPA* 0 0 40 22016 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:58:22.008260 2.990130 tcp 10.0.2.109 61319 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:58:31.006982 0.000000 tcp 10.0.2.109 61319 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:58:36.996414 0.062983 tcp 10.0.2.109 61320 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:58:37.059622 0.064329 tcp 10.0.2.109 61321 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:58:37.124194 0.154769 tcp 10.0.2.109 61322 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/15 19:58:37.355093 2.985619 tcp 10.0.2.109 61323 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:58:46.340745 0.000000 tcp 10.0.2.109 61323 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:58:52.347959 3.004521 tcp 10.0.2.109 61324 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 19:59:01.354994 0.000000 tcp 10.0.2.109 61324 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:01:28.485177 3.001869 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 20:01:35.494618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:01:43.494266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:01:59.497332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:02:31.504611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:04:07.351483 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 20:04:07.351602 3.003470 tcp 10.0.2.109 61325 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:04:16.353508 0.000000 tcp 10.0.2.109 61325 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:04:22.353912 0.066263 tcp 10.0.2.109 61326 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:04:22.420457 0.186185 tcp 10.0.2.109 61327 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:04:22.606956 0.154550 tcp 10.0.2.109 61328 -> 195.113.214.249 443 SRPA* 0 0 41 22614 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:04:22.909700 3.007631 tcp 10.0.2.109 61329 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:04:31.926032 0.000000 tcp 10.0.2.109 61329 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:04:37.905207 0.063410 tcp 10.0.2.109 61330 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:04:37.968921 0.060888 tcp 10.0.2.109 61331 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:04:38.030114 0.159446 tcp 10.0.2.109 61332 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:04:38.223584 2.985845 tcp 10.0.2.109 61333 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:04:47.207794 0.000000 tcp 10.0.2.109 61333 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:04:53.216794 2.994080 tcp 10.0.2.109 61334 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:05:02.209670 0.000000 tcp 10.0.2.109 61334 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:08:35.510386 3.000217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 20:08:42.516678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:08:50.517866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:09:06.521132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:09:38.527077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:10:08.220281 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 20:10:08.220386 3.006596 tcp 10.0.2.109 61335 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:10:17.222481 0.000000 tcp 10.0.2.109 61335 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:10:23.223103 0.065334 tcp 10.0.2.109 61336 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:10:23.288728 0.066093 tcp 10.0.2.109 61337 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:10:23.355134 0.147808 tcp 10.0.2.109 61338 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:10:23.607225 2.998713 tcp 10.0.2.109 61339 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:10:32.604586 0.000000 tcp 10.0.2.109 61339 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:10:38.604878 0.060757 tcp 10.0.2.109 61340 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:10:38.665899 0.063064 tcp 10.0.2.109 61341 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:10:38.729248 0.161089 tcp 10.0.2.109 61342 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:10:39.193120 2.995277 tcp 10.0.2.109 61343 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:10:48.200441 0.000000 tcp 10.0.2.109 61343 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:10:54.185970 2.993800 tcp 10.0.2.109 61344 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:11:03.178342 0.000000 tcp 10.0.2.109 61344 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:15:42.534418 3.000126 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 20:15:49.540431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:15:57.541625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:16:13.544688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:16:45.550771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:22:43.856261 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 20:22:43.856346 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 20:22:49.556704 3.001870 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 20:22:56.565466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:22:59.581125 0.064315 tcp 10.0.2.109 61345 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:22:59.645698 0.062770 tcp 10.0.2.109 61346 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:22:59.708780 0.167284 tcp 10.0.2.109 61347 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:22:59.876717 0.053367 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:00.134784 0.097596 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:00.214939 0.134867 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2008 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:00.341956 0.075486 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:00.482864 0.058196 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:01.183508 0.230655 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:01.405950 0.050649 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:01.554513 0.119095 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:01.630250 0.158223 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:01.829002 0.404268 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:02.193998 0.169784 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:02.499859 0.228367 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:02.680845 0.190506 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:03.006969 0.315954 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:03.539273 0.189565 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:03.725972 0.179505 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2047 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:03.934321 0.175149 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:04.105224 0.209872 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:04.274756 0.337331 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:04.565649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:23:04.730395 0.103736 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:04.801566 0.197425 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:04.991018 0.183361 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:05.150456 0.247832 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:05.361117 0.323983 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:05.681902 0.350801 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:06.028829 0.328079 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:06.765898 0.148350 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:23:09.233111 3.005711 tcp 10.0.2.109 61348 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:23:18.235423 0.000000 tcp 10.0.2.109 61348 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:23:20.568833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:23:24.236415 0.063895 tcp 10.0.2.109 61349 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:23:24.300604 0.066368 tcp 10.0.2.109 61350 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:23:24.367230 0.156742 tcp 10.0.2.109 61351 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:23:24.755176 2.994041 tcp 10.0.2.109 61352 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:23:33.757647 0.000000 tcp 10.0.2.109 61352 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:23:39.747356 0.077279 tcp 10.0.2.109 61353 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:23:39.824895 0.063926 tcp 10.0.2.109 61354 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:23:39.889113 0.151808 tcp 10.0.2.109 61355 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:23:40.523922 2.997738 tcp 10.0.2.109 61356 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:23:49.520660 0.000000 tcp 10.0.2.109 61356 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:23:52.578437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:23:55.519529 3.003949 tcp 10.0.2.109 61357 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:24:04.522103 0.000000 tcp 10.0.2.109 61357 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:29:10.522415 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 20:29:10.522493 3.003996 tcp 10.0.2.109 61358 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:29:19.524899 0.000000 tcp 10.0.2.109 61358 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:29:25.526920 0.062907 tcp 10.0.2.109 61359 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:29:25.590296 0.064265 tcp 10.0.2.109 61360 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:29:25.654848 0.159593 tcp 10.0.2.109 61361 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:29:26.241407 2.997611 tcp 10.0.2.109 61362 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:29:35.247491 0.000000 tcp 10.0.2.109 61362 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:29:41.237164 0.061533 tcp 10.0.2.109 61363 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:29:41.299062 0.061778 tcp 10.0.2.109 61364 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:29:41.361141 0.156331 tcp 10.0.2.109 61365 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:29:41.628242 3.002866 tcp 10.0.2.109 61366 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:29:50.629450 0.000000 tcp 10.0.2.109 61366 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:29:56.581114 3.001197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 20:29:56.628465 3.003971 tcp 10.0.2.109 61367 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:30:03.588315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:30:05.631177 0.000000 tcp 10.0.2.109 61367 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:30:11.809012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:30:27.653752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:30:59.599047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:35:11.631609 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 20:35:11.631791 3.006385 tcp 10.0.2.109 61368 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:35:20.636550 0.000000 tcp 10.0.2.109 61368 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:35:26.634405 0.061165 tcp 10.0.2.109 61369 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:35:26.695834 0.070879 tcp 10.0.2.109 61370 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:35:26.766938 0.152581 tcp 10.0.2.109 61371 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:35:27.130594 2.997045 tcp 10.0.2.109 61372 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:35:36.136102 0.000000 tcp 10.0.2.109 61372 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:35:42.126938 0.061997 tcp 10.0.2.109 61373 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:35:42.189219 0.062955 tcp 10.0.2.109 61374 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:35:42.252432 0.154093 tcp 10.0.2.109 61375 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:35:42.564424 2.995435 tcp 10.0.2.109 61376 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:35:51.558536 0.000000 tcp 10.0.2.109 61376 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:35:57.557507 3.009032 tcp 10.0.2.109 61377 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:36:06.560167 0.000000 tcp 10.0.2.109 61377 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:37:03.605061 3.001275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 20:37:10.612036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:37:18.613364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:37:34.616682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:38:06.622895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:41:12.560527 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 20:41:12.560652 3.003622 tcp 10.0.2.109 61378 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:41:21.562773 0.000000 tcp 10.0.2.109 61378 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:41:27.563239 0.060956 tcp 10.0.2.109 61379 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:41:27.624490 0.064715 tcp 10.0.2.109 61380 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:41:27.689517 0.158049 tcp 10.0.2.109 61381 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:41:27.899911 3.006685 tcp 10.0.2.109 61382 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:41:36.904489 0.000000 tcp 10.0.2.109 61382 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:41:42.894617 0.065331 tcp 10.0.2.109 61383 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:41:42.960536 0.063621 tcp 10.0.2.109 61384 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:41:43.024588 0.148571 tcp 10.0.2.109 61385 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:41:43.851269 2.998193 tcp 10.0.2.109 61386 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:41:52.847793 0.000000 tcp 10.0.2.109 61386 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:41:58.846350 2.994841 tcp 10.0.2.109 61387 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:42:07.839713 0.000000 tcp 10.0.2.109 61387 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:44:10.628731 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 20:44:17.635826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:44:25.637748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:44:41.640812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:45:13.646597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:53:36.119770 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 20:53:36.119881 0.053078 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:36.344532 0.068041 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:36.393949 0.060554 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:36.536654 0.079934 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:36.905685 0.133723 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:37.031141 0.147510 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:37.170777 0.051525 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:37.415707 0.111973 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:37.488328 0.151141 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2556 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:37.646705 0.227300 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:37.655065 3.000530 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 20:53:37.824440 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 20:53:43.891225 3.003386 tcp 10.0.2.109 61388 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:53:44.661420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:53:52.663027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:53:52.893564 0.000000 tcp 10.0.2.109 61388 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:53:54.320937 0.065541 tcp 10.0.2.109 61389 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:53:54.386747 0.060677 tcp 10.0.2.109 61390 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:53:54.447738 0.150527 tcp 10.0.2.109 61391 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:53:54.598868 0.247357 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:54.811748 0.174171 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:55.029287 0.315078 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:55.475602 0.188213 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:55.660878 0.181530 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:55.824627 0.328305 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:56.306327 0.101300 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:56.374526 0.171665 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:56.542027 0.207455 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:56.780182 0.189092 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:56.961539 0.183551 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:57.278940 0.094160 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:57.336686 0.321178 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:57.653902 0.193964 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:57.812123 0.352466 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:58.358161 0.306755 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/15 20:53:58.893131 0.067519 tcp 10.0.2.109 61392 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:53:58.960953 0.067989 tcp 10.0.2.109 61393 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:53:59.029254 0.148273 tcp 10.0.2.109 61394 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:53:59.264754 3.003172 tcp 10.0.2.109 61395 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:54:08.265382 0.000000 tcp 10.0.2.109 61395 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:54:08.665967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:54:14.270199 0.061758 tcp 10.0.2.109 61396 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:54:14.332250 0.068939 tcp 10.0.2.109 61397 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:54:14.401572 0.158086 tcp 10.0.2.109 61398 -> 195.113.214.249 443 SRPA* 0 0 24 12114 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:54:14.579479 2.996121 tcp 10.0.2.109 61399 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:54:23.577386 0.000000 tcp 10.0.2.109 61399 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:54:29.575777 2.994792 tcp 10.0.2.109 61400 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:54:38.568813 0.000000 tcp 10.0.2.109 61400 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:54:40.672110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 20:59:44.579133 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 20:59:44.579354 3.003865 tcp 10.0.2.109 61401 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:59:53.582457 0.000000 tcp 10.0.2.109 61401 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 20:59:59.582467 0.061552 tcp 10.0.2.109 61402 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:59:59.644296 0.060806 tcp 10.0.2.109 61403 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:59:59.705417 0.159150 tcp 10.0.2.109 61404 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/15 20:59:59.881765 3.003355 tcp 10.0.2.109 61405 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:00:08.886238 0.000000 tcp 10.0.2.109 61405 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:00:14.883185 0.065970 tcp 10.0.2.109 61406 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:00:14.949528 0.062691 tcp 10.0.2.109 61407 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:00:15.012516 0.171758 tcp 10.0.2.109 61408 -> 195.113.214.249 443 SRPA* 0 0 33 17670 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:00:15.232435 3.008508 tcp 10.0.2.109 61409 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:00:24.245620 0.000000 tcp 10.0.2.109 61409 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:00:30.224540 2.995148 tcp 10.0.2.109 61410 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:00:39.227048 0.000000 tcp 10.0.2.109 61410 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:00:44.678336 3.004813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 21:00:51.685273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:00:59.686705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:01:15.689939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:01:47.696110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:05:45.227761 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 21:05:45.227863 3.003917 tcp 10.0.2.109 61411 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:05:54.230386 0.000000 tcp 10.0.2.109 61411 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:06:00.230877 0.065072 tcp 10.0.2.109 61412 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:06:00.296255 0.067086 tcp 10.0.2.109 61413 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:06:00.363660 0.156296 tcp 10.0.2.109 61414 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:06:00.601524 3.002450 tcp 10.0.2.109 61415 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:06:09.602453 0.000000 tcp 10.0.2.109 61415 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:06:15.603370 0.060158 tcp 10.0.2.109 61416 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:06:15.663889 0.065297 tcp 10.0.2.109 61417 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:06:15.729440 0.163664 tcp 10.0.2.109 61418 -> 195.113.214.249 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:06:15.932152 3.004040 tcp 10.0.2.109 61419 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:06:24.933929 0.000000 tcp 10.0.2.109 61419 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:06:30.923162 3.004144 tcp 10.0.2.109 61420 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:06:39.935977 0.000000 tcp 10.0.2.109 61420 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:07:51.702696 3.002991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 21:07:58.709371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:08:06.710260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:08:22.714073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:08:54.720039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:11:45.926932 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 21:11:45.927096 2.993289 tcp 10.0.2.109 61421 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:11:54.918868 0.000000 tcp 10.0.2.109 61421 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:12:00.929202 0.064974 tcp 10.0.2.109 61422 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:12:00.994448 0.066851 tcp 10.0.2.109 61423 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:12:01.061809 0.148249 tcp 10.0.2.109 61424 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:12:01.362474 3.004327 tcp 10.0.2.109 61425 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:12:10.361617 0.000000 tcp 10.0.2.109 61425 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:12:16.360413 0.226906 tcp 10.0.2.109 61426 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:12:16.587703 0.062740 tcp 10.0.2.109 61427 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:12:16.650729 0.151879 tcp 10.0.2.109 61428 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:12:16.916620 2.971916 tcp 10.0.2.109 61429 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:12:25.841366 0.000000 tcp 10.0.2.109 61429 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:12:31.790946 2.975591 tcp 10.0.2.109 61430 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:12:40.764432 0.000000 tcp 10.0.2.109 61430 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:14:58.726075 3.001481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 21:15:05.733632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:15:13.735410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:15:29.738326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:16:01.743821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:22:05.749374 3.002702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 21:22:12.756713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:22:20.758802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:22:36.761924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:23:08.767750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:24:22.544060 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 21:24:22.544210 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 21:24:39.610545 0.061183 tcp 10.0.2.109 61431 -> 195.113.214.234 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:24:39.672017 0.064252 tcp 10.0.2.109 61432 -> 195.113.214.249 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:24:39.736633 0.155458 tcp 10.0.2.109 61433 -> 195.113.214.249 443 SRPA* 0 0 20 11284 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:24:39.892582 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 21:24:57.384776 0.068439 tcp 10.0.2.109 61434 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:24:57.453523 0.061654 tcp 10.0.2.109 61435 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:24:57.515467 0.151314 tcp 10.0.2.109 61436 -> 195.113.214.249 443 SRPA* 0 0 36 19190 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:24:57.667302 0.068446 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:57.718567 0.056923 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:57.950756 0.074564 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:58.279756 0.045747 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:58.322775 0.115693 rtp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:58.589584 0.134175 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:58.713954 0.147445 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:58.853491 0.313209 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:59.293093 0.148637 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:59.614690 0.346324 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:24:59.922725 0.172189 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:00.127892 0.315814 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:00.542748 0.327878 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:01.032348 0.000000 udp 10.0.2.109 3683 -> 99.121.105.245 9979 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 21:25:01.810107 3.004148 tcp 10.0.2.109 61437 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:25:10.813258 0.000000 tcp 10.0.2.109 61437 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:25:16.452206 0.061556 tcp 10.0.2.109 61438 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:25:16.514008 0.061891 tcp 10.0.2.109 61439 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:25:16.576247 0.149405 tcp 10.0.2.109 61440 -> 195.113.214.249 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:25:16.726184 0.181812 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:16.811593 0.064485 tcp 10.0.2.109 61441 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:25:16.876410 0.061486 tcp 10.0.2.109 61442 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:25:16.887311 0.208216 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:16.938314 0.157009 tcp 10.0.2.109 61443 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:25:17.055155 0.108175 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:17.313504 3.003641 tcp 10.0.2.109 61444 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:25:17.333696 0.177311 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2581 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:17.508192 0.191953 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:17.691851 0.183002 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:17.927856 0.103895 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:17.994335 0.261808 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:18.253572 0.091875 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:18.408054 0.349963 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:18.754036 0.364628 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:25:26.315711 0.000000 tcp 10.0.2.109 61444 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:25:32.314988 0.060643 tcp 10.0.2.109 61445 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:25:32.375940 0.066010 tcp 10.0.2.109 61446 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:25:32.442447 0.152195 tcp 10.0.2.109 61447 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:25:32.605826 2.995757 tcp 10.0.2.109 61448 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:25:41.611169 0.000000 tcp 10.0.2.109 61448 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:25:47.606236 2.998109 tcp 10.0.2.109 61449 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:25:56.599081 0.000000 tcp 10.0.2.109 61449 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:29:12.774777 3.000572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 21:29:19.781449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:29:27.782852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:29:43.785365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:30:15.791729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:31:02.609699 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 21:31:02.609834 3.003602 tcp 10.0.2.109 61450 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:31:11.612039 0.000000 tcp 10.0.2.109 61450 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:31:17.612965 0.061692 tcp 10.0.2.109 61451 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:31:17.675196 0.063395 tcp 10.0.2.109 61452 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:31:17.738902 0.152479 tcp 10.0.2.109 61453 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:31:18.103436 3.002204 tcp 10.0.2.109 61454 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:31:27.104370 0.000000 tcp 10.0.2.109 61454 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:31:33.103611 0.062022 tcp 10.0.2.109 61455 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:31:33.165939 0.069288 tcp 10.0.2.109 61456 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:31:33.235097 0.246803 tcp 10.0.2.109 61457 -> 195.113.214.249 443 SRPA* 0 0 73 77634 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:31:33.560215 3.007787 tcp 10.0.2.109 61458 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:31:42.575931 0.000000 tcp 10.0.2.109 61458 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:31:48.554889 2.994603 tcp 10.0.2.109 61459 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:31:57.548154 0.000000 tcp 10.0.2.109 61459 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:36:19.797661 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 21:36:26.804958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:36:34.806641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:36:50.809814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:37:03.565978 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 21:37:03.566098 2.996027 tcp 10.0.2.109 61460 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:37:12.560687 0.000000 tcp 10.0.2.109 61460 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:37:19.126163 0.066209 tcp 10.0.2.109 61461 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:37:19.192700 0.064469 tcp 10.0.2.109 61462 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:37:19.257486 0.163107 tcp 10.0.2.109 61463 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:37:19.848951 2.967945 tcp 10.0.2.109 61464 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:37:23.327332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:37:28.740247 0.000000 tcp 10.0.2.109 61464 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:37:34.654569 0.061713 tcp 10.0.2.109 61465 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:37:34.716660 0.067029 tcp 10.0.2.109 61466 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:37:34.784057 0.151567 tcp 10.0.2.109 61467 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:37:35.084354 2.966366 tcp 10.0.2.109 61468 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:37:43.976605 0.000000 tcp 10.0.2.109 61468 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:37:49.890514 2.960076 tcp 10.0.2.109 61469 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:37:58.776977 0.000000 tcp 10.0.2.109 61469 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:43:04.718921 0.000236 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 21:43:04.743026 2.978517 tcp 10.0.2.109 61470 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:43:13.720460 0.000000 tcp 10.0.2.109 61470 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:43:19.720496 0.062139 tcp 10.0.2.109 61471 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:43:19.782881 0.096775 tcp 10.0.2.109 61472 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:43:19.879507 0.157291 tcp 10.0.2.109 61473 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:43:20.981033 3.003924 tcp 10.0.2.109 61474 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:43:26.822364 3.001105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 21:43:29.983627 0.000000 tcp 10.0.2.109 61474 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:43:33.829346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:43:35.982897 0.060516 tcp 10.0.2.109 61475 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:43:36.043711 0.065367 tcp 10.0.2.109 61476 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:43:36.109387 0.156283 tcp 10.0.2.109 61477 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:43:36.439316 3.007979 tcp 10.0.2.109 61478 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:43:41.830964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:43:45.445904 0.000000 tcp 10.0.2.109 61478 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:43:51.437792 2.990890 tcp 10.0.2.109 61479 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:43:57.836480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:44:00.439241 0.000000 tcp 10.0.2.109 61479 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:44:29.840575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:49:06.437960 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 21:49:06.438286 3.003460 tcp 10.0.2.109 61480 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:49:15.442956 0.000000 tcp 10.0.2.109 61480 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:49:21.440760 0.061983 tcp 10.0.2.109 61481 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:49:21.503003 0.061316 tcp 10.0.2.109 61482 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:49:21.564161 0.160049 tcp 10.0.2.109 61483 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:49:22.310971 3.003711 tcp 10.0.2.109 61484 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:49:31.312971 0.000000 tcp 10.0.2.109 61484 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:50:33.845693 3.029480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 21:50:40.863259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:50:48.864775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:51:04.867857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:51:36.873773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:55:33.454335 0.037231 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 21:55:33.491888 0.052453 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:33.902582 0.000000 udp 10.0.2.109 3683 -> 99.121.105.245 9979 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 21:55:37.329511 2.994329 tcp 10.0.2.109 61485 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:55:46.322438 0.000000 tcp 10.0.2.109 61485 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:55:49.518803 0.066418 tcp 10.0.2.109 61486 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:55:49.585470 0.068092 tcp 10.0.2.109 61487 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:55:49.653877 0.157461 tcp 10.0.2.109 61488 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:55:49.812010 0.058603 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2033 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:50.155088 0.070238 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:50.207163 0.111537 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:50.313988 0.132768 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:50.531494 0.050051 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:50.580110 0.081804 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:50.705281 0.173485 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:50.867047 0.231443 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:51.050351 0.291431 rtp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:51.305569 0.251433 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:51.520102 0.327746 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:51.889822 0.316172 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:52.300402 0.179079 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:52.326497 0.063946 tcp 10.0.2.109 61489 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:55:52.390756 0.061471 tcp 10.0.2.109 61490 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:55:52.452593 0.160663 tcp 10.0.2.109 61491 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/15 21:55:52.467585 0.182233 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:52.628128 0.208166 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:52.669849 2.997167 tcp 10.0.2.109 61492 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:55:52.794772 0.110503 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:52.964727 0.175956 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:53.137557 0.188316 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:53.318486 0.180223 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:53.693448 0.093724 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:53.750694 0.349517 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:54.096381 0.107249 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:54.183213 0.275307 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:55:54.645800 0.313912 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/15 21:56:01.664346 0.000000 tcp 10.0.2.109 61492 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 21:57:40.879562 3.001793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 21:57:47.887231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:57:55.890918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:58:11.891666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 21:58:43.897935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:01:07.665739 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 22:01:07.665852 2.992924 tcp 10.0.2.109 61493 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 22:01:16.667109 0.000000 tcp 10.0.2.109 61493 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 22:01:22.668193 0.064199 tcp 10.0.2.109 61494 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:01:22.732770 0.065987 tcp 10.0.2.109 61495 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:01:22.799084 0.155275 tcp 10.0.2.109 61496 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:01:22.972748 2.997795 tcp 10.0.2.109 61497 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 22:01:31.969336 0.000000 tcp 10.0.2.109 61497 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/15 22:01:37.968737 0.082401 tcp 10.0.2.109 61498 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:01:38.051497 0.063450 tcp 10.0.2.109 61499 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:01:38.114806 0.157317 tcp 10.0.2.109 61500 -> 195.113.214.249 443 SRPA* 0 0 35 16802 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:01:38.439779 0.562021 tcp 10.0.2.109 61501 -> 188.129.248.221 6410 FSPA* 0 0 14 1689 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:04:47.903662 3.001700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 22:04:54.911063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:05:02.912489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:05:18.915440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:05:50.921927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:11:54.927854 3.001424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 22:12:01.935259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:12:09.936603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:12:25.939571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:12:58.098702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:19:01.961720 3.001695 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 22:19:08.969280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:19:16.970676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:19:32.973431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:20:04.979637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:26:08.989257 2.997757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 22:26:14.441065 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 22:26:14.441258 0.053106 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:14.547468 0.056695 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:14.725505 0.068100 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:14.777819 0.111071 udp 10.0.2.109 3683 <-> 91.6.45.231 5333 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:14.973102 0.135601 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 5 1884 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:15.104067 0.081169 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:15.323816 0.079169 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:15.384018 0.151480 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:15.568395 0.147424 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:15.708118 0.331255 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:15.993096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:26:15.993562 0.243164 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:16.318341 0.346254 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:16.683305 0.315604 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:17.140368 0.173943 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:17.303327 0.182552 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:17.462581 0.174775 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:17.633223 0.197865 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:17.823575 0.212011 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:18.061120 0.112273 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:18.138862 0.181525 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:18.408768 0.285176 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:18.659453 0.352322 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:19.007858 0.107072 rtp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:19.211627 0.207431 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:19.415864 0.315196 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:26:23.994602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:26:39.997264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:27:12.003066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:31:39.013282 0.012687 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 22:31:39.026065 0.927909 tcp 10.0.2.109 61502 -> 188.129.248.221 6410 FSPA* 0 0 14 1532 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:33:16.009436 3.001750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 22:33:23.064251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:33:31.028480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:33:47.031600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:34:19.037539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:40:23.043244 3.003608 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 22:40:30.050958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:40:38.052695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:40:54.055249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:41:26.061567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:47:30.067914 3.189812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 22:47:37.225089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:47:45.150061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:48:01.093383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:48:33.095448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:55:27.106255 2.999164 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 22:55:34.110967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:55:42.112512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:55:58.115519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:56:24.854127 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 22:56:24.854253 0.066683 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:24.904059 0.053543 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:25.010660 0.057067 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:25.130872 0.000000 udp 10.0.2.109 3683 -> 91.6.45.231 5333 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 22:56:30.121349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 22:56:41.049424 0.066600 tcp 10.0.2.109 61503 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:56:41.116319 0.066087 tcp 10.0.2.109 61504 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:56:41.182667 0.171339 tcp 10.0.2.109 61505 -> 195.113.214.249 443 SRPA* 0 0 35 24386 flow=From-Botnet-V1-TCP-Established 1970/02/15 22:56:41.354778 0.130532 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:41.477608 0.050088 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:41.610386 0.079453 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:41.669664 0.150830 rtp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:41.782449 0.147823 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:41.922891 0.325738 rtp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:42.335877 0.772903 rtp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:43.061569 0.247512 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:43.272784 0.316316 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:43.742955 0.204674 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:43.935666 0.184690 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:44.098945 0.209694 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:44.305104 0.192238 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:44.489354 0.183278 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:44.649716 0.131840 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:44.797092 0.206417 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:44.962361 0.108204 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:45.078714 0.207636 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:45.282754 0.297390 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:45.591168 0.354808 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/15 22:56:45.941797 0.104576 rtp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:01:39.957593 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:01:39.957707 0.518700 tcp 10.0.2.109 61506 -> 188.129.248.221 6410 FSPA* 0 0 14 1732 flow=From-Botnet-V1-TCP-Established 1970/02/15 23:02:34.128339 3.000873 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 23:02:41.134839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:02:49.136038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:03:05.139261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:03:37.145514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:09:41.151850 3.001153 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 23:09:48.158884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:09:56.159820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:10:12.163151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:10:44.169292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:16:48.177291 2.999699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 23:16:55.182726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:17:03.184148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:17:19.187565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:17:51.194799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:23:55.210450 3.000590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 23:24:02.216745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:24:10.218620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:24:26.226742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:24:58.238144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:26:56.557755 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:26:56.557867 0.000000 udp 10.0.2.109 3683 -> 91.6.45.231 5333 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:27:14.164462 0.064972 tcp 10.0.2.109 61507 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 23:27:14.229832 0.062644 tcp 10.0.2.109 61508 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 23:27:14.292774 0.158244 tcp 10.0.2.109 61509 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/15 23:27:14.451984 0.070814 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:14.505899 0.051765 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:14.752070 0.057162 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:14.970899 0.135780 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:15.097628 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:27:31.508340 0.063006 tcp 10.0.2.109 61510 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/15 23:27:31.571672 0.063304 tcp 10.0.2.109 61511 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/15 23:27:31.635264 0.152716 tcp 10.0.2.109 61512 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/15 23:27:31.788553 0.081258 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:31.849196 0.153547 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:31.963811 0.147612 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:32.174201 0.351552 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:32.570802 0.229507 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:32.753017 0.245381 rtp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:33.069715 0.316258 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:33.454016 0.170575 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:33.613653 0.184125 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:33.775590 0.239792 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:34.012555 0.192963 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:34.193581 0.181756 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:34.479415 0.243083 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:34.684107 0.205730 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:34.856553 0.302353 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:35.221665 0.353651 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:35.571461 0.108477 rtp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:35.796727 0.205127 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:35.999005 0.100127 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:36.153180 0.097098 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3108 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:36.248144 0.247199 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 8 3317 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:36.608058 0.100751 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 2883 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:36.970834 0.203834 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 2764 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:37.160002 0.290891 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 8 2711 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:37.442635 0.146219 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 8 2857 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:37.572165 0.331001 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 8 3047 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:37.865746 0.746046 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 3290 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:38.715847 0.409948 udp 10.0.2.109 3683 <-> 99.104.18.79 9785 CON 0 0 8 3103 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:39.080390 0.286362 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 2981 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:39.358471 0.692561 udp 10.0.2.109 3683 <-> 75.48.14.191 8955 CON 0 0 8 3112 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:40.016394 0.633346 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 2982 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:40.931110 0.331526 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 8 3094 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:41.251192 0.342028 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 8 3211 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:41.567382 0.367557 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 2923 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:41.927502 0.415893 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 2748 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:42.320989 1.036780 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 8 3202 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:43.161661 0.993810 udp 10.0.2.109 3683 <-> 50.36.29.221 6860 CON 0 0 8 2947 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:44.113559 0.369151 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3045 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:44.479617 0.604689 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 8 3242 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:45.250192 0.702199 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3177 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:45.948708 0.434683 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 8 3000 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:46.349556 0.379645 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 8 3047 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:46.686283 0.406106 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 8 2904 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:47.091770 0.619489 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 8 3151 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:47.783837 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:27:52.938776 0.648726 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 8 2926 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:53.709738 0.098125 rtp 10.0.2.109 3683 <-> 84.130.216.4 8279 CON 0 0 8 3175 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:27:53.923786 0.000000 udp 10.0.2.109 3683 -> 61.195.130.230 3327 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:27:59.488634 0.000000 udp 10.0.2.109 3683 -> 77.183.26.57 3056 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:28:07.249265 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:28:12.766981 0.186811 udp 10.0.2.109 3683 -> 186.6.53.150 2209 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:28:12.953792 0.000000 icmp 186.6.53.150 0x0303 -> 10.0.2.109 0xa108 URP 192 1 179 flow=Background 1970/02/15 23:28:17.373640 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:28:18.585599 0.000000 udp 10.0.2.109 3683 -> 78.14.126.169 7760 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:28:25.565502 0.000000 udp 10.0.2.109 3683 -> 175.136.186.198 2657 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:28:31.844673 0.000000 udp 10.0.2.109 3683 -> 99.229.220.238 5088 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:28:38.063329 0.181252 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 8 2985 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:28:38.301310 0.000000 udp 10.0.2.109 3683 -> 79.30.205.75 4621 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:28:47.166773 0.658599 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 8 3108 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:28:48.143733 0.000000 udp 10.0.2.109 3683 -> 78.182.13.248 8813 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:28:54.867689 0.312809 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3184 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:28:55.339675 0.000000 udp 10.0.2.109 3683 -> 98.232.128.86 7636 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:29:01.066599 0.000000 udp 10.0.2.109 3683 -> 68.38.250.72 6995 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:29:06.084565 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:29:08.037031 0.122116 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 8 3068 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:29:08.272182 0.266070 udp 10.0.2.109 3683 <-> 184.174.186.115 2016 CON 0 0 8 3231 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:29:08.575045 0.000000 udp 10.0.2.109 3683 -> 212.95.252.147 6485 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:29:14.881804 0.000000 udp 10.0.2.109 3683 -> 171.98.109.81 7048 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:29:21.075581 0.000000 udp 10.0.2.109 3683 -> 180.196.200.107 1212 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:29:28.269425 0.000000 udp 10.0.2.109 3683 -> 80.111.142.169 1551 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:29:33.815156 0.000000 udp 10.0.2.109 3683 -> 80.18.170.11 1253 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:29:42.559567 0.515981 udp 10.0.2.109 3683 <-> 103.250.166.35 1182 CON 0 0 8 3161 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:29:43.346801 0.293274 udp 10.0.2.109 3683 <-> 41.107.108.167 5159 CON 0 0 8 2870 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:29:43.631925 0.668642 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 8 3110 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:29:44.282619 0.000000 udp 10.0.2.109 3683 -> 182.178.210.120 5063 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:29:51.142796 0.000000 udp 10.0.2.109 3683 -> 173.210.170.60 3227 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:29:55.864978 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:29:57.948546 0.000000 udp 10.0.2.109 3683 -> 106.68.135.190 1986 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:30:06.099937 0.000000 udp 10.0.2.109 3683 -> 58.161.81.20 4974 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:30:12.649547 0.000000 udp 10.0.2.109 3683 -> 68.147.254.49 4118 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:30:21.041576 0.000000 udp 10.0.2.109 3683 -> 192.95.201.33 6347 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:30:27.891691 0.000000 udp 10.0.2.109 3683 -> 82.158.185.30 5204 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:30:33.009091 0.000000 udp 10.0.2.109 3683 -> 124.121.37.85 5867 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:30:41.776431 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:30:46.392067 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:30:47.105961 0.171713 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 8 3223 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:30:47.330362 0.000000 udp 10.0.2.109 3683 -> 123.201.182.131 7467 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:30:53.186457 0.000000 udp 10.0.2.109 3683 -> 78.175.224.61 6598 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:30:58.235868 0.000000 udp 10.0.2.109 3683 -> 173.178.5.157 8704 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:31:02.571428 2.964575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 23:31:05.977079 1.099136 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 8 2919 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:31:07.136359 1.007054 rtp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 8 2866 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:31:08.265210 0.654027 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 8 3110 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:31:09.045385 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:31:10.262218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:31:16.204014 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:31:18.164279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:31:25.086766 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:31:31.136673 0.000000 udp 10.0.2.109 3683 -> 119.206.147.229 6974 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:31:34.432541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:31:36.514015 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:31:38.436354 0.368654 rtp 10.0.2.109 3683 <-> 70.140.148.90 5456 CON 0 0 8 2886 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:31:39.146307 0.316109 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 8 2958 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:31:39.773593 0.303577 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 8 2945 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:31:40.147304 0.109544 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 8 3252 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:31:40.373728 0.000000 udp 10.0.2.109 3683 -> 82.107.59.118 5881 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:31:41.562923 0.677744 tcp 10.0.2.109 61513 -> 188.129.248.221 6410 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/02/15 23:31:48.246471 0.232253 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 8 2973 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:31:48.686017 0.000000 udp 10.0.2.109 3683 -> 87.101.230.38 4338 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:31:57.035777 0.000000 udp 10.0.2.109 3683 -> 200.68.92.93 7661 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:32:05.555794 0.000000 udp 10.0.2.109 3683 -> 86.98.88.116 4997 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:32:06.061961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:32:13.958735 0.000000 udp 10.0.2.109 3683 -> 64.79.228.174 9965 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:32:19.863964 0.000000 udp 10.0.2.109 3683 -> 67.189.254.48 5944 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:32:26.640262 0.362722 udp 10.0.2.109 3683 -> 59.99.230.180 1024 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:32:27.002984 0.000000 icmp 59.99.230.180 0x0303 -> 10.0.2.109 0x0004 URP 192 1 309 flow=Background 1970/02/15 23:32:31.355193 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:32:34.206600 0.000000 udp 10.0.2.109 3683 -> 121.15.251.110 1054 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:32:39.519225 0.000000 udp 10.0.2.109 3683 -> 168.187.105.58 6485 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:32:46.582193 0.000000 udp 10.0.2.109 3683 -> 67.84.186.161 6706 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:32:52.019448 0.000000 udp 10.0.2.109 3683 -> 79.31.160.54 5940 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:33:00.746993 0.000000 udp 10.0.2.109 3683 -> 78.168.247.25 3487 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:33:07.939360 0.000000 udp 10.0.2.109 3683 -> 184.249.153.93 4364 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:33:13.429851 0.000000 udp 10.0.2.109 3683 -> 190.16.232.27 2816 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:33:18.369082 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:33:21.901819 0.000000 udp 10.0.2.109 3683 -> 222.14.15.158 2026 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:33:30.273743 0.000000 udp 10.0.2.109 3683 -> 82.71.47.191 4481 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:33:37.003207 0.653780 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 8 3132 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:33:37.725962 0.000000 udp 10.0.2.109 3683 -> 174.56.161.184 2910 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:33:44.898962 0.000000 udp 10.0.2.109 3683 -> 88.254.175.201 7999 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:33:52.655846 0.000000 udp 10.0.2.109 3683 -> 165.228.7.192 3101 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:34:00.126452 0.301841 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 8 3043 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:34:00.682079 0.446676 udp 10.0.2.109 3683 <-> 108.200.92.71 9785 CON 0 0 8 2965 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:34:01.374684 0.335637 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 8 3046 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:34:01.871874 0.247090 udp 10.0.2.109 3683 -> 212.76.77.154 9349 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:34:02.118964 0.000000 icmp 212.76.77.154 0x0303 -> 10.0.2.109 0x8524 URP 192 1 231 flow=Background 1970/02/15 23:34:04.873746 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:34:08.458616 0.000000 udp 10.0.2.109 3683 -> 86.184.26.157 3457 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:34:17.011235 0.000000 udp 10.0.2.109 3683 -> 66.196.254.2 3248 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:34:23.720306 0.000000 udp 10.0.2.109 3683 -> 139.0.152.236 5691 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:34:32.549066 0.000000 udp 10.0.2.109 3683 -> 79.12.79.23 8612 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:34:39.463242 0.000000 udp 10.0.2.109 3683 -> 79.39.40.200 8782 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:34:46.955468 0.000000 udp 10.0.2.109 3683 -> 125.113.190.214 6339 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:34:51.870678 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:34:52.791602 0.000000 udp 10.0.2.109 3683 -> 24.46.197.224 6760 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:34:58.209972 0.000000 udp 10.0.2.109 3683 -> 5.64.19.166 6197 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:35:04.639316 0.000000 udp 10.0.2.109 3683 -> 95.224.196.48 6213 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:35:12.410821 0.000000 udp 10.0.2.109 3683 -> 71.163.17.43 9515 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:35:19.220301 0.000000 udp 10.0.2.109 3683 -> 77.30.214.20 9237 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:35:27.736683 0.151806 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 8 3049 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:35:28.044288 0.000000 udp 10.0.2.109 3683 -> 186.45.159.223 5528 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:35:34.232945 0.000000 udp 10.0.2.109 3683 -> 24.103.43.148 8633 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:35:38.868072 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:35:41.362081 0.000000 udp 10.0.2.109 3683 -> 5.82.125.139 4024 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:35:50.345058 0.121499 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 8 3001 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:35:50.505214 0.000000 udp 10.0.2.109 3683 -> 124.82.91.5 4097 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:35:57.695590 0.183629 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 8 3198 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:35:58.355840 0.000000 udp 10.0.2.109 3683 -> 59.181.139.172 7763 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:36:06.310136 0.000000 udp 10.0.2.109 3683 -> 82.147.66.13 3871 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:36:14.650119 0.000000 udp 10.0.2.109 3683 -> 24.182.84.106 4253 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:36:23.362717 0.000000 udp 10.0.2.109 3683 -> 86.24.83.235 8776 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:36:27.868545 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:36:31.714746 0.000000 udp 10.0.2.109 3683 -> 37.6.177.27 7771 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:36:39.195307 0.133756 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 846 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:36:39.558860 0.000000 udp 10.0.2.109 3683 -> 24.86.105.114 5113 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:36:48.368359 0.000000 udp 10.0.2.109 3683 -> 74.88.222.223 2802 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:36:55.308956 0.215529 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 793 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:36:55.540093 0.000000 udp 10.0.2.109 3683 -> 46.230.72.6 3002 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:37:02.199936 0.000000 udp 10.0.2.109 3683 -> 83.216.168.130 5798 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:37:08.607558 0.126662 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 657 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:37:08.932064 0.000000 udp 10.0.2.109 3683 -> 72.186.109.190 8000 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:37:13.374566 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:37:17.249965 0.000000 udp 10.0.2.109 3683 -> 5.98.103.145 8115 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:37:25.121362 0.000000 udp 10.0.2.109 3683 -> 83.183.11.16 5794 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:37:33.563425 0.379263 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 784 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:37:34.133843 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:37:39.401986 0.000000 udp 10.0.2.109 3683 -> 212.18.43.213 4375 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:37:47.423260 0.000000 udp 10.0.2.109 3683 -> 173.65.167.130 9096 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:37:54.453603 0.000000 udp 10.0.2.109 3683 -> 78.241.206.7 2100 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:37:59.370374 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:38:02.084742 0.108518 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 833 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:38:02.204601 0.000000 udp 10.0.2.109 3683 -> 193.252.108.72 8737 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:38:08.533966 0.394609 udp 10.0.2.109 3683 <-> 116.15.76.97 8943 CON 0 0 2 699 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:38:09.137303 0.000000 udp 10.0.2.109 3683 -> 27.4.114.1 4285 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:38:09.267281 3.001480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/15 23:38:14.632457 0.174542 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 786 flow=From-Botnet-V1-UDP-Established 1970/02/15 23:38:15.013913 0.000000 udp 10.0.2.109 3683 -> 96.57.185.82 5650 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:38:16.274329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:38:21.472086 0.000000 udp 10.0.2.109 3683 -> 79.4.136.148 7000 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:38:24.275565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:38:28.202321 0.000000 udp 10.0.2.109 3683 -> 61.244.7.74 8015 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:38:34.871736 0.000000 udp 10.0.2.109 3683 -> 58.7.3.231 2105 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:38:40.008906 0.000000 udp 10.0.2.109 3683 -> 71.13.33.63 1717 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:38:40.279065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:38:44.865526 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/15 23:38:47.529717 0.000000 udp 10.0.2.109 3683 -> 77.48.26.84 7407 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/15 23:39:12.285151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:45:16.291479 3.001506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 23:45:23.298717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:45:31.300412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:45:47.303221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:46:19.308939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:54:20.329572 2.995510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/15 23:54:27.330945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:54:35.332653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:54:51.335598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/15 23:55:23.351459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:01:27.357489 3.001612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 00:01:34.364719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:01:41.165751 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 00:01:41.165863 0.503767 tcp 10.0.2.109 61514 -> 188.129.248.221 6410 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:01:42.366724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:01:58.369373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:02:30.375263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:08:34.382105 3.003939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 00:08:41.388824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:08:49.390488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:09:05.393234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:09:21.397028 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 00:09:21.397137 0.050052 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:21.447619 0.041458 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:21.489442 0.055367 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:21.545179 0.052491 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:21.598097 0.125645 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:21.724139 0.056067 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:21.780646 0.103501 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:21.884525 0.136826 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:22.021760 0.314492 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:22.336660 0.163174 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:22.500234 0.187284 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:22.687940 0.353240 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:23.041543 0.169797 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:23.211734 0.348106 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:23.560286 0.316847 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:23.877490 0.057592 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:23.935447 0.216172 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:24.152012 0.304185 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:24.456585 0.046945 udp 10.0.2.109 3683 <-> 84.130.216.4 8279 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:24.503890 0.345402 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:24.849667 0.066647 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:24.916687 0.330170 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:25.247275 0.140404 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:25.388068 0.052669 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:25.441217 0.000000 udp 10.0.2.109 3683 -> 184.174.186.115 2016 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 00:09:37.399366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:09:40.585873 0.070963 tcp 10.0.2.109 61515 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:09:40.657176 0.067107 tcp 10.0.2.109 61516 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:09:40.724574 0.152808 tcp 10.0.2.109 61517 -> 195.113.214.249 443 SRPA* 0 0 31 22144 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:09:40.878393 0.318698 udp 10.0.2.109 3683 <-> 103.250.166.35 1182 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:41.197470 0.125783 udp 10.0.2.109 3683 <-> 41.107.108.167 5159 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:41.323714 0.261496 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:41.585571 0.086326 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:41.672271 0.140427 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:41.813101 0.296676 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:42.110206 0.900614 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:43.011348 0.182856 udp 10.0.2.109 3683 <-> 70.140.148.90 5456 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:43.194631 0.144419 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:43.339385 0.151732 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:43.491655 0.055658 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:43.547724 0.094437 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:43.642617 0.325797 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:43.968888 0.149040 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:44.118732 0.165017 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:44.307385 0.070969 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:44.378744 0.054182 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:44.433307 0.103544 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:44.537263 0.133104 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:44.670734 0.212112 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:44.883259 0.113994 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:44.997685 0.387123 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:45.385216 0.086277 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:45.471970 0.474662 udp 10.0.2.109 3683 <-> 116.15.76.97 8943 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:09:45.947006 0.174936 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:15:41.405546 3.245197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 00:15:48.624730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:15:56.663983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:16:12.510811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:16:44.443357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:22:48.449823 3.001016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 00:22:55.456728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:23:03.458179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:23:19.461273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:23:51.467303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:29:55.484683 3.000220 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 00:30:02.490735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:30:10.492119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:30:26.495159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:30:58.501273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:31:41.673716 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 00:31:41.673813 0.472677 tcp 10.0.2.109 61518 -> 188.129.248.221 6410 FSPA* 0 0 14 1531 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:37:02.507098 3.001898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 00:37:09.514464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:37:17.516072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:37:33.637522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:38:05.535240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:39:54.251633 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 00:39:54.251733 0.131206 udp 10.0.2.109 3683 <-> 184.174.186.115 2016 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:54.383349 0.041224 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:54.424966 0.056572 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:54.482024 0.054606 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:54.537024 0.122993 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:54.660386 0.056027 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:54.716782 0.111014 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:54.828234 0.050235 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:54.878906 0.178619 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:55.057968 0.144338 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:55.202783 0.315563 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:55.518769 0.162788 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:55.681949 0.883615 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:56.566026 0.348545 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:56.914967 0.320455 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:57.235832 0.060695 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:57.296930 0.164549 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:57.461895 0.327141 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:57.789459 0.072709 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:57.862578 0.364259 udp 10.0.2.109 3683 <-> 76.14.99.90 6905 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:58.227242 0.305595 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:58.533228 0.041175 udp 10.0.2.109 3683 <-> 84.130.216.4 8279 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:58.574790 0.141600 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:58.716747 0.327968 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:59.045174 0.051836 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:59.097510 0.240491 udp 10.0.2.109 3683 <-> 103.250.166.35 1182 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:39:59.491230 0.000000 udp 10.0.2.109 3683 -> 41.107.108.167 5159 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 00:40:16.545328 0.064785 tcp 10.0.2.109 61519 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:40:16.610376 0.064938 tcp 10.0.2.109 61520 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:40:16.675597 0.185269 tcp 10.0.2.109 61521 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:40:16.861549 0.428494 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:17.290472 0.075216 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:17.366119 0.140148 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:17.506642 0.321561 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:17.828665 0.143021 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:17.972096 0.149947 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:18.122501 0.053311 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:18.176222 0.094738 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:18.271317 0.324545 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:18.596263 0.474361 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:19.070997 0.000000 udp 10.0.2.109 3683 -> 70.140.148.90 5456 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 00:40:36.943402 0.063685 tcp 10.0.2.109 61522 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:40:37.007422 0.067301 tcp 10.0.2.109 61523 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:40:37.075026 0.154861 tcp 10.0.2.109 61524 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:40:37.230579 0.149263 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:37.380218 0.165557 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:37.546266 0.074784 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:37.621461 0.053394 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:37.675284 0.073662 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:37.749349 0.132127 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:37.881848 0.213879 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:38.096126 0.080000 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:38.176518 0.000000 udp 10.0.2.109 3683 -> 116.15.76.97 8943 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 00:40:53.326999 0.061723 tcp 10.0.2.109 61525 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:40:53.389026 0.064795 tcp 10.0.2.109 61526 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:40:53.454246 0.158150 tcp 10.0.2.109 61527 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 00:40:53.612897 0.113842 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:53.727151 0.385204 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:40:54.112755 0.175771 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/16 00:44:09.541336 3.001243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 00:44:16.548899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:44:24.550120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:44:40.553330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:45:12.559181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:53:36.566285 3.001741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 00:53:43.573914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:53:51.575088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:54:07.580545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 00:54:39.584151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:00:43.590850 3.000969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 01:00:50.597775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:00:58.604683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:01:14.602373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:01:42.152562 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 01:01:42.152640 0.530263 tcp 10.0.2.109 61528 -> 188.129.248.221 6410 FSPA* 0 0 14 1539 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:01:46.608366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:07:50.731847 2.994551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 01:07:57.732210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:08:05.736022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:08:21.736121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:08:53.742595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:11:24.159155 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 01:11:24.159258 0.000000 udp 10.0.2.109 3683 -> 41.107.108.167 5159 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:11:39.722586 0.068985 tcp 10.0.2.109 61529 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:11:39.791789 0.066147 tcp 10.0.2.109 61530 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:11:39.858368 0.141053 tcp 10.0.2.109 61531 -> 195.113.214.249 443 SRPA* 0 0 34 24770 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:11:39.999966 0.000000 udp 10.0.2.109 3683 -> 70.140.148.90 5456 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:11:57.146615 0.192543 tcp 10.0.2.109 61532 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:11:57.339489 0.070198 tcp 10.0.2.109 61533 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:11:57.410023 0.190394 tcp 10.0.2.109 61534 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:11:57.601028 0.469508 udp 10.0.2.109 3683 <-> 116.15.76.97 8943 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.070926 0.126017 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.197411 0.041566 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.239336 0.110390 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.350297 0.050095 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.400763 0.054478 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.455640 0.059430 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.515462 0.055665 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.571566 0.131432 udp 10.0.2.109 3683 <-> 184.174.186.115 2016 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.703389 0.160211 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:58.863990 0.177656 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:59.042060 0.137087 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:59.179567 0.313549 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:59.559167 0.053198 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:59.612832 0.343003 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:11:59.956227 0.354923 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:00.311518 0.296957 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:00.608877 0.175217 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:00.784441 0.055146 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:00.840002 0.066576 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:00.906988 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:12:16.174183 0.059801 tcp 10.0.2.109 61535 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:12:16.234299 0.067470 tcp 10.0.2.109 61536 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:12:16.302231 0.164322 tcp 10.0.2.109 61537 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:12:16.467063 0.000000 udp 10.0.2.109 3683 -> 76.14.99.90 6905 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:12:31.477454 0.061548 tcp 10.0.2.109 61538 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:12:31.539317 0.062649 tcp 10.0.2.109 61539 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:12:31.602468 0.165673 tcp 10.0.2.109 61540 -> 195.113.214.249 443 SRPA* 0 0 21 13072 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:12:31.768827 0.041858 udp 10.0.2.109 3683 <-> 84.130.216.4 8279 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:31.811052 0.143664 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:31.955137 0.050694 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:32.006284 0.326252 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:32.539152 0.315253 udp 10.0.2.109 3683 <-> 103.250.166.35 1182 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:32.854804 0.140574 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:32.995740 0.370173 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:33.366433 0.143272 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:33.510413 0.100429 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:33.611278 0.252185 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:33.863811 0.332243 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:34.196425 0.055024 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:34.251875 0.149490 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:34.401772 0.095915 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:34.498114 0.380516 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:34.879021 0.000000 udp 10.0.2.109 3683 -> 46.72.160.4 6799 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:12:53.227690 0.061762 tcp 10.0.2.109 61541 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:12:53.289820 0.126199 tcp 10.0.2.109 61542 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:12:53.415727 0.164383 tcp 10.0.2.109 61543 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:12:53.580644 0.052546 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:53.633626 0.093723 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:53.727767 0.132052 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:53.860206 0.165125 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:54.025780 0.148055 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:54.174367 0.084660 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:54.259465 0.213738 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:54.473665 0.138719 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:54.612829 0.385178 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:12:54.998558 0.169707 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:14:57.748006 3.001541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 01:15:04.755936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:15:12.757628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:15:28.760659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:16:00.766375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:22:04.772700 3.001762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 01:22:11.786961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:22:19.781409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:22:35.784403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:23:07.789902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:29:11.796614 3.001746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 01:29:18.804121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:29:26.805546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:29:42.808369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:30:14.824612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:31:42.791464 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 01:31:42.791570 0.729612 tcp 10.0.2.109 61544 -> 188.129.248.221 6410 FSPA* 0 0 14 1734 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:36:18.830123 3.231554 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 01:36:26.027462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:36:33.958424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:36:49.852563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:37:21.858823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:43:04.160838 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 01:43:04.160957 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:43:21.717660 0.070779 tcp 10.0.2.109 61545 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:43:21.788723 0.064261 tcp 10.0.2.109 61546 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:43:21.853293 0.169401 tcp 10.0.2.109 61547 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:43:22.023265 0.000000 udp 10.0.2.109 3683 -> 76.14.99.90 6905 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:43:25.865052 3.001272 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 01:43:32.871489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:43:40.483413 0.060333 tcp 10.0.2.109 61548 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:43:40.543995 0.067140 tcp 10.0.2.109 61549 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:43:40.611435 0.161979 tcp 10.0.2.109 61550 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:43:40.774171 0.070731 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:43:40.845287 0.000000 udp 10.0.2.109 3683 -> 116.15.76.97 8943 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:43:40.874046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:43:56.876180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:43:57.878498 0.063831 tcp 10.0.2.109 61551 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:43:57.942698 0.062773 tcp 10.0.2.109 61552 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:43:58.005821 0.157106 tcp 10.0.2.109 61553 -> 195.113.214.249 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:43:58.161416 0.051140 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:43:58.212984 0.051999 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:43:58.265375 0.064921 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:43:58.330661 0.053644 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:43:58.384672 0.000000 udp 10.0.2.109 3683 -> 184.174.186.115 2016 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:44:13.780916 0.060342 tcp 10.0.2.109 61554 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:44:13.841513 0.065706 tcp 10.0.2.109 61555 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:44:13.907496 0.158749 tcp 10.0.2.109 61556 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:44:14.066841 0.157320 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:14.224649 0.183974 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:14.409018 0.044089 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:14.453516 0.121995 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:14.575896 0.126119 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:14.702425 0.313585 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:15.016390 0.180896 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:15.197665 0.365726 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:15.563748 0.189666 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:15.753759 0.073781 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:15.827899 0.202202 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:16.030520 0.294262 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:16.325153 0.322637 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:16.648135 0.062635 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:16.711190 0.052562 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:16.764154 0.139521 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:16.904083 0.045624 udp 10.0.2.109 3683 <-> 84.130.216.4 8279 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:16.950268 0.141964 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:17.092599 0.318705 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:17.411686 0.000000 udp 10.0.2.109 3683 -> 103.250.166.35 1182 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 01:44:28.882636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:44:33.830329 0.060641 tcp 10.0.2.109 61557 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:44:33.891254 0.064886 tcp 10.0.2.109 61558 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:44:33.956505 0.161911 tcp 10.0.2.109 61559 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/16 01:44:34.119034 0.104204 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:34.223626 0.303312 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:34.527359 0.413246 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:34.941088 0.145907 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:35.087359 0.148724 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:35.236437 0.093854 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:35.330698 0.382864 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:35.714035 0.053916 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:35.768355 0.331427 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:36.100260 0.076441 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:36.177150 0.130481 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:36.308003 0.166005 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:36.474500 0.056303 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:36.531181 0.089364 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:36.620967 0.218860 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:36.840161 0.126249 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:36.966813 0.376995 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:37.344210 0.148252 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:44:37.492895 0.170928 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/16 01:50:32.888884 3.082547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 01:50:39.941348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:50:47.907287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:51:03.910505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:51:35.916722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:57:39.932898 2.990838 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 01:57:46.929576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:57:54.931354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:58:10.934364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 01:58:42.940417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:01:43.520690 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 02:01:43.520844 0.485771 tcp 10.0.2.109 61560 -> 188.129.248.221 6410 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:04:46.946892 3.001261 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 02:04:53.953760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:05:01.955084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:05:17.958290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:05:49.963976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:11:53.971182 3.000731 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 02:12:00.977676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:12:08.979289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:12:24.982266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:12:56.988487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:14:52.394449 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 02:14:52.394603 0.913460 udp 10.0.2.109 3683 <-> 116.15.76.97 8943 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:14:53.308554 0.133238 udp 10.0.2.109 3683 <-> 184.174.186.115 2016 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:14:53.442469 0.000000 udp 10.0.2.109 3683 -> 103.250.166.35 1182 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 02:15:09.290402 0.079715 tcp 10.0.2.109 61561 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:15:09.370418 0.061852 tcp 10.0.2.109 61562 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:15:09.432554 0.164802 tcp 10.0.2.109 61563 -> 195.113.214.249 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:15:09.597918 0.084551 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:09.682871 0.053598 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:09.736923 0.052746 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:09.790073 0.049740 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:09.840199 0.074886 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:09.915476 0.043794 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:09.959683 0.123215 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:10.083314 0.110624 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:10.194503 0.190570 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:10.385488 0.159071 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:10.544936 0.314984 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:10.860311 0.409421 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:11.270230 0.074261 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:11.344922 0.168609 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:11.513924 0.354919 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:11.869212 0.190765 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:12.060375 0.059324 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:12.120090 0.055522 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:12.176018 0.141359 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:12.317825 0.041104 udp 10.0.2.109 3683 <-> 84.130.216.4 8279 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:12.359325 0.317303 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:12.677011 0.318785 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:12.996155 0.330961 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:13.327523 0.136937 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:13.464919 0.315677 rtcp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:13.840791 0.078916 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:13.920173 0.239024 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:14.159612 0.144952 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:14.304968 0.149032 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:14.454498 0.092109 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:14.546959 0.368320 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:14.915642 0.054793 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:14.970814 0.330715 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:15.301898 0.079857 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:15.382274 0.130475 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:15.513189 0.169359 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:15.682916 0.053486 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:15.736789 0.093602 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:15.830831 0.215177 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:16.046420 0.114036 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:16.160866 0.171291 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:16.332599 0.384994 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:15:16.718009 0.150071 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:19:00.994402 3.001444 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 02:19:08.004581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:19:16.002911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:19:32.006549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:20:04.011984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:26:08.018569 3.001488 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 02:26:15.025199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:26:23.027062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:26:39.030617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:27:11.036070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:31:44.008638 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 02:31:44.008717 0.656382 tcp 10.0.2.109 61564 -> 188.129.248.221 6410 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:33:15.056147 2.997648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 02:33:22.060735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:33:30.061286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:33:46.064231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:34:18.070123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:40:22.075789 3.002117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 02:40:29.083645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:40:37.085058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:40:53.088030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:41:25.105643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:45:35.574622 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 02:45:35.574731 0.000000 udp 10.0.2.109 3683 -> 116.15.76.97 8943 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 02:45:51.418811 0.082280 tcp 10.0.2.109 61565 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:45:51.501345 0.069541 tcp 10.0.2.109 61566 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:45:51.571246 0.159588 tcp 10.0.2.109 61567 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:45:51.731557 0.000000 udp 10.0.2.109 3683 -> 184.174.186.115 2016 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 02:46:08.442472 0.062170 tcp 10.0.2.109 61568 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:46:08.504917 0.068062 tcp 10.0.2.109 61569 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:46:08.573313 0.166505 tcp 10.0.2.109 61570 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:46:08.740487 0.075165 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:08.816066 0.055360 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:08.871840 0.054721 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:08.926989 0.049704 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:08.977189 0.057579 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:09.035164 0.047808 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:09.083366 0.127341 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:09.211141 0.115581 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:09.327115 0.269950 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:09.597476 0.158763 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:09.756634 0.316659 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:10.073759 0.164171 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:10.238352 0.347542 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:10.586296 0.144708 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:10.731410 0.193576 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:10.925420 0.074350 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:11.000166 0.059969 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:11.060507 0.049938 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:11.110811 0.140223 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:11.251480 0.041441 udp 10.0.2.109 3683 <-> 84.130.216.4 8279 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:11.293373 0.356391 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:11.650162 0.311021 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:11.961580 0.301384 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:12.263331 0.075284 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:12.339076 0.322847 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:12.662352 0.150504 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:12.813275 0.260387 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:13.074255 0.144426 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:13.219063 0.147489 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:13.366936 0.098504 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:13.465925 0.371527 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:13.837892 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 02:46:29.902795 0.065149 tcp 10.0.2.109 61571 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:46:29.968225 0.063124 tcp 10.0.2.109 61572 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:46:30.031644 0.147632 tcp 10.0.2.109 61573 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 02:46:30.179800 0.325747 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:30.505952 0.074397 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:30.580721 0.132180 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:30.713257 0.165852 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:30.879462 0.052552 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:30.932408 0.087371 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:31.020127 0.211805 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:31.232350 0.374503 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:31.607318 0.149218 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:31.756955 0.114062 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:46:31.871486 0.171017 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/16 02:47:29.110306 3.001454 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 02:47:36.117399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:47:44.119112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:48:00.122041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:48:32.128192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:55:25.134372 3.002360 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 02:55:32.141985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:55:40.144707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:55:56.146632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 02:56:28.152482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:01:44.668093 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 03:01:44.668195 0.496125 tcp 10.0.2.109 61574 -> 188.129.248.221 6410 FSPA* 0 0 14 1646 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:02:32.158499 3.001898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 03:02:39.165879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:02:47.167422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:03:03.174571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:03:35.176739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:09:39.182607 3.001906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 03:09:46.189785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:09:54.191470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:10:10.194377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:10:42.200840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:16:46.206985 3.148936 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 03:16:53.329936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:16:58.861623 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 03:16:58.861816 0.787585 udp 10.0.2.109 3683 <-> 116.15.76.97 8943 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:16:59.649832 0.000000 udp 10.0.2.109 3683 -> 184.174.186.115 2016 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 03:17:01.264346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:17:16.940084 0.063692 tcp 10.0.2.109 61575 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:17:17.004066 0.061655 tcp 10.0.2.109 61576 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:17:17.065993 0.164886 tcp 10.0.2.109 61577 -> 195.113.214.249 443 SRPA* 0 0 24 12986 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:17:17.228505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:17:17.231479 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 03:17:32.761198 0.065197 tcp 10.0.2.109 61578 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:17:32.826690 0.135086 tcp 10.0.2.109 61579 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:17:32.961543 0.160722 tcp 10.0.2.109 61580 -> 195.113.214.249 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:17:33.122744 0.055628 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:33.178812 0.053021 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:33.232322 0.050226 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:33.282971 0.214314 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:33.497715 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 03:17:48.744416 0.060141 tcp 10.0.2.109 61581 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:17:48.804868 0.218894 tcp 10.0.2.109 61582 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:17:49.024038 0.171401 tcp 10.0.2.109 61583 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:17:49.195975 0.070866 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:49.234351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:17:49.267282 0.181714 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:49.449460 0.163860 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:49.613770 0.128543 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:49.742666 0.109142 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:49.852179 0.315714 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:50.168258 0.147346 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:50.316105 0.276661 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:50.593121 0.070058 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:50.663527 0.065731 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:50.729671 0.061207 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:50.791269 0.348605 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:51.140305 0.165323 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:51.306205 0.344140 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:51.650683 0.308051 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:17:51.959221 0.000000 udp 10.0.2.109 3683 -> 84.130.216.4 8279 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 03:18:09.394391 0.062093 tcp 10.0.2.109 61584 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:18:09.456307 0.067069 tcp 10.0.2.109 61585 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:18:09.523626 0.163146 tcp 10.0.2.109 61586 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:18:09.687271 0.143367 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:09.831003 0.071213 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:09.902630 0.323195 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:10.226234 0.145794 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:10.372473 0.298027 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:10.670853 0.303638 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:10.974900 0.369967 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:11.345238 0.145609 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:11.491259 0.147664 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:11.639302 0.098557 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:11.738252 0.398564 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:12.137235 0.073104 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:12.210725 0.132342 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:12.343438 0.164170 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:12.508086 0.066532 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:12.575020 0.091392 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:12.666790 0.155549 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:12.822815 0.125870 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:12.949073 0.168883 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:13.118328 0.214918 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:18:13.333684 0.375623 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:23:53.240520 3.001546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 03:24:00.247600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:24:08.249193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:24:24.252768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:24:56.258589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:31:00.264128 3.002054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 03:31:07.271933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:31:15.273613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:31:31.276372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:31:45.166429 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 03:31:45.166602 0.709528 tcp 10.0.2.109 61587 -> 188.129.248.221 6410 FSPA* 0 0 14 1729 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:32:03.282691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:38:07.288525 3.001728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 03:38:14.297725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:38:22.297304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:38:38.300403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:39:10.308737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:45:14.312038 3.002031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 03:45:21.319851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:45:29.321323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:45:45.324826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:46:17.330178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:48:42.769734 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 03:48:42.769819 0.041400 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:48:42.811636 0.000000 udp 10.0.2.109 3683 -> 84.130.216.4 8279 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 03:49:00.567175 0.062670 tcp 10.0.2.109 61588 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:49:00.630339 0.063815 tcp 10.0.2.109 61589 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:49:00.694446 0.159964 tcp 10.0.2.109 61590 -> 195.113.214.249 443 SRPA* 0 0 41 34598 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:49:00.854941 0.000000 udp 10.0.2.109 3683 -> 116.15.76.97 8943 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 03:49:16.588656 0.064476 tcp 10.0.2.109 61591 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:49:16.653868 0.062452 tcp 10.0.2.109 61592 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:49:16.716593 0.168149 tcp 10.0.2.109 61593 -> 195.113.214.249 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/16 03:49:16.885884 0.062768 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:16.949109 0.053029 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:17.002611 0.055759 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:17.058782 0.049802 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:17.108990 0.159121 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:17.268505 0.125473 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:17.394471 0.104924 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:17.499781 0.074858 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:17.575004 0.179286 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:17.754651 0.196919 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:17.952030 0.074071 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:18.026589 0.058609 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:18.085607 0.049582 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:18.135538 0.143997 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:18.279934 0.349475 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:18.629854 0.352487 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:18.982795 0.301215 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:19.284371 0.232690 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:19.517477 0.357972 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:19.875829 0.089631 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:19.965906 0.139749 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:20.106234 0.142141 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:20.248780 0.302374 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:20.551529 0.307594 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:20.859559 0.322154 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:21.182070 0.149211 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:21.331684 0.097262 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:21.429428 0.365863 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:21.795638 0.142023 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:21.938005 0.394125 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:22.332523 0.076016 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:22.408918 0.130940 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:22.540257 0.165591 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:22.706288 0.053375 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:22.760033 0.083084 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:22.843513 0.148113 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:22.992040 0.126380 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:23.118834 0.374420 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:23.493629 0.172881 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:49:23.666872 0.216501 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/16 03:54:18.351118 2.999950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 03:54:25.355349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:54:33.356651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:54:49.357787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 03:55:21.362553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:01:41.381244 3.002031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 04:01:45.875819 0.000188 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 04:01:45.876102 0.507380 tcp 10.0.2.109 61594 -> 188.129.248.221 6410 FSPA* 0 0 14 1605 flow=From-Botnet-V1-TCP-Established 1970/02/16 04:01:48.389046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:01:56.390616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:02:12.393562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:02:44.399407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:09:13.411192 3.001959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 04:09:20.418815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:09:28.420548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:09:44.423514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:10:16.429395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:16:20.435721 3.001546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 04:16:27.442718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:16:35.444268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:16:51.447699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:17:23.453350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:19:37.716772 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 04:19:37.716860 0.000000 udp 10.0.2.109 3683 -> 116.15.76.97 8943 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 04:19:54.212817 0.065002 tcp 10.0.2.109 61595 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 04:19:54.278070 0.067051 tcp 10.0.2.109 61596 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 04:19:54.345437 0.156920 tcp 10.0.2.109 61597 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 04:19:54.502926 0.041355 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:54.544770 0.055606 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:54.600798 0.070318 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:54.671452 0.054120 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:54.726034 0.051138 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:54.777564 0.157696 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:54.935618 0.127365 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:55.063450 0.117002 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:55.180829 0.074541 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:55.255784 0.185066 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:55.441270 0.561025 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:56.002695 0.065017 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:56.068054 0.055598 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:56.124069 0.352324 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:56.476782 0.354000 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:56.831140 0.052748 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:56.884279 0.151748 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:57.036453 0.306701 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:57.343570 0.167346 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:57.511289 0.359250 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:57.870945 0.097554 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:57.968877 0.419828 udp 10.0.2.109 3683 <-> 101.63.15.15 6649 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:58.389075 0.348239 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:58.737794 0.142507 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:58.880712 0.150540 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:59.031629 0.326881 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:59.358899 0.149512 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:59.508757 0.101480 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:59.610602 0.386502 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:19:59.997502 0.146836 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:00.144759 0.365921 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:00.511039 0.075804 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:00.587365 0.131213 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:00.718992 0.164504 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:00.883868 0.055215 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:00.939450 0.080673 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:01.020536 0.148518 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:01.169468 0.171448 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:01.341384 0.216145 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:01.557934 0.113807 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:20:01.672188 0.383918 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:23:27.459807 3.001280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 04:23:34.468724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:23:42.468379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:23:58.471374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:24:30.477341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:30:34.483543 3.001507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 04:30:41.490744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:30:49.492145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:31:05.495666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:31:37.501385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:31:46.385146 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 04:31:46.385311 0.657554 tcp 10.0.2.109 61598 -> 188.129.248.221 6410 FSPA* 0 0 14 1743 flow=From-Botnet-V1-TCP-Established 1970/02/16 04:37:41.507550 3.040350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 04:37:48.528866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:37:56.525987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:38:12.529347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:38:44.537403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:44:48.541076 3.001768 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 04:44:55.549602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:45:03.550427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:45:19.556273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:45:51.559166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:50:17.493993 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 04:50:17.494125 0.053127 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:17.547632 0.054002 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:17.602013 0.050780 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:17.653312 0.163070 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:17.816749 0.126869 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:17.944058 0.042564 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:17.986997 0.054780 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:18.042370 0.112513 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:18.155302 0.070652 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:18.226414 0.178241 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:18.405082 0.058046 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:18.463545 0.073790 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:18.537750 0.345850 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:18.883950 0.053722 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:18.938062 0.156843 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:19.095288 0.056910 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:19.152564 0.362069 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:19.514994 0.304189 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:19.819549 0.167997 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:19.988010 0.371624 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:20.360031 0.074475 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:20.434955 0.140846 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:20.576193 0.151580 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:20.728148 0.000000 udp 10.0.2.109 3683 -> 101.63.15.15 6649 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 04:50:36.164523 0.061586 tcp 10.0.2.109 61599 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 04:50:36.226503 0.061930 tcp 10.0.2.109 61600 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 04:50:36.288791 0.162636 tcp 10.0.2.109 61601 -> 195.113.214.249 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/02/16 04:50:36.451964 0.309487 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:36.761861 0.096792 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:36.859082 1.128232 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:37.987723 0.330241 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:38.318410 0.149006 udp 10.0.2.109 3683 <-> 68.42.157.177 3569 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:38.467820 0.146387 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:38.614617 0.394437 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:39.009449 0.072604 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:39.082500 0.134554 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:39.217498 0.164132 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:39.382047 0.054085 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:39.436567 0.087560 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:39.524515 0.211513 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:39.736422 0.138424 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:39.875335 0.385307 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:40.261033 0.158800 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:50:40.420203 0.174133 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/16 04:54:05.581575 3.027472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 04:54:12.599528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:54:20.601052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:54:36.603954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 04:55:08.610241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:01:12.616677 3.001903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 05:01:19.627165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:01:27.624833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:01:43.628238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:01:47.043712 0.000162 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 05:01:47.043982 0.579531 tcp 10.0.2.109 61602 -> 188.129.248.221 6410 FSPA* 0 0 14 1739 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:02:15.634473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:08:41.651619 3.001336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 05:08:48.659291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:08:56.660746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:09:12.663750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:09:44.669951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:15:56.676920 3.007551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 05:16:03.686722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:16:11.686247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:16:27.689184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:16:59.754362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:20:56.275831 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 05:20:56.275978 0.000000 udp 10.0.2.109 3683 -> 101.63.15.15 6649 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 05:21:14.342932 0.063787 tcp 10.0.2.109 61603 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:21:14.406996 0.060814 tcp 10.0.2.109 61604 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:21:14.468141 0.271179 tcp 10.0.2.109 61605 -> 195.113.214.249 443 SRPA* 0 0 71 54180 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:21:14.739542 0.049513 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:14.789408 0.161379 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:14.951196 0.122209 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.073873 0.041816 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.116144 0.053521 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.170069 0.064359 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.234829 0.054466 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.289672 0.074644 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.364712 0.183991 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.549104 0.054588 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.604076 0.071695 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.676186 0.111978 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.788579 0.050615 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:15.839629 0.358385 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:16.198438 0.143956 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:16.342805 0.308345 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:16.651528 0.168735 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:16.820633 0.341834 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:17.162812 0.064572 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:17.227782 0.141901 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:17.370223 0.154765 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:17.525353 0.385014 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:17.910780 0.082798 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:17.993973 0.299706 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:18.294252 0.000000 udp 10.0.2.109 3683 -> 86.165.135.158 6597 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 05:21:35.772616 0.067290 tcp 10.0.2.109 61606 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:21:35.840138 0.060475 tcp 10.0.2.109 61607 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:21:35.901030 0.162933 tcp 10.0.2.109 61608 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:21:36.064600 0.415684 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:36.480705 0.146144 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:36.627238 0.406374 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:37.033985 0.073444 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:37.107794 0.323058 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:37.431230 0.000000 udp 10.0.2.109 3683 -> 68.42.157.177 3569 INT 0 1 89 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 05:21:56.242114 0.063542 tcp 10.0.2.109 61609 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:21:56.306037 0.062237 tcp 10.0.2.109 61610 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:21:56.368589 0.170187 tcp 10.0.2.109 61611 -> 195.113.214.249 443 SRPA* 0 0 68 69850 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:21:56.539567 0.130389 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:56.670484 0.166115 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:56.836976 0.052461 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:56.889898 0.095448 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:56.985852 0.215843 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:57.202125 0.113965 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:57.316556 0.170756 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:57.487701 0.384651 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:21:57.872780 0.148949 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:23:03.710964 3.001970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 05:23:10.718690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:23:18.724786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:23:34.723304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:24:06.729171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:30:10.735403 3.003155 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 05:30:17.742459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:30:25.744287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:30:41.747163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:31:13.753237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:31:47.625470 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 05:31:47.625604 1.383966 tcp 10.0.2.109 61612 -> 188.129.248.221 6410 FSPA* 0 0 14 1565 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:37:17.759235 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 05:37:24.765980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:37:32.768251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:37:48.770914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:38:20.776516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:44:24.783573 3.001222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 05:44:31.790546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:44:39.792342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:44:55.795026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:45:27.801034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:52:18.101307 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 05:52:18.101487 0.000000 udp 10.0.2.109 3683 -> 86.165.135.158 6597 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 05:52:34.215847 0.062006 tcp 10.0.2.109 61613 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:52:34.278261 0.061205 tcp 10.0.2.109 61614 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:52:34.339773 0.159086 tcp 10.0.2.109 61615 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:52:34.499591 0.000000 udp 10.0.2.109 3683 -> 68.42.157.177 3569 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 05:52:49.906698 0.066444 tcp 10.0.2.109 61616 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:52:49.973389 0.074266 tcp 10.0.2.109 61617 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:52:50.047479 0.163543 tcp 10.0.2.109 61618 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:52:50.211574 0.157262 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:52:50.369208 0.050057 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:52:50.419690 0.128299 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:52:50.548387 0.068227 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:52:50.616999 0.053805 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:52:50.671213 0.074857 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:52:50.746430 0.178517 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:52:50.925396 0.000000 udp 10.0.2.109 3683 -> 151.42.37.69 2048 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 05:53:09.765873 0.064427 tcp 10.0.2.109 61619 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:53:09.830621 0.067111 tcp 10.0.2.109 61620 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:53:09.898053 0.156399 tcp 10.0.2.109 61621 -> 195.113.214.249 443 SRPA* 0 0 35 19470 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:53:10.055119 0.074233 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:10.129829 0.100411 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:10.234365 0.056527 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:10.291270 0.041400 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:10.333071 0.053157 udp 10.0.2.109 3683 <-> 86.180.249.61 6148 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:10.386701 0.167627 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:10.554754 0.365484 udp 10.0.2.109 3683 <-> 218.145.118.4 9278 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:10.920671 0.316776 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:11.237852 0.166163 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:11.404415 0.064515 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:11.469377 0.410265 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:11.880077 0.090163 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:11.970503 0.348467 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:12.319388 0.157645 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:12.477495 0.143585 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:12.621458 0.298618 udp 10.0.2.109 3683 <-> 117.220.5.205 4109 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:12.920454 0.146848 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:13.067765 0.000000 udp 10.0.2.109 3683 -> 1.169.254.138 2346 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 05:53:31.226766 0.068295 tcp 10.0.2.109 61622 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:53:31.295411 0.065151 tcp 10.0.2.109 61623 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:53:31.360824 0.152374 tcp 10.0.2.109 61624 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 05:53:31.513882 0.401299 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:31.915612 0.074394 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:31.990382 0.326808 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:32.317590 0.131218 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:32.449252 0.163540 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:32.613180 0.054642 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:32.668285 0.087064 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:32.755727 0.172454 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:32.928594 0.374161 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:33.303150 0.150093 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:33.453657 0.213367 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:33.667419 0.114141 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/16 05:53:50.817047 3.001540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 05:53:57.824380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:54:05.825987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:54:21.829244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 05:54:53.838675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:00:57.841916 3.000910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 06:01:04.848628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:01:12.855282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:01:28.852771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:01:49.012585 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 06:01:49.012700 0.547380 tcp 10.0.2.109 61625 -> 188.129.248.221 6410 FSPA* 0 0 14 1741 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:02:00.858882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:08:17.873304 3.001446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 06:08:24.881184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:08:32.882723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:08:48.885413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:09:20.891725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:15:36.903884 3.002978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 06:15:43.912315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:15:51.913509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:16:07.916760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:16:39.922932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:22:43.932844 2.997708 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 06:22:50.936334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:22:58.937707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:23:14.955143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:23:46.957823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:24:00.426761 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 06:24:00.426857 0.317903 udp 10.0.2.109 3683 -> 151.42.37.69 2048 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 06:24:00.744760 0.000000 icmp 151.42.37.69 0x0103 -> 10.0.2.109 0x972a URH 192 1 182 flow=Background 1970/02/16 06:24:18.143358 0.065511 tcp 10.0.2.109 61626 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:24:18.209136 0.063897 tcp 10.0.2.109 61627 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:24:18.273304 0.164700 tcp 10.0.2.109 61628 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:24:18.438787 0.503191 udp 10.0.2.109 3683 <-> 1.169.254.138 2346 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:18.942509 0.049768 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:18.992762 0.160626 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:19.153750 0.071066 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:19.225246 0.182554 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:19.408223 0.063028 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:19.471712 0.128361 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:19.600439 0.053061 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:19.653940 0.056320 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:19.710731 0.143659 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:19.854749 0.067796 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:19.922933 0.000000 udp 10.0.2.109 3683 -> 86.180.249.61 6148 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 06:24:36.749580 0.065819 tcp 10.0.2.109 61629 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:24:36.815707 0.062263 tcp 10.0.2.109 61630 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:24:36.878283 0.172397 tcp 10.0.2.109 61631 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:24:37.051194 0.049261 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:37.100903 0.000000 udp 10.0.2.109 3683 -> 218.145.118.4 9278 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 06:24:54.094085 0.060313 tcp 10.0.2.109 61632 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:24:54.154715 0.065451 tcp 10.0.2.109 61633 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:24:54.220425 0.160280 tcp 10.0.2.109 61634 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:24:54.381223 0.168681 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:54.550355 0.137907 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:54.688654 0.303594 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:54.992640 0.090751 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:55.083775 0.344630 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:55.428799 0.081897 udp 10.0.2.109 3683 <-> 92.87.70.60 2801 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:55.511090 0.412164 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:55.923689 0.146994 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:56.071066 0.149958 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:56.221414 0.141186 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:24:56.363025 0.000000 udp 10.0.2.109 3683 -> 117.220.5.205 4109 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 06:25:13.501545 0.063674 tcp 10.0.2.109 61635 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:25:13.565554 0.064988 tcp 10.0.2.109 61636 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:25:13.630799 0.155221 tcp 10.0.2.109 61637 -> 195.113.214.249 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:25:13.786312 0.330630 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:14.117326 0.391378 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:14.509082 0.082122 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:14.591563 0.131105 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:14.723014 0.166461 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:14.889855 0.055055 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:14.945313 0.084924 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:15.030669 0.170573 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:15.201648 0.216907 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:15.418936 0.387155 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:15.806573 0.149418 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:25:15.956372 0.113784 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:29:50.964444 3.000301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 06:29:57.970275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:30:05.971582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:30:21.977054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:30:53.980967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:31:49.561090 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 06:31:49.561181 0.685577 tcp 10.0.2.109 61638 -> 188.129.248.221 6410 FSPA* 0 0 14 1643 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:36:57.986950 3.045027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 06:37:05.011624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:37:13.005456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:37:29.008741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:38:01.014391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:44:05.021286 3.000985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 06:44:12.027996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:44:20.029588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:44:36.032711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:45:08.038610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:53:32.045728 3.001783 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 06:53:39.053479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:53:47.056606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:54:03.057842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:54:35.064036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 06:55:32.440170 0.000148 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 06:55:32.440403 0.000000 udp 10.0.2.109 3683 -> 86.180.249.61 6148 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 06:55:48.782640 0.066465 tcp 10.0.2.109 61639 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:55:48.849407 0.066443 tcp 10.0.2.109 61640 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:55:48.916163 0.152637 tcp 10.0.2.109 61641 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:55:49.069407 0.000000 udp 10.0.2.109 3683 -> 218.145.118.4 9278 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 06:56:04.563167 0.067204 tcp 10.0.2.109 61642 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:56:04.630674 0.066765 tcp 10.0.2.109 61643 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:56:04.697752 0.159529 tcp 10.0.2.109 61644 -> 195.113.214.249 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:56:04.856823 0.000000 udp 10.0.2.109 3683 -> 117.220.5.205 4109 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 06:56:23.741325 0.061464 tcp 10.0.2.109 61645 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:56:23.803166 0.061819 tcp 10.0.2.109 61646 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:56:23.865368 0.152029 tcp 10.0.2.109 61647 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:56:24.022469 0.000000 udp 10.0.2.109 3683 -> 1.169.254.138 2346 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 06:56:40.574978 0.063005 tcp 10.0.2.109 61648 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:56:40.638452 0.065264 tcp 10.0.2.109 61649 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:56:40.704103 0.184161 tcp 10.0.2.109 61650 -> 195.113.214.249 443 SRPA* 0 0 22 13124 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:56:40.888773 0.050144 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:40.939391 0.060555 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.000346 0.123387 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.124185 0.052490 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.177069 0.055709 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.233134 0.114531 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.348091 0.071767 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.420245 0.160248 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.580915 0.074737 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.656079 0.178229 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.834687 0.041569 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:41.876658 0.142851 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:42.019941 0.289248 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:42.309575 0.062412 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:42.372458 0.166303 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:42.539140 0.147800 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:42.687324 0.316848 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:56:43.004578 0.000000 udp 10.0.2.109 3683 -> 92.87.70.60 2801 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 06:57:01.184870 0.066220 tcp 10.0.2.109 61651 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:57:01.251459 0.066152 tcp 10.0.2.109 61652 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:57:01.317872 0.177445 tcp 10.0.2.109 61653 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 06:57:01.495926 0.383327 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:01.879767 0.141035 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:02.021199 0.147491 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:02.169125 0.319293 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:02.488874 0.395347 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:02.884626 0.077313 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:02.962376 0.131793 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:03.094598 0.168393 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:03.263408 0.057897 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:03.321674 0.085962 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:03.408269 0.377225 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:03.785893 0.148484 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:03.948358 0.113884 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:04.062635 0.169284 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/02/16 06:57:04.232329 0.217346 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:00:39.070889 3.000567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 07:00:46.077418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:00:54.079462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:01:10.082007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:01:42.087790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:01:50.258753 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 07:01:50.258855 1.276181 tcp 10.0.2.109 61654 -> 188.129.248.221 6410 FSPA* 0 0 14 1521 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:07:46.093917 3.193345 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 07:07:53.256718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:08:01.180499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:08:17.116314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:08:49.121892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:14:58.138592 2.999621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 07:15:05.142637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:15:13.143841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:15:29.147000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:16:01.157822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:22:05.159565 3.001180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 07:22:12.166846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:22:20.167676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:22:36.171155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:23:08.177208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:27:08.452715 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 07:27:08.452856 0.000000 udp 10.0.2.109 3683 -> 1.169.254.138 2346 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 07:27:26.910884 0.119720 tcp 10.0.2.109 61655 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:27:27.030861 0.061942 tcp 10.0.2.109 61656 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:27:27.093083 0.152602 tcp 10.0.2.109 61657 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:27:27.246573 0.000000 udp 10.0.2.109 3683 -> 92.87.70.60 2801 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 07:27:43.811669 0.064548 tcp 10.0.2.109 61658 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:27:43.876535 0.142364 tcp 10.0.2.109 61659 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:27:44.019197 0.152937 tcp 10.0.2.109 61660 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:27:44.172702 0.051542 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:27:44.224708 0.049964 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:27:44.275070 0.058817 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:27:44.334460 0.129080 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:27:44.464045 0.071100 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:27:44.535525 0.160955 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:27:44.696898 0.129656 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:27:44.826960 0.056450 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:27:44.883786 0.183366 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:27:45.067549 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 07:28:02.903309 0.061592 tcp 10.0.2.109 61661 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:28:02.965245 0.065430 tcp 10.0.2.109 61662 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:28:03.031034 0.155268 tcp 10.0.2.109 61663 -> 195.113.214.249 443 SRPA* 0 0 41 22612 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:28:03.186875 0.138831 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:03.326077 0.074947 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:03.401419 0.482127 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:03.884005 0.146643 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:04.031062 0.316759 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:04.348484 0.062597 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:04.411487 0.297034 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:04.708885 0.395556 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:05.104867 0.140657 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:05.245891 0.399467 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:05.645733 0.074434 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:05.720611 0.131072 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:05.852059 0.153393 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:06.005852 0.327462 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:06.333699 0.166632 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:06.500734 0.055281 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:06.556399 0.090996 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:06.647800 0.384504 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:07.032705 0.153153 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:07.186258 0.126275 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:07.312985 0.175617 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:28:07.488977 0.216508 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:29:12.183361 3.001381 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 07:29:19.190531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:29:27.192089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:29:43.194506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:30:15.428403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:31:51.539752 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 07:31:51.539839 0.634490 tcp 10.0.2.109 61664 -> 188.129.248.221 6410 FSPA* 0 0 14 1496 flow=From-Botnet-V1-TCP-Established 1970/02/16 07:36:19.226551 3.002074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 07:36:26.234000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:36:34.235552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:36:50.238907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:37:22.244737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:43:26.251520 3.002913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 07:43:33.258546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:43:41.260202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:43:57.262814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:44:29.268936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:50:33.275227 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 07:50:40.284596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:50:48.286769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:51:04.286870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:51:36.294343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:57:40.300748 2.999977 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 07:57:47.306157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:57:55.307717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:58:11.311088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 07:58:14.735910 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 07:58:14.736008 0.041727 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:14.778279 0.048924 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:14.827645 0.057288 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:14.885394 0.134201 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:15.020008 0.068545 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:15.089045 0.156434 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:15.245883 0.103427 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:15.349652 0.056755 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:15.406802 0.054452 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:15.461637 0.177808 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:15.639852 0.231505 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:15.871746 0.165897 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:16.038038 0.070929 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:16.109373 0.147592 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:16.257359 0.322144 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:16.579897 0.060441 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:16.640710 0.293616 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:16.934777 0.418587 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:17.353777 0.070220 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:17.424454 0.132088 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:17.556914 0.403259 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:17.960647 0.139687 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:18.119548 0.158092 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:18.278127 0.324528 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:18.603079 0.165251 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:18.768676 0.055051 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:18.824338 0.079792 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:18.904468 0.126278 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:19.031163 0.168945 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:19.200559 0.222733 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:19.423648 0.377056 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:19.801077 0.152398 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/16 07:58:43.317078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:01:52.180173 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 08:01:52.180448 0.528124 tcp 10.0.2.109 61665 -> 188.129.248.221 6410 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/02/16 08:05:07.331244 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 08:05:14.338966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:05:22.340875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:05:38.343557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:06:10.349826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:12:24.360386 3.001153 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 08:12:31.367596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:12:39.368711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:12:55.371894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:13:27.379370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:19:35.389896 3.001320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 08:19:42.397222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:19:50.398555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:20:06.401764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:20:38.407584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:26:45.418606 3.000937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 08:26:52.425833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:27:00.428910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:27:16.430056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:27:48.438406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:28:28.153468 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 08:28:28.153648 0.061546 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:28.215672 0.127706 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:28.343747 0.043254 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:28.387377 0.049646 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:28.437489 0.073840 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:28.511720 0.158487 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:28.670646 0.104393 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:28.775379 0.080489 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:28.856214 0.054800 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:28.911410 0.178176 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:29.089974 0.169052 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:29.259466 0.140439 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:29.400358 0.075062 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:29.475748 0.142987 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:29.619134 0.313624 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:29.933160 0.057314 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:29.990919 0.316150 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:30.307502 0.468124 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:30.776016 0.078717 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:30.855171 0.131055 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:30.986651 0.381749 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:31.368794 0.140858 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:31.510076 0.145827 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:31.656294 0.322535 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:31.979186 0.165595 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:32.145183 0.053245 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:32.198855 0.089951 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:32.289194 0.217579 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:32.507124 0.382780 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:32.890349 0.150702 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:33.041478 0.126247 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:28:33.168149 0.175404 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:31:52.707653 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 08:31:52.707840 0.624013 tcp 10.0.2.109 61666 -> 188.129.248.221 6410 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/02/16 08:33:52.441405 3.002324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 08:33:59.449394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:34:07.451181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:34:23.453950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:34:55.460029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:40:59.470530 2.997106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 08:41:06.473333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:41:14.474729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:41:30.477768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:42:02.484154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:48:06.491011 3.000893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 08:48:13.497226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:48:21.515616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:48:37.512093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:49:09.517732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:55:42.525572 3.001886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 08:55:49.538417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:55:57.534653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:56:13.537446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:56:45.543419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 08:58:35.211838 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 08:58:35.211945 0.251941 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:35.464323 0.127833 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:35.592556 0.046808 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:35.639794 0.048931 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:35.689105 0.069152 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:35.758620 0.158245 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:35.917305 0.115856 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:36.033610 0.064481 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:36.098616 0.053819 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:36.152826 0.181922 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:36.335145 0.074621 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:36.410173 0.145309 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:36.555856 0.178724 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:36.734972 0.169275 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:36.904665 0.322892 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:37.227960 0.055217 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:37.283617 0.296659 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:37.580660 0.457194 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:38.038327 0.071601 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:38.110396 0.139081 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:38.292587 0.147397 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:38.440345 0.130495 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:38.571242 0.345925 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:38.917611 0.331363 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:39.249390 0.165012 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:39.414842 0.054783 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:39.470037 0.090605 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:39.561120 0.000000 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 08:58:58.437312 0.070279 tcp 10.0.2.109 61667 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 08:58:58.507882 0.062074 tcp 10.0.2.109 61668 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 08:58:58.570302 0.140161 tcp 10.0.2.109 61669 -> 195.113.214.249 443 SRPA* 0 0 34 23919 flow=From-Botnet-V1-TCP-Established 1970/02/16 08:58:58.711032 0.384398 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:59.095868 0.169537 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:59.265839 0.152202 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/16 08:58:59.418649 0.113921 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:01:53.336563 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 09:01:53.336719 0.606079 tcp 10.0.2.109 61670 -> 188.129.248.221 6410 FSPA* 0 0 14 1618 flow=From-Botnet-V1-TCP-Established 1970/02/16 09:02:50.552563 2.999709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 09:02:57.558408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:03:05.570056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:03:21.572687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:03:53.578971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:09:57.586709 2.999412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 09:10:04.592426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:10:12.593968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:10:28.596575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:11:00.602945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:17:04.609048 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 09:17:11.616365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:17:19.617612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:17:35.621071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:18:07.628573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:24:13.635374 3.001940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 09:24:20.643128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:24:28.644627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:24:44.647524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:25:16.657758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:29:23.799468 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 09:29:23.799563 0.223308 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 09:29:24.022871 0.000000 icmp 139.142.70.178 0x0303 -> 10.0.2.109 0x6807 URP 192 1 174 flow=Background 1970/02/16 09:29:42.658116 0.071138 tcp 10.0.2.109 61671 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 09:29:42.729595 0.062899 tcp 10.0.2.109 61672 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 09:29:42.792859 0.153345 tcp 10.0.2.109 61673 -> 195.113.214.249 443 SRPA* 0 0 59 37944 flow=From-Botnet-V1-TCP-Established 1970/02/16 09:29:42.946980 0.042007 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:42.989429 0.049678 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:43.039558 0.065382 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:43.105401 0.163693 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:43.269504 0.217816 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:43.487730 0.127285 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:43.615414 0.082318 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:43.698241 0.054891 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:43.753507 0.137772 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:43.915263 0.106239 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:44.021984 0.146777 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:44.169181 0.184072 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:44.353628 0.165981 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:44.520006 0.074788 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:44.595222 0.304386 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:44.900040 0.476846 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:45.377275 0.078577 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:45.456201 0.059959 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:45.516609 0.318160 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:45.835230 0.375147 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:46.210811 0.141247 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:46.352448 0.150571 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:46.503367 0.132445 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:46.636231 0.055322 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:46.691966 0.092326 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:46.784693 0.162924 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:46.947973 0.320253 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:47.268617 0.386199 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:47.655265 0.114314 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:47.769982 0.168975 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:29:47.939360 0.149062 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/16 09:31:20.659679 3.001802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 09:31:27.667251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:31:35.668706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:31:51.671581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:31:53.945310 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 09:31:53.945453 0.730971 tcp 10.0.2.109 61674 -> 188.129.248.221 6410 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/02/16 09:32:23.677680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:38:27.683814 3.001688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 09:38:34.691110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:38:42.692581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:38:58.695607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:39:30.701540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:45:34.707245 3.002101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 09:45:41.714484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:45:49.716461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:46:05.719666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:46:37.908616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:54:27.744006 3.001745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 09:54:34.751302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:54:42.754828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:54:58.756181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:55:30.761926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 09:59:59.478925 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 09:59:59.479010 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 10:00:16.524518 0.069854 tcp 10.0.2.109 61675 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 10:00:16.594621 0.066641 tcp 10.0.2.109 61676 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 10:00:16.661560 0.156287 tcp 10.0.2.109 61677 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/16 10:00:16.818464 0.050635 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:16.869575 0.067033 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:16.937111 0.163049 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:17.100622 0.059266 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:17.160351 0.129099 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:17.289895 0.068558 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:17.358933 0.050928 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:17.410295 0.146857 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:17.557645 0.182373 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:17.740394 0.166672 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:17.907546 0.074671 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:17.982649 0.305458 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:18.288596 0.115681 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:18.404809 0.146749 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:18.551968 0.456764 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:19.009096 0.073866 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:19.083431 0.058704 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:19.142649 0.324395 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:19.467450 0.160615 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:19.628553 0.131548 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:19.760580 0.051150 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:19.812139 0.086028 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:19.898584 0.350145 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:20.249202 0.140330 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:20.390004 0.165285 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:20.555669 0.330272 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:20.886545 0.383397 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:21.270590 0.126120 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:21.397120 0.173892 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:00:21.571376 0.175386 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:01:54.688204 0.000181 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 10:01:54.688494 0.577766 tcp 10.0.2.109 61678 -> 188.129.248.221 6410 FSPA* 0 0 14 1717 flow=From-Botnet-V1-TCP-Established 1970/02/16 10:01:56.779773 3.001070 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 10:02:03.787169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:02:11.788501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:02:27.791559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:02:59.797827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:09:23.812573 3.001622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 10:09:30.819721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:09:38.821477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:09:54.824521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:10:26.830611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:16:30.836925 3.001067 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 10:16:37.843919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:16:45.844830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:17:01.848412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:17:33.854585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:23:37.860677 3.001237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 10:23:44.867773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:23:52.869160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:24:08.872507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:24:40.878830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:30:44.884009 3.001497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 10:30:50.479825 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 10:30:50.479994 0.067934 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:50.548414 0.049919 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:50.598705 0.066706 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:50.665781 0.161444 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:50.827700 0.057371 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:50.885500 0.129686 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:51.015603 0.066370 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:51.082364 0.054870 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:51.137712 0.138729 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:51.276917 0.185914 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:51.463232 0.163228 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:51.626852 0.074418 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:51.701660 0.313920 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:51.894468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:30:52.016004 0.103828 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:52.120200 0.143788 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:52.264406 0.444841 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:52.709622 0.076573 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:52.786586 0.162445 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:52.949417 0.133061 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:53.082898 0.053971 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:53.137312 0.081225 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:53.219003 0.061876 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:53.281326 0.320100 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:53.601925 0.347848 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:53.950228 0.139758 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:54.090519 0.163657 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:54.254625 0.327758 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:54.582784 0.175068 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:54.758349 0.149947 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:54.908788 0.384535 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:55.293732 0.126131 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/16 10:30:59.893329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:31:15.896172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:31:47.902337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:31:55.263228 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 10:31:55.263398 0.660676 tcp 10.0.2.109 61679 -> 188.129.248.221 6410 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/02/16 10:37:51.909696 3.000085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 10:37:58.915249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:38:06.916884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:38:22.920477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:38:54.926366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:44:58.933205 3.000873 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 10:45:05.939761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:45:13.941278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:45:29.943818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:46:01.950415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:54:10.969250 2.998079 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 10:54:17.973665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:54:25.974936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:54:41.977813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 10:55:13.983911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:01:07.963130 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 11:01:07.963279 0.065783 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:08.029505 0.163869 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:08.193833 0.060357 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:08.254571 0.047108 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:08.302088 0.051955 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:08.354548 0.139143 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:08.494074 0.077136 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:08.571697 0.054756 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:08.626890 0.212843 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:08.840195 0.183881 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:09.024574 0.168282 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:09.193311 0.074845 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:09.268528 0.303260 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:09.572253 0.110471 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:09.683748 0.144964 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:09.834485 0.444550 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:10.279459 0.076678 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:10.356525 0.055269 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:10.412202 0.094409 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:10.507091 0.056944 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:10.564420 0.319416 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:10.884244 0.152803 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:11.037390 0.131068 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:11.168890 0.341539 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:11.510803 0.141314 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:11.652584 0.164821 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:11.817872 0.327672 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:12.145984 0.170293 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:12.316629 0.149148 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:12.466299 0.378093 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:12.844814 0.113994 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:01:26.002571 3.000944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 11:01:33.008754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:01:41.010684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:01:55.932168 0.634485 tcp 10.0.2.109 61680 -> 188.129.248.221 6410 FSPA* 0 0 14 1719 flow=From-Botnet-V1-TCP-Established 1970/02/16 11:01:57.013270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:02:29.019365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:08:58.030810 3.037253 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 11:09:05.048767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:09:13.050454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:09:29.053198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:10:01.059365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:16:05.064767 3.002134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 11:16:12.072814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:16:20.074361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:16:36.077279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:17:08.083262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:23:12.089737 3.001209 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 11:23:19.097680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:23:27.101346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:23:43.104546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:24:15.107209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:30:19.114047 3.000571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 11:30:26.120654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:30:34.122265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:30:50.125142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:31:22.131346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:31:37.283513 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 11:31:37.283745 0.067624 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:37.351792 0.165637 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:37.517814 0.156842 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:37.675041 0.048070 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:37.723540 0.050472 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:37.774423 0.125144 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:37.899969 0.083259 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:37.983610 0.063131 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:38.047136 0.145067 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:38.192655 0.182254 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:38.375372 0.165057 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:38.540880 0.085012 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:38.626284 0.303996 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:38.930715 0.102253 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:39.033322 0.144765 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:39.178498 0.458738 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:39.637627 0.075801 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:39.713861 0.057041 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:39.771323 0.082912 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:39.854620 0.064907 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:39.919949 0.314817 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:40.235131 0.163745 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:40.399311 0.131051 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:40.530810 0.166171 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:40.697428 0.329773 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:41.027644 0.172887 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:41.200897 0.156283 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:41.357569 0.384726 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:41.742683 0.126171 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:41.869390 0.349156 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:42.218990 0.140866 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/16 11:31:56.571126 1.803752 tcp 10.0.2.109 61681 -> 188.129.248.221 6410 FSPA* 0 0 14 1738 flow=From-Botnet-V1-TCP-Established 1970/02/16 11:37:26.142500 3.205769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 11:37:33.319972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:37:41.240878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:37:57.159033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:38:29.175048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:44:33.181920 3.000861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 11:44:40.188518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:44:48.189994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:45:04.193175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:45:36.199334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:53:57.212312 3.001425 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 11:54:04.219713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:54:12.221064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:54:28.224479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 11:55:00.230550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:01:04.237477 3.011018 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 12:01:11.244930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:01:19.245239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:01:35.247816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:01:50.370400 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 12:01:50.370565 0.061489 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:50.432476 0.041611 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:50.474525 0.050534 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:50.525483 0.127249 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:50.653145 0.067108 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:50.720678 0.158852 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:50.879957 0.069644 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:50.950065 0.050224 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:51.000699 0.138325 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:51.139429 0.186114 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:51.325975 0.234615 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:51.560949 0.077731 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:51.639141 0.296554 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:51.936159 0.098407 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:52.034955 0.147670 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:52.183038 0.432705 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:52.616197 0.078765 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:52.695388 0.044875 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:52.740687 0.090883 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:52.832038 0.056550 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:52.888978 0.132343 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:53.021744 0.164717 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:53.186935 0.317719 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:53.505114 0.161129 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:53.666626 0.326410 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:53.993480 0.174372 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:54.168215 0.152852 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:54.321513 0.377156 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 581 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:54.699047 0.127473 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:54.827069 0.345714 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:55.173181 0.142635 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:01:58.381882 0.631155 tcp 10.0.2.109 61682 -> 188.129.248.221 6410 FSPA* 0 0 14 1715 flow=From-Botnet-V1-TCP-Established 1970/02/16 12:02:07.253986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:08:29.267723 2.999683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 12:08:36.276646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:08:44.274933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:09:00.277817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:09:32.283934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:15:47.295792 3.001751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 12:15:54.303210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:16:02.322500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:16:18.317717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:16:50.323937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:22:58.335178 3.001974 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 12:23:05.343084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:23:13.344542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:23:29.347694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:24:01.353541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:30:05.359674 3.004529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 12:30:12.367020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:30:20.368935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:30:36.375250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:31:08.377689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:31:56.636782 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 12:31:56.636893 0.544461 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:57.181784 0.043260 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:57.225504 0.049822 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:57.275685 0.125869 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:57.401947 0.066361 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:57.468714 0.157900 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:57.627101 0.054883 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:57.682385 0.049404 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:57.732189 0.138258 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:57.870826 0.178362 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:58.049582 0.165855 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:58.215789 0.075465 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:58.291649 0.297174 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:58.589271 0.114563 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:58.704236 0.141936 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:58.846531 0.429067 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:59.021340 0.749854 tcp 10.0.2.109 61683 -> 188.129.248.221 6410 FSPA* 0 0 14 1718 flow=From-Botnet-V1-TCP-Established 1970/02/16 12:31:59.275980 0.073986 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:59.391483 0.050458 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:59.442496 0.096404 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:59.539281 0.056731 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:59.596436 0.131581 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:59.728436 0.165250 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:31:59.894098 0.319395 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:32:00.213858 0.159558 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:32:00.373837 0.188264 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:32:00.562529 0.384803 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:32:00.947736 0.113832 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:32:01.062014 0.321037 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:32:01.383474 0.174223 udp 10.0.2.109 3683 <-> 68.93.68.209 4930 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:32:01.558110 0.447431 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:32:02.005984 0.140960 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/16 12:37:12.384024 3.001107 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 12:37:19.391445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:37:27.392518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:37:43.395612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:38:15.411661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:44:19.417269 3.001688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 12:44:26.424771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:44:34.426902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:44:50.429539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:45:22.435286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:53:45.451173 3.001692 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 12:53:52.458541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:54:00.460258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:54:16.463348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 12:54:48.468977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:00:52.486768 2.989877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 13:00:59.482776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:01:07.484354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:01:23.487515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:01:55.493478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:01:59.779724 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 13:01:59.779923 0.488541 tcp 10.0.2.109 61684 -> 188.129.248.221 6410 FSPA* 0 0 14 1670 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:02:24.875621 0.149461 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.025520 0.051057 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.076992 0.049910 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.127282 0.125535 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.253230 0.075363 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.329007 0.156837 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.486349 0.054795 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.541600 0.052184 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.594177 0.177008 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.771639 0.079050 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:25.851060 0.314163 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:26.165637 0.128418 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:26.294496 0.142620 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:26.437482 0.178013 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:26.615847 0.166932 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:26.783154 0.422878 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:27.206457 0.068885 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:27.275706 0.056770 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:27.332914 0.088806 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:27.422168 0.054327 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:27.476933 0.131167 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:27.608464 0.163955 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:27.772773 0.149491 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:27.922679 0.318281 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:28.241342 0.160601 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:28.402354 0.376408 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:28.779192 0.113938 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:28.893575 0.321175 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:29.215158 0.000000 udp 10.0.2.109 3683 -> 68.93.68.209 4930 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 13:02:45.807059 0.063906 tcp 10.0.2.109 61685 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:02:45.871245 0.068009 tcp 10.0.2.109 61686 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:02:45.939565 0.198850 tcp 10.0.2.109 61687 -> 195.113.214.249 443 SRPA* 0 0 63 41207 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:02:46.137051 0.344635 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:02:46.482048 0.139574 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:08:15.512682 3.076403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 13:08:22.558808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:08:30.531181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:08:46.534054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:09:18.540266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:15:33.551890 3.043257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 13:15:40.574962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:15:48.570792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:16:04.573812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:16:36.580027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:22:45.596275 3.002180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 13:22:52.600735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:23:00.602104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:23:16.605111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:23:48.621043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:29:52.626961 3.001904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 13:29:59.633920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:30:07.636051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:30:23.639146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:30:55.645234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:32:00.268603 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 13:32:00.268717 3.006323 tcp 10.0.2.109 61688 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 13:32:09.271041 0.000000 tcp 10.0.2.109 61688 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 13:32:15.271139 0.061697 tcp 10.0.2.109 61689 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:32:15.333132 0.066710 tcp 10.0.2.109 61690 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:32:15.399755 0.522447 tcp 10.0.2.109 61691 -> 195.113.214.249 443 SRPA* 0 0 23 11472 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:32:16.599631 0.510750 tcp 10.0.2.109 61692 -> 5.178.194.36 4983 FSPA* 0 0 14 1501 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:33:05.592131 0.000000 udp 10.0.2.109 3683 -> 68.93.68.209 4930 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 13:33:10.458762 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 13:33:23.238068 0.065526 tcp 10.0.2.109 61693 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:33:23.303971 0.061518 tcp 10.0.2.109 61694 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:33:23.365777 0.153748 tcp 10.0.2.109 61695 -> 195.113.214.249 443 SRPA* 0 0 23 13142 flow=From-Botnet-V1-TCP-Established 1970/02/16 13:33:23.520139 0.047333 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:23.567907 0.050694 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:23.618977 0.127488 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:23.746882 0.069444 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:23.816774 0.164623 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:23.981808 0.106411 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:24.187080 0.079137 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:24.266616 0.302933 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:24.569945 0.102047 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:24.672386 0.056038 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:24.728879 0.050346 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:24.779645 0.137860 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:24.917943 0.181741 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:25.100153 0.165857 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:25.266517 0.144561 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:25.411482 0.049833 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:25.461719 0.091312 udp 10.0.2.109 3683 <-> 79.56.33.80 6113 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:25.553441 0.057995 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:25.611820 0.131059 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:25.743331 0.165521 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:25.909243 0.174820 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:26.084455 0.431246 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:26.516078 0.074314 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:26.590807 0.145316 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:26.736525 0.315243 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:27.052143 0.126491 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:27.179042 0.381014 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:27.560523 0.330201 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:27.891134 0.349134 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:33:28.240720 0.139396 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/16 13:36:59.650857 3.002045 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 13:37:06.658035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:37:14.659886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:37:30.662815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:38:02.669144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:44:06.675371 3.000715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 13:44:13.682429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:44:21.683916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:44:37.686567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:45:09.693102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:53:34.702080 3.001518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 13:53:41.709241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:53:49.710307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:54:05.713430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 13:54:37.726852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:00:41.725821 3.001589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 14:00:50.746280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:00:58.659387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:01:14.486993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:01:46.149827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:02:18.138668 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 14:02:18.138853 0.396588 tcp 10.0.2.109 61696 -> 5.178.194.36 4983 FSPA* 0 0 14 1580 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:03:58.506639 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 14:03:58.506844 0.128043 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:03:58.635267 0.072442 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:03:58.708115 0.047310 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:03:58.755798 0.050788 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:03:58.806942 0.164081 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:03:58.971390 0.059645 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:03:59.031433 0.074880 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:03:59.106842 0.298471 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:03:59.405692 0.556047 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:03:59.962126 0.056248 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:00.018868 0.056731 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:00.076040 0.144432 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:00.220948 0.186076 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:00.407455 0.167790 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:00.575605 0.144111 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:00.720109 0.061331 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:00.781894 0.000000 udp 10.0.2.109 3683 -> 79.56.33.80 6113 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 14:04:18.156118 0.068740 tcp 10.0.2.109 61697 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:04:18.225201 0.061751 tcp 10.0.2.109 61698 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:04:18.287273 0.163336 tcp 10.0.2.109 61699 -> 195.113.214.249 443 SRPA* 0 0 70 69958 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:04:18.451983 0.063431 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:18.515885 0.130979 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:18.647255 0.165599 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:18.813249 0.071593 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:18.885261 0.153037 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:19.038757 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 14:04:35.930216 0.068067 tcp 10.0.2.109 61700 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:04:35.998569 0.060356 tcp 10.0.2.109 61701 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:04:36.059260 0.152075 tcp 10.0.2.109 61702 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:04:36.211869 0.430761 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:36.643068 0.316442 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:36.959927 0.113948 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:37.074481 0.386033 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:37.460937 0.321429 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:37.782819 0.346353 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:04:38.203896 0.142363 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:07:51.763461 3.002168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 14:07:58.771346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:08:06.772520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:08:22.776031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:08:54.782142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:15:06.800082 3.001388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 14:15:13.807046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:15:21.808826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:15:37.811066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:16:09.817448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:22:13.824106 3.001694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 14:22:20.831645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:22:28.833186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:22:44.835245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:23:17.084372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:29:20.857524 3.001428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 14:29:27.865032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:29:35.866200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:29:51.869369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:30:23.875535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:32:17.509150 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 14:32:17.509307 0.449136 tcp 10.0.2.109 61703 -> 5.178.194.36 4983 FSPA* 0 0 14 1646 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:35:05.343351 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 14:35:05.343549 0.000000 udp 10.0.2.109 3683 -> 79.56.33.80 6113 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 14:35:22.666790 0.066754 tcp 10.0.2.109 61704 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:35:22.733841 0.067469 tcp 10.0.2.109 61705 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:35:22.801647 0.154968 tcp 10.0.2.109 61706 -> 195.113.214.249 443 SRPA* 0 0 22 13124 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:35:22.957166 0.149479 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:23.107047 0.050181 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:23.157584 0.070442 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:23.271111 0.058110 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:23.329651 0.074969 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:23.405037 0.292529 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:23.698017 0.159239 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:23.857655 0.046569 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:23.904572 0.130468 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:24.035488 0.137298 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:24.173227 0.186594 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:24.360175 0.166787 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:24.527309 0.142441 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:24.670141 0.053842 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:24.724428 0.104478 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:24.829322 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 14:35:42.413882 0.059644 tcp 10.0.2.109 61707 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:35:42.473832 0.065321 tcp 10.0.2.109 61708 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:35:42.539088 0.162568 tcp 10.0.2.109 61709 -> 195.113.214.249 443 SRPA* 0 0 41 22012 flow=From-Botnet-V1-TCP-Established 1970/02/16 14:35:42.702372 0.051912 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:42.754711 0.059980 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:42.815085 0.130117 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:42.945554 0.165386 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:43.111388 0.073125 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:43.184987 0.161508 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:43.346935 0.420647 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:43.768104 0.313423 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:44.167458 0.322766 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:44.490610 0.343764 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:44.834717 0.140789 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:44.975880 0.138747 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:35:45.115023 0.380968 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/16 14:36:27.881183 3.002005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 14:36:34.888935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:36:42.890483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:36:58.893172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:37:30.899317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:43:34.906460 3.000668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 14:43:41.912701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:43:49.914407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:44:06.095208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:44:37.933243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:50:41.940211 3.000847 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 14:50:48.947186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:50:56.948275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:51:12.951198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:51:44.957244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:57:48.963178 3.001957 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 14:57:55.975752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:58:03.972412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:58:19.975466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 14:58:51.981301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:02:17.957851 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 15:02:17.957949 0.566065 tcp 10.0.2.109 61710 -> 5.178.194.36 4983 FSPA* 0 0 14 1498 flow=From-Botnet-V1-TCP-Established 1970/02/16 15:05:19.000114 3.002096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 15:05:26.007751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:05:34.009389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:05:50.012103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:06:02.801365 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 15:06:02.801577 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 15:06:21.479925 0.062542 tcp 10.0.2.109 61711 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 15:06:21.542757 0.063920 tcp 10.0.2.109 61712 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 15:06:21.606544 0.153758 tcp 10.0.2.109 61713 -> 195.113.214.249 443 SRPA* 0 0 35 16804 flow=From-Botnet-V1-TCP-Established 1970/02/16 15:06:21.759168 0.049763 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:21.809322 0.067539 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:21.877247 0.286921 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:22.018559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:06:22.164547 0.069241 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:22.234295 0.297310 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:22.532045 0.162756 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:22.695269 0.042338 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:22.738070 0.151596 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:22.890257 0.181170 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:23.071845 0.167058 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:23.239306 0.145402 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:23.385230 0.050257 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:23.435917 0.104233 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:23.664187 0.126812 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:23.791433 0.137401 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:23.929302 0.131567 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:24.061252 0.056027 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:24.117741 0.063444 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:24.181616 0.167715 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:24.349751 0.072154 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:24.422361 0.161186 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:24.583957 0.458880 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:25.043272 0.345707 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:25.389417 0.315980 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:25.705853 0.329863 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:26.036176 0.375931 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:26.412520 0.141519 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:06:26.554606 0.126145 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:12:29.029422 3.001056 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 15:12:36.035996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:12:44.037343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:13:00.040967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:13:32.047613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:19:41.059786 3.002786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 15:19:48.067217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:19:56.068722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:20:12.071673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:20:44.077711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:26:51.087994 3.001685 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 15:26:58.101759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:27:06.097121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:27:22.099928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:27:54.105999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:32:18.527013 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 15:32:18.527199 0.594820 tcp 10.0.2.109 61714 -> 5.178.194.36 4983 FSPA* 0 0 15 1719 flow=From-Botnet-V1-TCP-Established 1970/02/16 15:33:58.112924 3.029470 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 15:34:05.132365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:34:13.131822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:34:29.133966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:35:01.140562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:36:46.497299 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 15:36:46.497406 0.420420 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:46.918498 0.074137 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:46.993057 0.048719 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:47.042239 0.067076 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:47.109760 0.283303 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:47.393521 0.160197 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:47.554133 0.041288 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:47.595861 0.148979 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:47.745272 0.177424 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:47.923171 0.048906 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:47.972539 0.121025 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:48.093979 0.127367 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:48.221768 0.167108 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:48.389311 0.144234 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:48.533996 0.144904 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:48.679355 0.130892 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:48.810659 0.049705 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:48.860786 0.056832 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:48.918036 0.175273 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:49.093785 0.068757 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:49.162965 0.161894 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:49.371073 0.452204 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:49.823697 0.325880 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:50.150014 0.349237 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:50.499621 0.314596 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:50.814650 0.126957 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:50.942034 0.383367 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:36:51.325789 0.139396 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/16 15:41:05.146576 3.001147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 15:41:12.153414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:41:20.155064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:41:36.157914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:42:08.164100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:48:12.169814 3.001758 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 15:48:19.177501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:48:27.178788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:48:43.181953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:49:15.233334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:55:46.219615 2.998229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 15:55:53.220290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:56:01.221992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:56:17.224705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 15:56:49.231037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:02:19.125904 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:02:19.126089 2.993333 tcp 10.0.2.109 61715 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:02:28.117974 0.000000 tcp 10.0.2.109 61715 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:02:34.128346 0.063464 tcp 10.0.2.109 61716 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:02:34.192074 0.065435 tcp 10.0.2.109 61717 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:02:34.257832 0.238429 tcp 10.0.2.109 61718 -> 195.113.214.249 443 SRPA* 0 0 66 45870 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:02:34.802804 2.999263 tcp 10.0.2.109 61719 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:02:43.800518 0.000000 tcp 10.0.2.109 61719 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:02:49.800123 0.060191 tcp 10.0.2.109 61720 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:02:49.860619 0.063913 tcp 10.0.2.109 61721 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:02:49.924784 0.181784 tcp 10.0.2.109 61722 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:02:50.123670 3.000737 tcp 10.0.2.109 61723 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:02:53.247121 3.006105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 16:02:59.122655 0.000000 tcp 10.0.2.109 61723 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:03:00.254405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:03:05.123737 0.102046 tcp 10.0.2.109 61724 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:03:05.226317 0.064144 tcp 10.0.2.109 61725 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:03:05.290788 0.153136 tcp 10.0.2.109 61726 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:03:05.924263 2.994125 tcp 10.0.2.109 61727 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:03:08.271543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:03:14.905321 0.000000 tcp 10.0.2.109 61727 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:03:20.894513 0.061160 tcp 10.0.2.109 61728 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:03:20.955974 0.064798 tcp 10.0.2.109 61729 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:03:21.021059 0.151358 tcp 10.0.2.109 61730 -> 195.113.214.249 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:03:21.366273 2.992839 tcp 10.0.2.109 61731 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:03:24.259052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:03:30.367428 0.000000 tcp 10.0.2.109 61731 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:03:36.368139 2.992817 tcp 10.0.2.109 61732 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:03:45.359274 0.000000 tcp 10.0.2.109 61732 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:03:51.367984 3.003998 tcp 10.0.2.109 61733 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:03:56.264851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:04:00.370711 0.000000 tcp 10.0.2.109 61733 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:04:06.369624 3.004170 tcp 10.0.2.109 61734 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:04:10.966024 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:04:15.372489 0.000000 tcp 10.0.2.109 61734 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:06:59.909202 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:06:59.909307 0.059846 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:06:59.969629 0.075057 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:00.045129 0.050843 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:00.158576 0.071546 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:00.230481 0.298100 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:00.528994 0.165269 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:00.694702 0.041845 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:00.736998 0.149560 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:00.886975 0.184444 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:01.071926 0.049503 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:01.121870 0.103517 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:01.225824 0.127361 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:01.353590 0.232582 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:01.586563 0.143368 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:01.730369 0.137201 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:01.867939 0.131452 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:01.999775 0.049166 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:02.049340 0.059676 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:02.109438 0.141165 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:02.250974 0.422471 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:02.673909 0.173882 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:02.848199 0.072902 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:02.921492 0.323297 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:03.245186 0.347499 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:03.593167 0.316158 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:03.909813 0.138579 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:04.048799 0.386991 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:07:04.436185 0.142756 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:09:21.372999 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:09:21.373098 3.003549 tcp 10.0.2.109 61735 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:09:30.375458 0.000000 tcp 10.0.2.109 61735 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:09:36.375570 0.063211 tcp 10.0.2.109 61736 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:09:36.439081 0.065732 tcp 10.0.2.109 61737 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:09:36.504667 0.152694 tcp 10.0.2.109 61738 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:09:36.768670 3.000065 tcp 10.0.2.109 61739 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:09:45.777193 0.000000 tcp 10.0.2.109 61739 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:09:51.766440 0.062785 tcp 10.0.2.109 61740 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:09:51.829607 0.065751 tcp 10.0.2.109 61741 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:09:51.895638 0.166742 tcp 10.0.2.109 61742 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:09:52.142909 2.988525 tcp 10.0.2.109 61743 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:10:00.269993 4.939923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 16:10:01.129224 0.000000 tcp 10.0.2.109 61743 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:10:09.029252 0.061446 tcp 10.0.2.109 61744 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:10:09.091027 0.064294 tcp 10.0.2.109 61745 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:10:09.155629 0.166785 tcp 10.0.2.109 61746 -> 195.113.214.249 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:10:09.167705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:10:09.392888 2.965424 tcp 10.0.2.109 61747 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:10:17.081832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:10:18.290417 0.000000 tcp 10.0.2.109 61747 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:10:24.216527 0.062972 tcp 10.0.2.109 61748 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:10:24.279819 0.061238 tcp 10.0.2.109 61749 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:10:24.341375 0.157372 tcp 10.0.2.109 61750 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:10:24.541628 2.964077 tcp 10.0.2.109 61751 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:10:32.891914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:10:33.433659 0.000000 tcp 10.0.2.109 61751 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:10:39.361878 2.961222 tcp 10.0.2.109 61752 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:10:48.253664 0.000000 tcp 10.0.2.109 61752 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:10:54.182807 2.955068 tcp 10.0.2.109 61753 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:11:03.070058 0.000000 tcp 10.0.2.109 61753 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:11:04.508332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:11:08.999159 2.961529 tcp 10.0.2.109 61754 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:11:13.577794 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:11:17.888050 0.000000 tcp 10.0.2.109 61754 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:16:22.838966 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:16:22.839080 3.003506 tcp 10.0.2.109 61755 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:16:31.841084 0.000000 tcp 10.0.2.109 61755 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:16:37.841522 0.061342 tcp 10.0.2.109 61756 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:16:37.902696 0.069294 tcp 10.0.2.109 61757 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:16:37.971812 0.149810 tcp 10.0.2.109 61758 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:16:38.185483 2.999273 tcp 10.0.2.109 61759 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:16:47.183129 0.000000 tcp 10.0.2.109 61759 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:16:53.182439 0.059990 tcp 10.0.2.109 61760 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:16:53.242738 0.112918 tcp 10.0.2.109 61761 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:16:53.355480 0.152079 tcp 10.0.2.109 61762 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:16:53.770085 3.006453 tcp 10.0.2.109 61763 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:17:02.775516 0.000000 tcp 10.0.2.109 61763 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:17:07.293783 3.002778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 16:17:08.764668 0.062275 tcp 10.0.2.109 61764 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:17:08.827226 0.064297 tcp 10.0.2.109 61765 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:17:08.891790 0.155726 tcp 10.0.2.109 61766 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:17:09.110204 2.998848 tcp 10.0.2.109 61767 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:17:14.302081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:17:18.117519 0.000000 tcp 10.0.2.109 61767 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:17:22.303808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:17:24.106642 0.062258 tcp 10.0.2.109 61768 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:17:24.169176 0.067441 tcp 10.0.2.109 61769 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:17:24.236940 0.152460 tcp 10.0.2.109 61770 -> 195.113.214.249 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:17:24.747920 3.003328 tcp 10.0.2.109 61771 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:17:33.750295 0.000000 tcp 10.0.2.109 61771 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:17:38.306948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:17:39.749002 3.004152 tcp 10.0.2.109 61772 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:17:48.751597 0.000000 tcp 10.0.2.109 61772 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:17:54.750802 3.003795 tcp 10.0.2.109 61773 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:18:03.753255 0.000000 tcp 10.0.2.109 61773 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:18:08.459766 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:18:09.751556 3.004043 tcp 10.0.2.109 61774 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:18:10.312668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:18:18.754213 0.000000 tcp 10.0.2.109 61774 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:23:24.755368 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:23:24.755491 2.993831 tcp 10.0.2.109 61775 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:23:33.757878 0.000000 tcp 10.0.2.109 61775 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:23:39.758082 0.065302 tcp 10.0.2.109 61776 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:23:39.823725 0.064951 tcp 10.0.2.109 61777 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:23:39.889005 0.147980 tcp 10.0.2.109 61778 -> 195.113.214.249 443 SRPA* 0 0 21 10738 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:23:40.363204 2.998296 tcp 10.0.2.109 61779 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:23:49.360190 0.000000 tcp 10.0.2.109 61779 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:23:55.359425 0.060805 tcp 10.0.2.109 61780 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:23:55.420542 0.062470 tcp 10.0.2.109 61781 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:23:55.483415 0.158052 tcp 10.0.2.109 61782 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:23:55.844135 2.999628 tcp 10.0.2.109 61783 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:24:04.842012 0.000000 tcp 10.0.2.109 61783 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:24:10.841428 0.066277 tcp 10.0.2.109 61784 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:24:10.908021 0.062086 tcp 10.0.2.109 61785 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:24:10.970471 0.151326 tcp 10.0.2.109 61786 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:24:11.474570 3.004625 tcp 10.0.2.109 61787 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:24:16.322241 3.001040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 16:24:20.474987 0.000000 tcp 10.0.2.109 61787 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:24:23.329359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:24:26.473629 2.995154 tcp 10.0.2.109 61788 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:24:31.330612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:24:35.476616 0.000000 tcp 10.0.2.109 61788 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:24:41.475204 2.994259 tcp 10.0.2.109 61789 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:24:47.333499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:24:50.468251 0.000000 tcp 10.0.2.109 61789 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:24:55.465131 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:25:19.339596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:31:23.345928 3.001438 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 16:31:30.353125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:31:38.354677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:31:54.357484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:32:26.366675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:37:21.338319 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:37:21.338462 0.052792 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:21.645859 0.074975 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:21.777606 0.075461 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:21.978942 0.109343 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:22.046875 0.293264 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 1995 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:22.476567 0.173749 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:22.639490 0.052004 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:23.979846 0.152393 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:24.130465 0.191339 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:25.498279 0.064679 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:25.547837 0.144330 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:25.762727 0.139810 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:25.892689 0.175428 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:26.230479 0.167675 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:26.533045 2.996139 tcp 10.0.2.109 61790 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:37:26.547722 0.239199 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:27.151794 0.143237 rtcp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:27.287297 0.069886 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2549 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:27.369754 0.099231 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:27.428619 0.170293 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:28.054420 0.107304 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:28.125644 0.204964 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 1992 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:28.341480 0.445211 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:28.803794 0.326492 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:29.127315 0.355600 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:29.602655 0.315789 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:30.048673 0.118017 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:30.255224 0.406655 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:30.643180 0.252465 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/16 16:37:35.528149 0.000000 tcp 10.0.2.109 61790 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:37:41.528435 0.062110 tcp 10.0.2.109 61791 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:37:41.590867 0.066527 tcp 10.0.2.109 61792 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:37:41.657669 0.155463 tcp 10.0.2.109 61793 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:37:42.056815 2.994953 tcp 10.0.2.109 61794 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:37:51.050475 0.000000 tcp 10.0.2.109 61794 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:37:57.049612 0.063142 tcp 10.0.2.109 61795 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:37:57.113003 0.062320 tcp 10.0.2.109 61796 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:37:57.175699 0.150266 tcp 10.0.2.109 61797 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:37:57.467637 3.006402 tcp 10.0.2.109 61798 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:38:06.472382 0.000000 tcp 10.0.2.109 61798 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:38:12.461323 3.004279 tcp 10.0.2.109 61799 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:38:21.463965 0.000000 tcp 10.0.2.109 61799 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:38:30.369758 3.133294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 16:38:37.473310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:38:45.411485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:39:01.391491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:39:33.532366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:43:27.467289 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:43:27.467431 2.990862 tcp 10.0.2.109 61800 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:43:36.467012 0.000000 tcp 10.0.2.109 61800 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:43:42.467192 0.066071 tcp 10.0.2.109 61801 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:43:42.533582 0.063017 tcp 10.0.2.109 61802 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:43:42.596912 0.162143 tcp 10.0.2.109 61803 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:43:43.114424 2.996462 tcp 10.0.2.109 61804 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:43:52.109550 0.000000 tcp 10.0.2.109 61804 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:43:58.108554 0.066469 tcp 10.0.2.109 61805 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:43:58.175446 0.062917 tcp 10.0.2.109 61806 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:43:58.238658 0.154615 tcp 10.0.2.109 61807 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:43:58.706526 2.996748 tcp 10.0.2.109 61808 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:44:07.702003 0.000000 tcp 10.0.2.109 61808 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:44:13.707486 0.064537 tcp 10.0.2.109 61809 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:44:13.771855 0.063041 tcp 10.0.2.109 61810 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:44:13.835242 0.151304 tcp 10.0.2.109 61811 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:44:14.065939 2.999405 tcp 10.0.2.109 61812 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:44:23.063747 0.000000 tcp 10.0.2.109 61812 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:44:29.052852 3.004165 tcp 10.0.2.109 61813 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:44:38.055088 0.000000 tcp 10.0.2.109 61813 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:44:44.053870 2.994628 tcp 10.0.2.109 61814 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:44:53.057099 0.000000 tcp 10.0.2.109 61814 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:44:57.964434 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:45:37.413497 3.001736 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 16:45:44.421015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:45:52.422487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:46:08.425527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:46:40.432067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:49:59.057640 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:49:59.057829 3.003472 tcp 10.0.2.109 61815 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:50:08.060032 0.000000 tcp 10.0.2.109 61815 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:50:14.060425 0.061231 tcp 10.0.2.109 61816 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:50:14.121939 0.068402 tcp 10.0.2.109 61817 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:50:14.190671 0.153264 tcp 10.0.2.109 61818 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:50:14.489133 3.004534 tcp 10.0.2.109 61819 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:50:23.492431 0.000000 tcp 10.0.2.109 61819 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:50:29.491290 0.104263 tcp 10.0.2.109 61820 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:50:29.595832 0.066467 tcp 10.0.2.109 61821 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:50:29.662635 0.155698 tcp 10.0.2.109 61822 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:50:29.945569 2.999569 tcp 10.0.2.109 61823 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:50:38.944359 0.000000 tcp 10.0.2.109 61823 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:50:44.943884 0.061355 tcp 10.0.2.109 61824 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:50:45.005667 0.109793 tcp 10.0.2.109 61825 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:50:45.115731 0.151260 tcp 10.0.2.109 61826 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:50:45.283507 2.994516 tcp 10.0.2.109 61827 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:50:54.286530 0.000000 tcp 10.0.2.109 61827 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:51:00.285095 2.994370 tcp 10.0.2.109 61828 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:51:09.278091 0.000000 tcp 10.0.2.109 61828 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:51:15.286782 2.994376 tcp 10.0.2.109 61829 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:51:24.279812 0.000000 tcp 10.0.2.109 61829 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:54:29.439854 3.000341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 16:54:36.445773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:54:44.447445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:55:00.450568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:55:32.456468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 16:56:30.290089 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 16:56:30.290211 3.003602 tcp 10.0.2.109 61830 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:56:39.292613 0.000000 tcp 10.0.2.109 61830 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:56:45.293006 0.065185 tcp 10.0.2.109 61831 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:56:45.358475 0.062944 tcp 10.0.2.109 61832 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:56:45.421675 0.155579 tcp 10.0.2.109 61833 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:56:45.797671 3.008500 tcp 10.0.2.109 61834 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:56:54.804147 0.000000 tcp 10.0.2.109 61834 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:57:00.794969 0.061074 tcp 10.0.2.109 61835 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:57:00.855897 0.061882 tcp 10.0.2.109 61836 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:57:00.918254 0.150317 tcp 10.0.2.109 61837 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:57:01.205332 2.993078 tcp 10.0.2.109 61838 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:57:10.206760 0.000000 tcp 10.0.2.109 61838 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:57:16.206048 0.064306 tcp 10.0.2.109 61839 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:57:16.270193 0.063931 tcp 10.0.2.109 61840 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:57:16.334484 0.157842 tcp 10.0.2.109 61841 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 16:57:16.620494 2.999746 tcp 10.0.2.109 61842 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:57:25.618999 0.000000 tcp 10.0.2.109 61842 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:57:31.618952 3.002839 tcp 10.0.2.109 61843 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:57:40.620489 0.000000 tcp 10.0.2.109 61843 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:57:46.619433 3.007582 tcp 10.0.2.109 61844 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:57:55.622596 0.000000 tcp 10.0.2.109 61844 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 16:58:00.459190 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:01:59.475463 3.001670 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 17:02:06.485520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:02:14.484351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:02:30.488758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:03:01.622621 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:03:01.622816 3.003772 tcp 10.0.2.109 61845 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:03:02.495662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:03:10.624990 0.000000 tcp 10.0.2.109 61845 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:03:16.626211 0.060645 tcp 10.0.2.109 61846 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:03:16.687074 0.062332 tcp 10.0.2.109 61847 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:03:16.749749 0.153066 tcp 10.0.2.109 61848 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:03:17.075622 2.993040 tcp 10.0.2.109 61849 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:03:26.077021 0.000000 tcp 10.0.2.109 61849 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:07:36.890913 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:07:36.891104 0.075981 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:37.318491 0.053141 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:37.546082 0.077958 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:37.605481 0.169824 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:37.764121 0.113926 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:38.013328 0.289708 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:38.986702 0.051546 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:39.036872 0.156273 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:39.219361 0.157908 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:39.334284 0.141562 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:39.660133 0.189537 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:39.842676 0.069336 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:39.894976 0.174281 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:40.165560 0.167285 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:40.434446 0.161288 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2538 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:40.590456 0.141631 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:40.838443 0.068696 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:40.889725 0.099197 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:41.124262 0.194117 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:41.272522 0.448899 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:41.895166 0.176200 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:42.104866 0.102839 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:42.171722 0.323884 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:42.560254 0.351197 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:42.907363 0.397574 rtp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:43.285225 0.166644 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2001 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:43.814312 0.313148 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:07:44.415569 0.128344 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:08:32.078096 3.003461 tcp 10.0.2.109 61850 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:08:36.967017 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:08:41.080484 0.000000 tcp 10.0.2.109 61850 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:08:47.080330 0.068429 tcp 10.0.2.109 61851 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:08:47.149134 0.064851 tcp 10.0.2.109 61852 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:08:47.214428 0.148013 tcp 10.0.2.109 61853 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:08:47.412803 3.000714 tcp 10.0.2.109 61854 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:08:56.412357 0.000000 tcp 10.0.2.109 61854 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:09:02.411519 0.064240 tcp 10.0.2.109 61855 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:09:02.476092 0.061233 tcp 10.0.2.109 61856 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:09:02.537647 0.161130 tcp 10.0.2.109 61857 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:09:02.876337 2.999539 tcp 10.0.2.109 61858 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:09:12.279674 0.000000 tcp 10.0.2.109 61858 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:09:18.219911 0.063968 tcp 10.0.2.109 61859 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:09:18.284175 0.061638 tcp 10.0.2.109 61860 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:09:18.346159 0.154668 tcp 10.0.2.109 61861 -> 195.113.214.249 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:09:18.526835 2.971672 tcp 10.0.2.109 61862 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:09:26.772330 2.974878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 17:09:27.450792 0.000000 tcp 10.0.2.109 61862 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:09:33.378560 2.967953 tcp 10.0.2.109 61863 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:09:33.716454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:09:41.644716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:09:42.291577 0.000000 tcp 10.0.2.109 61863 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:09:48.242719 2.971063 tcp 10.0.2.109 61864 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:09:57.169508 0.000000 tcp 10.0.2.109 61864 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:09:57.520354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:10:29.526646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:15:03.180153 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:15:03.180256 3.003689 tcp 10.0.2.109 61865 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:15:12.182591 0.000000 tcp 10.0.2.109 61865 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:15:18.183336 0.064290 tcp 10.0.2.109 61866 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:15:18.247910 0.064000 tcp 10.0.2.109 61867 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:15:18.312232 0.154192 tcp 10.0.2.109 61868 -> 195.113.214.249 443 SRPA* 0 0 21 11340 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:15:18.589268 3.007001 tcp 10.0.2.109 61869 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:15:27.594722 0.000000 tcp 10.0.2.109 61869 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:15:33.583642 0.063029 tcp 10.0.2.109 61870 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:15:33.646983 0.061547 tcp 10.0.2.109 61871 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:15:33.708843 0.148716 tcp 10.0.2.109 61872 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:15:34.203550 2.994566 tcp 10.0.2.109 61873 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:15:43.207185 0.000000 tcp 10.0.2.109 61873 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:15:49.196266 0.060585 tcp 10.0.2.109 61874 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:15:49.257141 0.061221 tcp 10.0.2.109 61875 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:15:49.318661 0.156408 tcp 10.0.2.109 61876 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:15:49.514817 2.995537 tcp 10.0.2.109 61877 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:15:58.509157 0.000000 tcp 10.0.2.109 61877 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:16:04.509844 3.002762 tcp 10.0.2.109 61878 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:16:13.510794 0.000000 tcp 10.0.2.109 61878 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:16:19.562580 2.984879 tcp 10.0.2.109 61879 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:16:28.512683 0.000000 tcp 10.0.2.109 61879 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:16:33.459164 0.096463 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:16:33.618924 2.980093 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 17:16:40.571537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:16:48.541131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:17:04.544054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:17:36.550264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:21:34.513183 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:21:34.513271 3.003506 tcp 10.0.2.109 61880 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:21:43.515195 0.000000 tcp 10.0.2.109 61880 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:21:49.515376 0.065036 tcp 10.0.2.109 61881 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:21:49.580738 0.185306 tcp 10.0.2.109 61882 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:21:49.766372 0.153390 tcp 10.0.2.109 61883 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:21:50.406700 2.970001 tcp 10.0.2.109 61884 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:21:59.331945 0.000000 tcp 10.0.2.109 61884 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:22:05.307280 0.064577 tcp 10.0.2.109 61885 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:22:05.372079 0.064097 tcp 10.0.2.109 61886 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:22:05.436448 0.156683 tcp 10.0.2.109 61887 -> 195.113.214.249 443 SRPA* 0 0 23 11450 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:22:05.774228 2.996815 tcp 10.0.2.109 61888 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:22:14.769848 0.000000 tcp 10.0.2.109 61888 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:22:20.769278 0.064736 tcp 10.0.2.109 61889 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:22:20.834267 0.064816 tcp 10.0.2.109 61890 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:22:20.899447 0.155401 tcp 10.0.2.109 61891 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:22:21.309150 3.008404 tcp 10.0.2.109 61892 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:22:30.312691 0.000000 tcp 10.0.2.109 61892 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:22:36.301260 3.004088 tcp 10.0.2.109 61893 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:22:45.303976 0.000000 tcp 10.0.2.109 61893 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:22:51.302948 3.004015 tcp 10.0.2.109 61894 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:23:00.305549 0.000000 tcp 10.0.2.109 61894 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:23:04.962440 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:23:40.557173 3.000512 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 17:23:47.581149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:23:55.574910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:24:11.578067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:24:43.583972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:28:06.306495 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:28:06.306660 2.993208 tcp 10.0.2.109 61895 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:28:15.298699 0.000000 tcp 10.0.2.109 61895 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:28:21.309162 0.065736 tcp 10.0.2.109 61896 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:28:21.375239 0.063012 tcp 10.0.2.109 61897 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:28:21.438554 0.154344 tcp 10.0.2.109 61898 -> 195.113.214.249 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:28:21.621607 3.000341 tcp 10.0.2.109 61899 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:28:30.620508 0.000000 tcp 10.0.2.109 61899 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:28:36.619658 0.064769 tcp 10.0.2.109 61900 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:28:36.684766 0.061071 tcp 10.0.2.109 61901 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:28:36.746127 0.152563 tcp 10.0.2.109 61902 -> 195.113.214.249 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:28:37.013148 3.001204 tcp 10.0.2.109 61903 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:28:46.015349 0.000000 tcp 10.0.2.109 61903 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:28:52.011898 0.064378 tcp 10.0.2.109 61904 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:28:52.076571 0.061353 tcp 10.0.2.109 61905 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:28:52.138280 0.148939 tcp 10.0.2.109 61906 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:28:52.613257 3.002874 tcp 10.0.2.109 61907 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:29:01.615205 0.000000 tcp 10.0.2.109 61907 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:29:07.603741 2.994324 tcp 10.0.2.109 61908 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:29:16.606370 0.000000 tcp 10.0.2.109 61908 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:29:22.605415 2.993945 tcp 10.0.2.109 61909 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:29:31.598423 0.000000 tcp 10.0.2.109 61909 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:29:36.455136 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:30:47.590459 3.001487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 17:30:54.597643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:31:02.599174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:31:18.602216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:31:50.608164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:37:54.613764 3.001634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 17:38:01.621705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:38:04.446096 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:38:04.446340 0.075667 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:04.728649 0.172937 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:04.890688 0.111851 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:04.994854 0.300284 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:05.431595 0.052758 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:05.615046 0.075461 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:05.672957 0.051059 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:05.910621 0.193054 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:06.102595 0.152304 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:06.217557 0.137130 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:06.352869 0.187477 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:06.531925 0.068886 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:06.686854 0.175699 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:06.858604 0.170500 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:07.004527 0.155140 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:07.312975 0.146667 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:07.450750 0.067134 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:07.678651 3.005335 tcp 10.0.2.109 61910 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:38:07.724448 0.098544 rtcp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:07.780940 0.211182 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:07.962687 0.425253 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:08.408465 0.167789 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:08.752564 0.107835 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:08.819344 0.324309 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:09.141078 0.352860 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:09.490276 0.313968 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2648 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:09.623138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:38:09.930983 0.127767 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:10.282759 0.395106 rtp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:10.657078 0.227253 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/16 17:38:16.689472 0.000000 tcp 10.0.2.109 61910 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:38:22.673364 0.066739 tcp 10.0.2.109 61911 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:38:22.740367 0.062062 tcp 10.0.2.109 61912 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:38:22.802457 0.149700 tcp 10.0.2.109 61913 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:38:23.326542 3.000660 tcp 10.0.2.109 61914 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:38:25.626912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:38:32.327091 0.000000 tcp 10.0.2.109 61914 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:38:38.325391 0.059825 tcp 10.0.2.109 61915 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:38:38.385545 0.065736 tcp 10.0.2.109 61916 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:38:38.451608 0.159502 tcp 10.0.2.109 61917 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:38:38.931949 2.997515 tcp 10.0.2.109 61918 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:38:47.928634 0.000000 tcp 10.0.2.109 61918 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:38:53.926712 2.994307 tcp 10.0.2.109 61919 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:38:57.631997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:39:02.919576 0.000000 tcp 10.0.2.109 61919 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:44:08.931186 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:44:08.931303 3.002957 tcp 10.0.2.109 61920 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:44:17.932484 0.000000 tcp 10.0.2.109 61920 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:44:23.932765 0.063893 tcp 10.0.2.109 61921 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:44:23.996938 0.064793 tcp 10.0.2.109 61922 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:44:24.062030 0.208381 tcp 10.0.2.109 61923 -> 195.113.214.249 443 SRPA* 0 0 80 77382 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:44:24.913676 3.002962 tcp 10.0.2.109 61924 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:44:33.915032 0.000000 tcp 10.0.2.109 61924 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:44:39.914655 0.063250 tcp 10.0.2.109 61925 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:44:39.978352 0.061841 tcp 10.0.2.109 61926 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:44:40.040487 0.151829 tcp 10.0.2.109 61927 -> 195.113.214.249 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:44:40.568803 3.004168 tcp 10.0.2.109 61928 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:44:49.567934 0.000000 tcp 10.0.2.109 61928 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:44:55.567146 0.074078 tcp 10.0.2.109 61929 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:44:55.641583 0.060564 tcp 10.0.2.109 61930 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:44:55.702433 0.153805 tcp 10.0.2.109 61931 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:44:55.994697 2.996928 tcp 10.0.2.109 61932 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:45:01.638375 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 17:45:04.990164 0.000000 tcp 10.0.2.109 61932 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:45:08.645310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:45:10.988988 3.004303 tcp 10.0.2.109 61933 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:45:16.648060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:45:19.995077 0.000000 tcp 10.0.2.109 61933 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:45:25.990725 3.005262 tcp 10.0.2.109 61934 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:45:32.650016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:45:34.996991 0.000000 tcp 10.0.2.109 61934 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:45:39.964813 0.130661 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:46:04.657018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:50:40.993933 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:50:40.994062 2.993634 tcp 10.0.2.109 61935 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:50:49.996096 0.000000 tcp 10.0.2.109 61935 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:50:55.996830 0.063515 tcp 10.0.2.109 61936 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:50:56.060603 0.064430 tcp 10.0.2.109 61937 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:50:56.125433 0.153915 tcp 10.0.2.109 61938 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:50:56.477412 3.002433 tcp 10.0.2.109 61939 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:51:05.478619 0.000000 tcp 10.0.2.109 61939 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:51:11.477883 1.338874 tcp 10.0.2.109 61940 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:51:12.817078 0.064151 tcp 10.0.2.109 61941 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:51:12.881540 0.158484 tcp 10.0.2.109 61942 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:51:13.260802 2.968781 tcp 10.0.2.109 61943 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:51:22.340709 0.000000 tcp 10.0.2.109 61943 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:51:28.266030 0.064078 tcp 10.0.2.109 61944 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:51:28.330431 0.062349 tcp 10.0.2.109 61945 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:51:28.392621 0.152631 tcp 10.0.2.109 61946 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:51:29.010685 2.961583 tcp 10.0.2.109 61947 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:51:37.900212 0.000000 tcp 10.0.2.109 61947 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:51:43.828446 2.961752 tcp 10.0.2.109 61948 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:51:52.718372 0.000000 tcp 10.0.2.109 61948 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:51:58.645637 2.960048 tcp 10.0.2.109 61949 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:52:07.539354 0.000000 tcp 10.0.2.109 61949 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:52:12.199416 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:54:12.670372 3.001515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 17:54:19.677767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:54:27.679333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:54:43.682530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:55:15.687811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 17:57:12.758173 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 17:57:12.758324 2.999004 tcp 10.0.2.109 61950 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:57:21.750385 0.000000 tcp 10.0.2.109 61950 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:57:27.760161 0.062528 tcp 10.0.2.109 61951 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:57:27.823037 0.065604 tcp 10.0.2.109 61952 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:57:27.888952 0.150345 tcp 10.0.2.109 61953 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:57:28.313992 3.002477 tcp 10.0.2.109 61954 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:57:37.311886 0.000000 tcp 10.0.2.109 61954 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:57:43.311121 0.063488 tcp 10.0.2.109 61955 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:57:43.375010 0.060861 tcp 10.0.2.109 61956 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:57:43.436184 0.158567 tcp 10.0.2.109 61957 -> 195.113.214.249 443 SRPA* 0 0 36 18768 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:57:43.686732 2.999637 tcp 10.0.2.109 61958 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:57:52.683727 0.000000 tcp 10.0.2.109 61958 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:57:58.687193 0.060845 tcp 10.0.2.109 61959 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:57:58.748320 0.062441 tcp 10.0.2.109 61960 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:57:58.811055 0.155831 tcp 10.0.2.109 61961 -> 195.113.214.249 443 SRPA* 0 0 28 11720 flow=From-Botnet-V1-TCP-Established 1970/02/16 17:57:59.320621 3.008014 tcp 10.0.2.109 61962 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:58:08.336576 0.000000 tcp 10.0.2.109 61962 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:58:14.315775 2.993676 tcp 10.0.2.109 61963 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:58:23.307805 0.000000 tcp 10.0.2.109 61963 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:58:29.316866 2.994257 tcp 10.0.2.109 61964 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:58:38.309514 0.000000 tcp 10.0.2.109 61964 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 17:58:42.956209 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:01:28.708262 3.000607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 18:01:35.714386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:01:43.715916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:01:59.719122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:02:31.724763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:03:44.320220 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:03:44.320387 3.003374 tcp 10.0.2.109 61965 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:03:53.324629 0.000000 tcp 10.0.2.109 61965 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:03:59.322872 0.064687 tcp 10.0.2.109 61966 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:03:59.387819 0.065128 tcp 10.0.2.109 61967 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:03:59.453300 0.147265 tcp 10.0.2.109 61968 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:03:59.696646 2.999417 tcp 10.0.2.109 61969 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:04:08.694041 0.000000 tcp 10.0.2.109 61969 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:08:25.564125 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:08:25.564216 0.072027 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:26.281066 0.172003 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:26.442370 0.113846 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:26.518663 0.310013 rtp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:26.996015 0.051746 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:27.211490 0.079386 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:27.271954 0.045343 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:27.540260 0.135436 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:27.666659 0.187585 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:27.846986 0.069712 rtcp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:27.900136 0.171937 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:28.355897 0.154385 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:28.604192 0.142207 rtp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:28.706743 0.168025 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:28.922543 0.144108 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:29.062493 0.141823 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:29.253460 0.065633 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:29.304100 0.000000 udp 10.0.2.109 3683 -> 82.70.112.62 3282 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 18:08:44.773086 0.060373 tcp 10.0.2.109 61970 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:08:44.833770 0.067231 tcp 10.0.2.109 61971 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:08:44.901301 0.153400 tcp 10.0.2.109 61972 -> 195.113.214.249 443 SRPA* 0 0 23 13180 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:08:45.055830 0.175668 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:45.205848 0.111679 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:45.637683 0.433578 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:46.180281 0.168651 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 1995 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:46.475641 0.325674 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:46.799205 0.352276 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:47.147758 0.316661 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:47.471160 0.163247 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 1984 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:47.613059 0.115707 rtp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:08:47.820760 0.398032 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:09:00.736930 3.002041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 18:09:07.753985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:09:14.695196 2.993631 tcp 10.0.2.109 61973 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:09:15.756118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:09:23.697483 0.000000 tcp 10.0.2.109 61973 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:09:29.696614 0.967993 tcp 10.0.2.109 61974 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:09:30.664871 0.064083 tcp 10.0.2.109 61975 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:09:30.729231 0.154659 tcp 10.0.2.109 61976 -> 195.113.214.249 443 SRPA* 0 0 34 26990 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:09:31.701326 2.965004 tcp 10.0.2.109 61977 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:09:32.627268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:09:41.115912 0.000000 tcp 10.0.2.109 61977 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:09:47.041514 0.060819 tcp 10.0.2.109 61978 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:09:47.102613 0.062369 tcp 10.0.2.109 61979 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:09:47.165310 0.149165 tcp 10.0.2.109 61980 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:09:47.435612 2.969816 tcp 10.0.2.109 61981 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:09:56.331041 0.000000 tcp 10.0.2.109 61981 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:10:02.247531 0.060575 tcp 10.0.2.109 61982 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:10:02.308417 0.066987 tcp 10.0.2.109 61983 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:10:02.375693 0.150885 tcp 10.0.2.109 61984 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:10:02.608141 2.964313 tcp 10.0.2.109 61985 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:10:04.764455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:10:11.499786 0.000000 tcp 10.0.2.109 61985 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:10:17.418829 2.954694 tcp 10.0.2.109 61986 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:10:26.304592 0.000000 tcp 10.0.2.109 61986 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:10:32.232729 2.959363 tcp 10.0.2.109 61987 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:10:41.116293 0.000000 tcp 10.0.2.109 61987 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:10:45.948824 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:15:46.578740 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:15:46.578897 3.003231 tcp 10.0.2.109 61988 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:15:55.580679 0.000000 tcp 10.0.2.109 61988 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:16:01.581265 0.061653 tcp 10.0.2.109 61989 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:16:01.643274 0.067225 tcp 10.0.2.109 61990 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:16:01.710851 0.152605 tcp 10.0.2.109 61991 -> 195.113.214.249 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:16:02.125590 2.998700 tcp 10.0.2.109 61992 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:16:07.772229 3.000099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 18:16:11.123227 0.000000 tcp 10.0.2.109 61992 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:16:14.778554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:16:17.123192 0.064983 tcp 10.0.2.109 61993 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:16:17.188468 0.064986 tcp 10.0.2.109 61994 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:16:17.253778 0.154602 tcp 10.0.2.109 61995 -> 195.113.214.249 443 SRPA* 0 0 35 16804 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:16:17.556806 2.999685 tcp 10.0.2.109 61996 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:16:22.780136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:16:26.555110 0.000000 tcp 10.0.2.109 61996 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:16:32.554716 0.062957 tcp 10.0.2.109 61997 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:16:32.617965 0.066275 tcp 10.0.2.109 61998 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:16:32.684611 0.151681 tcp 10.0.2.109 61999 -> 195.113.214.249 443 SRPA* 0 0 43 34706 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:16:32.883742 2.995112 tcp 10.0.2.109 62000 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:16:38.783023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:16:41.887381 0.000000 tcp 10.0.2.109 62000 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:16:47.876441 2.994188 tcp 10.0.2.109 62001 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:16:56.869217 0.000000 tcp 10.0.2.109 62001 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:17:02.877883 3.004112 tcp 10.0.2.109 62002 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:17:10.788499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:17:11.880864 0.000000 tcp 10.0.2.109 62002 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:22:17.881331 0.323315 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:22:18.204852 2.963689 tcp 10.0.2.109 62003 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:22:27.112416 0.000000 tcp 10.0.2.109 62003 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:22:33.069012 0.061703 tcp 10.0.2.109 62004 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:22:33.130982 0.060671 tcp 10.0.2.109 62005 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:22:33.191922 0.156363 tcp 10.0.2.109 62006 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:22:33.851945 2.963429 tcp 10.0.2.109 62007 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:22:42.765356 0.000000 tcp 10.0.2.109 62007 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:22:48.720272 0.060319 tcp 10.0.2.109 62008 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:22:48.780866 0.067224 tcp 10.0.2.109 62009 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:22:48.848433 0.155440 tcp 10.0.2.109 62010 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:22:50.263907 3.530908 tcp 10.0.2.109 62011 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:22:59.721068 0.000000 tcp 10.0.2.109 62011 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:23:05.654437 0.063932 tcp 10.0.2.109 62012 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:23:05.718646 0.061913 tcp 10.0.2.109 62013 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:23:05.780871 0.162409 tcp 10.0.2.109 62014 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:23:06.874831 2.965838 tcp 10.0.2.109 62015 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:23:15.084636 2.958140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 18:23:15.766019 0.000000 tcp 10.0.2.109 62015 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:23:21.691290 2.966233 tcp 10.0.2.109 62016 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:23:22.005082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:23:29.909851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:23:30.584828 0.000000 tcp 10.0.2.109 62016 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:23:36.512822 2.964900 tcp 10.0.2.109 62017 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:23:45.486631 0.000000 tcp 10.0.2.109 62017 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:23:45.914503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:23:50.544738 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:24:17.812479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:28:51.487327 0.000202 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:28:51.487644 2.993084 tcp 10.0.2.109 62018 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:29:00.479366 0.000000 tcp 10.0.2.109 62018 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:29:06.490188 0.061450 tcp 10.0.2.109 62019 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:29:06.551910 0.065006 tcp 10.0.2.109 62020 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:29:06.617249 0.153784 tcp 10.0.2.109 62021 -> 195.113.214.249 443 SRPA* 0 0 35 16804 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:29:06.987559 3.007164 tcp 10.0.2.109 62022 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:29:15.991711 0.000000 tcp 10.0.2.109 62022 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:29:21.981553 0.060575 tcp 10.0.2.109 62023 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:29:22.042472 0.061336 tcp 10.0.2.109 62024 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:29:22.104143 0.154299 tcp 10.0.2.109 62025 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:29:22.307622 3.007661 tcp 10.0.2.109 62026 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:29:31.313842 0.000000 tcp 10.0.2.109 62026 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:29:37.302869 0.060696 tcp 10.0.2.109 62027 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:29:37.363887 0.065099 tcp 10.0.2.109 62028 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:29:37.429351 0.151121 tcp 10.0.2.109 62029 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:29:37.979861 3.007865 tcp 10.0.2.109 62030 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:29:46.996085 0.000000 tcp 10.0.2.109 62030 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:29:52.975266 2.993956 tcp 10.0.2.109 62031 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:30:01.967653 0.000000 tcp 10.0.2.109 62031 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:30:07.976982 2.993937 tcp 10.0.2.109 62032 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:30:16.969598 0.000000 tcp 10.0.2.109 62032 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:30:21.819405 3.000765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 18:30:21.956512 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:30:28.827074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:30:36.830260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:30:52.831563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:31:24.836693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:37:28.843576 3.001321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 18:37:35.850676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:37:43.852082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:37:59.855229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:38:31.860942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:38:54.533865 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:38:54.534008 0.105518 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:54.601581 0.115416 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:55.091153 0.297001 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:55.514749 0.075684 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:55.703248 0.170664 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:55.863351 0.078600 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:55.923691 0.046945 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:56.115414 0.140448 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:56.246438 0.051843 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:56.303606 0.071756 rtp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:56.358605 0.190402 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:56.562743 0.140779 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:56.666850 0.167871 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:56.993639 0.147714 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:57.133621 0.202624 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:57.332151 0.162047 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:57.996802 0.067079 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:58.046610 0.143202 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:58.182227 0.186284 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:58.358555 0.105701 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:38:58.424541 2.505704 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:39:01.153435 0.166709 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:39:01.645908 0.330714 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:39:01.973882 0.166998 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:39:02.242139 0.115898 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:39:02.526623 0.350888 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:39:02.873860 0.315338 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:39:03.562923 0.405643 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/16 18:39:08.003294 3.004175 tcp 10.0.2.109 62033 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:39:17.005624 0.000000 tcp 10.0.2.109 62033 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:39:23.006205 0.070062 tcp 10.0.2.109 62034 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:39:23.076567 0.064038 tcp 10.0.2.109 62035 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:39:23.140905 0.163651 tcp 10.0.2.109 62036 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:39:23.978406 3.002106 tcp 10.0.2.109 62037 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:39:32.978871 0.000000 tcp 10.0.2.109 62037 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:39:38.978324 0.060813 tcp 10.0.2.109 62038 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:39:39.039008 0.064286 tcp 10.0.2.109 62039 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:39:39.103548 0.153031 tcp 10.0.2.109 62040 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:39:39.512078 3.000356 tcp 10.0.2.109 62041 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:39:48.511212 0.000000 tcp 10.0.2.109 62041 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:39:54.510707 0.061304 tcp 10.0.2.109 62042 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:39:54.572337 0.063731 tcp 10.0.2.109 62043 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:39:54.636357 0.157695 tcp 10.0.2.109 62044 -> 195.113.214.249 443 SRPA* 0 0 32 17198 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:39:54.867431 3.007508 tcp 10.0.2.109 62045 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:40:03.873103 0.000000 tcp 10.0.2.109 62045 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:40:09.863276 3.003100 tcp 10.0.2.109 62046 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:40:18.864822 0.000000 tcp 10.0.2.109 62046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:40:24.863528 3.004362 tcp 10.0.2.109 62047 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:40:33.876537 0.000000 tcp 10.0.2.109 62047 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:44:35.866685 3.002020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 18:44:42.874136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:44:50.876115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:45:06.878921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:45:38.885095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:45:39.867095 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:45:39.867264 2.993503 tcp 10.0.2.109 62048 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:45:48.859291 0.000000 tcp 10.0.2.109 62048 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:45:54.873975 0.061683 tcp 10.0.2.109 62049 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:45:54.935985 0.064050 tcp 10.0.2.109 62050 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:45:55.000392 0.155849 tcp 10.0.2.109 62051 -> 195.113.214.249 443 SRPA* 0 0 35 18388 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:45:55.550508 3.003875 tcp 10.0.2.109 62052 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:46:04.551773 0.000000 tcp 10.0.2.109 62052 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:46:10.540950 0.209525 tcp 10.0.2.109 62053 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:46:10.750776 0.061954 tcp 10.0.2.109 62054 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:46:10.813024 0.153715 tcp 10.0.2.109 62055 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:46:11.060059 2.976930 tcp 10.0.2.109 62056 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:46:19.988915 0.000000 tcp 10.0.2.109 62056 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:46:25.942909 0.067123 tcp 10.0.2.109 62057 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:46:26.010451 0.064858 tcp 10.0.2.109 62058 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:46:26.075629 0.151828 tcp 10.0.2.109 62059 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:46:26.786052 2.991657 tcp 10.0.2.109 62060 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:46:35.786650 0.000000 tcp 10.0.2.109 62060 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:46:42.182570 2.966260 tcp 10.0.2.109 62061 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:46:51.090335 0.000000 tcp 10.0.2.109 62061 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:46:57.038215 2.968719 tcp 10.0.2.109 62062 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:47:05.946490 0.000000 tcp 10.0.2.109 62062 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:47:10.578691 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:52:11.790750 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:52:11.790857 3.003316 tcp 10.0.2.109 62063 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:52:20.792959 0.000000 tcp 10.0.2.109 62063 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:52:26.793387 0.065485 tcp 10.0.2.109 62064 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:52:26.859116 0.064231 tcp 10.0.2.109 62065 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:52:26.923723 0.150048 tcp 10.0.2.109 62066 -> 195.113.214.249 443 SRPA* 0 0 40 20888 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:52:27.232967 3.003821 tcp 10.0.2.109 62067 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:52:36.235131 0.000000 tcp 10.0.2.109 62067 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:52:42.234685 0.070485 tcp 10.0.2.109 62068 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:52:42.305442 0.065384 tcp 10.0.2.109 62069 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:52:42.371119 0.154944 tcp 10.0.2.109 62070 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:52:42.867364 3.001696 tcp 10.0.2.109 62071 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:52:52.429859 0.000000 tcp 10.0.2.109 62071 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:52:58.346344 0.060055 tcp 10.0.2.109 62072 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:52:58.406779 0.060968 tcp 10.0.2.109 62073 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:52:58.468058 0.154581 tcp 10.0.2.109 62074 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:52:58.852683 2.977222 tcp 10.0.2.109 62075 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:53:07.756847 0.000000 tcp 10.0.2.109 62075 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:53:13.682416 2.970882 tcp 10.0.2.109 62076 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:53:22.581571 0.000000 tcp 10.0.2.109 62076 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:53:28.507444 2.968174 tcp 10.0.2.109 62077 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:53:37.404067 0.000000 tcp 10.0.2.109 62077 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:53:58.897542 3.000116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 18:54:05.904085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:54:13.905515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:54:29.911613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:55:01.918627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 18:58:43.383444 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 18:58:43.383560 3.003600 tcp 10.0.2.109 62078 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:58:52.388581 0.000000 tcp 10.0.2.109 62078 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:58:58.388071 0.064361 tcp 10.0.2.109 62079 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:58:58.452731 0.067909 tcp 10.0.2.109 62080 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:58:58.520994 0.150066 tcp 10.0.2.109 62081 -> 195.113.214.249 443 SRPA* 0 0 39 18440 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:58:58.830440 2.989048 tcp 10.0.2.109 62082 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:59:07.817734 0.000000 tcp 10.0.2.109 62082 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:59:13.828151 0.069925 tcp 10.0.2.109 62083 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:59:13.898416 0.065185 tcp 10.0.2.109 62084 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:59:13.963909 0.161242 tcp 10.0.2.109 62085 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:59:14.432467 3.002843 tcp 10.0.2.109 62086 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:59:23.430730 0.000000 tcp 10.0.2.109 62086 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:59:29.429920 0.060754 tcp 10.0.2.109 62087 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:59:29.490942 0.060880 tcp 10.0.2.109 62088 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:59:29.552069 0.148161 tcp 10.0.2.109 62089 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 18:59:29.756112 2.997836 tcp 10.0.2.109 62090 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:59:38.752535 0.000000 tcp 10.0.2.109 62090 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:59:44.751329 3.004012 tcp 10.0.2.109 62091 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:59:53.755892 0.000000 tcp 10.0.2.109 62091 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 18:59:59.752253 3.004520 tcp 10.0.2.109 62092 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:00:08.755742 0.000000 tcp 10.0.2.109 62092 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:01:05.922240 2.999958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 19:01:12.928669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:01:20.929287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:01:36.932100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:02:08.938657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:08:31.951754 3.001713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 19:08:38.959221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:08:46.960787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:09:02.963494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:09:13.429231 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:09:13.429386 0.102091 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:13.492909 0.075812 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:13.613511 0.171436 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:13.773832 0.076679 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:14.142889 0.109358 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:14.212787 0.307444 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:14.962758 3.002661 tcp 10.0.2.109 62093 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:09:14.963181 0.048711 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:15.008278 0.135679 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:15.286495 0.052023 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:15.518540 0.069252 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:15.572736 0.190272 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:15.778886 0.148505 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:16.142554 0.169802 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:16.289883 0.250189 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:16.779116 0.240136 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:17.014482 0.142215 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2578 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:17.634022 0.154046 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2017 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:17.776622 0.110347 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:17.950519 0.187684 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:18.388842 0.066807 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:18.437402 0.449297 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:18.907092 0.168199 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:19.323691 0.330155 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:19.651210 0.350183 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:19.997280 0.197212 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:20.192297 0.115618 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:20.613864 0.312917 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:20.925129 0.404598 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:09:23.963753 0.000000 tcp 10.0.2.109 62093 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:09:29.964474 0.068003 tcp 10.0.2.109 62094 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:09:30.032735 0.060964 tcp 10.0.2.109 62095 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:09:30.094005 0.157590 tcp 10.0.2.109 62096 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:09:30.736536 2.991194 tcp 10.0.2.109 62097 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:09:34.969698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:09:39.736412 0.000000 tcp 10.0.2.109 62097 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:14:45.737155 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:14:45.737248 2.993586 tcp 10.0.2.109 62098 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:14:54.729430 0.000000 tcp 10.0.2.109 62098 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:15:00.740233 0.066620 tcp 10.0.2.109 62099 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:15:00.807151 0.067368 tcp 10.0.2.109 62100 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:15:00.874869 0.157151 tcp 10.0.2.109 62101 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:15:01.181500 3.001681 tcp 10.0.2.109 62102 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:15:10.181846 0.000000 tcp 10.0.2.109 62102 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:15:16.181706 0.059599 tcp 10.0.2.109 62103 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:15:16.241611 0.062085 tcp 10.0.2.109 62104 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:15:16.304009 0.152774 tcp 10.0.2.109 62105 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:15:16.475621 2.999360 tcp 10.0.2.109 62106 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:15:25.473815 0.000000 tcp 10.0.2.109 62106 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:15:31.473074 0.063441 tcp 10.0.2.109 62107 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:15:31.536433 0.064086 tcp 10.0.2.109 62108 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:15:31.600356 0.174715 tcp 10.0.2.109 62109 -> 195.113.214.249 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:15:31.788061 3.008553 tcp 10.0.2.109 62110 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:15:40.795534 0.000000 tcp 10.0.2.109 62110 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:15:46.784670 2.994182 tcp 10.0.2.109 62111 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:15:48.980553 3.001078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 19:15:55.787177 0.000000 tcp 10.0.2.109 62111 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:15:55.987497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:16:01.786055 2.994001 tcp 10.0.2.109 62112 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:16:03.989064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:16:10.778699 0.000000 tcp 10.0.2.109 62112 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:16:19.992115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:16:51.998244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:21:16.789401 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:21:16.789550 3.003475 tcp 10.0.2.109 62113 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:21:25.791072 0.000000 tcp 10.0.2.109 62113 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:21:31.792521 0.065015 tcp 10.0.2.109 62114 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:21:31.857811 0.064644 tcp 10.0.2.109 62115 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:21:31.922737 0.148319 tcp 10.0.2.109 62116 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:21:32.096781 2.998360 tcp 10.0.2.109 62117 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:21:41.093483 0.000000 tcp 10.0.2.109 62117 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:21:47.093134 0.063930 tcp 10.0.2.109 62118 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:21:47.157354 0.064056 tcp 10.0.2.109 62119 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:21:47.221349 0.160120 tcp 10.0.2.109 62120 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:21:48.302623 2.997091 tcp 10.0.2.109 62121 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:21:57.307108 0.000000 tcp 10.0.2.109 62121 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:22:03.296405 0.059622 tcp 10.0.2.109 62122 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:22:03.356396 0.070103 tcp 10.0.2.109 62123 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:22:03.426856 0.150006 tcp 10.0.2.109 62124 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:22:04.116456 2.984538 tcp 10.0.2.109 62125 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:22:13.099725 0.000000 tcp 10.0.2.109 62125 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:22:19.108319 3.004386 tcp 10.0.2.109 62126 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:22:28.111320 0.000000 tcp 10.0.2.109 62126 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:22:34.110414 3.003320 tcp 10.0.2.109 62127 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:22:43.112830 0.000000 tcp 10.0.2.109 62127 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:22:47.960013 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:23:00.010957 3.240181 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 19:23:07.213359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:23:15.138972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:23:31.031969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:24:03.318382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:27:49.113545 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:27:49.113715 3.003586 tcp 10.0.2.109 62128 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:27:58.115625 0.000000 tcp 10.0.2.109 62128 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:28:04.118413 0.066086 tcp 10.0.2.109 62129 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:28:04.184802 0.063696 tcp 10.0.2.109 62130 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:28:04.248825 0.162369 tcp 10.0.2.109 62131 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:28:04.430400 2.998718 tcp 10.0.2.109 62132 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:28:13.427733 0.000000 tcp 10.0.2.109 62132 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:28:19.427476 0.064745 tcp 10.0.2.109 62133 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:28:19.492119 0.065589 tcp 10.0.2.109 62134 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:28:19.557991 0.160708 tcp 10.0.2.109 62135 -> 195.113.214.249 443 SRPA* 0 0 32 17434 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:28:19.859410 3.001505 tcp 10.0.2.109 62136 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:28:28.865486 0.000000 tcp 10.0.2.109 62136 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:28:34.859120 0.061678 tcp 10.0.2.109 62137 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:28:34.920641 0.065024 tcp 10.0.2.109 62138 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:28:34.985932 0.159774 tcp 10.0.2.109 62139 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:28:35.255733 2.997788 tcp 10.0.2.109 62140 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:28:44.252380 0.000000 tcp 10.0.2.109 62140 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:28:50.251054 3.004006 tcp 10.0.2.109 62141 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:28:59.253781 0.000000 tcp 10.0.2.109 62141 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:29:05.252676 3.004069 tcp 10.0.2.109 62142 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:29:14.255074 0.000000 tcp 10.0.2.109 62142 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:30:07.054933 3.003512 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 19:30:14.061257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:30:22.063070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:30:38.065714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:31:10.071771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:34:20.255752 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:34:20.255855 2.993766 tcp 10.0.2.109 62143 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:34:29.248111 0.000000 tcp 10.0.2.109 62143 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:34:35.258627 0.061403 tcp 10.0.2.109 62144 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:34:35.320390 0.064418 tcp 10.0.2.109 62145 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:34:35.385075 0.152800 tcp 10.0.2.109 62146 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:34:35.867984 3.004143 tcp 10.0.2.109 62147 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:34:44.870659 0.000000 tcp 10.0.2.109 62147 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:34:50.870274 0.069625 tcp 10.0.2.109 62148 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:34:50.940200 0.064591 tcp 10.0.2.109 62149 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:34:51.005176 0.153258 tcp 10.0.2.109 62150 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:34:52.061959 3.003746 tcp 10.0.2.109 62151 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:35:01.064005 0.000000 tcp 10.0.2.109 62151 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:35:07.063010 3.003704 tcp 10.0.2.109 62152 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:35:16.070692 0.000000 tcp 10.0.2.109 62152 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:37:14.078614 3.000744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 19:37:21.085176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:37:29.086592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:37:45.090246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:38:17.095435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:39:49.929472 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:39:49.929573 0.175023 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:50.092676 0.101792 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:50.377447 0.075531 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:50.566745 0.074935 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:50.624389 0.112296 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:50.854463 0.304537 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:51.301797 0.048707 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:51.574686 0.136958 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:51.702501 0.053196 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:51.774986 0.146170 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:51.885382 0.065960 rtp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:52.015803 0.192709 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:52.200242 0.167214 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 1994 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:52.383451 0.214889 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:52.578878 0.241976 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:52.928714 0.142414 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:53.295479 0.170459 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:53.443953 0.062403 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:53.548038 0.110236 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:53.621053 0.245458 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:53.789874 0.445038 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:54.446898 0.169418 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:54.694826 0.323647 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:55.016157 0.352963 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:55.365486 0.166736 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:55.509187 0.140442 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:55.681169 0.318281 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:39:56.234564 0.809527 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/16 19:40:22.243220 2.967599 tcp 10.0.2.109 62153 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:40:31.152120 0.000000 tcp 10.0.2.109 62153 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:40:36.003324 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:40:37.104181 0.061656 tcp 10.0.2.109 62154 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:40:37.166173 0.062491 tcp 10.0.2.109 62155 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:40:37.228604 0.154745 tcp 10.0.2.109 62156 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:40:37.614961 2.972733 tcp 10.0.2.109 62157 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:40:46.580823 0.000000 tcp 10.0.2.109 62157 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:40:52.580496 0.061030 tcp 10.0.2.109 62158 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:40:52.641846 0.062436 tcp 10.0.2.109 62159 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:40:52.704606 0.155898 tcp 10.0.2.109 62160 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:40:53.016648 2.997278 tcp 10.0.2.109 62161 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:41:02.012759 0.000000 tcp 10.0.2.109 62161 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:41:08.012211 0.060104 tcp 10.0.2.109 62162 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:41:08.072625 0.063578 tcp 10.0.2.109 62163 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:41:08.136116 0.150457 tcp 10.0.2.109 62164 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:41:08.821623 3.005572 tcp 10.0.2.109 62165 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:41:17.835598 0.000000 tcp 10.0.2.109 62165 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:41:23.814829 2.993745 tcp 10.0.2.109 62166 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:41:32.818994 0.000000 tcp 10.0.2.109 62166 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:41:38.818232 2.991857 tcp 10.0.2.109 62167 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:41:47.808871 0.000000 tcp 10.0.2.109 62167 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:41:52.455595 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:44:21.102881 3.005388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 19:44:28.110738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:44:36.110614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:44:52.113689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:45:24.119792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:46:53.819310 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:46:53.819420 3.003505 tcp 10.0.2.109 62168 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:47:02.821607 0.000000 tcp 10.0.2.109 62168 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:47:08.824333 0.064842 tcp 10.0.2.109 62169 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:47:08.889539 0.060812 tcp 10.0.2.109 62170 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:47:08.950604 0.158719 tcp 10.0.2.109 62171 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:47:09.496516 2.999526 tcp 10.0.2.109 62172 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:47:18.496517 0.000000 tcp 10.0.2.109 62172 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:47:24.493482 0.059734 tcp 10.0.2.109 62173 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:47:24.553491 0.065166 tcp 10.0.2.109 62174 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:47:24.618979 0.150938 tcp 10.0.2.109 62175 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:47:25.136998 2.990789 tcp 10.0.2.109 62176 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:47:34.136671 0.000000 tcp 10.0.2.109 62176 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:47:40.136128 0.060698 tcp 10.0.2.109 62177 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:47:40.196741 0.064513 tcp 10.0.2.109 62178 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:47:40.261558 0.154516 tcp 10.0.2.109 62179 -> 195.113.214.249 443 SRPA* 0 0 41 21204 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:47:40.544003 2.996067 tcp 10.0.2.109 62180 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:47:49.540575 0.000000 tcp 10.0.2.109 62180 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:47:55.537750 3.003888 tcp 10.0.2.109 62181 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:48:04.540671 0.000000 tcp 10.0.2.109 62181 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:48:10.539142 3.004245 tcp 10.0.2.109 62182 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:48:19.542245 0.000000 tcp 10.0.2.109 62182 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:48:24.459035 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:53:25.542713 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:53:25.542821 3.003151 tcp 10.0.2.109 62183 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:53:34.544770 0.000000 tcp 10.0.2.109 62183 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:53:40.545059 0.063861 tcp 10.0.2.109 62184 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:53:40.609199 0.064508 tcp 10.0.2.109 62185 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:53:40.674057 0.148260 tcp 10.0.2.109 62186 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:53:41.114689 2.994253 tcp 10.0.2.109 62187 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:53:47.136359 3.001089 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 19:53:50.117398 0.000000 tcp 10.0.2.109 62187 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:53:54.142938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:53:56.116237 0.063377 tcp 10.0.2.109 62188 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:53:56.179908 0.065380 tcp 10.0.2.109 62189 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:53:56.245573 0.299491 tcp 10.0.2.109 62190 -> 195.113.214.249 443 SRPA* 0 0 73 77004 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:53:57.220696 3.001097 tcp 10.0.2.109 62191 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:54:02.144962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:54:06.220351 0.000000 tcp 10.0.2.109 62191 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:54:12.219735 0.060008 tcp 10.0.2.109 62192 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:54:12.280033 0.065536 tcp 10.0.2.109 62193 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:54:12.345854 0.151874 tcp 10.0.2.109 62194 -> 195.113.214.249 443 SRPA* 0 0 32 17200 flow=From-Botnet-V1-TCP-Established 1970/02/16 19:54:12.869124 3.005398 tcp 10.0.2.109 62195 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:54:18.147625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:54:21.872860 0.000000 tcp 10.0.2.109 62195 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:54:27.861813 3.003894 tcp 10.0.2.109 62196 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:54:36.863894 0.000000 tcp 10.0.2.109 62196 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:54:42.862891 3.004530 tcp 10.0.2.109 62197 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:54:50.153391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 19:54:51.875464 0.000000 tcp 10.0.2.109 62197 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 19:54:56.468722 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:59:57.866380 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 19:59:57.866481 2.993908 tcp 10.0.2.109 62198 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:00:06.864376 0.000000 tcp 10.0.2.109 62198 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:00:12.871184 0.061090 tcp 10.0.2.109 62199 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:00:12.932549 0.061730 tcp 10.0.2.109 62200 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:00:12.994583 0.152372 tcp 10.0.2.109 62201 -> 195.113.214.249 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:00:13.408177 3.004512 tcp 10.0.2.109 62202 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:00:22.411621 0.000000 tcp 10.0.2.109 62202 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:00:28.405406 0.063637 tcp 10.0.2.109 62203 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:00:28.469390 0.064770 tcp 10.0.2.109 62204 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:00:28.533974 0.154702 tcp 10.0.2.109 62205 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:00:28.864218 3.000446 tcp 10.0.2.109 62206 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:00:37.865861 0.000000 tcp 10.0.2.109 62206 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:00:43.858134 0.060672 tcp 10.0.2.109 62207 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:00:43.919110 0.062665 tcp 10.0.2.109 62208 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:00:43.981465 0.158513 tcp 10.0.2.109 62209 -> 195.113.214.249 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:00:44.172983 3.003968 tcp 10.0.2.109 62210 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:00:53.176509 0.000000 tcp 10.0.2.109 62210 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:00:54.159743 3.001714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 20:00:59.169106 2.989631 tcp 10.0.2.109 62211 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:01:01.168498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:01:08.170761 0.000000 tcp 10.0.2.109 62211 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:01:09.179150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:01:14.165491 2.997031 tcp 10.0.2.109 62212 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:01:23.159652 0.000000 tcp 10.0.2.109 62212 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:01:25.172976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:01:57.177633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:08:18.198635 3.001230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 20:08:25.209364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:08:33.476185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:08:49.345306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:09:21.226044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:10:04.358774 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:10:04.358876 0.075702 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:04.801839 0.075206 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:04.859005 0.103369 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2027 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:05.007026 0.176380 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:05.172190 0.096660 rtp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:05.704224 0.310580 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:06.214690 0.050700 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:06.470109 0.138250 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:06.600374 0.053979 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:06.689484 0.145735 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:06.797111 0.071720 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2558 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:06.944612 0.189723 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:07.129636 0.169242 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:08.233183 0.154922 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:08.473327 0.311011 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:08.781114 0.066580 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:10.882750 0.309548 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:11.323541 0.167352 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:12.185152 0.141969 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2007 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:12.319562 0.167571 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:12.494518 0.450696 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:13.396404 0.175444 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:13.616167 0.164939 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:13.899390 0.128297 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:14.228244 0.316075 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:14.357280 2.973000 tcp 10.0.2.109 62213 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:10:15.182254 0.328886 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:15.508587 0.349649 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:15.903628 0.406321 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:10:23.277135 0.000000 tcp 10.0.2.109 62213 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:10:29.226767 0.061398 tcp 10.0.2.109 62214 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:10:29.288509 0.063567 tcp 10.0.2.109 62215 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:10:29.352366 0.159651 tcp 10.0.2.109 62216 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:10:29.929802 2.971145 tcp 10.0.2.109 62217 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:10:38.897625 0.000000 tcp 10.0.2.109 62217 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:10:44.908975 0.062612 tcp 10.0.2.109 62218 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:10:44.971872 0.063635 tcp 10.0.2.109 62219 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:10:45.035797 0.148999 tcp 10.0.2.109 62220 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:10:46.041865 3.000495 tcp 10.0.2.109 62221 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:10:55.044893 0.000000 tcp 10.0.2.109 62221 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:11:01.040014 0.063531 tcp 10.0.2.109 62222 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:11:01.103895 0.065236 tcp 10.0.2.109 62223 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:11:01.169431 0.153621 tcp 10.0.2.109 62224 -> 195.113.214.249 443 SRPA* 0 0 43 21028 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:11:02.170754 3.004856 tcp 10.0.2.109 62225 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:11:11.174356 0.000000 tcp 10.0.2.109 62225 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:11:17.162989 3.004052 tcp 10.0.2.109 62226 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:11:26.165978 0.000000 tcp 10.0.2.109 62226 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:11:32.164550 2.993845 tcp 10.0.2.109 62227 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:11:41.608835 0.000000 tcp 10.0.2.109 62227 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:11:46.345272 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:15:36.238305 3.001035 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 20:15:43.245334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:15:51.246335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:16:08.361995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:16:39.988518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:16:47.795162 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:16:47.795310 2.972179 tcp 10.0.2.109 62228 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:16:56.691422 0.000000 tcp 10.0.2.109 62228 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:17:02.616309 0.061676 tcp 10.0.2.109 62229 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:17:02.678307 0.060887 tcp 10.0.2.109 62230 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:17:02.739510 0.160873 tcp 10.0.2.109 62231 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:17:03.027404 2.960175 tcp 10.0.2.109 62232 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:17:11.916966 0.000000 tcp 10.0.2.109 62232 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:17:17.844105 0.060300 tcp 10.0.2.109 62233 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:17:17.904721 0.062863 tcp 10.0.2.109 62234 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:17:17.967849 0.154770 tcp 10.0.2.109 62235 -> 195.113.214.249 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:17:18.580071 2.963927 tcp 10.0.2.109 62236 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:17:27.473861 0.000000 tcp 10.0.2.109 62236 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:17:33.400330 0.066268 tcp 10.0.2.109 62237 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:17:33.466900 0.061859 tcp 10.0.2.109 62238 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:17:33.529056 0.154621 tcp 10.0.2.109 62239 -> 195.113.214.249 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:17:34.276643 2.961754 tcp 10.0.2.109 62240 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:17:43.217742 0.000000 tcp 10.0.2.109 62240 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:17:49.206983 2.993683 tcp 10.0.2.109 62241 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:17:58.199076 0.000000 tcp 10.0.2.109 62241 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:18:04.211307 3.001140 tcp 10.0.2.109 62242 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:18:13.211267 0.000000 tcp 10.0.2.109 62242 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:18:17.957466 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:22:47.277707 3.001462 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 20:22:54.285173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:23:02.286568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:23:18.289734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:23:19.211467 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:23:19.211585 3.003586 tcp 10.0.2.109 62243 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:23:28.213674 0.000000 tcp 10.0.2.109 62243 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:23:34.214129 0.062166 tcp 10.0.2.109 62244 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:23:34.276579 0.065836 tcp 10.0.2.109 62245 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:23:34.342803 0.153049 tcp 10.0.2.109 62246 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:23:34.714392 3.003123 tcp 10.0.2.109 62247 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:23:43.727732 0.000000 tcp 10.0.2.109 62247 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:23:49.715206 0.067077 tcp 10.0.2.109 62248 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:23:49.782607 0.062594 tcp 10.0.2.109 62249 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:23:49.845480 0.154178 tcp 10.0.2.109 62250 -> 195.113.214.249 443 SRPA* 0 0 32 17616 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:23:50.116163 2.993416 tcp 10.0.2.109 62251 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:23:50.295477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:23:59.107779 0.000000 tcp 10.0.2.109 62251 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:24:05.117114 0.066867 tcp 10.0.2.109 62252 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:24:05.184303 0.060881 tcp 10.0.2.109 62253 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:24:05.245451 0.158822 tcp 10.0.2.109 62254 -> 195.113.214.249 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:24:05.412410 2.999059 tcp 10.0.2.109 62255 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:24:14.410302 0.000000 tcp 10.0.2.109 62255 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:24:20.408906 3.004164 tcp 10.0.2.109 62256 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:24:29.411601 0.000000 tcp 10.0.2.109 62256 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:24:35.410741 3.004075 tcp 10.0.2.109 62257 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:24:44.413321 0.000000 tcp 10.0.2.109 62257 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:29:50.413729 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:29:50.413915 2.994370 tcp 10.0.2.109 62258 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:29:54.301436 3.002103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 20:29:59.416348 0.000000 tcp 10.0.2.109 62258 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:30:01.308988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:30:05.416575 0.064067 tcp 10.0.2.109 62259 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:30:05.480943 0.064391 tcp 10.0.2.109 62260 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:30:05.545700 0.155272 tcp 10.0.2.109 62261 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:30:05.851212 2.999126 tcp 10.0.2.109 62262 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:30:09.310841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:30:14.848417 0.000000 tcp 10.0.2.109 62262 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:30:20.847230 0.060560 tcp 10.0.2.109 62263 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:30:20.908086 0.065989 tcp 10.0.2.109 62264 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:30:20.974378 0.154955 tcp 10.0.2.109 62265 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:30:21.140368 3.003100 tcp 10.0.2.109 62266 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:30:25.313610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:30:30.749364 0.000000 tcp 10.0.2.109 62266 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:30:36.670785 0.061383 tcp 10.0.2.109 62267 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:30:36.732581 0.065190 tcp 10.0.2.109 62268 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:30:36.798075 0.160932 tcp 10.0.2.109 62269 -> 195.113.214.249 443 SRPA* 0 0 53 50544 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:30:37.006994 2.969761 tcp 10.0.2.109 62270 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:30:45.899658 0.000000 tcp 10.0.2.109 62270 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:30:51.811282 2.965585 tcp 10.0.2.109 62271 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:30:57.592299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:31:00.700357 0.000000 tcp 10.0.2.109 62271 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:31:06.623725 2.963181 tcp 10.0.2.109 62272 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:31:15.510544 0.000000 tcp 10.0.2.109 62272 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:31:20.462925 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:37:01.336131 3.001393 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 20:37:08.342832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:37:16.344750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:37:32.347587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:38:04.353419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:40:17.885713 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:40:17.885882 0.075604 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:17.969898 0.077649 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:18.030726 0.225461 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:18.337977 0.114528 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:18.410042 0.168597 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:18.735123 0.297805 udp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:19.115810 0.055382 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:19.169222 0.134544 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:19.396098 0.053397 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:19.582746 0.146322 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:19.695462 0.069429 rtp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:19.861157 0.195578 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:20.049502 0.169621 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:20.195838 0.161410 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:20.388693 0.172427 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:20.558368 0.068651 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:20.699995 0.108172 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:20.768064 0.160965 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:21.228608 0.163504 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:21.386231 0.141747 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:21.502293 3.002911 tcp 10.0.2.109 62273 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:40:21.520321 2.041987 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:23.563952 0.169442 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:23.830682 0.316779 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:24.166654 0.166636 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:24.309521 0.115867 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:24.485830 0.326045 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:24.809225 0.353541 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:25.159167 0.397745 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/16 20:40:30.503538 0.000000 tcp 10.0.2.109 62273 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:40:36.504395 0.064862 tcp 10.0.2.109 62274 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:40:36.569505 0.065310 tcp 10.0.2.109 62275 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:40:36.635102 0.154042 tcp 10.0.2.109 62276 -> 195.113.214.249 443 SRPA* 0 0 22 12876 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:40:37.016227 3.000955 tcp 10.0.2.109 62277 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:40:46.015869 0.000000 tcp 10.0.2.109 62277 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:40:52.014695 0.163571 tcp 10.0.2.109 62278 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:40:52.178569 0.060823 tcp 10.0.2.109 62279 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:40:52.239651 0.160256 tcp 10.0.2.109 62280 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:40:52.536868 2.965833 tcp 10.0.2.109 62281 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:41:01.447699 0.000000 tcp 10.0.2.109 62281 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:41:07.447382 0.060338 tcp 10.0.2.109 62282 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:41:07.508059 0.060996 tcp 10.0.2.109 62283 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:41:07.568885 0.161472 tcp 10.0.2.109 62284 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:41:07.972707 2.999200 tcp 10.0.2.109 62285 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:41:16.970396 0.000000 tcp 10.0.2.109 62285 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:41:22.969150 3.004527 tcp 10.0.2.109 62286 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:41:31.972777 0.000000 tcp 10.0.2.109 62286 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:41:37.970972 3.003997 tcp 10.0.2.109 62287 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:41:46.984451 0.000000 tcp 10.0.2.109 62287 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:41:51.960292 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:44:08.359798 3.001303 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 20:44:15.366897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:44:23.368621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:44:39.371395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:45:11.377425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:46:52.973762 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:46:52.973867 2.993896 tcp 10.0.2.109 62288 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:47:01.989303 0.000000 tcp 10.0.2.109 62288 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:47:07.981287 0.060558 tcp 10.0.2.109 62289 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:47:08.042204 0.064612 tcp 10.0.2.109 62290 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:47:08.107100 0.153909 tcp 10.0.2.109 62291 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:47:08.855625 2.994909 tcp 10.0.2.109 62292 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:47:17.855094 0.000000 tcp 10.0.2.109 62292 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:47:23.848368 0.063967 tcp 10.0.2.109 62293 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:47:23.912608 0.063159 tcp 10.0.2.109 62294 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:47:23.976019 0.157605 tcp 10.0.2.109 62295 -> 195.113.214.249 443 SRPA* 0 0 32 17200 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:47:24.602274 3.001188 tcp 10.0.2.109 62296 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:47:33.607342 0.000000 tcp 10.0.2.109 62296 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:47:39.601259 0.061057 tcp 10.0.2.109 62297 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:47:39.662599 0.067241 tcp 10.0.2.109 62298 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:47:39.730180 0.158893 tcp 10.0.2.109 62299 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:47:40.518248 3.007768 tcp 10.0.2.109 62300 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:47:49.524563 0.000000 tcp 10.0.2.109 62300 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:47:55.513571 2.994283 tcp 10.0.2.109 62301 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:48:04.516500 0.000000 tcp 10.0.2.109 62301 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:48:10.515338 2.993948 tcp 10.0.2.109 62302 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:48:19.507908 0.000000 tcp 10.0.2.109 62302 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:48:24.455403 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:53:25.520098 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:53:25.520261 3.002350 tcp 10.0.2.109 62303 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:53:34.520695 0.000000 tcp 10.0.2.109 62303 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:53:36.385619 3.002316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 20:53:40.521115 0.063160 tcp 10.0.2.109 62304 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:53:40.584139 0.061541 tcp 10.0.2.109 62305 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:53:40.645979 0.157233 tcp 10.0.2.109 62306 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:53:40.923366 3.002367 tcp 10.0.2.109 62307 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:53:43.393636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:53:49.926336 0.000000 tcp 10.0.2.109 62307 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:53:51.396797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:53:55.922379 0.434566 tcp 10.0.2.109 62308 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:53:56.357214 0.064373 tcp 10.0.2.109 62309 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:53:56.421892 0.153679 tcp 10.0.2.109 62310 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:53:56.848529 3.008304 tcp 10.0.2.109 62311 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:54:05.855782 0.000000 tcp 10.0.2.109 62311 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:54:07.398323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:54:11.844510 0.060730 tcp 10.0.2.109 62312 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:54:11.905561 0.063255 tcp 10.0.2.109 62313 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:54:11.969156 0.154592 tcp 10.0.2.109 62314 -> 195.113.214.249 443 SRPA* 0 0 70 69958 flow=From-Botnet-V1-TCP-Established 1970/02/16 20:54:12.231216 2.988134 tcp 10.0.2.109 62315 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:54:21.217902 0.000000 tcp 10.0.2.109 62315 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:54:27.226248 2.994746 tcp 10.0.2.109 62316 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:54:36.219384 0.000000 tcp 10.0.2.109 62316 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:54:39.404245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 20:54:42.231132 3.003532 tcp 10.0.2.109 62317 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:54:51.231268 0.000000 tcp 10.0.2.109 62317 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 20:59:57.231605 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 20:59:57.231777 3.003676 tcp 10.0.2.109 62318 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:00:06.234204 0.000000 tcp 10.0.2.109 62318 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:00:12.234924 0.060495 tcp 10.0.2.109 62319 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:00:12.295750 0.059630 tcp 10.0.2.109 62320 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:00:12.355683 0.156294 tcp 10.0.2.109 62321 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:00:12.581521 2.995841 tcp 10.0.2.109 62322 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:00:21.585491 0.000000 tcp 10.0.2.109 62322 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:00:27.575706 0.063899 tcp 10.0.2.109 62323 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:00:27.639877 0.060262 tcp 10.0.2.109 62324 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:00:27.700431 0.157039 tcp 10.0.2.109 62325 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:00:28.045743 2.994847 tcp 10.0.2.109 62326 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:00:37.038662 0.000000 tcp 10.0.2.109 62326 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:00:43.047646 0.064248 tcp 10.0.2.109 62327 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:00:43.111719 0.063176 tcp 10.0.2.109 62328 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:00:43.174712 0.162564 tcp 10.0.2.109 62329 -> 195.113.214.249 443 SRPA* 0 0 27 11834 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:00:43.409685 3.002009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 21:00:43.515117 2.997692 tcp 10.0.2.109 62330 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:00:50.427755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:00:52.511015 0.000000 tcp 10.0.2.109 62330 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:00:58.429378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:00:58.509515 3.070762 tcp 10.0.2.109 62331 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:01:07.532711 0.000000 tcp 10.0.2.109 62331 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:01:13.521248 3.004293 tcp 10.0.2.109 62332 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:01:14.432292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:01:22.523675 0.000000 tcp 10.0.2.109 62332 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:01:27.461070 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:01:46.438598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:07:54.462323 2.999257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 21:08:01.467134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:08:09.491664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:08:25.481672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:08:57.488147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:10:31.303050 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:10:31.303155 0.075862 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:31.433290 0.104459 rtp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:31.500037 0.176404 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:31.665835 0.078340 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:31.868089 0.107942 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:31.935702 0.386205 rtp 10.0.2.109 3683 <-> 212.119.65.13 2834 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:32.637718 0.046408 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:32.680936 0.136430 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:32.822501 0.053246 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:33.061598 0.143674 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:33.357080 0.073163 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:33.411757 0.276888 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:33.881658 0.169601 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:34.274357 0.148817 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:34.413198 0.175026 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:34.585160 0.067325 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:34.830716 0.110110 rtp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:34.903899 0.141435 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:35.407741 0.184520 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:35.554104 0.157837 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:35.721412 0.446768 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:36.379139 0.168724 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:36.616618 0.315377 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:37.168379 0.163434 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:37.309894 0.115670 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:37.622463 0.324557 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:37.944654 0.353140 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:38.293884 0.396461 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:10:43.550848 3.003603 tcp 10.0.2.109 62333 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:10:52.553038 0.000000 tcp 10.0.2.109 62333 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:10:58.553725 0.061602 tcp 10.0.2.109 62334 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:10:58.615665 0.064951 tcp 10.0.2.109 62335 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:10:58.680898 0.158457 tcp 10.0.2.109 62336 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:10:59.540645 2.997036 tcp 10.0.2.109 62337 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:11:08.545983 0.000000 tcp 10.0.2.109 62337 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:11:14.535601 0.060174 tcp 10.0.2.109 62338 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:11:14.596104 0.068353 tcp 10.0.2.109 62339 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:11:14.664794 0.150890 tcp 10.0.2.109 62340 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:11:15.138851 3.001101 tcp 10.0.2.109 62341 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:11:24.138728 0.000000 tcp 10.0.2.109 62341 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:11:30.138035 0.060205 tcp 10.0.2.109 62342 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:11:30.198513 0.063589 tcp 10.0.2.109 62343 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:11:30.262413 0.149845 tcp 10.0.2.109 62344 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:11:30.578273 3.004075 tcp 10.0.2.109 62345 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:11:39.585168 0.000000 tcp 10.0.2.109 62345 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:11:45.579659 3.004981 tcp 10.0.2.109 62346 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:11:54.582442 0.000000 tcp 10.0.2.109 62346 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:12:00.581280 3.004045 tcp 10.0.2.109 62347 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:12:09.584150 0.000000 tcp 10.0.2.109 62347 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:12:14.460834 0.061880 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:15:10.496809 3.001491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 21:15:17.504172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:15:25.505935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:15:41.508772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:16:13.524696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:17:15.584722 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:17:15.585005 2.993191 tcp 10.0.2.109 62348 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:17:24.586806 0.000000 tcp 10.0.2.109 62348 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:17:30.587198 0.063189 tcp 10.0.2.109 62349 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:17:30.650643 0.061745 tcp 10.0.2.109 62350 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:17:30.712724 0.157972 tcp 10.0.2.109 62351 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:17:31.075075 2.995278 tcp 10.0.2.109 62352 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:17:40.069038 0.000000 tcp 10.0.2.109 62352 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:17:46.068386 0.063709 tcp 10.0.2.109 62353 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:17:46.132396 0.809484 tcp 10.0.2.109 62354 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:17:46.942225 0.155489 tcp 10.0.2.109 62355 -> 195.113.214.249 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:17:47.127203 3.006075 tcp 10.0.2.109 62356 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:17:56.132080 0.000000 tcp 10.0.2.109 62356 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:18:02.121438 0.062930 tcp 10.0.2.109 62357 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:18:02.184644 0.066202 tcp 10.0.2.109 62358 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:18:02.251192 0.150714 tcp 10.0.2.109 62359 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:18:02.611840 3.004212 tcp 10.0.2.109 62360 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:18:11.614379 0.000000 tcp 10.0.2.109 62360 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:18:17.613264 2.994255 tcp 10.0.2.109 62361 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:18:26.616042 0.000000 tcp 10.0.2.109 62361 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:18:33.729170 2.960654 tcp 10.0.2.109 62362 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:18:42.614333 0.000000 tcp 10.0.2.109 62362 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:18:47.406273 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:22:17.530597 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 21:22:24.537734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:22:32.539613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:22:48.542565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:23:20.548890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:23:47.617919 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:23:47.618104 3.003701 tcp 10.0.2.109 62363 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:23:56.620531 0.000000 tcp 10.0.2.109 62363 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:24:02.621258 0.061531 tcp 10.0.2.109 62364 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:24:02.683119 0.061759 tcp 10.0.2.109 62365 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:24:02.745217 0.155311 tcp 10.0.2.109 62366 -> 195.113.214.249 443 SRPA* 0 0 28 14376 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:24:03.005942 2.998395 tcp 10.0.2.109 62367 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:24:12.002856 0.000000 tcp 10.0.2.109 62367 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:24:18.001843 0.059670 tcp 10.0.2.109 62368 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:24:18.061813 0.063100 tcp 10.0.2.109 62369 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:24:18.125248 0.157345 tcp 10.0.2.109 62370 -> 195.113.214.249 443 SRPA* 0 0 23 12930 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:24:18.413486 3.002888 tcp 10.0.2.109 62371 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:24:27.414646 0.000000 tcp 10.0.2.109 62371 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:24:33.413871 0.066298 tcp 10.0.2.109 62372 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:24:33.480448 0.064025 tcp 10.0.2.109 62373 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:24:33.544775 0.159325 tcp 10.0.2.109 62374 -> 195.113.214.249 443 SRPA* 0 0 20 11308 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:24:34.245927 2.992923 tcp 10.0.2.109 62375 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:24:43.237521 0.000000 tcp 10.0.2.109 62375 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:24:49.246037 2.994492 tcp 10.0.2.109 62376 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:24:58.239103 0.000000 tcp 10.0.2.109 62376 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:25:04.248009 3.005584 tcp 10.0.2.109 62377 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:25:13.250833 0.000000 tcp 10.0.2.109 62377 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:25:17.957407 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:29:24.554311 3.001700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 21:29:31.562063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:29:39.596063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:29:55.576362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:30:19.251529 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:30:19.251728 3.003277 tcp 10.0.2.109 62378 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:30:27.582700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:30:28.253642 0.000000 tcp 10.0.2.109 62378 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:30:34.253761 0.063420 tcp 10.0.2.109 62379 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:30:34.317517 0.062684 tcp 10.0.2.109 62380 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:30:34.380494 0.158057 tcp 10.0.2.109 62381 -> 195.113.214.249 443 SRPA* 0 0 25 12168 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:30:34.768552 3.008822 tcp 10.0.2.109 62382 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:30:43.785813 0.000000 tcp 10.0.2.109 62382 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:30:49.765617 0.060951 tcp 10.0.2.109 62383 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:30:49.826827 0.061098 tcp 10.0.2.109 62384 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:30:49.888120 0.158413 tcp 10.0.2.109 62385 -> 195.113.214.249 443 SRPA* 0 0 27 14324 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:30:50.075990 2.993425 tcp 10.0.2.109 62386 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:30:59.067831 0.000000 tcp 10.0.2.109 62386 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:31:05.077364 0.064981 tcp 10.0.2.109 62387 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:31:05.142671 0.072221 tcp 10.0.2.109 62388 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:31:05.215185 0.161987 tcp 10.0.2.109 62389 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:31:05.520422 3.001360 tcp 10.0.2.109 62390 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:31:14.520379 0.000000 tcp 10.0.2.109 62390 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:31:20.518990 3.004162 tcp 10.0.2.109 62391 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:31:29.522056 0.000000 tcp 10.0.2.109 62391 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:31:35.520531 3.004374 tcp 10.0.2.109 62392 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:31:44.523473 0.000000 tcp 10.0.2.109 62392 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:31:49.460391 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:36:31.589553 3.000796 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 21:36:38.595533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:36:46.597626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:37:02.602322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:37:34.606218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:40:51.419836 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:40:51.420031 0.169327 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:40:51.577828 0.078090 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:40:51.688296 0.100030 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:40:51.750833 0.075666 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:40:52.010129 0.107457 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:40:52.077766 0.000000 udp 10.0.2.109 3683 -> 212.119.65.13 2834 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 21:41:05.550891 3.003258 tcp 10.0.2.109 62393 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:41:10.779208 0.065213 tcp 10.0.2.109 62394 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:41:10.844682 0.061159 tcp 10.0.2.109 62395 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:41:10.906119 0.152473 tcp 10.0.2.109 62396 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:41:11.059209 0.052892 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:11.108318 0.134252 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:11.429564 0.053195 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:11.586833 0.192169 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:11.772023 0.169120 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:11.916803 0.147453 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:12.056873 0.156666 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:12.222521 0.070316 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2007 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:12.276544 0.172964 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:12.446330 0.068443 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:12.857298 0.114563 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:12.937159 0.141172 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:13.410284 0.192597 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:13.692576 0.151784 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:13.843272 0.314407 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:14.254844 0.442384 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:14.552621 0.000000 tcp 10.0.2.109 62393 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:41:14.894729 0.166982 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2525 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:15.065800 0.324114 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:15.387282 0.351380 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:15.734545 0.166157 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:15.878498 0.141870 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:16.102335 0.396375 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/16 21:41:20.553111 0.059999 tcp 10.0.2.109 62397 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:41:20.613438 0.060772 tcp 10.0.2.109 62398 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:41:20.674397 0.155027 tcp 10.0.2.109 62399 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:41:20.919246 3.008199 tcp 10.0.2.109 62400 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:41:29.924932 0.000000 tcp 10.0.2.109 62400 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:43:38.613296 3.001035 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 21:43:45.620189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:43:53.621698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:44:09.624968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:44:41.630691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:46:35.917045 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:46:35.917193 2.992045 tcp 10.0.2.109 62401 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:46:44.918587 0.000000 tcp 10.0.2.109 62401 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:46:50.919686 0.061385 tcp 10.0.2.109 62402 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:46:50.981412 0.062230 tcp 10.0.2.109 62403 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:46:51.043970 0.154370 tcp 10.0.2.109 62404 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:46:51.299280 2.992247 tcp 10.0.2.109 62405 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:47:00.290067 0.000000 tcp 10.0.2.109 62405 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:47:06.299391 0.428223 tcp 10.0.2.109 62406 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:47:06.727907 0.062623 tcp 10.0.2.109 62407 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:47:06.790811 0.155630 tcp 10.0.2.109 62408 -> 195.113.214.249 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:47:06.974192 2.975659 tcp 10.0.2.109 62409 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:47:15.891220 0.000000 tcp 10.0.2.109 62409 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:47:21.822972 0.061539 tcp 10.0.2.109 62410 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:47:21.884811 0.062213 tcp 10.0.2.109 62411 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:47:21.947298 0.156714 tcp 10.0.2.109 62412 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:47:22.287311 2.975423 tcp 10.0.2.109 62413 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:47:31.206793 0.000000 tcp 10.0.2.109 62413 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:47:37.139973 2.969582 tcp 10.0.2.109 62414 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:47:46.075666 0.000000 tcp 10.0.2.109 62414 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:47:52.074746 2.993971 tcp 10.0.2.109 62415 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:48:01.077238 0.000000 tcp 10.0.2.109 62415 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:48:05.954523 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:50:45.639739 2.998645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 21:50:52.647429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:51:00.645400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:51:16.648569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:51:48.654735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:53:07.077930 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:53:07.078088 3.003580 tcp 10.0.2.109 62416 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:53:16.080549 0.000000 tcp 10.0.2.109 62416 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:53:22.080660 0.061057 tcp 10.0.2.109 62417 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:53:22.142087 0.060387 tcp 10.0.2.109 62418 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:53:22.202819 0.162714 tcp 10.0.2.109 62419 -> 195.113.214.249 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:53:22.536605 2.997388 tcp 10.0.2.109 62420 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:53:31.532410 0.000000 tcp 10.0.2.109 62420 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:53:37.531753 0.060157 tcp 10.0.2.109 62421 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:53:37.592198 0.064594 tcp 10.0.2.109 62422 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:53:37.657151 0.151004 tcp 10.0.2.109 62423 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:53:37.856304 2.999630 tcp 10.0.2.109 62424 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:53:46.854232 0.000000 tcp 10.0.2.109 62424 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:53:52.853767 0.063881 tcp 10.0.2.109 62425 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:53:52.917942 0.067738 tcp 10.0.2.109 62426 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:53:52.985966 0.150060 tcp 10.0.2.109 62427 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:53:53.257188 2.990834 tcp 10.0.2.109 62428 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:54:02.256897 0.000000 tcp 10.0.2.109 62428 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:54:08.255658 2.993828 tcp 10.0.2.109 62429 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:54:17.248394 0.000000 tcp 10.0.2.109 62429 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:54:23.257780 2.993415 tcp 10.0.2.109 62430 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:54:32.249957 0.000000 tcp 10.0.2.109 62430 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:57:52.660708 3.001696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 21:57:59.668114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:58:07.669509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:58:23.672147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:58:55.678933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 21:59:38.261409 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 21:59:38.261514 3.002457 tcp 10.0.2.109 62431 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:59:47.262774 0.000000 tcp 10.0.2.109 62431 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 21:59:53.266258 0.063905 tcp 10.0.2.109 62432 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:59:53.330457 0.062188 tcp 10.0.2.109 62433 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:59:53.392914 0.163798 tcp 10.0.2.109 62434 -> 195.113.214.249 443 SRPA* 0 0 33 22252 flow=From-Botnet-V1-TCP-Established 1970/02/16 21:59:54.630982 2.996917 tcp 10.0.2.109 62435 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:00:03.636104 0.000000 tcp 10.0.2.109 62435 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:00:09.625310 0.059724 tcp 10.0.2.109 62436 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:00:09.685331 0.062827 tcp 10.0.2.109 62437 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:00:09.748477 0.160514 tcp 10.0.2.109 62438 -> 195.113.214.249 443 SRPA* 0 0 49 30216 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:00:09.975326 2.994383 tcp 10.0.2.109 62439 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:00:18.969133 0.000000 tcp 10.0.2.109 62439 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:00:24.979760 0.060839 tcp 10.0.2.109 62440 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:00:25.040317 0.073237 tcp 10.0.2.109 62441 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:00:25.113407 0.161093 tcp 10.0.2.109 62442 -> 195.113.214.249 443 SRPA* 0 0 39 20856 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:00:25.393829 2.998166 tcp 10.0.2.109 62443 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:00:34.390666 0.000000 tcp 10.0.2.109 62443 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:00:40.389304 3.004299 tcp 10.0.2.109 62444 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:00:49.392087 0.000000 tcp 10.0.2.109 62444 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:00:55.394823 3.000355 tcp 10.0.2.109 62445 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:01:04.393850 0.000000 tcp 10.0.2.109 62445 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:05:23.689526 3.001209 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 22:05:30.696495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:05:38.697878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:05:54.701084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:06:10.393943 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:06:10.394136 2.993820 tcp 10.0.2.109 62446 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:06:19.396493 0.000000 tcp 10.0.2.109 62446 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:06:25.397379 0.064122 tcp 10.0.2.109 62447 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:06:25.461837 0.064849 tcp 10.0.2.109 62448 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:06:25.527041 0.159275 tcp 10.0.2.109 62449 -> 195.113.214.249 443 SRPA* 0 0 27 11688 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:06:25.906904 3.002900 tcp 10.0.2.109 62450 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:06:26.707144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:06:34.908810 0.000000 tcp 10.0.2.109 62450 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:06:40.908075 0.060166 tcp 10.0.2.109 62451 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:06:40.968593 0.062598 tcp 10.0.2.109 62452 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:06:41.031526 0.159770 tcp 10.0.2.109 62453 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:06:41.315768 2.996757 tcp 10.0.2.109 62454 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:06:50.311139 0.000000 tcp 10.0.2.109 62454 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:06:56.309979 3.004141 tcp 10.0.2.109 62455 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:07:05.312548 0.000000 tcp 10.0.2.109 62455 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:11:37.574156 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:11:37.574325 0.293784 udp 10.0.2.109 3683 -> 212.119.65.13 2834 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 22:11:37.868109 0.000000 icmp 212.119.65.13 0x0303 -> 10.0.2.109 0x120b URP 192 1 190 flow=Background 1970/02/16 22:11:53.549564 0.068273 tcp 10.0.2.109 62456 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:11:53.618184 0.064605 tcp 10.0.2.109 62457 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:11:53.683060 0.146165 tcp 10.0.2.109 62458 -> 195.113.214.249 443 SRPA* 0 0 41 33160 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:11:53.829879 0.093881 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:53.885239 0.178623 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2557 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:54.189377 0.078123 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:54.248094 0.075667 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:54.446646 0.111114 udp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:54.519330 0.053001 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:54.830914 0.196433 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:55.019970 0.168342 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:55.166476 0.053168 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:55.253496 0.137522 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:55.380114 0.157393 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:55.529555 0.145554 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:55.635489 0.071957 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:55.800312 0.168890 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:55.965522 0.069587 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:56.540338 0.112854 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:56.613675 0.154856 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:57.325984 0.142212 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:57.460464 0.193319 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:57.660162 0.315658 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:57.974413 0.426912 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:58.471316 0.172670 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:58.639405 0.334186 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:58.971465 0.353493 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:59.321597 0.167943 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:59.465704 0.142867 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:11:59.796015 0.404539 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:12:11.312980 3.003764 tcp 10.0.2.109 62459 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:12:20.315583 0.000000 tcp 10.0.2.109 62459 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:12:26.315461 0.061137 tcp 10.0.2.109 62460 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:12:26.376874 0.065174 tcp 10.0.2.109 62461 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:12:26.442457 0.159049 tcp 10.0.2.109 62462 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:12:26.649281 2.989678 tcp 10.0.2.109 62463 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:12:32.762293 2.980288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 22:12:35.672817 0.000000 tcp 10.0.2.109 62463 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:12:39.726801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:12:41.647096 0.059708 tcp 10.0.2.109 62464 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:12:41.707132 0.061864 tcp 10.0.2.109 62465 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:12:41.769250 0.155819 tcp 10.0.2.109 62466 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:12:42.168536 3.002534 tcp 10.0.2.109 62467 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:12:47.724367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:12:51.169864 0.000000 tcp 10.0.2.109 62467 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:12:57.169115 0.104833 tcp 10.0.2.109 62468 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:12:57.274289 0.065720 tcp 10.0.2.109 62469 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:12:57.339834 0.156222 tcp 10.0.2.109 62470 -> 195.113.214.249 443 SRPA* 0 0 23 12060 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:12:57.727149 2.996163 tcp 10.0.2.109 62471 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:13:03.727805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:13:06.722055 0.000000 tcp 10.0.2.109 62471 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:13:12.720566 3.008360 tcp 10.0.2.109 62472 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:13:21.723096 0.000000 tcp 10.0.2.109 62472 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:13:27.722590 3.004136 tcp 10.0.2.109 62473 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:13:35.738424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:13:36.727835 0.000000 tcp 10.0.2.109 62473 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:13:41.462403 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:18:42.726205 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:18:42.726323 2.993272 tcp 10.0.2.109 62474 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:18:51.718404 0.000000 tcp 10.0.2.109 62474 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:18:57.728648 0.062013 tcp 10.0.2.109 62475 -> 195.113.214.234 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:18:57.790932 0.061294 tcp 10.0.2.109 62476 -> 195.113.214.249 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:18:57.852521 0.160806 tcp 10.0.2.109 62477 -> 195.113.214.249 443 SRPA* 0 0 23 12928 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:18:58.190622 3.001365 tcp 10.0.2.109 62478 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:19:07.190624 0.000000 tcp 10.0.2.109 62478 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:19:13.189755 0.060727 tcp 10.0.2.109 62479 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:19:13.250731 0.061140 tcp 10.0.2.109 62480 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:19:13.311744 0.157677 tcp 10.0.2.109 62481 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:19:13.972306 3.002259 tcp 10.0.2.109 62482 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:19:22.973324 0.000000 tcp 10.0.2.109 62482 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:19:28.975271 0.063843 tcp 10.0.2.109 62483 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:19:29.038936 0.061990 tcp 10.0.2.109 62484 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:19:29.101189 0.275587 tcp 10.0.2.109 62485 -> 195.113.214.249 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:19:29.544142 3.002293 tcp 10.0.2.109 62486 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:19:38.545202 0.000000 tcp 10.0.2.109 62486 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:19:44.534292 2.993975 tcp 10.0.2.109 62487 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:19:44.747491 3.001235 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 22:19:51.754350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:19:53.536985 0.000000 tcp 10.0.2.109 62487 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:19:59.536145 2.993745 tcp 10.0.2.109 62488 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:19:59.755596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:20:08.528859 0.000000 tcp 10.0.2.109 62488 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:20:13.455723 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:20:15.759060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:20:47.765036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:25:14.539485 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:25:14.539638 3.003356 tcp 10.0.2.109 62489 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:25:23.541382 0.000000 tcp 10.0.2.109 62489 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:25:29.614716 0.065017 tcp 10.0.2.109 62490 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:25:29.680062 0.065339 tcp 10.0.2.109 62491 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:25:29.745689 0.157434 tcp 10.0.2.109 62492 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:25:29.977020 2.972346 tcp 10.0.2.109 62493 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:25:38.903588 0.000000 tcp 10.0.2.109 62493 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:25:44.902551 0.060733 tcp 10.0.2.109 62494 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:25:44.963565 0.064051 tcp 10.0.2.109 62495 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:25:45.027907 0.150977 tcp 10.0.2.109 62496 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:25:45.407908 3.012001 tcp 10.0.2.109 62497 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:25:54.536872 0.000000 tcp 10.0.2.109 62497 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:26:00.467165 0.061170 tcp 10.0.2.109 62498 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:26:00.528642 0.062838 tcp 10.0.2.109 62499 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:26:00.591769 0.162559 tcp 10.0.2.109 62500 -> 195.113.214.249 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:26:01.045108 2.975574 tcp 10.0.2.109 62501 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:26:09.988609 0.000000 tcp 10.0.2.109 62501 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:26:15.987000 2.994315 tcp 10.0.2.109 62502 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:26:24.980528 0.000000 tcp 10.0.2.109 62502 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:26:30.989044 3.003726 tcp 10.0.2.109 62503 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:26:40.110499 0.000000 tcp 10.0.2.109 62503 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:26:45.027320 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:26:55.776242 3.002188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 22:27:02.784026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:27:10.785775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:27:26.788820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:27:58.794872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:31:45.991805 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:31:45.991945 3.003621 tcp 10.0.2.109 62504 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:31:56.607868 0.000000 tcp 10.0.2.109 62504 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:32:02.534193 0.061825 tcp 10.0.2.109 62505 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:32:02.596268 0.065047 tcp 10.0.2.109 62506 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:32:02.661587 0.149338 tcp 10.0.2.109 62507 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:32:03.104660 2.954201 tcp 10.0.2.109 62508 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:32:11.989359 0.000000 tcp 10.0.2.109 62508 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:32:17.916062 0.065004 tcp 10.0.2.109 62509 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:32:17.981392 0.064506 tcp 10.0.2.109 62510 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:32:18.046252 0.158249 tcp 10.0.2.109 62511 -> 195.113.214.249 443 SRPA* 0 0 35 16804 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:32:18.482869 2.958172 tcp 10.0.2.109 62512 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:32:27.365378 0.000000 tcp 10.0.2.109 62512 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:32:33.298404 0.063240 tcp 10.0.2.109 62513 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:32:33.362027 0.061623 tcp 10.0.2.109 62514 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:32:33.423936 0.157134 tcp 10.0.2.109 62515 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:32:33.627252 2.971001 tcp 10.0.2.109 62516 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:32:42.518590 0.000000 tcp 10.0.2.109 62516 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:32:48.448000 2.972575 tcp 10.0.2.109 62517 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:32:57.348444 0.000000 tcp 10.0.2.109 62517 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:33:03.275149 2.964992 tcp 10.0.2.109 62518 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:33:12.167862 0.000000 tcp 10.0.2.109 62518 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:33:17.086203 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:34:02.873785 2.966655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 22:34:09.808338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:34:17.809589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:34:33.812548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:35:06.219618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:41:09.834713 3.001903 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 22:41:16.842375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:41:24.843854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:41:40.846863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:42:12.852827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:42:14.114721 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:42:14.114811 0.078107 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:14.171638 0.075301 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:14.390672 0.108382 rtp 10.0.2.109 3683 <-> 91.6.47.138 5333 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:14.457737 0.102757 rtp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:15.004139 0.173272 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:15.166080 0.637382 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:15.967564 0.186622 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:16.147473 0.169424 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:16.293942 0.046023 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:16.425961 0.132606 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:16.550552 0.290294 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:16.702906 0.150557 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:16.964707 0.072146 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:17.022498 0.172093 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:17.191381 0.064843 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:17.509631 3.004848 tcp 10.0.2.109 62519 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:42:17.547088 0.111670 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:17.861155 0.179726 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:18.085014 0.314522 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:18.630900 0.155864 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:18.782898 0.142213 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:18.979293 0.437561 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:19.418297 0.169122 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:19.583803 0.327787 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:19.909193 0.115885 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:20.066454 0.353885 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:20.416327 0.166149 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:20.559098 0.403399 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/16 22:42:26.512607 0.000000 tcp 10.0.2.109 62519 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:42:32.512580 0.063573 tcp 10.0.2.109 62520 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:42:32.576417 0.066060 tcp 10.0.2.109 62521 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:42:32.642786 0.156832 tcp 10.0.2.109 62522 -> 195.113.214.249 443 SRPA* 0 0 32 16806 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:42:33.267374 2.999010 tcp 10.0.2.109 62523 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:42:42.265183 0.000000 tcp 10.0.2.109 62523 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:42:48.264179 0.068786 tcp 10.0.2.109 62524 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:42:48.333319 0.065933 tcp 10.0.2.109 62525 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:42:48.399169 0.156648 tcp 10.0.2.109 62526 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:42:48.642501 2.996004 tcp 10.0.2.109 62527 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:42:57.647010 0.000000 tcp 10.0.2.109 62527 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:43:03.635775 2.994061 tcp 10.0.2.109 62528 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:43:12.628642 0.000000 tcp 10.0.2.109 62528 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:48:16.859063 3.001237 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 22:48:18.639486 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:48:18.639611 3.006248 tcp 10.0.2.109 62529 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:48:23.865690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:48:27.641658 0.000000 tcp 10.0.2.109 62529 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:48:31.867653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:48:33.642025 0.061125 tcp 10.0.2.109 62530 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:48:33.703428 0.063376 tcp 10.0.2.109 62531 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:48:33.767108 0.152792 tcp 10.0.2.109 62532 -> 195.113.214.249 443 SRPA* 0 0 34 19454 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:48:34.124547 3.000545 tcp 10.0.2.109 62533 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:48:43.123788 0.000000 tcp 10.0.2.109 62533 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:48:47.870676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:48:49.123226 0.062667 tcp 10.0.2.109 62534 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:48:49.186247 0.059270 tcp 10.0.2.109 62535 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:48:49.245798 0.153246 tcp 10.0.2.109 62536 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:48:49.493365 3.004338 tcp 10.0.2.109 62537 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:48:58.506698 0.000000 tcp 10.0.2.109 62537 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:49:04.485254 0.060345 tcp 10.0.2.109 62538 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:49:04.545888 0.066034 tcp 10.0.2.109 62539 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:49:04.612183 0.152604 tcp 10.0.2.109 62540 -> 195.113.214.249 443 SRPA* 0 0 20 10686 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:49:05.157105 2.992491 tcp 10.0.2.109 62541 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:49:14.148183 0.000000 tcp 10.0.2.109 62541 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:49:19.876756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:49:20.157231 3.004052 tcp 10.0.2.109 62542 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:49:29.159999 0.000000 tcp 10.0.2.109 62542 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:49:35.159044 3.004046 tcp 10.0.2.109 62543 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:49:44.161348 0.000000 tcp 10.0.2.109 62543 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:49:48.958679 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:54:50.161893 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:54:50.162133 3.003407 tcp 10.0.2.109 62544 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:54:59.164666 0.000000 tcp 10.0.2.109 62544 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:55:05.165278 0.062724 tcp 10.0.2.109 62545 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:55:05.228308 0.064458 tcp 10.0.2.109 62546 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:55:05.293075 0.158004 tcp 10.0.2.109 62547 -> 195.113.214.249 443 SRPA* 0 0 27 14324 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:55:05.584703 2.993156 tcp 10.0.2.109 62548 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:55:14.586813 0.000000 tcp 10.0.2.109 62548 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:55:20.585884 0.158768 tcp 10.0.2.109 62549 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:55:20.744966 0.070258 tcp 10.0.2.109 62550 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:55:20.815779 0.166936 tcp 10.0.2.109 62551 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:55:21.059434 2.969537 tcp 10.0.2.109 62552 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:55:29.978840 0.000000 tcp 10.0.2.109 62552 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:55:35.987851 0.060288 tcp 10.0.2.109 62553 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:55:36.048432 0.061763 tcp 10.0.2.109 62554 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:55:36.109965 0.371796 tcp 10.0.2.109 62555 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/16 22:55:36.555975 2.996578 tcp 10.0.2.109 62556 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:55:45.551015 0.000000 tcp 10.0.2.109 62556 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:55:48.889670 3.001123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 22:55:51.550982 3.002797 tcp 10.0.2.109 62557 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:55:55.896558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:56:00.797312 0.000000 tcp 10.0.2.109 62557 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:56:04.120299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:56:06.741186 2.971366 tcp 10.0.2.109 62558 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:56:15.659924 0.000000 tcp 10.0.2.109 62558 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 22:56:19.977533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 22:56:20.524457 0.000184 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 22:56:51.916698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:01:21.557026 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:01:21.557215 2.991344 tcp 10.0.2.109 62559 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:01:30.557270 0.000000 tcp 10.0.2.109 62559 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:01:36.557762 0.062517 tcp 10.0.2.109 62560 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:01:36.620118 0.071379 tcp 10.0.2.109 62561 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:01:36.691783 0.164710 tcp 10.0.2.109 62562 -> 195.113.214.249 443 SRPA* 0 0 42 20866 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:01:37.313402 2.998517 tcp 10.0.2.109 62563 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:01:46.314193 0.000000 tcp 10.0.2.109 62563 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:01:52.309377 0.082319 tcp 10.0.2.109 62564 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:01:52.392037 0.062585 tcp 10.0.2.109 62565 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:01:52.454950 0.158051 tcp 10.0.2.109 62566 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:01:53.928940 2.995972 tcp 10.0.2.109 62567 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:02:02.923792 0.000000 tcp 10.0.2.109 62567 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:02:08.922937 0.063162 tcp 10.0.2.109 62568 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:02:08.986491 0.066503 tcp 10.0.2.109 62569 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:02:09.053349 0.154737 tcp 10.0.2.109 62570 -> 195.113.214.249 443 SRPA* 0 0 30 22090 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:02:09.489029 2.998526 tcp 10.0.2.109 62571 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:02:18.495992 0.000000 tcp 10.0.2.109 62571 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:02:24.484991 2.997627 tcp 10.0.2.109 62572 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:02:33.481150 0.000000 tcp 10.0.2.109 62572 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:02:39.486622 2.993853 tcp 10.0.2.109 62573 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:02:48.479171 0.000000 tcp 10.0.2.109 62573 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:02:53.457054 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:02:55.922048 3.002415 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 23:03:02.930667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:03:10.931171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:03:26.934746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:03:58.940676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:07:54.489826 0.000247 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:07:54.490280 3.003434 tcp 10.0.2.109 62574 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:08:03.492116 0.000000 tcp 10.0.2.109 62574 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:08:09.494189 0.061619 tcp 10.0.2.109 62575 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:08:09.556054 0.065352 tcp 10.0.2.109 62576 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:08:09.621690 0.132694 tcp 10.0.2.109 62577 -> 195.113.214.249 443 SRPA* 0 0 35 26872 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:08:10.497534 3.009092 tcp 10.0.2.109 62578 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:08:19.505168 0.000000 tcp 10.0.2.109 62578 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:10:02.948398 2.999751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/16 23:10:09.954018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:10:17.958633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:10:33.958495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:11:05.964682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:12:38.777995 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:12:38.778258 0.000000 udp 10.0.2.109 3683 -> 91.6.47.138 5333 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 23:12:54.549062 0.064544 tcp 10.0.2.109 62579 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:12:54.613832 0.067172 tcp 10.0.2.109 62580 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:12:54.681298 0.150733 tcp 10.0.2.109 62581 -> 195.113.214.249 443 SRPA* 0 0 25 13482 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:12:54.833082 0.105542 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:54.899833 0.075358 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:55.135499 0.075663 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:55.334652 0.176323 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:55.498970 0.054056 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:55.615477 0.193552 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:55.800672 0.167833 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:55.947760 0.045469 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:56.240741 0.135723 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:56.368058 0.143674 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:56.575821 0.144684 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:56.682293 0.072551 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:57.068125 0.172256 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:57.237878 0.069491 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:57.355848 0.109249 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2007 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:57.426453 0.151710 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 1964 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:58.003831 0.142471 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:58.138198 0.175365 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:58.289116 0.316464 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:58.663663 0.611301 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:59.309573 0.166470 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:59.652350 0.329008 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:12:59.979349 0.171063 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2575 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:13:00.125890 0.402830 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:13:00.508710 0.128170 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:13:00.809627 0.353371 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:13:25.495484 2.994043 tcp 10.0.2.109 62582 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:13:34.487908 0.000000 tcp 10.0.2.109 62582 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:13:39.455038 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:13:40.497270 0.060838 tcp 10.0.2.109 62583 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:13:40.558478 0.061807 tcp 10.0.2.109 62584 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:13:40.620565 0.156658 tcp 10.0.2.109 62585 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:13:41.165405 2.996625 tcp 10.0.2.109 62586 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:13:50.162614 0.000000 tcp 10.0.2.109 62586 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:13:56.160088 0.180845 tcp 10.0.2.109 62587 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:13:56.341249 0.063517 tcp 10.0.2.109 62588 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:13:56.405035 0.150658 tcp 10.0.2.109 62589 -> 195.113.214.249 443 SRPA* 0 0 24 14016 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:13:57.810578 2.977456 tcp 10.0.2.109 62590 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:14:06.735358 0.000000 tcp 10.0.2.109 62590 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:14:12.703661 0.064259 tcp 10.0.2.109 62591 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:14:12.768218 0.060836 tcp 10.0.2.109 62592 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:14:12.829411 0.152247 tcp 10.0.2.109 62593 -> 195.113.214.249 443 SRPA* 0 0 32 17638 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:14:13.473639 2.995032 tcp 10.0.2.109 62594 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:14:22.478962 0.000000 tcp 10.0.2.109 62594 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:14:28.465823 2.994312 tcp 10.0.2.109 62595 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:14:37.458565 0.000000 tcp 10.0.2.109 62595 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:14:43.467352 3.004426 tcp 10.0.2.109 62596 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:14:52.470612 0.000000 tcp 10.0.2.109 62596 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:14:57.457561 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:17:09.970012 3.002353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 23:17:16.977826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:17:24.979424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:17:40.986653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:18:12.987930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:19:58.470893 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:19:58.471084 3.003254 tcp 10.0.2.109 62597 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:20:07.472892 0.000000 tcp 10.0.2.109 62597 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:20:13.473089 0.066131 tcp 10.0.2.109 62598 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:20:13.539522 0.062958 tcp 10.0.2.109 62599 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:20:13.602819 0.154118 tcp 10.0.2.109 62600 -> 195.113.214.249 443 SRPA* 0 0 44 21576 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:20:14.209598 3.007700 tcp 10.0.2.109 62601 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:20:23.215857 0.000000 tcp 10.0.2.109 62601 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:20:29.205162 0.060176 tcp 10.0.2.109 62602 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:20:29.265631 0.066250 tcp 10.0.2.109 62603 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:20:29.332201 0.152051 tcp 10.0.2.109 62604 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:20:29.834385 2.995030 tcp 10.0.2.109 62605 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:20:38.828354 0.000000 tcp 10.0.2.109 62605 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:20:44.827267 0.064551 tcp 10.0.2.109 62606 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:20:44.892123 0.068922 tcp 10.0.2.109 62607 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:20:44.960913 0.155741 tcp 10.0.2.109 62608 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:20:45.137452 3.004124 tcp 10.0.2.109 62609 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:20:54.140206 0.000000 tcp 10.0.2.109 62609 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:21:00.139068 3.004000 tcp 10.0.2.109 62610 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:21:09.141710 0.000000 tcp 10.0.2.109 62610 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:21:15.140564 3.003552 tcp 10.0.2.109 62611 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:21:24.143101 0.000000 tcp 10.0.2.109 62611 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:24:18.999355 2.999666 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 23:24:26.004857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:24:34.006461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:24:50.009335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:25:22.015266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:26:30.143872 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:26:30.144036 2.993671 tcp 10.0.2.109 62612 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:26:39.146061 0.000000 tcp 10.0.2.109 62612 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:26:45.146334 0.064971 tcp 10.0.2.109 62613 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:26:45.211538 0.068307 tcp 10.0.2.109 62614 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:26:45.280121 0.152933 tcp 10.0.2.109 62615 -> 195.113.214.249 443 SRPA* 0 0 41 23298 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:26:45.521317 2.998460 tcp 10.0.2.109 62616 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:26:54.518318 0.000000 tcp 10.0.2.109 62616 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:27:00.517634 0.114214 tcp 10.0.2.109 62617 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:27:00.631721 0.066080 tcp 10.0.2.109 62618 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:27:00.697658 0.154692 tcp 10.0.2.109 62619 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:27:00.923756 2.998113 tcp 10.0.2.109 62620 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:27:09.920636 0.000000 tcp 10.0.2.109 62620 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:27:15.919943 0.061123 tcp 10.0.2.109 62621 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:27:15.981379 0.061170 tcp 10.0.2.109 62622 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:27:16.042838 0.153607 tcp 10.0.2.109 62623 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:27:16.258212 3.005519 tcp 10.0.2.109 62624 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:27:25.262421 0.000000 tcp 10.0.2.109 62624 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:27:31.251211 3.004540 tcp 10.0.2.109 62625 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:27:40.253803 0.000000 tcp 10.0.2.109 62625 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:27:46.252953 3.004107 tcp 10.0.2.109 62626 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:27:55.255670 0.000000 tcp 10.0.2.109 62626 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:31:26.021957 3.001153 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 23:31:33.028739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:31:41.030246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:31:57.037538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:32:29.039365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:33:01.256166 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:33:01.256264 2.993827 tcp 10.0.2.109 62627 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:33:10.248543 0.000000 tcp 10.0.2.109 62627 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:33:16.259048 0.064975 tcp 10.0.2.109 62628 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:33:16.324353 0.061178 tcp 10.0.2.109 62629 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:33:16.385908 0.165809 tcp 10.0.2.109 62630 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:33:16.945521 2.996937 tcp 10.0.2.109 62631 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:33:25.941122 0.000000 tcp 10.0.2.109 62631 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:33:31.940345 0.063005 tcp 10.0.2.109 62632 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:33:32.003665 0.061633 tcp 10.0.2.109 62633 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:33:32.065668 0.157203 tcp 10.0.2.109 62634 -> 195.113.214.249 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:33:32.787046 2.998219 tcp 10.0.2.109 62635 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:33:41.783808 0.000000 tcp 10.0.2.109 62635 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:33:47.783118 0.064288 tcp 10.0.2.109 62636 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:33:47.847765 0.060128 tcp 10.0.2.109 62637 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:33:47.908197 0.161963 tcp 10.0.2.109 62638 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:33:48.595826 2.992151 tcp 10.0.2.109 62639 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:33:57.597690 0.000000 tcp 10.0.2.109 62639 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:34:03.595514 2.993949 tcp 10.0.2.109 62640 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:34:12.588353 0.000000 tcp 10.0.2.109 62640 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:34:18.596644 2.994366 tcp 10.0.2.109 62641 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:34:27.589806 0.000000 tcp 10.0.2.109 62641 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:34:32.456826 0.405720 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:38:33.045293 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 23:38:40.058581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:38:48.054437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:39:04.057278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:39:36.063387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:43:30.641073 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:43:30.641319 0.000000 udp 10.0.2.109 3683 -> 91.6.47.138 5333 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 23:43:45.844382 0.061461 tcp 10.0.2.109 62642 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:43:45.906352 0.066798 tcp 10.0.2.109 62643 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:43:45.973424 0.158877 tcp 10.0.2.109 62644 -> 195.113.214.249 443 SRPA* 0 0 42 22668 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:43:46.132546 0.069352 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:46.361528 0.108911 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:46.429059 0.073962 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:46.626768 0.172289 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:46.786906 0.052473 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:46.844122 0.195560 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:47.033241 0.169973 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:47.252514 0.053128 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:47.302901 0.135737 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:47.474573 0.293406 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:47.626642 0.162351 rtp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:47.751513 0.075823 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:47.950787 0.170916 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:48.118048 0.069930 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:48.628527 3.002366 tcp 10.0.2.109 62645 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:43:48.628795 0.115807 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:48.706418 0.170758 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:48.863185 0.319548 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:43:49.282915 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/16 23:43:57.629249 0.000000 tcp 10.0.2.109 62645 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:44:03.633626 0.063375 tcp 10.0.2.109 62646 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:44:03.697294 0.062250 tcp 10.0.2.109 62647 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:44:03.759870 0.152569 tcp 10.0.2.109 62648 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:44:04.978432 2.995382 tcp 10.0.2.109 62649 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:44:07.694292 0.061630 tcp 10.0.2.109 62650 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:44:07.756245 0.061478 tcp 10.0.2.109 62651 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:44:07.818028 0.168705 tcp 10.0.2.109 62652 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:44:07.987252 0.142202 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:44:08.121565 0.446333 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:44:08.754561 0.167667 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:44:08.931310 0.407070 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:44:09.317045 0.140417 rtp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:44:09.480542 0.322936 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:44:09.801130 0.169190 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:44:09.952568 0.350439 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/16 23:44:13.972796 0.000000 tcp 10.0.2.109 62649 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:44:19.972082 0.061598 tcp 10.0.2.109 62653 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:44:20.033973 0.062186 tcp 10.0.2.109 62654 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:44:20.096447 0.154550 tcp 10.0.2.109 62655 -> 195.113.214.249 443 SRPA* 0 0 23 12464 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:44:20.343802 3.004692 tcp 10.0.2.109 62656 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:44:29.344951 0.000000 tcp 10.0.2.109 62656 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:44:35.343936 2.993777 tcp 10.0.2.109 62657 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:44:44.346308 0.000000 tcp 10.0.2.109 62657 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:45:40.069177 3.002099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 23:45:47.076913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:45:55.078284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:46:11.081266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:46:43.087121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:49:50.348147 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:49:50.348314 2.998932 tcp 10.0.2.109 62658 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:49:59.339339 0.000000 tcp 10.0.2.109 62658 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:50:05.350052 0.062753 tcp 10.0.2.109 62659 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:50:05.413108 0.066616 tcp 10.0.2.109 62660 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:50:05.480002 0.155088 tcp 10.0.2.109 62661 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:50:05.728430 3.004372 tcp 10.0.2.109 62662 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:50:14.737044 0.000000 tcp 10.0.2.109 62662 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:50:20.723585 0.064419 tcp 10.0.2.109 62663 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:50:20.788291 0.065990 tcp 10.0.2.109 62664 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:50:20.854559 0.155567 tcp 10.0.2.109 62665 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:50:21.170501 3.004777 tcp 10.0.2.109 62666 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:50:30.173828 0.000000 tcp 10.0.2.109 62666 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:50:36.163089 0.062200 tcp 10.0.2.109 62667 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:50:36.225145 0.067529 tcp 10.0.2.109 62668 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:50:36.292959 0.155657 tcp 10.0.2.109 62669 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:50:36.499832 3.007988 tcp 10.0.2.109 62670 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:50:45.505894 0.000000 tcp 10.0.2.109 62670 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:50:51.494738 3.003492 tcp 10.0.2.109 62671 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:51:00.497493 0.000000 tcp 10.0.2.109 62671 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:51:06.496144 2.994408 tcp 10.0.2.109 62672 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:51:15.489129 0.000000 tcp 10.0.2.109 62672 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:51:20.456042 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:54:32.095362 3.003926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/16 23:54:39.101591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:54:47.103109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:55:03.106006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:55:35.111960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/16 23:56:21.499550 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/16 23:56:21.499703 3.003556 tcp 10.0.2.109 62673 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:56:30.501872 0.000000 tcp 10.0.2.109 62673 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:56:36.506064 0.060188 tcp 10.0.2.109 62674 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:56:36.566541 0.063268 tcp 10.0.2.109 62675 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:56:36.629661 0.171334 tcp 10.0.2.109 62676 -> 195.113.214.249 443 SRPA* 0 0 41 35804 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:56:36.909746 2.995875 tcp 10.0.2.109 62677 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:56:45.903873 0.000000 tcp 10.0.2.109 62677 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:56:51.902681 0.064599 tcp 10.0.2.109 62678 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:56:51.967144 0.069370 tcp 10.0.2.109 62679 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:56:52.036846 0.154220 tcp 10.0.2.109 62680 -> 195.113.214.249 443 SRPA* 0 0 41 21202 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:56:52.404811 3.002862 tcp 10.0.2.109 62681 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:57:01.416197 0.000000 tcp 10.0.2.109 62681 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:57:07.405756 0.072471 tcp 10.0.2.109 62682 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:57:07.478564 0.067362 tcp 10.0.2.109 62683 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:57:07.545942 0.157655 tcp 10.0.2.109 62684 -> 195.113.214.249 443 SRPA* 0 0 21 12822 flow=From-Botnet-V1-TCP-Established 1970/02/16 23:57:07.763688 2.996075 tcp 10.0.2.109 62685 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:57:16.758672 0.000000 tcp 10.0.2.109 62685 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:57:22.756464 2.994226 tcp 10.0.2.109 62686 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:57:31.752555 0.000000 tcp 10.0.2.109 62686 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:57:37.758853 3.057986 tcp 10.0.2.109 62687 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/16 23:57:46.762901 0.000000 tcp 10.0.2.109 62687 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:02:02.130889 4.666636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 00:02:10.754264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:02:18.658089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:02:38.564540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:02:58.242607 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 00:02:58.242785 2.956227 tcp 10.0.2.109 62688 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:03:07.116131 0.000000 tcp 10.0.2.109 62688 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:03:10.480316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:03:13.802473 0.062115 tcp 10.0.2.109 62689 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:03:13.864899 0.067745 tcp 10.0.2.109 62690 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:03:13.932970 0.163103 tcp 10.0.2.109 62691 -> 195.113.214.249 443 SRPA* 0 0 48 40512 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:03:16.857374 2.968758 tcp 10.0.2.109 62692 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:03:25.769356 0.000000 tcp 10.0.2.109 62692 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:03:31.781774 0.068198 tcp 10.0.2.109 62693 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:03:31.850247 0.063496 tcp 10.0.2.109 62694 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:03:31.913989 0.159066 tcp 10.0.2.109 62695 -> 195.113.214.249 443 SRPA* 0 0 25 13876 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:03:34.015179 2.962600 tcp 10.0.2.109 62696 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:03:42.913258 0.000000 tcp 10.0.2.109 62696 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:03:48.825875 0.060313 tcp 10.0.2.109 62697 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:03:48.886535 0.063252 tcp 10.0.2.109 62698 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:03:48.950122 0.167573 tcp 10.0.2.109 62699 -> 195.113.214.249 443 SRPA* 0 0 27 11836 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:03:49.416862 2.955857 tcp 10.0.2.109 62700 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:03:58.302338 0.000000 tcp 10.0.2.109 62700 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:04:04.220203 2.964484 tcp 10.0.2.109 62701 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:04:13.108229 0.000000 tcp 10.0.2.109 62701 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:04:19.039721 2.973038 tcp 10.0.2.109 62702 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:04:27.930543 0.000000 tcp 10.0.2.109 62702 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:04:32.626919 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 00:09:16.415392 2.956990 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 00:09:23.332252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:09:29.727195 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 00:09:29.727302 2.962801 tcp 10.0.2.109 62703 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:09:31.231322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:09:38.610249 0.000000 tcp 10.0.2.109 62703 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:09:44.533246 0.063847 tcp 10.0.2.109 62704 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:09:44.597350 0.068420 tcp 10.0.2.109 62705 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:09:44.666105 0.157208 tcp 10.0.2.109 62706 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:09:45.275717 2.955330 tcp 10.0.2.109 62707 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:09:47.019862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:09:54.154207 0.000000 tcp 10.0.2.109 62707 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:10:18.579827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:14:37.895031 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 00:14:37.895167 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 00:14:54.230380 0.066550 tcp 10.0.2.109 62708 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:14:54.297230 0.066337 tcp 10.0.2.109 62709 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:14:54.363871 0.152894 tcp 10.0.2.109 62710 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:14:54.517425 0.075667 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:54.575725 0.175622 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:54.740076 0.051167 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:55.006219 0.075557 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:55.179268 0.104229 rtcp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2625 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:55.240055 0.172666 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:55.598212 0.049628 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:55.827435 0.192598 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:56.013074 0.146036 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2621 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:56.151217 0.144910 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:56.283843 0.077640 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:56.341366 0.137080 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 1993 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:56.560061 0.122152 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:56.643274 0.153417 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:56.898242 0.069296 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:57.409549 0.229504 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:57.636348 0.316582 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:58.325861 0.167487 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2562 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:58.803717 0.142131 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:59.085371 0.432815 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:14:59.576930 2.993643 tcp 10.0.2.109 62711 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:14:59.722505 0.395697 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:15:00.193392 0.115770 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:15:00.404553 0.327323 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:15:00.729462 0.168869 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:15:00.953621 0.349843 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:15:08.569457 0.000000 tcp 10.0.2.109 62711 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:15:14.578787 0.060957 tcp 10.0.2.109 62712 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:15:14.640051 0.063774 tcp 10.0.2.109 62713 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:15:14.704081 0.163177 tcp 10.0.2.109 62714 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:15:15.051842 3.001203 tcp 10.0.2.109 62715 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:15:24.051454 0.000000 tcp 10.0.2.109 62715 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:15:30.050992 0.061503 tcp 10.0.2.109 62716 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:15:30.112826 0.064576 tcp 10.0.2.109 62717 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:15:30.177665 0.158127 tcp 10.0.2.109 62718 -> 195.113.214.249 443 SRPA* 0 0 48 28924 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:15:30.486882 2.998407 tcp 10.0.2.109 62719 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:15:39.484473 0.000000 tcp 10.0.2.109 62719 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:15:45.483023 0.438038 tcp 10.0.2.109 62720 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:15:45.920916 0.064736 tcp 10.0.2.109 62721 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:15:45.985953 0.153034 tcp 10.0.2.109 62722 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:15:46.330334 3.007457 tcp 10.0.2.109 62723 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:15:55.346342 0.000000 tcp 10.0.2.109 62723 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:16:01.325409 2.993996 tcp 10.0.2.109 62724 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:16:10.317758 0.000000 tcp 10.0.2.109 62724 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:16:16.327104 2.993933 tcp 10.0.2.109 62725 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:16:22.358859 3.000894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 00:16:25.319692 0.000000 tcp 10.0.2.109 62725 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:16:29.365577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:16:30.086395 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 00:16:37.367227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:16:53.370276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:17:25.376280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:21:31.330371 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 00:21:31.330530 3.003370 tcp 10.0.2.109 62726 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:21:40.332573 0.000000 tcp 10.0.2.109 62726 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:21:46.332923 0.068261 tcp 10.0.2.109 62727 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:21:46.401509 0.068217 tcp 10.0.2.109 62728 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:21:46.469659 0.158013 tcp 10.0.2.109 62729 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:21:47.038632 3.008096 tcp 10.0.2.109 62730 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:21:56.055346 0.000000 tcp 10.0.2.109 62730 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:22:02.034431 0.060877 tcp 10.0.2.109 62731 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:22:02.095615 0.065992 tcp 10.0.2.109 62732 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:22:02.161846 0.161673 tcp 10.0.2.109 62733 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:22:02.475882 2.992495 tcp 10.0.2.109 62734 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:22:11.477376 0.000000 tcp 10.0.2.109 62734 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:22:17.476466 0.064960 tcp 10.0.2.109 62735 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:22:17.541718 0.067375 tcp 10.0.2.109 62736 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:22:17.609405 0.187027 tcp 10.0.2.109 62737 -> 195.113.214.249 443 SRPA* 0 0 40 21150 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:22:17.896267 2.994527 tcp 10.0.2.109 62738 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:22:26.891038 0.000000 tcp 10.0.2.109 62738 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:22:32.888607 3.003708 tcp 10.0.2.109 62739 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:22:41.891093 0.000000 tcp 10.0.2.109 62739 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:22:47.890118 3.003749 tcp 10.0.2.109 62740 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:22:56.892837 0.000000 tcp 10.0.2.109 62740 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:23:29.382627 3.957252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 00:23:37.294771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:23:45.196261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:24:00.997738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:24:32.625869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:28:02.892531 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 00:28:02.892626 3.003980 tcp 10.0.2.109 62741 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:28:11.900540 0.000000 tcp 10.0.2.109 62741 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 00:28:17.895496 0.067699 tcp 10.0.2.109 62742 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:28:17.963529 0.064346 tcp 10.0.2.109 62743 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:28:18.028169 0.168841 tcp 10.0.2.109 62744 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:28:18.495469 0.609825 tcp 10.0.2.109 62745 -> 176.73.169.112 1959 FSPA* 0 0 14 1562 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:30:36.415907 3.001753 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 00:30:43.423315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:30:51.425085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:31:07.428091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:31:39.434034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:37:43.439958 3.001620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 00:37:50.447327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:37:58.451120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:38:14.451939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:38:46.457851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:44:50.464817 3.000867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 00:44:57.471400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:45:05.472973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:45:09.258022 0.000194 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 00:45:09.258323 0.054051 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:09.423779 0.077383 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:09.508620 0.174016 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:09.671705 0.173429 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:09.861823 0.053286 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:09.923446 0.072236 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:10.000009 0.099669 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:10.060292 0.190955 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 1970 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:10.444030 0.147511 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:10.583361 0.183339 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:10.733658 0.072343 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:10.878037 0.139281 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:11.008557 0.113883 rtp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:11.083440 0.154926 rtp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 1969 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:11.290730 0.069908 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:11.341266 0.173533 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:11.718363 0.317039 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:12.250349 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 00:45:21.477210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:45:27.507460 0.069219 tcp 10.0.2.109 62746 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:45:27.576939 0.062091 tcp 10.0.2.109 62747 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:45:27.639353 0.155148 tcp 10.0.2.109 62748 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/17 00:45:27.793595 0.141957 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:27.927570 0.448602 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:28.528646 0.325975 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:28.852188 0.396473 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:29.228224 0.115344 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:29.560187 0.458253 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:30.028678 0.352866 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/17 00:45:53.481922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:54:07.495149 3.001547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 00:54:15.873144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:54:23.773706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:54:39.572100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:55:11.208918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 00:58:19.105293 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 00:58:19.105421 0.824788 tcp 10.0.2.109 62749 -> 176.73.169.112 1959 FSPA* 0 0 14 1603 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:01:14.529903 3.001058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 01:01:21.538276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:01:29.537778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:01:45.541021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:02:17.748749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:08:29.565553 3.000446 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 01:08:36.574271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:08:44.573102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:09:00.576109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:09:32.582455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:15:36.588367 3.001693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 01:15:43.595876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:15:51.597168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:15:55.763451 1.796872 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:15:57.560556 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:16:09.235997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:16:13.308984 0.061698 tcp 10.0.2.109 62750 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:16:13.370995 0.061248 tcp 10.0.2.109 62751 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:16:13.432186 0.159401 tcp 10.0.2.109 62752 -> 195.113.214.249 443 SRPA* 0 0 23 12578 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:16:13.592189 0.176377 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:13.758031 0.172850 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:14.009714 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:16:31.338831 0.478423 tcp 10.0.2.109 62753 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:16:31.817545 0.061713 tcp 10.0.2.109 62754 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:16:31.879639 0.159038 tcp 10.0.2.109 62755 -> 195.113.214.249 443 SRPA* 0 0 20 11288 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:16:32.039240 0.053595 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:32.325029 0.078040 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:32.386040 0.100506 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:32.536575 0.187701 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:32.716508 0.075404 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:32.993969 0.143069 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:33.099836 0.068472 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:33.433662 0.154571 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:34.733813 0.165230 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:34.887157 0.070502 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:35.108640 0.170581 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:35.417022 0.135814 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:35.545020 0.115646 rtp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:35.656005 0.315544 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:36.299641 0.141687 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:36.433463 0.414394 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:36.979244 0.330562 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:37.307069 0.399260 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:37.685853 0.115960 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:37.906202 0.170331 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:38.054505 0.354249 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:38.500853 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 REQ 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:16:41.266696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:16:44.241630 0.614255 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 8 2821 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:44.834062 0.833522 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 8 2839 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:45.657277 0.954351 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3020 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:46.880206 0.132649 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 8 3179 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:46.995397 0.253225 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 8 3056 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:47.212227 1.211406 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 8 3096 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:48.543452 0.265107 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 8 3242 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:48.769081 0.361807 udp 10.0.2.109 3683 <-> 217.41.45.7 4702 CON 0 0 8 3031 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:49.116207 0.407730 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 2936 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:49.517077 0.373425 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3092 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:50.153949 0.342519 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 8 2956 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:50.468281 0.241695 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3297 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:50.692815 0.368552 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3075 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:51.058507 0.378325 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 8 3026 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:51.429280 0.596190 rtp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 8 2891 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:51.988334 0.310622 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 8 2985 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:52.291347 0.630109 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 3035 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:53.068422 0.658376 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 8 3063 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:53.724847 0.892144 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 8 3075 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:54.908208 0.339096 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 8 2908 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:55.551123 0.310331 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 2888 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:55.837505 0.703652 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3114 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:57.097866 0.774242 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 8 3080 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:16:57.851175 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:17:03.397154 0.000000 udp 10.0.2.109 3683 -> 83.110.251.135 3664 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:17:11.570352 0.000000 udp 10.0.2.109 3683 -> 151.49.169.7 5955 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:17:16.360915 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:17:20.037701 0.000000 udp 10.0.2.109 3683 -> 82.36.154.94 9414 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:17:26.493814 0.642894 rtp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 8 2899 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:17:27.390239 0.000000 udp 10.0.2.109 3683 -> 110.168.2.137 8237 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:17:34.890693 0.087257 udp 10.0.2.109 3683 <-> 93.198.206.31 8279 CON 0 0 8 2986 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:17:35.525144 0.000000 udp 10.0.2.109 3683 -> 70.169.153.194 5873 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:17:44.089938 0.000000 udp 10.0.2.109 3683 -> 87.21.2.161 1777 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:17:50.016767 0.000000 udp 10.0.2.109 3683 -> 114.185.22.38 9143 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:17:56.101925 0.316724 udp 10.0.2.109 3683 -> 121.161.91.53 1149 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:17:56.418649 0.000000 icmp 121.161.91.53 0x0303 -> 10.0.2.109 0x7d04 URP 192 1 263 flow=Background 1970/02/17 01:18:00.800829 0.236082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:18:03.520194 0.000000 udp 10.0.2.109 3683 -> 5.245.75.63 3052 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:18:09.255592 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:18:18.058482 0.000000 udp 10.0.2.109 3683 -> 79.182.137.37 6445 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:18:26.373401 0.000000 udp 10.0.2.109 3683 -> 105.228.53.126 7002 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:18:34.712813 0.311348 udp 10.0.2.109 3683 <-> 183.82.170.23 8412 CON 0 0 8 3104 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:18:35.059073 0.000000 udp 10.0.2.109 3683 -> 78.170.63.146 2524 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:18:40.384830 1.348263 udp 10.0.2.109 3683 <-> 87.14.77.232 8022 CON 0 0 8 3053 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:18:42.190371 0.000000 udp 10.0.2.109 3683 -> 115.87.20.55 5867 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:18:45.027068 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:18:51.064868 0.000000 udp 10.0.2.109 3683 -> 196.210.175.235 4994 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:18:59.914775 0.000000 udp 10.0.2.109 3683 -> 108.184.193.223 6741 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:19:07.561469 0.000000 udp 10.0.2.109 3683 -> 94.66.230.161 6063 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:19:15.988446 0.132002 udp 10.0.2.109 3683 <-> 86.180.250.255 6148 CON 0 0 8 3073 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:19:16.182536 0.000000 udp 10.0.2.109 3683 -> 65.119.49.115 7983 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:19:24.274744 0.192603 udp 10.0.2.109 3683 <-> 37.115.89.10 7959 CON 0 0 8 3083 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:19:24.656170 0.000000 udp 10.0.2.109 3683 -> 70.99.180.134 6761 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:19:32.797180 0.000000 udp 10.0.2.109 3683 -> 72.194.120.118 7564 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:19:37.441644 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:19:40.818800 0.000000 udp 10.0.2.109 3683 -> 112.203.254.22 1052 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:19:49.165447 0.115438 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 8 3110 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:19:49.596638 0.000000 udp 10.0.2.109 3683 -> 203.206.143.134 6025 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:19:54.638347 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:19:59.668098 0.660689 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 8 2793 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:20:00.520352 0.000000 udp 10.0.2.109 3683 -> 84.139.57.177 7772 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:20:07.582051 0.000000 udp 10.0.2.109 3683 -> 61.195.130.230 3327 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:20:14.931425 0.000000 udp 10.0.2.109 3683 -> 190.167.36.7 2209 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:20:23.142763 0.000000 udp 10.0.2.109 3683 -> 217.224.200.144 9423 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:20:27.811620 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:20:29.100109 0.309491 rtp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 8 3131 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:20:29.496874 0.000000 udp 10.0.2.109 3683 -> 82.59.41.108 6827 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:20:36.954579 0.000000 udp 10.0.2.109 3683 -> 121.7.65.142 8875 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:20:45.572379 0.679171 udp 10.0.2.109 3683 <-> 114.38.16.86 1995 CON 0 0 8 2919 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:20:46.459857 0.000000 udp 10.0.2.109 3683 -> 59.149.152.109 1936 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:20:53.996148 0.000000 udp 10.0.2.109 3683 -> 82.91.101.29 3698 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:21:01.309070 0.330292 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 8 2864 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:21:01.993291 0.373453 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 8 3118 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:21:02.614285 0.000000 udp 10.0.2.109 3683 -> 217.190.99.37 2757 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:21:08.398878 0.066470 udp 10.0.2.109 3683 -> 87.193.194.242 4425 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:21:08.465348 0.000000 icmp 87.193.194.242 0x0303 -> 10.0.2.109 0x4911 URP 192 1 301 flow=Background 1970/02/17 01:21:13.263340 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:21:16.363261 0.000000 udp 10.0.2.109 3683 -> 209.60.43.138 9244 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:21:24.942754 0.617658 udp 10.0.2.109 3683 <-> 114.148.4.123 3402 CON 0 0 8 3021 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:21:26.175463 0.184424 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 8 2879 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:21:26.539157 0.000000 udp 10.0.2.109 3683 -> 37.107.147.6 4005 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:21:33.418240 0.000000 udp 10.0.2.109 3683 -> 157.122.144.90 3414 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:21:40.712944 0.000000 udp 10.0.2.109 3683 -> 89.183.39.147 7507 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:21:46.824372 0.000000 udp 10.0.2.109 3683 -> 60.50.63.187 8225 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:21:54.145227 0.000000 udp 10.0.2.109 3683 -> 50.198.77.185 1969 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:21:58.722286 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:21:59.213645 0.000000 udp 10.0.2.109 3683 -> 80.7.102.72 4498 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:22:07.105267 0.000000 udp 10.0.2.109 3683 -> 87.9.121.21 9180 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:22:14.326488 0.000000 udp 10.0.2.109 3683 -> 80.2.14.110 3225 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:22:19.784154 0.000000 udp 10.0.2.109 3683 -> 184.5.104.112 2327 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:22:28.605770 0.841754 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 2945 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:22:30.208114 0.361209 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 3075 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:22:30.703356 0.000000 udp 10.0.2.109 3683 -> 120.151.184.91 7254 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:22:37.444205 0.000000 udp 10.0.2.109 3683 -> 2.181.110.112 3103 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:22:42.428887 0.000000 udp 10.0.2.109 3683 -> 93.172.25.88 8065 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:22:43.699517 2.963490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 01:22:47.129366 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:22:49.022729 0.000000 udp 10.0.2.109 3683 -> 83.110.102.171 2050 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:22:50.619140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:22:56.108012 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:22:58.662391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:23:02.607470 0.000000 udp 10.0.2.109 3683 -> 182.185.158.208 5063 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:23:11.079314 0.000000 udp 10.0.2.109 3683 -> 79.15.14.142 1661 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:23:14.624256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:23:16.426901 0.000000 udp 10.0.2.109 3683 -> 164.126.17.33 4863 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:23:23.176774 0.000000 udp 10.0.2.109 3683 -> 201.242.119.98 3741 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:23:29.177995 0.266218 udp 10.0.2.109 3683 -> 27.54.176.2 8800 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:23:29.444213 0.000000 icmp 27.54.176.2 0x0303 -> 10.0.2.109 0x6022 URP 192 1 330 flow=Background 1970/02/17 01:23:34.081910 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:23:34.604533 0.000000 udp 10.0.2.109 3683 -> 86.155.247.23 4379 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:23:40.981686 0.000000 udp 10.0.2.109 3683 -> 86.31.199.197 6404 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:23:46.630501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:23:47.992710 0.244439 udp 10.0.2.109 3683 <-> 2.135.132.155 2999 CON 0 0 8 3100 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:23:48.823320 0.508170 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:23:49.695222 0.000000 udp 10.0.2.109 3683 -> 173.200.76.210 1024 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:23:58.337301 0.000000 udp 10.0.2.109 3683 -> 120.63.39.143 8807 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:24:04.265641 0.000000 udp 10.0.2.109 3683 -> 114.123.79.34 2938 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:24:10.003671 0.000000 udp 10.0.2.109 3683 -> 86.6.215.26 2250 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:24:16.132957 0.000000 udp 10.0.2.109 3683 -> 173.190.152.240 1659 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:24:21.089867 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:24:22.642090 0.165275 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 749 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:24:23.327807 0.000000 udp 10.0.2.109 3683 -> 23.29.93.176 2705 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:24:29.802820 0.000000 udp 10.0.2.109 3683 -> 212.119.65.13 2834 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:24:37.884315 0.000000 udp 10.0.2.109 3683 -> 74.223.170.126 4267 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:24:44.073057 0.000000 udp 10.0.2.109 3683 -> 64.55.176.197 8440 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:24:51.974276 0.000000 udp 10.0.2.109 3683 -> 87.19.236.34 7824 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:24:58.513929 0.000000 udp 10.0.2.109 3683 -> 85.154.9.243 7389 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:25:05.403472 0.215408 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 785 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:25:05.788953 0.177132 udp 10.0.2.109 3683 -> 67.158.148.210 4084 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:25:05.966085 0.000000 icmp 67.158.148.210 0x0303 -> 10.0.2.109 0xf40f URP 192 1 271 flow=Background 1970/02/17 01:25:10.090570 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:25:14.296304 0.000000 udp 10.0.2.109 3683 -> 37.53.167.145 3434 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:25:21.225806 0.074791 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 722 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:25:21.437211 0.000000 udp 10.0.2.109 3683 -> 190.29.157.107 8099 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:25:30.098971 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:25:38.981907 0.025438 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 732 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:25:39.381307 0.000000 udp 10.0.2.109 3683 -> 184.176.213.102 6751 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:25:47.834869 0.000000 udp 10.0.2.109 3683 -> 178.19.50.166 1204 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:25:53.732768 0.146216 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 833 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:25:54.186048 0.000000 udp 10.0.2.109 3683 -> 24.51.160.115 5619 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:25:58.589884 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:26:02.367479 0.000000 udp 10.0.2.109 3683 -> 86.155.244.219 3291 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:26:09.565911 0.000000 udp 10.0.2.109 3683 -> 76.9.88.43 1578 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:26:16.505816 0.000000 udp 10.0.2.109 3683 -> 79.43.240.107 9708 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:26:23.525891 0.000000 udp 10.0.2.109 3683 -> 86.145.21.100 5349 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:26:28.853507 0.321372 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 767 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:26:29.249079 0.041563 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 673 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:26:29.430720 0.000000 udp 10.0.2.109 3683 -> 186.45.159.223 5528 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:26:38.077010 0.000000 udp 10.0.2.109 3683 -> 216.157.210.106 5952 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:26:43.314521 0.000000 udp 10.0.2.109 3683 -> 70.237.61.237 9939 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:26:48.080889 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:26:50.815342 0.000000 udp 10.0.2.109 3683 -> 2.50.16.104 3509 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:26:55.953464 0.000000 udp 10.0.2.109 3683 -> 101.50.28.92 2680 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:27:02.682479 0.069673 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 734 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:27:03.075374 0.000000 udp 10.0.2.109 3683 -> 2.218.236.238 5554 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:27:09.288275 0.000000 udp 10.0.2.109 3683 -> 203.143.245.237 2516 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:27:17.323538 0.000000 udp 10.0.2.109 3683 -> 95.57.115.230 9679 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:27:26.085634 0.000000 udp 10.0.2.109 3683 -> 175.143.29.111 4378 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:27:33.016908 0.000000 udp 10.0.2.109 3683 -> 186.149.107.88 6781 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:27:37.582208 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:27:39.495380 0.165409 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 833 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:27:39.799757 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:27:48.399237 0.000000 udp 10.0.2.109 3683 -> 82.147.66.13 3871 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:27:55.628297 0.184786 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 766 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:27:55.931226 0.420793 udp 10.0.2.109 3683 <-> 59.115.35.197 2346 CON 0 0 2 734 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:27:56.766518 0.077629 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 658 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:27:56.941778 0.000000 udp 10.0.2.109 3683 -> 2.28.28.88 2096 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:28:02.638627 0.000000 udp 10.0.2.109 3683 -> 71.15.26.222 4735 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:28:08.186391 0.000000 udp 10.0.2.109 3683 -> 41.178.247.134 2927 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:28:13.504008 0.000000 udp 10.0.2.109 3683 -> 80.50.17.98 1435 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:28:18.821118 0.000000 udp 10.0.2.109 3683 -> 95.77.114.162 7887 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:28:19.933357 0.695180 tcp 10.0.2.109 62756 -> 176.73.169.112 1959 FSPA* 0 0 15 1660 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:28:26.364877 0.000000 udp 10.0.2.109 3683 -> 110.142.190.119 2754 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:29:50.635919 3.002041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 01:29:57.643507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:30:05.645284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:30:21.647836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:30:53.654245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:36:57.660202 3.001547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 01:37:04.667671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:37:12.669138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:37:28.672441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:38:00.677859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:44:04.683574 3.002143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 01:44:11.691634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:44:19.692919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:44:35.695955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:45:07.702068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:53:32.711166 3.001526 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 01:53:39.717741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:53:47.719861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:54:03.722209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:54:35.728754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 01:58:20.632783 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 01:58:20.632889 0.490218 tcp 10.0.2.109 62757 -> 176.73.169.112 1959 FSPA* 0 0 14 1537 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:58:51.927040 0.157300 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:52.084817 0.144663 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:52.229837 0.059108 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:52.289292 0.051014 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:52.340687 0.100579 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:52.441783 0.182718 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:52.624959 0.198829 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:52.824200 0.159344 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:52.983945 0.053747 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:53.038065 0.171078 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:53.209529 0.122819 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:53.439038 0.073468 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:53.513008 0.317590 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:53.831031 0.131352 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:53.962817 0.360095 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:54.323356 0.426594 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:54.750582 0.113919 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:54.864887 0.144485 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:55.009752 0.348864 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:55.359025 0.375806 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:55.735268 0.363333 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:56.099018 0.046423 udp 10.0.2.109 3683 <-> 93.198.206.31 8279 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:56.145806 0.163697 udp 10.0.2.109 3683 <-> 183.82.170.23 8412 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:58:56.309930 0.000000 udp 10.0.2.109 3683 -> 87.14.77.232 8022 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 01:59:12.458787 0.065713 tcp 10.0.2.109 62758 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:59:12.524805 0.062947 tcp 10.0.2.109 62759 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:59:12.588029 0.162319 tcp 10.0.2.109 62760 -> 195.113.214.249 443 SRPA* 0 0 33 16878 flow=From-Botnet-V1-TCP-Established 1970/02/17 01:59:12.750879 0.051909 udp 10.0.2.109 3683 <-> 86.180.250.255 6148 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:12.803226 0.091518 udp 10.0.2.109 3683 <-> 37.115.89.10 7959 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:12.895137 0.056742 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:12.952248 0.434980 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:13.387653 0.124317 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:13.512310 0.350506 udp 10.0.2.109 3683 <-> 114.38.16.86 1995 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:13.863184 0.163990 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:14.027562 0.185875 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:14.213829 0.344321 udp 10.0.2.109 3683 <-> 114.148.4.123 3402 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:14.558641 0.074562 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:14.633615 0.389410 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:15.023481 0.157330 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:15.181272 0.110930 udp 10.0.2.109 3683 <-> 2.135.132.155 2999 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:15.292620 0.490287 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:15.783266 0.158502 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:15.942319 0.204962 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:16.147927 0.075627 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:16.223939 0.025249 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:16.249693 0.143551 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:16.393657 0.043905 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:16.437954 0.319427 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:16.757761 0.062470 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:16.820609 0.164599 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:16.985669 0.183960 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:17.169994 0.362053 udp 10.0.2.109 3683 <-> 59.115.35.197 2346 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/17 01:59:17.532436 0.076337 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:00:39.735042 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 02:00:46.742373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:00:54.743436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:01:10.749366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:01:42.752208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:07:46.758509 3.001907 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 02:07:53.766401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:08:01.767622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:08:17.770760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:08:49.776171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:14:53.782677 3.001135 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 02:15:00.790006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:15:08.791289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:15:24.794128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:15:56.800786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:22:00.806959 3.001728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 02:22:07.813577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:22:15.815644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:22:31.818888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:23:03.828589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:28:21.131437 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 02:28:21.131557 0.703243 tcp 10.0.2.109 62761 -> 176.73.169.112 1959 FSPA* 0 0 14 1507 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:29:07.830297 3.002296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 02:29:14.837758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:29:22.839247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:29:38.842600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:29:39.543570 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 02:29:39.543736 0.000000 udp 10.0.2.109 3683 -> 87.14.77.232 8022 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 02:29:54.656888 0.064803 tcp 10.0.2.109 62762 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:29:54.721952 0.071764 tcp 10.0.2.109 62763 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:29:54.794077 0.156061 tcp 10.0.2.109 62764 -> 195.113.214.249 443 SRPA* 0 0 53 41370 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:29:54.950732 0.071740 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:55.022863 0.050859 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:55.074284 0.114670 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:55.189356 0.183307 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:55.373059 0.157903 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:55.531343 0.145161 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:55.676902 0.054806 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:55.732066 0.167809 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:55.900267 0.128539 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:56.029244 0.070068 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:56.099697 0.174921 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:56.274994 0.144292 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:56.419668 0.326746 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:56.746788 0.319211 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:57.066552 0.134277 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:57.201183 0.142590 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:57.344256 0.347407 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:57.692047 0.415618 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:58.108065 0.113894 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:29:58.222364 0.000000 udp 10.0.2.109 3683 -> 183.82.170.23 8412 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 02:30:10.848151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:30:15.125303 0.061044 tcp 10.0.2.109 62765 -> 195.113.214.234 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:30:15.186215 0.067823 tcp 10.0.2.109 62766 -> 195.113.214.249 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:30:15.254397 0.161521 tcp 10.0.2.109 62767 -> 195.113.214.249 443 SRPA* 0 0 23 13138 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:30:15.416554 0.368195 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:15.785289 0.388027 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:16.173779 0.046493 udp 10.0.2.109 3683 <-> 93.198.206.31 8279 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:16.220697 0.000000 udp 10.0.2.109 3683 -> 86.180.250.255 6148 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 02:30:32.099831 0.066452 tcp 10.0.2.109 62768 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:30:32.166575 0.071877 tcp 10.0.2.109 62769 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:30:32.238385 0.154166 tcp 10.0.2.109 62770 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:30:32.393122 0.091310 udp 10.0.2.109 3683 <-> 37.115.89.10 7959 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:32.484987 0.055965 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:32.541344 0.227482 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:32.769185 0.126464 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:32.896034 0.183548 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:33.080000 0.346222 udp 10.0.2.109 3683 <-> 114.38.16.86 1995 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:33.426671 0.163878 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:33.590915 0.337904 udp 10.0.2.109 3683 <-> 114.148.4.123 3402 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:33.929196 0.072390 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:34.002000 0.414860 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:34.417348 0.159089 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:34.576818 0.110353 udp 10.0.2.109 3683 <-> 2.135.132.155 2999 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:34.687595 0.465650 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:35.153686 0.157609 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:35.311775 0.200387 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:35.512568 0.070384 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:35.583366 0.025129 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:35.608981 0.146417 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:35.755869 0.046642 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:35.802870 0.164335 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:35.967598 0.190132 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:36.158236 0.322287 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:36.480960 0.060697 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:36.542068 0.363499 udp 10.0.2.109 3683 <-> 59.115.35.197 2346 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:30:36.905994 0.071737 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/17 02:36:14.854831 3.081706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 02:36:21.913449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:36:29.873724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:36:45.876900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:37:17.882199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:43:21.887817 3.002355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 02:43:28.895990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:43:36.897042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:43:52.900670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:44:24.906727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:50:28.912817 3.001559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 02:50:35.920029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:50:43.921507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:50:59.928580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:51:31.931566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:57:35.939597 2.998064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 02:57:42.943926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:57:50.945443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:58:06.949149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 02:58:21.840505 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 02:58:21.840606 0.807878 tcp 10.0.2.109 62771 -> 176.73.169.112 1959 FSPA* 0 0 15 1659 flow=From-Botnet-V1-TCP-Established 1970/02/17 02:58:38.955141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:00:49.175621 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 03:00:49.175724 0.000000 udp 10.0.2.109 3683 -> 183.82.170.23 8412 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 03:01:04.675833 0.066510 tcp 10.0.2.109 62772 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:01:04.742654 0.070632 tcp 10.0.2.109 62773 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:01:04.813652 0.164352 tcp 10.0.2.109 62774 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:01:04.977741 0.000000 udp 10.0.2.109 3683 -> 86.180.250.255 6148 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 03:01:22.630360 0.062057 tcp 10.0.2.109 62775 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:01:22.692680 0.064816 tcp 10.0.2.109 62776 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:01:22.757782 0.183593 tcp 10.0.2.109 62777 -> 195.113.214.249 443 SRPA* 0 0 73 77634 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:01:22.942054 0.183587 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:23.126068 0.048754 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:23.175223 0.146982 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:23.322674 0.056233 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:23.379385 0.167769 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:23.547516 0.163298 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:23.711262 0.107622 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 584 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:23.819279 0.129010 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:23.948803 0.190150 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:24.139394 0.143322 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:24.283075 0.068845 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:24.352447 0.124394 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:24.477319 0.320220 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:24.797925 0.345078 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:25.143431 0.135950 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:25.279863 0.326864 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:25.607113 0.142646 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:25.750160 0.512216 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:26.262866 0.113877 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:26.377185 0.362807 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:26.740444 0.377030 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:27.117866 0.040990 udp 10.0.2.109 3683 <-> 93.198.206.31 8279 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:27.159236 0.094477 udp 10.0.2.109 3683 <-> 37.115.89.10 7959 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:27.254137 0.055963 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:27.310588 0.230831 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:27.541892 0.128850 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:27.671292 0.000000 udp 10.0.2.109 3683 -> 99.163.244.168 8222 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 03:01:43.501256 0.066295 tcp 10.0.2.109 62778 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:01:43.567880 0.065521 tcp 10.0.2.109 62779 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:01:43.633718 0.353468 tcp 10.0.2.109 62780 -> 195.113.214.249 443 SRPA* 0 0 36 18768 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:01:43.985781 0.295781 udp 10.0.2.109 3683 <-> 114.148.4.123 3402 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:44.281943 0.186504 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:44.468846 0.347808 udp 10.0.2.109 3683 <-> 114.38.16.86 1995 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:44.817085 0.158357 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:44.975872 0.109957 udp 10.0.2.109 3683 <-> 2.135.132.155 2999 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:45.086253 0.071160 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:45.157834 0.340398 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:45.498661 0.461924 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:45.960996 0.160158 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:46.121692 0.199516 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:46.321711 0.082083 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:46.404213 0.025191 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:46.429907 0.144004 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:46.574418 0.040659 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:46.615486 0.332579 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:46.948513 0.062574 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:01:47.011498 0.000000 udp 10.0.2.109 3683 -> 59.115.35.197 2346 INT 0 1 88 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 03:02:05.231710 0.061837 tcp 10.0.2.109 62781 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:02:05.293642 0.069177 tcp 10.0.2.109 62782 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:02:05.362645 0.165830 tcp 10.0.2.109 62783 -> 195.113.214.249 443 SRPA* 0 0 21 10972 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:02:05.529033 0.163542 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:02:05.692988 0.183821 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:02:05.877173 0.073073 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:04:59.974985 3.001763 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 03:05:06.982433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:05:14.984417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:05:30.986653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:06:02.999505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:12:15.000180 3.002033 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 03:12:22.007911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:12:30.009379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:12:46.012147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:13:18.018645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:19:22.025785 3.000458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 03:19:29.034285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:19:37.033644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:19:53.035962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:20:25.042306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:26:29.049023 3.001194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 03:26:36.055743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:26:44.057413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:27:00.060269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:27:32.066533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:28:22.649477 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 03:28:22.649581 0.665527 tcp 10.0.2.109 62784 -> 176.73.169.112 1959 FSPA* 0 0 15 1701 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:32:29.905175 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 03:32:29.905294 0.164415 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:30.070174 0.000000 udp 10.0.2.109 3683 -> 59.115.35.197 2346 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 03:32:46.730901 0.062952 tcp 10.0.2.109 62785 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:32:46.794304 0.069242 tcp 10.0.2.109 62786 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:32:46.863867 0.166645 tcp 10.0.2.109 62787 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:32:47.030639 0.166086 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:47.197072 0.163341 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:47.360829 0.146286 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:47.507508 0.050121 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:47.557996 0.177906 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:47.736305 0.057357 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:47.794092 0.138014 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:47.932488 0.152607 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:48.085562 0.078950 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:48.164983 0.128923 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:48.294457 0.327860 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:48.622721 0.344119 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:48.967254 0.057651 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:49.025540 0.128620 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:49.154541 0.126495 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:49.515349 0.143018 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:49.658818 0.343411 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:50.002642 0.131275 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:50.134360 0.510663 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:50.645409 0.093431 udp 10.0.2.109 3683 <-> 37.115.89.10 7959 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:50.739254 0.055218 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:50.794881 0.230635 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:51.025896 0.308087 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:51.334499 0.364407 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:32:51.699324 0.000000 udp 10.0.2.109 3683 -> 93.198.206.31 8279 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 03:33:08.891606 0.061201 tcp 10.0.2.109 62788 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:33:08.953132 0.065814 tcp 10.0.2.109 62789 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:33:09.019205 0.165029 tcp 10.0.2.109 62790 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:33:09.184835 0.385173 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:09.570582 0.319051 udp 10.0.2.109 3683 <-> 114.148.4.123 3402 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:09.890059 0.184698 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:10.075233 0.074165 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:10.149792 0.427987 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:10.578311 0.363739 udp 10.0.2.109 3683 <-> 114.38.16.86 1995 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:10.942506 0.160032 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:11.102917 0.000000 udp 10.0.2.109 3683 -> 2.135.132.155 2999 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 03:33:27.728387 0.064623 tcp 10.0.2.109 62791 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:33:27.792910 0.065817 tcp 10.0.2.109 62792 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:33:27.859008 0.160117 tcp 10.0.2.109 62793 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/17 03:33:28.019737 0.481338 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:28.501468 0.199574 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:28.701484 0.077342 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:28.779273 0.025035 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:28.805234 0.145003 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:28.950881 0.040773 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:28.992069 0.348590 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:29.341176 0.158858 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:29.500468 0.065818 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:29.566734 0.077849 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:29.644981 0.164534 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:29.809922 0.189611 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/17 03:33:36.073085 3.001390 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 03:33:43.080075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:33:51.081293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:34:07.085193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:34:39.090668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:40:43.097246 3.000518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 03:40:50.103827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:40:58.106666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:41:14.108234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:41:46.114713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:47:50.120146 3.001793 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 03:47:57.127772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:48:05.129185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:48:21.133368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:48:53.137843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:55:35.149027 3.001929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 03:55:42.156374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:55:50.157813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:56:06.160932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:56:38.167083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 03:58:23.318556 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 03:58:23.318662 0.866422 tcp 10.0.2.109 62794 -> 176.73.169.112 1959 FSPA* 0 0 15 1605 flow=From-Botnet-V1-TCP-Established 1970/02/17 04:02:50.175551 3.000629 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 04:02:57.181788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:03:05.183538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:03:21.190652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:03:36.798539 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 04:03:36.798641 0.000000 udp 10.0.2.109 3683 -> 93.198.206.31 8279 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 04:03:53.192257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:03:54.365865 0.064717 tcp 10.0.2.109 62795 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 04:03:54.430800 0.062222 tcp 10.0.2.109 62796 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 04:03:54.493317 0.162235 tcp 10.0.2.109 62797 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/17 04:03:54.656101 0.000000 udp 10.0.2.109 3683 -> 2.135.132.155 2999 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 04:04:10.217512 0.061406 tcp 10.0.2.109 62798 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 04:04:10.279250 0.061982 tcp 10.0.2.109 62799 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 04:04:10.341575 0.157091 tcp 10.0.2.109 62800 -> 195.113.214.249 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/17 04:04:10.499084 0.165717 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:10.665212 0.146018 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:10.811600 0.050767 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:10.862852 0.178054 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:11.041323 0.055350 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:11.097093 0.139547 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:11.237072 0.163117 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:11.400653 0.167421 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:11.568472 0.124841 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:11.879966 0.149042 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:12.029428 0.073932 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:12.103812 0.329840 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:12.434135 0.113695 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:12.548278 0.142723 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:12.691427 0.103636 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:12.795425 0.342983 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:13.138822 0.061809 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:13.201195 0.500483 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:13.702111 0.089920 udp 10.0.2.109 3683 <-> 37.115.89.10 7959 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:13.792391 0.055372 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:13.848181 0.130953 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:13.979590 0.391998 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:14.371959 0.232099 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:14.604412 0.367392 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:14.972178 0.133049 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:15.105570 0.324422 udp 10.0.2.109 3683 <-> 114.148.4.123 3402 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:15.430479 0.375642 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:15.806513 0.330105 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:16.137014 0.379787 udp 10.0.2.109 3683 <-> 114.38.16.86 1995 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:16.517169 0.070292 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:16.587855 0.185846 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:16.774034 0.160057 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:16.934487 0.895303 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:17.830261 0.203787 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:18.034480 0.109612 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:18.144455 0.024809 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:18.169676 0.404166 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:18.574248 0.159058 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:18.733724 0.068612 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:18.802824 0.075050 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:18.878287 0.163027 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:19.041758 0.147662 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:19.189854 0.045837 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:04:19.236143 0.191603 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:09:57.201923 3.008456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 04:10:04.218511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:10:12.217128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:10:28.220894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:11:00.226399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:17:04.232443 3.003315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 04:17:11.827058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:17:19.733143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:17:35.539651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:18:07.260080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:24:11.277652 3.000068 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 04:24:18.283743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:24:26.292118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:24:42.288437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:25:14.304080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:28:24.187536 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 04:28:24.187649 0.754019 tcp 10.0.2.109 62801 -> 176.73.169.112 1959 FSPA* 0 0 15 1707 flow=From-Botnet-V1-TCP-Established 1970/02/17 04:31:18.310076 3.001890 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 04:31:25.317802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:31:33.319203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:31:49.322102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:32:21.328883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:34:35.771992 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 04:34:35.772109 0.048932 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:35.821545 0.183932 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:36.005858 0.054014 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:36.060320 0.137513 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:36.198371 0.163740 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:36.362632 0.232080 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:36.595186 0.163211 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:36.758758 0.145406 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:36.904609 0.124071 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:37.029110 0.147808 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:37.177465 0.073518 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:37.251373 0.326370 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:37.578393 0.138444 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:37.717316 0.141462 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:37.859180 0.108096 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:37.967660 0.345129 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:38.313257 0.062921 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:38.376586 0.501829 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:38.878862 0.094746 udp 10.0.2.109 3683 <-> 37.115.89.10 7959 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:38.974039 0.057633 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:39.032064 0.132078 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:39.164524 0.383865 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:39.548741 0.247535 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:39.796620 0.318909 udp 10.0.2.109 3683 <-> 114.148.4.123 3402 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:40.115973 0.378649 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:40.516690 0.346438 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 576 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:40.863535 0.367324 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:41.231247 0.123715 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:41.355477 0.389533 udp 10.0.2.109 3683 <-> 114.38.16.86 1995 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:41.745488 0.075377 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:41.821221 0.188276 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:42.009876 0.155781 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:42.166137 0.436723 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:42.603248 0.301891 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 570 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:42.905471 0.070981 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:42.976809 0.025141 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:43.002527 0.385958 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:43.388975 0.156927 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:43.546327 0.065173 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:43.611901 0.075367 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:43.687742 0.166931 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:43.855062 0.146095 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:44.001565 0.046102 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:34:44.048032 0.192621 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/17 04:38:25.334657 3.001143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 04:38:32.341844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:38:40.343314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:38:56.346478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:39:28.352434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:45:32.358871 3.075194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 04:45:39.412782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:45:47.377284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:46:03.379984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:46:35.386615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:54:27.399158 3.000046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 04:54:34.405086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:54:42.406772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:54:59.418340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:55:31.024385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 04:58:24.946914 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 04:58:24.947105 0.534571 tcp 10.0.2.109 62802 -> 176.73.169.112 1959 FSPA* 0 0 14 1666 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:01:56.444709 3.000313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 05:02:03.450963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:02:11.452302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:02:27.455192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:02:59.461035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:04:53.144874 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 05:04:53.145027 0.050890 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:04:53.196306 0.152421 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:04:53.349151 0.160279 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:04:53.509806 0.168528 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:04:53.678798 0.000000 udp 10.0.2.109 3683 -> 99.163.244.168 8222 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 05:05:10.280789 0.064063 tcp 10.0.2.109 62803 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:05:10.345191 0.062334 tcp 10.0.2.109 62804 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:05:10.407797 0.328755 tcp 10.0.2.109 62805 -> 195.113.214.249 443 SRPA* 0 0 38 27927 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:05:10.737042 0.145162 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:10.882585 0.178430 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:11.061361 0.046737 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:11.108449 0.124624 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:11.233427 0.155628 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:11.389467 0.076462 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:11.466459 0.322296 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:11.789210 0.114014 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:11.903641 0.142050 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:12.046107 0.059410 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:12.105919 0.500810 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:12.607144 0.101615 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:12.709135 0.347338 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:13.056854 0.000000 udp 10.0.2.109 3683 -> 37.115.89.10 7959 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 05:05:30.238264 0.060822 tcp 10.0.2.109 62806 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:05:30.299341 0.066196 tcp 10.0.2.109 62807 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:05:30.365833 0.162006 tcp 10.0.2.109 62808 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:05:30.528399 0.055891 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:30.584674 0.130396 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:30.715548 0.354764 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:31.070798 0.230908 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:31.302242 0.332748 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:31.635387 0.305212 udp 10.0.2.109 3683 <-> 114.148.4.123 3402 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:31.941053 0.388219 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:32.329667 0.396356 udp 10.0.2.109 3683 <-> 114.38.16.86 1995 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:32.726478 0.071782 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:32.798688 0.546246 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:33.345427 0.128949 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:33.474821 0.186845 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:33.662051 0.958578 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:34.621024 2.931464 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:37.552904 0.202952 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:37.756240 0.078557 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:37.835269 0.024681 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:37.860380 0.370517 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:38.231273 0.155845 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:38.387543 0.061917 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:38.449864 0.074782 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:38.525043 0.163323 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:38.743918 0.188984 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:38.933278 0.145588 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:05:39.079290 0.046278 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:09:10.467040 3.001786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 05:09:17.474864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:09:25.475952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:09:41.479068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:10:13.490356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:16:17.492168 3.000723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 05:16:24.498702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:16:32.500168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:16:48.503029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:17:20.756529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:23:24.525270 3.001393 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 05:23:31.532672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:23:39.534756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:23:55.537154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:24:27.542977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:28:25.485503 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 05:28:25.485587 0.671220 tcp 10.0.2.109 62809 -> 176.73.169.112 1959 FSPA* 0 0 16 1842 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:30:31.548612 3.113991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 05:30:38.635102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:30:46.569900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:31:02.571489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:31:34.577008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:35:57.605285 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 05:35:57.605461 0.162859 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:35:57.768715 0.000000 udp 10.0.2.109 3683 -> 37.115.89.10 7959 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 05:36:16.724699 0.067213 tcp 10.0.2.109 62810 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:36:16.792215 0.067906 tcp 10.0.2.109 62811 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:36:16.860422 0.166287 tcp 10.0.2.109 62812 -> 195.113.214.249 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/02/17 05:36:17.027143 0.156960 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:17.184529 0.136333 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:17.321319 0.050107 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:17.371808 0.167276 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:17.539423 0.181635 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:17.721406 0.049756 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:17.771570 0.125956 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:17.898008 0.146131 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:18.044595 0.076497 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:18.121597 0.156305 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:18.278269 0.062581 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:18.341224 0.515295 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:18.856867 0.110962 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:18.968219 0.126028 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:19.094592 0.327732 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:19.422735 0.142264 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:19.565413 0.349139 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:19.914946 0.055562 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:19.970924 0.130522 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:20.101872 0.392455 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:20.494729 0.274074 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:20.769204 0.378667 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:21.148252 0.415162 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:21.563771 0.316568 udp 10.0.2.109 3683 <-> 114.148.4.123 3402 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:21.880729 0.389685 udp 10.0.2.109 3683 <-> 114.38.16.86 1995 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:22.270811 0.071793 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:22.343049 0.367233 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:22.710681 0.123350 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:22.834426 0.188684 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:23.023457 0.159348 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:23.183206 0.465547 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:23.649150 0.251046 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:23.900611 0.081085 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:23.982223 0.025143 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:24.007756 0.063629 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:24.071821 0.079892 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:24.152110 0.163598 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:24.535871 0.384190 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:24.920449 0.157785 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:25.078636 0.040574 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:25.119572 0.187933 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:36:25.307892 0.147225 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/17 05:37:38.583168 3.001436 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 05:37:45.590476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:37:53.591819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:38:09.594995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:38:41.600792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:44:45.609310 2.999285 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 05:44:52.614563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:45:00.615817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:45:16.619015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:45:48.625076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:54:03.638573 3.002402 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 05:54:10.646576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:54:18.648498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:54:34.651453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:55:06.657337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 05:58:26.164338 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 05:58:26.164522 0.650032 tcp 10.0.2.109 62813 -> 176.73.169.112 1959 FSPA* 0 0 14 1638 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:01:10.673362 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 06:01:17.680716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:01:25.684533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:01:41.694848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:02:13.701188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:06:44.170470 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 06:06:44.170561 0.164196 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:44.335170 0.050021 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:44.385632 0.224582 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:44.610565 0.178178 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:44.789176 0.056697 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:44.846262 0.125523 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:44.972166 0.156712 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:45.129297 0.183656 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:45.313357 0.146027 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:45.459842 0.068517 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:45.528791 0.156104 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:45.685286 0.061533 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:45.747227 0.532447 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:46.280060 0.324430 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:46.604824 0.142840 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:46.748035 0.348171 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:47.096593 0.104177 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:47.201139 0.126361 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:47.327873 0.056041 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:47.384311 0.130670 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:47.515325 0.355960 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:47.871680 0.233191 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:06:48.105277 0.000000 udp 10.0.2.109 3683 -> 114.148.4.123 3402 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 06:07:03.379605 0.064118 tcp 10.0.2.109 62814 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:07:03.444019 0.173162 tcp 10.0.2.109 62815 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:07:03.617467 0.149298 tcp 10.0.2.109 62816 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:07:03.767327 0.388257 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:04.156071 0.324650 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:04.481064 0.368627 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:04.850095 0.122565 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:04.973062 0.000000 udp 10.0.2.109 3683 -> 114.38.16.86 1995 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 06:07:21.714613 0.064270 tcp 10.0.2.109 62817 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:07:21.778780 0.062215 tcp 10.0.2.109 62818 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:07:21.841255 0.159409 tcp 10.0.2.109 62819 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:07:22.001149 0.075053 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:22.076618 0.186404 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:22.263408 0.160380 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:22.424193 0.505112 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:22.929727 0.203335 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:23.133514 0.073591 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:23.207560 0.024959 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:23.232959 0.062172 rtcp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:23.295516 0.072721 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:23.368644 0.164237 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 218 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:23.533279 0.350378 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:23.884024 0.186863 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:24.071288 0.146046 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:24.217716 0.157566 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:07:24.661067 0.047155 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:08:25.708028 3.002516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 06:08:32.716009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:08:40.717637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:08:56.720573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:09:28.736865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:15:32.743089 3.001113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 06:15:39.750397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:15:47.751071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:16:03.754834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:16:35.760573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:22:39.768056 3.000456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 06:22:46.774356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:22:54.775720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:23:10.778543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:23:43.042325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:28:26.815306 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 06:28:26.815395 0.556099 tcp 10.0.2.109 62820 -> 176.73.169.112 1959 FSPA* 0 0 14 1655 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:29:46.801497 3.000646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 06:29:53.808122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:30:01.809947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:30:17.812435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:30:49.819991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:36:53.825856 3.001075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 06:37:00.832292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:37:08.833174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:37:24.836597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:37:31.516698 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 06:37:31.516804 0.000000 udp 10.0.2.109 3683 -> 114.148.4.123 3402 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 06:37:47.801312 0.066843 tcp 10.0.2.109 62821 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:37:47.868427 0.061712 tcp 10.0.2.109 62822 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:37:47.930498 0.162752 tcp 10.0.2.109 62823 -> 195.113.214.249 443 SRPA* 0 0 25 13914 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:37:48.093780 0.000000 udp 10.0.2.109 3683 -> 114.38.16.86 1995 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 06:37:56.842711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:38:04.414042 0.062206 tcp 10.0.2.109 62824 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:38:04.476521 0.066485 tcp 10.0.2.109 62825 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:38:04.543292 0.155738 tcp 10.0.2.109 62826 -> 195.113.214.249 443 SRPA* 0 0 22 11418 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:38:04.699669 0.160577 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:04.860667 0.049448 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:04.910576 0.056655 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:04.967676 0.128402 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:05.096533 0.161002 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:05.257908 0.184102 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:05.442573 0.171200 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:05.614216 0.061078 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:05.675679 0.146037 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:05.822114 0.150759 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:05.973272 0.073573 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:06.047262 0.147345 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:06.519406 0.323266 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:06.843056 0.532442 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:07.375898 0.143728 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:07.520059 0.056668 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:07.577141 0.130495 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:07.707994 0.346069 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:08.054474 0.138554 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:08.193488 0.351569 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:08.545483 0.113296 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:08.659189 0.272012 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:08.931591 0.377304 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:09.309307 0.361588 udp 10.0.2.109 3683 <-> 218.145.118.15 9278 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:09.671305 0.387473 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:10.059159 0.125959 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:10.185479 0.072167 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:10.258079 0.185547 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:10.444016 0.158005 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:10.602579 0.444376 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:11.047340 0.200932 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:11.248666 0.073996 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:11.323134 0.025119 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:11.348651 0.061408 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:11.410545 0.076418 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:11.487483 0.165157 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:11.653034 0.349006 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:12.002394 0.189582 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:12.192346 0.145890 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:12.338578 0.154805 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:38:12.493826 0.042592 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/17 06:44:00.848605 3.001924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 06:44:07.855764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:44:15.857568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:44:31.860738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:45:03.877239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:51:07.886510 3.217466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 06:51:15.076963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:51:23.002071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:51:38.904149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:52:10.910717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:58:14.916146 3.004408 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 06:58:21.923905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:58:27.372166 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 06:58:27.372342 0.778572 tcp 10.0.2.109 62827 -> 176.73.169.112 1959 FSPA* 0 0 14 1567 flow=From-Botnet-V1-TCP-Established 1970/02/17 06:58:29.925209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:58:45.928555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 06:59:17.934308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:05:46.945764 3.002806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 07:05:53.953944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:06:01.955099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:06:18.897584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:06:50.513045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:08:19.883953 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 07:08:19.884190 0.163445 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:20.048021 0.049804 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:20.098213 0.051234 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:20.149779 0.128230 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:20.278501 0.160076 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:20.439031 0.186253 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:20.625656 0.168240 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:20.794290 0.059110 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:20.853750 0.145278 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:20.999527 0.144311 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:21.144253 0.327317 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:21.471921 0.150765 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:21.623168 0.074750 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:21.698333 0.055160 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:21.753902 0.131237 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:21.885551 0.505590 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:22.391546 0.144306 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:22.536200 0.349346 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:22.885981 0.114118 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:23.000494 0.344510 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:23.345448 0.117158 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:23.462985 0.226422 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:23.740673 0.377710 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:24.118838 0.000000 udp 10.0.2.109 3683 -> 218.145.118.15 9278 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 07:08:39.233748 0.064494 tcp 10.0.2.109 62828 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:08:39.298038 0.061337 tcp 10.0.2.109 62829 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:08:39.359634 0.162724 tcp 10.0.2.109 62830 -> 195.113.214.249 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:08:39.522869 0.072487 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:39.595778 0.186585 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:39.782852 0.158761 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:39.942195 0.424049 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:40.366674 0.123676 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:40.490781 0.465339 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:40.956897 0.321502 udp 10.0.2.109 3683 <-> 200.84.147.159 6783 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:41.278806 0.074315 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:41.353559 0.025274 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:41.379272 0.062455 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:41.442343 0.070226 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:41.512983 0.165010 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:41.678436 0.145373 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:41.824244 0.160264 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:41.984976 0.046529 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:42.031955 0.355257 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:08:42.387636 0.186744 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:12:53.980043 3.002333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 07:13:00.987938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:13:08.989366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:13:24.992641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:13:56.998666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:20:01.004374 3.001241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 07:20:08.011562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:20:16.013441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:20:32.015882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:21:04.022684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:27:08.028861 3.005833 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 07:27:15.035795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:27:23.047141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:27:39.050542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:28:11.424176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:28:28.315663 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 07:28:28.315749 0.650855 tcp 10.0.2.109 62831 -> 176.73.169.112 1959 FSPA* 0 0 15 1574 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:34:15.072605 3.001528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 07:34:22.083588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:34:30.084506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:34:46.084393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:35:18.093860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:39:02.923810 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 07:39:02.923921 0.000000 udp 10.0.2.109 3683 -> 218.145.118.15 9278 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 07:39:21.622310 0.063488 tcp 10.0.2.109 62832 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:39:21.686115 0.062451 tcp 10.0.2.109 62833 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:39:21.748859 0.171396 tcp 10.0.2.109 62834 -> 195.113.214.249 443 SRPA* 0 0 35 19220 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:39:21.920520 0.049551 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:21.970484 0.049043 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:22.019976 0.123922 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:22.144270 0.158868 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:22.303542 0.181428 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:22.485328 0.166829 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:22.652554 0.056586 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:22.709570 0.160770 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:22.870779 0.147622 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:23.018798 0.324210 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:23.343372 0.170290 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:23.514083 0.081585 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:23.596277 0.053892 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:23.650540 0.132739 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:23.783645 0.149658 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:23.933645 0.142544 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:24.076583 0.478583 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:24.555533 0.324859 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:24.880820 0.119898 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:25.001111 0.227728 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:25.229253 0.348623 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:25.578473 0.126165 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:25.704990 0.374345 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:26.079702 0.158879 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:26.238990 0.070789 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:26.310364 0.186273 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:26.496989 0.426548 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:26.923939 0.402937 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:27.327265 0.157227 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:27.484933 0.000000 udp 10.0.2.109 3683 -> 200.84.147.159 6783 INT 0 1 92 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 07:39:44.002915 0.063658 tcp 10.0.2.109 62835 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:39:44.066879 0.063674 tcp 10.0.2.109 62836 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:39:44.130912 0.159451 tcp 10.0.2.109 62837 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/17 07:39:44.290932 0.079079 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:44.370559 0.025203 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:44.396130 0.062153 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:44.458687 0.074820 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:44.533969 0.163853 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:44.698202 0.144439 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:44.843032 0.340404 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:45.183878 0.190469 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:45.374847 0.154884 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:39:45.530141 0.040497 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/17 07:41:22.101300 2.999257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 07:41:29.103831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:41:37.105391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:41:53.108527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:42:25.836399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:48:29.130350 3.001452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 07:48:36.137768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:48:44.139332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:49:00.142796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:49:32.148607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:55:53.158588 3.002515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 07:56:00.165927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:56:08.167631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:56:24.170927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:56:56.176438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 07:58:28.810163 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 07:58:28.810380 0.635906 tcp 10.0.2.109 62838 -> 176.73.169.112 1959 FSPA* 0 0 14 1523 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:03:00.182688 3.001773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 08:03:07.190586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:03:15.191817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:03:31.196051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:04:03.200912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:09:50.260041 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 08:09:50.260210 0.000000 udp 10.0.2.109 3683 -> 200.84.147.159 6783 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 08:10:07.207096 3.000665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 08:10:08.647889 0.061363 tcp 10.0.2.109 62839 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:10:08.709505 0.064718 tcp 10.0.2.109 62840 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:10:08.774542 0.162001 tcp 10.0.2.109 62841 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:10:08.937164 0.052946 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:08.990624 0.125531 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:09.116538 0.163640 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:09.280578 0.178360 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:09.459343 0.169392 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:09.629078 0.058995 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:09.688453 0.162595 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:09.851450 0.048995 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:09.900797 0.185875 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:10.087090 0.327440 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:10.435125 0.144868 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:10.580352 0.061949 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:10.642671 0.131016 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:10.774076 0.145313 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:10.919818 0.075962 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:10.996155 0.444884 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:11.441427 0.141331 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:11.583140 0.320237 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:11.903822 0.373502 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:12.277760 0.138594 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:12.416704 0.230488 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:12.647618 0.110675 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:12.758715 0.186811 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:12.945902 0.441591 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:13.387981 0.375101 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:13.763496 0.160087 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:13.924010 0.070034 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:13.994528 0.340649 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:14.216497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:10:14.335607 0.130157 udp 10.0.2.109 3683 <-> 41.107.144.26 5159 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:14.466383 0.076735 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:14.543494 0.025118 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:14.569029 0.062023 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:14.631513 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 08:10:22.215747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:10:31.419604 0.075149 tcp 10.0.2.109 62842 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:10:31.494594 0.065590 tcp 10.0.2.109 62843 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:10:31.560458 0.158946 tcp 10.0.2.109 62844 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:10:31.719907 0.163388 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:31.883804 0.143706 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:32.027976 0.166112 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:32.194478 0.050001 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:32.244888 0.329309 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:32.574556 0.186835 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:10:38.218967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:11:10.224105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:17:14.231391 3.001288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 08:17:21.238178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:17:29.240651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:17:45.242609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:18:17.248717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:24:21.254285 3.001887 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 08:24:28.262388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:24:36.264067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:24:52.266787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:25:24.272877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:28:29.449364 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 08:28:29.449539 0.605548 tcp 10.0.2.109 62845 -> 176.73.169.112 1959 FSPA* 0 0 14 1538 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:31:28.279517 3.001002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 08:31:35.286261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:31:43.287394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:31:59.290488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:32:31.296091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:38:35.302601 3.001683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 08:38:42.311184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:38:50.311601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:39:06.314660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:39:38.320504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:40:42.463057 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 08:40:42.463217 0.072478 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:42.536143 0.132034 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:42.668584 0.162369 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:42.831396 0.178219 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:43.009998 0.239146 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:43.249576 0.061430 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:43.311420 0.164827 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:43.476617 0.049389 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:43.526428 0.049764 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:43.576629 0.326892 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:43.903919 0.146450 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:44.050783 0.099244 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:44.367714 0.136015 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:44.504102 0.148764 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:44.653242 0.130302 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:44.783980 0.075329 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:44.859676 0.326536 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:45.186659 0.142442 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:45.329486 0.437459 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:45.767583 0.228103 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:45.996066 0.111404 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:46.107888 0.186755 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:46.294995 0.138458 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:46.433888 0.348838 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:46.783136 0.168501 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:46.952009 0.476164 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:47.428544 0.385291 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:47.814385 0.073566 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:47.888357 0.071782 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:47.960590 0.025166 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:47.986155 0.061672 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:40:48.048212 0.000000 udp 10.0.2.109 3683 -> 41.107.144.26 5159 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 08:41:06.439667 0.068696 tcp 10.0.2.109 62846 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:41:06.508741 0.066991 tcp 10.0.2.109 62847 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:41:06.576098 0.164001 tcp 10.0.2.109 62848 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/17 08:41:06.740679 0.429137 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:41:07.170393 0.164694 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:41:07.335461 0.089318 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:41:07.425224 0.327644 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:41:07.753241 0.189026 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:41:07.942747 0.144954 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:41:08.088144 0.159648 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/17 08:45:42.326151 3.281589 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 08:45:49.577728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:45:57.502797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:46:13.354123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:46:45.354348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:54:30.365941 3.061755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 08:54:37.403207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:54:45.384725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:55:01.387782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:55:33.394000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 08:58:30.058040 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 08:58:30.058221 3.838373 tcp 10.0.2.109 62849 -> 176.73.169.112 1959 FSPA* 0 0 16 1700 flow=From-Botnet-V1-TCP-Established 1970/02/17 09:02:01.406329 2.999385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 09:02:08.412040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:02:16.413084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:02:32.415956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:03:04.422531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:09:12.434018 3.001759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 09:09:19.441287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:09:27.468246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:09:43.455872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:10:15.461916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:11:17.872331 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 09:11:17.872418 0.000000 udp 10.0.2.109 3683 -> 41.107.144.26 5159 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 09:11:34.006861 0.066263 tcp 10.0.2.109 62850 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 09:11:34.073369 0.231504 tcp 10.0.2.109 62851 -> 195.113.214.249 80 SRPA* 0 0 19 14702 flow=From-Botnet-V1-TCP-Established 1970/02/17 09:11:34.305314 0.159467 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:34.465203 0.072429 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:34.538036 0.139150 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:34.677549 0.170453 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:34.848379 0.068703 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:34.917474 0.160200 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:35.078119 0.055793 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:35.134397 0.048979 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:35.183827 0.323773 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:35.508005 0.178614 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:35.687005 0.105857 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:35.793268 0.146513 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:35.940216 0.136758 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:36.077371 0.076347 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:36.154091 0.157236 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:36.311705 0.154291 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:36.466467 0.144539 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:36.611382 0.418944 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:37.030721 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 09:11:54.134599 0.064191 tcp 10.0.2.109 62852 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 09:11:54.199069 0.062682 tcp 10.0.2.109 62853 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 09:11:54.262056 0.164701 tcp 10.0.2.109 62854 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/17 09:11:54.426881 0.138619 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:54.565900 0.345944 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:54.912181 0.161841 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:55.074650 0.187581 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:55.262627 0.112377 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:55.375450 0.232195 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:55.608093 0.077547 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:55.686223 0.078892 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:55.765563 0.502484 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:56.268438 0.386100 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:56.654888 0.025679 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:56.680946 0.064758 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:56.746110 0.422032 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:57.168488 0.164737 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:57.333694 0.046895 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:57.380982 0.336452 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:57.717825 0.186972 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:57.905159 0.144840 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:11:58.050491 0.156609 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:16:19.468775 3.001013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 09:16:26.475383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:16:34.477738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:16:50.479795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:17:22.486771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:23:26.492843 3.001234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 09:23:33.503334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:23:41.502599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:23:57.503857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:24:29.509788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:28:33.901675 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 09:28:33.901903 0.609382 tcp 10.0.2.109 62855 -> 176.73.169.112 1959 FSPA* 0 0 15 1645 flow=From-Botnet-V1-TCP-Established 1970/02/17 09:30:33.515598 3.001855 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 09:30:40.523135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:30:48.525693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:31:04.528637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:31:36.534215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:37:40.542281 2.999332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 09:37:47.547733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:37:55.548947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:38:11.552285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:38:43.557676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:42:04.186610 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 09:42:04.186792 0.327837 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:04.515009 0.129587 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:04.644994 0.169781 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:04.815188 0.061032 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:04.876619 0.161262 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:05.038271 0.072998 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:05.111638 0.055702 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:05.167790 0.050752 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:05.218955 0.325110 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:05.544477 0.163427 udp 10.0.2.109 3683 <-> 99.163.244.168 8222 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:05.708307 0.083757 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:05.792544 0.147210 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:05.940148 0.178341 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:06.118889 0.181271 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:06.300543 0.142577 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:06.443472 0.134737 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:06.578653 0.073262 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:06.652314 0.157992 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:06.810685 0.432861 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:07.243968 0.113591 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:07.358025 0.349673 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:07.708064 0.117854 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:07.826266 0.286694 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:08.113407 0.073115 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:08.186963 0.079360 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:08.266777 0.156502 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:08.423653 0.188673 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:08.612725 0.467298 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:09.080432 0.376693 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:09.457519 0.025452 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:09.483309 0.062333 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:09.546045 0.046338 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:09.592734 0.331589 udp 10.0.2.109 3683 <-> 221.151.23.144 4126 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:09.924732 0.187057 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:10.112193 0.418345 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:10.530934 0.163273 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:10.694563 0.147738 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:42:10.842673 0.159026 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/17 09:44:47.564170 3.001301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 09:44:54.570986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:45:02.573109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:45:18.575255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:45:50.581553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:54:03.593214 3.011615 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 09:54:10.610656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:54:18.612123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:54:34.614822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:55:06.641168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 09:58:34.510502 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 09:58:34.510697 0.854680 tcp 10.0.2.109 62856 -> 176.73.169.112 1959 FSPA* 0 0 14 1616 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:01:12.650611 3.001650 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 10:01:19.657554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:01:27.661774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:01:43.662820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:02:15.670240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:08:28.676837 3.001851 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 10:08:35.684710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:08:43.685835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:08:59.689243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:09:31.695047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:12:19.837158 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 10:12:19.837378 0.169602 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:20.007369 0.062471 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:20.070385 0.327987 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:20.398771 0.263698 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:20.662817 0.164472 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:20.827677 0.147945 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:20.976014 0.054292 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:21.030743 0.050588 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:21.081747 0.316381 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:21.398507 0.000000 udp 10.0.2.109 3683 -> 99.163.244.168 8222 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 10:12:40.067741 0.071027 tcp 10.0.2.109 62857 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:12:40.139074 0.064676 tcp 10.0.2.109 62858 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:12:40.204039 0.139880 tcp 10.0.2.109 62859 -> 195.113.214.249 443 SRPA* 0 0 37 27271 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:12:40.344488 0.071351 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:40.416185 0.146727 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:40.563337 0.142724 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:40.706426 0.132197 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:40.838984 0.071852 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:40.911189 0.159893 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:41.071522 0.178942 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:41.250914 0.145183 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:41.396536 0.432524 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:41.829527 0.113648 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:41.943570 0.342024 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:42.286016 0.125259 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:42.411616 0.071901 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:42.483984 0.156756 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:42.641115 0.193295 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:42.834798 0.269667 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:43.104879 0.070609 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:43.175871 0.444978 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:43.621219 0.386579 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:44.099385 0.025001 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:44.124740 0.062428 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:44.187551 0.041041 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:12:44.228953 0.000000 udp 10.0.2.109 3683 -> 221.151.23.144 4126 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 10:12:59.866437 0.075050 tcp 10.0.2.109 62860 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:12:59.941794 0.064895 tcp 10.0.2.109 62861 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:13:00.006956 0.164034 tcp 10.0.2.109 62862 -> 195.113.214.249 443 SRPA* 0 0 42 23352 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:13:00.171592 0.166621 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:13:00.338685 0.144645 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:13:00.483752 0.186359 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:13:00.670479 0.327685 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:13:00.998522 0.160525 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:15:35.702612 2.999452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 10:15:42.708606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:15:50.710103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:16:06.712792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:16:38.746185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:22:42.734419 3.002194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 10:22:49.742417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:22:57.743769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:23:13.747003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:23:45.753079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:28:35.369869 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 10:28:35.370020 0.776765 tcp 10.0.2.109 62863 -> 176.73.169.112 1959 FSPA* 0 0 14 1501 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:29:49.759697 3.001010 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 10:29:56.766349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:30:04.768030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:30:20.770820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:30:52.776574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:36:56.782710 4.565178 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 10:37:05.308254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:37:13.213758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:37:29.030449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:38:00.667081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:43:26.451031 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 10:43:26.451182 0.000000 udp 10.0.2.109 3683 -> 99.163.244.168 8222 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 10:43:45.379641 0.075721 tcp 10.0.2.109 62864 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:43:45.455654 0.063123 tcp 10.0.2.109 62865 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:43:45.519127 0.156911 tcp 10.0.2.109 62866 -> 195.113.214.249 443 SRPA* 0 0 24 13196 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:43:45.676639 0.000000 udp 10.0.2.109 3683 -> 221.151.23.144 4126 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 10:44:03.515545 0.074667 tcp 10.0.2.109 62867 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:44:03.590523 0.062175 tcp 10.0.2.109 62868 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:44:03.652997 0.155833 tcp 10.0.2.109 62869 -> 195.113.214.249 443 SRPA* 0 0 21 11342 flow=From-Botnet-V1-TCP-Established 1970/02/17 10:44:03.809389 0.158862 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:03.827220 3.001308 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 10:44:03.968648 0.074539 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:04.043601 0.208777 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:04.252870 0.326429 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:04.735264 0.130961 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:04.866608 0.125969 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:04.993011 0.049611 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:05.043055 0.051575 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:05.095018 0.319553 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:05.414969 0.139833 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:05.555184 0.130670 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:05.686299 0.076269 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:05.763018 0.073359 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:05.836780 0.146621 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:05.983880 0.137860 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:06.122270 0.432001 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:06.554637 0.126678 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:06.681743 0.178386 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:06.860537 0.145110 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:07.006129 0.071210 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:07.077797 0.157807 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:07.235960 0.185703 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:07.422196 0.349306 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:07.771836 0.112333 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:07.884541 0.466555 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:08.351522 0.069486 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:08.421486 0.230536 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:08.652416 0.064360 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:08.717145 0.040909 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:08.758446 0.025154 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:08.784065 0.377082 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:09.161567 1.098807 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:10.260730 0.166323 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:10.427481 0.147280 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:10.575110 0.384566 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:10.834205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:44:10.960103 0.158860 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/17 10:44:18.836090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:44:34.838900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:45:06.844706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:53:31.858388 3.625064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 10:53:39.446279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:53:47.349191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:54:03.461910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:54:35.076459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 10:58:36.148852 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 10:58:36.148955 0.571187 tcp 10.0.2.109 62870 -> 176.73.169.112 1959 FSPA* 0 0 15 1738 flow=From-Botnet-V1-TCP-Established 1970/02/17 11:00:38.899540 2.999787 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 11:00:45.905066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:00:53.906144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:01:09.909697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:01:41.925494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:07:45.932086 3.001153 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 11:07:52.939149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:08:00.940774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:08:16.944051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:08:48.953315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:14:37.260694 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 11:14:37.260785 0.158572 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:37.419797 0.356963 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:37.777135 0.053883 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:37.831427 0.084290 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:37.916127 0.166756 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:38.083290 0.125695 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:38.209469 0.049743 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:38.259639 0.049407 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:38.309393 0.327518 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:38.637312 0.143746 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:38.781444 0.130911 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:38.912778 0.075627 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:38.988812 0.067253 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:39.056451 0.147704 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:39.204535 0.126304 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:39.331719 0.178172 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:39.510450 0.135629 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:39.758391 0.420012 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:40.178896 0.146536 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:40.325793 0.072200 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:40.398608 0.159947 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:40.558910 0.184766 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:40.744111 0.347603 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:41.092072 0.111681 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:41.204164 0.239160 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:41.443743 0.061873 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:41.506045 0.046548 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:41.552957 0.025589 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 215 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:41.579496 0.466415 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:42.046420 0.074919 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:42.121752 0.386742 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:42.508868 0.145613 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:42.654935 0.324262 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:42.979666 0.189536 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:43.169552 0.165017 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:43.334948 0.157158 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:14:52.955154 3.002040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 11:14:59.962871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:15:07.966371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:15:23.967166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:15:55.973552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:21:59.978864 3.002378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 11:22:06.987079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:22:14.988730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:22:30.991356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:23:02.997559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:28:36.727708 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 11:28:36.727912 0.771201 tcp 10.0.2.109 62871 -> 176.73.169.112 1959 FSPA* 0 0 15 1627 flow=From-Botnet-V1-TCP-Established 1970/02/17 11:29:07.003722 3.001447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 11:29:14.010867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:29:22.012741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:29:38.015131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:30:10.021427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:36:14.027321 3.080782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 11:36:21.081195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:36:29.046298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:36:45.053437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:37:17.055394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:43:21.061603 3.001406 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 11:43:28.068956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:43:36.070535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:43:53.943969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:44:25.563858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:45:13.923974 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 11:45:13.924169 0.072112 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:13.996672 0.072568 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:14.069614 0.158417 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:14.228469 0.320370 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:14.549229 0.167263 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:14.716938 0.128653 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:14.845983 0.049348 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:14.895752 0.051111 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:14.947232 0.319633 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:15.267242 0.142967 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:15.410660 0.133460 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:15.544483 0.074170 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:15.619023 0.126252 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:15.745723 0.178460 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:15.924587 0.138633 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:16.063620 0.056818 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 232 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:16.120810 0.144807 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:16.265985 0.434299 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:16.700692 0.160660 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:16.861789 0.070025 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:16.932200 0.161333 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:17.093952 0.185761 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:17.280096 0.231944 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:17.512522 0.059711 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:17.572690 0.046572 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:17.619794 0.025174 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:17.645450 0.341609 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:17.987480 0.115529 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:18.103388 0.475145 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:18.578924 0.076886 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:18.656189 0.380382 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:19.036945 0.145548 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:19.182942 0.342993 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:19.526455 0.160974 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:19.687807 0.183835 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:45:19.872029 0.164917 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/17 11:50:28.094970 3.001649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 11:50:35.102828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:50:43.104420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:50:59.106749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:51:31.116512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:57:35.119685 3.007704 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 11:57:42.126321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:57:50.127826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:58:06.131435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 11:58:37.625037 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 11:58:37.625200 0.830200 tcp 10.0.2.109 62872 -> 176.73.169.112 1959 FSPA* 0 0 15 1771 flow=From-Botnet-V1-TCP-Established 1970/02/17 11:58:38.263096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:04:54.160304 3.002186 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 12:05:01.167646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:05:09.169571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:05:25.172533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:05:57.178859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:12:10.187630 3.001422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 12:12:17.194734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:12:25.196524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:12:41.199543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:13:13.205891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:15:46.407010 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 12:15:46.407104 0.162922 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:15:46.570397 0.315301 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:15:46.886192 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 12:16:02.159751 0.061875 tcp 10.0.2.109 62873 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 12:16:02.221894 0.066973 tcp 10.0.2.109 62874 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 12:16:02.289172 0.156371 tcp 10.0.2.109 62875 -> 195.113.214.249 443 SRPA* 0 0 64 41509 flow=From-Botnet-V1-TCP-Established 1970/02/17 12:16:02.446082 0.127765 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:02.574392 0.063459 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:02.638245 0.243286 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 211 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:02.881907 0.049967 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:02.932300 0.055327 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:02.987994 0.326919 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:03.315353 0.141515 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:03.457272 0.132473 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:03.590147 0.071280 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:03.661794 0.138850 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:03.801172 0.054879 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:03.856451 0.149320 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:04.006202 0.430738 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:04.437359 0.177524 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:04.615255 0.137838 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:04.753456 0.151422 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:04.905247 0.082510 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:04.988206 0.158279 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:05.146881 0.187033 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:05.334452 0.231670 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:05.566545 0.068699 udp 10.0.2.109 3683 <-> 31.53.166.249 4901 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:05.635623 0.046593 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:05.682712 0.025078 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 212 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:05.708227 0.441459 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:06.150234 0.076081 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:06.226715 0.349008 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:06.576069 0.111679 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:06.688088 0.376381 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:07.064900 0.144324 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:07.209587 0.324932 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:07.534906 0.154507 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:07.689830 0.189562 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:16:07.879813 0.167161 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:19:17.212304 3.004105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 12:19:24.219004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:19:32.220546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:19:48.223440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:20:20.229656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:26:24.236752 3.000370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 12:26:31.242850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:26:39.244525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:26:55.248532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:27:27.253526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:28:38.345972 0.000246 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 12:28:38.346311 0.432909 tcp 10.0.2.109 62876 -> 176.73.169.112 1959 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/02/17 12:33:31.259322 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 12:33:38.266841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:33:46.268102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:34:02.271383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:34:34.277404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:40:38.283484 3.001631 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 12:40:45.290971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:40:53.292641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:41:09.295315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:41:41.301369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:46:27.262753 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 12:46:27.262886 0.227601 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:27.490905 0.158537 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:27.649850 0.328859 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:27.979063 0.124228 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:28.103682 0.055202 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:28.159275 0.078048 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:28.237794 0.051480 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:28.289696 0.049515 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:28.339591 0.132663 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:28.472659 0.073142 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:28.546152 0.130186 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:28.676729 0.056421 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:28.733501 0.323404 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:29.057320 0.142020 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:29.199742 0.145120 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:29.345321 0.442719 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:29.788449 0.178553 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:29.967414 0.137819 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:30.105711 0.146885 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:30.252994 0.074433 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:30.327849 0.229777 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:30.558013 0.000000 udp 10.0.2.109 3683 -> 31.53.166.249 4901 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 12:46:46.552597 0.082409 tcp 10.0.2.109 62877 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/17 12:46:46.635282 0.065101 tcp 10.0.2.109 62878 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/17 12:46:46.700646 0.167577 tcp 10.0.2.109 62879 -> 195.113.214.249 443 SRPA* 0 0 23 13804 flow=From-Botnet-V1-TCP-Established 1970/02/17 12:46:46.868786 0.040435 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:46.909610 0.025068 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:46.935035 0.162234 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:47.097643 0.187123 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:47.285214 0.468202 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:47.753803 0.073131 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:47.827408 0.343428 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:48.171214 0.116873 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:48.288558 0.330455 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:48.619395 0.155641 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:48.775381 0.189245 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:49.062797 0.375813 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:49.438994 0.146427 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:46:49.585904 0.165467 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/17 12:47:45.307574 3.001452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 12:47:52.314864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:48:00.316491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:48:16.319152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:48:48.325516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:55:35.333055 3.001844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 12:55:42.340763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:55:50.341952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:56:06.345038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:56:38.351002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 12:58:38.784450 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 12:58:38.784534 0.515133 tcp 10.0.2.109 62880 -> 176.73.169.112 1959 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/02/17 13:02:53.362717 3.001622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 13:03:00.370520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:03:08.371899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:03:24.374775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:03:56.380732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:10:00.387238 3.001449 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 13:10:07.394443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:10:15.395636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:10:31.398896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:11:03.405039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:17:07.411333 3.001123 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 13:17:10.022212 0.000038 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 13:17:10.022302 0.000000 udp 10.0.2.109 3683 -> 31.53.166.249 4901 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 13:17:14.417765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:17:22.419747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:17:26.527490 0.062108 tcp 10.0.2.109 62881 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 13:17:26.589876 0.060626 tcp 10.0.2.109 62882 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 13:17:26.650784 0.159241 tcp 10.0.2.109 62883 -> 195.113.214.249 443 SRPA* 0 0 35 26172 flow=From-Botnet-V1-TCP-Established 1970/02/17 13:17:26.810719 0.321033 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:27.132147 0.168035 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:27.300557 0.163524 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:27.464484 0.163525 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:27.628369 0.556646 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:28.185441 0.050708 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:28.236550 0.060401 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:28.297364 0.130826 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:28.499323 0.074334 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:28.574076 0.114741 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:28.689227 0.123882 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:28.813502 0.056471 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:28.870359 0.146249 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:29.017055 0.431422 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:29.448845 0.185810 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:29.635034 0.142671 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:29.778225 0.326565 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:30.105201 0.070617 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:30.176199 0.227586 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:30.404728 0.191588 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:30.596668 0.147707 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:30.744747 0.040959 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:30.786245 0.025406 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:30.812105 0.494267 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:31.306796 0.071034 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:31.378204 0.159197 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:31.537847 0.186063 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:31.724357 0.348926 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:32.073752 0.113309 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:32.187546 0.325601 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:32.513507 0.158755 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:32.672671 0.145752 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:32.818793 0.169907 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:32.989096 0.193080 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:33.182548 0.375440 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:17:38.422639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:18:10.428734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:24:14.435149 3.001315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 13:24:21.442105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:24:29.446659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:24:45.447240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:25:17.452693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:28:39.303326 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 13:28:39.303528 0.978189 tcp 10.0.2.109 62884 -> 176.73.169.112 1959 FSPA* 0 0 14 1499 flow=From-Botnet-V1-TCP-Established 1970/02/17 13:31:21.458942 3.001757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 13:31:28.471198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:31:36.467837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:31:52.470619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:32:24.960316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:38:28.493441 3.000947 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 13:38:35.500615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:38:43.502422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:38:59.504700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:39:31.510826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:45:35.516735 3.001611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 13:45:42.523947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:45:50.525665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:46:06.528763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:46:38.534204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:47:58.620016 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 13:47:58.620223 0.160040 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:58.780627 0.063422 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:58.844449 0.315652 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:59.160821 0.169012 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:59.330220 0.073019 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 216 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:59.403699 0.050958 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:59.455136 0.049170 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:59.504730 0.131484 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:59.636625 0.073281 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:59.710327 0.115266 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:59.825999 0.133394 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:47:59.959852 0.056237 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:00.016555 0.186460 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:00.203386 0.141318 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:00.345185 0.146762 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:00.492296 0.445388 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:00.938037 0.326719 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:01.265129 0.072598 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:01.338228 0.232544 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:01.571137 0.137923 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:01.709463 0.153696 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:01.863565 0.048925 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:01.912884 0.025601 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:01.938982 0.157122 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:02.096613 0.186909 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:02.283873 0.476056 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:02.760320 0.074785 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:02.835475 0.347851 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:03.183707 0.121177 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:03.305314 0.353626 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:03.659332 0.156161 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:03.815870 0.145285 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:03.961529 0.166157 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:04.128060 0.189285 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:48:04.317802 0.375169 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/17 13:54:30.545969 3.007147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 13:54:37.553352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:54:45.554688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:55:01.557869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:55:33.563753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 13:58:40.283328 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 13:58:40.283498 0.520738 tcp 10.0.2.109 62885 -> 176.73.169.112 1959 FSPA* 0 0 14 1713 flow=From-Botnet-V1-TCP-Established 1970/02/17 14:01:59.581339 3.003092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 14:02:06.588946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:02:14.590627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:02:30.603372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:03:02.609760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:09:13.615978 3.001393 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 14:09:20.622963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:09:28.624600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:09:44.627690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:10:16.643818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:16:20.649077 3.264985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 14:16:27.877456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:16:35.809583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:16:51.708249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:17:23.697622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:18:28.534678 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 14:18:28.534771 0.158666 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:28.693838 0.063710 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:28.757954 0.317088 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:29.075494 0.167700 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:29.243593 0.077916 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:29.321872 0.049927 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:29.372179 0.047905 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:29.420507 0.132271 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:29.553172 0.073833 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:29.627408 0.114433 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:29.742390 0.132283 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:29.875048 0.139890 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:30.015411 0.148272 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:30.164040 0.437008 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:30.601488 0.057079 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:30.659058 0.184524 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:30.843975 0.323777 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:31.168206 0.067823 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:31.236450 0.231830 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:31.468755 0.137506 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:31.606606 0.160161 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:31.767116 0.047359 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:31.814859 0.025986 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:31.841196 0.469892 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:32.339286 0.075615 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:32.415291 0.158545 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:32.574357 0.186300 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:32.761059 0.344121 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:33.105630 0.114193 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:33.220261 0.323550 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:33.544212 0.155638 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:33.700296 0.146309 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:33.846976 0.376203 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:34.223597 0.163641 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:18:34.387626 0.188989 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:23:27.703249 3.165525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 14:23:34.837563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:23:42.765791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:23:58.725418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:24:30.733040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:28:40.811059 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 14:28:40.811262 0.646191 tcp 10.0.2.109 62886 -> 176.73.169.112 1959 FSPA* 0 0 14 1644 flow=From-Botnet-V1-TCP-Established 1970/02/17 14:30:34.737500 3.001346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 14:30:41.746002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:30:49.746587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:31:05.749390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:31:37.937931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:37:41.771757 3.001424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 14:37:48.778966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:37:56.780370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:38:12.783168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:38:44.789778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:44:48.795262 3.001839 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 14:44:55.803092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:45:03.804010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:45:19.807829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:45:51.813554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:48:46.905424 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 14:48:46.905571 0.161250 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 587 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:47.067251 0.060872 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:47.128573 0.316288 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:47.445279 0.167502 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:47.613151 0.173059 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:47.786583 0.050210 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:47.837259 0.051444 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:47.889074 0.132867 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:48.022331 0.066414 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:48.089105 0.114794 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:48.204334 0.123137 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:48.327842 0.428053 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:48:48.756275 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 14:49:06.525394 0.514253 tcp 10.0.2.109 62887 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 14:49:07.039960 0.062040 tcp 10.0.2.109 62888 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 14:49:07.102354 0.144814 tcp 10.0.2.109 62889 -> 195.113.214.249 443 SRPA* 0 0 34 23293 flow=From-Botnet-V1-TCP-Established 1970/02/17 14:49:07.247699 0.179306 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:07.427457 0.142648 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 579 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:07.570527 0.143023 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:07.713926 0.323382 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:08.037716 0.082733 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:08.120864 0.231725 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:08.352973 0.149696 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:08.503089 0.150199 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:08.653662 0.045811 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:08.699942 0.024935 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:08.725260 0.156127 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:08.881774 0.186636 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:09.068859 0.502928 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:09.587478 0.068703 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:09.656579 0.348155 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:10.005228 0.111520 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:10.117108 0.331603 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:10.449097 0.157968 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:10.607444 0.144278 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:10.752176 0.192649 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:10.945313 0.376115 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:49:11.321857 0.170352 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/17 14:54:02.821750 3.119188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 14:54:09.916360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:54:17.855629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:54:33.854245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:55:05.864484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 14:58:41.460855 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 14:58:41.461004 0.601685 tcp 10.0.2.109 62890 -> 176.73.169.112 1959 FSPA* 0 0 15 1654 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:01:13.871381 3.004562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 15:01:20.879153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:01:28.889173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:01:44.883805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:02:18.761870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:08:30.920775 3.001161 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 15:08:37.927817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:08:45.929317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:09:01.932532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:09:33.938529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:15:37.945621 3.000578 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 15:15:44.951798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:15:52.953295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:16:08.956136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:16:40.962225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:19:12.019839 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 15:19:12.019939 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 15:19:28.485320 0.060116 tcp 10.0.2.109 62891 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:19:28.545706 0.070332 tcp 10.0.2.109 62892 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:19:28.615877 0.154435 tcp 10.0.2.109 62893 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:19:28.770862 0.056094 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:28.827413 0.311749 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:29.139566 0.174417 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:29.314456 0.072711 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:29.387519 0.050763 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:29.438704 0.050089 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:29.489193 0.158044 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:29.647671 0.128954 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:29.777003 0.427751 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:30.205840 0.067917 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:30.274132 0.131588 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:30.406089 0.114712 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:30.619343 0.182708 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:30.802435 0.140939 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:30.943738 0.142864 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:31.086957 0.324389 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:31.411811 0.066775 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:31.479005 0.237704 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:31.717147 0.064866 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:31.782540 0.025155 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:31.808132 0.159068 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:31.967647 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 15:19:47.230564 0.063679 tcp 10.0.2.109 62894 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:19:47.294564 0.061208 tcp 10.0.2.109 62895 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:19:47.355786 0.159215 tcp 10.0.2.109 62896 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:19:47.515537 0.168544 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:47.684465 0.153776 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:47.842543 0.482344 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:48.325315 0.071070 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:48.396776 0.349549 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:48.746786 0.154066 rtcp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:48.901253 0.146892 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:49.048532 0.185027 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:49.233944 0.372291 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:49.606595 0.325794 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:49.932776 0.156617 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:19:50.089853 0.166254 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:22:44.968140 3.002099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 15:22:51.975831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:22:59.977103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:23:15.980203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:23:47.986033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:28:42.069672 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 15:28:42.069769 0.613518 tcp 10.0.2.109 62897 -> 176.73.169.112 1959 FSPA* 0 0 15 1766 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:29:51.993112 3.000723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 15:29:59.000475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:30:07.001196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:30:23.006681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:30:55.010286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:36:59.016708 3.001247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 15:37:06.023536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:37:14.026476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:37:30.027846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:38:02.037856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:44:06.039707 3.001979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 15:44:13.047547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:44:21.048983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:44:37.052144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:45:09.058159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:49:54.358919 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 15:49:54.359045 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 15:50:11.544972 0.061842 tcp 10.0.2.109 62898 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:50:11.607114 0.064655 tcp 10.0.2.109 62899 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:50:11.672058 0.151043 tcp 10.0.2.109 62900 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:50:11.823659 0.059289 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:11.883335 0.195335 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:12.079080 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 15:50:29.369438 0.063812 tcp 10.0.2.109 62901 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:50:29.433527 0.061820 tcp 10.0.2.109 62902 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:50:29.495639 0.153907 tcp 10.0.2.109 62903 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:50:29.650077 0.048956 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:29.699382 0.050711 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:29.907333 0.159968 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:30.067662 0.125868 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:30.193924 0.315298 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:30.509597 0.073311 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:30.583302 0.437843 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:31.021573 0.183093 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:31.205095 0.140987 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:31.346533 0.114052 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:31.461004 0.133978 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:31.595405 0.068922 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:31.664723 0.228437 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:31.893534 0.045976 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:31.939909 0.025141 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:31.965421 0.160845 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:32.126743 0.322351 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:32.449494 0.144199 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:32.594041 0.154213 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:32.748702 0.145673 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:32.894723 0.347313 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:33.242431 0.116483 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:33.359277 0.470912 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:33.830577 0.071604 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:33.902536 0.144497 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:34.047418 0.191623 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:34.239408 0.376295 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:34.616075 0.337723 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:34.954289 0.157895 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:50:35.112636 0.164296 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/17 15:53:35.068191 3.002029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 15:53:42.075736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:53:50.077157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:54:06.080446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:54:38.086217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 15:58:42.688230 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 15:58:42.688324 3.006477 tcp 10.0.2.109 62904 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 15:58:51.692641 0.000000 tcp 10.0.2.109 62904 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/17 15:58:57.691832 0.064209 tcp 10.0.2.109 62905 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:58:57.756332 0.066354 tcp 10.0.2.109 62906 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:58:57.823026 0.149417 tcp 10.0.2.109 62907 -> 195.113.214.249 443 SRPA* 0 0 22 13126 flow=From-Botnet-V1-TCP-Established 1970/02/17 15:58:58.371752 0.985209 tcp 10.0.2.109 62908 -> 5.178.194.36 4983 FSPA* 0 0 14 1563 flow=From-Botnet-V1-TCP-Established 1970/02/17 16:00:42.104714 2.999825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 16:00:49.114752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:00:57.113904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:01:13.118342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:01:45.130468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:07:49.136854 3.007819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 16:07:56.143614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:08:04.145067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:08:20.147989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:08:52.154135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:14:56.161894 2.999939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 16:15:03.167526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:15:11.169090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:15:27.173467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:15:59.178233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:20:52.379860 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 16:20:52.380017 0.073499 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:52.453899 0.092921 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:52.547235 0.178142 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:52.725776 0.051027 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:52.777181 0.047912 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:52.825485 0.320373 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:53.146347 0.070427 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:53.217247 0.201769 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:53.419393 0.133517 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:53.553303 0.448156 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:54.001844 0.187931 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:54.190255 0.142534 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:54.333181 0.138860 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:54.472509 0.132004 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:54.604877 0.074015 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:20:54.679255 0.000000 udp 10.0.2.109 3683 -> 189.252.153.191 8040 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 16:21:11.933370 0.064445 tcp 10.0.2.109 62909 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 16:21:11.998115 0.067353 tcp 10.0.2.109 62910 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 16:21:12.065786 0.155167 tcp 10.0.2.109 62911 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/17 16:21:12.221540 0.046006 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:12.267918 0.024939 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:12.293292 0.146327 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:12.440005 0.139284 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:12.579652 0.140316 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:12.720343 0.159179 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:12.879933 0.331097 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:13.211412 0.345077 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:13.556952 0.109842 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:13.667199 0.466049 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:14.133727 0.069582 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:14.203659 0.384733 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:14.588746 0.324500 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:14.913653 0.145594 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:15.059658 0.187118 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:15.247189 0.155772 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:21:15.403340 0.167937 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:22:03.185166 3.003341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 16:22:10.191765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:22:18.194553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:22:34.196239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:23:06.201942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:28:59.360306 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 16:28:59.360468 0.451501 tcp 10.0.2.109 62912 -> 5.178.194.36 4983 FSPA* 0 0 14 1647 flow=From-Botnet-V1-TCP-Established 1970/02/17 16:29:10.207923 3.001748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 16:29:17.215493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:29:25.217138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:29:41.219971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:30:13.225769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:36:17.232484 3.001106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 16:36:24.239285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:36:32.241031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:36:48.244150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:37:20.250473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:43:24.256803 3.000898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 16:43:31.263457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:43:39.265039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:43:55.268086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:44:27.273935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:50:31.280505 3.001324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 16:50:38.287624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:50:46.288882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:51:02.291997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:51:34.297955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:51:36.060935 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 16:51:36.061046 0.228103 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:36.289613 0.232864 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:36.522871 0.049808 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:36.572999 0.049139 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:36.622500 0.134495 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:38.046794 0.056982 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:38.104172 0.076653 rtcp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:38.181330 0.202405 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:38.384082 0.315677 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:38.700134 0.428953 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:39.129460 0.124800 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:39.254654 0.131847 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:39.386878 0.072730 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:39.460004 0.163427 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:39.623839 0.183168 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:39.807355 0.113998 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:39.921710 0.045542 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:39.967639 0.024793 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:39.992797 0.144834 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:40.137998 0.221636 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:40.360031 0.148595 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:40.509011 0.159631 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:40.669048 0.103237 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:40.772668 0.330694 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:41.103760 0.342308 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:41.446561 0.456072 udp 10.0.2.109 3683 <-> 119.234.169.123 5726 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:41.903077 0.074670 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:41.978174 0.376142 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:42.354683 0.324418 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:42.679456 0.154907 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:42.834742 0.166166 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:43.001323 0.143594 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:51:43.145360 0.191829 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/17 16:57:38.304201 3.001478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 16:57:45.311319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:57:53.313031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:58:09.315672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:58:41.322246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 16:58:59.819277 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 16:58:59.819456 0.631289 tcp 10.0.2.109 62913 -> 5.178.194.36 4983 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:05:03.343816 3.001523 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 17:05:10.374504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:05:18.362940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:05:34.365960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:06:06.381809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:12:19.390545 3.001837 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 17:12:26.398173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:12:34.400592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:12:50.403026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:13:22.820658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:19:26.424916 3.001664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 17:19:33.432554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:19:41.433487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:19:57.436963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:20:29.443058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:21:50.559527 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 17:21:50.559634 0.049992 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:50.610216 0.047980 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:50.658553 0.229045 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:50.888296 0.174097 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:51.062835 0.074251 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:51.137522 0.160168 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:51.298082 0.075145 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:51.373593 0.058004 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:51.432018 0.313514 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:51.745918 0.457524 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:52.203823 0.077035 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:52.281237 0.159109 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:52.440726 0.179102 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:52.620218 0.114181 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:52.734868 0.129442 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:52.864699 0.131399 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:52.996514 0.046211 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:53.171139 0.025057 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:53.196586 0.145803 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:53.342878 0.137189 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:53.480502 0.146646 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:53.627594 0.162036 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:53.789995 0.344097 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:54.134442 0.098782 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:54.233599 0.322912 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:21:54.556905 0.000000 udp 10.0.2.109 3683 -> 119.234.169.123 5726 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 17:22:12.512635 0.061661 tcp 10.0.2.109 62914 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:22:12.574556 0.061903 tcp 10.0.2.109 62915 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:22:12.636736 0.155038 tcp 10.0.2.109 62916 -> 195.113.214.249 443 SRPA* 0 0 22 11396 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:22:12.792813 0.072943 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:22:12.866143 0.374469 udp 10.0.2.109 3683 <-> 165.228.147.207 2467 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:22:13.240989 0.325278 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:22:13.566621 0.157785 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:22:13.724807 0.190612 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:22:13.915800 0.164581 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:22:14.080750 0.144882 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:26:33.448984 3.001317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 17:26:40.455868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:26:48.457528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:27:04.460768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:27:36.469512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:29:00.457647 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 17:29:00.457828 1.032066 tcp 10.0.2.109 62917 -> 5.178.194.36 4983 FSPA* 0 0 14 1721 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:33:40.472584 3.002034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 17:33:47.480226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:33:55.481605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:34:11.484822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:34:43.490929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:40:47.498566 2.999158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 17:40:54.506731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:41:02.505491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:41:18.508629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:41:50.514847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:47:54.520044 3.002619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 17:48:01.530502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:48:09.529442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:48:25.532684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:48:57.538079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:52:43.724302 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 17:52:43.724410 0.000000 udp 10.0.2.109 3683 -> 119.234.169.123 5726 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 17:53:02.662205 0.064598 tcp 10.0.2.109 62918 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:53:02.727048 0.062651 tcp 10.0.2.109 62919 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:53:02.789950 0.153806 tcp 10.0.2.109 62920 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:53:02.944388 0.230015 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:03.174887 0.048921 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:03.224215 0.049799 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:03.274502 0.157801 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:03.433182 0.075783 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:03.509347 0.059396 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:03.569153 0.315261 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:03.884820 0.168789 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:04.054077 0.074194 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:04.128844 0.073138 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:04.202326 0.422250 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:04.625003 0.183974 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:04.809328 0.114109 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:04.923840 0.127384 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:05.051591 0.132124 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:05.184117 0.145975 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:05.330581 0.170786 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:05.501763 0.150423 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:05.652605 0.160106 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:05.813124 0.025218 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:05.838718 0.040519 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:05.879628 0.145165 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:06.025199 0.324053 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:06.349731 0.349205 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:06.699310 0.106875 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:06.806649 0.072433 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:06.879502 0.324858 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:07.204757 0.159207 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:07.364361 0.188649 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:07.592837 0.000000 udp 10.0.2.109 3683 -> 165.228.147.207 2467 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 17:53:25.374483 0.060855 tcp 10.0.2.109 62921 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:53:25.435631 0.061069 tcp 10.0.2.109 62922 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:53:25.496499 0.159735 tcp 10.0.2.109 62923 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/17 17:53:25.656953 0.166579 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:53:25.823954 0.144817 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/17 17:55:38.549894 2.999573 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 17:55:45.554642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:55:53.556218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:56:09.559634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:56:41.565355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 17:59:01.497574 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 17:59:01.497678 0.589403 tcp 10.0.2.109 62924 -> 5.178.194.36 4983 FSPA* 0 0 14 1560 flow=From-Botnet-V1-TCP-Established 1970/02/17 18:02:52.572839 3.000442 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 18:02:59.579188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:03:07.580588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:03:23.583872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:03:55.589554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:09:59.595428 3.175622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 18:10:06.740086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:10:14.665523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:10:30.627592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:11:02.633756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:17:06.640238 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 18:17:13.657126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:17:21.658234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:17:37.661793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:18:09.667779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:23:36.648081 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 18:23:36.648181 0.000000 udp 10.0.2.109 3683 -> 165.228.147.207 2467 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 18:23:52.242363 0.065902 tcp 10.0.2.109 62925 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 18:23:52.308572 0.061082 tcp 10.0.2.109 62926 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 18:23:52.369966 0.155078 tcp 10.0.2.109 62927 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/17 18:23:52.525720 0.051732 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:52.577858 0.157360 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:52.735654 0.074652 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:52.810677 0.058624 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:52.869642 0.230042 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:53.100108 0.049615 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 293 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:53.150175 0.180592 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:53.331176 0.076760 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:53.408331 0.314156 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:53.722869 0.072797 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:53.796116 0.444085 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:54.240672 0.177899 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 541 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:54.418971 0.138427 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:54.557841 0.233705 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:54.791992 0.164460 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:54.956805 0.160558 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:55.117802 0.123791 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:55.242037 0.132358 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:55.374901 0.146472 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:55.521779 0.161486 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:55.683643 0.024901 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:55.709006 0.040733 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:55.750120 0.111524 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:55.862000 0.073686 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:55.936096 0.348120 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:56.284644 0.330032 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:56.615028 0.323753 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:56.939143 0.155878 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:57.095484 0.184629 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:57.280483 0.166114 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:23:57.447011 0.144683 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:24:13.673837 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 18:24:20.681101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:24:28.685682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:24:44.688256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:25:16.691773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:29:02.085800 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 18:29:02.085896 0.533246 tcp 10.0.2.109 62928 -> 5.178.194.36 4983 FSPA* 0 0 14 1690 flow=From-Botnet-V1-TCP-Established 1970/02/17 18:31:20.698366 3.000897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 18:31:27.704850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:31:35.707069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:31:51.709794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:32:23.716007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:38:27.723707 2.999571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 18:38:34.728956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:38:42.730776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:38:58.737558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:39:30.739767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:45:34.744721 3.003672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 18:45:41.753124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:45:50.458362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:46:06.282306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:46:38.561430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:54:05.878561 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 18:54:05.878775 0.074133 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:05.953340 0.057651 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:06.011477 0.050108 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:06.061945 0.163349 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:06.225717 0.225765 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:06.451849 0.050742 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:06.502949 0.167939 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:06.671300 0.076091 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:06.747757 0.314000 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:07.062307 0.073429 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:07.136220 0.138489 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:07.275117 0.143722 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:07.419212 0.160637 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:07.580309 0.444294 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:08.025015 0.183012 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:08.208441 0.190101 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:08.398952 0.124165 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:08.523511 0.336853 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:08.860768 0.236469 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:09.097690 0.866223 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:09.964283 0.025014 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:09.989663 0.041156 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:10.031180 0.120297 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:10.210949 0.074930 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:10.286321 0.335501 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:10.622270 0.348816 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:10.971456 0.327128 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:11.299043 0.166655 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:11.466396 0.146190 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:11.612962 0.157226 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/17 18:54:11.770554 0.000000 udp 10.0.2.109 3683 -> 99.121.105.245 9979 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 18:54:27.751199 0.063832 tcp 10.0.2.109 62929 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 18:54:27.815397 0.060472 tcp 10.0.2.109 62930 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 18:54:27.876097 0.159318 tcp 10.0.2.109 62931 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/17 18:54:28.793021 3.002055 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 18:54:35.800802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:54:43.802617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:54:59.805589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:55:31.811629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 18:59:02.627556 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 18:59:02.627662 0.440240 tcp 10.0.2.109 62932 -> 5.178.194.36 4983 FSPA* 0 0 14 1568 flow=From-Botnet-V1-TCP-Established 1970/02/17 19:01:56.827583 3.010632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 19:02:03.835112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:02:11.836015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:02:27.839610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:02:59.845452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:09:11.853076 3.157810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 19:09:18.985702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:09:26.925714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:09:42.875258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:10:14.881250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:16:18.887416 3.001257 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 19:16:25.894424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:16:33.895976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:16:49.899657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:17:21.904714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:23:25.911434 3.001260 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 19:23:32.918472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:23:40.919375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:23:56.922858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:24:28.930802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:24:44.672118 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 19:24:44.672231 0.000000 udp 10.0.2.109 3683 -> 99.121.105.245 9979 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 19:25:00.107272 0.062216 tcp 10.0.2.109 62933 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 19:25:00.169771 0.060427 tcp 10.0.2.109 62934 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 19:25:00.230489 0.150231 tcp 10.0.2.109 62935 -> 195.113.214.249 443 SRPA* 0 0 35 19016 flow=From-Botnet-V1-TCP-Established 1970/02/17 19:25:00.381392 0.048272 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:00.430067 0.223378 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:00.653818 0.060087 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:00.714444 0.229228 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:00.944082 0.049848 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:00.994362 0.171812 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:01.166595 0.075087 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:01.242237 0.163212 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:01.405901 0.142039 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:01.548328 0.126414 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:01.675169 0.066946 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 204 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:01.742471 0.313858 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:02.515241 0.143992 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:02.659610 0.444581 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:03.104617 0.185674 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:03.290665 0.125934 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:03.417049 0.155574 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:03.573017 0.132664 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:03.706099 0.146678 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:03.853151 0.162524 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:04.016124 0.025084 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:04.041570 0.040715 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:04.082697 0.073492 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:04.156663 0.109058 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:04.266280 0.325457 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:04.592165 0.348561 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:04.993453 0.327006 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:05.320874 0.165661 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:05.486872 0.145363 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:25:05.632618 0.157283 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:29:03.073640 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 19:29:03.073825 0.425083 tcp 10.0.2.109 62936 -> 5.178.194.36 4983 FSPA* 0 0 14 1522 flow=From-Botnet-V1-TCP-Established 1970/02/17 19:30:32.934974 3.001748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 19:30:39.942554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:30:47.944143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:31:03.946956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:31:35.952923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:37:39.958272 3.002321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 19:37:46.965932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:37:54.968048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:38:10.970928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:38:42.976869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:44:46.984041 3.000629 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 19:44:53.990591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:45:02.062812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:45:18.006548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:45:50.993047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:54:05.034536 3.002490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 19:54:12.042900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:54:20.044411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:54:36.047489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:55:08.053172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 19:55:27.371296 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 19:55:27.371393 0.062455 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:27.434291 0.232881 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:27.667549 0.048938 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:27.716899 0.053847 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:27.771124 0.072586 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:27.844078 0.166926 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:28.011372 0.073015 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 200 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:28.084752 0.159100 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:28.244220 0.142699 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:28.387300 0.210478 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:28.598169 0.070804 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:28.669388 0.312822 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:28.982657 0.157431 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:29.140471 0.416612 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:29.557478 0.184378 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:29.742406 0.127601 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:29.870395 0.162296 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:30.033079 0.131450 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:30.164992 0.148104 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:30.313444 0.159236 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:30.473140 0.025236 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:30.498806 0.040815 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:30.539990 0.073299 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:30.613643 0.114870 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:30.848938 0.334938 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:31.184267 0.348426 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:31.533114 0.143437 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:31.676931 0.160095 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:31.837429 0.320820 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:55:32.158677 0.168943 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 19:59:03.502187 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 19:59:03.502334 0.935743 tcp 10.0.2.109 62937 -> 5.178.194.36 4983 FSPA* 0 0 14 1598 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:01:12.062754 2.999861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 20:01:19.066082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:01:27.068405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:01:43.071520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:02:15.077345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:08:26.085509 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 20:08:33.090985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:08:41.092738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:08:57.095066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:09:29.106685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:15:33.107542 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 20:15:40.114589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:15:48.116085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:16:04.119129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:16:36.125203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:22:40.131394 3.309791 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 20:22:47.406366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:22:55.335276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:23:11.195931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:23:43.159145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:25:35.201343 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 20:25:35.201503 0.051161 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:35.253041 0.055660 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:35.309110 0.076579 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:35.386164 0.173476 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:35.560007 0.062938 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:35.623305 0.000000 udp 10.0.2.109 3683 -> 189.252.153.191 8040 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 20:25:52.968274 0.066167 tcp 10.0.2.109 62938 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:25:53.034724 0.060618 tcp 10.0.2.109 62939 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:25:53.095624 0.153617 tcp 10.0.2.109 62940 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:25:53.249758 0.075126 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:53.325474 0.159418 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:53.485285 0.143135 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:53.628755 0.114006 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:53.743178 0.073763 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:53.817287 0.314102 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:54.131888 0.145598 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:54.277910 0.439135 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:54.717486 0.180701 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 249 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:54.898586 0.130868 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:55.029939 0.140644 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:55.170972 0.158654 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:55.330090 0.024877 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:55.355354 0.040680 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:55.396475 0.074365 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:55.471309 0.132322 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:55.604071 0.146310 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:55.750733 0.108805 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:55.859975 0.332019 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:56.192345 0.157578 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:56.350383 0.348534 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:56.699290 0.142988 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:56.842718 0.330933 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:25:57.174047 0.166074 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:29:04.443202 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 20:29:04.443291 0.494046 tcp 10.0.2.109 62941 -> 5.178.194.36 4983 FSPA* 0 0 14 1497 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:29:47.164948 3.001972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 20:29:54.172583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:30:02.173941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:30:18.177283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:30:50.193200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:36:54.199298 3.001660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 20:37:01.206637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:37:09.208515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:37:25.211100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:37:57.217230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:44:01.437893 2.997321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 20:44:08.441437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:44:16.442713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:44:32.445349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:45:04.451574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:53:30.563775 2.999435 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 20:53:37.570659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:53:45.570575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:54:01.573811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:54:33.579809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 20:56:19.342264 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 20:56:19.342354 0.233734 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:19.576444 0.055132 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:19.632008 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 20:56:37.709863 0.067478 tcp 10.0.2.109 62942 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:56:37.777584 0.065081 tcp 10.0.2.109 62943 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:56:37.842930 0.150545 tcp 10.0.2.109 62944 -> 195.113.214.249 443 SRPA* 0 0 31 14540 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:56:37.994031 0.238243 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:38.232682 0.060779 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:38.293864 0.049936 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:38.344193 0.141651 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:38.486256 0.114050 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:38.600707 0.077632 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:38.678783 0.072181 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:38.751400 0.160736 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:38.912478 0.312817 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:39.225656 0.144623 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:39.375525 0.422327 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:39.798501 0.177434 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:39.976391 0.125358 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:40.102229 0.155473 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:40.258066 0.160836 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:40.419378 0.024529 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:40.444284 0.046099 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:40.490788 0.078437 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:40.569645 0.132387 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:40.702444 0.000000 udp 10.0.2.109 3683 -> 70.50.242.44 2113 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 20:56:56.656274 0.061100 tcp 10.0.2.109 62945 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:56:56.717683 0.069582 tcp 10.0.2.109 62946 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:56:56.787676 0.151179 tcp 10.0.2.109 62947 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/17 20:56:56.939526 0.100857 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:57.040825 0.349781 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:57.391063 0.144517 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:57.535962 0.349787 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:57.886312 0.160794 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:58.047554 0.328162 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:56:58.376113 0.163382 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/17 20:59:04.940946 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 20:59:04.941102 1.621733 tcp 10.0.2.109 62948 -> 5.178.194.36 4983 FSPA* 0 0 14 1727 flow=From-Botnet-V1-TCP-Established 1970/02/17 21:00:37.903191 2.996816 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 21:00:44.902968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:00:52.904989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:01:08.908167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:01:40.924739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:07:45.443438 2.999105 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 21:07:52.448768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:08:00.449816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:08:16.455866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:08:48.458804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:14:52.465067 3.000982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 21:14:59.472213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:15:07.474760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:15:23.476926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:15:55.482869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:21:59.488297 3.001976 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 21:22:06.496406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:22:14.497937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:22:30.500564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:23:02.518410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:27:27.167531 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 21:27:27.167723 0.073568 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:27.241672 0.145439 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:27.387578 0.228302 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:27.616238 0.055909 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:27.672562 0.049986 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:27.722963 0.141896 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:27.865247 0.113939 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:27.979602 0.076688 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:28.056672 0.077814 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:28.134920 0.163874 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:28.299267 0.062126 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:28.361780 0.145594 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:28.507877 0.312045 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:28.820381 0.158450 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:28.979218 0.125923 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:29.105561 0.140972 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:29.247000 0.158944 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:29.406458 0.025240 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:29.432124 0.045683 udp 10.0.2.109 3683 <-> 93.223.117.171 4817 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:29.478375 0.073619 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:29.552385 0.422582 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:29.977451 0.187519 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:30.165328 0.131197 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:30.296932 0.143407 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:30.440762 0.339737 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:30.780889 0.114299 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:30.895600 0.349356 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:31.245333 0.165658 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:31.411462 0.155695 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:27:31.567572 0.327469 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:29:06.522781 3.001935 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 21:29:06.570887 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 21:29:06.570981 1.051386 tcp 10.0.2.109 62949 -> 5.178.194.36 4983 FSPA* 0 0 14 1660 flow=From-Botnet-V1-TCP-Established 1970/02/17 21:29:13.530341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:29:21.531699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:29:40.608268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:30:12.199874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:36:13.546614 3.001182 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 21:36:20.553745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:36:28.555690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:36:44.558816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:37:16.564451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:43:20.591449 3.002594 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 21:43:27.598558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:43:35.599478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:43:51.602585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:44:23.608073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:50:27.614636 3.001937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 21:50:34.622396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:50:42.623607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:50:58.626358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:51:30.632721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:57:34.638556 3.156466 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 21:57:41.765993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:57:42.069221 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 21:57:42.069385 0.072324 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:42.142139 0.145749 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:42.288358 0.231761 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:42.520578 0.055355 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:42.576326 0.049616 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:42.626354 0.142295 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 217 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:42.769089 0.113965 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:42.883431 0.073010 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:42.956861 0.060898 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:43.018216 0.137073 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:43.155647 0.313752 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:43.469772 0.158531 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:43.628756 0.075555 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:43.704716 0.177681 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:43.882784 0.126097 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:44.009288 0.145479 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:44.155138 0.158346 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:44.313847 0.025131 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:57:44.339361 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 21:57:49.707557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:58:02.988737 0.061264 tcp 10.0.2.109 62950 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 21:58:03.050319 0.065743 tcp 10.0.2.109 62951 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 21:58:03.116362 0.156400 tcp 10.0.2.109 62952 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/17 21:58:03.273451 0.076011 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:03.349844 0.444425 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:03.794723 0.183693 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:03.978803 0.131673 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:04.110902 0.145928 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:04.257190 0.349045 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:04.606668 0.103118 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:04.710332 0.159979 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:04.870686 0.326959 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:05.198118 0.348117 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:05.546628 0.166268 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/17 21:58:05.660606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:58:37.666599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 21:59:07.630270 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 21:59:07.630377 0.658246 tcp 10.0.2.109 62953 -> 5.178.194.36 4983 FSPA* 0 0 14 1671 flow=From-Botnet-V1-TCP-Established 1970/02/17 22:04:58.686871 3.001782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 22:05:05.694581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:05:13.695811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:05:29.698958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:06:01.704702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:12:14.714033 3.001791 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 22:12:21.721477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:12:29.722456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:12:45.725808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:13:17.731591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:19:21.738960 3.000751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 22:19:28.745377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:19:36.746986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:19:52.749890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:20:24.765617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:26:28.772186 3.003782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 22:26:35.779616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:26:43.780983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:26:59.783950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:27:31.793369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:28:31.025542 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 22:28:31.025635 0.000000 udp 10.0.2.109 3683 -> 93.223.117.171 4817 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 22:28:49.143049 0.116258 tcp 10.0.2.109 62954 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 22:28:49.259591 0.061255 tcp 10.0.2.109 62955 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 22:28:49.321089 0.152312 tcp 10.0.2.109 62956 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/17 22:28:49.473917 0.230031 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:49.704354 0.073865 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:49.778598 0.146627 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:49.925720 0.049349 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:49.975437 0.142530 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 220 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:50.118527 0.125957 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:50.244892 0.076312 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:50.321609 0.052408 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:50.374511 0.137900 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:50.512802 0.315831 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:50.829054 0.159069 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:50.988494 0.074317 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:51.063175 0.167374 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:51.230943 0.125129 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:51.356453 0.135888 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:51.492721 0.061027 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:51.554174 0.024967 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:51.579584 0.159541 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:51.739769 0.073339 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:51.813578 0.435965 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:52.250047 0.178600 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:52.429000 0.132026 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:52.561381 0.145920 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:52.707706 0.339735 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:53.047799 0.326653 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:53.374875 0.348488 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:53.723740 0.164939 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:53.889038 0.132173 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:28:54.021639 0.155469 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:29:08.289146 0.618311 tcp 10.0.2.109 62957 -> 5.178.194.36 4983 FSPA* 0 0 14 1501 flow=From-Botnet-V1-TCP-Established 1970/02/17 22:33:35.795529 3.005612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 22:33:42.803333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:33:50.804529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:34:06.809187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:34:38.813876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:40:42.820144 3.001603 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 22:40:49.827437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:40:57.828936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:41:13.832005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:41:45.837949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:47:49.843686 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 22:47:56.851297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:48:04.852562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:48:20.855986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:48:52.861833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:55:34.877398 3.035218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 22:55:41.891174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:55:49.891492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:56:05.894645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:56:37.900434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 22:59:08.907922 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 22:59:08.908024 0.809925 tcp 10.0.2.109 62958 -> 5.178.194.36 4983 FSPA* 0 0 14 1582 flow=From-Botnet-V1-TCP-Established 1970/02/17 22:59:21.465979 0.145472 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:21.611809 0.049954 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:21.662212 0.230217 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:21.892818 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/02/17 22:59:37.100014 0.068947 tcp 10.0.2.109 62959 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/17 22:59:37.169256 0.061967 tcp 10.0.2.109 62960 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/17 22:59:37.231482 0.156629 tcp 10.0.2.109 62961 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/17 22:59:37.388835 0.141937 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:37.531111 0.113926 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:37.645488 0.086482 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:37.732420 0.052660 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:37.785513 0.137572 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:37.923479 0.316346 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:38.240160 0.160904 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:38.401428 0.068496 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:38.470273 0.166211 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:38.636839 0.123394 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:38.760671 0.148626 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:38.909698 0.063324 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:38.973439 0.024899 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:38.998824 0.161209 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:39.160503 0.077835 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:39.238776 0.138371 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:39.377605 0.143217 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:39.521200 0.346686 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:39.868303 0.417851 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:40.286646 0.187057 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:40.474111 0.323266 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 560 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:40.797821 0.345017 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:41.143225 0.162970 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:41.306616 0.107129 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/17 22:59:41.414102 0.156889 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:02:49.907518 3.001972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 23:02:56.914952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:03:04.916669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:03:20.919833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:03:52.925451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:09:56.931747 3.001712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 23:10:03.939832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:10:11.946957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:10:27.944455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:10:59.950746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:17:03.955668 3.001797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 23:17:10.963277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:17:18.964274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:17:34.968679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:18:06.973855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:24:10.980002 3.001388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 23:24:17.987181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:24:25.988599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:24:41.991747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:25:14.017693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:29:09.716654 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 23:29:09.716791 0.525149 tcp 10.0.2.109 62962 -> 5.178.194.36 4983 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/02/17 23:30:08.301236 0.209368 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:08.511108 0.049829 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:08.561459 0.148933 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:08.710785 0.227974 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:08.939213 0.141847 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:09.081426 0.115852 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:09.197712 0.076336 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:09.274488 0.053947 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:09.328914 0.226006 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:09.555321 0.070917 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:09.626676 0.168520 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:09.795595 0.312632 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 222 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:10.108703 0.163981 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:10.273072 0.129267 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:10.402757 0.146207 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:10.549352 0.063719 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:10.613454 0.024920 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:10.638697 0.159398 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:10.798582 0.077209 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:10.876198 0.341917 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:11.218515 0.130627 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:11.349602 0.144212 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:11.494232 0.437974 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:11.932546 0.181184 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:12.114246 0.327727 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:12.442486 0.350818 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:12.793782 0.164168 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:12.958330 0.118657 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 562 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:13.077372 0.157982 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/17 23:30:13.077657 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 23:31:18.029088 2.997781 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/17 23:31:25.038255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:31:33.032888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:31:49.035760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:32:21.041722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:38:25.047320 3.002122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 23:38:32.055339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:38:40.056549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:38:56.061403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:39:28.067103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:45:32.071752 3.001680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 23:45:39.079226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:45:47.080699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:46:03.083714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:46:35.090605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:54:27.100205 3.002585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/17 23:54:34.107954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:54:42.109793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:54:58.113477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:55:30.118963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/17 23:59:10.245832 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/17 23:59:10.245916 0.498178 tcp 10.0.2.109 62963 -> 5.178.194.36 4983 FSPA* 0 0 14 1669 flow=From-Botnet-V1-TCP-Established 1970/02/18 00:00:25.735698 0.000180 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 00:00:25.735984 0.149831 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:25.886306 0.235048 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:26.121768 0.074251 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:26.196416 0.049908 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:26.246820 0.142953 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:26.390265 0.126268 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:26.517029 0.080598 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:26.598240 0.051811 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:26.650542 0.191145 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:26.842090 0.075641 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:26.918227 0.173334 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:27.092012 0.316878 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:27.409364 0.167326 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:27.577139 0.126291 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 564 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:27.703860 0.150273 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:27.854607 0.055589 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:27.910695 0.025025 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:27.936119 0.159226 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:28.095727 0.069235 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:28.165345 0.145141 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:28.310911 0.413626 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:28.724997 0.339138 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:29.064647 0.130458 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:29.195555 0.178567 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:29.374528 0.320770 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:29.695738 0.349022 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:30.045102 0.164167 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:30.209642 0.107573 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:00:30.317667 0.157099 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:01:56.136186 3.023938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 00:02:03.153978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:02:11.156752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:02:27.158683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:02:59.164153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:09:10.183338 3.001997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 00:09:17.188004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:09:25.195200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:09:41.194134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:10:13.198933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:16:17.205321 3.092062 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 00:16:24.275377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:16:32.223230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:16:48.226813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:17:20.242722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:23:24.248466 3.002059 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 00:23:31.258836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:23:39.257562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:23:55.260791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:24:27.266818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:29:10.745119 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 00:29:10.745207 0.496439 tcp 10.0.2.109 62964 -> 5.178.194.36 4983 FSPA* 0 0 14 1726 flow=From-Botnet-V1-TCP-Established 1970/02/18 00:30:31.282431 3.002492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 00:30:38.291806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:30:42.545906 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 00:30:42.546001 0.148981 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:30:42.695339 0.227784 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:30:42.923527 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 00:30:46.291769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:31:00.864439 0.064492 tcp 10.0.2.109 62965 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 00:31:00.929211 0.060228 tcp 10.0.2.109 62966 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 00:31:00.989737 0.131647 tcp 10.0.2.109 62967 -> 195.113.214.249 443 SRPA* 0 0 34 23919 flow=From-Botnet-V1-TCP-Established 1970/02/18 00:31:01.122243 0.050015 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:01.172710 0.145057 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:01.318147 0.117597 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:01.436129 0.354406 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:01.790957 0.053244 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 535 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:01.844617 0.220766 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:02.065745 0.072316 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:02.138526 0.169301 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:02.294622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:31:02.308216 0.346265 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:02.655032 0.157385 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:02.812802 0.126099 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:02.939289 0.138577 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:03.078359 0.055098 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:03.133811 0.025028 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:03.159227 0.147221 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:03.306794 0.441899 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:03.749040 0.345378 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:04.094789 0.160643 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:04.255825 0.074267 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:04.330507 0.131220 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:04.462075 0.183286 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 531 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:04.645752 0.335741 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:04.981940 0.345636 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:05.328030 0.165419 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:05.493836 0.113598 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:05.607885 0.159297 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/18 00:31:34.300795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:37:38.306645 3.001473 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 00:37:45.313953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:37:53.315428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:38:09.318631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:38:41.324504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:44:45.330563 3.001688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 00:44:52.337880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:45:00.570475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:45:16.432890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:45:48.358684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:54:04.377396 2.998540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 00:54:11.381816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:54:19.383330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:54:35.386343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:55:07.393090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 00:59:11.243212 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 00:59:11.243307 0.718305 tcp 10.0.2.109 62968 -> 5.178.194.36 4983 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/02/18 01:01:11.398221 3.004536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 01:01:18.045495 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 01:01:18.045587 0.563511 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:18.405515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:01:18.609558 0.148497 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:18.758466 0.230115 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:18.989019 0.050192 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:19.039610 0.144916 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:19.184880 0.126306 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:19.311548 0.078016 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:19.389954 0.046241 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:19.436663 0.136744 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:19.573778 0.315684 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:19.889881 0.164715 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:20.055001 0.126121 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:20.181594 0.073817 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:20.255861 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 01:01:26.407167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:01:27.291970 0.000000 udp 10.0.2.109 3683 <- 107.214.174.97 6448 RSP 0 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 01:01:27.292487 0.144003 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:27.436913 0.273036 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:27.710385 0.024922 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:27.735668 0.147397 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:27.883453 0.409883 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:28.293800 0.345647 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:28.639918 0.159132 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:28.799484 0.077786 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:28.877648 0.130971 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:29.009093 0.179080 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:29.188655 0.329962 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:29.519087 0.109465 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:29.629015 0.158878 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:29.788335 0.348612 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:30.137332 0.164528 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:01:42.411298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:02:14.446542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:08:33.464200 3.003715 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 01:08:40.472582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:08:48.476827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:09:04.475720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:09:36.481828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:15:40.487713 3.001673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 01:15:47.499058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:15:55.496171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:16:11.499604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:16:43.505709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:22:47.511485 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 01:22:54.519269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:23:02.520959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:23:18.528620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:23:50.539641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:29:11.982718 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 01:29:11.982815 0.843714 tcp 10.0.2.109 62969 -> 5.178.194.36 4983 FSPA* 0 0 14 1629 flow=From-Botnet-V1-TCP-Established 1970/02/18 01:29:54.545288 3.002187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 01:30:01.553136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:30:09.554830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:30:25.558030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:30:57.563736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:31:39.594714 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 01:31:39.594816 0.076607 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:39.671822 0.148362 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:39.820611 0.236446 rtcp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:40.057513 0.050000 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:40.107988 0.146519 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:40.255030 0.126100 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:40.587137 0.084188 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:40.671710 0.054835 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:40.726922 0.142536 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:40.870000 0.348865 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:41.219217 0.072213 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:41.291800 0.165212 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:41.457431 0.134726 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:41.592568 0.234078 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:41.827030 0.149618 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:41.977043 0.060299 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:42.037694 0.025229 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:42.063290 0.146508 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:42.210407 0.413572 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:42.624403 0.425961 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:43.050789 0.156342 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:43.207581 0.076770 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:43.284784 0.131623 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:43.416857 0.110044 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:43.527353 0.161183 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:43.688901 0.349006 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:44.038433 0.164718 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:44.203594 0.183611 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:31:44.387604 0.320609 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/18 01:37:01.569669 3.001567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 01:37:08.577266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:37:16.578760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:37:32.581382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:38:04.587766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:44:08.593177 3.005426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 01:44:15.602828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:44:23.602583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:44:39.605862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:45:11.611697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:53:37.622140 3.001315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 01:53:44.629424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:53:52.630764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:54:08.633613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:54:41.062655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 01:59:12.831597 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 01:59:12.831685 0.553853 tcp 10.0.2.109 62970 -> 5.178.194.36 4983 FSPA* 0 0 14 1508 flow=From-Botnet-V1-TCP-Established 1970/02/18 02:00:44.666565 3.000934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 02:00:51.674855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:00:59.675804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:01:15.678541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:01:49.248922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:01:53.560845 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 02:01:53.560938 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 02:02:09.786590 0.108154 tcp 10.0.2.109 62971 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 02:02:09.894966 0.067725 tcp 10.0.2.109 62972 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 02:02:09.962752 0.136121 tcp 10.0.2.109 62973 -> 195.113.214.249 443 SRPA* 0 0 37 25071 flow=From-Botnet-V1-TCP-Established 1970/02/18 02:02:10.099404 0.149397 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:10.249268 0.000000 udp 10.0.2.109 3683 -> 189.252.153.191 8040 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 02:02:16.371530 0.000000 udp 10.0.2.109 3683 <- 189.252.153.191 8040 RSP 0 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 02:02:17.184315 0.049700 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:17.234395 0.142834 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:17.377621 0.138572 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:17.516672 0.088137 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:17.605293 0.052553 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:17.658396 0.150168 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:17.808986 0.334635 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:18.144089 0.070996 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:18.215511 0.157222 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:18.707180 0.129575 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:19.000233 0.167606 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:19.168249 0.138302 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:19.569436 0.067937 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:19.637755 0.431422 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 556 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:20.069583 0.024871 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 298 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:20.094983 0.144389 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:20.239770 0.341615 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:20.581798 0.156703 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:21.979111 0.079698 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:22.059237 0.130160 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:22.190321 0.125163 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:22.315974 0.157895 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:22.474263 0.345651 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:22.820384 0.330263 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:23.151119 0.164333 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:02:23.315966 0.182687 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:07:51.700233 3.003885 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 02:07:58.707304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:08:06.708887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:08:23.972139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:08:55.606129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:15:00.737196 3.001278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 02:15:07.744009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:15:15.745545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:15:31.748235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:16:03.754207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:22:07.760543 3.002166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 02:22:14.769983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:22:22.769272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:22:38.774554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:23:10.778755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:29:13.391147 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 02:29:13.391232 0.436089 tcp 10.0.2.109 62974 -> 5.178.194.36 4983 FSPA* 0 0 14 1621 flow=From-Botnet-V1-TCP-Established 1970/02/18 02:29:14.784436 3.001250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 02:29:21.791898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:29:29.793663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:29:45.796054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:30:17.802475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:32:31.618036 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 02:32:31.618201 0.078725 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:31.697316 0.149968 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:31.847693 0.232167 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:32.080237 0.048797 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:32.129412 0.145053 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:32.274928 0.126112 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:32.401538 0.077252 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:32.479242 0.052012 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:32.531639 0.193257 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:32.725307 0.355497 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:33.081255 0.082317 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:33.163979 0.161969 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:33.326329 0.132052 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:33.559100 0.167484 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:33.726939 0.149338 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:33.876696 0.062636 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:33.939762 0.146567 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:34.086718 0.448065 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:34.535217 0.421413 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:34.957092 0.025372 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:34.982903 0.159352 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:35.142663 0.075341 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:35.218405 0.130412 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:35.349233 0.113955 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:35.463604 0.157437 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:35.621420 0.164654 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:35.786469 0.345673 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:32:36.132526 0.000000 udp 10.0.2.109 3683 -> 118.163.97.62 1829 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 02:32:51.915744 0.063542 tcp 10.0.2.109 62975 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 02:32:51.979636 0.069001 tcp 10.0.2.109 62976 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 02:32:52.048939 0.162019 tcp 10.0.2.109 62977 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/18 02:32:52.211500 0.186027 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 323 flow=From-Botnet-V1-UDP-Established 1970/02/18 02:36:21.808318 3.002088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 02:36:28.816365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:36:36.817528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:36:52.820800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:37:24.960638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:43:28.842836 3.001287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 02:43:35.849910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:43:43.851420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:43:59.859539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:44:31.862687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:50:35.867081 3.001054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 02:50:42.873719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:50:50.875183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:51:06.878652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:51:38.885863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:57:42.890186 3.002200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 02:57:49.897945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:57:57.899252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:58:13.902288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:58:45.908790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 02:59:13.829290 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 02:59:13.829370 0.605797 tcp 10.0.2.109 62978 -> 5.178.194.36 4983 FSPA* 0 0 14 1532 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:06.873982 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 03:03:06.874071 0.000000 udp 10.0.2.109 3683 -> 118.163.97.62 1829 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 03:03:22.237251 0.064320 tcp 10.0.2.109 62979 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:22.301825 0.061354 tcp 10.0.2.109 62980 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:22.363508 0.170566 tcp 10.0.2.109 62981 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:22.534664 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 03:03:40.462588 0.398122 tcp 10.0.2.109 62982 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:40.860992 0.062539 tcp 10.0.2.109 62983 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:40.923826 0.169454 tcp 10.0.2.109 62984 -> 195.113.214.249 443 SRPA* 0 0 24 13860 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:41.093947 0.147723 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:03:41.242068 0.050217 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:03:41.292730 0.143587 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:03:41.436742 0.126017 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:03:41.563144 0.080118 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:03:41.643625 0.054064 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:03:41.698198 0.228959 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:03:41.927549 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 03:03:59.225686 0.067797 tcp 10.0.2.109 62985 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:59.293813 0.066120 tcp 10.0.2.109 62986 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:59.360184 0.172971 tcp 10.0.2.109 62987 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:03:59.533729 0.162932 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:03:59.697057 0.124515 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:03:59.821956 0.179752 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:00.002088 0.138527 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:00.141071 0.066866 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:00.208374 0.075376 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:00.284167 0.353985 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:00.638570 0.436811 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:01.075757 0.024847 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 255 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:01.101023 0.147458 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:01.248900 0.000000 udp 10.0.2.109 3683 -> 27.54.121.253 4717 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 03:04:17.445844 0.065345 tcp 10.0.2.109 62988 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:04:17.511489 0.067220 tcp 10.0.2.109 62989 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:04:17.579146 0.181941 tcp 10.0.2.109 62990 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:04:17.761720 0.156433 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:17.918490 0.117368 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:18.036288 0.160066 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:18.196761 0.164646 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:18.361763 0.131057 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:18.493258 0.071791 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:18.565453 0.351957 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 582 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:04:18.917796 0.187292 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:05:06.932270 2.998033 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 03:05:14.042502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:05:21.980919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:05:37.950969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:06:09.958273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:12:22.965827 3.001083 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 03:12:29.974053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:12:37.974692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:12:53.977655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:13:26.191080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:19:30.000907 3.010508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 03:19:37.017262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:19:45.019002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:20:01.021733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:20:33.027829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:26:37.033476 3.209220 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 03:26:44.212702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:26:52.140872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:27:08.056475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:27:40.061804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:29:14.438109 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 03:29:14.438333 0.719402 tcp 10.0.2.109 62991 -> 5.178.194.36 4983 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/02/18 03:33:44.067902 3.002712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 03:33:51.075169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:33:59.076863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:34:15.080586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:34:42.349213 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 03:34:42.349419 0.074670 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:42.424443 0.137152 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:42.561944 0.357818 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:42.920125 0.145619 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:43.066167 0.126569 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:43.193130 0.086896 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:43.280427 0.054873 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:43.335646 0.232322 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:43.568355 0.148231 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:43.716997 0.049576 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:43.766973 0.166615 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:43.933942 0.147607 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:44.081952 0.060669 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:44.142990 0.087039 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 239 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:44.230430 0.336128 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:44.566964 0.164472 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:44.731831 0.127751 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:44.859955 0.458569 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:45.318867 0.025087 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:45.344353 0.143821 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:45.488579 0.157732 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:45.707790 0.104821 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:45.812991 0.157724 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:45.971190 0.165240 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:46.136864 0.131474 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:46.268740 0.071518 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:46.340705 0.344909 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:46.685995 0.178121 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/18 03:34:47.085749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:40:51.091771 3.001606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 03:40:58.099261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:41:06.100668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:41:22.103344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:41:54.109749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:47:58.125938 2.991338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 03:48:05.623119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:48:13.526275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:48:29.331586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:49:01.143285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:55:38.157721 3.000979 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 03:55:45.164062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:55:53.166330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:56:09.168942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:56:41.175235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 03:59:15.156417 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 03:59:15.156581 0.555336 tcp 10.0.2.109 62992 -> 5.178.194.36 4983 FSPA* 0 0 14 1595 flow=From-Botnet-V1-TCP-Established 1970/02/18 04:02:48.187039 3.000587 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 04:02:55.192783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:03:03.198493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:03:19.197166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:03:51.205200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:05:04.500572 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 04:05:04.500774 0.335637 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:04.836853 0.071537 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:04.908780 0.144138 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:05.053279 0.145314 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:05.199097 0.138695 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:05.338176 0.079081 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:05.417657 0.050901 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:05.468923 0.235190 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:05.704540 0.149914 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:05.854808 0.051338 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:05.906492 0.172144 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:06.079079 0.142875 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:06.222441 0.066348 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:06.289212 0.092159 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:06.381805 0.368625 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:06.750846 0.163327 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:06.914550 0.123702 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:07.038666 0.518699 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:07.557750 0.025026 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:07.583249 0.145415 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:07.729012 0.158328 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:07.887710 0.103656 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:07.991709 0.154888 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 247 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:08.147007 0.112532 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:08.259922 0.352739 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:08.613042 0.178153 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:08.791736 0.164755 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:05:08.956829 0.131626 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 288 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:09:55.219761 3.001248 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 04:10:02.227032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:10:10.232595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:10:26.231241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:10:58.237663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:17:02.243336 3.001539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 04:17:09.250702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:17:17.252524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:17:33.255552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:18:05.264783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:24:09.267719 3.221839 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 04:24:16.467969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:24:24.394264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:24:40.289416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:25:12.295257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:29:15.715515 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 04:29:15.715612 0.731881 tcp 10.0.2.109 62993 -> 5.178.194.36 4983 FSPA* 0 0 14 1670 flow=From-Botnet-V1-TCP-Established 1970/02/18 04:31:16.301110 3.002031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 04:31:23.308175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:31:31.311352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:31:47.313380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:32:19.319160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:35:12.278116 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 04:35:12.278216 0.181246 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:12.459832 0.144502 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:12.604983 0.114610 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:12.720005 0.083647 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:12.804077 0.051362 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:13.038199 0.372374 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:13.411017 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 04:35:31.477611 0.063536 tcp 10.0.2.109 62994 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 04:35:31.541507 0.210194 tcp 10.0.2.109 62995 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 04:35:31.751529 0.159621 tcp 10.0.2.109 62996 -> 195.113.214.249 443 SRPA* 0 0 32 24081 flow=From-Botnet-V1-TCP-Established 1970/02/18 04:35:31.911662 0.230902 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:32.142978 0.150416 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:32.293808 0.048791 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:32.343030 0.167136 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:32.510526 0.149169 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:32.660043 0.057142 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:32.717547 0.068558 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:32.786462 0.370872 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:33.157754 0.158432 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:33.316675 0.127757 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:33.444832 0.533185 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:33.978560 0.024941 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:34.003905 0.147736 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:34.152110 0.157545 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:34.310126 0.074335 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:34.384865 0.359506 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:34.744760 0.185166 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:34.930308 0.164791 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:35.095583 0.159993 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 550 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:35.256038 0.101266 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 230 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:35:35.357694 0.130218 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 04:38:23.325386 3.001418 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 04:38:30.333305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:38:38.334294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:38:54.336789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:39:26.343348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:45:30.349667 3.001347 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 04:45:37.356659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:45:45.357878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:46:02.038267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:46:33.684275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:54:25.389246 3.067765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 04:54:32.433756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:54:40.407486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:54:56.410496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:55:28.416186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 04:59:16.445284 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 04:59:16.445396 0.758682 tcp 10.0.2.109 62997 -> 5.178.194.36 4983 FSPA* 0 0 14 1618 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:01:54.437540 3.003431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 05:02:01.441453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:02:09.447216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:02:25.450367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:02:57.457223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:05:54.566702 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 05:05:54.566793 0.079464 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:05:54.646592 0.080251 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:05:54.727286 0.050922 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:05:54.778610 0.140681 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:05:54.919738 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 05:06:11.663840 0.064769 tcp 10.0.2.109 62998 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:06:11.728910 0.065126 tcp 10.0.2.109 62999 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:06:11.794390 0.168029 tcp 10.0.2.109 63000 -> 195.113.214.249 443 SRPA* 0 0 26 13968 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:06:11.960754 0.113690 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:12.074790 0.406767 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:12.482023 0.233404 udp 10.0.2.109 3683 <-> 189.252.153.191 8040 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:12.715848 0.146870 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:12.863258 0.051966 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:12.915628 0.167953 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:13.084023 0.143945 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:13.228409 0.067438 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:13.296272 0.071877 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:13.368565 0.379168 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:13.748239 0.159850 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:13.908475 0.126359 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:14.035182 0.516950 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:14.812434 0.024999 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:14.837834 0.144530 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:14.982890 0.157483 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:15.140878 0.080163 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:15.221429 0.348182 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:15.570056 0.183932 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:15.754681 0.116402 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:15.871525 0.131933 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:16.003848 0.163931 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:06:16.168221 0.157823 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:09:07.467070 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 05:09:14.474183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:09:22.476855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:09:38.478898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:10:10.484654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:16:18.497325 3.001096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 05:16:25.503732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:16:33.660642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:16:51.040302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:17:22.696712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:23:25.541096 3.001302 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 05:23:32.547911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:23:40.550111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:23:56.552265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:24:28.558199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:29:17.204004 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 05:29:17.204117 0.902359 tcp 10.0.2.109 63001 -> 5.178.194.36 4983 FSPA* 0 0 12 1466 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:30:32.565221 3.000643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 05:30:39.572042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:30:47.573570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:31:03.576511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:31:35.582301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:36:28.975230 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 05:36:28.975324 0.140929 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:36:29.116611 0.146635 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:36:29.263638 0.077333 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:36:29.341834 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 05:36:47.322346 0.068363 tcp 10.0.2.109 63002 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:36:47.391008 0.066455 tcp 10.0.2.109 63003 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:36:47.457818 0.166418 tcp 10.0.2.109 63004 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:36:47.624999 0.059859 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:36:47.685262 0.126769 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:36:47.812383 0.438804 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:36:48.251629 0.049162 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:36:48.301238 0.231855 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:36:48.533494 0.151832 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:36:48.685767 0.000000 udp 10.0.2.109 3683 -> 189.252.153.191 8040 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 05:37:03.714618 0.065343 tcp 10.0.2.109 63005 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:37:03.780219 0.064381 tcp 10.0.2.109 63006 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:37:03.844896 0.177118 tcp 10.0.2.109 63007 -> 195.113.214.249 443 SRPA* 0 0 24 14016 flow=From-Botnet-V1-TCP-Established 1970/02/18 05:37:04.022532 0.148031 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:04.170910 0.060735 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:04.232013 0.068548 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:04.300936 0.345243 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:04.646621 0.165869 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:04.812841 0.122202 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:04.935494 0.551638 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:05.520365 0.025010 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:05.545784 0.144055 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:05.690310 0.158348 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:05.849047 0.070723 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:05.920228 0.115587 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:06.036215 0.355858 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:06.392493 0.180937 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:06.573903 0.157005 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:06.731347 0.134234 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:06.865965 0.163937 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/18 05:37:39.588228 3.001725 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 05:37:46.595863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:37:54.597311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:38:10.600385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:38:42.606287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:44:46.613870 3.000383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 05:44:53.620044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:45:01.624588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:45:17.624315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:45:49.630470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:54:03.644004 3.000491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 05:54:10.650849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:54:18.935646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:54:34.786500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:55:07.163816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 05:59:18.112966 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 05:59:18.113105 0.574876 tcp 10.0.2.109 63008 -> 5.178.194.36 4983 FSPA* 0 0 14 1699 flow=From-Botnet-V1-TCP-Established 1970/02/18 06:01:10.687306 3.001709 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 06:01:18.488744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:01:26.393450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:01:42.234496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:02:13.886516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:07:08.268904 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 06:07:08.268987 0.076936 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:08.346462 0.000000 udp 10.0.2.109 3683 -> 189.252.153.191 8040 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 06:07:23.572701 0.063871 tcp 10.0.2.109 63009 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/18 06:07:23.636818 0.060174 tcp 10.0.2.109 63010 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/18 06:07:23.697286 0.169291 tcp 10.0.2.109 63011 -> 195.113.214.249 443 SRPA* 0 0 28 11114 flow=From-Botnet-V1-TCP-Established 1970/02/18 06:07:23.866841 0.143106 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:24.010354 0.136955 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:24.147758 0.073446 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:24.221595 0.126282 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:24.348250 0.056102 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:24.474718 0.151188 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:24.626389 0.050113 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:24.676893 0.343772 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:25.021127 0.174716 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:25.196212 0.150004 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:25.346682 0.063209 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:25.410404 0.069638 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:25.480413 0.353426 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:25.834188 0.159123 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:25.993749 0.132979 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:26.127093 0.510134 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:26.637728 0.024808 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:26.662906 0.142877 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 205 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:26.806136 0.156609 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:26.963178 0.075709 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:27.039344 0.111300 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:27.151019 0.157778 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:27.309186 0.131055 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:27.440751 0.164594 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:27.605738 0.344991 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:07:27.951062 0.178062 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:08:32.723080 3.000865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 06:08:39.730252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:08:47.732075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:09:03.734719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:09:35.740707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:15:39.747321 3.001555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 06:15:46.754331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:15:56.186597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:16:11.994040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:16:43.634996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:22:46.781812 3.002422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 06:22:53.788515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:23:01.789737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:23:17.792675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:23:49.977181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:29:18.677939 0.181034 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 06:29:18.859146 0.642847 tcp 10.0.2.109 63012 -> 5.178.194.36 4983 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/02/18 06:29:53.815756 3.000597 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 06:30:00.823695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:30:08.823199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:30:24.826892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:30:56.832931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:37:00.838323 3.129508 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 06:37:07.938463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:37:15.882361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:37:31.295745 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 06:37:31.295847 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 06:37:31.940074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:37:47.701187 0.062269 tcp 10.0.2.109 63013 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 06:37:47.763736 0.064580 tcp 10.0.2.109 63014 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 06:37:47.828599 0.160129 tcp 10.0.2.109 63015 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/18 06:37:47.988871 0.141158 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:48.130512 0.149734 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 583 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:48.280629 0.079874 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:48.360882 0.113876 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:48.475230 0.052999 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 437 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:48.528594 0.153806 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:48.682793 0.049690 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:48.732844 0.430452 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:49.163675 0.166475 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:49.330637 0.151105 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:49.482251 0.072162 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:49.554816 0.074083 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:49.629306 0.353298 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:49.983060 0.163333 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:50.146798 0.126083 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:50.273330 0.510024 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:50.783735 0.024912 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:50.809027 0.145958 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:50.955408 0.158834 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:51.114622 0.073048 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:51.188039 0.263014 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:51.451431 0.159335 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:51.611225 0.131959 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:51.743575 0.164524 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:51.908529 0.353813 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:37:52.262682 0.187437 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/18 06:38:03.878779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:44:07.883360 3.000723 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 06:44:14.889582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:44:22.891580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:44:38.894140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:45:12.718727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:53:35.919554 3.039825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 06:53:42.938287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:53:50.940494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:54:06.941487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:54:39.719809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 06:59:19.337091 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 06:59:19.337190 0.402926 tcp 10.0.2.109 63016 -> 5.178.194.36 4983 FSPA* 0 0 14 1530 flow=From-Botnet-V1-TCP-Established 1970/02/18 07:00:42.965084 2.999765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 07:00:49.983458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:00:57.972632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:01:17.018697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:02:07.300098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:08:06.612434 2.955802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 07:08:13.518523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:08:21.414969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:08:32.223594 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 07:08:32.223691 0.076257 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:32.300348 0.085034 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:32.385774 0.114061 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 520 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:32.500211 0.055119 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:32.555743 0.158595 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:32.714821 0.049872 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:32.765081 0.144753 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:32.910366 0.181561 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:33.092321 0.439278 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:33.532016 0.166615 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:33.699060 0.150551 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:33.850021 0.061135 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:33.911554 0.072314 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:33.984242 0.353813 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:34.338633 0.485227 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:34.824271 0.025167 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:34.849813 0.146143 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:34.996358 0.156024 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:35.152939 0.128109 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:35.281495 0.156233 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:35.438122 0.073329 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:35.511898 0.117073 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:35.629366 0.158635 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:35.788381 0.132241 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:35.921020 0.164056 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 243 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:36.085457 0.385824 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:36.471663 0.179783 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:08:37.220621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:09:08.829286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:15:09.990654 2.955365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 07:15:16.898718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:15:25.344546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:15:41.121997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:16:12.694226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:22:11.838752 2.963474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 07:22:18.850689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:22:26.742641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:22:42.544841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:23:17.363937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:29:17.183480 2.959504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 07:29:23.707459 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 07:29:23.707598 0.541895 tcp 10.0.2.109 63017 -> 5.178.194.36 4983 FSPA* 0 0 14 1720 flow=From-Botnet-V1-TCP-Established 1970/02/18 07:29:24.093606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:29:31.991251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:29:47.781977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:30:19.986400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:36:20.160164 2.997377 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 07:36:27.163733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:36:35.171613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:36:51.167661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:37:23.173899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:38:47.207140 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 07:38:47.207236 0.079578 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:47.287297 0.079135 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:47.366902 0.114043 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:47.481363 0.049967 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:47.531765 0.144699 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 214 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:47.676843 0.050373 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:47.727658 0.145094 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:47.873129 0.167896 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:48.041450 0.148884 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:48.190714 0.054519 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:48.245641 0.073441 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:48.319528 0.146756 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:48.466675 0.441773 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:48.908848 0.352655 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:49.261874 0.477549 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:49.739807 0.025075 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:49.765257 0.144676 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:49.910341 0.161647 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:50.072361 0.128938 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:50.201676 0.160787 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:50.362883 0.075203 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:50.438533 0.108111 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:50.547035 0.157205 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 229 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:50.704706 0.131667 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:50.836825 0.163408 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:51.000663 0.351388 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:38:51.352428 0.180803 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/18 07:43:27.180039 3.001565 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 07:43:34.187723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:43:42.188938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:43:58.192140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:44:30.198416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:50:34.210023 2.995759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 07:50:41.212631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:50:49.213234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:51:05.215969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:51:37.222975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:57:41.228067 3.001483 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 07:57:48.235532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:57:56.236860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:58:12.239927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:58:44.246369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 07:59:20.288414 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 07:59:20.288520 0.453524 tcp 10.0.2.109 63018 -> 5.178.194.36 4983 FSPA* 0 0 14 1581 flow=From-Botnet-V1-TCP-Established 1970/02/18 08:05:04.265585 3.195264 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 08:05:11.434284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:05:19.360802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:05:35.287427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:06:07.296001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:08:59.832896 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 08:08:59.832995 0.073400 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:08:59.906768 0.081505 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:08:59.988716 0.126365 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:00.115448 0.048847 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:00.164670 0.156757 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:00.321915 0.049844 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:00.372238 0.146435 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:00.519098 0.187218 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:00.706681 0.075228 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:00.782256 0.182271 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:00.964947 0.445901 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:01.411180 0.149566 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:01.561126 0.059392 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:01.620908 0.314746 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:01.936087 0.462454 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:02.398916 0.025060 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:02.424365 0.145159 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:02.569920 0.162704 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:02.732999 0.126732 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:02.860080 0.152467 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:03.012990 0.074441 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:03.087779 0.100802 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:03.188965 0.158375 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:03.347684 0.132061 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:03.480158 0.164912 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:03.645464 0.344531 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:09:03.990552 0.186721 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:12:20.302498 3.001432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 08:12:27.309428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:12:35.310973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:12:51.313711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:13:23.320728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:19:27.325788 3.001798 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 08:19:34.333398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:19:43.523596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:19:59.329215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:20:30.944189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:26:34.360450 3.001351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 08:26:41.367312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:26:49.368648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:27:05.375095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:27:37.378240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:29:20.746514 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 08:29:20.746708 0.560373 tcp 10.0.2.109 63019 -> 5.178.194.36 4983 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/02/18 08:33:41.385085 3.000349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 08:33:48.391498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:33:56.392887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:34:12.395822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:34:44.401999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:39:33.017279 0.033191 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 08:39:33.050623 0.129467 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:33.180636 0.052837 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:33.233869 0.079077 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:33.313306 0.076329 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:33.390005 0.158156 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:33.548528 0.053682 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:33.602586 0.145109 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:33.748062 0.177076 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:33.925500 0.084849 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:34.070436 0.137203 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:34.208112 0.057201 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:34.265742 0.435010 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:34.701150 0.148051 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:34.849641 0.315211 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:35.165278 0.443892 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:35.609563 0.025221 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:35.635187 0.128429 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:35.763983 0.203742 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:35.968110 0.080302 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:36.048828 0.150015 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:36.199222 0.159560 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:36.359165 0.103386 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:36.462910 0.158746 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:36.622052 0.132056 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:36.754519 0.164376 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 306 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:36.919393 0.344066 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:39:37.263872 0.187758 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/18 08:40:48.407904 3.002661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 08:40:55.415418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:41:03.420480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:41:19.419929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:41:51.426504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:47:55.431682 3.003364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 08:48:02.550661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:48:10.485858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:48:26.457018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:48:58.608404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:55:40.481164 3.001333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 08:55:47.487731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:55:55.489904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:56:11.492566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:56:43.497959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 08:59:21.315833 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 08:59:21.315915 0.573188 tcp 10.0.2.109 63020 -> 5.178.194.36 4983 FSPA* 0 0 15 1756 flow=From-Botnet-V1-TCP-Established 1970/02/18 09:02:55.505827 3.627299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 09:03:03.118399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:03:11.038905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:03:26.854445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:03:58.533941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:09:38.026905 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 09:09:38.027008 0.131213 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:38.158593 0.053335 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:38.212377 0.071784 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:38.284588 0.080841 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:38.365827 0.154503 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:38.520756 0.048525 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:38.569661 0.145144 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:38.715172 0.355450 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:39.071008 0.073795 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:39.145289 0.426554 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:39.572299 0.352977 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:39.925646 0.178631 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:40.104739 0.057525 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:40.162651 0.315687 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:40.478779 0.423576 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 228 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:40.902795 0.024968 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:40.928159 0.131954 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:41.060440 0.156267 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:41.217112 0.079322 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:41.296793 0.112900 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 557 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:41.410154 0.159569 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:41.570066 0.132051 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:41.702496 0.163959 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:41.866870 0.146893 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:42.014193 0.158392 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:42.439494 0.350002 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:09:42.789892 0.369627 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:10:02.540353 3.007776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 09:10:09.547418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:10:17.548492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:10:33.555119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:11:05.559767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:17:09.564508 3.000924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 09:17:16.572075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:17:24.572528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:17:40.575443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:18:12.581952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:24:16.588260 3.038429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 09:24:23.607057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:24:31.606763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:24:47.609918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:25:21.408680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:29:23.024199 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 09:29:23.024394 0.683863 tcp 10.0.2.109 63021 -> 5.178.194.36 4983 FSPA* 0 0 14 1572 flow=From-Botnet-V1-TCP-Established 1970/02/18 09:31:23.642016 3.118365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 09:31:30.733342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:31:38.684438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:31:54.663715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:32:26.669784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:38:30.675942 3.277870 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 09:38:37.927096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:38:45.860573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:39:01.727033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:39:33.703943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:39:44.830202 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 09:39:44.830304 0.126280 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:44.956995 0.054395 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:45.011792 0.072884 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:45.220986 0.085762 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:45.307127 0.156632 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:45.464200 0.049174 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:45.513763 0.145599 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:45.659781 0.272072 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:45.932208 0.076870 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:46.009488 0.139261 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:46.149113 0.057858 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:46.207389 0.423010 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:46.630766 0.148841 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:46.779966 0.316315 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:47.096659 0.438149 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:47.535170 0.024954 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:47.560554 0.124077 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:47.685009 0.171719 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 590 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:47.857086 0.074052 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:47.931557 0.109987 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:48.041985 0.165127 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:48.207521 0.144731 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:48.352700 0.266078 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:48.619131 0.158060 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:48.777657 0.131224 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:48.909309 0.347600 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:39:49.257311 0.178178 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/18 09:45:37.710016 3.001475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 09:45:44.717109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:45:52.720402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:46:08.721617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:46:40.727896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:54:27.742833 4.608460 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 09:54:36.310087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:54:44.321453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:55:00.142907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:55:31.769283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 09:59:22.414411 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 09:59:22.414523 0.437205 tcp 10.0.2.109 63022 -> 5.178.194.36 4983 FSPA* 0 0 14 1514 flow=From-Botnet-V1-TCP-Established 1970/02/18 10:01:57.798594 3.006160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 10:02:04.806394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:02:12.814440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:02:28.815955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:03:00.816721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:09:07.827451 3.001474 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 10:09:14.834904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:09:22.946307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:09:38.849213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:09:50.215711 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 10:09:50.215800 0.126914 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:09:50.343109 0.055619 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:09:50.399092 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 10:10:05.439676 0.064599 tcp 10.0.2.109 63023 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 10:10:05.504586 0.071892 tcp 10.0.2.109 63024 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 10:10:05.576714 0.138833 tcp 10.0.2.109 63025 -> 195.113.214.249 443 SRPA* 0 0 49 28521 flow=From-Botnet-V1-TCP-Established 1970/02/18 10:10:05.715827 0.083831 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:05.800101 0.153730 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:05.954217 0.049137 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:06.003741 0.140226 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:06.144321 0.166035 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:06.310715 0.075250 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:06.386350 0.381026 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:06.767806 0.150965 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:06.919211 0.185009 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:07.104566 0.084018 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:07.188989 0.316399 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:07.505894 0.438437 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:07.944775 0.024891 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:07.970120 0.126901 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:08.097392 0.155668 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:08.253472 0.073668 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:08.327598 0.111001 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:08.438986 0.158909 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:08.598488 0.156160 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:08.755043 0.131836 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:08.887247 0.164854 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:09.052551 0.146472 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:09.199454 0.348975 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:09.548889 0.183587 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 565 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:10:10.855228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:16:18.867184 3.401923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 10:16:26.240172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:16:34.171872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:16:50.032596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:17:21.895169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:23:25.900679 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 10:23:32.908689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:23:40.910339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:23:56.913022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:24:28.918833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:29:22.852126 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 10:29:22.852205 0.572043 tcp 10.0.2.109 63026 -> 5.178.194.36 4983 FSPA* 0 0 14 1521 flow=From-Botnet-V1-TCP-Established 1970/02/18 10:30:32.924529 3.002429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 10:30:39.938525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:30:47.934322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:31:03.936841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:31:35.942781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:37:39.949754 3.001228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 10:37:46.956773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:37:54.958119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:38:10.961331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:38:42.967051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:40:22.630368 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 10:40:22.630529 0.253691 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:22.884574 0.126522 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 574 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:23.011514 0.053390 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 208 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:23.065262 0.441702 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:23.507364 0.153831 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:23.661568 0.049869 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:23.711846 0.141611 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:23.853899 0.168287 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:24.275943 0.078070 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:24.354647 0.337892 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:24.692918 0.148350 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:24.841670 0.207931 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 551 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:25.049992 0.059202 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:25.109653 0.316700 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:25.426831 0.422724 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:25.850024 0.025321 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:25.875744 0.129170 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:26.005318 0.158971 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 543 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:26.164717 0.078300 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:26.243498 0.109941 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:26.353893 0.164491 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:26.518849 0.157791 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:26.677017 0.132186 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:26.809653 0.163915 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:26.974028 0.145615 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:27.120059 0.344760 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:40:27.465270 0.182658 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/18 10:44:46.972179 3.002636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 10:44:53.979991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:45:01.981277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:45:17.985934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:45:49.990339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:54:03.001722 3.193341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 10:54:10.167155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:54:18.098505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:54:34.024430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:55:06.045477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 10:59:23.421304 0.418714 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 10:59:23.840085 1.094131 tcp 10.0.2.109 63027 -> 5.178.194.36 4983 FSPA* 0 0 14 1685 flow=From-Botnet-V1-TCP-Established 1970/02/18 11:01:14.052010 3.017259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 11:01:21.070706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:01:29.071266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:01:45.078462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:02:18.269164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:08:38.100819 3.323967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 11:08:45.391346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:08:53.326953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:09:09.200742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:09:41.149455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:10:49.587359 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 11:10:49.587522 0.054918 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:49.642970 0.073636 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:49.717114 0.131660 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:49.849188 0.151548 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:50.001145 0.155280 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:50.156902 0.049777 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:50.207099 0.141158 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:50.348627 0.167191 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:50.516141 0.075447 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:50.592054 0.137766 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:50.730491 0.061755 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:50.792619 0.359932 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:51.152934 0.148322 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:51.301641 0.314902 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:51.616984 0.423763 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:52.041853 0.025318 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:52.067548 0.122588 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 314 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:52.190598 0.181726 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 567 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:52.372774 0.074968 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:52.448131 0.099124 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:52.547597 0.130858 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:52.678883 0.167472 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:52.846690 0.152605 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:53.116150 0.171321 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:53.287916 0.157967 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:53.446361 0.344792 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:10:53.791497 0.182034 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:15:45.154240 3.001378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 11:15:52.162000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:16:00.163371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:16:16.166133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:16:48.172695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:22:52.179662 3.007025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 11:22:59.185831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:23:07.187236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:23:23.190633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:23:55.196331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:29:24.540481 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 11:29:24.540583 1.630505 tcp 10.0.2.109 63028 -> 5.178.194.36 4983 FSPA* 0 0 14 1577 flow=From-Botnet-V1-TCP-Established 1970/02/18 11:29:59.207150 2.996740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 11:30:06.216638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:30:14.211349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:30:30.214089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:31:02.222715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:37:06.227555 3.000501 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 11:37:13.233696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:37:21.235511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:37:37.237792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:38:09.244141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:41:10.184926 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 11:41:10.185081 0.126425 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 555 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:10.311902 0.084173 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 589 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:10.396519 0.156449 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:10.553363 0.050342 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:10.604051 0.207119 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:10.811532 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 11:41:28.182654 0.063382 tcp 10.0.2.109 63029 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 11:41:28.246366 0.074565 tcp 10.0.2.109 63030 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 11:41:28.321233 0.139467 tcp 10.0.2.109 63031 -> 195.113.214.249 443 SRPA* 0 0 38 27927 flow=From-Botnet-V1-TCP-Established 1970/02/18 11:41:28.461331 0.141620 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:28.603360 0.250437 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:28.854365 0.073272 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:28.928054 0.197513 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:29.125956 0.055834 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:29.182265 0.340565 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 526 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:29.523312 0.148767 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:29.672492 0.314210 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:30.030663 0.440163 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:30.471233 0.024933 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:30.496521 0.132967 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:30.629841 0.154785 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:30.785063 0.077960 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:30.863438 0.101048 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:30.964877 0.132465 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:31.097712 0.157918 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:31.256001 0.159795 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:31.416145 0.164739 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:31.581303 0.144209 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:31.725864 0.348055 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:41:32.074346 0.181202 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/18 11:44:13.250254 3.003288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 11:44:20.257935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:44:28.259340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:44:44.262347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:45:16.268422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:53:41.277023 3.001575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 11:53:48.284224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:53:56.285750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:54:12.288934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:54:44.294994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 11:59:25.880521 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 11:59:25.880685 0.485042 tcp 10.0.2.109 63032 -> 5.178.194.36 4983 FSPA* 0 0 12 1631 flow=From-Botnet-V1-TCP-Established 1970/02/18 12:00:48.304749 3.001168 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 12:00:55.308642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:01:03.309685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:01:19.313146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:01:51.319063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:08:00.332775 3.163904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 12:08:07.466737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:08:15.401331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:08:31.357628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:09:03.370710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:11:45.954685 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 12:11:45.954772 0.075571 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:46.030764 0.153541 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:46.184802 0.051753 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:46.236920 0.126791 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:46.364102 0.084191 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:46.448681 0.114276 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:46.563358 0.073377 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:46.637144 0.143571 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:46.781154 0.164591 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:46.946175 0.139873 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:47.086412 0.057379 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:47.144216 0.347985 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:47.492616 0.147609 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:47.640678 0.324580 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:47.965760 0.123471 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:48.089604 0.155398 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:48.245434 0.074773 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:48.320606 0.106723 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:48.427720 0.429071 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:48.857208 0.025181 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:48.882881 0.138730 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:49.021996 0.164169 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:49.186582 0.159419 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:49.346483 0.163982 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:49.510884 0.144727 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:49.656075 0.347554 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:11:50.004048 0.177687 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:15:07.386608 3.001239 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 12:15:14.422788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:15:22.405324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:15:38.408389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:16:10.414698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:22:14.420914 3.001163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 12:22:21.427492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:22:29.429091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:22:45.438462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:23:17.438557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:29:21.445121 3.000711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 12:29:26.370050 0.000184 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 12:29:26.370293 0.746398 tcp 10.0.2.109 63033 -> 5.178.194.36 4983 FSPA* 0 0 14 1672 flow=From-Botnet-V1-TCP-Established 1970/02/18 12:29:28.462611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:29:36.453161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:29:52.455984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:30:24.462567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:36:28.468135 3.198351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 12:36:35.637751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:36:43.565446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:36:59.490558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:37:31.704895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:41:50.869340 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 12:41:50.869534 0.050874 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:50.920849 0.079183 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:51.000414 0.075742 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:51.076631 0.126231 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:51.203295 0.075389 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:51.279092 0.075639 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:51.355163 0.168103 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:51.523600 0.142868 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:51.666840 0.184829 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:51.852134 0.145254 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 2 586 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:51.997788 0.053639 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:52.051807 0.355797 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:52.408077 0.145931 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:52.554498 0.324579 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:52.879477 0.130248 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:53.010280 0.161690 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:53.172425 0.075641 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:53.248411 0.101827 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:53.350616 0.425067 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:53.776084 0.024947 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:53.801436 0.132091 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:53.933911 0.158776 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:54.093090 0.144518 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:54.237924 0.348927 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:54.587300 0.178005 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:54.765695 0.157256 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:41:54.923413 0.164934 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/18 12:43:35.512077 3.001738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 12:43:42.519391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:43:51.379933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:44:07.191231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:44:38.839928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:50:42.548003 3.325652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 12:50:49.844837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:50:57.772696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:51:13.625552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:51:45.573631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:57:49.580440 3.004215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 12:57:56.587679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:58:04.589067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:58:20.591963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:58:52.598002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 12:59:27.109839 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 12:59:27.109933 1.462532 tcp 10.0.2.109 63034 -> 5.178.194.36 4983 FSPA* 0 0 14 1633 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:05:18.636033 3.001288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 13:05:25.642957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:05:33.644955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:05:49.647912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:06:21.653636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:12:07.832164 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 13:12:07.832279 0.087297 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:07.919963 0.050218 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:07.970557 0.055242 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:08.026174 0.138829 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:08.165387 0.076156 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:08.241900 0.073297 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:08.315612 0.149600 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:08.465645 0.142024 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:08.608050 0.232312 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:08.840829 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 13:12:26.129771 0.064069 tcp 10.0.2.109 63035 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:12:26.194130 0.066270 tcp 10.0.2.109 63036 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:12:26.260656 0.145904 tcp 10.0.2.109 63037 -> 195.113.214.249 443 SRPA* 0 0 37 27873 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:12:26.407060 0.058250 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:26.465743 0.340672 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:26.806778 0.146890 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 496 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:26.954101 0.314777 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:27.269227 0.124888 rtcp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:27.394539 0.111928 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:27.506888 0.424431 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:27.931712 0.030825 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:27.962985 0.131540 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:28.094987 0.158379 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:28.253759 0.078000 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:28.332249 0.159613 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:28.492316 0.145549 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:28.638430 0.343032 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:28.982088 0.186702 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:29.169253 0.157680 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:29.327324 0.164765 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:12:33.661590 3.163634 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 13:12:40.789882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:12:48.721705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:13:04.683180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:13:36.689318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:19:40.695862 3.000967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 13:19:47.702690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:19:55.709294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:20:11.708470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:20:43.713134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:26:47.720202 3.094329 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 13:26:54.787485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:27:02.747783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:27:18.740615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:27:50.747222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:29:28.578481 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 13:29:28.578578 0.992475 tcp 10.0.2.109 63038 -> 5.178.194.36 4983 FSPA* 0 0 14 1714 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:33:54.753125 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 13:34:01.760797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:34:09.762938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:34:25.765101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:34:57.771125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:41:01.776248 3.002576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 13:41:08.784708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:41:16.786037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:41:32.789259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:42:04.983972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:42:58.553007 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 13:42:58.553157 0.000000 udp 10.0.2.109 3683 -> 68.195.125.143 4222 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 13:43:15.729575 0.067795 tcp 10.0.2.109 63039 -> 195.113.214.234 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:43:15.797638 0.068297 tcp 10.0.2.109 63040 -> 195.113.214.249 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:43:15.866283 0.167633 tcp 10.0.2.109 63041 -> 195.113.214.249 443 SRPA* 0 0 24 13856 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:43:16.034491 0.050062 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:16.084957 0.056734 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:16.142202 0.139002 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:16.281657 0.072997 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:16.355087 0.073464 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:16.428946 0.148077 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:16.577456 0.142187 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:16.720002 0.321788 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 375 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:17.042196 0.076735 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:17.119415 0.061187 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:17.181034 0.341683 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:17.523106 0.146166 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:17.669751 0.323890 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:17.994003 0.124899 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:18.119262 0.101501 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:18.221150 0.441861 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:18.663495 0.031438 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:18.695324 0.131557 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:18.827257 0.155381 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:18.983035 0.075482 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:19.058911 0.158008 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 280 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:19.217290 0.186227 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:19.403980 0.163318 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:19.567740 0.147328 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:19.715472 0.342728 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 235 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:43:20.058560 0.165681 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/18 13:48:08.811244 3.175199 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 13:48:15.954386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:48:23.881333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:48:39.833069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:49:11.839306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:55:45.848405 3.006177 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 13:55:52.856508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:56:00.857243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:56:16.860048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:56:48.866486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 13:59:29.297676 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 13:59:29.297782 0.823082 tcp 10.0.2.109 63042 -> 5.178.194.36 4983 FSPA* 0 0 13 1441 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:59:29.410100 0.066895 tcp 10.0.2.109 63043 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:59:29.477385 0.060665 tcp 10.0.2.109 63044 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:59:29.538478 0.377683 tcp 10.0.2.109 63045 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/18 13:59:30.121090 0.997824 tcp 10.0.2.109 63046 -> 165.124.44.208 3747 FSPA* 0 0 15 1786 flow=From-Botnet-V1-TCP-Established 1970/02/18 14:02:54.875427 3.001314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 14:03:01.882523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:03:09.884046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:03:27.422214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:03:59.722375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:10:01.918291 3.006936 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 14:10:08.926105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:10:16.927954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:10:32.930751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:11:04.936897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:13:43.505268 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 14:13:43.505372 0.049121 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:43.554917 0.071613 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:43.626957 0.113964 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:43.741302 0.389513 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:44.131285 0.073784 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:44.205490 0.146654 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:44.352590 0.144361 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:44.497341 0.287599 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:44.821225 0.336544 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:45.158212 0.145937 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:45.304586 0.312975 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:45.617972 0.082406 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:45.700773 0.059459 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:45.760616 0.130040 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:45.891087 0.108155 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:45.999606 0.443855 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:46.443832 0.031048 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:46.475328 0.133066 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:46.608814 0.158808 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:46.767990 0.079636 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:46.848018 0.155753 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:47.004148 0.143925 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:47.148507 0.348817 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:47.498037 0.156574 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:47.655003 0.179819 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:13:47.835279 0.166242 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:17:08.943161 3.001430 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 14:17:15.951770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:17:23.952492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:17:39.955624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:18:11.961029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:24:15.967296 3.001286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 14:24:22.973806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:24:30.975411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:24:46.978859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:25:18.984834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:29:31.117726 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 14:29:31.117808 1.255778 tcp 10.0.2.109 63047 -> 165.124.44.208 3747 FSPA* 0 0 15 1688 flow=From-Botnet-V1-TCP-Established 1970/02/18 14:31:22.991356 3.001444 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 14:31:29.998422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:31:37.999704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:31:54.002745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:32:26.008932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:38:30.015085 3.188119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 14:38:37.178489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:38:45.108490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:39:01.036522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:39:33.043269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:43:56.855699 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 14:43:56.855794 0.049805 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:56.927147 0.055956 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:56.983523 0.126315 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:57.110238 0.072607 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:57.183263 0.075697 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:57.259399 0.142868 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:57.402645 0.342056 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:57.745065 0.147076 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:57.892578 0.140743 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 269 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:58.033753 0.247897 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:58.282066 0.313640 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:58.596074 0.083087 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:58.679561 0.055141 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:58.735052 0.129613 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 224 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:58.865024 0.112475 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 266 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:58.977950 0.431451 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:59.409881 0.030858 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:59.441094 0.130206 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:59.571657 0.157283 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:59.729298 0.071859 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:59.801601 0.155960 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:43:59.958020 0.143822 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:44:00.221371 0.185119 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:44:00.406948 0.165122 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:44:00.572444 0.346557 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:44:00.919488 0.158972 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/18 14:45:37.049751 3.001009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 14:45:44.062607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:45:52.058036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:46:08.061182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:46:40.066305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:54:31.086521 3.001458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 14:54:38.093963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:54:46.095485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:55:02.098539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:55:34.104534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 14:59:32.377713 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 14:59:32.377866 0.991288 tcp 10.0.2.109 63048 -> 165.124.44.208 3747 FSPA* 0 0 15 1617 flow=From-Botnet-V1-TCP-Established 1970/02/18 15:02:00.122946 3.001114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 15:02:07.129733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:02:15.132509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:02:31.134547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:03:03.140470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:09:12.153052 3.002197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 15:09:19.161098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:09:27.162545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:09:43.165601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:10:15.171506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:14:12.643198 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 15:14:12.643291 0.049883 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:12.693536 0.048590 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:12.742505 0.139211 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:12.882285 0.072226 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:12.954826 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 15:14:28.767420 0.064504 tcp 10.0.2.109 63049 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 15:14:28.832220 0.064263 tcp 10.0.2.109 63050 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 15:14:28.896748 0.131613 tcp 10.0.2.109 63051 -> 195.113.214.249 443 SRPA* 0 0 40 27185 flow=From-Botnet-V1-TCP-Established 1970/02/18 15:14:29.028839 0.149423 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:29.178660 0.328630 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:29.507670 0.145730 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:29.653855 0.141636 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:29.795878 0.252100 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:30.048328 0.312654 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:30.361348 0.078852 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:30.440717 0.063298 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:30.504386 0.128574 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:30.633414 0.102053 udp 10.0.2.109 3683 <-> 95.250.49.125 5104 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:30.735856 0.430235 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:31.166527 0.031099 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:31.198040 0.131619 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:31.330108 0.157425 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:31.487910 0.079187 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:31.732480 0.157377 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 573 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:31.890424 0.164985 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:32.055759 0.344449 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:32.400646 0.163608 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:32.564646 0.146534 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:14:32.711606 0.182549 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:16:22.181763 3.001761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 15:16:29.189032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:16:37.190614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:16:53.193840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:17:25.199831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:23:29.206222 3.002932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 15:23:36.213071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:23:44.216537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:24:00.217706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:24:32.223839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:29:33.376927 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 15:29:33.377108 0.821326 tcp 10.0.2.109 63052 -> 165.124.44.208 3747 FSPA* 0 0 15 1793 flow=From-Botnet-V1-TCP-Established 1970/02/18 15:30:36.230033 3.001098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 15:30:43.236935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:30:51.238728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:31:07.241732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:31:39.247759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:37:43.263984 3.126249 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 15:37:50.364764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:37:58.302560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:38:14.295511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:38:46.301751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:44:50.307809 3.001571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 15:44:50.956379 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 15:44:50.956484 0.073205 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:51.030222 0.072173 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:51.102807 0.050120 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:51.153355 0.050157 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:51.203919 0.126719 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:51.331087 0.152980 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:51.484517 0.351415 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:51.836382 0.147502 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:51.984274 0.141091 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:52.125752 0.193049 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:52.319174 0.313688 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:52.633304 0.087228 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:52.720902 0.060097 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:52.781377 0.127199 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:44:52.908980 0.000000 udp 10.0.2.109 3683 -> 95.250.49.125 5104 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 15:44:57.315230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:45:05.316684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:45:10.579091 0.060703 tcp 10.0.2.109 63053 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 15:45:10.640067 0.153498 tcp 10.0.2.109 63054 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 15:45:10.793433 0.153120 tcp 10.0.2.109 63055 -> 195.113.214.249 443 SRPA* 0 0 26 14270 flow=From-Botnet-V1-TCP-Established 1970/02/18 15:45:10.947175 0.441956 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:11.389557 0.031058 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:11.421087 0.131463 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:11.552980 0.156711 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:11.710078 0.077491 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:11.787941 0.156884 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:11.945214 0.164910 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:12.110622 0.145511 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:12.256511 0.179060 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:12.435969 0.348247 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:12.784628 0.165800 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/18 15:45:21.561281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:45:53.335783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:54:03.343151 3.003327 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 15:54:10.350381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:54:18.351627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:54:34.354704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:55:06.360770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 15:59:34.206384 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 15:59:34.206580 1.568400 tcp 10.0.2.109 63056 -> 165.124.44.208 3747 FSPA* 0 0 15 1607 flow=From-Botnet-V1-TCP-Established 1970/02/18 16:01:16.375471 3.001649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 16:01:23.382836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:01:33.244373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:01:49.054046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:02:20.689779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:08:39.412009 3.002017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 16:08:46.419970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:08:54.421467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:09:10.424520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:09:42.430558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:15:26.415468 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 16:15:26.415592 0.000000 udp 10.0.2.109 3683 -> 95.250.49.125 5104 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 16:15:43.150836 0.060327 tcp 10.0.2.109 63057 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 16:15:43.211434 0.063162 tcp 10.0.2.109 63058 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 16:15:43.274853 0.151104 tcp 10.0.2.109 63059 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/18 16:15:43.426682 0.073821 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:43.500861 0.052169 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:43.553473 0.049924 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:43.603759 0.113991 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:43.718267 0.145994 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:43.864660 0.359068 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:44.224137 0.073718 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:44.298395 0.145830 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:44.444704 0.315656 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:44.760838 0.083765 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:44.844980 0.321098 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:45.166503 0.137238 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:45.304201 0.140430 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:45.445008 0.174771 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:45.620188 0.433057 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:46.053624 0.031286 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:46.085275 0.132052 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:46.217789 0.157379 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:46.375613 0.076307 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:46.437496 3.000332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 16:15:46.452317 0.159701 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:46.612421 0.163470 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:46.776800 0.145621 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:46.922899 0.181680 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:47.104970 0.184901 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:47.290287 0.348850 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:15:53.445890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:16:01.445227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:16:17.448087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:16:49.454760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:22:53.471279 3.000681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 16:23:00.477734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:23:08.479366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:23:24.482508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:23:56.488401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:29:35.776384 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 16:29:35.776478 1.230773 tcp 10.0.2.109 63060 -> 165.124.44.208 3747 FSPA* 0 0 15 1631 flow=From-Botnet-V1-TCP-Established 1970/02/18 16:30:00.536845 2.970611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 16:30:07.501782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:30:15.748449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:30:31.610565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:31:03.522406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:37:07.527960 3.001998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 16:37:14.535572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:37:22.537110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:37:38.539954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:38:10.748564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:44:14.562580 3.001068 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 16:44:21.569795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:44:29.571180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:44:45.574126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:45:17.580471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:45:53.021877 0.000161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 16:45:53.022345 0.050062 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:53.072804 0.113941 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:53.187122 0.142173 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:53.329745 0.073483 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:53.403639 0.052421 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:53.456415 0.348385 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:53.805196 0.072060 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:53.877637 0.146122 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:54.024235 0.312002 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:54.336694 0.091481 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:54.428555 0.060450 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 461 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:54.490022 0.126341 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:54.616752 0.142645 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:54.759848 0.283306 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:55.043540 0.419359 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:55.463277 0.030782 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:55.494664 0.131548 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:55.626570 0.154966 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:56.035474 0.081206 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:56.117074 0.158132 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:56.275652 0.166843 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:56.442865 0.184202 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:56.627492 0.344414 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 568 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:56.972267 0.147130 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:45:57.119741 0.201311 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/18 16:53:41.587475 3.002878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 16:53:48.594773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:53:56.596163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:54:15.293474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:54:46.923902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 16:59:36.766041 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 16:59:36.766131 1.339047 tcp 10.0.2.109 63061 -> 165.124.44.208 3747 FSPA* 0 0 15 1716 flow=From-Botnet-V1-TCP-Established 1970/02/18 17:00:48.631087 3.002025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 17:00:55.638957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:01:03.640675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:01:19.643389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:01:51.649320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:08:04.677220 2.957569 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 17:08:11.593616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:08:19.630574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:08:35.421996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:09:07.012501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:15:09.709735 3.001519 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 17:15:16.717240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:15:24.718363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:15:40.721413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:16:00.359190 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 17:16:00.359392 0.150488 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:00.510454 0.074508 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:00.585358 0.052743 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:00.638500 0.346897 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:00.985772 0.074236 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:01.060414 0.049911 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:01.110704 0.126164 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:01.237251 0.146647 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:01.386743 0.314384 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:01.701592 0.088668 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:01.790672 0.063014 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:01.854325 0.128434 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:01.983140 0.143290 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:02.126900 0.030816 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:02.158152 0.130791 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:02.289327 0.168950 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:02.458705 0.432831 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:02.891998 0.167526 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:03.059941 0.078844 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 575 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:03.139161 0.157859 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:03.297423 0.165176 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:03.463048 0.180237 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:03.643727 0.171971 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:03.816077 0.344722 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 292 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:04.161189 0.161820 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:16:13.614381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:22:18.746756 3.232322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 17:22:25.951366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:22:33.872874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:22:49.768752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:23:21.774533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:29:25.781220 3.001787 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 17:29:32.787697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:29:38.106358 4.441371 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 17:29:42.547863 1.349398 tcp 10.0.2.109 63062 -> 165.124.44.208 3747 FSPA* 0 0 15 1749 flow=From-Botnet-V1-TCP-Established 1970/02/18 17:29:45.185841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:30:00.985422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:30:32.556315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:36:32.804119 3.001829 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 17:36:39.811969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:36:47.812880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:37:04.190671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:37:35.832141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:43:39.838024 3.002064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 17:43:46.845617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:43:54.846993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:44:10.850583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:44:42.861465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:46:32.433119 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 17:46:32.433269 0.171129 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:32.604874 0.339155 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:32.944429 0.070659 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:33.015484 0.050992 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:33.066862 0.113920 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:33.181189 0.147339 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:33.328946 0.074752 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:33.404092 0.167159 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:33.571644 0.312910 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:33.884952 0.084847 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:33.970193 0.058943 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:34.029542 0.126634 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:34.156605 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 17:46:49.968750 0.067407 tcp 10.0.2.109 63063 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 17:46:50.036452 0.065275 tcp 10.0.2.109 63064 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 17:46:50.101981 0.148290 tcp 10.0.2.109 63065 -> 195.113.214.249 443 SRPA* 0 0 36 18262 flow=From-Botnet-V1-TCP-Established 1970/02/18 17:46:50.250849 0.030652 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:50.281895 0.131232 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:50.413582 0.247096 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:50.661164 0.410842 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:51.072386 0.158352 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:51.231112 0.077768 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:51.309333 0.158945 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:51.468669 0.167628 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:51.636758 0.189182 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:51.826357 0.205784 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:52.032564 0.341827 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:46:52.374766 0.144302 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/18 17:50:46.876306 2.997495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 17:50:53.879782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:51:01.881364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:51:17.884397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:51:49.890539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:57:53.899470 3.001558 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 17:58:00.903721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:58:08.905328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:58:24.909258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:58:56.914261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 17:59:39.486045 0.000165 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 17:59:39.486260 2.372279 tcp 10.0.2.109 63066 -> 165.124.44.208 3747 FSPA* 0 0 15 1650 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:05:24.925039 3.003500 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 18:05:31.932128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:05:39.933722 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:05:55.938584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:06:27.942835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:12:35.955414 3.000592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 18:12:42.963753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:12:51.648094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:13:07.471530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:13:39.133784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:16:53.973095 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:16:53.973206 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:17:10.898953 0.385050 tcp 10.0.2.109 63067 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:17:11.284401 0.061491 tcp 10.0.2.109 63068 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:17:11.346398 0.153778 tcp 10.0.2.109 63069 -> 195.113.214.249 443 SRPA* 0 0 25 12168 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:17:11.500726 4.761032 udp 10.0.2.109 3683 <-> 86.182.100.134 9709 CON 0 0 4 1156 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:11.576334 4.506199 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 4 1106 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:11.626774 4.570848 udp 10.0.2.109 3683 <-> 165.124.44.208 6870 CON 0 0 4 1082 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:11.741005 4.674437 udp 10.0.2.109 3683 <-> 68.169.167.149 5081 CON 0 0 4 1318 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:11.894575 4.845036 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 4 1006 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:12.217596 4.561059 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 4 1044 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:12.270366 4.823613 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 4 1115 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:12.586819 4.596767 udp 10.0.2.109 3683 <-> 2.85.56.96 2179 CON 0 0 4 1179 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:12.677868 4.563584 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 4 934 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:12.736189 4.634959 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 4 1012 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:12.862853 4.656277 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 4 971 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:13.007971 4.611075 udp 10.0.2.109 3683 <-> 86.169.128.177 3620 CON 0 0 4 1273 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:13.082106 4.668481 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 4 1362 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:13.532005 4.387710 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 4 1198 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:13.774575 4.593289 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 4 1074 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:14.222528 4.179781 udp 10.0.2.109 3683 <-> 80.93.82.56 7748 CON 0 0 4 962 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:14.253777 4.222799 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 4 1227 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:14.330498 4.304982 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 4 1083 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:14.491627 4.309734 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 4 1135 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:14.659102 4.322532 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1174 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:14.844871 4.301718 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 4 1206 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:15.005929 4.793706 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 4 1009 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:15.163852 4.334125 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 4 1013 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:15.514003 4.128113 udp 10.0.2.109 3683 <-> 75.184.20.99 9924 CON 0 0 4 992 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:19.800178 0.397530 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:20.624943 0.227965 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 827 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:21.239772 0.136083 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 748 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:21.666540 0.042011 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 724 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:17:21.943979 0.000000 udp 10.0.2.109 3683 -> 202.47.76.51 6057 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:17:26.944780 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 REQ 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:17:33.916667 0.000000 udp 10.0.2.109 3683 -> 203.80.246.166 7383 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:17:41.532373 0.000000 udp 10.0.2.109 3683 -> 190.118.217.39 6328 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:17:50.374114 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:17:55.080716 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:17:58.505898 0.000000 udp 10.0.2.109 3683 -> 65.119.49.115 7983 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:18:05.536516 0.223053 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 795 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:18:06.156250 0.042340 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 680 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:18:06.393487 0.000000 udp 10.0.2.109 3683 -> 203.106.189.224 3973 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:18:12.477304 0.000000 udp 10.0.2.109 3683 -> 122.26.210.215 6672 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:18:17.896727 0.000000 udp 10.0.2.109 3683 -> 74.100.116.148 3202 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:18:24.056771 0.000000 udp 10.0.2.109 3683 -> 172.129.104.100 3573 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:18:29.866861 0.000000 udp 10.0.2.109 3683 <- 172.129.104.100 3573 RSP 0 0 1 539 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:18:30.676436 0.182965 udp 10.0.2.109 3683 <-> 108.214.152.10 9715 CON 0 0 2 755 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:18:31.153410 0.421755 udp 10.0.2.109 3683 <-> 190.118.136.50 5253 CON 0 0 2 684 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:18:31.880673 0.339482 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 780 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:18:32.956877 0.073822 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 771 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:18:33.238269 0.057308 udp 10.0.2.109 3683 <-> 109.153.85.178 6148 CON 0 0 2 708 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:18:33.654363 0.000000 udp 10.0.2.109 3683 -> 203.206.220.184 6369 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:18:41.708426 0.226979 udp 10.0.2.109 3683 -> 186.6.63.221 2209 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:18:41.935405 0.000000 icmp 186.6.63.221 0x0303 -> 10.0.2.109 0xa108 URP 192 1 256 flow=Background 1970/02/18 18:18:46.584087 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:18:47.476089 0.229777 udp 10.0.2.109 3683 <-> 99.184.168.69 8341 CON 0 0 2 780 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:18:48.052990 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:18:55.327557 0.000000 udp 10.0.2.109 3683 -> 119.206.147.229 6974 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:19:03.052522 0.188680 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 693 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:19:03.645515 0.057113 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 814 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:19:04.161947 0.064521 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 828 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:19:04.392295 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:19:11.925727 0.000000 udp 10.0.2.109 3683 -> 199.44.27.106 2552 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:19:17.700621 0.000000 udp 10.0.2.109 3683 -> 2.37.142.82 8104 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:19:26.176676 0.000000 udp 10.0.2.109 3683 -> 112.208.220.61 1289 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:19:31.131812 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:19:34.521629 0.000000 udp 10.0.2.109 3683 -> 203.59.48.34 2803 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:19:43.136232 0.000000 udp 10.0.2.109 3683 -> 125.99.118.110 9830 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:19:44.992580 3.234321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 2 292 flow=Background 1970/02/18 18:19:50.205423 3.958897 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/02/18 18:19:52.012493 0.000000 udp 10.0.2.109 3683 -> 61.244.50.194 7758 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:19:58.461377 0.000000 udp 10.0.2.109 3683 -> 81.106.53.241 5477 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:20:02.069469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:20:05.684680 0.000000 udp 10.0.2.109 3683 -> 173.200.76.210 1028 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:20:10.889558 0.081757 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 678 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:20:11.805469 0.000000 udp 10.0.2.109 3683 -> 2.224.94.162 3286 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:20:17.879636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:20:18.157553 0.214916 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 730 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:20:18.718084 0.000000 udp 10.0.2.109 3683 -> 81.247.42.176 7055 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:20:22.887798 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:20:24.986625 0.000000 udp 10.0.2.109 3683 -> 58.150.178.144 6732 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:20:31.763412 0.000000 udp 10.0.2.109 3683 -> 116.49.169.71 3597 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:20:38.605668 0.000000 udp 10.0.2.109 3683 -> 82.113.232.201 7692 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:20:45.378997 0.073749 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 826 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:20:45.691219 0.000000 udp 10.0.2.109 3683 -> 190.214.122.202 4378 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:20:49.519148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:20:52.849220 0.000000 udp 10.0.2.109 3683 -> 99.244.119.87 8806 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:21:00.538409 0.000000 udp 10.0.2.109 3683 -> 108.64.88.138 9207 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:21:07.039904 0.342245 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 717 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:21:07.417939 0.000000 udp 10.0.2.109 3683 -> 107.17.133.212 4770 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:21:11.829109 0.005898 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:21:13.572611 0.154221 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 707 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:21:14.539768 0.000000 udp 10.0.2.109 3683 -> 86.18.211.252 3305 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:21:23.122676 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:21:31.580372 0.000000 udp 10.0.2.109 3683 -> 85.97.150.83 2608 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:21:40.257212 0.000000 udp 10.0.2.109 3683 -> 87.101.230.38 4338 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:21:49.084930 0.000000 udp 10.0.2.109 3683 -> 59.148.170.246 1090 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:21:55.288192 0.000000 udp 10.0.2.109 3683 -> 72.20.189.122 9559 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:21:59.777603 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:22:02.761543 0.184034 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 706 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:22:03.097951 0.186639 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 2 756 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:22:03.375854 0.000000 udp 10.0.2.109 3683 -> 86.155.247.23 4379 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:22:10.136156 0.000000 udp 10.0.2.109 3683 -> 151.84.118.109 6422 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:22:18.453098 0.000000 udp 10.0.2.109 3683 -> 91.149.14.234 1402 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:22:26.538257 0.000000 udp 10.0.2.109 3683 -> 79.1.161.196 1676 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:22:34.836049 0.000000 udp 10.0.2.109 3683 -> 210.48.208.89 9729 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:22:40.869461 0.302811 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 794 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:22:41.678124 0.000000 udp 10.0.2.109 3683 -> 122.52.125.167 1711 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:22:45.673849 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:22:49.463088 0.000000 udp 10.0.2.109 3683 -> 79.15.123.162 8851 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:22:56.773363 0.000000 udp 10.0.2.109 3683 -> 84.55.183.226 9849 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:23:03.960401 0.000000 udp 10.0.2.109 3683 -> 220.189.251.66 2732 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:23:11.975573 0.384762 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 2 714 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:23:12.679073 0.000000 udp 10.0.2.109 3683 -> 121.15.135.121 7960 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:23:20.420458 0.000000 udp 10.0.2.109 3683 -> 92.40.127.37 9542 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:23:25.986037 0.167715 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 766 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:23:26.539891 0.242084 udp 10.0.2.109 3683 <-> 177.225.129.143 9092 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:23:26.798476 0.052547 udp 10.0.2.109 3683 -> 80.97.199.139 7239 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:23:26.851023 0.000000 icmp 80.97.199.139 0x0303 -> 10.0.2.109 0x471c URP 192 1 134 flow=Background 1970/02/18 18:23:30.490187 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:23:31.907833 0.000000 udp 10.0.2.109 3683 -> 113.163.32.3 2664 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:23:38.490503 0.000000 udp 10.0.2.109 3683 -> 60.51.148.197 3050 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:23:45.571263 0.911460 udp 10.0.2.109 3683 <-> 98.254.37.143 8749 CON 0 0 2 802 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:23:47.628351 0.410362 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 759 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:23:48.235289 0.041895 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 780 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:23:48.541229 0.272572 udp 10.0.2.109 3683 <-> 190.247.166.150 7084 CON 0 0 2 734 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:23:49.269398 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:23:54.527874 0.000000 udp 10.0.2.109 3683 -> 222.230.183.80 2708 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:23:59.856256 0.318116 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 692 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:24:00.576998 1.340281 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 731 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:24:01.953080 0.000000 udp 10.0.2.109 3683 -> 65.36.40.156 8459 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:24:08.545419 0.425814 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 682 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:24:09.177139 0.000000 udp 10.0.2.109 3683 -> 70.48.12.219 9615 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:24:15.112113 0.000000 udp 10.0.2.109 3683 -> 80.178.145.152 5927 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:24:19.663087 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:24:21.535047 0.000000 udp 10.0.2.109 3683 -> 42.3.12.153 2387 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:24:27.113183 0.000000 udp 10.0.2.109 3683 -> 175.198.128.37 8298 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:24:36.466497 0.000000 udp 10.0.2.109 3683 -> 85.73.193.71 4419 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:24:43.662592 0.472787 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 854 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:24:44.841760 0.042702 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 695 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:24:45.162961 0.000000 udp 10.0.2.109 3683 -> 88.226.99.100 9074 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:24:53.010042 0.000000 udp 10.0.2.109 3683 -> 203.67.241.14 7182 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:24:59.576912 0.000000 udp 10.0.2.109 3683 -> 123.243.244.215 3396 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:25:06.256215 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:25:10.119994 0.553607 udp 10.0.2.109 3683 <-> 190.74.202.81 8380 CON 0 0 2 844 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:25:10.730555 0.160535 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 763 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:25:11.042389 0.000000 udp 10.0.2.109 3683 -> 99.122.182.135 4759 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:25:18.106511 0.000000 udp 10.0.2.109 3683 -> 110.164.144.167 6940 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:26:54.063778 2.954654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 18:27:00.981217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:27:08.876931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:27:24.659533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:27:56.242000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:29:41.867212 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:29:41.867494 1.235706 tcp 10.0.2.109 63070 -> 165.124.44.208 3747 FSPA* 0 0 15 1726 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:33:59.050273 3.000676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 18:34:06.060066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:34:14.057770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:34:30.061243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:35:02.394062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:41:06.085170 2.999381 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 18:41:13.090669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:41:21.098293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:41:37.095116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:42:09.101380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:48:13.107940 3.188614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 18:48:20.264474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:48:28.348597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:48:44.199660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:49:16.145106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:55:43.673034 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:55:43.673146 0.126078 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:43.799672 0.313696 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 527 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:44.113743 0.051569 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:44.165731 0.186150 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:44.352274 0.146504 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:44.499161 0.075876 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:44.575397 0.158730 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:44.734541 0.155936 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:44.890848 0.165907 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:45.057136 0.348162 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:45.405699 0.187373 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:45.593430 0.386918 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:46.364097 0.158962 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:46.523408 0.210833 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:46.734522 0.135691 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:46.870575 0.040302 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:46.911268 0.065390 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:46.977040 0.221540 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:47.198957 2.473497 udp 10.0.2.109 3683 <-> 172.129.104.100 3573 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:48.151476 3.001721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 18:55:49.672875 0.180079 udp 10.0.2.109 3683 <-> 108.214.152.10 9715 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:49.853326 0.541057 udp 10.0.2.109 3683 <-> 190.118.136.50 5253 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:50.394755 0.329118 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:50.724301 0.074116 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:50.798772 0.050439 udp 10.0.2.109 3683 <-> 109.153.85.178 6148 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:55:50.849664 0.000000 udp 10.0.2.109 3683 -> 99.184.168.69 8341 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:55:55.159032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:56:03.160464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:56:07.598207 0.796296 tcp 10.0.2.109 63071 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:56:08.394808 0.064879 tcp 10.0.2.109 63072 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:56:08.459945 0.147621 tcp 10.0.2.109 63073 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:56:08.608093 0.189384 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:08.797912 0.065453 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:08.863728 0.056188 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:08.920329 0.074835 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:08.995542 0.215481 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:09.211576 0.067043 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:09.279000 0.345181 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:09.624609 0.154970 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:09.779948 0.185840 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:09.966331 0.197407 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:10.164166 0.292305 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:10.456841 0.354751 udp 10.0.2.109 3683 <-> 203.173.40.180 7323 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:10.811960 0.165220 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:11.044387 0.000000 udp 10.0.2.109 3683 -> 177.225.129.143 9092 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 18:56:19.741317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:56:28.846296 0.063100 tcp 10.0.2.109 63074 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:56:28.909677 0.068927 tcp 10.0.2.109 63075 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:56:28.978879 0.154812 tcp 10.0.2.109 63076 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/18 18:56:29.134256 0.174156 udp 10.0.2.109 3683 <-> 98.254.37.143 8749 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:29.308777 0.040043 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:29.349198 0.453109 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:29.802696 0.282477 udp 10.0.2.109 3683 <-> 190.247.166.150 7084 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:30.085565 0.316157 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:30.402707 1.049385 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:31.452574 0.422240 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:31.875214 0.433799 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:32.309388 0.046744 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:32.356492 0.223543 udp 10.0.2.109 3683 <-> 190.74.202.81 8380 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:32.580415 0.155518 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/18 18:56:51.376247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 18:59:43.106441 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 18:59:43.106527 1.516823 tcp 10.0.2.109 63077 -> 165.124.44.208 3747 FSPA* 0 0 15 1796 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:02:55.175437 3.001727 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 19:03:02.182708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:03:10.184558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:03:26.187522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:03:58.193390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:10:02.199593 3.186025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 19:10:09.351632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:10:17.285292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:10:33.221607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:11:05.227638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:17:09.233993 3.002561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 19:17:16.240447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:17:24.242549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:17:40.245276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:18:14.589944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:24:16.277407 3.213873 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 19:24:23.463008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:24:31.385240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:24:47.299280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:25:19.305325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:26:33.803109 0.000040 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 19:26:33.803212 0.000000 udp 10.0.2.109 3683 -> 99.184.168.69 8341 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:26:50.448591 0.061924 tcp 10.0.2.109 63078 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:26:50.510819 0.066396 tcp 10.0.2.109 63079 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:26:50.577579 0.151824 tcp 10.0.2.109 63080 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:26:50.729999 0.000000 udp 10.0.2.109 3683 -> 177.225.129.143 9092 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:27:05.738699 0.066326 tcp 10.0.2.109 63081 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:27:05.805363 0.064807 tcp 10.0.2.109 63082 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:27:05.870471 0.156010 tcp 10.0.2.109 63083 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:27:06.027021 0.313990 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:07.147375 0.134823 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:07.282580 0.054810 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:07.337758 0.075206 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:07.413409 0.159884 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:07.573676 0.158349 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:07.732379 0.145482 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:07.878415 0.168786 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:08.047572 0.348649 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 309 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:08.396598 0.165173 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:08.562324 0.184562 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 507 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:08.747287 0.226819 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:08.974487 0.041083 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:09.015921 0.380673 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:09.407945 0.160088 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:09.568470 0.136097 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:09.704967 0.221767 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:09.927099 0.043199 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:09.970761 0.000000 udp 10.0.2.109 3683 -> 172.129.104.100 3573 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:27:16.448562 0.000000 udp 10.0.2.109 3683 <- 172.129.104.100 3573 RSP 0 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:27:16.448987 0.182875 udp 10.0.2.109 3683 <-> 108.214.152.10 9715 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:16.632271 0.334040 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:16.966741 0.000000 udp 10.0.2.109 3683 -> 190.118.136.50 5253 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:27:34.439949 1.484760 tcp 10.0.2.109 63084 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:27:35.924970 0.060679 tcp 10.0.2.109 63085 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:27:35.985891 0.156780 tcp 10.0.2.109 63086 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:27:36.143216 0.000000 udp 10.0.2.109 3683 -> 109.153.85.178 6148 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:27:53.725498 0.060785 tcp 10.0.2.109 63087 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:27:53.786546 0.061089 tcp 10.0.2.109 63088 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:27:53.847992 0.151163 tcp 10.0.2.109 63089 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:27:53.999779 0.065433 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 246 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:54.065623 0.054375 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:54.120374 0.189930 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:54.310705 0.053963 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:54.365049 0.067892 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:54.433357 0.084632 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:54.518448 0.214684 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:54.733592 0.192045 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:54.926118 0.350151 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 344 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:55.276656 0.182711 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:55.459778 0.151793 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:55.612032 0.297242 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:27:55.909690 0.000000 udp 10.0.2.109 3683 -> 203.173.40.180 7323 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:28:11.425538 0.117077 tcp 10.0.2.109 63090 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:28:11.542919 0.062755 tcp 10.0.2.109 63091 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:28:11.605967 0.157357 tcp 10.0.2.109 63092 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:28:11.764048 0.166424 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:11.930872 0.037569 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:11.968874 0.410828 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:12.380164 0.000000 udp 10.0.2.109 3683 -> 98.254.37.143 8749 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:28:29.351974 0.103931 tcp 10.0.2.109 63093 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:28:29.456156 0.062108 tcp 10.0.2.109 63094 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:28:29.518607 0.151351 tcp 10.0.2.109 63095 -> 195.113.214.249 443 SRPA* 0 0 21 10740 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:28:29.670639 0.291561 udp 10.0.2.109 3683 <-> 190.247.166.150 7084 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:29.962652 0.315857 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:30.278978 0.419844 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:30.699207 0.057855 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:30.757480 0.228075 udp 10.0.2.109 3683 <-> 190.74.202.81 8380 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:30.985944 0.155833 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:31.142274 0.417886 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:28:31.560549 0.042167 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 561 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:29:44.626649 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 19:29:44.626728 1.187806 tcp 10.0.2.109 63096 -> 165.124.44.208 3747 FSPA* 0 0 15 1607 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:31:23.311690 3.001436 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 19:31:30.318937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:31:38.322684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:31:54.323461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:32:26.329380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:38:30.336100 3.001046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 19:38:37.342646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:38:47.488260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:39:03.342294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:39:36.919065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:45:37.391002 3.003464 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 19:45:44.396681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:45:52.400442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:46:08.401136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:46:40.409266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:54:30.417037 3.252546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 19:54:37.645562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:54:45.588528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:55:01.448204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:55:33.443630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 19:58:46.212974 0.205471 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 19:58:46.418623 0.450432 udp 10.0.2.109 3683 <-> 190.118.136.50 5253 CON 0 0 2 326 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:58:46.869442 0.000000 udp 10.0.2.109 3683 -> 109.153.85.178 6148 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:59:03.882540 0.064662 tcp 10.0.2.109 63097 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:03.947495 0.061444 tcp 10.0.2.109 63098 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:04.009208 0.155692 tcp 10.0.2.109 63099 -> 195.113.214.249 443 SRPA* 0 0 21 11364 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:04.165509 0.000000 udp 10.0.2.109 3683 -> 203.173.40.180 7323 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:59:20.630842 0.084733 tcp 10.0.2.109 63100 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:20.715906 0.062480 tcp 10.0.2.109 63101 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:20.778683 0.156985 tcp 10.0.2.109 63102 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:20.936223 0.000000 udp 10.0.2.109 3683 -> 98.254.37.143 8749 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 19:59:39.077489 0.064837 tcp 10.0.2.109 63103 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:39.142591 0.061503 tcp 10.0.2.109 63104 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:39.204365 0.161593 tcp 10.0.2.109 63105 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:39.366663 0.056211 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:39.423250 0.144909 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:39.568674 0.157689 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:39.726855 0.134142 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:39.861422 0.154980 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:40.016805 0.080963 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:40.098330 0.313246 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:40.491802 0.351232 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:40.843393 0.188078 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:41.045094 0.168102 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:41.213575 0.164234 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:41.378171 0.221532 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:41.600149 0.135440 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:41.735983 0.159222 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:41.895592 0.045594 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:41.941533 0.358917 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:42.300883 0.226221 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:42.527464 0.060603 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:42.588462 2.546207 udp 10.0.2.109 3683 <-> 172.129.104.100 3573 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:45.135035 0.179253 udp 10.0.2.109 3683 <-> 108.214.152.10 9715 CON 0 0 2 213 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:45.314658 0.335605 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:45.650739 0.067699 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:45.718841 0.056927 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 494 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:45.776218 0.074364 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:45.817282 1.402920 tcp 10.0.2.109 63106 -> 165.124.44.208 3747 FSPA* 0 0 15 1778 flow=From-Botnet-V1-TCP-Established 1970/02/18 19:59:45.850962 0.216982 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:46.068296 0.183011 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:46.251704 0.054720 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:46.306833 0.188994 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:46.496202 0.071940 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:46.568554 0.302994 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:46.871904 0.352408 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:47.224653 0.152102 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:47.377193 0.183208 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:47.560795 0.165153 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:47.726337 0.038566 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:47.765249 0.420508 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:48.186312 0.265383 udp 10.0.2.109 3683 <-> 190.247.166.150 7084 CON 0 0 2 210 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:48.452059 0.317307 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/18 19:59:48.769801 0.000000 udp 10.0.2.109 3683 -> 114.205.180.246 3665 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 20:00:05.556438 0.059220 tcp 10.0.2.109 63107 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:00:05.616019 0.064546 tcp 10.0.2.109 63108 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:00:05.680843 0.157762 tcp 10.0.2.109 63109 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:00:05.839229 0.129671 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:00:05.969269 0.427494 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:00:06.397143 0.040775 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:00:06.438442 0.000000 udp 10.0.2.109 3683 -> 190.74.202.81 8380 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 20:00:22.289742 0.064572 tcp 10.0.2.109 63110 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:00:22.354566 0.060182 tcp 10.0.2.109 63111 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:00:22.414976 0.149357 tcp 10.0.2.109 63112 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:00:22.565517 0.154709 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 238 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:01:59.460983 3.002154 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 20:02:06.475248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:02:14.492806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:02:30.473548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:03:02.480952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:09:11.493064 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 20:09:18.499976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:09:26.502991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:09:42.504543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:10:14.514870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:16:23.527320 2.998065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 20:16:30.532685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:16:38.538578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:16:54.547361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:17:26.549341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:23:33.551843 3.028024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 20:23:40.569172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:23:48.570907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:24:04.574889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:24:36.582740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:29:47.226638 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 20:29:47.226821 0.988213 tcp 10.0.2.109 63113 -> 165.124.44.208 3747 FSPA* 0 0 15 1602 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:30:32.972913 0.409967 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:33.383269 0.000000 udp 10.0.2.109 3683 -> 190.74.202.81 8380 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 20:30:37.579020 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 20:30:40.586301 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 20:30:47.598265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:30:50.359074 0.061442 tcp 10.0.2.109 63114 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:30:50.420806 0.065076 tcp 10.0.2.109 63115 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:30:50.486198 0.155859 tcp 10.0.2.109 63116 -> 195.113.214.249 443 SRPA* 0 0 20 11310 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:30:50.642554 0.462446 udp 10.0.2.109 3683 <-> 190.118.136.50 5253 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:51.149528 0.158976 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:51.308930 0.148273 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:51.457599 0.055609 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:51.513584 0.170051 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:51.684006 0.076846 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:51.761239 0.125160 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:51.886760 0.183438 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 519 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:52.070571 0.344680 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:52.415743 0.314450 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:52.730658 0.214298 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:52.945411 0.222431 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:53.168230 0.135251 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:53.303869 0.165176 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:53.469400 0.356175 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 477 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:53.826195 0.158389 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:53.985038 0.039901 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:54.025379 0.085867 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:54.111683 0.217256 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:30:54.329342 0.000000 udp 10.0.2.109 3683 -> 172.129.104.100 3573 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 20:30:55.594681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:31:03.040421 0.000000 udp 10.0.2.109 3683 <- 172.129.104.100 3573 RSP 0 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 20:31:03.980417 0.061396 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:04.042230 0.074383 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:04.117050 0.072758 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:04.190186 0.339083 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:04.529628 0.000000 udp 10.0.2.109 3683 -> 108.214.152.10 9715 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 20:31:11.597892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:31:22.674525 0.064604 tcp 10.0.2.109 63117 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:31:22.739461 0.063417 tcp 10.0.2.109 63118 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:31:22.803174 0.157658 tcp 10.0.2.109 63119 -> 195.113.214.249 443 SRPA* 0 0 23 13806 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:31:22.961369 0.187878 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:23.149622 0.065744 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:23.215739 0.182878 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:23.399035 0.214463 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:23.613845 0.054893 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:23.669098 0.297536 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 283 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:23.967106 0.351249 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:24.318714 0.037000 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 240 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:24.356119 0.166232 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:24.522702 0.183834 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:24.707085 0.150238 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:24.857775 0.412595 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:25.270733 0.316995 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:25.588143 0.000000 udp 10.0.2.109 3683 -> 190.247.166.150 7084 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 20:31:42.502653 0.061101 tcp 10.0.2.109 63120 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:31:42.564052 0.063461 tcp 10.0.2.109 63121 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:31:42.627817 0.152989 tcp 10.0.2.109 63122 -> 195.113.214.249 443 SRPA* 0 0 41 22672 flow=From-Botnet-V1-TCP-Established 1970/02/18 20:31:42.780931 0.142356 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:42.923656 0.423596 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:44.210738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:31:44.211276 0.044849 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:31:44.256492 0.155528 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/18 20:37:47.619697 3.011497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 20:37:54.642693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:38:02.639060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:38:18.641915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:38:50.647870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:44:54.654410 3.001163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 20:45:01.661727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:45:09.662859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:45:25.665383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:45:57.671850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:54:09.682269 3.001077 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 20:54:16.689315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:54:24.720969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:54:40.703755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:55:12.712020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 20:59:48.216364 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 20:59:48.216513 1.242865 tcp 10.0.2.109 63123 -> 165.124.44.208 3747 FSPA* 0 0 15 1748 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:01:21.729283 2.996412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 21:01:28.730615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:01:36.734574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:01:52.735296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:02:02.539594 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 21:02:02.539707 0.000000 udp 10.0.2.109 3683 -> 108.214.152.10 9715 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 21:02:19.735117 0.064448 tcp 10.0.2.109 63124 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:02:19.799848 0.070741 tcp 10.0.2.109 63125 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:02:19.870887 0.158691 tcp 10.0.2.109 63126 -> 195.113.214.249 443 SRPA* 0 0 40 22370 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:02:20.029164 0.000000 udp 10.0.2.109 3683 -> 190.247.166.150 7084 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 21:02:24.741100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:02:38.912203 0.413425 tcp 10.0.2.109 63127 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:02:39.325932 0.061395 tcp 10.0.2.109 63128 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:02:39.387583 0.151631 tcp 10.0.2.109 63129 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:02:39.539897 0.425387 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:39.965687 0.144238 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:40.110557 0.054434 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 264 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:40.165367 0.158818 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:40.324662 0.072465 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 257 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:40.397516 0.123543 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:40.521442 0.159702 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:40.681576 0.000000 udp 10.0.2.109 3683 -> 190.118.136.50 5253 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 21:02:57.572193 0.059793 tcp 10.0.2.109 63130 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:02:57.632248 0.063377 tcp 10.0.2.109 63131 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:02:57.695973 0.154008 tcp 10.0.2.109 63132 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:02:57.850580 0.314054 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:58.165093 0.179782 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:58.345276 0.348489 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:58.694207 0.163365 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 462 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:58.857963 0.321482 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:59.179872 0.222315 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:59.402651 0.221366 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:59.624500 0.135277 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:59.760153 0.217062 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:02:59.977616 0.159294 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:00.137294 0.040481 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:00.178222 0.041984 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:00.220566 0.073274 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:00.294450 0.339440 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:00.634331 0.000000 udp 10.0.2.109 3683 -> 172.129.104.100 3573 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 21:03:19.121110 0.061570 tcp 10.0.2.109 63133 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:03:19.182991 0.065552 tcp 10.0.2.109 63134 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:03:19.248802 0.148993 tcp 10.0.2.109 63135 -> 195.113.214.249 443 SRPA* 0 0 23 12932 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:03:19.398621 0.074758 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:19.473776 0.058840 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:19.532992 0.186040 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:19.719482 0.215209 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:19.935073 0.053629 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:19.989045 0.187088 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:20.176487 0.072734 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:20.249575 0.037824 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:20.287754 0.167303 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 244 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:20.455499 0.182354 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:20.638249 0.152423 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:20.791126 0.378045 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:21.169599 0.295513 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:21.465509 0.316049 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 471 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:21.782012 0.403363 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:22.185761 0.060285 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:22.246457 0.155650 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:22.402483 0.417752 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:03:22.820625 0.047481 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:08:44.750187 3.001431 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 21:08:51.757621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:08:59.758876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:09:15.761773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:09:47.768749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:15:51.774406 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 21:15:58.781434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:16:06.782993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:16:22.785927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:16:54.791959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:22:58.798465 3.092353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 21:23:05.864079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:23:13.918636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:23:29.830349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:24:01.835988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:29:49.466171 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 21:29:49.466280 0.830615 tcp 10.0.2.109 63136 -> 165.124.44.208 3747 FSPA* 0 0 15 1594 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:30:05.842052 3.411577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 21:30:13.221772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:30:21.155456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:30:37.456510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:31:09.095964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:33:46.020734 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 21:33:46.020889 0.000000 udp 10.0.2.109 3683 -> 190.118.136.50 5253 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 21:34:03.643136 0.063968 tcp 10.0.2.109 63137 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:34:03.707356 0.061128 tcp 10.0.2.109 63138 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:34:03.768777 0.154946 tcp 10.0.2.109 63139 -> 195.113.214.249 443 SRPA* 0 0 22 12878 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:34:03.924267 0.000000 udp 10.0.2.109 3683 -> 172.129.104.100 3573 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 21:34:20.337128 0.065763 tcp 10.0.2.109 63140 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:34:20.403188 0.062420 tcp 10.0.2.109 63141 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:34:20.465860 0.153109 tcp 10.0.2.109 63142 -> 195.113.214.249 443 SRPA* 0 0 33 19152 flow=From-Botnet-V1-TCP-Established 1970/02/18 21:34:20.620226 0.158384 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:20.779015 0.074202 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:20.853623 0.424629 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:21.278687 0.058561 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:21.337597 0.146540 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:21.484629 0.159929 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:21.644985 0.121437 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:21.766805 0.316164 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:22.083418 0.185167 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 460 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:22.268925 0.345096 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:22.614650 0.332794 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:22.947846 0.221528 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:23.169754 0.164932 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:23.335098 0.156334 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:23.491850 0.134473 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:23.626704 0.168436 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 485 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:23.795537 0.216592 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 287 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:24.012524 0.073127 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 497 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:24.086047 0.336871 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 320 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:24.423343 0.047317 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:24.471065 0.040648 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:24.512191 0.085179 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:24.597789 0.066390 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:24.664598 0.056483 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:24.721510 0.188303 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:24.910164 0.065571 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:25.210365 0.039554 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:25.250414 0.183497 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:25.434454 0.213222 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 475 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:25.648064 0.167004 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 268 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:25.815467 0.182390 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:25.998404 0.150953 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:26.149761 0.363605 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:26.513746 0.302884 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 513 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:26.817061 0.317455 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:27.134996 0.156534 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:27.291928 0.416077 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:27.708451 0.398391 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:28.107317 0.071703 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:34:28.179451 0.046333 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/18 21:37:12.890422 2.997115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 21:37:19.893486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:37:27.894693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:37:43.897789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:38:15.904542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:44:19.910035 3.001765 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 21:44:26.918928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:44:34.920425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:44:50.921855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:45:22.927782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:53:46.936021 3.162852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 21:53:54.142839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:54:02.071356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:54:17.977228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:54:49.996079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 21:59:50.297146 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 21:59:50.297247 0.986729 tcp 10.0.2.109 63143 -> 165.124.44.208 3747 FSPA* 0 0 13 1533 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:00:53.999213 3.004115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 22:01:01.007049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:01:09.008699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:01:25.011306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:01:57.017198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:04:52.481311 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 22:04:52.481510 0.158385 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:52.640351 0.257194 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 569 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:52.897955 0.147419 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:53.045749 0.164742 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:53.210898 0.125799 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 253 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:53.337090 0.435930 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:53.773445 0.056447 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:53.830309 0.316204 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:54.146993 0.182976 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:54.330502 0.348701 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 219 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:54.679672 0.350763 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:55.030820 0.158424 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:55.189683 0.135072 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:55.325146 0.253828 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:55.623029 0.221164 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:55.844570 0.163402 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:56.008441 0.208761 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:56.217604 0.074140 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:56.292153 0.329553 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:04:56.622237 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 22:05:12.509263 0.061713 tcp 10.0.2.109 63144 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:05:12.571224 0.061753 tcp 10.0.2.109 63145 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:05:12.633333 0.162891 tcp 10.0.2.109 63146 -> 195.113.214.249 443 SRPA* 0 0 49 43940 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:05:12.796777 0.042092 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:12.839302 0.074630 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:12.914345 0.064016 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 310 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:12.978829 0.055648 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:13.034940 0.187468 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:13.222809 0.182702 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 281 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:13.405967 0.213261 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:13.619652 0.163887 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 265 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:13.783879 0.066071 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:13.850388 0.038411 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:13.889170 0.184030 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:14.073572 0.157495 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:14.231439 0.350561 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:14.582387 0.293939 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:14.876769 0.415383 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:15.292644 0.338015 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:15.647183 0.155422 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:15.803093 0.046481 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:05:15.849970 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 22:05:34.791140 0.066422 tcp 10.0.2.109 63147 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:05:34.857890 0.061028 tcp 10.0.2.109 63148 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:05:34.919257 0.237250 tcp 10.0.2.109 63149 -> 195.113.214.249 443 SRPA* 0 0 21 12824 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:05:35.157174 0.053279 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:08:05.029318 3.000830 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 22:08:12.036691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:08:20.047767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:08:36.050856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:09:08.056591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:15:14.067448 2.999664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 22:15:21.078730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:15:29.074886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:15:45.077551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:16:17.083869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:22:23.092434 3.001962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 22:22:30.105207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:22:38.101544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:22:54.108535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:23:26.110793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:29:30.116366 3.002385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 22:29:37.123950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:29:47.938498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:29:54.011701 0.261750 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 22:29:54.273630 0.964622 tcp 10.0.2.109 63150 -> 165.124.44.208 3747 FSPA* 0 0 15 1726 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:30:04.013221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:30:35.643506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:35:39.645577 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 22:35:39.645672 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 93 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 22:35:56.361509 0.060111 tcp 10.0.2.109 63151 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:35:56.421850 0.033289 tcp 10.0.2.109 63152 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:35:56.455419 0.110338 tcp 10.0.2.109 63153 -> 195.113.214.249 443 SRPA* 0 0 34 25465 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:35:56.566381 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 22:36:12.983916 0.060845 tcp 10.0.2.109 63154 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:36:13.045116 0.034846 tcp 10.0.2.109 63155 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:36:13.079803 0.136903 tcp 10.0.2.109 63156 -> 195.113.214.249 443 SRPA* 0 0 23 11914 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:36:13.217230 0.158262 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 495 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:13.375886 0.077412 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:13.453681 0.125925 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:13.579970 0.428693 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:14.009119 0.055665 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:14.065238 0.320259 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:14.385888 0.180727 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:14.566982 0.163959 rtcp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:14.731384 0.150773 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:14.882544 0.347878 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:15.230790 0.221429 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:15.452662 0.232488 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:16.147708 0.301252 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:16.449378 0.159827 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:18.876584 0.134753 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:19.011713 0.069016 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:19.081088 0.333429 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:19.414932 0.207436 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:19.622752 0.164081 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 317 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:19.787206 0.054312 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:19.842000 0.187219 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:20.029586 0.183735 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:20.213743 0.060645 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:20.274762 0.074939 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:20.350112 0.040639 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:20.391127 0.164686 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:20.556240 0.066838 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:20.623421 0.042562 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:20.666413 0.182900 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:20.849749 0.151290 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:21.001472 0.357319 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:21.359224 0.000000 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 22:36:37.160280 3.009998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 22:36:39.091537 0.062861 tcp 10.0.2.109 63157 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:36:39.154433 0.032714 tcp 10.0.2.109 63158 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:36:39.187439 0.125506 tcp 10.0.2.109 63159 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/18 22:36:39.313411 0.154719 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:39.468603 0.040866 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 203 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:39.509909 0.306458 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:40.170714 0.446273 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:40.617338 0.369184 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:40.986970 0.065787 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/18 22:36:44.167748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:36:52.169517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:37:08.172554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:37:40.178079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:43:44.185458 3.352920 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 22:43:51.510325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:43:59.437975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:44:15.718970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:44:47.352414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:50:51.229032 3.001515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 22:50:58.235829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:51:06.237445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:51:22.240682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:51:54.246637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:57:58.252569 3.029889 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 22:58:05.286441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:58:13.271501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:58:29.274750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:59:01.280754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 22:59:52.274430 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 22:59:52.274533 1.053690 tcp 10.0.2.109 63160 -> 165.124.44.208 3747 FSPA* 0 0 15 1642 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:05:30.292569 3.001132 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 23:05:37.299890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:05:45.301457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:06:01.349384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:06:33.320786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:07:08.180619 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 23:07:08.180724 0.214303 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 23:07:08.395027 0.000000 icmp 139.142.70.178 0x0303 -> 10.0.2.109 0x6807 URP 192 1 140 flow=Background 1970/02/18 23:07:23.194531 0.075936 tcp 10.0.2.109 63161 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:07:23.270752 0.033774 tcp 10.0.2.109 63162 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:07:23.304782 0.132156 tcp 10.0.2.109 63163 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:07:23.437488 0.124516 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:23.562606 0.158847 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:23.721920 0.078946 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:23.801319 0.343757 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:24.145444 0.188603 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:24.334534 0.161791 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:24.496749 0.148850 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:24.646064 0.425262 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:25.071757 0.055142 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:25.127301 0.221537 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:25.349174 0.348136 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:25.697662 0.298147 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:25.996256 0.248830 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:26.245467 0.158326 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:26.404186 0.065810 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:26.470414 0.218006 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:26.688851 0.165377 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:26.854663 0.054327 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 324 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:26.909362 0.336502 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:27.246374 0.136508 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 453 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:27.383265 0.186052 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:27.569742 0.060524 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:27.630693 0.077101 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 321 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:27.708238 0.046544 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:27.755156 0.180504 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:27.936026 0.067138 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:28.003545 0.037039 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:07:28.041051 0.000000 udp 10.0.2.109 3683 -> 108.252.199.115 2393 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 23:07:44.653482 0.045896 tcp 10.0.2.109 63164 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:07:44.699723 0.033514 tcp 10.0.2.109 63165 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:07:44.733563 0.130252 tcp 10.0.2.109 63166 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:07:44.864286 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 112 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 23:08:01.089367 0.042788 tcp 10.0.2.109 63167 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:08:01.132456 0.034933 tcp 10.0.2.109 63168 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:08:01.167673 0.129039 tcp 10.0.2.109 63169 -> 195.113.214.249 443 SRPA* 0 0 41 22070 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:08:01.297262 0.151232 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:08:01.448913 0.349238 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:08:01.798658 0.155419 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:08:01.954478 0.049778 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 261 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:08:02.004669 0.293091 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:08:02.298398 0.480690 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:08:02.779416 0.330395 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:08:03.110239 0.202122 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:12:37.326685 3.003811 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 23:12:44.336410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:12:52.335569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:13:08.340536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:13:40.344433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:19:44.350391 3.001690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 23:19:51.357675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:19:59.359420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:20:15.362455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:20:47.367816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:26:51.374126 3.002226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 23:26:58.381811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:27:06.383434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:27:22.386490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:27:54.926511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:29:53.333982 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 23:29:53.334269 0.896218 tcp 10.0.2.109 63170 -> 165.124.44.208 3747 FSPA* 0 0 15 1670 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:33:58.408837 3.269490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 23:34:05.645716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:34:14.179994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:34:30.003991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:35:01.642586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:38:30.643170 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 23:38:30.643295 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 23:38:46.982609 0.037432 tcp 10.0.2.109 63171 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:38:47.020353 0.034140 tcp 10.0.2.109 63172 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:38:47.054762 0.151649 tcp 10.0.2.109 63173 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:38:47.207066 0.000000 udp 10.0.2.109 3683 -> 108.252.199.115 2393 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/18 23:39:04.767476 0.099889 tcp 10.0.2.109 63174 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:39:04.867688 0.035567 tcp 10.0.2.109 63175 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:39:04.903583 0.235011 tcp 10.0.2.109 63176 -> 195.113.214.249 443 SRPA* 0 0 27 11876 flow=From-Botnet-V1-TCP-Established 1970/02/18 23:39:05.137804 0.160006 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 251 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:05.298422 0.126431 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:05.425265 0.078419 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:05.504097 0.160047 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:05.664528 0.147357 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:05.812346 0.429856 udp 10.0.2.109 3683 <-> 114.205.180.246 3665 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:06.242585 0.051245 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 481 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:06.294548 0.175474 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:06.470466 0.339300 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:06.810287 0.157488 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:06.968208 0.219792 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:07.188429 0.218785 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 491 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:07.407595 0.307363 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:07.715335 0.344898 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:08.111708 0.068455 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:08.181268 0.169640 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:08.351303 0.337013 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:08.688711 0.135705 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:08.824806 0.167258 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:08.992527 0.130476 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.123398 0.069220 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.193030 0.046334 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.239884 0.167347 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.407689 0.067985 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 282 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.476063 0.037204 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.513646 0.163872 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.677894 0.054980 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.733252 0.151954 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.885681 0.047629 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:09.933763 0.288236 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:10.222447 0.347123 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:10.570056 0.156898 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:10.727409 0.075564 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:10.803419 0.419312 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:39:11.223213 0.349042 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/18 23:41:05.452366 3.006011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/18 23:41:12.459918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:41:20.465135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:41:36.464691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:42:08.472505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:48:12.476364 3.201315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 23:48:19.650409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:48:27.576510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:48:43.498421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:49:15.504774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:55:46.519858 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/18 23:55:53.528347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:56:01.527773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:56:17.531117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:56:50.292675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/18 23:59:54.233441 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/18 23:59:54.233555 0.901005 tcp 10.0.2.109 63177 -> 165.124.44.208 3747 FSPA* 0 0 15 1581 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:02:53.544864 2.999845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 00:03:00.550810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:03:08.552148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:03:24.554768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:03:56.560862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:09:34.246860 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 00:09:34.247010 0.076321 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 312 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:34.323759 0.157392 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:34.481546 0.148885 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:34.630892 0.160299 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:34.791672 0.126207 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:34.918277 0.000000 udp 10.0.2.109 3683 -> 114.205.180.246 3665 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 00:09:51.423122 1.504771 tcp 10.0.2.109 63178 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:09:52.928181 0.033738 tcp 10.0.2.109 63179 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:09:52.961749 0.154761 tcp 10.0.2.109 63180 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:09:53.117196 0.059863 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 429 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:53.177479 0.183077 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:53.360975 0.329289 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:53.690699 0.156965 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:53.848042 0.305383 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:09:54.153875 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 00:10:01.885056 3.088798 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 00:10:08.938335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:10:13.746011 0.069398 tcp 10.0.2.109 63181 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:10:13.815666 0.032179 tcp 10.0.2.109 63182 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:10:13.847604 0.150162 tcp 10.0.2.109 63183 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:10:13.998666 0.208122 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:14.207228 0.349082 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:15.039291 0.067342 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:15.107040 0.167955 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:15.275388 0.336464 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 209 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:15.612286 0.135031 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:15.747702 0.183461 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:15.931529 0.058084 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:15.989978 0.076078 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:16.066470 0.041218 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 444 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:16.108060 0.165971 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:16.274438 0.000000 udp 10.0.2.109 3683 -> 194.54.45.144 3636 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 00:10:17.834190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:10:32.578943 0.065344 tcp 10.0.2.109 63184 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:10:32.644580 0.033390 tcp 10.0.2.109 63185 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:10:32.678257 0.139509 tcp 10.0.2.109 63186 -> 195.113.214.249 443 SRPA* 0 0 31 12268 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:10:32.817202 0.041779 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:32.859415 0.165736 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:33.025516 0.056142 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:33.082066 0.127192 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:33.209675 0.041257 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:33.259537 0.156614 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 303 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:33.416587 0.249896 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:33.658918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:10:33.666857 0.286563 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 258 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:33.953795 0.350146 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:34.304419 0.491005 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:10:34.795845 0.340328 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:11:05.313517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:17:07.611014 3.001607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 00:17:14.618567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:17:22.619997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:17:38.623093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:18:10.630504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:24:14.635129 3.006609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 00:24:21.642478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:24:29.644167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:24:45.650324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:25:17.654023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:29:55.132325 0.104910 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 00:29:55.237427 1.542063 tcp 10.0.2.109 63187 -> 165.124.44.208 3747 FSPA* 0 0 13 1447 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:31:21.669369 3.000694 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 00:31:28.676536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:31:36.677924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:31:52.680899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:32:24.688392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:38:28.693943 3.000726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 00:38:35.704052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:38:43.702811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:38:59.704959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:39:33.750598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:40:45.237950 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 00:40:45.238039 3.428753 udp 10.0.2.109 3683 -> 114.205.180.246 3665 INT 0 1 87 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 00:40:48.666792 0.000000 icmp 114.205.147.242 0x0103 -> 10.0.2.109 0x72cd URH 192 1 115 flow=Background 1970/02/19 00:41:00.881721 0.063730 tcp 10.0.2.109 63188 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:41:00.945810 0.034799 tcp 10.0.2.109 63189 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:41:00.980852 0.132296 tcp 10.0.2.109 63190 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:41:01.113735 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 00:41:19.790277 0.278556 tcp 10.0.2.109 63191 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:41:20.069170 0.033509 tcp 10.0.2.109 63192 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:41:20.102929 0.134107 tcp 10.0.2.109 63193 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/19 00:41:20.237773 0.067836 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:20.306088 0.166139 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 279 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:20.472621 0.074762 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 433 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:20.547836 0.158449 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:20.706751 0.151622 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:20.858759 0.130787 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:20.989927 0.055380 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:21.045679 0.182822 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 311 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:21.228870 0.340527 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 259 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:21.569809 0.298439 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 2 427 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:21.868647 0.159311 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:22.028332 0.224789 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:22.253576 0.198856 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:22.452888 0.327014 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:22.780344 0.136223 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 563 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:22.917006 0.187587 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:23.104984 0.058361 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:23.163730 0.348870 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:23.513087 0.066935 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:23.580414 0.075868 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:23.656697 0.040853 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:23.697910 0.176873 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:23.875184 0.037328 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:23.912921 0.167461 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:24.080772 0.055072 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:24.136316 0.126995 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:24.263716 0.047328 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 549 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:24.311428 0.158651 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:24.470588 0.183813 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 339 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:24.654799 0.411397 udp 10.0.2.109 3683 <-> 1.234.161.42 1251 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:25.243229 0.286256 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:25.529940 0.361207 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 412 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:41:25.891538 0.350771 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/19 00:45:35.737107 3.001622 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 00:45:42.744483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:45:50.745900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:46:06.858774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:46:38.754664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:54:28.763414 3.001078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 00:54:35.770528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:54:43.772280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:54:59.775247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:55:33.347169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 00:59:56.163023 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 00:59:56.163114 1.547631 tcp 10.0.2.109 63194 -> 165.124.44.208 3747 FSPA* 0 0 15 1794 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:01:58.810071 3.001970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 01:02:05.817859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:02:13.833299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:02:29.832414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:03:01.842632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:09:09.849647 3.012334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 01:09:16.918156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:09:24.879189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:09:40.882061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:10:12.888449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:11:53.292807 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 01:11:53.292982 0.080636 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:53.373986 0.074689 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:53.449056 0.160002 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 423 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:53.609443 0.154994 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:53.764814 0.147390 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:53.912669 0.127589 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:54.040604 0.050210 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 300 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:54.091201 0.180399 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:54.271967 0.317613 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:54.589988 0.217198 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:54.807597 0.169578 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:11:55.170886 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 01:12:11.951537 0.068890 tcp 10.0.2.109 63195 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:12:12.020677 0.035579 tcp 10.0.2.109 63196 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:12:12.056554 0.147833 tcp 10.0.2.109 63197 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:12:12.204897 0.157376 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:12.362662 0.335965 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:12.699068 0.135589 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:12.835036 0.190579 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:13.026013 0.058142 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:13.084571 0.344323 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:13.429324 0.066519 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:13.496216 0.075669 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 517 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:13.572297 0.045841 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:13.618589 0.163961 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:13.782922 0.037509 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:13.820819 0.166238 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:13.987428 0.054398 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:14.042312 0.149865 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:14.192563 0.041528 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 566 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:14.234556 0.156589 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:14.391484 0.781865 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:15.173797 0.000000 udp 10.0.2.109 3683 -> 1.234.161.42 1251 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 01:12:33.771334 0.114498 tcp 10.0.2.109 63198 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:12:33.886139 0.034693 tcp 10.0.2.109 63199 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:12:33.920679 0.226269 tcp 10.0.2.109 63200 -> 195.113.214.249 443 SRPA* 0 0 23 12578 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:12:34.147635 0.297086 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:34.445120 0.358656 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 254 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:12:34.804192 0.315828 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:16:21.900774 3.002263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 01:16:28.943184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:16:36.920587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:16:52.923449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:17:24.929358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:23:32.941315 3.006982 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 01:23:39.948095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:23:48.101531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:24:03.962853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:24:35.969130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:29:57.722459 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 01:29:57.722645 1.089858 tcp 10.0.2.109 63201 -> 165.124.44.208 3747 FSPA* 0 0 15 1646 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:30:39.975399 4.406566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 01:30:48.354330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:30:56.270542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:31:12.080840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:31:43.725648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:37:47.009321 3.003672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 01:37:54.388691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:38:02.318850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:38:18.184403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:38:50.037266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:42:55.936874 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 01:42:55.937055 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 01:43:14.349000 0.070530 tcp 10.0.2.109 63202 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:43:14.419926 0.035253 tcp 10.0.2.109 63203 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:43:14.455480 0.126567 tcp 10.0.2.109 63204 -> 195.113.214.249 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:43:14.582655 0.000000 udp 10.0.2.109 3683 -> 1.234.161.42 1251 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 01:43:33.354993 0.064282 tcp 10.0.2.109 63205 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:43:33.419567 0.053189 tcp 10.0.2.109 63206 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:43:33.473078 0.144317 tcp 10.0.2.109 63207 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:43:33.618027 0.158115 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:33.776492 0.071914 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:33.848835 0.127175 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:33.976421 0.048094 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:34.024886 0.175027 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:34.200274 0.150838 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:34.351500 0.158925 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:34.510918 0.077064 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:34.588443 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 01:43:50.860202 0.064768 tcp 10.0.2.109 63208 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:43:50.925275 0.035280 tcp 10.0.2.109 63209 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:43:50.960862 0.151843 tcp 10.0.2.109 63210 -> 195.113.214.249 443 SRPA* 0 0 35 18780 flow=From-Botnet-V1-TCP-Established 1970/02/19 01:43:51.111015 0.167931 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:51.279301 0.314695 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:51.594519 0.135963 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:51.814909 0.183589 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 325 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:51.998930 0.058234 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 414 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:52.057530 0.333441 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:52.391332 0.157499 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:52.549278 0.067542 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 361 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:52.617291 0.075479 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:52.693146 0.046196 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:52.739699 0.166305 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 275 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:52.906478 0.037406 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 330 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:52.944294 0.163493 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 416 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:53.108199 0.053915 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:53.162543 0.151130 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:53.314003 0.046796 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 396 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:53.361176 0.159223 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:53.520808 0.348361 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:53.869554 0.405997 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 553 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:54.276003 0.292547 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:54.568905 0.349034 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:43:54.918530 0.317164 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/19 01:44:54.044554 3.000104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 01:45:01.050419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:45:09.052320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:45:25.055068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:45:57.060816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:54:09.070243 3.012595 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 01:54:16.088442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:54:24.090006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:54:40.092703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:55:12.098951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 01:59:58.811646 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 01:59:58.811734 1.119097 tcp 10.0.2.109 63211 -> 165.124.44.208 3747 FSPA* 0 0 15 1712 flow=From-Botnet-V1-TCP-Established 1970/02/19 02:01:23.115290 3.001547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 02:01:30.122359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:01:40.495129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:01:56.303187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:02:27.934312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:08:46.152484 3.005225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 02:08:53.159425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:09:01.161131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:09:17.163706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:09:49.173772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:14:03.325776 0.001550 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 02:14:03.327413 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 02:14:21.033425 0.101525 tcp 10.0.2.109 63212 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 02:14:21.135233 0.033683 tcp 10.0.2.109 63213 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 02:14:21.169212 0.135441 tcp 10.0.2.109 63214 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/19 02:14:21.305196 0.163320 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:21.468902 0.070601 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 455 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:21.539876 0.127213 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 420 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:21.667688 0.147147 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:21.815288 0.160144 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 421 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:21.975806 0.077434 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:22.053640 0.183528 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:22.237507 0.053200 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:22.291188 0.134853 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:22.426444 0.231835 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 233 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:22.658679 0.315800 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:22.974873 0.184318 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 356 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:23.159551 0.058596 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:23.218540 0.333264 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:23.552180 0.158611 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:23.711181 0.072669 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:23.784287 0.075396 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 307 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:23.860118 0.047068 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:23.907595 0.199247 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:24.107181 0.037441 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:24.144963 0.165040 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:24.310396 0.055163 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:24.366221 0.152421 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:24.519040 0.046720 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:24.566171 0.159544 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 435 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:24.726245 0.345946 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 482 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:25.072554 0.362374 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:25.435342 0.150162 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:25.585864 0.304152 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 363 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:14:25.890526 0.324796 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:15:53.176649 3.000745 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 02:16:00.183635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:16:08.380964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:16:24.240417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:16:56.204647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:23:00.211941 2.999902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 02:23:07.221573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:23:15.219300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:23:31.222180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:24:03.240495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:29:59.931251 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 02:29:59.931450 1.478456 tcp 10.0.2.109 63215 -> 165.124.44.208 3747 FSPA* 0 0 15 1584 flow=From-Botnet-V1-TCP-Established 1970/02/19 02:30:07.244157 3.006426 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 02:30:14.254498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:30:22.252784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:30:38.729676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:31:10.357750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:37:14.278332 3.001422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 02:37:22.756448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:37:30.667018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:37:46.488569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:38:18.115719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:44:21.312935 3.003738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 02:44:28.319358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:44:36.320995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:44:52.323965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:44:55.494411 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 02:44:55.494624 0.125359 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 305 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:57.075158 0.148008 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:57.223548 0.159864 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:57.383827 0.071053 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 488 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:57.455419 0.157091 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:57.612944 0.107298 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 231 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:57.720638 0.180168 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:57.901185 0.052551 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:57.954351 0.135871 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:58.090700 0.172932 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:58.264033 0.329778 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:58.594234 0.219385 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 447 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:58.814091 0.062436 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:58.876947 0.333906 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 515 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:59.211238 0.158292 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:59.369945 0.074419 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:59.444845 0.075350 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:59.520604 0.046737 udp 10.0.2.109 3683 <-> 87.167.253.191 8279 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:59.567786 0.164824 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:59.733054 0.040960 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:59.774427 0.163952 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:59.938868 0.053365 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 512 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:44:59.992716 0.153743 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:45:00.146922 0.046619 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:45:00.193913 0.159913 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:45:00.354366 0.348199 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:45:00.702971 0.292593 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 538 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:45:00.995927 0.348150 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:45:01.344503 0.341327 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:45:01.686354 0.278380 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/19 02:45:27.140346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:53:48.348657 3.000340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 02:53:55.354719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:54:03.356211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:54:22.743761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 02:54:54.972235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:00:01.411398 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 03:00:01.411565 0.931428 tcp 10.0.2.109 63216 -> 165.124.44.208 3747 FSPA* 0 0 15 1683 flow=From-Botnet-V1-TCP-Established 1970/02/19 03:00:55.390453 3.002469 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 03:01:02.398726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:01:10.400177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:01:26.403351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:01:58.409409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:08:09.425382 3.107178 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 03:08:16.513368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:08:24.459664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:08:40.447144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:09:12.456992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:15:12.541959 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 03:15:12.542065 0.129113 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:12.671619 0.150390 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 571 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:12.822619 0.166441 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 559 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:12.989418 0.077272 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:13.067084 0.156722 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:13.224340 0.072220 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 241 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:13.297013 0.216657 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:13.513987 0.171758 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:13.686259 0.342184 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 242 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:14.028861 0.206430 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:14.235630 0.063733 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:14.299757 0.063627 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:14.363863 0.135544 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 465 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:14.499775 0.333541 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 441 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:14.833712 0.160493 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 478 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:14.994723 0.066980 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:15.062107 0.075386 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:15.137918 0.000000 udp 10.0.2.109 3683 -> 87.167.253.191 8279 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 03:15:16.465387 2.999187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 03:15:23.466771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:15:32.007874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:15:32.591616 0.061688 tcp 10.0.2.109 63217 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 03:15:32.653610 0.056037 tcp 10.0.2.109 63218 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 03:15:32.709918 0.150343 tcp 10.0.2.109 63219 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/19 03:15:32.860847 0.182672 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 384 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:33.044019 0.039319 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 436 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:33.083751 0.197407 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:33.281550 0.056965 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 362 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:33.338905 0.150687 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 534 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:33.489988 0.041563 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:33.532080 0.161540 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 486 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:33.694002 0.347644 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 383 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:34.042118 0.357022 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:34.399510 0.288274 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:34.688253 0.345090 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:35.033734 0.221318 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:15:48.245971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:16:19.885516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:22:25.505941 3.001834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 03:22:32.513475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:22:40.514962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:22:56.517934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:23:28.525377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:29:32.530467 3.001259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 03:29:39.538234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:29:47.539174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:30:02.351594 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 03:30:02.351765 3.021389 tcp 10.0.2.109 63220 -> 165.124.44.208 3747 SPA_* 0 0 14 1772 flow=From-Botnet-V1-TCP-Established 1970/02/19 03:30:05.372860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:30:07.680442 0.000089 tcp 10.0.2.109 63220 -> 165.124.44.208 3747 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/19 03:30:37.005173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:36:39.563777 3.683963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 03:36:47.211174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:36:55.122378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:37:10.941157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:37:42.592113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:43:46.598374 3.002384 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 03:43:53.606145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:44:01.606794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:44:17.617236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:44:57.886084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:46:03.383107 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 03:46:03.383217 0.000000 udp 10.0.2.109 3683 -> 87.167.253.191 8279 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 03:46:19.599434 1.766273 tcp 10.0.2.109 63221 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 03:46:21.365999 0.052264 tcp 10.0.2.109 63222 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 03:46:21.418569 0.135835 tcp 10.0.2.109 63223 -> 195.113.214.249 443 SRPA* 0 0 61 41386 flow=From-Botnet-V1-TCP-Established 1970/02/19 03:46:21.554546 0.149286 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:21.704337 0.164094 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 272 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:21.868864 0.069428 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:21.938758 0.158422 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:22.098024 0.074088 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:22.172520 0.127233 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:22.300244 0.360192 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:22.660831 0.212792 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 260 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:22.874118 0.058978 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:22.933543 0.053224 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 262 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:22.987171 0.205809 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:23.193548 0.166630 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:23.360697 0.158177 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 539 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:23.519342 0.067910 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:23.587726 0.075551 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:23.663745 0.135343 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 448 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:23.799585 0.334353 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:24.134354 0.197214 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 503 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:24.332005 0.053662 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:24.386136 0.191050 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 313 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:24.577579 0.037848 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:24.615831 0.155834 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:24.772064 0.046536 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:24.819027 0.159890 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 509 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:24.979399 0.344015 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:25.323914 0.377374 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:25.701798 0.305167 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:26.007387 0.367976 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 525 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:46:26.375789 0.053389 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 413 flow=From-Botnet-V1-UDP-Established 1970/02/19 03:50:59.174997 3.183042 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 03:51:06.308315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:51:14.211715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:51:29.996927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:52:01.583091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:58:00.772590 2.959625 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 03:58:07.690403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:58:15.684873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:58:31.687778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 03:59:03.693916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:00:05.893768 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 04:00:05.893974 1.046356 tcp 10.0.2.109 63224 -> 165.124.44.208 3747 FSPA* 0 0 15 1685 flow=From-Botnet-V1-TCP-Established 1970/02/19 04:05:32.707271 3.000498 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 04:05:40.038842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:05:49.214394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:06:05.024489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:06:36.649947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:12:42.753986 3.002131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 04:12:49.761561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:12:57.762579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:13:13.766258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:13:46.278833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:16:34.867570 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 04:16:34.867727 0.841072 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:35.709187 0.149484 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:35.859066 0.156124 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 290 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:36.015602 0.121861 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 537 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:36.137824 0.364728 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:36.503041 0.218228 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 489 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:36.721656 0.156969 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 250 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:36.879051 0.073162 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 505 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:36.952659 1.101181 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:38.054269 0.053956 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:38.108617 0.205770 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 202 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:38.314819 0.166937 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:38.482186 0.202242 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:38.684820 0.074236 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:38.759446 0.075875 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:38.835720 0.135531 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:38.971706 0.375366 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 308 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:39.347497 0.197512 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:39.545359 0.054506 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 236 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:39.600273 0.186213 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 394 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:39.786879 0.038187 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:39.825415 0.151815 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:39.977616 0.046863 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:40.024886 0.366436 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:40.447137 0.163514 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:40.611010 0.346056 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:40.957462 0.184574 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 347 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:41.142573 0.287931 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:16:41.430929 0.367717 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 474 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:19:50.789366 3.002935 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 04:19:57.797122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:20:05.798801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:20:21.801668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:20:53.807587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:26:57.813802 3.000991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 04:27:04.828545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:27:12.826454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:27:28.825627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:28:00.831434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:30:06.942826 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 04:30:06.942974 0.140563 tcp 10.0.2.109 63225 -> 165.124.44.208 3747 SPA_* 0 0 9 1098 flow=From-Botnet-V1-TCP-Established 1970/02/19 04:30:17.630952 0.672126 tcp 10.0.2.109 63225 -> 165.124.44.208 3747 FA_F* 0 0 6 561 flow=From-Botnet-V1-TCP-Established 1970/02/19 04:34:04.838672 3.000652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 04:34:11.845063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:34:19.847500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:34:35.849380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:35:07.858904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:41:11.865003 2.998073 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 04:41:18.868945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:41:26.871048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:41:43.149483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:42:15.339867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:47:05.197094 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 04:47:05.197199 0.161022 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 451 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:05.358607 0.126556 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:05.485556 0.076257 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:05.562378 0.148304 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:05.711003 0.363711 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 273 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:06.075134 0.207899 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 470 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:06.283440 0.159143 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 372 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:06.442960 0.086183 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:06.529552 0.205480 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:06.735441 0.063247 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:06.799046 0.079118 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 405 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:07.323939 0.168583 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:07.492981 0.154669 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:07.648108 0.067201 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 409 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:07.715761 0.075229 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:07.791354 0.135372 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:07.927115 0.376321 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:08.303859 0.183920 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:08.488206 0.056099 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:08.544685 0.180878 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 430 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:08.725963 0.038284 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 524 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:08.764649 0.173480 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 225 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:08.938551 0.041512 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 554 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:08.980414 0.346246 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:09.327150 0.368831 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:09.696344 0.160097 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 454 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:09.856881 0.357480 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:10.214767 1.200990 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:47:11.416171 0.299454 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 221 flow=From-Botnet-V1-UDP-Established 1970/02/19 04:48:18.915165 3.003576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 04:48:25.922912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:48:33.926464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:48:49.927155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:49:21.933465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:55:47.942326 3.000610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 04:55:54.948557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:56:02.950427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:56:18.953511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 04:56:52.309788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:00:18.313111 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 05:00:18.313224 0.855093 tcp 10.0.2.109 63226 -> 165.124.44.208 3747 FSPA* 0 0 14 1613 flow=From-Botnet-V1-TCP-Established 1970/02/19 05:02:54.985692 3.000861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 05:03:01.992747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:03:09.994164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:03:26.324305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:03:58.437617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:10:02.029282 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 05:10:09.036146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:10:17.037746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:10:33.041200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:11:05.047288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:17:09.055117 2.999782 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 05:17:16.060396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:17:24.062493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:17:35.547637 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 05:17:35.547755 0.071437 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:35.619563 0.147528 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:35.767501 0.158609 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 328 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:35.926551 0.125893 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:36.052897 0.375400 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:36.428727 0.208140 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:36.637272 0.157760 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 333 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:36.795429 0.088751 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 480 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:36.884574 0.205345 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:37.090327 0.616334 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:37.707057 0.051462 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:37.758914 0.166162 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 366 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:37.925467 0.160938 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:38.086890 0.073505 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:38.160811 0.075588 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 456 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:38.236846 0.134952 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 278 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:38.372157 0.375454 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:38.747975 0.184239 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:38.932623 0.056370 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:38.989457 0.179180 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:39.169034 0.038369 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 450 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:39.207811 0.165212 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:39.373405 0.041910 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 529 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:39.415779 0.160483 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:39.576654 0.348723 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 322 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:39.925778 0.372890 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:40.116392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:17:40.299123 0.351182 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 452 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:40.650680 0.179603 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 360 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:17:40.858591 0.310218 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 318 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:18:12.081116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:24:16.087388 3.149145 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 05:24:23.210845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:24:31.146660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:24:47.119086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:25:19.125276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:30:19.167180 0.672169 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 05:30:19.839459 1.271296 tcp 10.0.2.109 63227 -> 165.124.44.208 3747 FSPA* 0 0 14 1738 flow=From-Botnet-V1-TCP-Established 1970/02/19 05:31:23.131351 3.001368 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 05:31:30.138251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:31:38.146624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:31:54.142901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:32:26.149788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:38:30.156066 0.997878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/02/19 05:38:35.786715 3.969051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/02/19 05:38:47.672459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:39:03.493491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:39:35.131639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:45:37.189856 3.142370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 05:45:44.307864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:45:52.245480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:46:08.211000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:46:40.217250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:48:03.997133 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 05:48:03.997220 0.078489 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 371 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:04.076182 0.150612 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:04.227201 0.161081 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 542 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:04.388747 0.131064 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 353 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:04.686464 0.394234 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:05.081117 0.215615 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 406 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:05.297142 0.160042 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:05.457631 0.085374 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 315 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:05.543380 0.050977 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:05.594747 0.166976 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 439 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:05.762231 0.198534 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 400 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:05.961201 0.059132 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 343 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:06.020760 0.160844 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:06.181987 0.075053 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 499 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:06.257446 0.075481 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 291 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:06.333357 0.135090 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 387 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:06.468972 0.378554 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:06.847903 0.182467 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 267 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:07.030747 0.053301 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:07.084441 0.180200 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:07.265100 0.037504 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:07.303098 0.171238 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:07.474800 0.047167 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:07.522452 0.158360 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:07.681313 0.344456 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:08.026193 0.729811 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 297 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:08.756444 0.307031 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 398 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:09.063866 0.344532 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:48:09.408829 0.382379 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/19 05:54:28.234038 3.000510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 05:54:35.240434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:54:43.241599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:54:59.244687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 05:55:31.715827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:00:20.466815 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 06:00:20.466923 1.131703 tcp 10.0.2.109 63228 -> 165.124.44.208 3747 FSPA* 0 0 15 1698 flow=From-Botnet-V1-TCP-Established 1970/02/19 06:01:59.281793 3.000550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 06:02:06.288129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:02:14.290062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:02:31.363446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:03:02.998252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:09:09.319814 3.079194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 06:09:16.377377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:09:24.338386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:09:40.763280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:10:13.533301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:16:21.380959 3.164844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 06:16:28.517740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:16:44.392690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:17:00.179525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:17:31.767768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:18:24.452651 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 06:18:24.452774 0.161031 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:24.614226 0.125171 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:24.739810 0.884602 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:25.624825 0.147795 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 578 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:25.773022 0.395431 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:26.168977 0.207520 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 248 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:26.376969 0.160622 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:26.537993 0.088721 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:26.627092 0.044243 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:26.671782 0.229985 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 354 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:26.902164 0.203011 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:27.105544 1.444500 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 552 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:28.554826 0.159775 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 472 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:28.714973 0.067739 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:28.783110 0.072044 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 349 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:28.855560 0.134985 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:28.990956 0.373126 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:29.364495 0.185106 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 466 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:29.549965 0.054689 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:29.605120 0.178828 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:29.784390 0.145391 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:29.930189 0.151423 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:30.081980 0.047238 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:30.129651 0.160463 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:30.290519 0.347844 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 350 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:30.638725 0.180966 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:30.820088 0.363790 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 385 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:31.184352 0.294394 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:18:31.479128 0.370616 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 418 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:23:33.886063 2.964383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 06:23:40.802922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:23:48.701238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:24:04.480429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:24:36.037714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:30:21.606632 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 06:30:21.606784 1.289501 tcp 10.0.2.109 63229 -> 165.124.44.208 3747 FSPA* 0 0 15 1694 flow=From-Botnet-V1-TCP-Established 1970/02/19 06:30:38.452357 3.002148 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 06:30:45.460483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:30:53.461706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:31:09.464686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:31:41.470887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:37:45.476824 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 06:37:52.484471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:38:00.485919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:38:16.488663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:38:48.494819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:44:52.501305 3.002225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 06:44:59.509116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:45:07.509694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:45:23.512665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:45:55.701393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:48:44.181698 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 06:48:44.181803 0.159400 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:44.341644 0.122309 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:44.464341 0.074559 rtcp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 458 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:44.539336 0.149189 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:44.688962 0.343418 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 346 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:45.032788 0.189955 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:45.223134 0.156649 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 331 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:45.380146 0.089367 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 327 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:45.470006 0.053928 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:45.524384 0.171318 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:45.696081 0.184850 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 463 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:45.881313 0.058530 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:45.942223 0.158255 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:46.100830 0.067526 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:46.168790 0.075575 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 357 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:46.244722 0.135398 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:46.380518 0.054650 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 464 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:46.435538 0.177521 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:46.613524 0.039839 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:46.653814 0.373653 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 388 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:47.027833 0.172229 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 506 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:47.200505 0.146803 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:47.347675 0.042120 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 510 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:47.390165 0.159428 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 410 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:47.549972 0.343193 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 457 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:47.893628 0.304752 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:48.198778 0.355966 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 301 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:48.759114 0.298949 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 391 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:48:49.058510 0.358989 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 425 flow=From-Botnet-V1-UDP-Established 1970/02/19 06:54:06.539084 3.000060 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 06:54:13.544944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:54:21.545916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:54:37.549451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 06:55:09.555467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:00:22.895973 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 07:00:22.896060 0.788137 tcp 10.0.2.109 63230 -> 165.124.44.208 3747 FSPA* 0 0 15 1744 flow=From-Botnet-V1-TCP-Established 1970/02/19 07:01:19.570438 3.001229 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 07:01:26.577717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:01:34.579088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:01:50.581898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:02:22.587736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:08:35.596756 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 07:08:42.604361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:08:50.605506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:09:06.608815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:09:38.614772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:15:42.621148 3.001304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 07:15:49.628083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:15:57.629750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:16:13.632724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:16:45.638634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:18:56.817857 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 07:18:56.818044 0.068346 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 270 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:56.886770 0.148545 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 335 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:57.035678 0.159613 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:57.195660 0.133061 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 223 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:57.329147 0.342077 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 501 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:57.671631 0.188619 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:57.860617 0.157069 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 285 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:58.018101 0.092134 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 498 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:58.110633 0.062658 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:58.173717 0.166407 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 271 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:58.340517 0.184651 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 352 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:58.525553 0.062991 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:58.588979 0.154439 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 392 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:58.743803 0.070702 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:58.814913 0.075572 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:58.890851 0.134884 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 289 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:59.026158 0.054419 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 386 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:59.081060 0.163657 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 256 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:59.245103 0.039215 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:59.284702 0.369884 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 402 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:59.654940 0.166963 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 532 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:59.822314 0.155073 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:18:59.977802 0.041508 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:19:00.019652 0.159750 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 378 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:19:00.179828 0.361820 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:19:00.542072 0.183435 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:19:00.725896 0.338679 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 547 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:19:01.065058 0.287175 udp 10.0.2.109 3683 <-> 219.96.45.226 2228 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:19:01.352618 0.342554 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:22:49.644422 3.002104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 07:22:56.653019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:23:04.654470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:23:20.656782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:23:52.662919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:29:56.668697 3.003134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 07:30:03.676159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:30:11.677737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:30:23.685590 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 07:30:23.685746 0.946039 tcp 10.0.2.109 63231 -> 165.124.44.208 3747 FSPA* 0 0 15 1742 flow=From-Botnet-V1-TCP-Established 1970/02/19 07:30:27.680730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:30:59.686735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:37:03.692500 3.001878 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 07:37:10.700310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:37:18.701573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:37:34.704900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:38:06.710798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:44:10.718263 3.000160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 07:44:17.724541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:44:25.726780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:44:41.728669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:45:13.734648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:49:19.388127 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 07:49:19.388294 0.163948 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 521 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:19.552698 0.124541 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:19.677647 0.316212 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:19.994279 0.074170 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 428 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:20.068870 0.146057 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:20.215388 0.184379 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 419 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:20.400147 0.157115 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 329 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:20.557687 0.088132 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:20.646337 0.055702 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:20.702417 0.165449 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:20.868232 0.192978 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:21.061582 0.064208 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 438 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:21.126336 0.156129 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 252 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:21.282890 0.068292 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:21.351528 0.075951 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 530 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:21.427880 0.136153 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:21.564385 0.058619 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 572 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:21.623391 0.164445 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:21.788251 0.040365 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 404 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:21.828989 0.377788 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 382 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:22.207169 0.163613 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 415 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:22.371209 0.149949 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:22.521547 0.048736 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 379 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:22.570678 0.161203 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 558 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:22.732341 0.344780 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 373 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:23.077603 0.053938 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:23.131938 0.342990 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 234 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:23.475319 0.317385 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 345 flow=From-Botnet-V1-UDP-Established 1970/02/19 07:49:23.793115 0.000000 udp 10.0.2.109 3683 -> 219.96.45.226 2228 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 07:49:39.187563 0.063471 tcp 10.0.2.109 63232 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 07:49:39.251328 0.037273 tcp 10.0.2.109 63233 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 07:49:39.288912 0.125535 tcp 10.0.2.109 63234 -> 195.113.214.249 443 SRPA* 0 0 31 22097 flow=From-Botnet-V1-TCP-Established 1970/02/19 07:53:38.743043 3.005399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 07:53:45.751062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:53:53.752012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:54:09.755568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 07:54:41.761083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:00:24.634681 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 08:00:24.634859 0.828440 tcp 10.0.2.109 63235 -> 165.124.44.208 3747 FSPA* 0 0 15 1649 flow=From-Botnet-V1-TCP-Established 1970/02/19 08:00:45.767196 3.001819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 08:00:52.774379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:01:00.776509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:01:16.779332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:01:48.789128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:07:52.791480 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 08:07:59.799161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:08:07.800477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:08:23.806515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:08:55.809299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:14:59.815514 3.001362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 08:15:06.822391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:15:14.823807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:15:30.826846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:16:02.833273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:20:07.938405 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 08:20:07.938545 0.000000 udp 10.0.2.109 3683 -> 219.96.45.226 2228 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 08:20:25.407537 0.064771 tcp 10.0.2.109 63236 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 08:20:25.472590 0.038263 tcp 10.0.2.109 63237 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 08:20:25.511133 0.128071 tcp 10.0.2.109 63238 -> 195.113.214.249 443 SRPA* 0 0 40 21312 flow=From-Botnet-V1-TCP-Established 1970/02/19 08:20:25.639905 0.156517 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:25.796839 0.129011 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 296 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:25.926375 0.076108 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 449 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:26.002852 0.148506 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:26.151750 0.180170 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 440 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:26.332362 0.158404 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 511 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:26.491180 0.090923 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 479 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:26.582530 0.054154 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 399 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:26.637113 0.315573 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 263 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:26.953188 0.061086 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 523 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:27.014698 0.155484 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 408 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:27.170633 0.068071 udp 10.0.2.109 3683 <-> 91.6.59.98 5333 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:27.239078 0.168204 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 518 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:27.407756 0.190261 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 341 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:27.598411 0.135131 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:27.733917 0.065623 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 304 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:27.799938 0.163117 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:27.963382 0.077285 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 338 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:28.041074 0.354351 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 483 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:28.395887 0.167639 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:28.563908 0.152980 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:28.717310 0.041679 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 374 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:28.759392 0.161638 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:28.921452 0.039333 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 473 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:28.961147 0.318593 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:29.280170 0.212262 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:29.492801 0.361983 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 492 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:20:29.855260 0.350363 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 536 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:22:06.840154 3.000895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 08:22:13.846796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:22:21.848688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:22:37.851405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:23:09.856891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:29:13.862400 3.002274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 08:29:20.870633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:29:28.872605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:29:44.875443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:30:16.881297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:30:25.464013 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 08:30:25.464182 0.737610 tcp 10.0.2.109 63239 -> 165.124.44.208 3747 FSPA* 0 0 15 1718 flow=From-Botnet-V1-TCP-Established 1970/02/19 08:36:20.888542 3.000933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 08:36:27.894762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:36:35.896404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:36:51.899142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:37:23.905291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:43:27.912368 3.000414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 08:43:34.918826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:43:42.920210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:43:58.923161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:44:30.929225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:50:34.422634 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 08:50:34.422851 0.160269 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 446 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:34.583514 0.147585 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 395 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:34.731518 0.187074 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 540 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:34.919003 0.158779 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 340 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:34.935187 3.001862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 08:50:35.078170 0.100164 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 377 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:35.178774 0.053542 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:35.232687 0.133763 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:35.366866 0.073857 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 337 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:35.441102 0.316085 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 546 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:35.757618 0.068143 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 516 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:35.826370 0.155000 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 403 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:35.981763 0.000000 udp 10.0.2.109 3683 -> 91.6.59.98 5333 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 08:50:41.942188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:50:49.944078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:50:54.722993 0.072297 tcp 10.0.2.109 63240 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 08:50:54.795574 0.121462 tcp 10.0.2.109 63241 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 08:50:54.917316 0.132435 tcp 10.0.2.109 63242 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/19 08:50:55.050528 0.165602 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 365 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:55.216535 0.190191 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 548 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:55.407132 0.135112 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 237 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:55.542675 0.059925 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 277 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:55.603006 0.333294 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 504 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:55.936704 0.168611 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 284 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:56.105752 0.150693 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 299 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:56.256813 0.091864 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 302 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:56.349100 0.165343 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:56.514887 0.075706 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 276 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:56.590952 0.156375 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 245 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:56.747668 0.038896 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 336 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:56.786937 0.316439 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:57.103828 0.369214 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 294 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:57.473461 0.345809 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:50:57.819642 0.361564 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 434 flow=From-Botnet-V1-UDP-Established 1970/02/19 08:51:05.947267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:51:37.953504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:57:41.959965 3.000664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 08:57:48.978940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:57:56.968030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:58:12.971359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 08:58:44.977500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:00:26.203281 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 09:00:26.203508 0.833333 tcp 10.0.2.109 63243 -> 165.124.44.208 3747 FSPA* 0 0 15 1687 flow=From-Botnet-V1-TCP-Established 1970/02/19 09:04:52.988910 3.001580 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 09:04:59.996497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:05:07.998018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:05:24.000829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:05:56.006991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:12:00.012576 3.002001 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 09:12:07.026369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:12:15.021812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:12:31.024788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:13:03.031086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:19:07.056281 3.002336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 09:19:14.064272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:19:22.065767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:19:38.068743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:20:10.075030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:21:07.261313 0.000141 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 09:21:07.261559 0.000000 udp 10.0.2.109 3683 -> 91.6.59.98 5333 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 09:21:24.002787 0.069255 tcp 10.0.2.109 63244 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 09:21:24.072382 0.054458 tcp 10.0.2.109 63245 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 09:21:24.127189 0.139453 tcp 10.0.2.109 63246 -> 195.113.214.249 443 SRPA* 0 0 41 22752 flow=From-Botnet-V1-TCP-Established 1970/02/19 09:21:24.285673 0.160075 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 380 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:24.446170 0.149186 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 502 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:24.595782 0.163791 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 490 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:24.759943 0.089096 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 545 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:24.849432 0.056537 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:24.906532 0.178609 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:25.085568 0.076776 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 424 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:25.162774 0.314617 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 432 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:25.477838 0.129012 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 389 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:25.607271 0.057739 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 528 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:25.665412 0.155694 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 476 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:25.821499 0.165598 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 274 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:25.987477 0.188953 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:26.176817 0.135184 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 376 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:26.312425 0.054489 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 332 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:26.367320 0.335795 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 459 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:26.703530 0.171775 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 508 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:26.875692 0.152647 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 407 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:27.028753 0.042412 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 401 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:27.071537 0.166940 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 484 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:27.238914 0.071737 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 468 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:27.311074 0.158060 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 442 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:27.469515 0.037866 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:27.507812 0.320159 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 426 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:27.828422 0.287160 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 368 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:28.116014 0.348667 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 369 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:21:28.465079 0.368528 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 334 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:26:14.081102 3.001131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 09:26:21.088130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:26:29.091613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:26:45.092667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:27:17.101390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:30:27.068860 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 09:30:27.069044 0.815781 tcp 10.0.2.109 63247 -> 165.124.44.208 3747 FSPA* 0 0 15 1662 flow=From-Botnet-V1-TCP-Established 1970/02/19 09:33:21.104885 3.002408 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 09:33:28.112142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:33:36.114336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:33:52.116564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:34:24.123102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:40:28.128999 3.001530 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 09:40:35.136499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:40:43.137787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:40:59.140588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:41:31.147001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:47:35.152456 3.003277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 09:47:42.164022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:47:50.161568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:48:06.164674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:48:38.170667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:51:48.704786 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 09:51:48.704944 0.156213 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:48.861592 0.162993 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 2 445 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:49.025032 0.149191 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 2 431 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:49.174699 0.092253 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 319 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:49.267344 0.053021 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 2 422 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:49.320783 0.179853 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 2 411 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:49.501075 0.073251 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:49.574667 0.317064 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 2 381 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:49.892167 0.139919 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 2 367 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:50.032516 0.056855 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 2 286 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:50.089800 0.154277 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 2 393 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:50.244442 0.166420 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 2 397 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:50.411231 0.187319 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 2 500 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:50.599003 0.136058 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 2 533 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:50.735482 0.070340 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 2 417 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:50.806274 0.329876 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 2 544 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:51.136547 0.167708 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 2 359 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:51.304651 0.149807 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 2 493 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:51.454904 0.057385 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 2 443 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:51.512688 0.165080 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 2 227 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:51.678410 0.071918 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 2 355 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:51.750752 0.158969 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 2 295 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:51.910087 0.038721 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 2 514 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:51.949229 0.322318 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 2 342 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:52.271945 0.360780 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 2 351 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:52.633077 0.304464 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 2 364 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:51:52.937944 0.345567 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 2 390 flow=From-Botnet-V1-UDP-Established 1970/02/19 09:55:31.176950 3.001909 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 09:55:38.185106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:55:46.186329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:56:02.188913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 09:56:34.195069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:00:27.881488 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:00:27.881594 0.599149 tcp 10.0.2.109 63248 -> 165.124.44.208 3747 FSPA* 0 0 11 1155 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:28.110817 0.067101 tcp 10.0.2.109 63249 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:28.178253 0.135131 tcp 10.0.2.109 63250 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:28.313655 0.142742 tcp 10.0.2.109 63251 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:28.480957 3.006020 tcp 10.0.2.109 63252 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:00:37.484614 0.000000 tcp 10.0.2.109 63252 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:00:43.475917 0.069817 tcp 10.0.2.109 63253 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:43.546093 0.035975 tcp 10.0.2.109 63254 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:43.582413 0.143333 tcp 10.0.2.109 63255 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:43.735350 0.359123 tcp 10.0.2.109 63256 -> 176.73.169.112 1959 FSPA* 0 0 13 1263 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:43.844453 0.066540 tcp 10.0.2.109 63257 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:43.911316 0.034450 tcp 10.0.2.109 63258 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:43.946120 0.135653 tcp 10.0.2.109 63259 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:44.094778 0.356874 tcp 10.0.2.109 63260 -> 5.178.194.36 4983 FSPA* 0 0 13 1263 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:44.205826 0.063630 tcp 10.0.2.109 63261 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:44.269814 0.034444 tcp 10.0.2.109 63262 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:44.304495 0.137305 tcp 10.0.2.109 63263 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:44.451851 0.229025 tcp 10.0.2.109 63264 -> 165.124.44.208 3747 FSPA* 0 0 13 1263 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:44.681123 2.998163 tcp 10.0.2.109 63265 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:00:53.678377 0.000000 tcp 10.0.2.109 63265 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:00:59.676958 0.110125 tcp 10.0.2.109 63266 -> 176.73.169.112 1959 FSPA* 0 0 13 1263 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:00:59.787244 0.113250 tcp 10.0.2.109 63267 -> 5.178.194.36 4983 FSPA* 0 0 13 1263 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:02:52.201456 3.001340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 10:02:59.215439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:03:07.210464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:03:23.217563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:03:55.219406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:05:59.899572 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:05:59.899790 3.002923 tcp 10.0.2.109 63268 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:06:08.901133 0.000000 tcp 10.0.2.109 63268 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:06:14.901825 0.061453 tcp 10.0.2.109 63269 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:14.963608 0.037663 tcp 10.0.2.109 63270 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.001554 0.167827 tcp 10.0.2.109 63271 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.178934 0.340666 tcp 10.0.2.109 63272 -> 176.73.169.112 1959 FSPA* 0 0 13 1327 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.287774 0.062569 tcp 10.0.2.109 63273 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.350624 0.034826 tcp 10.0.2.109 63274 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.385746 0.124772 tcp 10.0.2.109 63275 -> 195.113.214.249 443 SRPA* 0 0 24 13350 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.519833 0.346885 tcp 10.0.2.109 63276 -> 5.178.194.36 4983 FSPA* 0 0 13 1327 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.632712 0.064522 tcp 10.0.2.109 63277 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.697510 0.034537 tcp 10.0.2.109 63278 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.732306 0.125146 tcp 10.0.2.109 63279 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:15.866939 0.514794 tcp 10.0.2.109 63280 -> 165.124.44.208 3747 FSPA* 0 0 13 1327 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:16.118326 0.068349 tcp 10.0.2.109 63281 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:16.187005 0.043018 tcp 10.0.2.109 63282 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:16.230410 0.141144 tcp 10.0.2.109 63283 -> 195.113.214.249 443 SRPA* 0 0 41 22752 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:16.381966 3.004699 tcp 10.0.2.109 63284 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:06:25.384925 0.000000 tcp 10.0.2.109 63284 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:06:31.384177 0.111047 tcp 10.0.2.109 63285 -> 176.73.169.112 1959 FSPA* 0 0 13 1327 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:31.495440 0.113002 tcp 10.0.2.109 63286 -> 5.178.194.36 4983 FSPA* 0 0 13 1327 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:06:31.608677 0.276545 tcp 10.0.2.109 63287 -> 165.124.44.208 3747 FSPA* 0 0 13 1327 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:09:59.225477 3.001567 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 10:10:06.232572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:10:14.234658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:10:30.237242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:11:02.243276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:11:31.883020 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:11:31.883184 2.994432 tcp 10.0.2.109 63288 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:11:40.868585 0.000000 tcp 10.0.2.109 63288 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:11:46.879181 0.070284 tcp 10.0.2.109 63289 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:46.949723 0.036314 tcp 10.0.2.109 63290 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:46.986491 0.143484 tcp 10.0.2.109 63291 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:47.139555 0.352776 tcp 10.0.2.109 63292 -> 176.73.169.112 1959 FSPA* 0 0 13 1430 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:47.248129 0.064762 tcp 10.0.2.109 63293 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:47.313183 0.033288 tcp 10.0.2.109 63294 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:47.346717 0.133083 tcp 10.0.2.109 63295 -> 195.113.214.249 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:47.492610 0.399571 tcp 10.0.2.109 63296 -> 5.178.194.36 4983 FSPA* 0 0 13 1430 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:47.606660 0.065893 tcp 10.0.2.109 63297 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:47.672834 0.035120 tcp 10.0.2.109 63298 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:47.708237 0.173975 tcp 10.0.2.109 63299 -> 195.113.214.249 443 SRPA* 0 0 23 13372 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:47.892344 0.803310 tcp 10.0.2.109 63300 -> 165.124.44.208 3747 FSPA* 0 0 13 1430 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:48.144568 0.064933 tcp 10.0.2.109 63301 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:48.209780 0.301318 tcp 10.0.2.109 63302 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:48.511390 0.146110 tcp 10.0.2.109 63303 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:11:48.695912 2.998435 tcp 10.0.2.109 63304 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:11:57.693267 0.000000 tcp 10.0.2.109 63304 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:12:03.691719 0.109870 tcp 10.0.2.109 63305 -> 176.73.169.112 1959 FSPA* 0 0 13 1430 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:12:03.801833 0.108524 tcp 10.0.2.109 63306 -> 5.178.194.36 4983 FSPA* 0 0 13 1430 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:12:03.910552 0.227094 tcp 10.0.2.109 63307 -> 165.124.44.208 3747 FSPA* 0 0 13 1430 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:17:04.133871 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:17:04.133969 3.004030 tcp 10.0.2.109 63308 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:17:06.249111 3.001427 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 10:17:13.146459 0.000000 tcp 10.0.2.109 63308 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:17:13.256721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:17:19.136677 0.061127 tcp 10.0.2.109 63309 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:17:19.198066 0.037067 tcp 10.0.2.109 63310 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:17:19.235460 0.128733 tcp 10.0.2.109 63311 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:17:19.376957 0.537601 tcp 10.0.2.109 63312 -> 165.124.44.208 3747 FSPA* 0 0 13 1399 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:17:19.653858 0.064605 tcp 10.0.2.109 63313 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:17:19.719030 0.034548 tcp 10.0.2.109 63314 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:17:19.753894 0.150723 tcp 10.0.2.109 63315 -> 195.113.214.249 443 SRPA* 0 0 22 11858 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:17:19.914794 2.995724 tcp 10.0.2.109 63316 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:17:21.257786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:17:28.909048 0.000000 tcp 10.0.2.109 63316 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:17:34.909568 0.276600 tcp 10.0.2.109 63317 -> 165.124.44.208 3747 FSPA* 0 0 13 1399 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:17:37.261209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:18:09.276408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:21:55.664914 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:21:55.665105 0.182366 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:55.824263 0.173019 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:55.986540 0.174914 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:56.136978 0.093050 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:56.305475 0.064197 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:56.447529 0.315291 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:56.824853 0.139678 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:56.950194 0.199214 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:57.141933 0.119572 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:57.220953 0.099991 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:57.289530 0.180368 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:57.447398 0.235762 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:57.679479 0.193120 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:57.869684 0.138430 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:58.006604 0.169188 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:58.195262 0.058648 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:58.268822 0.338217 rtp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:58.602886 0.162931 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:58.757861 0.044357 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:58.819915 0.167371 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:59.005976 0.076326 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:59.092561 0.180750 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 1993 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:59.254139 0.057383 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:59.294068 0.318245 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:21:59.613635 0.388288 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2555 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:22:00.002336 0.490230 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:22:00.458240 0.354214 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:22:35.179815 0.381715 tcp 10.0.2.109 63318 -> 176.73.169.112 1959 FSPA* 0 0 13 1231 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:35.297106 0.073508 tcp 10.0.2.109 63319 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:35.370905 0.034365 tcp 10.0.2.109 63320 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:35.405554 0.145075 tcp 10.0.2.109 63321 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:35.561752 0.370701 tcp 10.0.2.109 63322 -> 5.178.194.36 4983 FSPA* 0 0 13 1231 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:35.672262 0.074154 tcp 10.0.2.109 63323 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:35.746701 0.036336 tcp 10.0.2.109 63324 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:35.783294 0.137321 tcp 10.0.2.109 63325 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:35.932717 3.002266 tcp 10.0.2.109 63326 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:22:44.933621 0.000000 tcp 10.0.2.109 63326 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:22:50.933143 0.075926 tcp 10.0.2.109 63327 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:51.009357 0.039711 tcp 10.0.2.109 63328 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:51.049375 0.130804 tcp 10.0.2.109 63329 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:22:51.191268 1.475942 tcp 10.0.2.109 63330 -> 176.62.240.159 19094 SPA_* 0 0 9 1015 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:01.046820 0.268370 tcp 10.0.2.109 63330 -> 176.62.240.159 19094 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:01.047555 0.073680 tcp 10.0.2.109 63331 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:01.121601 0.035106 tcp 10.0.2.109 63332 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:01.157022 0.139364 tcp 10.0.2.109 63333 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:01.315444 3.002434 tcp 10.0.2.109 63334 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:23:10.328765 0.000000 tcp 10.0.2.109 63334 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:23:16.309162 0.066835 tcp 10.0.2.109 63335 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:16.376278 0.053375 tcp 10.0.2.109 63336 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:16.429927 0.130548 tcp 10.0.2.109 63337 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:16.586818 3.118045 tcp 10.0.2.109 63338 -> 46.50.226.74 10856 SPA_* 0 0 10 1077 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:40.814128 0.254416 tcp 10.0.2.109 63338 -> 46.50.226.74 10856 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:40.815047 0.075322 tcp 10.0.2.109 63339 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:40.890713 0.035035 tcp 10.0.2.109 63340 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:40.926561 0.130395 tcp 10.0.2.109 63341 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:41.068806 0.139676 tcp 10.0.2.109 63342 -> 176.73.169.112 1959 FSPA* 0 0 13 1231 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:41.208765 0.135416 tcp 10.0.2.109 63343 -> 5.178.194.36 4983 FSPA* 0 0 13 1231 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:41.344386 3.273007 tcp 10.0.2.109 63344 -> 77.50.112.98 27555 SPA_* 0 0 10 1077 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:47.681499 0.000419 tcp 10.0.2.109 63344 -> 77.50.112.98 27555 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:23:47.682249 1.372035 tcp 10.0.2.109 63345 -> 176.62.240.159 19094 SPA_* 0 0 9 1015 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:24:04.590659 0.457291 tcp 10.0.2.109 63345 -> 176.62.240.159 19094 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:24:04.591175 3.001134 tcp 10.0.2.109 63346 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:24:13.277831 3.000562 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 10:24:13.595207 0.000000 tcp 10.0.2.109 63346 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:24:19.589863 3.003921 tcp 10.0.2.109 63347 -> 46.50.226.74 10856 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:24:20.280565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:24:28.282641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:24:28.592295 0.000000 tcp 10.0.2.109 63347 -> 46.50.226.74 10856 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:24:34.252893 0.010366 udp 10.0.2.109 62578 <-> 8.8.8.8 53 CON 0 0 2 168 flow=From-Botnet-V1-DNS 1970/02/19 10:24:34.263721 0.009921 udp 10.0.2.109 60761 <-> 8.8.8.8 53 CON 0 0 2 180 flow=From-Botnet-V1-DNS 1970/02/19 10:24:44.285005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:25:16.291360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:25:22.805049 0.000314 tcp 10.0.2.109 63347 -> 46.50.226.74 10856 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:25:22.805251 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:29:34.593144 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:29:34.593283 0.815820 tcp 10.0.2.109 63348 -> 176.73.169.112 1959 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:34.796448 0.162502 tcp 10.0.2.109 63349 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:34.959248 0.038029 tcp 10.0.2.109 63350 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:34.997560 0.401564 tcp 10.0.2.109 63351 -> 195.113.214.249 443 SRPA* 0 0 37 25303 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:35.409329 0.456290 tcp 10.0.2.109 63352 -> 5.178.194.36 4983 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:35.605893 0.068564 tcp 10.0.2.109 63353 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:35.674780 0.034840 tcp 10.0.2.109 63354 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:35.709896 0.137318 tcp 10.0.2.109 63355 -> 195.113.214.249 443 SRPA* 0 0 21 11728 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:35.865851 0.276117 tcp 10.0.2.109 63356 -> 77.50.112.98 27555 SPA_* 0 0 9 1192 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:46.383058 0.254669 tcp 10.0.2.109 63356 -> 77.50.112.98 27555 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:46.383915 0.065915 tcp 10.0.2.109 63357 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:46.450177 0.043787 tcp 10.0.2.109 63358 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:46.494431 0.133535 tcp 10.0.2.109 63359 -> 195.113.214.249 443 SRPA* 0 0 23 11914 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:29:46.638013 2.995814 tcp 10.0.2.109 63360 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:29:55.633332 0.000000 tcp 10.0.2.109 63360 -> 176.62.240.159 19094 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:30:01.633778 0.067081 tcp 10.0.2.109 63361 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:01.701127 0.034511 tcp 10.0.2.109 63362 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:01.735888 0.128846 tcp 10.0.2.109 63363 -> 195.113.214.249 443 SRPA* 0 0 24 12632 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:01.876599 2.999677 tcp 10.0.2.109 63364 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:30:10.874748 0.000000 tcp 10.0.2.109 63364 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:30:16.873989 0.062437 tcp 10.0.2.109 63365 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:16.936697 0.078626 tcp 10.0.2.109 63366 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:17.015630 0.127102 tcp 10.0.2.109 63367 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:17.171956 2.995918 tcp 10.0.2.109 63368 -> 46.50.226.74 10856 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:30:26.176446 0.000000 tcp 10.0.2.109 63368 -> 46.50.226.74 10856 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:30:32.165709 0.073636 tcp 10.0.2.109 63369 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:32.239614 0.037207 tcp 10.0.2.109 63370 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:32.277188 0.149735 tcp 10.0.2.109 63371 -> 195.113.214.249 443 SRPA* 0 0 21 11730 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:32.454989 0.171487 tcp 10.0.2.109 63372 -> 176.73.169.112 1959 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:32.626692 0.171934 tcp 10.0.2.109 63373 -> 5.178.194.36 4983 FSPA* 0 0 13 1408 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:30:32.798900 2.991431 tcp 10.0.2.109 63374 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:30:41.789014 0.000000 tcp 10.0.2.109 63374 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:30:47.787882 3.344899 tcp 10.0.2.109 63375 -> 176.62.240.159 19094 SPA_* 0 0 10 1254 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:31:02.129773 0.000580 tcp 10.0.2.109 63375 -> 176.62.240.159 19094 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:31:02.130544 2.992493 tcp 10.0.2.109 63376 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:31:05.515029 0.000160 tcp 10.0.2.109 63364 -> 46.48.240.210 29630 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:31:11.125799 0.000000 tcp 10.0.2.109 63376 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:31:17.120002 3.395983 tcp 10.0.2.109 63377 -> 46.50.226.74 10856 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:31:20.297002 3.001850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 10:31:27.304670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:31:35.305842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:31:51.309907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:32:23.315196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:36:20.516613 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:36:20.516704 0.375086 tcp 10.0.2.109 63378 -> 176.73.169.112 1959 FSPA* 0 0 13 1343 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:20.652966 0.063190 tcp 10.0.2.109 63379 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:20.716476 0.034567 tcp 10.0.2.109 63380 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:20.751406 0.129325 tcp 10.0.2.109 63381 -> 195.113.214.249 443 SRPA* 0 0 22 11860 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:20.892019 0.394956 tcp 10.0.2.109 63382 -> 5.178.194.36 4983 FSPA* 0 0 13 1343 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:21.041754 0.066870 tcp 10.0.2.109 63383 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:21.108896 0.034707 tcp 10.0.2.109 63384 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:21.143862 0.126680 tcp 10.0.2.109 63385 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:21.287226 2.994224 tcp 10.0.2.109 63386 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:36:30.280092 0.000000 tcp 10.0.2.109 63386 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:36:36.279551 0.061479 tcp 10.0.2.109 63387 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:36.341281 0.034576 tcp 10.0.2.109 63388 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:36.376128 0.139830 tcp 10.0.2.109 63389 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:36.528628 3.004849 tcp 10.0.2.109 63390 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:36:45.532304 0.000000 tcp 10.0.2.109 63390 -> 176.62.240.159 19094 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:36:51.521158 0.136496 tcp 10.0.2.109 63391 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:51.657895 0.032748 tcp 10.0.2.109 63392 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:51.690877 0.129914 tcp 10.0.2.109 63393 -> 195.113.214.249 443 SRPA* 0 0 24 13314 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:36:51.831526 3.003800 tcp 10.0.2.109 63394 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:37:00.833636 0.000000 tcp 10.0.2.109 63394 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:37:06.833386 0.065205 tcp 10.0.2.109 63395 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:37:06.898911 0.038127 tcp 10.0.2.109 63396 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:37:06.937362 0.135524 tcp 10.0.2.109 63397 -> 195.113.214.249 443 SRPA* 0 0 40 21978 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:37:07.115971 3.001514 tcp 10.0.2.109 63398 -> 46.50.226.74 10856 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:37:16.126097 0.000000 tcp 10.0.2.109 63398 -> 46.50.226.74 10856 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:37:22.114940 0.065317 tcp 10.0.2.109 63399 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:37:22.180581 0.037303 tcp 10.0.2.109 63400 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:37:22.218286 0.132353 tcp 10.0.2.109 63401 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:37:22.361775 0.132839 tcp 10.0.2.109 63402 -> 176.73.169.112 1959 FSPA* 0 0 13 1343 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:37:22.494854 0.134215 tcp 10.0.2.109 63403 -> 5.178.194.36 4983 FSPA* 0 0 13 1343 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:37:22.629344 3.000217 tcp 10.0.2.109 63404 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:37:31.628145 0.000000 tcp 10.0.2.109 63404 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:37:37.627409 2.993851 tcp 10.0.2.109 63405 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:37:46.619804 0.000000 tcp 10.0.2.109 63405 -> 176.62.240.159 19094 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:37:52.628760 3.004234 tcp 10.0.2.109 63406 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:38:01.631317 0.000000 tcp 10.0.2.109 63406 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:38:07.630155 1.115138 tcp 10.0.2.109 63407 -> 46.50.226.74 10856 SPA_* 0 0 9 1127 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:38:16.081997 0.000414 tcp 10.0.2.109 63407 -> 46.50.226.74 10856 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:38:27.321058 3.002016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 10:38:34.328585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:38:42.329966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:38:58.344671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:39:30.339179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:43:16.084125 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:43:16.084292 0.385093 tcp 10.0.2.109 63408 -> 176.73.169.112 1959 FSPA* 0 0 13 1416 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:16.199053 0.068597 tcp 10.0.2.109 63409 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:16.267893 0.036024 tcp 10.0.2.109 63410 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:16.304179 0.146539 tcp 10.0.2.109 63411 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:16.469679 0.386157 tcp 10.0.2.109 63412 -> 5.178.194.36 4983 FSPA* 0 0 13 1416 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:16.586959 0.062182 tcp 10.0.2.109 63413 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:16.649461 0.040006 tcp 10.0.2.109 63414 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:16.689792 0.154031 tcp 10.0.2.109 63415 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:16.856117 2.992647 tcp 10.0.2.109 63416 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:43:25.857872 0.000000 tcp 10.0.2.109 63416 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:43:31.856911 0.063354 tcp 10.0.2.109 63417 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:31.920512 0.042682 tcp 10.0.2.109 63418 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:31.963468 0.321370 tcp 10.0.2.109 63419 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:32.302021 3.297805 tcp 10.0.2.109 63420 -> 176.62.240.159 19094 SPA_* 0 0 10 1262 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:47.647661 0.259789 tcp 10.0.2.109 63420 -> 176.62.240.159 19094 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:47.648548 0.064431 tcp 10.0.2.109 63421 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:47.713304 0.041308 tcp 10.0.2.109 63422 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:47.754950 0.137278 tcp 10.0.2.109 63423 -> 195.113.214.249 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:43:47.907749 3.005491 tcp 10.0.2.109 63424 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:43:56.911703 0.000000 tcp 10.0.2.109 63424 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:44:02.901150 0.065385 tcp 10.0.2.109 63425 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:02.966803 0.037041 tcp 10.0.2.109 63426 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:03.004110 0.145204 tcp 10.0.2.109 63427 -> 195.113.214.249 443 SRPA* 0 0 23 11876 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:03.167928 3.007660 tcp 10.0.2.109 63428 -> 46.50.226.74 10856 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:44:12.174449 0.000000 tcp 10.0.2.109 63428 -> 46.50.226.74 10856 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:44:18.163966 0.061297 tcp 10.0.2.109 63429 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:18.225566 0.265384 tcp 10.0.2.109 63430 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:18.491296 0.613985 tcp 10.0.2.109 63431 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:19.127588 0.055884 tcp 10.0.2.109 63432 -> 176.73.169.112 1959 SPA_* 0 0 9 1200 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:34.355005 0.000159 tcp 10.0.2.109 63428 -> 46.50.226.74 10856 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:49.177398 0.055678 tcp 10.0.2.109 63432 -> 176.73.169.112 1959 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:49.177720 0.108179 tcp 10.0.2.109 63433 -> 5.178.194.36 4983 FSPA* 0 0 13 1416 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:44:49.286174 2.995430 tcp 10.0.2.109 63434 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:44:58.281642 0.000000 tcp 10.0.2.109 63434 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:45:04.279131 0.299593 tcp 10.0.2.109 63435 -> 176.62.240.159 19094 SPA_* 0 0 9 1200 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:45:29.265528 0.000371 tcp 10.0.2.109 63435 -> 176.62.240.159 19094 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:45:29.266120 2.993246 tcp 10.0.2.109 63436 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:45:34.345853 3.000962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 10:45:38.257895 0.000000 tcp 10.0.2.109 63436 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:45:41.352497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:45:44.257140 2.993692 tcp 10.0.2.109 63437 -> 46.50.226.74 10856 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:45:49.353837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:45:53.249620 0.000000 tcp 10.0.2.109 63437 -> 46.50.226.74 10856 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:46:05.357295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:46:37.363375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:52:06.396384 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:52:06.396594 0.182906 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:06.585359 0.097120 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 2 316 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:06.682849 0.068293 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:06.733031 0.317746 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:07.051501 0.174477 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:07.214931 0.170797 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:07.364883 0.138718 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:07.494537 0.191898 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:07.678950 0.119630 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:07.762343 0.129635 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:07.855729 0.181218 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:08.013093 0.171755 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:08.181020 0.194971 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 4 1353 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:08.374957 0.220138 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:08.593275 0.453933 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:09.039034 0.088295 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:09.140320 0.638035 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:09.775526 0.313061 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:10.076908 0.790339 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:10.867404 0.181589 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:11.026418 0.056463 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:11.067435 0.320001 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:11.388650 0.166733 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:11.576756 0.076649 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:11.654642 0.353149 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:12.003799 0.368466 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:12.381823 0.275498 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/19 10:52:14.268149 3.005524 tcp 10.0.2.109 63438 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:52:23.270281 0.000000 tcp 10.0.2.109 63438 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:52:29.270857 0.062226 tcp 10.0.2.109 63439 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:29.333347 0.044896 tcp 10.0.2.109 63440 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:29.378557 0.165128 tcp 10.0.2.109 63441 -> 195.113.214.249 443 SRPA* 0 0 42 35466 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:29.559600 3.417873 tcp 10.0.2.109 63442 -> 176.62.240.159 19094 SPA_* 0 0 10 1167 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:35.763457 1.590446 tcp 10.0.2.109 63442 -> 176.62.240.159 19094 FA_F* 0 0 6 584 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:35.764277 0.062060 tcp 10.0.2.109 63443 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:35.826619 0.033373 tcp 10.0.2.109 63444 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:35.860293 0.137380 tcp 10.0.2.109 63445 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:36.038229 3.004679 tcp 10.0.2.109 63446 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:52:45.041989 0.000000 tcp 10.0.2.109 63446 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:52:51.030780 0.061652 tcp 10.0.2.109 63447 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:51.092722 0.033245 tcp 10.0.2.109 63448 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:51.126373 0.167037 tcp 10.0.2.109 63449 -> 195.113.214.249 443 SRPA* 0 0 23 12578 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:51.304221 0.560182 tcp 10.0.2.109 63450 -> 77.50.112.98 27555 FSPA* 0 0 13 1321 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:51.864617 4.314141 tcp 10.0.2.109 63451 -> 176.62.240.159 19094 FSPA* 0 0 14 1635 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:52:56.178971 3.003283 tcp 10.0.2.109 63452 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:53:05.180356 0.000000 tcp 10.0.2.109 63452 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:54:26.369926 3.001628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 10:54:33.377353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:54:41.385292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:54:57.381985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:55:29.387996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 10:58:11.181159 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 10:58:11.181351 3.003867 tcp 10.0.2.109 63453 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:58:20.183851 0.000000 tcp 10.0.2.109 63453 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:58:26.184372 0.061532 tcp 10.0.2.109 63454 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:26.246179 0.033514 tcp 10.0.2.109 63455 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:26.279960 0.133205 tcp 10.0.2.109 63456 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:26.439458 3.007397 tcp 10.0.2.109 63457 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:58:35.446152 0.000000 tcp 10.0.2.109 63457 -> 176.62.240.159 19094 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:58:41.434450 0.062253 tcp 10.0.2.109 63458 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:41.497045 0.039798 tcp 10.0.2.109 63459 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:41.537096 0.138130 tcp 10.0.2.109 63460 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:41.745125 1.800139 tcp 10.0.2.109 63457 -> 176.62.240.159 19094 FA_F* 0 0 6 328 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:41.947215 3.416208 tcp 10.0.2.109 63461 -> 46.48.240.210 29630 SPA_* 0 0 10 1094 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:53.075721 0.650831 tcp 10.0.2.109 63461 -> 46.48.240.210 29630 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:53.076575 0.062137 tcp 10.0.2.109 63462 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:53.138975 0.054205 tcp 10.0.2.109 63463 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:53.193432 0.522596 tcp 10.0.2.109 63464 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:58:53.726790 3.014868 tcp 10.0.2.109 63465 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:59:02.724811 0.000000 tcp 10.0.2.109 63465 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:59:08.728851 2.989503 tcp 10.0.2.109 63466 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:59:17.726585 0.314771 tcp 10.0.2.109 63466 -> 176.62.240.159 19094 SPA_* 0 0 9 1032 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:59:48.039771 0.412609 tcp 10.0.2.109 63466 -> 176.62.240.159 19094 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 10:59:48.040094 3.004137 tcp 10.0.2.109 63467 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 10:59:55.520939 0.002014 tcp 10.0.2.109 63467 -> 46.48.240.210 29630 PA_SA 0 0 8 970 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:00:25.523857 2.993781 tcp 10.0.2.109 63467 -> 46.48.240.210 29630 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:01:56.407540 3.001243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 11:02:03.414335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:02:11.415794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:02:27.418826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:02:59.425236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:05:25.525659 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 11:05:25.525803 2.993765 tcp 10.0.2.109 63468 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:05:34.517929 1.055125 tcp 10.0.2.109 63468 -> 77.50.112.98 27555 FSPA* 0 0 13 1444 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:05:35.156118 0.070948 tcp 10.0.2.109 63469 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:05:35.227338 0.187029 tcp 10.0.2.109 63470 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:05:35.414645 0.140230 tcp 10.0.2.109 63471 -> 195.113.214.249 443 SRPA* 0 0 33 18798 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:05:35.573314 3.464675 tcp 10.0.2.109 63472 -> 176.62.240.159 19094 SPA_* 0 0 10 1290 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:05:45.286085 0.283013 tcp 10.0.2.109 63472 -> 176.62.240.159 19094 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:05:45.286825 0.093604 tcp 10.0.2.109 63473 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:05:45.380702 0.034083 tcp 10.0.2.109 63474 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:05:45.415066 0.144924 tcp 10.0.2.109 63475 -> 195.113.214.249 443 SRPA* 0 0 22 12484 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:05:45.569321 2.999261 tcp 10.0.2.109 63476 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:05:54.576633 0.000000 tcp 10.0.2.109 63476 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:06:00.565584 0.184008 tcp 10.0.2.109 63477 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:06:00.749918 0.033831 tcp 10.0.2.109 63478 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:06:00.784038 0.137037 tcp 10.0.2.109 63479 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:06:00.931752 2.998642 tcp 10.0.2.109 63480 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:06:09.928803 0.000000 tcp 10.0.2.109 63480 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:06:15.927930 3.004159 tcp 10.0.2.109 63481 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:06:24.930403 0.000000 tcp 10.0.2.109 63481 -> 176.62.240.159 19094 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:06:30.929002 3.004190 tcp 10.0.2.109 63482 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:06:39.933256 0.000000 tcp 10.0.2.109 63482 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:09:08.438374 3.004846 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 11:09:15.445480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:09:23.447227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:09:39.450323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:10:11.456499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:11:45.932339 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 11:11:45.932443 1.363793 tcp 10.0.2.109 63483 -> 77.50.112.98 27555 FSPA* 0 0 13 1304 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:11:46.594296 0.062225 tcp 10.0.2.109 63484 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:11:46.656779 0.372712 tcp 10.0.2.109 63485 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:11:47.029743 0.250651 tcp 10.0.2.109 63486 -> 195.113.214.249 443 SRPA* 0 0 24 12594 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:11:47.296448 2.992073 tcp 10.0.2.109 63487 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:11:54.759440 0.001822 tcp 10.0.2.109 63487 -> 176.62.240.159 19094 PA_SA 0 0 8 1026 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:12:11.107381 0.365608 tcp 10.0.2.109 63487 -> 176.62.240.159 19094 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:12:11.108253 0.059810 tcp 10.0.2.109 63488 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:12:11.168340 0.035210 tcp 10.0.2.109 63489 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:12:11.203812 0.247291 tcp 10.0.2.109 63490 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:12:11.473230 2.999985 tcp 10.0.2.109 63491 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:12:20.471522 0.000000 tcp 10.0.2.109 63491 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:12:26.470663 0.063119 tcp 10.0.2.109 63492 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:12:26.534075 0.037072 tcp 10.0.2.109 63493 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:12:26.571486 0.159975 tcp 10.0.2.109 63494 -> 195.113.214.249 443 SRPA* 0 0 24 12594 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:12:26.743718 3.001206 tcp 10.0.2.109 63495 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:12:35.743107 0.666677 tcp 10.0.2.109 63495 -> 77.50.112.98 27555 FSPA* 0 0 13 1304 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:12:36.410117 1.361961 tcp 10.0.2.109 63496 -> 176.62.240.159 19094 SPA_* 0 0 9 1088 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:13:07.769465 0.406589 tcp 10.0.2.109 63496 -> 176.62.240.159 19094 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:13:07.769850 3.004089 tcp 10.0.2.109 63497 -> 46.48.240.210 29630 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:13:16.773755 0.000000 tcp 10.0.2.109 63497 -> 46.48.240.210 29630 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:16:15.471713 3.001400 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 11:16:22.471357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:16:30.471037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:16:46.474578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:17:18.488797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:22:15.999669 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 11:22:15.999783 0.056461 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 3 784 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:16.053190 0.181410 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:16.211644 0.087871 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 4 1412 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:16.307232 0.320099 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:16.629124 0.174811 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:16.793051 0.173885 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:16.945349 0.119126 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:17.024077 0.098169 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:17.082995 0.184587 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:17.244182 0.140412 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:17.373369 0.181246 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 4 1162 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:17.550937 0.171598 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:17.718855 0.196004 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:17.911815 0.138160 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:18.047780 0.172504 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:18.215154 0.093530 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:18.317369 0.338329 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:18.651909 0.185100 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:18.853571 0.044817 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:18.896581 0.186726 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:19.056115 0.056670 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:19.096166 0.319843 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:19.417262 0.350234 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:19.763394 0.166413 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:19.939035 0.076843 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:20.036349 0.367092 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:20.404724 0.619371 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:22:22.798067 3.003715 tcp 10.0.2.109 63498 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:22:31.800693 0.000000 tcp 10.0.2.109 63498 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:22:37.801322 0.064375 tcp 10.0.2.109 63499 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:22:37.866224 0.051632 tcp 10.0.2.109 63500 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:22:37.918245 0.232490 tcp 10.0.2.109 63501 -> 195.113.214.249 443 SRPA* 0 0 48 43754 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:22:38.164711 2.999938 tcp 10.0.2.109 63502 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:22:47.162885 0.594101 tcp 10.0.2.109 63502 -> 77.50.112.98 27555 FSPA* 0 0 13 1451 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:23:22.488187 2.999369 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 11:23:29.493476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:23:37.502541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:23:53.498025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:24:25.504503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:27:47.755220 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 11:27:47.755328 2.993770 tcp 10.0.2.109 63503 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:27:56.748180 0.000000 tcp 10.0.2.109 63503 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:28:02.767669 0.079568 tcp 10.0.2.109 63504 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:28:02.847528 0.054752 tcp 10.0.2.109 63505 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:28:02.902570 0.131109 tcp 10.0.2.109 63506 -> 195.113.214.249 443 SRPA* 0 0 23 12576 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:28:03.083412 0.660522 tcp 10.0.2.109 63507 -> 77.50.112.98 27555 FSPA* 0 0 13 1385 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:30:29.510477 3.001445 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 11:30:36.521103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:30:44.518736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:31:00.521891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:31:32.528320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:33:03.729727 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 11:33:03.729839 3.003638 tcp 10.0.2.109 63508 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:33:12.731811 0.000000 tcp 10.0.2.109 63508 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:33:18.731879 0.064132 tcp 10.0.2.109 63509 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:33:18.796304 0.051624 tcp 10.0.2.109 63510 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:33:18.848267 0.143178 tcp 10.0.2.109 63511 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:33:19.039903 3.640433 tcp 10.0.2.109 63512 -> 77.50.112.98 27555 FSPA* 0 0 14 1316 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:37:36.534268 3.001494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 11:37:43.541444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:37:51.542558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:38:07.554900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:38:22.678058 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 11:38:22.678255 3.004593 tcp 10.0.2.109 63513 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:38:31.680596 0.000000 tcp 10.0.2.109 63513 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:38:37.681312 0.061586 tcp 10.0.2.109 63514 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:38:37.743164 0.129213 tcp 10.0.2.109 63515 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:38:37.872666 0.138701 tcp 10.0.2.109 63516 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:38:38.028551 3.005781 tcp 10.0.2.109 63517 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:38:39.551824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:38:47.032995 0.000000 tcp 10.0.2.109 63517 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:44:43.567662 2.992054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 11:44:50.565142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:44:58.567067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:45:14.569964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:45:46.576322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:52:43.691211 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 11:52:43.691416 0.093099 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:43.804146 0.320611 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:44.126557 0.169999 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:44.286331 0.075327 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:44.341954 0.180922 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:44.534856 0.174912 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:44.686039 0.116815 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:44.762247 0.098030 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:44.821083 0.178629 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:44.976639 0.138855 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:45.106676 0.202443 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:45.301727 0.175389 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:45.471043 0.193587 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:45.661674 0.138182 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:45.797764 0.169591 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:45.968739 0.055493 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:46.039432 0.341168 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:46.377491 0.160565 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:46.528023 0.050187 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:46.587032 0.185289 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:46.748610 0.060939 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:46.791164 0.323377 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:47.137983 0.353785 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:47.488125 0.366742 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:47.867182 0.167865 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:48.043602 0.070283 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:48.115560 0.254258 rtp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/19 11:52:53.079559 3.004346 tcp 10.0.2.109 63518 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:53:02.082051 0.000000 tcp 10.0.2.109 63518 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:53:08.087712 0.066032 tcp 10.0.2.109 63519 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:53:08.154012 0.051962 tcp 10.0.2.109 63520 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:53:08.206314 0.140084 tcp 10.0.2.109 63521 -> 195.113.214.249 443 SRPA* 0 0 77 58892 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:53:08.363668 3.720530 tcp 10.0.2.109 63522 -> 77.50.112.98 27555 FSPA* 0 0 14 1414 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:54:01.589700 3.002100 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 11:54:08.601586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:54:16.605533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:54:32.602486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:55:04.608752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 11:58:12.078532 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 11:58:12.078616 3.003526 tcp 10.0.2.109 63523 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:58:21.090892 0.000000 tcp 10.0.2.109 63523 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:58:27.080932 0.062788 tcp 10.0.2.109 63524 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:58:27.144056 0.053232 tcp 10.0.2.109 63525 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:58:27.197580 0.140281 tcp 10.0.2.109 63526 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/19 11:58:27.349262 3.005125 tcp 10.0.2.109 63527 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 11:58:36.352800 0.634021 tcp 10.0.2.109 63527 -> 77.50.112.98 27555 FSPA* 0 0 13 1218 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:01:09.615999 3.001791 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 12:01:16.623345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:01:24.624745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:01:40.628019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:02:12.633896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:03:36.985199 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 12:03:36.985355 2.993716 tcp 10.0.2.109 63528 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:03:45.978328 0.000000 tcp 10.0.2.109 63528 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:03:51.987955 0.071255 tcp 10.0.2.109 63529 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:03:52.059521 0.039867 tcp 10.0.2.109 63530 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:03:52.099716 0.134578 tcp 10.0.2.109 63531 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:03:52.324148 2.997365 tcp 10.0.2.109 63532 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:04:01.319754 0.000000 tcp 10.0.2.109 63532 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:08:24.641124 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 12:08:31.648591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:08:39.652712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:08:55.653241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:09:07.320185 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 12:09:07.320328 3.004274 tcp 10.0.2.109 63533 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:09:16.322599 0.000000 tcp 10.0.2.109 63533 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:09:22.323432 0.072178 tcp 10.0.2.109 63534 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:09:22.395916 0.032505 tcp 10.0.2.109 63535 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:09:22.428689 0.160507 tcp 10.0.2.109 63536 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:09:22.599641 3.007766 tcp 10.0.2.109 63537 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:09:27.659256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:09:31.608163 1.411406 tcp 10.0.2.109 63537 -> 77.50.112.98 27555 FSPA* 0 0 13 1313 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:15:31.665440 3.001286 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 12:15:38.674697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:15:46.673832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:16:02.676423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:16:34.691081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:22:38.688742 3.002037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 12:22:45.696716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:22:53.698624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:23:06.166591 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 12:23:06.166767 0.093795 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:06.276291 0.069651 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1978 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:06.329159 0.180402 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:06.487902 0.318852 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:06.815074 0.184147 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:06.989017 0.175052 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2647 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:07.140268 0.121471 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:07.221406 0.098218 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:07.279586 0.183841 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:07.441964 0.136274 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:07.570488 0.184388 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:07.747573 0.176872 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:07.920997 0.196104 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:08.114276 0.137545 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:08.250661 0.337966 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:08.584524 0.171421 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:08.743616 0.044787 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:08.786807 0.169534 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:08.957270 0.056553 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:09.015002 0.186495 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:09.180013 0.057210 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:09.219785 0.326480 rtp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:09.561889 0.348507 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:09.704680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:23:09.906375 0.338396 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:10.245988 0.089578 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:10.300817 0.168356 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:10.470789 0.086640 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:23:18.073485 3.004094 tcp 10.0.2.109 63538 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:23:27.086431 0.957910 tcp 10.0.2.109 63538 -> 77.50.112.98 27555 FSPA* 0 0 13 1269 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:23:27.775122 0.063254 tcp 10.0.2.109 63539 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:23:27.838589 0.037076 tcp 10.0.2.109 63540 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:23:27.875925 0.158685 tcp 10.0.2.109 63541 -> 195.113.214.249 443 SRPA* 0 0 25 13482 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:23:28.044567 0.463309 tcp 10.0.2.109 63542 -> 176.62.240.159 19094 SPA_* 0 0 9 1053 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:23:36.618284 0.259126 tcp 10.0.2.109 63542 -> 176.62.240.159 19094 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:23:36.619259 0.064092 tcp 10.0.2.109 63543 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:23:36.683644 0.035562 tcp 10.0.2.109 63544 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:23:36.719529 0.147719 tcp 10.0.2.109 63545 -> 195.113.214.249 443 SRPA* 0 0 23 11876 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:23:36.877659 2.996358 tcp 10.0.2.109 63546 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:23:41.712870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:23:45.873192 0.000000 tcp 10.0.2.109 63546 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:23:51.871813 1.287074 tcp 10.0.2.109 63547 -> 176.62.240.159 19094 SPA_* 0 0 9 1053 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:24:14.584695 0.000331 tcp 10.0.2.109 63547 -> 176.62.240.159 19094 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:29:14.585946 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 12:29:14.586263 2.993632 tcp 10.0.2.109 63548 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:29:23.578599 0.000000 tcp 10.0.2.109 63548 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:29:29.588947 0.061183 tcp 10.0.2.109 63549 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:29:29.650422 0.035181 tcp 10.0.2.109 63550 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:29:29.685917 0.142871 tcp 10.0.2.109 63551 -> 195.113.214.249 443 SRPA* 0 0 23 13298 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:29:29.839113 3.002895 tcp 10.0.2.109 63552 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:29:36.533939 0.001994 tcp 10.0.2.109 63552 -> 176.62.240.159 19094 PA_SA 0 0 8 1052 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:29:45.712765 3.001958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 12:29:52.720184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:29:57.793048 0.345706 tcp 10.0.2.109 63552 -> 176.62.240.159 19094 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:29:57.793917 0.064914 tcp 10.0.2.109 63553 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:29:57.859145 0.034473 tcp 10.0.2.109 63554 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:29:57.893914 0.234053 tcp 10.0.2.109 63555 -> 195.113.214.249 443 SRPA* 0 0 40 21978 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:29:58.138964 3.003797 tcp 10.0.2.109 63556 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:30:00.722092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:30:07.143421 0.000000 tcp 10.0.2.109 63556 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:30:13.140006 2.670846 tcp 10.0.2.109 63557 -> 176.62.240.159 19094 FSPA* 0 0 14 1644 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:30:16.724357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:30:48.730894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:35:15.805145 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 12:35:15.805226 2.993950 tcp 10.0.2.109 63558 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:35:24.803108 0.000000 tcp 10.0.2.109 63558 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:35:30.808977 0.068250 tcp 10.0.2.109 63559 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:35:30.877478 0.405512 tcp 10.0.2.109 63560 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:35:31.283263 0.142048 tcp 10.0.2.109 63561 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:35:31.435474 2.996304 tcp 10.0.2.109 63562 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:35:40.430551 0.000000 tcp 10.0.2.109 63562 -> 176.62.240.159 19094 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:35:46.429677 0.061510 tcp 10.0.2.109 63563 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:35:46.491476 0.043132 tcp 10.0.2.109 63564 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:35:46.534938 0.150233 tcp 10.0.2.109 63565 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:35:46.708665 3.005105 tcp 10.0.2.109 63566 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:35:46.726901 0.000185 tcp 10.0.2.109 63562 -> 176.62.240.159 19094 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:35:55.712497 0.000000 tcp 10.0.2.109 63566 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:36:01.701118 3.003905 tcp 10.0.2.109 63567 -> 176.62.240.159 19094 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:36:10.703499 0.000000 tcp 10.0.2.109 63567 -> 176.62.240.159 19094 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 12:36:52.738222 3.001166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 12:36:59.744547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:37:05.083149 0.000367 tcp 10.0.2.109 63567 -> 176.62.240.159 19094 R_SA 0 0 2 112 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:37:05.083342 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 12:37:07.748376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:37:23.748724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:37:55.755133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:41:16.703888 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 12:41:16.704054 0.078570 tcp 10.0.2.109 63568 -> 77.50.112.98 27555 SPA_* 0 0 9 1034 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:46.779324 0.062313 tcp 10.0.2.109 63569 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:46.841876 0.035227 tcp 10.0.2.109 63570 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:46.877417 0.146912 tcp 10.0.2.109 63571 -> 195.113.214.249 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:47.035859 0.070861 tcp 10.0.2.109 63568 -> 77.50.112.98 27555 FA_FA 0 0 4 216 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:47.036220 3.991652 tcp 10.0.2.109 63572 -> 176.62.240.159 19094 FSPA* 0 0 14 1564 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:50.762160 0.061898 tcp 10.0.2.109 63573 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:50.824323 0.034796 tcp 10.0.2.109 63574 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:50.859379 0.148635 tcp 10.0.2.109 63575 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:51.028111 0.201861 tcp 10.0.2.109 63576 -> 77.50.112.98 27555 SPA_* 0 0 9 1034 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:56.969470 0.000356 tcp 10.0.2.109 63576 -> 77.50.112.98 27555 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:41:56.970005 0.488119 tcp 10.0.2.109 63577 -> 176.62.240.159 19094 SPA_* 0 0 9 1034 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:42:05.106201 0.000036 tcp 10.0.2.109 63577 -> 176.62.240.159 19094 FA_F* 0 0 5 530 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:43:59.762490 3.000314 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 12:44:06.768765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:44:14.769956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:44:30.779864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:45:02.779198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:51:06.785116 3.001607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 12:51:13.792459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:51:21.793777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:51:37.796884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:52:09.802989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:53:33.423206 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 12:53:33.423338 0.184551 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:33.596880 0.320978 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:33.919471 0.093094 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:34.019045 0.070698 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:34.072995 0.170676 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:34.232362 0.173880 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:34.381843 0.117645 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:34.461825 0.102080 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:34.527064 0.181351 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:34.685893 0.143589 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:34.819358 0.185562 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:34.997447 0.176566 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:35.146777 0.525153 tcp 10.0.2.109 63578 -> 176.73.169.112 1959 FSPA* 0 0 16 1833 flow=From-Botnet-V1-TCP-Established 1970/02/19 12:53:35.171411 0.196566 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:35.365342 0.137555 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:35.506054 0.343188 rtp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:35.844353 0.378176 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:36.225467 0.044964 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:36.268830 0.189257 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:36.432946 0.056436 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:36.472703 0.324143 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:36.814008 0.168195 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2556 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:36.997797 0.055549 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:37.054539 0.353050 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:37.403656 0.556040 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:37.961590 0.577199 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:38.504151 0.166609 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:53:38.682969 0.076469 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/19 12:58:13.812721 2.998964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 12:58:20.815985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:58:28.817761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:58:44.820556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 12:59:16.835221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:05:31.837865 3.002552 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 13:05:38.852107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:05:46.847505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:06:02.850650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:06:34.856826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:12:38.862389 3.002146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 13:12:45.869660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:12:53.871575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:13:09.874654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:13:41.880635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:19:45.887875 3.000612 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 13:19:52.899156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:20:00.895415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:20:16.898645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:20:48.904557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:23:35.675028 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 13:23:35.675216 0.593108 tcp 10.0.2.109 63579 -> 176.73.169.112 1959 FSPA* 0 0 14 1499 flow=From-Botnet-V1-TCP-Established 1970/02/19 13:23:56.114026 0.186560 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:56.312230 0.315605 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:56.653634 0.098468 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:56.750115 0.071261 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:56.805936 0.176886 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:56.971360 0.175190 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:57.121894 0.119450 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:57.204779 0.143706 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:57.336603 0.189232 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:57.518364 0.102805 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:57.582391 0.185016 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:57.743053 0.171384 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:57.910209 0.196599 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:58.103895 0.138308 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:58.240371 0.044609 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:58.283440 0.180173 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 1995 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:58.442762 0.064154 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:58.490423 0.328989 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:58.816013 0.180374 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:58.987504 0.320937 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:59.309729 0.171067 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:59.482401 0.054758 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:59.553162 0.352550 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:23:59.901830 0.362583 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:24:00.278445 0.148527 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:24:00.391120 0.169747 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:24:00.562280 0.070569 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:26:52.910070 3.001902 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 13:26:59.918460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:27:07.919443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:27:23.924687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:27:55.928937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:33:59.935110 3.001185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 13:34:06.942318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:34:14.943350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:34:30.946756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:35:02.953154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:41:06.958712 3.001334 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 13:41:13.966305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:41:21.967869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:41:37.970878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:42:09.976668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:48:13.981979 3.002486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 13:48:20.990025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:48:28.991319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:48:44.996753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:49:17.003272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:53:36.273707 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 13:53:36.273861 0.450922 tcp 10.0.2.109 63580 -> 176.73.169.112 1959 FSPA* 0 0 14 1578 flow=From-Botnet-V1-TCP-Established 1970/02/19 13:54:28.658964 0.093621 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2594 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:28.752004 0.073560 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:28.808538 0.183717 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:28.968650 0.315374 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:29.290646 0.175229 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:29.455286 0.173685 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 1986 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:29.607397 0.119737 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:29.687763 0.139386 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:29.815475 0.194046 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:30.000812 0.098100 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:30.058154 0.183055 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:30.220408 0.172698 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:30.389893 0.196021 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:30.583378 0.137337 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2007 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:30.719087 0.044909 rtp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:30.762335 0.183001 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:30.922700 0.060526 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:30.975399 0.340192 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:31.312223 0.170829 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:31.491704 0.054416 rtp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:31.553858 0.165008 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:31.708991 0.325706 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:32.036133 0.350025 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:32.382274 0.350744 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2502 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:32.741100 0.373560 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:33.082470 0.169585 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 1958 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:33.248510 0.070520 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/19 13:54:33.605514 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 13:55:49.006893 3.001862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 13:55:56.014469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:56:04.015223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:56:20.022800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 13:56:52.024566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:02:56.030339 3.007492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 14:03:03.038502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:03:11.039599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:03:27.043249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:03:59.048494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:10:03.054845 3.001679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 14:10:10.065898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:10:18.063578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:10:34.066639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:11:06.072705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:17:10.091142 2.989535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 14:17:17.086169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:17:25.087655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:17:41.090577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:18:13.096445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:23:36.732144 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 14:23:36.732240 0.424345 tcp 10.0.2.109 63581 -> 176.73.169.112 1959 FSPA* 0 0 15 1789 flow=From-Botnet-V1-TCP-Established 1970/02/19 14:24:17.102068 3.002666 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 14:24:24.109910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:24:32.129933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:24:48.114759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:24:55.205494 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 14:24:55.205591 0.182621 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:55.371447 0.094481 rtp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:55.474850 0.069036 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:55.527338 0.314219 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:55.843120 0.174743 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 1979 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:56.007370 0.173593 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:56.155987 0.186926 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:56.335658 0.096083 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:56.390871 0.181112 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:56.549595 0.116644 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:56.716957 0.140324 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:56.846044 0.236470 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:57.080188 0.192728 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:57.269878 0.138290 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:57.406295 0.052339 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:57.485229 0.185710 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:57.645687 0.055641 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:57.687580 0.055545 rtp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:57.744396 0.338108 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:58.079469 0.174880 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:58.269085 0.165895 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:58.426790 0.318537 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:58.746900 0.354149 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:59.097419 0.374140 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:59.479418 0.076338 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:59.564203 0.129042 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:24:59.656762 0.168559 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:25:20.120241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:31:24.127297 3.001009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 14:31:31.137316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:31:39.135445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:31:55.138577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:32:27.149498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:38:31.155141 2.998473 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 14:38:38.158064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:38:46.159546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:39:02.162652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:39:34.169027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:45:38.178056 2.998403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 14:45:45.182114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:45:53.196538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:46:09.187584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:46:41.196431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:53:37.160745 0.000176 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 14:53:37.161032 0.441807 tcp 10.0.2.109 63582 -> 176.73.169.112 1959 FSPA* 0 0 14 1571 flow=From-Botnet-V1-TCP-Established 1970/02/19 14:54:31.202343 3.000386 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 14:54:38.208634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:54:46.209763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:55:02.213406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 14:55:03.565228 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 14:55:03.565440 0.070274 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:03.619115 0.316413 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:03.936908 0.183940 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:04.109279 0.109203 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:04.214320 0.178904 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:04.382453 0.171288 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 1920 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:04.533811 0.188180 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:04.712228 0.094152 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:04.791601 0.184871 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:04.953424 0.117909 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:05.033819 0.155280 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:05.179769 0.186368 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:05.363537 0.196417 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:05.557280 0.137490 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:05.692929 0.049820 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:05.741093 0.189738 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:05.908679 0.057082 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:05.949551 0.055323 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:06.006802 0.169335 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:06.162953 0.318546 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:06.491189 0.339565 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:06.827687 0.169740 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:06.998568 0.348481 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:07.343401 0.386201 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:07.747066 0.073011 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:07.841185 0.861118 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:08.666191 0.171372 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/19 14:55:34.219116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:02:00.236728 3.001270 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 15:02:07.243956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:02:15.245453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:02:31.247991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:03:03.254514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:09:13.274511 2.999443 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 15:09:20.276576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:09:28.277934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:09:44.282806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:10:16.287243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:16:20.293592 3.001215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 15:16:27.300658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:16:35.301794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:16:51.305160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:17:23.310992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:23:27.317969 3.001082 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 15:23:34.324470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:23:37.609733 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 15:23:37.609844 3.003573 tcp 10.0.2.109 63583 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:23:42.326005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:23:46.612329 0.000000 tcp 10.0.2.109 63583 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:23:52.615819 0.061498 tcp 10.0.2.109 63584 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:23:52.677688 0.033444 tcp 10.0.2.109 63585 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:23:52.711391 0.108920 tcp 10.0.2.109 63586 -> 195.113.214.249 443 SRPA* 0 0 60 53527 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:23:52.909200 2.996365 tcp 10.0.2.109 63587 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:23:58.329068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:24:01.903884 0.000000 tcp 10.0.2.109 63587 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:24:30.335072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:25:28.909633 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 15:25:28.909794 0.181308 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:29.215982 0.093627 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:29.354219 0.060470 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:29.399761 0.313549 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:29.712091 0.172325 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:29.873086 0.169960 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:30.019120 0.192650 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:30.204418 0.097688 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:30.264591 0.144369 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:30.392559 0.173441 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:30.562472 0.183612 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:30.722772 0.118475 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:30.804719 0.192605 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:30.994240 0.138118 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:31.131255 0.044553 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:31.174282 0.184463 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:31.339033 0.057229 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:31.400698 0.056155 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:31.481859 0.162162 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:31.635540 0.320477 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:32.040556 0.335397 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:32.372182 0.172146 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:32.539449 0.351999 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:33.001818 0.358614 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:33.539074 0.073120 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2535 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:33.714981 1.312825 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:25:34.992527 0.167518 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:29:07.908972 0.099854 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 15:29:08.008954 2.960141 tcp 10.0.2.109 63588 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:29:16.925224 0.000000 tcp 10.0.2.109 63588 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:29:22.917090 0.063727 tcp 10.0.2.109 63589 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:29:22.980977 0.033946 tcp 10.0.2.109 63590 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:29:23.015208 0.128680 tcp 10.0.2.109 63591 -> 195.113.214.249 443 SRPA* 0 0 27 11876 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:29:23.231735 2.998514 tcp 10.0.2.109 63592 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:29:32.229349 0.000000 tcp 10.0.2.109 63592 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:30:34.341963 3.000649 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 15:30:41.348711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:30:49.349706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:31:05.352923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:31:37.359062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:34:38.229423 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 15:34:38.229521 3.003821 tcp 10.0.2.109 63593 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:34:47.231978 0.000000 tcp 10.0.2.109 63593 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:34:53.232339 0.064841 tcp 10.0.2.109 63594 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:34:53.297471 0.127141 tcp 10.0.2.109 63595 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:34:53.424868 0.131604 tcp 10.0.2.109 63596 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:34:53.573097 3.002010 tcp 10.0.2.109 63597 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:35:02.573837 0.000000 tcp 10.0.2.109 63597 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:37:41.365141 3.001654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 15:37:48.376398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:37:56.373814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:38:12.377125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:38:44.383036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:40:08.574823 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 15:40:08.574972 2.993624 tcp 10.0.2.109 63598 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:40:17.576586 0.000000 tcp 10.0.2.109 63598 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:40:23.577047 0.065285 tcp 10.0.2.109 63599 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:40:23.642659 0.032483 tcp 10.0.2.109 63600 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:40:23.675439 0.124922 tcp 10.0.2.109 63601 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:40:24.025666 2.994861 tcp 10.0.2.109 63602 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:40:33.019088 0.000000 tcp 10.0.2.109 63602 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:44:48.389710 3.000515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 15:44:55.396494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:45:03.397915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:45:19.400839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:45:39.019724 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 15:45:39.019829 3.003678 tcp 10.0.2.109 63603 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:45:48.021534 0.000000 tcp 10.0.2.109 63603 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:45:51.406713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:45:54.022662 0.328171 tcp 10.0.2.109 63604 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:45:54.351092 0.033997 tcp 10.0.2.109 63605 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:45:54.385367 0.133396 tcp 10.0.2.109 63606 -> 195.113.214.249 443 SRPA* 0 0 33 18096 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:45:54.616348 2.976277 tcp 10.0.2.109 63607 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:46:03.536002 0.000000 tcp 10.0.2.109 63607 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:54:06.421073 3.002600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 15:54:13.444986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:54:21.440063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:54:37.443174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:55:09.449134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 15:55:45.912040 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 15:55:45.912145 0.071863 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:45.967694 0.316606 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:46.283028 0.180813 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:46.441939 0.090240 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:46.564357 0.173258 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:46.727557 0.172618 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:46.876854 0.186992 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:47.056998 0.110247 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:47.128556 0.143020 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:47.259732 0.178745 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:47.435188 0.185917 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:47.618753 0.116370 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 1969 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:47.698094 0.195848 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:47.891353 0.137967 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:48.027221 0.044479 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:48.149623 0.186552 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:48.313570 0.057616 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:48.428210 0.056536 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:48.518412 0.165185 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:48.675682 0.172511 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:48.878828 0.318390 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:49.241229 0.338617 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:49.576733 0.070195 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:49.741492 0.354034 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:50.136575 0.355850 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:50.683834 0.769552 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:51.418071 0.167418 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2027 flow=From-Botnet-V1-UDP-Established 1970/02/19 15:55:54.394285 2.994056 tcp 10.0.2.109 63608 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:56:03.396738 0.000000 tcp 10.0.2.109 63608 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:56:09.397241 0.065365 tcp 10.0.2.109 63609 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:56:09.462893 0.032436 tcp 10.0.2.109 63610 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:56:09.495625 0.125631 tcp 10.0.2.109 63611 -> 195.113.214.249 443 SRPA* 0 0 23 13372 flow=From-Botnet-V1-TCP-Established 1970/02/19 15:56:09.891193 2.999679 tcp 10.0.2.109 63612 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 15:56:18.889064 0.000000 tcp 10.0.2.109 63612 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:01:13.455272 3.001660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 16:01:20.462565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:01:24.889496 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 16:01:24.889635 3.003822 tcp 10.0.2.109 63613 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:01:28.464155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:01:33.892530 0.000000 tcp 10.0.2.109 63613 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:01:39.892378 0.063873 tcp 10.0.2.109 63614 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:01:39.956521 0.035682 tcp 10.0.2.109 63615 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:01:39.992011 0.128183 tcp 10.0.2.109 63616 -> 195.113.214.249 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:01:40.221758 3.003677 tcp 10.0.2.109 63617 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:01:44.467356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:01:49.783217 0.000000 tcp 10.0.2.109 63617 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:02:16.732386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:06:55.224580 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 16:06:55.224674 2.993650 tcp 10.0.2.109 63618 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:07:04.226835 0.000000 tcp 10.0.2.109 63618 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:07:10.226994 0.061517 tcp 10.0.2.109 63619 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:07:10.288771 0.032317 tcp 10.0.2.109 63620 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:07:10.321390 0.127940 tcp 10.0.2.109 63621 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:07:10.479775 3.000639 tcp 10.0.2.109 63622 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:07:19.478723 0.000000 tcp 10.0.2.109 63622 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:08:28.491296 3.000843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 16:08:35.498176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:08:43.499437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:08:59.502661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:09:31.508926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:12:25.479231 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 16:12:25.479385 3.003774 tcp 10.0.2.109 63623 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:12:34.481788 0.000000 tcp 10.0.2.109 63623 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:12:40.482423 0.061311 tcp 10.0.2.109 63624 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:12:40.544033 0.032691 tcp 10.0.2.109 63625 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:12:40.576999 0.124968 tcp 10.0.2.109 63626 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:12:40.731046 3.003581 tcp 10.0.2.109 63627 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:12:49.733627 0.000000 tcp 10.0.2.109 63627 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:15:35.515231 3.001220 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 16:15:42.522070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:15:50.523676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:16:06.526920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:16:38.532763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:22:42.538892 3.001389 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 16:22:49.546248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:22:57.547706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:23:13.550360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:23:45.556521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:26:15.963377 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 16:26:15.963538 0.064988 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:16.012598 0.317243 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:16.328679 0.180435 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:16.487244 0.098966 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:16.584338 0.172719 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:16.746569 0.197066 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:16.905391 0.154093 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:17.062736 0.170300 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:17.211149 0.191478 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:17.395135 0.172786 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:17.564020 0.182502 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:17.724696 0.117846 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:17.806438 0.192235 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:17.995904 0.137913 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:18.131742 0.058824 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:18.174428 0.056850 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:18.246643 0.166168 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:18.402285 0.050940 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:18.451409 0.182967 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:18.611368 0.173837 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:18.780835 0.320105 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:19.108255 0.338474 rtp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:19.443100 0.072987 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:19.539590 0.353851 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:19.889582 0.349027 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:20.241199 1.386018 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:21.591170 0.179304 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:26:25.787051 3.004337 tcp 10.0.2.109 63628 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:26:34.790059 0.000000 tcp 10.0.2.109 63628 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:26:40.790561 0.061522 tcp 10.0.2.109 63629 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:26:40.852377 0.054477 tcp 10.0.2.109 63630 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:26:40.907131 0.142131 tcp 10.0.2.109 63631 -> 195.113.214.249 443 SRPA* 0 0 48 43090 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:26:41.059652 3.003437 tcp 10.0.2.109 63632 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:26:50.061633 0.000000 tcp 10.0.2.109 63632 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:29:49.562070 3.002340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 16:29:56.574709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:30:04.571608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:30:20.574732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:30:52.580958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:31:56.062464 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 16:31:56.062575 3.003547 tcp 10.0.2.109 63633 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:32:05.064781 0.000000 tcp 10.0.2.109 63633 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:32:11.064851 0.061403 tcp 10.0.2.109 63634 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:32:11.126510 0.054020 tcp 10.0.2.109 63635 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:32:11.180873 0.139586 tcp 10.0.2.109 63636 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:32:11.331651 2.996478 tcp 10.0.2.109 63637 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:32:20.336616 0.000000 tcp 10.0.2.109 63637 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:36:56.586973 3.002025 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 16:37:03.593821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:37:11.595463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:37:26.327332 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 16:37:26.327529 2.993598 tcp 10.0.2.109 63638 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:37:27.598455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:37:35.319544 0.000000 tcp 10.0.2.109 63638 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:37:41.330313 0.064612 tcp 10.0.2.109 63639 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:37:41.395219 0.054849 tcp 10.0.2.109 63640 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:37:41.450360 0.143019 tcp 10.0.2.109 63641 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:37:41.613492 2.999329 tcp 10.0.2.109 63642 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:37:50.611415 0.000000 tcp 10.0.2.109 63642 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:37:59.608206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:42:56.612416 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 16:42:56.612570 3.002919 tcp 10.0.2.109 63643 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:43:05.614444 0.000000 tcp 10.0.2.109 63643 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:43:11.614662 0.061517 tcp 10.0.2.109 63644 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:43:11.676465 0.054966 tcp 10.0.2.109 63645 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:43:11.731718 0.139740 tcp 10.0.2.109 63646 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:43:11.881280 2.996610 tcp 10.0.2.109 63647 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:43:20.886728 0.000000 tcp 10.0.2.109 63647 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:44:03.610552 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 16:44:10.617877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:44:18.619505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:44:34.622414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:45:06.628522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:53:32.638651 3.001835 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 16:53:39.645770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:53:47.647501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:54:03.650629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:54:35.656604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 16:56:36.069962 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 16:56:36.070126 0.183280 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:36.228665 0.090445 rtp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:36.325900 0.170058 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:36.485099 0.069729 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:36.541630 0.315974 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:36.860283 0.105939 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:36.926679 0.142163 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:37.055524 0.174672 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:37.254493 0.192596 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:37.439493 0.174840 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:37.609404 0.182081 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 1985 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:37.770915 0.121128 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:37.849344 0.193466 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:38.040165 0.138733 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:38.182640 0.057504 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:38.288468 0.056485 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:38.380248 0.161095 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:38.532652 0.044745 rtp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:38.635148 0.184742 rtp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:38.794987 0.170861 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:38.967269 0.086712 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:39.055498 0.344131 rtp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:39.400829 0.342025 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:39.740310 0.346970 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:40.083705 0.366355 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:40.451541 1.622579 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:41.928569 3.004266 tcp 10.0.2.109 63648 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:56:42.037062 0.170242 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/19 16:56:50.931010 0.000000 tcp 10.0.2.109 63648 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:56:56.931202 0.060280 tcp 10.0.2.109 63649 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:56:56.991746 0.032136 tcp 10.0.2.109 63650 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:56:57.024104 0.125030 tcp 10.0.2.109 63651 -> 195.113.214.249 443 SRPA* 0 0 22 12522 flow=From-Botnet-V1-TCP-Established 1970/02/19 16:56:57.218019 3.006684 tcp 10.0.2.109 63652 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 16:57:06.223145 0.000000 tcp 10.0.2.109 63652 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:00:39.663597 3.000394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 17:00:46.670148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:00:54.671672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:01:10.674640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:01:42.680614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:02:12.213702 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 17:02:12.213916 3.003397 tcp 10.0.2.109 63653 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:02:21.226218 0.000000 tcp 10.0.2.109 63653 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:02:27.216417 0.062123 tcp 10.0.2.109 63654 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:02:27.278772 0.033085 tcp 10.0.2.109 63655 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:02:27.312193 0.126307 tcp 10.0.2.109 63656 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:02:27.458764 2.990442 tcp 10.0.2.109 63657 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:02:36.458085 0.000000 tcp 10.0.2.109 63657 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:07:42.458566 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 17:07:42.458757 3.003709 tcp 10.0.2.109 63658 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:07:46.686749 3.001733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 17:07:51.460940 0.000000 tcp 10.0.2.109 63658 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:07:53.693486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:07:57.461190 0.069902 tcp 10.0.2.109 63659 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:07:57.531365 0.031854 tcp 10.0.2.109 63660 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:07:57.563490 0.127940 tcp 10.0.2.109 63661 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:07:57.705749 2.999100 tcp 10.0.2.109 63662 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:08:01.695021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:08:06.702611 0.000000 tcp 10.0.2.109 63662 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:08:17.702868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:08:49.704532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:13:12.703348 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 17:13:12.703528 3.003373 tcp 10.0.2.109 63663 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:13:21.705416 0.000000 tcp 10.0.2.109 63663 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:13:27.706416 0.064615 tcp 10.0.2.109 63664 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:13:27.771291 0.031838 tcp 10.0.2.109 63665 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:13:27.803440 0.124788 tcp 10.0.2.109 63666 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:13:27.938825 2.999966 tcp 10.0.2.109 63667 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:13:36.937178 0.000000 tcp 10.0.2.109 63667 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:14:53.710761 3.000812 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 17:15:00.717980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:15:08.719540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:15:24.725857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:15:56.728582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:22:00.734535 3.002053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 17:22:07.741958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:22:15.747317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:22:31.746608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:23:03.752403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:27:06.782032 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 17:27:06.782233 0.170713 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:06.941830 0.069515 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:06.994050 0.188297 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:07.155492 0.101531 udp 10.0.2.109 3683 <-> 194.54.45.144 3636 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:07.252691 0.314784 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:07.572127 0.106787 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:07.640578 0.137451 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:07.768125 0.171593 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:07.918446 0.191576 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:08.102015 0.177226 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:08.276590 0.183868 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:08.437449 0.118375 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:08.517561 0.203420 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:08.717995 0.138161 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:08.854481 0.056315 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:08.893915 0.057085 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:08.972152 0.160395 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:09.124743 0.050974 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:09.174232 0.186498 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:09.336599 0.171166 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:09.509243 0.076115 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:09.594735 0.318371 rtp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:09.921427 0.337595 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:10.254692 0.353882 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:10.604953 0.368420 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:10.984444 0.623058 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:11.570423 0.173177 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:27:12.991812 3.003301 tcp 10.0.2.109 63668 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:27:21.993890 0.000000 tcp 10.0.2.109 63668 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:27:27.994465 0.064895 tcp 10.0.2.109 63669 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:27:28.059650 0.034007 tcp 10.0.2.109 63670 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:27:28.093959 0.120579 tcp 10.0.2.109 63671 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:27:28.231033 3.008288 tcp 10.0.2.109 63672 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:27:37.235678 0.000000 tcp 10.0.2.109 63672 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:29:07.759505 3.000785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 17:29:14.765945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:29:22.767668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:29:38.770990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:30:10.776636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:32:43.226338 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 17:32:43.226425 2.993515 tcp 10.0.2.109 63673 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:32:52.219569 0.000000 tcp 10.0.2.109 63673 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:32:58.229191 0.064010 tcp 10.0.2.109 63674 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:32:58.293458 0.033575 tcp 10.0.2.109 63675 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:32:58.327341 0.120958 tcp 10.0.2.109 63676 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:32:58.459507 3.002927 tcp 10.0.2.109 63677 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:33:07.466976 0.000000 tcp 10.0.2.109 63677 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:36:14.782331 3.002275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 17:36:21.789971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:36:29.791595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:36:45.794549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:37:17.800380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:38:13.461438 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 17:38:13.461602 3.003268 tcp 10.0.2.109 63678 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:38:22.463326 0.000000 tcp 10.0.2.109 63678 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:38:28.463674 0.068382 tcp 10.0.2.109 63679 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:38:28.532341 0.032061 tcp 10.0.2.109 63680 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:38:28.564682 0.120195 tcp 10.0.2.109 63681 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:38:28.713404 3.005762 tcp 10.0.2.109 63682 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:38:37.715068 0.000000 tcp 10.0.2.109 63682 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:43:21.807157 3.000970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 17:43:28.813757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:43:36.815017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:43:43.715809 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 17:43:43.715991 2.993649 tcp 10.0.2.109 63683 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:43:52.707554 0.000000 tcp 10.0.2.109 63683 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:43:52.817850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:43:58.726219 0.064479 tcp 10.0.2.109 63684 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:43:58.790983 0.032272 tcp 10.0.2.109 63685 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:43:58.823532 0.122857 tcp 10.0.2.109 63686 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:43:58.965753 2.999462 tcp 10.0.2.109 63687 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:44:07.960372 0.000000 tcp 10.0.2.109 63687 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:44:24.824202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:50:28.848082 2.996775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 17:50:35.837682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:50:43.839321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:50:59.842723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:51:31.851046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:57:13.659978 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 17:57:13.660153 0.183516 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:13.819126 0.000000 udp 10.0.2.109 3683 -> 194.54.45.144 3636 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 17:57:14.010588 3.004202 tcp 10.0.2.109 63688 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:57:23.013593 0.000000 tcp 10.0.2.109 63688 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:57:29.013569 0.064966 tcp 10.0.2.109 63689 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:57:29.078807 0.032746 tcp 10.0.2.109 63690 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:57:29.111924 0.124484 tcp 10.0.2.109 63691 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:57:29.246131 3.001695 tcp 10.0.2.109 63692 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:57:32.747025 0.061333 tcp 10.0.2.109 63693 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:57:32.808630 0.033026 tcp 10.0.2.109 63694 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:57:32.841952 0.119864 tcp 10.0.2.109 63695 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:57:32.962357 0.315750 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:33.288342 0.101238 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:33.350205 0.138240 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:33.478285 0.170357 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:33.636821 0.072269 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:33.692384 0.175238 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:33.844656 0.185278 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:34.022924 0.190351 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:34.197666 0.183899 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:34.358813 0.115380 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:34.435473 0.194758 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:34.627817 0.139147 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:34.765185 0.054786 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:34.804186 0.056175 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:34.861709 0.166572 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:35.016473 0.044731 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:35.059250 0.183626 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:35.219764 0.182505 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:35.401515 0.077052 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:35.480230 0.000000 udp 10.0.2.109 3683 -> 113.28.179.100 4835 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 17:57:35.854374 3.001234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 17:57:38.245143 0.000000 tcp 10.0.2.109 63692 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 17:57:42.861705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:57:50.863203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:57:52.356383 0.064710 tcp 10.0.2.109 63696 -> 195.113.214.234 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:57:52.421315 0.032133 tcp 10.0.2.109 63697 -> 195.113.214.249 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:57:52.453730 0.124795 tcp 10.0.2.109 63698 -> 195.113.214.249 443 SRPA* 0 0 23 12992 flow=From-Botnet-V1-TCP-Established 1970/02/19 17:57:52.579071 0.318537 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:52.899745 0.337695 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:53.234219 0.167962 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:53.411261 0.382263 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:57:53.801628 0.954474 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/19 17:58:06.874419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 17:58:38.874422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:02:44.245425 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 18:02:44.245575 2.996295 tcp 10.0.2.109 63699 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:02:53.238355 0.000000 tcp 10.0.2.109 63699 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:02:59.251334 0.061752 tcp 10.0.2.109 63700 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:02:59.313451 0.032068 tcp 10.0.2.109 63701 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:02:59.345815 0.123170 tcp 10.0.2.109 63702 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:02:59.484204 2.996929 tcp 10.0.2.109 63703 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:03:08.479868 0.000000 tcp 10.0.2.109 63703 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:04:47.886430 3.000748 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 18:04:54.893073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:05:02.894409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:05:18.897570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:05:50.904909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:08:14.480474 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 18:08:14.480702 3.003815 tcp 10.0.2.109 63704 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:08:23.482974 0.000000 tcp 10.0.2.109 63704 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:08:29.483396 0.071526 tcp 10.0.2.109 63705 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:08:29.555141 0.037066 tcp 10.0.2.109 63706 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:08:29.592499 0.134327 tcp 10.0.2.109 63707 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:08:29.736586 2.999150 tcp 10.0.2.109 63708 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:08:38.736450 0.000000 tcp 10.0.2.109 63708 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:11:54.910120 3.008696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 18:12:01.917196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:12:09.918844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:12:25.921428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:12:57.927347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:13:44.735800 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 18:13:44.735948 2.993032 tcp 10.0.2.109 63709 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:13:53.727787 0.000000 tcp 10.0.2.109 63709 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:13:59.737257 0.072859 tcp 10.0.2.109 63710 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:13:59.810355 0.034840 tcp 10.0.2.109 63711 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:13:59.845452 0.125365 tcp 10.0.2.109 63712 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:13:59.980412 3.003056 tcp 10.0.2.109 63713 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:14:08.979438 0.000000 tcp 10.0.2.109 63713 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:19:01.933771 3.001218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 18:19:08.940801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:19:14.981896 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 18:19:14.982040 3.001787 tcp 10.0.2.109 63714 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:19:16.941935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:19:23.982689 0.000000 tcp 10.0.2.109 63714 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:19:29.983758 0.072073 tcp 10.0.2.109 63715 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:19:30.056102 0.033713 tcp 10.0.2.109 63716 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:19:30.090251 0.125504 tcp 10.0.2.109 63717 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:19:30.232095 3.004103 tcp 10.0.2.109 63718 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:19:32.945654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:19:39.234540 0.000000 tcp 10.0.2.109 63718 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:20:04.951528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:26:08.959665 2.999429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 18:26:15.965313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:26:23.966937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:26:39.969685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:27:11.976557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:28:00.709986 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 18:28:00.710096 0.000000 udp 10.0.2.109 3683 -> 194.54.45.144 3636 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 18:28:19.684922 0.068551 tcp 10.0.2.109 63719 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:28:19.753759 0.033619 tcp 10.0.2.109 63720 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:28:19.787704 0.127352 tcp 10.0.2.109 63721 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:28:19.915661 0.347326 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:20.259004 0.179834 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:20.453475 0.175478 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:20.617766 0.067468 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:20.668065 0.315107 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:20.981661 0.102616 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:21.045445 0.135798 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:21.172754 0.246983 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:21.416694 0.189766 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:21.598497 0.172096 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:21.746048 0.119320 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:21.829248 0.190682 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:22.017183 0.138085 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 1924 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:22.153870 0.057640 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:22.196344 0.055357 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:22.268958 0.166762 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:22.426129 0.044268 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:22.468745 0.184607 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:22.629409 0.183246 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:22.804396 0.076928 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:22.892607 0.171661 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:23.062063 0.318497 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:23.381957 0.341119 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:23.717405 0.831466 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:24.512625 0.169235 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:24.683096 0.373783 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:28:30.258046 3.004019 tcp 10.0.2.109 63722 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:28:39.260810 0.000000 tcp 10.0.2.109 63722 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:28:45.260240 0.067011 tcp 10.0.2.109 63723 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:28:45.327607 0.034257 tcp 10.0.2.109 63724 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:28:45.362209 0.125862 tcp 10.0.2.109 63725 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:28:45.497896 3.007446 tcp 10.0.2.109 63726 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:28:54.502928 0.000000 tcp 10.0.2.109 63726 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:33:15.981430 3.001882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 18:33:22.988607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:33:30.996359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:33:46.993565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:34:00.493541 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 18:34:00.493691 3.003605 tcp 10.0.2.109 63727 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:34:09.495860 0.000000 tcp 10.0.2.109 63727 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:34:15.496353 0.070157 tcp 10.0.2.109 63728 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:34:15.566811 0.034852 tcp 10.0.2.109 63729 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:34:15.601904 0.133136 tcp 10.0.2.109 63730 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:34:15.751214 2.997672 tcp 10.0.2.109 63731 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:34:18.999318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:34:24.757650 0.000000 tcp 10.0.2.109 63731 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:39:30.747994 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 18:39:30.748142 3.009036 tcp 10.0.2.109 63732 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:39:39.750667 0.000000 tcp 10.0.2.109 63732 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:39:45.750725 0.071885 tcp 10.0.2.109 63733 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:39:45.822866 0.033845 tcp 10.0.2.109 63734 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:39:45.857068 0.133957 tcp 10.0.2.109 63735 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:39:46.006065 2.997614 tcp 10.0.2.109 63736 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:39:55.002676 0.000000 tcp 10.0.2.109 63736 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:40:23.005469 3.001536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 18:40:30.012763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:40:38.016858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:40:54.017244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:41:26.023804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:45:01.003336 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 18:45:01.003511 3.005455 tcp 10.0.2.109 63737 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:45:10.005369 0.000000 tcp 10.0.2.109 63737 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:45:16.005529 0.070037 tcp 10.0.2.109 63738 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:45:16.075804 0.033858 tcp 10.0.2.109 63739 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:45:16.109972 0.130700 tcp 10.0.2.109 63740 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:45:16.251063 2.997892 tcp 10.0.2.109 63741 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:45:25.257092 0.000000 tcp 10.0.2.109 63741 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:47:30.030849 3.000822 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 18:47:37.037240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:47:45.038250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:48:01.041873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:48:33.047296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:55:25.063850 3.000059 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 18:55:32.069706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:55:40.071605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:55:56.074353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:56:28.080297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 18:58:44.406883 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 18:58:44.407053 0.169807 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:44.566190 0.066257 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:44.616760 0.352980 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:44.966028 0.183387 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:45.167897 0.316421 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:45.493943 0.103388 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:45.559951 0.138014 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:45.690495 0.217784 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:45.904950 0.189050 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:46.086537 0.174965 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:46.236131 0.119026 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:46.299574 3.003652 tcp 10.0.2.109 63742 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:58:46.313885 0.196643 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:46.507400 0.138025 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:46.643581 0.060879 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:46.686566 0.055363 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:46.755642 0.163860 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:46.911149 0.050075 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:46.959687 0.185175 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:47.121502 0.183752 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:47.281774 0.076289 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:47.367885 0.342605 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:47.706968 0.169663 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:47.875770 0.318451 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:48.209769 0.348511 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:48.522245 0.169854 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:48.704036 0.354604 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/19 18:58:55.301762 0.000000 tcp 10.0.2.109 63742 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:59:01.302475 0.069329 tcp 10.0.2.109 63743 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:59:01.372025 0.038583 tcp 10.0.2.109 63744 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:59:01.410871 0.126827 tcp 10.0.2.109 63745 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/19 18:59:01.547189 2.997731 tcp 10.0.2.109 63746 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 18:59:10.555097 0.000000 tcp 10.0.2.109 63746 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:02:47.087531 3.003809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 19:02:54.095196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:03:02.096825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:03:18.099620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:03:50.106273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:04:16.547624 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 19:04:16.547825 2.990242 tcp 10.0.2.109 63747 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:04:25.546168 0.000000 tcp 10.0.2.109 63747 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:04:31.547325 0.071925 tcp 10.0.2.109 63748 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:04:31.619549 0.036729 tcp 10.0.2.109 63749 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:04:31.656522 0.124694 tcp 10.0.2.109 63750 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:04:31.801595 2.998206 tcp 10.0.2.109 63751 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:04:40.798585 0.000000 tcp 10.0.2.109 63751 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:09:46.799041 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 19:09:46.799140 3.006448 tcp 10.0.2.109 63752 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:09:54.111767 3.002050 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 19:09:55.801597 0.000000 tcp 10.0.2.109 63752 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:10:01.121499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:10:01.803470 0.070684 tcp 10.0.2.109 63753 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:10:01.874415 0.036758 tcp 10.0.2.109 63754 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:10:01.911447 0.135078 tcp 10.0.2.109 63755 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:10:02.062751 3.001926 tcp 10.0.2.109 63756 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:10:09.126453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:10:11.063737 0.000000 tcp 10.0.2.109 63756 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:10:25.126889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:10:57.129690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:15:17.065515 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 19:15:17.065612 2.992157 tcp 10.0.2.109 63757 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:15:26.066267 0.000000 tcp 10.0.2.109 63757 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:15:32.067175 0.069807 tcp 10.0.2.109 63758 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:15:32.137344 0.036851 tcp 10.0.2.109 63759 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:15:32.174548 0.133530 tcp 10.0.2.109 63760 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:15:32.317987 2.991519 tcp 10.0.2.109 63761 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:15:41.320496 0.000000 tcp 10.0.2.109 63761 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:17:01.136269 3.012276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 19:17:08.146361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:17:16.144660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:17:32.158613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:18:04.153688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:24:08.160327 3.001336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 19:24:15.167171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:24:23.168976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:24:39.171709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:25:11.177854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:28:52.606459 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 19:28:52.606613 0.349777 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:52.952592 0.173154 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:53.115113 0.066942 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:53.166243 0.098493 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:53.223250 0.131995 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:53.347014 0.174147 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:53.518717 0.183119 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:53.677053 0.316265 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:54.005511 0.188084 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:54.186808 0.171371 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:54.334303 0.118960 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:54.412919 0.195105 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:54.604470 0.138076 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:54.740326 0.060713 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:54.806868 0.057147 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:54.865474 0.162842 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:55.019800 0.045442 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:55.063845 0.181720 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:55.223153 0.182226 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:55.380061 0.070220 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:55.451643 0.345819 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:55.793657 0.171414 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:55.987219 0.167052 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:56.177739 0.339422 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:56.526204 0.209612 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2016 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:28:56.704241 0.362356 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:29:02.371865 3.002882 tcp 10.0.2.109 63762 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:29:11.377026 0.000000 tcp 10.0.2.109 63762 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:29:17.373681 0.069009 tcp 10.0.2.109 63763 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:29:17.443011 0.037887 tcp 10.0.2.109 63764 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:29:17.481180 0.203506 tcp 10.0.2.109 63765 -> 195.113.214.249 443 SRPA* 0 0 75 75908 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:29:17.707231 3.002711 tcp 10.0.2.109 63766 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:29:26.706643 0.000000 tcp 10.0.2.109 63766 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:31:15.184037 3.001632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 19:31:22.191875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:31:30.197594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:31:46.196517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:32:18.201975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:34:32.704881 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 19:34:32.705072 2.994686 tcp 10.0.2.109 63767 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:34:41.698095 0.000000 tcp 10.0.2.109 63767 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:34:47.708353 0.070160 tcp 10.0.2.109 63768 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:34:47.778773 0.034336 tcp 10.0.2.109 63769 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:34:47.813484 0.129899 tcp 10.0.2.109 63770 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:34:47.952245 2.999331 tcp 10.0.2.109 63771 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:34:56.949735 0.000000 tcp 10.0.2.109 63771 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:38:22.208971 3.000180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 19:38:29.216686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:38:37.216665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:38:53.219642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:39:25.225857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:40:02.950050 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 19:40:02.950239 3.004090 tcp 10.0.2.109 63772 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:40:11.953022 0.000000 tcp 10.0.2.109 63772 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:40:17.952764 0.072327 tcp 10.0.2.109 63773 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:40:18.025313 0.034143 tcp 10.0.2.109 63774 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:40:18.059751 0.130244 tcp 10.0.2.109 63775 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:40:18.204692 3.002928 tcp 10.0.2.109 63776 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:40:27.204897 0.000000 tcp 10.0.2.109 63776 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:45:29.232355 3.000996 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 19:45:33.205251 0.000036 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 19:45:33.205379 2.993740 tcp 10.0.2.109 63777 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:45:36.239151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:45:42.207697 0.000000 tcp 10.0.2.109 63777 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:45:44.240961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:45:48.208107 0.071391 tcp 10.0.2.109 63778 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:45:48.279777 0.036651 tcp 10.0.2.109 63779 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:45:48.316716 0.124788 tcp 10.0.2.109 63780 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:45:48.453800 2.997667 tcp 10.0.2.109 63781 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:45:57.450471 0.000000 tcp 10.0.2.109 63781 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:46:00.243532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:46:32.254998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:54:25.262323 3.002129 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 19:54:32.269691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:54:40.271397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:54:56.274715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:55:28.280419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 19:59:04.281394 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 19:59:04.281515 0.073469 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:04.337935 0.098826 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:04.396439 0.138446 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:04.524949 0.185293 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:04.707379 0.186067 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:04.869522 0.352813 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:05.230051 0.172085 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:05.391669 0.314373 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:05.720042 0.185878 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:05.898382 0.177751 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:06.053909 0.115086 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:06.130476 0.193826 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:06.321453 0.137750 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:06.457308 0.053051 rtcp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 1956 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:06.495567 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 19:59:18.508168 2.997417 tcp 10.0.2.109 63782 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:59:22.959403 0.074806 tcp 10.0.2.109 63783 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:59:23.034462 0.033900 tcp 10.0.2.109 63784 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:59:23.068628 0.134895 tcp 10.0.2.109 63785 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:59:23.204136 0.136608 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:23.332791 0.050276 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:23.382241 0.184676 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:23.544148 0.184361 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:23.706881 0.076125 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:23.791085 0.339860 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:24.127885 0.319939 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:24.447499 0.091162 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:24.502279 0.172441 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:24.672410 0.168764 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:24.842783 0.341846 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/19 19:59:27.505861 0.000000 tcp 10.0.2.109 63782 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:59:33.550684 0.069937 tcp 10.0.2.109 63786 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:59:33.620914 0.037455 tcp 10.0.2.109 63787 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:59:33.658711 0.126834 tcp 10.0.2.109 63788 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 19:59:33.859425 2.965729 tcp 10.0.2.109 63789 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 19:59:42.816329 0.000000 tcp 10.0.2.109 63789 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:01:53.298261 3.000579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 20:02:00.305888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:02:08.305656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:02:24.308397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:02:56.314362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:04:48.816973 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 20:04:48.817070 2.994649 tcp 10.0.2.109 63790 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:04:57.808620 0.000000 tcp 10.0.2.109 63790 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:05:03.820083 0.069486 tcp 10.0.2.109 63791 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:05:03.889923 0.035541 tcp 10.0.2.109 63792 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:05:03.925259 0.131282 tcp 10.0.2.109 63793 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:05:04.072575 3.000065 tcp 10.0.2.109 63794 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:05:13.071211 0.000000 tcp 10.0.2.109 63794 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:09:07.321871 3.000561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 20:09:14.327893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:09:22.330913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:09:38.332853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:10:10.338518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:10:19.072453 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 20:10:19.072623 3.002793 tcp 10.0.2.109 63795 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:10:28.073553 0.000000 tcp 10.0.2.109 63795 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:10:34.074453 0.072285 tcp 10.0.2.109 63796 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:10:34.147034 0.037644 tcp 10.0.2.109 63797 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:10:34.184502 0.133780 tcp 10.0.2.109 63798 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:10:34.340960 3.006282 tcp 10.0.2.109 63799 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:10:43.345775 0.000000 tcp 10.0.2.109 63799 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:15:49.336709 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 20:15:49.336883 2.993401 tcp 10.0.2.109 63800 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:15:58.328909 0.000000 tcp 10.0.2.109 63800 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:16:04.344317 0.068692 tcp 10.0.2.109 63801 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:16:04.413282 0.037348 tcp 10.0.2.109 63802 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:16:04.450889 0.126986 tcp 10.0.2.109 63803 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:16:04.588683 2.995995 tcp 10.0.2.109 63804 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:16:13.580609 0.000000 tcp 10.0.2.109 63804 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:16:14.345612 3.003090 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 20:16:21.351703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:16:29.354513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:16:45.364308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:17:17.362751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:23:21.368731 3.010298 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 20:23:28.376483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:23:36.377290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:23:52.380974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:24:24.386718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:29:37.807151 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 20:29:37.807326 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 20:29:55.243930 0.070861 tcp 10.0.2.109 63805 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:29:55.315075 0.034483 tcp 10.0.2.109 63806 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:29:55.349909 0.126941 tcp 10.0.2.109 63807 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:29:55.477429 0.095486 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:55.533351 0.141543 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:55.664046 0.179310 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:55.840709 0.181293 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:55.999821 0.070662 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:56.052689 0.354387 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:56.403361 0.314950 rtcp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:56.719550 0.171875 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:56.879386 0.191684 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:57.063869 0.193473 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:57.254807 0.138227 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:57.391131 0.055713 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:57.497762 0.113646 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:57.573555 0.172142 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:57.721349 0.189572 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:57.883854 0.184290 rtp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:58.046601 0.076238 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:58.124184 0.133351 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:58.249608 0.045127 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:58.293307 0.347044 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:58.636840 0.319678 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:58.969541 0.092689 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:59.027671 0.352321 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:59.388064 0.169153 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:29:59.566635 0.172301 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/19 20:30:04.635979 2.993940 tcp 10.0.2.109 63808 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:30:13.628299 0.000000 tcp 10.0.2.109 63808 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:30:19.637725 0.074135 tcp 10.0.2.109 63809 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:30:19.712157 0.034527 tcp 10.0.2.109 63810 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:30:19.746906 0.134614 tcp 10.0.2.109 63811 -> 195.113.214.249 443 SRPA* 0 0 23 12994 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:30:19.892033 2.999724 tcp 10.0.2.109 63812 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:30:28.392624 3.001916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 20:30:28.890999 0.000000 tcp 10.0.2.109 63812 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:30:35.399674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:30:43.401174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:30:59.404606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:31:31.410685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:35:34.891091 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 20:35:34.891245 3.003659 tcp 10.0.2.109 63813 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:35:43.893446 0.000000 tcp 10.0.2.109 63813 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:35:49.904266 0.069189 tcp 10.0.2.109 63814 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:35:49.973748 0.037348 tcp 10.0.2.109 63815 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:35:50.011367 0.124832 tcp 10.0.2.109 63816 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:35:50.174417 2.999294 tcp 10.0.2.109 63817 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:35:59.165341 0.000000 tcp 10.0.2.109 63817 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:37:35.415854 3.002412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 20:37:42.423659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:37:50.425839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:38:06.428560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:38:38.434888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:41:05.165978 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 20:41:05.166252 2.993371 tcp 10.0.2.109 63818 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:41:14.166286 0.000000 tcp 10.0.2.109 63818 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:41:20.168626 0.075320 tcp 10.0.2.109 63819 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:41:20.244213 0.034888 tcp 10.0.2.109 63820 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:41:20.279450 0.128521 tcp 10.0.2.109 63821 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:41:20.418441 3.003663 tcp 10.0.2.109 63822 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:41:29.420096 0.000000 tcp 10.0.2.109 63822 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:44:42.440792 3.001390 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 20:44:49.447925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:44:57.449460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:45:13.452455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:45:45.458484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:46:35.420519 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 20:46:35.420670 3.003939 tcp 10.0.2.109 63823 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:46:44.423289 0.000000 tcp 10.0.2.109 63823 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:46:50.423396 0.071836 tcp 10.0.2.109 63824 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:46:50.495495 0.037509 tcp 10.0.2.109 63825 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:46:50.533275 0.134685 tcp 10.0.2.109 63826 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/19 20:46:50.737853 3.009405 tcp 10.0.2.109 63827 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:46:59.744781 0.000000 tcp 10.0.2.109 63827 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 20:54:02.466243 3.001222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 20:54:09.475107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:54:17.474446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:54:34.444292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 20:55:06.069132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:00:07.698591 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 21:00:07.698684 0.175058 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:07.870767 0.097595 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:07.929519 0.135066 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:08.056344 0.350457 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:08.427114 0.315879 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:08.741787 0.170069 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:08.901345 0.182479 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:09.066393 0.072104 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:09.119417 0.189295 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:09.300885 0.193540 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:09.491643 0.137392 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:09.627071 0.059744 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:09.671543 0.117678 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:09.749693 0.171813 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:09.897317 0.188925 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:10.064520 0.141215 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:10.193378 0.044248 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:10.239780 0.346995 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:10.583201 0.185067 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:10.745477 0.076554 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:10.837554 0.318050 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2558 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:11.163788 0.092108 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:11.219633 0.355411 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:11.576625 0.174969 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:11.756918 0.166839 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:00:20.787255 2.993732 tcp 10.0.2.109 63828 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:00:29.779754 0.000000 tcp 10.0.2.109 63828 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:00:35.790371 0.072777 tcp 10.0.2.109 63829 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:00:35.863390 0.036902 tcp 10.0.2.109 63830 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:00:35.900578 0.126567 tcp 10.0.2.109 63831 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:00:36.045056 2.998191 tcp 10.0.2.109 63832 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:00:45.044450 0.000000 tcp 10.0.2.109 63832 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:01:09.499813 3.001565 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 21:01:16.507892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:01:24.508762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:01:40.511406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:02:12.517750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:05:51.042296 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 21:05:51.042528 3.003338 tcp 10.0.2.109 63833 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:06:00.045413 0.000000 tcp 10.0.2.109 63833 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:06:06.045065 0.071363 tcp 10.0.2.109 63834 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:06:06.116710 0.033816 tcp 10.0.2.109 63835 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:06:06.150916 0.131969 tcp 10.0.2.109 63836 -> 195.113.214.249 443 SRPA* 0 0 21 12886 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:06:06.361949 2.996118 tcp 10.0.2.109 63837 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:06:15.367774 0.000000 tcp 10.0.2.109 63837 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:08:23.523619 3.001700 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 21:08:30.530867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:08:38.532354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:08:54.535588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:09:26.541345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:11:21.356970 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 21:11:21.357193 2.993629 tcp 10.0.2.109 63838 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:11:30.349416 0.000000 tcp 10.0.2.109 63838 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:11:36.360128 0.073437 tcp 10.0.2.109 63839 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:11:36.433844 0.037638 tcp 10.0.2.109 63840 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:11:36.471782 0.127679 tcp 10.0.2.109 63841 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:11:36.624788 2.998047 tcp 10.0.2.109 63842 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:11:45.621393 0.000000 tcp 10.0.2.109 63842 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:15:30.547868 3.001192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 21:15:37.571292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:15:45.556070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:16:01.559243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:16:33.565934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:16:51.621915 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 21:16:51.622013 3.003622 tcp 10.0.2.109 63843 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:17:00.627259 0.000000 tcp 10.0.2.109 63843 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:17:06.624269 0.069070 tcp 10.0.2.109 63844 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:17:06.693545 0.036985 tcp 10.0.2.109 63845 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:17:06.730817 0.127216 tcp 10.0.2.109 63846 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:17:06.867028 3.000801 tcp 10.0.2.109 63847 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:17:15.876452 0.000000 tcp 10.0.2.109 63847 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:22:37.579710 2.997929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 21:22:44.584812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:22:52.580451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:23:08.583534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:23:40.589503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:29:44.595438 3.001387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 21:29:51.602804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:29:59.604988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:30:15.607245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:30:38.140336 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 21:30:38.140526 0.134123 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:38.266698 0.184110 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:38.446357 0.233449 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:38.644124 0.169554 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:38.802662 0.185213 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:39.014488 0.073612 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:39.069713 0.352304 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:39.418390 0.312655 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:39.729921 0.186794 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:39.909549 0.193531 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:40.100591 0.138114 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:40.236910 0.063066 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:40.284409 0.117217 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:40.364189 0.173288 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:40.514699 0.187295 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:40.679342 0.333853 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:41.009778 0.183795 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:41.169807 0.076669 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:41.266965 0.136416 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:41.395655 0.049995 rtp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:41.444142 0.338450 rtp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:41.783789 0.093075 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:41.838391 0.345052 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:42.182775 0.169557 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:42.361133 0.169938 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/19 21:30:47.613356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:30:51.920155 3.005619 tcp 10.0.2.109 63848 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:31:00.922494 0.000000 tcp 10.0.2.109 63848 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:31:06.922596 0.079174 tcp 10.0.2.109 63849 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:31:07.002245 0.037884 tcp 10.0.2.109 63850 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:31:07.040385 0.137175 tcp 10.0.2.109 63851 -> 195.113.214.249 443 SRPA* 0 0 48 43546 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:31:07.189722 3.006283 tcp 10.0.2.109 63852 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:31:16.196500 0.000000 tcp 10.0.2.109 63852 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:36:22.185164 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 21:36:22.185403 2.993972 tcp 10.0.2.109 63853 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:36:31.197638 0.000000 tcp 10.0.2.109 63853 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:36:37.187500 0.071454 tcp 10.0.2.109 63854 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:36:37.259249 0.035210 tcp 10.0.2.109 63855 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:36:37.294710 0.129615 tcp 10.0.2.109 63856 -> 195.113.214.249 443 SRPA* 0 0 41 22488 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:36:37.435865 2.994832 tcp 10.0.2.109 63857 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:36:46.429103 0.000000 tcp 10.0.2.109 63857 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:36:51.619003 3.005172 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 21:36:58.626762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:37:06.628726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:37:22.631613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:37:54.637298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:41:52.429736 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 21:41:52.429836 3.003647 tcp 10.0.2.109 63858 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:42:01.432269 0.000000 tcp 10.0.2.109 63858 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:42:07.432362 0.036047 tcp 10.0.2.109 63859 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:42:07.468649 0.034391 tcp 10.0.2.109 63860 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:42:07.503351 0.130047 tcp 10.0.2.109 63861 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:42:07.652338 3.002435 tcp 10.0.2.109 63862 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:42:16.654989 0.000000 tcp 10.0.2.109 63862 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:43:58.643522 3.001553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 21:44:05.650895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:44:13.652218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:44:29.654687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:45:01.661480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:47:22.655107 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 21:47:22.655219 2.997975 tcp 10.0.2.109 63863 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:47:31.656935 0.000000 tcp 10.0.2.109 63863 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:47:37.657073 0.033070 tcp 10.0.2.109 63864 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:47:37.690438 0.034693 tcp 10.0.2.109 63865 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:47:37.725393 0.132078 tcp 10.0.2.109 63866 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 21:47:37.866571 2.993584 tcp 10.0.2.109 63867 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:47:46.858677 0.000000 tcp 10.0.2.109 63867 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 21:51:05.667322 3.001832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 21:51:12.679211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:51:20.676050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:51:36.679495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:52:08.685135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:58:12.692253 3.000166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 21:58:19.698981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:58:27.700042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:58:43.703278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 21:59:15.709354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:01:11.185650 0.000179 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 22:01:11.185955 0.099345 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:11.244978 0.173924 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:11.407842 0.135367 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:11.535385 0.175094 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:11.708078 0.349008 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:12.053479 0.316165 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:12.368329 0.182258 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:12.527358 0.070881 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:12.581128 0.186173 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:12.759886 0.192082 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:12.949268 0.137763 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:13.085097 0.058728 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:13.124848 0.116845 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:13.203233 0.174485 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:13.355413 0.187140 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:13.519414 0.342049 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:13.858685 0.185730 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:14.017361 0.070631 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:14.089390 0.134600 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:14.216391 0.045619 udp 10.0.2.109 3683 <-> 93.223.113.168 4817 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:14.260112 0.342883 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:14.604045 0.210698 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:14.777758 0.171039 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:14.974340 0.356003 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:15.329425 0.178545 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:01:22.921901 3.004415 tcp 10.0.2.109 63868 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:01:31.925102 0.000000 tcp 10.0.2.109 63868 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:01:37.925131 0.034230 tcp 10.0.2.109 63869 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:01:37.959679 0.033982 tcp 10.0.2.109 63870 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:01:37.993976 0.126664 tcp 10.0.2.109 63871 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:01:38.129833 2.998661 tcp 10.0.2.109 63872 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:01:47.136838 0.000000 tcp 10.0.2.109 63872 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:05:29.718763 3.002623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 22:05:36.727306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:05:44.728587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:06:00.731475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:06:32.740825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:06:53.127583 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 22:06:53.127682 3.003455 tcp 10.0.2.109 63873 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:07:02.129748 0.000000 tcp 10.0.2.109 63873 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:07:08.130743 0.036447 tcp 10.0.2.109 63874 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:07:08.167448 0.033355 tcp 10.0.2.109 63875 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:07:08.201039 0.142150 tcp 10.0.2.109 63876 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:07:08.356113 2.996946 tcp 10.0.2.109 63877 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:07:17.351583 0.000000 tcp 10.0.2.109 63877 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:12:23.352160 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 22:12:23.352343 3.006150 tcp 10.0.2.109 63878 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:12:32.354934 0.000000 tcp 10.0.2.109 63878 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:12:36.744376 3.000310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 22:12:38.354799 0.079967 tcp 10.0.2.109 63879 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:12:38.435090 0.038231 tcp 10.0.2.109 63880 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:12:38.473636 0.128448 tcp 10.0.2.109 63881 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:12:38.611524 2.996442 tcp 10.0.2.109 63882 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:12:43.751045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:12:47.615947 0.000000 tcp 10.0.2.109 63882 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:12:51.752053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:13:07.755341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:13:39.761514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:17:53.606894 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 22:17:53.607046 2.993600 tcp 10.0.2.109 63883 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:18:02.599396 0.000000 tcp 10.0.2.109 63883 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:18:08.610457 0.034277 tcp 10.0.2.109 63884 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:18:08.644993 0.034267 tcp 10.0.2.109 63885 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:18:08.679569 0.127275 tcp 10.0.2.109 63886 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:18:08.835950 2.998037 tcp 10.0.2.109 63887 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:18:17.831371 0.000000 tcp 10.0.2.109 63887 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:19:43.767048 3.002211 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 22:19:50.774378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:19:58.776556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:20:14.779681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:20:46.785665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:26:50.791671 3.001962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 22:26:57.801989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:27:05.800805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:27:21.803161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:27:53.809497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:31:20.099364 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 22:31:20.099525 0.137895 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:20.229155 0.103428 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:20.296335 0.173836 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:20.458784 0.256624 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:20.711740 0.349497 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:21.057884 0.315685 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2002 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:21.372103 0.184959 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:21.538404 0.070056 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:21.591661 0.187433 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:21.771081 0.191964 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:21.960360 0.138619 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:22.096734 0.058435 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:22.137247 0.112357 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:22.211836 0.171390 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:22.360459 0.187067 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:22.526036 0.337840 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:22.860350 0.189988 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:23.027099 0.076615 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:23.105118 0.136620 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:23.231948 0.000000 udp 10.0.2.109 3683 -> 93.223.113.168 4817 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 22:31:23.881692 3.003619 tcp 10.0.2.109 63888 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:31:32.884607 0.000000 tcp 10.0.2.109 63888 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:31:38.885068 0.059060 tcp 10.0.2.109 63889 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:31:38.944390 0.034241 tcp 10.0.2.109 63890 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:31:38.978872 0.126345 tcp 10.0.2.109 63891 -> 195.113.214.249 443 SRPA* 0 0 22 11860 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:31:39.119778 3.008479 tcp 10.0.2.109 63892 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:31:40.637003 0.054861 tcp 10.0.2.109 63893 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:31:40.692168 0.035031 tcp 10.0.2.109 63894 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:31:40.727547 0.132345 tcp 10.0.2.109 63895 -> 195.113.214.249 443 SRPA* 0 0 33 18096 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:31:40.860517 0.316855 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:41.186200 0.935038 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:42.085105 0.171560 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:42.252883 0.379925 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:42.634088 0.179265 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/19 22:31:48.136502 0.000000 tcp 10.0.2.109 63892 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:33:57.817771 2.999345 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 22:34:04.822946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:34:12.830720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:34:28.827701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:35:00.833133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:36:54.117216 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 22:36:54.117372 2.993646 tcp 10.0.2.109 63896 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:37:03.109124 0.000000 tcp 10.0.2.109 63896 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:37:09.120216 0.034185 tcp 10.0.2.109 63897 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:37:09.154705 0.033872 tcp 10.0.2.109 63898 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:37:09.188819 0.128501 tcp 10.0.2.109 63899 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:37:09.332725 2.999711 tcp 10.0.2.109 63900 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:37:18.331052 0.000000 tcp 10.0.2.109 63900 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:41:04.839591 3.001352 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 22:41:11.846725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:41:19.851811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:41:35.873607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:42:07.857500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:42:24.331622 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 22:42:24.331845 3.003891 tcp 10.0.2.109 63901 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:42:33.333980 0.000000 tcp 10.0.2.109 63901 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:42:39.334361 0.034585 tcp 10.0.2.109 63902 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:42:39.368965 0.034178 tcp 10.0.2.109 63903 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:42:39.403434 0.132432 tcp 10.0.2.109 63904 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:42:39.577601 3.011399 tcp 10.0.2.109 63905 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:42:48.601655 0.000000 tcp 10.0.2.109 63905 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:47:54.576111 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 22:47:54.576206 2.997000 tcp 10.0.2.109 63906 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:48:03.570909 0.000000 tcp 10.0.2.109 63906 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:48:09.579498 0.055521 tcp 10.0.2.109 63907 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:48:09.635286 0.036661 tcp 10.0.2.109 63908 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:48:09.672193 0.137107 tcp 10.0.2.109 63909 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:48:09.824335 2.997143 tcp 10.0.2.109 63910 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:48:11.863484 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 22:48:18.820745 0.000000 tcp 10.0.2.109 63910 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:48:18.873862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:48:26.872388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:48:42.875221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:49:14.880973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:53:24.821614 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 22:53:24.821791 3.003213 tcp 10.0.2.109 63911 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:53:33.823348 0.000000 tcp 10.0.2.109 63911 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:53:39.824108 0.036530 tcp 10.0.2.109 63912 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:53:39.860945 0.034608 tcp 10.0.2.109 63913 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:53:39.895813 0.129524 tcp 10.0.2.109 63914 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/19 22:53:40.036204 3.000926 tcp 10.0.2.109 63915 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:53:49.036554 0.000000 tcp 10.0.2.109 63915 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 22:55:48.890985 3.001118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 22:55:55.897836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:56:03.899347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:56:19.902344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 22:56:51.916614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:01:43.327984 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:01:43.328152 0.000000 udp 10.0.2.109 3683 -> 93.223.113.168 4817 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:02:00.894478 0.041054 tcp 10.0.2.109 63916 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:02:00.935799 0.037164 tcp 10.0.2.109 63917 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:02:00.973285 0.138928 tcp 10.0.2.109 63918 -> 195.113.214.249 443 SRPA* 0 0 41 22696 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:02:01.112931 0.171191 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:01.272047 0.177257 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:01.446412 0.132932 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:01.571362 0.098150 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:01.631732 0.316759 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:01.956552 0.184127 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:02.113834 0.070837 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:02.167828 0.353667 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:02.579055 0.190442 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:02.762241 0.196657 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:02.956036 0.119820 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:03.035760 0.173494 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:03.185954 0.191110 rtp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:03.354635 0.337341 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:03.686168 0.058535 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:03.727132 0.138236 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:03.864794 0.181369 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:04.024280 0.076398 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:04.102244 0.133633 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:04.227883 0.318478 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:04.547565 0.383298 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:04.951974 0.175123 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:05.126291 1.517306 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:06.609039 0.169605 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:06.808494 0.328124 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 8 3095 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:07.124381 0.329569 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3210 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:07.502413 0.257747 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 8 2992 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:07.752355 0.170306 udp 10.0.2.109 3683 <-> 82.70.112.62 3282 CON 0 0 8 3195 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:07.883083 0.632886 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 3226 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:08.514979 0.336555 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 3028 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:08.828150 0.097929 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 2952 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:08.911385 0.369392 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 3361 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:09.273106 0.387195 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 8 3002 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:09.658127 0.176345 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 8 2992 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:09.812825 0.319335 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 8 3144 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:10.058220 2.992185 tcp 10.0.2.109 63919 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:02:10.107592 0.703947 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3147 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:10.807775 0.344648 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 8 3085 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:11.130728 0.668148 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 8 3383 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:11.795122 0.093823 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 8 3138 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:11.872194 0.274985 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 8 3271 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:12.145554 0.343120 udp 10.0.2.109 3683 <-> 70.52.140.39 6343 CON 0 0 8 3216 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:12.463834 0.153290 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 8 2928 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:12.618634 0.260477 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 8 2886 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:12.871415 0.761950 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 8 3126 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:13.641047 0.364875 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 8 3107 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:14.014578 0.636386 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 8 2935 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:14.722905 0.338835 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 8 2963 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:15.063667 2.040745 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 8 2864 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:17.070925 0.000000 udp 10.0.2.109 3683 -> 111.94.149.245 3909 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:02:19.048699 0.000000 tcp 10.0.2.109 63919 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:02:22.474118 0.598599 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 8 2932 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:23.090520 0.445953 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 8 2908 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:23.563585 0.087135 udp 10.0.2.109 3683 <-> 84.130.203.177 8279 CON 0 0 8 2870 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:02:23.659824 0.000000 udp 10.0.2.109 3683 -> 203.206.220.184 6369 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:02:25.058093 0.033137 tcp 10.0.2.109 63920 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:02:25.091523 0.037779 tcp 10.0.2.109 63921 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:02:25.129124 0.129910 tcp 10.0.2.109 63922 -> 195.113.214.249 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:02:25.273362 2.998663 tcp 10.0.2.109 63923 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:02:29.644185 0.000000 udp 10.0.2.109 3683 -> 223.204.153.128 1034 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:02:34.270957 0.000000 tcp 10.0.2.109 63923 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:02:38.422841 0.000000 udp 10.0.2.109 3683 -> 203.121.23.46 8376 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:02:43.654694 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:02:50.864841 0.000000 udp 10.0.2.109 3683 -> 92.252.11.115 2531 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:02:55.934128 2.987930 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 23:02:57.904792 0.000000 udp 10.0.2.109 3683 -> 198.57.13.68 7739 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:02.921793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:03:06.477348 0.000000 udp 10.0.2.109 3683 -> 80.98.148.50 3394 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:10.923464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:03:11.093711 0.000114 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:03:11.724259 0.000000 udp 10.0.2.109 3683 -> 186.167.1.250 9310 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:18.267406 0.000000 udp 10.0.2.109 3683 -> 220.246.75.127 7950 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:23.361576 0.000000 udp 10.0.2.109 3683 -> 94.67.215.214 5048 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:26.925937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:03:29.830783 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:35.208227 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:42.468942 0.000000 udp 10.0.2.109 3683 -> 87.25.6.152 2563 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:48.657749 0.204517 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 8 2653 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:03:49.567616 0.344076 udp 10.0.2.109 3683 <-> 86.156.108.187 4764 CON 0 0 8 3151 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:03:50.039595 0.000000 udp 10.0.2.109 3683 -> 190.136.146.253 4426 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:55.397535 0.000000 udp 10.0.2.109 3683 -> 124.178.254.24 5780 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:03:58.931810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:04:00.580258 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:04:04.180148 0.000000 udp 10.0.2.109 3683 -> 82.36.154.94 9414 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:04:10.676665 0.000000 udp 10.0.2.109 3683 -> 173.61.6.46 1281 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:04:17.708964 0.000000 udp 10.0.2.109 3683 -> 84.185.163.123 4448 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:04:25.425193 0.000000 udp 10.0.2.109 3683 -> 61.121.226.206 3746 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:04:30.772070 0.000000 udp 10.0.2.109 3683 -> 166.127.174.149 8726 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:04:38.449729 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:04:44.486163 0.000000 udp 10.0.2.109 3683 -> 46.47.221.122 9635 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:04:49.109905 0.000291 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:04:53.180731 0.000000 udp 10.0.2.109 3683 -> 121.8.180.252 3358 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:05:00.881741 0.000000 udp 10.0.2.109 3683 -> 103.17.74.58 3192 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:05:06.970285 0.000000 udp 10.0.2.109 3683 -> 186.6.63.221 2209 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:05:13.409861 0.000000 udp 10.0.2.109 3683 -> 95.232.3.46 5104 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:05:20.389940 0.000000 udp 10.0.2.109 3683 -> 70.166.149.114 9454 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:05:27.981085 0.168746 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 8 3231 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:05:28.573155 0.730430 udp 10.0.2.109 3683 <-> 14.222.174.217 1354 CON 0 0 7 2854 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:05:33.598564 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:05:33.983342 0.000000 udp 10.0.2.109 3683 -> 221.241.213.58 8824 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:05:40.073051 0.133523 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 8 2914 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:05:40.237686 0.000000 udp 10.0.2.109 3683 -> 182.253.50.39 8897 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:05:45.718693 0.000000 udp 10.0.2.109 3683 -> 216.168.95.138 4111 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:05:52.264555 0.000000 udp 10.0.2.109 3683 -> 61.195.130.230 3327 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:05:57.334562 0.000000 udp 10.0.2.109 3683 -> 211.118.10.174 4492 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:06:05.420736 0.000000 udp 10.0.2.109 3683 -> 116.73.197.217 5217 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:06:14.025879 0.000000 udp 10.0.2.109 3683 -> 218.38.255.190 3980 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:06:18.609462 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:06:19.524366 0.000000 udp 10.0.2.109 3683 -> 94.4.40.157 2938 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:06:28.387589 0.000000 udp 10.0.2.109 3683 -> 86.137.139.88 4862 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:06:33.855426 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:06:41.055701 0.000000 udp 10.0.2.109 3683 -> 75.109.189.157 7538 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:06:48.940590 0.000000 udp 10.0.2.109 3683 -> 147.163.75.36 3026 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:06:55.045717 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:07:00.244639 0.000000 udp 10.0.2.109 3683 -> 212.179.245.55 6562 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:07:05.099983 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:07:08.554953 0.000000 udp 10.0.2.109 3683 -> 60.241.179.207 5779 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:07:13.762978 0.000000 udp 10.0.2.109 3683 -> 219.80.200.232 9709 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:07:19.280874 0.932559 udp 10.0.2.109 3683 <-> 99.163.241.143 1868 CON 0 0 8 3088 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:07:23.878493 0.000000 udp 10.0.2.109 3683 -> 89.204.217.21 8838 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:07:30.856178 0.000000 udp 10.0.2.109 3683 -> 203.45.69.168 6475 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:07:36.024566 0.283113 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 2852 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:07:36.359316 1.205544 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 8 3038 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:07:37.615996 0.387095 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 8 2918 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:07:38.172605 0.311137 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 8 3132 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:07:38.547150 0.000000 udp 10.0.2.109 3683 -> 109.67.190.79 3178 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:07:40.273817 3.001057 tcp 10.0.2.109 63924 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:07:45.548605 0.000000 udp 10.0.2.109 3683 -> 66.178.22.134 4803 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:07:49.273675 0.000000 tcp 10.0.2.109 63924 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:07:50.094796 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:07:52.763277 0.181509 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 8 3053 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:07:52.962965 0.000000 udp 10.0.2.109 3683 -> 88.253.58.255 9623 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:07:55.275502 0.042550 tcp 10.0.2.109 63925 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:07:55.318337 0.036669 tcp 10.0.2.109 63926 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:07:55.355332 0.135353 tcp 10.0.2.109 63927 -> 195.113.214.249 443 SRPA* 0 0 21 13058 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:07:55.550604 3.006326 tcp 10.0.2.109 63928 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:08:00.710558 0.000000 udp 10.0.2.109 3683 -> 182.68.134.95 3365 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:08:04.555335 0.000000 tcp 10.0.2.109 63928 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:08:08.511598 0.370387 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 8 2964 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:08:11.355553 0.000000 udp 10.0.2.109 3683 -> 74.134.225.215 8814 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:08:17.784757 0.000000 udp 10.0.2.109 3683 -> 190.247.166.150 7084 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:08:23.563479 0.000000 udp 10.0.2.109 3683 -> 216.254.187.15 2849 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:08:29.091074 0.000000 udp 10.0.2.109 3683 -> 86.169.128.177 3620 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:08:35.620658 0.000000 udp 10.0.2.109 3683 -> 98.166.18.217 4157 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:08:40.597378 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:08:41.098007 0.303185 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 8 2940 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:08:41.489634 0.000000 udp 10.0.2.109 3683 -> 219.75.68.99 3303 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:08:47.417420 0.426533 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 8 3157 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:08:48.107683 0.000000 udp 10.0.2.109 3683 -> 194.126.9.186 1738 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:08:54.878180 0.000000 udp 10.0.2.109 3683 -> 195.120.143.58 5286 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:09:00.576201 0.463054 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 8 2980 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:09:01.043390 0.000000 udp 10.0.2.109 3683 -> 79.175.180.6 5117 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:09:06.695115 0.000000 udp 10.0.2.109 3683 -> 105.226.10.121 9023 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:09:13.915412 0.000000 udp 10.0.2.109 3683 -> 202.130.84.22 6269 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:09:19.383489 0.000000 udp 10.0.2.109 3683 -> 220.233.200.234 1066 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:09:26.964825 0.000000 udp 10.0.2.109 3683 -> 78.180.121.46 8707 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:09:31.600071 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:09:32.572378 0.841252 udp 10.0.2.109 3683 <-> 183.130.189.254 1380 CON 0 0 8 2851 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:09:33.429561 0.000000 udp 10.0.2.109 3683 -> 109.225.140.66 7457 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:09:41.535292 0.000000 udp 10.0.2.109 3683 -> 87.119.163.4 5920 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:09:49.566766 0.000000 udp 10.0.2.109 3683 -> 75.87.64.220 7542 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:09:57.928940 0.000000 udp 10.0.2.109 3683 -> 71.40.185.34 1802 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:10:02.948273 3.002078 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 23:10:03.116123 0.000000 udp 10.0.2.109 3683 -> 207.144.15.197 6181 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:10:09.956099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:10:09.966949 0.000000 udp 10.0.2.109 3683 -> 195.91.157.11 1954 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:10:15.213684 0.063328 udp 10.0.2.109 3683 -> 88.250.159.222 2016 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:10:15.277012 0.000000 icmp 88.250.159.222 0x0303 -> 10.0.2.109 0xe007 URP 192 1 298 flow=Background 1970/02/19 23:10:17.957439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:10:20.100307 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:10:23.695965 0.370817 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 8 3049 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:10:24.079557 0.000000 udp 10.0.2.109 3683 -> 96.32.33.91 8500 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:10:32.618844 0.000000 udp 10.0.2.109 3683 -> 89.99.195.225 7671 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:10:33.961017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:10:40.740497 0.000000 udp 10.0.2.109 3683 -> 50.122.223.164 2041 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:10:47.509980 0.000000 udp 10.0.2.109 3683 -> 60.241.163.73 6346 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:10:56.493058 0.231682 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 8 3128 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:10:56.745740 0.325504 udp 10.0.2.109 3683 <-> 173.14.52.58 4117 CON 0 0 8 3189 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:10:57.076142 0.871672 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 8 2965 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:10:57.974816 0.000000 udp 10.0.2.109 3683 -> 151.50.95.9 7149 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:11:05.967249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:11:06.627603 0.179845 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 8 3051 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:11:06.800389 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:11:11.594321 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:11:14.188038 0.000000 udp 10.0.2.109 3683 -> 110.78.146.113 5703 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:11:19.776803 0.000000 udp 10.0.2.109 3683 -> 116.226.232.4 3821 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:11:27.968762 0.000000 udp 10.0.2.109 3683 -> 69.119.25.96 8047 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:11:34.006912 0.000000 udp 10.0.2.109 3683 -> 59.95.122.109 6887 INT 0 1 186 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:11:41.808047 0.000000 udp 10.0.2.109 3683 -> 70.183.196.169 1107 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:11:47.335924 0.000000 udp 10.0.2.109 3683 -> 41.86.140.16 5785 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:11:54.369609 0.000000 udp 10.0.2.109 3683 -> 190.0.250.86 1634 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:11:59.096377 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:11:59.556314 0.000000 udp 10.0.2.109 3683 -> 60.39.233.16 4900 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:12:06.616566 0.637033 udp 10.0.2.109 3683 <-> 2.184.101.79 3564 CON 0 0 8 3192 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:12:07.235377 0.000000 udp 10.0.2.109 3683 -> 14.46.8.41 5487 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:12:14.116676 0.000000 udp 10.0.2.109 3683 -> 88.58.153.178 8974 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:12:21.855359 0.215270 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 8 3071 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:12:22.075330 0.179151 udp 10.0.2.109 3683 <-> 78.189.48.189 3995 CON 0 0 8 3099 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:12:22.254808 0.000000 udp 10.0.2.109 3683 -> 94.249.14.134 6462 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:12:29.166392 0.000000 udp 10.0.2.109 3683 -> 217.66.170.70 5440 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:12:35.925826 2.265612 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 8 2954 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:12:37.486403 0.000000 udp 10.0.2.109 3683 -> 116.15.76.97 8943 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:12:43.766748 0.000000 udp 10.0.2.109 3683 -> 208.104.148.13 6274 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:12:48.593722 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:12:48.814045 0.000000 udp 10.0.2.109 3683 -> 176.73.242.27 4163 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:12:54.973479 0.000000 udp 10.0.2.109 3683 -> 2.132.203.239 9679 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:13:01.402929 0.000000 udp 10.0.2.109 3683 -> 183.77.247.48 2266 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:13:08.745785 0.000000 udp 10.0.2.109 3683 -> 87.15.180.132 1865 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:13:10.546034 2.993815 tcp 10.0.2.109 63929 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:13:14.361044 0.397373 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 8 2976 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:13:19.538636 0.000000 tcp 10.0.2.109 63929 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/19 23:13:25.550944 0.057833 tcp 10.0.2.109 63930 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:13:25.609054 0.037925 tcp 10.0.2.109 63931 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:13:25.647262 0.131075 tcp 10.0.2.109 63932 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:13:25.788534 0.634555 tcp 10.0.2.109 63933 -> 188.129.248.221 6410 FSPA* 0 0 14 1577 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:17:09.972973 3.001108 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 23:17:16.979894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:17:24.981214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:17:40.984658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:18:12.990623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:24:16.995915 3.002304 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 23:24:24.003971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:24:32.005443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:24:48.008314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:25:20.014937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:31:24.020027 3.002166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 23:31:31.027817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:31:39.029255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:31:55.032456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:32:27.041387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:38:31.045527 3.000246 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 23:38:38.051643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:38:46.054730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:39:02.057057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:39:34.065061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:43:26.429256 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/19 23:43:26.429390 0.575211 tcp 10.0.2.109 63934 -> 188.129.248.221 6410 FSPA* 0 0 14 1608 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:43:37.583015 0.169834 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:37.741351 0.174358 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:37.912784 0.141231 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:38.044843 0.000000 udp 10.0.2.109 3683 -> 82.70.112.62 3282 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:43:56.111467 0.061108 tcp 10.0.2.109 63935 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:43:56.172801 0.034702 tcp 10.0.2.109 63936 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:43:56.207798 0.140120 tcp 10.0.2.109 63937 -> 195.113.214.249 443 SRPA* 0 0 22 11860 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:43:56.348433 0.317551 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:56.679312 0.192141 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:56.863164 0.072875 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:56.918986 0.198342 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:57.114559 0.120286 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:57.193957 0.173697 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:57.343424 0.188011 rtp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:57.509474 0.348944 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:57.953977 0.338748 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:58.289859 0.056195 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:58.330576 0.138060 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:58.466819 0.163142 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:58.622039 0.073053 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:58.696411 0.170146 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2524 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:58.867602 0.345989 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:59.235395 0.319682 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:59.556614 0.168040 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:43:59.786304 1.454157 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:01.208311 0.219146 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:01.417835 0.300771 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:01.726049 0.046988 udp 10.0.2.109 3683 <-> 84.130.203.177 8279 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:01.769213 0.110505 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:01.843932 0.081500 udp 10.0.2.109 3683 <-> 86.156.108.187 4764 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:01.911940 0.090573 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:02.018560 0.374408 udp 10.0.2.109 3683 <-> 14.222.174.217 1354 CON 0 0 5 1688 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:02.364720 0.079430 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:02.427051 0.000000 udp 10.0.2.109 3683 -> 99.163.241.143 1868 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:44:19.983030 0.053600 tcp 10.0.2.109 63938 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:44:20.036921 0.034613 tcp 10.0.2.109 63939 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:44:20.071824 0.148266 tcp 10.0.2.109 63940 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:44:20.220601 0.153846 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2035 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:20.366774 0.000000 udp 10.0.2.109 3683 -> 60.182.142.95 6353 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/19 23:44:35.689094 0.057962 tcp 10.0.2.109 63941 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:44:35.747313 0.041140 tcp 10.0.2.109 63942 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:44:35.788789 0.126574 tcp 10.0.2.109 63943 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/19 23:44:35.915900 0.200214 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:36.101372 0.142203 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:36.235949 0.115327 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:36.312891 0.152270 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:36.472525 0.150646 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:36.652096 0.225625 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:36.869611 0.252838 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:37.086313 0.372960 udp 10.0.2.109 3683 <-> 183.130.189.254 1380 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:37.457789 0.184463 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:37.648501 0.116429 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:37.771252 0.169884 udp 10.0.2.109 3683 <-> 173.14.52.58 4117 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:37.931293 0.449757 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:38.389771 0.104986 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 5 1886 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:38.461771 0.333683 rtp 10.0.2.109 3683 <-> 2.184.101.79 3564 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:38.761811 0.112548 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:38.839347 0.698902 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:44:39.298337 0.234673 rtp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/19 23:45:38.068453 3.001866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/19 23:45:45.075506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:45:53.077166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:46:09.080183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:46:41.086696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:54:28.100670 3.001447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/19 23:54:35.110428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:54:43.109424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:54:59.112553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/19 23:55:31.122528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:01:59.129742 3.001016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 00:02:06.136369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:02:14.144750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:02:30.144469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:03:02.147187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:09:10.161330 2.999342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 00:09:17.166295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:09:25.178493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:09:41.170603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:10:13.176584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:13:27.005640 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 00:13:27.005819 0.549891 tcp 10.0.2.109 63944 -> 188.129.248.221 6410 FSPA* 0 0 14 1621 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:14:45.618560 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 00:14:45.618759 0.000000 udp 10.0.2.109 3683 -> 82.70.112.62 3282 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 00:15:01.062306 0.037095 tcp 10.0.2.109 63945 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:01.099689 0.035451 tcp 10.0.2.109 63946 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:01.135394 0.145466 tcp 10.0.2.109 63947 -> 195.113.214.249 443 SRPA* 0 0 33 19424 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:01.281443 0.000000 udp 10.0.2.109 3683 -> 99.163.241.143 1868 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 00:15:18.526037 0.039366 tcp 10.0.2.109 63948 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:18.565677 0.039593 tcp 10.0.2.109 63949 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:18.605610 0.143607 tcp 10.0.2.109 63950 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:18.749955 1.013966 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 2 348 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:19.764290 0.176429 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:19.937726 0.176508 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:20.102943 0.134807 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:20.235462 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 00:15:37.503491 0.033316 tcp 10.0.2.109 63951 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:37.537090 0.035936 tcp 10.0.2.109 63952 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:37.573334 0.130897 tcp 10.0.2.109 63953 -> 195.113.214.249 443 SRPA* 0 0 24 11930 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:37.704780 0.192411 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:37.889182 0.069166 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:37.941232 0.173865 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:38.092221 0.187798 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 5 1993 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:53.968023 0.033565 tcp 10.0.2.109 63954 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:54.001881 0.035398 tcp 10.0.2.109 63955 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:54.037583 0.140843 tcp 10.0.2.109 63956 -> 195.113.214.249 443 SRPA* 0 0 21 11806 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:15:54.178954 0.193695 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:54.370011 0.113094 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:54.444472 0.353417 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:54.794231 0.136063 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:54.922530 0.076287 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:55.007790 0.169516 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:55.187295 0.335165 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:55.518830 0.056482 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:55.559873 0.137881 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:55.699039 0.346013 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:56.046368 0.331272 rtp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:56.377363 0.169184 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:56.543982 0.227004 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:56.761644 0.105361 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:56.833436 0.081659 udp 10.0.2.109 3683 <-> 86.156.108.187 4764 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:56.899651 1.359866 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:58.223904 0.051990 udp 10.0.2.109 3683 <-> 84.130.203.177 8279 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:58.274936 0.307890 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:58.584133 0.094693 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:58.698476 0.083273 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:15:58.762499 0.000000 udp 10.0.2.109 3683 -> 14.222.174.217 1354 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 00:16:14.559901 0.033831 tcp 10.0.2.109 63957 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:16:14.594044 0.035421 tcp 10.0.2.109 63958 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:16:14.629760 0.139220 tcp 10.0.2.109 63959 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:16:14.769737 0.160393 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:14.916596 0.000000 udp 10.0.2.109 3683 -> 108.252.199.115 2393 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 00:16:17.186609 2.998167 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 00:16:24.189813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:16:30.449928 0.043210 tcp 10.0.2.109 63960 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:16:30.493398 0.036684 tcp 10.0.2.109 63961 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:16:30.530390 0.143285 tcp 10.0.2.109 63962 -> 195.113.214.249 443 SRPA* 0 0 28 16450 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:16:30.674353 0.142478 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:30.809050 0.114872 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:30.881048 0.154644 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:31.050794 0.153987 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:31.206495 0.235801 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:31.434618 0.241520 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:31.638519 0.000000 udp 10.0.2.109 3683 -> 183.130.189.254 1380 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 00:16:32.191451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:16:47.794447 0.036878 tcp 10.0.2.109 63963 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:16:47.831557 0.035223 tcp 10.0.2.109 63964 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:16:47.867029 0.136638 tcp 10.0.2.109 63965 -> 195.113.214.249 443 SRPA* 0 0 33 18134 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:16:48.004379 0.184593 rtp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:48.191742 0.104245 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:48.195453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:16:48.297469 0.102870 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:48.367054 0.327457 udp 10.0.2.109 3683 <-> 2.184.101.79 3564 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:48.658314 0.112927 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:48.738464 0.172872 udp 10.0.2.109 3683 <-> 173.14.52.58 4117 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:48.898491 0.437755 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:49.344837 0.701758 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:16:49.806331 0.201714 rtp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:17:20.200748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:23:24.206722 3.000975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 00:23:31.214471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:23:39.215369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:23:55.218794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:24:27.224333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:30:31.231243 3.001029 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 00:30:38.238034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:30:46.239551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:31:02.242575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:31:34.249064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:37:38.255089 3.003845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 00:37:45.262279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:37:53.263366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:38:09.266470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:38:41.272787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:43:27.554546 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 00:43:27.554643 0.485038 tcp 10.0.2.109 63966 -> 188.129.248.221 6410 FSPA* 0 0 14 1620 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:44:45.278826 3.001519 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 00:44:52.286001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:45:00.287583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:45:16.290638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:45:48.298367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:47:19.197482 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 00:47:19.197576 0.315913 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:19.511819 0.194034 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:19.682728 0.380301 udp 10.0.2.109 3683 <-> 14.222.174.217 1354 CON 0 0 5 1669 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:20.035502 0.000000 udp 10.0.2.109 3683 -> 108.252.199.115 2393 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 00:47:35.662637 0.038652 tcp 10.0.2.109 63967 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:47:35.701558 0.073160 tcp 10.0.2.109 63968 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:47:35.774959 0.134301 tcp 10.0.2.109 63969 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:47:35.910406 0.000000 udp 10.0.2.109 3683 -> 183.130.189.254 1380 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 00:47:53.597577 0.033949 tcp 10.0.2.109 63970 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:47:53.631864 0.038014 tcp 10.0.2.109 63971 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:47:53.670391 0.136513 tcp 10.0.2.109 63972 -> 195.113.214.249 443 SRPA* 0 0 48 43924 flow=From-Botnet-V1-TCP-Established 1970/02/20 00:47:53.807583 1.207824 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 2 467 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:55.015807 0.172935 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:55.186127 0.174364 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:55.349153 0.134659 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:55.474506 0.187483 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:55.654616 0.173931 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:55.804004 0.070879 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:55.858168 0.352776 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:56.206853 0.193640 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:56.397614 0.119591 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:56.477729 0.161395 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2593 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:56.630605 0.138302 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:56.766707 0.172094 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:56.933951 0.325345 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:57.242753 0.076610 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:57.320900 0.344060 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:57.662750 0.219143 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:57.871217 0.107901 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:57.943119 0.087621 udp 10.0.2.109 3683 <-> 86.156.108.187 4764 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:58.015219 0.344542 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:58.361269 0.172480 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:58.538596 0.319058 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:58.869229 0.046889 udp 10.0.2.109 3683 <-> 84.130.203.177 8279 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:58.912214 0.981500 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:47:59.859841 0.307120 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:00.181027 0.100135 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:00.255114 0.071952 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:00.311661 0.147339 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:00.450858 0.143169 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:00.586380 0.110736 rtp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:00.658632 0.227867 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:00.877727 0.239468 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:01.080720 0.150317 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:01.265132 0.164208 rtp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:01.413572 0.184530 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:01.606798 0.116548 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:01.724954 0.104545 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:01.794907 0.327954 udp 10.0.2.109 3683 <-> 2.184.101.79 3564 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:02.085393 0.121438 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:02.174237 0.242644 udp 10.0.2.109 3683 <-> 173.14.52.58 4117 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:02.420233 0.446836 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:02.885579 0.681623 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:48:03.347602 0.199426 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/20 00:54:02.310450 3.000537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 00:54:09.316994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:54:17.318469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:54:33.321211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 00:55:05.327469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:01:11.339370 2.998491 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 01:01:18.343539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:01:26.347095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:01:42.348343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:02:14.473306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:08:26.497271 2.995985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 01:08:33.499152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:08:41.500826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:08:57.503693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:09:29.510156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:13:28.827811 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 01:13:28.828001 0.573773 tcp 10.0.2.109 63973 -> 188.129.248.221 6410 FSPA* 0 0 14 1739 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:15:34.197290 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 01:15:41.204384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:15:49.205778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:16:05.208589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:16:37.215388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:18:31.719489 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 01:18:31.719630 0.317239 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:32.054832 0.187574 udp 10.0.2.109 3683 <-> 76.65.196.21 3845 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:32.218841 0.365198 udp 10.0.2.109 3683 <-> 14.222.174.217 1354 CON 0 0 3 1146 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:47.734632 0.035521 tcp 10.0.2.109 63974 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:18:47.770422 0.034969 tcp 10.0.2.109 63975 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:18:47.805651 0.160554 tcp 10.0.2.109 63976 -> 195.113.214.249 443 SRPA* 0 0 40 21978 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:18:47.966770 1.069396 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 3 715 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:48.759203 0.173678 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:48.930041 0.179749 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:49.097951 0.138002 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:49.227598 0.192002 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:49.412206 0.166271 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 5 1578 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:49.562740 0.065816 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:49.611180 0.350185 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:49.957583 0.199562 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:18:50.153991 0.000000 udp 10.0.2.109 3683 -> 217.35.89.25 3889 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 01:19:06.489187 0.034111 tcp 10.0.2.109 63977 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:19:06.523584 0.068248 tcp 10.0.2.109 63978 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:19:06.592111 0.235013 tcp 10.0.2.109 63979 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:19:06.827709 0.163280 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:06.982491 0.138729 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:07.119602 0.076698 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:07.197663 0.340989 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:07.535432 0.218844 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:07.744136 0.172345 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:07.911892 0.058616 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:07.956286 0.112965 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:08.032522 0.084208 rtp 10.0.2.109 3683 <-> 86.156.108.187 4764 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:08.100896 0.350303 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:08.460411 0.168593 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:08.630455 0.318606 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:08.977251 0.046820 udp 10.0.2.109 3683 <-> 84.130.203.177 8279 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:09.019860 0.265073 udp 10.0.2.109 3683 <-> 151.42.37.69 2048 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:09.250265 0.085702 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:09.318849 0.153835 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:09.464961 0.143183 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:09.600219 0.114314 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:09.674775 0.227764 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:09.893296 0.309253 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:10.219542 0.091398 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:10.328794 0.251771 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:10.541914 0.152647 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:10.704258 0.151538 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:10.857541 0.185126 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:11.056074 0.104149 rtp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:11.161912 0.100394 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:11.228181 0.638464 udp 10.0.2.109 3683 <-> 173.14.52.58 4117 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:11.857498 0.445529 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:12.304365 0.324705 udp 10.0.2.109 3683 <-> 2.184.101.79 3564 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:12.593126 0.123872 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:12.682770 1.541075 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:19:13.284120 0.197676 rtp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:22:41.222944 2.999834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 01:22:48.228549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:22:56.229736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:23:12.232732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:23:44.246039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:29:48.244600 3.001734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 01:29:55.251852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:30:03.253472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:30:19.256680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:30:51.263466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:36:55.269732 3.000561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 01:37:02.275990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:37:10.277675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:37:26.281158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:37:58.286276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:43:29.403903 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 01:43:29.404106 0.519252 tcp 10.0.2.109 63980 -> 188.129.248.221 6410 FSPA* 0 0 14 1523 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:44:02.292005 3.002738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 01:44:09.300122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:44:17.301618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:44:33.304746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:45:05.310994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:49:28.716846 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 01:49:28.717000 0.387907 udp 10.0.2.109 3683 <-> 14.222.174.217 1354 CON 0 0 4 1277 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:49:29.078020 0.000000 udp 10.0.2.109 3683 -> 217.35.89.25 3889 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 01:49:46.266449 0.061460 tcp 10.0.2.109 63981 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:49:46.328232 0.036846 tcp 10.0.2.109 63982 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:49:46.365335 0.151746 tcp 10.0.2.109 63983 -> 195.113.214.249 443 SRPA* 0 0 34 25630 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:49:46.517762 0.317164 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:49:46.837185 0.000000 udp 10.0.2.109 3683 -> 76.65.196.21 3845 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 01:50:03.510258 0.058289 tcp 10.0.2.109 63984 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:03.568832 0.099768 tcp 10.0.2.109 63985 -> 195.113.214.249 80 SRPA* 0 0 38 22968 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:03.669149 0.427374 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:04.053988 0.133424 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:04.178542 0.190760 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:04.361762 0.173953 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:04.512184 0.066202 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:04.576686 0.172218 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:04.738913 0.173653 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:04.909823 0.192157 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:05.098668 0.354082 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:05.449277 0.072745 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:05.543357 0.341895 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:05.880903 0.247963 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:06.118120 0.167380 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:06.271931 0.138376 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:06.408627 0.173838 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:06.583905 0.058343 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:06.624580 0.113452 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:06.702236 0.000000 udp 10.0.2.109 3683 -> 86.156.108.187 4764 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 01:50:21.966424 0.057474 tcp 10.0.2.109 63986 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:22.024196 0.038246 tcp 10.0.2.109 63987 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:22.062727 0.133904 tcp 10.0.2.109 63988 -> 195.113.214.249 443 SRPA* 0 0 24 14774 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:22.197154 0.351474 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:22.551747 0.166603 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:22.719744 0.000000 udp 10.0.2.109 3683 -> 151.42.37.69 2048 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 01:50:40.823872 0.055376 tcp 10.0.2.109 63989 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:40.879542 0.039625 tcp 10.0.2.109 63990 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:40.919484 0.137410 tcp 10.0.2.109 63991 -> 195.113.214.249 443 SRPA* 0 0 21 11806 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:41.057410 0.082777 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:41.121449 0.151490 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:41.268798 0.142324 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:41.403577 0.108327 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:41.470140 0.000000 udp 10.0.2.109 3683 -> 118.38.205.107 8776 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 01:50:58.899954 0.057858 tcp 10.0.2.109 63992 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:58.957667 0.035020 tcp 10.0.2.109 63993 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:58.992996 0.139536 tcp 10.0.2.109 63994 -> 195.113.214.249 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/02/20 01:50:59.133060 0.046994 udp 10.0.2.109 3683 <-> 84.130.203.177 8279 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:59.176170 0.227800 rtp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:59.395621 0.309141 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:59.706008 0.098653 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:50:59.847501 0.242506 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:00.051379 0.153702 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:00.210568 0.115927 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:00.334376 0.101543 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:00.402923 0.165397 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:00.589619 0.197608 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:00.786743 0.615651 udp 10.0.2.109 3683 <-> 173.14.52.58 4117 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:01.395700 0.437470 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:01.834731 0.316322 rtp 10.0.2.109 3683 <-> 2.184.101.79 3564 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:02.115338 0.198444 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:02.279169 0.480002 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:51:02.758560 0.202311 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/20 01:53:31.321664 3.000994 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 01:53:38.328293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:53:46.330530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:54:02.332971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 01:54:34.338766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:00:38.352778 2.994125 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 02:00:45.359883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:00:53.353623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:01:09.359141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:01:41.362797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:07:45.368952 3.001494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 02:07:52.376173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:08:00.377703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:08:16.381187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:08:48.386830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:13:29.922040 0.000176 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 02:13:29.922284 0.636148 tcp 10.0.2.109 63995 -> 188.129.248.221 6410 FSPA* 0 0 14 1680 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:14:57.399911 3.001504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 02:15:04.407371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:15:12.409020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:15:28.411694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:16:00.417726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:21:10.215315 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 02:21:10.215428 0.000000 udp 10.0.2.109 3683 -> 76.65.196.21 3845 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 02:21:25.817433 0.037313 tcp 10.0.2.109 63996 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:21:25.854975 0.035690 tcp 10.0.2.109 63997 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:21:25.890968 0.157612 tcp 10.0.2.109 63998 -> 195.113.214.249 443 SRPA* 0 0 25 13938 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:21:26.049060 0.000000 udp 10.0.2.109 3683 -> 86.156.108.187 4764 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 02:21:43.031153 0.036238 tcp 10.0.2.109 63999 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:21:43.067672 0.105538 tcp 10.0.2.109 64000 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:21:43.173545 0.126543 tcp 10.0.2.109 64001 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:21:43.300650 0.000000 udp 10.0.2.109 3683 -> 118.38.205.107 8776 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 02:22:01.668852 0.065479 tcp 10.0.2.109 64002 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:22:01.734672 0.038568 tcp 10.0.2.109 64003 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:22:01.773528 0.135655 tcp 10.0.2.109 64004 -> 195.113.214.249 443 SRPA* 0 0 24 13352 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:22:01.909787 0.000000 udp 10.0.2.109 3683 -> 151.42.37.69 2048 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 02:22:07.430891 2.998865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 02:22:14.435764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:22:17.150228 0.058263 tcp 10.0.2.109 64005 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:22:17.208780 0.042680 tcp 10.0.2.109 64006 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:22:17.251489 0.142754 tcp 10.0.2.109 64007 -> 195.113.214.249 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:22:17.394905 0.380338 udp 10.0.2.109 3683 <-> 14.222.174.217 1354 CON 0 0 4 1482 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:22.438555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:22:36.267972 0.057855 tcp 10.0.2.109 64008 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:22:36.326145 0.038658 tcp 10.0.2.109 64009 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:22:36.365110 0.136905 tcp 10.0.2.109 64010 -> 195.113.214.249 443 SRPA* 0 0 40 21978 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:22:36.502682 0.316304 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:36.835544 0.070847 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:36.890330 0.171303 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:37.050614 0.171958 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:37.199428 0.184189 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:37.376491 0.478111 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:37.818480 0.139019 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:37.949678 0.196575 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:38.143635 0.352729 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:38.440584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:22:38.492923 0.076573 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:38.570904 0.174014 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:38.742417 0.138161 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:38.878702 0.170385 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:39.059996 0.058121 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:39.100587 0.108647 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:39.176663 0.222031 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:39.388067 0.339179 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:39.723952 0.160678 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:39.876315 0.170020 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:40.041896 0.352616 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:40.416316 0.141587 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:40.549792 0.109257 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:40.617771 0.079432 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:40.680251 0.147572 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:40.820708 0.300918 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:41.129728 0.051706 udp 10.0.2.109 3683 <-> 84.130.203.177 8279 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:41.177846 0.219373 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:41.387760 0.093178 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:41.489979 0.249470 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:41.704401 0.153063 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:41.858767 0.104496 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:41.972092 0.106144 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:42.040366 0.151673 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:42.193424 0.201646 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:42.404560 0.290938 udp 10.0.2.109 3683 <-> 173.14.52.58 4117 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:42.690747 0.122202 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:42.775330 0.568403 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:43.225101 0.434032 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:43.667489 0.325108 rtp 10.0.2.109 3683 <-> 2.184.101.79 3564 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:22:43.956678 0.200625 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:23:10.446199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:29:14.451825 3.002006 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 02:29:21.459439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:29:29.461263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:29:45.463953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:30:17.470283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:36:21.476770 3.000949 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 02:36:28.483506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:36:36.484908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:36:52.488032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:37:24.493930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:43:28.504909 2.996657 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 02:43:30.560700 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 02:43:30.560903 0.570023 tcp 10.0.2.109 64011 -> 188.129.248.221 6410 FSPA* 0 0 14 1593 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:43:35.507580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:43:43.509682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:43:59.512054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:44:31.518303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:50:35.523359 3.002294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 02:50:42.531430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:50:50.532856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:51:06.537195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:51:38.541319 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:53:07.319899 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 02:53:07.320001 0.000000 udp 10.0.2.109 3683 -> 14.222.174.217 1354 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 02:53:25.908099 0.035362 tcp 10.0.2.109 64012 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:53:25.943785 0.035314 tcp 10.0.2.109 64013 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:53:25.979413 0.134421 tcp 10.0.2.109 64014 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:53:26.114491 0.352349 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:26.469351 0.065028 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:26.531992 0.189960 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:26.714082 0.430843 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:27.103064 0.170175 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:27.262602 0.176801 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:27.416026 0.143992 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:27.548786 0.191352 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:27.756307 0.353363 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:28.105559 0.073022 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:28.188391 0.237279 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:28.422595 0.138116 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:28.558869 0.112492 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:28.635898 0.229110 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:28.855372 0.334495 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:29.186220 0.158941 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:29.337316 0.172000 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:29.505127 0.056631 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:29.564102 0.168325 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:29.733947 0.351639 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:30.120887 0.143505 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:30.256620 0.105104 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:30.324094 0.077657 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:30.381754 0.153933 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:30.528321 0.227278 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2021 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:30.747589 0.096700 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:30.822312 0.247354 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:31.034221 0.149655 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:31.197830 0.348908 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:31.547903 0.052267 udp 10.0.2.109 3683 <-> 84.130.203.177 8279 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:31.596690 0.116290 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:31.736414 0.103150 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:31.806760 0.159275 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:31.966372 0.191606 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:32.168698 0.303281 udp 10.0.2.109 3683 <-> 173.14.52.58 4117 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:32.466281 0.126656 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:32.558263 0.560425 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:32.999496 0.439156 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:53:33.439921 0.000000 udp 10.0.2.109 3683 -> 2.184.101.79 3564 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 02:53:51.363583 0.033411 tcp 10.0.2.109 64015 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:53:51.397280 0.040059 tcp 10.0.2.109 64016 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:53:51.437645 0.142904 tcp 10.0.2.109 64017 -> 195.113.214.249 443 SRPA* 0 0 24 13426 flow=From-Botnet-V1-TCP-Established 1970/02/20 02:53:51.581678 0.202515 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/20 02:57:42.549223 3.000455 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 02:57:49.555274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:57:57.556556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:58:13.559916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 02:58:45.565786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:05:08.580597 3.000394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 03:05:15.586525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:05:23.589915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:05:39.591259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:06:11.597243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:12:25.607163 3.002596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 03:12:32.615066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:12:40.616504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:12:56.622734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:13:28.625468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:13:31.129893 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 03:13:31.130006 0.618586 tcp 10.0.2.109 64018 -> 188.129.248.221 6410 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:19:36.636709 3.002374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 03:19:43.644793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:19:51.646454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:20:07.649268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:20:39.655275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:23:55.827420 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 03:23:55.827626 0.000000 udp 10.0.2.109 3683 -> 2.184.101.79 3564 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 03:24:11.602122 0.037610 tcp 10.0.2.109 64019 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:24:11.639990 0.039944 tcp 10.0.2.109 64020 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:24:11.679716 0.140280 tcp 10.0.2.109 64021 -> 195.113.214.249 443 SRPA* 0 0 41 21406 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:24:11.820730 0.350716 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:12.182923 0.071501 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:12.238138 0.442462 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:12.641519 0.171007 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:12.801563 0.185779 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:12.980112 0.170190 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:13.126611 0.142941 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:13.376526 0.193632 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:13.567493 0.171601 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:13.831755 0.137771 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:13.968337 0.353661 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:14.317930 0.073061 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:14.392797 0.105946 rtp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:14.467226 0.163512 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:14.623017 0.374902 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:14.994253 0.229276 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:15.212960 0.171986 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:15.389329 0.058759 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:15.430963 0.168575 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:15.600937 0.106424 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:15.667790 0.079247 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:15.726551 0.159358 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:15.881409 0.378181 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:16.260879 0.143889 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:16.395095 0.252269 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:16.607675 0.153185 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:16.778963 0.220498 rtp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:16.990907 0.098816 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:17.108109 0.104146 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:17.229631 0.101436 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:17.297102 0.236490 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:17.534778 0.000000 udp 10.0.2.109 3683 -> 84.130.203.177 8279 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 03:24:36.265892 0.034402 tcp 10.0.2.109 64022 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:24:36.300653 0.040758 tcp 10.0.2.109 64023 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:24:36.341758 0.138052 tcp 10.0.2.109 64024 -> 195.113.214.249 443 SRPA* 0 0 60 39316 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:24:36.479188 0.328059 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:36.807158 0.187078 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:37.022804 0.643252 udp 10.0.2.109 3683 <-> 173.14.52.58 4117 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:37.658571 0.118819 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:37.744955 1.318516 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:38.565254 0.482003 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:24:39.046136 0.199205 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:26:43.661170 3.001966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 03:26:50.671322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:26:58.673522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:27:14.673172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:27:46.682675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:33:50.685217 3.001139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 03:33:57.692748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:34:05.694359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:34:21.697239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:34:53.703367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:40:57.710930 2.999784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 03:41:04.716131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:41:12.718471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:41:28.721143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:42:00.727394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:43:31.749039 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 03:43:31.749196 0.625169 tcp 10.0.2.109 64025 -> 188.129.248.221 6410 FSPA* 0 0 14 1727 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:48:04.733604 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 03:48:11.741209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:48:19.743584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:48:35.745634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:49:07.751167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:54:56.923460 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 03:54:56.923687 0.000000 udp 10.0.2.109 3683 -> 84.130.203.177 8279 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 03:55:12.828321 0.035955 tcp 10.0.2.109 64026 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:55:12.864533 0.039463 tcp 10.0.2.109 64027 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:55:12.904313 0.132849 tcp 10.0.2.109 64028 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:55:13.037779 0.428995 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 4 1275 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:13.429863 0.171944 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:13.590641 0.346863 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:13.946374 0.071376 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:13.998867 0.137954 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:14.126428 0.194601 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:14.317793 0.174458 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:14.489597 0.187424 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:14.669121 0.174246 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:14.819835 0.138407 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:14.955947 0.111591 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:15.030720 0.163039 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:15.185581 0.076791 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:15.277507 0.350073 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:15.661210 0.169711 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2002 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:15.830202 0.054691 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:15.869284 0.166342 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:16.045530 0.107649 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:16.116444 0.086900 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:16.181105 0.151361 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:16.319868 0.378409 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:16.695032 0.227597 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:16.912828 0.249149 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:17.127608 0.152938 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:17.281775 0.341237 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:17.622292 0.142474 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:17.756550 0.104122 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:17.862239 0.104824 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:17.930988 0.151244 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:18.081253 0.238126 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:18.310071 0.098788 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:18.384769 0.349598 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:18.750738 0.000000 udp 10.0.2.109 3683 -> 173.14.52.58 4117 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 03:55:35.509536 0.059600 tcp 10.0.2.109 64029 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:55:35.569445 0.039055 tcp 10.0.2.109 64030 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:55:35.608742 0.140879 tcp 10.0.2.109 64031 -> 195.113.214.249 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/20 03:55:35.750204 0.107030 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:35.826967 0.184087 rtp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:36.012452 0.687325 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:36.460091 0.501630 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:36.970976 0.200452 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/20 03:55:44.765583 3.000741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 03:55:51.772116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:55:59.777266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:56:15.776182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 03:56:47.782611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:02:54.794221 3.002358 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 04:03:01.804988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:03:09.801555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:03:25.804749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:03:57.810920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:10:01.817060 3.002020 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 04:10:08.823757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:10:16.825224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:10:32.828671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:11:04.834983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:13:32.377541 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 04:13:32.377653 0.622358 tcp 10.0.2.109 64032 -> 188.129.248.221 6410 FSPA* 0 0 14 1649 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:17:08.841041 3.001740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 04:17:15.848232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:17:23.852588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:17:39.852462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:18:11.858835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:24:15.864264 3.002240 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 04:24:22.872447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:24:30.873353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:24:46.876877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:25:18.882849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:25:53.593032 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 04:25:53.593263 0.000000 udp 10.0.2.109 3683 -> 173.14.52.58 4117 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 04:26:10.498906 0.034945 tcp 10.0.2.109 64033 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:26:10.533835 0.049585 tcp 10.0.2.109 64034 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:26:10.583718 0.143610 tcp 10.0.2.109 64035 -> 195.113.214.249 443 SRPA* 0 0 34 19478 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:26:10.727762 0.000000 udp 10.0.2.109 3683 -> 60.182.142.95 6353 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 04:26:26.680696 0.044514 tcp 10.0.2.109 64036 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:26:26.725472 0.040060 tcp 10.0.2.109 64037 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:26:26.765841 0.141779 tcp 10.0.2.109 64038 -> 195.113.214.249 443 SRPA* 0 0 23 12502 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:26:26.908194 0.172866 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:27.068973 0.197108 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:27.345535 0.173941 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:27.542723 0.356372 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:27.913210 0.088808 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:27.986906 0.133454 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:28.111939 0.138098 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:28.248445 0.172112 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:28.399073 0.192164 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:28.583689 0.160307 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:28.735896 0.111554 udp 10.0.2.109 3683 <-> 94.66.199.211 6063 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:28.813951 0.059358 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:28.855438 0.086439 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:28.963800 0.350274 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:29.310402 0.168720 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:29.480112 0.086688 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:29.548595 0.151110 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:29.690221 0.110481 rtp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:29.761318 0.166513 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:29.937988 0.247166 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:30.149165 0.357147 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:30.503456 0.229368 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:30.722866 0.150397 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:30.886361 0.116626 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:31.013501 0.371730 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:31.386811 0.143049 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:31.521994 0.224243 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:31.731390 0.099743 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:31.861900 0.154504 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:32.041785 0.103921 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:32.113478 0.341678 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:32.456491 0.120588 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:32.542108 0.184640 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:32.768499 1.536500 rtcp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:33.305205 0.506642 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:26:33.813233 0.199167 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:31:22.889504 3.001364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 04:31:29.896148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:31:37.897788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:31:53.904634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:32:25.907017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:38:29.916698 2.997292 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 04:38:36.920061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:38:44.921604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:39:00.924733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:39:32.930984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:43:33.006479 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 04:43:33.006577 0.496886 tcp 10.0.2.109 64039 -> 188.129.248.221 6410 FSPA* 0 0 14 1608 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:45:36.937420 3.000739 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 04:45:43.943713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:45:51.955476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:46:07.949142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:46:39.954842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:54:31.966219 3.001528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 04:54:38.976597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:54:46.974806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:55:02.978028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:55:34.983908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 04:56:44.344496 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 04:56:44.344709 0.452706 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:44.764619 0.173752 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:44.935647 0.331922 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:45.277419 0.171892 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:45.438434 0.192896 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:45.628497 0.077996 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:45.684549 0.137958 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:45.813779 0.137647 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:45.960306 0.171641 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:46.107987 0.190003 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:46.289176 0.166150 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:56:46.444852 0.000000 udp 10.0.2.109 3683 -> 94.66.199.211 6063 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 04:57:02.451823 0.041979 tcp 10.0.2.109 64040 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:57:02.494072 0.034849 tcp 10.0.2.109 64041 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:57:02.529200 0.139397 tcp 10.0.2.109 64042 -> 195.113.214.249 443 SRPA* 0 0 41 22864 flow=From-Botnet-V1-TCP-Established 1970/02/20 04:57:02.669341 0.056981 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:02.709923 0.076775 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:02.788073 0.354710 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:03.138957 0.171778 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:03.312203 0.077042 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:03.373043 0.147696 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:03.513104 0.115913 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:03.589431 0.167293 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:03.758337 0.236382 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:03.984322 0.153954 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:04.155648 0.252135 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:04.371690 0.383060 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2553 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:04.751625 0.116542 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:04.877065 0.355937 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:05.244036 0.141755 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:05.377691 0.228768 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:05.597646 0.092636 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:05.699838 0.329714 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:06.031197 0.120821 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:06.118017 0.196126 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:06.337428 0.152592 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:06.491319 0.102606 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:06.560179 2.586805 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:08.251981 0.507840 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/20 04:57:08.769547 0.209765 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:02:01.000981 3.002355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 05:02:08.009049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:02:16.010954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:02:32.013576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:03:04.019540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:09:14.034274 3.001482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 05:09:21.041909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:09:29.044679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:09:45.045939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:10:17.052202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:13:33.505002 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 05:13:33.505109 0.478842 tcp 10.0.2.109 64043 -> 188.129.248.221 6410 FSPA* 0 0 12 1447 flow=From-Botnet-V1-TCP-Established 1970/02/20 05:16:25.064213 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 05:16:32.071187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:16:40.072751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:16:56.075747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:17:28.081702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:23:34.090838 3.001640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 05:23:41.098199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:23:49.099888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:24:05.103317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:24:37.109419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:27:26.873214 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 05:27:26.873416 0.000000 udp 10.0.2.109 3683 -> 94.66.199.211 6063 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 05:27:45.020936 0.051902 tcp 10.0.2.109 64044 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 05:27:45.073097 0.035893 tcp 10.0.2.109 64045 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 05:27:45.109299 0.141863 tcp 10.0.2.109 64046 -> 195.113.214.249 443 SRPA* 0 0 24 14850 flow=From-Botnet-V1-TCP-Established 1970/02/20 05:27:45.251744 0.346996 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:45.600776 0.172156 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:45.762048 0.422493 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 5 1764 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:46.146481 0.172841 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:46.316847 0.137148 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:46.445458 0.137805 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:46.581986 0.173438 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:46.730563 0.211332 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:46.934511 0.070778 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:46.987035 0.197628 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:47.181723 0.208808 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:47.389830 0.353906 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:47.739807 0.062904 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:47.785296 0.076694 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:47.863878 0.169547 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:48.034877 0.075842 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:48.092512 0.147550 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:48.232288 0.110579 rtp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:48.301692 0.180417 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:48.470248 0.228448 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:48.688916 0.155018 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:48.845472 0.116819 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:48.963619 0.249915 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:49.179200 0.375114 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:49.550883 0.354165 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:49.906428 0.142735 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:50.039239 0.226584 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:50.256413 0.097192 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:50.331570 0.299652 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:50.649327 0.116213 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:50.733929 0.108682 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:50.807347 0.185679 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:51.006280 0.302065 rtp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:51.329888 0.211806 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:51.537753 1.490092 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:27:52.129863 0.500739 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:30:41.114990 3.001118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 05:30:48.122906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:30:56.123427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:31:12.128972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:31:44.133126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:37:48.138925 3.001265 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 05:37:55.146258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:38:03.148084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:38:19.163147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:38:51.156511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:43:33.983936 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 05:43:33.984065 0.516742 tcp 10.0.2.109 64047 -> 188.129.248.221 6410 FSPA* 0 0 14 1726 flow=From-Botnet-V1-TCP-Established 1970/02/20 05:44:55.162358 3.002294 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 05:45:02.170193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:45:10.171626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:45:26.174813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:45:58.180637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:54:07.196590 3.002166 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 05:54:14.204189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:54:22.205348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:54:38.208611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:55:10.214461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 05:58:20.318071 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 05:58:20.318273 0.332591 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:20.652136 0.172733 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:20.812514 0.670986 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:21.432095 0.172181 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:21.601186 0.138387 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:21.730737 0.137995 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:21.866792 0.172727 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:22.016798 0.189414 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:22.199213 0.210490 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:22.406160 0.348902 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:22.763649 0.056373 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:22.804327 0.076764 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:22.886567 0.066139 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:22.936292 0.194181 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:23.127685 0.173554 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:23.302464 0.077503 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:23.361474 0.153430 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:23.507157 0.114680 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:23.579689 0.169508 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:23.746535 0.228159 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:23.965746 0.150795 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:24.124796 0.360299 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:24.481533 0.348113 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:24.838227 0.116280 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:24.963140 0.246371 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:25.173531 0.149711 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:25.309220 0.238109 rtp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:25.538687 0.098440 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:25.615538 0.304526 rtcp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:25.936480 0.120189 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:26.025237 0.092362 udp 10.0.2.109 3683 <-> 81.138.17.73 8312 CON 0 0 5 1787 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:26.093298 0.200412 rtp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:26.290497 0.188154 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:26.488919 0.189687 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:26.674271 1.630835 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/20 05:58:27.365223 0.508324 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:01:23.233816 3.001316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 06:01:30.246479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:01:38.242416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:01:54.245188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:02:26.251247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:08:47.261467 3.001803 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 06:08:54.269089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:09:02.270791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:09:18.273676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:09:50.283397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:13:34.502586 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 06:13:34.502736 0.545787 tcp 10.0.2.109 64048 -> 188.129.248.221 6410 FSPA* 0 0 14 1504 flow=From-Botnet-V1-TCP-Established 1970/02/20 06:15:54.285761 3.001784 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 06:16:01.297408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:16:09.294697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:16:25.297687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:16:57.303524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:23:01.310349 3.001070 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 06:23:08.317191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:23:16.318784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:23:32.321406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:24:04.327569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:28:47.079681 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 06:28:47.079769 0.343347 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:47.448160 0.171757 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:47.609161 0.136776 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:47.737953 0.137872 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:47.873698 0.175343 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:48.026276 0.468497 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:48.431639 0.173273 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:48.602305 0.186601 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:48.780681 0.159936 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:48.931762 0.352154 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:49.279942 0.056778 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:49.320284 0.076398 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:49.397962 0.074314 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:49.453730 0.194433 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:49.644751 0.172071 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:49.826840 0.074876 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:49.885189 0.147761 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:50.025519 0.105574 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:50.093425 0.169271 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:50.267883 0.218417 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:50.476673 0.152056 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:50.630287 0.376471 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:51.003094 0.248408 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:51.217780 0.141756 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:51.351805 0.227573 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:51.571212 0.087779 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:51.694036 0.366287 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:52.061665 0.116541 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:52.195231 0.306016 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:52.502630 0.121367 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:28:52.587527 0.000000 udp 10.0.2.109 3683 -> 81.138.17.73 8312 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 06:29:08.336973 0.039693 tcp 10.0.2.109 64049 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 06:29:08.377013 0.050085 tcp 10.0.2.109 64050 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 06:29:08.427471 0.146166 tcp 10.0.2.109 64051 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/20 06:29:08.574411 0.197374 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:29:08.767981 0.188146 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:29:08.965089 0.153764 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:29:09.123282 0.750853 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:29:09.634570 0.540398 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:30:08.334949 3.000328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 06:30:15.341590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:30:23.343499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:30:39.346136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:31:11.351648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:37:15.357554 3.001684 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 06:37:22.365114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:37:30.366549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:37:46.369346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:38:18.377641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:43:35.051304 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 06:43:35.051480 0.631410 tcp 10.0.2.109 64052 -> 188.129.248.221 6410 FSPA* 0 0 14 1527 flow=From-Botnet-V1-TCP-Established 1970/02/20 06:44:22.381260 3.002287 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 06:44:29.389010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:44:37.390462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:44:53.393485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:45:25.399579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:53:48.416061 3.001963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 06:53:55.423127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:54:03.424623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:54:19.427112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:54:51.433166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 06:59:36.373348 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 06:59:36.373521 0.000000 udp 10.0.2.109 3683 -> 81.138.17.73 8312 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 06:59:51.546412 0.037410 tcp 10.0.2.109 64053 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 06:59:51.584112 0.039235 tcp 10.0.2.109 64054 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 06:59:51.623665 0.148015 tcp 10.0.2.109 64055 -> 195.113.214.249 443 SRPA* 0 0 41 22070 flow=From-Botnet-V1-TCP-Established 1970/02/20 06:59:51.772397 0.141916 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:51.906618 0.138222 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:52.043336 0.347210 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:52.391846 0.175892 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:52.557059 0.237837 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:52.790054 0.185523 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:52.968793 0.159654 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:53.127222 0.171939 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:53.278692 0.451836 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 5 1786 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:53.706701 0.354902 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/20 06:59:54.057618 0.000000 udp 10.0.2.109 3683 -> 217.41.6.243 7642 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 07:00:11.464103 0.036450 tcp 10.0.2.109 64056 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 07:00:11.500850 0.038509 tcp 10.0.2.109 64057 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 07:00:11.539620 0.160803 tcp 10.0.2.109 64058 -> 195.113.214.249 443 SRPA* 0 0 25 13444 flow=From-Botnet-V1-TCP-Established 1970/02/20 07:00:11.700996 0.193761 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:11.892213 0.169619 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:12.062299 0.111607 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:12.150644 0.070126 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:12.223873 0.058172 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:12.265617 0.167655 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:12.434278 0.229565 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:12.653543 0.156790 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:12.819533 0.119567 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:12.894916 0.147456 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:13.034109 0.143283 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:13.168636 0.236210 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:13.398837 0.092464 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:13.510592 0.379063 rtp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:13.885744 0.250345 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:14.098936 0.299160 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:14.406865 0.123117 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:14.494392 0.368004 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:14.916288 0.104308 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:15.022122 0.212393 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:15.231692 0.649455 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:15.662034 0.191551 rtp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:15.904288 0.543614 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:16.459003 0.462310 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:00:55.439531 3.001511 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 07:01:02.446781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:01:10.448678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:01:26.451325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:01:58.460446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:08:13.470633 3.000091 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 07:08:20.476669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:08:28.478419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:08:44.481209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:09:16.486956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:13:35.689693 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 07:13:35.689930 0.609370 tcp 10.0.2.109 64059 -> 188.129.248.221 6410 FSPA* 0 0 14 1682 flow=From-Botnet-V1-TCP-Established 1970/02/20 07:15:20.493378 3.001375 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 07:15:27.501510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:15:35.501917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:15:51.505453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:16:23.511293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:22:27.517247 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 07:22:34.524480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:22:42.526001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:22:58.533904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:23:30.539294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:29:34.541433 3.009363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 07:29:41.548495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:29:49.549906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:30:05.552986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:30:37.558919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:30:43.494317 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 07:30:43.494419 0.072292 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:30:43.548327 0.146456 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:30:43.683960 0.138102 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:30:43.831938 0.343110 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:30:44.176267 0.161385 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:30:44.335070 0.193954 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:30:44.521955 0.171716 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:30:44.683190 0.174225 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:30:44.854504 0.444128 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 5 2001 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:01.966187 0.039831 tcp 10.0.2.109 64060 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 07:31:02.006279 0.039278 tcp 10.0.2.109 64061 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 07:31:02.045854 0.152190 tcp 10.0.2.109 64062 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/20 07:31:02.198760 0.176284 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:02.351698 0.350814 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:02.698484 0.078697 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:02.848889 0.076537 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:02.934807 0.056631 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:02.976065 0.166975 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:03.159330 0.195587 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:03.351449 0.174306 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:03.546334 0.219189 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:03.755522 0.155278 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:03.906211 0.109298 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:03.976622 0.145983 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:04.114743 0.140531 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:04.260260 0.216465 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:04.469879 0.094820 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:04.543139 0.308014 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:04.859926 0.119042 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:04.944949 0.378622 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:05.320609 0.245159 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:05.530204 0.358147 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:05.897672 0.128989 udp 10.0.2.109 3683 <-> 132.204.189.103 2654 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:06.028162 0.239994 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:06.263475 0.153316 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:06.413152 0.726824 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:06.880028 0.185774 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:31:07.067255 0.483058 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/20 07:36:41.564976 3.001066 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 07:36:48.572294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:36:56.577833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:37:12.576380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:37:44.582921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:43:36.318986 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 07:43:36.319086 0.707648 tcp 10.0.2.109 64063 -> 188.129.248.221 6410 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/02/20 07:43:48.588178 3.002486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 07:43:55.596097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:44:03.597884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:44:19.601060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:44:51.606880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:50:55.613688 3.000875 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 07:51:02.620103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:51:10.621755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:51:26.624843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:51:58.630778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:58:02.637249 3.001369 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 07:58:09.644144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:58:17.645541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:58:33.648876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 07:59:05.654854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:01:24.634979 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 08:01:24.635166 0.000000 udp 10.0.2.109 3683 -> 60.182.142.95 6353 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 08:01:43.152841 0.058200 tcp 10.0.2.109 64064 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:01:43.211396 0.063141 tcp 10.0.2.109 64065 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:01:43.274833 0.147122 tcp 10.0.2.109 64066 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:01:43.422748 0.138322 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:01:43.559366 0.071126 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:01:43.612489 0.136725 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:01:43.740403 0.189672 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:01:43.922132 0.175933 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:01:44.086826 0.000000 udp 10.0.2.109 3683 -> 107.214.174.97 6448 INT 0 1 99 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 08:01:59.615490 0.059078 tcp 10.0.2.109 64067 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:01:59.674830 0.058608 tcp 10.0.2.109 64068 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:01:59.733728 0.147113 tcp 10.0.2.109 64069 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:01:59.881494 0.161151 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:00.032747 0.331115 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:00.360989 0.075073 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:00.420262 0.072994 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:00.510815 0.170190 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 1978 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:00.660125 0.360366 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:01.016771 0.060051 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:01.060358 0.176152 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:01.260533 0.194759 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:01.452582 0.296688 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:01.737663 0.230309 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:01.957208 0.150934 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:02.109377 0.142703 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:02.244406 0.226974 udp 10.0.2.109 3683 <-> 108.221.138.120 4165 CON 0 0 6 2035 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:02.465002 0.087618 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:02.576209 0.306912 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:02.891623 0.117344 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:02.975412 0.107731 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:03.045303 0.164962 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:03.190043 0.380490 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:03.567280 0.256433 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:03.790745 0.348017 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:04.140028 0.152613 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:04.288453 0.680397 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:04.729288 0.000000 udp 10.0.2.109 3683 -> 132.204.189.103 2654 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 08:02:23.590282 0.056007 tcp 10.0.2.109 64070 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:02:23.646606 0.060078 tcp 10.0.2.109 64071 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:02:23.706934 0.153243 tcp 10.0.2.109 64072 -> 195.113.214.249 443 SRPA* 0 0 25 14904 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:02:23.860697 0.201585 rtp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:24.059445 0.185716 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:02:24.253673 0.429569 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:05:33.665545 3.001448 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 08:05:40.672928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:05:48.677095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:06:04.677233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:06:36.683222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:12:40.688588 3.003031 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 08:12:47.696092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:12:55.698210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:13:11.701104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:13:37.029192 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 08:13:37.029326 0.595355 tcp 10.0.2.109 64073 -> 188.129.248.221 6410 FSPA* 0 0 14 1558 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:13:43.707321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:19:47.713086 3.001180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 08:19:54.721239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:20:02.722330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:20:18.724671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:20:50.731162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:26:54.737145 3.002239 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 08:27:01.744893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:27:09.746457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:27:25.749100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:27:57.754593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:32:53.154230 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 08:32:53.154337 0.172552 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:32:53.323558 0.000000 udp 10.0.2.109 3683 -> 132.204.189.103 2654 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 08:33:12.059286 0.058280 tcp 10.0.2.109 64074 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:33:12.117832 0.059133 tcp 10.0.2.109 64075 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:33:12.177244 0.142899 tcp 10.0.2.109 64076 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:33:12.320687 0.176763 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:12.485970 0.133629 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:12.615229 0.071633 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:12.668661 0.169176 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:12.836201 0.184011 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:13.012794 0.167747 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:13.169058 0.090179 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:13.234996 0.320998 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:13.554704 0.394790 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:13.946002 0.057727 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:13.989279 0.169295 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:14.179930 0.171945 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:14.331017 0.076667 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:14.409044 0.230399 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:14.629649 0.153072 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:14.783998 0.143018 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:14.917437 0.171410 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:15.103766 0.194844 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:15.295813 0.304509 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:15.601483 0.117849 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:15.684529 0.110929 udp 10.0.2.109 3683 <-> 91.6.28.158 5333 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:15.756013 0.146862 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:15.895580 0.000000 udp 10.0.2.109 3683 -> 108.221.138.120 4165 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 08:33:32.487180 0.061000 tcp 10.0.2.109 64077 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:33:32.548405 0.062628 tcp 10.0.2.109 64078 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:33:32.611346 0.151538 tcp 10.0.2.109 64079 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:33:32.763415 0.095663 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:32.834883 0.346619 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:33.190130 0.153344 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:33.338793 0.334288 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:33.670168 0.248213 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:33.883195 0.538228 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:34.322165 0.207823 udp 10.0.2.109 3683 <-> 69.170.167.30 5074 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:34.526220 0.192325 rtp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:33:34.728093 0.405398 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/20 08:34:01.761371 3.001488 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 08:34:08.768661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:34:16.770463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:34:32.772654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:35:04.779141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:41:08.784527 3.002081 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 08:41:15.792696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:41:23.793904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:41:39.796972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:42:11.803934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:43:37.626838 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 08:43:37.626945 3.592215 tcp 10.0.2.109 64080 -> 188.129.248.221 6410 FSPA* 0 0 14 1685 flow=From-Botnet-V1-TCP-Established 1970/02/20 08:48:15.809087 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 08:48:22.816978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:48:30.818600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:48:46.820984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:49:18.826570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:55:48.841652 3.000919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 08:55:55.864032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:56:03.849126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:56:19.852690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 08:56:51.858846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:02:55.865988 3.000271 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 09:03:02.871934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:03:10.873121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:03:26.876254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:03:58.882324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:03:59.673858 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 09:03:59.674003 0.000000 udp 10.0.2.109 3683 -> 108.221.138.120 4165 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 09:04:16.740859 0.058168 tcp 10.0.2.109 64081 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:04:16.799271 0.060529 tcp 10.0.2.109 64082 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:04:16.860108 0.181593 tcp 10.0.2.109 64083 -> 195.113.214.249 443 SRPA* 0 0 22 11784 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:04:17.042274 0.172344 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:17.211192 0.071290 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:17.352320 0.138258 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:17.488287 0.185739 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:17.662364 0.141842 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:17.795700 0.330893 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:18.761429 0.159112 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:18.912530 0.188394 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:19.094156 0.355287 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:19.655985 0.325071 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:19.964762 0.178069 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:20.121347 0.076259 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:20.337519 0.231361 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:20.558591 0.153490 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:20.799895 0.143078 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2009 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:21.272769 0.060576 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:21.314426 0.179377 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:21.517246 0.117588 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:21.704287 0.000000 udp 10.0.2.109 3683 -> 91.6.28.158 5333 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 09:04:38.124361 0.057447 tcp 10.0.2.109 64084 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:04:38.182093 0.058434 tcp 10.0.2.109 64085 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:04:38.240813 0.138736 tcp 10.0.2.109 64086 -> 195.113.214.249 443 SRPA* 0 0 21 12430 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:04:38.380095 0.148194 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:38.519179 0.169876 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:38.699924 0.191286 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:38.888215 0.300930 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:39.205495 0.092705 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:39.598854 0.360214 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:39.968806 0.148663 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:40.119626 0.332264 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:40.448044 0.242809 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:40.655401 0.227039 rtp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:40.901369 0.598152 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:04:41.400006 0.000000 udp 10.0.2.109 3683 -> 69.170.167.30 5074 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 09:04:59.109784 0.057801 tcp 10.0.2.109 64087 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:04:59.167907 0.057016 tcp 10.0.2.109 64088 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:04:59.225227 0.133867 tcp 10.0.2.109 64089 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:04:59.359709 0.434535 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:10:02.890704 3.009998 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 09:10:09.895655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:10:17.897290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:10:33.900708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:11:05.905925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:13:41.220113 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 09:13:41.220313 0.684138 tcp 10.0.2.109 64090 -> 188.129.248.221 6410 FSPA* 0 0 14 1618 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:17:09.911850 3.002143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 09:17:17.501181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:17:25.405891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:17:41.208320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:18:12.940894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:24:16.954427 2.994735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 09:24:23.953886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:24:31.954880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:24:47.958527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:25:19.964757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:31:23.971029 3.000956 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 09:31:30.978023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:31:38.979012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:31:54.982133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:32:26.988314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:35:26.897365 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 09:35:26.897479 0.000000 udp 10.0.2.109 3683 -> 91.6.28.158 5333 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 09:35:45.416989 0.058838 tcp 10.0.2.109 64091 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:35:45.476139 0.059962 tcp 10.0.2.109 64092 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:35:45.536387 0.140663 tcp 10.0.2.109 64093 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:35:45.677603 0.000000 udp 10.0.2.109 3683 -> 69.170.167.30 5074 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 09:36:00.756050 0.056510 tcp 10.0.2.109 64094 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:36:00.812912 0.058000 tcp 10.0.2.109 64095 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:36:00.871289 0.140775 tcp 10.0.2.109 64096 -> 195.113.214.249 443 SRPA* 0 0 22 11860 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:36:01.012550 0.144375 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:01.145126 0.140025 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:01.283650 0.072090 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:01.336907 0.183015 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:01.515275 0.172073 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:01.675499 0.188552 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:01.856099 0.350587 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:02.202690 0.075205 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:02.260660 0.272429 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:02.549661 0.076861 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:02.627998 0.326573 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:02.953562 0.174504 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:03.104634 0.061651 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:03.149577 0.183933 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:03.334901 0.124711 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:03.423033 0.228494 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:03.642268 0.152669 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:03.837706 0.142818 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:03.972576 0.196941 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:04.166432 0.309322 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:04.500127 0.173350 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:04.689637 0.151502 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:04.833523 0.169925 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:05.028001 0.334455 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:05.359329 0.257185 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:05.584593 0.187234 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:05.773468 0.575270 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:06.230224 0.151449 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:06.396612 0.354086 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:36:06.770251 0.435024 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/20 09:38:30.997522 2.998247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 09:38:38.001716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:38:46.003197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:39:02.005583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:39:34.020414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:43:41.909231 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 09:43:41.909331 3.003631 tcp 10.0.2.109 64097 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 09:43:50.911693 0.000000 tcp 10.0.2.109 64097 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 09:43:56.912277 0.058039 tcp 10.0.2.109 64098 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:43:56.970631 0.038380 tcp 10.0.2.109 64099 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:43:57.009349 0.245162 tcp 10.0.2.109 64100 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:43:57.274324 0.868700 tcp 10.0.2.109 64101 -> 176.73.169.112 1959 FSPA* 0 0 14 1544 flow=From-Botnet-V1-TCP-Established 1970/02/20 09:45:38.017542 3.002252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 09:45:45.030585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:45:53.027059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:46:09.030334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:46:41.035955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:54:32.047161 3.000610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 09:54:39.057052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:54:47.054813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:55:03.058183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 09:55:35.064106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:02:02.083334 3.001367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 10:02:09.096728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:02:17.091960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:02:33.095026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:03:05.101815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:06:26.275509 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 10:06:26.275615 0.141326 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:26.405681 0.137965 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:26.542083 0.073325 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:26.597986 0.172768 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:26.767633 0.191588 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:26.948060 0.185704 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:27.126653 0.163525 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:27.280355 0.076921 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:27.375835 0.323695 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:27.698372 0.369969 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:28.064669 0.073657 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:28.121901 0.175599 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:28.274852 0.060656 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:28.319078 0.174860 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:28.499876 0.115351 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:28.583960 0.229209 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:28.803358 0.151158 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:28.956133 0.302585 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:29.259537 0.100474 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:29.334656 0.153578 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:29.479407 0.145246 rtp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:29.614976 0.197206 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:29.809253 0.169755 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:29.980307 0.338367 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:30.315011 0.244660 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 1998 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:30.527374 0.192682 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 5 1723 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:30.720024 0.349165 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:31.078556 0.708012 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:31.543233 0.168093 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:06:31.713203 0.421097 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:09:13.113161 3.001543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 10:09:20.124329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:09:28.124587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:09:44.127741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:10:16.131003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:13:58.148963 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 10:13:58.149072 0.632054 tcp 10.0.2.109 64102 -> 176.73.169.112 1959 FSPA* 0 0 15 1623 flow=From-Botnet-V1-TCP-Established 1970/02/20 10:16:25.144457 3.001346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 10:16:32.151520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:16:40.152832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:16:56.158606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:17:28.161856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:23:35.171614 3.002340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 10:23:42.188848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:23:50.181298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:24:06.184495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:24:38.198036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:30:42.196422 3.001528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 10:30:49.203455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:30:57.205231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:31:13.208604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:31:45.215345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:36:57.293712 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 10:36:57.293913 0.072987 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:57.349891 0.177111 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:57.523696 0.138736 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:57.654380 0.138770 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:57.791882 0.181921 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:57.963085 0.192331 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:58.148102 0.167111 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:58.317513 0.069972 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:58.388905 0.077654 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:58.447075 0.174730 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:58.598692 0.056750 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:58.645681 0.331389 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:59.001379 0.353541 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:59.351008 0.182112 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:59.543847 0.112860 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:59.624504 0.229011 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:59.843435 0.153575 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:36:59.998369 0.151640 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:00.145071 0.142896 udp 10.0.2.109 3683 <-> 70.80.185.236 5752 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:00.280351 0.196542 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:00.473854 0.305443 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:00.801314 0.099784 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:00.875482 0.171679 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:01.071113 0.337190 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:01.405359 0.248159 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:01.619802 0.185404 rtp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:01.813181 0.381151 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:02.203552 0.667306 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:02.650419 0.150949 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:02.810954 0.422753 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 10:37:49.220202 3.004966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 10:37:56.227636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:38:04.229092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:38:20.232236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:38:52.238119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:43:58.779224 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 10:43:58.779372 0.576290 tcp 10.0.2.109 64103 -> 176.73.169.112 1959 FSPA* 0 0 15 1610 flow=From-Botnet-V1-TCP-Established 1970/02/20 10:44:56.244236 3.001636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 10:45:03.251692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:45:11.253189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:45:27.256079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:45:59.264964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:54:11.271914 3.001981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 10:54:18.281090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:54:26.285519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:54:42.284234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 10:55:14.290462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:01:24.305484 3.001987 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 11:01:31.312498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:01:39.318487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:01:55.316486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:02:27.322633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:07:10.991943 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 11:07:10.992054 0.140800 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:11.121311 0.140323 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:11.267271 0.174285 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:11.430721 0.073609 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:11.485895 0.246856 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:11.728014 0.185957 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:11.906186 0.162116 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:12.065073 0.072730 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:12.146974 0.090022 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:12.218394 0.172055 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:12.368325 0.058408 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:12.408414 0.328415 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:12.735634 0.350131 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:13.082337 0.169616 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:13.321228 0.123962 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:13.410348 0.244565 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:13.645433 0.000000 udp 10.0.2.109 3683 -> 70.80.185.236 5752 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 11:07:29.468991 0.061306 tcp 10.0.2.109 64104 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 11:07:29.530540 0.057258 tcp 10.0.2.109 64105 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 11:07:29.588101 0.140354 tcp 10.0.2.109 64106 -> 195.113.214.249 443 SRPA* 0 0 34 25465 flow=From-Botnet-V1-TCP-Established 1970/02/20 11:07:29.729063 0.194189 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:29.920465 0.320327 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:30.343568 0.090727 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:30.463702 0.156676 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:30.614597 0.147031 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:30.757652 0.171526 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:30.925108 0.341599 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:31.262998 0.253746 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:31.477248 0.186955 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:31.676813 0.231072 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:31.916423 0.348931 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:32.264648 0.716029 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:07:32.766232 0.447808 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:08:47.332215 3.001546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 11:08:54.339167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:09:02.341834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:09:18.343830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:09:51.244326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:13:59.358451 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 11:13:59.358610 0.561018 tcp 10.0.2.109 64107 -> 176.73.169.112 1959 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/02/20 11:15:54.369384 2.998226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 11:16:01.373250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:16:09.374936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:16:25.377690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:16:57.396616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:23:01.389601 3.001775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 11:23:08.397015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:23:16.399285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:23:32.401944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:24:04.407884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:30:08.413914 3.001684 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 11:30:15.421394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:30:23.424978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:30:39.425658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:31:11.438693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:37:15.438011 3.001349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 11:37:22.445050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:37:30.446869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:37:46.449484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:37:46.930370 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 11:37:46.930528 0.000000 udp 10.0.2.109 3683 -> 70.80.185.236 5752 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 11:38:02.164228 0.059910 tcp 10.0.2.109 64108 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 11:38:02.224480 0.057164 tcp 10.0.2.109 64109 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 11:38:02.281993 0.143925 tcp 10.0.2.109 64110 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/20 11:38:02.426480 0.138564 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:02.563165 0.173509 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:02.724805 0.074037 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:02.781080 0.173481 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:02.951010 0.184281 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:03.128046 0.159548 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:03.279710 0.086995 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:03.377356 0.081040 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:03.439618 0.133417 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:03.565213 0.351037 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2608 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:03.912096 0.169207 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:04.080725 0.058377 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:04.122705 0.173405 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:04.272306 0.327795 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:04.620388 0.230211 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:04.841239 0.129818 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:04.935364 0.094445 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:05.004351 0.159927 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:05.162231 0.194520 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:05.353676 0.306467 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:05.681051 0.153571 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:05.827190 0.170164 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:06.046915 0.341137 udp 10.0.2.109 3683 <-> 1.171.224.100 1109 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:06.924908 0.257897 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:07.328458 0.186091 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:07.533074 0.149321 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:07.744001 0.363743 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:09.341777 0.686032 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:09.787235 0.436029 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/20 11:38:18.455560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:43:59.927201 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 11:43:59.927349 0.462046 tcp 10.0.2.109 64111 -> 176.73.169.112 1959 FSPA* 0 0 15 1571 flow=From-Botnet-V1-TCP-Established 1970/02/20 11:44:22.463789 2.999409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 11:44:29.469458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:44:37.470479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:44:53.473496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:45:25.479398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:53:50.490595 3.004267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 11:53:57.495816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:54:05.497444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:54:21.500502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 11:54:53.506713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:00:57.512198 3.001644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 12:01:04.519683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:01:12.521688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:01:28.526824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:02:00.530512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:08:10.544748 3.001669 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 12:08:17.552464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:08:25.553907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:08:30.871700 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 12:08:30.871811 0.072154 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:30.926439 0.172306 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:31.094952 0.138171 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:31.231395 0.177786 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:31.397659 0.191386 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 1995 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:31.582363 0.160049 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:31.734226 0.076555 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:31.819773 0.082849 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:31.886322 0.141186 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:32.017560 0.349770 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:32.363370 0.167428 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:32.639247 0.057632 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:32.680149 0.181634 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:32.833534 0.331225 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:33.163560 0.238759 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:33.393056 0.115631 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:33.475640 0.000000 udp 10.0.2.109 3683 -> 99.121.105.245 9979 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 12:08:41.556510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:08:51.485597 0.058773 tcp 10.0.2.109 64112 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:08:51.544668 0.065113 tcp 10.0.2.109 64113 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:08:51.610083 0.136330 tcp 10.0.2.109 64114 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:08:51.747123 0.300603 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:52.066922 0.151095 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:52.206850 0.094055 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:52.277055 0.153698 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:52.444192 0.169356 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:08:52.615141 0.000000 udp 10.0.2.109 3683 -> 1.171.224.100 1109 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 12:09:08.055700 0.056786 tcp 10.0.2.109 64115 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:09:08.112777 0.058408 tcp 10.0.2.109 64116 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:09:08.171480 0.135046 tcp 10.0.2.109 64117 -> 195.113.214.249 443 SRPA* 0 0 21 11806 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:09:08.307219 0.150903 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:09:08.477007 0.249541 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:09:08.690417 0.184972 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:09:08.883662 0.357765 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:09:09.242883 1.594901 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:09:09.895721 0.404990 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:09:13.562894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:14:00.397458 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 12:14:00.397559 0.540247 tcp 10.0.2.109 64118 -> 176.73.169.112 1959 FSPA* 0 0 14 1642 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:15:18.570352 3.010993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 12:15:25.578010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:15:33.579239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:15:49.582271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:16:21.588371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:22:27.597361 3.001394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 12:22:34.605137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:22:42.605886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:22:58.609264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:23:30.614420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:29:34.621261 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 12:29:41.628442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:29:49.629876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:30:05.633012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:30:37.639388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:36:41.645033 3.001673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 12:36:48.652150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:36:56.658694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:37:12.657127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:37:44.663025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:39:39.017706 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 12:39:39.017900 0.000000 udp 10.0.2.109 3683 -> 99.121.105.245 9979 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 12:39:57.766585 0.059481 tcp 10.0.2.109 64119 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:39:57.826358 0.059923 tcp 10.0.2.109 64120 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:39:57.886623 0.147047 tcp 10.0.2.109 64121 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:39:58.034253 0.000000 udp 10.0.2.109 3683 -> 1.171.224.100 1109 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 12:40:14.108947 0.058128 tcp 10.0.2.109 64122 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:40:14.167395 0.059034 tcp 10.0.2.109 64123 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:40:14.226824 0.137589 tcp 10.0.2.109 64124 -> 195.113.214.249 443 SRPA* 0 0 41 22864 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:40:14.364970 0.171968 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:14.533240 0.074869 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:14.587168 0.139084 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:14.724325 0.162355 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:14.878710 0.079528 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:14.967854 0.082630 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:15.029640 0.150183 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:15.167908 0.194397 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:15.354939 0.176889 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:15.519775 0.172784 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:15.667690 0.056914 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:15.708205 0.168091 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:15.886019 0.352165 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:16.234354 0.126731 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:16.326809 0.227979 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:16.544611 0.323829 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:16.867301 0.151992 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:17.026675 0.316441 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:17.344420 0.150288 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:17.491065 0.092358 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:17.588634 0.173768 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:17.759637 0.247682 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:17.971164 0.184096 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:18.164026 0.165972 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:18.313958 0.367619 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:18.682920 0.583372 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:40:19.143596 0.459485 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/20 12:43:48.668485 3.002089 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 12:43:55.676594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:44:00.944233 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 12:44:00.944333 0.471936 tcp 10.0.2.109 64125 -> 176.73.169.112 1959 FSPA* 0 0 15 1804 flow=From-Botnet-V1-TCP-Established 1970/02/20 12:44:03.677817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:44:19.680836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:44:51.686970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:50:55.697396 2.997344 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 12:51:02.700683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:51:10.702084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:51:26.704556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:51:58.710942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:58:02.717245 3.002088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 12:58:09.724422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:58:17.726014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:58:33.728696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 12:59:05.735355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:05:34.747163 3.001490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 13:05:41.762916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:05:49.756022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:06:05.759325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:06:37.768844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:10:31.751463 0.000126 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 13:10:31.751688 0.175808 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 4 1733 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:10:50.540767 0.035191 tcp 10.0.2.109 64126 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:10:50.576229 0.038244 tcp 10.0.2.109 64127 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:10:50.614833 0.140427 tcp 10.0.2.109 64128 -> 195.113.214.249 443 SRPA* 0 0 33 18096 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:10:50.756052 0.364321 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 5 1866 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:10:51.110977 0.076517 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:10:51.198716 0.209301 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 5 1808 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:10:51.404915 0.072236 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:10:51.460140 0.080868 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:10:51.523634 0.189016 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:10:51.703143 0.187845 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:10:51.882203 0.172760 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:10:52.043982 0.212725 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 5 2051 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:07.914474 0.074525 tcp 10.0.2.109 64129 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:11:07.989345 0.039433 tcp 10.0.2.109 64130 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:11:08.029106 0.137790 tcp 10.0.2.109 64131 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:11:08.167412 0.064117 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:08.213773 0.169254 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:08.391445 0.396275 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 5 1985 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:08.785124 0.114214 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:08.866891 0.267335 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 5 1819 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:09.123567 0.359197 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:09.483875 0.211376 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 4 1712 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:24.658010 0.058032 tcp 10.0.2.109 64132 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:11:24.716354 0.035513 tcp 10.0.2.109 64133 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:11:24.752175 0.128950 tcp 10.0.2.109 64134 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:11:24.881663 0.306377 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:25.205566 0.149085 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:25.346004 0.094864 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:25.461337 0.206713 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:25.676933 0.285708 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 5 1917 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:25.926914 0.392274 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 5 1942 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:26.327704 0.198592 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:26.525505 0.220941 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:26.746715 0.608642 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:11:27.235888 0.431148 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:12:41.770151 3.002676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 13:12:48.778532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:12:56.779776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:13:12.783043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:13:44.788749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:14:01.423089 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 13:14:01.423304 0.639862 tcp 10.0.2.109 64135 -> 176.73.169.112 1959 FSPA* 0 0 14 1648 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:19:48.795638 3.000156 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 13:19:55.801735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:20:03.804611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:20:19.807027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:20:51.816443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:26:55.817799 3.002494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 13:27:02.826259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:27:10.827800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:27:26.831054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:27:58.847094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:34:02.842500 3.001565 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 13:34:09.850115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:34:17.855211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:34:33.855141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:35:05.860657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:41:09.867251 3.001512 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 13:41:16.874122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:41:24.875151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:41:28.080401 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 13:41:28.080592 0.129561 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:28.208553 0.170276 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:28.354887 0.142015 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:28.510133 0.221409 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:28.721662 0.070660 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:28.793710 0.335242 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:29.119507 0.075677 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:29.178100 0.071458 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:29.232621 0.162028 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:29.391378 0.192309 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:29.576268 0.171360 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:29.736330 0.363287 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:30.095550 0.126071 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:30.187118 0.169989 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:30.352499 0.062182 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:30.398818 0.306261 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:30.721368 0.220399 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:30.930994 0.304207 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:31.243785 0.144272 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:31.383435 0.088677 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:31.483934 0.166615 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:31.651905 0.241513 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:31.855157 0.155301 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:31.998967 0.579715 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:32.458074 0.351781 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:32.837809 0.207169 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:33.098753 0.430984 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/20 13:41:40.878814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:42:12.885008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:44:02.061913 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 13:44:02.062057 0.500576 tcp 10.0.2.109 64136 -> 176.73.169.112 1959 FSPA* 0 0 14 1652 flow=From-Botnet-V1-TCP-Established 1970/02/20 13:48:16.892986 2.999563 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 13:48:23.898288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:48:31.899492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:48:47.902428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:49:19.908832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:55:47.918229 3.002726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 13:55:54.927738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:56:02.928520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:56:18.931187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 13:56:50.936997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:02:54.943689 3.000754 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 14:03:01.950235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:03:09.952067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:03:25.955055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:03:57.960992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:10:01.966474 3.002217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 14:10:08.974211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:10:16.976214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:10:32.979165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:11:04.985500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:11:39.975808 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 14:11:39.975925 0.145074 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:40.114643 0.363633 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:40.467215 0.084656 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:40.553861 0.130371 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:40.682067 0.174008 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:40.833705 0.288686 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:41.109114 0.086057 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:41.175588 0.071865 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:41.231087 0.172100 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2615 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:41.400308 0.191351 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:41.584666 0.174908 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:41.747937 0.363247 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:42.107655 0.152624 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:42.226713 0.167176 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:42.395278 0.060599 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:42.438404 0.313450 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:42.753185 0.221010 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:42.964416 0.090111 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:43.061304 0.169163 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:43.227893 0.243560 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:43.436063 0.305993 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:43.759160 0.160427 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:43.915184 0.199812 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:44.125925 0.716400 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:44.603628 0.351942 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:44.962384 0.196700 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:11:45.159011 0.434789 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:14:02.570940 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 14:14:02.571044 0.510282 tcp 10.0.2.109 64137 -> 176.73.169.112 1959 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/02/20 14:17:08.991392 3.001559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 14:17:15.998612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:17:24.001993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:17:40.003014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:18:12.008803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:24:16.014746 3.001967 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 14:24:23.022747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:24:31.023529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:24:47.031307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:25:19.033286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:31:23.038088 3.002493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 14:31:30.046107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:31:38.051363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:31:54.050987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:32:26.056870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:38:30.062452 3.002734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 14:38:37.070410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:38:45.072032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:39:01.074854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:39:33.080962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:42:07.913765 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 14:42:07.913901 0.074203 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:07.998774 0.137066 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2592 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:08.144371 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 14:42:25.180077 0.054523 tcp 10.0.2.109 64138 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 14:42:25.234885 0.033279 tcp 10.0.2.109 64139 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 14:42:25.268533 0.108904 tcp 10.0.2.109 64140 -> 195.113.214.249 443 SRPA* 0 0 56 55397 flow=From-Botnet-V1-TCP-Established 1970/02/20 14:42:25.378393 0.129650 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:25.506062 0.164326 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:25.647560 0.155057 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:25.792724 0.082567 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:25.855331 0.072878 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:25.910592 0.164434 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:26.071927 0.191568 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:26.255409 0.177924 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:26.421754 0.364521 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:26.782535 0.111560 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:26.861585 0.167703 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:27.030847 0.063596 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:27.078730 0.309440 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:27.389799 0.219556 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:27.599749 0.090769 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:27.846344 0.173147 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:28.013602 0.240176 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:28.214968 0.310089 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2010 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:28.534529 0.147964 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:28.675000 0.149844 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:28.814747 0.186479 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:29.020163 0.420322 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:29.459685 0.731117 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:42:29.931135 0.367452 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/20 14:44:03.089636 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 14:44:03.089721 0.493832 tcp 10.0.2.109 64141 -> 176.73.169.112 1959 FSPA* 0 0 14 1650 flow=From-Botnet-V1-TCP-Established 1970/02/20 14:45:37.087368 3.001024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 14:45:44.097189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:45:52.095802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:46:08.099139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:46:40.104216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:54:30.113778 3.001343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 14:54:37.120684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:54:45.122405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:55:01.125280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 14:55:33.136618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:02:00.151493 3.005915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 15:02:07.157772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:02:15.159296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:02:31.162151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:03:03.168362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:09:11.180647 3.000963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 15:09:18.187488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:09:26.189064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:09:42.191821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:10:14.198699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:12:49.341614 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 15:12:49.341813 0.184739 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:49.516986 0.074329 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:49.603397 0.140937 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:49.739625 0.129748 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:49.867398 0.163197 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:50.009702 0.198795 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:50.193755 0.080502 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:50.253500 0.066292 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:50.303347 0.170746 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:50.463022 0.363923 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:50.823108 0.118225 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:50.922376 0.229764 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:51.149401 0.191998 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:51.333605 0.166540 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2593 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:51.560614 0.058310 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:51.603553 0.314002 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1961 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:52.069774 0.218887 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:52.278559 0.092068 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:52.427345 0.169191 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2588 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:52.592093 0.259789 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:52.818319 0.304292 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:53.126602 0.168182 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:53.402673 0.220301 rtp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 1931 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:53.621713 0.183646 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:53.805120 0.452793 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:54.322816 1.140979 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:12:54.784496 0.365798 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:14:03.588306 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 15:14:03.588411 0.608277 tcp 10.0.2.109 64142 -> 176.73.169.112 1959 FSPA* 0 0 14 1633 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:16:22.211181 3.001548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 15:16:29.217056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:16:37.218717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:16:53.222002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:17:25.228689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:23:32.239308 3.001556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 15:23:39.245353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:23:47.246865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:24:03.249937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:24:35.255981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:30:39.263031 3.000689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 15:30:46.269448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:30:54.270892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:31:10.273868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:31:42.279882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:37:46.287407 3.000382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 15:37:53.293608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:38:01.294826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:38:17.298540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:38:49.303849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:43:18.741880 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 15:43:18.742078 0.134704 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:19.029000 0.128947 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:19.201182 0.181353 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:19.372292 0.074362 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:19.555436 0.163959 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:19.696826 0.219144 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:19.901733 0.083993 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:20.005957 0.073720 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:20.061259 0.176666 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:20.226842 0.363538 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:20.586687 0.124894 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:20.870191 0.166384 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:21.032626 0.191843 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:21.216559 0.170100 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:21.449453 0.059715 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:21.492725 0.090956 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:21.605208 0.317581 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:21.921133 0.218925 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:22.130374 0.169693 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:22.295511 0.241187 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:22.497869 0.305456 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:22.860420 0.147386 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:22.998426 0.448884 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:23.647087 0.223662 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:23.880333 0.186360 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:24.131155 1.483265 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:43:24.655099 0.355950 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/20 15:44:04.197324 2.993400 tcp 10.0.2.109 64143 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:44:08.873263 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 15:44:13.189460 0.000000 tcp 10.0.2.109 64143 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:44:19.200690 0.053609 tcp 10.0.2.109 64144 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:44:19.254613 0.032392 tcp 10.0.2.109 64145 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:44:19.287324 0.125771 tcp 10.0.2.109 64146 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:44:19.471354 3.003742 tcp 10.0.2.109 64147 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:44:28.472515 0.000000 tcp 10.0.2.109 64147 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:44:34.471075 0.052130 tcp 10.0.2.109 64148 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:44:34.523505 0.032078 tcp 10.0.2.109 64149 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:44:34.555906 0.123537 tcp 10.0.2.109 64150 -> 195.113.214.249 443 SRPA* 0 0 41 22864 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:44:34.693155 3.001542 tcp 10.0.2.109 64151 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:44:43.693198 0.000000 tcp 10.0.2.109 64151 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:44:49.692714 3.003605 tcp 10.0.2.109 64152 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:44:53.310512 3.000958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 15:44:58.695059 0.000000 tcp 10.0.2.109 64152 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:45:00.317239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:45:08.319122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:45:24.321998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:45:56.327854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:50:04.695357 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 15:50:04.695441 2.993730 tcp 10.0.2.109 64153 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:50:13.688015 0.000000 tcp 10.0.2.109 64153 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:50:19.702321 0.053491 tcp 10.0.2.109 64154 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:50:19.756223 0.031657 tcp 10.0.2.109 64155 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:50:19.788128 0.126322 tcp 10.0.2.109 64156 -> 195.113.214.249 443 SRPA* 0 0 22 12484 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:50:19.950768 3.000478 tcp 10.0.2.109 64157 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:50:28.949903 0.000000 tcp 10.0.2.109 64157 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:50:34.949209 0.051797 tcp 10.0.2.109 64158 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:50:35.001266 0.032248 tcp 10.0.2.109 64159 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:50:35.033824 0.198478 tcp 10.0.2.109 64160 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:50:35.304878 2.998266 tcp 10.0.2.109 64161 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:50:44.301771 0.000000 tcp 10.0.2.109 64161 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:50:50.300950 3.004337 tcp 10.0.2.109 64162 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:50:59.303494 0.000000 tcp 10.0.2.109 64162 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:54:08.338485 3.001315 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 15:54:15.345589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:54:23.346946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:54:39.349712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:55:11.355990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 15:56:05.304150 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 15:56:05.304366 3.003422 tcp 10.0.2.109 64163 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:56:14.318377 0.000000 tcp 10.0.2.109 64163 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:56:20.306676 0.052912 tcp 10.0.2.109 64164 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:56:20.359912 0.032629 tcp 10.0.2.109 64165 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:56:20.392862 0.120325 tcp 10.0.2.109 64166 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:56:20.591342 2.998371 tcp 10.0.2.109 64167 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:56:29.588230 0.000000 tcp 10.0.2.109 64167 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:56:35.587395 0.052295 tcp 10.0.2.109 64168 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:56:35.639997 0.032253 tcp 10.0.2.109 64169 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:56:35.672105 0.123551 tcp 10.0.2.109 64170 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/20 15:56:36.000432 3.002259 tcp 10.0.2.109 64171 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:56:45.000718 0.000000 tcp 10.0.2.109 64171 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:56:50.999484 3.004155 tcp 10.0.2.109 64172 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 15:57:00.001903 0.000000 tcp 10.0.2.109 64172 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:01:19.368624 3.000865 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 16:01:26.375043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:01:34.379076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:01:50.379648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:02:06.002987 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 16:02:06.003095 3.002717 tcp 10.0.2.109 64173 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:02:15.004952 0.000000 tcp 10.0.2.109 64173 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:02:21.005205 0.053003 tcp 10.0.2.109 64174 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:02:21.058522 0.032938 tcp 10.0.2.109 64175 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:02:21.091760 0.124823 tcp 10.0.2.109 64176 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:02:21.420448 2.998116 tcp 10.0.2.109 64177 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:02:22.385625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:02:30.428731 0.000000 tcp 10.0.2.109 64177 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:08:35.394898 3.001333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 16:08:42.402206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:08:50.403780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:09:06.407368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:09:38.412893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:13:38.959475 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 16:13:38.959572 0.133882 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:39.173859 0.128605 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:39.300693 0.172599 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:39.462554 0.084249 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:39.562490 0.166436 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:39.704906 0.157410 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:39.848154 0.084220 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:39.914242 0.364479 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:40.274831 0.126302 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:40.367520 0.066974 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:40.427914 0.177921 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:40.595815 0.169521 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:40.759653 0.192389 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:40.944177 0.168486 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:41.150673 0.058879 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:41.192837 0.091779 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:41.261494 0.315409 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:41.593665 0.239650 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:41.798299 0.309980 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:42.191140 0.147350 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:42.330934 0.224038 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:42.545396 0.168880 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:42.710540 0.439173 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:43.166695 0.220372 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:43.398031 0.350949 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:43.770740 0.235796 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:44.007906 2.134635 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:13:51.456522 2.994224 tcp 10.0.2.109 64178 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:14:00.449171 0.000000 tcp 10.0.2.109 64178 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:14:06.459287 0.054338 tcp 10.0.2.109 64179 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:14:06.513909 0.032743 tcp 10.0.2.109 64180 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:14:06.546390 0.128660 tcp 10.0.2.109 64181 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:14:06.696367 2.996253 tcp 10.0.2.109 64182 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:14:15.692999 0.000000 tcp 10.0.2.109 64182 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:15:42.418296 3.001714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 16:15:49.425879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:15:57.427505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:16:13.430482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:16:45.436619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:19:21.691790 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 16:19:21.691874 3.003448 tcp 10.0.2.109 64183 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:19:30.694197 0.000000 tcp 10.0.2.109 64183 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:19:36.694454 0.052561 tcp 10.0.2.109 64184 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:19:36.747268 0.033671 tcp 10.0.2.109 64185 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:19:36.781241 0.121216 tcp 10.0.2.109 64186 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:19:37.124814 3.002693 tcp 10.0.2.109 64187 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:19:46.136390 0.000000 tcp 10.0.2.109 64187 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:22:49.442569 3.001489 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 16:22:56.449917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:23:04.451148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:23:20.454402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:23:52.460410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:24:52.126691 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 16:24:52.126870 2.993588 tcp 10.0.2.109 64188 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:25:01.119235 0.000000 tcp 10.0.2.109 64188 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:25:07.129141 0.053423 tcp 10.0.2.109 64189 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:25:07.182863 0.031804 tcp 10.0.2.109 64190 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:25:07.214947 0.121783 tcp 10.0.2.109 64191 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:25:07.413886 2.998668 tcp 10.0.2.109 64192 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:25:16.410996 0.000000 tcp 10.0.2.109 64192 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:29:56.467466 3.000482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 16:30:03.479961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:30:11.475518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:30:22.411714 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 16:30:22.411830 3.003776 tcp 10.0.2.109 64193 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:30:27.477990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:30:31.414081 0.000000 tcp 10.0.2.109 64193 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:30:37.414620 0.052766 tcp 10.0.2.109 64194 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:30:37.467748 0.032476 tcp 10.0.2.109 64195 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:30:37.500537 0.123352 tcp 10.0.2.109 64196 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:30:37.899526 2.998214 tcp 10.0.2.109 64197 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:30:46.906414 0.000000 tcp 10.0.2.109 64197 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:30:59.484767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:37:03.490754 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 16:37:10.497702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:37:18.499347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:37:34.502483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:38:06.508551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:44:08.159056 0.000176 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 16:44:08.159341 0.159737 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:08.310753 0.074555 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:08.403356 0.168623 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 1974 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:08.544876 0.138916 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:08.706009 0.129350 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:08.838359 0.199150 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:09.052373 0.083324 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:09.156934 0.364087 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:09.516968 0.115481 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:09.599894 0.067242 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:09.711479 0.170990 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:09.871572 0.167392 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:10.036147 0.194211 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:10.222810 0.171115 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:10.389227 0.059983 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:10.433540 0.089433 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:10.503593 0.329169 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:10.522905 2.993253 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 16:44:10.831588 0.241371 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:11.037625 0.222718 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:11.250391 0.169648 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:11.415448 0.306238 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:11.722847 0.155472 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:11.870634 0.428668 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:12.314371 0.139354 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:12.452596 0.308175 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:12.761989 0.184003 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:12.947276 0.604591 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/20 16:44:17.522027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:44:22.949872 3.007873 tcp 10.0.2.109 64198 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:44:25.523412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:44:31.952821 0.000000 tcp 10.0.2.109 64198 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:44:37.956586 0.054149 tcp 10.0.2.109 64199 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:44:38.011014 0.032129 tcp 10.0.2.109 64200 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:44:38.043421 0.122234 tcp 10.0.2.109 64201 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:44:38.175322 3.000519 tcp 10.0.2.109 64202 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:44:41.526387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:44:47.174853 0.000000 tcp 10.0.2.109 64202 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:45:13.532578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:49:53.175175 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 16:49:53.175270 2.993455 tcp 10.0.2.109 64203 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:50:02.177515 0.000000 tcp 10.0.2.109 64203 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:50:08.177719 0.053772 tcp 10.0.2.109 64204 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:50:08.231801 0.032040 tcp 10.0.2.109 64205 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:50:08.264112 0.121193 tcp 10.0.2.109 64206 -> 195.113.214.249 443 SRPA* 0 0 21 12468 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:50:08.410755 2.999976 tcp 10.0.2.109 64207 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:50:17.409024 0.000000 tcp 10.0.2.109 64207 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:53:39.542990 3.001169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 16:53:46.549860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:53:54.551393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:54:10.560760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:54:42.565981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 16:55:23.410037 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 16:55:23.410150 3.003606 tcp 10.0.2.109 64208 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:55:32.412835 0.000000 tcp 10.0.2.109 64208 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:55:38.419407 0.053195 tcp 10.0.2.109 64209 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:55:38.472889 0.033037 tcp 10.0.2.109 64210 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:55:38.506277 0.122257 tcp 10.0.2.109 64211 -> 195.113.214.249 443 SRPA* 0 0 21 11766 flow=From-Botnet-V1-TCP-Established 1970/02/20 16:55:38.643448 3.001905 tcp 10.0.2.109 64212 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 16:55:47.643974 0.000000 tcp 10.0.2.109 64212 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:00:46.566773 3.001235 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 17:00:53.574012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:00:53.634729 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 17:00:53.634866 2.993759 tcp 10.0.2.109 64213 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:01:01.575307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:01:02.636899 0.000000 tcp 10.0.2.109 64213 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:01:08.636895 0.052605 tcp 10.0.2.109 64214 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:01:08.689694 0.032549 tcp 10.0.2.109 64215 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:01:08.722502 0.124250 tcp 10.0.2.109 64216 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:01:08.856232 2.994222 tcp 10.0.2.109 64217 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:01:17.578691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:01:17.848745 0.000000 tcp 10.0.2.109 64217 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:01:49.584559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:07:53.591518 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 17:08:00.602630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:08:08.599457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:08:24.605394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:08:56.612840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:14:21.886697 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 17:14:21.886836 0.166847 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:22.030403 0.136394 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:22.168017 0.130394 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:22.296331 0.161546 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:22.449057 0.073467 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:22.533583 0.135057 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:22.692217 0.085332 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:22.760303 0.363494 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:23.133000 0.115113 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:23.216775 0.067203 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:23.269727 0.172139 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:23.431435 0.171751 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:23.600215 0.191264 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:23.784629 0.169815 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:23.909582 3.004356 tcp 10.0.2.109 64218 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:14:23.950386 0.062409 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:24.017329 1.398087 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:25.397972 0.308681 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:25.714054 0.169394 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:25.879580 0.306990 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:26.194435 0.148592 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:26.333451 0.239390 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:26.536387 0.219653 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:26.746018 0.445538 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:27.206658 0.147007 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:27.395925 0.340591 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:27.744869 0.260661 rtp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:28.014000 0.561007 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:14:32.912531 0.000000 tcp 10.0.2.109 64218 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:14:38.912417 0.052769 tcp 10.0.2.109 64219 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:14:38.965482 0.032376 tcp 10.0.2.109 64220 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:14:38.998213 0.121015 tcp 10.0.2.109 64221 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:14:39.128496 2.998747 tcp 10.0.2.109 64222 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:14:48.124859 0.000000 tcp 10.0.2.109 64222 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:15:00.614513 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 17:15:07.621748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:15:15.623339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:15:31.627912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:16:03.632218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:19:54.125265 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 17:19:54.125421 2.992774 tcp 10.0.2.109 64223 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:20:03.126859 0.000000 tcp 10.0.2.109 64223 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:20:09.127045 0.035474 tcp 10.0.2.109 64224 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:20:09.162774 0.032886 tcp 10.0.2.109 64225 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:20:09.195983 0.120861 tcp 10.0.2.109 64226 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:20:09.381263 3.002331 tcp 10.0.2.109 64227 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:20:18.378601 0.000000 tcp 10.0.2.109 64227 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:22:07.638612 3.001480 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 17:22:14.645173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:22:22.648761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:22:38.650323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:23:10.656175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:25:24.379836 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 17:25:24.379991 3.002816 tcp 10.0.2.109 64228 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:25:33.381766 0.000000 tcp 10.0.2.109 64228 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:25:39.382129 0.053245 tcp 10.0.2.109 64229 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:25:39.435621 0.044052 tcp 10.0.2.109 64230 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:25:39.480007 0.125430 tcp 10.0.2.109 64231 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:25:39.614632 3.000044 tcp 10.0.2.109 64232 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:25:48.613257 0.000000 tcp 10.0.2.109 64232 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:29:14.662109 3.002104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 17:29:21.669151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:29:29.671448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:29:45.674119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:30:17.680465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:30:54.613744 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 17:30:54.613936 2.993928 tcp 10.0.2.109 64233 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:31:03.616082 0.000000 tcp 10.0.2.109 64233 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:31:09.616378 0.052620 tcp 10.0.2.109 64234 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:31:09.669236 0.031910 tcp 10.0.2.109 64235 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:31:09.701434 0.122933 tcp 10.0.2.109 64236 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:31:09.869441 2.999999 tcp 10.0.2.109 64237 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:31:18.868742 0.000000 tcp 10.0.2.109 64237 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:36:21.686033 3.001832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 17:36:28.693643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:36:36.694620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:36:52.698396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:37:24.705685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:43:28.710407 3.001485 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 17:43:35.717562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:43:43.719096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:43:59.722127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:44:31.728576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:44:33.881754 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 17:44:33.881957 0.165055 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:34.025324 0.138443 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:34.172092 0.128903 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:34.299713 0.160375 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:34.449779 0.077685 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:34.530944 0.142076 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:34.661876 0.082247 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:34.724561 0.069821 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:34.776394 0.170346 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:34.935268 0.165497 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:35.096342 0.192239 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:35.281119 0.364360 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:35.664827 0.124334 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:35.756352 0.167524 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:35.925118 0.065365 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2650 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:35.971576 0.091688 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:36.080560 0.307054 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:36.386636 0.168720 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:36.550739 0.306434 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2582 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:36.895173 0.147129 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:37.034166 0.240274 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:37.239934 0.222186 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:37.453111 0.367206 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:37.821496 0.397923 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:38.241534 0.134975 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:38.377844 0.184655 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:38.562247 0.635754 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/20 17:44:39.920607 3.003333 tcp 10.0.2.109 64238 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:44:48.923145 0.000000 tcp 10.0.2.109 64238 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:44:54.923492 0.054874 tcp 10.0.2.109 64239 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:44:54.978639 0.031645 tcp 10.0.2.109 64240 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:44:55.010547 0.122709 tcp 10.0.2.109 64241 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:44:55.144289 3.002353 tcp 10.0.2.109 64242 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:45:04.144867 0.000000 tcp 10.0.2.109 64242 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:50:10.145339 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 17:50:10.145528 2.993771 tcp 10.0.2.109 64243 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:50:19.137838 0.000000 tcp 10.0.2.109 64243 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:50:25.148403 0.053713 tcp 10.0.2.109 64244 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:50:25.202359 0.032866 tcp 10.0.2.109 64245 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:50:25.235524 0.125030 tcp 10.0.2.109 64246 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:50:25.371132 3.000293 tcp 10.0.2.109 64247 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:50:34.369580 0.000000 tcp 10.0.2.109 64247 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:50:35.735354 3.001208 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 17:50:42.741430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:50:50.747433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:51:06.746124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:51:38.752535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:55:40.370001 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 17:55:40.370091 3.004952 tcp 10.0.2.109 64248 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:55:49.372557 0.000000 tcp 10.0.2.109 64248 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:55:55.372960 0.053144 tcp 10.0.2.109 64249 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:55:55.426464 0.032016 tcp 10.0.2.109 64250 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:55:55.458823 0.124811 tcp 10.0.2.109 64251 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/20 17:55:55.592831 3.006031 tcp 10.0.2.109 64252 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:56:04.599096 0.000000 tcp 10.0.2.109 64252 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 17:57:42.757130 3.002873 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 17:57:49.765966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:57:57.767780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:58:13.770253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 17:58:45.778566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:01:10.594585 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 18:01:10.594760 2.994066 tcp 10.0.2.109 64253 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:01:19.597268 0.000000 tcp 10.0.2.109 64253 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:01:25.597247 0.053868 tcp 10.0.2.109 64254 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:01:25.651417 0.032590 tcp 10.0.2.109 64255 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:01:25.684271 0.124520 tcp 10.0.2.109 64256 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:01:25.884762 2.998892 tcp 10.0.2.109 64257 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:01:34.879433 0.000000 tcp 10.0.2.109 64257 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:04:54.805115 2.992354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 18:05:01.796687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:05:09.798613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:05:25.801377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:05:57.806750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:12:01.813167 3.002217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 18:12:08.820997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:12:16.822967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:12:32.827898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:13:04.831415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:14:53.137146 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 18:14:53.137360 0.166265 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:53.280621 0.145381 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:53.420176 0.129336 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:53.547293 0.156021 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 1978 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:53.695231 0.073757 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:53.770359 0.135673 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:53.895930 0.082433 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:53.958301 0.069004 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:54.009301 0.193676 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:54.195679 0.364074 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:54.556108 0.115434 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:54.635606 0.171826 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:54.795140 0.171476 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:54.961164 0.168676 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:55.130938 0.060147 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:55.174229 0.094826 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:55.246479 0.327225 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:55.572601 0.167321 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:55.755518 0.238516 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2040 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:55.931505 3.003771 tcp 10.0.2.109 64258 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:14:55.960989 0.219403 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:56.170491 0.448792 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:56.643978 0.144382 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:56.784288 0.353508 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:57.157104 0.441450 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:57.607793 0.135785 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:57.739421 0.190476 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:14:57.944118 0.574499 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:15:04.934329 0.000000 tcp 10.0.2.109 64258 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:15:10.933695 0.053026 tcp 10.0.2.109 64259 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:15:10.986957 0.032320 tcp 10.0.2.109 64260 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:15:11.019640 0.122063 tcp 10.0.2.109 64261 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:15:11.151872 3.005478 tcp 10.0.2.109 64262 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:15:20.158614 0.000000 tcp 10.0.2.109 64262 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:15:26.145203 0.051791 tcp 10.0.2.109 64263 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:15:26.197300 0.031879 tcp 10.0.2.109 64264 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:15:26.229519 0.122298 tcp 10.0.2.109 64265 -> 195.113.214.249 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:15:26.361661 2.997609 tcp 10.0.2.109 64266 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:15:35.368125 0.000000 tcp 10.0.2.109 64266 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:15:41.358858 2.991737 tcp 10.0.2.109 64267 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:15:50.349313 0.000000 tcp 10.0.2.109 64267 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:19:08.842028 2.997291 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 18:19:15.844656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:19:23.846073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:19:39.849297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:20:11.855409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:20:56.359996 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 18:20:56.360192 3.003551 tcp 10.0.2.109 64268 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:21:05.362557 0.000000 tcp 10.0.2.109 64268 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:21:11.362931 0.052943 tcp 10.0.2.109 64269 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:21:11.416179 0.031602 tcp 10.0.2.109 64270 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:21:11.448116 0.122884 tcp 10.0.2.109 64271 -> 195.113.214.249 443 SRPA* 0 0 21 11806 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:21:11.585836 2.999612 tcp 10.0.2.109 64272 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:21:20.584309 0.000000 tcp 10.0.2.109 64272 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:21:26.583048 0.052515 tcp 10.0.2.109 64273 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:21:26.635784 0.034786 tcp 10.0.2.109 64274 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:21:26.670826 0.121603 tcp 10.0.2.109 64275 -> 195.113.214.249 443 SRPA* 0 0 22 13148 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:21:26.809147 3.008322 tcp 10.0.2.109 64276 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:21:35.828414 0.000000 tcp 10.0.2.109 64276 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:21:41.804676 2.994071 tcp 10.0.2.109 64277 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:21:50.807816 0.000000 tcp 10.0.2.109 64277 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:26:15.861367 3.001904 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 18:26:22.869350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:26:30.870431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:26:46.873029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:26:56.808213 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 18:26:56.808367 3.003097 tcp 10.0.2.109 64278 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:27:05.810660 0.000000 tcp 10.0.2.109 64278 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:27:11.810930 0.053771 tcp 10.0.2.109 64279 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:27:11.865051 0.031728 tcp 10.0.2.109 64280 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:27:11.897193 0.124532 tcp 10.0.2.109 64281 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:27:12.212418 3.001284 tcp 10.0.2.109 64282 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:27:18.879284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:27:21.212953 0.000000 tcp 10.0.2.109 64282 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:27:27.211835 0.053237 tcp 10.0.2.109 64283 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:27:27.265364 0.032184 tcp 10.0.2.109 64284 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:27:27.297817 0.123991 tcp 10.0.2.109 64285 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:27:27.432023 3.010485 tcp 10.0.2.109 64286 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:27:36.437552 0.000000 tcp 10.0.2.109 64286 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:27:42.433212 2.994441 tcp 10.0.2.109 64287 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:27:51.436650 0.000000 tcp 10.0.2.109 64287 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:32:57.436702 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 18:32:57.436807 2.993494 tcp 10.0.2.109 64288 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:33:06.428729 0.000000 tcp 10.0.2.109 64288 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:33:12.439318 0.052006 tcp 10.0.2.109 64289 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:33:12.491536 0.032304 tcp 10.0.2.109 64290 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:33:12.524187 0.122484 tcp 10.0.2.109 64291 -> 195.113.214.249 443 SRPA* 0 0 44 40410 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:33:12.689339 3.004184 tcp 10.0.2.109 64292 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:33:21.691124 0.000000 tcp 10.0.2.109 64292 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:33:22.885385 3.001806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 18:33:27.690195 0.052291 tcp 10.0.2.109 64293 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:33:27.742703 0.031894 tcp 10.0.2.109 64294 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:33:27.774909 0.384218 tcp 10.0.2.109 64295 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:33:28.180163 2.994322 tcp 10.0.2.109 64296 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:33:29.892599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:33:37.173339 0.000000 tcp 10.0.2.109 64296 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:33:37.894600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:33:43.181962 3.004293 tcp 10.0.2.109 64297 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:33:52.184707 0.000000 tcp 10.0.2.109 64297 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:33:53.897135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:34:25.903355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:40:29.909395 3.017575 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 18:40:36.920869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:40:44.927640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:41:00.921605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:41:32.927209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:45:00.285629 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 18:45:00.285838 0.129281 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:00.412828 0.154717 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:00.562362 0.074403 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:00.644757 0.166985 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:00.786981 0.134109 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2017 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:00.921407 0.134690 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:01.046254 0.086554 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:01.115037 0.074520 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:01.172099 0.191721 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:01.356637 0.352788 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:01.705829 0.118891 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:01.790484 0.172703 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:01.952255 0.164656 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:02.112829 0.169295 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:02.294861 0.064626 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:02.341341 0.090353 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:02.408569 0.326306 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:02.735953 0.169833 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 1932 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:02.912367 0.307703 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:03.236898 0.146133 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:03.375158 0.237623 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:03.577314 0.243413 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:03.811095 0.353117 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:04.165525 0.434474 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:04.601174 0.147522 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:04.744056 0.187233 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:04.951923 0.553249 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/20 18:45:13.224893 2.993567 tcp 10.0.2.109 64298 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:45:22.233629 0.000000 tcp 10.0.2.109 64298 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:45:28.227139 0.053257 tcp 10.0.2.109 64299 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:45:28.280680 0.031669 tcp 10.0.2.109 64300 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:45:28.312623 0.122261 tcp 10.0.2.109 64301 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:45:28.444653 2.995217 tcp 10.0.2.109 64302 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:45:37.438715 0.000000 tcp 10.0.2.109 64302 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:45:43.438232 0.052146 tcp 10.0.2.109 64303 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:45:43.490628 0.032458 tcp 10.0.2.109 64304 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:45:43.523419 0.121351 tcp 10.0.2.109 64305 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:45:43.660354 3.006616 tcp 10.0.2.109 64306 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:45:52.660814 0.000000 tcp 10.0.2.109 64306 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:45:58.659487 3.003978 tcp 10.0.2.109 64307 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:46:07.662019 0.000000 tcp 10.0.2.109 64307 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:47:36.933470 3.001476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 18:47:43.940153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:47:51.942363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:48:07.945236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:48:39.952096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:51:13.661929 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 18:51:13.662253 3.006447 tcp 10.0.2.109 64308 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:51:22.665001 0.000000 tcp 10.0.2.109 64308 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:51:28.665592 0.053453 tcp 10.0.2.109 64309 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:51:28.719374 0.032866 tcp 10.0.2.109 64310 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:51:28.752554 0.121956 tcp 10.0.2.109 64311 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:51:28.884052 2.994329 tcp 10.0.2.109 64312 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:51:37.887080 0.000000 tcp 10.0.2.109 64312 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:51:43.885882 0.031368 tcp 10.0.2.109 64313 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:51:43.917567 0.032972 tcp 10.0.2.109 64314 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:51:43.950830 0.129123 tcp 10.0.2.109 64315 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:51:44.093661 2.996709 tcp 10.0.2.109 64316 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:51:53.089103 0.000000 tcp 10.0.2.109 64316 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:51:59.087502 3.011182 tcp 10.0.2.109 64317 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:52:08.090436 0.000000 tcp 10.0.2.109 64317 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:55:27.961234 3.000946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 18:55:34.967725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:55:42.969316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:55:58.972420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:56:30.978223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 18:57:14.090847 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 18:57:14.091031 3.012209 tcp 10.0.2.109 64318 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:57:23.093376 0.000000 tcp 10.0.2.109 64318 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:57:29.099671 0.032858 tcp 10.0.2.109 64319 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:57:29.132819 0.033689 tcp 10.0.2.109 64320 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:57:29.166854 0.121869 tcp 10.0.2.109 64321 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:57:29.299929 2.997241 tcp 10.0.2.109 64322 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:57:38.297130 0.000000 tcp 10.0.2.109 64322 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:57:44.294460 0.031011 tcp 10.0.2.109 64323 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:57:44.325732 0.031731 tcp 10.0.2.109 64324 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:57:44.357769 0.122119 tcp 10.0.2.109 64325 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 18:57:44.489302 2.999429 tcp 10.0.2.109 64326 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:57:53.496903 0.000000 tcp 10.0.2.109 64326 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:57:59.485613 2.994524 tcp 10.0.2.109 64327 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 18:58:08.478727 0.000000 tcp 10.0.2.109 64327 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:02:45.991540 3.000235 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 19:02:52.997737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:03:00.999188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:03:14.489177 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 19:03:14.489366 3.003380 tcp 10.0.2.109 64328 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:03:17.002000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:03:23.491342 0.000000 tcp 10.0.2.109 64328 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:03:29.492327 0.033198 tcp 10.0.2.109 64329 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:03:29.525840 0.032177 tcp 10.0.2.109 64330 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:03:29.558331 0.121544 tcp 10.0.2.109 64331 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:03:29.689393 3.004934 tcp 10.0.2.109 64332 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:03:38.692644 0.000000 tcp 10.0.2.109 64332 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:03:44.682735 0.030871 tcp 10.0.2.109 64333 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:03:44.713962 0.032343 tcp 10.0.2.109 64334 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:03:44.746635 0.122048 tcp 10.0.2.109 64335 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:03:44.879207 3.007494 tcp 10.0.2.109 64336 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:03:49.008650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:03:53.895128 0.000000 tcp 10.0.2.109 64336 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:03:59.873535 2.994641 tcp 10.0.2.109 64337 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:04:08.876897 0.000000 tcp 10.0.2.109 64337 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:09:53.019557 2.996420 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 19:10:00.021686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:10:08.023352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:10:24.026155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:10:56.032455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:15:15.655712 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 19:15:15.655861 0.068135 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:15.733541 0.163925 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:15.874506 0.128912 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:16.001229 0.156125 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:16.149563 0.135373 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:16.286436 0.136036 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:16.413950 0.078513 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:16.472378 0.069460 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:16.526640 0.192934 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:16.711711 0.353172 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:17.060837 0.120313 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:17.148392 0.176487 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:17.313703 0.231341 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:17.542585 0.166941 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:17.710812 0.059658 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:17.753703 0.095543 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:17.849550 0.309768 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:18.158279 0.145407 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:18.299741 0.240105 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:18.502871 0.168050 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:18.679698 0.303973 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:19.022932 0.222944 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:19.235740 0.359507 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:19.596766 0.452332 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:20.050621 0.157932 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:20.210302 0.184030 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:20.395810 0.761201 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:15:29.919744 2.990741 tcp 10.0.2.109 64338 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:15:38.908966 0.000000 tcp 10.0.2.109 64338 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:15:44.919180 0.032515 tcp 10.0.2.109 64339 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:15:44.951992 0.032721 tcp 10.0.2.109 64340 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:15:44.984950 0.121959 tcp 10.0.2.109 64341 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:15:45.128177 3.004061 tcp 10.0.2.109 64342 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:15:54.130595 0.000000 tcp 10.0.2.109 64342 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:16:00.130265 0.030782 tcp 10.0.2.109 64343 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:16:00.161413 0.032476 tcp 10.0.2.109 64344 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:16:00.194240 0.124772 tcp 10.0.2.109 64345 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:16:00.330499 3.007367 tcp 10.0.2.109 64346 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:16:09.334507 0.000000 tcp 10.0.2.109 64346 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:16:15.331597 3.006837 tcp 10.0.2.109 64347 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:16:24.334229 0.000000 tcp 10.0.2.109 64347 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:17:00.040233 2.999592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 19:17:07.045562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:17:15.049724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:17:31.049934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:18:03.058491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:21:30.334860 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 19:21:30.335057 2.993373 tcp 10.0.2.109 64348 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:21:39.336979 0.000000 tcp 10.0.2.109 64348 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:21:45.337501 0.032327 tcp 10.0.2.109 64349 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:21:45.370129 0.032334 tcp 10.0.2.109 64350 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:21:45.402727 0.121889 tcp 10.0.2.109 64351 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:21:45.546866 2.993267 tcp 10.0.2.109 64352 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:21:54.541517 0.000000 tcp 10.0.2.109 64352 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:22:00.549830 0.030711 tcp 10.0.2.109 64353 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:22:00.580820 0.033295 tcp 10.0.2.109 64354 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:22:00.614505 0.123758 tcp 10.0.2.109 64355 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:22:00.751475 3.000989 tcp 10.0.2.109 64356 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:22:09.750805 0.000000 tcp 10.0.2.109 64356 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:22:15.749558 3.004099 tcp 10.0.2.109 64357 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:22:24.754736 0.000000 tcp 10.0.2.109 64357 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:24:07.061642 3.002109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 19:24:14.069351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:24:22.070997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:24:38.073967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:25:10.081092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:27:30.752975 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 19:27:30.753146 3.002838 tcp 10.0.2.109 64358 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:27:39.754916 0.000000 tcp 10.0.2.109 64358 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:27:45.755081 0.032064 tcp 10.0.2.109 64359 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:27:45.787401 0.031668 tcp 10.0.2.109 64360 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:27:45.819350 0.121746 tcp 10.0.2.109 64361 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:27:45.956796 2.992300 tcp 10.0.2.109 64362 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:27:54.957131 0.000000 tcp 10.0.2.109 64362 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:28:00.956464 0.031214 tcp 10.0.2.109 64363 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:28:00.987955 0.032117 tcp 10.0.2.109 64364 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:28:01.020392 0.124555 tcp 10.0.2.109 64365 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:28:01.154662 2.995534 tcp 10.0.2.109 64366 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:28:10.148976 0.000000 tcp 10.0.2.109 64366 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:28:16.147520 3.004710 tcp 10.0.2.109 64367 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:28:25.150642 0.000000 tcp 10.0.2.109 64367 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:31:14.085833 3.001662 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 19:31:21.093407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:31:29.095085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:31:45.098279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:32:17.104155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:33:31.151197 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 19:33:31.151298 3.004339 tcp 10.0.2.109 64368 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:33:40.153409 0.000000 tcp 10.0.2.109 64368 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:33:46.153547 0.031795 tcp 10.0.2.109 64369 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:33:46.185692 0.031627 tcp 10.0.2.109 64370 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:33:46.217621 0.119633 tcp 10.0.2.109 64371 -> 195.113.214.249 443 SRPA* 0 0 22 12940 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:33:46.347672 3.009152 tcp 10.0.2.109 64372 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:33:55.355287 0.000000 tcp 10.0.2.109 64372 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:34:01.347603 0.031557 tcp 10.0.2.109 64373 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:34:01.379488 0.032108 tcp 10.0.2.109 64374 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:34:01.412000 0.124668 tcp 10.0.2.109 64375 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:34:01.547073 2.992092 tcp 10.0.2.109 64376 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:34:10.547321 0.000000 tcp 10.0.2.109 64376 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:34:16.545755 2.994097 tcp 10.0.2.109 64377 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:34:25.538711 0.000000 tcp 10.0.2.109 64377 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:38:21.110549 3.001321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 19:38:28.117529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:38:36.118960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:38:52.122597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:39:24.128287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:45:28.138219 2.997252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 19:45:34.180326 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 19:45:34.180530 0.074239 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:34.272558 0.167887 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:34.416538 0.128684 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:34.543979 0.154243 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:34.690400 0.135348 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:34.835669 0.135217 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:34.961264 0.083138 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:35.028117 0.072573 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:35.080921 0.187145 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:35.141603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:45:35.260619 0.354037 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:35.611081 0.115157 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:35.693344 0.176842 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:35.858675 0.167785 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:36.022928 0.174586 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:36.206781 0.059790 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:36.249932 0.311310 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:36.550027 0.237842 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:36.753449 0.167822 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:36.941948 0.091135 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:37.036975 0.308150 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:37.343927 0.314944 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:37.737505 0.224750 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:37.952057 0.354651 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:38.325281 0.186340 udp 10.0.2.109 3683 <-> 118.107.133.21 4717 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:38.520238 0.430879 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:38.952556 0.212310 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:39.194706 0.717091 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/20 19:45:43.143225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:45:46.592438 3.000885 tcp 10.0.2.109 64378 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:45:55.590889 0.000000 tcp 10.0.2.109 64378 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:45:59.145912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:46:01.591202 0.033058 tcp 10.0.2.109 64379 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:46:01.624503 0.031809 tcp 10.0.2.109 64380 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:46:01.656579 0.125831 tcp 10.0.2.109 64381 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:46:01.796141 2.997805 tcp 10.0.2.109 64382 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:46:10.792533 0.000000 tcp 10.0.2.109 64382 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:46:16.792089 0.031276 tcp 10.0.2.109 64383 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:46:16.823644 0.031525 tcp 10.0.2.109 64384 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:46:16.855493 0.123879 tcp 10.0.2.109 64385 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:46:16.989430 3.009194 tcp 10.0.2.109 64386 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:46:25.994760 0.000000 tcp 10.0.2.109 64386 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:46:31.152594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:46:31.983324 3.004331 tcp 10.0.2.109 64387 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:46:40.995978 0.000000 tcp 10.0.2.109 64387 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:51:46.986905 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 19:51:46.987061 2.993237 tcp 10.0.2.109 64388 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:51:55.979343 0.000000 tcp 10.0.2.109 64388 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:52:01.989623 0.031758 tcp 10.0.2.109 64389 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:52:02.021642 0.032777 tcp 10.0.2.109 64390 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:52:02.054786 0.121886 tcp 10.0.2.109 64391 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:52:02.187832 3.004845 tcp 10.0.2.109 64392 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:52:11.190987 0.000000 tcp 10.0.2.109 64392 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:52:17.180328 0.031056 tcp 10.0.2.109 64393 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:52:17.211742 0.031729 tcp 10.0.2.109 64394 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:52:17.243755 0.121799 tcp 10.0.2.109 64395 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:52:17.380248 3.006386 tcp 10.0.2.109 64396 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:52:26.382912 0.000000 tcp 10.0.2.109 64396 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:52:32.381637 3.004148 tcp 10.0.2.109 64397 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:52:41.384477 0.000000 tcp 10.0.2.109 64397 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:54:24.165059 3.003599 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 19:54:31.172226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:54:39.173794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:54:55.177882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:55:27.187806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 19:57:47.385132 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 19:57:47.385295 2.993759 tcp 10.0.2.109 64398 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:57:56.387268 0.000000 tcp 10.0.2.109 64398 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:58:02.387350 0.032478 tcp 10.0.2.109 64399 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:58:02.420103 0.032200 tcp 10.0.2.109 64400 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:58:02.452648 0.123022 tcp 10.0.2.109 64401 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:58:02.586726 2.993497 tcp 10.0.2.109 64402 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:58:11.579027 0.000000 tcp 10.0.2.109 64402 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:58:17.589870 0.030920 tcp 10.0.2.109 64403 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:58:17.621054 0.031970 tcp 10.0.2.109 64404 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:58:17.653239 0.118926 tcp 10.0.2.109 64405 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 19:58:17.783039 2.995002 tcp 10.0.2.109 64406 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:58:26.770759 0.000000 tcp 10.0.2.109 64406 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:58:32.769535 3.004364 tcp 10.0.2.109 64407 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 19:58:41.774189 0.000000 tcp 10.0.2.109 64407 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:01:52.198795 3.001895 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 20:01:59.212576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:02:07.207797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:02:23.210802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:02:55.219186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:03:47.773234 0.000220 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 20:03:47.773563 3.003120 tcp 10.0.2.109 64408 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:03:56.774924 0.000000 tcp 10.0.2.109 64408 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:04:02.775411 0.031666 tcp 10.0.2.109 64409 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:04:02.807336 0.033027 tcp 10.0.2.109 64410 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:04:02.840686 0.124019 tcp 10.0.2.109 64411 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:04:02.974968 2.993666 tcp 10.0.2.109 64412 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:04:11.977081 0.000000 tcp 10.0.2.109 64412 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:04:17.976504 0.031216 tcp 10.0.2.109 64413 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:04:18.008065 0.031762 tcp 10.0.2.109 64414 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:04:18.040088 0.122711 tcp 10.0.2.109 64415 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:04:18.173728 2.996590 tcp 10.0.2.109 64416 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:04:27.169099 0.000000 tcp 10.0.2.109 64416 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:04:33.168046 3.003853 tcp 10.0.2.109 64417 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:04:42.171832 0.000000 tcp 10.0.2.109 64417 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:09:06.222729 3.005785 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 20:09:13.230303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:09:21.231909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:09:37.234916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:10:09.240919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:15:51.786302 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 20:15:51.786464 0.129310 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:51.913897 0.154988 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:52.058940 0.079819 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:52.140594 0.164539 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:52.282470 0.135437 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:52.426381 0.135229 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:52.551704 0.083169 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:52.615597 0.073457 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2524 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:52.678697 0.193189 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:52.864328 0.364976 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:53.225008 0.116336 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:53.305960 0.172931 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:53.467160 0.165240 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:53.628280 0.168792 rtcp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:53.798400 0.064193 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:53.843718 0.145724 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:53.981419 0.238225 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:54.183637 0.318022 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:54.500328 0.304353 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:54.805734 0.167730 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:54.974785 0.096012 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:55.092599 0.219212 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:55.301580 0.368688 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:15:55.671492 0.000000 udp 10.0.2.109 3683 -> 118.107.133.21 4717 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 20:16:03.210494 3.003566 tcp 10.0.2.109 64418 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:16:12.212465 0.000000 tcp 10.0.2.109 64418 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:16:12.775488 0.031631 tcp 10.0.2.109 64419 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:16:12.807362 0.031935 tcp 10.0.2.109 64420 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:16:12.839635 0.126616 tcp 10.0.2.109 64421 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:16:12.966848 1.484846 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:16:13.246600 3.002152 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 20:16:13.531240 0.442717 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:16:13.994225 0.140851 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:16:18.211975 0.031078 tcp 10.0.2.109 64422 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:16:18.243295 0.033767 tcp 10.0.2.109 64423 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:16:18.277362 0.121318 tcp 10.0.2.109 64424 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:16:18.412285 3.006281 tcp 10.0.2.109 64425 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:16:20.254934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:16:27.414688 0.000000 tcp 10.0.2.109 64425 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:16:28.256347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:16:33.413739 0.030545 tcp 10.0.2.109 64426 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:16:33.444552 0.032937 tcp 10.0.2.109 64427 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:16:33.477795 0.126478 tcp 10.0.2.109 64428 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:16:33.622747 3.005239 tcp 10.0.2.109 64429 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:16:42.635926 0.000000 tcp 10.0.2.109 64429 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:16:44.258776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:16:48.615149 2.994270 tcp 10.0.2.109 64430 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:16:57.607848 0.000000 tcp 10.0.2.109 64430 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:17:16.265001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:22:03.620331 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 20:22:03.620437 3.001766 tcp 10.0.2.109 64431 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:22:12.621022 0.000000 tcp 10.0.2.109 64431 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:22:18.620947 0.032124 tcp 10.0.2.109 64432 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:22:18.653343 0.031862 tcp 10.0.2.109 64433 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:22:18.685498 0.125621 tcp 10.0.2.109 64434 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:22:18.829798 3.003943 tcp 10.0.2.109 64435 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:22:27.835258 0.000000 tcp 10.0.2.109 64435 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:22:33.832002 0.030489 tcp 10.0.2.109 64436 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:22:33.862775 0.032293 tcp 10.0.2.109 64437 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:22:33.895322 0.125098 tcp 10.0.2.109 64438 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:22:34.035939 3.000154 tcp 10.0.2.109 64439 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:22:43.034713 0.000000 tcp 10.0.2.109 64439 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:22:49.033364 3.007371 tcp 10.0.2.109 64440 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:22:58.046138 0.000000 tcp 10.0.2.109 64440 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:23:20.271109 3.006724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 20:23:27.278040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:23:35.279625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:23:51.283696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:24:23.288684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:28:04.037009 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 20:28:04.037116 2.993313 tcp 10.0.2.109 64441 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:28:13.029284 0.000000 tcp 10.0.2.109 64441 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:28:19.039975 0.032492 tcp 10.0.2.109 64442 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:28:19.072797 0.031332 tcp 10.0.2.109 64443 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:28:19.104414 0.123276 tcp 10.0.2.109 64444 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:28:19.243998 2.998627 tcp 10.0.2.109 64445 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:28:28.240846 0.000000 tcp 10.0.2.109 64445 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:28:34.240284 0.030607 tcp 10.0.2.109 64446 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:28:34.271135 0.032287 tcp 10.0.2.109 64447 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:28:34.303678 0.125910 tcp 10.0.2.109 64448 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:28:34.439221 3.005240 tcp 10.0.2.109 64449 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:28:43.442516 0.000000 tcp 10.0.2.109 64449 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:28:49.431639 3.004081 tcp 10.0.2.109 64450 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:28:58.434561 0.000000 tcp 10.0.2.109 64450 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:30:27.296031 3.001641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 20:30:34.302644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:30:42.303692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:30:58.306804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:31:30.313064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:34:04.435048 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 20:34:04.435273 2.993236 tcp 10.0.2.109 64451 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:34:13.437259 0.000000 tcp 10.0.2.109 64451 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:34:19.437753 0.032203 tcp 10.0.2.109 64452 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:34:19.470403 0.032452 tcp 10.0.2.109 64453 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:34:19.503100 0.125174 tcp 10.0.2.109 64454 -> 195.113.214.249 443 SRPA* 0 0 41 22488 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:34:19.639460 3.005509 tcp 10.0.2.109 64455 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:34:28.667048 0.000000 tcp 10.0.2.109 64455 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:34:34.638386 0.031679 tcp 10.0.2.109 64456 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:34:34.670302 0.032930 tcp 10.0.2.109 64457 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:34:34.703491 0.128104 tcp 10.0.2.109 64458 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:34:34.842810 2.999656 tcp 10.0.2.109 64459 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:34:43.840839 0.000000 tcp 10.0.2.109 64459 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:34:49.850597 2.993159 tcp 10.0.2.109 64460 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:34:58.846566 0.000000 tcp 10.0.2.109 64460 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:37:34.319672 3.000799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 20:37:41.326065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:37:49.327957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:38:05.335399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:38:37.337366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:44:41.343241 3.001202 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 20:44:48.350369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:44:56.352030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:45:12.355191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:45:44.360518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:46:22.045552 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 20:46:22.045753 0.000000 udp 10.0.2.109 3683 -> 118.107.133.21 4717 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 20:46:40.072491 0.031824 tcp 10.0.2.109 64461 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:46:40.104574 0.032374 tcp 10.0.2.109 64462 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:46:40.137229 0.125071 tcp 10.0.2.109 64463 -> 195.113.214.249 443 SRPA* 0 0 47 43036 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:46:40.263146 0.154487 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:40.410037 0.074376 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:40.492583 0.169076 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:40.636355 0.148475 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:40.780510 0.134993 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:40.906862 0.083072 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:40.972474 0.072044 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:41.026379 0.129739 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:41.154422 0.123932 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:41.244175 0.171288 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:41.405060 0.164217 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:41.565892 0.167005 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:41.741606 0.353099 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:42.090760 0.187120 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:42.270610 0.238656 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:42.474018 0.316304 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:42.789004 0.304259 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:43.114498 0.063142 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:43.161392 0.147388 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:43.301112 0.218692 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:43.511073 0.354173 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:43.867038 0.167238 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:44.035507 0.095080 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:44.108053 1.082054 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:44.711344 0.421928 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:45.154359 0.158320 rtp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/20 20:46:49.885141 2.994177 tcp 10.0.2.109 64464 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:46:58.877630 0.000000 tcp 10.0.2.109 64464 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:47:04.887257 0.031631 tcp 10.0.2.109 64465 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:47:04.919155 0.032172 tcp 10.0.2.109 64466 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:47:04.951590 0.123922 tcp 10.0.2.109 64467 -> 195.113.214.249 443 SRPA* 0 0 33 18722 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:47:05.085247 2.999493 tcp 10.0.2.109 64468 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:47:14.079705 0.000000 tcp 10.0.2.109 64468 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:47:20.079230 0.030979 tcp 10.0.2.109 64469 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:47:20.110056 0.032439 tcp 10.0.2.109 64470 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:47:20.142827 0.123549 tcp 10.0.2.109 64471 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:47:20.291771 3.001127 tcp 10.0.2.109 64472 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:47:29.291610 0.000000 tcp 10.0.2.109 64472 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:47:35.290399 3.004325 tcp 10.0.2.109 64473 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:47:44.304614 0.000000 tcp 10.0.2.109 64473 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:52:50.293530 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 20:52:50.293723 3.003644 tcp 10.0.2.109 64474 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:52:59.305982 0.000000 tcp 10.0.2.109 64474 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:53:05.296319 0.031675 tcp 10.0.2.109 64475 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:53:05.328269 0.031662 tcp 10.0.2.109 64476 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:53:05.360262 0.126132 tcp 10.0.2.109 64477 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:53:05.499565 2.999719 tcp 10.0.2.109 64478 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:53:14.497936 0.000000 tcp 10.0.2.109 64478 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:53:20.497482 0.031895 tcp 10.0.2.109 64479 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:53:20.529263 0.032139 tcp 10.0.2.109 64480 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:53:20.561742 0.123563 tcp 10.0.2.109 64481 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:53:20.695376 2.995674 tcp 10.0.2.109 64482 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:53:29.690438 0.000000 tcp 10.0.2.109 64482 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:53:35.688785 3.003709 tcp 10.0.2.109 64483 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:53:44.691035 0.000000 tcp 10.0.2.109 64483 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:54:01.372130 2.997236 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 20:54:08.375373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:54:16.403388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:54:32.379826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:55:04.386537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 20:58:50.712927 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 20:58:50.713069 2.991450 tcp 10.0.2.109 64484 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:58:59.694026 0.000000 tcp 10.0.2.109 64484 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:59:05.700650 0.032367 tcp 10.0.2.109 64485 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:59:05.733367 0.031737 tcp 10.0.2.109 64486 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:59:05.765453 0.134240 tcp 10.0.2.109 64487 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:59:05.916688 3.000695 tcp 10.0.2.109 64488 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:59:14.926369 0.000000 tcp 10.0.2.109 64488 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:59:20.905425 0.031265 tcp 10.0.2.109 64489 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:59:20.937022 0.031755 tcp 10.0.2.109 64490 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:59:20.969103 0.121694 tcp 10.0.2.109 64491 -> 195.113.214.249 443 SRPA* 0 0 23 13372 flow=From-Botnet-V1-TCP-Established 1970/02/20 20:59:21.101371 2.997975 tcp 10.0.2.109 64492 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:59:30.098713 0.000000 tcp 10.0.2.109 64492 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:59:36.098946 2.997663 tcp 10.0.2.109 64493 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 20:59:45.089354 0.000000 tcp 10.0.2.109 64493 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:01:08.391741 3.001864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 21:01:15.402557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:01:23.400727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:01:39.405291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:02:11.409889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:04:51.105091 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 21:04:51.105257 2.999636 tcp 10.0.2.109 64494 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:05:00.103162 0.000000 tcp 10.0.2.109 64494 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:05:06.106717 0.031273 tcp 10.0.2.109 64495 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:05:06.138395 0.031839 tcp 10.0.2.109 64496 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:05:06.170467 0.127266 tcp 10.0.2.109 64497 -> 195.113.214.249 443 SRPA* 0 0 41 22488 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:05:06.320445 2.995203 tcp 10.0.2.109 64498 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:05:15.314255 0.000000 tcp 10.0.2.109 64498 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:05:21.313803 0.030977 tcp 10.0.2.109 64499 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:05:21.345098 0.032073 tcp 10.0.2.109 64500 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:05:21.377457 0.125176 tcp 10.0.2.109 64501 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:05:21.514008 3.004330 tcp 10.0.2.109 64502 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:05:30.525984 0.000000 tcp 10.0.2.109 64502 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:05:36.514831 2.994351 tcp 10.0.2.109 64503 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:05:45.507679 0.000000 tcp 10.0.2.109 64503 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:08:22.417515 3.000187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 21:08:29.423216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:08:37.425280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:08:53.427860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:09:25.434007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:15:29.440454 3.001305 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 21:15:36.447440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:15:44.449088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:16:00.451803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:16:32.457888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:17:05.215617 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 21:17:05.215806 0.166609 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:05.359403 0.143588 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:05.498899 0.158995 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:05.649598 0.078467 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:05.730246 0.138693 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:05.858855 0.084879 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:05.926651 0.070472 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:05.979696 0.129080 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:06.106607 0.126583 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:06.198229 0.177344 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:06.364439 0.164762 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:06.526370 0.167286 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:06.559262 3.001698 tcp 10.0.2.109 64504 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:17:06.694372 0.352866 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 1999 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:07.043857 0.187541 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:07.223908 0.246086 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:07.431418 0.338411 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:07.771116 0.143590 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:07.910419 0.219405 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:08.120900 0.310020 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:08.444091 0.059274 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:08.488019 0.352147 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:08.851449 0.166111 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:09.018921 0.092428 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:09.123507 0.666823 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:09.571198 0.431057 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:10.019207 0.134462 rtp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:17:15.559881 0.000000 tcp 10.0.2.109 64504 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:17:21.560089 0.032290 tcp 10.0.2.109 64505 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:17:21.592660 0.032651 tcp 10.0.2.109 64506 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:17:21.625596 0.120111 tcp 10.0.2.109 64507 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:17:21.755719 2.997049 tcp 10.0.2.109 64508 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:17:30.751790 0.000000 tcp 10.0.2.109 64508 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:17:36.751236 0.031578 tcp 10.0.2.109 64509 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:17:36.783199 0.032408 tcp 10.0.2.109 64510 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:17:36.815913 0.127555 tcp 10.0.2.109 64511 -> 195.113.214.249 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:17:36.952849 3.001993 tcp 10.0.2.109 64512 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:17:45.953382 0.000000 tcp 10.0.2.109 64512 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:17:51.951966 3.004621 tcp 10.0.2.109 64513 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:18:00.956002 0.000000 tcp 10.0.2.109 64513 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:22:36.464060 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 21:22:43.471259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:22:51.473223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:23:06.955451 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 21:23:06.955601 2.993705 tcp 10.0.2.109 64514 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:23:07.475625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:23:15.948729 0.000000 tcp 10.0.2.109 64514 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:23:21.958599 0.032719 tcp 10.0.2.109 64515 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:23:21.991602 0.032974 tcp 10.0.2.109 64516 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:23:22.024863 0.126425 tcp 10.0.2.109 64517 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:23:22.161792 2.999259 tcp 10.0.2.109 64518 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:23:31.159724 0.000000 tcp 10.0.2.109 64518 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:23:37.159301 0.030527 tcp 10.0.2.109 64519 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:23:37.190135 0.031595 tcp 10.0.2.109 64520 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:23:37.222012 0.126935 tcp 10.0.2.109 64521 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:23:37.391160 3.002016 tcp 10.0.2.109 64522 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:23:39.481807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:23:46.391673 0.000000 tcp 10.0.2.109 64522 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:23:52.390364 3.004412 tcp 10.0.2.109 64523 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:24:01.393411 0.000000 tcp 10.0.2.109 64523 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:29:07.393641 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 21:29:07.393728 3.004079 tcp 10.0.2.109 64524 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:29:16.406342 0.000000 tcp 10.0.2.109 64524 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:29:22.396504 0.033102 tcp 10.0.2.109 64525 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:29:22.429931 0.033098 tcp 10.0.2.109 64526 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:29:22.463285 0.124453 tcp 10.0.2.109 64527 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:29:22.598510 3.001137 tcp 10.0.2.109 64528 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:29:31.597945 0.000000 tcp 10.0.2.109 64528 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:29:37.597161 0.030915 tcp 10.0.2.109 64529 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:29:37.628342 0.032256 tcp 10.0.2.109 64530 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:29:37.660839 0.124899 tcp 10.0.2.109 64531 -> 195.113.214.249 443 SRPA* 0 0 22 12940 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:29:37.795552 2.995859 tcp 10.0.2.109 64532 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:29:43.487831 3.001554 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 21:29:46.789661 0.000000 tcp 10.0.2.109 64532 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:29:50.495275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:29:52.788721 3.016616 tcp 10.0.2.109 64533 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:29:58.504143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:30:01.791356 0.000000 tcp 10.0.2.109 64533 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:30:14.499658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:30:46.505824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:35:07.792305 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 21:35:07.792476 3.003446 tcp 10.0.2.109 64534 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:35:16.794945 0.000000 tcp 10.0.2.109 64534 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:35:22.799624 0.031908 tcp 10.0.2.109 64535 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:35:22.831787 0.032418 tcp 10.0.2.109 64536 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:35:22.864454 0.122243 tcp 10.0.2.109 64537 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:35:23.103789 2.993959 tcp 10.0.2.109 64538 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:35:32.105833 0.000000 tcp 10.0.2.109 64538 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:35:38.095797 0.035645 tcp 10.0.2.109 64539 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:35:38.131802 0.032841 tcp 10.0.2.109 64540 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:35:38.164978 0.126915 tcp 10.0.2.109 64541 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:35:38.307818 3.004316 tcp 10.0.2.109 64542 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:35:47.308563 0.000000 tcp 10.0.2.109 64542 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:35:53.307044 2.994098 tcp 10.0.2.109 64543 -> 5.178.194.36 4983 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:36:02.299654 0.000000 tcp 10.0.2.109 64543 -> 5.178.194.36 4983 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:36:50.512097 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 21:36:57.519359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:37:05.520680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:37:21.523677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:37:53.529724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:43:57.535636 3.001689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 21:44:04.543186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:44:12.544349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:44:28.547647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:45:00.553509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:47:13.424981 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 21:47:13.425091 0.156769 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:13.573899 0.078933 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:13.654228 0.166136 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:13.798084 0.138770 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:13.938414 0.133815 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:14.064039 0.080296 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2021 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:14.125802 0.074599 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:14.183003 0.130262 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:14.311222 0.122632 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:14.398415 0.177993 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:14.564281 0.163431 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:14.724866 0.170053 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:14.901113 0.354611 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:15.251939 0.192741 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:15.436843 0.240654 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:15.642406 0.308186 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:15.949368 0.366616 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:16.329836 0.062343 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:16.376634 0.147184 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:16.516030 0.223033 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:16.728687 0.350408 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:17.097555 0.182713 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2001 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:17.297590 0.091015 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:17.405989 0.689174 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:17.854888 0.444068 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:18.308540 0.135860 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/20 21:47:23.349454 3.003848 tcp 10.0.2.109 64544 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:47:32.354638 0.000000 tcp 10.0.2.109 64544 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/20 21:47:38.352534 0.032105 tcp 10.0.2.109 64545 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:47:38.384932 0.031433 tcp 10.0.2.109 64546 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:47:38.416639 0.124188 tcp 10.0.2.109 64547 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:47:38.557066 0.621233 tcp 10.0.2.109 64548 -> 188.129.248.221 6410 FSPA* 0 0 14 1741 flow=From-Botnet-V1-TCP-Established 1970/02/20 21:51:04.558895 3.002299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 21:51:11.567115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:51:19.568479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:51:35.571714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:52:07.578791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:58:11.584435 3.000703 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 21:58:18.591294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:58:26.592617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:58:42.595424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 21:59:14.601930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:05:28.612054 3.001577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 22:05:35.620422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:05:43.621137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:05:59.624223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:06:31.629842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:12:35.636185 3.001651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 22:12:42.643508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:12:50.644784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:13:06.647964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:13:38.653687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:17:29.205744 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 22:17:29.205910 0.165545 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:29.349950 0.157686 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:29.499723 0.079284 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:29.588056 0.137227 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:29.734372 0.132492 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:29.858875 0.088043 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:29.926779 0.073106 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:29.981336 0.129544 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:30.108902 0.118985 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:30.193012 0.170749 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:30.353082 0.163983 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:30.512850 0.170892 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:30.679179 0.353379 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:31.028419 0.193165 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:31.213923 0.237585 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:31.419668 0.057692 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:31.468157 0.154937 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:31.615507 0.221362 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:31.827180 0.333773 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:32.173381 0.307777 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:32.489312 0.347346 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:32.925701 0.167065 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:33.108769 0.090390 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:33.343955 0.134750 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:33.485246 0.687789 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:34.115275 0.432416 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:17:39.180043 0.492530 tcp 10.0.2.109 64549 -> 188.129.248.221 6410 FSPA* 0 0 14 1542 flow=From-Botnet-V1-TCP-Established 1970/02/20 22:19:42.660533 3.001263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 22:19:49.667228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:19:57.669285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:20:13.671866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:20:45.678691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:26:49.684982 3.000595 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 22:26:56.691374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:27:04.692716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:27:20.695903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:27:52.704767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:33:56.707200 3.002367 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 22:34:03.718826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:34:11.716163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:34:27.720023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:34:59.725851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:41:03.732612 3.001800 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 22:41:10.739234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:41:18.740845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:41:34.743856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:42:06.749820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:47:39.679530 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 22:47:39.679620 0.470631 tcp 10.0.2.109 64550 -> 188.129.248.221 6410 FSPA* 0 0 14 1680 flow=From-Botnet-V1-TCP-Established 1970/02/20 22:48:03.612978 0.000000 udp 10.0.2.109 3683 -> 46.72.160.4 6799 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 22:48:10.755467 3.003057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 22:48:17.762811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:48:21.540538 0.032221 tcp 10.0.2.109 64551 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 22:48:21.573031 0.032338 tcp 10.0.2.109 64552 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 22:48:21.605731 0.134031 tcp 10.0.2.109 64553 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/20 22:48:21.740291 0.136786 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:21.966466 0.165689 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:22.230562 0.154768 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:22.685036 0.133760 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:22.821571 0.084644 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:23.755249 0.077025 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:23.928939 0.128958 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2524 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:25.237628 0.125186 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:25.414311 0.170951 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:25.574191 0.166708 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:25.735996 0.169009 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:25.765623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:48:25.906444 0.354967 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2681 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:26.257149 0.186928 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:26.436600 0.239705 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:26.641992 0.061261 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:26.855177 0.148514 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:26.992472 0.220975 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:27.204598 0.353444 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:27.559886 0.339858 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:27.898656 0.313455 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:28.213581 0.140085 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:28.354956 0.168341 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:28.519544 0.091476 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:28.632758 0.712391 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:29.105743 0.419985 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/20 22:48:41.767755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:49:13.773779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:55:47.783188 3.001263 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 22:55:54.790543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:56:02.791921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:56:18.808614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 22:56:50.801038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:02:54.807392 3.001861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 23:03:01.814417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:03:09.815425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:03:25.818694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:03:57.824966 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:10:01.831299 3.000862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 23:10:08.838604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:10:16.839475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:10:32.842921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:11:04.848815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:17:08.856310 3.000244 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 23:17:15.862053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:17:23.863288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:17:39.866383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:17:40.157652 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 23:17:40.157831 0.464917 tcp 10.0.2.109 64554 -> 188.129.248.221 6410 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/02/20 23:18:11.874228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:18:38.691209 0.000000 udp 10.0.2.109 3683 -> 46.72.160.4 6799 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 23:18:43.369429 0.000132 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 23:18:54.926467 0.032816 tcp 10.0.2.109 64555 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 23:18:54.959525 0.034062 tcp 10.0.2.109 64556 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 23:18:54.993838 0.126540 tcp 10.0.2.109 64557 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/20 23:18:55.121114 0.154715 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:55.268371 0.135701 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:55.438857 0.139541 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:55.582738 0.167875 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:55.724841 0.083102 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:55.791625 0.073423 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:55.847637 0.177456 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:56.014679 0.230490 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:56.242282 0.128948 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:56.369500 0.117954 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:56.452527 0.167842 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:56.635418 0.355091 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:56.987131 0.193533 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:57.171121 0.240676 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:57.375890 0.233585 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:57.599436 0.299704 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:57.900585 0.063210 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:57.946513 0.151468 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:58.093776 0.334167 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:58.426692 0.307592 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:58.735610 0.131885 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:58.868715 0.166014 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:59.055527 0.095610 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:59.152940 0.712205 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:18:59.624975 0.452192 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:24:15.937975 3.002568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 23:24:22.946067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:24:30.947854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:24:46.950840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:25:18.956257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:31:22.962577 3.001543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 23:31:29.970246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:31:37.971796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:31:53.974664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:32:25.980831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:38:29.989277 2.999192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 23:38:36.994063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:38:44.995570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:39:00.998640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:39:33.004753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:45:37.011356 3.001276 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/20 23:45:44.018410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:45:52.019579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:46:08.022751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:46:40.028592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:47:40.686530 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 23:47:40.686697 0.494189 tcp 10.0.2.109 64558 -> 188.129.248.221 6410 FSPA* 0 0 14 1655 flow=From-Botnet-V1-TCP-Established 1970/02/20 23:49:24.652932 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/20 23:49:24.653120 0.139892 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:24.794241 0.166675 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:24.937203 0.081023 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:24.998616 0.159342 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:25.150290 0.137738 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:25.276336 0.071907 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:25.330869 0.179012 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:25.497191 0.164239 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:25.658281 0.128632 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:25.785741 0.120828 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:25.871680 0.168450 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:26.047742 0.353125 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:26.428717 0.186175 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:26.607138 0.237696 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:26.809368 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/20 23:49:45.409754 0.032436 tcp 10.0.2.109 64559 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/20 23:49:45.442472 0.032583 tcp 10.0.2.109 64560 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/20 23:49:45.475431 0.134561 tcp 10.0.2.109 64561 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/20 23:49:45.610601 0.145895 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:45.752316 0.333109 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:46.086641 0.305776 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:46.403831 0.310823 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:46.715273 0.069747 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:46.768278 0.219743 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2575 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:46.998203 0.166567 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:47.165429 0.094286 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:47.264301 0.560834 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:49:47.725348 0.433362 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/20 23:54:32.039912 3.001843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/20 23:54:39.047508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:54:47.048902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:55:03.052174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/20 23:55:35.068471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:02:00.074290 3.001776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 00:02:07.081801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:02:15.093856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:02:31.085700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:03:03.092233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:09:13.106491 3.001936 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 00:09:20.114427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:09:28.115593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:09:44.118758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:10:16.124812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:16:20.131312 3.001329 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 00:16:27.137775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:16:35.139581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:16:51.143093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:17:23.148771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:17:41.185262 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:17:41.185417 0.587067 tcp 10.0.2.109 64562 -> 188.129.248.221 6410 FSPA* 0 0 14 1506 flow=From-Botnet-V1-TCP-Established 1970/02/21 00:20:00.885615 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:20:00.885721 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:20:17.903831 0.032088 tcp 10.0.2.109 64563 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 00:20:17.936192 0.032418 tcp 10.0.2.109 64564 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 00:20:17.968919 0.125387 tcp 10.0.2.109 64565 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/21 00:20:18.094886 0.142593 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:18.233051 4.840588 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 14 5233 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:18.295120 4.915455 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 9 3108 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:18.447314 4.913961 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 7 2343 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:18.574651 0.070462 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2556 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:18.626297 0.173132 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:18.788136 0.168937 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:18.933169 0.128799 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:19.060813 0.114347 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:19.142270 0.170216 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:19.309598 0.187261 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:19.487765 0.242268 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:19.692412 0.351927 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:20.040715 0.168176 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:20.210169 0.148076 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:20.352833 0.287799 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:20.652190 0.207521 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:20.842913 0.310804 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:21.154968 0.310540 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:21.466524 0.147902 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:21.615826 0.166169 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:21.791435 0.100960 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:21.933957 0.734550 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:22.428090 0.446803 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:23.360848 0.010443 rtp 10.0.2.109 3683 <- 74.56.71.57 7892 RSP 0 0 5 1928 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:20:23.488998 0.138427 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 7 2911 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:23.617823 0.098101 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3105 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:23.700515 0.333133 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 8 3129 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:24.025755 0.279433 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 8 2954 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:24.313891 0.309453 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 8 3297 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:24.597961 0.256667 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 8 3188 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:24.853047 0.202168 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 8 3112 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:25.022328 0.323145 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 2936 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:25.342541 0.360200 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 2872 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:25.696429 0.447738 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 8 3096 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:26.109748 0.702154 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 2757 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:26.808336 0.335471 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 8 3021 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:27.145452 0.281994 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 2944 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:27.422845 0.575956 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 8 3029 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:28.000185 0.119448 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 8 3171 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:28.102049 0.618395 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 8 2939 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:28.729134 0.258330 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 8 3059 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:28.988951 0.331929 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 8 3116 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:29.322395 0.647069 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 3020 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:29.971265 1.336135 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 8 3461 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:31.027746 0.898066 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 8 3024 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:31.928430 0.172695 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 8 3176 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:20:32.084467 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 REQ 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:20:39.511251 0.000000 udp 10.0.2.109 3683 -> 93.221.238.64 9257 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:20:46.761773 0.000000 udp 10.0.2.109 3683 -> 110.164.197.1 8312 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:20:53.701774 0.000000 udp 10.0.2.109 3683 -> 58.211.29.98 8870 INT 0 1 128 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:21:02.044017 0.323412 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 8 2981 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:21:02.338244 0.000000 udp 10.0.2.109 3683 -> 174.59.3.165 8764 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:21:06.920763 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:21:09.193754 0.000000 udp 10.0.2.109 3683 -> 166.127.174.149 8726 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:21:17.066312 0.000000 udp 10.0.2.109 3683 -> 92.3.136.187 8321 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:21:26.008131 0.000000 udp 10.0.2.109 3683 -> 80.98.148.50 3394 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:21:33.419786 0.000000 udp 10.0.2.109 3683 -> 87.13.159.108 3975 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:21:40.218795 0.000000 udp 10.0.2.109 3683 -> 223.218.229.127 2238 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:21:46.658040 0.000000 udp 10.0.2.109 3683 -> 121.8.180.252 3358 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:21:51.424573 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:21:54.109944 0.000000 udp 10.0.2.109 3683 -> 79.210.37.23 2613 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:22:02.900919 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:22:09.460788 0.000000 udp 10.0.2.109 3683 -> 184.59.68.140 3482 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:22:18.183179 0.000000 udp 10.0.2.109 3683 -> 68.40.52.39 3708 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:22:26.535108 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:22:32.887809 0.000000 udp 10.0.2.109 3683 -> 88.247.111.236 9478 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:22:37.313459 0.000000 udp 10.0.2.109 3683 <- 79.236.156.198 8699 RSP 0 0 1 547 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:22:37.420535 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:22:39.673892 0.000000 udp 10.0.2.109 3683 -> 80.111.142.169 1551 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:22:48.533088 0.000000 udp 10.0.2.109 3683 -> 218.38.255.190 3980 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:22:54.308720 0.000000 udp 10.0.2.109 3683 -> 95.232.3.46 5104 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:00.363485 0.000000 udp 10.0.2.109 3683 -> 188.153.125.135 7902 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:07.874803 0.000000 udp 10.0.2.109 3683 -> 114.79.2.122 3279 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:14.434562 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:20.212214 0.068885 udp 10.0.2.109 3683 -> 87.182.183.2 3558 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:20.281099 0.000000 icmp 87.182.183.2 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 263 flow=Background 1970/02/21 00:23:24.928660 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:23:26.531375 0.000000 udp 10.0.2.109 3683 -> 82.148.206.114 7055 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:27.155239 3.004096 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 00:23:32.670195 0.099607 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3300 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:23:32.945716 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:34.162395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:23:38.117973 0.106894 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3017 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:23:38.261438 0.000000 udp 10.0.2.109 3683 -> 88.217.140.237 9117 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:42.164363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:23:44.696837 0.000000 udp 10.0.2.109 3683 -> 86.98.85.215 6163 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:51.661728 0.000000 udp 10.0.2.109 3683 -> 190.99.48.118 3489 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:57.370170 0.000000 udp 10.0.2.109 3683 -> 103.29.117.219 4891 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:23:58.166931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:24:03.585557 0.000000 udp 10.0.2.109 3683 -> 42.3.12.153 1011 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:24:11.676079 0.065259 udp 10.0.2.109 3683 -> 89.118.6.250 1026 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:24:11.741338 0.000000 icmp 89.118.6.250 0x0303 -> 10.0.2.109 0x0204 URP 192 1 210 flow=Background 1970/02/21 00:24:16.427039 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:24:16.767073 0.000000 udp 10.0.2.109 3683 -> 69.119.25.96 8047 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:24:22.516819 0.366506 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 8 3324 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:24:22.900040 0.000000 udp 10.0.2.109 3683 -> 84.130.197.202 8279 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:24:29.968647 0.298605 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3065 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:24:30.188446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:24:30.251522 0.000000 udp 10.0.2.109 3683 -> 125.255.23.188 7412 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:24:37.617620 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:24:45.104129 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:24:52.389168 0.000000 udp 10.0.2.109 3683 -> 14.222.65.192 1354 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:25:01.388015 0.000000 udp 10.0.2.109 3683 -> 110.172.129.210 5179 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:25:05.929096 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:25:07.617974 0.000000 udp 10.0.2.109 3683 -> 41.130.220.55 9515 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:25:16.078894 0.000000 udp 10.0.2.109 3683 -> 122.174.172.72 8166 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:25:22.898575 0.000000 udp 10.0.2.109 3683 -> 37.232.126.163 1737 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:25:31.662299 0.790736 udp 10.0.2.109 3683 <-> 213.120.97.56 3039 CON 0 0 14 5783 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:25:32.396455 0.000000 udp 10.0.2.109 3683 -> 71.59.17.102 9091 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:25:37.709995 0.000000 udp 10.0.2.109 3683 -> 212.47.167.25 3494 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:25:42.827116 0.000000 udp 10.0.2.109 3683 -> 124.219.24.100 4457 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:25:51.319626 0.000000 udp 10.0.2.109 3683 -> 81.74.145.38 7067 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:25:55.925866 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:25:59.912077 0.000000 udp 10.0.2.109 3683 -> 83.236.167.242 4034 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:26:08.884519 0.000000 udp 10.0.2.109 3683 -> 81.12.203.214 6964 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:26:16.775475 0.000000 udp 10.0.2.109 3683 -> 95.232.91.114 3720 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:26:24.206895 0.000000 udp 10.0.2.109 3683 -> 94.86.169.242 4073 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:26:30.866316 0.000000 udp 10.0.2.109 3683 -> 80.152.192.80 2060 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:26:37.039412 0.221989 udp 10.0.2.109 3683 -> 79.175.180.6 5117 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:26:37.261401 0.000000 icmp 79.175.180.6 0x0303 -> 10.0.2.109 0xfd13 URP 192 1 314 flow=Background 1970/02/21 00:26:41.927148 0.000126 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:26:42.486494 0.000000 udp 10.0.2.109 3683 -> 172.5.132.131 1928 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:26:49.473551 0.000000 udp 10.0.2.109 3683 -> 5.87.94.78 1842 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:26:57.304657 0.000000 udp 10.0.2.109 3683 -> 80.3.208.14 4300 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:27:04.645025 0.000000 udp 10.0.2.109 3683 -> 66.64.32.179 3377 INT 0 1 283 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:27:11.354632 0.000000 udp 10.0.2.109 3683 -> 87.246.251.13 8842 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:27:17.643582 0.000000 udp 10.0.2.109 3683 -> 94.66.199.211 6063 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:27:24.443356 0.075724 udp 10.0.2.109 3683 -> 41.224.87.214 8167 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:27:24.519080 0.000000 icmp 41.224.87.214 0x0303 -> 10.0.2.109 0xe71f URP 192 1 122 flow=Background 1970/02/21 00:27:29.420364 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:27:29.771021 0.000000 udp 10.0.2.109 3683 -> 103.29.117.244 2628 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:27:35.379541 0.530392 udp 10.0.2.109 3683 <-> 120.36.153.182 2114 CON 0 0 8 2908 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:27:35.983750 0.000000 udp 10.0.2.109 3683 -> 184.2.229.139 7193 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:27:41.027530 0.000000 udp 10.0.2.109 3683 -> 98.195.107.32 1189 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:27:46.885495 0.000000 udp 10.0.2.109 3683 -> 188.158.108.163 6997 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:27:54.957441 0.493851 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 8 2925 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:27:55.488878 0.169523 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 8 3011 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:27:55.651682 0.184493 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 8 3095 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:27:55.816348 0.000000 udp 10.0.2.109 3683 -> 81.136.193.115 6443 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:28:00.905682 0.000000 udp 10.0.2.109 3683 -> 116.14.168.239 2170 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:28:08.566430 0.000000 udp 10.0.2.109 3683 -> 184.177.21.61 2469 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:28:15.216593 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:28:19.923107 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:28:20.834818 0.000000 udp 10.0.2.109 3683 -> 78.7.191.122 4300 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:28:27.514060 0.000000 udp 10.0.2.109 3683 -> 59.120.231.115 2002 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:28:34.814804 0.888376 udp 10.0.2.109 3683 <-> 220.241.89.237 1736 CON 0 0 8 3385 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:28:35.740623 0.000000 udp 10.0.2.109 3683 -> 183.5.23.93 4157 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:28:42.176869 0.814909 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 8 2904 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:28:42.828172 0.000000 udp 10.0.2.109 3683 -> 79.4.136.148 7000 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:28:47.878864 0.000000 udp 10.0.2.109 3683 -> 84.62.24.19 8768 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:28:53.391580 0.000000 udp 10.0.2.109 3683 -> 186.6.63.221 2209 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:29:00.381536 0.000000 udp 10.0.2.109 3683 -> 66.15.102.33 9714 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:29:04.927543 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:29:09.114220 0.000000 udp 10.0.2.109 3683 -> 195.120.143.58 5286 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:29:17.275767 0.000000 udp 10.0.2.109 3683 -> 122.168.61.28 2843 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:29:22.383220 0.000000 udp 10.0.2.109 3683 -> 87.1.56.97 6708 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:29:28.832117 0.000000 udp 10.0.2.109 3683 -> 196.0.0.197 5081 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:29:34.997728 0.000000 udp 10.0.2.109 3683 -> 175.100.128.216 6891 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:29:41.781018 0.000000 udp 10.0.2.109 3683 -> 188.245.103.129 1710 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:29:49.693575 0.000000 udp 10.0.2.109 3683 -> 94.171.183.121 9207 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:29:54.429239 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:29:54.949903 0.851567 udp 10.0.2.109 3683 <-> 1.234.161.86 1251 CON 0 0 8 3268 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:29:55.820802 0.000000 udp 10.0.2.109 3683 -> 101.0.62.66 5354 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:30:01.939759 0.586970 udp 10.0.2.109 3683 <-> 14.97.21.94 7414 CON 0 0 8 3152 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:30:02.440620 0.000000 udp 10.0.2.109 3683 -> 88.248.137.7 3065 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:30:11.323268 0.296059 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 8 2962 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:30:11.628344 0.340578 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 3068 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:30:12.018252 0.000000 udp 10.0.2.109 3683 -> 213.92.100.18 9456 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:30:20.676866 0.000000 udp 10.0.2.109 3683 -> 46.1.215.6 5849 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:30:28.287922 0.000000 udp 10.0.2.109 3683 -> 220.233.200.234 1025 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:30:34.179134 3.001216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 00:30:36.168901 0.515549 rtp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 8 2918 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:30:36.656818 0.000000 udp 10.0.2.109 3683 -> 123.243.244.215 3396 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:30:40.925672 0.000134 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:30:41.186512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:30:42.528373 0.000000 udp 10.0.2.109 3683 -> 119.75.5.242 2492 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:30:49.187683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:30:50.680074 0.363435 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 8 2873 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:30:51.067128 0.000000 udp 10.0.2.109 3683 -> 91.216.95.160 1098 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:30:57.189432 0.000000 udp 10.0.2.109 3683 -> 59.97.97.226 4572 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:31:02.596743 0.000000 udp 10.0.2.109 3683 -> 68.3.117.190 5866 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:31:05.190619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:31:10.228250 0.084760 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 8 2834 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:31:10.340739 0.000000 udp 10.0.2.109 3683 -> 114.38.50.197 7647 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:31:17.898908 0.125984 rtp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 8 3117 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:31:18.027067 0.000000 udp 10.0.2.109 3683 -> 77.92.231.157 4539 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:31:23.266849 0.000000 udp 10.0.2.109 3683 -> 114.39.0.224 4563 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:31:27.923129 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:31:29.225319 0.000000 udp 10.0.2.109 3683 -> 86.98.93.78 4997 INT 0 1 302 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:31:37.198747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:31:37.919442 0.000000 udp 10.0.2.109 3683 -> 171.100.83.31 2538 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:31:43.288799 0.000000 udp 10.0.2.109 3683 -> 203.59.48.34 2803 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:31:49.003822 0.000000 udp 10.0.2.109 3683 -> 37.232.50.126 4810 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:31:56.775204 0.000000 udp 10.0.2.109 3683 -> 173.212.23.63 4864 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:32:02.063035 0.000000 udp 10.0.2.109 3683 -> 64.55.176.197 8440 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:32:07.736487 0.000000 udp 10.0.2.109 3683 -> 71.183.43.197 6928 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:32:12.427380 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:32:15.472097 0.112896 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 8 3262 flow=From-Botnet-V1-UDP-Established 1970/02/21 00:32:15.630286 0.000000 udp 10.0.2.109 3683 -> 82.77.85.139 2098 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:32:21.951219 0.000000 udp 10.0.2.109 3683 -> 85.74.4.79 7075 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:32:30.313218 0.000000 udp 10.0.2.109 3683 -> 117.196.228.77 4109 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:32:36.191633 0.000000 udp 10.0.2.109 3683 -> 182.18.222.117 7816 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 00:37:41.202661 3.003113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 00:37:48.209993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:37:56.211681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:38:12.225106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:38:44.220703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:44:48.226733 3.001345 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 00:44:55.234207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:45:03.235659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:45:19.243851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:45:51.244872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:47:41.773334 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 00:47:41.773575 0.514910 tcp 10.0.2.109 64566 -> 188.129.248.221 6410 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/02/21 00:54:08.252018 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 00:54:15.259250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:54:23.260792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:54:39.263609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 00:55:11.273734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:01:15.275512 3.001926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 01:01:22.283306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:01:30.284518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:01:46.288137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:02:18.293851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:03:05.952388 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 01:03:05.952572 0.318787 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:06.259458 0.071374 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:06.366725 0.081239 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:06.429844 0.138183 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:06.560335 0.171307 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:06.719735 0.135676 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:06.869913 0.170587 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:07.016235 0.128656 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:07.143586 0.191979 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:07.328477 0.130192 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:07.421778 0.164661 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:07.582720 0.242839 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:07.792207 0.353917 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:08.142280 0.170145 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:08.318660 0.152159 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:08.463173 0.298347 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:08.769570 0.061446 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:08.814528 0.307148 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:09.123159 0.165863 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:09.294758 0.139076 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:09.439582 0.333882 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:09.772186 0.740268 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:10.312140 0.445731 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:10.759311 0.097680 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:10.832979 0.103573 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:10.895164 0.050467 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:10.961972 0.052411 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:11.025460 0.188394 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:11.205765 0.159938 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:11.343990 0.444817 udp 10.0.2.109 3683 <-> 213.120.97.56 3039 CON 0 0 11 4483 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:11.700899 0.320544 udp 10.0.2.109 3683 <-> 120.36.153.182 2114 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:12.030578 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 01:03:31.020569 0.054902 tcp 10.0.2.109 64567 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:03:31.075755 0.034635 tcp 10.0.2.109 64568 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:03:31.110710 0.115719 tcp 10.0.2.109 64569 -> 195.113.214.249 443 SRPA* 0 0 33 25368 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:03:31.227014 0.110474 rtp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:31.296929 1.316629 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:32.577710 0.315317 udp 10.0.2.109 3683 <-> 220.241.89.237 1736 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:32.891123 0.601979 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:33.315055 0.000000 udp 10.0.2.109 3683 -> 1.234.161.86 1251 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 01:03:51.347852 0.051929 tcp 10.0.2.109 64570 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:03:51.400072 0.033648 tcp 10.0.2.109 64571 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:03:51.433589 0.147243 tcp 10.0.2.109 64572 -> 195.113.214.249 443 SRPA* 0 0 49 29602 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:03:51.579780 0.391872 udp 10.0.2.109 3683 <-> 14.97.21.94 7414 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:51.893812 0.151029 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:52.043495 0.183691 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:52.202839 0.274767 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:52.433146 0.190298 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:52.607820 0.045210 rtp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:52.675284 0.074175 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:03:52.733389 0.054679 udp 10.0.2.109 3683 <-> 176.73.51.253 5060 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:08:29.300391 3.002874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 01:08:36.307093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:08:44.309333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:09:00.313181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:09:32.318639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:15:36.324792 3.000796 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 01:15:43.342409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:15:51.332746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:16:07.339680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:16:39.341911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:17:42.292772 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 01:17:42.292922 0.622023 tcp 10.0.2.109 64573 -> 188.129.248.221 6410 FSPA* 0 0 14 1723 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:22:43.347276 3.002213 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 01:22:50.355147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:22:58.364372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:23:14.359707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:23:46.365742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:29:50.372280 3.001312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 01:29:57.379740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:30:05.380730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:30:21.383737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:30:53.389827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:34:08.841332 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 01:34:08.841693 0.223681 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:09.078242 0.000000 udp 10.0.2.109 3683 -> 1.234.161.86 1251 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 01:34:24.927156 0.053067 tcp 10.0.2.109 64574 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:34:24.980534 0.033950 tcp 10.0.2.109 64575 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:34:25.014807 0.157308 tcp 10.0.2.109 64576 -> 195.113.214.249 443 SRPA* 0 0 40 21978 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:34:25.172573 0.082356 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:25.237018 0.073257 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:25.309366 0.144115 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:25.445247 0.167842 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:25.591467 0.173404 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:25.753646 0.144205 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:25.889907 0.140322 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:26.049192 0.165735 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:26.211443 0.128820 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:26.338877 0.191815 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:26.523788 0.122534 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:26.609904 0.167748 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:26.779138 0.245756 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:26.988091 0.353380 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:27.337580 0.151202 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:27.484281 0.062213 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:27.528683 0.307235 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:27.846086 0.132635 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:27.980256 0.335729 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:28.311217 0.169197 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:28.502090 0.306591 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:28.810048 0.700688 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:29.290530 0.049558 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:29.349268 0.053046 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:29.419011 0.189580 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:29.601521 0.440285 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:30.043574 0.101394 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:30.105150 0.100806 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:30.179858 0.170106 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:30.327579 0.585929 udp 10.0.2.109 3683 <-> 213.120.97.56 3039 CON 0 0 11 4577 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:30.825501 0.000000 udp 10.0.2.109 3683 -> 120.36.153.182 2114 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 01:34:46.465488 0.031480 tcp 10.0.2.109 64577 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:34:46.497204 0.032353 tcp 10.0.2.109 64578 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:34:46.529916 0.137354 tcp 10.0.2.109 64579 -> 195.113.214.249 443 SRPA* 0 0 22 12448 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:34:46.667835 0.106390 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:46.737756 0.731819 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:34:47.435030 0.000000 udp 10.0.2.109 3683 -> 220.241.89.237 1736 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 01:35:02.869208 0.054746 tcp 10.0.2.109 64580 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:35:02.924216 0.033426 tcp 10.0.2.109 64581 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:35:02.957938 0.127897 tcp 10.0.2.109 64582 -> 195.113.214.249 443 SRPA* 0 0 21 10934 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:35:03.086386 0.499836 udp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:35:03.435337 0.313954 udp 10.0.2.109 3683 <-> 14.97.21.94 7414 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:35:03.650041 0.149693 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:35:03.798751 0.184124 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:35:03.957559 0.275267 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:35:04.186458 0.204370 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:35:04.376151 0.051291 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:35:04.425432 0.074219 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/21 01:35:04.485025 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 01:35:20.825083 0.054415 tcp 10.0.2.109 64583 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:35:20.879835 0.031871 tcp 10.0.2.109 64584 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:35:20.912007 0.130486 tcp 10.0.2.109 64585 -> 195.113.214.249 443 SRPA* 0 0 23 12578 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:36:57.395497 3.002165 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 01:37:04.403069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:37:12.404594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:37:28.407499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:38:00.413566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:44:04.419958 3.001173 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 01:44:11.426962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:44:19.428522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:44:35.431766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:45:07.437609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:47:42.921746 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 01:47:42.921937 0.543490 tcp 10.0.2.109 64586 -> 188.129.248.221 6410 FSPA* 0 0 14 1747 flow=From-Botnet-V1-TCP-Established 1970/02/21 01:53:33.447826 3.001668 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 01:53:40.455517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:53:48.456835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:54:04.459621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 01:54:36.465963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:00:40.472992 3.002432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 02:00:47.479233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:00:55.480853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:01:11.483755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:01:43.489558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:05:29.558325 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 02:05:29.558505 0.000000 udp 10.0.2.109 3683 -> 120.36.153.182 2114 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 02:05:45.560463 0.054834 tcp 10.0.2.109 64587 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:05:45.615583 0.032605 tcp 10.0.2.109 64588 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:05:45.648480 0.137292 tcp 10.0.2.109 64589 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:05:45.786537 0.000000 udp 10.0.2.109 3683 -> 220.241.89.237 1736 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 02:06:02.466500 0.031554 tcp 10.0.2.109 64590 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:06:02.498405 0.032451 tcp 10.0.2.109 64591 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:06:02.531176 0.243753 tcp 10.0.2.109 64592 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:06:02.775506 0.000000 udp 10.0.2.109 3683 -> 176.73.51.253 5060 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 02:06:19.978155 0.032483 tcp 10.0.2.109 64593 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:06:20.010954 0.035875 tcp 10.0.2.109 64594 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:06:20.047108 0.136235 tcp 10.0.2.109 64595 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:06:20.183883 0.225311 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:20.405351 0.166844 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:22.557604 0.170335 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:22.716915 0.140360 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:22.844383 0.082953 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:23.539981 0.138064 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:23.663791 0.074092 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:23.728899 0.186495 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:23.908050 0.117171 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:23.991202 0.168089 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:24.160663 0.142431 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:24.304378 0.128964 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:24.431176 0.163414 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:24.590794 0.246167 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:24.800585 0.058826 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:24.863773 0.149351 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:25.003576 0.354190 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:25.353861 0.304886 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2619 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:25.712815 0.167864 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:25.881977 0.345544 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:26.226394 0.138445 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:26.386476 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 02:06:42.090480 0.032652 tcp 10.0.2.109 64596 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:06:42.123400 0.033450 tcp 10.0.2.109 64597 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:06:42.157158 0.127489 tcp 10.0.2.109 64598 -> 195.113.214.249 443 SRPA* 0 0 22 11784 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:06:42.285202 0.053592 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:42.358801 0.052345 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:42.439239 0.764203 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:42.963520 0.196277 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:43.152383 0.159118 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:43.288579 0.473067 udp 10.0.2.109 3683 <-> 213.120.97.56 3039 CON 0 0 11 4369 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:43.673086 0.103156 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:43.736753 0.102025 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:43.815072 0.445085 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:44.284234 0.101708 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:44.346914 1.616583 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:45.928980 0.150482 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:06:46.078255 0.000000 udp 10.0.2.109 3683 -> 14.97.21.94 7414 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 02:07:04.401829 0.033019 tcp 10.0.2.109 64599 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:07:04.435142 0.036920 tcp 10.0.2.109 64600 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:07:04.472343 0.129987 tcp 10.0.2.109 64601 -> 195.113.214.249 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:07:04.601088 0.432864 rtp 10.0.2.109 3683 <-> 60.182.142.95 6353 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:07:04.995816 0.186847 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:07:05.168896 0.051134 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:07:05.219817 0.077471 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:07:05.281011 0.281489 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:07:05.513118 0.185489 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:07:47.495663 3.001646 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 02:07:54.503003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:08:02.751887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:08:18.599132 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:08:50.523820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:14:54.532052 2.999338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 02:15:01.540891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:15:09.539061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:15:25.541615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:15:57.547543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:17:43.470539 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 02:17:43.470759 0.551989 tcp 10.0.2.109 64602 -> 188.129.248.221 6410 FSPA* 0 0 14 1655 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:22:01.553154 3.002010 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 02:22:08.560959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:22:16.562645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:22:32.565518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:23:04.571383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:29:08.589287 2.991069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 02:29:15.585041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:29:23.586413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:29:39.589503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:30:11.595814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:36:15.601808 3.001424 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 02:36:22.609375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:36:30.610373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:36:46.613380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:37:18.619513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:37:29.986743 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 02:37:29.986940 0.309597 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:30.298262 0.000000 udp 10.0.2.109 3683 -> 14.97.21.94 7414 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 02:37:47.623461 0.033032 tcp 10.0.2.109 64603 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:37:47.656797 0.033671 tcp 10.0.2.109 64604 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:37:47.690781 0.156162 tcp 10.0.2.109 64605 -> 195.113.214.249 443 SRPA* 0 0 21 11806 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:37:47.847641 0.233991 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1658 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:48.079549 0.175355 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:48.244592 0.168201 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:48.387856 0.133609 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:48.512871 0.072560 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:48.568350 0.191604 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:48.752817 0.080472 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:48.814440 0.150283 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:48.951084 0.166945 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:49.115291 0.247570 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:49.322481 0.143943 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:49.451222 0.171766 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:49.632933 0.144296 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:49.778662 0.128355 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:49.905726 0.117484 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:49.988385 0.172166 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:50.172927 0.291950 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:50.466599 0.146531 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:50.608847 0.354368 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:50.958954 0.326809 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:51.295751 0.132782 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:51.445082 0.054044 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:51.500584 0.128363 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:51.811390 0.189469 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:51.993594 0.160107 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:52.130190 0.538318 udp 10.0.2.109 3683 <-> 213.120.97.56 3039 CON 0 0 11 4303 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:52.581339 0.566788 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:53.029361 0.084531 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:53.257778 0.104112 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:53.319482 0.114470 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:53.393234 0.449579 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:53.894311 1.608177 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:55.464010 0.149385 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:55.612175 0.043012 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:55.719754 0.075598 rtp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:56.018859 0.279372 rtp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:56.249360 0.181426 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:37:56.408019 0.000000 udp 10.0.2.109 3683 -> 60.182.142.95 6353 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 02:38:14.320359 0.031339 tcp 10.0.2.109 64606 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:38:14.352024 0.033108 tcp 10.0.2.109 64607 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:38:14.385444 0.134674 tcp 10.0.2.109 64608 -> 195.113.214.249 443 SRPA* 0 0 23 11838 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:38:14.520668 0.197921 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/21 02:43:22.645767 3.001440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 02:43:29.652936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:43:37.654525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:43:53.657551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:44:25.664510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:47:44.048900 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 02:47:44.049068 0.594615 tcp 10.0.2.109 64609 -> 188.129.248.221 6410 FSPA* 0 0 14 1568 flow=From-Botnet-V1-TCP-Established 1970/02/21 02:50:29.669712 3.001690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 02:50:36.676958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:50:44.683876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:51:00.681705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:51:32.688547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:57:36.694530 3.000080 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 02:57:43.700840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:57:51.703374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:58:07.705317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 02:58:39.712693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:04:47.725596 2.999342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 03:04:54.730754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:05:02.732334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:05:18.735142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:05:50.743234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:08:39.724400 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 03:08:39.724586 0.000000 udp 10.0.2.109 3683 -> 60.182.142.95 6353 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 03:08:55.469267 0.057473 tcp 10.0.2.109 64610 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:08:55.527047 0.033121 tcp 10.0.2.109 64611 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:08:55.560461 0.143660 tcp 10.0.2.109 64612 -> 195.113.214.249 443 SRPA* 0 0 23 13202 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:08:55.704612 0.314809 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:56.035833 0.177418 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:56.202297 0.166103 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:56.345243 0.153144 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:56.490446 0.067342 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:56.541079 0.192288 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:56.725168 0.083279 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:56.791403 0.248845 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:57.043638 0.242872 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:57.252206 0.065068 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:57.331476 0.169851 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:57.498039 0.136232 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:57.626209 0.140376 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:57.767757 0.128513 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:57.894831 0.168740 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:58.098775 0.288019 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:58.404596 0.147062 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:58.543768 0.119199 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:58.626280 0.169807 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:58.791019 0.135232 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:58.922097 0.052697 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:58.976044 0.120928 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:59.093792 0.333633 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:59.426082 0.353148 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:08:59.828207 0.301543 rtp 10.0.2.109 3683 <-> 213.120.97.56 3039 CON 0 0 11 4520 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:00.043443 0.187969 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:00.224631 0.157392 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:00.361192 0.383339 rtp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:00.705051 0.714533 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:01.199831 0.407160 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:01.623002 0.110454 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:01.691178 0.094772 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:01.796170 0.153147 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:01.944582 0.284878 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:02.193494 0.049701 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:02.240986 0.073459 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:02.298832 0.315950 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:02.567839 0.186383 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:09:02.742832 0.196099 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:11:54.747158 3.001757 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 03:12:01.754974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:12:09.756040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:12:25.759174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:12:57.764527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:17:44.647995 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 03:17:44.648147 0.560412 tcp 10.0.2.109 64613 -> 188.129.248.221 6410 FSPA* 0 0 14 1614 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:19:01.772539 3.000084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 03:19:08.779083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:19:16.779955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:19:32.782791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:20:04.789417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:26:08.794516 3.002396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 03:26:15.804553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:26:23.804428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:26:39.808196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:27:11.814953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:33:15.819696 3.001067 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 03:33:22.828619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:33:30.828675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:33:46.830541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:34:18.837824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:39:24.336522 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 03:39:24.336633 0.167568 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:24.479519 0.136097 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:24.606664 0.072520 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:24.662812 0.190719 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:24.846640 0.073885 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:24.903672 0.325172 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:25.228513 0.173054 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:25.389672 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 03:39:44.296933 0.034497 tcp 10.0.2.109 64614 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:39:44.331720 0.035355 tcp 10.0.2.109 64615 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:39:44.367424 0.231668 tcp 10.0.2.109 64616 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:39:44.599674 0.244023 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:44.807337 0.068427 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:44.859103 0.170749 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:45.026633 0.151621 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:45.166717 0.137217 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:45.311934 0.129548 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:45.439809 0.171125 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:45.612203 0.295550 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:45.906744 0.152004 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:46.054632 0.135829 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:46.159563 0.168514 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:46.349418 0.131772 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:46.482656 0.353475 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:46.834849 0.354109 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:47.185201 0.054948 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:39:47.250547 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 03:40:03.456577 0.035466 tcp 10.0.2.109 64617 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:40:03.492368 0.033188 tcp 10.0.2.109 64618 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:40:03.525835 0.125665 tcp 10.0.2.109 64619 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:40:03.652196 0.161704 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:03.790411 0.099797 rtp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:03.852940 0.428442 rtp 10.0.2.109 3683 <-> 213.120.97.56 3039 CON 0 0 11 4448 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:04.195073 0.188058 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:04.376104 0.562128 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:04.838363 0.495146 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:05.335301 0.110342 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:05.405611 0.093565 udp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:05.492926 0.154730 udp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:05.643743 0.076550 rtp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:05.703830 0.277167 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:05.931041 0.186941 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:06.126979 0.190047 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:06.302686 1.199651 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:07.463654 0.049509 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/21 03:40:22.843383 3.001214 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 03:40:29.850668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:40:37.851806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:40:53.855155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:41:25.860899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:47:29.871306 2.997644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 03:47:36.874497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:47:44.881861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:47:45.226285 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 03:47:45.226464 0.467851 tcp 10.0.2.109 64620 -> 188.129.248.221 6410 FSPA* 0 0 14 1730 flow=From-Botnet-V1-TCP-Established 1970/02/21 03:48:00.879459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:48:32.885293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:55:25.891280 3.001813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 03:55:32.898740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:55:40.900471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:55:56.903388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 03:56:28.909133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:02:48.919631 3.000273 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 04:02:55.929588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:03:03.927659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:03:19.930951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:03:51.935884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:09:55.942089 3.001607 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 04:10:02.949154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:10:10.951181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:10:14.407183 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 04:10:14.407379 0.224088 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 370 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:14.631881 0.119155 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:14.748577 0.076402 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:14.807313 0.166947 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2571 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:14.948701 0.073848 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2015 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:15.002193 0.139531 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:15.129721 0.188618 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:15.310564 0.324157 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:15.649583 0.172070 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:15.809692 0.243026 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:16.017593 0.061558 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:16.075792 0.139020 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:16.223398 0.129616 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:16.361218 0.167334 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:16.548312 0.289798 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:16.839368 0.135145 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:16.965910 0.163780 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:17.125985 0.166196 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:17.311754 0.217205 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:17.530353 0.367961 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:17.914959 0.120868 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:18.004221 0.152302 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:18.146960 0.052977 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:18.239930 0.353200 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:18.589272 0.158093 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:18.724761 0.101114 rtp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:18.786391 0.712603 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:19.279064 0.514287 udp 10.0.2.109 3683 <-> 213.120.97.56 3039 CON 0 0 11 4681 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:19.703277 0.188859 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:19.884888 0.466317 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:20.361499 0.114669 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:20.434877 0.099318 rtp 10.0.2.109 3683 <-> 109.149.156.122 6148 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:20.556715 0.148570 rtp 10.0.2.109 3683 <-> 65.36.117.251 9663 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:20.704225 0.078293 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:20.767342 0.297735 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:21.001945 0.184358 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:21.203837 0.195660 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:21.385525 0.258433 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:21.609120 0.049759 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:10:26.954590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:10:58.960361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:17:02.976926 2.990963 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 04:17:09.973668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:17:17.975278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:17:33.978573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:17:45.695615 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 04:17:45.695725 0.584574 tcp 10.0.2.109 64621 -> 188.129.248.221 6410 FSPA* 0 0 14 1524 flow=From-Botnet-V1-TCP-Established 1970/02/21 04:18:05.984359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:24:09.991504 3.000570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 04:24:16.997717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:24:24.999229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:24:41.002631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:25:13.010282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:31:17.015037 3.001128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 04:31:24.021478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:31:32.023396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:31:48.025797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:32:20.035154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:38:24.038241 3.001664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 04:38:31.045617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:38:39.046928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:38:55.050206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:39:27.056261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:40:47.502592 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 04:40:47.502713 0.082733 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2538 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:47.567174 0.167881 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:48.991638 0.225472 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:49.213851 0.044849 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:49.811724 0.065353 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:49.861825 0.136058 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:49.989001 0.186490 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:50.167741 0.337048 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:50.669555 0.222656 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:50.880920 0.139043 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:51.030451 0.129442 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:51.157776 0.170328 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:51.400398 0.304549 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:51.888701 0.242732 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:52.095466 0.061084 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:52.218066 0.145195 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2000 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:52.355490 0.165911 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:52.518814 0.167566 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:52.750601 0.133075 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:52.890740 0.368487 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:53.260876 0.109457 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:53.336978 0.156116 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:53.484275 0.053430 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:53.583625 0.353811 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:53.933341 0.157816 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:54.175639 0.102309 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:54.235264 0.298214 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:54.521209 0.725427 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:54.986529 0.738691 udp 10.0.2.109 3683 <-> 213.120.97.56 3039 CON 0 0 11 4361 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:55.635681 0.526954 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:56.219261 0.111553 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:40:56.294708 0.000000 udp 10.0.2.109 3683 -> 109.149.156.122 6148 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 04:41:14.412092 0.032540 tcp 10.0.2.109 64622 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 04:41:14.444907 0.034562 tcp 10.0.2.109 64623 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 04:41:14.479792 0.126536 tcp 10.0.2.109 64624 -> 195.113.214.249 443 SRPA* 0 0 35 25101 flow=From-Botnet-V1-TCP-Established 1970/02/21 04:41:14.607148 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 04:41:31.706266 0.032237 tcp 10.0.2.109 64625 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 04:41:31.738793 0.033926 tcp 10.0.2.109 64626 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 04:41:31.772542 0.130656 tcp 10.0.2.109 64627 -> 195.113.214.249 443 SRPA* 0 0 24 9664 flow=From-Botnet-V1-TCP-Established 1970/02/21 04:41:31.902414 0.086276 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:41:31.971518 0.189292 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:41:32.145011 0.513291 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2047 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:41:32.624361 0.044647 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:41:33.020982 0.279785 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:41:33.254300 0.181328 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/21 04:45:31.061904 3.001774 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 04:45:38.069162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:45:46.071234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:46:02.074009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:46:34.079872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:47:46.284202 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 04:47:46.284298 0.607299 tcp 10.0.2.109 64628 -> 188.129.248.221 6410 FSPA* 0 0 14 1707 flow=From-Botnet-V1-TCP-Established 1970/02/21 04:54:28.096337 2.999486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 04:54:35.101619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:54:43.103054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:54:59.107003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 04:55:31.112715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:01:56.134277 2.997636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 05:02:03.135982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:02:11.137229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:02:27.141566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:02:59.146743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:09:10.154535 3.002152 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 05:09:17.164933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:09:25.162624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:09:41.164837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:10:13.170688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:11:51.632557 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 05:11:51.632689 0.000000 udp 10.0.2.109 3683 -> 109.149.156.122 6148 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 05:12:08.197691 0.056016 tcp 10.0.2.109 64629 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:12:08.254012 0.036081 tcp 10.0.2.109 64630 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:12:08.290417 0.153445 tcp 10.0.2.109 64631 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:12:08.444279 0.000000 udp 10.0.2.109 3683 -> 65.36.117.251 9663 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 05:12:26.393857 0.091319 tcp 10.0.2.109 64632 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:12:26.485465 0.033697 tcp 10.0.2.109 64633 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:12:26.518978 0.135473 tcp 10.0.2.109 64634 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:12:26.654984 0.072563 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 5 1729 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:26.715256 0.066579 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:26.765787 0.276475 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:27.040415 0.165892 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:27.184368 0.076800 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:27.335170 0.313475 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:27.667899 0.175465 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:27.832341 0.158395 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:27.981007 0.192120 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:28.165296 0.307688 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:28.474638 0.140762 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:28.625206 0.169456 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:28.790655 0.129218 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:28.918322 0.163138 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:29.077490 0.169207 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 1993 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:29.260007 0.137750 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:29.569883 0.145011 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:29.707016 0.060018 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:29.750497 0.243709 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:29.959023 0.354500 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:30.309714 0.349235 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:30.761578 0.145055 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:30.902009 0.113327 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:31.021614 0.053075 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:31.218993 0.159683 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:31.355874 0.100801 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:31.476792 0.188852 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:31.658472 0.000000 udp 10.0.2.109 3683 -> 213.120.97.56 3039 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 05:12:50.217375 0.054721 tcp 10.0.2.109 64635 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:12:50.272363 0.034704 tcp 10.0.2.109 64636 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:12:50.306927 0.134402 tcp 10.0.2.109 64637 -> 195.113.214.249 443 SRPA* 0 0 25 11932 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:12:50.440128 0.706823 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:50.906852 0.504883 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:51.428963 0.117595 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:51.503788 0.195770 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:51.684557 0.496343 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:52.143605 0.076851 rtp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:52.422426 0.186832 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:12:52.644369 0.000000 udp 10.0.2.109 3683 -> 93.223.104.112 4817 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 05:13:09.354710 0.052939 tcp 10.0.2.109 64638 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:13:09.408035 0.039569 tcp 10.0.2.109 64639 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:13:09.448039 0.128815 tcp 10.0.2.109 64640 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:13:09.577471 0.272569 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:16:17.177225 3.002119 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 05:16:24.186466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:16:32.186632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:16:48.188541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:17:20.194490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:17:46.893203 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 05:17:46.893367 0.470201 tcp 10.0.2.109 64641 -> 188.129.248.221 6410 FSPA* 0 0 14 1663 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:23:24.201282 3.000918 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 05:23:31.207787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:23:39.209386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:23:55.212428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:24:27.218879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:30:31.224317 3.001652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 05:30:38.231954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:30:46.233374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:31:02.236006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:31:34.242531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:37:38.248700 3.001188 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 05:37:45.256614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:37:53.257313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:38:09.260374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:38:41.266658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:43:21.149763 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 05:43:21.149992 0.000000 udp 10.0.2.109 3683 -> 213.120.97.56 3039 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 05:43:36.312793 0.054705 tcp 10.0.2.109 64642 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:43:36.367839 0.038813 tcp 10.0.2.109 64643 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:43:36.406882 0.137927 tcp 10.0.2.109 64644 -> 195.113.214.249 443 SRPA* 0 0 22 11784 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:43:36.545385 0.000000 udp 10.0.2.109 3683 -> 93.223.104.112 4817 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 05:43:53.345999 0.054818 tcp 10.0.2.109 64645 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:43:53.401118 0.032717 tcp 10.0.2.109 64646 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:43:53.434200 0.245425 tcp 10.0.2.109 64647 -> 195.113.214.249 443 SRPA* 0 0 23 14000 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:43:53.680139 0.087098 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:43:53.748696 0.066183 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:43:53.798712 0.051503 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:43:53.841868 0.305267 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:43:54.170346 0.172215 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:43:54.331054 0.166217 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:43:54.475486 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 05:44:09.859521 0.118433 tcp 10.0.2.109 64648 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:44:09.978386 0.035107 tcp 10.0.2.109 64649 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:44:10.013803 0.142975 tcp 10.0.2.109 64650 -> 195.113.214.249 443 SRPA* 0 0 23 11914 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:44:10.157375 0.167097 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:10.344845 0.131103 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:10.473910 0.300431 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:10.791164 0.193305 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:10.977764 0.137413 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:11.109629 0.135363 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:11.237006 0.146983 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:11.373253 0.059318 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:11.416425 0.239437 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:11.619380 0.170461 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:11.785845 0.132105 udp 10.0.2.109 3683 <-> 72.224.126.129 5645 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:11.919401 0.168923 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:12.089706 0.325808 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:12.417069 0.354307 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:12.767711 0.145043 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:12.908710 0.103080 rtp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:12.970227 0.192497 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:13.155726 0.112665 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:13.235557 0.053131 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:13.290524 0.167870 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:13.435474 0.720400 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:13.882404 0.110110 rtp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:13.951665 0.516747 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:14.477306 0.189973 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:14.651762 0.160781 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:14.778439 0.079221 rtp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:14.842130 0.185726 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:15.079043 0.281243 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/21 05:44:45.272375 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 05:44:52.279792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:45:00.281741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:45:16.288835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:45:48.290522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:47:47.371735 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 05:47:47.371898 0.470395 tcp 10.0.2.109 64651 -> 188.129.248.221 6410 FSPA* 0 0 14 1616 flow=From-Botnet-V1-TCP-Established 1970/02/21 05:54:05.297949 3.001313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 05:54:12.304882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:54:20.306793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:54:36.309504 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 05:55:08.315238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:01:12.322542 3.000624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 06:01:19.328932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:01:27.330611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:01:43.333500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:02:15.339415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:08:26.345676 3.001652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 06:08:33.352956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:08:41.354568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:08:57.357565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:09:29.365690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:14:24.929080 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 06:14:24.929223 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 06:14:40.853060 0.053120 tcp 10.0.2.109 64652 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:14:40.906476 0.050258 tcp 10.0.2.109 64653 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:14:40.957063 0.141707 tcp 10.0.2.109 64654 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:14:41.099298 0.067505 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:41.149183 0.082161 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:41.210347 0.046080 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:41.253728 0.164980 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:41.394259 0.171947 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:41.554719 0.313339 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:41.876471 0.296630 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:42.172217 0.187888 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:42.352603 0.172930 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 1992 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:42.517802 0.138796 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:42.654774 0.137424 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:42.790411 0.135180 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:42.917911 0.147809 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:43.055823 0.670828 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:43.644172 0.240574 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:43.850419 0.172130 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:14:44.018690 0.000000 udp 10.0.2.109 3683 -> 72.224.126.129 5645 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 06:15:02.493309 0.050558 tcp 10.0.2.109 64655 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:15:02.544191 0.051707 tcp 10.0.2.109 64656 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:15:02.596273 0.135049 tcp 10.0.2.109 64657 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:15:02.731817 0.353261 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:03.081444 0.145072 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:03.222500 0.100193 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:03.284290 0.168859 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:03.448382 0.353439 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:03.808317 0.190551 rtp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:03.991479 0.116947 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:04.076381 0.052026 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:04.164888 0.169810 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:04.310597 0.575559 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:04.767689 0.108266 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:04.835032 0.701340 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:05.498917 0.073938 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:05.558279 0.517148 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:06.083919 0.186533 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:06.256783 0.179046 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:06.415351 0.335580 rtp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:15:33.369697 3.001539 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 06:15:40.376748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:15:48.379219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:16:04.381434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:16:36.387515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:17:47.850835 0.000138 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 06:17:47.851052 0.518539 tcp 10.0.2.109 64658 -> 188.129.248.221 6410 FSPA* 0 0 14 1710 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:22:40.393417 3.002118 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 06:22:47.400859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:22:55.402562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:23:11.405989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:23:43.411725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:29:47.417562 3.001425 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 06:29:54.424987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:30:02.426523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:30:18.429492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:30:50.435610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:36:54.442679 3.000274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 06:37:01.449598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:37:09.450519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:37:25.453361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:37:57.459595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:44:01.468939 2.998094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 06:44:08.473399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:44:16.474469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:44:32.478365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:45:04.483475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:45:25.133845 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 06:45:25.134033 0.000000 udp 10.0.2.109 3683 -> 72.224.126.129 5645 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 06:45:42.349512 0.055455 tcp 10.0.2.109 64659 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:45:42.405303 0.034894 tcp 10.0.2.109 64660 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:45:42.440504 0.134644 tcp 10.0.2.109 64661 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:45:42.575655 0.051129 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:42.639097 0.168552 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:42.783489 0.172949 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:42.945521 0.310342 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:43.264913 0.072440 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:43.320292 0.079172 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:43.379466 0.192506 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:43.563920 0.293720 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:43.859082 0.128968 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:43.985973 0.147477 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:44.134952 0.151886 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:44.276776 0.167804 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:44.446020 0.141142 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:44.578494 0.060523 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:44.644278 0.242073 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:44.850245 0.169364 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:45.016863 0.354504 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:45.367920 0.183892 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:45.537303 0.101069 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:45.597154 0.166340 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:45.764888 0.314692 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:46.088281 0.051390 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:46.161864 0.162534 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:46.300930 0.735299 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:46.775853 0.113092 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:46.852683 0.192069 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:47.037826 0.103785 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:47.108010 0.276855 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:47.348502 0.090817 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:47.422586 0.180385 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:47.619386 0.302443 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:47.873700 0.512114 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:45:48.399186 0.187004 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/21 06:47:48.369419 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 06:47:48.369620 0.465422 tcp 10.0.2.109 64662 -> 188.129.248.221 6410 FSPA* 0 0 14 1697 flow=From-Botnet-V1-TCP-Established 1970/02/21 06:51:08.489569 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 06:51:15.496919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:51:23.498443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:51:39.501729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:52:11.507183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:58:15.512808 3.002193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 06:58:22.520972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:58:30.522432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:58:46.525471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 06:59:18.531178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:05:32.541417 3.001894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 07:05:39.549142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:05:47.550658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:06:03.553440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:06:35.559678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:12:39.565708 3.001383 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 07:12:46.572917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:12:54.574312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:13:10.577673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:13:42.583536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:16:12.519827 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 07:16:12.519938 0.186102 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:12.694401 0.050657 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:12.751156 0.168232 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:12.896637 0.312193 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:13.231439 0.073756 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:13.287864 0.080071 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:13.351927 0.187029 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:13.530829 0.305802 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:13.856285 0.145080 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:13.991716 0.166652 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:14.167210 0.157957 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:14.315979 0.066336 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:14.364618 0.240696 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:14.571938 0.129631 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:14.699299 0.157043 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:14.855114 0.166518 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:15.017858 0.360029 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:15.373729 0.145631 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:15.515067 0.104114 rtp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:15.607787 0.276852 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:15.872933 0.164266 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:16.013571 0.707090 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:16.583639 0.117837 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:16.658022 0.331194 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:16.990551 0.052193 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:17.058460 0.203968 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:17.254307 0.119369 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:17.337606 0.402429 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:17.700492 0.074233 rtp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:17.759461 0.180521 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:17.954359 0.367283 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:18.272455 0.514027 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:16:18.787970 0.193339 rtp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:17:48.838915 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 07:17:48.839081 0.575083 tcp 10.0.2.109 64663 -> 188.129.248.221 6410 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/02/21 07:19:46.589022 3.002191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 07:19:53.596839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:20:01.598557 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:20:17.601658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:20:49.607718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:26:53.613440 3.001802 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 07:27:00.623482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:27:08.622508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:27:24.625375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:27:56.631861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:34:00.637781 3.001656 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 07:34:07.644980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:34:15.646340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:34:31.649510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:35:03.655238 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:41:07.661583 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 07:41:14.669423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:41:22.669817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:41:38.672937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:42:10.679737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:46:30.994499 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 07:46:30.994734 0.170345 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:31.140450 0.176401 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:31.306723 0.050185 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:31.355411 0.315909 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:31.672390 0.068177 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:31.725303 0.097318 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:31.805956 0.194384 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:31.992177 0.297093 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:32.297896 0.147318 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:32.433305 0.062695 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:32.478261 0.247882 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:32.691328 0.129461 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:32.818962 0.143560 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:32.957558 0.143297 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:33.209889 0.172004 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:33.379445 0.171311 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:33.547872 0.360251 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:33.904746 0.776591 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:34.099296 0.511876 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:34.574512 0.170425 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:34.754463 0.113136 udp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:34.828018 0.161337 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:34.966019 0.710604 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:35.457318 0.341698 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:35.797890 0.054110 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:35.930178 0.192579 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:36.115524 0.114258 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:36.194709 0.089929 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:36.248222 0.079784 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:36.312645 0.183986 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:36.472063 0.189763 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:36.646339 0.373425 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2054 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:46:36.975631 0.445590 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/21 07:47:49.417513 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 07:47:49.417687 0.589212 tcp 10.0.2.109 64664 -> 188.129.248.221 6410 FSPA* 0 0 14 1617 flow=From-Botnet-V1-TCP-Established 1970/02/21 07:48:14.685395 3.001109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 07:48:21.692274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:48:29.694323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:48:45.697707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:49:17.703744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:55:46.715194 3.001891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 07:55:53.722574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:56:01.724480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:56:17.726750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 07:56:49.738336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:02:53.739656 3.001413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 08:03:00.746876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:03:08.748426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:03:24.751183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:03:56.756806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:10:00.763458 3.001200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 08:10:07.771020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:10:15.773323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:10:31.774754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:11:03.781435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:16:55.267074 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 08:16:55.267221 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 08:17:07.787388 3.001355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 08:17:11.922709 0.055600 tcp 10.0.2.109 64665 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:11.978616 0.032102 tcp 10.0.2.109 64666 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:12.011017 0.122227 tcp 10.0.2.109 64667 -> 195.113.214.249 443 SRPA* 0 0 37 26003 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:12.133878 0.308718 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:12.451816 0.072750 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:12.505405 0.075203 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:12.564618 0.168511 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:12.709894 0.176034 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:12.874700 0.197142 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:13.064637 0.290512 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:13.370736 0.219610 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:13.579475 0.060295 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:13.637690 0.239759 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:13.839380 0.129335 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:13.975965 0.146450 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:14.132500 0.146677 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:14.276797 0.178208 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:14.449339 0.164915 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:14.610710 0.357191 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:14.794571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:17:14.964012 0.169139 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:15.130776 0.115163 rtp 10.0.2.109 3683 <-> 91.6.43.130 5333 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:15.205512 0.172402 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:15.355295 0.153963 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:15.505082 0.000000 udp 10.0.2.109 3683 -> 62.227.186.223 1673 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 08:17:22.796532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:17:33.742490 0.052895 tcp 10.0.2.109 64668 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:33.795739 0.033989 tcp 10.0.2.109 64669 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:33.830052 0.130806 tcp 10.0.2.109 64670 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:33.961471 0.051869 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:34.059093 0.726169 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:34.544359 0.345174 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:34.887403 0.220206 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:35.100012 0.117017 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:35.183161 0.221905 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 5 2054 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:38.799208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:17:50.005734 0.555658 tcp 10.0.2.109 64671 -> 188.129.248.221 6410 FSPA* 0 0 14 1566 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:51.768475 0.052808 tcp 10.0.2.109 64672 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:51.821569 0.033776 tcp 10.0.2.109 64673 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:51.855632 0.136074 tcp 10.0.2.109 64674 -> 195.113.214.249 443 SRPA* 0 0 31 20310 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:17:51.992552 0.077261 udp 10.0.2.109 3683 <-> 81.149.151.188 5494 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:52.053330 0.185804 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:52.221899 0.192002 rtp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:52.397926 0.282699 udp 10.0.2.109 3683 <-> 187.131.195.177 8040 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:17:52.633570 0.423705 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:18:10.805660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:24:14.811720 3.001852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 08:24:21.818809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:24:29.819913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:24:45.823215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:25:17.829520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:31:21.835633 3.001247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 08:31:28.842683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:31:36.844403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:31:52.846940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:32:24.853217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:38:28.859315 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 08:38:35.866655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:38:43.868620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:38:59.871093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:39:31.877374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:45:35.883356 3.001468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 08:45:42.890709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:45:50.892264 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:46:06.894982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:46:38.901260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:47:50.564447 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 08:47:50.564599 0.526070 tcp 10.0.2.109 64675 -> 188.129.248.221 6410 FSPA* 0 0 14 1683 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:47:56.895485 0.044478 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:47:56.938075 0.104197 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:47:57.001813 1.211325 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:47:58.176729 0.076041 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:47:58.272739 0.216402 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 5 1730 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:47:58.471302 0.176943 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:47:58.637196 0.310466 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:47:58.966644 0.072577 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:47:59.022016 0.246702 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:47:59.231240 0.183939 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 3 1126 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:48:18.125928 0.055994 tcp 10.0.2.109 64676 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:48:18.182268 0.038600 tcp 10.0.2.109 64677 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:48:18.221143 0.145608 tcp 10.0.2.109 64678 -> 195.113.214.249 443 SRPA* 0 0 49 26140 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:48:18.367298 0.304023 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:48:18.681448 0.212963 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 3 1094 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:48:37.311818 0.055933 tcp 10.0.2.109 64679 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:48:37.368134 0.033934 tcp 10.0.2.109 64680 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:48:37.402348 0.129685 tcp 10.0.2.109 64681 -> 195.113.214.249 443 SRPA* 0 0 21 11806 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:48:37.532554 0.072796 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:48:37.588480 0.188057 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2657 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:48:37.767451 0.218947 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 3 959 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:48:37.983917 0.396017 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:48:38.376170 0.232297 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 3 1226 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:48:54.646862 0.031936 tcp 10.0.2.109 64682 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:48:54.679085 0.033447 tcp 10.0.2.109 64683 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:48:54.712820 0.127106 tcp 10.0.2.109 64684 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:48:54.840610 0.171538 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:48:55.012381 0.214821 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 5 2035 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:49:14.005003 0.038347 tcp 10.0.2.109 64685 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:49:14.043635 0.037582 tcp 10.0.2.109 64686 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:49:14.081731 0.135931 tcp 10.0.2.109 64687 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:49:14.218209 0.146609 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:49:14.360048 0.000000 udp 10.0.2.109 3683 -> 91.6.43.130 5333 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 08:49:31.149457 0.033557 tcp 10.0.2.109 64688 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:49:31.183242 0.034480 tcp 10.0.2.109 64689 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:49:31.218009 0.138092 tcp 10.0.2.109 64690 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:49:31.356629 0.216134 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:49:31.576365 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 08:49:48.999650 0.033327 tcp 10.0.2.109 64691 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:49:49.033309 0.033983 tcp 10.0.2.109 64692 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:49:49.067653 0.130070 tcp 10.0.2.109 64693 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:49:49.198267 0.724169 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:49:49.683044 0.053861 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:49:49.739665 0.384750 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 5 1785 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:50:06.240056 0.034234 tcp 10.0.2.109 64694 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:50:06.274559 0.033869 tcp 10.0.2.109 64695 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:50:06.308685 0.922888 tcp 10.0.2.109 64696 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:50:07.232159 0.108015 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:50:07.307218 0.390325 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:50:07.689902 0.271453 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 5 1910 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:50:07.948938 0.000000 udp 10.0.2.109 3683 -> 187.131.195.177 8040 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 08:50:25.337295 0.031791 tcp 10.0.2.109 64697 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:50:25.369366 0.033517 tcp 10.0.2.109 64698 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:50:25.403177 0.134545 tcp 10.0.2.109 64699 -> 195.113.214.249 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:50:25.538268 0.000000 udp 10.0.2.109 3683 -> 81.149.151.188 5494 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 08:50:41.881121 0.046457 tcp 10.0.2.109 64700 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:50:41.927911 0.090035 tcp 10.0.2.109 64701 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:50:42.018350 0.130624 tcp 10.0.2.109 64702 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/21 08:50:42.149691 0.183141 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:50:42.308363 0.449217 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/21 08:54:27.907918 3.001604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 08:54:34.915527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:54:42.918025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:54:58.920224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 08:55:30.926071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:01:57.944573 3.002385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 09:02:04.952111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:02:12.953839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:02:28.957042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:03:00.963246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:09:10.978825 3.000658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 09:09:17.985196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:09:25.986800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:09:41.989577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:10:13.995598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:16:18.001463 3.002014 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 09:16:25.009223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:16:33.010780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:16:49.014240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:17:21.019562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:17:51.093366 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 09:17:51.093471 0.515344 tcp 10.0.2.109 64703 -> 188.129.248.221 6410 FSPA* 0 0 14 1594 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:20:50.110369 0.000156 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 09:20:50.110684 0.141426 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:20:50.250307 0.148660 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:20:50.403984 0.154522 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:20:50.568817 0.168006 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:20:50.729058 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 09:21:09.690399 0.050349 tcp 10.0.2.109 64704 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:09.741057 0.051666 tcp 10.0.2.109 64705 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:09.792969 0.157687 tcp 10.0.2.109 64706 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:09.951191 0.000000 udp 10.0.2.109 3683 -> 91.6.43.130 5333 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 09:21:25.992716 0.081506 tcp 10.0.2.109 64707 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:26.074516 0.050972 tcp 10.0.2.109 64708 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:26.125746 0.131411 tcp 10.0.2.109 64709 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:26.257683 0.313117 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:21:26.574405 0.000000 udp 10.0.2.109 3683 -> 81.149.151.188 5494 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 09:21:43.617983 0.050646 tcp 10.0.2.109 64710 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:43.668907 0.051185 tcp 10.0.2.109 64711 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:43.720417 0.132701 tcp 10.0.2.109 64712 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:43.853768 0.000000 udp 10.0.2.109 3683 -> 187.131.195.177 8040 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 09:21:58.889847 0.049810 tcp 10.0.2.109 64713 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:58.939979 0.050260 tcp 10.0.2.109 64714 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:58.990509 0.126149 tcp 10.0.2.109 64715 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:21:59.117220 0.052129 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:21:59.162269 0.106406 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2661 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:21:59.223631 0.308952 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:21:59.541310 0.173946 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:21:59.692528 0.170184 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:21:59.852600 0.077720 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:21:59.933646 0.088435 rtp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:21:59.988210 0.240830 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:00.195316 0.071210 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:00.249164 0.290224 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:00.548661 0.063294 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:00.596288 0.181092 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:00.966799 0.175064 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:01.259086 0.353837 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:01.792118 0.162840 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:01.965996 0.149920 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:02.106240 0.178238 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:02.286849 2.415520 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:04.582779 0.052919 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:04.640117 0.548447 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:05.181593 0.121763 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:05.797233 0.203111 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:05.984476 0.182690 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:22:06.253205 0.445847 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:23:25.028551 2.998933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 09:23:32.033991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:23:40.034352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:23:56.037502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:24:28.043860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:30:32.049625 3.001713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 09:30:39.057241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:30:47.058757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:31:03.062073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:31:35.067875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:37:39.074621 3.000880 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 09:37:46.081208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:37:54.083768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:38:10.085578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:38:42.098093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:44:46.098395 3.003378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 09:44:53.104988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:45:01.106712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:45:17.109580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:45:49.115575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:47:51.611964 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 09:47:51.612152 0.590912 tcp 10.0.2.109 64716 -> 188.129.248.221 6410 FSPA* 0 0 14 1642 flow=From-Botnet-V1-TCP-Established 1970/02/21 09:52:25.185087 0.000134 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 09:52:25.185348 0.154379 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:25.342537 0.224312 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:25.558744 0.141457 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:25.699014 0.157490 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:25.844747 0.326129 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:26.171924 0.045714 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:26.214876 0.104173 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:26.276752 0.308566 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:26.586597 0.178600 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:26.743348 0.171356 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:26.902917 0.079995 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:26.964649 0.572503 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:27.504101 0.244488 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:27.710702 0.071033 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:27.818770 0.283192 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2693 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:28.101412 0.061667 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:28.145611 0.186559 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:28.324736 0.168716 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:28.505627 0.178910 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:28.681911 0.355689 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:29.033920 0.157743 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:29.183404 0.173983 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:29.365643 0.721911 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:29.828009 0.052236 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:29.914440 0.199492 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:30.107201 0.126409 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:30.197175 0.439764 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:30.638702 0.200380 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:52:30.823687 0.211331 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/21 09:54:05.131731 3.001101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 09:54:12.148383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:54:20.140145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:54:36.143425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 09:55:08.149553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:01:14.158082 3.001657 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 10:01:21.165623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:01:29.167121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:01:45.170149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:02:17.176049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:08:29.183030 3.002159 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 10:08:36.191116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:08:44.192538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:09:00.195979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:09:32.201604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:15:36.207882 3.001659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 10:15:43.214962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:15:51.216501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:16:07.219506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:16:39.225835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:17:52.211104 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 10:17:52.211188 0.514928 tcp 10.0.2.109 64717 -> 188.129.248.221 6410 FSPA* 0 0 14 1579 flow=From-Botnet-V1-TCP-Established 1970/02/21 10:22:43.231854 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 10:22:45.963278 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 10:22:45.963467 0.141547 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2558 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:46.103222 0.168432 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:46.261095 0.153573 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:46.416047 0.148456 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:46.552482 0.112514 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:46.622252 0.319906 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:46.940504 0.047552 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:46.984706 0.302169 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:47.289068 0.178505 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:47.447357 0.171135 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:47.607386 0.073523 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:47.665002 0.089515 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2739 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:47.735662 0.251188 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:47.949568 0.249754 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:48.164256 0.328793 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:48.511550 0.063262 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:48.557104 0.182649 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:48.732947 0.167806 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:48.912184 0.149038 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:49.053450 0.176386 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:49.225393 0.353222 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:49.574917 0.175108 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:49.759127 0.570261 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:50.229668 0.055996 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:50.239211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:22:50.287742 0.281651 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:50.561504 0.122976 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:50.653296 0.184744 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:50.839052 0.439230 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:51.303036 0.203370 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:22:58.240637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:23:14.243539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:23:46.253278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:29:50.255443 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 10:29:57.262902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:30:05.269431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:30:21.267479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:30:53.273341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:36:57.282294 2.998850 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 10:37:04.287353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:37:12.289421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:37:28.291646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:38:00.298544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:44:04.303415 3.002180 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 10:44:11.311102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:44:19.312407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:44:35.315584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:45:07.321541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:47:52.729094 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 10:47:52.729308 1.103034 tcp 10.0.2.109 64718 -> 188.129.248.221 6410 FSPA* 0 0 14 1580 flow=From-Botnet-V1-TCP-Established 1970/02/21 10:52:57.097058 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 10:52:57.097236 0.161882 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:57.250539 0.169824 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:57.416493 0.104480 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:57.477856 0.318562 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:57.806775 0.136608 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:57.941329 0.156192 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:58.088753 0.045197 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:58.131833 0.305610 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:58.446393 0.179996 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:58.602239 0.171250 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:58.762798 0.094503 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:58.844172 0.079198 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:58.941615 0.190232 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:59.095152 0.245068 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:59.303917 0.283778 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:59.597210 0.060790 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:59.642473 0.192424 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:59.828245 0.169891 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:52:59.999458 0.352054 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:00.347758 0.173159 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:00.521897 0.155483 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:00.665707 0.170297 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:00.832653 0.675622 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:01.289125 0.056946 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:01.369434 0.282066 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:01.643458 0.108115 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:01.717994 0.244502 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:01.940891 0.420562 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:02.376824 0.194061 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/21 10:53:33.331375 3.002005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 10:53:40.338998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:53:48.340558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:54:04.343820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 10:54:36.349516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:00:40.356598 3.000581 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 11:00:47.363066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:00:55.364662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:01:11.368809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:01:43.374879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:07:47.379536 3.001586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 11:07:54.386908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:08:02.388768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:08:18.394920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:08:50.397851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:14:54.405255 3.000211 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 11:15:01.415211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:15:09.414491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:15:25.415638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:15:57.421579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:17:53.839793 0.000158 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 11:17:53.840176 0.562724 tcp 10.0.2.109 64719 -> 188.129.248.221 6410 FSPA* 0 0 14 1715 flow=From-Botnet-V1-TCP-Established 1970/02/21 11:22:01.427584 3.001510 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 11:22:08.434955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:22:16.436932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:22:32.439358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:23:04.445482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:23:29.491654 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 11:23:29.491825 0.103792 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:29.555258 0.160723 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:29.725972 0.165900 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:29.881291 0.320823 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:30.203271 0.141995 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:30.343668 0.152784 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:30.488757 0.052420 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:30.536618 0.171367 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:30.697003 0.076917 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:30.754313 0.073516 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:30.808248 0.307439 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:31.117136 0.179614 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:31.275391 0.262890 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:31.501936 0.254803 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:31.721642 0.302775 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:32.025830 0.058137 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 1898 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:32.069453 0.354453 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:32.420080 0.186877 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:32.600077 0.169133 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:32.789912 0.241223 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:33.027499 0.174194 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:33.202955 0.149385 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:33.345083 0.678669 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:33.803990 0.055197 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:33.860674 0.207306 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:34.060014 0.124059 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:34.147782 0.178833 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:34.352935 0.450697 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:23:34.805425 0.196964 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:29:08.451926 3.001437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 11:29:15.458773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:29:23.460420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:29:39.465055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:30:11.469707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:36:15.476026 3.001033 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 11:36:22.482590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:36:30.484386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:36:46.487223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:37:18.494280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:43:22.501245 2.999960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 11:43:29.506982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:43:37.508734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:43:53.514819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:44:25.517437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:47:54.408925 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 11:47:54.409117 0.518018 tcp 10.0.2.109 64720 -> 188.129.248.221 6410 FSPA* 0 0 14 1698 flow=From-Botnet-V1-TCP-Established 1970/02/21 11:50:29.524061 3.001008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 11:50:36.530786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:50:44.533667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:51:00.535198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:51:32.541176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:54:02.133057 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 11:54:02.133257 0.162878 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:02.287281 0.182462 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:02.414247 0.160937 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:02.585904 0.319609 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:02.914957 0.141041 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:03.054802 0.157047 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:03.202012 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 11:54:19.585769 0.052458 tcp 10.0.2.109 64721 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 11:54:19.638513 0.050492 tcp 10.0.2.109 64722 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 11:54:19.689305 0.137960 tcp 10.0.2.109 64723 -> 195.113.214.249 443 SRPA* 0 0 35 23773 flow=From-Botnet-V1-TCP-Established 1970/02/21 11:54:19.828222 0.173449 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:19.989568 0.081385 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:20.051408 0.069847 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:20.103070 0.286247 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:20.357211 0.254816 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:20.577902 0.309059 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 1955 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:20.895414 0.181301 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:21.051047 0.308987 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:21.379300 0.061752 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2591 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:21.423393 0.354022 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:21.773469 0.186794 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:21.952531 0.175025 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:22.152958 0.161903 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:22.306875 0.602319 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:22.809793 0.056609 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:22.878423 0.175943 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:23.051349 0.179966 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:23.227614 0.224331 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:23.444887 0.121208 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:23.532275 0.182012 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:23.725255 0.428634 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:54:24.162767 0.202960 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/21 11:57:36.547750 3.001452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 11:57:43.554741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:57:51.556596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:58:07.559320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 11:58:39.564712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:04:45.574622 3.000867 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 12:04:52.581296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:05:00.583075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:05:16.585880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:05:48.592461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:11:52.597504 3.002210 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 12:11:59.605956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:12:07.606924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:12:23.609921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:12:55.615863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:17:54.926925 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 12:17:54.927085 0.537690 tcp 10.0.2.109 64724 -> 188.129.248.221 6410 FSPA* 0 0 14 1671 flow=From-Botnet-V1-TCP-Established 1970/02/21 12:18:59.622240 3.001579 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 12:19:06.629344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:19:14.631309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:19:30.634038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:20:02.639877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:24:37.377399 0.000162 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 12:24:37.377695 0.050417 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:37.425794 0.147923 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:37.573958 0.320568 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:37.927927 0.170431 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:38.088612 0.616270 udp 10.0.2.109 3683 <-> 62.227.186.223 1673 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:38.653741 0.141885 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:38.793975 0.157634 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:38.942645 0.073569 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:38.998202 0.174305 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:39.162358 0.087569 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:39.230297 0.309114 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:39.539311 0.270363 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:39.776050 0.252827 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:39.996132 0.177011 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:40.151725 0.297035 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:40.451003 0.058602 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:40.492860 0.173801 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:40.668196 0.348125 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2602 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:41.018084 0.184381 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:41.194952 0.055543 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:41.251856 0.167085 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:41.408382 0.734220 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:41.902483 0.176570 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:42.075422 0.173252 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:42.262452 0.189502 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2502 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:42.443877 0.123537 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:42.531106 0.183559 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:42.724413 0.451407 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:24:43.184482 0.202131 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:26:06.645913 3.001836 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 12:26:13.653768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:26:21.655053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:26:37.658400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:27:09.663364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:33:13.670091 3.001747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 12:33:20.677517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:33:28.678879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:33:44.681977 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:34:16.688619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:40:20.693763 3.001463 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 12:40:27.700707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:40:35.702959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:40:51.705699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:41:23.712197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:47:27.717440 3.003815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 12:47:34.725455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:47:42.726971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:47:55.465938 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 12:47:55.466155 0.596949 tcp 10.0.2.109 64725 -> 188.129.248.221 6410 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/02/21 12:47:58.730030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:48:30.735986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:55:01.487949 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 12:55:01.488102 0.320708 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:01.826508 0.054363 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:02.108458 0.160174 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:02.636780 0.161818 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:02.897150 0.000000 udp 10.0.2.109 3683 -> 62.227.186.223 1673 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 12:55:19.555505 0.051577 tcp 10.0.2.109 64726 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 12:55:19.607371 0.052108 tcp 10.0.2.109 64727 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 12:55:19.659798 0.142480 tcp 10.0.2.109 64728 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/21 12:55:19.802870 0.136520 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:19.951425 0.163812 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:20.102360 0.080870 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:20.165263 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 12:55:27.747567 3.002037 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 12:55:34.755157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:55:35.557474 0.050322 tcp 10.0.2.109 64729 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 12:55:35.608094 0.050761 tcp 10.0.2.109 64730 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 12:55:35.659225 0.136260 tcp 10.0.2.109 64731 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 12:55:35.796024 0.233586 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:35.994515 0.240862 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:36.200731 0.077113 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:36.259993 0.173212 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:36.423081 0.180208 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:36.580162 0.346653 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:36.941827 0.058779 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:36.985512 0.168324 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2646 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:37.155187 0.054071 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:37.219125 0.148990 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:37.360455 0.743307 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:37.863280 0.351958 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:38.239501 0.186298 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:38.417767 0.171276 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:38.585724 0.172548 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:38.766963 0.188649 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:38.948306 0.124058 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:39.034850 0.825255 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:39.875479 0.415228 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:40.299099 0.201356 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/21 12:55:42.757140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:55:58.760159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 12:56:30.765422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:02:51.776904 3.001615 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 13:02:58.783661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:03:06.785293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:03:22.788572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:03:54.793823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:09:58.800372 3.002561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 13:10:05.808377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:10:13.809895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:10:29.813644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:11:01.818766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:17:05.824601 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 13:17:12.831818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:17:20.833531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:17:36.835932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:17:56.064683 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 13:17:56.064866 0.518906 tcp 10.0.2.109 64732 -> 188.129.248.221 6410 FSPA* 0 0 14 1496 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:18:08.843000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:24:12.848825 3.001342 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 13:24:19.858560 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:24:27.857245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:24:43.860266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:25:15.866558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:25:41.573318 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 13:25:41.573467 0.000000 udp 10.0.2.109 3683 -> 62.227.186.223 1673 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 13:25:59.881257 0.054617 tcp 10.0.2.109 64733 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:25:59.936123 0.033411 tcp 10.0.2.109 64734 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:25:59.969787 0.128363 tcp 10.0.2.109 64735 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:26:00.098708 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 13:26:17.506067 0.053390 tcp 10.0.2.109 64736 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:26:17.559751 0.032302 tcp 10.0.2.109 64737 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:26:17.592302 0.132103 tcp 10.0.2.109 64738 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:26:17.724965 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 13:26:36.542945 0.053523 tcp 10.0.2.109 64739 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:26:36.596704 0.034453 tcp 10.0.2.109 64740 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:26:36.631444 0.132451 tcp 10.0.2.109 64741 -> 195.113.214.249 443 SRPA* 0 0 34 19478 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:26:36.764370 0.313504 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:37.076620 0.155000 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:37.264440 0.509865 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:37.771068 0.159472 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:37.938582 0.141338 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:38.078154 0.082155 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:38.140329 0.305216 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:38.409286 0.178938 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:38.576177 0.176363 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:38.729085 0.237879 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:38.930418 0.072974 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:38.985027 0.307117 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:39.323876 0.060341 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:39.366467 0.169185 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:39.586353 0.055538 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:39.643502 0.147105 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:39.783289 0.690185 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:40.261682 0.172073 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:40.430138 0.172222 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:40.615934 0.353658 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:40.981138 0.191075 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:41.164705 0.241568 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:41.399244 0.111751 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:41.476160 0.184756 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:41.662571 0.499087 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:26:42.175340 0.201110 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 1948 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:31:19.872009 3.002205 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 13:31:26.879701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:31:34.881239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:31:50.884898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:32:22.890395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:38:26.896491 3.002911 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 13:38:33.904609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:38:41.905419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:38:57.908724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:39:29.914755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:45:33.921000 3.001075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 13:45:40.928087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:45:48.929579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:46:04.932532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:46:36.938677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:47:56.583092 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 13:47:56.583298 3.003642 tcp 10.0.2.109 64742 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 13:48:05.588116 0.000000 tcp 10.0.2.109 64742 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 13:48:11.586069 0.051152 tcp 10.0.2.109 64743 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:48:11.637465 0.051226 tcp 10.0.2.109 64744 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:48:11.689022 0.140801 tcp 10.0.2.109 64745 -> 195.113.214.249 443 SRPA* 0 0 21 11806 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:48:11.856508 0.518880 tcp 10.0.2.109 64746 -> 176.73.169.112 1959 FSPA* 0 0 14 1705 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:54:25.945796 3.001192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 13:54:32.952760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:54:40.953666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:54:56.957908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:55:28.963699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 13:56:56.189057 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 13:56:56.189229 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 109 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 13:57:11.662021 0.045265 tcp 10.0.2.109 64747 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:57:11.707501 0.039319 tcp 10.0.2.109 64748 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:57:11.747061 0.129249 tcp 10.0.2.109 64749 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:57:11.876996 0.163030 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:12.028253 0.160319 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:12.056144 2.999439 tcp 10.0.2.109 64750 -> 74.56.71.57 7932 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 13:57:12.178624 0.313482 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:12.491108 0.155399 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:12.644995 0.137185 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:12.779907 0.081902 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:12.842836 1.432011 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 4 1314 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:14.258549 0.177663 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:14.424428 0.177934 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:14.577987 0.256183 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:14.797349 0.072869 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:14.853128 0.359264 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:15.211459 0.060159 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:15.277248 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 13:57:21.054380 0.000000 tcp 10.0.2.109 64750 -> 74.56.71.57 7932 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 13:57:31.970557 0.032171 tcp 10.0.2.109 64751 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:57:32.003044 0.033194 tcp 10.0.2.109 64752 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:57:32.036460 0.131043 tcp 10.0.2.109 64753 -> 195.113.214.249 443 SRPA* 0 0 22 13148 flow=From-Botnet-V1-TCP-Established 1970/02/21 13:57:32.168503 0.054584 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:32.225980 0.159644 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:32.381303 0.175297 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:32.680565 0.353610 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:33.052274 0.694567 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:33.507240 0.177189 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:33.680677 0.186457 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:33.860143 0.189376 rtp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:34.042121 0.119917 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:34.128261 0.177279 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:34.313987 0.430539 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/21 13:57:34.765286 0.202350 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:01:55.981554 3.002524 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 14:02:02.989662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:02:10.991278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:02:26.994047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:02:59.000163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:09:09.015966 3.000693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 14:09:16.022888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:09:24.024050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:09:40.026915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:10:12.033338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:16:16.039020 3.001706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 14:16:23.046739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:16:31.047943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:16:47.054891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:17:19.056820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:18:12.384116 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 14:18:12.384310 0.522478 tcp 10.0.2.109 64754 -> 176.73.169.112 1959 FSPA* 0 0 14 1552 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:23:23.063079 3.001618 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 14:23:30.070033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:23:38.071604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:23:54.075016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:24:26.081419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:27:40.851183 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 14:27:40.851369 2.347980 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:43.198370 0.159614 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:43.198889 2.759815 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 SPA_* 0 0 10 2786 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:27:43.345285 0.319681 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:43.673716 0.154572 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:43.837973 0.140910 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:43.977394 0.081944 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:44.390696 0.160022 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:44.539661 0.171398 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:44.699243 0.493510 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:45.157293 0.070669 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:46.070506 0.347598 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:46.437991 0.062582 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:46.528048 0.243035 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:46.736446 0.173599 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:46.887918 0.056217 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:46.952948 1.675180 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:48.212205 4.888619 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 17 14626 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:27:48.627154 0.353695 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:49.414501 0.694529 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:49.889102 0.170136 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:50.114706 0.148444 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:50.255596 0.183504 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:50.563538 0.121125 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:50.671890 0.182496 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:50.900541 0.427940 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:51.699228 0.201855 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:51.885843 0.181851 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:27:53.298706 4.326055 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 30 24776 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:27:59.170728 4.871341 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 36 26520 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:04.244558 4.677320 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 24 17680 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:11.039509 4.908612 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 38 26628 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:16.151316 3.812952 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 28 17896 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:21.632039 4.914231 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 46 27060 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:28.163164 4.852770 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 38 26628 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:34.533168 4.901904 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 43 26898 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:40.752425 4.798791 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 47 27114 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:45.753534 4.002577 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 31 18058 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:51.119577 4.899364 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 39 24634 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:28:56.332445 4.857621 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 37 22478 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:01.396421 4.456403 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 46 22964 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:06.568275 4.980156 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 42 22748 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:11.751585 4.372776 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 43 24850 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:17.253568 4.491660 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 50 27276 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:22.569904 4.964098 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 56 29648 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:27.706197 4.795277 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 46 27060 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:32.963589 4.983631 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 49 31318 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:38.333440 4.917364 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 49 29270 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:43.457322 4.872222 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 52 29432 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:48.534567 4.964409 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 50 28724 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:53.536734 4.863183 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 65 34830 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:29:58.745656 4.940920 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 63 36170 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:30:03.886785 4.953645 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 66 40428 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:30:09.040674 4.882348 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 A_PA 0 0 85 47598 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:30:14.121098 2.250369 tcp 10.0.2.109 64755 -> 173.174.73.38 3558 FPA_* 0 0 12 3369 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:30:30.086947 3.001775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 14:30:37.094185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:30:45.096612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:31:01.099032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:31:33.104738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:37:37.111129 3.001726 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 14:37:44.119102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:37:52.119586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:38:08.122805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:38:40.128931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:44:44.134703 3.002002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 14:44:51.145358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:44:59.143641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:45:15.146933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:45:47.152962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:48:12.912646 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 14:48:12.912868 0.520017 tcp 10.0.2.109 64756 -> 176.73.169.112 1959 FSPA* 0 0 14 1701 flow=From-Botnet-V1-TCP-Established 1970/02/21 14:54:03.168342 3.001815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 14:54:10.175947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:54:18.177829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:54:34.180622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:55:06.187082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 14:58:06.685934 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 14:58:06.686170 0.166945 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:06.855018 0.156200 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:06.999926 0.313896 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:07.323416 0.153458 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:07.485114 0.141834 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:07.625008 0.170500 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 1986 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:07.785270 0.081792 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:07.848768 0.151213 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:07.992074 0.521083 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:08.478994 0.073883 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:08.535457 0.359648 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:08.896493 0.059560 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:08.940706 0.256588 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:09.162924 0.176379 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:09.316841 0.055367 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:09.385808 2.446527 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:11.833748 0.355373 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:12.185556 0.707119 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:12.652797 0.178759 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:12.827436 0.147459 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:12.967164 0.191587 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:13.151928 0.122753 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:13.240610 0.185388 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:13.450788 0.508720 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:13.971565 0.197095 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/21 14:58:14.153197 0.200714 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2579 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:01:12.195515 3.001461 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 15:01:19.202777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:01:27.205023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:01:43.207210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:02:15.213287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:08:27.220613 3.002076 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 15:08:34.228526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:08:42.229715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:08:58.232972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:09:30.238783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:15:34.248051 2.998885 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 15:15:41.252579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:15:49.253742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:16:05.256830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:16:37.262920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:18:13.431468 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 15:18:13.431563 3.003787 tcp 10.0.2.109 64757 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:18:22.433744 0.000000 tcp 10.0.2.109 64757 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:18:28.434759 0.031629 tcp 10.0.2.109 64758 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:18:28.466633 0.128508 tcp 10.0.2.109 64759 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:18:28.595491 0.160153 tcp 10.0.2.109 64760 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:18:29.064185 3.003463 tcp 10.0.2.109 64761 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:18:38.076005 0.000000 tcp 10.0.2.109 64761 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:18:44.065744 0.385311 tcp 10.0.2.109 64762 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:18:44.451364 0.033014 tcp 10.0.2.109 64763 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:18:44.484724 0.123979 tcp 10.0.2.109 64764 -> 195.113.214.249 443 SRPA* 0 0 23 13202 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:18:44.750362 2.974471 tcp 10.0.2.109 64765 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:18:53.666231 0.000000 tcp 10.0.2.109 64765 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:18:59.607541 2.979457 tcp 10.0.2.109 64766 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:19:08.529359 0.000000 tcp 10.0.2.109 64766 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:22:41.268667 3.002057 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 15:22:48.276414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:22:56.277666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:23:12.280655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:23:44.286934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:24:14.410486 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 15:24:14.410597 3.003424 tcp 10.0.2.109 64767 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:24:23.418715 0.000000 tcp 10.0.2.109 64767 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:24:29.413527 0.055207 tcp 10.0.2.109 64768 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:24:29.468961 0.033042 tcp 10.0.2.109 64769 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:24:29.502497 0.232367 tcp 10.0.2.109 64770 -> 195.113.214.249 443 SRPA* 0 0 21 11806 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:24:29.811344 3.005064 tcp 10.0.2.109 64771 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:24:38.814827 0.000000 tcp 10.0.2.109 64771 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:24:44.805438 0.050746 tcp 10.0.2.109 64772 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:24:44.856531 0.031645 tcp 10.0.2.109 64773 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:24:44.888501 0.125132 tcp 10.0.2.109 64774 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:24:45.073146 2.995770 tcp 10.0.2.109 64775 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:24:54.078623 0.000000 tcp 10.0.2.109 64775 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:25:00.065731 2.994336 tcp 10.0.2.109 64776 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:25:09.058395 0.000000 tcp 10.0.2.109 64776 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:28:26.723090 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 15:28:26.723344 0.313454 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:27.035765 0.147634 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:27.287870 0.167451 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:27.505757 0.155854 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:27.652636 0.141529 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:27.792346 0.172850 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:27.953421 0.077825 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:28.012029 0.160660 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:28.163748 0.669979 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:28.796427 0.073739 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:28.972354 0.345148 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2037 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:29.342663 0.060879 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:29.387191 0.232726 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:29.584665 0.176058 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:29.737066 0.055917 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:29.894976 0.175938 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2019 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:30.067287 0.239929 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:30.303649 0.153268 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:30.448770 0.354263 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:30.799212 0.597000 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:31.257072 0.191070 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:31.440859 0.113760 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:31.521185 0.182644 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:31.825236 0.415061 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:32.278743 0.203963 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:28:32.467546 0.192157 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:29:48.292461 3.004777 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 15:29:55.299985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:30:03.301574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:30:15.069094 0.000216 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 15:30:15.069420 3.003150 tcp 10.0.2.109 64777 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:30:19.304516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:30:24.072926 0.000000 tcp 10.0.2.109 64777 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:30:30.073266 0.052083 tcp 10.0.2.109 64778 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:30:30.125684 0.032202 tcp 10.0.2.109 64779 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:30:30.158187 0.122747 tcp 10.0.2.109 64780 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:30:30.290686 2.993819 tcp 10.0.2.109 64781 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:30:39.290114 0.000000 tcp 10.0.2.109 64781 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:30:45.282811 0.052204 tcp 10.0.2.109 64782 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:30:45.335361 0.032380 tcp 10.0.2.109 64783 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:30:45.368031 0.124437 tcp 10.0.2.109 64784 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:30:45.784220 3.008686 tcp 10.0.2.109 64785 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:30:51.310866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:30:54.785996 0.000000 tcp 10.0.2.109 64785 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:31:00.785182 2.993275 tcp 10.0.2.109 64786 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:31:09.786960 0.000000 tcp 10.0.2.109 64786 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:36:15.787091 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 15:36:15.787260 3.004280 tcp 10.0.2.109 64787 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:36:24.790348 0.000000 tcp 10.0.2.109 64787 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:36:30.790356 0.053193 tcp 10.0.2.109 64788 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:36:30.843825 0.032918 tcp 10.0.2.109 64789 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:36:30.877047 0.127645 tcp 10.0.2.109 64790 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:36:31.086442 2.997044 tcp 10.0.2.109 64791 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:36:40.082560 0.000000 tcp 10.0.2.109 64791 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:36:55.316886 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 15:37:02.324507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:37:10.325556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:37:26.328811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:37:58.334727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:41:46.083032 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 15:41:46.083144 3.003189 tcp 10.0.2.109 64792 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:41:55.085124 0.000000 tcp 10.0.2.109 64792 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:42:01.086386 0.052164 tcp 10.0.2.109 64793 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:42:01.138841 0.032543 tcp 10.0.2.109 64794 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:42:01.171652 0.127100 tcp 10.0.2.109 64795 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:42:01.915985 2.993500 tcp 10.0.2.109 64796 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:42:10.918428 0.000000 tcp 10.0.2.109 64796 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:44:02.340664 3.001862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 15:44:09.347890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:44:17.349558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:44:33.352473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:45:05.358422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:47:16.918191 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 15:47:16.918379 3.003435 tcp 10.0.2.109 64797 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:47:25.920627 0.000000 tcp 10.0.2.109 64797 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:47:31.921072 0.054481 tcp 10.0.2.109 64798 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:47:31.975894 0.032585 tcp 10.0.2.109 64799 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:47:32.008849 0.123507 tcp 10.0.2.109 64800 -> 195.113.214.249 443 SRPA* 0 0 21 12886 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:47:32.229048 2.994884 tcp 10.0.2.109 64801 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:47:41.222625 0.000000 tcp 10.0.2.109 64801 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:51:09.365168 3.001088 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 15:51:16.372543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:51:24.373561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:51:40.376756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:52:12.382559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:58:16.389877 3.072514 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 15:58:23.433780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:58:31.408956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:58:47.412457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:59:00.840132 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 15:59:00.840232 0.329269 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:01.322598 0.154989 rtp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:01.490283 0.168619 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:01.738744 0.152525 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:01.880553 0.141344 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:02.020127 0.170430 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:02.179396 0.091908 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:02.266426 3.000057 tcp 10.0.2.109 64802 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:59:02.282906 0.074628 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:02.339318 0.152907 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:02.479343 0.430928 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:02.871944 0.339526 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:03.312668 0.074276 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:03.433893 0.257190 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:03.654615 0.176142 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:03.808976 0.056907 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:03.964016 0.147653 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:04.103482 0.353629 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:04.453489 0.175629 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:04.679069 0.171795 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:04.848553 0.722785 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:05.352017 0.183323 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:05.528811 0.138198 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:05.673048 0.185435 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:05.900361 0.191075 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2015 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:06.083960 0.443141 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:06.552390 0.202851 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/21 15:59:11.264653 0.000000 tcp 10.0.2.109 64802 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:59:17.264922 0.053678 tcp 10.0.2.109 64803 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:59:17.318877 0.032126 tcp 10.0.2.109 64804 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:59:17.351274 0.127601 tcp 10.0.2.109 64805 -> 195.113.214.249 443 SRPA* 0 0 33 18798 flow=From-Botnet-V1-TCP-Established 1970/02/21 15:59:17.567015 2.991405 tcp 10.0.2.109 64806 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 15:59:19.416395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 15:59:26.566331 0.000000 tcp 10.0.2.109 64806 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:04:32.567198 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 16:04:32.567305 2.995013 tcp 10.0.2.109 64807 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:04:41.560458 0.000000 tcp 10.0.2.109 64807 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:04:47.708742 0.053513 tcp 10.0.2.109 64808 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:04:47.762612 0.032293 tcp 10.0.2.109 64809 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:04:47.795191 0.123507 tcp 10.0.2.109 64810 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:04:48.443718 2.977141 tcp 10.0.2.109 64811 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:04:57.361659 0.000000 tcp 10.0.2.109 64811 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:05:23.422407 3.001969 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 16:05:30.614250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:05:38.548635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:05:54.444130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:06:26.450446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:10:03.313245 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 16:10:03.313436 3.002660 tcp 10.0.2.109 64812 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:10:12.401704 0.000000 tcp 10.0.2.109 64812 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:10:18.356748 0.052803 tcp 10.0.2.109 64813 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:10:18.409868 0.031844 tcp 10.0.2.109 64814 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:10:18.442010 0.127047 tcp 10.0.2.109 64815 -> 195.113.214.249 443 SRPA* 0 0 34 18150 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:10:18.591299 2.972344 tcp 10.0.2.109 64816 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:10:27.557109 0.000000 tcp 10.0.2.109 64816 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:12:30.456255 3.001787 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 16:12:37.463743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:12:45.561578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:13:01.478574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:13:33.484424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:15:33.557493 0.000127 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 16:15:33.557703 3.003489 tcp 10.0.2.109 64817 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:15:42.560013 0.000000 tcp 10.0.2.109 64817 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:15:48.567504 0.053633 tcp 10.0.2.109 64818 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:15:48.621440 0.032542 tcp 10.0.2.109 64819 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:15:48.654508 0.124839 tcp 10.0.2.109 64820 -> 195.113.214.249 443 SRPA* 0 0 23 11914 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:15:48.799155 2.993811 tcp 10.0.2.109 64821 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:15:57.791977 0.000000 tcp 10.0.2.109 64821 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:19:37.490099 3.002008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 16:19:44.497947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:19:52.499320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:20:08.502756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:20:40.508477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:26:44.517560 2.998525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 16:26:51.521930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:26:59.525944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:27:15.526382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:27:47.532767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:29:07.810279 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 16:29:07.810388 0.168195 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:08.339275 0.146935 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:08.475324 0.328766 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2027 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:08.842606 0.156557 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:08.994786 0.141895 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:09.134585 0.176656 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:09.299934 0.080173 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:09.362172 0.070374 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:09.484480 0.152562 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:09.624124 1.418621 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:11.006026 0.351456 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:11.426213 0.062992 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:11.472912 0.249958 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:11.687845 0.178182 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:11.843501 0.055663 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:11.965907 0.178426 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:12.207694 0.177094 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 1983 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:12.381997 0.159254 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:12.533519 0.347775 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:12.877923 0.727584 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:13.365801 0.188768 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:13.680390 0.121422 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:13.765279 0.184047 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:13.983878 0.197922 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:14.165058 0.187850 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:14.345033 0.425618 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:29:18.844157 2.993518 tcp 10.0.2.109 64822 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:29:27.846544 0.000000 tcp 10.0.2.109 64822 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:29:33.846460 0.032701 tcp 10.0.2.109 64823 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:29:33.879057 0.032811 tcp 10.0.2.109 64824 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:29:33.912174 0.123474 tcp 10.0.2.109 64825 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:29:34.327460 3.005544 tcp 10.0.2.109 64826 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:29:43.335407 0.000000 tcp 10.0.2.109 64826 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:33:51.538197 3.001690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 16:33:58.545708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:34:06.547256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:34:22.550310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:34:49.329287 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 16:34:49.329474 3.003552 tcp 10.0.2.109 64827 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:34:54.556520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:34:58.331988 0.000000 tcp 10.0.2.109 64827 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:35:04.332407 0.054446 tcp 10.0.2.109 64828 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:35:04.387187 0.031650 tcp 10.0.2.109 64829 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:35:04.419105 0.123850 tcp 10.0.2.109 64830 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:35:04.651594 3.006986 tcp 10.0.2.109 64831 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:35:13.653823 0.000000 tcp 10.0.2.109 64831 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:40:19.654052 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 16:40:19.654150 2.993523 tcp 10.0.2.109 64832 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:40:28.656297 0.000000 tcp 10.0.2.109 64832 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:40:34.657045 0.044370 tcp 10.0.2.109 64833 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:40:34.701629 0.032706 tcp 10.0.2.109 64834 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:40:34.734631 0.122971 tcp 10.0.2.109 64835 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:40:35.668675 2.982388 tcp 10.0.2.109 64836 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:40:44.649722 0.000000 tcp 10.0.2.109 64836 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:40:58.564513 2.999411 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 16:41:05.573797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:41:13.571236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:41:29.574500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:42:01.580461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:45:50.670561 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 16:45:50.670746 3.003486 tcp 10.0.2.109 64837 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:45:59.673558 0.000000 tcp 10.0.2.109 64837 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:46:05.673965 0.032406 tcp 10.0.2.109 64838 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:46:05.706663 0.032135 tcp 10.0.2.109 64839 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:46:05.739086 0.123875 tcp 10.0.2.109 64840 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:46:06.116082 2.999909 tcp 10.0.2.109 64841 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:46:15.115131 0.000000 tcp 10.0.2.109 64841 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:48:05.588844 2.999353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 16:48:12.593755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:48:20.595259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:48:36.598438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:49:08.604258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:55:43.617455 2.999038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 16:55:50.622409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:55:58.623818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:56:14.626822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:56:46.633062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 16:59:23.298706 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 16:59:23.298898 0.319722 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:23.617483 0.167421 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:23.795481 0.143731 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:23.930939 0.160868 udp 10.0.2.109 3683 <-> 69.207.212.254 9571 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:24.102668 0.141396 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:24.241786 0.170426 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:24.401279 0.089961 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:24.472972 0.070946 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:24.527382 0.148407 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:24.668129 0.535372 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:25.166944 0.358397 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:25.547101 0.060581 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:25.590991 0.241509 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:25.799620 0.180128 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:25.958203 0.177256 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:26.132150 0.166705 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:26.290921 0.353679 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:26.640563 0.056232 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:26.701626 0.175734 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:26.892178 0.716805 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:27.349279 0.190490 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:27.531928 0.124162 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:27.623616 0.181038 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:27.797334 0.424660 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:28.223167 0.185484 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2536 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:28.433859 0.196667 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/21 16:59:36.167079 2.993956 tcp 10.0.2.109 64842 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:59:45.159428 0.000000 tcp 10.0.2.109 64842 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 16:59:51.170482 0.053692 tcp 10.0.2.109 64843 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:59:51.224426 0.031575 tcp 10.0.2.109 64844 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:59:51.256253 0.125117 tcp 10.0.2.109 64845 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 16:59:51.847919 3.006190 tcp 10.0.2.109 64846 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:00:00.851675 0.000000 tcp 10.0.2.109 64846 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:02:50.639190 3.001538 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 17:02:57.646088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:03:05.647808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:03:21.650791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:03:53.656180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:05:06.842504 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 17:05:06.842595 3.003068 tcp 10.0.2.109 64847 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:05:15.844817 0.000000 tcp 10.0.2.109 64847 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:05:21.845469 0.053438 tcp 10.0.2.109 64848 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:05:21.899215 0.031877 tcp 10.0.2.109 64849 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:05:21.931362 0.124556 tcp 10.0.2.109 64850 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:05:22.075066 2.993535 tcp 10.0.2.109 64851 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:05:31.076803 0.000000 tcp 10.0.2.109 64851 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:09:57.662458 3.002336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 17:10:04.670410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:10:12.671709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:10:28.676624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:10:37.077715 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 17:10:37.077873 3.003366 tcp 10.0.2.109 64852 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:10:46.079631 0.000000 tcp 10.0.2.109 64852 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:10:52.080301 0.053060 tcp 10.0.2.109 64853 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:10:52.133573 0.031929 tcp 10.0.2.109 64854 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:10:52.165770 0.130499 tcp 10.0.2.109 64855 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:10:52.310774 3.002481 tcp 10.0.2.109 64856 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:11:00.680914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:11:01.311614 0.000000 tcp 10.0.2.109 64856 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:16:07.312206 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 17:16:07.312367 3.003675 tcp 10.0.2.109 64857 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:16:16.314545 0.000000 tcp 10.0.2.109 64857 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:16:22.314904 0.052835 tcp 10.0.2.109 64858 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:16:22.368009 0.031906 tcp 10.0.2.109 64859 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:16:22.400184 0.124216 tcp 10.0.2.109 64860 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:16:22.554600 2.993131 tcp 10.0.2.109 64861 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:16:31.556335 0.000000 tcp 10.0.2.109 64861 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:17:04.687029 3.001795 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 17:17:11.694600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:17:19.695676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:17:35.699109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:18:07.704989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:24:11.711642 3.000945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 17:24:18.718536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:24:26.719645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:24:42.722637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:25:14.729014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:29:53.920560 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 17:29:53.920719 0.140532 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:29:54.052804 0.319389 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:29:54.370837 0.167288 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:29:54.554477 0.000000 udp 10.0.2.109 3683 -> 69.207.212.254 9571 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 17:30:07.610154 3.004064 tcp 10.0.2.109 64862 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:30:10.415731 0.032986 tcp 10.0.2.109 64863 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:30:10.448991 0.033534 tcp 10.0.2.109 64864 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:30:10.482848 0.124484 tcp 10.0.2.109 64865 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:30:10.608117 0.142093 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:10.748666 0.184921 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:10.921585 0.078092 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:10.980772 0.072074 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:11.035342 0.155156 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:11.180451 0.059408 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:11.226343 0.251043 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:11.442312 1.264808 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:12.671007 0.351296 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:13.022205 0.172518 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:13.171167 0.183907 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:13.352141 0.154942 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:13.499613 0.472999 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:13.968777 0.055217 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:14.025568 0.175794 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2554 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:14.208493 0.118911 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:14.293451 0.187076 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:14.473004 0.677811 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:14.930984 0.188812 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:15.112916 0.224980 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:15.321081 0.442642 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:15.775127 0.180906 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/21 17:30:16.612841 0.000000 tcp 10.0.2.109 64862 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:30:22.611852 0.030844 tcp 10.0.2.109 64866 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:30:22.642967 0.062037 tcp 10.0.2.109 64867 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:30:22.705264 0.127633 tcp 10.0.2.109 64868 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:30:22.850133 3.006935 tcp 10.0.2.109 64869 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:30:31.854823 0.000000 tcp 10.0.2.109 64869 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:31:18.733665 3.002364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 17:31:25.741701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:31:33.743789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:31:49.746923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:32:21.752974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:35:37.844928 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 17:35:37.845105 2.993626 tcp 10.0.2.109 64870 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:35:46.847684 0.000000 tcp 10.0.2.109 64870 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:35:52.848234 0.032384 tcp 10.0.2.109 64871 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:35:52.880830 0.031776 tcp 10.0.2.109 64872 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:35:52.912855 0.123143 tcp 10.0.2.109 64873 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:35:53.052182 2.998670 tcp 10.0.2.109 64874 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:36:02.049139 0.000000 tcp 10.0.2.109 64874 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:38:25.758704 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 17:38:32.765480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:38:40.767511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:38:56.770670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:39:28.776569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:41:08.053617 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 17:41:08.053740 3.000028 tcp 10.0.2.109 64875 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:41:17.052503 0.000000 tcp 10.0.2.109 64875 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:41:23.054718 0.032578 tcp 10.0.2.109 64876 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:41:23.087617 0.032032 tcp 10.0.2.109 64877 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:41:23.119982 0.123819 tcp 10.0.2.109 64878 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:41:23.252868 2.992807 tcp 10.0.2.109 64879 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:41:32.244441 0.000000 tcp 10.0.2.109 64879 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:45:32.782734 3.000940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 17:45:39.790206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:45:47.791757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:46:03.794625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:46:35.801527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:46:38.244935 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 17:46:38.245098 2.993532 tcp 10.0.2.109 64880 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:46:47.247155 0.000000 tcp 10.0.2.109 64880 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:46:53.247126 0.031870 tcp 10.0.2.109 64881 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:46:53.279286 0.032011 tcp 10.0.2.109 64882 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:46:53.311598 0.124449 tcp 10.0.2.109 64883 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 17:46:53.449684 3.000797 tcp 10.0.2.109 64884 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:47:02.449103 0.000000 tcp 10.0.2.109 64884 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 17:54:27.812191 3.000852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 17:54:34.823247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:54:42.821115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:54:58.823501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 17:55:30.829911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:00:32.083250 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 18:00:32.083451 0.000000 udp 10.0.2.109 3683 -> 69.207.212.254 9571 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 18:00:50.871652 0.032737 tcp 10.0.2.109 64885 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:00:50.904655 0.032492 tcp 10.0.2.109 64886 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:00:50.937483 0.125359 tcp 10.0.2.109 64887 -> 195.113.214.249 443 SRPA* 0 0 46 43438 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:00:51.063769 0.322306 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:51.491794 0.144267 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:51.639579 0.172019 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:51.809401 0.141674 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:51.949190 0.171629 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:52.110544 0.081264 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:52.172371 0.075601 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:52.233136 0.147596 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:52.372414 0.060339 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:52.416363 0.246443 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:52.626782 0.956084 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:53.504121 2.994565 tcp 10.0.2.109 64888 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:00:53.547600 0.360175 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:53.924653 0.178463 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:54.079246 0.175660 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:54.252332 0.159082 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:54.404080 0.402759 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:54.803157 0.055498 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:54.899957 0.173251 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:55.079637 0.115298 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:55.163566 0.189001 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:55.345074 0.726086 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:55.830737 0.421772 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:56.253656 0.182730 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:56.429994 0.205707 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:00:56.618559 0.180286 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:01:02.506649 0.000000 tcp 10.0.2.109 64888 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:01:08.505929 0.031104 tcp 10.0.2.109 64889 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:01:08.537343 0.031835 tcp 10.0.2.109 64890 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:01:08.569446 0.125621 tcp 10.0.2.109 64891 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:01:08.938738 3.001626 tcp 10.0.2.109 64892 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:01:17.939057 0.000000 tcp 10.0.2.109 64892 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:01:34.835699 3.002040 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 18:01:41.843007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:01:49.844887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:02:05.847582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:02:37.853800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:06:23.939825 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 18:06:23.940026 3.003109 tcp 10.0.2.109 64893 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:06:32.941633 0.000000 tcp 10.0.2.109 64893 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:06:38.942176 0.032370 tcp 10.0.2.109 64894 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:06:38.974792 0.032250 tcp 10.0.2.109 64895 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:06:39.007298 0.126969 tcp 10.0.2.109 64896 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:06:39.151930 3.003610 tcp 10.0.2.109 64897 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:06:48.153781 0.000000 tcp 10.0.2.109 64897 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:08:41.859411 3.001988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 18:08:48.867503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:08:56.869228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:09:12.871789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:09:44.881520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:11:54.154306 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 18:11:54.154526 2.993264 tcp 10.0.2.109 64898 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:12:03.156897 0.000000 tcp 10.0.2.109 64898 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:12:09.156651 0.032429 tcp 10.0.2.109 64899 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:12:09.189287 0.032567 tcp 10.0.2.109 64900 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:12:09.222320 0.124368 tcp 10.0.2.109 64901 -> 195.113.214.249 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:12:09.355885 2.993761 tcp 10.0.2.109 64902 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:12:18.348803 0.000000 tcp 10.0.2.109 64902 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:15:48.884046 3.001134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 18:15:55.891636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:16:03.892941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:16:19.895999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:16:51.901884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:17:24.359179 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 18:17:24.359370 3.004221 tcp 10.0.2.109 64903 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:17:33.361335 0.000000 tcp 10.0.2.109 64903 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:17:39.361729 0.031731 tcp 10.0.2.109 64904 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:17:39.393757 0.035078 tcp 10.0.2.109 64905 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:17:39.429138 0.124564 tcp 10.0.2.109 64906 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:17:39.583004 3.001520 tcp 10.0.2.109 64907 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:17:48.583131 0.000000 tcp 10.0.2.109 64907 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:22:55.907747 3.001744 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 18:23:02.915203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:23:10.916707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:23:26.919788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:23:58.926835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:30:02.932408 3.001072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 18:30:09.939095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:30:17.941036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:30:33.943635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:31:05.949741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:31:22.093738 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 18:31:22.093936 0.169698 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:22.278331 0.141590 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:22.418345 0.320380 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:22.737307 0.150219 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:22.876393 0.172269 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:23.037471 0.080343 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 5 1998 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:23.104247 0.071257 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:23.156585 0.153873 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:23.302628 0.057483 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:23.344517 0.252797 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:23.562276 1.385995 rtp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:24.637126 2.994132 tcp 10.0.2.109 64908 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:31:24.911200 0.349202 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:25.276372 0.175206 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:25.431348 0.229164 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:25.654007 0.149585 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:25.793458 0.353688 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:26.143588 0.059849 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:26.211434 0.189092 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:26.392940 0.697525 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:26.871718 0.173593 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:27.054921 0.114193 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:27.136287 0.234234 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:27.355050 0.451346 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:27.835080 0.196490 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:28.024336 0.182955 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/21 18:31:33.630015 0.000000 tcp 10.0.2.109 64908 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:31:39.639623 0.054104 tcp 10.0.2.109 64909 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:31:39.694016 0.032912 tcp 10.0.2.109 64910 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:31:39.727223 0.126698 tcp 10.0.2.109 64911 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:31:39.864367 2.998380 tcp 10.0.2.109 64912 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:31:48.861322 0.000000 tcp 10.0.2.109 64912 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:36:54.862394 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 18:36:54.862510 3.003070 tcp 10.0.2.109 64913 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:37:03.863868 0.000000 tcp 10.0.2.109 64913 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:37:09.864503 0.054093 tcp 10.0.2.109 64914 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:37:09.918883 0.031684 tcp 10.0.2.109 64915 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:37:09.950844 0.123446 tcp 10.0.2.109 64916 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:37:09.955517 3.001828 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 18:37:10.083394 3.004095 tcp 10.0.2.109 64917 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:37:16.963156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:37:19.096015 0.000000 tcp 10.0.2.109 64917 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:37:24.964712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:37:40.967283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:38:12.973865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:42:25.086796 0.000152 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 18:42:25.087062 2.993597 tcp 10.0.2.109 64918 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:42:34.079011 0.000000 tcp 10.0.2.109 64918 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:42:40.089308 0.054322 tcp 10.0.2.109 64919 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:42:40.143981 0.031974 tcp 10.0.2.109 64920 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:42:40.176219 0.122067 tcp 10.0.2.109 64921 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:42:40.321620 3.000847 tcp 10.0.2.109 64922 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:42:49.321072 0.000000 tcp 10.0.2.109 64922 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:44:16.979857 3.001393 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 18:44:23.987220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:44:31.988809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:44:47.991578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:45:19.997547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:47:55.321673 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 18:47:55.321845 3.007068 tcp 10.0.2.109 64923 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:48:04.323709 0.000000 tcp 10.0.2.109 64923 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:48:10.324534 0.054300 tcp 10.0.2.109 64924 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:48:10.379106 0.032477 tcp 10.0.2.109 64925 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:48:10.411865 0.124114 tcp 10.0.2.109 64926 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 18:48:10.630776 3.008488 tcp 10.0.2.109 64927 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:48:19.635726 0.000000 tcp 10.0.2.109 64927 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 18:53:45.007446 3.001117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 18:53:52.013808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:54:00.015375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:54:16.018696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 18:54:48.024478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:00:52.030231 3.001624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 19:00:59.037494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:01:07.039268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:01:23.042776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:01:38.154615 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 19:01:38.154764 0.320273 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:38.474041 0.154763 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:38.619323 0.166263 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:38.794871 0.136611 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:38.929915 0.172587 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:39.090856 0.079643 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:39.152400 0.069494 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:39.205778 0.157468 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:39.352744 0.060467 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:39.396685 0.244277 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:39.604140 0.195032 rtp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:39.763150 0.347076 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:40.111679 0.178529 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:40.268885 0.172809 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:40.438937 0.151877 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:40.586559 0.191851 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:40.678636 3.003224 tcp 10.0.2.109 64928 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:01:40.771309 0.885197 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:41.416145 0.377650 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:41.789736 0.055601 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:41.855895 0.173456 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:42.086796 0.127018 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:42.181162 0.195243 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:42.362679 0.449781 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:42.822782 0.190091 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:43.005350 0.190502 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:01:49.680805 0.000000 tcp 10.0.2.109 64928 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:01:55.048549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:01:55.680758 0.031856 tcp 10.0.2.109 64929 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:01:55.712887 0.032898 tcp 10.0.2.109 64930 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:01:55.746256 0.128548 tcp 10.0.2.109 64931 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:01:55.884041 2.999383 tcp 10.0.2.109 64932 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:02:04.882390 0.000000 tcp 10.0.2.109 64932 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:07:10.882661 0.000124 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 19:07:10.882867 3.004289 tcp 10.0.2.109 64933 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:07:19.885347 0.000000 tcp 10.0.2.109 64933 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:07:25.885410 0.054813 tcp 10.0.2.109 64934 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:07:25.940493 0.032940 tcp 10.0.2.109 64935 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:07:25.973730 0.123759 tcp 10.0.2.109 64936 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:07:26.107441 2.995114 tcp 10.0.2.109 64937 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:07:35.107269 0.000000 tcp 10.0.2.109 64937 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:07:59.054749 3.001919 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 19:08:06.062538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:08:14.063370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:08:30.066525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:09:02.072819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:12:41.107539 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 19:12:41.107796 3.005594 tcp 10.0.2.109 64938 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:12:50.110244 0.000000 tcp 10.0.2.109 64938 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:12:56.111028 0.032192 tcp 10.0.2.109 64939 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:12:56.143524 0.039869 tcp 10.0.2.109 64940 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:12:56.183696 0.126169 tcp 10.0.2.109 64941 -> 195.113.214.249 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:12:56.324582 2.998945 tcp 10.0.2.109 64942 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:13:05.322279 0.000000 tcp 10.0.2.109 64942 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:15:06.078813 3.001117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 19:15:13.085631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:15:21.087332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:15:37.090381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:16:09.096428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:18:11.322600 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 19:18:11.322773 3.003690 tcp 10.0.2.109 64943 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:18:20.325083 0.000000 tcp 10.0.2.109 64943 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:18:26.325048 0.053689 tcp 10.0.2.109 64944 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:18:26.379063 0.032941 tcp 10.0.2.109 64945 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:18:26.412259 0.189325 tcp 10.0.2.109 64946 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:18:26.618937 2.999667 tcp 10.0.2.109 64947 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:18:35.626481 0.000000 tcp 10.0.2.109 64947 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:22:13.102274 3.001506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 19:22:20.109492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:22:28.111032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:22:44.113900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:23:16.120509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:29:20.126294 3.001428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 19:29:27.133640 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:29:35.135350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:29:51.138651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:30:23.144231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:32:01.856874 0.000134 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 19:32:01.857134 0.166735 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:02.038794 0.141421 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:02.179313 0.320912 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:02.510407 0.162361 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:02.661358 0.171567 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:02.822360 0.082158 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:02.887785 0.072502 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:02.944075 0.153848 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:03.090559 0.059752 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:03.133559 0.242006 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:03.337302 0.350758 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:03.653423 0.363331 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:04.015727 0.177895 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:04.168771 0.245091 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:04.411045 0.147611 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:04.549077 0.187358 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:04.728287 0.057455 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:04.787100 0.716289 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:05.263995 0.353000 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:05.613258 0.172506 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:05.793607 0.115275 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:05.875733 0.202820 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:06.064322 0.449405 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:06.551042 0.187921 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:06.732165 0.183488 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/21 19:32:11.670693 3.003853 tcp 10.0.2.109 64948 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:32:20.672530 0.000000 tcp 10.0.2.109 64948 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:32:26.673459 0.032062 tcp 10.0.2.109 64949 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:32:26.705781 0.032159 tcp 10.0.2.109 64950 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:32:26.738243 0.125773 tcp 10.0.2.109 64951 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:32:26.874670 3.001342 tcp 10.0.2.109 64952 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:32:35.874948 0.000000 tcp 10.0.2.109 64952 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:36:27.150502 3.001462 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 19:36:34.157809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:36:42.160165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:36:58.161921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:37:30.168120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:37:41.875425 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 19:37:41.875522 2.993675 tcp 10.0.2.109 64953 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:37:50.878398 0.000000 tcp 10.0.2.109 64953 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:37:56.879617 0.032606 tcp 10.0.2.109 64954 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:37:56.912589 0.032315 tcp 10.0.2.109 64955 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:37:56.945281 0.124626 tcp 10.0.2.109 64956 -> 195.113.214.249 443 SRPA* 0 0 46 42982 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:37:57.081436 3.000002 tcp 10.0.2.109 64957 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:38:06.079614 0.000000 tcp 10.0.2.109 64957 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:43:12.080264 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 19:43:12.080417 3.003776 tcp 10.0.2.109 64958 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:43:21.082593 0.000000 tcp 10.0.2.109 64958 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:43:27.083010 0.031864 tcp 10.0.2.109 64959 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:43:27.115136 0.031858 tcp 10.0.2.109 64960 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:43:27.147249 0.122966 tcp 10.0.2.109 64961 -> 195.113.214.249 443 SRPA* 0 0 21 12394 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:43:27.283331 3.002673 tcp 10.0.2.109 64962 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:43:34.174912 3.001071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 19:43:36.284635 0.000000 tcp 10.0.2.109 64962 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:43:41.181748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:43:49.183148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:44:05.186119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:44:37.192153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:48:42.285119 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 19:48:42.285215 2.993630 tcp 10.0.2.109 64963 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:48:51.287545 0.000000 tcp 10.0.2.109 64963 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:48:57.287777 0.032202 tcp 10.0.2.109 64964 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:48:57.320323 0.032395 tcp 10.0.2.109 64965 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:48:57.352998 0.125558 tcp 10.0.2.109 64966 -> 195.113.214.249 443 SRPA* 0 0 22 12940 flow=From-Botnet-V1-TCP-Established 1970/02/21 19:48:57.492570 2.998429 tcp 10.0.2.109 64967 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:49:06.489187 0.000000 tcp 10.0.2.109 64967 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 19:50:41.198093 3.002927 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 19:50:48.205844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:50:56.207441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:51:12.210257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:51:44.216589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:57:48.223226 3.000409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 19:57:55.229537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:58:03.231111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:58:19.234124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 19:58:51.240079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:02:22.834740 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 20:02:22.834950 0.168765 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:23.014273 0.141495 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:23.153960 0.322298 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:23.476241 0.144705 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:23.692752 0.170875 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:23.852145 0.084682 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:23.938416 0.071895 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:23.993487 0.237106 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:24.195090 0.142587 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:24.302061 0.146915 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:24.440514 0.062704 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:24.486633 0.349013 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:24.836826 0.177426 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:25.171748 0.177713 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:25.440261 0.133128 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:25.613374 0.192063 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:25.870685 0.055773 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:25.937871 0.168444 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:26.116359 0.120863 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:26.204069 0.696469 rtcp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2028 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:26.660718 0.354575 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:27.072072 0.189092 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:27.253741 0.182786 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:27.721694 3.003192 tcp 10.0.2.109 64968 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:02:27.733041 0.195729 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:27.913923 0.445611 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:02:36.724654 0.000000 tcp 10.0.2.109 64968 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:02:42.725447 0.032630 tcp 10.0.2.109 64969 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:02:42.758391 0.032251 tcp 10.0.2.109 64970 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:02:42.790974 0.124959 tcp 10.0.2.109 64971 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:02:42.927472 2.999679 tcp 10.0.2.109 64972 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:02:51.935966 0.000000 tcp 10.0.2.109 64972 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:04:55.246061 3.003357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 20:05:02.253603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:05:10.254880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:05:26.257976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:05:58.264912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:07:57.926741 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 20:07:57.926866 2.993742 tcp 10.0.2.109 64973 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:08:06.918999 0.000000 tcp 10.0.2.109 64973 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:08:12.929503 0.033539 tcp 10.0.2.109 64974 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:08:12.963293 0.033057 tcp 10.0.2.109 64975 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:08:12.996657 0.124672 tcp 10.0.2.109 64976 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:08:13.168741 3.003637 tcp 10.0.2.109 64977 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:08:22.170923 0.000000 tcp 10.0.2.109 64977 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:12:02.270624 3.004218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 20:12:09.277473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:12:17.278813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:12:33.283730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:13:05.287871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:13:28.171554 0.000111 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 20:13:28.171755 3.003411 tcp 10.0.2.109 64978 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:13:37.173652 0.000000 tcp 10.0.2.109 64978 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:13:43.174069 0.031609 tcp 10.0.2.109 64979 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:13:43.205974 0.032310 tcp 10.0.2.109 64980 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:13:43.238593 0.127467 tcp 10.0.2.109 64981 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:13:43.375487 3.001695 tcp 10.0.2.109 64982 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:13:52.375608 0.000000 tcp 10.0.2.109 64982 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:18:58.376115 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 20:18:58.376302 2.993519 tcp 10.0.2.109 64983 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:19:07.372717 0.000000 tcp 10.0.2.109 64983 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:19:09.296624 2.999175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 20:19:13.382691 0.032171 tcp 10.0.2.109 64984 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:19:13.415140 0.032234 tcp 10.0.2.109 64985 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:19:13.447647 0.124232 tcp 10.0.2.109 64986 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:19:13.583356 2.998957 tcp 10.0.2.109 64987 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:19:16.302501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:19:22.580251 0.000000 tcp 10.0.2.109 64987 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:19:24.303109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:19:40.305975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:20:12.312090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:26:16.319933 2.999762 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 20:26:23.325535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:26:31.326945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:26:47.329999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:27:19.338618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:32:32.566299 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 20:32:32.566482 0.334436 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:32.899618 0.149188 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:33.038368 0.000000 udp 10.0.2.109 3683 -> 97.67.98.34 2636 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 20:32:43.632406 3.003361 tcp 10.0.2.109 64988 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:32:49.222273 0.031611 tcp 10.0.2.109 64989 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:32:49.254355 0.031798 tcp 10.0.2.109 64990 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:32:49.286411 0.123353 tcp 10.0.2.109 64991 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:32:49.410567 0.082435 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 1905 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:49.471955 0.168711 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:49.648702 0.141633 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:49.788368 0.070567 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:49.840634 0.245695 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:50.051058 0.088063 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:50.110789 0.153869 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:50.256651 0.058763 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:50.298578 0.348864 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:50.647824 0.178577 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:50.804973 0.179224 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:50.980388 0.138549 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:51.110853 0.194636 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:51.298668 0.055293 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:51.355707 0.673236 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:51.809790 0.173610 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:52.118680 0.126911 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:52.272163 0.180292 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:52.429513 0.204271 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:52.635046 0.000000 tcp 10.0.2.109 64988 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:32:53.417420 0.420381 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:53.834492 0.188814 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:54.015393 0.441751 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/21 20:32:58.633777 0.031231 tcp 10.0.2.109 64992 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:32:58.665263 0.032407 tcp 10.0.2.109 64993 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:32:58.697852 0.127179 tcp 10.0.2.109 64994 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:32:58.846458 2.992068 tcp 10.0.2.109 64995 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:33:07.846832 0.000000 tcp 10.0.2.109 64995 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:33:23.342268 3.005144 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 20:33:30.349372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:33:38.350674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:33:54.354450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:34:26.359821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:38:13.847578 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 20:38:13.847689 3.003442 tcp 10.0.2.109 64996 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:38:22.849596 0.000000 tcp 10.0.2.109 64996 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:38:28.850345 0.033118 tcp 10.0.2.109 64997 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:38:28.883736 0.033764 tcp 10.0.2.109 64998 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:38:28.917896 0.125295 tcp 10.0.2.109 64999 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:38:29.066173 2.996951 tcp 10.0.2.109 65000 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:38:38.061849 0.000000 tcp 10.0.2.109 65000 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:40:30.365913 3.001554 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 20:40:37.377452 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:40:45.375018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:41:01.377768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:41:33.384043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:43:44.062321 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 20:43:44.062488 3.003473 tcp 10.0.2.109 65001 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:43:53.064671 0.000000 tcp 10.0.2.109 65001 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:43:59.064821 0.031994 tcp 10.0.2.109 65002 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:43:59.097052 0.033178 tcp 10.0.2.109 65003 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:43:59.130540 0.124469 tcp 10.0.2.109 65004 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:43:59.265742 2.992532 tcp 10.0.2.109 65005 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:44:08.266821 0.000000 tcp 10.0.2.109 65005 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:47:37.390043 3.003034 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 20:47:44.397983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:47:52.399476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:48:08.402066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:48:40.407694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:49:14.267216 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 20:49:14.267409 2.993731 tcp 10.0.2.109 65006 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:49:23.259402 0.000000 tcp 10.0.2.109 65006 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:49:29.269703 0.032412 tcp 10.0.2.109 65007 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:49:29.302435 0.032042 tcp 10.0.2.109 65008 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:49:29.334749 0.126762 tcp 10.0.2.109 65009 -> 195.113.214.249 443 SRPA* 0 0 81 60946 flow=From-Botnet-V1-TCP-Established 1970/02/21 20:49:29.479805 3.003346 tcp 10.0.2.109 65010 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:49:38.481421 0.000000 tcp 10.0.2.109 65010 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 20:55:27.418591 2.998891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 20:55:34.423071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:55:42.424787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:55:58.427577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 20:56:30.433953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:02:34.438961 3.002387 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 21:02:41.446853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:02:49.448779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:03:05.451767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:03:12.241707 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 21:03:12.241982 2.906906 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:15.136978 0.325898 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:15.461481 0.142886 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:15.594678 0.142025 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:15.734731 0.071075 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:15.808816 0.088797 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:15.960120 0.167140 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:16.128666 0.244541 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:16.337168 0.087628 rtp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:16.658467 0.148060 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:16.799223 0.059472 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:16.842303 0.341823 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:17.193353 0.177945 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:17.347821 0.181830 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:17.522236 0.055466 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:17.846834 0.588214 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:18.295576 0.178168 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:18.470429 0.138898 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:18.601401 0.173284 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:18.775815 0.117801 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:18.858957 0.184139 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:19.017682 0.205214 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:19.206326 0.354341 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:19.556563 0.189006 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:19.738673 0.444746 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:03:29.536452 2.994366 tcp 10.0.2.109 65011 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:03:37.457596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:03:38.528973 0.000000 tcp 10.0.2.109 65011 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:03:44.539984 0.031558 tcp 10.0.2.109 65012 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:03:44.571876 0.032059 tcp 10.0.2.109 65013 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:03:44.604223 0.125027 tcp 10.0.2.109 65014 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:03:44.739253 3.003346 tcp 10.0.2.109 65015 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:03:53.741175 0.000000 tcp 10.0.2.109 65015 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:08:59.741858 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 21:08:59.741954 3.003386 tcp 10.0.2.109 65016 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:09:08.743438 0.000000 tcp 10.0.2.109 65016 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:09:14.744617 0.032860 tcp 10.0.2.109 65017 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:09:14.777798 0.032475 tcp 10.0.2.109 65018 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:09:14.810559 0.127908 tcp 10.0.2.109 65019 -> 195.113.214.249 443 SRPA* 0 0 21 12886 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:09:14.954839 3.002267 tcp 10.0.2.109 65020 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:09:23.955446 0.000000 tcp 10.0.2.109 65020 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:09:41.464397 3.000687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 21:09:48.471433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:09:56.472506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:10:12.475355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:10:44.481780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:14:29.956259 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 21:14:29.956422 2.994154 tcp 10.0.2.109 65021 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:14:38.948947 0.000000 tcp 10.0.2.109 65021 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:14:44.960403 0.033453 tcp 10.0.2.109 65022 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:14:44.994636 0.032823 tcp 10.0.2.109 65023 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:14:45.027733 0.128298 tcp 10.0.2.109 65024 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:14:45.175845 2.995981 tcp 10.0.2.109 65025 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:14:54.171074 0.000000 tcp 10.0.2.109 65025 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:16:48.487619 3.001454 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 21:16:55.494815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:17:03.496728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:17:19.499404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:17:51.505407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:20:00.171800 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 21:20:00.171899 3.002831 tcp 10.0.2.109 65026 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:20:09.175771 0.000000 tcp 10.0.2.109 65026 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:20:15.174466 0.032101 tcp 10.0.2.109 65027 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:20:15.206865 0.031981 tcp 10.0.2.109 65028 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:20:15.239208 0.125137 tcp 10.0.2.109 65029 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:20:15.373764 3.003158 tcp 10.0.2.109 65030 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:20:24.375349 0.000000 tcp 10.0.2.109 65030 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:23:55.512975 3.000278 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 21:24:02.519063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:24:10.520352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:24:26.523601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:24:58.529357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:31:02.535941 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 21:31:09.543005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:31:17.544305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:31:33.547379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:32:05.553347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:33:29.314280 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 21:33:29.314430 0.000000 udp 10.0.2.109 3683 -> 97.67.98.34 2636 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/21 21:33:48.062716 0.032536 tcp 10.0.2.109 65031 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:33:48.095544 0.033018 tcp 10.0.2.109 65032 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:33:48.128841 0.126302 tcp 10.0.2.109 65033 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:33:48.255714 0.344714 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:48.599541 0.138270 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:48.729463 0.141831 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:48.868878 0.070816 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1995 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:48.922576 0.266366 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:49.172495 0.087053 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:49.225890 0.147806 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:49.365296 0.059578 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:49.409368 0.168601 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:49.586400 0.245235 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:49.794667 0.356844 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:50.152897 0.179962 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:50.309005 0.191193 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:50.492863 0.054789 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:50.565250 0.138221 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:50.696283 0.175756 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:50.888205 0.126009 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:50.980248 0.929260 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:51.689012 0.171563 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:51.855928 0.185687 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:52.045719 0.202238 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:52.233121 0.355579 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:52.584902 0.190882 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:33:52.768464 0.441792 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/21 21:34:00.429042 3.005789 tcp 10.0.2.109 65034 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:34:09.431535 0.000000 tcp 10.0.2.109 65034 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:34:15.430923 0.030755 tcp 10.0.2.109 65035 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:34:15.462273 0.032637 tcp 10.0.2.109 65036 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:34:15.495156 0.123630 tcp 10.0.2.109 65037 -> 195.113.214.249 443 SRPA* 0 0 21 12016 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:34:15.629673 3.004965 tcp 10.0.2.109 65038 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:34:24.633296 0.000000 tcp 10.0.2.109 65038 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:38:09.560054 3.000929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 21:38:16.566782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:38:24.568663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:38:40.571214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:39:12.577335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:39:30.623545 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 21:39:30.623725 3.003851 tcp 10.0.2.109 65039 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:39:39.636098 0.000000 tcp 10.0.2.109 65039 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:39:45.626400 0.032330 tcp 10.0.2.109 65040 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:39:45.658993 0.033017 tcp 10.0.2.109 65041 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:39:45.692266 0.124723 tcp 10.0.2.109 65042 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:39:45.828911 3.000457 tcp 10.0.2.109 65043 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:39:54.828120 0.000000 tcp 10.0.2.109 65043 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:45:00.828914 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 21:45:00.829039 3.003774 tcp 10.0.2.109 65044 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:45:09.831235 0.000000 tcp 10.0.2.109 65044 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:45:15.831629 0.033852 tcp 10.0.2.109 65045 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:45:15.865769 0.032839 tcp 10.0.2.109 65046 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:45:15.898901 0.124936 tcp 10.0.2.109 65047 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:45:16.049711 3.004732 tcp 10.0.2.109 65048 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:45:16.584732 2.999922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 21:45:23.590885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:45:25.052931 0.000000 tcp 10.0.2.109 65048 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:45:31.592413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:45:47.595077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:46:19.601229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:50:31.053284 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 21:50:31.053507 3.003610 tcp 10.0.2.109 65049 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:50:40.055682 0.000000 tcp 10.0.2.109 65049 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:50:46.056127 0.032968 tcp 10.0.2.109 65050 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:50:46.089478 0.033441 tcp 10.0.2.109 65051 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:50:46.123214 0.125741 tcp 10.0.2.109 65052 -> 195.113.214.249 443 SRPA* 0 0 21 11766 flow=From-Botnet-V1-TCP-Established 1970/02/21 21:50:46.261009 2.998192 tcp 10.0.2.109 65053 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:50:55.267745 0.000000 tcp 10.0.2.109 65053 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 21:54:17.612568 3.000489 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 21:54:24.618780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:54:32.620422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:54:48.623178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 21:55:20.629342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:01:24.635478 3.003220 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 22:01:31.644024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:01:39.643998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:01:55.647196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:02:27.653180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:04:08.719044 0.000175 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 22:04:08.719343 0.200731 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:08.907555 0.141576 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:09.047214 0.073625 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:09.103243 0.355335 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:09.457442 0.145090 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:09.591913 0.096092 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:09.666913 0.206620 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:09.838925 0.147256 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:09.978260 0.063711 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:10.026656 0.169497 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:10.193593 0.253631 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:10.422795 0.348516 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:10.772518 0.182050 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:10.930702 0.192706 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:11.114852 0.054416 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:11.179857 0.141190 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:11.313393 0.175068 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:11.485753 0.182746 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:11.666108 0.122516 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:11.756135 0.775148 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:12.312786 0.351099 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:12.660496 0.188759 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:12.842302 0.186350 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:13.033008 0.196171 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:13.214329 0.396498 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:04:16.309561 3.004184 tcp 10.0.2.109 65054 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:04:25.312374 0.000000 tcp 10.0.2.109 65054 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:04:31.312769 0.032209 tcp 10.0.2.109 65055 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:04:31.345211 0.032911 tcp 10.0.2.109 65056 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:04:31.378470 0.108227 tcp 10.0.2.109 65057 -> 195.113.214.249 443 SRPA* 0 0 34 25422 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:04:31.588123 2.997053 tcp 10.0.2.109 65058 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:04:40.584276 0.000000 tcp 10.0.2.109 65058 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:08:31.659174 3.002058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 22:08:38.666990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:08:46.668424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:09:02.671197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:09:34.676552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:09:46.584504 0.000136 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 22:09:46.584731 2.994215 tcp 10.0.2.109 65059 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:09:55.587301 0.000000 tcp 10.0.2.109 65059 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:10:01.587282 0.032737 tcp 10.0.2.109 65060 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:10:01.620319 0.032923 tcp 10.0.2.109 65061 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:10:01.653539 0.122396 tcp 10.0.2.109 65062 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:10:01.785091 2.985524 tcp 10.0.2.109 65063 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:10:10.769274 0.000000 tcp 10.0.2.109 65063 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:15:16.779739 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 22:15:16.779946 3.003489 tcp 10.0.2.109 65064 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:15:25.781735 0.000000 tcp 10.0.2.109 65064 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:15:31.782435 0.032634 tcp 10.0.2.109 65065 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:15:31.815389 0.032597 tcp 10.0.2.109 65066 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:15:31.848313 0.129576 tcp 10.0.2.109 65067 -> 195.113.214.249 443 SRPA* 0 0 33 18058 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:15:31.990062 3.005282 tcp 10.0.2.109 65068 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:15:38.683578 3.001306 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 22:15:40.993719 0.000000 tcp 10.0.2.109 65068 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:15:45.690871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:15:53.691879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:16:09.694438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:16:41.701254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:20:46.984290 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 22:20:46.984447 2.993722 tcp 10.0.2.109 65069 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:20:55.987175 0.000000 tcp 10.0.2.109 65069 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:21:01.988169 0.031604 tcp 10.0.2.109 65070 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:21:02.020045 0.031860 tcp 10.0.2.109 65071 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:21:02.052207 0.124049 tcp 10.0.2.109 65072 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:21:02.193772 2.996473 tcp 10.0.2.109 65073 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:21:11.188865 0.000000 tcp 10.0.2.109 65073 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:22:45.707439 3.001354 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 22:22:52.714733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:23:00.716043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:23:16.719146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:23:48.724418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:29:52.731151 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 22:29:59.738915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:30:07.740104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:30:23.742955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:30:55.749403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:34:15.666271 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 22:34:15.666464 0.169454 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:15.826102 0.349532 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:16.176127 0.145376 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:16.312814 0.080015 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:16.373159 0.087190 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:16.425678 0.141400 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:16.565080 0.069288 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:16.619679 0.154216 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:16.771379 0.059491 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:16.815093 0.171406 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:16.983511 0.247339 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:17.191722 0.361707 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:17.239573 3.003667 tcp 10.0.2.109 65074 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:34:17.552549 0.180915 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:17.708943 0.138851 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:17.840241 0.175566 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:18.032457 0.180966 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:18.208134 0.118033 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:18.293386 0.182413 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:18.467861 0.055675 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:18.523591 0.697348 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:18.981699 0.354134 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:19.332157 0.188560 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:19.513162 0.452847 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:19.980325 0.176462 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:20.134028 0.203924 rtp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/21 22:34:26.241691 0.000000 tcp 10.0.2.109 65074 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:34:32.242320 0.033003 tcp 10.0.2.109 65075 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:34:32.275831 0.032569 tcp 10.0.2.109 65076 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:34:32.308702 0.125211 tcp 10.0.2.109 65077 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:34:32.443743 3.001133 tcp 10.0.2.109 65078 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:34:41.443444 0.000000 tcp 10.0.2.109 65078 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:36:59.754436 3.002798 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 22:37:06.761973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:37:14.764044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:37:30.766913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:38:02.773129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:39:47.444145 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 22:39:47.444329 3.003211 tcp 10.0.2.109 65079 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:39:56.456582 0.000000 tcp 10.0.2.109 65079 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:40:02.447010 0.052661 tcp 10.0.2.109 65080 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:40:02.499909 0.031975 tcp 10.0.2.109 65081 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:40:02.532235 0.123653 tcp 10.0.2.109 65082 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:40:02.664790 2.984820 tcp 10.0.2.109 65083 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:40:11.648496 0.000000 tcp 10.0.2.109 65083 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:44:06.778287 3.002384 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 22:44:13.786497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:44:21.788166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:44:37.791136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:45:09.796913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:45:17.662170 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 22:45:17.662354 3.001120 tcp 10.0.2.109 65084 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:45:26.661733 0.000000 tcp 10.0.2.109 65084 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:45:32.661770 0.053739 tcp 10.0.2.109 65085 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:45:32.715841 0.033130 tcp 10.0.2.109 65086 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:45:32.749305 0.124925 tcp 10.0.2.109 65087 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:45:33.000404 3.006257 tcp 10.0.2.109 65088 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:45:42.003325 0.000000 tcp 10.0.2.109 65088 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:50:48.003646 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 22:50:48.003820 2.993859 tcp 10.0.2.109 65089 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:50:57.006365 0.000000 tcp 10.0.2.109 65089 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:51:03.006876 0.031802 tcp 10.0.2.109 65090 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:51:03.038967 0.032476 tcp 10.0.2.109 65091 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:51:03.071787 0.178087 tcp 10.0.2.109 65092 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/21 22:51:03.259985 2.999334 tcp 10.0.2.109 65093 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:51:12.257764 0.000000 tcp 10.0.2.109 65093 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 22:53:34.806008 3.001120 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 22:53:41.813225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:53:49.815013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:54:05.817494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 22:54:37.823893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:00:41.830317 3.001256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 23:00:48.836789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:00:56.839255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:01:12.841548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:01:44.847751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:04:46.539369 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 23:04:46.539496 0.169718 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:46.698380 0.356867 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1877 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:47.062547 0.140936 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:47.194279 0.076623 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:47.253815 0.089883 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:47.305024 0.141303 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:47.465314 0.069786 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:47.517499 0.148080 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2584 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:47.777271 0.063605 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2611 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:47.908405 0.169552 rtp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:48.086470 0.251659 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:48.303881 0.345446 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:48.311909 3.003667 tcp 10.0.2.109 65094 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:04:48.658486 0.180198 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:48.815200 0.137282 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:48.948137 0.121918 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:49.036543 0.192562 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:49.221842 0.055356 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:49.349021 0.177004 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:49.573149 0.178576 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:49.747147 0.728046 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:50.215400 0.352556 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:50.592317 0.188979 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:50.774686 0.454006 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:51.242430 0.183301 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:51.410439 0.196487 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:04:57.314462 0.000000 tcp 10.0.2.109 65094 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:05:03.314970 0.032593 tcp 10.0.2.109 65095 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:05:03.347905 0.032553 tcp 10.0.2.109 65096 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:05:03.380771 0.132742 tcp 10.0.2.109 65097 -> 195.113.214.249 443 SRPA* 0 0 23 13166 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:05:03.557110 3.000416 tcp 10.0.2.109 65098 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:05:12.566087 0.000000 tcp 10.0.2.109 65098 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:07:48.853433 3.001566 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 23:07:55.861077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:08:03.862659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:08:19.865620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:08:51.871660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:10:18.556670 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 23:10:18.556846 2.993758 tcp 10.0.2.109 65099 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:10:27.548994 0.000000 tcp 10.0.2.109 65099 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:10:33.559486 0.052487 tcp 10.0.2.109 65100 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:10:33.612286 0.035182 tcp 10.0.2.109 65101 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:10:33.647843 0.127675 tcp 10.0.2.109 65102 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:10:33.791602 3.001073 tcp 10.0.2.109 65103 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:10:42.791218 0.000000 tcp 10.0.2.109 65103 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:14:55.877734 3.001513 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 23:15:02.884889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:15:10.886446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:15:26.889405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:15:48.791633 0.000186 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 23:15:48.791925 3.003487 tcp 10.0.2.109 65104 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:15:57.793959 0.000000 tcp 10.0.2.109 65104 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:15:58.895740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:16:03.794406 0.033121 tcp 10.0.2.109 65105 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:16:03.827888 0.033149 tcp 10.0.2.109 65106 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:16:03.861289 0.123644 tcp 10.0.2.109 65107 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:16:04.002426 3.004930 tcp 10.0.2.109 65108 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:16:13.006038 0.000000 tcp 10.0.2.109 65108 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:21:18.996258 0.000145 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 23:21:18.996495 2.993788 tcp 10.0.2.109 65109 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:21:27.988798 0.000000 tcp 10.0.2.109 65109 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:21:33.998937 0.031997 tcp 10.0.2.109 65110 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:21:34.031207 0.032879 tcp 10.0.2.109 65111 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:21:34.064338 0.133354 tcp 10.0.2.109 65112 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:21:34.207738 2.997446 tcp 10.0.2.109 65113 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:21:43.200852 0.000000 tcp 10.0.2.109 65113 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:22:02.901698 3.001749 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/21 23:22:09.908759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:22:17.910392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:22:33.913607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:23:05.919647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:29:09.926163 3.001195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 23:29:16.933054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:29:24.935145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:29:40.937602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:30:12.948518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:35:00.236870 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 23:35:00.237018 0.170896 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:00.396746 0.350543 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:00.766061 0.144077 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:00.902347 0.079887 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:00.963929 0.159281 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:01.087884 0.136768 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:01.224438 0.072329 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2624 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:01.278737 0.148427 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:01.419484 0.057673 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:01.461749 0.168136 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:01.629160 0.248437 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:01.841684 0.353917 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:02.196947 0.181407 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:02.353022 0.139240 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:02.484400 0.056367 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:02.556878 0.175658 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:02.737160 0.261075 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:02.992999 0.165289 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:03.124833 0.186842 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:03.303757 0.587203 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:03.770351 0.362376 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:04.128492 0.189180 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:04.263320 3.003300 tcp 10.0.2.109 65114 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:35:04.310587 0.204031 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:04.499000 0.452158 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:04.968496 0.182571 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/21 23:35:13.265416 0.000000 tcp 10.0.2.109 65114 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:35:19.265687 0.055613 tcp 10.0.2.109 65115 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:35:19.321572 0.031395 tcp 10.0.2.109 65116 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:35:19.353329 0.125973 tcp 10.0.2.109 65117 -> 195.113.214.249 443 SRPA* 0 0 21 12394 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:35:19.488451 3.000235 tcp 10.0.2.109 65118 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:35:28.497369 0.000000 tcp 10.0.2.109 65118 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:36:16.949397 3.001968 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 23:36:23.956981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:36:31.958858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:36:47.961887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:37:19.967383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:40:34.487512 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 23:40:34.487672 3.004043 tcp 10.0.2.109 65119 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:40:43.490061 0.000000 tcp 10.0.2.109 65119 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:40:49.490689 0.052617 tcp 10.0.2.109 65120 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:40:49.543587 0.032455 tcp 10.0.2.109 65121 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:40:49.576336 0.126792 tcp 10.0.2.109 65122 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:40:50.372392 3.004950 tcp 10.0.2.109 65123 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:40:59.377689 0.000000 tcp 10.0.2.109 65123 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:43:23.973790 3.001316 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 23:43:30.981062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:43:38.983044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:43:54.985425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:44:26.991482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:46:05.373681 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 23:46:05.373835 3.003561 tcp 10.0.2.109 65124 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:46:14.375831 0.000000 tcp 10.0.2.109 65124 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:46:20.376318 0.052851 tcp 10.0.2.109 65125 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:46:20.429488 0.032300 tcp 10.0.2.109 65126 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:46:20.462064 0.125984 tcp 10.0.2.109 65127 -> 195.113.214.249 443 SRPA* 0 0 41 22032 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:46:20.599287 2.999765 tcp 10.0.2.109 65128 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:46:29.607625 0.000000 tcp 10.0.2.109 65128 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:50:30.997418 3.001699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 23:50:38.005216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:50:46.007467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:51:02.009350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:51:34.015511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:51:35.598455 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/21 23:51:35.598670 3.003319 tcp 10.0.2.109 65129 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:51:44.604325 0.000000 tcp 10.0.2.109 65129 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:51:50.600806 0.053506 tcp 10.0.2.109 65130 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:51:50.654685 0.033401 tcp 10.0.2.109 65131 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:51:50.688383 0.127689 tcp 10.0.2.109 65132 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/21 23:51:51.595717 2.998594 tcp 10.0.2.109 65133 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:52:00.593279 0.000000 tcp 10.0.2.109 65133 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/21 23:57:38.024946 2.998247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/21 23:57:45.029261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:57:53.030498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:58:10.024533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/21 23:58:41.630482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:04:45.055659 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 00:04:52.062867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:05:00.064016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:05:16.067287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:05:27.734548 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:05:27.734645 0.140132 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:27.867264 0.081841 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 1889 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:28.045231 0.172998 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:28.263209 0.362794 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:28.627435 0.202464 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:28.797153 0.142745 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:28.940027 0.068895 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:28.991074 0.147134 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:29.129952 0.058089 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:29.171656 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:05:36.647073 3.004548 tcp 10.0.2.109 65134 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:05:45.649997 0.000000 tcp 10.0.2.109 65134 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:05:46.162653 0.056357 tcp 10.0.2.109 65135 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:05:46.219287 0.036454 tcp 10.0.2.109 65136 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:05:46.256139 0.128110 tcp 10.0.2.109 65137 -> 195.113.214.249 443 SRPA* 0 0 40 22642 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:05:46.384937 0.241535 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:46.590266 0.359592 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:46.971670 0.180961 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:47.128183 0.135944 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:47.259826 0.055148 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:47.331896 0.175752 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:47.503261 0.186163 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:47.682756 0.602624 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:48.073387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:05:48.162594 0.177612 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:48.335756 0.119830 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:48.420587 0.352727 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:48.797327 0.183300 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:48.973689 0.203307 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:49.161934 0.436775 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:49.666361 0.184576 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:05:51.648974 0.031682 tcp 10.0.2.109 65138 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:05:51.681008 0.032208 tcp 10.0.2.109 65139 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:05:51.713509 0.124054 tcp 10.0.2.109 65140 -> 195.113.214.249 443 SRPA* 0 0 25 14790 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:05:51.854971 2.998067 tcp 10.0.2.109 65141 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:06:00.851741 0.000000 tcp 10.0.2.109 65141 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:11:06.852470 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:11:06.852641 3.004033 tcp 10.0.2.109 65142 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:11:15.856581 0.000000 tcp 10.0.2.109 65142 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:11:21.855323 0.033724 tcp 10.0.2.109 65143 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:11:21.889343 0.032518 tcp 10.0.2.109 65144 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:11:21.922165 0.135220 tcp 10.0.2.109 65145 -> 195.113.214.249 443 SRPA* 0 0 22 12484 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:11:22.088107 2.999647 tcp 10.0.2.109 65146 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:11:31.096580 0.000000 tcp 10.0.2.109 65146 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:11:52.079317 3.002044 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 00:11:59.086701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:12:07.088292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:12:23.091683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:12:55.097555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:16:37.087066 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:16:37.087250 2.993705 tcp 10.0.2.109 65147 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:16:46.079483 0.000000 tcp 10.0.2.109 65147 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:16:52.089497 0.053068 tcp 10.0.2.109 65148 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:16:52.142841 0.032169 tcp 10.0.2.109 65149 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:16:52.175283 0.124133 tcp 10.0.2.109 65150 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:16:52.316332 2.996662 tcp 10.0.2.109 65151 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:17:01.311366 0.000000 tcp 10.0.2.109 65151 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:18:59.103622 3.001518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 00:19:06.110767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:19:14.112192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:19:30.115113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:20:02.121142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:22:07.311894 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:22:07.312104 3.003454 tcp 10.0.2.109 65152 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:22:16.314863 0.000000 tcp 10.0.2.109 65152 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:22:22.314796 0.055296 tcp 10.0.2.109 65153 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:22:22.370310 0.033340 tcp 10.0.2.109 65154 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:22:22.403927 0.140424 tcp 10.0.2.109 65155 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:22:22.557962 3.009575 tcp 10.0.2.109 65156 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:22:31.576068 0.000000 tcp 10.0.2.109 65156 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:26:06.128426 3.000283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 00:26:13.134808 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:26:21.136029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:26:37.139123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:27:09.145143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:33:13.151322 3.001528 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 00:33:20.158673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:33:28.160204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:33:44.163199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:34:16.169266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:36:16.512664 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:36:16.512850 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:36:32.006473 0.053260 tcp 10.0.2.109 65157 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:36:32.060096 0.032058 tcp 10.0.2.109 65158 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:36:32.092506 0.130003 tcp 10.0.2.109 65159 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:36:32.223054 0.143704 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:32.355150 4.953135 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 9 3400 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:32.710642 4.932306 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 7 2446 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:32.914639 0.083460 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:32.978415 0.141851 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:33.118979 0.174397 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:33.281883 0.153757 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:33.427827 0.065873 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:33.478291 0.060593 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:33.526607 0.245347 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:33.737517 0.365856 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:34.104773 0.181001 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:34.260101 0.146620 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:34.399130 0.054993 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:34.455728 0.176968 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:34.634540 0.190033 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:34.817192 0.116075 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:34.902948 0.354193 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:35.273210 0.192143 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2633 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:35.455524 0.681984 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:35.938308 0.197690 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2579 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:36.132301 0.182297 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:36.290241 0.205166 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:36.479841 0.446458 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:37.612970 3.003928 tcp 10.0.2.109 65160 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:36:37.642527 0.001564 udp 10.0.2.109 3683 <- 175.195.224.65 6553 RSP 0 0 5 2140 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:36:37.820733 0.239180 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 7 2874 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:38.024585 0.121778 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 8 3020 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:38.129316 0.274033 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 8 3018 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:38.395535 0.282821 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 8 3078 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:38.676922 0.336719 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 8 3075 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:39.003152 0.301301 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 8 2945 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:39.296927 0.099652 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3056 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:39.380609 0.100774 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 8 3096 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:39.463256 0.446907 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 8 3059 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:39.874066 0.730088 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 8 3008 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:40.627394 0.333953 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 8 3107 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:40.939281 0.282431 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 2997 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:41.213992 0.112528 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 2879 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:41.328007 0.347428 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 8 3211 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:41.671028 0.359684 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 3145 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:42.022052 0.220750 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 8 2861 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:42.209570 0.363734 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 8 2970 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:42.565403 1.211742 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 8 3034 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:43.537948 0.719718 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3195 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:44.254572 0.339308 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 3106 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:44.572731 0.388799 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 8 3012 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:44.947501 0.894446 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 8 2961 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:45.857213 0.330202 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3087 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:46.184532 0.161799 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 8 3086 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:46.322062 0.000000 udp 10.0.2.109 3683 -> 151.15.21.236 3293 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:36:46.618252 0.000000 tcp 10.0.2.109 65160 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:36:51.652259 0.620218 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 8 3242 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:52.300986 0.417440 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 8 3055 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:36:52.614757 0.054291 tcp 10.0.2.109 65161 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:36:52.669336 0.033804 tcp 10.0.2.109 65162 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:36:52.703414 0.207081 tcp 10.0.2.109 65163 -> 195.113.214.249 443 SRPA* 0 0 47 43036 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:36:52.719514 0.000000 udp 10.0.2.109 3683 -> 216.168.95.138 4111 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:36:52.921926 2.997129 tcp 10.0.2.109 65164 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:37:00.445678 0.088341 udp 10.0.2.109 3683 <-> 93.198.201.128 8279 CON 0 0 8 3210 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:37:00.547231 0.000000 udp 10.0.2.109 3683 -> 41.58.7.185 5510 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:37:01.927611 0.000000 tcp 10.0.2.109 65164 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:37:07.535709 0.000000 udp 10.0.2.109 3683 -> 220.189.251.66 3152 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:37:13.964826 0.665092 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 8 2909 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:37:14.646555 0.000000 udp 10.0.2.109 3683 -> 62.38.147.37 3738 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:37:19.913842 0.000000 udp 10.0.2.109 3683 -> 183.91.10.240 1413 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:37:27.514758 0.000000 udp 10.0.2.109 3683 -> 59.90.163.75 2515 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:37:34.104249 0.000000 udp 10.0.2.109 3683 -> 58.3.44.38 9858 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:37:38.930677 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:37:41.925544 0.000000 udp 10.0.2.109 3683 -> 184.148.69.170 5362 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:37:47.583228 0.000000 udp 10.0.2.109 3683 -> 203.206.220.184 6369 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:37:56.235726 0.000000 udp 10.0.2.109 3683 -> 49.49.130.188 1034 INT 0 1 143 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:38:02.554568 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:38:10.386355 0.000000 udp 10.0.2.109 3683 -> 80.177.13.21 7301 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:38:17.416233 0.000000 udp 10.0.2.109 3683 -> 12.249.121.22 7031 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:38:23.485320 0.000000 udp 10.0.2.109 3683 -> 80.111.142.169 1551 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:38:28.432409 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:38:31.977329 0.000000 udp 10.0.2.109 3683 -> 41.132.21.250 9627 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:38:39.958607 0.000000 udp 10.0.2.109 3683 -> 188.99.252.100 9554 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:38:47.569567 0.000000 udp 10.0.2.109 3683 -> 88.150.220.182 4418 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:38:54.109139 0.937408 udp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 8 3337 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:38:55.079431 0.701876 udp 10.0.2.109 3683 <-> 118.38.205.107 8776 CON 0 0 8 2690 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:38:55.803805 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:39:02.761859 1.771570 udp 10.0.2.109 3683 <-> 158.108.102.56 2433 CON 0 0 8 3188 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:39:04.544896 0.000000 udp 10.0.2.109 3683 -> 210.223.5.134 7099 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:39:10.702861 0.127782 udp 10.0.2.109 3683 -> 77.92.231.157 4539 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:39:10.830643 0.000000 icmp 77.92.231.157 0x0303 -> 10.0.2.109 0xbb11 URP 192 1 159 flow=Background 1970/02/22 00:39:15.429191 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:39:17.152581 0.688401 udp 10.0.2.109 3683 <-> 14.217.250.170 9628 CON 0 0 8 3195 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:39:17.860712 0.000000 udp 10.0.2.109 3683 -> 223.219.51.49 9143 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:39:25.233909 0.301684 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 8 3108 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:39:25.754808 0.000000 udp 10.0.2.109 3683 -> 221.125.181.11 1365 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:39:31.162036 0.195522 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 8 3042 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:39:31.324937 0.354271 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 8 3193 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:39:31.661571 0.000000 udp 10.0.2.109 3683 -> 114.34.75.78 4067 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:39:40.275440 0.000000 udp 10.0.2.109 3683 -> 59.90.243.29 4898 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:39:45.452973 0.112067 udp 10.0.2.109 3683 <-> 89.142.67.240 2101 CON 0 0 8 3063 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:39:45.567568 0.000000 udp 10.0.2.109 3683 -> 82.80.253.232 3340 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:39:50.770390 0.067093 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 8 2942 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:39:50.856244 0.000000 udp 10.0.2.109 3683 -> 218.222.66.125 5829 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:39:58.661746 0.000000 udp 10.0.2.109 3683 -> 66.60.158.190 6933 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:40:03.428814 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:40:04.379896 0.000000 udp 10.0.2.109 3683 -> 82.35.164.181 6878 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:40:13.012210 0.683730 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 8 3089 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:40:13.714944 0.000000 udp 10.0.2.109 3683 -> 61.115.116.150 9460 INT 0 1 308 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:40:20.175263 3.001507 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 00:40:20.533187 0.000000 udp 10.0.2.109 3683 -> 115.242.208.255 4200 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:40:27.072918 0.000000 udp 10.0.2.109 3683 -> 174.112.16.103 1366 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:40:27.182743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:40:34.353263 0.112352 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 8 3052 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:40:34.649040 0.000000 udp 10.0.2.109 3683 -> 223.218.223.39 2238 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:40:35.184584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:40:41.653426 0.000000 udp 10.0.2.109 3683 -> 109.155.69.175 7533 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:40:47.201886 0.776145 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 8 3059 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:40:47.970212 0.000000 udp 10.0.2.109 3683 -> 109.100.90.91 2279 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:40:51.189596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:40:51.929633 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:40:55.043066 0.221108 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 8 2926 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:40:55.232375 0.000000 udp 10.0.2.109 3683 -> 222.167.170.91 8540 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:41:03.004246 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:41:08.672481 0.135993 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 8 3304 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:41:08.800217 0.100962 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3184 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:41:08.928554 0.000000 udp 10.0.2.109 3683 -> 98.232.128.86 7636 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:41:17.825431 2.237781 udp 10.0.2.109 3683 <-> 14.97.206.254 1405 CON 0 0 8 3158 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:41:19.977464 0.120385 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 8 2872 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:41:20.104802 0.000000 udp 10.0.2.109 3683 -> 5.97.99.146 1590 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:41:23.193334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:41:25.816919 0.725241 udp 10.0.2.109 3683 <-> 183.23.152.108 1354 CON 0 0 7 2953 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:41:31.281777 0.000000 udp 10.0.2.109 3683 -> 190.99.48.118 3489 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:41:39.606978 0.000000 udp 10.0.2.109 3683 -> 173.218.242.88 6352 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:41:44.437385 0.000128 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:41:47.579764 0.000000 udp 10.0.2.109 3683 -> 219.91.192.252 7467 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:41:52.655717 0.000000 udp 10.0.2.109 3683 -> 87.21.168.184 3801 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:42:00.016064 0.000000 udp 10.0.2.109 3683 -> 79.131.40.214 2378 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:42:05.573963 0.000000 udp 10.0.2.109 3683 -> 178.148.7.172 9758 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:42:07.917669 3.004013 tcp 10.0.2.109 65165 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:42:11.493028 0.000000 udp 10.0.2.109 3683 -> 94.214.8.223 7125 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:42:16.920734 0.000000 tcp 10.0.2.109 65165 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:42:18.194377 0.458944 udp 10.0.2.109 3683 <-> 64.218.242.91 6673 CON 0 0 8 2939 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:42:18.629372 0.113248 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 8 3278 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:42:18.774906 0.000000 udp 10.0.2.109 3683 -> 87.22.193.31 2101 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:42:22.920510 0.033384 tcp 10.0.2.109 65166 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:42:22.954270 0.036345 tcp 10.0.2.109 65167 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:42:22.990918 0.129048 tcp 10.0.2.109 65168 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:42:23.140045 3.004810 tcp 10.0.2.109 65169 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:42:27.175460 0.110058 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 8 3100 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:42:27.307450 0.000000 udp 10.0.2.109 3683 -> 176.224.106.139 1452 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:42:32.142494 0.000000 tcp 10.0.2.109 65169 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:42:34.175656 1.300425 udp 10.0.2.109 3683 <-> 125.24.2.37 7892 CON 0 0 8 2937 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:42:35.458388 0.000000 udp 10.0.2.109 3683 -> 58.211.29.98 8870 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:42:38.141577 0.037976 tcp 10.0.2.109 65170 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:42:38.179905 0.032201 tcp 10.0.2.109 65171 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:42:38.212368 0.126973 tcp 10.0.2.109 65172 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:42:38.367302 2.998148 tcp 10.0.2.109 65173 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:42:44.301173 0.000000 udp 10.0.2.109 3683 -> 81.221.185.211 5512 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:42:47.364347 0.000000 tcp 10.0.2.109 65173 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:42:50.478722 0.000000 udp 10.0.2.109 3683 -> 24.127.207.29 7639 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:42:53.363255 3.003836 tcp 10.0.2.109 65174 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:42:59.371721 0.000000 udp 10.0.2.109 3683 -> 77.78.89.186 2697 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:43:02.366138 0.000000 tcp 10.0.2.109 65174 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:43:04.800381 0.000000 udp 10.0.2.109 3683 -> 92.134.97.104 5721 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:43:09.956790 0.000000 udp 10.0.2.109 3683 -> 115.242.43.126 1625 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:43:16.816059 0.000000 udp 10.0.2.109 3683 -> 50.75.23.153 8035 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 00:43:23.936649 0.449322 udp 10.0.2.109 3683 <-> 65.78.163.43 7183 CON 0 0 8 3115 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:43:24.393472 0.180413 rtp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 8 2932 flow=From-Botnet-V1-UDP-Established 1970/02/22 00:43:28.936713 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:47:27.200486 3.000336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 00:47:34.206635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:47:42.207840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:47:58.211032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:48:08.366268 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:48:08.366381 2.993563 tcp 10.0.2.109 65175 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:48:17.358795 0.000000 tcp 10.0.2.109 65175 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:48:23.369131 0.056063 tcp 10.0.2.109 65176 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:48:23.425454 0.032038 tcp 10.0.2.109 65177 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:48:23.457772 0.140085 tcp 10.0.2.109 65178 -> 195.113.214.249 443 SRPA* 0 0 43 36184 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:48:23.615709 2.998735 tcp 10.0.2.109 65179 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:48:30.217285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:48:32.610727 0.000000 tcp 10.0.2.109 65179 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:48:38.609960 0.053237 tcp 10.0.2.109 65180 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:48:38.663553 0.032032 tcp 10.0.2.109 65181 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:48:38.695890 0.131200 tcp 10.0.2.109 65182 -> 195.113.214.249 443 SRPA* 0 0 25 14790 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:48:38.837857 3.005654 tcp 10.0.2.109 65183 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:48:47.842661 0.000000 tcp 10.0.2.109 65183 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:48:53.831433 3.003870 tcp 10.0.2.109 65184 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:49:02.833874 0.000000 tcp 10.0.2.109 65184 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:54:08.855480 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 00:54:08.855639 2.992390 tcp 10.0.2.109 65185 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:54:17.856723 0.000000 tcp 10.0.2.109 65185 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:54:23.858546 0.053465 tcp 10.0.2.109 65186 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:54:23.912283 0.033392 tcp 10.0.2.109 65187 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:54:23.945979 0.140358 tcp 10.0.2.109 65188 -> 195.113.214.249 443 SRPA* 0 0 33 18134 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:54:24.105624 2.995016 tcp 10.0.2.109 65189 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:54:33.098939 0.000000 tcp 10.0.2.109 65189 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:54:39.098208 0.055006 tcp 10.0.2.109 65190 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:54:39.153867 0.034354 tcp 10.0.2.109 65191 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:54:39.188552 0.136288 tcp 10.0.2.109 65192 -> 195.113.214.249 443 SRPA* 0 0 21 11766 flow=From-Botnet-V1-TCP-Established 1970/02/22 00:54:39.339310 3.003051 tcp 10.0.2.109 65193 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:54:48.342598 0.000000 tcp 10.0.2.109 65193 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:54:54.339577 3.003996 tcp 10.0.2.109 65194 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:55:03.342533 0.000000 tcp 10.0.2.109 65194 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 00:55:26.227648 3.002193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 00:55:33.235526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:55:41.236597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:55:57.239616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 00:56:29.245764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:00:09.343149 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 01:00:09.343315 3.003398 tcp 10.0.2.109 65195 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:00:18.345227 0.000000 tcp 10.0.2.109 65195 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:00:24.346272 0.055065 tcp 10.0.2.109 65196 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:00:24.401746 0.033244 tcp 10.0.2.109 65197 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:00:24.435227 0.127716 tcp 10.0.2.109 65198 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:00:24.748506 2.999835 tcp 10.0.2.109 65199 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:00:33.756714 0.000000 tcp 10.0.2.109 65199 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:00:39.746600 0.053533 tcp 10.0.2.109 65200 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:00:39.800391 0.032519 tcp 10.0.2.109 65201 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:00:39.833170 0.134680 tcp 10.0.2.109 65202 -> 195.113.214.249 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:00:39.979250 3.001417 tcp 10.0.2.109 65203 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:00:48.979418 0.000000 tcp 10.0.2.109 65203 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:00:54.978037 3.004541 tcp 10.0.2.109 65204 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:01:03.980797 0.000000 tcp 10.0.2.109 65204 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:02:33.261823 3.001561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 01:02:40.269464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:02:48.270717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:03:04.273680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:03:36.279938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:06:09.991470 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 01:06:09.991556 3.003611 tcp 10.0.2.109 65205 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:06:18.993776 0.000000 tcp 10.0.2.109 65205 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:06:25.006252 0.055226 tcp 10.0.2.109 65206 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:06:25.061742 0.034905 tcp 10.0.2.109 65207 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:06:25.096895 0.127781 tcp 10.0.2.109 65208 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:06:25.236988 3.000133 tcp 10.0.2.109 65209 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:06:34.236694 0.000000 tcp 10.0.2.109 65209 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:09:40.285955 3.001651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 01:09:47.293339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:09:55.294790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:10:11.297887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:10:43.303886 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:13:25.026303 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 01:13:25.026451 0.354259 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:25.391966 0.140806 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:25.524687 0.141791 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:25.745801 0.242140 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:25.954889 0.101040 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:26.034889 0.172313 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:26.195789 0.146372 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:26.333799 0.068477 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:26.386566 0.058112 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:26.430440 0.259545 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:26.654659 0.359134 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:27.027946 0.182062 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2542 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:27.184706 0.167700 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:27.361771 0.139513 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:27.492021 0.055102 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:27.548505 0.181940 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:27.723476 0.118806 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:27.865595 0.190802 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:28.048578 0.654616 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:28.503743 0.353668 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:28.892919 0.185777 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:29.084786 0.196945 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:29.265241 0.446199 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:29.731046 0.097677 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:29.798564 0.177659 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:29.971121 0.218905 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:30.179876 0.308775 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:30.489965 0.046850 udp 10.0.2.109 3683 <-> 93.198.201.128 8279 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:30.533017 0.335680 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:13:30.866296 0.000000 udp 10.0.2.109 3683 -> 118.38.205.107 8776 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:13:40.248366 3.004427 tcp 10.0.2.109 65210 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:13:46.929382 0.052983 tcp 10.0.2.109 65211 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:13:46.982634 0.037558 tcp 10.0.2.109 65212 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:13:47.020494 0.148056 tcp 10.0.2.109 65213 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:13:47.169085 0.000000 udp 10.0.2.109 3683 -> 182.93.184.4 7222 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:13:49.251146 0.000000 tcp 10.0.2.109 65210 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:13:55.250385 0.052381 tcp 10.0.2.109 65214 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:13:55.303065 0.035880 tcp 10.0.2.109 65215 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:13:55.339222 0.136973 tcp 10.0.2.109 65216 -> 195.113.214.249 443 SRPA* 0 0 23 13166 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:13:55.490369 3.004335 tcp 10.0.2.109 65217 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:14:03.691949 0.052589 tcp 10.0.2.109 65218 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:14:03.744792 0.037513 tcp 10.0.2.109 65219 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:14:03.782566 0.140772 tcp 10.0.2.109 65220 -> 195.113.214.249 443 SRPA* 0 0 22 11784 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:14:03.923989 0.240099 udp 10.0.2.109 3683 <-> 158.108.102.56 2433 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:04.163164 0.342314 udp 10.0.2.109 3683 <-> 14.217.250.170 9628 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:04.493240 0.000000 tcp 10.0.2.109 65217 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:14:04.505014 0.150642 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:04.679134 0.146161 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:04.781931 0.114246 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:04.854671 0.000000 udp 10.0.2.109 3683 -> 89.142.67.240 2101 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:14:21.247970 0.058639 tcp 10.0.2.109 65221 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:14:21.306874 0.033621 tcp 10.0.2.109 65222 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:14:21.340831 0.129077 tcp 10.0.2.109 65223 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:14:21.470630 0.035104 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:21.508936 0.349397 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:21.878608 0.057223 rtp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:21.946168 0.396027 udp 10.0.2.109 3683 <-> 165.228.90.158 4389 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:22.324184 0.512429 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:22.796259 0.080260 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:22.883403 0.055005 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:22.936299 0.000000 udp 10.0.2.109 3683 -> 14.97.206.254 1405 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:14:38.232209 0.053508 tcp 10.0.2.109 65224 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:14:38.286015 0.032457 tcp 10.0.2.109 65225 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:14:38.318749 0.127068 tcp 10.0.2.109 65226 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:14:38.446375 0.074123 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:38.506059 0.479349 udp 10.0.2.109 3683 <-> 183.23.152.108 1354 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:38.954030 0.054964 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:39.036747 0.054987 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:14:39.093081 0.092215 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:16:47.310553 3.001747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 01:16:54.317442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:17:02.318647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:17:18.321847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:17:50.327668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:19:10.483208 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 01:19:10.483323 3.004007 tcp 10.0.2.109 65227 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:19:19.487213 0.000000 tcp 10.0.2.109 65227 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:19:25.486487 0.033209 tcp 10.0.2.109 65228 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:19:25.520057 0.031772 tcp 10.0.2.109 65229 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:19:25.552157 0.125646 tcp 10.0.2.109 65230 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:19:25.687146 2.992192 tcp 10.0.2.109 65231 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:19:34.687854 0.000000 tcp 10.0.2.109 65231 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:23:54.334084 3.001223 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 01:24:01.341630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:24:09.342730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:24:25.345521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:24:40.688294 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 01:24:40.688474 3.003733 tcp 10.0.2.109 65232 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:24:49.690977 0.000000 tcp 10.0.2.109 65232 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:24:55.690992 0.032946 tcp 10.0.2.109 65233 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:24:55.724234 0.039040 tcp 10.0.2.109 65234 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:24:55.763522 0.131463 tcp 10.0.2.109 65235 -> 195.113.214.249 443 SRPA* 0 0 22 12484 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:24:55.922623 3.001295 tcp 10.0.2.109 65236 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:24:57.351630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:25:04.922851 0.000000 tcp 10.0.2.109 65236 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:30:10.923868 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 01:30:10.923967 3.003004 tcp 10.0.2.109 65237 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:30:19.925514 0.000000 tcp 10.0.2.109 65237 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:30:25.925962 0.033395 tcp 10.0.2.109 65238 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:30:25.959660 0.033249 tcp 10.0.2.109 65239 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:30:25.993185 0.133793 tcp 10.0.2.109 65240 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:30:26.155222 2.993597 tcp 10.0.2.109 65241 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:30:35.147526 0.000000 tcp 10.0.2.109 65241 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:31:01.357664 4.621247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 01:31:09.937033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:31:17.834371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:31:33.632072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:32:05.256416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:35:41.157881 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 01:35:41.157996 3.003830 tcp 10.0.2.109 65242 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:35:50.160679 0.000000 tcp 10.0.2.109 65242 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:35:56.160559 0.054888 tcp 10.0.2.109 65243 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:35:56.215724 0.035855 tcp 10.0.2.109 65244 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:35:56.251886 0.139295 tcp 10.0.2.109 65245 -> 195.113.214.249 443 SRPA* 0 0 25 14904 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:35:56.698864 3.004998 tcp 10.0.2.109 65246 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:36:05.702899 0.000000 tcp 10.0.2.109 65246 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 01:38:08.391645 3.001754 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 01:38:15.399096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:38:23.400781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:38:39.403812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:39:11.409779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:44:47.463548 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 01:44:47.463686 0.000000 udp 10.0.2.109 3683 -> 182.93.184.4 7222 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:45:03.747896 0.032726 tcp 10.0.2.109 65247 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:03.780883 0.032824 tcp 10.0.2.109 65248 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:03.813974 0.126160 tcp 10.0.2.109 65249 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:03.940723 0.000000 udp 10.0.2.109 3683 -> 118.38.205.107 8776 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:45:15.419339 2.997957 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 01:45:22.053289 0.033177 tcp 10.0.2.109 65250 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:22.086787 0.033203 tcp 10.0.2.109 65251 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:22.120310 0.189158 tcp 10.0.2.109 65252 -> 195.113.214.249 443 SRPA* 0 0 23 12578 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:22.310218 0.000000 udp 10.0.2.109 3683 -> 89.142.67.240 2101 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:45:22.422984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:45:30.424546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:45:37.765001 0.034395 tcp 10.0.2.109 65253 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:37.799668 0.035068 tcp 10.0.2.109 65254 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:37.835033 0.134533 tcp 10.0.2.109 65255 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:37.970141 0.000000 udp 10.0.2.109 3683 -> 14.97.206.254 1405 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:45:46.427540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:45:56.652837 0.035833 tcp 10.0.2.109 65256 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:56.688520 0.037295 tcp 10.0.2.109 65257 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:56.726191 0.132557 tcp 10.0.2.109 65258 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:45:56.859291 0.142062 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:57.029126 0.138778 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:57.160206 0.329523 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:57.518722 0.152378 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:57.636533 0.060224 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:57.681441 0.243253 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:57.889298 0.173104 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:58.050709 0.079133 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:58.112150 0.065386 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:58.162623 0.168217 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:58.835139 0.186311 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:59.013491 0.175758 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:59.184443 0.180093 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:59.341019 0.346003 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:59.695548 0.055333 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:59.758773 0.135920 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:45:59.890584 0.117983 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:00.029409 0.191605 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:00.213804 0.354464 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:00.564451 0.842586 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:01.288034 0.185903 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:01.467504 0.097530 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:01.533712 0.189994 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:01.745926 0.452048 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:02.207539 0.207649 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:02.401170 0.221131 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:02.612357 0.047300 udp 10.0.2.109 3683 <-> 93.198.201.128 8279 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:02.655738 0.325914 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:02.978987 0.304325 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:03.304578 0.144162 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:03.449750 0.142300 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:03.556957 0.114752 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:03.630429 0.000000 udp 10.0.2.109 3683 -> 14.217.250.170 9628 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:46:11.724052 0.485666 tcp 10.0.2.109 65259 -> 176.73.169.112 1959 FSPA* 0 0 14 1548 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:18.435795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:46:20.667497 0.032199 tcp 10.0.2.109 65260 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:20.700016 0.032226 tcp 10.0.2.109 65261 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:20.732537 0.134543 tcp 10.0.2.109 65262 -> 195.113.214.249 443 SRPA* 0 0 46 37242 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:20.867665 0.000000 udp 10.0.2.109 3683 -> 158.108.102.56 2433 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:46:37.923569 0.033465 tcp 10.0.2.109 65263 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:37.957331 0.034144 tcp 10.0.2.109 65264 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:37.991735 0.132344 tcp 10.0.2.109 65265 -> 195.113.214.249 443 SRPA* 0 0 40 22014 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:38.124727 0.035019 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:38.158525 0.056247 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:38.216652 0.343459 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:38.557937 0.050066 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:38.601184 0.141399 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:38.701847 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 01:46:56.999935 0.034524 tcp 10.0.2.109 65266 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:57.034777 0.036578 tcp 10.0.2.109 65267 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:57.071699 0.131418 tcp 10.0.2.109 65268 -> 195.113.214.249 443 SRPA* 0 0 40 21314 flow=From-Botnet-V1-TCP-Established 1970/02/22 01:46:57.203729 0.080221 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:57.299710 0.377447 udp 10.0.2.109 3683 <-> 183.23.152.108 1354 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:57.649659 0.073276 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:57.708305 0.096526 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2489 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:57.796805 0.054854 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:46:57.862065 0.057224 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/22 01:54:20.449111 3.002038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 01:54:27.456954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:54:35.458405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:54:51.461380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 01:55:23.467414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:01:27.473990 3.000774 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 02:01:34.480834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:01:42.482157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:01:58.492491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:02:30.491296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:08:34.497341 3.001770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 02:08:41.504626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:08:49.506309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:09:05.509275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:09:37.515136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:15:41.520346 3.002929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 02:15:48.528540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:15:56.530027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:16:12.213237 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 02:16:12.213387 0.521827 tcp 10.0.2.109 65269 -> 176.73.169.112 1959 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:16:12.533102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:16:44.539413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:17:05.830190 0.000000 udp 10.0.2.109 3683 -> 14.217.250.170 9628 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 02:17:10.436468 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 02:17:24.768639 0.055159 tcp 10.0.2.109 65270 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:17:24.824116 0.033172 tcp 10.0.2.109 65271 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:17:24.857603 0.136298 tcp 10.0.2.109 65272 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:17:24.994472 0.000000 udp 10.0.2.109 3683 -> 158.108.102.56 2433 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 02:17:40.590448 0.055444 tcp 10.0.2.109 65273 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:17:40.646246 0.032830 tcp 10.0.2.109 65274 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:17:40.679464 0.140424 tcp 10.0.2.109 65275 -> 195.113.214.249 443 SRPA* 0 0 40 22642 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:17:40.820390 0.000000 udp 10.0.2.109 3683 -> 165.228.90.158 4389 INT 0 1 267 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 02:17:58.636201 0.053410 tcp 10.0.2.109 65276 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:17:58.689867 0.033541 tcp 10.0.2.109 65277 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:17:58.723666 0.165254 tcp 10.0.2.109 65278 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:17:58.889430 0.142800 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:17:59.030286 0.059630 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:17:59.129352 0.238174 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:17:59.334877 0.148480 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:17:59.474775 0.097507 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:17:59.539686 0.340631 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:17:59.960739 0.173126 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:00.122041 0.065780 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:00.172321 0.077284 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:00.232037 0.147957 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:00.370095 0.055536 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:00.437164 0.353288 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:00.799120 0.178823 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:00.954675 0.181409 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:01.128823 0.132549 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:01.253591 0.175954 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:01.426428 0.113263 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:01.507634 0.187819 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:01.688657 0.354284 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:02.039617 0.185424 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:02.228881 0.096038 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:02.294758 0.179585 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:02.471754 0.688206 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:02.939555 0.000000 udp 10.0.2.109 3683 -> 118.163.97.62 1829 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 02:18:21.419175 0.055958 tcp 10.0.2.109 65279 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:18:21.475450 0.033536 tcp 10.0.2.109 65280 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:18:21.509261 0.151702 tcp 10.0.2.109 65281 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:18:21.661528 0.195589 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:21.841696 0.441754 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:23.033526 0.221332 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:23.305653 0.052220 udp 10.0.2.109 3683 <-> 93.198.201.128 8279 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:23.374016 0.148864 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:23.484657 0.145997 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:23.626368 0.307299 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:23.982795 0.116234 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:24.056093 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 02:18:39.104524 0.052263 tcp 10.0.2.109 65282 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:18:39.157076 0.039884 tcp 10.0.2.109 65283 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:18:39.197279 0.133148 tcp 10.0.2.109 65284 -> 195.113.214.249 443 SRPA* 0 0 46 38664 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:18:39.331078 0.046152 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:39.374707 0.147523 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:39.480432 0.057933 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:39.578660 0.032843 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:39.624755 0.068975 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:39.680425 0.094858 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:39.773522 0.057372 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:39.847311 0.054997 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:39.903465 0.078698 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:18:39.962961 0.377102 udp 10.0.2.109 3683 <-> 183.23.152.108 1354 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:22:48.544603 3.002522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 02:22:55.552425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:23:03.553887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:23:19.556876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:23:51.562975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:29:55.569327 3.001728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 02:30:02.576440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:30:10.578338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:30:26.584862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:30:58.586839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:37:02.593613 3.001115 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 02:37:09.600411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:37:17.601925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:37:33.605072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:38:05.611260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:44:09.617638 3.001024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 02:44:16.624512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:44:24.625415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:44:40.628878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:45:12.635014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:46:12.741907 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 02:46:12.742117 0.549871 tcp 10.0.2.109 65285 -> 176.73.169.112 1959 FSPA* 0 0 15 1764 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:49:04.929116 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 02:49:04.929286 0.000000 udp 10.0.2.109 3683 -> 118.163.97.62 1829 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 02:49:22.676594 0.054631 tcp 10.0.2.109 65286 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:49:22.731436 0.056130 tcp 10.0.2.109 65287 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:49:22.787937 0.158624 tcp 10.0.2.109 65288 -> 195.113.214.249 443 SRPA* 0 0 34 25217 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:49:22.947122 0.344100 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1767 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:23.299366 0.341039 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:23.604120 0.342774 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:23.965598 0.253366 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:24.182795 0.067501 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:24.233136 0.141906 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:24.373041 0.177145 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:24.539883 0.097735 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:24.616746 0.162816 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 1999 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:24.771575 0.055952 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:24.837090 0.359820 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:25.210481 0.067967 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:25.262468 0.176703 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:25.428129 0.180139 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:25.585389 0.138167 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:25.719539 0.188759 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:25.900924 0.181294 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:26.075152 0.120449 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:26.162866 0.172553 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:26.336871 0.182665 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:26.515817 0.731105 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:27.006460 0.354305 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:27.356990 0.097165 rtp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:27.424166 0.179891 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:27.617136 0.203650 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:27.805975 0.000000 udp 10.0.2.109 3683 -> 115.126.250.37 9558 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 02:49:44.776971 0.055282 tcp 10.0.2.109 65289 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:49:44.832567 0.055957 tcp 10.0.2.109 65290 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:49:44.888817 0.146720 tcp 10.0.2.109 65291 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/22 02:49:45.036235 0.150716 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:45.196996 0.304673 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:45.502927 0.046764 udp 10.0.2.109 3683 <-> 93.198.201.128 8279 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:45.545915 0.220958 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:45.757161 0.151698 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:45.868879 0.114184 rtp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:45.942816 0.044756 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:45.993349 0.152418 rtp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:46.100886 0.055353 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:46.156144 0.032331 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:46.187107 0.070859 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:46.243829 0.102690 rtp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:46.345128 0.055193 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:46.409417 0.055094 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:46.465721 0.080852 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:49:46.526386 0.378972 udp 10.0.2.109 3683 <-> 183.23.152.108 1354 CON 0 0 5 1779 flow=From-Botnet-V1-UDP-Established 1970/02/22 02:53:36.643624 3.000281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 02:53:43.649839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:53:51.650738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:54:07.654344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 02:54:39.659707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:00:43.666970 3.000922 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 03:00:50.673552 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:00:58.674814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:01:14.678437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:01:46.684756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:07:50.691937 3.000124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 03:07:57.697962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:08:05.699217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:08:21.702089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:08:53.708480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:14:57.715033 3.000916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 03:15:04.721653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:15:12.727111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:15:28.725613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:16:00.732850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:16:13.301081 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 03:16:13.301300 0.530307 tcp 10.0.2.109 65292 -> 176.73.169.112 1959 FSPA* 0 0 15 1787 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:20:15.658892 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 03:20:15.659052 0.000000 udp 10.0.2.109 3683 -> 115.126.250.37 9558 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 03:20:31.042810 0.058921 tcp 10.0.2.109 65293 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:20:31.102096 0.065698 tcp 10.0.2.109 65294 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:20:31.168080 0.150104 tcp 10.0.2.109 65295 -> 195.113.214.249 443 SRPA* 0 0 23 13962 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:20:31.318745 0.348921 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:31.675554 0.342187 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1846 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:32.016379 0.360585 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:32.342459 0.057973 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:32.779879 0.141772 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:33.094825 0.155768 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:33.242655 0.074420 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:33.299610 0.159668 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:33.451586 0.055703 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:33.530721 0.242484 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:33.737034 0.176951 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:33.902754 0.064558 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:33.951816 0.367201 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:34.331945 0.133311 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:34.457133 0.189016 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:34.639197 0.180446 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:34.795433 0.176194 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:34.985149 0.179370 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:35.161695 0.187236 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:35.341325 0.195513 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:35.502893 0.101584 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:35.573826 0.183723 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:35.780244 0.203283 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:35.969016 0.354773 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:36.319940 0.697820 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:36.778243 0.000000 udp 10.0.2.109 3683 -> 93.198.201.128 8279 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 03:20:54.515081 0.087283 tcp 10.0.2.109 65296 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:20:54.602633 0.069164 tcp 10.0.2.109 65297 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:20:54.672083 0.164745 tcp 10.0.2.109 65298 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:20:54.837553 0.220084 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:55.047835 0.142221 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:55.149587 0.110538 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:55.218965 0.051179 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 1922 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:55.267332 0.150815 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:55.419457 0.306853 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:55.735813 0.137996 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:55.833797 0.054621 rtp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:55.902815 0.034335 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:55.961086 0.070422 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:56.016475 0.091775 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:56.106552 0.056241 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:56.178573 0.057423 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:56.250591 0.077469 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:20:56.352995 0.376479 udp 10.0.2.109 3683 <-> 183.23.152.108 1354 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:22:04.739507 2.999846 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 03:22:11.745970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:22:19.746540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:22:35.750269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:23:07.756184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:29:11.762032 3.001754 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 03:29:18.769475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:29:26.771689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:29:42.773935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:30:14.780118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:36:18.785682 3.002099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 03:36:25.793272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:36:33.794838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:36:49.798440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:37:21.804600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:43:25.810559 3.001343 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 03:43:32.817698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:43:40.819531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:43:56.822370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:44:28.828042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:46:13.839690 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 03:46:13.839818 0.489209 tcp 10.0.2.109 65299 -> 176.73.169.112 1959 FSPA* 0 0 14 1497 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:50:32.834539 3.000640 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 03:50:39.841673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:50:47.842835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:51:03.846006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:51:09.564479 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 03:51:09.564640 0.000000 udp 10.0.2.109 3683 -> 93.198.201.128 8279 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 03:51:27.582456 0.051167 tcp 10.0.2.109 65300 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:51:27.633966 0.051524 tcp 10.0.2.109 65301 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:51:27.685765 0.179665 tcp 10.0.2.109 65302 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:51:27.866059 0.359824 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:28.228583 0.061281 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:28.272626 0.348348 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 3 797 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:28.618208 0.306477 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2621 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:28.886271 0.092842 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:28.958723 0.141509 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:29.098582 0.053934 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:29.163986 0.247272 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:29.375779 0.175371 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:29.540323 0.071701 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:29.667856 0.159659 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:29.819508 0.163622 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:29.975395 0.197681 rtp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:30.165978 0.176979 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:30.320537 0.173479 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:30.510919 0.357644 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:30.870498 0.142989 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:31.003779 0.130567 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:31.097782 0.103704 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:31.170051 0.185610 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:31.356671 0.202249 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:31.543765 0.190966 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:31.727055 0.237068 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:31.961352 0.739500 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:32.461665 0.355718 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:32.827844 0.221644 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:33.040386 0.141137 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:33.143463 0.000000 udp 10.0.2.109 3683 -> 91.6.17.177 5333 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 03:51:35.856986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:51:51.945785 0.050802 tcp 10.0.2.109 65303 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:51:51.996873 0.049857 tcp 10.0.2.109 65304 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:51:52.047013 0.146297 tcp 10.0.2.109 65305 -> 195.113.214.249 443 SRPA* 0 0 22 12410 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:51:52.193830 0.052052 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:52.243642 0.145883 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:52.384941 0.317069 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:52.716069 0.141538 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:52.819145 0.056106 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:52.919044 0.034583 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:52.954882 0.054637 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:53.018623 0.056385 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:53.084516 0.097006 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:51:53.187525 0.000000 udp 10.0.2.109 3683 -> 183.23.152.108 1354 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 03:52:10.443501 0.049843 tcp 10.0.2.109 65306 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:52:10.493644 0.050743 tcp 10.0.2.109 65307 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:52:10.544765 0.155034 tcp 10.0.2.109 65308 -> 195.113.214.249 443 SRPA* 0 0 40 21978 flow=From-Botnet-V1-TCP-Established 1970/02/22 03:52:10.700489 0.087642 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:52:10.774299 0.093108 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2578 flow=From-Botnet-V1-UDP-Established 1970/02/22 03:57:39.857856 3.002000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 03:57:46.865039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:57:54.867058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:58:10.870019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 03:58:42.875353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:04:46.882778 3.000657 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 04:04:53.889602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:05:01.890857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:05:17.893776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:05:49.910062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:11:53.916133 3.001113 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 04:12:00.923300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:12:08.924728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:12:24.935128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:12:56.934208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:16:14.328327 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 04:16:14.328494 0.543741 tcp 10.0.2.109 65309 -> 176.73.169.112 1959 FSPA* 0 0 14 1627 flow=From-Botnet-V1-TCP-Established 1970/02/22 04:19:00.940931 3.000836 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 04:19:07.947670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:19:15.949223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:19:31.951749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:20:03.957665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:22:25.272036 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 04:22:25.272221 0.108211 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:25.343227 0.000000 udp 10.0.2.109 3683 -> 183.23.152.108 1354 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 04:22:41.817282 0.052145 tcp 10.0.2.109 65310 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 04:22:41.869856 0.050869 tcp 10.0.2.109 65311 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 04:22:41.921026 0.199051 tcp 10.0.2.109 65312 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/22 04:22:42.121511 0.061199 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:42.164829 0.359782 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:42.533629 0.349294 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1839 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:42.883946 0.141567 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:43.023404 0.055596 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:43.081487 0.242522 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:43.286501 0.169995 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:43.445275 0.087828 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:43.516957 0.277974 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:43.758671 0.175411 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:43.908898 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 04:22:59.340766 0.048882 tcp 10.0.2.109 65313 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 04:22:59.389939 0.052604 tcp 10.0.2.109 65314 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 04:22:59.442843 0.165151 tcp 10.0.2.109 65315 -> 195.113.214.249 443 SRPA* 0 0 40 22642 flow=From-Botnet-V1-TCP-Established 1970/02/22 04:22:59.608656 0.161217 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:59.761251 0.188596 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:59.942310 0.065924 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:22:59.992822 0.140006 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:00.125215 0.127254 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:00.216954 0.102257 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:00.289339 0.175000 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:00.479713 0.347692 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:00.828594 0.182472 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:01.020435 0.204272 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:01.209036 0.193442 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:01.394740 0.173291 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:01.564811 0.726275 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:02.070658 0.353317 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:02.419945 0.220069 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:02.629392 0.340840 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:02.932695 0.343977 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:03.276435 0.050086 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:03.335441 0.143568 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:03.488178 0.035150 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:03.547662 0.055008 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:03.604151 0.056720 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:03.682013 0.077325 rtp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:03.779808 0.141895 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:03.883198 0.056065 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:03.948772 0.081483 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:23:04.016150 0.093898 rtp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:26:07.964654 3.001162 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 04:26:14.971406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:26:22.974687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:26:38.975985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:27:10.982075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:33:14.987781 3.001617 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 04:33:21.995554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:33:29.996754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:33:45.999635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:34:18.005693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:40:22.011826 3.001585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 04:40:29.019251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:40:37.020774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:40:53.023712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:41:25.029731 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:46:14.876847 0.000209 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 04:46:14.877159 0.647455 tcp 10.0.2.109 65316 -> 176.73.169.112 1959 FSPA* 0 0 15 1759 flow=From-Botnet-V1-TCP-Established 1970/02/22 04:47:29.036089 3.001326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 04:47:36.043260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:47:44.044724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:48:00.047652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:48:32.053776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:53:19.697554 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 04:53:19.697652 0.161678 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:19.851350 0.115077 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:20.019847 0.060315 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:20.063391 0.367940 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:20.522523 0.235570 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:20.763519 0.055914 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2524 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:21.005564 0.141558 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:21.242816 0.176352 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:21.407978 0.079824 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:21.783406 0.198938 rtp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:21.947155 0.179233 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:22.242266 0.246237 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:22.453312 0.066119 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:22.503498 0.152638 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:23.049865 0.190776 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:23.232968 0.140429 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:23.513636 0.120689 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:23.602479 0.098188 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:23.704558 0.176743 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:23.876688 0.354994 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2588 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:24.332413 0.181566 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:24.506346 0.176236 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:24.778366 0.180796 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:24.936394 0.202750 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:25.123580 0.219602 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:25.803026 0.137946 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:25.906622 0.554974 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:26.994444 2.322692 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:29.556619 0.318567 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:29.975862 0.044865 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:30.019229 0.150366 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:30.351002 0.032196 rtp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:30.383508 0.058471 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:30.561299 0.055627 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:30.873793 0.079071 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:30.932638 0.185984 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:31.340700 0.056737 rtp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:31.502845 0.069888 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:53:31.558796 0.096205 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/02/22 04:55:25.442253 2.969704 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 04:55:32.361274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:55:40.268363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:55:56.072017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 04:56:28.078488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:02:32.087956 2.997756 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 05:02:39.091723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:02:47.093249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:03:03.095728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:03:35.103066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:09:39.109080 3.000493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 05:09:46.115474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:09:54.116960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:10:10.119847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:10:42.125980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:16:36.167471 0.000000 arp 10.0.2.109 who 10.0.2.2 INT 1 42 flow=Background-ARP 1970/02/22 05:16:55.280421 0.000000 arp 10.0.2.109 who 10.0.2.2 RSP 1 42 flow=Background-ARP 1970/02/22 05:16:55.280569 1.298299 tcp 10.0.2.109 65317 -> 176.73.169.112 1959 FSPA* 0 0 15 1754 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:17:24.925260 3.332826 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 05:17:32.203629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:17:40.088387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:18:04.633582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:18:36.148056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:25:09.038012 0.037599 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 05:25:09.075810 0.163485 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:09.256470 0.389928 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:09.655082 0.107382 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:09.724884 0.059826 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:09.769840 0.264090 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:10.030760 0.056380 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:10.095555 0.141729 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:10.235919 0.172655 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:10.397430 0.077921 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:10.461448 0.317789 rtp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:10.742919 0.181521 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:10.900187 0.247775 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:11.110180 0.072389 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:11.166397 0.157112 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:11.314265 0.191630 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:11.498741 0.103234 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:11.569264 0.176510 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:11.743428 0.145462 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:11.881186 0.120025 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:11.965919 0.345759 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:12.312850 0.197399 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:12.502702 0.206419 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2568 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:12.692023 0.176569 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:12.865220 0.184395 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:13.057298 0.219880 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:13.070709 2.953981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 05:25:13.268216 0.140906 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:13.371110 0.718307 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:13.871005 0.352871 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:14.220385 0.351656 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:14.573517 0.052561 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:14.618383 0.149027 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:14.762940 0.032288 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:14.925419 0.075511 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:14.984075 0.057136 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:15.059003 0.059869 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:15.143083 0.071616 udp 10.0.2.109 3683 <-> 81.129.191.83 1440 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:15.199224 0.160892 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:15.318844 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 05:25:19.978424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:25:27.863118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:25:30.695387 0.049800 tcp 10.0.2.109 65318 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:25:30.745438 0.051050 tcp 10.0.2.109 65319 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:25:30.796812 0.220197 tcp 10.0.2.109 65320 -> 195.113.214.249 443 SRPA* 0 0 41 22070 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:25:31.017705 0.113096 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:25:43.709306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:26:15.299277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:32:14.133004 2.964458 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 05:32:21.039124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:32:28.928875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:32:44.707308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:33:16.245459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:39:15.271944 2.952559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 05:39:22.176677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:39:30.064996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:39:45.838134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:40:17.389076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:46:20.364148 2.999520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 05:46:27.369540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:46:35.370901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:46:51.376896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:47:23.320193 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 05:47:23.320305 0.493610 tcp 10.0.2.109 65321 -> 176.73.169.112 1959 FSPA* 0 0 15 1782 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:47:23.380135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:55:37.631123 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 05:55:37.631243 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 05:55:56.139330 0.056803 tcp 10.0.2.109 65322 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:55:56.196410 0.051802 tcp 10.0.2.109 65323 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:55:56.248513 0.155191 tcp 10.0.2.109 65324 -> 195.113.214.249 443 SRPA* 0 0 24 14016 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:55:56.404268 0.114342 rtp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2564 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:56.473223 0.167056 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:56.628031 0.377927 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:57.028108 0.055606 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:57.085277 0.141653 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:57.225058 0.168767 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:57.383604 0.077005 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:57.444158 0.567246 udp 10.0.2.109 3683 <-> 151.42.215.172 2048 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:57.975112 0.060383 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:58.037104 0.254781 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1734 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:58.311081 0.071227 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:58.365325 0.157044 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:58.513305 0.190419 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:58.697677 0.102385 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:58.826189 0.172930 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:59.000424 0.252158 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:59.218089 0.178572 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:59.373612 0.353746 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:59.751644 0.192132 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:55:59.936412 0.202448 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:00.122969 0.127994 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:00.214574 0.159745 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:00.366626 0.220593 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:00.577400 0.132247 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:00.669492 0.172687 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:00.838291 0.185366 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:01.051853 0.044630 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:01.094225 0.591070 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:01.565972 0.353787 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:01.915983 0.354798 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:02.301751 0.032801 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:02.333163 0.080300 udp 10.0.2.109 3683 <-> 31.51.126.233 6148 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:02.470306 0.055319 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:02.535780 0.057959 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:02.614031 0.000000 udp 10.0.2.109 3683 -> 81.129.191.83 1440 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 05:56:21.574182 0.050567 tcp 10.0.2.109 65325 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:56:21.625034 0.051721 tcp 10.0.2.109 65326 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:56:21.677009 0.152978 tcp 10.0.2.109 65327 -> 195.113.214.249 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/02/22 05:56:21.830513 0.159082 rtp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:21.948101 0.153627 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:23.722381 0.096661 rtp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/22 05:56:30.420089 3.000735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 05:56:37.426605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:56:45.427856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:57:01.431155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 05:57:33.436894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:03:37.481197 3.003770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 06:03:44.490599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:03:52.492032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:04:08.495083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:04:40.501145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:10:44.507255 3.001540 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 06:10:51.514543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:10:59.520138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:11:15.520638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:11:47.525100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:17:23.818897 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 06:17:23.819055 0.510943 tcp 10.0.2.109 65328 -> 176.73.169.112 1959 FSPA* 0 0 14 1527 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:17:51.531639 3.001277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 06:17:58.538503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:18:06.539990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:18:22.542987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:18:54.554630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:24:58.555505 3.001095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 06:25:05.562403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:25:13.563918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:25:29.566993 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:26:01.574655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:26:30.655215 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 06:26:30.655332 0.000000 udp 10.0.2.109 3683 -> 81.129.191.83 1440 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 06:26:45.698568 0.051386 tcp 10.0.2.109 65329 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:26:45.750484 0.050812 tcp 10.0.2.109 65330 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:26:45.801594 0.149041 tcp 10.0.2.109 65331 -> 195.113.214.249 443 SRPA* 0 0 40 21276 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:26:45.951275 0.352598 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:46.489048 0.055789 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:46.560046 0.111288 rtp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:46.629346 0.166913 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:47.032770 0.142600 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:47.173239 0.170494 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:47.332736 0.074899 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:47.391116 0.226183 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 3 899 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:47.615680 0.068425 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:47.667888 0.062776 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:26:47.713971 0.000000 udp 10.0.2.109 3683 -> 151.42.215.172 2048 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 06:27:03.322365 0.049566 tcp 10.0.2.109 65332 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:27:03.372247 0.052184 tcp 10.0.2.109 65333 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:27:03.424676 0.215060 tcp 10.0.2.109 65334 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:27:03.640252 0.098755 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:03.709354 0.172964 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:03.883972 0.163122 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:04.032454 0.192225 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:04.217749 0.180489 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:04.373916 0.258169 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:04.596979 0.359604 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:04.955828 0.122164 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:05.045153 0.133350 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:05.170638 0.201973 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:05.358386 0.190902 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:05.542536 0.172073 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:05.710424 0.182157 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:05.868867 0.067012 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:05.933985 0.221519 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:06.145374 0.140340 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:06.247615 0.723050 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:06.730622 0.034662 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:06.776399 0.340069 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:07.127385 0.353646 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:07.477080 0.000000 udp 10.0.2.109 3683 -> 31.51.126.233 6148 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 06:27:24.214915 0.050279 tcp 10.0.2.109 65335 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:27:24.265522 0.052900 tcp 10.0.2.109 65336 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:27:24.318209 0.151522 tcp 10.0.2.109 65337 -> 195.113.214.249 443 SRPA* 0 0 34 19478 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:27:24.470526 0.055452 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:24.536784 0.056625 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:24.608910 0.336179 rtp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:24.905525 0.152224 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:27:25.055329 0.093011 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:32:05.580251 3.000550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 06:32:12.586553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:32:20.587786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:32:36.590646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:33:08.596920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:39:12.603090 3.001626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 06:39:19.610756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:39:27.611729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:39:43.615144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:40:15.620848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:46:19.627863 3.000768 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 06:46:26.637386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:46:34.635840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:46:50.638969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:47:22.645008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:47:24.337640 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 06:47:24.337796 0.541736 tcp 10.0.2.109 65338 -> 176.73.169.112 1959 FSPA* 0 0 15 1696 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:56:30.655820 3.001488 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 06:56:37.662969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:56:45.664893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:57:01.666942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:57:32.411874 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 06:57:32.412053 0.000000 udp 10.0.2.109 3683 -> 151.42.215.172 2048 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 06:57:33.673329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 06:57:50.489695 0.054605 tcp 10.0.2.109 65339 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:57:50.544720 0.055062 tcp 10.0.2.109 65340 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:57:50.600134 0.143057 tcp 10.0.2.109 65341 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:57:50.743834 0.000000 udp 10.0.2.109 3683 -> 31.51.126.233 6148 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 06:58:09.535664 0.054008 tcp 10.0.2.109 65342 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:58:09.589951 0.056394 tcp 10.0.2.109 65343 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:58:09.646673 0.142622 tcp 10.0.2.109 65344 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:58:09.789895 0.164054 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:09.945475 0.354162 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:10.300994 0.056687 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:10.367401 0.110228 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:10.438218 0.226190 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 4 1534 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:10.662621 0.067918 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:10.714985 0.064252 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:10.761635 0.177746 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:10.927811 0.136263 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:11.062122 0.102235 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:11.200872 0.156910 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:11.348083 0.099346 udp 10.0.2.109 3683 <-> 109.156.70.143 4764 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:11.419063 0.176443 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:11.590714 0.259109 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:11.812954 0.356290 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:12.180827 0.126460 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:12.275936 0.182693 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:12.432514 0.190604 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:12.615229 0.191527 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:12.798914 0.177226 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:12.972493 0.183830 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:13.169147 0.052782 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:13.218675 0.146012 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:13.359594 0.201835 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:13.545887 0.678950 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:14.006313 0.035155 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:14.097835 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 06:58:31.707526 0.052578 tcp 10.0.2.109 65345 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:58:31.760430 0.054871 tcp 10.0.2.109 65346 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:58:31.815608 0.152486 tcp 10.0.2.109 65347 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:58:31.968603 0.220674 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:32.148714 0.353236 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:32.498526 0.304122 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:32.805226 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 06:58:50.204328 0.052999 tcp 10.0.2.109 65348 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:58:50.257588 0.054760 tcp 10.0.2.109 65349 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:58:50.312662 0.148135 tcp 10.0.2.109 65350 -> 195.113.214.249 443 SRPA* 0 0 33 18134 flow=From-Botnet-V1-TCP-Established 1970/02/22 06:58:50.461547 0.146290 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:50.606557 0.058047 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:50.763806 0.055864 rtp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/22 06:58:50.886014 0.113859 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:03:37.679836 3.003216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 07:03:44.686934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:03:52.688500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:04:08.692812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:04:40.697225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:10:44.702876 3.002256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 07:10:51.710900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:10:59.712465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:11:15.715200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:11:47.721864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:17:24.889320 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 07:17:24.889482 0.475777 tcp 10.0.2.109 65351 -> 176.73.169.112 1959 FSPA* 0 0 14 1578 flow=From-Botnet-V1-TCP-Established 1970/02/22 07:17:51.727713 3.001370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 07:17:58.734534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:18:06.736510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:18:22.739038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:18:54.745446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:24:58.750618 3.002484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 07:25:05.758917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:25:13.760271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:25:29.763274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:26:01.769059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:29:02.809652 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 07:29:02.809828 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 07:29:19.645318 0.055555 tcp 10.0.2.109 65352 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 07:29:19.701129 0.055663 tcp 10.0.2.109 65353 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 07:29:19.757088 0.148909 tcp 10.0.2.109 65354 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/22 07:29:19.906680 0.146722 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:20.013036 0.160676 rtp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:20.165873 0.367057 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:20.551501 0.251591 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:20.801161 0.063575 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:20.848397 0.061111 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:20.892621 0.171719 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:21.052994 0.116002 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:21.128295 0.055741 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:21.185260 0.175407 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:21.380483 0.078549 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:21.439960 0.141984 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:21.580260 0.164253 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:21.734354 0.000000 udp 10.0.2.109 3683 -> 109.156.70.143 4764 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 07:29:38.842055 0.056345 tcp 10.0.2.109 65355 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 07:29:38.898686 0.059559 tcp 10.0.2.109 65356 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 07:29:38.958552 0.151309 tcp 10.0.2.109 65357 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/22 07:29:39.110601 0.120776 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:39.196535 0.236467 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:39.399435 0.348583 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:39.758215 0.192819 udp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:39.942690 0.179816 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:40.172943 0.191374 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:40.356376 0.139814 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:40.489056 0.201958 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:40.676180 0.190739 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:40.881231 0.175427 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:41.053095 0.054041 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:41.100040 0.679570 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 1949 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:41.558436 0.033019 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:41.590063 0.210637 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:41.764379 0.355692 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:42.114039 0.306582 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:42.429693 0.057000 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:42.494822 0.147210 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:42.637008 0.056022 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:29:42.767078 0.106783 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/22 07:32:05.777067 3.000497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 07:32:12.783541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:32:20.784466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:32:36.787171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:33:08.793420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:39:12.799673 3.001252 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 07:39:19.806889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:39:27.808197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:39:43.810984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:40:15.817158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:46:19.822458 3.005881 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 07:46:26.830770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:46:34.832130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:46:50.835365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:47:22.841291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:47:25.365062 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 07:47:25.365291 0.491422 tcp 10.0.2.109 65358 -> 176.73.169.112 1959 FSPA* 0 0 16 1723 flow=From-Botnet-V1-TCP-Established 1970/02/22 07:56:30.851135 3.002297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 07:56:37.859112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:56:45.864036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:57:01.863601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:57:33.869494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 07:59:47.221727 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 07:59:47.221905 0.000000 udp 10.0.2.109 3683 -> 109.156.70.143 4764 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 08:00:05.129705 0.060872 tcp 10.0.2.109 65359 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:00:05.190853 0.053857 tcp 10.0.2.109 65360 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:00:05.244964 0.153106 tcp 10.0.2.109 65361 -> 195.113.214.249 443 SRPA* 0 0 25 14828 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:00:05.398672 0.159235 rtp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2581 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:05.496100 0.225803 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:05.730354 0.070679 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:05.783836 0.060129 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:05.828722 0.171603 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:05.988037 0.170900 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:06.150842 0.368888 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:06.555029 0.175759 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:06.732358 0.076068 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:06.790309 0.142172 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:06.930468 0.000000 udp 10.0.2.109 3683 -> 173.179.165.71 5329 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 08:00:23.494233 0.054188 tcp 10.0.2.109 65362 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:00:23.548715 0.055531 tcp 10.0.2.109 65363 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:00:23.604680 0.149641 tcp 10.0.2.109 65364 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:00:23.755046 0.112030 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:23.824599 0.055652 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:23.889988 0.117318 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:23.974455 0.247846 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:24.191116 0.359363 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:24.575006 0.189080 rtp 10.0.2.109 3683 <-> 108.246.41.143 7929 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:24.756877 0.140815 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:24.889686 0.200996 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:25.074469 0.182033 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:25.330249 0.241154 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:25.567619 0.180205 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:25.810690 0.188610 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:25.992448 0.046785 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:26.037498 0.482699 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:26.481227 0.032051 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:26.583206 0.206676 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:26.793615 0.071381 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:26.866554 0.153281 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:27.041136 0.070429 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:27.122587 0.100978 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:27.221270 0.352353 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:00:27.569702 0.297611 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:03:37.875786 3.001360 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 08:03:44.882851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:03:52.884881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:04:08.887478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:04:40.893698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:10:44.899944 3.001534 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 08:10:51.907133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:10:59.908643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:11:15.911582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:11:47.917818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:17:25.863956 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 08:17:25.864048 0.492227 tcp 10.0.2.109 65365 -> 176.73.169.112 1959 FSPA* 0 0 14 1698 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:17:51.924048 3.001353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 08:17:58.931636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:18:06.933025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:18:22.935753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:18:54.941547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:24:58.948743 3.000457 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 08:25:05.955401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:25:13.956471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:25:29.959483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:26:01.965752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:30:35.439163 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 08:30:35.439286 0.154682 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:35.585951 0.076649 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:35.644842 0.058532 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:35.708497 0.175792 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:35.873882 0.163596 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:36.027466 0.162182 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2554 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:36.145487 0.224587 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:36.368304 0.079574 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:36.429751 0.141795 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:36.569515 0.172366 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:36.757076 0.376260 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:37.134842 0.116959 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:37.220596 0.252025 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:37.436646 0.356913 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:37.828752 0.106864 udp 10.0.2.109 3683 <-> 91.6.17.177 5333 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:37.898826 0.054419 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:37.970540 0.000000 udp 10.0.2.109 3683 -> 108.246.41.143 7929 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 08:30:56.861377 0.058282 tcp 10.0.2.109 65366 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:30:56.919963 0.055819 tcp 10.0.2.109 65367 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:30:56.976076 0.150527 tcp 10.0.2.109 65368 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:30:57.127204 0.136056 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:57.258915 0.205162 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:57.448826 0.182135 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:57.615210 0.176370 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2015 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:57.787457 0.056839 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:57.841324 0.589126 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:58.311039 0.034845 udp 10.0.2.109 3683 <-> 94.155.230.34 9189 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:30:58.344771 0.215336 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 3 1037 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:31:17.329768 0.058080 tcp 10.0.2.109 65369 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:31:17.388121 0.055496 tcp 10.0.2.109 65370 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:31:17.443908 0.158575 tcp 10.0.2.109 65371 -> 195.113.214.249 443 SRPA* 0 0 42 23546 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:31:17.603143 0.178289 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:31:17.757920 0.185934 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:31:17.936429 0.142299 rtp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:31:18.080086 0.150101 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:31:18.247135 0.144766 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:31:18.417698 0.348100 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:31:18.763511 0.348219 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:31:19.108440 0.306886 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 1960 flow=From-Botnet-V1-UDP-Established 1970/02/22 08:32:05.973710 2.999721 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 08:32:12.979184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:32:20.980804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:32:36.983648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:33:08.989490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:39:12.997811 2.999627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 08:39:20.003185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:39:28.004369 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:39:44.014066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:40:16.013791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:46:20.021028 3.003413 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 08:46:27.028976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:46:35.027965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:46:51.031442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:47:23.037715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:47:26.362745 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 08:47:26.362911 0.751397 tcp 10.0.2.109 65372 -> 176.73.169.112 1959 FSPA* 0 0 14 1669 flow=From-Botnet-V1-TCP-Established 1970/02/22 08:56:27.052468 3.001504 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 08:56:34.059548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:56:42.061322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:56:58.064494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 08:57:30.070317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:01:23.576285 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 09:01:23.576390 0.000000 udp 10.0.2.109 3683 -> 108.246.41.143 7929 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 09:01:39.581094 0.059783 tcp 10.0.2.109 65373 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:01:39.641165 0.055952 tcp 10.0.2.109 65374 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:01:39.697424 0.149691 tcp 10.0.2.109 65375 -> 195.113.214.249 443 SRPA* 0 0 33 18096 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:01:39.848371 0.213370 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:40.022910 0.171678 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:40.294676 0.168860 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:40.454219 0.058992 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:40.496694 0.071668 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:40.550193 0.160625 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:40.702332 0.141371 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:40.842407 0.172790 rtp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:41.016866 0.342765 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:41.358371 0.144973 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:41.462903 0.312765 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:41.757827 0.245072 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:41.969380 0.354888 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:01:42.325626 0.000000 udp 10.0.2.109 3683 -> 91.6.17.177 5333 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 09:02:00.599646 0.054066 tcp 10.0.2.109 65376 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:02:00.653575 0.059462 tcp 10.0.2.109 65377 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:02:00.713395 0.143713 tcp 10.0.2.109 65378 -> 195.113.214.249 443 SRPA* 0 0 33 18798 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:02:00.857890 0.123923 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:00.949821 0.337447 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:01.288570 0.056668 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:01.347450 0.171140 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:01.515170 0.051396 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:01.564774 0.139678 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:01.816668 0.198704 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:01.999521 0.178243 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:02.178507 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 09:02:20.128064 0.067404 tcp 10.0.2.109 65379 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:02:20.195845 0.057087 tcp 10.0.2.109 65380 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:02:20.253305 0.159503 tcp 10.0.2.109 65381 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:02:20.413379 0.872276 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:21.044882 0.187091 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:21.289448 0.148050 rtp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:21.457341 0.177970 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:21.613070 0.144378 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:21.779659 0.095499 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:21.874170 0.151548 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:22.034855 0.353747 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:02:22.384907 0.306525 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:03:34.075956 3.001841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 09:03:41.083522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:03:49.085174 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:04:05.088572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:04:37.094481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:10:41.099851 3.002056 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 09:10:48.107862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:10:56.108994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:11:12.112411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:11:44.117875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:17:27.112062 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 09:17:27.112234 0.752143 tcp 10.0.2.109 65382 -> 176.73.169.112 1959 FSPA* 0 0 15 1714 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:17:48.124381 3.001650 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 09:17:55.131589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:18:03.133063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:18:19.136028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:18:51.142109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:24:55.148709 3.001230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 09:25:02.155779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:25:10.157298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:25:26.160442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:25:58.166311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:32:02.171944 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 09:32:09.179631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:32:17.181548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:32:33.183988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:32:48.787045 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 09:32:48.787134 0.000000 udp 10.0.2.109 3683 -> 91.6.17.177 5333 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 09:33:05.190217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:33:05.902887 0.051221 tcp 10.0.2.109 65383 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:05.954423 0.050136 tcp 10.0.2.109 65384 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:06.004865 0.151858 tcp 10.0.2.109 65385 -> 195.113.214.249 443 SRPA* 0 0 24 14054 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:06.157509 0.000000 udp 10.0.2.109 3683 -> 94.155.230.34 9189 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 09:33:22.345293 0.049918 tcp 10.0.2.109 65386 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:22.395581 0.051218 tcp 10.0.2.109 65387 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:22.447097 0.147379 tcp 10.0.2.109 65388 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:22.595152 0.073623 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:22.649551 0.155435 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:22.795865 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 09:33:40.080820 0.050377 tcp 10.0.2.109 65389 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:40.131515 0.050188 tcp 10.0.2.109 65390 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:40.181997 0.142528 tcp 10.0.2.109 65391 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:40.325236 0.166459 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:40.481012 0.212117 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 4 1624 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:55.833709 0.052097 tcp 10.0.2.109 65392 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:55.886165 0.050659 tcp 10.0.2.109 65393 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:55.937078 0.152918 tcp 10.0.2.109 65394 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:33:56.090561 0.061051 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:56.134756 0.346357 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:56.481750 0.983073 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:57.421992 0.073857 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:57.479506 0.168770 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:57.649875 0.251914 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:57.866571 0.141566 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:58.006677 0.357209 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:58.375762 0.119421 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:58.566914 0.177398 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:58.741719 0.048930 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:58.788154 0.155491 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:58.923948 0.203259 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:59.110715 0.320290 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:59.432147 0.057143 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:59.503568 0.182604 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:33:59.661666 0.627480 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:34:00.190034 0.186074 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:34:00.368809 0.151020 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:34:00.521048 0.178695 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:34:00.676230 0.151318 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:34:00.840757 0.105284 rtp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:34:00.944632 0.150602 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:34:01.091764 0.347217 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:34:01.435077 0.310618 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/22 09:39:09.197437 3.000411 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 09:39:16.203353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:39:24.205124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:39:40.208402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:40:12.213910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:46:16.221020 3.007687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 09:46:23.229152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:46:31.228773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:46:47.231925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:47:19.237892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:47:27.870290 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 09:47:27.870487 0.816085 tcp 10.0.2.109 65395 -> 176.73.169.112 1959 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/02/22 09:56:26.247660 3.001187 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 09:56:33.254524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:56:41.256025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:56:57.259209 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 09:57:29.265186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:03:33.272681 3.000234 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 10:03:40.278539 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:03:48.280170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:04:04.283050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:04:29.849932 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 10:04:29.850209 0.211915 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:30.024366 0.000000 udp 10.0.2.109 3683 -> 74.56.71.57 7892 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 10:04:36.289120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:04:45.624194 0.050999 tcp 10.0.2.109 65396 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 10:04:45.675468 0.053274 tcp 10.0.2.109 65397 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 10:04:45.729135 0.151331 tcp 10.0.2.109 65398 -> 195.113.214.249 443 SRPA* 0 0 40 21978 flow=From-Botnet-V1-TCP-Established 1970/02/22 10:04:45.880814 0.070886 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:45.934545 0.164495 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:46.091273 0.171841 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:46.252416 0.060608 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:46.319249 0.346636 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:46.663335 0.174055 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:46.853750 0.251719 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:47.068721 0.141682 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:47.209034 0.255976 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:47.424841 0.091074 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 1900 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:47.500377 0.364693 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:47.864455 0.125282 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:47.955665 0.175356 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:48.126531 0.049835 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:48.174914 0.143030 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:48.313583 0.055990 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:48.371034 0.177972 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:48.562467 0.203455 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:48.750207 0.319324 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:49.071316 0.714720 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:49.546634 0.186811 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:49.727173 0.137948 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:49.873412 0.178801 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:50.028721 0.139743 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:50.169734 0.109615 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:50.298879 0.308976 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:50.620837 0.150489 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:04:50.772872 0.353997 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:10:40.295609 3.001200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 10:10:47.302719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:10:55.303786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:11:11.306972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:11:43.313272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:17:28.689804 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 10:17:28.689961 0.957280 tcp 10.0.2.109 65399 -> 176.73.169.112 1959 FSPA* 0 0 14 1557 flow=From-Botnet-V1-TCP-Established 1970/02/22 10:17:47.319212 3.001687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 10:17:54.326481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:18:02.327936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:18:18.331256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:18:50.336974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:24:54.343144 3.001366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 10:25:01.351266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:25:09.352396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:25:25.355093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:25:57.362860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:32:01.366882 3.001645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 10:32:08.374789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:32:16.376156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:32:32.379472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:33:04.384940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:35:08.844212 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 10:35:08.844373 0.213592 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:09.018326 0.163980 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:09.170653 0.060443 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:09.214533 0.346855 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:09.560098 0.181899 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:09.737500 0.256857 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:09.957338 0.072967 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:10.011742 0.163877 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:10.167123 0.136931 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:10.302577 0.465764 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:10.722601 0.088243 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:10.793507 0.364012 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:11.184962 0.155454 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:11.308479 0.177285 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:11.482901 0.045026 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:11.525029 0.138713 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:11.655197 0.054028 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:11.723988 0.349230 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:12.073461 0.712351 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:12.549763 0.192657 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:12.754230 0.177589 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:12.905641 0.201969 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:13.091662 0.130252 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:13.238836 0.181619 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:13.398344 0.135156 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:13.584127 0.107963 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:13.689721 0.308828 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:13.999720 0.157779 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:35:14.153172 0.346384 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/22 10:39:08.391315 3.001679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 10:39:15.398782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:39:23.399922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:39:39.402860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:40:11.409144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:46:15.415079 3.001270 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 10:46:22.422733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:46:30.423714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:46:46.427093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:47:18.432920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:47:29.649686 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 10:47:29.649847 0.788902 tcp 10.0.2.109 65400 -> 176.73.169.112 1959 FSPA* 0 0 15 1726 flow=From-Botnet-V1-TCP-Established 1970/02/22 10:56:26.444768 3.000376 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 10:56:33.450790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:56:41.452584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:56:57.455581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 10:57:29.461241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:03:33.467442 3.001650 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 11:03:40.476679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:03:48.476464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:04:04.479286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:04:36.486885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:05:26.127307 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 11:05:26.127441 0.211966 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:26.297827 0.171007 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:26.457909 0.060336 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:26.501046 0.342286 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:26.867653 0.178048 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2585 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:27.046767 0.247882 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:27.258865 0.072449 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:27.313175 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 11:05:43.824052 0.055913 tcp 10.0.2.109 65401 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:05:43.880239 0.055350 tcp 10.0.2.109 65402 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:05:43.935903 0.141953 tcp 10.0.2.109 65403 -> 195.113.214.249 443 SRPA* 0 0 35 24437 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:05:44.078679 0.119426 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:44.178932 0.155913 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:44.327599 0.141575 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:44.467385 0.346297 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:44.815428 0.113619 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:44.899590 0.175200 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:45.073088 0.051277 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:45.121516 0.138989 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:45.350920 0.055172 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:45.414683 0.321306 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:45.756024 0.187322 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2571 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:45.959107 0.685415 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:46.407086 0.192049 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:46.636819 0.201447 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:05:46.823480 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 11:06:02.319518 0.053478 tcp 10.0.2.109 65404 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:06:02.373289 0.054975 tcp 10.0.2.109 65405 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:06:02.428587 0.150804 tcp 10.0.2.109 65406 -> 195.113.214.249 443 SRPA* 0 0 33 19424 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:06:02.579871 0.179542 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:06:02.735165 0.094844 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:06:02.831705 0.000000 udp 10.0.2.109 3683 -> 84.111.178.118 9246 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 11:06:08.066738 0.004247 udp 10.0.2.109 3683 <- 84.111.178.118 9246 RSP 0 0 5 2045 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 11:06:08.088547 0.308058 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:06:08.411104 0.150802 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:06:08.589110 0.348372 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:10:40.491746 3.001224 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 11:10:47.498921 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:10:55.500191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:11:11.503457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:11:43.509279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:17:30.439106 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 11:17:30.439264 0.644727 tcp 10.0.2.109 65407 -> 176.73.169.112 1959 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:17:47.516471 3.000258 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 11:17:54.522782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:18:02.524384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:18:18.527036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:18:50.533352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:24:54.540312 3.000412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 11:25:01.546447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:25:09.550059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:25:25.551404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:25:57.558778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:32:01.563402 3.001432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 11:32:08.570505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:32:16.572462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:32:32.575496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:33:04.581070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:36:15.339192 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 11:36:15.339322 0.352649 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:15.652292 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 11:36:32.341444 0.061390 tcp 10.0.2.109 65408 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:36:32.403192 0.056241 tcp 10.0.2.109 65409 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:36:32.459718 0.204169 tcp 10.0.2.109 65410 -> 195.113.214.249 443 SRPA* 0 0 32 24313 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:36:32.664398 0.059970 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:32.708253 0.169594 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:32.866135 0.213447 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:33.040866 0.065736 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:33.090412 0.175727 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:33.277844 0.225255 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:33.510383 0.238624 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:33.714841 0.142014 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2646 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:33.855870 0.349037 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:34.213783 0.164812 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:34.369537 0.078047 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:34.430954 0.060643 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:34.482463 0.146404 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:34.620239 0.055243 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:34.677018 0.176050 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:34.849632 0.119178 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:34.935986 0.313996 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:35.258374 0.185209 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:35.464333 0.799976 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:36.024418 0.192948 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:36.210010 0.201845 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:36.396935 0.174791 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 1954 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:36.551452 0.083262 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:36.648887 0.093132 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:36.742733 0.299098 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:37.064943 0.152187 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:36:37.216139 0.354184 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/22 11:39:08.588109 3.000621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 11:39:15.593987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:39:23.596455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:39:39.599120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:40:11.605096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:46:15.610450 3.002429 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 11:46:22.618433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:46:30.619819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:46:46.623338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:47:18.629100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:47:31.087311 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 11:47:31.087454 0.571157 tcp 10.0.2.109 65411 -> 176.73.169.112 1959 FSPA* 0 0 15 1669 flow=From-Botnet-V1-TCP-Established 1970/02/22 11:56:27.641178 3.001681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 11:56:34.648572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:56:42.650131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:56:58.653176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 11:57:30.658606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:03:34.665409 3.001411 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 12:03:41.672506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:03:49.674096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:04:05.677074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:04:37.683081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:07:00.158445 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 12:07:00.158551 0.280367 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2576 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:00.394583 0.059279 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:00.464032 0.172877 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:00.626812 0.223643 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:00.811530 0.070691 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:00.873275 0.244472 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:01.084214 0.142182 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:01.224682 0.173191 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:01.407430 0.226217 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2557 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:01.643539 0.343513 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:02.013718 0.162149 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:02.166314 0.081249 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:02.228146 0.053379 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:02.272953 0.136919 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:02.405976 0.054408 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:02.473259 0.282455 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:02.751820 0.121846 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:02.954637 0.609975 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:03.397076 0.327946 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2566 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:03.953997 0.177038 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:04.108618 0.191907 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:04.291648 0.202041 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:04.480001 0.179788 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:04.636355 0.055535 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:04.699810 0.094456 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:04.798661 0.306707 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:05.114037 0.152184 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:07:05.267354 0.352671 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:10:41.689159 3.001797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 12:10:48.696578 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:10:56.698086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:11:12.700317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:11:44.706660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:17:31.667948 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 12:17:31.668053 0.473367 tcp 10.0.2.109 65412 -> 176.73.169.112 1959 FSPA* 0 0 14 1635 flow=From-Botnet-V1-TCP-Established 1970/02/22 12:17:48.713246 3.001434 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 12:17:55.721028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:18:03.721927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:18:19.725271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:18:51.730411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:24:55.737214 3.001405 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 12:25:02.744444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:25:10.745568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:25:26.748810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:25:58.755165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:32:02.760189 3.006546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 12:32:09.767785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:32:17.769986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:32:33.773422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:33:05.779561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:37:20.875946 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 12:37:20.876155 0.247536 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:21.085910 0.064526 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:21.151590 0.071091 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:21.206458 0.240910 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 1976 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:21.412839 0.141436 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:21.552647 0.174383 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:21.728700 0.173456 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:21.891354 0.199805 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:22.052359 0.225291 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:22.282926 0.357562 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:22.644621 0.158394 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:22.791466 0.279583 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:23.053850 0.160526 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:23.211260 0.141464 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:23.348950 0.055678 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:23.406518 0.170121 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:23.573459 0.312403 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:23.884689 0.117763 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:23.969021 0.691916 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:24.446971 0.184396 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:24.620574 0.187236 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:24.797459 0.200506 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:24.982518 0.178902 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:25.138514 0.056281 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:25.203385 0.090882 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:25.295620 0.354001 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:25.645788 0.344334 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:37:25.991166 0.155168 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/22 12:39:09.785905 3.000800 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 12:39:16.792941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:39:24.793792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:39:40.796822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:40:12.802920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:46:16.809537 3.003095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 12:46:23.816424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:46:31.817146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:46:47.824106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:47:19.826970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:47:32.144715 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 12:47:32.144863 0.472381 tcp 10.0.2.109 65413 -> 176.73.169.112 1959 FSPA* 0 0 14 1511 flow=From-Botnet-V1-TCP-Established 1970/02/22 12:56:28.839383 3.001157 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 12:56:35.846484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:56:43.847669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:56:59.850918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 12:57:31.856823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:03:35.863213 3.000999 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 13:03:42.870448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:03:50.876415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:04:06.874597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:04:38.880799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:07:35.344801 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 13:07:35.344981 0.170616 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:35.476111 0.059371 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:35.545219 0.086661 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:35.613865 0.235572 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:35.815451 0.141589 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:35.955919 0.175789 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:36.126983 0.171427 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:36.287422 0.370151 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:36.665716 0.153560 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:36.811078 0.180659 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:36.950568 0.225256 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:37.175078 0.082516 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:37.237362 0.052433 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:37.286461 0.288397 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:37.512689 0.054937 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:37.571116 0.178418 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:37.744899 0.318051 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:38.061951 0.116090 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:38.146351 0.185131 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:38.323727 0.203963 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:38.512664 0.843067 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:39.124539 0.184937 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:39.337981 0.178649 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:39.493122 0.056299 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 1960 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:39.550613 0.092577 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:39.646889 0.355440 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:39.996838 0.306527 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:07:40.304580 0.151101 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:10:42.886197 3.001663 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 13:10:49.897462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:10:57.895659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:11:13.898660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:11:45.904865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:17:32.623925 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 13:17:32.624083 0.484831 tcp 10.0.2.109 65414 -> 176.73.169.112 1959 FSPA* 0 0 15 1644 flow=From-Botnet-V1-TCP-Established 1970/02/22 13:17:49.911931 3.000645 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 13:17:56.918703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:18:04.919162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:18:20.922762 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:18:52.928306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:24:56.935386 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 13:25:03.942474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:25:11.943482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:25:27.946405 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:25:59.953324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:32:03.958671 3.001821 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 13:32:10.966065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:32:18.967682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:32:34.970816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:33:06.976935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:37:53.138290 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 13:37:53.138537 0.074324 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:37:53.195690 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 13:38:11.587017 0.057459 tcp 10.0.2.109 65415 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 13:38:11.644772 0.056234 tcp 10.0.2.109 65416 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 13:38:11.701368 0.131631 tcp 10.0.2.109 65417 -> 195.113.214.249 443 SRPA* 0 0 35 24475 flow=From-Botnet-V1-TCP-Established 1970/02/22 13:38:11.833511 0.065512 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:11.881074 0.243232 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:12.087462 0.136523 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:12.222351 0.173805 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:12.405368 0.175538 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:12.570681 0.363188 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:12.931948 0.162028 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:13.086631 0.140155 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:13.190367 0.225875 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2602 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:13.422903 0.077215 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:13.480591 0.043753 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:13.522926 0.138908 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:13.656455 0.056365 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:13.715414 0.177639 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:13.890035 0.312323 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:14.201151 0.116082 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:14.286289 0.196770 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:14.475668 0.202599 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:14.663301 0.178185 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:14.818633 0.055327 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:14.882327 0.095811 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:14.974870 0.352826 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:15.385230 0.742917 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:15.885691 0.181215 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:16.044141 0.307496 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:16.352758 0.734559 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/22 13:38:18.921409 0.040618 udp 10.0.2.109 3683 <- 79.236.156.198 8699 RSP 0 0 5 2145 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 13:39:10.983155 3.001321 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 13:39:17.989953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:39:25.991527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:39:41.994854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:40:14.000794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:46:18.006950 3.001147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 13:46:25.014273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:46:33.015509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:46:49.018755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:47:21.024555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:47:33.112164 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 13:47:33.112331 0.453172 tcp 10.0.2.109 65418 -> 176.73.169.112 1959 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/02/22 13:56:30.037487 3.001075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 13:56:37.044028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:56:45.045803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:57:01.048071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 13:57:33.054729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:03:37.060131 3.002171 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 14:03:44.067795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:03:52.076397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:04:08.072885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:04:40.078295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:08:37.129364 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 14:08:37.129519 0.125277 rtp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:37.213187 0.071000 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:37.327633 0.062570 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:37.373259 0.175294 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:37.552678 0.177618 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:37.719016 0.363381 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:38.099081 0.240648 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:38.306139 0.141720 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:38.460160 0.154684 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:38.605625 0.148056 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:38.716948 0.225479 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:38.941975 0.080987 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:39.003524 0.049096 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:39.051164 0.145522 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:39.189437 0.054573 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:39.257596 0.179538 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:39.434923 0.313619 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:39.747504 0.115912 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:39.829268 0.194044 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:40.013922 0.204427 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:40.203182 0.178837 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:40.357700 0.069627 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:40.428505 0.095111 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:40.522254 0.182292 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:40.725819 0.347409 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:41.108023 0.723084 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:41.591659 0.304802 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:08:41.897578 0.152424 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:10:44.084207 3.002067 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 14:10:51.092306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:10:59.093410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:11:15.096636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:11:47.102621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:17:33.571022 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 14:17:33.571249 0.436233 tcp 10.0.2.109 65419 -> 176.73.169.112 1959 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/02/22 14:17:51.108447 3.001588 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 14:17:58.119392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:18:06.117477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:18:22.120752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:18:54.126652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:24:58.132695 3.001630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 14:25:05.139983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:25:13.141553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:25:29.144661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:26:01.150213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:32:05.158120 2.999899 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 14:32:12.163797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:32:20.165307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:32:36.168611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:33:08.175591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:39:01.012014 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 14:39:01.012201 0.137475 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:01.106271 0.173860 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:01.431334 0.168877 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:01.589535 0.283604 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:01.873485 0.071997 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:01.926598 0.062810 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:02.043945 0.240335 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:02.248679 0.141471 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:02.398040 0.170273 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:02.555497 0.154350 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:02.672230 0.561686 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1731 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:03.233168 0.083379 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:03.297064 0.051789 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:03.369909 0.142740 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:03.504864 0.056217 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:03.575694 0.172227 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:03.744714 0.312257 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:04.074664 0.120711 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:04.160604 0.186761 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:04.340041 0.199386 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:04.522725 0.180178 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:04.678460 0.078652 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:04.770688 0.096415 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:04.870785 0.178160 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:05.024441 0.352848 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:05.373825 0.493056 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:05.826926 0.309473 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:06.148815 0.142782 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/22 14:39:12.180385 3.001770 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 14:39:19.187908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:39:27.189239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:39:43.192246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:40:15.198341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:46:19.204290 3.001642 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 14:46:26.211764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:46:34.213360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:46:50.216240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:47:22.222342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:47:34.009764 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 14:47:34.009937 0.438620 tcp 10.0.2.109 65420 -> 176.73.169.112 1959 FSPA* 0 0 14 1748 flow=From-Botnet-V1-TCP-Established 1970/02/22 14:56:32.235374 3.001915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 14:56:39.243194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:56:47.244894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:57:03.247574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 14:57:35.253460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:03:39.262667 2.998660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 15:03:46.267122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:03:54.268775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:04:10.281580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:04:42.288175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:09:12.176096 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 15:09:12.176194 0.131487 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2589 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:12.265193 0.173773 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:12.440150 0.170674 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:12.599646 0.365855 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:12.964694 0.069105 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:13.014539 0.059267 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:13.058287 0.158241 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:13.208988 0.148590 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:13.316493 0.244312 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:13.524845 0.141345 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:13.664799 0.578071 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 3 1154 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:32.086151 0.053844 tcp 10.0.2.109 65421 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:09:32.140303 0.053984 tcp 10.0.2.109 65422 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:09:32.194598 0.146634 tcp 10.0.2.109 65423 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:09:32.341797 0.080703 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:32.405417 0.102102 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:32.646355 0.142134 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:32.801769 0.056569 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:32.899776 0.178073 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:33.074718 0.320283 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:33.403122 0.128915 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:33.496773 0.185797 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:33.675161 0.203525 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:33.863624 0.176759 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:34.019127 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 15:09:50.932358 0.053080 tcp 10.0.2.109 65424 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:09:50.985725 0.053620 tcp 10.0.2.109 65425 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:09:51.039621 0.143699 tcp 10.0.2.109 65426 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:09:51.183867 0.095782 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:51.292178 0.180811 rtp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:51.455998 0.352919 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:51.805466 0.682996 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:52.268156 0.309178 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:09:52.578886 0.151680 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:10:46.294918 3.000374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 15:10:53.302796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:11:01.302549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:11:17.305826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:11:49.311620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:17:34.448482 0.038502 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 15:17:34.487138 2.970261 tcp 10.0.2.109 65427 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:17:43.450741 0.000000 tcp 10.0.2.109 65427 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:17:49.461452 0.054046 tcp 10.0.2.109 65428 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:17:49.515849 0.067626 tcp 10.0.2.109 65429 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:17:49.583817 0.152092 tcp 10.0.2.109 65430 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:17:49.939868 2.996822 tcp 10.0.2.109 65431 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:17:53.318757 3.000432 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 15:17:58.933138 0.000000 tcp 10.0.2.109 65431 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:18:00.325321 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:18:08.327031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:18:24.329513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:18:56.335460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:23:04.933757 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 15:23:04.933967 3.003460 tcp 10.0.2.109 65432 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:23:13.936053 0.000000 tcp 10.0.2.109 65432 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:23:19.940144 0.053222 tcp 10.0.2.109 65433 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:23:19.993665 0.055015 tcp 10.0.2.109 65434 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:23:20.048972 0.160816 tcp 10.0.2.109 65435 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:23:20.269078 3.001397 tcp 10.0.2.109 65436 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:23:29.267785 0.000000 tcp 10.0.2.109 65436 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:25:00.342375 3.000945 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 15:25:07.349114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:25:15.350410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:25:31.353664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:26:03.359544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:28:35.268417 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 15:28:35.268508 2.993890 tcp 10.0.2.109 65437 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:28:44.270867 0.000000 tcp 10.0.2.109 65437 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:28:50.271478 0.053510 tcp 10.0.2.109 65438 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:28:50.325350 0.055079 tcp 10.0.2.109 65439 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:28:50.380761 0.147267 tcp 10.0.2.109 65440 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:28:50.574879 2.999349 tcp 10.0.2.109 65441 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:28:59.572762 0.000000 tcp 10.0.2.109 65441 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:32:07.365849 3.001281 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 15:32:14.373157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:32:22.374903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:32:38.377988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:33:10.389075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:34:05.573332 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 15:34:05.573472 3.003558 tcp 10.0.2.109 65442 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:34:14.575552 0.000000 tcp 10.0.2.109 65442 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:34:20.580771 0.054790 tcp 10.0.2.109 65443 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:34:20.635884 0.054961 tcp 10.0.2.109 65444 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:34:20.691088 0.142955 tcp 10.0.2.109 65445 -> 195.113.214.249 443 SRPA* 0 0 47 26046 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:34:20.896053 3.003348 tcp 10.0.2.109 65446 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:34:29.897915 0.000000 tcp 10.0.2.109 65446 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:39:14.391342 2.999824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 15:39:21.396889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:39:29.398540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:39:45.401713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:40:15.694653 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 15:40:15.694807 0.582965 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:16.294804 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 15:40:17.407646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:40:20.893222 3.003609 tcp 10.0.2.109 65447 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:40:29.895294 0.000000 tcp 10.0.2.109 65447 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:40:32.760712 0.055327 tcp 10.0.2.109 65448 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:40:32.816367 0.054951 tcp 10.0.2.109 65449 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:40:32.871623 0.169664 tcp 10.0.2.109 65450 -> 195.113.214.249 443 SRPA* 0 0 35 19406 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:40:33.040631 0.718015 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:33.718990 0.423368 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2586 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:34.150545 0.067296 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:34.393439 0.060304 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:34.437256 0.176238 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:34.664443 0.197061 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:34.850757 0.151050 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:35.078712 0.147528 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:35.217833 0.244908 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:35.427718 0.139274 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:35.529427 0.139297 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:35.688932 0.055191 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:35.750690 0.175344 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:35.895852 0.051582 tcp 10.0.2.109 65451 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:40:35.922358 0.066913 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:35.947758 0.055095 tcp 10.0.2.109 65452 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:40:35.984210 0.077745 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:36.003153 0.149996 tcp 10.0.2.109 65453 -> 195.113.214.249 443 SRPA* 0 0 21 10972 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:40:36.043237 0.205231 udp 10.0.2.109 3683 <-> 108.252.199.115 2393 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:36.191089 2.997569 tcp 10.0.2.109 65454 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:40:36.232855 0.172232 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:36.379365 0.319115 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:36.697382 0.128702 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:36.830111 0.192023 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:37.013176 0.092566 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:37.219333 0.177291 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:37.520030 0.353499 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:37.869651 0.154977 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:38.081259 0.722155 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:38.563321 0.305961 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/22 15:40:45.187493 0.000000 tcp 10.0.2.109 65454 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:45:51.188134 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 15:45:51.188241 3.003244 tcp 10.0.2.109 65455 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:46:00.201067 0.000000 tcp 10.0.2.109 65455 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:46:06.190530 0.054453 tcp 10.0.2.109 65456 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:46:06.245295 0.054904 tcp 10.0.2.109 65457 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:46:06.300525 0.148494 tcp 10.0.2.109 65458 -> 195.113.214.249 443 SRPA* 0 0 28 12096 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:46:06.472624 3.001201 tcp 10.0.2.109 65459 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:46:15.472513 0.000000 tcp 10.0.2.109 65459 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:46:21.414356 3.000761 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 15:46:28.420962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:46:36.422586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:46:52.425628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:47:24.431442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:51:21.473130 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 15:51:21.473270 3.007950 tcp 10.0.2.109 65460 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:51:30.475299 0.000000 tcp 10.0.2.109 65460 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:51:36.475615 0.053175 tcp 10.0.2.109 65461 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:51:36.529067 0.054376 tcp 10.0.2.109 65462 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:51:36.583723 0.144669 tcp 10.0.2.109 65463 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:51:36.968212 3.000584 tcp 10.0.2.109 65464 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:51:45.967612 0.000000 tcp 10.0.2.109 65464 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:56:28.445911 3.002043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 15:56:35.474495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:56:43.455093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:56:51.967994 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 15:56:51.968094 2.993606 tcp 10.0.2.109 65465 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:56:59.458381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 15:57:00.970374 0.000000 tcp 10.0.2.109 65465 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:57:06.970747 0.054793 tcp 10.0.2.109 65466 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:57:07.025854 0.055088 tcp 10.0.2.109 65467 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:57:07.081269 0.148779 tcp 10.0.2.109 65468 -> 195.113.214.249 443 SRPA* 0 0 23 11498 flow=From-Botnet-V1-TCP-Established 1970/02/22 15:57:07.346945 2.996966 tcp 10.0.2.109 65469 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:57:16.342603 0.000000 tcp 10.0.2.109 65469 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 15:57:31.464402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:02:22.342965 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:02:22.343069 3.003684 tcp 10.0.2.109 65470 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:02:31.345680 0.000000 tcp 10.0.2.109 65470 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:02:37.345753 0.054962 tcp 10.0.2.109 65471 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:02:37.401098 0.056071 tcp 10.0.2.109 65472 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:02:37.457530 0.140703 tcp 10.0.2.109 65473 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:02:37.624961 3.004830 tcp 10.0.2.109 65474 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:02:46.631260 0.000000 tcp 10.0.2.109 65474 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:03:35.470364 3.001655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 16:03:42.477716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:03:50.479416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:04:06.482001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:04:38.487712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:10:42.494810 3.000808 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 16:10:45.295955 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:10:45.296046 0.223969 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:46.009692 0.130351 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:46.230404 0.060727 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:46.835136 0.178297 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:47.008464 0.172275 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:47.253539 0.362795 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:48.163255 0.067544 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:48.228564 0.150514 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:48.380302 0.142772 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2596 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:48.513550 0.257491 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:48.734609 0.150855 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:49.194583 0.271909 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2602 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:49.372715 0.056638 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:49.502054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:10:49.660776 0.237064 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:49.941942 0.051406 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:50.038714 0.076158 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:50.315691 0.319707 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:50.634313 0.121390 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2553 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:50.718845 0.181469 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:10:50.892896 0.000000 udp 10.0.2.109 3683 -> 108.252.199.115 2393 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 16:10:52.646660 3.003645 tcp 10.0.2.109 65475 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:10:57.504527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:11:01.648380 0.000000 tcp 10.0.2.109 65475 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:11:07.649217 0.053338 tcp 10.0.2.109 65476 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:11:07.702830 0.053490 tcp 10.0.2.109 65477 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:11:07.756601 0.145048 tcp 10.0.2.109 65478 -> 195.113.214.249 443 SRPA* 0 0 38 32786 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:11:08.219019 0.052039 tcp 10.0.2.109 65479 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:11:08.271377 0.053908 tcp 10.0.2.109 65480 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:11:08.325624 0.142562 tcp 10.0.2.109 65481 -> 195.113.214.249 443 SRPA* 0 0 40 20758 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:11:08.375810 2.987024 tcp 10.0.2.109 65482 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:11:08.468438 0.178219 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:11:08.623821 0.098638 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:11:09.071390 0.173854 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:11:09.441727 0.353090 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:11:09.873557 0.152190 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:11:10.385438 0.709090 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:11:10.855182 0.307337 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:11:13.506038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:11:17.371508 0.000000 tcp 10.0.2.109 65482 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:11:45.512169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:16:23.372404 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:16:23.372564 3.003211 tcp 10.0.2.109 65483 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:16:32.375715 0.000000 tcp 10.0.2.109 65483 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:16:38.375947 0.053818 tcp 10.0.2.109 65484 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:16:38.430066 0.054588 tcp 10.0.2.109 65485 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:16:38.484959 0.144745 tcp 10.0.2.109 65486 -> 195.113.214.249 443 SRPA* 0 0 37 32106 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:16:38.864714 3.003113 tcp 10.0.2.109 65487 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:16:47.866904 0.000000 tcp 10.0.2.109 65487 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:17:49.518482 3.000825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 16:17:56.525495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:18:04.526878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:18:20.529745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:18:52.536193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:21:53.867261 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:21:53.867377 3.003572 tcp 10.0.2.109 65488 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:22:02.869266 0.000000 tcp 10.0.2.109 65488 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:22:08.870577 0.052816 tcp 10.0.2.109 65489 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:22:08.923681 0.054791 tcp 10.0.2.109 65490 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:22:08.978730 0.144682 tcp 10.0.2.109 65491 -> 195.113.214.249 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:22:09.273672 2.999767 tcp 10.0.2.109 65492 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:22:18.271877 0.000000 tcp 10.0.2.109 65492 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:24:56.542655 3.001043 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 16:25:03.550661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:25:11.551022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:25:27.554008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:25:59.559723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:27:24.272360 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:27:24.272540 3.003474 tcp 10.0.2.109 65493 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:27:33.274815 0.000000 tcp 10.0.2.109 65493 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:27:39.275111 0.053156 tcp 10.0.2.109 65494 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:27:39.328584 0.057728 tcp 10.0.2.109 65495 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:27:39.386573 0.144016 tcp 10.0.2.109 65496 -> 195.113.214.249 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:27:39.950831 2.998170 tcp 10.0.2.109 65497 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:27:48.947339 0.000000 tcp 10.0.2.109 65497 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:32:03.566176 3.001433 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 16:32:10.579587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:32:18.575162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:32:34.577785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:32:54.948171 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:32:54.948280 2.993207 tcp 10.0.2.109 65498 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:33:03.949642 0.000000 tcp 10.0.2.109 65498 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:33:06.583931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:33:09.950345 0.053110 tcp 10.0.2.109 65499 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:33:10.003772 0.056460 tcp 10.0.2.109 65500 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:33:10.060573 0.143027 tcp 10.0.2.109 65501 -> 195.113.214.249 443 SRPA* 0 0 41 22102 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:33:10.303718 3.000025 tcp 10.0.2.109 65502 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:33:19.302276 0.000000 tcp 10.0.2.109 65502 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:39:10.590649 3.001173 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 16:39:17.597551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:39:25.599115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:39:41.602004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:40:13.608206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:41:14.786385 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:41:14.786503 0.000000 udp 10.0.2.109 3683 -> 108.252.199.115 2393 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 16:41:31.644396 0.053085 tcp 10.0.2.109 65503 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:41:31.697795 0.054339 tcp 10.0.2.109 65504 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:41:31.752486 0.146015 tcp 10.0.2.109 65505 -> 195.113.214.249 443 SRPA* 0 0 47 41576 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:41:31.899310 0.224022 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:32.134489 0.378353 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:32.473155 0.173055 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:32.910898 0.062463 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:32.957526 0.351483 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:33.680211 0.171521 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:33.840256 0.065284 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:33.949961 0.244913 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:34.157012 0.142294 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:34.291649 0.150000 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:34.440366 0.152515 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:34.553066 0.171946 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 1981 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:34.779606 0.051233 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:34.825763 0.191616 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:35.004496 0.055977 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:35.184184 0.185324 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:35.362751 0.080078 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:35.425967 0.348400 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:35.863082 0.121323 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:35.952719 0.175964 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:36.105745 0.094245 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:36.213961 0.183739 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:36.497444 0.353249 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:36.846773 0.152142 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 1969 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:36.994608 0.698311 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:37.473074 0.306953 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/22 16:41:40.323020 3.004131 tcp 10.0.2.109 65506 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:41:49.325649 0.000000 tcp 10.0.2.109 65506 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:41:55.324797 0.052552 tcp 10.0.2.109 65507 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:41:55.377670 0.058674 tcp 10.0.2.109 65508 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:41:55.436611 0.147151 tcp 10.0.2.109 65509 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:41:55.699459 2.999656 tcp 10.0.2.109 65510 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:42:04.697644 0.000000 tcp 10.0.2.109 65510 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:46:17.619559 2.996817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 16:46:24.621491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:46:32.622860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:46:48.625987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:47:10.698513 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:47:10.698702 2.993284 tcp 10.0.2.109 65511 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:47:19.700615 0.000000 tcp 10.0.2.109 65511 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:47:20.632013 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:47:25.700822 0.054380 tcp 10.0.2.109 65512 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:47:25.755480 0.054047 tcp 10.0.2.109 65513 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:47:25.809827 0.146606 tcp 10.0.2.109 65514 -> 195.113.214.249 443 SRPA* 0 0 21 10764 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:47:26.072326 3.001502 tcp 10.0.2.109 65515 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:47:35.072730 0.000000 tcp 10.0.2.109 65515 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:52:41.073522 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:52:41.073731 3.003359 tcp 10.0.2.109 65516 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:52:50.075802 0.000000 tcp 10.0.2.109 65516 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:52:56.076778 0.052629 tcp 10.0.2.109 65517 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:52:56.129677 0.055615 tcp 10.0.2.109 65518 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:52:56.185683 0.146467 tcp 10.0.2.109 65519 -> 195.113.214.249 443 SRPA* 0 0 25 13938 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:52:56.343185 3.005722 tcp 10.0.2.109 65520 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:53:05.347693 0.000000 tcp 10.0.2.109 65520 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:56:27.641359 3.001481 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 16:56:34.648502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:56:42.649829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:56:58.653266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:57:30.659039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 16:58:11.338050 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 16:58:11.338234 2.993675 tcp 10.0.2.109 65521 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:58:20.340085 0.000000 tcp 10.0.2.109 65521 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:58:26.340821 0.053056 tcp 10.0.2.109 65522 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:58:26.394242 0.054505 tcp 10.0.2.109 65523 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:58:26.449084 0.139099 tcp 10.0.2.109 65524 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/22 16:58:26.607521 2.996158 tcp 10.0.2.109 65525 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 16:58:35.602625 0.000000 tcp 10.0.2.109 65525 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:03:34.666847 2.999856 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 17:03:41.672555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:03:49.674060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:04:05.676348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:04:37.683068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:10:41.688791 3.001995 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 17:10:48.696666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:10:56.697743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:11:12.701055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:11:42.063456 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 17:11:42.063573 0.176383 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:42.251765 0.059203 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:42.335316 0.225439 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:42.557840 0.123115 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:42.644343 0.070607 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:42.696601 0.350529 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:43.048084 0.176924 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:43.212691 0.258254 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:43.435545 0.141203 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:43.568861 0.150201 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:43.716755 0.144785 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:43.826474 0.147744 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:43.966183 0.077019 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:44.039566 0.181379 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:44.218584 0.079654 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:44.279209 0.347648 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:44.628370 0.121476 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:44.707074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:11:44.715936 0.055587 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:44.773091 0.186404 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:44.951174 0.178924 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:45.103066 0.105407 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:45.223760 0.183847 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:45.411845 0.354161 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:45.761636 0.154594 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:45.917510 0.693081 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:46.390690 0.304958 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:11:56.654492 3.003946 tcp 10.0.2.109 65526 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:12:05.657033 0.000000 tcp 10.0.2.109 65526 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:12:11.657338 0.054184 tcp 10.0.2.109 65527 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:12:11.711859 0.054711 tcp 10.0.2.109 65528 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:12:11.766824 0.144636 tcp 10.0.2.109 65529 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:12:12.040584 3.000016 tcp 10.0.2.109 65530 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:12:21.039115 0.000000 tcp 10.0.2.109 65530 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:17:27.039907 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 17:17:27.040074 2.993423 tcp 10.0.2.109 65531 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:17:36.032395 0.000000 tcp 10.0.2.109 65531 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:17:42.042711 0.053468 tcp 10.0.2.109 65532 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:17:42.096470 0.056036 tcp 10.0.2.109 65533 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:17:42.152802 0.147774 tcp 10.0.2.109 65534 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:17:42.334922 3.000974 tcp 10.0.2.109 49157 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:17:48.712409 3.002380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 17:17:51.334040 0.000000 tcp 10.0.2.109 49157 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:17:55.720090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:18:03.722225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:18:19.725163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:18:51.731043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:22:57.334601 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 17:22:57.334764 3.003922 tcp 10.0.2.109 49158 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:23:06.337428 0.000000 tcp 10.0.2.109 49158 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:23:12.337857 0.053819 tcp 10.0.2.109 49159 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:23:12.391970 0.055827 tcp 10.0.2.109 49160 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:23:12.448056 0.143980 tcp 10.0.2.109 49161 -> 195.113.214.249 443 SRPA* 0 0 20 11372 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:23:12.601801 2.998213 tcp 10.0.2.109 49162 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:23:21.598934 0.000000 tcp 10.0.2.109 49162 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:24:55.736967 3.001817 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 17:25:02.745904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:25:10.745987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:25:26.748440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:25:58.755004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:28:27.599219 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 17:28:27.599416 2.993518 tcp 10.0.2.109 49163 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:28:36.591634 0.000000 tcp 10.0.2.109 49163 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:28:42.602786 0.054063 tcp 10.0.2.109 49164 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:28:42.657277 0.054961 tcp 10.0.2.109 49165 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:28:42.712526 0.144666 tcp 10.0.2.109 49166 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:28:42.881376 3.003854 tcp 10.0.2.109 49167 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:28:51.883869 0.000000 tcp 10.0.2.109 49167 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:32:02.760307 3.002349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 17:32:09.768269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:32:17.770183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:32:33.773671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:33:05.779177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:39:09.785041 3.001621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 17:39:16.792694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:39:24.794015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:39:40.796880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:40:12.803527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:41:52.676838 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 17:41:52.676998 0.223329 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1703 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:52.917222 0.175972 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:53.088902 0.062070 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:53.155551 0.123554 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:53.236558 0.068230 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:53.288839 0.349382 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:53.639167 0.168763 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:53.796437 0.250136 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:54.012179 0.140614 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:54.156997 0.150670 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2542 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:54.305548 0.141485 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:54.409386 0.150170 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:54.551522 0.115566 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:54.630694 0.179245 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:54.806466 0.076720 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:54.863015 0.334942 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:55.196688 0.122981 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:55.287596 0.056217 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:55.354435 0.186151 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:55.532615 0.179724 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:55.689617 0.353481 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:56.039503 0.152728 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:56.188170 0.761660 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:56.709872 0.092673 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:56.811432 0.176963 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:56.961303 0.305354 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/22 17:41:57.934283 3.003656 tcp 10.0.2.109 49168 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:42:06.936980 0.000000 tcp 10.0.2.109 49168 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:42:12.937231 0.055099 tcp 10.0.2.109 49169 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:42:12.992674 0.056120 tcp 10.0.2.109 49170 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:42:13.049060 0.141847 tcp 10.0.2.109 49171 -> 195.113.214.249 443 SRPA* 0 0 40 21234 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:42:13.206895 3.003406 tcp 10.0.2.109 49172 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:42:22.208781 0.000000 tcp 10.0.2.109 49172 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:46:16.809111 3.001284 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 17:46:23.816251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:46:31.817773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:46:47.820740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:47:19.826207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:47:28.209389 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 17:47:28.209506 2.993657 tcp 10.0.2.109 49173 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:47:37.201638 0.000000 tcp 10.0.2.109 49173 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:47:43.212072 0.053080 tcp 10.0.2.109 49174 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:47:43.265369 0.055376 tcp 10.0.2.109 49175 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:47:43.321172 0.147802 tcp 10.0.2.109 49176 -> 195.113.214.249 443 SRPA* 0 0 32 17498 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:47:43.488155 2.997375 tcp 10.0.2.109 49177 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:47:52.483742 0.000000 tcp 10.0.2.109 49177 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:52:58.484334 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 17:52:58.484571 3.003291 tcp 10.0.2.109 49178 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:53:07.486711 0.000000 tcp 10.0.2.109 49178 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:53:13.486641 0.054139 tcp 10.0.2.109 49179 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:53:13.541073 0.054758 tcp 10.0.2.109 49180 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:53:13.596117 0.144517 tcp 10.0.2.109 49181 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:53:13.780792 2.999204 tcp 10.0.2.109 49182 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:53:22.779156 0.000000 tcp 10.0.2.109 49182 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:56:27.837334 3.001705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 17:56:34.844857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:56:42.846026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:56:58.848968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:57:30.855323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 17:58:28.779280 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 17:58:28.779440 2.993433 tcp 10.0.2.109 49183 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:58:37.771644 0.000000 tcp 10.0.2.109 49183 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:58:43.781950 0.053197 tcp 10.0.2.109 49184 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:58:43.835493 0.055355 tcp 10.0.2.109 49185 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:58:43.891247 0.140993 tcp 10.0.2.109 49186 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/22 17:58:44.053840 3.000976 tcp 10.0.2.109 49187 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 17:58:53.054883 0.000000 tcp 10.0.2.109 49187 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:03:34.861447 3.003225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 18:03:41.868686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:03:49.869994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:04:08.840234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:04:40.404700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:10:41.906552 3.000686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 18:10:48.912502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:10:56.914570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:11:12.917476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:11:44.929387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:12:10.750581 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 18:12:10.750746 0.226087 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:10.973337 0.145300 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:11.075312 0.069332 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2557 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:11.126429 0.347662 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:11.475696 0.177519 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2641 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:11.640337 0.252054 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:11.858726 0.174977 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:12.052413 0.057945 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:12.094805 0.147122 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:12.471302 0.150398 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:12.620083 0.162383 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:12.817460 0.142924 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:12.956140 0.161263 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:13.113915 0.176778 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:13.287207 0.079966 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:13.347236 0.360252 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:13.723409 0.118620 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:13.809081 0.056396 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:13.918427 0.196929 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:14.105344 0.176581 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:14.105834 3.009456 tcp 10.0.2.109 49188 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:12:14.259164 0.352463 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:14.628245 0.093067 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:14.718276 0.184260 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:14.909940 0.152002 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:15.069427 0.566963 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:15.516481 0.304151 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:12:23.108387 0.000000 tcp 10.0.2.109 49188 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:12:29.108883 0.053309 tcp 10.0.2.109 49189 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:12:29.162482 0.059148 tcp 10.0.2.109 49190 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:12:29.221876 0.121625 tcp 10.0.2.109 49191 -> 195.113.214.249 443 SRPA* 0 0 25 13938 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:12:29.354050 2.997446 tcp 10.0.2.109 49192 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:12:38.360351 0.000000 tcp 10.0.2.109 49192 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:17:44.350936 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 18:17:44.351127 2.998575 tcp 10.0.2.109 49193 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:17:48.932283 2.998805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 18:17:53.342999 0.000000 tcp 10.0.2.109 49193 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:17:55.937103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:17:59.353381 0.053214 tcp 10.0.2.109 49194 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:17:59.406891 0.055002 tcp 10.0.2.109 49195 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:17:59.462204 0.144399 tcp 10.0.2.109 49196 -> 195.113.214.249 443 SRPA* 0 0 21 10764 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:17:59.626607 3.000146 tcp 10.0.2.109 49197 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:18:03.938520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:18:08.624994 0.000000 tcp 10.0.2.109 49197 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:18:19.941352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:18:51.947252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:23:14.625379 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 18:23:14.625503 3.003827 tcp 10.0.2.109 49198 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:23:23.627817 0.000000 tcp 10.0.2.109 49198 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:23:29.628825 0.032659 tcp 10.0.2.109 49199 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:23:29.661771 0.054970 tcp 10.0.2.109 49200 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:23:29.717029 0.121705 tcp 10.0.2.109 49201 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:23:29.858109 3.003231 tcp 10.0.2.109 49202 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:23:38.859553 0.000000 tcp 10.0.2.109 49202 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:24:55.953520 3.001712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 18:25:02.960801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:25:10.962456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:25:26.966903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:25:58.971237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:28:44.860404 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 18:28:44.860542 2.993493 tcp 10.0.2.109 49203 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:28:53.852642 0.000000 tcp 10.0.2.109 49203 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:28:59.863038 0.052962 tcp 10.0.2.109 49204 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:28:59.916280 0.056119 tcp 10.0.2.109 49205 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:28:59.972746 0.146132 tcp 10.0.2.109 49206 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:29:00.128851 2.997124 tcp 10.0.2.109 49207 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:29:09.124914 0.000000 tcp 10.0.2.109 49207 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:32:02.977395 3.001844 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 18:32:09.984658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:32:17.986181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:32:33.989322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:33:05.995320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:39:10.001246 3.001652 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 18:39:17.008775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:39:25.010188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:39:41.013112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:40:13.019489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:42:42.464333 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 18:42:42.464423 0.252595 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:42.775547 0.140284 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:42.876116 0.063854 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:43.845830 0.365532 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:44.228465 0.177134 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:44.394624 0.257382 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:44.615141 0.168568 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:44.802063 0.150801 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:44.951120 0.138100 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:45.048420 0.311813 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:45.178243 2.993870 tcp 10.0.2.109 49208 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:42:45.237083 0.059603 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:45.281284 0.146074 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:45.419357 0.064391 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:45.477733 0.183942 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:45.658608 0.092092 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:45.733857 0.355817 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:46.105427 0.115949 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:46.189134 0.054364 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:46.245212 0.354204 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:46.619744 0.090942 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:46.734418 0.184449 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:46.923798 0.151407 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 1952 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:47.074186 0.185820 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:47.252431 0.176865 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:47.406840 0.583486 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:47.870582 0.306694 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/22 18:42:54.180808 0.000000 tcp 10.0.2.109 49208 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:43:00.181011 0.054564 tcp 10.0.2.109 49209 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:43:00.235835 0.053753 tcp 10.0.2.109 49210 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:43:00.289845 0.144594 tcp 10.0.2.109 49211 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:43:00.453063 3.001356 tcp 10.0.2.109 49212 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:43:09.452677 0.000000 tcp 10.0.2.109 49212 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:46:17.025299 3.001606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 18:46:24.032735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:46:32.034338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:46:48.037203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:47:21.031572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:48:15.752043 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 18:48:15.752176 2.969248 tcp 10.0.2.109 49213 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:48:24.645067 0.000000 tcp 10.0.2.109 49213 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:48:30.569621 0.054719 tcp 10.0.2.109 49214 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:48:30.624653 0.032015 tcp 10.0.2.109 49215 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:48:30.657016 0.147261 tcp 10.0.2.109 49216 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:48:30.814906 2.965550 tcp 10.0.2.109 49217 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:48:39.707615 0.000000 tcp 10.0.2.109 49217 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:53:45.698121 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 18:53:45.698320 2.993501 tcp 10.0.2.109 49218 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:53:54.700609 0.000000 tcp 10.0.2.109 49218 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:54:00.700672 0.034027 tcp 10.0.2.109 49219 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:54:00.735101 0.033152 tcp 10.0.2.109 49220 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:54:00.768559 0.126454 tcp 10.0.2.109 49221 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:54:00.932782 2.991226 tcp 10.0.2.109 49222 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:54:09.923038 0.000000 tcp 10.0.2.109 49222 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:56:28.064433 3.000939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 18:56:35.071105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:56:43.072720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:56:59.075589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:57:31.081695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 18:59:15.933284 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 18:59:15.933531 3.003672 tcp 10.0.2.109 49223 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:59:24.935477 0.000000 tcp 10.0.2.109 49223 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:59:30.935503 0.054438 tcp 10.0.2.109 49224 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:59:30.990362 0.054682 tcp 10.0.2.109 49225 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:59:31.045357 0.146413 tcp 10.0.2.109 49226 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/22 18:59:31.201502 3.006691 tcp 10.0.2.109 49227 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 18:59:40.207291 0.000000 tcp 10.0.2.109 49227 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:03:35.087719 3.001733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 19:03:42.095210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:03:50.096570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:04:06.099615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:04:38.105877 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:10:42.111648 3.001743 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 19:10:49.119159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:10:57.120885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:11:13.126878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:11:45.129518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:13:03.562578 0.000120 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 19:13:03.562806 0.271202 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:03.841711 0.177828 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:03.976227 0.065814 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:04.028757 0.352510 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:04.382622 0.169728 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2024 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:04.542401 0.252274 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:04.758258 0.177746 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:04.946017 0.150310 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:05.094786 0.153410 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:05.209309 0.275688 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:05.457375 0.058919 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:05.500031 0.146398 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:05.638529 0.065536 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:05.698356 0.181584 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:05.877477 0.073842 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:05.934668 0.364417 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:06.297885 0.117689 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:06.381828 0.054803 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2052 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:06.449905 0.346571 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:06.827916 0.098742 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:06.932688 0.176476 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:07.083252 0.151293 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:07.242991 0.710642 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:07.733286 0.191760 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:07.917332 0.179588 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:08.072996 0.307872 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:13:16.251303 2.994163 tcp 10.0.2.109 49228 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:13:25.243355 0.000000 tcp 10.0.2.109 49228 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:13:31.253971 0.032214 tcp 10.0.2.109 49229 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:13:31.286442 0.032789 tcp 10.0.2.109 49230 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:13:31.319534 0.126083 tcp 10.0.2.109 49231 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:13:31.455417 3.001833 tcp 10.0.2.109 49232 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:13:40.455450 0.000000 tcp 10.0.2.109 49232 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:17:49.136103 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 19:17:56.143489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:18:04.144774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:18:20.147316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:18:46.455823 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 19:18:46.455965 3.003940 tcp 10.0.2.109 49233 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:18:52.153567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:18:55.459165 0.000000 tcp 10.0.2.109 49233 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:19:01.459036 0.032311 tcp 10.0.2.109 49234 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:19:01.491591 0.031843 tcp 10.0.2.109 49235 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:19:01.523793 0.142866 tcp 10.0.2.109 49236 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:19:01.681182 3.000319 tcp 10.0.2.109 49237 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:19:10.690392 0.000000 tcp 10.0.2.109 49237 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:24:16.680284 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 19:24:16.680469 2.994240 tcp 10.0.2.109 49238 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:24:25.672860 0.000000 tcp 10.0.2.109 49238 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:24:31.683916 0.032289 tcp 10.0.2.109 49239 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:24:31.716471 0.032114 tcp 10.0.2.109 49240 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:24:31.748841 0.145883 tcp 10.0.2.109 49241 -> 195.113.214.249 443 SRPA* 0 0 23 12124 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:24:31.915287 3.000905 tcp 10.0.2.109 49242 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:24:40.914959 0.000000 tcp 10.0.2.109 49242 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:24:56.160930 3.000706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 19:25:03.167020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:25:11.168164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:25:27.171512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:25:59.177634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:29:46.915511 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 19:29:46.915675 3.003453 tcp 10.0.2.109 49243 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:29:55.917721 0.000000 tcp 10.0.2.109 49243 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:30:01.918495 0.053305 tcp 10.0.2.109 49244 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:30:01.972190 0.031870 tcp 10.0.2.109 49245 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:30:02.004342 0.125658 tcp 10.0.2.109 49246 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:30:02.146163 3.005083 tcp 10.0.2.109 49247 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:30:11.159903 0.000000 tcp 10.0.2.109 49247 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:32:03.190472 2.997312 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 19:32:10.191143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:32:18.192698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:32:34.195392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:33:06.201362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:39:10.208652 3.000618 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 19:39:17.215205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:39:25.216641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:39:41.219357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:40:13.226178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:43:15.768971 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 19:43:15.769130 0.071195 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:15.824523 0.226921 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:16.047819 0.148350 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:16.157641 0.255585 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:16.378939 0.174130 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:16.554359 0.343759 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:16.906497 0.172667 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:17.067828 0.151249 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:17.190602 2.994151 tcp 10.0.2.109 49248 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:43:17.237226 0.139986 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:17.339723 0.142888 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:17.471026 0.061175 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:17.516216 0.146010 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:17.653919 0.055901 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:17.707331 1.824902 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:19.529617 0.080522 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:19.593709 0.359902 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:19.952508 0.115536 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:20.034361 0.060607 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:20.097435 0.353138 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:20.446451 0.094686 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:20.539900 0.174807 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:20.693466 0.190488 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:20.876572 0.174644 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:21.028365 0.146687 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:21.171412 0.709111 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:21.641031 0.303077 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/22 19:43:26.182604 0.000000 tcp 10.0.2.109 49248 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:43:32.193343 0.054432 tcp 10.0.2.109 49249 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:43:32.248073 0.031854 tcp 10.0.2.109 49250 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:43:32.280239 0.145018 tcp 10.0.2.109 49251 -> 195.113.214.249 443 SRPA* 0 0 39 31664 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:43:32.435196 3.000802 tcp 10.0.2.109 49252 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:43:41.434937 0.000000 tcp 10.0.2.109 49252 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:46:17.231059 3.002222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 19:46:24.238913 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:46:32.240761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:46:48.243436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:47:20.249281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:48:47.435187 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 19:48:47.435364 3.003665 tcp 10.0.2.109 49253 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:48:56.437566 0.000000 tcp 10.0.2.109 49253 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:49:02.438197 0.032639 tcp 10.0.2.109 49254 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:49:02.471125 0.032073 tcp 10.0.2.109 49255 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:49:02.503523 0.125306 tcp 10.0.2.109 49256 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:49:02.638852 3.002078 tcp 10.0.2.109 49257 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:49:11.639724 0.000000 tcp 10.0.2.109 49257 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:54:17.639883 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 19:54:17.640107 2.993526 tcp 10.0.2.109 49258 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:54:26.632671 0.000000 tcp 10.0.2.109 49258 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:54:32.642589 0.031728 tcp 10.0.2.109 49259 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:54:32.674564 0.033177 tcp 10.0.2.109 49260 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:54:32.708017 0.125342 tcp 10.0.2.109 49261 -> 195.113.214.249 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/22 19:54:32.846800 2.998728 tcp 10.0.2.109 49262 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:54:41.844590 0.000000 tcp 10.0.2.109 49262 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:56:30.262962 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 19:56:37.270152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:56:45.271849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:57:01.275139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:57:33.280973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 19:59:47.845990 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 19:59:47.846085 3.002045 tcp 10.0.2.109 49263 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 19:59:56.847373 0.000000 tcp 10.0.2.109 49263 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:00:02.848215 0.032001 tcp 10.0.2.109 49264 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:00:02.880594 0.033350 tcp 10.0.2.109 49265 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:00:02.914455 0.124238 tcp 10.0.2.109 49266 -> 195.113.214.249 443 SRPA* 0 0 22 11026 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:00:03.056406 3.004060 tcp 10.0.2.109 49267 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:00:12.059613 0.000000 tcp 10.0.2.109 49267 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:03:37.287430 3.001041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 20:03:44.294393 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:03:52.295916 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:04:08.298796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:04:40.304821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:10:44.311167 3.001893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 20:10:51.318506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:10:59.319648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:11:15.322844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:11:47.328888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:13:23.117206 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 20:13:23.117433 0.065473 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:23.169051 0.224417 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:23.391313 0.163011 rtp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:23.514987 0.247290 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:23.724524 0.177114 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:23.896517 0.355553 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:24.266834 0.176291 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:24.432206 0.245360 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:24.590541 0.059477 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:24.633662 0.141024 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:24.767003 0.055704 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:24.818333 0.150701 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:24.967283 0.153665 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:25.083789 0.248745 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:25.328147 0.078249 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:25.390223 0.355348 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:25.747093 0.126018 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:25.836714 0.055936 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:25.906982 0.382432 rtcp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:26.285648 0.092548 rtp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:26.381548 0.181940 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:26.537310 0.190984 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:26.720615 0.177687 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:26.876700 0.311427 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:27.189510 0.151600 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:27.342790 0.760531 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:13:33.111141 3.004009 tcp 10.0.2.109 49268 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:13:42.115679 0.000000 tcp 10.0.2.109 49268 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:13:48.114819 0.054072 tcp 10.0.2.109 49269 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:13:48.169260 0.055247 tcp 10.0.2.109 49270 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:13:48.224865 0.128901 tcp 10.0.2.109 49271 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:13:48.364014 3.003241 tcp 10.0.2.109 49272 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:13:57.365479 0.000000 tcp 10.0.2.109 49272 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:17:51.335218 3.001675 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 20:17:58.342486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:18:06.343811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:18:22.346670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:18:54.352574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:19:03.365899 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 20:19:03.366218 3.003731 tcp 10.0.2.109 49273 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:19:12.368508 0.000000 tcp 10.0.2.109 49273 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:19:18.369618 0.031403 tcp 10.0.2.109 49274 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:19:18.401303 0.031758 tcp 10.0.2.109 49275 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:19:18.433362 0.127382 tcp 10.0.2.109 49276 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:19:18.597222 2.994930 tcp 10.0.2.109 49277 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:19:27.600410 0.000000 tcp 10.0.2.109 49277 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:24:33.590859 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 20:24:33.591109 2.993592 tcp 10.0.2.109 49278 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:24:42.583370 0.000000 tcp 10.0.2.109 49278 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:24:48.594600 0.032265 tcp 10.0.2.109 49279 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:24:48.627249 0.033298 tcp 10.0.2.109 49280 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:24:48.660870 0.120100 tcp 10.0.2.109 49281 -> 195.113.214.249 443 SRPA* 0 0 35 18916 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:24:48.807951 2.994990 tcp 10.0.2.109 49282 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:24:57.797010 0.000000 tcp 10.0.2.109 49282 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:24:58.360209 3.000603 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 20:25:05.368102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:25:13.368086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:25:29.371480 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:26:01.377388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:30:03.785862 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 20:30:03.786026 3.003330 tcp 10.0.2.109 49283 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:30:12.787986 0.000000 tcp 10.0.2.109 49283 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:30:18.789046 0.054474 tcp 10.0.2.109 49284 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:30:18.843840 0.033321 tcp 10.0.2.109 49285 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:30:18.877454 0.123236 tcp 10.0.2.109 49286 -> 195.113.214.249 443 SRPA* 0 0 20 10710 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:30:19.032111 3.009233 tcp 10.0.2.109 49287 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:30:28.050265 0.000000 tcp 10.0.2.109 49287 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:32:05.382511 3.001872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 20:32:12.393301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:32:20.391935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:32:36.394590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:33:08.401075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:39:12.406622 3.001787 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 20:39:19.414106 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:39:27.415866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:39:43.418747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:40:15.424699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:43:32.157716 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 20:43:32.157932 0.156265 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:32.269587 0.246639 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:32.569723 0.175572 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:32.741188 0.068499 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:32.793697 0.322911 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1787 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:33.114595 0.343436 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:33.459180 0.176789 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:33.625070 0.147028 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:33.763520 0.058364 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:33.806771 0.149625 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:33.948390 0.051752 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:33.996748 0.145465 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:34.080963 2.993672 tcp 10.0.2.109 49288 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:43:34.140416 0.144718 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:34.245126 0.174926 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:34.417129 0.120758 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:34.520504 0.339691 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:34.861545 0.123991 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:34.953944 0.055694 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:35.031096 0.179012 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:35.185337 0.190428 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:35.368172 0.177709 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:35.523230 0.354338 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:35.906121 0.093306 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:36.005297 0.701562 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:36.487789 0.307145 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:36.796030 0.153002 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/22 20:43:43.073184 0.000000 tcp 10.0.2.109 49288 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:43:49.083355 0.054327 tcp 10.0.2.109 49289 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:43:49.137973 0.031923 tcp 10.0.2.109 49290 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:43:49.170282 0.124747 tcp 10.0.2.109 49291 -> 195.113.214.249 443 SRPA* 0 0 41 33612 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:43:49.312379 3.003855 tcp 10.0.2.109 49292 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:43:58.315149 0.000000 tcp 10.0.2.109 49292 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:46:19.430277 3.002913 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 20:46:26.437831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:46:34.439433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:46:50.442788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:47:22.448500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:49:04.315498 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 20:49:04.315724 3.003526 tcp 10.0.2.109 49293 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:49:13.317735 0.000000 tcp 10.0.2.109 49293 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:49:19.318517 0.032072 tcp 10.0.2.109 49294 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:49:19.350875 0.032637 tcp 10.0.2.109 49295 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:49:19.383804 0.125125 tcp 10.0.2.109 49296 -> 195.113.214.249 443 SRPA* 0 0 30 21034 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:49:19.525278 3.006061 tcp 10.0.2.109 49297 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:49:28.539750 0.000000 tcp 10.0.2.109 49297 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:54:34.520265 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 20:54:34.520377 2.993688 tcp 10.0.2.109 49298 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:54:43.512473 0.000000 tcp 10.0.2.109 49298 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:54:49.523034 0.033086 tcp 10.0.2.109 49299 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:54:49.556364 0.033137 tcp 10.0.2.109 49300 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:54:49.589826 0.109638 tcp 10.0.2.109 49301 -> 195.113.214.249 443 SRPA* 0 0 33 23533 flow=From-Botnet-V1-TCP-Established 1970/02/22 20:54:49.732252 3.003838 tcp 10.0.2.109 49302 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:54:58.734768 0.000000 tcp 10.0.2.109 49302 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 20:56:31.460460 3.002266 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 20:56:38.468151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:56:46.469484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:57:02.473096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 20:57:34.478627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:00:04.735102 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 21:00:04.735211 3.003082 tcp 10.0.2.109 49303 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:00:13.737524 0.000000 tcp 10.0.2.109 49303 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:00:19.738137 0.055645 tcp 10.0.2.109 49304 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:00:19.794282 0.032854 tcp 10.0.2.109 49305 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:00:19.827542 0.131382 tcp 10.0.2.109 49306 -> 195.113.214.249 443 SRPA* 0 0 23 12124 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:00:19.970473 2.999916 tcp 10.0.2.109 49307 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:00:28.969416 0.000000 tcp 10.0.2.109 49307 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:03:38.485170 3.001309 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 21:03:45.492036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:03:53.493352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:04:09.496591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:04:41.502635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:10:45.508647 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 21:10:52.515867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:11:00.517494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:11:16.523728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:11:48.526302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:13:58.914362 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 21:13:58.914477 0.172673 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:13:59.111464 0.072058 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:13:59.165222 0.134195 rtp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:13:59.258783 0.246112 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:13:59.468162 0.275720 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:13:59.741172 0.358293 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:00.121964 0.169242 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:00.280030 0.141068 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:00.413443 0.063493 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:00.458754 0.144623 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:00.591883 0.057805 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:00.645269 0.150375 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:00.795232 0.165740 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:00.921295 0.194567 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:01.111822 0.085786 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:01.179138 0.334341 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:01.514968 0.118947 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:01.601204 0.054922 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:01.670652 0.176174 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:01.823940 0.354271 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:02.198280 0.090893 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:02.294906 0.182202 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:02.510997 0.192280 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:02.695353 0.153884 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:02.853851 0.735210 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:03.348718 0.309815 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:14:05.023319 3.003616 tcp 10.0.2.109 49308 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:14:14.025896 0.000000 tcp 10.0.2.109 49308 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:14:20.026476 0.055312 tcp 10.0.2.109 49309 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:14:20.082264 0.032371 tcp 10.0.2.109 49310 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:14:20.114965 0.143677 tcp 10.0.2.109 49311 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:14:20.918545 3.001342 tcp 10.0.2.109 49312 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:14:29.918720 0.000000 tcp 10.0.2.109 49312 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:17:52.535465 2.999674 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 21:17:59.539879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:18:07.541467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:18:23.544327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:18:55.550765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:19:35.919243 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 21:19:35.919380 2.996126 tcp 10.0.2.109 49313 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:19:44.921298 0.000000 tcp 10.0.2.109 49313 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:19:50.921401 0.032700 tcp 10.0.2.109 49314 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:19:50.954360 0.054107 tcp 10.0.2.109 49315 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:19:51.008781 0.141081 tcp 10.0.2.109 49316 -> 195.113.214.249 443 SRPA* 0 0 33 18096 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:19:51.161007 2.993959 tcp 10.0.2.109 49317 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:20:00.153352 0.000000 tcp 10.0.2.109 49317 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:24:59.556233 3.001928 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 21:25:06.163852 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 21:25:06.163952 3.003731 tcp 10.0.2.109 49318 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:25:06.563881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:25:14.565467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:25:15.166658 0.000000 tcp 10.0.2.109 49318 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:25:21.166648 0.032589 tcp 10.0.2.109 49319 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:25:21.199506 0.053268 tcp 10.0.2.109 49320 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:25:21.253071 0.141678 tcp 10.0.2.109 49321 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:25:21.404017 3.005368 tcp 10.0.2.109 49322 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:25:30.408172 0.000000 tcp 10.0.2.109 49322 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:25:30.568330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:26:02.574575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:30:36.399019 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 21:30:36.399149 2.993304 tcp 10.0.2.109 49323 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:30:49.361742 0.000000 tcp 10.0.2.109 49323 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:30:55.281276 0.032029 tcp 10.0.2.109 49324 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:30:55.313606 0.054723 tcp 10.0.2.109 49325 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:30:55.368610 0.123394 tcp 10.0.2.109 49326 -> 195.113.214.249 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:30:55.506776 2.963086 tcp 10.0.2.109 49327 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:31:04.383672 0.000000 tcp 10.0.2.109 49327 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:32:09.393232 2.955737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 21:32:16.299249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:32:24.181733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:32:39.955165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:33:11.508090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:39:13.604790 3.001398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 21:39:20.611674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:39:28.613554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:39:44.616146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:40:16.622837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:44:06.994156 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 21:44:06.994278 0.176070 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:07.181672 0.241262 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 1995 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:07.389108 0.225150 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:07.611822 0.069262 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:07.664653 0.132636 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:07.756406 0.347128 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:08.129848 0.165670 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:08.284254 0.266570 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:08.460091 0.061843 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:08.504088 0.173629 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:08.675597 0.050411 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:08.723267 0.151050 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:08.872234 0.141648 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:08.974854 0.179380 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:09.149600 0.081867 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:09.213126 0.328549 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:09.543066 0.112821 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:09.623325 0.055364 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:09.697471 0.176650 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:09.849762 0.181637 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:10.007581 0.186786 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:10.187473 0.146706 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:10.329559 0.353636 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:10.678965 0.093385 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:10.771417 0.741196 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2598 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:11.211974 0.305420 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/22 21:44:21.685105 3.003405 tcp 10.0.2.109 49328 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:44:30.687529 0.000000 tcp 10.0.2.109 49328 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:44:36.688718 0.054540 tcp 10.0.2.109 49329 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:44:36.743522 0.054531 tcp 10.0.2.109 49330 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:44:36.798537 0.124921 tcp 10.0.2.109 49331 -> 195.113.214.249 443 SRPA* 0 0 32 24769 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:44:36.953992 3.007002 tcp 10.0.2.109 49332 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:44:45.959518 0.000000 tcp 10.0.2.109 49332 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:46:20.629194 3.000520 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 21:46:27.635674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:46:35.637392 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:46:51.640180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:47:23.646437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:49:51.950191 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 21:49:51.950317 2.993366 tcp 10.0.2.109 49333 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:50:00.942727 0.000000 tcp 10.0.2.109 49333 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:50:06.952812 0.054617 tcp 10.0.2.109 49334 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:50:07.007673 0.054990 tcp 10.0.2.109 49335 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:50:07.062935 0.128653 tcp 10.0.2.109 49336 -> 195.113.214.249 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:50:07.201183 2.995280 tcp 10.0.2.109 49337 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:50:16.194659 0.000000 tcp 10.0.2.109 49337 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:55:22.195134 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 21:55:22.195311 3.003356 tcp 10.0.2.109 49338 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:55:31.200634 0.000000 tcp 10.0.2.109 49338 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:55:37.197685 0.030760 tcp 10.0.2.109 49339 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:55:37.228757 0.033018 tcp 10.0.2.109 49340 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:55:37.262138 0.126383 tcp 10.0.2.109 49341 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/22 21:55:37.404506 3.006207 tcp 10.0.2.109 49342 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:55:46.409280 0.000000 tcp 10.0.2.109 49342 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 21:56:27.660260 3.002497 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 21:56:34.668470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:56:42.669914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:56:58.673051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 21:57:30.679276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:00:52.399919 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 22:00:52.400046 2.993501 tcp 10.0.2.109 49343 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:01:01.392004 0.000000 tcp 10.0.2.109 49343 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:01:07.402849 0.054012 tcp 10.0.2.109 49344 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:01:07.457111 0.032108 tcp 10.0.2.109 49345 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:01:07.489564 0.124321 tcp 10.0.2.109 49346 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:01:07.653686 3.001637 tcp 10.0.2.109 49347 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:01:16.653839 0.000000 tcp 10.0.2.109 49347 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:03:34.685014 3.280862 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 22:03:41.930314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:03:49.857428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:04:05.710172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:04:37.713198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:10:41.720638 3.000267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 22:10:48.726484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:10:56.728178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:11:12.730672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:11:44.736923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:14:27.701750 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 22:14:27.701877 0.225041 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:27.948908 0.072364 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:28.004320 0.145384 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:28.109261 0.172790 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:28.300209 0.240426 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:28.506346 0.352764 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:28.860350 0.188521 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:29.038202 0.138547 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:29.169168 0.057366 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2022 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:29.212156 0.139772 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:29.343806 0.056332 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:29.392903 0.150976 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:29.544029 0.151004 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:29.654645 0.179290 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:29.828600 0.085371 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:29.893806 0.359009 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:30.264158 0.126295 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:30.355479 0.054284 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:30.421483 0.176415 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:30.575265 0.185109 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:30.771446 0.353323 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:31.121149 0.093081 udp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:31.223463 0.180194 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:31.397108 0.150243 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:31.548670 0.670325 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:31.998524 0.311840 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:14:37.707214 3.002777 tcp 10.0.2.109 49348 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:14:46.708713 0.000000 tcp 10.0.2.109 49348 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:14:52.708499 0.053984 tcp 10.0.2.109 49349 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:14:52.762724 0.032643 tcp 10.0.2.109 49350 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:14:52.795640 0.185873 tcp 10.0.2.109 49351 -> 195.113.214.249 443 SRPA* 0 0 20 11334 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:14:52.992242 2.999809 tcp 10.0.2.109 49352 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:15:02.000669 0.000000 tcp 10.0.2.109 49352 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:17:51.747349 3.001522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 22:17:58.754999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:18:06.756522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:18:22.759356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:18:54.765247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:20:07.991119 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 22:20:07.991308 2.993771 tcp 10.0.2.109 49353 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:20:16.983277 0.000000 tcp 10.0.2.109 49353 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:20:22.993951 0.032006 tcp 10.0.2.109 49354 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:20:23.026193 0.032270 tcp 10.0.2.109 49355 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:20:23.058706 0.144971 tcp 10.0.2.109 49356 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:20:23.222524 3.004251 tcp 10.0.2.109 49357 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:20:32.225447 0.000000 tcp 10.0.2.109 49357 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:24:58.772471 3.001065 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 22:25:05.778775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:25:13.780387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:25:29.783216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:25:38.225886 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 22:25:38.226089 3.003537 tcp 10.0.2.109 49358 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:25:47.228547 0.000000 tcp 10.0.2.109 49358 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:25:53.229050 0.032459 tcp 10.0.2.109 49359 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:25:53.261894 0.031965 tcp 10.0.2.109 49360 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:25:53.294167 0.151882 tcp 10.0.2.109 49361 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:25:53.470205 3.001417 tcp 10.0.2.109 49362 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:26:01.789364 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:26:02.480542 0.000000 tcp 10.0.2.109 49362 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:31:08.470935 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 22:31:08.471139 2.993528 tcp 10.0.2.109 49363 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:31:17.463098 0.000000 tcp 10.0.2.109 49363 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:31:23.474093 0.032823 tcp 10.0.2.109 49364 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:31:23.507175 0.031943 tcp 10.0.2.109 49365 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:31:23.539415 0.124866 tcp 10.0.2.109 49366 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:31:23.675487 3.000820 tcp 10.0.2.109 49367 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:31:32.675218 0.000000 tcp 10.0.2.109 49367 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:32:05.795840 3.001059 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 22:32:12.802880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:32:20.803725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:32:36.807400 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:33:08.815310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:39:12.819868 3.000948 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 22:39:19.826920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:39:27.828009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:39:43.831403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:40:15.837210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:44:52.708894 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 22:44:52.709046 0.224259 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:52.932088 0.073627 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:53.076922 0.246328 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:53.284913 0.355484 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:53.737952 3.002910 tcp 10.0.2.109 49368 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:44:53.738486 0.169552 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:54.438241 0.125899 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:54.663234 0.175865 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:54.860544 0.146264 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:54.998690 0.060575 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:55.241184 0.138666 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:55.371856 0.070761 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:55.472921 0.150957 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:55.622033 0.148750 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:56.092406 0.173006 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:56.615433 0.085991 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:56.798612 0.055083 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 1981 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:56.897635 0.177993 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:57.125531 0.184077 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:57.496046 0.349460 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:57.853894 0.119737 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:57.995687 0.354042 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:59.612181 0.116348 rtp 10.0.2.109 3683 <-> 84.111.178.118 9246 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:44:59.722028 0.187183 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:45:00.413767 0.151279 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:45:00.614770 0.638426 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:45:01.054319 0.306010 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/22 22:45:02.739600 0.000000 tcp 10.0.2.109 49368 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:45:08.739741 0.034501 tcp 10.0.2.109 49369 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:45:08.774587 0.033041 tcp 10.0.2.109 49370 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:45:08.807960 0.128212 tcp 10.0.2.109 49371 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:45:09.344068 2.999310 tcp 10.0.2.109 49372 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:45:18.342025 0.000000 tcp 10.0.2.109 49372 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:46:19.843465 3.001369 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 22:46:26.850732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:46:34.852172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:46:50.855218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:47:22.861291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:50:24.343172 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 22:50:24.343309 3.003136 tcp 10.0.2.109 49373 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:50:33.344914 0.000000 tcp 10.0.2.109 49373 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:50:39.345500 0.032924 tcp 10.0.2.109 49374 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:50:39.378659 0.032964 tcp 10.0.2.109 49375 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:50:39.411946 0.126727 tcp 10.0.2.109 49376 -> 195.113.214.249 443 SRPA* 0 0 26 13878 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:50:39.548655 2.999480 tcp 10.0.2.109 49377 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:50:48.546878 0.000000 tcp 10.0.2.109 49377 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:55:54.547273 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 22:55:54.547368 3.004167 tcp 10.0.2.109 49378 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:56:03.549480 0.000000 tcp 10.0.2.109 49378 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:56:09.550215 0.031788 tcp 10.0.2.109 49379 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:56:09.582383 0.035896 tcp 10.0.2.109 49380 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:56:09.618559 0.130413 tcp 10.0.2.109 49381 -> 195.113.214.249 443 SRPA* 0 0 40 22642 flow=From-Botnet-V1-TCP-Established 1970/02/22 22:56:09.762302 3.000743 tcp 10.0.2.109 49382 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:56:18.761558 0.000000 tcp 10.0.2.109 49382 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 22:56:27.868460 3.000728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 22:56:34.875088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:56:42.880107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:56:58.879258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 22:57:30.885598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:01:24.763030 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 23:01:24.763124 3.002363 tcp 10.0.2.109 49383 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:01:33.764426 0.000000 tcp 10.0.2.109 49383 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:01:39.765709 0.031886 tcp 10.0.2.109 49384 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:01:39.797915 0.032789 tcp 10.0.2.109 49385 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:01:39.831061 0.129142 tcp 10.0.2.109 49386 -> 195.113.214.249 443 SRPA* 0 0 21 12468 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:01:39.971545 3.006386 tcp 10.0.2.109 49387 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:01:48.976088 0.000000 tcp 10.0.2.109 49387 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:03:34.891333 3.001583 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 23:03:41.898733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:03:49.899909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:04:05.903250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:04:37.909293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:10:41.916124 3.000932 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 23:10:48.922680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:10:56.924308 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:11:12.927374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:11:44.933355 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:15:09.507868 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 23:15:09.508015 0.225802 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:09.743682 0.074819 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:09.796311 0.252117 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:10.011517 0.350863 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:10.019035 2.995384 tcp 10.0.2.109 49388 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:15:10.361355 0.176160 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:10.525545 0.125260 rtp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:10.607183 0.171351 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:10.775760 0.139154 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:10.906867 0.059197 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2539 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:10.959432 0.150204 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:11.108380 0.060561 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:11.152233 0.140785 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:11.284158 0.158097 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2591 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:11.400897 0.174691 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:11.571069 0.087990 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:11.639633 0.054886 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:11.703155 0.340719 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:12.059991 0.116238 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:12.144856 0.177893 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:12.297522 0.179896 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:12.483892 0.348101 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:12.827936 0.000000 udp 10.0.2.109 3683 -> 84.111.178.118 9246 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 23:15:19.021136 0.000000 tcp 10.0.2.109 49388 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:15:25.022130 0.032726 tcp 10.0.2.109 49389 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:15:25.055115 0.033008 tcp 10.0.2.109 49390 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:15:25.088436 0.253330 tcp 10.0.2.109 49391 -> 195.113.214.249 443 SRPA* 0 0 35 18164 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:15:25.354372 3.000512 tcp 10.0.2.109 49392 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:15:30.067754 0.030742 tcp 10.0.2.109 49393 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:15:30.098805 0.032699 tcp 10.0.2.109 49394 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:15:30.131768 0.122278 tcp 10.0.2.109 49395 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:15:30.254633 0.751681 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:30.787352 0.185715 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:30.965682 0.151302 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:31.118215 0.308664 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:15:34.353013 0.000000 tcp 10.0.2.109 49392 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:17:51.943554 3.001663 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 23:17:58.954376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:18:06.952663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:18:22.955455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:18:54.961795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:20:40.353569 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 23:20:40.353741 3.003801 tcp 10.0.2.109 49396 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:20:49.355966 0.000000 tcp 10.0.2.109 49396 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:20:55.356713 0.033090 tcp 10.0.2.109 49397 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:20:55.390130 0.040069 tcp 10.0.2.109 49398 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:20:55.430575 0.133239 tcp 10.0.2.109 49399 -> 195.113.214.249 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:20:55.578821 3.000536 tcp 10.0.2.109 49400 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:21:04.577934 0.000000 tcp 10.0.2.109 49400 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:24:58.967631 3.001699 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 23:25:05.975068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:25:13.976527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:25:29.979633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:26:01.986041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:26:10.578476 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 23:26:10.578671 2.993384 tcp 10.0.2.109 49401 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:26:19.580795 0.000000 tcp 10.0.2.109 49401 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:26:25.581498 0.032266 tcp 10.0.2.109 49402 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:26:25.614004 0.034594 tcp 10.0.2.109 49403 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:26:25.648863 0.123218 tcp 10.0.2.109 49404 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:26:25.788303 2.995872 tcp 10.0.2.109 49405 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:26:34.785188 0.000000 tcp 10.0.2.109 49405 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:31:40.783612 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 23:31:40.783784 3.002915 tcp 10.0.2.109 49406 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:31:49.785418 0.000000 tcp 10.0.2.109 49406 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:31:55.786055 0.032656 tcp 10.0.2.109 49407 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:31:55.819021 0.036524 tcp 10.0.2.109 49408 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:31:55.855840 0.131899 tcp 10.0.2.109 49409 -> 195.113.214.249 443 SRPA* 0 0 22 11482 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:31:55.996618 3.002117 tcp 10.0.2.109 49410 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:32:04.997679 0.000000 tcp 10.0.2.109 49410 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:32:05.991882 3.001150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/22 23:32:12.999063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:32:21.001009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:32:37.003422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:33:09.009496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:37:10.999212 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 23:37:10.999317 2.992291 tcp 10.0.2.109 49411 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:37:20.000425 0.000000 tcp 10.0.2.109 49411 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:37:26.000769 0.033648 tcp 10.0.2.109 49412 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:37:26.034714 0.032099 tcp 10.0.2.109 49413 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:37:26.067114 0.132580 tcp 10.0.2.109 49414 -> 195.113.214.249 443 SRPA* 0 0 35 18916 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:37:26.216608 2.996985 tcp 10.0.2.109 49415 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:37:35.212683 0.000000 tcp 10.0.2.109 49415 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:39:13.016713 3.000598 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 23:39:20.022947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:39:28.024707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:39:44.028518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:40:16.033306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:45:49.493945 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 23:45:49.494269 0.000000 udp 10.0.2.109 3683 -> 84.111.178.118 9246 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/22 23:46:07.751264 0.031594 tcp 10.0.2.109 49416 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:46:07.783148 0.032825 tcp 10.0.2.109 49417 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:46:07.816305 0.119172 tcp 10.0.2.109 49418 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:46:07.935973 0.255529 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:08.152862 0.299530 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:08.449021 0.071149 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:08.502742 0.303709 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:08.765751 0.172763 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:08.939847 0.134657 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:09.066793 0.055291 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:09.118965 0.346854 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 1955 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:09.474592 0.177544 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:09.640122 0.059024 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:09.682784 0.147981 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:09.822506 0.154593 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:09.935453 0.178474 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:11.234841 3.003830 tcp 10.0.2.109 49419 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:46:11.867351 0.081637 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:11.930837 0.055078 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:11.998263 0.364655 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:12.364884 0.150416 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:12.513513 0.354241 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:12.863678 0.122479 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:12.952175 0.178786 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:13.106949 0.183700 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:13.265475 0.711780 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:13.758452 0.185489 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:13.935982 0.150422 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:14.108012 0.304117 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/22 23:46:20.039593 3.001572 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 23:46:20.237201 0.000000 tcp 10.0.2.109 49419 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:46:26.236653 0.031713 tcp 10.0.2.109 49420 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:46:26.268664 0.032731 tcp 10.0.2.109 49421 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:46:26.301677 0.130784 tcp 10.0.2.109 49422 -> 195.113.214.249 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:46:26.441891 3.008634 tcp 10.0.2.109 49423 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:46:27.046978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:46:35.048427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:46:35.449018 0.000000 tcp 10.0.2.109 49423 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:46:51.051593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:47:23.059592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:51:41.439584 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 23:51:41.439773 2.993323 tcp 10.0.2.109 49424 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:51:50.432029 0.000000 tcp 10.0.2.109 49424 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:51:56.442544 0.053246 tcp 10.0.2.109 49425 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:51:56.496086 0.053821 tcp 10.0.2.109 49426 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:51:56.550335 0.146875 tcp 10.0.2.109 49427 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:51:56.708295 2.996786 tcp 10.0.2.109 49428 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:52:05.703894 0.000000 tcp 10.0.2.109 49428 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:56:29.065419 3.001542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/22 23:56:36.072534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:56:44.073872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:57:00.077136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:57:11.704089 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/22 23:57:11.704258 3.003892 tcp 10.0.2.109 49429 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:57:20.706650 0.000000 tcp 10.0.2.109 49429 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:57:26.707596 0.053931 tcp 10.0.2.109 49430 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:57:26.761881 0.055161 tcp 10.0.2.109 49431 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:57:26.817382 0.147696 tcp 10.0.2.109 49432 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/22 23:57:27.611648 3.009026 tcp 10.0.2.109 49433 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/22 23:57:32.083327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/22 23:57:36.619382 0.000000 tcp 10.0.2.109 49433 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:02:42.610726 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:02:42.610894 2.993079 tcp 10.0.2.109 49434 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:02:51.602549 0.000000 tcp 10.0.2.109 49434 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:02:57.612739 0.054254 tcp 10.0.2.109 49435 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:02:57.667289 0.057380 tcp 10.0.2.109 49436 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:02:57.724485 0.152946 tcp 10.0.2.109 49437 -> 195.113.214.249 443 SRPA* 0 0 24 12632 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:02:58.135545 3.000910 tcp 10.0.2.109 49438 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:03:07.134734 0.000000 tcp 10.0.2.109 49438 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:03:36.089652 3.001197 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 00:03:43.096634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:03:51.097891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:04:07.100980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:04:39.107144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:10:43.114104 3.000951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 00:10:50.120513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:10:58.121842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:11:14.125030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:11:46.131111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:16:38.131241 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:16:38.131384 0.073692 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2003 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:38.188391 0.817287 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:38.965290 0.170762 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:39.131507 0.157970 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:39.281702 0.243338 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:39.488002 0.224399 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1616 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:39.711887 0.049733 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:39.759127 0.350001 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:40.109406 0.174273 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:40.271965 0.059437 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:40.315213 0.139117 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:40.446849 0.142245 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:40.549641 0.244315 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:40.791434 0.075411 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:40.849016 0.057125 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:40.920060 0.347119 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:41.263054 0.122401 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:41.351776 0.353007 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:41.742890 0.150140 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:41.891308 0.174023 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:42.041132 0.183896 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:42.225842 0.950645 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:42.936756 0.184886 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:43.115019 0.150945 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:16:43.188794 2.993654 tcp 10.0.2.109 49439 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:16:43.298217 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:16:52.190920 0.000000 tcp 10.0.2.109 49439 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:16:58.191507 0.054181 tcp 10.0.2.109 49440 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:16:58.246095 0.055673 tcp 10.0.2.109 49441 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:16:58.302219 0.143233 tcp 10.0.2.109 49442 -> 195.113.214.249 443 SRPA* 0 0 40 33558 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:16:58.471056 2.993386 tcp 10.0.2.109 49443 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:16:59.321539 0.053119 tcp 10.0.2.109 49444 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:16:59.374938 0.055084 tcp 10.0.2.109 49445 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:16:59.430522 0.127334 tcp 10.0.2.109 49446 -> 195.113.214.249 443 SRPA* 0 0 30 21698 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:17:07.463249 0.000000 tcp 10.0.2.109 49443 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:17:52.139713 3.001780 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 00:17:59.147104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:18:07.148700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:18:23.151927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:18:55.157995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:22:13.473796 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:22:13.473957 3.003384 tcp 10.0.2.109 49447 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:22:22.476605 0.000000 tcp 10.0.2.109 49447 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:22:28.476829 0.052768 tcp 10.0.2.109 49448 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:22:28.529919 0.092104 tcp 10.0.2.109 49449 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:22:28.622342 0.145329 tcp 10.0.2.109 49450 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:22:28.872937 2.996432 tcp 10.0.2.109 49451 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:22:37.868146 0.000000 tcp 10.0.2.109 49451 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:24:59.164446 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 00:25:06.172583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:25:14.172835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:25:30.176079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:26:02.181868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:27:43.868312 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:27:43.868473 2.993915 tcp 10.0.2.109 49452 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:27:52.870709 0.000000 tcp 10.0.2.109 49452 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:27:58.871630 0.052026 tcp 10.0.2.109 49453 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:27:58.923952 0.053732 tcp 10.0.2.109 49454 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:27:58.977943 0.148012 tcp 10.0.2.109 49455 -> 195.113.214.249 443 SRPA* 0 0 21 10764 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:27:59.137316 2.997001 tcp 10.0.2.109 49456 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:28:08.132931 0.000000 tcp 10.0.2.109 49456 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 00:32:06.188589 3.001022 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 00:32:13.195429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:32:21.198688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:32:37.205154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:33:09.205810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:33:14.134174 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:33:14.134335 0.471190 tcp 10.0.2.109 49457 -> 176.73.169.112 1959 FSPA* 0 0 14 1587 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:39:13.211412 3.002370 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 00:39:20.219279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:39:28.220787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:39:44.224140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:40:16.229922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:46:20.235895 3.001499 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 00:46:27.243172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:46:35.247285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:46:51.247629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:47:01.142413 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:47:01.142621 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:47:16.436434 0.052828 tcp 10.0.2.109 49458 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:47:16.489553 0.055110 tcp 10.0.2.109 49459 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:47:16.544930 0.147240 tcp 10.0.2.109 49460 -> 195.113.214.249 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/02/23 00:47:16.692672 0.071851 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:16.745276 0.161767 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:16.853937 0.240712 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:17.060973 0.225528 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:17.736645 0.044879 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:17.779529 0.174974 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:17.951525 0.172567 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:18.426529 0.061477 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 1950 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:18.472156 0.139621 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:18.739758 0.153965 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2517 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:18.853388 0.172852 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:19.009942 0.354630 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:19.372050 0.138456 rtp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:19.578361 0.055258 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:19.707288 0.187393 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:19.892098 0.143654 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:20.000922 0.349434 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:21.341829 0.150767 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:21.490347 0.179188 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:21.647772 0.353081 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:22.011393 0.580684 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:22.472286 0.181642 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:22.638396 0.192848 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2609 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:22.823328 0.149694 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:22.984456 0.278695 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 8 3065 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:23.221054 0.448301 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 8 3250 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:23.254558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:47:23.634205 0.120866 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3189 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:23.739251 0.448634 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 8 3071 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:24.191571 0.098375 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 2914 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:24.288661 0.343307 udp 10.0.2.109 3683 <-> 173.175.42.129 4504 CON 0 0 8 3129 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:24.640478 0.111433 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 8 3146 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:24.733894 0.272859 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 8 2874 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:24.998597 0.252966 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 8 2970 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:25.212292 0.328691 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 8 3030 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:25.530695 0.314545 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3211 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:25.831957 0.703216 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 8 2751 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:26.536694 0.163629 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 8 3005 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:26.683608 0.107914 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3164 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:26.792931 0.344529 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 2953 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:27.133886 0.224488 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 8 3209 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:27.320390 0.299021 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 8 3190 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:27.618195 0.334052 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 8 3044 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:27.928589 0.704415 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 2986 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:28.629481 0.685161 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 2845 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:29.316208 0.336777 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 2902 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:29.630835 0.360762 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 2926 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:29.984249 0.298754 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 8 3109 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:30.279032 1.253370 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 8 3043 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:31.312258 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:47:37.469630 0.000000 udp 10.0.2.109 3683 -> 117.203.82.153 5681 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:47:45.606215 0.000000 udp 10.0.2.109 3683 -> 2.32.135.2 1961 INT 0 1 155 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:47:52.075453 0.000000 udp 10.0.2.109 3683 -> 216.168.95.138 4111 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:47:58.965271 0.821169 udp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 8 3139 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:47:59.865016 0.000000 udp 10.0.2.109 3683 -> 41.230.217.187 1135 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:48:03.902313 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:48:07.717845 0.710720 udp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 8 3101 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:48:08.448611 0.099106 udp 10.0.2.109 3683 <-> 84.130.223.170 8279 CON 0 0 8 2829 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:48:08.594303 0.000000 udp 10.0.2.109 3683 -> 64.72.187.96 5454 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:48:15.068460 0.000000 udp 10.0.2.109 3683 -> 182.52.85.26 8689 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:48:21.898050 0.000000 udp 10.0.2.109 3683 -> 181.48.72.249 5642 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:48:28.437534 0.000000 udp 10.0.2.109 3683 -> 61.195.130.230 3327 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:48:33.815406 0.000000 udp 10.0.2.109 3683 -> 122.176.95.235 9389 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:48:42.127460 0.000000 udp 10.0.2.109 3683 -> 125.236.235.7 5017 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:48:49.697962 0.000000 udp 10.0.2.109 3683 -> 146.231.136.149 4477 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:48:54.404774 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:48:57.479477 0.000000 udp 10.0.2.109 3683 -> 75.128.99.238 4066 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:49:04.048818 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:49:11.839913 0.000000 udp 10.0.2.109 3683 -> 204.235.114.66 5525 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:49:18.859738 0.000000 udp 10.0.2.109 3683 -> 92.236.35.175 9762 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:49:24.017343 0.000000 udp 10.0.2.109 3683 -> 79.181.111.242 9041 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:49:30.686761 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:49:38.347954 0.194740 rtp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 8 2990 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:49:38.510569 0.000000 udp 10.0.2.109 3683 -> 103.3.223.54 9534 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:49:42.904501 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:49:45.047660 0.337351 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 8 3036 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:49:45.404407 0.000000 udp 10.0.2.109 3683 -> 98.232.128.86 7636 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:49:50.425616 0.000000 udp 10.0.2.109 3683 -> 217.44.252.17 6622 INT 0 1 297 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:49:56.175251 0.000000 udp 10.0.2.109 3683 -> 92.97.91.183 9210 INT 0 1 126 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:50:02.512859 0.000000 udp 10.0.2.109 3683 -> 95.227.67.150 3581 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:50:08.581579 0.000000 udp 10.0.2.109 3683 -> 94.4.40.157 2938 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:50:14.600434 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:50:20.218511 0.120935 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 8 2863 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:50:20.397395 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:50:26.118581 0.000000 udp 10.0.2.109 3683 -> 82.104.63.151 9558 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:50:30.903657 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:50:34.418841 0.000000 udp 10.0.2.109 3683 -> 97.78.166.67 5622 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:50:41.088172 0.000000 udp 10.0.2.109 3683 -> 209.91.231.124 3548 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:50:47.297492 0.778299 rtp 10.0.2.109 3683 <-> 111.188.52.154 1236 CON 0 0 8 3153 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:50:48.071285 0.147771 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 8 3157 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:50:48.239620 0.000000 udp 10.0.2.109 3683 -> 220.189.251.66 9487 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:50:54.717968 0.000000 udp 10.0.2.109 3683 -> 113.140.7.42 7948 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:51:00.616642 0.000000 udp 10.0.2.109 3683 -> 66.15.102.33 9714 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:51:08.638238 0.341761 udp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 8 3002 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:51:08.996622 0.000000 udp 10.0.2.109 3683 -> 124.123.100.83 9109 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:51:15.257467 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:51:19.903858 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:51:21.736929 0.000000 udp 10.0.2.109 3683 -> 112.198.227.73 1036 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:51:30.169038 0.027078 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 8 3152 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:51:30.213710 0.000000 udp 10.0.2.109 3683 -> 175.197.136.148 8039 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:51:36.998922 0.392569 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 8 3278 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:51:37.416997 0.000000 udp 10.0.2.109 3683 -> 94.86.169.242 4073 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:51:44.079069 0.000000 udp 10.0.2.109 3683 -> 203.67.241.14 7182 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:51:49.977332 0.097587 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 8 2896 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:51:50.133104 0.350521 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 8 3056 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:51:50.502774 0.000000 udp 10.0.2.109 3683 -> 74.218.36.121 6319 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:51:59.170597 2.449119 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 8 2932 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:52:01.601265 0.000000 udp 10.0.2.109 3683 -> 139.0.111.74 9771 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:52:05.399194 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:52:06.801423 0.000000 udp 10.0.2.109 3683 -> 14.43.246.153 1024 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:52:14.592870 0.000000 udp 10.0.2.109 3683 -> 2.216.55.12 2456 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:52:20.060248 0.464572 udp 10.0.2.109 3683 <-> 69.230.179.206 7888 CON 0 0 8 2886 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:52:20.496233 0.000000 udp 10.0.2.109 3683 -> 82.84.214.10 1311 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:52:26.299555 0.238352 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 8 3136 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:52:26.519948 0.000000 udp 10.0.2.109 3683 -> 87.25.22.142 6980 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:52:33.775700 0.000000 udp 10.0.2.109 3683 -> 85.107.102.23 1661 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:52:42.222462 0.000000 udp 10.0.2.109 3683 -> 70.184.81.208 7263 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:52:51.195556 0.309274 udp 10.0.2.109 3683 -> 178.131.37.81 2977 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:52:51.504830 0.000000 icmp 178.131.37.81 0x0303 -> 10.0.2.109 0xa10b URP 192 1 169 flow=Background 1970/02/23 00:52:55.901820 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:52:56.733317 0.334986 udp 10.0.2.109 3683 <-> 173.174.73.38 3192 CON 0 0 8 3172 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:52:57.092794 0.000000 udp 10.0.2.109 3683 -> 171.101.75.64 9633 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:53:04.815020 0.000000 udp 10.0.2.109 3683 -> 123.243.244.215 3396 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:53:10.072732 0.755824 udp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 5 1764 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:53:10.825770 0.000000 udp 10.0.2.109 3683 -> 217.66.170.70 1042 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:53:19.216006 0.161962 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 8 2810 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:53:19.385975 0.000000 udp 10.0.2.109 3683 -> 196.210.127.125 8284 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:53:27.166962 0.000000 udp 10.0.2.109 3683 -> 118.20.177.159 3176 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:53:35.649403 0.000000 udp 10.0.2.109 3683 -> 95.137.185.131 7600 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:53:40.409907 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:53:44.622368 0.755499 udp 10.0.2.109 3683 <-> 121.6.112.247 8943 CON 0 0 8 3026 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:53:45.474867 0.000000 udp 10.0.2.109 3683 -> 87.7.230.100 1983 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:53:50.941042 0.195164 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 8 3216 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:53:51.152604 0.000000 udp 10.0.2.109 3683 -> 62.255.134.172 2255 INT 0 1 213 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:53:58.732669 0.109342 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 8 3082 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:53:58.868198 0.337019 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 8 3162 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:53:59.252442 0.000000 udp 10.0.2.109 3683 -> 171.100.83.140 2538 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:54:04.991481 0.374123 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 8 3260 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:54:05.410715 0.000000 udp 10.0.2.109 3683 -> 190.42.60.111 1042 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:54:14.194994 0.000000 udp 10.0.2.109 3683 -> 93.142.232.128 7229 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:54:22.186343 0.294744 udp 10.0.2.109 3683 -> 201.54.36.99 7056 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:54:22.481087 0.000000 icmp 201.54.32.253 0x000b -> 10.0.2.109 0x0000 TXD 192 1 300 flow=Background 1970/02/23 00:54:26.902765 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:54:27.744318 0.000000 udp 10.0.2.109 3683 -> 111.93.206.74 8360 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:54:36.286716 0.000000 udp 10.0.2.109 3683 -> 216.254.187.15 2849 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:54:45.279405 0.000000 udp 10.0.2.109 3683 -> 190.202.87.11 7115 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:54:53.981941 0.000000 udp 10.0.2.109 3683 -> 79.54.69.140 6478 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:55:00.721714 0.000000 udp 10.0.2.109 3683 -> 217.28.6.217 3591 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:55:05.999769 0.000000 udp 10.0.2.109 3683 -> 41.191.247.121 1047 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:55:13.370247 0.293739 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 8 2975 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:55:13.658652 0.000000 udp 10.0.2.109 3683 -> 108.58.148.238 7900 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:55:17.906499 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:55:18.666955 0.000000 udp 10.0.2.109 3683 -> 38.104.124.54 7222 INT 0 1 257 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:55:23.834764 0.473092 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 8 3069 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:55:24.350624 0.789930 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 2988 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:55:25.172125 0.441749 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 8 2962 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:55:25.711085 0.000000 udp 10.0.2.109 3683 -> 46.49.13.237 7937 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:55:32.867934 0.000000 udp 10.0.2.109 3683 -> 213.119.217.229 2383 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:55:39.227121 0.000000 udp 10.0.2.109 3683 -> 95.251.43.219 4482 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:55:47.391054 0.000000 udp 10.0.2.109 3683 -> 155.212.38.130 4264 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:55:55.560614 0.689393 udp 10.0.2.109 3683 <-> 75.255.162.40 4577 CON 0 0 8 2771 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:55:56.177412 0.000000 udp 10.0.2.109 3683 -> 82.26.118.84 6474 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:56:03.181407 0.000000 udp 10.0.2.109 3683 -> 110.143.119.178 8190 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:56:07.897701 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:56:09.580757 0.000000 udp 10.0.2.109 3683 -> 83.235.189.39 4719 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:56:17.461948 0.000000 udp 10.0.2.109 3683 -> 146.115.125.10 7816 INT 0 1 122 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:56:25.002877 0.000000 udp 10.0.2.109 3683 -> 173.239.187.42 3970 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:56:30.262984 3.005760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 00:56:33.698650 0.000000 udp 10.0.2.109 3683 -> 2.50.4.76 6505 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:56:37.270446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:56:40.976020 0.000000 udp 10.0.2.109 3683 -> 69.117.75.206 2235 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:56:45.271709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:56:46.033048 4.039106 udp 10.0.2.109 3683 <-> 115.240.42.97 1394 CON 0 0 8 2974 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:56:50.071685 0.000000 udp 10.0.2.109 3683 -> 50.160.179.116 4104 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:56:54.905254 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:56:58.791117 0.000000 udp 10.0.2.109 3683 -> 95.250.37.232 8483 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:57:01.275206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:57:07.523881 0.180636 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 8 3187 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:57:07.710802 0.000000 udp 10.0.2.109 3683 -> 85.236.236.177 5594 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:57:14.594086 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:57:19.681366 0.000000 udp 10.0.2.109 3683 -> 146.90.119.70 5476 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:57:25.028922 0.000000 udp 10.0.2.109 3683 -> 115.249.247.155 6199 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:57:32.970728 0.000000 udp 10.0.2.109 3683 -> 50.132.34.172 3934 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:57:33.280878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 00:57:41.843233 0.404409 udp 10.0.2.109 3683 -> 203.45.228.39 3401 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:57:42.247642 0.000000 icmp 203.45.228.39 0x0303 -> 10.0.2.109 0x490d URP 192 1 174 flow=Background 1970/02/23 00:57:46.399452 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 00:57:48.923425 0.000000 udp 10.0.2.109 3683 -> 82.49.101.18 3725 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:57:57.435963 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 9244 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:58:04.866505 0.000000 udp 10.0.2.109 3683 -> 176.92.149.248 6493 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:58:10.224448 0.000000 udp 10.0.2.109 3683 -> 74.90.230.252 1707 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:58:15.631945 0.120308 udp 10.0.2.109 3683 <-> 86.173.110.25 8833 CON 0 0 8 3134 flow=From-Botnet-V1-UDP-Established 1970/02/23 00:58:15.766622 0.000000 udp 10.0.2.109 3683 -> 65.194.222.20 3248 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 00:58:24.544617 0.000000 udp 10.0.2.109 3683 -> 108.252.199.115 2393 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 01:03:14.612087 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 01:03:14.612191 0.468532 tcp 10.0.2.109 49461 -> 176.73.169.112 1959 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:03:38.415528 3.059000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 01:03:45.686711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:03:53.951080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:04:09.765077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:04:41.394976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:10:44.621228 3.002160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 01:10:51.628672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:10:59.629954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:11:15.633189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:11:47.639307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:17:51.645869 3.000992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 01:17:58.652496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:18:06.653995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:18:22.656535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:18:54.663322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:24:58.670407 3.000353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 01:25:05.676691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:25:13.677900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:25:29.681104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:26:01.686802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:29:00.224118 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 01:29:00.224231 0.154398 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:00.335875 0.246669 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:00.547183 0.075486 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:00.604256 0.062804 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:00.650433 0.139468 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:00.781678 0.224800 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:01.005756 0.045305 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:01.048979 0.177063 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:01.214943 0.141750 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:01.321534 0.075293 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:01.379320 0.055707 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:01.450054 0.150734 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:01.598801 0.172098 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:01.748744 0.178510 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:01.923539 0.353254 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:02.294133 0.184869 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:02.470989 0.357311 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:02.842071 0.144645 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:02.988194 0.690691 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:03.559721 0.296997 udp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:03.827226 0.318593 udp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:04.147251 0.046241 udp 10.0.2.109 3683 <-> 84.130.223.170 8279 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:04.190036 0.000000 udp 10.0.2.109 3683 -> 69.230.179.206 7888 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 01:29:20.785274 0.053528 tcp 10.0.2.109 49462 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:29:20.839186 0.055260 tcp 10.0.2.109 49463 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:29:20.894720 0.225961 tcp 10.0.2.109 49464 -> 195.113.214.249 443 SRPA* 0 0 21 11560 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:29:21.121321 0.137285 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:21.218474 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 01:29:37.808662 0.053816 tcp 10.0.2.109 49465 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:29:37.862782 0.054335 tcp 10.0.2.109 49466 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:29:37.917368 0.157227 tcp 10.0.2.109 49467 -> 195.113.214.249 443 SRPA* 0 0 21 12224 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:29:38.075171 0.111168 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:38.147663 0.166103 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:38.990635 0.407831 udp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:39.349580 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 01:29:58.218331 0.053105 tcp 10.0.2.109 49468 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:29:58.271732 0.054615 tcp 10.0.2.109 49469 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:29:58.326670 0.154950 tcp 10.0.2.109 49470 -> 195.113.214.249 443 SRPA* 0 0 41 21968 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:29:58.482491 0.073985 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:29:58.565900 0.000000 udp 10.0.2.109 3683 -> 111.188.52.154 1236 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 01:30:15.041618 0.055309 tcp 10.0.2.109 49471 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:30:15.097328 0.054330 tcp 10.0.2.109 49472 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:30:15.151904 0.146177 tcp 10.0.2.109 49473 -> 195.113.214.249 443 SRPA* 0 0 22 10988 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:30:15.298610 0.075445 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:15.377295 0.000000 udp 10.0.2.109 3683 -> 121.6.112.247 8943 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 01:30:33.818834 0.054025 tcp 10.0.2.109 49474 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:30:33.873178 0.055787 tcp 10.0.2.109 49475 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:30:33.929273 0.153351 tcp 10.0.2.109 49476 -> 195.113.214.249 443 SRPA* 0 0 33 18798 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:30:34.083231 0.000000 udp 10.0.2.109 3683 -> 77.242.53.194 9893 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 01:30:50.232361 0.052912 tcp 10.0.2.109 49477 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:30:50.285531 0.054594 tcp 10.0.2.109 49478 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:30:50.340434 0.153884 tcp 10.0.2.109 49479 -> 195.113.214.249 443 SRPA* 0 0 42 22920 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:30:50.494738 0.170006 udp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:50.661010 0.056638 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:50.722692 0.175940 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 1999 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:50.879923 0.190524 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:51.067449 0.013445 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:51.103693 0.193361 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:51.293268 0.048120 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:51.342888 0.179524 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:51.514957 1.048688 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:52.529028 0.157339 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:52.669929 0.247264 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:52.921742 0.220727 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:30:53.152372 0.000000 udp 10.0.2.109 3683 -> 75.255.162.40 4577 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 01:31:10.742211 0.054860 tcp 10.0.2.109 49480 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:31:10.797365 0.053782 tcp 10.0.2.109 49481 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:31:10.851512 0.144500 tcp 10.0.2.109 49482 -> 195.113.214.249 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:31:10.996539 0.000000 udp 10.0.2.109 3683 -> 115.240.42.97 1394 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 01:31:26.815313 0.053260 tcp 10.0.2.109 49483 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:31:26.868796 0.055659 tcp 10.0.2.109 49484 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:31:26.924766 0.152682 tcp 10.0.2.109 49485 -> 195.113.214.249 443 SRPA* 0 0 21 10972 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:31:27.078250 0.103229 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:31:27.145974 0.067730 rtp 10.0.2.109 3683 <-> 86.173.110.25 8833 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/23 01:32:05.734544 3.000238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 01:32:12.740336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:32:20.742423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:32:36.745124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:33:08.751170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:33:15.320937 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 01:33:15.321106 0.494741 tcp 10.0.2.109 49486 -> 176.73.169.112 1959 FSPA* 0 0 15 1733 flow=From-Botnet-V1-TCP-Established 1970/02/23 01:39:12.757193 3.001616 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 01:39:19.764661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:39:27.765719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:39:43.768625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:40:15.775214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:46:19.781850 3.000898 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 01:46:26.787870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:46:34.789909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:46:50.793251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:47:22.799050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:56:30.810676 3.000658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 01:56:37.817033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:56:45.818558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:57:01.821768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 01:57:33.827113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:01:47.122030 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 02:01:47.122187 0.000000 udp 10.0.2.109 3683 -> 69.230.179.206 7888 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 02:02:05.700679 0.053681 tcp 10.0.2.109 49487 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:05.754762 0.054526 tcp 10.0.2.109 49488 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:05.809729 0.150743 tcp 10.0.2.109 49489 -> 195.113.214.249 443 SRPA* 0 0 35 17830 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:05.961391 0.000000 udp 10.0.2.109 3683 -> 173.174.73.38 3192 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 02:02:21.912414 0.053859 tcp 10.0.2.109 49490 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:21.966590 0.053686 tcp 10.0.2.109 49491 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:22.020646 0.148391 tcp 10.0.2.109 49492 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:22.169841 0.093509 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:02:22.244734 0.000000 udp 10.0.2.109 3683 -> 111.188.52.154 1236 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 02:02:40.319274 0.054055 tcp 10.0.2.109 49493 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:40.373117 0.056240 tcp 10.0.2.109 49494 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:40.429628 0.146977 tcp 10.0.2.109 49495 -> 195.113.214.249 443 SRPA* 0 0 41 21968 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:40.577389 0.401331 udp 10.0.2.109 3683 <-> 121.6.112.247 8943 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:02:40.958450 0.098478 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:02:41.232514 0.000000 udp 10.0.2.109 3683 -> 75.255.162.40 4577 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 02:02:58.164508 0.058196 tcp 10.0.2.109 49496 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:58.222991 0.054391 tcp 10.0.2.109 49497 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:58.277810 0.148879 tcp 10.0.2.109 49498 -> 195.113.214.249 443 SRPA* 0 0 41 20850 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:02:58.427332 0.000000 udp 10.0.2.109 3683 -> 115.240.42.97 1394 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 02:03:15.749520 0.053460 tcp 10.0.2.109 49499 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:15.803337 0.141190 tcp 10.0.2.109 49500 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:15.819455 0.536028 tcp 10.0.2.109 49501 -> 176.73.169.112 1959 FSPA* 0 0 14 1750 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:15.944825 0.151357 tcp 10.0.2.109 49502 -> 195.113.214.249 443 SRPA* 0 0 26 15546 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:16.096711 0.076731 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:16.150058 0.244267 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:16.359121 0.062760 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:16.432285 0.148605 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:16.572869 0.330854 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:16.861124 0.182773 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:17.041065 0.224118 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:17.263016 0.057964 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:17.312828 0.178494 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:17.466846 0.175701 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:17.631587 0.143776 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:17.736546 0.115200 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 5 2266 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:34.828307 0.052572 tcp 10.0.2.109 49503 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:34.881209 0.054515 tcp 10.0.2.109 49504 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:34.935763 0.156384 tcp 10.0.2.109 49505 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:35.092690 0.055308 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:35.171639 0.150581 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:35.320039 0.188991 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:35.501228 0.329924 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:35.856657 0.347433 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:36.200103 0.152220 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:36.456546 0.319391 udp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 2 469 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:36.776359 0.559805 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:37.236346 0.051310 udp 10.0.2.109 3683 <-> 84.130.223.170 8279 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:37.298257 0.339203 udp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:37.638841 0.141548 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:37.739037 0.113438 rtp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:37.835472 3.000664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 02:03:37.845253 0.168912 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:38.038907 0.409237 udp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:38.404567 0.067688 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:38.458765 0.073384 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:38.547674 0.057738 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:38.607068 0.180106 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:38.765268 0.175305 udp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:38.937103 0.048367 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:38.988071 0.181071 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:39.158581 0.193039 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:39.348218 0.013543 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:39.386573 0.189571 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:39.573028 0.156517 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:39.713745 0.246894 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:40.024074 1.555828 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:41.544588 0.000000 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 02:03:44.841114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:03:52.842595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:03:57.820640 0.054663 tcp 10.0.2.109 49506 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:57.875578 0.056020 tcp 10.0.2.109 49507 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:57.931515 0.145179 tcp 10.0.2.109 49508 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:03:58.077267 0.103219 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:03:58.147093 0.063723 rtp 10.0.2.109 3683 <-> 86.173.110.25 8833 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:04:08.845429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:04:40.851567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:10:44.857851 3.000951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 02:10:51.864990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:10:59.866303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:11:15.869565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:11:47.875752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:17:51.881761 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 02:17:58.889029 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:18:06.890012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:18:22.893410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:18:54.899471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:24:58.906637 3.000617 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 02:25:05.912987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:25:13.914449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:25:29.917782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:26:01.923558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:32:05.930792 2.999742 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 02:32:12.937089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:32:20.937962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:32:36.941259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:33:08.947627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:33:16.358516 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 02:33:16.358614 0.504388 tcp 10.0.2.109 49509 -> 176.73.169.112 1959 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:34:10.695811 0.075799 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:10.754895 0.225632 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 02:34:10.980527 0.000000 icmp 139.142.70.178 0x0303 -> 10.0.2.109 0x6807 URP 192 1 296 flow=Background 1970/02/23 02:34:15.653441 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 02:34:25.959869 0.055332 tcp 10.0.2.109 49510 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:34:26.015629 0.055781 tcp 10.0.2.109 49511 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:34:26.071855 0.151441 tcp 10.0.2.109 49512 -> 195.113.214.249 443 SRPA* 0 0 41 21646 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:34:26.223952 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 02:34:42.602773 0.057860 tcp 10.0.2.109 49513 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:34:42.660979 0.054382 tcp 10.0.2.109 49514 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:34:42.715658 0.148413 tcp 10.0.2.109 49515 -> 195.113.214.249 443 SRPA* 0 0 24 14054 flow=From-Botnet-V1-TCP-Established 1970/02/23 02:34:42.864678 0.097722 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:42.965407 0.425254 rtp 10.0.2.109 3683 <-> 121.6.112.247 8943 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:43.370627 0.074386 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:43.426831 0.062134 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:43.479427 0.245439 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:43.689080 0.147714 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:43.828851 0.091998 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:43.917251 0.128084 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2084 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:44.005672 0.180972 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:44.182534 0.224587 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:44.406833 0.180541 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:44.563452 0.177089 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:44.729354 0.158963 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:44.849327 0.054513 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:44.905531 0.364254 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:45.283569 0.353886 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:45.633310 0.190487 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:45.816247 0.150877 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:45.965291 0.590866 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:46.456649 0.052260 udp 10.0.2.109 3683 <-> 84.130.223.170 8279 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:46.505019 0.150870 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:46.654445 0.427441 udp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 2 487 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:47.082506 0.106208 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:47.148967 0.168438 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:47.325847 0.331551 udp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:47.658751 0.522518 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:48.140936 0.075272 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:48.228591 0.408377 udp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:48.595470 0.177269 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:48.753008 0.176664 udp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:48.925400 0.397411 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:49.331123 0.180354 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:49.503265 0.058244 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:49.583863 0.071759 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:49.681327 0.155431 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:49.820745 0.246798 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:50.084205 0.200335 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:50.281716 0.014140 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:50.322010 0.202111 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:50.520832 0.606815 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:51.091625 0.102884 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:34:51.199448 0.066207 rtp 10.0.2.109 3683 <-> 86.173.110.25 8833 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/23 02:39:12.954240 3.000809 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 02:39:19.960481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:39:27.962461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:39:43.965434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:40:15.973600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:46:19.977191 3.001786 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 02:46:26.984653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:46:34.986468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:46:50.989046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:47:22.995376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:56:33.009240 3.001489 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 02:56:40.016783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:56:48.018524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:57:04.021109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 02:57:36.026876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:03:16.867220 0.000218 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 03:03:16.867554 0.581458 tcp 10.0.2.109 49516 -> 176.73.169.112 1959 FSPA* 0 0 15 1602 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:03:40.034600 3.000226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 03:03:47.040520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:03:55.041634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:04:11.045247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:04:43.050605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:04:58.232723 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 03:04:58.232889 0.097315 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:04:58.311494 0.074825 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:04:58.367815 0.097937 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:04:58.477210 0.411902 rtp 10.0.2.109 3683 <-> 121.6.112.247 8943 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:04:58.868286 0.073023 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:04:58.924484 0.058700 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:04:58.982730 0.255921 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:04:59.203710 0.157446 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:04:59.353132 0.056733 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:04:59.593563 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 03:05:15.099188 0.053481 tcp 10.0.2.109 49517 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:05:15.152966 0.056955 tcp 10.0.2.109 49518 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:05:15.210400 0.165540 tcp 10.0.2.109 49519 -> 195.113.214.249 443 SRPA* 0 0 42 21682 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:05:15.376494 0.208529 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:15.580667 0.224143 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:15.802531 0.171946 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:15.952497 0.170286 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:16.112577 0.139702 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:16.212618 0.054741 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:16.282460 0.183474 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:16.458725 0.346265 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:16.814842 0.348268 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:17.063717 0.060861 udp 10.0.2.109 3683 <- 79.236.156.198 8699 RSP 0 0 5 2048 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 03:05:17.159311 0.150390 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:17.308111 0.687957 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:17.755313 0.046742 udp 10.0.2.109 3683 <-> 84.130.223.170 8279 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:17.798265 0.151074 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:17.950536 0.160983 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:18.113356 0.339092 udp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:18.462064 0.287188 rtp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:18.719751 0.113576 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:18.888417 0.526773 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:19.377047 0.075213 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:19.454084 0.905516 udp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:20.325901 0.177385 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:20.483526 0.170222 udp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:20.650754 0.243454 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:20.903219 0.175734 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:21.069252 0.056551 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:21.128027 0.071437 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:21.209862 0.155132 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:21.348788 0.013641 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:21.372309 0.194118 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:21.564580 0.315533 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:21.860399 0.198900 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:22.056254 0.064945 udp 10.0.2.109 3683 <-> 86.173.110.25 8833 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:22.763796 0.380136 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:05:23.108063 0.100401 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:10:47.056148 3.002353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 03:10:54.064370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:11:02.065824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:11:18.068670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:11:50.074754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:17:54.080583 3.001651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 03:18:01.088269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:18:09.089511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:18:25.092681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:18:57.098670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:25:01.104569 3.002128 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 03:25:08.118584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:25:16.113724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:25:32.116502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:26:04.123597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:32:08.129970 3.000366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 03:32:15.136038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:32:23.137562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:32:39.140619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:33:11.146580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:33:17.456083 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 03:33:17.456285 0.454502 tcp 10.0.2.109 49520 -> 176.73.169.112 1959 FSPA* 0 0 14 1639 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:35:32.700944 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 03:35:32.701099 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 03:35:48.635041 0.056192 tcp 10.0.2.109 49521 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:35:48.691559 0.055613 tcp 10.0.2.109 49522 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:35:48.747516 0.145874 tcp 10.0.2.109 49523 -> 195.113.214.249 443 SRPA* 0 0 64 49098 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:35:48.894458 0.000000 udp 10.0.2.109 3683 -> 77.242.53.194 9893 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 03:36:07.761153 0.056042 tcp 10.0.2.109 49524 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:36:07.817483 0.055846 tcp 10.0.2.109 49525 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:36:07.873617 0.145733 tcp 10.0.2.109 49526 -> 195.113.214.249 443 SRPA* 0 0 22 11026 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:36:08.019845 0.000000 udp 10.0.2.109 3683 -> 121.6.112.247 8943 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 03:36:26.113393 0.053961 tcp 10.0.2.109 49527 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:36:26.167753 0.057184 tcp 10.0.2.109 49528 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:36:26.225275 0.148715 tcp 10.0.2.109 49529 -> 195.113.214.249 443 SRPA* 0 0 61 60198 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:36:26.374785 0.069592 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:26.429038 0.259144 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:26.667778 0.082850 udp 10.0.2.109 3683 <-> 81.133.36.147 7814 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:26.730586 0.146648 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:26.869326 0.052360 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:26.918647 0.060699 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:26.961455 0.241747 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:27.167696 0.178571 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:27.343194 0.225031 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:27.567189 0.170526 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:27.727236 0.132143 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:27.820666 0.055372 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:27.885169 0.184155 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:28.061910 0.361842 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:28.439830 0.177448 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:28.594615 0.352364 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:28.943046 0.150216 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:29.091913 0.730058 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:29.582384 0.000000 udp 10.0.2.109 3683 -> 84.130.223.170 8279 INT 0 1 105 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 03:36:46.016504 0.001467 tcp 10.0.2.109 49530 -> 195.113.214.234 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:36:52.020708 0.000364 tcp 10.0.2.109 49530 -> 195.113.214.234 80 RA_F* 0 0 4 1361 flow=From-Botnet-V1-TCP-Established 1970/02/23 03:36:52.021479 0.142592 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:52.162694 0.412294 rtp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:52.548609 0.114667 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:52.619759 0.170740 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:52.785973 0.335108 rtp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:53.147424 0.139729 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:53.248381 0.074453 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:53.331731 0.177591 rtp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:53.505840 0.049069 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:53.564379 0.413495 udp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:53.935710 0.177869 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:54.093104 0.179921 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:54.265944 0.056391 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:54.323866 0.070200 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:54.381794 0.184023 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:54.549253 0.013795 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:54.586366 0.183277 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:54.767422 0.244280 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:55.031702 0.190837 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:55.219849 0.069739 udp 10.0.2.109 3683 <-> 86.173.110.25 8833 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:55.274186 0.172468 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:36:55.410260 0.100995 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/23 03:39:15.154056 3.000409 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 03:39:22.160288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:39:30.161566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:39:46.164613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:40:18.170712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:46:22.176776 3.001382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 03:46:29.184333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:46:37.185516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:46:53.188761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:47:25.194482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:56:29.210342 3.000452 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 03:56:36.216679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:56:44.218061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:57:00.221331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 03:57:32.227206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:03:17.914955 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 04:03:17.915071 0.446126 tcp 10.0.2.109 49531 -> 176.73.169.112 1959 FSPA* 0 0 14 1745 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:03:36.234386 3.000716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 04:03:43.240732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:03:51.242322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:04:07.245052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:04:39.251120 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:07:19.121456 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 04:07:19.121577 0.097847 rtp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:07:19.220814 0.000000 udp 10.0.2.109 3683 -> 121.6.112.247 8943 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 04:07:35.366810 0.056408 tcp 10.0.2.109 49532 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:07:35.423634 0.056010 tcp 10.0.2.109 49533 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:07:35.480054 0.149979 tcp 10.0.2.109 49534 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:07:35.630979 0.000000 udp 10.0.2.109 3683 -> 84.130.223.170 8279 INT 0 1 249 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 04:07:53.241329 0.053654 tcp 10.0.2.109 49535 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:07:53.295249 0.084145 tcp 10.0.2.109 49536 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:07:53.379718 0.146005 tcp 10.0.2.109 49537 -> 195.113.214.249 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:07:53.526531 0.156656 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:07:53.675156 0.050686 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:07:53.723258 0.072683 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:07:53.779961 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 04:08:11.737707 0.055597 tcp 10.0.2.109 49538 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:08:11.793606 0.057016 tcp 10.0.2.109 49539 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:08:11.850966 0.145933 tcp 10.0.2.109 49540 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:08:11.997659 0.000000 udp 10.0.2.109 3683 -> 81.133.36.147 7814 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 04:08:28.050900 0.052966 tcp 10.0.2.109 49541 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:08:28.104110 0.060525 tcp 10.0.2.109 49542 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:08:28.164955 0.147968 tcp 10.0.2.109 49543 -> 195.113.214.249 443 SRPA* 0 0 42 21700 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:08:28.313661 0.179287 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2018 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:28.490328 0.246602 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:28.701757 0.062348 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:28.747473 0.172635 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:28.908612 0.142956 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:29.011810 0.055318 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:29.068748 0.233661 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:29.300455 0.354354 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:29.651208 0.362011 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:30.014471 0.189622 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:30.197177 0.178532 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:30.353289 0.151073 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:30.502636 0.983727 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:31.247133 0.150455 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:31.398070 0.472517 udp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 5 1751 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:31.850727 0.114737 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:31.925966 0.168555 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:32.095580 0.085252 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:32.187208 0.172980 rtp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:32.357192 0.048234 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:32.424362 0.440935 rtp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:32.819229 0.360176 rtp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:33.188928 0.175177 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:33.323860 0.174817 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:33.476012 0.179068 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 1993 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:33.646394 0.057729 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:33.712607 0.071721 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:33.766776 0.157341 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:33.908083 0.013473 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:33.965856 0.194471 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:34.157536 0.066914 udp 10.0.2.109 3683 <-> 86.173.110.25 8833 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:34.209326 0.486753 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:34.659793 0.101676 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:34.728838 0.250686 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:08:34.959644 0.197133 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:10:43.258620 3.000490 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 04:10:50.264566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:10:58.266625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:11:14.269113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:11:46.278623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:17:50.281618 3.001399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 04:17:57.288728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:18:05.290482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:18:21.293196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:18:53.299254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:24:57.305619 3.001348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 04:25:04.312735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:25:12.314385 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:25:28.317243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:26:00.323244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:32:04.331403 2.999428 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 04:32:11.336631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:32:19.338221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:32:35.344113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:33:07.347068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:33:18.363373 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 04:33:18.363551 0.628443 tcp 10.0.2.109 49544 -> 176.73.169.112 1959 FSPA* 0 0 15 1718 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:38:50.491192 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 04:38:50.491402 0.166461 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:38:50.640067 0.000000 udp 10.0.2.109 3683 -> 81.133.36.147 7814 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 04:39:07.166342 0.054889 tcp 10.0.2.109 49545 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:39:07.221526 0.055399 tcp 10.0.2.109 49546 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:39:07.277242 0.151116 tcp 10.0.2.109 49547 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:39:07.428923 0.000000 udp 10.0.2.109 3683 -> 77.242.53.194 9893 INT 0 1 100 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 04:39:11.354054 3.000835 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 04:39:18.360660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:39:25.631184 0.054253 tcp 10.0.2.109 49548 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:39:25.685801 0.055529 tcp 10.0.2.109 49549 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:39:25.741597 0.144746 tcp 10.0.2.109 49550 -> 195.113.214.249 443 SRPA* 0 0 21 13058 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:39:25.886883 0.046703 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:25.930304 0.144279 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:26.066251 0.072560 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:26.121274 0.263270 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2546 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:26.362085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:39:26.375562 0.242127 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:26.582963 0.062695 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:26.630235 0.172042 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:26.790970 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 04:39:42.365071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:39:44.728593 0.053365 tcp 10.0.2.109 49551 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:39:44.782181 0.055295 tcp 10.0.2.109 49552 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:39:44.837779 0.152284 tcp 10.0.2.109 49553 -> 195.113.214.249 443 SRPA* 0 0 39 32422 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:39:44.991133 0.354024 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:45.368365 0.142269 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:45.473060 0.055867 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:45.539733 0.179720 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:45.697573 0.150141 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:45.845987 0.369485 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:46.218933 0.183331 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:46.395411 0.583928 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:46.858816 0.144579 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:47.004986 0.315788 udp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:47.295107 0.113363 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:47.369705 0.177044 udp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:47.543745 0.048519 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:47.613261 0.560578 rtp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:48.140906 0.167873 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:48.309992 0.073653 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:48.400139 0.355566 rtp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:48.779102 0.135613 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:48.876376 0.176935 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:49.032673 0.181126 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:49.205242 0.063273 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:49.285091 0.075088 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:49.359531 0.159420 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:49.503282 0.013573 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:49.523702 0.245710 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:49.738566 0.100476 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:49.807849 0.246383 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:50.085607 0.189431 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:39:50.272351 0.000000 udp 10.0.2.109 3683 -> 86.173.110.25 8833 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 04:40:06.150010 0.054458 tcp 10.0.2.109 49554 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:40:06.204838 0.055618 tcp 10.0.2.109 49555 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:40:06.260825 0.151172 tcp 10.0.2.109 49556 -> 195.113.214.249 443 SRPA* 0 0 42 22022 flow=From-Botnet-V1-TCP-Established 1970/02/23 04:40:06.412568 0.198631 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/23 04:40:14.371179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:46:18.378694 3.000069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 04:46:25.384727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:46:33.385801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:46:49.388997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:47:21.395067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:56:28.403652 3.002288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 04:56:35.411468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:56:43.417432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:56:59.416001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 04:57:31.421876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:03:18.993421 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 05:03:18.993557 0.466486 tcp 10.0.2.109 49557 -> 176.73.169.112 1959 FSPA* 0 0 15 1633 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:03:35.428014 3.001914 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 05:03:42.435816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:03:50.437128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:04:06.440054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:04:38.445931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:10:36.581355 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 05:10:36.581546 0.097873 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:10:36.710778 0.262325 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:10:36.971900 0.000000 udp 10.0.2.109 3683 -> 86.173.110.25 8833 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 05:10:42.452159 3.001901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 05:10:49.459508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:10:54.348515 0.054818 tcp 10.0.2.109 49558 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:10:54.403650 0.057107 tcp 10.0.2.109 49559 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:10:54.461105 0.146095 tcp 10.0.2.109 49560 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:10:54.607452 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 05:10:57.461142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:11:11.603692 0.053112 tcp 10.0.2.109 49561 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:11:11.657134 0.056359 tcp 10.0.2.109 49562 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:11:11.713745 0.148192 tcp 10.0.2.109 49563 -> 195.113.214.249 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:11:11.862839 0.057336 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:12.163113 0.176512 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:12.336170 0.254578 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:12.557296 0.059819 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:12.622881 0.169536 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:12.781220 0.155325 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:12.928392 0.073452 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:12.980677 0.346936 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:13.323384 0.177334 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:13.464943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:11:13.476684 0.150289 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:13.625194 0.055624 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:13.690044 0.138419 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:13.791964 0.567292 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:14.219149 0.390526 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:14.611238 0.186766 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:14.789124 0.106240 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:14.856991 0.806355 udp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:15.660556 0.047982 rtp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:15.786527 0.283519 udp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:16.039971 0.149734 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:16.185495 0.073228 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:16.264692 0.359702 udp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:16.631827 0.136105 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:16.728684 0.441674 rtp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:17.128758 0.168106 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:17.345302 0.178307 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:17.504165 0.072993 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:17.601741 0.156766 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:17.742548 0.013742 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:17.768342 0.223010 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:17.955614 0.104173 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:18.027066 0.056880 rtp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:18.085331 0.180856 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:18.259061 0.189074 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:18.445431 0.241251 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:18.669761 0.197369 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:11:45.470038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:17:49.475430 3.002401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 05:17:56.483367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:18:04.485177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:18:20.487948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:18:52.493926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:24:56.500351 3.001116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 05:25:03.507482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:25:11.508953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:25:27.511888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:25:59.517837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:32:03.524099 3.001706 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 05:32:10.531279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:32:18.533039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:32:34.535834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:33:06.541973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:33:19.460962 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 05:33:19.461111 0.561950 tcp 10.0.2.109 49564 -> 176.73.169.112 1959 FSPA* 0 0 14 1525 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:39:10.548624 3.006546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 05:39:17.555815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:39:25.556571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:39:41.559644 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:40:13.566313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:41:46.319781 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 05:41:46.319953 0.095030 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:46.394707 0.097760 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:46.520348 0.429674 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:46.948025 0.050210 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:46.996390 0.179780 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:47.173124 0.240936 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:47.380295 0.060964 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:47.423493 0.170567 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:47.583545 0.161731 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:47.737470 0.073737 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:47.793086 0.347205 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:48.136409 0.176762 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:48.289992 0.150855 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:48.438680 0.056380 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2008 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:48.507555 0.166832 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:48.639947 0.181708 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:48.831786 0.115080 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:49.057198 0.577107 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:49.514470 0.353274 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:49.883076 0.176786 udp 10.0.2.109 3683 <-> 99.18.5.207 2962 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:50.057220 0.049063 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:50.108437 0.073724 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:50.183542 0.350247 udp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:50.551141 0.137078 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:41:50.651681 0.399876 udp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 5 2116 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:05.728562 0.054686 tcp 10.0.2.109 49565 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:42:05.783641 0.059160 tcp 10.0.2.109 49566 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:42:05.843117 0.143431 tcp 10.0.2.109 49567 -> 195.113.214.249 443 SRPA* 0 0 41 34238 flow=From-Botnet-V1-TCP-Established 1970/02/23 05:42:05.987529 0.157987 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:06.148317 0.439308 rtp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:06.537492 0.163276 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:06.710384 0.172614 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:06.864406 0.071703 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:06.916842 0.153960 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:07.055016 0.013560 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:07.088548 0.172173 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2597 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:07.223738 0.180526 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:07.397270 0.188456 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:07.583219 0.241375 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:07.825145 0.198618 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:08.019861 0.101887 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:42:08.097882 0.054582 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/23 05:46:17.571600 3.002298 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 05:46:24.579241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:46:32.580948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:46:48.583685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:47:20.589775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:56:28.600569 3.001689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 05:56:35.607771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:56:43.609207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:56:59.612758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 05:57:31.619060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:03:20.029730 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 06:03:20.029824 0.914087 tcp 10.0.2.109 49568 -> 176.73.169.112 1959 FSPA* 0 0 14 1595 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:03:35.624536 3.001471 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 06:03:42.631857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:03:50.633329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:04:06.636473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:04:38.641975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:10:42.658514 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 06:10:49.665824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:10:57.666991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:11:13.670365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:11:45.676478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:12:30.931582 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 06:12:30.931732 0.411214 udp 10.0.2.109 3683 <-> 115.239.27.21 9348 CON 0 0 4 1527 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:12:49.360027 0.053734 tcp 10.0.2.109 49569 -> 195.113.214.234 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:12:49.414086 0.056673 tcp 10.0.2.109 49570 -> 195.113.214.249 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:12:49.471111 0.150152 tcp 10.0.2.109 49571 -> 195.113.214.249 443 SRPA* 0 0 41 22029 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:12:49.621599 0.248985 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:12:49.882805 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 06:13:07.654831 0.053063 tcp 10.0.2.109 49572 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:13:07.708155 0.059581 tcp 10.0.2.109 49573 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:13:07.768095 0.144849 tcp 10.0.2.109 49574 -> 195.113.214.249 443 SRPA* 0 0 40 20758 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:13:07.913577 0.000000 udp 10.0.2.109 3683 -> 77.242.53.194 9893 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 06:13:23.637875 0.053721 tcp 10.0.2.109 49575 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:13:23.692010 0.054368 tcp 10.0.2.109 49576 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:13:23.746680 0.144705 tcp 10.0.2.109 49577 -> 195.113.214.249 443 SRPA* 0 0 19 10030 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:13:23.892608 0.172640 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:24.061255 0.243509 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:24.267576 0.060552 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:24.354990 0.172565 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:24.515035 0.159377 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:24.667287 0.070082 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:24.719416 0.063769 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:24.784026 0.358021 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:25.138616 0.055352 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:25.228342 0.166058 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:25.354636 0.186875 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:25.528146 0.150721 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:25.700541 0.176051 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:25.853761 0.675827 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:26.329758 0.355795 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:26.695472 0.112207 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:26.771129 0.366191 udp 10.0.2.109 3683 <-> 218.145.118.22 9278 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:27.138628 0.133538 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:27.233794 0.049977 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 1972 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:27.297271 0.000000 udp 10.0.2.109 3683 -> 99.18.5.207 2962 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 06:13:45.819534 0.052952 tcp 10.0.2.109 49578 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:13:45.872768 0.057875 tcp 10.0.2.109 49579 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:13:45.931111 0.141769 tcp 10.0.2.109 49580 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:13:46.073537 0.069189 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:46.154668 0.447370 udp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:46.551148 0.168174 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:46.720714 0.178893 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:46.877149 0.073848 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:46.934640 0.144863 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:47.100239 0.157676 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:47.241382 0.013389 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:47.277478 0.484066 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:47.726989 0.178892 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:47.898810 0.189586 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:48.085634 0.251935 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:48.317535 0.056614 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:48.375246 0.197799 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:13:48.569993 0.101916 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:17:49.682776 3.001167 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 06:17:56.689683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:18:04.691161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:18:20.694478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:18:52.700224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:24:56.706604 3.001322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 06:25:03.713771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:25:11.714840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:25:27.718512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:25:59.724455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:32:03.730032 3.001926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 06:32:10.738879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:32:18.738972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:32:34.742272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:33:06.748166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:33:20.949187 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 06:33:20.949302 0.506286 tcp 10.0.2.109 49581 -> 176.73.169.112 1959 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:39:10.754649 3.001332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 06:39:17.767125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:39:25.762971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:39:41.766288 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:40:13.772745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:44:12.215590 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 06:44:12.215724 0.097987 rtp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:12.315588 0.259113 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:12.554966 0.000000 udp 10.0.2.109 3683 -> 99.18.5.207 2962 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 06:44:27.739240 0.053548 tcp 10.0.2.109 49582 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:44:27.793150 0.055682 tcp 10.0.2.109 49583 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:44:27.849108 0.150185 tcp 10.0.2.109 49584 -> 195.113.214.249 443 SRPA* 0 0 45 29750 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:44:28.000057 0.227159 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:28.225189 0.059838 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:28.332128 0.177899 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:28.498045 0.159474 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:28.721862 0.070926 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:28.777814 0.046000 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:28.934631 0.177713 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:29.108241 0.256120 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:29.326769 0.149747 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:30.971944 0.176738 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:31.141685 0.150702 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:31.290657 0.176763 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:31.445175 0.057042 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2567 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:31.527130 0.353743 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:31.876711 0.111803 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:31.947280 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 06:44:50.270450 0.053259 tcp 10.0.2.109 49585 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:44:50.324086 0.062714 tcp 10.0.2.109 49586 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:44:50.387145 0.153117 tcp 10.0.2.109 49587 -> 195.113.214.249 443 SRPA* 0 0 38 31192 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:44:50.541044 0.730902 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:51.052690 0.141951 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:44:51.155249 0.000000 udp 10.0.2.109 3683 -> 218.145.118.22 9278 INT 0 1 111 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 06:45:09.418244 0.052381 tcp 10.0.2.109 49588 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:45:09.470959 0.055692 tcp 10.0.2.109 49589 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:45:09.526993 0.153732 tcp 10.0.2.109 49590 -> 195.113.214.249 443 SRPA* 0 0 35 17664 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:45:09.679712 0.048065 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:09.740375 0.170428 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:09.906903 0.178334 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:10.064835 0.072779 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:10.145069 0.073440 rtp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:10.219869 0.805009 udp 10.0.2.109 3683 <-> 59.115.53.102 2346 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:10.990877 0.152341 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:11.138852 0.157147 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:11.280016 0.013779 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:11.318054 0.354703 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:11.638731 0.181520 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:11.811111 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 06:45:30.718255 0.053361 tcp 10.0.2.109 49591 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:45:30.771952 0.056360 tcp 10.0.2.109 49592 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:45:30.828639 0.150132 tcp 10.0.2.109 49593 -> 195.113.214.249 443 SRPA* 0 0 20 11544 flow=From-Botnet-V1-TCP-Established 1970/02/23 06:45:30.979265 0.197922 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:31.174480 0.105701 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:31.245552 0.189527 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:45:31.431957 0.242327 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/23 06:46:17.778876 3.001256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 06:46:24.785825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:46:32.787241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:46:48.789871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:47:20.796131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:56:28.808539 3.000075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 06:56:35.814318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:56:43.815253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:56:59.818803 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 06:57:31.824741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:03:21.457851 0.000218 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 07:03:21.458180 0.491000 tcp 10.0.2.109 49594 -> 176.73.169.112 1959 FSPA* 0 0 14 1701 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:03:35.831188 3.001350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 07:03:42.838406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:03:50.839702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:04:06.842015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:04:38.848725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:10:42.854539 3.002146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 07:10:49.862203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:10:57.863602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:11:13.866759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:11:45.872797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:15:36.955099 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 07:15:36.955215 0.345886 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:15:37.299825 0.000000 udp 10.0.2.109 3683 -> 218.145.118.22 9278 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 07:15:55.202981 2.292547 tcp 10.0.2.109 49595 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:15:57.495834 0.055841 tcp 10.0.2.109 49596 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:15:57.552021 0.155666 tcp 10.0.2.109 49597 -> 195.113.214.249 443 SRPA* 0 0 35 18828 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:15:57.708455 0.057009 rtp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:15:57.773344 0.098578 rtp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:15:57.887808 0.205450 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:15:58.117649 0.156338 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:15:58.528345 0.070436 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:15:58.580307 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 07:16:16.182963 0.052796 tcp 10.0.2.109 49598 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:16:16.236039 0.057186 tcp 10.0.2.109 49599 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:16:16.293504 0.162376 tcp 10.0.2.109 49600 -> 195.113.214.249 443 SRPA* 0 0 41 21968 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:16:16.456650 0.059912 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:16.499604 0.224382 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:16.782767 0.174087 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:16.945837 0.173964 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:17.116838 0.248022 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:17.328871 0.151686 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:17.476959 0.353980 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:17.826794 0.111801 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:17.896084 0.054149 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:17.960945 0.150525 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:18.109857 0.178796 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:18.266671 0.192309 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:18.451796 0.141142 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:18.589255 0.555954 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:19.026023 0.048886 rtp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:19.074866 0.170349 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:19.765673 0.174849 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:19.920875 0.072588 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:20.056935 0.073421 udp 10.0.2.109 3683 <-> 46.72.160.4 6799 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:20.170520 0.000000 udp 10.0.2.109 3683 -> 59.115.53.102 2346 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 07:16:36.339094 0.054704 tcp 10.0.2.109 49601 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:16:36.394048 0.054980 tcp 10.0.2.109 49602 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:16:36.449324 0.156727 tcp 10.0.2.109 49603 -> 195.113.214.249 443 SRPA* 0 0 43 37870 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:16:36.607103 0.160987 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:36.748208 0.013281 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:36.780076 0.243178 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:36.986834 0.182853 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:37.161458 0.153301 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:37.310448 0.183490 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:37.490719 0.252301 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:37.724533 0.197642 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:16:37.918486 0.101166 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:17:50.708679 2.958243 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 07:17:57.629525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:18:05.532094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:18:21.334989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:18:52.948701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:24:56.901893 3.002002 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 07:25:03.910096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:25:11.911489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:25:27.914506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:25:59.920103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:32:03.926546 3.001075 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 07:32:10.934050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:32:18.935715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:32:34.938573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:33:06.944384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:33:21.956435 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 07:33:21.956548 0.741271 tcp 10.0.2.109 49604 -> 176.73.169.112 1959 FSPA* 0 0 14 1541 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:39:10.950645 3.002195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 07:39:17.957760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:39:25.959529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:39:41.962674 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:40:13.973325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:46:17.976548 3.000658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 07:46:24.982465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:46:32.983607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:46:41.827135 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 07:46:41.827243 0.061171 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:46:41.872535 0.000000 udp 10.0.2.109 3683 -> 59.115.53.102 2346 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 07:46:48.986852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:46:59.464130 0.055640 tcp 10.0.2.109 49605 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:46:59.520146 0.055394 tcp 10.0.2.109 49606 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:46:59.575933 0.135593 tcp 10.0.2.109 49607 -> 195.113.214.249 443 SRPA* 0 0 56 36926 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:46:59.711952 0.367658 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:00.097222 0.098157 rtp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:00.196646 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 07:47:15.445524 0.053445 tcp 10.0.2.109 49608 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:47:15.499263 0.056364 tcp 10.0.2.109 49609 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:47:15.556059 0.147941 tcp 10.0.2.109 49610 -> 195.113.214.249 443 SRPA* 0 0 42 35296 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:47:15.704773 0.060705 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:15.777145 0.157066 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:15.922845 0.072949 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:15.979802 0.174712 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:16.142173 0.226495 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:16.376487 0.061820 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:16.421902 0.149085 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:16.532518 0.353228 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:16.882134 0.114307 rtp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:16.956027 0.055185 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:17.013254 0.178442 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:17.187313 0.239838 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:17.388759 0.186748 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:17.567911 0.140405 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:17.670660 0.177705 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:17.826894 0.145109 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:17.969575 0.178115 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:18.127384 0.583724 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:18.591998 0.048430 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:18.655478 0.163777 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:18.844192 0.069146 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:18.896816 0.000000 udp 10.0.2.109 3683 -> 46.72.160.4 6799 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 07:47:20.992626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:47:35.474479 0.054255 tcp 10.0.2.109 49611 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:47:35.529058 0.054181 tcp 10.0.2.109 49612 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:47:35.583662 0.152000 tcp 10.0.2.109 49613 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/23 07:47:35.736536 0.155975 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2033 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:35.876056 0.013564 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:35.913220 0.195521 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:36.073472 0.180160 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:36.244759 0.152736 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:36.427937 0.193929 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:36.618818 0.101703 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:36.688243 0.253079 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:47:36.921399 0.196916 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/23 07:56:31.005874 3.001609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 07:56:38.014167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:56:46.015510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:57:02.018388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 07:57:34.023804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:03:22.705176 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 08:03:22.705366 0.401266 tcp 10.0.2.109 49614 -> 176.73.169.112 1959 FSPA* 0 0 14 1595 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:03:38.029933 3.001811 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 08:03:45.037619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:03:53.038685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:04:09.044622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:04:41.047734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:10:45.053947 3.001633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 08:10:52.061511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:11:00.062790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:11:16.065800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:11:48.072015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:17:37.925209 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 08:17:37.925366 0.100652 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:17:38.007094 0.000000 udp 10.0.2.109 3683 -> 46.72.160.4 6799 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 08:17:52.077711 3.001577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 08:17:54.460623 0.057740 tcp 10.0.2.109 49615 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:17:54.518656 0.078106 tcp 10.0.2.109 49616 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:17:54.597097 0.149921 tcp 10.0.2.109 49617 -> 195.113.214.249 443 SRPA* 0 0 50 38610 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:17:54.747846 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 08:17:59.085054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:18:07.086905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:18:10.462253 0.054300 tcp 10.0.2.109 49618 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:18:10.516865 0.055530 tcp 10.0.2.109 49619 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:18:10.572741 0.215475 tcp 10.0.2.109 49620 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:18:10.788747 0.097996 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:10.896744 0.343876 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:11.233066 0.058752 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:11.293412 0.156633 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:11.441813 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 08:18:23.089729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:18:30.300646 0.052934 tcp 10.0.2.109 49621 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:18:30.353901 0.055753 tcp 10.0.2.109 49622 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:18:30.409942 0.154985 tcp 10.0.2.109 49623 -> 195.113.214.249 443 SRPA* 0 0 22 12484 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:18:30.565521 0.060828 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:30.609951 0.170087 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:30.768466 0.075349 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:30.831167 0.353642 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:31.181161 0.116541 udp 10.0.2.109 3683 <-> 91.6.16.76 5333 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:31.256512 0.135526 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:31.356110 0.240192 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:31.562702 0.180431 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:31.736083 0.136399 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:31.837040 0.179584 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:31.993697 0.150615 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:32.141903 0.174254 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:32.313552 0.056225 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:32.433355 0.169166 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:32.636967 0.071029 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:32.717891 0.179550 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:32.876679 0.742082 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:33.378726 0.048408 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:33.447059 0.163041 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:33.591175 0.013674 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:33.626092 0.093316 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:33.683050 0.178369 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:33.855337 0.146475 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:33.999737 0.190292 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:34.187279 0.102704 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:34.258622 0.243365 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:34.480843 0.197685 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:18:55.095902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:24:59.101269 3.002346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 08:25:06.109046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:25:14.110584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:25:30.113688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:26:02.119700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:32:06.127597 2.999857 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 08:32:13.133525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:32:21.134796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:32:37.137457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:33:09.143486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:33:23.117684 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 08:33:23.117811 0.471913 tcp 10.0.2.109 49624 -> 176.73.169.112 1959 FSPA* 0 0 14 1733 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:39:13.149287 3.001937 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 08:39:20.157342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:39:28.159343 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:39:44.161603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:40:16.167543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:46:20.174521 3.001167 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 08:46:27.181226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:46:35.182708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:46:51.185757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:47:23.191534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:48:39.101299 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 08:48:39.101472 0.075492 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:39.148889 0.225330 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:39.399362 0.099533 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:39.567046 0.098017 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:39.666467 0.093657 rtp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:39.768915 0.330128 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:40.100380 0.168679 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:40.259661 0.062922 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:40.304691 0.171489 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:40.465418 0.068427 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:40.517883 0.141796 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:40.620860 0.234921 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:40.822162 0.176323 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:40.990960 0.147990 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:41.100819 0.350412 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:41.472397 0.000000 udp 10.0.2.109 3683 -> 91.6.16.76 5333 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 08:48:59.242318 0.054294 tcp 10.0.2.109 49625 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:48:59.296931 0.058110 tcp 10.0.2.109 49626 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:48:59.355390 0.152695 tcp 10.0.2.109 49627 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/23 08:48:59.508586 0.178303 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:59.664537 0.150953 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2571 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:48:59.813561 0.245850 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:00.057012 0.056138 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:00.188189 0.164157 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:00.437084 0.070019 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:00.782611 0.179972 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:00.941521 0.559161 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:01.381652 0.049347 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:01.454868 0.158072 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:01.665186 0.013713 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:01.810612 1.419133 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:03.195017 0.174986 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:04.025684 0.103594 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:04.547296 0.254942 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:05.042011 0.197538 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:05.235698 0.152994 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:49:06.413698 0.190837 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/23 08:56:32.204795 3.000687 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 08:56:39.211112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:56:47.212646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:57:03.218199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 08:57:35.224655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:03:23.593075 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 09:03:23.593338 0.486987 tcp 10.0.2.109 49628 -> 176.73.169.112 1959 FSPA* 0 0 14 1717 flow=From-Botnet-V1-TCP-Established 1970/02/23 09:03:39.229247 2.999951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 09:03:46.235191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:03:54.236685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:04:10.239409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:04:42.245773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:10:46.255865 2.997408 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 09:10:53.258959 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:11:01.260666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:11:17.263373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:11:49.269715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:17:53.275986 3.001403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 09:18:00.282994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:18:08.285100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:18:24.287519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:18:56.293829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:19:21.719956 0.000102 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 09:19:21.720141 0.000000 udp 10.0.2.109 3683 -> 91.6.16.76 5333 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 09:19:37.344948 0.057697 tcp 10.0.2.109 49629 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 09:19:37.402975 0.054817 tcp 10.0.2.109 49630 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 09:19:37.458313 0.150156 tcp 10.0.2.109 49631 -> 195.113.214.249 443 SRPA* 0 0 53 40154 flow=From-Botnet-V1-TCP-Established 1970/02/23 09:19:37.609589 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 09:19:54.297828 0.053040 tcp 10.0.2.109 49632 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 09:19:54.351290 0.055981 tcp 10.0.2.109 49633 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 09:19:54.407555 0.146133 tcp 10.0.2.109 49634 -> 195.113.214.249 443 SRPA* 0 0 33 19424 flow=From-Botnet-V1-TCP-Established 1970/02/23 09:19:54.554505 0.097752 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:54.656230 0.057592 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:54.715182 0.113289 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:54.764477 0.224590 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:54.999638 0.163016 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:55.146948 0.060146 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:55.191694 0.340297 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:55.533360 0.072651 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:55.589932 0.156373 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:55.707356 0.259534 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:55.929207 0.170109 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:56.087743 0.142454 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:56.190830 0.185789 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:56.369644 0.353292 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:56.719246 0.179896 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:56.876659 0.150304 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:57.024959 0.170341 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:57.192456 0.070176 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:57.287153 0.171484 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:57.437945 0.181126 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:57.616141 0.058781 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:57.731015 0.565970 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:58.178441 0.048458 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:58.288608 0.154300 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:58.424579 0.013563 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:58.479814 0.340908 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:58.784012 0.180172 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:58.956077 0.103729 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:59.028439 0.246360 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:59.254628 0.197896 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:59.449424 0.145363 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:19:59.592960 0.195939 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:25:00.299919 3.001325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 09:25:07.306880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:25:15.308260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:25:31.311952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:26:03.317445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:32:07.324649 3.000388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 09:32:14.331027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:32:22.332702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:32:38.335325 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:33:10.341441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:33:24.081566 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 09:33:24.081675 0.990551 tcp 10.0.2.109 49635 -> 176.73.169.112 1959 FSPA* 0 0 16 1784 flow=From-Botnet-V1-TCP-Established 1970/02/23 09:39:14.349476 2.999724 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 09:39:21.355031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:39:29.356664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:39:45.359126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:40:17.365487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:46:21.372062 3.001023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 09:46:28.378747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:46:36.380796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:46:52.383290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:47:24.389492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:50:08.335479 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 09:50:08.335669 0.161741 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:08.477629 0.069114 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:08.540193 0.224391 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:08.764833 0.098395 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:08.866782 0.060985 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:08.942248 0.158415 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:09.090479 0.059387 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:09.140134 0.355445 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:09.497094 0.072945 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:09.551947 0.154550 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:09.668024 0.246602 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:09.878298 0.180394 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:10.052020 0.353342 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:10.401675 0.173453 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:10.553250 0.177509 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:10.719902 0.138236 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:10.817028 0.151004 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:10.966463 0.165563 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:11.129298 0.073660 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:11.223175 0.179799 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:11.381135 0.173656 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:11.552193 0.055686 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:11.611192 0.737772 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:12.069262 0.048366 udp 10.0.2.109 3683 <-> 78.96.45.170 2289 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:12.118985 0.169728 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:12.278180 0.013619 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:12.312213 0.213898 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:12.492291 0.181049 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:12.665147 0.197871 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:12.858656 0.152189 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2024 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:13.005771 0.195617 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:13.198527 0.101798 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:50:13.267567 0.256120 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 09:56:33.402577 3.000533 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 09:56:40.408784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:56:48.410596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:57:04.413250 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 09:57:36.423027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:03:25.070565 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 10:03:25.070658 0.608249 tcp 10.0.2.109 49636 -> 176.73.169.112 1959 FSPA* 0 0 15 1652 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:03:40.425612 3.001054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 10:03:47.432836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:03:55.434438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:04:11.437289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:04:43.445071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:10:47.449704 3.001158 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 10:10:54.459398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:11:02.458179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:11:18.461289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:11:50.467310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:17:54.473458 3.001624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 10:18:01.480453 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:18:09.482449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:18:25.485093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:18:57.491147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:20:41.170946 0.000197 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 10:20:41.171257 0.224951 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2544 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:41.394259 0.100402 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:41.496287 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 10:20:56.855766 0.056978 tcp 10.0.2.109 49637 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:20:56.913139 0.054620 tcp 10.0.2.109 49638 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:20:56.968141 0.181251 tcp 10.0.2.109 49639 -> 195.113.214.249 443 SRPA* 0 0 25 13444 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:20:57.149931 0.095059 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:57.225765 0.052839 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:57.274617 0.165253 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:57.430507 0.059295 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:57.473313 0.320099 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:57.802060 0.071990 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:57.857069 0.148425 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:57.967725 0.243604 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:58.176033 0.186513 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:58.354732 0.353484 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:58.704350 0.177735 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:58.859841 0.172060 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:59.020875 0.497926 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:59.482386 0.150418 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:59.631162 0.178879 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:59.789320 0.179871 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:20:59.966851 0.056746 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:00.025167 0.168920 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:00.215627 0.074573 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2557 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:00.328969 0.611776 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:00.841430 0.000000 udp 10.0.2.109 3683 -> 78.96.45.170 2289 INT 0 1 183 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 10:21:17.322846 0.055032 tcp 10.0.2.109 49640 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:21:17.378221 0.059481 tcp 10.0.2.109 49641 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:21:17.438046 0.192397 tcp 10.0.2.109 49642 -> 195.113.214.249 443 SRPA* 0 0 29 15462 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:21:17.631288 0.156488 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:17.771612 0.013629 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:17.828608 0.099949 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:17.893116 0.178976 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:18.065853 0.200072 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:18.261801 0.103678 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:18.328998 0.249504 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:18.559045 0.150879 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:21:18.727989 0.191764 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:25:01.498477 3.000261 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 10:25:08.504804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:25:16.506003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:25:32.509167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:26:04.515093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:32:08.520969 3.001962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 10:32:15.528346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:32:23.529680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:32:39.539287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:33:11.539097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:33:25.679774 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 10:33:25.679968 0.636725 tcp 10.0.2.109 49643 -> 176.73.169.112 1959 FSPA* 0 0 15 1568 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:39:15.545498 3.001336 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 10:39:22.552610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:39:30.553981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:39:46.557019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:40:18.563139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:46:22.571848 2.998791 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 10:46:29.576621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:46:37.578012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:46:53.581161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:47:25.587049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:51:24.300817 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 10:51:24.300931 0.055233 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:51:24.358079 0.000000 udp 10.0.2.109 3683 -> 78.96.45.170 2289 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 10:51:41.647676 0.054882 tcp 10.0.2.109 49644 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:51:41.702866 0.056855 tcp 10.0.2.109 49645 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:51:41.760002 0.144769 tcp 10.0.2.109 49646 -> 195.113.214.249 443 SRPA* 0 0 33 19424 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:51:41.905640 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 10:51:59.221309 0.053093 tcp 10.0.2.109 49647 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:51:59.274696 0.053863 tcp 10.0.2.109 49648 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:51:59.328835 0.157369 tcp 10.0.2.109 49649 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/23 10:51:59.486779 0.098511 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:51:59.588639 0.157071 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:51:59.736280 0.062328 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:51:59.783615 0.314349 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:00.099520 0.071968 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:00.152348 0.141567 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:00.255648 0.125116 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:00.360810 0.217079 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:00.426549 0.353543 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:00.778477 0.182034 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:00.930698 0.244631 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:01.138282 0.185378 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:01.316262 0.151190 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:01.465921 0.175734 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:01.622997 0.203855 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:01.823061 0.134744 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:01.922475 0.165483 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:02.077218 0.548824 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:02.527514 0.053981 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:02.592120 0.163596 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:02.779715 0.070070 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:02.857888 0.157870 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:02.999651 0.013324 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:03.042749 0.448756 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:03.455704 0.102805 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:03.522965 0.252380 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:03.755630 0.153836 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:03.904370 0.197137 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:04.098685 0.173798 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:52:04.262573 0.198839 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/23 10:56:29.602442 3.000924 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 10:56:36.609285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:56:44.610782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:57:00.614179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 10:57:32.619802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:03:26.318792 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 11:03:26.318994 0.513578 tcp 10.0.2.109 49650 -> 176.73.169.112 1959 FSPA* 0 0 14 1728 flow=From-Botnet-V1-TCP-Established 1970/02/23 11:03:36.625927 3.001570 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 11:03:43.633263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:03:51.634754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:04:07.637142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:04:39.643637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:10:43.650009 3.001597 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 11:10:50.657252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:10:58.659018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:11:14.661766 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:11:46.667914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:17:50.674776 3.000593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 11:17:57.681230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:18:05.682843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:18:21.685701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:18:53.691810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:22:17.377093 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 11:22:17.377247 0.223761 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:17.602547 0.057505 rtp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:17.661393 0.059543 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:17.714789 0.097759 rtp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:17.823488 0.162897 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:17.976750 0.321207 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:18.296591 0.074977 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:18.353175 0.155751 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:18.469345 0.094311 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:18.566604 0.049854 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:18.611724 0.354068 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:18.991277 0.172079 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:19.140956 0.244370 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:19.348420 0.186294 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:19.526897 0.150600 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:19.677694 0.175760 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:19.833779 0.177641 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:20.008682 0.146429 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:20.118883 0.055067 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:20.182714 0.168252 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:20.352336 0.067325 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:20.403359 0.153097 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:20.540357 0.171869 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:20.701339 0.727766 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:21.209261 0.014017 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:21.231885 0.097169 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:21.292055 0.105381 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:21.362682 0.241936 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:21.613917 0.145609 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:21.774966 0.200766 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:21.973244 0.196954 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:22:22.167036 0.179763 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:24:57.698260 3.000555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 11:25:04.705287 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:25:12.706709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:25:28.709807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:26:00.715340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:32:04.723049 3.000184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 11:32:11.729110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:32:19.730764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:32:35.736794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:33:07.739724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:33:26.837401 0.000116 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 11:33:26.837612 0.494539 tcp 10.0.2.109 49651 -> 176.73.169.112 1959 FSPA* 0 0 14 1522 flow=From-Botnet-V1-TCP-Established 1970/02/23 11:39:11.746996 3.000397 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 11:39:18.753183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:39:26.754318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:39:42.757262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:40:14.763840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:46:18.770213 3.001353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 11:46:25.776606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:46:33.778419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:46:49.781518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:47:21.787140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:52:27.807822 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 11:52:27.807935 0.063126 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:27.857968 0.104204 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:27.963489 0.161845 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:28.111519 0.224825 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:28.342794 0.055871 udp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:28.407505 0.335497 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:28.736293 0.070614 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:28.790889 0.142995 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:28.894672 0.095683 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:28.970689 0.050438 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:29.017905 0.353512 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:29.390814 0.186257 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:29.569566 0.150619 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:29.718728 0.176968 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:29.874896 0.179723 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:30.028951 0.241676 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:30.235425 0.184053 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:30.416446 0.135842 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:30.513823 0.054609 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:30.580165 0.168179 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:30.755147 0.070960 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:30.905223 0.154349 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:31.043560 0.177068 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:31.210026 0.966644 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:31.937241 0.013726 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:31.952767 0.943438 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:32.859179 0.100145 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:33.124161 0.247175 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:33.352063 0.153493 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:33.501245 0.201263 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:33.699757 0.190537 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:52:33.887685 0.179753 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/23 11:56:28.798026 3.000216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 11:56:35.804516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:56:43.805000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:56:59.808591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 11:57:31.814648 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:03:27.336185 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 12:03:27.336352 0.466804 tcp 10.0.2.109 49652 -> 176.73.169.112 1959 FSPA* 0 0 14 1706 flow=From-Botnet-V1-TCP-Established 1970/02/23 12:03:35.822051 3.000372 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 12:03:42.827907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:03:50.829631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:04:06.832813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:04:38.838712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:10:42.845579 3.000859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 12:10:49.852419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:10:57.853180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:11:13.856775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:11:45.862830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:17:49.868090 3.001615 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 12:17:56.875790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:18:04.877588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:18:20.880593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:18:52.886756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:22:43.217337 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 12:22:43.217499 0.156917 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:43.361589 0.224712 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:43.586250 0.058940 rtp 10.0.2.109 3683 <-> 46.49.103.9 1555 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:43.654546 0.059372 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:43.698432 0.098117 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:43.805828 0.333163 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:44.152013 0.072237 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:44.207490 0.141178 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:44.309733 0.095522 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:44.386578 0.172779 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:44.557200 0.355062 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:44.908219 0.177861 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:45.064771 0.178614 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:45.219899 0.250517 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:45.432776 0.184546 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:45.609501 0.150233 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:45.757569 0.172404 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:45.927073 0.136660 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:46.025973 0.055496 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:46.115916 0.168306 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:46.300137 0.069684 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:46.373171 0.158924 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:46.515928 0.173063 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:46.677809 0.577208 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:47.136525 0.013875 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:47.165105 0.137782 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:47.271015 0.100587 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:47.338677 0.249538 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2588 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:47.566834 0.153269 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:47.738777 0.178826 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:47.908620 0.192394 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:22:48.098568 0.190753 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:24:56.893861 3.000577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 12:25:03.899448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:25:11.901458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:25:28.417949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:26:00.036899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:32:03.927185 3.001261 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 12:32:10.933989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:32:18.935500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:32:34.938550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:33:06.944620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:33:27.804923 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 12:33:27.805105 0.415141 tcp 10.0.2.109 49653 -> 176.73.169.112 1959 FSPA* 0 0 14 1615 flow=From-Botnet-V1-TCP-Established 1970/02/23 12:39:10.950664 3.001479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 12:39:17.957974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:39:25.959543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:39:41.962784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:40:13.968540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:46:17.974704 3.001954 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 12:46:24.982048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:46:32.983309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:46:48.986672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:47:20.992907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:53:08.221792 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 12:53:08.221951 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 12:53:24.369497 0.055721 tcp 10.0.2.109 49654 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 12:53:24.425508 0.034152 tcp 10.0.2.109 49655 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 12:53:24.460001 0.119039 tcp 10.0.2.109 49656 -> 195.113.214.249 443 SRPA* 0 0 56 36345 flow=From-Botnet-V1-TCP-Established 1970/02/23 12:53:24.579755 0.064028 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:24.625740 0.097736 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:24.724767 0.160187 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:24.877057 0.224402 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:25.102253 0.321284 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:25.428527 0.078070 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:25.487190 0.149014 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:25.595719 0.092198 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:25.668467 0.050211 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:25.729983 0.353922 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:26.080194 0.180624 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:26.239380 0.174639 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:26.393285 0.256977 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:26.611646 0.188306 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:26.791988 0.150172 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:26.940604 0.237553 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:27.175259 0.170028 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:27.360044 0.073394 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:27.417035 0.160145 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:27.561175 0.176872 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:27.727658 0.139599 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:27.828707 0.055506 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:27.898551 0.690848 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:28.366326 0.013772 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2035 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:28.403780 0.419958 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:28.788489 0.104817 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:28.858947 0.244479 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:29.116832 0.150546 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:29.266310 0.174051 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:29.432363 0.196666 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:53:29.626342 0.185160 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/23 12:56:29.003311 3.001591 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 12:56:36.011303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:56:44.012445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:57:00.015631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 12:57:32.021318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:03:28.223515 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 13:03:28.223712 0.496676 tcp 10.0.2.109 49657 -> 176.73.169.112 1959 FSPA* 0 0 16 1754 flow=From-Botnet-V1-TCP-Established 1970/02/23 13:03:36.027705 3.000401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 13:03:43.034404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:03:51.037065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:04:07.039032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:04:39.045014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:10:43.051614 3.001317 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 13:10:50.058617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:10:58.060012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:11:14.063038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:11:46.069100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:17:50.075542 3.001541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 13:17:57.082830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:18:05.083857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:18:21.086920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:18:53.092821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:23:45.073119 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 13:23:45.073268 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 13:24:03.661113 0.053657 tcp 10.0.2.109 49658 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 13:24:03.715045 0.034716 tcp 10.0.2.109 49659 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 13:24:03.750034 0.147093 tcp 10.0.2.109 49660 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/23 13:24:03.897874 0.171091 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:04.056195 0.224383 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:04.281668 0.057896 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:04.326013 0.097719 rtp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:04.432403 0.319964 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:04.751188 0.073708 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:04.804029 0.150891 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:04.918431 0.095706 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:04.995142 0.045914 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:05.038900 0.172133 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:05.189932 0.347401 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:05.534059 0.177114 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:05.690312 0.150837 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:05.839268 0.258069 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:06.063729 0.184156 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:06.240362 0.177327 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:06.517139 0.165278 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:06.759495 0.071589 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:06.849338 0.154377 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2586 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:06.987800 0.170824 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:07.146471 0.720133 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:07.646294 0.013708 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:07.668945 0.138742 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:07.770419 0.055768 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:07.835293 0.511870 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:08.315028 0.103297 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:08.556226 0.243714 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:08.795077 0.192006 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:08.984628 0.146817 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:09.127359 0.180814 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:09.297552 0.194949 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:24:57.100482 3.000195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 13:25:04.106650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:25:12.107569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:25:28.111109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:26:00.116917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:32:04.123788 3.000836 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 13:32:11.130576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:32:19.131807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:32:35.134534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:33:07.140995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:33:28.722401 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 13:33:28.722598 0.517954 tcp 10.0.2.109 49661 -> 176.73.169.112 1959 FSPA* 0 0 14 1672 flow=From-Botnet-V1-TCP-Established 1970/02/23 13:39:11.147807 3.000831 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 13:39:18.154420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:39:26.156012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:39:42.158870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:40:14.164742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:46:18.171514 3.001147 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 13:46:25.178062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:46:33.179890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:46:49.183145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:47:21.188925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:54:22.514860 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 13:54:22.514984 0.155781 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:22.660240 0.224525 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:22.882241 0.060898 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:22.928954 0.000000 udp 10.0.2.109 3683 -> 77.242.53.194 9893 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 13:54:41.283416 0.053844 tcp 10.0.2.109 49662 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 13:54:41.337513 0.053425 tcp 10.0.2.109 49663 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 13:54:41.391225 0.150994 tcp 10.0.2.109 49664 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/23 13:54:41.542745 0.319961 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:41.872602 0.064425 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:41.922412 0.145204 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:42.031663 0.123620 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:42.135672 0.354032 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:42.519384 0.175929 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:42.674811 0.152264 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:42.823806 0.057764 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:42.917119 0.174386 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:43.068368 0.244624 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:43.275108 0.177919 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 1962 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:43.446659 0.177365 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:43.619330 0.163754 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:43.796590 0.073849 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:43.886922 0.157117 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:44.027372 0.013632 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:44.045448 0.141885 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:44.146934 0.055900 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:44.216628 0.170599 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:44.375846 0.655355 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:44.912000 0.395000 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:45.272646 0.102942 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:45.402264 0.248733 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:45.632854 0.193703 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:45.823400 0.189158 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:46.010068 0.151126 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:54:46.171218 0.178843 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/23 13:56:30.201058 3.001938 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 13:56:37.208140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:56:45.209756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:57:01.212883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 13:57:33.218655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:03:29.240991 0.000146 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 14:03:29.241246 0.518883 tcp 10.0.2.109 49665 -> 176.73.169.112 1959 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:03:37.225435 3.001207 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 14:03:44.232017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:03:52.234437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:04:08.236683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:04:40.242848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:10:44.248785 3.001992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 14:10:51.256047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:10:59.257846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:11:15.260884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:11:47.266390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:17:51.272558 3.001947 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 14:17:58.280591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:18:06.281589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:18:22.284607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:18:54.290759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:24:58.298383 2.999805 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 14:25:03.421392 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 14:25:03.421543 0.000000 udp 10.0.2.109 3683 -> 77.242.53.194 9893 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 14:25:05.305275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:25:13.305639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:25:22.270546 0.056091 tcp 10.0.2.109 49666 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:25:22.327007 0.055234 tcp 10.0.2.109 49667 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:25:22.382547 0.236321 tcp 10.0.2.109 49668 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:25:22.619745 0.224517 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:22.841560 0.157736 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:22.989977 0.061304 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:23.033637 0.319847 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:23.352164 0.073939 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:23.407986 0.153640 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:23.523383 0.096217 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:23.599862 0.149829 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:23.748403 0.046143 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:23.849648 0.353955 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:24.200076 0.177480 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:24.355799 0.177713 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:24.510547 0.243024 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:24.719178 0.189040 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:24.901301 0.176531 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:25.073610 0.154925 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:25.212527 0.013513 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:25.240129 0.141586 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:25.343456 0.056388 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:25.411954 0.159860 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:25.570083 0.068990 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:25.657729 0.175332 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:25.822136 0.810859 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:26.374434 0.246787 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:26.603134 0.217401 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2510 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:26.782789 0.096750 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 1975 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:26.850304 0.158806 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:27.002583 0.196120 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:27.195691 0.195023 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:27.388034 0.179153 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:25:29.308787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:26:01.314687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:32:05.321729 3.000760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 14:32:12.327965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:32:20.329519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:32:36.332920 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:33:08.338821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:33:29.759745 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 14:33:29.759853 2.993638 tcp 10.0.2.109 49669 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:33:38.755694 0.000000 tcp 10.0.2.109 49669 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:33:44.762369 0.054754 tcp 10.0.2.109 49670 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:33:44.816921 0.082724 tcp 10.0.2.109 49671 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:33:44.899945 0.142441 tcp 10.0.2.109 49672 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:33:45.086113 2.999587 tcp 10.0.2.109 49673 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:33:54.084517 0.000000 tcp 10.0.2.109 49673 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:39:00.084548 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 14:39:00.084733 3.003343 tcp 10.0.2.109 49674 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:39:09.087137 0.000000 tcp 10.0.2.109 49674 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:39:12.344459 3.002381 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 14:39:15.087488 0.054446 tcp 10.0.2.109 49675 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:39:15.142230 0.055284 tcp 10.0.2.109 49676 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:39:15.197780 0.147694 tcp 10.0.2.109 49677 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:39:15.354894 3.006056 tcp 10.0.2.109 49678 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:39:19.351912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:39:24.358912 0.000000 tcp 10.0.2.109 49678 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:39:27.353559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:39:43.356756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:40:15.363424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:44:30.349823 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 14:44:30.350042 2.993468 tcp 10.0.2.109 49679 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:44:39.341809 0.000000 tcp 10.0.2.109 49679 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:44:45.352119 0.054453 tcp 10.0.2.109 49680 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:44:45.406922 0.054411 tcp 10.0.2.109 49681 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:44:45.461636 0.149422 tcp 10.0.2.109 49682 -> 195.113.214.249 443 SRPA* 0 0 35 18402 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:44:45.644496 3.000883 tcp 10.0.2.109 49683 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:44:54.643939 0.000000 tcp 10.0.2.109 49683 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:46:19.368575 3.002030 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 14:46:26.376423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:46:34.377415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:46:50.380696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:47:22.386994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:50:00.644710 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 14:50:00.644866 3.002969 tcp 10.0.2.109 49684 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:50:09.646336 0.000000 tcp 10.0.2.109 49684 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:50:15.647081 0.054577 tcp 10.0.2.109 49685 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:50:15.701952 0.053771 tcp 10.0.2.109 49686 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:50:15.756009 0.143735 tcp 10.0.2.109 49687 -> 195.113.214.249 443 SRPA* 0 0 40 33936 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:50:15.917012 3.003088 tcp 10.0.2.109 49688 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:50:24.918848 0.000000 tcp 10.0.2.109 49688 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:55:47.693133 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 14:55:47.693303 0.223933 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:47.914895 0.165485 rtp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:48.067615 0.062148 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:48.114297 0.328584 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:48.441728 0.070654 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:48.494392 0.150212 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:48.603200 0.091691 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:48.677498 0.151301 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:48.826615 0.062994 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:48.887144 0.178036 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:49.041542 0.255289 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:49.261445 0.179586 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 1987 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:49.434430 0.354366 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:49.783382 0.179268 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:49.940755 0.181350 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.119590 0.163410 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.262698 0.013766 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.285928 0.141388 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.388637 0.055452 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.445750 0.170891 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.614002 0.069600 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.700304 0.171978 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.860901 0.088608 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.915034 0.102506 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:50.984643 0.150320 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:51.136394 0.721490 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:51.619292 0.249898 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:51.886088 0.177238 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:52.055193 0.196258 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 1976 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:55:52.247624 0.195518 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/23 14:56:00.922184 3.003799 tcp 10.0.2.109 49689 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:56:09.925065 0.000000 tcp 10.0.2.109 49689 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:56:15.925616 0.055308 tcp 10.0.2.109 49690 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:56:15.981251 0.055567 tcp 10.0.2.109 49691 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:56:16.037157 0.149796 tcp 10.0.2.109 49692 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/23 14:56:16.197388 3.000904 tcp 10.0.2.109 49693 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:56:25.196909 0.000000 tcp 10.0.2.109 49693 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 14:56:31.399044 3.001454 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 14:56:38.405770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:56:46.407394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:57:02.410596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 14:57:34.416701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:01:31.197554 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 15:01:31.197673 3.003937 tcp 10.0.2.109 49694 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:01:40.209960 0.000000 tcp 10.0.2.109 49694 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:01:46.200739 0.055158 tcp 10.0.2.109 49695 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:01:46.256173 0.054416 tcp 10.0.2.109 49696 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:01:46.310987 0.146101 tcp 10.0.2.109 49697 -> 195.113.214.249 443 SRPA* 0 0 44 33774 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:01:46.486821 2.996173 tcp 10.0.2.109 49698 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:01:55.481754 0.000000 tcp 10.0.2.109 49698 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:03:38.425398 2.999218 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 15:03:45.429957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:03:53.431159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:04:09.434955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:04:41.440935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:07:01.482230 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 15:07:01.482341 3.003514 tcp 10.0.2.109 49699 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:07:10.484636 0.000000 tcp 10.0.2.109 49699 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:07:16.485284 0.100931 tcp 10.0.2.109 49700 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:07:16.585980 0.055125 tcp 10.0.2.109 49701 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:07:16.641398 0.149684 tcp 10.0.2.109 49702 -> 195.113.214.249 443 SRPA* 0 0 47 39472 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:07:16.935187 3.003131 tcp 10.0.2.109 49703 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:07:25.940657 0.000000 tcp 10.0.2.109 49703 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:10:45.447018 3.000916 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 15:10:52.453671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:11:00.455297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:11:16.458418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:11:48.464481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:12:31.937435 0.000207 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 15:12:31.937746 3.003485 tcp 10.0.2.109 49704 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:12:40.939618 0.000000 tcp 10.0.2.109 49704 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:12:46.939894 0.053441 tcp 10.0.2.109 49705 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:12:46.993632 0.055948 tcp 10.0.2.109 49706 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:12:47.049479 0.144866 tcp 10.0.2.109 49707 -> 195.113.214.249 443 SRPA* 0 0 26 13992 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:12:47.220331 2.992588 tcp 10.0.2.109 49708 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:12:56.211889 0.000000 tcp 10.0.2.109 49708 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:17:52.472212 2.999788 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 15:17:59.477775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:18:07.479292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:18:23.482752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:18:55.488173 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:24:59.494818 3.000978 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 15:25:06.501727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:25:14.503192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:25:30.506102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:26:02.512163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:26:05.587049 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 15:26:05.587277 0.060169 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:05.630448 0.226049 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2574 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:06.507206 0.173572 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:06.662635 0.327749 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:07.031130 0.063108 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:07.079537 0.150704 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:07.193404 0.115962 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 4 1548 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:17.277140 3.003741 tcp 10.0.2.109 49709 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:26:25.818236 0.054294 tcp 10.0.2.109 49710 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:26:25.872820 0.055640 tcp 10.0.2.109 49711 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:26:25.928806 0.147994 tcp 10.0.2.109 49712 -> 195.113.214.249 443 SRPA* 0 0 40 22016 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:26:26.077439 0.150673 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:26.226674 0.254313 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:26.276609 0.000000 tcp 10.0.2.109 49709 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:26:26.445940 0.183731 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:26.622442 0.291503 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:26.906192 0.176422 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:27.060522 0.177060 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:27.234007 0.353464 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:27.583739 0.179006 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:27.740966 0.155528 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:27.962152 0.013840 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:27.984281 0.135490 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:28.083195 0.054893 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:28.258463 0.170760 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 5 1916 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:28.503660 0.084556 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:28.905213 0.104734 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:28.973656 0.156882 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:29.126776 0.170724 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:29.286545 0.201899 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:29.452103 0.000000 udp 10.0.2.109 3683 -> 119.234.135.47 5726 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 15:26:32.277176 0.150365 tcp 10.0.2.109 49713 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:26:32.427399 0.116719 tcp 10.0.2.109 49714 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:26:32.544434 0.191855 tcp 10.0.2.109 49715 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:26:32.903164 3.006496 tcp 10.0.2.109 49716 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:26:36.898801 0.219738 udp 10.0.2.109 3683 <- 119.234.135.47 5726 RSP 0 0 5 2113 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 15:26:36.899230 0.245011 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:37.215613 0.180604 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:37.388035 0.197852 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:37.582409 0.195766 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:26:41.908918 0.000000 tcp 10.0.2.109 49716 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:31:47.899454 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 15:31:47.899586 2.993492 tcp 10.0.2.109 49717 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:31:56.891912 0.000000 tcp 10.0.2.109 49717 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:32:02.902641 0.052906 tcp 10.0.2.109 49718 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:32:02.955954 0.055398 tcp 10.0.2.109 49719 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:32:03.011652 0.142301 tcp 10.0.2.109 49720 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:32:03.225030 3.003281 tcp 10.0.2.109 49721 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:32:06.520364 2.999609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 15:32:12.223712 0.000000 tcp 10.0.2.109 49721 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:32:13.525608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:32:21.527196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:32:37.530428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:33:09.536298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:37:18.224226 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 15:37:18.224400 3.003529 tcp 10.0.2.109 49722 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:37:27.226553 0.000000 tcp 10.0.2.109 49722 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:37:33.227192 0.052990 tcp 10.0.2.109 49723 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:37:33.280505 0.056754 tcp 10.0.2.109 49724 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:37:33.337636 0.143462 tcp 10.0.2.109 49725 -> 195.113.214.249 443 SRPA* 0 0 32 17664 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:37:33.653886 3.006480 tcp 10.0.2.109 49726 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:37:42.658696 0.000000 tcp 10.0.2.109 49726 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:39:13.543260 3.000835 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 15:39:20.550318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:39:28.551428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:39:44.553852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:40:16.560125 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:42:48.649348 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 15:42:48.649536 2.993604 tcp 10.0.2.109 49727 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:42:57.641711 0.000000 tcp 10.0.2.109 49727 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:43:03.652194 0.054482 tcp 10.0.2.109 49728 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:43:03.706987 0.055446 tcp 10.0.2.109 49729 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:43:03.762742 0.145310 tcp 10.0.2.109 49730 -> 195.113.214.249 443 SRPA* 0 0 41 21628 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:43:04.029087 2.996252 tcp 10.0.2.109 49731 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:43:13.023691 0.000000 tcp 10.0.2.109 49731 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:46:20.567804 2.999939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 15:46:27.573837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:46:35.576627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:46:51.577969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:47:23.584878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:48:19.024388 0.000112 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 15:48:19.024608 3.003568 tcp 10.0.2.109 49732 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:48:28.026758 0.000000 tcp 10.0.2.109 49732 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:48:34.027761 0.274572 tcp 10.0.2.109 49733 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:48:34.302653 0.055187 tcp 10.0.2.109 49734 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:48:34.358205 0.146570 tcp 10.0.2.109 49735 -> 195.113.214.249 443 SRPA* 0 0 41 22254 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:48:34.959351 2.973588 tcp 10.0.2.109 49736 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:48:43.877601 0.000000 tcp 10.0.2.109 49736 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:56:32.596806 3.000940 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 15:56:39.603439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:56:40.945749 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 15:56:40.945918 0.092348 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:41.018972 0.059452 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:41.111342 0.156880 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:41.258408 0.224070 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:41.572882 0.318314 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:41.954830 0.331411 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:42.247781 0.067263 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:42.317950 0.184625 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:42.495589 0.046563 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:42.569116 0.150306 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:42.791520 0.255652 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:43.011004 0.177697 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:43.359517 0.180594 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:43.537619 0.352821 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:43.886632 0.177692 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:44.167596 0.162477 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:44.310532 0.013696 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:44.378472 0.167587 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:44.556114 0.072278 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:45.012672 0.103486 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:45.082202 0.223376 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:46.392763 0.054746 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:46.797983 0.153549 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:47.068236 0.178371 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:47.234853 0.169471 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:47.374427 0.714764 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:47.606368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:56:47.849402 0.197778 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:48.061796 0.194469 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:48.253465 0.247010 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:48.588714 0.172480 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/23 15:56:49.768148 2.994379 tcp 10.0.2.109 49737 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:56:58.771203 0.000000 tcp 10.0.2.109 49737 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:57:03.608490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 15:57:04.771899 0.053580 tcp 10.0.2.109 49738 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:57:04.825880 0.054926 tcp 10.0.2.109 49739 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:57:04.881071 0.144631 tcp 10.0.2.109 49740 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/23 15:57:05.295589 2.999325 tcp 10.0.2.109 49741 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:57:14.293370 0.000000 tcp 10.0.2.109 49741 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 15:57:35.614460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:02:20.293949 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 16:02:20.294166 3.004411 tcp 10.0.2.109 49742 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:02:29.297847 0.000000 tcp 10.0.2.109 49742 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:02:35.300765 0.052733 tcp 10.0.2.109 49743 -> 195.113.214.234 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:02:35.353782 0.054434 tcp 10.0.2.109 49744 -> 195.113.214.249 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:02:35.408632 0.146542 tcp 10.0.2.109 49745 -> 195.113.214.249 443 SRPA* 0 0 39 31453 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:02:35.585022 3.007833 tcp 10.0.2.109 49746 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:02:44.588066 0.000000 tcp 10.0.2.109 49746 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:03:39.623564 2.998196 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 16:03:46.627797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:03:54.632459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:04:10.632428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:04:42.638844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:07:50.578995 0.000133 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 16:07:50.579221 2.993176 tcp 10.0.2.109 49747 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:07:59.582869 0.000000 tcp 10.0.2.109 49747 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:08:05.582413 0.054624 tcp 10.0.2.109 49748 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:08:05.637287 0.055310 tcp 10.0.2.109 49749 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:08:05.692911 0.150393 tcp 10.0.2.109 49750 -> 195.113.214.249 443 SRPA* 0 0 40 22642 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:08:06.113495 3.001544 tcp 10.0.2.109 49751 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:08:15.116958 0.000000 tcp 10.0.2.109 49751 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:10:46.644869 3.001238 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 16:10:53.651387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:11:01.654526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:11:17.656008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:11:49.663521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:13:21.113852 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 16:13:21.114007 3.003656 tcp 10.0.2.109 49752 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:13:30.116349 0.000000 tcp 10.0.2.109 49752 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:13:36.117099 0.052944 tcp 10.0.2.109 49753 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:13:36.170371 0.054387 tcp 10.0.2.109 49754 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:13:36.225068 0.143787 tcp 10.0.2.109 49755 -> 195.113.214.249 443 SRPA* 0 0 28 12098 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:13:36.527578 3.002302 tcp 10.0.2.109 49756 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:13:45.528397 0.000000 tcp 10.0.2.109 49756 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:17:53.668313 3.001262 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 16:18:00.675524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:18:08.677006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:18:24.680016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:18:56.685873 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:25:00.692471 3.001142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 16:25:07.699556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:25:15.700481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:25:31.704145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:26:03.709780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:26:49.416014 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 16:26:49.416132 0.168785 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:49.575550 0.096413 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:49.902279 0.058624 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:49.966544 0.225927 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:50.247140 0.319698 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:50.581898 0.132828 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:50.674610 0.069305 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:50.740443 0.179261 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:50.913230 0.049987 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:50.955630 0.179202 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:51.111625 0.150808 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:51.394396 0.239558 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:51.579214 2.994473 tcp 10.0.2.109 49757 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:26:51.599892 0.184283 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:51.797176 0.352577 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:52.180523 0.178534 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:52.337146 0.157896 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:52.478990 0.013693 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:52.613472 0.197241 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:52.807759 0.068248 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:52.861383 0.105137 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:52.982966 0.142927 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:53.085629 0.054424 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:53.152710 0.153550 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:53.302343 0.176036 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:53.466612 0.135287 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:53.562497 0.707419 rtp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:54.051907 0.288632 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:54.322374 0.200202 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:54.519148 0.194839 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:26:54.711550 0.181331 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:27:00.571595 0.000000 tcp 10.0.2.109 49757 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:27:06.582688 0.051843 tcp 10.0.2.109 49758 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:27:06.634841 0.055629 tcp 10.0.2.109 49759 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:27:06.690665 0.146871 tcp 10.0.2.109 49760 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:27:06.874901 3.000327 tcp 10.0.2.109 49761 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:27:15.876199 0.000000 tcp 10.0.2.109 49761 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:32:07.716499 3.001027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 16:32:14.723398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:32:21.874165 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 16:32:21.874338 3.003375 tcp 10.0.2.109 49762 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:32:22.724654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:32:30.876658 0.000000 tcp 10.0.2.109 49762 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:32:36.877414 0.053017 tcp 10.0.2.109 49763 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:32:36.930793 0.054145 tcp 10.0.2.109 49764 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:32:36.985323 0.144098 tcp 10.0.2.109 49765 -> 195.113.214.249 443 SRPA* 0 0 24 12632 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:32:37.185516 3.004339 tcp 10.0.2.109 49766 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:32:38.727787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:32:46.188668 0.000000 tcp 10.0.2.109 49766 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:33:10.734963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:37:52.188501 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 16:37:52.188611 2.994379 tcp 10.0.2.109 49767 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:38:01.181436 0.000000 tcp 10.0.2.109 49767 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:38:07.191816 0.052708 tcp 10.0.2.109 49768 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:38:07.244870 0.055041 tcp 10.0.2.109 49769 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:38:07.300190 0.147383 tcp 10.0.2.109 49770 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:38:07.727068 2.998141 tcp 10.0.2.109 49771 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:38:16.724027 0.000000 tcp 10.0.2.109 49771 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:39:14.741031 3.004647 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 16:39:21.747443 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:39:29.748825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:39:45.751915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:40:17.757622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:43:22.725095 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 16:43:22.725250 3.005925 tcp 10.0.2.109 49772 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:43:31.726805 0.000000 tcp 10.0.2.109 49772 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:43:37.727057 0.053538 tcp 10.0.2.109 49773 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:43:37.780871 0.054613 tcp 10.0.2.109 49774 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:43:37.835790 0.143197 tcp 10.0.2.109 49775 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:43:37.991078 2.999017 tcp 10.0.2.109 49776 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:43:46.988807 0.000000 tcp 10.0.2.109 49776 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:46:21.763960 3.001799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 16:46:28.771398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:46:36.772843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:46:52.776058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:47:24.782010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:56:28.797922 3.000169 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 16:56:35.804630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:56:43.805639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:56:59.808551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:57:14.219661 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 16:57:14.219902 0.063353 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2643 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:14.264564 0.149865 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:15.515900 0.092981 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:15.682850 0.224874 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:15.956821 0.330451 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:16.294569 0.127392 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:16.383933 0.068380 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:16.528828 0.180528 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:18.434427 0.057438 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:18.661304 0.243618 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:18.870582 0.256072 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:19.116161 0.176988 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:19.286559 0.150467 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:19.439732 0.354109 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:19.823796 0.177822 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:19.981044 0.156899 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:20.121623 0.013509 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:20.424271 0.163698 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:20.587126 0.069346 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:20.640988 0.097826 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:20.707934 0.152736 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:20.861930 0.170613 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2025 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:21.022624 1.343535 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:22.330875 0.136008 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:22.429415 0.054130 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:22.504256 0.723395 udp 10.0.2.109 3683 <-> 119.234.135.47 5726 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:23.007941 0.243597 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:23.042665 3.004624 tcp 10.0.2.109 49777 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:57:23.282368 0.198738 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:23.475971 0.189559 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:23.663083 0.174058 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/23 16:57:31.815087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 16:57:32.045618 0.000000 tcp 10.0.2.109 49777 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:57:38.045860 0.053965 tcp 10.0.2.109 49778 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:57:38.100209 0.055883 tcp 10.0.2.109 49779 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:57:38.156419 0.143267 tcp 10.0.2.109 49780 -> 195.113.214.249 443 SRPA* 0 0 43 21736 flow=From-Botnet-V1-TCP-Established 1970/02/23 16:57:38.310366 2.998320 tcp 10.0.2.109 49781 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 16:57:47.306969 0.000000 tcp 10.0.2.109 49781 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:02:53.307944 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 17:02:53.308115 3.004266 tcp 10.0.2.109 49782 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:03:02.319713 0.000000 tcp 10.0.2.109 49782 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:03:08.310958 0.053601 tcp 10.0.2.109 49783 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:03:08.364810 0.053987 tcp 10.0.2.109 49784 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:03:08.419104 0.145311 tcp 10.0.2.109 49785 -> 195.113.214.249 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:03:08.574700 2.998693 tcp 10.0.2.109 49786 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:03:17.571745 0.000000 tcp 10.0.2.109 49786 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:03:35.820700 3.002058 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 17:03:42.827755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:03:50.829490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:04:06.833018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:04:38.838525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:08:23.571934 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 17:08:23.572111 3.003855 tcp 10.0.2.109 49787 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:08:32.574766 0.000000 tcp 10.0.2.109 49787 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:08:38.575346 0.052911 tcp 10.0.2.109 49788 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:08:38.628630 0.053862 tcp 10.0.2.109 49789 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:08:38.682800 0.143773 tcp 10.0.2.109 49790 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:08:38.848226 2.999866 tcp 10.0.2.109 49791 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:08:47.846995 0.000000 tcp 10.0.2.109 49791 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:10:42.845491 3.000486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 17:10:49.852412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:10:57.853684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:11:13.857157 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:11:45.862509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:13:53.847400 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 17:13:53.847518 3.003400 tcp 10.0.2.109 49792 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:14:02.849403 0.000000 tcp 10.0.2.109 49792 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:14:08.849533 0.052703 tcp 10.0.2.109 49793 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:14:08.902504 0.055317 tcp 10.0.2.109 49794 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:14:08.958363 0.147688 tcp 10.0.2.109 49795 -> 195.113.214.249 443 SRPA* 0 0 35 19284 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:14:09.117584 2.985500 tcp 10.0.2.109 49796 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:14:18.111485 0.000000 tcp 10.0.2.109 49796 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:17:49.868433 3.002059 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 17:17:56.876429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:18:04.877397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:18:20.880611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:18:52.886050 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:24:56.892751 3.001835 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 17:25:03.899918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:25:11.901160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:25:27.904608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:25:59.910009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:27:42.177869 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 17:27:42.178057 0.060670 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:42.221120 0.140465 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:42.352152 0.098332 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:42.429617 0.140186 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:42.531831 0.065802 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:42.580643 0.225681 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:42.813722 0.353439 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:43.168533 0.189879 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:43.351162 0.168673 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:43.516913 0.052567 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:43.567645 0.237736 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:43.771087 0.353424 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:44.184594 0.176216 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:44.336289 0.150231 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:44.484899 0.177867 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:44.641946 0.161453 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:44.783596 0.013708 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:44.822796 0.107236 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2546 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:44.894155 0.149716 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:45.074807 0.176801 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:45.240127 0.171161 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:45.417042 0.071336 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:45.496399 0.090268 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:45.550460 0.131820 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:45.644837 0.054521 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:27:45.709786 0.000000 udp 10.0.2.109 3683 -> 119.234.135.47 5726 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 17:27:54.165298 3.003704 tcp 10.0.2.109 49797 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:28:03.141750 0.054171 tcp 10.0.2.109 49798 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:28:03.169890 0.000000 tcp 10.0.2.109 49797 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:28:03.196216 0.055413 tcp 10.0.2.109 49799 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:28:03.251980 0.142776 tcp 10.0.2.109 49800 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:28:03.395368 0.195227 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:28:03.587872 0.178577 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:28:03.759072 0.247638 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:28:03.986839 0.198233 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:28:07.027731 0.199718 udp 10.0.2.109 3683 <- 119.234.135.47 5726 RSP 0 0 5 1925 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 17:28:09.166931 0.052804 tcp 10.0.2.109 49801 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:28:09.220113 0.054697 tcp 10.0.2.109 49802 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:28:09.275110 0.145619 tcp 10.0.2.109 49803 -> 195.113.214.249 443 SRPA* 0 0 22 11444 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:28:09.911244 3.000551 tcp 10.0.2.109 49804 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:28:18.919842 0.000000 tcp 10.0.2.109 49804 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:32:03.916583 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 17:32:10.923817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:32:18.925625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:32:34.928755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:33:06.934406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:33:24.910341 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 17:33:24.910531 2.994388 tcp 10.0.2.109 49805 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:33:33.903156 0.000000 tcp 10.0.2.109 49805 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:33:39.913490 0.053604 tcp 10.0.2.109 49806 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:33:39.967448 0.054394 tcp 10.0.2.109 49807 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:33:40.022214 0.140897 tcp 10.0.2.109 49808 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:33:40.176826 2.999788 tcp 10.0.2.109 49809 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:33:49.175309 0.000000 tcp 10.0.2.109 49809 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:38:55.175759 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 17:38:55.175899 3.003504 tcp 10.0.2.109 49810 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:39:04.178200 0.000000 tcp 10.0.2.109 49810 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:39:10.180451 0.054576 tcp 10.0.2.109 49811 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:39:10.235309 0.055589 tcp 10.0.2.109 49812 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:39:10.291184 0.143042 tcp 10.0.2.109 49813 -> 195.113.214.249 443 SRPA* 0 0 26 14334 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:39:10.460448 2.990996 tcp 10.0.2.109 49814 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:39:10.941589 3.000891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 17:39:17.947794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:39:19.460097 0.000000 tcp 10.0.2.109 49814 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:39:25.949306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:39:41.952410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:40:13.958739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:44:25.460656 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 17:44:25.460832 2.993700 tcp 10.0.2.109 49815 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:44:34.453017 0.000000 tcp 10.0.2.109 49815 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:44:40.464044 0.054551 tcp 10.0.2.109 49816 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:44:40.518926 0.055902 tcp 10.0.2.109 49817 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:44:40.575152 0.141541 tcp 10.0.2.109 49818 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:44:40.785313 3.000459 tcp 10.0.2.109 49819 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:44:49.784963 0.000000 tcp 10.0.2.109 49819 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:46:17.964272 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 17:46:24.971814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:46:32.973407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:46:48.976633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:47:20.982614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:56:27.991368 3.001778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 17:56:34.998909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:56:43.000329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:56:59.003399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:57:31.010052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 17:58:32.798950 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 17:58:32.799136 0.000000 udp 10.0.2.109 3683 -> 119.234.135.47 5726 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 17:58:49.133554 0.053975 tcp 10.0.2.109 49820 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:58:49.187847 0.056275 tcp 10.0.2.109 49821 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:58:49.244321 0.145970 tcp 10.0.2.109 49822 -> 195.113.214.249 443 SRPA* 0 0 39 32384 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:58:49.391095 0.142203 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:49.525091 0.096630 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:49.600830 0.144302 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:49.710283 0.070037 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:49.764919 0.224695 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:49.989046 0.059726 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:50.032084 0.171928 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:50.200322 0.366070 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:50.584237 0.241098 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:50.791277 0.062848 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:50.877509 0.180056 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:51.049851 0.351762 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 1959 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:51.398022 0.174669 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:51.549999 0.156642 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:51.690913 0.013501 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:51.735801 0.100860 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:51.804326 0.150889 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:51.952811 0.173205 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:52.100412 0.168925 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:52.258993 0.600605 rtcp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:53.207893 0.070373 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2599 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:53.259530 0.089424 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:53.337175 0.141546 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:53.440200 0.054814 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:53.510668 0.152103 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:53.680996 0.251030 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:53.946694 0.189807 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:54.133459 0.172745 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:54.298838 0.191427 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/23 17:58:54.487637 0.000000 udp 10.0.2.109 3683 -> 119.234.135.47 5726 REQ 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 17:58:55.841654 3.003608 tcp 10.0.2.109 49823 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:59:04.844480 0.000000 tcp 10.0.2.109 49823 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:59:10.849665 0.052149 tcp 10.0.2.109 49824 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:59:10.902266 0.054467 tcp 10.0.2.109 49825 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:59:10.957018 0.140982 tcp 10.0.2.109 49826 -> 195.113.214.249 443 SRPA* 0 0 22 11444 flow=From-Botnet-V1-TCP-Established 1970/02/23 17:59:11.190351 2.997815 tcp 10.0.2.109 49827 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 17:59:20.186446 0.000000 tcp 10.0.2.109 49827 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:03:35.016619 3.000545 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 18:03:42.022864 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:03:50.024514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:04:06.027604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:04:26.188155 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 18:04:26.188374 3.002365 tcp 10.0.2.109 49828 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:04:35.189386 0.000000 tcp 10.0.2.109 49828 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:04:38.033324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:04:41.189862 0.053587 tcp 10.0.2.109 49829 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:04:41.243800 0.054627 tcp 10.0.2.109 49830 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:04:41.298743 0.147956 tcp 10.0.2.109 49831 -> 195.113.214.249 443 SRPA* 0 0 42 23376 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:04:41.459165 2.993613 tcp 10.0.2.109 49832 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:04:50.461477 0.000000 tcp 10.0.2.109 49832 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:09:56.461915 0.000123 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 18:09:56.462147 3.003465 tcp 10.0.2.109 49833 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:10:05.464411 0.000000 tcp 10.0.2.109 49833 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:10:11.464606 0.032520 tcp 10.0.2.109 49834 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:10:11.497522 0.055768 tcp 10.0.2.109 49835 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:10:11.553655 0.142929 tcp 10.0.2.109 49836 -> 195.113.214.249 443 SRPA* 0 0 38 33790 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:10:11.709147 2.998587 tcp 10.0.2.109 49837 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:10:20.705958 0.000000 tcp 10.0.2.109 49837 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:10:42.039558 3.001247 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 18:10:49.046903 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:10:57.047776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:11:13.051105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:11:45.057432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:15:26.706971 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 18:15:26.707091 3.002993 tcp 10.0.2.109 49838 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:15:35.709074 0.000000 tcp 10.0.2.109 49838 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:15:41.709532 0.053319 tcp 10.0.2.109 49839 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:15:41.763106 0.054279 tcp 10.0.2.109 49840 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:15:41.817728 0.146714 tcp 10.0.2.109 49841 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:15:41.975142 2.997466 tcp 10.0.2.109 49842 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:15:50.980943 0.000000 tcp 10.0.2.109 49842 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:17:49.062898 3.002154 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 18:17:56.070890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:18:04.072662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:18:20.076704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:18:52.133042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:24:56.108374 3.000600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 18:25:03.115111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:25:11.116582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:25:27.119390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:25:59.125532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:29:06.525509 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 18:29:06.525689 0.152616 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:06.637816 0.066068 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:06.689314 0.157986 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:06.838240 0.689717 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:07.508488 0.224195 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:07.730552 0.060367 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:07.773338 0.177587 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:07.945849 0.051499 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:07.993968 0.184680 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:08.170494 0.348615 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:08.519281 0.239829 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:08.722318 0.348231 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:09.066646 0.180127 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:09.224946 0.155043 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:09.364610 0.013621 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:09.400525 0.176232 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:09.551880 0.169595 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:09.710767 0.101985 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:09.778918 0.150483 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:09.927606 0.174786 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:10.103549 0.072669 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:10.186530 0.091917 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:10.242545 0.135120 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:10.342979 0.056405 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:10.410004 0.156783 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:10.592280 0.180357 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:10.764456 0.245425 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:10.989740 0.190735 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:11.177709 0.191439 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:29:12.023274 3.004153 tcp 10.0.2.109 49843 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:29:21.025629 0.000000 tcp 10.0.2.109 49843 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:29:27.025712 0.054668 tcp 10.0.2.109 49844 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:29:27.080635 0.032559 tcp 10.0.2.109 49845 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:29:27.113506 0.127005 tcp 10.0.2.109 49846 -> 195.113.214.249 443 SRPA* 0 0 21 12886 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:29:27.250634 2.998156 tcp 10.0.2.109 49847 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:29:36.247508 0.000000 tcp 10.0.2.109 49847 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:32:03.133274 2.999737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 18:32:10.139144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:32:18.140428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:32:34.143216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:33:06.149470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:34:42.249003 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 18:34:42.249156 2.992611 tcp 10.0.2.109 49848 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:34:51.250545 0.000000 tcp 10.0.2.109 49848 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:34:57.250726 0.031168 tcp 10.0.2.109 49849 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:34:57.282348 0.055873 tcp 10.0.2.109 49850 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:34:57.338508 0.143590 tcp 10.0.2.109 49851 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:34:58.196984 2.998017 tcp 10.0.2.109 49852 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:35:07.193395 0.000000 tcp 10.0.2.109 49852 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:39:10.156936 3.000215 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 18:39:17.162795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:39:25.164481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:39:41.167387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:40:13.173203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:40:13.193847 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 18:40:13.194239 3.003301 tcp 10.0.2.109 49853 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:40:22.196505 0.000000 tcp 10.0.2.109 49853 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:40:28.199151 0.053217 tcp 10.0.2.109 49854 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:40:28.252654 0.033102 tcp 10.0.2.109 49855 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:40:28.286083 0.147561 tcp 10.0.2.109 49856 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:40:28.461025 2.998470 tcp 10.0.2.109 49857 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:40:37.458676 0.000000 tcp 10.0.2.109 49857 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:45:43.458531 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 18:45:43.458706 2.993822 tcp 10.0.2.109 49858 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:45:52.461016 0.000000 tcp 10.0.2.109 49858 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:45:58.461697 0.032158 tcp 10.0.2.109 49859 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:45:58.494234 0.033197 tcp 10.0.2.109 49860 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:45:58.527809 0.144316 tcp 10.0.2.109 49861 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:45:58.702647 3.001871 tcp 10.0.2.109 49862 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:46:07.703161 0.000000 tcp 10.0.2.109 49862 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:46:17.180424 3.000755 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 18:46:24.186801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:46:32.188450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:46:48.191304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:47:20.197177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:56:29.210662 3.000337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 18:56:36.216928 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:56:44.217827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:57:00.221601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:57:32.227283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 18:59:39.411051 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 18:59:39.411254 0.143123 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:39.543042 0.153100 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:39.770631 0.069878 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:39.907761 0.094539 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:40.099865 0.224471 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:40.331607 0.060201 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:42.745639 0.173828 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:43.408046 0.063527 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:43.573833 0.234829 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:43.756890 3.003881 tcp 10.0.2.109 49863 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:59:43.773551 0.183428 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:44.035317 0.334129 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:44.368094 0.353874 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:45.621770 0.174365 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:45.777513 0.154204 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:46.459187 0.014122 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:47.784581 0.175273 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:48.250391 0.171599 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:49.208169 0.101240 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:49.678234 0.150364 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:49.826993 0.168311 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:49.990920 0.068775 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:50.671815 0.088445 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:50.724826 0.140408 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:50.827821 0.055053 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:50.900323 0.152708 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:51.046635 0.179536 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:51.216338 0.246385 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:51.575026 0.189636 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:51.761223 0.189886 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/23 18:59:52.762051 0.000000 tcp 10.0.2.109 49863 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 18:59:58.759826 0.053981 tcp 10.0.2.109 49864 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:59:58.814083 0.055056 tcp 10.0.2.109 49865 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:59:58.869440 0.143786 tcp 10.0.2.109 49866 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/23 18:59:59.023496 2.999121 tcp 10.0.2.109 49867 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:00:08.031223 0.000000 tcp 10.0.2.109 49867 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:03:36.233503 3.001636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 19:03:43.241041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:03:51.242019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:04:07.244982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:04:39.251347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:05:14.022214 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 19:05:14.022329 3.003117 tcp 10.0.2.109 49868 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:05:23.024022 0.000000 tcp 10.0.2.109 49868 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:05:29.024367 0.054005 tcp 10.0.2.109 49869 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:05:29.078750 0.054882 tcp 10.0.2.109 49870 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:05:29.134085 0.147547 tcp 10.0.2.109 49871 -> 195.113.214.249 443 SRPA* 0 0 37 31596 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:05:29.438866 2.998847 tcp 10.0.2.109 49872 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:05:38.436338 0.000000 tcp 10.0.2.109 49872 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:10:43.262316 2.997069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 19:10:44.440210 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 19:10:44.440400 3.000340 tcp 10.0.2.109 49873 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:10:50.264662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:10:53.438995 0.000000 tcp 10.0.2.109 49873 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:10:58.266252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:10:59.440152 0.053350 tcp 10.0.2.109 49874 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:10:59.493893 0.055059 tcp 10.0.2.109 49875 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:10:59.549237 0.141274 tcp 10.0.2.109 49876 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:10:59.701441 3.001398 tcp 10.0.2.109 49877 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:11:08.711317 0.000000 tcp 10.0.2.109 49877 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:11:14.269075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:11:46.275101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:16:14.701548 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 19:16:14.701709 3.003781 tcp 10.0.2.109 49878 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:16:23.704365 0.000000 tcp 10.0.2.109 49878 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:16:29.704412 0.053333 tcp 10.0.2.109 49879 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:16:29.758039 0.056343 tcp 10.0.2.109 49880 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:16:29.814718 0.149190 tcp 10.0.2.109 49881 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:16:29.980587 2.996846 tcp 10.0.2.109 49882 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:16:38.975879 0.000000 tcp 10.0.2.109 49882 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:17:50.280587 3.006888 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 19:17:57.288082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:18:05.290398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:18:21.293470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:18:53.299127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:24:57.306514 3.000553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 19:25:04.312776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:25:12.314034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:25:28.318832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:26:00.323191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:30:20.219009 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 19:30:20.219140 0.140627 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:20.351056 0.093911 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:20.424888 0.225846 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 3 1342 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:30.033129 3.001984 tcp 10.0.2.109 49883 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:30:37.243339 0.053065 tcp 10.0.2.109 49884 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:30:37.296673 0.055031 tcp 10.0.2.109 49885 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:30:37.352104 0.130435 tcp 10.0.2.109 49886 -> 195.113.214.249 443 SRPA* 0 0 22 11820 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:30:37.483109 0.143281 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:37.586305 0.067721 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:37.782762 0.061914 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:37.952039 0.178746 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:38.127485 0.062255 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:38.417697 0.242478 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:38.623380 0.183834 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:38.800314 0.352227 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:39.034757 0.000000 tcp 10.0.2.109 49883 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:30:39.159992 0.365029 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:39.550637 0.176733 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:39.706717 0.155113 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:39.845780 0.013622 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:39.884472 0.176467 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:40.035463 0.171679 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:40.196175 0.098081 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:40.260971 0.151080 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:40.410588 0.086741 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:40.463451 0.168072 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:40.640565 0.068461 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:40.719443 0.147536 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:40.830431 0.056036 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:40.890522 0.150178 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:41.043525 0.174861 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:41.208848 0.247504 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:41.436146 0.189365 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:41.622684 0.198548 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/23 19:30:45.033106 0.051942 tcp 10.0.2.109 49887 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:30:45.085355 0.055247 tcp 10.0.2.109 49888 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:30:45.140995 0.125348 tcp 10.0.2.109 49889 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:30:45.278268 2.998734 tcp 10.0.2.109 49890 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:30:54.275759 0.000000 tcp 10.0.2.109 49890 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:32:04.329939 3.000877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 19:32:11.336951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:32:19.337836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:32:35.341316 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:33:07.347176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:36:00.275959 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 19:36:00.276096 3.004207 tcp 10.0.2.109 49891 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:36:09.278406 0.000000 tcp 10.0.2.109 49891 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:36:15.278906 0.053453 tcp 10.0.2.109 49892 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:36:15.332645 0.055841 tcp 10.0.2.109 49893 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:36:15.388820 0.144495 tcp 10.0.2.109 49894 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:36:15.556004 2.996183 tcp 10.0.2.109 49895 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:36:24.560382 0.000000 tcp 10.0.2.109 49895 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:39:11.353019 3.001923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 19:39:18.360536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:39:26.362119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:39:42.364820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:40:14.370996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:41:30.550777 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 19:41:30.550919 2.997311 tcp 10.0.2.109 49896 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:41:39.543535 0.000000 tcp 10.0.2.109 49896 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:41:45.554570 0.055440 tcp 10.0.2.109 49897 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:41:45.610445 0.055042 tcp 10.0.2.109 49898 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:41:45.665773 0.142128 tcp 10.0.2.109 49899 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:41:45.847942 2.998948 tcp 10.0.2.109 49900 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:41:54.845961 0.000000 tcp 10.0.2.109 49900 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:46:18.377159 3.001834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 19:46:25.384456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:46:35.040213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:46:50.840292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:47:02.141027 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 19:47:02.141149 2.962600 tcp 10.0.2.109 49901 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:47:11.028296 0.000000 tcp 10.0.2.109 49901 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:47:16.952124 0.054737 tcp 10.0.2.109 49902 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:47:17.007171 0.032051 tcp 10.0.2.109 49903 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:47:17.039639 0.124316 tcp 10.0.2.109 49904 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/23 19:47:17.175908 2.953258 tcp 10.0.2.109 49905 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:47:22.439164 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:47:26.063301 0.000000 tcp 10.0.2.109 49905 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 19:56:30.418088 3.000541 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 19:56:37.425006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:56:45.425907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:57:01.429166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 19:57:33.435326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:01:06.492174 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 20:01:06.492316 0.225150 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:06.714369 0.139900 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:07.655415 0.093312 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:07.883175 0.156463 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:08.806578 0.066732 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:09.135220 0.060640 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:09.304065 0.245840 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 1977 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:09.593164 0.184022 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:09.769794 0.174089 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2004 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:09.939862 0.055069 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:09.992763 0.353344 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:10.347806 0.348909 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:10.793691 0.175670 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:10.949278 0.159045 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:11.091717 0.013545 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:11.163701 0.175815 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:11.514874 0.169826 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:11.673307 0.101505 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:11.742674 0.150702 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:11.891423 0.088648 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:12.044493 0.167321 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:12.214007 0.071439 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:12.268042 0.131422 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:12.365813 0.055638 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:12.437105 0.152209 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:12.584566 0.188738 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:12.770548 0.201674 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:12.969707 0.179536 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:13.320166 0.245171 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:01:16.125755 3.004809 tcp 10.0.2.109 49906 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:01:25.128331 0.000000 tcp 10.0.2.109 49906 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:01:31.129283 0.032182 tcp 10.0.2.109 49907 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:01:31.161735 0.032544 tcp 10.0.2.109 49908 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:01:31.194724 0.148873 tcp 10.0.2.109 49909 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:01:31.445924 3.005939 tcp 10.0.2.109 49910 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:01:40.460040 0.000000 tcp 10.0.2.109 49910 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:03:37.444837 2.997928 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 20:03:44.448804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:03:52.450437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:04:08.453170 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:04:40.459112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:06:46.440829 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 20:06:46.440947 2.994691 tcp 10.0.2.109 49911 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:06:55.436254 0.000000 tcp 10.0.2.109 49911 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:07:01.444686 0.292009 tcp 10.0.2.109 49912 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:07:01.736937 0.032281 tcp 10.0.2.109 49913 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:07:01.769516 0.123721 tcp 10.0.2.109 49914 -> 195.113.214.249 443 SRPA* 0 0 41 23284 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:07:02.804006 2.974604 tcp 10.0.2.109 49915 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:07:11.725136 0.000000 tcp 10.0.2.109 49915 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:10:44.465358 3.001693 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 20:10:51.472569 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:10:59.473849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:11:15.477196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:11:47.482975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:12:17.589379 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 20:12:17.589502 3.000970 tcp 10.0.2.109 49916 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:12:26.588892 0.000000 tcp 10.0.2.109 49916 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:12:32.589873 0.053845 tcp 10.0.2.109 49917 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:12:32.644128 0.032143 tcp 10.0.2.109 49918 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:12:32.676977 0.142757 tcp 10.0.2.109 49919 -> 195.113.214.249 443 SRPA* 0 0 21 11428 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:12:32.829579 2.995127 tcp 10.0.2.109 49920 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:12:41.834965 0.000000 tcp 10.0.2.109 49920 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:17:47.831619 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 20:17:47.831711 3.003619 tcp 10.0.2.109 49921 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:17:51.489871 3.000926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 20:17:56.833978 0.000000 tcp 10.0.2.109 49921 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:17:58.496368 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:18:02.834591 0.032449 tcp 10.0.2.109 49922 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:18:02.867278 0.032636 tcp 10.0.2.109 49923 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:18:02.900270 0.122312 tcp 10.0.2.109 49924 -> 195.113.214.249 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:18:03.103932 3.003449 tcp 10.0.2.109 49925 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:18:06.497724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:18:12.106053 0.000000 tcp 10.0.2.109 49925 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:18:22.500970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:18:54.506901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:24:58.514789 3.000311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 20:25:05.520136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:25:13.521847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:25:29.524729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:26:01.530483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:31:19.047600 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 20:31:19.047707 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 101 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 20:31:36.404877 0.053542 tcp 10.0.2.109 49926 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:31:36.458696 0.032840 tcp 10.0.2.109 49927 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:31:36.491824 0.126565 tcp 10.0.2.109 49928 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:31:36.619183 0.226098 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:36.842379 0.141486 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:36.974707 0.147764 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:37.084358 0.076416 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:37.142856 0.059201 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:37.186700 0.240492 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:37.390814 0.184626 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:37.567170 0.181313 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:37.745599 0.050364 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:37.794198 0.343446 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:38.139086 0.354792 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:38.518381 0.177833 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:38.675774 0.156172 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:38.815988 0.013407 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:38.846035 0.177579 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.001558 0.170643 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.159752 0.104287 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.229407 0.150343 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.378289 0.093543 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.434962 0.182584 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.618826 0.069848 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.671817 0.142560 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.772053 0.055380 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.840456 0.155050 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2541 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:39.991082 0.195409 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:40.183844 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 20:31:48.159615 2.994051 tcp 10.0.2.109 49929 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:31:57.152142 0.000000 tcp 10.0.2.109 49929 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:31:57.263331 0.052794 tcp 10.0.2.109 49930 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:31:57.316373 0.032083 tcp 10.0.2.109 49931 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:31:57.348828 0.123384 tcp 10.0.2.109 49932 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:31:57.472870 0.178286 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:31:57.644799 0.248630 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/23 20:32:03.165121 0.052315 tcp 10.0.2.109 49933 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:32:03.217768 0.032123 tcp 10.0.2.109 49934 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:32:03.250170 0.123958 tcp 10.0.2.109 49935 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:32:03.383790 2.991503 tcp 10.0.2.109 49936 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:32:05.538286 3.000200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 20:32:12.374024 0.000000 tcp 10.0.2.109 49936 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:32:12.544607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:32:20.545887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:32:36.548702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:33:08.554746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:37:18.374404 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 20:37:18.374610 3.003797 tcp 10.0.2.109 49937 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:37:27.376937 0.000000 tcp 10.0.2.109 49937 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:37:33.377226 0.053790 tcp 10.0.2.109 49938 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:37:33.431371 0.055062 tcp 10.0.2.109 49939 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:37:33.486692 0.139151 tcp 10.0.2.109 49940 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:37:33.636625 3.003939 tcp 10.0.2.109 49941 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:37:42.638816 0.000000 tcp 10.0.2.109 49941 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:39:12.560576 3.001906 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 20:39:19.568243 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:39:27.571247 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:39:43.572733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:40:15.578754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:42:48.639213 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 20:42:48.639436 2.993540 tcp 10.0.2.109 49942 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:42:57.631628 0.000000 tcp 10.0.2.109 49942 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:43:03.641778 0.053481 tcp 10.0.2.109 49943 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:43:03.695528 0.032188 tcp 10.0.2.109 49944 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:43:03.728113 0.146169 tcp 10.0.2.109 49945 -> 195.113.214.249 443 SRPA* 0 0 35 19284 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:43:03.888503 2.996407 tcp 10.0.2.109 49946 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:43:12.883621 0.000000 tcp 10.0.2.109 49946 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:46:19.584509 3.002028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 20:46:26.591967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:46:34.595828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:46:50.597052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:47:22.602770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:48:18.884169 0.000126 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 20:48:18.884394 3.003307 tcp 10.0.2.109 49947 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:48:27.888095 0.000000 tcp 10.0.2.109 49947 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:48:33.886727 0.031725 tcp 10.0.2.109 49948 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:48:33.918680 0.033722 tcp 10.0.2.109 49949 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:48:33.952710 0.128481 tcp 10.0.2.109 49950 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/23 20:48:34.097957 3.001853 tcp 10.0.2.109 49951 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:48:43.098279 0.000000 tcp 10.0.2.109 49951 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 20:56:31.615337 3.001230 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 20:56:38.622249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:56:46.623676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:57:02.626738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 20:57:34.632632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:02:25.561282 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 21:02:25.561486 0.099342 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:25.640125 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 21:02:34.153830 3.003763 tcp 10.0.2.109 49952 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:02:41.916609 0.052925 tcp 10.0.2.109 49953 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:02:41.969809 0.055822 tcp 10.0.2.109 49954 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:02:42.025965 0.127277 tcp 10.0.2.109 49955 -> 195.113.214.249 443 SRPA* 0 0 37 31596 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:02:42.154006 0.147079 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:42.292694 0.235786 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:42.794189 0.065216 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:42.859643 0.238226 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:43.156970 0.000000 tcp 10.0.2.109 49952 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:02:43.270710 0.183989 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:43.447151 0.069009 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:43.617368 0.154923 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:43.730654 0.065134 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:43.809320 0.244963 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:44.050523 0.177892 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:44.206565 0.158162 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:44.348633 0.013749 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:44.419356 0.173330 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:44.567389 0.354193 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:45.246794 0.343227 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:45.588804 0.101404 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:45.658662 0.145246 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:45.802049 0.089121 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:45.874959 0.165898 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:46.047857 0.067993 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:46.130290 0.143938 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:46.237761 0.053993 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:46.303360 0.152953 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:46.454227 0.172759 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:46.614911 0.195808 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:46.807914 0.175940 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:46.974909 0.251843 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:02:49.155831 0.032328 tcp 10.0.2.109 49956 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:02:49.188464 0.032910 tcp 10.0.2.109 49957 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:02:49.221692 0.129768 tcp 10.0.2.109 49958 -> 195.113.214.249 443 SRPA* 0 0 35 18288 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:02:49.373952 3.005458 tcp 10.0.2.109 49959 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:02:58.379210 0.000000 tcp 10.0.2.109 49959 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:03:38.641133 2.998711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 21:03:45.646772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:03:53.647265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:04:09.650462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:04:41.656695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:08:04.369057 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 21:08:04.369266 2.992932 tcp 10.0.2.109 49960 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:08:13.371434 0.000000 tcp 10.0.2.109 49960 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:08:19.371410 0.032740 tcp 10.0.2.109 49961 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:08:19.404477 0.054207 tcp 10.0.2.109 49962 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:08:19.458994 0.144187 tcp 10.0.2.109 49963 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:08:19.620559 2.993904 tcp 10.0.2.109 49964 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:08:28.612785 0.000000 tcp 10.0.2.109 49964 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:10:45.661769 3.002717 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 21:10:52.670008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:11:00.671583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:11:16.674210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:11:48.680102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:13:34.623537 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 21:13:34.623786 3.003296 tcp 10.0.2.109 49965 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:13:43.625868 0.000000 tcp 10.0.2.109 49965 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:13:49.626543 0.032461 tcp 10.0.2.109 49966 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:13:49.659316 0.031955 tcp 10.0.2.109 49967 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:13:49.691614 0.125396 tcp 10.0.2.109 49968 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:13:49.852911 3.006170 tcp 10.0.2.109 49969 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:13:58.857546 0.000000 tcp 10.0.2.109 49969 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:17:52.686989 3.001174 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 21:17:59.694009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:18:07.695184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:18:23.698291 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:18:55.704548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:19:04.848258 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 21:19:04.848382 2.993832 tcp 10.0.2.109 49970 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:19:13.850647 0.000000 tcp 10.0.2.109 49970 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:19:19.850887 0.053552 tcp 10.0.2.109 49971 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:19:19.904724 0.032519 tcp 10.0.2.109 49972 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:19:19.937499 0.124931 tcp 10.0.2.109 49973 -> 195.113.214.249 443 SRPA* 0 0 26 14332 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:19:20.096971 2.996997 tcp 10.0.2.109 49974 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:19:29.092531 0.000000 tcp 10.0.2.109 49974 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:24:59.709908 3.002546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 21:25:06.717836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:25:14.719390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:25:30.722647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:26:02.728477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:32:06.735727 2.999943 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 21:32:13.742020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:32:21.743196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:32:37.746835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:32:52.337654 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 21:32:52.337771 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 21:33:08.452361 0.032758 tcp 10.0.2.109 49975 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:33:08.485340 0.031775 tcp 10.0.2.109 49976 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:33:08.517497 0.121712 tcp 10.0.2.109 49977 -> 195.113.214.249 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:33:08.639692 0.144429 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:08.772486 0.224927 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:09.752654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:33:09.855603 0.058831 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:09.924094 0.067253 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:09.973952 0.255152 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:10.352570 0.190341 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:10.534952 0.148267 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:10.682527 0.062367 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:10.835477 0.179683 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:11.009584 0.180275 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:11.168541 0.156684 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2568 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:11.309526 0.013878 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:11.402834 0.174544 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:11.555429 0.346441 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:11.897887 0.337699 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:12.234336 0.103998 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:12.302873 0.150556 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:12.452025 0.091716 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:12.505418 0.168475 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:12.952131 0.071393 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:13.095091 0.141579 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:13.195419 0.055724 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:13.277166 0.195668 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:13.469725 0.176696 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:13.638451 0.159681 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:13.793685 0.173086 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:13.955734 1.003567 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/23 21:33:20.147590 2.994281 tcp 10.0.2.109 49978 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:33:29.150467 0.000000 tcp 10.0.2.109 49978 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:33:35.149434 0.052557 tcp 10.0.2.109 49979 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:33:35.202407 0.032054 tcp 10.0.2.109 49980 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:33:35.234766 0.149563 tcp 10.0.2.109 49981 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:33:35.422369 3.001376 tcp 10.0.2.109 49982 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:33:44.422541 0.000000 tcp 10.0.2.109 49982 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:38:50.422563 0.000099 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 21:38:50.422756 3.003706 tcp 10.0.2.109 49983 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:38:59.425565 0.000000 tcp 10.0.2.109 49983 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:39:05.426774 0.032553 tcp 10.0.2.109 49984 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:39:05.459633 0.032995 tcp 10.0.2.109 49985 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:39:05.492917 0.141688 tcp 10.0.2.109 49986 -> 195.113.214.249 443 SRPA* 0 0 23 12122 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:39:05.659069 2.999297 tcp 10.0.2.109 49987 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:39:13.758810 3.001361 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 21:39:14.657173 0.000000 tcp 10.0.2.109 49987 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:39:20.766309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:39:28.766995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:39:44.770816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:40:16.775935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:44:20.657716 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 21:44:20.657930 3.003622 tcp 10.0.2.109 49988 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:44:29.669537 0.000000 tcp 10.0.2.109 49988 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:44:35.661068 0.032085 tcp 10.0.2.109 49989 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:44:35.693412 0.033624 tcp 10.0.2.109 49990 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:44:35.727343 0.142997 tcp 10.0.2.109 49991 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:44:35.879823 2.993570 tcp 10.0.2.109 49992 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:44:44.872027 0.000000 tcp 10.0.2.109 49992 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:46:20.783271 3.001124 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 21:46:27.789474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:46:35.791362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:46:51.794859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:47:23.800483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:49:50.882557 0.000122 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 21:49:50.882766 3.003592 tcp 10.0.2.109 49993 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:49:59.884690 0.000000 tcp 10.0.2.109 49993 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:50:07.025712 0.033409 tcp 10.0.2.109 49994 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:50:07.059521 0.032325 tcp 10.0.2.109 49995 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:50:07.092170 0.124549 tcp 10.0.2.109 49996 -> 195.113.214.249 443 SRPA* 0 0 33 18096 flow=From-Botnet-V1-TCP-Established 1970/02/23 21:50:07.265255 2.963576 tcp 10.0.2.109 49997 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:50:16.153194 0.000000 tcp 10.0.2.109 49997 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 21:56:32.812883 3.001923 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 21:56:39.819665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:56:47.821375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:57:03.824609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 21:57:35.829885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:03:23.800962 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 22:03:23.801076 0.098333 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:23.879933 0.138389 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:24.010494 0.065065 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:24.061214 0.251089 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 5 1832 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:24.311538 0.059324 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:24.355271 0.240313 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:24.562995 0.188900 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:24.744565 0.148963 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:24.853437 0.062962 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:24.912188 0.184688 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:25.197432 0.180280 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:25.356384 0.157202 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:25.497376 0.013422 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:25.813706 0.175157 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:25.967906 0.353595 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:26.317867 0.145387 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:26.461581 0.092788 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:26.577547 0.170442 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:26.749744 0.342933 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2564 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:27.101532 0.097619 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:27.166904 0.071435 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:27.221014 0.134641 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:27.879465 0.055519 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:27.937088 0.229986 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:28.159232 0.179366 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:28.332358 0.150387 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:28.540653 0.170701 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:28.700545 0.243644 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:03:36.183245 2.990144 tcp 10.0.2.109 49998 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:03:39.836777 3.001400 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 22:03:45.171407 0.000000 tcp 10.0.2.109 49998 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:03:46.844043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:03:51.181629 0.055009 tcp 10.0.2.109 49999 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:03:51.236685 0.032626 tcp 10.0.2.109 50000 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:03:51.269731 0.127556 tcp 10.0.2.109 50001 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:03:51.408314 2.996352 tcp 10.0.2.109 50002 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:03:54.846518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:04:01.221292 0.000000 tcp 10.0.2.109 50002 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:04:11.544822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:04:43.163349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:09:06.404036 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 22:09:06.404158 3.003328 tcp 10.0.2.109 50003 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:09:15.406336 0.000000 tcp 10.0.2.109 50003 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:09:21.406587 0.054439 tcp 10.0.2.109 50004 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:09:21.461332 0.032590 tcp 10.0.2.109 50005 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:09:21.494221 0.122856 tcp 10.0.2.109 50006 -> 195.113.214.249 443 SRPA* 0 0 19 10030 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:09:21.635258 3.004190 tcp 10.0.2.109 50007 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:09:30.638072 0.000000 tcp 10.0.2.109 50007 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:10:46.872550 2.999926 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 22:10:53.877973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:11:01.879634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:11:17.882915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:11:49.888190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:14:36.638914 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 22:14:36.639030 2.993606 tcp 10.0.2.109 50008 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:14:45.640945 0.000000 tcp 10.0.2.109 50008 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:14:51.641427 0.052794 tcp 10.0.2.109 50009 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:14:51.694484 0.032139 tcp 10.0.2.109 50010 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:14:51.726907 0.127136 tcp 10.0.2.109 50011 -> 195.113.214.249 443 SRPA* 0 0 40 22432 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:14:51.864082 3.000501 tcp 10.0.2.109 50012 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:15:00.863253 0.000000 tcp 10.0.2.109 50012 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:17:53.895885 3.000109 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 22:18:00.901760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:18:08.903274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:18:24.905800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:18:56.912481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:20:06.863710 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 22:20:06.863819 3.003370 tcp 10.0.2.109 50013 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:20:15.865790 0.000000 tcp 10.0.2.109 50013 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:20:21.866416 0.053729 tcp 10.0.2.109 50014 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:20:21.920539 0.032113 tcp 10.0.2.109 50015 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:20:21.952933 0.124297 tcp 10.0.2.109 50016 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:20:22.162532 3.006690 tcp 10.0.2.109 50017 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:20:31.167683 0.000000 tcp 10.0.2.109 50017 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:25:00.918430 3.001423 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 22:25:07.925590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:25:15.926850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:25:31.930682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:26:03.936042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:32:07.941590 3.002380 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 22:32:14.949182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:32:22.950842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:32:38.954478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:33:10.959969 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:33:41.364023 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 22:33:41.364220 0.066088 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:41.413968 0.224057 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:41.636038 0.057139 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:41.721862 0.266584 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:41.969556 0.151043 udp 10.0.2.109 3683 <-> 173.179.165.71 5329 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:42.111792 0.240833 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:42.319320 0.178106 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:42.490021 0.143682 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:42.592324 0.066670 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:42.746346 0.172287 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:42.941139 0.013821 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:42.974778 0.180824 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2525 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:43.131263 0.177147 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:43.332869 0.158693 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:43.475226 0.354008 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:43.825371 0.150779 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:43.973828 0.088980 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:44.025439 0.170573 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:44.197344 0.069265 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:44.248152 0.132459 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:44.346476 0.056407 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:44.428021 0.354030 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:44.780765 0.106946 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:44.907366 0.223299 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:45.133195 0.178263 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:45.305228 0.152653 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:45.453334 0.183751 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:45.625851 0.239684 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/23 22:33:52.210534 2.993187 tcp 10.0.2.109 50018 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:34:01.202760 0.000000 tcp 10.0.2.109 50018 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:34:07.216405 0.032883 tcp 10.0.2.109 50019 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:34:07.249625 0.032283 tcp 10.0.2.109 50020 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:34:07.282260 0.123816 tcp 10.0.2.109 50021 -> 195.113.214.249 443 SRPA* 0 0 21 11598 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:34:07.416566 2.999279 tcp 10.0.2.109 50022 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:34:16.414908 0.000000 tcp 10.0.2.109 50022 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:39:14.966229 3.001689 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 22:39:21.973706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:39:22.415171 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 22:39:22.415367 3.003403 tcp 10.0.2.109 50023 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:39:29.975272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:39:31.417227 0.000000 tcp 10.0.2.109 50023 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:39:37.417873 0.032332 tcp 10.0.2.109 50024 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:39:37.450502 0.032517 tcp 10.0.2.109 50025 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:39:37.483393 0.125012 tcp 10.0.2.109 50026 -> 195.113.214.249 443 SRPA* 0 0 32 17702 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:39:37.618827 3.001529 tcp 10.0.2.109 50027 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:39:45.978248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:39:46.619050 0.000000 tcp 10.0.2.109 50027 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:40:17.984535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:44:52.619777 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 22:44:52.619989 2.993153 tcp 10.0.2.109 50028 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:45:01.612082 0.000000 tcp 10.0.2.109 50028 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:45:07.622612 0.032742 tcp 10.0.2.109 50029 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:45:07.655680 0.054067 tcp 10.0.2.109 50030 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:45:07.710023 0.140694 tcp 10.0.2.109 50031 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:45:07.860564 2.994893 tcp 10.0.2.109 50032 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:45:16.853928 0.000000 tcp 10.0.2.109 50032 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:46:21.990017 3.002046 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 22:46:28.997727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:46:36.999203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:46:53.002329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:47:25.009068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:50:22.854689 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 22:50:22.854789 3.002813 tcp 10.0.2.109 50033 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:50:31.856778 0.000000 tcp 10.0.2.109 50033 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:50:37.856839 0.052497 tcp 10.0.2.109 50034 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:50:37.909653 0.054439 tcp 10.0.2.109 50035 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:50:37.964376 0.152371 tcp 10.0.2.109 50036 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/23 22:50:38.138515 3.001987 tcp 10.0.2.109 50037 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:50:47.138535 0.000000 tcp 10.0.2.109 50037 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 22:56:29.024567 3.000038 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 22:56:36.030592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:56:44.032138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:57:00.034982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 22:57:32.041235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:03:36.047531 3.000568 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 23:03:43.054412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:03:51.055819 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:04:07.058794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:04:10.484954 0.000070 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 23:04:10.485122 0.153324 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:10.619404 0.096475 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:10.695713 0.065291 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:10.780615 0.225336 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:11.006644 0.000000 udp 10.0.2.109 3683 -> 173.179.165.71 5329 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 23:04:23.192494 3.003985 tcp 10.0.2.109 50038 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:04:28.240985 0.053925 tcp 10.0.2.109 50039 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:04:28.295304 0.032888 tcp 10.0.2.109 50040 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:04:28.328490 0.105861 tcp 10.0.2.109 50041 -> 195.113.214.249 443 SRPA* 0 0 33 24780 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:04:28.434971 0.243238 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:28.641274 0.184524 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:28.818557 0.149180 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:28.929688 0.055500 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:29.007541 0.175655 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:29.179702 0.013475 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:29.241553 0.171239 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:29.389882 0.177448 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:29.548851 0.155838 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:29.688534 0.353924 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:30.239423 0.150860 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:30.388361 0.089766 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:30.635020 0.162254 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:30.805789 0.073103 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:30.861290 0.138996 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:30.962060 0.055148 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:31.025078 0.341770 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:31.368111 0.099638 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:31.435873 0.144669 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:31.582002 0.178292 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:31.748604 0.244851 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:31.973463 0.195789 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:32.166451 0.181500 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:04:32.194954 0.000000 tcp 10.0.2.109 50038 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:04:38.194939 0.051622 tcp 10.0.2.109 50042 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:04:38.246865 0.032054 tcp 10.0.2.109 50043 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:04:38.279223 0.105837 tcp 10.0.2.109 50044 -> 195.113.214.249 443 SRPA* 0 0 56 36893 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:04:38.967008 3.001925 tcp 10.0.2.109 50045 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:04:39.064738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:04:47.968894 0.000000 tcp 10.0.2.109 50045 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:09:53.967997 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 23:09:53.968182 2.993659 tcp 10.0.2.109 50046 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:10:02.970778 0.000000 tcp 10.0.2.109 50046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:10:08.971091 0.052795 tcp 10.0.2.109 50047 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:10:09.024159 0.032464 tcp 10.0.2.109 50048 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:10:09.056894 0.178360 tcp 10.0.2.109 50049 -> 195.113.214.249 443 SRPA* 0 0 21 10308 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:10:09.301316 3.002537 tcp 10.0.2.109 50050 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:10:18.302722 0.000000 tcp 10.0.2.109 50050 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:10:43.070930 3.001683 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 23:10:50.078439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:10:58.079783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:11:14.083356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:11:46.088781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:15:24.303566 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 23:15:24.303770 3.003382 tcp 10.0.2.109 50051 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:15:33.308072 0.000000 tcp 10.0.2.109 50051 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:15:39.306626 0.032986 tcp 10.0.2.109 50052 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:15:39.340012 0.032793 tcp 10.0.2.109 50053 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:15:39.373078 0.127269 tcp 10.0.2.109 50054 -> 195.113.214.249 443 SRPA* 0 0 38 33414 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:15:39.512638 3.005978 tcp 10.0.2.109 50055 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:15:48.517200 0.000000 tcp 10.0.2.109 50055 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:17:50.096167 3.000385 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 23:17:57.102464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:18:05.104053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:18:21.106836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:18:53.112975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:20:54.507718 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 23:20:54.507922 2.993775 tcp 10.0.2.109 50056 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:21:03.510393 0.000000 tcp 10.0.2.109 50056 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:21:09.511434 0.053846 tcp 10.0.2.109 50057 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:21:09.565683 0.054741 tcp 10.0.2.109 50058 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:21:09.620831 0.145152 tcp 10.0.2.109 50059 -> 195.113.214.249 443 SRPA* 0 0 33 19424 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:21:09.778652 2.994626 tcp 10.0.2.109 50060 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:21:18.772641 0.000000 tcp 10.0.2.109 50060 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:24:57.121964 2.998580 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 23:25:04.126511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:25:12.127934 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:25:28.130788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:26:00.137041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:32:04.142825 3.001682 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 23:32:11.150210 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:32:19.152114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:32:35.154858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:33:07.161068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:34:33.915880 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 23:34:33.916073 0.000000 udp 10.0.2.109 3683 -> 173.179.165.71 5329 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/23 23:34:52.895532 0.054411 tcp 10.0.2.109 50061 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:34:52.950476 0.033068 tcp 10.0.2.109 50062 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:34:52.983954 0.120442 tcp 10.0.2.109 50063 -> 195.113.214.249 443 SRPA* 0 0 21 12468 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:34:53.104973 0.225451 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:34:53.327441 0.086832 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 4 1572 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:34:54.825443 3.004030 tcp 10.0.2.109 50064 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:35:03.828349 0.000000 tcp 10.0.2.109 50064 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:35:09.617297 0.052098 tcp 10.0.2.109 50065 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:35:09.669772 0.054944 tcp 10.0.2.109 50066 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:35:09.724979 0.148147 tcp 10.0.2.109 50067 -> 195.113.214.249 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:35:09.827308 0.052625 tcp 10.0.2.109 50068 -> 195.113.214.234 80 FSPA* 0 0 10 1884 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:35:09.873871 0.058787 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:09.880261 0.032783 tcp 10.0.2.109 50069 -> 195.113.214.249 80 FSPA* 0 0 10 1916 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:35:09.913363 0.126914 tcp 10.0.2.109 50070 -> 195.113.214.249 443 SRPA* 0 0 21 10305 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:35:09.915930 0.067906 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:09.964474 0.247521 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:10.049800 2.991945 tcp 10.0.2.109 50071 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:35:10.175978 0.183847 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:10.352843 0.135069 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:10.448670 0.047973 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:10.500390 0.179532 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:10.657017 0.173354 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:10.810754 0.157628 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:10.952405 0.175569 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:11.124431 0.013709 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:11.160954 0.354514 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:11.510775 0.150826 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:11.660036 0.087624 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:11.713920 0.167977 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:11.900942 0.072710 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:11.956436 0.141727 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:12.059836 0.055331 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:12.116981 0.144855 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2600 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:12.269499 0.176453 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:12.435622 0.245632 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:12.662293 0.356861 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:13.059817 0.104337 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:13.129778 0.191262 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:13.318341 0.181001 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/23 23:35:19.052833 0.000000 tcp 10.0.2.109 50071 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:39:11.167982 3.000494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 23:39:18.174273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:39:26.175733 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:39:42.178815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:40:14.184800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:40:25.050587 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 23:40:25.050734 2.993824 tcp 10.0.2.109 50072 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:40:34.043211 0.000000 tcp 10.0.2.109 50072 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:40:40.053916 0.032590 tcp 10.0.2.109 50073 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:40:40.086814 0.055439 tcp 10.0.2.109 50074 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:40:40.142612 0.121361 tcp 10.0.2.109 50075 -> 195.113.214.249 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:40:40.295890 3.000804 tcp 10.0.2.109 50076 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:40:49.295415 0.000000 tcp 10.0.2.109 50076 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:45:55.295974 0.000220 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 23:45:55.296289 3.003279 tcp 10.0.2.109 50077 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:46:04.298148 0.000000 tcp 10.0.2.109 50077 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:46:10.298515 0.054331 tcp 10.0.2.109 50078 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:46:10.353164 0.032744 tcp 10.0.2.109 50079 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:46:10.386369 0.140109 tcp 10.0.2.109 50080 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:46:10.536930 3.004459 tcp 10.0.2.109 50081 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:46:18.190653 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/23 23:46:19.549718 0.000000 tcp 10.0.2.109 50081 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:46:25.198473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:46:33.199732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:46:49.202668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:47:21.208789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:51:25.540524 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 23:51:25.540643 2.993603 tcp 10.0.2.109 50082 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:51:34.533242 0.000000 tcp 10.0.2.109 50082 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:51:40.543600 0.031950 tcp 10.0.2.109 50083 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:51:40.575845 0.054954 tcp 10.0.2.109 50084 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:51:40.631135 0.146283 tcp 10.0.2.109 50085 -> 195.113.214.249 443 SRPA* 0 0 34 19478 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:51:41.182863 3.004001 tcp 10.0.2.109 50086 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:51:50.185313 0.000000 tcp 10.0.2.109 50086 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:56:28.217795 3.001877 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/23 23:56:35.225180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:56:43.226642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:56:56.186003 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/23 23:56:56.186202 3.003526 tcp 10.0.2.109 50087 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:56:59.229822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/23 23:57:05.187713 0.000000 tcp 10.0.2.109 50087 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:57:11.188979 0.052578 tcp 10.0.2.109 50088 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:57:11.241877 0.055580 tcp 10.0.2.109 50089 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:57:11.297776 0.143088 tcp 10.0.2.109 50090 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/23 23:57:11.499939 2.991858 tcp 10.0.2.109 50091 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:57:20.500603 0.000000 tcp 10.0.2.109 50091 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/23 23:57:31.235870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:03:35.491614 2.976313 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 00:03:42.476253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:03:50.440017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:04:06.313263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:04:38.350387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:05:27.931424 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 00:05:27.931528 0.094513 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:28.007137 0.225846 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:31.564986 0.059624 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:31.777348 0.066961 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:31.956636 0.243127 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:32.164337 0.185051 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:32.528352 0.354791 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:34.329241 0.115741 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:38.917755 0.177898 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:39.627698 0.179177 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:41.430917 0.156309 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:41.964775 1.978012 tcp 10.0.2.109 50092 -> 176.73.169.112 1959 FSPA* 0 0 15 1740 flow=From-Botnet-V1-TCP-Established 1970/02/24 00:05:42.087687 0.180602 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:43.943382 0.013683 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:45.985855 0.354240 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:47.174774 0.165240 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:49.205273 0.742420 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:51.456591 0.162682 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:52.104346 0.073000 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2001 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:52.831501 0.139954 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:54.285702 0.166689 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:55.671593 0.244318 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:56.221474 0.496049 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:57.636317 0.056444 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:58.431203 0.146553 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:59.604034 0.180666 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:05:59.960820 0.157244 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:06:00.540694 0.191566 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:10:44.358846 3.002095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 00:10:56.024613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:11:03.910079 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:11:20.275411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:11:51.853941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:17:51.403149 3.001445 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 00:17:58.410419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:18:06.411840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:18:22.414649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:18:54.420782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:24:58.427689 3.000875 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 00:25:05.434462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:25:13.436875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:25:29.438964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:26:01.444942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:32:05.450938 3.002153 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 00:32:12.458065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:32:20.459605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:32:36.462691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:33:08.468584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:35:43.942975 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 00:35:43.943212 0.532307 tcp 10.0.2.109 50093 -> 176.73.169.112 1959 FSPA* 0 0 15 1573 flow=From-Botnet-V1-TCP-Established 1970/02/24 00:36:27.915863 0.095025 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:27.992349 0.067146 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:28.043852 0.242165 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:28.250580 0.224699 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:28.473831 0.058459 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:28.515658 0.186030 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:28.694267 0.151679 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:28.804855 0.056294 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:28.887538 0.177752 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:29.043232 0.176879 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:29.201071 0.157872 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:29.342821 0.177063 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:29.515291 0.013564 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:29.559371 0.354168 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:29.909597 0.150363 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:30.058131 0.203241 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:30.227599 0.165534 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:30.404281 0.073056 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:30.482495 0.145445 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:30.590769 0.170705 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:30.749966 0.250539 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:31.078381 0.354608 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:31.454281 0.054299 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:31.527595 0.152388 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:31.676028 0.182478 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:31.848758 0.103824 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:31.919857 0.195486 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/24 00:36:32.722568 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 00:39:12.475189 3.001008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 00:39:19.482345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:39:27.483946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:39:43.486929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:40:15.502749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:46:19.508605 3.001556 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 00:46:26.516024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:46:34.517278 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:46:50.520046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:47:22.526446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:56:29.535507 3.001733 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 00:56:36.543257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:56:44.544626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:57:00.547675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 00:57:32.553807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:03:36.560546 3.000746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 01:03:43.567331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:03:51.568444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:04:07.571686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:04:39.577446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:05:44.481557 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 01:05:44.481680 0.579764 tcp 10.0.2.109 50094 -> 176.73.169.112 1959 FSPA* 0 0 16 1814 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:06:56.434914 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 01:06:56.435028 0.095555 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:06:56.511554 0.073423 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:06:58.168181 0.257281 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:06:58.388705 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 01:07:15.572485 0.053063 tcp 10.0.2.109 50095 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:07:15.625969 0.054830 tcp 10.0.2.109 50096 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:07:15.681083 0.162318 tcp 10.0.2.109 50097 -> 195.113.214.249 443 SRPA* 0 0 41 35374 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:07:15.844188 0.060581 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:15.887244 0.189302 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:16.068570 0.141522 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:16.173708 0.064551 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:16.230351 0.178686 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:16.385199 0.176610 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:16.541338 0.154882 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:16.680182 0.245073 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:16.921654 0.013628 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:17.031026 0.346912 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:17.373684 0.150606 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:17.608922 0.069379 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:17.662887 0.157829 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:17.779524 0.178511 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:17.946628 0.193788 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:18.106166 0.170878 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:18.272309 0.247307 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:18.497928 0.352781 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:18.948962 0.056166 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:19.333543 0.153339 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:19.668102 0.180580 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:19.849083 0.102149 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:07:20.080908 0.196897 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:10:45.586305 3.001667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 01:10:52.594022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:11:00.595503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:11:16.598119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:11:48.604544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:17:52.610704 3.035101 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 01:17:59.627417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:18:07.629386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:18:23.632492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:18:55.638639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:24:59.645450 3.000515 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 01:25:06.651862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:25:14.653242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:25:30.656609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:26:02.662573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:32:06.669550 3.000611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 01:32:13.676038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:32:21.677382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:32:37.680481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:33:09.686660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:35:45.060214 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 01:35:45.060413 0.651016 tcp 10.0.2.109 50098 -> 176.73.169.112 1959 FSPA* 0 0 15 1574 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:37:36.770800 0.000162 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 01:37:36.771064 0.224992 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:37:36.993050 0.204082 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:37:37.178422 0.482887 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2558 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:37:37.644352 0.000000 udp 10.0.2.109 3683 -> 69.108.73.253 6433 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 01:37:55.539145 0.055110 tcp 10.0.2.109 50099 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:37:55.594546 0.056830 tcp 10.0.2.109 50100 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:37:55.651645 0.150150 tcp 10.0.2.109 50101 -> 195.113.214.249 443 SRPA* 0 0 33 18134 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:37:55.802171 0.065285 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:37:55.848186 0.189260 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:37:56.030151 0.142950 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:37:56.132590 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 01:38:11.801070 0.053798 tcp 10.0.2.109 50102 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:38:11.855136 0.058032 tcp 10.0.2.109 50103 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:38:11.913463 0.150417 tcp 10.0.2.109 50104 -> 195.113.214.249 443 SRPA* 0 0 24 12594 flow=From-Botnet-V1-TCP-Established 1970/02/24 01:38:12.064467 0.158230 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:12.206104 0.172226 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:12.374899 0.013447 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:12.422630 0.177769 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:12.577079 0.174951 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:12.730333 0.353486 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:13.079794 0.150253 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:13.228422 0.071501 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:13.606905 0.139038 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:13.710523 0.171317 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:13.870216 0.087854 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:13.925177 0.353123 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:14.288804 0.167905 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:14.482424 0.249385 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:14.712698 0.182524 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:14.884041 0.061385 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:15.020554 0.150161 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:15.205150 0.098971 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:38:15.273659 0.189770 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/24 01:39:13.692972 3.001072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 01:39:20.699866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:39:28.701735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:39:44.706894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:40:16.710490 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:46:20.716158 3.001887 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 01:46:27.723719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:46:35.725326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:46:51.728430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:47:23.734303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:56:30.743261 3.001992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 01:56:37.750979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:56:45.752379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:57:01.755612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 01:57:33.761597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:03:37.771181 2.998089 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 02:03:44.775018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:03:52.775809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:04:08.778889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:04:40.785289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:05:45.719240 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 02:05:45.719358 0.554103 tcp 10.0.2.109 50105 -> 176.73.169.112 1959 FSPA* 0 0 15 1762 flow=From-Botnet-V1-TCP-Established 1970/02/24 02:08:25.929486 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 02:08:25.929693 0.252627 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:26.149465 0.059366 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:26.228418 0.224399 rtcp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 3 1208 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:41.593424 0.054757 tcp 10.0.2.109 50106 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 02:08:41.648547 0.056094 tcp 10.0.2.109 50107 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 02:08:41.704894 0.143917 tcp 10.0.2.109 50108 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/24 02:08:41.849447 0.099979 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:41.930595 0.068227 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:42.053732 0.184212 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:42.566946 0.060208 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:42.730762 0.153611 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:43.366925 0.013708 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:44.512912 0.178644 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:45.649400 0.180351 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:46.470913 0.153166 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:47.122728 0.171427 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:48.943772 0.352854 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:49.292828 0.145620 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:49.560251 0.074164 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:50.212294 0.137009 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:50.311499 0.173274 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:50.736692 0.090804 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:50.877893 0.244233 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:51.789600 0.467534 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:52.248498 0.054927 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:52.306945 0.351368 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:52.734898 1.025221 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:54.821874 0.196297 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:55.343626 0.144163 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:08:55.712016 0.564005 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:10:46.794323 3.001677 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 02:10:53.801694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:11:01.803124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:11:17.805845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:11:49.812084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:17:53.818941 3.001150 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 02:18:00.825575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:18:08.827136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:18:24.830028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:18:56.836709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:25:00.842275 3.001732 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 02:25:07.849279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:25:15.850500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:25:31.854479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:26:03.860057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:32:07.866408 3.001374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 02:32:14.874787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:32:22.875103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:32:38.878034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:33:10.884365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:35:46.277919 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 02:35:46.278006 0.557623 tcp 10.0.2.109 50109 -> 176.73.169.112 1959 FSPA* 0 0 15 1609 flow=From-Botnet-V1-TCP-Established 1970/02/24 02:39:07.809001 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 02:39:07.809122 0.225123 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:08.038151 0.239045 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2592 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:08.240090 0.059152 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:08.308868 0.094082 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:08.383018 0.072825 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:08.438114 0.189974 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:08.620848 0.063255 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:08.665967 0.146853 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:08.771679 0.013573 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:08.892143 0.176824 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:09.044979 0.171529 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:09.195455 0.155253 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:09.334991 0.180154 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:09.511961 0.353579 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:09.861762 0.150644 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2580 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:10.011055 0.073974 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2559 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:10.104273 0.244934 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:10.313208 0.137172 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:10.411873 0.170634 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:10.571048 0.243927 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:10.795739 0.173660 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:10.962577 0.056483 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2058 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:11.022230 0.349240 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:11.383724 0.170362 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:11.549320 0.191297 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:11.737753 0.149605 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:11.885897 0.103381 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/24 02:39:14.889905 3.001746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 02:39:21.897785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:39:29.898984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:39:45.902176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:40:17.907970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:46:21.914857 3.000827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 02:46:28.921358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:46:36.923131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:46:52.926063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:47:24.932061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:56:31.941925 3.000933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 02:56:38.948631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:56:46.952116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:57:02.952987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 02:57:34.959180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:03:38.965484 3.001529 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 03:03:45.972773 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:03:53.973783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:04:09.977145 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:04:41.983699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:05:46.836389 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 03:05:46.836569 0.589465 tcp 10.0.2.109 50110 -> 176.73.169.112 1959 FSPA* 0 0 14 1720 flow=From-Botnet-V1-TCP-Established 1970/02/24 03:09:28.475416 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 03:09:28.475521 0.224990 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:28.698457 0.256010 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:28.919028 0.051099 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:28.968496 0.182642 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:29.132491 0.073287 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:29.188433 0.182664 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:29.364722 0.059914 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:29.409788 0.149741 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:29.523317 0.013605 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:29.538293 0.180610 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:29.696334 0.178688 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:29.854381 0.157050 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:29.995414 0.171877 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:30.164966 0.352732 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:30.513901 0.150151 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:30.662217 0.100169 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2622 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:30.776508 1.329451 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:32.070782 0.171187 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:32.204720 0.176588 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:32.369211 0.247070 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:32.643100 0.177106 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:32.810399 0.054885 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:32.966483 0.190978 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:33.154961 0.150814 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:33.321216 0.380259 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:33.712850 0.172040 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:09:33.974425 0.101545 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:10:47.992112 3.001814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 03:10:54.999324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:11:03.000787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:11:19.004185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:11:51.009607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:17:55.016538 3.000711 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 03:18:02.023500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:18:10.024871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:18:26.027494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:18:58.033776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:25:02.039735 3.002740 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 03:25:09.047185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:25:17.048743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:25:33.051848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:26:05.057689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:32:09.064124 3.001548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 03:32:16.071606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:32:24.072901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:32:40.075947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:33:12.082345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:35:47.425650 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 03:35:47.425757 0.550200 tcp 10.0.2.109 50111 -> 176.73.169.112 1959 FSPA* 0 0 15 1670 flow=From-Botnet-V1-TCP-Established 1970/02/24 03:39:16.089209 3.000722 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 03:39:23.095360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:39:31.096844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:39:47.099743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:40:01.881404 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 03:40:01.881595 0.225525 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:02.144788 0.248172 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2575 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:02.356000 0.056117 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:02.446632 0.153334 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:02.579399 0.071914 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:02.634569 0.179044 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:02.805795 0.059857 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:02.849803 0.141073 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:02.963505 0.013760 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:02.992611 0.179041 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:03.148239 0.178576 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:03.306498 0.168202 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:03.458305 0.172151 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:03.627504 0.352669 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:03.976213 0.149650 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:04.124702 0.069067 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:04.211888 0.259439 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:04.435766 0.549962 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:04.946212 0.166793 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:05.101463 0.245349 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:05.325575 0.178464 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:05.495777 0.054983 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:05.575836 0.195879 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:05.768729 0.165683 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:05.948412 0.102955 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:06.017667 0.150318 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:06.169621 0.365341 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/24 03:40:19.105989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:46:23.112679 3.000776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 03:46:30.119060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:46:38.120686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:46:54.123983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:47:26.130035 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:56:34.139913 3.002054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 03:56:41.147786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:56:49.149271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:57:05.152533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 03:57:37.158323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:03:41.164087 3.002535 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 04:03:48.171892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:03:56.173178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:04:12.176499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:04:44.182298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:05:47.984400 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 04:05:47.984482 0.497985 tcp 10.0.2.109 50112 -> 176.73.169.112 1959 FSPA* 0 0 14 1704 flow=From-Botnet-V1-TCP-Established 1970/02/24 04:10:16.790177 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 04:10:16.790351 0.226105 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 3 899 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.015179 0.238425 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.218516 0.063126 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.278512 0.094931 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.353519 0.072344 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.409077 0.184656 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.585657 0.060548 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.647393 0.136264 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.744540 0.013550 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.765989 0.173478 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:17.916824 0.175551 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:18.072720 0.155043 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:18.212286 0.179122 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:18.387740 0.352951 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:18.737426 1.433599 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:20.134454 0.555326 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2557 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:20.649648 0.150582 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:20.798188 0.073372 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:20.903386 0.173409 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:21.064553 0.252521 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:21.296828 0.181456 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2573 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:21.468934 0.055052 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:21.526689 0.191407 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:21.715901 0.167639 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:21.972482 0.100858 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:22.042731 0.143225 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:22.207019 0.358745 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:10:50.190483 3.002332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 04:10:57.198739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:11:05.199890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:11:21.203201 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:11:53.209185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:17:57.216574 3.000194 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 04:18:04.222610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:18:12.224064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:18:28.227012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:19:00.232882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:25:04.239344 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 04:25:11.246602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:25:19.247500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:25:35.250983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:26:07.256984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:32:11.263445 3.001266 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 04:32:18.270401 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:32:26.271816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:32:42.274951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:33:14.281197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:35:48.483300 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 04:35:48.483409 0.471353 tcp 10.0.2.109 50113 -> 176.73.169.112 1959 FSPA* 0 0 15 1695 flow=From-Botnet-V1-TCP-Established 1970/02/24 04:39:18.288312 3.000394 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 04:39:25.294409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:39:33.295865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:39:49.302813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:40:21.305260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:40:25.731645 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 04:40:25.731733 0.231439 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 4 1355 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:25.985476 0.249985 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:26.317837 0.064607 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:26.810362 0.095660 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:27.345605 0.107282 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:27.577658 0.189329 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:27.758911 0.063912 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:28.868007 0.236880 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:29.190279 0.013869 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:29.374133 0.176556 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:29.528264 0.176922 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:29.683249 0.158647 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:29.826315 0.177075 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:31.313556 0.353208 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:32.595847 0.150371 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:32.744988 0.083332 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:34.356922 0.172163 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:34.518456 1.499237 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:35.982838 0.564164 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:36.509607 0.244968 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:36.732129 0.175607 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:36.898048 0.056674 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:36.956425 0.196691 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:37.150524 0.171199 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:37.316660 0.100619 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:37.383291 0.151148 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:40:37.538672 0.367890 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/24 04:46:25.311225 3.001623 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 04:46:32.318469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:46:40.319919 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:46:56.323154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:47:28.329043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:56:36.340173 3.000872 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 04:56:43.346747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:56:51.348489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:57:07.351611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 04:57:39.357779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:03:43.364067 3.000984 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 05:03:50.371085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:03:58.372705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:04:14.379320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:04:46.381478 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:05:48.961830 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 05:05:48.962114 0.539677 tcp 10.0.2.109 50114 -> 176.73.169.112 1959 FSPA* 0 0 15 1674 flow=From-Botnet-V1-TCP-Established 1970/02/24 05:10:48.953052 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 05:10:48.953165 0.224096 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:49.175517 0.248213 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:49.387544 0.079401 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:49.584997 0.190868 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:49.768394 0.974672 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 2 358 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:50.743525 0.075789 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2637 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:50.800623 0.060274 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:50.843037 0.178961 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:50.998190 0.180564 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:51.156246 0.154787 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:51.294505 0.143416 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:51.398658 3.002121 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 05:10:51.398924 0.013793 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:51.435092 0.244893 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:51.676533 0.352706 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:52.025659 0.145256 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:52.169216 0.076238 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:52.248094 0.170343 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:52.407806 0.410979 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:52.782749 0.545108 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:53.286480 0.248140 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:53.620320 0.182104 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:53.794208 0.055539 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:53.963537 0.102277 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:54.031288 0.154054 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:54.183960 0.359886 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:54.589433 0.197021 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:54.783251 0.168655 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:10:58.406394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:11:06.408109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:11:22.410937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:11:54.419216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:17:58.422744 3.001907 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 05:18:05.430403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:18:13.431621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:18:29.434815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:19:01.441066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:25:05.447902 3.000563 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 05:25:12.454758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:25:20.455725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:25:36.458791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:26:08.465206 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:32:12.470981 3.001611 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 05:32:19.478554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:32:27.480010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:32:43.487512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:33:15.488668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:35:49.500414 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 05:35:49.500580 0.547795 tcp 10.0.2.109 50115 -> 176.73.169.112 1959 FSPA* 0 0 15 1729 flow=From-Botnet-V1-TCP-Established 1970/02/24 05:39:19.495878 3.000609 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 05:39:26.502009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:39:34.503829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:39:50.506836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:40:22.512866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:40:56.201427 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 05:40:56.201613 0.122788 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:40:56.365022 0.251698 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:40:56.956532 0.224490 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2035 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:40:59.292863 0.250488 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:40:59.507633 0.064469 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:40:59.554514 0.179732 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2547 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:00.283669 0.912061 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 2 522 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:16.561915 0.060269 tcp 10.0.2.109 50116 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 05:41:16.621911 0.057715 tcp 10.0.2.109 50117 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 05:41:16.679911 0.127813 tcp 10.0.2.109 50118 -> 195.113.214.249 443 SRPA* 0 0 54 37489 flow=From-Botnet-V1-TCP-Established 1970/02/24 05:41:16.807979 0.074009 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:16.863679 0.180042 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:17.022478 0.157773 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:17.164292 0.181323 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:17.307001 0.014904 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:17.341276 0.172986 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:17.511441 0.349118 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:17.856720 0.170972 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:18.169221 0.445296 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:18.578083 0.150144 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 1988 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:18.726538 0.072302 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:18.782389 0.527681 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:19.271930 0.248139 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:19.514295 0.175930 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:19.682068 0.056769 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:19.758015 0.101383 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:19.825891 0.194592 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:20.275089 0.167945 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:20.447384 0.150352 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:41:20.604046 0.357062 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/24 05:46:26.518947 3.001335 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 05:46:33.525929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:46:41.527613 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:46:57.530526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:47:29.538377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:56:31.548142 3.001977 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 05:56:38.556022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:56:46.559261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:57:02.560381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 05:57:34.566792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:03:38.572421 3.002175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 06:03:45.840875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:03:53.767828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:04:09.618936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:04:41.600421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:05:50.049373 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 06:05:50.049471 0.571791 tcp 10.0.2.109 50119 -> 176.73.169.112 1959 FSPA* 0 0 15 1725 flow=From-Botnet-V1-TCP-Established 1970/02/24 06:10:46.607684 3.002061 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 06:10:53.617437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:11:01.616775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:11:17.619945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:11:26.613289 0.000036 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 06:11:26.613379 0.094900 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:26.689141 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 06:11:43.099079 0.054307 tcp 10.0.2.109 50120 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 06:11:43.153665 0.059193 tcp 10.0.2.109 50121 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 06:11:43.213143 0.145794 tcp 10.0.2.109 50122 -> 195.113.214.249 443 SRPA* 0 0 25 14790 flow=From-Botnet-V1-TCP-Established 1970/02/24 06:11:43.359579 0.184953 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:43.536298 0.234386 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:44.325558 0.248281 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:44.537834 0.059325 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:44.736740 0.178173 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:44.891288 0.072487 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:45.846912 0.179758 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:46.004956 0.157589 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:46.146755 1.186625 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:47.294534 0.013560 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:47.356059 0.181908 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:47.690414 0.348461 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:48.034908 0.150065 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:48.417846 0.072160 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:48.867509 0.173314 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:49.312863 0.155501 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:49.564413 0.692641 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:49.626048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:11:50.218714 0.242689 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:50.512060 0.179414 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:50.683410 0.056209 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:50.856638 0.105283 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:50.927458 0.154683 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:51.076390 0.357821 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:51.549484 0.192014 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:11:51.738977 0.168318 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:17:53.632893 3.000664 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 06:18:00.638822 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:18:08.640249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:18:24.644054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:18:58.230305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:25:00.667188 3.000546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 06:25:07.673512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:25:15.674815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:25:31.677871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:26:03.683610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:32:07.689877 3.001659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 06:32:14.697149 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:32:22.698973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:32:38.701714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:33:10.707856 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:35:50.628072 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 06:35:50.628220 0.539351 tcp 10.0.2.109 50123 -> 176.73.169.112 1959 FSPA* 0 0 15 1620 flow=From-Botnet-V1-TCP-Established 1970/02/24 06:39:14.714914 3.001901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 06:39:21.721128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:39:29.722821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:39:45.725391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:40:17.732000 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:42:13.668248 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 06:42:13.668433 0.061094 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:13.720480 0.099563 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:14.705540 0.180029 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:14.876790 0.229307 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:15.103742 0.242506 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:15.827033 0.063512 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:16.134311 0.177530 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:16.448708 0.157629 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:16.590054 0.077950 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:16.892696 0.178751 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:17.146338 0.139628 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:17.247688 0.013844 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:17.482279 0.172629 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:17.651155 0.353599 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:18.000750 0.150555 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:18.149513 0.073471 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:18.325779 0.171678 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:18.486860 0.467855 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:18.917578 0.532994 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:19.412974 0.246210 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:19.640417 0.178858 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:19.913904 0.055720 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:20.488891 0.349389 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:21.485477 0.190949 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:21.673840 0.100512 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:21.939648 0.152035 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:42:22.107923 0.169350 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/24 06:46:21.737504 3.002267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 06:46:28.745217 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:46:36.746843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:46:52.749611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:47:24.755816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:56:29.763025 3.000655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 06:56:36.768999 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:56:44.770987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:57:01.713575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 06:57:33.324715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:03:36.795568 3.001911 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 07:03:43.803605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:03:51.805020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:04:07.807756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:04:39.814178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:05:51.167130 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 07:05:51.167235 0.736411 tcp 10.0.2.109 50124 -> 176.73.169.112 1959 FSPA* 0 0 15 1573 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:10:43.819880 3.001742 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 07:10:50.827302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:10:58.829019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:11:14.831991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:11:46.837825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:12:23.170434 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 07:12:23.170634 0.101813 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:23.213306 0.153019 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:25.540884 0.184896 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:27.151914 0.225157 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:27.373682 0.241522 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:27.627481 0.062185 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:29.242879 0.179876 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:29.582704 0.156536 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:29.723696 0.071120 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 1974 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:29.957016 0.014047 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:30.784073 0.172309 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:30.989726 0.179809 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:31.146940 0.220774 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:31.411322 0.353514 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:31.761237 0.150322 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:32.034451 0.074230 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:32.343489 0.174770 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:32.507634 0.257129 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:34.422813 0.182945 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:34.597513 0.357523 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:34.917219 0.141536 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:36.303590 0.054066 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:36.996598 0.358050 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:37.701961 0.196210 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:37.895350 0.169054 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:38.088202 0.104755 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:12:38.158817 0.150226 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:17:50.843531 3.002351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 07:17:57.851314 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:18:05.853023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:18:21.855974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:18:53.861836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:24:57.871524 2.997852 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 07:25:04.875322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:25:12.876759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:25:28.880604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:26:00.885255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:32:04.902819 3.000712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 07:32:11.909397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:32:19.910985 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:32:35.913860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:33:09.123133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:35:51.906525 0.000089 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 07:35:51.906690 0.533036 tcp 10.0.2.109 50125 -> 176.73.169.112 1959 FSPA* 0 0 14 1667 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:39:11.936021 3.001477 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 07:39:18.943505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:39:26.944956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:39:42.947493 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:40:14.953806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:43:07.121804 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 07:43:07.121909 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 210 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 07:43:22.184843 0.053554 tcp 10.0.2.109 50126 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:43:22.238697 0.054497 tcp 10.0.2.109 50127 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:43:22.293466 0.152788 tcp 10.0.2.109 50128 -> 195.113.214.249 443 SRPA* 0 0 21 10308 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:43:22.446828 0.096255 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:22.522471 0.247376 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:22.734768 0.184813 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:22.912000 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 07:43:39.918884 0.053098 tcp 10.0.2.109 50129 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:43:39.972230 0.058039 tcp 10.0.2.109 50130 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:43:40.030630 0.162433 tcp 10.0.2.109 50131 -> 195.113.214.249 443 SRPA* 0 0 33 18134 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:43:40.193774 0.059797 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:40.236369 0.177342 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:40.392154 0.157283 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:40.664292 0.490358 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:41.248292 0.013344 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:41.407722 0.180118 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:41.583539 0.176371 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 1938 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:42.053145 0.142244 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:42.216541 0.353872 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:42.566901 0.174353 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:42.729803 0.150436 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2083 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:43.857793 0.074440 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:44.222696 0.260846 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:44.450589 0.245857 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:44.676442 0.179597 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:44.916890 0.136764 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:45.346100 0.055175 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:43:45.498813 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 07:44:02.435658 0.054073 tcp 10.0.2.109 50132 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:44:02.489995 0.058310 tcp 10.0.2.109 50133 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:44:02.548557 0.156001 tcp 10.0.2.109 50134 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/24 07:44:02.705105 0.102532 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:44:02.774020 0.153097 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:44:03.997713 0.194713 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:44:04.538831 0.168839 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/24 07:46:18.959913 3.001673 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 07:46:25.967307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:46:33.968616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:46:49.971553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:47:21.977974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:56:29.988268 3.001931 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 07:56:36.995724 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:56:44.997464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:57:00.999944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 07:57:33.006365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:03:37.012034 3.002280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 08:03:44.019923 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:03:52.021130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:04:08.024320 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:04:40.029975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:05:52.445065 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 08:05:52.445156 0.675415 tcp 10.0.2.109 50135 -> 176.73.169.112 1959 FSPA* 0 0 15 1635 flow=From-Botnet-V1-TCP-Established 1970/02/24 08:10:44.045882 3.001841 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 08:10:51.053628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:10:59.055179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:11:15.057741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:11:47.064093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:14:30.599645 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 08:14:30.599825 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 08:14:46.494360 0.050209 tcp 10.0.2.109 50136 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 08:14:46.544829 0.050218 tcp 10.0.2.109 50137 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 08:14:46.595325 0.151251 tcp 10.0.2.109 50138 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/24 08:14:46.823971 0.225777 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:47.117469 0.347750 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:48.032607 0.247283 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:48.524608 0.093037 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:48.820788 0.189389 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:49.002770 0.176295 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:49.156933 0.060455 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:49.272120 0.065571 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:49.321553 0.157105 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:49.486163 0.175590 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:49.642526 0.143764 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:49.744776 0.013586 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 1995 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:50.424496 0.165907 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:50.587369 0.347581 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:50.931155 0.175207 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:51.130156 0.069513 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:51.347463 0.150534 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:51.496573 0.179359 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:51.860678 0.254390 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:52.448245 0.486829 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:52.897759 0.138948 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:53.365672 0.054674 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:53.448678 0.102511 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:53.898506 0.160155 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:54.417745 0.193530 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:14:54.608762 0.167949 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:17:51.070264 3.001653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 08:17:58.080711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:18:06.079690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:18:22.082701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:18:54.088530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:24:58.094884 3.001102 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 08:25:05.105044 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:25:13.103181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:25:29.116615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:26:01.122538 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:32:05.129136 3.000811 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 08:32:12.135715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:32:20.137064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:32:36.139915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:33:08.146593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:35:53.124181 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 08:35:53.124300 1.515431 tcp 10.0.2.109 50139 -> 176.73.169.112 1959 FSPA* 0 0 14 1699 flow=From-Botnet-V1-TCP-Established 1970/02/24 08:39:12.152028 3.001959 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 08:39:19.159561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:39:27.160778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:39:43.164054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:40:15.169924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:45:01.622372 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 08:45:01.622552 0.225014 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:01.886781 0.347445 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:02.247314 0.239468 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:02.450042 0.094491 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:02.524615 0.184717 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:02.701522 0.181861 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:02.858761 0.059202 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:03.038575 0.075389 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:03.323012 0.159008 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:03.465750 0.013444 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2005 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:04.151161 0.179378 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:04.392582 0.147274 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:04.587930 0.194776 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:04.865028 0.353108 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:05.214453 0.172040 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:05.376108 0.175213 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:05.544161 0.076418 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:05.879368 0.150260 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:06.027783 0.245213 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 1992 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:06.355967 0.194650 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:06.514048 0.148194 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:06.815619 0.055784 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:07.048980 0.102342 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:07.266858 0.154631 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:07.416143 0.189033 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:45:07.602231 0.168394 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/24 08:46:19.177159 3.000658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 08:46:26.183657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:46:34.185066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:46:50.188147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:47:22.194487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:56:31.205755 3.002122 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 08:56:38.213418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:56:46.215084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:57:02.217785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 08:57:34.223883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:03:38.231294 3.155624 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 09:03:45.363936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:03:53.295729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:04:09.251953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:04:41.257912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:05:54.644184 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 09:05:54.644331 0.535907 tcp 10.0.2.109 50140 -> 176.73.169.112 1959 FSPA* 0 0 14 1561 flow=From-Botnet-V1-TCP-Established 1970/02/24 09:10:46.265994 3.001085 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 09:10:53.273009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:11:01.274790 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:11:17.277414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:11:49.283599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:15:18.875045 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 09:15:18.875209 0.223732 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:19.097873 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 09:15:35.441069 0.050294 tcp 10.0.2.109 50141 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 09:15:35.491627 0.051607 tcp 10.0.2.109 50142 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 09:15:35.543521 0.547235 tcp 10.0.2.109 50143 -> 195.113.214.249 443 SRPA* 0 0 29 21231 flow=From-Botnet-V1-TCP-Established 1970/02/24 09:15:36.091638 0.188650 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:36.273570 0.179922 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:36.762832 0.315902 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:37.601601 0.244827 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:37.859296 0.061806 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:39.247219 0.072367 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:39.301126 0.162082 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:39.447292 0.013477 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:39.553928 0.245540 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:39.795022 0.177576 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:39.951819 0.138757 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:41.234295 0.352502 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:42.076999 0.172349 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:42.470256 0.174376 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:44.496727 0.072161 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:44.657288 0.295772 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:44.917693 0.154626 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:45.706569 0.145799 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2043 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:45.850303 0.245920 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:46.077267 0.055612 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:47.390026 0.101558 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:49.589091 2.227428 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:51.942256 0.183465 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:15:52.123346 0.165310 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:17:53.844185 2.958221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 09:18:00.764655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:18:08.668730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:18:24.470216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:18:56.596299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:25:00.323526 3.001606 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 09:25:07.330876 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:25:15.332909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:25:31.335337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:26:03.341330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:32:07.347295 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 09:32:14.354898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:32:22.356160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:32:38.359365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:33:10.365232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:35:55.182968 0.000109 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 09:35:55.183164 0.877774 tcp 10.0.2.109 50144 -> 176.73.169.112 1959 FSPA* 0 0 14 1529 flow=From-Botnet-V1-TCP-Established 1970/02/24 09:39:14.371826 3.001192 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 09:39:21.378870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:39:29.380517 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:39:45.383363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:40:17.389199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:45:52.932087 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 09:45:52.932203 0.094281 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:45:53.005836 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 09:46:10.167810 0.050691 tcp 10.0.2.109 50145 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 09:46:10.218858 0.056438 tcp 10.0.2.109 50146 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 09:46:10.275607 0.127616 tcp 10.0.2.109 50147 -> 195.113.214.249 443 SRPA* 0 0 34 25045 flow=From-Botnet-V1-TCP-Established 1970/02/24 09:46:10.403748 0.175756 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:10.571774 0.188056 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:10.735508 0.319874 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:11.060313 0.242365 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:11.265220 0.059398 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:11.335978 0.071893 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:11.393182 0.192381 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:11.569598 0.013880 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:11.620738 0.184011 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:11.801812 0.175969 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:11.957090 0.145277 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:12.063421 0.353718 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:12.412965 0.179718 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:12.580996 0.179638 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:12.752051 0.147110 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:12.903976 0.150965 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:13.053465 0.071839 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:13.157974 0.308235 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:13.431688 0.273316 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2550 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:13.684592 0.055937 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:13.751431 0.104128 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:13.822892 0.150939 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:13.975214 0.201240 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:14.173516 0.176434 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/24 09:46:21.395880 3.001017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 09:46:28.403057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:46:36.404304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:46:52.407300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:47:24.423331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:56:32.433690 3.001966 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 09:56:39.442305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:56:47.442865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:57:03.641780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 09:57:35.462080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:03:39.468600 3.000958 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 10:03:46.475479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:03:54.476831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:04:10.479697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:04:42.486033 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:05:56.062418 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 10:05:56.062597 0.576585 tcp 10.0.2.109 50148 -> 176.73.169.112 1959 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/02/24 10:10:46.492459 3.001069 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 10:10:53.499212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:11:01.500545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:11:17.503693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:11:49.510066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:16:43.422977 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 10:16:43.423098 0.519848 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 4 1486 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:00.419493 0.057796 tcp 10.0.2.109 50149 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 10:17:00.477704 0.055486 tcp 10.0.2.109 50150 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 10:17:00.533491 0.148010 tcp 10.0.2.109 50151 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/24 10:17:00.682192 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 156 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 10:17:18.012720 0.053834 tcp 10.0.2.109 50152 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 10:17:18.066841 0.055130 tcp 10.0.2.109 50153 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 10:17:18.122342 0.304072 tcp 10.0.2.109 50154 -> 195.113.214.249 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/02/24 10:17:18.426983 0.188632 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:18.608294 0.180644 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:19.937973 0.327799 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:20.326112 0.237675 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:20.525629 0.060725 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:20.659927 0.070644 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:20.712609 0.152963 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:20.849332 0.013959 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:20.992576 0.178732 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:21.168379 0.178978 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:21.385450 0.143679 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:21.493332 0.354764 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:21.977341 0.167380 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:22.133301 0.173964 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:22.526721 0.134699 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:22.623749 0.145510 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:22.767646 0.072664 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:22.875994 0.330135 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:23.171395 0.250381 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:23.635298 0.054221 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:24.047462 0.102417 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:24.216566 0.171378 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:24.392258 0.156337 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:24.543357 0.188649 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:17:53.515834 3.001341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 10:18:00.523346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:18:08.524558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:18:24.527779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:18:56.533775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:25:00.539204 3.002116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 10:25:07.547081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:25:15.548267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:25:31.553267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:26:03.557699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:32:07.565367 3.001008 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 10:32:14.571167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:32:22.572852 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:32:38.575463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:33:10.581711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:35:56.640782 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 10:35:56.640983 0.571066 tcp 10.0.2.109 50155 -> 176.73.169.112 1959 FSPA* 0 0 15 1603 flow=From-Botnet-V1-TCP-Established 1970/02/24 10:39:14.588366 3.001014 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 10:39:21.595015 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:39:29.596676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:39:45.599665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:40:17.605710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:46:21.611444 3.001799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 10:46:28.618951 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:46:36.620301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:46:52.623632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:47:24.629354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:47:40.532777 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 10:47:40.532886 0.094972 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:40.610077 0.184214 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:40.786690 0.195219 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:40.985651 0.322792 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:41.626166 0.249195 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:42.012566 0.058572 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:42.158372 0.071650 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:42.459272 0.159517 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:42.810391 0.176343 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:42.967418 0.150576 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:43.078819 0.013583 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:43.097435 0.182882 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:43.328202 0.354198 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:43.678247 0.171573 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:43.906181 0.178430 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:45.216738 0.148215 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:46.074702 0.150289 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:46.223235 0.071357 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:46.889330 0.055288 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:47.079319 0.088333 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:47.955594 0.246917 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:49.046993 0.151302 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:49.470315 0.188812 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:50.162965 0.106046 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:47:50.405266 0.163198 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/24 10:56:33.644127 2.998665 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 10:56:40.649101 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:56:48.650475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:57:04.653529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 10:57:36.659623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:03:40.666480 3.000815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 11:03:47.672982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:03:55.674598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:04:11.677817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:04:43.683958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:05:57.219836 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 11:05:57.219958 2.797731 tcp 10.0.2.109 50156 -> 176.73.169.112 1959 FSPA* 0 0 14 1608 flow=From-Botnet-V1-TCP-Established 1970/02/24 11:10:47.689609 3.001659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 11:10:54.697002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:11:02.698514 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:11:18.711627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:11:50.717491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:17:54.723072 3.002239 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 11:18:01.730335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:18:05.706625 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 11:18:05.706816 0.096441 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:05.784805 0.184397 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:05.970787 0.182453 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:06.339664 0.356632 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:07.150297 0.072665 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:07.513056 0.156880 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:07.653508 0.273110 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:08.685573 0.065185 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:09.732698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:18:10.474858 0.172250 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:10.626375 0.154437 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:11.474930 0.013626 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:11.830424 0.190410 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:12.063807 0.348909 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:13.042075 0.169371 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:13.201103 0.183980 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:13.376991 0.073071 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:15.141584 0.143787 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:15.245868 0.151652 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:15.553208 0.055169 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:16.183265 0.086939 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:16.323535 0.263442 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:17.242721 0.162994 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:17.423688 0.173411 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:17.592498 0.202432 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:18.013516 0.101137 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:18:25.735156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:18:57.741448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:25:01.747831 3.001099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 11:25:08.755030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:25:16.755845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:25:32.758826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:26:04.765345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:32:08.771376 3.001698 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 11:32:15.778937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:32:23.779887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:32:39.783562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:33:11.788793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:36:00.021913 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 11:36:00.022032 0.512359 tcp 10.0.2.109 50157 -> 176.73.169.112 1959 FSPA* 0 0 15 1626 flow=From-Botnet-V1-TCP-Established 1970/02/24 11:39:15.795392 3.001557 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 11:39:22.802933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:39:30.804589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:39:46.806754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:40:18.813374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:46:22.819959 3.000799 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 11:46:29.826691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:46:37.828638 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:46:53.831763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:47:25.837256 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:48:36.008417 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 11:48:36.008580 0.202363 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:36.189508 0.185220 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:37.097700 0.169245 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:37.576086 0.158355 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:37.718186 0.318728 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:38.035630 0.071421 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:38.129952 0.243628 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:38.663631 0.061126 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:38.707380 0.178874 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:38.887012 0.142857 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:40.292383 0.014022 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:40.621507 0.177331 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:40.963006 0.355375 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:41.314831 0.172581 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:41.475636 0.180518 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:41.650116 0.151459 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:41.800141 0.072996 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:41.957237 0.140672 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:42.335511 0.054001 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:42.541619 0.093348 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:42.768711 0.254626 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:43.159058 0.152830 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:43.353602 0.164247 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:43.596407 0.191488 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:48:44.012557 0.102514 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/24 11:56:29.852044 3.001896 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 11:56:36.861508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:56:44.861008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:57:00.864351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 11:57:32.869768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:03:36.875675 3.001639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 12:03:43.883144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:03:51.885138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:04:07.888041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:04:39.894259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:06:00.540525 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 12:06:00.540614 0.676454 tcp 10.0.2.109 50158 -> 176.73.169.112 1959 FSPA* 0 0 14 1729 flow=From-Botnet-V1-TCP-Established 1970/02/24 12:10:44.901303 3.001929 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 12:10:51.909028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:10:59.909924 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:11:15.913352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:11:47.925193 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:17:51.926410 3.000559 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 12:17:58.933152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:18:06.934677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:18:22.936845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:18:49.966158 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 12:18:49.966265 0.096871 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:50.042946 0.157629 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:50.564982 0.183970 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:50.741167 0.180284 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:50.897174 0.318629 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:51.327745 0.070697 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:51.383602 0.241832 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:51.859480 0.060293 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:52.959956 0.177401 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:53.387174 0.139908 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:53.603019 0.013734 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:54.700905 0.177759 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:54.944922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:18:55.355918 0.362388 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:55.714844 0.170706 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:55.964701 0.179281 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 1933 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:56.373593 0.152375 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:56.537584 0.054529 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:56.701304 0.236660 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:57.194427 0.075217 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:58.986622 0.184717 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:18:59.135771 0.253547 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:19:00.583260 0.165047 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:19:00.872829 0.168876 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:19:01.533951 0.199111 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:19:02.365660 0.099695 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:24:58.949129 3.002154 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 12:25:05.956786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:25:13.958358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:25:29.961617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:26:01.966941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:32:05.972922 3.001948 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 12:32:12.980833 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:32:20.982765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:32:36.985530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:33:09.126827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:36:01.219442 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 12:36:01.219671 0.596913 tcp 10.0.2.109 50159 -> 176.73.169.112 1959 FSPA* 0 0 14 1657 flow=From-Botnet-V1-TCP-Established 1970/02/24 12:39:13.007542 3.001337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 12:39:20.014821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:39:28.016331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:39:44.019396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:40:16.025426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:46:20.030939 3.006106 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 12:46:27.038473 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:46:35.040519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:46:51.043205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:47:23.049327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:49:14.008903 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 12:49:14.009005 0.179580 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:14.180755 0.172909 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:14.674087 0.101312 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2577 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:14.834725 0.156004 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:14.974509 0.327177 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:15.309387 0.074034 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:15.366031 0.243287 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:15.572298 0.154049 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:15.686465 0.059833 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:15.730898 0.178795 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:15.887954 0.013644 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:15.971279 0.177070 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:16.144376 0.353995 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:16.508038 0.152254 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2006 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:16.658594 0.054870 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:16.715232 0.173244 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:16.877977 0.178269 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:17.048592 0.163556 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:17.173146 0.073285 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:17.255165 0.144786 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:17.360722 0.245481 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:17.586876 0.149301 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:17.736659 0.174181 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:17.912049 0.188769 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:49:18.097943 0.101107 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/24 12:56:30.059390 3.000546 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 12:56:37.065834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:56:45.069854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:57:01.070637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 12:57:33.076893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:03:37.083734 3.001269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 13:03:44.090562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:03:52.091293 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:04:08.094668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:04:40.099840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:06:01.819147 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 13:06:01.819269 1.419693 tcp 10.0.2.109 50160 -> 176.73.169.112 1959 FSPA* 0 0 15 1693 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:10:45.109013 3.000372 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 13:10:52.115445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:11:00.116781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:11:16.119544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:11:48.128813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:17:52.132756 3.000626 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 13:17:59.139318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:18:07.140700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:18:23.144809 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:18:55.150085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:19:36.499421 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 13:19:36.499561 0.098689 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:36.577150 0.184126 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:36.772417 0.179545 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:37.033526 0.156578 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:37.173777 0.319880 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:37.492590 0.067675 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:37.866870 0.237223 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:38.094866 0.140109 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:38.261630 0.061213 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:38.591623 0.176049 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:38.823387 0.013659 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:39.122030 0.243548 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:39.362651 0.352547 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:39.711543 0.451864 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:40.754891 0.054695 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:41.296285 0.178383 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2611 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:41.472523 0.179132 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:41.776030 0.370241 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:42.180416 0.072436 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:42.624413 0.139912 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:42.830621 0.246408 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:43.348308 0.154050 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:43.851491 0.168421 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:44.539186 0.188200 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:19:44.787042 0.103344 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:24:59.156377 3.001226 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 13:25:06.163225 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:25:14.164826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:25:30.167765 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:26:02.173583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:32:06.179942 3.001676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 13:32:13.187097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:32:21.188623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:32:37.191834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:33:09.207589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:36:03.238234 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 13:36:03.238326 2.993790 tcp 10.0.2.109 50161 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:36:12.240885 0.000000 tcp 10.0.2.109 50161 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:36:18.241405 0.054015 tcp 10.0.2.109 50162 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:36:18.295714 0.055139 tcp 10.0.2.109 50163 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:36:18.351187 0.129389 tcp 10.0.2.109 50164 -> 195.113.214.249 443 SRPA* 0 0 34 24839 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:36:19.400143 3.056722 tcp 10.0.2.109 50165 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:36:28.404737 0.000000 tcp 10.0.2.109 50165 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:39:13.213814 3.001614 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 13:39:20.221408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:39:28.222512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:39:44.225720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:40:16.231862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:41:34.405061 0.000103 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 13:41:34.405266 3.003237 tcp 10.0.2.109 50166 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:41:43.407111 0.000000 tcp 10.0.2.109 50166 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:41:49.610465 0.053967 tcp 10.0.2.109 50167 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:41:49.664719 0.055401 tcp 10.0.2.109 50168 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:41:49.720395 0.126477 tcp 10.0.2.109 50169 -> 195.113.214.249 443 SRPA* 0 0 61 36535 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:41:50.349287 2.974364 tcp 10.0.2.109 50170 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:41:59.266884 0.000000 tcp 10.0.2.109 50170 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:46:20.238934 3.000267 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 13:46:27.245144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:46:35.246626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:46:51.249715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:47:05.150014 0.000104 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 13:47:05.150201 2.993604 tcp 10.0.2.109 50171 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:47:14.142714 0.000000 tcp 10.0.2.109 50171 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:47:20.152790 0.055139 tcp 10.0.2.109 50172 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:47:20.208339 0.055410 tcp 10.0.2.109 50173 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:47:20.264137 0.146645 tcp 10.0.2.109 50174 -> 195.113.214.249 443 SRPA* 0 0 48 41630 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:47:20.436087 2.999768 tcp 10.0.2.109 50175 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:47:23.255800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:47:29.434753 0.000000 tcp 10.0.2.109 50175 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:49:51.038770 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 13:49:51.038942 0.101125 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:51.120460 0.183136 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:51.590408 0.171917 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:51.938447 0.156685 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:52.465304 0.319613 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:52.916177 0.066454 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:54.925935 0.060542 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:56.344190 0.178358 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:56.899059 0.243796 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:57.829868 0.140359 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:58.193387 0.013712 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:49:59.772431 0.182530 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:00.915371 0.347161 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:01.775946 0.150884 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:01.924384 0.055531 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:02.176176 0.176236 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:02.547604 0.179434 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:03.236057 0.498024 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:03.697351 0.072168 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:04.743606 0.192460 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:04.896619 0.246911 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:05.120638 0.151562 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:05.342192 0.102047 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:05.502597 0.176601 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:50:06.067381 0.189229 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/24 13:52:35.435223 0.000110 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 13:52:35.435433 3.002914 tcp 10.0.2.109 50176 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:52:44.437358 0.000000 tcp 10.0.2.109 50176 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:52:50.438874 1.411553 tcp 10.0.2.109 50177 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:52:51.850698 0.054208 tcp 10.0.2.109 50178 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:52:51.905219 0.149938 tcp 10.0.2.109 50179 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:52:52.567407 2.959944 tcp 10.0.2.109 50180 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:53:01.464081 0.000000 tcp 10.0.2.109 50180 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:56:30.264440 3.002163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 13:56:37.272422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:56:45.273639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:57:01.276821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:57:33.282866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 13:58:06.230326 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 13:58:06.230427 2.993989 tcp 10.0.2.109 50181 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:58:15.222943 0.000000 tcp 10.0.2.109 50181 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:58:21.233552 0.054986 tcp 10.0.2.109 50182 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:58:21.288839 0.054615 tcp 10.0.2.109 50183 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:58:21.343736 0.147423 tcp 10.0.2.109 50184 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/24 13:58:21.635841 3.000052 tcp 10.0.2.109 50185 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 13:58:30.635073 0.000000 tcp 10.0.2.109 50185 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:03:36.637806 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 14:03:36.637939 3.001369 tcp 10.0.2.109 50186 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:03:37.299608 3.000859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 14:03:44.306175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:03:45.637892 0.000000 tcp 10.0.2.109 50186 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:03:51.638248 0.463164 tcp 10.0.2.109 50187 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:03:52.101736 0.055424 tcp 10.0.2.109 50188 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:03:52.157460 0.149975 tcp 10.0.2.109 50189 -> 195.113.214.249 443 SRPA* 0 0 44 27138 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:03:52.691962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:03:54.148153 2.976351 tcp 10.0.2.109 50190 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:04:03.066606 0.000000 tcp 10.0.2.109 50190 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:04:08.540718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:04:40.316625 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:09:08.783455 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 14:09:08.783573 3.003372 tcp 10.0.2.109 50191 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:09:17.785503 0.000000 tcp 10.0.2.109 50191 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:09:23.785978 0.055102 tcp 10.0.2.109 50192 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:09:23.840907 0.058917 tcp 10.0.2.109 50193 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:09:23.900149 0.240930 tcp 10.0.2.109 50194 -> 195.113.214.249 443 SRPA* 0 0 72 76950 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:09:25.172708 3.007783 tcp 10.0.2.109 50195 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:09:34.179162 0.000000 tcp 10.0.2.109 50195 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:10:45.323868 3.001968 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 14:10:52.331996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:11:00.333143 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:11:16.336016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:11:48.341952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:17:52.358866 3.000901 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 14:17:59.365683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:18:07.366991 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:18:23.370402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:18:55.376315 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:20:12.647666 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 14:20:12.647825 0.191124 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:13.713610 0.097810 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2566 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:13.789809 0.184806 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:14.078291 0.158473 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:14.219881 0.322128 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:15.440693 0.069625 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:16.900926 0.059181 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:17.023511 0.172474 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:17.667319 0.253886 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:18.885356 0.142465 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:19.215074 0.014207 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:19.342077 0.182188 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:19.521785 0.348178 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:20.093346 0.150105 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:20.537778 0.056270 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:20.755458 0.177116 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:20.921154 0.179479 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:21.538582 0.202657 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:21.757393 0.073355 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:21.840466 0.150040 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:21.952073 0.102157 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:22.255847 0.243046 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:22.479728 0.152740 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:22.627588 0.309739 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:23.151934 0.190455 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:20:25.205576 3.003782 tcp 10.0.2.109 50196 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:20:34.208068 0.000000 tcp 10.0.2.109 50196 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:20:40.208604 0.054945 tcp 10.0.2.109 50197 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:20:40.263887 0.055120 tcp 10.0.2.109 50198 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:20:40.319347 0.146820 tcp 10.0.2.109 50199 -> 195.113.214.249 443 SRPA* 0 0 33 18798 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:20:40.970267 2.992111 tcp 10.0.2.109 50200 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:20:49.970870 0.000000 tcp 10.0.2.109 50200 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:24:59.382536 3.001160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 14:25:06.389418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:25:14.391289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:25:30.395298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:25:55.971360 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 14:25:55.971606 3.003590 tcp 10.0.2.109 50201 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:26:02.400272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:26:04.973886 0.000000 tcp 10.0.2.109 50201 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:26:10.974374 0.054489 tcp 10.0.2.109 50202 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:26:11.029169 0.055110 tcp 10.0.2.109 50203 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:26:11.084585 0.145721 tcp 10.0.2.109 50204 -> 195.113.214.249 443 SRPA* 0 0 42 22882 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:26:11.239135 2.997924 tcp 10.0.2.109 50205 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:26:20.236685 0.000000 tcp 10.0.2.109 50205 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:31:26.236073 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 14:31:26.236230 3.003906 tcp 10.0.2.109 50206 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:31:35.238656 0.000000 tcp 10.0.2.109 50206 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:31:41.239430 0.055760 tcp 10.0.2.109 50207 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:31:41.295477 0.054269 tcp 10.0.2.109 50208 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:31:41.350187 0.244925 tcp 10.0.2.109 50209 -> 195.113.214.249 443 SRPA* 0 0 41 33820 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:31:41.646705 2.995274 tcp 10.0.2.109 50210 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:31:50.650748 0.000000 tcp 10.0.2.109 50210 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:32:06.405955 3.001935 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 14:32:13.413679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:32:21.415069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:32:37.418107 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:33:09.423869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:36:56.641404 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 14:36:56.641601 3.003435 tcp 10.0.2.109 50211 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:37:05.643645 0.000000 tcp 10.0.2.109 50211 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:37:11.643945 0.054758 tcp 10.0.2.109 50212 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:37:11.699111 0.054956 tcp 10.0.2.109 50213 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:37:11.753900 0.143215 tcp 10.0.2.109 50214 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:37:12.482042 3.005895 tcp 10.0.2.109 50215 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:37:21.486723 0.000000 tcp 10.0.2.109 50215 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:39:13.429878 3.001783 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 14:39:20.437381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:39:28.438987 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:39:44.441954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:40:16.448057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:46:20.454423 3.001145 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 14:46:27.461328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:46:35.462998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:46:51.465982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:47:23.475643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:50:38.012322 0.000118 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 14:50:38.012545 0.177226 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:38.166682 0.098769 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:38.425856 0.184652 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:38.646533 0.155122 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:38.785674 0.327165 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:39.111541 0.068800 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:39.164344 0.058831 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:39.206761 0.177999 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:39.363239 0.238742 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:39.568266 0.172017 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:39.737493 0.142884 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:39.841400 0.013420 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:39.867740 0.347560 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:40.211778 0.150523 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:40.360616 0.056122 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:40.600665 0.172056 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:40.759683 0.072947 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:40.815132 0.139588 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:40.957844 0.179575 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:41.127103 0.088428 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:41.276101 0.103045 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:41.398390 0.278895 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:41.655565 0.154703 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:41.870387 0.172185 rtcp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/24 14:50:42.038377 0.000000 udp 10.0.2.109 3683 -> 99.121.105.245 9979 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 14:50:42.527986 2.994407 tcp 10.0.2.109 50216 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:50:51.531190 0.000000 tcp 10.0.2.109 50216 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:50:57.531155 0.053726 tcp 10.0.2.109 50217 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:50:57.585169 0.054498 tcp 10.0.2.109 50218 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:50:57.639944 0.144536 tcp 10.0.2.109 50219 -> 195.113.214.249 443 SRPA* 0 0 25 13938 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:50:57.898552 2.986072 tcp 10.0.2.109 50220 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:51:00.764879 0.053076 tcp 10.0.2.109 50221 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:51:00.818224 0.055001 tcp 10.0.2.109 50222 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:51:00.873572 0.148944 tcp 10.0.2.109 50223 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:51:06.883293 0.000000 tcp 10.0.2.109 50220 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:56:12.893811 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 14:56:12.893937 3.003240 tcp 10.0.2.109 50224 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:56:21.895742 0.000000 tcp 10.0.2.109 50224 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:56:27.896429 0.067657 tcp 10.0.2.109 50225 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:56:27.964370 0.053645 tcp 10.0.2.109 50226 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:56:28.018385 0.150096 tcp 10.0.2.109 50227 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/24 14:56:29.004247 3.006080 tcp 10.0.2.109 50228 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:56:31.483324 3.001133 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 14:56:38.009233 0.000000 tcp 10.0.2.109 50228 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 14:56:38.490359 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:56:46.491302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:57:02.494562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 14:57:34.500698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:01:43.999616 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 15:01:43.999776 2.993687 tcp 10.0.2.109 50229 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:01:52.992096 0.000000 tcp 10.0.2.109 50229 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:01:59.002427 0.053811 tcp 10.0.2.109 50230 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:01:59.056561 0.054652 tcp 10.0.2.109 50231 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:01:59.111519 0.146414 tcp 10.0.2.109 50232 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:01:59.311909 2.993588 tcp 10.0.2.109 50233 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:02:08.304176 0.000000 tcp 10.0.2.109 50233 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:03:38.509507 2.998643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 15:03:45.513754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:03:53.515535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:04:09.518228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:04:41.524434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:07:14.304677 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 15:07:14.304856 3.002941 tcp 10.0.2.109 50234 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:07:23.307117 0.000000 tcp 10.0.2.109 50234 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:07:29.307368 0.448182 tcp 10.0.2.109 50235 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:07:29.755950 0.054536 tcp 10.0.2.109 50236 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:07:29.810864 0.149153 tcp 10.0.2.109 50237 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:07:30.521785 2.999985 tcp 10.0.2.109 50238 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:07:39.529868 0.000000 tcp 10.0.2.109 50238 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:10:45.530004 3.002340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 15:10:52.537888 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:11:00.539374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:11:16.542479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:11:48.548141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:17:52.554566 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 15:17:59.561955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:18:07.563290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:18:23.566476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:18:55.574635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:21:16.234959 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 15:21:16.235129 0.188757 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2601 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:16.420851 0.183358 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:17.729292 0.155518 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2011 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:17.868842 0.178563 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:18.025187 0.094413 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:18.355074 0.059263 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:18.397569 0.172251 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:19.960470 0.239644 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:20.163707 0.178583 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:21.300206 0.160626 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:22.272700 0.013547 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:22.298032 0.322154 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:22.636225 0.067564 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:22.685756 0.054726 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 1980 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:22.876712 0.168725 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 1991 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:23.034952 0.069646 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:23.247941 0.140495 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:23.349062 0.352631 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:24.333750 0.150169 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:24.481907 0.101169 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:25.187972 0.250688 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:25.419857 0.152936 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:26.163714 0.110117 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:26.236050 0.178196 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:27.108162 0.170437 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:21:30.575769 3.003631 tcp 10.0.2.109 50239 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:21:39.577713 0.000000 tcp 10.0.2.109 50239 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:21:45.578543 0.055127 tcp 10.0.2.109 50240 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:21:45.633956 0.054287 tcp 10.0.2.109 50241 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:21:45.688559 0.140160 tcp 10.0.2.109 50242 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:21:45.898494 3.002974 tcp 10.0.2.109 50243 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:21:55.182317 0.000000 tcp 10.0.2.109 50243 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:24:59.578422 3.001310 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 15:25:06.585647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:25:14.587257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:25:30.589962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:26:02.763349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:27:00.901214 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 15:27:00.901341 2.993191 tcp 10.0.2.109 50244 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:27:09.893188 0.000000 tcp 10.0.2.109 50244 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:27:15.903471 0.056603 tcp 10.0.2.109 50245 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:27:15.960360 0.054711 tcp 10.0.2.109 50246 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:27:16.015372 0.141916 tcp 10.0.2.109 50247 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:27:16.274746 3.001747 tcp 10.0.2.109 50248 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:27:25.275246 0.000000 tcp 10.0.2.109 50248 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:32:06.621899 3.002308 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 15:32:13.629955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:32:21.631260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:32:31.275855 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 15:32:31.276007 3.003657 tcp 10.0.2.109 50249 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:32:37.634576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:32:40.278000 0.000000 tcp 10.0.2.109 50249 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:32:46.279091 0.217848 tcp 10.0.2.109 50250 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:32:46.497273 0.055442 tcp 10.0.2.109 50251 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:32:46.553040 0.138893 tcp 10.0.2.109 50252 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:32:46.947198 2.972753 tcp 10.0.2.109 50253 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:32:55.877234 0.000000 tcp 10.0.2.109 50253 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:33:09.640384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:38:01.791212 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 15:38:01.791410 2.993221 tcp 10.0.2.109 50254 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:38:10.783116 0.000000 tcp 10.0.2.109 50254 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:38:16.793750 0.054126 tcp 10.0.2.109 50255 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:38:16.848215 0.054646 tcp 10.0.2.109 50256 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:38:16.903198 0.143160 tcp 10.0.2.109 50257 -> 195.113.214.249 443 SRPA* 0 0 40 33558 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:38:17.133282 3.003457 tcp 10.0.2.109 50258 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:38:26.135511 0.000000 tcp 10.0.2.109 50258 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:39:13.646669 3.001363 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 15:39:20.653755 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:39:28.655212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:39:44.658612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:40:16.664428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:46:20.670559 3.001537 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 15:46:27.677884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:46:35.679373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:46:51.682737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:47:23.688110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:51:49.129929 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 15:51:49.130023 0.189711 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:49.316387 0.184265 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:49.552657 0.157284 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:49.694027 0.176677 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:49.868481 0.094581 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:49.943011 0.059244 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:50.135354 0.177949 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:50.291435 0.239214 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:50.496114 0.181775 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:50.672752 0.145025 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:50.778484 0.013892 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:50.798455 0.321580 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:51.118949 0.070924 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:51.296018 0.062095 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:51.484062 0.139444 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:51.584265 0.171141 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:51.804890 0.068703 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:51.856813 0.354788 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:52.400044 0.150334 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:52.548442 0.096308 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:52.753405 0.243645 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:52.978420 0.143891 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:53.822400 0.281223 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:54.067262 0.179406 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:51:54.654204 0.175405 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/24 15:52:02.188767 2.993892 tcp 10.0.2.109 50259 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:52:11.181780 0.000000 tcp 10.0.2.109 50259 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:52:17.192601 0.054149 tcp 10.0.2.109 50260 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:52:17.247038 0.058597 tcp 10.0.2.109 50261 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:52:17.305998 0.147442 tcp 10.0.2.109 50262 -> 195.113.214.249 443 SRPA* 0 0 41 22254 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:52:17.501381 3.003475 tcp 10.0.2.109 50263 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:52:26.503746 0.000000 tcp 10.0.2.109 50263 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:56:31.699539 3.000482 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 15:56:38.707380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:56:46.707643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:57:02.710158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:57:32.504332 0.308414 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 15:57:32.812914 2.970505 tcp 10.0.2.109 50264 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:57:34.998006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 15:57:41.722463 0.000000 tcp 10.0.2.109 50264 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:57:47.662845 0.054645 tcp 10.0.2.109 50265 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:57:47.717791 0.054794 tcp 10.0.2.109 50266 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:57:47.772869 0.147800 tcp 10.0.2.109 50267 -> 195.113.214.249 443 SRPA* 0 0 47 41614 flow=From-Botnet-V1-TCP-Established 1970/02/24 15:57:48.520868 2.979217 tcp 10.0.2.109 50268 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 15:57:57.447116 0.000000 tcp 10.0.2.109 50268 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:03:03.369935 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 16:03:03.370132 2.993456 tcp 10.0.2.109 50269 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:03:12.362376 0.000000 tcp 10.0.2.109 50269 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:03:18.373019 0.054634 tcp 10.0.2.109 50270 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:03:18.427936 0.055504 tcp 10.0.2.109 50271 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:03:18.483702 0.140405 tcp 10.0.2.109 50272 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:03:20.525048 3.003341 tcp 10.0.2.109 50273 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:03:29.526771 0.000000 tcp 10.0.2.109 50273 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:03:39.439473 3.975935 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 16:03:47.370818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:03:55.279528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:04:11.092269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:04:42.705688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:08:35.527647 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 16:08:35.527822 3.003800 tcp 10.0.2.109 50274 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:08:44.540007 0.000000 tcp 10.0.2.109 50274 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:08:50.529941 0.208060 tcp 10.0.2.109 50275 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:08:50.738330 0.055797 tcp 10.0.2.109 50276 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:08:50.794429 0.144500 tcp 10.0.2.109 50277 -> 195.113.214.249 443 SRPA* 0 0 21 12886 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:08:51.370960 2.972036 tcp 10.0.2.109 50278 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:09:00.296525 0.000000 tcp 10.0.2.109 50278 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:10:45.767427 3.000417 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 16:10:52.774437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:11:00.775491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:11:16.778918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:11:48.785634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:17:52.790039 3.002527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 16:17:59.798175 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:18:07.799600 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:18:23.802537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:18:55.808963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:22:10.458843 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 16:22:10.459032 0.157311 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:10.599997 0.177313 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:17.156114 0.190760 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:17.943712 0.190350 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:19.752667 0.188747 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:20.145017 0.058602 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:20.481770 0.181522 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:20.640776 0.403458 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:21.632694 3.005599 tcp 10.0.2.109 50279 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:22:21.666928 0.174241 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:22.290230 0.141418 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:22.888892 0.013833 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:22.907917 0.319636 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:23.226452 0.069053 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:24.040392 0.053809 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:24.319414 0.143118 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:24.424719 0.178500 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:25.238889 0.069086 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:25.291920 0.102702 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:25.529974 0.581810 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:26.122254 0.149787 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:26.270259 0.250801 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:26.734751 0.149460 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:26.882798 0.233127 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:27.323840 0.178445 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:27.495153 0.168047 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:22:30.637693 0.000000 tcp 10.0.2.109 50279 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:22:36.627959 0.053311 tcp 10.0.2.109 50280 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:22:36.681509 0.053366 tcp 10.0.2.109 50281 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:22:36.735175 0.141184 tcp 10.0.2.109 50282 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:22:37.309379 2.991977 tcp 10.0.2.109 50283 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:22:46.310018 0.000000 tcp 10.0.2.109 50283 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:25:06.081444 2.962648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 16:25:12.990802 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:25:20.880691 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:25:36.660858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:26:08.214882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:27:56.188247 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 16:27:56.188356 2.954248 tcp 10.0.2.109 50284 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:28:05.055856 0.000000 tcp 10.0.2.109 50284 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:28:10.981940 0.054198 tcp 10.0.2.109 50285 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:28:11.036398 0.054262 tcp 10.0.2.109 50286 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:28:11.090907 0.143889 tcp 10.0.2.109 50287 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:28:11.902545 2.957179 tcp 10.0.2.109 50288 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:28:20.941615 0.000000 tcp 10.0.2.109 50288 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:32:07.359810 2.953977 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 16:32:14.271757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:32:22.165896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:32:37.941986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:33:09.856657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:33:23.236338 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 16:33:23.236491 3.003931 tcp 10.0.2.109 50289 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:33:32.238804 0.000000 tcp 10.0.2.109 50289 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:33:39.637142 0.055380 tcp 10.0.2.109 50290 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:33:39.692912 0.054413 tcp 10.0.2.109 50291 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:33:39.747618 0.141620 tcp 10.0.2.109 50292 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:33:40.483065 2.955732 tcp 10.0.2.109 50293 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:33:49.368102 0.000000 tcp 10.0.2.109 50293 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:38:54.091676 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 16:38:54.091822 3.003981 tcp 10.0.2.109 50294 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:39:03.094183 0.000000 tcp 10.0.2.109 50294 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:39:09.100011 0.054908 tcp 10.0.2.109 50295 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:39:09.155224 0.054340 tcp 10.0.2.109 50296 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:39:09.209829 0.145628 tcp 10.0.2.109 50297 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:39:10.287141 3.002006 tcp 10.0.2.109 50298 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:39:13.863207 3.003275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 16:39:19.288134 0.000000 tcp 10.0.2.109 50298 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:39:20.945071 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:39:28.882830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:39:44.874653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:40:16.880432 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:46:20.886700 3.001216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 16:46:27.893726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:46:35.895366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:46:51.898532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:47:23.904734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:52:52.227211 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 16:52:52.227421 0.159681 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:52.370196 0.177859 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:53.219872 0.095145 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:53.305994 0.190645 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:54.365983 0.189195 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:54.952649 0.059510 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:55.398685 2.998079 tcp 10.0.2.109 50299 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:52:55.399066 0.178285 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:55.790396 0.254462 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:57.302123 0.013694 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:57.942447 0.181518 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:58.121039 0.151927 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:59.043109 0.320681 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:52:59.455040 1.164867 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:02.008938 0.056808 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:02.074912 0.141827 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2586 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:02.175655 0.106975 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:02.364613 0.171502 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:02.524529 0.073246 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:02.935272 0.352141 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:03.283857 0.152012 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:03.432784 0.301996 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:03.918472 0.158108 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:04.156709 0.093702 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:04.213707 0.180288 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:04.393965 0.000000 tcp 10.0.2.109 50299 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:53:04.517244 0.170233 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/24 16:53:10.394189 0.053160 tcp 10.0.2.109 50300 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:53:10.447667 0.054521 tcp 10.0.2.109 50301 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:53:10.502531 0.142721 tcp 10.0.2.109 50302 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:53:10.897434 2.999930 tcp 10.0.2.109 50303 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:53:19.896514 0.000000 tcp 10.0.2.109 50303 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:56:32.916694 3.153543 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 16:56:40.042207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:56:47.978323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:57:03.938857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:57:38.119282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 16:58:27.455022 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 16:58:27.455207 2.960138 tcp 10.0.2.109 50304 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:58:36.344160 0.000000 tcp 10.0.2.109 50304 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:58:42.271224 0.055024 tcp 10.0.2.109 50305 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:58:42.326623 0.054239 tcp 10.0.2.109 50306 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:58:42.381181 0.148835 tcp 10.0.2.109 50307 -> 195.113.214.249 443 SRPA* 0 0 35 19284 flow=From-Botnet-V1-TCP-Established 1970/02/24 16:58:42.649145 2.952199 tcp 10.0.2.109 50308 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 16:58:51.531762 0.000000 tcp 10.0.2.109 50308 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:03:39.960814 3.001341 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 17:03:46.967925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:03:54.969083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:03:56.281916 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 17:03:56.282018 3.006498 tcp 10.0.2.109 50309 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:04:05.284424 0.000000 tcp 10.0.2.109 50309 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:04:10.973058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:04:11.913963 0.054995 tcp 10.0.2.109 50310 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:04:11.969202 0.054080 tcp 10.0.2.109 50311 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:04:12.023563 0.143309 tcp 10.0.2.109 50312 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:04:13.110510 2.967835 tcp 10.0.2.109 50313 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:04:22.002983 0.000000 tcp 10.0.2.109 50313 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:04:43.220874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:09:27.488299 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 17:09:27.488395 2.993469 tcp 10.0.2.109 50314 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:09:36.490635 0.000000 tcp 10.0.2.109 50314 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:09:42.490909 0.293650 tcp 10.0.2.109 50315 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:09:42.784897 0.056086 tcp 10.0.2.109 50316 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:09:42.841222 0.142151 tcp 10.0.2.109 50317 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:09:43.638982 2.978054 tcp 10.0.2.109 50318 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:09:52.603708 0.000000 tcp 10.0.2.109 50318 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:10:46.994803 3.002933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 17:10:54.001957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:11:02.004186 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:11:18.006561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:11:50.012681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:17:54.018872 3.001176 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 17:18:01.025937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:18:09.027595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:18:25.030037 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:18:57.036596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:23:21.787522 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 17:23:21.787686 0.161130 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:21.929107 0.174266 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:22.396570 0.097679 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:22.696472 0.190037 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:22.883852 0.184612 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:23.115593 0.060538 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:23.158343 0.173193 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:23.533047 0.255033 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:23.751229 0.013630 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:24.142757 0.248280 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:24.904378 0.150792 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:25.018699 0.320473 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:25.426703 0.068546 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2002 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:25.477809 0.055365 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:26.001422 0.136192 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:26.099361 0.102380 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:26.242577 0.177071 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:26.407769 0.070143 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:26.864084 0.346213 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:27.714593 0.151347 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:27.863898 0.242380 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:28.087222 0.180535 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:28.420704 0.171012 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:28.587131 0.161592 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:28.657092 3.004321 tcp 10.0.2.109 50319 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:23:28.951910 0.412806 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:23:37.669872 0.000000 tcp 10.0.2.109 50319 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:23:43.660093 0.054603 tcp 10.0.2.109 50320 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:23:43.714992 0.054667 tcp 10.0.2.109 50321 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:23:43.769909 0.141840 tcp 10.0.2.109 50322 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:23:44.343971 3.000999 tcp 10.0.2.109 50323 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:23:53.342553 0.000000 tcp 10.0.2.109 50323 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:25:01.053992 3.000041 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 17:25:08.059860 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:25:16.061268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:25:32.064512 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:26:04.070108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:28:59.343031 0.000217 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 17:28:59.343369 3.003633 tcp 10.0.2.109 50324 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:29:08.345649 0.000000 tcp 10.0.2.109 50324 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:29:14.345525 0.052944 tcp 10.0.2.109 50325 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:29:14.398711 0.053225 tcp 10.0.2.109 50326 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:29:14.452264 0.143560 tcp 10.0.2.109 50327 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:29:14.648351 2.999771 tcp 10.0.2.109 50328 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:29:23.647376 0.000000 tcp 10.0.2.109 50328 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:32:08.078265 3.000275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 17:32:15.083807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:32:23.085330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:32:39.088126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:33:11.094602 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:34:29.647936 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 17:34:29.648039 2.993371 tcp 10.0.2.109 50329 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:34:38.650326 0.000000 tcp 10.0.2.109 50329 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:34:44.650308 0.054108 tcp 10.0.2.109 50330 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:34:44.704699 0.055537 tcp 10.0.2.109 50331 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:34:44.760660 0.143332 tcp 10.0.2.109 50332 -> 195.113.214.249 443 SRPA* 0 0 41 23322 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:34:45.171217 3.002665 tcp 10.0.2.109 50333 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:34:54.172720 0.000000 tcp 10.0.2.109 50333 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:39:15.101779 3.000563 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 17:39:22.113222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:39:31.071813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:39:46.877929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:40:00.757309 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 17:40:00.757490 2.968863 tcp 10.0.2.109 50334 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:40:09.649804 0.000000 tcp 10.0.2.109 50334 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:40:15.573871 0.054221 tcp 10.0.2.109 50335 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:40:15.628498 0.054775 tcp 10.0.2.109 50336 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:40:15.683544 0.146101 tcp 10.0.2.109 50337 -> 195.113.214.249 443 SRPA* 0 0 41 22828 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:40:16.075843 2.964154 tcp 10.0.2.109 50338 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:40:18.490045 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:40:24.964402 0.000000 tcp 10.0.2.109 50338 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:46:22.134210 3.001824 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 17:46:29.141791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:46:37.153379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:46:53.156483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:47:25.162572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:53:59.188978 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 17:53:59.189070 0.154718 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:53:59.327987 0.197061 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:00.018520 0.178015 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:00.472096 0.251969 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:00.702905 0.190936 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:00.731921 3.003129 tcp 10.0.2.109 50339 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:54:01.232784 0.063727 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:01.377452 0.175920 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:01.533820 0.241579 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:02.256309 0.013445 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:02.344429 0.174477 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:02.515778 0.128480 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:02.949135 0.318267 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:03.266194 0.067050 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:03.571091 0.099736 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:04.240886 0.187374 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:04.417509 0.075016 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:05.599632 0.054785 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:05.679873 0.138440 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:05.780838 0.347892 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:06.725107 0.150870 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:06.873808 0.170948 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:07.205383 0.147842 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:07.670005 0.250360 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:08.534276 0.180879 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:08.704728 0.870094 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/24 17:54:09.739513 0.000000 tcp 10.0.2.109 50339 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:54:15.734298 0.054537 tcp 10.0.2.109 50340 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:54:15.789073 0.054149 tcp 10.0.2.109 50341 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:54:15.843503 0.144545 tcp 10.0.2.109 50342 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:54:16.772049 3.006694 tcp 10.0.2.109 50343 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:54:25.776821 0.000000 tcp 10.0.2.109 50343 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:56:35.175525 3.002074 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 17:56:42.183221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:56:50.184491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:57:06.187763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:57:38.193584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 17:59:31.766993 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 17:59:31.767164 2.994307 tcp 10.0.2.109 50344 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:59:40.772326 0.000000 tcp 10.0.2.109 50344 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:59:46.770901 0.055482 tcp 10.0.2.109 50345 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:59:46.826723 0.055712 tcp 10.0.2.109 50346 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:59:46.882805 0.146164 tcp 10.0.2.109 50347 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/24 17:59:47.241220 3.002476 tcp 10.0.2.109 50348 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 17:59:56.242486 0.000000 tcp 10.0.2.109 50348 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:03:42.200098 3.002323 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 18:03:49.207386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:03:57.208202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:04:13.211642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:04:45.217792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:05:02.242440 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 18:05:02.242550 3.004141 tcp 10.0.2.109 50349 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:05:11.245309 0.000000 tcp 10.0.2.109 50349 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:05:17.245379 0.833624 tcp 10.0.2.109 50350 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:05:18.079273 0.055284 tcp 10.0.2.109 50351 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:05:18.134843 0.148769 tcp 10.0.2.109 50352 -> 195.113.214.249 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:05:18.976137 2.964373 tcp 10.0.2.109 50353 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:05:27.874674 0.000000 tcp 10.0.2.109 50353 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:10:33.218658 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 18:10:33.218745 2.993784 tcp 10.0.2.109 50354 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:10:42.220982 0.000000 tcp 10.0.2.109 50354 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:10:48.221140 0.054742 tcp 10.0.2.109 50355 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:10:48.276155 0.061526 tcp 10.0.2.109 50356 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:10:48.338016 0.140652 tcp 10.0.2.109 50357 -> 195.113.214.249 443 SRPA* 0 0 33 17554 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:10:49.155280 3.000111 tcp 10.0.2.109 50358 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:10:49.223182 3.002301 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 18:10:56.233078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:10:58.153923 0.000000 tcp 10.0.2.109 50358 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:11:04.232779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:11:20.235468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:11:52.241501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:17:56.247166 3.002311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 18:18:03.254964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:18:11.256580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:18:27.259764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:18:59.265786 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:24:22.710577 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 18:24:22.710739 0.150628 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:22.845066 0.191011 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:23.348851 0.176343 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:25.822448 0.092779 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:26.813015 0.184522 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:27.586361 0.058759 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:28.429311 0.176489 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:28.685265 1.395241 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:30.221318 0.245830 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:31.976089 0.013720 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:35.054691 2.998196 tcp 10.0.2.109 50359 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:24:35.222999 0.136951 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:36.036221 0.343096 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:36.378227 0.065844 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:37.803871 0.102379 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:38.443573 0.173747 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:38.605839 0.352834 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:39.101245 0.121852 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:39.537578 0.055940 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:39.624606 0.352194 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:40.495034 0.150581 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2637 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:40.643802 0.163808 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:41.336288 0.147693 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:41.562850 0.245548 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:41.790328 0.174551 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:42.367363 1.467150 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:24:44.061399 0.000000 tcp 10.0.2.109 50359 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:24:50.052614 0.053086 tcp 10.0.2.109 50360 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:24:50.106005 0.054553 tcp 10.0.2.109 50361 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:24:50.160827 0.145660 tcp 10.0.2.109 50362 -> 195.113.214.249 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:24:50.858839 2.996711 tcp 10.0.2.109 50363 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:25:01.320431 0.000000 tcp 10.0.2.109 50363 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:25:04.695972 2.960933 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 18:25:11.613178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:25:19.516008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:25:35.332283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:26:06.951930 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:30:05.854185 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 18:30:05.854293 3.004241 tcp 10.0.2.109 50364 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:30:14.857275 0.000000 tcp 10.0.2.109 50364 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:30:20.857377 0.053797 tcp 10.0.2.109 50365 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:30:20.911442 0.055451 tcp 10.0.2.109 50366 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:30:20.967167 0.145571 tcp 10.0.2.109 50367 -> 195.113.214.249 443 SRPA* 0 0 35 19284 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:30:21.438388 3.002006 tcp 10.0.2.109 50368 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:30:30.439222 0.000000 tcp 10.0.2.109 50368 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:32:10.295723 3.001412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 18:32:17.302897 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:32:25.304558 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:32:41.307465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:33:13.313797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:35:36.439962 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 18:35:36.440063 2.993407 tcp 10.0.2.109 50369 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:35:45.432074 0.000000 tcp 10.0.2.109 50369 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:35:51.443091 0.053228 tcp 10.0.2.109 50370 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:35:51.496568 0.054490 tcp 10.0.2.109 50371 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:35:51.551409 0.145785 tcp 10.0.2.109 50372 -> 195.113.214.249 443 SRPA* 0 0 30 15972 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:35:52.606017 3.000779 tcp 10.0.2.109 50373 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:36:01.605647 0.000000 tcp 10.0.2.109 50373 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:39:17.319766 3.001525 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 18:39:24.327200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:39:32.328632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:39:48.331505 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:40:20.337526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:41:07.605808 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 18:41:07.605989 3.003456 tcp 10.0.2.109 50374 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:41:16.608065 0.000000 tcp 10.0.2.109 50374 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:41:22.609046 0.052896 tcp 10.0.2.109 50375 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:41:22.662371 0.054640 tcp 10.0.2.109 50376 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:41:22.717372 0.147383 tcp 10.0.2.109 50377 -> 195.113.214.249 443 SRPA* 0 0 40 21234 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:41:23.089127 2.993165 tcp 10.0.2.109 50378 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:41:32.090482 0.000000 tcp 10.0.2.109 50378 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:46:24.343659 3.076577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 18:46:31.389295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:46:39.362528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:46:55.365523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:47:27.371681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:54:47.865235 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 18:54:47.865346 0.156480 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 1971 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:48.005360 0.189470 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:49.019212 0.178138 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:49.174004 0.095032 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:49.338561 0.188591 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:49.520086 0.061100 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:49.611171 0.172539 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:49.763143 0.180440 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:52.122922 0.243116 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:52.601201 0.013530 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:53.428798 2.998509 tcp 10.0.2.109 50379 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:54:54.448856 0.146570 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:55.558050 0.318508 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:55.875257 0.073680 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:56.631144 0.101757 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:57.660495 0.171216 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:58.554983 0.055720 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:59.438126 0.140480 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:59.565701 0.072108 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:54:59.657404 0.353510 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:55:00.007025 0.150583 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:55:00.941641 0.246643 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:55:01.330664 0.170251 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:55:02.425613 0.000000 tcp 10.0.2.109 50379 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:55:02.962996 0.153375 udp 10.0.2.109 3683 <-> 74.75.88.205 7010 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:55:03.697444 0.181217 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:55:04.825099 0.316897 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/24 18:55:08.426304 0.054807 tcp 10.0.2.109 50380 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:55:08.481425 0.054911 tcp 10.0.2.109 50381 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:55:08.536652 0.149725 tcp 10.0.2.109 50382 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 18:55:09.424578 3.005594 tcp 10.0.2.109 50383 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:55:18.428825 0.000000 tcp 10.0.2.109 50383 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 18:56:31.386361 3.001495 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 18:56:38.393938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:56:46.395423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:57:02.398483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 18:57:34.404815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:00:24.419257 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:00:24.419390 2.993797 tcp 10.0.2.109 50384 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:00:33.411825 0.000000 tcp 10.0.2.109 50384 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:00:39.422731 0.053386 tcp 10.0.2.109 50385 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:00:39.476407 0.053848 tcp 10.0.2.109 50386 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:00:39.530549 0.143648 tcp 10.0.2.109 50387 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:00:39.920336 2.995012 tcp 10.0.2.109 50388 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:00:48.914058 0.000000 tcp 10.0.2.109 50388 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:03:38.410463 3.001475 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 19:03:45.418109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:03:53.419387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:04:09.422280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:04:41.428673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:05:54.914390 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:05:54.914483 3.003412 tcp 10.0.2.109 50389 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:06:03.917014 0.000000 tcp 10.0.2.109 50389 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:06:09.941117 1.061367 tcp 10.0.2.109 50390 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:06:11.002776 0.053640 tcp 10.0.2.109 50391 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:06:11.056723 0.143375 tcp 10.0.2.109 50392 -> 195.113.214.249 443 SRPA* 0 0 32 17702 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:06:11.839425 2.959935 tcp 10.0.2.109 50393 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:06:20.754246 0.000000 tcp 10.0.2.109 50393 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:10:46.436273 3.000997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 19:10:53.443163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:11:01.444643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:11:17.447629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:11:26.481204 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:11:26.481298 3.003741 tcp 10.0.2.109 50394 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:11:35.483611 0.000000 tcp 10.0.2.109 50394 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:11:41.484188 0.031541 tcp 10.0.2.109 50395 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:11:41.516061 0.054611 tcp 10.0.2.109 50396 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:11:41.571000 0.146435 tcp 10.0.2.109 50397 -> 195.113.214.249 443 SRPA* 0 0 39 31704 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:11:41.943222 3.003843 tcp 10.0.2.109 50398 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:11:49.453883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:11:50.945955 0.000000 tcp 10.0.2.109 50398 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:17:53.459652 3.001644 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 19:18:00.467042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:18:08.468544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:18:24.471795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:18:56.477643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:25:00.487529 2.998054 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 19:25:07.491127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:25:13.119440 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:25:13.119601 0.157650 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:13.261202 0.190228 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2546 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:13.466907 0.177179 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:13.621738 0.093974 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:14.028597 0.189719 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:14.210393 0.060429 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:14.435995 0.175975 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:14.592390 0.190764 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:15.023475 0.243535 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:15.230668 0.013628 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:15.275943 0.141728 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:15.495875 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:25:15.735385 0.322141 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:16.099510 0.066665 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:16.150099 0.099146 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:16.305574 0.174559 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2573 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:16.468207 0.072927 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:17.335670 0.055386 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:17.515467 0.137829 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:17.839574 0.352902 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:18.188626 0.150812 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:18.337818 0.251498 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:18.691001 0.181886 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:19.045727 0.000000 udp 10.0.2.109 3683 -> 74.75.88.205 7010 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:25:26.999584 2.993967 tcp 10.0.2.109 50399 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:25:31.495697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:25:35.992081 0.000000 tcp 10.0.2.109 50399 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:25:36.484599 0.054113 tcp 10.0.2.109 50400 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:25:36.539090 0.032679 tcp 10.0.2.109 50401 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:25:36.572098 0.132048 tcp 10.0.2.109 50402 -> 195.113.214.249 443 SRPA* 0 0 37 31596 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:25:36.705020 0.179743 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:36.875252 0.092554 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:25:42.001793 0.031666 tcp 10.0.2.109 50403 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:25:42.033716 0.032005 tcp 10.0.2.109 50404 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:25:42.066025 0.126661 tcp 10.0.2.109 50405 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:25:42.443534 3.001962 tcp 10.0.2.109 50406 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:25:51.444503 0.000000 tcp 10.0.2.109 50406 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:26:03.501608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:30:57.444906 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:30:57.445013 3.003574 tcp 10.0.2.109 50407 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:31:06.447114 0.000000 tcp 10.0.2.109 50407 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:31:12.447656 0.032640 tcp 10.0.2.109 50408 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:31:12.480531 0.032450 tcp 10.0.2.109 50409 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:31:12.513267 0.143352 tcp 10.0.2.109 50410 -> 195.113.214.249 443 SRPA* 0 0 22 11444 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:31:13.184954 3.006137 tcp 10.0.2.109 50411 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:31:22.199777 0.000000 tcp 10.0.2.109 50411 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:32:07.508580 3.000590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 19:32:14.514881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:32:22.516310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:32:38.519419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:33:10.536396 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:36:28.180216 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:36:28.180323 2.993898 tcp 10.0.2.109 50412 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:36:37.172532 0.000000 tcp 10.0.2.109 50412 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:36:43.183047 0.053752 tcp 10.0.2.109 50413 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:36:43.237201 0.032867 tcp 10.0.2.109 50414 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:36:43.270322 0.129362 tcp 10.0.2.109 50415 -> 195.113.214.249 443 SRPA* 0 0 23 13372 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:36:43.827511 2.999028 tcp 10.0.2.109 50416 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:36:52.825104 0.000000 tcp 10.0.2.109 50416 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:39:14.541160 3.003228 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 19:39:21.548792 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:39:29.550704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:39:45.559494 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:40:17.559049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:41:58.825478 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:41:58.825666 3.003634 tcp 10.0.2.109 50417 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:42:07.828011 0.000000 tcp 10.0.2.109 50417 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:42:13.828749 0.054273 tcp 10.0.2.109 50418 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:42:13.883371 0.032266 tcp 10.0.2.109 50419 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:42:13.916061 0.125912 tcp 10.0.2.109 50420 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:42:14.444724 2.997547 tcp 10.0.2.109 50421 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:42:23.450760 0.000000 tcp 10.0.2.109 50421 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:46:21.565452 3.001577 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 19:46:28.573058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:46:36.574482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:46:52.577333 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:47:24.583381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:55:44.493105 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:55:44.493299 0.000000 udp 10.0.2.109 3683 -> 74.75.88.205 7010 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:56:01.158357 0.053714 tcp 10.0.2.109 50422 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:56:01.212420 0.054711 tcp 10.0.2.109 50423 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:56:01.267416 0.575769 tcp 10.0.2.109 50424 -> 195.113.214.249 443 SRPA* 0 0 30 21247 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:56:01.843812 0.175276 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:01.996825 0.180122 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:04.731784 2.425732 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2529 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:07.458989 0.060443 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:07.690353 0.179233 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:09.618387 0.097941 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:10.637234 0.178580 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:10.808962 0.013529 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:11.637921 0.144618 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:13.288520 0.242887 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:14.579698 0.179558 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:15.622231 0.103786 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:15.692312 0.171484 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:15.864696 0.068075 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:16.283214 0.348383 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:16.624238 2.966936 tcp 10.0.2.109 50425 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:56:17.635482 0.071340 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:17.688582 0.056602 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:20.038778 0.140245 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:20.160538 0.242964 rtp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 6 1974 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:21.159902 0.170654 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:21.547130 0.150193 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:22.156224 0.353005 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:22.505341 0.179715 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:23.042993 0.098413 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:23.657616 0.394881 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 8 3004 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:24.029911 0.555584 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 8 2866 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:24.569141 0.445271 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 8 2925 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:24.997592 0.596696 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 8 2887 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:25.591304 0.599246 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 8 3130 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:25.702520 0.000000 tcp 10.0.2.109 50425 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:56:26.235622 0.319088 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 8 2969 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:26.536184 0.630107 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 3000 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:27.159306 0.054431 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 8 2934 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:27.442774 0.261964 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 8 2807 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:27.667420 0.450513 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 8 2965 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:28.082438 2.622198 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 8 2931 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:30.672943 0.472592 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3047 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:31.142775 1.250003 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 8 3100 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:31.632759 0.052434 tcp 10.0.2.109 50426 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:56:31.685450 0.054612 tcp 10.0.2.109 50427 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:56:31.740361 0.778293 tcp 10.0.2.109 50428 -> 195.113.214.249 443 SRPA* 0 0 29 21649 flow=From-Botnet-V1-TCP-Established 1970/02/24 19:56:32.381549 1.756088 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3032 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:32.709796 2.966134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 19:56:34.077831 2.965355 tcp 10.0.2.109 50429 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:56:34.123050 0.699186 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 2862 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:34.955601 0.355458 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 8 3064 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:35.294110 0.940297 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 8 3019 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:36.199593 1.645258 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 2811 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:37.890478 3.084862 udp 10.0.2.109 3683 <-> 63.155.69.184 1389 CON 0 0 8 2987 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:39.631239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:56:40.956054 1.083647 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 8 3279 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:42.166048 0.702853 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3032 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:42.865321 0.438026 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 8 2971 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:42.969337 0.000000 tcp 10.0.2.109 50429 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 19:56:43.890660 0.346266 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 8 3196 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:44.228648 0.563540 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 8 3033 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:44.755537 0.000000 udp 10.0.2.109 3683 -> 59.167.88.115 1657 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:56:47.534313 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:56:50.568566 0.453289 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 8 2930 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:51.477774 0.670177 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 8 3138 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:56:52.200972 0.000000 udp 10.0.2.109 3683 -> 62.38.147.37 3738 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:56:57.929677 0.000000 udp 10.0.2.109 3683 -> 124.121.205.246 8237 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:57:03.347678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:57:05.803463 0.000000 udp 10.0.2.109 3683 -> 60.52.100.232 2702 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:57:13.088094 0.000000 udp 10.0.2.109 3683 -> 81.137.23.105 2927 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:57:17.779386 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:57:20.051021 0.000000 udp 10.0.2.109 3683 -> 96.225.74.61 5446 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:57:27.761034 0.000000 udp 10.0.2.109 3683 -> 181.48.72.249 5642 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:57:32.805048 0.000000 udp 10.0.2.109 3683 -> 108.18.178.118 8449 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:57:35.222384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 19:57:38.279409 0.000000 udp 10.0.2.109 3683 -> 93.177.153.25 2928 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:57:43.904692 0.000000 udp 10.0.2.109 3683 -> 68.188.25.66 8032 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:57:49.681805 0.000000 udp 10.0.2.109 3683 -> 95.227.67.150 3581 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:57:55.665758 0.000000 udp 10.0.2.109 3683 -> 120.151.212.206 8206 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:58:04.153218 0.248403 udp 10.0.2.109 3683 <-> 193.90.52.69 9082 CON 0 0 8 3107 flow=From-Botnet-V1-UDP-Established 1970/02/24 19:58:06.106250 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:58:08.892056 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:58:12.816531 0.000000 udp 10.0.2.109 3683 -> 186.7.255.150 2209 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:58:20.797564 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:58:28.464068 0.000000 udp 10.0.2.109 3683 -> 67.81.217.79 2564 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:58:36.656914 0.000000 udp 10.0.2.109 3683 -> 66.15.102.33 9714 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:58:43.770794 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:58:49.638850 0.000000 udp 10.0.2.109 3683 -> 95.224.86.7 4945 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:58:54.328324 0.074797 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:58:56.926537 0.000000 udp 10.0.2.109 3683 -> 46.40.121.209 9833 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:59:03.688768 0.000000 udp 10.0.2.109 3683 -> 116.123.126.77 7787 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:59:12.440351 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:59:18.056107 0.000000 udp 10.0.2.109 3683 -> 216.54.174.26 6130 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:59:26.966306 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 276 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:59:33.181947 0.000000 udp 10.0.2.109 3683 -> 66.60.158.190 6933 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:59:41.605258 0.000000 udp 10.0.2.109 3683 -> 64.180.226.146 7224 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:59:46.322835 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 19:59:48.416689 0.000000 udp 10.0.2.109 3683 -> 126.196.87.198 2870 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 19:59:55.770759 0.000000 udp 10.0.2.109 3683 -> 124.122.43.176 4402 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:00:01.930457 0.000000 udp 10.0.2.109 3683 -> 120.151.116.43 7447 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:00:09.880778 0.000000 udp 10.0.2.109 3683 -> 75.109.189.157 7538 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:00:16.020667 0.000000 udp 10.0.2.109 3683 -> 80.229.37.176 9180 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:00:24.405290 0.000000 udp 10.0.2.109 3683 -> 110.77.230.151 5703 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:00:31.974411 0.000000 udp 10.0.2.109 3683 -> 175.139.136.94 2348 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:00:36.723593 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:00:37.497324 0.000000 udp 10.0.2.109 3683 -> 99.243.225.93 7222 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:00:44.749169 0.000000 udp 10.0.2.109 3683 -> 5.178.135.71 2128 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:00:51.707184 0.101817 udp 10.0.2.109 3683 <-> 87.153.122.164 4545 CON 0 0 8 2936 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:00:52.749311 0.606828 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 8 2887 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:00:53.462010 0.097366 rtp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 8 3162 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:00:54.979815 0.428067 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3124 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:00:55.410445 0.000000 udp 10.0.2.109 3683 -> 186.151.51.130 8012 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:01:01.851678 0.000000 udp 10.0.2.109 3683 -> 125.203.23.161 2238 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:01:08.361823 0.000000 udp 10.0.2.109 3683 -> 190.239.204.142 2918 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:01:17.145331 0.000000 udp 10.0.2.109 3683 -> 173.174.31.233 6124 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:01:21.706746 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:01:25.073342 0.712606 udp 10.0.2.109 3683 <-> 78.38.124.5 3680 CON 0 0 8 3004 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:01:27.040978 0.668806 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 8 3322 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:01:29.183726 0.000000 udp 10.0.2.109 3683 -> 5.87.94.78 1842 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:01:34.238000 0.000000 udp 10.0.2.109 3683 -> 66.64.32.179 3377 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:01:41.035052 0.000000 udp 10.0.2.109 3683 -> 95.104.0.6 5934 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:01:46.973941 3.003753 tcp 10.0.2.109 50430 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:01:49.927800 0.000000 udp 10.0.2.109 3683 -> 93.64.105.234 2528 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:01:55.975974 0.000000 tcp 10.0.2.109 50430 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:01:58.470323 0.000000 udp 10.0.2.109 3683 -> 87.246.251.13 8842 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:02:01.980605 0.054284 tcp 10.0.2.109 50431 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:02:02.035198 0.054184 tcp 10.0.2.109 50432 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:02:02.089746 0.135456 tcp 10.0.2.109 50433 -> 195.113.214.249 443 SRPA* 0 0 31 21757 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:02:02.818075 3.001801 tcp 10.0.2.109 50434 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:02:07.282793 0.000000 udp 10.0.2.109 3683 -> 203.206.220.184 6369 INT 0 1 248 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:02:11.819106 0.000000 tcp 10.0.2.109 50434 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:02:14.052660 0.000000 udp 10.0.2.109 3683 -> 108.176.65.152 4615 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:02:22.024149 0.292697 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 8 3031 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:02:23.013271 0.392067 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 8 3029 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:02:24.161080 0.000000 udp 10.0.2.109 3683 -> 94.66.199.211 6063 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:02:29.184206 0.000000 udp 10.0.2.109 3683 -> 190.51.163.242 1794 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:02:36.174947 0.000000 udp 10.0.2.109 3683 -> 41.224.87.214 8167 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:02:44.085524 0.000000 udp 10.0.2.109 3683 -> 219.74.160.226 8055 INT 0 1 198 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:02:48.712343 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:02:52.938469 0.000000 udp 10.0.2.109 3683 -> 112.221.218.178 7850 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:02:58.076244 0.403454 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 8 2907 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:02:59.262464 0.000000 udp 10.0.2.109 3683 -> 92.236.35.175 9762 INT 0 1 298 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:03:05.766549 0.000000 udp 10.0.2.109 3683 -> 66.178.22.134 4803 INT 0 1 305 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:03:12.837294 0.756521 udp 10.0.2.109 3683 <-> 183.23.136.174 1354 CON 0 0 8 3075 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:03:13.870829 0.000000 udp 10.0.2.109 3683 -> 82.113.249.65 4448 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:03:20.658623 0.000000 udp 10.0.2.109 3683 -> 79.38.161.212 6306 INT 0 1 137 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:03:26.927327 0.000000 udp 10.0.2.109 3683 -> 203.59.234.65 2760 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:03:33.469754 0.000000 udp 10.0.2.109 3683 -> 119.74.158.76 2170 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:03:37.616409 3.001044 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 20:03:38.217215 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:03:40.817582 0.000000 udp 10.0.2.109 3683 -> 209.97.65.24 2550 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:03:44.622495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:03:47.547124 0.000000 udp 10.0.2.109 3683 -> 24.103.120.69 3559 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:03:52.623952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:03:54.968151 0.000000 udp 10.0.2.109 3683 -> 124.122.127.241 9289 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:04:00.395419 0.918583 udp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 8 2823 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:04:03.045640 0.000000 udp 10.0.2.109 3683 -> 81.136.201.53 5695 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:04:08.626882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:04:11.000741 0.840670 udp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 8 3191 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:04:13.110926 0.000000 udp 10.0.2.109 3683 -> 203.59.48.34 2803 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:04:19.162660 0.330133 udp 10.0.2.109 3683 <-> 67.70.206.179 1365 CON 0 0 8 3109 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:04:19.505528 0.195832 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 8 3111 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:04:19.811242 0.723066 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 8 3093 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:04:21.084463 0.320675 udp 10.0.2.109 3683 -> 121.15.135.121 7960 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:04:21.405138 0.000000 icmp 121.15.135.121 0x0303 -> 10.0.2.109 0x181f URP 192 1 268 flow=Background 1970/02/24 20:04:23.708433 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:04:29.847722 0.000000 udp 10.0.2.109 3683 -> 97.78.166.67 5622 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:04:38.911626 1.141354 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 8 3042 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:04:40.175417 0.000000 udp 10.0.2.109 3683 -> 58.211.123.114 1787 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:04:43.712202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:04:48.194112 0.000000 udp 10.0.2.109 3683 -> 79.31.160.54 5940 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:04:56.387696 0.867656 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 8 3093 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:04:57.325659 0.000000 udp 10.0.2.109 3683 -> 14.217.250.196 9628 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:05:04.233174 0.000000 udp 10.0.2.109 3683 -> 60.54.45.210 8376 INT 0 1 270 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:05:12.831082 0.368665 udp 10.0.2.109 3683 -> 113.163.139.41 7026 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:05:13.199747 0.000000 icmp 113.163.139.41 0x0303 -> 10.0.2.109 0x721b URP 192 1 230 flow=Background 1970/02/24 20:05:17.364199 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:05:18.345732 0.000000 udp 10.0.2.109 3683 -> 171.101.42.155 3456 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:05:24.343562 0.000000 udp 10.0.2.109 3683 -> 190.66.149.232 5239 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:05:30.000356 0.000000 udp 10.0.2.109 3683 -> 110.78.147.212 8466 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:05:37.389468 0.000000 udp 10.0.2.109 3683 -> 69.127.115.205 7177 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:05:44.742229 0.340030 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 8 3184 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:05:46.206649 1.326589 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 8 2929 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:05:49.255118 0.000000 udp 10.0.2.109 3683 -> 173.58.81.194 8301 INT 0 1 291 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:05:54.303888 0.000000 udp 10.0.2.109 3683 -> 5.29.129.197 2875 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:06:00.339462 0.369856 udp 10.0.2.109 3683 <-> 23.125.20.39 7947 CON 0 0 8 2954 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:06:01.005999 0.000000 udp 10.0.2.109 3683 -> 58.57.24.178 7970 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:06:05.223214 0.000149 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:06:07.596051 0.000000 udp 10.0.2.109 3683 -> 189.224.121.123 7897 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:06:16.126165 0.286128 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3070 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:06:17.560804 1.739029 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 8 3041 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:06:19.387038 0.000000 udp 10.0.2.109 3683 -> 157.122.144.90 3414 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:06:24.953459 4.579330 udp 10.0.2.109 3683 <-> 172.162.41.132 3573 CON 0 0 8 2837 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:06:30.299394 0.314559 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 3 911 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:06:35.953494 0.000000 udp 10.0.2.109 3683 -> 66.255.245.228 6734 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:06:41.316266 0.904463 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 8 3120 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:06:42.616090 0.000000 udp 10.0.2.109 3683 -> 124.106.77.206 1088 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:06:50.836604 0.000000 udp 10.0.2.109 3683 -> 12.207.107.162 7563 INT 0 1 235 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:06:55.496234 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:06:59.678424 0.000000 udp 10.0.2.109 3683 -> 65.27.61.158 3522 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:07:06.140843 0.382037 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 8 3056 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:07:06.928986 0.000000 udp 10.0.2.109 3683 -> 219.80.200.232 9709 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:07:15.529297 0.000000 udp 10.0.2.109 3683 -> 74.218.32.44 1243 INT 0 1 301 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:07:21.761002 2.975674 tcp 10.0.2.109 50435 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:07:22.559549 0.471221 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 8 3228 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:07:23.536937 0.220547 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 8 3014 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:07:23.995787 0.452678 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 8 3197 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:07:25.155329 0.000000 udp 10.0.2.109 3683 -> 96.242.79.145 4896 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:07:30.674698 0.000000 tcp 10.0.2.109 50435 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:07:32.880440 0.000000 udp 10.0.2.109 3683 -> 173.151.116.236 9432 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:07:36.600379 0.055561 tcp 10.0.2.109 50436 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:07:36.655977 0.033195 tcp 10.0.2.109 50437 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:07:36.689535 0.127102 tcp 10.0.2.109 50438 -> 195.113.214.249 443 SRPA* 0 0 33 24326 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:07:36.932453 2.964566 tcp 10.0.2.109 50439 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:07:37.876935 0.000000 udp 10.0.2.109 3683 -> 72.190.35.31 4491 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:07:44.428916 0.000000 udp 10.0.2.109 3683 -> 95.137.136.115 4567 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:07:45.814284 0.000000 tcp 10.0.2.109 50439 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:07:51.338771 0.000000 udp 10.0.2.109 3683 -> 112.208.220.61 1289 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:07:51.725897 0.051441 tcp 10.0.2.109 50440 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:07:51.777649 0.059809 tcp 10.0.2.109 50441 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:07:51.837787 0.178195 tcp 10.0.2.109 50442 -> 195.113.214.249 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:07:52.836728 2.960068 tcp 10.0.2.109 50443 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:07:56.722184 0.000000 udp 10.0.2.109 3683 -> 165.228.193.251 9889 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:08:01.711309 0.000000 tcp 10.0.2.109 50443 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:08:02.191904 0.000000 udp 10.0.2.109 3683 -> 83.61.9.179 3691 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:08:07.624381 3.194523 tcp 10.0.2.109 50444 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:08:12.309466 0.828661 udp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 8 3243 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:08:13.387805 0.000000 udp 10.0.2.109 3683 -> 70.54.190.45 2076 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:08:18.154593 0.000000 tcp 10.0.2.109 50444 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:08:21.087948 0.000000 udp 10.0.2.109 3683 -> 113.181.23.140 7596 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:10:47.483204 2.951925 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 20:10:54.391885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:11:02.279769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:11:18.054020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:11:49.636917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:13:20.016784 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:13:20.016929 2.947992 tcp 10.0.2.109 50445 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:13:28.877586 0.000000 tcp 10.0.2.109 50445 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:13:34.937195 0.031832 tcp 10.0.2.109 50446 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:13:34.969327 0.032210 tcp 10.0.2.109 50447 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:13:35.001892 0.128629 tcp 10.0.2.109 50448 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:13:36.072976 2.961959 tcp 10.0.2.109 50449 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:13:44.951475 0.000000 tcp 10.0.2.109 50449 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:13:50.862206 0.042565 tcp 10.0.2.109 50450 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:13:50.905041 0.033505 tcp 10.0.2.109 50451 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:13:50.938814 0.123086 tcp 10.0.2.109 50452 -> 195.113.214.249 443 SRPA* 0 0 22 13148 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:13:51.219567 2.961430 tcp 10.0.2.109 50453 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:14:00.102319 0.000000 tcp 10.0.2.109 50453 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:14:06.021047 0.031165 tcp 10.0.2.109 50454 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:14:06.052471 0.033035 tcp 10.0.2.109 50455 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:14:06.085816 0.145067 tcp 10.0.2.109 50456 -> 195.113.214.249 443 SRPA* 0 0 20 11372 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:14:06.689908 2.962761 tcp 10.0.2.109 50457 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:14:15.572359 0.000000 tcp 10.0.2.109 50457 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:14:21.488361 2.994300 tcp 10.0.2.109 50458 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:14:30.493581 0.000000 tcp 10.0.2.109 50458 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:14:36.491818 2.992481 tcp 10.0.2.109 50459 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:14:47.382826 0.000000 tcp 10.0.2.109 50459 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:14:52.067137 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:17:51.673212 3.001669 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 20:17:58.680326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:18:06.682117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:18:22.685524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:18:54.691561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:19:51.493500 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:19:51.493655 3.004781 tcp 10.0.2.109 50460 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:20:00.495720 0.000000 tcp 10.0.2.109 50460 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:20:06.496246 0.054666 tcp 10.0.2.109 50461 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:20:06.551274 0.056343 tcp 10.0.2.109 50462 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:20:06.607840 0.129328 tcp 10.0.2.109 50463 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:20:07.598645 3.001427 tcp 10.0.2.109 50464 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:20:16.598805 0.000000 tcp 10.0.2.109 50464 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:20:22.598364 0.074321 tcp 10.0.2.109 50465 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:20:22.672985 0.054449 tcp 10.0.2.109 50466 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:20:22.727790 0.139833 tcp 10.0.2.109 50467 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:20:22.955392 2.987294 tcp 10.0.2.109 50468 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:20:31.950900 0.000000 tcp 10.0.2.109 50468 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:20:37.950028 0.071008 tcp 10.0.2.109 50469 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:20:38.021352 0.054102 tcp 10.0.2.109 50470 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:20:38.075707 0.125131 tcp 10.0.2.109 50471 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:20:38.872543 3.002541 tcp 10.0.2.109 50472 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:20:47.873347 0.000000 tcp 10.0.2.109 50472 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:20:53.872848 3.004232 tcp 10.0.2.109 50473 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:21:02.875311 0.000000 tcp 10.0.2.109 50473 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:21:08.874587 3.003836 tcp 10.0.2.109 50474 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:21:17.876832 0.000000 tcp 10.0.2.109 50474 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:21:22.723851 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:24:58.697542 3.000970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 20:25:05.704622 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:25:13.706134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:25:29.709109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:26:01.714438 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:26:23.877335 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:26:23.877514 3.003566 tcp 10.0.2.109 50475 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:26:32.889807 0.000000 tcp 10.0.2.109 50475 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:26:38.880017 0.032358 tcp 10.0.2.109 50476 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:26:38.912610 0.031916 tcp 10.0.2.109 50477 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:26:38.944819 0.125541 tcp 10.0.2.109 50478 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:26:39.368314 2.995191 tcp 10.0.2.109 50479 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:26:48.362000 0.000000 tcp 10.0.2.109 50479 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:26:54.361289 0.053813 tcp 10.0.2.109 50480 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:26:54.415408 0.053849 tcp 10.0.2.109 50481 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:26:54.469558 0.177637 tcp 10.0.2.109 50482 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:26:56.073436 3.004128 tcp 10.0.2.109 50483 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:27:05.076458 0.000000 tcp 10.0.2.109 50483 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:27:11.075360 0.031047 tcp 10.0.2.109 50484 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:27:11.106697 0.053795 tcp 10.0.2.109 50485 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:27:11.160887 0.126138 tcp 10.0.2.109 50486 -> 195.113.214.249 443 SRPA* 0 0 20 10084 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:27:11.736035 3.003943 tcp 10.0.2.109 50487 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:27:20.738710 0.000000 tcp 10.0.2.109 50487 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:27:26.737474 3.003991 tcp 10.0.2.109 50488 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:27:35.750070 0.000000 tcp 10.0.2.109 50488 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:27:41.739226 2.995806 tcp 10.0.2.109 50489 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:27:50.731876 0.000000 tcp 10.0.2.109 50489 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:27:55.718706 3.166198 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:32:05.720357 3.002531 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 20:32:12.728670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:32:20.729862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:32:36.732807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:32:56.742472 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:32:56.742641 3.003483 tcp 10.0.2.109 50490 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:33:05.744785 0.000000 tcp 10.0.2.109 50490 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:33:08.739059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:33:11.744948 0.032073 tcp 10.0.2.109 50491 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:33:11.777308 0.031804 tcp 10.0.2.109 50492 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:33:11.809380 0.145245 tcp 10.0.2.109 50493 -> 195.113.214.249 443 SRPA* 0 0 21 11390 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:33:12.419607 2.998805 tcp 10.0.2.109 50494 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:33:21.417061 0.000000 tcp 10.0.2.109 50494 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:33:27.416357 0.053726 tcp 10.0.2.109 50495 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:33:27.470394 0.035826 tcp 10.0.2.109 50496 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:33:27.506497 0.142548 tcp 10.0.2.109 50497 -> 195.113.214.249 443 SRPA* 0 0 20 11334 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:33:28.140511 3.000961 tcp 10.0.2.109 50498 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:33:37.149780 0.000000 tcp 10.0.2.109 50498 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:33:43.138675 2.994349 tcp 10.0.2.109 50499 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:33:52.141248 0.000000 tcp 10.0.2.109 50499 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:38:47.997087 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:38:47.997201 0.196104 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:48.189859 0.171476 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:49.271669 0.094103 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:49.346414 0.013644 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:49.952067 0.144291 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:50.059886 0.184716 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:50.236564 0.239534 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:50.441663 0.179791 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2540 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:50.618507 0.176143 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:50.834351 0.068519 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:51.380959 0.326643 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:51.704849 0.073821 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2571 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:52.059243 0.140804 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:52.160767 0.054709 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:52.216843 0.168642 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:52.395528 0.348371 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:52.740382 0.151029 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:52.889605 0.179969 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:53.071942 0.188781 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:53.223760 0.235300 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:53.448836 0.339440 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:38:53.787760 0.000000 udp 10.0.2.109 3683 -> 193.90.52.69 9082 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 20:38:58.141867 3.003905 tcp 10.0.2.109 50500 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:39:07.144361 0.000000 tcp 10.0.2.109 50500 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:39:10.000148 0.032308 tcp 10.0.2.109 50501 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:39:10.032762 0.032105 tcp 10.0.2.109 50502 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:39:10.065194 0.123058 tcp 10.0.2.109 50503 -> 195.113.214.249 443 SRPA* 0 0 20 10916 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:39:10.188796 0.065668 udp 10.0.2.109 3683 <-> 87.153.122.164 4545 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:10.237871 0.051198 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:11.271500 0.312944 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:12.629357 0.172506 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:12.745392 3.001440 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 20:39:13.143261 0.053309 tcp 10.0.2.109 50504 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:39:13.196939 0.032413 tcp 10.0.2.109 50505 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:39:13.229620 0.122712 tcp 10.0.2.109 50506 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:39:13.901042 2.997285 tcp 10.0.2.109 50507 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:39:15.746013 0.344704 udp 10.0.2.109 3683 <-> 78.38.124.5 3680 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:16.695500 0.334010 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:17.576612 0.164726 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:18.674017 0.153443 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:19.626921 0.216821 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:19.752761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:39:20.595418 2.919701 udp 10.0.2.109 3683 <-> 183.23.136.174 1354 CON 0 0 3 1248 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:25.277630 0.000000 tcp 10.0.2.109 50507 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:39:30.072350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:39:40.243430 0.053007 tcp 10.0.2.109 50508 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:39:40.296826 0.054113 tcp 10.0.2.109 50509 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:39:40.351232 0.179879 tcp 10.0.2.109 50510 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:39:40.531629 0.459935 udp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:40.964405 0.377529 udp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:41.676123 0.110537 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:42.068002 0.224527 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:42.526872 0.236613 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:42.696232 0.175826 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:43.150489 0.350752 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:43.498348 0.477806 udp 10.0.2.109 3683 <-> 23.125.20.39 7947 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:44.291653 0.268210 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:44.470130 0.112791 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:44.624347 1.100330 udp 10.0.2.109 3683 <-> 172.162.41.132 3573 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:45.100373 1.290938 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:45.880402 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:39:46.346773 0.480404 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:46.785470 0.198860 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:47.010935 0.236653 rtp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 1896 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:47.247180 0.123090 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:48.951393 0.213408 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:39:49.195529 0.402057 udp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/24 20:40:17.500522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:44:28.896912 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:44:28.897021 3.004089 tcp 10.0.2.109 50511 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:44:37.909846 0.000000 tcp 10.0.2.109 50511 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:44:43.900158 0.054325 tcp 10.0.2.109 50512 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:44:43.954785 0.055060 tcp 10.0.2.109 50513 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:44:44.010302 0.813427 tcp 10.0.2.109 50514 -> 195.113.214.249 443 SRPA* 0 0 73 78424 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:44:45.898969 2.996849 tcp 10.0.2.109 50515 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:44:54.894758 0.000000 tcp 10.0.2.109 50515 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:45:00.893696 0.031433 tcp 10.0.2.109 50516 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:45:00.925401 0.031548 tcp 10.0.2.109 50517 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:45:00.957227 0.129983 tcp 10.0.2.109 50518 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:45:02.271400 3.007811 tcp 10.0.2.109 50519 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:45:11.277882 0.000000 tcp 10.0.2.109 50519 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:45:17.267233 0.054220 tcp 10.0.2.109 50520 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:45:17.321713 0.031767 tcp 10.0.2.109 50521 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:45:17.353787 0.125460 tcp 10.0.2.109 50522 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:45:17.604081 3.007193 tcp 10.0.2.109 50523 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:45:26.619776 0.000000 tcp 10.0.2.109 50523 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:45:32.598745 2.994025 tcp 10.0.2.109 50524 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:45:42.052293 0.000000 tcp 10.0.2.109 50524 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:45:47.986043 2.963196 tcp 10.0.2.109 50525 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:45:56.872754 0.000000 tcp 10.0.2.109 50525 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:46:19.769796 3.000886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 20:46:26.776383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:46:34.777990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:46:50.780882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:47:24.483933 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:51:02.603645 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:51:02.603805 3.003485 tcp 10.0.2.109 50526 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:51:11.605714 0.000000 tcp 10.0.2.109 50526 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:51:20.401947 0.032370 tcp 10.0.2.109 50527 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:51:20.434600 0.054531 tcp 10.0.2.109 50528 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:51:20.489390 0.128578 tcp 10.0.2.109 50529 -> 195.113.214.249 443 SRPA* 0 0 32 17702 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:51:21.197488 2.961323 tcp 10.0.2.109 50530 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:51:30.084814 0.000000 tcp 10.0.2.109 50530 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:51:36.011871 1.414435 tcp 10.0.2.109 50531 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:51:37.426599 0.032703 tcp 10.0.2.109 50532 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:51:37.459591 0.144940 tcp 10.0.2.109 50533 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:51:37.772187 2.952026 tcp 10.0.2.109 50534 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:51:46.644707 0.000000 tcp 10.0.2.109 50534 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:51:52.551212 0.030980 tcp 10.0.2.109 50535 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:51:52.582465 0.054556 tcp 10.0.2.109 50536 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:51:52.637332 0.125624 tcp 10.0.2.109 50537 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:51:54.860087 2.956442 tcp 10.0.2.109 50538 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:52:03.730042 0.000000 tcp 10.0.2.109 50538 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:52:09.646175 2.961165 tcp 10.0.2.109 50539 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:52:18.525029 0.000000 tcp 10.0.2.109 50539 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:52:24.437499 2.956915 tcp 10.0.2.109 50540 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:52:33.309549 0.000000 tcp 10.0.2.109 50540 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:52:37.799965 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:56:30.807471 3.001250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 20:56:37.814998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:56:45.818199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:57:01.819399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:57:33.825439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 20:57:36.159406 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 20:57:36.159518 2.993715 tcp 10.0.2.109 50541 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:57:45.152049 0.000000 tcp 10.0.2.109 50541 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:57:51.161995 0.053663 tcp 10.0.2.109 50542 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:57:51.215925 0.054721 tcp 10.0.2.109 50543 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:57:51.270916 0.145785 tcp 10.0.2.109 50544 -> 195.113.214.249 443 SRPA* 0 0 35 19284 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:57:52.384258 3.002645 tcp 10.0.2.109 50545 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:58:01.384938 0.000000 tcp 10.0.2.109 50545 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:58:07.384222 0.053607 tcp 10.0.2.109 50546 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:58:07.438179 0.054771 tcp 10.0.2.109 50547 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:58:07.493170 0.138357 tcp 10.0.2.109 50548 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:58:07.681287 3.007126 tcp 10.0.2.109 50549 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:58:16.687313 0.000000 tcp 10.0.2.109 50549 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:58:22.676222 0.030850 tcp 10.0.2.109 50550 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:58:22.707353 0.033002 tcp 10.0.2.109 50551 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:58:22.740677 0.127209 tcp 10.0.2.109 50552 -> 195.113.214.249 443 SRPA* 0 0 21 12886 flow=From-Botnet-V1-TCP-Established 1970/02/24 20:58:23.537043 2.994515 tcp 10.0.2.109 50553 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:58:32.539517 0.000000 tcp 10.0.2.109 50553 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:58:38.538759 2.993862 tcp 10.0.2.109 50554 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:58:47.531717 0.000000 tcp 10.0.2.109 50554 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:58:53.540286 2.993873 tcp 10.0.2.109 50555 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:59:02.532939 0.000000 tcp 10.0.2.109 50555 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 20:59:07.224862 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:03:37.831686 3.001104 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 21:03:44.839081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:03:52.840371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:04:08.543529 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:04:08.543680 3.003432 tcp 10.0.2.109 50556 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:04:08.843597 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:04:17.555782 0.000000 tcp 10.0.2.109 50556 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:04:23.546413 0.033283 tcp 10.0.2.109 50557 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:04:23.579968 0.054279 tcp 10.0.2.109 50558 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:04:23.634714 0.141544 tcp 10.0.2.109 50559 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:04:23.979682 2.999879 tcp 10.0.2.109 50560 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:04:32.978369 0.000000 tcp 10.0.2.109 50560 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:04:40.140750 0.053150 tcp 10.0.2.109 50561 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:04:40.194361 0.032602 tcp 10.0.2.109 50562 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:04:40.227278 1.147590 tcp 10.0.2.109 50563 -> 195.113.214.249 443 SRPA* 0 0 74 78478 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:04:41.943955 2.963121 tcp 10.0.2.109 50564 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:04:41.987948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:04:50.832785 0.000000 tcp 10.0.2.109 50564 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:04:56.753532 0.030609 tcp 10.0.2.109 50565 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:04:56.784449 0.032288 tcp 10.0.2.109 50566 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:04:56.816995 0.151459 tcp 10.0.2.109 50567 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:04:57.487447 2.967774 tcp 10.0.2.109 50568 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:05:06.379242 0.000000 tcp 10.0.2.109 50568 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:05:12.301391 2.969327 tcp 10.0.2.109 50569 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:05:21.195586 0.000000 tcp 10.0.2.109 50569 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:05:27.119927 2.962834 tcp 10.0.2.109 50570 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:05:36.007184 0.000000 tcp 10.0.2.109 50570 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:05:40.701026 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:09:49.503680 0.000039 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:09:49.503768 0.000000 udp 10.0.2.109 3683 -> 193.90.52.69 9082 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 21:10:04.516276 0.032303 tcp 10.0.2.109 50571 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:10:04.548815 0.187097 tcp 10.0.2.109 50572 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:10:04.736173 0.144850 tcp 10.0.2.109 50573 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:10:04.881847 0.424422 rtp 10.0.2.109 3683 <-> 183.23.136.174 1354 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:05.278279 0.280743 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:06.023589 0.013831 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:06.081128 0.093069 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:06.155065 0.180791 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:06.628947 0.175528 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:06.793072 0.141324 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:07.259574 0.183816 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:07.436160 0.243036 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:07.642990 0.179226 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:07.818576 0.070832 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:08.163526 0.319802 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:08.789207 0.352996 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:09.138017 0.150040 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:09.286539 0.144236 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2524 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:09.389510 0.073089 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:10.660068 0.056140 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:10.851135 0.169709 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:12.383798 0.231923 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:12.605643 0.329682 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:13.575011 0.180558 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:15.100616 0.200639 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:16.445661 0.058635 rtp 10.0.2.109 3683 <-> 87.153.122.164 4545 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:16.863904 0.052782 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:17.008758 0.307623 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:17.364466 0.175406 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:17.515438 0.338522 udp 10.0.2.109 3683 <-> 78.38.124.5 3680 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:17.819673 0.334408 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:19.387587 0.157141 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 1949 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:19.710804 0.165189 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:19.903738 0.242671 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:20.107177 0.459308 rtp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:20.539394 0.375871 udp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:22.650755 0.871966 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:24.635403 0.173242 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:25.402819 0.226818 rtp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:25.639418 1.037575 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:26.628279 0.350214 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:28.203347 0.116751 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:28.310178 1.085216 rtp 10.0.2.109 3683 <-> 172.162.41.132 3573 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:28.787098 0.186047 udp 10.0.2.109 3683 <-> 23.125.20.39 7947 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:29.299176 0.146389 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:31.572087 1.018503 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:33.497679 0.483208 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:34.369180 0.198775 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:34.564220 0.235428 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:34.923675 0.147334 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2051 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:35.359226 0.219180 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:37.463507 0.422311 udp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:10:42.072560 3.107869 tcp 10.0.2.109 50574 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:10:45.492098 2.964356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 21:10:49.802319 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:10:51.116564 0.000000 tcp 10.0.2.109 50574 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:10:52.415161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:10:57.049827 0.340081 tcp 10.0.2.109 50575 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:10:57.390319 0.032891 tcp 10.0.2.109 50576 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:10:57.423502 0.143828 tcp 10.0.2.109 50577 -> 195.113.214.249 443 SRPA* 0 0 31 22208 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:10:57.788581 2.971200 tcp 10.0.2.109 50578 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:11:00.620859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:11:06.690037 0.000000 tcp 10.0.2.109 50578 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:11:12.615366 0.052678 tcp 10.0.2.109 50579 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:11:12.668376 0.032748 tcp 10.0.2.109 50580 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:11:12.701465 0.142041 tcp 10.0.2.109 50581 -> 195.113.214.249 443 SRPA* 0 0 27 11752 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:11:12.951084 2.961878 tcp 10.0.2.109 50582 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:11:16.434975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:11:21.839301 0.000000 tcp 10.0.2.109 50582 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:11:27.768747 0.031912 tcp 10.0.2.109 50583 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:11:27.801003 0.031637 tcp 10.0.2.109 50584 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:11:27.832971 0.125087 tcp 10.0.2.109 50585 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:11:28.132042 2.967903 tcp 10.0.2.109 50586 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:11:37.179345 0.000000 tcp 10.0.2.109 50586 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:11:43.097135 4.487062 tcp 10.0.2.109 50587 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:11:49.735214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:11:53.561111 0.000000 tcp 10.0.2.109 50587 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:11:59.499748 2.954719 tcp 10.0.2.109 50588 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:12:08.385596 0.000000 tcp 10.0.2.109 50588 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:17:12.711040 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:17:12.711230 2.993787 tcp 10.0.2.109 50589 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:17:21.703500 0.000000 tcp 10.0.2.109 50589 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:17:27.740250 0.032292 tcp 10.0.2.109 50590 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:17:27.772867 0.031618 tcp 10.0.2.109 50591 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:17:27.804753 0.146017 tcp 10.0.2.109 50592 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:17:28.071517 2.981391 tcp 10.0.2.109 50593 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:17:37.045439 0.000000 tcp 10.0.2.109 50593 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:17:43.044486 0.051859 tcp 10.0.2.109 50594 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:17:43.096602 0.033453 tcp 10.0.2.109 50595 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:17:43.130377 0.125606 tcp 10.0.2.109 50596 -> 195.113.214.249 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:17:43.579410 2.999723 tcp 10.0.2.109 50597 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:17:51.890094 3.000586 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 21:17:52.577670 0.000000 tcp 10.0.2.109 50597 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:17:58.577215 0.053584 tcp 10.0.2.109 50598 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:17:58.631151 0.032376 tcp 10.0.2.109 50599 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:17:58.663853 0.123605 tcp 10.0.2.109 50600 -> 195.113.214.249 443 SRPA* 0 0 20 11334 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:17:58.811978 3.008703 tcp 10.0.2.109 50601 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:17:58.897030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:18:06.908526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:18:07.819295 0.000000 tcp 10.0.2.109 50601 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:18:13.808729 2.993712 tcp 10.0.2.109 50602 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:18:22.800706 0.000000 tcp 10.0.2.109 50602 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:18:22.911251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:18:28.810331 2.993306 tcp 10.0.2.109 50603 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:18:39.020637 0.000000 tcp 10.0.2.109 50603 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:18:43.873361 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:18:55.931624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:23:43.813300 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:23:43.813444 3.003531 tcp 10.0.2.109 50604 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:23:52.815592 0.000000 tcp 10.0.2.109 50604 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:23:58.816351 0.032353 tcp 10.0.2.109 50605 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:23:58.848958 0.032768 tcp 10.0.2.109 50606 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:23:58.882032 0.128848 tcp 10.0.2.109 50607 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:24:00.316373 3.004469 tcp 10.0.2.109 50608 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:24:09.319433 0.000000 tcp 10.0.2.109 50608 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:24:15.308360 0.055872 tcp 10.0.2.109 50609 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:24:15.364527 0.032512 tcp 10.0.2.109 50610 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:24:15.397364 0.125000 tcp 10.0.2.109 50611 -> 195.113.214.249 443 SRPA* 0 0 51 28476 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:24:15.892539 3.000548 tcp 10.0.2.109 50612 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:24:24.891665 0.000000 tcp 10.0.2.109 50612 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:24:30.890830 0.031180 tcp 10.0.2.109 50613 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:24:30.921978 0.054650 tcp 10.0.2.109 50614 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:24:30.976924 0.128038 tcp 10.0.2.109 50615 -> 195.113.214.249 443 SRPA* 0 0 69 50084 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:24:31.314614 3.000730 tcp 10.0.2.109 50616 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:24:40.313866 0.000000 tcp 10.0.2.109 50616 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:24:46.312926 3.003793 tcp 10.0.2.109 50617 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:24:55.315600 0.000000 tcp 10.0.2.109 50617 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:24:58.923429 3.001667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 21:25:01.314423 3.003508 tcp 10.0.2.109 50618 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:25:05.930796 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:25:10.317121 0.000000 tcp 10.0.2.109 50618 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:25:13.932042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:25:15.213963 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:25:29.935137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:26:01.941508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:30:16.317428 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:30:16.317614 2.993943 tcp 10.0.2.109 50619 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:30:25.319874 0.000000 tcp 10.0.2.109 50619 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:30:31.320969 0.032315 tcp 10.0.2.109 50620 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:30:31.353686 0.055120 tcp 10.0.2.109 50621 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:30:31.409157 0.148446 tcp 10.0.2.109 50622 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:30:31.773789 2.999796 tcp 10.0.2.109 50623 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:30:40.772623 0.000000 tcp 10.0.2.109 50623 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:30:46.771869 1.167987 tcp 10.0.2.109 50624 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:30:47.940167 0.033045 tcp 10.0.2.109 50625 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:30:47.973547 0.122596 tcp 10.0.2.109 50626 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:30:48.229079 2.966050 tcp 10.0.2.109 50627 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:30:57.117996 0.000000 tcp 10.0.2.109 50627 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:31:03.037736 0.052305 tcp 10.0.2.109 50628 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:31:03.090488 0.031980 tcp 10.0.2.109 50629 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:31:03.122804 0.138179 tcp 10.0.2.109 50630 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:31:03.417831 2.965401 tcp 10.0.2.109 50631 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:31:12.306344 0.000000 tcp 10.0.2.109 50631 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:31:18.227871 2.965312 tcp 10.0.2.109 50632 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:31:27.115184 0.000000 tcp 10.0.2.109 50632 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:31:33.047607 2.961739 tcp 10.0.2.109 50633 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:31:41.937573 0.000000 tcp 10.0.2.109 50633 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:32:06.078722 2.961921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 21:32:12.999544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:32:20.956337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:32:36.959126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:33:08.965501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:39:12.971925 3.001116 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 21:39:19.978224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:39:27.979981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:39:43.983246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:40:15.989254 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:41:04.128836 0.000171 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:41:04.129126 0.000000 udp 10.0.2.109 3683 -> 183.23.136.174 1354 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 21:41:21.485864 0.054182 tcp 10.0.2.109 50634 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:41:21.540421 0.053892 tcp 10.0.2.109 50635 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:41:21.594578 0.145990 tcp 10.0.2.109 50636 -> 195.113.214.249 443 SRPA* 0 0 23 12578 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:41:21.741151 0.185724 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:21.924198 0.013558 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:21.989760 0.180002 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:22.150050 0.177383 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:22.306761 0.169930 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:22.466247 0.243609 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:22.675545 0.141205 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:22.777161 0.183839 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:22.954169 0.249636 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:23.200663 0.073782 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:23.998782 0.320083 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:24.626210 0.139140 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:25.262760 0.352932 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:26.161246 0.151292 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:26.310840 0.076090 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:27.434784 0.056377 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:27.980817 0.170939 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:28.196312 0.219897 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:28.537820 0.329852 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:31.357895 0.179547 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:31.592940 0.139375 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:31.833987 0.060143 rtp 10.0.2.109 3683 <-> 87.153.122.164 4545 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:31.936025 0.052400 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:32.539734 2.993865 tcp 10.0.2.109 50637 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:41:32.665910 0.310416 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:33.680999 0.173854 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:33.927580 0.345357 udp 10.0.2.109 3683 <-> 78.38.124.5 3680 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:34.235404 0.332744 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:34.760897 0.185598 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:34.937303 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 21:41:41.532054 0.000000 tcp 10.0.2.109 50637 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:41:47.541673 0.031729 tcp 10.0.2.109 50638 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:41:47.573735 0.032928 tcp 10.0.2.109 50639 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:41:47.606925 0.125734 tcp 10.0.2.109 50640 -> 195.113.214.249 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:41:47.940287 2.995605 tcp 10.0.2.109 50641 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:41:50.014960 0.031582 tcp 10.0.2.109 50642 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:41:50.046838 0.053414 tcp 10.0.2.109 50643 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:41:50.100583 0.125658 tcp 10.0.2.109 50644 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:41:50.226835 0.241611 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:50.431311 0.459755 udp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:50.863915 0.374521 udp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:51.385668 0.108981 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:51.452533 0.174603 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:51.779341 0.224304 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:52.041858 0.123409 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:52.134332 0.354973 rtp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:52.486334 0.110547 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:41:52.560998 0.000000 udp 10.0.2.109 3683 -> 172.162.41.132 3573 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 21:41:56.934395 0.000000 tcp 10.0.2.109 50641 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:42:08.081385 0.031860 tcp 10.0.2.109 50645 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:42:08.113522 0.031841 tcp 10.0.2.109 50646 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:42:08.145644 0.145240 tcp 10.0.2.109 50647 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:42:08.291484 0.179585 udp 10.0.2.109 3683 <-> 23.125.20.39 7947 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:42:08.463238 0.138548 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:42:08.594001 0.809577 rtp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:42:09.361512 0.480758 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:42:09.798810 0.193072 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:42:09.988359 0.234655 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:42:10.233054 0.118151 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:42:10.436986 0.213021 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:42:10.658864 0.426121 udp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/24 21:46:19.995506 3.001553 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 21:46:27.002861 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:46:35.004168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:46:51.007261 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:47:02.935035 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:47:02.935127 3.003382 tcp 10.0.2.109 50648 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:47:11.937454 0.000000 tcp 10.0.2.109 50648 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:47:17.937492 0.053665 tcp 10.0.2.109 50649 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:47:17.991449 0.055598 tcp 10.0.2.109 50650 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:47:18.047310 0.140050 tcp 10.0.2.109 50651 -> 195.113.214.249 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:47:19.177334 2.994562 tcp 10.0.2.109 50652 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:47:23.013341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:47:28.180597 0.000000 tcp 10.0.2.109 50652 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:47:34.169838 0.052856 tcp 10.0.2.109 50653 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:47:34.222981 0.031629 tcp 10.0.2.109 50654 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:47:34.254923 0.122265 tcp 10.0.2.109 50655 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:47:34.577342 2.996650 tcp 10.0.2.109 50656 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:47:43.572948 0.000000 tcp 10.0.2.109 50656 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:47:49.572190 0.053197 tcp 10.0.2.109 50657 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:47:49.625682 0.031887 tcp 10.0.2.109 50658 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:47:49.657864 0.144556 tcp 10.0.2.109 50659 -> 195.113.214.249 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:47:49.939092 2.996975 tcp 10.0.2.109 50660 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:47:58.934867 0.000000 tcp 10.0.2.109 50660 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:48:04.933885 3.003592 tcp 10.0.2.109 50661 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:48:13.936455 0.000000 tcp 10.0.2.109 50661 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:48:19.935205 3.004165 tcp 10.0.2.109 50662 -> 77.50.112.98 27555 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:48:28.938277 0.000000 tcp 10.0.2.109 50662 -> 77.50.112.98 27555 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:48:33.714601 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:53:34.938589 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:53:34.938752 2.993804 tcp 10.0.2.109 50663 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:53:43.940967 0.000000 tcp 10.0.2.109 50663 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:53:49.941826 0.033614 tcp 10.0.2.109 50664 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:53:49.975832 0.032567 tcp 10.0.2.109 50665 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:53:50.008709 0.126273 tcp 10.0.2.109 50666 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:53:51.217269 2.998424 tcp 10.0.2.109 50667 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:54:00.214798 0.000000 tcp 10.0.2.109 50667 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:54:06.213720 0.051672 tcp 10.0.2.109 50668 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:54:06.265697 0.032005 tcp 10.0.2.109 50669 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:54:06.297978 0.126931 tcp 10.0.2.109 50670 -> 195.113.214.249 443 SRPA* 0 0 33 18132 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:54:06.512748 3.127745 tcp 10.0.2.109 50671 -> 77.50.112.98 27555 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:54:08.201886 0.053523 tcp 10.0.2.109 50672 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:54:08.255686 0.032658 tcp 10.0.2.109 50673 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:54:08.288761 0.125008 tcp 10.0.2.109 50674 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:54:09.640745 2.991398 tcp 10.0.2.109 50675 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:54:18.640956 0.000000 tcp 10.0.2.109 50675 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:54:24.639520 2.994310 tcp 10.0.2.109 50676 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:54:33.632483 0.000000 tcp 10.0.2.109 50676 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:54:39.641182 1.671172 tcp 10.0.2.109 50677 -> 77.50.112.98 27555 FSPA* 0 0 14 1659 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:56:32.025794 3.001364 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 21:56:39.032932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:56:47.034019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:57:03.037342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:57:35.292550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 21:59:41.305744 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 21:59:41.305843 3.003152 tcp 10.0.2.109 50678 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:59:50.307637 0.000000 tcp 10.0.2.109 50678 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 21:59:56.308360 0.032320 tcp 10.0.2.109 50679 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:59:56.340974 0.054681 tcp 10.0.2.109 50680 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:59:56.395916 0.118681 tcp 10.0.2.109 50681 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/24 21:59:56.661598 3.009498 tcp 10.0.2.109 50682 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:00:05.679770 0.000000 tcp 10.0.2.109 50682 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:00:11.659189 0.052582 tcp 10.0.2.109 50683 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:00:11.712065 1.508634 tcp 10.0.2.109 50684 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:00:13.221017 0.123895 tcp 10.0.2.109 50685 -> 195.113.214.249 443 SRPA* 0 0 22 13148 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:00:13.692653 2.826207 tcp 10.0.2.109 50686 -> 77.50.112.98 27555 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:00:15.199129 0.051583 tcp 10.0.2.109 50687 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:00:15.250943 0.031592 tcp 10.0.2.109 50688 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:00:15.282851 0.124196 tcp 10.0.2.109 50689 -> 195.113.214.249 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:00:16.519143 3.000653 tcp 10.0.2.109 50690 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:00:25.518305 0.000000 tcp 10.0.2.109 50690 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:00:31.516848 3.004521 tcp 10.0.2.109 50691 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:00:40.530054 0.000000 tcp 10.0.2.109 50691 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:00:46.518400 1.611626 tcp 10.0.2.109 50692 -> 77.50.112.98 27555 FSPA* 0 0 14 1609 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:03:39.059318 3.001594 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 22:03:46.067038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:03:54.068440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:04:10.071336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:04:42.077082 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:05:48.124925 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 22:05:48.125021 3.001486 tcp 10.0.2.109 50693 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:05:57.125022 0.000000 tcp 10.0.2.109 50693 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:06:03.127594 0.053568 tcp 10.0.2.109 50694 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:03.181438 0.033289 tcp 10.0.2.109 50695 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:03.215012 0.128742 tcp 10.0.2.109 50696 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:03.414414 3.004103 tcp 10.0.2.109 50697 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:06:12.417280 0.000000 tcp 10.0.2.109 50697 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:06:18.406097 0.031056 tcp 10.0.2.109 50698 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:18.437499 0.032340 tcp 10.0.2.109 50699 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:18.470208 0.143471 tcp 10.0.2.109 50700 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:18.795207 2.819043 tcp 10.0.2.109 50701 -> 77.50.112.98 27555 FSPA* 0 0 14 1744 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:20.341347 0.054113 tcp 10.0.2.109 50702 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:20.395757 0.055017 tcp 10.0.2.109 50703 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:20.451049 0.148002 tcp 10.0.2.109 50704 -> 195.113.214.249 443 SRPA* 0 0 20 10710 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:06:21.614493 3.000305 tcp 10.0.2.109 50705 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:06:30.613235 0.000000 tcp 10.0.2.109 50705 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:06:36.612159 3.462271 tcp 10.0.2.109 50706 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:06:46.015148 0.000000 tcp 10.0.2.109 50706 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:06:51.964028 1.519557 tcp 10.0.2.109 50707 -> 77.50.112.98 27555 FSPA* 0 0 14 1744 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:10:46.083799 3.001324 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 22:10:53.090846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:11:01.102182 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:11:17.105216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:11:49.111184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:12:39.033384 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 22:12:39.033481 0.000000 udp 10.0.2.109 3683 -> 183.23.136.174 1354 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 22:12:55.147954 0.052790 tcp 10.0.2.109 50708 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:12:55.201036 0.031677 tcp 10.0.2.109 50709 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:12:55.233057 0.118509 tcp 10.0.2.109 50710 -> 195.113.214.249 443 SRPA* 0 0 33 18798 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:12:55.352139 0.268718 udp 10.0.2.109 3683 <-> 79.236.156.198 8699 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:12:55.580478 0.000000 udp 10.0.2.109 3683 -> 172.162.41.132 3573 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 22:13:08.165373 3.003734 tcp 10.0.2.109 50711 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:13:13.813053 0.052563 tcp 10.0.2.109 50712 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:13:13.865879 0.053815 tcp 10.0.2.109 50713 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:13:13.920061 0.143731 tcp 10.0.2.109 50714 -> 195.113.214.249 443 SRPA* 0 0 33 19424 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:13:14.064324 0.180706 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:15.013712 0.178503 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:15.172436 0.171046 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:16.276793 0.247233 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:16.488712 0.150440 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:17.144748 0.196862 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:17.167702 0.000000 tcp 10.0.2.109 50711 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:13:17.339062 0.013763 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:17.660395 0.176241 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:17.832542 0.179440 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:18.003980 0.083288 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:19.436689 0.327822 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:19.763097 0.560198 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:20.285637 0.354328 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:21.487799 0.150345 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:21.636368 0.075514 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:22.236569 0.055234 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:22.690760 0.163097 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:22.897411 0.216880 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:23.103497 0.329321 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:23.167050 0.030819 tcp 10.0.2.109 50715 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:13:23.198229 0.031133 tcp 10.0.2.109 50716 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:13:23.229649 0.126206 tcp 10.0.2.109 50717 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:13:24.524873 2.997719 tcp 10.0.2.109 50718 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:13:24.664729 0.182022 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:24.838684 0.094728 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:25.237810 0.052566 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:25.478965 0.064982 udp 10.0.2.109 3683 <-> 87.153.122.164 4545 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:25.684180 0.313274 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:26.169700 0.178873 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2536 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:26.689813 0.349961 udp 10.0.2.109 3683 <-> 78.38.124.5 3680 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:27.012347 0.340486 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:27.555066 0.163194 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:28.982244 0.370183 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:30.458637 0.448671 udp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:32.020229 0.181032 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:33.521396 0.000000 tcp 10.0.2.109 50718 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:13:33.711472 0.106691 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:35.132852 0.359528 udp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:35.546307 0.343172 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:35.886444 0.115298 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:36.210748 0.224612 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:36.433418 2.064271 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 11 4355 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:38.816653 0.386256 udp 10.0.2.109 3683 <-> 23.125.20.39 7947 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:39.830316 0.142137 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:39.963674 0.000000 udp 10.0.2.109 3683 -> 201.164.45.130 6822 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 22:13:57.666932 0.030730 tcp 10.0.2.109 50719 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:13:57.697950 0.032532 tcp 10.0.2.109 50720 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:13:57.730785 0.125687 tcp 10.0.2.109 50721 -> 195.113.214.249 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:13:57.857053 0.480925 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:13:58.296560 0.193182 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:14:00.620108 0.234555 rtp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:14:00.854854 0.121092 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:14:00.940959 0.221706 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:14:01.596203 0.424098 udp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 6 2057 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:17:53.118596 3.000489 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 22:18:00.124598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:18:08.126202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:18:24.128962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:18:39.521732 0.000076 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 22:18:39.521857 3.003643 tcp 10.0.2.109 50722 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:18:48.524230 0.000000 tcp 10.0.2.109 50722 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:18:54.963618 0.031557 tcp 10.0.2.109 50723 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:18:54.995469 0.053877 tcp 10.0.2.109 50724 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:18:55.049650 0.127750 tcp 10.0.2.109 50725 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:18:55.622864 2.970722 tcp 10.0.2.109 50726 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:18:56.561059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:19:04.534133 0.000000 tcp 10.0.2.109 50726 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/24 22:19:10.475634 0.031389 tcp 10.0.2.109 50727 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:19:10.507287 0.031766 tcp 10.0.2.109 50728 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:19:10.539350 0.146390 tcp 10.0.2.109 50729 -> 195.113.214.249 443 SRPA* 0 0 24 12594 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:19:10.742292 0.566283 tcp 10.0.2.109 50730 -> 188.129.248.221 6410 FSPA* 0 0 14 1722 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:25:00.141504 3.001340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 22:25:07.148564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:25:15.150390 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:25:31.152983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:26:03.159091 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:32:07.165177 3.001752 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 22:32:14.172758 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:32:22.734654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:32:38.536499 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:33:10.193153 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:39:14.199426 3.001362 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 22:39:21.206507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:39:29.207761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:39:45.211312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:40:17.217245 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:44:12.689318 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 22:44:12.689441 1.969531 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:14.604917 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 22:44:30.663385 0.032153 tcp 10.0.2.109 50731 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:44:30.695882 0.032648 tcp 10.0.2.109 50732 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:44:30.728787 0.143908 tcp 10.0.2.109 50733 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:44:30.873171 0.239380 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:31.092289 0.178203 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:33.268680 0.176985 rtp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:34.214608 0.244432 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:34.425365 0.141857 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:34.749091 0.013524 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:34.811454 0.198367 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:35.639941 0.169545 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:35.806344 0.183937 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:36.394182 0.073254 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:36.450388 0.333715 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:36.781111 0.527381 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:37.272912 0.346622 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:38.434751 0.149803 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:38.617202 0.073209 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:40.025903 0.054867 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:40.298675 0.167989 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:40.637315 0.220014 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:40.847971 0.335645 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:41.181110 0.051594 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:41.338878 0.000000 udp 10.0.2.109 3683 -> 87.153.122.164 4545 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 22:44:59.473557 0.051833 tcp 10.0.2.109 50734 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:44:59.525644 0.063893 tcp 10.0.2.109 50735 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:44:59.589797 0.126774 tcp 10.0.2.109 50736 -> 195.113.214.249 443 SRPA* 0 0 21 12468 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:44:59.717273 0.174977 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:44:59.884200 0.114091 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:00.205716 0.301293 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:00.603112 0.173963 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:00.776964 0.334959 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:01.167590 0.348083 udp 10.0.2.109 3683 <-> 78.38.124.5 3680 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:01.481394 0.159523 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:01.633062 0.247487 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:01.850024 0.454742 udp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:02.278378 0.173980 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:02.455834 0.371848 udp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:02.884507 0.113842 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:03.033262 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 22:45:21.595154 0.031131 tcp 10.0.2.109 50737 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:45:21.626571 0.054960 tcp 10.0.2.109 50738 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:45:21.681394 0.171222 tcp 10.0.2.109 50739 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:45:21.853315 0.114703 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:21.928258 0.335518 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:23.214840 0.167486 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:23.370697 0.181107 udp 10.0.2.109 3683 <-> 23.125.20.39 7947 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:23.543845 0.236982 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:25.703534 0.473242 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:26.130340 0.198366 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 1945 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:26.649099 0.221018 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:28.802755 0.234482 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:29.038474 0.118280 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:45:29.125293 0.410913 udp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 6 2661 flow=From-Botnet-V1-UDP-Established 1970/02/24 22:46:21.223801 3.001028 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 22:46:28.230599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:46:36.232344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:46:52.235040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:47:24.241216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:49:11.035057 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 22:49:11.035152 0.613194 tcp 10.0.2.109 50740 -> 188.129.248.221 6410 FSPA* 0 0 14 1661 flow=From-Botnet-V1-TCP-Established 1970/02/24 22:56:33.253264 3.001518 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 22:56:40.260696 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:56:48.261962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:57:04.265011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 22:57:38.303671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:03:40.287426 3.001365 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 23:03:47.294537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:03:55.296039 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:04:11.299060 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:04:43.304868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:10:47.311373 3.001139 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 23:10:54.318788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:11:02.319893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:11:18.322806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:11:50.329356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:15:54.510438 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 23:15:54.510527 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 142 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 23:16:12.948536 0.054966 tcp 10.0.2.109 50741 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:16:13.003791 0.031727 tcp 10.0.2.109 50742 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:16:13.035765 0.143068 tcp 10.0.2.109 50743 -> 195.113.214.249 443 SRPA* 0 0 33 18096 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:16:13.179628 0.000000 udp 10.0.2.109 3683 -> 87.153.122.164 4545 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 23:16:29.249927 0.030619 tcp 10.0.2.109 50744 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:16:29.280839 0.033488 tcp 10.0.2.109 50745 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:16:29.314582 0.148209 tcp 10.0.2.109 50746 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:16:29.463324 0.376219 udp 10.0.2.109 3683 <-> 113.98.11.99 5560 CON 0 0 2 766 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:16:45.834699 0.052004 tcp 10.0.2.109 50747 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:16:45.887018 0.032965 tcp 10.0.2.109 50748 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:16:45.920291 0.129577 tcp 10.0.2.109 50749 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:16:46.050511 2.090364 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:16:48.083013 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 285 flow=From-Botnet-V1-UDP-Attempt 1970/02/24 23:17:06.373898 0.052857 tcp 10.0.2.109 50750 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:17:06.427076 0.033171 tcp 10.0.2.109 50751 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:17:06.460546 0.144404 tcp 10.0.2.109 50752 -> 195.113.214.249 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:17:06.605638 0.178903 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:06.764065 0.261292 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:07.096532 0.174236 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:07.445957 0.127907 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:07.713674 0.013696 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:08.109458 0.191465 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:08.298348 0.179107 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:08.700019 0.334440 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:09.032832 0.190324 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:09.266957 0.074997 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:09.850385 0.555230 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:10.367784 0.354711 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:10.718412 0.145623 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:10.861674 0.076284 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:11.170324 0.055527 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:11.238379 0.170633 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:11.462894 0.332865 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:11.792862 0.234706 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:12.016584 0.052710 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2551 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:12.349244 0.176273 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:12.512181 0.180828 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:12.832090 0.091745 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:13.309058 0.307888 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:14.266281 0.151704 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:14.990427 0.333179 rtcp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:15.444981 0.348802 udp 10.0.2.109 3683 <-> 78.38.124.5 3680 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:15.768791 0.469275 rtp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:16.210529 0.245880 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:17.532695 0.176168 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:18.393282 0.369015 rtp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:20.114180 0.114261 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:21.129946 0.141849 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:21.886827 0.132517 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:21.999244 0.174476 udp 10.0.2.109 3683 <-> 23.125.20.39 7947 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:22.166498 0.347325 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:23.521421 0.284638 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2021 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:23.821577 0.198811 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:24.017763 0.519155 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:25.183094 0.219658 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:26.143263 0.236313 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:26.779962 0.118960 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:29.457084 0.411425 udp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:17:54.335438 3.001350 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 23:18:01.342354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:18:09.344012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:18:25.346784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:18:57.352807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:19:11.653826 0.000072 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 23:19:11.653975 0.572526 tcp 10.0.2.109 50753 -> 188.129.248.221 6410 FSPA* 0 0 14 1617 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:25:01.360035 3.000494 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 23:25:08.366592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:25:16.367893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:25:32.370829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:26:04.376973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:32:08.383317 3.001484 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 23:32:15.390072 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:32:23.391807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:32:39.394910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:33:11.400605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:39:15.407110 3.001414 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 23:39:22.414555 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:39:30.415831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:39:46.418908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:40:18.424706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:46:22.432002 3.000366 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/24 23:46:29.438158 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:46:37.439588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:46:53.442812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:47:25.580545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:47:41.166775 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 23:47:41.166890 0.101303 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:41.246115 1.986524 udp 10.0.2.109 3683 <-> 201.164.45.130 6822 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:43.172637 0.179184 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:43.944542 0.238346 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:44.146625 0.174669 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:45.002444 0.145171 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:45.109242 0.178459 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:45.482264 0.013437 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:45.537417 0.197400 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:46.068499 0.359402 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:46.880376 0.185575 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2544 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:50.138726 0.072190 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:50.973492 0.501395 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:51.633134 0.353737 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:51.982965 0.054446 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:52.069267 0.168492 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:52.445939 0.328210 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:52.800858 0.150674 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:53.141816 0.080043 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 1991 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:53.414961 0.175257 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:53.569403 0.221330 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2559 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:54.447327 0.052564 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:54.640544 0.184635 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:54.816848 0.090954 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:55.265596 0.307083 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:55.576831 0.345122 udp 10.0.2.109 3683 <-> 78.38.124.5 3680 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:55.881487 0.157207 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:56.030548 0.334273 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:56.375541 0.479546 udp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:56.828156 0.241065 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:57.030861 0.173017 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:57.273896 0.362259 rtp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:57.636027 0.113891 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:57.710564 0.111211 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:57.784091 0.152170 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:57.896544 0.176229 udp 10.0.2.109 3683 <-> 23.125.20.39 7947 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:58.065190 0.347567 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:58.409716 0.147339 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:58.539255 0.199387 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:58.827374 0.472887 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:59.256174 0.213314 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:59.506555 0.234216 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:47:59.794961 0.123835 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:48:00.042218 0.414586 udp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/24 23:49:12.233092 0.000096 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/24 23:49:12.233282 0.817603 tcp 10.0.2.109 50754 -> 188.129.248.221 6410 FSPA* 0 0 14 1678 flow=From-Botnet-V1-TCP-Established 1970/02/24 23:56:34.480351 3.002275 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/24 23:56:41.488591 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:56:49.489889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:57:05.493040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/24 23:57:37.498658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:03:41.505051 3.001610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 00:03:48.512134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:03:56.513536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:04:12.516748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:04:44.522896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:10:48.528904 3.001493 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 00:10:55.536092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:11:03.537729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:11:19.540630 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:11:51.546787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:17:55.552273 3.002191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 00:18:02.627249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:18:03.901092 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 00:18:03.901193 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 00:18:10.571601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:18:20.678182 0.052292 tcp 10.0.2.109 50755 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:18:20.730733 0.055078 tcp 10.0.2.109 50756 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:18:20.786081 0.143860 tcp 10.0.2.109 50757 -> 195.113.214.249 443 SRPA* 0 0 40 22642 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:18:20.931305 0.000000 udp 10.0.2.109 3683 -> 201.164.45.130 6822 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 00:18:26.574562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:18:38.161890 0.054661 tcp 10.0.2.109 50758 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:18:38.216866 0.053768 tcp 10.0.2.109 50759 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:18:38.270905 0.150612 tcp 10.0.2.109 50760 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:18:38.422117 0.179368 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:38.580601 0.368492 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:39.761516 0.172332 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:39.990718 0.149050 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:40.148303 0.178445 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:40.323660 0.014604 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:40.676562 0.192113 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:40.875837 0.327284 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:41.244612 0.183888 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:41.420945 0.071746 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:41.608100 0.529016 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:42.099043 0.168989 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:42.450637 0.328932 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:42.776969 0.354356 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:43.127553 0.055422 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:43.187762 0.150431 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:43.336057 0.073847 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:44.760904 0.173103 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:44.911685 0.231862 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:46.267605 0.045918 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:47.137062 0.179252 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:48.332494 0.118960 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:48.414492 0.303886 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:49.929510 0.341218 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:50.363386 0.344576 udp 10.0.2.109 3683 <-> 78.38.124.5 3680 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:50.968663 0.156774 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:51.902545 0.476492 udp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:52.349241 0.245547 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:53.176718 0.174808 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:53.581917 0.462625 rtp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2029 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:54.539145 0.107111 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:54.607673 0.111469 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:54.726199 0.186785 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:54.834591 0.178859 udp 10.0.2.109 3683 <-> 23.125.20.39 7947 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:55.023788 0.352889 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:55.373859 0.141194 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:55.507064 0.220050 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:56.218807 0.234274 rtp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:56.608439 0.199835 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:56.804419 0.487199 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:57.247963 0.121015 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:57.337720 0.415780 udp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:18:58.580679 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:19:13.051959 0.605252 tcp 10.0.2.109 50761 -> 188.129.248.221 6410 FSPA* 0 0 14 1691 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:25:02.586510 3.001725 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 00:25:09.594374 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:25:17.598689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:25:33.598655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:26:05.614699 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:32:09.620278 3.002155 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 00:32:16.627774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:32:24.629598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:32:40.632729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:33:12.638767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:39:16.644508 3.002003 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 00:39:23.651936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:39:31.653474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:39:47.656616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:40:19.662563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:46:23.668130 3.002259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 00:46:30.676031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:46:38.677171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:46:54.680666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:47:26.686843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:49:13.611223 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 00:49:13.611323 0.575390 tcp 10.0.2.109 50762 -> 188.129.248.221 6410 FSPA* 0 0 14 1612 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:49:18.617913 0.093858 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:18.692517 0.000000 udp 10.0.2.109 3683 -> 201.164.45.130 6822 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 00:49:33.961353 0.054264 tcp 10.0.2.109 50763 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:49:34.015910 0.054501 tcp 10.0.2.109 50764 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:49:34.070703 0.150079 tcp 10.0.2.109 50765 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:49:34.221313 0.175307 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:34.378068 0.238641 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:34.791176 0.175158 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:34.963694 0.013728 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:35.193303 0.177355 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:35.359470 0.148254 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:35.821266 0.197957 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:36.841286 0.344695 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:37.480422 0.189087 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:38.747693 0.065219 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:38.833741 0.363590 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:39.911911 0.592734 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:40.466061 0.164604 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:41.075927 0.356367 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:42.349908 0.054985 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:42.531446 0.150551 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:42.696678 0.068153 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:43.425576 0.175396 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:43.578817 0.230721 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:44.731579 0.051520 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:45.131031 0.178385 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2017 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:46.331258 1.059608 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:47.354466 0.309821 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:48.649904 0.404568 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:49:49.113595 0.000000 udp 10.0.2.109 3683 -> 78.38.124.5 3680 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 00:50:06.487146 0.053201 tcp 10.0.2.109 50766 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:50:06.540697 0.054554 tcp 10.0.2.109 50767 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:50:06.595511 0.146950 tcp 10.0.2.109 50768 -> 195.113.214.249 443 SRPA* 0 0 37 19732 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:50:06.743236 0.164689 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:06.899997 0.460915 udp 10.0.2.109 3683 <-> 182.93.184.4 7222 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:07.390649 0.244974 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:07.670536 0.179713 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:08.475272 0.112833 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:09.128357 0.360660 udp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:09.831007 0.113827 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:09.971535 0.164090 rtp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:10.858444 0.000000 udp 10.0.2.109 3683 -> 23.125.20.39 7947 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 00:50:28.858482 0.052612 tcp 10.0.2.109 50769 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:50:28.911349 0.054750 tcp 10.0.2.109 50770 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:50:28.966475 0.147357 tcp 10.0.2.109 50771 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/25 00:50:29.114382 0.408129 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:30.145094 0.262248 rtcp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:30.413642 0.199253 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:31.536520 0.217067 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:32.071820 0.331583 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:33.216163 0.524848 rtp 10.0.2.109 3683 <-> 1.234.161.124 1251 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:34.460143 0.473783 udp 10.0.2.109 3683 <-> 1.4.147.250 4081 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:50:35.666030 0.125777 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/25 00:56:30.701321 3.001734 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 00:56:37.709404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:56:45.710196 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:57:01.713497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 00:57:33.718984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:03:37.737094 2.999283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 01:03:44.742840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:03:52.744121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:04:08.747328 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:04:40.753562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:10:44.759209 3.001142 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 01:10:51.766847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:10:59.768137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:11:15.771063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:11:47.777088 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:17:51.783281 3.001756 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 01:17:58.790527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:18:06.802252 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:18:22.805423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:18:54.811089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:19:14.199942 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 01:19:14.200173 0.590368 tcp 10.0.2.109 50772 -> 188.129.248.221 6410 FSPA* 0 0 14 1628 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:20:42.326119 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 01:20:42.326281 0.318259 udp 10.0.2.109 3683 -> 78.38.124.5 3680 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:20:42.644540 0.000000 icmp 78.38.124.5 0x0303 -> 10.0.2.109 0x600e URP 192 1 230 flow=Background 1970/02/25 01:21:00.123347 0.056038 tcp 10.0.2.109 50773 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:21:00.179729 0.054650 tcp 10.0.2.109 50774 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:21:00.234751 0.147171 tcp 10.0.2.109 50775 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:21:00.382592 0.000000 udp 10.0.2.109 3683 -> 23.125.20.39 7947 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:21:16.655906 1.177986 tcp 10.0.2.109 50776 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:21:17.834226 0.054953 tcp 10.0.2.109 50777 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:21:17.889464 0.155013 tcp 10.0.2.109 50778 -> 195.113.214.249 443 SRPA* 0 0 46 40006 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:21:18.045218 0.095091 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:18.120072 0.241568 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:18.838430 0.181033 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:20.406600 0.170764 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:20.837464 0.013804 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:21.005905 0.171216 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:21.911811 0.136088 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:22.010395 0.191617 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:22.199743 0.327316 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:22.525825 0.184987 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:23.029531 0.067132 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:23.081980 0.324767 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:23.584908 0.141077 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:23.688407 0.163575 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:23.853184 0.151149 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:24.555841 0.354226 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:24.905968 0.056735 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:25.239846 0.174114 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:25.664856 0.074515 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:25.719898 0.220138 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:25.929475 0.051772 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:26.305787 0.182592 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:26.480069 0.516364 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:27.201572 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:21:45.466327 0.053990 tcp 10.0.2.109 50779 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:21:45.520649 0.066920 tcp 10.0.2.109 50780 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:21:45.587873 0.216146 tcp 10.0.2.109 50781 -> 195.113.214.249 443 SRPA* 0 0 35 27788 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:21:45.804553 0.896502 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:48.890853 0.264733 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:50.463099 0.163769 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:21:50.935007 0.000000 udp 10.0.2.109 3683 -> 182.93.184.4 7222 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:22:06.229520 0.053054 tcp 10.0.2.109 50782 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:22:06.282897 0.054635 tcp 10.0.2.109 50783 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:22:06.337858 0.151939 tcp 10.0.2.109 50784 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:22:06.490364 0.175252 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:06.650156 0.112891 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:07.120826 0.115399 rtp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:09.065349 0.369605 udp 10.0.2.109 3683 <-> 219.75.7.76 2079 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:11.378185 1.232890 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:12.537528 0.350977 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:12.885857 0.146783 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:14.100880 0.193728 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:14.371048 0.227243 rtp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:15.373557 0.236208 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:22:16.512048 0.000000 udp 10.0.2.109 3683 -> 1.234.161.124 1251 INT 0 1 177 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:22:36.770931 0.053543 tcp 10.0.2.109 50785 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:22:36.824412 0.056638 tcp 10.0.2.109 50786 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:22:36.881332 0.326316 tcp 10.0.2.109 50787 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:22:37.208221 0.000000 udp 10.0.2.109 3683 -> 1.4.147.250 4081 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:22:54.159495 0.052448 tcp 10.0.2.109 50788 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:22:54.212297 0.056014 tcp 10.0.2.109 50789 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:22:54.268584 0.158090 tcp 10.0.2.109 50790 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:22:54.427231 0.125146 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:24:59.180667 2.960776 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 01:25:06.102295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:25:14.007329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:25:30.633757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:26:02.245594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:32:05.851455 3.001353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 01:32:12.858871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:32:20.860148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:32:36.863199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:33:08.869268 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:39:12.876182 3.000705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 01:39:19.883610 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:39:27.884540 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:39:45.495835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:40:17.121588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:46:19.908829 3.002064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 01:46:26.916436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:46:35.467031 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:46:51.264103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:47:22.937258 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:49:14.798339 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 01:49:14.798446 0.465850 tcp 10.0.2.109 50791 -> 188.129.248.221 6410 FSPA* 0 0 14 1655 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:52:55.375419 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 01:52:55.375619 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:53:13.873664 0.054743 tcp 10.0.2.109 50792 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:53:13.928750 0.060234 tcp 10.0.2.109 50793 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:53:13.989399 0.148675 tcp 10.0.2.109 50794 -> 195.113.214.249 443 SRPA* 0 0 40 20778 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:53:14.138676 0.000000 udp 10.0.2.109 3683 -> 182.93.184.4 7222 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:53:32.419391 0.052123 tcp 10.0.2.109 50795 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:53:32.471869 0.059790 tcp 10.0.2.109 50796 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:53:32.531986 0.149689 tcp 10.0.2.109 50797 -> 195.113.214.249 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:53:32.682931 0.000000 udp 10.0.2.109 3683 -> 1.234.161.124 1251 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:53:50.354746 0.056250 tcp 10.0.2.109 50798 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:53:50.411277 0.057102 tcp 10.0.2.109 50799 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:53:50.468694 0.145954 tcp 10.0.2.109 50800 -> 195.113.214.249 443 SRPA* 0 0 31 19438 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:53:50.615411 0.000000 udp 10.0.2.109 3683 -> 1.4.147.250 4081 INT 0 1 95 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:54:08.541114 0.053053 tcp 10.0.2.109 50801 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:54:08.594426 0.056567 tcp 10.0.2.109 50802 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:54:08.651325 0.152836 tcp 10.0.2.109 50803 -> 195.113.214.249 443 SRPA* 0 0 26 13366 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:54:08.804732 0.256001 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:09.024497 0.097872 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2567 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:09.256675 0.171996 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2012 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:10.292803 0.171474 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:11.799724 0.018932 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:11.851772 0.357975 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:12.779049 0.199621 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:13.556847 0.242016 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:14.277123 0.142891 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:14.652644 0.183830 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:15.772831 0.170490 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:16.090991 0.564891 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:16.884155 0.325927 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:17.207375 0.067020 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:18.252199 0.151020 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:19.350513 0.055156 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:20.536970 0.348986 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:20.882368 0.177056 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:21.036213 0.072523 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:21.988429 0.045934 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:22.030616 0.242803 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:23.914498 0.182944 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:24.350508 0.123156 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:24.554753 0.326759 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:25.923098 0.246248 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:26.157958 0.156805 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:26.333179 0.175798 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:26.885836 0.115080 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:27.079835 0.107695 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:27.146204 0.000000 udp 10.0.2.109 3683 -> 219.75.7.76 2079 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 01:54:45.073671 0.052544 tcp 10.0.2.109 50804 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:54:45.126458 0.054757 tcp 10.0.2.109 50805 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:54:45.181551 0.144966 tcp 10.0.2.109 50806 -> 195.113.214.249 443 SRPA* 0 0 26 13990 flow=From-Botnet-V1-TCP-Established 1970/02/25 01:54:45.327107 0.141031 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:45.429994 0.341766 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:45.768820 0.146273 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:45.907996 0.198865 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 1974 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:46.320396 0.218909 rtp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2455 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:46.930547 0.234367 udp 10.0.2.109 3683 <-> 158.108.84.15 5478 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:54:47.166943 0.121661 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/25 01:56:29.946260 3.001590 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 01:56:36.963660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:56:44.965187 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:57:00.968177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 01:57:32.974469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:03:36.980856 3.001016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 02:03:43.987847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:03:51.989414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:04:07.992026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:04:39.997992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:10:44.004668 3.001163 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 02:10:51.012851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:10:59.013117 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:11:15.016823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:11:47.022377 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:17:51.028345 3.001269 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 02:17:58.036868 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:18:06.036998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:18:22.040216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:18:54.046133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:19:15.287381 0.844092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 02:19:16.131676 0.687571 tcp 10.0.2.109 50807 -> 188.129.248.221 6410 FSPA* 0 0 14 1688 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:24:58.052784 3.001221 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 02:25:01.104445 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 02:25:01.104565 2.528147 udp 10.0.2.109 3683 -> 219.75.7.76 2079 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 02:25:03.632712 0.000000 icmp 219.75.7.76 0x0103 -> 10.0.2.109 0xdb4b URH 192 1 300 flow=Background 1970/02/25 02:25:05.065515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:25:13.061129 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:25:19.592389 0.058931 tcp 10.0.2.109 50808 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:25:19.651588 0.057417 tcp 10.0.2.109 50809 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:25:19.709323 0.149367 tcp 10.0.2.109 50810 -> 195.113.214.249 443 SRPA* 0 0 48 28026 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:25:19.859530 0.257496 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:20.079403 0.100284 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:20.300609 0.173361 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:20.463519 0.178023 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:20.619228 0.013697 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:20.811506 0.337650 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:21.259248 0.188653 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:21.445215 0.154076 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:21.685473 0.179988 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:22.031534 0.168274 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:22.878367 0.190053 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:23.061906 0.325282 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:23.820927 0.146095 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:24.356553 0.063512 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2075 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:24.760801 0.150549 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:25.143637 0.054677 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:25.234715 0.355252 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:25.586350 0.177741 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:25.771041 0.072909 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:25.887534 0.045919 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:25.929981 0.229893 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2108 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:26.149695 0.181491 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:26.323063 1.174559 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:27.463439 0.244220 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:27.793089 0.360673 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:28.443368 0.156662 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:28.591624 0.118017 rtp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:28.668246 0.113012 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:28.753636 0.174754 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:29.041920 1.052327 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:29.064371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:25:30.052591 0.783039 rtp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:30.850785 0.139977 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:30.982847 0.198875 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:31.178942 0.149440 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:31.328019 0.213022 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:25:31.654514 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 02:25:49.874806 0.052892 tcp 10.0.2.109 50811 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:25:49.927958 0.055455 tcp 10.0.2.109 50812 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:25:49.983713 0.160923 tcp 10.0.2.109 50813 -> 195.113.214.249 443 SRPA* 0 0 25 13938 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:26:01.070150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:32:05.076216 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 02:32:12.083656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:32:20.085095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:32:36.088528 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:33:08.094887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:39:12.100764 3.000944 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 02:39:19.107619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:39:27.109004 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:39:43.112042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:40:15.921034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:46:19.134438 3.001311 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 02:46:26.141509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:46:34.147982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:46:50.146194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:47:22.151858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:49:15.995815 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 02:49:15.995993 0.506009 tcp 10.0.2.109 50814 -> 188.129.248.221 6410 FSPA* 0 0 14 1583 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:56:20.746682 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 02:56:20.746847 0.000000 udp 10.0.2.109 3683 -> 158.108.84.15 5478 INT 0 1 106 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 02:56:30.162682 3.001468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 02:56:36.410688 0.052459 tcp 10.0.2.109 50815 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:56:36.463434 0.055472 tcp 10.0.2.109 50816 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:56:36.519190 0.149594 tcp 10.0.2.109 50817 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:56:36.669343 0.169016 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2034 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:36.827516 0.178139 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:37.069474 0.014243 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:37.170353 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:56:37.185597 0.257840 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:37.408911 0.093707 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:37.513346 0.197443 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:37.719123 0.139489 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:37.818863 0.359835 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:38.279207 0.175620 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:38.743016 0.190403 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:39.254530 0.171827 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:40.569070 0.330971 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:40.897119 0.133882 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:41.756890 0.072703 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:42.640170 0.353820 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:42.989909 0.175391 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:43.400151 0.144930 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:43.665950 0.056593 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:44.212282 0.282303 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:56:44.519220 0.000000 udp 10.0.2.109 3683 -> 108.70.165.164 4638 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 02:56:45.171421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:57:00.674263 0.052219 tcp 10.0.2.109 50818 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:57:00.726759 0.054953 tcp 10.0.2.109 50819 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:57:00.782000 0.149879 tcp 10.0.2.109 50820 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/25 02:57:00.932380 0.071046 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:00.986173 0.050975 udp 10.0.2.109 3683 <-> 87.167.235.99 8279 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:01.132630 0.574516 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:01.174707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 02:57:01.672538 0.249646 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:01.987798 0.115642 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:02.060278 0.115598 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:02.675303 0.376768 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:03.053394 0.160469 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:03.205010 0.426449 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:03.597573 0.150501 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:03.886878 0.349036 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:04.260069 0.213398 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:04.512930 0.199096 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:04.708485 0.277110 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:05.391007 0.115864 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/25 02:57:33.180606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:03:37.187340 3.000813 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 03:03:44.193912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:03:52.195710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:04:08.197842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:04:40.204922 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:10:44.210555 3.001807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 03:10:51.217782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:10:59.219309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:11:15.222466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:11:47.228542 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:17:51.234744 3.001382 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 03:17:58.241889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:18:06.243500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:18:22.246382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:18:54.253753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:19:16.504954 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 03:19:16.505058 1.941387 tcp 10.0.2.109 50821 -> 188.129.248.221 6410 FSPA* 0 0 14 1540 flow=From-Botnet-V1-TCP-Established 1970/02/25 03:24:58.258072 3.001866 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 03:25:05.265880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:25:13.267192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:25:29.270605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:26:01.276500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:27:25.558074 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 03:27:25.558193 0.182844 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:25.731587 0.013837 rtcp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:27.120107 0.171140 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:28.173130 0.179459 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2490 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:28.535241 0.148447 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:29.651584 0.236953 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:29.853195 0.097886 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:30.323785 0.187933 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:30.629732 0.324902 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:30.958589 0.182855 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2046 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:31.137024 0.184042 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:31.313827 0.169030 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:31.484108 0.325862 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:31.807373 0.146263 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2535 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:31.920284 0.065148 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:31.987213 0.353749 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:32.515807 0.150125 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:32.702794 0.176027 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:32.919490 0.054123 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:33.031697 0.220325 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:35.494882 0.076473 rtp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:35.551881 0.000000 udp 10.0.2.109 3683 -> 87.167.235.99 8279 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 03:27:53.079341 0.055142 tcp 10.0.2.109 50822 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 03:27:53.134807 0.054115 tcp 10.0.2.109 50823 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 03:27:53.189267 0.149761 tcp 10.0.2.109 50824 -> 195.113.214.249 443 SRPA* 0 0 47 35358 flow=From-Botnet-V1-TCP-Established 1970/02/25 03:27:53.339896 0.288269 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:53.591160 0.217636 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:54.284934 0.115061 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:55.082057 0.113703 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:55.755914 0.382079 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:56.146507 0.167620 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:56.456400 0.177481 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:56.783558 0.117543 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:57.481029 0.347717 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:57.825261 0.220439 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:58.413559 0.197580 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:58.608116 0.149666 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2008 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:27:59.234329 0.126456 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:32:05.282608 3.003175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 03:32:12.290027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:32:20.291410 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:32:36.294667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:33:08.300198 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:39:12.306018 3.001985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 03:39:19.314726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:39:27.315301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:39:43.318262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:40:15.324127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:46:19.330793 3.001004 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 03:46:26.337726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:46:34.339205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:46:50.344398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:47:22.348605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:49:18.445830 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 03:49:18.446004 1.111389 tcp 10.0.2.109 50825 -> 188.129.248.221 6410 FSPA* 0 0 14 1586 flow=From-Botnet-V1-TCP-Established 1970/02/25 03:56:31.360365 3.004960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 03:56:38.367467 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:56:46.369298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:57:02.372270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:57:35.308713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 03:58:07.215584 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 03:58:07.215735 0.000000 udp 10.0.2.109 3683 -> 87.167.235.99 8279 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 03:58:25.458995 0.053152 tcp 10.0.2.109 50826 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 03:58:25.512404 0.059175 tcp 10.0.2.109 50827 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 03:58:25.571855 0.147463 tcp 10.0.2.109 50828 -> 195.113.214.249 443 SRPA* 0 0 46 40860 flow=From-Botnet-V1-TCP-Established 1970/02/25 03:58:25.719898 0.179422 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:26.156753 0.014276 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:26.190775 0.169585 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:26.349116 0.178076 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:26.717474 0.259061 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:26.938677 0.142010 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:28.164327 0.091555 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 5 1785 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:28.367074 0.192500 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:31.809426 0.349191 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:32.269157 0.168696 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:33.937818 0.331595 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:35.574300 0.183475 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:36.893232 0.171367 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:37.626906 0.359375 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:37.982296 0.150401 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:38.130832 0.066736 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:38.535892 0.140590 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:39.073449 0.172982 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:39.224974 0.057049 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:39.578378 0.072843 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:39.634797 0.218920 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:39.953189 0.301627 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:41.346222 0.222872 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:41.533150 0.723957 rtp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:42.306337 0.111768 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:42.380635 0.389156 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 1990 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:42.810551 0.157847 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:42.960657 0.172686 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:44.117885 0.153763 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:44.601305 0.336162 rtp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:44.934661 0.219951 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2073 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:45.397652 0.198480 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:45.593503 0.205403 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/25 03:58:46.348633 0.116359 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:03:38.394621 3.001456 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 04:03:45.401975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:03:53.403524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:04:09.406093 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:04:41.412573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:10:45.418774 3.001087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 04:10:52.425708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:11:00.427240 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:11:16.430160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:11:48.446384 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:17:52.452072 3.001617 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 04:18:02.609280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:18:10.497957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:18:26.285612 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:19:01.830324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:19:25.569096 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 04:19:25.569262 0.546620 tcp 10.0.2.109 50829 -> 188.129.248.221 6410 FSPA* 0 0 14 1727 flow=From-Botnet-V1-TCP-Established 1970/02/25 04:25:00.775320 2.963023 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 04:25:07.683202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:25:15.570770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:25:31.354455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:26:02.915086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:28:51.537590 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 04:28:51.537735 0.178271 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:28:51.709560 0.177940 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:28:52.391500 0.013896 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:28:52.725701 0.174657 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:28:53.053349 0.256126 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:28:53.270927 0.147845 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:28:53.475353 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 04:29:09.445239 0.054067 tcp 10.0.2.109 50830 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 04:29:09.499600 0.061786 tcp 10.0.2.109 50831 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 04:29:09.561705 0.146898 tcp 10.0.2.109 50832 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/25 04:29:09.709126 0.198560 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:09.904948 0.346367 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:10.305739 0.168265 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:10.549350 0.330897 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:10.877487 0.190143 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:11.060438 0.170168 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:11.226323 0.347195 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:11.569710 0.150143 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:12.625718 0.071987 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:12.830661 0.930529 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:13.725551 0.175695 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:14.083949 0.232731 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:14.306583 0.056698 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:14.422966 0.227955 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:14.847179 0.090838 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:14.900939 0.224859 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:15.155242 0.107698 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:15.266032 0.113800 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:15.385488 0.385604 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:15.828824 0.210761 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:16.038875 0.450275 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:16.452784 0.148784 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:16.613298 0.382137 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:16.992546 0.216338 rtp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:17.209114 0.199288 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:18.274348 0.215750 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:29:18.892883 0.126611 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:32:06.519651 3.002206 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 04:32:13.527197 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:32:21.528664 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:32:37.537942 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:33:09.538053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:39:13.545049 3.000551 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 04:39:20.551434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:39:28.553271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:39:44.556475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:40:16.561909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:46:20.570515 2.998962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 04:46:27.575500 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:46:35.576881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:46:51.579863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:47:23.586312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:49:20.124180 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 04:49:20.124323 0.639124 tcp 10.0.2.109 50833 -> 188.129.248.221 6410 FSPA* 0 0 14 1543 flow=From-Botnet-V1-TCP-Established 1970/02/25 04:56:32.608302 3.001404 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 04:56:39.615442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:56:47.626471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:57:03.630280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:57:36.145707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 04:59:25.143708 1.199607 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 04:59:26.343458 0.093269 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:26.415917 0.182809 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:28.295179 0.179566 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:28.474571 0.013832 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:28.890431 0.245550 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:29.099960 0.173397 udp 10.0.2.109 3683 <-> 97.67.98.34 2636 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:29.414341 0.150148 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:29.744624 0.197719 rtcp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:29.951867 0.345674 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:30.423499 0.170274 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:30.691306 0.179904 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:30.868374 0.354087 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:34.293681 0.371948 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:36.142119 0.183813 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:36.427287 0.150659 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:37.535712 0.076315 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:37.598627 0.720858 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:38.566862 0.173952 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:38.915648 0.221189 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:39.180710 0.055372 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:39.238323 0.073905 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:41.040162 0.115717 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:41.114364 0.116258 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:42.306333 0.384146 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:42.783625 0.180108 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:42.926874 0.282938 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:43.175111 0.165777 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:45.148407 0.587191 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:45.700781 0.463977 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:46.385824 0.364418 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:46.747525 0.213220 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:47.210901 0.231968 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2015 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:47.446989 0.245879 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/25 04:59:47.676635 0.619581 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:03:39.651794 3.001879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 05:03:46.659421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:03:54.661658 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:04:10.664139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:04:42.670095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:10:46.676006 3.001951 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 05:10:53.684908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:11:01.685007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:11:19.801577 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:11:52.601100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:17:53.720428 3.001437 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 05:18:00.727594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:18:08.728461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:18:24.731945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:18:56.737960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:19:20.773232 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 05:19:20.773356 0.676098 tcp 10.0.2.109 50834 -> 188.129.248.221 6410 FSPA* 0 0 14 1703 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:25:00.744804 3.000806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 05:25:07.751683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:25:15.752968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:25:31.755982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:26:03.761917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:29:52.491342 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 05:29:52.491502 0.094047 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:29:52.566469 0.013662 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:29:53.065736 0.179810 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:29:53.238673 0.176232 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:29:55.794877 0.247257 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:29:56.004460 0.000000 udp 10.0.2.109 3683 -> 97.67.98.34 2636 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 05:30:12.632207 0.053251 tcp 10.0.2.109 50835 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:30:12.685783 0.055597 tcp 10.0.2.109 50836 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:30:12.741640 0.147934 tcp 10.0.2.109 50837 -> 195.113.214.249 443 SRPA* 0 0 25 12648 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:30:12.890042 0.153467 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:13.002949 0.191421 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:13.465501 0.340830 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:14.103728 0.556327 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:14.645031 0.175926 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:15.761174 0.353089 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:16.110779 0.325529 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:17.083655 0.194390 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:17.270246 0.150378 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:17.708796 0.070034 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:17.762789 0.136089 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:18.673107 0.175526 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:18.825588 0.220133 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:19.374541 0.054808 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:19.606199 0.076988 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:19.794889 0.104736 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 1988 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:19.863359 0.180110 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:20.005975 0.362133 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:20.411410 0.202159 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:20.577063 0.000000 udp 10.0.2.109 3683 -> 74.181.66.253 5463 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 05:30:37.235825 0.053691 tcp 10.0.2.109 50838 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:30:37.289867 0.056591 tcp 10.0.2.109 50839 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:30:37.346691 0.156135 tcp 10.0.2.109 50840 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:30:37.503318 0.159281 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:37.651578 0.375820 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 1974 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:38.110955 0.155661 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:38.271139 0.000000 udp 10.0.2.109 3683 -> 114.38.30.77 1995 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 05:30:54.150510 0.052644 tcp 10.0.2.109 50841 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:30:54.203454 0.055298 tcp 10.0.2.109 50842 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:30:54.259048 0.152311 tcp 10.0.2.109 50843 -> 195.113.214.249 443 SRPA* 0 0 34 28360 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:30:54.412346 0.266048 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:55.986012 0.200308 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2635 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:57.735589 0.139351 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:30:58.952846 0.114628 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2055 flow=From-Botnet-V1-UDP-Established 1970/02/25 05:32:07.767028 3.002679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 05:32:14.775302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:32:22.776567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:32:38.780108 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:33:10.785379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:39:14.791670 3.001555 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 05:39:21.799383 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:39:29.800388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:39:45.803750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:40:17.810475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:46:21.817942 2.999728 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 05:46:28.824811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:46:36.824898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:46:52.827958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:47:24.833774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:49:21.452063 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 05:49:21.452224 0.559754 tcp 10.0.2.109 50844 -> 188.129.248.221 6410 FSPA* 0 0 14 1589 flow=From-Botnet-V1-TCP-Established 1970/02/25 05:56:33.846322 3.001131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 05:56:40.853382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:56:48.854798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:57:04.857670 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 05:57:36.863818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:01:29.428621 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 06:01:29.428735 0.000000 udp 10.0.2.109 3683 -> 97.67.98.34 2636 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 06:01:45.242740 0.099787 tcp 10.0.2.109 50845 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:01:45.342738 0.057886 tcp 10.0.2.109 50846 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:01:45.400918 0.165056 tcp 10.0.2.109 50847 -> 195.113.214.249 443 SRPA* 0 0 41 24118 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:01:45.566700 0.000000 udp 10.0.2.109 3683 -> 74.181.66.253 5463 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 06:02:04.479235 0.054233 tcp 10.0.2.109 50848 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:02:04.533987 0.055576 tcp 10.0.2.109 50849 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:02:04.589878 0.126565 tcp 10.0.2.109 50850 -> 195.113.214.249 443 SRPA* 0 0 33 24742 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:02:04.717094 0.396240 udp 10.0.2.109 3683 <-> 114.38.30.77 1995 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:05.110750 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 06:02:21.644028 0.054636 tcp 10.0.2.109 50851 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:02:21.698934 0.074169 tcp 10.0.2.109 50852 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:02:21.773380 0.146599 tcp 10.0.2.109 50853 -> 195.113.214.249 443 SRPA* 0 0 33 18134 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:02:21.920654 0.013763 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:21.937343 0.179570 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:22.111261 0.175622 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:22.267411 0.243352 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:22.474600 0.191938 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:22.664085 0.138486 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:22.766727 0.352076 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:23.134028 0.412385 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:23.548557 0.247988 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:23.793678 0.354052 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:24.143673 0.067319 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:24.192713 0.331095 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:24.521029 0.150801 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:24.670117 0.190451 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:24.853229 0.142392 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:24.957117 0.178565 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:25.113539 0.117964 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:25.187318 0.055592 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:25.275223 0.220724 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:25.486091 0.246036 udp 10.0.2.109 3683 <-> 86.147.22.196 6148 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:25.718266 0.117105 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:25.797734 0.778247 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:26.540363 0.368079 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:26.917302 0.000000 udp 10.0.2.109 3683 -> 74.57.126.36 3194 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 06:02:44.107085 0.053245 tcp 10.0.2.109 50854 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:02:44.160658 0.054437 tcp 10.0.2.109 50855 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:02:44.215385 0.156254 tcp 10.0.2.109 50856 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:02:44.372172 0.301987 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:44.642923 0.130630 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2078 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:02:44.801739 0.000000 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 06:03:03.675334 0.054988 tcp 10.0.2.109 50857 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:03:03.730624 0.056958 tcp 10.0.2.109 50858 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:03:03.787873 0.153492 tcp 10.0.2.109 50859 -> 195.113.214.249 443 SRPA* 0 0 26 13422 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:03:03.942236 0.199505 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:03:04.138432 0.176650 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:03:04.295285 0.118690 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:03:40.870599 3.001222 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 06:03:47.877413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:03:55.878821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:04:11.883847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:04:43.887892 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:10:47.893857 3.001814 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 06:10:54.901163 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:11:02.902711 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:11:18.905632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:11:50.911851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:17:54.918982 3.000629 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 06:18:01.925299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:18:09.928545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:18:25.929771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:18:57.935423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:19:22.011238 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 06:19:22.011483 0.500605 tcp 10.0.2.109 50860 -> 188.129.248.221 6410 FSPA* 0 0 14 1735 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:25:01.941877 3.001576 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 06:25:08.949415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:25:16.950307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:25:32.953811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:26:04.959757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:32:08.965826 3.001571 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 06:32:15.973159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:32:23.974935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:32:39.987701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:33:11.993797 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:33:16.030858 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 06:33:16.031063 0.108241 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:16.120368 0.157981 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:16.270499 0.242092 rtp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:16.552337 0.000000 udp 10.0.2.109 3683 -> 114.38.30.77 1995 INT 0 1 97 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 06:33:34.527623 0.570492 tcp 10.0.2.109 50861 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:33:35.098403 0.054672 tcp 10.0.2.109 50862 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:33:35.153386 0.167533 tcp 10.0.2.109 50863 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:33:35.321510 0.185722 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:35.486436 0.256965 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:35.708405 0.197403 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:35.903055 0.140105 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:36.005685 0.180770 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:36.180540 0.013885 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:36.260751 0.345455 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:36.625065 0.574308 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:37.184074 0.177640 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:37.359013 0.150733 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:37.508065 0.189957 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:37.690725 0.334013 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:38.022037 0.354274 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:38.372368 0.068467 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:38.776588 0.220168 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:38.986627 0.000000 udp 10.0.2.109 3683 -> 86.147.22.196 6148 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 06:33:56.488492 0.053720 tcp 10.0.2.109 50864 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:33:56.542494 0.054748 tcp 10.0.2.109 50865 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:33:56.597528 0.148269 tcp 10.0.2.109 50866 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:33:56.746303 0.174946 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:56.882303 0.140828 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:57.223285 0.112646 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:57.296341 0.174448 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:57.462914 0.054973 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:57.625623 0.598775 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:58.186369 0.380001 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:58.765172 0.175771 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:58.926549 0.141590 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:59.070900 0.123665 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:59.158277 0.200185 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:33:59.435580 0.143845 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/25 06:39:16.000659 3.053134 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 06:39:23.035212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:39:31.018491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:39:47.021689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:40:19.027793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:46:23.033551 3.001921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 06:46:30.041419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:46:38.042650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:46:54.045665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:47:26.051481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:49:22.519539 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 06:49:22.519633 0.463876 tcp 10.0.2.109 50867 -> 188.129.248.221 6410 FSPA* 0 0 14 1697 flow=From-Botnet-V1-TCP-Established 1970/02/25 06:53:30.057597 3.002280 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 06:53:37.064904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:53:45.067053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:54:01.069550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 06:54:33.075639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:00:37.082267 3.001778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 07:00:44.088885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:00:52.090598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:01:08.093470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:01:40.099960 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:04:13.831399 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 07:04:13.831597 0.000000 udp 10.0.2.109 3683 -> 114.38.30.77 1995 INT 0 1 209 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 07:04:31.437767 0.056628 tcp 10.0.2.109 50868 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:04:31.494670 0.055699 tcp 10.0.2.109 50869 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:04:31.550631 0.161017 tcp 10.0.2.109 50870 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:04:31.712156 0.000000 udp 10.0.2.109 3683 -> 86.147.22.196 6148 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 07:04:49.642886 0.051289 tcp 10.0.2.109 50871 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:04:49.694415 0.057288 tcp 10.0.2.109 50872 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:04:49.751970 0.544561 tcp 10.0.2.109 50873 -> 195.113.214.249 443 SRPA* 0 0 35 26731 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:04:50.297108 0.208425 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:04:50.497021 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 104 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 07:05:06.086232 0.054396 tcp 10.0.2.109 50874 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:05:06.141095 0.056705 tcp 10.0.2.109 50875 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:05:06.198280 0.377856 tcp 10.0.2.109 50876 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:05:06.576708 0.220945 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:06.815978 0.173913 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:06.967780 0.244437 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:07.177610 0.203594 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:07.378705 0.180875 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:07.552501 0.140057 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:07.655000 0.341616 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:08.005953 0.013778 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:08.041634 0.183505 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:08.218862 0.177177 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:08.391874 0.379427 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:08.756488 0.150720 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:08.905725 0.067151 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:08.954546 0.353491 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:09.303985 0.334752 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:09.635901 0.232889 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:09.858945 0.107882 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:09.926074 0.174771 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:10.079205 0.055152 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:10.145088 0.115255 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:10.222837 0.143599 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:10.326297 0.372734 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:10.664227 0.362678 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:11.027969 0.125839 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2552 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:11.117011 0.194628 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:11.308057 0.138655 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:11.438093 0.253200 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:05:11.653872 0.161035 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:07:44.107030 3.000459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 07:07:51.113113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:07:59.114714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:08:15.119346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:08:47.123788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:14:51.131169 3.000195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 07:14:58.136984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:15:06.138618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:15:22.141519 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:15:54.147768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:19:22.988340 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 07:19:22.988425 0.492204 tcp 10.0.2.109 50877 -> 188.129.248.221 6410 FSPA* 0 0 14 1692 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:21:58.153887 3.001337 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 07:22:05.161076 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:22:13.162740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:22:29.165289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:23:01.171713 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:29:05.178874 3.000335 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 07:29:12.185131 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:29:20.186686 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:29:36.189216 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:30:08.195424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:35:19.273527 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 07:35:19.273613 0.094300 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:19.349220 0.175733 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:19.516521 0.220905 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:19.746398 0.178699 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:19.904351 0.255877 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:20.124163 0.193231 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2473 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:20.314272 0.180249 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:20.485208 0.141773 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:20.587331 0.186952 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:20.766293 0.176127 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:20.938572 0.176728 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:21.146129 0.346789 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:21.495396 0.013805 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:21.577989 0.150552 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:21.726899 0.069489 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:21.779574 0.352243 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:22.173474 0.337040 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:22.508855 0.233378 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:22.731387 0.054738 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:22.794820 0.112587 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:22.870926 0.160883 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:22.993196 0.273397 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:23.228980 0.119047 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:23.304283 0.174607 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:23.455811 0.371992 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:23.844634 0.126074 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:23.936622 0.201681 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:24.135285 0.142123 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:24.267866 0.288703 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:35:24.528508 0.274153 rtp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/25 07:36:12.201396 3.002011 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 07:36:19.209249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:36:27.210830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:36:43.213673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:37:15.219618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:43:19.225951 3.001146 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 07:43:26.232964 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:43:34.234398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:43:50.237280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:44:22.243297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:49:23.486969 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 07:49:23.487101 0.544911 tcp 10.0.2.109 50878 -> 188.129.248.221 6410 FSPA* 0 0 14 1590 flow=From-Botnet-V1-TCP-Established 1970/02/25 07:50:26.250273 3.000720 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 07:50:33.256736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:50:41.258363 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:50:57.261334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:51:29.267219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:57:33.273772 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 07:57:40.280677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:57:48.282510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:58:04.285323 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 07:58:36.291309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:04:40.298008 3.001371 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 08:04:47.304844 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:04:55.306705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:05:11.309412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:05:41.243057 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 08:05:41.243157 0.218467 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:05:41.471842 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 237 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 08:05:43.315260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:05:58.839458 0.054343 tcp 10.0.2.109 50879 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 08:05:58.894237 0.054442 tcp 10.0.2.109 50880 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 08:05:58.948947 0.135537 tcp 10.0.2.109 50881 -> 195.113.214.249 443 SRPA* 0 0 32 23573 flow=From-Botnet-V1-TCP-Established 1970/02/25 08:05:59.085092 0.223340 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:05:59.296973 0.178981 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:05:59.455276 0.244253 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:05:59.662547 0.197090 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:05:59.856917 0.181571 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:00.030449 0.152485 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:00.145959 0.183114 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:00.325707 0.329031 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:00.663649 0.013841 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:00.705183 0.150088 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:00.853607 0.065064 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:00.902470 0.175224 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:01.073681 0.171677 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:01.250226 0.353254 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:01.599435 0.330581 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:01.927815 0.255865 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:02.173922 0.056645 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:02.232034 0.113907 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:02.309406 0.114499 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:02.384367 0.245639 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:02.607355 0.331187 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:02.939518 0.136998 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:03.039918 0.092448 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:03.094381 0.122955 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:03.185115 0.204242 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:03.385444 0.266378 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:03.551817 0.176298 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:06:03.712313 0.145140 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:11:47.321257 3.001766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 08:11:54.328570 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:12:02.330551 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:12:18.333181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:12:50.338982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:18:54.345518 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 08:19:01.352772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:19:09.354016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:19:24.035663 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 08:19:24.035762 0.555982 tcp 10.0.2.109 50882 -> 188.129.248.221 6410 FSPA* 0 0 14 1624 flow=From-Botnet-V1-TCP-Established 1970/02/25 08:19:25.357124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:19:57.363053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:26:01.370012 3.001077 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 08:26:08.376972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:26:16.378020 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:26:32.390998 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:27:04.397089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:33:08.404050 3.000859 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 08:33:15.410734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:33:23.412115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:33:39.415073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:34:11.421104 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:36:10.633043 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 08:36:10.633177 0.099271 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:10.713006 0.229503 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:10.956010 0.237553 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:11.160751 0.193483 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:11.350033 0.180173 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:11.522634 0.171638 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:11.674619 0.173104 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:11.839407 0.712460 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:12.509605 0.180312 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:12.682136 0.362226 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:13.044991 0.013864 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:13.085054 0.150938 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:13.234490 0.071397 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:13.287977 0.177084 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:13.460994 0.169417 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:13.642691 0.348418 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:13.987725 0.055106 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:14.053266 0.115905 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:14.127512 0.113013 udp 10.0.2.109 3683 <-> 91.6.23.165 5333 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:14.200768 0.173393 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:14.353910 0.325142 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:14.676187 0.219616 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:14.885915 0.340195 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:15.232147 0.140920 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:15.404379 0.841873 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:16.209650 0.118652 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:16.302380 0.199723 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:16.498870 0.147185 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:16.637809 0.172044 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2027 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:36:16.797520 0.140976 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/25 08:40:15.428156 3.000843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 08:40:22.434621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:40:30.436081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:40:46.438957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:41:18.445118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:47:36.614629 3.039282 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 08:47:43.605492 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:47:51.493666 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:48:07.269011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:48:38.816513 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:49:37.090505 0.090637 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 08:49:37.181371 1.100555 tcp 10.0.2.109 50883 -> 188.129.248.221 6410 FSPA* 0 0 14 1738 flow=From-Botnet-V1-TCP-Established 1970/02/25 08:54:46.975640 3.236660 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 08:55:05.731547 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:55:13.626592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:55:29.412515 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 08:56:01.064554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:01:59.954110 4.582472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 09:02:08.490843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:02:16.375233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:02:42.298834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:03:13.835787 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:07:15.509472 0.029479 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 09:07:15.539104 0.097162 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:15.617606 0.191536 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:15.806515 0.169991 rtp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:15.966859 0.178077 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:16.449847 0.183526 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:16.624508 0.211324 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:16.896244 0.249918 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:17.112396 0.148464 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:17.222631 0.185632 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:17.400702 0.150355 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:17.548846 0.074365 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:17.634048 0.175393 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:17.806301 0.166078 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 1949 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:17.973639 0.320279 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:18.292653 0.013374 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:18.324841 0.354621 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:18.673497 0.054128 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:18.894231 0.175430 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:19.033455 0.000000 udp 10.0.2.109 3683 -> 91.6.23.165 5333 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 09:07:35.980981 0.052499 tcp 10.0.2.109 50884 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:07:36.033743 0.061865 tcp 10.0.2.109 50885 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:07:36.095924 0.129652 tcp 10.0.2.109 50886 -> 195.113.214.249 443 SRPA* 0 0 32 24105 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:07:36.226190 0.172120 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:36.375755 0.336734 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:36.710060 0.149566 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:37.579830 0.221907 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:37.792709 0.338694 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:38.751031 1.429936 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:40.144727 0.117608 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:40.470959 0.199142 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:40.667138 0.212910 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:41.843770 0.173471 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:07:42.001134 1.765551 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:09:12.551001 2.962092 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 09:09:19.448535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:09:27.327814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:09:43.079700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:10:14.576532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:16:13.005722 2.952522 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 09:16:19.906350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:16:27.794221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:16:43.545397 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:17:15.055058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:19:44.829105 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 09:19:44.829203 0.568405 tcp 10.0.2.109 50887 -> 188.129.248.221 6410 FSPA* 0 0 14 1505 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:23:13.456456 2.957253 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 09:23:20.356267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:23:28.233318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:23:43.996628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:24:15.511462 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:30:13.910601 2.956035 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 09:30:20.805662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:30:28.682534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:30:44.437283 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:31:15.961281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:37:14.416915 2.961019 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 09:37:21.327223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:37:22.100319 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 09:37:22.100424 0.000000 udp 10.0.2.109 3683 -> 91.6.23.165 5333 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 09:37:29.201413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:37:38.237785 0.052104 tcp 10.0.2.109 50888 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:37:38.290296 0.054036 tcp 10.0.2.109 50889 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:37:38.344625 0.131974 tcp 10.0.2.109 50890 -> 195.113.214.249 443 SRPA* 0 0 33 24785 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:37:38.477161 0.099180 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 4 1607 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:44.948078 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:37:55.562932 0.050377 tcp 10.0.2.109 50891 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:37:55.613606 0.055374 tcp 10.0.2.109 50892 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:37:55.669307 0.162911 tcp 10.0.2.109 50893 -> 195.113.214.249 443 SRPA* 0 0 23 12578 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:37:55.832744 0.181403 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:56.006956 0.199092 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:56.202868 0.259149 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:56.457192 0.177620 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:56.612829 0.142075 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:56.715305 0.184348 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2137 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:56.892599 0.257809 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:57.116875 0.220074 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:57.357640 0.073635 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:57.412650 0.150677 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:57.561531 0.331623 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:57.908603 0.014178 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:57.956630 0.168288 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2561 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:58.138603 0.181252 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:58.316736 0.056291 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:58.374982 0.366974 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:58.737997 0.137846 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2655 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:58.834148 0.172901 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:58.986929 0.323517 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:59.307695 0.233913 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2519 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:59.531074 0.333888 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:59.866490 0.139787 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:37:59.970541 0.457334 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:38:00.393170 0.122362 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:38:00.481213 0.200253 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:38:00.678975 0.140935 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:38:00.812895 0.176421 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:38:00.973653 0.152348 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/25 09:38:16.480236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:44:18.692706 3.006789 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 09:44:25.700693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:44:33.702026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:44:49.704867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:45:21.710859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:49:26.302994 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 09:49:26.303081 0.615395 tcp 10.0.2.109 50894 -> 188.129.248.221 6410 FSPA* 0 0 14 1536 flow=From-Botnet-V1-TCP-Established 1970/02/25 09:51:25.716028 3.002306 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 09:51:32.724148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:51:40.725307 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:51:56.728798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:52:28.734914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:58:32.741840 3.000707 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 09:58:39.747839 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:58:47.749689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:59:03.752389 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 09:59:35.758756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:05:39.764304 3.002346 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 10:05:46.772244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:05:54.773618 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:06:10.777005 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:06:42.782871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:08:11.220218 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 10:08:11.220415 0.229340 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:11.428804 0.181092 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:11.599903 0.197101 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:11.794843 0.169838 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:11.954799 0.177191 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:12.112238 0.142116 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:12.219071 0.186117 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:12.397200 0.072026 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:12.451658 0.151135 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:12.600722 0.320900 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:12.931002 0.013947 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:12.950551 0.314072 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:13.162052 0.311384 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:13.487291 0.170154 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:13.670551 0.243357 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:13.911352 0.057125 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:13.983148 0.353607 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:14.332935 0.114349 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:14.411560 0.224037 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2497 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:14.624687 0.338718 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:14.980474 0.175869 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:15.174939 0.334903 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:15.507491 0.141597 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:15.611729 0.133787 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:15.708312 0.121438 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:15.795795 0.199280 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:15.992006 0.134272 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:16.121195 0.175254 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:08:16.280377 0.159418 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:12:46.789682 3.000991 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 10:12:53.796356 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:13:01.797594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:13:17.800899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:13:49.806872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:19:26.922646 0.000108 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 10:19:26.922860 0.536114 tcp 10.0.2.109 50895 -> 188.129.248.221 6410 FSPA* 0 0 14 1552 flow=From-Botnet-V1-TCP-Established 1970/02/25 10:19:53.813407 3.006819 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 10:20:00.821496 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:20:08.822592 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:20:24.824481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:20:56.830404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:27:00.875134 3.002921 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 10:27:07.884232 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:27:15.885725 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:27:31.888596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:28:03.894817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:34:07.905597 2.997653 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 10:34:14.933338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:34:22.909781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:34:38.913102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:35:10.918821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:38:27.792037 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 10:38:27.792205 0.198038 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:27.987477 0.099017 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:28.067724 0.180742 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:28.241132 0.258091 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:28.488190 0.178910 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:28.649972 0.151155 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:28.761668 0.185399 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:28.938798 0.070330 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:29.016983 0.150121 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:29.165298 0.321434 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:29.503860 0.013793 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:29.523083 0.259750 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:29.746674 0.213950 udp 10.0.2.109 3683 <-> 139.142.70.178 1896 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:29.961791 0.165625 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:30.122765 0.180175 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:30.300347 0.055024 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:30.364778 0.232196 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:30.587346 0.333049 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:30.921562 0.353764 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:31.276692 0.113760 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:31.348616 0.179644 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:31.503504 0.331543 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:31.832528 0.140940 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:31.935850 0.109209 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:32.008852 0.126264 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:32.099555 0.180635 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:32.265075 0.164658 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 1987 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:32.391841 0.193284 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:38:32.749402 0.152248 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/25 10:41:14.966667 3.000087 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 10:41:21.972583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:41:29.973941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:41:45.976814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:42:17.983052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:48:22.020037 3.000633 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 10:48:29.026454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:48:37.027807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:48:53.030818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:49:25.036973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:49:27.460494 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 10:49:27.460655 0.487056 tcp 10.0.2.109 50896 -> 188.129.248.221 6410 FSPA* 0 0 14 1555 flow=From-Botnet-V1-TCP-Established 1970/02/25 10:55:29.042404 3.002203 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 10:55:36.051425 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:55:44.051730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:56:00.054782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 10:56:32.060545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:02:36.067053 3.001112 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 11:02:43.074048 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:02:51.075550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:03:07.078627 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:03:39.084619 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:08:56.731647 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 11:08:56.731824 0.183768 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:56.907252 0.168818 rtp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:57.063026 0.178748 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:57.222564 0.144345 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:57.330967 0.193536 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:57.521441 0.096835 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:57.599487 0.185990 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:57.778339 0.068740 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:57.831754 0.150078 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:57.980115 0.338609 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:58.320690 0.013751 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:58.351332 0.284615 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:08:58.602386 0.000000 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 11:09:15.540677 0.050582 tcp 10.0.2.109 50897 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 11:09:15.591587 0.056849 tcp 10.0.2.109 50898 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 11:09:15.648801 0.150469 tcp 10.0.2.109 50899 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/25 11:09:15.799899 0.168219 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:15.971565 0.180855 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:16.150169 0.054211 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:16.205817 0.220649 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:16.416179 0.117174 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:16.494771 0.180037 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:16.652097 0.333624 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:16.982926 0.332963 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:17.317127 0.353530 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:17.666325 0.141144 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:17.766899 0.500269 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:18.231582 0.124985 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:18.320098 0.176095 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:18.479341 0.265946 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:18.642421 0.198788 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:18.837713 0.164217 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:09:43.090776 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 11:09:50.098608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:09:58.100014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:10:14.103276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:10:46.109058 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:16:50.116078 3.000505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 11:16:57.121855 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:17:05.123655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:17:21.126697 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:17:53.132454 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:19:27.949382 0.000143 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 11:19:27.949642 0.487802 tcp 10.0.2.109 50900 -> 188.129.248.221 6410 FSPA* 0 0 14 1604 flow=From-Botnet-V1-TCP-Established 1970/02/25 11:23:57.142300 2.997950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 11:24:04.146200 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:24:12.147416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:24:28.150605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:25:00.156561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:31:04.162052 3.002396 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 11:31:11.169835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:31:19.171582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:31:35.174572 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:32:07.180720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:38:11.186804 3.001293 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 11:38:18.193701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:38:26.195340 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:38:42.198459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:39:14.205239 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:39:23.788230 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 11:39:23.788394 0.225161 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 11:39:24.013555 0.000000 icmp 139.142.70.178 0x0303 -> 10.0.2.109 0x6807 URP 192 1 253 flow=Background 1970/02/25 11:39:42.536837 0.054872 tcp 10.0.2.109 50901 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 11:39:42.592070 0.053896 tcp 10.0.2.109 50902 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 11:39:42.646268 0.144785 tcp 10.0.2.109 50903 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/25 11:39:42.791538 0.151164 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:42.932319 0.177152 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:43.088273 0.143738 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:43.195875 0.191150 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:43.384145 0.093487 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:43.458732 0.184383 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:43.635727 0.072743 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2590 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:43.689371 0.180589 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:43.861436 0.245289 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:44.069631 0.321124 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:44.391941 0.151220 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:44.541672 0.014343 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:44.575329 0.170931 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:44.743167 0.177034 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2496 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:44.916918 0.055160 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:44.986544 0.221759 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:45.198304 0.117357 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:45.275120 0.175769 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:45.428706 0.353661 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:45.778963 0.136822 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:45.872112 0.324945 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:46.193957 0.341650 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2549 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:46.544140 0.130899 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:46.642236 0.121980 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:46.728705 0.176302 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:46.888810 0.133939 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:47.011371 0.199704 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:39:47.207343 0.162984 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/25 11:45:18.210536 3.001994 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 11:45:25.217950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:45:33.219599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:45:49.222523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:46:21.228373 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:49:28.438068 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 11:49:28.438216 0.516032 tcp 10.0.2.109 50904 -> 188.129.248.221 6410 FSPA* 0 0 14 1593 flow=From-Botnet-V1-TCP-Established 1970/02/25 11:52:25.234404 3.001691 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 11:52:32.248806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:52:40.243581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:52:56.250747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:53:28.252814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:59:32.257992 3.002249 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 11:59:39.265776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 11:59:47.267442 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:00:03.270531 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:00:35.278906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:06:39.282575 3.001340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 12:06:46.289918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:06:54.292893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:07:10.294632 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:07:42.300525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:10:16.032157 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 12:10:16.032252 0.160555 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:16.184639 0.175740 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:16.341511 0.148865 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:16.455407 0.197041 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:16.649416 0.096630 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:16.726048 0.184336 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:16.902631 0.069903 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:16.954806 0.180879 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:17.128571 0.146227 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:17.274763 0.013612 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:17.296593 0.168481 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:17.482364 0.244644 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:17.689563 0.314358 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:18.005232 0.178935 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:18.181578 0.055430 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:18.246406 0.233852 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:18.470390 0.118485 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:18.549651 0.170289 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:18.696886 0.354142 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:19.047216 0.514961 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:19.524791 0.330586 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:19.852923 0.338884 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:20.201816 0.091594 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:20.257860 0.124901 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:20.348279 0.199722 rtp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:20.545310 0.283145 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2007 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:20.814659 0.180375 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:10:20.978050 0.144542 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:13:46.307456 3.000797 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 12:13:53.313801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:14:01.315370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:14:17.318769 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:14:49.324642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:19:28.956743 0.000150 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 12:19:28.956980 0.550897 tcp 10.0.2.109 50905 -> 188.129.248.221 6410 FSPA* 0 0 14 1638 flow=From-Botnet-V1-TCP-Established 1970/02/25 12:20:53.331910 2.999996 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 12:21:00.337687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:21:08.339429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:21:24.342932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:21:56.348495 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:28:00.354583 3.001379 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 12:28:07.361760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:28:15.363100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:28:31.366040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:29:03.372489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:35:07.378426 3.001516 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 12:35:14.385471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:35:22.387440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:35:38.390168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:36:10.396150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:40:37.229940 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 12:40:37.230249 0.145263 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:37.335728 0.198040 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:37.530355 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 12:40:53.725688 0.056632 tcp 10.0.2.109 50906 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 12:40:53.782615 0.054365 tcp 10.0.2.109 50907 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 12:40:53.837303 0.158560 tcp 10.0.2.109 50908 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/25 12:40:53.996407 0.215226 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:54.204302 0.177079 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:54.363043 0.185384 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:54.540987 0.074550 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:54.597142 0.180406 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:54.769418 0.150775 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:54.918456 0.013795 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:54.933623 0.167423 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:55.102364 0.243552 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:55.309789 0.319721 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:55.638664 0.173560 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:55.809712 0.056093 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:55.869817 0.233891 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:56.093854 0.119817 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:56.173752 0.178385 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:56.329275 0.331456 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:56.657721 0.347580 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:57.001516 0.534316 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:57.494316 0.329588 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:57.822316 0.152874 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:57.939754 0.114648 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:58.022925 0.200728 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:58.219860 0.259637 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:58.419850 0.172940 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:40:58.578432 0.185244 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/25 12:42:14.402539 3.001216 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 12:42:21.409685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:42:29.411422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:42:45.414375 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:43:17.420429 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:49:21.427165 3.000848 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 12:49:28.433759 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:49:29.515784 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 12:49:29.515947 0.478334 tcp 10.0.2.109 50909 -> 188.129.248.221 6410 FSPA* 0 0 14 1600 flow=From-Botnet-V1-TCP-Established 1970/02/25 12:49:36.435128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:49:52.438102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:50:24.444682 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:56:28.450228 3.001526 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 12:56:35.457788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:56:43.459336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:56:59.462302 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 12:57:31.468764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:03:35.476115 2.999648 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 13:03:42.481414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:03:50.489144 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:04:06.486267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:04:38.492339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:10:42.499883 2.999654 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 13:10:49.505525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:10:57.507204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:11:13.510097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:11:27.119770 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 13:11:27.119868 0.137342 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:27.237489 0.143933 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:27.343833 0.196757 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:27.537781 0.175282 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:27.704860 0.073816 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:27.760423 0.178903 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:27.929250 0.156548 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:28.078013 0.177814 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:28.236095 0.150303 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:28.384781 0.013833 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:28.433143 0.168215 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:28.603060 0.242549 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:28.810182 0.318473 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:29.127069 0.179162 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:29.302548 0.055860 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:29.359808 0.172727 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:29.511812 0.331661 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 1934 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:29.840554 0.218582 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:30.049655 0.116657 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:30.125559 0.354260 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2481 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:30.476109 0.526362 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:30.963943 0.331218 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:31.296602 0.200296 udp 10.0.2.109 3683 <-> 108.217.170.244 7572 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:31.493016 0.141968 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:31.630444 0.175165 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:31.790019 0.149230 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:31.937963 0.193405 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:32.095125 0.118768 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:11:45.515984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:17:49.521263 3.002297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 13:17:56.529522 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:18:04.531038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:18:20.534046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:18:52.539671 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:19:29.994475 0.000115 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 13:19:29.994672 0.491972 tcp 10.0.2.109 50910 -> 188.129.248.221 6410 FSPA* 0 0 14 1503 flow=From-Botnet-V1-TCP-Established 1970/02/25 13:24:56.546157 3.001486 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 13:25:03.553488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:25:11.554763 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:25:27.557820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:25:59.563806 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:32:03.569454 3.002063 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 13:32:10.577150 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:32:18.578917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:32:34.581858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:33:06.597712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:39:10.604148 3.001283 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 13:39:17.611943 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:39:25.612992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:39:41.615858 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:40:13.621826 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:41:39.345760 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 13:41:39.345916 0.196051 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:39.539105 0.185093 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:39.716368 0.078290 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:39.779185 0.092471 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:39.854352 0.126544 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 1968 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:39.945884 0.179806 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:40.119313 0.159600 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:40.268120 0.176777 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:40.421994 0.150974 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:40.571390 0.013726 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:40.597015 0.168596 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:40.774554 0.257659 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:40.995706 0.320230 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:41.314567 0.181074 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:41.492756 0.055791 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:41.558038 0.175912 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:41.711534 0.324548 rtp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:42.033905 0.354161 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:42.383934 0.219814 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:42.593789 0.117359 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:42.671680 0.527059 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:43.159441 0.332455 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:41:43.502059 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 102 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 13:42:02.350409 0.064662 tcp 10.0.2.109 50911 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 13:42:02.415353 0.058096 tcp 10.0.2.109 50912 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 13:42:02.473694 0.149643 tcp 10.0.2.109 50913 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/25 13:42:02.623877 0.240920 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:42:02.842918 0.176163 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:42:03.113739 0.125155 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:42:04.264822 0.231765 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:42:04.704312 0.087612 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/25 13:46:17.628030 3.001492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 13:46:24.639643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:46:32.637080 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:46:48.639882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:47:20.645962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:49:30.493756 0.000183 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 13:49:30.494042 0.476525 tcp 10.0.2.109 50914 -> 188.129.248.221 6410 FSPA* 0 0 14 1636 flow=From-Botnet-V1-TCP-Established 1970/02/25 13:53:24.651447 3.002398 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 13:53:31.659246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:53:39.660673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:53:55.663242 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 13:54:27.669813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:00:31.677719 2.999815 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 14:00:38.683927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:00:46.684687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:01:02.687800 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:01:34.694337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:07:38.699284 3.002262 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 14:07:45.707289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:07:53.708204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:08:09.713568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:08:41.727403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:12:29.045109 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 14:12:29.045301 0.000000 udp 10.0.2.109 3683 -> 108.217.170.244 7572 INT 0 1 103 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 14:12:45.139932 0.059986 tcp 10.0.2.109 50915 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 14:12:45.200150 0.058884 tcp 10.0.2.109 50916 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 14:12:45.259391 0.150213 tcp 10.0.2.109 50917 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/25 14:12:45.410193 0.071439 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:45.465346 0.096160 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:45.540183 0.197071 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:45.734597 0.187123 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:45.913806 0.180221 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:46.082977 0.162499 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:46.233872 0.179671 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:46.390706 0.151930 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:46.501984 0.013900 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:46.532552 0.168274 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:46.702286 0.151003 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:46.851002 0.238450 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:47.086108 0.056520 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:47.149456 0.176340 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:47.302099 0.239534 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:47.507875 0.323539 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:47.828503 0.230272 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:48.049922 0.113846 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:48.126380 0.330863 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:48.454391 0.347215 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:48.797768 0.505288 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:49.263433 0.325103 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:49.589937 0.257681 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:49.760448 0.176770 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:49.920721 0.127153 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:50.014757 0.128843 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:12:50.126230 0.133266 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:14:45.734638 3.000772 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 14:14:52.741179 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:15:00.742605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:15:16.748526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:15:48.752707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:19:30.971955 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 14:19:30.972117 0.494184 tcp 10.0.2.109 50918 -> 188.129.248.221 6410 FSPA* 0 0 14 1556 flow=From-Botnet-V1-TCP-Established 1970/02/25 14:21:52.762691 2.996806 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 14:21:59.765018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:22:07.767018 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:22:23.769324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:22:55.775732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:28:59.781311 3.001630 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 14:29:06.789154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:29:14.790702 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:29:30.793590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:30:02.799246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:36:06.805838 3.001550 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 14:36:13.813067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:36:21.814780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:36:37.818064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:37:09.823799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:43:07.268058 0.000117 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 14:43:07.268274 0.191807 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:07.457251 0.067702 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 5 1829 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:07.508922 0.111790 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:07.600939 0.185822 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:08.073030 0.175781 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:08.238502 0.158147 rtp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2107 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:08.387353 0.178204 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:08.545823 0.141582 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:08.650876 0.014269 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:08.673743 0.167032 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:08.843615 0.150284 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:08.992463 0.182313 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:09.172587 0.055821 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:09.239386 0.177130 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:09.390251 0.253886 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:09.608665 0.319457 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:09.947628 0.331675 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:10.276528 0.352809 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:10.625521 0.225190 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:10.841119 0.112168 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:10.917820 0.138586 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:11.017892 0.325654 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:11.364246 0.148731 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:11.503159 0.139940 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:11.613747 0.145186 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:11.722654 0.175830 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:11.882660 0.121833 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/25 14:43:13.829766 3.001580 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 14:43:20.838637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:43:28.838085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:43:44.845472 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:44:16.847750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:49:31.470793 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 14:49:31.470891 0.475458 tcp 10.0.2.109 50919 -> 188.129.248.221 6410 FSPA* 0 0 14 1615 flow=From-Botnet-V1-TCP-Established 1970/02/25 14:50:20.853539 3.001834 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 14:50:27.861043 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:50:35.862777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:50:51.865439 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:51:23.871917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:57:27.877577 3.001764 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 14:57:34.888559 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:57:42.886712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:57:58.889455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 14:58:30.895781 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:04:34.901947 3.012492 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 15:04:41.918692 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:04:49.920576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:05:05.923458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:05:37.929460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:11:41.935948 3.063638 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 15:11:48.976326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:11:56.955738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:12:12.957463 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:12:44.967077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:13:31.000226 0.015249 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 15:13:31.015578 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 15:13:48.997154 0.123423 tcp 10.0.2.109 50920 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 15:13:49.120876 0.062168 tcp 10.0.2.109 50921 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 15:13:49.183295 0.390277 tcp 10.0.2.109 50922 -> 195.113.214.249 443 SRPA* 0 0 41 23322 flow=From-Botnet-V1-TCP-Established 1970/02/25 15:13:49.573329 0.190624 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:49.760960 0.065148 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:50.384836 0.187178 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:50.836456 0.184619 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:51.013810 0.156939 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:51.170386 0.181256 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:51.329844 0.199884 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:53.347897 0.013992 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:53.841461 0.167037 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:58.229306 0.150766 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:58.488634 0.176616 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:58.672776 0.056477 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:58.783950 0.173721 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:58.936261 0.236791 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:59.137186 0.353483 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:59.486910 0.232993 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:13:59.709651 0.321024 rtp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:14:00.081754 0.328952 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:14:00.487502 0.109466 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:14:00.560217 0.144450 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:14:01.194900 0.326724 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:14:01.523064 0.305197 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:14:01.979409 0.140157 rtp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:14:02.744778 0.162943 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:14:03.124867 0.181941 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:14:03.291428 0.122946 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:18:48.969490 3.163927 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 15:18:56.182449 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:19:04.103705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:19:20.011357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:19:32.010426 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 15:19:32.010624 0.599229 tcp 10.0.2.109 50923 -> 188.129.248.221 6410 FSPA* 0 0 14 1712 flow=From-Botnet-V1-TCP-Established 1970/02/25 15:19:52.027358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:25:56.043698 3.064476 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 15:26:03.075427 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:26:11.062434 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:26:27.065275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:26:59.071469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:33:03.087345 3.030505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 15:33:10.107074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:33:18.106820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:33:34.109628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:34:06.129430 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:40:10.143274 3.029997 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 15:40:17.268191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:40:25.204446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:40:41.164820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:41:13.169420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:44:31.567114 0.064393 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 15:44:31.631619 0.093197 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:31.706596 0.191922 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:31.992488 0.069773 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2542 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:32.077847 0.191961 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:32.262418 0.180212 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:32.434229 0.162495 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:36.764650 0.170959 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:37.529590 0.144627 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:37.637342 0.014114 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:37.756232 0.164153 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:38.008132 0.150638 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:38.157022 0.178505 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:38.707345 0.054808 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:39.063937 0.175371 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:39.216876 0.219275 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:39.679227 0.319465 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:39.997432 0.256071 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:40.315991 0.353810 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:40.666128 0.334619 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:41.436477 0.112175 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:42.845400 0.138519 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:43.877481 0.341345 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:45.105278 0.166397 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:45.262930 0.138817 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:45.383908 0.123829 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:45.903576 0.333843 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:44:46.303673 0.174708 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/25 15:47:18.087137 3.020954 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 15:47:25.063003 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:47:32.952094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:47:48.727631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:48:20.295208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:49:32.557715 0.164775 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 15:49:32.722679 0.589164 tcp 10.0.2.109 50924 -> 188.129.248.221 6410 FSPA* 0 0 14 1746 flow=From-Botnet-V1-TCP-Established 1970/02/25 15:54:24.228923 3.076352 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 15:54:31.281656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:54:39.360830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:54:55.251415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 15:55:27.257580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:01:31.264441 4.033888 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 16:01:39.249378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:01:47.157205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:02:02.971668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:02:34.579835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:08:38.297485 3.237447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 16:08:45.501779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:08:54.264828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:09:34.705317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:10:06.275244 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:15:29.143288 0.212661 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 16:15:29.356102 0.104674 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:29.443101 0.091496 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:30.125304 0.190254 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:30.312288 0.185468 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:30.910954 0.174062 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:31.077885 0.189680 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:31.552753 0.173299 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:31.704966 0.145264 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:31.813369 0.013907 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:31.983074 0.164240 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:32.170084 0.150782 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:32.318828 0.176235 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:32.491974 0.055142 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:32.706584 0.171269 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:32.854390 0.218687 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:33.062498 0.319549 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:33.841729 0.239741 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:34.433603 0.353245 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:34.783053 0.330781 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:35.930087 0.116749 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:36.047259 0.137263 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:36.146782 0.333513 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2565 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:37.398365 0.147417 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:37.541430 0.128257 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:37.685977 0.123760 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:37.775301 0.255160 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:15:38.448931 0.178664 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:16:08.080609 2.956810 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 16:16:14.988054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:16:22.877257 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:16:38.651642 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:17:10.212162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:19:52.741654 0.223252 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 16:19:52.964986 1.334237 tcp 10.0.2.109 50925 -> 188.129.248.221 6410 FSPA* 0 0 14 1690 flow=From-Botnet-V1-TCP-Established 1970/02/25 16:23:09.374199 3.049547 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 16:23:16.395738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:23:24.549957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:23:40.328263 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:24:11.874834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:30:10.808260 3.010070 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 16:30:17.826337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:30:25.718918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:30:41.495121 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:31:13.061912 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:37:11.968667 3.036599 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 16:37:18.949659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:37:26.844750 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:37:42.632936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:38:14.190831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:44:13.498010 3.090143 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 16:44:20.559095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:44:28.516279 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:44:44.518911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:45:16.525213 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:45:20.210449 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 16:45:20.210635 0.260597 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:20.260789 0.266581 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:20.714842 0.096874 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:20.792512 0.197572 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:20.987991 0.178414 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:21.144722 0.153036 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:21.259734 0.181409 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:21.595490 0.154223 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:21.739169 0.013877 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:22.120090 0.169201 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:22.564595 0.150248 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:22.712939 0.174991 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:22.884150 0.055997 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:23.067217 0.173437 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2091 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:23.218454 0.273190 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2537 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:23.481147 0.325283 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:23.824842 0.238859 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:24.031899 0.348202 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:24.375925 0.335147 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:24.993818 0.115496 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:25.070984 0.141966 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:25.177724 0.326575 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:25.607502 0.129413 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:25.774933 0.145948 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:25.907986 1.078994 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:26.937403 0.243555 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:45:27.704140 0.176833 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/25 16:49:34.546701 0.503693 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 16:49:35.050507 0.680650 tcp 10.0.2.109 50926 -> 188.129.248.221 6410 FSPA* 0 0 14 1615 flow=From-Botnet-V1-TCP-Established 1970/02/25 16:51:20.535354 2.997658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 16:51:27.538518 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:51:35.590525 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:51:51.717265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:52:23.619360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:58:27.575566 3.063741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 16:58:34.612399 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:58:42.680167 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:58:58.597227 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 16:59:30.831828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:05:34.620104 3.062110 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 17:05:41.655614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:05:49.714326 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:06:05.641178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:06:37.647286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:12:41.655451 2.999548 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 17:12:48.660142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:12:56.662180 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:13:12.665230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:13:44.671656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:15:53.486528 0.055203 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 17:15:53.559969 0.094461 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:53.634229 0.068173 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:53.716893 0.190713 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:53.900123 0.197736 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:54.094354 0.179089 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:54.252039 0.151597 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2523 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:54.501024 0.180807 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:54.673724 0.174751 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:54.838706 0.150202 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:55.217553 0.218837 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:55.431689 0.013696 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:55.602208 0.173711 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:55.780638 0.055443 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:55.874728 0.174416 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:56.028281 0.393613 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:56.411279 0.328753 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:56.782695 0.244215 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:56.989304 0.348598 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:57.334363 0.330816 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:57.662471 0.204306 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:57.826490 0.141880 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:58.017543 0.333219 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2080 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:58.367588 0.119922 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:58.453322 0.217085 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:58.648477 0.115793 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:58.826454 0.265245 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:15:59.054619 0.174724 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:19:35.250310 0.018161 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 17:19:35.268600 0.914485 tcp 10.0.2.109 50927 -> 188.129.248.221 6410 FSPA* 0 0 14 1749 flow=From-Botnet-V1-TCP-Established 1970/02/25 17:19:48.688588 2.999775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 17:19:55.695253 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:20:03.738527 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:20:19.699404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:20:51.705378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:26:55.722414 3.050658 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 17:27:02.757222 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:27:10.740386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:27:26.743420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:27:58.749077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:34:02.755138 3.170650 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 17:34:09.895059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:34:17.823361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:34:33.786914 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:35:05.803545 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:41:09.809519 3.024024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 17:41:16.826889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:41:24.828134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:41:40.831176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:42:12.837038 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:46:17.039123 0.019864 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 17:46:17.059096 0.196080 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:17.247670 0.117627 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:17.347188 0.067244 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:17.399166 0.218579 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:17.615003 0.171443 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:17.765342 0.142836 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:17.868569 0.170035 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:18.030541 0.168010 udp 10.0.2.109 3683 <-> 74.57.126.36 3194 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:18.195153 0.014270 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:18.226579 0.186219 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:18.414219 0.055912 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:18.483106 0.150501 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:18.631702 0.204848 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:18.831626 0.170122 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:18.977516 0.237487 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:19.190770 0.328050 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:19.511747 0.331361 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:19.840301 0.115010 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:19.989886 0.240738 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:20.193917 0.453240 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:20.643341 0.136176 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:20.776520 0.343220 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:21.120617 0.129359 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:21.214902 0.136965 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:21.347589 0.142989 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:21.474718 1.724772 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:46:23.165491 0.175052 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/25 17:48:16.843714 3.013374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 17:48:23.860728 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:48:31.862586 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:48:47.865212 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:49:19.871433 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:49:36.145268 0.000101 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 17:49:36.145457 0.620069 tcp 10.0.2.109 50928 -> 188.129.248.221 6410 FSPA* 0 0 14 1524 flow=From-Botnet-V1-TCP-Established 1970/02/25 17:55:23.877607 3.018766 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 17:55:30.894783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:55:38.898305 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:55:54.899140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 17:56:26.915230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:02:30.920982 3.001988 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 18:02:37.928411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:02:45.930371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:03:01.933136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:03:33.939273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:09:37.944375 3.589071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 18:09:45.485431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:09:53.387105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:10:09.189813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:10:40.973295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:16:44.979254 3.001696 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 18:16:46.869816 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 18:16:46.869929 0.097829 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:16:46.924455 0.199160 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:16:47.121249 0.177219 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:16:47.277696 0.153635 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:16:47.390469 0.198006 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:16:47.580447 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 18:16:51.986668 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:16:59.988109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:17:04.657121 0.043631 tcp 10.0.2.109 50929 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:17:04.701009 0.031605 tcp 10.0.2.109 50930 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:17:04.732890 0.103582 tcp 10.0.2.109 50931 -> 195.113.214.249 443 SRPA* 0 0 35 26561 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:17:04.836958 0.180471 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:05.010208 0.000000 udp 10.0.2.109 3683 -> 74.57.126.36 3194 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 18:17:15.991481 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:17:22.422513 0.031198 tcp 10.0.2.109 50932 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:17:22.454067 0.031511 tcp 10.0.2.109 50933 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:17:22.485822 0.122552 tcp 10.0.2.109 50934 -> 195.113.214.249 443 SRPA* 0 0 39 31704 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:17:22.609075 0.014031 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2564 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:22.635911 0.171299 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:22.804248 0.056597 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:22.877977 0.150446 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:23.026331 0.285107 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:23.306241 0.175659 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:23.459480 0.230519 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 1912 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:23.681726 0.391234 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:24.075401 0.331641 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:24.404540 0.463086 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:24.863816 0.138422 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:24.962836 0.113601 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:25.037730 0.242245 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:25.243228 0.340770 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:25.585368 0.123866 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:25.673076 0.139730 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:25.808849 0.132002 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:25.930878 0.579675 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:26.474346 0.179043 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:17:47.997526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:19:36.773734 1.650464 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 18:19:38.424432 0.477722 tcp 10.0.2.109 50935 -> 188.129.248.221 6410 SPA_* 0 0 12 1445 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:19:44.960086 0.000125 tcp 10.0.2.109 50935 -> 188.129.248.221 6410 FA_A 0 0 2 108 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:23:52.003233 3.001349 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 18:23:59.010684 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:24:07.011944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:24:23.014983 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:24:55.021420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:30:59.027410 3.001167 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 18:31:06.035146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:31:14.035968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:31:30.039056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:32:02.055136 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:38:06.060339 3.024818 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 18:38:13.078643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:38:21.080248 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:38:37.083075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:39:09.093042 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:45:13.095948 3.001217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 18:45:20.102853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:45:28.104001 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:45:44.109428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:46:16.116780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:47:46.033190 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 18:47:46.033379 0.274460 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:47:46.288149 0.000000 udp 10.0.2.109 3683 -> 74.57.126.36 3194 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 18:48:01.346287 0.032182 tcp 10.0.2.109 50936 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:48:01.378798 0.031484 tcp 10.0.2.109 50937 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:48:01.410636 0.122572 tcp 10.0.2.109 50938 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:48:01.533741 0.139683 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:01.636960 0.187640 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:01.815962 0.071261 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:01.870461 0.177225 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:02.027076 0.191434 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:02.215713 0.177781 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2548 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:02.386106 0.055729 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:02.478906 0.013805 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:02.494460 0.171050 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:02.666961 0.150873 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:02.815817 0.182119 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:02.994549 0.173504 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2077 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:03.147649 0.232808 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:03.371130 0.348342 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:03.715602 0.319240 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:04.033836 0.331305 udp 10.0.2.109 3683 <-> 118.163.97.62 1829 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:04.365677 0.136762 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:04.464109 0.116383 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:04.544747 0.240147 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:04.747926 0.333659 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:05.099124 0.117082 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:05.182980 0.251864 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:05.334698 0.174650 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:05.494863 0.231821 udp 10.0.2.109 3683 <-> 188.28.145.225 9542 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:48:05.647537 0.547089 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/25 18:49:43.401439 0.012065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 18:49:43.413611 0.699119 tcp 10.0.2.109 50939 -> 188.129.248.221 6410 FSPA* 0 0 14 1596 flow=From-Botnet-V1-TCP-Established 1970/02/25 18:52:20.119502 3.001274 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 18:52:27.126820 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:52:35.128081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:52:51.130974 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:53:23.137027 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:59:27.143259 3.001401 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 18:59:34.151689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:59:42.152086 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 18:59:58.154944 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:00:30.161140 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:06:34.172546 3.017084 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 19:06:41.184491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:06:49.185904 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:07:05.189024 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:07:37.194938 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:13:41.200469 3.002102 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 19:13:48.208188 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:13:56.209872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:14:12.212746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:14:44.218958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:18:34.290315 0.033933 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:18:34.324369 0.093746 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:34.400187 0.066602 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:34.467744 0.154583 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:34.582174 0.199378 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:34.774410 0.179673 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:34.933301 0.210652 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:35.141067 0.181402 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:35.314935 0.054870 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:35.379687 0.014357 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:35.438136 0.164118 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:35.610387 0.150139 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:35.758885 0.185963 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:35.939911 0.176744 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:36.094224 0.220158 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:36.303785 0.346850 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:36.646966 0.138966 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:36.742870 0.114380 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:36.819813 0.255254 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:37.039881 0.327438 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:37.366114 0.000000 udp 10.0.2.109 3683 -> 118.163.97.62 1829 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:18:52.978588 0.031456 tcp 10.0.2.109 50940 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:18:53.010480 0.031979 tcp 10.0.2.109 50941 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:18:53.042749 0.121581 tcp 10.0.2.109 50942 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:18:53.164883 0.333742 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:53.512794 0.116571 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:53.597183 0.138650 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:53.731431 0.174994 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:18:53.892334 0.000000 udp 10.0.2.109 3683 -> 188.28.145.225 9542 INT 0 1 246 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:19:11.664236 0.031094 tcp 10.0.2.109 50943 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:19:11.695660 0.032475 tcp 10.0.2.109 50944 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:19:11.728413 0.123750 tcp 10.0.2.109 50945 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:19:11.852821 0.237482 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2509 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:19:44.110661 2.993733 tcp 10.0.2.109 50946 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:19:53.103095 0.000000 tcp 10.0.2.109 50946 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:19:57.729024 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:19:59.112235 0.030733 tcp 10.0.2.109 50947 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:19:59.143274 0.032261 tcp 10.0.2.109 50948 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:19:59.175836 0.656915 tcp 10.0.2.109 50949 -> 195.113.214.249 443 SRPA* 0 0 39 20920 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:20:00.180264 2.968700 tcp 10.0.2.109 50950 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:20:09.077422 0.000000 tcp 10.0.2.109 50950 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:20:15.004935 0.031542 tcp 10.0.2.109 50951 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:20:15.036767 0.031845 tcp 10.0.2.109 50952 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:20:15.068924 0.119903 tcp 10.0.2.109 50953 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:20:15.252136 2.968704 tcp 10.0.2.109 50954 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:20:24.148537 0.000000 tcp 10.0.2.109 50954 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:20:30.066697 0.030859 tcp 10.0.2.109 50955 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:20:30.097915 0.031871 tcp 10.0.2.109 50956 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:20:30.130101 0.122966 tcp 10.0.2.109 50957 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:20:30.263378 2.963530 tcp 10.0.2.109 50958 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:20:39.155344 0.000000 tcp 10.0.2.109 50958 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:20:45.078259 2.993469 tcp 10.0.2.109 50959 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:20:48.224650 3.002300 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 19:20:54.080457 0.000000 tcp 10.0.2.109 50959 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:20:55.232378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:21:00.079505 2.993989 tcp 10.0.2.109 50960 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:21:03.233967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:21:10.849574 0.000000 tcp 10.0.2.109 50960 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:21:20.901304 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:21:52.505616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:26:15.082712 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:26:15.082884 3.003601 tcp 10.0.2.109 50961 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:26:24.085120 0.000000 tcp 10.0.2.109 50961 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:26:30.085412 0.031804 tcp 10.0.2.109 50962 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:26:30.117459 0.032498 tcp 10.0.2.109 50963 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:26:30.150381 0.123202 tcp 10.0.2.109 50964 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:26:30.297455 3.000903 tcp 10.0.2.109 50965 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:26:39.297022 0.000000 tcp 10.0.2.109 50965 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:26:45.296255 0.031259 tcp 10.0.2.109 50966 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:26:45.327808 0.031981 tcp 10.0.2.109 50967 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:26:45.360122 0.120624 tcp 10.0.2.109 50968 -> 195.113.214.249 443 SRPA* 0 0 45 24502 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:26:45.732709 3.007803 tcp 10.0.2.109 50969 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:26:54.739081 0.000000 tcp 10.0.2.109 50969 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:27:00.728013 0.030830 tcp 10.0.2.109 50970 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:27:00.759152 0.033361 tcp 10.0.2.109 50971 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:27:00.792848 0.125896 tcp 10.0.2.109 50972 -> 195.113.214.249 443 SRPA* 0 0 26 13250 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:27:00.928929 2.993627 tcp 10.0.2.109 50973 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:27:09.931190 0.000000 tcp 10.0.2.109 50973 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:27:15.929811 2.994369 tcp 10.0.2.109 50974 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:27:24.922822 0.000000 tcp 10.0.2.109 50974 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:27:30.931582 3.004097 tcp 10.0.2.109 50975 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:27:39.938339 0.000000 tcp 10.0.2.109 50975 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:27:55.259341 3.001479 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 19:28:02.266565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:28:10.267793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:28:26.270650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:28:58.276972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:32:45.934490 0.000121 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:32:45.934707 3.003856 tcp 10.0.2.109 50976 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:32:54.937026 0.000000 tcp 10.0.2.109 50976 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:33:00.937389 0.031867 tcp 10.0.2.109 50977 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:33:00.969552 0.031995 tcp 10.0.2.109 50978 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:33:01.001851 0.122397 tcp 10.0.2.109 50979 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:33:01.133713 3.007311 tcp 10.0.2.109 50980 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:33:10.139118 0.000000 tcp 10.0.2.109 50980 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:33:16.128289 0.035439 tcp 10.0.2.109 50981 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:33:16.164047 0.033056 tcp 10.0.2.109 50982 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:33:16.197381 0.120639 tcp 10.0.2.109 50983 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:33:16.328104 2.984693 tcp 10.0.2.109 50984 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:33:25.320913 0.000000 tcp 10.0.2.109 50984 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:33:31.330198 0.031202 tcp 10.0.2.109 50985 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:33:31.361718 0.032672 tcp 10.0.2.109 50986 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:33:31.394736 0.123644 tcp 10.0.2.109 50987 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:33:31.528098 2.995797 tcp 10.0.2.109 50988 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:33:40.522906 0.000000 tcp 10.0.2.109 50988 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:33:46.521516 3.005367 tcp 10.0.2.109 50989 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:33:55.524523 0.000000 tcp 10.0.2.109 50989 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:34:01.522832 3.004013 tcp 10.0.2.109 50990 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:34:10.525439 0.000000 tcp 10.0.2.109 50990 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:35:02.283382 3.001378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 19:35:09.290535 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:35:17.291893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:35:33.294962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:36:05.303165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:39:16.525972 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:39:16.526167 3.003547 tcp 10.0.2.109 50991 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:39:25.528466 0.000000 tcp 10.0.2.109 50991 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:39:31.528756 0.031704 tcp 10.0.2.109 50992 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:39:31.560720 0.032651 tcp 10.0.2.109 50993 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:39:31.593676 0.123488 tcp 10.0.2.109 50994 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:39:31.726643 2.995096 tcp 10.0.2.109 50995 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:39:40.730715 0.000000 tcp 10.0.2.109 50995 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:39:46.719781 0.030660 tcp 10.0.2.109 50996 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:39:46.750716 0.032052 tcp 10.0.2.109 50997 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:39:46.783066 0.120963 tcp 10.0.2.109 50998 -> 195.113.214.249 443 SRPA* 0 0 22 12940 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:39:46.914667 2.998923 tcp 10.0.2.109 50999 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:39:55.912354 0.000000 tcp 10.0.2.109 50999 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:40:01.911794 0.030828 tcp 10.0.2.109 51000 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:40:01.943023 0.031634 tcp 10.0.2.109 51001 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:40:01.974903 0.123143 tcp 10.0.2.109 51002 -> 195.113.214.249 443 SRPA* 0 0 19 10030 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:40:02.108187 2.997375 tcp 10.0.2.109 51003 -> 128.46.109.109 9893 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:40:11.104377 0.000000 tcp 10.0.2.109 51003 -> 128.46.109.109 9893 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:40:17.103339 3.003958 tcp 10.0.2.109 51004 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:40:26.105721 0.000000 tcp 10.0.2.109 51004 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:40:32.104600 3.004131 tcp 10.0.2.109 51005 -> 188.129.248.221 6410 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:40:41.107461 0.000000 tcp 10.0.2.109 51005 -> 188.129.248.221 6410 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:42:09.307445 3.001217 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 19:42:16.314418 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:42:24.315743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:42:40.319028 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:43:12.325184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:49:16.330936 3.001667 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 19:49:20.394464 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:49:20.394557 0.330172 udp 10.0.2.109 3683 -> 118.163.97.62 1829 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:49:20.724729 0.000000 icmp 118.163.97.62 0x0303 -> 10.0.2.109 0x2507 URP 192 1 203 flow=Background 1970/02/25 19:49:23.338590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:49:31.343701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:49:36.358823 0.031523 tcp 10.0.2.109 51006 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:49:36.390618 0.053574 tcp 10.0.2.109 51007 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:49:36.444485 1.529860 tcp 10.0.2.109 51008 -> 195.113.214.249 443 SRPA* 0 0 77 60180 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:49:37.973824 0.000000 udp 10.0.2.109 3683 -> 188.28.145.225 9542 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:49:47.342940 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:49:54.834234 0.030772 tcp 10.0.2.109 51009 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:49:54.865289 0.032066 tcp 10.0.2.109 51010 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:49:54.897617 0.118321 tcp 10.0.2.109 51011 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:49:55.016523 0.142769 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:55.121395 3.864261 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 14 5585 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:55.186261 3.784997 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 5 1612 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:55.264862 0.193601 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:55.449079 0.179796 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:55.640417 0.055448 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:55.697162 0.013576 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:55.719211 0.191347 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:55.907837 0.150982 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:56.057565 0.177030 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:56.214909 0.170726 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:56.380880 0.353293 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:56.730017 0.139149 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:56.834562 0.119712 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:56.914751 0.171744 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:57.083909 0.179021 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:57.238754 0.239452 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:57.467817 0.350092 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2608 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:57.816077 0.254451 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:58.034325 0.115602 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:58.115878 0.334840 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:58.467443 0.183105 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:58.626794 0.172307 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:49:58.785229 0.099567 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:02.134452 3.003656 tcp 10.0.2.109 51012 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:50:05.047977 0.360886 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 3003 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:05.401441 0.344619 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 8 3199 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:05.738980 0.107889 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3176 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:05.886729 0.026339 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 8 3163 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:05.942297 0.246581 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 8 2802 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:06.152280 0.374008 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 8 3193 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:06.523511 0.299944 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 8 3245 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:06.821693 0.334002 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 8 3054 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:07.135005 0.334214 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 8 3016 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:07.471737 0.703039 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 2985 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:08.171404 0.221496 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 8 2996 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:08.356606 0.328180 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3023 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:08.680608 0.326821 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 2874 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:08.985483 0.448593 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 8 2760 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:09.424848 0.700870 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 8 3083 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:10.124594 0.183527 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 8 2995 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:10.267783 0.470842 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 8 2933 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:10.702426 0.229317 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 8 3115 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:10.898001 0.666842 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 8 3298 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:11.136983 0.000000 tcp 10.0.2.109 51012 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:50:11.572403 0.310161 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 2862 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:11.872752 0.334110 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 8 2881 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:12.191915 0.321719 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 8 2971 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:12.476345 0.162332 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 8 2981 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:12.624044 0.601720 rtp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 8 3014 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:50:13.246504 0.000000 udp 10.0.2.109 3683 -> 5.87.94.78 1842 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:50:17.136268 0.031027 tcp 10.0.2.109 51013 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:50:17.167569 0.033228 tcp 10.0.2.109 51014 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:50:17.201097 0.123358 tcp 10.0.2.109 51015 -> 195.113.214.249 443 SRPA* 0 0 20 11334 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:50:17.332725 3.007673 tcp 10.0.2.109 51016 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:50:19.348908 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:50:19.369092 0.000000 udp 10.0.2.109 3683 -> 66.175.179.96 3134 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:50:26.338920 0.000000 tcp 10.0.2.109 51016 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:50:26.539277 0.000000 udp 10.0.2.109 3683 -> 218.107.210.2 5315 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:50:33.209002 0.000000 udp 10.0.2.109 3683 -> 109.235.43.14 7638 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:50:40.059029 0.000000 udp 10.0.2.109 3683 -> 66.64.32.179 3377 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:50:46.928314 0.000000 udp 10.0.2.109 3683 -> 187.174.119.158 4826 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:50:54.569421 0.000000 udp 10.0.2.109 3683 -> 81.82.241.146 1169 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:51:00.728471 0.319395 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 8 3028 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:51:01.073771 0.060476 udp 10.0.2.109 3683 -> 77.10.195.84 3056 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:51:01.134247 0.000000 icmp 77.10.195.84 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 258 flow=Background 1970/02/25 19:51:05.725555 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:51:06.927573 0.000000 udp 10.0.2.109 3683 -> 70.88.253.161 2729 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:51:13.156215 0.000000 udp 10.0.2.109 3683 -> 64.202.138.87 9560 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:51:21.087886 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:51:30.010687 0.000000 udp 10.0.2.109 3683 -> 113.20.76.67 8065 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:51:37.707383 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:51:46.654735 0.000000 udp 10.0.2.109 3683 -> 94.96.74.201 8122 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:51:51.231081 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:51:54.365566 0.000000 udp 10.0.2.109 3683 -> 92.28.186.34 5612 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:51:59.422955 0.481641 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 8 2961 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:51:59.877116 0.097870 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 8 3185 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:52:00.001632 0.000000 udp 10.0.2.109 3683 -> 184.155.178.89 6503 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:52:06.052514 0.000000 udp 10.0.2.109 3683 -> 190.118.237.104 5253 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:52:11.229764 0.000000 udp 10.0.2.109 3683 -> 210.176.161.145 4506 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:52:19.081291 0.000000 udp 10.0.2.109 3683 -> 203.125.253.9 4848 INT 0 1 223 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:52:26.601932 0.101889 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 3269 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:52:26.716401 0.000000 udp 10.0.2.109 3683 -> 59.120.20.175 8671 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:52:32.039621 0.113259 udp 10.0.2.109 3683 <-> 87.153.121.70 4545 CON 0 0 8 2963 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:52:32.209460 0.190304 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 8 3083 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:52:32.362125 0.000000 udp 10.0.2.109 3683 -> 220.189.251.66 3458 INT 0 1 296 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:52:36.725805 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:52:40.952579 0.000000 udp 10.0.2.109 3683 -> 182.71.26.106 4342 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:52:48.853801 0.129248 rtp 10.0.2.109 3683 <-> 86.152.46.73 6148 CON 0 0 8 2709 flow=From-Botnet-V1-UDP-Established 1970/02/25 19:52:48.992251 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:52:54.682449 0.000000 udp 10.0.2.109 3683 -> 67.52.230.162 3852 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:53:01.311779 0.000000 udp 10.0.2.109 3683 -> 92.236.159.67 7890 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:53:08.512005 0.000000 udp 10.0.2.109 3683 -> 121.54.40.41 1837 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:53:16.683953 0.000000 udp 10.0.2.109 3683 -> 108.183.187.142 5642 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:53:21.230445 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:53:22.502055 0.000000 udp 10.0.2.109 3683 -> 83.27.184.253 8949 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:53:28.110826 0.000000 udp 10.0.2.109 3683 -> 79.51.218.248 6785 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:53:33.458207 0.000000 udp 10.0.2.109 3683 -> 31.146.93.190 7837 INT 0 1 287 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:53:41.309457 0.000000 udp 10.0.2.109 3683 -> 99.252.88.16 8592 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:53:49.981723 0.000000 udp 10.0.2.109 3683 -> 63.241.148.10 2256 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:53:55.529808 0.000000 udp 10.0.2.109 3683 -> 61.195.188.130 2912 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:54:02.309477 0.447658 udp 10.0.2.109 3683 -> 203.59.135.142 2600 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:54:02.757135 0.000000 icmp 203.59.135.142 0x0303 -> 10.0.2.109 0x280a URP 192 1 188 flow=Background 1970/02/25 19:54:07.227474 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:54:08.599545 0.000000 udp 10.0.2.109 3683 -> 79.236.156.198 8699 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:54:16.049255 0.000000 udp 10.0.2.109 3683 -> 87.138.128.192 9614 INT 0 1 140 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:54:24.110948 0.000000 udp 10.0.2.109 3683 -> 75.211.26.239 4512 INT 0 1 188 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 19:55:32.329744 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 19:55:32.329963 2.993153 tcp 10.0.2.109 51017 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:55:41.321915 0.000000 tcp 10.0.2.109 51017 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:55:47.331758 0.031658 tcp 10.0.2.109 51018 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:55:47.363666 0.032007 tcp 10.0.2.109 51019 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:55:47.396022 0.121094 tcp 10.0.2.109 51020 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/25 19:55:47.536718 2.998281 tcp 10.0.2.109 51021 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:55:56.533517 0.000000 tcp 10.0.2.109 51021 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 19:56:23.354266 3.002713 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 19:56:30.362030 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:56:38.363536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:56:54.366829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 19:57:26.372878 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:01:02.533799 0.013926 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 20:01:02.547913 2.989772 tcp 10.0.2.109 51022 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:01:11.536480 0.000000 tcp 10.0.2.109 51022 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:01:17.546857 0.031794 tcp 10.0.2.109 51023 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:01:17.579007 0.036921 tcp 10.0.2.109 51024 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:01:17.616172 0.177925 tcp 10.0.2.109 51025 -> 195.113.214.249 443 SRPA* 0 0 27 11876 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:01:17.821469 2.985306 tcp 10.0.2.109 51026 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:01:26.779884 0.000000 tcp 10.0.2.109 51026 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:03:30.381789 2.998874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 20:03:37.386009 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:03:45.387718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:04:01.390746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:04:33.397799 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:06:32.768891 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 20:06:32.769013 2.993707 tcp 10.0.2.109 51027 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:06:41.771190 0.000000 tcp 10.0.2.109 51027 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:06:47.772045 0.042375 tcp 10.0.2.109 51028 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:06:47.814705 0.031878 tcp 10.0.2.109 51029 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:06:47.846858 0.124233 tcp 10.0.2.109 51030 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:06:47.981187 3.003283 tcp 10.0.2.109 51031 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:06:56.983641 0.000000 tcp 10.0.2.109 51031 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:10:37.403189 3.011332 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 20:10:44.421611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:10:52.421556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:11:08.424501 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:11:40.430607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:12:02.983673 0.143357 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 20:12:03.127306 2.969052 tcp 10.0.2.109 51032 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:12:12.046682 0.000000 tcp 10.0.2.109 51032 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:12:18.007146 0.032975 tcp 10.0.2.109 51033 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:12:18.040377 0.051630 tcp 10.0.2.109 51034 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:12:18.092260 0.122266 tcp 10.0.2.109 51035 -> 195.113.214.249 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:12:18.360811 2.978582 tcp 10.0.2.109 51036 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:12:27.337981 0.000000 tcp 10.0.2.109 51036 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:17:44.437677 3.021191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 20:17:51.454657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:17:59.459127 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:18:15.460688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:18:47.464811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:24:35.335291 0.113495 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 20:24:35.448944 0.064400 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:35.497609 0.179608 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:36.225422 0.054378 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:36.308852 0.193188 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:37.190416 0.013739 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:38.232430 0.141849 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:38.571052 0.192911 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:38.761307 0.295185 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:38.904510 0.178085 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:39.069166 0.170949 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:39.414525 0.171903 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:39.892307 0.353288 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:41.273754 0.139338 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:41.488666 0.172767 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:42.028528 0.214540 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:42.233497 0.336431 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:42.563193 0.119968 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:43.017605 0.252709 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:43.236722 0.124194 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2477 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:43.330720 0.333516 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:43.703034 0.116962 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:43.783713 0.096744 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:43.841150 0.301702 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:44.065118 0.178551 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:44.228292 0.309994 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:44.637742 0.167532 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:44.797591 0.233660 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:44.986542 0.046450 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:45.177063 0.079115 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:45.245497 0.116625 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:45.320202 0.060922 udp 10.0.2.109 3683 <-> 87.153.121.70 4545 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:45.381237 0.075057 udp 10.0.2.109 3683 <-> 86.152.46.73 6148 CON 0 0 6 2522 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:24:48.394102 2.993899 tcp 10.0.2.109 51037 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:24:51.470783 3.001335 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 20:24:57.386661 0.000000 tcp 10.0.2.109 51037 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:24:58.478347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:25:03.387301 0.031602 tcp 10.0.2.109 51038 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:25:03.419266 0.031896 tcp 10.0.2.109 51039 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:25:03.451516 0.126609 tcp 10.0.2.109 51040 -> 195.113.214.249 443 SRPA* 0 0 20 10254 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:25:03.674245 2.996162 tcp 10.0.2.109 51041 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:25:06.481414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:25:12.668510 0.000000 tcp 10.0.2.109 51041 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:25:22.482857 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:25:54.488821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:30:18.668969 0.606828 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 20:30:19.275940 2.940469 tcp 10.0.2.109 51042 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:30:28.150978 0.000000 tcp 10.0.2.109 51042 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:30:34.095421 0.075529 tcp 10.0.2.109 51043 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:30:34.171224 0.031505 tcp 10.0.2.109 51044 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:30:34.202978 0.122969 tcp 10.0.2.109 51045 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:30:34.977307 0.000000 tcp 10.0.2.109 51046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:30:40.280715 0.000000 tcp 10.0.2.109 51046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:30:46.207686 0.000000 tcp 10.0.2.109 51046 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:32:00.240754 2.967175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 20:32:07.162784 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:32:15.067469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:32:30.875192 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:33:02.510341 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:35:49.554946 0.035281 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 20:35:49.590433 2.982185 tcp 10.0.2.109 51047 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:35:58.557013 0.000000 tcp 10.0.2.109 51047 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:36:04.568222 0.031939 tcp 10.0.2.109 51048 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:36:04.600547 0.032318 tcp 10.0.2.109 51049 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:36:04.633197 0.121353 tcp 10.0.2.109 51050 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:36:04.768723 3.002232 tcp 10.0.2.109 51051 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:36:13.768320 0.000000 tcp 10.0.2.109 51051 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:39:05.518273 3.001874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 20:39:12.526767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:39:20.527657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:39:36.530236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:40:08.536479 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:41:19.769341 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 20:41:19.769513 2.993753 tcp 10.0.2.109 51052 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:41:28.764753 0.000000 tcp 10.0.2.109 51052 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:41:34.772083 0.045980 tcp 10.0.2.109 51053 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:41:34.818549 0.031722 tcp 10.0.2.109 51054 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:41:34.850529 0.122034 tcp 10.0.2.109 51055 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:41:34.983821 2.992800 tcp 10.0.2.109 51056 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:41:43.973928 0.000000 tcp 10.0.2.109 51056 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:46:12.542004 3.002103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 20:46:19.549979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:46:27.551665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:46:43.554775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:47:15.560260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:53:19.566506 3.001591 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 20:53:26.573911 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:53:34.575246 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:53:50.578347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:54:22.584376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 20:54:52.177372 0.000044 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 20:54:52.177463 0.067027 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:52.227389 0.178385 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:52.422300 0.056249 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:52.489481 0.188671 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:52.668399 0.191798 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:52.865978 0.150610 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:53.015413 0.014072 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:53.042222 0.151058 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:53.154636 0.178654 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:53.310719 0.170198 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:53.495652 0.176916 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:53.669360 0.354957 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:54.020234 0.601727 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:54.582812 0.326262 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:54.917549 0.173717 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:55.069561 0.223219 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:55.281235 0.112118 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:55.357550 0.248824 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2448 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:55.568770 0.119936 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:55.656221 0.342262 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:56.000005 0.230223 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:56.192213 0.097751 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:56.253030 0.303218 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:56.566497 0.168812 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:56.727482 0.138986 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:56.858639 0.175076 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:57.018761 0.223683 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2582 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:57.204671 0.051598 rtp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:57.277305 0.051902 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:57.327177 0.115455 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2017 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:57.400045 0.063009 udp 10.0.2.109 3683 <-> 87.153.121.70 4545 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:54:57.478214 0.073314 udp 10.0.2.109 3683 <-> 86.152.46.73 6148 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/25 20:55:05.025919 3.003931 tcp 10.0.2.109 51057 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:55:14.027932 0.000000 tcp 10.0.2.109 51057 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:55:20.028925 0.060609 tcp 10.0.2.109 51058 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:55:20.089778 0.032599 tcp 10.0.2.109 51059 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:55:20.122662 0.121154 tcp 10.0.2.109 51060 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/25 20:55:20.253322 3.008390 tcp 10.0.2.109 51061 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 20:55:29.270559 0.000000 tcp 10.0.2.109 51061 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:00:26.591160 3.054027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 21:00:33.625568 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:00:35.250794 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 21:00:35.250971 2.993677 tcp 10.0.2.109 51062 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:00:41.618832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:00:44.243171 0.000000 tcp 10.0.2.109 51062 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:00:50.253341 0.031799 tcp 10.0.2.109 51063 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:00:50.285420 0.032364 tcp 10.0.2.109 51064 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:00:50.318015 0.102251 tcp 10.0.2.109 51065 -> 195.113.214.249 443 SRPA* 0 0 32 23611 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:00:50.429854 2.996753 tcp 10.0.2.109 51066 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:00:57.622324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:00:59.425082 0.000000 tcp 10.0.2.109 51066 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:01:29.627899 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:06:05.425637 0.000137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 21:06:05.425891 3.003405 tcp 10.0.2.109 51067 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:06:14.428006 0.000000 tcp 10.0.2.109 51067 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:06:20.428885 0.032328 tcp 10.0.2.109 51068 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:06:20.461515 0.031806 tcp 10.0.2.109 51069 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:06:20.493645 0.124496 tcp 10.0.2.109 51070 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:06:20.628729 3.002264 tcp 10.0.2.109 51071 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:06:29.639192 0.000000 tcp 10.0.2.109 51071 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:07:33.634615 3.001946 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 21:07:40.641817 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:07:48.643574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:08:04.646365 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:08:36.652483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:11:35.630314 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 21:11:35.630491 2.994302 tcp 10.0.2.109 51072 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:11:44.622793 0.000000 tcp 10.0.2.109 51072 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:11:50.633286 0.031485 tcp 10.0.2.109 51073 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:11:50.665042 0.032283 tcp 10.0.2.109 51074 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:11:50.697645 0.122845 tcp 10.0.2.109 51075 -> 195.113.214.249 443 SRPA* 0 0 35 18460 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:11:50.833163 3.002882 tcp 10.0.2.109 51076 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:11:59.834922 0.000000 tcp 10.0.2.109 51076 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:14:40.662613 3.011277 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 21:14:47.675805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:14:55.677275 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:15:11.680360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:15:43.686678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:21:47.692708 3.001989 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 21:21:54.699753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:22:04.934191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:22:20.744485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:22:52.349474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:25:22.999714 0.017969 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 21:25:23.017785 0.058783 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:23.086258 0.192623 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:23.271036 0.196710 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:23.464987 0.070053 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 5 1904 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:23.518752 0.183025 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2478 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:23.693619 0.150263 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:23.843912 0.013772 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:23.859431 0.143475 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:23.961931 0.172873 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:24.115201 0.173600 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:24.296476 0.172506 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:24.466277 0.584093 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:25.046813 0.142574 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:25.149015 0.338391 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:25.486189 0.178845 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:25.642528 0.216503 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:25.849876 0.119218 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:25.930942 0.254996 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:26.151381 0.120730 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:26.239193 0.095512 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2030 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:26.304128 0.296803 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:26.609495 0.177205 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:26.778601 0.222499 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:26.986991 0.335556 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:27.330861 0.117527 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:27.410638 0.174024 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:27.568803 0.637127 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2093 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:28.173968 0.046032 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:28.228040 0.069477 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:28.284265 0.115513 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:28.353686 0.000000 udp 10.0.2.109 3683 -> 87.153.121.70 4545 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 21:25:35.888375 2.996121 tcp 10.0.2.109 51077 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:25:44.131370 0.031827 tcp 10.0.2.109 51078 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:25:44.163556 0.031383 tcp 10.0.2.109 51079 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:25:44.195262 0.144892 tcp 10.0.2.109 51080 -> 195.113.214.249 443 SRPA* 0 0 41 30976 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:25:44.340695 0.078680 udp 10.0.2.109 3683 <-> 86.152.46.73 6148 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:25:44.890628 0.000000 tcp 10.0.2.109 51077 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:25:50.889994 0.030474 tcp 10.0.2.109 51081 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:25:50.920911 0.031737 tcp 10.0.2.109 51082 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:25:50.952945 0.145587 tcp 10.0.2.109 51083 -> 195.113.214.249 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:25:51.107299 2.996674 tcp 10.0.2.109 51084 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:26:00.102850 0.000000 tcp 10.0.2.109 51084 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:28:54.726375 3.001864 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 21:29:01.733843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:29:09.735498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:29:25.737973 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:29:57.744536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:31:06.103458 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 21:31:06.103607 3.003327 tcp 10.0.2.109 51085 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:31:15.105735 0.000000 tcp 10.0.2.109 51085 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:31:21.106038 0.032011 tcp 10.0.2.109 51086 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:31:21.138414 0.031837 tcp 10.0.2.109 51087 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:31:21.170529 0.144333 tcp 10.0.2.109 51088 -> 195.113.214.249 443 SRPA* 0 0 32 17702 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:31:21.339257 3.002436 tcp 10.0.2.109 51089 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:31:30.339946 0.000000 tcp 10.0.2.109 51089 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:36:01.750302 3.001893 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 21:36:08.757655 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:36:16.759109 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:36:32.762663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:36:36.327930 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 21:36:36.328078 3.003825 tcp 10.0.2.109 51090 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:36:45.342582 0.000000 tcp 10.0.2.109 51090 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:36:51.330846 0.031373 tcp 10.0.2.109 51091 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:36:51.362461 0.052147 tcp 10.0.2.109 51092 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:36:51.414874 0.142814 tcp 10.0.2.109 51093 -> 195.113.214.249 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:36:51.566411 2.997285 tcp 10.0.2.109 51094 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:37:00.562523 0.000000 tcp 10.0.2.109 51094 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:37:04.768477 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:42:06.562577 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 21:42:06.562760 3.003714 tcp 10.0.2.109 51095 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:42:15.565412 0.000000 tcp 10.0.2.109 51095 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:42:21.565436 0.033273 tcp 10.0.2.109 51096 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:42:21.599002 0.032317 tcp 10.0.2.109 51097 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:42:21.631627 0.140245 tcp 10.0.2.109 51098 -> 195.113.214.249 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:42:21.781966 3.005918 tcp 10.0.2.109 51099 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:42:30.786650 0.000000 tcp 10.0.2.109 51099 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:43:08.773872 3.001637 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 21:43:15.781810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:43:23.783073 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:43:39.786487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:44:11.792228 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:50:15.798586 3.028202 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 21:50:22.819282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:50:30.816989 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:50:46.819767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:51:18.826534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:55:57.106571 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 21:55:57.106738 0.000000 udp 10.0.2.109 3683 -> 87.153.121.70 4545 INT 0 1 222 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 21:56:14.794701 0.030677 tcp 10.0.2.109 51100 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:56:14.825672 0.032427 tcp 10.0.2.109 51101 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:56:14.858412 0.105308 tcp 10.0.2.109 51102 -> 195.113.214.249 443 SRPA* 0 0 31 23425 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:56:14.964303 0.187272 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:15.144653 0.196563 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:15.339072 0.073543 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:15.394693 0.178551 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2100 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:15.566829 0.151648 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:15.715679 0.013955 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:15.760937 0.055639 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:15.818358 0.178911 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:15.993542 0.142396 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:16.095208 0.174069 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:16.247822 0.166061 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2031 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:16.422658 0.138612 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:16.522812 0.340891 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:16.862017 0.181189 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:17.019135 0.228033 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:17.237600 0.610408 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:17.844528 0.097316 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:18.528064 0.304042 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:18.840989 0.168450 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:19.001848 0.258397 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:19.223301 0.212742 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:19.396656 0.124582 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:19.489120 1.295010 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:20.748563 0.176557 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:20.971428 0.150916 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:21.110686 0.342767 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:21.454508 0.122791 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:21.530426 0.051549 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:21.596096 0.231267 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:21.787806 0.052437 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2601 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:21.848652 3.009646 tcp 10.0.2.109 51103 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:56:21.850054 0.075066 udp 10.0.2.109 3683 <-> 86.152.46.73 6148 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/25 21:56:30.845069 0.000000 tcp 10.0.2.109 51103 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:56:36.844302 0.030889 tcp 10.0.2.109 51104 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:56:36.875435 0.032492 tcp 10.0.2.109 51105 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:56:36.908218 0.118078 tcp 10.0.2.109 51106 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/25 21:56:37.039271 2.999005 tcp 10.0.2.109 51107 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:56:46.036689 0.000000 tcp 10.0.2.109 51107 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 21:57:22.832211 3.001845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 21:57:29.839322 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:57:37.841068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:57:53.844435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 21:58:25.850662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:01:52.037160 0.000094 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 22:01:52.037339 3.003576 tcp 10.0.2.109 51108 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:02:01.039801 0.000000 tcp 10.0.2.109 51108 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:02:07.039973 0.031207 tcp 10.0.2.109 51109 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:02:07.071395 0.032250 tcp 10.0.2.109 51110 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:02:07.103912 0.125787 tcp 10.0.2.109 51111 -> 195.113.214.249 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:02:07.261597 3.001179 tcp 10.0.2.109 51112 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:02:16.261572 0.000000 tcp 10.0.2.109 51112 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:04:29.855788 3.001702 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 22:04:36.868620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:04:44.865059 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:05:00.869747 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:05:32.874398 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:07:22.261928 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 22:07:22.262085 3.003883 tcp 10.0.2.109 51113 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:07:31.264717 0.000000 tcp 10.0.2.109 51113 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:07:37.264974 0.031856 tcp 10.0.2.109 51114 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:07:37.297109 0.031904 tcp 10.0.2.109 51115 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:07:37.329379 0.123115 tcp 10.0.2.109 51116 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:07:37.479679 2.997919 tcp 10.0.2.109 51117 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:07:46.476514 0.000000 tcp 10.0.2.109 51117 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:11:36.880206 3.022710 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 22:11:43.897672 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:11:51.899336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:12:07.902414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:12:39.907825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:12:52.466935 0.000088 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 22:12:52.467109 3.003409 tcp 10.0.2.109 51118 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:13:01.469306 0.000000 tcp 10.0.2.109 51118 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:13:07.469949 0.035517 tcp 10.0.2.109 51119 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:13:07.505808 0.034902 tcp 10.0.2.109 51120 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:13:07.541020 0.125933 tcp 10.0.2.109 51121 -> 195.113.214.249 443 SRPA* 0 0 40 21118 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:13:07.675791 2.996916 tcp 10.0.2.109 51122 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:13:16.680384 0.000000 tcp 10.0.2.109 51122 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:18:43.913868 3.012009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 22:18:50.932719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:18:58.933448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:19:14.936451 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:19:46.942507 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:25:50.949722 3.000242 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 22:25:57.955777 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:26:05.957436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:26:21.960007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:26:26.397976 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 22:26:26.398093 0.277987 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:26.576598 0.197215 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:27.123680 0.069061 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:27.344546 0.181262 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:27.518690 0.150900 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2554 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:29.662937 0.013352 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:30.577965 0.054365 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2518 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:31.778963 0.178362 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:32.579524 0.168378 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:32.966499 0.143338 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:33.446998 0.323522 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2593 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:33.769261 0.252430 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:34.018551 0.155976 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:34.933347 0.174919 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:35.087249 0.233674 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:35.469413 0.360909 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:35.933068 0.098028 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:36.305970 0.305257 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:37.221208 0.117173 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:37.300187 0.121812 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:37.389108 0.167105 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:37.952101 0.252733 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:37.965672 2.978227 tcp 10.0.2.109 51123 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:26:38.169648 1.122248 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:39.257396 0.174042 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:39.688862 0.145014 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2092 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:40.936296 0.342196 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:41.280066 0.115833 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:41.518670 0.051902 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:41.566493 0.248769 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:41.779207 0.055825 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2053 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:42.011718 0.076655 rtp 10.0.2.109 3683 <-> 86.152.46.73 6148 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:26:46.886524 0.000000 tcp 10.0.2.109 51123 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:26:52.829935 0.031830 tcp 10.0.2.109 51124 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:26:52.862035 0.032787 tcp 10.0.2.109 51125 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:26:52.895141 0.124232 tcp 10.0.2.109 51126 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:26:53.028977 2.971002 tcp 10.0.2.109 51127 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:26:54.058623 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:27:01.941884 0.000000 tcp 10.0.2.109 51127 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:32:07.927734 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 22:32:07.927910 2.993823 tcp 10.0.2.109 51128 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:32:16.929912 0.000000 tcp 10.0.2.109 51128 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:32:22.931954 0.032851 tcp 10.0.2.109 51129 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:32:22.965128 0.032525 tcp 10.0.2.109 51130 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:32:22.997907 0.123997 tcp 10.0.2.109 51131 -> 195.113.214.249 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:32:23.146450 2.997078 tcp 10.0.2.109 51132 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:32:32.142475 0.000000 tcp 10.0.2.109 51132 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:32:57.971950 3.001934 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 22:33:04.979352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:33:12.980846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:33:28.983902 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:34:00.990331 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:37:38.143211 0.101209 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 22:37:38.244538 2.971631 tcp 10.0.2.109 51133 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:37:47.166278 0.000000 tcp 10.0.2.109 51133 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:37:53.156177 0.031858 tcp 10.0.2.109 51134 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:37:53.188305 0.031673 tcp 10.0.2.109 51135 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:37:53.220242 0.125424 tcp 10.0.2.109 51136 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:37:53.442234 2.996363 tcp 10.0.2.109 51137 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:38:02.437138 0.000000 tcp 10.0.2.109 51137 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:40:04.996297 3.011820 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 22:40:12.017883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:40:20.014986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:40:36.018309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:41:08.023926 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:43:08.437857 0.000100 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 22:43:08.438041 3.003745 tcp 10.0.2.109 51138 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:43:17.449972 0.000000 tcp 10.0.2.109 51138 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:43:23.440227 0.046911 tcp 10.0.2.109 51139 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:43:23.487420 0.032341 tcp 10.0.2.109 51140 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:43:23.520043 0.125178 tcp 10.0.2.109 51141 -> 195.113.214.249 443 SRPA* 0 0 22 12524 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:43:23.656845 2.988264 tcp 10.0.2.109 51142 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:43:32.641945 0.000000 tcp 10.0.2.109 51142 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:47:12.031378 3.000322 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 22:47:19.037620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:47:27.038978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:47:43.042202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:48:15.047990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:54:19.054772 3.000843 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 22:54:26.061783 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:54:34.062992 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:54:50.065661 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:55:22.072965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 22:56:58.311131 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 22:56:58.311249 0.191409 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:58.495480 0.179200 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:58.666500 0.191382 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:58.855208 0.073750 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:58.910693 0.150578 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:59.068110 0.014361 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:59.084540 0.054781 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:59.140715 0.179303 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:59.298671 0.171432 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:59.479158 0.175839 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:59.652254 0.148177 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:56:59.761199 0.341781 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:00.099967 0.146517 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2479 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:00.205919 0.175650 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:00.359041 0.221971 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:00.571836 0.353514 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:00.921611 0.095375 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 1907 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:00.983125 0.125462 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:01.074751 0.166821 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:01.235723 0.302226 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:01.539409 0.121253 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:01.620358 0.257588 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:01.843715 0.142807 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:01.949305 0.174415 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:02.108741 0.135857 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:02.240343 0.046336 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:02.283327 0.248594 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2566 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:02.501856 0.052865 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:02.552236 0.335282 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:02.903928 0.122608 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:02.976166 0.071830 rtp 10.0.2.109 3683 <-> 86.152.46.73 6148 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/25 22:57:08.705035 3.004571 tcp 10.0.2.109 51143 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:57:17.707865 0.000000 tcp 10.0.2.109 51143 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:57:23.708689 0.032137 tcp 10.0.2.109 51144 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:57:23.741049 0.031664 tcp 10.0.2.109 51145 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:57:23.772973 0.128327 tcp 10.0.2.109 51146 -> 195.113.214.249 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/25 22:57:23.924640 2.997092 tcp 10.0.2.109 51147 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 22:57:32.929766 0.000000 tcp 10.0.2.109 51147 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:01:26.088081 3.044072 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 23:01:33.112917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:01:41.106948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:01:57.110066 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:02:29.115982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:02:38.920408 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 23:02:38.920593 2.993132 tcp 10.0.2.109 51148 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:02:47.912970 0.000000 tcp 10.0.2.109 51148 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:02:53.923607 0.031763 tcp 10.0.2.109 51149 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:02:53.955635 0.034232 tcp 10.0.2.109 51150 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:02:53.990199 1.184017 tcp 10.0.2.109 51151 -> 195.113.214.249 443 SRPA* 0 0 89 75034 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:02:55.300203 2.963582 tcp 10.0.2.109 51152 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:03:04.197115 0.000000 tcp 10.0.2.109 51152 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:08:09.405761 0.013988 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 23:08:09.419803 2.989914 tcp 10.0.2.109 51153 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:08:18.408376 0.000000 tcp 10.0.2.109 51153 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:08:24.418813 0.031489 tcp 10.0.2.109 51154 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:08:24.450574 0.032390 tcp 10.0.2.109 51155 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:08:24.483252 0.123565 tcp 10.0.2.109 51156 -> 195.113.214.249 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:08:24.616287 3.005244 tcp 10.0.2.109 51157 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:08:33.121770 3.002024 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 23:08:33.630281 0.000000 tcp 10.0.2.109 51157 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:08:40.129678 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:08:48.130994 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:09:04.133910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:09:36.142704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:13:39.610574 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 23:13:39.610662 2.993483 tcp 10.0.2.109 51158 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:13:48.603144 0.000000 tcp 10.0.2.109 51158 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:13:54.612950 0.033495 tcp 10.0.2.109 51159 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:13:54.646754 0.032126 tcp 10.0.2.109 51160 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:13:54.679206 0.125734 tcp 10.0.2.109 51161 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:13:54.821899 3.004178 tcp 10.0.2.109 51162 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:14:03.824639 0.000000 tcp 10.0.2.109 51162 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:15:40.146412 3.011371 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 23:15:47.163483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:15:55.164887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:16:11.167736 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:16:43.173832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:22:47.180835 3.000911 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 23:22:54.252176 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:23:02.188853 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:23:18.192064 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:23:50.198011 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:27:09.588413 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 23:27:09.588617 0.210559 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:09.784334 0.181995 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:09.878771 3.003950 tcp 10.0.2.109 51163 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:27:09.958644 0.180197 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:10.131455 0.071703 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:10.212081 0.150351 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:10.360765 0.013746 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:10.404917 0.060356 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:10.466668 0.177581 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:10.623641 0.363097 rtp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:10.970777 0.175643 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:11.142751 0.142805 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:11.248127 0.179450 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:11.405697 0.234003 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:11.629222 0.346100 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:11.975304 0.150683 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:12.085827 0.354824 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:12.436785 0.453023 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:12.849263 0.124180 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:12.937143 0.168144 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:13.099335 0.304200 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:13.404746 0.110218 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:13.478161 0.257087 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:13.701687 1.260400 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:14.927385 0.174255 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:15.086565 0.150808 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2557 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:15.225211 0.046482 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:15.267700 0.241031 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:15.479580 0.058873 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2015 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:15.537076 0.073104 udp 10.0.2.109 3683 <-> 86.152.46.73 6148 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:15.592886 0.340497 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:15.934681 0.902125 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 5 1805 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:27:18.877988 0.000000 tcp 10.0.2.109 51163 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:27:24.878605 0.033369 tcp 10.0.2.109 51164 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:27:24.912211 0.031832 tcp 10.0.2.109 51165 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:27:24.944334 0.128115 tcp 10.0.2.109 51166 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:27:25.086308 3.004956 tcp 10.0.2.109 51167 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:27:34.099734 0.000000 tcp 10.0.2.109 51167 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:29:54.203803 3.001773 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 23:30:01.211448 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:30:09.212909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:30:25.215936 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:30:57.221979 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:32:40.080151 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 23:32:40.080369 2.994244 tcp 10.0.2.109 51168 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:32:49.072558 0.000000 tcp 10.0.2.109 51168 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:32:55.083241 0.032984 tcp 10.0.2.109 51169 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:32:55.116518 0.032973 tcp 10.0.2.109 51170 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:32:55.149920 0.124348 tcp 10.0.2.109 51171 -> 195.113.214.249 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:32:55.284376 3.001633 tcp 10.0.2.109 51172 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:33:04.284854 0.000000 tcp 10.0.2.109 51172 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:37:01.227816 3.016412 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 23:37:08.245251 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:37:16.246723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:37:32.249719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:38:04.256094 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:38:10.285379 0.000113 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 23:38:10.285550 3.003282 tcp 10.0.2.109 51173 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:38:19.287677 0.000000 tcp 10.0.2.109 51173 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:38:25.287674 0.032165 tcp 10.0.2.109 51174 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:38:25.320117 0.031400 tcp 10.0.2.109 51175 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:38:25.351790 0.125621 tcp 10.0.2.109 51176 -> 195.113.214.249 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:38:25.486683 3.004273 tcp 10.0.2.109 51177 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:38:34.489186 0.000000 tcp 10.0.2.109 51177 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:43:40.489875 0.000067 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 23:43:40.489984 2.993432 tcp 10.0.2.109 51178 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:43:49.482333 0.000000 tcp 10.0.2.109 51178 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:43:55.493007 0.036220 tcp 10.0.2.109 51179 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:43:55.529529 0.031973 tcp 10.0.2.109 51180 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:43:55.561890 0.141370 tcp 10.0.2.109 51181 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:43:55.728961 2.995886 tcp 10.0.2.109 51182 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:44:04.724337 0.000000 tcp 10.0.2.109 51182 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:44:08.263045 3.000532 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 23:44:15.269295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:44:23.270865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:44:39.274155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:45:11.280152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:51:15.286331 3.001193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/25 23:51:22.293271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:51:30.294652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:51:46.297863 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:52:18.303867 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:57:30.993586 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/25 23:57:30.993749 0.186750 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:31.177466 0.187204 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:31.384165 0.183370 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:31.558545 0.073310 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:31.614881 0.150635 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:31.763873 0.013585 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:31.810385 0.055591 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:31.874293 0.179916 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:32.032535 0.137146 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:32.133144 0.179105 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:32.339752 0.221895 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:32.551539 0.168260 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2502 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:32.735464 0.179870 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:32.911744 0.344068 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:33.254443 0.146570 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:33.362872 0.353254 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:33.712181 0.098872 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:33.771916 0.307953 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:34.081158 0.115255 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:34.159298 0.239088 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:34.362242 0.121974 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:34.450259 0.169556 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:34.613629 0.130298 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:34.707671 0.617751 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2160 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:35.292088 0.135252 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:35.418715 0.051349 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:35.466451 0.261755 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:57:35.680517 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 23:57:40.777901 2.993646 tcp 10.0.2.109 51183 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:57:49.784555 0.000000 tcp 10.0.2.109 51183 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:57:52.097488 0.032197 tcp 10.0.2.109 51184 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:57:52.129929 0.032588 tcp 10.0.2.109 51185 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:57:52.162773 0.123401 tcp 10.0.2.109 51186 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:57:52.286713 0.000000 udp 10.0.2.109 3683 -> 86.152.46.73 6148 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/25 23:57:55.779175 0.031766 tcp 10.0.2.109 51187 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:57:55.811195 0.032698 tcp 10.0.2.109 51188 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:57:55.844153 0.134522 tcp 10.0.2.109 51189 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:57:55.988792 2.994807 tcp 10.0.2.109 51190 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:58:04.982056 0.000000 tcp 10.0.2.109 51190 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/25 23:58:08.938598 0.030854 tcp 10.0.2.109 51191 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:58:08.969932 0.033257 tcp 10.0.2.109 51192 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:58:09.003476 0.123094 tcp 10.0.2.109 51193 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/25 23:58:09.127274 0.334924 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:58:09.472250 0.120100 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/25 23:58:22.310223 3.001282 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/25 23:58:29.317554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:58:37.318918 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:58:53.321947 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/25 23:59:25.327811 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:03:10.983874 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 00:03:10.983982 3.002690 tcp 10.0.2.109 51194 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:03:19.985095 0.000000 tcp 10.0.2.109 51194 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:03:25.985474 0.031540 tcp 10.0.2.109 51195 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:03:26.017225 0.031922 tcp 10.0.2.109 51196 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:03:26.049448 0.131997 tcp 10.0.2.109 51197 -> 195.113.214.249 443 SRPA* 0 0 24 14850 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:03:26.559740 2.999162 tcp 10.0.2.109 51198 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:03:35.557498 0.000000 tcp 10.0.2.109 51198 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:05:29.333586 3.001778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 00:05:36.341162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:05:44.342832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:06:00.345579 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:06:32.351761 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:08:41.557868 0.000129 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 00:08:41.558109 2.993607 tcp 10.0.2.109 51199 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:08:50.559959 0.000000 tcp 10.0.2.109 51199 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:08:56.561201 0.032426 tcp 10.0.2.109 51200 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:08:56.593892 0.032628 tcp 10.0.2.109 51201 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:08:56.626785 0.126805 tcp 10.0.2.109 51202 -> 195.113.214.249 443 SRPA* 0 0 58 39572 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:08:56.771379 3.002191 tcp 10.0.2.109 51203 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:09:05.772392 0.000000 tcp 10.0.2.109 51203 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:12:36.358920 3.000604 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 00:12:43.365489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:12:51.366609 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:13:07.369654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:13:39.375801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:14:11.773067 0.000095 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 00:14:11.773242 3.003420 tcp 10.0.2.109 51204 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:14:20.775406 0.000000 tcp 10.0.2.109 51204 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:14:26.775120 0.033190 tcp 10.0.2.109 51205 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:14:26.808562 0.032471 tcp 10.0.2.109 51206 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:14:26.841343 0.126147 tcp 10.0.2.109 51207 -> 195.113.214.249 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:14:27.002491 3.005614 tcp 10.0.2.109 51208 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:14:36.007225 0.000000 tcp 10.0.2.109 51208 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:19:41.998439 0.013137 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 00:19:42.011657 2.990219 tcp 10.0.2.109 51209 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:19:43.385564 2.997880 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 00:19:50.389208 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:19:51.010228 0.000000 tcp 10.0.2.109 51209 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:19:57.012665 0.033145 tcp 10.0.2.109 51210 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:19:57.046136 0.052350 tcp 10.0.2.109 51211 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:19:57.098778 0.129791 tcp 10.0.2.109 51212 -> 195.113.214.249 443 SRPA* 0 0 21 13058 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:19:57.254243 2.999164 tcp 10.0.2.109 51213 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:19:58.390603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:20:06.252909 0.000000 tcp 10.0.2.109 51213 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 00:20:14.393704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:20:46.399698 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:26:50.405685 3.011605 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 00:26:57.423087 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:27:05.424616 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:27:21.427732 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:27:53.439367 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:28:22.125301 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 00:28:22.125455 0.046543 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:22.169207 0.000000 udp 10.0.2.109 3683 -> 86.152.46.73 6148 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 00:28:27.272573 0.703078 tcp 10.0.2.109 51214 -> 176.73.169.112 1959 FSPA* 0 0 14 1682 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:28:39.811944 0.036789 tcp 10.0.2.109 51215 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:28:39.848992 0.036377 tcp 10.0.2.109 51216 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:28:39.885623 0.127759 tcp 10.0.2.109 51217 -> 195.113.214.249 443 SRPA* 0 0 41 32568 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:28:40.014085 0.067900 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:40.065037 0.150013 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:40.213767 0.013922 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:40.365972 0.180474 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:40.538101 0.186742 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:40.819299 0.198210 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:41.014794 0.178674 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:41.173728 0.221359 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:41.385718 0.173784 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:41.560993 0.056883 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:41.619677 0.176846 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:41.773639 0.937038 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:42.669183 0.354351 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:43.019466 0.099959 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:43.084700 0.177191 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2608 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:43.258857 0.331616 udp 10.0.2.109 3683 <-> 175.195.224.65 6553 CON 0 0 6 1955 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:43.609573 0.138815 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:43.709308 0.120396 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2580 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:43.794970 0.167684 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:43.957522 0.842305 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:44.763985 0.366033 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:45.091781 0.307362 udp 10.0.2.109 3683 <-> 210.217.148.172 6623 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:45.400275 0.247957 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:45.612845 0.241294 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:45.826919 0.182945 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:45.993259 0.191623 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:46.160113 0.046273 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:46.266692 0.344745 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:28:46.613781 0.904201 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 3 1002 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:33:57.439769 3.026747 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 00:34:04.470546 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:34:12.458601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:34:28.461794 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:35:00.467628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:41:04.473819 3.014632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 00:41:11.491271 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:41:19.492772 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:41:35.495347 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:42:07.501550 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:48:11.507822 3.016827 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 00:48:18.515566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:48:26.516386 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:48:42.519700 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:49:14.525414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:55:18.532006 3.001184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 00:55:25.581339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:55:33.540595 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:55:49.547703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:56:21.549317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 00:58:27.981771 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 00:58:27.981880 0.352877 tcp 10.0.2.109 51218 -> 176.73.169.112 1959 FSPA* 0 0 15 1643 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:58:52.046212 0.059542 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:52.097383 0.014033 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:52.235968 0.181972 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:52.411015 0.186088 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:52.589634 0.065289 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2460 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:52.639617 0.150472 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:52.788292 0.197383 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:52.982473 0.178173 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:53.139113 0.235155 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:53.364805 0.170308 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:53.533376 0.059013 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2556 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:53.630231 0.177759 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:53.785359 0.143041 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:53.890969 0.621287 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:54.508567 0.103583 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:54.575456 0.177132 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:58:54.749728 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 214 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 00:59:10.846367 0.033178 tcp 10.0.2.109 51219 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:59:10.879804 0.035446 tcp 10.0.2.109 51220 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:59:10.915559 0.124435 tcp 10.0.2.109 51221 -> 195.113.214.249 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:59:11.040635 0.159077 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2368 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:11.160140 0.117458 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:11.244993 0.169783 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:11.406842 1.704474 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:13.077690 0.117237 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:13.156670 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 00:59:28.623704 0.032542 tcp 10.0.2.109 51222 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:59:28.656536 0.033415 tcp 10.0.2.109 51223 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:59:28.690247 0.124847 tcp 10.0.2.109 51224 -> 195.113.214.249 443 SRPA* 0 0 24 13314 flow=From-Botnet-V1-TCP-Established 1970/02/26 00:59:28.815605 0.244387 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:29.024297 0.241867 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:29.236047 0.052060 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:29.324964 0.339619 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:29.665604 0.243179 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:29.872006 0.136799 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/26 00:59:30.000760 0.878671 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:02:25.556014 3.015750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 01:02:32.573336 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:02:40.574419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:02:56.577324 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:03:28.738590 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:09:32.589099 3.065676 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 01:09:45.001776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:09:52.894488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:10:08.683332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:10:40.251978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:16:39.624215 3.000993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 01:16:46.630866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:16:54.632475 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:17:10.635361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:17:42.641673 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:23:46.647780 3.022970 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 01:23:53.664854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:24:01.666482 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:24:17.669096 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:24:49.675685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:28:28.340169 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 01:28:28.340404 0.556095 tcp 10.0.2.109 51225 -> 176.73.169.112 1959 FSPA* 0 0 15 1567 flow=From-Botnet-V1-TCP-Established 1970/02/26 01:29:58.760214 0.000130 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 01:29:58.760488 0.000000 udp 10.0.2.109 3683 -> 175.195.224.65 6553 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 01:30:17.017776 0.032878 tcp 10.0.2.109 51226 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 01:30:17.050948 0.036267 tcp 10.0.2.109 51227 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 01:30:17.087516 0.129693 tcp 10.0.2.109 51228 -> 195.113.214.249 443 SRPA* 0 0 40 31528 flow=From-Botnet-V1-TCP-Established 1970/02/26 01:30:17.217977 0.000000 udp 10.0.2.109 3683 -> 210.217.148.172 6623 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 01:30:32.939616 0.031632 tcp 10.0.2.109 51229 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 01:30:32.971534 0.031695 tcp 10.0.2.109 51230 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 01:30:33.003486 0.144864 tcp 10.0.2.109 51231 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/26 01:30:33.148922 0.191360 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:33.332993 0.063604 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:33.381944 0.150255 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:33.532292 0.180689 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:33.705034 0.014007 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:33.733849 0.212309 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:33.933214 0.176284 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:34.091401 0.055215 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:34.168053 0.169582 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:34.315599 0.189167 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:34.502169 0.170699 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:34.667946 0.238384 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:34.896536 0.178367 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:35.072048 0.514926 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:35.550083 0.347578 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:35.893653 0.441763 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2070 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:36.299157 0.141381 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:36.401718 0.123601 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2525 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:36.489174 0.169697 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:36.651733 1.253768 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:37.871941 0.118713 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:37.952217 0.238486 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:38.157029 0.252790 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:38.368762 0.051686 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:38.425878 0.333859 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:38.760904 0.176778 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:38.920377 0.248113 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:39.062795 0.686294 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/26 01:30:53.680526 3.002561 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 01:31:00.688710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:31:08.690236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:31:24.693654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:31:56.699371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:38:00.705376 3.001185 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 01:38:07.716645 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:38:15.714536 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:38:31.716741 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:39:03.726907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:45:07.729593 3.058741 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 01:45:14.762067 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:45:22.748025 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:45:38.757113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:46:10.767872 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:52:14.773406 3.013195 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 01:52:21.790599 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:52:29.792524 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:52:45.795445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:53:17.801422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:58:28.899212 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 01:58:28.899323 0.538693 tcp 10.0.2.109 51232 -> 176.73.169.112 1959 FSPA* 0 0 14 1499 flow=From-Botnet-V1-TCP-Established 1970/02/26 01:59:21.807622 3.001459 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 01:59:28.814715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:59:36.816656 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 01:59:52.819292 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:00:24.825327 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:00:45.255152 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 02:00:45.255260 0.150821 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:45.404446 0.180760 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:45.578074 0.013614 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:45.594281 0.184494 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:45.771666 0.071436 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:45.826035 0.045134 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:45.882829 0.178842 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:46.039811 0.054935 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:46.095785 0.177217 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:46.249663 0.196370 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:46.443181 0.169501 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:00:46.614290 0.000000 udp 10.0.2.109 3683 -> 86.165.135.158 6597 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 02:01:02.741252 0.031728 tcp 10.0.2.109 51233 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:01:02.773192 0.032726 tcp 10.0.2.109 51234 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:01:02.806233 0.130066 tcp 10.0.2.109 51235 -> 195.113.214.249 443 SRPA* 0 0 24 14680 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:01:02.936853 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 02:01:18.493321 1.315630 tcp 10.0.2.109 51236 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:01:19.809234 0.033034 tcp 10.0.2.109 51237 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:01:19.842535 0.126144 tcp 10.0.2.109 51238 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:01:19.969210 0.181548 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:20.147955 0.353052 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:20.497717 0.175829 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:20.711889 0.140837 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:20.815367 0.125613 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:20.906345 0.167140 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:21.069488 1.269041 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:22.301141 0.112732 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:22.376209 0.240159 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2411 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:22.581440 0.241610 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:22.796786 0.046046 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:22.839073 0.366313 udp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:23.205237 0.173325 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2453 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:23.327468 0.712231 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:01:23.621365 0.142628 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:06:28.831644 3.011549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 02:06:35.848715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:06:43.850471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:06:59.853085 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:07:31.859428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:13:35.865630 3.011200 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 02:13:42.882707 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:13:50.884743 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:14:06.887298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:14:38.893348 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:20:42.898940 3.011778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 02:20:49.917111 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:20:57.918466 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:21:13.921152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:21:45.927229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:27:49.932585 3.018193 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 02:27:56.950706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:28:04.952165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:28:20.955183 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:28:29.438004 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 02:28:29.438208 0.465971 tcp 10.0.2.109 51239 -> 176.73.169.112 1959 FSPA* 0 0 15 1719 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:28:52.961342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:31:51.328140 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 02:31:51.328317 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 02:32:07.222510 0.032533 tcp 10.0.2.109 51240 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:32:07.255336 0.032747 tcp 10.0.2.109 51241 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:32:07.288381 0.140349 tcp 10.0.2.109 51242 -> 195.113.214.249 443 SRPA* 0 0 41 20832 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:32:07.429274 0.000000 udp 10.0.2.109 3683 -> 86.165.135.158 6597 INT 0 1 247 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 02:32:23.058287 0.036271 tcp 10.0.2.109 51243 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:32:23.094867 0.033989 tcp 10.0.2.109 51244 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:32:23.129151 0.135684 tcp 10.0.2.109 51245 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/26 02:32:23.265634 0.185389 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:23.443172 0.068797 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:23.517539 0.013612 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2154 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:23.572698 0.181603 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:23.747149 0.150580 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:23.896085 0.202137 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:24.095318 0.166239 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:24.276512 0.051339 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:24.325183 0.178255 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:24.482650 0.056260 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:24.547548 0.177890 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:24.702717 0.244802 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:24.943998 0.354248 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:25.366574 0.283625 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:25.609399 0.143724 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:25.717700 0.128526 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:25.808720 0.169474 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:25.970482 1.528481 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2085 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:27.465176 0.116271 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:27.541016 0.255914 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:27.761834 0.241813 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:27.973067 0.045515 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:28.014977 0.177094 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:28.174492 0.142084 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:28.308583 0.367359 rtp 10.0.2.109 3683 <-> 210.223.5.134 7099 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:32:28.688566 0.117343 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/26 02:34:56.967431 3.019233 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 02:35:03.984729 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:35:11.986605 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:35:27.989306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:35:59.995223 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:42:04.000254 3.139680 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 02:42:11.112984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:42:19.042381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:42:35.033204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:43:07.039155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:49:11.045234 3.001447 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 02:49:18.052737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:49:26.054152 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:49:42.057220 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:50:14.063300 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:56:20.027099 2.953009 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 02:56:26.936626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:56:34.824134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:56:50.593532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:57:25.089447 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 02:58:33.489748 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 02:58:33.489870 1.761669 tcp 10.0.2.109 51246 -> 176.73.169.112 1959 FSPA* 0 0 16 1773 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:02:43.250441 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 03:02:43.250658 0.014186 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:02:43.542865 1.714829 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:02:45.888673 0.185582 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:02:46.067590 0.066949 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:02:46.191051 0.145243 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:02:46.358784 0.191779 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:02:46.548002 0.169814 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:02:47.294830 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 114 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 03:03:02.614083 0.032345 tcp 10.0.2.109 51247 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:03:02.646719 0.032362 tcp 10.0.2.109 51248 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:03:02.679392 0.126798 tcp 10.0.2.109 51249 -> 195.113.214.249 443 SRPA* 0 0 49 40794 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:03:02.806753 0.176562 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:02.963222 0.056909 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:03.433849 0.176661 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:03.706278 0.182097 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:03.885047 0.353449 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:04.413770 0.374006 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:04.747275 0.140274 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:04.851065 0.115787 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:05.803041 0.166916 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2032 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:05.963797 0.244075 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:06.847268 0.940479 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2027 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:07.756672 0.115789 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:08.426639 0.000000 udp 10.0.2.109 3683 -> 69.73.223.183 3042 INT 0 1 118 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 03:03:26.141693 3.459114 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 03:03:26.625609 0.034764 tcp 10.0.2.109 51250 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:03:26.660630 0.031951 tcp 10.0.2.109 51251 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:03:26.692886 0.128688 tcp 10.0.2.109 51252 -> 195.113.214.249 443 SRPA* 0 0 23 12578 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:03:26.822141 0.046454 udp 10.0.2.109 3683 <-> 93.198.213.18 8279 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:26.864551 0.174820 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:27.847663 0.237994 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:28.077054 0.000000 udp 10.0.2.109 3683 -> 210.223.5.134 7099 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 03:03:33.552345 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:03:41.460266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:03:44.371529 0.031914 tcp 10.0.2.109 51253 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:03:44.403733 0.033824 tcp 10.0.2.109 51254 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:03:44.437899 0.138846 tcp 10.0.2.109 51255 -> 195.113.214.249 443 SRPA* 0 0 25 14108 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:03:44.577421 0.115992 rtp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:03:57.557890 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:04:29.163567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:10:32.146796 3.002013 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 03:10:39.154532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:10:47.156062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:11:03.159165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:11:35.165178 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:17:39.171611 4.689613 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 03:17:47.818061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:17:55.716471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:18:11.517380 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:18:47.529486 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:24:47.617632 2.961701 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 03:24:54.526130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:25:02.418329 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:25:18.199431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:25:49.756280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:28:31.697021 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 03:28:31.697128 0.610179 tcp 10.0.2.109 51256 -> 176.73.169.112 1959 FSPA* 0 0 15 1579 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:31:53.248561 3.002191 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 03:32:00.256740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:32:08.258456 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:32:24.261128 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:32:57.685276 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:33:50.799305 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 03:33:50.799410 0.063441 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:33:50.850675 0.257207 rtp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2446 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:33:51.069283 0.000000 udp 10.0.2.109 3683 -> 210.223.5.134 7099 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 03:34:06.265404 0.038412 tcp 10.0.2.109 51257 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:34:06.304113 0.033518 tcp 10.0.2.109 51258 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:34:06.338011 0.157170 tcp 10.0.2.109 51259 -> 195.113.214.249 443 SRPA* 0 0 40 21978 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:34:06.494366 0.014027 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:06.511366 0.182548 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:06.684867 0.186314 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:06.863811 0.071103 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:06.915826 0.151094 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:07.065192 0.185604 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:07.429670 0.169038 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:07.611442 0.179589 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:07.769573 0.177277 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:07.924233 0.055478 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:07.993743 0.177972 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:08.169219 0.108041 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:08.236548 0.346760 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:08.579756 0.142416 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:08.685567 0.116876 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:08.768108 0.162914 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:08.924971 0.238263 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:09.126863 1.425808 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:10.516246 0.116022 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:10.593660 0.000000 udp 10.0.2.109 3683 -> 93.198.213.18 8279 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 03:34:27.542335 0.036850 tcp 10.0.2.109 51260 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:34:27.579522 0.033874 tcp 10.0.2.109 51261 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:34:27.613706 0.126829 tcp 10.0.2.109 51262 -> 195.113.214.249 443 SRPA* 0 0 52 42510 flow=From-Botnet-V1-TCP-Established 1970/02/26 03:34:27.741248 0.261408 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:27.952919 0.176636 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:34:28.203970 0.117691 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/26 03:39:00.284162 3.012616 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 03:39:07.300677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:39:15.301978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:39:31.304954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:40:03.311023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:46:07.317661 3.063064 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 03:46:14.358265 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:46:22.335841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:46:38.338854 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:47:10.602816 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:53:14.361006 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 03:53:21.368516 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:53:29.370270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:53:45.372962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:54:17.379211 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 03:58:32.306182 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 03:58:32.306298 0.800299 tcp 10.0.2.109 51263 -> 176.73.169.112 1959 FSPA* 0 0 15 1661 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:00:21.385310 3.001378 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 04:00:28.392898 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:00:36.469450 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:00:52.406935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:01:24.413191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:04:38.041630 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:04:38.041800 0.000000 udp 10.0.2.109 3683 -> 93.198.213.18 8279 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:04:55.088442 0.032836 tcp 10.0.2.109 51264 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:04:55.121664 0.037577 tcp 10.0.2.109 51265 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:04:55.159620 0.129659 tcp 10.0.2.109 51266 -> 195.113.214.249 443 SRPA* 0 0 40 21118 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:04:55.289511 0.069930 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:55.340706 0.241134 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:56.064555 0.068616 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:56.914250 0.145369 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:57.420226 0.014022 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:57.669670 0.180682 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:57.921385 0.191553 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:58.105391 0.168230 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:58.285347 0.176802 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:58.577974 0.172588 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:58.726542 0.057093 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:04:59.752788 0.184073 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:00.041145 0.508474 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:00.510969 0.201951 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:00.710114 0.165345 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:01.268090 0.235206 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:01.649581 0.354148 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:02.908336 0.135427 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:03.007001 0.121505 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:03.160815 0.118566 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:03.238795 1.377123 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:04.580639 0.189674 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:06.433861 0.709663 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:07.138760 0.490875 rtp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:08.172180 0.246805 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 2950 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:08.416134 0.713005 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 8 3216 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:09.099852 4.272171 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 8 2923 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:14.033368 0.335168 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 8 2993 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:14.456055 0.543117 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3091 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:14.982863 0.344267 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 8 3075 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:15.320127 0.360376 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 2961 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:15.673070 0.360019 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 8 3153 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:16.030013 0.338513 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 8 3266 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:16.345897 1.037125 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3126 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:17.358205 0.734999 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 3082 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:18.335944 2.113741 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 3104 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:20.445926 1.089906 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 8 2979 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:21.499038 1.019803 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 8 3049 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:22.515945 1.315706 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 8 3280 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:23.794600 0.330075 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 8 2875 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:25.115196 0.966050 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 3134 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:26.077549 0.244661 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 8 2892 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:26.285735 0.711976 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 8 3079 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:26.963978 0.303595 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 8 3279 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:27.227558 2.925231 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 8 3160 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:30.118344 1.155026 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 3061 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:31.266378 0.827097 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 8 3158 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:32.050680 0.555807 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 8 3176 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:32.572657 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:05:40.010117 0.000000 udp 10.0.2.109 3683 -> 59.164.25.75 1648 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:05:44.717175 0.000082 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:05:48.883377 0.113101 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 8 3311 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:05:49.266604 0.000000 udp 10.0.2.109 3683 -> 5.87.94.78 1842 INT 0 1 238 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:05:56.179494 0.000000 udp 10.0.2.109 3683 -> 78.6.199.170 5849 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:06:07.731367 0.000000 udp 10.0.2.109 3683 -> 78.139.132.103 4876 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:06:15.689975 0.000000 udp 10.0.2.109 3683 -> 66.64.32.179 3377 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:06:22.242818 0.000000 udp 10.0.2.109 3683 -> 87.246.251.13 8842 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:06:30.199546 0.000000 udp 10.0.2.109 3683 -> 122.172.164.159 4749 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:06:35.438705 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:06:38.520285 0.000000 udp 10.0.2.109 3683 -> 84.62.24.19 8954 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:06:44.841614 0.000000 udp 10.0.2.109 3683 -> 173.247.172.2 7972 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:06:51.106906 0.000000 udp 10.0.2.109 3683 -> 217.41.41.251 3692 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:06:58.761591 0.000000 udp 10.0.2.109 3683 -> 202.174.204.105 2293 INT 0 1 218 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:07:06.021078 0.000000 udp 10.0.2.109 3683 -> 109.151.92.148 4924 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:07:11.166973 0.000000 udp 10.0.2.109 3683 -> 216.162.89.130 9691 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:07:16.358818 0.000000 udp 10.0.2.109 3683 -> 95.224.41.80 9487 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:07:21.269770 0.000080 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:07:22.329620 0.000000 udp 10.0.2.109 3683 -> 92.71.16.26 9268 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:07:29.735179 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:07:31.330926 3.774320 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 04:07:37.049443 0.000000 udp 10.0.2.109 3683 -> 125.255.23.188 7412 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:07:39.055215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:07:44.083185 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:07:46.939901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:07:51.047094 0.000000 udp 10.0.2.109 3683 -> 94.96.74.201 8122 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:07:59.703485 0.000000 udp 10.0.2.109 3683 -> 217.226.192.194 1251 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:08:02.719407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:08:06.900206 0.000000 udp 10.0.2.109 3683 -> 95.225.218.160 6829 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:08:11.385489 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:08:13.955754 0.000000 udp 10.0.2.109 3683 -> 68.94.2.117 6540 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:08:21.535488 0.000000 udp 10.0.2.109 3683 -> 66.15.102.33 9714 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:08:27.085265 0.000000 udp 10.0.2.109 3683 -> 41.224.87.214 8167 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:08:32.822810 0.179346 udp 10.0.2.109 3683 <-> 91.6.17.217 5333 CON 0 0 8 2769 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:08:33.735271 0.000000 udp 10.0.2.109 3683 -> 122.163.36.56 5367 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:08:34.296100 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:08:42.338638 0.689638 udp 10.0.2.109 3683 <-> 123.203.24.77 7236 CON 0 0 8 2951 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:08:47.738887 0.000000 udp 10.0.2.109 3683 -> 216.215.100.78 9206 INT 0 1 254 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:08:53.772271 0.157736 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 8 2914 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:08:54.572941 0.353561 udp 10.0.2.109 3683 -> 203.206.220.184 6369 INT 0 1 282 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:08:54.926502 0.000000 icmp 203.206.220.184 0x0303 -> 10.0.2.109 0xe118 URP 192 1 310 flow=Background 1970/02/26 04:08:58.230218 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:09:00.667120 0.039466 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 8 2866 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:09:01.544034 0.995844 udp 10.0.2.109 3683 <-> 124.121.115.56 5867 CON 0 0 8 2890 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:09:02.574222 0.000000 udp 10.0.2.109 3683 -> 68.188.25.66 8032 INT 0 1 312 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:09:09.105760 0.000000 udp 10.0.2.109 3683 -> 2.226.210.46 4168 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:09:16.552414 0.000000 udp 10.0.2.109 3683 -> 151.15.168.98 4060 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:09:22.486515 0.000000 udp 10.0.2.109 3683 -> 206.231.239.146 1428 INT 0 1 157 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:09:29.375591 0.000000 udp 10.0.2.109 3683 -> 80.111.142.169 1551 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:09:36.580489 0.414466 udp 10.0.2.109 3683 <-> 74.181.66.253 5463 CON 0 0 8 3183 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:09:37.483370 0.000000 udp 10.0.2.109 3683 -> 213.137.23.83 2376 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:09:42.110557 0.000062 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:09:44.612603 0.000000 udp 10.0.2.109 3683 -> 46.227.89.138 7047 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:09:50.006882 0.115414 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 8 3166 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:09:50.210875 4.841752 rtp 10.0.2.109 3683 <-> 86.139.0.10 3180 CON 0 0 8 2971 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:09:55.494526 0.000000 udp 10.0.2.109 3683 -> 82.119.192.254 4601 INT 0 1 261 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:10:00.744232 0.267874 udp 10.0.2.109 3683 <-> 84.185.191.168 4448 CON 0 0 8 2994 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:10:03.871107 0.000000 udp 10.0.2.109 3683 -> 181.48.72.249 5642 INT 0 1 314 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:10:11.347494 0.000000 udp 10.0.2.109 3683 -> 66.49.17.214 7145 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:10:18.174935 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 231 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:10:24.345051 4.405373 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 8 2863 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:10:29.909029 0.330197 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 8 3342 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:10:30.554916 0.044100 udp 10.0.2.109 3683 -> 151.25.71.169 4367 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:10:30.599016 0.000000 icmp 151.25.71.169 0x0d03 -> 10.0.2.109 0x0000 URFIL 192 1 184 flow=Background 1970/02/26 04:10:33.250246 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:10:38.800036 0.000000 udp 10.0.2.109 3683 -> 41.58.56.24 5510 INT 0 1 125 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:10:47.083138 0.728942 udp 10.0.2.109 3683 <-> 218.145.118.18 9278 CON 0 0 8 3025 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:10:47.882775 0.000000 udp 10.0.2.109 3683 -> 87.22.193.31 2101 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:10:54.637896 0.000000 udp 10.0.2.109 3683 -> 130.185.192.21 5559 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:11:00.799101 0.000000 udp 10.0.2.109 3683 -> 217.196.211.102 7551 INT 0 1 292 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:11:06.476993 0.000000 udp 10.0.2.109 3683 -> 171.5.251.40 8758 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:11:13.814674 0.000000 udp 10.0.2.109 3683 -> 99.159.254.51 7473 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:11:18.886954 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:11:20.336992 0.000000 udp 10.0.2.109 3683 -> 212.54.184.25 3664 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:11:25.302685 0.199324 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 8 2832 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:11:25.936421 1.742019 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 8 3114 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:11:28.623838 0.000000 udp 10.0.2.109 3683 -> 41.191.98.41 5404 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:11:36.663104 0.000000 udp 10.0.2.109 3683 -> 70.94.33.156 4659 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:11:41.913108 0.000000 udp 10.0.2.109 3683 -> 95.225.199.48 9244 INT 0 1 269 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:11:49.152896 0.000000 udp 10.0.2.109 3683 -> 116.15.105.33 8113 INT 0 1 134 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:12:02.592702 0.000000 udp 10.0.2.109 3683 -> 79.238.97.152 1014 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:12:07.487592 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:12:08.833203 0.000000 udp 10.0.2.109 3683 -> 88.104.180.84 3537 INT 0 1 187 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:12:15.102006 0.000000 udp 10.0.2.109 3683 -> 84.52.213.191 3436 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:12:20.546915 0.704129 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 2928 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:12:21.533664 0.000000 udp 10.0.2.109 3683 -> 95.242.251.180 9162 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:12:29.245398 0.000000 udp 10.0.2.109 3683 -> 217.203.63.113 1199 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:12:37.478385 0.000000 udp 10.0.2.109 3683 -> 84.3.130.125 1020 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:12:45.689158 0.000000 udp 10.0.2.109 3683 -> 95.227.147.49 3412 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:12:53.552933 0.355773 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 8 2944 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:12:54.056996 0.000000 udp 10.0.2.109 3683 -> 46.47.117.33 7070 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:12:58.241847 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:12:59.716524 0.000000 udp 10.0.2.109 3683 -> 92.6.138.95 3830 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:13:06.250630 0.047045 udp 10.0.2.109 3683 <-> 87.242.26.90 2308 CON 0 0 8 2990 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:13:07.018196 0.000000 udp 10.0.2.109 3683 -> 110.171.100.222 9633 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:13:12.769541 0.000000 udp 10.0.2.109 3683 -> 81.155.47.111 4442 INT 0 1 147 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:13:19.366717 0.000000 udp 10.0.2.109 3683 -> 109.158.162.227 4551 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:13:27.659441 0.000000 udp 10.0.2.109 3683 -> 86.182.95.166 1055 INT 0 1 178 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:13:35.116579 0.000000 udp 10.0.2.109 3683 -> 80.176.222.194 8605 INT 0 1 313 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:13:42.584198 0.298420 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 8 3287 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:13:43.109463 0.239162 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 8 3040 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:13:43.897856 0.000000 udp 10.0.2.109 3683 -> 79.4.185.31 3355 INT 0 1 294 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:13:47.060805 0.000042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:13:50.935563 0.000000 udp 10.0.2.109 3683 -> 173.166.202.9 4398 INT 0 1 307 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:13:56.798973 0.117221 udp 10.0.2.109 3683 <-> 92.231.18.50 4643 CON 0 0 8 2848 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:13:57.739406 0.000000 udp 10.0.2.109 3683 -> 91.61.234.104 9526 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:14:06.820439 0.000000 udp 10.0.2.109 3683 -> 87.10.9.206 1026 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:14:15.186680 0.000000 udp 10.0.2.109 3683 -> 188.192.121.226 4904 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:14:22.811747 0.000000 udp 10.0.2.109 3683 -> 81.149.3.93 9807 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:14:30.675368 0.000000 udp 10.0.2.109 3683 -> 195.149.21.34 4798 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:14:35.349396 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:14:36.017437 0.000000 udp 10.0.2.109 3683 -> 2.232.129.73 6542 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:14:42.303876 0.000000 udp 10.0.2.109 3683 -> 75.150.54.113 8280 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:14:43.470372 2.960259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 04:14:47.981468 0.000000 udp 10.0.2.109 3683 -> 93.57.67.123 8503 INT 0 1 208 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:14:50.378270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:14:54.001549 0.000000 udp 10.0.2.109 3683 -> 24.39.157.138 1496 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:14:58.411406 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:14:59.015177 0.000000 udp 10.0.2.109 3683 -> 83.235.189.39 4719 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:15:06.457780 0.000000 udp 10.0.2.109 3683 -> 186.3.66.78 1128 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:15:12.559035 0.000000 udp 10.0.2.109 3683 -> 49.204.173.155 6413 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:15:14.193620 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:15:18.736420 1.211864 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 8 2915 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:15:19.837411 0.000000 udp 10.0.2.109 3683 -> 151.72.28.85 5616 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:15:23.309003 0.000051 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:15:25.218018 0.140499 udp 10.0.2.109 3683 <-> 92.30.20.7 8067 CON 0 0 8 2921 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:15:25.478372 0.000000 udp 10.0.2.109 3683 -> 2.35.243.251 8906 INT 0 1 195 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:15:34.213961 0.004950 udp 10.0.2.109 3683 <-> 81.19.39.6 5102 CON 0 0 8 3026 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:15:34.961978 0.000000 udp 10.0.2.109 3683 -> 124.178.254.24 5780 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:15:42.770544 0.000000 udp 10.0.2.109 3683 -> 120.151.212.206 8206 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:15:45.737226 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:15:47.943621 0.000000 udp 10.0.2.109 3683 -> 113.98.11.99 5560 INT 0 1 272 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:15:54.995817 0.000000 udp 10.0.2.109 3683 -> 66.7.242.202 1406 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:16:03.647041 0.000000 udp 10.0.2.109 3683 -> 122.166.237.126 8799 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:16:08.181417 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:16:11.694670 0.113425 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 8 3228 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:16:12.484891 0.000000 udp 10.0.2.109 3683 -> 121.246.222.2 5166 INT 0 1 132 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:16:19.432532 0.000000 udp 10.0.2.109 3683 -> 188.108.188.175 6948 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:16:24.998833 0.160309 rtp 10.0.2.109 3683 <-> 95.252.49.175 1493 CON 0 0 8 2813 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:16:25.376755 0.669100 udp 10.0.2.109 3683 <-> 115.241.208.4 2650 CON 0 0 8 3151 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:16:26.929095 0.000000 udp 10.0.2.109 3683 -> 213.23.166.114 2612 INT 0 1 167 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:16:35.544479 0.000000 udp 10.0.2.109 3683 -> 81.215.230.22 8174 INT 0 1 146 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:16:43.742558 0.000000 udp 10.0.2.109 3683 -> 218.43.195.96 6022 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:16:50.684143 0.096724 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 8 3155 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:16:51.044892 0.098596 udp 10.0.2.109 3683 -> 31.146.181.222 9958 INT 0 1 160 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:16:51.143488 0.000000 icmp 31.146.181.222 0x0303 -> 10.0.2.109 0xe626 URP 192 1 188 flow=Background 1970/02/26 04:16:55.509488 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:16:57.770910 0.000000 udp 10.0.2.109 3683 -> 85.107.150.146 5845 INT 0 1 136 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:17:03.714017 0.000000 udp 10.0.2.109 3683 -> 41.215.68.146 8426 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:17:09.714666 0.000000 udp 10.0.2.109 3683 -> 217.40.71.53 8584 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:17:18.127556 0.000000 udp 10.0.2.109 3683 -> 173.3.220.240 3117 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:17:23.623106 1.013147 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 8 2908 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:17:25.074629 0.128389 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 8 3168 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:21:44.648669 2.973140 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 04:21:51.578189 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:21:59.466810 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:22:15.241624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:22:46.786122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:28:32.964336 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:28:32.964529 0.689493 tcp 10.0.2.109 51267 -> 176.73.169.112 1959 FSPA* 0 0 15 1718 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:28:49.510987 3.001487 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 04:28:56.518294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:29:04.519653 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:29:20.523221 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:29:52.528533 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:35:56.535969 3.000703 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 04:36:03.542476 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:36:11.558751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:36:27.556846 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:36:59.562825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:43:03.569401 3.000894 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 04:43:10.576046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:43:18.577720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:43:34.580754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:44:06.614825 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:47:28.657909 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:47:28.658039 0.054321 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:28.704207 0.212602 udp 10.0.2.109 3683 <-> 69.73.223.183 3042 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:28.891289 0.145446 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:29.034971 0.014015 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:29.083449 0.188431 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:29.264972 0.065919 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2156 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:29.316298 0.178434 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:29.487907 0.178073 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:29.644431 0.165634 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2531 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:29.804970 0.175252 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:29.958687 0.056489 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:30.024071 0.178779 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:30.200233 0.100801 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:30.264553 0.191724 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:30.453869 0.239809 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 1972 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:30.660786 0.167705 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:30.823155 0.143111 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:30.927646 0.353463 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:31.317270 0.116186 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:31.393852 1.525960 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:33.025646 0.328325 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:33.313763 0.177326 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:33.477411 0.121655 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:33.552123 0.055251 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:33.612127 0.116881 udp 10.0.2.109 3683 <-> 91.6.17.217 5333 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:33.688628 0.344817 udp 10.0.2.109 3683 <-> 123.203.24.77 7236 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:34.032957 0.086350 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:34.098748 0.019497 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:34.139322 0.595181 udp 10.0.2.109 3683 <-> 124.121.115.56 5867 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:34.713250 0.000000 udp 10.0.2.109 3683 -> 74.181.66.253 5463 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:47:49.949581 0.033239 tcp 10.0.2.109 51268 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:47:49.982580 0.037241 tcp 10.0.2.109 51269 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:47:50.020140 0.135261 tcp 10.0.2.109 51270 -> 195.113.214.249 443 SRPA* 0 0 47 37556 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:47:50.155938 0.055724 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:50.214256 0.120421 udp 10.0.2.109 3683 <-> 86.139.0.10 3180 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:47:50.284834 0.000000 udp 10.0.2.109 3683 -> 84.185.191.168 4448 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:48:07.583789 0.035360 tcp 10.0.2.109 51271 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:48:07.619473 0.039663 tcp 10.0.2.109 51272 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:48:07.659478 0.127198 tcp 10.0.2.109 51273 -> 195.113.214.249 443 SRPA* 0 0 31 15228 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:48:07.787449 0.041220 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:07.815663 0.100536 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:07.892182 0.341772 udp 10.0.2.109 3683 <-> 218.145.118.18 9278 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:08.235242 0.097924 udp 10.0.2.109 3683 <-> 77.242.53.194 9893 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:08.343196 0.138487 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:08.441956 0.181447 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2179 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:08.612945 0.000000 udp 10.0.2.109 3683 -> 87.242.26.90 2308 INT 0 1 173 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:48:27.072039 0.035585 tcp 10.0.2.109 51274 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:48:27.107505 0.033797 tcp 10.0.2.109 51275 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:48:27.141627 0.138835 tcp 10.0.2.109 51276 -> 195.113.214.249 443 SRPA* 0 0 21 11730 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:48:27.281028 0.066272 udp 10.0.2.109 3683 <-> 92.231.18.50 4643 CON 0 0 6 2526 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:27.331319 0.690759 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:27.782809 0.000000 udp 10.0.2.109 3683 -> 92.30.20.7 8067 INT 0 1 179 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:48:46.630064 0.034558 tcp 10.0.2.109 51277 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:48:46.664910 0.040375 tcp 10.0.2.109 51278 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:48:46.705633 0.128537 tcp 10.0.2.109 51279 -> 195.113.214.249 443 SRPA* 0 0 25 13938 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:48:46.834689 0.002582 rtp 10.0.2.109 3683 <-> 81.19.39.6 5102 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:46.840461 0.055177 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:48:46.903965 0.000000 udp 10.0.2.109 3683 -> 95.252.49.175 1493 INT 0 1 184 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 04:49:02.533115 0.117695 tcp 10.0.2.109 51280 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:49:02.651131 0.032881 tcp 10.0.2.109 51281 -> 195.113.214.249 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:49:02.684303 0.137757 tcp 10.0.2.109 51282 -> 195.113.214.249 443 SRPA* 0 0 23 13334 flow=From-Botnet-V1-TCP-Established 1970/02/26 04:49:02.822594 1.014596 rtp 10.0.2.109 3683 <-> 115.241.208.4 2650 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:49:03.657407 0.044429 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2017 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:49:03.700261 0.504146 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:49:04.214380 0.073261 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/26 04:50:10.602206 3.002775 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 04:50:17.610259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:50:25.612054 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:50:41.614932 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:51:13.620972 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:57:17.627329 3.001184 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 04:57:24.636915 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:57:32.638621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:57:48.638614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:58:20.648801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 04:58:33.653967 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 04:58:33.654300 0.457205 tcp 10.0.2.109 51283 -> 176.73.169.112 1959 FSPA* 0 0 15 1563 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:04:24.650702 3.001981 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 05:04:31.658006 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:04:39.659415 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:04:55.662607 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:05:27.668330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:11:31.675592 3.000861 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 05:11:38.682444 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:11:46.684703 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:12:02.687138 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:12:34.693202 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:18:38.699266 3.000788 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 05:18:45.710532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:18:53.707587 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:19:09.709982 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:19:17.492132 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 05:19:17.492332 0.000000 udp 10.0.2.109 3683 -> 74.181.66.253 5463 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:19:36.310425 0.032532 tcp 10.0.2.109 51284 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:19:36.343262 0.032914 tcp 10.0.2.109 51285 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:19:36.376465 0.126859 tcp 10.0.2.109 51286 -> 195.113.214.249 443 SRPA* 0 0 25 13938 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:19:36.504427 0.000000 udp 10.0.2.109 3683 -> 84.185.191.168 4448 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:19:41.717420 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:19:54.405753 0.031443 tcp 10.0.2.109 51287 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:19:54.437470 0.034314 tcp 10.0.2.109 51288 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:19:54.472043 0.201440 tcp 10.0.2.109 51289 -> 195.113.214.249 443 SRPA* 0 0 27 12040 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:19:54.671986 0.000000 udp 10.0.2.109 3683 -> 87.242.26.90 2308 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:20:11.129518 0.031934 tcp 10.0.2.109 51290 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:20:11.161731 0.033165 tcp 10.0.2.109 51291 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:20:11.195215 0.133790 tcp 10.0.2.109 51292 -> 195.113.214.249 443 SRPA* 0 0 33 18134 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:20:11.329927 0.000000 udp 10.0.2.109 3683 -> 92.30.20.7 8067 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:20:30.046758 0.056387 tcp 10.0.2.109 51293 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:20:30.103447 0.031496 tcp 10.0.2.109 51294 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:20:30.135224 0.131360 tcp 10.0.2.109 51295 -> 195.113.214.249 443 SRPA* 0 0 47 22634 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:20:30.265106 0.000000 udp 10.0.2.109 3683 -> 95.252.49.175 1493 INT 0 1 217 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:20:46.721196 0.037843 tcp 10.0.2.109 51296 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:20:46.759369 0.032820 tcp 10.0.2.109 51297 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:20:46.792443 0.141071 tcp 10.0.2.109 51298 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:20:46.934069 0.054053 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:20:47.025567 0.181299 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:20:47.197144 0.176948 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:20:47.354534 0.170676 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:20:47.536638 0.014433 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:20:47.568954 0.151032 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:20:47.717486 0.000000 udp 10.0.2.109 3683 -> 69.73.223.183 3042 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:21:04.175745 0.030843 tcp 10.0.2.109 51299 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:21:04.206896 0.038577 tcp 10.0.2.109 51300 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:21:04.245787 0.137110 tcp 10.0.2.109 51301 -> 195.113.214.249 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:21:04.383450 0.064135 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:04.433327 0.181030 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:04.607149 0.231726 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:04.806022 0.196313 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:04.999387 0.175948 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:05.152687 0.100672 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:05.216571 0.055648 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2261 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:05.274727 0.173346 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:05.444796 0.171278 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:05.617661 0.533568 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:06.115171 0.353891 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:06.507183 0.143487 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:06.611632 0.118026 udp 10.0.2.109 3683 <-> 91.6.17.217 5333 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:06.684232 0.240042 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:06.889097 0.176111 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2498 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:07.049504 0.123203 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:07.126356 0.056316 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:07.200184 0.139351 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:07.331497 0.339983 udp 10.0.2.109 3683 <-> 123.203.24.77 7236 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:07.686481 0.017124 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2507 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:07.736514 0.553860 rtp 10.0.2.109 3683 <-> 124.121.115.56 5867 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:08.259693 0.088301 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:08.326518 0.123179 udp 10.0.2.109 3683 <-> 86.139.0.10 3180 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:08.399614 0.054903 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:08.467434 0.038429 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:08.493241 0.180154 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:08.649547 0.188336 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:08.798593 0.000000 udp 10.0.2.109 3683 -> 77.242.53.194 9893 INT 0 1 252 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:21:24.755449 0.031213 tcp 10.0.2.109 51302 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:21:24.787011 0.033187 tcp 10.0.2.109 51303 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:21:24.820507 0.137059 tcp 10.0.2.109 51304 -> 195.113.214.249 443 SRPA* 0 0 53 34998 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:21:24.958210 0.341968 udp 10.0.2.109 3683 <-> 218.145.118.18 9278 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:25.594270 0.102785 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:26.916583 0.604863 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:27.456691 0.066281 udp 10.0.2.109 3683 <-> 92.231.18.50 4643 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:28.036245 0.002827 udp 10.0.2.109 3683 <-> 81.19.39.6 5102 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:29.173743 0.058830 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2528 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:29.257481 0.000000 udp 10.0.2.109 3683 -> 115.241.208.4 2650 INT 0 1 151 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:21:46.837288 0.032750 tcp 10.0.2.109 51305 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:21:46.870418 0.033802 tcp 10.0.2.109 51306 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:21:46.904496 0.174144 tcp 10.0.2.109 51307 -> 195.113.214.249 443 FSRP* 0 0 28 9296 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:21:47.078923 0.048914 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2293 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:47.126252 0.515667 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:21:47.643198 0.070440 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:25:45.723406 3.010735 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 05:25:52.740047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:26:00.741681 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:26:16.744720 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:26:48.751835 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:28:34.114938 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 05:28:34.115048 0.858234 tcp 10.0.2.109 51308 -> 176.73.169.112 1959 FSPA* 0 0 14 1628 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:32:52.755565 3.002737 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 05:32:59.764195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:33:07.765706 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:33:23.767975 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:33:56.206885 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:39:59.790258 3.002357 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 05:40:06.797981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:40:14.799603 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:40:30.802780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:41:02.808836 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:47:06.814656 3.001672 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 05:47:13.822388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:47:21.823422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:47:37.826409 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:48:09.832530 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:52:05.802238 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 05:52:05.802370 0.000000 udp 10.0.2.109 3683 -> 69.73.223.183 3042 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:52:21.906798 0.034572 tcp 10.0.2.109 51309 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:52:21.941709 0.035935 tcp 10.0.2.109 51310 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:52:21.977921 0.137478 tcp 10.0.2.109 51311 -> 195.113.214.249 443 SRPA* 0 0 27 11250 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:52:22.115898 0.000000 udp 10.0.2.109 3683 -> 77.242.53.194 9893 INT 0 1 197 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:52:39.790960 0.032146 tcp 10.0.2.109 51312 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:52:39.823387 0.036429 tcp 10.0.2.109 51313 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:52:39.860130 0.133375 tcp 10.0.2.109 51314 -> 195.113.214.249 443 SRPA* 0 0 49 42442 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:52:39.994183 0.000000 udp 10.0.2.109 3683 -> 115.241.208.4 2650 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:52:57.826899 0.031912 tcp 10.0.2.109 51315 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:52:57.859128 0.031996 tcp 10.0.2.109 51316 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:52:57.891432 0.128878 tcp 10.0.2.109 51317 -> 195.113.214.249 443 SRPA* 0 0 38 18488 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:52:58.020818 0.015863 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:52:58.061950 0.150922 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:52:58.211095 0.168106 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:52:58.603446 0.178463 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:52:58.760273 0.179777 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:52:58.931573 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 192 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:53:15.673281 0.032309 tcp 10.0.2.109 51318 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:53:15.705886 0.036393 tcp 10.0.2.109 51319 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:53:15.742538 0.123684 tcp 10.0.2.109 51320 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:53:15.866749 0.062400 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2122 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:15.914676 0.193876 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:16.100120 0.237224 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:16.300733 0.061755 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:16.387237 0.099905 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:16.447838 0.170621 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:16.750750 0.176517 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:16.904562 0.190606 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:17.091866 0.172287 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:17.260828 0.347915 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:17.604883 0.111464 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:17.678339 0.106738 udp 10.0.2.109 3683 <-> 91.6.17.217 5333 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:17.746520 0.146325 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:17.856180 0.178247 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2573 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:18.017559 0.143564 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:18.152110 0.000000 udp 10.0.2.109 3683 -> 123.203.24.77 7236 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:53:35.431402 0.034478 tcp 10.0.2.109 51321 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:53:35.466339 0.032811 tcp 10.0.2.109 51322 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:53:35.499535 0.141528 tcp 10.0.2.109 51323 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:53:35.641605 0.018540 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:35.704442 1.337739 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:37.008603 0.055145 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2475 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:37.081810 0.114813 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2047 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:37.154747 0.056913 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:37.246947 0.042077 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:37.290260 0.178379 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:37.446239 0.138716 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:37.546690 0.087867 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2038 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:37.657149 0.000000 udp 10.0.2.109 3683 -> 124.121.115.56 5867 INT 0 1 144 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:53:56.031366 0.031465 tcp 10.0.2.109 51324 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:53:56.063130 0.040883 tcp 10.0.2.109 51325 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:53:56.104373 0.135529 tcp 10.0.2.109 51326 -> 195.113.214.249 443 SRPA* 0 0 42 23376 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:53:56.238952 0.120146 udp 10.0.2.109 3683 <-> 86.139.0.10 3180 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:53:56.308563 0.000000 udp 10.0.2.109 3683 -> 218.145.118.18 9278 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:54:11.513092 0.032429 tcp 10.0.2.109 51327 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:54:11.545781 0.049300 tcp 10.0.2.109 51328 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:54:11.595389 0.133733 tcp 10.0.2.109 51329 -> 195.113.214.249 443 SRPA* 0 0 42 22882 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:54:11.729790 0.000000 udp 10.0.2.109 3683 -> 119.234.155.27 5726 INT 0 1 190 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:54:13.840204 3.000131 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 05:54:20.846126 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:54:26.955270 0.032724 tcp 10.0.2.109 51330 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:54:26.988350 0.033097 tcp 10.0.2.109 51331 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:54:27.021752 0.134466 tcp 10.0.2.109 51332 -> 195.113.214.249 443 SRPA* 0 0 24 13258 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:54:27.156737 0.094316 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:54:27.230476 0.000000 udp 10.0.2.109 3683 -> 92.231.18.50 4643 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 05:54:28.847465 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:54:44.850069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:54:45.912925 0.035775 tcp 10.0.2.109 51333 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:54:45.949032 0.033322 tcp 10.0.2.109 51334 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:54:45.982671 0.124110 tcp 10.0.2.109 51335 -> 195.113.214.249 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/26 05:54:46.107285 0.003160 udp 10.0.2.109 3683 <-> 81.19.39.6 5102 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:54:46.154220 0.055167 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:54:46.210813 0.072996 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:54:46.266384 0.043824 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:54:46.313328 0.485407 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/26 05:55:16.856404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 05:58:34.972318 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 05:58:34.972431 0.538213 tcp 10.0.2.109 51336 -> 176.73.169.112 1959 FSPA* 0 0 15 1640 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:01:20.863174 3.000391 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 06:01:27.870330 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:01:35.871487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:01:51.874574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:02:23.880105 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:08:27.886821 3.001661 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 06:08:34.893470 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:08:42.895036 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:08:58.898832 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:09:30.903953 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:15:34.910494 3.001531 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 06:15:41.918510 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:15:49.924667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:16:05.922509 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:16:37.927978 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:22:41.935276 3.000891 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 06:22:48.941965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:22:56.943354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:23:12.947719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:23:44.952657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:25:07.161098 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 06:25:07.161228 0.058701 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:25:07.210954 0.000000 udp 10.0.2.109 3683 -> 123.203.24.77 7236 INT 0 1 229 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 06:25:23.636090 0.033814 tcp 10.0.2.109 51337 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:25:23.670372 0.032209 tcp 10.0.2.109 51338 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:25:23.702870 0.159770 tcp 10.0.2.109 51339 -> 195.113.214.249 443 SRPA* 0 0 49 42348 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:25:23.863173 0.000000 udp 10.0.2.109 3683 -> 124.121.115.56 5867 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 06:25:40.729505 0.031514 tcp 10.0.2.109 51340 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:25:40.761279 0.033031 tcp 10.0.2.109 51341 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:25:40.794639 0.201815 tcp 10.0.2.109 51342 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:25:40.997125 0.000000 udp 10.0.2.109 3683 -> 218.145.118.18 9278 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 06:25:56.141615 0.032313 tcp 10.0.2.109 51343 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:25:56.174253 0.036488 tcp 10.0.2.109 51344 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:25:56.211066 0.154901 tcp 10.0.2.109 51345 -> 195.113.214.249 443 SRPA* 0 0 33 19424 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:25:56.366595 0.696381 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:25:56.843293 0.000000 udp 10.0.2.109 3683 -> 92.231.18.50 4643 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 06:26:12.204545 0.033633 tcp 10.0.2.109 51346 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:26:12.238544 0.033820 tcp 10.0.2.109 51347 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:26:12.272671 0.128052 tcp 10.0.2.109 51348 -> 195.113.214.249 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:26:12.401280 0.150405 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:12.549604 0.168414 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:12.726746 0.180289 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2535 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:12.885625 0.014468 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:12.910021 0.179307 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:13.083156 0.166763 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:13.244654 0.102702 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:13.316143 0.235722 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:13.515005 0.068135 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:13.568328 0.054352 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:13.625062 0.191222 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2086 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:13.809592 0.107043 udp 10.0.2.109 3683 <-> 91.6.17.217 5333 CON 0 0 6 2139 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:13.876908 0.147839 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:13.986660 0.191383 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2603 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:14.175472 0.176385 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:14.328074 0.187355 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:14.475553 0.353152 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:14.824921 0.178010 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:14.998387 0.142134 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:15.136211 0.173172 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:15.294932 0.016861 rtp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:15.338182 0.180784 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:15.495410 0.135827 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:15.592499 0.090583 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:15.858549 0.119304 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:15.932181 0.057315 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2095 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:16.002489 1.417478 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2471 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:17.382013 0.058653 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 1964 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:17.447461 0.079471 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:17.514206 0.120362 rtp 10.0.2.109 3683 <-> 86.139.0.10 3180 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:17.582883 0.099503 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2377 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:17.658683 0.071174 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:17.714766 0.049542 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:17.762570 0.497461 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:18.261331 0.002788 udp 10.0.2.109 3683 <-> 81.19.39.6 5102 CON 0 0 6 2334 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:26:18.311361 0.055000 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:28:35.515449 0.015264 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 06:28:35.530789 0.592639 tcp 10.0.2.109 51349 -> 176.73.169.112 1959 FSPA* 0 0 14 1618 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:29:48.958220 3.002639 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 06:29:55.966882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:30:03.967428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:30:19.970199 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:30:51.976142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:36:55.982029 3.001992 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 06:37:02.989685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:37:10.991255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:37:26.994413 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:37:59.000487 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:44:03.006442 3.001175 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 06:44:10.013756 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:44:18.014925 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:44:34.018041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:45:06.024113 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:51:10.030664 3.001472 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 06:51:17.038057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:51:25.039089 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:51:41.044740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:52:13.047714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:56:26.593161 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 06:56:26.593275 0.051431 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:26.642565 0.804987 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:27.168003 0.150951 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:27.329708 0.169099 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:27.512025 0.177965 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:27.668159 0.014159 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:27.708427 0.176048 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:27.876230 0.167858 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2438 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:28.053347 0.101581 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:28.117553 0.251522 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2056 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:28.335409 0.064263 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:28.477763 0.057938 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:28.596674 0.190714 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:28.780425 0.195926 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2149 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:28.973408 0.177952 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:29.126065 0.115487 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:29.201838 0.353700 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2162 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:29.551880 0.112905 udp 10.0.2.109 3683 <-> 91.6.17.217 5333 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:29.625291 0.142906 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:29.728499 0.237612 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:29.962217 0.151038 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:30.105918 0.175316 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:30.266021 0.000000 udp 10.0.2.109 3683 -> 78.45.85.30 3654 INT 0 1 264 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 06:56:48.666863 0.033737 tcp 10.0.2.109 51350 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:56:48.700905 0.035739 tcp 10.0.2.109 51351 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:56:48.736952 0.133572 tcp 10.0.2.109 51352 -> 195.113.214.249 443 SRPA* 0 0 25 13444 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:56:48.871006 0.180306 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:49.027780 0.137841 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:49.126344 0.089704 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:49.192094 0.118747 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:49.264206 0.057212 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2543 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:49.333253 1.441239 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:50.739897 0.056176 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:50.804895 0.045915 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:50.836955 0.128294 udp 10.0.2.109 3683 <-> 86.139.0.10 3180 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:50.914963 0.259958 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:51.152985 0.071005 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:51.215043 0.049787 rtp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2456 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:51.272354 0.055283 rtp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:51.351800 0.514262 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/26 06:56:51.874416 0.000000 udp 10.0.2.109 3683 -> 81.19.39.6 5102 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 06:57:07.902800 0.032476 tcp 10.0.2.109 51353 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:57:07.935567 0.037450 tcp 10.0.2.109 51354 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:57:07.973256 0.133694 tcp 10.0.2.109 51355 -> 195.113.214.249 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:58:17.053698 3.002985 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 06:58:24.061636 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:58:32.063156 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:58:36.109250 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 06:58:36.109366 0.521470 tcp 10.0.2.109 51356 -> 176.73.169.112 1959 FSPA* 0 0 14 1591 flow=From-Botnet-V1-TCP-Established 1970/02/26 06:58:48.065785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 06:59:20.073098 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:05:24.078204 3.001523 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 07:05:31.085723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:05:39.087576 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:05:55.090881 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:06:27.095958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:12:31.102090 3.001631 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 07:12:38.109502 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:12:46.111081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:13:02.114110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:13:34.120168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:19:38.126985 3.001053 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 07:19:45.133712 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:19:53.134804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:20:09.137751 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:20:41.143937 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:26:45.153439 2.998422 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 07:26:52.157534 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:27:00.159133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:27:16.162090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:27:30.513165 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 07:27:30.513265 0.021464 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:30.538365 0.000000 udp 10.0.2.109 3683 -> 81.19.39.6 5102 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 07:27:47.979539 0.032951 tcp 10.0.2.109 51357 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 07:27:48.012801 0.037553 tcp 10.0.2.109 51358 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 07:27:48.050644 0.141398 tcp 10.0.2.109 51359 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/26 07:27:48.167931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:27:48.192716 0.049371 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:48.243731 0.164363 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:48.409498 0.173934 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:48.561040 0.013838 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:48.611672 0.152750 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2622 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:48.842744 0.726674 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:49.331541 0.243069 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:49.560108 0.070832 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:49.614251 0.055862 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:49.671785 0.185555 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:49.849855 0.166496 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2469 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:50.010892 0.182135 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2384 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:50.184734 0.102660 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:50.247458 0.353405 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:50.633110 0.114583 udp 10.0.2.109 3683 <-> 91.6.17.217 5333 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:50.705941 0.145334 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:50.814897 0.175634 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:50.967608 0.115394 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:51.045370 0.196472 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:51.238883 0.140419 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:51.369743 0.176803 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2590 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:51.543415 0.202818 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:51.713224 0.087814 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:51.779609 0.117408 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2230 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:51.850442 0.054659 rtp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:51.907444 0.181992 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:52.065547 0.137216 udp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:52.163647 0.164607 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2124 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:52.329509 1.273818 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:53.565103 0.092017 rtp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2048 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:53.644723 0.043174 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:53.713753 0.058034 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:53.772916 0.076989 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:53.833508 0.098751 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:53.909908 0.118144 udp 10.0.2.109 3683 <-> 86.139.0.10 3180 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:27:53.980324 0.433055 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:28:36.643801 0.537565 tcp 10.0.2.109 51360 -> 176.73.169.112 1959 FSPA* 0 0 14 1721 flow=From-Botnet-V1-TCP-Established 1970/02/26 07:33:52.174650 3.000690 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 07:33:59.181598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:34:07.183075 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:34:23.185907 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:34:55.192151 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:40:59.197988 3.003296 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 07:41:06.205647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:41:14.206927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:41:30.209829 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:42:02.216021 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:48:06.221482 3.002071 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 07:48:13.229469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:48:21.231219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:48:37.234017 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:49:09.240142 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:55:13.246196 3.001585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 07:55:20.255431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:55:28.254883 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:55:44.257767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:56:16.263768 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 07:58:00.283802 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 07:58:00.283964 0.020008 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:00.305730 0.173648 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:00.458772 0.013954 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:00.499893 0.151032 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:00.648633 0.052224 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:00.698523 0.171040 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:00.868252 0.725403 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:01.334820 0.244208 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:01.543691 0.069815 rtcp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:01.596304 0.054935 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:01.677465 0.181551 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:01.851154 0.136422 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:01.950719 0.353593 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:02.300779 0.112637 udp 10.0.2.109 3683 <-> 91.6.17.217 5333 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:02.370330 0.128370 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:02.590383 0.169945 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:02.752852 0.000000 udp 10.0.2.109 3683 -> 108.70.165.164 4638 INT 0 1 226 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 07:58:19.974459 0.033911 tcp 10.0.2.109 51361 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 07:58:20.008624 0.033231 tcp 10.0.2.109 51362 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 07:58:20.042239 0.120120 tcp 10.0.2.109 51363 -> 195.113.214.249 443 SRPA* 0 0 32 24688 flow=From-Botnet-V1-TCP-Established 1970/02/26 07:58:20.162925 0.179948 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:20.322462 0.115486 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:20.401468 0.197889 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:20.596628 0.144159 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:20.730773 0.172592 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2457 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:20.899444 0.178302 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:21.060854 0.124092 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:21.203075 0.119342 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:21.275757 0.144725 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:21.382553 0.160321 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:21.544190 0.055084 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:21.608223 0.180634 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:21.765758 0.381291 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2560 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:22.108562 0.042701 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:22.154069 0.049443 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2120 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:22.201748 0.055796 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:22.268137 0.072293 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:22.325867 0.419891 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:22.754279 0.099948 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:22.829591 0.122435 udp 10.0.2.109 3683 <-> 86.139.0.10 3180 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/26 07:58:37.176849 2.049412 tcp 10.0.2.109 51364 -> 176.73.169.112 1959 FSPA* 0 0 14 1646 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:02:20.271532 2.999972 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 08:02:27.282218 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:02:35.278614 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:02:51.283650 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:03:23.288286 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:09:27.293808 3.001635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 08:09:34.301428 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:09:42.302754 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:09:58.305909 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:10:30.311931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:16:34.317913 3.001335 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 08:16:41.325350 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:16:49.327237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:17:05.329804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:17:37.335468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:23:41.341754 3.006876 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 08:23:48.349317 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:23:56.350685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:24:12.353767 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:24:44.359709 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:28:30.995666 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 08:28:30.995816 0.181690 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:31.168255 0.013527 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:31.247635 0.150171 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:31.396414 0.051752 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:31.446227 0.020115 rtp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:31.480043 0.179917 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:31.637159 0.699571 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:32.096894 0.253802 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:32.313807 0.168987 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:32.484395 0.055324 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:32.547796 0.190983 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:32.731324 0.071262 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:32.786264 0.149047 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:32.895278 0.170134 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2338 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:33.065794 0.104721 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:33.130060 0.355003 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:33.481053 0.117152 udp 10.0.2.109 3683 <-> 91.6.17.217 5333 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:33.556891 0.176964 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:33.712209 0.120571 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:33.792760 0.203096 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2394 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:33.992102 0.224592 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:34.196850 0.088064 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:34.301139 0.118027 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:34.373837 0.162172 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:34.495521 0.152766 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:34.657005 0.085288 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:34.750874 0.180704 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:34.908286 0.179947 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:35.085209 0.179508 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2285 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:35.249081 0.917163 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:36.130775 0.045467 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:36.163389 0.043549 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:36.205444 0.058235 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:36.276121 0.074261 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:36.334236 0.432970 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:36.778619 0.097363 rtp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2036 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:36.855250 0.119083 udp 10.0.2.109 3683 <-> 86.139.0.10 3180 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:28:39.228140 0.624877 tcp 10.0.2.109 51365 -> 176.73.169.112 1959 FSPA* 0 0 14 1554 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:30:48.367307 3.000293 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 08:30:55.373372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:31:03.377267 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:31:19.377647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:31:51.383705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:37:55.392230 2.999174 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 08:38:02.397115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:38:10.398669 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:38:26.401643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:38:58.407746 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:45:02.414183 3.001259 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 08:45:09.420984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:45:17.422813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:45:33.425633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:46:05.431815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:52:09.437665 3.001825 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 08:52:16.446543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:52:24.446573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:52:40.449659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:53:12.455649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:58:39.856673 0.000090 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 08:58:39.856867 0.591204 tcp 10.0.2.109 51366 -> 176.73.169.112 1959 FSPA* 0 0 15 1551 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:58:46.806548 0.145448 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2383 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:58:46.950485 0.044603 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:58:47.009411 0.018449 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:58:47.027743 0.178434 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:58:47.185481 0.000000 udp 10.0.2.109 3683 -> 108.70.165.164 4638 INT 0 1 263 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 08:59:03.021324 0.034575 tcp 10.0.2.109 51367 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:59:03.056158 0.033495 tcp 10.0.2.109 51368 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:59:03.089915 0.107966 tcp 10.0.2.109 51369 -> 195.113.214.249 443 SRPA* 0 0 33 23703 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:59:03.198661 0.013550 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:03.834932 0.967456 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:04.682635 0.255159 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:05.063999 0.168030 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2588 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:05.306225 0.055879 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:05.649254 0.187587 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:06.128303 0.070963 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:06.257460 0.137664 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:06.357572 0.164945 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:06.514796 0.103642 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:06.748695 0.354610 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:07.511730 0.000000 udp 10.0.2.109 3683 -> 91.6.17.217 5333 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 08:59:16.461905 3.001103 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 08:59:23.469270 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:59:25.793186 0.031959 tcp 10.0.2.109 51370 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:59:25.825438 0.049215 tcp 10.0.2.109 51371 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:59:25.874970 0.149774 tcp 10.0.2.109 51372 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:59:26.025336 0.185070 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:26.185332 0.113422 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:26.261490 0.089908 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:26.329776 0.125467 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:26.408792 0.151658 rtp 10.0.2.109 3683 <-> 86.165.135.158 6597 CON 0 0 6 2081 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:26.522262 0.085555 rtp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:26.647243 0.082139 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:26.740011 0.196966 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2119 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:26.934381 0.145155 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:27.074955 0.177614 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:27.229443 0.172276 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:27.397788 0.176906 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:27.560326 0.049886 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2431 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:27.608530 0.078719 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:27.735262 0.069308 udp 10.0.2.109 3683 <-> 109.152.51.19 6508 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:27.790095 0.447177 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:28.245987 0.102197 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:28.324040 0.241737 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:28.533070 0.039934 rtp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/26 08:59:28.601718 0.000000 udp 10.0.2.109 3683 -> 86.139.0.10 3180 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 08:59:31.470635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 08:59:45.071154 0.034920 tcp 10.0.2.109 51373 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:59:45.106334 0.059542 tcp 10.0.2.109 51374 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:59:45.166242 0.124347 tcp 10.0.2.109 51375 -> 195.113.214.249 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/26 08:59:47.473566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:00:19.479845 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:06:23.485648 3.002297 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 09:06:30.493063 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:06:38.494633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:06:54.497665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:07:26.503541 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:13:30.510702 3.000593 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 09:13:37.516882 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:13:45.518342 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:14:01.521469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:14:33.527055 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:20:37.533552 3.001578 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 09:20:44.540879 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:20:52.542716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:21:08.545544 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:21:40.551337 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:27:44.558338 3.000845 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 09:27:51.564945 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:27:59.566083 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:28:15.569422 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:28:40.455776 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 09:28:40.455981 0.699870 tcp 10.0.2.109 51376 -> 176.73.169.112 1959 FSPA* 0 0 14 1517 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:28:47.575469 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:30:10.665449 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 09:30:10.665632 0.181196 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:30:10.842820 0.000000 udp 10.0.2.109 3683 -> 91.6.17.217 5333 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 09:30:29.123732 0.032707 tcp 10.0.2.109 51377 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:30:29.156727 0.052192 tcp 10.0.2.109 51378 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:30:29.209219 0.154805 tcp 10.0.2.109 51379 -> 195.113.214.249 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:30:29.364562 0.000000 udp 10.0.2.109 3683 -> 86.139.0.10 3180 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 09:30:46.587134 0.032719 tcp 10.0.2.109 51380 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:30:46.620110 0.052696 tcp 10.0.2.109 51381 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:30:46.673119 0.130858 tcp 10.0.2.109 51382 -> 195.113.214.249 443 SRPA* 0 0 24 13352 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:30:46.827591 0.179954 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:30:46.985888 0.150934 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:30:47.137467 0.020934 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:30:47.159537 0.110071 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:30:47.260956 0.014042 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:30:47.305835 0.679825 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:30:47.788194 0.055856 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:30:47.845589 0.168687 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:30:48.016927 0.000000 udp 10.0.2.109 3683 -> 69.108.73.253 6433 INT 0 1 189 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 09:31:06.115342 0.032879 tcp 10.0.2.109 51383 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:31:06.148520 0.052331 tcp 10.0.2.109 51384 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:31:06.201161 0.157839 tcp 10.0.2.109 51385 -> 195.113.214.249 443 SRPA* 0 0 41 23322 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:31:06.359399 0.100398 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2072 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:06.421133 0.165932 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:06.581443 0.184865 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:06.759013 0.144374 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:06.866619 0.092583 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:06.942735 0.347941 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:07.286479 0.179647 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:07.443731 0.091569 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2229 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:07.547387 0.125960 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2459 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:07.626513 0.000000 udp 10.0.2.109 3683 -> 86.165.135.158 6597 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 09:31:22.789257 0.033689 tcp 10.0.2.109 51386 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:31:22.823225 0.135200 tcp 10.0.2.109 51387 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:31:22.958768 0.127734 tcp 10.0.2.109 51388 -> 195.113.214.249 443 SRPA* 0 0 24 13884 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:31:23.087046 0.114755 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2527 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:23.942369 0.117989 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:24.115468 0.113137 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:24.229613 0.140330 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:24.365355 0.179688 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2428 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:24.523360 0.194327 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:24.709712 0.176067 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:25.016887 0.050241 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:25.120472 0.120090 rtp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:25.302688 0.000000 udp 10.0.2.109 3683 -> 109.152.51.19 6508 INT 0 1 164 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 09:31:40.594964 0.039326 tcp 10.0.2.109 51389 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:31:40.634594 0.051137 tcp 10.0.2.109 51390 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:31:40.685992 0.132574 tcp 10.0.2.109 51391 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 09:31:40.819180 0.197034 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:41.013728 0.038490 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:41.039070 0.096393 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2039 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:41.114624 0.427637 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:31:41.545131 0.267776 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2126 flow=From-Botnet-V1-UDP-Established 1970/02/26 09:34:51.581247 3.021942 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 09:34:58.608626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:35:06.610372 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:35:22.613485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:35:54.619339 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:41:58.625388 3.001964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 09:42:05.632955 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:42:13.634312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:42:29.637295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:43:01.643774 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:49:05.649073 3.002005 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 09:49:12.656859 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:49:20.658624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:49:36.660730 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:50:08.667289 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:56:12.674072 3.004729 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 09:56:19.680351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:56:27.683255 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:56:43.685760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:57:15.691426 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 09:58:41.154852 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 09:58:41.154962 0.573059 tcp 10.0.2.109 51392 -> 176.73.169.112 1959 FSPA* 0 0 14 1651 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:06.129443 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 10:02:06.129624 0.241729 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:02:06.338703 0.000000 udp 10.0.2.109 3683 -> 86.165.135.158 6597 INT 0 1 96 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 10:02:22.614714 0.032550 tcp 10.0.2.109 51393 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:22.647556 0.050797 tcp 10.0.2.109 51394 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:22.698667 0.129827 tcp 10.0.2.109 51395 -> 195.113.214.249 443 SRPA* 0 0 24 12594 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:22.829091 0.000000 udp 10.0.2.109 3683 -> 109.152.51.19 6508 INT 0 1 273 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 10:02:39.347095 0.033606 tcp 10.0.2.109 51396 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:39.380999 0.115076 tcp 10.0.2.109 51397 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:39.496410 0.130168 tcp 10.0.2.109 51398 -> 195.113.214.249 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:39.627129 0.175248 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:02:39.792317 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 163 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 10:02:55.971259 0.033274 tcp 10.0.2.109 51399 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:56.004372 0.051689 tcp 10.0.2.109 51400 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:56.056357 0.181661 tcp 10.0.2.109 51401 -> 195.113.214.249 443 SRPA* 0 0 24 12632 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:02:56.238780 0.014473 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:02:56.673351 0.785558 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:02:57.876438 0.055396 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:02:59.089070 0.151425 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2567 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:02:59.284130 0.016982 rtp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:02:59.694329 0.176910 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:02:59.949212 0.167739 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:00.243907 0.168948 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:00.430633 0.106052 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:00.510574 0.190476 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:01.560028 0.177219 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:01.919370 0.092408 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:02.732830 0.114350 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 1980 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:02.808962 0.148766 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2098 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:04.187908 0.352952 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:04.536942 0.073811 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:04.821016 0.056342 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:05.076081 0.140979 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:05.270990 0.181071 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:05.428488 0.217438 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2159 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:05.642259 0.057340 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2101 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:05.785457 0.118196 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:05.864182 0.055303 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:05.994518 0.052026 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:06.073886 0.173618 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:06.649524 0.099592 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:06.832735 0.421519 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2440 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:07.648604 0.177462 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2170 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:07.791431 0.192838 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:09.483340 0.040510 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:03:19.698718 3.000098 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 10:03:26.704789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:03:34.706162 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:03:50.709351 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:04:22.715194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:10:26.722465 3.000536 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 10:10:33.728498 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:10:41.730358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:10:57.735161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:11:29.739309 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:17:33.745384 3.002017 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 10:17:40.752689 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:17:48.754135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:18:04.756705 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:18:36.763236 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:24:40.769363 3.001549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 10:24:47.776910 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:24:55.778069 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:25:11.787685 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:25:43.786659 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:28:41.735496 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 10:28:41.735604 0.786820 tcp 10.0.2.109 51402 -> 176.73.169.112 1959 FSPA* 0 0 15 1654 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:31:47.793656 3.014874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 10:31:54.810831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:32:02.812034 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:32:18.815002 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:32:50.821272 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:33:30.408449 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 10:33:30.408567 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 117 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 10:33:48.336552 0.032766 tcp 10.0.2.109 51403 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:33:48.369593 0.100830 tcp 10.0.2.109 51404 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:33:48.470671 0.137660 tcp 10.0.2.109 51405 -> 195.113.214.249 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 10:33:48.608952 0.253876 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:48.826932 0.181411 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2322 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:49.001105 0.014242 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:49.039815 0.729596 rtp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:49.510372 0.017245 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:49.529039 0.056577 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:49.592783 0.151647 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:49.743688 0.176387 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:49.899432 0.168648 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:50.070396 0.170904 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:50.238770 0.103252 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:50.304311 0.186766 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2103 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:50.482068 0.176719 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:50.634621 0.090119 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:50.700150 0.117710 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:50.780644 0.149157 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:50.892674 0.355116 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:51.243442 0.070647 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:51.297191 0.179927 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:51.455887 0.182192 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:51.635055 0.104578 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:51.741019 0.115674 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2151 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:51.817112 0.105403 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:51.931861 0.134937 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:52.062624 0.104596 udp 10.0.2.109 3683 <-> 188.129.248.221 1192 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:52.168121 0.048693 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:52.215535 0.174006 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:52.375178 0.101280 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:52.454305 0.408451 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:52.864061 0.182183 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2157 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:53.009458 0.191500 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:33:53.198499 0.079225 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2289 flow=From-Botnet-V1-UDP-Established 1970/02/26 10:38:54.828331 3.010697 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 10:39:01.844604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:39:09.845958 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:39:25.849184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:39:57.855141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:46:01.861939 3.000964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 10:46:08.868629 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:46:16.870484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:46:32.873370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:47:04.879284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:53:08.885283 3.001443 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 10:53:15.892714 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:53:23.897789 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:53:39.897224 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:54:11.903234 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 10:58:42.522710 0.000142 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 10:58:42.522951 0.600596 tcp 10.0.2.109 51406 -> 176.73.169.112 1959 FSPA* 0 0 14 1629 flow=From-Botnet-V1-TCP-Established 1970/02/26 11:00:15.909791 3.001117 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 11:00:22.919431 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:00:30.918284 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:00:46.921070 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:01:18.927051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:04:16.011916 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 11:04:16.012071 0.257205 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2516 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:16.232395 0.740733 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:16.711151 0.021534 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:16.745642 0.055343 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:16.802561 0.150944 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:16.951348 0.179966 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:17.124353 0.014389 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:17.183673 0.177568 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2153 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:17.342606 0.170807 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2110 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:17.508557 0.166482 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:17.668649 0.100179 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:17.732525 0.192034 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:17.916000 0.175330 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:18.069916 0.090466 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:18.186043 0.118594 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:18.257987 0.156624 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:18.374378 0.347565 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2347 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:18.750383 0.070739 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:18.802579 0.179896 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:18.958467 0.241043 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:19.197094 0.065956 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2094 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:19.356934 0.118906 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:19.437308 0.070710 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:19.516607 0.139542 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:19.648035 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 11:04:36.372810 0.032559 tcp 10.0.2.109 51407 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 11:04:36.405678 0.051537 tcp 10.0.2.109 51408 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 11:04:36.457559 0.135846 tcp 10.0.2.109 51409 -> 195.113.214.249 443 SRPA* 0 0 40 22642 flow=From-Botnet-V1-TCP-Established 1970/02/26 11:04:36.594011 0.044515 rtp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:36.647792 0.176435 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2060 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:36.808945 0.099619 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:36.886350 0.185923 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2117 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:37.070133 0.046223 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:37.102654 0.432035 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:04:37.537208 0.641861 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:07:22.933380 3.011209 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 11:07:29.949884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:07:37.952114 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:07:53.955130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:08:25.961237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:14:29.967274 3.001557 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 11:14:36.974891 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:14:44.975948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:15:00.978927 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:15:32.984950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:21:36.990872 3.004573 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 11:21:43.998554 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:21:51.999749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:22:08.003115 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:22:40.009023 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:28:43.131852 0.000066 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 11:28:43.131974 0.501897 tcp 10.0.2.109 51410 -> 176.73.169.112 1959 FSPA* 0 0 14 1497 flow=From-Botnet-V1-TCP-Established 1970/02/26 11:28:44.015471 3.000600 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 11:28:51.022582 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:28:59.024074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:29:15.026956 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:29:47.033249 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:34:48.576747 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 11:34:48.576856 0.000000 udp 10.0.2.109 3683 -> 188.129.248.221 1192 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 11:35:06.645019 0.055291 tcp 10.0.2.109 51411 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 11:35:06.700576 0.051564 tcp 10.0.2.109 51412 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 11:35:06.752514 0.132899 tcp 10.0.2.109 51413 -> 195.113.214.249 443 SRPA* 0 0 32 15946 flow=From-Botnet-V1-TCP-Established 1970/02/26 11:35:06.886042 0.022265 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:06.935558 0.055705 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:06.992961 0.242113 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:07.199652 0.575843 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:07.655234 0.182033 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2295 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:07.830577 0.014569 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:07.882722 0.173297 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2020 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:08.037072 0.170947 udp 10.0.2.109 3683 <-> 24.243.191.221 8815 CON 0 0 6 2462 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:08.205051 0.149997 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:08.354944 0.105163 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:08.419624 0.166038 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:08.579478 0.090750 udp 10.0.2.109 3683 <-> 86.160.105.57 6148 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:08.694444 0.121297 rtcp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:08.773631 0.147614 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:08.886314 0.354088 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:09.236890 0.072391 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:09.291996 0.178476 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:09.446145 0.185915 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:09.625299 0.115367 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:09.704110 0.062170 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:09.772946 0.152480 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2106 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:09.919887 0.180720 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2508 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:10.077985 0.180473 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:10.255480 0.061342 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:10.318015 0.043090 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:10.359676 0.176870 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2387 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:10.520851 0.071905 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2615 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:10.580399 0.418294 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:10.999987 0.097839 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:11.073801 0.196278 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:11.267386 0.361062 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/26 11:35:51.038493 3.013451 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 11:35:58.057771 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:36:06.057695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:36:22.061032 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:36:54.066818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:42:58.073712 3.000842 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 11:43:05.081116 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:43:13.082332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:43:29.085455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:44:01.091139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:50:05.097705 3.000284 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 11:50:12.104311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:50:20.105900 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:50:36.108461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:51:08.114948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:57:12.123849 2.998939 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 11:57:19.128282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:57:27.129866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:57:43.133445 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:58:15.138887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 11:58:43.640663 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 11:58:43.640913 0.509761 tcp 10.0.2.109 51414 -> 176.73.169.112 1959 FSPA* 0 0 13 1591 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:04:19.147616 2.998592 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 12:04:26.152461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:04:34.153866 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:04:50.158887 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:05:16.128951 0.000083 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 12:05:16.129162 0.244295 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:16.340854 0.571884 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2470 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:16.791342 0.181587 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:16.964840 0.013813 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:17.013299 0.016455 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:17.042196 0.055087 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:17.112584 0.177299 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:17.270360 0.000000 udp 10.0.2.109 3683 -> 24.243.191.221 8815 INT 0 1 145 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 12:05:22.162665 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:05:33.130695 0.032934 tcp 10.0.2.109 51415 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:05:33.164019 0.033590 tcp 10.0.2.109 51416 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:05:33.197971 0.131244 tcp 10.0.2.109 51417 -> 195.113.214.249 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:05:33.329784 0.150482 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:33.481526 0.097272 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:33.542642 0.169532 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:33.706185 0.000000 udp 10.0.2.109 3683 -> 86.160.105.57 6148 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 12:05:52.136299 0.032543 tcp 10.0.2.109 51418 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:05:52.169126 0.036254 tcp 10.0.2.109 51419 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:05:52.205686 0.129028 tcp 10.0.2.109 51420 -> 195.113.214.249 443 SRPA* 0 0 23 12540 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:05:52.335398 0.123298 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:52.407520 0.152528 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:52.522766 0.347533 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:52.865955 0.073208 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:52.922304 0.176344 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:53.074366 0.186666 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:53.253151 0.121118 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:53.331827 0.055634 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:53.414601 0.144210 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:53.553150 0.180856 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:53.710713 0.175268 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2111 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:53.881757 0.055573 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:53.954862 0.049513 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:54.031143 0.174801 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:54.189596 0.043033 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2193 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:54.245953 0.192730 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:54.435531 0.209546 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:54.607955 0.442648 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2326 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:05:55.051718 0.097869 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:11:26.169672 3.000886 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 12:11:33.176049 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:11:41.177649 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:11:57.180688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:12:29.186778 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:18:33.197746 2.996882 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 12:18:40.200497 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:18:48.202051 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:19:04.204701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:19:36.210954 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:25:40.217896 3.000338 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 12:25:47.224146 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:25:55.225675 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:26:11.228563 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:26:43.234760 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:28:44.158490 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 12:28:44.158597 0.535877 tcp 10.0.2.109 51421 -> 176.73.169.112 1959 FSPA* 0 0 15 1604 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:32:47.242092 3.014333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 12:32:54.258311 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:33:02.259457 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:33:18.262719 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:33:50.268585 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:36:04.902939 0.107381 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 12:36:05.010493 0.000000 udp 10.0.2.109 3683 -> 24.243.191.221 8815 INT 0 1 168 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 12:36:20.717310 0.054166 tcp 10.0.2.109 51422 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:36:20.771772 0.041477 tcp 10.0.2.109 51423 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:36:20.813547 0.127251 tcp 10.0.2.109 51424 -> 195.113.214.249 443 SRPA* 0 0 25 12686 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:36:20.941582 0.000000 udp 10.0.2.109 3683 -> 86.160.105.57 6148 INT 0 1 253 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 12:36:38.391026 0.043070 tcp 10.0.2.109 51425 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:36:38.434467 0.033025 tcp 10.0.2.109 51426 -> 195.113.214.249 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:36:38.467749 0.132291 tcp 10.0.2.109 51427 -> 195.113.214.249 443 SRPA* 0 0 40 21314 flow=From-Botnet-V1-TCP-Established 1970/02/26 12:36:38.601060 0.241384 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:38.805185 0.708099 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:39.272592 0.055128 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:39.329290 0.173465 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:39.481788 0.014792 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 1979 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:39.525387 0.184700 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2371 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:39.702987 0.016969 udp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:39.735813 0.104959 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:39.800733 0.150317 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:39.949630 0.169136 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2346 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:40.113167 0.123395 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:40.189761 0.141351 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:40.294659 0.353981 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:40.645076 0.070638 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:40.698503 0.176269 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:40.851635 0.185669 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.029700 0.114693 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.108183 0.057690 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2329 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.201045 0.137201 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2270 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.333459 0.181952 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.491865 0.171669 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2468 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.660689 0.055813 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.717696 0.044281 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.760128 0.175290 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.918851 0.041497 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2511 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:41.976027 0.198007 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2062 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:42.171283 0.399009 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:42.535042 0.438891 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2268 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:36:42.973817 0.100224 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2345 flow=From-Botnet-V1-UDP-Established 1970/02/26 12:39:54.278247 3.020340 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 12:40:01.291976 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:40:09.293708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:40:25.296621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:40:57.303118 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:47:01.308397 3.047832 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 12:47:08.336611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:47:16.327793 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:47:32.330677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:48:04.336995 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:54:08.352749 3.026478 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 12:54:15.370041 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:54:23.371624 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:54:39.374651 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:55:11.390821 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 12:58:44.697822 0.027435 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 12:58:44.725456 0.537996 tcp 10.0.2.109 51428 -> 176.73.169.112 1959 FSPA* 0 0 15 1730 flow=From-Botnet-V1-TCP-Established 1970/02/26 13:01:15.407160 3.022325 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 13:01:22.424489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:01:30.428807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:01:46.438764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:02:18.444748 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:07:02.393624 0.023838 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 13:07:02.417580 0.243538 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2557 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:02.624233 0.177203 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:02.780855 0.017262 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:02.816750 0.180592 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:02.990196 0.016218 rtp 10.0.2.109 3683 <-> 78.45.85.30 3654 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:03.039953 0.100917 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:03.103005 0.752090 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:03.592879 0.055529 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:03.649879 0.150601 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:03.798904 0.170885 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2125 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:03.962238 0.120972 rtp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:04.040864 0.137651 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:04.141779 0.353553 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:04.491567 0.071857 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:04.547353 0.176731 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:04.701516 0.186223 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:04.880085 0.119224 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:04.960017 0.056887 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:05.027166 0.140536 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:05.163640 0.178803 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:05.320948 0.230445 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2504 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:05.545913 0.054736 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:05.601935 0.048781 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:05.649475 0.191249 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2074 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:05.838465 0.383407 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:06.185043 0.173629 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:06.343742 0.045883 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:06.378626 0.408374 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:07:06.807015 0.099873 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:08:22.460960 3.021910 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 13:08:29.488357 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:08:37.489606 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:08:53.492893 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:09:25.499414 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:15:29.515426 3.029712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 13:15:36.532047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:15:44.543635 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:16:00.556780 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:16:32.579135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:22:36.589618 3.056759 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 13:22:43.621929 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:22:51.617676 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:23:07.620529 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:23:39.626503 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:28:45.257271 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 13:28:45.257386 0.502517 tcp 10.0.2.109 51429 -> 176.73.169.112 1959 FSPA* 0 0 14 1689 flow=From-Botnet-V1-TCP-Established 1970/02/26 13:29:43.632072 3.012506 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 13:29:50.649841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:29:58.651798 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:30:14.655053 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:30:46.660726 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:36:50.687347 3.000628 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 13:36:57.693968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:37:05.695737 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:37:10.052333 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 13:37:10.052511 0.045168 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2436 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:12.356681 0.363227 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2090 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:12.685525 0.178926 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:12.842887 0.850975 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:14.697663 0.000000 udp 10.0.2.109 3683 -> 78.45.85.30 3654 INT 0 1 280 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 13:37:21.698441 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:37:32.996838 0.001405 tcp 10.0.2.109 51430 -> 195.113.214.234 80 SPA_* 0 0 5 543 flow=From-Botnet-V1-TCP-Established 1970/02/26 13:37:39.000403 0.834800 tcp 10.0.2.109 51430 -> 195.113.214.234 80 RA_F* 0 0 4 1361 flow=From-Botnet-V1-TCP-Established 1970/02/26 13:37:39.835576 0.102229 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:39.900469 0.738923 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:40.397102 0.056097 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:40.553231 0.150849 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:40.706581 0.166610 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:40.881529 0.117824 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:40.953076 0.137296 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:41.050833 0.353691 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:41.400898 0.071742 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:41.456203 0.178120 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:41.610991 0.191704 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:41.794650 0.122913 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:41.878126 0.056632 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:41.936195 0.138057 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:42.075641 0.178571 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:42.230406 0.179475 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:42.406998 0.056212 udp 10.0.2.109 3683 <-> 82.211.185.55 4141 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:42.480826 0.043943 udp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2291 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:42.523358 0.196627 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:42.717447 0.051967 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:42.763627 0.444996 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2207 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:43.217314 1.394239 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:44.575324 0.173869 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:44.839043 0.096916 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/26 13:37:53.704704 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:43:57.710000 3.002705 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 13:44:04.718190 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:44:12.720344 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:44:28.722776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:45:00.728818 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:51:04.735293 3.015542 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 13:51:11.752421 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:51:19.753155 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:51:35.756565 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:52:07.762738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:58:11.769168 3.001359 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 13:58:18.776207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:58:26.777589 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:58:42.779980 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 13:58:45.755262 0.167218 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 13:58:45.922580 0.487035 tcp 10.0.2.109 51431 -> 176.73.169.112 1959 FSPA* 0 0 14 1615 flow=From-Botnet-V1-TCP-Established 1970/02/26 13:59:14.786795 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:05:18.791683 3.002580 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 14:05:25.799984 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:05:33.801641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:05:49.807133 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:06:21.810633 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:07:56.909732 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 14:07:56.909850 0.000000 udp 10.0.2.109 3683 -> 78.45.85.30 3654 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 14:08:12.701946 0.032987 tcp 10.0.2.109 51432 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:08:12.792171 0.011382 udp 10.0.2.109 58919 <-> 8.8.8.8 53 CON 0 0 2 386 flow=From-Botnet-V1-DNS 1970/02/26 14:08:12.804102 0.053187 tcp 10.0.2.109 51433 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:08:12.857529 0.128090 tcp 10.0.2.109 51434 -> 195.113.214.215 443 SRPA* 0 0 35 25271 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:08:12.986282 0.014057 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:13.002746 0.240282 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2071 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:13.209441 0.179868 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:13.367809 0.181267 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:13.539087 0.100240 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:13.603822 0.773713 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2135 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:14.158433 0.054762 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2364 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:14.215966 0.150873 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:14.461389 0.170101 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:14.670303 0.122949 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2356 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:14.746559 0.147787 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:14.856182 0.353355 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:15.205675 0.068872 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:15.258947 0.174800 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2174 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:15.411381 0.191243 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:15.595352 0.116962 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:15.673897 0.056269 udp 10.0.2.109 3683 <-> 176.73.111.215 5255 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:15.739610 0.138397 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:15.870370 0.177053 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:16.025794 0.179431 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:16.202291 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 14:08:35.073083 0.031603 tcp 10.0.2.109 51435 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:08:35.104977 0.053418 tcp 10.0.2.109 51436 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:08:35.158708 0.144247 tcp 10.0.2.109 51437 -> 195.113.214.215 443 SRPA* 0 0 43 34384 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:08:35.303517 0.241548 rtp 10.0.2.109 3683 <-> 93.223.104.112 4817 CON 0 0 6 2129 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:35.543598 0.193224 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2185 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:35.731905 0.041627 udp 10.0.2.109 3683 <-> 89.134.105.188 6184 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:35.787277 0.419737 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:36.215494 0.404406 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:36.583486 0.177210 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:08:36.743493 0.096263 rtp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:12:25.819817 3.008681 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 14:12:32.833848 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:12:40.835895 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:12:56.838752 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:13:28.844388 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:19:32.850781 3.001596 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 14:19:39.857824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:19:47.859394 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:20:03.862626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:20:35.867962 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:26:39.874419 3.001962 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 14:26:46.881776 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:26:54.883436 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:27:10.886721 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:27:42.892652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:28:46.254335 0.009780 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 14:28:46.264218 0.505774 tcp 10.0.2.109 51438 -> 176.73.169.112 1959 FSPA* 0 0 14 1695 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:33:46.902237 3.007326 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 14:33:53.916841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:34:01.917483 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:34:17.920273 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:34:49.925779 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:39:07.402335 0.000074 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 14:39:07.402485 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 259 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 14:39:23.970409 0.032878 tcp 10.0.2.109 51439 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:39:24.003503 0.052933 tcp 10.0.2.109 51440 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:39:24.056688 0.140364 tcp 10.0.2.109 51441 -> 195.113.214.215 443 SRPA* 0 0 21 13056 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:39:24.197621 0.177296 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:24.355324 0.178384 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:24.524204 0.104740 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:24.588345 0.013986 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:24.627644 2.803131 tcp 10.0.2.109 51442 -> 160.114.23.151 8940 FSPA* 0 0 837 718020 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:39:24.643302 0.241196 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:24.848372 0.055128 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2059 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:24.905239 0.150412 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:25.053502 0.170406 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:25.216419 0.721017 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:27.428118 0.125097 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2004 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:27.517248 0.124780 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2357 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:27.590989 0.178019 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:27.746026 0.186795 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:27.924655 0.115829 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:28.003035 0.000000 udp 10.0.2.109 3683 -> 176.73.111.215 5255 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 14:39:46.464002 0.031157 tcp 10.0.2.109 51443 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:39:46.495446 0.053372 tcp 10.0.2.109 51444 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:39:46.549122 0.145675 tcp 10.0.2.109 51445 -> 195.113.214.215 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:39:46.695815 0.065352 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2203 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:46.745374 0.353589 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:47.356922 0.144562 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:47.497339 0.178510 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:47.865146 0.173465 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:39:48.035701 0.000000 udp 10.0.2.109 3683 -> 93.223.104.112 4817 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 14:40:03.373913 0.031046 tcp 10.0.2.109 51446 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:40:03.405252 0.052634 tcp 10.0.2.109 51447 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:40:03.458295 0.151059 tcp 10.0.2.109 51448 -> 195.113.214.215 443 SRPA* 0 0 22 12484 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:40:03.610031 0.191091 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:40:03.798459 0.000000 udp 10.0.2.109 3683 -> 89.134.105.188 6184 INT 0 1 174 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 14:40:18.602965 0.032062 tcp 10.0.2.109 51449 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:40:18.635334 0.056100 tcp 10.0.2.109 51450 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:40:18.692268 0.143702 tcp 10.0.2.109 51451 -> 195.113.214.215 443 SRPA* 0 0 23 13204 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:40:18.836527 0.174017 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:40:18.994708 0.099071 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:40:19.069917 0.417333 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:40:19.495766 0.248806 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2202 flow=From-Botnet-V1-UDP-Established 1970/02/26 14:40:56.031043 2.960455 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 14:41:02.936842 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:41:10.819506 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:41:26.598332 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:41:58.155195 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:48:00.967153 3.000778 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 14:48:07.974007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:48:15.975274 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:48:31.977801 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:49:03.984338 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:55:07.990608 3.011468 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 14:55:15.007604 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:55:23.009281 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:55:39.012849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:56:11.017739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 14:58:46.772610 0.000063 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 14:58:46.772721 3.004018 tcp 10.0.2.109 51452 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 14:58:55.775235 0.000000 tcp 10.0.2.109 51452 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 14:59:01.775846 0.047517 tcp 10.0.2.109 51453 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:59:01.823623 0.052741 tcp 10.0.2.109 51454 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:59:01.876631 0.140920 tcp 10.0.2.109 51455 -> 195.113.214.215 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/26 14:59:02.061292 2.997588 tcp 10.0.2.109 51456 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 14:59:11.064716 0.000000 tcp 10.0.2.109 51456 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:02:15.024686 3.023557 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 15:02:22.041770 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:02:30.043207 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:02:46.046708 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:03:18.533010 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:04:21.056863 0.284591 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:04:21.341565 2.944338 tcp 10.0.2.109 51457 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:04:30.209864 0.000000 tcp 10.0.2.109 51457 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:04:36.125886 0.053330 tcp 10.0.2.109 51458 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:04:36.179532 0.066209 tcp 10.0.2.109 51459 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:04:36.246207 0.140544 tcp 10.0.2.109 51460 -> 195.113.214.215 443 SRPA* 0 0 40 22016 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:04:37.704575 2.952079 tcp 10.0.2.109 51461 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:04:48.965045 0.000000 tcp 10.0.2.109 51461 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:09:25.186902 3.627807 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 15:09:32.766362 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:09:40.653241 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:09:54.228747 0.000049 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:09:54.228843 2.962150 tcp 10.0.2.109 51462 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:09:59.151862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:10:03.108583 0.000000 tcp 10.0.2.109 51462 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:10:09.031242 0.355699 tcp 10.0.2.109 51463 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:10:09.387313 0.105502 tcp 10.0.2.109 51464 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:10:09.493114 0.140965 tcp 10.0.2.109 51465 -> 195.113.214.215 443 SRPA* 0 0 40 22434 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:10:09.795713 2.957316 tcp 10.0.2.109 51466 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:10:18.672584 0.000000 tcp 10.0.2.109 51466 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:10:27.930220 0.000000 udp 10.0.2.109 3683 -> 176.73.111.215 5255 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:10:31.044095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:10:43.935706 0.030740 tcp 10.0.2.109 51467 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:10:43.966711 0.053202 tcp 10.0.2.109 51468 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:10:44.020253 0.139181 tcp 10.0.2.109 51469 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:10:44.160054 0.000000 udp 10.0.2.109 3683 -> 93.223.104.112 4817 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:11:02.644427 0.030785 tcp 10.0.2.109 51470 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:11:02.675625 0.052978 tcp 10.0.2.109 51471 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:11:02.728885 0.141899 tcp 10.0.2.109 51472 -> 195.113.214.215 443 SRPA* 0 0 24 13428 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:11:02.871343 0.000000 udp 10.0.2.109 3683 -> 89.134.105.188 6184 INT 0 1 265 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:11:18.166401 0.060442 tcp 10.0.2.109 51473 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:11:18.227115 0.053140 tcp 10.0.2.109 51474 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:11:18.280599 0.143411 tcp 10.0.2.109 51475 -> 195.113.214.215 443 SRPA* 0 0 23 13334 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:11:18.424588 0.013788 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:18.496855 0.098809 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 1998 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:18.559580 0.181100 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2546 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:18.733505 0.176593 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:18.889201 0.150220 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2145 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:19.037085 0.055328 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2292 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:19.093812 0.233731 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:19.294728 0.169350 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2263 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:19.456615 0.186174 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:19.635275 0.112707 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:19.741691 0.154884 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:19.858108 0.176113 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2042 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:20.012298 0.117588 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2378 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:20.087266 1.088340 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:21.051373 0.069047 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:21.101078 0.145433 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2503 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:21.238531 0.353421 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2140 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:21.588745 0.179079 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2487 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:21.777890 0.245817 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:22.020301 0.190716 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:22.207959 1.448546 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:23.621879 0.100622 rtp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2241 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:23.704570 0.427547 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:24.156158 0.326338 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:24.510917 0.145302 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 8 2916 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:24.621396 0.343897 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 8 2989 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:24.955969 0.337990 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 8 3252 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:25.271411 0.298737 rtp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 8 3107 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:25.623645 0.216464 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 8 2843 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:25.890903 0.026242 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 8 2898 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:26.021668 0.434347 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 8 2947 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:26.423419 0.332496 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 8 3028 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:26.762876 0.350230 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 8 2950 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:27.106356 0.175425 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 8 2852 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:27.245170 0.258833 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 8 3105 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:27.466655 0.332176 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 8 3119 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:27.775870 0.190464 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 8 3351 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:27.918968 1.236987 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 8 3121 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:28.896045 0.100542 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 8 3051 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:29.103960 0.273753 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 8 2957 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:29.374134 0.703400 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 8 2877 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:30.074455 0.339505 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 8 2903 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:30.392238 0.335263 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 8 2966 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:30.724774 0.372893 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 8 3006 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:31.095223 0.163554 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 8 2971 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:31.236299 3.004470 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 8 3054 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:34.206802 0.436639 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 8 2903 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:34.608917 0.852231 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 8 2896 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:35.502311 0.000000 udp 10.0.2.109 3683 -> 2.32.110.161 5321 INT 0 1 224 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:11:41.167709 0.426955 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 8 3131 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:11:41.848338 0.000000 udp 10.0.2.109 3683 -> 200.105.227.246 4647 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:11:47.329371 0.000000 udp 10.0.2.109 3683 -> 201.184.116.95 7531 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:11:54.515703 0.000000 udp 10.0.2.109 3683 -> 83.110.251.135 3664 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:12:01.800701 0.000000 udp 10.0.2.109 3683 -> 78.182.174.191 9864 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:12:06.360041 0.000041 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:12:07.257542 0.000000 udp 10.0.2.109 3683 -> 5.87.94.78 1842 INT 0 1 268 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:12:14.474207 0.000000 udp 10.0.2.109 3683 -> 188.219.195.182 2989 INT 0 1 251 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:12:19.743886 0.000000 udp 10.0.2.109 3683 -> 66.64.32.179 3377 INT 0 1 233 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:12:27.780778 0.000000 udp 10.0.2.109 3683 -> 95.104.0.6 5934 INT 0 1 120 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:12:36.540266 0.000000 udp 10.0.2.109 3683 -> 93.64.105.234 2528 INT 0 1 212 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:12:42.807803 0.050442 udp 10.0.2.109 3683 <-> 87.246.251.13 8842 CON 0 0 8 3014 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:12:43.062572 0.000000 udp 10.0.2.109 3683 -> 188.29.7.184 3946 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:12:49.450649 0.000000 udp 10.0.2.109 3683 -> 173.247.172.2 7972 INT 0 1 244 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:12:54.192038 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:12:56.557286 0.000000 udp 10.0.2.109 3683 -> 181.48.72.249 5642 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:13:01.849339 0.000000 udp 10.0.2.109 3683 -> 24.221.254.146 8519 INT 0 1 162 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:13:08.371638 0.000000 udp 10.0.2.109 3683 -> 79.30.170.225 2653 INT 0 1 135 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:13:13.929282 0.000000 udp 10.0.2.109 3683 -> 92.61.58.85 4770 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:13:20.185832 0.000000 udp 10.0.2.109 3683 -> 184.59.68.140 3482 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:13:27.385323 0.000000 udp 10.0.2.109 3683 -> 71.200.195.28 2014 INT 0 1 191 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:13:32.803853 0.000000 udp 10.0.2.109 3683 -> 68.40.52.39 3708 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:13:41.100798 0.000000 udp 10.0.2.109 3683 -> 96.242.116.160 2564 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:13:45.722636 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:13:48.260300 0.000000 udp 10.0.2.109 3683 -> 213.121.2.38 5122 INT 0 1 158 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:13:55.981508 0.000000 udp 10.0.2.109 3683 -> 80.177.13.21 7301 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:14:01.509714 0.000000 udp 10.0.2.109 3683 -> 41.224.87.214 8167 INT 0 1 255 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:14:08.462513 0.000000 udp 10.0.2.109 3683 -> 81.130.201.148 8248 INT 0 1 185 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:14:15.739664 0.000000 udp 10.0.2.109 3683 -> 70.71.252.246 3885 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:14:21.943566 0.000000 udp 10.0.2.109 3683 -> 216.215.100.78 9206 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:14:27.822218 0.000000 udp 10.0.2.109 3683 -> 95.226.214.24 6126 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:14:32.337360 0.000061 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:14:34.981310 0.000000 udp 10.0.2.109 3683 -> 201.117.179.165 5459 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:14:42.064119 0.000000 udp 10.0.2.109 3683 -> 50.20.223.2 3536 INT 0 1 206 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:14:50.226507 0.103386 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 8 2986 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:14:50.619681 0.000000 udp 10.0.2.109 3683 -> 110.143.162.130 1156 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:14:58.355212 0.000000 udp 10.0.2.109 3683 -> 217.35.96.111 6817 INT 0 1 286 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:15:05.456650 0.530606 rtp 10.0.2.109 3683 <-> 108.78.185.247 1890 CON 0 0 8 3273 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:15:05.992355 0.630829 udp 10.0.2.109 3683 <-> 218.145.118.11 9278 CON 0 0 8 2836 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:15:06.681514 0.404354 udp 10.0.2.109 3683 <-> 76.199.116.206 4115 CON 0 0 8 2994 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:15:07.176144 0.000000 udp 10.0.2.109 3683 -> 87.18.153.61 5963 INT 0 1 116 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:15:12.315872 0.000000 udp 10.0.2.109 3683 -> 74.93.109.3 1075 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:15:20.721333 0.820142 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 8 3171 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:15:21.607228 0.995060 udp 10.0.2.109 3683 <-> 217.226.192.194 1251 CON 0 0 8 2725 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:15:22.684188 2.954193 tcp 10.0.2.109 51476 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:15:23.062030 0.000000 udp 10.0.2.109 3683 -> 82.211.185.55 4141 INT 0 1 299 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:15:25.292998 0.000043 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:15:29.267786 0.000000 udp 10.0.2.109 3683 -> 203.206.220.184 6369 INT 0 1 153 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:15:31.563744 0.000000 tcp 10.0.2.109 51476 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:15:36.759531 0.000000 udp 10.0.2.109 3683 -> 78.45.85.30 3654 INT 0 1 172 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:15:37.477708 0.037320 tcp 10.0.2.109 51477 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:15:37.515308 0.052693 tcp 10.0.2.109 51478 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:15:37.568264 0.143176 tcp 10.0.2.109 51479 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:15:37.736183 2.967329 tcp 10.0.2.109 51480 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:15:44.875460 0.000000 udp 10.0.2.109 3683 -> 190.94.255.61 5281 INT 0 1 193 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:15:46.616844 0.000000 tcp 10.0.2.109 51480 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:15:51.994237 0.000000 udp 10.0.2.109 3683 -> 176.101.143.30 3560 INT 0 1 149 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:15:58.730828 0.134709 udp 10.0.2.109 3683 <-> 193.90.52.69 9082 CON 0 0 8 3174 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:15:58.881393 0.447565 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 8 3112 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:15:59.338473 0.000000 udp 10.0.2.109 3683 -> 92.87.70.60 2801 INT 0 1 293 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:16:07.526405 0.000000 udp 10.0.2.109 3683 -> 87.24.189.153 4878 INT 0 1 165 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:16:13.371949 0.000000 udp 10.0.2.109 3683 -> 112.170.171.174 1003 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:16:19.198199 0.401194 rtp 10.0.2.109 3683 <-> 216.73.224.248 7429 CON 0 0 8 2882 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:16:19.647380 4.672239 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 3 965 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:16:24.001697 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:16:29.272269 0.012277 udp 10.0.2.109 3683 <- 63.151.141.205 7386 RSP 0 0 2 667 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:16:29.316820 0.087726 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 8 3157 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:16:29.462339 0.000000 udp 10.0.2.109 3683 -> 192.231.86.253 5925 INT 0 1 199 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:16:32.302389 2.960635 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 15:16:37.535692 0.000000 udp 10.0.2.109 3683 -> 67.169.118.210 7750 INT 0 1 200 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:16:39.208917 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:16:44.667505 0.000000 udp 10.0.2.109 3683 -> 97.89.164.18 8361 INT 0 1 180 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:16:47.091906 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:16:52.848674 0.000000 udp 10.0.2.109 3683 -> 176.73.169.112 4102 INT 0 1 216 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:17:00.474546 0.102296 udp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 8 3116 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:17:00.632849 0.304682 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 8 2904 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:17:00.967819 0.114782 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 8 2998 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:17:01.122674 0.487744 rtp 10.0.2.109 3683 <-> 190.119.24.153 5253 CON 0 0 8 2878 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:17:01.624185 0.000000 udp 10.0.2.109 3683 -> 79.25.162.170 8936 INT 0 1 271 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:17:02.870870 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:17:07.182964 0.000000 udp 10.0.2.109 3683 -> 173.220.58.250 2489 INT 0 1 243 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:17:11.832350 0.000068 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:17:14.113386 0.000000 udp 10.0.2.109 3683 -> 5.81.68.191 3064 INT 0 1 262 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:17:20.769555 0.682817 udp 10.0.2.109 3683 <-> 64.175.36.53 9080 CON 0 0 8 2943 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:17:21.478997 0.000000 udp 10.0.2.109 3683 -> 42.3.12.153 2387 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:17:27.888078 0.113491 udp 10.0.2.109 3683 <-> 92.231.17.56 4643 CON 0 0 8 3123 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:17:28.008391 0.000000 udp 10.0.2.109 3683 -> 24.172.13.114 2916 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:17:34.418161 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:17:35.985814 0.000000 udp 10.0.2.109 3683 -> 92.234.10.41 2557 INT 0 1 245 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:17:43.167357 0.000000 udp 10.0.2.109 3683 -> 207.0.59.15 8392 INT 0 1 123 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:17:50.409033 0.000000 udp 10.0.2.109 3683 -> 71.235.166.39 1799 INT 0 1 129 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:17:57.451853 0.163894 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 8 3020 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:17:57.819462 0.000000 udp 10.0.2.109 3683 -> 5.53.130.218 5437 INT 0 1 152 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:18:02.097520 0.000045 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:18:03.108227 0.000000 udp 10.0.2.109 3683 -> 212.18.43.213 4375 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:18:08.773252 0.263442 udp 10.0.2.109 3683 <-> 92.40.117.122 9542 CON 0 0 8 3012 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:18:09.074490 0.000000 udp 10.0.2.109 3683 -> 46.49.103.9 1555 INT 0 1 227 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:18:14.395706 0.000000 udp 10.0.2.109 3683 -> 86.164.37.92 2488 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:18:21.743715 0.000000 udp 10.0.2.109 3683 -> 110.32.12.13 8126 INT 0 1 127 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:18:28.955262 0.000000 udp 10.0.2.109 3683 -> 62.224.185.198 1064 INT 0 1 310 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:18:35.701385 0.000000 udp 10.0.2.109 3683 -> 89.134.105.188 6184 INT 0 1 205 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:18:43.133169 0.730986 udp 10.0.2.109 3683 <-> 27.54.121.253 4717 CON 0 0 8 3075 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:18:43.969822 0.285285 udp 10.0.2.109 3683 <-> 74.56.71.57 7892 CON 0 0 8 3120 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:18:44.285104 0.000000 udp 10.0.2.109 3683 -> 71.238.204.251 9777 INT 0 1 306 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:18:48.069933 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:18:51.555176 0.000000 udp 10.0.2.109 3683 -> 84.118.216.160 2600 INT 0 1 181 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:18:58.475578 0.000000 udp 10.0.2.109 3683 -> 95.235.21.30 3236 INT 0 1 169 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:19:03.453645 0.000000 udp 10.0.2.109 3683 -> 124.254.77.63 7386 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:19:10.533099 0.000000 udp 10.0.2.109 3683 -> 2.220.135.126 3101 INT 0 1 303 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:19:18.487013 0.000000 udp 10.0.2.109 3683 -> 95.155.8.242 6531 INT 0 1 219 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:19:26.261182 0.000000 udp 10.0.2.109 3683 -> 12.5.83.50 4220 INT 0 1 242 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:19:33.993184 0.000000 udp 10.0.2.109 3683 -> 190.232.187.189 6217 INT 0 1 295 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:19:38.835477 0.000055 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:19:41.892321 0.000000 udp 10.0.2.109 3683 -> 219.96.179.159 1490 INT 0 1 220 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:19:48.346683 0.000000 udp 10.0.2.109 3683 -> 83.110.251.95 6505 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:19:54.702317 0.000000 udp 10.0.2.109 3683 -> 37.142.254.187 4978 INT 0 1 300 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:20:00.221929 0.228327 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 8 3091 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:20:00.464139 0.743574 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 8 3053 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:20:01.456193 0.177555 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 8 2870 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:20:01.732784 0.000000 udp 10.0.2.109 3683 -> 139.142.70.178 1896 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:20:07.519543 0.000000 udp 10.0.2.109 3683 -> 75.144.209.131 5770 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:20:16.403217 0.000000 udp 10.0.2.109 3683 -> 46.31.82.174 9313 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:20:23.602013 0.000000 udp 10.0.2.109 3683 -> 61.77.78.201 2319 INT 0 1 150 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:20:28.213270 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:20:32.209287 0.000000 udp 10.0.2.109 3683 -> 188.23.35.18 6054 INT 0 1 154 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:20:38.628525 0.000000 udp 10.0.2.109 3683 -> 78.181.193.226 2608 INT 0 1 207 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:20:47.312127 0.000000 udp 10.0.2.109 3683 -> 46.31.106.240 3687 INT 0 1 309 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:20:48.833366 3.004138 tcp 10.0.2.109 51481 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:20:53.800550 0.000000 udp 10.0.2.109 3683 -> 71.193.164.148 2624 INT 0 1 170 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:20:57.836018 0.000000 tcp 10.0.2.109 51481 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:21:01.201067 0.000000 udp 10.0.2.109 3683 -> 162.17.10.245 9950 INT 0 1 240 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:21:03.839504 0.033400 tcp 10.0.2.109 51482 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:21:03.873198 0.053722 tcp 10.0.2.109 51483 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:21:03.927257 0.142063 tcp 10.0.2.109 51484 -> 195.113.214.215 443 SRPA* 0 0 23 13828 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:21:04.106270 3.003001 tcp 10.0.2.109 51485 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:21:08.832391 0.000000 udp 10.0.2.109 3683 -> 188.216.148.27 2665 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:21:13.108002 0.000000 tcp 10.0.2.109 51485 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:21:14.069485 0.000000 udp 10.0.2.109 3683 -> 75.109.216.240 2729 INT 0 1 211 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:21:20.448920 0.000000 udp 10.0.2.109 3683 -> 184.2.175.238 7257 INT 0 1 304 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:21:29.411411 0.000000 udp 10.0.2.109 3683 -> 50.160.179.116 4104 INT 0 1 290 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:21:37.032761 0.562924 udp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 8 3056 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:21:37.787380 0.000000 udp 10.0.2.109 3683 -> 207.255.48.48 6924 INT 0 1 266 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:21:42.859856 0.000000 udp 10.0.2.109 3683 -> 173.58.81.194 8301 INT 0 1 194 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:21:48.308925 0.000000 udp 10.0.2.109 3683 -> 117.102.32.179 3128 INT 0 1 201 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:21:53.215563 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:21:56.851116 0.000000 udp 10.0.2.109 3683 -> 173.245.67.150 6228 INT 0 1 175 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:22:05.673808 0.152552 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 8 2946 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:22:06.032913 0.000000 udp 10.0.2.109 3683 -> 178.7.237.148 3757 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:22:13.504890 0.000000 udp 10.0.2.109 3683 -> 37.6.203.13 9400 INT 0 1 279 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:22:19.733878 0.000000 udp 10.0.2.109 3683 -> 98.21.134.136 3208 INT 0 1 311 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:23:36.145959 3.002095 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 15:23:43.153654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:23:51.155378 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:24:07.158318 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:24:39.174424 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:26:19.098521 0.039720 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:26:19.138373 2.963398 tcp 10.0.2.109 51486 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:26:28.100982 0.000000 tcp 10.0.2.109 51486 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:26:34.111375 0.032335 tcp 10.0.2.109 51487 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:26:34.143965 0.083928 tcp 10.0.2.109 51488 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:26:34.228184 0.145523 tcp 10.0.2.109 51489 -> 195.113.214.215 443 SRPA* 0 0 33 18798 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:26:34.532199 2.992108 tcp 10.0.2.109 51490 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:26:43.522935 0.000000 tcp 10.0.2.109 51490 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:30:43.192283 3.050868 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 15:30:50.225349 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:30:58.219371 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:31:14.222532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:31:46.228461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:31:49.533548 0.000047 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:31:49.533636 3.003569 tcp 10.0.2.109 51491 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:31:58.535773 0.000000 tcp 10.0.2.109 51491 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:32:04.536561 0.032022 tcp 10.0.2.109 51492 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:32:04.568815 0.140105 tcp 10.0.2.109 51493 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:32:04.709142 0.144034 tcp 10.0.2.109 51494 -> 195.113.214.215 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:32:04.950388 2.999151 tcp 10.0.2.109 51495 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:32:13.947494 0.000000 tcp 10.0.2.109 51495 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:37:19.949359 0.059626 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:37:20.009190 2.962348 tcp 10.0.2.109 51496 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:37:28.951164 0.000000 tcp 10.0.2.109 51496 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:37:34.961427 0.254642 tcp 10.0.2.109 51497 -> 195.113.214.234 80 FSPA* 0 0 10 1882 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:37:35.216391 0.053470 tcp 10.0.2.109 51498 -> 195.113.214.215 80 FSPA* 0 0 10 1913 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:37:35.270172 0.142078 tcp 10.0.2.109 51499 -> 195.113.214.215 443 SRPA* 0 0 23 13370 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:37:36.205579 3.000133 tcp 10.0.2.109 51500 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:37:45.204565 0.000000 tcp 10.0.2.109 51500 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:37:50.234039 0.999225 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 2 292 flow=Background 1970/02/26 15:37:58.182798 3.941688 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 2 292 flow=Background 1970/02/26 15:38:10.015849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:38:25.799532 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:38:57.650621 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:42:52.274549 0.049288 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:42:52.323935 2.950525 tcp 10.0.2.109 51501 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:43:01.192620 0.000000 tcp 10.0.2.109 51501 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:43:07.116493 0.031279 tcp 10.0.2.109 51502 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:43:07.187391 0.053561 tcp 10.0.2.109 51503 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:43:07.241337 0.139276 tcp 10.0.2.109 51504 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:43:07.916995 2.944072 tcp 10.0.2.109 51505 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:43:16.787044 0.000000 tcp 10.0.2.109 51505 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:44:57.278560 3.002719 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 15:45:04.285788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:45:12.287204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:45:28.290052 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:46:00.296617 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:52:04.303469 3.149641 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 15:52:11.424141 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:52:19.365745 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:52:35.324435 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:52:58.041388 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:52:58.041480 0.326907 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:58.212978 0.155445 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2246 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:58.408645 0.150530 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:58.557328 0.055342 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:58.724508 0.014683 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2061 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:58.750891 0.173618 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:58.903137 0.167686 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:59.122249 0.260177 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2433 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:59.344019 0.114866 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:59.577590 0.143258 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:52:59.750082 0.179624 rtp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:00.723631 0.215253 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:01.376492 0.187566 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:02.087839 0.577243 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2450 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:02.546183 0.142222 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:02.869635 0.071614 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:03.006335 0.176683 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:03.157965 0.179015 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:03.334262 0.352717 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:03.683248 0.190834 rtp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:03.987850 0.096397 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:04.062514 0.773812 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2594 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:04.797844 0.000000 udp 10.0.2.109 3683 -> 216.26.100.115 5047 INT 0 1 284 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:53:07.030186 2.993676 tcp 10.0.2.109 51506 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:53:07.329837 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:53:16.022750 0.000000 tcp 10.0.2.109 51506 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:53:20.380499 0.053295 tcp 10.0.2.109 51507 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:20.434090 0.051412 tcp 10.0.2.109 51508 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:20.485777 0.137890 tcp 10.0.2.109 51509 -> 195.113.214.215 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:20.624257 0.421075 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2417 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:21.106524 0.219856 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:21.317190 0.000000 udp 10.0.2.109 3683 -> 87.246.251.13 8842 INT 0 1 148 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:53:22.031570 0.053340 tcp 10.0.2.109 51510 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:22.085214 0.054669 tcp 10.0.2.109 51511 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:22.140146 0.141239 tcp 10.0.2.109 51512 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:22.323227 3.002799 tcp 10.0.2.109 51513 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:53:31.324605 0.000000 tcp 10.0.2.109 51513 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:53:38.405352 0.052153 tcp 10.0.2.109 51514 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:38.457788 0.053897 tcp 10.0.2.109 51515 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:38.512026 0.147681 tcp 10.0.2.109 51516 -> 195.113.214.215 443 SRPA* 0 0 21 13096 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:38.660331 0.056523 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:53:38.711587 0.000000 udp 10.0.2.109 3683 -> 108.78.185.247 1890 INT 0 1 161 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:53:54.017865 0.170774 tcp 10.0.2.109 51517 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:54.188914 0.053671 tcp 10.0.2.109 51518 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:54.243069 0.141188 tcp 10.0.2.109 51519 -> 195.113.214.215 443 SRPA* 0 0 21 11428 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:53:54.384816 0.000000 udp 10.0.2.109 3683 -> 76.199.116.206 4115 INT 0 1 171 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:54:10.962355 0.052990 tcp 10.0.2.109 51520 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:54:11.015639 0.054388 tcp 10.0.2.109 51521 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:54:11.070477 0.728109 tcp 10.0.2.109 51522 -> 195.113.214.215 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:54:11.799682 0.000000 udp 10.0.2.109 3683 -> 218.145.118.11 9278 INT 0 1 234 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:54:27.496397 0.150216 tcp 10.0.2.109 51523 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:54:27.646905 0.053281 tcp 10.0.2.109 51524 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:54:27.700491 0.144139 tcp 10.0.2.109 51525 -> 195.113.214.215 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:54:27.845212 0.419008 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2472 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:28.247326 0.050529 udp 10.0.2.109 3683 <-> 217.226.192.194 1251 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:28.295654 0.160006 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2317 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:28.743499 0.066404 udp 10.0.2.109 3683 <-> 193.90.52.69 9082 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:28.837888 0.193093 udp 10.0.2.109 3683 <-> 216.73.224.248 7429 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:29.008497 4.479229 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 2 226 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:33.488132 0.046626 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2109 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:33.531069 0.064551 udp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:34.036243 0.054565 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 1951 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:34.728883 0.059707 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:36.013995 0.251545 udp 10.0.2.109 3683 <-> 190.119.24.153 5253 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:54:36.345482 0.000000 udp 10.0.2.109 3683 -> 64.175.36.53 9080 INT 0 1 124 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:54:55.090081 0.053022 tcp 10.0.2.109 51526 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:54:55.143397 0.052690 tcp 10.0.2.109 51527 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:54:55.196434 0.139623 tcp 10.0.2.109 51528 -> 195.113.214.215 443 SRPA* 0 0 24 13390 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:54:55.336756 0.000000 udp 10.0.2.109 3683 -> 92.231.17.56 4643 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:55:10.858105 0.070845 tcp 10.0.2.109 51529 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:55:10.929241 0.054874 tcp 10.0.2.109 51530 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:55:10.984411 0.143394 tcp 10.0.2.109 51531 -> 195.113.214.215 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:55:11.128129 0.094609 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2047 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:55:11.204908 0.000000 udp 10.0.2.109 3683 -> 92.40.117.122 9542 INT 0 1 289 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 15:55:28.303714 0.030887 tcp 10.0.2.109 51532 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:55:28.334883 0.053467 tcp 10.0.2.109 51533 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:55:28.388663 0.143828 tcp 10.0.2.109 51534 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:55:28.532980 0.118898 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2454 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:55:28.616925 0.355738 rtp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:55:28.973021 0.101456 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:55:29.041005 0.252335 udp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:55:29.354874 0.077954 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/26 15:58:37.325139 0.145398 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 15:58:37.470698 2.968349 tcp 10.0.2.109 51535 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:58:46.386486 0.000000 tcp 10.0.2.109 51535 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:58:52.344433 4.722130 tcp 10.0.2.109 51536 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:58:57.066838 0.053514 tcp 10.0.2.109 51537 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:58:57.120606 0.143394 tcp 10.0.2.109 51538 -> 195.113.214.215 443 SRPA* 0 0 22 11858 flow=From-Botnet-V1-TCP-Established 1970/02/26 15:58:57.620862 2.954346 tcp 10.0.2.109 51539 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:59:06.499005 0.000000 tcp 10.0.2.109 51539 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 15:59:14.913659 2.959330 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 15:59:21.823946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:59:29.722471 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 15:59:45.510458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:00:17.075334 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:04:08.811883 0.098042 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 16:04:08.910224 2.961445 tcp 10.0.2.109 51540 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:04:17.821375 0.000000 tcp 10.0.2.109 51540 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:04:23.917335 0.032318 tcp 10.0.2.109 51541 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:04:23.949981 0.054462 tcp 10.0.2.109 51542 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:04:24.029800 0.143729 tcp 10.0.2.109 51543 -> 195.113.214.215 443 SRPA* 0 0 35 19572 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:04:24.430923 2.977802 tcp 10.0.2.109 51544 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:04:33.408307 0.000000 tcp 10.0.2.109 51544 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:06:18.370923 3.130051 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 16:06:25.476488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:06:33.409831 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:06:49.392488 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:07:21.408102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:09:42.431086 0.000081 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 16:09:42.431208 2.955900 tcp 10.0.2.109 51545 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:09:51.307341 0.000000 tcp 10.0.2.109 51545 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:09:57.228251 0.032213 tcp 10.0.2.109 51546 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:09:57.260729 0.052397 tcp 10.0.2.109 51547 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:09:57.313480 0.142427 tcp 10.0.2.109 51548 -> 195.113.214.215 443 SRPA* 0 0 40 21314 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:09:57.576165 2.957169 tcp 10.0.2.109 51549 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:10:06.454971 0.000000 tcp 10.0.2.109 51549 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:13:25.424311 3.056716 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 16:13:32.458214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:13:40.443235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:13:56.570440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:14:28.472366 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:15:09.682374 0.075349 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 16:15:09.757823 2.976388 tcp 10.0.2.109 51550 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:15:18.698738 0.000000 tcp 10.0.2.109 51550 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:15:24.694973 0.031655 tcp 10.0.2.109 51551 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:15:24.726899 0.123902 tcp 10.0.2.109 51552 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:15:24.851086 0.139673 tcp 10.0.2.109 51553 -> 195.113.214.215 443 SRPA* 0 0 23 13336 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:15:25.402788 3.005006 tcp 10.0.2.109 51554 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:15:34.406883 0.000000 tcp 10.0.2.109 51554 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:20:32.478948 3.015388 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 16:20:39.495575 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:20:47.497168 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:21:03.500491 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:21:35.505997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:25:42.011156 0.026340 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 16:25:42.037664 0.213318 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:25:42.219311 0.000000 udp 10.0.2.109 3683 -> 87.246.251.13 8842 INT 0 1 98 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:25:55.635607 2.990967 tcp 10.0.2.109 51555 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:25:57.550914 0.031560 tcp 10.0.2.109 51556 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:25:57.582718 0.082333 tcp 10.0.2.109 51557 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:25:57.665353 0.142346 tcp 10.0.2.109 51558 -> 195.113.214.215 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:25:57.808275 0.000000 udp 10.0.2.109 3683 -> 108.78.185.247 1890 INT 0 1 230 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:26:04.568208 0.000000 tcp 10.0.2.109 51555 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:26:10.516559 0.031031 tcp 10.0.2.109 51559 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:10.547879 0.052700 tcp 10.0.2.109 51560 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:10.600900 0.143108 tcp 10.0.2.109 51561 -> 195.113.214.215 443 SRPA* 0 0 32 16622 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:11.459761 2.977832 tcp 10.0.2.109 51562 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:26:16.285091 0.626407 tcp 10.0.2.109 51563 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:16.911800 0.053124 tcp 10.0.2.109 51564 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:16.965312 0.139068 tcp 10.0.2.109 51565 -> 195.113.214.215 443 SRPA* 0 0 22 13150 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:17.105011 0.000000 udp 10.0.2.109 3683 -> 218.145.118.11 9278 INT 0 1 260 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:26:21.724459 0.000000 tcp 10.0.2.109 51562 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:26:33.172253 0.030636 tcp 10.0.2.109 51566 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:33.203203 0.053448 tcp 10.0.2.109 51567 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:33.256974 0.142022 tcp 10.0.2.109 51568 -> 195.113.214.215 443 SRPA* 0 0 21 12430 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:33.399571 0.000000 udp 10.0.2.109 3683 -> 76.199.116.206 4115 INT 0 1 203 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:26:52.063886 0.354000 tcp 10.0.2.109 51569 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:52.418153 0.053226 tcp 10.0.2.109 51570 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:52.471671 0.170161 tcp 10.0.2.109 51571 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:26:52.642456 0.284829 udp 10.0.2.109 3683 <-> 64.175.36.53 9080 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:26:52.890991 0.000000 udp 10.0.2.109 3683 -> 92.231.17.56 4643 INT 0 1 159 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:27:08.438007 0.090339 tcp 10.0.2.109 51572 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:27:08.528642 0.053314 tcp 10.0.2.109 51573 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:27:08.582275 0.553923 tcp 10.0.2.109 51574 -> 195.113.214.215 443 SRPA* 0 0 34 25217 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:27:09.136936 0.000000 udp 10.0.2.109 3683 -> 92.40.117.122 9542 INT 0 1 176 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:27:26.276308 2.663855 tcp 10.0.2.109 51575 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:27:28.940445 0.054528 tcp 10.0.2.109 51576 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:27:28.994822 0.124996 tcp 10.0.2.109 51577 -> 195.113.214.215 443 SRPA* 0 0 32 24105 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:27:29.120541 0.013912 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:35.766369 2.527822 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:40.171442 0.178490 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:40.691886 0.525711 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:42.069669 0.107279 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:42.136126 0.182822 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:43.115820 0.179261 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2243 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:43.281395 0.116620 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:43.632550 0.150543 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:43.741138 0.254982 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:44.174906 0.174942 udp 10.0.2.109 3683 <-> 174.91.201.209 6066 CON 0 0 6 2204 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:44.327907 0.114936 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:44.484830 0.709055 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:44.955350 0.186006 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:45.289634 0.143428 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:45.421216 0.071736 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2404 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:45.876535 0.176697 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2102 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:46.028259 2.969160 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 16:27:46.030423 0.171978 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:46.199694 0.353093 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:46.663070 0.595702 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2169 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:47.224724 0.100693 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2212 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:47.547208 0.190978 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2191 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:47.735113 0.218324 rtp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:47.944491 0.444770 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:48.445811 0.057117 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:48.500049 0.433850 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2235 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:48.917819 0.153579 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2393 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:49.097591 0.064778 udp 10.0.2.109 3683 <-> 193.90.52.69 9082 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:49.142840 0.295157 udp 10.0.2.109 3683 <-> 217.226.192.194 1251 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:27:49.434746 0.000000 udp 10.0.2.109 3683 -> 216.73.224.248 7429 INT 0 1 258 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:27:52.944237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:28:00.840122 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:28:05.779050 0.030942 tcp 10.0.2.109 51578 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:28:05.810299 0.054685 tcp 10.0.2.109 51579 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:28:05.865346 0.142410 tcp 10.0.2.109 51580 -> 195.113.214.215 443 SRPA* 0 0 77 77120 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:28:06.008411 0.156391 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2463 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:06.148371 0.051887 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:06.528991 0.061827 udp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2003 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:06.743236 0.055566 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:07.309959 0.059906 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:07.500047 0.309525 udp 10.0.2.109 3683 <-> 190.119.24.153 5253 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:07.801508 0.094537 rtp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:10.192697 0.125174 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:10.973773 0.242295 rtp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:11.197754 0.077898 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2019 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:12.458206 0.363669 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2520 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:12.995336 0.243235 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:28:16.693573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:28:48.273566 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:31:29.874237 0.044890 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 16:31:29.919289 2.949873 tcp 10.0.2.109 51581 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:31:38.785114 0.000000 tcp 10.0.2.109 51581 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:31:44.711304 0.032384 tcp 10.0.2.109 51582 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:31:44.743985 0.075436 tcp 10.0.2.109 51583 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:31:44.819720 0.142921 tcp 10.0.2.109 51584 -> 195.113.214.215 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:31:45.296205 2.952228 tcp 10.0.2.109 51585 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:31:54.171114 0.000000 tcp 10.0.2.109 51585 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:34:47.255698 3.909632 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 16:34:55.117214 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:35:03.003068 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:35:18.775154 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:35:50.353203 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:36:57.034078 0.024750 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 16:36:57.058939 2.957333 tcp 10.0.2.109 51586 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:37:05.983920 0.000000 tcp 10.0.2.109 51586 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:37:11.994863 0.043852 tcp 10.0.2.109 51587 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:37:12.038991 0.052459 tcp 10.0.2.109 51588 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:37:12.091817 0.141614 tcp 10.0.2.109 51589 -> 195.113.214.215 443 SRPA* 0 0 24 13256 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:37:12.281459 2.995841 tcp 10.0.2.109 51590 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:37:21.275763 0.000000 tcp 10.0.2.109 51590 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:41:53.579843 3.096720 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 16:42:00.649727 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:42:08.598997 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:42:24.602543 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:42:27.276755 0.000071 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 16:42:27.276869 3.003018 tcp 10.0.2.109 51591 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:42:36.278742 0.000000 tcp 10.0.2.109 51591 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:42:42.601763 0.056171 tcp 10.0.2.109 51592 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:42:42.658312 0.053070 tcp 10.0.2.109 51593 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:42:42.711628 0.143543 tcp 10.0.2.109 51594 -> 195.113.214.215 443 SRPA* 0 0 49 39372 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:42:42.962904 2.955750 tcp 10.0.2.109 51595 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:42:51.864600 0.000000 tcp 10.0.2.109 51595 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:42:56.785871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:47:57.641578 0.073006 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 16:47:57.714766 2.967644 tcp 10.0.2.109 51596 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:48:06.643926 0.000000 tcp 10.0.2.109 51596 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:48:12.664329 0.057972 tcp 10.0.2.109 51597 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:48:12.722650 0.052730 tcp 10.0.2.109 51598 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:48:12.775675 0.138872 tcp 10.0.2.109 51599 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:48:13.042711 3.004819 tcp 10.0.2.109 51600 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:48:22.046041 0.000000 tcp 10.0.2.109 51600 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:49:00.616392 2.999333 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 16:49:07.621460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:49:15.623181 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:49:31.625965 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:50:03.632204 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:56:07.638013 3.026960 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 16:56:14.655095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:56:22.656939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:56:38.660077 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:57:10.874740 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 16:58:19.485393 0.000084 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 16:58:19.485576 0.000000 udp 10.0.2.109 3683 -> 216.73.224.248 7429 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:58:34.578447 0.473799 tcp 10.0.2.109 51601 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:58:35.052508 0.052722 tcp 10.0.2.109 51602 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:58:35.105514 0.141799 tcp 10.0.2.109 51603 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:58:35.247964 0.174937 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2099 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:35.408207 0.288955 udp 10.0.2.109 3683 <-> 64.175.36.53 9080 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:35.796351 0.015056 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:37.128987 0.054616 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:37.539987 0.177491 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2068 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:37.766662 0.150490 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2372 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:38.383265 0.104482 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:38.448309 0.172962 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:38.601713 0.168338 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2184 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:38.798551 0.244427 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:39.005905 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 121 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:58:43.069155 2.994062 tcp 10.0.2.109 51604 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:58:52.061656 0.000000 tcp 10.0.2.109 51604 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:58:57.453756 0.031083 tcp 10.0.2.109 51605 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:58:57.485171 0.055884 tcp 10.0.2.109 51606 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:58:57.541375 0.144346 tcp 10.0.2.109 51607 -> 195.113.214.215 443 SRPA* 0 0 41 21628 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:58:57.686403 0.118080 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2406 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:57.764265 0.147713 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2195 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:58.072951 0.030566 tcp 10.0.2.109 51608 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:58:58.103807 0.051719 tcp 10.0.2.109 51609 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:58:58.155888 0.139704 tcp 10.0.2.109 51610 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:58:58.968474 2.997442 tcp 10.0.2.109 51611 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:58:59.122785 0.191412 rtp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 1984 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:59.307805 0.122649 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:58:59.788251 0.677658 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:00.246261 0.180054 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2533 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:00.400873 0.176415 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 1944 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:01.663995 0.136081 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:01.798685 0.074068 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:03.280809 0.524739 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:03.768689 0.352143 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:04.746659 0.185701 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:04.929954 0.097183 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:05.135165 0.220161 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:05.559676 0.416751 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:05.960150 0.155988 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2045 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:06.331194 0.000000 udp 10.0.2.109 3683 -> 193.90.52.69 9082 INT 0 1 281 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 16:59:07.964637 0.000000 tcp 10.0.2.109 51611 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 16:59:21.584732 0.030796 tcp 10.0.2.109 51612 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:59:21.615806 0.053154 tcp 10.0.2.109 51613 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:59:21.669313 0.146340 tcp 10.0.2.109 51614 -> 195.113.214.215 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/26 16:59:21.816333 0.441232 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:22.474896 0.050514 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2146 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:22.534824 0.279245 udp 10.0.2.109 3683 <-> 217.226.192.194 1251 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:22.810133 0.046580 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:22.961794 0.058227 rtp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:23.005031 0.156608 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2534 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:23.551324 0.060631 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:23.842892 0.314835 udp 10.0.2.109 3683 <-> 190.119.24.153 5253 CON 0 0 6 2172 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:24.145831 0.055587 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2420 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:24.294539 0.125590 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2521 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:24.383879 0.093496 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2041 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:24.524904 0.252475 udp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2464 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:24.846383 0.077922 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:24.957487 0.364056 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/26 16:59:25.600681 0.365373 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:03:14.691586 3.030403 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 17:03:21.709361 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:03:29.711065 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:03:45.717099 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:04:13.965006 0.000058 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 17:04:13.965146 3.003583 tcp 10.0.2.109 51615 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:04:17.720022 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:04:23.006760 0.000000 tcp 10.0.2.109 51615 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:04:28.970125 0.066863 tcp 10.0.2.109 51616 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:04:29.037367 0.054043 tcp 10.0.2.109 51617 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:04:29.091713 0.142473 tcp 10.0.2.109 51618 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:04:29.292458 2.985807 tcp 10.0.2.109 51619 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:04:38.269469 0.000000 tcp 10.0.2.109 51619 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:09:44.260196 0.000000 arp 10.0.2.109 who 10.0.2.2 INT 1 42 flow=Background-ARP 1970/02/26 17:09:49.945991 0.000000 arp 10.0.2.109 who 10.0.2.2 RSP 1 42 flow=Background-ARP 1970/02/26 17:09:49.960946 2.929814 tcp 10.0.2.109 51620 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:09:58.803766 0.000000 tcp 10.0.2.109 51620 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:10:08.912938 1.762549 tcp 10.0.2.109 51621 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:10:10.675749 0.990633 tcp 10.0.2.109 51622 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:10:11.666632 0.141420 tcp 10.0.2.109 51623 -> 195.113.214.215 443 SRPA* 0 0 23 13372 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:10:12.406915 2.964326 tcp 10.0.2.109 51624 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:10:21.288002 0.000000 tcp 10.0.2.109 51624 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:10:33.709421 2.959935 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 17:10:40.617520 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:10:48.505012 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:11:04.276280 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:11:35.837352 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:15:22.983262 0.000054 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 17:15:22.983372 2.960201 tcp 10.0.2.109 51625 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:15:31.862121 0.000000 tcp 10.0.2.109 51625 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:15:37.777227 0.031324 tcp 10.0.2.109 51626 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:15:37.808824 0.053866 tcp 10.0.2.109 51627 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:15:37.862949 0.141359 tcp 10.0.2.109 51628 -> 195.113.214.215 443 SRPA* 0 0 22 11444 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:15:38.327788 2.950056 tcp 10.0.2.109 51629 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:15:47.199991 0.000000 tcp 10.0.2.109 51629 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:17:34.729319 2.956351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 17:17:41.641358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:17:49.527764 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:18:05.301677 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:18:36.858753 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:20:48.898950 0.104560 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 17:20:49.003634 2.947760 tcp 10.0.2.109 51630 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:20:57.867778 0.000000 tcp 10.0.2.109 51630 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:21:03.800563 0.050541 tcp 10.0.2.109 51631 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:21:03.851387 0.052445 tcp 10.0.2.109 51632 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:21:03.904153 0.140594 tcp 10.0.2.109 51633 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:21:04.311868 2.957577 tcp 10.0.2.109 51634 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:21:13.189617 0.000000 tcp 10.0.2.109 51634 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:24:35.861477 2.962751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 17:24:42.848294 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:24:50.803084 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:25:06.806090 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:25:38.812160 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:29:29.914836 0.017314 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 17:29:29.932273 0.000000 udp 10.0.2.109 3683 -> 174.91.201.209 6066 INT 0 1 277 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 17:29:46.139371 0.031634 tcp 10.0.2.109 51635 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:29:46.171307 0.055585 tcp 10.0.2.109 51636 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:29:46.227156 0.146063 tcp 10.0.2.109 51637 -> 195.113.214.215 443 SRPA* 0 0 20 10252 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:29:46.373886 0.000000 udp 10.0.2.109 3683 -> 193.90.52.69 9082 INT 0 1 108 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 17:30:04.974993 0.067863 tcp 10.0.2.109 51638 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:30:05.043158 0.052172 tcp 10.0.2.109 51639 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:30:05.095618 0.143191 tcp 10.0.2.109 51640 -> 195.113.214.215 443 SRPA* 0 0 22 11820 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:30:05.239376 0.287245 udp 10.0.2.109 3683 <-> 64.175.36.53 9080 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:05.490448 0.174277 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:05.648855 0.013806 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2114 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:05.696676 0.174614 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:05.865182 0.056030 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2023 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:05.950748 0.185415 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:06.130363 0.177825 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2351 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:06.286559 0.105542 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:06.350828 0.150645 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:06.512429 0.254894 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:06.732061 0.119926 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:06.966384 0.143277 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:07.070826 0.114523 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2087 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:07.818047 0.186574 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2266 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:08.077223 0.178801 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:08.230809 0.730194 udp 10.0.2.109 3683 <-> 119.234.155.27 5726 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:08.701035 0.177260 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:08.875508 0.135852 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:09.058513 0.103254 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:09.126569 0.071923 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2390 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:09.273077 0.353172 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:09.622318 0.190899 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:09.810763 0.097177 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2165 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:09.885685 0.219352 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:10.096152 0.159560 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:10.245195 0.417754 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:10.646683 0.000000 udp 10.0.2.109 3683 -> 217.226.192.194 1251 INT 0 1 225 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 17:30:16.248273 2.996550 tcp 10.0.2.109 51641 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:30:25.243785 0.000000 tcp 10.0.2.109 51641 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:30:26.115785 0.030919 tcp 10.0.2.109 51642 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:30:26.146965 0.054588 tcp 10.0.2.109 51643 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:30:26.201868 0.144409 tcp 10.0.2.109 51644 -> 195.113.214.215 443 SRPA* 0 0 19 10030 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:30:26.346770 0.432641 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:27.261410 0.066314 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:27.628119 0.051488 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2425 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:27.796231 0.064148 rtp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:28.209634 0.153481 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:28.347239 0.057613 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2019 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:28.513468 0.114827 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:28.670575 0.099115 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2374 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:28.810557 0.249676 rtp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2277 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:31.242872 0.030680 tcp 10.0.2.109 51645 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:30:31.273811 0.052661 tcp 10.0.2.109 51646 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:30:31.326723 0.140918 tcp 10.0.2.109 51647 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:30:31.659404 2.997909 tcp 10.0.2.109 51648 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:30:31.718506 0.536236 udp 10.0.2.109 3683 <-> 190.119.24.153 5253 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:32.246502 0.057210 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:32.414358 0.103536 rtp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:32.641631 0.076682 rtp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2488 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:33.313695 0.345697 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2130 flow=From-Botnet-V1-UDP-Established 1970/02/26 17:30:40.656012 0.000000 tcp 10.0.2.109 51648 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:31:42.817031 3.002750 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 17:31:49.825869 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:31:58.189986 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:32:14.040827 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:32:45.845598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:35:46.656492 0.094592 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 17:35:46.751247 2.965654 tcp 10.0.2.109 51649 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:35:55.667965 0.000000 tcp 10.0.2.109 51649 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:36:01.668897 0.031935 tcp 10.0.2.109 51650 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:36:01.701081 0.054803 tcp 10.0.2.109 51651 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:36:01.756180 0.140942 tcp 10.0.2.109 51652 -> 195.113.214.215 443 SRPA* 0 0 41 23322 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:36:02.019782 2.993236 tcp 10.0.2.109 51653 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:36:11.021015 0.000000 tcp 10.0.2.109 51653 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:38:49.851570 3.002048 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 17:38:56.859598 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:39:04.860941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:39:20.863935 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:39:52.880259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:41:17.021469 0.569296 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 17:41:17.590963 2.966319 tcp 10.0.2.109 51654 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:41:26.479670 0.000000 tcp 10.0.2.109 51654 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:41:32.411786 0.032364 tcp 10.0.2.109 51655 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:41:32.444506 0.053849 tcp 10.0.2.109 51656 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:41:32.498685 0.145851 tcp 10.0.2.109 51657 -> 195.113.214.215 443 SRPA* 0 0 35 19080 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:41:32.798789 2.967775 tcp 10.0.2.109 51658 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:41:41.689417 0.000000 tcp 10.0.2.109 51658 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:45:56.897397 3.043857 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 17:46:03.922215 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:46:11.915148 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:46:27.917849 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:46:47.426599 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 17:46:47.426790 3.003584 tcp 10.0.2.109 51659 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:46:56.428421 0.000000 tcp 10.0.2.109 51659 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:46:59.923952 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:47:02.429443 0.120447 tcp 10.0.2.109 51660 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:47:02.550291 0.053265 tcp 10.0.2.109 51661 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:47:02.603941 0.143641 tcp 10.0.2.109 51662 -> 195.113.214.215 443 SRPA* 0 0 27 11248 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:47:02.763273 2.969063 tcp 10.0.2.109 51663 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:47:11.690896 0.000000 tcp 10.0.2.109 51663 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:52:17.680922 0.147339 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 17:52:17.828472 2.975099 tcp 10.0.2.109 51664 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:52:26.751981 0.000000 tcp 10.0.2.109 51664 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:52:32.709459 0.031540 tcp 10.0.2.109 51665 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:52:32.741358 0.052889 tcp 10.0.2.109 51666 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:52:32.794525 0.143242 tcp 10.0.2.109 51667 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 17:52:33.163923 2.993664 tcp 10.0.2.109 51668 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:52:42.234615 0.000000 tcp 10.0.2.109 51668 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 17:53:03.930514 3.001250 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 17:53:10.937159 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:53:18.938468 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:53:34.941970 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 17:54:06.947894 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:00:10.954023 3.029527 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 18:00:17.971601 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:00:25.973019 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:00:41.976057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:00:53.643119 0.000065 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 18:00:53.643247 0.000000 udp 10.0.2.109 3683 -> 217.226.192.194 1251 INT 0 1 228 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 18:01:10.949604 0.032344 tcp 10.0.2.109 51669 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:01:10.982261 0.053158 tcp 10.0.2.109 51670 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:01:11.035762 0.140647 tcp 10.0.2.109 51671 -> 195.113.214.215 443 SRPA* 0 0 21 11390 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:01:11.176893 0.014341 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:11.203181 0.180309 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2164 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:11.396138 0.300372 udp 10.0.2.109 3683 <-> 64.175.36.53 9080 CON 0 0 6 2532 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:11.656785 0.175606 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2167 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:11.816588 0.180019 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:11.974303 0.105837 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:12.041274 0.150391 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2415 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:12.189722 0.244442 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2486 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:12.397975 0.055638 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:12.455145 0.176224 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2336 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:12.640092 0.121529 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2283 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:12.711386 0.176167 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2050 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:12.851515 0.111827 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:12.927769 0.000000 udp 10.0.2.109 3683 -> 119.234.155.27 5726 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 18:01:13.981838 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:01:18.168086 2.994255 tcp 10.0.2.109 51672 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:01:27.170737 0.000000 tcp 10.0.2.109 51672 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:01:28.473710 0.030969 tcp 10.0.2.109 51673 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:01:28.504988 0.052716 tcp 10.0.2.109 51674 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:01:28.557972 0.142165 tcp 10.0.2.109 51675 -> 195.113.214.215 443 SRPA* 0 0 23 13374 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:01:28.700791 0.174738 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2013 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:28.853557 0.187243 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2414 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:29.032846 0.177327 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2312 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:29.207745 0.068726 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2397 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:29.257823 0.353352 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:29.648663 0.197089 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:29.843119 0.829064 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:30.637613 0.146618 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:30.776551 0.432254 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:31.191277 0.100964 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2476 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:31.268146 0.220321 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:31.781488 0.160144 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:31.931724 0.411321 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:32.349021 0.053175 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2416 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:32.424887 0.046413 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:32.467241 0.063613 udp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:32.825930 0.160117 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:32.969507 0.063278 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2554 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:33.015827 0.117381 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:33.101135 0.094240 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:33.170426 0.031008 tcp 10.0.2.109 51676 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:01:33.176843 0.252528 udp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2089 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:33.201669 0.054396 tcp 10.0.2.109 51677 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:01:33.256357 0.142779 tcp 10.0.2.109 51678 -> 195.113.214.215 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:01:33.412041 3.002386 tcp 10.0.2.109 51679 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:01:33.457106 0.103718 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:33.527865 0.539999 udp 10.0.2.109 3683 <-> 190.119.24.153 5253 CON 0 0 6 2128 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:34.059810 0.056513 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:34.210953 0.079806 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:34.294358 0.345840 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:01:42.412992 0.000000 tcp 10.0.2.109 51679 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:06:48.413336 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 18:06:48.413448 3.003521 tcp 10.0.2.109 51680 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:06:57.415757 0.000000 tcp 10.0.2.109 51680 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:07:03.416621 0.031518 tcp 10.0.2.109 51681 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:07:03.448422 0.052570 tcp 10.0.2.109 51682 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:07:03.501272 0.143218 tcp 10.0.2.109 51683 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:07:03.653652 3.004700 tcp 10.0.2.109 51684 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:07:12.657680 0.000000 tcp 10.0.2.109 51684 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:07:17.987986 3.001549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 18:07:24.995407 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:07:32.996948 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:07:48.999834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:08:21.005823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:12:18.648160 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 18:12:18.648303 2.993541 tcp 10.0.2.109 51685 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:12:27.650548 0.000000 tcp 10.0.2.109 51685 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:12:33.651070 0.053622 tcp 10.0.2.109 51686 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:12:33.704980 0.053253 tcp 10.0.2.109 51687 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:12:33.758526 0.141617 tcp 10.0.2.109 51688 -> 195.113.214.215 443 SRPA* 0 0 21 11390 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:12:33.910247 2.993339 tcp 10.0.2.109 51689 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:12:42.902585 0.000000 tcp 10.0.2.109 51689 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:14:25.010623 3.003643 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 18:14:32.019301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:14:40.020757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:14:56.023949 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:15:28.029941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:17:48.913021 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 18:17:48.913176 3.003422 tcp 10.0.2.109 51690 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:17:57.916276 0.000000 tcp 10.0.2.109 51690 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:18:03.915603 0.052859 tcp 10.0.2.109 51691 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:18:03.968716 0.053026 tcp 10.0.2.109 51692 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:18:04.022038 0.141230 tcp 10.0.2.109 51693 -> 195.113.214.215 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:18:04.174891 3.003837 tcp 10.0.2.109 51694 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:18:13.177374 0.000000 tcp 10.0.2.109 51694 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:21:32.036223 3.001183 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 18:21:39.043379 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:21:47.044946 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:22:03.047683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:22:35.053967 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:23:19.177696 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 18:23:19.177854 3.003981 tcp 10.0.2.109 51695 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:23:28.190000 0.000000 tcp 10.0.2.109 51695 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:23:34.180148 0.031923 tcp 10.0.2.109 51696 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:23:34.212305 0.068891 tcp 10.0.2.109 51697 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:23:34.281501 0.138662 tcp 10.0.2.109 51698 -> 195.113.214.215 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:23:34.442341 2.991283 tcp 10.0.2.109 51699 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:23:43.432610 0.000000 tcp 10.0.2.109 51699 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:28:39.060256 3.027659 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 18:28:46.077805 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:28:54.079580 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:29:10.082095 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:29:42.097718 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:31:50.542695 0.000050 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 18:31:50.542796 0.585861 udp 10.0.2.109 3683 -> 119.234.155.27 5726 INT 0 1 288 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 18:31:51.128657 0.000000 icmp 119.234.155.27 0x0303 -> 10.0.2.109 0x5e16 URP 192 1 288 flow=Background 1970/02/26 18:32:06.827822 0.069422 tcp 10.0.2.109 51700 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:32:06.897713 0.031612 tcp 10.0.2.109 51701 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:32:06.929699 0.140524 tcp 10.0.2.109 51702 -> 195.113.214.215 443 SRPA* 0 0 32 17702 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:32:07.070889 0.290784 udp 10.0.2.109 3683 <-> 64.175.36.53 9080 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:07.327886 0.176245 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:07.487493 0.014829 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:07.523740 0.180911 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:07.696553 0.178577 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:07.852248 0.242752 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:08.056274 0.055661 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:08.116393 0.168623 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:08.311895 0.119058 rtp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:08.384373 0.145344 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:08.489277 0.150681 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2290 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:08.637878 0.103849 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:08.702938 0.114551 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2123 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:08.780969 0.173109 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:08.951520 0.071956 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2385 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:09.005065 0.354141 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:09.355290 0.216051 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:09.568280 0.179700 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2421 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:09.723284 0.200904 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:09.916249 0.088507 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2220 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:09.970191 0.145801 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2105 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:10.108384 0.233403 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2198 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:10.331969 0.418330 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:10.732076 0.100967 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2499 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:10.807877 0.043661 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:10.864056 0.050900 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:10.911164 0.059009 udp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:10.954807 0.164021 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:11.110679 0.441580 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:11.566704 0.157708 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2396 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:11.708314 0.060919 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:11.847238 0.123756 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:11.938391 0.281389 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:12.200640 0.253887 udp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:12.434759 0.104942 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:12.505822 0.078497 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:12.585653 0.352635 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2402 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:12.937294 0.563033 udp 10.0.2.109 3683 <-> 190.119.24.153 5253 CON 0 0 6 2359 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:13.492256 0.055367 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2316 flow=From-Botnet-V1-UDP-Established 1970/02/26 18:32:19.454926 3.003849 tcp 10.0.2.109 51703 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:32:28.456987 0.000000 tcp 10.0.2.109 51703 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:32:34.456615 0.052304 tcp 10.0.2.109 51704 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:32:34.509215 0.052870 tcp 10.0.2.109 51705 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:32:34.562404 0.146432 tcp 10.0.2.109 51706 -> 195.113.214.215 443 SRPA* 0 0 22 11822 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:32:34.718792 3.001567 tcp 10.0.2.109 51707 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:32:43.718537 0.000000 tcp 10.0.2.109 51707 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:35:46.103694 3.001636 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 18:35:53.111865 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:36:01.112840 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:36:17.115643 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:36:49.121843 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:37:49.719843 0.000064 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 18:37:49.719957 2.993218 tcp 10.0.2.109 51708 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:37:58.711790 0.000000 tcp 10.0.2.109 51708 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:38:04.722408 0.062964 tcp 10.0.2.109 51709 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:38:04.785625 0.053357 tcp 10.0.2.109 51710 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:38:04.839440 0.143456 tcp 10.0.2.109 51711 -> 195.113.214.215 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:38:05.005123 3.000322 tcp 10.0.2.109 51712 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:38:14.003885 0.000000 tcp 10.0.2.109 51712 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:42:53.128093 3.011348 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 18:43:00.145301 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:43:08.147171 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:43:20.004187 0.000097 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 18:43:20.004373 3.003685 tcp 10.0.2.109 51713 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:43:24.149683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:43:29.006831 0.000000 tcp 10.0.2.109 51713 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:43:35.007360 0.052895 tcp 10.0.2.109 51714 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:43:35.060628 0.053369 tcp 10.0.2.109 51715 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:43:35.114291 0.141605 tcp 10.0.2.109 51716 -> 195.113.214.215 443 SRPA* 0 0 41 23322 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:43:35.266693 3.003207 tcp 10.0.2.109 51717 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:43:44.268821 0.000000 tcp 10.0.2.109 51717 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:43:56.155680 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:48:50.268880 0.052886 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 18:48:50.321926 2.962884 tcp 10.0.2.109 51718 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:48:59.261573 0.000000 tcp 10.0.2.109 51718 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:49:05.282615 0.032198 tcp 10.0.2.109 51719 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:49:05.315065 0.052686 tcp 10.0.2.109 51720 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:49:05.368051 0.144598 tcp 10.0.2.109 51721 -> 195.113.214.215 443 SRPA* 0 0 24 12178 flow=From-Botnet-V1-TCP-Established 1970/02/26 18:49:05.532590 3.002345 tcp 10.0.2.109 51722 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:49:14.533429 0.000000 tcp 10.0.2.109 51722 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 18:50:00.162421 3.176846 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 18:50:07.305647 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:50:15.229574 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:50:31.183889 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:51:03.189549 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:57:07.196483 3.001444 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 18:57:14.203047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:57:22.204588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:57:38.207830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 18:58:10.213785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:02:30.217866 0.060980 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:02:30.279004 0.013535 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2012 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:30.320210 0.183100 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:30.496045 0.177254 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:30.651815 0.000000 udp 10.0.2.109 3683 -> 64.175.36.53 9080 INT 0 1 119 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 19:02:35.599097 2.990124 tcp 10.0.2.109 51723 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:02:44.588186 0.000000 tcp 10.0.2.109 51723 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:02:46.913075 0.053047 tcp 10.0.2.109 51724 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:02:46.966476 0.051932 tcp 10.0.2.109 51725 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:02:47.018735 0.168490 tcp 10.0.2.109 51726 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:02:47.187880 0.177043 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:47.348369 0.241479 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2259 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:47.552972 0.054871 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2483 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:47.821702 0.178199 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:47.992699 0.121079 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:48.067589 0.152752 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2245 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:48.182383 0.151216 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:48.331816 0.110116 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:48.401582 0.115985 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:48.479321 0.355005 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2399 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:48.830479 0.206098 udp 10.0.2.109 3683 <-> 99.121.105.245 9979 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:49.033864 0.179774 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2398 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:49.188175 0.183309 rtcp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2209 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:49.369508 0.071304 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2176 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:49.424830 0.207053 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2500 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:49.623587 1.174480 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2342 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:50.587323 0.051762 tcp 10.0.2.109 51727 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:02:50.639355 0.054265 tcp 10.0.2.109 51728 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:02:50.693884 0.142453 tcp 10.0.2.109 51729 -> 195.113.214.215 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:02:50.761051 0.146791 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2430 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:50.846692 2.994773 tcp 10.0.2.109 51730 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:02:50.900016 0.219140 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:51.108853 0.411362 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:51.503105 0.096610 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2067 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:51.578652 0.051343 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:51.642877 0.162080 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:51.795333 0.423689 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2294 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:52.220644 0.156733 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:52.360928 0.059509 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:52.512819 0.051701 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:52.561337 0.058489 udp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2307 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:52.645717 0.117785 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:52.731424 0.105916 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2044 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:52.819285 0.258609 rtp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:53.057886 0.101976 udp 10.0.2.109 3683 <-> 81.138.17.73 2120 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:53.127926 0.078158 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:53.239220 0.055370 rtp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2485 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:53.310500 0.364134 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2400 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:53.677039 0.570089 udp 10.0.2.109 3683 <-> 190.119.24.153 5253 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:02:59.850084 0.000000 tcp 10.0.2.109 51730 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:04:14.219619 3.022299 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 19:04:21.237298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:04:29.238628 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:04:45.241548 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:05:17.247593 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:08:05.840742 0.000091 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:08:05.840917 2.993673 tcp 10.0.2.109 51731 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:08:14.833005 0.000000 tcp 10.0.2.109 51731 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:08:20.843179 0.031941 tcp 10.0.2.109 51732 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:08:20.875328 0.052270 tcp 10.0.2.109 51733 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:08:20.927891 0.143835 tcp 10.0.2.109 51734 -> 195.113.214.215 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:08:21.102406 3.004221 tcp 10.0.2.109 51735 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:08:30.105240 0.000000 tcp 10.0.2.109 51735 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:11:21.253626 3.012801 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 19:11:28.271123 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:11:36.272553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:11:52.275847 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:12:24.281757 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:13:36.105571 0.000056 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:13:36.105668 3.003544 tcp 10.0.2.109 51736 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:13:45.107957 0.000000 tcp 10.0.2.109 51736 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:13:51.108783 0.053839 tcp 10.0.2.109 51737 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:13:51.162904 0.052853 tcp 10.0.2.109 51738 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:13:51.216077 0.141850 tcp 10.0.2.109 51739 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:13:51.367616 3.003675 tcp 10.0.2.109 51740 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:14:00.379792 0.000000 tcp 10.0.2.109 51740 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:18:28.287924 3.005549 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 19:18:35.296884 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:18:43.296901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:18:59.299723 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:19:06.370099 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:19:06.370242 2.994279 tcp 10.0.2.109 51741 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:19:15.363062 0.000000 tcp 10.0.2.109 51741 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:19:21.372996 0.032318 tcp 10.0.2.109 51742 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:19:21.405591 0.031050 tcp 10.0.2.109 51743 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:19:21.436949 0.141252 tcp 10.0.2.109 51744 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:19:21.592417 3.003541 tcp 10.0.2.109 51745 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:19:30.594661 0.000000 tcp 10.0.2.109 51745 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:19:31.305667 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:24:36.595069 0.018641 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:24:36.613877 2.984789 tcp 10.0.2.109 51746 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:24:45.597520 0.000000 tcp 10.0.2.109 51746 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:24:51.608773 0.031175 tcp 10.0.2.109 51747 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:24:51.640228 0.066952 tcp 10.0.2.109 51748 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:24:51.707471 0.140912 tcp 10.0.2.109 51749 -> 195.113.214.215 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:24:51.867859 3.003508 tcp 10.0.2.109 51750 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:25:00.869473 0.000000 tcp 10.0.2.109 51750 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:25:35.311488 3.001879 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 19:25:42.319237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:25:50.320654 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:26:06.323823 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:26:38.491782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:32:42.345663 3.031751 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 19:32:49.363310 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:32:57.364834 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:33:02.842590 0.000105 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:33:02.842801 0.000000 udp 10.0.2.109 3683 -> 64.175.36.53 9080 INT 0 1 131 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 19:33:13.368040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:33:20.239344 0.031487 tcp 10.0.2.109 51751 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:33:20.271103 0.031860 tcp 10.0.2.109 51752 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:33:20.303290 0.141932 tcp 10.0.2.109 51753 -> 195.113.214.215 443 SRPA* 0 0 23 12996 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:33:20.445714 0.181005 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2142 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:20.620545 0.013996 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:20.655237 0.176994 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2250 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:20.811511 0.054123 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2221 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:20.870883 0.175853 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:21.031368 0.242793 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:21.236001 0.171834 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:21.409256 0.108931 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2079 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:21.476315 0.139135 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2069 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:21.582252 0.150671 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2444 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:21.731051 0.104579 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:21.795221 0.113411 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:21.869140 0.353496 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2096 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:21.880381 2.994121 tcp 10.0.2.109 51754 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:33:22.218639 0.249329 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:22.464175 0.073673 rtp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2339 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:22.520871 0.186424 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2362 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:22.699730 0.000000 udp 10.0.2.109 3683 -> 99.121.105.245 9979 INT 0 1 133 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 19:33:30.872698 0.000000 tcp 10.0.2.109 51754 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:33:36.882279 0.031414 tcp 10.0.2.109 51755 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:33:36.913954 0.052558 tcp 10.0.2.109 51756 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:33:36.966867 0.140818 tcp 10.0.2.109 51757 -> 195.113.214.215 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:33:37.135556 3.000248 tcp 10.0.2.109 51758 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:33:41.018074 0.052382 tcp 10.0.2.109 51759 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:33:41.070802 0.032189 tcp 10.0.2.109 51760 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:33:41.103338 0.128063 tcp 10.0.2.109 51761 -> 195.113.214.215 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:33:41.231960 0.178726 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:41.386157 0.148257 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2200 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:41.498642 0.417541 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:41.899635 0.098416 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:41.976817 0.061709 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2363 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:42.048724 0.157686 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2132 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:42.198686 0.137712 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:42.331521 0.227900 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:42.549564 0.444052 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.004751 0.154909 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2458 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.143590 0.061555 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2321 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.190086 0.051949 rtp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.243974 0.064193 udp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2219 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.293679 0.116251 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2238 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.377687 0.097253 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.456169 0.076362 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.533938 0.054480 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.589675 0.346076 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:43.955036 0.251478 udp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/26 19:33:44.187690 0.000000 udp 10.0.2.109 3683 -> 81.138.17.73 2120 INT 0 1 278 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 19:33:45.373615 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:33:46.134883 0.000000 tcp 10.0.2.109 51758 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:34:02.548557 0.053390 tcp 10.0.2.109 51762 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:34:02.602239 0.032648 tcp 10.0.2.109 51763 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:34:02.635251 0.124510 tcp 10.0.2.109 51764 -> 195.113.214.215 443 SRPA* 0 0 20 10880 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:34:02.760464 0.000000 udp 10.0.2.109 3683 -> 190.119.24.153 5253 INT 0 1 115 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 19:34:19.253052 0.051668 tcp 10.0.2.109 51765 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:34:19.305102 0.053395 tcp 10.0.2.109 51766 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:34:19.358783 0.142000 tcp 10.0.2.109 51767 -> 195.113.214.215 443 SRPA* 0 0 32 20802 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:38:52.139848 0.031144 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:38:52.171130 2.982430 tcp 10.0.2.109 51768 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:39:04.417427 0.000000 tcp 10.0.2.109 51768 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:39:10.345234 0.053060 tcp 10.0.2.109 51769 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:39:10.398548 0.067837 tcp 10.0.2.109 51770 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:39:10.466698 0.139600 tcp 10.0.2.109 51771 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:39:10.660622 2.956534 tcp 10.0.2.109 51772 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:39:19.536447 0.000000 tcp 10.0.2.109 51772 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:39:51.994027 2.952986 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 19:39:58.903354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:40:06.791007 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:40:22.562169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:40:54.115968 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:44:22.470452 0.040012 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:44:22.510626 2.966356 tcp 10.0.2.109 51773 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:44:31.462778 0.000000 tcp 10.0.2.109 51773 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:44:37.483022 0.031186 tcp 10.0.2.109 51774 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:44:37.514503 0.041090 tcp 10.0.2.109 51775 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:44:37.555892 0.142138 tcp 10.0.2.109 51776 -> 195.113.214.215 443 SRPA* 0 0 21 11768 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:44:37.719042 2.996672 tcp 10.0.2.109 51777 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:44:46.719581 0.000000 tcp 10.0.2.109 51777 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:46:56.404509 3.000818 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 19:47:03.411137 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:47:11.412634 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:47:27.415508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:47:59.421567 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:49:52.715095 0.000078 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:49:52.715241 3.003577 tcp 10.0.2.109 51778 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:50:01.717443 0.000000 tcp 10.0.2.109 51778 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:50:07.717638 0.053653 tcp 10.0.2.109 51779 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:50:07.771570 0.054733 tcp 10.0.2.109 51780 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:50:07.826705 0.126944 tcp 10.0.2.109 51781 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:50:07.963286 3.007139 tcp 10.0.2.109 51782 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:50:16.969258 0.000000 tcp 10.0.2.109 51782 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:54:03.427831 3.012839 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 19:54:10.444971 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:54:18.446626 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:54:34.449411 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:55:06.455370 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 19:55:22.959766 0.000119 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 19:55:22.959981 2.993734 tcp 10.0.2.109 51783 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:55:31.952126 0.000000 tcp 10.0.2.109 51783 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:55:37.962680 0.053622 tcp 10.0.2.109 51784 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:55:38.016564 0.032734 tcp 10.0.2.109 51785 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:55:38.049598 0.127132 tcp 10.0.2.109 51786 -> 195.113.214.215 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/26 19:55:38.196644 2.998998 tcp 10.0.2.109 51787 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 19:55:47.195901 0.000000 tcp 10.0.2.109 51787 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:01:10.465454 3.022993 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 20:01:17.478814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:01:25.480423 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:01:41.483417 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:02:13.489734 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:04:26.651100 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 20:04:26.651255 0.000000 udp 10.0.2.109 3683 -> 99.121.105.245 9979 INT 0 1 139 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 20:04:41.824491 4.944459 tcp 10.0.2.109 51788 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:04:46.769213 0.285484 tcp 10.0.2.109 51789 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:04:47.055086 0.123853 tcp 10.0.2.109 51790 -> 195.113.214.215 443 SRPA* 0 0 21 12888 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:04:47.179520 0.000000 udp 10.0.2.109 3683 -> 81.138.17.73 2120 INT 0 1 202 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 20:05:03.478762 0.030903 tcp 10.0.2.109 51791 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:05:03.509998 0.032061 tcp 10.0.2.109 51792 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:05:03.542351 0.174823 tcp 10.0.2.109 51793 -> 195.113.214.215 443 SRPA* 0 0 20 11336 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:05:03.717759 0.000000 udp 10.0.2.109 3683 -> 190.119.24.153 5253 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 20:05:19.991642 0.030822 tcp 10.0.2.109 51794 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:05:20.022818 0.031888 tcp 10.0.2.109 51795 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:05:20.055224 0.121810 tcp 10.0.2.109 51796 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:05:20.177639 0.296283 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:20.452761 0.014049 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2451 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:20.508799 0.180925 rtp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:20.682947 0.168188 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:20.845431 0.122213 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2320 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:20.917166 0.149900 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2388 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:21.025002 0.150820 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:21.173994 0.101365 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:21.235895 0.175118 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2381 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:21.395020 0.239766 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2113 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:21.599539 0.054376 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:21.667976 0.199720 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2373 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:21.859831 0.354370 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2355 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:22.299632 0.113008 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2049 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:22.375077 0.178776 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:22.628440 0.074592 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2407 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:22.743009 0.182287 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2228 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:22.901486 0.463967 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:23.330782 0.137046 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2443 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:23.463582 0.220454 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2274 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:23.673912 0.047585 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2116 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:23.785902 0.096436 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2082 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:23.860633 0.418591 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:24.263426 0.167282 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:24.431505 0.058764 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2237 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:24.474965 0.051891 rtp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:24.523440 0.059128 udp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:24.587647 0.121504 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2279 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:24.675849 0.092623 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2186 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:25.000870 0.076110 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2304 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:25.582465 0.054521 udp 10.0.2.109 3683 <-> 5.178.194.36 3636 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:25.784206 0.419802 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2427 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:26.216062 0.253289 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2227 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:26.453154 0.252324 udp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:26.686524 0.359692 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:05:27.814316 2.965693 tcp 10.0.2.109 51797 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:05:36.694411 0.000000 tcp 10.0.2.109 51797 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:05:42.608829 0.062628 tcp 10.0.2.109 51798 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:05:42.671802 0.053971 tcp 10.0.2.109 51799 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:05:42.726275 0.127312 tcp 10.0.2.109 51800 -> 195.113.214.215 443 SRPA* 0 0 21 11390 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:05:42.946539 2.958081 tcp 10.0.2.109 51801 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:05:51.824277 0.000000 tcp 10.0.2.109 51801 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:08:19.670439 2.962620 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 20:08:26.592335 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:08:34.486092 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:08:50.266990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:09:21.821014 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:10:53.609067 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 20:10:53.609221 2.952502 tcp 10.0.2.109 51802 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:11:02.569942 0.000000 tcp 10.0.2.109 51802 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:11:08.570449 0.031972 tcp 10.0.2.109 51803 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:11:08.602746 0.058420 tcp 10.0.2.109 51804 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:11:08.661487 0.126730 tcp 10.0.2.109 51805 -> 195.113.214.215 443 SRPA* 0 0 21 10934 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:11:08.828714 2.989893 tcp 10.0.2.109 51806 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:11:17.802816 0.000000 tcp 10.0.2.109 51806 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:15:24.520097 3.024298 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 20:15:31.536687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:15:39.538081 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:15:55.541489 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:16:23.802914 0.000048 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 20:16:23.803029 3.007379 tcp 10.0.2.109 51807 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:16:27.550564 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:16:32.804917 0.000000 tcp 10.0.2.109 51807 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:16:38.805598 0.039215 tcp 10.0.2.109 51808 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:16:38.845114 0.032028 tcp 10.0.2.109 51809 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:16:38.877487 0.124063 tcp 10.0.2.109 51810 -> 195.113.214.215 443 SRPA* 0 0 21 11428 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:16:39.027670 3.000860 tcp 10.0.2.109 51811 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:16:48.026709 0.000000 tcp 10.0.2.109 51811 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:21:54.026879 0.087772 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 20:21:54.114810 2.968131 tcp 10.0.2.109 51812 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:22:03.042637 0.000000 tcp 10.0.2.109 51812 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:22:09.039547 0.031861 tcp 10.0.2.109 51813 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:22:09.071699 0.053306 tcp 10.0.2.109 51814 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:22:09.125277 0.123869 tcp 10.0.2.109 51815 -> 195.113.214.215 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:22:09.463726 2.999392 tcp 10.0.2.109 51816 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:22:18.461820 0.000000 tcp 10.0.2.109 51816 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:22:31.553173 3.001975 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 20:22:38.561744 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:22:46.562381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:23:02.565282 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:23:34.571312 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:29:38.577088 4.844167 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 20:29:47.379464 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:29:55.278812 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:30:11.074016 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:30:42.677841 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:35:23.120534 0.000046 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 20:35:23.120627 0.176601 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:23.277388 0.013987 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:23.319623 0.180815 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2182 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:23.491739 0.169466 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2422 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:23.652771 0.121052 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:23.727531 0.138531 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:23.829189 0.150852 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2370 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:23.977918 0.102526 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:24.043198 0.268559 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:24.276066 0.185705 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:24.455184 0.352936 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:24.512973 3.003626 tcp 10.0.2.109 51817 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:35:24.804833 0.114747 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2222 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:24.881884 0.242975 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2303 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:25.088460 0.055310 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:25.153020 0.180226 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:25.330529 0.072461 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2530 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:25.384227 0.179003 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2344 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:25.540776 0.720862 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:26.228218 0.137699 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2065 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:26.358313 0.098806 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2224 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:26.458418 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 221 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 20:35:33.514873 0.000000 tcp 10.0.2.109 51817 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:35:39.515392 0.031181 tcp 10.0.2.109 51818 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:35:39.546836 0.031776 tcp 10.0.2.109 51819 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:35:39.578876 0.128145 tcp 10.0.2.109 51820 -> 195.113.214.215 443 SRPA* 0 0 39 31702 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:35:39.726376 3.001624 tcp 10.0.2.109 51821 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:35:41.887499 0.030890 tcp 10.0.2.109 51822 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:35:41.918693 0.032301 tcp 10.0.2.109 51823 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:35:41.951263 0.127505 tcp 10.0.2.109 51824 -> 195.113.214.215 443 SRPA* 0 0 39 33048 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:35:42.079255 0.222922 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2375 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:42.292692 0.061102 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:42.373061 0.219602 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2380 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:42.583213 0.049393 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:42.630304 0.046462 rtp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2310 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:42.672922 0.059612 udp 10.0.2.109 3683 <-> 87.153.123.16 4545 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:42.717894 0.117042 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:42.801086 0.255887 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:43.036642 0.422642 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:43.467322 0.156227 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:43.607675 0.076314 rtp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:35:43.707626 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 274 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 20:35:48.726883 0.000000 tcp 10.0.2.109 51821 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:35:59.393032 0.031068 tcp 10.0.2.109 51825 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:35:59.424363 0.053447 tcp 10.0.2.109 51826 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:35:59.478289 0.125930 tcp 10.0.2.109 51827 -> 195.113.214.215 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:35:59.604873 0.325655 udp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2432 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:36:00.367754 0.363958 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2332 flow=From-Botnet-V1-UDP-Established 1970/02/26 20:36:45.611401 3.001686 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 20:36:52.618701 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:37:00.620460 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:37:16.623235 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:37:48.629231 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:40:54.727528 0.051736 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 20:40:54.779469 2.962990 tcp 10.0.2.109 51828 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:41:03.729782 0.000000 tcp 10.0.2.109 51828 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:41:09.740295 0.031664 tcp 10.0.2.109 51829 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:41:09.772195 0.031593 tcp 10.0.2.109 51830 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:41:09.803731 0.126519 tcp 10.0.2.109 51831 -> 195.113.214.215 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:41:09.940002 2.992882 tcp 10.0.2.109 51832 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:41:18.931827 0.000000 tcp 10.0.2.109 51832 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:43:52.638019 2.998964 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 20:43:59.642941 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:44:07.644562 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:44:23.647360 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:44:55.653446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:46:24.942266 0.000060 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 20:46:24.942447 3.005203 tcp 10.0.2.109 51833 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:46:33.944502 0.000000 tcp 10.0.2.109 51833 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:46:39.944787 0.031413 tcp 10.0.2.109 51834 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:46:39.976508 0.250799 tcp 10.0.2.109 51835 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:46:40.227614 0.125074 tcp 10.0.2.109 51836 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:46:40.361295 3.006926 tcp 10.0.2.109 51837 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:46:49.367017 0.000000 tcp 10.0.2.109 51837 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:50:59.659401 3.017027 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 20:51:06.677026 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:51:14.678862 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:51:30.681573 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:51:55.357158 0.000069 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 20:51:55.357310 3.003925 tcp 10.0.2.109 51838 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:52:02.687172 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:52:04.359776 0.000000 tcp 10.0.2.109 51838 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:52:10.360200 0.032327 tcp 10.0.2.109 51839 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:52:10.392900 0.031628 tcp 10.0.2.109 51840 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:52:10.424813 0.123750 tcp 10.0.2.109 51841 -> 195.113.214.215 443 SRPA* 0 0 35 19284 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:52:10.602484 3.000538 tcp 10.0.2.109 51842 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:52:19.602880 0.000000 tcp 10.0.2.109 51842 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:57:25.602399 0.000079 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 20:57:25.602641 3.003162 tcp 10.0.2.109 51843 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:57:34.604590 0.000000 tcp 10.0.2.109 51843 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:57:40.605246 0.031301 tcp 10.0.2.109 51844 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:57:40.636834 0.031964 tcp 10.0.2.109 51845 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:57:40.669087 0.123598 tcp 10.0.2.109 51846 -> 195.113.214.215 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/26 20:57:40.818940 2.998777 tcp 10.0.2.109 51847 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:57:49.815948 0.000000 tcp 10.0.2.109 51847 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 20:58:06.693217 3.001619 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 20:58:13.700880 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:58:21.702788 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:58:37.705134 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 20:59:09.711561 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:05:13.717868 3.000655 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 21:05:20.724646 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:05:28.726169 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:05:44.729230 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:06:16.735057 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:06:27.221232 0.000125 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 21:06:27.221519 0.430673 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:27.636034 0.000000 udp 10.0.2.109 3683 -> 5.178.194.36 3636 INT 0 1 196 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 21:06:40.840439 2.994101 tcp 10.0.2.109 51848 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:06:45.939121 0.052460 tcp 10.0.2.109 51849 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:06:45.991854 0.032242 tcp 10.0.2.109 51850 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:06:46.024416 0.139518 tcp 10.0.2.109 51851 -> 195.113.214.215 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:06:46.164664 0.164990 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2147 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:46.345849 0.121380 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:46.425065 0.154175 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2232 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:46.540799 0.181141 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2305 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:46.714820 0.013953 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:46.745554 0.177511 rtp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2324 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:46.902401 0.185590 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2131 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:47.080816 0.353768 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2583 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:47.430694 0.106722 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2439 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:47.498359 0.151183 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2484 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:47.647514 0.178048 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2687 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:47.808257 0.177457 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:47.981279 0.071306 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2262 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:48.036618 0.183983 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2333 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:48.220982 0.056578 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:48.312837 0.259794 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:48.536752 0.117061 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2349 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:48.613434 0.099869 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2249 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:48.691327 0.133889 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2674 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:48.817533 1.352915 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2365 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:49.833041 0.000000 tcp 10.0.2.109 51848 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:06:50.132605 0.060518 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2474 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:50.176625 0.219592 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:50.386389 0.053973 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:50.432391 0.047416 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:06:50.488956 0.000000 udp 10.0.2.109 3683 -> 87.153.123.16 4545 INT 0 1 275 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 21:06:55.842610 0.052170 tcp 10.0.2.109 51852 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:06:55.895125 0.052700 tcp 10.0.2.109 51853 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:06:55.948174 0.122939 tcp 10.0.2.109 51854 -> 195.113.214.215 443 SRPA* 0 0 35 19284 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:06:56.093852 3.002400 tcp 10.0.2.109 51855 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:07:05.094646 0.000000 tcp 10.0.2.109 51855 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:07:08.219955 0.031350 tcp 10.0.2.109 51856 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:07:08.251725 0.031943 tcp 10.0.2.109 51857 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:07:08.283981 0.133934 tcp 10.0.2.109 51858 -> 195.113.214.215 443 SRPA* 0 0 22 12942 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:07:08.418637 0.156832 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:07:08.539322 0.223795 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2206 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:07:08.763091 0.076543 rtp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2194 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:07:08.949675 0.410206 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2442 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:07:09.402465 0.143876 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2244 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:07:09.528224 0.158551 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2064 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:07:09.785724 0.250755 udp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:07:10.018365 0.342896 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:12:11.095335 0.016926 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 21:12:11.112313 2.986957 tcp 10.0.2.109 51859 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:12:20.098040 0.000000 tcp 10.0.2.109 51859 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:12:20.741578 3.001288 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 21:12:26.108085 0.031367 tcp 10.0.2.109 51860 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:12:26.139746 0.031418 tcp 10.0.2.109 51861 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:12:26.171436 0.122503 tcp 10.0.2.109 51862 -> 195.113.214.215 443 SRPA* 0 0 20 10918 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:12:26.371958 3.008954 tcp 10.0.2.109 51863 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:12:27.748775 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:12:35.379776 0.000000 tcp 10.0.2.109 51863 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:12:35.749791 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:12:51.753062 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:13:23.759184 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:17:41.370453 0.022718 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 21:17:41.393355 2.974902 tcp 10.0.2.109 51864 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:17:50.362620 0.000000 tcp 10.0.2.109 51864 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:17:56.382912 0.032124 tcp 10.0.2.109 51865 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:17:56.415310 0.032364 tcp 10.0.2.109 51866 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:17:56.447958 0.147576 tcp 10.0.2.109 51867 -> 195.113.214.215 443 SRPA* 0 0 22 12940 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:17:56.609116 2.996764 tcp 10.0.2.109 51868 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:18:05.604537 0.000000 tcp 10.0.2.109 51868 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:19:27.765733 4.200353 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 21:19:35.916996 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:19:43.817458 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:19:59.626408 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:20:31.241637 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:23:11.622781 0.015321 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 21:23:11.638247 3.018544 tcp 10.0.2.109 51869 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:23:20.616963 0.000000 tcp 10.0.2.109 51869 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:23:26.618000 0.031937 tcp 10.0.2.109 51870 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:23:26.650296 0.052558 tcp 10.0.2.109 51871 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:23:26.703131 0.124779 tcp 10.0.2.109 51872 -> 195.113.214.215 443 SRPA* 0 0 21 10934 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:23:26.862409 3.008344 tcp 10.0.2.109 51873 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:23:35.868897 0.000000 tcp 10.0.2.109 51873 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:26:34.800937 3.000094 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 21:26:41.806715 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:26:49.808446 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:27:05.811177 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:27:37.817097 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:28:41.859569 0.000086 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 21:28:41.859737 2.993694 tcp 10.0.2.109 51874 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:28:50.852198 0.000000 tcp 10.0.2.109 51874 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:28:56.862708 0.053472 tcp 10.0.2.109 51875 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:28:56.916502 0.045817 tcp 10.0.2.109 51876 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:28:56.962650 0.124601 tcp 10.0.2.109 51877 -> 195.113.214.215 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:28:57.114960 3.000253 tcp 10.0.2.109 51878 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:29:06.114634 0.000000 tcp 10.0.2.109 51878 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:33:41.824289 3.026328 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 21:33:48.839961 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:33:56.842040 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:34:12.845147 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:34:44.851381 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:37:21.616947 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 21:37:21.617108 0.000000 udp 10.0.2.109 3683 -> 87.153.123.16 4545 INT 0 1 113 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 21:37:37.081305 0.056685 tcp 10.0.2.109 51879 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:37:37.138252 0.086508 tcp 10.0.2.109 51880 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:37:37.225073 0.142838 tcp 10.0.2.109 51881 -> 195.113.214.215 443 SRPA* 0 0 23 12124 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:37:37.368628 0.435022 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:37.783931 0.125416 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2441 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:37.912340 0.154396 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2296 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:38.027749 0.180404 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:38.199921 0.013817 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:38.233020 0.168799 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2188 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:38.426969 0.108222 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2183 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:38.498556 0.177110 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2173 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:38.655964 0.186337 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2418 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:38.835029 0.183484 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:38.994711 0.149898 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 1988 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:39.142931 0.354179 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2491 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:39.493362 0.070136 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2335 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:39.545642 0.177194 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2014 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:39.702499 0.055691 rtp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:39.832879 0.244185 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2512 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:40.040099 0.124511 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2513 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:40.158930 0.098135 rtp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2225 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:40.277985 0.140465 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:40.413079 0.175567 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2260 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:40.586002 0.051736 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:40.669372 0.046422 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2210 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:40.712120 0.111347 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2269 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:40.787906 0.059481 rtp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2112 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:40.831365 0.219308 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2286 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:41.041698 0.125257 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2216 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:41.133192 0.151051 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2271 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:41.275427 0.091682 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2066 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:41.349143 0.155695 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2287 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:41.488373 0.078303 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2097 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:41.567971 0.419988 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2115 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:41.989299 0.322275 rtp 10.0.2.109 3683 <-> 63.155.74.45 1389 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:42.136081 3.004327 tcp 10.0.2.109 51882 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:37:42.288661 0.356956 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2278 flow=From-Botnet-V1-UDP-Established 1970/02/26 21:37:51.138868 0.000000 tcp 10.0.2.109 51882 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:37:57.138454 0.031373 tcp 10.0.2.109 51883 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:37:57.170181 0.052663 tcp 10.0.2.109 51884 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:37:57.223157 0.127588 tcp 10.0.2.109 51885 -> 195.113.214.215 443 SRPA* 0 0 19 10030 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:37:57.359627 2.992477 tcp 10.0.2.109 51886 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:38:06.360793 0.000000 tcp 10.0.2.109 51886 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:40:48.856397 3.002256 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 21:40:55.864735 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:41:03.865611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:41:19.868663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:41:51.875110 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:43:12.365472 0.000059 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 21:43:12.365617 2.999528 tcp 10.0.2.109 51887 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:43:21.363760 0.000000 tcp 10.0.2.109 51887 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:43:27.364797 0.087095 tcp 10.0.2.109 51888 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:43:27.452188 0.053308 tcp 10.0.2.109 51889 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:43:27.505776 0.123640 tcp 10.0.2.109 51890 -> 195.113.214.215 443 SRPA* 0 0 20 11374 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:43:29.784838 2.975457 tcp 10.0.2.109 51891 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:43:38.702567 0.000000 tcp 10.0.2.109 51891 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:47:55.881100 3.001949 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 21:48:02.888511 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:48:10.889990 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:48:26.893262 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:48:44.568938 0.000106 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 21:48:44.569121 2.993570 tcp 10.0.2.109 51892 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:48:53.561463 0.000000 tcp 10.0.2.109 51892 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:48:58.899061 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:48:59.571510 0.031387 tcp 10.0.2.109 51893 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:48:59.603155 0.052148 tcp 10.0.2.109 51894 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:48:59.655622 0.142239 tcp 10.0.2.109 51895 -> 195.113.214.215 443 SRPA* 0 0 33 19216 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:48:59.829493 2.985367 tcp 10.0.2.109 51896 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:49:08.813158 0.000000 tcp 10.0.2.109 51896 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:54:14.813694 0.253365 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 21:54:15.067194 2.965083 tcp 10.0.2.109 51897 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:54:23.972565 0.000000 tcp 10.0.2.109 51897 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:54:29.926803 0.032766 tcp 10.0.2.109 51898 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:54:29.959966 0.031692 tcp 10.0.2.109 51899 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:54:29.991975 0.121974 tcp 10.0.2.109 51900 -> 195.113.214.215 443 SRPA* 0 0 20 10084 flow=From-Botnet-V1-TCP-Established 1970/02/26 21:54:30.128685 2.968623 tcp 10.0.2.109 51901 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:54:39.038538 0.000000 tcp 10.0.2.109 51901 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 21:55:02.933422 2.975241 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 21:55:09.912583 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:55:17.913782 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:55:33.916749 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 21:56:05.923194 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:02:09.929075 3.054874 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 22:02:16.966608 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:02:24.948290 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:02:40.950950 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:03:12.957354 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:08:11.496490 0.000135 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 22:08:11.496754 0.417094 udp 10.0.2.109 3683 <-> 203.45.40.165 2444 CON 0 0 6 2313 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:11.894855 0.161326 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2192 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:12.013861 0.172879 rtp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2178 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:12.147917 0.180937 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:12.319691 0.013747 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:12.361158 0.172708 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2158 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:12.535264 0.100805 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:12.599731 0.179506 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:12.757307 0.186211 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2337 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:12.935646 0.352708 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2076 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:13.284953 0.074609 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2361 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:13.348110 0.179574 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2252 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:13.504593 0.055379 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:13.561588 0.176677 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2494 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:13.720332 0.150699 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2367 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:13.869443 0.240485 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2148 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.076551 0.121062 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.157933 0.100019 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2217 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.236778 0.138575 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2435 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.367758 0.179476 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2282 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.543938 0.050719 rtp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2133 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.588940 0.045762 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.653098 0.091962 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.708083 0.059953 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2369 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.771923 0.236802 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2405 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:14.998405 0.126163 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2576 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:15.082584 3.003147 tcp 10.0.2.109 51902 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:08:15.088980 0.162963 rtp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2254 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:15.240263 0.228012 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2152 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:15.449626 0.156893 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2424 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:15.590035 0.075976 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2409 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:15.688491 0.353493 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:16.043706 0.435785 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2465 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:08:16.487417 0.000000 udp 10.0.2.109 3683 -> 63.155.74.45 1389 INT 0 1 138 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 22:08:24.088327 0.000000 tcp 10.0.2.109 51902 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:08:30.085320 0.036506 tcp 10.0.2.109 51903 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:08:30.122233 0.053186 tcp 10.0.2.109 51904 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:08:30.175684 0.124316 tcp 10.0.2.109 51905 -> 195.113.214.215 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:08:30.314596 3.003060 tcp 10.0.2.109 51906 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:08:32.386889 0.033731 tcp 10.0.2.109 51907 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:08:32.420876 0.052558 tcp 10.0.2.109 51908 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:08:32.473691 0.138338 tcp 10.0.2.109 51909 -> 195.113.214.215 443 SRPA* 0 0 33 18760 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:08:39.316529 0.000000 tcp 10.0.2.109 51906 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:09:16.963615 3.000857 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 22:09:23.971403 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:09:31.971931 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:09:47.975130 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:10:19.981185 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:13:45.316559 0.015469 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 22:13:45.332173 2.989614 tcp 10.0.2.109 51910 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:13:54.319274 0.000000 tcp 10.0.2.109 51910 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:14:00.329652 0.043231 tcp 10.0.2.109 51911 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:14:00.373198 0.070449 tcp 10.0.2.109 51912 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:14:00.443928 0.125999 tcp 10.0.2.109 51913 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:14:00.598320 2.994308 tcp 10.0.2.109 51914 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:14:09.601193 0.000000 tcp 10.0.2.109 51914 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:16:23.986451 3.023651 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 22:16:31.004874 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:16:39.006306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:16:55.009008 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:17:27.015346 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:19:15.591972 0.000073 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 22:19:15.592111 3.003343 tcp 10.0.2.109 51915 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:19:24.594395 0.000000 tcp 10.0.2.109 51915 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:19:30.594994 0.045283 tcp 10.0.2.109 51916 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:19:30.640510 0.054885 tcp 10.0.2.109 51917 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:19:30.695734 0.129857 tcp 10.0.2.109 51918 -> 195.113.214.215 443 SRPA* 0 0 20 10710 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:19:30.835173 3.002181 tcp 10.0.2.109 51919 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:19:39.835781 0.000000 tcp 10.0.2.109 51919 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:23:31.020397 3.002760 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 22:23:38.028474 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:23:46.029785 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:24:02.033981 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:24:34.039229 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:24:45.836338 0.000093 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 22:24:45.836515 3.003556 tcp 10.0.2.109 51920 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:24:54.838730 0.000000 tcp 10.0.2.109 51920 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:25:00.839002 0.046347 tcp 10.0.2.109 51921 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:25:00.885707 0.055977 tcp 10.0.2.109 51922 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:25:00.941937 0.141730 tcp 10.0.2.109 51923 -> 195.113.214.215 443 SRPA* 0 0 23 13830 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:25:01.094538 2.997660 tcp 10.0.2.109 51924 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:25:10.100931 0.000000 tcp 10.0.2.109 51924 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:30:38.045092 3.031714 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 22:30:45.066695 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:30:53.063663 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:31:09.067376 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:31:41.073074 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:37:45.081003 3.019627 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 22:37:52.096485 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:38:00.097830 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:38:16.100804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:38:45.383175 0.007766 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 22:38:45.391033 0.000000 udp 10.0.2.109 3683 -> 63.155.74.45 1389 INT 0 1 110 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 22:38:48.106957 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:39:01.979046 0.032273 tcp 10.0.2.109 51925 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:02.011686 0.053712 tcp 10.0.2.109 51926 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:02.065720 0.131507 tcp 10.0.2.109 51927 -> 195.113.214.215 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:02.197844 0.124396 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:02.271385 0.138725 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2175 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:02.371183 0.000000 udp 10.0.2.109 3683 -> 108.70.165.164 4638 INT 0 1 241 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 22:39:16.147534 3.003751 tcp 10.0.2.109 51928 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:39:17.800072 0.031493 tcp 10.0.2.109 51929 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:17.831831 0.033434 tcp 10.0.2.109 51930 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:17.865597 0.140219 tcp 10.0.2.109 51931 -> 195.113.214.215 443 SRPA* 0 0 40 31300 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:18.006780 0.013771 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2449 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:18.022785 0.170782 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2437 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:18.186212 0.101734 rtp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:18.249593 0.178647 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2257 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:18.406423 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 232 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 22:39:25.160499 0.000000 tcp 10.0.2.109 51928 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:39:31.148706 0.032465 tcp 10.0.2.109 51932 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:31.181421 0.056176 tcp 10.0.2.109 51933 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:31.237883 0.145146 tcp 10.0.2.109 51934 -> 195.113.214.215 443 SRPA* 0 0 21 10932 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:31.436118 2.997215 tcp 10.0.2.109 51935 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:39:36.416754 0.030870 tcp 10.0.2.109 51936 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:36.447888 0.054913 tcp 10.0.2.109 51937 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:36.503092 0.152059 tcp 10.0.2.109 51938 -> 195.113.214.215 443 SRPA* 0 0 23 14000 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:39:36.655688 0.179967 rtp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:36.813493 0.185308 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:39.261524 0.175165 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2280 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:40.431841 0.000000 tcp 10.0.2.109 51935 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:39:40.499698 0.186522 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2180 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:41.764292 0.354354 rtp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:42.114996 0.074019 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2434 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:42.527090 0.256603 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:43.204166 0.150716 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:43.955123 0.101412 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2281 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:44.615536 0.139050 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2134 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:44.746830 0.184668 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2572 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:45.392843 0.095807 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2284 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:45.775152 0.046092 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:47.847227 0.328079 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2391 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:48.139808 0.061278 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2569 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:48.371715 0.118487 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2501 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:48.448855 0.158847 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2401 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:48.664252 0.258292 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:48.901833 0.155947 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:49.110626 0.076051 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2024 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:49.211820 0.221455 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2447 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:49.422993 0.163681 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:49.552612 0.353179 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2213 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:39:49.904713 0.423144 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2482 flow=From-Botnet-V1-UDP-Established 1970/02/26 22:44:46.432385 0.014754 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 22:44:46.447245 2.989730 tcp 10.0.2.109 51939 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:44:52.112309 3.002610 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 22:44:55.435300 0.000000 tcp 10.0.2.109 51939 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:44:59.119824 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:45:01.447640 0.031740 tcp 10.0.2.109 51940 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:45:01.479712 0.054258 tcp 10.0.2.109 51941 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:45:01.534426 0.142497 tcp 10.0.2.109 51942 -> 195.113.214.215 443 SRPA* 0 0 31 23136 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:45:01.704328 3.004783 tcp 10.0.2.109 51943 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:45:07.121694 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:45:10.706994 0.000000 tcp 10.0.2.109 51943 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:45:23.124871 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:45:55.131047 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:50:16.697040 0.006293 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 22:50:16.703390 2.997697 tcp 10.0.2.109 51944 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:50:25.710219 0.000000 tcp 10.0.2.109 51944 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:50:31.700242 0.046743 tcp 10.0.2.109 51945 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:50:31.747264 0.053711 tcp 10.0.2.109 51946 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:50:31.801283 0.138278 tcp 10.0.2.109 51947 -> 195.113.214.215 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:50:31.966744 2.996540 tcp 10.0.2.109 51948 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:50:40.961981 0.000000 tcp 10.0.2.109 51948 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:51:59.137869 3.000890 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 22:52:06.144124 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:52:14.145710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:52:30.149306 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:53:02.154693 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:55:46.962267 0.000098 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 22:55:46.962452 3.003647 tcp 10.0.2.109 51949 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:55:55.964975 0.000000 tcp 10.0.2.109 51949 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:56:01.964912 0.031841 tcp 10.0.2.109 51950 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:56:01.997031 0.063350 tcp 10.0.2.109 51951 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:56:02.060681 0.146045 tcp 10.0.2.109 51952 -> 195.113.214.215 443 SRPA* 0 0 22 13112 flow=From-Botnet-V1-TCP-Established 1970/02/26 22:56:02.217280 3.000639 tcp 10.0.2.109 51953 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:56:11.216631 0.000000 tcp 10.0.2.109 51953 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 22:59:06.160463 3.001915 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 22:59:13.168657 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:59:21.169716 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 22:59:37.172742 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:00:13.386813 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:01:34.627358 0.000085 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 23:01:34.627527 2.955489 tcp 10.0.2.109 51954 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:01:43.997743 0.000000 tcp 10.0.2.109 51954 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:01:49.916034 0.032766 tcp 10.0.2.109 51955 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:01:49.949041 0.053859 tcp 10.0.2.109 51956 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:01:50.003187 0.145957 tcp 10.0.2.109 51957 -> 195.113.214.215 443 SRPA* 0 0 34 18852 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:01:50.160060 2.953509 tcp 10.0.2.109 51958 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:01:59.034328 0.000000 tcp 10.0.2.109 51958 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:06:27.002186 2.964089 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 23:06:33.913641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:06:41.806395 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:06:57.588588 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:07:29.140631 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:10:18.801304 0.000092 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 23:10:18.801488 0.000000 udp 10.0.2.109 3683 -> 203.45.40.165 2444 INT 0 1 141 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 23:10:37.198189 0.031687 tcp 10.0.2.109 51959 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:10:37.230316 0.053401 tcp 10.0.2.109 51960 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:10:37.284053 0.151197 tcp 10.0.2.109 51961 -> 195.113.214.215 443 SRPA* 0 0 35 27108 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:10:37.436223 0.181301 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2253 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:37.610315 0.121714 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:37.689251 0.148226 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2161 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:37.803714 0.105921 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:37.868436 0.175194 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2166 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:38.024820 0.013383 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2429 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:38.075618 0.164425 rtp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:38.241385 0.180790 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2299 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:38.397579 0.054166 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:38.453204 0.172717 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2104 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:38.610497 0.191225 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2461 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:38.795478 0.346525 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2234 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:39.138043 0.074429 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2563 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:39.193665 0.247036 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2445 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:39.402318 0.150260 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2136 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:39.550613 0.104850 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2403 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:39.794657 0.138802 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2376 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:39.925459 0.174713 rtp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2004 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:40.097381 0.058281 udp 10.0.2.109 3683 <-> 93.212.253.238 5834 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:40.153259 0.046946 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2256 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:40.257716 0.115587 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2004 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:40.338802 0.157245 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2008 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:40.488043 0.090170 rtp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:40.542412 0.060259 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:40.586445 0.000000 rtcp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 215 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 23:10:42.714038 2.962634 tcp 10.0.2.109 51962 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:10:51.589590 0.000000 tcp 10.0.2.109 51962 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:10:57.113621 0.033132 tcp 10.0.2.109 51963 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:10:57.147098 0.054135 tcp 10.0.2.109 51964 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:10:57.201535 0.146833 tcp 10.0.2.109 51965 -> 195.113.214.215 443 SRPA* 0 0 21 12470 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:10:57.348904 0.157679 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2240 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:57.490683 0.078986 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2297 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:57.499720 0.030972 tcp 10.0.2.109 51966 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:10:57.530947 0.055836 tcp 10.0.2.109 51967 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:10:57.571058 0.232428 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2201 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:57.587068 0.142079 tcp 10.0.2.109 51968 -> 195.113.214.215 443 SRPA* 0 0 22 12486 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:10:57.747641 2.955044 tcp 10.0.2.109 51969 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:10:57.793531 0.125182 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2408 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:57.884215 0.346784 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2578 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:10:58.232080 0.418820 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2492 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:11:06.624642 0.000000 tcp 10.0.2.109 51969 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:13:28.083518 2.952790 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/26 23:13:34.985814 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:13:42.875553 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:13:58.652556 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:14:30.221259 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:16:08.455588 0.000107 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 23:16:08.455813 2.950965 tcp 10.0.2.109 51970 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:16:17.321516 0.000000 tcp 10.0.2.109 51970 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:16:23.247442 0.045072 tcp 10.0.2.109 51971 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:16:23.292802 0.053249 tcp 10.0.2.109 51972 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:16:23.346464 0.144176 tcp 10.0.2.109 51973 -> 195.113.214.215 443 SRPA* 0 0 40 20778 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:16:23.509982 2.966223 tcp 10.0.2.109 51974 -> 176.73.169.112 1959 S_ 0 2 124 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:16:32.391699 0.000000 tcp 10.0.2.109 51974 -> 176.73.169.112 1959 S_ 0 1 62 flow=From-Botnet-V1-TCP-Attempt 1970/02/26 23:20:29.247100 2.963585 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 23:20:36.157102 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:20:44.039688 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:20:59.817459 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:21:31.362804 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:21:34.064936 0.000052 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 23:21:34.065038 0.483062 tcp 10.0.2.109 51975 -> 176.73.169.112 1959 FSPA* 0 0 14 1610 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:27:34.277024 3.001356 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 23:27:41.284297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:27:49.285807 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:28:05.288687 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:28:37.294901 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:34:41.300732 3.026016 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 23:34:48.317988 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:34:56.319440 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:35:12.325683 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:35:44.328233 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:40:58.921055 0.000075 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 23:40:58.921210 0.087788 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 4 1423 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:40:58.998713 0.118816 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2181 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:40:59.075799 0.149192 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2413 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:40:59.184283 0.102186 udp 10.0.2.109 3683 <-> 109.153.254.29 4764 CON 0 0 6 2275 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:40:59.253980 0.174717 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 1982 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:40:59.410366 0.013452 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2088 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:40:59.432744 0.184355 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2570 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:40:59.609075 0.056023 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:40:59.681735 0.171037 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2141 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:40:59.844879 0.182598 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2386 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:00.020252 0.174842 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2063 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:00.179691 0.177697 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2017 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:00.337148 0.348110 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2215 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:00.681848 0.150240 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2379 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:00.830758 0.103227 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2314 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:00.912113 0.139241 udp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:01.043972 0.248250 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2318 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:01.289545 0.240490 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2352 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:01.496620 0.070770 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2419 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:01.548733 0.163519 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2223 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:01.722381 0.092576 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2309 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:01.776186 0.059853 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2360 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:01.819676 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 236 flow=From-Botnet-V1-UDP-Attempt 1970/02/26 23:41:17.539617 0.034304 tcp 10.0.2.109 51976 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:41:17.574383 0.056033 tcp 10.0.2.109 51977 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:41:17.630675 0.202123 tcp 10.0.2.109 51978 -> 195.113.214.215 443 SRPA* 0 0 75 78532 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:41:17.833447 0.051603 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2248 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:17.881214 0.120954 rtp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2395 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:17.960970 0.154717 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:18.099426 0.076567 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2325 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:18.177415 0.220070 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2267 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:18.387637 0.421317 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2171 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:18.854878 0.125799 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2330 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:18.946398 0.352784 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2121 flow=From-Botnet-V1-UDP-Established 1970/02/26 23:41:48.334323 3.014621 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 23:41:55.342298 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:42:03.343662 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:42:19.348939 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:42:51.352639 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:48:55.358405 3.012099 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 23:49:02.376056 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:49:10.377641 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:49:26.380815 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:49:58.386660 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:51:33.493909 0.000077 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/26 23:51:33.494058 0.505524 tcp 10.0.2.109 51979 -> 176.73.169.112 1959 FSPA* 0 0 14 1702 flow=From-Botnet-V1-TCP-Established 1970/02/26 23:56:02.393380 3.010769 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/26 23:56:09.410277 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:56:17.411461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:56:33.414738 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/26 23:57:05.420905 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:03:09.426999 3.014485 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 00:03:16.444165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:03:24.445526 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:03:40.448508 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:04:12.454717 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:10:16.460342 3.081399 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 00:10:23.517851 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:10:31.481139 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:10:47.482584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:11:19.488484 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:11:23.736989 0.000087 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/27 00:11:23.737121 0.000000 udp 10.0.2.109 3683 -> 93.212.253.238 5834 INT 0 1 204 flow=From-Botnet-V1-UDP-Attempt 1970/02/27 00:11:39.839644 0.348148 tcp 10.0.2.109 51980 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:11:40.188037 0.053202 tcp 10.0.2.109 51981 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:11:40.241524 0.156118 tcp 10.0.2.109 51982 -> 195.113.214.215 443 SRPA* 0 0 34 18852 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:11:40.398583 0.125670 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2350 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:11:40.477667 0.196198 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2273 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:11:41.401687 0.000000 udp 10.0.2.109 3683 -> 109.153.254.29 4764 INT 0 1 250 flow=From-Botnet-V1-UDP-Attempt 1970/02/27 00:11:56.783214 0.032330 tcp 10.0.2.109 51983 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:11:56.815799 0.052232 tcp 10.0.2.109 51984 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:11:56.868285 0.152219 tcp 10.0.2.109 51985 -> 195.113.214.215 443 SRPA* 0 0 41 22424 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:11:57.021128 0.173255 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2328 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:11:57.173476 0.014948 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:11:58.403022 0.180159 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2251 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:11:59.722972 0.055707 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2323 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:11:59.780504 0.166528 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2358 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:00.038856 0.281414 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2168 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:00.730226 0.186344 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2311 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:00.946210 0.347232 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:01.289485 0.150496 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2239 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:01.493426 0.180815 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2452 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:01.682834 0.173467 rtp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2214 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:01.840798 0.179294 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2298 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:01.997190 0.245244 rtp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2514 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:02.245422 0.068239 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2545 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:02.295960 0.163888 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2466 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:02.594791 0.305541 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2506 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:02.863428 0.060161 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2392 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:02.907149 0.174908 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2189 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:03.079640 0.139696 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2276 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:03.211571 0.051349 rtp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2410 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:03.258941 0.076203 udp 10.0.2.109 3683 <-> 46.72.144.252 6799 CON 0 0 6 2340 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:03.336574 0.219899 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:03.547077 0.410695 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2302 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:03.965978 0.115676 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2155 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:04.045105 0.158943 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2315 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:04.188268 0.120631 rtp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2190 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:12:04.279212 0.362107 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:17:23.494570 3.030838 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 00:17:30.512260 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:17:38.513437 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:17:54.516382 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:18:26.522416 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:21:33.982256 0.202899 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/27 00:21:34.185376 0.858642 tcp 10.0.2.109 51986 -> 176.73.169.112 1959 FSPA* 0 0 15 1687 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:24:30.528160 3.001712 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 00:24:37.535521 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:24:45.537269 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:25:01.540523 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:25:33.546412 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:31:37.552572 3.028738 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 00:31:44.601596 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:31:52.571404 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:32:08.574652 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:32:40.580219 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:38:44.596185 3.086351 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 00:38:54.492285 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:39:02.396165 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:39:18.203205 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:39:53.300963 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:42:26.382202 0.000053 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/27 00:42:26.382302 0.000000 udp 10.0.2.109 3683 -> 109.153.254.29 4764 INT 0 1 130 flow=From-Botnet-V1-UDP-Attempt 1970/02/27 00:42:44.945554 0.034950 tcp 10.0.2.109 51987 -> 195.113.214.234 80 FSPA* 0 0 10 1886 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:42:44.980823 0.074033 tcp 10.0.2.109 51988 -> 195.113.214.215 80 FSPA* 0 0 10 1919 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:42:45.055165 0.143987 tcp 10.0.2.109 51989 -> 195.113.214.215 443 SRPA* 0 0 21 12430 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:42:45.199732 0.120825 udp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2127 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:45.274036 0.154147 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2218 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:45.386700 0.176838 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2233 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:45.542834 0.013768 rtp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2163 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:45.571326 0.180136 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2118 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:45.742538 0.055826 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2288 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:45.823017 0.170541 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2143 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:45.987893 0.094541 udp 10.0.2.109 3683 <-> 86.185.58.243 3620 CON 0 0 6 2150 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:46.063727 0.186495 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2366 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:46.243157 0.180628 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2480 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:46.400337 0.177196 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2348 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:46.601493 0.102362 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:46.723497 0.353459 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2272 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:47.072975 0.150152 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2264 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:47.221219 0.254364 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:47.436983 0.066047 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2319 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:47.521160 0.164581 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2226 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:47.676024 1.456058 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2138 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:49.096025 0.059341 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2423 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:49.329248 0.181766 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2300 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:49.800954 0.135982 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2242 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:49.932723 0.052151 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2467 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:42:50.261441 0.000000 udp 10.0.2.109 3683 -> 46.72.144.252 6799 INT 0 1 239 flow=From-Botnet-V1-UDP-Attempt 1970/02/27 00:43:07.670030 0.032540 tcp 10.0.2.109 51990 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:43:07.702883 0.055523 tcp 10.0.2.109 51991 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:43:07.758784 0.157437 tcp 10.0.2.109 51992 -> 195.113.214.215 443 SRPA* 0 0 41 22866 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:43:07.916916 0.224166 udp 10.0.2.109 3683 <-> 108.215.190.250 6507 CON 0 0 6 2354 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:43:08.130578 0.425377 rtp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2258 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:43:08.915763 0.117249 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2389 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:43:11.113570 0.356298 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2199 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:43:11.493744 0.120193 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2343 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:43:11.576160 0.156710 rtp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2493 flow=From-Botnet-V1-UDP-Established 1970/02/27 00:45:52.506423 2.955679 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/27 00:45:59.412537 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:46:07.297571 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:46:23.071391 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:46:54.668594 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:51:34.861794 0.201998 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/27 00:51:35.063987 0.487083 tcp 10.0.2.109 51993 -> 176.73.169.112 1959 FSPA* 0 0 14 1614 flow=From-Botnet-V1-TCP-Established 1970/02/27 00:52:58.674646 3.001505 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 00:53:05.682358 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:53:13.683299 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:53:32.684461 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 00:54:04.227850 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:00:05.708385 3.001374 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 01:00:12.715828 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:00:20.716710 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:00:36.720387 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:01:08.726581 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:07:15.172183 2.998149 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 01:07:22.121237 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:07:30.014690 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:07:45.857112 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:08:17.863303 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:13:17.087042 0.027701 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/27 01:13:17.114862 0.077537 udp 10.0.2.109 3683 -> 46.72.144.252 6799 INT 0 1 166 flow=From-Botnet-V1-UDP-Attempt 1970/02/27 01:13:17.192399 0.000000 icmp 46.72.144.252 0x0303 -> 10.0.2.109 0x8f1a URP 192 1 190 flow=Background 1970/02/27 01:13:34.430708 0.040636 tcp 10.0.2.109 51994 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:13:34.471631 0.052537 tcp 10.0.2.109 51995 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:13:34.524438 0.144882 tcp 10.0.2.109 51996 -> 195.113.214.215 443 SRPA* 0 0 42 34670 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:13:34.670366 0.156512 udp 10.0.2.109 3683 <-> 95.236.47.126 5104 CON 0 0 6 2515 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:34.786556 0.179362 udp 10.0.2.109 3683 <-> 70.25.255.50 4235 CON 0 0 6 2341 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:34.944308 0.013677 udp 10.0.2.109 3683 <-> 160.114.23.151 3246 CON 0 0 6 2247 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:35.013486 0.180181 udp 10.0.2.109 3683 <-> 108.70.165.164 4638 CON 0 0 6 2177 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:35.186412 0.054120 udp 10.0.2.109 3683 <-> 147.163.75.36 3026 CON 0 0 6 2211 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:35.252499 0.168606 udp 10.0.2.109 3683 <-> 50.196.220.229 7177 CON 0 0 6 2231 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:35.415426 0.120312 rtp 10.0.2.109 3683 <-> 81.133.131.123 8951 CON 0 0 6 2144 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:35.494023 0.000000 udp 10.0.2.109 3683 -> 86.185.58.243 3620 INT 0 1 182 flow=From-Botnet-V1-UDP-Attempt 1970/02/27 01:13:50.492258 0.032246 tcp 10.0.2.109 51997 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:13:50.524820 0.054254 tcp 10.0.2.109 51998 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:13:50.579448 0.147397 tcp 10.0.2.109 51999 -> 195.113.214.215 443 SRPA* 0 0 23 11914 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:13:50.727345 0.175546 udp 10.0.2.109 3683 <-> 216.26.100.115 5047 CON 0 0 6 2382 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:50.887461 0.101557 udp 10.0.2.109 3683 <-> 213.123.197.19 6275 CON 0 0 6 2208 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:50.966307 0.181732 udp 10.0.2.109 3683 <-> 70.50.242.44 2113 CON 0 0 6 2495 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:51.123305 0.185651 udp 10.0.2.109 3683 <-> 99.6.74.153 6911 CON 0 0 6 2412 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:51.300669 0.238336 udp 10.0.2.109 3683 <-> 69.108.73.253 6433 CON 0 0 6 2505 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:51.502235 0.067822 udp 10.0.2.109 3683 <-> 217.41.6.243 7642 CON 0 0 6 2265 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:51.552299 0.159150 udp 10.0.2.109 3683 <-> 74.57.126.36 1024 CON 0 0 6 2187 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:51.701688 0.150731 udp 10.0.2.109 3683 <-> 70.26.31.77 7160 CON 0 0 6 2236 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:51.850404 0.352900 udp 10.0.2.109 3683 <-> 113.28.179.100 4835 CON 0 0 6 2197 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:52.220190 0.137369 rtp 10.0.2.109 3683 <-> 68.195.125.143 4222 CON 0 0 6 2255 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:52.353936 0.277863 udp 10.0.2.109 3683 <-> 151.42.247.38 2048 CON 0 0 6 2426 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:52.594548 0.060902 udp 10.0.2.109 3683 <-> 92.17.183.215 9623 CON 0 0 6 2353 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:52.637416 0.193831 udp 10.0.2.109 3683 <-> 107.214.174.97 6448 CON 0 0 6 2327 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:52.828536 0.051865 udp 10.0.2.109 3683 <-> 84.130.217.52 8279 CON 0 0 6 2308 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:13:52.876559 0.000000 udp 10.0.2.109 3683 -> 108.215.190.250 6507 INT 0 1 256 flow=From-Botnet-V1-UDP-Attempt 1970/02/27 01:14:10.400708 0.031789 tcp 10.0.2.109 52000 -> 195.113.214.234 80 FSPA* 0 0 10 1890 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:14:10.432728 0.053806 tcp 10.0.2.109 52001 -> 195.113.214.215 80 FSPA* 0 0 10 1925 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:14:10.486811 0.144577 tcp 10.0.2.109 52002 -> 195.113.214.215 443 SRPA* 0 0 21 12432 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:14:10.632043 0.436564 udp 10.0.2.109 3683 <-> 115.126.250.37 9558 CON 0 0 6 2301 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:14:11.088081 0.115306 udp 10.0.2.109 3683 <-> 217.35.89.25 3889 CON 0 0 6 2205 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:14:11.165707 0.113021 udp 10.0.2.109 3683 <-> 2.85.60.69 2179 CON 0 0 6 2331 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:14:11.246823 0.353582 udp 10.0.2.109 3683 <-> 223.17.70.232 8575 CON 0 0 6 2306 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:14:11.601116 0.157813 udp 10.0.2.109 3683 <-> 63.151.141.205 7386 CON 0 0 6 2196 flow=From-Botnet-V1-UDP-Established 1970/02/27 01:14:21.869872 3.001268 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 INT 0 3 438 flow=Background 1970/02/27 01:14:28.877046 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:14:36.877896 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:14:55.039297 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:15:26.656419 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:21:28.906870 3.055746 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 01:21:35.941266 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:21:37.406433 0.000057 arp 10.0.2.109 who 10.0.2.2 CON 2 84 flow=Background-ARP 1970/02/27 01:21:37.406568 0.463665 tcp 10.0.2.109 52003 -> 176.73.169.112 1959 FSPA* 0 0 14 1533 flow=From-Botnet-V1-TCP-Established 1970/02/27 01:21:43.922611 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:21:59.925135 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:22:31.931584 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:28:35.938124 3.000950 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 01:28:42.944739 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:28:50.946455 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:29:06.949119 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:29:38.955103 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:35:42.961455 3.001355 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 3 438 flow=Background 1970/02/27 01:35:49.968191 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:35:57.970166 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:36:13.973296 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background 1970/02/27 01:36:45.979295 0.000000 udp fe80::34ca:ec9b:2bf7:4a14 546 -> ff02::1:2 547 REQ 0 1 146 flow=Background